diff options
| author | Vincent Ambo <tazjin@gmail.com> | 2017-08-22T16·37+0200 |
|---|---|---|
| committer | Vincent Ambo <tazjin@gmail.com> | 2017-08-22T16·41+0200 |
| commit | e8cfa9c1199a493c739408da8666c1b71a79f2e4 (patch) | |
| tree | 23d1323c8cbadb6ce5f8f2b56c6e8725ee400efe /build-release.sh | |
| parent | a9c450c5a33a3e410377e1fde21c45e2db6bf51c (diff) | |
refactor build: Keep GPG-signatures outside of tarballs
Instead of signing the binary and adding the signature in the release tarball, keep the GPG-signatures *outside* of the tarball. This makes it easier to use the built-in GPG-signature verification features of package managers such as pacman.
Diffstat (limited to 'build-release.sh')
| -rwxr-xr-x | build-release.sh | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/build-release.sh b/build-release.sh index 0109cace73..9fd11d961f 100755 --- a/build-release.sh +++ b/build-release.sh @@ -35,15 +35,15 @@ function sign-for() { local os="${1}" local arch="${2}" local target="release/${os}/${arch}" - local bin="${target}/kontemplate" - local hash="$(sha256sum ${bin})" + local bin=$(binary-name "${os}" "${target}") local tar="release/kontemplate-${VERSION}-${os}-${arch}.tar.gz" - echo "Signing kontemplate binary for ${os}-${arch} with SHA256 ${hash}" - gpg --sign "${bin}" - echo "Packing release into ${tar}" - tar czvf "${tar}" -C "${target}" kontemplate kontemplate.gpg + tar czvf "${tar}" -C "${target}" $(basename "${bin}") + + local hash=$(sha256sum "${tar}") + echo "Signing kontemplate release tarball for ${os}-${arch} with SHA256 ${hash}" + gpg --armor --detach-sig --sign "${tar}" } case "${1}" in @@ -56,7 +56,7 @@ case "${1}" in exit 0 ;; "sign") - # Sign releases: + # Bundle and sign releases: sign-for "linux" "amd64" sign-for "darwin" "amd64" sign-for "windows" "amd64" |