diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2018-05-31T09·54+0200 |
|---|---|---|
| committer | Eelco Dolstra <edolstra@gmail.com> | 2018-05-31T09·58+0200 |
| commit | f0d9909f108b2f8bffaf65743e283e773204b62f (patch) | |
| tree | 0a5409c990f0f55eaa2aec5c27610ec27f4160ac /maintainers | |
| parent | 93aa3bea2e8e2082dd3a07e5d4a7771bd9df52c0 (diff) | |
upload-release.pl: Copy the install script and sign everything
Note: this means that for those doing 'curl | sh', you can now pin a
specific version, e.g.
curl https://nixos.org/releases/nix/nix-2.0.4/install | sh
https://nixos.org/nix/{install,install.sig} are now just symlinks to
the corresponding files in the latest release directory.
Diffstat (limited to 'maintainers')
| -rwxr-xr-x | maintainers/upload-release.pl | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/maintainers/upload-release.pl b/maintainers/upload-release.pl index aa7633a709c1..9b0a09e6c834 100755 --- a/maintainers/upload-release.pl +++ b/maintainers/upload-release.pl @@ -76,15 +76,20 @@ sub downloadFile { write_file("$dstFile.sha256", $sha256_expected); + if (! -e "$dstFile.asc") { + system("gpg2 --detach-sign --armor $dstFile") == 0 or die "unable to sign $dstFile\n"; + } + return ($dstFile, $sha256_expected); } downloadFile("tarball", "2"); # .tar.bz2 my ($tarball, $tarballHash) = downloadFile("tarball", "3"); # .tar.xz -my ($tarball_i686_linux, $tarball_i686_linux_hash) = downloadFile("binaryTarball.i686-linux", "1"); -my ($tarball_x86_64_linux, $tarball_x86_64_linux_hash) = downloadFile("binaryTarball.x86_64-linux", "1"); -my ($tarball_aarch64_linux, $tarball_aarch64_linux_hash) = downloadFile("binaryTarball.aarch64-linux", "1"); -my ($tarball_x86_64_darwin, $tarball_x86_64_darwin_hash) = downloadFile("binaryTarball.x86_64-darwin", "1"); +downloadFile("binaryTarball.i686-linux", "1"); +downloadFile("binaryTarball.x86_64-linux", "1"); +downloadFile("binaryTarball.aarch64-linux", "1"); +downloadFile("binaryTarball.x86_64-darwin", "1"); +downloadFile("installerScript", "1"); # Update Nixpkgs in a very hacky way. system("cd $nixpkgsDir && git pull") == 0 or die; @@ -144,17 +149,6 @@ system("cd $siteDir && git pull") == 0 or die; write_file("$siteDir/nix-release.tt", "[%-\n" . "latestNixVersion = \"$version\"\n" . - "nix_hash_i686_linux = \"$tarball_i686_linux_hash\"\n" . - "nix_hash_x86_64_linux = \"$tarball_x86_64_linux_hash\"\n" . - "nix_hash_aarch64_linux = \"$tarball_aarch64_linux_hash\"\n" . - "nix_hash_x86_64_darwin = \"$tarball_x86_64_darwin_hash\"\n" . "-%]\n"); -system("cd $siteDir && nix-shell --run 'make nix/install nix/install.sig'") == 0 or die; - -copy("$siteDir/nix/install", "$siteDir/nix/install-$version") or die; -copy("$siteDir/nix/install.sig", "$siteDir/nix/install-$version.sig") or die; - -system("cd $siteDir && git add nix/install-$version nix/install-$version.sig") == 0 or die; - system("cd $siteDir && git commit -a -m 'Nix $version released'") == 0 or die; |