commit 8c36b34c471ddcc7ebb0ff54e41bb5c30fe15594 Author: Nicolas Vigier boklm@torproject.org Date: Tue Feb 14 01:02:52 2017 +0100
Add build signing options to rbm.local.conf --- README | 4 +++- projects/release/config | 4 ++-- rbm.conf | 3 +++ rbm.local.conf.example | 9 +++++++++ 4 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/README b/README index 001a692..956e162 100644 --- a/README +++ b/README @@ -157,7 +157,9 @@ Signing builds If the environment variable RBM_SIGN_BUILD is set to 1, the sha256sums-unsigned-build.txt file will be signed with gpg. You can use the RBM_GPG_OPTS environment variable to add some options -to the gpg command used to sign the file. +to the gpg command used to sign the file. You can also set the +var/sign_build and var/sign_build_gpg_opts options in the rbm.local.conf +file.
Cleaning obsolete files and containers images diff --git a/projects/release/config b/projects/release/config index daa78dd..0b3727f 100644 --- a/projects/release/config +++ b/projects/release/config @@ -125,7 +125,7 @@ build: | [% END -%] cd "$destdir" sha256sum $(ls -1 *.exe *.tar.xz *.dmg *.mar *.zip | grep -v '.incremental.mar$' | sort) > sha256sums-unsigned-build.txt - [% IF ENV.RBM_SIGN_BUILD -%] - gpg -abs [% ENV.RBM_GPG_OPTS %] sha256sums-unsigned-build.txt + [% IF c("var/sign_build") -%] + gpg -abs [% c("var/sign_build_gpg_opts") %] sha256sums-unsigned-build.txt [% END -%] cat sha256sums-unsigned-build.txt diff --git a/rbm.conf b/rbm.conf index 05e45a6..5dfdc30 100644 --- a/rbm.conf +++ b/rbm.conf @@ -49,6 +49,9 @@ var: - vi - zh-CN
+ sign_build: '[% ENV.RBM_SIGN_BUILD %]' + sign_build_gpg_opts: '[% ENV.RBM_GPG_OPTS %]' +
targets: notarget: linux-x86_64 diff --git a/rbm.local.conf.example b/rbm.local.conf.example index fab3213..42bf431 100644 --- a/rbm.local.conf.example +++ b/rbm.local.conf.example @@ -19,4 +19,13 @@ var: local_conf: 1
+ ### The var/sign_build option defines if you want to sign the + ### sha256sums-unsigned-build.txt file with gpg. + #sign_build: 1 + + ### The var/sign_build_gpg_opts option can be used to define some gpg + ### options to select the key to use to sign the sha256sums-unsigned-build.txt + ### file. + #sign_build_gpg_opts: '--local-user XXXXXXXX' + # vim: filetype=yaml sw=2