[tor-commits] [tor-browser-build/master] Add build signing options to rbm.local.conf

boklm at torproject.org boklm at torproject.org
Tue Feb 14 00:36:10 UTC 2017 

commit 8c36b34c471ddcc7ebb0ff54e41bb5c30fe15594
Author: Nicolas Vigier <boklm at torproject.org>
Date:   Tue Feb 14 01:02:52 2017 +0100

    Add build signing options to rbm.local.conf
---
 README                  | 4 +++-
 projects/release/config | 4 ++--
 rbm.conf                | 3 +++
 rbm.local.conf.example  | 9 +++++++++
 4 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/README b/README
index 001a692..956e162 100644
--- a/README
+++ b/README
@@ -157,7 +157,9 @@ Signing builds
 If the environment variable RBM_SIGN_BUILD is set to 1, the
 sha256sums-unsigned-build.txt file will be signed with gpg.
 You can use the RBM_GPG_OPTS environment variable to add some options
-to the gpg command used to sign the file.
+to the gpg command used to sign the file. You can also set the
+var/sign_build and var/sign_build_gpg_opts options in the rbm.local.conf
+file.
 
 
 Cleaning obsolete files and containers images
diff --git a/projects/release/config b/projects/release/config
index daa78dd..0b3727f 100644
--- a/projects/release/config
+++ b/projects/release/config
@@ -125,7 +125,7 @@ build: |
   [% END -%]
   cd "$destdir"
   sha256sum $(ls -1 *.exe *.tar.xz *.dmg *.mar *.zip | grep -v '\.incremental\.mar$' | sort) > sha256sums-unsigned-build.txt
-  [% IF ENV.RBM_SIGN_BUILD -%]
-    gpg -abs [% ENV.RBM_GPG_OPTS %] sha256sums-unsigned-build.txt
+  [% IF c("var/sign_build") -%]
+    gpg -abs [% c("var/sign_build_gpg_opts") %] sha256sums-unsigned-build.txt
   [% END -%]
   cat sha256sums-unsigned-build.txt
diff --git a/rbm.conf b/rbm.conf
index 05e45a6..5dfdc30 100644
--- a/rbm.conf
+++ b/rbm.conf
@@ -49,6 +49,9 @@ var:
     - vi
     - zh-CN
 
+  sign_build: '[% ENV.RBM_SIGN_BUILD %]'
+  sign_build_gpg_opts: '[% ENV.RBM_GPG_OPTS %]'
+
 
 targets:
   notarget: linux-x86_64
diff --git a/rbm.local.conf.example b/rbm.local.conf.example
index fab3213..42bf431 100644
--- a/rbm.local.conf.example
+++ b/rbm.local.conf.example
@@ -19,4 +19,13 @@
 var:
   local_conf: 1
 
+  ### The var/sign_build option defines if you want to sign the
+  ### sha256sums-unsigned-build.txt file with gpg.
+  #sign_build: 1
+
+  ### The var/sign_build_gpg_opts option can be used to define some gpg
+  ### options to select the key to use to sign the sha256sums-unsigned-build.txt
+  ### file.
+  #sign_build_gpg_opts: '--local-user XXXXXXXX'
+
 # vim: filetype=yaml sw=2

More information about the tor-commits mailing list