From: Richard W.M. Jones Date: Fri, 21 Sep 2018 13:48:23 +0000 (+0100) Subject: libguestfs: Add code for signing the tarballs. X-Git-Url: http://git.annexia.org/?a=commitdiff_plain;h=23a6cb44e5a7c0afb4f7d02db885ab626165d8f2;p=goaljobs-goals.git libguestfs: Add code for signing the tarballs. --- diff --git a/libguestfs_fedora.ml b/libguestfs_fedora.ml index 2e8628f..644312e 100644 --- a/libguestfs_fedora.ml +++ b/libguestfs_fedora.ml @@ -64,10 +64,19 @@ and sources_uploaded version branch = require (repodir_up_to_date repodir); - sh " - cd %s - fedpkg new-sources %s/%s - " repodir libguestfs_download_repo version.urlpath + if not version.is_stable then ( + sh " + cd %s + fedpkg new-sources %s/%s + " repodir libguestfs_download_repo version.urlpath + ) else ( + sh " + cd %s + fedpkg new-sources %s/%s %s/%s.sig + " repodir + libguestfs_download_repo version.urlpath + libguestfs_download_repo version.urlpath + ) and specfile_updated version branch = let repodir = fedora_repo package branch in diff --git a/libguestfs_upstream.ml b/libguestfs_upstream.ml index 4472f4c..685c1b5 100644 --- a/libguestfs_upstream.ml +++ b/libguestfs_upstream.ml @@ -38,6 +38,8 @@ let rec goal website_updated version = require (tarball_created version); require (tarball_tested version); + if version.is_stable then + require (tarball_signed version); (* Python sdists only generated for stable releases. *) if version.is_stable then ( @@ -72,10 +74,13 @@ and website_checked_in version = require (tarball_created version); require (tarball_tested version); + if version.is_stable then + require (tarball_signed version); sh " cd %s cp %s/tarballs/%s %s + if %b; then cp %s/tarballs/%s.sig %s.sig; fi git add %s cd %s git add *.txt *.html @@ -83,6 +88,7 @@ and website_checked_in version = git commit -m \"Version %s\" " libguestfs_download_repo buildtmp version.tarball version.urlpath + version.is_stable buildtmp version.tarball version.urlpath version.urlpath libguestfs_website_repo websites_repo @@ -116,6 +122,16 @@ and website_built version = (quote (libguestfs_localenv (supermin version))) (quote websites_repo) +(* Goal: for stable versions, the tarball must be signed. *) +and tarball_signed version = + let tar_file = sprintf "%s/tarballs/%s" buildtmp version.tarball in + let sig_file = tar_file ^ ".sig" in + target (file_exists sig_file); + + require (tarball_created version); + + sh "sign-tarball %s" tar_file + (* Goal: the tarball has passed the required set of tests before * a release is allowed. *)