Sign checksums, not files.

This commit is contained in:
Jakob Borg 2014-08-13 12:52:04 +02:00
parent 60d0ef93ac
commit 3c9165d295
2 changed files with 3 additions and 14 deletions

View File

@ -33,8 +33,9 @@ Signed Releases
--------------- ---------------
As of v0.7.0 and onwards, git tags and release binaries are GPG signed with As of v0.7.0 and onwards, git tags and release binaries are GPG signed with
the key BCE524C7 (http://nym.se/gpg.txt). The signature is included in the the key BCE524C7 (http://nym.se/gpg.txt). For release binaries, MD5 and
normal release bundle as `syncthing.asc` or `syncthing.exe.asc`. SHA1 checksums are calculated and signed, available in the
md5sum.txt.asc and sha1sum.txt.asc files.
Documentation Documentation
============= =============

View File

@ -54,22 +54,11 @@ test() {
godep go test -cpu=1,2,4 $* ./... godep go test -cpu=1,2,4 $* ./...
} }
sign() {
if git describe --exact-match 2>/dev/null >/dev/null ; then
# HEAD is a tag
id=BCE524C7
if gpg --list-keys "$id" >/dev/null 2>&1 ; then
gpg -ab -u "$id" "$1"
fi
fi
}
tarDist() { tarDist() {
name="$1" name="$1"
rm -rf "$name" rm -rf "$name"
mkdir -p "$name" mkdir -p "$name"
cp syncthing "${distFiles[@]}" "$name" cp syncthing "${distFiles[@]}" "$name"
sign "$name/syncthing"
tar zcvf "$name.tar.gz" "$name" tar zcvf "$name.tar.gz" "$name"
rm -rf "$name" rm -rf "$name"
} }
@ -82,7 +71,6 @@ zipDist() {
GOARCH="" GOOS="" go run cmd/todos/main.go < "$f" > "$name/$f.txt" GOARCH="" GOOS="" go run cmd/todos/main.go < "$f" > "$name/$f.txt"
done done
cp syncthing.exe "$name" cp syncthing.exe "$name"
sign "$name/syncthing.exe"
zip -r "$name.zip" "$name" zip -r "$name.zip" "$name"
rm -rf "$name" rm -rf "$name"
} }