From 55002d7adf4e2c86cf22ab49a5644beca61405d6 Mon Sep 17 00:00:00 2001 From: Jakob Borg Date: Sun, 30 Aug 2015 20:50:07 +0200 Subject: [PATCH] Signing is done by stsigtool only --- build.go | 55 +++++++------------------------------------------------ build.sh | 41 ++++++++++++++--------------------------- 2 files changed, 21 insertions(+), 75 deletions(-) diff --git a/build.go b/build.go index c708bfb40..c8942a438 100644 --- a/build.go +++ b/build.go @@ -27,19 +27,16 @@ import ( "strconv" "strings" "time" - - "github.com/syncthing/syncthing/lib/signature" ) var ( - versionRe = regexp.MustCompile(`-[0-9]{1,3}-g[0-9a-f]{5,10}`) - goarch string - goos string - noupgrade bool - version string - goVersion float64 - race bool - signingKey string + versionRe = regexp.MustCompile(`-[0-9]{1,3}-g[0-9a-f]{5,10}`) + goarch string + goos string + noupgrade bool + version string + goVersion float64 + race bool ) const minGoVersion = 1.3 @@ -64,7 +61,6 @@ func main() { flag.BoolVar(&noupgrade, "no-upgrade", noupgrade, "Disable upgrade functionality") flag.StringVar(&version, "version", getVersion(), "Set compiled in version string") flag.BoolVar(&race, "race", race, "Use race detector") - flag.StringVar(&signingKey, "sign", signingKey, "Private key file for signing binaries") flag.Parse() switch goarch { @@ -229,15 +225,6 @@ func build(pkg string, tags []string) { args = append(args, pkg) setBuildEnv() runPrint("go", args...) - - if signingKey != "" { - // Create an signature of the binary, to be included in the archive for - // automatic upgrades. - err := signFile(signingKey, binary) - if err != nil { - log.Fatal(err) - } - } } func buildTar() { @@ -723,34 +710,6 @@ func zipFile(out string, files []archiveFile) { } } -func signFile(keyname, file string) error { - privkey, err := ioutil.ReadFile(keyname) - if err != nil { - return err - } - - fd, err := os.Open(file) - if err != nil { - return err - } - defer fd.Close() - - sig, err := signature.Sign(privkey, fd) - if err != nil { - return err - } - - out, err := os.Create(file + ".sig") - if err != nil { - return err - } - _, err = out.Write(sig) - if err != nil { - return err - } - return out.Close() -} - func vet(pkg string) { bs, err := runError("go", "vet", pkg) if err != nil && err.Error() == "exit status 3" || bytes.Contains(bs, []byte("no such tool \"vet\"")) { diff --git a/build.sh b/build.sh index 75a449619..91af5be42 100755 --- a/build.sh +++ b/build.sh @@ -74,33 +74,27 @@ case "${1:-default}" in ;; all) - if [ -f /etc/syncthing/syncthing.priv ] ; then - # Default signing key location. If present, use it to sign the - # release. - extra=(-sign /etc/syncthing/syncthing.priv) - fi + build -goos darwin -goarch amd64 tar - build -goos darwin -goarch amd64 ${extra[@]-} tar + build -goos dragonfly -goarch amd64 tar - build -goos dragonfly -goarch amd64 ${extra[@]-} tar + build -goos freebsd -goarch 386 tar + build -goos freebsd -goarch amd64 tar - build -goos freebsd -goarch 386 ${extra[@]-} tar - build -goos freebsd -goarch amd64 ${extra[@]-} tar + build -goos linux -goarch 386 tar + build -goos linux -goarch amd64 tar + build -goos linux -goarch arm tar - build -goos linux -goarch 386 ${extra[@]-} tar - build -goos linux -goarch amd64 ${extra[@]-} tar - build -goos linux -goarch arm ${extra[@]-} tar + build -goos netbsd -goarch 386 tar + build -goos netbsd -goarch amd64 tar - build -goos netbsd -goarch 386 ${extra[@]-} tar - build -goos netbsd -goarch amd64 ${extra[@]-} tar + build -goos openbsd -goarch 386 tar + build -goos openbsd -goarch amd64 tar - build -goos openbsd -goarch 386 ${extra[@]-} tar - build -goos openbsd -goarch amd64 ${extra[@]-} tar + build -goos solaris -goarch amd64 tar - build -goos solaris -goarch amd64 ${extra[@]-} tar - - build -goos windows -goarch 386 ${extra[@]-} zip - build -goos windows -goarch amd64 ${extra[@]-} zip + build -goos windows -goarch 386 zip + build -goos windows -goarch amd64 zip ;; test-cov) @@ -134,17 +128,10 @@ case "${1:-default}" in docker-all) img=${DOCKERIMG:-syncthing/build:latest} - if [ -f /etc/syncthing/syncthing.priv ] ; then - # Default signing key location. If present, pass into Docker so we - # can sign the release from in there. - extra=(-v /etc/syncthing/syncthing.priv:/etc/syncthing/syncthing.priv) - fi - docker run --rm -h syncthing-builder -u $(id -u) -t \ -v $(pwd):/go/src/github.com/syncthing/syncthing \ -w /go/src/github.com/syncthing/syncthing \ -e "STTRACE=$STTRACE" \ - ${extra[@]-} \ "$img" \ sh -c './build.sh clean \ && ./build.sh test-cov \