Signing is done by stsigtool only

This commit is contained in:
Jakob Borg 2015-08-30 20:50:07 +02:00
parent 0664c6b5b0
commit 55002d7adf
2 changed files with 21 additions and 75 deletions

View File

@ -27,19 +27,16 @@ import (
"strconv"
"strings"
"time"
"github.com/syncthing/syncthing/lib/signature"
)
var (
versionRe = regexp.MustCompile(`-[0-9]{1,3}-g[0-9a-f]{5,10}`)
goarch string
goos string
noupgrade bool
version string
goVersion float64
race bool
signingKey string
versionRe = regexp.MustCompile(`-[0-9]{1,3}-g[0-9a-f]{5,10}`)
goarch string
goos string
noupgrade bool
version string
goVersion float64
race bool
)
const minGoVersion = 1.3
@ -64,7 +61,6 @@ func main() {
flag.BoolVar(&noupgrade, "no-upgrade", noupgrade, "Disable upgrade functionality")
flag.StringVar(&version, "version", getVersion(), "Set compiled in version string")
flag.BoolVar(&race, "race", race, "Use race detector")
flag.StringVar(&signingKey, "sign", signingKey, "Private key file for signing binaries")
flag.Parse()
switch goarch {
@ -229,15 +225,6 @@ func build(pkg string, tags []string) {
args = append(args, pkg)
setBuildEnv()
runPrint("go", args...)
if signingKey != "" {
// Create an signature of the binary, to be included in the archive for
// automatic upgrades.
err := signFile(signingKey, binary)
if err != nil {
log.Fatal(err)
}
}
}
func buildTar() {
@ -723,34 +710,6 @@ func zipFile(out string, files []archiveFile) {
}
}
func signFile(keyname, file string) error {
privkey, err := ioutil.ReadFile(keyname)
if err != nil {
return err
}
fd, err := os.Open(file)
if err != nil {
return err
}
defer fd.Close()
sig, err := signature.Sign(privkey, fd)
if err != nil {
return err
}
out, err := os.Create(file + ".sig")
if err != nil {
return err
}
_, err = out.Write(sig)
if err != nil {
return err
}
return out.Close()
}
func vet(pkg string) {
bs, err := runError("go", "vet", pkg)
if err != nil && err.Error() == "exit status 3" || bytes.Contains(bs, []byte("no such tool \"vet\"")) {

View File

@ -74,33 +74,27 @@ case "${1:-default}" in
;;
all)
if [ -f /etc/syncthing/syncthing.priv ] ; then
# Default signing key location. If present, use it to sign the
# release.
extra=(-sign /etc/syncthing/syncthing.priv)
fi
build -goos darwin -goarch amd64 tar
build -goos darwin -goarch amd64 ${extra[@]-} tar
build -goos dragonfly -goarch amd64 tar
build -goos dragonfly -goarch amd64 ${extra[@]-} tar
build -goos freebsd -goarch 386 tar
build -goos freebsd -goarch amd64 tar
build -goos freebsd -goarch 386 ${extra[@]-} tar
build -goos freebsd -goarch amd64 ${extra[@]-} tar
build -goos linux -goarch 386 tar
build -goos linux -goarch amd64 tar
build -goos linux -goarch arm tar
build -goos linux -goarch 386 ${extra[@]-} tar
build -goos linux -goarch amd64 ${extra[@]-} tar
build -goos linux -goarch arm ${extra[@]-} tar
build -goos netbsd -goarch 386 tar
build -goos netbsd -goarch amd64 tar
build -goos netbsd -goarch 386 ${extra[@]-} tar
build -goos netbsd -goarch amd64 ${extra[@]-} tar
build -goos openbsd -goarch 386 tar
build -goos openbsd -goarch amd64 tar
build -goos openbsd -goarch 386 ${extra[@]-} tar
build -goos openbsd -goarch amd64 ${extra[@]-} tar
build -goos solaris -goarch amd64 tar
build -goos solaris -goarch amd64 ${extra[@]-} tar
build -goos windows -goarch 386 ${extra[@]-} zip
build -goos windows -goarch amd64 ${extra[@]-} zip
build -goos windows -goarch 386 zip
build -goos windows -goarch amd64 zip
;;
test-cov)
@ -134,17 +128,10 @@ case "${1:-default}" in
docker-all)
img=${DOCKERIMG:-syncthing/build:latest}
if [ -f /etc/syncthing/syncthing.priv ] ; then
# Default signing key location. If present, pass into Docker so we
# can sign the release from in there.
extra=(-v /etc/syncthing/syncthing.priv:/etc/syncthing/syncthing.priv)
fi
docker run --rm -h syncthing-builder -u $(id -u) -t \
-v $(pwd):/go/src/github.com/syncthing/syncthing \
-w /go/src/github.com/syncthing/syncthing \
-e "STTRACE=$STTRACE" \
${extra[@]-} \
"$img" \
sh -c './build.sh clean \
&& ./build.sh test-cov \