From 6fb8bd795c3f40735ced3f51b8082f91956fd786 Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Tue, 5 Jun 2018 12:48:53 -0400 Subject: [PATCH] Update release script to generate detached signatures and checksum files This is more usable for programmatically checking the validity of a release. Signed-off-by: Eli Schwartz Signed-off-by: Denys Vlasenko --- scripts/bb_release | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/scripts/bb_release b/scripts/bb_release index 8aa380438..2e146bf84 100755 --- a/scripts/bb_release +++ b/scripts/bb_release @@ -15,20 +15,8 @@ VERSION=`ls busybox-*.tar.gz | sed 's/busybox-\(.*\)\.tar\.gz/\1/'` zcat busybox-$VERSION.tar.gz | bzip2 > busybox-$VERSION.tar.bz2 -test -f busybox-$VERSION.tar.gz || { echo "no busybox-$VERSION.tar.gz"; exit 1; } -test -f busybox-$VERSION.tar.bz2 || { echo "no busybox-$VERSION.tar.bz2"; exit 1; } - -signit() -{ -echo "$1 released `date -r $1 -R` - -MD5: `md5sum $1` -SHA1: `sha1sum $1` - -To verify this signature, you can obtain my public key -from http://busybox.net/~vda/vda_pubkey.gpg -" | gpg --clearsign > "$1.sign" -} - -signit busybox-$VERSION.tar.gz -signit busybox-$VERSION.tar.bz2 +for releasefile in busybox-$VERSION.tar.gz busybox-$VERSION.tar.bz2; do + test -f $releasefile || { echo "no $releasefile"; exit 1; } + gpg --detach-sign $releasefile + sha256sum $releasefile > $releasefile.sha256 +done