#10247 Create detached signatures for the Butane 0.13.1 release
Closed: Fixed 2 years ago by mohanboddu. Opened 2 years ago by bgilbert.

Please create detached signatures for the binaries we will upload to GitHub for the Butane 0.13.1 release. This is a manual process for now, pending the automation discussed in https://pagure.io/releng/issue/9057 and https://github.com/coreos/fedora-coreos-tracker/issues/335.

The binaries themselves have been built in koji. Here is a small script to grab all of the rpms and the files out of the rpms and name them appropriately:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/bash
set -eux -o pipefail
# Use the Fedora 34 key for the detached signatures
KEYTOSIGNWITH='fedora-34'

VR='0.13.1-1.fc34'
RPMKEY='45719a39' # Fedora 34 key
ARCHES='x86_64 aarch64 ppc64le s390x'

# Grab the windows/mac binaries out of the nonlinux rpm
rpm="butane-nonlinux-${VR}.noarch.rpm"
koji download-build --key $RPMKEY --rpm $rpm
rpm -qip $rpm | grep -P "^Signature.*${RPMKEY}$" # Verify the output has the key in it
rpm2cpio $rpm | cpio -idv ./usr/share/butane/butane-x86_64-apple-darwin ./usr/share/butane/butane-x86_64-pc-windows-gnu.exe
mv ./usr/share/butane/butane-x86_64-apple-darwin ./usr/share/butane/butane-x86_64-pc-windows-gnu.exe ./
sigul sign-data -a $KEYTOSIGNWITH ./butane-x86_64-apple-darwin -o ./butane-x86_64-apple-darwin.asc
sigul sign-data -a $KEYTOSIGNWITH ./butane-x86_64-pc-windows-gnu.exe -o ./butane-x86_64-pc-windows-gnu.exe.asc 
rm $rpm; rmdir ./usr/share/butane; rmdir ./usr/share; rmdir ./usr

# Grab the linux binary for a few arches we care about
for arch in $ARCHES; do
    mkdir $arch; pushd $arch
    rpm="butane-${VR}.${arch}.rpm"
    outfile="butane-${arch}-unknown-linux-gnu"
    koji download-build --key $RPMKEY --rpm $rpm
    rpm -qip $rpm | grep $RPMKEY # Verify the output has the key in it
    rpm2cpio "${rpm}" | cpio -idv ./usr/bin/butane
    mv ./usr/bin/butane "../${outfile}"
    # Add detached signature step here using $KEYTOSIGNWITH
    rm "${rpm}"; rmdir ./usr/bin; rmdir ./usr
    popd; rmdir $arch
    sigul sign-data -a $KEYTOSIGNWITH "./${outfile}" -o "./${outfile}.asc"
done

# Fix permissions
chmod go+r *.asc

After running this you should end up with a directory with files in it like:

$ ls -1
butane-aarch64-unknown-linux-gnu
butane-aarch64-unknown-linux-gnu.asc
butane-ppc64le-unknown-linux-gnu
butane-ppc64le-unknown-linux-gnu.asc
butane-s390x-unknown-linux-gnu
butane-s390x-unknown-linux-gnu.asc
butane-x86_64-apple-darwin
butane-x86_64-apple-darwin.asc
butane-x86_64-pc-windows-gnu.exe
butane-x86_64-pc-windows-gnu.exe.asc
butane-x86_64-unknown-linux-gnu
butane-x86_64-unknown-linux-gnu.asc

Metadata Update from @humaton:
- Issue tagged with: low-gain, low-trouble, ops

2 years ago

Metadata Update from @mohanboddu:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata
Boards 1
Ops Status: Backlog