releng

Clone

#10862 Create detached signatures for the Butane 0.15.0 release
Closed: Fixed 2 years ago by humaton. Opened 2 years ago by spresti.

Closed: Fixed
Reopen Issue 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/bin/bash
set -eux -o pipefail

# Use the Fedora 36 key for the detached signatures
KEYTOSIGNWITH='fedora-36'

VR='0.15.0-1.fc36'
RPMKEY='38ab71f4' # Fedora 36 key
ARCHES='x86_64 aarch64 ppc64le s390x'

do_sign() {
    # Sign with sigul unless FAKESIGN=1
    if [ ${FAKESIGN:-0} != 1 ]; then
        sigul sign-data -a $KEYTOSIGNWITH "$1" -o "$1.asc"
    else
        echo INVALID > "$1.asc"
    fi
}

# Grab the binaries out of the redistributable rpm
rpm="butane-redistributable-${VR}.noarch.rpm"
koji download-build --key $RPMKEY --rpm $rpm
rpm -qip $rpm | grep -P "^Signature.*${RPMKEY}$" # Verify the output has the key in it
rpm2cpio $rpm | cpio -idv './usr/share/butane/butane-*'

# Sign the Linux binaries
for arch in $ARCHES; do
    mv usr/share/butane/butane-${arch}-unknown-linux-gnu-static butane-${arch}-unknown-linux-gnu
    do_sign butane-${arch}-unknown-linux-gnu
done

# Sign the non-Linux binaries
mv usr/share/butane/{butane-x86_64-apple-darwin,butane-x86_64-pc-windows-gnu.exe} ./
do_sign butane-x86_64-apple-darwin
do_sign butane-x86_64-pc-windows-gnu.exe

# Fix permissions and clean up
chmod go+r *.asc
rm $rpm; rmdir ./usr/share/butane; rmdir ./usr/share; rmdir ./usr

After running this you should end up with a directory with files in it like:

$ ls -1
butane-aarch64-unknown-linux-gnu
butane-aarch64-unknown-linux-gnu.asc
butane-ppc64le-unknown-linux-gnu
butane-ppc64le-unknown-linux-gnu.asc
butane-s390x-unknown-linux-gnu
butane-s390x-unknown-linux-gnu.asc
butane-x86_64-apple-darwin
butane-x86_64-apple-darwin.asc
butane-x86_64-pc-windows-gnu.exe
butane-x86_64-pc-windows-gnu.exe.asc
butane-x86_64-unknown-linux-gnu
butane-x86_64-unknown-linux-gnu.asc

Metadata Update from @phsmoura:
- Issue tagged with: medium-gain, medium-trouble, ops
2 years ago

Metadata Update from @humaton:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
2 years ago

Login to comment on this ticket.

Metadata
None

medium-trouble medium-gain ops

None
None
None
None
None
None
Boards 1
Ops Status: Backlog
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.