[tbb-commits] [tor-browser-build/master] Add option to sign the sha256sums-unsigned-build.txt file

boklm at torproject.org boklm at torproject.org
Mon Feb 6 18:25:57 UTC 2017


commit c0242adc7a6a414bb183a3f07dddd64b7e3a51bc
Author: Nicolas Vigier <boklm at torproject.org>
Date:   Mon Feb 6 19:23:44 2017 +0100

    Add option to sign the sha256sums-unsigned-build.txt file
---
 README                  | 9 +++++++++
 projects/release/config | 3 +++
 2 files changed, 12 insertions(+)

diff --git a/README b/README
index 0b8e510..2c36d74 100644
--- a/README
+++ b/README
@@ -149,6 +149,15 @@ the build files in the tor-browser-builds/ directory (unless you changed
 the publish_dir option).
 
 
+Signing builds
+--------------
+
+If the environment variable RBM_SIGN_BUILD is set to 1, the
+sha256sums-unsigned-build.txt file will be signed with gpg.
+You can use the RBM_GPG_OPTS environment variable to add some options
+to the gpg command used to sign the file.
+
+
 Cleaning obsolete files and containers images
 ---------------------------------------------
 
diff --git a/projects/release/config b/projects/release/config
index 09b4c0e..daa78dd 100644
--- a/projects/release/config
+++ b/projects/release/config
@@ -125,4 +125,7 @@ build: |
   [% END -%]
   cd "$destdir"
   sha256sum $(ls -1 *.exe *.tar.xz *.dmg *.mar *.zip | grep -v '\.incremental\.mar$' | sort) > sha256sums-unsigned-build.txt
+  [% IF ENV.RBM_SIGN_BUILD -%]
+    gpg -abs [% ENV.RBM_GPG_OPTS %] sha256sums-unsigned-build.txt
+  [% END -%]
   cat sha256sums-unsigned-build.txt



More information about the tbb-commits mailing list