[tbb-commits] [tor-browser-build/master] Add build signing options to rbm.local.conf
boklm at torproject.org
boklm at torproject.org
Tue Feb 14 00:36:10 UTC 2017
commit 8c36b34c471ddcc7ebb0ff54e41bb5c30fe15594
Author: Nicolas Vigier <boklm at torproject.org>
Date: Tue Feb 14 01:02:52 2017 +0100
Add build signing options to rbm.local.conf
---
README | 4 +++-
projects/release/config | 4 ++--
rbm.conf | 3 +++
rbm.local.conf.example | 9 +++++++++
4 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/README b/README
index 001a692..956e162 100644
--- a/README
+++ b/README
@@ -157,7 +157,9 @@ Signing builds
If the environment variable RBM_SIGN_BUILD is set to 1, the
sha256sums-unsigned-build.txt file will be signed with gpg.
You can use the RBM_GPG_OPTS environment variable to add some options
-to the gpg command used to sign the file.
+to the gpg command used to sign the file. You can also set the
+var/sign_build and var/sign_build_gpg_opts options in the rbm.local.conf
+file.
Cleaning obsolete files and containers images
diff --git a/projects/release/config b/projects/release/config
index daa78dd..0b3727f 100644
--- a/projects/release/config
+++ b/projects/release/config
@@ -125,7 +125,7 @@ build: |
[% END -%]
cd "$destdir"
sha256sum $(ls -1 *.exe *.tar.xz *.dmg *.mar *.zip | grep -v '\.incremental\.mar$' | sort) > sha256sums-unsigned-build.txt
- [% IF ENV.RBM_SIGN_BUILD -%]
- gpg -abs [% ENV.RBM_GPG_OPTS %] sha256sums-unsigned-build.txt
+ [% IF c("var/sign_build") -%]
+ gpg -abs [% c("var/sign_build_gpg_opts") %] sha256sums-unsigned-build.txt
[% END -%]
cat sha256sums-unsigned-build.txt
diff --git a/rbm.conf b/rbm.conf
index 05e45a6..5dfdc30 100644
--- a/rbm.conf
+++ b/rbm.conf
@@ -49,6 +49,9 @@ var:
- vi
- zh-CN
+ sign_build: '[% ENV.RBM_SIGN_BUILD %]'
+ sign_build_gpg_opts: '[% ENV.RBM_GPG_OPTS %]'
+
targets:
notarget: linux-x86_64
diff --git a/rbm.local.conf.example b/rbm.local.conf.example
index fab3213..42bf431 100644
--- a/rbm.local.conf.example
+++ b/rbm.local.conf.example
@@ -19,4 +19,13 @@
var:
local_conf: 1
+ ### The var/sign_build option defines if you want to sign the
+ ### sha256sums-unsigned-build.txt file with gpg.
+ #sign_build: 1
+
+ ### The var/sign_build_gpg_opts option can be used to define some gpg
+ ### options to select the key to use to sign the sha256sums-unsigned-build.txt
+ ### file.
+ #sign_build_gpg_opts: '--local-user XXXXXXXX'
+
# vim: filetype=yaml sw=2
More information about the tbb-commits
mailing list