mirror of
https://github.com/dashpay/dash.git
synced 2024-12-25 03:52:49 +01:00
Merge bitcoin/bitcoin#22642: release: Release with separate SHA256SUMS and sig files
90b3e482e911fde73133a157c3b354471682275a release: Release with separate SHA256SUMS and sig files (Carl Dong) Pull request description: This allows us to: - remove the rfc4880 EOL hacks, and - release with a SHA256SUMS.asc file that's a combination of all signer signatures ACKs for top commit: achow101: ACK 90b3e482e911fde73133a157c3b354471682275a laanwj: Concept and code review ACK 90b3e482e911fde73133a157c3b354471682275a Tree-SHA512: 5d5086063d303aa0cbd590e5fdf2ae8f555e25f4e43bf67545e33384449b990e94834c711622530ad0eb3dcc83f52746884a5081dadb0acff8dd799cfadafac7
This commit is contained in:
parent
e82c9ad35a
commit
2f09a04d44
@ -159,20 +159,6 @@ Hint: You may wish to remove the existing attestations and their signatures by
|
|||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
# Given a document with unix line endings (just <LF>) in stdin, make all lines
|
|
||||||
# end in <CR><LF> and make sure there's no trailing <LF> at the end of the file.
|
|
||||||
#
|
|
||||||
# This is necessary as cleartext signatures are calculated on text after their
|
|
||||||
# line endings are canonicalized.
|
|
||||||
#
|
|
||||||
# For more information:
|
|
||||||
# 1. https://security.stackexchange.com/a/104261
|
|
||||||
# 2. https://datatracker.ietf.org/doc/html/rfc4880#section-7.1
|
|
||||||
#
|
|
||||||
rfc4880_normalize_document() {
|
|
||||||
sed 's/$/\r/' | head -c -2
|
|
||||||
}
|
|
||||||
|
|
||||||
echo "Attesting to build outputs for version: '${VERSION}'"
|
echo "Attesting to build outputs for version: '${VERSION}'"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
@ -188,7 +174,6 @@ mkdir -p "$outsigdir"
|
|||||||
cat "${noncodesigned_fragments[@]}" \
|
cat "${noncodesigned_fragments[@]}" \
|
||||||
| sort -u \
|
| sort -u \
|
||||||
| sort -k2 \
|
| sort -k2 \
|
||||||
| rfc4880_normalize_document \
|
|
||||||
> "$temp_noncodesigned"
|
> "$temp_noncodesigned"
|
||||||
if [ -e noncodesigned.SHA256SUMS ]; then
|
if [ -e noncodesigned.SHA256SUMS ]; then
|
||||||
# The SHA256SUMS already exists, make sure it's exactly what we
|
# The SHA256SUMS already exists, make sure it's exactly what we
|
||||||
@ -217,7 +202,6 @@ mkdir -p "$outsigdir"
|
|||||||
| sort -u \
|
| sort -u \
|
||||||
| sort -k2 \
|
| sort -k2 \
|
||||||
| sed 's/$/\r/' \
|
| sed 's/$/\r/' \
|
||||||
| rfc4880_normalize_document \
|
|
||||||
> "$temp_codesigned"
|
> "$temp_codesigned"
|
||||||
if [ -e codesigned.SHA256SUMS ]; then
|
if [ -e codesigned.SHA256SUMS ]; then
|
||||||
# The SHA256SUMS already exists, make sure it's exactly what we
|
# The SHA256SUMS already exists, make sure it's exactly what we
|
||||||
|
@ -156,24 +156,10 @@ popd
|
|||||||
|
|
||||||
### After 3 or more people have guix-built and their results match:
|
### After 3 or more people have guix-built and their results match:
|
||||||
|
|
||||||
Combine `all.SHA256SUMS` and `all.SHA256SUMS.asc` into a clear-signed
|
Combine the `all.SHA256SUMS.asc` file from all signers into `SHA256SUMS.asc`:
|
||||||
`SHA256SUMS.asc` message:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
echo -e "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n$(cat all.SHA256SUMS)\n$(cat filename.txt.asc)" > SHA256SUMS.asc
|
|
||||||
```
|
|
||||||
|
|
||||||
Here's an equivalent, more readable command if you're confident that you won't
|
|
||||||
mess up whitespaces when copy-pasting:
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cat << EOF > SHA256SUMS.asc
|
cat "$VERSION"/*/all.SHA256SUMS.asc > SHA256SUMS.asc
|
||||||
-----BEGIN PGP SIGNED MESSAGE-----
|
|
||||||
Hash: SHA256
|
|
||||||
|
|
||||||
$(cat all.SHA256SUMS)
|
|
||||||
$(cat all.SHA256SUMS.asc)
|
|
||||||
EOF
|
|
||||||
```
|
```
|
||||||
|
|
||||||
- Upload to the dash.org server:
|
- Upload to the dash.org server:
|
||||||
@ -185,7 +171,10 @@ EOF
|
|||||||
interested in debugging can run guix to generate the files for
|
interested in debugging can run guix to generate the files for
|
||||||
themselves. To avoid end-user confusion about which file to pick, as well
|
themselves. To avoid end-user confusion about which file to pick, as well
|
||||||
as save storage space *do not upload these to the dash.org server*.
|
as save storage space *do not upload these to the dash.org server*.
|
||||||
2. The combined clear-signed message you just created `SHA256SUMS.asc`
|
|
||||||
|
2. The `SHA256SUMS` file
|
||||||
|
|
||||||
|
3. The `SHA256SUMS.asc` combined signature file you just created
|
||||||
|
|
||||||
- Announce the release:
|
- Announce the release:
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user