mirror of
https://github.com/dashpay/dash.git
synced 2024-12-25 03:52:49 +01:00
Merge bitcoin/bitcoin#22642: release: Release with separate SHA256SUMS and sig files
90b3e482e911fde73133a157c3b354471682275a release: Release with separate SHA256SUMS and sig files (Carl Dong) Pull request description: This allows us to: - remove the rfc4880 EOL hacks, and - release with a SHA256SUMS.asc file that's a combination of all signer signatures ACKs for top commit: achow101: ACK 90b3e482e911fde73133a157c3b354471682275a laanwj: Concept and code review ACK 90b3e482e911fde73133a157c3b354471682275a Tree-SHA512: 5d5086063d303aa0cbd590e5fdf2ae8f555e25f4e43bf67545e33384449b990e94834c711622530ad0eb3dcc83f52746884a5081dadb0acff8dd799cfadafac7
This commit is contained in:
parent
e82c9ad35a
commit
2f09a04d44
@ -159,20 +159,6 @@ Hint: You may wish to remove the existing attestations and their signatures by
|
||||
EOF
|
||||
}
|
||||
|
||||
# Given a document with unix line endings (just <LF>) in stdin, make all lines
|
||||
# end in <CR><LF> and make sure there's no trailing <LF> at the end of the file.
|
||||
#
|
||||
# This is necessary as cleartext signatures are calculated on text after their
|
||||
# line endings are canonicalized.
|
||||
#
|
||||
# For more information:
|
||||
# 1. https://security.stackexchange.com/a/104261
|
||||
# 2. https://datatracker.ietf.org/doc/html/rfc4880#section-7.1
|
||||
#
|
||||
rfc4880_normalize_document() {
|
||||
sed 's/$/\r/' | head -c -2
|
||||
}
|
||||
|
||||
echo "Attesting to build outputs for version: '${VERSION}'"
|
||||
echo ""
|
||||
|
||||
@ -188,7 +174,6 @@ mkdir -p "$outsigdir"
|
||||
cat "${noncodesigned_fragments[@]}" \
|
||||
| sort -u \
|
||||
| sort -k2 \
|
||||
| rfc4880_normalize_document \
|
||||
> "$temp_noncodesigned"
|
||||
if [ -e noncodesigned.SHA256SUMS ]; then
|
||||
# The SHA256SUMS already exists, make sure it's exactly what we
|
||||
@ -217,7 +202,6 @@ mkdir -p "$outsigdir"
|
||||
| sort -u \
|
||||
| sort -k2 \
|
||||
| sed 's/$/\r/' \
|
||||
| rfc4880_normalize_document \
|
||||
> "$temp_codesigned"
|
||||
if [ -e codesigned.SHA256SUMS ]; then
|
||||
# The SHA256SUMS already exists, make sure it's exactly what we
|
||||
|
@ -156,24 +156,10 @@ popd
|
||||
|
||||
### After 3 or more people have guix-built and their results match:
|
||||
|
||||
Combine `all.SHA256SUMS` and `all.SHA256SUMS.asc` into a clear-signed
|
||||
`SHA256SUMS.asc` message:
|
||||
|
||||
```sh
|
||||
echo -e "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n$(cat all.SHA256SUMS)\n$(cat filename.txt.asc)" > SHA256SUMS.asc
|
||||
```
|
||||
|
||||
Here's an equivalent, more readable command if you're confident that you won't
|
||||
mess up whitespaces when copy-pasting:
|
||||
Combine the `all.SHA256SUMS.asc` file from all signers into `SHA256SUMS.asc`:
|
||||
|
||||
```bash
|
||||
cat << EOF > SHA256SUMS.asc
|
||||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA256
|
||||
|
||||
$(cat all.SHA256SUMS)
|
||||
$(cat all.SHA256SUMS.asc)
|
||||
EOF
|
||||
cat "$VERSION"/*/all.SHA256SUMS.asc > SHA256SUMS.asc
|
||||
```
|
||||
|
||||
- Upload to the dash.org server:
|
||||
@ -185,7 +171,10 @@ EOF
|
||||
interested in debugging can run guix to generate the files for
|
||||
themselves. To avoid end-user confusion about which file to pick, as well
|
||||
as save storage space *do not upload these to the dash.org server*.
|
||||
2. The combined clear-signed message you just created `SHA256SUMS.asc`
|
||||
|
||||
2. The `SHA256SUMS` file
|
||||
|
||||
3. The `SHA256SUMS.asc` combined signature file you just created
|
||||
|
||||
- Announce the release:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user