Skip to content

Commit a8d43bc

Browse files
ecristecrist
committed
Release v3.1.5
* update build script to sign/verify using gpg * update ChangeLog for release Signed-off-by: Eric F Crist <[email protected]>
1 parent a24578a commit a8d43bc

File tree

2 files changed

+41
-2
lines changed

2 files changed

+41
-2
lines changed

ChangeLog

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
Easy-RSA 3 ChangeLog
22

3-
3.1.5 (2023-06-12)
3+
3.1.5 (2023-06-10)
4+
* Build Update: script now supports signing and verifying
45
* Automate support-file creation (Free packaging) (#964)
56
* build-ca: New command option 'raw-ca', abbrevation: 'raw' (#963)
67

build/build-dist.sh

Lines changed: 39 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ build-dist options:
2222
--no-windows do not build for Windows
2323
--no-unix do not build for UNIX
2424
--no-compress do not create zip/tar
25-
25+
--sign Use GPG to sign and verify packages
2626
--dist-clean rm -rf the DIST_ROOT w/out prompts
2727
__EOF__
2828

@@ -56,6 +56,38 @@ main() {
5656
$SKIP_ZIP || make_zip
5757
}
5858

59+
# perform sign and verify
60+
sign_verify() {
61+
# make sure gpg exists
62+
gpgbin=$(which gpg)
63+
if [ $? -ne 0 ];
64+
then
65+
echo "No gpg binary found in path."
66+
return 1
67+
fi
68+
69+
# $1 is our filename, it should exist
70+
if [ -e "$1" ]; then
71+
sign_out=$(gpg -qb "$1" 2>&1 )
72+
# if signing worked, let's verify it
73+
if [ $? -eq 0 ];
74+
then
75+
verify_out=$(gpg -q --verify "$1.sig" 2>&1 )
76+
# if it's verified, return true
77+
if [ $? -eq 0 ];
78+
then
79+
note "Sign and verify successful!"
80+
return 0
81+
fi
82+
fi
83+
# signing failed
84+
note "Signing failed."
85+
return 1
86+
else
87+
note "The file $1 doesn't exist or isn't readable."
88+
fi
89+
}
90+
5991
# prep DIST_ROOT
6092
dist_clean() {
6193
if [ -e "$DIST_ROOT" ]; then
@@ -142,20 +174,23 @@ stage_win() {
142174
make_tar() {
143175
(cd "$DIST_ROOT/unix/"; tar -czf "../${PV}.tgz" "$PV") || die "tar failed"
144176
note "tarball created at: $DIST_ROOT/${PV}.tgz"
177+
$SKIP_SIGN || sign_verify "$DIST_ROOT/${PV}.tgz"
145178
}
146179

147180
make_zip() {
148181
for win in win32 win64;
149182
do
150183
(cd "$DIST_ROOT/$win/"; zip -qr "../${PV}-$win.zip" "$PV") || die "zip failed"
151184
note "zip file created at: $DIST_ROOT/${PV}-$win.zip"
185+
$SKIP_SIGN || sign_verify "$DIST_ROOT/${PV}-$win.zip"
152186
done
153187
}
154188

155189
SKIP_WIN=false
156190
SKIP_UNIX=false
157191
SKIP_ZIP=false
158192
SKIP_TAR=false
193+
SKIP_SIGN=true
159194
# parse CLI options:
160195
while [ -n "$1" ]
161196
do
@@ -180,6 +215,9 @@ do
180215
# shellcheck disable=SC2034
181216
BIN_DEST="$val"
182217
;;
218+
--sign)
219+
SKIP_SIGN=false
220+
;;
183221
--dist-clean)
184222
DISTCLEAN=1
185223
;;

0 commit comments

Comments
 (0)