refactor build: Keep GPG-signatures outside of tarballs

Instead of signing the binary and adding the signature in the release
tarball, keep the GPG-signatures *outside* of the tarball.

This makes it easier to use the built-in GPG-signature verification
features of package managers such as pacman.
This commit is contained in:
Vincent Ambo 2017-08-22 18:37:54 +02:00
parent a9c450c5a3
commit e8cfa9c119

View file

@ -35,15 +35,15 @@ function sign-for() {
local os="${1}" local os="${1}"
local arch="${2}" local arch="${2}"
local target="release/${os}/${arch}" local target="release/${os}/${arch}"
local bin="${target}/kontemplate" local bin=$(binary-name "${os}" "${target}")
local hash="$(sha256sum ${bin})"
local tar="release/kontemplate-${VERSION}-${os}-${arch}.tar.gz" local tar="release/kontemplate-${VERSION}-${os}-${arch}.tar.gz"
echo "Signing kontemplate binary for ${os}-${arch} with SHA256 ${hash}"
gpg --sign "${bin}"
echo "Packing release into ${tar}" echo "Packing release into ${tar}"
tar czvf "${tar}" -C "${target}" kontemplate kontemplate.gpg tar czvf "${tar}" -C "${target}" $(basename "${bin}")
local hash=$(sha256sum "${tar}")
echo "Signing kontemplate release tarball for ${os}-${arch} with SHA256 ${hash}"
gpg --armor --detach-sig --sign "${tar}"
} }
case "${1}" in case "${1}" in
@ -56,7 +56,7 @@ case "${1}" in
exit 0 exit 0
;; ;;
"sign") "sign")
# Sign releases: # Bundle and sign releases:
sign-for "linux" "amd64" sign-for "linux" "amd64"
sign-for "darwin" "amd64" sign-for "darwin" "amd64"
sign-for "windows" "amd64" sign-for "windows" "amd64"