diff options
author | Carl Dong <contact@carldong.me> | 2021-04-20 15:53:08 -0400 |
---|---|---|
committer | Carl Dong <contact@carldong.me> | 2021-05-03 13:18:19 -0400 |
commit | d522d8006b891eccd7901faf391f9c041ddf8e38 (patch) | |
tree | 6196e4a8400167e71b5570fb7b4aa17d5b1f4bc8 /contrib/guix/guix-attest | |
parent | f9e2960c018103be756a7f8a506816b49d662514 (diff) | |
download | bitcoin-d522d8006b891eccd7901faf391f9c041ddf8e38.tar.xz |
guix: Attest to inputs in inputs.SHA256SUMS
At build/codesigning-time, hash build inputs and output the digest to
${OUTDIR}/inputs.SHA256SUMS, which gets included in the final SHA256SUMS
constructed by guix-attest.
Example final SHA256SUMS:
ee832d2a35b7701bff581dea05a536118b118e3ad0a587a2855b6ee8cd6fba20 inputs/bitcoin-78199266af7b.tar.gz
ca765e70a0c12866dd63c0be228b675278a26329e5f8f5b5c52fd09200fedf21 bitcoin-78199266af7b-powerpc64le-linux-gnu-debug.tar.gz
dae95327d7f2c324e2728c4b73627be6cb2c0d2f2e5bea940d1d5e6463939327 bitcoin-78199266af7b-powerpc64le-linux-gnu.tar.gz
Diffstat (limited to 'contrib/guix/guix-attest')
-rwxr-xr-x | contrib/guix/guix-attest | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/contrib/guix/guix-attest b/contrib/guix/guix-attest index 6aa6ce4716..5093dcb69d 100755 --- a/contrib/guix/guix-attest +++ b/contrib/guix/guix-attest @@ -153,10 +153,17 @@ for outdir in "${OUTDIRS[@]}"; do outdirs_already_attested_to+=("$outdir") else mkdir -p "$outsigdir" - echo "${outname}: Hashing build outputs to produce SHA256SUMS" + ( cd "$outdir" - files="$(find . -type f)" + + if [ -e inputs.SHA256SUMS ]; then + echo "${outname}: Including existent input SHA256SUMS" + cat inputs.SHA256SUMS >> "$outsigdir"/SHA256SUMS + fi + + echo "${outname}: Hashing build outputs to produce SHA256SUMS" + files="$(find -L . -type f ! -iname '*.SHA256SUMS')" if [ -n "$files" ]; then cut -c3- <<< "$files" | env LC_ALL=C sort | xargs sha256sum >> "$outsigdir"/SHA256SUMS else |