diff options
author | W. J. van der Laan <laanwj@protonmail.com> | 2021-05-12 13:17:54 +0200 |
---|---|---|
committer | W. J. van der Laan <laanwj@protonmail.com> | 2021-05-12 13:51:38 +0200 |
commit | 01624a7db36a3d382f86fffb04e8b6b62609750b (patch) | |
tree | 7ac081c2dfd795ad3225511aab4e853cd9395044 /contrib/guix/libexec | |
parent | 2e30e328a7a46e0405664fd0cb31d971171f71d1 (diff) | |
parent | d420e5c1c015f58d07aca4d6a805086488f74d03 (diff) |
Merge bitcoin/bitcoin#21462: guix: Add guix-{attest,verify} scripts
d420e5c1c015f58d07aca4d6a805086488f74d03 guix-attest: Avoid incomplete sigdirs with ERR traps (Carl Dong)
feda2c8e3180cb983c35976d4440cea23a155b7f guix: Skip attesting to dist-archive (Carl Dong)
d522d8006b891eccd7901faf391f9c041ddf8e38 guix: Attest to inputs in inputs.SHA256SUMS (Carl Dong)
f9e2960c018103be756a7f8a506816b49d662514 guix: Construct $OUTDIR in ${DISTSRC}/output (Carl Dong)
022abc85fc7e711a900fed8e5071919a151c0a63 guix: Minor quoting fix in libexec/build.sh (Carl Dong)
c83c4fa5b78aef33bba36b3a0d273422297bd630 guix-attest: Allow skipping GPG signing with NO_SIGN (Carl Dong)
0e1c2e448c25568f276e4f022128870c76ca216b guix-attest: Use ascii-armor signatures (Carl Dong)
b5fd89c4c89136007429688601ce4fa497f5f09e guix-attest: Only use cross-platform flags for find+xargs (Carl Dong)
5926432ba68ba154df6c8eaa74adb18cc0123167 guix: Add guix-verify script (Carl Dong)
30daf76a97c57a5f74c8dad1da282dcc0ff8b3fb guix: Add guix-attest script (Carl Dong)
Pull request description:
Adds replacements for `gsign` and `gverify`.
Personally I'm not a big fan of using the word "sign" as it's been used to refer to both codesigning and GPG signing.
ACKs for top commit:
laanwj:
Code review and tested ACK d420e5c1c015f58d07aca4d6a805086488f74d03
Tree-SHA512: 93d82d201f4596eaea0e3825aa55b013dfb91790e6ccee79893833d37921513d7b4e735f0641103e1e2ea8308abe4cb6218b73160924708802f2e0e3f7f6caf1
Diffstat (limited to 'contrib/guix/libexec')
-rwxr-xr-x | contrib/guix/libexec/build.sh | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/contrib/guix/libexec/build.sh b/contrib/guix/libexec/build.sh index e95617e2e2..00cb494963 100755 --- a/contrib/guix/libexec/build.sh +++ b/contrib/guix/libexec/build.sh @@ -33,6 +33,9 @@ Required environment variables as seen inside the container: OUTDIR: ${OUTDIR:?not set} EOF +ACTUAL_OUTDIR="${OUTDIR}" +OUTDIR="${DISTSRC}/output" + ##################### # Environment Setup # ##################### @@ -224,9 +227,25 @@ GIT_ARCHIVE="${DIST_ARCHIVE_BASE}/${DISTNAME}.tar.gz" # Create the source tarball if not already there if [ ! -e "$GIT_ARCHIVE" ]; then mkdir -p "$(dirname "$GIT_ARCHIVE")" + touch "${DIST_ARCHIVE_BASE}"/SKIPATTEST.TAG git archive --prefix="${DISTNAME}/" --output="$GIT_ARCHIVE" HEAD fi +# tmpdir="$(mktemp -d)" +# ( +# cd "$tmpdir" +# mkdir -p inputs +# ln -sf --target-directory=inputs "$GIT_ARCHIVE" + +# mkdir -p "$OUTDIR" +# find -L inputs -type f -print0 | xargs -0 sha256sum > "${OUTDIR}/inputs.SHA256SUMS" +# ) + +mkdir -p "$OUTDIR" +cat << EOF > "$OUTDIR"/inputs.SHA256SUMS +$(sha256sum "$GIT_ARCHIVE" | cut -d' ' -f1) inputs/$(basename "$GIT_ARCHIVE") +EOF + ########################### # Binary Tarball Building # ########################### @@ -292,7 +311,8 @@ mkdir -p "$DISTSRC" # version symbols for Linux distro back-compatibility. make -C src --jobs=1 check-symbols ${V:+V=1} - mkdir -p ${OUTDIR} + mkdir -p "$OUTDIR" + # Make the os-specific installers case "$HOST" in *mingw*) @@ -427,3 +447,5 @@ mkdir -p "$DISTSRC" ;; esac ) # $DISTSRC + +mv --no-target-directory "$OUTDIR" "$ACTUAL_OUTDIR" |