diff options
author | Carl Dong <contact@carldong.me> | 2021-08-05 16:57:45 -0400 |
---|---|---|
committer | Carl Dong <contact@carldong.me> | 2021-08-05 16:58:54 -0400 |
commit | 90b3e482e911fde73133a157c3b354471682275a (patch) | |
tree | 0cd85ef3b48892aa6a0477062a7257ab53310c51 /contrib | |
parent | b620b2d58a55a88ad21da70cb2000863ef17b651 (diff) |
release: Release with separate SHA256SUMS and sig files
This allows us to remove the rfc4880 EOL hacks and release with a
SHA256SUMS.asc file that's a combination of all signer signatures.
Diffstat (limited to 'contrib')
-rwxr-xr-x | contrib/guix/guix-attest | 16 |
1 files changed, 0 insertions, 16 deletions
diff --git a/contrib/guix/guix-attest b/contrib/guix/guix-attest index dcf709b542..1503c330b2 100755 --- a/contrib/guix/guix-attest +++ b/contrib/guix/guix-attest @@ -159,20 +159,6 @@ Hint: You may wish to remove the existing attestations and their signatures by EOF } -# Given a document with unix line endings (just <LF>) in stdin, make all lines -# end in <CR><LF> and make sure there's no trailing <LF> at the end of the file. -# -# This is necessary as cleartext signatures are calculated on text after their -# line endings are canonicalized. -# -# For more information: -# 1. https://security.stackexchange.com/a/104261 -# 2. https://datatracker.ietf.org/doc/html/rfc4880#section-7.1 -# -rfc4880_normalize_document() { - sed 's/$/\r/' | head -c -2 -} - echo "Attesting to build outputs for version: '${VERSION}'" echo "" @@ -188,7 +174,6 @@ mkdir -p "$outsigdir" cat "${noncodesigned_fragments[@]}" \ | sort -u \ | sort -k2 \ - | rfc4880_normalize_document \ > "$temp_noncodesigned" if [ -e noncodesigned.SHA256SUMS ]; then # The SHA256SUMS already exists, make sure it's exactly what we @@ -216,7 +201,6 @@ mkdir -p "$outsigdir" cat "${sha256sum_fragments[@]}" \ | sort -u \ | sort -k2 \ - | rfc4880_normalize_document \ > "$temp_all" if [ -e all.SHA256SUMS ]; then # The SHA256SUMS already exists, make sure it's exactly what we |