aboutsummaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
authorCarl Dong <contact@carldong.me>2021-08-05 16:57:45 -0400
committerCarl Dong <contact@carldong.me>2021-08-05 16:58:54 -0400
commit90b3e482e911fde73133a157c3b354471682275a (patch)
tree0cd85ef3b48892aa6a0477062a7257ab53310c51 /contrib
parentb620b2d58a55a88ad21da70cb2000863ef17b651 (diff)
release: Release with separate SHA256SUMS and sig files
This allows us to remove the rfc4880 EOL hacks and release with a SHA256SUMS.asc file that's a combination of all signer signatures.
Diffstat (limited to 'contrib')
-rwxr-xr-xcontrib/guix/guix-attest16
1 files changed, 0 insertions, 16 deletions
diff --git a/contrib/guix/guix-attest b/contrib/guix/guix-attest
index dcf709b542..1503c330b2 100755
--- a/contrib/guix/guix-attest
+++ b/contrib/guix/guix-attest
@@ -159,20 +159,6 @@ Hint: You may wish to remove the existing attestations and their signatures by
EOF
}
-# Given a document with unix line endings (just <LF>) in stdin, make all lines
-# end in <CR><LF> and make sure there's no trailing <LF> at the end of the file.
-#
-# This is necessary as cleartext signatures are calculated on text after their
-# line endings are canonicalized.
-#
-# For more information:
-# 1. https://security.stackexchange.com/a/104261
-# 2. https://datatracker.ietf.org/doc/html/rfc4880#section-7.1
-#
-rfc4880_normalize_document() {
- sed 's/$/\r/' | head -c -2
-}
-
echo "Attesting to build outputs for version: '${VERSION}'"
echo ""
@@ -188,7 +174,6 @@ mkdir -p "$outsigdir"
cat "${noncodesigned_fragments[@]}" \
| sort -u \
| sort -k2 \
- | rfc4880_normalize_document \
> "$temp_noncodesigned"
if [ -e noncodesigned.SHA256SUMS ]; then
# The SHA256SUMS already exists, make sure it's exactly what we
@@ -216,7 +201,6 @@ mkdir -p "$outsigdir"
cat "${sha256sum_fragments[@]}" \
| sort -u \
| sort -k2 \
- | rfc4880_normalize_document \
> "$temp_all"
if [ -e all.SHA256SUMS ]; then
# The SHA256SUMS already exists, make sure it's exactly what we