External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-22 11:25:08 -02:30
Code Issues Packages Projects Releases Wiki Activity

Simplify GPG keys

Browse Source
This commit is contained in:
James Laska
2015-09-10 16:26:59 -04:00
parent 19c847ae10
commit 3f9dd3ab22
1 changed files with 17 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
Makefile
View File

@@ -36,20 +36,15 @@ AWS_INSTANCE_COUNT ?= 0
# GPG signature parameters (BETA key not yet used) # GPG signature parameters (BETA key not yet used)
GPG_BIN ?= gpg GPG_BIN ?= gpg
RPM_GPG_RELEASE = 442667A9 GPG_RELEASE = 442667A9
RPM_GPG_RELEASE_FILE = RPM-GPG-KEY-ansible-release GPG_RELEASE_FILE = GPG-KEY-ansible-release
RPM_GPG_BETA = D7B00447 GPG_BETA = D7B00447
RPM_GPG_BETA_FILE = RPM-GPG-KEY-ansible-beta GPG_BETA_FILE = GPG-KEY-ansible-beta
DEB_GPG_RELEASE = 3DD29021
DEB_GPG_RELEASE_FILE = DEB-GPG-KEY-ansible-release
# Determine GPG key for package signing # Determine GPG key for package signing
ifeq ($(OFFICIAL),yes) ifeq ($(OFFICIAL),yes)
TAR_GPG_KEY = $(RPM_GPG_RELEASE) GPG_KEY = $(GPG_RELEASE)
RPM_GPG_KEY = $(RPM_GPG_RELEASE) GPG_FILE = $(GPG_RELEASE_FILE)
RPM_GPG_FILE = $(RPM_GPG_RELEASE_FILE)
DEB_GPG_KEY = $(DEB_GPG_RELEASE)
DEB_GPG_FILE = $(DEB_GPG_RELEASE_FILE)
endif endif
# TAR build parameters # TAR build parameters
@@ -75,7 +70,7 @@ DPUT_OPTS ?=
ifeq ($(OFFICIAL),yes) ifeq ($(OFFICIAL),yes)
DEB_DIST ?= stable DEB_DIST ?= stable
# Sign official builds # Sign official builds
DEBUILD_OPTS += -k$(DEB_GPG_KEY) DEBUILD_OPTS += -k$(GPG_KEY)
else else
DEB_DIST ?= unstable DEB_DIST ?= unstable
# Do not sign development builds # Do not sign development builds
@@ -390,7 +385,7 @@ tar-build/$(SETUP_TAR_CHECKSUM):
@if [ "$(OFFICIAL)" != "yes" ] ; then \ @if [ "$(OFFICIAL)" != "yes" ] ; then \
cd tar-build && $(SHASUM_BIN) $(NAME)*.tar.gz > $(notdir $@) ; \ cd tar-build && $(SHASUM_BIN) $(NAME)*.tar.gz > $(notdir $@) ; \
else \ else \
cd tar-build && $(SHASUM_BIN) $(NAME)*.tar.gz | $(GPG_BIN) --clearsign --batch --passphrase "$(GPG_PASSPHRASE)" -u "$(TAR_GPG_KEY)" -o $(notdir $@) - ; \ cd tar-build && $(SHASUM_BIN) $(NAME)*.tar.gz | $(GPG_BIN) --clearsign --batch --passphrase "$(GPG_PASSPHRASE)" -u "$(GPG_KEY)" -o $(notdir $@) - ; \
fi fi
setup_tarball: tar-build/$(SETUP_TAR_FILE) tar-build/$(SETUP_TAR_CHECKSUM) setup_tarball: tar-build/$(SETUP_TAR_FILE) tar-build/$(SETUP_TAR_CHECKSUM)
@@ -426,7 +421,7 @@ setup-bundle-build/$(OFFLINE_TAR_CHECKSUM):
@if [ "$(OFFICIAL)" != "yes" ] ; then \ @if [ "$(OFFICIAL)" != "yes" ] ; then \
cd setup-bundle-build && $(SHASUM_BIN) $(NAME)*.tar.gz > $(notdir $@) ; \ cd setup-bundle-build && $(SHASUM_BIN) $(NAME)*.tar.gz > $(notdir $@) ; \
else \ else \
cd setup-bundle-build && $(SHASUM_BIN) $(NAME)*.tar.gz | $(GPG_BIN) --clearsign --batch --passphrase "$(GPG_PASSPHRASE)" -u "$(TAR_GPG_KEY)" -o $(notdir $@) - ; \ cd setup-bundle-build && $(SHASUM_BIN) $(NAME)*.tar.gz | $(GPG_BIN) --clearsign --batch --passphrase "$(GPG_PASSPHRASE)" -u "$(GPG_KEY)" -o $(notdir $@) - ; \
fi fi
setup_bundle_tarball: setup-bundle-build setup-bundle-build/$(OFFLINE_TAR_FILE) setup-bundle-build/$(OFFLINE_TAR_CHECKSUM) setup_bundle_tarball: setup-bundle-build setup-bundle-build/$(OFFLINE_TAR_FILE) setup-bundle-build/$(OFFLINE_TAR_CHECKSUM)
@@ -477,11 +472,11 @@ rpm-build/$(RPM_NVR).$(RPM_ARCH).rpm: rpm-build/$(RPM_NVR).src.rpm
mock-rpm: rpmtar rpm-build/$(RPM_NVR).$(RPM_ARCH).rpm mock-rpm: rpmtar rpm-build/$(RPM_NVR).$(RPM_ARCH).rpm
ifeq ($(OFFICIAL),yes) ifeq ($(OFFICIAL),yes)
rpm-build/$(RPM_GPG_FILE): rpm-build rpm-build/$(GPG_FILE): rpm-build
$(GPG_BIN) --export -a "${RPM_GPG_KEY}" > "$@" $(GPG_BIN) --export -a "${GPG_KEY}" > "$@"
rpm-sign: rpm-build/$(RPM_GPG_FILE) rpmtar rpm-build/$(RPM_NVR).$(RPM_ARCH).rpm rpm-sign: rpm-build/$(GPG_FILE) rpmtar rpm-build/$(RPM_NVR).$(RPM_ARCH).rpm
rpm --define "_signature gpg" --define "_gpg_name $(RPM_GPG_KEY)" --addsign rpm-build/$(RPM_NVR).$(RPM_ARCH).rpm rpm --define "_signature gpg" --define "_gpg_name $(GPG_KEY)" --addsign rpm-build/$(RPM_NVR).$(RPM_ARCH).rpm
endif endif
deb-build: deb-build:
@@ -495,10 +490,10 @@ deb-build/$(SDIST_TAR_NAME):
sed -ie "s#^$(NAME) (\([^)]*\)) \([^;]*\);#$(NAME) ($(VERSION)-$(RELEASE)) $(DEB_DIST);#" deb-build/$(SDIST_TAR_NAME)/debian/changelog sed -ie "s#^$(NAME) (\([^)]*\)) \([^;]*\);#$(NAME) ($(VERSION)-$(RELEASE)) $(DEB_DIST);#" deb-build/$(SDIST_TAR_NAME)/debian/changelog
ifeq ($(OFFICIAL),yes) ifeq ($(OFFICIAL),yes)
debian: sdist deb-build/$(SDIST_TAR_NAME) deb-build/$(DEB_GPG_FILE) debian: sdist deb-build/$(SDIST_TAR_NAME) deb-build/$(GPG_FILE)
deb-build/$(DEB_GPG_FILE): deb-build deb-build/$(GPG_FILE): deb-build
$(GPG_BIN) --export -a "${DEB_GPG_KEY}" > "$@" $(GPG_BIN) --export -a "${GPG_KEY}" > "$@"
else else
debian: sdist deb-build/$(SDIST_TAR_NAME) debian: sdist deb-build/$(SDIST_TAR_NAME)
endif endif
@@ -532,7 +527,7 @@ reprepro: deb
cp -a packaging/reprepro/* $@/conf/ cp -a packaging/reprepro/* $@/conf/
if [ "$(OFFICIAL)" = "yes" ] ; then \ if [ "$(OFFICIAL)" = "yes" ] ; then \
echo "ask-passphrase" >> $@/conf/options; \ echo "ask-passphrase" >> $@/conf/options; \
sed -i -e 's|^\(Codename:\)|SignWith: $(DEB_GPG_KEY)\n\1|' $@/conf/distributions ; \ sed -i -e 's|^\(Codename:\)|SignWith: $(GPG_KEY)\n\1|' $@/conf/distributions ; \
fi fi
@DEB=deb-build/$(NAME)_$(VERSION)-$(RELEASE)_$(DEB_ARCH).deb ; \ @DEB=deb-build/$(NAME)_$(VERSION)-$(RELEASE)_$(DEB_ARCH).deb ; \
for DIST in trusty precise ; do \ for DIST in trusty precise ; do \