mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 09:12:24 +00:00
Key rollover: switch to signing using the new keys.
sign.sh's command-line syntax has changed, so I've updated the sample command line in CHECKLST as well. Also the file extensions of the signatures have changed, so I've updated the pre-release verification command line in CHECKLST too.
This commit is contained in:
parent
bb68baf53b
commit
11eb75a260
@ -135,7 +135,7 @@ for it:
|
|||||||
installer and the Unix source tarball.
|
installer and the Unix source tarball.
|
||||||
|
|
||||||
- Sign the release: in the `build.out' directory, type
|
- Sign the release: in the `build.out' directory, type
|
||||||
sh sign.sh putty Releases
|
sh sign.sh -r putty
|
||||||
and enter the passphrases a lot of times.
|
and enter the passphrases a lot of times.
|
||||||
|
|
||||||
The actual release procedure
|
The actual release procedure
|
||||||
@ -151,7 +151,7 @@ locally, this is the procedure for putting it up on the web.
|
|||||||
|
|
||||||
- Do final checks on the release directory in its new location:
|
- Do final checks on the release directory in its new location:
|
||||||
+ verify all the signatures:
|
+ verify all the signatures:
|
||||||
for i in `find . -name '*.*SA'`; do case $i in *sums*) gpg --verify $i;; *) gpg --verify $i ${i%%.?SA};; esac; done
|
for i in `find . -name '*.gpg'`; do case $i in *sums*) gpg --verify $i;; *) gpg --verify $i ${i%%.gpg};; esac; done
|
||||||
+ check the checksum files:
|
+ check the checksum files:
|
||||||
md5sum -c md5sums
|
md5sum -c md5sums
|
||||||
sha1sum -c sha1sums
|
sha1sum -c sha1sums
|
||||||
|
30
sign.sh
30
sign.sh
@ -3,29 +3,33 @@
|
|||||||
# Generate GPG signatures on a PuTTY release/snapshot directory as
|
# Generate GPG signatures on a PuTTY release/snapshot directory as
|
||||||
# delivered by Buildscr.
|
# delivered by Buildscr.
|
||||||
|
|
||||||
# Usage: sh sign.sh <builddir> <keytype>
|
# Usage: sh sign.sh [-r] <builddir>
|
||||||
# e.g. sh sign.sh putty Snapshots (probably in the build.out directory)
|
# e.g. sh sign.sh putty (probably in the build.out directory)
|
||||||
# or sh sign.sh 0.60 Releases
|
# or sh sign.sh -r 0.60 (-r means use the release keys)
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
|
keyname=EEF20295D15F7E8A
|
||||||
|
|
||||||
|
if test "x$1" = "x-r"; then
|
||||||
|
shift
|
||||||
|
keyname=9DFE2648B43434E4
|
||||||
|
fi
|
||||||
|
|
||||||
sign() {
|
sign() {
|
||||||
# Check for the prior existence of the signature, so we can
|
# Check for the prior existence of the signature, so we can
|
||||||
# re-run this script if it encounters an error part way
|
# re-run this script if it encounters an error part way
|
||||||
# through.
|
# through.
|
||||||
echo "----- Signing $2 with '$keyname'"
|
echo "----- Signing $2 with key '$keyname'"
|
||||||
test -f "$3" || \
|
test -f "$3" || \
|
||||||
gpg --load-extension=idea "$1" -u "$keyname" -o "$3" "$2"
|
gpg --load-extension=idea "$1" -u "$keyname" -o "$3" "$2"
|
||||||
}
|
}
|
||||||
|
|
||||||
cd "$1"
|
cd "$1"
|
||||||
for t in DSA RSA; do
|
echo "===== Signing with key '$keyname'"
|
||||||
keyname="$2 ($t)"
|
for i in putty*src.zip putty*.tar.gz x86/*.exe x86/*.zip; do
|
||||||
echo "===== Signing with '$keyname'"
|
sign --detach-sign "$i" "$i.gpg"
|
||||||
for i in putty*src.zip putty*.tar.gz x86/*.exe x86/*.zip; do
|
done
|
||||||
sign --detach-sign "$i" "$i.$t"
|
for i in md5sums sha1sums sha256sums sha512sums; do
|
||||||
done
|
sign --clearsign "$i" "$i.gpg"
|
||||||
for i in md5sums sha1sums sha256sums sha512sums; do
|
|
||||||
sign --clearsign $i ${i}.$t
|
|
||||||
done
|
|
||||||
done
|
done
|
||||||
|
Loading…
Reference in New Issue
Block a user