Merge branch 'signing' into 'master'
Implement Signing of deb and rpm Files Closes #4 See merge request librewolf-community/browser/bsys5!9
This commit is contained in:
commit
432c8dde9e
|
@ -14,8 +14,8 @@ ENV TZ=Europe/Amsterdam
|
|||
|
||||
|
||||
# dependencies needed to run ./mach bootstrap
|
||||
RUN ( apt-get -y update && apt-get -y upgrade && apt-get -y install mercurial python3 python3-dev python3-pip wget ; true)
|
||||
RUN ( dnf -y upgrade && dnf -y install mercurial python3 python3-devel wget rpm-build ; true)
|
||||
RUN ( apt-get -y update && apt-get -y upgrade && apt-get -y install mercurial python3 python3-dev python3-pip wget dpkg-sig ; true)
|
||||
RUN ( dnf -y upgrade && dnf -y install mercurial python3 python3-devel wget rpm-build rpm-sign ; true)
|
||||
|
||||
# setup wasi
|
||||
RUN export target_wasi_location=$HOME/.mozbuild/wrlb/ &&\
|
||||
|
|
|
@ -19,6 +19,7 @@ librewolf-$(full_version).en-US.$(distro).x86_64.deb : $(infile)
|
|||
mkdir -p work
|
||||
(cd work && tar xf ../$<)
|
||||
cp -v assets/linux.build-deb.sh work/
|
||||
[ "$(SIGNING_KEY)" != "" ] && cp -v $(SIGNING_KEY) work/pk.asc ; true
|
||||
(cd work && sed "s/MYDIR/\/usr\/share\/librewolf/g" < ../assets/linux.librewolf.desktop.in > start-librewolf.desktop)
|
||||
ifeq ($(use_docker),false)
|
||||
(cd work && bash linux.build-deb.sh $(full_version))
|
||||
|
@ -47,6 +48,7 @@ librewolf-$(full_version).$(fc).x86_64.rpm : $(infile)
|
|||
cp -v assets/linux.librewolf.spec work/librewolf.spec
|
||||
cp -v assets/linux.librewolf.desktop.in work/librewolf/start-librewolf.desktop.in
|
||||
cp -v assets/linux.librewolf.ico work/librewolf/librewolf.ico
|
||||
[ "$(SIGNING_KEY)" != "" ] && cp -v $(SIGNING_KEY) work/pk.asc ; true
|
||||
rm -f work/librewolf/browser/features/proxy-failover@mozilla.com.xpi
|
||||
rm -f work/librewolf/pingsender
|
||||
rm -f work/librewolf/precomplete
|
||||
|
|
|
@ -41,6 +41,12 @@ cp -v ../start-librewolf.desktop usr/share/applications/start-librewolf.desktop
|
|||
cd ..
|
||||
dpkg-deb --build librewolf
|
||||
|
||||
# Sign the deb file if private key is provided
|
||||
if [[ -f pk.asc ]]; then
|
||||
gpg --import pk.asc
|
||||
dpkg-sig --sign builder librewolf.deb
|
||||
fi
|
||||
|
||||
echo ""
|
||||
ls -lh librewolf.deb
|
||||
exit 0
|
||||
|
|
|
@ -1,5 +1,15 @@
|
|||
set -e
|
||||
|
||||
if [[ -f pk.asc ]]; then
|
||||
echo "--- [debug] Importing private key..."
|
||||
gpg --import pk.asc
|
||||
cat >>~/.rpmmacros <<EOF
|
||||
%_signature gpg
|
||||
%_gpg_name LibreWolf Maintainers
|
||||
EOF
|
||||
signing="true"
|
||||
fi
|
||||
|
||||
rm -rf /WORK
|
||||
mkdir /WORK
|
||||
cd /WORK
|
||||
|
@ -61,12 +71,15 @@ rm -rf $HOME/rpmbuild
|
|||
cp -rv rpmbuild $HOME
|
||||
|
||||
# Build the package!
|
||||
echo '---'
|
||||
echo "[debug] Running rpmbuild.."
|
||||
echo '---'
|
||||
|
||||
echo "--- [debug] Running rpmbuild..."
|
||||
rpmbuild -v -bb $(pwd)/rpmbuild/SPECS/librewolf.spec
|
||||
echo '--- [debug] Copying output files to /artifacts'
|
||||
|
||||
echo '--- [debug] Copying output files to /artifacts'
|
||||
#Wrote: /root/rpmbuild/RPMS/x86_64/librewolf-94.0.2-1.fc35.x86_64.rpm
|
||||
cp -v ~/rpmbuild/RPMS/x86_64/librewolf-*.rpm /work/librewolf-$full_version.$fc.x86_64.rpm
|
||||
|
||||
if [[ "$signing" == "true" ]]; then
|
||||
echo '--- [debug] Signing the RPM'
|
||||
export GPG_TTY=$(tty)
|
||||
rpm --addsign /work/librewolf-*.rpm
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue