Sign deb and rpm Files
This commit is contained in:
parent
cb21fa537c
commit
850effa8b1
|
@ -14,8 +14,8 @@ ENV TZ=Europe/Amsterdam
|
||||||
|
|
||||||
|
|
||||||
# dependencies needed to run ./mach bootstrap
|
# dependencies needed to run ./mach bootstrap
|
||||||
RUN ( apt-get -y update && apt-get -y upgrade && apt-get -y install mercurial python3 python3-dev python3-pip wget ; true)
|
RUN ( apt-get -y update && apt-get -y upgrade && apt-get -y install mercurial python3 python3-dev python3-pip wget dpkg-sig ; true)
|
||||||
RUN ( dnf -y upgrade && dnf -y install mercurial python3 python3-devel wget rpm-build ; true)
|
RUN ( dnf -y upgrade && dnf -y install mercurial python3 python3-devel wget rpm-build rpm-sign ; true)
|
||||||
|
|
||||||
# setup wasi
|
# setup wasi
|
||||||
RUN export target_wasi_location=$HOME/.mozbuild/wrlb/ &&\
|
RUN export target_wasi_location=$HOME/.mozbuild/wrlb/ &&\
|
||||||
|
|
|
@ -19,6 +19,7 @@ librewolf-$(full_version).en-US.$(distro).x86_64.deb : $(infile)
|
||||||
mkdir -p work
|
mkdir -p work
|
||||||
(cd work && tar xf ../$<)
|
(cd work && tar xf ../$<)
|
||||||
cp -v assets/linux.build-deb.sh work/
|
cp -v assets/linux.build-deb.sh work/
|
||||||
|
[ "$(SIGNING_KEY)" != "" ] && cp -v $(SIGNING_KEY) work/pk.asc ; true
|
||||||
(cd work && sed "s/MYDIR/\/usr\/share\/librewolf/g" < ../assets/linux.librewolf.desktop.in > start-librewolf.desktop)
|
(cd work && sed "s/MYDIR/\/usr\/share\/librewolf/g" < ../assets/linux.librewolf.desktop.in > start-librewolf.desktop)
|
||||||
ifeq ($(use_docker),false)
|
ifeq ($(use_docker),false)
|
||||||
(cd work && bash linux.build-deb.sh $(full_version))
|
(cd work && bash linux.build-deb.sh $(full_version))
|
||||||
|
@ -47,6 +48,7 @@ librewolf-$(full_version).$(fc).x86_64.rpm : $(infile)
|
||||||
cp -v assets/linux.librewolf.spec work/librewolf.spec
|
cp -v assets/linux.librewolf.spec work/librewolf.spec
|
||||||
cp -v assets/linux.librewolf.desktop.in work/librewolf/start-librewolf.desktop.in
|
cp -v assets/linux.librewolf.desktop.in work/librewolf/start-librewolf.desktop.in
|
||||||
cp -v assets/linux.librewolf.ico work/librewolf/librewolf.ico
|
cp -v assets/linux.librewolf.ico work/librewolf/librewolf.ico
|
||||||
|
[ "$(SIGNING_KEY)" != "" ] && cp -v $(SIGNING_KEY) work/pk.asc ; true
|
||||||
rm -f work/librewolf/browser/features/proxy-failover@mozilla.com.xpi
|
rm -f work/librewolf/browser/features/proxy-failover@mozilla.com.xpi
|
||||||
rm -f work/librewolf/pingsender
|
rm -f work/librewolf/pingsender
|
||||||
rm -f work/librewolf/precomplete
|
rm -f work/librewolf/precomplete
|
||||||
|
|
|
@ -41,6 +41,12 @@ cp -v ../start-librewolf.desktop usr/share/applications/start-librewolf.desktop
|
||||||
cd ..
|
cd ..
|
||||||
dpkg-deb --build librewolf
|
dpkg-deb --build librewolf
|
||||||
|
|
||||||
|
# Sign the deb file if private key is provided
|
||||||
|
if [[ -f pk.asc ]]; then
|
||||||
|
gpg --import pk.asc
|
||||||
|
dpkg-sig --sign builder librewolf.deb
|
||||||
|
fi
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
ls -lh librewolf.deb
|
ls -lh librewolf.deb
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
@ -1,5 +1,15 @@
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
|
if [[ -f pk.asc ]]; then
|
||||||
|
echo "--- [debug] Importing private key..."
|
||||||
|
gpg --import pk.asc
|
||||||
|
cat >>~/.rpmmacros <<EOF
|
||||||
|
%_signature gpg
|
||||||
|
%_gpg_name LibreWolf Maintainers
|
||||||
|
EOF
|
||||||
|
signing="true"
|
||||||
|
fi
|
||||||
|
|
||||||
rm -rf /WORK
|
rm -rf /WORK
|
||||||
mkdir /WORK
|
mkdir /WORK
|
||||||
cd /WORK
|
cd /WORK
|
||||||
|
@ -61,12 +71,15 @@ rm -rf $HOME/rpmbuild
|
||||||
cp -rv rpmbuild $HOME
|
cp -rv rpmbuild $HOME
|
||||||
|
|
||||||
# Build the package!
|
# Build the package!
|
||||||
echo '---'
|
echo "--- [debug] Running rpmbuild..."
|
||||||
echo "[debug] Running rpmbuild.."
|
|
||||||
echo '---'
|
|
||||||
|
|
||||||
rpmbuild -v -bb $(pwd)/rpmbuild/SPECS/librewolf.spec
|
rpmbuild -v -bb $(pwd)/rpmbuild/SPECS/librewolf.spec
|
||||||
echo '--- [debug] Copying output files to /artifacts'
|
|
||||||
|
|
||||||
|
echo '--- [debug] Copying output files to /artifacts'
|
||||||
#Wrote: /root/rpmbuild/RPMS/x86_64/librewolf-94.0.2-1.fc35.x86_64.rpm
|
#Wrote: /root/rpmbuild/RPMS/x86_64/librewolf-94.0.2-1.fc35.x86_64.rpm
|
||||||
cp -v ~/rpmbuild/RPMS/x86_64/librewolf-*.rpm /work/librewolf-$full_version.$fc.x86_64.rpm
|
cp -v ~/rpmbuild/RPMS/x86_64/librewolf-*.rpm /work/librewolf-$full_version.$fc.x86_64.rpm
|
||||||
|
|
||||||
|
if [[ "$signing" == "true" ]]; then
|
||||||
|
echo '--- [debug] Signing the RPM'
|
||||||
|
export GPG_TTY=$(tty)
|
||||||
|
rpm --addsign /work/librewolf-*.rpm
|
||||||
|
fi
|
||||||
|
|
Loading…
Reference in New Issue