Skip to content

Commit

Permalink
tools: fix release script on macOS 10.12
Browse files Browse the repository at this point in the history
Previously, we were relying on the output of gpg from git tag -v to
verify that the key selected by the releaser is the key that was used
to sign the tag. This output can change depending on the version of git
being used. Now, we just check that the output of git tag -v contains
the key selected.

Fixes: #8822
PR-URL: #8824
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Rod Vagg <[email protected]>
  • Loading branch information
evanlucas authored and jasnell committed Oct 20, 2016
1 parent d62e7bd commit 3ab8be0
Showing 1 changed file with 2 additions and 9 deletions.
11 changes: 2 additions & 9 deletions tools/release.sh
Original file line number Diff line number Diff line change
Expand Up @@ -69,15 +69,8 @@ function sign {

local version=$1

gpgtagkey=$(git tag -v $version 2>&1 | grep 'key ID' | awk '{print $NF}')

if [ "X${gpgtagkey}" == "X" ]; then
echo "Could not find signed tag for \"${version}\""
exit 1
fi

if [ "${gpgtagkey}" != "${gpgkey}" ]; then
echo "GPG key for \"${version}\" tag is not yours, cannot sign"
if ! git tag -v $version 2>&1 | grep "${gpgkey}" | grep key > /dev/null; then
echo "Could not find signed tag for \"${version}\" or GPG key is not yours"
exit 1
fi

Expand Down

0 comments on commit 3ab8be0

Please sign in to comment.