Uploaded image for project: 'Community Linux Engineering'
  1. Community Linux Engineering
  2. CLE-3327

Create detached signatures for the butane 0.26.0 release

SetAsigneesSync from "Extern...update-metadata-from-f...XMLWordPrintable

    • 3

      Original reporter: spresti@redhat.com

      The issue:

      Please create detached signatures for the binaries we will upload to GitHub for the `butane` 0.26.0 release. This is a manual process for now, pending the automation discussed in https://pagure.io/robosignatory/issue/53 and https://github.com/coreos/fedora-coreos-tracker/issues/335.

      The binaries themselves have been built in koji. Here is a small script to grab all of the rpms and the files out of the rpms and name them appropriately:

      ```
      #!/bin/bash
      set -eux -o pipefail

      1. Use the Fedora 43 key for the detached signatures
        KEYTOSIGNWITH='fedora-43'

      VR='0.26.0-1.fc43'
      RPMKEY='31645531' # Fedora 43 key

      do_sign() {

      1. Sign with sigul unless FAKESIGN=1
        if [ ${FAKESIGN:-0} != 1 ]; then
        sigul sign-data -a $KEYTOSIGNWITH "$1" -o "$1.asc"
        else
        echo INVALID > "$1.asc"
        fi
        }
      1. Grab the binaries out of the redistributable rpm
        rpm="butane-redistributable-${VR}.noarch.rpm"
        koji download-build --key $RPMKEY --rpm $rpm
        rpm -qip $rpm | grep -P "^Signature.*${RPMKEY}$" # Verify the output has the key in it
        rpm2cpio $rpm | cpio idv './usr/share/butane/butane*'
      1. Rename the binaries
        mv usr/share/butane/butane-aarch64-apple-darwin \
        butane-aarch64-apple-darwin
        mv usr/share/butane/butane-aarch64-unknown-linux-gnu-static \
        butane-aarch64-unknown-linux-gnu
        mv usr/share/butane/butane-ppc64le-unknown-linux-gnu-static \
        butane-ppc64le-unknown-linux-gnu
        mv usr/share/butane/butane-s390x-unknown-linux-gnu-static \
        butane-s390x-unknown-linux-gnu
        mv usr/share/butane/butane-x86_64-apple-darwin \
        butane-x86_64-apple-darwin
        mv usr/share/butane/butane-x86_64-pc-windows-gnu.exe \
        butane-x86_64-pc-windows-gnu.exe
        mv usr/share/butane/butane-x86_64-unknown-linux-gnu-static \
        butane-x86_64-unknown-linux-gnu
      1. Sign them
        do_sign butane-aarch64-apple-darwin
        do_sign butane-aarch64-unknown-linux-gnu
        do_sign butane-ppc64le-unknown-linux-gnu
        do_sign butane-s390x-unknown-linux-gnu
        do_sign butane-x86_64-apple-darwin
        do_sign butane-x86_64-pc-windows-gnu.exe
        do_sign butane-x86_64-unknown-linux-gnu
      1. Fix permissions and clean up
        chmod go+r *.asc
        rm $rpm; rmdir ./usr/share/butane; rmdir ./usr/share; rmdir ./usr
        ```

      After running this you should end up with a directory with files in it like:

      ```
      $ ls -1
      butane-aarch64-apple-darwin
      butane-aarch64-apple-darwin.asc
      butane-aarch64-unknown-linux-gnu
      butane-aarch64-unknown-linux-gnu.asc
      butane-ppc64le-unknown-linux-gnu
      butane-ppc64le-unknown-linux-gnu.asc
      butane-s390x-unknown-linux-gnu
      butane-s390x-unknown-linux-gnu.asc
      butane-x86_64-apple-darwin
      butane-x86_64-apple-darwin.asc
      butane-x86_64-pc-windows-gnu.exe
      butane-x86_64-pc-windows-gnu.exe.asc
      butane-x86_64-unknown-linux-gnu
      butane-x86_64-unknown-linux-gnu.asc
      ```

              samjain@redhat.com Samyak Jain
              cle_bot CLE bot
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: