[PATCH] Automate the building of tarball signatures.
* Makefile (public): Rewrite in terms of new rules, below. (check_public): New rule, containing the old checking part of 'make public'. (tarballs): New rule, containing the old tarball-making part of 'make public'. Do not run checktab twice. (signatures, tzcode$(VERSION).tar.gz.sign, tzdata$(VERSION).tar.gz.sign): New rules. --- Makefile | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index c8150ba..c09d20f 100644 --- a/Makefile +++ b/Makefile @@ -420,6 +420,8 @@ maintainer-clean: clean names: @echo $(ENCHILADA) +public: check check_public set-timestamps tarballs signatures + # Set the time stamps to those of the git repository, if available, # and if the files have not changed since then. # This uses GNU 'touch' syntax 'touch -d@N FILE', @@ -439,26 +441,41 @@ set-timestamps: # The zics below ensure that each data file can stand on its own. # We also do an all-files run to catch links to links. -public: $(ENCHILADA) set-timestamps +check_public: $(ENCHILADA) make maintainer-clean make "CFLAGS=$(GCC_DEBUG_FLAGS)" mkdir -m go-rwx /tmp/,tzpublic - -for i in $(TDATA) ; do zic -v -d /tmp/,tzpublic $$i 2>&1 | grep -v "starting year" ; done + -for i in $(TDATA) ; do \ + zic -v -d /tmp/,tzpublic $$i 2>&1 | grep -v "starting year" ; \ + done for i in $(TDATA) ; do zic -d /tmp/,tzpublic $$i || exit; done zic -v -d /tmp/,tzpublic $(TDATA) || exit rm -f -r /tmp/,tzpublic + +tarballs: tzcode$(VERSION).tar.gz tzdata$(VERSION).tar.gz + +tzcode$(VERSION).tar.gz: $(COMMON) $(DOCS) $(SOURCES) $(MISC) for i in *.[1-8] ; do \ LC_ALL=C sh workman.sh $$i > $$i.txt && \ touch -r $$i $$i.txt || exit; \ done - $(AWK) -f checktab.awk $(PRIMARY_YDATA) LC_ALL=C && export LC_ALL && \ tar $(TARFLAGS) -cf - \ $(COMMON) $(DOCS) $(SOURCES) $(MISC) *.[1-8].txt | \ - gzip $(GZIPFLAGS) > tzcode$(VERSION).tar.gz + gzip $(GZIPFLAGS) > $@ + +tzdata$(VERSION).tar.gz: $(COMMON) $(DATA) LC_ALL=C && export LC_ALL && \ tar $(TARFLAGS) -cf - $(COMMON) $(DATA) | \ - gzip $(GZIPFLAGS) > tzdata$(VERSION).tar.gz + gzip $(GZIPFLAGS) > $@ + +signatures: tzcode$(VERSION).tar.gz.sign tzdata$(VERSION).tar.gz.sign + +tzcode$(VERSION).tar.gz.sign: tzcode$(VERSION).tar.gz + gpg --armor --detach-sign -o $@ $? + +tzdata$(VERSION).tar.gz.sign: tzdata$(VERSION).tar.gz + gpg --armor --detach-sign -o $@ $? typecheck: make clean -- 1.7.9.5
On 2012-11-03 at 15:01 -0700, Paul Eggert wrote:
(signatures, tzcode$(VERSION).tar.gz.sign, tzdata$(VERSION).tar.gz.sign): New rules.
Minor nit: the application/pgp-signature MIME-type (per RFC3156 and the Media Types registry) is more likely to be served if one of the common filename extensions is used. "File extension(s): asc, sig" GnuPG in particular is able to determine the filename of the signed file from the filename of the signature, when given --verify with only one parameter, if the signature file has a ".sig" or ".asc" extension. GnuPG defaults to ".asc" Regards, -Phil
On 11/03/2012 05:28 PM, Phil Pennock wrote:
GnuPG defaults to ".asc"
Thanks for mentioning the problem. I've written up the following patch and plan to use it in the next release.
From 4fc4c4cf403f2d5426fdeb06e1929d379d9b0150 Mon Sep 17 00:00:00 2001 From: Paul Eggert <eggert@cs.ucla.edu> Date: Sat, 3 Nov 2012 17:41:16 -0700 Subject: [PATCH] Use .asc and not .sign for PGP signatures.
* Makefile (maintainer-clean): Clean *.asc files and *.tar.gz files. (signatures): Use .asc instead of .sign as the extension for signatures as this works better with other software. Reported by Phil Pennock. * .gitignore: Also ignore .asc files. --- .gitignore | 1 + Makefile | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index d36f26e..5edf101 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +*.asc *.o *.tar.gz *.txt diff --git a/Makefile b/Makefile index 9e71fd6..fd909f7 100644 --- a/Makefile +++ b/Makefile @@ -415,7 +415,7 @@ clean: maintainer-clean: clean @echo 'This command is intended for maintainers to use; it' @echo 'deletes files that may need special tools to rebuild.' - rm -f *.[1-8].txt tzcode*.tar.gz tzdata*.tar.gz + rm -f *.[1-8].txt *.asc *.tar.gz names: @echo $(ENCHILADA) @@ -469,13 +469,13 @@ tzdata$(VERSION).tar.gz: $(COMMON) $(DATA) tar $(TARFLAGS) -cf - $(COMMON) $(DATA) | \ gzip $(GZIPFLAGS) > $@ -signatures: tzcode$(VERSION).tar.gz.sign tzdata$(VERSION).tar.gz.sign +signatures: tzcode$(VERSION).tar.gz.asc tzdata$(VERSION).tar.gz.asc -tzcode$(VERSION).tar.gz.sign: tzcode$(VERSION).tar.gz - gpg --armor --detach-sign -o $@ $? +tzcode$(VERSION).tar.gz.asc: tzcode$(VERSION).tar.gz + gpg --armor --detach-sign $? -tzdata$(VERSION).tar.gz.sign: tzdata$(VERSION).tar.gz - gpg --armor --detach-sign -o $@ $? +tzdata$(VERSION).tar.gz.asc: tzdata$(VERSION).tar.gz + gpg --armor --detach-sign $? typecheck: make clean -- 1.7.9.5
thanks! i've modified the script used to update Android to verify the signature: https://android-review.googlesource.com/#/c/46051/ On Sat, Nov 3, 2012 at 3:01 PM, Paul Eggert <eggert@cs.ucla.edu> wrote:
* Makefile (public): Rewrite in terms of new rules, below. (check_public): New rule, containing the old checking part of 'make public'. (tarballs): New rule, containing the old tarball-making part of 'make public'. Do not run checktab twice. (signatures, tzcode$(VERSION).tar.gz.sign, tzdata$(VERSION).tar.gz.sign): New rules. --- Makefile | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-)
diff --git a/Makefile b/Makefile index c8150ba..c09d20f 100644 --- a/Makefile +++ b/Makefile @@ -420,6 +420,8 @@ maintainer-clean: clean names: @echo $(ENCHILADA)
+public: check check_public set-timestamps tarballs signatures + # Set the time stamps to those of the git repository, if available, # and if the files have not changed since then. # This uses GNU 'touch' syntax 'touch -d@N FILE', @@ -439,26 +441,41 @@ set-timestamps: # The zics below ensure that each data file can stand on its own. # We also do an all-files run to catch links to links.
-public: $(ENCHILADA) set-timestamps +check_public: $(ENCHILADA) make maintainer-clean make "CFLAGS=$(GCC_DEBUG_FLAGS)" mkdir -m go-rwx /tmp/,tzpublic - -for i in $(TDATA) ; do zic -v -d /tmp/,tzpublic $$i 2>&1 | grep -v "starting year" ; done + -for i in $(TDATA) ; do \ + zic -v -d /tmp/,tzpublic $$i 2>&1 | grep -v "starting year" ; \ + done for i in $(TDATA) ; do zic -d /tmp/,tzpublic $$i || exit; done zic -v -d /tmp/,tzpublic $(TDATA) || exit rm -f -r /tmp/,tzpublic + +tarballs: tzcode$(VERSION).tar.gz tzdata$(VERSION).tar.gz + +tzcode$(VERSION).tar.gz: $(COMMON) $(DOCS) $(SOURCES) $(MISC) for i in *.[1-8] ; do \ LC_ALL=C sh workman.sh $$i > $$i.txt && \ touch -r $$i $$i.txt || exit; \ done - $(AWK) -f checktab.awk $(PRIMARY_YDATA) LC_ALL=C && export LC_ALL && \ tar $(TARFLAGS) -cf - \ $(COMMON) $(DOCS) $(SOURCES) $(MISC) *.[1-8].txt | \ - gzip $(GZIPFLAGS) > tzcode$(VERSION).tar.gz + gzip $(GZIPFLAGS) > $@ + +tzdata$(VERSION).tar.gz: $(COMMON) $(DATA) LC_ALL=C && export LC_ALL && \ tar $(TARFLAGS) -cf - $(COMMON) $(DATA) | \ - gzip $(GZIPFLAGS) > tzdata$(VERSION).tar.gz + gzip $(GZIPFLAGS) > $@ + +signatures: tzcode$(VERSION).tar.gz.sign tzdata$(VERSION).tar.gz.sign + +tzcode$(VERSION).tar.gz.sign: tzcode$(VERSION).tar.gz + gpg --armor --detach-sign -o $@ $? + +tzdata$(VERSION).tar.gz.sign: tzdata$(VERSION).tar.gz + gpg --armor --detach-sign -o $@ $?
typecheck: make clean -- 1.7.9.5
-- Elliott Hughes - http://who/enh - http://jessies.org/~enh/ NIO, JNI, or bionic questions? Mail me/drop by/add me as a reviewer.
participants (3)
-
enh -
Paul Eggert -
Phil Pennock