[arch-projects] [netctl][PATCH v3] Makefile: sign tarball and add upload target

Jouke Witteveen j.witteveen at gmail.com
Sat Mar 2 11:10:57 EST 2013 

On Mon, Feb 11, 2013 at 10:50 PM, Jouke Witteveen <j.witteveen at gmail.com> wrote:
> On Thu, Feb 7, 2013 at 11:01 PM, Florian Pritz <bluewind at xinu.at> wrote:
>> Signed-off-by: Florian Pritz <bluewind at xinu.at>
>> ---
>>  Makefile | 6 +++++-
>>  1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/Makefile b/Makefile
>> index ad356e8..a01fefa 100644
>> --- a/Makefile
>> +++ b/Makefile
>> @@ -42,12 +42,16 @@ netctl-$(VERSION).tar.xz: | docs
>>         mv src/netctl{.orig,}
>>         tar --exclude-vcs --transform "s%^%netctl-$(VERSION)/%" --owner=root --group=root --mtime=./netctl-$(VERSION).tar -rf netctl-$(VERSION).tar docs/*.[1-8]
>>         xz netctl-$(VERSION).tar
>> +       gpg --detach-sign $@
>
> This is not ideal either, as it breaks the following workflow when the
> user has no gpg key.
>   make pkgbuild
>   mv *.xz PKGBUILD build
>   cd build
>   makepkg
>
> We could
> 1) prefix the rule with a minus so that it can be canceled
> 2) generate the .sig on upload anyway
> 3) pretend everyone wants a key
>>
>>  pkgbuild: PKGBUILD
>>  PKGBUILD: netctl-$(VERSION).tar.xz
>>         sed -e "s/%pkgver%/$(VERSION)/" -e "s/%md5sum%/$(shell md5sum $< | cut -d ' ' -f 1)/" contrib/PKGBUILD > $@
>>
>> +upload: netctl-$(VERSION).tar.xz
>> +       scp $< $<.sig nymeria.archlinux.org:/srv/ftp/other/packages/netctl
>> +
>
> I guess the PKGBUILD should be updated to make use of the .sig file?
>
>>  clean:
>>         $(MAKE) -C docs clean
>> -       - at rm -vf PKGBUILD *.xz 2>/dev/null
>> +       - at rm -vf PKGBUILD *.xz *.xz.sig 2>/dev/null
>>
>> --
>> 1.8.1.1

I've pulled the patch and adjusted the PKGBUILD. There is a minor bug
introduced, but it concerns packaging and not usage, so I'll leave it
alone:
As Dave Reisner said, we should sign the tarball when we create it,
but if we abort during signing (e.g. wrong password), the tarball is
still generated and running either `make pkgbuild` or `make upload`
will fail because the .sig file is missing, instead of rebuilding the
tarball.

Anyway, 0.6 is tagged. Florian, could you process it? All the new/old
packaging stuff is in.

Regards,
- Jouke

More information about the arch-projects mailing list