nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Release v3.1.5

Browse Source 
* update build script to sign/verify using gpg
* update ChangeLog for release

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
This commit is contained in:
Eric F Crist 2023-06-10 09:01:27 -05:00
parent a24578a37e
commit a8d43bc3cf
No known key found for this signature in database
GPG Key ID: 72964219390D0D0E
2 changed files with 41 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -1,6 +1,7 @@
Easy-RSA 3 ChangeLog Easy-RSA 3 ChangeLog
3.1.5 (2023-06-12) 3.1.5 (2023-06-10)
* Build Update: script now supports signing and verifying
* Automate support-file creation (Free packaging) (#964) * Automate support-file creation (Free packaging) (#964)
* build-ca: New command option 'raw-ca', abbrevation: 'raw' (#963) * build-ca: New command option 'raw-ca', abbrevation: 'raw' (#963)

40
build/build-dist.sh
View File

@ -22,7 +22,7 @@ build-dist options:
--no-windows do not build for Windows --no-windows do not build for Windows
--no-unix do not build for UNIX --no-unix do not build for UNIX
--no-compress do not create zip/tar --no-compress do not create zip/tar
--sign Use GPG to sign and verify packages
--dist-clean rm -rf the DIST_ROOT w/out prompts --dist-clean rm -rf the DIST_ROOT w/out prompts
__EOF__ __EOF__
@ -56,6 +56,38 @@ main() {
$SKIP_ZIP || make_zip $SKIP_ZIP || make_zip
} }
# perform sign and verify
sign_verify() {
# make sure gpg exists
gpgbin=$(which gpg)
if [ $? -ne 0 ];
then
echo "No gpg binary found in path."
return 1
fi
# $1 is our filename, it should exist
if [ -e "$1" ]; then
sign_out=$(gpg -qb "$1" 2>&1 )
# if signing worked, let's verify it
if [ $? -eq 0 ];
then
verify_out=$(gpg -q --verify "$1.sig" 2>&1 )
# if it's verified, return true
if [ $? -eq 0 ];
then
note "Sign and verify successful!"
return 0
fi
fi
# signing failed
note "Signing failed."
return 1
else
note "The file $1 doesn't exist or isn't readable."
fi
}
# prep DIST_ROOT # prep DIST_ROOT
dist_clean() { dist_clean() {
if [ -e "$DIST_ROOT" ]; then if [ -e "$DIST_ROOT" ]; then
@ -142,6 +174,7 @@ stage_win() {
make_tar() { make_tar() {
(cd "$DIST_ROOT/unix/"; tar -czf "../${PV}.tgz" "$PV") || die "tar failed" (cd "$DIST_ROOT/unix/"; tar -czf "../${PV}.tgz" "$PV") || die "tar failed"
note "tarball created at: $DIST_ROOT/${PV}.tgz" note "tarball created at: $DIST_ROOT/${PV}.tgz"
$SKIP_SIGN || sign_verify "$DIST_ROOT/${PV}.tgz"
} }
make_zip() { make_zip() {
@ -149,6 +182,7 @@ make_zip() {
do do
(cd "$DIST_ROOT/$win/"; zip -qr "../${PV}-$win.zip" "$PV") || die "zip failed" (cd "$DIST_ROOT/$win/"; zip -qr "../${PV}-$win.zip" "$PV") || die "zip failed"
note "zip file created at: $DIST_ROOT/${PV}-$win.zip" note "zip file created at: $DIST_ROOT/${PV}-$win.zip"
$SKIP_SIGN || sign_verify "$DIST_ROOT/${PV}-$win.zip"
done done
} }
@ -156,6 +190,7 @@ SKIP_WIN=false
SKIP_UNIX=false SKIP_UNIX=false
SKIP_ZIP=false SKIP_ZIP=false
SKIP_TAR=false SKIP_TAR=false
SKIP_SIGN=true
# parse CLI options: # parse CLI options:
while [ -n "$1" ] while [ -n "$1" ]
do do
@ -180,6 +215,9 @@ do
# shellcheck disable=SC2034 # shellcheck disable=SC2034
BIN_DEST="$val" BIN_DEST="$val"
;; ;;
--sign)
SKIP_SIGN=false
;;
--dist-clean) --dist-clean)
DISTCLEAN=1 DISTCLEAN=1
;; ;;