diff --git a/script/release_build.sh b/script/release_build.sh index 39ec3ab5d..98b07f23f 100755 --- a/script/release_build.sh +++ b/script/release_build.sh @@ -161,8 +161,6 @@ done version="${version:-$(<"$root/VERSION")}" releasedir="${releasedir:-release/$version}" hashcmd="${hashcmd:-sha256sum}" -# Suffixes of files to checksum/sign. -suffixes=("${arches[@]}" tar.xz) log "creating $project release in '$releasedir'" log " version: $version" @@ -179,11 +177,13 @@ rm -rf "$releasedir" && mkdir -p "$releasedir" build_project "$releasedir/$project" "$native_arch" "${arches[@]}" # Generate new archive. -git archive --format=tar --prefix="$project-$version/" "$commit" | xz >"$releasedir/$project.tar.xz" +git archive --format=tar --prefix="$project-$version/" "$commit" | xz >"$releasedir/$project-$version.tar.xz" # Generate sha256 checksums for binaries and libseccomp tarball. ( cd "$releasedir" - # Add $project. prefix to all suffixes. - "$hashcmd" "${suffixes[@]/#/$project.}" >"$project.$hashcmd" + # Add hash of all architecture binaries ($project.$arch). + "$hashcmd" "${arches[@]/#/$project.}" >>"$project.$hashcmd" + # Add hash of tarball ($project-$version.tar.xz). + "$hashcmd" "$project-$version.tar.xz" >>"$project.$hashcmd" ) diff --git a/script/release_sign.sh b/script/release_sign.sh index 883d0169a..80f8c0731 100755 --- a/script/release_sign.sh +++ b/script/release_sign.sh @@ -135,7 +135,7 @@ read -r [ -w "$releasedir" ] || sudo chown -R "$(id -u):$(id -g)" "$releasedir" # Sign everything. -for bin in "$releasedir/$project".*; do +for bin in "$releasedir/$project"*; do [[ "$(basename "$bin")" == "$project.$hashcmd" ]] && continue # skip hash gpg "${gpgflags[@]}" --detach-sign --armor "$bin" done