Commit Graph

3 Commits

Author SHA1 Message Date
Aleksa Sarai 957bccfe2f scripts: release: add verification checks for signing keys
We need to make sure the release is being signed by a key that is
actually listed as a trusted signing key, and we also need to ask the
person cutting the release whether the list of trusted keys is
acceptable.

Also add some verification checks after a release is signed to make sure
everything was signed with the correct keys.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-19 13:48:14 +10:00
Kir Kolyshkin 457ca62f1f script/release_*.sh: fix usage
- release_build: fix -H <hash_cmd> option (was -h)
- release_sign: add -H and -S options

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2021-12-09 00:59:43 -08:00
Aleksa Sarai acd8f12f24 release: correctly handle binary signing for "make releaseall"
My GPG keys are not available inside the container, so it makes little
sense to try to sign the binaries inside the container's release.sh. The
solution is to split things into separate build and sign stages, with
signing ocurring after the in-Docker build.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2021-12-07 18:10:34 +11:00