Permalink
Browse files

tools: fix release script on macOS 10.12

Previously, we were relying on the output of gpg from git tag -v to
verify that the key selected by the releaser is the key that was used
to sign the tag. This output can change depending on the version of git
being used. Now, we just check that the output of git tag -v contains
the key selected.

Fixes: #8822
PR-URL: #8824
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
  • Loading branch information...
evanlucas authored and jasnell committed Sep 28, 2016
1 parent d62e7bd commit 3ab8be07cbcc7c0124db414600f84c86f7d176b7
Showing with 2 additions and 9 deletions.
  1. +2 −9 tools/release.sh
@@ -69,15 +69,8 @@ function sign {

local version=$1

gpgtagkey=$(git tag -v $version 2>&1 | grep 'key ID' | awk '{print $NF}')

if [ "X${gpgtagkey}" == "X" ]; then
echo "Could not find signed tag for \"${version}\""
exit 1
fi

if [ "${gpgtagkey}" != "${gpgkey}" ]; then
echo "GPG key for \"${version}\" tag is not yours, cannot sign"
if ! git tag -v $version 2>&1 | grep "${gpgkey}" | grep key > /dev/null; then
echo "Could not find signed tag for \"${version}\" or GPG key is not yours"
exit 1
fi

0 comments on commit 3ab8be0

Please sign in to comment.