New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tools: fix release script on macOS 10.12 #8824

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
5 participants
@evanlucas
Member

evanlucas commented Sep 28, 2016

Checklist
  • commit message follows commit guidelines
Affected core subsystem(s)

tools

Description of change

Previously, we were relying on the output of gpg from git tag -v to
verify that the key selected by the releaser is the key that was used
to sign the tag. This output can change depending on the version of git
being used. Now, we just check that the output of git tag -v contains
the key selected.

Fixes: #8822

/cc @nodejs/release

@MylesBorins

This comment has been minimized.

Member

MylesBorins commented Sep 28, 2016

I'd like to verify that this doesn't break support for subkeys... as this code has been fragile to that before

@jasnell

Changes LGTM but I agree with @thealphanerd that we'll want to test this a bit more before landing

@evanlucas

This comment has been minimized.

Member

evanlucas commented Oct 12, 2016

/cc @Fishrock123 and @rvagg any opinion on this?

@rvagg

This comment has been minimized.

Member

rvagg commented Oct 12, 2016

I think this might be from a new version of git, or perhaps gnupg, I'm noticing now on 10.10 that it comes out saying "using RSA key ..." with "key ID" nowhere to be found!

I'd still be more comfortable limiting the text a tiny bit more, perhaps just inserting a grep key there, without the awk?

@rvagg rvagg force-pushed the nodejs:master branch 2 times, most recently to 83c7a88 Oct 18, 2016

@evanlucas

This comment has been minimized.

Member

evanlucas commented Oct 19, 2016

@rvagg the reason I switched it around was because more of the key is now shown in the newer versions. Here is an example to show what I mean:

Before:

gpg: Signature made Tue Sep 27 19:06:18 2016 CDT using RSA key ID 4C206CA9

After:

gpg:                using RSA key B63B535A4C206CA9

So the if [ "${gpgtagkey}" != "${gpgkey}" ]; then would end up failing

@rvagg

This comment has been minimized.

Member

rvagg commented Oct 19, 2016

@evanlucas what I meant was, inserting a grep for the word "key" as well, probably not really a material change though.

@thealphanerd just got caught by this for v6.9.1 so we should get it merged and backported to v7, v6 and v4.

tools: fix release script on macOS 10.12
Previously, we were relying on the output of gpg from git tag -v to
verify that the key selected by the releaser is the key that was used
to sign the tag. This output can change depending on the version of git
being used. Now, we just check that the output of git tag -v contains
the key selected.

Fixes: #8822

@evanlucas evanlucas force-pushed the evanlucas:releasescript branch to 5c6dce0 Oct 19, 2016

@evanlucas

This comment has been minimized.

Member

evanlucas commented Oct 19, 2016

@rvagg ah sorry. Updated. PTAL

@rvagg

This comment has been minimized.

Member

rvagg commented Oct 20, 2016

lgtm

jasnell added a commit that referenced this pull request Oct 20, 2016

tools: fix release script on macOS 10.12
Previously, we were relying on the output of gpg from git tag -v to
verify that the key selected by the releaser is the key that was used
to sign the tag. This output can change depending on the version of git
being used. Now, we just check that the output of git tag -v contains
the key selected.

Fixes: #8822
PR-URL: #8824
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
@jasnell

This comment has been minimized.

Member

jasnell commented Oct 20, 2016

Landed in 6845d6e

@jasnell jasnell closed this Oct 20, 2016

jasnell added a commit that referenced this pull request Oct 20, 2016

tools: fix release script on macOS 10.12
Previously, we were relying on the output of gpg from git tag -v to
verify that the key selected by the releaser is the key that was used
to sign the tag. This output can change depending on the version of git
being used. Now, we just check that the output of git tag -v contains
the key selected.

Fixes: #8822
PR-URL: #8824
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>

MylesBorins added a commit that referenced this pull request Nov 11, 2016

tools: fix release script on macOS 10.12
Previously, we were relying on the output of gpg from git tag -v to
verify that the key selected by the releaser is the key that was used
to sign the tag. This output can change depending on the version of git
being used. Now, we just check that the output of git tag -v contains
the key selected.

Fixes: #8822
PR-URL: #8824
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>

MylesBorins added a commit that referenced this pull request Nov 11, 2016

tools: fix release script on macOS 10.12
Previously, we were relying on the output of gpg from git tag -v to
verify that the key selected by the releaser is the key that was used
to sign the tag. This output can change depending on the version of git
being used. Now, we just check that the output of git tag -v contains
the key selected.

Fixes: #8822
PR-URL: #8824
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>

This was referenced Nov 22, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment