release: fixed RPM signing by moving all of this to a single invocation of sign.sh

2026-05-19 04:04:56 -04:00 · 2020-09-13 17:05:46 -07:00
parent 67ed3a9f96
commit 44968af7b6
2 changed files with 9 additions and 13 deletions
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -79,7 +79,7 @@ scoop:
  license: Apache-2.0
 signs:
  - id: all
-    artifacts: all
+    artifacts: checksum
    cmd: tools/sign.sh
    args: ["${artifact}", "${signature}"]
 changelog:
--- a/tools/sign.sh
+++ b/tools/sign.sh
@@ -1,16 +1,12 @@
 #!/bin/bash
 set -e
-input=$1
-signature=$2

-# add signature to RPMs
-if [ ${input: -4} == ".rpm" ]; then
-  rpm --define "%_gpg_name Kopia Builder" --addsign $input
-fi
+for f in dist/*rpm; do
+  # add signature to RPMs
+  rpm --define "%_gpg_name Kopia Builder" --addsign $f
+done

-if [ $input == "dist/checksums.txt" ]; then
-    # before signing checksums.txt, regenerate it since we've just signed some RPMs.
-    filenames=$(cut -f 2- -d " " dist/checksums.txt)
-    (cd dist && sha256sum $filenames > checksums.txt)
-    gpg --output dist/checksums.txt.sig --detach-sig dist/checksums.txt
-fi
+# before signing checksums.txt, regenerate it since we've just signed some RPMs.
+filenames=$(cut -f 2- -d " " dist/checksums.txt)
+(cd dist && sha256sum $filenames > checksums.txt)
+gpg --output dist/checksums.txt.sig --detach-sig dist/checksums.txt