From 729b2e3535f009a146719df7d7b52e036b2505cb Mon Sep 17 00:00:00 2001 From: Aric Gardner Date: Thu, 1 Aug 2019 21:27:18 -0400 Subject: [PATCH] Import the pubkey and check the tag with git tag -v $VERSION Signed-off-by: Aric Gardner Change-Id: I954dfa1c8ca09f64ff8a35c138290565de8de4b9 --- jjb/lf-release-jobs.yaml | 4 ++++ releasenotes/notes/release-job-verify-sign-68e910725aa379ec.yaml | 4 ++++ shell/release-job.sh | 5 ++++- 3 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/release-job-verify-sign-68e910725aa379ec.yaml diff --git a/jjb/lf-release-jobs.yaml b/jjb/lf-release-jobs.yaml index 908881ea..02111ef7 100644 --- a/jjb/lf-release-jobs.yaml +++ b/jjb/lf-release-jobs.yaml @@ -91,6 +91,8 @@ variable: SIGUL_PASSWORD - file-id: sigul-pki variable: SIGUL_PKI + - file-id: onap-pubkey + target: "/tmp/onap-pubkey" - shell: !include-raw-escape: ../shell/sigul-configuration.sh - shell: !include-raw-escape: ../shell/sigul-install.sh - lf-release @@ -169,6 +171,8 @@ variable: SIGUL_PASSWORD - file-id: sigul-pki variable: SIGUL_PKI + - file-id: onap-pubkey + target: "/tmp/onap-pubkey" - shell: !include-raw-escape: ../shell/sigul-configuration.sh - shell: !include-raw-escape: ../shell/sigul-install.sh - lf-release diff --git a/releasenotes/notes/release-job-verify-sign-68e910725aa379ec.yaml b/releasenotes/notes/release-job-verify-sign-68e910725aa379ec.yaml new file mode 100644 index 00000000..3efcc861 --- /dev/null +++ b/releasenotes/notes/release-job-verify-sign-68e910725aa379ec.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Allow lf_release_verify and lf_release_merge to verify tag signature. diff --git a/shell/release-job.sh b/shell/release-job.sh index 783979a6..5b163c89 100644 --- a/shell/release-job.sh +++ b/shell/release-job.sh @@ -98,8 +98,11 @@ for release_file in $release_files; do git merge --ff-only FETCH_HEAD git tag -am "$PROJECT $VERSION" "$VERSION" sigul --batch -c "$SIGUL_CONFIG" sign-git-tag "$SIGUL_KEY" "$VERSION" < "$SIGUL_PASSWORD" + echo "Showing latest signature for $PROJECT:" - git log --show-signature -n1 + gpg --import /tmp/onap-pubkey + echo "git tag -v "$VERSION"" + git tag -v "$VERSION" ########## Merge Part ############## -- 2.16.6