| #!/usr/bin/env bash |
| # SPDX-License-Identifier: GPL-2.0-only |
| # ${VERSION_NAME}: new version name |
| # ${COMMIT_ID}: commit id for new version |
| # ${USERNAME}: username (if not default to https) |
| # ${GPG_KEY_ID}: gpg key id (if not don't sign) |
| VERSION_NAME=$1 |
| COMMIT_ID=$2 |
| USERNAME=$3 |
| GPG_KEY_ID=$4 |
| |
| set -e |
| |
| TIME_FILE="$(mktemp -d)/.coreboot-time" |
| COREBOOT_RELEASE_NAME=coreboot-${VERSION_NAME} |
| COREBOOT_TARBALL="${COREBOOT_RELEASE_NAME}.tar.xz" |
| COREBOOT_BLOBS_TARBALL="coreboot-blobs-${VERSION_NAME}.tar.xz" |
| |
| if [ -z "$GPG_TTY" ]; then |
| GPG_TTY=$(tty) |
| export GPG_TTY |
| fi |
| |
| # set local + tz to be reproducible |
| LC_ALL=C |
| LANG=C |
| TZ=UTC0 |
| export LC_ALL LANG TZ |
| |
| if [ -z "${VERSION_NAME}" ] || [ "${VERSION_NAME}" = "--help" ] || [ -z "${COMMIT_ID}" ]; then |
| echo "usage: $0 <version> <commit id> [username] [gpg key id]" |
| echo "Tags a new coreboot version and creates a tar archive" |
| echo |
| echo "version: New version name to tag the tree with" |
| echo "commit id: check out this commit-id after cloning the coreboot tree" |
| echo "username: clone the tree using ssh://USERNAME - defaults to https://" |
| echo "gpg key id: used to tag the version, and generate a gpg signature" |
| exit 1 |
| fi |
| |
| pause() { |
| local text=$1 |
| |
| echo |
| if [ -n "$text" ]; then |
| echo "$text" |
| fi |
| read -r -p "Press [Enter] key to continue..." |
| } |
| |
| # Verify that tar supports --sort |
| if ! tar --sort=name -cf /dev/null /dev/null 2>/dev/null ; then |
| echo "Error: The installed version of tar does not support --sort" |
| echo " GNU tar version 1.28 or greater is required. Exiting." |
| exit 1 |
| fi |
| |
| # Clone new copy of repo if needed |
| if [ ! -d "${COREBOOT_RELEASE_NAME}/.git" ]; then |
| rm -rf "${COREBOOT_RELEASE_NAME}" |
| declare -a GIT_REF_OPTS |
| if [ -d .git ]; then |
| GIT_REF_OPTS=("--reference" "." "--dissociate") |
| elif [ -d ../../.git ]; then |
| GIT_REF_OPTS=("--reference" "../.." "--dissociate") |
| fi |
| if [ -n "${USERNAME}" ]; then |
| git clone "${GIT_REF_OPTS[@]}" "ssh://${USERNAME}@review.coreboot.org:29418/coreboot.git" "${COREBOOT_RELEASE_NAME}" -- |
| else |
| git clone "${GIT_REF_OPTS[@]}" https://review.coreboot.org/coreboot.git "${COREBOOT_RELEASE_NAME}" -- |
| fi |
| fi |
| |
| # Handle everything that needs to be done from inside the new coreboot |
| # directory. Use requested version, update submodules, and get ready to |
| # run from outside a git repository, and create a signed tag to push. |
| ( |
| cd "${COREBOOT_RELEASE_NAME}" || exit 1 |
| git reset --hard "${COMMIT_ID}" |
| |
| util/crossgcc/buildgcc -W > .crossgcc-version |
| |
| if [ -n "${GPG_KEY_ID}" ]; then |
| pause "The next step will need your PGP key's passphrase, so be ready." |
| git tag -a -s -u "$GPG_KEY_ID" --force "${VERSION_NAME}" -m "coreboot version ${VERSION_NAME}" -- |
| else |
| git tag -a --force "${VERSION_NAME}" -m "coreboot version ${VERSION_NAME}" -- |
| fi |
| |
| git submodule update --init --checkout |
| |
| printf "%s-%s\n" "$VERSION_NAME" "$(git log --pretty=%h -1)" > .coreboot-version |
| printf "%s\n" "$(git log --pretty=format:%ci -1)" > "${TIME_FILE}" |
| ) |
| tstamp=$(cat "${TIME_FILE}" | sed 's/ +0000//') |
| |
| # Create the two tarballs, source and blobs. |
| exclude_paths="3rdparty/blobs 3rdparty/fsp 3rdparty/intel-microcode 3rdparty/amd_blobs 3rdparty/qc_blobs" |
| |
| declare -a blobs_paths |
| declare -a exclude_opts |
| for i in ${exclude_paths}; do |
| blobs_paths+=("${COREBOOT_RELEASE_NAME}/${i}") |
| exclude_opts+=("--exclude=${COREBOOT_RELEASE_NAME}/${i}") |
| done |
| |
| tar --sort=name --mtime="${tstamp}" --owner=coreboot:1000 --group=coreboot:1000 --exclude=*/.git --exclude=*/.gitignore --exclude=*/.gitreview --exclude=*/.mailmap --exclude=*/.gitmodules "${exclude_opts[@]}" -cvf - "${COREBOOT_RELEASE_NAME}" |xz -9 > "${COREBOOT_TARBALL}" |
| tar --sort=name --mtime="${tstamp}" --owner=coreboot:1000 --group=coreboot:1000 --exclude=*/.git --exclude=*/.gitignore --exclude=*/.gitreview --exclude=*/.mailmap --exclude=*/.gitmodules -cvf - "${blobs_paths[@]}" |xz -9 > "${COREBOOT_BLOBS_TARBALL}" |
| |
| # Sign the tarballs |
| if [ -n "${GPG_KEY_ID}" ]; then |
| gpg --armor --local-user "$GPG_KEY_ID" --output "${COREBOOT_TARBALL}.sig" --detach-sig "${COREBOOT_TARBALL}" |
| gpg --armor --local-user "$GPG_KEY_ID" --output "${COREBOOT_BLOBS_TARBALL}.sig" --detach-sig "${COREBOOT_BLOBS_TARBALL}" |
| fi |
| |
| # Clean up |
| rm -f "${TIME_FILE}" |