#!/usr/bin/env bash # SPDX-License-Identifier: GPL-2.0-only # ${VERSION_NAME}: new version name # ${COMMIT_ID}: commit id for new version # ${USERNAME}: username (if not default to https) # ${GPG_KEY_ID}: gpg key id (if not don't sign) VERSION_NAME=$1 COMMIT_ID=$2 USERNAME=$3 GPG_KEY_ID=$4 set -e TIME_FILE="$(mktemp -d)/.coreboot-time" COREBOOT_RELEASE_NAME=coreboot-${VERSION_NAME} COREBOOT_TARBALL="${COREBOOT_RELEASE_NAME}.tar.xz" COREBOOT_BLOBS_TARBALL="coreboot-blobs-${VERSION_NAME}.tar.xz" if [ -z "$GPG_TTY" ]; then GPG_TTY=$(tty) export GPG_TTY fi # set local + tz to be reproducible LC_ALL=C LANG=C TZ=UTC0 export LC_ALL LANG TZ if [ -z "${VERSION_NAME}" ] || [ "${VERSION_NAME}" = "--help" ] || [ -z "${COMMIT_ID}" ]; then echo "usage: $0 [username] [gpg key id]" echo "Tags a new coreboot version and creates a tar archive" echo echo "version: New version name to tag the tree with" echo "commit id: check out this commit-id after cloning the coreboot tree" echo "username: clone the tree using ssh://USERNAME - defaults to https://" echo "gpg key id: used to tag the version, and generate a gpg signature" exit 1 fi pause() { local text=$1 echo if [ -n "$text" ]; then echo "$text" fi read -r -p "Press [Enter] key to continue..." } # Verify that tar supports --sort if ! tar --sort=name -cf /dev/null /dev/null 2>/dev/null ; then echo "Error: The installed version of tar does not support --sort" echo " GNU tar version 1.28 or greater is required. Exiting." exit 1 fi # Clone new copy of repo if needed if [ ! -d "${COREBOOT_RELEASE_NAME}/.git" ]; then rm -rf "${COREBOOT_RELEASE_NAME}" declare -a GIT_REF_OPTS if [ -d .git ]; then GIT_REF_OPTS=("--reference" "." "--dissociate") elif [ -d ../../.git ]; then GIT_REF_OPTS=("--reference" "../.." "--dissociate") fi if [ -n "${USERNAME}" ]; then git clone "${GIT_REF_OPTS[@]}" "ssh://${USERNAME}@review.coreboot.org:29418/coreboot.git" "${COREBOOT_RELEASE_NAME}" -- else git clone "${GIT_REF_OPTS[@]}" https://review.coreboot.org/coreboot.git "${COREBOOT_RELEASE_NAME}" -- fi fi # Handle everything that needs to be done from inside the new coreboot # directory. Use requested version, update submodules, and get ready to # run from outside a git repository, and create a signed tag to push. ( cd "${COREBOOT_RELEASE_NAME}" || exit 1 git reset --hard "${COMMIT_ID}" util/crossgcc/buildgcc -W > .crossgcc-version if [ -n "${GPG_KEY_ID}" ]; then pause "The next step will need your PGP key's passphrase, so be ready." git tag -a -s -u "$GPG_KEY_ID" --force "${VERSION_NAME}" -m "coreboot version ${VERSION_NAME}" -- else git tag -a --force "${VERSION_NAME}" -m "coreboot version ${VERSION_NAME}" -- fi git submodule update --init --checkout printf "%s-%s\n" "$VERSION_NAME" "$(git log --pretty=%h -1)" > .coreboot-version printf "%s\n" "$(git log --pretty=format:%ci -1)" > "${TIME_FILE}" ) tstamp=$(cat "${TIME_FILE}" | sed 's/ +0000//') # Create the two tarballs, source and blobs. exclude_paths="3rdparty/blobs 3rdparty/fsp 3rdparty/intel-microcode 3rdparty/amd_blobs 3rdparty/qc_blobs" declare -a blobs_paths declare -a exclude_opts for i in ${exclude_paths}; do blobs_paths+=("${COREBOOT_RELEASE_NAME}/${i}") exclude_opts+=("--exclude=${COREBOOT_RELEASE_NAME}/${i}") done tar --sort=name --mtime="${tstamp}" --owner=coreboot:1000 --group=coreboot:1000 --exclude=*/.git --exclude=*/.gitignore --exclude=*/.gitreview --exclude=*/.mailmap --exclude=*/.gitmodules "${exclude_opts[@]}" -cvf - "${COREBOOT_RELEASE_NAME}" |xz -9 > "${COREBOOT_TARBALL}" tar --sort=name --mtime="${tstamp}" --owner=coreboot:1000 --group=coreboot:1000 --exclude=*/.git --exclude=*/.gitignore --exclude=*/.gitreview --exclude=*/.mailmap --exclude=*/.gitmodules -cvf - "${blobs_paths[@]}" |xz -9 > "${COREBOOT_BLOBS_TARBALL}" # Sign the tarballs if [ -n "${GPG_KEY_ID}" ]; then gpg --armor --local-user "$GPG_KEY_ID" --output "${COREBOOT_TARBALL}.sig" --detach-sig "${COREBOOT_TARBALL}" gpg --armor --local-user "$GPG_KEY_ID" --output "${COREBOOT_BLOBS_TARBALL}.sig" --detach-sig "${COREBOOT_BLOBS_TARBALL}" fi # Clean up rm -f "${TIME_FILE}"