util/release/build-release

   1 #!/usr/bin/env bash
   2 # SPDX-License-Identifier: GPL-2.0-only
   3 # ${VERSION_NAME}: new version name
   4 # ${COMMIT_ID}: commit id for new version
   5 # ${USERNAME}: username (if not default to https)
   6 # ${GPG_KEY_ID}: gpg key id (if not don't sign)
   7 VERSION_NAME=$1
   8 COMMIT_ID=$2
   9 USERNAME=$3
  10 GPG_KEY_ID=$4
  11
  12 set -e
  13
  14 TIME_FILE="$(mktemp -d)/.coreboot-time"
  15 COREBOOT_RELEASE_NAME=coreboot-${VERSION_NAME}
  16 COREBOOT_TARBALL="${COREBOOT_RELEASE_NAME}.tar.xz"
  17 COREBOOT_BLOBS_TARBALL="coreboot-blobs-${VERSION_NAME}.tar.xz"
  18
  19 if [ -z "$GPG_TTY" ]; then
  20         GPG_TTY=$(tty)
  21         export GPG_TTY
  22 fi
  23
  24 # set local + tz to be reproducible
  25 LC_ALL=C
  26 LANG=C
  27 TZ=UTC0
  28 export LC_ALL LANG TZ
  29
  30 if [ -z "${VERSION_NAME}" ] || [ "${VERSION_NAME}" = "--help" ] || [ -z "${COMMIT_ID}" ]; then
  31         echo "usage: $0 <version> <commit id> [username] [gpg key id]"
  32         echo "Tags a new coreboot version and creates a tar archive"
  33         echo
  34         echo "version:    New version name to tag the tree with"
  35         echo "commit id:  check out this commit-id after cloning the coreboot tree"
  36         echo "username:   clone the tree using ssh://USERNAME - defaults to https://"
  37         echo "gpg key id: used to tag the version, and generate a gpg signature"
  38         exit 1
  39 fi
  40
  41 pause() {
  42   local text=$1
  43
  44   echo
  45   if [ -n "$text" ]; then
  46     echo "$text"
  47   fi
  48   read -r -p "Press [Enter] key to continue..."
  49 }
  50
  51 # Verify that tar supports --sort
  52 if ! tar --sort=name -cf /dev/null /dev/null 2>/dev/null ; then
  53         echo "Error: The installed version of tar does not support --sort"
  54         echo "       GNU tar version 1.28 or greater is required.  Exiting."
  55         exit 1
  56 fi
  57
  58 # Clone new copy of repo if needed
  59 if [ ! -d "${COREBOOT_RELEASE_NAME}/.git" ]; then
  60         rm -rf "${COREBOOT_RELEASE_NAME}"
  61         declare -a GIT_REF_OPTS
  62         if [ -d .git ]; then
  63                 GIT_REF_OPTS=("--reference" "." "--dissociate")
  64         elif [ -d ../../.git ]; then
  65                 GIT_REF_OPTS=("--reference" "../.." "--dissociate")
  66         fi
  67         if [ -n "${USERNAME}" ]; then
  68                 git clone "${GIT_REF_OPTS[@]}" "ssh://${USERNAME}@review.coreboot.org:29418/coreboot.git" "${COREBOOT_RELEASE_NAME}" --
  69         else
  70                 git clone "${GIT_REF_OPTS[@]}" https://review.coreboot.org/coreboot.git "${COREBOOT_RELEASE_NAME}" --
  71         fi
  72 fi
  73
  74 # Handle everything that needs to be done from inside the new coreboot
  75 # directory. Use requested version, update submodules, and get ready to
  76 # run from outside a git repository, and create a signed tag to push.
  77 (
  78         cd "${COREBOOT_RELEASE_NAME}" || exit 1
  79         git reset --hard "${COMMIT_ID}"
  80
  81         util/crossgcc/buildgcc -W > .crossgcc-version
  82
  83         if [ -n "${GPG_KEY_ID}" ]; then
  84                 pause "The next step will need your PGP key's passphrase, so be ready."
  85                 git tag -a -s -u "$GPG_KEY_ID" --force "${VERSION_NAME}" -m "coreboot version ${VERSION_NAME}" --
  86         else
  87                 git tag -a --force "${VERSION_NAME}" -m "coreboot version ${VERSION_NAME}" --
  88         fi
  89
  90         git submodule update --init --checkout
  91
  92         printf "%s-%s\n" "$VERSION_NAME"  "$(git log --pretty=%h -1)" > .coreboot-version
  93         printf "%s\n" "$(git log --pretty=format:%ci -1)" > "${TIME_FILE}"
  94 )
  95 tstamp=$(cat "${TIME_FILE}" | sed 's/ +0000//')
  96
  97 # Create the two tarballs, source and blobs.
  98 exclude_paths="3rdparty/blobs 3rdparty/fsp 3rdparty/intel-microcode 3rdparty/amd_blobs 3rdparty/qc_blobs"
  99
 100 declare -a blobs_paths
 101 declare -a exclude_opts
 102 for i in ${exclude_paths}; do
 103         blobs_paths+=("${COREBOOT_RELEASE_NAME}/${i}")
 104         exclude_opts+=("--exclude=${COREBOOT_RELEASE_NAME}/${i}")
 105 done
 106
 107 tar --sort=name --mtime="${tstamp}" --owner=coreboot:1000 --group=coreboot:1000 --exclude=*/.git --exclude=*/.gitignore --exclude=*/.gitreview --exclude=*/.mailmap --exclude=*/.gitmodules "${exclude_opts[@]}" -cvf - "${COREBOOT_RELEASE_NAME}" |xz -9 > "${COREBOOT_TARBALL}"
 108 tar --sort=name --mtime="${tstamp}" --owner=coreboot:1000 --group=coreboot:1000 --exclude=*/.git --exclude=*/.gitignore --exclude=*/.gitreview --exclude=*/.mailmap --exclude=*/.gitmodules -cvf - "${blobs_paths[@]}" |xz -9 > "${COREBOOT_BLOBS_TARBALL}"
 109
 110 # Sign the tarballs
 111 if [ -n "${GPG_KEY_ID}" ]; then
 112         gpg --armor --local-user "$GPG_KEY_ID" --output "${COREBOOT_TARBALL}.sig" --detach-sig "${COREBOOT_TARBALL}"
 113         gpg --armor --local-user "$GPG_KEY_ID" --output "${COREBOOT_BLOBS_TARBALL}.sig" --detach-sig "${COREBOOT_BLOBS_TARBALL}"
 114 fi
 115
 116 # Clean up
 117 rm -f "${TIME_FILE}"