diff options
Diffstat (limited to 'build-aux/announce-gen')
-rwxr-xr-x | build-aux/announce-gen | 69 |
1 files changed, 59 insertions, 10 deletions
diff --git a/build-aux/announce-gen b/build-aux/announce-gen index f3b5461ae..3847a568d 100755 --- a/build-aux/announce-gen +++ b/build-aux/announce-gen @@ -3,7 +3,7 @@ # Generate a release announcement message. -# Copyright (C) 2002-2021 Free Software Foundation, Inc. +# Copyright (C) 2002-2022 Free Software Foundation, Inc. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -35,13 +35,13 @@ eval 'exec perl -wSx "$0" "$@"' if 0; -my $VERSION = '2021-08-04 09:17'; # UTC +my $VERSION = '2022-07-10 01:47'; # UTC # The definition above must lie within the first 8 lines in order # for the Emacs time-stamp write hook (at end) to update it. # If you change this file with Emacs, please let the write hook # do its job. Otherwise, update this string manually. -my $copyright_year = '2021'; +my $copyright_year = '2022'; use strict; use Getopt::Long; @@ -90,6 +90,10 @@ The following are optional: VERSION is the result of running git describe in the gnulib source directory. required if gnulib is in TOOL_LIST. + --gpg-key-email=EMAIL The email address of the key used to + sign the tarballs + --gpg-keyring-url=URL URL pointing to keyring containing the key used + to sign the tarballs --no-print-checksums do not emit SHA1 or SHA256 checksums --archive-suffix=SUF add SUF to the list of archive suffixes --mail-headers=HEADERS a space-separated list of mail headers, e.g., @@ -377,6 +381,8 @@ sub get_tool_versions ($$) my $bootstrap_tools; my $gnulib_version; my $print_checksums_p = 1; + my $gpg_key_email; + my $gpg_keyring_url; # Reformat the warnings before displaying them. local $SIG{__WARN__} = sub @@ -395,6 +401,8 @@ sub get_tool_versions ($$) 'previous-version=s' => \$prev_version, 'current-version=s' => \$curr_version, 'gpg-key-id=s' => \$gpg_key_id, + 'gpg-key-email=s' => \$gpg_key_email, + 'gpg-keyring-url=s' => \$gpg_keyring_url, 'url-directory=s' => \@url_dir_list, 'news=s' => \@news_file, 'srcdir=s' => \$srcdir, @@ -437,11 +445,15 @@ sub get_tool_versions ($$) my @tool_list = split ',', $bootstrap_tools if $bootstrap_tools; - grep (/^gnulib$/, @tool_list) ^ defined $gnulib_version + grep (/^gnulib$/, @tool_list) && ! defined $gnulib_version and (warn "when specifying gnulib as a tool, you must also specify\n" . "--gnulib-version=V, where V is the result of running git describe\n" . "in the gnulib source directory.\n"), $fail = 1; + ! grep (/^gnulib$/, @tool_list) && defined $gnulib_version + and (warn "with --gnulib-version=V you must use --bootstrap-tools=...\n" + . "including gnulib in that list"), $fail = 1; + !$release_type || exists $valid_release_types{$release_type} or (warn "'$release_type': invalid release type\n"), $fail = 1; @@ -490,7 +502,7 @@ EOF { # When there's only one tarball and one URL, use a more concise form. my $m = "$url_dir_list[0]/$tarballs[0]"; - print "Here are the compressed sources and a GPG detached signature[*]:\n" + print "Here are the compressed sources and a GPG detached signature:\n" . " $m\n" . " $m.sig\n\n"; } @@ -502,7 +514,7 @@ EOF . "please tell bug-gnulib\@gnu.org)", @url_dir_list, %size, $xd); my @sig_files = map { "$_.sig" } @tarballs; - print_locations ("GPG detached signatures[*]", @url_dir_list, %size, + print_locations ("GPG detached signatures", @url_dir_list, %size, @sig_files); } @@ -527,18 +539,55 @@ EOF and print_checksums (@sizable); print <<EOF; -[*] Use a .sig file to verify that the corresponding file (without the +Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify $tarballs[0].sig +EOF + my $gpg_fingerprint = `LC_ALL=C gpg --fingerprint $gpg_key_id | grep -v ^sub`; + if ($gpg_fingerprint =~ /^pub/) + { + chop $gpg_fingerprint; + $gpg_fingerprint =~ s/ \[expires:.*//mg; + $gpg_fingerprint =~ s/^uid \[ultimate\]/uid /mg; + $gpg_fingerprint =~ s/^/ /mg; + print<<EOF +The signature should match the fingerprint of the following key: + +$gpg_fingerprint +EOF + } + print <<EOF; If that command fails because you don't have the required public key, -then run this command to import it: +or that public key has expired, try the following commands to retrieve +or refresh it, and then rerun the 'gpg --verify' command. +EOF + if ($gpg_key_email) { + print <<EOF; + + gpg --locate-external-key $gpg_key_email +EOF + } + print <<EOF; + + gpg --recv-keys $gpg_key_id +EOF + if ($gpg_keyring_url) { + print <<EOF; + + wget -q -O- '$gpg_keyring_url' | gpg --import - +EOF + } + print <<EOF; + +As a last resort to find the key, you can try the official GNU +keyring: - gpg --keyserver keys.gnupg.net --recv-keys $gpg_key_id + wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg + gpg --keyring gnu-keyring.gpg --verify $tarballs[0].sig -and rerun the 'gpg --verify' command. EOF my @tool_versions = get_tool_versions (\@tool_list, $gnulib_version); |