xref: /aosp_15_r20/external/coreboot/util/release/build-release (revision b9411a12aaaa7e1e6a6fb7c5e057f44ee179a49c) 
1#!/usr/bin/env bash
2# SPDX-License-Identifier: GPL-2.0-only
3# ${VERSION_NAME}: new version name
4# ${COMMIT_ID}: commit id for new version
5# ${USERNAME}: username (if not default to https)
6# ${GPG_KEY_ID}: gpg key id (if not don't sign)
7VERSION_NAME=$1
8COMMIT_ID=$2
9USERNAME=$3
10GPG_KEY_ID=$4
11
12set -e
13
14TIME_FILE="$(mktemp -d)/.coreboot-time"
15COREBOOT_RELEASE_NAME=coreboot-${VERSION_NAME}
16COREBOOT_TARBALL="${COREBOOT_RELEASE_NAME}.tar.xz"
17COREBOOT_BLOBS_TARBALL="coreboot-blobs-${VERSION_NAME}.tar.xz"
18
19if [ -z "$GPG_TTY" ]; then
20	GPG_TTY=$(tty)
21	export GPG_TTY
22fi
23
24# set local + tz to be reproducible
25LC_ALL=C
26LANG=C
27TZ=UTC0
28export LC_ALL LANG TZ
29
30if [ -z "${VERSION_NAME}" ] || [ "${VERSION_NAME}" = "--help" ] || [ -z "${COMMIT_ID}" ]; then
31	echo "usage: $0 <version> <commit id> [username] [gpg key id]"
32	echo "Tags a new coreboot version and creates a tar archive"
33	echo
34	echo "version:    New version name to tag the tree with"
35	echo "commit id:  check out this commit-id after cloning the coreboot tree"
36	echo "username:   clone the tree using ssh://USERNAME - defaults to https://"
37	echo "gpg key id: used to tag the version, and generate a gpg signature"
38	exit 1
39fi
40
41pause() {
42  local text=$1
43
44  echo
45  if [ -n "$text" ]; then
46    echo "$text"
47  fi
48  read -r -p "Press [Enter] key to continue..."
49}
50
51# Verify that tar supports --sort
52if ! tar --sort=name -cf /dev/null /dev/null 2>/dev/null ; then
53	echo "Error: The installed version of tar does not support --sort"
54	echo "       GNU tar version 1.28 or greater is required.  Exiting."
55	exit 1
56fi
57
58# Clone new copy of repo if needed
59if [ ! -d "${COREBOOT_RELEASE_NAME}/.git" ]; then
60	rm -rf "${COREBOOT_RELEASE_NAME}"
61	declare -a GIT_REF_OPTS
62	if [ -d .git ]; then
63		GIT_REF_OPTS=("--reference" "." "--dissociate")
64	elif [ -d ../../.git ]; then
65		GIT_REF_OPTS=("--reference" "../.." "--dissociate")
66	fi
67	if [ -n "${USERNAME}" ]; then
68		git clone "${GIT_REF_OPTS[@]}" "ssh://${USERNAME}@review.coreboot.org:29418/coreboot.git" "${COREBOOT_RELEASE_NAME}" --
69	else
70		git clone "${GIT_REF_OPTS[@]}" https://review.coreboot.org/coreboot.git "${COREBOOT_RELEASE_NAME}" --
71	fi
72fi
73
74# Handle everything that needs to be done from inside the new coreboot
75# directory. Use requested version, update submodules, and get ready to
76# run from outside a git repository, and create a signed tag to push.
77(
78	cd "${COREBOOT_RELEASE_NAME}" || exit 1
79	git reset --hard "${COMMIT_ID}"
80
81	util/crossgcc/buildgcc -W > .crossgcc-version
82
83	if [ -n "${GPG_KEY_ID}" ]; then
84		pause "The next step will need your PGP key's passphrase, so be ready."
85		git tag -a -s -u "$GPG_KEY_ID" --force "${VERSION_NAME}" -m "coreboot version ${VERSION_NAME}" --
86	else
87		git tag -a --force "${VERSION_NAME}" -m "coreboot version ${VERSION_NAME}" --
88	fi
89
90	git submodule update --init --checkout
91
92	printf "%s-%s\n" "$VERSION_NAME"  "$(git log --pretty=%h -1)" > .coreboot-version
93	printf "%s\n" "$(git log --pretty=format:%ci -1)" > "${TIME_FILE}"
94)
95tstamp=$(cat "${TIME_FILE}" | sed 's/ +0000//')
96
97# Create the two tarballs, source and blobs.
98exclude_paths="3rdparty/blobs 3rdparty/fsp 3rdparty/intel-microcode 3rdparty/amd_blobs 3rdparty/qc_blobs"
99
100declare -a blobs_paths
101declare -a exclude_opts
102for i in ${exclude_paths}; do
103	blobs_paths+=("${COREBOOT_RELEASE_NAME}/${i}")
104	exclude_opts+=("--exclude=${COREBOOT_RELEASE_NAME}/${i}")
105done
106
107tar --sort=name --mtime="${tstamp}" --owner=coreboot:1000 --group=coreboot:1000 --exclude=*/.git --exclude=*/.gitignore --exclude=*/.gitreview --exclude=*/.mailmap --exclude=*/.gitmodules "${exclude_opts[@]}" -cvf - "${COREBOOT_RELEASE_NAME}" |xz -9 > "${COREBOOT_TARBALL}"
108tar --sort=name --mtime="${tstamp}" --owner=coreboot:1000 --group=coreboot:1000 --exclude=*/.git --exclude=*/.gitignore --exclude=*/.gitreview --exclude=*/.mailmap --exclude=*/.gitmodules -cvf - "${blobs_paths[@]}" |xz -9 > "${COREBOOT_BLOBS_TARBALL}"
109
110# Sign the tarballs
111if [ -n "${GPG_KEY_ID}" ]; then
112	gpg --armor --local-user "$GPG_KEY_ID" --output "${COREBOOT_TARBALL}.sig" --detach-sig "${COREBOOT_TARBALL}"
113	gpg --armor --local-user "$GPG_KEY_ID" --output "${COREBOOT_BLOBS_TARBALL}.sig" --detach-sig "${COREBOOT_BLOBS_TARBALL}"
114fi
115
116# Clean up
117rm -f "${TIME_FILE}"
118