Add Goreleaser to build releases

.gitignore

@@ -15,3 +15,4 @@
 /gotools/golangci-lint
 /gotools/go-winres
 test/venv
+/dist

.goreleaser.yaml

@@ -0,0 +1,205 @@
+# Make sure to check the documentation at https://goreleaser.com
+release:
+  draft: true
+  replace_existing_draft: true
+
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+    # you may remove this if you don't need go generate
+    - go generate ./...
+builds:
+  - id: linux
+    main: ./cmd/tkey-ssh-agent
+    binary: tkey-ssh-agent
+    env:
+      - GOPROXY=https://proxy.golang.org,direct
+      - GOSUMDB=sum.golang.org
+      - CGO_ENABLED=0
+
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+    flags:
+      - -trimpath
+
+    # Custom ldflags mostly to avoid setting main.date which for some
+    # reason is default
+    ldflags:
+      -w -X main.version={{ .Version }} -X main.signerAppNoTouch= -buildid=
+
+  - id: darwin
+    main: ./cmd/tkey-ssh-agent
+    binary: tkey-ssh-agent
+    env:
+      - GOPROXY=https://proxy.golang.org,direct
+      - GOSUMDB=sum.golang.org
+      - CGO_ENABLED=1
+
+    goos:
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+    flags:
+      - -trimpath
+
+    # Custom ldflags mostly to avoid setting main.date which for some
+    # reason is default
+    ldflags:
+      -w -X main.version={{ .Version }} -X main.signerAppNoTouch= -buildid=
+
+  - id: windows
+    main: ./cmd/tkey-ssh-agent
+    binary: tkey-ssh-agent
+    env:
+      - GOPROXY=https://proxy.golang.org,direct
+      - GOSUMDB=sum.golang.org
+      - CGO_ENABLED=0
+
+    goos:
+      - windows
+    goarch:
+      - amd64
+      - arm64
+    flags:
+      - -trimpath
+
+    # Custom ldflags mostly to avoid setting main.date which for some
+    # reason is default
+    ldflags:
+      -w -X main.version={{ .Version }} -X main.signerAppNoTouch= -buildid=
+
+universal_binaries:
+  -
+    ids:
+      - darwin
+    replace: true
+    name_template: "tkey-ssh-agent"
+    hooks:
+      post: gon gon.hcl
+
+archives:
+  - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of uname.
+    name_template: >-
+      {{ "tkey-ssh-agent" }}_
+      {{- .Version }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "all" }}universal
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    format_overrides:
+    - goos: windows
+      format: zip
+    files:
+      - src: system/tkey-ssh-agent.1
+        dst: man
+        strip_parent: true
+
+nfpms:
+  # note that this is an array of nfpm configs
+  - #
+    # ID of the nfpm config, must be unique.
+    #
+    # Default: 'default'
+    #id: foo
+
+    # Name of the package.
+    # Default: ProjectName
+    # Templates: allowed. (since v1.18)
+    package_name: tkey-ssh-agent
+
+    # Your app's vendor.
+    vendor: Tillitis AB
+
+    # Your app's homepage.
+    homepage: https://tillitis.se/
+
+    # Your app's maintainer (probably you).
+    maintainer: Tillitis <[email protected]>
+
+    # Your app's description.
+    description: |-
+       SSH agent backed by Tillitis TKey
+       tkey-ssh-agent is an alternative SSH agent backed by a private ed25519 key
+       residing in the hardware TKey, a USB stick.
+
+    # Your app's license.
+    license: GPL 2.0
+
+    # Formats to be generated.
+    formats:
+      - apk
+      - deb
+      - rpm
+      - archlinux # Since: v1.13
+
+    dependencies:
+      - pinentry-gnome3 | pinentry
+
+    bindir: /usr/bin
+
+    # Contents to add to the package.
+    # GoReleaser will automatically add the binaries.
+    contents:
+      - src: system/tkey-ssh-agent.1
+        dst: /usr/share/man/man1/tkey-ssh-agent.1
+        file_info:
+           mode: 0644
+
+      - src: system/tkey-ssh-agent.service
+        dst: /usr/lib/systemd/user/tkey-ssh-agent.service
+        file_info:
+          mode: 0644
+
+      - src: system/60-tkey.rules
+        dst: /usr/lib/udev/rules.d/60-tkey.rules
+        file_info:
+          mode: 0644
+
+      - src: system/copyright
+        dst: /usr/share/docs/tkey-ssh-agent/
+        file_info:
+          mode: 0644
+
+
+    # Scripts to execute during the installation of the package. (overridable)
+    #
+    # Keys are the possible targets during the installation process
+    # Values are the paths to the scripts which will be executed.
+    #
+    # Templates: allowed (since v1.20)
+    scripts:
+      postinstall: "system/postinst"
+
+    # Custom configuration applied only to the Deb packager.
+    deb:
+      # Lintian overrides
+      lintian_overrides:
+        - statically-linked-binary
+        - changelog-file-missing-in-native-package
+
+
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort:
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+
+
+# The lines beneath this are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
+
+#  LocalWords:  sign

gon.hcl

@@ -0,0 +1,13 @@
+
+source = ["dist/tkey-ssh-agent_darwin_all/tkey-ssh-agent"]
+bundle_id = "com.tillitis.tkey-ssh-agent"
+
+apple_id {
+  username = "[email protected]"
+  password = "@keychain:[email protected]"
+  provider = "34722S433A"
+}
+
+sign {
+  application_identity = "Developer ID Application: Tillitis AB"
+}

system/copyright

@@ -0,0 +1,5 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+
+Files: *
+Copyright: 2024 Tillitis AB
+License: GPL-2

system/postinst

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+    configure)
+        if udevadm --version >/dev/null; then
+            udevadm control --reload || true
+            udevadm trigger --action=add --subsystem-match=tty || true
+        fi
+    ;;
+esac

system/tkey-ssh-agent.service

@@ -0,0 +1,26 @@
+[Unit]
+Description=An SSH agent backed by Tillitis TKey
+Documentation=https://github.com/tillitis/tkey-ssh-agent
+
+[Service]
+ExecStart=/usr/bin/tkey-ssh-agent --uss --agent-path /%t/tkey-ssh-agent/sock
+ExecReload=/usr/bin/kill -HUP $MAINPID
+NoNewPrivileges=yes
+KeyringMode=private
+UMask=0177
+ProtectSystem=strict
+RuntimeDirectory=tkey-ssh-agent
+RuntimeDirectoryMode=0700
+ReadWritePaths=/dev /run
+RestrictAddressFamilies=AF_UNIX
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+LockPersonality=yes
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
+SystemCallErrorNumber=EPERM
+SystemCallArchitectures=native
+
+[Install]
+WantedBy=default.target