As we've had an ugly blunder with the v2.3.15 release, this release
tries to avoid making the same mistake once again. Plus it documents
how we produce the source packages.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20170518132432.22776-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14672.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
1 | 1 |
new file mode 100755 |
... | ... |
@@ -0,0 +1,247 @@ |
0 |
+#!/bin/sh |
|
1 |
+# gen-release-tarballs.sh - Generates release tarballs with signatures |
|
2 |
+# |
|
3 |
+# Copyright (C) 2017 - David Sommerseth <davids@openvpn.net> |
|
4 |
+# |
|
5 |
+# This program is free software; you can redistribute it and/or |
|
6 |
+# modify it under the terms of the GNU General Public License |
|
7 |
+# as published by the Free Software Foundation; either version 2 |
|
8 |
+# of the License. |
|
9 |
+# |
|
10 |
+# This program is distributed in the hope that it will be useful, |
|
11 |
+# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
12 |
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
13 |
+# GNU General Public License for more details. |
|
14 |
+# |
|
15 |
+# You should have received a copy of the GNU General Public License |
|
16 |
+# along with this program; if not, write to the Free Software |
|
17 |
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
18 |
+# |
|
19 |
+set -u |
|
20 |
+ |
|
21 |
+if [ $# -ne 4 ]; then |
|
22 |
+ echo "Usage: $0 <remote-name> <tag-name> <sign-key> <dest-dir>" |
|
23 |
+ echo "" |
|
24 |
+ echo " remote-name -- valid remotes: `git remote | tr \\\n ' '`" |
|
25 |
+ echo " tag-name -- An existing release tag" |
|
26 |
+ echo " sign-key -- PGP key used to sign all files" |
|
27 |
+ echo " dest-dir -- Where to put the complete set of release tarballs" |
|
28 |
+ echo "" |
|
29 |
+ echo " Example: $0 origin v2.4.2 /tmp/openvpn-release" |
|
30 |
+ echo |
|
31 |
+ exit 1 |
|
32 |
+fi |
|
33 |
+ |
|
34 |
+arg_remote_name="$1" |
|
35 |
+arg_tag_name="$2" |
|
36 |
+arg_sign_key="$3" |
|
37 |
+arg_dest_dir="$4" |
|
38 |
+ |
|
39 |
+# |
|
40 |
+# Sanity checks |
|
41 |
+# |
|
42 |
+ |
|
43 |
+# Check that the tag exists |
|
44 |
+git tag | grep "$arg_tag_name" 1>/dev/null |
|
45 |
+if [ $? -ne 0 ]; then |
|
46 |
+ echo "** ERROR ** The tag '$arg_tag_name' does not exist" |
|
47 |
+ exit 2 |
|
48 |
+fi |
|
49 |
+ |
|
50 |
+# Extract the git URL |
|
51 |
+giturl="`git remote get-url $arg_remote_name 2>/dev/null`" |
|
52 |
+if [ $? -ne 0 ]; then |
|
53 |
+ echo "** ERROR ** Invalid git remote name: $arg_remote_name" |
|
54 |
+ exit 2 |
|
55 |
+fi |
|
56 |
+ |
|
57 |
+# Check we have the needed signing key |
|
58 |
+echo "test" | gpg -a --clearsign -u "$arg_sign_key" 2>/dev/null 1>/dev/null |
|
59 |
+if [ $? -ne 0 ]; then |
|
60 |
+ echo "** ERROR ** Failed when testing the PGP signing. Wrong signing key?" |
|
61 |
+ exit 2; |
|
62 |
+fi |
|
63 |
+ |
|
64 |
+ |
|
65 |
+# |
|
66 |
+# Helper functions |
|
67 |
+# |
|
68 |
+ |
|
69 |
+get_filename() |
|
70 |
+{ |
|
71 |
+ local wildcard="$1" |
|
72 |
+ |
|
73 |
+ res="`find . -maxdepth 1 -type f -name \"$wildcard\" | head -n1 | cut -d/ -f2-`" |
|
74 |
+ if [ $? -ne 0 ]; then |
|
75 |
+ echo "-- 'find' failed." |
|
76 |
+ exit 5 |
|
77 |
+ fi |
|
78 |
+ if [ -z "$res" ]; then |
|
79 |
+ echo "-- Could not find a file with the wildcard: $wildcard" |
|
80 |
+ exit 4 |
|
81 |
+ fi |
|
82 |
+ echo "$res" |
|
83 |
+} |
|
84 |
+ |
|
85 |
+copy_files() |
|
86 |
+{ |
|
87 |
+ local fileext="$1" |
|
88 |
+ local dest="$2" |
|
89 |
+ |
|
90 |
+ file="`get_filename openvpn-*.*.*.$fileext`" |
|
91 |
+ if [ -z "$file" ]; then |
|
92 |
+ echo "** ERROR Failed to find source file" |
|
93 |
+ exit 5 |
|
94 |
+ fi |
|
95 |
+ echo "-- Copying $file" |
|
96 |
+ cp "$file" "$dest" |
|
97 |
+ if [ $? -ne 0 ]; then |
|
98 |
+ echo "** ERROR ** Failed to copy $file to $destdir" |
|
99 |
+ exit 3; |
|
100 |
+ fi |
|
101 |
+} |
|
102 |
+ |
|
103 |
+sign_file() |
|
104 |
+{ |
|
105 |
+ local signkey="$1" |
|
106 |
+ local srchfile="$2" |
|
107 |
+ local signtype="$3" |
|
108 |
+ local file="`get_filename $srchfile`" |
|
109 |
+ |
|
110 |
+ echo "-- Signing $file ..." |
|
111 |
+ case "$signtype" in |
|
112 |
+ inline) |
|
113 |
+ # Have the signature in the same file as the data |
|
114 |
+ gpg -a --clearsign -u "$signkey" "$file" 2>/dev/null |
|
115 |
+ res=$? |
|
116 |
+ if [ $res -eq 0 ]; then |
|
117 |
+ rm -f "$file" |
|
118 |
+ fi |
|
119 |
+ ;; |
|
120 |
+ |
|
121 |
+ detached) |
|
122 |
+ # Have the signature in a separate file |
|
123 |
+ gpg -a --detach-sign -u "$signkey" "$file" 2>/dev/null |
|
124 |
+ res=$? |
|
125 |
+ ;; |
|
126 |
+ |
|
127 |
+ *) |
|
128 |
+ echo "** ERROR ** Unknown signing type \"$signtype\"." |
|
129 |
+ exit 4; |
|
130 |
+ esac |
|
131 |
+ |
|
132 |
+ if [ $res -ne 0 ]; then |
|
133 |
+ echo "** ERROR ** Failed to sign the file $PWD/$file" |
|
134 |
+ exit 4; |
|
135 |
+ fi |
|
136 |
+} |
|
137 |
+ |
|
138 |
+ |
|
139 |
+# |
|
140 |
+# Preparations |
|
141 |
+# |
|
142 |
+ |
|
143 |
+# Create the destination directory, using a sub-dir with the tag-name |
|
144 |
+destdir="" |
|
145 |
+case "$arg_dest_dir" in |
|
146 |
+ /*) # Absolute path |
|
147 |
+ destdir="$arg_dest_dir/$arg_tag_name" |
|
148 |
+ ;; |
|
149 |
+ *) # Make absolute path from relative path |
|
150 |
+ destdir="$PWD/$arg_dest_dir/$arg_tag_name" |
|
151 |
+ ;; |
|
152 |
+esac |
|
153 |
+echo "-- Destination directory: $destdir" |
|
154 |
+if [ -e "$destdir" ]; then |
|
155 |
+ echo "** ERROR ** Destination directory already exists. " |
|
156 |
+ echo " Please check your command line carefully." |
|
157 |
+ exit 2 |
|
158 |
+fi |
|
159 |
+ |
|
160 |
+mkdir -p "$destdir" |
|
161 |
+if [ $? -ne 0 ]; then |
|
162 |
+ echo "** ERROR ** Failed to create destination directory" |
|
163 |
+ exit 2 |
|
164 |
+fi |
|
165 |
+ |
|
166 |
+# |
|
167 |
+# Start the release process |
|
168 |
+# |
|
169 |
+ |
|
170 |
+# Clone the remote repository |
|
171 |
+workdir="`mktemp -d -p /var/tmp openvpn-build-release-XXXXXX`" |
|
172 |
+cd $workdir |
|
173 |
+echo "-- Working directory: $workdir" |
|
174 |
+echo "-- git clone $giturl" |
|
175 |
+git clone $giturl openvpn-gen-tarball 2> "$workdir/git-clone.log" 1>&2 |
|
176 |
+if [ $? -ne 0 ]; then |
|
177 |
+ echo "** ERROR ** git clone failed. See $workdir/git-clone.log for details" |
|
178 |
+ exit 3; |
|
179 |
+fi |
|
180 |
+cd openvpn-gen-tarball |
|
181 |
+ |
|
182 |
+# Check out the proper release tag |
|
183 |
+echo "-- Checking out tag $arg_tag_name ... " |
|
184 |
+git checkout -b mkrelease "$arg_tag_name" 2> "$workdir/git-checkout-tag.log" 1>&2 |
|
185 |
+if [ $? -ne 0 ]; then |
|
186 |
+ echo "** ERROR ** git checkout failed. See $workdir/git-checkout-tag.log for details" |
|
187 |
+ exit 3; |
|
188 |
+fi |
|
189 |
+ |
|
190 |
+# Prepare the source tree |
|
191 |
+echo "-- Running autoreconf + a simple configure ... " |
|
192 |
+(autoreconf -vi && ./configure) 2> "$workdir/autotools-prep.log" 1>&2 |
|
193 |
+if [ $? -ne 0 ]; then |
|
194 |
+ echo "** ERROR ** Failed running autotools. See $workdir/autotools-prep.log for details" |
|
195 |
+ exit 3; |
|
196 |
+fi |
|
197 |
+ |
|
198 |
+# Generate the tar/zip files |
|
199 |
+echo "-- Running make distcheck (generates .tar.gz) ... " |
|
200 |
+(make distcheck) 2> "$workdir/make-distcheck.log" 1>&2 |
|
201 |
+if [ $? -ne 0 ]; then |
|
202 |
+ echo "** ERROR ** make distcheck failed. See $workdir/make-distcheck.log for details" |
|
203 |
+ exit 3; |
|
204 |
+fi |
|
205 |
+copy_files tar.gz "$destdir" |
|
206 |
+ |
|
207 |
+echo "-- Running make dist-xz (generates .tar.xz) ... " |
|
208 |
+(make dist-xz) 2> "$workdir/make-dist-xz.log" 1>&2 |
|
209 |
+if [ $? -ne 0 ]; then |
|
210 |
+ echo "** ERROR ** make dist-xz failed. See $workdir/make-dist-xz.log for details" |
|
211 |
+ exit 3; |
|
212 |
+fi |
|
213 |
+copy_files tar.xz "$destdir" |
|
214 |
+ |
|
215 |
+echo "-- Running make dist-zip (generates .zip) ... " |
|
216 |
+(make dist-zip) 2> "$workdir/make-dist-zip.log" 1>&2 |
|
217 |
+if [ $? -ne 0 ]; then |
|
218 |
+ echo "** ERROR ** make dist-zip failed. See $workdir/make-dist-zip.log for details" |
|
219 |
+ exit 3; |
|
220 |
+fi |
|
221 |
+copy_files zip "$destdir" |
|
222 |
+ |
|
223 |
+# Generate SHA256 checksums |
|
224 |
+cd "$destdir" |
|
225 |
+sha256sum openvpn-*.tar.{gz,xz} openvpn-*.zip > "openvpn-$arg_tag_name.sha256sum" |
|
226 |
+ |
|
227 |
+# Sign all the files |
|
228 |
+echo "-- Signing files ... " |
|
229 |
+sign_file "$arg_sign_key" "openvpn-$arg_tag_name.sha256sum" inline |
|
230 |
+sign_file "$arg_sign_key" "openvpn-*.tar.gz" detached |
|
231 |
+sign_file "$arg_sign_key" "openvpn-*.tar.xz" detached |
|
232 |
+sign_file "$arg_sign_key" "openvpn-*.zip" detached |
|
233 |
+ |
|
234 |
+# Create a tar-bundle with everything |
|
235 |
+echo "-- Creating final tarbundle with everything ..." |
|
236 |
+tar cf "openvpn-$arg_tag_name.tar" openvpn-*.{tar.gz,tar.xz,zip}{,.asc} openvpn-*.sha256sum.asc |
|
237 |
+ |
|
238 |
+echo "-- Cleaning up ..." |
|
239 |
+# Save the log files |
|
240 |
+mkdir -p "$destdir/logs" |
|
241 |
+mv $workdir/*.log "$destdir/logs" |
|
242 |
+ |
|
243 |
+# Finally, done! |
|
244 |
+rm -rf "$workdir" |
|
245 |
+echo "-- Done" |
|
246 |
+exit 0 |