Browse code
dev-tools: Script generating the source releases in an automated fashion
As we've had an ugly blunder with the v2.3.15 release, this release
tries to avoid making the same mistake once again. Plus it documents
how we produce the source packages.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20170518132432.22776-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14672.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
David Sommerseth authored on 2017/05/18 22:24:32Showing 1 changed files
| 1 | 1 |
new file mode 100755 |
| ... | ... |
@@ -0,0 +1,247 @@ |
| 0 |
+#!/bin/sh |
|
| 1 |
+# gen-release-tarballs.sh - Generates release tarballs with signatures |
|
| 2 |
+# |
|
| 3 |
+# Copyright (C) 2017 - David Sommerseth <davids@openvpn.net> |
|
| 4 |
+# |
|
| 5 |
+# This program is free software; you can redistribute it and/or |
|
| 6 |
+# modify it under the terms of the GNU General Public License |
|
| 7 |
+# as published by the Free Software Foundation; either version 2 |
|
| 8 |
+# of the License. |
|
| 9 |
+# |
|
| 10 |
+# This program is distributed in the hope that it will be useful, |
|
| 11 |
+# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 12 |
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 13 |
+# GNU General Public License for more details. |
|
| 14 |
+# |
|
| 15 |
+# You should have received a copy of the GNU General Public License |
|
| 16 |
+# along with this program; if not, write to the Free Software |
|
| 17 |
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
| 18 |
+# |
|
| 19 |
+set -u |
|
| 20 |
+ |
|
| 21 |
+if [ $# -ne 4 ]; then |
|
| 22 |
+ echo "Usage: $0 <remote-name> <tag-name> <sign-key> <dest-dir>" |
|
| 23 |
+ echo "" |
|
| 24 |
+ echo " remote-name -- valid remotes: `git remote | tr \\\n ' '`" |
|
| 25 |
+ echo " tag-name -- An existing release tag" |
|
| 26 |
+ echo " sign-key -- PGP key used to sign all files" |
|
| 27 |
+ echo " dest-dir -- Where to put the complete set of release tarballs" |
|
| 28 |
+ echo "" |
|
| 29 |
+ echo " Example: $0 origin v2.4.2 /tmp/openvpn-release" |
|
| 30 |
+ echo |
|
| 31 |
+ exit 1 |
|
| 32 |
+fi |
|
| 33 |
+ |
|
| 34 |
+arg_remote_name="$1" |
|
| 35 |
+arg_tag_name="$2" |
|
| 36 |
+arg_sign_key="$3" |
|
| 37 |
+arg_dest_dir="$4" |
|
| 38 |
+ |
|
| 39 |
+# |
|
| 40 |
+# Sanity checks |
|
| 41 |
+# |
|
| 42 |
+ |
|
| 43 |
+# Check that the tag exists |
|
| 44 |
+git tag | grep "$arg_tag_name" 1>/dev/null |
|
| 45 |
+if [ $? -ne 0 ]; then |
|
| 46 |
+ echo "** ERROR ** The tag '$arg_tag_name' does not exist" |
|
| 47 |
+ exit 2 |
|
| 48 |
+fi |
|
| 49 |
+ |
|
| 50 |
+# Extract the git URL |
|
| 51 |
+giturl="`git remote get-url $arg_remote_name 2>/dev/null`" |
|
| 52 |
+if [ $? -ne 0 ]; then |
|
| 53 |
+ echo "** ERROR ** Invalid git remote name: $arg_remote_name" |
|
| 54 |
+ exit 2 |
|
| 55 |
+fi |
|
| 56 |
+ |
|
| 57 |
+# Check we have the needed signing key |
|
| 58 |
+echo "test" | gpg -a --clearsign -u "$arg_sign_key" 2>/dev/null 1>/dev/null |
|
| 59 |
+if [ $? -ne 0 ]; then |
|
| 60 |
+ echo "** ERROR ** Failed when testing the PGP signing. Wrong signing key?" |
|
| 61 |
+ exit 2; |
|
| 62 |
+fi |
|
| 63 |
+ |
|
| 64 |
+ |
|
| 65 |
+# |
|
| 66 |
+# Helper functions |
|
| 67 |
+# |
|
| 68 |
+ |
|
| 69 |
+get_filename() |
|
| 70 |
+{
|
|
| 71 |
+ local wildcard="$1" |
|
| 72 |
+ |
|
| 73 |
+ res="`find . -maxdepth 1 -type f -name \"$wildcard\" | head -n1 | cut -d/ -f2-`" |
|
| 74 |
+ if [ $? -ne 0 ]; then |
|
| 75 |
+ echo "-- 'find' failed." |
|
| 76 |
+ exit 5 |
|
| 77 |
+ fi |
|
| 78 |
+ if [ -z "$res" ]; then |
|
| 79 |
+ echo "-- Could not find a file with the wildcard: $wildcard" |
|
| 80 |
+ exit 4 |
|
| 81 |
+ fi |
|
| 82 |
+ echo "$res" |
|
| 83 |
+} |
|
| 84 |
+ |
|
| 85 |
+copy_files() |
|
| 86 |
+{
|
|
| 87 |
+ local fileext="$1" |
|
| 88 |
+ local dest="$2" |
|
| 89 |
+ |
|
| 90 |
+ file="`get_filename openvpn-*.*.*.$fileext`" |
|
| 91 |
+ if [ -z "$file" ]; then |
|
| 92 |
+ echo "** ERROR Failed to find source file" |
|
| 93 |
+ exit 5 |
|
| 94 |
+ fi |
|
| 95 |
+ echo "-- Copying $file" |
|
| 96 |
+ cp "$file" "$dest" |
|
| 97 |
+ if [ $? -ne 0 ]; then |
|
| 98 |
+ echo "** ERROR ** Failed to copy $file to $destdir" |
|
| 99 |
+ exit 3; |
|
| 100 |
+ fi |
|
| 101 |
+} |
|
| 102 |
+ |
|
| 103 |
+sign_file() |
|
| 104 |
+{
|
|
| 105 |
+ local signkey="$1" |
|
| 106 |
+ local srchfile="$2" |
|
| 107 |
+ local signtype="$3" |
|
| 108 |
+ local file="`get_filename $srchfile`" |
|
| 109 |
+ |
|
| 110 |
+ echo "-- Signing $file ..." |
|
| 111 |
+ case "$signtype" in |
|
| 112 |
+ inline) |
|
| 113 |
+ # Have the signature in the same file as the data |
|
| 114 |
+ gpg -a --clearsign -u "$signkey" "$file" 2>/dev/null |
|
| 115 |
+ res=$? |
|
| 116 |
+ if [ $res -eq 0 ]; then |
|
| 117 |
+ rm -f "$file" |
|
| 118 |
+ fi |
|
| 119 |
+ ;; |
|
| 120 |
+ |
|
| 121 |
+ detached) |
|
| 122 |
+ # Have the signature in a separate file |
|
| 123 |
+ gpg -a --detach-sign -u "$signkey" "$file" 2>/dev/null |
|
| 124 |
+ res=$? |
|
| 125 |
+ ;; |
|
| 126 |
+ |
|
| 127 |
+ *) |
|
| 128 |
+ echo "** ERROR ** Unknown signing type \"$signtype\"." |
|
| 129 |
+ exit 4; |
|
| 130 |
+ esac |
|
| 131 |
+ |
|
| 132 |
+ if [ $res -ne 0 ]; then |
|
| 133 |
+ echo "** ERROR ** Failed to sign the file $PWD/$file" |
|
| 134 |
+ exit 4; |
|
| 135 |
+ fi |
|
| 136 |
+} |
|
| 137 |
+ |
|
| 138 |
+ |
|
| 139 |
+# |
|
| 140 |
+# Preparations |
|
| 141 |
+# |
|
| 142 |
+ |
|
| 143 |
+# Create the destination directory, using a sub-dir with the tag-name |
|
| 144 |
+destdir="" |
|
| 145 |
+case "$arg_dest_dir" in |
|
| 146 |
+ /*) # Absolute path |
|
| 147 |
+ destdir="$arg_dest_dir/$arg_tag_name" |
|
| 148 |
+ ;; |
|
| 149 |
+ *) # Make absolute path from relative path |
|
| 150 |
+ destdir="$PWD/$arg_dest_dir/$arg_tag_name" |
|
| 151 |
+ ;; |
|
| 152 |
+esac |
|
| 153 |
+echo "-- Destination directory: $destdir" |
|
| 154 |
+if [ -e "$destdir" ]; then |
|
| 155 |
+ echo "** ERROR ** Destination directory already exists. " |
|
| 156 |
+ echo " Please check your command line carefully." |
|
| 157 |
+ exit 2 |
|
| 158 |
+fi |
|
| 159 |
+ |
|
| 160 |
+mkdir -p "$destdir" |
|
| 161 |
+if [ $? -ne 0 ]; then |
|
| 162 |
+ echo "** ERROR ** Failed to create destination directory" |
|
| 163 |
+ exit 2 |
|
| 164 |
+fi |
|
| 165 |
+ |
|
| 166 |
+# |
|
| 167 |
+# Start the release process |
|
| 168 |
+# |
|
| 169 |
+ |
|
| 170 |
+# Clone the remote repository |
|
| 171 |
+workdir="`mktemp -d -p /var/tmp openvpn-build-release-XXXXXX`" |
|
| 172 |
+cd $workdir |
|
| 173 |
+echo "-- Working directory: $workdir" |
|
| 174 |
+echo "-- git clone $giturl" |
|
| 175 |
+git clone $giturl openvpn-gen-tarball 2> "$workdir/git-clone.log" 1>&2 |
|
| 176 |
+if [ $? -ne 0 ]; then |
|
| 177 |
+ echo "** ERROR ** git clone failed. See $workdir/git-clone.log for details" |
|
| 178 |
+ exit 3; |
|
| 179 |
+fi |
|
| 180 |
+cd openvpn-gen-tarball |
|
| 181 |
+ |
|
| 182 |
+# Check out the proper release tag |
|
| 183 |
+echo "-- Checking out tag $arg_tag_name ... " |
|
| 184 |
+git checkout -b mkrelease "$arg_tag_name" 2> "$workdir/git-checkout-tag.log" 1>&2 |
|
| 185 |
+if [ $? -ne 0 ]; then |
|
| 186 |
+ echo "** ERROR ** git checkout failed. See $workdir/git-checkout-tag.log for details" |
|
| 187 |
+ exit 3; |
|
| 188 |
+fi |
|
| 189 |
+ |
|
| 190 |
+# Prepare the source tree |
|
| 191 |
+echo "-- Running autoreconf + a simple configure ... " |
|
| 192 |
+(autoreconf -vi && ./configure) 2> "$workdir/autotools-prep.log" 1>&2 |
|
| 193 |
+if [ $? -ne 0 ]; then |
|
| 194 |
+ echo "** ERROR ** Failed running autotools. See $workdir/autotools-prep.log for details" |
|
| 195 |
+ exit 3; |
|
| 196 |
+fi |
|
| 197 |
+ |
|
| 198 |
+# Generate the tar/zip files |
|
| 199 |
+echo "-- Running make distcheck (generates .tar.gz) ... " |
|
| 200 |
+(make distcheck) 2> "$workdir/make-distcheck.log" 1>&2 |
|
| 201 |
+if [ $? -ne 0 ]; then |
|
| 202 |
+ echo "** ERROR ** make distcheck failed. See $workdir/make-distcheck.log for details" |
|
| 203 |
+ exit 3; |
|
| 204 |
+fi |
|
| 205 |
+copy_files tar.gz "$destdir" |
|
| 206 |
+ |
|
| 207 |
+echo "-- Running make dist-xz (generates .tar.xz) ... " |
|
| 208 |
+(make dist-xz) 2> "$workdir/make-dist-xz.log" 1>&2 |
|
| 209 |
+if [ $? -ne 0 ]; then |
|
| 210 |
+ echo "** ERROR ** make dist-xz failed. See $workdir/make-dist-xz.log for details" |
|
| 211 |
+ exit 3; |
|
| 212 |
+fi |
|
| 213 |
+copy_files tar.xz "$destdir" |
|
| 214 |
+ |
|
| 215 |
+echo "-- Running make dist-zip (generates .zip) ... " |
|
| 216 |
+(make dist-zip) 2> "$workdir/make-dist-zip.log" 1>&2 |
|
| 217 |
+if [ $? -ne 0 ]; then |
|
| 218 |
+ echo "** ERROR ** make dist-zip failed. See $workdir/make-dist-zip.log for details" |
|
| 219 |
+ exit 3; |
|
| 220 |
+fi |
|
| 221 |
+copy_files zip "$destdir" |
|
| 222 |
+ |
|
| 223 |
+# Generate SHA256 checksums |
|
| 224 |
+cd "$destdir" |
|
| 225 |
+sha256sum openvpn-*.tar.{gz,xz} openvpn-*.zip > "openvpn-$arg_tag_name.sha256sum"
|
|
| 226 |
+ |
|
| 227 |
+# Sign all the files |
|
| 228 |
+echo "-- Signing files ... " |
|
| 229 |
+sign_file "$arg_sign_key" "openvpn-$arg_tag_name.sha256sum" inline |
|
| 230 |
+sign_file "$arg_sign_key" "openvpn-*.tar.gz" detached |
|
| 231 |
+sign_file "$arg_sign_key" "openvpn-*.tar.xz" detached |
|
| 232 |
+sign_file "$arg_sign_key" "openvpn-*.zip" detached |
|
| 233 |
+ |
|
| 234 |
+# Create a tar-bundle with everything |
|
| 235 |
+echo "-- Creating final tarbundle with everything ..." |
|
| 236 |
+tar cf "openvpn-$arg_tag_name.tar" openvpn-*.{tar.gz,tar.xz,zip}{,.asc} openvpn-*.sha256sum.asc
|
|
| 237 |
+ |
|
| 238 |
+echo "-- Cleaning up ..." |
|
| 239 |
+# Save the log files |
|
| 240 |
+mkdir -p "$destdir/logs" |
|
| 241 |
+mv $workdir/*.log "$destdir/logs" |
|
| 242 |
+ |
|
| 243 |
+# Finally, done! |
|
| 244 |
+rm -rf "$workdir" |
|
| 245 |
+echo "-- Done" |
|
| 246 |
+exit 0 |