dev-tools/gen-release-tarballs.sh

   1 #!/bin/sh
   2 # gen-release-tarballs.sh  -  Generates release tarballs with signatures
   3 #
   4 # Copyright (C) 2017-2024 - David Sommerseth <davids@openvpn.net>
   5 #
   6 # This program is free software; you can redistribute it and/or
   7 # modify it under the terms of the GNU General Public License
   8 # as published by the Free Software Foundation; either version 2
   9 # of the License.
  10 #
  11 # This program is distributed in the hope that it will be useful,
  12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 # GNU General Public License for more details.
  15 #
  16 # You should have received a copy of the GNU General Public License
  17 # along with this program; if not, write to the Free Software
  18 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  19 #
  20 set -u
  21
  22 if [ $# -ne 4 ]; then
  23     echo "Usage: $0 <remote-name> <tag-name> <sign-key> <dest-dir>"
  24     echo ""
  25     echo "   remote-name  -- valid remotes: `git remote | tr \\\n ' '`"
  26     echo "   tag-name     -- An existing release tag"
  27     echo "   sign-key     -- PGP key used to sign all files"
  28     echo "   dest-dir     -- Where to put the complete set of release tarballs"
  29     echo ""
  30     echo "   Example: $0 origin v2.4.2 /tmp/openvpn-release"
  31     echo
  32     exit 1
  33 fi
  34
  35 arg_remote_name="$1"
  36 arg_tag_name="$2"
  37 arg_sign_key="$3"
  38 arg_dest_dir="$4"
  39
  40 #
  41 # Sanity checks
  42 #
  43
  44 # Check that the tag exists
  45 git tag | grep "$arg_tag_name" 1>/dev/null
  46 if [ $? -ne 0 ]; then
  47     echo "** ERROR **  The tag '$arg_tag_name' does not exist"
  48     exit 2
  49 fi
  50
  51 # Extract the git URL
  52 giturl="`git remote get-url $arg_remote_name 2>/dev/null`"
  53 if [ $? -ne 0 ]; then
  54     echo "** ERROR ** Invalid git remote name: $arg_remote_name"
  55     exit 2
  56 fi
  57
  58 # Check we have the needed signing key
  59 echo "test" | gpg -a --clearsign -u "$arg_sign_key" 2>/dev/null 1>/dev/null
  60 if [ $? -ne 0 ]; then
  61     echo "** ERROR ** Failed when testing the PGP signing.  Wrong signing key?"
  62     exit 2;
  63 fi
  64
  65
  66 #
  67 # Helper functions
  68 #
  69
  70 get_filename()
  71 {
  72     local wildcard="$1"
  73
  74     res="`find . -maxdepth 1 -type f -name \"$wildcard\" | head -n1 | cut -d/ -f2-`"
  75     if [ $? -ne 0 ]; then
  76         echo "-- 'find' failed."
  77         exit 5
  78     fi
  79     if [ -z "$res" ]; then
  80         echo "-- Could not find a file with the wildcard: $wildcard"
  81         exit 4
  82     fi
  83     echo "$res"
  84 }
  85
  86 copy_files()
  87 {
  88     local fileext="$1"
  89     local dest="$2"
  90
  91     file="`get_filename openvpn-*.*.*.$fileext`"
  92     if [ -z "$file" ]; then
  93         echo "** ERROR Failed to find source file"
  94         exit 5
  95     fi
  96     echo "-- Copying $file"
  97     cp "$file" "$dest"
  98     if [ $? -ne 0 ]; then
  99         echo "** ERROR ** Failed to copy $file to $destdir"
 100         exit 3;
 101     fi
 102 }
 103
 104 sign_file()
 105 {
 106     local signkey="$1"
 107     local srchfile="$2"
 108     local signtype="$3"
 109     local file="`get_filename $srchfile`"
 110
 111     echo "-- Signing $file ..."
 112     case "$signtype" in
 113         inline)
 114             # Have the signature in the same file as the data
 115             gpg -a --clearsign -u "$signkey" "$file" 2>/dev/null
 116             res=$?
 117             if [ $res -eq 0 ]; then
 118                 rm -f "$file"
 119             fi
 120             ;;
 121
 122         detached)
 123             # Have the signature in a separate file
 124             gpg -a --detach-sign -u "$signkey" "$file" 2>/dev/null
 125             res=$?
 126             ;;
 127
 128         *)
 129             echo "** ERROR **  Unknown signing type \"$signtype\"."
 130             exit 4;
 131     esac
 132
 133     if [ $res -ne 0 ]; then
 134         echo "** ERROR **  Failed to sign the file $PWD/$file"
 135         exit 4;
 136     fi
 137 }
 138
 139
 140 #
 141 # Preparations
 142 #
 143
 144 # Create the destination directory, using a sub-dir with the tag-name
 145 destdir=""
 146 case "$arg_dest_dir" in
 147     /*) # Absolute path
 148         destdir="$arg_dest_dir/$arg_tag_name"
 149         ;;
 150     *)  # Make absolute path from relative path
 151         destdir="$PWD/$arg_dest_dir/$arg_tag_name"
 152         ;;
 153 esac
 154 echo "-- Destination directory: $destdir"
 155 if [ -e "$destdir" ]; then
 156     echo "** ERROR ** Destination directory already exists.  "
 157     echo "            Please check your command line carefully."
 158     exit 2
 159 fi
 160
 161 mkdir -p "$destdir"
 162 if [ $? -ne 0 ]; then
 163     echo "** ERROR ** Failed to create destination directory"
 164     exit 2
 165 fi
 166
 167 #
 168 # Start the release process
 169 #
 170
 171 # Clone the remote repository
 172 workdir="`mktemp -d -p /var/tmp openvpn-build-release-XXXXXX`"
 173 cd $workdir
 174 echo "-- Working directory: $workdir"
 175 echo "-- git clone $giturl"
 176 git clone $giturl openvpn-gen-tarball 2> "$workdir/git-clone.log" 1>&2
 177 if [ $? -ne 0 ]; then
 178     echo "** ERROR **  git clone failed.  See $workdir/git-clone.log for details"
 179     exit 3;
 180 fi
 181 cd openvpn-gen-tarball
 182
 183 # Check out the proper release tag
 184 echo "-- Checking out tag $arg_tag_name ... "
 185 git checkout -b mkrelease "$arg_tag_name" 2> "$workdir/git-checkout-tag.log" 1>&2
 186 if [ $? -ne 0 ]; then
 187     echo "** ERROR **  git checkout failed.  See $workdir/git-checkout-tag.log for details"
 188     exit 3;
 189 fi
 190
 191 # Prepare the source tree
 192 echo "-- Running autoreconf + a simple configure ... "
 193 (autoreconf -vi && ./configure) 2> "$workdir/autotools-prep.log" 1>&2
 194 if [ $? -ne 0 ]; then
 195     echo "** ERROR **  Failed running autotools.  See $workdir/autotools-prep.log for details"
 196     exit 3;
 197 fi
 198
 199 # Generate the tar/zip files
 200 echo "-- Running make distcheck (generates .tar.gz) ... "
 201 (make distcheck) 2> "$workdir/make-distcheck.log" 1>&2
 202 if [ $? -ne 0 ]; then
 203     echo "** ERROR **  make distcheck failed.  See $workdir/make-distcheck.log for details"
 204     exit 3;
 205 fi
 206 copy_files tar.gz "$destdir"
 207
 208 echo "-- Running make dist-xz (generates .tar.xz) ... "
 209 (make dist-xz) 2> "$workdir/make-dist-xz.log" 1>&2
 210 if [ $? -ne 0 ]; then
 211     echo "** ERROR **  make dist-xz failed.  See $workdir/make-dist-xz.log for details"
 212     exit 3;
 213 fi
 214 copy_files tar.xz "$destdir"
 215
 216 echo "-- Running make dist-zip (generates .zip) ... "
 217 (make dist-zip) 2> "$workdir/make-dist-zip.log" 1>&2
 218 if [ $? -ne 0 ]; then
 219     echo "** ERROR **  make dist-zip failed.  See $workdir/make-dist-zip.log for details"
 220     exit 3;
 221 fi
 222 copy_files zip "$destdir"
 223
 224 # Generate SHA256 checksums
 225 cd "$destdir"
 226 sha256sum openvpn-*.tar.{gz,xz} openvpn-*.zip > "openvpn-$arg_tag_name.sha256sum"
 227
 228 # Sign all the files
 229 echo "-- Signing files ... "
 230 sign_file "$arg_sign_key" "openvpn-$arg_tag_name.sha256sum" inline
 231 sign_file "$arg_sign_key" "openvpn-*.tar.gz" detached
 232 sign_file "$arg_sign_key" "openvpn-*.tar.xz" detached
 233 sign_file "$arg_sign_key" "openvpn-*.zip" detached
 234
 235 # Create a tar-bundle with everything
 236 echo "-- Creating final tarbundle with everything ..."
 237 tar cf "openvpn-$arg_tag_name.tar" openvpn-*.{tar.gz,tar.xz,zip}{,.asc} openvpn-*.sha256sum.asc
 238
 239 echo "-- Cleaning up ..."
 240 # Save the log files
 241 mkdir -p "$destdir/logs"
 242 mv $workdir/*.log "$destdir/logs"
 243
 244 # Finally, done!
 245 rm -rf "$workdir"
 246 echo "-- Done"
 247 exit 0