This is an automated email from the ASF dual-hosted git repository.
kou pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/arrow.git
The following commit(s) were added to refs/heads/master by this push:
new 300d914 ARROW-2935: [Packaging] Add verify_binary_artifacts function
to verify-release-candidate.sh
300d914 is described below
commit 300d914fdd0cf7b5141dfb54b209a79700f70386
Author: Phillip Cloud <[email protected]>
AuthorDate: Tue Jul 31 09:53:07 2018 +0900
ARROW-2935: [Packaging] Add verify_binary_artifacts function to
verify-release-candidate.sh
Author: Phillip Cloud <[email protected]>
Closes #2341 from cpcloud/ARROW-2935 and squashes the following commits:
5cf388e6 [Phillip Cloud] Review comments
044daa04 [Phillip Cloud] ARROW-2935: [Packaging] Add
verify_binary_artifacts function to verify-release-candidate.sh
---
dev/release/02-source.sh | 30 ++++++++++++++++++++++++++----
dev/release/verify-release-candidate.sh | 30 ++++++++++++++++++++++--------
2 files changed, 48 insertions(+), 12 deletions(-)
diff --git a/dev/release/02-source.sh b/dev/release/02-source.sh
index fa1c3e3..a7347f8 100755
--- a/dev/release/02-source.sh
+++ b/dev/release/02-source.sh
@@ -28,12 +28,28 @@ fi
version=$1
rc=$2
+artifact_dir=$3
if [ -d tmp/ ]; then
echo "Cannot run: tmp/ exists"
exit
fi
+if [ -z "$artifact_dir" ]; then
+ echo "artifact_dir is empty"
+ exit 1
+fi
+
+if [ ! -e "$artifact_dir" ]; then
+ echo "$artifact_dir does not exist"
+ exit 1
+fi
+
+if [ ! -d "$artifact_dir" ]; then
+ echo "$artifact_dir is not a directory"
+ exit 1
+fi
+
tag=apache-arrow-${version}
tagrc=${tag}-rc${rc}
@@ -97,16 +113,22 @@ ${SOURCE_DIR}/run-rat.sh ${tarball}
# sign the archive
gpg --armor --output ${tarball}.asc --detach-sig ${tarball}
-sha1sum $tarball > ${tarball}.sha1
-sha256sum $tarball > ${tarball}.sha256
-sha512sum $tarball > ${tarball}.sha512
+shasum -a 1 $tarball > ${tarball}.sha1
+shasum -a 256 $tarball > ${tarball}.sha256
# check out the arrow RC folder
svn co --depth=empty https://dist.apache.org/repos/dist/dev/arrow tmp
# add the release candidate for the tag
-mkdir -p tmp/${tagrc}
+mkdir -p tmp/${tagrc}/binaries
+
+# copy the rc tarball into the tmp dir
cp ${tarball}* tmp/${tagrc}
+
+# copy binary artifacts into a subdirectory of the rc dir
+cp -rf "$artifact_dir"/* tmp/${tagrc}/binaries/
+
+# commit to svn
svn add tmp/${tagrc}
svn ci -m 'Apache Arrow ${version} RC${rc}' tmp/${tagrc}
diff --git a/dev/release/verify-release-candidate.sh
b/dev/release/verify-release-candidate.sh
index ef058d1..9a18bce 100755
--- a/dev/release/verify-release-candidate.sh
+++ b/dev/release/verify-release-candidate.sh
@@ -63,15 +63,28 @@ fetch_archive() {
download_rc_file ${dist_name}.tar.gz
download_rc_file ${dist_name}.tar.gz.asc
download_rc_file ${dist_name}.tar.gz.sha1
- download_rc_file ${dist_name}.tar.gz.sha512
+ download_rc_file ${dist_name}.tar.gz.sha256
gpg --verify ${dist_name}.tar.gz.asc ${dist_name}.tar.gz
- if [ "$(uname)" == "Darwin" ]; then
- shasum -a 1 ${dist_name}.tar.gz | diff - ${dist_name}.tar.gz.sha1
- shasum -a 512 ${dist_name}.tar.gz | diff - ${dist_name}.tar.gz.sha512
- else
- sha1sum ${dist_name}.tar.gz | diff - ${dist_name}.tar.gz.sha1
- sha512sum ${dist_name}.tar.gz | diff - ${dist_name}.tar.gz.sha512
- fi
+ shasum -a 1 -c ${dist_name}.tar.gz.sha1
+ shasum -a 256 -c ${dist_name}.tar.gz.sha256
+}
+
+verify_binary_artifacts() {
+ # download the binaries folder for the current RC
+ download_rc_file binaries
+
+ # verify the signature and the checksums of each artifact
+ find binaries -name '*.asc' | while read sigfile; do
+ artifact=${sigfile/.asc/}
+ gpg --verify $sigfile $artifact
+
+ # go into the directory because the checksum files contain only the
+ # basename of the artifact
+ pushd $(dirname $artifact)
+ shasum -a 1 -c $artifact.sha1
+ shasum -a 256 -c $artifact.sha256
+ popd
+ done
}
setup_tempdir() {
@@ -243,6 +256,7 @@ RC_NUMBER=$2
TARBALL=apache-arrow-$1.tar.gz
import_gpg_keys
+verify_binary_artifacts
DIST_NAME="apache-arrow-${VERSION}"
fetch_archive $DIST_NAME
