This is an automated email from the ASF dual-hosted git repository. cdutz pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-plc4x.git
The following commit(s) were added to refs/heads/master by this push: new f26f990 - Added tools for checking PLC4X releases f26f990 is described below commit f26f990e71129e01f5e047b8815370dbaa29aba4 Author: Christofer Dutz <christofer.d...@c-ware.de> AuthorDate: Wed Sep 19 22:14:02 2018 +0200 - Added tools for checking PLC4X releases --- tools/check_sigs.sh | 78 +++++++++++++++ tools/common.sh | 202 +++++++++++++++++++++++++++++++++++++++ tools/download_staged_release.sh | 138 ++++++++++++++++++++++++++ 3 files changed, 418 insertions(+) diff --git a/tools/check_sigs.sh b/tools/check_sigs.sh new file mode 100755 index 0000000..b74b26d --- /dev/null +++ b/tools/check_sigs.sh @@ -0,0 +1,78 @@ +#!/bin/sh + +################################################################################ +## +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## +################################################################################ + +set -e + +# Checks the signatures of all bundles in the build/release-edgent directory +# Or checks the bundles in the specified directory + +. `dirname $0`/common.sh + +setUsage "`basename $0` [bundle-directory]" +handleHelp "$@" + +if [ $# -ge 1 ] +then + BUNDLE_DIR=$1; shift +fi + +noExtraArgs "$@" + +[ -d ${BUNDLE_DIR} ] || die "Bundle directory \"${BUNDLE_DIR}\" does not exist" + +function checkFile() { + FILE="$1" + echo + echo "Checking $FILE..." + + HASH=`md5 -q "${FILE}"` + CHECK=`cat "${FILE}.md5"` + + if [ "$HASH" != "$CHECK" ] + then + echo "${FILE} MD5 incorrect" + exit 1; + else + echo "${FILE} MD5 OK"; + fi + + HASH=`shasum -p -a 512 "${FILE}" | awk '{print$1}'` + CHECK=`cat "${FILE}.sha512"` + + if [ "$HASH" != "$CHECK" ] + then + echo "${FILE} SHA incorrect" + exit 1; + else + echo "${FILE} SHA OK"; + fi + + gpg --verify "${FILE}.asc" + +} + +for bundle in ${BUNDLE_DIR}/*.zip +do + checkFile ${bundle} +done + +echo +echo "SUCCESS: all checksum and signature files OK" diff --git a/tools/common.sh b/tools/common.sh new file mode 100755 index 0000000..e899f9a --- /dev/null +++ b/tools/common.sh @@ -0,0 +1,202 @@ +#!/bin/sh + +################################################################################ +## +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## +################################################################################ + +BUILDTOOLS_DIR=`dirname $0` + +PLC4X_ROOT_DIR=. +# BUNDLE_DIR is results of maven release:perform's creation of release candidate +BUNDLE_DIR=${PLC4X_ROOT_DIR}/target/checkout/target + +PLC4X_ASF_GIT_URL=https://git-wip-us.apache.org/repos/asf/incubator-plc4x.git +PLC4X_ASF_DIST_URL=https://www.apache.org/dist/incubator/plc4x +PLC4X_ASF_DIST_DYN_URL=https://www.apache.org/dyn/closer.cgi/incubator/plc4x +PLC4X_ASF_SVN_RELEASE_URL=https://dist.apache.org/repos/dist/release/incubator/plc4x +PLC4X_ASF_SVN_RC_URL=https://dist.apache.org/repos/dist/dev/incubator/plc4x + +USAGE= + +RELEASE_PROP_FILE=${PLC4X_ROOT_DIR}/plc4x.release.properties + +function die() { # [$* msgs] + [ $# -gt 0 ] && echo "Error: $*" + exit 1 +} + +function setUsage() { # $1: usage string + USAGE=$1 +} + +function usage() { # [$*: msgs] + [ $# -gt 0 ] && echo "Error: $*" + echo "Usage: ${USAGE}" + exit 1 +} + +function handleHelp() { # usage: handleHelp "$@" + if [ "$1" == "-?" -o "$1" == "--help" ]; then + usage + fi +} + +function requireArg() { # usage: requireArgs "$@" + if [ $# -lt 1 ] || [[ $1 =~ ^- ]]; then + usage "missing argument" + fi +} + +function noExtraArgs() { # usage: noExtraArgs "$@" + [ $# = 0 ] || usage "extra arguments" +} + +function getAbsPath() { # $1: rel-or-abs-path + echo "$(cd "$(dirname "$1")"; pwd)/$(basename "$1")" +} + +function confirm () { # [$1: question] + while true; do + # call with a prompt string or use a default + /bin/echo -n "${1:-Are you sure?}" + read -r -p " [y/n] " response + case $response in + [yY]) return `true` ;; + [nN]) return `false` ;; + *) echo "illegal response '$response'" ;; + esac + done +} + +function dieSuperceeded { # no args + die "This tool is superceeded with the new maven build tooling. See src/site/asciidoc/releasing.adoc." +} + +function checkPLX4XSourceRootGitDie { # no args; dies if !ok + [ -d "${PLC4X_ROOT_DIR}/.git" ] || die "Not an PLX4X source root git directory \"${PLC4X_ROOT_DIR}\"" +} + +function checkUsingMgmtCloneWarn() { # no args; warns if plc4x root isn't a mgmt clone + CLONE_DIR=`cd ${PLC4X_ROOT_DIR}; pwd` + CLONE_DIRNAME=`basename $CLONE_DIR` + if [ ! `echo $CLONE_DIRNAME | grep -o -E '^mgmt-plc4x'` ]; then + echo "Warning: the PLX4X root dir \"${PLC4X_ROOT_DIR}\" is not a release mgmt clone!" + return 1 + else + return 0 + fi +} + +function checkBundleDir() { # no args returns true/false (0/1) + if [ -d ${BUNDLE_DIR} ]; then + return 0 + else + return 1 + fi +} + +function checkVerNum() { # $1: X.Y.Z returns true/false (0/1) + if [ `echo $1 | grep -o -E '^\d+\.\d+\.\d+$'` ]; then + return 0 + else + return 1 + fi +} + +function checkVerNumDie() { # $1: X.Y.Z dies if not ok + checkVerNum $1 || die "Not a X.Y.Z version number \"$1\"" +} + +function checkRcNum() { # $1: rc-num returns true/false (0/1) + if [ `echo $1 | grep -o -E '^\d+$'` ] && [ $1 != 0 ]; then + return 0 + else + return 1 + fi +} + +function checkRcNumDie() { # $1: rc-num dies if not ok + checkRcNum $1 || die "Not a release candidate number \"$1\"" +} + +function createReleaseProperties { # X.Y.Z + VER="$1" + checkVerNumDie ${VER} + echo "releaseNum=${VER}" > ${RELEASE_PROP_FILE} +} + +function getReleaseProperty { # <property-name> + PN=$1 + PNVAL=`grep ${PN} ${RELEASE_PROP_FILE}` + VAL=`echo ${PNVAL} | sed -e "s/^${PN}=//"` + echo ${VAL} +} + +function getPLX4XVer() { # [$1 == "bundle"] + MSG="getPLX4XVer(): unknown mode \"$1\"" + VER="" + if [ "$1" == "" ]; then + VER=`getReleaseProperty releaseNum` + MSG="Unable to identify the release version id from ${RELEASE_PROP_FILE}" + elif [ $1 == "gradle" ]; then + die "'getPLX4XVer() gradle' is no longer supported" + # Get the X.Y.Z version from gradle build info + PROPS=${PLC4X_ROOT_DIR}/gradle.properties + VER=`grep build_version ${PROPS} | grep -o -E '\d+\.\d+\.\d+'` + MSG="Unable to identify the version id from ${PROPS}" + elif [ $1 == "bundle" ]; then + # Get the X.Y.Z version from a build generated bundle's name + BUNDLE=`echo ${BUNDLE_DIR}/apache-plc4x-*-source-release.tar.gz` + VER=`echo ${BUNDLE} | grep -o -E '\d+\.\d+\.\d+'` + MSG="Unable to identify the version id from bundle ${BUNDLE}" + fi + [ "${VER}" ] || die "${MSG}" + echo $VER +} + +function getMajMinVerNum() { # $1: X.Y.Z returns X.Y + VER=$1; shift + checkVerNumDie ${VER} + MAJ_MIN_VER=`echo ${VER} | sed -e 's/\.[0-9][0-9]*$//'` + echo ${MAJ_MIN_VER} +} + +function getReleaseBranch() { # $1: X.Y.Z version + MAJ_MIN_NUM=`getMajMinVerNum $1` + echo "release/${MAJ_MIN_NUM}" +} + +function getReleaseTag() { # $1: X.Y.Z [$2: rc-num] + VER=$1; shift + checkVerNumDie ${VER} + RC_SFX="" + if [ $# -gt 0 ] && [ "$1" != "" ]; then + RC_SFX="-RC$1" + fi + echo "${VER}-incubating${RC_SFX}" +} + +function getReleaseTagComment() { # $1: X.Y.Z [$2: rc-num] + VER=$1; shift + checkVerNumDie ${VER} + RC_SFX="" + if [ $# -gt 0 ] && [ "$1" != "" ]; then + RC_SFX=" RC$1" + fi + echo "Apache PLX4X ${VER}-incubating${RC_SFX}" +} diff --git a/tools/download_staged_release.sh b/tools/download_staged_release.sh new file mode 100755 index 0000000..9bc8b44 --- /dev/null +++ b/tools/download_staged_release.sh @@ -0,0 +1,138 @@ +#!/bin/sh + +################################################################################ +## +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## +################################################################################ + +set -e + +# Download the collection of files associated with an Apache PLC4X +# Release or Release Candidate from the Apache Distribution area: +# https://dist.apache.org/repos/dist/release/incubator/plc4x +# or https://dist.apache.org/repos/dist/dev/incubator/plc4x +# respectively. +# +# Prompts before taking actions unless "--nquery" +# Prompts to perform signature validation (using buildTools/check_sigs.sh) +# unless --nvalidate or --validate is specified. + + +. `dirname $0`/common.sh + + + +setUsage "`basename $0` [--nquery] [--validate|--nvalidate] <version> [<rc-num>]" +handleHelp "$@" + +BUILDTOOLS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +NQUERY= +if [ "$1" == "--nquery" ]; then + NQUERY="--nquery"; shift +fi + +VALIDATE=-1 # query +if [ "$1" == "--validate" ]; then + VALIDATE=1; shift +elif [ "$1" == "--nvalidate" ]; then + VALIDATE=0; shift +fi + +requireArg "$@" +VER=$1; shift +checkVerNum $VER || usage "Not a X.Y.Z version number \"$VER\"" + +RC_NUM= +if [ $# -gt 0 ]; then + RC_NUM=$1; shift + checkRcNum ${RC_NUM} || usage "Not a release candidate number \"${RC_NUM}\"" +fi + +noExtraArgs "$@" + +# Release or Release Candidate mode +IS_RC= +if [ ${RC_NUM} ]; then + IS_RC=1 +fi + +BASE_URL=${PLC4X_ASF_SVN_RELEASE_URL} +if [ ${IS_RC} ]; then + BASE_URL=${PLC4X_ASF_SVN_RC_URL} +fi + +RC_SFX= +if [ ${IS_RC} ]; then + RC_SFX=rc${RC_NUM} +fi + +DST_BASE_DIR=downloaded-plc4x-${VER}${RC_SFX} +[ -d ${DST_BASE_DIR} ] && die "${DST_BASE_DIR} already exists" + +[ ${NQUERY} ] || confirm "Proceed to download to ${DST_BASE_DIR} from ${BASE_URL}?" || exit + +echo Downloading to ${DST_BASE_DIR} ... + +function mywget() { + # OSX lacks wget by default + (set -x; curl -f -O $1) +} + +function getSignedBundle() { + mywget ${1} + mywget ${1}.asc + mywget ${1}.md5 + mywget ${1}.sha512 +} + +mkdir -p ${DST_BASE_DIR} +cd ${DST_BASE_DIR} +ABS_BASE_DIR=`pwd` +URL=${BASE_URL} +mywget ${URL}/KEYS + +DST_VER_DIR=${VER}-incubating +URL=${BASE_URL}/${VER}-incubating +if [ ${IS_RC} ]; then + DST_VER_DIR=${DST_VER_DIR}/${RC_SFX} + URL=${URL}/${RC_SFX} +fi + +mkdir -p ${DST_VER_DIR} +cd ${DST_VER_DIR} +mywget ${URL}/README +mywget ${URL}/RELEASE_NOTES +getSignedBundle ${URL}/apache-plc4x-incubating-${VER}-source-release.zip + +echo +echo Done Downloading to ${DST_BASE_DIR} + +[ ${VALIDATE} == 0 ] && exit +[ ${VALIDATE} == 1 ] || [ ${NQUERY} ] || confirm "Do you want to check the bundle signatures and compare source bundles?" || exit + +cd ${ABS_BASE_DIR} + +echo +echo "If the following bundle gpg signature checks fail, you may need to" +echo "import the project's list of signing keys to your keyring" +echo " $ gpg ${DST_BASE_DIR}/KEYS # show the included keys" +echo " $ gpg --import ${DST_BASE_DIR}/KEYS" + +echo +echo "Verifying the source bundle signatures..." +(set -x; $BUILDTOOLS_DIR/check_sigs.sh ${DST_VER_DIR})