[plc4x] branch develop updated: fix: Update the release-check-tools to the latest changes.

Mon, 02 Oct 2023 02:12:49 -0700 

This is an automated email from the ASF dual-hosted git repository.

cdutz pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/plc4x.git


The following commit(s) were added to refs/heads/develop by this push:
     new 042a4a17fd fix: Update the release-check-tools to the latest changes.
042a4a17fd is described below

commit 042a4a17fde3300a84db755821e88e1a7fb4810a
Author: Christofer Dutz <[email protected]>
AuthorDate: Mon Oct 2 11:11:18 2023 +0200

    fix: Update the release-check-tools to the latest changes.
---
 tools/check_sigs.sh              | 14 ++++++++++++--
 tools/download_staged_release.sh | 13 ++++++++++---
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/tools/check_sigs.sh b/tools/check_sigs.sh
index 16e857c73c..e8a3dabcf4 100755
--- a/tools/check_sigs.sh
+++ b/tools/check_sigs.sh
@@ -54,13 +54,23 @@ function checkFile() {
        echo "${FILE} SHA OK";
     fi
 
-    gpg --verify "${FILE}.asc"
-
 }
 
 for bundle in "${BUNDLE_DIR}"/*.zip
 do
     checkFile "${bundle}"
+
+    gpg --verify "${FILE}.asc"
+done
+
+for sbom in "${BUNDLE_DIR}"/*.json
+do
+    gpg --verify "${sbom}.asc"
+done
+
+for sbom in "${BUNDLE_DIR}"/*.xml
+do
+    gpg --verify "${sbom}.asc"
 done
 
 echo
diff --git a/tools/download_staged_release.sh b/tools/download_staged_release.sh
index 67be3350ec..977f551508 100755
--- a/tools/download_staged_release.sh
+++ b/tools/download_staged_release.sh
@@ -93,12 +93,17 @@ function mywget() {
   (set -x; curl -f -O "$1")
 }
 
-function getSignedBundle() {
+function getSignedAndHashedBundle() {
   mywget "${1}"
   mywget "${1}".asc
   mywget "${1}".sha512
 }
 
+function getSignedBundle() {
+  mywget "${1}"
+  mywget "${1}".asc
+}
+
 mkdir -p "${DST_BASE_DIR}"
 cd "${DST_BASE_DIR}"
 ABS_BASE_DIR=$(pwd)
@@ -114,9 +119,11 @@ fi
 
 mkdir -p "${DST_VER_DIR}"
 cd "${DST_VER_DIR}"
-mywget "${URL}"/README
+mywget "${URL}"/README.md
 mywget "${URL}"/RELEASE_NOTES
-getSignedBundle "${URL}"/apache-plc4x-"${VER}"-source-release.zip
+getSignedAndHashedBundle "${URL}"/apache-plc4x-"${VER}"-source-release.zip
+getSignedBundle "${URL}"/apache-plc4x-parent-"${VER}"-sbom.json
+getSignedBundle "${URL}"/apache-plc4x-parent-"${VER}"-sbom.xml
 
 echo
 echo Done Downloading to "${DST_BASE_DIR}"

Reply via email to