CTR: tweaked release validation script
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/e9ab93aa Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/e9ab93aa Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/e9ab93aa Branch: refs/heads/TINKERPOP-1956 Commit: e9ab93aa2df3ddc3d9271ebaa6543a82bc487f62 Parents: 8671622 Author: Daniel Kuppitz <daniel_kupp...@hotmail.com> Authored: Wed May 2 09:38:57 2018 -0700 Committer: Daniel Kuppitz <daniel_kupp...@hotmail.com> Committed: Wed May 2 09:38:57 2018 -0700 ---------------------------------------------------------------------- bin/validate-distribution.sh | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e9ab93aa/bin/validate-distribution.sh ---------------------------------------------------------------------- diff --git a/bin/validate-distribution.sh b/bin/validate-distribution.sh index b071ea0..76e0974 100755 --- a/bin/validate-distribution.sh +++ b/bin/validate-distribution.sh @@ -26,6 +26,7 @@ # curl -L -O https://dist.apache.org/repos/dist/dev/tinkerpop/KEYS # gpg --import KEYS +COMMITTERS=$(curl -Ls https://dist.apache.org/repos/dist/dev/tinkerpop/KEYS | grep -Po '(?<=<)[^<]*(?=@apache.org>)' | uniq) TMP_DIR="/tmp/tpdv" # Required. Only the latest version on each release stream is available on dist. @@ -72,6 +73,8 @@ mkdir -p ${TMP_DIR} rm -rf ${TMP_DIR}/* cd ${TMP_DIR} +curl -Ls https://people.apache.org/keys/committer/ | grep -v invalid > ${TMP_DIR}/.committers + # validate downloads ZIP_FILENAME=`grep -o '[^/]*$' <<< ${URL}` DIR_NAME=`sed -e 's/-[^-]*$//' <<< ${ZIP_FILENAME}` @@ -94,11 +97,24 @@ echo "OK" echo "* validating signatures and checksums ... " echo -n " * PGP signature ... " -[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature from "Stephen Mallette <spmalle...@apache.org>"$'` -eq 1 ] || \ -[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature from "Marko Rodriguez <ok...@apache.org>"$'` -eq 1 ] || \ -[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature from "Theodore Ratte Wilmes (CODE SIGNING KEY) <twil...@apache.org>"'` -eq 1 ] || \ -[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature from "Jason Plurad (CODE SIGNING KEY) <plur...@apache.org>"'` -eq 1 ] || \ -{ echo "failed"; exit 1; } +gpg --verify ${ZIP_FILENAME}.asc ${ZIP_FILENAME} > ${TMP_DIR}/.verify 2>&1 + +verified=0 + +for committer in ${COMMITTERS[@]} +do + if [[ `grep -F ${committer} ${TMP_DIR}/.verify` ]]; then + fp=$(cat ${TMP_DIR}/.committers | grep "id='${committer}'" | grep -Po '(?<=>)[A-Z0-9 ]*(?=<)' 2> /dev/null) + if [ ! -z "${fp}" ]; then + if [[ `grep -F "${fp}" ${TMP_DIR}/.verify` ]]; then + verified=1 + fi + fi + fi + [ ${verified} -eq 1 ] && break +done + +[ ${verified} -eq 1 ] || { echo "failed"; exit 1; } echo "OK" echo -n " * MD5 checksum ... "