saintstack commented on a change in pull request #1620:
URL: https://github.com/apache/hbase/pull/1620#discussion_r418643409
##########
File path: dev-support/create-release/do-release-docker.sh
##########
@@ -102,12 +102,26 @@ if [ -d "$WORKDIR/output" ]; then
fi
fi
+if [ -f "${WORKDIR}/gpg-proxy.ssh.pid" ] || \
+ [ -f "${WORKDIR}/gpg-proxy.cid" ] || \
+ [ -f "${WORKDIR}/release.cid" ]; then
+ read -r -p "container/pid files from prior run exists. Overwrite and
continue? [y/n] " ANSWER
+ if [ "$ANSWER" != "y" ]; then
+ error "Exiting."
+ fi
+fi
+
cd "$WORKDIR"
rm -rf "$WORKDIR/output"
+rm -rf "${WORKDIR}/gpg-proxy.ssh.pid" "${WORKDIR}/gpg-proxy.cid"
"${WORKDIR}/release.cid"
Review comment:
Move to a trap/signal handler? Follow-on.
##########
File path: dev-support/create-release/do-release-docker.sh
##########
@@ -102,12 +102,26 @@ if [ -d "$WORKDIR/output" ]; then
fi
fi
+if [ -f "${WORKDIR}/gpg-proxy.ssh.pid" ] || \
+ [ -f "${WORKDIR}/gpg-proxy.cid" ] || \
+ [ -f "${WORKDIR}/release.cid" ]; then
+ read -r -p "container/pid files from prior run exists. Overwrite and
continue? [y/n] " ANSWER
+ if [ "$ANSWER" != "y" ]; then
+ error "Exiting."
+ fi
+fi
+
cd "$WORKDIR"
rm -rf "$WORKDIR/output"
+rm -rf "${WORKDIR}/gpg-proxy.ssh.pid" "${WORKDIR}/gpg-proxy.cid"
"${WORKDIR}/release.cid"
Review comment:
All these clean ups should be in a cleanup handler... Not your issue.
##########
File path: dev-support/create-release/do-release-docker.sh
##########
@@ -102,12 +102,26 @@ if [ -d "$WORKDIR/output" ]; then
fi
fi
+if [ -f "${WORKDIR}/gpg-proxy.ssh.pid" ] || \
+ [ -f "${WORKDIR}/gpg-proxy.cid" ] || \
+ [ -f "${WORKDIR}/release.cid" ]; then
+ read -r -p "container/pid files from prior run exists. Overwrite and
continue? [y/n] " ANSWER
+ if [ "$ANSWER" != "y" ]; then
+ error "Exiting."
+ fi
+fi
+
cd "$WORKDIR"
rm -rf "$WORKDIR/output"
+rm -rf "${WORKDIR}/gpg-proxy.ssh.pid" "${WORKDIR}/gpg-proxy.cid"
"${WORKDIR}/release.cid"
Review comment:
Hows this relate to the below nice cleanup function?
##########
File path: dev-support/create-release/do-release-docker.sh
##########
@@ -151,21 +200,53 @@ GIT_NAME=$GIT_NAME
GIT_EMAIL=$GIT_EMAIL
GPG_KEY=$GPG_KEY
ASF_PASSWORD=$ASF_PASSWORD
-GPG_PASSPHRASE=$GPG_PASSPHRASE
RELEASE_STEP=$RELEASE_STEP
RELEASE_STEP=$RELEASE_STEP
API_DIFF_TAG=$API_DIFF_TAG
EOF
-JAVA_VOL=
+JAVA_MOUNT=()
if [ -n "$JAVA" ]; then
echo "JAVA_HOME=/opt/hbase-java" >> "$ENVFILE"
- JAVA_VOL="--volume $JAVA:/opt/hbase-java"
+ JAVA_MOUNT=(--mount "type=bind,src=${JAVA},dest=/opt/hbase-java,readonly")
+fi
+
+GPG_PROXY_MOUNT=()
+if [ "${HOST_OS}" == "DARWIN" ]; then
+ GPG_PROXY_MOUNT=(--mount
"type=volume,src=gpgagent,dst=/home/${USER}/.gnupg/")
+ echo "Setting up GPG agent proxy container needed on OS X."
+ echo " we should clean this up for you. If that fails the container ID
is below and in " \
+ "gpg-proxy.cid"
+ #TODO the key pair used should be configurable
+ docker run --rm -p 62222:22 \
+ --detach --cidfile "${WORKDIR}/gpg-proxy.cid" \
+ --mount \
+
"type=bind,src=${HOME}/.ssh/id_rsa.pub,dst=/home/${USER}/.ssh/authorized_keys,readonly"
\
+ "${GPG_PROXY_MOUNT[@]}" \
+ "org.apache.hbase/gpg-agent-proxy:${IMGTAG}"
+ echo "Launching ssh reverse tunnel from the container to gpg agent."
+ echo " we should clean this up for you. If that fails the PID is in
gpg-proxy.ssh.pid"
+ ssh -p 62222 -R "/home/${USER}/.gnupg/S.gpg-agent:$(gpgconf --list-dir
agent-extra-socket)" \
+ -i "${HOME}/.ssh/id_rsa" -N -n localhost &
+ echo $! > "${WORKDIR}/gpg-proxy.ssh.pid"
+else
+ # TODO this presumes we are still trying to make a local gpg-agent available
to the container.
+ # add an option so that we can run the buid on a remote machine and get
the forwarded
+ # gpg-agent in the container. Should look like the side-car container
mount above.
+ # it is important not to do that for a local linux agent because we
only want the container
+ # to get access to the restricted extra socket on our local gpg-agent.
+ GPG_PROXY_MOUNT=(--mount \
+ "type=bind,src=$(gpgconf --list-dir
agent-extra-socket),dst=/home/${USER}/.gnupg/S.gpg-agent")
Review comment:
my head hurts
##########
File path: dev-support/create-release/release-build.sh
##########
@@ -79,17 +78,7 @@ if [[ -z "$ASF_PASSWORD" ]]; then
stty -echo && printf "ASF password: " && read ASF_PASSWORD && printf '\n' &&
stty echo
fi
-# Read in the GPG passphrase
-if [[ -z "$GPG_PASSPHRASE" ]]; then
- echo 'The environment variable GPG_PASSPHRASE is not set. Enter the
passphrase to'
- echo 'unlock the GPG signing key that will be used to sign the release!'
- echo
- stty -echo && printf "GPG passphrase: " && read GPG_PASSPHRASE && printf
'\n' && stty echo
- export GPG_PASSPHRASE
- export GPG_TTY=$(tty)
-fi
-
-for env in ASF_USERNAME GPG_PASSPHRASE GPG_KEY; do
Review comment:
This is gone because require agent?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
