saintstack commented on a change in pull request #1620:
URL: https://github.com/apache/hbase/pull/1620#discussion_r418643409



##########
File path: dev-support/create-release/do-release-docker.sh
##########
@@ -102,12 +102,26 @@ if [ -d "$WORKDIR/output" ]; then
   fi
 fi
 
+if [ -f "${WORKDIR}/gpg-proxy.ssh.pid" ] || \
+   [ -f "${WORKDIR}/gpg-proxy.cid" ] || \
+   [ -f "${WORKDIR}/release.cid" ]; then
+  read -r -p "container/pid files from prior run exists. Overwrite and 
continue? [y/n] " ANSWER
+  if [ "$ANSWER" != "y" ]; then
+    error "Exiting."
+  fi
+fi
+
 cd "$WORKDIR"
 rm -rf "$WORKDIR/output"
+rm -rf "${WORKDIR}/gpg-proxy.ssh.pid" "${WORKDIR}/gpg-proxy.cid" 
"${WORKDIR}/release.cid"

Review comment:
       Move to a trap/signal handler? Follow-on.

##########
File path: dev-support/create-release/do-release-docker.sh
##########
@@ -102,12 +102,26 @@ if [ -d "$WORKDIR/output" ]; then
   fi
 fi
 
+if [ -f "${WORKDIR}/gpg-proxy.ssh.pid" ] || \
+   [ -f "${WORKDIR}/gpg-proxy.cid" ] || \
+   [ -f "${WORKDIR}/release.cid" ]; then
+  read -r -p "container/pid files from prior run exists. Overwrite and 
continue? [y/n] " ANSWER
+  if [ "$ANSWER" != "y" ]; then
+    error "Exiting."
+  fi
+fi
+
 cd "$WORKDIR"
 rm -rf "$WORKDIR/output"
+rm -rf "${WORKDIR}/gpg-proxy.ssh.pid" "${WORKDIR}/gpg-proxy.cid" 
"${WORKDIR}/release.cid"

Review comment:
       All these clean ups should be in a cleanup handler... Not your issue.

##########
File path: dev-support/create-release/do-release-docker.sh
##########
@@ -102,12 +102,26 @@ if [ -d "$WORKDIR/output" ]; then
   fi
 fi
 
+if [ -f "${WORKDIR}/gpg-proxy.ssh.pid" ] || \
+   [ -f "${WORKDIR}/gpg-proxy.cid" ] || \
+   [ -f "${WORKDIR}/release.cid" ]; then
+  read -r -p "container/pid files from prior run exists. Overwrite and 
continue? [y/n] " ANSWER
+  if [ "$ANSWER" != "y" ]; then
+    error "Exiting."
+  fi
+fi
+
 cd "$WORKDIR"
 rm -rf "$WORKDIR/output"
+rm -rf "${WORKDIR}/gpg-proxy.ssh.pid" "${WORKDIR}/gpg-proxy.cid" 
"${WORKDIR}/release.cid"

Review comment:
       Hows this relate to the below nice cleanup function?

##########
File path: dev-support/create-release/do-release-docker.sh
##########
@@ -151,21 +200,53 @@ GIT_NAME=$GIT_NAME
 GIT_EMAIL=$GIT_EMAIL
 GPG_KEY=$GPG_KEY
 ASF_PASSWORD=$ASF_PASSWORD
-GPG_PASSPHRASE=$GPG_PASSPHRASE
 RELEASE_STEP=$RELEASE_STEP
 RELEASE_STEP=$RELEASE_STEP
 API_DIFF_TAG=$API_DIFF_TAG
 EOF
 
-JAVA_VOL=
+JAVA_MOUNT=()
 if [ -n "$JAVA" ]; then
   echo "JAVA_HOME=/opt/hbase-java" >> "$ENVFILE"
-  JAVA_VOL="--volume $JAVA:/opt/hbase-java"
+  JAVA_MOUNT=(--mount "type=bind,src=${JAVA},dest=/opt/hbase-java,readonly")
+fi
+
+GPG_PROXY_MOUNT=()
+if [ "${HOST_OS}" == "DARWIN" ]; then
+  GPG_PROXY_MOUNT=(--mount 
"type=volume,src=gpgagent,dst=/home/${USER}/.gnupg/")
+  echo "Setting up GPG agent proxy container needed on OS X."
+  echo "       we should clean this up for you. If that fails the container ID 
is below and in " \
+      "gpg-proxy.cid"
+  #TODO the key pair used should be configurable
+  docker run --rm -p 62222:22 \
+     --detach --cidfile "${WORKDIR}/gpg-proxy.cid" \
+     --mount \
+     
"type=bind,src=${HOME}/.ssh/id_rsa.pub,dst=/home/${USER}/.ssh/authorized_keys,readonly"
 \
+     "${GPG_PROXY_MOUNT[@]}" \
+     "org.apache.hbase/gpg-agent-proxy:${IMGTAG}"
+  echo "Launching ssh reverse tunnel from the container to gpg agent."
+  echo "       we should clean this up for you. If that fails the PID is in 
gpg-proxy.ssh.pid"
+  ssh -p 62222 -R "/home/${USER}/.gnupg/S.gpg-agent:$(gpgconf --list-dir 
agent-extra-socket)" \
+      -i "${HOME}/.ssh/id_rsa" -N -n localhost &
+  echo $! > "${WORKDIR}/gpg-proxy.ssh.pid"
+else
+  # TODO this presumes we are still trying to make a local gpg-agent available 
to the container.
+  #      add an option so that we can run the buid on a remote machine and get 
the forwarded
+  #      gpg-agent in the container. Should look like the side-car container 
mount above.
+  #      it is important not to do that for a local linux agent because we 
only want the container
+  #      to get access to the restricted extra socket on our local gpg-agent.
+  GPG_PROXY_MOUNT=(--mount \
+      "type=bind,src=$(gpgconf --list-dir 
agent-extra-socket),dst=/home/${USER}/.gnupg/S.gpg-agent")

Review comment:
       my head hurts

##########
File path: dev-support/create-release/release-build.sh
##########
@@ -79,17 +78,7 @@ if [[ -z "$ASF_PASSWORD" ]]; then
   stty -echo && printf "ASF password: " && read ASF_PASSWORD && printf '\n' && 
stty echo
 fi
 
-# Read in the GPG passphrase
-if [[ -z "$GPG_PASSPHRASE" ]]; then
-  echo 'The environment variable GPG_PASSPHRASE is not set. Enter the 
passphrase to'
-  echo 'unlock the GPG signing key that will be used to sign the release!'
-  echo
-  stty -echo && printf "GPG passphrase: " && read GPG_PASSPHRASE && printf 
'\n' && stty echo
-  export GPG_PASSPHRASE
-  export GPG_TTY=$(tty)
-fi
-
-for env in ASF_USERNAME GPG_PASSPHRASE GPG_KEY; do

Review comment:
       This is gone because require agent?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Reply via email to