Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2806#discussion_r198000745
--- Diff: dev-utilities/release-utilities/nifi-rc-check ---
@@ -0,0 +1,326 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+shopt -s nocasematch
+
+function print_help {
+ echo " "
+ echo "usage: ${0}"
+ echo " -v/--version=<version> The version of the Nifi release.
[Required]"
+ echo " -c/--candidate=<RC#> Defines the Release Candidate.
[Required]"
+ echo " -h/--help Usage information."
+ echo " "
+ echo "example: "
+ echo " nifi-rc-check --version=1.6.0 --candidate=RC2"
+ echo " "
+}
+
+print_section_header() {
+ echo
+ echo ----------------------------------------------
+ echo
+ echo "$@"
+ echo
+ echo ----------------------------------------------
+ echo
+}
+
+print_section_item() {
+ echo
+ echo "-----> $@"
+ echo
+}
+
+print_item() {
+ echo
+ echo "$@"
+ echo
+}
+
+print_error() {
+ echo
+ echo "ERROR !!!!!!"
+ echo ----------------------------------------------
+ echo
+ echo "$@"
+ echo
+ echo ----------------------------------------------
+ echo
+}
+
+NIFI_DEV_DIST="https://dist.apache.org/repos/dist/dev/nifi/";
+NIFI_DIST="https://www.apache.org/dist/nifi/";
+NIFI_NAME_LOWER="nifi";
+
+# print help, if the user just runs this without any args
+if [ "$#" -eq 0 ]; then
+ print_help
+ exit 1
+fi
+
+# handle command line options
+for i in "$@"; do
+ case ${i} in
+ #
+ # VERSION: The release version of Nifi to validate.
+ #
+ #
+ -v=*|--version=*)
+ VERSION="${i#*=}"
+ shift # past argument=value
+ ;;
+
+ #
+ # RC: Defines the RC# to use
+ #
+ # -c=RC2
+ # --candidate=RC2
+ #
+ -c=*|--candidate=*)
+ CANDIDATE="${i#*=}"
+ shift # past argument=value
+ ;;
+
+ #
+ # -h/--help
+ #
+ -h|--help)
+ help
+ exit 0
+ shift # past argument with no value
+ ;;
+
+ #
+ # Unknown option
+ #
+ *)
+ UNKNOWN_OPTION="${i#*=}"
+ echo "Error: unknown option: $UNKNOWN_OPTION"
+ help
+ ;;
+ esac
+done
+
+# validation
+if [ -z "$VERSION" ]; then
+ echo "Missing -v/--version is is required"
+ exit 1
+fi
+if [[ "$VERSION" =~ ^[0-9]{1,2}\.[0-9]{1,2}\.[0-9]{1,2} ]]; then
+ NIFI_VERSION="$VERSION"
+else
+ print_error "$VERSION may not be a valid version number"
+ exit 1
+fi
+
+if [ -z "$CANDIDATE" ]; then
+ echo "Missing -c/--candidate which is required"
+ exit 1
+fi
+
+if [[ "$CANDIDATE" =~ ^RC[0-9]+ ]]; then
+ RC=$(echo "$CANDIDATE" | tr '[:upper:]' '[:lower:]')
+ UPPER_RC=$(echo "$CANDIDATE" | tr '[:lower:]' '[:upper:]')
+elif [[ "$CANDIDATE" =~ ^[0-9]+ ]]; then
+ RC=rc"$CANDIDATE"
+ UPPER_RC=RC"$CANDIDATE"
+else
+ print_error "invalid RC, valid is RC# or just #"
+ exit 1
+fi
+
+print_section_header "Apache Nifi Version $NIFI_VERSION $UPPER_RC"
+
+NIFI_REL_RC="$NIFI_NAME_LOWER-$NIFI_VERSION-$UPPER_RC"
+
+NIFI_RC_DIST="$NIFI_DEV_DIST$NIFI_NAME_LOWER-$NIFI_VERSION/"
+print_item "Apache Nifi RC Distribution Root is $NIFI_RC_DIST"
+
+
+# working directory
+WORK="$HOME/tmp/nifi-release-$NIFI_VERSION"
+
+# handle tilde expansion
+WORK="${WORK/#\~/$HOME}"
+
+# warn the user if the working directory exists
+if [ -d "$WORK" ]; then
+ print_error "Directory $WORK exists, please rename it and start over"
+ exit 1
+fi
+
+if [ ! -d "$WORK" ]; then
+ mkdir -p "$WORK"
+fi
+print_item "Working directory is $WORK"
+
+print_section_header "Validation"
+
+KEYS="$NIFI_DEV_DIST/KEYS"
+LOCAL_ASSEMBLY="$NIFI_NAME_LOWER-$NIFI_VERSION-source-release.zip"
+NIFI_ASSEMBLY="$NIFI_RC_DIST$NIFI_NAME_LOWER-$NIFI_VERSION-source-release.zip"
+NIFI_ASSEMBLY_SIG="$NIFI_ASSEMBLY.asc"
+NIFI_ASSEMBLY_SHA1="$NIFI_ASSEMBLY.sha1"
+NIFI_ASSEMBLY_SHA256="$NIFI_ASSEMBLY.sha256"
+NIFI_ASSEMBLY_SHA512="$NIFI_ASSEMBLY.sha512"
+
+print_section_item "Downloading $KEYS"
+if ! wget -P "$WORK" "$KEYS" ; then
+ print_error "Failed to download $KEYS"
+ exit 1
+fi
+
+print_section_item "Downloading $NIFI_ASSEMBLY"
+if ! wget -P "$WORK" "$NIFI_ASSEMBLY" ; then
+ print_error "Failed to download $NIFI_ASSEMBLY"
+ exit 1
+fi
+print_section_item "Downloading $NIFI_ASSEMBLY_SIG"
+if ! wget -P "$WORK" "$NIFI_ASSEMBLY_SIG" ; then
+ print_error "Failed to download $NIFI_ASSEMBLY_SIG"
+ exit 1
+fi
+
+cd "$WORK" || exit 1
+print_section_item "importing nifi keys"
+
+if ! gpg --import KEYS ; then
+ print_error "failed to import KEYS"
+ exit 1
+fi
+
+print_section_item "Verifying Nifi Assembly"
+if ! gpg --verify ./"nifi-$NIFI_VERSION-source-release.zip.asc"
"nifi-$NIFI_VERSION-source-release.zip" ; then
+ print_error "failed to verify Nifi Assembly"
--- End diff --
This should use `gpg --verify -v ...` to ensure that the internal digest
algorithm being used for the signature is SHA-512.
---
