mirror of https://github.com/lukechilds/node.git
Browse Source
PR-URL: https://github.com/nodejs/node/pull/3965 Reviewed-By: Alexis Campailla <orangemocha@nodejs.org> Reviewed-By: Johan Bergström <bugs@bergstroem.nu>v0.10
Rod Vagg
9 years ago
1 changed files with 196 additions and 0 deletions
@ -0,0 +1,196 @@ |
|||
#!/usr/bin/env bash |
|||
|
|||
# To promote and sign a release that has been prepared by the build slaves, use: |
|||
# release.sh |
|||
|
|||
# To _only_ sign an existing release, use: |
|||
# release.sh -s vx.y.z |
|||
|
|||
set -e |
|||
|
|||
webhost=direct.nodejs.org |
|||
webuser=dist |
|||
promotablecmd=dist-promotable |
|||
promotecmd=dist-promote |
|||
signcmd=dist-sign |
|||
|
|||
|
|||
################################################################################ |
|||
## Select a GPG key to use |
|||
|
|||
echo "# Selecting GPG key ..." |
|||
|
|||
gpgkey=$(gpg --list-secret-keys | grep '^sec' | awk -F'( +|/)' '{print $3}') |
|||
keycount=$(echo $gpgkey | wc -w) |
|||
|
|||
if [ $keycount -eq 0 ]; then |
|||
echo 'Need at least one GPG key, please make one with `gpg --gen-key`' |
|||
echo 'You will also need to submit your key to a public keyserver, e.g.' |
|||
echo ' https://sks-keyservers.net/i/#submit' |
|||
exit 1 |
|||
elif [ $keycount -ne 1 ]; then |
|||
echo -e 'You have multiple GPG keys:\n' |
|||
|
|||
gpg --list-secret-keys |
|||
|
|||
while true; do |
|||
echo $gpgkey | awk '{ for(i = 1; i <= NF; i++) { print i ") " $i; } }' |
|||
echo -n 'Select a key: ' |
|||
read keynum |
|||
|
|||
if $(test "$keynum" -eq "$keynum" > /dev/null 2>&1); then |
|||
_gpgkey=$(echo $gpgkey | awk '{ print $'${keynum}'}') |
|||
keycount=$(echo $_gpgkey | wc -w) |
|||
if [ $keycount -eq 1 ]; then |
|||
echo "" |
|||
gpgkey=$_gpgkey |
|||
break |
|||
fi |
|||
fi |
|||
done |
|||
fi |
|||
|
|||
gpgfing=$(gpg --fingerprint $gpgkey | grep 'Key fingerprint =' | awk -F' = ' '{print $2}' | tr -d ' ') |
|||
|
|||
if ! test "$(grep $gpgfing README.md)"; then |
|||
echo 'Error: this GPG key fingerprint is not listed in ./README.md' |
|||
exit 1 |
|||
fi |
|||
|
|||
echo "Using GPG key: $gpgkey" |
|||
echo " Fingerprint: $gpgfing" |
|||
|
|||
|
|||
################################################################################ |
|||
## Create and sign checksums file for a given version |
|||
|
|||
function sign { |
|||
echo -e "\n# Creating SHASUMS256.txt ..." |
|||
|
|||
local version=$1 |
|||
|
|||
gpgtagkey=$(git tag -v $version 2>&1 | grep 'key ID' | awk '{print $NF}') |
|||
|
|||
if [ "X${gpgtagkey}" == "X" ]; then |
|||
echo "Could not find signed tag for \"${version}\"" |
|||
exit 1 |
|||
fi |
|||
|
|||
if [ "${gpgtagkey}" != "${gpgkey}" ]; then |
|||
echo "GPG key for \"${version}\" tag is not yours, cannot sign" |
|||
fi |
|||
|
|||
shapath=$(ssh ${webuser}@${webhost} $signcmd nodejs $version) |
|||
|
|||
if ! [[ ${shapath} =~ ^/.+/SHASUMS256.txt$ ]]; then |
|||
echo 'Error: No SHASUMS file returned by sign!' |
|||
exit 1 |
|||
fi |
|||
|
|||
echo -e "\n# Signing SHASUMS for ${version}..." |
|||
|
|||
shadir=$(dirname $shapath) |
|||
tmpdir="/tmp/_node_release.$$" |
|||
|
|||
mkdir -p $tmpdir |
|||
|
|||
scp ${webuser}@${webhost}:${shadir}/SHASUMS*.txt ${tmpdir}/ |
|||
|
|||
for i in $(ls ${tmpdir}/SHASUMS*.txt); do |
|||
echo "Signing $i..." |
|||
gpg --default-key $gpgkey --clearsign ${i} |
|||
if [[ $version =~ ^v[0] ]]; then |
|||
echo "Encrpting $i..." |
|||
gpg --default-key $gpgkey -s ${i} |
|||
fi |
|||
done |
|||
|
|||
echo "Wrote to ${tmpdir}/" |
|||
|
|||
echo -e "Your signed SHASUMS256.txt.asc:\n" |
|||
|
|||
cat ${tmpdir}/SHASUMS256.txt.asc |
|||
|
|||
echo "" |
|||
|
|||
while true; do |
|||
echo -n "Upload files? [y/n] " |
|||
yorn="" |
|||
read yorn |
|||
|
|||
if [ "X${yorn}" == "Xn" ]; then |
|||
break |
|||
fi |
|||
|
|||
if [ "X${yorn}" == "Xy" ]; then |
|||
if [[ $version =~ ^v[0] ]]; then |
|||
scp ${tmpdir}/SHASUMS* ${webuser}@${webhost}:${shadir}/ |
|||
else |
|||
scp ${tmpdir}/SHASUMS256.txt ${tmpdir}/SHASUMS256.txt.asc ${webuser}@${webhost}:${shadir}/ |
|||
fi |
|||
break |
|||
fi |
|||
done |
|||
|
|||
rm -rf $tmpdir |
|||
} |
|||
|
|||
|
|||
if [ "X${1}" == "X-s" ]; then |
|||
if [ "X${2}" == "X" ]; then |
|||
echo "Please supply a version string to sign" |
|||
exit 1 |
|||
fi |
|||
|
|||
sign $2 |
|||
exit 0 |
|||
fi |
|||
|
|||
|
|||
# else: do a normal release & promote |
|||
|
|||
################################################################################ |
|||
## Look for releases to promote |
|||
|
|||
echo -e "\n# Checking for releases ..." |
|||
|
|||
promotable=$(ssh ${webuser}@${webhost} $promotablecmd nodejs) |
|||
|
|||
if [ "X${promotable}" == "X" ]; then |
|||
echo "No releases to promote!" |
|||
exit 0 |
|||
fi |
|||
|
|||
echo -e "Found the following releases / builds ready to promote:\n" |
|||
echo "$promotable" | sed 's/^/ * /' |
|||
echo "" |
|||
|
|||
versions=$(echo "$promotable" | cut -d: -f1) |
|||
|
|||
################################################################################ |
|||
## Promote releases |
|||
|
|||
for version in $versions; do |
|||
while true; do |
|||
files=$(echo "$promotable" | grep "^${version}" | sed 's/^'${version}': //') |
|||
echo -n "Promote ${version} files (${files})? [y/n] " |
|||
yorn="" |
|||
read yorn |
|||
|
|||
if [ "X${yorn}" == "Xn" ]; then |
|||
break |
|||
fi |
|||
|
|||
if [ "X${yorn}" != "Xy" ]; then |
|||
continue |
|||
fi |
|||
|
|||
echo -e "\n# Promoting ${version}..." |
|||
|
|||
ssh ${webuser}@${webhost} $promotecmd nodejs $version |
|||
|
|||
sign $version |
|||
|
|||
break |
|||
done |
|||
done |
|||
Loading…
Reference in new issue