Mercurial > dropbear
annotate release.sh @ 1861:2b3a8026a6ce
Add re-exec for server
This allows ASLR to re-randomize the address
space for every connection, preventing some
vulnerabilities from being exploitable by
repeated probing.
Overhead (memory and time) is yet to be confirmed.
At present this is only enabled on Linux. Other BSD platforms
with fexecve() would probably also work though have not been tested.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 30 Jan 2022 10:14:56 +0800 |
| parents | 209711833f15 |
| children | 6110afb6f581 |
| rev | line source |
|---|---|
|
948
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 #!/bin/sh |
|
1812
552bb9b4f16a
Make releases tarballs more deterministic
Matt Johnston <matt@ucc.asn.au>
parents:
1720
diff
changeset
|
2 |
|
552bb9b4f16a
Make releases tarballs more deterministic
Matt Johnston <matt@ucc.asn.au>
parents:
1720
diff
changeset
|
3 set -e |
|
552bb9b4f16a
Make releases tarballs more deterministic
Matt Johnston <matt@ucc.asn.au>
parents:
1720
diff
changeset
|
4 |
|
948
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 VERSION=$(echo '#include "sysoptions.h"\necho DROPBEAR_VERSION' | cpp - | sh) |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 echo Releasing version "$VERSION" ... |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 if ! head -n1 CHANGES | grep -q $VERSION ; then |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 echo "CHANGES needs updating" |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 exit 1 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 fi |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 if ! head -n1 debian/changelog | grep -q $VERSION ; then |
| 1007 | 13 echo "debian/changelog needs updating" |
|
948
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 exit 1 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 fi |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 head -n1 CHANGES |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 |
|
1812
552bb9b4f16a
Make releases tarballs more deterministic
Matt Johnston <matt@ucc.asn.au>
parents:
1720
diff
changeset
|
19 if tar --version | grep -q 'GNU tar'; then |
|
552bb9b4f16a
Make releases tarballs more deterministic
Matt Johnston <matt@ucc.asn.au>
parents:
1720
diff
changeset
|
20 TAR=tar |
|
552bb9b4f16a
Make releases tarballs more deterministic
Matt Johnston <matt@ucc.asn.au>
parents:
1720
diff
changeset
|
21 else |
|
552bb9b4f16a
Make releases tarballs more deterministic
Matt Johnston <matt@ucc.asn.au>
parents:
1720
diff
changeset
|
22 TAR=gtar |
|
552bb9b4f16a
Make releases tarballs more deterministic
Matt Johnston <matt@ucc.asn.au>
parents:
1720
diff
changeset
|
23 fi |
|
948
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 RELDIR=$PWD/../dropbear-$VERSION |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 ARCHIVE=${RELDIR}.tar.bz2 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 if test -e $RELDIR; then |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 echo "$RELDIR exists" |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 exit 1 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 fi |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 if test -e $ARCHIVE; then |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 echo "$ARCHIVE exists" |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 exit 1 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 fi |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 hg archive "$RELDIR" || exit 2 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 |
|
1137
40434003bd96
remove .hgtags from release
Matt Johnston <matt@ucc.asn.au>
parents:
1010
diff
changeset
|
39 rm "$RELDIR/.hgtags" |
|
1817
209711833f15
Don't include .hg_archival.txt in tarballs. They're now reproducible.
Matt Johnston <matt@ucc.asn.au>
parents:
1814
diff
changeset
|
40 # .hg_archival.txt seems to differ between hg versions, isn't good for reproducibility |
|
209711833f15
Don't include .hg_archival.txt in tarballs. They're now reproducible.
Matt Johnston <matt@ucc.asn.au>
parents:
1814
diff
changeset
|
41 rm "$RELDIR/.hg_archival.txt" |
|
1137
40434003bd96
remove .hgtags from release
Matt Johnston <matt@ucc.asn.au>
parents:
1010
diff
changeset
|
42 |
|
1812
552bb9b4f16a
Make releases tarballs more deterministic
Matt Johnston <matt@ucc.asn.au>
parents:
1720
diff
changeset
|
43 RELDATE=$(head -n1 CHANGES | cut -d - -f 2) |
|
1814
f78e67527731
Add configure script to version control. Set timezone for release tarball
Matt Johnston <matt@ucc.asn.au>
parents:
1812
diff
changeset
|
44 # timezone keeps it consistent, choose a plausible release time |
|
f78e67527731
Add configure script to version control. Set timezone for release tarball
Matt Johnston <matt@ucc.asn.au>
parents:
1812
diff
changeset
|
45 RELTIME="22:30:00 +0800" |
|
1812
552bb9b4f16a
Make releases tarballs more deterministic
Matt Johnston <matt@ucc.asn.au>
parents:
1720
diff
changeset
|
46 |
|
552bb9b4f16a
Make releases tarballs more deterministic
Matt Johnston <matt@ucc.asn.au>
parents:
1720
diff
changeset
|
47 # from https://reproducible-builds.org/docs/archives/ |
|
552bb9b4f16a
Make releases tarballs more deterministic
Matt Johnston <matt@ucc.asn.au>
parents:
1720
diff
changeset
|
48 TAROPTS="--sort=name --owner=0 --group=0 --numeric-owner" |
|
1814
f78e67527731
Add configure script to version control. Set timezone for release tarball
Matt Johnston <matt@ucc.asn.au>
parents:
1812
diff
changeset
|
49 (cd "$RELDIR/.." && $TAR cjf $ARCHIVE $TAROPTS --mtime="$RELDATE $RELTIME" `basename "$RELDIR"`) || exit 2 |
|
948
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 ls -l $ARCHIVE |
| 1645 | 52 openssl sha256 $ARCHIVE |
|
1183
d10468395a49
release.sh reminds how to sign
Matt Johnston <matt@ucc.asn.au>
parents:
1137
diff
changeset
|
53 echo Done to |
|
d10468395a49
release.sh reminds how to sign
Matt Johnston <matt@ucc.asn.au>
parents:
1137
diff
changeset
|
54 echo "$ARCHIVE" |
|
d10468395a49
release.sh reminds how to sign
Matt Johnston <matt@ucc.asn.au>
parents:
1137
diff
changeset
|
55 echo Sign it with |
|
d10468395a49
release.sh reminds how to sign
Matt Johnston <matt@ucc.asn.au>
parents:
1137
diff
changeset
|
56 echo gpg2 --detach-sign -a -u F29C6773 "$ARCHIVE" |