# HG changeset patch # User Matt Johnston # Date 1648095727 -28800 # Node ID 6110afb6f581d47ad00b19909a11017bd941af17 # Parent ab9c5467970d3b9f80bdda6e5af497c036fd4a29 Add release.sh --testrel, github action This makes github actions create a tarball sha256sum for comparison. The release.sh script now works in a git repository too. diff -r ab9c5467970d -r 6110afb6f581 .github/workflows/tarball.yml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/.github/workflows/tarball.yml Thu Mar 24 12:22:07 2022 +0800 @@ -0,0 +1,36 @@ +name: tarball sha256sum +on: + push: + branches: + - master +jobs: + tarball: + runs-on: 'ubuntu-20.04' + + steps: + - uses: actions/checkout@v2 + + - name: release.sh + run: ./release.sh --testrel | tee log1.txt + + - name: extract output + run: | + grep ^SHA256 log1.txt > sha256sum.txt + sed 's/.*= *//' < sha256sum.txt > hash.txt + mv `tail -n1 log1.txt` rel.tar.bz2 + + - name: sha256sum + uses: actions/upload-artifact@v3 + with: + name: sha256sum + path: | + sha256sum.txt + hash.txt + + - name: tarball + # only keep for debugging + retention-days: 3 + uses: actions/upload-artifact@v3 + with: + name: tarball + path: rel.tar.bz2 diff -r ab9c5467970d -r 6110afb6f581 release.sh --- a/release.sh Wed Mar 23 21:55:33 2022 +0800 +++ b/release.sh Thu Mar 24 12:22:07 2022 +0800 @@ -2,18 +2,38 @@ set -e -VERSION=$(echo '#include "sysoptions.h"\necho DROPBEAR_VERSION' | cpp - | sh) -echo Releasing version "$VERSION" ... -if ! head -n1 CHANGES | grep -q $VERSION ; then - echo "CHANGES needs updating" - exit 1 +if [ "$1" = '--testrel' ]; then + # --testrel won't check changelog version correctness and will build in a temporary dir + TESTREL=1 +else + TESTREL=0 fi -if ! head -n1 debian/changelog | grep -q $VERSION ; then - echo "debian/changelog needs updating" - exit 1 +VERSION=$(echo '#include "default_options.h"\n#include "sysoptions.h"\necho DROPBEAR_VERSION' | cpp -DHAVE_CRYPT - | sh) + +if [ $TESTREL -eq 1 ]; then + echo Making test tarball for "$VERSION" ... + echo Not checking version mismatches. + WORKDIR=$(mktemp -d) + TARSUFFIX="-testrel" +else + echo Releasing version "$VERSION" ... + if ! head -n1 CHANGES | grep -q $VERSION ; then + echo "CHANGES needs updating" + exit 1 + fi + + if ! head -n1 debian/changelog | grep -q $VERSION ; then + echo "debian/changelog needs updating" + exit 1 + fi + WORKDIR=$PWD/.. + TARSUFFIX="" fi +RELDIR=$WORKDIR/dropbear-$VERSION +ARCHIVE=${RELDIR}${TARSUFFIX}.tar.bz2 + head -n1 CHANGES if tar --version | grep -q 'GNU tar'; then @@ -22,8 +42,6 @@ TAR=gtar fi -RELDIR=$PWD/../dropbear-$VERSION -ARCHIVE=${RELDIR}.tar.bz2 if test -e $RELDIR; then echo "$RELDIR exists" exit 1 @@ -34,11 +52,18 @@ exit 1 fi -hg archive "$RELDIR" || exit 2 +if [ -d .hg ]; then + hg archive "$RELDIR" || exit 2 + # .hg_archival.txt seems to differ between hg versions, isn't good for reproducibility + rm "$RELDIR/.hg_archival.txt" +elif [ -d .git ]; then + git -c tar.umask=0022 archive --format tar -o /dev/stdout --prefix=dropbear-$VERSION/ HEAD | tar xf - -C $WORKDIR || exit 2 +else + echo "This isn't a hg or git checkout" + exit 1 +fi -rm "$RELDIR/.hgtags" -# .hg_archival.txt seems to differ between hg versions, isn't good for reproducibility -rm "$RELDIR/.hg_archival.txt" +chmod -R a+rX $RELDIR RELDATE=$(head -n1 CHANGES | cut -d - -f 2) # timezone keeps it consistent, choose a plausible release time @@ -52,5 +77,8 @@ openssl sha256 $ARCHIVE echo Done to echo "$ARCHIVE" -echo Sign it with -echo gpg2 --detach-sign -a -u F29C6773 "$ARCHIVE" + +if [ $TESTREL -eq 0 ]; then + echo Sign it with + echo gpg2 --detach-sign -a -u F29C6773 "$ARCHIVE" +fi