From c15d3fbb529ef31cfdee0f8855bf2a3b3382af94 Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Mon, 22 Apr 2019 15:32:34 -0700 Subject: Write script to build source package --- BUILD.md | 34 ++------------------- install/build_source.sh | 81 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+), 31 deletions(-) create mode 100755 install/build_source.sh diff --git a/BUILD.md b/BUILD.md index 209ce4f8..d078da9b 100644 --- a/BUILD.md +++ b/BUILD.md @@ -376,39 +376,11 @@ onionshare-$VERSION-setup.exe onionshare-$VERSION-setup.exe.asc ``` -## Make a source release +## Source package -Make a fresh clone of the git repo: +To make a source package, run `./install/build_source.sh $TAG`, where `$TAG` is the the name of the signed git tag, e.g. `v2.1`. -``` -cd ~/tmp -git clone https://github.com/micahflee/onionshare.git -``` - -Verify the git tag, and if it verifies check it out: - -``` -cd onionshare -git tag -v v$VERSION -# (make sure tag verifies!!!) -git checkout v$VERSION -``` - -Delete the `.git` folder and compress: - -``` -cd .. -rm -rf onionshare/.git -tar -cf onionshare-$VERSION.tar.gz onionshare/ -``` - -PGP-sign the source package: - -``` -gpg -a --detach-sign onionshare-$VERSION.tar.gz -``` - -This process ends up with two final files: +This process ends up with two final files in `dist`: ``` onionshare-$VERSION.tar.gz diff --git a/install/build_source.sh b/install/build_source.sh new file mode 100755 index 00000000..d7f48722 --- /dev/null +++ b/install/build_source.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +# The script builds a source package +# See https://github.com/micahflee/onionshare/blob/develop/BUILD.md#source-package + +# Usage +display_usage() { + echo "Usage: $0 [tag]" +} + +if [ $# -lt 1 ] +then + display_usage + exit 1 +fi + +# Input validation +TAG=$1 + +if [ "${TAG:0:1}" != "v" ] +then + echo "Tag must start with 'v' character" + exit 1 +fi + +VERSION=${TAG:1} + +# Make sure tag exists +git tag | grep "^$TAG\$" +if [ $? -ne 0 ] +then + echo "Tag does not exist" + exit 1 +fi + +# Clone source +mkdir -p build/source +mkdir -p dist +cd build/source +git clone https://github.com/micahflee/onionshare.git +cd onionshare + +# Verify tag +git tag -v $TAG 2> ../verify.txt +if [ $? -ne 0 ] +then + echo "Tag does not verify" + exit 1 +fi +cat ../verify.txt |grep "using RSA key 927F419D7EC82C2F149C1BD1403C2657CD994F73" +if [ $? -ne 0 ] +then + echo "Tag signed with wrong key" + exit 1 +fi +cat ../verify.txt |grep "^gpg: Good signature from" +if [ $? -ne 0 ] +then + echo "Tag verification missing 'Good signature from'" + exit 1 +fi + +# Checkout code +git checkout $TAG + +# Delete .git, compress, and PGP sign +cd .. +rm -rf onionshare/.git +tar -cf onionshare-$VERSION.tar.gz onionshare/ +gpg -a --detach-sign onionshare-$VERSION.tar.gz + +# Move source package to dist +cd ../.. +mv build/source/onionshare-$VERSION.tar.gz dist +mv build/source/onionshare-$VERSION.tar.gz.asc dist + +# Clean up +rm -rf build/source/onionshare +rm build/source/verify.txt + +echo "Source package complete, files are in dist" -- cgit v1.2.3-54-g00ecf