commit f1472e59d24945d3f05a740925a05c4bfac4ccc7 Author: Nicolas Vigier boklm@torproject.org Date: Mon Oct 20 18:35:50 2014 +0200
Update gitian/*.sh scripts for incremental mars
Running tools/update-responses/update-responses will generate incremental mar files in the gitian/$release directory.
hash-bundles.sh has been updated to exclude the incremental mars from sha256sums.txt and include them in sha256sums.incrementals.txt. Some makefile rules (hash, hash-alpha, hash-beta, hash-nightly) to run hash-bundles.sh have been added.
upload-signature.sh has been updated to sign and upload sha256sums.incrementals.txt if present.
check-match.sh has been updated to match sha256sums.incrementals.txt if present.
An 'incrementals' makefile rule has also been added to run the update_responses script to generate incremental mars. --- gitian/Makefile | 15 +++++++++++++++ gitian/check-match.sh | 44 ++++++++++++++++++++++++++++++++++++++++++-- gitian/hash-bundles.sh | 8 ++++++-- gitian/upload-signature.sh | 9 ++++++++- 4 files changed, 71 insertions(+), 5 deletions(-)
diff --git a/gitian/Makefile b/gitian/Makefile index 3967795..2c17656 100644 --- a/gitian/Makefile +++ b/gitian/Makefile @@ -32,6 +32,21 @@ build-beta: ./mkbundle-mac.sh versions.beta ./hash-bundles.sh versions.beta
+incrementals: + ../tools/update-responses/update_responses + +hash: + ./hash-bundles.sh versions + +hash-alpha: + ./hash-bundles.sh versions.alpha + +hash-beta: + ./hash-bundles.sh versions.beta + +hash-nightly: + ./hash-bundles.sh versions.nightly + sign: $(TORSOCKS) ./upload-signature.sh versions
diff --git a/gitian/check-match.sh b/gitian/check-match.sh index 09bf179..43d1ef1 100755 --- a/gitian/check-match.sh +++ b/gitian/check-match.sh @@ -26,6 +26,7 @@ fi . $VERSIONS_FILE
VALID="" +VALID_incrementals=""
for u in $USERS do @@ -49,14 +50,53 @@ do
VALID="$u $VALID" done +cd ../..
+if [ -f $TORBROWSER_VERSION/sha256sums.incrementals.txt ] +then + for u in $USERS + do + cd $WRAPPER_DIR + + # XXX: Is there a better way to store these and rename them? + mkdir -p $TORBROWSER_VERSION/$u + cd $TORBROWSER_VERSION/$u + + wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_VERSION/sha256sums.incrementals.txt || continue + wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_VERSION/sha256sums.incrementals.txt.asc || continue + + keyring="../../gpg/$u.gpg" + + # XXX: Remove this dir + gpghome=$(mktemp -d) + GNUPGHOME="$gpghome" gpg --import "$keyring" + GNUPGHOME="$gpghome" gpg sha256sums.incrementals.txt.asc || exit 1 + + diff -u ../sha256sums.incrementals.txt sha256sums.incrementals.txt || exit 1 + + VALID_incrementals="$u $VALID_incrementals" + done +fi +cd ../.. + +exit_val=0 if [ -z "$VALID" ]; then echo "No bundle hashes or sigs published for $TORBROWSER_VERSION." echo - exit 1 + exit_val=1 else echo "Matching bundles exist from the following users: $VALID" - exit 0 fi
+if [ -f $TORBROWSER_VERSION/sha256sums.incrementals.txt ] +then + if [ -z "$VALID_incrementals" ] + then + echo "No incremental mars hashes or sigs published for $TORBROWSER_VERSION." + else + echo "Matching incremental mars exist from the following users: $VALID_incrementals" + fi +fi + +exit $exit_val diff --git a/gitian/hash-bundles.sh b/gitian/hash-bundles.sh index 20a26d0..2684158 100755 --- a/gitian/hash-bundles.sh +++ b/gitian/hash-bundles.sh @@ -18,8 +18,12 @@ fi export LC_ALL=C
cd $TORBROWSER_VERSION -rm -f sha256sums.txt -sha256sum `ls -1 | sort` > sha256sums.txt +rm -f sha256sums.txt sha256sums.incrementals.txt +sha256sum `ls -1 | grep -v '.incremental.mar$' | sort` > sha256sums.txt +if ls -1 | grep -q '.incremental.mar$' +then + sha256sum `ls -1 | grep '.incremental.mar$' | sort` > sha256sums.incrementals.txt +fi
echo echo "If this is an official build, you should now sign your result with: " diff --git a/gitian/upload-signature.sh b/gitian/upload-signature.sh index ffb97fe..58059aa 100755 --- a/gitian/upload-signature.sh +++ b/gitian/upload-signature.sh @@ -28,7 +28,14 @@ then popd fi
+if [ -f $TORBROWSER_VERSION/sha256sums.incrementals.txt ] \ + && [ ! -f $TORBROWSER_VERSION/sha256sums.incrementals.txt.asc ] +then + pushd $TORBROWSER_VERSION && gpg -abs sha256sums.incrementals.txt + popd +fi +
ssh $HOST "mkdir -p $BASE_DIR/$TORBROWSER_VERSION" -scp $TORBROWSER_VERSION/sha256sums.txt* $HOST:$BASE_DIR/$TORBROWSER_VERSION/ +scp $TORBROWSER_VERSION/sha256sums*.txt* $HOST:$BASE_DIR/$TORBROWSER_VERSION/ ssh $HOST "chmod 755 $BASE_DIR/$TORBROWSER_VERSION && chmod 644 $BASE_DIR/$TORBROWSER_VERSION/*"