Google Git
Sign in
apache / felix-dev / refs/tags/org.apache.felix.configadmin.plugin.interpolation-1.1.0 / . / dependencymanager / release / check_staged_release.sh
blob: 042c383d54c4901e93193777a9ca4dcf8aca297b [file] [log] [blame]
#!/bin/bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# This script verifies the signatures and checksums of a release.
#
# This script can be used to check the signatures and checksums of staged
# Apache Felix Dependency Manager release using gpg.
# Usage:
#
# check_staged_dependencymanager.sh <version> [<temp-dir>]
#
# Where:
# <version> represents the staged release version, e.g., 2.0.0;
# <temp-dir> represents the location where the release artifacts
# should be stored, defaults to /tmp/felix-staging if
# omitted.
version=${1}
tmpDir=${2:-/tmp/felix-staging}
if [ ! -d "${tmpDir}" ]; then
mkdir "${tmpDir}"
fi
if [ -z "${version}" -o ! -d "${tmpDir}" ]; then
echo "Usage: check_staged_dependencymanager.sh <release-version> [temp-directory]"
exit
fi
checkSig() {
sigFile="$1.asc"
if [ ! -f $sigFile ]; then
echo "$sigFile is missing!!!"
exit 1
fi
gpg --verify $sigFile 2>/dev/null >/dev/null
if [ "$?" = "0" ]; then echo "OK"; else echo "BAD!!!"; fi
}
checkSum() {
archive=$1
sumFile=$2
alg=$3
if [ ! -f $sumFile ]; then
echo "$sumFile is missing!!!"
exit 1
fi
orig=`cat $sumFile | sed 's/.*: *//' | tr -d ' \t\n\r'`
actual=`gpg --print-md $alg $archive | sed 's/.*: *//' | tr -d ' \t\n\r'`
if [ "$orig" = "$actual" ]; then echo "OK"; else echo "BAD!!!"; fi
}
KEYS_URL="http://www.apache.org/dist/felix/KEYS"
REL_URL="https://dist.apache.org/repos/dist/dev/felix/org.apache.felix.dependencymanager-${version}/"
PWD=`pwd`
echo "################################################################################"
echo " IMPORTING KEYS "
echo "################################################################################"
if [ ! -e "${tmpDir}/KEYS" ]; then
wget --no-check-certificate -P "${tmpDir}" $KEYS_URL
fi
gpg --import "${tmpDir}/KEYS"
if [ ! -e "${tmpDir}/org.apache.felix.dependencymanager-${version}" ]
then
echo "################################################################################"
echo " DOWNLOAD STAGED REPOSITORY "
echo "################################################################################"
wget \
-e "robots=off" --wait 1 -nv -r -np "--reject=html,html.tmp,txt" "--follow-tags=" \
-P "${tmpDir}/org.apache.felix.dependencymanager-${version}" -nH "--cut-dirs=5" \
$REL_URL
else
echo "################################################################################"
echo " USING EXISTING STAGED REPOSITORY "
echo "################################################################################"
echo "${tmpDir}/org.apache.felix.dependencymanager-${version}"
fi
echo "################################################################################"
echo " CHECK SIGNATURES AND DIGESTS "
echo "################################################################################"
cd ${tmpDir}/org.apache.felix.dependencymanager-${version}
for f in `find . -type f | grep -v '\.\(asc\|sha1\|sha512\|md5\)$'`; do
echo "checking $f"
echo -e " ASC: \c"
checkSig $f
echo -e " SHA1: \c"
checkSum $f "$f.sha1" SHA1
echo -e " SHA512: \c"
checkSum $f "$f.sha512" SHA512
echo ""
done
cd $PWD
echo "################################################################################"