expect staged .zip too and .sha512
diff --git a/buildTools/check_sigs.sh b/buildTools/check_sigs.sh
old mode 100755
new mode 100644
index 5a5c96e..0c9f387
--- a/buildTools/check_sigs.sh
+++ b/buildTools/check_sigs.sh
@@ -55,7 +55,7 @@
fi
HASH=`shasum -p -a 512 "${FILE}" | awk '{print$1}'`
- CHECK=`cat "${FILE}.sha1"`
+ CHECK=`cat "${FILE}.sha512"`
if [ "$HASH" != "$CHECK" ]
then
@@ -74,5 +74,10 @@
checkFile ${bundle}
done
+for bundle in ${BUNDLE_DIR}/*.zip
+do
+ checkFile ${bundle}
+done
+
echo
echo "SUCCESS: all checksum and signature files OK"
diff --git a/buildTools/common.sh b/buildTools/common.sh
index b5371c2..8c6ebfb 100755
--- a/buildTools/common.sh
+++ b/buildTools/common.sh
@@ -63,6 +63,10 @@
[ $# = 0 ] || usage "extra arguments"
}
+function getAbsPath() { # $1: rel-or-abs-path
+ echo "$(cd "$(dirname "$1")"; pwd)/$(basename "$1")"
+}
+
function confirm () { # [$1: question]
while true; do
# call with a prompt string or use a default
diff --git a/buildTools/compare_bundles.sh b/buildTools/compare_bundles.sh
new file mode 100755
index 0000000..8e2a0c9
--- /dev/null
+++ b/buildTools/compare_bundles.sh
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+################################################################################
+##
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+##
+################################################################################
+
+set -e
+
+# Checks that tar.gz and zip bundles have the exact same contents
+
+. `dirname $0`/common.sh
+
+setUsage "`basename $0` tgz-bundle1 zip-bundle2"
+handleHelp "$@"
+
+if [ $# -ge 1 ]
+then
+ TGZ_BUNDLE=$1; shift
+fi
+if [ $# -ge 1 ]
+then
+ ZIP_BUNDLE=$1; shift
+fi
+
+noExtraArgs "$@"
+
+function compareBundles() {
+ TGZFILE="$1"
+ ZIPFILE="$2"
+ echo
+ echo "Unpacking and comparing bundles..."
+ echo "[1] ${TGZFILE}"
+ echo "[2] ${ZIPFILE}"
+
+ set +e
+ DIR=`mktemp -d`
+ mkdir ${DIR}/bundle1 ${DIR}/bundle2
+ (cd ${DIR}/bundle1; set -x; tar zxf ${TGZFILE})
+ (cd ${DIR}/bundle2; set -x; unzip -q ${ZIPFILE})
+ (set -x; cd ${DIR}; diff -r -q bundle1 bundle2)
+ EC=$?
+ (cd ${DIR}; rm -rf bundle1 bundle2)
+ rmdir ${DIR}
+ set -e
+ if [ "${EC}" != 0 ] ; then
+ echo "FAILED: bundles have the different contents"
+ fi
+ return ${EC}
+}
+
+ABS_TGZ_BUNDLE=$(getAbsPath "${TGZ_BUNDLE}")
+ABS_ZIP_BUNDLE=$(getAbsPath "${ZIP_BUNDLE}")
+
+compareBundles ${ABS_TGZ_BUNDLE} ${ABS_ZIP_BUNDLE}
+
+echo
+echo "SUCCESS: bundles have the same contents"
diff --git a/buildTools/download_edgent_asf.sh b/buildTools/download_edgent_asf.sh
index 8c045ef..55d432b 100755
--- a/buildTools/download_edgent_asf.sh
+++ b/buildTools/download_edgent_asf.sh
@@ -94,7 +94,7 @@
mywget ${1}
mywget ${1}.asc
mywget ${1}.md5
- mywget ${1}.sha1
+ mywget ${1}.sha512
}
mkdir -p ${DST_BASE_DIR}
@@ -116,6 +116,7 @@
mywget ${URL}/README
mywget ${URL}/RELEASE_NOTES
getSignedBundle ${URL}/apache-edgent-${VER}-incubating-source-release.tar.gz
+getSignedBundle ${URL}/apache-edgent-${VER}-incubating-source-release.zip
#mkdir binaries
#cd binaries
@@ -127,7 +128,13 @@
echo Done Downloading to ${DST_BASE_DIR}
[ ${VALIDATE} == 0 ] && exit
-[ ${VALIDATE} == 1 ] || [ ${NQUERY} ] || confirm "Do you want to check the bundle signatures?" || exit
+[ ${VALIDATE} == 1 ] || [ ${NQUERY} ] || confirm "Do you want to check the bundle signatures and compare source bundles?" || exit
+
+cd ${ABS_BASE_DIR}
+
+echo
+echo "Verifying the tar.gz and zip have the same contents..."
+(set -x; $BUILDTOOLS_DIR/compare_bundles.sh ${DST_VER_DIR}/apache-edgent-${VER}-incubating-source-release.tar.gz ${DST_VER_DIR}/apache-edgent-${VER}-incubating-source-release.zip)
echo
echo "If the following bundle gpg signature checks fail, you may need to"
@@ -135,8 +142,6 @@
echo " $ gpg ${DST_BASE_DIR}/KEYS # show the included keys"
echo " $ gpg --import ${DST_BASE_DIR}/KEYS"
-cd ${ABS_BASE_DIR}
-
echo
echo "Verifying the source bundle signatures..."
(set -x; $BUILDTOOLS_DIR/check_sigs.sh ${DST_VER_DIR})