| #!/bin/bash |
| # Copyright (C) 2017 SUSE LLC. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| set -e |
| |
| ## ---> |
| # Project-specific options and functions. In *theory* you shouldn't need to |
| # touch anything else in this script in order to use this elsewhere. |
| project="runc" |
| root="$(readlink -f "$(dirname "${BASH_SOURCE}")/..")" |
| |
| # This function takes an output path as an argument, where the built |
| # (preferably static) binary should be placed. |
| function build_project() { |
| builddir="$(dirname "$1")" |
| |
| # Build with all tags enabled. |
| make -C "$root" COMMIT_NO= BUILDTAGS="seccomp selinux apparmor" static |
| mv "$root/$project" "$1" |
| } |
| |
| # End of the easy-to-configure portion. |
| ## <--- |
| |
| # Print usage information. |
| function usage() { |
| echo "usage: release.sh [-S <gpg-key-id>] [-c <commit-ish>] [-r <release-dir>] [-v <version>]" >&2 |
| exit 1 |
| } |
| |
| # Log something to stderr. |
| function log() { |
| echo "[*] $*" >&2 |
| } |
| |
| # Log something to stderr and then exit with 0. |
| function bail() { |
| log "$@" |
| exit 0 |
| } |
| |
| # Conduct a sanity-check to make sure that GPG provided with the given |
| # arguments can sign something. Inability to sign things is not a fatal error. |
| function gpg_cansign() { |
| gpg "$@" --clear-sign </dev/null >/dev/null |
| } |
| |
| # When creating releases we need to build static binaries, an archive of the |
| # current commit, and generate detached signatures for both. |
| keyid="" |
| commit="HEAD" |
| version="" |
| releasedir="" |
| hashcmd="" |
| while getopts "S:c:r:v:h:" opt; do |
| case "$opt" in |
| S) |
| keyid="$OPTARG" |
| ;; |
| c) |
| commit="$OPTARG" |
| ;; |
| r) |
| releasedir="$OPTARG" |
| ;; |
| v) |
| version="$OPTARG" |
| ;; |
| h) |
| hashcmd="$OPTARG" |
| ;; |
| \:) |
| echo "Missing argument: -$OPTARG" >&2 |
| usage |
| ;; |
| \?) |
| echo "Invalid option: -$OPTARG" >&2 |
| usage |
| ;; |
| esac |
| done |
| |
| version="${version:-$(<"$root/VERSION")}" |
| releasedir="${releasedir:-release/$version}" |
| hashcmd="${hashcmd:-sha256sum}" |
| goarch="$(go env GOARCH || echo "amd64")" |
| |
| log "creating $project release in '$releasedir'" |
| log " version: $version" |
| log " commit: $commit" |
| log " key: ${keyid:-DEFAULT}" |
| log " hash: $hashcmd" |
| |
| # Make explicit what we're doing. |
| set -x |
| |
| # Make the release directory. |
| rm -rf "$releasedir" && mkdir -p "$releasedir" |
| |
| # Build project. |
| build_project "$releasedir/$project.$goarch" |
| |
| # Generate new archive. |
| git archive --format=tar --prefix="$project-$version/" "$commit" | xz > "$releasedir/$project.tar.xz" |
| |
| # Generate sha256 checksums for both. |
| ( cd "$releasedir" ; "$hashcmd" "$project".{"$goarch",tar.xz} > "$project.$hashcmd" ; ) |
| |
| # Set up the gpgflags. |
| [[ "$keyid" ]] && export gpgflags="--default-key $keyid" |
| gpg_cansign $gpgflags || bail "Could not find suitable GPG key, skipping signing step." |
| |
| # Sign everything. |
| gpg $gpgflags --detach-sign --armor "$releasedir/$project.$goarch" |
| gpg $gpgflags --detach-sign --armor "$releasedir/$project.tar.xz" |
| gpg $gpgflags --clear-sign --armor \ |
| --output "$releasedir/$project.$hashcmd"{.tmp,} && \ |
| mv "$releasedir/$project.$hashcmd"{.tmp,} |
