#!/bin/bash # Copyright (C) 2017 SUSE LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. set -e ## ---> # Project-specific options and functions. In *theory* you shouldn't need to # touch anything else in this script in order to use this elsewhere. project="runc" root="$(readlink -f "$(dirname "${BASH_SOURCE}")/..")" # This function takes an output path as an argument, where the built # (preferably static) binary should be placed. function build_project() { builddir="$(dirname "$1")" # Build with all tags enabled. make -C "$root" COMMIT_NO= BUILDTAGS="seccomp selinux apparmor" static mv "$root/$project" "$1" } # End of the easy-to-configure portion. ## <--- # Print usage information. function usage() { echo "usage: release.sh [-S <gpg-key-id>] [-c <commit-ish>] [-r <release-dir>] [-v <version>]" >&2 exit 1 } # Log something to stderr. function log() { echo "[*] $*" >&2 } # Log something to stderr and then exit with 0. function bail() { log "$@" exit 0 } # Conduct a sanity-check to make sure that GPG provided with the given # arguments can sign something. Inability to sign things is not a fatal error. function gpg_cansign() { gpg "$@" --clear-sign </dev/null >/dev/null } # When creating releases we need to build static binaries, an archive of the # current commit, and generate detached signatures for both. keyid="" commit="HEAD" version="" releasedir="" hashcmd="" while getopts "S:c:r:v:h:" opt; do case "$opt" in S) keyid="$OPTARG" ;; c) commit="$OPTARG" ;; r) releasedir="$OPTARG" ;; v) version="$OPTARG" ;; h) hashcmd="$OPTARG" ;; \:) echo "Missing argument: -$OPTARG" >&2 usage ;; \?) echo "Invalid option: -$OPTARG" >&2 usage ;; esac done version="${version:-$(<"$root/VERSION")}" releasedir="${releasedir:-release/$version}" hashcmd="${hashcmd:-sha256sum}" goarch="$(go env GOARCH || echo "amd64")" log "creating $project release in '$releasedir'" log " version: $version" log " commit: $commit" log " key: ${keyid:-DEFAULT}" log " hash: $hashcmd" # Make explicit what we're doing. set -x # Make the release directory. rm -rf "$releasedir" && mkdir -p "$releasedir" # Build project. build_project "$releasedir/$project.$goarch" # Generate new archive. git archive --format=tar --prefix="$project-$version/" "$commit" | xz > "$releasedir/$project.tar.xz" # Generate sha256 checksums for both. ( cd "$releasedir" ; "$hashcmd" "$project".{"$goarch",tar.xz} > "$project.$hashcmd" ; ) # Set up the gpgflags. [[ "$keyid" ]] && export gpgflags="--default-key $keyid" gpg_cansign $gpgflags || bail "Could not find suitable GPG key, skipping signing step." # Sign everything. gpg $gpgflags --detach-sign --armor "$releasedir/$project.$goarch" gpg $gpgflags --detach-sign --armor "$releasedir/$project.tar.xz" gpg $gpgflags --clear-sign --armor \ --output "$releasedir/$project.$hashcmd"{.tmp,} && \ mv "$releasedir/$project.$hashcmd"{.tmp,}