From 72b9e9ef4ccbfde52c01987b0389d48d76e382c1 Mon Sep 17 00:00:00 2001 From: Benjamin Toll Date: Thu, 29 Oct 2020 23:22:51 -0400 Subject: [PATCH 1/2] Support multiple OS and ARCH for signing --- package-upload.yaml | 18 ++++++-- scripts/release/mule/sign/sign.sh | 72 +++++++++++++++++++------------ 2 files changed, 60 insertions(+), 30 deletions(-) diff --git a/package-upload.yaml b/package-upload.yaml index 0ab7ff2cec..9d13c458ef 100644 --- a/package-upload.yaml +++ b/package-upload.yaml @@ -1,11 +1,23 @@ tasks: - task: s3.BucketCopy - name: upload + name: amd64 src: $HOME/projects/go-algorand/tmp/node_pkgs/linux/amd64 - dest: s3://$STAGING/$CHANNEL/$VERSION + dest: s3://$STAGING/$CHANNEL/$VERSION/ + + - task: s3.BucketCopy + name: arm + src: $HOME/projects/go-algorand/tmp/node_pkgs/linux/arm + dest: s3://$STAGING/$CHANNEL/$VERSION/ + + - task: s3.BucketCopy + name: arm64 + src: $HOME/projects/go-algorand/tmp/node_pkgs/linux/arm64 + dest: s3://$STAGING/$CHANNEL/$VERSION/ jobs: package-upload: tasks: - - s3.BucketCopy.upload + - s3.BucketCopy.amd64 + - s3.BucketCopy.arm + - s3.BucketCopy.arm64 diff --git a/scripts/release/mule/sign/sign.sh b/scripts/release/mule/sign/sign.sh index 00b00dba5b..0a09e99df9 100755 --- a/scripts/release/mule/sign/sign.sh +++ b/scripts/release/mule/sign/sign.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash -# shellcheck disable=2035,2129 +# shellcheck disable=2035,2129,2162 + +# TODO: This needs to be reworked a bit to support Darwin. set -exo pipefail @@ -7,12 +9,11 @@ echo date "+build_release begin SIGN stage %Y%m%d_%H%M%S" echo -ARCH_TYPE=$(./scripts/archtype.sh) OS_TYPE=$(./scripts/ostype.sh) VERSION=${VERSION:-$(./scripts/compute_build_number.sh -f)} BRANCH=${BRANCH:-$(./scripts/compute_branch.sh)} CHANNEL=${CHANNEL:-$(./scripts/compute_branch_channel.sh "$BRANCH")} -PKG_DIR="./tmp/node_pkgs/$OS_TYPE/$ARCH_TYPE" +PKG_DIR="./tmp/node_pkgs" SIGNING_KEY_ADDR=dev@algorand.com STATUSFILE="build_status_${CHANNEL}_${VERSION}" @@ -29,36 +30,53 @@ cd "$PKG_DIR" if [ -n "$S3_SOURCE" ] then - aws s3 sync "s3://$S3_SOURCE/$CHANNEL/$VERSION/$OS_TYPE/$ARCH_TYPE/" . + aws s3 cp --recursive --exclude "*" --include "*$CHANNEL*$VERSION*" "s3://$S3_SOURCE/$CHANNEL/$VERSION" . fi # TODO: "$PKG_TYPE" == "source" -# Clean package directory of any previous operations. -rm -rf hashes* *.sig *.asc *.asc.gz - -for file in *.tar.gz *.deb -do - gpg -u "$SIGNING_KEY_ADDR" --detach-sign "$file" -done - -for file in *.rpm -do - gpg -u rpm@algorand.com --detach-sign "$file" +# https://unix.stackexchange.com/a/46259 +# Grab the directories directly underneath (max-depth 1) ./tmp/node_pkgs/ into a space-delimited string. +# This will help us target `linux`, `darwin` and (possibly) `windows` build assets. +# Note the surrounding parens turns the string created by `find` into an array. +OS_TYPES=($(find . -mindepth 1 -maxdepth 1 -type d -printf '%f\n')) +for os in "${OS_TYPES[@]}"; do + if [ "$os" = linux ] + then + ARCHS=(amd64 arm arm64) + for arch in "${ARCHS[@]}"; do + ( + cd "$OS_TYPE/$arch" + + # Clean package directory of any previous operations. + rm -rf hashes* *.sig *.asc *.asc.gz + + for file in *.tar.gz *.deb + do + gpg -u "$SIGNING_KEY_ADDR" --detach-sign "$file" + done + + for file in *.rpm + do + gpg -u rpm@algorand.com --detach-sign "$file" + done + + HASHFILE="hashes_${CHANNEL}_${OS_TYPE}_${ARCH_TYPE}_${VERSION}" + + md5sum *.tar.gz *.deb *.rpm >> "$HASHFILE" + shasum -a 256 *.tar.gz *.deb *.rpm >> "$HASHFILE" + shasum -a 512 *.tar.gz *.deb *.rpm >> "$HASHFILE" + + gpg -u "$SIGNING_KEY_ADDR" --detach-sign "$HASHFILE" + gpg -u "$SIGNING_KEY_ADDR" --clearsign "$HASHFILE" + + gpg -u "$SIGNING_KEY_ADDR" --clearsign "$STATUSFILE" + gzip -c "$STATUSFILE.asc" > "$STATUSFILE.asc.gz" + ) + done + fi done -HASHFILE="hashes_${CHANNEL}_${OS_TYPE}_${ARCH_TYPE}_${VERSION}" - -md5sum *.tar.gz *.deb *.rpm >> "$HASHFILE" -shasum -a 256 *.tar.gz *.deb *.rpm >> "$HASHFILE" -shasum -a 512 *.tar.gz *.deb *.rpm >> "$HASHFILE" - -gpg -u "$SIGNING_KEY_ADDR" --detach-sign "$HASHFILE" -gpg -u "$SIGNING_KEY_ADDR" --clearsign "$HASHFILE" - -gpg -u "$SIGNING_KEY_ADDR" --clearsign "$STATUSFILE" -gzip -c "$STATUSFILE.asc" > "$STATUSFILE.asc.gz" - echo date "+build_release end SIGN stage %Y%m%d_%H%M%S" echo From e7574e98132ef9116f805c00e02b58ca577b342d Mon Sep 17 00:00:00 2001 From: Benjamin Toll Date: Thu, 29 Oct 2020 23:57:39 -0400 Subject: [PATCH 2/2] Use inner loop vars --- scripts/release/mule/sign/sign.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scripts/release/mule/sign/sign.sh b/scripts/release/mule/sign/sign.sh index 0a09e99df9..dae0e50ec1 100755 --- a/scripts/release/mule/sign/sign.sh +++ b/scripts/release/mule/sign/sign.sh @@ -9,7 +9,6 @@ echo date "+build_release begin SIGN stage %Y%m%d_%H%M%S" echo -OS_TYPE=$(./scripts/ostype.sh) VERSION=${VERSION:-$(./scripts/compute_build_number.sh -f)} BRANCH=${BRANCH:-$(./scripts/compute_branch.sh)} CHANNEL=${CHANNEL:-$(./scripts/compute_branch_channel.sh "$BRANCH")} @@ -46,7 +45,7 @@ for os in "${OS_TYPES[@]}"; do ARCHS=(amd64 arm arm64) for arch in "${ARCHS[@]}"; do ( - cd "$OS_TYPE/$arch" + cd "$os/$arch" # Clean package directory of any previous operations. rm -rf hashes* *.sig *.asc *.asc.gz @@ -61,7 +60,7 @@ for os in "${OS_TYPES[@]}"; do gpg -u rpm@algorand.com --detach-sign "$file" done - HASHFILE="hashes_${CHANNEL}_${OS_TYPE}_${ARCH_TYPE}_${VERSION}" + HASHFILE="hashes_${CHANNEL}_${os}_${arch}_${VERSION}" md5sum *.tar.gz *.deb *.rpm >> "$HASHFILE" shasum -a 256 *.tar.gz *.deb *.rpm >> "$HASHFILE"