Pierre De Rop | 3a00a21 | 2015-03-01 09:27:46 +0000 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | # |
| 3 | # Licensed to the Apache Software Foundation (ASF) under one |
| 4 | # or more contributor license agreements. See the NOTICE file |
| 5 | # distributed with this work for additional information |
| 6 | # regarding copyright ownership. The ASF licenses this file |
| 7 | # to you under the Apache License, Version 2.0 (the |
| 8 | # "License"); you may not use this file except in compliance |
| 9 | # with the License. You may obtain a copy of the License at |
| 10 | # |
| 11 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 12 | # |
| 13 | # Unless required by applicable law or agreed to in writing, |
| 14 | # software distributed under the License is distributed on an |
| 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| 16 | # KIND, either express or implied. See the License for the |
| 17 | # specific language governing permissions and limitations |
| 18 | # under the License. |
| 19 | # This script verifies the signatures and checksums of a release. |
| 20 | # |
| 21 | # This script can be used to check the signatures and checksums of staged |
| 22 | # Apache Felix Dependency Manager release using gpg. |
| 23 | # Usage: |
| 24 | # |
| 25 | # check_staged_dependencymanager.sh <version> [<temp-dir>] |
| 26 | # |
| 27 | # Where: |
| 28 | # <version> represents the staged release version, e.g., 2.0.0; |
| 29 | # <temp-dir> represents the location where the release artifacts |
| 30 | # should be stored, defaults to /tmp/felix-staging if |
| 31 | # omitted. |
| 32 | |
| 33 | |
| 34 | version=${1} |
| 35 | tmpDir=${2:-/tmp/felix-staging} |
| 36 | |
| 37 | if [ ! -d "${tmpDir}" ]; then |
| 38 | mkdir "${tmpDir}" |
| 39 | fi |
| 40 | |
| 41 | if [ -z "${version}" -o ! -d "${tmpDir}" ]; then |
| 42 | echo "Usage: check_staged_dependencymanager.sh <release-version> [temp-directory]" |
| 43 | exit |
| 44 | fi |
| 45 | |
| 46 | checkSig() { |
| 47 | sigFile="$1.asc" |
| 48 | if [ ! -f $sigFile ]; then |
| 49 | echo "$sigFile is missing!!!" |
| 50 | exit 1 |
| 51 | fi |
| 52 | |
| 53 | gpg --verify $sigFile 2>/dev/null >/dev/null |
| 54 | if [ "$?" = "0" ]; then echo "OK"; else echo "BAD!!!"; fi |
| 55 | } |
| 56 | |
| 57 | checkSum() { |
| 58 | archive=$1 |
| 59 | sumFile=$2 |
| 60 | alg=$3 |
| 61 | if [ ! -f $sumFile ]; then |
| 62 | echo "$sumFile is missing!!!" |
| 63 | exit 1 |
| 64 | fi |
| 65 | |
| 66 | orig=`cat $sumFile | sed 's/.*: *//' | tr -d ' \t\n\r'` |
| 67 | actual=`gpg --print-md $alg $archive | sed 's/.*: *//' | tr -d ' \t\n\r'` |
| 68 | if [ "$orig" = "$actual" ]; then echo "OK"; else echo "BAD!!!"; fi |
| 69 | } |
| 70 | |
| 71 | KEYS_URL="http://www.apache.org/dist/felix/KEYS" |
| 72 | REL_URL="https://dist.apache.org/repos/dist/dev/felix/org.apache.felix.dependencymanager-${version}/" |
| 73 | PWD=`pwd` |
| 74 | |
| 75 | echo "################################################################################" |
| 76 | echo " IMPORTING KEYS " |
| 77 | echo "################################################################################" |
| 78 | if [ ! -e "${tmpDir}/KEYS" ]; then |
| 79 | wget --no-check-certificate -P "${tmpDir}" $KEYS_URL |
| 80 | fi |
| 81 | gpg --import "${tmpDir}/KEYS" |
| 82 | |
| 83 | if [ ! -e "${tmpDir}/org.apache.felix.dependencymanager-${version}" ] |
| 84 | then |
| 85 | echo "################################################################################" |
| 86 | echo " DOWNLOAD STAGED REPOSITORY " |
| 87 | echo "################################################################################" |
| 88 | |
| 89 | wget \ |
| 90 | -e "robots=off" --wait 1 -r -np "--reject=html,txt" "--follow-tags=" \ |
| 91 | -P "${tmpDir}/org.apache.felix.dependencymanager-${version}" -nH "--cut-dirs=5" --ignore-length --no-check-certificate \ |
| 92 | $REL_URL |
| 93 | else |
| 94 | echo "################################################################################" |
| 95 | echo " USING EXISTING STAGED REPOSITORY " |
| 96 | echo "################################################################################" |
| 97 | echo "${tmpDir}/org.apache.felix.dependencymanager-${version}" |
| 98 | fi |
| 99 | |
| 100 | echo "################################################################################" |
| 101 | echo " CHECK SIGNATURES AND DIGESTS " |
| 102 | echo "################################################################################" |
| 103 | |
| 104 | cd ${tmpDir}/org.apache.felix.dependencymanager-${version} |
| 105 | for f in `find . -type f | grep -v '\.\(asc\|sha\?\|md5\)$'`; do |
| 106 | echo "checking $f" |
| 107 | |
| 108 | echo -e " ASC: \c" |
| 109 | checkSig $f |
| 110 | echo -e " MD5: \c" |
| 111 | checkSum $f "$f.md5" MD5 |
| 112 | echo -e " SHA: \c" |
| 113 | checkSum $f "$f.sha" SHA512 |
| 114 | echo "" |
| 115 | done |
| 116 | |
| 117 | cd $PWD |
| 118 | echo "################################################################################" |
| 119 | |