From: Petr Lautrbach <plautrba@redhat.com>
To: Nicolas Iooss <nicolas.iooss@m4x.org>, selinux@vger.kernel.org
Subject: Re: [PATCH v2 1/1] scripts/release: make the script more robust, and release a source repository snapshot
Date: Wed, 03 Feb 2021 10:34:04 +0100 [thread overview]
Message-ID: <87sg6dmr5f.fsf@redhat.com> (raw)
In-Reply-To: <20210201221646.13190-1-nicolas.iooss@m4x.org>
Nicolas Iooss <nicolas.iooss@m4x.org> writes:
> Following Petr Lautrbach's suggestion, release a snapshot of the source
> repository next to the individual archives which constitute a release.
>
> While at it, make scripts/release more robust:
>
> - Fix many warnings reported by shellcheck, by quoting strings.
> - Use bash arrays for DIRS and DIRS_NEED_PREFIX
> - Merge DIRS and DIRS_NEED_PREFIX into a single array, in order to
> produce SHA256 digests that are directly in alphabetical order, for
> https://github.com/SELinuxProject/selinux/wiki/Releases
> - Use "set -e" in order to fail as soon as a command fails
> - Change to the top-level directory at the start of the script, in order
> to be able to run it from anywhere.
> - Use `cat $DIR/VERSION` and `git -C $DIR` instead of `cd $i ; cat VERSION`
> in order to prevent unexpected issues from directory change.
>
> Finally, if version tags already exists, re-use them. This enables using
> this script to re-generate the release archive (and check that they
> really match the git repository). Currently, running scripts/release
> will produce the same archives as the ones published in the 3.2-rc1
> release (with the same SHA256 digests as the ones on the release page,
> https://github.com/SELinuxProject/selinux/wiki/Releases). This helps to
> ensure that the behaviour of the script is still fine.
>
> Suggested-by: Petr Lautrbach <plautrba@redhat.com>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
> ---
> scripts/release | 95 +++++++++++++++++++++++++++++++------------------
> 1 file changed, 60 insertions(+), 35 deletions(-)
>
> diff --git a/scripts/release b/scripts/release
> index 895a0e1ca1a1..21e30ff54b80 100755
> --- a/scripts/release
> +++ b/scripts/release
> @@ -1,43 +1,57 @@
> #!/bin/bash
>
> -PWD=`pwd`
> -WIKIDIR=../selinux.wiki
> -
> -if [ \! -d $WIKIDIR ]; then
> - git clone git@github.com:SELinuxProject/selinux.wiki.git $WIKIDIR
> -fi
> +# Fail when a command fails
> +set -e
>
> -RELEASE_TAG=`cat VERSION`
> -DEST=releases/$RELEASE_TAG
> -DIRS="libsepol libselinux libsemanage checkpolicy secilc policycoreutils mcstrans restorecond semodule-utils"
> -DIRS_NEED_PREFIX="dbus gui python sandbox"
> +# Ensure the script is running from the top level directory
> +cd "$(dirname -- "$0")/.."
>
> -git tag -a $RELEASE_TAG -m "Release $RELEASE_TAG"
> +WIKIDIR=../selinux.wiki
>
> -rm -rf $DEST
> -mkdir -p $DEST
> +if ! [ -d "$WIKIDIR" ]; then
> + git clone git@github.com:SELinuxProject/selinux.wiki.git "$WIKIDIR"
> +fi
>
> -for i in $DIRS; do
> - cd $i
> - VERS=`cat VERSION`
> - ARCHIVE=$i-$VERS.tar.gz
> - git tag $i-$VERS > /dev/null 2>&1
> - git archive -o ../$DEST/$ARCHIVE --prefix=$i-$VERS/ $i-$VERS
> - cd ..
> -done
> +RELEASE_TAG="$(cat VERSION)"
> +DEST="releases/$RELEASE_TAG"
> +DIRS=(
> + checkpolicy
> + libselinux
> + libsemanage
> + libsepol
> + mcstrans
> + policycoreutils
> + restorecond
> + secilc
> + selinux-dbus
> + selinux-gui
> + selinux-python
> + selinux-sandbox
> + semodule-utils
> +)
> +
> +if git rev-parse "$RELEASE_TAG" > /dev/null ; then
> + echo "Warning: tag $RELEASE_TAG already exists"
> +else
> + git tag -a "$RELEASE_TAG" -m "Release $RELEASE_TAG"
> +fi
fatal: ambiguous argument '3.2-rc2': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions, like this:
'git <command> [<revision>...] -- [<file>...]'
> -for i in $DIRS_NEED_PREFIX; do
> - cd $i
> - VERS=`cat VERSION`
> - ARCHIVE=selinux-$i-$VERS.tar.gz
> - git tag selinux-$i-$VERS > /dev/null 2>&1
> - git archive -o ../$DEST/$ARCHIVE --prefix=selinux-$i-$VERS/ selinux-$i-$VERS
> - cd ..
> +rm -rf "$DEST"
> +mkdir -p "$DEST"
> +
> +for COMPONENT in "${DIRS[@]}"; do
> + DIR="${COMPONENT#selinux-}"
> + VERS="$(cat "$DIR/VERSION")"
> + TAG="$COMPONENT-$VERS"
> + if git rev-parse "$TAG" > /dev/null ; then
> + echo "Warning: tag $TAG already exists"
> + else
> + git tag "$TAG" > /dev/null
> + fi
fatal: ambiguous argument 'checkpolicy-3.2-rc2': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions, like this:
'git <command> [<revision>...] -- [<file>...]'
The following change fixes both:
--- a/scripts/release
+++ b/scripts/release
@@ -30,7 +30,7 @@ DIRS=(
semodule-utils
)
-if git rev-parse "$RELEASE_TAG" > /dev/null ; then
+if git rev-parse "$RELEASE_TAG" &> /dev/null ; then
echo "Warning: tag $RELEASE_TAG already exists"
else
git tag -a "$RELEASE_TAG" -m "Release $RELEASE_TAG"
@@ -43,7 +43,7 @@ for COMPONENT in "${DIRS[@]}"; do
DIR="${COMPONENT#selinux-}"
VERS="$(cat "$DIR/VERSION")"
TAG="$COMPONENT-$VERS"
- if git rev-parse "$TAG" > /dev/null ; then
+ if git rev-parse "$TAG" &> /dev/null ; then
echo "Warning: tag $TAG already exists"
else
git tag "$TAG" > /dev/null
> + git -C "$DIR" archive -o "../$DEST/$TAG.tar.gz" --prefix="$TAG/" "$TAG"
> done
>
> -cd $DEST
> -
> -git add .
> +git archive -o "$DEST/selinux-${RELEASE_TAG}.tar.gz" --prefix="selinux-${RELEASE_TAG}/" "${RELEASE_TAG}"
>
> echo "Add the following to the $WIKIDIR/Releases.md wiki page:"
>
> @@ -54,13 +68,24 @@ echo ""
> echo "[short log](https://github.com/SELinuxProject/selinux/releases/download/$RELEASE_TAG/shortlog-$RELEASE_TAG.txt)"
> echo ""
>
> -for i in *.tar.gz; do
> -
> - echo -n "[$i](https://github.com/SELinuxProject/selinux/releases/download/$RELEASE_TAG/$i) "
> - sha256sum $i | cut -d " " -f 1
> +for COMPONENT in "${DIRS[@]}"; do
> + DIR="${COMPONENT#selinux-}"
> + VERS="$(cat "$DIR/VERSION")"
> + TAG="$COMPONENT-$VERS"
> + tarball="$TAG.tar.gz"
> + echo -n "[$tarball](https://github.com/SELinuxProject/selinux/releases/download/$RELEASE_TAG/$tarball) "
> + sha256sum "$DEST/$tarball" | cut -d " " -f 1
> echo ""
> done
>
> +echo "### Source repository snapshot"
> +
> +echo ""
> +
> +echo -n "[selinux-${RELEASE_TAG}.tar.gz](https://github.com/SELinuxProject/selinux/releases/download/$RELEASE_TAG/selinux-${RELEASE_TAG}.tar.gz) "
> +sha256sum "$DEST/selinux-${RELEASE_TAG}.tar.gz" | cut -d " " -f 1
> +echo ""
> +
> echo "And then run:"
> echo " cd $WIKIDIR"
> echo " git commit -m \"Release $RELEASE_TAG\" -a -s"
> --
> 2.30.0
next prev parent reply other threads:[~2021-02-03 9:35 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-01 22:16 [PATCH v2 1/1] scripts/release: make the script more robust, and release a source repository snapshot Nicolas Iooss
2021-02-03 9:34 ` Petr Lautrbach [this message]
2021-02-03 9:47 ` Nicolas Iooss
2021-02-03 9:58 ` Petr Lautrbach
2021-02-03 12:07 ` Petr Lautrbach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sg6dmr5f.fsf@redhat.com \
--to=plautrba@redhat.com \
--cc=nicolas.iooss@m4x.org \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.