kallithea Files · scripts/make-release

Files @ 12824a48192d

Branch filter:

Location: kallithea/scripts/make-release

12824a48192d 2.4 KiB text/plain Show Annotation Show as Raw Download as Raw

mads

ssh: verify SSH keys haven't been truncated

Ed Wong reported problems with a SSH key that accidentally was copy-pasted with
extra newlines. This truncation wasn't detected, so the truncated key was added
to authorized_keys where it obviously didn't work for sshd.

The base64 decoding would sometimes catch truncated keys - but not always. We
seem to have to look inside the key, parse it according to the RFCs, and verify
they contain the right amount of data for the key type.

It is an additional burden to have to parse SSH key internals just to validate
them. We could consider using some external method for validation. But the
explicit validation introduced here might be more spot-on for our needs.

#!/bin/bash
set -e
set -x

cleanup()
{
  echo "Removing venv $venv"
  rm  -rf "$venv"
}

echo "Checking that you are NOT inside a virtualenv"
[ -z "$VIRTUAL_ENV" ]

venv=$(mktemp -d --tmpdir kallithea-release-XXXXX)
trap cleanup EXIT

echo "Setting up a fresh virtualenv in $venv"
python3 -m venv "$venv"
. "$venv/bin/activate"

echo "Install/verify tools needed for building and uploading stuff"
pip install --upgrade -e . -r dev_requirements.txt twine python-ldap python-pam

echo "Cleanup and update copyrights ... and clean checkout"
scripts/run-all-cleanup
scripts/update-copyrights.py
hg up -cr .

echo "Make release build from clean checkout in build/"
rm -rf build dist
hg archive build
cd build

echo "Check that each entry in MANIFEST.in match something"
sed -e 's/[^ ]*[ ]*\([^ ]*\).*/\1/g' MANIFEST.in | xargs ls -lad

echo "Build dist"
python3 setup.py compile_catalog
python3 setup.py sdist

echo "Verify VERSION from kallithea/__init__.py"
namerel=$(cd dist && echo Kallithea-*.tar.gz)
namerel=${namerel%.tar.gz}
version=${namerel#Kallithea-}
ls -l $(pwd)/dist/$namerel.tar.gz
echo "Releasing Kallithea $version in directory $namerel"

echo "Verify dist file content"
diff -u <((hg mani | grep -v '^\.hg\|^kallithea/i18n/en/LC_MESSAGES/kallithea.mo$') | LANG=C sort) <(tar tf dist/Kallithea-$version.tar.gz | sed "s|^$namerel/||" | grep . | grep -v '^kallithea/i18n/.*/LC_MESSAGES/kallithea.mo$\|^Kallithea.egg-info/\|^PKG-INFO$\|/$' | LANG=C sort)

echo "Verify docs build"
python3 setup.py build_sphinx # the results are not actually used, but we want to make sure it builds

echo "Shortlog for inclusion in the release announcement"
scripts/shortlog.py "only('.', branch('stable') & tagged() & public() & not '.')"

cat - << EOT

Now, make sure
* all tests are passing
* release note is ready
* announcement is ready
* source has been pushed to https://kallithea-scm.org/repos/kallithea

EOT

echo "Verify current revision is tagged for $version"
hg log -r "'$version'&." | grep .

echo -n "Enter \"pypi\" to upload Kallithea $version to pypi: "
read answer
[ "$answer" = "pypi" ]

echo "Rebuild readthedocs for docs.kallithea-scm.org"
xdg-open https://readthedocs.org/projects/kallithea/
curl -X POST http://readthedocs.org/build/kallithea
xdg-open https://readthedocs.org/projects/kallithea/builds
xdg-open https://docs.kallithea-scm.org/en/latest/ # or whatever the branch is

twine upload dist/*
xdg-open https://pypi.python.org/pypi/Kallithea