forked from TrueCloudLab/restic
Merge pull request #4541 from MichaelEischer/fix-binary-check-script
verify-release-binaries.sh: don't show warning if binaries are correct
This commit is contained in:
commit
3804e50d64
1 changed files with 9 additions and 6 deletions
|
@ -12,6 +12,10 @@ go_version="$2"
|
||||||
|
|
||||||
# invalid if zero
|
# invalid if zero
|
||||||
is_valid=1
|
is_valid=1
|
||||||
|
set_invalid() {
|
||||||
|
echo $1
|
||||||
|
is_valid=0
|
||||||
|
}
|
||||||
|
|
||||||
tmpdir="$(mktemp -d -p .)"
|
tmpdir="$(mktemp -d -p .)"
|
||||||
cd "${tmpdir}"
|
cd "${tmpdir}"
|
||||||
|
@ -41,7 +45,7 @@ for i in $(cat SHA256SUMS | cut -d " " -f 3 ) ; do
|
||||||
echo "Downloading $i"
|
echo "Downloading $i"
|
||||||
curl -OLSs https://github.com/restic/restic/releases/download/v${restic_version}/"$i"
|
curl -OLSs https://github.com/restic/restic/releases/download/v${restic_version}/"$i"
|
||||||
done
|
done
|
||||||
shasum -a256 -c SHA256SUMS || echo "WARNING: RELEASE BINARIES DO NOT MATCH SHA256SUMS!" && is_valid=0
|
shasum -a256 -c SHA256SUMS || set_invalid "WARNING: RELEASE BINARIES DO NOT MATCH SHA256SUMS!"
|
||||||
gpg --verify restic-${restic_version}.tar.gz.asc restic-${restic_version}.tar.gz
|
gpg --verify restic-${restic_version}.tar.gz.asc restic-${restic_version}.tar.gz
|
||||||
# TODO verify that the release does not contain any unexpected files
|
# TODO verify that the release does not contain any unexpected files
|
||||||
|
|
||||||
|
@ -74,9 +78,9 @@ cp "restic-${restic_version}.tar.gz" output
|
||||||
cp SHA256SUMS output
|
cp SHA256SUMS output
|
||||||
|
|
||||||
# check that all release binaries have been reproduced successfully
|
# check that all release binaries have been reproduced successfully
|
||||||
(cd output && shasum -a256 -c SHA256SUMS) || echo "WARNING: REPRODUCED BINARIES DO NOT MATCH RELEASE BINARIES!" && is_valid=0
|
(cd output && shasum -a256 -c SHA256SUMS) || set_invalid "WARNING: REPRODUCED BINARIES DO NOT MATCH RELEASE BINARIES!"
|
||||||
# and that the SHA256SUMS files does not miss binaries
|
# and that the SHA256SUMS files does not miss binaries
|
||||||
for i in output/restic* ; do grep "$(basename "$i")" SHA256SUMS > /dev/null || echo "WARNING: $i MISSING FROM RELEASE SHA256SUMS FILE!" && is_valid=0 ; done
|
for i in output/restic* ; do grep "$(basename "$i")" SHA256SUMS > /dev/null || set_invalid "WARNING: $i MISSING FROM RELEASE SHA256SUMS FILE!" ; done
|
||||||
|
|
||||||
|
|
||||||
extract_docker() {
|
extract_docker() {
|
||||||
|
@ -95,8 +99,7 @@ extract_docker() {
|
||||||
tar -xvf "$i" -C img usr/bin/restic 2> /dev/null 1>&2 || true
|
tar -xvf "$i" -C img usr/bin/restic 2> /dev/null 1>&2 || true
|
||||||
if [[ -f img/usr/bin/restic ]]; then
|
if [[ -f img/usr/bin/restic ]]; then
|
||||||
if [[ -f restic-docker ]]; then
|
if [[ -f restic-docker ]]; then
|
||||||
echo "WARNING: CONTAINER CONTAINS MULTIPLE RESTIC BINARIES"
|
set_invalid "WARNING: CONTAINER CONTAINS MULTIPLE RESTIC BINARIES"
|
||||||
is_valid=0
|
|
||||||
fi
|
fi
|
||||||
mv img/usr/bin/restic restic-docker
|
mv img/usr/bin/restic restic-docker
|
||||||
fi
|
fi
|
||||||
|
@ -118,7 +121,7 @@ for img in restic/restic ghcr.io/restic/restic; do
|
||||||
extract_docker "$img" 386 386
|
extract_docker "$img" 386 386
|
||||||
extract_docker "$img" amd64 amd64
|
extract_docker "$img" amd64 amd64
|
||||||
|
|
||||||
(cd docker && shasum -a256 -c SHA256SUMS) || echo "WARNING: DOCKER CONTAINER DOES NOT CONTAIN RELEASE BINARIES!" && is_valid=0
|
(cd docker && shasum -a256 -c SHA256SUMS) || set_invalid "WARNING: DOCKER CONTAINER DOES NOT CONTAIN RELEASE BINARIES!"
|
||||||
|
|
||||||
mv docker docker-$(( ctr++ ))
|
mv docker docker-$(( ctr++ ))
|
||||||
done
|
done
|
||||||
|
|
Loading…
Reference in a new issue