* [PATCH v2 1/1] scripts/release: make the script more robust, and release a source repository snapshot
@ 2021-02-01 22:16 Nicolas Iooss
2021-02-03 9:34 ` Petr Lautrbach
0 siblings, 1 reply; 5+ messages in thread
From: Nicolas Iooss @ 2021-02-01 22:16 UTC (permalink / raw)
To: selinux; +Cc: Petr Lautrbach
Following Petr Lautrbach's suggestion, release a snapshot of the source
repository next to the individual archives which constitute a release.
While at it, make scripts/release more robust:
- Fix many warnings reported by shellcheck, by quoting strings.
- Use bash arrays for DIRS and DIRS_NEED_PREFIX
- Merge DIRS and DIRS_NEED_PREFIX into a single array, in order to
produce SHA256 digests that are directly in alphabetical order, for
https://github.com/SELinuxProject/selinux/wiki/Releases
- Use "set -e" in order to fail as soon as a command fails
- Change to the top-level directory at the start of the script, in order
to be able to run it from anywhere.
- Use `cat $DIR/VERSION` and `git -C $DIR` instead of `cd $i ; cat VERSION`
in order to prevent unexpected issues from directory change.
Finally, if version tags already exists, re-use them. This enables using
this script to re-generate the release archive (and check that they
really match the git repository). Currently, running scripts/release
will produce the same archives as the ones published in the 3.2-rc1
release (with the same SHA256 digests as the ones on the release page,
https://github.com/SELinuxProject/selinux/wiki/Releases). This helps to
ensure that the behaviour of the script is still fine.
Suggested-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
scripts/release | 95 +++++++++++++++++++++++++++++++------------------
1 file changed, 60 insertions(+), 35 deletions(-)
diff --git a/scripts/release b/scripts/release
index 895a0e1ca1a1..21e30ff54b80 100755
--- a/scripts/release
+++ b/scripts/release
@@ -1,43 +1,57 @@
#!/bin/bash
-PWD=`pwd`
-WIKIDIR=../selinux.wiki
-
-if [ \! -d $WIKIDIR ]; then
- git clone git@github.com:SELinuxProject/selinux.wiki.git $WIKIDIR
-fi
+# Fail when a command fails
+set -e
-RELEASE_TAG=`cat VERSION`
-DEST=releases/$RELEASE_TAG
-DIRS="libsepol libselinux libsemanage checkpolicy secilc policycoreutils mcstrans restorecond semodule-utils"
-DIRS_NEED_PREFIX="dbus gui python sandbox"
+# Ensure the script is running from the top level directory
+cd "$(dirname -- "$0")/.."
-git tag -a $RELEASE_TAG -m "Release $RELEASE_TAG"
+WIKIDIR=../selinux.wiki
-rm -rf $DEST
-mkdir -p $DEST
+if ! [ -d "$WIKIDIR" ]; then
+ git clone git@github.com:SELinuxProject/selinux.wiki.git "$WIKIDIR"
+fi
-for i in $DIRS; do
- cd $i
- VERS=`cat VERSION`
- ARCHIVE=$i-$VERS.tar.gz
- git tag $i-$VERS > /dev/null 2>&1
- git archive -o ../$DEST/$ARCHIVE --prefix=$i-$VERS/ $i-$VERS
- cd ..
-done
+RELEASE_TAG="$(cat VERSION)"
+DEST="releases/$RELEASE_TAG"
+DIRS=(
+ checkpolicy
+ libselinux
+ libsemanage
+ libsepol
+ mcstrans
+ policycoreutils
+ restorecond
+ secilc
+ selinux-dbus
+ selinux-gui
+ selinux-python
+ selinux-sandbox
+ semodule-utils
+)
+
+if git rev-parse "$RELEASE_TAG" > /dev/null ; then
+ echo "Warning: tag $RELEASE_TAG already exists"
+else
+ git tag -a "$RELEASE_TAG" -m "Release $RELEASE_TAG"
+fi
-for i in $DIRS_NEED_PREFIX; do
- cd $i
- VERS=`cat VERSION`
- ARCHIVE=selinux-$i-$VERS.tar.gz
- git tag selinux-$i-$VERS > /dev/null 2>&1
- git archive -o ../$DEST/$ARCHIVE --prefix=selinux-$i-$VERS/ selinux-$i-$VERS
- cd ..
+rm -rf "$DEST"
+mkdir -p "$DEST"
+
+for COMPONENT in "${DIRS[@]}"; do
+ DIR="${COMPONENT#selinux-}"
+ VERS="$(cat "$DIR/VERSION")"
+ TAG="$COMPONENT-$VERS"
+ if git rev-parse "$TAG" > /dev/null ; then
+ echo "Warning: tag $TAG already exists"
+ else
+ git tag "$TAG" > /dev/null
+ fi
+ git -C "$DIR" archive -o "../$DEST/$TAG.tar.gz" --prefix="$TAG/" "$TAG"
done
-cd $DEST
-
-git add .
+git archive -o "$DEST/selinux-${RELEASE_TAG}.tar.gz" --prefix="selinux-${RELEASE_TAG}/" "${RELEASE_TAG}"
echo "Add the following to the $WIKIDIR/Releases.md wiki page:"
@@ -54,13 +68,24 @@ echo ""
echo "[short log](https://github.com/SELinuxProject/selinux/releases/download/$RELEASE_TAG/shortlog-$RELEASE_TAG.txt)"
echo ""
-for i in *.tar.gz; do
-
- echo -n "[$i](https://github.com/SELinuxProject/selinux/releases/download/$RELEASE_TAG/$i) "
- sha256sum $i | cut -d " " -f 1
+for COMPONENT in "${DIRS[@]}"; do
+ DIR="${COMPONENT#selinux-}"
+ VERS="$(cat "$DIR/VERSION")"
+ TAG="$COMPONENT-$VERS"
+ tarball="$TAG.tar.gz"
+ echo -n "[$tarball](https://github.com/SELinuxProject/selinux/releases/download/$RELEASE_TAG/$tarball) "
+ sha256sum "$DEST/$tarball" | cut -d " " -f 1
echo ""
done
+echo "### Source repository snapshot"
+
+echo ""
+
+echo -n "[selinux-${RELEASE_TAG}.tar.gz](https://github.com/SELinuxProject/selinux/releases/download/$RELEASE_TAG/selinux-${RELEASE_TAG}.tar.gz) "
+sha256sum "$DEST/selinux-${RELEASE_TAG}.tar.gz" | cut -d " " -f 1
+echo ""
+
echo "And then run:"
echo " cd $WIKIDIR"
echo " git commit -m \"Release $RELEASE_TAG\" -a -s"
--
2.30.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2 1/1] scripts/release: make the script more robust, and release a source repository snapshot
2021-02-01 22:16 [PATCH v2 1/1] scripts/release: make the script more robust, and release a source repository snapshot Nicolas Iooss
@ 2021-02-03 9:34 ` Petr Lautrbach
2021-02-03 9:47 ` Nicolas Iooss
0 siblings, 1 reply; 5+ messages in thread
From: Petr Lautrbach @ 2021-02-03 9:34 UTC (permalink / raw)
To: Nicolas Iooss, selinux
Nicolas Iooss <nicolas.iooss@m4x.org> writes:
> Following Petr Lautrbach's suggestion, release a snapshot of the source
> repository next to the individual archives which constitute a release.
>
> While at it, make scripts/release more robust:
>
> - Fix many warnings reported by shellcheck, by quoting strings.
> - Use bash arrays for DIRS and DIRS_NEED_PREFIX
> - Merge DIRS and DIRS_NEED_PREFIX into a single array, in order to
> produce SHA256 digests that are directly in alphabetical order, for
> https://github.com/SELinuxProject/selinux/wiki/Releases
> - Use "set -e" in order to fail as soon as a command fails
> - Change to the top-level directory at the start of the script, in order
> to be able to run it from anywhere.
> - Use `cat $DIR/VERSION` and `git -C $DIR` instead of `cd $i ; cat VERSION`
> in order to prevent unexpected issues from directory change.
>
> Finally, if version tags already exists, re-use them. This enables using
> this script to re-generate the release archive (and check that they
> really match the git repository). Currently, running scripts/release
> will produce the same archives as the ones published in the 3.2-rc1
> release (with the same SHA256 digests as the ones on the release page,
> https://github.com/SELinuxProject/selinux/wiki/Releases). This helps to
> ensure that the behaviour of the script is still fine.
>
> Suggested-by: Petr Lautrbach <plautrba@redhat.com>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
> ---
> scripts/release | 95 +++++++++++++++++++++++++++++++------------------
> 1 file changed, 60 insertions(+), 35 deletions(-)
>
> diff --git a/scripts/release b/scripts/release
> index 895a0e1ca1a1..21e30ff54b80 100755
> --- a/scripts/release
> +++ b/scripts/release
> @@ -1,43 +1,57 @@
> #!/bin/bash
>
> -PWD=`pwd`
> -WIKIDIR=../selinux.wiki
> -
> -if [ \! -d $WIKIDIR ]; then
> - git clone git@github.com:SELinuxProject/selinux.wiki.git $WIKIDIR
> -fi
> +# Fail when a command fails
> +set -e
>
> -RELEASE_TAG=`cat VERSION`
> -DEST=releases/$RELEASE_TAG
> -DIRS="libsepol libselinux libsemanage checkpolicy secilc policycoreutils mcstrans restorecond semodule-utils"
> -DIRS_NEED_PREFIX="dbus gui python sandbox"
> +# Ensure the script is running from the top level directory
> +cd "$(dirname -- "$0")/.."
>
> -git tag -a $RELEASE_TAG -m "Release $RELEASE_TAG"
> +WIKIDIR=../selinux.wiki
>
> -rm -rf $DEST
> -mkdir -p $DEST
> +if ! [ -d "$WIKIDIR" ]; then
> + git clone git@github.com:SELinuxProject/selinux.wiki.git "$WIKIDIR"
> +fi
>
> -for i in $DIRS; do
> - cd $i
> - VERS=`cat VERSION`
> - ARCHIVE=$i-$VERS.tar.gz
> - git tag $i-$VERS > /dev/null 2>&1
> - git archive -o ../$DEST/$ARCHIVE --prefix=$i-$VERS/ $i-$VERS
> - cd ..
> -done
> +RELEASE_TAG="$(cat VERSION)"
> +DEST="releases/$RELEASE_TAG"
> +DIRS=(
> + checkpolicy
> + libselinux
> + libsemanage
> + libsepol
> + mcstrans
> + policycoreutils
> + restorecond
> + secilc
> + selinux-dbus
> + selinux-gui
> + selinux-python
> + selinux-sandbox
> + semodule-utils
> +)
> +
> +if git rev-parse "$RELEASE_TAG" > /dev/null ; then
> + echo "Warning: tag $RELEASE_TAG already exists"
> +else
> + git tag -a "$RELEASE_TAG" -m "Release $RELEASE_TAG"
> +fi
fatal: ambiguous argument '3.2-rc2': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions, like this:
'git <command> [<revision>...] -- [<file>...]'
> -for i in $DIRS_NEED_PREFIX; do
> - cd $i
> - VERS=`cat VERSION`
> - ARCHIVE=selinux-$i-$VERS.tar.gz
> - git tag selinux-$i-$VERS > /dev/null 2>&1
> - git archive -o ../$DEST/$ARCHIVE --prefix=selinux-$i-$VERS/ selinux-$i-$VERS
> - cd ..
> +rm -rf "$DEST"
> +mkdir -p "$DEST"
> +
> +for COMPONENT in "${DIRS[@]}"; do
> + DIR="${COMPONENT#selinux-}"
> + VERS="$(cat "$DIR/VERSION")"
> + TAG="$COMPONENT-$VERS"
> + if git rev-parse "$TAG" > /dev/null ; then
> + echo "Warning: tag $TAG already exists"
> + else
> + git tag "$TAG" > /dev/null
> + fi
fatal: ambiguous argument 'checkpolicy-3.2-rc2': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions, like this:
'git <command> [<revision>...] -- [<file>...]'
The following change fixes both:
--- a/scripts/release
+++ b/scripts/release
@@ -30,7 +30,7 @@ DIRS=(
semodule-utils
)
-if git rev-parse "$RELEASE_TAG" > /dev/null ; then
+if git rev-parse "$RELEASE_TAG" &> /dev/null ; then
echo "Warning: tag $RELEASE_TAG already exists"
else
git tag -a "$RELEASE_TAG" -m "Release $RELEASE_TAG"
@@ -43,7 +43,7 @@ for COMPONENT in "${DIRS[@]}"; do
DIR="${COMPONENT#selinux-}"
VERS="$(cat "$DIR/VERSION")"
TAG="$COMPONENT-$VERS"
- if git rev-parse "$TAG" > /dev/null ; then
+ if git rev-parse "$TAG" &> /dev/null ; then
echo "Warning: tag $TAG already exists"
else
git tag "$TAG" > /dev/null
> + git -C "$DIR" archive -o "../$DEST/$TAG.tar.gz" --prefix="$TAG/" "$TAG"
> done
>
> -cd $DEST
> -
> -git add .
> +git archive -o "$DEST/selinux-${RELEASE_TAG}.tar.gz" --prefix="selinux-${RELEASE_TAG}/" "${RELEASE_TAG}"
>
> echo "Add the following to the $WIKIDIR/Releases.md wiki page:"
>
> @@ -54,13 +68,24 @@ echo ""
> echo "[short log](https://github.com/SELinuxProject/selinux/releases/download/$RELEASE_TAG/shortlog-$RELEASE_TAG.txt)"
> echo ""
>
> -for i in *.tar.gz; do
> -
> - echo -n "[$i](https://github.com/SELinuxProject/selinux/releases/download/$RELEASE_TAG/$i) "
> - sha256sum $i | cut -d " " -f 1
> +for COMPONENT in "${DIRS[@]}"; do
> + DIR="${COMPONENT#selinux-}"
> + VERS="$(cat "$DIR/VERSION")"
> + TAG="$COMPONENT-$VERS"
> + tarball="$TAG.tar.gz"
> + echo -n "[$tarball](https://github.com/SELinuxProject/selinux/releases/download/$RELEASE_TAG/$tarball) "
> + sha256sum "$DEST/$tarball" | cut -d " " -f 1
> echo ""
> done
>
> +echo "### Source repository snapshot"
> +
> +echo ""
> +
> +echo -n "[selinux-${RELEASE_TAG}.tar.gz](https://github.com/SELinuxProject/selinux/releases/download/$RELEASE_TAG/selinux-${RELEASE_TAG}.tar.gz) "
> +sha256sum "$DEST/selinux-${RELEASE_TAG}.tar.gz" | cut -d " " -f 1
> +echo ""
> +
> echo "And then run:"
> echo " cd $WIKIDIR"
> echo " git commit -m \"Release $RELEASE_TAG\" -a -s"
> --
> 2.30.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2 1/1] scripts/release: make the script more robust, and release a source repository snapshot
2021-02-03 9:34 ` Petr Lautrbach
@ 2021-02-03 9:47 ` Nicolas Iooss
2021-02-03 9:58 ` Petr Lautrbach
0 siblings, 1 reply; 5+ messages in thread
From: Nicolas Iooss @ 2021-02-03 9:47 UTC (permalink / raw)
To: Petr Lautrbach; +Cc: SElinux list
On Wed, Feb 3, 2021 at 10:34 AM Petr Lautrbach <plautrba@redhat.com> wrote:
>
> Nicolas Iooss <nicolas.iooss@m4x.org> writes:
>
> > Following Petr Lautrbach's suggestion, release a snapshot of the source
> > repository next to the individual archives which constitute a release.
> >
> > While at it, make scripts/release more robust:
> >
> > - Fix many warnings reported by shellcheck, by quoting strings.
> > - Use bash arrays for DIRS and DIRS_NEED_PREFIX
> > - Merge DIRS and DIRS_NEED_PREFIX into a single array, in order to
> > produce SHA256 digests that are directly in alphabetical order, for
> > https://github.com/SELinuxProject/selinux/wiki/Releases
> > - Use "set -e" in order to fail as soon as a command fails
> > - Change to the top-level directory at the start of the script, in order
> > to be able to run it from anywhere.
> > - Use `cat $DIR/VERSION` and `git -C $DIR` instead of `cd $i ; cat VERSION`
> > in order to prevent unexpected issues from directory change.
> >
> > Finally, if version tags already exists, re-use them. This enables using
> > this script to re-generate the release archive (and check that they
> > really match the git repository). Currently, running scripts/release
> > will produce the same archives as the ones published in the 3.2-rc1
> > release (with the same SHA256 digests as the ones on the release page,
> > https://github.com/SELinuxProject/selinux/wiki/Releases). This helps to
> > ensure that the behaviour of the script is still fine.
> >
> > Suggested-by: Petr Lautrbach <plautrba@redhat.com>
> > Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
> > ---
> > scripts/release | 95 +++++++++++++++++++++++++++++++------------------
> > 1 file changed, 60 insertions(+), 35 deletions(-)
> >
> > diff --git a/scripts/release b/scripts/release
> > index 895a0e1ca1a1..21e30ff54b80 100755
> > --- a/scripts/release
> > +++ b/scripts/release
> > @@ -1,43 +1,57 @@
> > #!/bin/bash
> >
> > -PWD=`pwd`
> > -WIKIDIR=../selinux.wiki
> > -
> > -if [ \! -d $WIKIDIR ]; then
> > - git clone git@github.com:SELinuxProject/selinux.wiki.git $WIKIDIR
> > -fi
> > +# Fail when a command fails
> > +set -e
> >
> > -RELEASE_TAG=`cat VERSION`
> > -DEST=releases/$RELEASE_TAG
> > -DIRS="libsepol libselinux libsemanage checkpolicy secilc policycoreutils mcstrans restorecond semodule-utils"
> > -DIRS_NEED_PREFIX="dbus gui python sandbox"
> > +# Ensure the script is running from the top level directory
> > +cd "$(dirname -- "$0")/.."
> >
> > -git tag -a $RELEASE_TAG -m "Release $RELEASE_TAG"
> > +WIKIDIR=../selinux.wiki
> >
> > -rm -rf $DEST
> > -mkdir -p $DEST
> > +if ! [ -d "$WIKIDIR" ]; then
> > + git clone git@github.com:SELinuxProject/selinux.wiki.git "$WIKIDIR"
> > +fi
> >
> > -for i in $DIRS; do
> > - cd $i
> > - VERS=`cat VERSION`
> > - ARCHIVE=$i-$VERS.tar.gz
> > - git tag $i-$VERS > /dev/null 2>&1
> > - git archive -o ../$DEST/$ARCHIVE --prefix=$i-$VERS/ $i-$VERS
> > - cd ..
> > -done
> > +RELEASE_TAG="$(cat VERSION)"
> > +DEST="releases/$RELEASE_TAG"
> > +DIRS=(
> > + checkpolicy
> > + libselinux
> > + libsemanage
> > + libsepol
> > + mcstrans
> > + policycoreutils
> > + restorecond
> > + secilc
> > + selinux-dbus
> > + selinux-gui
> > + selinux-python
> > + selinux-sandbox
> > + semodule-utils
> > +)
> > +
> > +if git rev-parse "$RELEASE_TAG" > /dev/null ; then
> > + echo "Warning: tag $RELEASE_TAG already exists"
> > +else
> > + git tag -a "$RELEASE_TAG" -m "Release $RELEASE_TAG"
> > +fi
>
> fatal: ambiguous argument '3.2-rc2': unknown revision or path not in the working tree.
> Use '--' to separate paths from revisions, like this:
> 'git <command> [<revision>...] -- [<file>...]'
>
>
> > -for i in $DIRS_NEED_PREFIX; do
> > - cd $i
> > - VERS=`cat VERSION`
> > - ARCHIVE=selinux-$i-$VERS.tar.gz
> > - git tag selinux-$i-$VERS > /dev/null 2>&1
> > - git archive -o ../$DEST/$ARCHIVE --prefix=selinux-$i-$VERS/ selinux-$i-$VERS
> > - cd ..
> > +rm -rf "$DEST"
> > +mkdir -p "$DEST"
> > +
> > +for COMPONENT in "${DIRS[@]}"; do
> > + DIR="${COMPONENT#selinux-}"
> > + VERS="$(cat "$DIR/VERSION")"
> > + TAG="$COMPONENT-$VERS"
> > + if git rev-parse "$TAG" > /dev/null ; then
> > + echo "Warning: tag $TAG already exists"
> > + else
> > + git tag "$TAG" > /dev/null
> > + fi
>
> fatal: ambiguous argument 'checkpolicy-3.2-rc2': unknown revision or path not in the working tree.
> Use '--' to separate paths from revisions, like this:
> 'git <command> [<revision>...] -- [<file>...]'
>
> The following change fixes both:
>
> --- a/scripts/release
> +++ b/scripts/release
> @@ -30,7 +30,7 @@ DIRS=(
> semodule-utils
> )
>
> -if git rev-parse "$RELEASE_TAG" > /dev/null ; then
> +if git rev-parse "$RELEASE_TAG" &> /dev/null ; then
> echo "Warning: tag $RELEASE_TAG already exists"
> else
> git tag -a "$RELEASE_TAG" -m "Release $RELEASE_TAG"
> @@ -43,7 +43,7 @@ for COMPONENT in "${DIRS[@]}"; do
> DIR="${COMPONENT#selinux-}"
> VERS="$(cat "$DIR/VERSION")"
> TAG="$COMPONENT-$VERS"
> - if git rev-parse "$TAG" > /dev/null ; then
> + if git rev-parse "$TAG" &> /dev/null ; then
> echo "Warning: tag $TAG already exists"
> else
> git tag "$TAG" > /dev/null
Oops, indeed. The errors do not seem to be fatal, but yes, it is
better to hide them, like you suggest. You can modify my patch with
this change, or write a patch.
Anyway, your suggestion looks good to me.
Thanks!
Nicolas
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2 1/1] scripts/release: make the script more robust, and release a source repository snapshot
2021-02-03 9:47 ` Nicolas Iooss
@ 2021-02-03 9:58 ` Petr Lautrbach
2021-02-03 12:07 ` Petr Lautrbach
0 siblings, 1 reply; 5+ messages in thread
From: Petr Lautrbach @ 2021-02-03 9:58 UTC (permalink / raw)
To: SElinux list; +Cc: Nicolas Iooss
Nicolas Iooss <nicolas.iooss@m4x.org> writes:
> On Wed, Feb 3, 2021 at 10:34 AM Petr Lautrbach <plautrba@redhat.com> wrote:
>>
>> Nicolas Iooss <nicolas.iooss@m4x.org> writes:
>>
>> > Following Petr Lautrbach's suggestion, release a snapshot of the source
>> > repository next to the individual archives which constitute a release.
>> >
>> > While at it, make scripts/release more robust:
>> >
>> > - Fix many warnings reported by shellcheck, by quoting strings.
>> > - Use bash arrays for DIRS and DIRS_NEED_PREFIX
>> > - Merge DIRS and DIRS_NEED_PREFIX into a single array, in order to
>> > produce SHA256 digests that are directly in alphabetical order, for
>> > https://github.com/SELinuxProject/selinux/wiki/Releases
>> > - Use "set -e" in order to fail as soon as a command fails
>> > - Change to the top-level directory at the start of the script, in order
>> > to be able to run it from anywhere.
>> > - Use `cat $DIR/VERSION` and `git -C $DIR` instead of `cd $i ; cat VERSION`
>> > in order to prevent unexpected issues from directory change.
>> >
>> > Finally, if version tags already exists, re-use them. This enables using
>> > this script to re-generate the release archive (and check that they
>> > really match the git repository). Currently, running scripts/release
>> > will produce the same archives as the ones published in the 3.2-rc1
>> > release (with the same SHA256 digests as the ones on the release page,
>> > https://github.com/SELinuxProject/selinux/wiki/Releases). This helps to
>> > ensure that the behaviour of the script is still fine.
>> >
>> > Suggested-by: Petr Lautrbach <plautrba@redhat.com>
>> > Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
>> > ---
>> > scripts/release | 95 +++++++++++++++++++++++++++++++------------------
>> > 1 file changed, 60 insertions(+), 35 deletions(-)
>> >
>> > diff --git a/scripts/release b/scripts/release
>> > index 895a0e1ca1a1..21e30ff54b80 100755
>> > --- a/scripts/release
>> > +++ b/scripts/release
>> > @@ -1,43 +1,57 @@
>> > #!/bin/bash
>> >
>> > -PWD=`pwd`
>> > -WIKIDIR=../selinux.wiki
>> > -
>> > -if [ \! -d $WIKIDIR ]; then
>> > - git clone git@github.com:SELinuxProject/selinux.wiki.git $WIKIDIR
>> > -fi
>> > +# Fail when a command fails
>> > +set -e
>> >
>> > -RELEASE_TAG=`cat VERSION`
>> > -DEST=releases/$RELEASE_TAG
>> > -DIRS="libsepol libselinux libsemanage checkpolicy secilc policycoreutils mcstrans restorecond semodule-utils"
>> > -DIRS_NEED_PREFIX="dbus gui python sandbox"
>> > +# Ensure the script is running from the top level directory
>> > +cd "$(dirname -- "$0")/.."
>> >
>> > -git tag -a $RELEASE_TAG -m "Release $RELEASE_TAG"
>> > +WIKIDIR=../selinux.wiki
>> >
>> > -rm -rf $DEST
>> > -mkdir -p $DEST
>> > +if ! [ -d "$WIKIDIR" ]; then
>> > + git clone git@github.com:SELinuxProject/selinux.wiki.git "$WIKIDIR"
>> > +fi
>> >
>> > -for i in $DIRS; do
>> > - cd $i
>> > - VERS=`cat VERSION`
>> > - ARCHIVE=$i-$VERS.tar.gz
>> > - git tag $i-$VERS > /dev/null 2>&1
>> > - git archive -o ../$DEST/$ARCHIVE --prefix=$i-$VERS/ $i-$VERS
>> > - cd ..
>> > -done
>> > +RELEASE_TAG="$(cat VERSION)"
>> > +DEST="releases/$RELEASE_TAG"
>> > +DIRS=(
>> > + checkpolicy
>> > + libselinux
>> > + libsemanage
>> > + libsepol
>> > + mcstrans
>> > + policycoreutils
>> > + restorecond
>> > + secilc
>> > + selinux-dbus
>> > + selinux-gui
>> > + selinux-python
>> > + selinux-sandbox
>> > + semodule-utils
>> > +)
>> > +
>> > +if git rev-parse "$RELEASE_TAG" > /dev/null ; then
>> > + echo "Warning: tag $RELEASE_TAG already exists"
>> > +else
>> > + git tag -a "$RELEASE_TAG" -m "Release $RELEASE_TAG"
>> > +fi
>>
>> fatal: ambiguous argument '3.2-rc2': unknown revision or path not in the working tree.
>> Use '--' to separate paths from revisions, like this:
>> 'git <command> [<revision>...] -- [<file>...]'
>>
>>
>> > -for i in $DIRS_NEED_PREFIX; do
>> > - cd $i
>> > - VERS=`cat VERSION`
>> > - ARCHIVE=selinux-$i-$VERS.tar.gz
>> > - git tag selinux-$i-$VERS > /dev/null 2>&1
>> > - git archive -o ../$DEST/$ARCHIVE --prefix=selinux-$i-$VERS/ selinux-$i-$VERS
>> > - cd ..
>> > +rm -rf "$DEST"
>> > +mkdir -p "$DEST"
>> > +
>> > +for COMPONENT in "${DIRS[@]}"; do
>> > + DIR="${COMPONENT#selinux-}"
>> > + VERS="$(cat "$DIR/VERSION")"
>> > + TAG="$COMPONENT-$VERS"
>> > + if git rev-parse "$TAG" > /dev/null ; then
>> > + echo "Warning: tag $TAG already exists"
>> > + else
>> > + git tag "$TAG" > /dev/null
>> > + fi
>>
>> fatal: ambiguous argument 'checkpolicy-3.2-rc2': unknown revision or path not in the working tree.
>> Use '--' to separate paths from revisions, like this:
>> 'git <command> [<revision>...] -- [<file>...]'
>>
>> The following change fixes both:
>>
>> --- a/scripts/release
>> +++ b/scripts/release
>> @@ -30,7 +30,7 @@ DIRS=(
>> semodule-utils
>> )
>>
>> -if git rev-parse "$RELEASE_TAG" > /dev/null ; then
>> +if git rev-parse "$RELEASE_TAG" &> /dev/null ; then
>> echo "Warning: tag $RELEASE_TAG already exists"
>> else
>> git tag -a "$RELEASE_TAG" -m "Release $RELEASE_TAG"
>> @@ -43,7 +43,7 @@ for COMPONENT in "${DIRS[@]}"; do
>> DIR="${COMPONENT#selinux-}"
>> VERS="$(cat "$DIR/VERSION")"
>> TAG="$COMPONENT-$VERS"
>> - if git rev-parse "$TAG" > /dev/null ; then
>> + if git rev-parse "$TAG" &> /dev/null ; then
>> echo "Warning: tag $TAG already exists"
>> else
>> git tag "$TAG" > /dev/null
>
> Oops, indeed. The errors do not seem to be fatal, but yes, it is
> better to hide them, like you suggest. You can modify my patch with
> this change, or write a patch.
>
> Anyway, your suggestion looks good to me.
I'm just preparing 3.2-rc2 so I'm going to modify your patch, merge and
use it for the new release.
>
> Thanks!
> Nicolas
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2 1/1] scripts/release: make the script more robust, and release a source repository snapshot
2021-02-03 9:58 ` Petr Lautrbach
@ 2021-02-03 12:07 ` Petr Lautrbach
0 siblings, 0 replies; 5+ messages in thread
From: Petr Lautrbach @ 2021-02-03 12:07 UTC (permalink / raw)
To: SElinux list; +Cc: Nicolas Iooss
Petr Lautrbach <plautrba@redhat.com> writes:
> Nicolas Iooss <nicolas.iooss@m4x.org> writes:
>
>> On Wed, Feb 3, 2021 at 10:34 AM Petr Lautrbach <plautrba@redhat.com> wrote:
>>>
>>> Nicolas Iooss <nicolas.iooss@m4x.org> writes:
>>>
>>> > Following Petr Lautrbach's suggestion, release a snapshot of the source
>>> > repository next to the individual archives which constitute a release.
>>> >
>>> > While at it, make scripts/release more robust:
>>> >
>>> > - Fix many warnings reported by shellcheck, by quoting strings.
>>> > - Use bash arrays for DIRS and DIRS_NEED_PREFIX
>>> > - Merge DIRS and DIRS_NEED_PREFIX into a single array, in order to
>>> > produce SHA256 digests that are directly in alphabetical order, for
>>> > https://github.com/SELinuxProject/selinux/wiki/Releases
>>> > - Use "set -e" in order to fail as soon as a command fails
>>> > - Change to the top-level directory at the start of the script, in order
>>> > to be able to run it from anywhere.
>>> > - Use `cat $DIR/VERSION` and `git -C $DIR` instead of `cd $i ; cat VERSION`
>>> > in order to prevent unexpected issues from directory change.
>>> >
>>> > Finally, if version tags already exists, re-use them. This enables using
>>> > this script to re-generate the release archive (and check that they
>>> > really match the git repository). Currently, running scripts/release
>>> > will produce the same archives as the ones published in the 3.2-rc1
>>> > release (with the same SHA256 digests as the ones on the release page,
>>> > https://github.com/SELinuxProject/selinux/wiki/Releases). This helps to
>>> > ensure that the behaviour of the script is still fine.
>>> >
>>> > Suggested-by: Petr Lautrbach <plautrba@redhat.com>
>>> > Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
>>> > ---
>>> > scripts/release | 95 +++++++++++++++++++++++++++++++------------------
>>> > 1 file changed, 60 insertions(+), 35 deletions(-)
>>> >
>>> > diff --git a/scripts/release b/scripts/release
>>> > index 895a0e1ca1a1..21e30ff54b80 100755
>>> > --- a/scripts/release
>>> > +++ b/scripts/release
>>> > @@ -1,43 +1,57 @@
>>> > #!/bin/bash
>>> >
>>> > -PWD=`pwd`
>>> > -WIKIDIR=../selinux.wiki
>>> > -
>>> > -if [ \! -d $WIKIDIR ]; then
>>> > - git clone git@github.com:SELinuxProject/selinux.wiki.git $WIKIDIR
>>> > -fi
>>> > +# Fail when a command fails
>>> > +set -e
>>> >
>>> > -RELEASE_TAG=`cat VERSION`
>>> > -DEST=releases/$RELEASE_TAG
>>> > -DIRS="libsepol libselinux libsemanage checkpolicy secilc policycoreutils mcstrans restorecond semodule-utils"
>>> > -DIRS_NEED_PREFIX="dbus gui python sandbox"
>>> > +# Ensure the script is running from the top level directory
>>> > +cd "$(dirname -- "$0")/.."
>>> >
>>> > -git tag -a $RELEASE_TAG -m "Release $RELEASE_TAG"
>>> > +WIKIDIR=../selinux.wiki
>>> >
>>> > -rm -rf $DEST
>>> > -mkdir -p $DEST
>>> > +if ! [ -d "$WIKIDIR" ]; then
>>> > + git clone git@github.com:SELinuxProject/selinux.wiki.git "$WIKIDIR"
>>> > +fi
>>> >
>>> > -for i in $DIRS; do
>>> > - cd $i
>>> > - VERS=`cat VERSION`
>>> > - ARCHIVE=$i-$VERS.tar.gz
>>> > - git tag $i-$VERS > /dev/null 2>&1
>>> > - git archive -o ../$DEST/$ARCHIVE --prefix=$i-$VERS/ $i-$VERS
>>> > - cd ..
>>> > -done
>>> > +RELEASE_TAG="$(cat VERSION)"
>>> > +DEST="releases/$RELEASE_TAG"
>>> > +DIRS=(
>>> > + checkpolicy
>>> > + libselinux
>>> > + libsemanage
>>> > + libsepol
>>> > + mcstrans
>>> > + policycoreutils
>>> > + restorecond
>>> > + secilc
>>> > + selinux-dbus
>>> > + selinux-gui
>>> > + selinux-python
>>> > + selinux-sandbox
>>> > + semodule-utils
>>> > +)
>>> > +
>>> > +if git rev-parse "$RELEASE_TAG" > /dev/null ; then
>>> > + echo "Warning: tag $RELEASE_TAG already exists"
>>> > +else
>>> > + git tag -a "$RELEASE_TAG" -m "Release $RELEASE_TAG"
>>> > +fi
>>>
>>> fatal: ambiguous argument '3.2-rc2': unknown revision or path not in the working tree.
>>> Use '--' to separate paths from revisions, like this:
>>> 'git <command> [<revision>...] -- [<file>...]'
>>>
>>>
>>> > -for i in $DIRS_NEED_PREFIX; do
>>> > - cd $i
>>> > - VERS=`cat VERSION`
>>> > - ARCHIVE=selinux-$i-$VERS.tar.gz
>>> > - git tag selinux-$i-$VERS > /dev/null 2>&1
>>> > - git archive -o ../$DEST/$ARCHIVE --prefix=selinux-$i-$VERS/ selinux-$i-$VERS
>>> > - cd ..
>>> > +rm -rf "$DEST"
>>> > +mkdir -p "$DEST"
>>> > +
>>> > +for COMPONENT in "${DIRS[@]}"; do
>>> > + DIR="${COMPONENT#selinux-}"
>>> > + VERS="$(cat "$DIR/VERSION")"
>>> > + TAG="$COMPONENT-$VERS"
>>> > + if git rev-parse "$TAG" > /dev/null ; then
>>> > + echo "Warning: tag $TAG already exists"
>>> > + else
>>> > + git tag "$TAG" > /dev/null
>>> > + fi
>>>
>>> fatal: ambiguous argument 'checkpolicy-3.2-rc2': unknown revision or path not in the working tree.
>>> Use '--' to separate paths from revisions, like this:
>>> 'git <command> [<revision>...] -- [<file>...]'
>>>
>>> The following change fixes both:
>>>
>>> --- a/scripts/release
>>> +++ b/scripts/release
>>> @@ -30,7 +30,7 @@ DIRS=(
>>> semodule-utils
>>> )
>>>
>>> -if git rev-parse "$RELEASE_TAG" > /dev/null ; then
>>> +if git rev-parse "$RELEASE_TAG" &> /dev/null ; then
>>> echo "Warning: tag $RELEASE_TAG already exists"
>>> else
>>> git tag -a "$RELEASE_TAG" -m "Release $RELEASE_TAG"
>>> @@ -43,7 +43,7 @@ for COMPONENT in "${DIRS[@]}"; do
>>> DIR="${COMPONENT#selinux-}"
>>> VERS="$(cat "$DIR/VERSION")"
>>> TAG="$COMPONENT-$VERS"
>>> - if git rev-parse "$TAG" > /dev/null ; then
>>> + if git rev-parse "$TAG" &> /dev/null ; then
>>> echo "Warning: tag $TAG already exists"
>>> else
>>> git tag "$TAG" > /dev/null
>>
>> Oops, indeed. The errors do not seem to be fatal, but yes, it is
>> better to hide them, like you suggest. You can modify my patch with
>> this change, or write a patch.
>>
>> Anyway, your suggestion looks good to me.
>
>
> I'm just preparing 3.2-rc2 so I'm going to modify your patch, merge and
> use it for the new release.
>
>
It's merged now. Thanks!
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-02-03 12:09 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-01 22:16 [PATCH v2 1/1] scripts/release: make the script more robust, and release a source repository snapshot Nicolas Iooss
2021-02-03 9:34 ` Petr Lautrbach
2021-02-03 9:47 ` Nicolas Iooss
2021-02-03 9:58 ` Petr Lautrbach
2021-02-03 12:07 ` Petr Lautrbach
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.