zebra.lucky
/
electrum
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

release process: split release.sh into two 

This allows the add_cosigner workflow to be done before the website links to new binaries.
(so Emzy or other builders can try to reproduce builds and add signatures before new binaries are fully live)
SomberNight 3 years ago
parent
8b5aa5c433
commit
697c700a1f
No known key found for this signature in database
GPG Key ID: B33B5F232C6271E9
5 changed files with 135 additions and 37 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 13
      contrib/add_cosigner
  2. 49
      contrib/release.sh
  3. 57
      contrib/release_www.sh
  4. 35
      contrib/trigger_deploy.sh
  5. 18
      contrib/upload.sh

13
contrib/add_cosigner
Unescape View File

@ -3,12 +3,15 @@
# This script is part of the workflow for BUILDERs to reproduce and sign the # This script is part of the workflow for BUILDERs to reproduce and sign the
# release binaries. (for builders who do not have sftp access to "electrum-downloads-airlock") # release binaries. (for builders who do not have sftp access to "electrum-downloads-airlock")
# #
# env vars:
# - SSHUSER
#
#
# - BUILDER builds all binaries and checks they match the official releases # - BUILDER builds all binaries and checks they match the official releases
# (using release.sh, and perhaps some manual steps) # (using release.sh, and perhaps some manual steps)
# - BUILDER creates a PR against https://github.com/spesmilo/electrum-signatures/ # - BUILDER creates a PR against https://github.com/spesmilo/electrum-signatures/
# to add their sigs for a given release, which then gets merged # to add their sigs for a given release, which then gets merged
# - SFTPUSER runs `$ electrum/contrib/add_cosigner $BUILDER` # - SFTPUSER runs `$ SSHUSER=$SFTPUSER electrum/contrib/add_cosigner $BUILDER`
# - SFTPUSER runs `$ SSHUSER=$SFTPUSER electrum/contrib/upload.sh`
# - SFTPUSER runs `$ electrum/contrib/make_download $WWW_DIR` # - SFTPUSER runs `$ electrum/contrib/make_download $WWW_DIR`
# - $ (cd $WWW_DIR; git commit -a -m "add_cosigner"; git push) # - $ (cd $WWW_DIR; git commit -a -m "add_cosigner"; git push)
# - SFTPUSER runs `$ electrum-web/publish.sh $SFTPUSER` # - SFTPUSER runs `$ electrum-web/publish.sh $SFTPUSER`
@ -18,6 +21,7 @@ import re
import os import os
import sys import sys
import importlib import importlib
import subprocess
# cd to project root # cd to project root
@ -32,7 +36,7 @@ ELECTRUM_VERSION = version_module.ELECTRUM_VERSION
APK_VERSION = version_module.APK_VERSION APK_VERSION = version_module.APK_VERSION
print("version", ELECTRUM_VERSION) print("version", ELECTRUM_VERSION)
# GPG names of cosigner # GPG name of cosigner
cosigner = sys.argv[1] cosigner = sys.argv[1]
version = version_win = version_mac = ELECTRUM_VERSION version = version_win = version_mac = ELECTRUM_VERSION
@ -63,3 +67,6 @@ for shortname, filename in files.items():
os.system(f"wget -nc {sig_url} -O {sig_path}") os.system(f"wget -nc {sig_url} -O {sig_path}")
if os.system(f"gpg --verify {sig_path} {path}") != 0: if os.system(f"gpg --verify {sig_path} {path}") != 0:
raise Exception(sig_name) raise Exception(sig_name)
print("Calling upload.sh now... This might take some time.")
subprocess.check_output(["./contrib/upload.sh", ])

49
contrib/release.sh
Unescape View File

@ -1,23 +1,19 @@
#!/bin/bash #!/bin/bash
# #
# This script, for the RELEASEMANAGER: # This script is used for stage 1 of the release process. It operates exclusively on the airlock.
# - builds and uploads all binaries, # This script, for the RELEASEMANAGER (RM):
# - builds and uploads all binaries to airlock,
# - assumes all keys are available, and signs everything # - assumes all keys are available, and signs everything
# This script, for other builders: # This script, for other builders:
# - builds all reproducible binaries, # - builds all reproducible binaries,
# - downloads binaries built by the release manager, compares and signs them, # - downloads binaries built by the release manager (from airlock), compares and signs them,
# - and then uploads sigs # - and then uploads sigs
# Note: the .dmg should be built separately beforehand and copied into dist/ # Note: the .dmg should be built separately beforehand and copied into dist/
# (as it is built on a separate machine) # (as it is built on a separate machine)
# #
#
# env vars: # env vars:
# - ELECBUILD_NOCACHE: if set, forces rebuild of docker images # - ELECBUILD_NOCACHE: if set, forces rebuild of docker images
# - WWW_DIR: path to "electrum-web" git clone
#
# additional env vars for the RELEASEMANAGER:
# - for signing the version announcement file:
# - ELECTRUM_SIGNING_ADDRESS (required)
# - ELECTRUM_SIGNING_WALLET (required)
# #
# "uploadserver" is set in /etc/hosts # "uploadserver" is set in /etc/hosts
# #
@ -29,6 +25,20 @@
# - update RELEASE-NOTES and version.py # - update RELEASE-NOTES and version.py
# - $ git tag -s $VERSION -m $VERSION # - $ git tag -s $VERSION -m $VERSION
# #
# -----
# Then, typical release flow:
# - RM runs release.sh
# - Another SFTPUSER BUILDER runs `$ ./release.sh`
# - now airlock contains new binaries and two sigs for each
# - deploy.sh will verify sigs and move binaries across airlock
# - new binaries are now publicly available on uploadserver, but not linked from website yet
# - other BUILDERS can now also try to reproduce binaries and open PRs with sigs against spesmilo/electrum-signatures
# - these PRs can get merged as they come
# - run add_cosigner
# - after some time, RM can run release_www.sh to create and commit website-update
# - then run WWW_DIR/publish.sh to update website
# - at least two people need to run WWW_DIR/publish.sh
#
set -e set -e
@ -42,10 +52,6 @@ cd "$PROJECT_ROOT"
# rm -rf dist/* # rm -rf dist/*
# rm -f .buildozer # rm -f .buildozer
if [ -z "$WWW_DIR" ] ; then
WWW_DIR=/opt/electrum-web
fi
GPGUSER=$1 GPGUSER=$1
if [ -z "$GPGUSER" ]; then if [ -z "$GPGUSER" ]; then
fail "usage: $0 gpg_username" fail "usage: $0 gpg_username"
@ -247,13 +253,6 @@ else
cd "$PROJECT_ROOT" cd "$PROJECT_ROOT"
info "updating www repo"
./contrib/make_download $WWW_DIR
info "signing the version announcement file"
sig=$(./run_electrum -o signmessage $ELECTRUM_SIGNING_ADDRESS $VERSION -w $ELECTRUM_SIGNING_WALLET)
echo "{ \"version\":\"$VERSION\", \"signatures\":{ \"$ELECTRUM_SIGNING_ADDRESS\":\"$sig\"}}" > $WWW_DIR/version
if [ $REV != $VERSION ]; then if [ $REV != $VERSION ]; then
fail "versions differ, not uploading" fail "versions differ, not uploading"
fi fi
@ -266,14 +265,10 @@ else
touch dist/uploaded touch dist/uploaded
fi fi
# push changes to website repo
pushd $WWW_DIR
git diff
git commit -a -m "version $VERSION"
git push
popd
fi fi
info "release.sh finished successfully." info "release.sh finished successfully."
info "now you should run WWW_DIR/publish.sh to sign the website commit and upload signature" info "After two people ran release.sh, the binaries will be publicly available on uploadserver."
info "Then, we wait for additional signers, and run add_cosigner for them."
info "Finally, release_www.sh needs to be run, for the website to be updated."

57
contrib/release_www.sh
Unescape View File

@ -0,0 +1,57 @@
#!/bin/bash
#
# env vars:
# - WWW_DIR: path to "electrum-web" git clone
# - for signing the version announcement file:
# - ELECTRUM_SIGNING_ADDRESS (required)
# - ELECTRUM_SIGNING_WALLET (required)
#
set -e
PROJECT_ROOT="$(dirname "$(readlink -e "$0")")/.."
CONTRIB="$PROJECT_ROOT/contrib"
cd "$PROJECT_ROOT"
. "$CONTRIB"/build_tools_util.sh
echo -n "Remember to run add_cosigner to add any additional sigs. Continue (y/n)? "
read answer
if [ "$answer" != "y" ]; then
echo "exit"
exit 1
fi
if [ -z "$WWW_DIR" ] ; then
WWW_DIR=/opt/electrum-web
fi
if [ -z "$ELECTRUM_SIGNING_WALLET" ] || [ -z "$ELECTRUM_SIGNING_ADDRESS" ]; then
echo "You need to set env vars ELECTRUM_SIGNING_WALLET and ELECTRUM_SIGNING_ADDRESS!"
exit 1
fi
VERSION=$(python3 -c "import electrum; print(electrum.version.ELECTRUM_VERSION)")
info "VERSION: $VERSION"
set -x
info "updating www repo"
./contrib/make_download "$WWW_DIR"
info "signing the version announcement file"
sig=$(./run_electrum -o signmessage $ELECTRUM_SIGNING_ADDRESS $VERSION -w $ELECTRUM_SIGNING_WALLET)
echo "{ \"version\":\"$VERSION\", \"signatures\":{ \"$ELECTRUM_SIGNING_ADDRESS\":\"$sig\"}}" > "$WWW_DIR"/version
# push changes to website repo
pushd "$WWW_DIR"
git diff
git commit -a -m "version $VERSION"
git push
popd
info "release_www.sh finished successfully."
info "now you should run WWW_DIR/publish.sh to sign the website commit and upload signature"

35
contrib/trigger_deploy.sh
Unescape View File

@ -0,0 +1,35 @@
#!/bin/bash
# Triggers deploy.sh to maybe update the website or move binaries.
# uploadserver needs to be defined in /etc/hosts
SSHUSER=$1
TRIGGERVERSION=$2
if [ -z $SSHUSER ] || [ -z TRIGGERVERSION ]; then
echo "usage: $0 SSHUSER TRIGGERVERSION"
echo "e.g. $0 thomasv 3.0.0"
echo "e.g. $0 thomasv website"
exit 1
fi
set -ex
cd "$(dirname "$0")"
if [ "$TRIGGERVERSION" == "website" ]; then
rm -f trigger_website
touch trigger_website
echo "uploading file: trigger_website..."
sftp -oBatchMode=no -b - "$SSHUSER@uploadserver" << !
cd electrum-downloads-airlock
mput trigger_website
bye
!
else
rm -f trigger_binaries
printf "$TRIGGERVERSION" > trigger_binaries
echo "uploading file: trigger_binaries..."
sftp -oBatchMode=no -b - "$SSHUSER@uploadserver" << !
cd electrum-downloads-airlock
mput trigger_binaries
bye
!
fi

18
contrib/upload.sh
Unescape View File

@ -5,9 +5,10 @@
# - ELECBUILD_UPLOADFROM # - ELECBUILD_UPLOADFROM
# - SSHUSER # - SSHUSER
set -e set -ex
PROJECT_ROOT="$(dirname "$(readlink -e "$0")")/.." PROJECT_ROOT="$(dirname "$(readlink -e "$0")")/.."
CONTRIB="$PROJECT_ROOT/contrib"
if [ -z "$SSHUSER" ]; then if [ -z "$SSHUSER" ]; then
SSHUSER=thomasv SSHUSER=thomasv
@ -15,8 +16,8 @@ fi
cd "$PROJECT_ROOT" cd "$PROJECT_ROOT"
version=$(git describe --tags --abbrev=0) VERSION=$(python3 -c "import electrum; print(electrum.version.ELECTRUM_VERSION)")
echo $version echo "$VERSION"
if [ -z "$ELECBUILD_UPLOADFROM" ]; then if [ -z "$ELECBUILD_UPLOADFROM" ]; then
cd "$PROJECT_ROOT/dist" cd "$PROJECT_ROOT/dist"
@ -30,9 +31,12 @@ fi
sftp -oBatchMode=no -b - "$SSHUSER@uploadserver" << ! sftp -oBatchMode=no -b - "$SSHUSER@uploadserver" << !
cd electrum-downloads-airlock cd electrum-downloads-airlock
-mkdir "$version" -mkdir "$VERSION"
-chmod 777 "$version" -chmod 777 "$VERSION"
cd "$version" cd "$VERSION"
mput * -mput *
-chmod 444 * # this prevents future re-uploads of same file
bye bye
! !
"$CONTRIB/trigger_deploy.sh" "$SSHUSER" "$VERSION"

Write Preview
Loading…
Cancel
Save