1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
#!/bin/bash
# The script builds a source package
# Usage
display_usage() {
echo "Usage: $0 [tag]"
}
if [ $# -lt 1 ]
then
display_usage
exit 1
fi
# Input validation
TAG=$1
if [ "${TAG:0:1}" != "v" ]
then
echo "Tag must start with 'v' character"
exit 1
fi
VERSION=${TAG:1}
# Make sure tag exists
git tag | grep "^$TAG\$"
if [ $? -ne 0 ]
then
echo "Tag does not exist"
exit 1
fi
# Clone source
mkdir -p build/source
mkdir -p dist
cd build/source
git clone --single-branch --branch $TAG --depth 1 https://github.com/onionshare/onionshare.git
cd onionshare
# Verify tag
git tag -v $TAG 2> ../verify.txt
if [ $? -ne 0 ]
then
echo "Tag does not verify"
exit 1
fi
cat ../verify.txt | grep -e "using RSA key 927F419D7EC82C2F149C1BD1403C2657CD994F73" -e "using RSA key 2E530667425F4B93874935707B7F1772C0C6FCBF"
if [ $? -ne 0 ]
then
echo "Tag signed with wrong key"
exit 1
fi
cat ../verify.txt | grep "^gpg: Good signature from"
if [ $? -ne 0 ]
then
echo "Tag verification missing 'Good signature from'"
exit 1
fi
# Checkout code
git checkout $TAG
# Delete .git, compress, and PGP sign
cd ..
rm -rf onionshare/.git
tar -czf onionshare-$VERSION.tar.gz onionshare/
# Move source package to dist
cd ../..
mv build/source/onionshare-$VERSION.tar.gz dist
# Clean up
rm -rf build/source/onionshare
rm build/source/verify.txt
echo "Source package complete, file in dist"
|
