Nicolas Iooss <nicolas.iooss@xxxxxxx> writes: > On Wed, Feb 3, 2021 at 10:34 AM Petr Lautrbach <plautrba@xxxxxxxxxx> wrote: >> >> Nicolas Iooss <nicolas.iooss@xxxxxxx> writes: >> >> > Following Petr Lautrbach's suggestion, release a snapshot of the source >> > repository next to the individual archives which constitute a release. >> > >> > While at it, make scripts/release more robust: >> > >> > - Fix many warnings reported by shellcheck, by quoting strings. >> > - Use bash arrays for DIRS and DIRS_NEED_PREFIX >> > - Merge DIRS and DIRS_NEED_PREFIX into a single array, in order to >> > produce SHA256 digests that are directly in alphabetical order, for >> > https://github.com/SELinuxProject/selinux/wiki/Releases >> > - Use "set -e" in order to fail as soon as a command fails >> > - Change to the top-level directory at the start of the script, in order >> > to be able to run it from anywhere. >> > - Use `cat $DIR/VERSION` and `git -C $DIR` instead of `cd $i ; cat VERSION` >> > in order to prevent unexpected issues from directory change. >> > >> > Finally, if version tags already exists, re-use them. This enables using >> > this script to re-generate the release archive (and check that they >> > really match the git repository). Currently, running scripts/release >> > will produce the same archives as the ones published in the 3.2-rc1 >> > release (with the same SHA256 digests as the ones on the release page, >> > https://github.com/SELinuxProject/selinux/wiki/Releases). This helps to >> > ensure that the behaviour of the script is still fine. >> > >> > Suggested-by: Petr Lautrbach <plautrba@xxxxxxxxxx> >> > Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx> >> > --- >> > scripts/release | 95 +++++++++++++++++++++++++++++++------------------ >> > 1 file changed, 60 insertions(+), 35 deletions(-) >> > >> > diff --git a/scripts/release b/scripts/release >> > index 895a0e1ca1a1..21e30ff54b80 100755 >> > --- a/scripts/release >> > +++ b/scripts/release >> > @@ -1,43 +1,57 @@ >> > #!/bin/bash >> > >> > -PWD=`pwd` >> > -WIKIDIR=../selinux.wiki >> > - >> > -if [ \! -d $WIKIDIR ]; then >> > - git clone git@xxxxxxxxxx:SELinuxProject/selinux.wiki.git $WIKIDIR >> > -fi >> > +# Fail when a command fails >> > +set -e >> > >> > -RELEASE_TAG=`cat VERSION` >> > -DEST=releases/$RELEASE_TAG >> > -DIRS="libsepol libselinux libsemanage checkpolicy secilc policycoreutils mcstrans restorecond semodule-utils" >> > -DIRS_NEED_PREFIX="dbus gui python sandbox" >> > +# Ensure the script is running from the top level directory >> > +cd "$(dirname -- "$0")/.." >> > >> > -git tag -a $RELEASE_TAG -m "Release $RELEASE_TAG" >> > +WIKIDIR=../selinux.wiki >> > >> > -rm -rf $DEST >> > -mkdir -p $DEST >> > +if ! [ -d "$WIKIDIR" ]; then >> > + git clone git@xxxxxxxxxx:SELinuxProject/selinux.wiki.git "$WIKIDIR" >> > +fi >> > >> > -for i in $DIRS; do >> > - cd $i >> > - VERS=`cat VERSION` >> > - ARCHIVE=$i-$VERS.tar.gz >> > - git tag $i-$VERS > /dev/null 2>&1 >> > - git archive -o ../$DEST/$ARCHIVE --prefix=$i-$VERS/ $i-$VERS >> > - cd .. >> > -done >> > +RELEASE_TAG="$(cat VERSION)" >> > +DEST="releases/$RELEASE_TAG" >> > +DIRS=( >> > + checkpolicy >> > + libselinux >> > + libsemanage >> > + libsepol >> > + mcstrans >> > + policycoreutils >> > + restorecond >> > + secilc >> > + selinux-dbus >> > + selinux-gui >> > + selinux-python >> > + selinux-sandbox >> > + semodule-utils >> > +) >> > + >> > +if git rev-parse "$RELEASE_TAG" > /dev/null ; then >> > + echo "Warning: tag $RELEASE_TAG already exists" >> > +else >> > + git tag -a "$RELEASE_TAG" -m "Release $RELEASE_TAG" >> > +fi >> >> fatal: ambiguous argument '3.2-rc2': unknown revision or path not in the working tree. >> Use '--' to separate paths from revisions, like this: >> 'git <command> [<revision>...] -- [<file>...]' >> >> >> > -for i in $DIRS_NEED_PREFIX; do >> > - cd $i >> > - VERS=`cat VERSION` >> > - ARCHIVE=selinux-$i-$VERS.tar.gz >> > - git tag selinux-$i-$VERS > /dev/null 2>&1 >> > - git archive -o ../$DEST/$ARCHIVE --prefix=selinux-$i-$VERS/ selinux-$i-$VERS >> > - cd .. >> > +rm -rf "$DEST" >> > +mkdir -p "$DEST" >> > + >> > +for COMPONENT in "${DIRS[@]}"; do >> > + DIR="${COMPONENT#selinux-}" >> > + VERS="$(cat "$DIR/VERSION")" >> > + TAG="$COMPONENT-$VERS" >> > + if git rev-parse "$TAG" > /dev/null ; then >> > + echo "Warning: tag $TAG already exists" >> > + else >> > + git tag "$TAG" > /dev/null >> > + fi >> >> fatal: ambiguous argument 'checkpolicy-3.2-rc2': unknown revision or path not in the working tree. >> Use '--' to separate paths from revisions, like this: >> 'git <command> [<revision>...] -- [<file>...]' >> >> The following change fixes both: >> >> --- a/scripts/release >> +++ b/scripts/release >> @@ -30,7 +30,7 @@ DIRS=( >> semodule-utils >> ) >> >> -if git rev-parse "$RELEASE_TAG" > /dev/null ; then >> +if git rev-parse "$RELEASE_TAG" &> /dev/null ; then >> echo "Warning: tag $RELEASE_TAG already exists" >> else >> git tag -a "$RELEASE_TAG" -m "Release $RELEASE_TAG" >> @@ -43,7 +43,7 @@ for COMPONENT in "${DIRS[@]}"; do >> DIR="${COMPONENT#selinux-}" >> VERS="$(cat "$DIR/VERSION")" >> TAG="$COMPONENT-$VERS" >> - if git rev-parse "$TAG" > /dev/null ; then >> + if git rev-parse "$TAG" &> /dev/null ; then >> echo "Warning: tag $TAG already exists" >> else >> git tag "$TAG" > /dev/null > > Oops, indeed. The errors do not seem to be fatal, but yes, it is > better to hide them, like you suggest. You can modify my patch with > this change, or write a patch. > > Anyway, your suggestion looks good to me. I'm just preparing 3.2-rc2 so I'm going to modify your patch, merge and use it for the new release. > > Thanks! > Nicolas