Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
tails
tails
Commits
1fd1f45a
Commit
1fd1f45a
authored
Oct 20, 2020
by
intrigeri
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Release process: move shell snippet to external script
refs
#17977
parent
5ddd33ee
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
58 additions
and
20 deletions
+58
-20
bin/copy-images-to-rsync-server-and-verify
bin/copy-images-to-rsync-server-and-verify
+49
-0
wiki/src/contribute/release_process.mdwn
wiki/src/contribute/release_process.mdwn
+9
-20
No files found.
bin/copy-images-to-rsync-server-and-verify
0 → 100755
View file @
1fd1f45a
#!/bin/bash
set
-eu
set
-o
pipefail
NAME
=
$(
basename
"
${
0
}
"
)
LONGOPTS
=
"version:,dist:,release-branch:,matching-jenkins-images-build-id:"
OPTS
=
$(
getopt
-o
""
--longoptions
$LONGOPTS
-n
"
${
NAME
}
"
--
"
$@
"
)
eval set
--
"
$OPTS
"
while
[
$#
-gt
0
]
;
do
case
$1
in
--version
)
shift
VERSION
=
"
$1
"
;;
--dist
)
shift
DIST
=
"
$1
"
;;
--release-branch
)
shift
RELEASE_BRANCH
=
"
$1
"
;;
--matching-jenkins-images-build-id
)
shift
MATCHING_JENKINS_IMAGES_BUILD_ID
=
"
$1
"
;;
esac
shift
done
ssh rsync.lizard gpg
--import
< wiki/src/tails-signing.key
ssh rsync.lizard
<<
EOF
wget --quiet
\
"https://nightly.tails.boum.org/build_Tails_ISO_
${
RELEASE_BRANCH
:?
}
/builds/
${
MATCHING_JENKINS_IMAGES_BUILD_ID
:?
}
/archive/build-artifacts/tails-amd64-
${
VERSION
:?
}
.iso"
\
"https://nightly.tails.boum.org/build_Tails_ISO_
${
RELEASE_BRANCH
:?
}
/builds/
${
MATCHING_JENKINS_IMAGES_BUILD_ID
:?
}
/archive/build-artifacts/tails-amd64-
${
VERSION
:?
}
.img" &&
\
gpg --verify tails-amd64-
${
VERSION
:?
}
.iso{.sig,} &&
\
gpg --verify tails-amd64-
${
VERSION
:?
}
.img{.sig,}
EOF
ssh rsync.lizard
<<
EOF
sudo install -o root -g rsync_tails -m 0755 -d
\
/srv/rsync/tails/tails/
${
DIST
:?
}
/tails-amd64-
${
VERSION
:?
}
&&
\
sudo chown root:rsync_tails tails-amd64-
${
VERSION
:?
}
.{iso,img}* &&
\
sudo chmod u=rwX,go=rX tails-amd64-
${
VERSION
:?
}
.{iso,img}* &&
\
sudo mv tails-amd64-
${
VERSION
:?
}
.{iso,img}*
\
/srv/rsync/tails/tails/
${
DIST
:?
}
/tails-amd64-
${
VERSION
:?
}
EOF
wiki/src/contribute/release_process.mdwn
View file @
1fd1f45a
...
...
@@ -1218,28 +1218,17 @@ Upload the ISO and USB image signatures to our rsync server:
scp "${ISO_PATH:?}.sig" "${IMG_PATH:?}.sig" rsync.lizard:
Copy the ISO and USB images to our rsync server, verify their signature,
move them in place with proper ownership and permissions
and update the time in `project/trace` file on our rsync server
and on the live website (even for a release candidate):
move them in place with proper ownership and permissions:
cat "${RELEASE_CHECKOUT:?}/wiki/src/tails-signing.key" \
| ssh rsync.lizard gpg --import
ssh rsync.lizard << EOF
wget --quiet \
"https://nightly.tails.boum.org/build_Tails_ISO_${RELEASE_BRANCH:?}/builds/${MATCHING_JENKINS_IMAGES_BUILD_ID:?}/archive/build-artifacts/tails-amd64-${VERSION:?}.iso" \
"https://nightly.tails.boum.org/build_Tails_ISO_${RELEASE_BRANCH:?}/builds/${MATCHING_JENKINS_IMAGES_BUILD_ID:?}/archive/build-artifacts/tails-amd64-${VERSION:?}.img" && \
gpg --verify tails-amd64-${VERSION:?}.iso{.sig,} && \
gpg --verify tails-amd64-${VERSION:?}.img{.sig,}
EOF
cd "${RELEASE_CHECKOUT:?}" && \
./bin/copy-images-to-rsync-server-and-verify \
--version "${VERSION:?}" \
--dist "${DIST:?}" \
--release-branch "${RELEASE_BRANCH:?}" \
--matching-jenkins-images-build-id "${MATCHING_JENKINS_IMAGES_BUILD_ID:?}"
ssh rsync.lizard << EOF
sudo install -o root -g rsync_tails -m 0755 -d \
/srv/rsync/tails/tails/${DIST:?}/tails-amd64-${VERSION:?} && \
sudo chown root:rsync_tails tails-amd64-${VERSION:?}.{iso,img}* && \
sudo chmod u=rwX,go=rX tails-amd64-${VERSION:?}.{iso,img}* && \
sudo mv tails-amd64-${VERSION:?}.{iso,img}* \
/srv/rsync/tails/tails/${DIST:?}/tails-amd64-${VERSION:?}
EOF
Update the time in `project/trace` file on our rsync server
and on the live website (even for a release candidate):
TRACE_TIME=$(date +%s) &&
ssh rsync.lizard "echo ${TRACE_TIME:?} | sudo tee /srv/rsync/tails/tails/project/trace" && \
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment