Release process: move shell snippet to external script

refs #17977

Release process: move shell snippet to external script
refs #17977
1fd1f45a · intrigeri · 5ddd33ee · 1fd1f45a · 1fd1f45a
Commit 1fd1f45a authored Oct 20, 2020 by intrigeri
--- a/bin/copy-images-to-rsync-server-and-verify
+++ b/bin/copy-images-to-rsync-server-and-verify
+#!/bin/bash
+
+set -eu
+set -o pipefail
+
+NAME=$(basename "${0}")
+LONGOPTS="version:,dist:,release-branch:,matching-jenkins-images-build-id:"
+OPTS=$(getopt -o "" --longoptions $LONGOPTS -n "${NAME}" -- "$@")
+eval set -- "$OPTS"
+while [ $# -gt 0 ]; do
+    case $1 in
+        --version)
+	    shift
+            VERSION="$1"
+            ;;
+	--dist)
+	    shift
+	    DIST="$1"
+	    ;;
+	--release-branch)
+	    shift
+	    RELEASE_BRANCH="$1"
+	    ;;
+	--matching-jenkins-images-build-id)
+	    shift
+	    MATCHING_JENKINS_IMAGES_BUILD_ID="$1"
+	    ;;
+    esac
+    shift
+done
+
+ssh rsync.lizard gpg --import < wiki/src/tails-signing.key
+
+ssh rsync.lizard << EOF
+   wget --quiet \
+      "https://nightly.tails.boum.org/build_Tails_ISO_${RELEASE_BRANCH:?}/builds/${MATCHING_JENKINS_IMAGES_BUILD_ID:?}/archive/build-artifacts/tails-amd64-${VERSION:?}.iso" \
+      "https://nightly.tails.boum.org/build_Tails_ISO_${RELEASE_BRANCH:?}/builds/${MATCHING_JENKINS_IMAGES_BUILD_ID:?}/archive/build-artifacts/tails-amd64-${VERSION:?}.img" && \
+   gpg --verify tails-amd64-${VERSION:?}.iso{.sig,} && \
+   gpg --verify tails-amd64-${VERSION:?}.img{.sig,}
+EOF
+
+ssh rsync.lizard << EOF
+  sudo install -o root -g rsync_tails -m 0755 -d \
+     /srv/rsync/tails/tails/${DIST:?}/tails-amd64-${VERSION:?} && \
+  sudo chown root:rsync_tails tails-amd64-${VERSION:?}.{iso,img}* && \
+  sudo chmod u=rwX,go=rX tails-amd64-${VERSION:?}.{iso,img}* && \
+  sudo mv tails-amd64-${VERSION:?}.{iso,img}* \
+          /srv/rsync/tails/tails/${DIST:?}/tails-amd64-${VERSION:?}
+EOF
--- a/wiki/src/contribute/release_process.mdwn
+++ b/wiki/src/contribute/release_process.mdwn
@@ -1218,28 +1218,17 @@ Upload the ISO and USB image signatures to our rsync server:
    scp "${ISO_PATH:?}.sig" "${IMG_PATH:?}.sig" rsync.lizard:

 Copy the ISO and USB images to our rsync server, verify their signature,
-move them in place with proper ownership and permissions
-and update the time in `project/trace` file on our rsync server
-and on the live website (even for a release candidate):
+move them in place with proper ownership and permissions:

-    cat "${RELEASE_CHECKOUT:?}/wiki/src/tails-signing.key" \
-       | ssh rsync.lizard gpg --import
-    ssh rsync.lizard << EOF
-       wget --quiet \
-          "https://nightly.tails.boum.org/build_Tails_ISO_${RELEASE_BRANCH:?}/builds/${MATCHING_JENKINS_IMAGES_BUILD_ID:?}/archive/build-artifacts/tails-amd64-${VERSION:?}.iso" \
-          "https://nightly.tails.boum.org/build_Tails_ISO_${RELEASE_BRANCH:?}/builds/${MATCHING_JENKINS_IMAGES_BUILD_ID:?}/archive/build-artifacts/tails-amd64-${VERSION:?}.img" && \
-       gpg --verify tails-amd64-${VERSION:?}.iso{.sig,} && \
-       gpg --verify tails-amd64-${VERSION:?}.img{.sig,}
-    EOF
+    cd "${RELEASE_CHECKOUT:?}" && \
+    ./bin/copy-images-to-rsync-server-and-verify \
+        --version "${VERSION:?}" \
+        --dist "${DIST:?}" \
+        --release-branch "${RELEASE_BRANCH:?}" \
+        --matching-jenkins-images-build-id "${MATCHING_JENKINS_IMAGES_BUILD_ID:?}"

-    ssh rsync.lizard << EOF
-      sudo install -o root -g rsync_tails -m 0755 -d \
-         /srv/rsync/tails/tails/${DIST:?}/tails-amd64-${VERSION:?} && \
-      sudo chown root:rsync_tails tails-amd64-${VERSION:?}.{iso,img}* && \
-      sudo chmod u=rwX,go=rX tails-amd64-${VERSION:?}.{iso,img}* && \
-      sudo mv tails-amd64-${VERSION:?}.{iso,img}* \
-              /srv/rsync/tails/tails/${DIST:?}/tails-amd64-${VERSION:?}
-    EOF
+Update the time in `project/trace` file on our rsync server
+and on the live website (even for a release candidate):

 	TRACE_TIME=$(date +%s) &&
 	ssh rsync.lizard "echo ${TRACE_TIME:?} | sudo tee /srv/rsync/tails/tails/project/trace" && \