1 files changed, 247 insertions, 0 deletions
diff --git a/dev-tools/gen-release-tarballs.sh b/dev-tools/gen-release-tarballs.sh
new file mode 100755
index 0000000..9c4600e
--- /dev/null
+++ b/dev-tools/gen-release-tarballs.sh
@@ -0,0 +1,247 @@
+#!/bin/sh
+# gen-release-tarballs.sh  -  Generates release tarballs with signatures
+#
+# Copyright (C) 2017-2018 - David Sommerseth <davids@openvpn.net>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+set -u
+
+if [ $# -ne 4 ]; then
+    echo "Usage: $0 <remote-name> <tag-name> <sign-key> <dest-dir>"
+    echo ""
+    echo "   remote-name  -- valid remotes: `git remote | tr \\\n ' '`"
+    echo "   tag-name     -- An existing release tag"
+    echo "   sign-key     -- PGP key used to sign all files"
+    echo "   dest-dir     -- Where to put the complete set of release tarballs"
+    echo ""
+    echo "   Example: $0 origin v2.4.2 /tmp/openvpn-release"
+    echo
+    exit 1
+fi
+
+arg_remote_name="$1"
+arg_tag_name="$2"
+arg_sign_key="$3"
+arg_dest_dir="$4"
+
+#
+# Sanity checks
+#
+
+# Check that the tag exists
+git tag | grep "$arg_tag_name" 1>/dev/null
+if [ $? -ne 0 ]; then
+    echo "** ERROR **  The tag '$arg_tag_name' does not exist"
+    exit 2
+fi
+
+# Extract the git URL
+giturl="`git remote get-url $arg_remote_name 2>/dev/null`"
+if [ $? -ne 0 ]; then
+    echo "** ERROR ** Invalid git remote name: $arg_remote_name"
+    exit 2
+fi
+
+# Check we have the needed signing key
+echo "test" | gpg -a --clearsign -u "$arg_sign_key" 2>/dev/null 1>/dev/null
+if [ $? -ne 0 ]; then
+    echo "** ERROR ** Failed when testing the PGP signing.  Wrong signing key?"
+    exit 2;
+fi
+
+
+#
+# Helper functions
+#
+
+get_filename()
+{
+    local wildcard="$1"
+
+    res="`find . -maxdepth 1 -type f -name \"$wildcard\" | head -n1 | cut -d/ -f2-`"
+    if [ $? -ne 0 ]; then
+        echo "-- 'find' failed."
+        exit 5
+    fi
+    if [ -z "$res" ]; then
+        echo "-- Could not find a file with the wildcard: $wildcard"
+        exit 4
+    fi
+    echo "$res"
+}
+
+copy_files()
+{
+    local fileext="$1"
+    local dest="$2"
+
+    file="`get_filename openvpn-*.*.*.$fileext`"
+    if [ -z "$file" ]; then
+        echo "** ERROR Failed to find source file"
+        exit 5
+    fi
+    echo "-- Copying $file"
+    cp "$file" "$dest"
+    if [ $? -ne 0 ]; then
+        echo "** ERROR ** Failed to copy $file to $destdir"
+        exit 3;
+    fi
+}
+
+sign_file()
+{
+    local signkey="$1"
+    local srchfile="$2"
+    local signtype="$3"
+    local file="`get_filename $srchfile`"
+
+    echo "-- Signing $file ..."
+    case "$signtype" in
+        inline)
+            # Have the signature in the same file as the data
+            gpg -a --clearsign -u "$signkey" "$file" 2>/dev/null
+            res=$?
+            if [ $res -eq 0 ]; then
+                rm -f "$file"
+            fi
+            ;;
+
+        detached)
+            # Have the signature in a separate file
+            gpg -a --detach-sign -u "$signkey" "$file" 2>/dev/null
+            res=$?
+            ;;
+
+        *)
+            echo "** ERROR **  Unknown signing type \"$signtype\"."
+            exit 4;
+    esac
+
+    if [ $res -ne 0 ]; then
+        echo "** ERROR **  Failed to sign the file $PWD/$file"
+        exit 4;
+    fi
+}
+
+
+#
+# Preparations
+#
+
+# Create the destination directory, using a sub-dir with the tag-name
+destdir=""
+case "$arg_dest_dir" in
+    /*) # Absolute path
+        destdir="$arg_dest_dir/$arg_tag_name"
+        ;;
+    *)  # Make absolute path from relative path
+        destdir="$PWD/$arg_dest_dir/$arg_tag_name"
+        ;;
+esac
+echo "-- Destination directory: $destdir"
+if [ -e "$destdir" ]; then
+    echo "** ERROR ** Destination directory already exists.  "
+    echo "            Please check your command line carefully."
+    exit 2
+fi
+
+mkdir -p "$destdir"
+if [ $? -ne 0 ]; then
+    echo "** ERROR ** Failed to create destination directory"
+    exit 2
+fi
+
+#
+# Start the release process
+#
+
+# Clone the remote repository
+workdir="`mktemp -d -p /var/tmp openvpn-build-release-XXXXXX`"
+cd $workdir
+echo "-- Working directory: $workdir"
+echo "-- git clone $giturl"
+git clone $giturl openvpn-gen-tarball 2> "$workdir/git-clone.log" 1>&2
+if [ $? -ne 0 ]; then
+    echo "** ERROR **  git clone failed.  See $workdir/git-clone.log for details"
+    exit 3;
+fi
+cd openvpn-gen-tarball
+
+# Check out the proper release tag
+echo "-- Checking out tag $arg_tag_name ... "
+git checkout -b mkrelease "$arg_tag_name" 2> "$workdir/git-checkout-tag.log" 1>&2
+if [ $? -ne 0 ]; then
+    echo "** ERROR **  git checkout failed.  See $workdir/git-checkout-tag.log for details"
+    exit 3;
+fi
+
+# Prepare the source tree
+echo "-- Running autoreconf + a simple configure ... "
+(autoreconf -vi && ./configure) 2> "$workdir/autotools-prep.log" 1>&2
+if [ $? -ne 0 ]; then
+    echo "** ERROR **  Failed running autotools.  See $workdir/autotools-prep.log for details"
+    exit 3;
+fi
+
+# Generate the tar/zip files
+echo "-- Running make distcheck (generates .tar.gz) ... "
+(make distcheck) 2> "$workdir/make-distcheck.log" 1>&2
+if [ $? -ne 0 ]; then
+    echo "** ERROR **  make distcheck failed.  See $workdir/make-distcheck.log for details"
+    exit 3;
+fi
+copy_files tar.gz "$destdir"
+
+echo "-- Running make dist-xz (generates .tar.xz) ... "
+(make dist-xz) 2> "$workdir/make-dist-xz.log" 1>&2
+if [ $? -ne 0 ]; then
+    echo "** ERROR **  make dist-xz failed.  See $workdir/make-dist-xz.log for details"
+    exit 3;
+fi
+copy_files tar.xz "$destdir"
+
+echo "-- Running make dist-zip (generates .zip) ... "
+(make dist-zip) 2> "$workdir/make-dist-zip.log" 1>&2
+if [ $? -ne 0 ]; then
+    echo "** ERROR **  make dist-zip failed.  See $workdir/make-dist-zip.log for details"
+    exit 3;
+fi
+copy_files zip "$destdir"
+
+# Generate SHA256 checksums
+cd "$destdir"
+sha256sum openvpn-*.tar.{gz,xz} openvpn-*.zip > "openvpn-$arg_tag_name.sha256sum"
+
+# Sign all the files
+echo "-- Signing files ... "
+sign_file "$arg_sign_key" "openvpn-$arg_tag_name.sha256sum" inline
+sign_file "$arg_sign_key" "openvpn-*.tar.gz" detached
+sign_file "$arg_sign_key" "openvpn-*.tar.xz" detached
+sign_file "$arg_sign_key" "openvpn-*.zip" detached
+
+# Create a tar-bundle with everything
+echo "-- Creating final tarbundle with everything ..."
+tar cf "openvpn-$arg_tag_name.tar" openvpn-*.{tar.gz,tar.xz,zip}{,.asc} openvpn-*.sha256sum.asc
+
+echo "-- Cleaning up ..."
+# Save the log files
+mkdir -p "$destdir/logs"
+mv $workdir/*.log "$destdir/logs"
+
+# Finally, done!
+rm -rf "$workdir"
+echo "-- Done"
+exit 0