| #!/bin/sh |
| |
| #*************************************************************************** |
| # _ _ ____ _ |
| # Project ___| | | | _ \| | |
| # / __| | | | |_) | | |
| # | (__| |_| | _ <| |___ |
| # \___|\___/|_| \_\_____| |
| # |
| # Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. |
| # |
| # This software is licensed as described in the file COPYING, which |
| # you should have received as part of this distribution. The terms |
| # are also available at https://curl.se/docs/copyright.html. |
| # |
| # You may opt to use, copy, modify, merge, publish, distribute and/or sell |
| # copies of the Software, and permit persons to whom the Software is |
| # furnished to do so, under the terms of the COPYING file. |
| # |
| # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
| # KIND, either express or implied. |
| # |
| # SPDX-License-Identifier: curl |
| # |
| ########################################################################### |
| |
| # This script remakes a provided curl release and verifies that the newly |
| # built version is identical to the original file. |
| # |
| # Invoke in a clean directory with the release tarball file (stored in the |
| # same directory) as an argument for basic verification. |
| # |
| # For full verification: run the script in an up-to-date curl git repository. |
| # |
| |
| set -eu |
| |
| tarball="${1:-}" |
| |
| if [ -z "$tarball" ]; then |
| echo "Provide a curl release tarball name as argument" |
| exit |
| fi |
| |
| i="$(find . -maxdepth 1 -type d -name 'curl-*' | wc -l)" |
| |
| if test "$i" -gt 1; then |
| echo "multiple curl-* entries found, disambiguate please" |
| exit |
| fi |
| |
| # check if this is in a git clone directory |
| |
| if git log -1 include/curl/curl.h 2>/dev/null >/dev/null; then |
| echo "*** Detected a git checkout, do full verification" |
| withgit=1 |
| else |
| echo "*** Lacking a full git checkout, do the lesser verification" |
| withgit=0 |
| fi |
| |
| mkdir -p _tarballs |
| rm -rf _tarballs/* |
| |
| # checksum the original tarball to compare with later |
| sha256sum "$tarball" >_tarballs/checksum |
| |
| # extract version number from file name |
| tarver=$(echo "$tarball" | sed 's/curl-\([0-9.]*\)\..*/\1/') |
| |
| # extract the version from the official header file |
| curlver=$(tar xOf "$tarball" "curl-$tarver/include/curl/curlver.h" | grep '#define LIBCURL_VERSION ' | sed 's/[^0-9.]//g') |
| |
| if test "$tarver" != "$curlver"; then |
| echo "Tarball file version ($tarver) mismatches contents of tarball ($curlver)" |
| exit 1 |
| fi |
| |
| timestamp=$(tar xOf "$tarball" "curl-$tarver/docs/RELEASE-TOOLS.md" | grep 'SOURCE_DATE_EPOCH=' | sed 's/[^0-9.]//g') |
| |
| if test "$withgit" = 0; then |
| # without git |
| |
| # extract the release contents |
| tar xf "$tarball" |
| |
| # move away the original tarball |
| mv "$tarball" "_tarballs/orig-$tarball" |
| |
| pwd=$(pwd) |
| cd "curl-$curlver" |
| ./configure --without-ssl --without-libpsl |
| ./scripts/dmaketgz "$curlver" "$timestamp" |
| |
| for f in "curl-$curlver.tar.gz" "curl-$curlver.tar.bz2" "curl-$curlver.tar.xz" "curl-$curlver.zip"; do |
| mv "$f" ../_tarballs/ |
| done |
| cd "$pwd" |
| else |
| tag=$(tar xOf "$tarball" "curl-$tarver/docs/RELEASE-TOOLS.md" | grep 'tag/commit: curl-' | head -n 1 | sed 's/.*\(curl-[0-9_]*\).*/\1/') |
| echo "*** Use git tag $tag" |
| |
| # move away the original tarball |
| mv "$tarball" "_tarballs/orig-$tarball" |
| |
| prevtag=$(git symbolic-ref -q --short HEAD || git rev-parse HEAD) |
| git checkout -f "$tag" |
| |
| ./scripts/dmaketgz "$curlver" "$timestamp" |
| |
| # switch back to where it was |
| git checkout -f "$prevtag" |
| |
| for f in "curl-$curlver.tar.gz" "curl-$curlver.tar.bz2" "curl-$curlver.tar.xz" "curl-$curlver.zip"; do |
| mv "$f" _tarballs/ |
| done |
| fi |
| cd "_tarballs" |
| |
| # compare the new tarball against the original |
| sha256sum -c checksum |
