hack/release.sh - third_party/github.com/moby/moby - Git at Google

 #!/usr/bin/env bash
 set -e

 # This script looks for bundles built by make.sh, and releases them on a
 # public S3 bucket.
 #
 # Bundles should be available for the VERSION string passed as argument.
 #
 # The correct way to call this script is inside a container built by the
 # official Dockerfile at the root of the Docker source code. The Dockerfile,
 # make.sh and release.sh should all be from the same source code revision.

 set -o pipefail

 # Print a usage message and exit.
 usage() {
 	cat >&2 <<'EOF'
 To run, I need:
 - to be in a container generated by the Dockerfile at the top of the Docker
   repository;
 - to be provided with the location of an S3 bucket and path, in
   environment variables AWS_S3_BUCKET and AWS_S3_BUCKET_PATH (default: '');
 - to be provided with AWS credentials for this S3 bucket, in environment
   variables AWS_ACCESS_KEY and AWS_SECRET_KEY;
 - the passphrase to unlock the GPG key specified by the optional environment
   variable GPG_KEYID (default: releasedocker) which will sign the deb
   packages (passed as environment variable GPG_PASSPHRASE);
 - a generous amount of good will and nice manners.
 The canonical way to run me is to run the image produced by the Dockerfile: e.g.:"

 docker run -e AWS_S3_BUCKET=test.docker.com \
            -e AWS_ACCESS_KEY=... \
            -e AWS_SECRET_KEY=... \
            -e GPG_PASSPHRASE=... \
            -i -t --privileged \
            docker ./hack/release.sh
 EOF
 	exit 1
 }

 [ "$AWS_S3_BUCKET" ] || usage
 [ "$AWS_ACCESS_KEY" ] || usage
 [ "$AWS_SECRET_KEY" ] || usage
 [ "$GPG_PASSPHRASE" ] || usage
 : ${GPG_KEYID:=releasedocker}
 [ -d /go/src/github.com/docker/docker ] || usage
 cd /go/src/github.com/docker/docker
 [ -x hack/make.sh ] || usage

 RELEASE_BUNDLES=(
 	binary
 	cross
 	tgz
 	ubuntu
 )

 if [ "$1" != '--release-regardless-of-test-failure' ]; then
 	RELEASE_BUNDLES=(
 		test-unit
 		"${RELEASE_BUNDLES[@]}"
 		test-integration-cli
 	)
 fi

 VERSION=$(< VERSION)
 BUCKET=$AWS_S3_BUCKET
 BUCKET_PATH=$BUCKET
 [[ -n "$AWS_S3_BUCKET_PATH" ]] && BUCKET_PATH+=/$AWS_S3_BUCKET_PATH

 if command -v git &> /dev/null && git rev-parse &> /dev/null; then
 	if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
 		echo "You cannot run the release script on a repo with uncommitted changes"
 		usage
 	fi
 fi

 # These are the 2 keys we've used to sign the deb's
 #   release (get.docker.com)
 #	GPG_KEY="36A1D7869245C8950F966E92D8576A8BA88D21E9"
 #   test    (test.docker.com)
 #	GPG_KEY="740B314AE3941731B942C66ADF4FD13717AAD7D6"

 setup_s3() {
 	echo "Setting up S3"
 	# Try creating the bucket. Ignore errors (it might already exist).
 	s3cmd mb "s3://$BUCKET" 2>/dev/null || true
 	# Check access to the bucket.
 	# s3cmd has no useful exit status, so we cannot check that.
 	# Instead, we check if it outputs anything on standard output.
 	# (When there are problems, it uses standard error instead.)
 	s3cmd info "s3://$BUCKET" | grep -q .
 	# Make the bucket accessible through website endpoints.
 	s3cmd ws-create --ws-index index --ws-error error "s3://$BUCKET"
 }

 # write_to_s3 uploads the contents of standard input to the specified S3 url.
 write_to_s3() {
 	DEST=$1
 	F=`mktemp`
 	cat > "$F"
 	s3cmd --acl-public --mime-type='text/plain' put "$F" "$DEST"
 	rm -f "$F"
 }

 s3_url() {
 	case "$BUCKET" in
 		get.docker.com|test.docker.com|experimental.docker.com)
 			echo "https://$BUCKET_PATH"
 			;;
 		*)
 			BASE_URL=$( s3cmd ws-info s3://$BUCKET | awk -v 'FS=: +' '/http:\/\/'$BUCKET'/ { gsub(/\/+$/, "", $2); print $2 }' )
 			if [[ -n "$AWS_S3_BUCKET_PATH" ]] ; then
 				echo "$BASE_URL/$AWS_S3_BUCKET_PATH"
 			else
 				echo "$BASE_URL"
 			fi
 			;;
 	esac
 }

 build_all() {
 	echo "Building release"
 	if ! ./hack/make.sh "${RELEASE_BUNDLES[@]}"; then
 		echo >&2
 		echo >&2 'The build or tests appear to have failed.'
 		echo >&2
 		echo >&2 'You, as the release  maintainer, now have a couple options:'
 		echo >&2 '- delay release and fix issues'
 		echo >&2 '- delay release and fix issues'
 		echo >&2 '- did we mention how important this is?  issues need fixing :)'
 		echo >&2
 		echo >&2 'As a final LAST RESORT, you (because only you, the release maintainer,'
 		echo >&2 ' really knows all the hairy problems at hand with the current release'
 		echo >&2 ' issues) may bypass this checking by running this script again with the'
 		echo >&2 ' single argument of "--release-regardless-of-test-failure", which will skip'
 		echo >&2 ' running the test suite, and will only build the binaries and packages.  Please'
 		echo >&2 ' avoid using this if at all possible.'
 		echo >&2
 		echo >&2 'Regardless, we cannot stress enough the scarcity with which this bypass'
 		echo >&2 ' should be used.  If there are release issues, we should always err on the'
 		echo >&2 ' side of caution.'
 		echo >&2
 		exit 1
 	fi
 }

 upload_release_build() {
 	src="$1"
 	dst="$2"
 	latest="$3"

 	echo
 	echo "Uploading $src"
 	echo "  to $dst"
 	echo
 	s3cmd --follow-symlinks --preserve --acl-public put "$src" "$dst"
 	if [ "$latest" ]; then
 		echo
 		echo "Copying to $latest"
 		echo
 		s3cmd --acl-public cp "$dst" "$latest"
 	fi

 	# get hash files too (see hash_files() in hack/make.sh)
 	for hashAlgo in md5 sha256; do
 		if [ -e "$src.$hashAlgo" ]; then
 			echo
 			echo "Uploading $src.$hashAlgo"
 			echo "  to $dst.$hashAlgo"
 			echo
 			s3cmd --follow-symlinks --preserve --acl-public --mime-type='text/plain' put "$src.$hashAlgo" "$dst.$hashAlgo"
 			if [ "$latest" ]; then
 				echo
 				echo "Copying to $latest.$hashAlgo"
 				echo
 				s3cmd --acl-public cp "$dst.$hashAlgo" "$latest.$hashAlgo"
 			fi
 		fi
 	done
 }

 release_build() {
 	echo "Releasing binaries"
 	GOOS=$1
 	GOARCH=$2

 	binDir=bundles/$VERSION/cross/$GOOS/$GOARCH
 	tgzDir=bundles/$VERSION/tgz/$GOOS/$GOARCH
 	binary=docker-$VERSION
 	tgz=docker-$VERSION.tgz

 	latestBase=
 	if [ -z "$NOLATEST" ]; then
 		latestBase=docker-latest
 	fi

 	# we need to map our GOOS and GOARCH to uname values
 	# see https://en.wikipedia.org/wiki/Uname
 	# ie, GOOS=linux -> "uname -s"=Linux

 	s3Os=$GOOS
 	case "$s3Os" in
 		darwin)
 			s3Os=Darwin
 			;;
 		freebsd)
 			s3Os=FreeBSD
 			;;
 		linux)
 			s3Os=Linux
 			;;
 		windows)
 			s3Os=Windows
 			binary+='.exe'
 			if [ "$latestBase" ]; then
 				latestBase+='.exe'
 			fi
 			;;
 		*)
 			echo >&2 "error: can't convert $s3Os to an appropriate value for 'uname -s'"
 			exit 1
 			;;
 	esac

 	s3Arch=$GOARCH
 	case "$s3Arch" in
 		amd64)
 			s3Arch=x86_64
 			;;
 		386)
 			s3Arch=i386
 			;;
 		arm)
 			s3Arch=armel
 			# someday, we might potentially support mutliple GOARM values, in which case we might get armhf here too
 			;;
 		*)
 			echo >&2 "error: can't convert $s3Arch to an appropriate value for 'uname -m'"
 			exit 1
 			;;
 	esac

 	s3Dir="s3://$BUCKET_PATH/builds/$s3Os/$s3Arch"
 	latest=
 	latestTgz=
 	if [ "$latestBase" ]; then
 		latest="$s3Dir/$latestBase"
 		latestTgz="$s3Dir/$latestBase.tgz"
 	fi

 	if [ ! -x "$binDir/$binary" ]; then
 		echo >&2 "error: can't find $binDir/$binary - was it compiled properly?"
 		exit 1
 	fi
 	if [ ! -f "$tgzDir/$tgz" ]; then
 		echo >&2 "error: can't find $tgzDir/$tgz - was it packaged properly?"
 		exit 1
 	fi

 	upload_release_build "$binDir/$binary" "$s3Dir/$binary" "$latest"
 	upload_release_build "$tgzDir/$tgz" "$s3Dir/$tgz" "$latestTgz"
 }

 # Upload the 'ubuntu' bundle to S3:
 # 1. A full APT repository is published at $BUCKET/ubuntu/
 # 2. Instructions for using the APT repository are uploaded at $BUCKET/ubuntu/index
 release_ubuntu() {
 	echo "Releasing ubuntu"
 	[ -e "bundles/$VERSION/ubuntu" ] || {
 		echo >&2 './hack/make.sh must be run before release_ubuntu'
 		exit 1
 	}

 	local debfiles=( "bundles/$VERSION/ubuntu/"*.deb )

 	# Sign our packages
 	dpkg-sig -g "--passphrase $GPG_PASSPHRASE" -k "$GPG_KEYID" --sign builder "${debfiles[@]}"

 	# Setup the APT repo
 	APTDIR=bundles/$VERSION/ubuntu/apt
 	mkdir -p "$APTDIR/conf" "$APTDIR/db"
 	s3cmd sync "s3://$BUCKET/ubuntu/db/" "$APTDIR/db/" || true
 	cat > "$APTDIR/conf/distributions" <<EOF
 Codename: docker
 Components: main
 Architectures: amd64 i386
 EOF

 	# Add the DEB package to the APT repo
 	reprepro -b "$APTDIR" includedeb docker "${debfiles[@]}"

 	# Sign
 	for F in $(find $APTDIR -name Release); do
 		gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
 			--armor --sign --detach-sign \
 			--output "$F.gpg" "$F"
 	done

 	# Upload keys
 	s3cmd sync "$HOME/.gnupg/" "s3://$BUCKET/ubuntu/.gnupg/"
 	gpg --armor --export "$GPG_KEYID" > "bundles/$VERSION/ubuntu/gpg"
 	s3cmd --acl-public put "bundles/$VERSION/ubuntu/gpg" "s3://$BUCKET/gpg"

 	local gpgFingerprint=36A1D7869245C8950F966E92D8576A8BA88D21E9
 	local s3Headers=
 	if [[ $BUCKET == test* ]]; then
 		gpgFingerprint=740B314AE3941731B942C66ADF4FD13717AAD7D6
 	elif [[ $BUCKET == experimental* ]]; then
 		gpgFingerprint=E33FF7BF5C91D50A6F91FFFD4CC38D40F9A96B49
 		s3Headers='--add-header=Cache-Control:no-cache'
 	fi

 	# Upload repo
 	s3cmd --acl-public $s3Headers sync "$APTDIR/" "s3://$BUCKET/ubuntu/"
 	cat <<EOF | write_to_s3 s3://$BUCKET/ubuntu/index
 echo "# WARNING! This script is deprecated. Please use the script"
 echo "# at https://get.docker.com/"
 EOF

 	# Add redirect at /ubuntu/info for URL-backwards-compatibility
 	rm -rf /tmp/emptyfile && touch /tmp/emptyfile
 	s3cmd --acl-public --add-header='x-amz-website-redirect-location:/ubuntu/' --mime-type='text/plain' put /tmp/emptyfile "s3://$BUCKET/ubuntu/info"

 	echo "APT repository uploaded. Instructions available at $(s3_url)/ubuntu"
 }

 # Upload binaries and tgz files to S3
 release_binaries() {
 	[ -e "bundles/$VERSION/cross/linux/amd64/docker-$VERSION" ] || {
 		echo >&2 './hack/make.sh must be run before release_binaries'
 		exit 1
 	}

 	for d in bundles/$VERSION/cross/*/*; do
 		GOARCH="$(basename "$d")"
 		GOOS="$(basename "$(dirname "$d")")"
 		release_build "$GOOS" "$GOARCH"
 	done

 	# TODO create redirect from builds/*/i686 to builds/*/i386

 	cat <<EOF | write_to_s3 s3://$BUCKET_PATH/builds/index
 # To install, run the following command as root:
 curl -sSL -O $(s3_url)/builds/Linux/x86_64/docker-$VERSION && chmod +x docker-$VERSION && sudo mv docker-$VERSION /usr/local/bin/docker
 # Then start docker in daemon mode:
 sudo /usr/local/bin/docker daemon
 EOF

 	# Add redirect at /builds/info for URL-backwards-compatibility
 	rm -rf /tmp/emptyfile && touch /tmp/emptyfile
 	s3cmd --acl-public --add-header='x-amz-website-redirect-location:/builds/' --mime-type='text/plain' put /tmp/emptyfile "s3://$BUCKET_PATH/builds/info"

 	if [ -z "$NOLATEST" ]; then
 		echo "Advertising $VERSION on $BUCKET_PATH as most recent version"
 		echo "$VERSION" | write_to_s3 "s3://$BUCKET_PATH/latest"
 	fi
 }

 # Upload the index script
 release_index() {
 	echo "Releasing index"
 	sed "s,url='https://get.docker.com/',url='$(s3_url)/'," hack/install.sh | write_to_s3 "s3://$BUCKET_PATH/index"
 }

 release_test() {
 	echo "Releasing tests"
 	if [ -e "bundles/$VERSION/test" ]; then
 		s3cmd --acl-public sync "bundles/$VERSION/test/" "s3://$BUCKET_PATH/test/"
 	fi
 }

 setup_gpg() {
 	echo "Setting up GPG"
 	# Make sure that we have our keys
 	mkdir -p "$HOME/.gnupg/"
 	s3cmd sync "s3://$BUCKET/ubuntu/.gnupg/" "$HOME/.gnupg/" || true
 	gpg --list-keys "$GPG_KEYID" >/dev/null || {
 		gpg --gen-key --batch <<EOF
 Key-Type: RSA
 Key-Length: 4096
 Passphrase: $GPG_PASSPHRASE
 Name-Real: Docker Release Tool
 Name-Email: docker@docker.com
 Name-Comment: $GPG_KEYID
 Expire-Date: 0
 %commit
 EOF
 	}
 }

 main() {
 	build_all
 	setup_s3
 	setup_gpg
 	release_binaries
 	release_ubuntu
 	release_index
 	release_test
 }

 main

 echo
 echo
 echo "Release complete; see $(s3_url)"
 echo "Use the following text to announce the release:"
 echo
 echo "We have just pushed $VERSION to $(s3_url). You can download it with the following:"
 echo
 echo "Ubuntu/Debian: curl -sSL $(s3_url) | sh"
 echo "Linux 64bit binary: $(s3_url)/builds/Linux/x86_64/docker-$VERSION"
 echo "Darwin/OSX 64bit client binary: $(s3_url)/builds/Darwin/x86_64/docker-$VERSION"
 echo "Darwin/OSX 32bit client binary: $(s3_url)/builds/Darwin/i386/docker-$VERSION"
 echo "Linux 64bit tgz: $(s3_url)/builds/Linux/x86_64/docker-$VERSION.tgz"
 echo "Windows 64bit client binary: $(s3_url)/builds/Windows/x86_64/docker-$VERSION.exe"
 echo "Windows 32bit client binary: $(s3_url)/builds/Windows/i386/docker-$VERSION.exe"
 echo
	#!/usr/bin/env bash
	set -e

	# This script looks for bundles built by make.sh, and releases them on a
	# public S3 bucket.
	#
	# Bundles should be available for the VERSION string passed as argument.
	#
	# The correct way to call this script is inside a container built by the
	# official Dockerfile at the root of the Docker source code. The Dockerfile,
	# make.sh and release.sh should all be from the same source code revision.

	set -o pipefail

	# Print a usage message and exit.
	usage() {
	cat >&2 <<'EOF'
	To run, I need:
	- to be in a container generated by the Dockerfile at the top of the Docker
	repository;
	- to be provided with the location of an S3 bucket and path, in
	environment variables AWS_S3_BUCKET and AWS_S3_BUCKET_PATH (default: '');
	- to be provided with AWS credentials for this S3 bucket, in environment
	variables AWS_ACCESS_KEY and AWS_SECRET_KEY;
	- the passphrase to unlock the GPG key specified by the optional environment
	variable GPG_KEYID (default: releasedocker) which will sign the deb
	packages (passed as environment variable GPG_PASSPHRASE);
	- a generous amount of good will and nice manners.
	The canonical way to run me is to run the image produced by the Dockerfile: e.g.:"

	docker run -e AWS_S3_BUCKET=test.docker.com \
	-e AWS_ACCESS_KEY=... \
	-e AWS_SECRET_KEY=... \
	-e GPG_PASSPHRASE=... \
	-i -t --privileged \
	docker ./hack/release.sh
	EOF
	exit 1
	}

	[ "$AWS_S3_BUCKET" ] \|\| usage
	[ "$AWS_ACCESS_KEY" ] \|\| usage
	[ "$AWS_SECRET_KEY" ] \|\| usage
	[ "$GPG_PASSPHRASE" ] \|\| usage
	: ${GPG_KEYID:=releasedocker}
	[ -d /go/src/github.com/docker/docker ] \|\| usage
	cd /go/src/github.com/docker/docker
	[ -x hack/make.sh ] \|\| usage

	RELEASE_BUNDLES=(
	binary
	cross
	tgz
	ubuntu
	)

	if [ "$1" != '--release-regardless-of-test-failure' ]; then
	RELEASE_BUNDLES=(
	test-unit
	"${RELEASE_BUNDLES[@]}"
	test-integration-cli
	)
	fi

	VERSION=$(< VERSION)
	BUCKET=$AWS_S3_BUCKET
	BUCKET_PATH=$BUCKET
	[[ -n "$AWS_S3_BUCKET_PATH" ]] && BUCKET_PATH+=/$AWS_S3_BUCKET_PATH

	if command -v git &> /dev/null && git rev-parse &> /dev/null; then
	if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
	echo "You cannot run the release script on a repo with uncommitted changes"
	usage
	fi
	fi

	# These are the 2 keys we've used to sign the deb's
	# release (get.docker.com)
	# GPG_KEY="36A1D7869245C8950F966E92D8576A8BA88D21E9"
	# test (test.docker.com)
	# GPG_KEY="740B314AE3941731B942C66ADF4FD13717AAD7D6"

	setup_s3() {
	echo "Setting up S3"
	# Try creating the bucket. Ignore errors (it might already exist).
	s3cmd mb "s3://$BUCKET" 2>/dev/null \|\| true
	# Check access to the bucket.
	# s3cmd has no useful exit status, so we cannot check that.
	# Instead, we check if it outputs anything on standard output.
	# (When there are problems, it uses standard error instead.)
	s3cmd info "s3://$BUCKET" \| grep -q .
	# Make the bucket accessible through website endpoints.
	s3cmd ws-create --ws-index index --ws-error error "s3://$BUCKET"
	}

	# write_to_s3 uploads the contents of standard input to the specified S3 url.
	write_to_s3() {
	DEST=$1
	F=`mktemp`
	cat > "$F"
	s3cmd --acl-public --mime-type='text/plain' put "$F" "$DEST"
	rm -f "$F"
	}

	s3_url() {
	case "$BUCKET" in
	get.docker.com\|test.docker.com\|experimental.docker.com)
	echo "https://$BUCKET_PATH"
	;;
	*)
	BASE_URL=$( s3cmd ws-info s3://$BUCKET \| awk -v 'FS=: +' '/http:\/\/'$BUCKET'/ { gsub(/\/+$/, "", $2); print $2 }' )
	if [[ -n "$AWS_S3_BUCKET_PATH" ]] ; then
	echo "$BASE_URL/$AWS_S3_BUCKET_PATH"
	else
	echo "$BASE_URL"
	fi
	;;
	esac
	}

	build_all() {
	echo "Building release"
	if ! ./hack/make.sh "${RELEASE_BUNDLES[@]}"; then
	echo >&2
	echo >&2 'The build or tests appear to have failed.'
	echo >&2
	echo >&2 'You, as the release maintainer, now have a couple options:'
	echo >&2 '- delay release and fix issues'
	echo >&2 '- delay release and fix issues'
	echo >&2 '- did we mention how important this is? issues need fixing :)'
	echo >&2
	echo >&2 'As a final LAST RESORT, you (because only you, the release maintainer,'
	echo >&2 ' really knows all the hairy problems at hand with the current release'
	echo >&2 ' issues) may bypass this checking by running this script again with the'
	echo >&2 ' single argument of "--release-regardless-of-test-failure", which will skip'
	echo >&2 ' running the test suite, and will only build the binaries and packages. Please'
	echo >&2 ' avoid using this if at all possible.'
	echo >&2
	echo >&2 'Regardless, we cannot stress enough the scarcity with which this bypass'
	echo >&2 ' should be used. If there are release issues, we should always err on the'
	echo >&2 ' side of caution.'
	echo >&2
	exit 1
	fi
	}

	upload_release_build() {
	src="$1"
	dst="$2"
	latest="$3"

	echo
	echo "Uploading $src"
	echo " to $dst"
	echo
	s3cmd --follow-symlinks --preserve --acl-public put "$src" "$dst"
	if [ "$latest" ]; then
	echo
	echo "Copying to $latest"
	echo
	s3cmd --acl-public cp "$dst" "$latest"
	fi

	# get hash files too (see hash_files() in hack/make.sh)
	for hashAlgo in md5 sha256; do
	if [ -e "$src.$hashAlgo" ]; then
	echo
	echo "Uploading $src.$hashAlgo"
	echo " to $dst.$hashAlgo"
	echo
	s3cmd --follow-symlinks --preserve --acl-public --mime-type='text/plain' put "$src.$hashAlgo" "$dst.$hashAlgo"
	if [ "$latest" ]; then
	echo
	echo "Copying to $latest.$hashAlgo"
	echo
	s3cmd --acl-public cp "$dst.$hashAlgo" "$latest.$hashAlgo"
	fi
	fi
	done
	}

	release_build() {
	echo "Releasing binaries"
	GOOS=$1
	GOARCH=$2

	binDir=bundles/$VERSION/cross/$GOOS/$GOARCH
	tgzDir=bundles/$VERSION/tgz/$GOOS/$GOARCH
	binary=docker-$VERSION
	tgz=docker-$VERSION.tgz

	latestBase=
	if [ -z "$NOLATEST" ]; then
	latestBase=docker-latest
	fi

	# we need to map our GOOS and GOARCH to uname values
	# see https://en.wikipedia.org/wiki/Uname
	# ie, GOOS=linux -> "uname -s"=Linux

	s3Os=$GOOS
	case "$s3Os" in
	darwin)
	s3Os=Darwin
	;;
	freebsd)
	s3Os=FreeBSD
	;;
	linux)
	s3Os=Linux
	;;
	windows)
	s3Os=Windows
	binary+='.exe'
	if [ "$latestBase" ]; then
	latestBase+='.exe'
	fi
	;;
	*)
	echo >&2 "error: can't convert $s3Os to an appropriate value for 'uname -s'"
	exit 1
	;;
	esac

	s3Arch=$GOARCH
	case "$s3Arch" in
	amd64)
	s3Arch=x86_64
	;;
	386)
	s3Arch=i386
	;;
	arm)
	s3Arch=armel
	# someday, we might potentially support mutliple GOARM values, in which case we might get armhf here too
	;;
	*)
	echo >&2 "error: can't convert $s3Arch to an appropriate value for 'uname -m'"
	exit 1
	;;
	esac

	s3Dir="s3://$BUCKET_PATH/builds/$s3Os/$s3Arch"
	latest=
	latestTgz=
	if [ "$latestBase" ]; then
	latest="$s3Dir/$latestBase"
	latestTgz="$s3Dir/$latestBase.tgz"
	fi

	if [ ! -x "$binDir/$binary" ]; then
	echo >&2 "error: can't find $binDir/$binary - was it compiled properly?"
	exit 1
	fi
	if [ ! -f "$tgzDir/$tgz" ]; then
	echo >&2 "error: can't find $tgzDir/$tgz - was it packaged properly?"
	exit 1
	fi

	upload_release_build "$binDir/$binary" "$s3Dir/$binary" "$latest"
	upload_release_build "$tgzDir/$tgz" "$s3Dir/$tgz" "$latestTgz"
	}

	# Upload the 'ubuntu' bundle to S3:
	# 1. A full APT repository is published at $BUCKET/ubuntu/
	# 2. Instructions for using the APT repository are uploaded at $BUCKET/ubuntu/index
	release_ubuntu() {
	echo "Releasing ubuntu"
	[ -e "bundles/$VERSION/ubuntu" ] \|\| {
	echo >&2 './hack/make.sh must be run before release_ubuntu'
	exit 1
	}

	local debfiles=( "bundles/$VERSION/ubuntu/"*.deb )

	# Sign our packages
	dpkg-sig -g "--passphrase $GPG_PASSPHRASE" -k "$GPG_KEYID" --sign builder "${debfiles[@]}"

	# Setup the APT repo
	APTDIR=bundles/$VERSION/ubuntu/apt
	mkdir -p "$APTDIR/conf" "$APTDIR/db"
	s3cmd sync "s3://$BUCKET/ubuntu/db/" "$APTDIR/db/" \|\| true
	cat > "$APTDIR/conf/distributions" <<EOF
	Codename: docker
	Components: main
	Architectures: amd64 i386
	EOF

	# Add the DEB package to the APT repo
	reprepro -b "$APTDIR" includedeb docker "${debfiles[@]}"

	# Sign
	for F in $(find $APTDIR -name Release); do
	gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \
	--armor --sign --detach-sign \
	--output "$F.gpg" "$F"
	done

	# Upload keys
	s3cmd sync "$HOME/.gnupg/" "s3://$BUCKET/ubuntu/.gnupg/"
	gpg --armor --export "$GPG_KEYID" > "bundles/$VERSION/ubuntu/gpg"
	s3cmd --acl-public put "bundles/$VERSION/ubuntu/gpg" "s3://$BUCKET/gpg"

	local gpgFingerprint=36A1D7869245C8950F966E92D8576A8BA88D21E9
	local s3Headers=
	if [[ $BUCKET == test* ]]; then
	gpgFingerprint=740B314AE3941731B942C66ADF4FD13717AAD7D6
	elif [[ $BUCKET == experimental* ]]; then
	gpgFingerprint=E33FF7BF5C91D50A6F91FFFD4CC38D40F9A96B49
	s3Headers='--add-header=Cache-Control:no-cache'
	fi

	# Upload repo
	s3cmd --acl-public $s3Headers sync "$APTDIR/" "s3://$BUCKET/ubuntu/"
	cat <<EOF \| write_to_s3 s3://$BUCKET/ubuntu/index
	echo "# WARNING! This script is deprecated. Please use the script"
	echo "# at https://get.docker.com/"
	EOF

	# Add redirect at /ubuntu/info for URL-backwards-compatibility
	rm -rf /tmp/emptyfile && touch /tmp/emptyfile
	s3cmd --acl-public --add-header='x-amz-website-redirect-location:/ubuntu/' --mime-type='text/plain' put /tmp/emptyfile "s3://$BUCKET/ubuntu/info"

	echo "APT repository uploaded. Instructions available at $(s3_url)/ubuntu"
	}

	# Upload binaries and tgz files to S3
	release_binaries() {
	[ -e "bundles/$VERSION/cross/linux/amd64/docker-$VERSION" ] \|\| {
	echo >&2 './hack/make.sh must be run before release_binaries'
	exit 1
	}

	for d in bundles/$VERSION/cross//; do
	GOARCH="$(basename "$d")"
	GOOS="$(basename "$(dirname "$d")")"
	release_build "$GOOS" "$GOARCH"
	done

	# TODO create redirect from builds//i686 to builds//i386

	cat <<EOF \| write_to_s3 s3://$BUCKET_PATH/builds/index
	# To install, run the following command as root:
	curl -sSL -O $(s3_url)/builds/Linux/x86_64/docker-$VERSION && chmod +x docker-$VERSION && sudo mv docker-$VERSION /usr/local/bin/docker
	# Then start docker in daemon mode:
	sudo /usr/local/bin/docker daemon
	EOF

	# Add redirect at /builds/info for URL-backwards-compatibility
	rm -rf /tmp/emptyfile && touch /tmp/emptyfile
	s3cmd --acl-public --add-header='x-amz-website-redirect-location:/builds/' --mime-type='text/plain' put /tmp/emptyfile "s3://$BUCKET_PATH/builds/info"

	if [ -z "$NOLATEST" ]; then
	echo "Advertising $VERSION on $BUCKET_PATH as most recent version"
	echo "$VERSION" \| write_to_s3 "s3://$BUCKET_PATH/latest"
	fi
	}

	# Upload the index script
	release_index() {
	echo "Releasing index"
	sed "s,url='https://get.docker.com/',url='$(s3_url)/'," hack/install.sh \| write_to_s3 "s3://$BUCKET_PATH/index"
	}

	release_test() {
	echo "Releasing tests"
	if [ -e "bundles/$VERSION/test" ]; then
	s3cmd --acl-public sync "bundles/$VERSION/test/" "s3://$BUCKET_PATH/test/"
	fi
	}

	setup_gpg() {
	echo "Setting up GPG"
	# Make sure that we have our keys
	mkdir -p "$HOME/.gnupg/"
	s3cmd sync "s3://$BUCKET/ubuntu/.gnupg/" "$HOME/.gnupg/" \|\| true
	gpg --list-keys "$GPG_KEYID" >/dev/null \|\| {
	gpg --gen-key --batch <<EOF
	Key-Type: RSA
	Key-Length: 4096
	Passphrase: $GPG_PASSPHRASE
	Name-Real: Docker Release Tool
	Name-Email: docker@docker.com
	Name-Comment: $GPG_KEYID
	Expire-Date: 0
	%commit
	EOF
	}
	}

	main() {
	build_all
	setup_s3
	setup_gpg
	release_binaries
	release_ubuntu
	release_index
	release_test
	}

	main

	echo
	echo
	echo "Release complete; see $(s3_url)"
	echo "Use the following text to announce the release:"
	echo
	echo "We have just pushed $VERSION to $(s3_url). You can download it with the following:"
	echo
	echo "Ubuntu/Debian: curl -sSL $(s3_url) \| sh"
	echo "Linux 64bit binary: $(s3_url)/builds/Linux/x86_64/docker-$VERSION"
	echo "Darwin/OSX 64bit client binary: $(s3_url)/builds/Darwin/x86_64/docker-$VERSION"
	echo "Darwin/OSX 32bit client binary: $(s3_url)/builds/Darwin/i386/docker-$VERSION"
	echo "Linux 64bit tgz: $(s3_url)/builds/Linux/x86_64/docker-$VERSION.tgz"
	echo "Windows 64bit client binary: $(s3_url)/builds/Windows/x86_64/docker-$VERSION.exe"
	echo "Windows 32bit client binary: $(s3_url)/builds/Windows/i386/docker-$VERSION.exe"
	echo