You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@datasketches.apache.org by jm...@apache.org on 2022/06/27 18:08:52 UTC
svn commit: r55315 - /dev/datasketches/scripts/sign_pypi_wheels.sh
Author: jmalkin
Date: Mon Jun 27 18:08:52 2022
New Revision: 55315
Log:
Add script to sign files for pypi wheels
Added:
dev/datasketches/scripts/sign_pypi_wheels.sh (with props)
Added: dev/datasketches/scripts/sign_pypi_wheels.sh
==============================================================================
--- dev/datasketches/scripts/sign_pypi_wheels.sh (added)
+++ dev/datasketches/scripts/sign_pypi_wheels.sh Mon Jun 27 18:08:52 2022
@@ -0,0 +1,73 @@
+#!/bin/bash -e
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+
+
+# This script takes the full path to an archive with a set of python
+# sdist and bdist files, uncompresses it, and generates gpg signatures
+# and sha512 checksums.
+
+# This script will create a temporary directory to hold the archive
+# and will copy the results to the target directory.
+
+if [ -z "$1" ]; then echo "Missing archive path"; exit 1; fi
+if [ -z "$2" ]; then echo "Missing destination directory"; exit 1; fi
+
+tmpdir=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
+
+
+cd $tmpdir
+unzip $1
+for file in ./*; do
+ echo "Filename: $file"
+
+ # GPG
+ ASC=${file}.asc
+ gpg --verbose --armor --detach-sign --personal-digest-preferences SHA512 "$file"
+
+ if [ ! -f ${ASC} ]; then
+ echo
+ echo " !!! ERROR: ${ASC} file does not exist"
+ exit 1;
+ fi
+ echo " * ASC File = ${ASC}"
+
+ echo
+ echo "## GPG Verify"
+ gpg --verbose --verify "$ASC" "$file"
+
+ # SHA512
+ SHA512=${file}.sha512
+ shasum --algorithm 512 "$file" > "$SHA512"
+
+ if [ ! -f "$SHA512" ]; then
+ echo
+ echo " !!! ERROR: .sha512 file does not exist"
+ exit 1;
+ fi
+ echo " * SHA512 file = $SHA512"
+
+ echo
+ echo "## SHA512 Check:"
+ shasum --algorithm 512 --check $SHA512
+done
+
+mv $tmpdir/* $2
+
+rm -rf $tmpdir
Propchange: dev/datasketches/scripts/sign_pypi_wheels.sh
------------------------------------------------------------------------------
svn:executable = *
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@datasketches.apache.org
For additional commands, e-mail: commits-help@datasketches.apache.org