You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@datasketches.apache.org by jm...@apache.org on 2022/06/27 18:08:52 UTC

svn commit: r55315 - /dev/datasketches/scripts/sign_pypi_wheels.sh

Author: jmalkin
Date: Mon Jun 27 18:08:52 2022
New Revision: 55315

Log:
Add script to sign files for pypi wheels

Added:
    dev/datasketches/scripts/sign_pypi_wheels.sh   (with props)

Added: dev/datasketches/scripts/sign_pypi_wheels.sh
==============================================================================
--- dev/datasketches/scripts/sign_pypi_wheels.sh (added)
+++ dev/datasketches/scripts/sign_pypi_wheels.sh Mon Jun 27 18:08:52 2022
@@ -0,0 +1,73 @@
+#!/bin/bash -e
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+
+
+# This script takes the full path to an archive with a set of python
+# sdist and bdist files, uncompresses it, and generates gpg signatures
+# and sha512 checksums.
+
+# This script will create a temporary directory to hold the archive
+# and will copy the results to the target directory.
+
+if [ -z "$1" ]; then echo "Missing archive path";          exit 1; fi
+if [ -z "$2" ]; then echo "Missing destination directory"; exit 1; fi
+
+tmpdir=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
+
+
+cd $tmpdir
+unzip $1
+for file in ./*; do
+    echo "Filename: $file"
+
+    # GPG
+    ASC=${file}.asc
+    gpg --verbose --armor --detach-sign --personal-digest-preferences SHA512 "$file"
+    
+    if [ ! -f ${ASC} ]; then 
+	echo
+	echo " !!! ERROR: ${ASC} file does not exist"
+	exit 1;
+    fi
+    echo " * ASC File = ${ASC}"
+
+    echo
+    echo "## GPG Verify"
+    gpg --verbose --verify "$ASC" "$file"
+
+    # SHA512
+    SHA512=${file}.sha512
+    shasum --algorithm 512 "$file" > "$SHA512"
+
+    if [ ! -f "$SHA512" ]; then 
+	echo
+	echo " !!! ERROR: .sha512 file does not exist"
+	exit 1;
+    fi
+    echo " * SHA512 file = $SHA512"
+
+    echo
+    echo "## SHA512 Check:"
+    shasum --algorithm 512 --check $SHA512    
+done
+
+mv $tmpdir/* $2
+
+rm -rf $tmpdir

Propchange: dev/datasketches/scripts/sign_pypi_wheels.sh
------------------------------------------------------------------------------
    svn:executable = *



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@datasketches.apache.org
For additional commands, e-mail: commits-help@datasketches.apache.org