You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by da...@apache.org on 2019/10/29 23:42:16 UTC
svn commit: r1869135 - in /subversion/trunk/tools/dist: release.py
templates/download.ezt templates/rc-release-ann.ezt
templates/stable-release-ann.ezt
Author: danielsh
Date: Tue Oct 29 23:42:16 2019
New Revision: 1869135
URL: http://svn.apache.org/viewvc?rev=1869135&view=rev
Log:
release.py: Automatically add to dist/ a current KEYS file with each release.
In particular, this means versioned KEYS files will be archived to
archive.a.o/dist/, and will continue to contain keys after those have
been removed from a committer's id.a.o profile.
* tools/dist/release.py
(download_file): Make checksum verification opt-outable.
(roll_tarballs): Download the KEYS file to the target directory.
Rely on TLS for authenticity and integrity of the downloaded
file (as we already do for authenticity and integrity of the subsequent
commit operation).
* tools/dist/templates/download.ezt,
* tools/dist/templates/rc-release-ann.ezt,
* tools/dist/templates/stable-release-ann.ezt:
Link to the per-release KEYS file.
Modified:
subversion/trunk/tools/dist/release.py
subversion/trunk/tools/dist/templates/download.ezt
subversion/trunk/tools/dist/templates/rc-release-ann.ezt
subversion/trunk/tools/dist/templates/stable-release-ann.ezt
Modified: subversion/trunk/tools/dist/release.py
URL: http://svn.apache.org/viewvc/subversion/trunk/tools/dist/release.py?rev=1869135&r1=1869134&r2=1869135&view=diff
==============================================================================
--- subversion/trunk/tools/dist/release.py (original)
+++ subversion/trunk/tools/dist/release.py Tue Oct 29 23:42:16 2019
@@ -295,6 +295,13 @@ def run_script(verbose, script, hide_std
run_command(l.split(), verbose, hide_stderr)
def download_file(url, target, checksum):
+ """Download the file at URL to the local path TARGET.
+ If CHECKSUM is a string, verify the checksum of the downloaded
+ file and raise RuntimeError if it does not match. If CHECKSUM
+ is None, do not verify the downloaded file.
+ """
+ assert checksum is None or isinstance(checksum, str)
+
response = urllib2.urlopen(url)
target_file = open(target, 'w+')
target_file.write(response.read())
@@ -303,7 +310,7 @@ def download_file(url, target, checksum)
m.update(target_file.read())
target_file.close()
checksum2 = m.hexdigest()
- if checksum != checksum2:
+ if checksum is not None and checksum != checksum2:
raise RuntimeError("Checksum mismatch for '%s': "\
"downloaded: '%s'; expected: '%s'" % \
(target, checksum, checksum2))
@@ -966,7 +973,15 @@ def roll_tarballs(args):
shutil.copy(os.path.join(get_workdir(args.base_dir),
'subversion', 'include', 'svn_version.h'),
os.path.join(get_target(args),
- 'svn_version.h.dist-%s' % str(args.version)))
+ 'svn_version.h.dist-%s'
+ % (str(args.version),)))
+
+ # Download and "tag" the KEYS file (in case a signing key is removed
+ # from a committer's LDAP profile down the road)
+ basename = 'subversion-%s.KEYS' % (str(args.version),)
+ filepath = os.path.join(get_tempdir(args.base_dir), basename)
+ download_file(KEYS, filepath, None)
+ shutil.move(filepath, get_target(args))
# And we're done!
Modified: subversion/trunk/tools/dist/templates/download.ezt
URL: http://svn.apache.org/viewvc/subversion/trunk/tools/dist/templates/download.ezt?rev=1869135&r1=1869134&r2=1869135&view=diff
==============================================================================
--- subversion/trunk/tools/dist/templates/download.ezt (original)
+++ subversion/trunk/tools/dist/templates/download.ezt Tue Oct 29 23:42:16 2019
@@ -4,10 +4,12 @@
<th>File</th>
<th>Checksum (SHA512)</th>
<th>Signatures</th>
+ <th>PGP Public Keys</th>
</tr>
[for fileinfo]<tr>
<td><a href="[[]preferred]subversion/[fileinfo.filename]">[fileinfo.filename]</a></td>
<td>[<a href="https://www.apache.org/dist/subversion/[fileinfo.filename].sha512">SHA-512</a>]</td>
- <td>[<a href="https://www.apache.org/dist/subversion/[fileinfo.filename].asc">PGP</a>]</td>
+ <td>[<a href="https://www.apache.org/dist/subversion/[fileinfo.filename].asc">PGP signatures</a>]</td>
+ <td>[<a href="https://www.apache.org/dist/subversion/subversion-[version].KEYS">PGP keyring</a>]</td>
</tr>[end]
</table>
Modified: subversion/trunk/tools/dist/templates/rc-release-ann.ezt
URL: http://svn.apache.org/viewvc/subversion/trunk/tools/dist/templates/rc-release-ann.ezt?rev=1869135&r1=1869134&r2=1869135&view=diff
==============================================================================
--- subversion/trunk/tools/dist/templates/rc-release-ann.ezt (original)
+++ subversion/trunk/tools/dist/templates/rc-release-ann.ezt Tue Oct 29 23:42:16 2019
@@ -23,6 +23,10 @@ PGP Signatures are available at:
For this release, the following people have provided PGP signatures:
[siginfo]
+These public keys are available at:
+
+ https://www.apache.org/dist/subversion/subversion-[version].KEYS
+
This is a pre-release for what will eventually become version [major-minor-patch] of the
Apache Subversion open source version control system. It may contain known
issues, a complete list of [major-minor-patch]-blocking issues can be found
Modified: subversion/trunk/tools/dist/templates/stable-release-ann.ezt
URL: http://svn.apache.org/viewvc/subversion/trunk/tools/dist/templates/stable-release-ann.ezt?rev=1869135&r1=1869134&r2=1869135&view=diff
==============================================================================
--- subversion/trunk/tools/dist/templates/stable-release-ann.ezt (original)
+++ subversion/trunk/tools/dist/templates/stable-release-ann.ezt Tue Oct 29 23:42:16 2019
@@ -34,6 +34,10 @@ PGP Signatures are available at:
For this release, the following people have provided PGP signatures:
[siginfo]
+These public keys are available at:
+
+ https://www.apache.org/dist/subversion/subversion-[version].KEYS
+
Release notes for the [major-minor].x release series may be found at:
https://subversion.apache.org/docs/release-notes/[major-minor].html