You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zipkin.apache.org by ad...@apache.org on 2019/05/11 09:45:43 UTC
[incubator-zipkin-website] branch master updated: Changes
quickstart to look at Maven central as Bintray is no longer used (#11)
This is an automated email from the ASF dual-hosted git repository.
adriancole pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-zipkin-website.git
The following commit(s) were added to refs/heads/master by this push:
new b82eedd Changes quickstart to look at Maven central as Bintray is no longer used (#11)
b82eedd is described below
commit b82eedd26a7f26115876e841b6ca602531ae629b
Author: Adrian Cole <ad...@users.noreply.github.com>
AuthorDate: Sat May 11 17:45:39 2019 +0800
Changes quickstart to look at Maven central as Bintray is no longer used (#11)
Right now, people can't download zipkin anymore. This fixes it by using
central until there is a better way.
Note: This drops GPG verification, as the assumption about who signed
the dist is no longer valid. This is better than scaring people.
Note: There's no requirement to sign the md5 file, even if Bintray did
that by default. ASF projects do not sign the md5.
---
quickstart.sh | 92 ++++++++++++++++++-----------------------------------------
1 file changed, 27 insertions(+), 65 deletions(-)
diff --git a/quickstart.sh b/quickstart.sh
index d1379ee..3634230 100755
--- a/quickstart.sh
+++ b/quickstart.sh
@@ -3,8 +3,8 @@
set -euo pipefail
# This will be set to 1 if we instruct the user to manually verify signatures,
-# when they have GPG but don't have the BinTray public key. Would be super confusing
-# to tell the user to use files that we've cleaned up.
+# when they have GPG but don't have the public key of the signer. Would be super
+# confusing to tell the user to use files that we've cleaned up.
DO_CLEANUP=0
# shellcheck disable=SC2015
@@ -15,6 +15,8 @@ color_bad=$(tput setaf 1 || true)
color_warn=$(tput setaf 3 || true)
color_reset=$(tput sgr0 || true)
+repo=https://repo.maven.apache.org/maven2
+
usage() {
cat <<EOF
${color_title}$0${color_reset}
@@ -25,16 +27,16 @@ Downloads the "VERSION" version of GROUP:ARTIFACT with classifier "CLASSIFIER"
to path "TARGET" on the local file system. "VERSION" can take the special value
"LATEST", in which case the latest Zipkin release will be used. For example:
-${color_title}$0 io.zipkin.java:zipkin-autoconfigure-collector-scribe:LATEST:module scribe.jar${color_reset}
+${color_title}$0 io.zipkin.aws:zipkin-autoconfigure-collector-kinesis:LATEST:module kinesis.jar${color_reset}
downloads the latest version of the artifact with group "io.zipkin.aws",
-artifact id "zipkin-autoconfigure-collector-scribe", and classifier "module"
-to PWD/scribe.jar
+artifact id "zipkin-autoconfigure-collector-kinesis", and classifier "module"
+to PWD/kinesis.jar
EOF
}
welcome() {
cat <<EOF
-${color_title}Thank you for trying OpenZipkin!${color_reset}
+${color_title}Thank you for trying Zipkin!${color_reset}
This installer is provided as a quick-start helper, so you can try Zipkin out
without a lengthy installation process.
@@ -64,7 +66,7 @@ cleanup() {
local base_filename="$1"; shift
if [[ "$DO_CLEANUP" -eq 0 ]]; then
printf '\n%s\n' "${color_title}Cleaning up checksum and signature files${color_reset}"
- execute_and_log rm -f "$base_filename"{.md5,.asc,.md5.asc}
+ execute_and_log rm -f "$base_filename"{.md5,.asc}
DO_CLEANUP=1
fi
}
@@ -79,15 +81,15 @@ handle_shutdown() {
${color_bad}
It looks like quick-start setup has failed. Please run the command again
with the debug flag like below, and open an issue on
-https://github.com/openzipkin/zipkin/issues/new. Make sure to include the
-full output of the run.
+https://github.com/apache/incubator-zipkin-website/issues/new. Make sure
+to include the full output of the run.
${color_reset}
- \\curl -sSL http://zipkin.io/quickstart.sh | bash -sx -- $@
+ \\curl -sSL https://zipkin.apache.org/quickstart.sh | bash -sx -- $@
In the meanwhile, you can manually download and run the latest executable jar
from the following URL:
-https://dl.bintray.com/openzipkin/maven/io/zipkin/java/zipkin-server/
+https://search.maven.org/remote_content?g=org.apache.zipkin&a=zipkin-server&v=LATEST&c=exec
EOF
fi
}
@@ -107,48 +109,8 @@ fetch() {
fetch_latest_version() {
local artifact_group="$1"; shift
local artifact_id="$1"; shift
- local url="https://api.bintray.com/search/packages/maven?g=${artifact_group}&a=${artifact_id}&subject=openzipkin"
- local package_data
- local package_count
- local have_jq
-
- # We'll have more robustness if jq is present, but will do our best without it as well
- if command -v jq >/dev/null 2>&1; then
- have_jq=0
- else
- have_jq=1
- printf >&2 '%s\n' \
- "${color_warn}jq not found on path. This script will still do its best, but installing jq" \
- "will allow it to parse data from Bintray in a more robust fashion.${color_reset}"
- fi
-
- # Call the Bintray API to search for releases
- package_data="$(execute_and_log curl -SL "'$url'")"
-
- # Count how many packages we got from the search
- if [[ $have_jq -eq 0 ]]; then
- package_count="$(jq length <<< "$package_data")"
- else
- package_count="$(grep -c latest_version <<< "${package_data//,/$'\n'}")"
- fi
- # We want exactly one result.
- if [[ "$package_count" -eq 0 ]]; then
- printf >&2 '%s%s%s\n' \
- "${color_bad}" \
- 'No package information found; the provided group or artifact ID may be invalid.' \
- "${color_reset}"
- exit 1
- elif [[ "$package_count" -gt 1 ]]; then
- printf >&2 '%s\n' "${color_bad}More than one package returned from search by Maven group and artifact ID.${color_reset}"
- exit 1
- fi
-
- # Finally, extract the actual package version
- if [[ $have_jq -eq 0 ]]; then
- jq '.[0].latest_version' -r <<< "$package_data"
- else
- grep latest_version <<< "${package_data//,/$'\n'}" | sed 's/^.*"latest_version" *: *"*\([^"]*\)".*$/\1/'
- fi
+ local url="${repo}/${artifact_group_with_slashes}/${artifact_id}/maven-metadata.xml"
+ printf $(curl -sSL $url | sed -n '/<version>/s/.*<version>\([^<]*\)<\/version>.*/\1/p'|tail -1)
}
artifact_part() {
@@ -198,22 +160,21 @@ verify_signature() {
printf '\n%s\n' "${color_title}Verifying GPG signature of $filename...${color_reset}"
- local bintray_gpg_key='D401AB61'
+ local gpg_key='D401AB61'
if command -v gpg >/dev/null 2>&1; then
fetch "$url.asc" "$filename.asc"
- if gpg --list-keys "$bintray_gpg_key" >/dev/null 2>&1; then
+ if gpg --list-keys "$gpg_key" >/dev/null 2>&1; then
execute_and_log gpg --verify "$filename.asc" "$filename"
printf '%s\n' "${color_good}GPG signature for ${filename} passes verification${color_reset}"
else
cat <<EOF
${color_warn}
-JFrog BinTray GPG signing key is not known, skipping signature verification.
-You can import it, then verify the signature of $filename, using the following
-commands:
+GPG signing key is not known, skipping signature verification.
+Use the following commands to manually verify the signature of $filename:
- gpg --keyserver keyserver.ubuntu.com --recv $bintray_gpg_key
- # Optionally trust the key via 'gpg --edit-key $bintray_gpg_key', then typing 'trust',
+ gpg --keyserver keyserver.ubuntu.com --recv $gpg_key
+ # Optionally trust the key via 'gpg --edit-key $gpg_key', then typing 'trust',
# choosing a trust level, and exiting the interactive GPG session by 'quit'
gpg --verify $filename.asc $filename
${color_reset}
@@ -226,7 +187,7 @@ EOF
}
main() {
- local artifact_group=io.zipkin.java
+ local artifact_group=org.apache.zipkin
local artifact_id=zipkin-server
local artifact_version=LATEST
local artifact_version_lowercase=latest
@@ -263,6 +224,7 @@ main() {
welcome
+ artifact_group_with_slashes="${artifact_group//.//}"
artifact_version_lowercase="$(tr '[:upper:]' '[:lower:]' <<< "$artifact_version")"
if [ "${artifact_version_lowercase}" = 'latest' ]; then
printf '%s\n' "${color_title}Fetching version number of latest ${artifact_group}:${artifact_id} release...${color_reset}"
@@ -272,12 +234,12 @@ main() {
printf '%s\n\n' "${color_good}Latest release of ${artifact_group}:${artifact_id} seems to be ${artifact_version}${color_reset}"
printf '%s\n' "${color_title}Downloading $artifact_group:$artifact_id:$artifact_version:$artifact_classifier to $filename...${color_reset}"
- artifact_group_with_slashes="${artifact_group//.//}"
- artifact_url="https://dl.bintray.com/openzipkin/maven/${artifact_group_with_slashes}/${artifact_id}/$artifact_version/${artifact_id}-${artifact_version}${artifact_classifier_suffix}.jar"
+ artifact_url="${repo}/${artifact_group_with_slashes}/${artifact_id}/$artifact_version/${artifact_id}-${artifact_version}${artifact_classifier_suffix}.jar"
fetch "$artifact_url" "$filename"
verify_checksum "$artifact_url" "$filename"
- verify_signature "$artifact_url" "$filename"
- verify_signature "$artifact_url.md5" "$filename.md5"
+ # Disabled as it is assuming the GPG key is from Bintray, which it won't be. This is better than
+ # scaring people. In the future, we can do fancy things to determine which of the ASF keys it is.
+ # verify_signature "$artifact_url" "$filename"
cleanup "$filename"
farewell "$artifact_classifier" "$filename"