summaryrefslogtreecommitdiffstats
path: root/release-utils
diff options
context:
space:
mode:
Diffstat (limited to '')
-rwxr-xr-xrelease-utils/chromium-release.sh26
-rwxr-xr-xrelease-utils/firefox-release.sh45
-rwxr-xr-xrelease-utils/make-eff-zip.sh32
-rwxr-xr-xrelease-utils/make-release-zip.sh43
-rwxr-xr-xrelease-utils/make-release.sh50
-rwxr-xr-xrelease-utils/make-signed-xpi.sh65
-rwxr-xr-xrelease-utils/post-chrome-release.sh29
-rwxr-xr-xrelease-utils/post-release.sh77
8 files changed, 367 insertions, 0 deletions
diff --git a/release-utils/chromium-release.sh b/release-utils/chromium-release.sh
new file mode 100755
index 0000000..491d172
--- /dev/null
+++ b/release-utils/chromium-release.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+if [ $# -ne 3 ]; then
+ echo "$0 TAG KEY DESTINATION"
+ exit
+fi
+
+SUBDIR=checkout
+[ -d $SUBDIR ] && rm -rf $SUBDIR
+mkdir $SUBDIR
+cp -r -f -a .git $SUBDIR
+cd $SUBDIR
+git reset --hard "$1"
+
+# clean up
+# TODO duplicated in make-eff-zip.sh
+rm -rf src/tests # remove unit tests
+rm src/data/dnt-policy.txt # only used by unit tests
+cp LICENSE src/ # include LICENSE in build
+
+echo "Building chrome version" "$1"
+
+chromium --pack-extension="src/" --pack-extension-key="$2"
+cd -
+mv checkout/src.crx "$3"
+rm -rf checkout
diff --git a/release-utils/firefox-release.sh b/release-utils/firefox-release.sh
new file mode 100755
index 0000000..0242c6d
--- /dev/null
+++ b/release-utils/firefox-release.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+set -e
+cd "$(dirname "$0")"
+
+PKGDIR=../pkg
+
+# To make an Privacy Badger firefox release, signed with an offline key
+
+# 1. get the repo into a sane state for a release
+# 2. ensure that doc/Changelog approximately describes this release
+# 3. tag the release with "git tag -s <release version number>"
+# 4. run this script with <release version number> as the argument
+
+
+if [ $# -ne 1 ] ; then
+ echo "Usage: $0 <version to release>"
+ exit 1
+fi
+TARGET=$1
+
+
+if ! git show release-"$TARGET" > /dev/null 2> /dev/null ; then
+ echo "$TARGET is not a valid git target"
+ exit 1
+fi
+
+PKG=$PKGDIR/privacy-badger-eff-$TARGET.xpi
+ALT=$PKGDIR/privacy-badger-eff-latest.xpi
+
+if ! ./make-signed-xpi.sh "$TARGET" ; then
+ echo "Failed to build target $TARGET XPI"
+ exit 1
+fi
+
+if ! [ -f "$PKG" ] ; then
+ echo "Failed to find package $PKG after build"
+ exit 1
+fi
+
+# XXX: Why make a gpg detached sig?
+echo "Making (secondary) GPG signature"
+gpg --detach-sign "$PKG"
+
+cp "$PKG" "$ALT"
diff --git a/release-utils/make-eff-zip.sh b/release-utils/make-eff-zip.sh
new file mode 100755
index 0000000..e06be24
--- /dev/null
+++ b/release-utils/make-eff-zip.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+# make a release zip of Privacy Badger for opera and firefox
+# chrome releases happen in chromium-release.sh
+
+# this script takes a mandatory argument which is the git tag to build
+
+if [ -n "$1" ]; then
+ SUBDIR=checkout
+ [ -d $SUBDIR ] && rm -rf $SUBDIR
+ mkdir $SUBDIR
+ cp -r -f -a .git $SUBDIR
+ cd $SUBDIR
+ git reset --hard "$1"
+
+ # clean up
+ # TODO duplicated in chromium-release.sh
+ rm -rf src/tests # remove unit tests
+ rm src/data/dnt-policy.txt # only used by unit tests
+ cp LICENSE src/ # include LICENSE in build
+
+else
+ echo "Please supply a tag name for the release you are zipping"
+ exit 1
+fi
+
+
+echo "Building zip version" "$1"
+
+(cd src && zip -q -r ../privacy_badger-"$TARGET".zip .)
+mv privacy_badger*.zip ../pkg/
+cd -
diff --git a/release-utils/make-release-zip.sh b/release-utils/make-release-zip.sh
new file mode 100755
index 0000000..8010b1f
--- /dev/null
+++ b/release-utils/make-release-zip.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# We use the immutable filesystem attribute as a workaround for the fact that
+# the build scripts are not currently idempotent.
+
+# The fact that the package is marked immutable means that it has been built
+# for release.
+
+if ! lsattr "$PREPKG" | cut -f 1 -d" " | grep -q i ; then
+
+ if [ -f "$PREPKG" ] ; then
+ echo "$PREPKG" is not immutable, rebuilding it for release!
+ else
+ echo building "$PREPKG" for the first time...
+ fi
+
+ if ! release-utils/make-eff-zip.sh "$GITTAG" ; then
+ echo "Failed to build target $GITTAG"
+ exit 1
+ fi
+
+ if ! [ -f "$PREPKG" -a -f "$PREPKGCWS" ] ; then
+ echo "Failed to find package $PREPKG after build"
+ exit 1
+ fi
+
+ # Verification and testing of build goes here!
+
+ echo Marking "$PREPKG" immutable...
+ if ! sudo true ; then
+ echo "Failed to sudo :("
+ exit 1
+ fi
+ if ! sudo chattr +i "$PREPKG" "$PREPKGCWS"; then
+ echo ""
+ echo "WARNING: FAILED TO MARK $PREPKG or $PREPKGCWS IMMUTABLE."
+ echo "DO NOT RERUN THIS SCRIPT AFTER SIGNING"
+ echo ""
+ read -p "(Press Enter to acknowledge)"
+ fi
+else
+ echo "$PREPKG is immutable; good, not rebuilding it..."
+fi
diff --git a/release-utils/make-release.sh b/release-utils/make-release.sh
new file mode 100755
index 0000000..4cda497
--- /dev/null
+++ b/release-utils/make-release.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+# To make a privacy badger release see wiki
+
+if [ $# -ne 1 ] ; then
+ echo "Usage: $0 <version to release>"
+ exit 1
+fi
+export TARGET=$1
+export GITTAG
+
+if ! [ -f ./release-utils/config.sh ] ; then
+ echo "Missing config file. Cannot continue."
+ exit 1
+fi
+source ./release-utils/config.sh
+
+
+if echo "$TARGET" | grep -q release- ; then
+ GITTAG=$TARGET
+ TARGET=$(echo "$TARGET" | sed s/release-//)
+else
+ GITTAG=release-$TARGET
+fi
+
+if ! git show "$GITTAG" > /dev/null 2> /dev/null ; then
+ echo "$GITTAG is not a valid git target"
+ exit 1
+fi
+
+export PREPKG=pkg/privacy_badger-$TARGET.zip
+export PREPKGCWS=pkg/privacy_badger-$TARGET.zip
+
+
+echo "Making Opera zip"
+if ! release-utils/make-release-zip.sh "$TARGET"; then
+ echo "Failed to build target $TARGET for Opera"
+ exit 1
+fi
+
+echo "Making Firefox release"
+if ! release-utils/firefox-release.sh "$TARGET"; then
+ echo "Failed to build target $TARGET for Firefox"
+ exit 1
+fi
+
+
+./release-utils/post-release.sh "$TARGET"
+
+rm -rf checkout
diff --git a/release-utils/make-signed-xpi.sh b/release-utils/make-signed-xpi.sh
new file mode 100755
index 0000000..cf3fe73
--- /dev/null
+++ b/release-utils/make-signed-xpi.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+set -e
+
+cd "$(dirname "$0")"
+
+LATEST_SDK_VERSION=5.2.0
+WEB_EXT=../node_modules/.bin/web-ext
+
+# Auto-generated XPI name from 'web-ext sign'
+PRE_XPI_NAME=privacy_badger_by_eff-$TARGET-an+fx.xpi
+XPI_NAME="privacy-badger-eff-$1.xpi"
+AMO_ZIP_NAME="privacy_badger-$1.amo.zip"
+
+if ! type $WEB_EXT > /dev/null; then
+ echo "Please install web-ext before running this script."
+ exit 1
+fi
+
+if ! $WEB_EXT --version | grep -q "$LATEST_SDK_VERSION"; then
+ echo "Please use the latest stable web-ext version or edit this script to the current version."
+ exit 1
+fi
+
+if [ $# -ne 1 ]; then
+ echo "Usage: $0 <version to release>"
+ exit 1
+fi
+
+echo "changing author value"
+sed -i -e '/eff.software.projects@gmail.com/,+1d' -e 's/"author": {/"author": "privacybadger-owner@eff.org",/' ../checkout/src/manifest.json
+
+echo "removing Chrome's update_url"
+# remove update_url
+sed -i -e '/"update_url": "https:\/\/clients2.google.com\/service\/update2\/crx"/,+0d' ../checkout/src/manifest.json
+# fix the trailing comma
+# TODO fragile! at least we validate the JSON below
+# https://unix.stackexchange.com/a/26288
+# https://unix.stackexchange.com/a/26290
+sed -i -e '/"storage": {/{
+ n
+ n
+ s/},/}/
+}' ../checkout/src/manifest.json
+
+# lint the checkout folder
+$WEB_EXT lint -s ../checkout/src
+
+echo "making zip file for AMO"
+
+(cd ../checkout/src && rm -f ../../pkg/"$AMO_ZIP_NAME" && zip -q -r ../../pkg/"$AMO_ZIP_NAME" ./*)
+
+echo "insert self hosting package id"
+# Insert self hosted package id
+sed -i 's,"id": "jid1-MnnxcxisBPnSXQ@jetpack","id": "jid1-MnnxcxisBPnSXQ-eff@jetpack"\,\n "update_url": "https://www.eff.org/files/privacy-badger-updates.json",' ../checkout/src/manifest.json
+
+# lint checkout again as our modification above could have broken something
+# disable AMO-specific checks to allow applications.gecko.update_url
+$WEB_EXT lint -s ../checkout/src --self-hosted
+
+#"update_url": "https://www.eff.org/files/privacy-badger-updates.json"
+# Build and sign the XPI
+echo "Running web-ext sign"
+$WEB_EXT sign -s ../checkout/src --api-key "$AMO_API_KEY" --api-secret "$AMO_API_SECRET" -a ../pkg
+mv "../pkg/$PRE_XPI_NAME" "../pkg/$XPI_NAME"
diff --git a/release-utils/post-chrome-release.sh b/release-utils/post-chrome-release.sh
new file mode 100755
index 0000000..a751ef7
--- /dev/null
+++ b/release-utils/post-chrome-release.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+if ! [ -f ./release-utils/config.sh ] ; then
+ echo "Missing config file. Cannot continue."
+ exit 1
+fi
+source ./release-utils/config.sh
+
+if [ $# -ne 1 ] ; then
+ echo "Usage: $0 <version to release>"
+ exit 1
+fi
+TARGET=$1
+if ! git show release-"$TARGET" > /dev/null 2> /dev/null ; then
+ echo "$TARGET is not a valid git target"
+ exit 1
+fi
+
+PKGDIR=pkg
+CHROME_PKG=$PKGDIR/privacy_badger-"$TARGET".crx
+if ! [ -f "$CHROME_PKG" ] ; then
+ mv $PKGDIR/privacy-badger-"$TARGET".crx "$CHROME_PKG"
+fi
+CHROME_ALT=$PKGDIR/privacy_badger-chrome.crx
+echo "Uploading chrome package"
+cp "$CHROME_PKG" "$CHROME_ALT"
+echo Copying .crx files...
+scp "$CHROME_PKG" "$USER@$SERVER:/www/eff.org/files" || exit 1
+scp "$CHROME_ALT" "$USER@$SERVER:/www/eff.org/files" || exit 1
diff --git a/release-utils/post-release.sh b/release-utils/post-release.sh
new file mode 100755
index 0000000..4bfe00e
--- /dev/null
+++ b/release-utils/post-release.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+cd "$(dirname "$0")"
+source ./config.sh
+PKGDIR=../pkg
+if [ $# -ne 1 ] ; then
+ echo "Usage: $0 <version to release>"
+ exit 1
+fi
+TARGET=$1
+if ! git show release-"$TARGET" > /dev/null 2> /dev/null ; then
+ echo "$TARGET is not a valid git target"
+ exit 1
+fi
+PKG="$PKGDIR"/privacy-badger-eff-$TARGET.xpi
+ALT="$PKGDIR"/privacy-badger-eff-latest.xpi
+
+echo Copying .xpi files...
+scp "$PKG" "$USER@$SERVER:/www/eff.org/files" || exit 1
+scp "$ALT" "$USER@$SERVER:/www/eff.org/files" || exit 1
+echo Copying detached signature
+scp "$PKG".sig "$USER@$SERVER:/www/eff.org/files" || exit 1
+echo Copying Changelog.txt
+git show release-"$TARGET":doc/Changelog > /tmp/pbchangelog$$ || exit 1
+scp /tmp/pbchangelog$$ "$USER@$SERVER:/www/eff.org/files/pbChangelog.txt" || exit 1
+rm -f /tmp/changelog$$
+
+MSG=/tmp/email$$
+
+echo "Privacy Badger $TARGET has been released for all supported browsers." > $MSG
+echo "As always, you can get it from https://privacybadger.org/ or from your browser's add-on gallery." >> $MSG
+echo "" >> $MSG
+echo "Notable updates:" >> $MSG
+echo "" >> $MSG
+tail -n+5 ../doc/Changelog | sed '/^$/q' >> $MSG
+echo "For further details, consult our release notes on GitHub:" >> $MSG
+echo "https://github.com/EFForg/privacybadger/releases/tag/release-$TARGET" >> $MSG
+
+echo To send email to the mailing list...
+echo mutt -s "Privacy\ Badger\ version\ $TARGET\ released" privacybadger@eff.org '<' $MSG
+echo "Now please edit https://www.eff.org/files/privacy-badger-updates.json to include the following"
+echo ""
+echo "{"
+echo " \"version\": \"$TARGET\","
+echo " \"update_link\": \"https://eff.org/files/privacy-badger-eff-$TARGET.xpi\","
+echo " \"update_hash\": \"sha256:$(sha256sum "$PKG" | cut -c 1-64)\","
+echo " \"applications\": {"
+echo " \"gecko\": { \"strict_min_version\": \"52.0\" }"
+echo " }"
+echo "}"
+
+echo ""
+echo "AMO release notes:"
+echo ""
+echo "<ul>"
+tail -n+5 ../doc/Changelog | sed '/^$/q' | {
+ out=""
+ while IFS= read -r line; do
+ # changelog entries start with "*"
+ if [ "${line:0:1}" = "*" ]; then
+ # this is the first entry
+ if [ -z "$out" ]; then
+ out="<li>${line:2}"
+ else
+ out="$out</li>\n<li>${line:2}"
+ fi
+ # changelog entry continues
+ else
+ if [ -n "$line" ]; then
+ out="$out $line"
+ fi
+ fi
+ done
+ echo -e "$out</li>"
+}
+echo "</ul>"
+echo ""