diff options
Diffstat (limited to 'release-utils')
-rwxr-xr-x | release-utils/chromium-release.sh | 26 | ||||
-rwxr-xr-x | release-utils/firefox-release.sh | 45 | ||||
-rwxr-xr-x | release-utils/make-eff-zip.sh | 32 | ||||
-rwxr-xr-x | release-utils/make-release-zip.sh | 43 | ||||
-rwxr-xr-x | release-utils/make-release.sh | 50 | ||||
-rwxr-xr-x | release-utils/make-signed-xpi.sh | 65 | ||||
-rwxr-xr-x | release-utils/post-chrome-release.sh | 29 | ||||
-rwxr-xr-x | release-utils/post-release.sh | 77 |
8 files changed, 367 insertions, 0 deletions
diff --git a/release-utils/chromium-release.sh b/release-utils/chromium-release.sh new file mode 100755 index 0000000..491d172 --- /dev/null +++ b/release-utils/chromium-release.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +if [ $# -ne 3 ]; then + echo "$0 TAG KEY DESTINATION" + exit +fi + +SUBDIR=checkout +[ -d $SUBDIR ] && rm -rf $SUBDIR +mkdir $SUBDIR +cp -r -f -a .git $SUBDIR +cd $SUBDIR +git reset --hard "$1" + +# clean up +# TODO duplicated in make-eff-zip.sh +rm -rf src/tests # remove unit tests +rm src/data/dnt-policy.txt # only used by unit tests +cp LICENSE src/ # include LICENSE in build + +echo "Building chrome version" "$1" + +chromium --pack-extension="src/" --pack-extension-key="$2" +cd - +mv checkout/src.crx "$3" +rm -rf checkout diff --git a/release-utils/firefox-release.sh b/release-utils/firefox-release.sh new file mode 100755 index 0000000..0242c6d --- /dev/null +++ b/release-utils/firefox-release.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e +cd "$(dirname "$0")" + +PKGDIR=../pkg + +# To make an Privacy Badger firefox release, signed with an offline key + +# 1. get the repo into a sane state for a release +# 2. ensure that doc/Changelog approximately describes this release +# 3. tag the release with "git tag -s <release version number>" +# 4. run this script with <release version number> as the argument + + +if [ $# -ne 1 ] ; then + echo "Usage: $0 <version to release>" + exit 1 +fi +TARGET=$1 + + +if ! git show release-"$TARGET" > /dev/null 2> /dev/null ; then + echo "$TARGET is not a valid git target" + exit 1 +fi + +PKG=$PKGDIR/privacy-badger-eff-$TARGET.xpi +ALT=$PKGDIR/privacy-badger-eff-latest.xpi + +if ! ./make-signed-xpi.sh "$TARGET" ; then + echo "Failed to build target $TARGET XPI" + exit 1 +fi + +if ! [ -f "$PKG" ] ; then + echo "Failed to find package $PKG after build" + exit 1 +fi + +# XXX: Why make a gpg detached sig? +echo "Making (secondary) GPG signature" +gpg --detach-sign "$PKG" + +cp "$PKG" "$ALT" diff --git a/release-utils/make-eff-zip.sh b/release-utils/make-eff-zip.sh new file mode 100755 index 0000000..e06be24 --- /dev/null +++ b/release-utils/make-eff-zip.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +# make a release zip of Privacy Badger for opera and firefox +# chrome releases happen in chromium-release.sh + +# this script takes a mandatory argument which is the git tag to build + +if [ -n "$1" ]; then + SUBDIR=checkout + [ -d $SUBDIR ] && rm -rf $SUBDIR + mkdir $SUBDIR + cp -r -f -a .git $SUBDIR + cd $SUBDIR + git reset --hard "$1" + + # clean up + # TODO duplicated in chromium-release.sh + rm -rf src/tests # remove unit tests + rm src/data/dnt-policy.txt # only used by unit tests + cp LICENSE src/ # include LICENSE in build + +else + echo "Please supply a tag name for the release you are zipping" + exit 1 +fi + + +echo "Building zip version" "$1" + +(cd src && zip -q -r ../privacy_badger-"$TARGET".zip .) +mv privacy_badger*.zip ../pkg/ +cd - diff --git a/release-utils/make-release-zip.sh b/release-utils/make-release-zip.sh new file mode 100755 index 0000000..8010b1f --- /dev/null +++ b/release-utils/make-release-zip.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +# We use the immutable filesystem attribute as a workaround for the fact that +# the build scripts are not currently idempotent. + +# The fact that the package is marked immutable means that it has been built +# for release. + +if ! lsattr "$PREPKG" | cut -f 1 -d" " | grep -q i ; then + + if [ -f "$PREPKG" ] ; then + echo "$PREPKG" is not immutable, rebuilding it for release! + else + echo building "$PREPKG" for the first time... + fi + + if ! release-utils/make-eff-zip.sh "$GITTAG" ; then + echo "Failed to build target $GITTAG" + exit 1 + fi + + if ! [ -f "$PREPKG" -a -f "$PREPKGCWS" ] ; then + echo "Failed to find package $PREPKG after build" + exit 1 + fi + + # Verification and testing of build goes here! + + echo Marking "$PREPKG" immutable... + if ! sudo true ; then + echo "Failed to sudo :(" + exit 1 + fi + if ! sudo chattr +i "$PREPKG" "$PREPKGCWS"; then + echo "" + echo "WARNING: FAILED TO MARK $PREPKG or $PREPKGCWS IMMUTABLE." + echo "DO NOT RERUN THIS SCRIPT AFTER SIGNING" + echo "" + read -p "(Press Enter to acknowledge)" + fi +else + echo "$PREPKG is immutable; good, not rebuilding it..." +fi diff --git a/release-utils/make-release.sh b/release-utils/make-release.sh new file mode 100755 index 0000000..4cda497 --- /dev/null +++ b/release-utils/make-release.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +# To make a privacy badger release see wiki + +if [ $# -ne 1 ] ; then + echo "Usage: $0 <version to release>" + exit 1 +fi +export TARGET=$1 +export GITTAG + +if ! [ -f ./release-utils/config.sh ] ; then + echo "Missing config file. Cannot continue." + exit 1 +fi +source ./release-utils/config.sh + + +if echo "$TARGET" | grep -q release- ; then + GITTAG=$TARGET + TARGET=$(echo "$TARGET" | sed s/release-//) +else + GITTAG=release-$TARGET +fi + +if ! git show "$GITTAG" > /dev/null 2> /dev/null ; then + echo "$GITTAG is not a valid git target" + exit 1 +fi + +export PREPKG=pkg/privacy_badger-$TARGET.zip +export PREPKGCWS=pkg/privacy_badger-$TARGET.zip + + +echo "Making Opera zip" +if ! release-utils/make-release-zip.sh "$TARGET"; then + echo "Failed to build target $TARGET for Opera" + exit 1 +fi + +echo "Making Firefox release" +if ! release-utils/firefox-release.sh "$TARGET"; then + echo "Failed to build target $TARGET for Firefox" + exit 1 +fi + + +./release-utils/post-release.sh "$TARGET" + +rm -rf checkout diff --git a/release-utils/make-signed-xpi.sh b/release-utils/make-signed-xpi.sh new file mode 100755 index 0000000..cf3fe73 --- /dev/null +++ b/release-utils/make-signed-xpi.sh @@ -0,0 +1,65 @@ +#!/bin/sh + +set -e + +cd "$(dirname "$0")" + +LATEST_SDK_VERSION=5.2.0 +WEB_EXT=../node_modules/.bin/web-ext + +# Auto-generated XPI name from 'web-ext sign' +PRE_XPI_NAME=privacy_badger_by_eff-$TARGET-an+fx.xpi +XPI_NAME="privacy-badger-eff-$1.xpi" +AMO_ZIP_NAME="privacy_badger-$1.amo.zip" + +if ! type $WEB_EXT > /dev/null; then + echo "Please install web-ext before running this script." + exit 1 +fi + +if ! $WEB_EXT --version | grep -q "$LATEST_SDK_VERSION"; then + echo "Please use the latest stable web-ext version or edit this script to the current version." + exit 1 +fi + +if [ $# -ne 1 ]; then + echo "Usage: $0 <version to release>" + exit 1 +fi + +echo "changing author value" +sed -i -e '/eff.software.projects@gmail.com/,+1d' -e 's/"author": {/"author": "privacybadger-owner@eff.org",/' ../checkout/src/manifest.json + +echo "removing Chrome's update_url" +# remove update_url +sed -i -e '/"update_url": "https:\/\/clients2.google.com\/service\/update2\/crx"/,+0d' ../checkout/src/manifest.json +# fix the trailing comma +# TODO fragile! at least we validate the JSON below +# https://unix.stackexchange.com/a/26288 +# https://unix.stackexchange.com/a/26290 +sed -i -e '/"storage": {/{ + n + n + s/},/}/ +}' ../checkout/src/manifest.json + +# lint the checkout folder +$WEB_EXT lint -s ../checkout/src + +echo "making zip file for AMO" + +(cd ../checkout/src && rm -f ../../pkg/"$AMO_ZIP_NAME" && zip -q -r ../../pkg/"$AMO_ZIP_NAME" ./*) + +echo "insert self hosting package id" +# Insert self hosted package id +sed -i 's,"id": "jid1-MnnxcxisBPnSXQ@jetpack","id": "jid1-MnnxcxisBPnSXQ-eff@jetpack"\,\n "update_url": "https://www.eff.org/files/privacy-badger-updates.json",' ../checkout/src/manifest.json + +# lint checkout again as our modification above could have broken something +# disable AMO-specific checks to allow applications.gecko.update_url +$WEB_EXT lint -s ../checkout/src --self-hosted + +#"update_url": "https://www.eff.org/files/privacy-badger-updates.json" +# Build and sign the XPI +echo "Running web-ext sign" +$WEB_EXT sign -s ../checkout/src --api-key "$AMO_API_KEY" --api-secret "$AMO_API_SECRET" -a ../pkg +mv "../pkg/$PRE_XPI_NAME" "../pkg/$XPI_NAME" diff --git a/release-utils/post-chrome-release.sh b/release-utils/post-chrome-release.sh new file mode 100755 index 0000000..a751ef7 --- /dev/null +++ b/release-utils/post-chrome-release.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +if ! [ -f ./release-utils/config.sh ] ; then + echo "Missing config file. Cannot continue." + exit 1 +fi +source ./release-utils/config.sh + +if [ $# -ne 1 ] ; then + echo "Usage: $0 <version to release>" + exit 1 +fi +TARGET=$1 +if ! git show release-"$TARGET" > /dev/null 2> /dev/null ; then + echo "$TARGET is not a valid git target" + exit 1 +fi + +PKGDIR=pkg +CHROME_PKG=$PKGDIR/privacy_badger-"$TARGET".crx +if ! [ -f "$CHROME_PKG" ] ; then + mv $PKGDIR/privacy-badger-"$TARGET".crx "$CHROME_PKG" +fi +CHROME_ALT=$PKGDIR/privacy_badger-chrome.crx +echo "Uploading chrome package" +cp "$CHROME_PKG" "$CHROME_ALT" +echo Copying .crx files... +scp "$CHROME_PKG" "$USER@$SERVER:/www/eff.org/files" || exit 1 +scp "$CHROME_ALT" "$USER@$SERVER:/www/eff.org/files" || exit 1 diff --git a/release-utils/post-release.sh b/release-utils/post-release.sh new file mode 100755 index 0000000..4bfe00e --- /dev/null +++ b/release-utils/post-release.sh @@ -0,0 +1,77 @@ +#!/bin/bash + +cd "$(dirname "$0")" +source ./config.sh +PKGDIR=../pkg +if [ $# -ne 1 ] ; then + echo "Usage: $0 <version to release>" + exit 1 +fi +TARGET=$1 +if ! git show release-"$TARGET" > /dev/null 2> /dev/null ; then + echo "$TARGET is not a valid git target" + exit 1 +fi +PKG="$PKGDIR"/privacy-badger-eff-$TARGET.xpi +ALT="$PKGDIR"/privacy-badger-eff-latest.xpi + +echo Copying .xpi files... +scp "$PKG" "$USER@$SERVER:/www/eff.org/files" || exit 1 +scp "$ALT" "$USER@$SERVER:/www/eff.org/files" || exit 1 +echo Copying detached signature +scp "$PKG".sig "$USER@$SERVER:/www/eff.org/files" || exit 1 +echo Copying Changelog.txt +git show release-"$TARGET":doc/Changelog > /tmp/pbchangelog$$ || exit 1 +scp /tmp/pbchangelog$$ "$USER@$SERVER:/www/eff.org/files/pbChangelog.txt" || exit 1 +rm -f /tmp/changelog$$ + +MSG=/tmp/email$$ + +echo "Privacy Badger $TARGET has been released for all supported browsers." > $MSG +echo "As always, you can get it from https://privacybadger.org/ or from your browser's add-on gallery." >> $MSG +echo "" >> $MSG +echo "Notable updates:" >> $MSG +echo "" >> $MSG +tail -n+5 ../doc/Changelog | sed '/^$/q' >> $MSG +echo "For further details, consult our release notes on GitHub:" >> $MSG +echo "https://github.com/EFForg/privacybadger/releases/tag/release-$TARGET" >> $MSG + +echo To send email to the mailing list... +echo mutt -s "Privacy\ Badger\ version\ $TARGET\ released" privacybadger@eff.org '<' $MSG +echo "Now please edit https://www.eff.org/files/privacy-badger-updates.json to include the following" +echo "" +echo "{" +echo " \"version\": \"$TARGET\"," +echo " \"update_link\": \"https://eff.org/files/privacy-badger-eff-$TARGET.xpi\"," +echo " \"update_hash\": \"sha256:$(sha256sum "$PKG" | cut -c 1-64)\"," +echo " \"applications\": {" +echo " \"gecko\": { \"strict_min_version\": \"52.0\" }" +echo " }" +echo "}" + +echo "" +echo "AMO release notes:" +echo "" +echo "<ul>" +tail -n+5 ../doc/Changelog | sed '/^$/q' | { + out="" + while IFS= read -r line; do + # changelog entries start with "*" + if [ "${line:0:1}" = "*" ]; then + # this is the first entry + if [ -z "$out" ]; then + out="<li>${line:2}" + else + out="$out</li>\n<li>${line:2}" + fi + # changelog entry continues + else + if [ -n "$line" ]; then + out="$out $line" + fi + fi + done + echo -e "$out</li>" +} +echo "</ul>" +echo "" |