chore: import upstream snapshot with attribution
This commit is contained in:
Executable
+94
@@ -0,0 +1,94 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# Licensed to the Apache Software Foundation (ASF) under one
|
||||
# or more contributor license agreements. See the NOTICE file
|
||||
# distributed with this work for additional information
|
||||
# regarding copyright ownership. The ASF licenses this file
|
||||
# to you under the Apache License, Version 2.0 (the
|
||||
# "License"); you may not use this file except in compliance
|
||||
# with the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing,
|
||||
# software distributed under the License is distributed on an
|
||||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
# KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
|
||||
set -e
|
||||
|
||||
g_package_link=${1}
|
||||
g_package_keys=${2:-https://downloads.apache.org/brpc/KEYS}
|
||||
|
||||
g_valid_package_link=' '
|
||||
g_valid_package_name=' '
|
||||
g_valid_package_checksum=' '
|
||||
g_valid_package_sig=' '
|
||||
g_valid_package_content=' '
|
||||
g_valid_package_license=' '
|
||||
g_valid_package_binary=' '
|
||||
|
||||
summary() {
|
||||
cat <<EOF
|
||||
|
||||
- [${g_valid_package_link}] the links of the package are valid;
|
||||
- [${g_valid_package_checksum}] the checksum of the package is valid;
|
||||
- [${g_valid_package_sig}] the signature of the package is valid;
|
||||
- [${g_valid_package_content}] RELEASE_VERSION in the source code matches the current release;
|
||||
- [${g_valid_package_license}] LICENSE and NOTICE are not absent, note that we use CI based on Skywalking-eyes to check the license;
|
||||
- [${g_valid_package_binary}] no compiled archives bundled in the source archive.
|
||||
EOF
|
||||
}
|
||||
|
||||
|
||||
on_exit() {
|
||||
summary
|
||||
}
|
||||
|
||||
validate_package() {
|
||||
local ver=$(echo ${g_package_link%/} | rev | cut -d'/' -f1 | rev)
|
||||
local package_name="apache-brpc-${ver}-src.tar.gz"
|
||||
|
||||
for suffix in "" ".asc" ".sha512"; do
|
||||
wget --quiet -c "${g_package_link%/}/${package_name}${suffix}"
|
||||
done
|
||||
|
||||
g_valid_package_link='x'
|
||||
|
||||
sha512sum --status -c ${package_name}.sha512 \
|
||||
&& g_valid_package_checksum='x'
|
||||
|
||||
# Import keys published by the author,
|
||||
# and verify the package is signed by the author.
|
||||
# No need to trust the public keys.
|
||||
wget --quiet ${g_package_keys} -O - | gpg --import \
|
||||
&& gpg --verify ${package_name}.asc \
|
||||
&& g_valid_package_sig='x'
|
||||
|
||||
tar -xf ${package_name}
|
||||
|
||||
(
|
||||
pushd ${package_name%.tar.gz} > /dev/null 2>&1
|
||||
[[ -f RELEASE_VERSION ]] \
|
||||
&& [[ $(cat RELEASE_VERSION) = "${ver}" ]] \
|
||||
&& grep BRPC_VERSION CMakeLists.txt | grep -q ${ver}
|
||||
) && g_valid_package_content='x'
|
||||
|
||||
(
|
||||
pushd ${package_name%.tar.gz} > /dev/null 2>&1
|
||||
[[ -f LICENSE && -f NOTICE ]]
|
||||
) && g_valid_package_license='x'
|
||||
|
||||
local has_unexpected_binary=
|
||||
for i in $(find ${package_name%.tar.gz} -type f); do
|
||||
file ${i} | grep -v 'GIF\|JPEG\|PNG\|SVG\|PowerPoint\|Git\|JSON\|PEM\|empty\|text' && has_unexpected_binary=1
|
||||
done
|
||||
[[ -z "${has_unexpected_binary}" ]] && g_valid_package_binary='x'
|
||||
}
|
||||
|
||||
trap on_exit EXIT
|
||||
|
||||
validate_package
|
||||
Reference in New Issue
Block a user