blob: 0183bffb41483e1b65453944573bc78abfc7be37 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
#!/usr/bin/env bash
set -eu
shopt -s nullglob
CODE_SIGNING_KEY_FINGERPRINT="A1198702FC3E0A09A9AE5B75D5A1D4F266DE8DDF"
UPLOAD_SERVER="releases.mullvad.net"
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
UPLOAD_DIR="$SCRIPT_DIR/upload"
cd "$UPLOAD_DIR"
function rsync_upload {
local file=$1
local upload_dir=$2
rsync -av --mkpath --rsh='ssh -p 1122' "$file" "build@$UPLOAD_SERVER:$upload_dir/"
}
while true; do
sleep 10
for checksums_path in *.sha256; do
sleep 1
# Strip everything from the last "+" in the file name to only keep the version and tag (if
# present).
version="${checksums_path%+*}"
if ! sha256sum --quiet -c "$checksums_path"; then
echo "Failed to verify checksums for $version"
continue
fi
if [[ $version == *"-dev-"* ]]; then
upload_path="builds"
else
upload_path="releases"
fi
files=$(awk '{print $2}' < "$checksums_path")
for file in $files; do
file_upload_dir="$upload_path/$version"
if [[ ! $file == MullvadVPN-* ]]; then
file_upload_dir="$file_upload_dir/additional-files"
fi
rsync_upload "$file" "$file_upload_dir/" || continue
if [[ $file == MullvadVPN-* ]]; then
rm -f "$file.asc"
gpg -u $CODE_SIGNING_KEY_FINGERPRINT --pinentry-mode loopback --sign --armor --detach-sign "$file"
rsync_upload "$file.asc" "$file_upload_dir/" || continue
rm -f "$file.asc"
fi
# shellcheck disable=SC2216
yes | rm "$file"
done
# shellcheck disable=SC2216
yes | rm "$checksums_path"
done
done
|