xref: /curl/scripts/verify-release (revision ed285045) 
1#!/bin/sh
2
3#***************************************************************************
4#                                  _   _ ____  _
5#  Project                     ___| | | |  _ \| |
6#                             / __| | | | |_) | |
7#                            | (__| |_| |  _ <| |___
8#                             \___|\___/|_| \_\_____|
9#
10# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
11#
12# This software is licensed as described in the file COPYING, which
13# you should have received as part of this distribution. The terms
14# are also available at https://curl.se/docs/copyright.html.
15#
16# You may opt to use, copy, modify, merge, publish, distribute and/or sell
17# copies of the Software, and permit persons to whom the Software is
18# furnished to do so, under the terms of the COPYING file.
19#
20# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21# KIND, either express or implied.
22#
23# SPDX-License-Identifier: curl
24#
25###########################################################################
26
27# This script remakes a provided curl release and verifies that the newly
28# built version is identical to the original file.
29#
30# It is designed to be invoked in a clean directory with the path to the
31# release tarball as an argument.
32#
33
34set -eu
35
36tarball="${1:-}"
37
38if [ -z "$tarball" ]; then
39    echo "Provide a curl release tarball name as argument"
40    exit
41fi
42
43i="0"
44
45# shellcheck disable=SC2034
46for dl in curl-*; do
47    i=$((i + 1))
48done
49
50if test "$i" -gt 1; then
51    echo "multiple curl-* entries found, disambiguate please"
52    exit
53fi
54
55mkdir -p _tarballs
56rm -rf _tarballs/*
57
58# checksum the original tarball to compare with later
59sha256sum "$tarball" >_tarballs/checksum
60
61# extract the release contents
62tar xf "$tarball"
63
64curlver=$(grep '#define LIBCURL_VERSION ' curl-*/include/curl/curlver.h | sed 's/[^0-9.]//g')
65
66echo "version $curlver"
67
68timestamp=$(grep -Eo 'SOURCE_DATE_EPOCH=[0-9]*' curl-"$curlver"/docs/RELEASE-TOOLS.md | cut -d= -f2)
69
70pwd=$(pwd)
71cd "curl-$curlver"
72./configure --without-ssl --without-libpsl
73./scripts/dmaketgz "$curlver" "$timestamp"
74
75mv curl-"$curlver"* ../_tarballs/
76cd "$pwd"
77cd "_tarballs"
78
79# compare the new tarball against the original
80sha256sum -c checksum
81