From 663a89cfed5e924e79a7a4cb7f64d4c3181cc11d Mon Sep 17 00:00:00 2001 From: fanquake Date: Sun, 9 Apr 2023 12:38:22 +0200 Subject: [PATCH 1/3] contrib: move verify scripts to verify-binaries --- .../README.md | 18 +++++++++--------- .../test.py | 2 +- .../verify.py | 0 3 files changed, 10 insertions(+), 10 deletions(-) rename contrib/{verifybinaries => verify-binaries}/README.md (85%) rename contrib/{verifybinaries => verify-binaries}/test.py (98%) rename contrib/{verifybinaries => verify-binaries}/verify.py (100%) diff --git a/contrib/verifybinaries/README.md b/contrib/verify-binaries/README.md similarity index 85% rename from contrib/verifybinaries/README.md rename to contrib/verify-binaries/README.md index 19cc34d1da1..b29891bf07c 100644 --- a/contrib/verifybinaries/README.md +++ b/contrib/verify-binaries/README.md @@ -42,20 +42,20 @@ See the `Config` object for various options. Validate releases with default settings: ```sh -./contrib/verifybinaries/verify.py pub 22.0 -./contrib/verifybinaries/verify.py pub 22.0-rc2 +./contrib/verify-binaries/verify.py pub 22.0 +./contrib/verify-binaries/verify.py pub 22.0-rc2 ``` Get JSON output and don't prompt for user input (no auto key import): ```sh -./contrib/verifybinaries/verify.py --json pub 22.0-x86 +./contrib/verify-binaries/verify.py --json pub 22.0-x86 ``` Rely only on local GPG state and manually specified keys, while requiring a threshold of at least 10 trusted signatures: ```sh -./contrib/verifybinaries/verify.py \ +./contrib/verify-binaries/verify.py \ --trusted-keys 74E2DEF5D77260B98BC19438099BAD163C70FBFA,9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C \ --min-good-sigs 10 pub 22.0-x86 ``` @@ -63,26 +63,26 @@ threshold of at least 10 trusted signatures: If you only want to download the binaries of certain platform, add the corresponding suffix, e.g.: ```sh -./contrib/verifybinaries/verify.py pub 22.0-osx -./contrib/verifybinaries/verify.py pub 22.0-rc2-win64 +./contrib/verify-binaries/verify.py pub 22.0-osx +./contrib/verify-binaries/verify.py pub 22.0-rc2-win64 ``` If you do not want to keep the downloaded binaries, specify the cleanup option. ```sh -./contrib/verifybinaries/verify.py pub --cleanup 22.0 +./contrib/verify-binaries/verify.py pub --cleanup 22.0 ``` Use the bin subcommand to verify all files listed in a local checksum file ```sh -./contrib/verifybinaries/verify.py bin SHA256SUMS +./contrib/verify-binaries/verify.py bin SHA256SUMS ``` Verify only a subset of the files listed in a local checksum file ```sh -./contrib/verifybinaries/verify.py bin ~/Downloads/SHA256SUMS \ +./contrib/verify-binaries/verify.py bin ~/Downloads/SHA256SUMS \ ~/Downloads/bitcoin-24.0.1-x86_64-linux-gnu.tar.gz \ ~/Downloads/bitcoin-24.0.1-arm-linux-gnueabihf.tar.gz ``` diff --git a/contrib/verifybinaries/test.py b/contrib/verify-binaries/test.py similarity index 98% rename from contrib/verifybinaries/test.py rename to contrib/verify-binaries/test.py index 18047e4ebf1..b7988b86ef9 100755 --- a/contrib/verifybinaries/test.py +++ b/contrib/verify-binaries/test.py @@ -31,7 +31,7 @@ def main(): def run_verify(global_args: str, command: str, command_args: str) -> subprocess.CompletedProcess: maybe_here = Path.cwd() / 'verify.py' - path = maybe_here if maybe_here.exists() else Path.cwd() / 'contrib' / 'verifybinaries' / 'verify.py' + path = maybe_here if maybe_here.exists() else Path.cwd() / 'contrib' / 'verify-binaries' / 'verify.py' if command == "pub": command += " --cleanup" diff --git a/contrib/verifybinaries/verify.py b/contrib/verify-binaries/verify.py similarity index 100% rename from contrib/verifybinaries/verify.py rename to contrib/verify-binaries/verify.py From e2e5683afe1bd286e247288abec033ca467932bd Mon Sep 17 00:00:00 2001 From: fanquake Date: Sun, 9 Apr 2023 12:33:41 +0200 Subject: [PATCH 2/3] contrib: fixup verifybinaries example docs Followup to #27358, fixing up the example command docs. --- contrib/verify-binaries/README.md | 6 +++--- contrib/verify-binaries/verify.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/verify-binaries/README.md b/contrib/verify-binaries/README.md index b29891bf07c..d1157f7c029 100644 --- a/contrib/verify-binaries/README.md +++ b/contrib/verify-binaries/README.md @@ -43,7 +43,7 @@ See the `Config` object for various options. Validate releases with default settings: ```sh ./contrib/verify-binaries/verify.py pub 22.0 -./contrib/verify-binaries/verify.py pub 22.0-rc2 +./contrib/verify-binaries/verify.py pub 22.0-rc3 ``` Get JSON output and don't prompt for user input (no auto key import): @@ -63,8 +63,8 @@ threshold of at least 10 trusted signatures: If you only want to download the binaries of certain platform, add the corresponding suffix, e.g.: ```sh -./contrib/verify-binaries/verify.py pub 22.0-osx -./contrib/verify-binaries/verify.py pub 22.0-rc2-win64 +./contrib/verify-binaries/verify.py pub 24.0.1-darwin +./contrib/verify-binaries/verify.py pub 23.1-rc1-win64 ``` If you do not want to keep the downloaded binaries, specify the cleanup option. diff --git a/contrib/verify-binaries/verify.py b/contrib/verify-binaries/verify.py index aeab8ebacbe..1160494aa10 100755 --- a/contrib/verify-binaries/verify.py +++ b/contrib/verify-binaries/verify.py @@ -97,7 +97,7 @@ def bool_from_env(key, default=False) -> bool: VERSION_FORMAT = ".[.][-rc[0-9]][-platform]" -VERSION_EXAMPLE = "22.0-x86_64 or 0.21.0-rc2-osx" +VERSION_EXAMPLE = "22.0-x86_64 or 23.1-rc1-darwin" def parse_version_string(version_str): parts = version_str.split('-') From ad841608d4edf6151b60e483793f60ba9f03cdbf Mon Sep 17 00:00:00 2001 From: fanquake Date: Sun, 9 Apr 2023 12:42:31 +0200 Subject: [PATCH 3/3] contrib: minor doc improvements in verify-binaries --- contrib/verify-binaries/README.md | 2 +- contrib/verify-binaries/test.py | 2 +- contrib/verify-binaries/verify.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/verify-binaries/README.md b/contrib/verify-binaries/README.md index d1157f7c029..c62d760e1a7 100644 --- a/contrib/verify-binaries/README.md +++ b/contrib/verify-binaries/README.md @@ -60,7 +60,7 @@ threshold of at least 10 trusted signatures: --min-good-sigs 10 pub 22.0-x86 ``` -If you only want to download the binaries of certain platform, add the corresponding suffix, e.g.: +If you only want to download the binaries for a certain platform, add the corresponding suffix, e.g.: ```sh ./contrib/verify-binaries/verify.py pub 24.0.1-darwin diff --git a/contrib/verify-binaries/test.py b/contrib/verify-binaries/test.py index b7988b86ef9..22d718ece33 100755 --- a/contrib/verify-binaries/test.py +++ b/contrib/verify-binaries/test.py @@ -12,7 +12,7 @@ def main(): expect_code(run_verify("", "pub", '0.32.awefa.12f9h'), 11, "Malformed version should fail") expect_code(run_verify('--min-good-sigs 20', "pub", "22.0"), 9, "--min-good-sigs 20 should fail") - print("- testing multisig verification (22.0)", flush=True) + print("- testing verification (22.0)", flush=True) _220 = run_verify("--json", "pub", "22.0") try: result = json.loads(_220.stdout.decode()) diff --git a/contrib/verify-binaries/verify.py b/contrib/verify-binaries/verify.py index 1160494aa10..d0749f503f8 100755 --- a/contrib/verify-binaries/verify.py +++ b/contrib/verify-binaries/verify.py @@ -530,7 +530,7 @@ def verify_published_handler(args: argparse.Namespace) -> ReturnCode: # download binaries for _, binary_filename in hashes_to_verify: - log.info(f"downloading {binary_filename}") + log.info(f"downloading {binary_filename} to {WORKINGDIR}") success, output = download_with_wget( HOST1 + remote_dir + binary_filename, binary_filename)