From d4e451a80a11b09c4ab8eb39a98da3b57daf8ea8 Mon Sep 17 00:00:00 2001
From: Jakob Borg <jakob@nym.se>
Date: Wed, 11 May 2016 15:21:52 +0200
Subject: [PATCH] Initial

---
 example-vars        |  8 ++++++
 sign-upload-debian  | 42 +++++++++++++++++++++++++++++
 sign-upload-release | 64 +++++++++++++++++++++++++++++++++++++++++++++
 upload-inotify      | 39 +++++++++++++++++++++++++++
 4 files changed, 153 insertions(+)
 create mode 100644 example-vars
 create mode 100755 sign-upload-debian
 create mode 100755 sign-upload-release
 create mode 100755 upload-inotify

diff --git a/example-vars b/example-vars
new file mode 100644
index 0000000..bf710cf
--- /dev/null
+++ b/example-vars
@@ -0,0 +1,8 @@
+# rsync destination for APT archive
+export RELEASE_ROOT="user@server:/path"
+# location of Syncthing secret EC key
+export PRIVATE_KEY="~/secret/key.priv"
+# GitHub token for uploads
+export GITHUB_TOKEN="abcdef0123456789abcdef0123456789abcdef01"
+# "rsh" command for rsync
+export RSYNC_RSH_CMD="ssh -p 2443"
\ No newline at end of file
diff --git a/sign-upload-debian b/sign-upload-debian
new file mode 100755
index 0000000..abfa878
--- /dev/null
+++ b/sign-upload-debian
@@ -0,0 +1,42 @@
+#!/bin/bash
+set -euo pipefail
+
+export TMPDIR=/var/tmp
+workdir=$(mktemp -d)
+echo Working dir is "$workdir"
+pushd "$workdir" >/dev/null
+
+echo Downloading release
+dlbuild -match '\.deb' http://build.syncthing.net/job/syncthing-release-debian/lastSuccessfulBuild
+
+ver=(syncthing_*_amd64.deb)
+ver="${ver#syncthing_}"
+ver="${ver%_amd64.deb}"
+echo Release version $ver
+
+for arch in amd64 armel armhf i386 ; do
+	mv "syncthing_${ver}_${arch}.deb" "$HOME/apt-dists/dists/syncthing/release/binary-$arch"
+done
+
+popd >/dev/null
+rm -r "$workdir"
+
+pushd "$HOME/apt-dists" >/dev/null
+
+echo Cleaning out old releases
+find dists/syncthing/release -name syncthing_\*.deb -mtime +30 -delete
+
+echo Generating and signing package archives
+for f in dists/syncthing/release/binary-* ; do
+	apt-ftparchive packages "$f" > "$f/Packages.new"
+	mv "$f/Packages.new"  "$f/Packages"
+	gzip -c "$f/Packages" > "$f/Packages.gz"
+done
+
+apt-ftparchive -c Releases.conf release dists/syncthing | gpg --clearsign > dists/syncthing/InRelease
+apt-ftparchive -c Releases.conf release dists/syncthing > dists/syncthing/Release
+gpg --detach-sign --yes -a -o dists/syncthing/Release.gpg dists/syncthing/Release
+
+echo Uploading new distribution
+rsync -va --delete --rsh="$RSYNC_RSH_CMD" dists/ "$RELEASE_ROOT/dists/"
+
diff --git a/sign-upload-release b/sign-upload-release
new file mode 100755
index 0000000..e92e629
--- /dev/null
+++ b/sign-upload-release
@@ -0,0 +1,64 @@
+#!/bin/bash
+set -euo pipefail
+
+export TMPDIR=/var/tmp
+workdir=$(mktemp -d)
+echo Working dir is "$workdir"
+pushd "$workdir"
+
+dlbuild -match '\.tar\.gz|\.zip' http://build.syncthing.net/job/syncthing-release/lastSuccessfulBuild
+dlbuild -match '\.tar\.gz|\.zip' http://build.syncthing.net/job/syncthing-release-windows/lastSuccessfulBuild
+dlbuild -match '\.tar\.gz|\.zip' http://build.syncthing.net/job/syncthing-release-mac/lastSuccessfulBuild
+ver=(syncthing-linux-amd64-*.tar.gz)
+ver="${ver#syncthing-linux-amd64-}"
+ver="${ver%.tar.gz}"
+echo Release version $ver
+
+for f in *.tar.gz; do
+	base="${f%.tar.gz}"
+	tar zxf "$f"
+	if [ -f "$base/syncthing" ] ; then
+		echo Signing "$base"
+		mkdir "$base/.metadata"
+		stsigtool sign "$PRIVATE_KEY" "$base/syncthing" > "$base/syncthing.sig"
+		( echo "$f"; cat "$base/syncthing" ) | stsigtool sign "$PRIVATE_KEY" > "$base/.metadata/release.sig"
+		tar zcf "$f" "$base"
+		rm -rf "$base"
+		rm -rf syncthing
+	fi
+done
+
+for f in *.zip; do
+	base="${f%.zip}"
+	unzip -q "$f"
+	if [ -f "$base/syncthing.exe" ] ; then
+		echo Signing "$base"
+		mkdir "$base/metadata"
+		stsigtool sign "$PRIVATE_KEY" "$base/syncthing.exe" > "$base/syncthing.exe.sig"
+		( echo "$f"; cat "$base/syncthing.exe" ) | stsigtool sign "$PRIVATE_KEY" > "$base/metadata/release.sig"
+		rm -f "$f"
+		zip -q -r "$f" "$base"
+		rm -rf "$base"
+	fi
+done
+
+files=(*.tar.gz *.zip)
+
+sha1sum "${files[@]}" | gpg --clearsign >sha1sum.txt.asc
+sha256sum "${files[@]}" | gpg --clearsign >sha256sum.txt.asc
+
+for f in sha1sum.txt.asc sha256sum.txt.asc  "${files[@]}" ; do
+	relup syncthing/syncthing "$ver" "$f"
+done
+
+
+echo
+echo If everything went well, hit enter to delete temporary files.
+echo If there were upload errors, hit ^C, go to "$workdir"
+echo "and retry upload by \"relup syncthing/syncthing "$ver" <filename>\"."
+echo It may be necessary to manually delete the broken upload from Github.
+read
+
+popd
+rm -rf "$workdir"
+
diff --git a/upload-inotify b/upload-inotify
new file mode 100755
index 0000000..7d3e7d1
--- /dev/null
+++ b/upload-inotify
@@ -0,0 +1,39 @@
+#!/bin/bash
+set -euo pipefail
+
+export TMPDIR=/var/tmp
+workdir=$(mktemp -d)
+echo Working dir is "$workdir"
+pushd "$workdir" >/dev/null
+
+echo Downloading release
+dlbuild -match '\.deb' http://build.syncthing.net/job/syncthing-inotify-debian/lastSuccessfulBuild
+
+ver=(syncthing-inotify_*_amd64.deb)
+ver="${ver#syncthing-inotify_}"
+ver="${ver%_amd64.deb}"
+echo Release version $ver
+
+for arch in amd64 armel armhf i386 ; do
+	mv "syncthing-inotify_${ver}_${arch}.deb" "$HOME/apt-dists/dists/syncthing/release/binary-$arch"
+done
+
+popd >/dev/null
+rm -r "$workdir"
+
+pushd "$HOME/apt-dists" >/dev/null
+
+echo Generating and signing package archives
+for f in dists/syncthing/release/binary-* ; do
+	apt-ftparchive packages "$f" > "$f/Packages.new"
+	mv "$f/Packages.new"  "$f/Packages"
+	gzip -c "$f/Packages" > "$f/Packages.gz"
+done
+
+apt-ftparchive -c Releases.conf release dists/syncthing | gpg --clearsign > dists/syncthing/InRelease
+apt-ftparchive -c Releases.conf release dists/syncthing > dists/syncthing/Release
+gpg --detach-sign --yes -a -o dists/syncthing/Release.gpg dists/syncthing/Release
+
+echo Uploading new distribution
+rsync -va --delete --rsh="$RSYNC_RSH_CMD" dists/ "$RELEASE_ROOT" /dists/
+