feat: use dashcore-binaries.thepasta.org as keybase.pub is defunct and validate all .asc files #5820
Conversation
contrib/verifybinaries/verify.sh
Outdated
| @@ -25,7 +25,7 @@ TMPFILE="hashes.tmp" | |||
| SIGNATUREFILENAME="SHA256SUMS.asc" | |||
| RCSUBDIR="test" | |||
| HOST1="https://github.com/dashpay/dash/releases/download/v" | |||
| HOST2="https://pasta.keybase.pub/Dash-Core-Releases/" | |||
| HOST2="https://dashcore-binaries.thepasta.org/file/dashcore-binaries/" | |||
There was a problem hiding this comment.
Dash.org doesn't host any binaries at this point at least
There was a problem hiding this comment.
we can setup releasing process to upload this binaries before official release but not somedays later as now
There was a problem hiding this comment.
Huh? dash.org/downloads simply links to the GitHub artifacts
|
Guix Automation has began to build this PR tagged as v20.1.0-devpr5820.f3cdbbea. A new comment will be made when the image is pushed. |
PastaPastaPasta
force-pushed
the
feat-verify-binaries
branch
from
f3cdbbe to
a07ba07
Compare
|
Guix Automation has began to build this PR tagged as v20.1.0-devpr5820.a07ba071. A new comment will be made when the image is pushed. |
PastaPastaPasta
force-pushed
the
feat-verify-binaries
branch
from
a07ba07 to
4c5f651
Compare
There was a problem hiding this comment.
First at all, bitcoin migrated this script from bash to python.
So, before adopt this script and writing any new code, let's migrate to python.
I backported here these changes (but not new code):
Secondly, I got this error when I am running script from this branch:
$ contrib/verifybinaries/verify.sh 20.0.3
pasta.keybase.pub and github.com signature files were not equal?
but for version 20.0.4 - work, 20.0.2 - works, 20.0.3 - doesn't.
Is there any bug? need to fix and test it for all reasonable many version (at least up to v19 IMO)
thirdly, Need to dashify contrib/verifybinaries/README.md - that's still not dashyfied by some reason... maybe out of scope of this PR, but if you want to mention this script in any release announcement or something like that - that should be dashified before.
Fourthly, Need to dashify path for tmp binaries also: /tmp/bitcoin_verify_binaries/ is currently - I fixed in my branch with backport (see commits)
And finally, I insist that it should be not your personal website; we have a nice candy domain dash.org and we need to utilize it!
|
NACK to this review
I don't really think it's really valuable to migrate this to python; if you'd like to re-implement the changes from this PR as well, then I guess we can move it to python. I don't really want to reimplement my changes
I am hosting binaries back to 18.0.0 here. I have binaries back to 0.16.0.0 on my key base that I could move over to dashcore-binaries.thepasta.org. try running it again. Locally I've seen it fail randomly with this see
Won't be mentioned anywhere; just for me really
Feel free to make a new PR with this; this is a nit imo.
Sure; but I don't control dash.org, so it would take a lot more effort to get that setup. I don't object to there being a "binaries.dash.org" but I can't really control that. Latte is looking into a potential s3 bucket or something like that that mirrors, but I see no reason why this should block. Previously it pointed to pasta.keybase.pub, now it points to dashcore-binaries.thepasta.org since keybase.pub doesn't exist. Also, this isn't REALLY meant to be for public consumption; the purpose of dashcore-binaries.thepasta.org is simply that it's a place I can store binaries but it's not taking up ~50 gigs on my local machine. |
…fy.sh with python rewrite c86b9a6 contrib: remove verify.sh (Sebastian Falbesoner) c84838e contrib: binary verification script verify.sh rewritten in python (Sebastian Falbesoner) Pull request description: The rationale for the PR is the same as for bitcoin#18132: > Most of our test scripts are written in python. We don't have enough reviewers for bash scripts and they tend to be clumsy anyway. Especially when it comes to argument parsing. Note that there are still a lot of things that could be improved in this replacement (e.g. using regexps for version string parsing, adding type annotations, dividing up into more functions, getting a pylint score closer to 10, etc.), but I found the original shell script quite hard to read, so it's possibly still a good first step for an improvement. ~Not sure though if it's worth the reviewers time, and if it's even continued to be used long-term (maybe there are plans to merge it with `get_previous_releases.py`, which partly does the same?), so chasing for Concept ACKs right now.~ ACKs for top commit: laanwj: Tested and code review ACK c86b9a6 Tree-SHA512: f7949eead4ef7e5913fe273923ae5c5299408db485146cf996cdf6f8ad8c0ee4f4b30bb6b08a5964000d97b2ae2e7a1bdc88d11c613c16d2d135d80b444e3b16
fbbb2d4 lint: Fix spelling errors in comments (fyquah) Pull request description: Found some spelling errors while running spelling linter bitcoin#21245 This PR fixes them. ACKs for top commit: fanquake: ACK fbbb2d4 - I thought we just fixed all of these. Tree-SHA512: 95525040001f94e899b778c616cb66ebafb679dff88835b66fccf6349d8eb942d6b7374c536a44e393f13156bce9a32ed57e6a82bb02074d2b3cddb2696addb2
Due to keybase.pub is defunct
There was a problem hiding this comment.
Won't be mentioned anywhere; just for me really
so far as it is true, most of my comments are not relevant then and migration to dash.org is out-of-scope of this PR.
Please, check my branch that does backports and re-implement your code:
I don't really think it's really valuable to migrate this to python;
There's very few people who is able to write a good code on bash and I am not one of them to be able to review it properly, yet see comments.
Beside that, the failures are difficult to debug, they have no backtrace, etc.
Just look to this random failure (from your own comment):
> $ contrib/verifybinaries/verify.sh 18.0.2
stat: illegal option -- c
usage: stat [-FLnq] [-f format | -l | -r | -s | -x] [-t timefmt] [file ...]
contrib/verifybinaries/verify.sh: line 138: [: -eq: unary operator expected
Downloading dashcore-18.0.2-aarch64-linux-gnu.tar.gz
why does it continue running and downloads dashcore-18.0.2-aarch64-linux-gnu.tar.gz if that's something failed?
contrib/verifybinaries/verify.sh
Outdated
|
|
||
| echo "gpg output:" | ||
| # shellcheck disable=SC2001 | ||
| echo "$GPGOUT"|sed 's/^/\t/g' |
There was a problem hiding this comment.
bitcoin steady is ridding of sed over codebase while here it is introduced
contrib/verifybinaries/verify.sh
Outdated
| @@ -149,6 +149,26 @@ for file in $FILES | |||
| do | |||
| echo "Downloading $file" | |||
| wget --quiet -N "$HOST1$BASEDIR$file" | |||
| wget --quiet -N "$HOST1$BASEDIR$file.asc" | |||
|
|
|||
| GPGOUT=$(gpg --verify "$file.asc" 2>&1) | |||
There was a problem hiding this comment.
missing quotes around $()
| GPGOUT=$(gpg --verify "$file.asc" 2>&1) | |
| GPGOUT="$(gpg --verify "$file.asc" 2>&1)" |
contrib/verifybinaries/verify.sh
Outdated
| echo "gpg output:" | ||
| # shellcheck disable=SC2001 | ||
| echo "$GPGOUT"|sed 's/^/\t/g' | ||
| clean_up $SIGNATUREFILENAME $SIGNATUREFILENAME.2 $TMPFILE |
There was a problem hiding this comment.
missing quotes over $SIGNATUREFILENAME, $TMPFILE
if the file name will have space once or something other you maybe very surprised with a result
contrib/verifybinaries/verify.sh
Outdated
| @@ -149,6 +149,26 @@ for file in $FILES | |||
| do | |||
| echo "Downloading $file" | |||
| wget --quiet -N "$HOST1$BASEDIR$file" | |||
| wget --quiet -N "$HOST1$BASEDIR$file.asc" | |||
There was a problem hiding this comment.
there's no check for wget result - if it would fail in the middle file instead failure here you will get a failure in gpg command
PastaPastaPasta
force-pushed
the
feat-verify-binaries
branch
from
d6e3e6c to
f7db372
Compare
|
New python version looks good! |
Issue being fixed or feature implemented
keybase.pub isn't a thing anymore; instead use thepasta.org; also validate all .asc files
What was done?
How Has This Been Tested?
Validated 20.0.4, 20.0.3 and 20.0.2 with the script
Breaking Changes
Checklist:
Go over all the following points, and put an
xin all the boxes that apply.