summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2019-03-20 09:16:19 +0000
committerintrigeri <intrigeri@boum.org>2019-03-20 09:16:19 +0000
commit0c54ee9b47b712be340c7f41ad7423c54dd5a2a4 (patch)
tree47f078098bd58aaf0f058bdb01ffabe9883ae648
parent6bd1ca64d9e895dfd0e71b733f7f1ba4051fab7d (diff)
Directly verify what we mean to (refs: #12629)
When I automated this step, I was confused due to the problem I've fixed in the previous commit, so I wrote code that checks the published products against the IDF, while here we want to check the locally built products against the IDF. Granted, here again, this was valid *transitively*, because of the implicit (and so far correct) assumption that, at this point, we've already verified that what we have built matches SHA512SUMS.txt, and that the published products match SHA512SUMS.txt too, so both sets of products are equivalent at this point. Still, for the same reason as in the previous commit, let's simplify and directly do the check we want.
-rw-r--r--wiki/src/contribute/release_process/test/reproducibility.mdwn12
1 files changed, 6 insertions, 6 deletions
diff --git a/wiki/src/contribute/release_process/test/reproducibility.mdwn b/wiki/src/contribute/release_process/test/reproducibility.mdwn
index 8e37be6..ad4a9f5 100644
--- a/wiki/src/contribute/release_process/test/reproducibility.mdwn
+++ b/wiki/src/contribute/release_process/test/reproducibility.mdwn
@@ -217,7 +217,7 @@ Then check that the hashes and sizes match what you have built:
sudo apt install jq && \
for type in iso usb ; do
- published_dir="${PUBLISHED_ARTIFACTS:?}/tails-amd64-${VERSION:?}"
+ locally_built_dir="${ISOS:?}/tails-amd64-${VERSION:?}"
case "$type" in
iso)
ext=iso
@@ -226,17 +226,17 @@ Then check that the hashes and sizes match what you have built:
ext=img
;;
esac
- published_file="${published_dir}/tails-amd64-${VERSION:?}.$ext"
+ locally_built_file="${locally_built_dir}/tails-amd64-${VERSION:?}.$ext"
idf_size=$(cat latest.json | jq ".installations[0].\"installation-paths\" | map(select(.type == \"$ext\"))[0].\"target-files\"[0].size")
- published_size=$(stat --format='%s' "$published_file")
- if [ "$idf_size" = "$published_size" ]; then
+ locally_built_size=$(stat --format='%s' "$locally_built_file")
+ if [ "$idf_size" = "$locally_built_size" ]; then
echo "OK: $type size matches"
else
echo "FAIL: $type size does not match"
fi
idf_sha256=$(cat latest.json | jq --raw-output ".installations[0].\"installation-paths\" | map(select(.type == \"$ext\"))[0].\"target-files\"[0].sha256")
- published_sha256=$(sha256sum "$published_file" | cut -f 1 -d ' ' | tr -d '\n')
- if [ "$idf_sha256" = "$published_sha256" ]; then
+ locally_built_sha256=$(sha256sum "$locally_built_file" | cut -f 1 -d ' ' | tr -d '\n')
+ if [ "$idf_sha256" = "$locally_built_sha256" ]; then
echo "OK: $type sha256 matches"
else
echo "FAIL: $type sha256 does not match"