Mercurial > kallithea
view scripts/make-release @ 7312:fa3365c94064 stable
repos: introduce low level check of clone URIs to prevent direct file system access to local repos
This is already checked in web form validation, but also check at low level to
make sure API access enforce the same invariants.
This issue was found and reported by
Kacper Szurek
https://security.szurek.pl/
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Mon, 07 May 2018 11:38:40 +0200 |
parents | f5b5749113aa |
children | b3289fef0daa 99cd328da2a1 |
line wrap: on
line source
#!/bin/bash set -e set -x cleanup() { echo "Removing venv $venv" rm -rf "$venv" } echo "Checking that you are NOT inside a virtualenv" [ -z "$VIRTUAL_ENV" ] venv=$(mktemp -d --tmpdir kallithea-release-XXXXX) trap cleanup EXIT echo "Setting up a fresh virtualenv in $venv" virtualenv -p python2 "$venv" . "$venv/bin/activate" echo "Install/verify tools needed for building and uploading stuff" pip install --upgrade -e . pip install --upgrade Sphinx Sphinx-PyPI-upload echo "Cleanup and update copyrights ... and clean checkout" scripts/whitespacecleanup.sh scripts/update-copyrights.py hg up -cr . echo "Make release build from clean checkout in build/" rm -rf build dist hg archive build cd build echo "Check MANIFEST.in" sed -e 's/[^ ]*[ ]*\([^ ]*\).*/\1/g' MANIFEST.in | grep -v '^node_modules/bootstrap\|^kallithea/public/css/style.css' | xargs ls -lad echo "Build dist" python2 setup.py compile_catalog python2 setup.py sdist echo "Verify VERSION from kallithea/__init__.py" namerel=$(cd dist && echo Kallithea-*.tar.gz) namerel=${namerel%.tar.gz} version=${namerel#Kallithea-} ls -l $(pwd)/dist/$namerel.tar.gz echo "Releasing Kallithea $version in directory $namerel" echo "Verify dist file content" ! tar tf dist/Kallithea-$version.tar.gz | grep "$namerel/node_modules/bootstrap/\$" echo "Verify docs build" python2 setup.py build_sphinx # not used yet ... but we want to make sure it builds cat - << EOT Now, make sure * all tests are passing * release note is ready * announcement is ready * source has been pushed to https://kallithea-scm.org/repos/kallithea EOT echo "Verify current revision is tagged for $version" hg log -r "'$version'&." | grep . echo -n "Enter \"pypi\" to upload Kallithea $version to pypi: " read answer [ "$answer" = "pypi" ] echo "Upload docs to pypi" # See https://wiki.python.org/moin/PyPiDocumentationHosting python2 setup.py build_sphinx upload_sphinx xdg-open https://pythonhosted.org/Kallithea/ xdg-open http://packages.python.org/Kallithea/installation.html echo "Rebuild readthedocs for docs.kallithea-scm.org" xdg-open https://readthedocs.org/projects/kallithea/ curl -X POST http://readthedocs.org/build/kallithea xdg-open https://readthedocs.org/builds/kallithea/ xdg-open http://docs.kallithea-scm.org/en/latest/ # or whatever the branch is extraargs=${EMAIL:+--identity=$EMAIL} python2 setup.py sdist upload --sign $extraargs xdg-open https://pypi.python.org/pypi/Kallithea