Updated release scripts, added README.txt

release_scripts/README.txt

@@ -0,0 +1,108 @@
+Build & Release Process for Armory
+
+This directory contains a variety of scripts that will be used to compile,
+bundle, sign, and upload new releases of Armory.  There are three scripts
+because it is assumed that the signing keys are offline, requiring something
+similar to an offline transaction:  create everything online, take offline
+for signing, take online again to broadcast (upload to Amazon S3).
+
+
+The following is assumed to have been done already before starting this 
+process:
+
+-- Local & remote machines and VMs have compiled & bundled installers
+-- fetchlist.txt contains location data for each installer, specified by
+   cp and scp commands
+-- Each remote system has our public key in its authorized_keys file
+-- Offline computer has GPG key & Armory wallet spec'd at top of Step2 script
+-- All announce files are updated (except for dllinks which will be updated
+   by the script itself once files are signed and hashes are known)
+-- The Step2 script contains an accurate list of everything file/installer
+-- The computer running Step3 has write-access to the git repo, and a 
+   configuration file with API key for uploading results to Amazon S3
+-- Directories on the offline computer containing dependencies for each 
+   OS-specific offline-bundle
+-- Already have an installed version of Armory offline in the /usr/lib/armory
+   directory, to be used for creating signature blocks
+
+
+The result of this process will be:
+
+- Signed git tag that can be pushed to the repo
+- All .deb installers will be signed using dpkg-sig
+- Offline bundles using the signed deb files
+- GPG-signed hashes file including all regular installers and offline bundles
+- Append URLs and hashes to dllinks.txt
+- New announce.txt file that contains URLs and hashes of all notify files
+  signed by offline BITCOIN private key
+- Full list of URLs of uploaded installers & bundles in HTML and forum
+  markdown, for easy updating of website and forum posts
+
+
+-----
+Step1 Script:
+
+Fetch all the installers, and do a fresh checkout of the 
+repo. It should also include updates to the announcement files
+After that, put everything into a single directory that 
+can be copied to a USB key to be taken to the offline computer.
+
+   Directory tree to be transferred to offlie computer:
+
+      unsigned/BitcoinArmory       (clone of repo)
+      unsigned/release_scripts     (copy of release_scripts dir from repo)
+      unsigned/installers          (all non-offline-bundle packages)
+      unsigned/announceFiles       (all unsigned announcement files)
+
+Note the release_scripts dir is copied because we likely made modifications
+to it to support the current release, and it wouldn't be in the cloned repo
+yet.  After the release is successful, we commit the updated scripts as the
+basis for the next release.  
+
+
+-----
+Step2 Script:
+
+This script will be executed from the release_scripts directory above --
+we will copy the directory to the offline computer, then cd into
+the unsigned/release_scripts dir, then [modify if necessary and] run the 
+Step2 script from there.  It does not depend on the cloned repo -- it adds
+/usr/lib/armory to its python path, to use the currently installed version
+of Armory for any non-generic-python operations.
+
+When it's done, it should create a similar directory tree to take back
+to the online computer:
+
+      signed/BitcoinArmory      (now with signed git tag v0.XX-beta)
+      signed/installers         (debs signed, bundles added, signed hash file)
+      signed/announceFiles      (dllinks.txt updated, announce.txt created)
+
+
+
+-----
+Step 3 Script:
+
+Will expect to find the three directories above with signed data.  It will
+actually execute verification of all signatures, though you will have to
+manually verify the output before continuing.  After that, it will attempt
+to upload everything.
+
+It expects to find the .s3cmd configuration file, already setup with your
+S3 API key to be able to upload files to the BitoinArmory-releases bucket.
+It will do the following:
+
+      -- Upload all installers and offline bundles to BitcoinArmory-releases 
+      -- Upload all announce files to BitcoinArmory-media bucket
+      -- Ask if you'd like to push the latest git tag (if this is a testing
+         version, you may not want to push the tag)
+
+
+
+
+
+
+
+
+
+
+

release_scripts/Step2_Offline_PackageSigning.py

@@ -6,9 +6,14 @@
 import os
 import time
 import shutil
+import getpass
 from subprocess import Popen, PIPE
 from release_utils import *
 
+from signannounce import signAnnounceFiles
+
+
+
 uploadlog = open('step2_log.txt', 'w')
 def logprint(s):
    print s
@@ -18,6 +23,7 @@ def logprint(s):
 ################################################################################
 # DEFAULTS FOR RUNNING THIS SCRIPT
 gpgKeyID  = 'FB596985'
+btcWltID  = '2xT8467b'
 builder   = 'Armory Technologies, Inc.'
 
 gitRepo   = './BitcoinArmory' 
@@ -48,13 +54,14 @@ def logprint(s):
 LinuxPkgs['Ubuntu 12.04-64bit'] = ['_12.04-64bit.deb', ['Ubuntu', 'Debian'], ['12.04+'],  64]
 LinuxPkgs['Ubuntu 12.04-32bit'] = ['_12.04-32bit.deb', ['Ubuntu', 'Debian'], ['12.04+'],  32]
 LinuxPkgs['Raspberry Pi']       = ['_raspbian.tar.gz', ['Raspbian'],         ['Rpi'],     32]
-#LinuxPkgs['Tails 64bit']        = ['tails64.deb',      ['TailsOS'],          ['0.22.1'], 64]
 
 # [BundleName] = [PkgName, DependenciesDir, Suffix]
 OfflineBundles = {}
 OfflineBundles['UbuntuBundle 12.04-64bit'] = ['Ubuntu 12.04-64bit', 'ubuntu_12.04-64_all_deps', 'OfflineUbuntu64']
 OfflineBundles['UbuntuBundle 12.04-32bit'] = ['Ubuntu 12.04-32bit', 'ubuntu_12.04-32_all_deps', 'OfflineUbuntu32']
-OfflineBundles['Raspberry Pi Bundle']      = ['Raspberry Pi',       'rpi_offline_all_deps',     'OfflineRaspbian']
+OfflineBundles['Raspberry Pi Bundle']      = ['Raspberry Pi',       'armory_raspbian_deps',     'OfflineRaspbian']
+#OfflineBundles['Tails']                    = ['Tails OS',           'armory_tails64_deps',      'OfflineTails']
+#LinuxPkgs['Tails 32bit']        = ['tails32.deb',      ['TailsOS'],          ['0.23'], 32]
 
 # For now we are disabling these because they are enormous, holding the git repo with them
 LinuxRaw = {}
@@ -65,14 +72,11 @@ def logprint(s):
 ################################################################################
 # Do some sanity checks to make sure things are in order before continuing
 if len(sys.argv) < 3:
-   print 'Must supply dir with installers and version type [testing, beta]'
+   print '***ERROR: Must give a directory containing Armory installers'
    print 'USAGE: %s <installersdir>' % argv[0]
    exit(1)
 
-
 instDir = sys.argv[1]
-
-
 if not os.path.exists(instDir):
    logprint('Installers dir does not exist!' + instDir)
    exit(1)
@@ -110,6 +114,14 @@ def logprint(s):
    else:
       print 'Found offline bundle deps dir: %s' % depsdir
 
+
+# Check wallet exists for announcement signing
+wltPath = os.path.expanduser('~/.armory/wallet_%s_.wallet' % btcWltID)
+if not os.path.exists(wltPath):
+   logprint('Wallet for signing announcements does not exist: %s' % wltPath)
+   exit(1)
+
+
 # Grab the latest file version from the list   
 latestVerInt,latestVerStr,latestVerType = getLatestVerFromList2(os.listdir(instDir))
 
@@ -119,6 +131,7 @@ def logprint(s):
 logprint('   Detected Version String    : "%s"' % latestVerStr)
 logprint('   This is release of type    : "%s"' % latestVerType)
 logprint('   Use the following GPG key  : "%s"' % gpgKeyID)
+logprint('   Use the following wallet   : "%s"' % wltPath)
 logprint('   Builder for signing deb    : "%s"' % builder)
 logprint('   Git repo to be signed is   : "%s", branch: "%s"' % (gitRepo,gitBranch))
 logprint('   Git user to tag release    : "%s" / <%s>' % (gituser, gitemail))
@@ -193,6 +206,8 @@ def logprint(s):
    instFiles.append(targz)
 """
 
+################################################################################
+# Create Offline Bundles
 OfflineBundles['UbuntuBundle 12.04-64bit'] = ['Ubuntu 12.04-64bit', 'ubuntu_12.04-64_all_deps']
 for bundleName,trip in OfflineBundles.iteritems():
    pkgName,depsdir,suff = trip[:]
@@ -224,6 +239,12 @@ def logprint(s):
 os.remove(hashfilename)
 
 
+
+################################################################################
+################################################################################
+# Now update the announcements
+
+
 # GIT SIGN
 gittag  = 'v%s%s' % (latestVerStr, latestVerType)
 logprint('*'*80)

release_scripts/Step3_Online_VerifyAndUpload.py

@@ -16,7 +16,7 @@
 latestVerInt, latestVerStr, latestRelease = 0,'',''
 unpackDir = 'signed_release_unpack'
 bucket = 'bitcoinarmory-releases'
-buckets3 = 's3://%s' % bucket
+bucketS3 = 's3://%s' % bucket
 bucketdl = 'https://s3.amazonaws.com/%s' % bucket
 
 #uploadlog = open('step3_log_%d.txt' % long(time.time()), 'w')
@@ -56,7 +56,7 @@ def logprint(s):
 logprint('   Version type: ' + latestVerType)
 logprint('   Full version: ' + verFullStr)
 logprint('   Release file: ' + latestRelease)
-logprint('   S3 Bucket   : ' + buckets3)
+logprint('   S3 Bucket   : ' + bucketS3)
 logprint('   DL Links    : ' + bucketdl)
 logprint('')
 
@@ -169,7 +169,7 @@ def logprint(s):
    else:
       humanText += ' for %s %s %s' % tuple(pkgMap[ext])
 
-   uploadurl = '%s/%s' % (buckets3, fn)
+   uploadurl = '%s/%s' % (bucketS3, fn)
    linkurl = '%s/%s' % (bucketdl, fn)
 
    s3cmd = 's3cmd put --acl-public %s %s' % (fullfn, uploadurl)
@@ -183,6 +183,11 @@ def logprint(s):
    s3cmdList.append(s3cmd)
 
 
+for ann in announceFiles:
+   uploadurl = '%s/%s' % (bucketS3, fn)
+   s3cmd = 's3cmd put --acl-public %s %s' % (ann, uploadurl)
+   s3cmdList.append(s3cmd)
+
 logprint('\nRAW URL LIST')
 for txt in rawUrlList:
    logprint('  '+txt)