aggregated signatures:

- return early if there is no new commit - for each new commit, download the airlock content, and create aggregated signature files - the new commit is fetched before the airlock content is deployed, so that we can still deploy a new version of this script, if the second part of the script crashes. (this is not user visible because we still need to update the cloudflare cache)
spesmilo · Dec 19, 2021 · 969fa0a · 969fa0a
1 parent b6d22f2
commit 969fa0a
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 81 deletions.
diff --git a/deploy.sh b/deploy.sh
@@ -9,7 +9,14 @@ date -u
 
 # fixme: we should not poll github
 git fetch github
-echo "latest website commit $(git rev-parse github/master)"
+LOCAL_COMMIT="$(git rev-parse master)"
+REMOTE_COMMIT="$(git rev-parse github/master)"
+
+if [ $LOCAL_COMMIT = $REMOTE_COMMIT ];
+then
+    echo "no changes, exiting"
+    exit 0
+fi
 
 LOCAL_VERSION=$(cat version|jq '.version'|tr -d '"')
 VERSION=$(git show github/master:version|jq '.version'|tr -d '"')
@@ -28,17 +35,11 @@ git rev-parse github/master | gpg --no-default-keyring --keyring "$REPODIR/gpg/t
 git rev-parse github/master | gpg --no-default-keyring --keyring "$REPODIR/gpg/sombernight_releasekey.gpg" --verify website.sombernight_releasekey.asc -
 
 echo "website signature verified"
+# Update website immediately (in case the rest of the script crashes)
+git merge --ff-only FETCH_HEAD
 
-# Just updating website; no new release
-if [ $LOCAL_VERSION = $VERSION ];
-then
-    echo "updating website and exiting"
-    git merge --ff-only FETCH_HEAD
-    exit 0
-fi
 
-# As versions mismatched, there is a new release.
-# 1. read from the airlock directory
+# Read from the airlock directory
 rm -rf /tmp/airlock
 mkdir /tmp/airlock
 pushd /tmp/airlock
@@ -61,6 +62,8 @@ do
         # In case we upload any other file for whatever reason, both sigs are needed too.
         gpg --no-default-keyring --keyring "$REPODIR/gpg/thomasv.gpg" --verify "$item.ThomasV.asc" "$item"
         gpg --no-default-keyring --keyring "$REPODIR/gpg/sombernight_releasekey.gpg" --verify "$item.sombernight_releasekey.asc" "$item"
+        # create aggregated signature file
+        cat $item.*.asc > "$item.asc"
     fi
 done
 
@@ -69,14 +72,12 @@ echo "verification passed"
 # publish files
 sftp -oBatchMode=no -b - pubwww@uploadserver << !
    cd electrum-downloads
-   mkdir $VERSION
+   -mkdir $VERSION
    cd $VERSION
    mput *
    bye
 !
 
-# update website
 popd
-git merge --ff-only FETCH_HEAD
 
 # todo: clear cloudflare cache
diff --git a/panel-download.html b/panel-download.html
@@ -4,11 +4,8 @@ <h2>Latest release: Electrum-4.1.5</h2>
 <a href="https://download.electrum.org">Previous releases</a><br/>
 
 <div style="font-size:small">
-  Our executables are reproducible, and are signed independently
-  <a href="https://github.com/spesmilo/electrum/tree/master/pubkeys">by several builders</a>.
-  <br/>
-  We recommend verifying at least two signatures.
-  <br/>
+  Our executables are reproducible, and are signed independently by several builders.<br/>
+  The current executables have been signed by <a href="https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc">ThomasV</a>, <a href="https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/sombernight_releasekey.asc">SomberNight</a>, <a href="https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/Emzy.asc">Emzy</a>.<br/>
 </div>
 
 
@@ -29,12 +26,7 @@ <h3>Sources and Binaries</h3>
       <a href="https://download.electrum.org/4.1.5/Electrum-4.1.5.tar.gz">Electrum-4.1.5.tar.gz</a>
     </td>
     <td>
-      <span style="font-size:80%">Signatures:</span><br/>
-      <span style="font-size:80%">
-<a href="https://download.electrum.org/4.1.5/Electrum-4.1.5.tar.gz.ThomasV.asc">ThomasV</a>,
-<a href="https://download.electrum.org/4.1.5/Electrum-4.1.5.tar.gz.sombernight_releasekey.asc">SomberNight</a>,
-<a href="https://raw.githubusercontent.com/spesmilo/electrum-signatures/master/4.1.5/Electrum-4.1.5.tar.gz/Electrum-4.1.5.tar.gz.Emzy.asc">Emzy</a>
-</span>
+      <span style="font-size:80%"><a href="https://download.electrum.org/4.1.5/Electrum-4.1.5.tar.gz.asc">Signatures</a></span>
     </td>
   </tr>
   <tr>
@@ -45,11 +37,7 @@ <h3>Sources and Binaries</h3>
       <a href="https://download.electrum.org/4.1.5/electrum-4.1.5-x86_64.AppImage">Appimage</a>
     </td>
     <td>
-      <span style="font-size:80%">
-<a href="https://download.electrum.org/4.1.5/electrum-4.1.5-x86_64.AppImage.ThomasV.asc">ThomasV</a>,
-<a href="https://download.electrum.org/4.1.5/electrum-4.1.5-x86_64.AppImage.sombernight_releasekey.asc">SomberNight</a>,
-<a href="https://raw.githubusercontent.com/spesmilo/electrum-signatures/master/4.1.5/electrum-4.1.5-x86_64.AppImage/electrum-4.1.5-x86_64.AppImage.Emzy.asc">Emzy</a>
-</span>
+      <span style="font-size:80%"><a href="https://download.electrum.org/4.1.5/electrum-4.1.5-x86_64.AppImage.asc">Signatures</a></span>
     </td>
     </tr>
     <tr>
@@ -61,23 +49,15 @@ <h3>Sources and Binaries</h3>
 	<a href="https://download.electrum.org/4.1.5/electrum-4.1.5.exe">Standalone Executable</a>
       </td>
       <td>
-	<span style="font-size:80%">
-<a href="https://download.electrum.org/4.1.5/electrum-4.1.5.exe.ThomasV.asc">ThomasV</a>,
-<a href="https://download.electrum.org/4.1.5/electrum-4.1.5.exe.sombernight_releasekey.asc">SomberNight</a>,
-<a href="https://raw.githubusercontent.com/spesmilo/electrum-signatures/master/4.1.5/electrum-4.1.5.exe/electrum-4.1.5.exe.Emzy.asc">Emzy</a>
-</span>
+	<span style="font-size:80%"><a href="https://download.electrum.org/4.1.5/electrum-4.1.5.exe.asc">Signatures</a></span>
       </td>
     </tr>
   <tr>
     <td>
       <a href="https://download.electrum.org/4.1.5/electrum-4.1.5-setup.exe">Windows Installer</a>
     </td>
     <td>
-      <span style="font-size:80%">
-<a href="https://download.electrum.org/4.1.5/electrum-4.1.5-setup.exe.ThomasV.asc">ThomasV</a>,
-<a href="https://download.electrum.org/4.1.5/electrum-4.1.5-setup.exe.sombernight_releasekey.asc">SomberNight</a>,
-<a href="https://raw.githubusercontent.com/spesmilo/electrum-signatures/master/4.1.5/electrum-4.1.5-setup.exe/electrum-4.1.5-setup.exe.Emzy.asc">Emzy</a>
-</span>
+      <span style="font-size:80%"><a href="https://download.electrum.org/4.1.5/electrum-4.1.5-setup.exe.asc">Signatures</a></span>
     </td>
   </tr>
   <tr>
@@ -86,11 +66,7 @@ <h3>Sources and Binaries</h3>
       <span style="font-size:80%">(<a href="https://bitcointalk.org/index.php?topic=154451.0">security advice</a>)</span>
     </td>
     <td>
-      <span style="font-size:80%">
-<a href="https://download.electrum.org/4.1.5/electrum-4.1.5-portable.exe.ThomasV.asc">ThomasV</a>,
-<a href="https://download.electrum.org/4.1.5/electrum-4.1.5-portable.exe.sombernight_releasekey.asc">SomberNight</a>,
-<a href="https://raw.githubusercontent.com/spesmilo/electrum-signatures/master/4.1.5/electrum-4.1.5-portable.exe/electrum-4.1.5-portable.exe.Emzy.asc">Emzy</a>
-</span>
+      <span style="font-size:80%"><a href="https://download.electrum.org/4.1.5/electrum-4.1.5-portable.exe.asc">Signatures</a></span>
     </td>
   </tr>
   <tr>
@@ -103,11 +79,7 @@ <h3>Sources and Binaries</h3>
       <a href="https://download.electrum.org/4.1.5/electrum-4.1.5.dmg">Executable for OS X</a>
     </td>
     <td>
-      <span style="font-size:80%">
-<a href="https://download.electrum.org/4.1.5/electrum-4.1.5.dmg.ThomasV.asc">ThomasV</a>,
-<a href="https://download.electrum.org/4.1.5/electrum-4.1.5.dmg.sombernight_releasekey.asc">SomberNight</a>,
-<a href="https://raw.githubusercontent.com/spesmilo/electrum-signatures/master/4.1.5/electrum-4.1.5.dmg/electrum-4.1.5.dmg.Emzy.asc">Emzy</a>
-</span>
+      <span style="font-size:80%"><a href="https://download.electrum.org/4.1.5/electrum-4.1.5.dmg.asc">Signatures</a></span>
     </td>
   </tr>
   <tr>
@@ -120,23 +92,15 @@ <h3>Sources and Binaries</h3>
       <a href="https://download.electrum.org/4.1.5/Electrum-4.1.5.0-arm64-v8a-release.apk">64 bit</a>
     </td>
     <td>
-      <span style="font-size:80%">
-<a href="https://download.electrum.org/4.1.5/Electrum-4.1.5.0-arm64-v8a-release.apk.ThomasV.asc">ThomasV</a>,
-<a href="https://download.electrum.org/4.1.5/Electrum-4.1.5.0-arm64-v8a-release.apk.sombernight_releasekey.asc">SomberNight</a>,
-<a href="https://raw.githubusercontent.com/spesmilo/electrum-signatures/master/4.1.5/Electrum-4.1.5.0-arm64-v8a-release.apk/Electrum-4.1.5.0-arm64-v8a-release.apk.Emzy.asc">Emzy</a>
-</span>
+      <span style="font-size:80%"><a href="https://download.electrum.org/4.1.5/Electrum-4.1.5.0-arm64-v8a-release.apk.asc">Signatures</a></span>
     </td>
   </tr>
   <tr>
     <td>
       <a href="https://download.electrum.org/4.1.5/Electrum-4.1.5.0-armeabi-v7a-release.apk">32 bit</a>
     </td>
     <td>
-      <span style="font-size:80%">
-<a href="https://download.electrum.org/4.1.5/Electrum-4.1.5.0-armeabi-v7a-release.apk.ThomasV.asc">ThomasV</a>,
-<a href="https://download.electrum.org/4.1.5/Electrum-4.1.5.0-armeabi-v7a-release.apk.sombernight_releasekey.asc">SomberNight</a>,
-<a href="https://raw.githubusercontent.com/spesmilo/electrum-signatures/master/4.1.5/Electrum-4.1.5.0-armeabi-v7a-release.apk/Electrum-4.1.5.0-armeabi-v7a-release.apk.Emzy.asc">Emzy</a>
-</span>
+      <span style="font-size:80%"><a href="https://download.electrum.org/4.1.5/Electrum-4.1.5.0-armeabi-v7a-release.apk.asc">Signatures</a></span>
     </td>
   </tr>
 </table>
@@ -168,10 +132,8 @@ <h3>Installation from Python sources</h3>
 	Verify signatures:
       </td>
       <td>
-	<code>wget https://download.electrum.org/4.1.5/Electrum-4.1.5.tar.gz.ThomasV.asc</code><br/>
-	<code>gpg --verify Electrum-4.1.5.tar.gz.ThomasV.asc Electrum-4.1.5.tar.gz</code><br/>
-	<code>wget https://download.electrum.org/4.1.5/Electrum-4.1.5.tar.gz.sombernight_releasekey.asc</code><br/>
-	<code>gpg --verify Electrum-4.1.5.tar.gz.sombernight_releasekey.asc Electrum-4.1.5.tar.gz</code>
+	<code>wget https://download.electrum.org/4.1.5/Electrum-4.1.5.tar.gz.asc</code><br/>
+	<code>gpg --verify Electrum-4.1.5.tar.gz.asc</code><br/>
       </td>
     </tr>
     <tr>

diff --git a/panel-download.html.template b/panel-download.html.template
@@ -4,11 +4,8 @@
 <a href="https://download.electrum.org">Previous releases</a><br/>
 
 <div style="font-size:small">
-  Our executables are reproducible, and are signed independently
-  <a href="https://github.com/spesmilo/electrum/tree/master/pubkeys">by several builders</a>.
-  <br/>
-  We recommend verifying at least two signatures.
-  <br/>
+  Our executables are reproducible, and are signed independently by several builders.<br/>
+  The current executables have been signed by ##signers_list##.<br/>
 </div>
 
 
@@ -29,8 +26,7 @@ Note: All the files can be downloaded via <a href="https://download.electrum.org
       <a href="##link_tgz##">Electrum-##VERSION##.tar.gz</a>
     </td>
     <td>
-      <span style="font-size:80%">Signatures:</span><br/>
-      <span style="font-size:80%">##sigs_tgz##</span>
+      <span style="font-size:80%"><a href="##sigs_tgz##">Signatures</a></span>
     </td>
   </tr>
   <tr>
@@ -41,7 +37,7 @@ Note: All the files can be downloaded via <a href="https://download.electrum.org
       <a href="##link_appimage##">Appimage</a>
     </td>
     <td>
-      <span style="font-size:80%">##sigs_appimage##</span>
+      <span style="font-size:80%"><a href="##sigs_appimage##">Signatures</a></span>
     </td>
     </tr>
     <tr>
@@ -53,15 +49,15 @@ Note: All the files can be downloaded via <a href="https://download.electrum.org
 	<a href="##link_win##">Standalone Executable</a>
       </td>
       <td>
-	<span style="font-size:80%">##sigs_win##</span>
+	<span style="font-size:80%"><a href="##sigs_win##">Signatures</a></span>
       </td>
     </tr>
   <tr>
     <td>
       <a href="##link_win_setup##">Windows Installer</a>
     </td>
     <td>
-      <span style="font-size:80%">##sigs_win_setup##</span>
+      <span style="font-size:80%"><a href="##sigs_win_setup##">Signatures</a></span>
     </td>
   </tr>
   <tr>
@@ -70,7 +66,7 @@ Note: All the files can be downloaded via <a href="https://download.electrum.org
       <span style="font-size:80%">(<a href="https://bitcointalk.org/index.php?topic=154451.0">security advice</a>)</span>
     </td>
     <td>
-      <span style="font-size:80%">##sigs_win_portable##</span>
+      <span style="font-size:80%"><a href="##sigs_win_portable##">Signatures</a></span>
     </td>
   </tr>
   <tr>
@@ -83,7 +79,7 @@ Note: All the files can be downloaded via <a href="https://download.electrum.org
       <a href="##link_mac##">Executable for OS X</a>
     </td>
     <td>
-      <span style="font-size:80%">##sigs_mac##</span>
+      <span style="font-size:80%"><a href="##sigs_mac##">Signatures</a></span>
     </td>
   </tr>
   <tr>
@@ -96,15 +92,15 @@ Note: All the files can be downloaded via <a href="https://download.electrum.org
       <a href="##link_apk_arm64##">64 bit</a>
     </td>
     <td>
-      <span style="font-size:80%">##sigs_apk_arm64##</span>
+      <span style="font-size:80%"><a href="##sigs_apk_arm64##">Signatures</a></span>
     </td>
   </tr>
   <tr>
     <td>
       <a href="##link_apk_armeabi##">32 bit</a>
     </td>
     <td>
-      <span style="font-size:80%">##sigs_apk_armeabi##</span>
+      <span style="font-size:80%"><a href="##sigs_apk_armeabi##">Signatures</a></span>
     </td>
   </tr>
 </table>
@@ -136,10 +132,8 @@ Note: All the files can be downloaded via <a href="https://download.electrum.org
 	Verify signatures:
       </td>
       <td>
-	<code>wget ##link_tgz##.ThomasV.asc</code><br/>
-	<code>gpg --verify Electrum-##VERSION##.tar.gz.ThomasV.asc Electrum-##VERSION##.tar.gz</code><br/>
-	<code>wget ##link_tgz##.sombernight_releasekey.asc</code><br/>
-	<code>gpg --verify Electrum-##VERSION##.tar.gz.sombernight_releasekey.asc Electrum-##VERSION##.tar.gz</code>
+	<code>wget ##link_tgz##.asc</code><br/>
+	<code>gpg --verify Electrum-##VERSION##.tar.gz.asc</code><br/>
       </td>
     </tr>
     <tr>