Add release tarball comparison script

The util/release-tarball-comparison.sh script compares a release-ready
BIND 9 tarball to a temporary BIND 9 tarball created from the same
signed Git tag to ensure that their content does not differ
(significantly).

util/release-tarball-comparison.sh

@@ -0,0 +1,92 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+set -e
+set -o nounset
+
+print_usage_and_exit() {
+	echo
+	echo "Usage: GITLAB_USER=<your_gitlab_username> GITLAB_TOKEN=<your_gitlab_token> ${0} /path/to/bind-9.x.y.tar.xz" >&2
+	exit 1
+}
+
+BIND_TARBALL="${1:-}"
+if [ ! -f "${BIND_TARBALL}" ]; then
+	echo "ERROR: path to BIND 9 tarball either not provided or the file does not exist." >&2
+	print_usage_and_exit
+fi
+
+GITLAB_USER=${GITLAB_USER:-}
+GITLAB_TOKEN=${GITLAB_TOKEN:-}
+if [ -z "${GITLAB_USER}" ] || [ -z "${GITLAB_TOKEN}" ]; then
+	echo "ERROR: GITLAB_USER and GITLAB_TOKEN environmental variables are not set." >&2
+	print_usage_and_exit
+fi
+
+# Create the container to work in.
+CONTAINER_ID=$(docker create --interactive debian:bullseye)
+trap "docker container rm -f \${CONTAINER_ID} >/dev/null" EXIT
+docker start "${CONTAINER_ID}"
+
+run_in_container() {
+	docker exec --workdir /usr/src "${CONTAINER_ID}" /bin/sh -c "$@"
+}
+
+# Pull build requirements.
+run_in_container "apt-get update &&			\
+	apt-get -y install --no-install-recommends	\
+		automake				\
+		ca-certificates				\
+		git					\
+		libcap2-dev				\
+		libjemalloc-dev				\
+		liblmdb-dev				\
+		libmaxminddb-dev			\
+		libnghttp2-dev				\
+		libssl-dev				\
+		libtool					\
+		libuv1-dev				\
+		make					\
+		pkg-config				\
+		pkgdiff					\
+		xz-utils				\
+"
+
+# Retrieve the release-ready BIND 9 tarball.
+docker cp "${BIND_TARBALL}" "${CONTAINER_ID}:/usr/src"
+
+BIND_VERSION=$(basename "${BIND_TARBALL}" | sed -E "s|bind-(.*)\.tar\.xz|\1|")
+BIND_DIRECTORY="bind-${BIND_VERSION}"
+
+# Prepare a temporary "release" tarball from upstream BIND 9 project.
+run_in_container "git -c advice.detachedHead=false clone --branch $(echo "v${BIND_VERSION}" | tr ".-" "_") --depth 1 https://${GITLAB_USER}:${GITLAB_TOKEN}@gitlab.isc.org/isc-private/bind9.git && \
+	cd bind9 && \
+	if [ $(echo "${BIND_VERSION}" | cut -b 1-5) = 9.16. ]; then \
+		git archive --prefix=${BIND_DIRECTORY}/ --output=${BIND_DIRECTORY}.tar HEAD && \
+		mkdir ${BIND_DIRECTORY} && \
+		echo SRCID=\$(git rev-list --max-count=1 HEAD | cut -b1-7) > ${BIND_DIRECTORY}/srcid && \
+		tar --append --file=${BIND_DIRECTORY}.tar ${BIND_DIRECTORY}/srcid && \
+		xz ${BIND_DIRECTORY}.tar; \
+	else \
+		autoreconf -fi && \
+		./configure --enable-umbrella && \
+		make -j && \
+		make dist; \
+	fi"
+
+# Compare release-ready and custom tarballs; they are expected to be the same.
+run_in_container "pkgdiff bind9/bind-${BIND_VERSION}.tar.xz bind-${BIND_VERSION}.tar.xz" || true
+
+# Copy the pkgdiff report out of the container for inspection.
+docker cp "${CONTAINER_ID}:/usr/src/pkgdiff_reports/bind/" "pkgdiff_bind_${BIND_VERSION}_report"
+echo "pkgdiff report ready for inspection in 'pkgdiff_bind_${BIND_VERSION}_report'."