Various improvements to quickstart.sh

[abesto]

• Made variables local, to prevent functions from overwriting values of each other
• Made downloaded jar filename shorter, it's just zipkin.jar now
• Told curl to follow redirects (fixing downloads when BinTray redirects to a CDN)
• Clean up .md5, .asc, .md5.asc after successful runs (but not after failed ones)
• Add a note to optionally trust the BinTray GPG key after importing it
• Add note for proceeding manually if the script fails
• Fix verification of GPG signature of MD5 checksum

Dragons

• [x] The GPG signature for the .md5 file still seems to be invalid. Output of my run:

Thank you for trying OpenZipkin!

This installer is provided as a quick-start helper, so you can try Zipkin out
without a lengthy installation process.

Fetching version number of latest Zipkin release...
Downloading executable jar for Zipkin 2.4.0...

Verifying checksum...
zipkin.jar: OK

Verifying signature of zipkin.jar...
gpg: Signature made Mon 27 Nov 2017 11:52:09 AM CET
gpg:                using RSA key 379CE192D401AB61
gpg: Good signature from "Bintray (by JFrog) <bintray@bintray.com>" [ultimate]

Verifying signature of zipkin.jar.md5...
gpg: Signature made Mon 27 Nov 2017 11:52:10 AM CET
gpg:                using RSA key 379CE192D401AB61
gpg: BAD signature from "Bintray (by JFrog) <bintray@bintray.com>" [ultimate]

It looks like quick-start setup has failed. Please run the command again
with the debug flag like below, and open an issue on
https://github.com/openzipkin/zipkin/issues/new. Make sure to include the
full output of the run.

    \curl -sSL http://zipkin.io/quickstart.sh | bash -sx

In the meanwhile, you can manually download and run the latest executable jar
from the following URL:

https://dl.bintray.com/openzipkin/maven/io/zipkin/java/zipkin-server/

[abesto]

Hmm. I may be messing something up in the script, the signature may actually be correct.

[abesto]

Bah. St00pid h00man. The .md5 file we use for checksum validation is not actually the same as the one signed by Bintray, need to switch up the logic. (The file from Bintray only contains the checksum, while the one passed to md5sum must also contain the filename)

[abesto]

There, all good now.

[codefromthecrypt]

Indeed! tested locally

[codefromthecrypt]

so we update our quickstart to curl -sSL https://zipkin.io/quickstart.sh | bash -sx ?

[abesto]

Maybe even without the -x, to get nice and friendly output (it's relative, there's gpg in it, but methinks that's good to have there)

[abesto]

Oh, and: https ;)

[codefromthecrypt]

in your copious freetime.. can you doctor up our module script? Note: these can come from different group ids..

$ wget -O zipkin-autoconfigure-collector-kafka10-module.jar 'https://search.maven.org/remote_content?g=io.zipkin.java&a=zipkin-autoconfigure-collector-kafka10&v=LATEST&c=module'

[codefromthecrypt]

usually we short-name these to the last part of the artifact ex https://github.com/openzipkin/docker-zipkin-aws/blob/master/Dockerfile#L24

[abesto]

Hmm. Should be quite possible to pass in arguments to quickstart.sh, so that a module download would be something like

curl -sSL https://zipkin.io/quickstart.sh | bash -s $ARTIFACTID $LOCALTARGET.jar

Alternative would be adding extra filename wrangling logic into quickstart.sh so that we can omit the second argument, though methinks that's too much magic.

Thoughts?

(Best case for me implementing this is tonight, ~7 hours from now)

[codefromthecrypt]

the crap part is that this includes a classifier change (notice it is module not exec). Maybe some delimiting similar to gradle could answer it?

[abesto]

Ah, thanks for pointing that out. Doing that right will surely require passing in the classifier. Using Gradle-like delimiting sounds like a good idea. I think it's gonna be fine, but will have to dive into implementation details to know for sure. Will shout if confused.