mirror of
https://src.koozali.org/infra/smeserver-koji.git
synced 2024-11-21 09:07:29 +01:00
fix sign_build_list.sh and update README
This commit is contained in:
parent
437b6abda0
commit
3c674d4f26
@ -3,10 +3,41 @@
|
||||
## sign_build.sh
|
||||
Sign all rpms for a particular build
|
||||
|
||||
sign_rpm.sh <n-v-r | build_id | package | rpm> [<arch=*> | <debuginfo> | <latestfrom=> | <rpm> | <gpg_name=kojiadmin@koozali.org> | <debug>]
|
||||
|
||||
Required: (one of only)
|
||||
- n-v-r: of the build (e.g. smeserver-backup-11.0.0-7.el8)
|
||||
- build_id: e.g. 643
|
||||
- package: e.g. smeserver-backup (used in conjunction with <latestfrom>)
|
||||
- rpm: to sign a specific rpm (used in conjunction with <rpm>)
|
||||
|
||||
Optional:
|
||||
- arch=<arch>: only rpms for these arches (comma seperated list - defaults to all)
|
||||
- nodebuginfo: do NOT include debug rpms (defaults to included)
|
||||
- latestfrom=<tag>: used with <package> and will use the latest build for this tag
|
||||
- gpg_name=<gpg name>: name used to create the gpg key we want to sign with (default kojiadmin@koozali.org)
|
||||
- debug: display debug information
|
||||
|
||||
## sign_build_list.sh
|
||||
Sign all rpms for each build specified in a file (1 line per build)
|
||||
|
||||
## queue_builds.sh
|
||||
Queue a build for each package supplied in a file
|
||||
sign_build_list.sh <pkg list> [<arch=*> | <gpg_name=kojiadmin@koozali.org> | <gpg_key=44922a28> | <nodebuginfo> | <debug> | <dryrun> ]
|
||||
|
||||
## parse-list.sh
|
||||
Required:
|
||||
- file name of list containing builds to be signed
|
||||
|
||||
Optional:
|
||||
- arch=<arch>: only rpms for these arches (comma seperated list - defaults to all)
|
||||
- nodebuginfo: do NOT include debug rpms (defaults to included)
|
||||
- gpg_name=<gpg name>: name used to create the gpg key we want to sign with (default kojiadmin@koozali.org)
|
||||
- gpg_key=<gpg_key>: if you want to check if they have already been signed with this key (default - don't check)
|
||||
- debug: display debug information
|
||||
- dry_run: do a 'dry run' and only show what will be executed, don't do it
|
||||
|
||||
## queue_builds.sh
|
||||
Queue a build the latest tag for each package supplied in a file (1 package per line)
|
||||
|
||||
queue-builds.sh <filename> [ <wait> | <org=smeserver> ]
|
||||
|
||||
- <wait> to wait for one build to complete before submitting the next one (default is nowait - queue them all)
|
||||
- <org=organisation> (default is smecontribs)
|
||||
|
||||
@ -1,71 +0,0 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Run script against every item in input file
|
||||
|
||||
if [[ -z $1 ]] ; then
|
||||
echo "parse a list of parameters and execute script with those parameters"
|
||||
echo "parse-list.sh <param file> <script> [<noisy> <additional> <additional> <additional>]"
|
||||
echo "<param file> name of file containing parameters"
|
||||
echo "<script> script to run (e.g. rename-e-smith-pkh.sh)"
|
||||
echo "optional params can appear in any order"
|
||||
echo " <review> show line being executed but do NOTHING!"
|
||||
echo " <noisy> show line being executed"
|
||||
echo " <additional> additional params to be passed (up to 3)"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# parse the command line parameters
|
||||
PROCESSORG=
|
||||
EXTRAPARAMS=
|
||||
# using a file as input
|
||||
if [[ ! -f $1 ]] ; then
|
||||
echo "Can NOT find $1 - Aborting"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ $(which $2 | grep "no $2") ]] ; then
|
||||
echo "Can NOT find $2 - Aborting"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
DEBUG=
|
||||
REVIEW=
|
||||
NOISY=
|
||||
for param in $3 $4 $5 $6; do
|
||||
if [ $param ] ; then
|
||||
case $param in
|
||||
review )
|
||||
REVIEW=true ;;
|
||||
noisy )
|
||||
NOISY=true ;;
|
||||
;;
|
||||
debug )
|
||||
DEBUG=true ;;
|
||||
* )
|
||||
EXTRAPARAMS=$EXTRAPARAMS" "$param ;;
|
||||
esac
|
||||
else
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
# Build array of parameters to cycle through
|
||||
PARAMLIST=()
|
||||
# load array of parameters from input file
|
||||
while read -r line ; do PARAMLIST+=($line) ; done < $1
|
||||
|
||||
# Cycle through array of parameters and execute script
|
||||
for param in ${PARAMLIST[@]}
|
||||
do
|
||||
if [[ $NOISY || $REVIEW ]] ; then echo "$2 $param $EXTRAPARAMS" ; fi
|
||||
if [[ -z $REVIEW ]] ; then
|
||||
if [[ $param ]] ; then
|
||||
RESPONSE=$($2 $param $EXTRAPARAMS) ; rc=$?
|
||||
if [ $rc -ne 0 ] ; then echo "($rc)\n$RESPONSE" ; fi
|
||||
if [ $DEBUG ] ; then echo "RESPONSE=$RESPONSE" ; fi
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
exit 0
|
||||
|
||||
@ -2,35 +2,37 @@
|
||||
|
||||
if [[ -z $1 ]] ; then
|
||||
echo "Must provide a package name"
|
||||
echo "sign_rpm.sh <package name> [<arch=x86_64> | <debuginfo> | <repo=dist-sme11-os> | <latestfrom=*> | <gpg_key=kojiadmin@koozali.org> | <debug>]"
|
||||
echo "sign_build.sh <n-v-r | build_id | package name | rpm> [<arch=x86_64> | <nodebuginfo> | <latestfrom=*> | <gpg_key=kojiadmin@koozali.org> | <debug>]"
|
||||
exit 1
|
||||
else
|
||||
PACKAGE=$1
|
||||
echo "PACKAGE=$PACKAGE"
|
||||
fi
|
||||
|
||||
ARCH=x86_64
|
||||
REPO="dist-sme11-os"
|
||||
GPG_KEY="kojiadmin@koozali.org"
|
||||
DEBUG=false
|
||||
DEBUGINFO="--debuginfo"
|
||||
ARCHES=
|
||||
DEBUG=
|
||||
RPM=
|
||||
for param in $2 $3 $4 $5 $6 $7; do
|
||||
if [ $param ] ; then
|
||||
case $param in
|
||||
-h | --help )
|
||||
echo "sign_rpm.sh <package name> [<arch=x86_64> | <repo=dist-sme11-os> | <latestfrom=*> | <gpg_key=kojiadmin@koozali.org>]" ;;
|
||||
echo "sign_build.sh <n-v-r | build_id | package name | rpm> [<arch=*> | <nodebuginfo> | <latestfrom=*> | <gpg_key=kojiadmin@koozali.org>]" ;;
|
||||
debug )
|
||||
DEBUG=true ;;
|
||||
debuginfo )
|
||||
DEBUGINFO="--debuginfo" ;;
|
||||
nodebuginfo )
|
||||
DEBUGINFO= ;;
|
||||
arch=* )
|
||||
ARCH=${param#*=} ;;
|
||||
repo=* )
|
||||
REPO=${param#*=} ;;
|
||||
arches=${param#*=}
|
||||
for arch in ${arches//,/ } ; do
|
||||
ARCHES=ARCHES"--arch=$arch "
|
||||
done
|
||||
;;
|
||||
latestfrom=* )
|
||||
PACKAGE=$PACKAGE" --latestfrom="${param#*=} ;;
|
||||
gpg_key=* )
|
||||
GPG_KEY=${param#*=} ;;
|
||||
gpg_name=* )
|
||||
GPG_NAME=${param#*=} ;;
|
||||
* )
|
||||
echo "Unkown parameter $param - aborting"
|
||||
exit 1
|
||||
@ -41,27 +43,30 @@ for param in $2 $3 $4 $5 $6 $7; do
|
||||
fi
|
||||
done
|
||||
|
||||
# if <package name>=all, sign ALL rpms in defined repo (use pkglist to identify packages)
|
||||
# else just sign the specified rpms (using either a git tag or the latestfrom)
|
||||
# If an rpm name passed assume signing of an individual rpm
|
||||
if (${1##*.} == "rpm") ; then RPM="--rpm" ; fi
|
||||
|
||||
# sign the specified rpms (using either a git tag or the latestfrom)
|
||||
tmpdir="$(mktemp -d /tmp/sign.XXXXXX)"
|
||||
pushd $tmpdir > /dev/null
|
||||
|
||||
if [[ $DEBUG ]] ; then
|
||||
echo "PACKAGE=$PACKAGE"
|
||||
echo "ARCH=$ARCH"
|
||||
echo "REPO=$REPO"
|
||||
echo "GPG_KEY=$GPG_KEY"
|
||||
echo "ARCH=$ARCHES"
|
||||
echo "DEBUGINFO=$DEBUGINFO"
|
||||
echo "RPM=$RPM"
|
||||
echo "GPG_NAME=$GPG_NAME"
|
||||
fi
|
||||
if [[ $DEBUG ]] ; then echo "koji download-build $DEBUGINFO $PACKAGE" ; fi
|
||||
koji download-build $DEBUGINFO $PACKAGE
|
||||
rpmsign --define "_gpg_name $GPG_KEY" --addsign *.rpm
|
||||
if [[ $DEBUG ]] ; then echo "koji download-build $DEBUGINFO $RPM $ARCHES $PACKAGE" ; fi
|
||||
koji download-build $DEBUGINFO $RPM $ARCHES $PACKAGE
|
||||
rpmsign --define "_gpg_name $GPG_NAME" --addsign *.rpm
|
||||
koji import-sig *.rpm
|
||||
popd > /dev/null
|
||||
|
||||
# if debug, leave the tmp directory in place
|
||||
if [[ -z $DEBUG ]] ; then
|
||||
rm -f $tmpdir/*
|
||||
rmdir $tmpdir
|
||||
rmdir $tmpdir
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
||||
@ -2,91 +2,116 @@
|
||||
# sign all rpms in the specified pkg list
|
||||
if [[ -z $1 ]] ; then
|
||||
echo "Must provide a pkg list"
|
||||
echo "sign_build_list.sh <pkg list> [<arches=x86_64> | <gpg_key=kojiadmin@koozali.org> | <debuginfo> | <debug> | <dryrun> ]"
|
||||
echo "sign_build_list.sh <pkg list> [<arch=*> | <gpg_name=kojiadmin@koozali.org> | <gpg_key=44922a28> | <nodebuginfo> | <debug> | <dryrun> ]"
|
||||
exit 1
|
||||
else
|
||||
PKGLIST=$1
|
||||
fi
|
||||
|
||||
ARCH=x86_64
|
||||
GPG_KEY="kojiadmin@koozali.org"
|
||||
GPG_ID='44922a28'
|
||||
DEBUG=false
|
||||
DRY_RUN=false
|
||||
DEBUGINFO=
|
||||
ARCHES=
|
||||
GPG_NAME="kojiadmin@koozali.org"
|
||||
GPG_KEY=
|
||||
DEBUG=
|
||||
DRY_RUN=
|
||||
ARCHES=
|
||||
DEBUGINFO="--debuginfo"
|
||||
|
||||
for param in $2 $3 $4 $5 $6 $7 ; do
|
||||
if [ $param ] ; then
|
||||
case $param in
|
||||
case $param in
|
||||
-h | --help )
|
||||
echo "sign_rpm_list.sh <pkg list> [<arches=x86_64> | <gpg_key=kojiadmin@koozali.org> | <debuginfo> | <debug> | <dryrun> ]"
|
||||
exit
|
||||
echo "sign_build_list.sh <pkg list> [<arch=x86_64> | <gpg_name=kojiadmin@koozali.org> | <gpg_key=44922a28> | <nodebuginfo> | <debug> | <dryrun> ]"
|
||||
exit
|
||||
;;
|
||||
debug )
|
||||
DEBUG=true ;;
|
||||
dryrun )
|
||||
DRY_RUN=true ;;
|
||||
debuginfo )
|
||||
DEBUGINFO="--debuginfo" ;;
|
||||
arches=* )
|
||||
ARCH=${param#*=} ;;
|
||||
DEBUG=true ;;
|
||||
dryrun )
|
||||
DRY_RUN=true ;;
|
||||
nodebuginfo )
|
||||
DEBUGINFO= ;;
|
||||
arch=* )
|
||||
arches=${param#*=}
|
||||
for arch in ${arches//,/ } ; do
|
||||
ARCHES=ARCHES"--arch=$arch "
|
||||
done
|
||||
;;
|
||||
gpg_name=* )
|
||||
GPG_NAME=${param#*=} ;;
|
||||
gpg_key=* )
|
||||
GPG_KEY=${param#*=} ;;
|
||||
GPG_KEY=${param#*=} ;;
|
||||
* )
|
||||
echo "Unkown parameter $param - aborting"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
echo "Unkown parameter $param - aborting"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
else
|
||||
break
|
||||
break
|
||||
fi
|
||||
done
|
||||
if [[ $DEBUG ]] ; then
|
||||
echo "PKGLIST=$PKGLIST"
|
||||
echo "ARCH=$ARCH"
|
||||
echo "ARCHES=$ARCHES"
|
||||
echo "DEBUGINFO=$DEBUGINFO"
|
||||
echo "GPG_NAME=$GPG_NAME"
|
||||
echo "GPG_KEY=$GPG_KEY"
|
||||
echo "DRY_RUN=$DRY_RUN"
|
||||
fi
|
||||
|
||||
# use a temporary directory to export the rpms for signing
|
||||
#if [[ $DRY_RUN ]] ; then
|
||||
# echo "mktemp -d /tmp/sign.XXXXXX"
|
||||
#else
|
||||
if [[ $DRY_RUN ]] ; then
|
||||
echo "mktemp -d /tmp/sign.XXXXXX"
|
||||
else
|
||||
tmpdir="$(mktemp -d /tmp/sign.XXXXXX)"
|
||||
pushd $tmpdir > /dev/null
|
||||
#fi
|
||||
fi
|
||||
|
||||
if [[ -e "$PKGLIST" ]] ; then
|
||||
# extract list of rpms to download
|
||||
while read -r pkgline; do
|
||||
BUILD=${pkgline##*/}
|
||||
if [[ $DEBUG ]] ; then
|
||||
echo "$pkgline"
|
||||
echo "koji download-build ${pkgline##*/}"
|
||||
echo "koji download-build $BUILD"
|
||||
fi
|
||||
BUILD=${pkgline##*/}
|
||||
if [[ $DEBUG ]] ; then echo "BUILD=$BUILD" ; fi
|
||||
DIR=/mnt/koji/packages/${BUILD%-*-*}/$(echo $BUILD | awk -F '-' '{print $(NF-1)}')/$(echo ${BUILD##*-})/data/signed/$GPG_ID
|
||||
if [[ $DEBUG ]] ; then echo "DIR=$DIR" ; fi
|
||||
if [[ -d $DIR ]] ; then
|
||||
echo "$BUILD already signed with this key - ignoring"
|
||||
else
|
||||
# if [[ $DRY_RUN ]] ; then
|
||||
# echo "koji download-build $DEBUGINFO ${pkgline##*/}"
|
||||
# else
|
||||
koji download-build $DEBUGINFO $BUILD
|
||||
# fi
|
||||
# If an rpm name passed assume signing of an individual rpm, else signing all
|
||||
RPM=
|
||||
if (${BUILD##*.} == "rpm") ; then
|
||||
RPM="--rpm"
|
||||
fi
|
||||
if [[ $GPG_KEY ]] ; then # check if already signed with this key
|
||||
DIR=/mnt/koji/packages/${BUILD%-*-*}/$(echo $BUILD | awk -F '-' '{print $(NF-1)}')/$(echo ${BUILD##*-})/data/signed/$GPG_KEY
|
||||
if [[ $DEBUG ]] ; then echo "DIR=$DIR" ; fi
|
||||
EXISTS=
|
||||
if ($RPM == "--rpm") ; then
|
||||
if [[ $DEBUG ]] ; then echo "Check for existing $DIR/$BUILD"
|
||||
if [[ -f $DIR/$BUILD ]] ; then EXISTS=True ; fi
|
||||
else
|
||||
if [[ $DEBUG ]] ; then echo "Check for existing $DIR"
|
||||
if [[ -d $DIR ]] ; then EXISTS=True ; fi
|
||||
fi
|
||||
if [[ $EXISTS ]] ; then
|
||||
echo "$BUILD already signed with this key - ignoring"
|
||||
continue
|
||||
fi
|
||||
fi
|
||||
if [[ $DRY_RUN ]] ; then
|
||||
echo "koji download-build $DEBUGINFO $ARCHES $RPM $BUILD"
|
||||
else
|
||||
koji download-build $DEBUGINFO $ARCHES $RPM $BUILD
|
||||
fi
|
||||
fi
|
||||
done <$PKGLIST
|
||||
else
|
||||
echo "Cannot find pkglist $PKGLIST - aborting"
|
||||
exit 1
|
||||
fi
|
||||
#if [[ $DRY_RUN ]] ; then
|
||||
# echo "rpmsign --define \"_gpg_name $GPG_KEY\" --addsign *.rpm"
|
||||
# echo "koji import-sig *.rpm"
|
||||
#else
|
||||
rpmsign --define "_gpg_name $GPG_KEY" --addsign *.rpm
|
||||
if [[ $DRY_RUN ]] ; then
|
||||
echo "rpmsign --define \"_gpg_name $GPG_NAME\" --addsign *.rpm"
|
||||
echo "koji import-sig *.rpm"
|
||||
else
|
||||
rpmsign --define "_gpg_name $GPG_NAME" --addsign *.rpm
|
||||
koji import-sig *.rpm
|
||||
popd > /dev/null
|
||||
#fi
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user