smedev/smeserver-koji
6
0
Fork 0
mirror of https://src.koozali.org/infra/smeserver-koji.git synced 2024-11-21 17:17:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix sign_build_list.sh and update README

Browse Source
This commit is contained in:
Trevor Batley 2024-11-15 13:57:44 +11:00
parent 437b6abda0
commit 3c674d4f26
4 changed files with 132 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
utils/README.md
View File

@ -3,10 +3,41 @@
## sign_build.sh ## sign_build.sh
Sign all rpms for a particular build Sign all rpms for a particular build
sign_rpm.sh <n-v-r | build_id | package | rpm> [<arch=*> | <debuginfo> | <latestfrom=> | <rpm> | <gpg_name=kojiadmin@koozali.org> | <debug>]
Required: (one of only)
- n-v-r: of the build (e.g. smeserver-backup-11.0.0-7.el8)
- build_id: e.g. 643
- package: e.g. smeserver-backup (used in conjunction with <latestfrom>)
- rpm: to sign a specific rpm (used in conjunction with <rpm>)
Optional:
- arch=<arch>: only rpms for these arches (comma seperated list - defaults to all)
- nodebuginfo: do NOT include debug rpms (defaults to included)
- latestfrom=<tag>: used with <package> and will use the latest build for this tag
- gpg_name=<gpg name>: name used to create the gpg key we want to sign with (default kojiadmin@koozali.org)
- debug: display debug information
## sign_build_list.sh ## sign_build_list.sh
Sign all rpms for each build specified in a file (1 line per build) Sign all rpms for each build specified in a file (1 line per build)
## queue_builds.sh sign_build_list.sh <pkg list> [<arch=*> | <gpg_name=kojiadmin@koozali.org> | <gpg_key=44922a28> | <nodebuginfo> | <debug> | <dryrun> ]
Queue a build for each package supplied in a file
## parse-list.sh Required:
- file name of list containing builds to be signed
Optional:
- arch=<arch>: only rpms for these arches (comma seperated list - defaults to all)
- nodebuginfo: do NOT include debug rpms (defaults to included)
- gpg_name=<gpg name>: name used to create the gpg key we want to sign with (default kojiadmin@koozali.org)
- gpg_key=<gpg_key>: if you want to check if they have already been signed with this key (default - don't check)
- debug: display debug information
- dry_run: do a 'dry run' and only show what will be executed, don't do it
## queue_builds.sh
Queue a build the latest tag for each package supplied in a file (1 package per line)
queue-builds.sh <filename> [ <wait> | <org=smeserver> ]
- <wait> to wait for one build to complete before submitting the next one (default is nowait - queue them all)
- <org=organisation> (default is smecontribs)

71
utils/parse-list.sh
View File

@ -1,71 +0,0 @@
#!/bin/bash
#
# Run script against every item in input file
if [[ -z $1 ]] ; then
echo "parse a list of parameters and execute script with those parameters"
echo "parse-list.sh <param file> <script> [<noisy> <additional> <additional> <additional>]"
echo "<param file> name of file containing parameters"
echo "<script> script to run (e.g. rename-e-smith-pkh.sh)"
echo "optional params can appear in any order"
echo " <review> show line being executed but do NOTHING!"
echo " <noisy> show line being executed"
echo " <additional> additional params to be passed (up to 3)"
exit 0
fi
# parse the command line parameters
PROCESSORG=
EXTRAPARAMS=
# using a file as input
if [[ ! -f $1 ]] ; then
echo "Can NOT find $1 - Aborting"
exit 1
fi
if [[ $(which $2 | grep "no $2") ]] ; then
echo "Can NOT find $2 - Aborting"
exit 1
fi
DEBUG=
REVIEW=
NOISY=
for param in $3 $4 $5 $6; do
if [ $param ] ; then
case $param in
review )
REVIEW=true ;;
noisy )
NOISY=true ;;
;;
debug )
DEBUG=true ;;
* )
EXTRAPARAMS=$EXTRAPARAMS" "$param ;;
esac
else
break
fi
done
# Build array of parameters to cycle through
PARAMLIST=()
# load array of parameters from input file
while read -r line ; do PARAMLIST+=($line) ; done < $1
# Cycle through array of parameters and execute script
for param in ${PARAMLIST[@]}
do
if [[ $NOISY || $REVIEW ]] ; then echo "$2 $param $EXTRAPARAMS" ; fi
if [[ -z $REVIEW ]] ; then
if [[ $param ]] ; then
RESPONSE=$($2 $param $EXTRAPARAMS) ; rc=$?
if [ $rc -ne 0 ] ; then echo "($rc)\n$RESPONSE" ; fi
if [ $DEBUG ] ; then echo "RESPONSE=$RESPONSE" ; fi
fi
fi
done
exit 0

47
utils/sign_build.sh
View File

@ -2,35 +2,37 @@
if [[ -z $1 ]] ; then if [[ -z $1 ]] ; then
echo "Must provide a package name" echo "Must provide a package name"
echo "sign_rpm.sh <package name> [<arch=x86_64> | <debuginfo> | <repo=dist-sme11-os> | <latestfrom=*> | <gpg_key=kojiadmin@koozali.org> | <debug>]" echo "sign_build.sh <n-v-r | build_id | package name | rpm> [<arch=x86_64> | <nodebuginfo> | <latestfrom=*> | <gpg_key=kojiadmin@koozali.org> | <debug>]"
exit 1 exit 1
else else
PACKAGE=$1 PACKAGE=$1
echo "PACKAGE=$PACKAGE" echo "PACKAGE=$PACKAGE"
fi fi
ARCH=x86_64
REPO="dist-sme11-os"
GPG_KEY="kojiadmin@koozali.org" GPG_KEY="kojiadmin@koozali.org"
DEBUG=false
DEBUGINFO="--debuginfo" DEBUGINFO="--debuginfo"
ARCHES=
DEBUG=
RPM=
for param in $2 $3 $4 $5 $6 $7; do for param in $2 $3 $4 $5 $6 $7; do
if [ $param ] ; then if [ $param ] ; then
case $param in case $param in
-h | --help ) -h | --help )
echo "sign_rpm.sh <package name> [<arch=x86_64> | <repo=dist-sme11-os> | <latestfrom=*> | <gpg_key=kojiadmin@koozali.org>]" ;; echo "sign_build.sh <n-v-r | build_id | package name | rpm> [<arch=*> | <nodebuginfo> | <latestfrom=*> | <gpg_key=kojiadmin@koozali.org>]" ;;
debug ) debug )
DEBUG=true ;; DEBUG=true ;;
debuginfo ) nodebuginfo )
DEBUGINFO="--debuginfo" ;; DEBUGINFO= ;;
arch=* ) arch=* )
ARCH=${param#*=} ;; arches=${param#*=}
repo=* ) for arch in ${arches//,/ } ; do
REPO=${param#*=} ;; ARCHES=ARCHES"--arch=$arch "
done
;;
latestfrom=* ) latestfrom=* )
PACKAGE=$PACKAGE" --latestfrom="${param#*=} ;; PACKAGE=$PACKAGE" --latestfrom="${param#*=} ;;
gpg_key=* ) gpg_name=* )
GPG_KEY=${param#*=} ;; GPG_NAME=${param#*=} ;;
* ) * )
echo "Unkown parameter $param - aborting" echo "Unkown parameter $param - aborting"
exit 1 exit 1
@ -41,27 +43,30 @@ for param in $2 $3 $4 $5 $6 $7; do
fi fi
done done
# if <package name>=all, sign ALL rpms in defined repo (use pkglist to identify packages) # If an rpm name passed assume signing of an individual rpm
# else just sign the specified rpms (using either a git tag or the latestfrom) if (${1##*.} == "rpm") ; then RPM="--rpm" ; fi
# sign the specified rpms (using either a git tag or the latestfrom)
tmpdir="$(mktemp -d /tmp/sign.XXXXXX)" tmpdir="$(mktemp -d /tmp/sign.XXXXXX)"
pushd $tmpdir > /dev/null pushd $tmpdir > /dev/null
if [[ $DEBUG ]] ; then if [[ $DEBUG ]] ; then
echo "PACKAGE=$PACKAGE" echo "PACKAGE=$PACKAGE"
echo "ARCH=$ARCH" echo "ARCH=$ARCHES"
echo "REPO=$REPO" echo "DEBUGINFO=$DEBUGINFO"
echo "GPG_KEY=$GPG_KEY" echo "RPM=$RPM"
echo "GPG_NAME=$GPG_NAME"
fi fi
if [[ $DEBUG ]] ; then echo "koji download-build $DEBUGINFO $PACKAGE" ; fi if [[ $DEBUG ]] ; then echo "koji download-build $DEBUGINFO $RPM $ARCHES $PACKAGE" ; fi
koji download-build $DEBUGINFO $PACKAGE koji download-build $DEBUGINFO $RPM $ARCHES $PACKAGE
rpmsign --define "_gpg_name $GPG_KEY" --addsign *.rpm rpmsign --define "_gpg_name $GPG_NAME" --addsign *.rpm
koji import-sig *.rpm koji import-sig *.rpm
popd > /dev/null popd > /dev/null
# if debug, leave the tmp directory in place # if debug, leave the tmp directory in place
if [[ -z $DEBUG ]] ; then if [[ -z $DEBUG ]] ; then
rm -f $tmpdir/* rm -f $tmpdir/*
rmdir $tmpdir rmdir $tmpdir
fi fi
exit 0 exit 0

119
utils/sign_build_list.sh
View File

@ -2,91 +2,116 @@
# sign all rpms in the specified pkg list # sign all rpms in the specified pkg list
if [[ -z $1 ]] ; then if [[ -z $1 ]] ; then
echo "Must provide a pkg list" echo "Must provide a pkg list"
echo "sign_build_list.sh <pkg list> [<arches=x86_64> | <gpg_key=kojiadmin@koozali.org> | <debuginfo> | <debug> | <dryrun> ]" echo "sign_build_list.sh <pkg list> [<arch=*> | <gpg_name=kojiadmin@koozali.org> | <gpg_key=44922a28> | <nodebuginfo> | <debug> | <dryrun> ]"
exit 1 exit 1
else else
PKGLIST=$1 PKGLIST=$1
fi fi
ARCH=x86_64 ARCHES=
GPG_KEY="kojiadmin@koozali.org" GPG_NAME="kojiadmin@koozali.org"
GPG_ID='44922a28' GPG_KEY=
DEBUG=false DEBUG=
DRY_RUN=false DRY_RUN=
DEBUGINFO= ARCHES=
DEBUGINFO="--debuginfo"
for param in $2 $3 $4 $5 $6 $7 ; do for param in $2 $3 $4 $5 $6 $7 ; do
if [ $param ] ; then if [ $param ] ; then
case $param in case $param in
-h | --help ) -h | --help )
echo "sign_rpm_list.sh <pkg list> [<arches=x86_64> | <gpg_key=kojiadmin@koozali.org> | <debuginfo> | <debug> | <dryrun> ]" echo "sign_build_list.sh <pkg list> [<arch=x86_64> | <gpg_name=kojiadmin@koozali.org> | <gpg_key=44922a28> | <nodebuginfo> | <debug> | <dryrun> ]"
exit exit
;; ;;
debug ) debug )
DEBUG=true ;; DEBUG=true ;;
dryrun ) dryrun )
DRY_RUN=true ;; DRY_RUN=true ;;
debuginfo ) nodebuginfo )
DEBUGINFO="--debuginfo" ;; DEBUGINFO= ;;
arches=* ) arch=* )
ARCH=${param#*=} ;; arches=${param#*=}
for arch in ${arches//,/ } ; do
ARCHES=ARCHES"--arch=$arch "
done
;;
gpg_name=* )
GPG_NAME=${param#*=} ;;
gpg_key=* ) gpg_key=* )
GPG_KEY=${param#*=} ;; GPG_KEY=${param#*=} ;;
* ) * )
echo "Unkown parameter $param - aborting" echo "Unkown parameter $param - aborting"
exit 1 exit 1
;; ;;
esac esac
else else
break break
fi fi
done done
if [[ $DEBUG ]] ; then if [[ $DEBUG ]] ; then
echo "PKGLIST=$PKGLIST" echo "PKGLIST=$PKGLIST"
echo "ARCH=$ARCH" echo "ARCHES=$ARCHES"
echo "DEBUGINFO=$DEBUGINFO"
echo "GPG_NAME=$GPG_NAME"
echo "GPG_KEY=$GPG_KEY" echo "GPG_KEY=$GPG_KEY"
echo "DRY_RUN=$DRY_RUN"
fi fi
# use a temporary directory to export the rpms for signing # use a temporary directory to export the rpms for signing
#if [[ $DRY_RUN ]] ; then if [[ $DRY_RUN ]] ; then
# echo "mktemp -d /tmp/sign.XXXXXX" echo "mktemp -d /tmp/sign.XXXXXX"
#else else
tmpdir="$(mktemp -d /tmp/sign.XXXXXX)" tmpdir="$(mktemp -d /tmp/sign.XXXXXX)"
pushd $tmpdir > /dev/null pushd $tmpdir > /dev/null
#fi fi
if [[ -e "$PKGLIST" ]] ; then if [[ -e "$PKGLIST" ]] ; then
# extract list of rpms to download # extract list of rpms to download
while read -r pkgline; do while read -r pkgline; do
BUILD=${pkgline##*/}
if [[ $DEBUG ]] ; then if [[ $DEBUG ]] ; then
echo "$pkgline" echo "$pkgline"
echo "koji download-build ${pkgline##*/}" echo "koji download-build $BUILD"
fi fi
BUILD=${pkgline##*/} # If an rpm name passed assume signing of an individual rpm, else signing all
if [[ $DEBUG ]] ; then echo "BUILD=$BUILD" ; fi RPM=
DIR=/mnt/koji/packages/${BUILD%-*-*}/$(echo $BUILD | awk -F '-' '{print $(NF-1)}')/$(echo ${BUILD##*-})/data/signed/$GPG_ID if (${BUILD##*.} == "rpm") ; then
if [[ $DEBUG ]] ; then echo "DIR=$DIR" ; fi RPM="--rpm"
if [[ -d $DIR ]] ; then fi
echo "$BUILD already signed with this key - ignoring" if [[ $GPG_KEY ]] ; then # check if already signed with this key
else DIR=/mnt/koji/packages/${BUILD%-*-*}/$(echo $BUILD | awk -F '-' '{print $(NF-1)}')/$(echo ${BUILD##*-})/data/signed/$GPG_KEY
# if [[ $DRY_RUN ]] ; then if [[ $DEBUG ]] ; then echo "DIR=$DIR" ; fi
# echo "koji download-build $DEBUGINFO ${pkgline##*/}" EXISTS=
# else if ($RPM == "--rpm") ; then
koji download-build $DEBUGINFO $BUILD if [[ $DEBUG ]] ; then echo "Check for existing $DIR/$BUILD"
# fi if [[ -f $DIR/$BUILD ]] ; then EXISTS=True ; fi
else
if [[ $DEBUG ]] ; then echo "Check for existing $DIR"
if [[ -d $DIR ]] ; then EXISTS=True ; fi
fi
if [[ $EXISTS ]] ; then
echo "$BUILD already signed with this key - ignoring"
continue
fi
fi
if [[ $DRY_RUN ]] ; then
echo "koji download-build $DEBUGINFO $ARCHES $RPM $BUILD"
else
koji download-build $DEBUGINFO $ARCHES $RPM $BUILD
fi
fi fi
done <$PKGLIST done <$PKGLIST
else else
echo "Cannot find pkglist $PKGLIST - aborting" echo "Cannot find pkglist $PKGLIST - aborting"
exit 1 exit 1
fi fi
#if [[ $DRY_RUN ]] ; then if [[ $DRY_RUN ]] ; then
# echo "rpmsign --define \"_gpg_name $GPG_KEY\" --addsign *.rpm" echo "rpmsign --define \"_gpg_name $GPG_NAME\" --addsign *.rpm"
# echo "koji import-sig *.rpm" echo "koji import-sig *.rpm"
#else else
rpmsign --define "_gpg_name $GPG_KEY" --addsign *.rpm rpmsign --define "_gpg_name $GPG_NAME" --addsign *.rpm
koji import-sig *.rpm koji import-sig *.rpm
popd > /dev/null popd > /dev/null
#fi fi
exit 0 exit 0