add utils (e.g. sign_build.sh)

2024-11-21 09:07:29 +01:00 · 2024-11-15 11:58:24 +11:00 · 2024-11-15 11:58:24 +11:00 · 437b6abda0
commit 437b6abda0
parent c5def4c5e6
5 changed files with 276 additions and 0 deletions
--- a/utils/README.md
+++ b/utils/README.md
@ -0,0 +1,12 @@
+# Supporting utility scripts
+
+## sign_build.sh
+Sign all rpms for a particular build
+
+## sign_build_list.sh
+Sign all rpms for each build specified in a file (1 line per build)
+
+## queue_builds.sh
+Queue a build for each package supplied in a file
+
+## parse-list.sh
--- a/utils/parse-list.sh
+++ b/utils/parse-list.sh
@ -0,0 +1,71 @@
+#!/bin/bash
+#
+# Run script against every item in input file
+
+if [[ -z $1 ]] ; then
+	echo "parse a list of parameters and execute script with those parameters"
+	echo "parse-list.sh <param file> <script> [<noisy> <additional> <additional> <additional>]"
+  echo "<param file> name of file containing parameters"
+  echo "<script> script to run (e.g. rename-e-smith-pkh.sh)"
+  echo "optional params can appear in any order"
+  echo "   <review> show line being executed but do NOTHING!"
+  echo "   <noisy> show line being executed"
+  echo "   <additional> additional params to be passed (up to 3)"
+  exit 0
+fi
+
+# parse the command line parameters
+PROCESSORG=
+EXTRAPARAMS=
+# using a file as input
+if [[ ! -f $1 ]] ; then
+    echo "Can NOT find $1 - Aborting"
+    exit 1
+fi
+
+if [[ $(which $2 | grep "no $2") ]] ; then 
+    echo "Can NOT find $2 - Aborting"
+    exit 1
+fi
+
+DEBUG=
+REVIEW=
+NOISY=
+for param in $3 $4 $5 $6; do
+  if [ $param ] ; then
+    case $param in
+      review )
+        REVIEW=true ;;
+      noisy )
+        NOISY=true ;;
+      ;;
+      debug )
+        DEBUG=true ;;
+      * )
+        EXTRAPARAMS=$EXTRAPARAMS" "$param ;;
+    esac
+  else
+	  break
+  fi
+done
+
+# Build array of parameters to cycle through
+PARAMLIST=()
+# load array of parameters from input file
+while read -r line ; do PARAMLIST+=($line) ; done < $1
+
+# Cycle through array of parameters and execute script
+for param in ${PARAMLIST[@]}
+do
+  if [[ $NOISY || $REVIEW ]] ; then echo "$2 $param $EXTRAPARAMS" ; fi
+  if [[ -z $REVIEW ]] ; then
+    if [[ $param ]] ; then 
+      RESPONSE=$($2 $param $EXTRAPARAMS) ; rc=$?
+      if [ $rc -ne 0 ] ; then echo "($rc)\n$RESPONSE" ; fi
+      if [ $DEBUG ] ; then echo "RESPONSE=$RESPONSE" ; fi
+    fi
+  fi
+done
+
+exit 0
+
--- a/utils/queue-builds.sh
+++ b/utils/queue-builds.sh
@ -0,0 +1,34 @@
+#!/bin/bash
+
+if [[ -z $1 ]] ; then 
+	echo "You need to pass the filename of a list of pkgs to compile"
+	echo "queue-builds.sh <filename> [ <wait> | <org=smeserver> ]"
+	echo "- <wait> to wait for one build to complete before submitting the next one (default is nowait - queue them all)"
+	echo "- <org=organisation> (default is smecontribs)"
+	exit 1
+fi
+
+ORG="smecontribs"
+WAIT="--nowait"
+for var in $2 $3 ; do
+	case $var in
+		org=* )
+			ORG=${var#*=} ;;
+		wait )
+			WAIT= ;;
+		* )
+			echo "Huh? Var=$var"
+	    echo "You need to pass the filename of a list of pkgs to compile"
+	    echo "queue-builds.sh <filename> [ <wait> | <org=smeserver> ]"
+	    echo "- <wait> to wait for one build to complete before submitting the next one (default is nowait - queue them all)"
+	    echo "- <org=organisation> (default is smecontribs)"
+			exit 1
+	esac
+done
+
+while read -r PKG ; do
+	VER=$(curl -s https://src.koozali.org/api/v1/repos/$ORG/$PKG/tags | jq -r '.[0].name')
+	koji build $WAIT $ORG-11.0 git+https://src.koozali.org/$ORG/$PKG#$VER
+done <$1
+exit 0
+
--- a/utils/sign_build.sh
+++ b/utils/sign_build.sh
@ -0,0 +1,67 @@
+#!/bin/bash
+
+if  [[ -z $1 ]] ; then
+	echo "Must provide a package name"
+	echo "sign_rpm.sh <package name> [<arch=x86_64> | <debuginfo> | <repo=dist-sme11-os> | <latestfrom=*> | <gpg_key=kojiadmin@koozali.org> | <debug>]"
+	exit 1
+else
+	PACKAGE=$1
+	echo "PACKAGE=$PACKAGE"
+fi
+
+ARCH=x86_64
+REPO="dist-sme11-os"
+GPG_KEY="kojiadmin@koozali.org"
+DEBUG=false
+DEBUGINFO="--debuginfo"
+for param in $2 $3 $4 $5 $6 $7; do
+  if [ $param ] ; then
+	case $param in
+		-h | --help )
+			echo "sign_rpm.sh <package name> [<arch=x86_64> | <repo=dist-sme11-os> | <latestfrom=*> | <gpg_key=kojiadmin@koozali.org>]" ;;
+		debug )
+			DEBUG=true ;;
+                debuginfo )
+                        DEBUGINFO="--debuginfo" ;;
+		arch=* )
+			ARCH=${param#*=} ;;
+		repo=* )
+			REPO=${param#*=} ;;
+		latestfrom=* )
+			PACKAGE=$PACKAGE" --latestfrom="${param#*=} ;;
+		gpg_key=* )
+			GPG_KEY=${param#*=} ;;
+		* )
+			echo "Unkown parameter $param - aborting"
+			exit 1
+			;;
+	esac
+  else
+	break
+  fi
+done
+
+# if <package name>=all, sign ALL rpms in defined repo (use pkglist to identify packages)
+# else just sign the specified rpms (using either a git tag or the latestfrom)
+tmpdir="$(mktemp -d /tmp/sign.XXXXXX)"
+pushd $tmpdir > /dev/null
+
+if [[ $DEBUG ]] ; then 
+	echo "PACKAGE=$PACKAGE"
+	echo "ARCH=$ARCH" 
+	echo "REPO=$REPO"
+	echo "GPG_KEY=$GPG_KEY" 
+fi
+if [[ $DEBUG ]] ; then echo "koji download-build $DEBUGINFO $PACKAGE" ; fi
+koji download-build $DEBUGINFO $PACKAGE
+rpmsign --define "_gpg_name $GPG_KEY" --addsign *.rpm
+koji import-sig *.rpm
+popd > /dev/null
+
+# if debug, leave the tmp directory in place
+if [[ -z $DEBUG ]] ; then
+	rm -f $tmpdir/*
+        rmdir $tmpdir
+fi
+
+exit 0
--- a/utils/sign_build_list.sh
+++ b/utils/sign_build_list.sh
@ -0,0 +1,92 @@
+#!/bin/bash
+# sign all rpms in the specified pkg list
+if  [[ -z $1 ]] ; then
+    echo "Must provide a pkg list"
+    echo "sign_build_list.sh <pkg list> [<arches=x86_64> | <gpg_key=kojiadmin@koozali.org> | <debuginfo> | <debug> | <dryrun> ]"
+    exit 1
+else
+    PKGLIST=$1
+fi
+
+ARCH=x86_64
+GPG_KEY="kojiadmin@koozali.org"
+GPG_ID='44922a28'
+DEBUG=false
+DRY_RUN=false
+DEBUGINFO=
+
+for param in $2 $3 $4 $5 $6 $7 ; do
+    if [ $param ] ; then
+	case $param in
+	    -h | --help )
+		echo "sign_rpm_list.sh <pkg list> [<arches=x86_64> | <gpg_key=kojiadmin@koozali.org> | <debuginfo> | <debug> | <dryrun> ]"
+		exit 
+	        ;;
+	    debug )
+		DEBUG=true ;;
+	    dryrun )
+		DRY_RUN=true ;;
+            debuginfo )
+                DEBUGINFO="--debuginfo" ;;
+	    arches=* )
+		ARCH=${param#*=} ;;
+	    gpg_key=* )
+		GPG_KEY=${param#*=} ;;
+	    * )
+		echo "Unkown parameter $param - aborting"
+		exit 1
+		;;
+	esac
+    else
+	break
+    fi
+done
+if [[ $DEBUG ]] ; then 
+	echo "PKGLIST=$PKGLIST"
+	echo "ARCH=$ARCH" 
+	echo "GPG_KEY=$GPG_KEY" 
+fi
+
+# use a temporary directory to export the rpms for signing
+#if [[ $DRY_RUN ]] ; then
+#	echo "mktemp -d /tmp/sign.XXXXXX"
+#else
+	tmpdir="$(mktemp -d /tmp/sign.XXXXXX)"
+	pushd $tmpdir > /dev/null
+#fi
+
+if [[ -e "$PKGLIST" ]] ; then
+	# extract list of rpms to download
+	while read -r pkgline; do
+		if [[ $DEBUG ]] ; then 
+			echo "$pkgline" 
+			echo "koji download-build ${pkgline##*/}"
+		fi
+		BUILD=${pkgline##*/}
+		if [[ $DEBUG ]] ; then echo "BUILD=$BUILD" ; fi
+                DIR=/mnt/koji/packages/${BUILD%-*-*}/$(echo $BUILD | awk -F '-' '{print $(NF-1)}')/$(echo ${BUILD##*-})/data/signed/$GPG_ID
+                if [[ $DEBUG ]] ; then echo "DIR=$DIR" ; fi
+                if [[ -d $DIR ]] ; then
+		    echo "$BUILD already signed with this key - ignoring"
+		else
+#		    if [[ $DRY_RUN ]] ; then
+#			echo "koji download-build $DEBUGINFO ${pkgline##*/}"
+#		    else
+			koji download-build $DEBUGINFO $BUILD
+#		    fi
+		fi
+	done <$PKGLIST
+else
+	echo "Cannot find pkglist $PKGLIST - aborting"
+	exit 1
+fi
+#if [[ $DRY_RUN ]] ; then
+#	echo "rpmsign --define \"_gpg_name $GPG_KEY\" --addsign *.rpm"
+#	echo "koji import-sig *.rpm"
+#else
+	rpmsign --define "_gpg_name $GPG_KEY" --addsign *.rpm
+	koji import-sig *.rpm
+	popd > /dev/null
+#fi
+
+exit 0