first cut deploy plugins script

koji-setup/koji-plugins.sh

@@ -0,0 +1,75 @@
+#!/bin/bash
+# SPDX-License-Identifier: Apache-2.0
+
+set -e
+DEBUG=
+SILENT="-s"
+QUIET="-q"
+for param in $1 $2 ; do
+  if [ $param ] ; then
+    case $param in
+	    debug )
+		    DEBUG="debug" ;;
+    esac
+  else
+	  break
+  fi
+done
+
+if [ $DEBUG ] ; then
+    set -xe
+    SILENT=
+    QUIET="-v"
+fi
+
+# load required parameters
+SCRIPT_DIR="$(dirname "$(realpath "$0")")"
+if [ ! -f "$SCRIPT_DIR"/koji-parameters.sh ] ; then
+    echo "$SCRIPT_DIR/koji-parameters.sh NOT found - aborting"
+    exit 1
+fi
+source "$SCRIPT_DIR"/koji-parameters.sh
+
+# pull down any required plugins
+PLUGINS_GIT=$KOJI_GIT_URL"smeserver-koji/raw/branch/master/plugins"
+PLUGIN_DIR="/usr/lib/koji-hub-plugins"
+if [ ! -f $PLUGIN_DIR/sign.py ] ; then
+    curl $SILENT $PLUGINS_GIT/koji-plugin-sign/sign.py > $PLUGIN_DIR/sign.py
+fi
+
+## SETTING UP PLUGIN CONFIG
+## koji-sign-rpm
+PLUGIN_CONF_DIR="/etc/koji-hub/plugins"
+if [ ! -d "$PLUGIN_CONF_DIR" ] ; then
+    mkdir -p "$PLUGIN_CONF_DIR"
+fi
+PLUGIN_GPG_DIR="$PLUGIN_CONF_DIR"/gnupg
+if [ ! -d "$PLUGIN_GPG_DIR" ] ; then
+    mkdir -p "$PLUGIN_GPG_DIR"
+fi
+if [ -f "$PLUGIN_CONF_DIR"/sign.conf ] ; then
+    echo "$PLUGIN_CONF_DIR/sign.conf file exists - please ensure that it has the correct settings - skipping setup"
+else
+    GPG_DOMAIN=$(dnsdomainname)
+    cat > "$PLUGIN_CONF_DIR"/sign.conf <<-EOF
+# /etc/koji-sign-plugin/sign.conf
+# This file and the gpg_path should be readable by the apache user only
+[DEFAULT]
+rpm = /usr/bin/rpm
+gpgbin = /usr/bin/gpg
+gpg_path = $PLUGIN_GPG_DIR
+gpg_name = sme11@$GPG_DOMAIN
+gpg_pass = ''
+enabled = 1
+
+# Defaults can be overridden on a per tag basis
+[smeserver12]
+gpg_name = sme12@$GPG_DOMAIN
+[smecontribs12]
+gpg_name = sme12@$GPG_DOMAIN
+EOF
+    # owned and readable by apache user ONLY
+    chown apache:apache "$PLUGIN_DIR"/sign.con
+    chmod 0600 "$PLUGIN_DIR"/sign.conf
+fi
+