diff --git a/koji-setup/koji-plugins.sh b/koji-setup/koji-plugins.sh new file mode 100644 index 0000000..7abba1f --- /dev/null +++ b/koji-setup/koji-plugins.sh @@ -0,0 +1,75 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 + +set -e +DEBUG= +SILENT="-s" +QUIET="-q" +for param in $1 $2 ; do + if [ $param ] ; then + case $param in + debug ) + DEBUG="debug" ;; + esac + else + break + fi +done + +if [ $DEBUG ] ; then + set -xe + SILENT= + QUIET="-v" +fi + +# load required parameters +SCRIPT_DIR="$(dirname "$(realpath "$0")")" +if [ ! -f "$SCRIPT_DIR"/koji-parameters.sh ] ; then + echo "$SCRIPT_DIR/koji-parameters.sh NOT found - aborting" + exit 1 +fi +source "$SCRIPT_DIR"/koji-parameters.sh + +# pull down any required plugins +PLUGINS_GIT=$KOJI_GIT_URL"smeserver-koji/raw/branch/master/plugins" +PLUGIN_DIR="/usr/lib/koji-hub-plugins" +if [ ! -f $PLUGIN_DIR/sign.py ] ; then + curl $SILENT $PLUGINS_GIT/koji-plugin-sign/sign.py > $PLUGIN_DIR/sign.py +fi + +## SETTING UP PLUGIN CONFIG +## koji-sign-rpm +PLUGIN_CONF_DIR="/etc/koji-hub/plugins" +if [ ! -d "$PLUGIN_CONF_DIR" ] ; then + mkdir -p "$PLUGIN_CONF_DIR" +fi +PLUGIN_GPG_DIR="$PLUGIN_CONF_DIR"/gnupg +if [ ! -d "$PLUGIN_GPG_DIR" ] ; then + mkdir -p "$PLUGIN_GPG_DIR" +fi +if [ -f "$PLUGIN_CONF_DIR"/sign.conf ] ; then + echo "$PLUGIN_CONF_DIR/sign.conf file exists - please ensure that it has the correct settings - skipping setup" +else + GPG_DOMAIN=$(dnsdomainname) + cat > "$PLUGIN_CONF_DIR"/sign.conf <<-EOF +# /etc/koji-sign-plugin/sign.conf +# This file and the gpg_path should be readable by the apache user only +[DEFAULT] +rpm = /usr/bin/rpm +gpgbin = /usr/bin/gpg +gpg_path = $PLUGIN_GPG_DIR +gpg_name = sme11@$GPG_DOMAIN +gpg_pass = '' +enabled = 1 + +# Defaults can be overridden on a per tag basis +[smeserver12] +gpg_name = sme12@$GPG_DOMAIN +[smecontribs12] +gpg_name = sme12@$GPG_DOMAIN +EOF + # owned and readable by apache user ONLY + chown apache:apache "$PLUGIN_DIR"/sign.con + chmod 0600 "$PLUGIN_DIR"/sign.conf +fi +