smeserver-koji/koji-setup/koji-plugins.sh

#!/bin/bash
# SPDX-License-Identifier: Apache-2.0

set -e
DEBUG=
SILENT="-s"
QUIET="-q"
for param in $1 $2 ; do
  if [ $param ] ; then
    case $param in
	    debug )
		    DEBUG="debug" ;;
    esac
  else
	  break
  fi
done

if [ $DEBUG ] ; then
    set -xe
    SILENT=
    QUIET="-v"
fi

# load required parameters
SCRIPT_DIR="$(dirname "$(realpath "$0")")"
if [ ! -f "$SCRIPT_DIR"/koji-parameters.sh ] ; then
    echo "$SCRIPT_DIR/koji-parameters.sh NOT found - aborting"
    exit 1
fi
source "$SCRIPT_DIR"/koji-parameters.sh

# pull down any required plugins
PLUGINS_GIT=$KOJI_GIT_URL"smeserver-koji/raw/branch/master/plugins"
PLUGIN_DIR="/usr/lib/koji-hub-plugins"
if [ ! -f $PLUGIN_DIR/sign.py ] ; then
    curl $SILENT $PLUGINS_GIT/koji-plugin-sign/sign.py > $PLUGIN_DIR/sign.py
fi

## SETTING UP PLUGIN CONFIG
## koji-sign-rpm
PLUGIN_CONF_DIR="/etc/koji-hub/plugins"
if [ ! -d "$PLUGIN_CONF_DIR" ] ; then
    mkdir -p "$PLUGIN_CONF_DIR"
fi
PLUGIN_GPG_DIR="$PLUGIN_CONF_DIR"/gnupg
if [ ! -d "$PLUGIN_GPG_DIR" ] ; then
    mkdir -p "$PLUGIN_GPG_DIR"
fi
if [ -f "$PLUGIN_CONF_DIR"/sign.conf ] ; then
    echo "$PLUGIN_CONF_DIR/sign.conf file exists - please ensure that it has the correct settings - skipping setup"
else
    GPG_DOMAIN=$(dnsdomainname)
    cat > "$PLUGIN_CONF_DIR"/sign.conf <<-EOF
# /etc/koji-sign-plugin/sign.conf
# This file and the gpg_path should be readable by the apache user only
[DEFAULT]
rpm = /usr/bin/rpm
gpgbin = /usr/bin/gpg
gpg_path = $PLUGIN_GPG_DIR
gpg_name = sme11@$GPG_DOMAIN
gpg_pass = ''
enabled = 1

# Defaults can be overridden on a per tag basis
[smeserver12]
gpg_name = sme12@$GPG_DOMAIN
[smecontribs12]
gpg_name = sme12@$GPG_DOMAIN
EOF
    # owned and readable by apache user ONLY
    chown apache:apache "$PLUGIN_DIR"/sign.con
    chmod 0600 "$PLUGIN_DIR"/sign.conf
fi