From: Adam Kraitman Date: Thu, 19 Aug 2021 16:29:26 +0000 (+0300) Subject: Scripts that pull sign and push the nfs-ganesha packages on the signer X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=957496bf02fd39830d47643a2cfdc39c1971a025;p=ceph-build.git Scripts that pull sign and push the nfs-ganesha packages on the signer Signed-off-by: Adam Kraitman --- diff --git a/scripts/nfs-ganesha/pull-sign-push b/scripts/nfs-ganesha/pull-sign-push new file mode 100644 index 00000000..664f2e7c --- /dev/null +++ b/scripts/nfs-ganesha/pull-sign-push @@ -0,0 +1,26 @@ +#!/bin/bash +# The script runnings on the signer box will pull nfs-ganesha packags that wore created in the last 24 hours on chacra.ceph.com to /opt/new-repos +# After this the sign-rpms-auto script will run and sign the nfs-ganesha packages +# And finally the sync-push-auto script will run and will push the signed packages to download.ceph.com + +today_items=$(ssh ubuntu@chacra.ceph.com 'find /opt/repos/nfs-ganesha-stable -newermt "-24 hours" -ls' | awk '{ print $11 }' ) +if [ -n "$today_items" ]; then +echo "pulling nfs-ganesha packages from chacra" +echo "********************************************" +[[ -d /opt/new-repos/ ]] | mkdir -p /opt/new-repos/ + for item in $today_items; do + sync_cmd="ubuntu@chacra.ceph.com:$item /opt/new-repos/" + rsync -Lavh --progress --relative $sync_cmd + done + + # sign the rpm's that wore pulled today + +echo "signing rpms" +bash ./sign-rpms-auto + + # syncing the singed rpm's to download.ceph.com + +echo "pushing rpms to download.ceph.com" +bash ./sync-push-auto + +fi diff --git a/scripts/nfs-ganesha/sign-rpm-auto b/scripts/nfs-ganesha/sign-rpm-auto new file mode 100644 index 00000000..226bdda0 --- /dev/null +++ b/scripts/nfs-ganesha/sign-rpm-auto @@ -0,0 +1,49 @@ +#!/bin/bash +# This script will the rpm files pulled from the chacra machines. + + +keyid=460F3994 +GPG_PASSPHRASE='' + +path="/opt/new-repos/" +echo $path +update_repo=0 +cd $path + +for rpm in `find -name "*.rpm"` +do + signature=$(rpm -qi -p $rpm 2>/dev/null | grep ^Signature) + if ! grep -iq $keyid <<< "$signature" ; then + rpm_path=`readlink -f $rpm` + echo "signing: $rpm_path" + update_repo=1 + + echo "yes" | setsid rpm \ + --define "_gpg_name '$keyid'" \ + --define '_signature gpg' \ + --define '__gpg_check_password_cmd /bin/true' \ + --define "__gpg_sign_cmd %{__gpg} gpg --no-tty --yes --batch --no-armor --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u "%{_gpg_name}" --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}" \ + --resign "$rpm_path" + + fi +done + +# now sign the repomd.xml files +if [[ $update_repo -eq 1 ]]; then + for repomd in `find -name repomd.xml` + do + echo "signing repomd: $repomd" + gpg --batch --yes --passphrase "$GPG_PASSPHRASE" --detach-sign --armor -u $keyid $repomd + done +fi + +# finally, update the repo metadata +repodirs=$( find /opt/new-repos/ -type d -name x86_64 | cut -d/ -f 13 --complement ) +if [ -n "$repodirs" ]; then + for directory in $repodirs + do + cd $directory + createrepo . + cd - + done +fi diff --git a/scripts/nfs-ganesha/sync-push-auto b/scripts/nfs-ganesha/sync-push-auto new file mode 100644 index 00000000..e6702bee --- /dev/null +++ b/scripts/nfs-ganesha/sync-push-auto @@ -0,0 +1,22 @@ +#!/bin/bash +# This script will push repository files from the signer box to the upstream repositories. +# By default it will push all releases and ceph_versions defined in the releases and ceph_version varibles to download.ceph.com + +releases=( V3.5 V2.7 ) +ceph_version=( octopus ceph_pacific ) + +repodirs=$( find /opt/new-repos/ -type d -name x86_64 | cut -d/ -f 13 --complement ) +for dir in "$repodirs"; do + for i in "${releases[@]}"; do + for v in "${ceph_version[@]}"; do + find_release=$( ls -ld "$dir" | grep "$i" | wc -l ) + find_version=$( ls -ld "$dir" | grep "$v" | wc -l ) + if [ $find_release == '1' ] && [ $find_version == '1' ]; then + release=$i + version=$v + ssh signer@download.ceph.com "mkdir -p /data/download.ceph.com/www/nfs-ganesha-new/rpm-$release-stable/$version/el8" && el8_cmd="$dir/* signer@download.ceph.com:/data/download.ceph.com/www/nfs-ganesha-new/rpm-$release-stable/$version/el8" && rsync --progress -avr $el8_cmd + rm -rf /opt/new-repos/* + fi + done + done +done