cleanup signing scripts

the scripts contained hardcoded references to resources
that are not visible outside of the environment
where the scripts were originally created and used

The scripts sign-rpms was also updated with the original version
that was intended to be submitted. The initial submission contained
the wrong version.

Closes-Bug: #1791343

Change-Id: I8ce5884ad75156d3730cf30a451051d32445e136
Signed-off-by: Paul-Emile Element <Paul-Emile.Element@windriver.com>

build-tools/sign-rpms

@@ -73,6 +73,20 @@ function check_vars {
 # This process is using mock because the build servers do not have the same rpm / rpmsign version
 #
 
+function _local_cleanup {
+
+    printf "Cleaning mock environment\n"
+    $MOCK -q -r $_MOCK_CFG --scrub=all
+
+}
+
+function __local_trapdoor {
+    printf "caught signal while attempting to sign files. Cleaning up."
+    _local_cleanup
+
+    exit 1
+}
+
 
 function sign_packages {
     OLD_PWD=$PWD
@@ -104,14 +118,17 @@ function sign_packages {
 
     printf "Initializing mock environment\n"
 
+    trap __local_trapdoor SIGHUP SIGINT SIGABRT SIGTERM
+
     # invoke make in mock to sign packages.
     # this call will also create and initialize the mock env
     eval $MOCK -q -r $_MOCK_CFG \'--plugin-option=bind_mount:dirs=[\(\"$_PKG_DIR\", \"$_MOCK_PKG_DIR\"\),\(\"$_MK_DIR\",\"$_MOCK_MK_DIR\"\),\(\"$_KEY_DIR\",\"$_MOCK_KEY_DIR\"\)]\' --shell \"cd $_MOCK_PKG_DIR\; make -j $NPROCS -f $_MOCK_MK_DIR/$_SIGN_MAKEFILE KEY=$_MOCK_KEY_DIR/$_IMA_PRIV_KEY\"
 
     retval=$?
 
-   printf "Cleaning mock environment\n"
+    trap - SIGHUP SIGINT SIGABRT SIGTERM
-   $MOCK -q -r $_MOCK_CFG --scrub=all
+
+    _local_cleanup
 
     if [ $retval -ne 0 ] ; then
         echo "failed to add file signatures to RPMs in mock environment."
@@ -153,6 +170,29 @@ function _copy_and_sign {
 }
 
 
+function _server_cleanup {
+
+    # cleanup
+    ssh $SIGNING_USER@$SIGNING_SERVER rm $_UPLOAD_DIR/*.rpm
+    if [ $? -ne 0 ] ; then
+        echo "Warning : failed to remove rpms from temporary upload directory ${SIGNING_SERVER}:${_UPLOAD_DIR}."
+    fi
+    ssh $SIGNING_USER@$SIGNING_SERVER rmdir $_UPLOAD_DIR
+    if [ $? -ne 0 ] ; then
+        echo "Warning : failed to remove temporary upload directory ${SIGNING_SERVER}:${_UPLOAD_DIR}."
+    fi
+
+}
+
+function __server_trapdoor {
+
+    printf "caught signal while attempting to sign files. Cleaning up."
+    _server_cleanup
+
+    exit 1
+}
+
+
 function sign_packages_on_server {
 
     retval=0
@@ -172,18 +212,14 @@ function sign_packages_on_server {
     # this is the upload temp dir, outside of chroot env
     _UPLOAD_DIR=$base$sub
 
+    trap __server_trapdoor SIGHUP SIGINT SIGABRT SIGTERM
+
     _copy_and_sign
     retval=$?
 
-   # cleanup
+    trap - SIGHUP SIGINT SIGABRT SIGTERM
-   ssh $SIGNING_USER@$SIGNING_SERVER rm $_UPLOAD_DIR/*.rpm
+
-   if [ $? -ne 0 ] ; then
+    _server_cleanup
-      echo "Warning : failed to remove rpms from temporary upload directory."
-   fi
-   ssh $SIGNING_USER@$SIGNING_SERVER rmdir $_UPLOAD_DIR
-   if [ $? -ne 0 ] ; then
-      echo "Warning : failed to remove temporary upload directory."
-   fi
 
     return $retval
 }
@@ -196,9 +232,6 @@ function sign_packages_on_server {
 
 # Check args
 HELP=0
-SIGNING_SERVER=yow-tiks01
-SIGNING_USER=signing
-SIGNING_SERVER_SCRIPT=/opt/signing/sign_rpms_18.03.sh
 
 # return value
 retval=0

build-tools/sign-secure-boot

@@ -454,8 +454,6 @@ if [ "x$MY_WORKSPACE" == "x" ]; then
 fi
 
 ARCH="x86_64"
-SIGNING_SERVER=yow-tiks01
-SIGNING_USER=signing
 SIGNING_SCRIPT=/opt/signing/sign.sh
 UPLOAD_PATH=`ssh $SIGNING_USER@$SIGNING_SERVER sudo $SIGNING_SCRIPT -r`
 SIGNED_PKG_DB=${MY_WORKSPACE}/signed_pkg_list.txt

build-tools/sign_iso_formal.sh

@@ -16,7 +16,6 @@ ISO_FILE_PATH=$1
 ISO_FILE_NAME=$(basename ${ISO_FILE_PATH})
 ISO_FILE_ROOT=$(dirname ${ISO_FILE_PATH})
 ISO_FILE_NOEXT="${ISO_FILE_NAME%.*}"
-SIGNING_SERVER="signing@yow-tiks01"
 GET_UPLOAD_PATH="sudo /opt/signing/sign.sh -r"
 REQUEST_SIGN="sudo /opt/signing/sign_iso.sh"
 SIGNATURE_FILE="$ISO_FILE_NOEXT.sig"
@@ -24,7 +23,7 @@ SIGNATURE_FILE="$ISO_FILE_NOEXT.sig"
 # Make a request for an upload path
 # Output is a path where we can upload stuff, of the form
 # "Upload: /tmp/sign_upload.5jR11pS0"
-UPLOAD_PATH=`ssh ${SIGNING_SERVER} ${GET_UPLOAD_PATH}`
+UPLOAD_PATH=`ssh ${SIGNING_USER}@${SIGNING_SERVER} ${GET_UPLOAD_PATH}`
 if [ $? -ne 0 ]; then
     echo "Could not get upload path.  Do you have permissions on the signing server?"
     exit 1
@@ -32,7 +31,7 @@ fi
 UPLOAD_PATH=`echo ${UPLOAD_PATH} | cut -d ' ' -f 2`
 
 echo "Uploading file"
-scp -q ${ISO_FILE_PATH} ${SIGNING_SERVER}:${UPLOAD_PATH}
+scp -q ${ISO_FILE_PATH} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH}
 if [ $? -ne 0 ]; then
     echo "Could not upload ISO"
     exit 1
@@ -41,22 +40,22 @@ echo "File uploaded to signing server -- signing"
 
 # Make the signing request.
 # Output is path of detached signature
-RESULT=`ssh ${SIGNING_SERVER} ${REQUEST_SIGN} ${UPLOAD_PATH}/${ISO_FILE_NAME}`
+RESULT=`ssh ${SIGNING_USER}@${SIGNING_SERVER} ${REQUEST_SIGN} ${UPLOAD_PATH}/${ISO_FILE_NAME}`
 if [ $? -ne 0 ]; then
     echo "Could not perform signing -- output $RESULT"
-    ssh ${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
+    ssh ${SIGNING_USER}@${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
     exit 1
 fi
 
 echo "Signing complete.  Downloading detached signature"
-scp -q ${SIGNING_SERVER}:${RESULT} ${ISO_FILE_ROOT}/${SIGNATURE_FILE}
+scp -q ${SIGNING_USER}@${SIGNING_SERVER}:${RESULT} ${ISO_FILE_ROOT}/${SIGNATURE_FILE}
 if [ $? -ne 0 ]; then
     echo "Could not download newly signed file"
-    ssh ${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
+    ssh ${SIGNING_USER}@${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
     exit 1
 fi
 
 # Clean up (ISOs are big)
-ssh ${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
+ssh ${SIGNING_USER}@${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
 
 echo "${ISO_FILE_ROOT}/${SIGNATURE_FILE} detached signature"

build-tools/sign_patch_formal.sh

@@ -13,21 +13,20 @@ fi
 
 PATCH_FILE_PATH=$1
 PATCH_FILE_NAME=$(basename ${PATCH_FILE_PATH})
-SIGNING_SERVER="signing@yow-tiks01"
 GET_UPLOAD_PATH="sudo /opt/signing/sign.sh -r"
 REQUEST_SIGN="sudo /opt/signing/sign_patch.sh"
 
 # Make a request for an upload path
 # Output is a path where we can upload stuff, of the form
 # "Upload: /tmp/sign_upload.5jR11pS0"
-UPLOAD_PATH=`ssh ${SIGNING_SERVER} ${GET_UPLOAD_PATH}`
+UPLOAD_PATH=`ssh ${SIGNING_USER}@${SIGNING_SERVER} ${GET_UPLOAD_PATH}`
 if [ $? -ne 0 ]; then
     echo "Could not get upload path.  Do you have permissions on the signing server?"
     exit 1
 fi
 UPLOAD_PATH=`echo ${UPLOAD_PATH} | cut -d ' ' -f 2`
 
-scp -q ${PATCH_FILE_PATH} ${SIGNING_SERVER}:${UPLOAD_PATH}
+scp -q ${PATCH_FILE_PATH} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH}
 if [ $? -ne 0 ]; then
     echo "Could upload patch"
     exit 1
@@ -36,14 +35,14 @@ echo "File uploaded to signing server"
 
 # Make the signing request.
 # Output is path of newly signed file
-RESULT=`ssh ${SIGNING_SERVER} ${REQUEST_SIGN} ${UPLOAD_PATH}/${PATCH_FILE_NAME}`
+RESULT=`ssh ${SIGNING_USER}@${SIGNING_SERVER} ${REQUEST_SIGN} ${UPLOAD_PATH}/${PATCH_FILE_NAME}`
 if [ $? -ne 0 ]; then
     echo "Could not perform signing -- output $RESULT"
     exit 1
 fi
 
 echo "Signing complete.  Downloading"
-scp -q ${SIGNING_SERVER}:${RESULT} ${PATCH_FILE_PATH}
+scp -q ${SIGNING_USER}@${SIGNING_SERVER}:${RESULT} ${PATCH_FILE_PATH}
 if [ $? -ne 0 ]; then
     echo "Could not download newly signed file"
     exit 1