cleanup signing scripts
the scripts contained hardcoded references to resources that are not visible outside of the environment where the scripts were originally created and used The scripts sign-rpms was also updated with the original version that was intended to be submitted. The initial submission contained the wrong version. Closes-Bug: #1791343 Change-Id: I8ce5884ad75156d3730cf30a451051d32445e136 Signed-off-by: Paul-Emile Element <Paul-Emile.Element@windriver.com>
This commit is contained in:
parent
d05c4c3d31
commit
2f9d9a5672
@ -23,43 +23,43 @@ export MOCK=/usr/bin/mock
|
|||||||
|
|
||||||
# check input variables
|
# check input variables
|
||||||
function check_vars {
|
function check_vars {
|
||||||
# need access to repo, which should normally be defined as MY_REPO in the env
|
# need access to repo, which should normally be defined as MY_REPO in the env
|
||||||
|
|
||||||
if [ ! -z "$MY_REPO" ] && [ -d "$MY_REPO" ] ; then
|
if [ ! -z "$MY_REPO" ] && [ -d "$MY_REPO" ] ; then
|
||||||
INTERNAL_REPO_ROOT=$MY_REPO
|
INTERNAL_REPO_ROOT=$MY_REPO
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$INTERNAL_REPO_ROOT" ] ; then
|
if [ -z "$INTERNAL_REPO_ROOT" ] ; then
|
||||||
printf " unable to use \$MY_REPO (value \"$MY_REPO\")\n"
|
printf " unable to use \$MY_REPO (value \"$MY_REPO\")\n"
|
||||||
printf " -- checking \$MY_REPO_ROOT_DIR (value \"$MY_REPO_ROOT_DIR\")\n"
|
printf " -- checking \$MY_REPO_ROOT_DIR (value \"$MY_REPO_ROOT_DIR\")\n"
|
||||||
if [ ! -z "$MY_REPO_ROOT_DIR" ] && [ -d "$MY_REPO_ROOT_DIR/cgcs-root" ] ; then
|
if [ ! -z "$MY_REPO_ROOT_DIR" ] && [ -d "$MY_REPO_ROOT_DIR/cgcs-root" ] ; then
|
||||||
INTERNAL_REPO_ROOT=$MY_REPO_ROOT_DIR/cgcs-root
|
INTERNAL_REPO_ROOT=$MY_REPO_ROOT_DIR/cgcs-root
|
||||||
printf " Found!\n"
|
printf " Found!\n"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$INTERNAL_REPO_ROOT" ] ; then
|
if [ -z "$INTERNAL_REPO_ROOT" ] ; then
|
||||||
printf " No joy -- checking for \$MY_WORKSPACE/cgcs-root\n"
|
printf " No joy -- checking for \$MY_WORKSPACE/cgcs-root\n"
|
||||||
if [ -d "$MY_WORKSPACE/cgcs-root" ] ; then
|
if [ -d "$MY_WORKSPACE/cgcs-root" ] ; then
|
||||||
INTERNAL_REPO_ROOT=$MY_WORKSPACE/cgcs-root
|
INTERNAL_REPO_ROOT=$MY_WORKSPACE/cgcs-root
|
||||||
printf " Found!\n"
|
printf " Found!\n"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$INTERNAL_REPO_ROOT" ] ; then
|
if [ -z "$INTERNAL_REPO_ROOT" ] ; then
|
||||||
printf " Error -- could not locate cgcs-root repo.\n"
|
printf " Error -- could not locate cgcs-root repo.\n"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$MY_BUILD_ENVIRONMENT" ] ; then
|
if [ -z "$MY_BUILD_ENVIRONMENT" ] ; then
|
||||||
printf " Error -- missing environment variable MY_BUILD_ENVIRONMENT"
|
printf " Error -- missing environment variable MY_BUILD_ENVIRONMENT"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$MY_BUILD_DIR" ] ; then
|
if [ -z "$MY_BUILD_DIR" ] ; then
|
||||||
printf " Error -- missing environment variable MY_BUILD_DIR"
|
printf " Error -- missing environment variable MY_BUILD_DIR"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -73,119 +73,155 @@ function check_vars {
|
|||||||
# This process is using mock because the build servers do not have the same rpm / rpmsign version
|
# This process is using mock because the build servers do not have the same rpm / rpmsign version
|
||||||
#
|
#
|
||||||
|
|
||||||
|
function _local_cleanup {
|
||||||
|
|
||||||
|
printf "Cleaning mock environment\n"
|
||||||
|
$MOCK -q -r $_MOCK_CFG --scrub=all
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function __local_trapdoor {
|
||||||
|
printf "caught signal while attempting to sign files. Cleaning up."
|
||||||
|
_local_cleanup
|
||||||
|
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
function sign_packages {
|
function sign_packages {
|
||||||
OLD_PWD=$PWD
|
OLD_PWD=$PWD
|
||||||
|
|
||||||
_MOCK_PKG_DIR=/mnt/Packages
|
_MOCK_PKG_DIR=/mnt/Packages
|
||||||
_IMA_PRIV_KEY=ima_signing_key.priv
|
_IMA_PRIV_KEY=ima_signing_key.priv
|
||||||
_KEY_DIR=$MY_REPO/build-tools/signing
|
_KEY_DIR=$MY_REPO/build-tools/signing
|
||||||
_MOCK_KEY_DIR=/mnt/keys
|
_MOCK_KEY_DIR=/mnt/keys
|
||||||
_SIGN_MAKEFILE=_sign_pkgs.mk
|
_SIGN_MAKEFILE=_sign_pkgs.mk
|
||||||
_MK_DIR=$MY_REPO/build-tools/mk
|
_MK_DIR=$MY_REPO/build-tools/mk
|
||||||
_MOCK_MK_DIR=/mnt/mk
|
_MOCK_MK_DIR=/mnt/mk
|
||||||
|
|
||||||
# mock confgiuration file
|
# mock confgiuration file
|
||||||
_MOCK_CFG=$MY_BUILD_DIR/${MY_BUILD_ENVIRONMENT}-sign.cfg
|
_MOCK_CFG=$MY_BUILD_DIR/${MY_BUILD_ENVIRONMENT}-sign.cfg
|
||||||
|
|
||||||
# recreate configuration file
|
# recreate configuration file
|
||||||
rm $_MOCK_CFG
|
rm $_MOCK_CFG
|
||||||
export BUILD_TYPE=std
|
export BUILD_TYPE=std
|
||||||
export MY_BUILD_DIR_TOP=$MY_BUILD_DIR
|
export MY_BUILD_DIR_TOP=$MY_BUILD_DIR
|
||||||
modify-build-cfg $_MOCK_CFG
|
modify-build-cfg $_MOCK_CFG
|
||||||
# and customize
|
# and customize
|
||||||
echo "config_opts['chroot_setup_cmd'] = 'install shadow-utils make rpm-sign'" >> $_MOCK_CFG
|
echo "config_opts['chroot_setup_cmd'] = 'install shadow-utils make rpm-sign'" >> $_MOCK_CFG
|
||||||
echo "config_opts['root'] = 'mock-sign'" >> $_MOCK_CFG
|
echo "config_opts['root'] = 'mock-sign'" >> $_MOCK_CFG
|
||||||
echo "config_opts['basedir'] = '${MY_WORKSPACE}'" >> $_MOCK_CFG
|
echo "config_opts['basedir'] = '${MY_WORKSPACE}'" >> $_MOCK_CFG
|
||||||
echo "config_opts['cache_topdir'] = '${MY_WORKSPACE}/mock-cache'" >> $_MOCK_CFG
|
echo "config_opts['cache_topdir'] = '${MY_WORKSPACE}/mock-cache'" >> $_MOCK_CFG
|
||||||
|
|
||||||
echo "Signing packages in $_PKG_DIR with $NPROCS threads"
|
echo "Signing packages in $_PKG_DIR with $NPROCS threads"
|
||||||
echo "using development key $_KEY_DIR/$_IMA_PRIV_KEY"
|
echo "using development key $_KEY_DIR/$_IMA_PRIV_KEY"
|
||||||
|
|
||||||
printf "Initializing mock environment\n"
|
printf "Initializing mock environment\n"
|
||||||
|
|
||||||
# invoke make in mock to sign packages.
|
trap __local_trapdoor SIGHUP SIGINT SIGABRT SIGTERM
|
||||||
# this call will also create and initialize the mock env
|
|
||||||
eval $MOCK -q -r $_MOCK_CFG \'--plugin-option=bind_mount:dirs=[\(\"$_PKG_DIR\", \"$_MOCK_PKG_DIR\"\),\(\"$_MK_DIR\",\"$_MOCK_MK_DIR\"\),\(\"$_KEY_DIR\",\"$_MOCK_KEY_DIR\"\)]\' --shell \"cd $_MOCK_PKG_DIR\; make -j $NPROCS -f $_MOCK_MK_DIR/$_SIGN_MAKEFILE KEY=$_MOCK_KEY_DIR/$_IMA_PRIV_KEY\"
|
|
||||||
|
|
||||||
retval=$?
|
# invoke make in mock to sign packages.
|
||||||
|
# this call will also create and initialize the mock env
|
||||||
|
eval $MOCK -q -r $_MOCK_CFG \'--plugin-option=bind_mount:dirs=[\(\"$_PKG_DIR\", \"$_MOCK_PKG_DIR\"\),\(\"$_MK_DIR\",\"$_MOCK_MK_DIR\"\),\(\"$_KEY_DIR\",\"$_MOCK_KEY_DIR\"\)]\' --shell \"cd $_MOCK_PKG_DIR\; make -j $NPROCS -f $_MOCK_MK_DIR/$_SIGN_MAKEFILE KEY=$_MOCK_KEY_DIR/$_IMA_PRIV_KEY\"
|
||||||
|
|
||||||
printf "Cleaning mock environment\n"
|
retval=$?
|
||||||
$MOCK -q -r $_MOCK_CFG --scrub=all
|
|
||||||
|
|
||||||
if [ $retval -ne 0 ] ; then
|
trap - SIGHUP SIGINT SIGABRT SIGTERM
|
||||||
echo "failed to add file signatures to RPMs in mock environment."
|
|
||||||
return $retval
|
|
||||||
fi
|
|
||||||
|
|
||||||
cd $OLD_PWD
|
_local_cleanup
|
||||||
|
|
||||||
|
if [ $retval -ne 0 ] ; then
|
||||||
|
echo "failed to add file signatures to RPMs in mock environment."
|
||||||
|
return $retval
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd $OLD_PWD
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function _copy_and_sign {
|
function _copy_and_sign {
|
||||||
|
|
||||||
# upload rpms to server
|
# upload rpms to server
|
||||||
scp $_PKG_DIR/*.rpm $SIGNING_USER@$SIGNING_SERVER:$_UPLOAD_DIR
|
scp $_PKG_DIR/*.rpm $SIGNING_USER@$SIGNING_SERVER:$_UPLOAD_DIR
|
||||||
retval=$?
|
retval=$?
|
||||||
if [ $retval -ne 0 ] ; then
|
if [ $retval -ne 0 ] ; then
|
||||||
echo "ERROR: failed to copy RPM files to signing server."
|
echo "ERROR: failed to copy RPM files to signing server."
|
||||||
return $retval
|
return $retval
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# get server to sign packages.
|
# get server to sign packages.
|
||||||
ssh $SIGNING_USER@$SIGNING_SERVER -- sudo $SIGNING_SERVER_SCRIPT -s -d $sub
|
ssh $SIGNING_USER@$SIGNING_SERVER -- sudo $SIGNING_SERVER_SCRIPT -s -d $sub
|
||||||
retval=$?
|
retval=$?
|
||||||
if [ $retval -ne 0 ] ; then
|
if [ $retval -ne 0 ] ; then
|
||||||
echo "ERROR: failed to sign RPM files."
|
echo "ERROR: failed to sign RPM files."
|
||||||
return $retval
|
return $retval
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# download results back. This overwrites the original files.
|
# download results back. This overwrites the original files.
|
||||||
scp $SIGNING_USER@$SIGNING_SERVER:$_UPLOAD_DIR/*.rpm $_PKG_DIR
|
scp $SIGNING_USER@$SIGNING_SERVER:$_UPLOAD_DIR/*.rpm $_PKG_DIR
|
||||||
retval=$?
|
retval=$?
|
||||||
if [ $retval -ne 0 ] ; then
|
if [ $retval -ne 0 ] ; then
|
||||||
echo "ERROR: failed to copy signed RPM files back from signing server."
|
echo "ERROR: failed to copy signed RPM files back from signing server."
|
||||||
return $retval
|
return $retval
|
||||||
fi
|
fi
|
||||||
|
|
||||||
return $retval
|
return $retval
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function _server_cleanup {
|
||||||
|
|
||||||
|
# cleanup
|
||||||
|
ssh $SIGNING_USER@$SIGNING_SERVER rm $_UPLOAD_DIR/*.rpm
|
||||||
|
if [ $? -ne 0 ] ; then
|
||||||
|
echo "Warning : failed to remove rpms from temporary upload directory ${SIGNING_SERVER}:${_UPLOAD_DIR}."
|
||||||
|
fi
|
||||||
|
ssh $SIGNING_USER@$SIGNING_SERVER rmdir $_UPLOAD_DIR
|
||||||
|
if [ $? -ne 0 ] ; then
|
||||||
|
echo "Warning : failed to remove temporary upload directory ${SIGNING_SERVER}:${_UPLOAD_DIR}."
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function __server_trapdoor {
|
||||||
|
|
||||||
|
printf "caught signal while attempting to sign files. Cleaning up."
|
||||||
|
_server_cleanup
|
||||||
|
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
function sign_packages_on_server {
|
function sign_packages_on_server {
|
||||||
|
|
||||||
retval=0
|
retval=0
|
||||||
|
|
||||||
# obtain temporary diretory to upload RPMs on signing server
|
# obtain temporary diretory to upload RPMs on signing server
|
||||||
_UPLOAD_DIR=`ssh $SIGNING_USER@$SIGNING_SERVER -- sudo $SIGNING_SERVER_SCRIPT -r`
|
_UPLOAD_DIR=`ssh $SIGNING_USER@$SIGNING_SERVER -- sudo $SIGNING_SERVER_SCRIPT -r`
|
||||||
|
|
||||||
retval=$?
|
retval=$?
|
||||||
if [ $retval -ne 0 ] ; then
|
if [ $retval -ne 0 ] ; then
|
||||||
echo "failed to obtain upload directory from signing server."
|
echo "failed to obtain upload directory from signing server."
|
||||||
return $retval
|
return $retval
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# extract base chroot dir and rpm dir within chroot
|
# extract base chroot dir and rpm dir within chroot
|
||||||
read base com sub <<< $_UPLOAD_DIR
|
read base com sub <<< $_UPLOAD_DIR
|
||||||
|
|
||||||
# this is the upload temp dir, outside of chroot env
|
# this is the upload temp dir, outside of chroot env
|
||||||
_UPLOAD_DIR=$base$sub
|
_UPLOAD_DIR=$base$sub
|
||||||
|
|
||||||
_copy_and_sign
|
trap __server_trapdoor SIGHUP SIGINT SIGABRT SIGTERM
|
||||||
retval=$?
|
|
||||||
|
|
||||||
# cleanup
|
_copy_and_sign
|
||||||
ssh $SIGNING_USER@$SIGNING_SERVER rm $_UPLOAD_DIR/*.rpm
|
retval=$?
|
||||||
if [ $? -ne 0 ] ; then
|
|
||||||
echo "Warning : failed to remove rpms from temporary upload directory."
|
|
||||||
fi
|
|
||||||
ssh $SIGNING_USER@$SIGNING_SERVER rmdir $_UPLOAD_DIR
|
|
||||||
if [ $? -ne 0 ] ; then
|
|
||||||
echo "Warning : failed to remove temporary upload directory."
|
|
||||||
fi
|
|
||||||
|
|
||||||
return $retval
|
trap - SIGHUP SIGINT SIGABRT SIGTERM
|
||||||
|
|
||||||
|
_server_cleanup
|
||||||
|
|
||||||
|
return $retval
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -196,9 +232,6 @@ function sign_packages_on_server {
|
|||||||
|
|
||||||
# Check args
|
# Check args
|
||||||
HELP=0
|
HELP=0
|
||||||
SIGNING_SERVER=yow-tiks01
|
|
||||||
SIGNING_USER=signing
|
|
||||||
SIGNING_SERVER_SCRIPT=/opt/signing/sign_rpms_18.03.sh
|
|
||||||
|
|
||||||
# return value
|
# return value
|
||||||
retval=0
|
retval=0
|
||||||
@ -206,8 +239,8 @@ retval=0
|
|||||||
# read the options
|
# read the options
|
||||||
TEMP=`getopt -o hd: --long help,pkg-dir: -n 'test.sh' -- "$@"`
|
TEMP=`getopt -o hd: --long help,pkg-dir: -n 'test.sh' -- "$@"`
|
||||||
if [ $? -ne 0 ] ; then
|
if [ $? -ne 0 ] ; then
|
||||||
echo "Invalid parameters - exiting"
|
echo "Invalid parameters - exiting"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
eval set -- "$TEMP"
|
eval set -- "$TEMP"
|
||||||
@ -223,21 +256,21 @@ while true ; do
|
|||||||
done
|
done
|
||||||
|
|
||||||
if [ $HELP -eq 1 ]; then
|
if [ $HELP -eq 1 ]; then
|
||||||
usage
|
usage
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# package directory must be defined
|
# package directory must be defined
|
||||||
if [ -z "$_PKG_DIR" ]; then
|
if [ -z "$_PKG_DIR" ]; then
|
||||||
echo "Need package directory. Use -d/--pkg-dir option"
|
echo "Need package directory. Use -d/--pkg-dir option"
|
||||||
usage
|
usage
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ... and must exist
|
# ... and must exist
|
||||||
if [ ! -d "$_PKG_DIR" ]; then
|
if [ ! -d "$_PKG_DIR" ]; then
|
||||||
echo "Package directory $_PKG_DIR does not exist"
|
echo "Package directory $_PKG_DIR does not exist"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Init variables
|
# Init variables
|
||||||
|
@ -454,8 +454,6 @@ if [ "x$MY_WORKSPACE" == "x" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
ARCH="x86_64"
|
ARCH="x86_64"
|
||||||
SIGNING_SERVER=yow-tiks01
|
|
||||||
SIGNING_USER=signing
|
|
||||||
SIGNING_SCRIPT=/opt/signing/sign.sh
|
SIGNING_SCRIPT=/opt/signing/sign.sh
|
||||||
UPLOAD_PATH=`ssh $SIGNING_USER@$SIGNING_SERVER sudo $SIGNING_SCRIPT -r`
|
UPLOAD_PATH=`ssh $SIGNING_USER@$SIGNING_SERVER sudo $SIGNING_SCRIPT -r`
|
||||||
SIGNED_PKG_DB=${MY_WORKSPACE}/signed_pkg_list.txt
|
SIGNED_PKG_DB=${MY_WORKSPACE}/signed_pkg_list.txt
|
||||||
|
@ -16,7 +16,6 @@ ISO_FILE_PATH=$1
|
|||||||
ISO_FILE_NAME=$(basename ${ISO_FILE_PATH})
|
ISO_FILE_NAME=$(basename ${ISO_FILE_PATH})
|
||||||
ISO_FILE_ROOT=$(dirname ${ISO_FILE_PATH})
|
ISO_FILE_ROOT=$(dirname ${ISO_FILE_PATH})
|
||||||
ISO_FILE_NOEXT="${ISO_FILE_NAME%.*}"
|
ISO_FILE_NOEXT="${ISO_FILE_NAME%.*}"
|
||||||
SIGNING_SERVER="signing@yow-tiks01"
|
|
||||||
GET_UPLOAD_PATH="sudo /opt/signing/sign.sh -r"
|
GET_UPLOAD_PATH="sudo /opt/signing/sign.sh -r"
|
||||||
REQUEST_SIGN="sudo /opt/signing/sign_iso.sh"
|
REQUEST_SIGN="sudo /opt/signing/sign_iso.sh"
|
||||||
SIGNATURE_FILE="$ISO_FILE_NOEXT.sig"
|
SIGNATURE_FILE="$ISO_FILE_NOEXT.sig"
|
||||||
@ -24,7 +23,7 @@ SIGNATURE_FILE="$ISO_FILE_NOEXT.sig"
|
|||||||
# Make a request for an upload path
|
# Make a request for an upload path
|
||||||
# Output is a path where we can upload stuff, of the form
|
# Output is a path where we can upload stuff, of the form
|
||||||
# "Upload: /tmp/sign_upload.5jR11pS0"
|
# "Upload: /tmp/sign_upload.5jR11pS0"
|
||||||
UPLOAD_PATH=`ssh ${SIGNING_SERVER} ${GET_UPLOAD_PATH}`
|
UPLOAD_PATH=`ssh ${SIGNING_USER}@${SIGNING_SERVER} ${GET_UPLOAD_PATH}`
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Could not get upload path. Do you have permissions on the signing server?"
|
echo "Could not get upload path. Do you have permissions on the signing server?"
|
||||||
exit 1
|
exit 1
|
||||||
@ -32,7 +31,7 @@ fi
|
|||||||
UPLOAD_PATH=`echo ${UPLOAD_PATH} | cut -d ' ' -f 2`
|
UPLOAD_PATH=`echo ${UPLOAD_PATH} | cut -d ' ' -f 2`
|
||||||
|
|
||||||
echo "Uploading file"
|
echo "Uploading file"
|
||||||
scp -q ${ISO_FILE_PATH} ${SIGNING_SERVER}:${UPLOAD_PATH}
|
scp -q ${ISO_FILE_PATH} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH}
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Could not upload ISO"
|
echo "Could not upload ISO"
|
||||||
exit 1
|
exit 1
|
||||||
@ -41,22 +40,22 @@ echo "File uploaded to signing server -- signing"
|
|||||||
|
|
||||||
# Make the signing request.
|
# Make the signing request.
|
||||||
# Output is path of detached signature
|
# Output is path of detached signature
|
||||||
RESULT=`ssh ${SIGNING_SERVER} ${REQUEST_SIGN} ${UPLOAD_PATH}/${ISO_FILE_NAME}`
|
RESULT=`ssh ${SIGNING_USER}@${SIGNING_SERVER} ${REQUEST_SIGN} ${UPLOAD_PATH}/${ISO_FILE_NAME}`
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Could not perform signing -- output $RESULT"
|
echo "Could not perform signing -- output $RESULT"
|
||||||
ssh ${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
|
ssh ${SIGNING_USER}@${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Signing complete. Downloading detached signature"
|
echo "Signing complete. Downloading detached signature"
|
||||||
scp -q ${SIGNING_SERVER}:${RESULT} ${ISO_FILE_ROOT}/${SIGNATURE_FILE}
|
scp -q ${SIGNING_USER}@${SIGNING_SERVER}:${RESULT} ${ISO_FILE_ROOT}/${SIGNATURE_FILE}
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Could not download newly signed file"
|
echo "Could not download newly signed file"
|
||||||
ssh ${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
|
ssh ${SIGNING_USER}@${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Clean up (ISOs are big)
|
# Clean up (ISOs are big)
|
||||||
ssh ${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
|
ssh ${SIGNING_USER}@${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
|
||||||
|
|
||||||
echo "${ISO_FILE_ROOT}/${SIGNATURE_FILE} detached signature"
|
echo "${ISO_FILE_ROOT}/${SIGNATURE_FILE} detached signature"
|
||||||
|
@ -13,21 +13,20 @@ fi
|
|||||||
|
|
||||||
PATCH_FILE_PATH=$1
|
PATCH_FILE_PATH=$1
|
||||||
PATCH_FILE_NAME=$(basename ${PATCH_FILE_PATH})
|
PATCH_FILE_NAME=$(basename ${PATCH_FILE_PATH})
|
||||||
SIGNING_SERVER="signing@yow-tiks01"
|
|
||||||
GET_UPLOAD_PATH="sudo /opt/signing/sign.sh -r"
|
GET_UPLOAD_PATH="sudo /opt/signing/sign.sh -r"
|
||||||
REQUEST_SIGN="sudo /opt/signing/sign_patch.sh"
|
REQUEST_SIGN="sudo /opt/signing/sign_patch.sh"
|
||||||
|
|
||||||
# Make a request for an upload path
|
# Make a request for an upload path
|
||||||
# Output is a path where we can upload stuff, of the form
|
# Output is a path where we can upload stuff, of the form
|
||||||
# "Upload: /tmp/sign_upload.5jR11pS0"
|
# "Upload: /tmp/sign_upload.5jR11pS0"
|
||||||
UPLOAD_PATH=`ssh ${SIGNING_SERVER} ${GET_UPLOAD_PATH}`
|
UPLOAD_PATH=`ssh ${SIGNING_USER}@${SIGNING_SERVER} ${GET_UPLOAD_PATH}`
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Could not get upload path. Do you have permissions on the signing server?"
|
echo "Could not get upload path. Do you have permissions on the signing server?"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
UPLOAD_PATH=`echo ${UPLOAD_PATH} | cut -d ' ' -f 2`
|
UPLOAD_PATH=`echo ${UPLOAD_PATH} | cut -d ' ' -f 2`
|
||||||
|
|
||||||
scp -q ${PATCH_FILE_PATH} ${SIGNING_SERVER}:${UPLOAD_PATH}
|
scp -q ${PATCH_FILE_PATH} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH}
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Could upload patch"
|
echo "Could upload patch"
|
||||||
exit 1
|
exit 1
|
||||||
@ -36,14 +35,14 @@ echo "File uploaded to signing server"
|
|||||||
|
|
||||||
# Make the signing request.
|
# Make the signing request.
|
||||||
# Output is path of newly signed file
|
# Output is path of newly signed file
|
||||||
RESULT=`ssh ${SIGNING_SERVER} ${REQUEST_SIGN} ${UPLOAD_PATH}/${PATCH_FILE_NAME}`
|
RESULT=`ssh ${SIGNING_USER}@${SIGNING_SERVER} ${REQUEST_SIGN} ${UPLOAD_PATH}/${PATCH_FILE_NAME}`
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Could not perform signing -- output $RESULT"
|
echo "Could not perform signing -- output $RESULT"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Signing complete. Downloading"
|
echo "Signing complete. Downloading"
|
||||||
scp -q ${SIGNING_SERVER}:${RESULT} ${PATCH_FILE_PATH}
|
scp -q ${SIGNING_USER}@${SIGNING_SERVER}:${RESULT} ${PATCH_FILE_PATH}
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Could not download newly signed file"
|
echo "Could not download newly signed file"
|
||||||
exit 1
|
exit 1
|
||||||
|
Loading…
Reference in New Issue
Block a user