-
Notifications
You must be signed in to change notification settings - Fork 5
/
repo-update.sh
executable file
·167 lines (155 loc) · 4.45 KB
/
repo-update.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
#!/bin/bash
GPGPASS="/systems/osc_certs/gpg/ondemand/.gpgpass"
BASE_PATH="/var/www/repos/public/ondemand"
# Only EL7 and EL8 uses different
GPG_KEY="FD775498"
REPO=""
TYPE="web"
DIST=""
ARCH="x86_64"
function usage()
{
echo "Usage repo-update.sh -r REPO -t [WEB|COMPUTE] -d DIST -a [ARCH]"
echo "Required options:"
echo " -r REPO Repo to update (eg: 'latest', '2.1', 'build/2.1')"
echo " -d DIST Distribution to update (eg: 'el7', 'el8', 'focal')"
echo
echo "Optional options:"
echo " -g GPGPASS The path to GPG password file (default ${GPGPASS})"
echo " -t TYPE Type of repo to update, either web or compute (default: ${TYPE})"
echo " -a ARCH Arch to update (default: ${ARCH})"
}
while getopts "r:t:d:a:g:" opt; do
case "${opt}" in
r)
REPO="${OPTARG}"
;;
t)
TYPE="${OPTARG}"
;;
d)
DIST="${OPTARG}"
;;
a)
ARCH="${OPTARG}"
;;
g)
GPGPASS="${OPTARG}"
;;
*)
usage
exit
;;
esac
done
shift $((OPTIND-1))
do_hash() {
HASH_NAME=$1
HASH_CMD=$2
echo "${HASH_NAME}:"
for f in $(find -type f); do
f=$(echo $f | cut -c3-) # remove ./ prefix
if [[ "$(basename $f)" != "Packages"* ]]; then
continue
fi
echo " $(${HASH_CMD} ${f} | cut -d" " -f1) $(wc -c $f)"
done
}
if [[ "${USER}" != "oodpkg" ]]; then
echo "Must run as oodpkg user"
exit 1
fi
EL=true
if [[ "${DIST}" != "el"* && "${DIST}" != "amzn"* ]]; then
EL=false
fi
if [[ "${DIST}" == "el7" || "${DIST}" == "el8" ]]; then
GPG_KEY="92D31755"
fi
if [[ "x${REPO_PATH}" = "x" ]]; then
LOCK_NAME="$(echo '${REPO}-${TYPE}-${DIST}-${ARCH}' | md5sum | cut -d' ' -f1)"
else
LOCK_NAME="$(echo '${REPO_PATH}' | md5sum | cut -d' ' -f1)"
fi
LOCK_FILE="/var/lib/oodpkg/repo-update-${LOCK_NAME}.lock"
(
flock -x -w 30 200
if $EL; then
REPO_PATH="${BASE_PATH}/${REPO}/${TYPE}/${DIST}/${ARCH}"
SRPM_PATH="${BASE_PATH}/${REPO}/${TYPE}/${DIST}/SRPMS"
echo "level=\"info\" msg=\"Update repo\" repo=\"${REPO_PATH}\""
cd ${REPO_PATH}
createrepo_c --update .
echo "level=\"info\" msg=\"GPG sign repo\" repo=\"${REPO_PATH}\""
gpg --default-key ${GPG_KEY} --detach-sign --passphrase-file ${GPGPASS} --pinentry-mode loopback --batch --yes --no-tty --armor repodata/repomd.xml
echo "level=\"info\" msg=\"Update repo\" repo=\"${SRPM_PATH}\""
cd ${SRPM_PATH}
createrepo_c --update .
echo "level=\"info\" msg=\"GPG sign repo\" repo=\"${SRPM_PATH}\""
gpg --default-key ${GPG_KEY} --detach-sign --passphrase-file ${GPGPASS} --pinentry-mode loopback --batch --yes --no-tty --armor repodata/repomd.xml
else
case "${DIST}" in
debian-12|bookworm)
DIST="bookworm"
;;
ubuntu-24.04|noble)
DIST="noble"
;;
ubuntu-22.04|jammy)
DIST="jammy"
;;
ubuntu-20.04|focal)
DIST="focal"
;;
ubuntu-18.04|bionic)
DIST="bionic"
;;
*)
echo "Unrecognized DIST"
exit 1
;;
esac
case "${ARCH}" in
x86_64)
ARCH="amd64"
;;
aarch64)
ARCH="arm64"
;;
ppc64le)
ARCH="ppc64el"
;;
*)
echo "Unrecognized ARCH"
exit 1
;;
esac
REPO_PATH="${BASE_PATH}/${REPO}/${TYPE}/apt"
DIST_PATH="${REPO_PATH}/dists/${DIST}"
echo "level=\"info\" msg=\"Scan packages repo\" repo=\"${REPO_PATH}\""
pushd ${REPO_PATH}
dpkg-scanpackages --multiversion --arch ${ARCH} pool/${DIST} > dists/${DIST}/main/binary-${ARCH}/Packages
cat dists/${DIST}/main/binary-${ARCH}/Packages | gzip -9 > dists/${DIST}/main/binary-${ARCH}/Packages.gz
echo "level=\"info\" msg=\"Update Release\" repo=\"${DIST_PATH}\""
pushd ${DIST_PATH}
cat > Release <<EOF
Origin: OnDemand Repository
Label: OnDemand
Suite: stable
Codename: ${DIST}
Version: ${REPO}
Architectures: amd64 arm64 ppc64el
Components: main
Description: OnDemand repository
Date: $(date -Ru)
$(do_hash "MD5Sum" "md5sum")
$(do_hash "SHA1" "sha1sum")
$(do_hash "SHA256" "sha256sum")
EOF
echo "level=\"info\" msg=\"GPG sign Release\" repo=\"${DIST_PATH}\""
cat Release | gpg --detach-sign --passphrase-file ${GPGPASS} --batch --yes --no-tty --digest-algo SHA256 --cert-digest-algo SHA256 --pinentry-mode loopback --armor > Release.gpg
cat Release | gpg --detach-sign --passphrase-file ${GPGPASS} --batch --yes --no-tty --armor --digest-algo SHA256 --cert-digest-algo SHA256 --pinentry-mode loopback --clearsign > InRelease
fi
) 200>${LOCK_FILE}
RETVAL=$?
exit $RETVAL