-
Notifications
You must be signed in to change notification settings - Fork 0
/
jss-rpmrepo-update
executable file
·135 lines (124 loc) · 4.95 KB
/
jss-rpmrepo-update
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#!/bin/sh -e
#jenkins support scripts - http://safrm.net/projects/jenkins-support-scripts
#author: Miroslav Safr <miroslav.safr@gmail.com>
#
VERSION=NA
VERSION_DATE=NA
usage() {
echo "`basename $0` ${VERSION} "
echo " http://safrm.net/projects/jenkins-support-scripts"
echo "Usage:`basename $0` [OPTIONS]... REPO_DIR"
echo "Update rpm repos with default deleting policy and resigning"
echo " OPTIONS: "
echo " -rp, --resign-packages ............... check and resign packages"
echo " -gn, --gpg-name <gpg-name> ........... use gpg name for signing by name"
echo " -gk, --gpg-key <gpg-key> ............. use gpg key for signing by key"
echo " -k, --keep <N> ...................... keep N versions of one packages"
echo " -rr, --recreate-repo ................. recreate repodata insted of update"
echo " -cl, --changelog-limit <N> ........... limits changelog entries in repo db"
echo " -ns, --no-sign ....................... don't check signs and don't sign repo"
echo " -v, --verbose ....................... prints more output"
echo " -h, --help .......................... shows command line help"
echo " -V, --version ...................... prints version of scripts"
echo "Note: exported GPGKEY or first key is used for signing"
}
KEEP_PKGS=2
UPDATE_REPO_FLAG=--update
while [ $# -gt 0 ]; do
case "$1" in
-v|--verbose) VERBOSE=--verbose ;;
-V|--version) echo "`basename $0` ${VERSION} ${VERSION_DATE}" ; exit 0 ;;
-h|--help) usage ; exit ;;
-cl|--changelog-limit) shift ; CLL_FLAG="--changelog-limit=$1" ;;
-rp|--resign-packages) RESIGN_PACKAGES=1 ;;
-rr|--recreate-repo) UPDATE_REPO_FLAG= ;;
-k|--keep) shift ; KEEP_PKGS=$1 ;;
-ns|--no-sign) NO_SIGN=yes ;;
-gn|--gpg-name) shift ; GPG_NAME=$1 ;
GPGKEY=`gpg --list-keys | grep "$GPG_NAME" -1 | grep pub -m 1 | sed "s/.*\///" | awk -F " " '{print $1}'`
if [ -z "$GPGKEY" ]; then echo "wrong gpg name $GPG_NAME" ; exit 1 ; fi ;;
-gk|--gpg-key) shift ; GPGKEY=$1 ;
GPG_NAME=`gpg --list-keys | grep "$GPGKEY" -1 | grep uid | sed "s/uid *//"`
if [ -z "$GPG_NAME" ]; then echo "wrong gpg key $GPGKEY" ; exit 1 ; fi ;;
*) if [ -z "$REPO_DIR" ]; then
REPO_DIR=$1 ;
else
echo "Wrong argument '$1' , exiting.."
usage
exit 1
fi
;;
esac
shift
done
#check parameter
if [ -z "$REPO_DIR" ]; then
REPO_DIR=`pwd`
fi
#check dir
if [ -z "$REPO_DIR" ] || [ ! -w "$REPO_DIR" ]; then
echo "not existing dir $REPO_DIR or $USER does not have writable permissions, exiting.."
exit 1
fi
PWD=`pwd`
cd $REPO_DIR
#when the repo is updated too often lock is needed
(
exec 8> $REPO_DIR/.lock ;
flock --timeout 120 -e 8
echo " $$ locking repo $REPO_DIR at `date +'%T'`"
#clean up
OLDRPMS=`repomanage --keep=$KEEP_PKGS --old $REPO_DIR 2>/dev/null`
if [ ! -z "$OLDRPMS" ]; then
echo "$OLDRPMS" | xargs rm -rf
fi
if [ -z "$NO_SIGN" ]; then
#optional resigning
if [ ! -z "$RESIGN_PACKAGES" ]; then
#first key if not defined
if [ -z "$GPGKEY" ]; then
echo "getting first GPGKEY.."
GPGKEY=`gpg --list-keys | grep "pub " | awk -F "[ /]" '{print $5}' | head -1`
fi
if [ -z "$GPGKEY" ]; then
echo "GPGKEY not found, exiting..."
exit 1
fi
GPG_NAME=`gpg --list-keys | grep "$GPGKEY" -1 | grep uid | sed "s/uid *//"`
if [ ! -z "$GPG_NAME" ]; then
if [ -z "$GPGKEY" ]; then
GPGKEY=`gpg --list-keys | grep "pub " | awk -F "[ /]" '{print $5}' | head -1`
echo "using first GPGKEY: $GPGKEY"
fi
GPG_LC=`echo $GPGKEY | awk '{print tolower($0)}'`
find $REPO_DIR -type f -name "*.rpm" | while read ENTRY
do
RES=`rpm -K "$ENTRY" -v | grep OK | grep $GPG_LC`
if [ $? -ne 0 ]; then
#echo "signing $ENTRY by KEY:$GPGKEY NAME:$GPG_NAME"
rpm --addsign -D "_signature gpg" -D "_gpg_name $GPG_NAME" "$ENTRY" $VERBOSE
fi
done
fi
fi
fi
#generate repo
createrepo $UPDATE_REPO_FLAG $CLL_FLAG $REPO_DIR $VERBOSE
if [ $? -ne 0 ]; then
echo "createrepo failed."
exit 1
fi
if [ -z "$NO_SIGN" ]; then
#sign repo
if [ -z "$GPGKEY" ]; then
GPGKEY=`gpg --list-keys | grep "pub " | awk -F "[ /]" '{print $5}' | head -1`
echo "reposign uses first GPGKEY: $GPGKEY"
fi
gpg -u $GPGKEY --detach-sign --yes --armor $REPO_DIR/repodata/repomd.xml
if [ $? -ne 0 ]; then
echo "repo resign failed."
fi
fi
rm -f $REPO_DIR/.lock
cd $PWD
) || exit 1