From b7de22ba08cd91c6a4255eedc118ce779e4fa803 Mon Sep 17 00:00:00 2001
From: Alexander Turenko <alexander.turenko@tarantool.org>
Date: Tue, 23 Jun 2020 02:38:59 +0300
Subject: [PATCH] travis-ci: deploy RPM / Deb packages

Now php-tarantool packages are deployed into two kinds of repositories:
packagecloud.io and to S3 based ones. The download.tarantool.org now
points to the latter, but we keep packagecloud.io for a while to don't
break users, which use it directly (we don't recommend it though). See
[1] for more info about deprecation of our packagecloud.io repositories.

The deployment scripts allows to provide two configurations: production
and staging. The former is for deployment from the master branch and
from a git tag. The latter is for deployments from a developer branch.
It is useful when something should be verified in a specific environment
using a built package or when the deployment process itself was modified
and should be tested.

The difference between production and staging deployment process is how
duplicate package versions are handled. It give an error for production
deployment, but does not for staging. The new package is discarded in
the case for packagecloud.io, but it replaces the old package in S3
repositories.

Read comments in the deployment scripts for more details.

[1]: https://github.com/tarantool/tarantool/issues/4947

Fixes #117
---
 .gitignore                                    |   3 +
 .travis.yml                                   |  45 ++++-
 .travis/deploy_packagecloud.sh                | 132 ++++++++++++++
 ...ploy_production_s3_gpg_private_key.asc.enc | Bin 0 -> 5520 bytes
 .travis/deploy_s3.sh                          | 169 ++++++++++++++++++
 .travis/deploy_s3_dependencies.sh             |  22 +++
 .../deploy_staging_s3_gpg_private_key.asc.enc | Bin 0 -> 5520 bytes
 .travis/update-repo-sh-add-fedora-25-26.patch |  11 ++
 ...pdate-repo-sh-fix-unbound-var-access.patch |  20 +++
 .../update-repo-sh-use-right-gpg-key.patch    |  29 +++
 10 files changed, 429 insertions(+), 2 deletions(-)
 create mode 100755 .travis/deploy_packagecloud.sh
 create mode 100644 .travis/deploy_production_s3_gpg_private_key.asc.enc
 create mode 100755 .travis/deploy_s3.sh
 create mode 100755 .travis/deploy_s3_dependencies.sh
 create mode 100644 .travis/deploy_staging_s3_gpg_private_key.asc.enc
 create mode 100644 .travis/update-repo-sh-add-fedora-25-26.patch
 create mode 100644 .travis/update-repo-sh-fix-unbound-var-access.patch
 create mode 100644 .travis/update-repo-sh-use-right-gpg-key.patch

diff --git a/.gitignore b/.gitignore
index 6b9751b..6f52a5c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -46,3 +46,6 @@ debian/php5-tarantool.substvars
 debian/php5-tarantool/
 build
 .*.sw[a-z]
+
+# Unencrypted private GPG keys for deployment.
+.travis/*.asc
diff --git a/.travis.yml b/.travis.yml
index 1ab75ee..94339ea 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -129,20 +129,61 @@ python:
 
 script:
   - |
+    # Make shell strictier.
+    #
+    # - Exit with a failure on a first failed command.
+    # - Print each executed commmand.
+    set -ex
+
     if [ -n "${TARANTOOL_VERSION}" ]; then
         ./test.sh
     elif [ -n "${OS}" ] && [ -n "${DIST}" ]; then
         git clone --depth 1 https://github.com/packpack/packpack.git
         ./packpack/packpack
         if [ "${OS}" = "el" ]; then
-            export OS=centos
+            DOCKER_IMAGE="centos:${DIST}"
+        else
+            DOCKER_IMAGE="${OS}:${DIST}"
         fi
         docker run \
             --volume "$(realpath .):/tarantool-php" \
             --workdir /tarantool-php                \
             --rm                                    \
-            "${OS}:${DIST}"                         \
+            "${DOCKER_IMAGE}"                       \
             ./test.pkg.sh
     else
         exit 1
     fi
+
+    # Deploy
+    # ------
+
+    # Skip deployment when it is not expected.
+    if [ -z "${OS}" ] || [ -z "${DIST}" ]; then
+        echo "Skip deployment: it is pure testing job w/o any RPM / Deb artefacts"
+        exit 0
+    fi
+    if [ "${TRAVIS_REPO_SLUG}" != "tarantool/tarantool-php" ]; then
+        echo "Skip deployment: it is a fork, not the base repository"
+        exit 0
+    fi
+    if [ "${TRAVIS_EVENT_TYPE}" != "push" ]; then
+        echo "Skip deployment: event is not 'push', but ${TRAVIS_EVENT_TYPE}"
+        exit 0
+    fi
+
+    # Choose destination to push packages.
+    if [ "${TRAVIS_BRANCH}" == "master" ] || [ -n "${TRAVIS_TAG}" ]; then
+        echo "Set production deployment parameters"
+        configuration=production
+    else
+        echo "Set staging deployment parameters"
+        configuration=staging
+    fi
+
+    # Deploy to packagecloud repositories.
+    ./.travis/deploy_packagecloud.sh ${configuration}
+
+    # Deploy to S3 based repositories.
+    ./.travis/deploy_s3_dependencies.sh
+    ./.travis/deploy_s3.sh ${configuration}
diff --git a/.travis/deploy_packagecloud.sh b/.travis/deploy_packagecloud.sh
new file mode 100755
index 0000000..eb93593
--- /dev/null
+++ b/.travis/deploy_packagecloud.sh
@@ -0,0 +1,132 @@
+#!/bin/sh
+
+# Deploy to packagecloud repositories
+# -----------------------------------
+#
+# `deploy_packagecloud.sh` is equivalent to
+# `deploy_packagecloud.sh staging`.
+#
+# `deploy_packagecloud.sh staging` requires the following
+# environment variables:
+#
+# - OS
+# - DIST
+# - DEPLOY_STAGING_PACKAGECLOUD_USER
+# - DEPLOY_STAGING_PACKAGECLOUD_TOKEN
+#
+# `deploy_packagecloud.sh production` requires the following
+# environment variables:
+#
+# - OS
+# - DIST
+# - DEPLOY_PRODUCTION_PACKAGECLOUD_USER
+# - DEPLOY_PRODUCTION_PACKAGECLOUD_TOKEN
+#
+# If one of those variables is not set or empty, then deployment
+# will be skipped.
+
+# Make shell strictier.
+#
+# - Exit with a failure on a first failed command.
+# - Exit with a failure on an attempt to use an unset variable.
+# - Print each executed commmand.
+#
+# Note: The script expects that Travis-CI will filter sensitive
+# information (such as a token): 'Display value in build log'
+# toogle should be OFF for to keep a value secure.
+set -eux
+
+configuration=${1:-staging}
+
+# Choose credentials.
+if [ ${configuration} = staging ]; then
+    DEPLOY_PACKAGECLOUD_USER="${DEPLOY_STAGING_PACKAGECLOUD_USER:-}"
+    DEPLOY_PACKAGECLOUD_TOKEN="${DEPLOY_STAGING_PACKAGECLOUD_TOKEN:-}"
+elif [ ${configuration} = production ]; then
+    DEPLOY_PACKAGECLOUD_USER="${DEPLOY_PRODUCTION_PACKAGECLOUD_USER:-}"
+    DEPLOY_PACKAGECLOUD_TOKEN="${DEPLOY_PRODUCTION_PACKAGECLOUD_TOKEN:-}"
+else
+    echo "Unknown configuration: ${configuration}"
+    exit 1
+fi
+
+# Skip deployment if some variables are not set or empty.
+if [ -z "${OS:-}" ] || [ -z "${DIST:-}" ]    || \
+        [ -z "${DEPLOY_PACKAGECLOUD_USER}" ] || \
+        [ -z "${DEPLOY_PACKAGECLOUD_TOKEN}" ]; then
+    echo "Skip deployment: some of necessary environment"
+    echo "variables are not set or empty"
+    exit 0
+fi
+
+# Verify that packpack is cloned into the current directory.
+packagecloud_tool=./packpack/tools/packagecloud
+if [ ! -f "${packagecloud_tool}" ]; then
+    echo "Could not find ${packagecloud_tool}"
+    exit 1
+fi
+
+# Staging repository: keep older packages in case of a
+# version clash.
+#
+# It would be better to replace old ones, but there is no
+# such option in the packagecloud tool we use. It may be
+# important if we'll have some manual or automatic testing
+# upward a staging repository. But at least CI will not fail
+# because a package is already exists.
+push_args=""
+if [ "${configuration}" = staging ]; then
+    push_args="${push_args} --ignore-duplicates"
+fi
+
+# Setup environment variables for the packagecloud tool.
+export PACKAGECLOUD_TOKEN="${DEPLOY_PACKAGECLOUD_TOKEN}"
+
+# We have tarantool repositories on packagecloud.io up to
+# 2_4. The next ones present only in the S3 based storage.
+for repo in 1_6 1_7 1_9 1_10 2x 2_2 2_3 2_4; do
+    # FIXME: Enable *.ddeb when packagecloud.io will support it.
+    for file in build/*.rpm build/*.deb build/*.dsc; do
+        extension=${file##*.}
+
+        # Skip non-matched globs: say, build/*.rpm on Debian.
+        basename="$(basename "${file}" ".${extension}")"
+        [ "${basename}" = "*" ] && continue
+
+        # Push all source files listed in .dsc file together with
+        # the file.
+        #
+        # FIXME: It seems logical to move this logic to the
+        # packagecloud tool we use.
+        files="${file}"
+        if [ "${extension}" = "dsc" ]; then
+             parse_dsc_file='{
+                 if ($0 == "Files:") {
+                     FILES_SECTION = 1;
+                 } else if (FILES_SECTION != 0) {
+                     print "build/"$3;
+                 }
+             }'
+             files="${files} $(awk "${parse_dsc_file}" "${file}")"
+        fi
+
+        user=${DEPLOY_PACKAGECLOUD_USER}
+
+        # Retry failed attempts to upload a package.
+        #
+        # packagecloud.io sometimes replieds with 502 Bad Gateway
+        # for attempts to push, so retrying is important here.
+        #
+        # FIXME: This way we don't differentiate network errors
+        # and all other ones. It would be much better to retry
+        # from inside the packagecloud tool (requests library
+        # supports it).
+        for i in $(seq 1 5); do
+            # FIXME: The tool fetches distributions.json each
+            # time. It can cache the data somewhere and reuse
+            # during some time period until expiration.
+            ${packagecloud_tool} push ${push_args} ${user}/${repo} \
+                ${extension} ${OS} ${DIST} ${files} && break
+        done
+    done
+done
diff --git a/.travis/deploy_production_s3_gpg_private_key.asc.enc b/.travis/deploy_production_s3_gpg_private_key.asc.enc
new file mode 100644
index 0000000000000000000000000000000000000000..d5af471b09f490d1e4f90d91caae627be764ac70
GIT binary patch
literal 5520
zcmV;B6>sW+BR-%0s(mli1>XKebIs$Bv<gJ@Zk=!PsJl;$oRGZ(0{d826wCxH*Xy%m
zA$!n`BLsO){sL(;*prxy>i@X8AxEGEu0cTv<a^ch#Q)#+fn41&Y7<xbab!&I8L(hh
ze~WJuCk%0=NF%P*Fh}9`$5Scvm82=4aHJnsq!tin_&aL(p#%53eQ&(=+CDb_nLf1B
z_44tgU>Q6}vI+8lo1W^SRy5K+T<)pp;Y-%^thrWYy9cfAC?NgG)}~2U@&GyGGI7v6
zrGXm>E(^*fxzFQMkpA<&pf~%qq8S^&+zuM)zpmCLzb0BAJW--uMIomRbJWi$a9`^0
zKtokyIw`^l0pa8fyU8!+=|kT31h5`!^|@9uRHUBd2HOXTJ}#4!|4)_WCU{JE>UOBj
zk&j!$e`0u1qS;AUWWEGN>yF&W`v0l-{&Q|~&$0|)8vm!t96>+(mXdOT>Qc5(o=7#0
z5`%82pEm`^o^4jxF}4Pxbz12NAA*8S0O-*=X2ktMDQ4A2uy$m&sKcD}ZVpPl->M_h
zB1Ep-x$#83oVUs!$&UNAEroQ_KK8$QDKM59ZJ7fXtTLwx{tI9)SI3^`T@e|LbaqAl
zp4Y@4pv!EXmW9Uc7pKDUU`pFe**ts0M5DNN%*$!I<fq?8U0<DiD81}xqp7c0ryluF
zRl2cjzO(!Xa<TJ5K}vN-h`8@S<Ii#)c1_V)?CkGCEL3>KWn~54H~j_ccRUJ~ferA6
zToe9U^wgYQ)84cH+D~qmc%qwI_U@UKF$_y{k>04~6Iy+y=zWlMs)^^(U=e$FgH#St
z{i?{*<>pafdV)7EFHqm@E5>_bFsDQkg2gF{RKkhQ4LTNVP+JB;ksBN|A)0q)(TMg<
zj^Fw7uu#Ru;CUuA`FMk$fYB^}U2T&PEbC{awlpGyGHU}R5w9<Cp0`Mve=jYR2G&kA
z1(f4KgGA<Ko7%yxMccni5+~>lu5fAnJibvx&6H#vlVh3=QCCP}DZYBFtOAoZ9G#vJ
ztD?TTtHy3T!&<x)D<&m8BsuHw4a?}w?NtiY5T(1tKQi-@Y3;d9^Ew>dHo#UT*WCTw
znO^zqvhAMA?WVI&&bu>8r?8^%Sdid0U(&zk=Bo6%oO`)=zJ>!GF=Vv8jZHEsDp22w
zd3HV&Ck2ZfZ64|_5X*JX#senSqsx#6t_Uk=x_QL(|ETg*dJ}E~aZd)gKC1|aewawS
zuu~-SH0^)V&J=-F2W}UVmhwz^Ywy@&_zW*{%jz*+wLS`tj}ynNSV;v{4O&$A_`tBE
zG&P?L_ZXoQABa55!Y4k13Ply)0R*}|7mX%%Gdw<!Y~HV~!kC)8yaW%5GZ6G&MlxBl
z_cQ<^`+xX2Ea@O2BKPtYYnc4m={&%m!0vG`KaiZ$?$D9kF1iSv@JBt+A@{E<1iT$k
z8QgIYarS(aG&Uxcr<N9H@V0SDDG?r*YgAGe(SYgO-}+{!z1uKO5YvDYaAK9EX1}oR
z?PkDyG;ukzxx17VBo_?=A4Xulxcw3JokFg0MzK_!5`qvy{xQv!E{M#jX+ellFC=)i
zcy)vx-_wmwS5#V{s1x}GLpMw1{Hk|!OT1_0h68BJ9l?L%z7vgutk|8ST)*+ywu4+L
zI?kRH4MRwo8gY#3x7k64V{_ozws=#1iwX!sRtGB~r5t>=g%E)FZ6_6^xvlq^-bN9*
zJcw;TJb6z!*79s0bycZ&3i|4<N#xeK6!vOG+`OO5XTIgdP!Iip4D|-IYuP-*1tM|%
z2mr{|KrbGA2(Xj-hm9la#$Bq(T2;6)PJb!N^xNg`p_V=_H*IQ1xeEDy^S+>Jo>Z+H
z3Q*j?(LnFqgdxw}bBLTDmF&4fZr(5ard6-8>oE_9>f!Hm{rLJSX_@R?HE-&Y({$;A
zeUoUk0PJYR1v0FAJQnR>{1xzKPv$bY2m^iRQaE!KBuN~~Fd0^oX1K`Rp8T;=_AFg-
z$`(5V#QVRC>xRcaQ6nzo`x272)3gC80}7z!7-EDcuafmzXzs%q@u{&}qk$X#2@wtt
z?an*f@i9ggNs?UgGP!8vrG}p-sdUsx^RXmtuMH2IA6=0n5mpJ+H*_0uuYwBU-MbI|
z`LpykvHEBX?tXvqQ3$qzt$U1MBcAD?DPh%O-d#Fm50SoKcmLBYoILlk@L7M7M@6N`
zP*+0d9XnG9nUq47lyMN;14Nv0f*2gsw`vTz*Dlcy_&w9Vb%<2^|7nMoU%$J($c^pZ
zKkrqkZTKlK%Tb^33Z#n)^fTix?Y8UUMLGm96iyMp*3#~A613-YI+?N0i?|aFzKx6u
z*d=hQuw8WcPl=!!=_+riqr6<I@J&y>qrWkxkC&CO4S)ihcPr?kM26TLy3ZE};td2H
zcR6k1ogQ(awGoQ@;1gL;zh<4due8LA%;4C0{zKyIC~~4R{S)adyR#UANLa(wTV)RU
z=z&M24hHCai+SgIJH?V$py$seVC`PmDsjf3;BgjMe?op_?vZgQc7$*1#m#W*81>TB
zpWYF5X!2UPGLSD)-3zY%<H-ddVIn34@iwm?h2C2!x%Eck4U-^`C7SVEY*-@8E&Cjr
zxd2#5kz`Z@IGH|1LFu4B<v0-;q$<wiF$iCH!5AE^v!bBNawBGn9Qy&~%FyTtvu|^g
zgd~&rhu0yx#7?haxWkx&xX^+A$FFu;IawVkN4*oZm4+9|&(shQp9S7*tSSSu<<TYE
z((X-P;xd6Eyn9GZx1U|bpmqZnJgv5p(P~<J%t+s*V`2dJVxyy#-k%?VSp<75l`%DV
zFcD}WSd7F%=Lq3-Hr~?oiY)|e<iEn~XJ7utEIA5WSMF|%p~CU#N_FCetyLsY50VS2
z#jSvB@&{Z%^u*#BY{<sRqB`&U>xY~`_eAMTN}HfYPVr_CCC?%E7O{dVi>#<%)Y-M8
z8p2>_C<>hq>l#5v7B)wk(sMu~Er2~5-P>1Jvupi^M_fJ-YrYjwN^`zCdZ-G)kMi{~
zLsHG&-CRZw_QrlCRoHDA%9Umomg8M%h0?~{sqAot1%8YjFVW@K+xwzf+AJf%&Xj-x
z3%<2#<@^lU6>m#7J7Ob}stV>2z}$91(}o$N`U^jPQUzPe_N*0Ow67n8J9>W%3O)2v
z5W_v+{X*kDm^hL@TORa=Y2xA(M0+)NlR=k%o7L+W|7V7aK_hi9#xd{z7}`+xDk!e7
z&OYrBOgig6WS8W@o3_HW^zGSo=mVvb^Mv5;s%loRt%yb25S~meOEgIGAOt)BIP1Jf
z_+T+;5_jMp`!PWJpzv}hbfU>cS3yl$>2afFwP@!VL(}AO)l&I26EJ<_yyjf}wOQ*1
zSA}0(g;9U=P<FR78M;SXNI(%XHB=>7uj?3e$+ZuqU0ai^5RY<*YM^e}F40J(7ZyOz
zTdkra=@iyYjDNY7m?fHHz(_{#pc^X`NOyNw-$7Pom_oyGF!VpE20d-kjsk?GxYln8
zaS?M8ws$zzc_Lp#9huaxPK88())c+%@4|D@TYw7g40joW{*KnMV5<tS`H982p4T~n
z2^nNGwE8?&jbx>YlubF(Z*VQGH$)+-)zGs|`n$fc1k`=WMiDO9t=^tIOe)(Rkb1ge
zIv!$KxzF>IJOkoQ5#5&C{xg2fWjD$+3YF>is0P`~%gLt59^O4rM9;=kXZq9b%>oe2
zKzb_$uT`jlp%(1CznbdO#gV)pUmCERaCulW_U%9TsNE7OryQdz^G&c|f~CgAGT0sj
z&6pi6k}sp!Eptat78KgmDhVGet{#MmH~ew$hQ3NY?DJahARBS58#EAs>4O4h_&!2Y
zHh8}%5T`A*-1IE}EVFsQAfN2tnq`Q->eeHYg=50?ay@Xcb9o>AY_r>VsV@lC>W;8|
zFnn^kOqUO@D3G|sK|DK*a8BJlrg`EIKKY3D=(FJGa8Kq~b_B_;t5eLU`8jsk02pcq
z#rVZc=wm=7AiP7o!IB6f9UihzIJC>J)1%Bi>Hd_5%UN8hGb{gGL`670%nP-^U#AT~
zUIB$meo>oAVU&uqZK>7r-&9<luj)sMAsbtbSflZrdoD~d5ogD>Q#iL)pD<6dADKEF
z>VUcoR%xcq66DjUh*0>Lb77xwO&q3`tbvh6_VDFvv`o*d_UhZ8v==VqI+Ywc|53++
zJWb3kmZL6V*v!X`lioir*O=SMutxlI4D3Bj8aM%kUT-2+{{of2V}S#;Dq;jX$OKCg
z)wPg>uCeAIM0@0dM@hI|8mwdyFpQ%+ub><rx5e9kb6KN?8x<2}gZZDc2L_IJm#^O$
z1LA<Hq}#E3Van+Vugdx)*B%4aSmbM?La$C~T9o43@$1leu5a%49WNtCZ^08a&L)@F
z5##nP4!M&K0ZrDlbIw-OdtJxjYH;ApK-v7#Vle(e7@jE-@-!xu*U!QFxGw{XNU^lH
z{RKz_(f2mRj+9#02^Ze#Y9kJ-i?F5eawy`HNwpx}iulfahhKhggf6EPBKZp*P<ltx
zz*PbPcNB{jr02Pwq6IwY;~^Zm3N%nBK<>3#(dj!6kEZPHMhUC*TyH!2ZGCYMgNYuh
zEe$JbHIKmWEaiG2a<fz%(PxuRy9)Ci?9ZY{6=?6O-A8w_fJ_IvhFhyiN+P3nY4<%)
zeuOLz^<eh9KbcpVG;bT$K**=gP+I78f3-aBc1Zj*hXLxqotCNn6)ezN;|PDA^9X7i
z|BRTblsLSB%MjK-*%&@AtT({U{SN<Fm*)r3e({TaAIyM}n6?WJ3J~>B_?Y}h2S2V!
z4wr&5ywBgA7mEk*#2q&5B&iscVgApq$HJ5yhe-~<Y?~vMWL@&R8-Lp*EeJab3TBR{
zYny$+sd<j6oZEdNI+_{{l2uzE*~pty=1~@7jGAV};fJTm8J0FFY<>Tm5o7ECkD2(C
ze(5;3$<ME*h@(q!tY8g%Lh6KwuzsI{xPOOYMpo{sZ`}CHH)qL!e>NUgNQ22Tr2)W-
z+QB0o?YDDv6kA)65i9+lwl#D)r=CKlB+$l6gIduAN8d3a0mWa!;jdkf7!@G~!wFKi
zY$RFtNrEUet|x19sO)xbg2`H#$_m}Qpz|X$3-wa=(q`n;hs`>;HX_b3E5AM|a9wZ(
zi*Tta(`M*|7`mQ5oIx%ad0F6d-|(iZV*n0etO~wCSaFiP-p^MrkZeUz9ZZ&lO*~o(
zbr-;2!Fu&eitL890(gv<V9Oe^tAmb7EM;arV2Lyz=;d<MKD7z@-h_7;fHw$K#%fYL
zFe4HP%HYC*8eq3DE!j+1L~r#3vNUp!pCwRd3S^k-<81%&$$o9G_)1WiB_@qVGiRkI
zr{OaCSS3sI+#hSZv!AEt^7GP4r~ZR5o?vn!F3Er|bIaw*75l#sE>z~>qmMzn^r^}+
z%rK0F<GZN=L4fDITb*WuT{e0QitJ|hHlMpGmNuWkEvf}iPCO^g|JweHCa96{vK+X-
z5fr(V-s8%Ph}A8LkF(}JR)$uuc+!b-r8d0w?3~nODGLAY1|7pgIVL-&3pWow7gEtv
zlB98mKQ%9veV{^Pp_@AQt^8kXC~RKl9};$`mXy`Wk-2BbS3<0cTJ%w#BqW*^Wri9Y
zI3YQ_x3T~Ua<f)=l*UUTp!N8#dCdLVOh(*-Z!l(3pB-;{KC_)qUvoAjy#$fw@TM}5
zKFXmhHIUsK3@zw$Yupx?74^8Y{%5e((`!s&<Fg5Gqp+#}-@{7e00k0TLoeulTldaP
zg2G2_soK?~>;VDB(EeGAG<{_L8KNmP3QTK$Wo=XcSua!q<sXt8+Ytv%KddA?9vILx
zxB~^$!O09w_cWgD?+c$^0nwS-$<F=qiS0BtB?;!81xtEY^=D_6ClT@X4is~^NGd5n
zO_d~zBqjYSmA0{YjP{bdBxPJD4R95zWj>{wN^hfB?(bw*yOSBBY8TlA-(`0u=vkMg
z$oozt@j%A}u0Xqg&y4lN11yl|yK&^C2L9ZMN$6Si?SPGI)J=VVxOeZ!=4En9EH1UH
zGye35@SDx?;ddNP7jG}RQUZR(zk)M_)xfTL;m*`)K(}i8;b0TQ)aB@<hEgBC8wr&_
zx>v;DvE+goar2A;s}cL%i!q#BuqOkUAIos)#2p~j{fY8DEo<=v4P1yrK_+D)r<aV4
zQ$)UTA9-JAF!!j5oRCkdDoN8|J_&m;K87e|3ZGkd@CUEQeuob*B%FqJI2DLUS`+9j
z^#4VXkVv(a2v5Ny-$?w-y5+_Wa*}JjeX;v~22n_@@;&4rqAF)dG8A$DWp(xxwfv{F
zyGa0ums0B~rJ`d(EO`&KJ@5)~Mlz0yY_G6j1j3$)KwrV2wp0v&VkKkCExmcsJmTfh
zSTtL#3~AFms-Zv`DOuO>fL}<_Bg{ejY8I`WNEZC7crQQ6+=Q#!2=lO5WiYFB;6fzx
z*ApwYz;Ks!T?+tcYz@Z_+L7&V^LT;cVo2eY#>Nqh(Cb{&ROs%~DyzKm#}WMEf1Oof
z4z!9Ob%5R&IRYeG3Xklvzaj$ZDr!r>zsQ|e3+(!q^3%<TH)PoYo`e6wob8>4bWr}b
z<MMAGE&|(6S5@a9`f>^yiGw$`2bs4QjP^$FOf<%fV|d0O(TLJN%hL?e?u<M`aoNdM
zCFMCC68s3o?k=B%0xvCtnx?;$C6_Xifd^h!>KjdcSRy^0c^kc4`CR=9P@oZ^Q9ZYz
zR{L8-sz3jKa{OKq<?XxFZv~lIid0@@nOk#{hq8H<|2{zn1LbFoK0KJ>NVcB!kK=-;
zlm0~TSWQf7m!~hPit5HAWw`LUDL0A`Lmtt=LmJ<ahYZ)FvA}s@IU>xM3$w#cnp*6x
zj1-mSwTqU>WPT+4eA;;K=0krrp{<jlvj^n?m&FU_r9%o?gAU2qG1;zd7Z!@>sizh9
z+Hp}1{iKWL{&nrz^ZR>JzLUpgzNV#r@a&Q1=Dmnm0;ZX%CXRDxGQ%C665zN$1Hn=J
z+;nRb=rgy2cai+JAp%WT7Z%f_)~QD8B_?k+r$$Ref^lWt4lS54G%tGBKv0$9tCK1b
zW1Dd{)KtDy#E19^d6LjwWp~o*JiXihCR2KR{>)#9-PDfx1FR(Aj2CS^dX6^LlRJOd
zYaye4BvH8@e?dooW*}A_h`W#(!^4~HwZ)pvQYd`=IXQ7tQ~LZNF#78=c+eiH)?NIg
z5v{LHN1up*Yq?-O+#s~Z<~zM{P5ua+e1XFO2hp`?H|P#&C~?FEIc!$!b>Sl%mX58g
Sb}we6(R=XVP_q6JPtpz-62}k#

literal 0
HcmV?d00001

diff --git a/.travis/deploy_s3.sh b/.travis/deploy_s3.sh
new file mode 100755
index 0000000..76299a5
--- /dev/null
+++ b/.travis/deploy_s3.sh
@@ -0,0 +1,169 @@
+#!/bin/sh
+
+# Deploy to S3 based repositories
+# -------------------------------
+#
+# `deploy_s3.sh` is equivalent to `deploy_s3.sh staging`.
+#
+# `deploy_s3.sh staging` requires the following environment
+# variables:
+#
+# - OS
+# - DIST
+# - DEPLOY_STAGING_S3_ENDPOINT_URL="https://..."
+# - DEPLOY_STAGING_S3_LIVE_DIR="s3://my_bucket/foo/bar/live"
+# - DEPLOY_STAGING_S3_RELEASE_DIR="s3://my_bucket/foo/bar/release"
+# - DEPLOY_STAGING_S3_ACCESS_KEY_ID
+# - DEPLOY_STAGING_S3_SECRET_ACCESS_KEY
+# - DEPLOY_STAGING_S3_GPG_KEY_FILE_KEY (32 bytes in hex)
+# - DEPLOY_STAGING_S3_GPG_KEY_FILE_IV  (16 bytes in hex)
+#
+# `deploy_s3.sh production` requires the following environment
+# variables:
+#
+# - OS
+# - DIST
+# - DEPLOY_PRODUCTION_S3_ENDPOINT_URL="https://..."
+# - DEPLOY_PRODUCTION_S3_LIVE_DIR="s3://my_bucket/foo/bar/live"
+# - DEPLOY_PRODUCTION_S3_RELEASE_DIR="s3://my_bucket/foo/bar/release"
+# - DEPLOY_PRODUCTION_S3_ACCESS_KEY_ID
+# - DEPLOY_PRODUCTION_S3_SECRET_ACCESS_KEY
+# - DEPLOY_PRODUCTION_S3_GPG_KEY_FILE_KEY (32 bytes in hex)
+# - DEPLOY_PRODUCTION_S3_GPG_KEY_FILE_IV  (16 bytes in hex)
+#
+# If one of those variables is not set or empty, then deployment
+# will be skipped.
+
+# Make shell strictier.
+#
+# - Exit with a failure on a first failed command.
+# - Exit with a failure on an attempt to use an unset variable.
+# - Print each executed commmand.
+#
+# Note: The script expects that Travis-CI will filter sensitive
+# information (such as a token): 'Display value in build log'
+# toogle should be OFF for to keep a value secure.
+set -eux
+
+configuration=${1:-staging}
+
+# Choose URLs, directories, keys and so.
+if [ ${configuration} = staging ]; then
+    DEPLOY_S3_ENDPOINT_URL="${DEPLOY_STAGING_S3_ENDPOINT_URL:-}"
+    DEPLOY_S3_LIVE_DIR="${DEPLOY_STAGING_S3_LIVE_DIR:-}"
+    DEPLOY_S3_RELEASE_DIR="${DEPLOY_STAGING_S3_RELEASE_DIR:-}"
+    DEPLOY_S3_ACCESS_KEY_ID="${DEPLOY_STAGING_S3_ACCESS_KEY_ID:-}"
+    DEPLOY_S3_SECRET_ACCESS_KEY="${DEPLOY_STAGING_S3_SECRET_ACCESS_KEY:-}"
+    DEPLOY_S3_GPG_KEY_FILE_KEY="${DEPLOY_STAGING_S3_GPG_KEY_FILE_KEY:-}"
+    DEPLOY_S3_GPG_KEY_FILE_IV="${DEPLOY_STAGING_S3_GPG_KEY_FILE_IV:-}"
+elif [ ${configuration} = production ]; then
+    DEPLOY_S3_ENDPOINT_URL="${DEPLOY_PRODUCTION_S3_ENDPOINT_URL:-}"
+    DEPLOY_S3_LIVE_DIR="${DEPLOY_PRODUCTION_S3_LIVE_DIR:-}"
+    DEPLOY_S3_RELEASE_DIR="${DEPLOY_PRODUCTION_S3_RELEASE_DIR:-}"
+    DEPLOY_S3_ACCESS_KEY_ID="${DEPLOY_PRODUCTION_S3_ACCESS_KEY_ID:-}"
+    DEPLOY_S3_SECRET_ACCESS_KEY="${DEPLOY_PRODUCTION_S3_SECRET_ACCESS_KEY:-}"
+    DEPLOY_S3_GPG_KEY_FILE_KEY="${DEPLOY_PRODUCTION_S3_GPG_KEY_FILE_KEY:-}"
+    DEPLOY_S3_GPG_KEY_FILE_IV="${DEPLOY_PRODUCTION_S3_GPG_KEY_FILE_IV:-}"
+else
+    echo "Unknown configuration: ${configuration}"
+    exit 1
+fi
+
+# Skip deployment if some variables are not set or empty.
+if [ -z "${OS:-}" ] || [ -z "${DIST:-}" ]       || \
+        [ -z "${DEPLOY_S3_ENDPOINT_URL}" ]      || \
+        [ -z "${DEPLOY_S3_LIVE_DIR}" ]          || \
+        [ -z "${DEPLOY_S3_RELEASE_DIR}" ]       || \
+        [ -z "${DEPLOY_S3_ACCESS_KEY_ID}" ]     || \
+        [ -z "${DEPLOY_S3_SECRET_ACCESS_KEY}" ] || \
+        [ -z "${DEPLOY_S3_GPG_KEY_FILE_KEY}" ]  || \
+        [ -z "${DEPLOY_S3_GPG_KEY_FILE_IV}" ]; then
+    echo "Skip deployment: some of necessary environment"
+    echo "variables are not set or empty"
+    exit 0
+fi
+
+# Download the tool to deploy to an S3 based repository.
+ref=f84cb1aae3144f5677feacf6be31bd4f15e91c2d
+base_url="https://raw.githubusercontent.com/tarantool/tarantool/${ref}"
+curl -Ssfo update_repo.sh "${base_url}/tools/update_repo.sh"
+chmod a+x update_repo.sh
+
+# FIXME: Upstream the patches.
+patch -p1 -i .travis/update-repo-sh-use-right-gpg-key.patch
+patch -p1 -i .travis/update-repo-sh-add-fedora-25-26.patch
+patch -p1 -i .travis/update-repo-sh-fix-unbound-var-access.patch
+
+# Decrypt a GPG key.
+gpg_key_file=".travis/deploy_${configuration}_s3_gpg_private_key.asc"
+openssl aes-256-cbc -K "${DEPLOY_S3_GPG_KEY_FILE_KEY}"           \
+    -iv "${DEPLOY_S3_GPG_KEY_FILE_IV}" -in "${gpg_key_file}.enc" \
+    -out "${gpg_key_file}" -d
+
+# Import GPG key for signing repository files.
+gpg --import --batch "${gpg_key_file}"
+
+# Extract GPG key id for signing repository files.
+#
+# This way works for both GnuPG 1 and GnuPG 2. The alternative
+# would be using '--import-options show-only', but it is available
+# only in GnuPG 2. See https://unix.stackexchange.com/a/468889
+mkdir -m 0700 temp-gpg-home
+gpg --homedir temp-gpg-home --import --batch "${gpg_key_file}"
+export GPG_SIGN_KEY="$(gpg --homedir temp-gpg-home --list-secret-keys \
+    --with-colons | grep ^sec: | cut -d: -f5)"
+rm -rf temp-gpg-home
+
+# Setup environment variables for the update_repo.sh tool.
+export AWS_S3_ENDPOINT_URL="${DEPLOY_S3_ENDPOINT_URL}"
+export AWS_ACCESS_KEY_ID="${DEPLOY_S3_ACCESS_KEY_ID}"
+export AWS_SECRET_ACCESS_KEY="${DEPLOY_S3_SECRET_ACCESS_KEY}"
+
+# ${product} value may affect location of *.deb, *.rpm and related
+# files relative to a base repository URL. We can provide it or
+# miss: the script will generate correct repository metainfo
+# anyway.
+#
+# However providing meaningful value for this option enables
+# grouping of related set of packages into a subdirectory named as
+# ${product} (only for Deb repositories at moment of writing
+# this).
+#
+# It is enabled here for consistency with locations of other Deb
+# packages in our repositories, but in fact it is the internal
+# detail, which does not lead to any change in the user
+# experience.
+product=php-tarantool
+
+# Setup arguments that are common for all repositories
+# (1.10, 2.1, ...).
+update_repo_args="--os=${OS} --distribution=${DIST} --product=${product}"
+
+# Staging repository: rewrite a package if there is a previous one
+# of the same version.
+#
+# Note: It differs from a logic in deploy_packagecloud.sh.
+if [ "${configuration}" = staging ]; then
+    update_repo_args="${update_repo_args} --force"
+fi
+
+# Deploy to S3 based repositories.
+for repo in 1.10 2.1 2.2 2.3 2.4 2.5; do
+    # Note: The update_repo.sh tool automatically find
+    # *.{rpm,deb,dsc} within a passed directory, so we just
+    # pass the directory name: 'build'.
+
+    # FIXME: Machine-local locking that is used in the
+    # update_repo.sh tool is insufficient when we deploy from a
+    # just created virtual machine.
+
+    # Deploy to live repository (per-push).
+    bucket="${DEPLOY_S3_LIVE_DIR}/${repo}"
+    ./update_repo.sh ${update_repo_args} --bucket="${bucket}" build
+
+    # Deploy to release repository (tagged commits).
+    if [ -n "${TRAVIS_TAG:-}" ]; then
+        bucket="${DEPLOY_S3_RELEASE_DIR}/${repo}"
+        ./update_repo.sh ${update_repo_args} --bucket="${bucket}" build
+    fi
+done
diff --git a/.travis/deploy_s3_dependencies.sh b/.travis/deploy_s3_dependencies.sh
new file mode 100755
index 0000000..1f5b7f0
--- /dev/null
+++ b/.travis/deploy_s3_dependencies.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# Make shell strictier.
+#
+# - Exit with a failure on a first failed command.
+# - Exit with a failure on an attempt to use an unset variable.
+# - Print each executed commmand.
+set -eux
+
+# Prevent procmail package from asking configuration parameters
+# interactively.
+# See https://github.com/packpack/packpack/issues/7
+export DEBIAN_FRONTEND=noninteractive
+SUDO="sudo -E"
+
+${SUDO} apt-get update > /dev/null
+
+${SUDO} apt-get install -y pcregrep
+${SUDO} apt-get install -y procmail  # for lockfile tool
+${SUDO} apt-get install -y awscli
+${SUDO} apt-get install -y reprepro
+${SUDO} apt-get install -y createrepo
diff --git a/.travis/deploy_staging_s3_gpg_private_key.asc.enc b/.travis/deploy_staging_s3_gpg_private_key.asc.enc
new file mode 100644
index 0000000000000000000000000000000000000000..bf4225ebed661cd607407f1aedf9fdde5b8d771b
GIT binary patch
literal 5520
zcmV;B6>sXD9vwbOUzYROjX@o+6a@^p;Op@4%Z3gz%ft$YZnNMPg?rX#p#K>>ahC)1
z)+_o*5y|wTB&Fwa(yS&Mc}_$4A<_LLR^scI(5-GS6sb=`UOCCjpiT7CzK840v#({<
z+z)De39(BD<c5q%U&Ur=6<2rb>%-06LwvO{(Q{2r_-1uh&#uNC%EdM>kMU_hlweY$
z=K9LS$3Ct@_gFQ~85g<(<y9``QcWa^B6;e*V&m!15FGXW4aEl}C4$9qFRXwV3O8go
zxFnm37oLI6K1R4j)tdbufvvQID5|~8Gtrt>hiOqkNW0{zH2hwJ+E+zqme5^u6<02a
z;4#ttawKl8+WHfC&j&anIGKC3d+sLqiF{`tDRN>N8zv^-&hLfjj;;#)0w1`?MtmWm
z)4+s`SHsd^MVW`DGmH#rk)PDdv4TszEL4-W%`r3CN?=@Oi%hO5PX;n7Dq`pvp(jNn
zi4o(yBK*Osj9uT2yq>4<PTBBB!)UPh%h(~xn_Rg$s}>m#=>u`XTz)P8aMqalB~J##
zIZ-?xxE<EJjArc?>Sp6N$qhV1OL5{?tR;;*&AbirV4?&UAR~hw(ak>+lpsMVvS)+z
z#1IK4Hfb3=Dn@g1y}P3ECdusVUsn5W@A*6V&lldSK|XCptg3hv8#A+%`d(Dh;Z$kn
z<V&T2!RkI*wQFI9AOcpzl=eRaP-lqR9BxPch=?JzANR*+n9pxa@2;kx)`i_B6_9o2
zKoc=8l3~gnUCH)in9mm%cBG}MrrRiGp6mJQ_Q;NM+&I`bGJ`1&3e4*#`SPJ<-_bKH
z{63~<5b!}I;8pA{rJ7b~5S#d1Bx>74DYr>Vj8Wc=>QLm-TDp7*5YWKDr2YpOtmzie
zeg$w)N}esejV&iYl1e}D^#4KXTDq(er{;R9>^7cJiLWiICTB`JlzqjeLm{~a8;oBY
zZkA}7&YF9T2C8_HB#*c@h?oE+*Yb^Z!5oXBw@d`;@z9=r6dfLO&8(qz3lPWzNSTSY
ze*a@?uZSxXn|n>ZrC_DNSNDFmE`f;YEth@~69ZWBAM5kJJ%88UT5Ge@9v5Ed4Rk`~
zx7~2mQ^#j58=wdJOeDu3uE*jC=WO|Ok^%>M^;8g~3O2Q-d-C>)f6>*3?y>6OlX7tq
zn4d9vuyPY&G+IsyqmXA{6WNap@hBwXAPj#C-n~fk+Q=vYfd?eS>!ifHpkMj+pzm<n
ziCLmQ8@V?OD;eb&62SrF;F!MUfldvSJ@zuNu^#xsYr1rhJNkgO$34p#HqMJz`R@HB
z!HRham`}=$5i7CW7J!xEBQ_k|O`ogP)aCD}`?hG8dfJvj2+8T*?9_IXQc(18v^Aw}
zBq&Q7^-46!b-rLcgu&jRrvUJB4K|V{`S-=MQn;2G!>|}pC}4vk-TxL$OKXUh85u=`
za`Lx|tdapdxkcpr*WekFt{A^7yh8l{(b<V~x^>L<kkl=MXGpcrUoK~07qeDlpUC#5
zh(hm71ugu3_EGtwqwq;!K>ovUjV>Tz<dF^WjBq99@XULHqHiE6LBIT}^EA_PG@`l&
zf-YHG3*DmmVho!Pjw5$YVC+kq1L7osRjP74kX}&-YWpQosl7?nlXb!rt?lyF+h)-c
zDDvI`iL|inlKyA6u9p$);w8u&UA4fMK^C<y%&r3F;I;e;(yqyn2D~b2nH>y;Y?X|?
zrJ_v5r%y18t33#~o{@*DTAzbpsK4!;2o&iYIV2`5>a~63X`>Sv)UM55I!&gPWK<$t
zwiaVHxQZDLMhq&sT@1!72D8Xodi6#GI0#KFe)t+6!$l5ecOiE8J+3F6^VagsVfk~T
zi^4qbUxQ?HZzMUsV1##NT>K^$^`N~*1S^{Lhs#+mrTYP0>7gG394~2IrctU}Rq{b>
zlSvKgOsl$F5btFUg9#H*{wj!{N0zfJwz}EJSw)QAfc`HainN#FqKj{)Y-I%8HnM3z
z)rLDaD{(6v?4DA;5_k$!a?2$8PR(FO02yv~Yc6xaG_GP+rY<2yc=#Ij0<hrDk|ZTK
zW%46u4=)cR+P07lMVa>$GYlIyTRu1upstB`qdQvJTa0`OievB5<#LEW=#<PL`jfa}
zPVSi31LIZY4tV}4!xjH95PD8AC1$}NL=Gh(;oB}fW1~hotS;@lV6uM5vK{6zKfDU8
z+G?s!dO-W^;4yxVxUrtT>JbMP`7h#FlVyp{-ZvUo@U_rUB?`n--u`#I9oD9p(BI_@
z>e@BWU6|@wHS!9(H&@!JqUHPceEPU7?UQl$Y>o4q-=aPu)YExu{n!qze;HS+UeJ_f
zN+$4Qq9I%$h|ewPOYOyIy_>kd(!g2^r8Xf8q6EacB)SJsnFN9R?vOlaO-WRmg;J@8
zz3yZbYSpq{&kOEQ2(JaU%v`iKLz|9^2m|X9yz_qwEKGv)R*^?F4#h2&)j?Tw01;l{
zP;1X^R_Q)A{5@if4!C}g?(por!QP3*@vNr4zU1)oioS3F1!$j78p)_Ae?!&UC(Gpj
z+8F%~#hxXc%&zE8q5))m#hiG+5(hfz%{#i{k<34h9lNcvh~4X8T<K&~FaE~Wm7aiK
zbn*v;%L_uIG-vEE1VZnX%?aI)v8JZO{;U+Fh?<bI54kyz1zXLx?Ro?7Om~%yW|C`<
z<B7PP-cyi)r~(@Y15>)-y1i3JrOo;yxe>s10C9vM2+);Y;8~nFL5J<LwLO9Y$pDLo
zWjP}$`)-6U1Gm7EC2*Ad%H~3ath2aYlUWIYSv(rS8ES_dmTOg^7~SyUQGXaY8~K$8
zE(w9<o&r=T?TSU`DIKP7<j$PK-L90cV)Mq|{0JZw79}T@_I8D5aV>4GY)cN&1v_i%
z!8E)=g;LP?=K&h+tBmir?nOiuLCz`OT3VNW*xH5&0rm54D%{%ryjXIypc6R>YuDeG
zEOqirN#bK85pWBdWDVP@1E%*?yEDb)J>X0g9GSn<I5drgl$JTAkDI%*#o%+nNv|F4
zT*)=sgkf13YSh|90m+f+D*nV96&HtH#BWMJp;eLanYD@L;3eDF76d$49B4Icg;sy^
z$)M1tf3(JOCA8FQdmc9nBMi9~br;_+BikS%BvPb-qW6RDs<{j(jA?RCb)m3Jb%|r}
z@i*#9PBqR$&GA7AvjP$!J+4Z>x4tYTsQ@!VJLWav<NtDZz=uGvxa+nU?Cr_^E!Fhk
z70<Qx2@QuB5;*3G{#nMkv&vt>$sesMOSS<YPG*OUv1wXiHU!1}F<kC;4z~JBC=cow
zhyLf)U@GcWj{oj+2;K+#RcbS`CyTG;#bPJSyCOJwi;<ZL$Sbo)N0Zl^aBWWYwdE-D
zzyCx3o_w_l8N~da6o_|T$jb_0|Ho^F2P)h&1iV-4uAR`pIXX>*#U8!|f(dhD_l~Gj
zs)sn(l(zt7EKXbC3N+<bsNoNopPi4y(S9`Ta-!0_d}bjYX4I<AMLe&`!%`A*WVci~
zX93-(Fo_G+d>IZ7__#M9po%<mLxEh?=8rmwVf=!9mDXI)PkAmiT^LOgL<jItU>s@C
zR{OU-G0Y9uAhK>E*59~Y5d=X5nc-I_Y=!2#tw1}?(l(#ss~WJatpeNTh}<?cq$8k8
zM>CyoxJx60#IZzdgMEHuTU_xG!~AE)&y|f6Vs?Bzr((O&cOhdO_lS22$CKBC>_L3;
zTp9a=rThYAKRAHR!qin;=|5_<WF>}uPl2P<;mr41V7K$}&u{%7aYes4`;f*yr~fPW
z9woR=nnM@JbHzgXrvDM+-W9GT7KthnD?_e(VoDTt7r)v!G_o-BV<$TN%L=VzbHy4u
z?QFI^O#;mtIu!4e12>U)#$hBAAp1=TZ#B?~_L_1DBh49Ieq%6Z{zbc-4k@idFD7jg
zIvOb%Hp`j5GXQTPq_wmisN9AK$`n6xK!9I@4;VVS{XPDA`tZr<<67=ef==dHmz*Wn
zmu&wd6pjfj?Z;68=qmG{&kMW9Rc>9@6pWBDbS|IjSH>k1PCwS(O{$7(=k#^Y`wLHf
zV*~s{=jugkXj&s|Z-7b?3Jbp7$dEo!ma)1PKyUpExW&)(r09n`al-aT^D=G~4-ur$
z2qLv8ARp-{3)Fxjs6bIR_0b`c5ciqsmKBBYDt^snQQ1iesuUA9tNzv?@BrwX@Ox>5
zVvjk{Y7dY8t+XH~n4PS}cxxv9U@ab5X<m3)OiIsDo@Wu~nUIVV7Yhw?f%R4%zJZV_
zW&=-ix=$eHS3Wf`fV;qSjr*1vfWttCD6o`uR+|slc`Xkq%Z&BNtl4xI+`Z)iY2&vE
zyxMP*w5r_#5x&DU<Gf#?nAmU&AUUNM$R!A!hm3@Zr5>Q~@VjCgV*Mb44`_BF<5EA7
z>wMm#_#ORK>*UD%;MLmjd+Z*!<R52K`Me8!*71wzbfV7N|3~6%?LpLFW$>o`NDrsB
z`TUEGhab3n=BW@v67vv+rQi}4G<TUGe*_31^tEgU(B-w8EIV@0a!9-{_a37=j1peq
zUd+^U;EJuKg)~!`97Pns4~p!EgW5la)o{L92Cm|LfXMqsGy2;E|E=u$kR^JB5&%kF
zkH{_~haL(r4{Xwm<D%m!21Wf0fZ-nOCBKOI{WH8-5=f5H^Rk(3UH|RSOrr!ZRI+Z0
zC(SC|*LmhXLq6cxWs(g^d*<gY-3q;k$?Ag3dSwtDU)?Xzg^hh>NkMlXVl(pR*ZlZO
za*he?;c)@Y4#KoVp`#>M9S2exs$#lNcqunAuNcTRyo^gff$<d9Z~Krtx#$V#Rwz|q
zFu(rp>P4iYgJr<-a4VyftUm0B!A>$9n7Fu~5pXH}Hc<^_A2*iqPZSTH*{vh41{7IQ
zpTROnU2f?FVZ&<-3^<kR%I;-R_A&!~6Ks;V$(p#QD<aj<it{zNIlTRjsZcj<C5zSH
zysxfePZKv>Xo4%Fw9AT3sTa}h>f<53x5=oG*x=qn1OP>IvU$PFHkAVu^9g40bMVf4
zY3?I|SvH?+k_?_MwP9{Sn&WZB6Nljpx|%x22RWr{tT(GU_c{<EBu@`vu)p&$$mxM4
zkx=D)j;kQ*x!t!y7bw-D|87{``XCCIQ^*(LdJU3;y`ArmhHL)1Khzs9PD02mbUe;D
zeAnC~bjlT6PED3wo<(mu<Qs;u4}szm5;f#eR`GR~i3aNr&rTXOpWV(=PVZJ))x@WC
ztkBC-M>9nRg^R4&^`HR0L!i<grtbxt<$B_-=!>Kem}9~%)ue*;RT^WR08yV{u$DXN
z*-XY}=_-97m!cNpmjvJGzpf`j5cYe<&2C?5Ba9(p2o?Bwc~c3C;?w?u#kT*2aVY1n
z0Rber0<%-#?BeTqdfX|+$AMte5=;MS$?^4SaPdD+li3Yd{EVLR8N}QyoBDn~Sltva
ziP1+{>J3bR#O|yaCbME^@mYv`uX_xQwS*4qdKYplTas8%Nnbqm1onQp!ArK56{A(|
z!8&==q;PC_T~(_yd_wmox-gkhO48>40CMDjl&d9EpAVdM*+t~~b$XG)l|8WuY%Q<v
ztaX-iGr##f*t9BWE2bAegTE&DHKQ&Q=yso)1X$@(a3_ZonwI(v$>t0Vx4o}iW@$|e
zxW(DF-kgci5Yu!2o^X1cNAS5Jar6cAhcq?%yaS2CB*|4{?F*`OzNLM<SA-Y4wd0=0
zG{Scf0n5b6dg3-6vRcS8vJ)ucPimFX2j6I{v(l%8WPnREWk$}$l993R%aG9I*ua^d
zPXO<-w56dB`jmwP8{V;hs9H8)VCSz`xswq_QnU*otC!|PJLX00=GemCm6!9DUno`d
z?6OrIlhFYhT#wXm%hnxxdW+ZeAG-M6t3~DxXg(&2j0q;oX=GW8ZPKAZK*{h}E$mKk
z#R88u^q8L!n-Fu5ZKj41+Ntru<kf1r(;-!rEoP;xT~%%^o@VV!h*ZFIBL*fNRr&=a
zfxa5&F7|=E<tsllAevOzji5+K7!SDeDY_1P<u`XHCntohCgF(hfnJ||-2Q>{cj`zE
zLd_AFW`I^(Idd%4Cfbmiau!iNIeC#>cYYr&x5cO2#pj4X>E+Y~?W^+p2gN-Yk1`xN
zhX+ajhKucwsM+}lR)*$e$uRJLlQAMEjOM%zJZ<H~PI_}vnJ=+ABG{}M)$}z0CcN{}
zngDoFHrND!2GO!Xk8!uLd+~gwlSm+>h9sR;CMGnJdcFvPUvMm2a2&O4fZJ$q5AT?F
z5!#rCRXiY8ikra#EH9K|f|iNn`Jzv1)Fe4)r&j^mt-5LrP-SXW2$R`Sb&zB0(?Y{%
zdm6rcD!otzPfH@U>`}^s=g1$Vm_0wH&aMzSLW73Q_z>Hg4NpMuk~-K{i^11Jo}yO`
zLMJ8^V?R^wGvH>W51U~9k>~P;heMYlMlkEjp|ObSq=l+*Ji>K|c$1Qy@YiMlB?JG_
zvyh8+O<?I*H!$^qL2e4lP<oLl{|OAy^#1)_d|-@x!E%a04Joj{s*Hbnr&J4-Tre2f
zCY>w4nq8&Sm!|4BL3?maKXx48w#vP;l3(EOq>zv~R5jtVN^r!m=)NRb=1m^2JxP`?
zQ}~~q)KoJJ5A3~S1Jb3+t%=8ZsD_;!sD~R=2ML>X*BTv*Ebl|AGyVUTYln%&F3Dcf
zqcC(c%&N?Z4Ud67dU|L$b+cXwQGt-32jEz77FSiQ0n2nUEg_Z!<OCC4CWeI@l%Ym{
z-V*}i<YOv2r(xK-Qcmwa^izpB0XcRz^r+El|LJ|JTmWDi<!wKP^V2vt318fz!~Ymh
zovBZiHkx?1_1=S$Noe6r=sWI$Z)9dZz?MSIcQfa)U9dKvb0-O+ev<d}?HSsfI>~m!
zdPb52iObKmxJ+y7uh`gQE!W}*R7{EcYjtl6pp9)u`|E2U+S!-4q+R76lJ%F=`$DWX
zcAl7r&1;lA;EX}?HJ-DG34fjQ<DY^Z%uZ=iN<mUq>S8+C{tbHNZx8IJvcZtj4xvMe
zvvU~Y!ScixpJ))8=V2_EGk0<z-Lt%sn+WZjH7uZSQP?(BT~ScxA8+{p(8`pjhQ9UE
zCxQHnpwPH#3EqHxGVueCqGSFmU&Y<b_Qx}9M85~ynonCNWZ=Z@ixbWtv9bdW;Yh$L
zuV(0<g1Mqb#-en|P3O9ptN~s2-~lTWHNAB;cTUfD>KXH}QqE9}IZuv67_Zvkm1Rj_
zq#6cRfCpxe$*2s?wSonzpAU_tIRo6j$u8}_YD}R?n%5bp0SQ?~8*#ov;U(~vnR_F|
SUvgLmEa>~s!x9|lXt{1@uf&A_

literal 0
HcmV?d00001

diff --git a/.travis/update-repo-sh-add-fedora-25-26.patch b/.travis/update-repo-sh-add-fedora-25-26.patch
new file mode 100644
index 0000000..282359c
--- /dev/null
+++ b/.travis/update-repo-sh-add-fedora-25-26.patch
@@ -0,0 +1,11 @@
+--- a/update_repo.sh	2020-06-25 16:30:24.309988800 +0300
++++ b/update_repo.sh	2020-06-25 16:29:56.055990528 +0300
+@@ -30,7 +30,7 @@
+     elif [ "$os" == "el" ]; then
+         alldists='6 7 8'
+     elif [ "$os" == "fedora" ]; then
+-        alldists='27 28 29 30 31'
++        alldists='25 26 27 28 29 30 31'
+     fi
+ 
+     echo "$alldists"
diff --git a/.travis/update-repo-sh-fix-unbound-var-access.patch b/.travis/update-repo-sh-fix-unbound-var-access.patch
new file mode 100644
index 0000000..8b16b42
--- /dev/null
+++ b/.travis/update-repo-sh-fix-unbound-var-access.patch
@@ -0,0 +1,20 @@
+--- a/update_repo.sh	2020-06-25 19:15:52.899381514 +0300
++++ b/update_repo.sh	2020-06-25 19:16:29.222379292 +0300
+@@ -699,7 +699,7 @@
+             for metafile in repodata.base/other \
+                             repodata.base/filelists \
+                             repodata.base/primary ; do
+-                up_lines=''
++                up_full_lines=''
+                 if [ "$metafile" == "repodata.base/primary" ]; then
+                     up_full_lines='(\N+\n)*'
+                 fi
+@@ -845,7 +845,7 @@
+             #       entry in damaged file, to fix it all found entries
+             #       of this file need to be removed
+             for metafile in other filelists primary ; do
+-                up_lines=''
++                up_full_lines=''
+                 if [ "$metafile" == "primary" ]; then
+                     up_full_lines='(\N+\n)*'
+                 fi
diff --git a/.travis/update-repo-sh-use-right-gpg-key.patch b/.travis/update-repo-sh-use-right-gpg-key.patch
new file mode 100644
index 0000000..59afdc0
--- /dev/null
+++ b/.travis/update-repo-sh-use-right-gpg-key.patch
@@ -0,0 +1,29 @@
+--- a/update_repo.sh	2020-06-09 17:35:03.332961335 +0300
++++ b/update_repo.sh	2020-06-23 02:26:55.532653673 +0300
+@@ -415,7 +415,7 @@
+     done
+     # resign the selfsigned InRelease file
+     $rm_file InRelease
+-    gpg --clearsign -o InRelease Release
++    gpg -u $GPG_SIGN_KEY --clearsign -o InRelease Release
+     # resign the Release file
+     $rm_file Release.gpg
+     gpg -u $GPG_SIGN_KEY -abs -o Release.gpg Release
+@@ -784,7 +784,7 @@
+ EOF
+     done
+     tail -n 1 repodata.adding/repomd.xml >>repodata/repomd.xml
+-    gpg --detach-sign --armor repodata/repomd.xml
++    gpg -u $GPG_SIGN_KEY --detach-sign --armor repodata/repomd.xml
+ 
+     # copy the packages to S3
+     for file in $pack_rpms ; do
+@@ -901,7 +901,7 @@
+     tail -n 1 repomd_saved.xml >>repomd.xml
+     rm -f repomd_saved.xml repomd.xml.asc
+     popd
+-    gpg --detach-sign --armor repodata/repomd.xml
++    gpg -u $GPG_SIGN_KEY --detach-sign --armor repodata/repomd.xml
+ 
+     # update the metadata at the S3
+     $aws_sync_public repodata "$bucket_path/$repopath/repodata"