additional fixes

This commit is contained in:
Louis Abel 2021-07-11 23:58:08 -07:00
parent 0b4cab9adb
commit 7f7e6c5086
Signed by untrusted user: label
GPG key ID: B37E62D143879B36
4 changed files with 162 additions and 3 deletions

View file

@ -41,6 +41,19 @@ ALL_REPOS=(
"${MODS_REPOS[@]}"
)
NONSIG_COMPOSE=(
Rocky
Rocky-devel
Extras
Plus
NFV
)
declare -A SIG_COMPOSE
SIG_COMPOSE=(
[Gluster9]="storage/gluster9"
)
# These repos have modules
MODS=(
AppStream

View file

@ -1,10 +1,56 @@
#!/bin/bash
# Performs a full on sync of a minor release, directories and all. It calls the
# other scripts in this directory to assist.
# other scripts in this directory to assist where necessary.
# Source common variables
# shellcheck disable=SC2046,1091,1090
source $(dirname "$0")/common
# sync all pieces of a release, including extras, nfv, etc
# Major Version (eg, 8)
MAJ=${RLVER}
# move around the ISOs a bit, make things comfortable
# sync all pieces of a release, including extras, nfv, etc
for COMPOSE in Rocky "${NONMODS_REPOS[@]}"; do
cd "/mnt/compose/${MAJ}/latest-${COMPOSE}-${MAJ}/compose" || { echo "${COMPOSE}: Failed to change directory"; break; }
TARGET="${STAGING_ROOT}/${CATEGORY_STUB}/${REV}"
mkdir -p "${TARGET}"
# disabling because none of our files should be starting with dashes. If they
# are something is *seriously* wrong here.
# shellcheck disable=SC2035
sudo -l && find **/* -maxdepth 0 -type d | parallel --will-cite -j 18 sudo rsync -av --chown=10004:10005 --progress --relative --human-readable \
{} "${TARGET}"
done
# sync all sig stuff
for SIG in "${!SIG_COMPOSE[@]}"; do
cd "/mnt/compose/${MAJ}/latest-${SIG}-${MAJ}/compose" || { echo "${COMPOSE}: Failed to change directory"; break; }
TARGET="${STAGING_ROOT}/${CATEGORY_STUB}/${REV}/${SIG_COMPOSE[$SIG]}"
mkdir -p "${TARGET}"
# disabling because none of our files should be starting with dashes. If they
# are something is *seriously* wrong here.
# shellcheck disable=SC2035
sudo -l && find **/* -maxdepth 0 -type d | parallel --will-cite -j 18 sudo rsync -av --chown=10004:10005 --progress --relative --human-readable \
{} "${TARGET}"
done
# copy around the ISOs a bit, make things comfortable
for ARCH in "${ARCHES[@]}"; do
TARGET="${STAGING_ROOT}/${CATEGORY_STUB}/${REV}/isos/${ARCH}"
# who knows if EL9 will change the name of baseos
for x in BaseOS Minimal; do
SOURCE="${STAGING_ROOT}/${CATEGORY_STUB}/${REV}/${x}/${ARCH}/iso"
mkdir -p "${TARGET}"
cp "${SOURCE}/*.iso" "${TARGET}"
cp "${SOURCE}/*.iso.manifest" "${TARGET}"
cat "${SOURCE}/CHECKSUM" >> "${TARGET}/CHECKSUM"
done
done
# sign all repos
test -f $(dirname "$0")/sign-repos-only.sh
ret_val=$?
if [ "$ret_val" -eq 0 ]; then
$(dirname "$0")/sign-repos-only.sh
fi

View file

@ -105,6 +105,7 @@ for x in "${ARCHES[@]}"; do
echo "** Fix variants"
TREEINFO_VAR="${STAGING_ROOT}/${RELEASE_DIR}/BaseOS/${x}/os/.treeinfo"
IMAGES_VAR="${STAGING_ROOT}/${RELEASE_DIR}/BaseOS/${x}/os/images"
test -f "${TREEINFO_VAR}"
treeinfo_retval=$?
test -x /usr/bin/python3
@ -116,6 +117,16 @@ for x in "${ARCHES[@]}"; do
# the take away is I learned something kind of on the fly and well, it worked.
# Emails should have stamps.
if [ "$treeinfo_retval" -eq 0 ] && [ "$python_retval" -eq 0 ]; then
# shellcheck disable=SC2086
BOOTISO_CHECKSUM="$(sha256sum ${IMAGES_VAR}/boot.iso | cut -d' ' -f1)"
# shellcheck disable=SC2086
EFIBOOT_CHECKSUM="$(sha256sum ${IMAGES_VAR}/efiboot.img | cut -d' ' -f1)"
# shellcheck disable=SC2086
INSTALLIMG_CHECKSUM="$(sha256sum ${IMAGES_VAR}/install.img | cut -d' ' -f1)"
# shellcheck disable=SC2086
INITRD_CHECKSUM="$(sha256sum ${IMAGES_VAR}/pxeboot/initrd.img | cut -d' ' -f1)"
# shellcheck disable=SC2086
VMLINUZ_CHECKSUM="$(sha256sum ${IMAGES_VAR}/pxeboot/vmlinuz | cut -d' ' -f1)"
cat <<EOF | /usr/bin/python3
from configparser import ConfigParser
config = ConfigParser()
@ -128,6 +139,20 @@ config.set('variants-AppStream', 'type', 'variant')
config.set('variants-AppStream', 'uid', 'AppStream')
config.set('variants-AppStream', 'packages', '../../../AppStream/${x}/os/Packages')
config.set('variants-AppStream', 'repository', '../../../AppStream/${x}/os/')
config.add_section('images-x86_64')
config.set('images-x86_64', 'boot.iso', 'images/boot.iso')
config.set('images-x86_64', 'efiboot.img', 'images/efiboot.img')
config.set('images-x86_64', 'initrd', 'images/pxeboot/initrd.img')
config.set('images-x86_64', 'kernel', 'images/pxeboot/vmlinuz')
config.add_section('stage2')
config.set('stage2', 'mainimage', 'images/install.img')
config.add_section('checksums')
config.set('checksums', 'images/boot.iso', 'sha256:${BOOTISO_CHECKSUM}')
config.set('checksums', 'images/efiboot.img', 'sha256:${EFIBOOT_CHECKSUM}')
config.set('checksums', 'images/install.img', 'sha256:${INSTALLIMG_CHECKSUM}')
config.set('checksums', 'images/pxeboot/initrd.img', 'sha256:${INITRD_CHECKSUM}')
config.set('checksums', 'images/pxeboot/vmlinuz', 'sha256:${VMLINUZ_CHECKSUM}')
with open('${TREEINFO_VAR}', 'w') as configfile:
config.write(configfile)
EOF

75
sync/sign-repos-only.sh Normal file
View file

@ -0,0 +1,75 @@
#!/bin/bash
# Signs repo metadata only
# Source common variables
export RLVER=8
# shellcheck disable=SC2046,1091,1090
source "$(dirname "$0")/common"
echo "** Signing source repos"
for y in "${ALL_REPOS[@]}"; do
test -d "${STAGING_ROOT}/${RELEASE_DIR}/${y}/source/tree"
ret_val=$?
if [ "$ret_val" -eq 0 ]; then
test -f /root/bin/sign-repo.sh && /root/bin/sign-repo.sh \
"${STAGING_ROOT}/${RELEASE_DIR}/${y}/source/tree/repodata/repomd.xml"
else
echo "${STAGING_ROOT}/${RELEASE_DIR}/${y}/source/tree does not exist"
fi
done
# Sync up some stuff
echo "** Signing arch repos as necessary **"
for x in "${ARCHES[@]}"; do
# regular repos, no comps
for y in "${NONMODS_REPOS[@]}"; do
# os and debug/tree directories
for z in os debug/tree; do
test -d "${STAGING_ROOT}/${RELEASE_DIR}/${y}/${x}/${z}"
ret_val=$?
if [ "$ret_val" -eq 0 ]; then
test -f /root/bin/sign-repo.sh && /root/bin/sign-repo.sh \
"${STAGING_ROOT}/${RELEASE_DIR}/${y}/${x}/${z}/repodata/repomd.xml"
else
echo "${STAGING_ROOT}/${RELEASE_DIR}/${y}/${x}/${z} does not exist"
fi
done
done
# repos with comps/groups involved, but only debug
for y in "${MODS_REPOS[@]}"; do
test -d "${STAGING_ROOT}/${RELEASE_DIR}/${y}/${x}/debug/tree"
ret_val=$?
if [ "$ret_val" -eq 0 ]; then
test -f /root/bin/sign-repo.sh && /root/bin/sign-repo.sh \
"${STAGING_ROOT}/${RELEASE_DIR}/${y}/${x}/debug/tree/repodata/repomd.xml"
else
echo "${STAGING_ROOT}/${RELEASE_DIR}/${y}/${x}/debug/tree does not exist"
fi
done
echo "** Sign all repos with comps/groups"
for y in "${MODS_REPOS[@]}"; do
echo "${y}: ${x}"
test -d "${STAGING_ROOT}/${RELEASE_DIR}/${y}/${x}/os"
ret_val=$?
if [ "$ret_val" -eq 0 ]; then
test -f /root/bin/sign-repo.sh && /root/bin/sign-repo.sh \
"${STAGING_ROOT}/${RELEASE_DIR}/${y}/${x}/os/repodata/repomd.xml"
else
echo "${STAGING_ROOT}/${RELEASE_DIR}/${y}/${x}/os does not exist"
fi
done
echo "** Sign module repos"
for y in "${MODS[@]}"; do
test -d "${STAGING_ROOT}/${RELEASE_DIR}/${y}/${x}/os"
ret_val=$?
if [ "$ret_val" -eq 0 ]; then
# This might not be necessary, but it does not hurt incase repomd is modified
test -f /root/bin/sign-repo.sh && /root/bin/sign-repo.sh \
"${STAGING_ROOT}/${RELEASE_DIR}/${y}/${x}/os/repodata/repomd.xml"
else
echo "${STAGING_ROOT}/${RELEASE_DIR}/${y}/${x}/os does not exist"
fi
done
done