From 340a6a337715e4b70adf413df97967bfed88a5a3 Mon Sep 17 00:00:00 2001 From: Louis Abel Date: Mon, 4 Jul 2022 12:23:04 -0700 Subject: [PATCH] add checksum combine for close out --- iso/empanadas/empanadas/templates/README.tmpl | 11 ++++++----- iso/empanadas/empanadas/util/dnf_utils.py | 11 +++++++++++ 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/iso/empanadas/empanadas/templates/README.tmpl b/iso/empanadas/empanadas/templates/README.tmpl index 4e4828b..498653c 100644 --- a/iso/empanadas/empanadas/templates/README.tmpl +++ b/iso/empanadas/empanadas/templates/README.tmpl @@ -13,15 +13,16 @@ of metadata that we produce for easy consumption. CHECKSUM Validation: https://github.com/rocky-linux/checksums -Traditionally, we would to "sign" the checksum files with the current GPG key -of a major release. However, due to how the new build system operates and for +Traditionally, we would "sign" the checksum files with the current GPG key of a +major release. However, due to how the new build system operates and for ensuring strong security within the build system as it pertains the signing keys, this is no longer possible. It was determined by SIG/Core or Release Engineering to instead provide verified signed commits using our keys with -RESF/Rocky Linux email domain names to a proper git repository. +RESF/Rocky Linux email domain names to a proper git repository. Our signing keys +are attached to our GitHub and RESF Git Service profiles. -With that being said, if you are looking for "verification" of the ISO -checksums, it is highly recommended to visit the link above. +If you are looking for "verification" of the ISO checksums and were expecting a +`CHECKSUM.sig`, it is highly recommended to visit the link above instead. These are *always* updated with new releases or new images. This includes live images as we release them. diff --git a/iso/empanadas/empanadas/util/dnf_utils.py b/iso/empanadas/empanadas/util/dnf_utils.py index 1f6ab3b..7e9c9df 100644 --- a/iso/empanadas/empanadas/util/dnf_utils.py +++ b/iso/empanadas/empanadas/util/dnf_utils.py @@ -14,6 +14,7 @@ import shutil import time import re import json +import glob #import pipes from jinja2 import Environment, FileSystemLoader @@ -1412,6 +1413,16 @@ class RepoSync: ) # Combine all checksums here + for arch in self.arches: + iso_arch_root = os.path.join(sync_iso_root, arch) + iso_arch_checksum = os.path.join(iso_arch_root, 'CHECKSUM') + with open(iso_arch_checksum, 'w+', encoding='utf-8') as fp: + for check in glob.iglob(iso_arch_root + '/*.CHECKSUM'): + with open(check, 'r', encoding='utf-8') as sum: + for line in sum: + fp.write(line) + fp.close() + # Deploy final metadata for a close out self.deploy_metadata(sync_root)