5 # Update node package repository metadata and sign packages
7 # Mark Huang <mlhuang@cs.princeton.edu>
8 # Copyright (C) 2006 The Trustees of Princeton University
9 # Thierry Parmentelat <thierry.parmentelat@inria.fr>
12 # Source function library and configuration
13 . /etc/plc.d/functions
14 . /etc/planetlab/plc_config
19 #################### hack yumgroups
20 # if we've installed for several flavours
21 # we create cross links in install-rpms like this one
22 # ./onelab-f8-i386/vserver-onelab-f12-i386-5.0-6.2011.02.03.i686.rpm
23 # -> /var/www/html/install-rpms/onelab-f12-i386/vserver-onelab-f12-i386-5.0-6.2011.02.03.i686.rpm
25 # but this won't make it to the nodes until they are insered in yumgroups.xml in the PlanetLab group
28 function hack_yumgroups () {
31 pushd $repo >& /dev/null
33 vsrpms=$(find . -name 'vserver*rpm')
34 echo found vsrpms $vsrpms
35 if [ ! -f yumgroups.xml ] ; then
36 echo "hack_yumgroups: could not find yumgroups in $(pwd)"
37 elif [ -z "$vsrpms" ] ; then
38 echo "No need to hack yumgroups, no foreign vserver package found"
40 cp yumgroups.xml yumgroups.xml.hacking
41 # remove references to package vserver-
42 grep -v '>vserver-' yumgroups.xml.hacking > yumgroups.xml
43 # build a list of lines with corresponding rpm names
45 for vsrpm in $vsrpms; do
46 rpmname=$(rpm -q --qf '%{name}' -p $vsrpm)
47 echo found file $vsrpm with name $rpmname
48 insert="$insert<packagereq type=\"mandatory\">$rpmname</packagereq>"
50 echo 'inserting' $insert
51 # insert in yumgroups at the right place -- first packages in the PlanetLab group
52 ed yumgroups.xml <<EOF
67 #################### xxx fixme xxx
68 # I'm seeing weird things with f14 nodes and an f8 myplc server
69 # I suspect that the f8-based createrepo binary does not do the right thing,
70 # as the node (onelab09.pl.sophia.inria.fr) issues a lot of
71 # 'package does not match intended content'
72 # before reaching this conclusion I have entirely rebuilt the server-side yum repos
73 # by (*) checking the gpg keys (*) yum reinstalling all noderepos
74 # and on top of that manually re-running createrepo
75 # of course the node had gone through yum clean all as well
79 if [ "$PLC_BOOT_ENABLED" != "1" ] ; then
83 MESSAGE=$"Signing and indexing node packages"
90 if [[ -z "$@" ]] ; then
91 # use all subdirs in install-rpms by default
92 repositories=/var/www/html/install-rpms/*
99 # deal with the vserver packages
100 # symlink all instances of plain 'vserver-*rpm' in all repos
101 # and cleanup old links
102 vsrpms=$(find $repositories -name 'vserver*rpm' -a -type f)
103 vslinks=$(find $repositories -name 'vserver*rpm' -a -type l)
105 for vslink in $vslinks; do
106 [ ! -e $vslink ] && { echo removing old $vslink; rm $vslink; }
109 for repo in $repositories; do
110 for vsrpm in $vsrpms; do
111 # if in the repo we're dealing with, ignore
112 if [ "$(echo $vsrpm | sed -e s,^$repo,,)" != $vsrpm ] ; then
117 if [ ! -e $link ] ; then
118 echo "creating symlink $link towards $vsrpm"
125 # now that the symlinks are OK, we can tweak yumgroups
126 for repository in $repositories; do
127 hack_yumgroups $repository
130 ########## sign plain packages
131 for repository in $repositories ; do
132 # the rpms that need signing
134 # and the corresponding stamps
136 # is there a need to refresh yum metadata
137 # a safe approach would be to always run createrepo
138 # however this is painfully slow with multi-flavour installed
140 # however if we run this script like
141 # /etc/plc.d/packages force
142 # then we force a createrepo
143 [ "$mode" == force ] && need_createrepo=true
145 # right after installation, no package is present
146 # but we still need to create index
147 [ ! -f $repository/repodata/repomd.xml ] && need_createrepo=true
149 # it's not helpful to sign symlinks that will get signed on their own
150 for package in $(find $repository/ -name '*.rpm' -a \! -type l) ; do
151 stamp=$repository/signed-stamps/$(basename $package).signed
152 # If package is newer than signature stamp
153 if [ $package -nt $stamp ] ; then
154 new_rpms="$new_rpms $package"
155 new_stamps="$new_stamps $stamp"
157 # Or than createrepo database
158 [ $package -nt $repository/repodata/repomd.xml ] && need_createrepo=true
161 if [ -n "$new_rpms" ] ; then
162 # Create a stamp once the package gets signed
163 mkdir $repository/signed-stamps 2> /dev/null
165 # Sign RPMS. setsid detaches rpm from the terminal,
166 # allowing the (hopefully blank) GPG password to be
167 # entered from stdin instead of /dev/tty.
169 --define "_signature gpg" \
170 --define "_gpg_path /etc/planetlab" \
171 --define "_gpg_name $PLC_MAIL_SUPPORT_ADDRESS" \
172 --resign $new_rpms && touch $new_stamps
174 # if we sign at least one package then we need to reindex
178 # Update repository index / yum metadata.
180 if [ -n "$need_createrepo" ] ; then
181 if [ -f $repository/yumgroups.xml ] ; then
182 createrepo --quiet -g yumgroups.xml $repository
185 createrepo --quiet $repository
195 if [[ -z "$@" ]] ; then
196 # use all subdirs in install-rpms by default
197 repositories=/var/www/html/install-rpms/*
203 for repository in $repositories ; do
204 rm -rf $repository/signed-stamps
205 rm -rf $repository/repodata
206 rm -rf $repository/headers
207 find $repository -type l | xargs rm
210 # (use this only if you have noderepos installed)
212 find /var/www/html/install-rpms -name signed-stamps | xargs rm -rf
213 rpm -aq | grep noderepo | xargs yum -y reinstall
217 echo "Usage: $0 start|force|clean [repo ..]"