# web publishing results
DEFAULT_WEBPATH="/build/@PLDISTRO@/"
+# default gpg path used in signing yum repo
+DEFAULT_GPGPATH="/etc/planetlab"
+# default email to use in gpg secring
+DEFAULT_GPGUID="root@$( /bin/hostname )"
+
# for the test part
TESTBUILDURL="http://build.one-lab.org/"
TESTBOXSSH=root@testbox.one-lab.org
echo " -s svnpath - where to fetch the build module"
echo " -c testconfig - defaults to $DEFAULT_TESTCONFIG"
echo " -w webpath - defaults to $DEFAULT_WEBPATH"
+ echo " -y create (and sign) yum repo in webpath"
+ echo " -g path to gpg secring used to sign rpms. Defaults to $DEFAULT_GPGPATH"
+ echo " -u gpg email used in secring. Defaults to $DEFAULT_GPGUID"
echo " -m mailto - no default"
echo " -O : overwrite - re-run in base directory, do not re-create vserver"
echo " -B : run build only"
s) SVNPATH=$OPTARG ;;
c) TESTCONFIG="$TESTCONFIG $OPTARG" ;;
w) WEBPATH=$OPTARG ;;
+ y) MKYUMREPO=$OPTARG;;
+ g) GPGPATH=$OPTARG;;
+ u) GPGUID=$OPTARG;;
m) MAILTO=$OPTARG ;;
O) OVERWRITEMODE=true ;;
B) DO_TEST= ;;
rsync --archive --delete --verbose /vservers/$BASE/build/SRPMS/ $WEBPATH/$BASE/SRPMS/
# publish myplc-release
rsync --verbose /vservers/$BASE/build/myplc-release $WEBPATH/$BASE
-
+
+ # create yum repo and sign packages.
+ if [ -n $MKYUMREPO ] ; then
+ echo "Signing signing node packages"
+
+ ### availability of repo indexing tools
+ # old one - might be needed for old-style nodes
+ type -p yum-arch > /dev/null && have_yum_arch="true"
+ # new one
+ type -p createrepo > /dev/null && have_createrepo="true"
+
+ repository=$WEBPATH/$BASE/RPMS/
+ # the rpms that need signing
+ new_rpms=
+ # and the corresponding stamps
+ new_stamps=
+ # is there a need to refresh yum metadata
+ need_yum_arch=
+ need_createrepo=
+
+ # right after installation, no package is present
+ # but we still need to create index
+ [ -n "$have_yum_arch" -a ! -f $repository/headers/header.info ] && need_yum_arch=true
+ [ -n "$have_createrepo" -a ! -f $repository/repodata/repomd.xml ] && need_createrepo=true
+
+ for package in $(find $repository/ -name '*.rpm') ; do
+ stamp=$repository/signed-stamps/$(basename $package).signed
+ # If package is newer than signature stamp
+ if [ $package -nt $stamp ] ; then
+ new_rpms="$new_rpms $package"
+ new_stamps="$new_stamps $stamp"
+ fi
+ # Or than yum-arch headers
+ [ -n "$have_yum_arch" ] && [ $package -nt $repository/headers/header.info ] && need_yum
+_arch=true
+ # Or than createrepo database
+ [ -n "$have_createrepo" ] && [ $package -nt $repository/repodata/repomd.xml ] && need_c
+reaterepo=true
+ done
+
+ if [ -n "$new_rpms" ] ; then
+ # Create a stamp once the package gets signed
+ mkdir $repository/signed-stamps 2> /dev/null
+
+ # Sign RPMS. setsid detaches rpm from the terminal,
+ # allowing the (hopefully blank) GPG password to be
+ # entered from stdin instead of /dev/tty.
+ echo | setsid rpm \
+ --define "_signature gpg" \
+ --define "_gpg_path $GPGPATH" \
+ --define "_gpg_name $GPGUID" \
+ --resign $new_rpms && touch $new_stamps
+ check
+ fi
+
+ # Update repository index / yum metadata.
+
+ if [ -n "$need_yum_arch" ] ; then
+ # yum-arch sometimes leaves behind
+ # .oldheaders and .olddata directories accidentally.
+ rm -rf $repository/{.oldheaders,.olddata}
+ yum-arch $repository
+ check
+ fi
+
+ if [ -n "$need_createrepo" ] ; then
+ if [ -f $repository/yumgroups.xml ] ; then
+ createrepo --quiet -g yumgroups.xml $repository
+ else
+ createrepo --quiet $repository
+ fi
+ check
+ fi
+
+ fi
+
if [ -n "$DO_TEST" ] ; then
runtest
fi
git://git.onelab.eu / build.git / commitdiff