plc.d/packages

   1 #!/bin/bash
   2 # $Id$
   3 # $URL$
   4 #
   5 # priority: 1200
   6 #
   7 # Update node package repository metadata and sign packages
   8 #
   9 # Mark Huang <mlhuang@cs.princeton.edu>
  10 # Copyright (C) 2006 The Trustees of Princeton University
  11 #
  12
  13 # Source function library and configuration
  14 . /etc/plc.d/functions
  15 . /etc/planetlab/plc_config
  16
  17 # Be verbose
  18 set -x
  19
  20 case "$1" in
  21     start)
  22         if [ "$PLC_BOOT_ENABLED" != "1" ] ; then
  23             exit 0
  24         fi
  25
  26         MESSAGE=$"Signing and indexing node packages"
  27         dialog "$MESSAGE"
  28
  29         shopt -s nullglob
  30
  31         shift
  32         if [[ -z "$@" ]] ; then
  33             # use all subdirs in install-rpms by default
  34             repositories=/var/www/html/install-rpms/*
  35         else
  36             # else use argv
  37             repositories="$@"
  38         fi
  39
  40         ### availability of repo indexing tools
  41         # old one - might be needed for old-style nodes
  42         type -p yum-arch > /dev/null && have_yum_arch="true"
  43         # new one
  44         type -p createrepo > /dev/null && have_createrepo="true"
  45
  46         for repository in $repositories ; do
  47             # the rpms that need signing
  48             new_rpms=
  49             # and the corresponding stamps
  50             new_stamps=
  51             # is there a need to refresh yum metadata
  52             need_yum_arch=
  53             need_createrepo=
  54
  55             # right after installation, no package is present
  56             # but we still need to create index
  57             [ -n "$have_yum_arch" -a ! -f $repository/headers/header.info ] && need_yum_arch=true
  58             [ -n "$have_createrepo" -a ! -f $repository/repodata/repomd.xml ] && need_createrepo=true
  59
  60             for package in $(find $repository/ -name '*.rpm') ; do
  61                 stamp=$repository/signed-stamps/$(basename $package).signed
  62                 # If package is newer than signature stamp
  63                 if [ $package -nt $stamp ] ; then
  64                     new_rpms="$new_rpms $package"
  65                     new_stamps="$new_stamps $stamp"
  66                 fi
  67                 # Or than yum-arch headers
  68                 [ -n "$have_yum_arch" ] && [ $package -nt $repository/headers/header.info ] && need_yum_arch=true
  69                 # Or than createrepo database
  70                 [ -n "$have_createrepo" ] && [ $package -nt $repository/repodata/repomd.xml ] && need_createrepo=true
  71             done
  72
  73             if [ -n "$new_rpms" ] ; then
  74                 # Create a stamp once the package gets signed
  75                 mkdir $repository/signed-stamps 2> /dev/null
  76
  77                 # Sign RPMS. setsid detaches rpm from the terminal,
  78                 # allowing the (hopefully blank) GPG password to be
  79                 # entered from stdin instead of /dev/tty.
  80                 echo | setsid rpm \
  81                     --define "_signature gpg" \
  82                     --define "_gpg_path /etc/planetlab" \
  83                     --define "_gpg_name $PLC_MAIL_SUPPORT_ADDRESS" \
  84                     --resign $new_rpms && touch $new_stamps
  85                 check
  86             fi
  87
  88             # Update repository index / yum metadata.
  89
  90             if [ -n "$need_yum_arch" ] ; then
  91                 # yum-arch sometimes leaves behind
  92                 # .oldheaders and .olddata directories accidentally.
  93                 rm -rf $repository/{.oldheaders,.olddata}
  94                 yum-arch $repository
  95                 check
  96             fi
  97
  98             if [ -n "$need_createrepo" ] ; then
  99                 if [ -f $repository/yumgroups.xml ] ; then
 100                     createrepo --quiet -g yumgroups.xml $repository
 101                 else
 102                     createrepo --quiet $repository
 103                 fi
 104                 check
 105             fi
 106         done
 107
 108         result "$MESSAGE"
 109         ;;
 110     clean)
 111         shift
 112         if [[ -z "$@" ]] ; then
 113             # use all subdirs in install-rpms by default
 114             repositories=/var/www/html/install-rpms/*
 115         else
 116             # else use argv
 117             repositories=$@
 118         fi
 119
 120         for repository in $repositories ; do
 121             rm -rf $repository/signed-stamps
 122             rm -rf $repository/repodata
 123             rm -rf $repository/headers
 124         done
 125         ;;
 126     *)
 127         echo "Usage: $0 start|clean [repo ..]"
 128         ;;
 129 esac
 130
 131 exit $ERRORS