Skip to content

Commit

Permalink
Merge pull request #136 from olblak/master
Browse files Browse the repository at this point in the history 
[INFRA-910] Update Publishing scripts
  • Loading branch information
@oleg-nenashev
oleg-nenashev authored Apr 3, 2020
2 parents c450a83 + 813fe46 commit 001fb63
Show file tree
Hide file tree
Showing 10 changed files with 362 additions and 151 deletions.
3 changes: 2 additions & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@ BUILDENV ?=./env/test.mk
include ${BUILDENV}

# refers to whereabouts of code-signing keys
CREDENTIAL ?=./credentials/test.mk
# CREDENTIAL ?=./credentials/test.mk

include ${CREDENTIAL}

include ./setup.mk
Expand Down
27 changes: 27 additions & 0 deletions credentials/ssh/id_rsa
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAw6bQJN8ceL5T7FaNs2QdSEnGgLKy5zvpuORDJLd0Q/wTm5DV
MVxqJzT8hCtL7a4D1NBPaBm6pAvlxCnKMhdZwSi+e2zuzRokOuivlAHyiV7le9Ln
1K/pKkDchAIz8P3YWLt1YZJERDUI8nXW9MC8ZOEt/IudmLTsZQcSr8lXOFIwNZe4
b/NSr/9sxvSnYQqw5q6j1ZxdjW/KtXPQapU+PObZ/31jzTH9W966LpoF8XYo0xRA
hJvy3f+NxbSVPhjH422wHCeeyfI/+B/xYlVNC3yYR4ONvXbAXsewB0aRhnOfh+sS
kzotOCDMBZHOjKrg27MLs0dfrmjxGffF2Vq+JQIDAQABAoIBAELefZ9Mfg+qhUZu
YqngWr29MVIFQW4UpRIjOeuPo/YkbpMp0iO3wTQ7QN7vaVkHs5mFxM4AlTDCPDpq
SggKwQtqoIfQuGFzQNS9eFzuuXVH8Mj8UW343Ykqd/PKSPRh3hKdp0W81wY01iUA
L4KhaQJVkAETur5Zf74bx8A64UuG+qWbDUGlRGCRk/pl9xGB1z0FQ7Api/6gQd2A
Tnu6ASmQfoKeDsDDOBVy8sHv7HlkU9msowD9TdOj7Gxx9DoPryX6GlAhgi//+jyA
qUCf03kdey5aCVKFVUIOkxpDxYRI0etW0ef0rww+DJDpL7pT0kWMf4sqxgmxPTly
TaOnl+ECgYEA4GpfL7GTPTFvhatxi78TlaATTzjmzPYLrxOF8EHQM3Tz/nDbDknX
x5YtQdq0cv2TNdR2uZ0AyuzZ06j6axyBCJWKgtErN+SO01+Qxa9rcv+Vw7NtdTGs
GUrMa7CU/X4t8jt6UiObIgGRNbvu93ANeEzjIOFn9S9QKQ0vrtfW/W0CgYEA3zAV
/z5rt/AThnajCRPv5c/o9c2TykKy3DFFUdgNTEwnHE04D+xoqH1eoTMNoNXdVbI0
1C5WTzCpYLuKmbl/aZEwvidi6ssTpYHcviAAz8iqN/TL9Ys5XmJ3iJViNK3IxxHB
TRLMiBC057tS8ZZLRa756weEZ2TUYRydxFntaJkCgYAV/nbbvsSWb7zlVdsn/g8W
T/z0e7grCEY232v2Ew0rrd+n5Tmi2dvbBL3kwWGED5QY53zHTjrgqHvkwZ/hVYbT
54wOrB9XOABDeQ9AQKQAPkpYRsKIhNjAFdOZDlJb0b0BC5E+cZznpU2s/YE7IPFB
BBASjeTZY8ywaUluEltQtQKBgCi2idy000uLdNRbgeQfCez/Hzzvkl0cC6qVJlMG
uW5Imf3UrDxjYLgTnpaDTKIhQS3nwzFNfpsVgmBN9buTFgX44U5euvGft+bCKLVZ
+yvsK/jnI+mXyxBHoAx/S5nWdcCyoXNg0YSkn4uCJWBCjVqZz6crCOEfiIpqgPEX
gnJJAoGBAKvDah87FijEJRBiaroef5buG1jr9pNCBoXIGbvZ1sFwkGWQGgrH6Y3s
EBD083+BBCcIMvzy2leB692axxGhtdyCxfPRN7KiZgT/YC6cCDL1yzhSHtZ8kamb
N8Qqs+wVE4YIdELB+VgKTho1v4gAyzZNuMJMhne6qH+oxNfGUgER
-----END RSA PRIVATE KEY-----
1 change: 1 addition & 0 deletions credentials/ssh/id_rsa.pub
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDptAk3xx4vlPsVo2zZB1IScaAsrLnO+m45EMkt3RD/BObkNUxXGonNPyEK0vtrgPU0E9oGbqkC+XEKcoyF1nBKL57bO7NGiQ66K+UAfKJXuV70ufUr+kqQNyEAjPw/dhYu3VhkkRENQjyddb0wLxk4S38i52YtOxlBxKvyVc4UjA1l7hv81Kv/2zG9KdhCrDmrqPVnF2Nb8q1c9BqlT485tn/fWPNMf1b3roumgXxdijTFECEm/Ld/43FtJU+GMfjbbAcJ57J8j/4H/FiVU0LfJhHg429dsBex7AHRpGGc5+H6xKTOi04IMwFkc6MquDbswuzR1+uaPEZ98XZWr4l olblak@winterfell
2 changes: 2 additions & 0 deletions credentials/ssh/known_hosts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
|1|3Ao1unSiaoLJcBH+jj4LxlUJvU8=|9VCo6soeOkBokfDfbckMBvnE/6k= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFnJjx5araEbR3BvluFk5ONHqZSVZW1osdn4NuC/UBFPxwcEkkECK0EHR+WTxfTLGybJCTh3H5hTDady7W0EyIs=
|1|Orovxffw11DXksUZda8iwv3XcME=|OIrRb9oqBvY2esPMc+I0K70HLSs= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFnJjx5araEbR3BvluFk5ONHqZSVZW1osdn4NuC/UBFPxwcEkkECK0EHR+WTxfTLGybJCTh3H5hTDady7W0EyIs=
180 changes: 125 additions & 55 deletions deb/publish/publish.sh
View file
Original file line number Diff line number Diff line change
@@ -1,63 +1,133 @@
#!/bin/bash -ex
#!/bin/bash

set -euxo pipefail

: "${AGENT_WORKDIR:=/tmp}"
: "${GPG_KEYNAME:?Required valid gpg keyname}"
: "${GPG_KEYNAME:?Require valid gpg keyname}"
: "${DEB:?Require Debian package}"
: "${DEBDIR:? Require where to put binary files}"
: "${DEB_WEBDIR:? Require where to put repository index and other web contents}"
: "${DEB_URL:? Require Debian repository Url}"

bin="$(dirname "$0")"
# $$ Contains current pid
D="$AGENT_WORKDIR/$$"

## Publish Binary
#
mkdir -p "$DEBDIR"
mkdir -p "$DEB_WEBDIR"
# Convert string to array to correctly escape cli parameter
SSH_OPTS=($SSH_OPTS)

rsync -avz "$DEB" "$DEBDIR/"
bin="$(dirname "$0")"

# $$ Contains current pid
D="$AGENT_WORKDIR/$$"
function clean(){
rm -rf "$D"
}

# Generate and publish site content
##
mkdir -p "$D/binary" "$D/contents"
cp -R "$bin/contents/." "$D/contents"

gpg --export -a --output "$D/contents/${ORGANIZATION}.key" "${GPG_KEYNAME}"

"$BASE/bin/indexGenerator.py" \
--distribution debian \
--binaryDir "$DEBDIR" \
--targetDir "$DEB_WEBDIR"

"$BASE/bin/branding.py" "$D"

# build package index
# see http://wiki.debian.org/SecureApt for more details
cp "${DEB}" "$D/binary/"
pushd "$D"
apt-ftparchive packages binary > binary/Packages
apt-ftparchive contents binary > binary/Contents
popd

apt-ftparchive -c "$bin/release.conf" release "$D/binary" > "$D/binary/Release"

# sign the release file
rm "$D/binary/Release.gpg" || true

gpg \
--batch \
--pinentry-mode loopback \
--digest-algo=sha256 \
-u "$GPG_KEYNAME" \
-abs \
-o "$D/binary/Release.gpg" \
"$D/binary/Release"

cp \
"$D"/binary/Packages* \
"$D"/binary/Release \
"$D"/binary/Release.gpg \
"$D"/binary/Contents* \
"$D"/contents/binary

rsync -avz "$D/contents/" "$DEB_WEBDIR/"

rm -rf "$D"
function generateSite(){

cp -R "$bin/contents/." "$D/contents"

gpg --export -a --output "$D/contents/${ORGANIZATION}.key" "${GPG_KEYNAME}"

"$BASE/bin/indexGenerator.py" \
--distribution debian \
--binaryDir "$DEBDIR" \
--targetDir "$DEB_WEBDIR"

"$BASE/bin/branding.py" "$D"


# build package index
# see http://wiki.debian.org/SecureApt for more details
cp "${DEB}" "$D/binary/"

pushd "$D"
apt-ftparchive packages binary > binary/Packages
apt-ftparchive contents binary > binary/Contents
popd

# Remote ftparchive-merge
# https://github.com/kohsuke/apt-ftparchive-merge
pushd $D/binary
mvn org.kohsuke:apt-ftparchive-merge:1.6:merge -Durl="$DEB_URL/binary/" -Dout=../merged
popd

# Local ftparchive-merge

cat $D/merged/Packages > $D/binary/Packages
gzip -9c "$D/merged/Packages" > "$D/binary/Packages.gz"
bzip2 -c "$D/merged/Packages" > "$D/binary/Packages.bz2"
lzma -c "$D/merged/Packages" > "$D/binary/Packages.lzma"
gzip -9c "$D/merged/Contents" > "$D/binary/Contents.gz"

apt-ftparchive -c "$bin/release.conf" release "$D/binary" > "$D/binary/Release"

}

function init(){

mkdir -p "$D/binary" "$D/contents"

# where to put binary files
mkdir -p "$DEBDIR" # where to put binary files

# where to put repository index and other web contents
mkdir -p "$DEB_WEBDIR"
## On remote serve
# shellcheck disable=SC2029
ssh "$PKGSERVER" "${SSH_OPTS[*]}" mkdir -p "$DEBDIR/"
}

function uploadPackage(){
# Upload Debian Package
rsync -avz "$DEB" "$DEBDIR/"
rsync -avz -e "ssh ${SSH_OPTS[*]}" "${DEB}" "$PKGSERVER:${DEBDIR// /\\ }"
}

function uploadSite(){

cp \
"$D"/binary/Packages* \
"$D"/binary/Release \
"$D"/binary/Release.gpg \
"$D"/binary/Contents* \
"$D"/contents/binary

rsync -avz "$D/contents/" "$DEB_WEBDIR/"
rsync -avz -e "ssh ${SSH_OPTS[*]}" "${DEB}" "$PKGSERVER:${DEBDIR// /\\ }"
}

function show(){
echo "Parameters:"
echo "DEB: $DEB"
echo "DEBDIR: $DEBDIR"
echo "DEB_WEBDIR: $DEB_WEBDIR"
echo "SSH_OPTS: $SSH_OPTS"
echo "PKGSERVER: $PKGSERVER"
echo "GPG_KEYNAME: $GPG_KEYNAME"
echo "---"
}

function signSite(){
# sign the release file
if [ -f "$D/binary/Release.gpg" ]; then
rm "$D/binary/Release.gpg"
fi

gpg \
--batch \
--pinentry-mode loopback \
--digest-algo=sha256 \
-u "$GPG_KEYNAME" \
--passphrase-file "$GPG_PASSPHRASE_FILE" \
-abs \
-o "$D/binary/Release.gpg" \
"$D/binary/Release"
}

show
init
generateSite
signSite
uploadPackage
uploadSite
clean
29 changes: 20 additions & 9 deletions docker-compose.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,30 @@
# docker exec -i -t packaging_packaging_1 gpg --import --batch credentials/sandbox.gpg
version: '3'
volumes:
sshd:
services:
packaging:
image: jenkinsciinfra/packaging:latest
command: "sleep 99d"
environment:
- "BUILDENV='/packaging/env/test.mk'"
- "BRANDING_DIR=/packaging/branding"
- "BRAND=/packaging/jenkins.mk'"
- "CREDENTIAL=credentials/test.mk"
- "GPG_FILE=/packaging/credentials/sandbox.gpg"
- "BUILDENV=/srv/releases/jenkins/env/test.mk"
- "BRANDING_DIR=/srv/releases/jenkins/branding"
- "BRAND=/srv/releases/jenkins/branding/test.mk"
- "GPG_FILE=/srv/releases/jenkins/credentials/sandbox.gpg"
- "GPG_KEYNAME=Bogus Test"
- "GPG_PASSPHRASE=s3cr3t"
- "GPG_PASSPHRASE_FILE=/packaging/credentials/test.gpg.password.txt"
- "WAR=/packaging/jenkins.war"
- "GPG_PASSPHRASE_FILE=/srv/releases/jenkins/credentials/test.gpg.password.txt"
- "WAR=/srv/releases/jenkins/jenkins.war"
- "RELEASELINE=-experimental"
volumes:
- .:/packaging
working_dir: "/packaging"
- ".:/srv/releases/jenkins"
- "./credentials/ssh:/root/.ssh"
working_dir: "/srv/releases/jenkins"
remote:
image: jenkinsciinfra/packaging:latest
command: "/usr/sbin/sshd -D"
ports:
- "2222:22"
volumes:
- "./credentials/ssh/id_rsa.pub:/root/.ssh/authorized_keys:ro"
- sshd:/run/sshd
17 changes: 8 additions & 9 deletions env/release.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,18 +11,17 @@ export SSH_OPTS=-p 22
export SCP_OPTS=-P 22

# where to put binary files
export WARDIR=/packages/binary/war${RELEASELINE}
export MSIDIR=/packages/binary/windows${RELEASELINE}
export WARDIR=/srv/releases/jenkins/war${RELEASELINE}
export MSIDIR=/srv/releases/jenkins/windows${RELEASELINE}
export OSXDIR=/srv/releases/jenkins/osx${RELEASELINE}
export DEBDIR=/packages/binary/debian${RELEASELINE}
export RPMDIR=/packages/binary/redhat${RELEASELINE}
export SUSEDIR=/packages/binary/opensuse${RELEASELINE}
export DEBDIR=/srv/releases/jenkins/debian${RELEASELINE}
export RPMDIR=/srv/releases/jenkins/redhat${RELEASELINE}
export SUSEDIR=/srv/releases/jenkins/opensuse${RELEASELINE}

# where to put repository index and other web contents
export RPM_WEBDIR=/packages/web/redhat${RELEASELINE}
export SUSE_WEBDIR=/packages/web/opensuse${RELEASELINE}
export DEB_WEBDIR=/packages/web/debian${RELEASELINE}
export WAR_WEBDIR=/packages/web/war${RELEASELINE}
export RPM_WEBDIR=/var/www/pkg.jenkins.io.staging/redhat${RELEASELINE}
export SUSE_WEBDIR=/var/www/pkg.jenkins.io.staging/opensuse${RELEASELINE}
export DEB_WEBDIR=/var/www/pkg.jenkins.io.staging/debian${RELEASELINE}

# URL to the aforementioned webdir
export RPM_URL=https://pkg.jenkins.io/redhat${RELEASELINE}
Expand Down
37 changes: 19 additions & 18 deletions env/test.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,28 +6,29 @@
export JENKINS_URL=https://cloudbees.ci.cloudbees.com/

# the host to publish bits to
export PKGSERVER=${USER}@localhost
export SSH_OPTS=
export SCP_OPTS=
export PKGSERVER=root@remote
# Testing both with and without SSH_OPTS
#export SSH_OPTS=-p 22
#export SCP_OPTS=-P 22
export SSH_OPTS=-p 22
export SCP_OPTS=-P 22

# where to put binary files
export TESTDIR=$(realpath .)/pkg.jenkins.io
export WARDIR=/packages/binary/war${RELEASELINE}
# Concat MSDIR and RELEASELINE in the msi publishing
export MSIDIR=/packages/binary/windows${RELEASELINE}
export OSXDIR=/packages/osx${RELEASELINE}
export DEBDIR=/packages/binary/debian${RELEASELINE}
export RPMDIR=/packages/binary/redhat${RELEASELINE}
export SUSEDIR=/packages/binary/opensuse${RELEASELINE}
export WARDIR=${TESTDIR}/war${RELEASELINE}
export MSIDIR=${TESTDIR}/windows${RELEASELINE}
export OSXDIR=${TESTDIR}/osx${RELEASELINE}
export DEBDIR=${TESTDIR}/debian${RELEASELINE}/binary
export RPMDIR=${TESTDIR}/redhat${RELEASELINE}
export SUSEDIR=${TESTDIR}/opensuse${RELEASELINE}

# where to put repository index and other web contents
export RPM_WEBDIR=/packages/web/redhat${RELEASELINE}
export SUSE_WEBDIR=/packages/web/opensuse${RELEASELINE}
export DEB_WEBDIR=/packages/web/debian${RELEASELINE}
export WAR_WEBDIR=/packages/web/war${RELEASELINE}
export RPM_WEBDIR=${TESTDIR}/redhat${RELEASELINE}
export SUSE_WEBDIR=${TESTDIR}/opensuse${RELEASELINE}
export DEB_WEBDIR=${TESTDIR}/debian${RELEASELINE}

# URL to the aforementioned webdir.
WEBSERVER=test.pkg.jenkins.io:9200
export RPM_URL=http://${WEBSERVER}/redhat${RELEASELINE}
export SUSE_URL=http://${WEBSERVER}/opensuse${RELEASELINE}
export DEB_URL=http://${WEBSERVER}/debian${RELEASELINE}
WEBSERVER=pkg.jenkins.io
export RPM_URL=https://${WEBSERVER}/redhat${RELEASELINE}
export SUSE_URL=https://${WEBSERVER}/opensuse${RELEASELINE}
export DEB_URL=https://${WEBSERVER}/debian${RELEASELINE}
Loading

0 comments on commit 001fb63

Please sign in to comment.