github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-25 14:22:15 +00:00
Code Issues Projects Releases Wiki Activity

update(scripts): add option for updating all signatures in publish-rpm

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce 2023-01-17 15:23:00 +00:00 committed by poiana
parent ac2555ca3c
commit 9f4573a26a
1 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
scripts/publish-rpm
View File

@ -2,7 +2,7 @@
set -e set -e
usage() { usage() {
echo "usage: $0 -f <package_x86_64.rpm> -f <package_aarch64.rpm> -r <rpm|rpm-dev>" echo "usage: $0 -f <package_x86_64.rpm> -f <package_aarch64.rpm> -r <rpm|rpm-dev> [-s]"
exit 1 exit 1
} }
@ -14,16 +14,24 @@ check_program() {
fi fi
} }
# Updates the signature of a RPM package in the local repository
#
# $1: path of the repository.
# $2: path of the RPM file.
sign_rpm() {
pushd $1 > /dev/null
rm -f $(basename -- $2).asc
gpg --detach-sign --digest-algo SHA256 --armor $(basename -- $2)
popd > /dev/null
}
# Add a package to the local RPM repository # Add a package to the local RPM repository
# #
# $1: path of the repository. # $1: path of the repository.
# $2: path of the RPM file. # $2: path of the RPM file.
add_rpm() { add_rpm() {
cp -f $2 $1 cp -f $2 $1
pushd $1 > /dev/null sign_rpm $1 $2
rm -f $(basename -- $2).asc
gpg --detach-sign --digest-algo SHA256 --armor $(basename -- $2)
popd > /dev/null
} }
# Update the local RPM repository # Update the local RPM repository
@ -39,7 +47,7 @@ update_repo() {
# parse options # parse options
while getopts ":f::r:" opt; do while getopts ":f::r::s" opt; do
case "${opt}" in case "${opt}" in
f ) f )
files+=("${OPTARG}") files+=("${OPTARG}")
@ -48,6 +56,9 @@ while getopts ":f::r:" opt; do
repo="${OPTARG}" repo="${OPTARG}"
[[ "${repo}" == "rpm" || "${repo}" == "rpm-dev" ]] || usage [[ "${repo}" == "rpm" || "${repo}" == "rpm-dev" ]] || usage
;; ;;
s )
sign_all="true"
;;
: ) : )
echo "invalid option: ${OPTARG} requires an argument" 1>&2 echo "invalid option: ${OPTARG} requires an argument" 1>&2
exit 1 exit 1
@ -79,7 +90,19 @@ echo "Fetching ${s3_bucket_repo}..."
mkdir -p ${tmp_repo_path} mkdir -p ${tmp_repo_path}
aws s3 cp ${s3_bucket_repo} ${tmp_repo_path} --recursive aws s3 cp ${s3_bucket_repo} ${tmp_repo_path} --recursive
# update the repo # update signatures for all existing packages
if [ "${sign_all}" ]; then
for file in ${tmp_repo_path}/*; do
if [ -f "$file" ]; then # exclude directories, symlinks, etc...
if [[ ! $file == *.asc ]]; then # exclude signature files
echo "Signing ${file}..."
sign_rpm ${tmp_repo_path} ${file}
fi
fi
done
fi
# update the repo by adding new packages
for file in "${files[@]}"; do for file in "${files[@]}"; do
echo "Adding ${file}..." echo "Adding ${file}..."
add_rpm ${tmp_repo_path} ${file} add_rpm ${tmp_repo_path} ${file}