blob: 766b4a294d89dd4022992fbaf4727d0d3daa3229 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
#!/bin/bash
set -eux
# Used to update a Yum repo, e.g. during a staging build or release process
#("amazonlinux/2" "amazonlinux/2022" "centos/7" "centos/8" "centos/9")
RPM_REPO=${RPM_REPO:?}
# Where the base of all the repos is
BASE_PATH=${BASE_PATH:-$1}
if [[ ! -d "$BASE_PATH" ]]; then
echo "ERROR: invalid base path: $BASE_PATH"
exit 1
fi
# Set true to prevent signing
DISABLE_SIGNING=${DISABLE_SIGNING:-false}
if [[ "$DISABLE_SIGNING" != "true" ]]; then
echo "INFO: RPM signing configuration"
rpm --showrc|grep gpg
rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
fi
# Handle Ubuntu 18/22 differences - no support on Ubuntu 20
CREATE_REPO_CMD=${CREATE_REPO_CMD:-}
CREATE_REPO_ARGS=${CREATE_REPO_ARGS:--dvp}
# Assume if set we want to use it
if [[ -n "$CREATE_REPO_CMD" ]]; then
echo "INFO: using $CREATE_REPO_CMD"
elif command -v createrepo &> /dev/null; then
echo "INFO: found createrepo"
CREATE_REPO_CMD="createrepo"
elif command -v createrepo_c &> /dev/null; then
echo "INFO: found createrepo_c"
CREATE_REPO_CMD="createrepo_c"
else
echo "ERROR: unable to find a command equivalent to createrepo"
exit 1
fi
echo "INFO: updating $RPM_REPO"
REPO_DIR=$( realpath -sm "$BASE_PATH/$RPM_REPO" )
if [[ ! -d "$REPO_DIR" ]] ; then
echo "ERROR: missing $REPO_DIR"
exit 1
fi
if [[ "$DISABLE_SIGNING" != "true" ]]; then
# Sign all RPMs created for this target, cover both fluent-bit and legacy packages
find "$REPO_DIR" -name "*-bit-*.rpm" -exec rpm --define "_gpg_name $GPG_KEY" --addsign {} \;
fi
# Create full metadata for all RPMs in the directory
"$CREATE_REPO_CMD" "$CREATE_REPO_ARGS" "$REPO_DIR"
# Set up repo info
if [[ -n "${AWS_S3_BUCKET:-}" ]]; then
# Create top-level file so replace path separator with dash
# centos/8 --> centos-8.repo
# This way we make sure not to have a mixed repo or overwrite files for each target.
REPO_TYPE=${RPM_REPO/\//-}
echo "INFO: setting up $BASE_PATH/$REPO_TYPE.repo"
cat << EOF > "$BASE_PATH/$REPO_TYPE.repo"
[Fluent-Bit]
name=Fluent Bit Packages - $REPO_TYPE - \$basearch
baseurl=https://$AWS_S3_BUCKET.s3.amazonaws.com/$RPM_REPO/
enabled=1
gpgkey=https://$AWS_S3_BUCKET.s3.amazonaws.com/fluentbit.key
gpgcheck=1
repo_gpgcheck=1
EOF
fi
# Ensure we sign the Yum repo meta-data
if [[ "$DISABLE_SIGNING" != "true" ]]; then
# We use this form to fail on error during the find, otherwise -exec will succeed or just do one file with +
while IFS= read -r -d '' REPO_METADATA_FILE
do
echo "INFO: signing $REPO_METADATA_FILE"
gpg --detach-sign --batch --armor --yes -u "$GPG_KEY" "$REPO_METADATA_FILE"
done < <(find "$REPO_DIR" -name repomd.xml -print0)
# Debug ouput for checking
find "$REPO_DIR" -name "repomd.xml*" -exec ls -l {} \;
fi
echo "INFO: Completed $RPM_REPO"
|