diff options
Diffstat (limited to 'fluent-bit/packaging/update-yum-repo.sh')
| -rwxr-xr-x | fluent-bit/packaging/update-yum-repo.sh | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/fluent-bit/packaging/update-yum-repo.sh b/fluent-bit/packaging/update-yum-repo.sh new file mode 100755 index 00000000..766b4a29 --- /dev/null +++ b/fluent-bit/packaging/update-yum-repo.sh @@ -0,0 +1,87 @@ +#!/bin/bash +set -eux + +# Used to update a Yum repo, e.g. during a staging build or release process + +#("amazonlinux/2" "amazonlinux/2022" "centos/7" "centos/8" "centos/9") +RPM_REPO=${RPM_REPO:?} + +# Where the base of all the repos is +BASE_PATH=${BASE_PATH:-$1} +if [[ ! -d "$BASE_PATH" ]]; then + echo "ERROR: invalid base path: $BASE_PATH" + exit 1 +fi + +# Set true to prevent signing +DISABLE_SIGNING=${DISABLE_SIGNING:-false} +if [[ "$DISABLE_SIGNING" != "true" ]]; then + echo "INFO: RPM signing configuration" + rpm --showrc|grep gpg + rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n' +fi + +# Handle Ubuntu 18/22 differences - no support on Ubuntu 20 +CREATE_REPO_CMD=${CREATE_REPO_CMD:-} +CREATE_REPO_ARGS=${CREATE_REPO_ARGS:--dvp} + +# Assume if set we want to use it +if [[ -n "$CREATE_REPO_CMD" ]]; then + echo "INFO: using $CREATE_REPO_CMD" +elif command -v createrepo &> /dev/null; then + echo "INFO: found createrepo" + CREATE_REPO_CMD="createrepo" +elif command -v createrepo_c &> /dev/null; then + echo "INFO: found createrepo_c" + CREATE_REPO_CMD="createrepo_c" +else + echo "ERROR: unable to find a command equivalent to createrepo" + exit 1 +fi + +echo "INFO: updating $RPM_REPO" + +REPO_DIR=$( realpath -sm "$BASE_PATH/$RPM_REPO" ) +if [[ ! -d "$REPO_DIR" ]] ; then + echo "ERROR: missing $REPO_DIR" + exit 1 +fi + +if [[ "$DISABLE_SIGNING" != "true" ]]; then + # Sign all RPMs created for this target, cover both fluent-bit and legacy packages + find "$REPO_DIR" -name "*-bit-*.rpm" -exec rpm --define "_gpg_name $GPG_KEY" --addsign {} \; +fi +# Create full metadata for all RPMs in the directory +"$CREATE_REPO_CMD" "$CREATE_REPO_ARGS" "$REPO_DIR" + +# Set up repo info +if [[ -n "${AWS_S3_BUCKET:-}" ]]; then + # Create top-level file so replace path separator with dash + # centos/8 --> centos-8.repo + # This way we make sure not to have a mixed repo or overwrite files for each target. + REPO_TYPE=${RPM_REPO/\//-} + echo "INFO: setting up $BASE_PATH/$REPO_TYPE.repo" + cat << EOF > "$BASE_PATH/$REPO_TYPE.repo" +[Fluent-Bit] +name=Fluent Bit Packages - $REPO_TYPE - \$basearch +baseurl=https://$AWS_S3_BUCKET.s3.amazonaws.com/$RPM_REPO/ +enabled=1 +gpgkey=https://$AWS_S3_BUCKET.s3.amazonaws.com/fluentbit.key +gpgcheck=1 +repo_gpgcheck=1 +EOF +fi + +# Ensure we sign the Yum repo meta-data +if [[ "$DISABLE_SIGNING" != "true" ]]; then + # We use this form to fail on error during the find, otherwise -exec will succeed or just do one file with + + while IFS= read -r -d '' REPO_METADATA_FILE + do + echo "INFO: signing $REPO_METADATA_FILE" + gpg --detach-sign --batch --armor --yes -u "$GPG_KEY" "$REPO_METADATA_FILE" + done < <(find "$REPO_DIR" -name repomd.xml -print0) + # Debug ouput for checking + find "$REPO_DIR" -name "repomd.xml*" -exec ls -l {} \; +fi + +echo "INFO: Completed $RPM_REPO" |