diff options
author | Aric Gardner <agardner@linuxfoundation.org> | 2016-07-05 20:11:07 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@172.30.200.206> | 2016-07-05 20:11:07 +0000 |
commit | dbc2d128db8ab36e52f245c064b3f68f0953ecb2 (patch) | |
tree | 1833c4eeb2613c31fbcaf34b52d26c6a4b184ccc | |
parent | 85b8b5b1fd02971f7d011ddab146185f63f270f7 (diff) | |
parent | d688859a6e5abfacb5069272994bdce2ad0e9f66 (diff) |
Merge "This will enable artifact signing for apex uploads"
-rwxr-xr-x | jjb/apex/apex-upload-artifact.sh | 41 | ||||
-rw-r--r-- | utils/gpg_import_key.sh | 42 |
2 files changed, 83 insertions, 0 deletions
diff --git a/jjb/apex/apex-upload-artifact.sh b/jjb/apex/apex-upload-artifact.sh index 0598f5615..ba69f3eb6 100755 --- a/jjb/apex/apex-upload-artifact.sh +++ b/jjb/apex/apex-upload-artifact.sh @@ -11,6 +11,32 @@ echo # source the opnfv.properties to get ARTIFACT_VERSION source $WORKSPACE/opnfv.properties +#this is where we import the siging key +source $WORKSPACE/releng/utils/gpg_import_key.sh + +signrpm () { +for artifact in $RPM_LIST $SRPM_LIST; do + echo "Signing artifact: ${artifact}" + gpg2 -vvv --batch \ + --default-key opnfv-helpdesk@rt.linuxfoundation.org \ + --passphrase besteffort \ + --detach-sig $artifact + gsutil cp "$artifact".sig gs://$GS_URL/$(basename "$artifact".sig) + echo "Upload complete for ${artifact} signature" +done +} + +signiso () { +time gpg2 -vvv --batch \ + --default-key opnfv-helpdesk@rt.linuxfoundation.org \ + --passphrase notreallysecure \ + --detach-sig $BUILD_DIRECTORY/release/OPNFV-CentOS-7-x86_64-$OPNFV_ARTIFACT_VERSION.iso + +gsutil cp $BUILD_DIRECTORY/release/OPNFV-CentOS-7-x86_64-$OPNFV_ARTIFACT_VERSION.iso.sig gs://$GS_URL/opnfv-$OPNFV_ARTIFACT_VERSION.iso.sig +echo "ISO signature Upload Complete!" +} + +uploadiso () { # upload artifact and additional files to google storage gsutil cp $BUILD_DIRECTORY/release/OPNFV-CentOS-7-x86_64-$OPNFV_ARTIFACT_VERSION.iso gs://$GS_URL/opnfv-$OPNFV_ARTIFACT_VERSION.iso > gsutil.iso.log echo "ISO Upload Complete!" @@ -26,7 +52,10 @@ VERSION_EXTENSION=$(echo $(basename $OPNFV_SRPM_URL) | sed 's/opnfv-apex-//') for pkg in common undercloud opendaylight-sfc onos; do SRPM_LIST+=" ${SRPM_INSTALL_PATH}/opnfv-apex-${pkg}-${VERSION_EXTENSION}" done +} +uploadrpm () { +#This is where we upload the rpms for artifact in $RPM_LIST $SRPM_LIST; do echo "Uploading artifact: ${artifact}" gsutil cp $artifact gs://$GS_URL/$(basename $artifact) > gsutil.iso.log @@ -34,6 +63,18 @@ for artifact in $RPM_LIST $SRPM_LIST; do done gsutil cp $WORKSPACE/opnfv.properties gs://$GS_URL/opnfv-$OPNFV_ARTIFACT_VERSION.properties > gsutil.properties.log gsutil cp $WORKSPACE/opnfv.properties gs://$GS_URL/latest.properties > gsutil.latest.log +} + +if gpg2 --list-keys | grep "opnfv-helpdesk@rt.linuxfoundation.org"; then + echo "Signing Key avaliable" + signiso + uploadiso + signrpm + uploadrpm +else + uploadiso + uploadrpm +fi echo echo "--------------------------------------------------------" diff --git a/utils/gpg_import_key.sh b/utils/gpg_import_key.sh new file mode 100644 index 000000000..3afeda839 --- /dev/null +++ b/utils/gpg_import_key.sh @@ -0,0 +1,42 @@ +#!/bin/bash -e +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2016 NEC and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +function isinstalled { +if rpm -q "$@" >/dev/null 2>&1; then + true + else + echo installing "$1" + sudo yum install "$1" + false +fi +} + +if ! isinstalled gnupg2; then + echo "error with install" + exit 1 +fi + +if ! which gsutil; + then echo "error gsutil not installed"; + exit 1 +fi + +if gpg2 --list-keys | grep "opnfv-helpdesk@rt.linuxfoundation.org"; then + echo "Key Already available" +else + if [ -z "$NODE_NAME" ]; + then echo "Cannot find node name" + exit 1 + else echo "Importing key for '$NODE_NAME'"; + gsutil cp gs://opnfv-signing-keys/"$NODE_NAME"-subkey . + gpg2 --import "$NODE_NAME"-subkey + rm -f "$NODE_NAME"-subkey + fi +fi |