summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAric Gardner <agardner@linuxfoundation.org>2016-07-05 20:11:07 +0000
committerGerrit Code Review <gerrit@172.30.200.206>2016-07-05 20:11:07 +0000
commitdbc2d128db8ab36e52f245c064b3f68f0953ecb2 (patch)
tree1833c4eeb2613c31fbcaf34b52d26c6a4b184ccc
parent85b8b5b1fd02971f7d011ddab146185f63f270f7 (diff)
parentd688859a6e5abfacb5069272994bdce2ad0e9f66 (diff)
Merge "This will enable artifact signing for apex uploads"
-rwxr-xr-xjjb/apex/apex-upload-artifact.sh41
-rw-r--r--utils/gpg_import_key.sh42
2 files changed, 83 insertions, 0 deletions
diff --git a/jjb/apex/apex-upload-artifact.sh b/jjb/apex/apex-upload-artifact.sh
index 0598f5615..ba69f3eb6 100755
--- a/jjb/apex/apex-upload-artifact.sh
+++ b/jjb/apex/apex-upload-artifact.sh
@@ -11,6 +11,32 @@ echo
# source the opnfv.properties to get ARTIFACT_VERSION
source $WORKSPACE/opnfv.properties
+#this is where we import the siging key
+source $WORKSPACE/releng/utils/gpg_import_key.sh
+
+signrpm () {
+for artifact in $RPM_LIST $SRPM_LIST; do
+ echo "Signing artifact: ${artifact}"
+ gpg2 -vvv --batch \
+ --default-key opnfv-helpdesk@rt.linuxfoundation.org \
+ --passphrase besteffort \
+ --detach-sig $artifact
+ gsutil cp "$artifact".sig gs://$GS_URL/$(basename "$artifact".sig)
+ echo "Upload complete for ${artifact} signature"
+done
+}
+
+signiso () {
+time gpg2 -vvv --batch \
+ --default-key opnfv-helpdesk@rt.linuxfoundation.org \
+ --passphrase notreallysecure \
+ --detach-sig $BUILD_DIRECTORY/release/OPNFV-CentOS-7-x86_64-$OPNFV_ARTIFACT_VERSION.iso
+
+gsutil cp $BUILD_DIRECTORY/release/OPNFV-CentOS-7-x86_64-$OPNFV_ARTIFACT_VERSION.iso.sig gs://$GS_URL/opnfv-$OPNFV_ARTIFACT_VERSION.iso.sig
+echo "ISO signature Upload Complete!"
+}
+
+uploadiso () {
# upload artifact and additional files to google storage
gsutil cp $BUILD_DIRECTORY/release/OPNFV-CentOS-7-x86_64-$OPNFV_ARTIFACT_VERSION.iso gs://$GS_URL/opnfv-$OPNFV_ARTIFACT_VERSION.iso > gsutil.iso.log
echo "ISO Upload Complete!"
@@ -26,7 +52,10 @@ VERSION_EXTENSION=$(echo $(basename $OPNFV_SRPM_URL) | sed 's/opnfv-apex-//')
for pkg in common undercloud opendaylight-sfc onos; do
SRPM_LIST+=" ${SRPM_INSTALL_PATH}/opnfv-apex-${pkg}-${VERSION_EXTENSION}"
done
+}
+uploadrpm () {
+#This is where we upload the rpms
for artifact in $RPM_LIST $SRPM_LIST; do
echo "Uploading artifact: ${artifact}"
gsutil cp $artifact gs://$GS_URL/$(basename $artifact) > gsutil.iso.log
@@ -34,6 +63,18 @@ for artifact in $RPM_LIST $SRPM_LIST; do
done
gsutil cp $WORKSPACE/opnfv.properties gs://$GS_URL/opnfv-$OPNFV_ARTIFACT_VERSION.properties > gsutil.properties.log
gsutil cp $WORKSPACE/opnfv.properties gs://$GS_URL/latest.properties > gsutil.latest.log
+}
+
+if gpg2 --list-keys | grep "opnfv-helpdesk@rt.linuxfoundation.org"; then
+ echo "Signing Key avaliable"
+ signiso
+ uploadiso
+ signrpm
+ uploadrpm
+else
+ uploadiso
+ uploadrpm
+fi
echo
echo "--------------------------------------------------------"
diff --git a/utils/gpg_import_key.sh b/utils/gpg_import_key.sh
new file mode 100644
index 000000000..3afeda839
--- /dev/null
+++ b/utils/gpg_import_key.sh
@@ -0,0 +1,42 @@
+#!/bin/bash -e
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2016 NEC and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+function isinstalled {
+if rpm -q "$@" >/dev/null 2>&1; then
+ true
+ else
+ echo installing "$1"
+ sudo yum install "$1"
+ false
+fi
+}
+
+if ! isinstalled gnupg2; then
+ echo "error with install"
+ exit 1
+fi
+
+if ! which gsutil;
+ then echo "error gsutil not installed";
+ exit 1
+fi
+
+if gpg2 --list-keys | grep "opnfv-helpdesk@rt.linuxfoundation.org"; then
+ echo "Key Already available"
+else
+ if [ -z "$NODE_NAME" ];
+ then echo "Cannot find node name"
+ exit 1
+ else echo "Importing key for '$NODE_NAME'";
+ gsutil cp gs://opnfv-signing-keys/"$NODE_NAME"-subkey .
+ gpg2 --import "$NODE_NAME"-subkey
+ rm -f "$NODE_NAME"-subkey
+ fi
+fi