summaryrefslogtreecommitdiffstats
path: root/jjb/apex
diff options
context:
space:
mode:
authorAric Gardner <agardner@linuxfoundation.org>2016-07-04 15:20:39 -0400
committerAric Gardner <agardner@linuxfoundation.org>2016-07-05 15:42:22 -0400
commitd688859a6e5abfacb5069272994bdce2ad0e9f66 (patch)
treea7ec7afa277c903e36a14fc85d778458db631348 /jjb/apex
parent6e5fc37495ddbf9dd6ac19efe4e8fbd0aa474dfe (diff)
This will enable artifact signing for apex uploads
sources gpg_import_key.sh which: -installs gpg2 -imports key -grabs proper key based on $NODE_NAME only tries to sign if the key is correctly imported otherwise it will skip signing and just do the upload Keys have only been created for lf intel and ericsson labs Keys are only unique per company Master pubkey has not been sent to the key server Or brought into the web of trust. Lets see that this works as I expected rather than having to go through the pain of revoking these keys. Change-Id: Ifa4bc4e11407c53f8174f6c64945949bf66d6535 Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
Diffstat (limited to 'jjb/apex')
-rwxr-xr-xjjb/apex/apex-upload-artifact.sh41
1 files changed, 41 insertions, 0 deletions
diff --git a/jjb/apex/apex-upload-artifact.sh b/jjb/apex/apex-upload-artifact.sh
index 0598f5615..ba69f3eb6 100755
--- a/jjb/apex/apex-upload-artifact.sh
+++ b/jjb/apex/apex-upload-artifact.sh
@@ -11,6 +11,32 @@ echo
# source the opnfv.properties to get ARTIFACT_VERSION
source $WORKSPACE/opnfv.properties
+#this is where we import the siging key
+source $WORKSPACE/releng/utils/gpg_import_key.sh
+
+signrpm () {
+for artifact in $RPM_LIST $SRPM_LIST; do
+ echo "Signing artifact: ${artifact}"
+ gpg2 -vvv --batch \
+ --default-key opnfv-helpdesk@rt.linuxfoundation.org \
+ --passphrase besteffort \
+ --detach-sig $artifact
+ gsutil cp "$artifact".sig gs://$GS_URL/$(basename "$artifact".sig)
+ echo "Upload complete for ${artifact} signature"
+done
+}
+
+signiso () {
+time gpg2 -vvv --batch \
+ --default-key opnfv-helpdesk@rt.linuxfoundation.org \
+ --passphrase notreallysecure \
+ --detach-sig $BUILD_DIRECTORY/release/OPNFV-CentOS-7-x86_64-$OPNFV_ARTIFACT_VERSION.iso
+
+gsutil cp $BUILD_DIRECTORY/release/OPNFV-CentOS-7-x86_64-$OPNFV_ARTIFACT_VERSION.iso.sig gs://$GS_URL/opnfv-$OPNFV_ARTIFACT_VERSION.iso.sig
+echo "ISO signature Upload Complete!"
+}
+
+uploadiso () {
# upload artifact and additional files to google storage
gsutil cp $BUILD_DIRECTORY/release/OPNFV-CentOS-7-x86_64-$OPNFV_ARTIFACT_VERSION.iso gs://$GS_URL/opnfv-$OPNFV_ARTIFACT_VERSION.iso > gsutil.iso.log
echo "ISO Upload Complete!"
@@ -26,7 +52,10 @@ VERSION_EXTENSION=$(echo $(basename $OPNFV_SRPM_URL) | sed 's/opnfv-apex-//')
for pkg in common undercloud opendaylight-sfc onos; do
SRPM_LIST+=" ${SRPM_INSTALL_PATH}/opnfv-apex-${pkg}-${VERSION_EXTENSION}"
done
+}
+uploadrpm () {
+#This is where we upload the rpms
for artifact in $RPM_LIST $SRPM_LIST; do
echo "Uploading artifact: ${artifact}"
gsutil cp $artifact gs://$GS_URL/$(basename $artifact) > gsutil.iso.log
@@ -34,6 +63,18 @@ for artifact in $RPM_LIST $SRPM_LIST; do
done
gsutil cp $WORKSPACE/opnfv.properties gs://$GS_URL/opnfv-$OPNFV_ARTIFACT_VERSION.properties > gsutil.properties.log
gsutil cp $WORKSPACE/opnfv.properties gs://$GS_URL/latest.properties > gsutil.latest.log
+}
+
+if gpg2 --list-keys | grep "opnfv-helpdesk@rt.linuxfoundation.org"; then
+ echo "Signing Key avaliable"
+ signiso
+ uploadiso
+ signrpm
+ uploadrpm
+else
+ uploadiso
+ uploadrpm
+fi
echo
echo "--------------------------------------------------------"