@@ -37,6 +37,7 @@ RUN apt-get update && apt-get install -y \

 	bash-completion \

 	btrfs-tools \

 	build-essential \

+	createrepo \

 	curl \

 	dpkg-sig \

 	git \

new file mode 100755

@@ -0,0 +1,68 @@

+#!/bin/bash

+set -e

+

+# This script creates the apt repos for the .deb files generated by hack/make/build-deb

+#

+# The following can then be used as apt sources:

+# 	deb http://apt.dockerproject.org/repo $distro-$release $version

+#

+# For example:

+#	deb http://apt.dockerproject.org/repo ubuntu-trusy main

+#	deb http://apt.dockerproject.org/repo ubuntu-vivid testing

+#	deb http://apt.dockerproject.org/repo debian-wheezy experimental

+#	deb http://apt.dockerproject.org/repo debian-jessie main

+#

+# ... and so on and so forth for the builds created by hack/make/build-deb

+

+: ${DOCKER_RELEASE_DIR:=$DEST}

+APTDIR=$DOCKER_RELEASE_DIR/apt/repo

+

+# setup the apt repo (if it does not exist)

+mkdir -p "$APTDIR/conf" "$APTDIR/db"

+

+# create/update distributions file

+for suite in $(exec contrib/reprepro/suites.sh); do

+	cat <<-EOF

+	Origin: Docker

+	Suite: $suite

+	Codename: $suite

+	Architectures: amd64 i386

+	Components: main testing experimental

+	Description: Docker APT Repository

+

+	EOF

+done > "$APTDIR/conf/distributions"

+

+# set the component and priority for the version being released

+component="main"

+priority=700

+

+if [[ "$VERSION" == *-rc* ]]; then

+	component="testing"

+	priority=650

+fi

+

+if [ $DOCKER_EXPERIMENTAL ] || [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then

+	component="experimental"

+	priority=600

+fi

+

+# release the debs

+for dir in contrib/builder/deb/*/; do

+	version="$(basename "$dir")"

+	codename="${version//debootstrap-}"

+

+	# add the deb for each component for the distro version with reprepro

+	DEBFILE=( "bundles/$VERSION/build-deb/$version/docker-engine"*.deb )

+

+	# if we have a $GPG_PASSPHRASE we may as well

+	# dpkg-sign before reprepro

+	if [ ! -z "$GPG_PASSPHRASE" ]; then

+		dpkg-sig -g "--passphrase $GPG_PASSPHRASE" \

+			-k releasedocker --sign builder "${DEBFILE[@]}"

+	fi

+

+	reprepro -v --keepunreferencedfiles \

+		-S docker-engine -P "$priority" -C "$component" \

+		-b "$APTDIR" includedeb "$codename" "${DEBFILE[@]}"

+done

new file mode 100755

@@ -0,0 +1,74 @@

+#!/bin/bash

+set -e

+

+# This script creates the yum repos for the .rpm files generated by hack/make/build-rpm

+#

+# The following can then be used as a yum repo:

+# 	http://yum.dockerproject.org/repo/$release/$distro/$distro-version

+#

+# For example:

+# 	http://yum.dockerproject.org/repo/main/fedora/22

+# 	http://yum.dockerproject.org/repo/testing/centos/6

+# 	http://yum.dockerproject.org/repo/experimental/fedora/21

+# 	http://yum.dockerproject.org/repo/main/centos/7

+#

+# ... and so on and so forth for the builds created by hack/make/build-rpm

+

+: ${DOCKER_RELEASE_DIR:=$DEST}

+YUMDIR=$DOCKER_RELEASE_DIR/yum/repo

+

+# manage the repos for each distribution seperately

+distros=( fedora centos oraclelinux )

+

+# get the release

+release="main"

+

+if [[ "$VERSION" == *-rc* ]]; then

+	release="testing"

+fi

+

+if [ $DOCKER_EXPERIMENTAL ] || [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then

+	release="experimental"

+fi

+

+for distro in "${distros[@]}"; do

+	# Setup the yum repo

+	REPO=$YUMDIR/$release/$distro

+

+	for dir in contrib/builder/rpm/$distro-*/; do

+		version="$(basename "$dir")"

+		suite="${version##*-}"

+

+		# if the directory does not exist, intialize the yum repo

+		if [[ ! -d $REPO/$suite/Packages ]]; then

+			mkdir -p "$REPO/$suite/Packages"

+

+			createrepo --pretty "$REPO/$suite"

+		fi

+

+		# path to rpms

+		RPMFILE=( "bundles/$VERSION/build-rpm/$version/RPMS/x86_64/docker-engine"*.rpm "bundles/$VERSION/build-rpm/$version/SRPMS/docker-engine"*.rpm )

+

+		# if we have a $GPG_PASSPHRASE we may as well

+		# sign the rpms before adding to repo

+		if [ ! -z $GPG_PASSPHRASE ]; then

+			# export our key to rpm import

+			gpg --armor --export releasedocker > /tmp/gpg

+			rpm --import /tmp/gpg

+

+			# sign the rpms

+			rpm \

+				--define '_gpg_name releasedocker' \

+				--define '_signature gpg' \

+				--define '__gpg_check_password_cmd /bin/true' \

+				--define '__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u "%{_gpg_name}" --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}' \

+				--resign "${RPMFILE[@]}"

+		fi

+

+		# copy the rpms to the packages folder

+		cp "$RPMFILE" "$REPO/$suite/Packages"

+

+		# update the repo

+		createrepo --pretty --update "$REPO/$suite"

+	done

+done

new file mode 100755

@@ -0,0 +1,50 @@

+#!/bin/bash

+

+# This script signs the deliverables from release-deb and release-rpm

+# with a designated GPG key.

+

+: ${DOCKER_RELEASE_DIR:=$DEST}

+APTDIR=$DOCKER_RELEASE_DIR/apt/repo

+YUMDIR=$DOCKER_RELEASE_DIR/yum/repo

+

+if [ -z "$GPG_PASSPHRASE" ]; then

+	echo >&2 'you need to set GPG_PASSPHRASE in order to sign artifacts'

+	exit 1

+fi

+

+if [ ! -d $APTDIR ] && [ ! -d $YUMDIR ]; then

+	echo >&2 'release-rpm or release-deb must be run before sign-repos'

+	exit 1

+fi

+

+sign_packages(){

+	# sign apt repo metadata

+	if [ -d $APTDIR ]; then

+		# create file with public key

+		gpg --armor --export releasedocker > "$DOCKER_RELEASE_DIR/apt/gpg"

+

+		# sign the repo metadata

+		for F in $(find $APTDIR -name Release); do

+			gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \

+				--armor --sign --detach-sign \

+				--batch --yes \

+				--output "$F.gpg" "$F"

+		done

+	fi

+

+	# sign yum repo metadata

+	if [ -d $YUMDIR ]; then

+		# create file with public key

+		gpg --armor --export releasedocker > "$DOCKER_RELEASE_DIR/yum/gpg"

+

+		# sign the repo metadata

+		for F in $(find $YUMDIR -name repomd.xml ); do

+			gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \

+				--armor --sign --detach-sign \

+				--batch --yes \

+				--output "$F.asc" "$F"

+		done

+	fi

+}

+

+sign_packages