These will create the apt & yum repos for the deb/rpms generated by build-deb
and build-rpm.
Adds sign-repo script which signs the repo metadata with a gpg key.
Signed-off-by: Jessica Frazelle <princess@docker.com>
43 | 44 |
new file mode 100755 |
... | ... |
@@ -0,0 +1,68 @@ |
0 |
+#!/bin/bash |
|
1 |
+set -e |
|
2 |
+ |
|
3 |
+# This script creates the apt repos for the .deb files generated by hack/make/build-deb |
|
4 |
+# |
|
5 |
+# The following can then be used as apt sources: |
|
6 |
+# deb http://apt.dockerproject.org/repo $distro-$release $version |
|
7 |
+# |
|
8 |
+# For example: |
|
9 |
+# deb http://apt.dockerproject.org/repo ubuntu-trusy main |
|
10 |
+# deb http://apt.dockerproject.org/repo ubuntu-vivid testing |
|
11 |
+# deb http://apt.dockerproject.org/repo debian-wheezy experimental |
|
12 |
+# deb http://apt.dockerproject.org/repo debian-jessie main |
|
13 |
+# |
|
14 |
+# ... and so on and so forth for the builds created by hack/make/build-deb |
|
15 |
+ |
|
16 |
+: ${DOCKER_RELEASE_DIR:=$DEST} |
|
17 |
+APTDIR=$DOCKER_RELEASE_DIR/apt/repo |
|
18 |
+ |
|
19 |
+# setup the apt repo (if it does not exist) |
|
20 |
+mkdir -p "$APTDIR/conf" "$APTDIR/db" |
|
21 |
+ |
|
22 |
+# create/update distributions file |
|
23 |
+for suite in $(exec contrib/reprepro/suites.sh); do |
|
24 |
+ cat <<-EOF |
|
25 |
+ Origin: Docker |
|
26 |
+ Suite: $suite |
|
27 |
+ Codename: $suite |
|
28 |
+ Architectures: amd64 i386 |
|
29 |
+ Components: main testing experimental |
|
30 |
+ Description: Docker APT Repository |
|
31 |
+ |
|
32 |
+ EOF |
|
33 |
+done > "$APTDIR/conf/distributions" |
|
34 |
+ |
|
35 |
+# set the component and priority for the version being released |
|
36 |
+component="main" |
|
37 |
+priority=700 |
|
38 |
+ |
|
39 |
+if [[ "$VERSION" == *-rc* ]]; then |
|
40 |
+ component="testing" |
|
41 |
+ priority=650 |
|
42 |
+fi |
|
43 |
+ |
|
44 |
+if [ $DOCKER_EXPERIMENTAL ] || [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then |
|
45 |
+ component="experimental" |
|
46 |
+ priority=600 |
|
47 |
+fi |
|
48 |
+ |
|
49 |
+# release the debs |
|
50 |
+for dir in contrib/builder/deb/*/; do |
|
51 |
+ version="$(basename "$dir")" |
|
52 |
+ codename="${version//debootstrap-}" |
|
53 |
+ |
|
54 |
+ # add the deb for each component for the distro version with reprepro |
|
55 |
+ DEBFILE=( "bundles/$VERSION/build-deb/$version/docker-engine"*.deb ) |
|
56 |
+ |
|
57 |
+ # if we have a $GPG_PASSPHRASE we may as well |
|
58 |
+ # dpkg-sign before reprepro |
|
59 |
+ if [ ! -z "$GPG_PASSPHRASE" ]; then |
|
60 |
+ dpkg-sig -g "--passphrase $GPG_PASSPHRASE" \ |
|
61 |
+ -k releasedocker --sign builder "${DEBFILE[@]}" |
|
62 |
+ fi |
|
63 |
+ |
|
64 |
+ reprepro -v --keepunreferencedfiles \ |
|
65 |
+ -S docker-engine -P "$priority" -C "$component" \ |
|
66 |
+ -b "$APTDIR" includedeb "$codename" "${DEBFILE[@]}" |
|
67 |
+done |
0 | 68 |
new file mode 100755 |
... | ... |
@@ -0,0 +1,74 @@ |
0 |
+#!/bin/bash |
|
1 |
+set -e |
|
2 |
+ |
|
3 |
+# This script creates the yum repos for the .rpm files generated by hack/make/build-rpm |
|
4 |
+# |
|
5 |
+# The following can then be used as a yum repo: |
|
6 |
+# http://yum.dockerproject.org/repo/$release/$distro/$distro-version |
|
7 |
+# |
|
8 |
+# For example: |
|
9 |
+# http://yum.dockerproject.org/repo/main/fedora/22 |
|
10 |
+# http://yum.dockerproject.org/repo/testing/centos/6 |
|
11 |
+# http://yum.dockerproject.org/repo/experimental/fedora/21 |
|
12 |
+# http://yum.dockerproject.org/repo/main/centos/7 |
|
13 |
+# |
|
14 |
+# ... and so on and so forth for the builds created by hack/make/build-rpm |
|
15 |
+ |
|
16 |
+: ${DOCKER_RELEASE_DIR:=$DEST} |
|
17 |
+YUMDIR=$DOCKER_RELEASE_DIR/yum/repo |
|
18 |
+ |
|
19 |
+# manage the repos for each distribution seperately |
|
20 |
+distros=( fedora centos oraclelinux ) |
|
21 |
+ |
|
22 |
+# get the release |
|
23 |
+release="main" |
|
24 |
+ |
|
25 |
+if [[ "$VERSION" == *-rc* ]]; then |
|
26 |
+ release="testing" |
|
27 |
+fi |
|
28 |
+ |
|
29 |
+if [ $DOCKER_EXPERIMENTAL ] || [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then |
|
30 |
+ release="experimental" |
|
31 |
+fi |
|
32 |
+ |
|
33 |
+for distro in "${distros[@]}"; do |
|
34 |
+ # Setup the yum repo |
|
35 |
+ REPO=$YUMDIR/$release/$distro |
|
36 |
+ |
|
37 |
+ for dir in contrib/builder/rpm/$distro-*/; do |
|
38 |
+ version="$(basename "$dir")" |
|
39 |
+ suite="${version##*-}" |
|
40 |
+ |
|
41 |
+ # if the directory does not exist, intialize the yum repo |
|
42 |
+ if [[ ! -d $REPO/$suite/Packages ]]; then |
|
43 |
+ mkdir -p "$REPO/$suite/Packages" |
|
44 |
+ |
|
45 |
+ createrepo --pretty "$REPO/$suite" |
|
46 |
+ fi |
|
47 |
+ |
|
48 |
+ # path to rpms |
|
49 |
+ RPMFILE=( "bundles/$VERSION/build-rpm/$version/RPMS/x86_64/docker-engine"*.rpm "bundles/$VERSION/build-rpm/$version/SRPMS/docker-engine"*.rpm ) |
|
50 |
+ |
|
51 |
+ # if we have a $GPG_PASSPHRASE we may as well |
|
52 |
+ # sign the rpms before adding to repo |
|
53 |
+ if [ ! -z $GPG_PASSPHRASE ]; then |
|
54 |
+ # export our key to rpm import |
|
55 |
+ gpg --armor --export releasedocker > /tmp/gpg |
|
56 |
+ rpm --import /tmp/gpg |
|
57 |
+ |
|
58 |
+ # sign the rpms |
|
59 |
+ rpm \ |
|
60 |
+ --define '_gpg_name releasedocker' \ |
|
61 |
+ --define '_signature gpg' \ |
|
62 |
+ --define '__gpg_check_password_cmd /bin/true' \ |
|
63 |
+ --define '__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u "%{_gpg_name}" --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}' \ |
|
64 |
+ --resign "${RPMFILE[@]}" |
|
65 |
+ fi |
|
66 |
+ |
|
67 |
+ # copy the rpms to the packages folder |
|
68 |
+ cp "$RPMFILE" "$REPO/$suite/Packages" |
|
69 |
+ |
|
70 |
+ # update the repo |
|
71 |
+ createrepo --pretty --update "$REPO/$suite" |
|
72 |
+ done |
|
73 |
+done |
0 | 74 |
new file mode 100755 |
... | ... |
@@ -0,0 +1,50 @@ |
0 |
+#!/bin/bash |
|
1 |
+ |
|
2 |
+# This script signs the deliverables from release-deb and release-rpm |
|
3 |
+# with a designated GPG key. |
|
4 |
+ |
|
5 |
+: ${DOCKER_RELEASE_DIR:=$DEST} |
|
6 |
+APTDIR=$DOCKER_RELEASE_DIR/apt/repo |
|
7 |
+YUMDIR=$DOCKER_RELEASE_DIR/yum/repo |
|
8 |
+ |
|
9 |
+if [ -z "$GPG_PASSPHRASE" ]; then |
|
10 |
+ echo >&2 'you need to set GPG_PASSPHRASE in order to sign artifacts' |
|
11 |
+ exit 1 |
|
12 |
+fi |
|
13 |
+ |
|
14 |
+if [ ! -d $APTDIR ] && [ ! -d $YUMDIR ]; then |
|
15 |
+ echo >&2 'release-rpm or release-deb must be run before sign-repos' |
|
16 |
+ exit 1 |
|
17 |
+fi |
|
18 |
+ |
|
19 |
+sign_packages(){ |
|
20 |
+ # sign apt repo metadata |
|
21 |
+ if [ -d $APTDIR ]; then |
|
22 |
+ # create file with public key |
|
23 |
+ gpg --armor --export releasedocker > "$DOCKER_RELEASE_DIR/apt/gpg" |
|
24 |
+ |
|
25 |
+ # sign the repo metadata |
|
26 |
+ for F in $(find $APTDIR -name Release); do |
|
27 |
+ gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \ |
|
28 |
+ --armor --sign --detach-sign \ |
|
29 |
+ --batch --yes \ |
|
30 |
+ --output "$F.gpg" "$F" |
|
31 |
+ done |
|
32 |
+ fi |
|
33 |
+ |
|
34 |
+ # sign yum repo metadata |
|
35 |
+ if [ -d $YUMDIR ]; then |
|
36 |
+ # create file with public key |
|
37 |
+ gpg --armor --export releasedocker > "$DOCKER_RELEASE_DIR/yum/gpg" |
|
38 |
+ |
|
39 |
+ # sign the repo metadata |
|
40 |
+ for F in $(find $YUMDIR -name repomd.xml ); do |
|
41 |
+ gpg -u releasedocker --passphrase "$GPG_PASSPHRASE" \ |
|
42 |
+ --armor --sign --detach-sign \ |
|
43 |
+ --batch --yes \ |
|
44 |
+ --output "$F.asc" "$F" |
|
45 |
+ done |
|
46 |
+ fi |
|
47 |
+} |
|
48 |
+ |
|
49 |
+sign_packages |