#!/usr/bin/bash # # Continue the updates-building process, post the user approval step. # Currently this is interactive as it requires a GPG passphrase entry. # # usage: sudo -u updatesd /home/updatesd/svn/spamassassin/build/mkupdates/run_part2 # # required setup, in /etc/sudoers or /opt/sfw/etc/sudoers: # updatesd ALL = NOPASSWD: /usr/sbin/rndc reload set -x cd /home/updatesd/svn/spamassassin . /etc/profile PERL=/local/perl586/bin/perl export PERL # download stage, where update tarballs are deposited for downloaders # stagedir=/var/www/buildbot.spamassassin.org/updatestage # directory where "0.2.3" and other version-specific files live. # it's assumed that the *real* zone $INCLUDEs files from this dir. # it must be writable by the user this script runs as. # # dev, testing: # dnsdir=/var/named/updates.dev.spamassassin.org.d # live: # dnsdir=/var/named/updates.spamassassin.org.d # dnsdir=/var/named/updates.spamassassin.org.d # directory where "counter", "soa_line.tmpl", "soa_line" live. # it's assumed that the *real* zone $INCLUDEs files from this dir. # it must be writable by the user this script runs as. # soadir=/var/named/spamassassin.org.d versions="3.3.0" # --------------------------------------------------------------------------- # TODO: if/when this becomes fully automatic, this commit will be superfluous echo "Committing promotions in rules/active.list..." svn commit -m 'promotions validated' rules/active.list # --------------------------------------------------------------------------- make_tarball_for_version () { # to be honest, right now this is unused. version="$1" tmpdir=/home/updatesd/tmp/stage/$version rm -rf $tmpdir; mkdir -p $tmpdir || exit $? # extract the new rules files. # use "make install" logic, since we want rules as close as possible # to what's installed # TODO: this *would* be performed in a checkout of the desired # version's branch. right now we're only using 1 version though make clean $PERL Makefile.PL PREFIX=$tmpdir < /dev/null || exit $? make || exit $? # remove the rules files for rules we won't be shipping rm rules/70_sandbox.cf rules/70_inactive.cf # remove new features, unsupported in existing code in the field # (TODO: need a better way to exclude files that require new features # like this; judicious use of "ifplugin" helps) # rm rules/60_somerandomfeature.cf # and ensure the ruleset lints! ./spamassassin --lint || exit $? make install || exit $? rulesdir=$tmpdir/share/spamassassin ( cd $rulesdir # Use this to include plugin .pm files: # tar cvf - *.cf *.pm || exit $? # or this, to ban code from the updates: tar cvf - *.cf || exit $? ) | gzip -9 > $tmpdir/update.tgz || exit $? # ensure non-empty [ -s $tmpdir/update.tgz ] || exit 3 linttmp=$tmpdir/lintdir rm -rf $linttmp mkdir $linttmp ( cd $linttmp # check validity of tarball; also extract gunzip -cd < $tmpdir/update.tgz | tar xf - || exit $? ) # now, ensure the ruleset (entirely as distributed) lints, also. # use "-p /dev/null" so any user_prefs data is ignored. ./spamassassin -x --configpath=$linttmp -p /dev/null --lint \ || exit $? # sign and get sums gpg --batch --homedir /home/updatesd/key \ -bas $tmpdir/update.tgz || exit $? $PERL build/sha1sum.pl $tmpdir/update.tgz > $tmpdir/update.tgz.sha1 || exit $? # get SVN revision number. # note: use 'Last Changed Rev' instead of 'Revision'. Because we share # an SVN repository with other projects, this means that the same # rev of *our* codebase may appear under multiple rev#s, as other projects # check their changes in. tagstamp=`date "+%Y%m%d%H%M%S"` tagurl=https://svn.apache.org/repos/asf/spamassassin/tags/sa-update_${version}_${tagstamp} # this svn copy is critical, to ensure each version's tarball has a different # rev#. if you remove it, we need to prefix the version# to the svnrev# in # the filenames instead so each version doesn't clobber others. svn up svn copy -m 'promotions validated' . $tagurl < /dev/null # for svn 1.3: # (svn info --non-interactive $tagurl || svn info $tagurl ) < /dev/null \ # > $tmpdir/svn 2>&1 || exit $? # for crappy zone svn, 1.2: ( rm -rf tmpcheckout svn co $tagurl tmpcheckout && svn info tmpcheckout rm -rf tmpcheckout ) < /dev/null > $tmpdir/svn 2>&1 || exit $? svnrev=`(grep 'Last Changed Rev: ' $tmpdir/svn || exit 1) | \ sed -e 's/^.*: //'` if [ "$svnrev" == "" ] ; then echo "missing SVN revision" cat $tmpdir/svn exit 5 fi if [ "$svnrev" -lt 1 ] ; then echo "bad SVN revision: $svnrev" cat $tmpdir/svn exit 5 fi mv $tmpdir/update.tgz $stagedir/$svnrev.tar.gz || exit $? mv $tmpdir/update.tgz.sha1 $stagedir/$svnrev.tar.gz.sha1 || exit $? mv $tmpdir/update.tgz.asc $stagedir/$svnrev.tar.gz.asc || exit $? chmod 644 $stagedir/$svnrev.* # next, create the new DNS record.... # turn "3.2.0" into "0.2.3" rvers=`echo "$version" | perl -pe 's/^(\d+)\.(\d+)\.(\d+)$/$3.$2.$1/'` dnsfile="$dnsdir/$version" if echo " $rvers TXT \"$svnrev\" " > $dnsfile.new then mv $dnsfile.new $dnsfile || exit $? else echo "failed to create $dnsfile.new" 1>&2 ; exit 1 fi # increment the zone serial. ./build/mkupdates/tick_zone_serial || exit $? # clean up 4-day-old (and older) update tarballs. This seems as # good a place as any to do this! # note: for manual updates, the file permissions should be 0444 so let's clean # out only 0644 (automatic) updates. a bit of a kluge, but ... find $stagedir -mtime +4 -perm 0644 -type f -name '*.tar.*' | xargs rm } # --------------------------------------------------------------------------- cycle_logfiles () { # cycle the logfiles; keep 6 (3 days worth I think) ( cd /var/www/buildbot.spamassassin.org/updatesd rm mkupdatespt2_6.txt mv mkupdatespt2_5.txt mkupdatespt2_6.txt mv mkupdatespt2_4.txt mkupdatespt2_5.txt mv mkupdatespt2_3.txt mkupdatespt2_4.txt mv mkupdatespt2_2.txt mkupdatespt2_3.txt mv mkupdatespt2_1.txt mkupdatespt2_2.txt mv mkupdatespt2.txt mkupdatespt2_1.txt ) } # --------------------------------------------------------------------------- [ -d $stagedir ] || echo "no stagedir" 1>&2 [ -d $stagedir ] || exit 6 for version in $versions ; do make_tarball_for_version $version done ls -l $stagedir cycle_logfiles exit