#!/bin/bash # # Continue the updates-building process, post the user approval step. # Currently this is interactive as it requires a GPG passphrase entry. # # usage: sudo -u updatesd /home/updatesd/svn/spamassassin/build/jmupdates/run_part2 # # required setup, in /etc/sudoers or /opt/sfw/etc/sudoers: # updatesd ALL = NOPASSWD: /usr/sbin/rndc reload set -x . /etc/profile # download stage, where update tarballs are deposited for downloaders # stagedir=/home/jm/yerp.org/rules/stage.vm-misc remotestagedir=vm-web:/home/jm/yerp.org/rules/stage # directory where "0.2.3" and other version-specific files live. # it's assumed that the *real* zone $INCLUDEs files from this dir. # it must be writable by the user this script runs as. # dnsdir=/home/jm/zones/rules.yerp.org.d # directory where "counter", "soa_line.tmpl", "soa_line" live. # it's assumed that the *real* zone $INCLUDEs files from this dir. # it must be writable by the user this script runs as. # soadir=/home/jm/zones/yerp.org.d versions="sought.3.2.x sought.3.3.0 sought.3.1.x" # --------------------------------------------------------------------------- make_tarball_for_version () { version="$1" tmpdir=/home/jm/ftp/sandboxupdates/tmp/$version rm -rf $tmpdir; mkdir -p $tmpdir || exit $? case "$version" in sought.3.1.x ) tarballprefix="310" ;; sought.3.2.x ) tarballprefix="320" ;; sought.3.3.0 ) tarballprefix="330" ;; * ) echo "no prefix for $version! FAILING" 1>&2 ; exit 1 ;; esac # extract the new rules files. rulesdir=$tmpdir/share/spamassassin mkdir -p $rulesdir cp rulesrc/sandbox/jm/20_sought.cf $rulesdir cp rulesrc/sandbox/jm/20_sought_fraud.cf $rulesdir ( cd $rulesdir # or this, to ban code from the updates: tar cvf - *.cf || exit $? ) | gzip -9 > $tmpdir/update.tgz || exit $? # ensure non-empty [ -s $tmpdir/update.tgz ] || exit 3 # sign and get sums gpg --batch --homedir /home/jm/ftp/sandboxupdates/key \ -bas $tmpdir/update.tgz || exit $? $PERL build/sha1sum.pl $tmpdir/update.tgz > $tmpdir/update.tgz.sha1 || exit $? # get SVN revision number. # note: use 'Last Changed Rev' instead of 'Revision'. Because we share # an SVN repository with other projects, this means that the same # rev of *our* codebase may appear under multiple rev#s, as other projects # check their changes in. ### tagstamp=`date "+%Y%m%d%H%M%S"` ### tagurl=https://svn.apache.org/repos/asf/spamassassin/tags/sa-update_${version}_${tagstamp} ### ### svn up ### svn copy -m 'promotions validated' . $tagurl < /dev/null # for svn 1.3: # (svn info --non-interactive $tagurl || svn info $tagurl ) < /dev/null \ # > $tmpdir/svn 2>&1 || exit $? # for crappy zone svn, 1.2: svn info rulesrc < /dev/null > $tmpdir/svn 2>&1 || exit $? svnrev=`(grep 'Last Changed Rev: ' $tmpdir/svn || exit 1) | \ sed -e 's/^.*: //'` if [ "$svnrev" == "" ] ; then echo "missing SVN revision" cat $tmpdir/svn exit 5 fi if [ "$svnrev" -lt 1 ] ; then echo "bad SVN revision: $svnrev" cat $tmpdir/svn exit 5 fi svnrev="$tarballprefix$svnrev" # TODO: if we were maintaining multiple versions, these would be # copied into a path specific to the version chmod 644 $tmpdir/update.tgz $tmpdir/update.tgz* mv $tmpdir/update.tgz $stagedir/$svnrev.tar.gz || exit $? mv $tmpdir/update.tgz.sha1 $stagedir/$svnrev.tar.gz.sha1 || exit $? mv $tmpdir/update.tgz.asc $stagedir/$svnrev.tar.gz.asc || exit $? # next, create the new DNS record.... # turn "3.2.0" into "0.2.3" # and "foo.bar.3.2.0" into "0.2.3.bar.foo" rvers=`echo "$version" | perl -ne \ 's/x/*/g;chop; @x = split(/\./); print join ".", reverse @x'` dnsfile="$dnsdir/$version" if echo " $rvers TXT \"$svnrev\" " > $dnsfile.new then mv $dnsfile.new $dnsfile || exit $? else echo "failed to create $dnsfile.new" 1>&2 ; exit 1 fi # increment the zone serial. bash ./build/mkupdates/tick_zone_serial $soadir || exit $? # clean up 4-day-old (and older) update tarballs. This seems as # good a place as any to do this! # note: for manual updates, the file permissions should be 0444 so let's clean # out only 0644 (automatic) updates. a bit of a kluge, but ... find $stagedir -mtime +4 -perm 0644 -type f -name '*.tar.*' | xargs rm } # --------------------------------------------------------------------------- [ -d $stagedir ] || echo "no stagedir" 1>&2 [ -d $stagedir ] || exit 6 for version in $versions ; do make_tarball_for_version $version done ls -l $stagedir rsync -vre ssh --delete $stagedir/. $remotestagedir/. exit