#!/bin/bash # # Continue the updates-building process, post the user approval step. # Currently this is interactive as it requires a GPG passphrase entry. # # usage: sudo -u automc /usr/local/spamassassin/svn/trunk/build/mkupdates/run_part2 # set -x HOME="/usr/local/spamassassin/automc" LOGDIR="/var/www/bbmass.spamassassin.org/mkupdates" cd /usr/local/spamassassin/svn/trunk/ . /etc/profile #Switched to system perl on spamassassin-vm box PERL=/usr/bin/perl #PERL=/local/perl586/bin/perl # download stage, where update tarballs are deposited for downloaders # stagedir=/var/www/bbmass.spamassassin.org/updates versions="3.3.3" echo "Committing promotions in rules/active.list..." svn commit -m 'promotions validated' rules/active.list # --------------------------------------------------------------------------- make_tarball_for_version () { # to be honest, right now this is unused. version="$1" tmpdir=$HOME/tmp/stage/$version rm -rf $tmpdir; mkdir -p $tmpdir || exit $? # extract the new rules files. # use "make install" logic, since we want rules as close as possible # to what's installed # TODO: this *would* be performed in a checkout of the desired # version's branch. right now we're only using 1 version though make clean $PERL Makefile.PL PREFIX=$tmpdir < /dev/null || exit $? make || exit $? # remove new features, unsupported in existing code in the field # (TODO: need a better way to exclude files that require new features # like this; judicious use of "ifplugin" helps) # rm rules/60_somerandomfeature.cf # ensure the basic lint/rule-sanity test suite passes for this ruleset # before we build an update from it. useful particularly to catch # "tflags nopublish" leakage (bug 6297) make test \ TEST_FILES="t/basic_lint.t t/basic_lint_without_sandbox.t t/basic_meta.t" \ || exit $? # remove the rules files for rules we won't be shipping rm rules/70_sandbox.cf rules/70_inactive.cf # double check we still lint without those 2 files ./spamassassin --lint || exit $? rulesdir=`pwd`/rules ( cd $rulesdir # Use this to include plugin .pm files: # tar cvf - *.cf *.pm || exit $? # or this, to ban code from the updates: tar cvf - *.cf || exit $? ) | gzip -9 > $tmpdir/update.tgz || exit $? # ensure non-empty [ -s $tmpdir/update.tgz ] || exit 3 linttmp=$tmpdir/lintdir rm -rf $linttmp mkdir $linttmp ( cd $linttmp # check validity of tarball; also extract gunzip -cd < $tmpdir/update.tgz | tar xf - || exit $? ) sitetmp=$tmpdir/sitetmp rm -rf $sitetmp mkdir $sitetmp cp rules/*.pre $sitetmp # now, ensure the ruleset (entirely as distributed) lints, also. # use "-p /dev/null" so any user_prefs data is ignored. ./spamassassin -x --configpath=$linttmp --siteconfigpath=$sitetmp \ -p /dev/null --lint \ || exit $? # sign and get sums gpg --batch --homedir $HOME/key \ -bas $tmpdir/update.tgz || exit $? $PERL build/sha1sum.pl $tmpdir/update.tgz > $tmpdir/update.tgz.sha1 || exit $? # get SVN revision number. # note: use 'Last Changed Rev' instead of 'Revision'. Because we share # an SVN repository with other projects, this means that the same # rev of *our* codebase may appear under multiple rev#s, as other projects # check their changes in. tagstamp=`date "+%Y%m%d%H%M%S"` tagurl=https://svn.apache.org/repos/asf/spamassassin/tags/sa-update_${version}_${tagstamp} # this svn copy is critical, to ensure each version's tarball has a different # rev#. if you remove it, we need to prefix the version# to the svnrev# in # the filenames instead so each version doesn't clobber others. svn up svn copy -m 'promotions validated' . $tagurl < /dev/null # for svn 1.3: # (svn info --non-interactive $tagurl || svn info $tagurl ) < /dev/null \ # > $tmpdir/svn 2>&1 || exit $? # for crappy zone svn, 1.2: ( rm -rf tmpcheckout svn co $tagurl tmpcheckout && svn info tmpcheckout rm -rf tmpcheckout ) < /dev/null > $tmpdir/svn 2>&1 || exit $? svnrev=`(grep 'Last Changed Rev: ' $tmpdir/svn || exit 1) | \ sed -e 's/^.*: //'` if [ "$svnrev" == "" ] ; then echo "missing SVN revision" cat $tmpdir/svn exit 5 fi if [ "$svnrev" -lt 1 ] ; then echo "bad SVN revision: $svnrev" cat $tmpdir/svn exit 5 fi mv $tmpdir/update.tgz $stagedir/$svnrev.tar.gz || exit $? mv $tmpdir/update.tgz.sha1 $stagedir/$svnrev.tar.gz.sha1 || exit $? mv $tmpdir/update.tgz.asc $stagedir/$svnrev.tar.gz.asc || exit $? chmod 644 $stagedir/$svnrev.* # next, create/update the new DNS record.... # turn "3.2.0" into "0.2.3" rvers=`echo "$version" | rev` /usr/local/bin/updateDNS.sh ${rvers}.updates TXT ${svnrev} # clean up 4-day-old (and older) update tarballs. This seems as # good a place as any to do this! # note: for manual updates, the file permissions should be 0444 so let's clean # out only 0644 (automatic) updates. a bit of a kluge, but ... find $stagedir -mtime +4 -perm 0644 -type f -name '*.tar.*' -delete } # --------------------------------------------------------------------------- cycle_logfiles () { if [[ -e "$LOGDIR/mkupdatespt2.txt" ]]; then # cycle the logfiles; keep 6 (3 days worth I think) X=6 [[ -e "$LOGDIR/mkupdatespt2_${X}.txt" ]] && rm -f $LOGDIR/mkupdatespt2_${X}.txt while [[ $X -gt 0 ]]; do ((X--)) Y=$((X+1)) [[ -e "$LOGDIR/mkupdatespt2_${X}.txt" ]] && mv -f $LOGDIR/mkupdatespt2_${X}.txt $LOGDIR/mkupdatespt2_${Y}.txt done mv -f $LOGDIR/mkupdatespt2.txt $LOGDIR/mkupdatespt2_${Y}.txt fi } # --------------------------------------------------------------------------- [[ -d $stagedir ]] || echo "no stagedir" 1>&2 [[ -d $stagedir ]] || exit 6 for version in $versions ; do make_tarball_for_version $version done ls -l $stagedir/GPG.KEY ls -l $stagedir/MIRRORED.BY ls -ltr $stagedir/*.tar.* | tail -20 cycle_logfiles exit