#!/bin/bash # # Generate an updates tarball from a directory in SVN. # # usage: sudo -u rulesd /export/home/svn-trunk/masses/rule-dev/sought/mkzone/run_part2 # # required setup, in /etc/sudoers or /opt/sfw/etc/sudoers: # updatesd ALL = NOPASSWD: /usr/sbin/rndc reload . /etc/profile # name of rule-updates package # updname=sought # source directory for this update package # sourcedir=/export/home/svn-trunk/rulesrc/updates/sought # versions to build # versions="3.2.x 3.3.0 3.1.x" # download stage, where update tarballs are deposited for downloaders # stagedir=/export/home/rulesd/web/updates.spamassassin.org/rules/$updname/stage remotestagedir=vm-web:/export/home/rulesd/web/updates.spamassassin.org/rules/$updname/stage # directory where "0.2.3" and other version-specific files live. # it's assumed that the *real* zone $INCLUDEs files from this dir. # it must be writable by the user this script runs as. # dnsdir=/export/home/rulesd/zones/$updname.updates.spamassassin.org.d # directory where "counter", "soa_line.tmpl", "soa_line" live. # it's assumed that the *real* zone $INCLUDEs files from this dir. # it must be writable by the user this script runs as. # soadir=/var/named/spamassassin.org.d tmpbase=/export/home/rulesd/tmp svndir=/export/home/svn-trunk perl=/local/perl586/bin/perl # --------------------------------------------------------------------------- make_tarball_for_version () { version="$1" case "$version" in 3.1.x ) tarballprefix="310" ;; 3.2.x ) tarballprefix="320" ;; 3.3.0 ) tarballprefix="330" ;; * ) echo "no prefix for $version! FAILING" 1>&2 ; exit 1 ;; esac tmpdir=$tmpbase/$updname.$version rm -rf $tmpdir; mkdir -p $tmpdir || exit $? cd $svndir # get SVN revision number. # note: use 'Last Changed Rev' instead of 'Revision'. Because we share # an SVN repository with other projects, this means that the same # rev of *our* codebase may appear under multiple rev#s, as other projects # check their changes in. svn info rulesrc < /dev/null > $tmpdir/svn 2>&1 || exit $? svnrev=`(grep 'Last Changed Rev: ' $tmpdir/svn || exit 1) | sed -e 's/^.*: //'` if [ "$svnrev" == "" ] ; then echo "missing SVN revision" cat $tmpdir/svn exit 5 fi if [ "$svnrev" -lt 1 ] ; then echo "bad SVN revision: $svnrev" cat $tmpdir/svn exit 5 fi if [ -f $tmpdir.last_svn -a $svnrev = `cat $tmpdir.last_svn` ] ; then echo "no change in SVN: $svnrev is last rev" cat $tmpdir/svn exit 0 fi # extract the new rules files. rulesdir=$tmpdir/share/spamassassin [ -d $rulesdir/. ] || mkdir -p $rulesdir cp rulesrc/updates/$updname/*.cf $rulesdir # and lint them ./spamassassin -C $rulesdir -p rules/v320.pre --lint || exit $? ( cd $rulesdir tar cvf - *.cf || exit $? ) | gzip -9 > $tmpdir/update.tgz || exit $? # ensure non-empty [ -s $tmpdir/update.tgz ] || exit 3 # sign and get sums gpg --batch --homedir /export/home/rulesd/code/signing_key \ -bas $tmpdir/update.tgz || exit $? $perl build/sha1sum.pl $tmpdir/update.tgz > $tmpdir/update.tgz.sha1 || exit $? fullsvnrev="$tarballprefix$svnrev" # TODO: if we were maintaining multiple versions, these would be # copied into a path specific to the version chmod 644 $tmpdir/update.tgz $tmpdir/update.tgz* mkdir -p $stagedir mv $tmpdir/update.tgz $stagedir/$fullsvnrev.tar.gz || exit $? mv $tmpdir/update.tgz.sha1 $stagedir/$fullsvnrev.tar.gz.sha1 || exit $? mv $tmpdir/update.tgz.asc $stagedir/$fullsvnrev.tar.gz.asc || exit $? # next, create the new DNS record.... # turn "3.2.0" into "0.2.3" # and "foo.bar.3.2.0" into "0.2.3.bar.foo" rvers=`echo "$version" | perl -ne \ 's/x/*/g;chop; @x = split(/\./); print join ".", reverse @x'` [ -d $dnsdir/. ] || mkdir -p $dnsdir dnsfile="$dnsdir/$version" if echo " $rvers TXT \"$fullsvnrev\" " > $dnsfile.new then mv $dnsfile.new $dnsfile || exit $? else echo "failed to create $dnsfile.new" 1>&2 ; exit 1 fi # increment the zone serial. bash ./build/mkupdates/tick_zone_serial $soadir || exit $? # and don't rebuild this rev's update echo $svnrev > $tmpdir.last_svn } # --------------------------------------------------------------------------- mv LOG.2 LOG.3 mv LOG.1 LOG.2 mv LOG LOG.1 ( set -xe for version in $versions ; do make_tarball_for_version $version done ls -l $stagedir # clean up 4-day-old (and older) update tarballs. This seems as # good a place as any to do this! # note: for manual updates, the file permissions should be 0444 so let's clean # out only 0644 (automatic) updates. a bit of a kluge, but ... find $stagedir -mtime +4 -perm 0644 -type f -name '*.tar.*' | xargs rm #rsync -vre ssh --delete $stagedir/. $remotestagedir/. ) > LOG 2>&1 exit