#!/bin/bash PERL=/usr/bin/perl LOGDIR="/var/www/automc.spamassassin.org/mkupdates" REPDIR="/var/www/ruleqa.spamassassin.org/reports" UPDDIR="/var/www/automc.spamassassin.org/updates" VERSIONS="3.4.4" cd /usr/local/spamassassin/automc/svn/trunk . /etc/profile # --------------------------------------------------------------------------- promote_active_rules() { # should be in ~/svn/trunk pwd # Make sure we have the source, since listpromotable assumes we do. # Also, make_tarball_for_version removes rulesrc svn co https://svn.apache.org/repos/asf/spamassassin/trunk/rulesrc $PERL build/mkupdates/listpromotable > rules/active.list.new || exit $? mv rules/active.list.new rules/active.list svn diff rules > $REPDIR/LATEST cat $REPDIR/LATEST echo "Committing promotions in rules/active.list..." svn commit -m 'promotions validated' rules/active.list # create a list of "bad" rules in the current sandboxes, updated daily $PERL masses/rule-qa/list-bad-rules > $REPDIR/badrules.txt 2>&1 #On Wednesday's, we send out a bad sandbox rules report to the list if [[ `date +%w` = 3 ]] ; then ( echo "From: noreply@sa-vm1.apache.org (Rules Report Cron)" echo "Subject: [auto] bad sandbox rules report" echo cat $REPDIR/badrules.txt ) | /usr/sbin/sendmail -oi dev@spamassassin.apache.org fi } # --------------------------------------------------------------------------- make_tarball_for_version() { version="$1" tmpdir=$HOME/tmp/stage/$version rm -rf $tmpdir; mkdir -p $tmpdir || exit $? # extract the new rules files. # use "make install" logic, since we want rules as close as possible # to what's installed # TODO: this *would* be performed in a checkout of the desired # version's branch. right now we're only using 1 version though make clean $PERL Makefile.PL PREFIX=$tmpdir < /dev/null || exit $? make || exit $? # remove new features, unsupported in existing code in the field # (TODO: need a better way to exclude files that require new features # like this; judicious use of "ifplugin" helps) # rm rules/60_somerandomfeature.cf # ensure the basic lint/rule-sanity test suite passes for this ruleset # before we build an update from it. useful particularly to catch # "tflags nopublish" leakage (bug 6297) make test \ TEST_FILES="t/basic_lint.t t/basic_lint_without_sandbox.t t/basic_meta.t" \ || exit $? # remove the rules files for rules we won't be shipping rm rules/70_sandbox.cf rules/70_inactive.cf # need to put the latest 72_scores.cf in the update.tgz svn co https://svn.apache.org/repos/asf/spamassassin/trunk/rulesrc cp -a rulesrc/scores/72_scores.cf rules/ # I think this is problematic. I don't see how it is needed HERE. #rm -rf rulesrc # double check we still lint without those 2 files ./spamassassin --lint || exit $? rulesdir=`pwd`/rules ( cd $rulesdir # Use this to include plugin .pm files: # tar cvf - *.cf *.pm || exit $? # or this, to ban code from the updates: tar cvf - *.cf || exit $? ) | gzip -9 > $tmpdir/update.tgz || exit $? # ensure non-empty [ -s $tmpdir/update.tgz ] || exit 3 linttmp=$tmpdir/lintdir rm -rf $linttmp mkdir $linttmp ( cd $linttmp # check validity of tarball; also extract gunzip -cd < $tmpdir/update.tgz | tar xf - || exit $? ) sitetmp=$tmpdir/sitetmp rm -rf $sitetmp mkdir $sitetmp cp rules/*.pre $sitetmp # now, ensure the ruleset (entirely as distributed) lints, also. # use "-p /dev/null" so any user_prefs data is ignored. ./spamassassin -x --configpath=$linttmp --siteconfigpath=$sitetmp \ -p /dev/null --lint \ || exit $? # sign and get sums gpg --batch --homedir $HOME/key \ -bas $tmpdir/update.tgz || exit $? shasum -a 1 $tmpdir/update.tgz > $tmpdir/update.tgz.sha1 || exit $? shasum -a 256 $tmpdir/update.tgz > $tmpdir/update.tgz.sha256 || exit $? shasum -a 512 $tmpdir/update.tgz > $tmpdir/update.tgz.sha512 || exit $? # get SVN revision number. # note: use 'Last Changed Rev' instead of 'Revision'. Because we share # an SVN repository with other projects, this means that the same # rev of *our* codebase may appear under multiple rev#s, as other projects # check their changes in. tagstamp=`date "+%Y%m%d%H%M%S"` tagurl=https://svn.apache.org/repos/asf/spamassassin/tags/sa-update_${version}_${tagstamp} # this svn copy is critical, to ensure each version's tarball has a different # rev#. if you remove it, we need to prefix the version# to the svnrev# in # the filenames instead so each version doesn't clobber others. svn up svn copy -m 'promotions validated' . $tagurl < /dev/null # for svn 1.3: # (svn info --non-interactive $tagurl || svn info $tagurl ) < /dev/null \ # > $tmpdir/svn 2>&1 || exit $? # for crappy zone svn, 1.2: ( rm -rf tmpcheckout svn co $tagurl tmpcheckout && svn info tmpcheckout rm -rf tmpcheckout ) < /dev/null > $tmpdir/svn 2>&1 || exit $? svnrev=`(grep 'Last Changed Rev: ' $tmpdir/svn || exit 1) | \ sed -e 's/^.*: //'` if [ "$svnrev" == "" ] ; then echo "missing SVN revision" cat $tmpdir/svn exit 5 fi if [ "$svnrev" -lt 1 ] ; then echo "bad SVN revision: $svnrev" cat $tmpdir/svn exit 5 fi chmod 644 $tmpdir/update.* # Integrate with masscheck ruleset updates to prevent duplicates RECENT=`find $HOME/tmp/mkupdate-with-scores -name \*.tar.gz -mmin -480` if [[ -z "$RECENT" ]]; then echo "Recent ruleset from mkupdate-with-scores (massheck) NOT found." echo "Proceeding with a ruleset publish..." mv $tmpdir/update.tgz $UPDDIR/${svnrev}.tar.gz || exit $? mv $tmpdir/update.tgz.sha1 $UPDDIR/${svnrev}.tar.gz.sha1 || exit $? mv $tmpdir/update.tgz.sha256 $UPDDIR/${svnrev}.tar.gz.sha256 || exit $? mv $tmpdir/update.tgz.sha512 $UPDDIR/${svnrev}.tar.gz.sha512 || exit $? mv $tmpdir/update.tgz.asc $UPDDIR/${svnrev}.tar.gz.asc || exit $? # Give the mirrors time to pull the new files above sleep 600 # next, create/update the new DNS record.... # Versions >= 3.4.1 are CNAMEd to this DNS record: /usr/local/bin/updateDNS.sh 3.3.3.updates TXT ${svnrev} RC=$? if [[ "$RC" -ne 2 ]]; then # Set older version TXT records for older sa-update /usr/local/bin/updateDNS.sh 0.4.3.updates TXT ${svnrev} /usr/local/bin/updateDNS.sh 2.3.3.updates TXT ${svnrev} /usr/local/bin/updateDNS.sh 1.3.3.updates TXT ${svnrev} /usr/local/bin/updateDNS.sh 0.3.3.updates TXT ${svnrev} fi else echo "Recent ruleset from mkupdate-with-scores (massheck) found:" ls -l $RECENT echo "" fi # clean up 4-day-old (and older) update tarballs. This seems as # good a place as any to do this! # note: for manual updates, the file permissions should be 0444 so let's clean # out only 0644 (automatic) updates. a bit of a kluge, but ... #find $UPDDIR -mtime +4 -perm 0644 -type f -name '*.tar.*' -delete } # --------------------------------------------------------------------------- cycle_logfiles () { # cycle the logfiles; keep 6 (3 days worth I think) if [[ -e "$LOGDIR/mkupdates.txt" ]]; then X=6 [[ -e "$LOGDIR/mkupdates_${X}.txt" ]] && rm -f $LOGDIR/mkupdates_${X}.txt while [[ $X -gt 0 ]]; do ((X--)) Y=$((X+1)) [[ -e "$LOGDIR/mkupdates_${X}.txt" ]] && mv -f $LOGDIR/mkupdates_${X}.txt $LOGDIR/mkupdates_${Y}.txt done mv -f $LOGDIR/mkupdates.txt $LOGDIR/mkupdates_${Y}.txt fi } # --------------------------------------------------------------------------- [[ -d $UPDDIR ]] || echo "Updates dir '$UPDDIR' not found." 1>&2 [[ -d $UPDDIR ]] || exit 6 set -x promote_active_rules for VER in $VERSIONS; do make_tarball_for_version $VER done set +x ls -l $UPDDIR/GPG.KEY ls -l $UPDDIR/MIRRORED.BY ls -ltr $UPDDIR/*.tar.* | tail -20 cycle_logfiles rm -rf ruleqa.cache.* exit