Module: check_mk
Branch: master
Commit: 73dd25a8a6a07fb2ad2484bbcdcfb5327fb0b007
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=73dd25a8a6a07f…
Author: Alex Zurhake <az(a)mathias-kettner.de>
Date: Tue Mar 26 09:53:56 2019 +0100
fix signing and upload procedure
Change-Id: I633ad95b5a47bbc8fc10ea391d6ab7af3445fc91
---
buildscripts/scripts/nightly-build.jenkins | 24 +++++++++++++-----------
buildscripts/scripts/sign-packages.sh | 16 ++++++++++------
2 files changed, 23 insertions(+), 17 deletions(-)
diff --git a/buildscripts/scripts/nightly-build.jenkins
b/buildscripts/scripts/nightly-build.jenkins
index 08e30ca..892d1b4 100644
--- a/buildscripts/scripts/nightly-build.jenkins
+++ b/buildscripts/scripts/nightly-build.jenkins
@@ -211,20 +211,22 @@ node {
docker.image(IMAGE).inside("-u 0:0 -v ${DAILY_DATA}:${DAILY_DATA} -v
${PACKAGE_DIR}:${PACKAGE_DIR} -v ${GPG_KEY_DIR}:${GPG_KEY_DIR}:ro -v
${RELEASE_KEY_DIR}:${RELEASE_KEY_DIR}:ro --network ci_local-infra") {
stage('Archive artifacts') {
// Only master builds should end up on the Website
- if (${BRANCH} == 'master') {
- dir("/bauwelt/downloads/${CMK_VERS}") {
- sh "cp ${DAILY_DATA}/*-dest/check-mk-enterprise-*_amd64.deb
. || true"
- sh "cp ${DAILY_DATA}/*-dest/check-mk-enterprise-*.x86_64.rpm
. || true"
- withCredentials([usernamePassword(credentialsId:
'9d7aca31-0043-4cd0-abeb-26a249d68261', passwordVariable:
'GPG_PASSPHRASE', usernameVariable: 'GPG_USERNAME')]) {
- sh
"${DAILY_DATA}/git/buildscripts/scripts/sign-packages.sh ${CMK_VERS}"
- sh """
- rsync -av -e "ssh -i ${RELEASE_KEY_DIR}" \
+ if (BRANCH_NAME == 'master') {
+ sh """
+ mkdir -p /bauwelt/downloads/${CMK_VERS}
+ cd /bauwelt/downloads/${CMK_VERS}
+ cp ${DAILY_DATA}/*-dest/check-mk-enterprise-*_amd64.deb . ||
true
+ cp ${DAILY_DATA}/*-dest/check-mk-enterprise-*.x86_64.rpm . ||
true
+ """
+ withCredentials([usernamePassword(credentialsId:
'9d7aca31-0043-4cd0-abeb-26a249d68261', passwordVariable:
'GPG_PASSPHRASE', usernameVariable: 'GPG_USERNAME')]) {
+ sh """
+ cd /bauwelt/downloads/${CMK_VERS}
+ ${DAILY_DATA}/git/buildscripts/scripts/sign-packages.sh
${CMK_VERS}
+ rsync -av -e "ssh -o StrictHostKeyChecking=no -i
${RELEASE_KEY_DIR}" \
${PACKAGE_DIR}/${CMK_VERS} \
bauwelt@mathias-kettner.de:${PACKAGE_DIR}
- """
- }
+ """
}
- archiveArtifacts "*"
} else {
dir("${DAILY_DATA}/downloads") {
sh "cp ${DAILY_DATA}/*-dest/check-mk-enterprise-*_amd64.deb
. || true"
diff --git a/buildscripts/scripts/sign-packages.sh
b/buildscripts/scripts/sign-packages.sh
index f804896..fef6b1c 100755
--- a/buildscripts/scripts/sign-packages.sh
+++ b/buildscripts/scripts/sign-packages.sh
@@ -2,13 +2,13 @@
set -e
TARGET=.
-VERSION=$CMK_VERS
+VERSION=$1
KEY_ID=434DAC48C4503261
KEY_DESC="Check_MK Software Release Signing Key (2018)
<feedback(a)check-mk.org>"
if [ -z "$VERSION" ]; then
- echo "set CMK_VERS VERSION"
- echo "Beispiel: CMK_VERS=2018.01.19 $0"
+ echo "Call with: $0 VERSION"
+ echo "Example: $0 2018.01.19"
exit 1
fi
@@ -30,7 +30,7 @@ echo "$GPG_PASSPHRASE" | \
$TARGET/*.rpm
echo "Verify signed RPM packages..."
-for RPM in $TARGET/$VERSION/*.rpm; do
+for RPM in $TARGET/*.rpm; do
rpm -qp $RPM --qf='%-{NAME} %{SIGPGP:pgpsig}\n'
if ! rpm -qp $RPM --qf='%-{NAME} %{SIGPGP:pgpsig}\n' | grep -i "Key ID
$KEY_ID"; then
echo "ERROR: RPM not signed: $RPM"
@@ -40,7 +40,7 @@ done
echo "Sign DEB packages..."
(
echo set timeout -1;\
- echo spawn dpkg-sig -p --sign builder -k $KEY_ID $TARGET/$VERSION/*.deb; \
+ echo spawn dpkg-sig -p --sign builder -k $KEY_ID $TARGET/*.deb; \
echo expect -exact \"The passphrase for ${KEY_ID}:\";\
echo send -- \"$GPG_PASSPHRASE\\r\";\
echo expect eof;\
@@ -54,4 +54,8 @@ done
# Hashes der kopierten Dateien ablegen
# (werden später auf der Webseite angezeigt)
echo "Create HASHES file..."
-sha256sum *.{cma,tar.gz,rpm,deb,cmk} > HASHES
+sha256sum *.cma >> HASHES || true
+sha256sum *.tar.gz >> HASHES || true
+sha256sum *.rpm >> HASHES || true
+sha256sum *.deb >> HASHES || true
+sha256sum *.cmk >> HASHES || true