[checkmk-commits] fix signing and upload procedure

Module: check_mk Branch: master Commit: 73dd25a8a6a07fb2ad2484bbcdcfb5327fb0b007 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=73dd25a8a6a07f… Author: Alex Zurhake <az(a)mathias-kettner.de> Date: Tue Mar 26 09:53:56 2019 +0100 fix signing and upload procedure Change-Id: I633ad95b5a47bbc8fc10ea391d6ab7af3445fc91 --- buildscripts/scripts/nightly-build.jenkins | 24 +++++++++++++----------- buildscripts/scripts/sign-packages.sh | 16 ++++++++++------ 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/buildscripts/scripts/nightly-build.jenkins b/buildscripts/scripts/nightly-build.jenkins index 08e30ca..892d1b4 100644 --- a/buildscripts/scripts/nightly-build.jenkins +++ b/buildscripts/scripts/nightly-build.jenkins @@ -211,20 +211,22 @@ node { docker.image(IMAGE).inside("-u 0:0 -v ${DAILY_DATA}:${DAILY_DATA} -v ${PACKAGE_DIR}:${PACKAGE_DIR} -v ${GPG_KEY_DIR}:${GPG_KEY_DIR}:ro -v ${RELEASE_KEY_DIR}:${RELEASE_KEY_DIR}:ro --network ci_local-infra") { stage('Archive artifacts') { // Only master builds should end up on the Website - if (${BRANCH} == 'master') { - dir("/bauwelt/downloads/${CMK_VERS}") { - sh "cp ${DAILY_DATA}/*-dest/check-mk-enterprise-*_amd64.deb . || true" - sh "cp ${DAILY_DATA}/*-dest/check-mk-enterprise-*.x86_64.rpm . || true" - withCredentials([usernamePassword(credentialsId: '9d7aca31-0043-4cd0-abeb-26a249d68261', passwordVariable: 'GPG_PASSPHRASE', usernameVariable: 'GPG_USERNAME')]) { - sh "${DAILY_DATA}/git/buildscripts/scripts/sign-packages.sh ${CMK_VERS}" - sh """ - rsync -av -e "ssh -i ${RELEASE_KEY_DIR}" \ + if (BRANCH_NAME == 'master') { + sh """ + mkdir -p /bauwelt/downloads/${CMK_VERS} + cd /bauwelt/downloads/${CMK_VERS} + cp ${DAILY_DATA}/*-dest/check-mk-enterprise-*_amd64.deb . || true + cp ${DAILY_DATA}/*-dest/check-mk-enterprise-*.x86_64.rpm . || true + """ + withCredentials([usernamePassword(credentialsId: '9d7aca31-0043-4cd0-abeb-26a249d68261', passwordVariable: 'GPG_PASSPHRASE', usernameVariable: 'GPG_USERNAME')]) { + sh """ + cd /bauwelt/downloads/${CMK_VERS} + ${DAILY_DATA}/git/buildscripts/scripts/sign-packages.sh ${CMK_VERS} + rsync -av -e "ssh -o StrictHostKeyChecking=no -i ${RELEASE_KEY_DIR}" \ ${PACKAGE_DIR}/${CMK_VERS} \ bauwelt@mathias-kettner.de:${PACKAGE_DIR} - """ - } + """ } - archiveArtifacts "*" } else { dir("${DAILY_DATA}/downloads") { sh "cp ${DAILY_DATA}/*-dest/check-mk-enterprise-*_amd64.deb . || true" diff --git a/buildscripts/scripts/sign-packages.sh b/buildscripts/scripts/sign-packages.sh index f804896..fef6b1c 100755 --- a/buildscripts/scripts/sign-packages.sh +++ b/buildscripts/scripts/sign-packages.sh @@ -2,13 +2,13 @@ set -e TARGET=. -VERSION=$CMK_VERS +VERSION=$1 KEY_ID=434DAC48C4503261 KEY_DESC="Check_MK Software Release Signing Key (2018) <feedback(a)check-mk.org>" if [ -z "$VERSION" ]; then - echo "set CMK_VERS VERSION" - echo "Beispiel: CMK_VERS=2018.01.19 $0" + echo "Call with: $0 VERSION" + echo "Example: $0 2018.01.19" exit 1 fi @@ -30,7 +30,7 @@ echo "$GPG_PASSPHRASE" | \ $TARGET/*.rpm echo "Verify signed RPM packages..." -for RPM in $TARGET/$VERSION/*.rpm; do +for RPM in $TARGET/*.rpm; do rpm -qp $RPM --qf='%-{NAME} %{SIGPGP:pgpsig}\n' if ! rpm -qp $RPM --qf='%-{NAME} %{SIGPGP:pgpsig}\n' | grep -i "Key ID $KEY_ID"; then echo "ERROR: RPM not signed: $RPM" @@ -40,7 +40,7 @@ done echo "Sign DEB packages..." ( echo set timeout -1;\ - echo spawn dpkg-sig -p --sign builder -k $KEY_ID $TARGET/$VERSION/*.deb; \ + echo spawn dpkg-sig -p --sign builder -k $KEY_ID $TARGET/*.deb; \ echo expect -exact \"The passphrase for ${KEY_ID}:\";\ echo send -- \"$GPG_PASSPHRASE\\r\";\ echo expect eof;\ @@ -54,4 +54,8 @@ done # Hashes der kopierten Dateien ablegen # (werden später auf der Webseite angezeigt) echo "Create HASHES file..." -sha256sum *.{cma,tar.gz,rpm,deb,cmk} > HASHES +sha256sum *.cma >> HASHES || true +sha256sum *.tar.gz >> HASHES || true +sha256sum *.rpm >> HASHES || true +sha256sum *.deb >> HASHES || true +sha256sum *.cmk >> HASHES || true