From 0d862efa9c87d943073be8f612f231ea790accbd Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 19 Jul 2023 16:06:51 +0200 Subject: [PATCH] Publish generic deb and rpm repos. This change ensures that the centos7 and ubuntu18.04 packages are published to the generic rpm and deb repos, respectively. All other packages except the centos8-ppc64le packages are skipped as these use cases are covered by the generic packages. Signed-off-by: Evan Lezar --- scripts/packages-sign-all.sh | 130 ++++++++++++++++++++--------------- scripts/release-packages.sh | 49 +++++++------ 2 files changed, 98 insertions(+), 81 deletions(-) diff --git a/scripts/packages-sign-all.sh b/scripts/packages-sign-all.sh index 6d2a52f7..5ff39779 100755 --- a/scripts/packages-sign-all.sh +++ b/scripts/packages-sign-all.sh @@ -8,56 +8,60 @@ set -x -e function deb-sign { - local last_found - for r in "$@"; do - if [ -f "./${r}" ]; then - last_found=${r} - fi - done - if [[ -z ${last_found} ]]; then - echo "WARNING: No expected package found in $(pwd); skipping signing of repo;" - return - fi - apt-ftparchive packages . \ - | tee Packages \ - | xz > Packages.xz - apt-ftparchive -c repo.conf release . \ - | gpg --batch --yes --expert --clearsign \ - --armor \ - --no-emit-version \ - --no-comments \ - --personal-digest-preferences sha512 \ - --local-user "${GPG_LOCAL_USER}" \ - > InRelease + local last_found + for r in "$@"; do + if [ -f "./${r}" ]; then + last_found=${r} + fi + done + if [[ -z ${last_found} ]]; then + echo "WARNING: No expected package found in $(pwd); skipping signing of repo;" + return + fi + apt-ftparchive packages . \ + | tee Packages \ + | xz > Packages.xz + apt-ftparchive -c repo.conf release . \ + | gpg --batch --yes --expert --clearsign \ + --armor \ + --no-emit-version \ + --no-comments \ + --personal-digest-preferences sha512 \ + --local-user "${GPG_LOCAL_USER}" \ + > InRelease } function rpm-sign { - for r in "$@"; do - if [ -f "./${r}" ]; then - rpmsign --addsign --key-id A04EA552 --digest-algo=sha512 "${r}" - fi - done - createrepo -v --no-database -s sha512 --compress-type xz --revision "1.0" . - gpg2 --batch --yes --expert --sign --detach-sign \ - --armor \ - --no-emit-version \ - --no-comments --personal-digest-preferences sha512 \ - --local-user "${GPG_LOCAL_USER}" \ - repodata/repomd.xml + for r in "$@"; do + if [ -f "./${r}" ]; then + rpmsign --addsign --key-id A04EA552 --digest-algo=sha512 "${r}" + fi + done + createrepo -v --no-database -s sha512 --compress-type xz --revision "1.0" . + gpg2 --batch --yes --expert --sign --detach-sign \ + --armor \ + --no-emit-version \ + --no-comments --personal-digest-preferences sha512 \ + --local-user "${GPG_LOCAL_USER}" \ + repodata/repomd.xml } function sign() { - local target=$1 + local target=$1 local dst_root=$2 + local by_package_type=$3 - local src_dist=${target%-*} - local dist=${src_dist/amazonlinux/amzn} + local src_dist=${target%-*} + local dst_dist=${src_dist/amazonlinux/amzn} + + local pkg_type=unknown + local arch=${target##*-} + local dst_arch=${arch} - local pkg_type case ${src_dist} in amazonlinux*) pkg_type=rpm ;; - centos*) pkg_type=rpm + centos* | rpm) pkg_type=rpm ;; debian*) pkg_type=deb ;; @@ -65,33 +69,47 @@ function sign() { ;; opensuse-leap*) pkg_type=rpm ;; - ubuntu*) pkg_type=deb + ubuntu* | deb) pkg_type=deb + arch=${arch//ppc64le/ppc64el} ;; *) echo "ERROR: unexpected distribution ${src_dist}" ;; esac - local arch=${target##*-} - case ${src_dist} in - ubuntu*) arch=${arch//ppc64le/ppc64el} - esac + if [[ x"${by_package_type}" == x"true" ]]; then + dst_dist=${pkg_type} + fi - local dst=${dst_root}/${dist}/${arch} + local dst=${dst_root}/${dst_dist}/${arch} - if [[ ! -d ${dst} ]]; then - echo "Directory ${dst} not found. Skipping" - return - fi + if [[ ! -d ${dst} ]]; then + echo "Directory ${dst} not found. Skipping" + return + fi - cd "${dst}" - if [[ -f "/etc/debian_version" ]]; then - [[ "${pkg_type}" == "deb" ]] && deb-sign ${ALL_DEBS} - else - [[ "${pkg_type}" == "rpm" ]] && rpm-sign ${ALL_RPMS} - fi - cd - + cd "${dst}" + if [[ -f "/etc/debian_version" ]]; then + [[ "${pkg_type}" == "deb" ]] && deb-sign ${ALL_DEBS} + else + [[ "${pkg_type}" == "rpm" ]] && rpm-sign ${ALL_RPMS} + fi + cd - } for target in ${TARGETS[@]}; do - sign "${target}" "$(pwd)" + echo "checking target=${target}" + by_package_type= + case ${target} in + ubuntu18.04-* | centos7-*) + by_package_type="true" + ;; + centos8-ppc64le) + by_package_type="false" + ;; + *) + echo "Skipping target ${target}" + continue + ;; + esac + sign "${target}" "$(pwd)" ${by_package_type} done diff --git a/scripts/release-packages.sh b/scripts/release-packages.sh index 10f7fbf8..7991f932 100755 --- a/scripts/release-packages.sh +++ b/scripts/release-packages.sh @@ -48,7 +48,7 @@ SHA=$(git rev-parse --short=8 ${REFERENCE}) IMAGE_NAME="registry.gitlab.com/nvidia/container-toolkit/container-toolkit/staging/container-toolkit" IMAGE_TAG=${SHA}-packaging -VERSION="$(get_version_from_image ${IMAGE_NAME}:${IMAGE_TAG} ${SHA})" +: ${VERSION:="$(get_version_from_image ${IMAGE_NAME}:${IMAGE_TAG} ${SHA})"} REPO="experimental" if [[ ${VERSION/rc./} == ${VERSION} ]]; then @@ -83,11 +83,15 @@ function sync() { local target=$1 local src_root=$2 local dst_root=$3 + local by_package_type=$4 local src_dist=${target%-*} local dst_dist=${src_dist/amazonlinux/amzn} - local pkg_type + local pkg_type=unknown + local arch=${target##*-} + local dst_arch=${arch} + case ${src_dist} in amazonlinux*) pkg_type=rpm ;; @@ -100,28 +104,17 @@ function sync() { opensuse-leap*) pkg_type=rpm ;; ubuntu*) pkg_type=deb + dst_arch=${arch//ppc64le/ppc64el} ;; *) echo "ERROR: unexpected distribution ${src_dist}" exit 1 ;; esac - if [[ $# -ge 4 && $4 == "package_type" ]] ; then - if [[ "${src_dist}" != "ubuntu18.04" && "${src_dist}" != "centos7" ]]; then - echo "Package type repos require ubuntu18.04 or centos7 as the source" - echo "skipping" - return - fi - dst_dist=$pkg_type + if [[ x"${by_package_type}" == x"true" ]]; then + dst_dist=${pkg_type} fi - - local arch=${target##*-} - local dst_arch=${arch} - case ${src_dist} in - ubuntu*) dst_arch=${arch//ppc64le/ppc64el} - esac - local src=${src_root}/${src_dist}/${arch} local dst=${dst_root}/${dst_dist}/${dst_arch} @@ -173,20 +166,27 @@ if [[ x"${_current_branch}" != x"gh-pages" ]]; then fi : ${UPSTREAM_REMOTE:="origin"} -_remote_name=$( git remote -v | grep "git@gitlab.com:nvidia/container-toolkit/libnvidia-container.git (push)" | cut -d$'\t' -f1 ) -if [[ x"${_remote_name}" != x"${UPSTREAM_REMOTE}" ]]; then - echo "Identified ${_remote_name} as git@gitlab.com:nvidia/container-toolkit/libnvidia-container.git remote." - echo "Set UPSTREAM_REMOTE=${_remote_name} instead of ${UPSTREAM_REMOTE}" -fi : ${UPSTREAM_REFERENCE:="${UPSTREAM_REMOTE}/gh-pages"} git -C ${PACKAGE_REPO_ROOT} reset --hard ${UPSTREAM_REFERENCE} git -C ${PACKAGE_REPO_ROOT} clean -fdx ${REPO} for target in ${targets[@]}; do - sync ${target} ${PACKAGE_CACHE}/packages ${PACKAGE_REPO_ROOT}/${REPO} - # We also create a `package_type` repo; internally we skip this for non-ubuntu18.04 or centos7 distributions - sync ${target} ${PACKAGE_CACHE}/packages ${PACKAGE_REPO_ROOT}/${REPO} "package_type" + echo "checking target=${target}" + by_package_type= + case ${target} in + ubuntu18.04-* | centos7-*) + by_package_type="true" + ;; + centos8-ppc64le) + by_package_type="false" + ;; + *) + echo "Skipping target ${target}" + continue + ;; + esac + sync ${target} ${PACKAGE_CACHE}/packages ${PACKAGE_REPO_ROOT}/${REPO} ${by_package_type} done git -C ${PACKAGE_REPO_ROOT} add ${REPO} @@ -237,7 +237,6 @@ function sign() { gpg --import /keys/sub.key; /helpers/packages-sign-all.sh; " - } sign deb