#!/bin/sh # $NetBSD: upload,v 1.29 2006/06/02 22:01:46 dillo Exp $ # # Upload non-restricted binary pkgs to ftp server # MD5="digest md5"; SHA1="digest sha1"; opsys=`uname -s` case "$opsys" in NetBSD) BMAKE=make; BSDSUM="sum -o 1"; CKSUM="cksum"; SYSVSUM="sum -o 2"; ;; IRIX*) BMAKE=bmake; BSDSUM="sum -r"; CKSUM="cksum"; SYSVSUM="sum"; ;; *) BMAKE=bmake ;; esac export BMAKE # Bring in variables for bulk-install BATCH=1 DEPENDS_TARGET=bulk-install export BATCH DEPENDS_TARGET # Pull in RSYNC_DST, RSYNC_OPTS: if [ -f "$BULK_BUILD_CONF" ]; then . $BULK_BUILD_CONF else . `dirname $0`/build.conf fi cd $USR_PKGSRC if [ -z "$RSYNC_DST" ]; then echo "You must set the variable RSYNC_DST, see build.conf-example." exit 1 fi # # Some temp files # umask 022 TMPDIR="${TMPDIR:-/tmp}" TMP="${TMPDIR}"/pkg_upload.$$ (umask 077 && mkdir "${TMP}") if [ $? -ne 0 ] then echo $0: cannot create temporary directory \""${TMP}"\" >&2 exit 1 fi exf="$TMP"/exclude vf="$TMP"/vulnerable upload="$TMP"/upload upload_general="$TMP"/upload_general upload_vulnerable="$TMP"/upload_vulnerable # May be different than $USR_PKGSRC: pkgsrcdir=`cd pkgtools/pkglint ; ${BMAKE} show-var VARNAME=_PKGSRCDIR` packages=`cd pkgtools/pkglint ; ${BMAKE} show-var VARNAME=PACKAGES` distdir=`cd pkgtools/pkglint ; ${BMAKE} show-var VARNAME=DISTDIR` gzip_cmd=`cd pkgtools/pkglint; make show-var VARNAME=GZIP_CMD USE_TOOLS=gzip` # Pull in some pkgs needed ( cd pkgtools/pkglint ; ${BMAKE} bulk-install ) ( cd net/rsync ; ${BMAKE} bulk-install ) ( cd security/audit-packages ; ${BMAKE} bulk-install ) echo "Making sure vulnerability-list is up-to-date:" if [ -z "$UPDATE_VULNERABILITY_LIST" -o "$UPDATE_VULNERABILITY_LIST" = "yes" ] then env PKGVULNDIR=${distdir} download-vulnerability-list else echo '(skipped)' fi case $LINTPKGSRC_CACHE in yes|YES) lintpkgsrc_cache="-I `cd pkgtools/pkglint ; ${BMAKE} show-var VARNAME=LINTPKGSRC_DB`" ;; *) lintpkgsrc_cache='' ;; esac echo "Checking for restricted and out of date packages:" # -p = report old versions of packages # -R = report restricted packages lintpkgsrc $lintpkgsrc_cache -K $packages -P $pkgsrcdir -pR | sed 's@'$packages'/@@' > "$exf" echo "Checking for vulnerable packages:" lintpkgsrc $lintpkgsrc_cache -K $packages -P $pkgsrcdir -V | sed 's@'$packages'/@@' > "$vf" RSFLAGS="-vap --progress $RSYNC_OPTS" failed=no cd $packages if [ "${MKSUMS}" = "yes" -o "${MKSUMS}" = "YES" ]; then echo "Calculating checksum files..." SUMFILES="BSDSUM CKSUM MD5 SHA1 SYSVSUM" rm -f ${SUMFILES} if [ x"${SIGN_AS}" != x"" ]; then ( cd ${pkgsrcdir}/security/gnupg; ${BMAKE} bulk-install ) for i in ${SUMFILES}; do echo > $i echo "This file is signed with ${SIGN_AS}'s PGP key." >> $i echo >> $i done fi ( cd ${pkgsrcdir}/pkgtools/digest; ${BMAKE} bulk-install ) [ -z "${BSDSUM}" ] && BSDSUM="echo" [ -z "${CKSUM}" ] && CKSUM="echo" [ -z "${SYSVSUM}" ] && SYSVSUM="echo" for i in All/*; do if grep $i $exf >/dev/null; then : else ${BSDSUM} $i >> BSDSUM ${CKSUM} $i >> CKSUM ${MD5} $i >> MD5 ${SHA1} $i >> SHA1 ${SYSVSUM} $i >> SYSVSUM fi done [ "${BSDSUM}" = "echo" ] && rm BSDSUM [ "${CKSUM}" = "echo" ] && rm CKSUM [ "${SYSVSUM}" = "echo" ] && rm SYSVSUM if [ x"${SIGN_AS}" != x"" ]; then for i in ${SUMFILES}; do if [ -s $i ]; then echo "Signing $i" gpg --clearsign $i && rm $i fi done else echo "Checksum files not PGP-signed. Please do so manually!" echo "(Run 'gpg --clearsign' on all of them)" fi fi if [ "${MKSUMMARY}" = "yes" -o "${MKSUMMARY}" = "YES" ]; then echo "Creating summary file..." (cd "${packages}/All" \ && ls -t *.t[gb]z | while read n; do pkg_info -X "$n"; done) \ | ${gzip_cmd} > "${packages}"/All/pkg_summary.gz fi echo "#!/bin/sh" > "$upload" echo "packages=$packages" >> "$upload" echo "if cd $packages; then" >> "$upload" echo " :" >> "$upload" echo "else" >> "$upload" echo " echo \"could not cd to $packages\"" >> "$upload" echo " exit 1" >> "$upload" echo "fi" >> "$upload" echo "Uploading non-vulnerable pkgs" cmd="rsync $RSFLAGS --exclude-from=\"$exf\" --exclude-from=\"$vf\" . \"$RSYNC_DST\"" cp -f "$upload" "$upload_general" echo "$cmd" >> "$upload_general" chmod 755 "$upload_general" echo "$cmd" sh "$upload_general" if [ $? != 0 ]; then echo "--------------------------------------------------" echo " " echo "WARNING: rsync failed. To retry later, you can run" echo " $upload_general" echo " " echo "--------------------------------------------------" failed=yes fi echo "Uploading vulnerable pkgs" sed -n "s@All/@@p" "$exf" > "$exf.new" sed -n "s@All/@@p" "$vf" > "$vf.new" cmd="rsync $RSFLAGS --exclude-from=\"$exf.new\" --include-from=\"$vf.new\" --exclude='*' All/ \"$RSYNC_DST/vulnerable/\"" cp -f "$upload" "$upload_vulnerable" echo "$cmd" >> "$upload_vulnerable" chmod 755 "$upload_vulnerable" echo "$cmd" sh "$upload_vulnerable" if [ $? != 0 ]; then echo "--------------------------------------------------" echo " " echo "WARNING: rsync failed. To retry later, you can run" echo " $upload_vulnerable" echo " " echo "--------------------------------------------------" failed=yes fi # clean up temp files if [ "$failed" = "no" ]; then rm -fr "$TMP" fi