blob: a6ce79ebe08d510c63f5eb45e77b8cac8782bf27 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
#!/usr/bin/env bash
#
# This script is run within a virtual environment to build the available archiso profiles and create checksum files for
# the resulting images.
# The script needs to be run as root and assumes $PWD to be the root of the repository.
readonly orig_pwd="${PWD}"
readonly output="${orig_pwd}/output"
tmpdir=""
tmpdir="$(mktemp --dry-run --directory --tmpdir="${orig_pwd}/tmp")"
gnupg_homedir=""
pgp_key_id=""
cleanup() {
# clean up temporary directories
if [ -n "${tmpdir:-}" ]; then
rm -rf "${tmpdir}"
fi
}
create_checksums() {
# create checksums for a file
# $1: a file
sha256sum "${1}" >"${1}.sha256"
sha512sum "${1}" >"${1}.sha512"
b2sum "${1}" >"${1}.b2"
if [[ -n "${SUDO_UID:-}" ]] && [[ -n "${SUDO_GID:-}" ]]; then
chown "${SUDO_UID}:${SUDO_GID}" "${1}"{,.b2,.sha{256,512}}
fi
}
create_zsync_delta() {
# create a zsync control file for a file
# $1: a file
zsyncmake -C -u "${1##*/}" -o "${1}".zsync "${1}"
if [[ -n "${SUDO_UID:-}" ]] && [[ -n "${SUDO_GID:-}" ]]; then
chown "${SUDO_UID}:${SUDO_GID}" "${1}".zsync
fi
}
create_metrics() {
# create metrics
{
printf 'image_size_mebibytes{image="%s"} %s\n' "${1}" "$(du -m "${output}/${1}/"*.iso | cut -f1)"
printf 'package_count{image="%s"} %s\n' "${1}" "$(sort -u "${tmpdir}/${1}/iso/"*/pkglist.*.txt | wc -l)"
if [[ -e "${tmpdir}/${1}/efiboot.img" ]]; then
printf 'eltorito_efi_image_size_mebibytes{image="%s"} %s\n' \
"${1}" "$(du -m "${tmpdir}/${1}/efiboot.img" | cut -f1)"
fi
# shellcheck disable=SC2046
# shellcheck disable=SC2183
printf 'initramfs_size_mebibytes{image="%s",initramfs="%s"} %s\n' \
$(du -m "${tmpdir}/${1}/iso/"*/boot/**/initramfs*.img | awk -v profile="${1}" '
function basename(file) {
sub(".*/", "", file)
return file
}
{ print profile, basename($2), $1 }')
} > "${output}/${1}/job-metrics"
}
create_temp_pgp_key() {
# create an ephemeral PGP key for signing the rootfs image
gnupg_homedir="$tmpdir/.gnupg"
mkdir -p "${gnupg_homedir}"
chmod 700 "${gnupg_homedir}"
cat << __EOF__ > "${gnupg_homedir}"/gpg.conf
quiet
batch
no-tty
no-permission-warning
export-options no-export-attributes,export-clean
list-options no-show-keyring
armor
no-emit-version
__EOF__
gpg --homedir "${gnupg_homedir}" --gen-key <<EOF
%echo Generating ephemeral Arch Linux release engineering key pair...
Key-Type: default
Key-Length: 3072
Key-Usage: sign
Name-Real: Arch Linux Release Engineering
Name-Comment: Ephemeral Signing Key
Name-Email: arch-releng@lists.archlinux.org
Expire-Date: 0
%no-protection
%commit
%echo Done
EOF
pgp_key_id="$(
gpg --homedir "${gnupg_homedir}" \
--list-secret-keys \
--with-colons \
| awk -F':' '{if($1 ~ /sec/){ print $5 }}'
)"
}
run_mkarchiso() {
# run mkarchiso
# $1: template name
create_temp_pgp_key
mkdir -p "${output}/${1}" "${tmpdir}/${1}"
GNUPGHOME="${gnupg_homedir}" ./archiso/mkarchiso \
-g "${pgp_key_id}" \
-o "${output}/${1}" \
-w "${tmpdir}/${1}" \
-v "configs/${1}"
create_checksums "${output}/${1}/"*.iso
create_zsync_delta "${output}/${1}/"*.iso
create_metrics "${1}"
}
trap cleanup EXIT
run_mkarchiso "${1}"
|