[build] Implement security flow

Spec: https://review.fuel-infra.org/19129

Change-Id: I4de35fc611c853e14db7705284936ed0c7a59a5d
This commit is contained in:
Dmitry Burmistrov 2016-07-21 15:40:32 +03:00
parent 079704ddbd
commit a88894bda9
3 changed files with 66 additions and 40 deletions

View File

@ -58,6 +58,8 @@ main () {
&& _rev=$(( $_rev + 1 ))
[ "$IS_HOTFIX" == "true" ] \
&& _rev=$(get_extra_revision hotfix ${_srcpath} ${release_tag})
[ "$IS_SECURITY" == "true" ] \
&& _rev=$(get_extra_revision security ${_srcpath} ${release_tag})
local release=$(dpkg-parsechangelog --show-field Version -l${_debianpath}/debian/changelog | awk -F'-' '{print $NF}' | sed -r 's|[0-9]+$||')
local release="${release}${_rev}"
local fullver=${epochnumber}${version}-${release}
@ -127,24 +129,39 @@ main () {
DEB_HOTFIX_DIST_NAME=${DEB_HOTFIX_DIST_NAME:-hotfix}
[ -n "${EXTRAREPO}" ] && EXTRAREPO="${EXTRAREPO}|"
EXTRAREPO="${EXTRAREPO}http://${REMOTE_REPO_HOST}/${DEB_REPO_PATH} ${DEB_DIST_NAME} ${COMPONENTS}"
if [ "$IS_HOTFIX" == "true" ] ; then
EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${DEB_REPO_PATH} ${DEB_HOTFIX_DIST_NAME} ${COMPONENTS}"
EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${DEB_REPO_PATH} ${DEB_UPDATES_DIST_NAME} ${COMPONENTS}"
else
[ "$IS_UPDATES" == 'true' ] \
&& EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${DEB_REPO_PATH} ${DEB_PROPOSED_DIST_NAME} ${COMPONENTS}"
fi
case true in
"$IS_HOTFIX" )
EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${DEB_REPO_PATH} ${DEB_HOTFIX_DIST_NAME} ${COMPONENTS}"
EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${DEB_REPO_PATH} ${DEB_UPDATES_DIST_NAME} ${COMPONENTS}"
EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${DEB_REPO_PATH} ${DEB_SECURITY_DIST_NAME} ${COMPONENTS}"
;;
"$IS_SECURITY" )
EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${DEB_REPO_PATH} ${DEB_UPDATES_DIST_NAME} ${COMPONENTS}"
EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${DEB_REPO_PATH} ${DEB_SECURITY_DIST_NAME} ${COMPONENTS}"
;;
"$IS_UPDATES" )
EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${DEB_REPO_PATH} ${DEB_PROPOSED_DIST_NAME} ${COMPONENTS}"
EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${DEB_REPO_PATH} ${DEB_UPDATES_DIST_NAME} ${COMPONENTS}"
EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${DEB_REPO_PATH} ${DEB_SECURITY_DIST_NAME} ${COMPONENTS}"
;;
esac
if [ "$GERRIT_CHANGE_STATUS" == "NEW" ] && [ -n "$LP_BUG" -o -n "$CUSTOM_REPO_ID" ] ; then
if [ "$IS_UPDATES" == "true" ] ; then
if [ "$IS_HOTFIX" == "true" ] ; then
EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${REPO_REQUEST_PATH_PREFIX}/${REQUEST}/${DEB_REPO_PATH} ${DEB_HOTFIX_DIST_NAME} ${COMPONENTS}"
else
EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${REPO_REQUEST_PATH_PREFIX}/${REQUEST}/${DEB_REPO_PATH} ${DEB_PROPOSED_DIST_NAME} ${COMPONENTS}"
fi
else
EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${REPO_REQUEST_PATH_PREFIX}/${REQUEST}/${DEB_REPO_PATH} ${DEB_DIST_NAME} ${COMPONENTS}"
fi
case true in
"$IS_HOTFIX" )
local DEB_REQUEST_DIST_NAME=$DEB_HOTFIX_DIST_NAME
;;
"$IS_SECURITY" )
local DEB_REQUEST_DIST_NAME=$DEB_SECURITY_DIST_NAME
;;
"$IS_UPDATES" )
local DEB_REQUEST_DIST_NAME=$DEB_PROPOSED_DIST_NAME
;;
*)
local DEB_REQUEST_DIST_NAME=$DEB_DIST_NAME
;;
esac
EXTRAREPO="${EXTRAREPO}|http://${REMOTE_REPO_HOST}/${REPO_REQUEST_PATH_PREFIX}/${REQUEST}/${DEB_REPO_PATH} ${DEB_REQUEST_DIST_NAME} ${COMPONENTS}"
fi
export EXTRAREPO

View File

@ -56,8 +56,6 @@ set_default_params () {
[ -z "$PROJECT_NAME" ] && error "Project name is not defined! Exiting!"
[ -z "$PROJECT_VERSION" ] && error "Project version is not defined! Exiting!"
[ "$IS_HOTFIX" == "true" -a "$IS_UPDATES" == "false" ] && error "ERROR: Hotfix update before release"
[ -z "$SECUPDATETAG" ] && local SECUPDATETAG="^Security-update"
[ -z "$IS_SECURITY" ] && IS_SECURITY='false'
if [ -n "$GERRIT_PROJECT" ]; then
GERRIT_CHANGE_STATUS="NEW"
if [ -n "$GERRIT_REFSPEC" ]; then
@ -79,12 +77,6 @@ set_default_params () {
unset LP_BUG
REQUEST_NUM=${CUSTOM_REPO_ID}
fi
else
if [ -n "$GERRIT_MESSAGE" ] ; then
if [ `echo $GERRIT_MESSAGE | grep -c \"$SECUPDATETAG\"` -gt 0 ] ; then
IS_SECURITY='true'
fi
fi
fi
# Detect packagename
PACKAGENAME=${GERRIT_PROJECT##*/}

View File

@ -63,6 +63,8 @@ This package provides the %{-n*} kernel modules
&& _rev=$(( $_rev + 1 ))
[ "$IS_HOTFIX" == "true" ] \
&& _rev=$(get_extra_revision hotfix ${_srcpath} ${release_tag})
[ "$IS_SECURITY" == "true" ] \
&& _rev=$(get_extra_revision security ${_srcpath} ${release_tag})
local release="mos${_rev}"
local TAR_NAME=${PACKAGENAME}-${version}.tar.gz
# Update version and changelog
@ -133,24 +135,39 @@ This package provides the %{-n*} kernel modules
RPM_HOTFIX_REPO_PATH=${RPM_HOTFIX_REPO_PATH:-${RPM_OS_REPO_PATH%/*}/hotfix}
[ -n "${EXTRAREPO}" ] && EXTRAREPO="${EXTRAREPO}|"
EXTRAREPO="${EXTRAREPO}repo1,http://${REMOTE_REPO_HOST}/${RPM_OS_REPO_PATH}/x86_64"
if [ "$IS_HOTFIX" == 'true' ] ; then
EXTRAREPO="${EXTRAREPO}|repo2,http://${REMOTE_REPO_HOST}/${RPM_HOTFIX_REPO_PATH}/x86_64"
EXTRAREPO="${EXTRAREPO}|repo3,http://${REMOTE_REPO_HOST}/${RPM_UPDATES_REPO_PATH}/x86_64"
else
[ "$IS_UPDATES" == 'true' ] \
&& EXTRAREPO="${EXTRAREPO}|repo2,http://${REMOTE_REPO_HOST}/${RPM_PROPOSED_REPO_PATH}/x86_64"
fi
case true in
"$IS_HOTFIX" )
EXTRAREPO="${EXTRAREPO}|repo2,http://${REMOTE_REPO_HOST}/${RPM_HOTFIX_REPO_PATH}/x86_64"
EXTRAREPO="${EXTRAREPO}|repo3,http://${REMOTE_REPO_HOST}/${RPM_UPDATES_REPO_PATH}/x86_64"
EXTRAREPO="${EXTRAREPO}|repo4,http://${REMOTE_REPO_HOST}/${RPM_SECURITY_REPO_PATH}/x86_64"
;;
"$IS_SECURITY" )
EXTRAREPO="${EXTRAREPO}|repo2,http://${REMOTE_REPO_HOST}/${RPM_UPDATES_REPO_PATH}/x86_64"
EXTRAREPO="${EXTRAREPO}|repo3,http://${REMOTE_REPO_HOST}/${RPM_SECURITY_REPO_PATH}/x86_64"
;;
"$IS_UPDATES" )
EXTRAREPO="${EXTRAREPO}|repo2,http://${REMOTE_REPO_HOST}/${RPM_PROPOSED_REPO_PATH}/x86_64"
EXTRAREPO="${EXTRAREPO}|repo2,http://${REMOTE_REPO_HOST}/${RPM_UPDATES_REPO_PATH}/x86_64"
EXTRAREPO="${EXTRAREPO}|repo3,http://${REMOTE_REPO_HOST}/${RPM_SECURITY_REPO_PATH}/x86_64"
;;
esac
if [ "$GERRIT_CHANGE_STATUS" == "NEW" ] && [ -n "$LP_BUG" -o -n "$CUSTOM_REPO_ID" ] ; then
if [ "$IS_UPDATES" == "true" ] ; then
if [ "$IS_HOTFIX" == 'true' ] ; then
EXTRAREPO="${EXTRAREPO}|repo4,http://${REMOTE_REPO_HOST}/${REPO_REQUEST_PATH_PREFIX}/${REQUEST}/${RPM_HOTFIX_REPO_PATH}/x86_64"
else
EXTRAREPO="${EXTRAREPO}|repo4,http://${REMOTE_REPO_HOST}/${REPO_REQUEST_PATH_PREFIX}/${REQUEST}/${RPM_PROPOSED_REPO_PATH}/x86_64"
fi
else
EXTRAREPO="${EXTRAREPO}|repo4,http://${REMOTE_REPO_HOST}/${REPO_REQUEST_PATH_PREFIX}/${REQUEST}/${RPM_OS_REPO_PATH}/x86_64"
fi
case true in
"$IS_HOTFIX" )
local RPM_REQUEST_REPO_PATH=$RPM_HOTFIX_REPO_PATH
;;
"$IS_SECURITY" )
local RPM_REQUEST_REPO_PATH=$RPM_SECURITY_REPO_PATH
;;
"$IS_UPDATES" )
local RPM_REQUEST_REPO_PATH=$RPM_PROPOSED_REPO_PATH
;;
* )
local RPM_REQUEST_REPO_PATH=$RPM_OS_REPO_PATH
;;
esac
EXTRAREPO="${EXTRAREPO}|repo5,http://${REMOTE_REPO_HOST}/${REPO_REQUEST_PATH_PREFIX}/${REQUEST}/${RPM_REQUEST_REPO_PATH}/x86_64"
fi
export EXTRAREPO