Move scripts under 'scripts' directory.

TODO: remove path dependency of rpm_verify in builder-rpm and infrastructure
2019-12-29 20:55:59 +01:00 · 2019-12-29 20:55:59 +01:00 · bf09161732
commit bf09161732
parent fd5b7355d0
8 changed files with 55 additions and 54 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -10,9 +10,9 @@ after_script:
 - ls -l ~/qubes-builder/iso
 env:
  - DIST_DOM0=fc29 INSTALLER_KICKSTART=/tmp/qubes-installer/conf/travis-iso-full.ks USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1 RPM_BUILD_DEFINES=--nocheck
-  - DIST_DOM0=fc29 INSTALLER_KICKSTART=/tmp/qubes-installer/conf/travis-iso-unsigned.ks USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1 EXPECT_FAILURE=./expected-failure
+  - DIST_DOM0=fc29 INSTALLER_KICKSTART=/tmp/qubes-installer/conf/travis-iso-unsigned.ks USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1 EXPECT_FAILURE=./scripts/expected-failure
-  - DIST_DOM0=fc29 INSTALLER_KICKSTART=/tmp/qubes-installer/conf/travis-iso-unsigned2.ks USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1 EXPECT_FAILURE=./expected-failure
+  - DIST_DOM0=fc29 INSTALLER_KICKSTART=/tmp/qubes-installer/conf/travis-iso-unsigned2.ks USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1 EXPECT_FAILURE=./scripts/expected-failure
-  - DIST_DOM0=fc29 INSTALLER_KICKSTART=/tmp/qubes-installer/conf/travis-iso-unknown-key.ks USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1 EXPECT_FAILURE=./expected-failure
+  - DIST_DOM0=fc29 INSTALLER_KICKSTART=/tmp/qubes-installer/conf/travis-iso-unknown-key.ks USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1 EXPECT_FAILURE=./scripts/expected-failure
 # don't build tags which are meant for code signing only
 branches:
--- a/4
+++ b/4
@ -88,7 +88,7 @@ iso-installer-gather:
 	pushd $(BASE_DIR)/os/ && $(CREATEREPO) -q -g $(INSTALLER_DIR)/conf/comps-qubes.xml .
 iso-installer-lorax:
-	$(INSTALLER_DIR)/ksparser --ks $(INSTALLER_KICKSTART) --extract-repo-conf-to $(INSTALLER_DIR)/conf/dnf-lorax.repo
+	$(INSTALLER_DIR)/scripts/ksparser --ks $(INSTALLER_KICKSTART) --extract-repo-conf-to $(INSTALLER_DIR)/conf/dnf-lorax.repo
 	$(LORAX) $(LORAX_OPTS) $(BASE_DIR)/os
 iso-installer-mkisofs:
@ -109,7 +109,7 @@ iso-installer: iso-prepare iso-installer-gather iso-installer-lorax iso-installe
 	rm -rf work
 iso-liveusb: $(LIVE_KICKSTART) iso-prepare
-	pushd work && ../livecd-creator-qubes --debug --product='Qubes OS' --title="Qubes OS $(ISO_VERSION)" --fslabel="Qubes-$(ISO_VERSION)-x86_64-LIVE" --config $(LIVE_KICKSTART) && popd
+	pushd work && $(INSTALLER_DIR)/scripts/livecd-creator-qubes --debug --product='Qubes OS' --title="Qubes OS $(ISO_VERSION)" --fslabel="Qubes-$(ISO_VERSION)-x86_64-LIVE" --config $(LIVE_KICKSTART) && popd
 	# Move result files to known-named directories
 	mkdir -p build/ISO/qubes-x86_64/iso build/work
 	mv work/*.iso build/ISO/qubes-x86_64/iso/
--- a/48
+++ b/48
@ -1,48 +0,0 @@
 #!/bin/sh
 verify_rpm() {
 RPM=$1
 if ! [ -f $RPM ]; then
    echo -n "No such file... "
    return
 fi
 if ! rpm --checksig $RPM > /dev/null; then
    echo "Wrong PGP signature on $RPM!"
    exit 1
 fi
 # Even if rpm returns success (ret = 0) that doesn't
 # mean that the rpm has been signed! It might simply
 # have no PGP signature at all. Yes, stupidity...
 if ! rpm --checksig $RPM | grep ' pgp ' > /dev/null ; then
    if [ "$NO_SIGN" == "1" ] ; then
        # When signing is disabed in qubes-builder
        # This is used to build unsigned ISO
        # This should only be used for testing builds
        return 0
    fi
    echo "No PGP signature found!"
    exit 2
 fi
 }
 if [ $# -lt 1 ]; then
    echo "Usage: $0 <rpm file>"
    exit 1
 fi
 if [ -w /var/lib/rpm ]; then
    # Make sure that the right Qubes release key is imported (in chroot)
    rpm --import `dirname $0`/qubes-release/RPM-GPG-KEY-qubes-*-primary
 fi
 for FILE in "$@"; do
        verify_rpm $FILE || exit 1
 done
--- a/1
+++ b/1
@ -0,0 +1 @@
 scripts/rpm_verify
--- a/scripts/expected-failure
+++ b/scripts/expected-failure
--- a/scripts/ksparser
+++ b/scripts/ksparser
--- a/scripts/livecd-creator-qubes
+++ b/scripts/livecd-creator-qubes
--- a/scripts/rpm_verify
+++ b/scripts/rpm_verify
@ -0,0 +1,48 @@
 #!/bin/sh
 verify_rpm() {
 RPM=$1
 if ! [ -f $RPM ]; then
    echo -n "No such file... "
    return
 fi
 if ! rpm --checksig $RPM > /dev/null; then
    echo "Wrong PGP signature on $RPM!"
    exit 1
 fi
 # Even if rpm returns success (ret = 0) that doesn't
 # mean that the rpm has been signed! It might simply
 # have no PGP signature at all. Yes, stupidity...
 if ! rpm --checksig $RPM | grep ' pgp ' > /dev/null ; then
    if [ "$NO_SIGN" == "1" ] ; then
        # When signing is disabed in qubes-builder
        # This is used to build unsigned ISO
        # This should only be used for testing builds
        return 0
    fi
    echo "No PGP signature found!"
    exit 2
 fi
 }
 if [ $# -lt 1 ]; then
    echo "Usage: $0 <rpm file>"
    exit 1
 fi
 if [ -w /var/lib/rpm ]; then
    # Make sure that the right Qubes release key is imported (in chroot)
    rpm --import `dirname $0`/qubes-release/RPM-GPG-KEY-qubes-*-primary
 fi
 for FILE in "$@"; do
        verify_rpm $FILE || exit 1
 done
--- a/yum/update_repo.sh
+++ b/yum/update_repo.sh
@ -4,7 +4,7 @@
 # $1 -- path to rpm dir
 check_repo()
 {
-    if ! ../rpm_verify $1/*.rpm ; then
+    if ! ../scripts/rpm_verify $1/*.rpm ; then
        echo "ERROR: There are unsigned RPM packages in $1 repo:"
        echo "---------------------------------------"
        rpm --checksig $1/*.rpm | grep -v pgp