From c3a5620b90bb08556fecc481dedf4158e9b03be7 Mon Sep 17 00:00:00 2001 From: Max Weiss Date: Tue, 27 Apr 2021 19:06:56 -0700 Subject: [PATCH] Create bash functions to act as buildbot steps for IPXE bins --- buildbot/buildbot_steps.sh | 482 ++++++++++++++++++++++++++++++++++++ buildbot/ipxe_config_sed.sh | 31 --- 2 files changed, 482 insertions(+), 31 deletions(-) create mode 100755 buildbot/buildbot_steps.sh delete mode 100755 buildbot/ipxe_config_sed.sh diff --git a/buildbot/buildbot_steps.sh b/buildbot/buildbot_steps.sh new file mode 100755 index 0000000..46102d1 --- /dev/null +++ b/buildbot/buildbot_steps.sh @@ -0,0 +1,482 @@ +#!/usr/bin/env bash + + +function clone_ipxe_upstream() { + local ipxe_src_dir="$1" + + if [ -d "$ipxe_src_dir" ]; then + >&2 echo "Clone dir location already exists." + return 1 + fi + + git clone git://git.ipxe.org/ipxe.git "$ipxe_src_dir" || return 1 + cd "$ipxe_src_dir" + + # Known good commit + git checkout 56f7d44fde1d6ac196d115cc7dddd58e7ec098fa || return 1 + + return 0 +} + +function sed_enabled_ipxe_features() { + local ipxe_src_dir="$1" + + if [ ! -d "$ipxe_src_dir" ] || [[ ! -f "${ipxe_src_dir}/src/config/general.h" ]]; then + >&2 echo "Either no IXPE src dir was supplied, or the supplied dir does not exist." + return 1 + fi + + sed -i 's/^\/\/\#define\ DOWNLOAD_PROTO_HTTPS/\#define\ DOWNLOAD_PROTO_HTTPS/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\/\/\#define\ NSLOOKUP_CMD/\#define\ NSLOOKUP_CMD/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\/\/\#define\ TIME_CMD/\#define\ TIME_CMD/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\/\/\#define\ DIGEST_CMD/\#define\ DIGEST_CMD/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\/\/\#define\ REBOOT_CMD/\#define\ REBOOT_CMD/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\/\/\#define\ POWEROFF_CMD/\#define\ POWEROFF_CMD/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\/\/\#define\ IMAGE_TRUST_CMD/\#define\ IMAGE_TRUST_CMD/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\/\/\#define\ NTP_CMD/\#define\ NTP_CMD/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\/\/\#define\ CERT_CMD/\#define\ CERT_CMD/g' "${ipxe_src_dir}/src/config/general.h" + + sed -i 's/^\#undef\ DOWNLOAD_PROTO_HTTPS/\#define\ DOWNLOAD_PROTO_HTTPS/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\#undef\ NSLOOKUP_CMD/\#define\ NSLOOKUP_CMD/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\#undef\ TIME_CMD/\#define\ TIME_CMD/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\#undef\ DIGEST_CMD/\#define\ DIGEST_CMD/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\#undef\ REBOOT_CMD/\#define\ REBOOT_CMD/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\#undef\ POWEROFF_CMD/\#define\ POWEROFF_CMD/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\#undef\ IMAGE_TRUST_CMD/\#define\ IMAGE_TRUST_CMD/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\#undef\ NTP_CMD/\#define\ NTP_CMD/g' "${ipxe_src_dir}/src/config/general.h" + sed -i 's/^\#undef\ CERT_CMD/\#define\ CERT_CMD/g' "${ipxe_src_dir}/src/config/general.h" + + return 0 +} + +function make_ipxe_lkrn() { + local ipxe_src_dir="$1" + local embed_file="$2" + local signing_cert="$3" + local ca_cert="$4" + + embed_file="$(realpath "${embed_file}")" + signing_cert="$(realpath "${signing_cert}")" + ca_cert="$(realpath "${ca_cert}")" + + if [ ! -d "$ipxe_src_dir" ]; then + >&2 echo "IPXE supplied directory does not exist." + return 1 + fi + if [[ ! -f "$embed_file" ]]; then + >&2 echo "IPXE embedded file does not exist." + return 1 + fi + if [[ ! -f "$signing_cert" ]]; then + >&2 echo "IPXE signing cert does not exist." + return 1 + fi + if [[ ! -f "${ca_cert}" ]]; then + >&2 echo "IPXE CA cert does not exist." + return 1 + fi + + + cd "${ipxe_src_dir}/src/" || return 1 + + make bin/ipxe.lkrn EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2 + + return 0 +} + +function make_ipxe_iso() { + local ipxe_src_dir="$1" + local embed_file="$2" + local signing_cert="$3" + local ca_cert="$4" + + embed_file="$(realpath "${embed_file}")" + signing_cert="$(realpath "${signing_cert}")" + ca_cert="$(realpath "${ca_cert}")" + + if [ ! -d "$ipxe_src_dir" ]; then + >&2 echo "IPXE supplied directory does not exist." + return 1 + fi + if [[ ! -f "$embed_file" ]]; then + >&2 echo "IPXE embedded file does not exist." + return 1 + fi + if [[ ! -f "$signing_cert" ]]; then + >&2 echo "IPXE signing cert does not exist." + return 1 + fi + if [[ ! -f "${ca_cert}" ]]; then + >&2 echo "IPXE CA cert does not exist." + return 1 + fi + + cd "${ipxe_src_dir}/src/" || return 1 + + make bin/ipxe.iso EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2 + + return 0 +} + +function make_ipxe_bin_shasums() { + local ipxe_src_dir="$1" + + if [ ! -d "$ipxe_src_dir" ]; then + >&2 echo "IPXE supplied directory does not exist." + return 1 + fi + if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.lkrn" ]]; then + >&2 echo "IPXE lkrn build file does not exist." + return 1 + fi + if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.iso" ]]; then + >&2 echo "IPXE iso build file does not exist." + return 1 + fi + + cd "${ipxe_src_dir}/src/bin/" || return 1 + + sha256sum ipxe.lkrn ipxe.iso > SHA256SUMS || return 2 + + return 0 +} + +# Gitconfig needs to already be setup to allow automatic push. +# This function may not be called, and instead builtbot steps like GitTag will +# be used. +function tag_head_and_push() { + local git_repo_dir="$1" + local remote="$2" + local branch="$3" + + if [ ! -d "$git_repo_dir" ]; then + >&2 echo "Supplied directory does not exist." + return 1 + fi + if [[ -z "$remote" ]]; then + >&2 echo "No remote specified." + return 1 + fi + if [[ -z "$branch" ]]; then + >&2 echo "No branch specified." + return 1 + fi + + cd "$git_repo_dir" + + git tag -n | grep $(git rev-parse HEAD) + if [ $? -eq 0 ]; then + >&2 echo 'HEAD tag already exists, bailing out...' + return 1 + fi + + git tag -a "g_$(git rev-parse HEAD)" HEAD -m "BuildBot: tag commit for release $(git rev-parse HEAD)" || return 2 + git push --tags "$remote" "$branch" + if [ $? -ne 0 ]; then + >&2 echo 'Error during attempted git push of new tag' + return 3 + fi + + return 0 +} + +function create_release() { + local git_repo_dir="$1" + local branch="$2" + local repo_user="$3" + local repo_name="$4" + local api_token_file="$5" + + if [ ! -d "$git_repo_dir" ]; then + >&2 echo "Supplied directory does not exist." + return 1 + fi + if [[ -z "$branch" ]]; then + >&2 echo "No branch specified." + return 1 + fi + if [[ -z "$repo_user" ]]; then + >&2 echo "No repo username specified." + return 1 + fi + if [[ -z "$repo_name" ]]; then + >&2 echo "No repo name specified." + return 1 + fi + if [[ ! -f "$api_token_file" ]]; then + >&2 echo "API token file does not exist." + return 1 + fi + + cd "$git_repo_dir" + head="$(git rev-parse HEAD)" + + # Note that the tag_name below must match the tag name in the tag_head_and_push step + tee "release.json" > /dev/null < release_results.txt + + cat release_results.txt | grep ^HTTP/ | grep 201 >/dev/null + if [ $? -ne 0 ]; then + >&2 echo "There was an error creating the release. Manual intervention is needed." + return 2 + fi + + tail -n 1 release_results.txt | jq .id | grep -P '^(\d)+$' >/dev/null + if [ $? -ne 0 ]; then + >&2 echo "There was an error creating the release. Manual intervention is needed." + return 2 + fi + + return 0 +} + +function upload_release_ipxe_lkrn() { + local ipxe_src_dir="$1" + local git_repo_dir="$2" + local branch="$3" + local repo_user="$4" + local repo_name="$5" + local api_token_file="$6" + + if [ ! -d "$git_repo_dir" ]; then + >&2 echo "Supplied directory does not exist." + return 1 + fi + if [[ -z "$branch" ]]; then + >&2 echo "No branch specified." + return 1 + fi + if [[ -z "$repo_user" ]]; then + >&2 echo "No repo username specified." + return 1 + fi + if [[ -z "$repo_name" ]]; then + >&2 echo "No repo name specified." + return 1 + fi + if [[ ! -f "$api_token_file" ]]; then + >&2 echo "API token file does not exist." + return 1 + fi + if [ ! -d "$ipxe_src_dir" ]; then + >&2 echo "IPXE supplied directory does not exist." + return 1 + fi + if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.lkrn" ]]; then + >&2 echo "IPXE lkrn build file does not exist." + return 1 + fi + if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.iso" ]]; then + >&2 echo "IPXE iso build file does not exist." + return 1 + fi + if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then + >&2 echo "IPXE sha256sums file does not exist." + return 1 + fi + + cd "$git_repo_dir" + + cat release_results.txt | grep ^HTTP/ | grep 201 >/dev/null + if [ $? -ne 0 ]; then + >&2 echo "The release info from the curl step cannot be found." + return 2 + fi + tail -n 1 release_results.txt | jq .id | grep -P '^(\d)+$' >/dev/null + if [ $? -ne 0 ]; then + >&2 echo "The release info from the curl step cannot be found." + return 2 + fi + + releaseid="$(tail -n 1 release_results.txt | jq .id)" + curl -X POST "https://git.bitmessage.org/api/v1/repos/${repo_user}/${repo_name}/releases/${releaseid}/assets?name=ipxe.lkrn" \ + -H "accept: application/json" \ + -H "Authorization: token $(cat $api_token_file)" \ + -i \ + -F "attachment=@${ipxe_src_dir}/src/bin/ipxe.lkrn" > release_lkrn.txt + + cat release_lkrn.txt | grep ^HTTP/ | grep 201 >/dev/null + if [ $? -ne 0 ]; then + >&2 echo "The upload of ipxe.lkrn as a release attachment failed." + return 2 + fi + tail -n 1 release_lkrn.txt | jq .id | grep -P '^(\d)+$' >/dev/null + if [ $? -ne 0 ]; then + >&2 echo "The upload of ipxe.lkrn as a release attachment failed." + return 2 + fi + + return 0 +} + +function upload_release_ipxe_iso() { + local ipxe_src_dir="$1" + local git_repo_dir="$2" + local branch="$3" + local repo_user="$4" + local repo_name="$5" + local api_token_file="$6" + + if [ ! -d "$git_repo_dir" ]; then + >&2 echo "Supplied directory does not exist." + return 1 + fi + if [[ -z "$branch" ]]; then + >&2 echo "No branch specified." + return 1 + fi + if [[ -z "$repo_user" ]]; then + >&2 echo "No repo username specified." + return 1 + fi + if [[ -z "$repo_name" ]]; then + >&2 echo "No repo name specified." + return 1 + fi + if [[ ! -f "$api_token_file" ]]; then + >&2 echo "API token file does not exist." + return 1 + fi + if [ ! -d "$ipxe_src_dir" ]; then + >&2 echo "IPXE supplied directory does not exist." + return 1 + fi + if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.lkrn" ]]; then + >&2 echo "IPXE lkrn build file does not exist." + return 1 + fi + if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.iso" ]]; then + >&2 echo "IPXE iso build file does not exist." + return 1 + fi + if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then + >&2 echo "IPXE sha256sums file does not exist." + return 1 + fi + + cd "$git_repo_dir" + + cat release_results.txt | grep ^HTTP/ | grep 201 >/dev/null + if [ $? -ne 0 ]; then + >&2 echo "The release info from the curl step cannot be found." + return 2 + fi + tail -n 1 release_results.txt | jq .id | grep -P '^(\d)+$' >/dev/null + if [ $? -ne 0 ]; then + >&2 echo "The release info from the curl step cannot be found." + return 2 + fi + + releaseid="$(tail -n 1 release_results.txt | jq .id)" + curl -X POST "https://git.bitmessage.org/api/v1/repos/${repo_user}/${repo_name}/releases/${releaseid}/assets?name=ipxe.iso" \ + -H "accept: application/json" \ + -H "Authorization: token $(cat $api_token_file)" \ + -i \ + -F "attachment=@${ipxe_src_dir}/src/bin/ipxe.iso" > release_iso.txt + + cat release_iso.txt | grep ^HTTP/ | grep 201 >/dev/null + if [ $? -ne 0 ]; then + >&2 echo "The upload of ipxe.iso as a release attachment failed." + return 2 + fi + tail -n 1 release_iso.txt | jq .id | grep -P '^(\d)+$' >/dev/null + if [ $? -ne 0 ]; then + >&2 echo "The upload of ipxe.iso as a release attachment failed." + return 2 + fi + + return 0 +} + +function upload_release_ipxe_shasums() { + local ipxe_src_dir="$1" + local git_repo_dir="$2" + local branch="$3" + local repo_user="$4" + local repo_name="$5" + local api_token_file="$6" + + if [ ! -d "$git_repo_dir" ]; then + >&2 echo "Supplied directory does not exist." + return 1 + fi + if [[ -z "$branch" ]]; then + >&2 echo "No branch specified." + return 1 + fi + if [[ -z "$repo_user" ]]; then + >&2 echo "No repo username specified." + return 1 + fi + if [[ -z "$repo_name" ]]; then + >&2 echo "No repo name specified." + return 1 + fi + if [[ ! -f "$api_token_file" ]]; then + >&2 echo "API token file does not exist." + return 1 + fi + if [ ! -d "$ipxe_src_dir" ]; then + >&2 echo "IPXE supplied directory does not exist." + return 1 + fi + if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.lkrn" ]]; then + >&2 echo "IPXE lkrn build file does not exist." + return 1 + fi + if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.iso" ]]; then + >&2 echo "IPXE iso build file does not exist." + return 1 + fi + if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then + >&2 echo "IPXE sha256sums file does not exist." + return 1 + fi + + cd "$git_repo_dir" + + cat release_results.txt | grep ^HTTP/ | grep 201 >/dev/null + if [ $? -ne 0 ]; then + >&2 echo "The release info from the curl step cannot be found." + return 2 + fi + tail -n 1 release_results.txt | jq .id | grep -P '^(\d)+$' >/dev/null + if [ $? -ne 0 ]; then + >&2 echo "The release info from the curl step cannot be found." + return 2 + fi + + releaseid="$(tail -n 1 release_results.txt | jq .id)" + curl -X POST "https://git.bitmessage.org/api/v1/repos/${repo_user}/${repo_name}/releases/${releaseid}/assets?name=SHA256SUMS" \ + -H "accept: application/json" \ + -H "Authorization: token $(cat $api_token_file)" \ + -i \ + -F "attachment=@${ipxe_src_dir}/src/bin/SHA256SUMS" > release_shasums.txt + + cat release_shasums.txt | grep ^HTTP/ | grep 201 >/dev/null + if [ $? -ne 0 ]; then + >&2 echo "The upload of ipxe SHA256SUMS as a release attachment failed." + return 2 + fi + tail -n 1 release_shasums.txt | jq .id | grep -P '^(\d)+$' >/dev/null + if [ $? -ne 0 ]; then + >&2 echo "The upload of ipxe SHA256SUMS as a release attachment failed." + return 2 + fi + + return 0 +} diff --git a/buildbot/ipxe_config_sed.sh b/buildbot/ipxe_config_sed.sh deleted file mode 100755 index a66996c..0000000 --- a/buildbot/ipxe_config_sed.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - - -if [[ ! $1 ]]; then - >&2 echo "No IPXE repo directory was supplied as an argument." - exit 1 -fi - - -# Enable required IPXE features - -sed -i 's/^\/\/\#define\ DOWNLOAD_PROTO_HTTPS/\#define\ DOWNLOAD_PROTO_HTTPS/g' "${1}/src/config/general.h" -sed -i 's/^\/\/\#define\ NSLOOKUP_CMD/\#define\ NSLOOKUP_CMD/g' "${1}/src/config/general.h" -sed -i 's/^\/\/\#define\ TIME_CMD/\#define\ TIME_CMD/g' "${1}/src/config/general.h" -sed -i 's/^\/\/\#define\ DIGEST_CMD/\#define\ DIGEST_CMD/g' "${1}/src/config/general.h" -sed -i 's/^\/\/\#define\ REBOOT_CMD/\#define\ REBOOT_CMD/g' "${1}/src/config/general.h" -sed -i 's/^\/\/\#define\ POWEROFF_CMD/\#define\ POWEROFF_CMD/g' "${1}/src/config/general.h" -sed -i 's/^\/\/\#define\ IMAGE_TRUST_CMD/\#define\ IMAGE_TRUST_CMD/g' "${1}/src/config/general.h" -sed -i 's/^\/\/\#define\ NTP_CMD/\#define\ NTP_CMD/g' "${1}/src/config/general.h" -sed -i 's/^\/\/\#define\ CERT_CMD/\#define\ CERT_CMD/g' "${1}/src/config/general.h" - -sed -i 's/^\#undef\ DOWNLOAD_PROTO_HTTPS/\#define\ DOWNLOAD_PROTO_HTTPS/g' "${1}/src/config/general.h" -sed -i 's/^\#undef\ NSLOOKUP_CMD/\#define\ NSLOOKUP_CMD/g' "${1}/src/config/general.h" -sed -i 's/^\#undef\ TIME_CMD/\#define\ TIME_CMD/g' "${1}/src/config/general.h" -sed -i 's/^\#undef\ DIGEST_CMD/\#define\ DIGEST_CMD/g' "${1}/src/config/general.h" -sed -i 's/^\#undef\ REBOOT_CMD/\#define\ REBOOT_CMD/g' "${1}/src/config/general.h" -sed -i 's/^\#undef\ POWEROFF_CMD/\#define\ POWEROFF_CMD/g' "${1}/src/config/general.h" -sed -i 's/^\#undef\ IMAGE_TRUST_CMD/\#define\ IMAGE_TRUST_CMD/g' "${1}/src/config/general.h" -sed -i 's/^\#undef\ NTP_CMD/\#define\ NTP_CMD/g' "${1}/src/config/general.h" -sed -i 's/^\#undef\ CERT_CMD/\#define\ CERT_CMD/g' "${1}/src/config/general.h" -