rafeOS/rafeOS
1
0
Fork 0
Code Actions Packages Releases Activity
rafeOS/prepare-release-upload.sh
Tobias Strobel 3630d25d6e Test sysexts
2024-03-04 21:54:10 +01:00

116 lines
4.3 KiB
Bash
Executable file
Raw Permalink Blame History

#!/bin/bash
set -eu
IMAGE_ID="rafeOS"
IMAGE_VARIANT="server"
# rafeOS release signing key <rafeos-release@rafe.li>
GPG_SIGNING_KEY="497B1B17BEE53D5DF0AE833F60775900DDDFAA67"
# Check if script is run as root
if [ "$(id -u)" -ne 0 ]; then
echo "Error: This script must be run as root (use sudo)."
exit 1
fi
# Check if a directory path is provided
if [ $# -lt 1 ]; then
echo "Error: Please provide the path to the directory containing raw disk image files as the first parameter."
exit 1
fi
# Set the output directory and get its absolute path
output_directory=$(realpath "$1")
# Check if the version string is provided as the second argument
if [ $# -lt 2 ]; then
# Determine the latest semver version from the files in the directory
latest_raw_file=$(find "$output_directory" -maxdepth 1 -type f -name "${IMAGE_ID}-${IMAGE_VARIANT}_*.raw" | \
grep -E "${IMAGE_ID}-${IMAGE_VARIANT}_([0-9]+\.[0-9]+\.[0-9]+)\.raw" | \
sort -V | tail -n 1)
if [ -n "$latest_raw_file" ]; then
version_string=$(basename "$latest_raw_file" | sed -n "s/${IMAGE_ID}-${IMAGE_VARIANT}_\([0-9]*\.[0-9]*\.[0-9]*\)\.raw/\1/p")
else
echo "Error: No raw disk image files found in the directory."
exit 1
fi
else
version_string="$2"
fi
# Check if the version string is not empty
if [ -z "$version_string" ]; then
echo "Error: Unable to determine the version string."
exit 1
fi
# Run systemd-dissect on the raw disk image file and save the json output
json_output=$(systemd-dissect "$output_directory/${IMAGE_ID}-${IMAGE_VARIANT}_$version_string.raw" --json=short)
# Extract partition UUIDs for each partition type using jq
declare -A partition_uuids
partition_types=("usr" "usr-verity" "usr-verity-sig")
for partition_type in $(echo "${partition_types[@]}" | tr ' ' '\n' | sort); do
partition_uuid=$(echo "$json_output" | jq -r '.mounts[] | select(.designator == "'"$partition_type"'") | .partition_uuid')
partition_uuids["$partition_type"]=$partition_uuid
done
## Output the content of the array as a table
#echo -e "Partition Type\tUUID"
#for partition_type in $(echo "${!partition_uuids[@]}" | tr ' ' '\n' | sort); do
# uuid=${partition_uuids["$partition_type"]}
# echo -e "$partition_type\t$uuid"
#done
echo "Rename and source the files in the output directory..."
for file in "$output_directory/${IMAGE_ID}-${IMAGE_VARIANT}_$version_string".*; do
if [[ -f $file ]]; then
# Extract the file extension
extension="${file##*.}"
# Check if the file is one of the raw partitions that needs renaming
if [[ $extension == "raw" && $file =~ $version_string\.([^.]+)\.raw$ ]]; then
partition_type="${BASH_REMATCH[1]}"
# Check if the partition type is in the array
if [[ -n "${partition_uuids[$partition_type]}" ]]; then
new_filename="${IMAGE_ID}-${IMAGE_VARIANT}_${version_string}_${partition_uuids[$partition_type]}.$partition_type.raw"
mv "$file" "$output_directory/$new_filename"
echo "Renamed: $file -> $new_filename"
else
echo "Error: Partition type $partition_type not found in partition_uuids array."
fi
fi
fi
done
# Create a new directory for the release
release_directory="$output_directory/release-v$version_string"
mkdir -p "$release_directory"
# Move all files of the release to the new directory
mv "$output_directory/${IMAGE_ID}-${IMAGE_VARIANT}_$version_string."* "$release_directory/"
cd "$release_directory/"
echo "Compress files via xz..."
for file in "${IMAGE_ID}-${IMAGE_VARIANT}_$version_string".raw \
"${IMAGE_ID}-${IMAGE_VARIANT}_$version_string"_{*.usr.raw,*.usr-verity.raw,*.usr-verity-sig.raw} \
"${IMAGE_ID}-${IMAGE_VARIANT}_$version_string".efi; do
if [[ -f "$file" ]]; then
xz --verbose --threads=0 "$file"
echo "Compressed: $file -> $file.xz"
fi
done
# Delete unneeded files
rm -f "${IMAGE_ID}-server_$version_string".{initrd,vmlinuz,changelog}
echo "Calculate SHA256 checksums for all files in the release directory..."
sha256sum * > "SHA256SUMS"
echo "Sign the SHA256SUMS file with a detached signature..."
gpg --default-key "$GPG_SIGNING_KEY" --output "SHA256SUMS.gpg" --detach-sign "SHA256SUMS"
echo "Release for image version $version_string is ready in $release_directory!"
View git blame Copy permalink