commit: 3d94919dde6b42b619289f49b05b1e5a00ee9a54 Author: Jason Zaman <perfinion <AT> gentoo <DOT> org> AuthorDate: Sun Jan 10 20:19:19 2021 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Jan 10 20:19:19 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=3d94919d
gentoo: Update release scripts Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> gentoo/release-prepare.sh | 142 +++++++++++++++++++++++--------------------- gentoo/release-userspace.sh | 80 +++++++++++++------------ 2 files changed, 115 insertions(+), 107 deletions(-) diff --git a/gentoo/release-prepare.sh b/gentoo/release-prepare.sh index d8b69bbe..28dc4972 100644 --- a/gentoo/release-prepare.sh +++ b/gentoo/release-prepare.sh @@ -1,128 +1,134 @@ #!/bin/sh # Copyright 2013,2014 Sven Vermeulen <[email protected]> +# Copyright 2014-2021 Jason Zaman <[email protected]> # Licensed under the GPL-3 license # Prepare new policy release -TRANSLATE="s:\(${HARDENEDREFPOL}\|${REFPOLRELEASE}\):refpolicy/:g"; -NEWVERSION="${1}"; +TRANSLATE="s:\(${HARDENEDREFPOL%/}/\|${REFPOLRELEASE%/}/\):refpolicy/:g" +NEWVERSION="${1}" # If remote requires a different username, it should be set in ~/.ssh/config -REMOTELOCATION="dev.gentoo.org:/home/perfinion/public_html/patches/selinux-base-policy"; +REMOTELOCATION="dev.gentoo.org:/home/perfinion/public_html/patches/selinux-base-policy" usage() { - echo "Usage: $0 <newversion>"; - echo ""; + echo "Usage: $0 <newversion>" + echo "" echo "Example: $0 2.20140311-r5" - echo ""; - echo "The script will copy the live ebuilds towards the"; + echo "" + echo "The script will copy the live ebuilds towards the" echo "<newversion>." - echo ""; - echo "The following environment variables must be declared correctly for the script"; - echo "to function properly:"; - echo " - GENTOOX86 should point to the gentoo-x86 checkout"; - echo " E.g. export GENTOOX86=\"/home/user/dev/gentoo-x86/\""; - echo " - HARDENEDREFPOL should point to the hardened-refpolicy.git checkout"; - echo " E.g. export HARDENEDREFPOL=\"/home/user/dev/hardened-refpolicy/\""; + echo "" + echo "The following environment variables must be declared correctly for the script" + echo "to function properly:" + echo " - GENTOOX86 should point to the gentoo-x86 checkout" + echo " E.g. export GENTOOX86=\"/var/db/repos/gentoo\"" + echo " - HARDENEDREFPOL should point to the hardened-refpolicy.git checkout" + echo " E.g. export HARDENEDREFPOL=\"/home/user/dev/hardened-refpolicy\"" echo " - REFPOLRELEASE should point to the current latest /release/ of the reference" echo " policy (so NOT to a checkout), extracted somewhere on the file system." - echo " E.g. export REFPOLRELEASE=\"/home/user/local/refpolicy-20130424/\""; + echo " E.g. export REFPOLRELEASE=\"/home/user/local/refpolicy-20130424\"" } assertDirEnvVar() { - VARNAME="${1}"; - eval VARVALUE='$'${VARNAME}; - if [ -z "${VARVALUE}" ] || [ ! -d "${VARVALUE}" ]; + VARNAME="${1}" + eval VARVALUE='$'${VARNAME} + if [ -z "${VARVALUE}" ] || [ ! -d "${VARVALUE}" ] then - echo "Variable ${VARNAME} (value \"${VARVALUE}\") does not point to a valid directory."; - exit 1; + echo "Variable ${VARNAME} (value \"${VARVALUE}\") does not point to a valid directory." + exit 1 fi } # cleanTmp - Clean up TMPDIR cleanTmp() { - if [ -z "${NOCLEAN}" ]; + if [ -z "${NOCLEAN}" ] then - echo "Not cleaning TMPDIR (${TMPDIR}) upon request."; + echo "Not cleaning TMPDIR (${TMPDIR}) upon request." else [ -d "${TMPDIR}" ] && [ -f "${TMPDIR}/.istempdir" ] && rm -rf "${TMPDIR}" fi } die() { - printf "\n"; - echo "!!! $*"; - cleanTmp; - exit 2; -}; + printf "\n" + echo "!!! $*" + cleanTmp + exit 2 +} # buildpatch - Create the patch set to be applied for the new release buildpatch() { - printf "Creating patch 0001-full-patch-against-stable-release.patch... "; - diff -uNr -x ".git*" -x "CVS" -x "*.autogen*" -x "*.part" ${REFPOLRELEASE} ${HARDENEDREFPOL} | sed -e ${TRANSLATE} > ${TMPDIR}/0001-full-patch-against-stable-release.patch || die "Failed to create patch"; + printf "Creating patch 0001-full-patch-against-stable-release.patch... " + diff -uNr -x ".git*" -x "CVS" -x "*.autogen*" -x "*.part" ${REFPOLRELEASE} ${HARDENEDREFPOL} | sed -e ${TRANSLATE} > ${TMPDIR}/0001-full-patch-against-stable-release.patch || die "Failed to create patch" printf "done\n" - printf "Creating patch bundle for ${NEWVERSION}... "; - cd ${TMPDIR}; - tar cvjf patchbundle-selinux-base-policy-${NEWVERSION}.tar.bz2 *.patch > /dev/null 2>&1 || die "Failed to create patchbundle"; - printf "done\n"; + printf "Creating patch bundle for ${NEWVERSION}... " + cd ${TMPDIR} || die + tar cvjf patchbundle-selinux-base-policy-${NEWVERSION}.tar.bz2 *.patch > /dev/null 2>&1 || die "Failed to create patchbundle" + printf "done\n" - . /etc/portage/make.conf; - printf "Copying patch bundle into ${DISTDIR} location and dev.g.o... "; - cp patchbundle-selinux-base-policy-${NEWVERSION}.tar.bz2 ${DISTDIR} || die "Failed to copy patchbundle to ${DISTDIR}"; - scp patchbundle-selinux-base-policy-${NEWVERSION}.tar.bz2 ${REMOTELOCATION} > /dev/null 2>&1 || die "Failed to scopy patchbundle to ${REMOTELOCATION}"; - printf "done\n"; + printf "Copying patch bundle into ${DISTDIR} location and dev.g.o... " + cp patchbundle-selinux-base-policy-${NEWVERSION}.tar.bz2 ${DISTDIR} || die "Failed to copy patchbundle to ${DISTDIR}" + scp patchbundle-selinux-base-policy-${NEWVERSION}.tar.bz2 ${REMOTELOCATION} > /dev/null 2>&1 || die "Failed to scopy patchbundle to ${REMOTELOCATION}" + printf "done\n" } # Create (or modify) the new ebuilds createEbuilds() { - cd ${GENTOOX86}/sec-policy; - printf "Removing old patchbundle references in Manifest (in case of rebuild)... "; - for PKG in selinux-*; + cd ${GENTOOX86}/sec-policy + printf "Removing old patchbundle references in Manifest (in case of rebuild)... " + for PKG in selinux-* do - [[ -f "${PKG}/Manifest}" ]] || continue; - sed -i -e "/patchbundle-selinux-base-policy-${NEWVERSION}/d" ${PKG}/Manifest; + [[ -f "${PKG}/Manifest}" ]] || continue + sed -i -e "/patchbundle-selinux-base-policy-${NEWVERSION}/d" ${PKG}/Manifest || die "Failed to clear Manifest" done - printf "done\n"; + printf "done\n" - printf "Creating new ebuilds based on 9999 version... "; - for PKG in selinux-*; + printf "Creating new ebuilds based on 9999 version... " + for PKG in selinux-* do - [[ -f "${PKG}/${PKG}-9999.ebuild" ]] || continue; - cp ${PKG}/${PKG}-9999.ebuild ${PKG}/${PKG}-${NEWVERSION}.ebuild; - sed -i "s/Copyright 1999-201. Gentoo .*/Copyright 1999-$(date '+%Y') Gentoo Authors/" ${PKG}/${PKG}-${NEWVERSION}.ebuild; + [[ -f "${PKG}/${PKG}-9999.ebuild" ]] || continue + cp ${PKG}/${PKG}-9999.ebuild ${PKG}/${PKG}-${NEWVERSION}.ebuild || die "Failed to copy ebuild" + + # Update copyright year + sed -i "s/Copyright 1999-20.. Gentoo .*/Copyright 1999-$(date '+%Y') Gentoo Authors/" \ + ${PKG}/${PKG}-${NEWVERSION}.ebuild || die "Failed to update header" done - printf "done\n"; + printf "done\n" } # Create and push tag for new release tagRelease() { - printf "Creating tag ${NEWVERSION} in our repository... "; - cd ${HARDENEDREFPOL}; - git tag -a ${NEWVERSION} -m "Release set of ${NEWVERSION}" --sign > /dev/null 2>&1 || die "Failed to create tag"; - printf "done\n"; -}; + printf "Creating tag ${NEWVERSION} in our repository... " + cd ${HARDENEDREFPOL} || die + git tag -a ${NEWVERSION} -m "Release set of ${NEWVERSION}" --sign > /dev/null 2>&1 || die "Failed to create tag" + printf "done\n" +} -if [ $# -ne 1 ]; +if [ $# -ne 1 ] then - usage; - exit 3; + usage + exit 3 fi +DISTDIR=$(portageq distdir) + # Assert that all needed information is available -assertDirEnvVar GENTOOX86; -assertDirEnvVar HARDENEDREFPOL; -assertDirEnvVar REFPOLRELEASE; +assertDirEnvVar DISTDIR +assertDirEnvVar GENTOOX86 +assertDirEnvVar HARDENEDREFPOL +assertDirEnvVar REFPOLRELEASE -TMPDIR=$(mktemp -d); -touch ${TMPDIR}/.istempdir; +TMPDIR=$(mktemp -dt refpol.XXXXXXXXXX) +touch ${TMPDIR}/.istempdir # Build the patch -buildpatch; +buildpatch # Create ebuilds -createEbuilds; +createEbuilds # Tag release -tagRelease; +tagRelease cat << EOF The release has now been prepared. @@ -135,7 +141,7 @@ $ repoman --digest=y full Then, before finally committing - do a run yourself, ensuring that the right version is deployed of course: -# emerge -v1 @selinux-rebuild +# emerge -av1 @selinux-rebuild Only then do: $ repoman commit -m 'sec-policy: Release of SELinux policies ${NEWVERSION}' @@ -145,4 +151,4 @@ In ${HARDENEDREFPOL} do: $ git push origin --tags EOF -cleanTmp; +cleanTmp diff --git a/gentoo/release-userspace.sh b/gentoo/release-userspace.sh index f9473260..f1db4d38 100644 --- a/gentoo/release-userspace.sh +++ b/gentoo/release-userspace.sh @@ -1,11 +1,11 @@ #!/bin/sh # Copyright 2013,2014 Sven Vermeulen <[email protected]> -# Copyright 2017-2018 Jason Zaman <[email protected]> +# Copyright 2017-2021 Jason Zaman <[email protected]> # Licensed under the GPL-3 license -RELEASEDATE="${1}"; -NEWVERSION="${2}"; +RELEASEDATE="${1}" +NEWVERSION="${2}" PACKAGES=" sys-libs/libsepol @@ -23,34 +23,34 @@ sys-apps/restorecond # dev-python/sepolgen became selinux-python in 2.7 release usage() { - echo "Usage: $0 <release date> <newversion>"; - echo ""; + echo "Usage: $0 <release date> <newversion>" + echo "" echo "Example: $0 20170101 2.7_rc1" - echo ""; - echo "The script will update the live ebuilds then copy towards the"; + echo "" + echo "The script will update the live ebuilds then copy towards the" echo "<newversion>." - echo ""; - echo "The following environment variables must be declared correctly for the script"; - echo "to function properly:"; - echo " - GENTOOX86 should point to the gentoo-x86 checkout"; - echo " E.g. export GENTOOX86=\"/usr/portage/\""; + echo "" + echo "The following environment variables must be declared correctly for the script" + echo "to function properly:" + echo " - GENTOOX86 should point to the gentoo-x86 checkout" + echo " E.g. export GENTOOX86=\"/usr/portage\"" } assertDirEnvVar() { - VARNAME="${1}"; - eval VARVALUE='$'${VARNAME}; - if [ -z "${VARVALUE}" ] || [ ! -d "${VARVALUE}" ]; + VARNAME="${1}" + eval VARVALUE='$'${VARNAME} + if [ -z "${VARVALUE}" ] || [ ! -d "${VARVALUE}" ] then - echo "Variable ${VARNAME} (value \"${VARVALUE}\") does not point to a valid directory."; - exit 1; + echo "Variable ${VARNAME} (value \"${VARVALUE}\") does not point to a valid directory." + exit 1 fi } die() { - printf "\n"; - echo "!!! Error: $*"; - exit 2; -}; + printf "\n" + echo "!!! Error: $*" + exit 2 +} # set the release date in the live ebuilds so it will be correct when copying to the new version setLiveReleaseDate() { @@ -59,18 +59,18 @@ setLiveReleaseDate() { cd ${GENTOOX86} echo "Setting release date var in live ebuilds... " - for PKG in $PACKAGES; + for PKG in $PACKAGES do cd "${GENTOOX86}/${PKG}" PN="${PKG#*/}" - [[ -f "${PN}-9999.ebuild" ]] || continue; + [[ -f "${PN}-9999.ebuild" ]] || continue # make sure the tree is clean so we dont commit anything else by mistake [[ -z "$(git status --porcelain -- .)" ]] || die git diff --cached --exit-code >/dev/null 2>&1 || die "Uncommitted changes" # update header and release date - sed -i "s@Copyright 1999-201. Gentoo .*@Copyright 1999-$(date '+%Y') Gentoo Authors@" "${PN}-9999.ebuild" + sed -i "s@Copyright 1999-20.. Gentoo .*@Copyright 1999-$(date '+%Y') Gentoo Authors@" "${PN}-9999.ebuild" sed -i "/^MY_RELEASEDATE=/s/.*/MY_RELEASEDATE=\"${RELEASEDATE}\"/" "${PN}-9999.ebuild" sed -i "/SRC_URI/[email protected]/wiki/SELinuxProject/selinux/files/[email protected]/SELinuxProject/selinux/releases/download@" "${PN}-9999.ebuild" @@ -81,7 +81,8 @@ setLiveReleaseDate() { git add "${PN}-9999.ebuild" git --no-pager diff --cached repoman -q full - if [[ $? -eq 0 ]]; then + if [[ $? -eq 0 ]] + then repoman -q commit -m "$PKG: update live ebuild" else git reset -- . @@ -94,48 +95,49 @@ setLiveReleaseDate() { createEbuilds() { local PKG local PN - cd ${GENTOOX86} + cd ${GENTOOX86} || die echo "Creating new ebuilds based on 9999 version... " - for PKG in $PACKAGES; + for PKG in $PACKAGES do - cd "${GENTOOX86}/${PKG}" + cd "${GENTOOX86}/${PKG}" || die PN="${PKG#*/}" [[ -f "${PN}-9999.ebuild" ]] || continue [[ -f "Manifest" ]] || continue # make sure the tree is clean so we dont commit anything else by mistake - [[ -z "$(git status --porcelain -- .)" ]] || die + [[ -z "$(git status --porcelain -- .)" ]] || die "Uncommitted changes" git diff --cached --exit-code >/dev/null 2>&1 || die "Uncommitted changes" sed -i -e "/${PN}-${NEWVERSION//_/-}/d" Manifest || die cp ${PN}-9999.ebuild ${PN}-${NEWVERSION}.ebuild || die - repoman -q manifest - git add Manifest ${PN}-${NEWVERSION}.ebuild + repoman -q manifest || die + git add Manifest ${PN}-${NEWVERSION}.ebuild || die #git --no-pager diff --cached repoman -q full - if [[ $? -eq 0 ]]; then - repoman -q commit -m "$PKG: bump to ${NEWVERSION}" + if [[ $? -eq 0 ]] + then + repoman -q commit -m "$PKG: bump to ${NEWVERSION}" || die else - git reset -- . + git reset -- . || die fi done echo -e "\ndone ${PN}\n" } -if [ $# -ne 2 ]; +if [ $# -ne 2 ] then - usage; - exit 3; + usage + exit 3 fi # Assert that all needed information is available -assertDirEnvVar GENTOOX86; +assertDirEnvVar GENTOOX86 setLiveReleaseDate # Create ebuilds -createEbuilds; +createEbuilds
