build/mkupdates/update-rules-3.3 - spamassassin - Git at Google

 #!/bin/bash
 #
 # TODO: this should share code with other scripts

 set -x

 cd /home/updatesd/svn/spamassassin

 . /etc/profile
 PERL=/local/perl586/bin/perl
 export PERL

 # download stage, where update tarballs are deposited for downloaders
 #
 stagedir=/var/www/buildbot.spamassassin.org/updatestage

 # directory where "0.2.3" and other version-specific files live.
 # it's assumed that the *real* zone $INCLUDEs files from this dir.
 # it must be writable by the user this script runs as.
 #
 # dev, testing:
 # dnsdir=/var/named/updates.dev.spamassassin.org.d
 # live:
 # dnsdir=/var/named/updates.spamassassin.org.d
 #
 dnsdir=/var/named/updates.spamassassin.org.d

 # directory where "counter", "soa_line.tmpl", "soa_line" live.
 # it's assumed that the *real* zone $INCLUDEs files from this dir.
 # it must be writable by the user this script runs as.
 #
 soadir=/var/named/spamassassin.org.d

 versions="$1.0"

 # ---------------------------------------------------------------------------

 make_tarball_for_version () {

   # to be honest, right now this is unused.
   version="$1"

   tmpdir=/home/updatesd/tmp/stage/$version
   rm -rf $tmpdir; mkdir -p $tmpdir         || exit $?

   # extract the new rules files.
   # use "make install" logic, since we want rules as close as possible
   # to what's installed
   make clean
   $PERL Makefile.PL PREFIX=$tmpdir < /dev/null || exit $?
   make  || exit $?

   # ensure the basic lint/rule-sanity test suite passes for this ruleset
   # before we build an update from it.  useful particularly to catch
   # "tflags nopublish" leakage (bug 6297)
   make test \
     TEST_FILES="t/basic_lint.t t/basic_lint_without_sandbox.t t/basic_meta.t" \
     || exit $?

   # remove the rules files for rules we won't be shipping
   rm rules/70_sandbox.cf rules/70_inactive.cf

   # double check we still lint without those 2 files
   ./spamassassin --lint                   || exit $?

   rulesdir=`pwd`/rules
   cd $rulesdir
   tar cvzf $tmpdir/update.tgz  *.cf  || exit $?

   # ensure non-empty
   [ -s $tmpdir/update.tgz ] || exit 3

   linttmp=$tmpdir/lintdir
   rm -rf $linttmp
   mkdir $linttmp
   cd $linttmp
   # check validity of tarball; also extract
   gunzip -cd < $tmpdir/update.tgz | tar xf - || exit $?

   sitetmp=$tmpdir/sitetmp
   rm -rf $sitetmp
   mkdir $sitetmp
   cp rules/*.pre $sitetmp

   # now, ensure the ruleset (entirely as distributed) lints, also.
   # use "-p /dev/null" so any user_prefs data is ignored.
   ./spamassassin -x --configpath=$linttmp --siteconfigpath=$sitetmp \
      -p /dev/null --lint || exit $?

   # sign and get sums
   gpg --batch --homedir /home/updatesd/key -bas $tmpdir/update.tgz || exit $?

   shasum -a 1 $tmpdir/update.tgz > $tmpdir/update.tgz.sha1  || exit $?
   shasum -a 256 $tmpdir/update.tgz > $tmpdir/update.tgz.sha256  || exit $?
   shasum -a 512 $tmpdir/update.tgz > $tmpdir/update.tgz.sha512  || exit $?

   # get SVN revision number.
   # note: use 'Last Changed Rev' instead of 'Revision'.  Because we share
   # an SVN repository with other projects, this means that the same
   # rev of *our* codebase may appear under multiple rev#s, as other projects
   # check their changes in.

   tagstamp=`date "+%Y%m%d%H%M%S"`
   tagurl=https://svn.apache.org/repos/asf/spamassassin/tags/sa-update_${version}_${tagstamp}

   # this svn copy is critical, to ensure each version's tarball has a different
   # rev#.  if you remove it, we need to prefix the version# to the svnrev# in
   # the filenames instead so each version doesn't clobber others.
   svn update
   svn copy -m "tagging latest update release for $VERS" . $tagurl < /dev/null

   (
     rm -rf tmpcheckout
     svn co $tagurl tmpcheckout && svn info tmpcheckout
     rm -rf tmpcheckout
   ) < /dev/null > $tmpdir/svn 2>&1 || exit $?

   svnrev=`(grep 'Last Changed Rev: ' $tmpdir/svn || exit 1) | sed -e 's/^.*: //'`

   if [ "$svnrev" == "" ] ; then
     echo "missing SVN revision"
     cat $tmpdir/svn
     exit 5
   fi

   if [ "$svnrev" -lt 1 ] ; then
     echo "bad SVN revision: $svnrev"
     cat $tmpdir/svn
     exit 5
   fi

   mv $tmpdir/update.tgz      $stagedir/$svnrev.tar.gz            || exit $?
   mv $tmpdir/update.tgz.sha1 $stagedir/$svnrev.tar.gz.sha1       || exit $?
   mv $tmpdir/update.tgz.sha256 $stagedir/$svnrev.tar.gz.sha256       || exit $?
   mv $tmpdir/update.tgz.sha512 $stagedir/$svnrev.tar.gz.sha512       || exit $?
   mv $tmpdir/update.tgz.asc  $stagedir/$svnrev.tar.gz.asc        || exit $?

   chmod 644 $stagedir/$svnrev.*

   # next, create the new DNS record....

   # turn "3.2.0" into "0.2.3"
   rvers=`echo "$version" | perl -pe 's/^(\d+)\.(\d+)\.(\d+)$/$3.$2.$1/'`

   dnsfile="$dnsdir/$version"
   if echo "
 $rvers	TXT	\"$svnrev\"
 " > $dnsfile.new
   then
     mv $dnsfile.new $dnsfile || exit $?
   else
     echo "failed to create $dnsfile.new" 1>&2 ; exit 1
   fi

   # increment the zone serial.
   ./build/mkupdates/tick_zone_serial || exit $?
 }

 # ---------------------------------------------------------------------------

 [ -d $stagedir ] || echo "no stagedir" 1>&2
 [ -d $stagedir ] || exit 6

 for version in $versions ; do
   make_tarball_for_version $version
 done
	#!/bin/bash
	#
	# TODO: this should share code with other scripts

	set -x

	cd /home/updatesd/svn/spamassassin

	. /etc/profile
	PERL=/local/perl586/bin/perl
	export PERL

	# download stage, where update tarballs are deposited for downloaders
	#
	stagedir=/var/www/buildbot.spamassassin.org/updatestage

	# directory where "0.2.3" and other version-specific files live.
	# it's assumed that the real zone $INCLUDEs files from this dir.
	# it must be writable by the user this script runs as.
	#
	# dev, testing:
	# dnsdir=/var/named/updates.dev.spamassassin.org.d
	# live:
	# dnsdir=/var/named/updates.spamassassin.org.d
	#
	dnsdir=/var/named/updates.spamassassin.org.d

	# directory where "counter", "soa_line.tmpl", "soa_line" live.
	# it's assumed that the real zone $INCLUDEs files from this dir.
	# it must be writable by the user this script runs as.
	#
	soadir=/var/named/spamassassin.org.d

	versions="$1.0"

	# ---------------------------------------------------------------------------

	make_tarball_for_version () {

	# to be honest, right now this is unused.
	version="$1"

	tmpdir=/home/updatesd/tmp/stage/$version
	rm -rf $tmpdir; mkdir -p $tmpdir \|\| exit $?

	# extract the new rules files.
	# use "make install" logic, since we want rules as close as possible
	# to what's installed
	make clean
	$PERL Makefile.PL PREFIX=$tmpdir < /dev/null \|\| exit $?
	make \|\| exit $?

	# ensure the basic lint/rule-sanity test suite passes for this ruleset
	# before we build an update from it. useful particularly to catch
	# "tflags nopublish" leakage (bug 6297)
	make test \
	TEST_FILES="t/basic_lint.t t/basic_lint_without_sandbox.t t/basic_meta.t" \
	\|\| exit $?

	# remove the rules files for rules we won't be shipping
	rm rules/70_sandbox.cf rules/70_inactive.cf

	# double check we still lint without those 2 files
	./spamassassin --lint \|\| exit $?

	rulesdir=`pwd`/rules
	cd $rulesdir
	tar cvzf $tmpdir/update.tgz *.cf \|\| exit $?

	# ensure non-empty
	[ -s $tmpdir/update.tgz ] \|\| exit 3

	linttmp=$tmpdir/lintdir
	rm -rf $linttmp
	mkdir $linttmp
	cd $linttmp
	# check validity of tarball; also extract
	gunzip -cd < $tmpdir/update.tgz \| tar xf - \|\| exit $?

	sitetmp=$tmpdir/sitetmp
	rm -rf $sitetmp
	mkdir $sitetmp
	cp rules/*.pre $sitetmp

	# now, ensure the ruleset (entirely as distributed) lints, also.
	# use "-p /dev/null" so any user_prefs data is ignored.
	./spamassassin -x --configpath=$linttmp --siteconfigpath=$sitetmp \
	-p /dev/null --lint \|\| exit $?

	# sign and get sums
	gpg --batch --homedir /home/updatesd/key -bas $tmpdir/update.tgz \|\| exit $?

	shasum -a 1 $tmpdir/update.tgz > $tmpdir/update.tgz.sha1 \|\| exit $?
	shasum -a 256 $tmpdir/update.tgz > $tmpdir/update.tgz.sha256 \|\| exit $?
	shasum -a 512 $tmpdir/update.tgz > $tmpdir/update.tgz.sha512 \|\| exit $?

	# get SVN revision number.
	# note: use 'Last Changed Rev' instead of 'Revision'. Because we share
	# an SVN repository with other projects, this means that the same
	# rev of our codebase may appear under multiple rev#s, as other projects
	# check their changes in.

	tagstamp=`date "+%Y%m%d%H%M%S"`
	tagurl=https://svn.apache.org/repos/asf/spamassassin/tags/sa-update_${version}_${tagstamp}

	# this svn copy is critical, to ensure each version's tarball has a different
	# rev#. if you remove it, we need to prefix the version# to the svnrev# in
	# the filenames instead so each version doesn't clobber others.
	svn update
	svn copy -m "tagging latest update release for $VERS" . $tagurl < /dev/null

	(
	rm -rf tmpcheckout
	svn co $tagurl tmpcheckout && svn info tmpcheckout
	rm -rf tmpcheckout
	) < /dev/null > $tmpdir/svn 2>&1 \|\| exit $?

	svnrev=`(grep 'Last Changed Rev: ' $tmpdir/svn \|\| exit 1) \| sed -e 's/^.*: //'`

	if [ "$svnrev" == "" ] ; then
	echo "missing SVN revision"
	cat $tmpdir/svn
	exit 5
	fi

	if [ "$svnrev" -lt 1 ] ; then
	echo "bad SVN revision: $svnrev"
	cat $tmpdir/svn
	exit 5
	fi

	mv $tmpdir/update.tgz $stagedir/$svnrev.tar.gz \|\| exit $?
	mv $tmpdir/update.tgz.sha1 $stagedir/$svnrev.tar.gz.sha1 \|\| exit $?
	mv $tmpdir/update.tgz.sha256 $stagedir/$svnrev.tar.gz.sha256 \|\| exit $?
	mv $tmpdir/update.tgz.sha512 $stagedir/$svnrev.tar.gz.sha512 \|\| exit $?
	mv $tmpdir/update.tgz.asc $stagedir/$svnrev.tar.gz.asc \|\| exit $?

	chmod 644 $stagedir/$svnrev.*

	# next, create the new DNS record....

	# turn "3.2.0" into "0.2.3"
	rvers=`echo "$version" \| perl -pe 's/^(\d+)\.(\d+)\.(\d+)$/$3.$2.$1/'`

	dnsfile="$dnsdir/$version"
	if echo "
	$rvers TXT \"$svnrev\"
	" > $dnsfile.new
	then
	mv $dnsfile.new $dnsfile \|\| exit $?
	else
	echo "failed to create $dnsfile.new" 1>&2 ; exit 1
	fi

	# increment the zone serial.
	./build/mkupdates/tick_zone_serial \|\| exit $?
	}

	# ---------------------------------------------------------------------------

	[ -d $stagedir ] \|\| echo "no stagedir" 1>&2
	[ -d $stagedir ] \|\| exit 6

	for version in $versions ; do
	make_tarball_for_version $version
	done