diff options
| author |   Andreas K. Hüttel <dilfridge@gentoo.org> | 2023-08-07 23:21:04 +0200 |
|---|---|---|
| committer | Andreas K. Hüttel <dilfridge@gentoo.org> | 2023-08-07 23:21:04 +0200 |
| commit | 2efd06fc919511d47dfd87514c21495f54da6673 (patch) | |
| tree | 837c4072daf577fcb7d41f76c3ea9488afab451f | |
| parent | Add some more silence (diff) | |
| download | binhost-2efd06fc919511d47dfd87514c21495f54da6673.tar.gz binhost-2efd06fc919511d47dfd87514c21495f54da6673.tar.bz2 binhost-2efd06fc919511d47dfd87514c21495f54da6673.zip | |
Add upsync functionality
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
| -rwxr-xr-x | builders/demeter/binhost-update | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/builders/demeter/binhost-update b/builders/demeter/binhost-update index 44c43fe..caa80e8 100755 --- a/builders/demeter/binhost-update +++ b/builders/demeter/binhost-update @@ -13,6 +13,10 @@ NSPAWN_NAMES="binhost-amd64-x86-64 binhost-amd64-x86-64-gnome" MAX_HARMLESS=150 +UPLOAD_USER=amd64 +UPLOAD_KEY=/root/.ssh/id_rsa + + send_email() { local subject="[binhost ${BINHOST_NAME}] $1" local message=$2 @@ -30,6 +34,48 @@ send_email() { /usr/sbin/sendmail -f "${EMAIL_FROM}" ${EMAIL_TO//,/ } } +upsync_binpackages() { + # parameter 1: a PKGDIR on the local host + # parameter 2: the target dir in the mirroring system, should be of the + # form arch/profileversion/name (e.g., amd64/17.0/x32 ) + echo Upsyncing binpackages from $1 to $2 + local SSH_CMD=( + ssh + -i ${UPLOAD_KEY} + -o UserKnownHostsFile=/dev/null + -o VerifyHostKeyDNS=yes + -o StrictHostKeyChecking=no + -o IPQoS=cs0 + ) + local RSYNC_OPTS=( + -e "${SSH_CMD[*]}" + --archive + --delete + --delete-after + --omit-dir-times + --delay-updates + --mkpath + ) + rsync "${RSYNC_OPTS[@]}" "$1"/* "${UPLOAD_USER}@releng-incoming.gentoo.org:/release/weekly/binpackages/$2/" +} + +verify_dnssec() { + which dig >/dev/null || { + echo "net-dns/bind-tools is needed to verify DNSSEC is working" + exit 1 + } + + if ! dig +noall +comments dev.gentoo.org. IN SSHFP | egrep -q '^;; flags: [ a-z]+\<ad\>'; then + echo "DNSSEC does not appear to be working. Bailing out" + exit 1 + fi + + if ! grep -q '^options\>.*\<edns0\>' /etc/resolv.conf; then + echo "DNSSEC is not enabled in /etc/resolv.conf" + exit 1 + fi +} + if [[ -f ${LOCKFILE} ]] ; then @@ -38,6 +84,9 @@ if [[ -f ${LOCKFILE} ]] ; then fi touch ${LOCKFILE} || exit 112 +verify_dnssec + + echo Starting run at $(date -u) > ${TMPFILE} @@ -51,6 +100,9 @@ for n in ${NSPAWN_NAMES} ; do done +upsync_binpackages /var/lib/machines/binhost-amd64-x86-64/var/cache/binpkgs amd64/17.1/x86-64 &>> ${TMPFILE} + + if [[ $(wc -l ${TMPFILE} | sed -e 's: .*$::g') -gt ${MAX_HARMLESS} ]] ; then send_email "Update possibly failed" "Binhost ${BINHOST_NAME} update produced long output" ${TMPFILE} |