Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/gentoo/release-prepare.sh
blob: 28dc497289762520684cec9bb02b2bba43cd49ff (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

#!/bin/sh

# Copyright 2013,2014 Sven Vermeulen <swift@gentoo.org>
# Copyright 2014-2021 Jason Zaman <perfinion@gentoo.org>
# Licensed under the GPL-3 license

# Prepare new policy release

TRANSLATE="s:\(${HARDENEDREFPOL%/}/\|${REFPOLRELEASE%/}/\):refpolicy/:g"
NEWVERSION="${1}"
# If remote requires a different username, it should be set in ~/.ssh/config
REMOTELOCATION="dev.gentoo.org:/home/perfinion/public_html/patches/selinux-base-policy"

usage() {
  echo "Usage: $0 <newversion>"
  echo ""
  echo "Example: $0 2.20140311-r5"
  echo ""
  echo "The script will copy the live ebuilds towards the"
  echo "<newversion>."
  echo ""
  echo "The following environment variables must be declared correctly for the script"
  echo "to function properly:"
  echo "  - GENTOOX86 should point to the gentoo-x86 checkout"
  echo "    E.g. export GENTOOX86=\"/var/db/repos/gentoo\""
  echo "  - HARDENEDREFPOL should point to the hardened-refpolicy.git checkout"
  echo "    E.g. export HARDENEDREFPOL=\"/home/user/dev/hardened-refpolicy\""
  echo "  - REFPOLRELEASE should point to the current latest /release/ of the reference"
  echo "    policy (so NOT to a checkout), extracted somewhere on the file system."
  echo "    E.g. export REFPOLRELEASE=\"/home/user/local/refpolicy-20130424\""
}

assertDirEnvVar() {
  VARNAME="${1}"
  eval VARVALUE='$'${VARNAME}
  if [ -z "${VARVALUE}" ] || [ ! -d "${VARVALUE}" ]
  then
    echo "Variable ${VARNAME} (value \"${VARVALUE}\") does not point to a valid directory."
    exit 1
  fi
}

# cleanTmp - Clean up TMPDIR
cleanTmp() {
  if [ -z "${NOCLEAN}" ]
  then
    echo "Not cleaning TMPDIR (${TMPDIR}) upon request."
  else
    [ -d "${TMPDIR}" ] && [ -f "${TMPDIR}/.istempdir" ] && rm -rf "${TMPDIR}"
  fi
}

die() {
  printf "\n"
  echo "!!! $*"
  cleanTmp
  exit 2
}

# buildpatch - Create the patch set to be applied for the new release
buildpatch() {
  printf "Creating patch 0001-full-patch-against-stable-release.patch... "
  diff -uNr -x ".git*" -x "CVS" -x "*.autogen*" -x "*.part" ${REFPOLRELEASE} ${HARDENEDREFPOL} | sed -e ${TRANSLATE} > ${TMPDIR}/0001-full-patch-against-stable-release.patch || die "Failed to create patch"
  printf "done\n"

  printf "Creating patch bundle for ${NEWVERSION}... "
  cd ${TMPDIR} || die
  tar cvjf patchbundle-selinux-base-policy-${NEWVERSION}.tar.bz2 *.patch > /dev/null 2>&1 || die "Failed to create patchbundle"
  printf "done\n"

  printf "Copying patch bundle into ${DISTDIR} location and dev.g.o... "
  cp patchbundle-selinux-base-policy-${NEWVERSION}.tar.bz2 ${DISTDIR} || die "Failed to copy patchbundle to ${DISTDIR}"
  scp patchbundle-selinux-base-policy-${NEWVERSION}.tar.bz2 ${REMOTELOCATION} > /dev/null 2>&1 || die "Failed to scopy patchbundle to ${REMOTELOCATION}"
  printf "done\n"
}

# Create (or modify) the new ebuilds
createEbuilds() {
  cd ${GENTOOX86}/sec-policy
  printf "Removing old patchbundle references in Manifest (in case of rebuild)... "
  for PKG in selinux-*
  do
    [[ -f "${PKG}/Manifest}" ]] || continue
    sed -i -e "/patchbundle-selinux-base-policy-${NEWVERSION}/d" ${PKG}/Manifest || die "Failed to clear Manifest"
  done
  printf "done\n"

  printf "Creating new ebuilds based on 9999 version... "
  for PKG in selinux-*
  do
    [[ -f "${PKG}/${PKG}-9999.ebuild" ]] || continue
    cp ${PKG}/${PKG}-9999.ebuild ${PKG}/${PKG}-${NEWVERSION}.ebuild || die "Failed to copy ebuild"

    # Update copyright year
    sed -i "s/Copyright 1999-20.. Gentoo .*/Copyright 1999-$(date '+%Y') Gentoo Authors/" \
        ${PKG}/${PKG}-${NEWVERSION}.ebuild || die "Failed to update header"
  done
  printf "done\n"
}

# Create and push tag for new release
tagRelease() {
  printf "Creating tag ${NEWVERSION} in our repository... "
  cd ${HARDENEDREFPOL} || die
  git tag -a ${NEWVERSION} -m "Release set of ${NEWVERSION}" --sign > /dev/null 2>&1 || die "Failed to create tag"
  printf "done\n"
}

if [ $# -ne 1 ]
then
  usage
  exit 3
fi

DISTDIR=$(portageq distdir)

# Assert that all needed information is available
assertDirEnvVar DISTDIR
assertDirEnvVar GENTOOX86
assertDirEnvVar HARDENEDREFPOL
assertDirEnvVar REFPOLRELEASE

TMPDIR=$(mktemp -dt refpol.XXXXXXXXXX)
touch ${TMPDIR}/.istempdir

# Build the patch
buildpatch
# Create ebuilds
createEbuilds
# Tag release
tagRelease

cat << EOF
The release has now been prepared.

Please go do the following to finish up:

In ${GENTOOX86}/sec-policy:
$ git add .
$ repoman --digest=y full

Then, before finally committing - do a run yourself, ensuring that the right
version is deployed of course:
# emerge -av1 @selinux-rebuild

Only then do:
$ repoman commit -m 'sec-policy: Release of SELinux policies ${NEWVERSION}'
$ git push --sign

In ${HARDENEDREFPOL} do:
$ git push origin --tags
EOF

cleanTmp