2018-10-02 12:58:12 +02:00
|
|
|
#!/usr/bin/python3
|
|
|
|
|
|
|
|
import hashlib
|
|
|
|
import json
|
|
|
|
import os
|
|
|
|
import subprocess
|
|
|
|
import sys
|
|
|
|
|
2018-10-02 17:35:49 +02:00
|
|
|
from cryptography.hazmat.backends import default_backend
|
|
|
|
from cryptography.hazmat.primitives import hashes
|
|
|
|
from cryptography.hazmat.primitives.asymmetric import ec
|
|
|
|
from cryptography.hazmat.primitives.serialization import load_pem_private_key
|
|
|
|
|
2019-02-26 20:24:02 +01:00
|
|
|
PKG_ROOT = '/srv/build/lxc'
|
2018-10-25 22:17:39 +02:00
|
|
|
PRIVATE_KEY = '/srv/build/packages.key'
|
2018-10-02 12:58:12 +02:00
|
|
|
LXC_ROOT = '/var/lib/lxc'
|
|
|
|
|
2019-02-26 20:24:02 +01:00
|
|
|
def pack(path):
|
|
|
|
# Determine correct metadata file and package name
|
|
|
|
path = os.path.realpath(path)
|
|
|
|
if os.path.isdir(path):
|
|
|
|
meta_dir = path
|
|
|
|
meta_file = os.path.join(meta_dir, 'meta')
|
|
|
|
else:
|
|
|
|
meta_dir = os.path.dirname(path)
|
|
|
|
meta_file = path
|
|
|
|
pkg_name = os.path.basename(meta_dir)
|
|
|
|
|
|
|
|
# Load metadata
|
|
|
|
with open(meta_file) as f:
|
|
|
|
meta = json.load(f)
|
2018-10-02 12:58:12 +02:00
|
|
|
|
2019-02-26 20:24:02 +01:00
|
|
|
# Prepare package file names
|
|
|
|
os.makedirs(PKG_ROOT, 0o755, True)
|
|
|
|
tar_path = os.path.join(PKG_ROOT, '{}_{}-{}.tar'.format(pkg_name, meta['version'], meta['release']))
|
2018-10-02 12:58:12 +02:00
|
|
|
xz_path = '{}.xz'.format(tar_path)
|
|
|
|
|
|
|
|
# Remove old package
|
2018-10-02 17:38:58 +02:00
|
|
|
if os.path.exists(tar_path):
|
2018-10-02 13:10:24 +02:00
|
|
|
os.unlink(tar_path)
|
2018-10-02 17:38:58 +02:00
|
|
|
if os.path.exists(xz_path):
|
2018-10-02 13:10:24 +02:00
|
|
|
os.unlink(xz_path)
|
2018-10-02 12:58:12 +02:00
|
|
|
|
|
|
|
# Create archive
|
|
|
|
print('Archiving', meta['lxcpath'])
|
2018-10-26 14:12:12 +02:00
|
|
|
subprocess.run(['tar', '--xattrs', '-cpf', tar_path, os.path.join(LXC_ROOT, meta['lxcpath'])], cwd='/')
|
2019-02-26 20:24:02 +01:00
|
|
|
# Add install/upgrade/uninstall scripts
|
|
|
|
scripts = ('install', 'install.sh', 'upgrade', 'upgrade.sh', 'uninstall', 'uninstall.sh')
|
|
|
|
scripts = [s for s in scripts if os.path.exists(os.path.join(meta_dir, s))]
|
|
|
|
subprocess.run(['tar', '--transform', 's|^|srv/{}/|'.format(pkg_name), '-rpf', tar_path] + scripts, cwd=meta_dir)
|
2018-10-26 14:34:01 +02:00
|
|
|
# Compress the tarball with xz (LZMA2)
|
2018-10-26 22:11:34 +02:00
|
|
|
print('Compressing', tar_path, '({:.2f} MB)'.format(os.path.getsize(tar_path)/1048576))
|
2018-10-02 12:58:12 +02:00
|
|
|
subprocess.run(['xz', '-9', tar_path])
|
2018-10-26 22:11:34 +02:00
|
|
|
print('Compressed ', xz_path, '({:.2f} MB)'.format(os.path.getsize(xz_path)/1048576))
|
2018-10-02 12:58:12 +02:00
|
|
|
|
|
|
|
# Register package
|
|
|
|
print('Registering package')
|
|
|
|
packages = {}
|
2019-02-26 20:24:02 +01:00
|
|
|
packages_file = os.path.join(PKG_ROOT, 'packages')
|
2018-10-02 17:38:58 +02:00
|
|
|
if os.path.exists(packages_file):
|
2018-10-02 22:09:34 +02:00
|
|
|
with open(packages_file, 'r') as f:
|
|
|
|
packages = json.load(f)
|
2018-10-02 12:58:12 +02:00
|
|
|
packages[pkg_name] = meta
|
2018-10-21 10:09:02 +02:00
|
|
|
packages[pkg_name]['size'] = os.path.getsize(xz_path)
|
2018-10-15 14:58:24 +02:00
|
|
|
packages[pkg_name]['sha512'] = hash_file(xz_path)
|
2018-10-02 22:09:34 +02:00
|
|
|
with open(packages_file, 'w') as f:
|
|
|
|
json.dump(packages, f, sort_keys=True, indent=4)
|
2018-10-02 12:58:12 +02:00
|
|
|
|
2019-02-26 20:24:02 +01:00
|
|
|
# Sign packages file
|
2018-10-02 12:58:12 +02:00
|
|
|
print('Signing packages')
|
2018-10-25 22:17:39 +02:00
|
|
|
with open(PRIVATE_KEY, 'rb') as f:
|
2018-10-02 22:09:34 +02:00
|
|
|
priv_key = load_pem_private_key(f.read(), None, default_backend())
|
2019-02-26 20:24:02 +01:00
|
|
|
with open(os.path.join(PKG_ROOT, 'packages'), 'rb') as f:
|
2018-10-02 22:09:34 +02:00
|
|
|
data = f.read()
|
2019-02-26 20:24:02 +01:00
|
|
|
with open(os.path.join(PKG_ROOT, 'packages.sig'), 'wb') as f:
|
2018-10-02 22:09:34 +02:00
|
|
|
f.write(priv_key.sign(data, ec.ECDSA(hashes.SHA512())))
|
2018-10-02 12:58:12 +02:00
|
|
|
|
|
|
|
def hash_file(file_path):
|
|
|
|
sha512 = hashlib.sha512()
|
2018-10-02 22:09:34 +02:00
|
|
|
with open(file_path, 'rb') as f:
|
2018-10-02 12:58:12 +02:00
|
|
|
while True:
|
2018-10-02 22:09:34 +02:00
|
|
|
data = f.read(65536)
|
2018-10-02 12:58:12 +02:00
|
|
|
if not data:
|
|
|
|
break
|
|
|
|
sha512.update(data)
|
|
|
|
return sha512.hexdigest()
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
2019-02-26 20:24:02 +01:00
|
|
|
if len(sys.argv) != 2 or sys.argv[1] in ('-h', '--help'):
|
|
|
|
print('Usage: lxc-pack <buildpath>\n where the buildpath can be either specific meta file or a directory containing one')
|
2018-10-02 12:58:12 +02:00
|
|
|
else:
|
|
|
|
pack(sys.argv[1])
|