diff options
author | Carlo Landmeter <clandmeter@alpinelinux.org> | 2018-03-05 22:39:42 +0000 |
---|---|---|
committer | Carlo Landmeter <clandmeter@alpinelinux.org> | 2018-03-05 22:39:42 +0000 |
commit | fa919cb681747c95a31ceed508282a4e8475d0bf (patch) | |
tree | 51c12187cf002b19fa137cf9a0b97ff38cf5db53 /update-netboot.sh | |
download | alpine-netboot-fa919cb681747c95a31ceed508282a4e8475d0bf.tar.bz2 alpine-netboot-fa919cb681747c95a31ceed508282a4e8475d0bf.tar.xz |
Initial commit
Diffstat (limited to 'update-netboot.sh')
-rwxr-xr-x | update-netboot.sh | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/update-netboot.sh b/update-netboot.sh new file mode 100755 index 0000000..a23677a --- /dev/null +++ b/update-netboot.sh @@ -0,0 +1,93 @@ +#!/bin/sh + +REPO="http://dl-cdn.alpinelinux.org/alpine" +BRANCHES="edge latest-stable" +ARCHS="x86 x86_64" +IMGDIR="/var/www/localhost/htdocs/images" + +# CA Settings +CA_CRT="/etc/ssl/alpine-netboot-ca/ca.crt" +SIGN_CRT="/etc/ssl/alpine-netboot-ca/codesign.crt" +SIGN_KEY="/etc/ssl/alpine-netboot-ca/codesign.key" +PASS_FILE="/etc/ssl/alpine-netboot-ca/passwd" + +if [ -f "/lib/libalpine.sh" ]; then + . /lib/libalpine.sh +else + echo "Error: cannot find libalpine.sh" >&2 + exit 1 +fi + +CACHE_DIR="/var/cache/alpine-netboot" +APK="apk --no-cache --repositories-file /dev/null" + +compare_files() { + [ -f "$1" ] || return 1 + [ -f "$2" ] || return 1 + diff -q "$1" "$2" > /dev/null 2>&1 +} + +# list all runtime depencencies for alpine-base +resolve_base() { + local branch="$1" + local arch="$2" + ALPINE_BASE=$($APK --arch $arch -X $REPO/$branch/main fetch -R --simulate alpine-base 2> /dev/null) + [ "$?" = "0" ] || die "Failed to get base dependency tree" + echo "$ALPINE_BASE" | grep -v '^fetch' | cut -d' ' -f2 +} + +# find the latest kernel and firmware. +# kernel/firmware deps are not interesting so we do not resolve the tree. +get_latest_kernel() { + local branch="$1" + local arch="$2" + KERNEL=$($APK --arch $arch -X $REPO/$branch/main search -x linux-vanilla linux-firmware) + [ "$?" = "0" ] || die "Failed to get kernel version" + echo "$KERNEL" | grep -v '^fetch' +} + +sign_images() { + local imgdir="$1" + local img + for img in vmlinuz initramfs; do + local file=$(realpath $imgdir/*${img}*) + echo "Signing image: $file" + openssl cms -sign -binary -noattr -in "$file" \ + -signer "$SIGN_CRT" -inkey "$SIGN_KEY" \ + -certfile "$CA_CRT" \ + -outform DER -out "$file".sig \ + -passin file:"$PASS_FILE" + done +} + + +############# +# M a i n # +############# + +mkdir -p "$CACHE_DIR" +tmpfile=$(mktemp) +tmpdir=$(mktemp -d) + +for branch in $BRANCHES; do + mkdir -p "$IMGDIR"/$branch + for arch in $ARCHS; do + echo "Checking: $branch/$arch" + for i in $(resolve_base $branch $arch && get_latest_kernel $branch $arch); do + echo "$i" >> $tmpfile + done + sort $tmpfile -o $tmpfile + if ! compare_files $tmpfile "$CACHE_DIR"/$branch-$arch.lst; then + echo "Dependencies updated for: $branch/$arch" + ./mknetboot.sh --release "$branch" --arch "$arch" --outdir "$tmpdir" + (cd "$tmpdir" && sha512sum * > alpine-netboot-$branch-$arch.sha512) + sign_images "$tmpdir" + rm -rf "$IMGDIR"/$branch/$arch + mv "$tmpdir" "$IMGDIR"/$branch/$arch + mv "$tmpfile" "$CACHE_DIR"/$branch-$arch.lst + else + printf "No update found\n\n" + rm -f $tmpfile + fi + done +done |