aboutsummaryrefslogtreecommitdiffstats
path: root/update-netboot.sh
blob: a23677af1b6b466eb72c5d92817d7b1cace94794 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/bin/sh

REPO="http://dl-cdn.alpinelinux.org/alpine"
BRANCHES="edge latest-stable"
ARCHS="x86 x86_64"
IMGDIR="/var/www/localhost/htdocs/images"

# CA Settings
CA_CRT="/etc/ssl/alpine-netboot-ca/ca.crt"
SIGN_CRT="/etc/ssl/alpine-netboot-ca/codesign.crt"
SIGN_KEY="/etc/ssl/alpine-netboot-ca/codesign.key"
PASS_FILE="/etc/ssl/alpine-netboot-ca/passwd"

if [ -f "/lib/libalpine.sh" ]; then
	. /lib/libalpine.sh
else
	echo "Error: cannot find libalpine.sh" >&2
	exit 1
fi

CACHE_DIR="/var/cache/alpine-netboot"
APK="apk --no-cache --repositories-file /dev/null"

compare_files() {
	[ -f "$1" ] || return 1
	[ -f "$2" ] || return 1
	diff -q "$1" "$2" > /dev/null 2>&1
}

# list all runtime depencencies for alpine-base
resolve_base() {
	local branch="$1"
	local arch="$2"
	ALPINE_BASE=$($APK --arch $arch -X $REPO/$branch/main fetch -R --simulate alpine-base 2> /dev/null)
	[ "$?" = "0" ] || die "Failed to get base dependency tree"
	echo "$ALPINE_BASE" | grep -v '^fetch' | cut -d' ' -f2
}

# find the latest kernel and firmware.
# kernel/firmware deps are not interesting so we do not resolve the tree.
get_latest_kernel() {
	local branch="$1"
	local arch="$2"
	KERNEL=$($APK --arch $arch -X $REPO/$branch/main search -x linux-vanilla linux-firmware)
	[ "$?" = "0" ] || die "Failed to get kernel version"
	echo "$KERNEL" | grep -v '^fetch'
}

sign_images() {
	local imgdir="$1"
	local img
	for img in vmlinuz initramfs; do
		local file=$(realpath $imgdir/*${img}*)
		echo "Signing image: $file"
		openssl cms -sign -binary -noattr -in "$file" \
			-signer "$SIGN_CRT" -inkey "$SIGN_KEY" \
			-certfile "$CA_CRT" \
			-outform DER -out "$file".sig \
			-passin file:"$PASS_FILE"
	done
}


#############
#  M a i n  #
#############

mkdir -p "$CACHE_DIR"
tmpfile=$(mktemp)
tmpdir=$(mktemp -d)

for branch in $BRANCHES; do
	mkdir -p "$IMGDIR"/$branch
	for arch in $ARCHS; do
		echo "Checking: $branch/$arch"
		for i in $(resolve_base $branch $arch && get_latest_kernel $branch $arch); do
			echo "$i" >> $tmpfile
		done
		sort $tmpfile -o $tmpfile
		if ! compare_files $tmpfile "$CACHE_DIR"/$branch-$arch.lst; then
			echo "Dependencies updated for: $branch/$arch"
			./mknetboot.sh --release "$branch" --arch "$arch" --outdir "$tmpdir"
			(cd "$tmpdir" && sha512sum * > alpine-netboot-$branch-$arch.sha512)
			sign_images "$tmpdir"
			rm -rf "$IMGDIR"/$branch/$arch
			mv "$tmpdir" "$IMGDIR"/$branch/$arch
			mv "$tmpfile" "$CACHE_DIR"/$branch-$arch.lst
		else
			printf "No update found\n\n"
			rm -f $tmpfile
		fi
	done
done