Merge pull request #735 from bgilbert/signing

offline_signing: Allow download/upload for multiple releases with a single invocation

offline_signing/download.sh

@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-set -eux
-
-BOARD="${1?Must provide a board (e.g. amd64-usr)}"
-VERSION="${2?Must provide a version (e.g. 1234.0.0)}"
-CHANNEL="${3?Must provide a channel (e.g. alpha)}"
-
-if ! [[ "${CHANNEL}" =~ alpha|beta|stable ]]; then
-    echo "Invalid channel ${CHANNEL}"
-    echo "Usage: $0 <BOARD> <VERSION> <CHANNEL> [OUTPUT DIR]"
-    exit 1
-fi
-
-GS="gs://builds.release.core-os.net/${CHANNEL}/boards/$BOARD/$VERSION"
-
-cd "${4:-.}"
-
-gsutil cp \
-    "${GS}/coreos_production_image.vmlinuz" \
-    "${GS}/coreos_production_image.vmlinuz.sig" \
-    "${GS}/coreos_production_update.bin.bz2" \
-    "${GS}/coreos_production_update.bin.bz2.sig" \
-    "${GS}/coreos_production_update.zip" \
-    "${GS}/coreos_production_update.zip.sig" ./
-
-gpg --verify "coreos_production_image.vmlinuz.sig"
-gpg --verify "coreos_production_update.bin.bz2.sig"
-gpg --verify "coreos_production_update.zip.sig"

offline_signing/transfer.sh

@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+set -eux
+
+download() {
+    local channel="$1"
+    local version="$2"
+    local board="$3"
+
+    local gs="gs://builds.release.core-os.net/${channel}/boards/${board}/${version}"
+    local dir="${BASEDIR}/${board}/${version}"
+    mkdir -p "${dir}"
+    pushd "${dir}" >/dev/null
+
+    gsutil cp \
+        "${gs}/coreos_production_image.vmlinuz" \
+        "${gs}/coreos_production_image.vmlinuz.sig" \
+        "${gs}/coreos_production_update.bin.bz2" \
+        "${gs}/coreos_production_update.bin.bz2.sig" \
+        "${gs}/coreos_production_update.zip" \
+        "${gs}/coreos_production_update.zip.sig" ./
+
+    gpg2 --verify "coreos_production_image.vmlinuz.sig"
+    gpg2 --verify "coreos_production_update.bin.bz2.sig"
+    gpg2 --verify "coreos_production_update.zip.sig"
+
+    popd >/dev/null
+}
+
+upload() {
+    local channel="$1"
+    local version="$2"
+    local board="$3"
+
+    local payload="${BASEDIR}/${board}/${version}/coreos_production_update.gz"
+    if [[ ! -e "${payload}" ]]; then
+        echo "No such file: ${payload}" >&2
+        exit 1
+    fi
+
+    declare -A appid
+    appid[amd64-usr]=e96281a6-d1af-4bde-9a0a-97b76e56dc57
+    appid[arm64-usr]=103867da-e3a2-4c92-b0b3-7fbd7f7d8b71
+
+    "$(dirname $0)/../core_roller_upload" \
+        --user="${ROLLER_USERNAME}" \
+        --api_key="${ROLLER_API_KEY}" \
+        --app_id="${appid[${board}]}" \
+        --board="${board}" \
+        --version="${version}" \
+        --payload="${payload}"
+}
+
+usage() {
+    echo "Usage: $0 {download|upload} <ARTIFACT-DIR> [{-a|-b|-s} <VERSION>]..." >&2
+    exit 1
+}
+
+# Parse base arguments.
+CMD="${1:-}"
+BASEDIR="${2:-}"
+shift 2 ||:
+
+case "${CMD}" in
+    download)
+        ;;
+    upload)
+        if [[ -e "${HOME}/.config/roller.conf" ]]; then
+            . "${HOME}/.config/roller.conf"
+        fi
+        if [[ -z "${ROLLER_USERNAME:-}" || -z "${ROLLER_API_KEY:-}" ]]; then
+            echo 'Missing $ROLLER_USERNAME or $ROLLER_API_KEY.' >&2
+            echo "Consider adding shell assignments to ~/.config/roller.conf." >&2
+            exit 1
+        fi
+        ;;
+    *)
+        usage
+        ;;
+esac
+
+if [[ -z "${BASEDIR}" ]]; then
+    usage
+fi
+
+if [[ -d "${BASEDIR}" && ! -O "${BASEDIR}" ]]; then
+    echo "Fixing ownership of ${BASEDIR}..."
+    sudo chown -R "${USER}" "${BASEDIR}"
+fi
+
+# Walk argument pairs.
+while [[ $# > 0 ]]; do
+    c="$1"
+    v="${2?Must provide a version (e.g. 1234.0.0)}"
+    shift 2
+
+    case "${c}" in
+    -a)
+        $CMD "alpha" "${v}" "amd64-usr"
+        $CMD "alpha" "${v}" "arm64-usr"
+        ;;
+    -b)
+        $CMD "beta" "${v}" "amd64-usr"
+        $CMD "beta" "${v}" "arm64-usr"
+        ;;
+    -s)
+        $CMD "stable" "${v}" "amd64-usr"
+        ;;
+    *)
+        usage
+        ;;
+    esac
+done