Initial commit

2021-12-30 23:16:26 +01:00 · 2021-12-30 23:16:26 +01:00 · 4c343d4eeb
commit 4c343d4eeb
5 changed files with 219 additions and 0 deletions
--- a/generic-sign.sh
+++ b/generic-sign.sh
@ -0,0 +1,21 @@
+#!/bin/bash -e
+
+if [ -z "$1" ]; then
+	echo Usage: $0 '<MANIFEST>' >&2
+	exit 1
+fi
+
+echo
+echo Starting the signature process.
+read -sp 'Please enter your private key (hidden) and press enter: ' privkey
+echo
+
+echo
+echo Signing manifest "$1" ...
+# check if the separator is already in the file
+if ! fgrep -q -- --- "$1"; then
+	echo --- >> "$1"
+fi
+ecdsasign <( awk '/^BRANCH/,/^---/' "$1" | egrep -v ^--- ) <<< "$privkey" >> "$1"
+echo 'Last 10 lines of the signed manifest:'
+tail -10 "$1"
--- a/stable_sign.sh
+++ b/stable_sign.sh
@ -0,0 +1,52 @@
+#!/bin/bash -e
+
+BASEPATH=~/firmware
+
+cat <<EOF
+This script is intended to make signing stable firmwares easier.
+It will ask you which firmware you want to sign and will ask you for your private key.
+
+EOF
+
+cd $BASEPATH
+firmware=(v*/)
+echo Available firmware versions in $(pwd):
+for i in ${!firmware[*]}; do
+	echo $i. ${firmware[$i]}
+done
+read -p 'Enter the number of the firmware you wish to sign: ' fw
+firmware=${firmware[$fw]}
+echo Selected firmware: ${firmware}
+
+echo
+echo Manifests to be signed:
+for betastable in beta stable; do
+	m=${BASEPATH}/${firmware}/stable/images/sysupgrade/${betastable}.manifest
+	echo "####### Manifest: ${m}"
+	if ! head -3 $m; then
+		echo ERROR: no beta.manifest, try update_manifests.sh first.
+		exit 1
+	fi
+done
+
+echo
+echo Press enter if you want to sign the manifests listed above. To abort, hit Ctrl+C.
+read -r confirm
+
+echo
+echo Starting the signature process.
+read -sp 'Please enter your private key (hidden) and press enter: ' privkey
+echo
+
+echo
+echo Signing manifests...
+for betastable in beta stable; do
+	m=${BASEPATH}/${firmware}/stable/images/sysupgrade/${betastable}.manifest
+	echo "####### Manifest: ${m}"
+	# check if the separator is already in the file
+	if ! fgrep -q -- --- $m; then
+		echo --- >> $m
+	fi
+	# generate the signature
+	ecdsasign <( awk '/^BRANCH/,/^---/' $m | egrep -v ^--- ) <<< "$privkey" >> $m
+done
--- a/sync-firmware.sh
+++ b/sync-firmware.sh
@ -0,0 +1,19 @@
+#!/bin/bash -e
+
+while [ $# -gt 0 ]; do
+	case "$1" in
+		-n)
+			DRYRUN=--dry-run
+			;;
+		*)
+			echo "Unknown option: $1" >&2
+			exit 1
+			;;
+	esac
+	shift
+done
+
+echo '############################# Uploading to srv01...'
+rsync --recursive --delete-before --links --hard-links --times --partial --verbose --progress $DRYRUN ~/firmware/update-mirror/. ffupdates@srv01.hamburg.freifunk.net:updates/
+echo '############################# Uploading to srv03...'
+rsync --recursive --delete-before --links --hard-links --times --partial --verbose --progress $DRYRUN ~/firmware/update-mirror/. ffupdates@srv03.hamburg.freifunk.net:/var/www/updates/
--- a/update-manifests.sh
+++ b/update-manifests.sh
@ -0,0 +1,64 @@
+#!/bin/bash -e
+
+BASEPATH=~/firmware
+
+cat <<EOF
+This script modifies the stable.manifest and beta.manifest in each firmware directory and updates
+the branch, date and priority information. Signatures will be removed as they become invalid due to the changes.
+It will ask you which firmware you want modify.
+
+EOF
+
+cd $BASEPATH
+firmware=(v*/)
+echo Available firmware versions in $(pwd):
+for i in ${!firmware[*]}; do
+	echo $i. ${firmware[$i]}
+done
+read -p 'Enter the number of the firmware you wish to update: ' fw
+firmware=${firmware[$fw]}
+echo Selected firmware: ${firmware}
+
+echo
+echo Manifest to be modified:
+m=${BASEPATH}/${firmware}/stable/images/sysupgrade/stable.manifest
+echo "####### Manifest: ${m}"
+head -3 $m
+
+echo
+echo Press enter if you want to use the manifest listed above. To abort, hit Ctrl+C.
+read -sr confirm
+echo
+
+valuesok=n
+while [ "${valuesok}" != "y" ]; do
+	echo -n 'Please enter the new priority (default 7): '
+	read -r prio
+	echo
+	prio=${prio:-7}
+
+	d=${d:-$(date '+%Y-%m-%d %H:%M:%S%:z')}
+	echo 'The date will be interpreted by "date", so you can use something like "tuesday"'
+	echo -n "Please enter the new date (default: $d): "
+	read -r newd
+	d="$(date --date="${newd:-${d:-now}}" '+%Y-%m-%d %H:%M:%S%:z')"
+
+	cat <<-EOF
+		New settings:
+		Priority: $prio
+		Date: $d
+	EOF
+	echo
+	echo 'Is this correct? [yn] '
+	read -r valuesok
+done
+
+echo
+echo Updating manifest...
+# Use the stable manifest as source...
+src="$(cat ${BASEPATH}/${firmware}/stable/images/sysupgrade/stable.manifest)"
+for branch in beta stable; do
+	m=${BASEPATH}/${firmware}/stable/images/sysupgrade/${branch}.manifest
+	echo "####### Manifest: ${m}"
+	awk -v "branch=${branch}" -v "d=${d}" -v "prio=${prio}" '/^BRANCH=/ {print "BRANCH=" branch; next} /^DATE=/ {print "DATE=" d; next} /^PRIORITY=/ {print "PRIORITY=" prio; next} /^---/ {exit} {print}' <<< "${src}" > "${m}"
+done
--- a/update-mirror.sh
+++ b/update-mirror.sh
@ -0,0 +1,63 @@
+#!/bin/bash -e
+
+LOCAL_BASE="${HOME}/firmware/update-mirror"
+
+show_usage() {
+cat <<EOF
+This script adds firmware to the update-mirror. Note that this script will replace an already existing version if
+it has the same version number.
+Usage: $0 [-r] [-n] [-u] <firmware>
+	-r	Release the firmware by changing the branch specific link to point to the new firmware
+	-n	Set the rsync dry-run flag (WARNING: does not prevent the release link!)
+	-u	rsync update-mirror to the update servers. use sync-firmware.sh if you want to do that later.
+	firmware: The directory created by the site-ffhh/build.sh script
+			for example: /home/gluon/firmware/0.8.5+exp20171028
+			Must contain a single subdirectory named stable or experimental.
+EOF
+}
+
+while [ $# -gt 0 ]; do
+	case "$1" in
+		-r)
+			RELEASE=1
+			;;
+		-n)
+			DRYRUN=--dry-run
+			;;
+		-u)
+			UPLOAD=1
+			;;
+		*)
+			FIRMWARE="$1"
+			if [ ! -d "$FIRMWARE" ]; then
+				show_usage
+				exit 1
+			fi
+			;;
+	esac
+	shift
+done
+
+if [ ! -d "$FIRMWARE" ]; then
+	show_usage
+	exit 1
+fi
+
+pushd "$FIRMWARE" 2>/dev/null
+VERSION="$(basename -- $(pwd -P))"
+branch=$(ls | head -1)
+pushd "$branch" 2>/dev/null
+echo '############################# Updating the local mirror...'
+TARGET="${LOCAL_BASE}/multi/archive/${VERSION}"
+mkdir -p "${TARGET}"
+rsync --verbose --progress --stats --recursive --hard-links --links --perms --times $DRYRUN . "${TARGET}"
+if [ "${RELEASE}" == "1" ]; then
+	rm -f "${LOCAL_BASE}/multi/${branch}"
+	ln -s "archive/${VERSION}" "${LOCAL_BASE}/multi/${branch}"
+fi
+
+if [ "${UPLOAD}" == "1" ]; then
+	echo '############################# Uploading to servers...'
+	rsync --recursive --delete-before --links --hard-links --times --partial --verbose --progress $DRYRUN $EXCLUDES "${LOCAL_BASE}/." ffupdates@srv01.hamburg.freifunk.net:updates/
+	rsync --recursive --delete-before --links --hard-links --times --partial --verbose --progress $DRYRUN $EXCLUDES "${LOCAL_BASE}/." ffupdates@srv03.hamburg.freifunk.net:/var/www/updates/
+fi