Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/gentoo/release-prepare.sh
blob: d88b7ba9a517376375990ec268f0f31984aaf9d1 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

#!/bin/sh

# Copyright 2013,2014 Sven Vermeulen <swift@gentoo.org>
# Licensed under the GPL-3 license

# Prepare new policy release

TRANSLATE="s:\(${HARDENEDREFPOL}\|${REFPOLRELEASE}\):refpolicy/:g";
NEWVERSION="${1}";
# If remote requires a different username, it should be set in ~/.ssh/config
REMOTELOCATION="dev.gentoo.org:/home/swift/public_html/patches/selinux-base-policy";

usage() {
  echo "Usage: $0 <newversion>";
  echo "";
  echo "Example: $0 2.20140311-r5"
  echo "";
  echo "The script will copy the live ebuilds towards the";
  echo "<newversion>."
  echo "";
  echo "The following environment variables must be declared correctly for the script";
  echo "to function properly:";
  echo "  - GENTOOX86 should point to the gentoo-x86 checkout";
  echo "    E.g. export GENTOOX86=\"/home/user/dev/gentoo-x86/\"";
  echo "  - HARDENEDREFPOL should point to the hardened-refpolicy.git checkout";
  echo "    E.g. export HARDENEDREFPOL=\"/home/user/dev/hardened-refpolicy/\"";
  echo "  - REFPOLRELEASE should point to the current latest /release/ of the reference"
  echo "    policy (so NOT to a checkout), extracted somewhere on the file system."
  echo "    E.g. export REFPOLRELEASE=\"/home/user/local/refpolicy-20130424/\"";
}

assertDirEnvVar() {
  VARNAME="${1}";
  eval VARVALUE='$'${VARNAME};
  if [ -z "${VARVALUE}" ] || [ ! -d "${VARVALUE}" ];
  then
    echo "Variable ${VARNAME} (value \"${VARVALUE}\") does not point to a valid directory.";
    exit 1;
  fi
}

# cleanTmp - Clean up TMPDIR
cleanTmp() {
  if [ -z "${NOCLEAN}" ];
  then
    echo "Not cleaning TMPDIR (${TMPDIR}) upon request.";
  else
    [ -d "${TMPDIR}" ] && [ -f "${TMPDIR}/.istempdir" ] && rm -rf "${TMPDIR}"
  fi
}

die() {
  printf "\n";
  echo "!!! $*";
  cleanTmp;
  exit 2;
};

# buildpatch - Create the patch set to be applied for the new release
buildpatch() {
  printf "Creating patch 0001-full-patch-against-stable-release.patch... ";
  diff -uNr -x ".git*" -x "CVS" -x "*.autogen*" -x "*.part" ${REFPOLRELEASE} ${HARDENEDREFPOL} | sed -e ${TRANSLATE} > ${TMPDIR}/0001-full-patch-against-stable-release.patch || die "Failed to create patch";
  printf "done\n"

  printf "Creating patch bundle for ${NEWVERSION}... ";
  cd ${TMPDIR};
  tar cvjf patchbundle-selinux-base-policy-${NEWVERSION}.tar.bz2 *.patch > /dev/null 2>&1 || die "Failed to create patchbundle";
  printf "done\n";

  . /etc/portage/make.conf;
  printf "Copying patch bundle into ${DISTDIR} location and dev.g.o... ";
  cp patchbundle-selinux-base-policy-${NEWVERSION}.tar.bz2 ${DISTDIR} || die "Failed to copy patchbundle to ${DISTDIR}";
  scp patchbundle-selinux-base-policy-${NEWVERSION}.tar.bz2 ${REMOTELOCATION} > /dev/null 2>&1 || die "Failed to scopy patchbundle to ${REMOTELOCATION}";
  printf "done\n";
}

# Create (or modify) the new ebuilds
createEbuilds() {
  cd ${GENTOOX86}/sec-policy;
  printf "Removing old patchbundle references in Manifest (in case of rebuild)... ";
  for PKG in *;
  do
    [[ -f "${PKG}/Manifest}" ]] || continue;
    sed -i -e "/patchbundle-selinux-base-policy-${NEWVERSION}/d" ${PKG}/Manifest;
  done
  printf "done\n";

  printf "Creating new ebuilds based on 9999 version... ";
  for PKG in *;
  do
    [[ -f "${PKG}/${PKG}-9999.ebuild" ]] || continue;
    cp ${PKG}/${PKG}-9999.ebuild ${PKG}/${PKG}-${NEWVERSION}.ebuild;
  done
  printf "done\n";
}

# Create and push tag for new release
tagRelease() {
  printf "Creating tag ${NEWVERSION} in our repository... ";
  cd ${HARDENEDREFPOL};
  git tag -a ${NEWVERSION} -m "Release set of ${NEWVERSION}" --sign > /dev/null 2>&1 || die "Failed to create tag";
  printf "done\n";
};

if [ $# -ne 1 ];
then
  usage;
  exit 3;
fi

# Assert that all needed information is available
assertDirEnvVar GENTOOX86;
assertDirEnvVar HARDENEDREFPOL;
assertDirEnvVar REFPOLRELEASE;

TMPDIR=$(mktemp -d);
touch ${TMPDIR}/.istempdir;

# Build the patch
buildpatch;
# Create ebuilds
createEbuilds;
# Tag release
tagRelease;

cat << EOF
The release has now been prepared.

Please go do the following to finish up:

In ${GENTOOX86}/sec-policy:
git add .
repoman --digest=y full

Then, before finally committing - do a run yourself, ensuring that the right
version is deployed of course:
- "emerge -1 \$(qlist -IC sec-policy)"

Only then do:
repoman commit -m 'sec-policy: Release of SELinux policies ${NEWVERSION}'
git push --sign

In ${HARDENEDREFPOL} do:
git push origin --tags
EOF

cleanTmp;