Commit 5488c8d6 authored by Jan-Tarek Butt's avatar Jan-Tarek Butt

switch from POSIX sh to lua

because of using multi dimensional arrays
parent 84ecced2
#!/usr/bin/lua
-- config --
-- Part for PID file
local PID_PART="/var/run/firmware-bot.pid"
-- Root dir of the firmware images
local FIRMWARE_DIR="/home/tata/firmware"
-- Gluon reposetory for singe script
local GLUON_GIT="https://github.com/freifunk-gluon/gluon.git"
-- Gluon branch
local GLUON_BRANCH="v2016.1.x"
-- Gluon part to singtest
local GLUON_SIGNTEST="/tmp/gluon/contrib/sigtest.sh"
-- Siteconf reposetory for public keys
local SITECONF_GIT="https://git.nordwest.freifunk.net/ffnw-firmware/siteconf.git"
-- Part to site.conf
local SITE_CONF="/tmp/siteconf/site.conf"
-- config end --
if io.open(PID_PART, "r") ~=nil then
io.stderr:write("The firmware-bot is still running.\n")
os.exit(1)
else
-- io.close(io.open(PID_PART, "w"))
end
local function clean_pid(exit_code)
if io.open(PID_PART, "r") ~=nil then
os.remove(PID_PART)
end
os.exit(exit_code)
end
-- init end --
-- Generating md5, sha1 and sha2 checksum
local function generate_checksum(firmware_dir)
for dir in io.popen(string.format("find %s -mindepth 1 -type d", firmware_dir), 'r'):lines() do
for file in io.popen(string.format("find %s -type f | egrep gluon- | egrep -v \"(*md5|*sha1|*sha2)\" | sort", dir), 'r'):lines() do
if io.open(file..".md5", "r") == nil then
io.stderr:write("Creating MD5 checksum for " .. file .. " ...\n")
os.execute("md5sum " .. file .. " > " .. file .. ".md5")
end
if io.open(file..".sha1", "r") == nil then
io.stderr:write("Creating SHA1 checksum for " .. file .. " ...\n")
os.execute("sha1sum " .. file .. " > " .. file .. ".sha1")
end
if io.open(file..".sha2", "r") == nil then
io.stderr:write("Creating SHA2 checksum for " .. file .. " ...\n")
os.execute("sha512sum " .. file .. " > " .. file .. ".sha2")
end
end
end
end
-- check if manifest symlink exsist
local function check_manifest_symlink(firmware_dir)
for dir in io.popen(string.format("find %s -mindepth 1 -type d", firmware_dir), 'r'):lines() do
for file in io.popen(string.format("find %s -type f | egrep *.manifest", dir), 'r'):lines() do
if io.open(dir.."/manifest", "r") == nil then
os.execute("ln -s " .. file .. " " .. dir.."/manifest")
io.stderr:write(dir.."/manifest\n")
end
end
end
end
-- check code into directory out. If it already exists fetch code up to commit ID
local function checkout_git(pwd, dir, repo, branch)
if pwd:sub(-1,-1):match("/") then
pwd = pwd:sub(1, -2)
end
local mygit="git -C " .. pwd .. "/" .. dir
io.stderr:write("checking out " .. repo .. " to " .. pwd .. "/" .. dir .. " in version " .. branch .. "\n")
if os.execute("[ -d " .. pwd .. "/" .. dir .. " ]") then
if os.execute(mygit .. " remote -v | grep -q \"" .. repo .. "\"") then
io.stderr:write("Right remote detected\n")
if not os.execute(mygit .. " checkout \"" .. branch .. "\"") then
io.stderr:write("commitid not found trying to fetch new commits\n")
os.execute(mygit .. " pull && " .. mygit .. " checkout \"" .. branch .. "\"")
end
else
io.stderr:write("wrong remote or not an git repo at all -> deleting whole directory\n")
os.execute("/bin/rm -rf ".. pwd .. "/" .. dir)
--needs to be without -C!!!
os.execute("git clone ".. repo .. " " .. pwd .. "/" .. dir)
os.execute(mygit .. " checkout " .. branch)
end
else
io.stderr:write("We need to do a fresh checkout\n")
-- ##needs to be without -C!!!
os.execute("git clone " .. repo .. " " .. pwd .. "/" .. dir)
os.execute(mygit .. " checkout " .. branch)
end
end
-- get public keys of each update branch
--ret = { branch , table }
--table = { key , name }
local function get_ecdsa_pubkeys(site_conf)
local ret = { nil }
local version = nil
local keys = { nil }
local save = false
local keysproducing = false
local section = 0 -- incr. "= {" and decr. "},"
if io.open(site_conf, "r") ~= nil then
for sign in io.open(site_conf,"r"):lines() do
if sign:match("branches = {") or section > 0 then
if sign:match("= {") then
section = section + 1
end
if sign:match("},") then
section = section - 1
end
if section == 2 and sign:match("= {") then
for v in string.gmatch(sign, "([^ ]+)") do
sign = v:gsub("^%s*(.-)%s*$", "%1")
break
end
version = sign
end
if section == 3 and sign:match("('%w+')") then
local key = {}
sign = sign:gsub("'","")
local c = 0
for s in string.gmatch(sign,"([^,]+)") do
key[c] = s:gsub("^%s*(.-)%s*$", "%1")
c = c +1
if c == 2 then
break
end
end
keys[key[0]] = key[1]:gsub("%%--","")
keysproducing = true
end
if keysproducing == true and section == 2 then
keysproducing = false
save = true
end
end
if version ~= nil and save == true then
save = false
ret[version] = keys
version = nil
keys = { nil }
end
end
end
return ret
end
--ret = { index , table }
--table = { name , version }
-- { branch, prefix }
-- { sgigned, Num }
-- { persons, table1 }
--table1 = { index, names }
-- check all signnatures and return a table
local function check_manifest_signature(signscript, pub_keys, firmware_dir)
local ret = {}
if io.open(signscript, "r") ~= nil then
for dir in io.popen(string.format("find %s -mindepth 1 -type d", firmware_dir), 'r'):lines() do
local version = {}
-- Get firmware version
for v in string.gmatch(dir, "([^%%/]+)") do
version["name"] = v
end
-- get manifest branch
for man in io.popen(string.format("find %s -type f | grep .manifest", dir), "r"):lines() do
for branch in string.gmatch(man, "([^%%/]+)") do
man = branch:gsub("^%s*(.-)%s*$", "%1")
end
for b in string.gmatch(man, "([^.]+)") do
version["branch"] = b:gsub("^%s*(.-)%s*$", "%1")
break
end
end
-- signed persons
version["sgigned"] = 0
local signed_person = {}
for k, p in pairs(pub_keys[version["branch"]]) do
if os.execute(signscript.." " .. k .. " " ..dir.."/".. version["branch"]..".manifest\n") then
version["sgigned"] = version["sgigned"] +1
table.insert(signed_person,p)
end
end
version["persons"] = signed_person
table.insert(ret,version)
end
end
return ret
end
-- check if all md5, sha1 and sha2 checksum files exsist and generate them
generate_checksum(FIRMWARE_DIR)
-- check if the symlink from <branch>.manifest to manifest exsist
check_manifest_symlink(FIRMWARE_DIR)
-- checkout gluon git
checkout_git("/tmp/", "gluon", GLUON_GIT, GLUON_BRANCH)
-- checkout siteconf git
--checkout_git("/tmp", "siteconf", SITECONF_GIT, "master")
-- get ecdsa keys
local pub_keys = get_ecdsa_pubkeys(SITE_CONF)
local tab = {}
if next(pub_keys) then
-- check if signatures correct. Return an array with each version number
tab = check_manifest_signature(GLUON_SIGNTEST, pub_keys, FIRMWARE_DIR)
end
if next(tab) then
for i, t in pairs(tab) do
for k, v in pairs(t) do
if not k:match("persons") then
io.stderr:write(k.."\t"..v.."\n")
else
for i,p in pairs(v) do
io.stderr:write(" "..p.."\n")
end
end
end
end
else
io.stderr:write("got nil entry\n")
end
clean_pid(0)
-- signatur checker
-- symlink creator
-- static html generate
#!/bin/bash
# -- config --
# Part for PID file
PID_PART="/var/run/geolocator.pid"
# Root dir of the firmware images
FIRMWARE_DIR="/home/tata/firmware"
# Gluon reposetory for singe script
GLUON_GIT="https://github.com/freifunk-gluon/gluon.git"
#Gluon branch
GLUON_BRANCH="v2016.1.x"
#Siteconf reposetory for public keys
SITECONF_GIT="https://git.nordwest.freifunk.net/ffnw-firmware/siteconf.git"
# -- config end --
if [ -f $PID_PART ]; then
echo "Firmware-Bot is still running"
exit 1
else
touch $PID_PART
fi
clean_pid() {
[ -f $PID_PART ] && rm $PID_PART
exit "$1"
}
# -- init end --
#Generating md5, sha1 and sha2 checksum
generate_checksum() {
find "$1" -mindepth 1 -type d | sort | while read -r dir; do
cd "${dir}" || clean_pid 1
find . -type f | egrep gluon- | egrep -v "(*md5|*sha1|*sha2)" | sort | while read -r file; do
if ! [ -f "$file.md5" ]; then
echo "$(date +%Y-%m-%d-%H-%M) - Creating MD5 checksum for $file ..."
md5sum "$file" > "$file.md5"
fi
if ! [ -f "$file.sha1" ]; then
echo "$(date +%Y-%m-%d-%H-%M) - Creating SHA1 checksum for $file ..."
sha1sum "$file" > "$file.sha1"
fi
if ! [ -f "$file.sha2" ]; then
echo "$(date +%Y-%m-%d-%H-%M) - Creating SHA2 checksum for $file ..."
sha512sum "$file" > "$file.sha2"
fi
done
done
}
#check if manifest symlink exsist
check_manifest_symlink() {
find "$1" -mindepth 1 -type d | sort | while read -r dir; do
cd "${dir}" || clean_pid 1
find . -type f | egrep ./*.manifest | while read -r manifest; do
if ! [ -f manifest ]; then
ln -s $manifest manifest
fi
done
done
}
# check code into directory out. If it already exists fetch code up to commit ID
checkout_git() {
MYGIT="git -C $1/$2"
echo "checking out $3 to ${1:?}/$2 in version $4"
if [ -d "${1:?}/$2" ]; then
if $MYGIT remote -v | grep -q "$3" ; then
echo "Right remote detected"
if ! $MYGIT checkout "$4" ; then
echo "commitid not found trying to fetch new commits"
$MYGIT pull && $MYGIT checkout "$4"
fi
else
echo "wrong remote or not an git repo at all -> deleting whole directory"
/bin/rm -rf "${1:?}/$2"
##needs to be without -C!!!
git clone "$3" "${1:?}/$2"
$MYGIT checkout "$4"
fi
else
echo "We need to do a fresh checkout"
##needs to be without -C!!!
git clone "$3" "${1:?}/$2"
$MYGIT checkout "$4"
fi
unset MYGIT
}
generate_checksum $FIRMWARE_DIR
# checkout gluon git
checkout_git "/tmp" "gluon" $GLUON_GIT $GLUON_BRANCH
# checkout siteconf git
checkout_git "/tmp" "siteconf" $SITECONF_GIT "master"
check_manifest_symlink $FIRMWARE_DIR
#MANIFEST_SIGNATUR=""
#if [ -f "/tmp/gluon/contrib/sigtest.sh" ] && [ -f "/tmp/siteconf/site.conf" ]; then
# find "$FIRMWARE_DIR" -mindepth 1 -type d | sort | while read -r dir; do
# cd "${dir}" || clean_pid 1
# MANIFEST_SIGNATUR=("${dir##*/}")
# done
#else
# clean_pid 1
#fi
#echo $MANIFEST_SIGNATUR
clean_pid 0
# signatur checker
# symlink creator
# static html generate
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment