From ed096ce513bebeda238d45567edc22904a841c76 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Tue, 13 Dec 2011 20:09:39 +0000 Subject: - update timestamp file at the root of the mirror tree, when mirroring a distribution - generate a signed file at the root of the mirror tree containing : * sha1sum of timestamp file * sha1sum of MD5SUM files of all repositories * sha1sum of pubkey files of all repositories This file can be used to check that a mirror tree has not been modified. --- functions | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ repoctl.conf | 10 ++++++++-- 2 files changed, 70 insertions(+), 2 deletions(-) diff --git a/functions b/functions index 5868945..b765862 100644 --- a/functions +++ b/functions @@ -206,6 +206,26 @@ function rm_distro_lock() rm_lock "$distrolock" } +function get_mirror_lock() +{ + local mirrorlock="$lockdir/mirror.lock" + get_lock "$mirrorlock" + for release in $distroreleases + do + get_distro_lock $release + done +} + +function rm_mirror_lock() +{ + local mirrorlock="$lockdir/mirror.lock" + for release in $distroreleases + do + rm_distro_lock $release + done + rm_lock "$mirrorlock" +} + function update_common_MD5SUM() { local distrorelease="$1" @@ -220,6 +240,37 @@ function update_common_MD5SUM() done } +function update_mirror_timestamp() +{ + date +%s%n%c > "$rootdir/$timestampfile" +} + +function update_mirror_sha1sum() +{ + pushd "$rootdir" + sha1sum "$timestampfile" > "$sha1sumfile" + for distrorelease in $distroreleases + do + for section in $distrosections + do + for sectionrepo in $sectionsrepos + do + for arch in $arches + do + sha1sum "distrib/$distrorelease/$arch/media/$section/$sectionrepo/media_info/MD5SUM" >> "$sha1sumfile" + sha1sum "distrib/$distrorelease/$arch/media/$section/$sectionrepo/media_info/pubkey" >> "$sha1sumfile" + sha1sum "distrib/$distrorelease/$arch/media/debug/$section/$sectionrepo/media_info/MD5SUM" >> "$sha1sumfile" + sha1sum "distrib/$distrorelease/$arch/media/debug/$section/$sectionrepo/media_info/pubkey" >> "$sha1sumfile" + done + sha1sum "distrib/$distrorelease/SRPMS/$section/$sectionrepo/media_info/MD5SUM" >> "$sha1sumfile" + sha1sum "distrib/$distrorelease/SRPMS/$section/$sectionrepo/media_info/pubkey" >> "$sha1sumfile" + done + done + done + $dryrun $sign_mirror_sha1sum > "$sha1sumsigfile" + popd +} + function mirror_repository() { local distrorelease="$1" @@ -232,6 +283,17 @@ function mirror_repository() update_common_MD5SUM "$distrorelease" $dryrun /usr/bin/rsync $mirror_rsync_options "$distribdir/$distrorelease/" "$finaldistribdir/$distrorelease/" rm_distro_lock "$distrorelease" + get_mirror_lock + if [ -z $dryrun ] + then + update_mirror_timestamp + update_mirror_sha1sum + fi + for file in "$timestampfile" "$sha1sumfile" "$sha1sumsigfile" + do + $dryrun /usr/bin/rsync $mirror_rsync_options "$rootdir/$file" "$finalrootdir/$file" + done + rm_mirror_lock } function check_distro_section() diff --git a/repoctl.conf b/repoctl.conf index c740b08..1c4cb9e 100644 --- a/repoctl.conf +++ b/repoctl.conf @@ -7,10 +7,16 @@ else fi lockdir=/var/lib/repoctl/locks hdlistsdir=/var/lib/repoctl/hdlists -distribdir=/distrib/bootstrap/distrib -finaldistribdir=/distrib/mirror/distrib +rootdir=/distrib/bootstrap +finalrootdir=/distrib/mirror +distribdir=$rootdir/distrib +finaldistribdir=$finalrootdir/distrib distroreleases='1' distrosections='core nonfree tainted' sectionsrepos="release updates updates_testing backports backports_testing" arches='i586 x86_64' mirror_rsync_options="--dry-run --delete -alH" +timestampfile="mageia_timestamp" +sha1sumfile="mageia_sha1sum" +sha1sumsigfile="mageia_sha1sum.gpg" +sign_mirror_sha1sum=/usr/local/bin/sign_mirror_sha1sum -- cgit v1.2.1