Changeset 79093
- Timestamp:
- 06/01/11 21:32:01 (4 years ago)
- Location:
- trunk/base
- Files:
-
- 3 edited
-
portmgr/jobs/mprsyncup (modified) (3 diffs)
-
src/macports1.0/macports.tcl (modified) (8 diffs)
-
src/macports1.0/macports_autoconf.tcl.in (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/base/portmgr/jobs/mprsyncup
r79086 r79093 39 39 MKDIR="/bin/mkdir" 40 40 LN="/bin/ln" 41 TAR="/usr/bin/tar" 42 OPENSSL="/usr/bin/openssl" 41 43 42 44 # Paths we'll work on: … … 65 67 SVNURL=https://svn.macports.org/repository/macports 66 68 RELEASE_URL_FILE=config/RELEASE_URL 69 70 # private key to use for signing 71 # XXX set real path 72 PRIVKEY="" 67 73 68 74 # cleanup up the working copy if it is locked … … 146 152 ${RM} -rf dports && ${LN} -s ../release/ports dports 147 153 fi 154 155 # generate and sign tarballs of base and dports 156 # the signature always needs to match, so we try to make this look atomic to 157 # clients by switching a symlink target 158 159 TAR_CURDIR=${RSYNCROOT}/release/tarballs_current 160 ${MKDIR} -p ${TAR_CURDIR} 161 cp -pR ${TAR_CURDIR} ${RSYNCROOT}/release/tarballs_old 162 ${LN} -sf tarballs_old ${RSYNCROOT}/release/tarballs 163 ${TAR} -cf ${TAR_CURDIR}/base.tar ${RSYNCROOT}/release/base 164 ${TAR} -cf ${TAR_CURDIR}/ports.tar --exclude 'PortIndex*' ${RSYNCROOT}/release/ports 165 cp -pR ${RSYNCROOT}/release/ports/PortIndex_* ${TAR_CURDIR} 166 # XXX needs PRIVKEY to be set above 167 #${OPENSSL} dgst -ripemd160 -sign ${PRIVKEY} -out ${TAR_CURDIR}/base.tar.rmd160 ${TAR_CURDIR}/base.tar 168 #${OPENSSL} dgst -ripemd160 -sign ${PRIVKEY} -out ${TAR_CURDIR}/ports.tar.rmd160 ${TAR_CURDIR}/ports.tar 169 for index in ${TAR_CURDIR}/PortIndex_*/PortIndex; do 170 #${OPENSSL} dgst -ripemd160 -sign ${PRIVKEY} -out ${index}.rmd160 ${index} 171 done 172 ${LN} -sf tarballs_current ${RSYNCROOT}/release/tarballs 173 ${RM} -rf ${RSYNCROOT}/release/tarballs_old -
trunk/base/src/macports1.0/macports.tcl
r79070 r79093 1861 1861 upvar $extension myextension 1862 1862 1863 if {[regexp {^(?:https?|ftp )://.+/(.+\.(tar\.gz|tar\.bz2))$} $url -> f e]} {1863 if {[regexp {^(?:https?|ftp|rsync)://.+/(.+\.(tar\.gz|tar\.bz2|tar))$} $url -> f e]} { 1864 1864 set myfilename $f 1865 1865 set myextension $e … … 1905 1905 global macports::sources macports::portdbpath macports::rsync_options tcl_platform 1906 1906 global macports::portverbose 1907 global macports::autoconf::rsync_path 1907 global macports::autoconf::rsync_path macports::autoconf::tar_path macports::autoconf::openssl_path 1908 1908 array set options $optionslist 1909 1909 … … 1957 1957 set indexfile [macports::getindex $source] 1958 1958 set destdir [file dirname $indexfile] 1959 set is_tarball [_source_is_snapshot $source] 1959 1960 file mkdir $destdir 1960 # Keep rsync happy with a trailing slash 1961 if {[string index $source end] != "/"} { 1962 append source "/" 1963 } 1964 # don't sync PortIndex yet; we grab the platform specific one afterwards 1965 set exclude_option "'--exclude=/PortIndex*'" 1961 1962 if {$is_tarball} { 1963 set exclude_option "" 1964 # need to do a few things before replacing the ports tree in this case 1965 set destdir [file dirname $destdir] 1966 } else { 1967 # Keep rsync happy with a trailing slash 1968 if {[string index $source end] != "/"} { 1969 append source "/" 1970 } 1971 # don't sync PortIndex yet; we grab the platform specific one afterwards 1972 set exclude_option "'--exclude=/PortIndex*'" 1973 } 1966 1974 # Do rsync fetch 1967 1975 set rsync_commandline "${macports::autoconf::rsync_path} ${rsync_options} ${exclude_option} ${source} ${destdir}" … … 1972 1980 continue 1973 1981 } 1982 1983 if {$is_tarball} { 1984 # verify signature for tarball 1985 global macports::archivefetch_pubkeys 1986 set rsync_commandline "${macports::autoconf::rsync_path} ${rsync_options} ${exclude_option} ${source}.rmd160 ${destdir}" 1987 ui_debug $rsync_commandline 1988 if {[catch {system $rsync_commandline}]} { 1989 ui_error "Synchronization of the ports tree signature failed doing rsync" 1990 incr numfailed 1991 continue 1992 } 1993 set tarball "${destdir}/[file tail $source]" 1994 set signature "${tarball}.rmd160" 1995 set openssl [findBinary openssl $macports::autoconf::openssl_path] 1996 set verified 0 1997 foreach pubkey ${macports::archivefetch_pubkeys} { 1998 if {![catch {exec $openssl dgst -ripemd160 -verify $pubkey -signature $signature $tarball} result]} { 1999 set verified 1 2000 ui_debug "successful verification with key $pubkey" 2001 break 2002 } else { 2003 ui_debug "failed verification with key $pubkey" 2004 ui_debug "openssl output: $result" 2005 } 2006 } 2007 if {!$verified} { 2008 ui_error "Failed to verify signature for ports tree!" 2009 incr numfailed 2010 continue 2011 } 2012 2013 # extract tarball and move into place 2014 set tar [macports::findBinary tar $macports::autoconf::tar_path] 2015 file mkdir ${destdir}/tmp 2016 set tar_cmd "$tar -C ${destdir}/tmp -xf ${tarball}" 2017 ui_debug $tar_cmd 2018 if {[catch {system $tar_cmd}]} { 2019 ui_error "Failed to extract ports tree from tarball!" 2020 incr numfailed 2021 continue 2022 } 2023 # save the local PortIndex data 2024 if {[file isfile $indexfile]} { 2025 file rename -force $indexfile ${destdir}/tmp/ports/ 2026 if {[file isfile ${indexfile}.quick]} { 2027 file rename -force ${indexfile}.quick ${destdir}/tmp/ports/ 2028 } 2029 } 2030 file delete -force ${destdir}/ports 2031 file rename ${destdir}/tmp/ports ${destdir}/ports 2032 file delete -force ${destdir}/tmp 2033 } 2034 1974 2035 # now sync the index if the local file is missing or older than a day 1975 2036 if {![file isfile $indexfile] || [expr [clock seconds] - [file mtime $indexfile]] > 86400} { 2037 if {$is_tarball} { 2038 # chop ports.tar off the end 2039 set source [string range $source 0 end-[string length [file tail $source]]] 2040 } 1976 2041 set remote_indexfile "${source}PortIndex_${macports::os_platform}_${macports::os_major}_${macports::os_arch}/PortIndex" 1977 2042 set rsync_commandline "${macports::autoconf::rsync_path} ${rsync_options} $remote_indexfile ${destdir}" … … 1980 2045 ui_debug "Synchronization of the PortIndex failed doing rsync" 1981 2046 } else { 1982 mports_generate_quickindex $indexfile 2047 set ok 1 2048 if {$is_tarball} { 2049 set ok 0 2050 # verify signature for PortIndex 2051 set rsync_commandline "${macports::autoconf::rsync_path} ${rsync_options} ${remote_indexfile}.rmd160 ${destdir}" 2052 ui_debug $rsync_commandline 2053 if {![catch {system $rsync_commandline}]} { 2054 foreach pubkey ${macports::archivefetch_pubkeys} { 2055 if {![catch {exec $openssl dgst -ripemd160 -verify $pubkey -signature ${destdir}/PortIndex.rmd160 ${destdir}/PortIndex} result]} { 2056 set ok 1 2057 ui_debug "successful verification with key $pubkey" 2058 break 2059 } else { 2060 ui_debug "failed verification with key $pubkey" 2061 ui_debug "openssl output: $result" 2062 } 2063 } 2064 if {$ok} { 2065 # move PortIndex into place 2066 file rename -force ${destdir}/PortIndex ${destdir}/ports/ 2067 } 2068 } 2069 } 2070 if {$ok} { 2071 mports_generate_quickindex $indexfile 2072 } 1983 2073 } 1984 2074 } … … 2787 2877 global macports::prefix macports::portdbpath macports::libpath macports::rsync_server macports::rsync_dir macports::rsync_options 2788 2878 global macports::autoconf::macports_version macports::autoconf::rsync_path tcl_platform 2879 global macports::autoconf::openssl_path macports::autoconf::tar_path 2789 2880 array set options $optionslist 2790 2881 … … 2803 2894 } 2804 2895 2896 # are we syncing a tarball? (implies detached signature) 2897 set is_tarball 0 2898 if {[string range ${rsync_dir} end-3 end] == ".tar"} { 2899 set is_tarball 1 2900 set mp_source_path [file join $portdbpath sources ${rsync_server} [file dirname ${rsync_dir}]] 2901 } else { 2902 if {[string index $rsync_dir end] != "/"} { 2903 append rsync_dir "/" 2904 } 2905 set mp_source_path [file join $portdbpath sources ${rsync_server} ${rsync_dir}] 2906 } 2805 2907 # create the path to the to be downloaded sources if it doesn't exist 2806 set mp_source_path [file join $portdbpath sources ${rsync_server} ${rsync_dir}/]2807 2908 if {![file exists $mp_source_path]} { 2808 2909 file mkdir $mp_source_path … … 2814 2915 if { [catch { system "$rsync_path $rsync_options rsync://${rsync_server}/${rsync_dir} $mp_source_path" } result ] } { 2815 2916 return -code error "Error synchronizing MacPorts sources: $result" 2917 } 2918 2919 if {$is_tarball} { 2920 # verify signature for tarball 2921 global macports::archivefetch_pubkeys 2922 if { [catch { system "$rsync_path $rsync_options rsync://${rsync_server}/${rsync_dir}.rmd160 $mp_source_path" } result ] } { 2923 return -code error "Error synchronizing MacPorts source signature: $result" 2924 } 2925 set openssl [findBinary openssl $macports::autoconf::openssl_path] 2926 set tarball "${mp_source_path}/[file tail $rsync_dir]" 2927 set signature "${tarball}.rmd160" 2928 set verified 0 2929 foreach pubkey ${macports::archivefetch_pubkeys} { 2930 if {![catch {exec $openssl dgst -ripemd160 -verify $pubkey -signature $signature $tarball} result]} { 2931 set verified 1 2932 ui_debug "successful verification with key $pubkey" 2933 break 2934 } else { 2935 ui_debug "failed verification with key $pubkey" 2936 ui_debug "openssl output: $result" 2937 } 2938 } 2939 if {!$verified} { 2940 return -code error "Failed to verify signature for MacPorts source!" 2941 } 2942 2943 # extract tarball and move into place 2944 set tar [macports::findBinary tar $macports::autoconf::tar_path] 2945 file mkdir ${mp_source_path}/tmp 2946 set tar_cmd "$tar -C ${mp_source_path}/tmp -xf ${tarball}" 2947 ui_debug $tar_cmd 2948 if {[catch {system $tar_cmd}]} { 2949 return -code error "Failed to extract MacPorts sources from tarball!" 2950 } 2951 file delete -force ${mp_source_path}/base 2952 file rename ${mp_source_path}/tmp/base ${mp_source_path}/base 2953 file delete -force ${mp_source_path}/tmp 2954 # set the final extracted source path 2955 set mp_source_path ${mp_source_path}/base 2816 2956 } 2817 2957 -
trunk/base/src/macports1.0/macports_autoconf.tcl.in
r79009 r79093 41 41 variable macportsuser "@RUNUSR@" 42 42 variable open_path "@OPEN@" 43 variable openssl_path "@OPENSSL@" 43 44 variable pax_path "@PAX@" 44 45 variable rsync_path "@RSYNC@"
Note: See TracChangeset
for help on using the changeset viewer.