Skip to content

Commit

Permalink
Merge branch 'dev' of https://github.com/jfrog/jfrog-cli into unit-ac…
Browse files Browse the repository at this point in the history
…tions
  • Loading branch information
sverdlov93 committed Jul 29, 2024
2 parents 37a8cb6 + 98877fa commit cf5ebf5
Show file tree
Hide file tree
Showing 10 changed files with 108 additions and 134 deletions.
29 changes: 2 additions & 27 deletions build/deb_rpm/v2-jf/build-scripts/pack.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,6 @@

# This file is responsible for building rpm and deb package for jfrog-cli installer

# This will contain hold the list of supported architectures which can be built by default.
# Although by passing a different --rpm-build-image or --rpm-build-image, artifacts of different architectures can be built
SUPPORTED_DEFAULT_ARCH_LIST="x86_64"

JFROG_CLI_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")/../" && pwd)"
JFROG_CLI_PKG="$JFROG_CLI_HOME/pkg"
JFROG_CLI_PREFIX="jfrog-cli"
Expand Down Expand Up @@ -244,22 +240,6 @@ createPackage(){
esac
}

setBuildImage(){
local arch="$1"

[ -n "${arch}" ] || errorExit "Architecture is not passed to setBuildImage method"

case "$1" in
x86_64)
RPM_BUILD_IMAGE="centos:7"
DEB_BUILD_IMAGE="ubuntu:16.04"
;;
*)
errorExit "Provided architecture is not supported : $arch. Supported list [ ${SUPPORTED_DEFAULT_ARCH_LIST} ]"
;;
esac
}

main(){
while [[ $# -gt 0 ]]; do
case "$1" in
Expand All @@ -275,10 +255,6 @@ main(){
JFROG_CLI_VERSION="$2"
shift 2
;;
--arch)
setBuildImage "$2"
shift 2
;;
--rpm-arch)
JFROG_CLI_RPM_ARCH="$2"
shift 2
Expand Down Expand Up @@ -322,11 +298,10 @@ main(){
esac
done


: "${flavours:="rpm deb"}"
: "${JFROG_CLI_RUN_TEST:="false"}"
: "${RPM_BUILD_IMAGE:="centos:8"}"
: "${RPM_SIGN_IMAGE:="centos:7"}"
: "${DEB_BUILD_IMAGE:="ubuntu:16.04"}"
: "${RPM_SIGN_IMAGE:="${RPM_BUILD_IMAGE}"}"
: "${DEB_TEST_IMAGE:="${DEB_BUILD_IMAGE}"}"
: "${RPM_TEST_IMAGE:="${RPM_BUILD_IMAGE}"}"
: "${JFROG_CLI_RELEASE_VERSION:="1"}"
Expand Down
80 changes: 46 additions & 34 deletions build/deb_rpm/v2-jf/build-scripts/rpm-sign.sh
Original file line number Diff line number Diff line change
@@ -1,39 +1,56 @@
#!/bin/bash

log(){
echo "$1"
echo "$1"
}

debug_info(){
echo "=== DEBUG INFO ==="
echo "Current User: $(whoami)"
echo "GPG Version: $(gpg --version)"
echo "GPG_TTY: $GPG_TTY"
echo "TTY: $(tty)"
echo "Files in /root/.gnupg:"
ls -la /root/.gnupg
echo "Environment Variables:"
env
echo "==================="
}

# Use the given key to configure the rpm macro. This is needed to sign an rpm.
# Arguments:
# - gpgKeyFile : key file location (in PEM format) to be used for signing the rpm
# The structure of the key content should be as follows,
# -----BEGIN PGP PUBLIC KEY BLOCK-----
# Version: GnuPG v1.4.7 (MingW32)
# .....
# -----END PGP PUBLIC KEY BLOCK-----
# -----BEGIN PGP PRIVATE KEY BLOCK-----
# Version: GnuPG v1.4.7 (MingW32)
# .....
# -----END PGP PRIVATE KEY BLOCK-----
# - keyID : id of the provided key
rpmInitSigning(){
local gpgKeyFile="${KEY_FILE}"
local keyID="${KEY_ID}"

log "Initializing rpm sign..."

gpg --allow-secret-key-import --import "${gpgKeyFile}" && \
gpg --export -a "${keyID}" > /tmp/tmpFile && \
# Start the GPG agent
local gpg_agent_output
gpg_agent_output=$(gpg-agent --daemon --allow-preset-passphrase)
eval "$gpg_agent_output"

# Set GPG_TTY if possible
local tty_value
if tty -s; then
tty_value=$(tty)
export GPG_TTY="$tty_value"
else
export GPG_TTY="/dev/null"
fi

# Debug info
debug_info

# Import the GPG key
gpg --batch --import "${gpgKeyFile}" || { echo "ERROR: Failed to import GPG key"; exit 1; }
gpg --batch --export -a "${keyID}" > /tmp/tmpFile || { echo "ERROR: Failed to export GPG key"; exit 1; }
if rpm --import /tmp/tmpFile && rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n' | grep "${keyID}"; then
echo "RPM signature initialization succeeded."
else
echo "ERROR: RPM signature initialization failed!" >&2
exit 1
fi

rpmEditRpmMacro "${keyID}" || \
{ echo "ERROR: Configuring rpm macro failed!" >&2; exit 1; }
rpmEditRpmMacro "${keyID}" || { echo "ERROR: Configuring rpm macro failed!" >&2; exit 1; }
}

rpmEditRpmMacro(){
Expand All @@ -44,33 +61,28 @@ rpmEditRpmMacro(){
%_gpg_path /root/.gnupg
%_gpg_name ${keyID}
%_gpgbin /usr/bin/gpg
%_gpg_sign_cmd %{__gpg} gpg --batch --pinentry-mode loopback --passphrase-file /tmp/passphrase --detach-sign --armor --yes --no-secmem-warning -u %{_gpg_name} -o %{__signature_filename} %{__plaintext_filename}
RPM_MACRO_CONTENT
}

expect_script() {
cat << End-of-text #No white space between << and End-of-text
spawn rpm --resign $RPM_FILE_SIGNED
expect -exact "Enter pass phrase: "
send -- "$PASSPHRASE\r"
expect eof
exit
End-of-text

}

sign_rpm() {
echo "Signing RPM..."
cp -f "${RPM_FILE}" "${RPM_FILE_SIGNED}" || \
{ echo "ERROR: Copying ${RPM_FILE} to ${RPM_FILE_SIGNED} failed! " >&2; exit 1; }
expect_script | /usr/bin/expect -f -
cp -f "${RPM_FILE_SIGNED}" "${RPM_FILE}" || \
{ echo "ERROR: Copying ${RPM_FILE_SIGNED} to ${RPM_FILE} failed! " >&2; exit 1; }
echo "${PASSPHRASE}" > /tmp/passphrase
cp -f "${RPM_FILE}" "${RPM_FILE_SIGNED}" || { echo "ERROR: Copying ${RPM_FILE} to ${RPM_FILE_SIGNED} failed! " >&2; exit 1; }

gpg --batch --pinentry-mode loopback --passphrase-file /tmp/passphrase --detach-sign --armor --yes --no-secmem-warning -u "${KEY_ID}" -o "${RPM_FILE_SIGNED}.asc" "${RPM_FILE_SIGNED}" || { echo "ERROR: GPG signing failed!"; exit 1; }

rpm --addsign "${RPM_FILE_SIGNED}" || { echo "ERROR: RPM signing failed!"; exit 1; }

cp -f "${RPM_FILE_SIGNED}" "${RPM_FILE}" || { echo "ERROR: Copying ${RPM_FILE_SIGNED} to ${RPM_FILE} failed! " >&2; exit 1; }
rm /tmp/passphrase
}

KEY_FILE="${1}"
KEY_ID="${2}"
export PASSPHRASE="${3}"
RPM_FILE="${4}"
RPM_FILE_SIGNED="/tmp/jfrog-cli-rpm-signed.rpm"

rpmInitSigning
sign_rpm
41 changes: 8 additions & 33 deletions build/deb_rpm/v2/build-scripts/pack.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,6 @@

# This file is responsible for building rpm and deb package for jfrog-cli installer

# This will contain hold the list of supported architectures which can be built by default.
# Although by passing a different --rpm-build-image or --rpm-build-image, artifacts of different architectures can be built
SUPPORTED_DEFAULT_ARCH_LIST="x86_64"

JFROG_CLI_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")/../" && pwd)"
JFROG_CLI_PKG="$JFROG_CLI_HOME/pkg"
JFROG_CLI_PREFIX="jfrog-cli"
Expand Down Expand Up @@ -46,11 +42,11 @@ errorExit() {
}

checkDockerAccess() {
if docker -v > /dev/null 2>&1 && docker ps > /dev/null 2>&1; then
log "Docker is available" "DEBUG"
else
errorExit "Must run as a user that can execute docker commands"
fi
if docker -v > /dev/null 2>&1 && docker ps > /dev/null 2>&1; then
log "Docker is available" "DEBUG"
else
errorExit "Must run as a user that can execute docker commands"
fi
}

exitWithUsage(){
Expand All @@ -63,7 +59,7 @@ createDEBPackage(){
local flavour="deb"

# cleanup old files and containers
rm -f "${JFROG_CLI_PKG}/${JFROG_CLI_PREFIX}*${VERSION_FORMATTED}*.${flavour}"
rm -f "${JFROG_CLI_PKG}/${JFROG_CLI_PREFIX}*${VERSION_FORMATTED}*.${flavour}"
docker rm -f "${RPM_BUILDER_NAME}" 2>/dev/null

log "Building ${JFROG_CLI_PREFIX} ${flavour} ${JFROG_CLI_VERSION} on ${DEB_BUILD_IMAGE} image"
Expand Down Expand Up @@ -244,22 +240,6 @@ createPackage(){
esac
}

setBuildImage(){
local arch="$1"

[ -n "${arch}" ] || errorExit "Architecture is not passed to setBuildImage method"

case "$1" in
x86_64)
RPM_BUILD_IMAGE="centos:7"
DEB_BUILD_IMAGE="ubuntu:16.04"
;;
*)
errorExit "Provided architecture is not supported : $arch. Supported list [ ${SUPPORTED_DEFAULT_ARCH_LIST} ]"
;;
esac
}

main(){
while [[ $# -gt 0 ]]; do
case "$1" in
Expand All @@ -275,10 +255,6 @@ main(){
JFROG_CLI_VERSION="$2"
shift 2
;;
--arch)
setBuildImage "$2"
shift 2
;;
--rpm-arch)
JFROG_CLI_RPM_ARCH="$2"
shift 2
Expand Down Expand Up @@ -322,11 +298,10 @@ main(){
esac
done


: "${flavours:="rpm deb"}"
: "${JFROG_CLI_RUN_TEST:="false"}"
: "${RPM_BUILD_IMAGE:="centos:8"}"
: "${RPM_SIGN_IMAGE:="centos:7"}"
: "${DEB_BUILD_IMAGE:="ubuntu:16.04"}"
: "${RPM_SIGN_IMAGE:="${RPM_BUILD_IMAGE}"}"
: "${DEB_TEST_IMAGE:="${DEB_BUILD_IMAGE}"}"
: "${RPM_TEST_IMAGE:="${RPM_BUILD_IMAGE}"}"
: "${JFROG_CLI_RELEASE_VERSION:="1"}"
Expand Down
80 changes: 46 additions & 34 deletions build/deb_rpm/v2/build-scripts/rpm-sign.sh
Original file line number Diff line number Diff line change
@@ -1,39 +1,56 @@
#!/bin/bash

log(){
echo "$1"
echo "$1"
}

debug_info(){
echo "=== DEBUG INFO ==="
echo "Current User: $(whoami)"
echo "GPG Version: $(gpg --version)"
echo "GPG_TTY: $GPG_TTY"
echo "TTY: $(tty)"
echo "Files in /root/.gnupg:"
ls -la /root/.gnupg
echo "Environment Variables:"
env
echo "==================="
}

# Use the given key to configure the rpm macro. This is needed to sign an rpm.
# Arguments:
# - gpgKeyFile : key file location (in PEM format) to be used for signing the rpm
# The structure of the key content should be as follows,
# -----BEGIN PGP PUBLIC KEY BLOCK-----
# Version: GnuPG v1.4.7 (MingW32)
# .....
# -----END PGP PUBLIC KEY BLOCK-----
# -----BEGIN PGP PRIVATE KEY BLOCK-----
# Version: GnuPG v1.4.7 (MingW32)
# .....
# -----END PGP PRIVATE KEY BLOCK-----
# - keyID : id of the provided key
rpmInitSigning(){
local gpgKeyFile="${KEY_FILE}"
local keyID="${KEY_ID}"

log "Initializing rpm sign..."

gpg --allow-secret-key-import --import "${gpgKeyFile}" && \
gpg --export -a "${keyID}" > /tmp/tmpFile && \
# Start the GPG agent
local gpg_agent_output
gpg_agent_output=$(gpg-agent --daemon --allow-preset-passphrase)
eval "$gpg_agent_output"

# Set GPG_TTY if possible
local tty_value
if tty -s; then
tty_value=$(tty)
export GPG_TTY="$tty_value"
else
export GPG_TTY="/dev/null"
fi

# Debug info
debug_info

# Import the GPG key
gpg --batch --import "${gpgKeyFile}" || { echo "ERROR: Failed to import GPG key"; exit 1; }
gpg --batch --export -a "${keyID}" > /tmp/tmpFile || { echo "ERROR: Failed to export GPG key"; exit 1; }
if rpm --import /tmp/tmpFile && rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n' | grep "${keyID}"; then
echo "RPM signature initialization succeeded."
else
echo "ERROR: RPM signature initialization failed!" >&2
exit 1
fi

rpmEditRpmMacro "${keyID}" || \
{ echo "ERROR: Configuring rpm macro failed!" >&2; exit 1; }
rpmEditRpmMacro "${keyID}" || { echo "ERROR: Configuring rpm macro failed!" >&2; exit 1; }
}

rpmEditRpmMacro(){
Expand All @@ -44,33 +61,28 @@ rpmEditRpmMacro(){
%_gpg_path /root/.gnupg
%_gpg_name ${keyID}
%_gpgbin /usr/bin/gpg
%_gpg_sign_cmd %{__gpg} gpg --batch --pinentry-mode loopback --passphrase-file /tmp/passphrase --detach-sign --armor --yes --no-secmem-warning -u %{_gpg_name} -o %{__signature_filename} %{__plaintext_filename}
RPM_MACRO_CONTENT
}

expect_script() {
cat << End-of-text #No white space between << and End-of-text
spawn rpm --resign $RPM_FILE_SIGNED
expect -exact "Enter pass phrase: "
send -- "$PASSPHRASE\r"
expect eof
exit
End-of-text

}

sign_rpm() {
echo "Signing RPM..."
cp -f "${RPM_FILE}" "${RPM_FILE_SIGNED}" || \
{ echo "ERROR: Copying ${RPM_FILE} to ${RPM_FILE_SIGNED} failed! " >&2; exit 1; }
expect_script | /usr/bin/expect -f -
cp -f "${RPM_FILE_SIGNED}" "${RPM_FILE}" || \
{ echo "ERROR: Copying ${RPM_FILE_SIGNED} to ${RPM_FILE} failed! " >&2; exit 1; }
echo "${PASSPHRASE}" > /tmp/passphrase
cp -f "${RPM_FILE}" "${RPM_FILE_SIGNED}" || { echo "ERROR: Copying ${RPM_FILE} to ${RPM_FILE_SIGNED} failed! " >&2; exit 1; }

gpg --batch --pinentry-mode loopback --passphrase-file /tmp/passphrase --detach-sign --armor --yes --no-secmem-warning -u "${KEY_ID}" -o "${RPM_FILE_SIGNED}.asc" "${RPM_FILE_SIGNED}" || { echo "ERROR: GPG signing failed!"; exit 1; }

rpm --addsign "${RPM_FILE_SIGNED}" || { echo "ERROR: RPM signing failed!"; exit 1; }

cp -f "${RPM_FILE_SIGNED}" "${RPM_FILE}" || { echo "ERROR: Copying ${RPM_FILE_SIGNED} to ${RPM_FILE} failed! " >&2; exit 1; }
rm /tmp/passphrase
}

KEY_FILE="${1}"
KEY_ID="${2}"
export PASSPHRASE="${3}"
RPM_FILE="${4}"
RPM_FILE_SIGNED="/tmp/jfrog-cli-rpm-signed.rpm"

rpmInitSigning
sign_rpm
2 changes: 1 addition & 1 deletion build/npm/v2-jf/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion build/npm/v2-jf/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "jfrog-cli-v2-jf",
"version": "2.61.0",
"version": "2.61.2",
"description": "🐸 Command-line interface for JFrog Artifactory, Xray, Distribution, Pipelines and Mission Control 🐸",
"homepage": "https://github.com/jfrog/jfrog-cli",
"preferGlobal": true,
Expand Down
Loading

0 comments on commit cf5ebf5

Please sign in to comment.