[gentoo-commits] proj/binhost:master commit in: builders/demeter/

Mon, 07 Aug 2023 14:21:33 -0700 

commit:     2efd06fc919511d47dfd87514c21495f54da6673
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Mon Aug  7 21:21:04 2023 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Mon Aug  7 21:21:04 2023 +0000
URL:        https://gitweb.gentoo.org/proj/binhost.git/commit/?id=2efd06fc

Add upsync functionality

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 builders/demeter/binhost-update | 52 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/builders/demeter/binhost-update b/builders/demeter/binhost-update
index 44c43fe..caa80e8 100755
--- a/builders/demeter/binhost-update
+++ b/builders/demeter/binhost-update
@@ -13,6 +13,10 @@ NSPAWN_NAMES="binhost-amd64-x86-64 
binhost-amd64-x86-64-gnome"
 
 MAX_HARMLESS=150
 
+UPLOAD_USER=amd64
+UPLOAD_KEY=/root/.ssh/id_rsa
+
+
 send_email() {
         local subject="[binhost ${BINHOST_NAME}] $1"
         local message=$2
@@ -30,6 +34,48 @@ send_email() {
                 /usr/sbin/sendmail -f "${EMAIL_FROM}" ${EMAIL_TO//,/ }
 }
 
+upsync_binpackages() {
+       # parameter 1: a PKGDIR on the local host
+       # parameter 2: the target dir in the mirroring system, should be of the
+       #              form arch/profileversion/name (e.g., amd64/17.0/x32 )
+       echo Upsyncing binpackages from $1 to $2
+       local SSH_CMD=(
+               ssh
+                       -i ${UPLOAD_KEY}
+                -o UserKnownHostsFile=/dev/null
+                -o VerifyHostKeyDNS=yes
+                -o StrictHostKeyChecking=no
+                -o IPQoS=cs0
+        )
+        local RSYNC_OPTS=(
+                -e "${SSH_CMD[*]}"
+                --archive
+                --delete
+                --delete-after
+                --omit-dir-times
+                --delay-updates
+                --mkpath
+        )
+        rsync "${RSYNC_OPTS[@]}" "$1"/* 
"${UPLOAD_USER}@releng-incoming.gentoo.org:/release/weekly/binpackages/$2/"
+}
+
+verify_dnssec() {
+        which dig >/dev/null || {
+                echo "net-dns/bind-tools is needed to verify DNSSEC is working"
+                exit 1
+        }
+
+        if ! dig +noall +comments dev.gentoo.org. IN SSHFP | egrep -q '^;; 
flags: [ a-z]+\<ad\>'; then
+                echo "DNSSEC does not appear to be working. Bailing out"
+                exit 1
+        fi
+
+        if ! grep -q '^options\>.*\<edns0\>' /etc/resolv.conf; then
+                echo "DNSSEC is not enabled in /etc/resolv.conf"
+                exit 1
+        fi
+}
+
 
 
 if [[ -f ${LOCKFILE} ]] ; then
@@ -38,6 +84,9 @@ if [[ -f ${LOCKFILE} ]] ; then
 fi
 touch ${LOCKFILE} || exit 112
 
+verify_dnssec
+
+
 
 echo Starting run at $(date -u) > ${TMPFILE}
 
@@ -51,6 +100,9 @@ for n in ${NSPAWN_NAMES} ; do
 done
 
 
+upsync_binpackages /var/lib/machines/binhost-amd64-x86-64/var/cache/binpkgs 
amd64/17.1/x86-64 &>> ${TMPFILE}
+
+
 if [[ $(wc -l ${TMPFILE} | sed -e 's: .*$::g') -gt ${MAX_HARMLESS} ]] ; then
 
   send_email "Update possibly failed" "Binhost ${BINHOST_NAME} update produced 
long output" ${TMPFILE}

Reply via email to