From 5c2679cf99b36aad35ade7b2659c6325fbd9072a Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 2 Sep 2024 14:06:47 +0200 Subject: [PATCH 1/2] properly load inherited foreman settings Fixes: 0ee482d44812e73fac8b535da13abfe2d711e4ed --- settings | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/settings b/settings index fd06403..47c1b4b 100644 --- a/settings +++ b/settings @@ -21,6 +21,18 @@ load_settings() { # Expected: FULLGPGKEY # Optional: FULLVERSION . "$RELEASEDIR/settings" + + if [[ $PROJECT != foreman ]]; then + if [[ -z "$FOREMAN_VERSION" ]]; then + echo "please set FOREMAN_VERSION in $RELEASEDIR/settings" + exit 1 + elif [[ "$FOREMAN_VERSION" != "none" ]]; then + # load foreman settings, which will contain keys etc + . "releases/foreman/${FOREMAN_VERSION}/settings" + fi + else + FOREMAN_VERSION="$VERSION" + fi } # Prepare settings file @@ -29,19 +41,6 @@ if [[ ! -d "$RELEASEDIR" ]] ; then echo "FULLVERSION='${VERSION}.0-rc1'" > "$RELEASEDIR/settings" fi -if [[ $PROJECT != foreman ]]; then - load_settings - if [[ -z "$FOREMAN_VERSION" ]]; then - echo "please set FOREMAN_VERSION in $RELEASEDIR/settings" - exit 1 - elif [[ "$FOREMAN_VERSION" != "none" ]]; then - # load foreman settings, which will contain keys etc - . "releases/foreman/${FOREMAN_VERSION}/settings" - fi -else - FOREMAN_VERSION="$VERSION" -fi - SIGNER="packages@theforeman.org" SIGNER_NAME="Foreman Automatic Signing Key" OSES="" @@ -52,8 +51,6 @@ TARDIR="$RELEASEDIR/tarballs" EXTRASDIR="$RELEASEDIR/extras" HOSTS="web01.osuosl.theforeman.org," DOCROOT="/var/www/vhosts/downloads/htdocs" -PASS_NAME_GPG="theforeman/releases/foreman/$FOREMAN_VERSION-gpg" -PASS_NAME_KEY="theforeman/releases/foreman/$FOREMAN_VERSION-key" XARGS_JOBS="-n 20 -P 4" GIT_DIR="${GIT_DIR:-$HOME/dev}" GIT_USE_WORKTREES=false @@ -70,6 +67,8 @@ GPG_EXPIRE="1y" load_settings +PASS_NAME_GPG="theforeman/releases/foreman/$FOREMAN_VERSION-gpg" +PASS_NAME_KEY="theforeman/releases/foreman/$FOREMAN_VERSION-key" HALFGPGKEY="$(echo ${FULLGPGKEY: -16} | tr '[A-Z]' '[a-z]')" show_gpg_password() { From 73360482ab7dcab3316ae40dc6e77884c4e0d8de Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Tue, 3 Sep 2024 13:22:55 +0200 Subject: [PATCH 2/2] Remove PASS_NAME_{GPG,KEY} from main settings file The values were specific to Foreman, but we have other projects. The code is now modified to ensure the variables are set before they're used. It now also loads the common Foreman settings file for projects that inherit the Foreman settings. Previously it only loaded the version specific settings. Some care is taken in Foreman's common settings to only export values when no inheritance is taking place. --- export_gpg_private | 2 ++ generate_gpg | 2 ++ import_gpg_private | 2 ++ releases/foreman/settings | 14 +++++++++++--- settings | 20 ++++++++++++++++---- 5 files changed, 33 insertions(+), 7 deletions(-) diff --git a/export_gpg_private b/export_gpg_private index a14db0f..40c5f1e 100755 --- a/export_gpg_private +++ b/export_gpg_private @@ -2,6 +2,8 @@ . settings +require_pass_name_key + if [[ ! -d $KEYDIR ]] ; then echo "Keydir $KEYDIR doesn't exist" exit 1 diff --git a/generate_gpg b/generate_gpg index 378d65c..97c2600 100755 --- a/generate_gpg +++ b/generate_gpg @@ -13,6 +13,8 @@ if [[ -n $FULLGPGKEY ]] ; then exit 2 fi +require_pass_name_gpg + mkdir -m 0700 $KEYDIR ( gopass show --password "$PASS_NAME_GPG" 2> /dev/null || gopass generate "$PASS_NAME_GPG" 20 ) > /dev/null diff --git a/import_gpg_private b/import_gpg_private index 7349b95..fab49a2 100755 --- a/import_gpg_private +++ b/import_gpg_private @@ -2,6 +2,8 @@ . settings +require_pass_name_key + if [[ ! -d "$KEYDIR" ]] ; then mkdir -p -m 0700 "$KEYDIR" fi diff --git a/releases/foreman/settings b/releases/foreman/settings index ae51007..962aca9 100644 --- a/releases/foreman/settings +++ b/releases/foreman/settings @@ -1,3 +1,11 @@ -TAR_PROJECTS="foreman foreman-proxy foreman-installer foreman-selinux" -RPM_PACKAGES=(foreman foreman-installer foreman-proxy foreman-release foreman-selinux) -PACKAGING_SUBDIR="packages/foreman" +# This deals with inheritance with other projects +if [[ -z $FOREMAN_VERSION ]] ; then + TAR_PROJECTS="foreman foreman-proxy foreman-installer foreman-selinux" + RPM_PACKAGES=(foreman foreman-installer foreman-proxy foreman-release foreman-selinux) + PACKAGING_SUBDIR="packages/foreman" +else + FOREMAN_VERSION=$VERSION +fi + +PASS_NAME_GPG="theforeman/releases/foreman/${FOREMAN_VERSION}-gpg" +PASS_NAME_KEY="theforeman/releases/foreman/${FOREMAN_VERSION}-key" diff --git a/settings b/settings index 47c1b4b..d2a7a47 100644 --- a/settings +++ b/settings @@ -28,10 +28,9 @@ load_settings() { exit 1 elif [[ "$FOREMAN_VERSION" != "none" ]]; then # load foreman settings, which will contain keys etc + . releases/foreman/settings . "releases/foreman/${FOREMAN_VERSION}/settings" fi - else - FOREMAN_VERSION="$VERSION" fi } @@ -67,11 +66,24 @@ GPG_EXPIRE="1y" load_settings -PASS_NAME_GPG="theforeman/releases/foreman/$FOREMAN_VERSION-gpg" -PASS_NAME_KEY="theforeman/releases/foreman/$FOREMAN_VERSION-key" HALFGPGKEY="$(echo ${FULLGPGKEY: -16} | tr '[A-Z]' '[a-z]')" +require_pass_name_gpg() { + if [[ -z $PASS_NAME_GPG ]] ; then + echo "Set PASS_NAME_GPG in the settings" + exit 1 + fi +} + +require_pass_name_key() { + if [[ -z $PASS_NAME_KEY ]] ; then + echo "Set PASS_NAME_KEY in the settings" + exit 1 + fi +} + show_gpg_password() { + require_pass_name_gpg gopass show --password "$PASS_NAME_GPG" }