From 273f4458866271eb7746377a10dd4d8ebdb98614 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Tue, 5 Sep 2017 11:05:52 +0200 Subject: bin/block-package new, bin/interprete-mail can now also block/unblock packages --- bin/block-package | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ bin/interpret-mail | 64 ++++++++++++++++++++++++++++------------ conf/default.conf | 4 +++ 3 files changed, 135 insertions(+), 19 deletions(-) create mode 100755 bin/block-package diff --git a/bin/block-package b/bin/block-package new file mode 100755 index 0000000..dd51318 --- /dev/null +++ b/bin/block-package @@ -0,0 +1,86 @@ +#!/bin/sh + +# shellcheck source=conf/default.conf +. "${0%/*}/../conf/default.conf" + +# shellcheck disable=SC2016 +usage() { + >&2 echo '' + >&2 echo 'block-package [options] packages-file:' + >&2 echo ' [un]block packages in packages-file from being built.' + >&2 echo '' + >&2 echo 'possible options:' + >&2 echo ' -h|--help: Show this help and exit.' + >&2 echo ' -u|--unblock: Unblock package instead of blocking it.' + [ -z "$1" ] && exit 1 || exit "$1" +} + +eval set -- "$( + getopt -o hu \ + --long help \ + --long unblock \ + -n "$(basename "$0")" -- "$@" || \ + echo usage +)" + +block=true + +while true +do + case "$1" in + -h|--help) + usage 0 + ;; + -u|--unblock) + block=false + ;; + --) + shift + break + ;; + *) + >&2 echo 'Whoops, forgot to implement option "'"$1"'" internally.' + exit 42 + ;; + esac + shift +done + +if [ $# -ne 1 ]; then + >&2 echo 'Too few or too many arguments.' + usage +fi + +input_file="$1" + +if ! [ -r "${input_file}" ]; then + >&2 printf \ + 'Cannot open input file "%s".' \ + "${input_file}" + exit 2 +fi + +err=0 +while read -r package reason; do + if ! tr ' ' '.' < \ + "${work_dir}/build-list" | \ + grep -qxF "${package}"; then + >&2 printf 'Package "%s" is not on the build-list.\n' "${package}" + err=2 + continue + fi + if ${block}; then + if [ -z "${reason}" ]; then + >&2 printf 'No reason is given for blocking package "%s".\n' "${package}" + err=2 + else + echo "${reason}" > \ + "${work_dir}/package-states/${package}.blocked" + fi + else + rm -f "${work_dir}/package-states/${package}.blocked" + fi +done < \ + "${input_file}" + +exit ${err} diff --git a/bin/interpret-mail b/bin/interpret-mail index 6e2d365..908afa0 100755 --- a/bin/interpret-mail +++ b/bin/interpret-mail @@ -32,17 +32,25 @@ if ! sed -n ' exit fi -if [ -z "$( - ( - grep '^\[GNUPG:] VALIDSIG ' "${tmp_dir}/gpg-status" | \ - cut -d' ' -f3 | \ - sort -u - printf '%s\n' "${admin_gpg_keys}" | \ - sort -u - ) | \ - sort | \ - uniq -d - )" ]; then +grep '^\[GNUPG:] VALIDSIG ' "${tmp_dir}/gpg-status" | \ + cut -d' ' -f3 | \ + sort -u > \ + "${tmp_dir}/found-keys" + +printf '%s\n' "${admin_gpg_keys}" | \ + sort -k1,1 -u > \ + "${tmp_dir}/admin-gpg-keys" + +join -j 1 -o 2.2 \ + "${tmp_dir}/found-keys" \ + "${tmp_dir}/admin-gpg-keys" | \ + tr ',' '\n' | \ + sed 's|^ALL$|'"${possible_email_actions}"'|' | \ + tr ' ,' '\n' | \ + sort -u > \ + "${tmp_dir}/allowed-actions" + +if [ ! -s "${tmp_dir}/allowed-actions" ]; then >&2 echo 'No valid signature found.' grep '^\[GNUPG:] VALIDSIG ' "${tmp_dir}/gpg-status" | \ cut -d' ' -f3 | \ @@ -63,14 +71,32 @@ sed -n ' ' "${tmp_dir}/plain-content" > \ "${tmp_dir}/raw-content" -sed -n ' - /^stabilize:/{ - s/^stabilize:\s*// - /\.pkg\.tar\.xz$/!s/$/.pkg.tar.xz/ - w '"${tmp_dir}/stabilize"' - } -' "${tmp_dir}/raw-content" +sed -n "$( + while read -r action; do + if [ -z "${action}" ]; then + continue + fi + printf \ + '/^%s:/{ s/^%s:\s*//; w %s/%s\n }\n' \ + "${action}" \ + "${action}" \ + "${tmp_dir}" \ + "${action}" + done < \ + "${tmp_dir}/allowed-actions" +)" "${tmp_dir}/raw-content" + +if [ -s "${tmp_dir}/block" ]; then + chronic "${base_dir}/bin/block-package" "${tmp_dir}/block" +fi if [ -s "${tmp_dir}/stabilize" ]; then - chronic "${base_dir}/bin/db-update" -b -f "${tmp_dir}/stabilize" + sed -i ' + /\.pkg\.tar\.xz$/!s/$/.pkg.tar.xz/ + ' "${tmp_dir}/stabilize" +# chronic "${base_dir}/bin/db-update" -b -f "${tmp_dir}/stabilize" +fi + +if [ -s "${tmp_dir}/unblock" ]; then + chronic "${base_dir}/bin/block-package" -u "${tmp_dir}/unblock" fi diff --git a/conf/default.conf b/conf/default.conf index fcaa39a..c78cc4b 100755 --- a/conf/default.conf +++ b/conf/default.conf @@ -34,6 +34,10 @@ max_parallel_build_per_client=2 repo_key='0xdeadbeef' package_key='0x15eebadc0de' +# what can be done via the email interface +possible_email_actions='stabilize block unblock' + +# who can do above actions if [ -s "${base_dir}/conf/admin-gpg-keys" ]; then admin_gpg_keys=$( sed 's|\s*#.*$||' "${base_dir}/conf/admin-gpg-keys" -- cgit v1.2.3-70-g09d2