From 801e4c175cb85e21f713cf919e0f18ac8d2a9188 Mon Sep 17 00:00:00 2001
From: Alessandro Passaro <alexpax@amazon.co.uk>
Date: Thu, 23 Nov 2023 09:36:06 +0000
Subject: [PATCH] Add scripts to validate a release package (#626)

* Add scripts to validate a release package

Signed-off-by: Alessandro Passaro <alexpax@amazon.co.uk>

* Set executable bit

Signed-off-by: Alessandro Passaro <alexpax@amazon.co.uk>

* Add minimal readme

Signed-off-by: Alessandro Passaro <alexpax@amazon.co.uk>

---------

Signed-off-by: Alessandro Passaro <alexpax@amazon.co.uk>
---
 package/validate/README.md              |  9 ++++
 package/validate/test-mount-s3.sh       | 12 +++++
 package/validate/validate-deb-ubuntu.sh | 16 +++++++
 package/validate/validate-gzip-al2.sh   | 19 ++++++++
 package/validate/validate-rpm-al2.sh    | 16 +++++++
 package/validate/validate.py            | 60 +++++++++++++++++++++++++
 6 files changed, 132 insertions(+)
 create mode 100644 package/validate/README.md
 create mode 100755 package/validate/test-mount-s3.sh
 create mode 100755 package/validate/validate-deb-ubuntu.sh
 create mode 100755 package/validate/validate-gzip-al2.sh
 create mode 100755 package/validate/validate-rpm-al2.sh
 create mode 100755 package/validate/validate.py

diff --git a/package/validate/README.md b/package/validate/README.md
new file mode 100644
index 000000000..57bc29c53
--- /dev/null
+++ b/package/validate/README.md
@@ -0,0 +1,9 @@
+# Validation of a Release Package
+
+The scripts in this directory can be used to validate the artifacts for a released version of Mountpoint.
+
+The `validate.py` python script validates the RPM and DEB packages and the gzip archive for the given Mountpoint release. The script runs a docker container for the specified OS, downloads the Mountpoint package, verifies its signature, and proceeds to installs it. Then, it will use the installed binary to mount the specified bucket and list its content.
+
+To see the available options, run:
+
+    python3 validate.py --help
diff --git a/package/validate/test-mount-s3.sh b/package/validate/test-mount-s3.sh
new file mode 100755
index 000000000..dc5adbd10
--- /dev/null
+++ b/package/validate/test-mount-s3.sh
@@ -0,0 +1,12 @@
+#! /bin/sh
+set -e
+
+echo
+echo "Show installed version:"
+mount-s3 --version
+
+echo
+echo "Mount and list top-level content of bucket: $BUCKET"
+mkdir ~/mnt
+mount-s3 "$BUCKET" ~/mnt --no-sign-request
+ls ~/mnt
\ No newline at end of file
diff --git a/package/validate/validate-deb-ubuntu.sh b/package/validate/validate-deb-ubuntu.sh
new file mode 100755
index 000000000..274d84240
--- /dev/null
+++ b/package/validate/validate-deb-ubuntu.sh
@@ -0,0 +1,16 @@
+#! /bin/sh
+set -e
+
+apt-get -qq update -y && apt-get -qq install -y wget gpg
+cd /tmp
+
+wget https://s3.amazonaws.com/mountpoint-s3-release/$VERSION/$ARCH/mount-s3-$VERSION-$ARCH.deb
+wget https://s3.amazonaws.com/mountpoint-s3-release/$VERSION/$ARCH/mount-s3-$VERSION-$ARCH.deb.asc
+
+wget https://s3.amazonaws.com/mountpoint-s3-release/public_keys/KEYS
+gpg --import KEYS
+gpg --verify mount-s3-$VERSION-$ARCH.deb.asc mount-s3-$VERSION-$ARCH.deb
+
+apt-get install -y ./mount-s3-$VERSION-$ARCH.deb
+
+. $(dirname "$0")/test-mount-s3.sh
\ No newline at end of file
diff --git a/package/validate/validate-gzip-al2.sh b/package/validate/validate-gzip-al2.sh
new file mode 100755
index 000000000..688407fa9
--- /dev/null
+++ b/package/validate/validate-gzip-al2.sh
@@ -0,0 +1,19 @@
+#! /bin/sh
+set -e
+
+yum update -y && yum install -y wget gpg tar gzip
+cd /tmp
+
+wget https://s3.amazonaws.com/mountpoint-s3-release/$VERSION/$ARCH/mount-s3-$VERSION-$ARCH.tar.gz
+wget https://s3.amazonaws.com/mountpoint-s3-release/$VERSION/$ARCH/mount-s3-$VERSION-$ARCH.tar.gz.asc
+
+wget https://s3.amazonaws.com/mountpoint-s3-release/public_keys/KEYS
+gpg --import KEYS
+gpg --verify mount-s3-$VERSION-$ARCH.tar.gz.asc mount-s3-$VERSION-$ARCH.tar.gz
+
+tar -zxvf mount-s3-$VERSION-$ARCH.tar.gz
+cp bin/mount-s3 /usr/bin/
+# install Mountpoint dependencies manually
+yum install -y fuse fuse-devel
+
+. $(dirname "$0")/test-mount-s3.sh
\ No newline at end of file
diff --git a/package/validate/validate-rpm-al2.sh b/package/validate/validate-rpm-al2.sh
new file mode 100755
index 000000000..c05371f21
--- /dev/null
+++ b/package/validate/validate-rpm-al2.sh
@@ -0,0 +1,16 @@
+#! /bin/sh
+set -e
+
+yum update -y && yum install -y wget gpg
+cd /tmp
+
+wget https://s3.amazonaws.com/mountpoint-s3-release/$VERSION/$ARCH/mount-s3-$VERSION-$ARCH.rpm
+wget https://s3.amazonaws.com/mountpoint-s3-release/$VERSION/$ARCH/mount-s3-$VERSION-$ARCH.rpm.asc
+
+wget https://s3.amazonaws.com/mountpoint-s3-release/public_keys/KEYS
+gpg --import KEYS
+gpg --verify mount-s3-$VERSION-$ARCH.rpm.asc mount-s3-$VERSION-$ARCH.rpm
+
+yum install -y mount-s3-$VERSION-$ARCH.rpm
+
+. $(dirname "$0")/test-mount-s3.sh
\ No newline at end of file
diff --git a/package/validate/validate.py b/package/validate/validate.py
new file mode 100755
index 000000000..ab76d9d43
--- /dev/null
+++ b/package/validate/validate.py
@@ -0,0 +1,60 @@
+#!/usr/bin/env python3
+
+"""
+Script for validating a Mountpoint release package.
+
+This script validates the RPM and DEB packages and the gzip archive built for a Mountpoint release.
+"""
+
+import argparse
+import os
+import subprocess
+
+def validate(args: argparse.Namespace) -> str:
+    """Top-level driver."""
+
+    package=f"{args.artifact}-{args.os}"
+    if package == "deb-ubuntu":
+        image = "ubuntu/ubuntu:20.04"
+    elif package == "rpm-al2" or package == "gzip-al2":
+        image = "amazonlinux/amazonlinux:2"
+    else:
+        raise Exception(f"unsupported OS {args.os} for {args.artifact}. Supported combinations are: deb-ubuntu, rpm-al2, gzip-al2")
+
+    print("Validating Mountpoint Release Package")
+    print(f"\tVersion: {args.version}")
+    print(f"\tArch: {args.arch}")
+    print(f"\tOS: {args.os}")
+    print(f"\tArtifact: {args.artifact}")
+    print(f"\tBucket: {args.bucket}")
+    print("\n")
+
+    full_image = f"public.ecr.aws/{image}"
+    validate_script = f"validate-{package}.sh"
+    scripts_dir = os.path.dirname(os.path.realpath(__file__))
+
+    subprocess.run(["docker", "pull", full_image])
+    subprocess.run(["docker", 
+                    "run",
+                    "--rm", 
+                    "--cap-add=SYS_ADMIN", 
+                    "--device=/dev/fuse", 
+                    f"-v={scripts_dir}:/scripts", 
+                    f"--env=ARCH={args.arch}", 
+                    f"--env=VERSION={args.version}", 
+                    f"--env=BUCKET={args.bucket}",
+                    full_image, 
+                    "/bin/bash", 
+                    f"/scripts/{validate_script}"])
+
+if __name__ == "__main__":
+    p = argparse.ArgumentParser()
+    p.add_argument("--version", help="the version number for the Mountpoint release", required=True)
+    p.add_argument("--arch", help="the architecture to validate", required=True, choices=["x86_64", "arm64"])
+    p.add_argument("--artifact", help="the artifact to validate", required=True, choices=["deb", "rpm", "gzip"])
+    p.add_argument("--os", help="the OS to validate on", required=True, choices=["ubuntu", "al2"])
+    p.add_argument("--bucket", help="the public bucket to mount", required=True)
+
+    args = p.parse_args()
+
+    validate(args)