forked from Matt1360/gentoo-cloud-prep
-
Notifications
You must be signed in to change notification settings - Fork 6
/
01-get-stage3.sh
executable file
·103 lines (95 loc) · 4.74 KB
/
01-get-stage3.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#!/usr/bin/env bash
#
# Note that I use this script to update all my current stages, and rootfs,
# but this repo is more specifically for Gentoo, so have some Gentoo.
set -e -u -x -o pipefail
# Vars
export MIRROR=${MIRROR:-"http://gentoo.osuosl.org"}
export OUTDIR=${OUTDIR:-"/var/tmp/catalyst/builds"}
export PORTAGE_DIR=${PORTAGE_DIR:-"/var/tmp/catalyst/snapshots"}
# profiles supported are as follows
# default/linux/amd64/13.0
# default/linux/amd64/13.0/no-multilib
# hardened/linux/amd64
# hardened/linux/amd64/no-multilib
# hardened/linux/amd64/selinux (eventually)
# hardened/linux/amd64/no-multilib/selinux (eventually)
export PROFILE=${PROFILE:-"default/linux/amd64/13.0"}
mkdir -p "${OUTDIR}"
if [[ "${PROFILE}" == "default/linux/amd64/13.0" ]]; then
STAGE3_NAME="stage3-amd64-current.tar.bz2"
STAGE3_REAL_PATH=$(curl -s "${MIRROR}/releases/amd64/autobuilds/latest-stage3-amd64.txt" | awk '/stage3/ { print $1 }')
STAGE3_REAL_NAME=$(echo -n "${STAGE3_REAL_PATH}" | awk -F/ '{ print $2}')
STAGE3_URL="${MIRROR}/releases/amd64/autobuilds/current-stage3-amd64/${STAGE3_REAL_NAME}"
elif [[ "${PROFILE}" == "default/linux/amd64/13.0/no-multilib" ]]; then
STAGE3_NAME="stage3-amd64-nomultilib-current.tar.bz2"
STAGE3_REAL_PATH=$(curl -s "${MIRROR}/releases/amd64/autobuilds/latest-stage3-amd64-nomultilib.txt" | awk '/stage3/ { print $1 }')
STAGE3_REAL_NAME=$(echo -n "${STAGE3_REAL_PATH}" | awk -F/ '{ print $2}')
STAGE3_URL="${MIRROR}/releases/amd64/autobuilds/current-stage3-amd64-nomultilib/${STAGE3_REAL_NAME}"
elif [[ "${PROFILE}" == "hardened/linux/amd64" ]]; then
STAGE3_NAME="stage3-amd64-hardened-current.tar.bz2"
STAGE3_REAL_PATH=$(curl -s "${MIRROR}/releases/amd64/autobuilds/latest-stage3-amd64-hardened.txt" | awk '/hardened/ { print $1 }')
STAGE3_REAL_NAME=$(echo -n "${STAGE3_REAL_PATH}" | awk -F/ '{ print $3}')
STAGE3_URL="${MIRROR}/releases/amd64/autobuilds/current-stage3-amd64-hardened/${STAGE3_REAL_NAME}"
elif [[ "${PROFILE}" == "hardened/linux/amd64/no-multilib" ]]; then
STAGE3_NAME="stage3-amd64-hardened-nomultilib-current.tar.bz2"
STAGE3_REAL_PATH=$(curl -s "${MIRROR}/releases/amd64/autobuilds/latest-stage3-amd64-hardened+nomultilib.txt" | awk '/hardened/ { print $1 }')
STAGE3_REAL_NAME=$(echo -n "${STAGE3_REAL_PATH}" | awk -F/ '{ print $3}')
STAGE3_URL="${MIRROR}/releases/amd64/autobuilds/current-stage3-amd64-hardened+nomultilib/${STAGE3_REAL_NAME}"
else
echo 'invalid profile, exiting'
exit 1
fi
curl -s "${STAGE3_URL}.DIGESTS.asc" -o "${OUTDIR}/${STAGE3_REAL_NAME}.DIGESTS.asc"
gkeys verify -F "${OUTDIR}/${STAGE3_REAL_NAME}.DIGESTS.asc"
STATUS=$?
if [[ ${STATUS} != 0 ]]; then
echo 'stage3 did not verify, removing badness'
rm "${OUTDIR}/${STAGE3_REAL_NAME}"
rm "${OUTDIR}/${STAGE3_REAL_NAME}.DIGESTS.asc"
exit 1
fi
SHA512=$(grep -A1 SHA512 "${OUTDIR}/${STAGE3_REAL_NAME}.DIGESTS.asc" | grep stage3 | grep -v CONTENTS | awk '{ print $1 }')
SHA512_REAL=$(sha512sum "${OUTDIR}/${STAGE3_NAME}" | awk '{ print $1 }')
if [[ "${SHA512}" != "${SHA512_REAL}" ]]; then
echo "Downloading new image - ${STAGE3_REAL_NAME}"
curl -s "${STAGE3_URL}" -o "${OUTDIR}/${STAGE3_REAL_NAME}"
SHA512=$(grep -A1 SHA512 "${OUTDIR}/${STAGE3_REAL_NAME}.DIGESTS.asc" | grep stage3 | grep -v CONTENTS | awk '{ print $1 }')
SHA512_REAL=$(sha512sum "${OUTDIR}/${STAGE3_REAL_NAME}" | awk '{ print $1 }')
if [[ "${SHA512}" != "${SHA512_REAL}" ]]; then
echo 'shasum did not match, removing badness'
rm "${OUTDIR}/${STAGE3_REAL_NAME}"
rm "${OUTDIR}/${STAGE3_REAL_NAME}.DIGESTS.asc"
exit 1
fi
# otherwise we cleanup and move on
if [[ -f "${OUTDIR}/${STAGE3_NAME}" ]]; then
rm "${OUTDIR}/${STAGE3_NAME}"
fi
rm "${OUTDIR}/${STAGE3_REAL_NAME}.DIGESTS.asc"
mv "${OUTDIR}/${STAGE3_REAL_NAME}" "${OUTDIR}/${STAGE3_NAME}"
fi
# get the latest portage
PORTAGE_LIVE_MD5=$(curl -s "${MIRROR}/snapshots/portage-latest.tar.bz2.md5sum" | awk '/portage-latest/ {print $1}')
OUR_MD5=$(md5sum "${PORTAGE_DIR}/portage-current.tar.bz2" | awk {'print $1'})
if [[ "${PORTAGE_LIVE_MD5}" != "${OUR_MD5}" ]]; then
echo 'downloading new portage tarball'
if [[ ! -d "${PORTAGE_DIR}" ]]; then
mkdir -p "${PORTAGE_DIR}"
fi
curl -s "${MIRROR}/snapshots/portage-latest.tar.bz2" -o "${PORTAGE_DIR}/portage-current.tar.bz2"
curl -s "${MIRROR}/snapshots/portage-latest.tar.bz2.gpgsig" -o "${PORTAGE_DIR}/portage-current.tar.bz2.gpgsig"
gkeys verify -F "${PORTAGE_DIR}/portage-current.tar.bz2"
STATUS=$?
if [[ ${STATUS} != 0 ]]; then
echo 'tarball did not verify, removing badness'
rm "${PORTAGE_DIR}/portage-current.tar.bz2"
rm "${PORTAGE_DIR}/portage-current.tar.bz2.gpgsig"
exit 1
elif [[ ${STATUS} == 0 ]]; then
echo 'tarball verified'
rm "${PORTAGE_DIR}/portage-current.tar.bz2.gpgsig"
fi
else
echo 'portage tarball is up to date'
fi