diff --git a/tools/pkgrepos/README.md b/tools/pkgrepos/README.md deleted file mode 100644 index aa2bf6f16e..0000000000 --- a/tools/pkgrepos/README.md +++ /dev/null @@ -1,83 +0,0 @@ -Creating a new release -================== - -Releases must be built locally(for now) because packages have to be signed and we're not in a position to trust a public CI system with signing keys. -Once packages are built and dep/apt repos are generated, the repo is synced to a GCS cloud bucket which makes the release immediately available at `dl.kolide.com` - -# Requirements - -A local copy of the google storage bucket. `gs://dl.kolide.co/` -GPG keys in your keyring. - -# Steps - -1. Download the Google Storage bucket locally. - -``` -mkdir -p ~/kolide_packages -gsutil cp -r gs://dl.kolide.co/ ~/kolide_packages/ -``` - -2. Import keys to GPG keyring. Run this command by mounting the `~/.gnupg` folder into the `kolide/fpm` docker container. The gnupg version on your mac is probably different and the keyring format is not compatible with the one in the container. The permissions on .gnupg should be 700 and the files in the .gnupg directory need to be 600. - -Note: You only need to do this step once. - -Start container - -``` - docker run --rm -it \ - -v /Users/$(whoami)/.gnupg:/root/.gnupg" \ - kolide/fpm /bin/bash -``` - -And in the container, run: - -``` -gpg --allow-secret-key-import --import private.key -``` - -Then check the key is there, with `gpg --list-keys` -You should see the Kolide packaging key there. - - -3. Build binaries/packages. -Use the `build_release.sh` script in this folder to create a zip of the binaries and linux packages. The scripts for building linux packages will run in a docker container, so if you're running for the first time, you might see the containers downloading. - -You will be prompted for the GPG password several times by the rpm/deb packaging scripts. - -4. Copy the artifacts into the appropriate directories in `~/kolide_packages` - -Example: - -``` -cp build/fleet-1.0.4-1.x86_64.rpm ~/kolide_packages/yum/ -cp build/fleet_1.0.4_amd64.deb ~/kolide_packages/deb/ -cp build/fleet_1.0.4.zip ~/kolide_packages/bin/ -cp build/fleet_latest.zip ~/kolide_packages/bin/ -``` - -5. Run the `update-package-repos` script. The script will update/sign the metadata for the local yum/apt repos. You will be prompted for the GPG key password again during this step so have it ready. -The script assumes the packages are in `LOCAL_REPO_PATH="/Users/${USER}/kolide_packages"` - -NOTE: The script MUST be run from the `pkgrepos` directory as it `cd`s into relative folders. Should probably be fixed... - -6. Generate the package metadate file. -The `https://dl.kolide.co/metadata.json` file holds data about the latest version/old releases. Run the Go `package_metadata.go` to generate an updated version of the metadata file. - -``` -go run package_metadata.go -repo /Users/$me/kolide_packages/ -git-tag=1.0.4 - ``` - -7. Create a git commit commit with the updated package repos. -The repo building scripts can be flaky, and occasionally it's useful to use a `--reset HARD` flag with git to retry building the release. - -8. Push the release to gcloud. Pushing will override the contents of the gcs bucket and the release will be immediately available. - -``` -gsutil -m rsync -r -d ./kolide_packages gs://dl.kolide.co/ -``` - -# Testing - -The `~/kolide_packages` folder has a nginx dockerfile which builds a static site of the repo. You can use it to host a local version of the yum/apt repo. - diff --git a/tools/pkgrepos/build-release.sh b/tools/pkgrepos/build-release.sh deleted file mode 100755 index e908ae9099..0000000000 --- a/tools/pkgrepos/build-release.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -VERSION="$(git describe --tags --always --dirty)" -GPG_PATH="/Users/${USER}/.gnupg" - -build_binaries() { - cd $GOPATH/src/github.com/kolide/fleet - make generate - - GOOS=darwin CGO_ENABLED=0 make build - mkdir -p build/darwin - mv build/fleet build/darwin/fleet_darwin_amd64 - - GOOS=linux CGO_ENABLED=0 make build - mkdir -p build/linux - mv build/fleet build/linux/fleet_linux_amd64 -} - -zip_binaries() { - cd build && \ - zip -r "fleet_${VERSION}.zip" darwin/ linux/ && \ - cp "fleet_${VERSION}.zip" fleet_latest.zip && \ - cd .. -} - -build_linux_packages() { - mkdir -p build/pkgroot/usr/bin - cp build/linux/fleet_linux_amd64 build/pkgroot/usr/bin/fleet - docker run --rm -it \ - -v ${PWD}/build/pkgroot:/pkgroot \ - -v "${GPG_PATH}:/root/.gnupg" \ - -v ${PWD}/build:/out -e KOLIDE_VERSION="${VERSION}" kolide/fpm -} - -main() { - build_binaries - zip_binaries - build_linux_packages -} - -main diff --git a/tools/pkgrepos/package_metadata.go b/tools/pkgrepos/package_metadata.go deleted file mode 100644 index 9ee2b492dd..0000000000 --- a/tools/pkgrepos/package_metadata.go +++ /dev/null @@ -1,151 +0,0 @@ -/* - - package_metadata.go creates a JSON file of all the artifacts in the - dl.kolide.co static file repository. - It contains links to both current and previous versions of artifacts. - Run with go run package_metadata.go -repo /path/to/local/copy/of/dl.kolide.co -git-tag=1.0.0 - - The final version of this file is found at https://dl.kolide.co/metadata.json - -*/ - -package main - -import ( - "crypto/sha256" - "encoding/json" - "flag" - "fmt" - "io" - "log" - "os" - "path/filepath" - "strings" - - "github.com/pkg/errors" -) - -const ( - debDir = "deb" - rpmDir = "yum" - binDir = "bin" - repoBaseURL = "https://dl.kolide.co/" -) - -type pkg struct { - Name string `json:"name,omitempty"` - DownloadURL string `json:"download_url,omitempty"` - Kind string `json:"kind,omitempty"` - SHA256 string `json:"sha_256,omitempty"` -} -type metadata struct { - Current []pkg `json:"current"` - Previous []pkg `json:"previous"` -} - -func main() { - var ( - flRepoPath = flag.String("repo", "", "path to binary packages repo") - flCurrentTag = flag.String("git-tag", "", "the tag for the latest kolide release") - ) - flag.Parse() - m, err := getMetadata(*flRepoPath, *flCurrentTag) - if err != nil { - log.Fatal(err) - } - metadataFilePath := filepath.Join(*flRepoPath, "metadata.json") - os.Remove(metadataFilePath) - f, err := os.Create(metadataFilePath) - if err != nil { - log.Fatal(err) - } - defer f.Close() - - enc := json.NewEncoder(f) - enc.SetIndent("", " ") - if err := enc.Encode(m); err != nil { - log.Fatal(err) - } -} - -// getMetadata walks all the subdirectories of the dl.kolide.co repository and generates -// the metadata file of versioned rpm, deb and zip archives. -func getMetadata(repoPath, current string) (*metadata, error) { - var m metadata - walkFn := func(dir string) filepath.WalkFunc { - return func(path string, info os.FileInfo, err error) error { - switch ext := filepath.Ext(path); ext { - case ".rpm", ".deb", ".zip": - if strings.Contains(path, "-repo-") || - strings.Contains(path, "latest") { - return nil - } - hash, err := shaFile(path) - if err != nil { - return err - } - p := pkg{ - Name: info.Name(), - DownloadURL: repoBaseURL + dir + "/" + info.Name(), - Kind: dir, - SHA256: hash, - } - if isCurrent(info.Name(), current, dir) { - m.Current = append(m.Current, p) - return nil - } - m.Previous = append(m.Previous, p) - } - return nil - } - } - dirs := []string{debDir, rpmDir, binDir} - for _, dir := range dirs { - err := filepath.Walk(filepath.Join(repoPath, dir), walkFn(dir)) - if err != nil { - return nil, errors.Wrapf(err, "walking %s", repoPath) - } - } - // add current release docker hub link - p := pkg{ - Kind: "docker", - Name: "kolide/fleet:" + current, - } - m.Current = append(m.Current, p) - return &m, nil -} - -func shaFile(path string) (string, error) { - f, err := os.Open(path) - if err != nil { - return "", errors.Wrapf(err, "open file %s for hashing", f.Name()) - } - defer f.Close() - h := sha256.New() - if _, err := io.Copy(h, f); err != nil { - return "", errors.Wrapf(err, "hash file %s", f.Name()) - } - return fmt.Sprintf("%x", h.Sum(nil)), nil -} - -// determines wether the file is the current version -// parses the filename based on the conventions for rpms and debs -// set by `fpm`. Unfortunately it doesn't seem possible to keep -// the filename format the same for the different filetypes. -func isCurrent(have, current, kind string) bool { - switch kind { - case "bin": - binSplit := strings.SplitN(have, "_", 2)[1] - binSplit = strings.TrimSuffix(binSplit, ".zip") - return binSplit == current - case "deb": - debSplit := strings.SplitN(have, "_", 3)[1] - return debSplit == current - case "yum": - rpmSplit := strings.SplitN(have, "-", 3)[1] - rpmSplit = strings.Replace(rpmSplit, "_", "-", -1) - return rpmSplit == current - default: - return false - } -} diff --git a/tools/pkgrepos/update-pkg-repos.sh b/tools/pkgrepos/update-pkg-repos.sh deleted file mode 100755 index 0caec3d31c..0000000000 --- a/tools/pkgrepos/update-pkg-repos.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -USER="$(whoami)" -LOCAL_REPO_PATH="/Users/${USER}/kolide_packages" -GPG_PATH="/Users/${USER}/.gnupg" - -build_createrepo_container() { - cd ../ci/docker/createrepo && \ - docker build -t createrepo . && cd - -} - -build_aptly_container() { - cd ../ci/docker/aptly && \ - docker build -t aptly . && cd - -} - -update_yum_repo() { - # generate new yum repo snapshot - docker run -it --rm \ - -v "${LOCAL_REPO_PATH}/yum:/repo" \ - -v "${GPG_PATH}:/root/.gnupg" \ - createrepo -} - -update_apt_repo() { - docker run -it --rm \ - -v "${LOCAL_REPO_PATH}/deb:/deb" \ - -v "${GPG_PATH}:/root/.gnupg" \ - -v "${LOCAL_REPO_PATH}/aptly:/root/.aptly" \ - -v "${LOCAL_REPO_PATH}/aptly.conf:/root/.aptly.conf" aptly - - # replace "debian" repo with updated snapshot - rm -rf "${LOCAL_REPO_PATH}/apt" - mv "${LOCAL_REPO_PATH}/aptly/public" "${LOCAL_REPO_PATH}/apt" -} - - -main() { - build_createrepo_container - build_aptly_container - update_yum_repo - update_apt_repo -} - -main