mirror of
https://github.com/ben-grande/qusal.git
synced 2024-12-17 20:04:26 -05:00
fc22726ee8
Passing files to Dom0 is always dangerous: - Passing a git repository is dangerous as it can have ignored modified files and signature verification will pass. - Passing an archive is troublesome for updates. - Passing an RPM package depends on the RPM verification to be correct, some times it is not. - Passing a RPM repository definition is less troublesome for the user, as it is a small file to verify the contents and update mechanism is via the package manager. Trust in RPM verification is still required. Many improvements were made to the build scripts: - requires-program: Single function to check if program is installed; - spec-get: Sort project names for the usage message; - spec-get: Only running commands that are necessary; - spec-get: Fix empty summary when readme has copyright header; - spec-gen: Fix grep warning of escaped symbol; - spec-build: Sign RPM and verify signature; - spec-build: Only lint the first SPEC for faster runtime; - yumrepo-gen: Generate a local yum repository with signed metadata; - qubesbuilder-gen: Generate a .qubesbuilder based on tracked projects; - release: Build, sign and push all RPMs to repository. Goal is to be able to build with qubes-builderv2 Qubes Executor. For: https://github.com/ben-grande/qusal/issues/37
47 lines
1.3 KiB
Bash
Executable File
47 lines
1.3 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
## SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
|
|
##
|
|
## SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
# shellcheck disable=SC2086
|
|
set -eu
|
|
|
|
command -v salt-lint >/dev/null ||
|
|
{ printf >&2 "Missing program: salt-lint\n"; exit 1; }
|
|
command -v git >/dev/null ||
|
|
{ printf "Missing program: git\n" >&2; exit 1; }
|
|
cd "$(git rev-parse --show-toplevel)" || exit 1
|
|
|
|
possible_conf="${PWD}/.salt-lint"
|
|
conf=""
|
|
test -f "${possible_conf}" && conf="-c ${possible_conf}"
|
|
|
|
find_tool="find"
|
|
if command -v fd; then
|
|
find_tool="fd"
|
|
elif command -v fdfind >/dev/null; then
|
|
find_tool="fdfind"
|
|
fi
|
|
|
|
if test -n "${1-}"; then
|
|
files=""
|
|
for f in "$@"; do
|
|
test -f "$f" || continue
|
|
extension="$(echo "$f" | awk -F '.' '{print $NF}')"
|
|
case "$extension" in
|
|
top|sls) files="$files $f";;
|
|
*) continue;;
|
|
esac
|
|
done
|
|
test -n "$files" || exit 0
|
|
exec salt-lint ${conf} ${files}
|
|
fi
|
|
|
|
case "${find_tool}" in
|
|
fd|fdfind) files="$(${find_tool} . minion.d/ --extension=conf) $(${find_tool} . salt/ --max-depth=2 --type=f --extension=sls --extension=top | sort -d)";;
|
|
find) files="$(find minion.d/ -type f -name "*.conf") $(find salt/* -maxdepth 2 -type f \( -name '*.sls' -o -name '*.top' \) | sort -d)";;
|
|
esac
|
|
|
|
exec salt-lint ${conf} ${files}
|