From 51dad1185a8dcf55f2e3473b79748e0e72c6590c Mon Sep 17 00:00:00 2001 From: Mike Dougherty Date: Wed, 6 Jan 2016 14:25:39 -0800 Subject: [PATCH] Create a bundle for the install script to support other domains For the CS Engine we need to have an install script like OSS does, but the locations are all different, as is the GPG key used. This is accomplished here by slightly altering the script itself and adding a simple 'sed' based bundle for make.sh. This install script is used in to change the URLs instead of sed in release.sh. Signed-off-by: Mike Dougherty --- hack/install.sh | 25 +++++++++------- hack/make/install-script | 63 ++++++++++++++++++++++++++++++++++++++++ hack/release.sh | 3 +- 3 files changed, 80 insertions(+), 11 deletions(-) create mode 100644 hack/make/install-script diff --git a/hack/install.sh b/hack/install.sh index 53876d8a04..92d48c903a 100755 --- a/hack/install.sh +++ b/hack/install.sh @@ -23,7 +23,10 @@ set -e # s3cmd put --acl-public -P hack/install.sh s3://get.docker.com/index # -url='https://get.docker.com/' +url="https://get.docker.com/" +apt_url="https://apt.dockerproject.org" +yum_url="https://yum.dockerproject.org" +gpg_fingerprint="58118E89F3A912897C070ADBF76221572C52609D" command_exists() { command -v "$@" > /dev/null 2>&1 @@ -161,11 +164,13 @@ do_install() { fi # check to see which repo they are trying to install from - repo='main' - if [ "https://test.docker.com/" = "$url" ]; then - repo='testing' - elif [ "https://experimental.docker.com/" = "$url" ]; then - repo='experimental' + if [ -z "$repo" ]; then + repo='main' + if [ "https://test.docker.com/" = "$url" ]; then + repo='testing' + elif [ "https://experimental.docker.com/" = "$url" ]; then + repo='experimental' + fi fi # perform some very rudimentary platform detection @@ -370,9 +375,9 @@ do_install() { fi ( set -x - $sh_c "apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D" + $sh_c "apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys ${gpg_fingerprint}" $sh_c "mkdir -p /etc/apt/sources.list.d" - $sh_c "echo deb [arch=$(dpkg --print-architecture)] https://apt.dockerproject.org/repo ${lsb_dist}-${dist_version} ${repo} > /etc/apt/sources.list.d/docker.list" + $sh_c "echo deb [arch=$(dpkg --print-architecture)] ${apt_url}/repo ${lsb_dist}-${dist_version} ${repo} > /etc/apt/sources.list.d/docker.list" $sh_c 'sleep 3; apt-get update; apt-get install -y -q docker-engine' ) echo_docker_as_nonroot @@ -383,10 +388,10 @@ do_install() { $sh_c "cat >/etc/yum.repos.d/docker-${repo}.repo" <<-EOF [docker-${repo}-repo] name=Docker ${repo} Repository - baseurl=https://yum.dockerproject.org/repo/${repo}/${lsb_dist}/${dist_version} + baseurl=${yum_url}/repo/${repo}/${lsb_dist}/${dist_version} enabled=1 gpgcheck=1 - gpgkey=https://yum.dockerproject.org/gpg + gpgkey=${yum_url}/gpg EOF if [ "$lsb_dist" = "fedora" ] && [ "$dist_version" -ge "22" ]; then ( diff --git a/hack/make/install-script b/hack/make/install-script new file mode 100644 index 0000000000..feadac2f38 --- /dev/null +++ b/hack/make/install-script @@ -0,0 +1,63 @@ +#!/bin/bash +set -e + +# This script modifies the install.sh script for domains and keys other than +# those used by the primary opensource releases. +# +# You can provide `url`, `yum_url`, `apt_url` and optionally `gpg_fingerprint` +# or `GPG_KEYID` as environment variables, or the defaults for open source are used. +# +# The lower-case variables are substituted into install.sh. +# +# gpg_fingerprint and GPG_KEYID are optional, defaulting to the opensource release +# key ("releasedocker"). Other GPG_KEYIDs will require you to mount a volume with +# the correct contents to /root/.gnupg. +# +# It outputs the modified `install.sh` file to $DOCKER_RELEASE_DIR (default: $DEST) +# +# Example usage: +# +# docker run \ +# --rm \ +# --privileged \ +# -e "GPG_KEYID=deadbeef" \ +# -e "GNUPGHOME=/root/.gnupg" \ +# -v $HOME/.gnupg:/root/.gnupg \ +# -v $(pwd):/go/src/github.com/docker/docker/bundles \ +# "$IMAGE_DOCKER" \ +# hack/make.sh install-script + +: ${DOCKER_RELEASE_DIR:=$DEST} +: ${GPG_KEYID:=releasedocker} + +DEFAULT_URL="https://get.docker.com/" +DEFAULT_APT_URL="https://apt.dockerproject.org" +DEFAULT_YUM_URL="https://yum.dockerproject.org" +DEFAULT_GPG_FINGERPRINT="58118E89F3A912897C070ADBF76221572C52609D" + +: ${url:=$DEFAULT_URL} +: ${apt_url:=$DEFAULT_APT_URL} +: ${yum_url:=$DEFAULT_YUM_URL} +if [[ "$GPG_KEYID" == "releasedocker" ]] ; then + : ${gpg_fingerprint:=$DEFAULT_GPG_FINGERPRINT} +fi + +DEST_FILE="$DOCKER_RELEASE_DIR/install.sh" + +bundle_install_script() { + mkdir -p "$DOCKER_RELEASE_DIR" + + if [[ -z "$gpg_fingerprint" ]] ; then + # NOTE: if no key matching key is in /root/.gnupg, this will fail + gpg_fingerprint=$(gpg --with-fingerprint -k "$GPG_KEYID" | grep "Key fingerprint" | awk -F "=" '{print $2};' | tr -d ' ') + fi + + cp hack/install.sh "$DEST_FILE" + sed -i.bak 's#^url=".*"$#url="'"$url"'"#' "$DEST_FILE" + sed -i.bak 's#^apt_url=".*"$#apt_url="'"$apt_url"'"#' "$DEST_FILE" + sed -i.bak 's#^yum_url=".*"$#yum_url="'"$yum_url"'"#' "$DEST_FILE" + sed -i.bak 's#^gpg_fingerprint=".*"$#gpg_fingerprint="'"$gpg_fingerprint"'"#' "$DEST_FILE" + rm "${DEST_FILE}.bak" +} + +bundle_install_script diff --git a/hack/release.sh b/hack/release.sh index d231c167af..7d9bacec89 100755 --- a/hack/release.sh +++ b/hack/release.sh @@ -289,7 +289,8 @@ EOF # Upload the index script release_index() { echo "Releasing index" - sed "s,url='https://get.docker.com/',url='$(s3_url)/'," hack/install.sh | write_to_s3 "s3://$BUCKET_PATH/index" + url="$(s3_url)" hack/make.sh install-script + write_to_s3 "s3://$BUCKET_PATH/index" < "bundles/$VERSION/install-script/install.sh" } release_test() {