1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
#!/usr/bin/env bash
#
set -eu
PREFIX="ace"
: ${NO_SIGNATURE=}
ACI_OS="$(go env GOOS)"
GOARCH="$(go env GOARCH)"
case $GOARCH in
arm64) ACI_ARCH="aarch64" ;;
*) ACI_ARCH="$GOARCH" ;;
esac
if ! [[ $0 =~ "scripts/build-ace-validator-acis" ]]; then
echo "invoke from repository root" 1>&2
exit 255
fi
if ! [[ -f "bin/ace-validator" ]]; then
./build
fi
for typ in main sidekick; do
layoutdir="bin/ace-validator-${typ}-layout"
mkdir -p ${layoutdir}/rootfs/opt/acvalidator
cp bin/ace-validator ${layoutdir}/rootfs/
sed -e "s/@ACI_OS@/$ACI_OS/" -e "s/@ACI_ARCH@/$ACI_ARCH/" < ${PREFIX}/image_manifest_${typ}.json.in > ${layoutdir}/manifest
# now build the tarball, and sign it
pushd ${layoutdir} >/dev/null
# Set a consistent timestamp so we get a consistent hash
# TODO(jonboulle): make this cleaner..
for path in rootfs rootfs/ace-validator; do
touch -a -m -d 1970-01-01T00:00:00Z ${path}
done
../actool build --overwrite ./ ../ace-validator-${typ}.aci
if [ -z "$NO_SIGNATURE" ] ; then
gpg --cipher-algo AES256 --armor --output ace-validator-${typ}.aci.asc --detach-sig ../ace-validator-${typ}.aci
mv ace-validator-${typ}.aci.asc ../
fi
popd >/dev/null
echo "Wrote unsigned ${typ} ACI bin/ace-validator-${typ}.aci"
if [ -f "bin/ace-validator-${typ}.aci.asc" ]; then
echo "Wrote ${typ} ACI signature bin/ace-validator-${typ}.aci.asc"
fi
done
|
