2 # SPDX-License-Identifier: EPL-1.0
3 ##############################################################################
4 # Copyright (c) 2018 The Linux Foundation and others.
6 # All rights reserved. This program and the accompanying materials
7 # are made available under the terms of the Eclipse Public License v1.0
8 # which accompanies this distribution, and is available at
9 # http://www.eclipse.org/legal/epl-v10.html
10 ##############################################################################
11 echo "---> sigul-sign-dir.sh"
13 # Ensure we fail the job if any steps fail.
16 # shellcheck disable=SC1090
19 lf-activate-venv --python python3 lftools
21 OS=$(facter operatingsystem | tr '[:upper:]' '[:lower:]')
22 OS_RELEASE=$(facter lsbdistrelease | tr '[:upper:]' '[:lower:]')
23 if [[ "$OS_RELEASE" == "8" && "$OS" == 'centos' ]]; then
24 # Get Dockerfile and the enterpoint to build the docker image.
25 # shellcheck disable=SC2140
26 wget -O "${WORKSPACE}/sigul-sign.sh" "https://raw.githubusercontent.com/"\
27 "lfit/releng-global-jjb/master/shell/sigul-sign.sh"
28 # shellcheck disable=SC2140
29 wget -O "${WORKSPACE}/Dockerfile" "https://raw.githubusercontent.com/"\
30 "lfit/releng-global-jjb/master/docker/Dockerfile"
32 # Setup the docker environment for jenkins user
33 docker build -f "${WORKSPACE}/Dockerfile" \
34 --build-arg SIGN_DIR="${SIGN_DIR}" \
37 docker volume create --driver local \
39 --opt device=/w/workspace \
43 docker volume inspect wrkspc_vol
45 # shellcheck disable=SC2140
46 docker run -e SIGUL_KEY="${SIGUL_KEY}" \
47 -e SIGUL_PASSWORD="${SIGUL_PASSWORD}" \
48 -e SIGUL_CONFIG="${SIGUL_CONFIG}" \
49 -e SIGN_DIR="${SIGN_DIR}" \
50 -e WORKSPACE="${WORKSPACE}" \
52 --security-opt label:disable \
53 --mount type=bind,source="/w/workspace",target="/w/workspace" \
54 --mount type=bind,source="/home/jenkins",target="/home/jenkins" \
55 -u root:root -w "$(pwd)" sigul-sign
57 # change the .asc files owner permissions back to jenkins
58 sudo chown -R jenkins:jenkins "${SIGN_DIR}"
60 lftools sign sigul -m "${SIGN_MODE}" "${SIGN_DIR}"