mirror of https://github.com/MISP/misp-packer
chg: [deploy] Updated deploy script to be more universal.
parent
e36402b704
commit
0bc4b957d6
58
deploy.sh
58
deploy.sh
|
@ -3,6 +3,7 @@
|
||||||
# Timing creation
|
# Timing creation
|
||||||
TIME_START=$(date +%s)
|
TIME_START=$(date +%s)
|
||||||
|
|
||||||
|
# TODO: Move into seprate file
|
||||||
GOT_PACKER=$(which packer > /dev/null 2>&1; echo $?)
|
GOT_PACKER=$(which packer > /dev/null 2>&1; echo $?)
|
||||||
if [[ "${GOT_PACKER}" == "0" ]]; then
|
if [[ "${GOT_PACKER}" == "0" ]]; then
|
||||||
echo "Packer detected, version: $(packer -v)"
|
echo "Packer detected, version: $(packer -v)"
|
||||||
|
@ -21,16 +22,12 @@ else
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Place holder
|
REPO="${REPO}"
|
||||||
checkBin ()
|
BRANCH="2.4"
|
||||||
{
|
|
||||||
echo "NOOP"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Latest version of misp
|
# Latest version of misp
|
||||||
VER=$(curl -s https://api.github.com/repos/MISP/MISP/tags |jq -r '.[0] | .name')
|
VER=$(curl -s https://api.github.com/repos/${REPO}/tags |jq -r '.[0] | .name')
|
||||||
# Latest commit hash of misp
|
# Latest commit hash of misp
|
||||||
LATEST_COMMIT=$(curl -s https://api.github.com/repos/MISP/MISP/commits |jq -r '.[0] | .sha')
|
LATEST_COMMIT=$(curl -s https://api.github.com/repos/${REPO}/commits |jq -r '.[0] | .sha')
|
||||||
LATEST_COMMIT_SHORT=$(echo ${LATEST_COMMIT} |cut -c1-7)
|
LATEST_COMMIT_SHORT=$(echo ${LATEST_COMMIT} |cut -c1-7)
|
||||||
|
|
||||||
if [[ "${VER}" == "" ]] || [[ "${LATEST_COMMIT}" == "" ]] ; then
|
if [[ "${VER}" == "" ]] || [[ "${LATEST_COMMIT}" == "" ]] ; then
|
||||||
|
@ -38,13 +35,18 @@ if [[ "${VER}" == "" ]] || [[ "${LATEST_COMMIT}" == "" ]] ; then
|
||||||
exit -1
|
exit -1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# SHAsums to be computed, not the -- notatiation is for ease of use with rhash
|
# SHAsums to be computed, note the -- notatiation is for ease of use with rhash
|
||||||
SHA_SUMS="--sha1 --sha256 --sha384 --sha512"
|
SHA_SUMS="--sha1 --sha256 --sha384 --sha512"
|
||||||
|
|
||||||
PACKER_NAME="misp"
|
PACKER_NAME="misp"
|
||||||
PACKER_VM="MISP"
|
PACKER_VM="MISP"
|
||||||
NAME="misp-packer"
|
NAME="misp-packer"
|
||||||
|
|
||||||
|
NAME_OF_INSTALLER="INSTALL.sh"
|
||||||
|
PATH_TO_INSTALLER="scripts/${NAME_OF_INSTALLER}"
|
||||||
|
URL_TO_INSTALLER="https://raw.githubusercontent.com/${REPO}/${BRANCH}/INSTALL/${NAME_OF_INSTALLER}"
|
||||||
|
URL_TO_LICENSE="https://raw.githubusercontent.com/${REPO}/${BRANCH}/LICENSE"
|
||||||
|
|
||||||
# Update time-stamp and make sure file exists
|
# Update time-stamp and make sure file exists
|
||||||
touch /tmp/${PACKER_NAME}-latest.sha
|
touch /tmp/${PACKER_NAME}-latest.sha
|
||||||
|
|
||||||
|
@ -70,15 +72,21 @@ PWD=`pwd`
|
||||||
mkdir -p ${PWD}/log
|
mkdir -p ${PWD}/log
|
||||||
|
|
||||||
vm_description='MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.'
|
vm_description='MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.'
|
||||||
vm_version='2.4'
|
vm_version=${BRANCH}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Place holder
|
||||||
|
checkBin ()
|
||||||
|
{
|
||||||
|
echo "NOOP"
|
||||||
|
}
|
||||||
|
|
||||||
# TODO: have the checksums on a 2nd source, GitHub? compare https://circl.lu with GH
|
# TODO: have the checksums on a 2nd source, GitHub? compare https://circl.lu with GH
|
||||||
|
|
||||||
# Place holder, this fn() should be used to anything signing related
|
# Place holder, this fn() should be used to anything signing related
|
||||||
signify ()
|
signify ()
|
||||||
{
|
{
|
||||||
|
|
||||||
# This should create the following file:
|
# This should create the following file:
|
||||||
# MISP_v2.4.105@3a25986766623f64255136e3fa5eec3af1faad7f-CHECKSUM.asc
|
# MISP_v2.4.105@3a25986766623f64255136e3fa5eec3af1faad7f-CHECKSUM.asc
|
||||||
# -----BEGIN PGP SIGNED MESSAGE-----
|
# -----BEGIN PGP SIGNED MESSAGE-----
|
||||||
|
@ -140,26 +148,26 @@ think () {
|
||||||
echo ${1}
|
echo ${1}
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
checkInstaller () {
|
checkInstaller () {
|
||||||
/usr/bin/wget -q -O scripts/INSTALL.sh.sfv https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sfv
|
/usr/bin/wget -q -O ${PATH_TO_INSTALLER}.sfv ${URL_TO_INSTALLER}.sfv
|
||||||
rhash_chk=$(cd scripts ; ${RHASH_RUN} -c INSTALL.sh.sfv > /dev/null 2>&1; echo $?)
|
rhash_chk=$(cd scripts ; ${RHASH_RUN} -c ${NAME_OF_INSTALLER}.sfv > /dev/null 2>&1; echo $?)
|
||||||
for sum in $(echo ${SHA_SUMS} |sed 's/--sha//g'); do
|
for sum in $(echo ${SHA_SUMS} |sed 's/--sha//g'); do
|
||||||
/usr/bin/wget -q -O scripts/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha${sum}
|
/usr/bin/wget -q -O ${PATH_TO_INSTALLER}.sha${sum} ${URL_TO_INSTALLER}.sha${sum}
|
||||||
INSTsum=$(shasum -a ${sum} scripts/INSTALL.sh | cut -f1 -d\ )
|
INSTsum=$(shasum -a ${sum} ${PATH_TO_INSTALLER} | cut -f1 -d\ )
|
||||||
chsum=$(cat scripts/INSTALL.sh.sha${sum} | cut -f1 -d\ )
|
chsum=$(cat ${PATH_TO_INSTALLER}.sha${sum} | cut -f1 -d\ )
|
||||||
|
|
||||||
if [[ "${chsum}" == "${INSTsum}" ]] && [[ "${rhash_chk}" == "0" ]]; then
|
if [[ "${chsum}" == "${INSTsum}" ]] && [[ "${rhash_chk}" == "0" ]]; then
|
||||||
echo "sha${sum} matches"
|
echo "sha${sum} matches"
|
||||||
else
|
else
|
||||||
echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}"
|
echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}"
|
||||||
echo "Deleting installer, please run again."
|
echo "Deleting installer, please run again."
|
||||||
rm scripts/INSTALL.sh
|
rm ${PATH_TO_INSTALLER}
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
removeAll () {
|
removeAll () {
|
||||||
# Remove files for next run
|
# Remove files for next run
|
||||||
[[ -d "output-virtualbox-iso" ]] && rm -r output-virtualbox-iso
|
[[ -d "output-virtualbox-iso" ]] && rm -r output-virtualbox-iso
|
||||||
|
@ -175,14 +183,14 @@ removeAll () {
|
||||||
removeAll 2> /dev/null
|
removeAll 2> /dev/null
|
||||||
|
|
||||||
# Fetching latest MISP LICENSE
|
# Fetching latest MISP LICENSE
|
||||||
/usr/bin/wget -q -O /tmp/LICENSE-${PACKER_NAME} https://raw.githubusercontent.com/MISP/MISP/2.4/LICENSE
|
/usr/bin/wget -q -O /tmp/LICENSE-${PACKER_NAME} ${URL_TO_LICENSE}
|
||||||
|
|
||||||
# Make sure the installer we run is the one that is currently on GitHub
|
# Make sure the installer we run is the one that is currently on GitHub
|
||||||
if [[ -e "scripts/INSTALL.sh" ]]; then
|
if [[ -e ${PATH_TO_INSTALLER} ]]; then
|
||||||
echo "Checking checksums"
|
echo "Checking checksums"
|
||||||
checkInstaller
|
checkInstaller
|
||||||
else
|
else
|
||||||
/usr/bin/wget -q -O scripts/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
|
/usr/bin/wget -q -O ${PATH_TO_INSTALLER} ${URL_TO_INSTALLER}
|
||||||
checkInstaller
|
checkInstaller
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -191,15 +199,15 @@ if [[ "${LATEST_COMMIT}" != "$(cat /tmp/${PACKER_NAME}-latest.sha)" ]]; then
|
||||||
echo "Current ${PACKER_VM} version is: ${VER}@${LATEST_COMMIT_SHORT}"
|
echo "Current ${PACKER_VM} version is: ${VER}@${LATEST_COMMIT_SHORT}"
|
||||||
|
|
||||||
# Search and replace for vm_name and make sure we can easily identify the generated VMs
|
# Search and replace for vm_name and make sure we can easily identify the generated VMs
|
||||||
cat misp.json| sed "s|\"vm_name\": \"MISP_demo\",|\"vm_name\": \"${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}\",|" > misp-deploy.json
|
cat ${PACKER_NAME}.json| sed "s|\"vm_name\": \"MISP_demo\",|\"vm_name\": \"${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}\",|" > ${PACKER_NAME}-deploy.json
|
||||||
|
|
||||||
# Build virtualbox VM set
|
# Build virtualbox VM set
|
||||||
PACKER_LOG_PATH="${PWD}/packerlog-vbox.txt"
|
PACKER_LOG_PATH="${PWD}/packerlog-vbox.txt"
|
||||||
($PACKER_RUN build --on-error=cleanup -only=virtualbox-iso misp-deploy.json ; echo $? > /tmp/vbox.done) &
|
($PACKER_RUN build --on-error=cleanup -only=virtualbox-iso ${PACKER_NAME}-deploy.json ; echo $? > /tmp/vbox.done) &
|
||||||
|
|
||||||
# Build vmware VM set
|
# Build vmware VM set
|
||||||
PACKER_LOG_PATH="${PWD}/packerlog-vmware.txt"
|
PACKER_LOG_PATH="${PWD}/packerlog-vmware.txt"
|
||||||
($PACKER_RUN build --on-error=cleanup -only=vmware-iso misp-deploy.json ; echo $? > /tmp/vmware.done) &
|
($PACKER_RUN build --on-error=cleanup -only=vmware-iso ${PACKER_NAME}-deploy.json ; echo $? > /tmp/vmware.done) &
|
||||||
|
|
||||||
# The below waits for the above 2 parallel packer builds to finish
|
# The below waits for the above 2 parallel packer builds to finish
|
||||||
while [[ ! -f /tmp/vmware.done ]]; do :; done
|
while [[ ! -f /tmp/vmware.done ]]; do :; done
|
||||||
|
@ -210,6 +218,7 @@ if [[ "${LATEST_COMMIT}" != "$(cat /tmp/${PACKER_NAME}-latest.sha)" ]]; then
|
||||||
# ZIPup all the vmware stuff
|
# ZIPup all the vmware stuff
|
||||||
mv output-vmware-iso VMware
|
mv output-vmware-iso VMware
|
||||||
cd VMware
|
cd VMware
|
||||||
|
# TODO/FIXME: Use ${SHA_SUMS} instead of static --shaFOO
|
||||||
${RHASH_RUN} --lowercase --sfv --sha1 --sha256 --sha384 --sha512 -o ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.sfv *
|
${RHASH_RUN} --lowercase --sfv --sha1 --sha256 --sha384 --sha512 -o ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.sfv *
|
||||||
cd ../
|
cd ../
|
||||||
zip -r ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-VMware.zip VMware/*
|
zip -r ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-VMware.zip VMware/*
|
||||||
|
@ -217,6 +226,7 @@ if [[ "${LATEST_COMMIT}" != "$(cat /tmp/${PACKER_NAME}-latest.sha)" ]]; then
|
||||||
mv output-virtualbox-iso/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.ova .
|
mv output-virtualbox-iso/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.ova .
|
||||||
|
|
||||||
# Create a hashfile for the zip
|
# Create a hashfile for the zip
|
||||||
|
# TODO/FIXME: Use ${SHA_SUMS} instead of static --shaFOO
|
||||||
${RHASH_RUN} --lowercase --sfv --sha1 --sha256 --sha384 --sha512 -o ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv *.zip *.ova
|
${RHASH_RUN} --lowercase --sfv --sha1 --sha256 --sha384 --sha512 -o ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv *.zip *.ova
|
||||||
|
|
||||||
# Current file list of everything to gpg sign and transfer
|
# Current file list of everything to gpg sign and transfer
|
||||||
|
|
Loading…
Reference in New Issue