MISP
/
misp-packer
mirror of https://github.com/MISP/misp-packer
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [deploy] Updated deploy script to be more universal.

pull/23/head
Steve Clement 2019-05-25 13:37:46 +09:00
parent e36402b704
commit 0bc4b957d6
No known key found for this signature in database
GPG Key ID: 69A20F509BE4AEE9
1 changed files with 34 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
deploy.sh
View File

@ -3,6 +3,7 @@
# Timing creation # Timing creation
TIME_START=$(date +%s) TIME_START=$(date +%s)
# TODO: Move into seprate file
GOT_PACKER=$(which packer > /dev/null 2>&1; echo $?) GOT_PACKER=$(which packer > /dev/null 2>&1; echo $?)
if [[ "${GOT_PACKER}" == "0" ]]; then if [[ "${GOT_PACKER}" == "0" ]]; then
echo "Packer detected, version: $(packer -v)" echo "Packer detected, version: $(packer -v)"
@ -21,16 +22,12 @@ else
exit 1 exit 1
fi fi
# Place holder REPO="${REPO}"
checkBin () BRANCH="2.4"
{
echo "NOOP"
}
# Latest version of misp # Latest version of misp
VER=$(curl -s https://api.github.com/repos/MISP/MISP/tags |jq -r '.[0] | .name') VER=$(curl -s https://api.github.com/repos/${REPO}/tags |jq -r '.[0] | .name')
# Latest commit hash of misp # Latest commit hash of misp
LATEST_COMMIT=$(curl -s https://api.github.com/repos/MISP/MISP/commits |jq -r '.[0] | .sha') LATEST_COMMIT=$(curl -s https://api.github.com/repos/${REPO}/commits |jq -r '.[0] | .sha')
LATEST_COMMIT_SHORT=$(echo ${LATEST_COMMIT} |cut -c1-7) LATEST_COMMIT_SHORT=$(echo ${LATEST_COMMIT} |cut -c1-7)
if [[ "${VER}" == "" ]] || [[ "${LATEST_COMMIT}" == "" ]] ; then if [[ "${VER}" == "" ]] || [[ "${LATEST_COMMIT}" == "" ]] ; then
@ -38,13 +35,18 @@ if [[ "${VER}" == "" ]] || [[ "${LATEST_COMMIT}" == "" ]] ; then
exit -1 exit -1
fi fi
# SHAsums to be computed, not the -- notatiation is for ease of use with rhash # SHAsums to be computed, note the -- notatiation is for ease of use with rhash
SHA_SUMS="--sha1 --sha256 --sha384 --sha512" SHA_SUMS="--sha1 --sha256 --sha384 --sha512"
PACKER_NAME="misp" PACKER_NAME="misp"
PACKER_VM="MISP" PACKER_VM="MISP"
NAME="misp-packer" NAME="misp-packer"
NAME_OF_INSTALLER="INSTALL.sh"
PATH_TO_INSTALLER="scripts/${NAME_OF_INSTALLER}"
URL_TO_INSTALLER="https://raw.githubusercontent.com/${REPO}/${BRANCH}/INSTALL/${NAME_OF_INSTALLER}"
URL_TO_LICENSE="https://raw.githubusercontent.com/${REPO}/${BRANCH}/LICENSE"
# Update time-stamp and make sure file exists # Update time-stamp and make sure file exists
touch /tmp/${PACKER_NAME}-latest.sha touch /tmp/${PACKER_NAME}-latest.sha
@ -70,15 +72,21 @@ PWD=`pwd`
mkdir -p ${PWD}/log mkdir -p ${PWD}/log
vm_description='MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.' vm_description='MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.'
vm_version='2.4' vm_version=${BRANCH}
# Place holder
checkBin ()
{
echo "NOOP"
}
# TODO: have the checksums on a 2nd source, GitHub? compare https://circl.lu with GH # TODO: have the checksums on a 2nd source, GitHub? compare https://circl.lu with GH
# Place holder, this fn() should be used to anything signing related # Place holder, this fn() should be used to anything signing related
signify () signify ()
{ {
# This should create the following file: # This should create the following file:
# MISP_v2.4.105@3a25986766623f64255136e3fa5eec3af1faad7f-CHECKSUM.asc # MISP_v2.4.105@3a25986766623f64255136e3fa5eec3af1faad7f-CHECKSUM.asc
# -----BEGIN PGP SIGNED MESSAGE----- # -----BEGIN PGP SIGNED MESSAGE-----
@ -140,26 +148,26 @@ think () {
echo ${1} echo ${1}
fi fi
} }
checkInstaller () { checkInstaller () {
/usr/bin/wget -q -O scripts/INSTALL.sh.sfv https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sfv /usr/bin/wget -q -O ${PATH_TO_INSTALLER}.sfv ${URL_TO_INSTALLER}.sfv
rhash_chk=$(cd scripts ; ${RHASH_RUN} -c INSTALL.sh.sfv > /dev/null 2>&1; echo $?) rhash_chk=$(cd scripts ; ${RHASH_RUN} -c ${NAME_OF_INSTALLER}.sfv > /dev/null 2>&1; echo $?)
for sum in $(echo ${SHA_SUMS} |sed 's/--sha//g'); do for sum in $(echo ${SHA_SUMS} |sed 's/--sha//g'); do
/usr/bin/wget -q -O scripts/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha${sum} /usr/bin/wget -q -O ${PATH_TO_INSTALLER}.sha${sum} ${URL_TO_INSTALLER}.sha${sum}
INSTsum=$(shasum -a ${sum} scripts/INSTALL.sh | cut -f1 -d\ ) INSTsum=$(shasum -a ${sum} ${PATH_TO_INSTALLER} | cut -f1 -d\ )
chsum=$(cat scripts/INSTALL.sh.sha${sum} | cut -f1 -d\ ) chsum=$(cat ${PATH_TO_INSTALLER}.sha${sum} | cut -f1 -d\ )
if [[ "${chsum}" == "${INSTsum}" ]] && [[ "${rhash_chk}" == "0" ]]; then if [[ "${chsum}" == "${INSTsum}" ]] && [[ "${rhash_chk}" == "0" ]]; then
echo "sha${sum} matches" echo "sha${sum} matches"
else else
echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}" echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}"
echo "Deleting installer, please run again." echo "Deleting installer, please run again."
rm scripts/INSTALL.sh rm ${PATH_TO_INSTALLER}
exit 1 exit 1
fi fi
done done
} }
removeAll () { removeAll () {
# Remove files for next run # Remove files for next run
[[ -d "output-virtualbox-iso" ]] && rm -r output-virtualbox-iso [[ -d "output-virtualbox-iso" ]] && rm -r output-virtualbox-iso
@ -175,14 +183,14 @@ removeAll () {
removeAll 2> /dev/null removeAll 2> /dev/null
# Fetching latest MISP LICENSE # Fetching latest MISP LICENSE
/usr/bin/wget -q -O /tmp/LICENSE-${PACKER_NAME} https://raw.githubusercontent.com/MISP/MISP/2.4/LICENSE /usr/bin/wget -q -O /tmp/LICENSE-${PACKER_NAME} ${URL_TO_LICENSE}
# Make sure the installer we run is the one that is currently on GitHub # Make sure the installer we run is the one that is currently on GitHub
if [[ -e "scripts/INSTALL.sh" ]]; then if [[ -e ${PATH_TO_INSTALLER} ]]; then
echo "Checking checksums" echo "Checking checksums"
checkInstaller checkInstaller
else else
/usr/bin/wget -q -O scripts/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh /usr/bin/wget -q -O ${PATH_TO_INSTALLER} ${URL_TO_INSTALLER}
checkInstaller checkInstaller
fi fi
@ -191,15 +199,15 @@ if [[ "${LATEST_COMMIT}" != "$(cat /tmp/${PACKER_NAME}-latest.sha)" ]]; then
echo "Current ${PACKER_VM} version is: ${VER}@${LATEST_COMMIT_SHORT}" echo "Current ${PACKER_VM} version is: ${VER}@${LATEST_COMMIT_SHORT}"
# Search and replace for vm_name and make sure we can easily identify the generated VMs # Search and replace for vm_name and make sure we can easily identify the generated VMs
cat misp.json| sed "s|\"vm_name\": \"MISP_demo\",|\"vm_name\": \"${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}\",|" > misp-deploy.json cat ${PACKER_NAME}.json| sed "s|\"vm_name\": \"MISP_demo\",|\"vm_name\": \"${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}\",|" > ${PACKER_NAME}-deploy.json
# Build virtualbox VM set # Build virtualbox VM set
PACKER_LOG_PATH="${PWD}/packerlog-vbox.txt" PACKER_LOG_PATH="${PWD}/packerlog-vbox.txt"
($PACKER_RUN build --on-error=cleanup -only=virtualbox-iso misp-deploy.json ; echo $? > /tmp/vbox.done) & ($PACKER_RUN build --on-error=cleanup -only=virtualbox-iso ${PACKER_NAME}-deploy.json ; echo $? > /tmp/vbox.done) &
# Build vmware VM set # Build vmware VM set
PACKER_LOG_PATH="${PWD}/packerlog-vmware.txt" PACKER_LOG_PATH="${PWD}/packerlog-vmware.txt"
($PACKER_RUN build --on-error=cleanup -only=vmware-iso misp-deploy.json ; echo $? > /tmp/vmware.done) & ($PACKER_RUN build --on-error=cleanup -only=vmware-iso ${PACKER_NAME}-deploy.json ; echo $? > /tmp/vmware.done) &
# The below waits for the above 2 parallel packer builds to finish # The below waits for the above 2 parallel packer builds to finish
while [[ ! -f /tmp/vmware.done ]]; do :; done while [[ ! -f /tmp/vmware.done ]]; do :; done
@ -210,6 +218,7 @@ if [[ "${LATEST_COMMIT}" != "$(cat /tmp/${PACKER_NAME}-latest.sha)" ]]; then
# ZIPup all the vmware stuff # ZIPup all the vmware stuff
mv output-vmware-iso VMware mv output-vmware-iso VMware
cd VMware cd VMware
# TODO/FIXME: Use ${SHA_SUMS} instead of static --shaFOO
${RHASH_RUN} --lowercase --sfv --sha1 --sha256 --sha384 --sha512 -o ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.sfv * ${RHASH_RUN} --lowercase --sfv --sha1 --sha256 --sha384 --sha512 -o ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.sfv *
cd ../ cd ../
zip -r ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-VMware.zip VMware/* zip -r ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-VMware.zip VMware/*
@ -217,6 +226,7 @@ if [[ "${LATEST_COMMIT}" != "$(cat /tmp/${PACKER_NAME}-latest.sha)" ]]; then
mv output-virtualbox-iso/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.ova . mv output-virtualbox-iso/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.ova .
# Create a hashfile for the zip # Create a hashfile for the zip
# TODO/FIXME: Use ${SHA_SUMS} instead of static --shaFOO
${RHASH_RUN} --lowercase --sfv --sha1 --sha256 --sha384 --sha512 -o ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv *.zip *.ova ${RHASH_RUN} --lowercase --sfv --sha1 --sha256 --sha384 --sha512 -o ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv *.zip *.ova
# Current file list of everything to gpg sign and transfer # Current file list of everything to gpg sign and transfer