MISP
/
misp-packer
mirror of https://github.com/MISP/misp-packer
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [deploy] Some major clean-up for checksums and file names, should be more clean now.

pull/23/head
Steve Clement 2019-05-15 11:25:45 +09:00
parent 20d01a4633
commit 5c8b58117c
1 changed files with 57 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
deploy.sh
View File

@ -12,6 +12,15 @@ else
exit 1 exit 1
fi fi
GOT_RHASH=$(which rhash > /dev/null 2>&1; echo $?)
if [[ "${GOT_RHASH}" == "0" ]]; then
echo "rhash detected, version: $(rhash --version)"
RHASH_RUN=$(which rhash)
else
echo "No rhash binary detected, please make sure you installed it."
exit 1
fi
# Place holder # Place holder
checkBin () checkBin ()
{ {
@ -63,6 +72,9 @@ mkdir -p ${PWD}/log
vm_description='MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.' vm_description='MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.'
vm_version='2.4' vm_version='2.4'
# TODO: have the checksums on a 2nd source, GitHub? compare https://circl.lu with GH
# Place holder, this fn() should be used to anything signing related # Place holder, this fn() should be used to anything signing related
signify () signify ()
{ {
@ -130,7 +142,7 @@ think () {
} }
checkInstaller () { checkInstaller () {
/usr/bin/wget -q -O scripts/INSTALL.sh.sfv https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sfv /usr/bin/wget -q -O scripts/INSTALL.sh.sfv https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sfv
rhash_chk=$(cd scripts ;rhash -c INSTALL.sh.sfv > /dev/null 2>&1; echo $?) rhash_chk=$(cd scripts ; ${RHASH_RUN} -c INSTALL.sh.sfv > /dev/null 2>&1; echo $?)
for sum in $(echo ${SHA_SUMS} |sed 's/--sha//'); do for sum in $(echo ${SHA_SUMS} |sed 's/--sha//'); do
/usr/bin/wget -q -O scripts/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha${sum} /usr/bin/wget -q -O scripts/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha${sum}
INSTsum=$(shasum -a ${sum} scripts/INSTALL.sh | cut -f1 -d\ ) INSTsum=$(shasum -a ${sum} scripts/INSTALL.sh | cut -f1 -d\ )
@ -152,10 +164,11 @@ removeAll () {
# Remove files for next run # Remove files for next run
[[ -d "output-virtualbox-iso" ]] && rm -r output-virtualbox-iso [[ -d "output-virtualbox-iso" ]] && rm -r output-virtualbox-iso
[[ -d "output-vmware-iso" ]] && rm -r output-vmware-iso [[ -d "output-vmware-iso" ]] && rm -r output-vmware-iso
rm *.checksum *.zip *.sha* [[ -d "VMware" ]] && rm -r VMware
rm *.zip *.sfv
rm ${PACKER_NAME}-deploy.json rm ${PACKER_NAME}-deploy.json
rm packer_virtualbox-iso_virtualbox-iso_sha*.checksum.asc rm packer_virtualbox-iso_virtualbox-iso_sha*.sfv.asc
rm ${PACKER_VM}_${VER}@${LATEST_COMMIT}-vmware.zip.asc rm ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-vmware.zip.asc
rm /tmp/LICENSE-${PACKER_NAME} rm /tmp/LICENSE-${PACKER_NAME}
rm /tmp/vbox.done /tmp/vmware.done rm /tmp/vbox.done /tmp/vmware.done
} }
@ -177,10 +190,10 @@ fi
# Check if latest build is still up to date, if not, roll and deploy new # Check if latest build is still up to date, if not, roll and deploy new
if [[ "${LATEST_COMMIT}" != "$(cat /tmp/${PACKER_NAME}-latest.sha)" ]]; then if [[ "${LATEST_COMMIT}" != "$(cat /tmp/${PACKER_NAME}-latest.sha)" ]]; then
echo "Current ${PACKER_VM} version is: ${VER}@${LATEST_COMMIT}" echo "Current ${PACKER_VM} version is: ${VER}@${LATEST_COMMIT_SHORT}"
# Search and replace for vm_name and make sure we can easily identify the generated VMs # Search and replace for vm_name and make sure we can easily identify the generated VMs
cat misp.json| sed "s|\"vm_name\": \"MISP_demo\",|\"vm_name\": \"${PACKER_VM}_${VER}@${LATEST_COMMIT}\",|" > misp-deploy.json cat misp.json| sed "s|\"vm_name\": \"MISP_demo\",|\"vm_name\": \"${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}\",|" > misp-deploy.json
# Build virtualbox VM set # Build virtualbox VM set
PACKER_LOG_PATH="${PWD}/packerlog-vbox.txt" PACKER_LOG_PATH="${PWD}/packerlog-vbox.txt"
@ -192,58 +205,54 @@ if [[ "${LATEST_COMMIT}" != "$(cat /tmp/${PACKER_NAME}-latest.sha)" ]]; then
# The below waits for the above 2 parallel packer builds to finish # The below waits for the above 2 parallel packer builds to finish
while [[ ! -f /tmp/vmware.done ]]; do :; done while [[ ! -f /tmp/vmware.done ]]; do :; done
while [[ ! -f /tmp/vbox.done ]]; do :; done while [[ ! -f /tmp/vbox.done ]]; do :; done
# Prevent uploading only half a build # Prevent uploading only half a build
if [[ "$(cat /tmp/vbox.done)" == "0" ]] && [[ "$(cat /tmp/vmware.done)" == "0" ]]; then if [[ "$(cat /tmp/vbox.done)" == "0" ]] && [[ "$(cat /tmp/vmware.done)" == "0" ]]; then
# ZIPup all the vmware stuff # ZIPup all the vmware stuff
zip -r ${PACKER_VM}_${VER}@${LATEST_COMMIT}-vmware.zip packer_vmware-iso_vmware-iso_sha1.checksum packer_vmware-iso_vmware-iso_sha512.checksum output-vmware-iso mv output-vmware-iso VMware
cd VMware
${RHASH_RUN} --sfv --sha1 --sha256 --sha384 --sha512 -o ${PACKER_VM}_${VRE}@${LATEST_COMMIT_SHORT}.sfv *
cd ../
zip -r ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-VMware.zip VMware/*
mv output-virtualbox-iso/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.ova .
# Create a hashfile for the zip # Create a hashfile for the zip
for SUMsize in $(echo ${SHA_SUMS} |sed 's/--sha//'); do ${RHASH_RUN} --sfv --sha1 --sha256 --sha384 --sha512 -o ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv *.zip *.ova
shasum -a ${SUMsize} *.zip > ${PACKER_VM}_${VER}@${LATEST_COMMIT}-vmware.zip.sha${SUMsize}
# Current file list of everything to gpg sign and transfer
FILE_LIST="${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-VMware.zip \
${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.ova \
${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv"
# Create the latest MISP export directory
if [[ "${REMOTE}" == "1" ]]; then
ssh ${REL_USER}@${REL_SERVER} "mkdir -p export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT} ; mkdir -p export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/checksums"
fi
# Sign and transfer files
for FILE in ${FILE_LIST}; do
if [[ "$GPG_ENABLED" == "1" ]]; then
if [[ "$GPG_KEY" == "0x" ]] || [[ -z "$GPG_KEY" ]]; then
gpg --armor --output ${FILE}.asc --detach-sig ${FILE}
else
gpg --armor -u ${GPG_KEY} --output ${FILE}.asc --detach-sig ${FILE}
fi
[[ "${REMOTE}" == "1" ]] && rsync -azvq --progress ${FILE}.asc ${REL_USER}@${REL_SERVER}:export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}
fi
if [[ "${REMOTE}" == "1" ]]; then
rsync -azvq --progress ${FILE} ${REL_USER}@${REL_SERVER}:export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}
ssh ${REL_USER}@${REL_SERVER} "rm export/latest ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT} export/latest"
fi
done done
# Current file list of everything to gpg sign and transfer
FILE_LIST="${PACKER_VM}_${VER}@${LATEST_COMMIT}-vmware.zip \
output-virtualbox-iso/${PACKER_VM}_${VER}@${LATEST_COMMIT}.ova \
packer_virtualbox-iso_virtualbox-iso_sha1.checksum \
packer_virtualbox-iso_virtualbox-iso_sha256.checksum \
packer_virtualbox-iso_virtualbox-iso_sha384.checksum \
packer_virtualbox-iso_virtualbox-iso_sha512.checksum \
${PACKER_VM}_${VER}@${LATEST_COMMIT}-vmware.zip.sha1 \
${PACKER_VM}_${VER}@${LATEST_COMMIT}-vmware.zip.sha256 \
${PACKER_VM}_${VER}@${LATEST_COMMIT}-vmware.zip.sha384 \
${PACKER_VM}_${VER}@${LATEST_COMMIT}-vmware.zip.sha512"
# Create the latest MISP export directory
if [[ "${REMOTE}" == "1" ]]; then
ssh ${REL_USER}@${REL_SERVER} "mkdir -p export/${PACKER_VM}_${VER}@${LATEST_COMMIT} ; mkdir -p export/${PACKER_VM}_${VER}@${LATEST_COMMIT}/checksums"
fi
# Sign and transfer files
for FILE in ${FILE_LIST}; do
if [[ "$GPG_ENABLED" == "1" ]]; then
if [[ "$GPG_KEY" == "0x" ]] || [[ -z "$GPG_KEY" ]]; then
gpg --armor --output ${FILE}.asc --detach-sig ${FILE}
else
gpg --armor -u ${GPG_KEY} --output ${FILE}.asc --detach-sig ${FILE}
fi
[[ "${REMOTE}" == "1" ]] && rsync -azvq --progress ${FILE}.asc ${REL_USER}@${REL_SERVER}:export/${PACKER_VM}_${VER}@${LATEST_COMMIT}
fi
if [[ "${REMOTE}" == "1" ]]; then if [[ "${REMOTE}" == "1" ]]; then
rsync -azvq --progress ${FILE} ${REL_USER}@${REL_SERVER}:export/${PACKER_VM}_${VER}@${LATEST_COMMIT} ssh ${REL_USER}@${REL_SERVER} "chmod -R +r export \
ssh ${REL_USER}@${REL_SERVER} "rm export/latest ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT} export/latest" mv export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/*.CHECKSUM* export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/checksums \
cd export ; tree -T "${PACKER_VM} VM Images" -H https://www.circl.lu/misp-images/ -o index.html"
fi fi
done
if [[ "${REMOTE}" == "1" ]]; then
ssh ${REL_USER}@${REL_SERVER} "chmod -R +r export \
mv export/${PACKER_VM}_${VER}@${LATEST_COMMIT}/*.checksum* export/${PACKER_VM}_${VER}@${LATEST_COMMIT}/checksums \
mv export/${PACKER_VM}_${VER}@${LATEST_COMMIT}/*-vmware.zip.sha* export/${PACKER_VM}_${VER}@${LATEST_COMMIT}/checksums \
cd export ; tree -T "${PACKER_VM} VM Images" -H https://www.circl.lu/misp-images/ -o index.html"
fi
else else
echo "The packer exit code of VMware was: ${VMWARE_BUILD}" echo "The packer exit code of VMware was: ${VMWARE_BUILD}"