forked from opensearch-project/opensearch-build
-
Notifications
You must be signed in to change notification settings - Fork 0
/
rpmMetaValidation.groovy
78 lines (75 loc) · 2.68 KB
/
rpmMetaValidation.groovy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/**
* This is a general function for RPM distribution validation.
* @param Map args = [:]
* args.refMap: The Map contains the expected meta data from the Manifest.
* args.rpmDistribution: The location of the RPM distribution file.
*/
def call(Map args = [:]) {
def distFile = args.rpmDistribution
def refMap = args.refMap
//Validation for the Meta Data of distribution
println("Meta data validations start:")
def metadata = sh (
script: "rpm -qip $distFile",
returnStdout: true
).trim()
println("Meta data for the RPM distribution is: \n" + metadata)
// Extract the meta data from the distribution to Map
def metaMap = [:]
for (line in metadata.split('\n')) {
def key = line.split(':')[0].trim()
if (key != 'Description') {
metaMap[key] = line.split(':', 2)[1].trim()
} else {
metaMap[key] = metadata.split(line)[1].trim()
break
}
}
// Start validating
refMap.each{ key, value ->
if (key == "Architecture") {
if (value == 'x64') {
assert metaMap[key] == 'x86_64'
} else if (value == 'arm64') {
assert metaMap[key] == 'aarch64'
}
} else {
assert metaMap[key] == value
}
println("Meta data for $key is validated")
}
println("Validation for meta data of RPM distribution completed.")
// Validate the distribution signature
def checksig = sh (
script: "rpm -K -v $distFile",
returnStdout: true
).trim()
println("Signature check of the rpm distribution file is: \n" + checksig)
def keyList = ["Header V4 RSA/SHA512 Signature, key ID 9310d3fc", "Header SHA256 digest",
"Header SHA1 digest", "Payload SHA256 digest",
"V4 RSA/SHA512 Signature, key ID 9310d3fc", "MD5 digest"]
def presentKey = []
for (line in checksig.split('\n')) {
def key = line.split(':')[0].trim()
if (key == distFile) {
continue
} else {
assert line.split(':', 2)[1].trim().contains("OK")
println(key + " is validated as: " + line)
presentKey.add(key)
}
}
println("Validation all key digests starts: ")
for (digest in keyList) {
assert presentKey.contains(digest)
println("Key digest \"$digest\" is validated to be present.")
}
println("Validation for signature of RPM distribution completed.")
}