Skip to content

Instantly share code, notes, and snippets.

@theopolis
Last active Nov 22, 2019
Embed
What would you like to do?
osquery-signing
[osquery-s3-rpm-repo]
name=name=osquery RPM repository - $basearch
baseurl=https://s3.amazonaws.com/osquery-packages/rpm/$basearch/
enabled=1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-osquery
gpgcheck=1
#!/usr/bin/env bash
#
# Script to sign and publish in s3 the RPM and DEB signed packages
# and the PKG package.
#
# main entrypoint to signing
#
USER=$(whoami)
# Expect this script to run in the home directory of the osquery user.
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
TOOLS_DIR="$( dirname "$( realpath "${BASH_SOURCE[0]}" )" )"
TOOLS_DIR="$TOOLS_DIR/.."
PKG_SIGNING_LOCAL=true
OHOME=$(realpath ~)
GPG_KEY=C9D8B80B
PKG11_BINARY_IDENTITY="Developer ID Application: Theodore Reed (B89LNTUADM)"
PKG11_PACKAGE_IDENTITY="B89LNTUADM"
PKG11_EXTENSION_IDENTITY="B89LNTUADM"
if $PKG_SIGNING_LOCAL; then
# Check bash version
export PATH=/usr/local/opt/findutils/libexec/gnubin:$PATH
export PATH=/usr/local/Cellar/coreutils/8.26/libexec/gnubin:$PATH
fi
# Locations to store packages locally
LOCAL_PACKAGES=$OHOME/local_packages
PKG11_DIR=$LOCAL_PACKAGES/darwin
DEB_DIR=$LOCAL_PACKAGES/deb
RPM_DIR=$LOCAL_PACKAGES/rpm
LINUX_DIR=$LOCAL_PACKAGES/linux
# Locations to store repositories
LOCAL_REPOSITORIES=$OHOME/repositories
PKG11_REPO=$LOCAL_REPOSITORIES/darwin
DEB_REPO=$LOCAL_REPOSITORIES/deb
RPM_REPO=$LOCAL_REPOSITORIES/rpm
LINUX_REPO=$LOCAL_REPOSITORIES/linux
# Files to keep track of downloaded packages
LOCAL_PROCESSED=$OHOME/processed
PKG11_PROCESSED=$LOCAL_PROCESSED/pkg11.list
DEB_PROCESSED=$LOCAL_PROCESSED/deb.list
RPM_PROCESSED=$LOCAL_PROCESSED/rpm.list
LINUX_PROCESSED=$LOCAL_PROCESSED/linux.list
# Files to keep track of signed packages
LOCAL_SIGNED=$OHOME/signed
PKG11_SIGNED=$LOCAL_SIGNED/pkg11.list
DEB_SIGNED=$LOCAL_SIGNED/deb.list
RPM_SIGNED=$LOCAL_SIGNED/rpm.list
LINUX_SIGNED=$LOCAL_SIGNED/linux.list
# Debian packaging freight variables
FREIGHT_CACHE=/usr/local/var/cache/freight
FREIGHT_CONFIGS=/usr/local/etc
# This libdir is not used, included only for reference
FREIGHT_LIB=/usr/local/var/lib/freight
# OS X binaries/packages are signed on an external signing host, using osx_sign.
PKG_SIGNING_HOST=osquery-osx-signing
PKG_SIGNING_KEY=$OHOME/OSQUERY-OSX-SIGNING.key
PKG11_KEYCHAIN=osquery.keychain
PKG11_WORKING_DIR=working
function need_tool {
TOOL=$1
EXISTS=$(which $TOOL || true)
if [[ ! -f "$EXISTS" ]]; then
echo "[$2] Need to install $TOOL..."
return 1
fi
return 0
}
if [[ $1 = "setup" ]]; then
set -e
if [[ ! -d $OHOME ]]; then
sudo mkdir -p $OHOME
sudo chown $USER $OHOME
echo "[0] Created: $OHOME"
fi
if [[ ! "$(pwd)" = "$OHOME" ]]; then
echo "[!] You should be running this script from $OHOME"
ln -sf $TOOLS_DIR/bin/package_publisher $OHOME/
echo "[!] Please re-execute: $OHOME/package_publisher"
exit 1
fi
if [[ ! -f "$OHOME/.s3cfg" ]]; then
cp $TOOLS_DIR/config/s3cfg $OHOME/.s3cfg
echo "[1] Installed: $OHOME/.s3cfg"
fi
if [[ ! `cat $OHOME/.s3cfg | grep PLEASE_ENTER || true` = "" ]]; then
echo "[2] Please fill in ACCESS, SECRET, PASSWORD in $OHOME/.s3cfg"
fi
if [[ ! -f "$OHOME/.rpmmacros" ]]; then
ln -sf $TOOLS_DIR/config/rpmmacros $OHOME/.rpmmacros
echo "[3] Installed: $OHOME/.rpmmacros"
fi
if [[ ! -f "$OHOME/osquery-s3-rpm.repo" ]]; then
ln -sf $TOOLS_DIR/repos/osquery-s3-rpm.repo $OHOME/osquery-s3-rpm.repo
echo "[4-2] Installed: $OHOME/osquery-s3-rpm.repo"
fi
if [[ ! -e "$OHOME/rpm_sign.exp" || ! -e "$OHOME/osx_sign.sh" ]]; then
ln -sf $TOOLS_DIR/bin/osx_sign $OHOME/osx_sign.sh
ln -sf $TOOLS_DIR/bin/rpm_sign $OHOME/rpm_sign.exp
echo "[5] Installed: $OHOME/{osx_sign.sh,rpm_sign.exp}"
fi
if [[ ! -f "$OHOME/OSQUERY-S3-RPM-REPO-GPGKEY" ]]; then
ln -sf $TOOLS_DIR/config/rpm.gpg.pub $OHOME/OSQUERY-S3-RPM-REPO-GPGKEY
echo "[5] Installed: $OHOME/OSQUERY-S3-RPM-REPO-GPGKEY (public key)"
fi
cd $OHOME
mkdir -p $PKG11_DIR
mkdir -p $DEB_DIR
mkdir -p $RPM_DIR
mkdir -p $LINUX_DIR
mkdir -p $PKG11_REPO
mkdir -p $DEB_REPO
mkdir -p $RPM_REPO/x86_64
mkdir -p $LINUX_REPO
mkdir -p $LOCAL_PROCESSED
touch $PKG11_PROCESSED
touch $DEB_PROCESSED
touch $RPM_PROCESSED
touch $LINUX_PROCESSED
mkdir -p $LOCAL_SIGNED
touch $PKG11_SIGNED
touch $DEB_SIGNED
touch $RPM_SIGNED
touch $LINUX_SIGNED
set +e
if ! need_tool debsigs 6; then
echo "[6] Installing debsigs..."
brew install coreutils
brew install binutils
pushd /tmp/
git clone https://gitlab.com/debsigs/debsigs.git
pushd debsigs
perl Makefile.PL
make
if $PKG_SIGNING_LOCAL; then
grep -lr "/usr/bin/gpg" . | xargs sed -i.bak 's/\/usr\/bin\/gpg/\/usr\/local\/bin\/gpg/g'
grep -lr "/usr/bin/ar" . | xargs sed -i.bak 's/\/usr\/bin\/ar/\/usr\/local\/bin\/gar/g'
fi
sudo make install
popd
popd
fi
if ! need_tool s3cmd 7; then
if $PKG_SIGNING_LOCAL; then
brew install s3cmd
else
sudo apt install -y s3cmd
fi
fi
if ! need_tool gpg 9; then
if $PKG_SIGNING_LOCAL; then
brew install gpg
else
sudo apt install -y gpg
fi
fi
if ! need_tool createrepo 8; then
if $PKG_SIGNING_LOCAL; then
brew tap stepanstipl/noop
brew install createrepo
brew uninstall --ignore-dependencies libxml2
brew install --with-python homebrew/homebrew-core/libxml2
echo /usr/local/opt/libxml2/lib/python2.7/site-packages >> /usr/local/lib/python2.7/site-packages/libxml2.pth
true
else
sudo apt install -y createrepo
fi
fi
if ! need_tool rpm 9; then
if $PKG_SIGNING_LOCAL; then
brew install rpm
else
sudo apt install -y rpm
fi
fi
if ! need_tool ts 8; then
if $PKG_SIGNING_LOCAL; then
brew install moreutils
else
sudo apt install -y moreutils
fi
fi
if ! need_tool expect 10; then
if $PKG_SIGNING_LOCAL; then
brew install expect
else
sudo apt install -y expect
fi
fi
if ! need_tool freight 10; then
pushd /tmp
git clone https://github.com/freight-team/freight
pushd freight
if $PKG_SIGNING_LOCAL; then
brew install findutils
ln -s /usr/local/bin/ginstall /usr/local/bin/install
fi
make
sudo make install-bin
sudo make install-lib
popd
popd
fi
set -e
if [[ ! -f "$FREIGHT_CONFIGS?freight.deb.conf" ]]; then
sudo ln -sf "$TOOLS_DIR/config/freight.deb.conf" "$FREIGHT_CONFIGS/"
echo "[11-2] Installed freight configuration: deb"
fi
if [[ ! -d "$FREIGHT_CACHE" ]]; then
mkdir -p $OHOME/repositories/freight
sudo mkdir -p `dirname $FREIGHT_CACHE`
sudo ln -s $OHOME/repositories/freight $FREIGHT_CACHE
echo "[12] Creating freight cache"
fi
if [[ ! -d "$FREIGHT_LIB" ]]; then
sudo mkdir -p $FREIGHT_LIB
sudo chown $USER "$FREIGHT_LIB"
echo "[12] Creating freight lib"
fi
PUBKEY=$(gpg --list-keys | grep $GPG_KEY || true)
if [[ "$PUBKEY" = "" ]]; then
echo "[99] Installing public GPG key into keyring $GPG_KEY"
gpg --import OSQUERY-S3-RPM-REPO-GPGKEY
fi
GPG=$(gpg --export-secret-key -a $GPG_KEY | grep "KEY BLOCK" || true)
if [[ "$GPG" = "" ]]; then
echo "[99] Please install the private key for $GPG_KEY: gpg --import private.key"
fi
rm -f "$OHOME/.gnupg/gpg.conf"
cp $TOOLS_DIR/config/gpg.conf $OHOME/.gnupg/gpg.conf
if $PKG_SIGNING_LOCAL; then
KEYCHAIN="$OHOME/Library/Keychains/osquery.keychain"
if [[ ! -f $KEYCHAIN ]]; then
echo "[100] Cannot find osquery keychain: $KEYCHAIN"
exit 1
fi
PASSWORD="$OHOME/.keychain.key"
if [[ ! -f $PASSWORD ]]; then
echo "[100] Cannot find osquery keychain secret: $PASSWORD"
exit 1
fi
fi
exit 0
fi
if [[ ! $1 = "please" ]]; then
echo "Would create lists, repos, etc in: $SCRIPT_DIR"
echo "The tools directory, for configs is: $TOOLS_DIR"
echo "Sorry, you didn't say the magic word"
exit 1
fi
# Log file
LOG_FILE=./publisher.log
touch $LOG_FILE || exit
function log {
echo "$1" | ts "[%Y-%m-%d %H:%M:%S]"
}
# S3 bucket
S3_URL="s3://osquery-packages"
if [[ ! -d "$FREIGHT_CACHE" ]]; then
echo "Sorry, cannot find freight cache: $FREIGHT_CACHE"
exit 1
elif [[ ! -d "$FREIGHT_CONFIGS" ]]; then
echo "Sorry, cannot find freight configs: $FREIGHT_CONFIGS"
exit 1
fi
if [[ "$PKG_SIGNING_LOCAL" = "false" && ! "`ping -c 1 $PKG_SIGNING_HOST`" ]]; then
echo "Sorry, cannot ping OS X signing host: $PKG_SIGNING_HOST"
echo "If you'd like to sign OS X packages locally see PKG_SIGNING_LOCAL"
echo ""
# exit 1
fi
set -e
# Number of historic packages
HISTORIC=5
HISTORIC_KERNEL=5
HISTORIC_COMMIT=5
# Function to check if package has been published already, parameters:
# $1 - package name
# $2 - /path/to/history file of packages
# $3 - type of package
# $4 - package directory
# $5 - package URL
function retrieve_last {
echo "retrieve_last $1 $2 $3 $4 $5 $6"
if [ -z $(grep "$6" "$2") ]; then
log "$3: $6 not found, processing..."
wget -O "$4/$6" "$5/$1"
echo "$6" >> "$2"
else
log "$3: nothing new"
# break # Keep processing changes
fi
}
# Function to check if package has been published already, parameters:
# $1 - package name
# $2 - /path/to/history file of signed packages
function signed_already {
if [ -z $(grep "$1" "$2") ]; then
echo "not"
else
echo "signed"
exit
fi
}
# Function to set signed status, parameters:
# $1 - package name
# $2 - /path/to/history file of signed packages
function update_signed {
echo "$1" >> "$2"
}
# Function to publish in s3, parameters:
# $1 - /path/to/package/
# $2 - s3 subdirectory
function publish_s3 {
if [[ -d "$1" ]]; then
echo "Publishing $1 to S3: $S3_URL/$2/"
s3cmd -P sync "$1/" "$S3_URL/$2/"
fi
}
# Function to publish centos repos in s3, parameters:
# $1 - /path/to/package/
# $2 - (centos7/centos6) repo
function publish_centos_s3 {
if [[ -d "$1" ]]; then
echo "Publishing (centos) $1 to S3: $S3_URL/$2/"
s3cmd -P sync "$1/" "$S3_URL/$2/" --exclude "*x86_64/*"
fi
if [[ -z "$SYNC" ]]; then
echo "Skipping publishing repo (centos)"
return 0
fi
# Sync the $2/x86_64 dir
echo "Publishing (centos) repo $1 to S3: $S3_URL/$2/"
s3cmd -P sync "$1/" "$S3_URL/$2/"
}
# Function to publish linux repos in s3, parameters:
# $1 - /path/to/package/
# $2 - repo
function publish_linux_s3 {
if [[ -d "$1" ]]; then
echo "Publishing (linux) $1 to S3: $S3_URL/$2/"
s3cmd -P sync "$1/" "$S3_URL/$2/" --exclude "*x86_64/*"
fi
}
# Function to publish debian repos in s3, parameters:
# $1 - /path/to/package/
# $2 - (trusty/precise) repo
function publish_debian_s3 {
VERSION=$2
if [[ -d "$1" ]]; then
echo "Publishing (debian) $1/ to S3: $S3_URL/$VERSION/"
s3cmd -P sync "$1/" "$S3_URL/$VERSION/"
fi
if [[ -z "$SYNC" ]]; then
echo "Skipping publishing repo (debian)"
return 0
fi
if [[ -d "$FREIGHT_CACHE/$VERSION" ]]; then
echo "Publishing $FREIGHT_CACHE/$VERSION/ to S3: $S3_URL/$VERSION/"
s3cmd -P sync $FREIGHT_CACHE/$VERSION/ "$S3_URL/$VERSION/" --exclude "*dists/*"
echo "Publishing $FREIGHT_CACHE/$VERSION/dists/$VERSION/ to S3: $S3_URL/$VERSION/dists/$VERSION/"
s3cmd -P sync $FREIGHT_CACHE/$VERSION/dists/$VERSION/ "$S3_URL/$VERSION/dists/$VERSION/" --delete-removed --exclude "*.refs*"
fi
}
# 'Remote' function to sign PKG packages (binaries/extensions), parameters:
# $1 - /path/to/package
function sign_osx_11 {
PKG11_FILE=$1
PKG11_NAME=`basename $1`
PKG11_PASSWORD=`cat ~/.keychain.key`
security unlock-keychain -p $PKG11_PASSWORD $PKG11_KEYCHAIN
echo "unlocked"
security default-keychain -s $PKG11_KEYCHAIN
echo "default"
log "Using identity '$PKG11_PACKAGE_IDENTITY' to sign: $PKG11_FILE"
log "Expanding package metadata and payload..."
mkdir -p $PKG11_WORKING_DIR
echo "need sudo"
sudo rm -rf $PKG11_WORKING_DIR/$PKG11_NAME
echo "finished sudo"
log "Expanding '$PKG11_FILE' into '$PKG11_WORKING_DIR/$PKG11_NAME'"
pkgutil --expand $PKG11_FILE $PKG11_WORKING_DIR/$PKG11_NAME
mkdir -p $PKG11_WORKING_DIR/$PKG11_NAME/root
pushd $PKG11_WORKING_DIR/$PKG11_NAME/root
# Extract the package payload.
log "Extracting package payload..."
cat ../Payload | gzip -d | cpio -id
# Find all binary executables.
BINARIES=`find . -type f -perm -u+x | xargs file | grep Mach-O | awk -F: '{print $1}'`
for BIN in $BINARIES; do
if [[ $BIN != "" ]]; then
log "Signing binary: $BIN"
codesign --keychain $PKG11_KEYCHAIN -s "$PKG11_BINARY_IDENTITY" --timestamp "$BIN" || true
fi
done
# Find all kernel extensions.
KEXTS=`find . -type d | grep -E ".*ext$" || true`
for EXT in ${KEXTS}; do
if [[ $EXT != "" ]]; then
log "Signing kernel extension: $EXT"
codesign --keychain $PKG11_KEYCHAIN -s "$PKG11_EXTENSION_IDENTITY" --timestamp "$EXT" || true
fi
done
# Regenerate the package payload.
log "Regenerating package payload..."
sudo chown -R root:wheel .
find . | cpio -o --format odc | gzip -c > ../Payload
popd
# Regenerate the package bill of materials.
rm $PKG11_WORKING_DIR/$PKG11_NAME/Bom
mkbom $PKG11_WORKING_DIR/$PKG11_NAME/root $PKG11_WORKING_DIR/$PKG11_NAME/Bom
sudo rm -rf $PKG11_WORKING_DIR/$PKG11_NAME/root
# Regenerate the package.
log "Rebuilding package with signed binaries: $PKG11_NAME.rebuilt"
pkgutil --flatten $PKG11_WORKING_DIR/$PKG11_NAME $PKG11_WORKING_DIR/$PKG11_NAME.rebuilt
# Sign the package itself
log "Signing package: $PKG11_WORKING_DIR/$PKG11_NAME.signed"
productsign --keychain $PKG11_KEYCHAIN --sign "$PKG11_PACKAGE_IDENTITY" \
--timestamp $PKG11_WORKING_DIR/$PKG11_NAME.rebuilt $PKG11_WORKING_DIR/$PKG11_NAME.signed
mv $PKG11_WORKING_DIR/$PKG11_NAME.signed $PKG11_REPO/$PKG11_NAME
rm -rf $PKG11_WORKING_DIR/$PKG11_NAME*
}
# Function to sign DEB packages, parameters:
# $1 - /path/to/package
function sign_deb {
#echo "Sign DEB $1"
debsigs --sign=origin -k $GPG_KEY "$1"
}
# Function to sign RPM packages, parameters:
# $1 - /path/to/package
function sign_rpm {
#echo "Sign RPM $1"
# .rpmmacros should be in the target directory
./rpm_sign.exp "$1"
rpm -qivp "$1" | grep -i $GPG_KEY
}
# Function to copy last packages to distribute static links in s3
# $1 - /path/to/local_packages
# $2 - /path/to/repository
# $3 - type of package
function last_package {
# Create new last osquery-latest
OSQUERY_LATEST="$(ls -lt "$1" | grep "osquery[-_][0-9].*\.$3" | head -1 | awk '{print $9}')"
cp "$1/$OSQUERY_LATEST" "$2/osquery.$3"
cp "$1/$OSQUERY_LATEST" "$2/osquery-latest.$3"
}
# Process PKGs for OSX 10.11, parameters:
# $1 - package name
function process_pkg11 {
#echo "executed process_pkg11 $1"
# Get and log new packages
#retrieve_last "$1" "$PKG11_PROCESSED" "PKG" "$PKG11_DIR" "$PKG11_URL" "$2"
# Sign package if not done already
PKG_already_signed=$(signed_already "$1" "$PKG11_SIGNED")
if [[ $PKG_already_signed = "not" ]]; then
log "PKG: $1 has not been signed, signining..."
if [[ "$1" =~ "rpm" ]]; then
sign_rpm "$PKG11_DIR/$1"
else
sign_osx_11 "$PKG11_DIR/$1"
fi
else
return 0
fi
update_signed "$1" "$PKG11_SIGNED"
# Update last package
if [[ "$1" =~ "rpm" ]]; then
cp "$PKG11_DIR/$1" $PKG11_REPO/
last_package "$PKG11_DIR" "$PKG11_REPO" "rpm"
else
last_package "$PKG11_REPO" "$PKG11_REPO" "pkg"
fi
}
# Process DEBs for deb (universal), parameters:
# $1 - package name
function process_deb {
# Get and log new packages
FILENAME="$1"
# Sign package if not done already
DEB_deb_already_signed=$(signed_already "$FILENAME" "$DEB_SIGNED")
if [[ $DEB_deb_already_signed = "not" ]]; then
log "DEB(all): $FILENAME has not been signed, signining..."
sign_deb "$DEB_DIR/$FILENAME"
else
return 0
fi
# NEW: Update freight repository
cp "$DEB_DIR/$1" $DEB_REPO/
freight add -c $FREIGHT_CONFIGS/freight.deb.conf "$DEB_DIR/$FILENAME" apt/deb
freight cache -c $FREIGHT_CONFIGS/freight.deb.conf
update_signed "$1" "$DEB_SIGNED"
# Update last package
last_package "$DEB_DIR" "$DEB_REPO" "deb"
}
# Process RPMs, parameters:
# $1 - package name
function process_rpm {
# Sign package if not done already
RPM_rpm_already_signed=$(signed_already "$1" "$RPM_SIGNED")
if [[ $RPM_rpm_already_signed = "not" ]]; then
log "RPM (all): $1 has not been signed, signining..."
sign_rpm "$RPM_DIR/$1"
else
return 0
fi
# Update repository
cp "$RPM_DIR/$1" $RPM_REPO/
cp "$RPM_DIR/$1" $RPM_REPO/x86_64
for a in $RPM_REPO/x86_64
do
createrepo -v --update $a/
done
update_signed "$1" "$RPM_SIGNED"
# Update last package
last_package "$RPM_DIR" "$RPM_REPO" "rpm"
}
# Process TARs for Linux, parameters:
# $1 - package name
function process_linux {
# Sign package if not done already
TAR_already_signed=$(signed_already "$1" "$LINUX_SIGNED")
if [[ $TAR_already_signed = "not" ]]; then
log "TAR (all): $1 has not been signed, signining..."
# sign_rpm "$RPM_DIR/$1"
else
return 0
fi
# Update repository
cp "$LINUX_DIR/$1" $LINUX_REPO/
update_signed "$1" "$LINUX_SIGNED"
# Update last package
# last_package "$LINUX_DIR" "$LINUX_REPO" "rpm"
}
# Here is where the magic happens!
declare -a SYSTEM
declare -A SYSTEM_STAGE
declare -A SYSTEM_TYPE
declare -A SYSTEM_FUNCTION
declare -A SYSTEM_REPO
SYSTEM[0]="darwin"
SYSTEM_TYPE["darwin"]="pkg"
SYSTEM_STAGE["darwin"]=$PKG11_DIR
SYSTEM_FUNCTION["darwin"]=process_pkg11
SYSTEM_REPO["darwin"]=$PKG11_REPO
SYSTEM[2]="deb"
SYSTEM_TYPE["deb"]="deb"
SYSTEM_STAGE["deb"]=$DEB_DIR
SYSTEM_FUNCTION["deb"]=process_deb
SYSTEM_REPO["deb"]=$DEB_REPO
SYSTEM[3]="rpm"
SYSTEM_TYPE["rpm"]="rpm"
SYSTEM_STAGE["rpm"]=$RPM_DIR
SYSTEM_FUNCTION["rpm"]=process_rpm
SYSTEM_REPO["rpm"]=$RPM_REPO
SYSTEM[4]="linux"
SYSTEM_TYPE["linux"]="tar"
SYSTEM_STAGE["linux"]=$LINUX_DIR
SYSTEM_FUNCTION["linux"]=process_linux
SYSTEM_REPO["linux"]=$LINUX_REPO
for S in "${SYSTEM[@]}"
do
echo "Enumerating packages for $S in ${SYSTEM_STAGE[$S]}..."
for FILE in `ls "${SYSTEM_STAGE[$S]}/"`; do
${SYSTEM_FUNCTION[$S]} "$FILE"
done
# Now publish the results for this platform
if [[ "${SYSTEM_TYPE[$S]}" = "deb" ]]; then
publish_debian_s3 ${SYSTEM_REPO[$S]} "$S"
true
elif [[ "${SYSTEM_TYPE[$S]}" = "rpm" && ! "$S" = "darwin" ]]; then
publish_centos_s3 ${SYSTEM_REPO[$S]} "$S"
true
elif [[ "${SYSTEM_TYPE[$S]}" = "tar" ]]; then
publish_linux_s3 ${SYSTEM_REPO[$S]} "$S"
true
else
publish_s3 ${SYSTEM_REPO[$S]} "$S"
true
fi
echo ""
#fi
done
exit 0
#!/usr/bin/expect -f
spawn rpm -D "__gpg /usr/local/bin/gpg" -D "_signature gpg" -D "_gpg_name osquery (osquery) <osquery@fb.com>" --addsign {*}$argv
expect -exact "Enter pass phrase: " {
send -- "\r"
expect eof
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment