From 070dedf591c8cc1a02b0c6bc80806ae2028561b2 Mon Sep 17 00:00:00 2001 From: Alessandro Passaro Date: Wed, 22 Nov 2023 15:31:43 +0000 Subject: [PATCH 1/3] Add scripts to validate a release package Signed-off-by: Alessandro Passaro --- package/validate/test-mount-s3.sh | 12 +++++ package/validate/validate-deb-ubuntu.sh | 16 +++++++ package/validate/validate-gzip-al2.sh | 19 ++++++++ package/validate/validate-rpm-al2.sh | 16 +++++++ package/validate/validate.py | 60 +++++++++++++++++++++++++ 5 files changed, 123 insertions(+) create mode 100755 package/validate/test-mount-s3.sh create mode 100755 package/validate/validate-deb-ubuntu.sh create mode 100755 package/validate/validate-gzip-al2.sh create mode 100755 package/validate/validate-rpm-al2.sh create mode 100644 package/validate/validate.py diff --git a/package/validate/test-mount-s3.sh b/package/validate/test-mount-s3.sh new file mode 100755 index 000000000..dc5adbd10 --- /dev/null +++ b/package/validate/test-mount-s3.sh @@ -0,0 +1,12 @@ +#! /bin/sh +set -e + +echo +echo "Show installed version:" +mount-s3 --version + +echo +echo "Mount and list top-level content of bucket: $BUCKET" +mkdir ~/mnt +mount-s3 "$BUCKET" ~/mnt --no-sign-request +ls ~/mnt \ No newline at end of file diff --git a/package/validate/validate-deb-ubuntu.sh b/package/validate/validate-deb-ubuntu.sh new file mode 100755 index 000000000..274d84240 --- /dev/null +++ b/package/validate/validate-deb-ubuntu.sh @@ -0,0 +1,16 @@ +#! /bin/sh +set -e + +apt-get -qq update -y && apt-get -qq install -y wget gpg +cd /tmp + +wget https://s3.amazonaws.com/mountpoint-s3-release/$VERSION/$ARCH/mount-s3-$VERSION-$ARCH.deb +wget https://s3.amazonaws.com/mountpoint-s3-release/$VERSION/$ARCH/mount-s3-$VERSION-$ARCH.deb.asc + +wget https://s3.amazonaws.com/mountpoint-s3-release/public_keys/KEYS +gpg --import KEYS +gpg --verify mount-s3-$VERSION-$ARCH.deb.asc mount-s3-$VERSION-$ARCH.deb + +apt-get install -y ./mount-s3-$VERSION-$ARCH.deb + +. $(dirname "$0")/test-mount-s3.sh \ No newline at end of file diff --git a/package/validate/validate-gzip-al2.sh b/package/validate/validate-gzip-al2.sh new file mode 100755 index 000000000..688407fa9 --- /dev/null +++ b/package/validate/validate-gzip-al2.sh @@ -0,0 +1,19 @@ +#! /bin/sh +set -e + +yum update -y && yum install -y wget gpg tar gzip +cd /tmp + +wget https://s3.amazonaws.com/mountpoint-s3-release/$VERSION/$ARCH/mount-s3-$VERSION-$ARCH.tar.gz +wget https://s3.amazonaws.com/mountpoint-s3-release/$VERSION/$ARCH/mount-s3-$VERSION-$ARCH.tar.gz.asc + +wget https://s3.amazonaws.com/mountpoint-s3-release/public_keys/KEYS +gpg --import KEYS +gpg --verify mount-s3-$VERSION-$ARCH.tar.gz.asc mount-s3-$VERSION-$ARCH.tar.gz + +tar -zxvf mount-s3-$VERSION-$ARCH.tar.gz +cp bin/mount-s3 /usr/bin/ +# install Mountpoint dependencies manually +yum install -y fuse fuse-devel + +. $(dirname "$0")/test-mount-s3.sh \ No newline at end of file diff --git a/package/validate/validate-rpm-al2.sh b/package/validate/validate-rpm-al2.sh new file mode 100755 index 000000000..c05371f21 --- /dev/null +++ b/package/validate/validate-rpm-al2.sh @@ -0,0 +1,16 @@ +#! /bin/sh +set -e + +yum update -y && yum install -y wget gpg +cd /tmp + +wget https://s3.amazonaws.com/mountpoint-s3-release/$VERSION/$ARCH/mount-s3-$VERSION-$ARCH.rpm +wget https://s3.amazonaws.com/mountpoint-s3-release/$VERSION/$ARCH/mount-s3-$VERSION-$ARCH.rpm.asc + +wget https://s3.amazonaws.com/mountpoint-s3-release/public_keys/KEYS +gpg --import KEYS +gpg --verify mount-s3-$VERSION-$ARCH.rpm.asc mount-s3-$VERSION-$ARCH.rpm + +yum install -y mount-s3-$VERSION-$ARCH.rpm + +. $(dirname "$0")/test-mount-s3.sh \ No newline at end of file diff --git a/package/validate/validate.py b/package/validate/validate.py new file mode 100644 index 000000000..ab76d9d43 --- /dev/null +++ b/package/validate/validate.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python3 + +""" +Script for validating a Mountpoint release package. + +This script validates the RPM and DEB packages and the gzip archive built for a Mountpoint release. +""" + +import argparse +import os +import subprocess + +def validate(args: argparse.Namespace) -> str: + """Top-level driver.""" + + package=f"{args.artifact}-{args.os}" + if package == "deb-ubuntu": + image = "ubuntu/ubuntu:20.04" + elif package == "rpm-al2" or package == "gzip-al2": + image = "amazonlinux/amazonlinux:2" + else: + raise Exception(f"unsupported OS {args.os} for {args.artifact}. Supported combinations are: deb-ubuntu, rpm-al2, gzip-al2") + + print("Validating Mountpoint Release Package") + print(f"\tVersion: {args.version}") + print(f"\tArch: {args.arch}") + print(f"\tOS: {args.os}") + print(f"\tArtifact: {args.artifact}") + print(f"\tBucket: {args.bucket}") + print("\n") + + full_image = f"public.ecr.aws/{image}" + validate_script = f"validate-{package}.sh" + scripts_dir = os.path.dirname(os.path.realpath(__file__)) + + subprocess.run(["docker", "pull", full_image]) + subprocess.run(["docker", + "run", + "--rm", + "--cap-add=SYS_ADMIN", + "--device=/dev/fuse", + f"-v={scripts_dir}:/scripts", + f"--env=ARCH={args.arch}", + f"--env=VERSION={args.version}", + f"--env=BUCKET={args.bucket}", + full_image, + "/bin/bash", + f"/scripts/{validate_script}"]) + +if __name__ == "__main__": + p = argparse.ArgumentParser() + p.add_argument("--version", help="the version number for the Mountpoint release", required=True) + p.add_argument("--arch", help="the architecture to validate", required=True, choices=["x86_64", "arm64"]) + p.add_argument("--artifact", help="the artifact to validate", required=True, choices=["deb", "rpm", "gzip"]) + p.add_argument("--os", help="the OS to validate on", required=True, choices=["ubuntu", "al2"]) + p.add_argument("--bucket", help="the public bucket to mount", required=True) + + args = p.parse_args() + + validate(args) From 52f9afea26beb11262549e0c81689a23dd89aee1 Mon Sep 17 00:00:00 2001 From: Alessandro Passaro Date: Wed, 22 Nov 2023 17:09:50 +0000 Subject: [PATCH 2/3] Set executable bit Signed-off-by: Alessandro Passaro --- package/validate/validate.py | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 package/validate/validate.py diff --git a/package/validate/validate.py b/package/validate/validate.py old mode 100644 new mode 100755 From 29eca670824ffd4bdec86b8e8e46aafac7b4a623 Mon Sep 17 00:00:00 2001 From: Alessandro Passaro Date: Wed, 22 Nov 2023 17:10:10 +0000 Subject: [PATCH 3/3] Add minimal readme Signed-off-by: Alessandro Passaro --- package/validate/README.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 package/validate/README.md diff --git a/package/validate/README.md b/package/validate/README.md new file mode 100644 index 000000000..57bc29c53 --- /dev/null +++ b/package/validate/README.md @@ -0,0 +1,9 @@ +# Validation of a Release Package + +The scripts in this directory can be used to validate the artifacts for a released version of Mountpoint. + +The `validate.py` python script validates the RPM and DEB packages and the gzip archive for the given Mountpoint release. The script runs a docker container for the specified OS, downloads the Mountpoint package, verifies its signature, and proceeds to installs it. Then, it will use the installed binary to mount the specified bucket and list its content. + +To see the available options, run: + + python3 validate.py --help