From fa427c1e4d85e7b5bb2fcd5f961aceaebc53d024 Mon Sep 17 00:00:00 2001 From: Paul Belanger Date: Tue, 4 Apr 2017 12:38:02 -0400 Subject: [PATCH] Attempt to validate repomd.xml for EPEL Try to validate our local repomd.xml file with released version, if the checksum does not match, we don't release our mirror. Change-Id: If2ca9cc0f48e0e75adf808ffa6860209495129ba Signed-off-by: Paul Belanger --- .../openstack_project/files/mirror/epel-mirror-update.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/openstack_project/files/mirror/epel-mirror-update.sh b/modules/openstack_project/files/mirror/epel-mirror-update.sh index 4c531b9569..b4747f37fe 100755 --- a/modules/openstack_project/files/mirror/epel-mirror-update.sh +++ b/modules/openstack_project/files/mirror/epel-mirror-update.sh @@ -37,7 +37,12 @@ $K5START rsync -rlptDvz \ --exclude="x86_64/repoview" \ $MIRROR/$REPO/ $BASE/$REPO/ -# TODO(pabelanger): Validate rsync process +# NOTE(pabelanger): Validate repomd.xml with upstream release version, this is +# to help protect when our upstream mirror (mirrors.kernel.org) is out of sync +# with its upstream mirror. +REPOMD="x86_64/repodata/repomd.xml" +SHA1SUM=`curl -s https://dl.fedoraproject.org/pub/epel/7/$REPOMD | sha1sum | cut -d' ' -f1` +echo "$SHA1SUM $BASE/$REPO/$REPOMD" | sha1sum -c - date --iso-8601=ns | $K5START tee $BASE/timestamp.txt echo "rsync completed successfully, running vos release."