build_aci

#!/usr/bin/env bash
#
# Builds an ACI containing a go implementation of an ACE validator
#
set -eu

PREFIX="ace"
: ${NO_SIGNATURE=}
GOOS="$(go env GOOS)"
GOARCH="$(go env GOARCH)"

if ! [[ $0 =~ "${PREFIX}/build_aci" ]]; then 
	echo "invoke from repository root" 1>&2
	exit 255
fi

if ! [[ -f "bin/ace-validator" ]]; then 
	./build
fi

for typ in main sidekick; do 
	layoutdir="bin/ace-${typ}-layout"
	mkdir -p ${layoutdir}/rootfs/opt/acvalidator
	cp bin/ace-validator ${layoutdir}/rootfs/
	sed -e "s/@GOOS@/$GOOS/" -e "s/@GOARCH@/$GOARCH/" < ${PREFIX}/image_manifest_${typ}.json.in > ${layoutdir}/manifest
	# now build the tarball, and sign it
	pushd ${layoutdir} >/dev/null
		# Set a consistent timestamp so we get a consistent hash
		# TODO(jonboulle): make this cleaner..
		for path in rootfs rootfs/ace-validator; do
			touch -a -m -d 1970-01-01T00:00:00Z ${path}
		done
		../actool build --overwrite ./ ../ace-validator-${typ}.aci
		# TODO(jonboulle): create uncompressed instead, then gzip?
		HASH=sha512-$(gzip -d -f ../ace-validator-${typ}.aci -c | openssl dgst -sha512 -hex -r | awk '{print $1}')
		if [ -z "$NO_SIGNATURE" ] ; then
			gpg --cipher-algo AES256 --armor --output ace-validator-${typ}.aci.asc --detach-sig ../ace-validator-${typ}.aci
			mv ace-validator-${typ}.aci.asc ../
		fi
	popd >/dev/null
	echo "Wrote ${typ} layout to      ${layoutdir}"
	echo "Wrote unsigned ${typ} ACI   bin/ace-validator-${typ}.aci"
	ln -s ${PWD}/bin/ace-validator-${typ}.aci bin/${HASH}
	echo "Wrote ${typ} layout hash    bin/${HASH}"
	if [ -f "bin/ace-validator-${typ}.aci.asc" ]; then
		echo "Wrote ${typ} ACI signature  bin/ace-validator-${typ}.aci.asc"
	fi
done