spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kris Deugau <kdeu...@vianet.ca>
Subject Re: Spamassassin using remote rules definition source?
Date Tue, 11 Dec 2018 15:14:05 GMT
Kevin A. McGrail wrote:
> On 12/10/2018 2:49 PM, Kris Deugau wrote:
>> The master/reference files are stored in a Subversion repository.
>> Commits to particular paths trigger the creation of the tarball, SHA*
>> hash files, and GPG signature.  A cron job on our DNS master server
>> polls the repository to see if any of the paths have a higher
>> last-changed revision, and update the DNS subzone if so.
> 
> Nice.  I'd like to see your svn commit hook scripts if you can share.

The full script also updates some custom ClamAV signature workspaces (I 
happen to have local ClamAV signatures in the same repository), but the 
SA bits are below.  It could arguably use several kinds of error checking.

Watch for word wrap.

-kgd

====

#!/bin/bash
# Checks to see if updates were made to the prod/ or leanrules/ directories,
# if so, it pushes out the files necessary for sa-update to snag
# DNS updates are handled via polled pull rather than push

REPO="$1"
REV="$2"

PATH=/bin:/usr/bin

WEBROOT=/path/to/webroot

echo $REV >$WEBROOT/workspace/lastcommit

# check for changes within prod/
PRODCHG=`svnlook changed -r $REV $REPO |grep -c prod/.`

if [ "$PRODCHG" -gt 0 ]; then
   echo $REV >$WEBROOT/workspace/main/rev

   cd $WEBROOT/workspace/main
   svn up -q -r $REV

   tar -c *.cf |gzip >$WEBROOT/updates/$REV.tar.gz
   sha1sum $WEBROOT/updates/$REV.tar.gz > $WEBROOT/updates/$REV.tar.gz.sha1
   sha256sum $WEBROOT/updates/$REV.tar.gz > 
$WEBROOT/updates/$REV.tar.gz.sha256
   sha512sum $WEBROOT/updates/$REV.tar.gz > 
$WEBROOT/updates/$REV.tar.gz.sha512

   cd $WEBROOT/updates
   gpg --homedir /path/to/webroot/gpghome -s -b -a $REV.tar.gz
fi

# check for changes within leanrules/
PRODCHG=`svnlook changed -r $REV $REPO |grep -c leanrules/.`

if [ "$PRODCHG" -gt 0 ]; then
   echo $REV >$WEBROOT/workspace/lean/rev

   cd $WEBROOT/workspace/lean
   svn up -q -r $REV

   tar -c *.cf |gzip >$WEBROOT/lean/$REV.tar.gz
   sha1sum $WEBROOT/lean/$REV.tar.gz > $WEBROOT/lean/$REV.tar.gz.sha1
   sha256sum $WEBROOT/lean/$REV.tar.gz > $WEBROOT/lean/$REV.tar.gz.sha256
   sha512sum $WEBROOT/lean/$REV.tar.gz > $WEBROOT/lean/$REV.tar.gz.sha512

   cd $WEBROOT/lean
   gpg --homedir /path/to/webroot/gpghome -s -b -a $REV.tar.gz
fi

====


Mime
View raw message