Code polish and readme update

Janez Justin · Janez Justin · commit 7e27b1ce73af · 2017-08-14T09:27:04.000+02:00
diff --git a/Makefile_example b/Makefile_example
@@ -1,9 +1,9 @@
-NAME			:= pkgname
-URL 			:= https://InsertUrl.here
-DESC 			:= "description"
-MAINTAINER 		:= "Maintainer name"
-LICENSE 		:= "License here"
-DEPENDENCIES	:= "" #Add dependencies here and add '-d $(DEPENDENCIES)' to fpm in pkg/% block
+NAME         = pkgname
+URL          = https://InsertUrl.here
+DESC         = "description"
+MAINTAINER   = "Maintainer name"
+LICENSE      = "License here"
+DEPENDENCIES = "" #Add dependencies here and add '-d $(DEPENDENCIES)' to fpm in pkg/% block
 
 PKGDIR          := ./pkg
 VERSION         ?= $(shell cat ./VERSION)
diff --git a/README.md b/README.md
@@ -12,4 +12,4 @@ Both folders contain more detailed info on setting up S3 bucket and lambda funct
 
 It is possible to automate deployment of packages by combining this repository with Travis CI.
 
-Examples of `.travis.yml` and `Makefile` used for autamatic deployment of go project can be found in repository
+Examples of `.travis.yml` and `Makefile` used for automatic deployment of go project can be found in repository
diff --git a/deb/Makefile b/deb/Makefile
@@ -1,10 +1,18 @@
-ZIPPED			:= s3apt.py gnupg.py debian/*
+ZIPPED_FILES := s3apt.py requirements/gnupg.py # files to compress in root of zip
+ZIPPED_DIR   := debian # folders to compress to root of zip
 
+all: requires package
 
-set: requires package
+help: ## displays this message
+	@grep -E '^[a-zA-Z_/%\-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
 
-requires:
-	pip install -t . -r requirements.txt
-	
-package:
-	zip code.zip $(ZIPPED)
+requires: ## installs required packages
+	pip install -t ./requirements -r requirements.txt
+
+package: ## creates zip of code
+	zip -j code.zip $(ZIPPED_FILES)
+	cd requirements && zip -r ../code.zip $(ZIPPED_DIR)
+
+clean: ## cleans up the repository
+	/bin/rm -rf code.zip
+	/bin/rm -rf ./requirements
diff --git a/deb/README.md b/deb/README.md
@@ -1,38 +1,48 @@
-
 #  AWS Lambda APT repository manager for S3
 
 Rewrite of [szinck/s3apt](https://github.com/szinck/s3apt) with a few changes and extra features - Release file is being generated and is signed with GPG key provided
 
-## Setting up S3 and Lambda
+## Readme contents
+
+* [Setting up code, S3 and Lambda](#setting-up-code-s3-and-lambda)
+    * [Getting the code](#getting-the-code)
+    * [GPG key](#gpg-key)
+    * [Environmental variables](#environmental-variables)
+    * [Set up role](#set-up-role)
+    * [Set up lambda with CLI](#set-up-lambda-with-cli)
+    * [Set up lambda manually](#set-up-lambda-manually)
+    * [The triggers](#the-triggers)
+    * [Set up S3](#set-up-s3)
+* [Setting up apt](#setting-up-apt)
+* [Notes](#notes)
+
+## Setting up code, S3 and Lambda
 
-Clone the repo and get all other required files
+### Getting the code
+Clone the repo, get all other required files and compress them
 ```
 git clone https://github.com/tactycal/lambdaRepos.git
 cd lambdaRepos/deb
-pip install -t . -r requirements.txt
+make all
 ```
 
-Compress all needed files
+### GPG key
+create your gpg key (skip to exporting your key, if you already have it)
 ```
-zip code.zip s3apt.py gnupg.py debian/*
+gpg --gen-key
+# Follow the instructions
+# Create 'RSA and RSA' key - option 1
+# For maxium encryption it is recommended to make 4096 bits long key
+# Key should not expire
 ```
-Or just use `make set` instead of `zip` and `pip` command
 
-Presuming you already have GPG key generated export secret key (you can skip this part if you don't want to GPG sign your repository)
+export your key
+
 ```
-gpg -a --export-secret-key > secret.key
+gpg --export-secret-key -a "User Name" > secret.key  # exports secret key to secret.key
 ```
 
-Create new lambda function, set handler to **s3apt.lambda_handler**, runtime to **python 2.7** and triggers to:
-
- * Object Created(All), suffix 'deb'
- * Object Removed(All), suffix 'deb'
- * If you are using certain directory as a repo, set it as prefix
-
-Upload `code.zip` to lambda function
-
-Set the environmental variables
-
+### Environmental variables
 | Key | Value |
 | --- | ---|
 | PUBLIC | True/False |
@@ -51,10 +61,59 @@ Set the environmental variables
 
 **CACHE_PREFIX** Path to folder for packages cache(e.g. deb/cache)
 
+### Set up role
+
+Create new role with s3 write/read access
+
+Here is a minimal requirement for the policy that is included in role:
+```
+{"Version": "2012-10-17",
+    "Statement": [
+        {"Sid": "<THIS IS UNIQE>",
+            "Action": [
+                "s3:GetObject",
+                "s3:PutObject",
+                "s3:PutObjectAcl"],
+            "Effect": "Allow",
+            "Resource": "arn:aws:s3:::<YOUR BUCKET NAME>/*"}]}
+```
+
+### Set up lambda with CLI
+
+[Install aws cli](http://docs.aws.amazon.com/cli/latest/userguide/installing.html)
+
+Create new lambda function:
+```
+aws lambda create-function \
+    --function-name <name the function> \
+    --zip-file fileb://code.zip \
+    --role <role's arn> \    # arn from role with S3 read/write access
+    --handler s3apt.handler \
+    --runtime python2.7 \
+# Replace '<...>' with environmental variables
+    --environment Variables='{PUBLIC=<bool>, GPG_KEY=<file>, GPG_PASS=<password>, BUCKET_NAME=<bucket name>, CACHE_PREFIX=<dir>}'
+```
+
+### Set up lambda manually
+
+If CLI is not your thing, then you can upload code manaully
+
+Create new lambda function, set handler to **s3apt.lambda_handler**, runtime to **python 2.7**
+
+Upload `code.zip` to lambda function
+
+### The triggers
+
+ * Object Created(All), suffix 'deb'
+ * Object Removed(All), suffix 'deb'
+ * If you are using certain directory as a repo, set it as prefix
+
+### Set up S3
 Make folder in your S3 bucket with the same name as CACHE_PREFIX variable
 
 Upload secret key file to location you specified as GPG_KEY
 
+
 Upload .deb file to desired folder, lambda function should now keep your repository up to date
 
 ## Setting up apt
@@ -77,8 +136,6 @@ sudo apt upgrade
 
 ## Notes
 
-.deb, Release and Package files are and should be publicly accessible for previously mentioned method of setting up apt's sources list to work, if you don't want them to be, then change PUBLIC in environment variables to False and refer to szinck's guide [here](http://webscale.plumbing/managing-apt-repos-in-s3-using-lambda)
-
-If somebody tries to inject a malicious deb file in your repo it will be automaticly added to repository. It is your job to make bucket secure enough for this not to happen.!!!
-
-**You should change lambda timeout to 10 seconds or more to make sure that function will work**
+ * .deb, Release and Package files are and should be publicly accessible for previously mentioned method of setting up apt's sources list to work, if you don't want them to be, then change PUBLIC in environment variables to False and refer to szinck's guide [here](http://webscale.plumbing/managing-apt-repos-in-s3-using-lambda)
+ * If somebody tries to inject a malicious deb file in your repo it will be automaticly added to repository. It is your job to make bucket secure enough for this not to happen.!!!
+ * **You should change lambda timeout to more than 10 seconds to make sure that function will work**
diff --git a/deb/s3apt.py b/deb/s3apt.py
@@ -34,7 +34,7 @@ def lambda_handler(event, context):
         build_release_file(prefix)
     
         #Sign Release file
-        if not os.environ['GPG_KEY']=='':
+        if os.environ['GPG_KEY']!='':
             sign_release_file(prefix)
 
 
@@ -223,24 +223,36 @@ def get_package_index_hash(prefix):
 def build_release_file(prefix):
     """
     gets info from Package, get the sums and puts them into file
+
+    Releasefile layout:
+    '''
+    Date: <Day of the week>, DD Mmm YYYY HH:MM:SS UTC
+    MD5sum:
+    <md5sum>  <(17 - length of size) spaces> <size> Packages
+    SHA1:
+    <sha1>  <(17 - length of size) spaces> <size> Packages
+    SHA256:
+    <sha256>  <(17 - length of size) spaces> <size> Packages
+    '''
     """
     s3 = boto3.client('s3')
     release_file = ""
     s3.download_file(os.environ['BUCKET_NAME'], prefix + "Packages", '/tmp/Packages')
     md5, sha1, sha256 = checksums("/tmp/Packages")
 
-    time = 'Date: ' + strftime("%a, %d %b %Y %X UTC", gmtime())
+    date = 'Date: ' + strftime("%a, %d %b %Y %X UTC", gmtime())
     stat = os.stat("/tmp/Packages")
-    release_file = release_file +(time + '\nMD5sum:\n ' + md5)
+
+    release_file += (date + '\nMD5sum:\n ' + md5)
     for i in range(0,17-len(str(stat.st_size))):
-        release_file = release_file +(' ')
-    release_file = release_file +(str(stat.st_size) + ' Packages\nSHA1:\n '+sha1 )
+        release_file +=(' ')
+    release_file +=("%d Packages\nSHA1:\n %s" %(stat.st_size, sha1))
     for i in range(0,17-len(str(stat.st_size))):
-        release_file = release_file +(' ')
-    release_file = release_file +(str(stat.st_size) + ' Packages\nSHA256:\n '+sha256 )
+        release_file +=(' ')
+    release_file +=("%d Packages\nSHA256:\n %s" %(stat.st_size, sha256 ))
     for i in range(0,17-len(str(stat.st_size))):
-        release_file = release_file +(' ')
-    release_file = release_file +(str(stat.st_size) + ' Packages')
+        release_file +=(' ')
+    release_file +=('%d Packages' % stat.st_size)
 
     s3 = boto3.resource('s3')
 

Original file line number	Diff line number	Diff line change
`@@ -12,4 +12,4 @@ Both folders contain more detailed info on setting up S3 bucket and lambda funct`
`12`	`12`
`13`	`13`	`It is possible to automate deployment of packages by combining this repository with Travis CI.`
`14`	`14`
`15`		-Examples of `.travis.yml` and `Makefile` used for autamatic deployment of go project can be found in repository
	`15`	+Examples of `.travis.yml` and `Makefile` used for automatic deployment of go project can be found in repository