Automated signing fixes
This commit is contained in:
parent
e14cbf3cca
commit
c8778ff790
|
@ -0,0 +1,4 @@
|
|||
#!/usr/bin/make -f
|
||||
%:
|
||||
dh $@
|
||||
|
|
@ -0,0 +1,109 @@
|
|||
##
|
||||
# Extra checks, because we do not use autoconf. Set extra_check to false if it is bothering you.
|
||||
##
|
||||
|
||||
extra_check = true
|
||||
go_min_version = 1.8.3
|
||||
gpg_key = 2122CBE9
|
||||
|
||||
ifeq ($(extra_check),true)
|
||||
ifndef GOPATH
|
||||
$(error GOPATH not set)
|
||||
else
|
||||
go_version := $(shell go version | sed "s/^.* go\([0-9\.]*\) .*$$/\1/" )
|
||||
$(info Found go version $(go_version))
|
||||
go_version_check := $(shell echo -e "$(go_min_version)\n$(go_version)" | sort -V | head -1)
|
||||
ifneq ($(go_min_version),$(go_version_check))
|
||||
$(error go version go_min_version or above is required)
|
||||
endif
|
||||
endif
|
||||
gpg_check := $(shell gpg -K | grep '/$(gpg_key) ' | sed 's,^.*/\($(gpg_key)\) .*$$,\1,')
|
||||
ifneq ($(gpg_check),$(gpg_key))
|
||||
$(error GPG key not found. Add key ID $(gpg_key) to gpg-agent)
|
||||
else
|
||||
$(info GPG key $(gpg_key) found)
|
||||
endif
|
||||
endif
|
||||
|
||||
###
|
||||
# Here comes the real deal
|
||||
###
|
||||
|
||||
binaries = tendermint basecoin ethermint
|
||||
build-binaries = build-tendermint build-basecoin build-ethermint
|
||||
package-binaries = package-tendermint package-basecoin package-ethermint
|
||||
|
||||
all: $(binaries)
|
||||
build: $(build-binaries)
|
||||
package: $(package-binaries)
|
||||
$(binaries): %: build-% package-% ;
|
||||
|
||||
###
|
||||
# Building the binaries is not in the spec file, because in the spec file you already need to know the version number
|
||||
###
|
||||
|
||||
build-tendermint:
|
||||
$(info Building tendermint)
|
||||
go get -u github.com/tendermint/tendermint/cmd/tendermint
|
||||
|
||||
build-basecoin:
|
||||
$(info Building basecoin)
|
||||
go get -u github.com/tendermint/basecoin/cmd/basecoin
|
||||
$(info Building basecli)
|
||||
go get -u github.com/tendermint/basecoin/cmd/basecli
|
||||
|
||||
build-ethermint:
|
||||
$(info Building ethermint)
|
||||
go get -d -u github.com/tendermint/ethermint/cmd/ethermint
|
||||
$(MAKE) -C $(GOPATH)/src/github.com/tendermint/ethermint get_vendor_deps
|
||||
$(MAKE) -C $(GOPATH)/src/github.com/tendermint/ethermint build
|
||||
cp $(GOPATH)/src/github.com/tendermint/ethermint/build/ethermint $(GOPATH)/bin
|
||||
|
||||
prepare-spec-%: $(GOPATH)/bin/%
|
||||
$(info Preparing build for $*)
|
||||
if [ -z "$(BUILD_NUMBER)" ]; then echo "BUILD_NUMBER not set" ; false ; fi
|
||||
mkdir -p tmp
|
||||
$(eval $*_version=$(shell $< version | cut -d- -f1 ))
|
||||
echo "Version: $($*_version)" > SPECS/$*.spec
|
||||
echo "Release: $(BUILD_NUMBER)" >> SPECS/$*.spec
|
||||
|
||||
package-tendermint: prepare-spec-tendermint
|
||||
$(info Packaging tendermint version $(tendermint_version))
|
||||
|
||||
package-basecoin: prepare-spec-basecoin
|
||||
$(info Packaging basecoin version $(basecoin_version))
|
||||
|
||||
package-ethermint: prepare-spec-ethermint ;
|
||||
$(info Packaging ethermint version $(ethermint_version))
|
||||
|
||||
install-%:
|
||||
#Make sure your host has the IAM role to read/write the S3 bucket OR that you set up ~/.boto
|
||||
fail
|
||||
aws s3 sync s3://tendermint-packages/debian/ tmp/s3/
|
||||
mkdir -p tmp/s3/XXXXXX/7/cr/x86_64/Packages
|
||||
cp -r RPMS/x86_64/$** tmp/s3/7/cr/x86_64/Packages
|
||||
cp ./RPM-GPG-KEY-Tendermint tmp/s3/7/os/x86_64/
|
||||
cp ./tendermint.repo tmp/s3/7/os/x86_64/
|
||||
cp ./tendermint-dev.repo tmp/s3/7/cr/x86_64/
|
||||
createrepo tmp/s3/7/cr/x86_64/Packages -u http://tendermint-packages.s3-website-us-west-1.amazonaws.com/centos/7/cr/x86_64/Packages -o tmp/s3/7/cr/x86_64 --update -S --repo Tendermint --content tendermint --content basecoin --content ethermint
|
||||
#Asks about overwrite
|
||||
gpg --clearsign tmp/s3/7/cr/x86_64/repodata/repomd.xml
|
||||
aws s3 sync tmp/s3/ s3://tendermint-packages/centos/ --acl public-read
|
||||
|
||||
mostlyclean:
|
||||
rm -rf {BUILDROOT,SOURCES,SPECS,SRPMS,tmp}
|
||||
|
||||
clean: mostlyclean
|
||||
rm -rf {BUILD,RPMS}
|
||||
|
||||
distclean: clean
|
||||
rm -rf $(GOPATH)/src/github.com/tendermint/tendermint
|
||||
rm -rf $(GOPATH)/src/github.com/tendermint/basecoin
|
||||
rm -rf $(GOPATH)/src/github.com/tendermint/ethermint
|
||||
rm -rf $(GOPATH)/bin/tendermint
|
||||
rm -rf $(GOPATH)/bin/basecoin
|
||||
rm -rf $(GOPATH)/bin/basecli
|
||||
rm -rf $(GOPATH)/bin/ethermint
|
||||
|
||||
.PHONY : clean
|
||||
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1 @@
|
|||
2.0
|
|
@ -19,10 +19,13 @@ endif
|
|||
endif
|
||||
gpg_check := $(shell gpg -K | grep '/$(gpg_key) ' | sed 's,^.*/\($(gpg_key)\) .*$$,\1,')
|
||||
ifneq ($(gpg_check),$(gpg_key))
|
||||
$(error GPG key not found. Add key ID $(gpg_key) to gpg-agent)
|
||||
$(error GPG key $(gpg_key) not found.)
|
||||
else
|
||||
$(info GPG key $(gpg_key) found)
|
||||
endif
|
||||
ifndef GPG_PASSPHRASE
|
||||
$(error GPG_PASSPHRASE not set)
|
||||
endif
|
||||
endif
|
||||
|
||||
###
|
||||
|
@ -70,15 +73,18 @@ prepare-spec-%: $(GOPATH)/bin/%
|
|||
|
||||
package-tendermint: prepare-spec-tendermint
|
||||
$(info Packaging tendermint version $(tendermint_version))
|
||||
rpmbuild -bb SPECS/tendermint.spec --sign
|
||||
rpmbuild -bb SPECS/tendermint.spec
|
||||
./sign RPMS/x86_64/tendermint-$(tendermint_version)-$$BUILD_NUMBER.x86_64.rpm
|
||||
|
||||
package-basecoin: prepare-spec-basecoin
|
||||
$(info Packaging basecoin version $(basecoin_version))
|
||||
rpmbuild -bb SPECS/basecoin.spec --sign
|
||||
rpmbuild -bb SPECS/basecoin.spec
|
||||
./sign RPMS/x86_64/basecoin-$(basecoin_version)-$$BUILD_NUMBER.x86_64.rpm
|
||||
|
||||
package-ethermint: prepare-spec-ethermint ;
|
||||
$(info Packaging ethermint version $(ethermint_version))
|
||||
rpmbuild -bb SPECS/ethermint.spec --sign
|
||||
rpmbuild -bb SPECS/ethermint.spec
|
||||
./sign RPMS/x86_64/ethermint-$(ethermint_version)-$$BUILD_NUMBER.x86_64.rpm
|
||||
|
||||
install-%:
|
||||
#Make sure your host has the IAM role to read/write the S3 bucket OR that you set up ~/.boto
|
||||
|
@ -90,7 +96,8 @@ install-%:
|
|||
cp ./tendermint-dev.repo tmp/s3/7/cr/x86_64/
|
||||
createrepo tmp/s3/7/cr/x86_64/Packages -u http://tendermint-packages.s3-website-us-west-1.amazonaws.com/centos/7/cr/x86_64/Packages -o tmp/s3/7/cr/x86_64 --update -S --repo Tendermint --content tendermint --content basecoin --content ethermint
|
||||
#Asks about overwrite
|
||||
gpg --clearsign tmp/s3/7/cr/x86_64/repodata/repomd.xml
|
||||
#TODO: make this more secure
|
||||
gpg --batch --passphrase "$(GPG_PASSPHRASE)" --clearsign tmp/s3/7/cr/x86_64/repodata/repomd.xml
|
||||
aws s3 sync tmp/s3/ s3://tendermint-packages/centos/ --acl public-read
|
||||
|
||||
mostlyclean:
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
#!/usr/bin/expect -f
|
||||
set timeout 3
|
||||
set PACKAGE [lindex $argv 0]
|
||||
set GPG_PASSPHRASE $env(GPG_PASSPHRASE)
|
||||
|
||||
if {[llength $argv] == 0} {
|
||||
send_user "Usage: ./sign <rpm_package>\n"
|
||||
exit 1
|
||||
}
|
||||
|
||||
send_user "\nSigning $PACKAGE\n"
|
||||
spawn rpmsign --resign $PACKAGE
|
||||
expect {
|
||||
timeout { send_user "\nTimeout signing $PACKAGE\n"; exit 1 }
|
||||
"Enter pass phrase:"
|
||||
}
|
||||
send "$GPG_PASSPHRASE\r"
|
||||
expect {
|
||||
timeout { send_user "\nTimeout signing $PACKAGE\n"; exit 1 }
|
||||
"Pass phrase is good."
|
||||
}
|
||||
interact
|
||||
|
|
@ -32,13 +32,13 @@ cd %{name}-%{version}
|
|||
|
||||
%{__cp} $GOPATH/bin/%{name} $GOPATH/bin/basecli .%{_bindir}
|
||||
%{__cp} $GOPATH/src/github.com/tendermint/%{name}/LICENSE .%{_defaultlicensedir}/%{name}
|
||||
%{__cp} extrafiles/%{name}/genesis.json .%{_sysconfdir}/%{name}/genesis.json
|
||||
%{__cp} extrafiles/%{name}/tendermint-config.toml .%{_sysconfdir}/%{name}/tendermint/config.toml
|
||||
%{__cp} extrafiles/%{name}/%{name}.service .%{_sysconfdir}/systemd/system/%{name}.service
|
||||
%{__cp} extrafiles/%{name}/%{name}-server.service .%{_sysconfdir}/systemd/system/%{name}-server.service
|
||||
%{__cp} extrafiles/%{name}/50-%{name}.preset .%{_sysconfdir}/systemd/system-preset/50-%{name}.preset
|
||||
%{__cp} extrafiles/%{name}/key.json .%{_datadir}/%{name}/key.json
|
||||
%{__cp} extrafiles/%{name}/key2.json .%{_datadir}/%{name}/key2.json
|
||||
%{__cp} %{_topdir}/extrafiles/%{name}/genesis.json .%{_sysconfdir}/%{name}/genesis.json
|
||||
%{__cp} %{_topdir}/extrafiles/%{name}/tendermint-config.toml .%{_sysconfdir}/%{name}/tendermint/config.toml
|
||||
%{__cp} %{_topdir}/extrafiles/%{name}/%{name}.service .%{_sysconfdir}/systemd/system/%{name}.service
|
||||
%{__cp} %{_topdir}/extrafiles/%{name}/%{name}-server.service .%{_sysconfdir}/systemd/system/%{name}-server.service
|
||||
%{__cp} %{_topdir}/extrafiles/%{name}/50-%{name}.preset .%{_sysconfdir}/systemd/system-preset/50-%{name}.preset
|
||||
%{__cp} %{_topdir}/extrafiles/%{name}/key.json .%{_datadir}/%{name}/key.json
|
||||
%{__cp} %{_topdir}/extrafiles/%{name}/key2.json .%{_datadir}/%{name}/key2.json
|
||||
|
||||
%{__chmod} -Rf a+rX,u+w,g-w,o-w .
|
||||
|
||||
|
|
|
@ -26,16 +26,16 @@ test -d "$GOPATH"
|
|||
%{__mkdir_p} %{name}-%{version}
|
||||
cd %{name}-%{version}
|
||||
|
||||
%{__mkdir_p} .%{_bindir} .%{_defaultlicensedir}/%{name} .%{_sysconfdir}/%{name}/tendermint .%{_datadir}/%{name} .%{_sysconfdir}/systemd/system .%{_sysconfdir}/systemd/system-preset
|
||||
%{__mkdir_p} .%{_bindir} .%{_defaultlicensedir}/%{name} .%{_sysconfdir}/%{name}/tendermint .%{_sysconfdir}/systemd/system .%{_sysconfdir}/systemd/system-preset
|
||||
|
||||
%{__cp} $GOPATH/bin/%{name} .%{_bindir}
|
||||
%{__cp} $GOPATH/src/github.com/tendermint/%{name}/LICENSE .%{_defaultlicensedir}/%{name}
|
||||
%{__cp} $GOPATH/src/github.com/tendermint/%{name}/dev/genesis.json .%{_sysconfdir}/%{name}/genesis.json
|
||||
%{__cp} -r $GOPATH/src/github.com/tendermint/%{name}/dev/keystore .%{_sysconfdir}/%{name}
|
||||
%{__cp} extrafiles/%{name}/tendermint-config.toml .%{_sysconfdir}/%{name}/tendermint/config.toml
|
||||
%{__cp} extrafiles/%{name}/%{name}.service .%{_sysconfdir}/systemd/system/%{name}.service
|
||||
%{__cp} extrafiles/%{name}/%{name}-server.service .%{_sysconfdir}/systemd/system/%{name}-server.service
|
||||
%{__cp} extrafiles/%{name}/50-%{name}.preset .%{_sysconfdir}/systemd/system-preset/50-%{name}.preset
|
||||
%{__cp} %{_topdir}/extrafiles/%{name}/tendermint-config.toml .%{_sysconfdir}/%{name}/tendermint/config.toml
|
||||
%{__cp} %{_topdir}/extrafiles/%{name}/%{name}.service .%{_sysconfdir}/systemd/system/%{name}.service
|
||||
%{__cp} %{_topdir}/extrafiles/%{name}/%{name}-server.service .%{_sysconfdir}/systemd/system/%{name}-server.service
|
||||
%{__cp} %{_topdir}/extrafiles/%{name}/50-%{name}.preset .%{_sysconfdir}/systemd/system-preset/50-%{name}.preset
|
||||
|
||||
%{__chmod} -Rf a+rX,u+w,g-w,o-w .
|
||||
|
||||
|
@ -87,8 +87,6 @@ systemctl daemon-reload
|
|||
%{_bindir}/*
|
||||
%{_sysconfdir}/systemd/system/*
|
||||
%{_sysconfdir}/systemd/system-preset/*
|
||||
%dir %{_datadir}/%{name}
|
||||
%{_datadir}/%{name}/*
|
||||
%dir %{_defaultlicensedir}/%{name}
|
||||
%doc %{_defaultlicensedir}/%{name}/LICENSE
|
||||
|
||||
|
|
Loading…
Reference in New Issue