Import keys but don't use Ansible git verify_commit
Per an upstream Ansible bug, verifying signed tags is not supported yet. Also removes non-working scp.sh script. Updates README to explain how to run gverify. Changes zcash_version to v1.0.0-rc2
This commit is contained in:
parent
6deb09e5db
commit
51326851c2
|
@ -58,9 +58,6 @@ gpg_key_id: ''
|
||||||
|
|
||||||
# OPTIONAL set to import your SSH key into the VM. Example: id_rsa, id_ed25519. Assumed to reside in ~/.ssh
|
# OPTIONAL set to import your SSH key into the VM. Example: id_rsa, id_ed25519. Assumed to reside in ~/.ssh
|
||||||
ssh_key_name: ''
|
ssh_key_name: ''
|
||||||
|
|
||||||
# Set to true in order to verify signed git tags while cloning Zcash. Developer public keys will be imported to the Vagrant user's GPG keyring.
|
|
||||||
git_verify_sigs: false
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Make sure VirtualBox, Vagrant and Ansible are installed, and then run:
|
Make sure VirtualBox, Vagrant and Ansible are installed, and then run:
|
||||||
|
@ -88,6 +85,8 @@ Generating and uploading signatures
|
||||||
|
|
||||||
After the build successfully completes, `gsign` will be called. Commit and push your signatures (both the .assert and .assert.sig files) to the [zcash/gitian.sigs](https://github.com/zcash/gitian.sigs) repository, or if that's not possible then create a pull request.
|
After the build successfully completes, `gsign` will be called. Commit and push your signatures (both the .assert and .assert.sig files) to the [zcash/gitian.sigs](https://github.com/zcash/gitian.sigs) repository, or if that's not possible then create a pull request.
|
||||||
|
|
||||||
|
Signatures can be verified by running `gitian-build.sh --verify`, but set `build=false` in the script to skip building. Run a `git pull` beforehand on `gitian.sigs` so you have the latest. The provisioning includes a task which imports Zcash developer public keys to the Vagrant user's keyring and sets them to ultimately trusted, but they can also be found at `contrib/gitian-downloader` within the Zcash source repository.
|
||||||
|
|
||||||
Working with GPG and SSH
|
Working with GPG and SSH
|
||||||
--------------------------
|
--------------------------
|
||||||
|
|
||||||
|
@ -109,7 +108,7 @@ Vagrant synced folders may also work natively with `vboxfs` if you install Virtu
|
||||||
Copying files
|
Copying files
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
You can use the provided script `scp.sh`. Another way to do it is with a plugin.
|
The easiest way to do it is with a plugin.
|
||||||
|
|
||||||
vagrant plugin install vagrant-scp
|
vagrant plugin install vagrant-scp
|
||||||
|
|
||||||
|
|
|
@ -4,13 +4,12 @@
|
||||||
hosts: localhost:zcash-build
|
hosts: localhost:zcash-build
|
||||||
vars:
|
vars:
|
||||||
zcash_git_repo_url: https://github.com/zcash/zcash
|
zcash_git_repo_url: https://github.com/zcash/zcash
|
||||||
zcash_version: v1.0.0-rc1
|
zcash_version: v1.0.0-rc2
|
||||||
gpg_key_name: ''
|
gpg_key_name: ''
|
||||||
git_name: ''
|
git_name: ''
|
||||||
git_email: ''
|
git_email: ''
|
||||||
gpg_key_id: '' # optional
|
gpg_key_id: '' # optional
|
||||||
ssh_key_name: '' # optional
|
ssh_key_name: '' # optional
|
||||||
git_verify_sigs: true
|
|
||||||
roles:
|
roles:
|
||||||
- role: common
|
- role: common
|
||||||
tags: common
|
tags: common
|
||||||
|
|
|
@ -9,7 +9,6 @@ zcash_gitian_sigs_repo: https://github.com/zcash/gitian.sigs
|
||||||
zcash_version: master
|
zcash_version: master
|
||||||
gitian_host_ip: 10.0.2.15
|
gitian_host_ip: 10.0.2.15
|
||||||
lxc_guest_ip: 10.0.3.5
|
lxc_guest_ip: 10.0.3.5
|
||||||
git_verify_sigs: false
|
|
||||||
zcash_developer_pubkeys:
|
zcash_developer_pubkeys:
|
||||||
- name: nathan
|
- name: nathan
|
||||||
id: ED417FBE79C99E8C
|
id: ED417FBE79C99E8C
|
||||||
|
|
|
@ -129,9 +129,8 @@
|
||||||
force: yes
|
force: yes
|
||||||
become_user: "{{ gitian_user }}"
|
become_user: "{{ gitian_user }}"
|
||||||
|
|
||||||
- include: verify.yml
|
- include: keys.yml
|
||||||
tags: verify
|
tags: keys
|
||||||
when: git_verify_sigs == true
|
|
||||||
|
|
||||||
- name: Clone git repository for Zcash.
|
- name: Clone git repository for Zcash.
|
||||||
git:
|
git:
|
||||||
|
@ -139,7 +138,6 @@
|
||||||
dest: "/home/{{ gitian_user }}/zcash"
|
dest: "/home/{{ gitian_user }}/zcash"
|
||||||
version: "{{ zcash_version }}"
|
version: "{{ zcash_version }}"
|
||||||
force: yes
|
force: yes
|
||||||
verify_commit: "{% if git_verify_sigs == true %}yes{% else %}no{% endif %}"
|
|
||||||
become_user: "{{ gitian_user }}"
|
become_user: "{{ gitian_user }}"
|
||||||
|
|
||||||
- name: Clone git repository for Gitian signatures.
|
- name: Clone git repository for Gitian signatures.
|
||||||
|
|
Loading…
Reference in New Issue