From the initial commit in this project, this script has included a last
step driven by the '--sign' option, which may have been a placeholder
for some intended feature that as far as I can tell hasn't been
implemented at any point in the project's history.
Looking at builds that will involve different, or multiple, containers.
Probably makes more sense to set up and tear down containers after VM is
built.
Preferring ssh-agent forwarding to copying user's ssh keys.
As a bonus, ansible tasks don't need to know or care about the name or
path of the user's ssh private key file, and the configuration is
simplified.
A user may have set GNUPGHOME to a location other than
$HOME/.gnupg and if they have, we should let gpg use that location.
gpg already defaults to $HOME/.gnupg if GNUPGHOME isn't set.
commands using local_action were inheriting a global setting of "become: yes" and attempting to run using sudo. This resulted in password prompts that halted ansible execution.
If the grep for gpg_key_id fails to match we will have an exit code of 1 which by
default will cause the task to fail. According to the README, using a gpg key is considered optional. So we don't want the build to halt in this case.
This option tells gpg to use a colon-separated output format intended for parsing
by scripts rather than reading by humans. From my experience it is also less likely
to truncate the key id we are grepping for here, which would cause the grep
command to miss the key id, even when it exists in the key database.
This is a compound command, piping the output of a call to gpg2 to the input of
a call to grep. This is the type of instruction that requires a shell to interpret, so use
the 'shell' module.
Tasks using this module should be more immutable rather than failing
when these partitions have already been removed.
Also remove parted from dependencies in gitian section
since it is required earlier in the 'common' section
* Changes method for setting trust level of GPG keys
* Import keys but don't use Ansible git verify_commit
Per an upstream Ansible bug, verifying signed tags is not supported yet.
Also removes non-working scp.sh script.
Updates README to explain how to run gverify.
Changes zcash_version to v1.0.0-rc2
The VirtualBox VM is running tight on available space with nearly 100% usage.
This frees things up a bit by cleaning the apt cache after Gitian installation.
Don't use depth: 1 or ignore_errors in git tasks.
Commit history is nice, and since you can't do most things without the
repositories, we should fail closed upon errors.
Creates variable for 'gitian_builder_url', so we can switch out @ageis's fork
with the official @devrandom repo once a pending pull request is merged.
Changes default zcash_version to 'master' in defaults/main.yml.
Charlie O'Keefe
Charlie O'Keefe
bitcartel
Kevin Gallagher
Kevin M. Gallagher