From 57440bd26d1d38b303eac17b1c21730f504d702d Mon Sep 17 00:00:00 2001 From: Jeremy Rand Date: Mon, 22 Feb 2021 07:49:40 +0000 Subject: [PATCH 1/7] Cirrus: Upload artifacts of "release" project --- .cirrus.yml | 10 ++++++++++ tools/cirrus_gen_yml.sh | 5 +++++ 2 files changed, 15 insertions(+) diff --git a/.cirrus.yml b/.cirrus.yml index f676336..a443d24 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -404,6 +404,8 @@ release_linux_x86_64_release_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh release release linux x86_64 1" + binaries_artifacts: + path: "release/**/*" depends_on: - "release_linux_x86_64_plain-binaries_1" @@ -813,6 +815,8 @@ release_linux_i686_release_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh release release linux i686 1" + binaries_artifacts: + path: "release/**/*" depends_on: - "release_linux_i686_plain-binaries_1" @@ -1222,6 +1226,8 @@ release_windows_x86_64_release_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh release release windows x86_64 1" + binaries_artifacts: + path: "release/**/*" depends_on: - "release_windows_x86_64_plain-binaries_1" @@ -1631,6 +1637,8 @@ release_windows_i686_release_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh release release windows i686 1" + binaries_artifacts: + path: "release/**/*" depends_on: - "release_windows_i686_plain-binaries_1" @@ -2040,6 +2048,8 @@ release_osx_x86_64_release_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh release release osx x86_64 1" + binaries_artifacts: + path: "release/**/*" depends_on: - "release_osx_x86_64_plain-binaries_1" diff --git a/tools/cirrus_gen_yml.sh b/tools/cirrus_gen_yml.sh index c7822e9..9ba56e3 100755 --- a/tools/cirrus_gen_yml.sh +++ b/tools/cirrus_gen_yml.sh @@ -112,6 +112,11 @@ print_os_arch () { build_script: - \"./tools/cirrus_build_project.sh ${PROJECT_BASE} ${CHANNEL} ${OS} ${ARCH} 1\"" + if [[ "$PROJECT" == "release.1" ]]; then + echo " binaries_artifacts: + path: \"${CHANNEL}/**/*\"" + fi + # Depend on previous project if [[ "$PROJECT" == "compiler.1" ]]; then echo " depends_on: From 07e64cb093d8f7e3e3426bc41920ba923b406725 Mon Sep 17 00:00:00 2001 From: Jeremy Rand Date: Mon, 22 Feb 2021 10:59:02 +0000 Subject: [PATCH 2/7] plain-binaries: switch to tar.xz output to match upstream Tor --- projects/plain-binaries/build | 2 +- projects/plain-binaries/config | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/plain-binaries/build b/projects/plain-binaries/build index 649ce69..936d915 100644 --- a/projects/plain-binaries/build +++ b/projects/plain-binaries/build @@ -11,5 +11,5 @@ tar -C /var/tmp/dist/[% project %] -xf [% c('input_files_by_name/ncprop279') %] cd $distdir [% c('tar', { tar_src => [ '.' ], - tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'), + tar_args => '-cJf ' _ dest_dir _ '/' _ c('filename'), }) %] diff --git a/projects/plain-binaries/config b/projects/plain-binaries/config index 8f54a05..e84472a 100644 --- a/projects/plain-binaries/config +++ b/projects/plain-binaries/config @@ -1,5 +1,5 @@ version: '[% c("var/ncdns_version") %]' -filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.xz' var: container: From 11eb4bdcf762135a65b45b344c8e3b320068e6f9 Mon Sep 17 00:00:00 2001 From: Jeremy Rand Date: Mon, 22 Feb 2021 19:19:50 +0000 Subject: [PATCH 3/7] plain-binaries: tweak output filename --- projects/plain-binaries/config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/plain-binaries/config b/projects/plain-binaries/config index e84472a..76dcc0e 100644 --- a/projects/plain-binaries/config +++ b/projects/plain-binaries/config @@ -1,5 +1,5 @@ -version: '[% c("var/ncdns_version") %]' -filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.xz' +version: '[% pc("ncdns", "version") %]' +filename: 'ncdns-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.xz' var: container: From 1474ef6f7f746201abd8e46b1856f7710501472f Mon Sep 17 00:00:00 2001 From: Jeremy Rand Date: Mon, 22 Feb 2021 21:19:46 +0000 Subject: [PATCH 4/7] Cirrus: Sign binaries with GPG --- .cirrus.yml | 355 +++++++++++++++++++++++++++++++++- tools/cirrus_build_project.sh | 9 + tools/cirrus_gen_yml.sh | 23 ++- 3 files changed, 378 insertions(+), 9 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index a443d24..1085ae2 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -82,6 +82,8 @@ release_linux_x86_64_gcc_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh gcc release linux x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_linux_x86_64_download" @@ -128,6 +130,8 @@ release_linux_x86_64_gcc_2_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh gcc release linux x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_linux_x86_64_gcc_1" @@ -174,6 +178,8 @@ release_linux_x86_64_goeasyconfig_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh goeasyconfig release linux x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_linux_x86_64_gcc_2" @@ -220,6 +226,8 @@ release_linux_x86_64_ncdns_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncdns release linux x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_linux_x86_64_goeasyconfig_1" @@ -266,6 +274,8 @@ release_linux_x86_64_ncp11_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncp11 release linux x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_linux_x86_64_ncdns_1" @@ -312,6 +322,8 @@ release_linux_x86_64_ncprop279_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncprop279 release linux x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_linux_x86_64_ncp11_1" @@ -358,10 +370,12 @@ release_linux_x86_64_plain-binaries_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh plain-binaries release linux x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_linux_x86_64_ncprop279_1" -release_linux_x86_64_release_1_docker_builder: +release_linux_x86_64_release_nosign_docker_builder: timeout_in: 120m out_release_linux_x86_64_cache: folder: out @@ -406,6 +420,61 @@ release_linux_x86_64_release_1_docker_builder: - "./tools/cirrus_build_project.sh release release linux x86_64 1" binaries_artifacts: path: "release/**/*" + env: + SIGN_BUILD: 0 + only_if: $CIRRUS_REPO_OWNER != "namecoin" + depends_on: + - "release_linux_x86_64_plain-binaries_1" + +release_linux_x86_64_release_sign_docker_builder: + timeout_in: 120m + out_release_linux_x86_64_cache: + folder: out + fingerprint_script: + - "echo out_release_linux_x86_64" + reupload_on_changes: true + populate_script: + - "mkdir -p out" + out1_release_linux_x86_64_cache: + folder: out_cache1 + fingerprint_script: + - "echo out1_release_linux_x86_64" + reupload_on_changes: true + populate_script: + - "mkdir -p out_cache1" + git_release_linux_x86_64_cache: + folder: git_clones + fingerprint_script: + - "echo git_release_linux_x86_64" + reupload_on_changes: true + populate_script: + - "mkdir -p git_clones" + interrupted_aa_release_linux_x86_64_cache: + folder: tmp/interrupted_dirs.tar.gz.partaa.folder + fingerprint_script: + - "echo interrupted_aa_release_linux_x86_64" + reupload_on_changes: true + interrupted_ab_release_linux_x86_64_cache: + folder: tmp/interrupted_dirs.tar.gz.partab.folder + fingerprint_script: + - "echo interrupted_ab_release_linux_x86_64" + reupload_on_changes: true + interrupted_ac_release_linux_x86_64_cache: + folder: tmp/interrupted_dirs.tar.gz.partac.folder + fingerprint_script: + - "echo interrupted_ac_release_linux_x86_64" + reupload_on_changes: true + checkpoint_background_script: + - sleep 110m + - ./tools/container-interrupt.sh + build_script: + - "./tools/cirrus_build_project.sh release release linux x86_64 1" + binaries_artifacts: + path: "release/**/*" + only_if: $CIRRUS_REPO_OWNER == "namecoin" + env: + SIGN_BUILD: 1 + SIGN_KEY: ENCRYPTED[33d4594d76774e6447dfd9fabee90f6214b34e209fa1c1c2ce93ed1a40447a235b013b78afe85db52d5561651a821be1] depends_on: - "release_linux_x86_64_plain-binaries_1" @@ -493,6 +562,8 @@ release_linux_i686_gcc_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh gcc release linux i686 1" + env: + SIGN_BUILD: 0 depends_on: - "release_linux_i686_download" @@ -539,6 +610,8 @@ release_linux_i686_gcc_2_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh gcc release linux i686 1" + env: + SIGN_BUILD: 0 depends_on: - "release_linux_i686_gcc_1" @@ -585,6 +658,8 @@ release_linux_i686_goeasyconfig_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh goeasyconfig release linux i686 1" + env: + SIGN_BUILD: 0 depends_on: - "release_linux_i686_gcc_2" @@ -631,6 +706,8 @@ release_linux_i686_ncdns_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncdns release linux i686 1" + env: + SIGN_BUILD: 0 depends_on: - "release_linux_i686_goeasyconfig_1" @@ -677,6 +754,8 @@ release_linux_i686_ncp11_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncp11 release linux i686 1" + env: + SIGN_BUILD: 0 depends_on: - "release_linux_i686_ncdns_1" @@ -723,6 +802,8 @@ release_linux_i686_ncprop279_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncprop279 release linux i686 1" + env: + SIGN_BUILD: 0 depends_on: - "release_linux_i686_ncp11_1" @@ -769,10 +850,63 @@ release_linux_i686_plain-binaries_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh plain-binaries release linux i686 1" + env: + SIGN_BUILD: 0 depends_on: - "release_linux_i686_ncprop279_1" -release_linux_i686_release_1_docker_builder: +release_linux_i686_release_nosign_docker_builder: + timeout_in: 120m + out_release_linux_i686_cache: + folder: out + fingerprint_script: + - "echo out_release_linux_i686" + reupload_on_changes: true + populate_script: + - "mkdir -p out" + out1_release_linux_i686_cache: + folder: out_cache1 + fingerprint_script: + - "echo out1_release_linux_i686" + reupload_on_changes: true + populate_script: + - "mkdir -p out_cache1" + git_release_linux_i686_cache: + folder: git_clones + fingerprint_script: + - "echo git_release_linux_i686" + reupload_on_changes: true + populate_script: + - "mkdir -p git_clones" + interrupted_aa_release_linux_i686_cache: + folder: tmp/interrupted_dirs.tar.gz.partaa.folder + fingerprint_script: + - "echo interrupted_aa_release_linux_i686" + reupload_on_changes: true + interrupted_ab_release_linux_i686_cache: + folder: tmp/interrupted_dirs.tar.gz.partab.folder + fingerprint_script: + - "echo interrupted_ab_release_linux_i686" + reupload_on_changes: true + interrupted_ac_release_linux_i686_cache: + folder: tmp/interrupted_dirs.tar.gz.partac.folder + fingerprint_script: + - "echo interrupted_ac_release_linux_i686" + reupload_on_changes: true + checkpoint_background_script: + - sleep 110m + - ./tools/container-interrupt.sh + build_script: + - "./tools/cirrus_build_project.sh release release linux i686 1" + binaries_artifacts: + path: "release/**/*" + env: + SIGN_BUILD: 0 + only_if: $CIRRUS_REPO_OWNER != "namecoin" + depends_on: + - "release_linux_i686_plain-binaries_1" + +release_linux_i686_release_sign_docker_builder: timeout_in: 120m out_release_linux_i686_cache: folder: out @@ -817,6 +951,10 @@ release_linux_i686_release_1_docker_builder: - "./tools/cirrus_build_project.sh release release linux i686 1" binaries_artifacts: path: "release/**/*" + only_if: $CIRRUS_REPO_OWNER == "namecoin" + env: + SIGN_BUILD: 1 + SIGN_KEY: ENCRYPTED[33d4594d76774e6447dfd9fabee90f6214b34e209fa1c1c2ce93ed1a40447a235b013b78afe85db52d5561651a821be1] depends_on: - "release_linux_i686_plain-binaries_1" @@ -904,6 +1042,8 @@ release_windows_x86_64_mingw-w64_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh mingw-w64 release windows x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_windows_x86_64_download" @@ -950,6 +1090,8 @@ release_windows_x86_64_mingw-w64_2_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh mingw-w64 release windows x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_windows_x86_64_mingw-w64_1" @@ -996,6 +1138,8 @@ release_windows_x86_64_goeasyconfig_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh goeasyconfig release windows x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_windows_x86_64_mingw-w64_2" @@ -1042,6 +1186,8 @@ release_windows_x86_64_ncdns_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncdns release windows x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_windows_x86_64_goeasyconfig_1" @@ -1088,6 +1234,8 @@ release_windows_x86_64_ncp11_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncp11 release windows x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_windows_x86_64_ncdns_1" @@ -1134,6 +1282,8 @@ release_windows_x86_64_ncprop279_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncprop279 release windows x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_windows_x86_64_ncp11_1" @@ -1180,10 +1330,12 @@ release_windows_x86_64_plain-binaries_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh plain-binaries release windows x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_windows_x86_64_ncprop279_1" -release_windows_x86_64_release_1_docker_builder: +release_windows_x86_64_release_nosign_docker_builder: timeout_in: 120m out_release_windows_x86_64_cache: folder: out @@ -1228,6 +1380,61 @@ release_windows_x86_64_release_1_docker_builder: - "./tools/cirrus_build_project.sh release release windows x86_64 1" binaries_artifacts: path: "release/**/*" + env: + SIGN_BUILD: 0 + only_if: $CIRRUS_REPO_OWNER != "namecoin" + depends_on: + - "release_windows_x86_64_plain-binaries_1" + +release_windows_x86_64_release_sign_docker_builder: + timeout_in: 120m + out_release_windows_x86_64_cache: + folder: out + fingerprint_script: + - "echo out_release_windows_x86_64" + reupload_on_changes: true + populate_script: + - "mkdir -p out" + out1_release_windows_x86_64_cache: + folder: out_cache1 + fingerprint_script: + - "echo out1_release_windows_x86_64" + reupload_on_changes: true + populate_script: + - "mkdir -p out_cache1" + git_release_windows_x86_64_cache: + folder: git_clones + fingerprint_script: + - "echo git_release_windows_x86_64" + reupload_on_changes: true + populate_script: + - "mkdir -p git_clones" + interrupted_aa_release_windows_x86_64_cache: + folder: tmp/interrupted_dirs.tar.gz.partaa.folder + fingerprint_script: + - "echo interrupted_aa_release_windows_x86_64" + reupload_on_changes: true + interrupted_ab_release_windows_x86_64_cache: + folder: tmp/interrupted_dirs.tar.gz.partab.folder + fingerprint_script: + - "echo interrupted_ab_release_windows_x86_64" + reupload_on_changes: true + interrupted_ac_release_windows_x86_64_cache: + folder: tmp/interrupted_dirs.tar.gz.partac.folder + fingerprint_script: + - "echo interrupted_ac_release_windows_x86_64" + reupload_on_changes: true + checkpoint_background_script: + - sleep 110m + - ./tools/container-interrupt.sh + build_script: + - "./tools/cirrus_build_project.sh release release windows x86_64 1" + binaries_artifacts: + path: "release/**/*" + only_if: $CIRRUS_REPO_OWNER == "namecoin" + env: + SIGN_BUILD: 1 + SIGN_KEY: ENCRYPTED[33d4594d76774e6447dfd9fabee90f6214b34e209fa1c1c2ce93ed1a40447a235b013b78afe85db52d5561651a821be1] depends_on: - "release_windows_x86_64_plain-binaries_1" @@ -1315,6 +1522,8 @@ release_windows_i686_mingw-w64_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh mingw-w64 release windows i686 1" + env: + SIGN_BUILD: 0 depends_on: - "release_windows_i686_download" @@ -1361,6 +1570,8 @@ release_windows_i686_mingw-w64_2_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh mingw-w64 release windows i686 1" + env: + SIGN_BUILD: 0 depends_on: - "release_windows_i686_mingw-w64_1" @@ -1407,6 +1618,8 @@ release_windows_i686_goeasyconfig_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh goeasyconfig release windows i686 1" + env: + SIGN_BUILD: 0 depends_on: - "release_windows_i686_mingw-w64_2" @@ -1453,6 +1666,8 @@ release_windows_i686_ncdns_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncdns release windows i686 1" + env: + SIGN_BUILD: 0 depends_on: - "release_windows_i686_goeasyconfig_1" @@ -1499,6 +1714,8 @@ release_windows_i686_ncp11_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncp11 release windows i686 1" + env: + SIGN_BUILD: 0 depends_on: - "release_windows_i686_ncdns_1" @@ -1545,6 +1762,8 @@ release_windows_i686_ncprop279_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncprop279 release windows i686 1" + env: + SIGN_BUILD: 0 depends_on: - "release_windows_i686_ncp11_1" @@ -1591,10 +1810,12 @@ release_windows_i686_plain-binaries_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh plain-binaries release windows i686 1" + env: + SIGN_BUILD: 0 depends_on: - "release_windows_i686_ncprop279_1" -release_windows_i686_release_1_docker_builder: +release_windows_i686_release_nosign_docker_builder: timeout_in: 120m out_release_windows_i686_cache: folder: out @@ -1639,6 +1860,61 @@ release_windows_i686_release_1_docker_builder: - "./tools/cirrus_build_project.sh release release windows i686 1" binaries_artifacts: path: "release/**/*" + env: + SIGN_BUILD: 0 + only_if: $CIRRUS_REPO_OWNER != "namecoin" + depends_on: + - "release_windows_i686_plain-binaries_1" + +release_windows_i686_release_sign_docker_builder: + timeout_in: 120m + out_release_windows_i686_cache: + folder: out + fingerprint_script: + - "echo out_release_windows_i686" + reupload_on_changes: true + populate_script: + - "mkdir -p out" + out1_release_windows_i686_cache: + folder: out_cache1 + fingerprint_script: + - "echo out1_release_windows_i686" + reupload_on_changes: true + populate_script: + - "mkdir -p out_cache1" + git_release_windows_i686_cache: + folder: git_clones + fingerprint_script: + - "echo git_release_windows_i686" + reupload_on_changes: true + populate_script: + - "mkdir -p git_clones" + interrupted_aa_release_windows_i686_cache: + folder: tmp/interrupted_dirs.tar.gz.partaa.folder + fingerprint_script: + - "echo interrupted_aa_release_windows_i686" + reupload_on_changes: true + interrupted_ab_release_windows_i686_cache: + folder: tmp/interrupted_dirs.tar.gz.partab.folder + fingerprint_script: + - "echo interrupted_ab_release_windows_i686" + reupload_on_changes: true + interrupted_ac_release_windows_i686_cache: + folder: tmp/interrupted_dirs.tar.gz.partac.folder + fingerprint_script: + - "echo interrupted_ac_release_windows_i686" + reupload_on_changes: true + checkpoint_background_script: + - sleep 110m + - ./tools/container-interrupt.sh + build_script: + - "./tools/cirrus_build_project.sh release release windows i686 1" + binaries_artifacts: + path: "release/**/*" + only_if: $CIRRUS_REPO_OWNER == "namecoin" + env: + SIGN_BUILD: 1 + SIGN_KEY: ENCRYPTED[33d4594d76774e6447dfd9fabee90f6214b34e209fa1c1c2ce93ed1a40447a235b013b78afe85db52d5561651a821be1] depends_on: - "release_windows_i686_plain-binaries_1" @@ -1726,6 +2002,8 @@ release_osx_x86_64_macosx-toolchain_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh macosx-toolchain release osx x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_osx_x86_64_download" @@ -1772,6 +2050,8 @@ release_osx_x86_64_macosx-toolchain_2_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh macosx-toolchain release osx x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_osx_x86_64_macosx-toolchain_1" @@ -1818,6 +2098,8 @@ release_osx_x86_64_goeasyconfig_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh goeasyconfig release osx x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_osx_x86_64_macosx-toolchain_2" @@ -1864,6 +2146,8 @@ release_osx_x86_64_ncdns_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncdns release osx x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_osx_x86_64_goeasyconfig_1" @@ -1910,6 +2194,8 @@ release_osx_x86_64_ncp11_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncp11 release osx x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_osx_x86_64_ncdns_1" @@ -1956,6 +2242,8 @@ release_osx_x86_64_ncprop279_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh ncprop279 release osx x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_osx_x86_64_ncp11_1" @@ -2002,10 +2290,63 @@ release_osx_x86_64_plain-binaries_1_docker_builder: - ./tools/container-interrupt.sh build_script: - "./tools/cirrus_build_project.sh plain-binaries release osx x86_64 1" + env: + SIGN_BUILD: 0 depends_on: - "release_osx_x86_64_ncprop279_1" -release_osx_x86_64_release_1_docker_builder: +release_osx_x86_64_release_nosign_docker_builder: + timeout_in: 120m + out_release_osx_x86_64_cache: + folder: out + fingerprint_script: + - "echo out_release_osx_x86_64" + reupload_on_changes: true + populate_script: + - "mkdir -p out" + out1_release_osx_x86_64_cache: + folder: out_cache1 + fingerprint_script: + - "echo out1_release_osx_x86_64" + reupload_on_changes: true + populate_script: + - "mkdir -p out_cache1" + git_release_osx_x86_64_cache: + folder: git_clones + fingerprint_script: + - "echo git_release_osx_x86_64" + reupload_on_changes: true + populate_script: + - "mkdir -p git_clones" + interrupted_aa_release_osx_x86_64_cache: + folder: tmp/interrupted_dirs.tar.gz.partaa.folder + fingerprint_script: + - "echo interrupted_aa_release_osx_x86_64" + reupload_on_changes: true + interrupted_ab_release_osx_x86_64_cache: + folder: tmp/interrupted_dirs.tar.gz.partab.folder + fingerprint_script: + - "echo interrupted_ab_release_osx_x86_64" + reupload_on_changes: true + interrupted_ac_release_osx_x86_64_cache: + folder: tmp/interrupted_dirs.tar.gz.partac.folder + fingerprint_script: + - "echo interrupted_ac_release_osx_x86_64" + reupload_on_changes: true + checkpoint_background_script: + - sleep 110m + - ./tools/container-interrupt.sh + build_script: + - "./tools/cirrus_build_project.sh release release osx x86_64 1" + binaries_artifacts: + path: "release/**/*" + env: + SIGN_BUILD: 0 + only_if: $CIRRUS_REPO_OWNER != "namecoin" + depends_on: + - "release_osx_x86_64_plain-binaries_1" + +release_osx_x86_64_release_sign_docker_builder: timeout_in: 120m out_release_osx_x86_64_cache: folder: out @@ -2050,6 +2391,10 @@ release_osx_x86_64_release_1_docker_builder: - "./tools/cirrus_build_project.sh release release osx x86_64 1" binaries_artifacts: path: "release/**/*" + only_if: $CIRRUS_REPO_OWNER == "namecoin" + env: + SIGN_BUILD: 1 + SIGN_KEY: ENCRYPTED[33d4594d76774e6447dfd9fabee90f6214b34e209fa1c1c2ce93ed1a40447a235b013b78afe85db52d5561651a821be1] depends_on: - "release_osx_x86_64_plain-binaries_1" diff --git a/tools/cirrus_build_project.sh b/tools/cirrus_build_project.sh index a20b447..65f1dce 100755 --- a/tools/cirrus_build_project.sh +++ b/tools/cirrus_build_project.sh @@ -61,6 +61,15 @@ fi #df -h if [[ "$SHOULD_BUILD" -eq 1 ]]; then + if [[ "$SIGN_BUILD" == "1" ]]; then + echo "Configuring signing key..." + sed -i "s/#sign_build: 1/sign_build: 1/g" rbm.local.conf + sed -i "s/#sign_build_gpg_opts: '--local-user XXXXXXXX'/sign_build_gpg_opts: '--local-user jeremy@namecoin.org'/g" rbm.local.conf + echo "$SIGN_KEY" | gpg --import + else + echo "Signing is disabled." + fi + echo "Building project..." # If rbm fails, we consider it a success as long as it saved a checkpoint. ./rbm/rbm build "$PROJECT" --target "$CHANNEL" --target ncdns-"$OS"-"$ARCH" || [ ! -z "$(ls -A ./tmp/interrupted_dirs/)" ] diff --git a/tools/cirrus_gen_yml.sh b/tools/cirrus_gen_yml.sh index 9ba56e3..e8f116f 100755 --- a/tools/cirrus_gen_yml.sh +++ b/tools/cirrus_gen_yml.sh @@ -51,7 +51,7 @@ print_os_arch () { echo "" # TODO fine-tune this list - for PROJECT in compiler.1 compiler.2 goeasyconfig.1 ncdns.1 ncp11.1 ncprop279.1 plain-binaries.1 release.1; do + for PROJECT in compiler.1 compiler.2 goeasyconfig.1 ncdns.1 ncp11.1 ncprop279.1 plain-binaries.1 release.nosign release.sign; do PROJECT_BASE=$(echo $PROJECT | cut -d . -f 1) if [[ "$PROJECT_BASE" == "compiler" ]]; then if [[ "$OS" == "android" ]]; then @@ -112,11 +112,24 @@ print_os_arch () { build_script: - \"./tools/cirrus_build_project.sh ${PROJECT_BASE} ${CHANNEL} ${OS} ${ARCH} 1\"" - if [[ "$PROJECT" == "release.1" ]]; then + if [[ "$PROJECT_BASE" == "release" ]]; then echo " binaries_artifacts: path: \"${CHANNEL}/**/*\"" fi + if [[ "$PROJECT_ITER" == "sign" ]]; then + echo ' only_if: $CIRRUS_REPO_OWNER == "namecoin"' + echo " env: + SIGN_BUILD: 1 + SIGN_KEY: ENCRYPTED[33d4594d76774e6447dfd9fabee90f6214b34e209fa1c1c2ce93ed1a40447a235b013b78afe85db52d5561651a821be1]" + else + echo " env: + SIGN_BUILD: 0" + fi + if [[ "$PROJECT_ITER" == "nosign" ]]; then + echo ' only_if: $CIRRUS_REPO_OWNER != "namecoin"' + fi + # Depend on previous project if [[ "$PROJECT" == "compiler.1" ]]; then echo " depends_on: @@ -126,8 +139,10 @@ print_os_arch () { - \"${CHANNEL}_${OS}_${ARCH}_${PREV_PROJECT_BASE}_${PREV_PROJECT_ITER}\"" fi - local PREV_PROJECT_BASE="$PROJECT_BASE" - local PREV_PROJECT_ITER="$PROJECT_ITER" + if [[ "$PROJECT_ITER" != "nosign" ]]; then + local PREV_PROJECT_BASE="$PROJECT_BASE" + local PREV_PROJECT_ITER="$PROJECT_ITER" + fi echo "" done } From 28d64955661267efc43b62fa4a19012ffb9f56ba Mon Sep 17 00:00:00 2001 From: Jeremy Rand Date: Mon, 22 Feb 2021 21:25:35 +0000 Subject: [PATCH 5/7] Set var/ncdns_version based on ncdns project --- projects/plain-binaries/config | 2 +- rbm.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/plain-binaries/config b/projects/plain-binaries/config index 76dcc0e..1d82b05 100644 --- a/projects/plain-binaries/config +++ b/projects/plain-binaries/config @@ -1,4 +1,4 @@ -version: '[% pc("ncdns", "version") %]' +version: '[% c("var/ncdns_version") %]' filename: 'ncdns-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.xz' var: diff --git a/rbm.conf b/rbm.conf index cd2f037..103dcbe 100644 --- a/rbm.conf +++ b/rbm.conf @@ -24,7 +24,7 @@ buildconf: git_signtag_opt: '-s' var: - ncdns_version: '10.5a10' + ncdns_version: '[% pc("ncdns", "version") %]' ncdns_build: 'build1' ncdns_incremental_from: - 10.5a8 From dc13cb977f2b87d31c196ffba6baed08bf04eb49 Mon Sep 17 00:00:00 2001 From: Jeremy Rand Date: Mon, 22 Feb 2021 22:51:50 +0000 Subject: [PATCH 6/7] Cirrus: Use env vars instead of conf vars for signing --- tools/cirrus_build_project.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/cirrus_build_project.sh b/tools/cirrus_build_project.sh index 65f1dce..748d689 100755 --- a/tools/cirrus_build_project.sh +++ b/tools/cirrus_build_project.sh @@ -63,8 +63,8 @@ fi if [[ "$SHOULD_BUILD" -eq 1 ]]; then if [[ "$SIGN_BUILD" == "1" ]]; then echo "Configuring signing key..." - sed -i "s/#sign_build: 1/sign_build: 1/g" rbm.local.conf - sed -i "s/#sign_build_gpg_opts: '--local-user XXXXXXXX'/sign_build_gpg_opts: '--local-user jeremy@namecoin.org'/g" rbm.local.conf + export RBM_SIGN_BUILD=1 + export RBM_GPG_OPTS="--local-user jeremy@namecoin.org" echo "$SIGN_KEY" | gpg --import else echo "Signing is disabled." From c8501ab9c6508630741bc60952c38f3342f9e032 Mon Sep 17 00:00:00 2001 From: Jeremy Rand Date: Mon, 22 Mar 2021 14:45:40 +0000 Subject: [PATCH 7/7] Cirrus: Set $HOME in signing VM --- .cirrus.yml | 5 +++++ tools/cirrus_gen_yml.sh | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index 1085ae2..aabe08c 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -475,6 +475,7 @@ release_linux_x86_64_release_sign_docker_builder: env: SIGN_BUILD: 1 SIGN_KEY: ENCRYPTED[33d4594d76774e6447dfd9fabee90f6214b34e209fa1c1c2ce93ed1a40447a235b013b78afe85db52d5561651a821be1] + HOME: /root depends_on: - "release_linux_x86_64_plain-binaries_1" @@ -955,6 +956,7 @@ release_linux_i686_release_sign_docker_builder: env: SIGN_BUILD: 1 SIGN_KEY: ENCRYPTED[33d4594d76774e6447dfd9fabee90f6214b34e209fa1c1c2ce93ed1a40447a235b013b78afe85db52d5561651a821be1] + HOME: /root depends_on: - "release_linux_i686_plain-binaries_1" @@ -1435,6 +1437,7 @@ release_windows_x86_64_release_sign_docker_builder: env: SIGN_BUILD: 1 SIGN_KEY: ENCRYPTED[33d4594d76774e6447dfd9fabee90f6214b34e209fa1c1c2ce93ed1a40447a235b013b78afe85db52d5561651a821be1] + HOME: /root depends_on: - "release_windows_x86_64_plain-binaries_1" @@ -1915,6 +1918,7 @@ release_windows_i686_release_sign_docker_builder: env: SIGN_BUILD: 1 SIGN_KEY: ENCRYPTED[33d4594d76774e6447dfd9fabee90f6214b34e209fa1c1c2ce93ed1a40447a235b013b78afe85db52d5561651a821be1] + HOME: /root depends_on: - "release_windows_i686_plain-binaries_1" @@ -2395,6 +2399,7 @@ release_osx_x86_64_release_sign_docker_builder: env: SIGN_BUILD: 1 SIGN_KEY: ENCRYPTED[33d4594d76774e6447dfd9fabee90f6214b34e209fa1c1c2ce93ed1a40447a235b013b78afe85db52d5561651a821be1] + HOME: /root depends_on: - "release_osx_x86_64_plain-binaries_1" diff --git a/tools/cirrus_gen_yml.sh b/tools/cirrus_gen_yml.sh index e8f116f..ed6f137 100755 --- a/tools/cirrus_gen_yml.sh +++ b/tools/cirrus_gen_yml.sh @@ -121,7 +121,8 @@ print_os_arch () { echo ' only_if: $CIRRUS_REPO_OWNER == "namecoin"' echo " env: SIGN_BUILD: 1 - SIGN_KEY: ENCRYPTED[33d4594d76774e6447dfd9fabee90f6214b34e209fa1c1c2ce93ed1a40447a235b013b78afe85db52d5561651a821be1]" + SIGN_KEY: ENCRYPTED[33d4594d76774e6447dfd9fabee90f6214b34e209fa1c1c2ce93ed1a40447a235b013b78afe85db52d5561651a821be1] + HOME: /root" else echo " env: SIGN_BUILD: 0"