Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: Version update for Fedora reproducible build #7916

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

ci: Version update for Fedora reproducible build #7916

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ jobs:
fail-fast: false # Let each build finish.
matrix:
target:
- 'bin-Fedora-28-amd64'
- 'bin-Fedora'
- 'bin-Ubuntu-focal'
- 'bin-Ubuntu-jammy'
- 'bin-Ubuntu-noble'
Expand Down
2 changes: 1 addition & 1 deletion doc/contribute-to-core-lightning/release-checklist.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ Here's a checklist for the release process.
8. Push the tag to the remote repository `git push --tags`.
9. Create a new release draft for `v<VERSION>.<POINT_VERSION>` on GitHub, ensuring to check the `Set as a pre-release` option.
10. Execute the script contrib/cl-repro.sh for the [Builder image setup](https://docs.corelightning.org/docs/repro#builder-image-setup). This will generate the builder images `cl-repro-<codename>` needed for the next step.
11. Run the following script to prepare the required builds `tools/build-release.sh bin-Fedora-28-amd64 bin-Ubuntu sign`.
11. Run the following script to prepare the required builds `tools/build-release.sh bin-Fedora bin-Ubuntu sign`.
12. Upload the reproducible builds along with `SHA256SUMS` and `SHA256SUMS.asc` files from the release folder to the newly drafted release.
13. Share the `SHA256SUMS` and `SHA256SUMS.asc` files with the team for verification and signing.
14. Append the signatures received from the team to the `SHA256SUMS.asc` file. Verify the file using `gpg --verify SHA256SUMS.asc`. Then re-upload the file.
Expand Down
12 changes: 7 additions & 5 deletions doc/getting-started/advanced-setup/repro.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ The release captain is in charge of creating the manifest, whereas contributors
## Script build-release
1: Pull latest code from master

2: Run the `tools/build-release.sh bin-Fedora-28-amd64 bin-Ubuntu sign` script. This will create a release directory, build binaries for Fedora, and build binaries for Ubuntu (Focal, Jammy, and Noble). Finally, it will sign the ZIP, Fedora, and Ubuntu builds.
2: Run the `tools/build-release.sh bin-Fedora bin-Ubuntu sign` script. This will create a release directory, build binaries for Fedora, and build binaries for Ubuntu (Focal, Jammy, and Noble). Finally, it will sign the ZIP, Fedora, and Ubuntu builds.

## Manual
The release captain creates the manifest as follows:
Expand Down Expand Up @@ -199,10 +199,12 @@ sha256sum -c SHA256SUMS
Producing output similar to the following:

```shell
sha256sum: clightning-v0.9.0-Fedora-28-amd64.tar.gz: No such file or directory
clightning-v0.9.0-Fedora-28-amd64.tar.gz: FAILED open or read
clightning-v0.9.0-Ubuntu-18.04.tar.xz: OK
clightning-v0.9.0.zip: OK
sha256sum: clightning-v24.11-Fedora-35-amd64.tar.gz: No such file or directory
clightning-v24.11-Fedora-35-amd64.tar.gz: FAILED open or read
clightning-v24.11-Ubuntu-20.04.tar.xz: OK
clightning-v24.11-Ubuntu-22.04.tar.xz: OK
clightning-v24.11-Ubuntu-24.04.tar.xz: OK
clightning-v24.11.zip: OK
sha256sum: WARNING: 1 listed file could not be read
```

Expand Down
27 changes: 16 additions & 11 deletions tools/build-release.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,17 @@ if [ "$1" = "--inside-docker" ]; then
echo "Inside docker: starting build"
VER="$2"
PLTFM="$3"
PLTFMVER="$4"
ARCH="$5"
git config --global --add safe.directory /src/.git
git clone /src /build
cd /build || exit
poetry export --without-hashes > /tmp/requirements.txt
python3 -m pip install -r /tmp/requirements.txt
./configure
make VERSION="$VER"
make install DESTDIR=/"$VER-$PLTFM" RUST_PROFILE=release
cd /"$VER-$PLTFM" && tar cvfz /release/clightning-"$VER-$PLTFM".tar.gz -- *
make install DESTDIR=/"$VER-$PLTFM-$PLTFMVER-$ARCH" RUST_PROFILE=release
cd /"$VER-$PLTFM-$PLTFMVER-$ARCH" && tar cvfz /release/clightning-"$VER-$PLTFM-$PLTFMVER-$ARCH".tar.gz -- *
echo "Inside docker: build finished"
exit 0
fi
Expand All @@ -22,8 +25,8 @@ FORCE_UNCLEAN=false
VERIFY_RELEASE=false
WITHOUT_ZIP=false

ALL_TARGETS="bin-Fedora-28-amd64 bin-Ubuntu docker sign"
# ALL_TARGETS="bin-Fedora-28-amd64 bin-Ubuntu tarball deb docker sign"
ALL_TARGETS="bin-Fedora bin-Ubuntu docker sign"
# ALL_TARGETS="bin-Fedora bin-Ubuntu tarball deb docker sign"

for arg; do
case "$arg" in
Expand All @@ -46,7 +49,7 @@ for arg; do
echo "Usage: [--force-version=<ver>] [--force-unclean] [--force-mtime=YYYY-MM-DD] [--verify] [TARGETS]"
echo Known targets: "$ALL_TARGETS"
echo "Example: tools/build-release.sh"
echo "Example: tools/build-release.sh --force-version=v23.05 --force-unclean --force-mtime=2023-05-01 bin-Fedora-28-amd64 bin-Ubuntu sign"
echo "Example: tools/build-release.sh --force-version=v23.05 --force-unclean --force-mtime=2023-05-01 bin-Fedora bin-Ubuntu sign"
echo "Example: tools/build-release.sh --verify"
echo "Example: tools/build-release.sh --force-version=v23.05 --force-unclean --force-mtime=2023-05-01 --verify"
echo "Example: tools/build-release.sh docker"
Expand Down Expand Up @@ -151,13 +154,15 @@ for target in $TARGETS; do
platform=${target#bin-}
[ "$platform" != "$target" ] || continue
case $platform in
Fedora-28-amd64)
Fedora*)
echo "Building Fedora Image"
DOCKERFILE=contrib/docker/Dockerfile.builder.fedora
ARCH=amd64
TAG=fedora
DOCKERFILE=contrib/docker/Dockerfile.builder.fedora
FEDORA_VERSION=$(grep -oP '^FROM fedora:\K[0-9]+' "$DOCKERFILE")
docker build -f $DOCKERFILE -t $TAG --load .
docker run --rm=true -v "$(pwd)":/src:ro -v "$RELEASEDIR":/release $TAG /src/tools/build-release.sh --inside-docker "$VERSION" "$platform"
docker run --rm=true -w /build $TAG rm -rf /"$VERSION-$platform" /build
docker run --rm=true -v "$(pwd)":/src:ro -v "$RELEASEDIR":/release $TAG /src/tools/build-release.sh --inside-docker "$VERSION" "$platform" "$FEDORA_VERSION" "$ARCH"
docker run --rm=true -w /build $TAG rm -rf /"$VERSION-$platform-$FEDORA_VERSION-$ARCH" /build
echo "Fedora Image Built"
;;
Ubuntu*)
Expand Down Expand Up @@ -226,8 +231,8 @@ if [ "$VERIFY_RELEASE" = "true" ]; then
# it gives a direct hint which specific checksums don't match if so.
sha256sum --check --ignore-missing "${sumfile}"
# Creating SHA256SUMS, except Fedora (copy that from theirs)
grep 'Fedora-28-amd64' "$sumfile" > SHA256SUMS
sha256sum clightning-"$VERSION"* | grep -v 'bin-Fedora-28-amd64' >> SHA256SUMS
grep 'Fedora-' "$sumfile" > SHA256SUMS
sha256sum clightning-"$VERSION"* | grep -v 'Fedora' >> SHA256SUMS
# compare our and release captain's SHA256SUMS contents
if cmp -s SHA256SUMS "$sumfile"; then
echo "SHA256SUMS are Identical"
Expand Down
Loading