Merge pull request #3 from freedomofpress/changelog-and-rpmbuild

Changelog, rpm-build, and qubes-builder
freedomofpress · Dec 5, 2024 · 8ddda26 · 8ddda26
2 parents 8252901 + 117d9c3
commit 8ddda26
Show file tree

Hide file tree

Showing 7 changed files with 52 additions and 14 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,6 @@
+# upstream
+pkgs
+
 # tarball directory used before build stage 
 src/
 

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -0,0 +1,13 @@
+# Provide gitlab ci configuration for upstream CI
+# See https://github.com/QubesOS-contrib/qubes-skeleton/blob/master/.gitlab-ci.yml
+include:
+# Target 4.2 and newer only
+- file: /r4.2/gitlab-base.yml
+  project: QubesOS/qubes-continuous-integration
+- file: /r4.2/gitlab-host.yml
+  project: QubesOS/qubes-continuous-integration
+# It includes all the distributions
+# - file: /r4.2/gitlab-vm.yml
+  # project: QubesOS/qubes-continuous-integration
+- file: /r4.2/gitlab-vm-fedora.yml
+  project: QubesOS/qubes-continuous-integration
diff --git a/.qubesbuilder b/.qubesbuilder
@@ -0,0 +1,4 @@
+host:
+  rpm:
+    build:
+    - rpm-build/SPECS/securedrop-workstation-keyring.spec
diff --git a/Makefile.builder b/Makefile.builder
@@ -0,0 +1,2 @@
+# PACKAGE_SET variable is provided by qubes-builder at build time
+RPM_SPEC_FILES := rpm-build/SPECS/securedrop-workstation-dom0.spec
diff --git a/rpm-build/SPECS/securedrop-workstation-keyring.spec b/rpm-build/SPECS/securedrop-workstation-keyring.spec
@@ -1,6 +1,6 @@
 Name:		securedrop-workstation-keyring
-Version:	0.1.0
-Release:	1%{?dist}
+Version:    0.1.0
+Release:    1%{?dist}
 Summary:	SecureDrop Workstation Keyring
 
 # For reproducible builds:
@@ -33,6 +33,8 @@ Source:		%{url}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 
 BuildArch:		noarch
 #BuildRequires:	systemd-rpm-macros
+BuildRequires: make
+
 
 %description
 This package contains the SecureDrop Release public key and yum .repo file
@@ -55,10 +57,11 @@ install -m 644 %{_builddir}/files/securedrop-release-signing-pubkey-2021.asc %{b
 /etc/yum.repos.d/securedrop-workstation-dom0.repo
 
 %post
-# Not just `rpm --import`, because of https://github.com/rpm-software-management/rpm/issues/2577
-key_id=$(rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' | grep SecureDrop | cut -f1 -d' ')
-rpm -e $key_id
-sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation
+# TODO
+# If installing: import key
+# If upgrading: remove key from rpm and reimport key
+# If removing: remove key from rpm
 
 %changelog
-# TODO
+* Mon Dec 2 2024 13:12:00 SecureDrop Team <[email protected]> - 0.1.0
+- Initial keyring/bootstrap package
diff --git a/scripts/build-rpm.sh b/scripts/build-rpm.sh
@@ -6,13 +6,8 @@ set -o pipefail
 
 source "$(dirname "$0")/common.sh"
 
-# Prepare tarball for rpmbuild
-mkdir -p src/
-git clean -fdX rpm-build/ src/
-tar -zcvf src/"${PROJECT}"-"$(cat VERSION)".tar.gz files/
-
-# Place tarball where rpmbuild will find it
-cp src/*.tar.gz rpm-build/SOURCES/
+# There is no build step, so we can omit the tarball
+# step that is used in the sdw config rpm
 
 rpmbuild \
     --quiet \

diff --git a/update_version.sh b/update_version.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/bash
+## Usage: ./update_version.sh <version>
+
+set -e
+
+if [ -z "$1" ]; then
+  echo "You must specify the new version!"
+  exit 1
+fi
+
+# We want the Python and RPM versions to match, so we'll use a PEP 440
+# compatible version, e.g. 0.9.0rc1 or 0.9.0.
+NEW_VERSION=$(echo "$1" | sed 's/-//g' | sed 's/~//g' )
+
+# Update the version in the spec file and VERSION.
+# TODO: Use rpmdev-bumpspec
+echo "${NEW_VERSION}" > VERSION
+sed -i'' -r -e "s/^(Version:\\t).*/\\1${NEW_VERSION}/" "rpm-build/SPECS/securedrop-workstation-keyring.spec"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# PACKAGE_SET variable is provided by qubes-builder at build time
		RPM_SPEC_FILES := rpm-build/SPECS/securedrop-workstation-dom0.spec