From 6bde17a29e4fab11ecfe65e9fcad71723c564e70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= Date: Thu, 9 Jul 2020 17:45:54 +0200 Subject: [PATCH 1/6] Few improvements from Marek's comments --- .gitlab-ci.yml | 13 +++++++++++++ .qubesbuilder | 4 ++++ Makefile.builder | 8 ++++++++ 3 files changed, 25 insertions(+) create mode 100644 .gitlab-ci.yml create mode 100644 .qubesbuilder create mode 100644 Makefile.builder diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..59fa69c --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,13 @@ +# Provide gitlab ci configuration for upstream CI +# See https://github.com/QubesOS-contrib/qubes-skeleton/blob/master/.gitlab-ci.yml +include: +# Target 4.2 and newer only +- file: /r4.2/gitlab-base.yml + project: QubesOS/qubes-continuous-integration +- file: /r4.2/gitlab-host.yml + project: QubesOS/qubes-continuous-integration +# It includes all the distributions +# - file: /r4.2/gitlab-vm.yml + # project: QubesOS/qubes-continuous-integration +- file: /r4.2/gitlab-vm-fedora.yml + project: QubesOS/qubes-continuous-integration \ No newline at end of file diff --git a/.qubesbuilder b/.qubesbuilder new file mode 100644 index 0000000..0603aac --- /dev/null +++ b/.qubesbuilder @@ -0,0 +1,4 @@ +host: + rpm: + build: + - rpm-build/SPECS/securedrop-workstation-keyring.spec \ No newline at end of file diff --git a/Makefile.builder b/Makefile.builder new file mode 100644 index 0000000..7d3c802 --- /dev/null +++ b/Makefile.builder @@ -0,0 +1,8 @@ +# PACKAGE_SET variable is provided by qubes-builder at build time +# Any name can be given to spec files. Here names does not contain +# the suffix '.in' like the corresponding files 'skeleton.spec.in' +# and 'skeleton-vm.spec.in' +RPM_SPEC_FILES.dom0 := rpm_spec/skeleton-dom0.spec +RPM_SPEC_FILES.vm := rpm_spec/skeleton-vm.spec + +RPM_SPEC_FILES := $(RPM_SPEC_FILES.$(PACKAGE_SET)) \ No newline at end of file From ae0ce1aa4387a5135d5ea0345668e75a1475a30b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= Date: Sun, 19 Jun 2022 10:06:08 +0200 Subject: [PATCH 2/6] Add .gitlab-ci and .qubesbuilder --- .gitlab-ci.yml | 17 ++++++++++++++++- .qubesbuilder | 10 +++++++++- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 59fa69c..4b28a3d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,13 +1,28 @@ +<<<<<<< HEAD # Provide gitlab ci configuration for upstream CI # See https://github.com/QubesOS-contrib/qubes-skeleton/blob/master/.gitlab-ci.yml include: # Target 4.2 and newer only +======= +include: +- file: /r4.1/gitlab-base.yml + project: QubesOS/qubes-continuous-integration +- file: /r4.1/gitlab-dom0.yml + project: QubesOS/qubes-continuous-integration +- file: /r4.1/gitlab-vm.yml + project: QubesOS/qubes-continuous-integration +>>>>>>> 39d0c9d (Add .gitlab-ci and .qubesbuilder) - file: /r4.2/gitlab-base.yml project: QubesOS/qubes-continuous-integration - file: /r4.2/gitlab-host.yml project: QubesOS/qubes-continuous-integration +<<<<<<< HEAD # It includes all the distributions # - file: /r4.2/gitlab-vm.yml # project: QubesOS/qubes-continuous-integration - file: /r4.2/gitlab-vm-fedora.yml - project: QubesOS/qubes-continuous-integration \ No newline at end of file + project: QubesOS/qubes-continuous-integration +======= +- file: /r4.2/gitlab-vm.yml + project: QubesOS/qubes-continuous-integration +>>>>>>> 39d0c9d (Add .gitlab-ci and .qubesbuilder) diff --git a/.qubesbuilder b/.qubesbuilder index 0603aac..6a15f8d 100644 --- a/.qubesbuilder +++ b/.qubesbuilder @@ -1,4 +1,12 @@ host: rpm: build: - - rpm-build/SPECS/securedrop-workstation-keyring.spec \ No newline at end of file +<<<<<<< HEAD + - rpm-build/SPECS/securedrop-workstation-keyring.spec +======= + - rpm_spec/skeleton-dom0.spec +vm: + rpm: + build: + - rpm_spec/skeleton-vm.spec +>>>>>>> 39d0c9d (Add .gitlab-ci and .qubesbuilder) From 0af8f6257b8389a288ac641535bffbf7240edc7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= Date: Sun, 19 Jun 2022 10:19:09 +0200 Subject: [PATCH 3/6] gitlab-ci: build only for Fedora --- .gitlab-ci.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4b28a3d..414f095 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,7 +9,10 @@ include: project: QubesOS/qubes-continuous-integration - file: /r4.1/gitlab-dom0.yml project: QubesOS/qubes-continuous-integration -- file: /r4.1/gitlab-vm.yml +# It includes all the distributions +#- file: /r4.1/gitlab-vm.yml +# project: QubesOS/qubes-continuous-integration +- file: /r4.1/gitlab-vm-fedora.yml project: QubesOS/qubes-continuous-integration >>>>>>> 39d0c9d (Add .gitlab-ci and .qubesbuilder) - file: /r4.2/gitlab-base.yml @@ -17,6 +20,7 @@ include: - file: /r4.2/gitlab-host.yml project: QubesOS/qubes-continuous-integration <<<<<<< HEAD +<<<<<<< HEAD # It includes all the distributions # - file: /r4.2/gitlab-vm.yml # project: QubesOS/qubes-continuous-integration @@ -24,5 +28,11 @@ include: project: QubesOS/qubes-continuous-integration ======= - file: /r4.2/gitlab-vm.yml +======= +# It includes all the distributions +#- file: /r4.2/gitlab-vm.yml +# project: QubesOS/qubes-continuous-integration +- file: /r4.2/gitlab-vm-fedora.yml +>>>>>>> 11db931 (gitlab-ci: build only for Fedora) project: QubesOS/qubes-continuous-integration >>>>>>> 39d0c9d (Add .gitlab-ci and .qubesbuilder) From da355f45514ba54056d90520382adee1c470aab6 Mon Sep 17 00:00:00 2001 From: Rowen S Date: Tue, 26 Nov 2024 14:12:18 -0500 Subject: [PATCH 4/6] Include files for qubes builder (see qubes-skeleton repo) --- .gitignore | 3 +++ .gitlab-ci.yml | 25 ------------------------- Makefile.builder | 3 +-- REL | 1 + 4 files changed, 5 insertions(+), 27 deletions(-) create mode 100644 REL diff --git a/.gitignore b/.gitignore index 6fcf7be..9640a29 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +# upstream +pkgs + # tarball directory used before build stage src/ diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 414f095..a4913c1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,38 +1,13 @@ -<<<<<<< HEAD # Provide gitlab ci configuration for upstream CI # See https://github.com/QubesOS-contrib/qubes-skeleton/blob/master/.gitlab-ci.yml include: # Target 4.2 and newer only -======= -include: -- file: /r4.1/gitlab-base.yml - project: QubesOS/qubes-continuous-integration -- file: /r4.1/gitlab-dom0.yml - project: QubesOS/qubes-continuous-integration -# It includes all the distributions -#- file: /r4.1/gitlab-vm.yml -# project: QubesOS/qubes-continuous-integration -- file: /r4.1/gitlab-vm-fedora.yml - project: QubesOS/qubes-continuous-integration ->>>>>>> 39d0c9d (Add .gitlab-ci and .qubesbuilder) - file: /r4.2/gitlab-base.yml project: QubesOS/qubes-continuous-integration - file: /r4.2/gitlab-host.yml project: QubesOS/qubes-continuous-integration -<<<<<<< HEAD -<<<<<<< HEAD # It includes all the distributions # - file: /r4.2/gitlab-vm.yml # project: QubesOS/qubes-continuous-integration - file: /r4.2/gitlab-vm-fedora.yml project: QubesOS/qubes-continuous-integration -======= -- file: /r4.2/gitlab-vm.yml -======= -# It includes all the distributions -#- file: /r4.2/gitlab-vm.yml -# project: QubesOS/qubes-continuous-integration -- file: /r4.2/gitlab-vm-fedora.yml ->>>>>>> 11db931 (gitlab-ci: build only for Fedora) - project: QubesOS/qubes-continuous-integration ->>>>>>> 39d0c9d (Add .gitlab-ci and .qubesbuilder) diff --git a/Makefile.builder b/Makefile.builder index 7d3c802..0e8077b 100644 --- a/Makefile.builder +++ b/Makefile.builder @@ -2,7 +2,6 @@ # Any name can be given to spec files. Here names does not contain # the suffix '.in' like the corresponding files 'skeleton.spec.in' # and 'skeleton-vm.spec.in' -RPM_SPEC_FILES.dom0 := rpm_spec/skeleton-dom0.spec -RPM_SPEC_FILES.vm := rpm_spec/skeleton-vm.spec +RPM_SPEC_FILES.dom0 := rpm-build/SPECS/securedrop-workstation-dom0.spec RPM_SPEC_FILES := $(RPM_SPEC_FILES.$(PACKAGE_SET)) \ No newline at end of file diff --git a/REL b/REL new file mode 100644 index 0000000..56a6051 --- /dev/null +++ b/REL @@ -0,0 +1 @@ +1 \ No newline at end of file From 4c35fcc217a9b1323d7409cff95979c01cab8b2e Mon Sep 17 00:00:00 2001 From: Rowen S Date: Tue, 26 Nov 2024 14:08:34 -0500 Subject: [PATCH 5/6] Update dom0 rpm spec file with qubesbuilder-style versioning. --- rpm-build/SPECS/securedrop-workstation-keyring.spec | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/rpm-build/SPECS/securedrop-workstation-keyring.spec b/rpm-build/SPECS/securedrop-workstation-keyring.spec index da841bd..2a9622e 100644 --- a/rpm-build/SPECS/securedrop-workstation-keyring.spec +++ b/rpm-build/SPECS/securedrop-workstation-keyring.spec @@ -1,6 +1,6 @@ Name: securedrop-workstation-keyring -Version: 0.1.0 -Release: 1%{?dist} +Version: @VERSION@ +Release: @REL@%{?dist} Summary: SecureDrop Workstation Keyring # For reproducible builds: @@ -33,6 +33,8 @@ Source: %{url}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildArch: noarch #BuildRequires: systemd-rpm-macros +BuildRequires: make + %description This package contains the SecureDrop Release public key and yum .repo file @@ -55,10 +57,7 @@ install -m 644 %{_builddir}/files/securedrop-release-signing-pubkey-2021.asc %{b /etc/yum.repos.d/securedrop-workstation-dom0.repo %post -# Not just `rpm --import`, because of https://github.com/rpm-software-management/rpm/issues/2577 -key_id=$(rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' | grep SecureDrop | cut -f1 -d' ') -rpm -e $key_id -sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation +# TODO %changelog # TODO \ No newline at end of file From 117d9c3418c50f2c75595010bbd703be3fb240bc Mon Sep 17 00:00:00 2001 From: Rowen S Date: Mon, 2 Dec 2024 13:30:25 -0500 Subject: [PATCH 6/6] Add changelog and update_version script. --- .qubesbuilder | 8 -------- Makefile.builder | 7 +------ REL | 1 - .../SPECS/securedrop-workstation-keyring.spec | 10 +++++++--- scripts/build-rpm.sh | 9 ++------- update_version.sh | 18 ++++++++++++++++++ 6 files changed, 28 insertions(+), 25 deletions(-) delete mode 100644 REL create mode 100755 update_version.sh diff --git a/.qubesbuilder b/.qubesbuilder index 6a15f8d..d67c60c 100644 --- a/.qubesbuilder +++ b/.qubesbuilder @@ -1,12 +1,4 @@ host: rpm: build: -<<<<<<< HEAD - rpm-build/SPECS/securedrop-workstation-keyring.spec -======= - - rpm_spec/skeleton-dom0.spec -vm: - rpm: - build: - - rpm_spec/skeleton-vm.spec ->>>>>>> 39d0c9d (Add .gitlab-ci and .qubesbuilder) diff --git a/Makefile.builder b/Makefile.builder index 0e8077b..2b1440d 100644 --- a/Makefile.builder +++ b/Makefile.builder @@ -1,7 +1,2 @@ # PACKAGE_SET variable is provided by qubes-builder at build time -# Any name can be given to spec files. Here names does not contain -# the suffix '.in' like the corresponding files 'skeleton.spec.in' -# and 'skeleton-vm.spec.in' -RPM_SPEC_FILES.dom0 := rpm-build/SPECS/securedrop-workstation-dom0.spec - -RPM_SPEC_FILES := $(RPM_SPEC_FILES.$(PACKAGE_SET)) \ No newline at end of file +RPM_SPEC_FILES := rpm-build/SPECS/securedrop-workstation-dom0.spec diff --git a/REL b/REL deleted file mode 100644 index 56a6051..0000000 --- a/REL +++ /dev/null @@ -1 +0,0 @@ -1 \ No newline at end of file diff --git a/rpm-build/SPECS/securedrop-workstation-keyring.spec b/rpm-build/SPECS/securedrop-workstation-keyring.spec index 2a9622e..279340d 100644 --- a/rpm-build/SPECS/securedrop-workstation-keyring.spec +++ b/rpm-build/SPECS/securedrop-workstation-keyring.spec @@ -1,6 +1,6 @@ Name: securedrop-workstation-keyring -Version: @VERSION@ -Release: @REL@%{?dist} +Version: 0.1.0 +Release: 1%{?dist} Summary: SecureDrop Workstation Keyring # For reproducible builds: @@ -58,6 +58,10 @@ install -m 644 %{_builddir}/files/securedrop-release-signing-pubkey-2021.asc %{b %post # TODO +# If installing: import key +# If upgrading: remove key from rpm and reimport key +# If removing: remove key from rpm %changelog -# TODO \ No newline at end of file +* Mon Dec 2 2024 13:12:00 SecureDrop Team - 0.1.0 +- Initial keyring/bootstrap package diff --git a/scripts/build-rpm.sh b/scripts/build-rpm.sh index 3d4d339..343701a 100755 --- a/scripts/build-rpm.sh +++ b/scripts/build-rpm.sh @@ -6,13 +6,8 @@ set -o pipefail source "$(dirname "$0")/common.sh" -# Prepare tarball for rpmbuild -mkdir -p src/ -git clean -fdX rpm-build/ src/ -tar -zcvf src/"${PROJECT}"-"$(cat VERSION)".tar.gz files/ - -# Place tarball where rpmbuild will find it -cp src/*.tar.gz rpm-build/SOURCES/ +# There is no build step, so we can omit the tarball +# step that is used in the sdw config rpm rpmbuild \ --quiet \ diff --git a/update_version.sh b/update_version.sh new file mode 100755 index 0000000..cfe9cc6 --- /dev/null +++ b/update_version.sh @@ -0,0 +1,18 @@ +#!/usr/bin/bash +## Usage: ./update_version.sh + +set -e + +if [ -z "$1" ]; then + echo "You must specify the new version!" + exit 1 +fi + +# We want the Python and RPM versions to match, so we'll use a PEP 440 +# compatible version, e.g. 0.9.0rc1 or 0.9.0. +NEW_VERSION=$(echo "$1" | sed 's/-//g' | sed 's/~//g' ) + +# Update the version in the spec file and VERSION. +# TODO: Use rpmdev-bumpspec +echo "${NEW_VERSION}" > VERSION +sed -i'' -r -e "s/^(Version:\\t).*/\\1${NEW_VERSION}/" "rpm-build/SPECS/securedrop-workstation-keyring.spec"