commit | c3ade502836e8eb06a076abfab78f49b0cf6cd68 | [log] [tgz] |
---|---|---|
author | Adam Kocoloski <kocolosk@apache.org> | Fri Feb 25 17:41:31 2022 -0500 |
committer | Adam Kocoloski <kocolosk@apache.org> | Fri Feb 25 17:41:31 2022 -0500 |
tree | 0e7c07c548f9ee62c0507f476fef6ce7ef7a8b3e | |
parent | 7f1e10a3302e5ee9b292ea5ded8ad89b8b768bf8 [diff] |
Add RPM signing example Also a couple of other small fixes
The main purpose of this repository is to provide packaging support files for Apache CouchDB and its SpiderMoneky 1.8.5 dependency, for a number of well-known and used packaging formats, namely:
.deb
files, as used by Debian, Ubuntu, and derivatives.rpm
files, as used by CentOS, RedHat, and derivativessnapcraft
files, as used by the Ubuntu Snappy package managermake couch-js-rpms
make couch-js-debs PLATFORM=$(lsb_release -cs)
main
branch:cd .. && git clone https://github.com/apache/couchdb cd couchdb-pkg && make build-couch $(lsb_release -cs) PLATFORM=$(lsb_release -cs)
make copy-couch $(lsb_release -cs) COUCHTARBALL=path/to/couchdb-#.#.#.tar.gz PLATFORM=$(lsb_release -cs)
You must first pull down the image or images you need from Docker Hub, or build the images using the apache/couchdb-ci repository.
docker pull couchdbdev/<os>-<codename>-base ./build.sh js <os>-<codename> # for example, debian-stretch, ubuntu-bionic or centos-7.
From a downloaded CouchDB tarball:
docker pull couchdbdev/<osname>-<codename>-erlang-<erlang-version> ERLANGVERSION=<erlang-version> ./build.sh couch <os>-<codename> path/to/couchdb-#.#.#.tar.gz
Directly from the Apache source CDN:
docker pull couchdbdev/<osname>-<codename>-erlang-<erlang-version> ./build.sh couch <os>-<codename> https://dist.apache.org/repos/dist/release/couchdb/source/#.#.#/apache-couchdb-#.#.#.tar.gz
docker run
.You can either build packages from a local CouchDB dist tarball (the output of make dist
), or from a URL of a published CouchDB dist tarball (such as the ones on https://couchdb.apache.org/). The package's version number will be derived from the filename of the CouchDB dist tarball.
Run:
$ ./build.sh couch-all path/to/apache-couchdb-VERSION.tar.gz
or
$ ./build.sh couch-all http://url/to/apache-couchdb-VERSION.tar.gz
Packages will be placed in the pkgs/couch
subdirectory.
A similar js-all
target exists, should the SpiderMonkey packages need to be regenerated.
If you‘re building RPMs inside the CI containers you’ll need to export your code signing key:
gpg --export-secret-keys -a $KEYID > my_private_key.asc gpg --export -a $KEYID > my_public_key.asc
Import it inside the container:
✗ docker run -it --mount type=bind,src=`pwd`,dst=/home/jenkins/couchdb-pkg -u 0 -w /home/jenkins/couchdb-pkg --platform linux/amd64 apache/couchdbci-centos:7-erlang-23.3.4.10 [root@38a8b375b3cb couchdb-pkg]# ls *.asc my_private_key.asc my_public_key.asc [root@38a8b375b3cb couchdb-pkg]# gpg --import *.asc gpg: directory `/root/.gnupg' created gpg: new configuration file `/root/.gnupg/gpg.conf' created gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/root/.gnupg/secring.gpg' created gpg: keyring `/root/.gnupg/pubring.gpg' created gpg: key 232EF177: secret key imported gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key 232EF177: public key "Adam Kocoloski (CODE SIGNING KEY) <kocolosk@apache.org>" imported gpg: key 232EF177: "Adam Kocoloski (CODE SIGNING KEY) <kocolosk@apache.org>" not changed gpg: Total number processed: 2 gpg: imported: 1 (RSA: 1) gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1
Ensure %_gpg_name
is configured, and then it's time to sign:
[root@38a8b375b3cb couchdb-pkg]# echo "%_gpg_name Adam Kocoloski (CODE SIGNING KEY) <kocolosk@apache.org>" > ~/.rpmmacros [root@38a8b375b3cb couchdb-pkg]# rpmsign --addsign pkgs/couch/centos-7/couchdb-3.2.1-2.el7.x86_64.rpm Enter pass phrase: Pass phrase is good. pkgs/couch/centos-7/couchdb-3.2.1-2.el7.x86_64.rpm:
If you have Apache credentials (set your BINARY_CREDS
environment variable using credentials from Artifactory), after building all CouchDB packages above, and signing the rpms with the appropriate GPG key using the rpmsign --addsign <file.rpm>
command above, simply run:
./build.sh couch-upload-all
Or, for the SpiderMonkey packages:
./build.sh js-upload-all
See README-SNAP.md.
General feedback is welcome at our user or developer mailing lists.
Apache CouchDB has a CONTRIBUTING file with details on how to get started with issue reporting or contributing to the upkeep of this project.