Google Git
Sign in
apache / couchdb-pkg / refs/heads/update-docs
commitc3ade502836e8eb06a076abfab78f49b0cf6cd68[log] [tgz]
authorAdam Kocoloski <kocolosk@apache.org>Fri Feb 25 17:41:31 2022 -0500
committerAdam Kocoloski <kocolosk@apache.org>Fri Feb 25 17:41:31 2022 -0500
tree0e7c07c548f9ee62c0507f476fef6ce7ef7a8b3e
parent7f1e10a3302e5ee9b292ea5ded8ad89b8b768bf8 [diff]
Add RPM signing example

Also a couple of other small fixes
2 files changed
tree: 0e7c07c548f9ee62c0507f476fef6ce7ef7a8b3e
  1. .github/
  2. bin/
  3. debian/
  4. js/
  5. js68/
  6. pkgs/
  7. pkgs.bak/
  8. repo/
  9. rpm/
  10. snap/
  11. .asf.yaml
  12. .gitignore
  13. build.sh
  14. LICENSE
  15. Makefile
  16. README-SNAP.md
  17. README.md
README.md

CouchDB Packaging support repo

The main purpose of this repository is to provide packaging support files for Apache CouchDB and its SpiderMoneky 1.8.5 dependency, for a number of well-known and used packaging formats, namely:

  • .deb files, as used by Debian, Ubuntu, and derivatives
  • .rpm files, as used by CentOS, RedHat, and derivatives
  • snapcraft files, as used by the Ubuntu Snappy package manager

Usage

On a system with all necessary build-time dependencies:

SpiderMonkey 1.8.5

rpms

make couch-js-rpms

debs

make couch-js-debs PLATFORM=$(lsb_release -cs)

CouchDB

rpms or debs from main branch:

cd .. && git clone https://github.com/apache/couchdb
cd couchdb-pkg && make build-couch $(lsb_release -cs) PLATFORM=$(lsb_release -cs)

rpms or debs from a release tarball:

make copy-couch $(lsb_release -cs) COUCHTARBALL=path/to/couchdb-#.#.#.tar.gz PLATFORM=$(lsb_release -cs)

Building inside the CI docker containers

You must first pull down the image or images you need from Docker Hub, or build the images using the apache/couchdb-ci repository.

SpiderMonkey 1.8.5

docker pull couchdbdev/<os>-<codename>-base
./build.sh js <os>-<codename>    # for example, debian-stretch, ubuntu-bionic or centos-7.

CouchDB

From a downloaded CouchDB tarball:

docker pull couchdbdev/<osname>-<codename>-erlang-<erlang-version>
ERLANGVERSION=<erlang-version> ./build.sh couch <os>-<codename> path/to/couchdb-#.#.#.tar.gz

Directly from the Apache source CDN:

docker pull couchdbdev/<osname>-<codename>-erlang-<erlang-version>
./build.sh couch <os>-<codename> https://dist.apache.org/repos/dist/release/couchdb/source/#.#.#/apache-couchdb-#.#.#.tar.gz

Building packages for a release

Prerequisites

  1. Linux running Docker
  2. The current user must be capable of running docker run.
  3. Enough free disk space to download all of the Docker images + build CouchDB.

Running the package build

You can either build packages from a local CouchDB dist tarball (the output of make dist), or from a URL of a published CouchDB dist tarball (such as the ones on https://couchdb.apache.org/). The package's version number will be derived from the filename of the CouchDB dist tarball.

Run:

$ ./build.sh couch-all path/to/apache-couchdb-VERSION.tar.gz

or

$ ./build.sh couch-all http://url/to/apache-couchdb-VERSION.tar.gz

Packages will be placed in the pkgs/couch subdirectory.

A similar js-all target exists, should the SpiderMonkey packages need to be regenerated.

Signing RPMs

If you‘re building RPMs inside the CI containers you’ll need to export your code signing key:

gpg --export-secret-keys -a $KEYID > my_private_key.asc
gpg --export -a $KEYID > my_public_key.asc

Import it inside the container:

✗ docker run -it --mount type=bind,src=`pwd`,dst=/home/jenkins/couchdb-pkg -u 0 -w /home/jenkins/couchdb-pkg --platform linux/amd64 apache/couchdbci-centos:7-erlang-23.3.4.10
[root@38a8b375b3cb couchdb-pkg]# ls *.asc
my_private_key.asc  my_public_key.asc
[root@38a8b375b3cb couchdb-pkg]# gpg --import *.asc
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: key 232EF177: secret key imported
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 232EF177: public key "Adam Kocoloski (CODE SIGNING KEY) <kocolosk@apache.org>" imported
gpg: key 232EF177: "Adam Kocoloski (CODE SIGNING KEY) <kocolosk@apache.org>" not changed
gpg: Total number processed: 2
gpg:               imported: 1  (RSA: 1)
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

Ensure %_gpg_name is configured, and then it's time to sign:

[root@38a8b375b3cb couchdb-pkg]# echo "%_gpg_name Adam Kocoloski (CODE SIGNING KEY) <kocolosk@apache.org>" > ~/.rpmmacros
[root@38a8b375b3cb couchdb-pkg]# rpmsign --addsign pkgs/couch/centos-7/couchdb-3.2.1-2.el7.x86_64.rpm
Enter pass phrase:
Pass phrase is good.
pkgs/couch/centos-7/couchdb-3.2.1-2.el7.x86_64.rpm:

Uploading the packages

If you have Apache credentials (set your BINARY_CREDS environment variable using credentials from Artifactory), after building all CouchDB packages above, and signing the rpms with the appropriate GPG key using the rpmsign --addsign <file.rpm> command above, simply run:

./build.sh couch-upload-all

Or, for the SpiderMonkey packages:

./build.sh js-upload-all

Snap packages

See README-SNAP.md.

Feedback, Issues, Contributing

General feedback is welcome at our user or developer mailing lists.

Apache CouchDB has a CONTRIBUTING file with details on how to get started with issue reporting or contributing to the upkeep of this project.