You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ko...@apache.org on 2022/02/25 22:42:13 UTC
[couchdb-pkg] 01/01: Add RPM signing example
This is an automated email from the ASF dual-hosted git repository.
kocolosk pushed a commit to branch update-docs
in repository https://gitbox.apache.org/repos/asf/couchdb-pkg.git
commit c3ade502836e8eb06a076abfab78f49b0cf6cd68
Author: Adam Kocoloski <ko...@apache.org>
AuthorDate: Fri Feb 25 17:41:31 2022 -0500
Add RPM signing example
Also a couple of other small fixes
---
README.md | 51 ++++++++++++++++++++++++++++++++++++++++++++++-----
build.sh | 4 ++--
2 files changed, 48 insertions(+), 7 deletions(-)
diff --git a/README.md b/README.md
index 0e31880..e7b6559 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ make couch-js-debs PLATFORM=$(lsb_release -cs)
### CouchDB
-#### rpms or debs from `master` branch:
+#### rpms or debs from `main` branch:
```shell
cd .. && git clone https://github.com/apache/couchdb
@@ -41,11 +41,10 @@ make copy-couch $(lsb_release -cs) COUCHTARBALL=path/to/couchdb-#.#.#.tar.gz PLA
-----
-## Building inside the `couchdbdev` docker containers
+## Building inside the CI docker containers
You must first pull down the image or images you need from Docker Hub, or build the images
-using the [apache/couchdb-ci](https://github.com/apache/couchdb-ci) repository. A full
-list of supported environments is at https://hub.docker.com/u/couchdbdev/ .
+using the [apache/couchdb-ci](https://github.com/apache/couchdb-ci) repository.
### SpiderMonkey 1.8.5
@@ -100,9 +99,51 @@ Packages will be placed in the `pkgs/couch` subdirectory.
A similar `js-all` target exists, should the SpiderMonkey packages need to be regenerated.
+## Signing RPMs
+
+If you're building RPMs inside the CI containers you'll need to export your code signing key:
+
+```
+gpg --export-secret-keys -a $KEYID > my_private_key.asc
+gpg --export -a $KEYID > my_public_key.asc
+```
+
+Import it inside the container:
+
+```
+✗ docker run -it --mount type=bind,src=`pwd`,dst=/home/jenkins/couchdb-pkg -u 0 -w /home/jenkins/couchdb-pkg --platform linux/amd64 apache/couchdbci-centos:7-erlang-23.3.4.10
+[root@38a8b375b3cb couchdb-pkg]# ls *.asc
+my_private_key.asc my_public_key.asc
+[root@38a8b375b3cb couchdb-pkg]# gpg --import *.asc
+gpg: directory `/root/.gnupg' created
+gpg: new configuration file `/root/.gnupg/gpg.conf' created
+gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
+gpg: keyring `/root/.gnupg/secring.gpg' created
+gpg: keyring `/root/.gnupg/pubring.gpg' created
+gpg: key 232EF177: secret key imported
+gpg: /root/.gnupg/trustdb.gpg: trustdb created
+gpg: key 232EF177: public key "Adam Kocoloski (CODE SIGNING KEY) <ko...@apache.org>" imported
+gpg: key 232EF177: "Adam Kocoloski (CODE SIGNING KEY) <ko...@apache.org>" not changed
+gpg: Total number processed: 2
+gpg: imported: 1 (RSA: 1)
+gpg: unchanged: 1
+gpg: secret keys read: 1
+gpg: secret keys imported: 1
+```
+
+Ensure `%_gpg_name` is configured, and then it's time to sign:
+
+```
+[root@38a8b375b3cb couchdb-pkg]# echo "%_gpg_name Adam Kocoloski (CODE SIGNING KEY) <ko...@apache.org>" > ~/.rpmmacros
+[root@38a8b375b3cb couchdb-pkg]# rpmsign --addsign pkgs/couch/centos-7/couchdb-3.2.1-2.el7.x86_64.rpm
+Enter pass phrase:
+Pass phrase is good.
+pkgs/couch/centos-7/couchdb-3.2.1-2.el7.x86_64.rpm:
+```
+
## Uploading the packages
-If you have Apache credentials (set your `BINARY_CREDS` environment variable appropriately), after building all CouchDB packages above, **and signing the rpms with the appropriate GPG key using the `rpmsign --addsign <file.rpm>` command**, simply run:
+If you have Apache credentials (set your `BINARY_CREDS` environment variable using credentials from Artifactory), after building all CouchDB packages above, **and signing the rpms with the appropriate GPG key using the `rpmsign --addsign <file.rpm>` command above**, simply run:
./build.sh couch-upload-all
diff --git a/build.sh b/build.sh
index 1a4aaf4..5480225 100755
--- a/build.sh
+++ b/build.sh
@@ -131,8 +131,8 @@ binary-upload() {
upload-couch() {
# invoke with $1 as plat, expect to find the binaries under pkgs/couch/$plat/*
if [ -z ${BINARY_CREDS+x} ]; then
- echo "Please set your upload credentials before using this command:"
- echo " export BINARY_CREDS=<user@domain:KEYGOESHERE>"
+ echo "Please set your Artifactory upload credentials before using this command:"
+ echo " export BINARY_CREDS=username:KEYGOESHERE"
exit 1
fi
for PKG in $(ls pkgs/couch/$1/*.deb 2>/dev/null); do