You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ko...@apache.org on 2022/02/25 22:42:13 UTC

[couchdb-pkg] 01/01: Add RPM signing example

This is an automated email from the ASF dual-hosted git repository.

kocolosk pushed a commit to branch update-docs
in repository https://gitbox.apache.org/repos/asf/couchdb-pkg.git

commit c3ade502836e8eb06a076abfab78f49b0cf6cd68
Author: Adam Kocoloski <ko...@apache.org>
AuthorDate: Fri Feb 25 17:41:31 2022 -0500

    Add RPM signing example
    
    Also a couple of other small fixes
---
 README.md | 51 ++++++++++++++++++++++++++++++++++++++++++++++-----
 build.sh  |  4 ++--
 2 files changed, 48 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 0e31880..e7b6559 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ make couch-js-debs PLATFORM=$(lsb_release -cs)
 
 ### CouchDB
 
-#### rpms or debs from `master` branch:
+#### rpms or debs from `main` branch:
 
 ```shell
 cd .. && git clone https://github.com/apache/couchdb
@@ -41,11 +41,10 @@ make copy-couch $(lsb_release -cs) COUCHTARBALL=path/to/couchdb-#.#.#.tar.gz PLA
 
 -----
 
-## Building inside the `couchdbdev` docker containers
+## Building inside the CI docker containers
 
 You must first pull down the image or images you need from Docker Hub, or build the images
-using the [apache/couchdb-ci](https://github.com/apache/couchdb-ci) repository. A full
-list of supported environments is at https://hub.docker.com/u/couchdbdev/ .
+using the [apache/couchdb-ci](https://github.com/apache/couchdb-ci) repository.
 
 ### SpiderMonkey 1.8.5
 
@@ -100,9 +99,51 @@ Packages will be placed in the `pkgs/couch` subdirectory.
 
 A similar `js-all` target exists, should the SpiderMonkey packages need to be regenerated.
 
+## Signing RPMs
+
+If you're building RPMs inside the CI containers you'll need to export your code signing key:
+
+```
+gpg --export-secret-keys -a $KEYID > my_private_key.asc
+gpg --export -a $KEYID > my_public_key.asc
+```
+
+Import it inside the container:
+
+```
+✗ docker run -it --mount type=bind,src=`pwd`,dst=/home/jenkins/couchdb-pkg -u 0 -w /home/jenkins/couchdb-pkg --platform linux/amd64 apache/couchdbci-centos:7-erlang-23.3.4.10
+[root@38a8b375b3cb couchdb-pkg]# ls *.asc
+my_private_key.asc  my_public_key.asc
+[root@38a8b375b3cb couchdb-pkg]# gpg --import *.asc
+gpg: directory `/root/.gnupg' created
+gpg: new configuration file `/root/.gnupg/gpg.conf' created
+gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
+gpg: keyring `/root/.gnupg/secring.gpg' created
+gpg: keyring `/root/.gnupg/pubring.gpg' created
+gpg: key 232EF177: secret key imported
+gpg: /root/.gnupg/trustdb.gpg: trustdb created
+gpg: key 232EF177: public key "Adam Kocoloski (CODE SIGNING KEY) <ko...@apache.org>" imported
+gpg: key 232EF177: "Adam Kocoloski (CODE SIGNING KEY) <ko...@apache.org>" not changed
+gpg: Total number processed: 2
+gpg:               imported: 1  (RSA: 1)
+gpg:              unchanged: 1
+gpg:       secret keys read: 1
+gpg:   secret keys imported: 1
+```
+
+Ensure `%_gpg_name` is configured, and then it's time to sign:
+
+```
+[root@38a8b375b3cb couchdb-pkg]# echo "%_gpg_name Adam Kocoloski (CODE SIGNING KEY) <ko...@apache.org>" > ~/.rpmmacros
+[root@38a8b375b3cb couchdb-pkg]# rpmsign --addsign pkgs/couch/centos-7/couchdb-3.2.1-2.el7.x86_64.rpm
+Enter pass phrase:
+Pass phrase is good.
+pkgs/couch/centos-7/couchdb-3.2.1-2.el7.x86_64.rpm:
+```
+
 ## Uploading the packages
 
-If you have Apache credentials (set your `BINARY_CREDS` environment variable appropriately), after building all CouchDB packages above, **and signing the rpms with the appropriate GPG key using the `rpmsign --addsign <file.rpm>` command**, simply run:
+If you have Apache credentials (set your `BINARY_CREDS` environment variable using credentials from Artifactory), after building all CouchDB packages above, **and signing the rpms with the appropriate GPG key using the `rpmsign --addsign <file.rpm>` command above**, simply run:
 
     ./build.sh couch-upload-all
 
diff --git a/build.sh b/build.sh
index 1a4aaf4..5480225 100755
--- a/build.sh
+++ b/build.sh
@@ -131,8 +131,8 @@ binary-upload() {
 upload-couch() {
   # invoke with $1 as plat, expect to find the binaries under pkgs/couch/$plat/*
   if [ -z ${BINARY_CREDS+x} ]; then
-    echo "Please set your upload credentials before using this command:"
-    echo "  export BINARY_CREDS=<user@domain:KEYGOESHERE>"
+    echo "Please set your Artifactory upload credentials before using this command:"
+    echo "  export BINARY_CREDS=username:KEYGOESHERE"
     exit 1
   fi
   for PKG in $(ls pkgs/couch/$1/*.deb 2>/dev/null); do