Home Explore Help
Register Sign In
skyfffire
/
core-chain
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

build: use SFTP for launchpad uploads (#19037)

* build: use sftp for launchpad uploads

* .travis.yml: configure sftp export

* build: update CI docs
Felix Lange 6 years ago
parent
6cb7d52a29
commit
3de19c8b31
4 changed files with 60 additions and 21 deletions
Unified View Show Diff Stats
  1. 3 1
      .travis.yml
  2. 10 3
      build/ci-notes.md
  3. 39 17
      build/ci.go
  4. 8 0
      build/dput-launchpad.cf

+ 3 - 1
.travis.yml
View File 

@@ -68,8 +68,10 @@ matrix:
 
             - debhelper
 
             - debhelper
 
             - dput
 
             - dput
 
             - fakeroot
 
             - fakeroot
 
+            - python-bzrlib
 
+            - python-paramiko
 
       script:
 
       script:
 
-        - go run build/ci.go debsrc -signer "Go Ethereum Linux Builder <geth-ci@ethereum.org>" -upload ppa:ethereum/ethereum
 
+        - go run build/ci.go debsrc -upload ppa:ethereum/ethereum -sftp-user geth-ci -signer "Go Ethereum Linux Builder <geth-ci@ethereum.org>"
 
 
 
     # This builder does the Linux Azure uploads
 
     # This builder does the Linux Azure uploads
 
     - if: type = push
 
     - if: type = push

+ 10 - 3
build/ci-notes.md
View File 

@@ -7,11 +7,18 @@ Canonical.
 
 Packages of develop branch commits have suffix -unstable and cannot be installed alongside
 
 Packages of develop branch commits have suffix -unstable and cannot be installed alongside
 
 the stable version. Switching between release streams requires user intervention.
 
 the stable version. Switching between release streams requires user intervention.
 
 
 
+## Launchpad
 
+
 
 The packages are built and served by launchpad.net. We generate a Debian source package
 
 The packages are built and served by launchpad.net. We generate a Debian source package
 
 for each distribution and upload it. Their builder picks up the source package, builds it
 
 for each distribution and upload it. Their builder picks up the source package, builds it
 
 and installs the new version into the PPA repository. Launchpad requires a valid signature
 
 and installs the new version into the PPA repository. Launchpad requires a valid signature
 
-by a team member for source package uploads. The signing key is stored in an environment
 
-variable which Travis CI makes available to certain builds.
 
+by a team member for source package uploads.
 
+
 
+The signing key is stored in an environment variable which Travis CI makes available to
 
+certain builds. Since Travis CI doesn't support FTP, SFTP is used to transfer the
 
+packages. To set this up yourself, you need to create a Launchpad user and add a GPG key
 
+and SSH key to it. Then encode both keys as base64 and configure 'secret' environment
 
+variables `PPA_SIGNING_KEY` and `PPA_SSH_KEY` on Travis.
 
 
 
 We want to build go-ethereum with the most recent version of Go, irrespective of the Go
 
 We want to build go-ethereum with the most recent version of Go, irrespective of the Go
 
 version that is available in the main Ubuntu repository. In order to make this possible,
 
 version that is available in the main Ubuntu repository. In order to make this possible,
 
@@ -27,7 +34,7 @@ Add the gophers PPA and install Go 1.10 and Debian packaging tools:
 
 
 
     $ sudo apt-add-repository ppa:gophers/ubuntu/archive
 
     $ sudo apt-add-repository ppa:gophers/ubuntu/archive
 
     $ sudo apt-get update
 
     $ sudo apt-get update
 
-    $ sudo apt-get install build-essential golang-1.10 devscripts debhelper
 
+    $ sudo apt-get install build-essential golang-1.10 devscripts debhelper python-bzrlib python-paramiko
 
 
 
 Create the source packages:
 
 Create the source packages:

+ 39 - 17
build/ci.go
View File 

@@ -441,11 +441,8 @@ func archiveBasename(arch string, archiveVersion string) string {
 
 func archiveUpload(archive string, blobstore string, signer string) error {
 
 func archiveUpload(archive string, blobstore string, signer string) error {
 
 	// If signing was requested, generate the signature files
 
 	// If signing was requested, generate the signature files
 
 	if signer != "" {
 
 	if signer != "" {
 
-		pgpkey, err := base64.StdEncoding.DecodeString(os.Getenv(signer))
 
-		if err != nil {
 
-			return fmt.Errorf("invalid base64 %s", signer)
 
-		}
 
-		if err := build.PGPSignFile(archive, archive+".asc", string(pgpkey)); err != nil {
 
+		key := getenvBase64(signer)
 
+		if err := build.PGPSignFile(archive, archive+".asc", string(key)); err != nil {
 
 			return err
 
 			return err
 
 		}
 
 		}
 
 	}
 
 	}
 
@@ -489,6 +486,7 @@ func doDebianSource(cmdline []string) {
 
 	var (
 
 	var (
 
 		signer  = flag.String("signer", "", `Signing key name, also used as package author`)
 
 		signer  = flag.String("signer", "", `Signing key name, also used as package author`)
 
 		upload  = flag.String("upload", "", `Where to upload the source package (usually "ppa:ethereum/ethereum")`)
 
 		upload  = flag.String("upload", "", `Where to upload the source package (usually "ppa:ethereum/ethereum")`)
 
+		sshUser = flag.String("sftp-user", "", `Username for SFTP upload (usually "geth-ci")`)
 
 		workdir = flag.String("workdir", "", `Output directory for packages (uses temp dir if unset)`)
 
 		workdir = flag.String("workdir", "", `Output directory for packages (uses temp dir if unset)`)
 
 		now     = time.Now()
 
 		now     = time.Now()
 
 	)
 
 	)
 
@@ -498,11 +496,7 @@ func doDebianSource(cmdline []string) {
 
 	maybeSkipArchive(env)
 
 	maybeSkipArchive(env)
 
 
 
 	// Import the signing key.
 
 	// Import the signing key.
 
-	if b64key := os.Getenv("PPA_SIGNING_KEY"); b64key != "" {
 
-		key, err := base64.StdEncoding.DecodeString(b64key)
 
-		if err != nil {
 
-			log.Fatal("invalid base64 PPA_SIGNING_KEY")
 
-		}
 
+	if key := getenvBase64("PPA_SIGNING_KEY"); len(key) > 0 {
 
 		gpg := exec.Command("gpg", "--import")
 
 		gpg := exec.Command("gpg", "--import")
 
 		gpg.Stdin = bytes.NewReader(key)
 
 		gpg.Stdin = bytes.NewReader(key)
 
 		build.MustRun(gpg)
 
 		build.MustRun(gpg)
 
@@ -523,12 +517,45 @@ func doDebianSource(cmdline []string) {
 
 				build.MustRunCommand("debsign", changes)
 
 				build.MustRunCommand("debsign", changes)
 
 			}
 
 			}
 
 			if *upload != "" {
 
 			if *upload != "" {
 
-				build.MustRunCommand("dput", "--passive", "--no-upload-log", *upload, changes)
 
+				uploadDebianSource(*workdir, *upload, *sshUser, changes)
 
 			}
 
 			}
 
 		}
 
 		}
 
 	}
 
 	}
 
 }
 
 }
 
 
 
+func uploadDebianSource(workdir, ppa, sshUser, changes string) {
 
+	// Create the dput config file.
 
+	dputConfig := filepath.Join(workdir, "dput.cf")
 
+	p := strings.Split(ppa, "/")
 
+	if len(p) != 2 {
 
+		log.Fatal("-upload PPA name must contain single /")
 
+	}
 
+	templateData := map[string]string{
 
+		"LaunchpadUser": p[0],
 
+		"LaunchpadPPA":  p[1],
 
+		"LaunchpadSSH":  sshUser,
 
+	}
 
+	if sshkey := getenvBase64("PPA_SSH_KEY"); len(sshkey) > 0 {
 
+		idfile := filepath.Join(workdir, "sshkey")
 
+		ioutil.WriteFile(idfile, sshkey, 0600)
 
+		templateData["IdentityFile"] = idfile
 
+	}
 
+	build.Render("build/dput-launchpad.cf", dputConfig, 0644, templateData)
 
+
 
+	// Run dput to do the upload.
 
+	dput := exec.Command("dput", "-c", dputConfig, "--no-upload-log", ppa, changes)
 
+	dput.Stdin = strings.NewReader("Yes\n") // accept SSH host key
 
+	build.MustRun(dput)
 
+}
 
+
 
+func getenvBase64(variable string) []byte {
 
+	dec, err := base64.StdEncoding.DecodeString(os.Getenv(variable))
 
+	if err != nil {
 
+		log.Fatal("invalid base64 " + variable)
 
+	}
 
+	return []byte(dec)
 
+}
 
+
 
 func makeWorkdir(wdflag string) string {
 
 func makeWorkdir(wdflag string) string {
 
 	var err error
 
 	var err error
 
 	if wdflag != "" {
 
 	if wdflag != "" {
 
@@ -800,15 +827,10 @@ func doAndroidArchive(cmdline []string) {
 
 	os.Rename(archive, meta.Package+".aar")
 
 	os.Rename(archive, meta.Package+".aar")
 
 	if *signer != "" && *deploy != "" {
 
 	if *signer != "" && *deploy != "" {
 
 		// Import the signing key into the local GPG instance
 
 		// Import the signing key into the local GPG instance
 
-		b64key := os.Getenv(*signer)
 
-		key, err := base64.StdEncoding.DecodeString(b64key)
 
-		if err != nil {
 
-			log.Fatalf("invalid base64 %s", *signer)
 
-		}
 
+		key := getenvBase64(*signer)
 
 		gpg := exec.Command("gpg", "--import")
 
 		gpg := exec.Command("gpg", "--import")
 
 		gpg.Stdin = bytes.NewReader(key)
 
 		gpg.Stdin = bytes.NewReader(key)
 
 		build.MustRun(gpg)
 
 		build.MustRun(gpg)
 
-
 
 		keyID, err := build.PGPKeyID(string(key))
 
 		keyID, err := build.PGPKeyID(string(key))
 
 		if err != nil {
 
 		if err != nil {
 
 			log.Fatal(err)
 
 			log.Fatal(err)

+ 8 - 0
build/dput-launchpad.cf
View File 

@@ -0,0 +1,8 @@
 
+[{{.LaunchpadUser}}/{{.LaunchpadPPA}}]
 
+fqdn = ppa.launchpad.net
 
+method = sftp
 
+incoming = ~{{.LaunchpadUser}}/ubuntu/{{.LaunchpadPPA}}/
 
+login = {{.LaunchpadSSH}}
 
+{{ if .IdentityFile }}
 
+  ssh_options = IdentityFile {{.IdentityFile}}
 
+{{ end }}