--- /dev/null
+---
+
+variables:
+ PKG_NAME: 'some_python_package'
+ TEST_LOCALES: 'en_US.UTF-8 de_DE.UTF-8'
+ USED_LC: 'en_US.utf8'
+ USED_YUM_REPO_GPG_PASSWD: ''
+ USED_YUM_REPO_GPG_KEY_PUB: 'nada'
+ USED_YUM_REPO_GPG_KEY_SEC: ''
+ YUM: 'dnf'
+ YUM_REPO_GPG_ID: 'C0E73F70'
+
+#---------------------------
+.setup-sign-environment:
+ stage: sign
+ rules:
+ - if: '$CI_COMMIT_TAG'
+ - if: $CI_COMMIT_BRANCH == "master"
+ - if: $CI_COMMIT_BRANCH == "main"
+ - if: $CI_COMMIT_BRANCH == "test"
+ - if: $CI_COMMIT_BRANCH =~ /test-.*/
+ - if: $CI_COMMIT_BRANCH =~ /build.*/
+ - if: $CI_COMMIT_BRANCH == "develop"
+ tags:
+ - docker
+ artifacts:
+ name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME"
+ paths:
+ - rpmdir/RPMS/*/*.rpm
+ - rpmdir/SRPMS/*.src.rpm
+ expire_in: '1 week'
+ image: dokken/centos-stream-8
+ script:
+ - |
+ echo "All locales"
+ locale -a
+ - |
+ echo -e "\e[0Ksection_start:$( date +%s ):install_locales[collapsed=true]\r\e[0KConfiguring and installing locales ..."
+ if [[ -n "${TEST_LOCALES}" ]] ; then
+ if echo "${TEST_LOCALES}" | grep -w 'en_US.UTF-8' >/dev/null ; then
+ USED_LOCALES="${TEST_LOCALES}"
+ else
+ USED_LOCALES="en_US.UTF-8 ${TEST_LOCALES}"
+ fi
+ else
+ USED_LOCALES="en_US.UTF-8"
+ fi
+ packages="glibc-all-langpacks"
+ for locale in ${TEST_LOCALES} ; do
+ my_locale=$( echo "${locale}" | cut -d. -f1 )
+ if [[ "${my_locale}" =~ ^en_GB|pt_BR|zh_CN|zh_TW$ ]] ; then
+ lang="${my_locale}"
+ else
+ lang=$( echo "${my_locale}" | cut -d_ -f1 )
+ fi
+ langpack="langpacks-${lang}"
+ if echo "${packages}" | grep -w "${langpack}" >/dev/null ; then
+ :
+ else
+ packages+=" ${langpack}"
+ fi
+ done
+ echo "Packages to install: ${packages}"
+ ${YUM} --assumeyes install ${packages}
+ echo -e "\e[0Ksection_end:$( date +%s ):install_locales\r\e[0K"
+ - |
+ echo -e "\e[0Ksection_start:$( date +%s ):all_locales[collapsed=true]\r\e[0KAll locales"
+ echo "All locales"
+ locale -a
+ echo
+ echo "locales:"
+ locale
+ echo -e "\e[0Ksection_end:$( date +%s ):all_locales\r\e[0K"
+ - |
+ echo
+ echo "Exporting LC_ALL ..."
+ export LC_ALL="${USED_LC}"
+ export LANG="${USED_LC}"
+ echo
+ echo "locales:"
+ locale
+ - |
+ echo -e "\e[0Ksection_start:$( date +%s ):yum_upgrade[collapsed=true]\r\e[0KExecuting: ${YUM} upgrade ..."
+ ${YUM} --assumeyes upgrade
+ echo -e "\e[0Ksection_end:$( date +%s ):yum_upgrade\r\e[0K"
+ - |
+ echo -e "\e[0Ksection_start:$( date +%s ):install_additional[collapsed=true]\r\e[0KExecuting: Installing additional packages ..."
+ install_packages="rpm-sign expect"
+ echo "Additonal packages to install: ${install_packages}"
+ ${YUM} --assumeyes install ${install_packages}
+ echo -e "\e[0Ksection_end:$( date +%s ):install_additional\r\e[0K"
+ - |
+ echo "Generating $HOME/.rpmmacros ..."
+ GPG_CMD="gpg --verbose --no-armor --batch --pinentry-mode loopback --no-secmem-warning"
+ GPG_CMD+=" --passphrase '${USED_YUM_REPO_GPG_PASSWD}'"
+ GPG_CMD+=" -u \"%{_gpg_name}\" -sbo %{__signature_filename} %{__plaintext_filename}"
+ echo
+ echo "%__python3 /bin/python${PYTHON_VERSION_DOT}" > "${HOME}/.rpmmacros"
+ echo "%_signature gpg" >> "${HOME}/.rpmmacros"
+ echo "%_gpg_name ${YUM_REPO_GPG_ID}" >> "${HOME}/.rpmmacros"
+ echo "%__gpg_sign_cmd %{__gpg} ${GPG_CMD}" >> "${HOME}/.rpmmacros"
+ echo "Generated $HOME/.rpmmacros:"
+ echo "--------->"
+ cat $HOME/.rpmmacros
+ echo "<---------"
+ echo
+ - |
+ echo "Tweaking /usr/lib/rpm/rpmpopt-* ..."
+ ls -l /usr/lib/rpm/rpmpopt-*
+ rpmoptfile=$( ls -1 /usr/lib/rpm/rpmpopt-* | head -n 1 )
+ rpmoptfile_base=$( basename "${rpmoptfile}" )
+ rpmoptfile_dir=$( dirname "${rpmoptfile}" )
+ rpmoptfile_bak="${rpmoptfile_dir}/.~${rpmoptfile_base}.bak"
+ cp -v -i "${rpmoptfile}" "${rpmoptfile_bak}"
+ sed -i -e 's/\(--addsign.*\) <.*/\1\x27 \\/' "${rpmoptfile}"
+ ls -l "${rpmoptfile}" "${rpmoptfile_bak}"
+ diff -u "${rpmoptfile_bak}" "${rpmoptfile}" || true
+ echo
+ - |
+ echo
+ echo "Importing public GPG key ..."
+ echo "${USED_YUM_REPO_GPG_KEY_PUB}" | gpg --import
+ gpg --list-public-keys
+ - |
+ echo
+ echo "Importing secret GPG key ..."
+ pw='******'
+ sec_key='******** Secret key ********'
+ if [[ -z "${USED_YUM_REPO_GPG_PASSWD}" ]] ; then
+ pw=''
+ fi
+ if [[ -z "${USED_YUM_REPO_GPG_KEY_SEC}" ]] ; then
+ sec_key=''
+ fi
+ echo "echo '${sec_key}' | gpg --import --batch --pinentry-mode loopback --passphrase '${pw}'"
+ echo "${USED_YUM_REPO_GPG_KEY_SEC}" | gpg --import --batch --pinentry-mode loopback --passphrase "${USED_YUM_REPO_GPG_PASSWD}"
+ gpg --list-secret-keys
+ - |
+ echo
+ echo "Signing packages ..."
+ for f in $( find rpmdir -type f -iname "*.rpm" ) ; do
+ echo " * ${f} ..."
+ echo "Checking existing signature:"
+ rpm --checksig "${f}" || true
+ rpmsign --addsign "${f}"
+ echo "Checking new signature:"
+ rpm --checksig "${f}" || true
+ echo "Show signature:"
+ rpm -q --qf '%{SIGPGP:pgpsig} %{SIGGPG:pgpsig}\n' -p "${f}" || true
+ done
+ - |
+ echo "Results:"
+ find rpmdir/*RPMS -type f -print0 | xargs --null --no-run-if-empty ls -l -d --color=always
+
+# vim: et tabstop=2 expandtab shiftwidth=2 softtabstop=2 list
projects / pixelpark / python-packaging.git / commitdiff