Add package signing script to the CI pipeline #4399
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #4399 +/- ##
==========================================
+ Coverage 85.05% 85.28% +0.22%
==========================================
Files 550 550
Lines 33861 33861
==========================================
+ Hits 28802 28878 +76
+ Misses 5059 4983 -76 ☔ View full report in Codecov by Sentry. |
jacekwegr
force-pushed
the
sign-mim-packages
branch
from
f7e1e5a to
505f344
Compare
This comment was marked as outdated.
This comment was marked as outdated.
jacekwegr
force-pushed
the
sign-mim-packages
branch
from
505f344 to
261c985
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
jacekwegr
force-pushed
the
sign-mim-packages
branch
4 times, most recently
from
47fccd1 to
cf287d7
Compare
This comment was marked as outdated.
This comment was marked as outdated.
jacekwegr
force-pushed
the
sign-mim-packages
branch
from
cf287d7 to
edcf6aa
Compare
This comment was marked as outdated.
This comment was marked as outdated.
jacekwegr
changed the title
jacekwegr
force-pushed
the
sign-mim-packages
branch
from
17ac4f7 to
8a63e0b
Compare
This comment was marked as outdated.
This comment was marked as outdated.
jacekwegr
force-pushed
the
sign-mim-packages
branch
from
8a63e0b to
b62815a
Compare
This comment was marked as outdated.
This comment was marked as outdated.
jacekwegr
force-pushed
the
sign-mim-packages
branch
from
b62815a to
c4c541a
Compare
This comment was marked as outdated.
This comment was marked as outdated.
jacekwegr
force-pushed
the
sign-mim-packages
branch
from
c4c541a to
0a1aa08
Compare
This comment was marked as outdated.
This comment was marked as outdated.
jacekwegr
force-pushed
the
sign-mim-packages
branch
from
0a1aa08 to
8feacb2
Compare
This comment was marked as outdated.
This comment was marked as outdated.
jacekwegr
force-pushed
the
sign-mim-packages
branch
from
8feacb2 to
21ebb26
Compare
jacekwegr
force-pushed
the
sign-mim-packages
branch
from
21ebb26 to
06a1b70
Compare
This comment was marked as outdated.
This comment was marked as outdated.
jacekwegr
changed the title
This comment was marked as outdated.
This comment was marked as outdated.
jacekwegr
force-pushed
the
sign-mim-packages
branch
from
5a4d264 to
29a7cdb
Compare
This comment was marked as outdated.
This comment was marked as outdated.
jacekwegr
force-pushed
the
sign-mim-packages
branch
from
29a7cdb to
d2ec36d
Compare
jacekwegr
force-pushed
the
sign-mim-packages
branch
from
d2ec36d to
290aaec
Compare
|
elasticsearch_and_cassandra_27 / elasticsearch_and_cassandra_mnesia / 290aaec small_tests_27 / small_tests / 290aaec small_tests_26 / small_tests / 290aaec small_tests_27_arm64 / small_tests / 290aaec ldap_mnesia_26 / ldap_mnesia / 290aaec ldap_mnesia_27 / ldap_mnesia / 290aaec internal_mnesia_27 / internal_mnesia / 290aaec pubsub_SUITE:dag+basic:publish_test{error,{{badmatch,false},
[{pubsub_tools,check_response,2,
[{file,"/home/circleci/project/big_tests/tests/pubsub_tools.erl"},
{line,444}]},
{pubsub_tools,receive_response,3,
[{file,"/home/circleci/project/big_tests/tests/pubsub_tools.erl"},
{line,434}]},
{pubsub_tools,receive_and_check_response,4,
[{file,"/home/circleci/project/big_tests/tests/pubsub_tools.erl"},
{line,424}]},
{pubsub_SUITE,'-publish_test/1-fun-0-',1,
[{file,"/home/circleci/project/big_tests/tests/pubsub_SUITE.erl"},
{line,453}]},
{escalus_story,story,4,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,72}]},
{test_server,ts_tc,3,[{file,"test_server.erl"},{line,1794}]},
{test_server,run_test_case_eval1,6,
[{file,"test_server.erl"},{line,1303}]},
{test_server,run_test_case_eval,9,
[{file,"test_server.erl"},{line,1235}]}]}}dynamic_domains_pgsql_mnesia_27 / pgsql_mnesia / 290aaec pgsql_cets_27 / pgsql_cets / 290aaec dynamic_domains_mysql_redis_27 / mysql_redis / 290aaec dynamic_domains_pgsql_mnesia_26 / pgsql_mnesia / 290aaec dynamic_domains_mssql_mnesia_27 / odbc_mssql_mnesia / 290aaec mysql_redis_27 / mysql_redis / 290aaec pgsql_mnesia_26 / pgsql_mnesia / 290aaec pgsql_mnesia_27 / pgsql_mnesia / 290aaec bosh_SUITE:essential_https:accept_higher_hold_value{error,
{{assertEqual,
[{module,bosh_SUITE},
{line,261},
{expression,"get_bosh_sessions ( )"},
{expected,[]},
{value,
[{bosh_session,<<"3d58bcfc8ec92ce9f46f1dffe52e7a336be4db4d">>,
<10428.10587.0>}]}]},
[{bosh_SUITE,accept_higher_hold_value,1,
[{file,"/home/circleci/project/big_tests/tests/bosh_SUITE.erl"},
{line,261}]},
{test_server,ts_tc,3,[{file,"test_server.erl"},{line,1794}]},
{test_server,run_test_case_eval1,6,
[{file,"test_server.erl"},{line,1303}]},
{test_server,run_test_case_eval,9,
[{file,"test_server.erl"},{line,1235}]}]}}cockroachdb_cets_27 / cockroachdb_cets / 290aaec mssql_mnesia_27 / odbc_mssql_mnesia / 290aaec disco_and_caps_SUITE:disco_with_caps:user_can_query_friend_features{error,{{assertion_failed,assert_many,false,[is_roster_set],[],[]},
[{escalus_new_assert,assert_true,2,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_new_assert.erl"},
{line,84}]},
{escalus_story,'-make_all_clients_friends/1-fun-0-',2,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,108}]},
{escalus_utils,'-each_with_index/3-fun-0-',3,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_utils.erl"},
{line,87}]},
{lists,foldl_1,3,[{file,"lists.erl"},{line,2151}]},
{escalus_utils,'-each_with_index/3-fun-0-',3,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_utils.erl"},
{line,87}]},
{lists,foldl,3,[{file,"lists.erl"},{line,2146}]},
{escalus_utils,distinct_pairs,2,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_utils.erl"},
{line,60}]},
{escalus_story,make_all_clients_friends,1,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,106}]}]}}disco_and_caps_SUITE:disco_with_caps:user_can_query_friend_resources{error,{{assertion_failed,assert_many,false,[is_roster_set],[],[]},
[{escalus_new_assert,assert_true,2,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_new_assert.erl"},
{line,84}]},
{escalus_story,'-make_all_clients_friends/1-fun-0-',2,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,108}]},
{escalus_utils,'-each_with_index/3-fun-0-',3,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_utils.erl"},
{line,87}]},
{lists,foldl_1,3,[{file,"lists.erl"},{line,2151}]},
{escalus_utils,'-each_with_index/3-fun-0-',3,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_utils.erl"},
{line,87}]},
{lists,foldl,3,[{file,"lists.erl"},{line,2146}]},
{escalus_utils,distinct_pairs,2,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_utils.erl"},
{line,60}]},
{escalus_story,make_all_clients_friends,1,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,106}]}]}}disco_and_caps_SUITE:disco_with_caps:user_cannot_query_friend_resources_with_unknown_node{error,{{assertion_failed,assert_many,false,[is_roster_set,is_presence],[],[]},
[{escalus_new_assert,assert_true,2,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_new_assert.erl"},
{line,84}]},
{escalus_story,'-make_all_clients_friends/1-fun-0-',2,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,111}]},
{escalus_utils,'-each_with_index/3-fun-0-',3,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_utils.erl"},
{line,87}]},
{lists,foldl_1,3,[{file,"lists.erl"},{line,2151}]},
{escalus_utils,'-each_with_index/3-fun-0-',3,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_utils.erl"},
{line,87}]},
{lists,foldl,3,[{file,"lists.erl"},{line,2146}]},
{escalus_utils,distinct_pairs,2,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_utils.erl"},
{line,60}]},
{escalus_story,make_all_clients_friends,1,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,106}]}]}}internal_mnesia_27 / internal_mnesia / 290aaec pgsql_mnesia_27 / pgsql_mnesia / 290aaec mssql_mnesia_27 / odbc_mssql_mnesia / 290aaec pgsql_cets_27 / pgsql_cets / 290aaec |
Summary
This PR adds package signing to the CI pipeline within the Docker containers used for building. It also updates the previously used signing tool for
.debpackages.Key Changes
Package Signing
Switch to
debsigsfor.debPackage Signingdpkg-sigwithdebsigsas the signing tool for.debpackages.dpkg-sigdoes not support thezstdcompression standard, is unavailable on Debian >= 12 and Ubuntu >= 23.10 and appears to be no longer maintained.debsigssupportszstd, is actively maintained and is compatible with newer Ubuntu/Debian versions.debsigsrequires a workaround for older Ubuntu/Debian versions (we need version >0.2 to use--gpgoptsoption). A similar workaround would also be required fordpkg-sigto work with newer versions, makingdebsigsthe better long-term choice.Environment Variables
GPG_PUBLIC_KEYGPG_PRIVATE_KEYGPG_PASS# syntax=docker/dockerfile:1was added to the Dockerfile to use the latest Dockerfile syntax.