Mercurial > hg-stable
view contrib/packaging/buildrpm @ 47217:c8001d9c26f5
pyoxidizer: support code signing
Newer versions of PyOxidizer feature built-in support for
code signing. You simply declare a code signer in the Starlark
configuration file, activate it for automatic signing, and
PyOxidizer will add code signatures to signable files as it
encounters them.
This commit teaches our Starlark configuration file to enable
automatic code signing. But only on Windows for the moment, as our
immediate goal is to overhaul the Windows packaging.
The feature is opt-in: you must pass variables to PyOxidizer's
build context via `pyoxidizer build --var` or
`pyoxidizer build --var-env` to activate code signing.
Differential Revision: https://phab.mercurial-scm.org/D10684
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Thu, 06 May 2021 16:04:24 -0700 |
parents | 97205cf0ee4d |
children |
line wrap: on
line source
#!/bin/bash -e # # Build a Mercurial RPM from the current repo, mainly for Fedora/CentOS/RHEL . $(dirname $0)/packagelib.sh BUILD=1 RPMBUILDDIR="$PWD/rpmbuild" PYTHONEXE=python3 DOCUTILSPACKAGE=python3-docutils while [ "$1" ]; do case "$1" in --prepare ) shift BUILD= ;; --python) shift PYTHONEXE=$1 shift ;; --withpython | --with-python) shift PYTHONVER=2.7.16 PYTHONMD5=f1a2ace631068444831d01485466ece0 PYTHONEXE=python ;; --docutilspackage) shift DOCUTILSPACKAGE="$1" shift ;; --rpmbuilddir ) shift RPMBUILDDIR="$1" shift ;; * ) echo "Invalid parameter $1!" 1>&2 exit 1 ;; esac done cd "`dirname $0`/../.." specfile=$PWD/contrib/packaging/mercurial.spec if [ ! -f $specfile ]; then echo "Cannot find $specfile!" 1>&2 exit 1 fi if [ ! -d .hg ]; then echo 'You are not inside a Mercurial repository!' 1>&2 exit 1 fi gethgversion $PYTHONEXE if [ -z "$type" ] ; then release=1 else release=0.9_$type fi if [ -n "$distance" ] ; then release=$release+${distance}_${node} fi if [ "$PYTHONVER" ]; then release=$release+$PYTHONVER RPMPYTHONVER=$PYTHONVER else RPMPYTHONVER=%{nil} fi mkdir -p $RPMBUILDDIR/{SOURCES,BUILD,SRPMS,RPMS} $PYTHONEXE $HG archive -t tgz $RPMBUILDDIR/SOURCES/mercurial-$version-$release.tar.gz if [ "$PYTHONVER" ]; then ( mkdir -p build cd build PYTHON_SRCFILE=Python-$PYTHONVER.tgz [ -f $PYTHON_SRCFILE ] || curl -Lo $PYTHON_SRCFILE http://www.python.org/ftp/python/$PYTHONVER/$PYTHON_SRCFILE if [ "$PYTHONMD5" ]; then echo "$PYTHONMD5 $PYTHON_SRCFILE" | md5sum -w -c fi ln -f $PYTHON_SRCFILE $RPMBUILDDIR/SOURCES/$PYTHON_SRCFILE DOCUTILSVER=`sed -ne "s/^%global docutilsname docutils-//p" $specfile` DOCUTILS_SRCFILE=docutils-$DOCUTILSVER.tar.gz [ -f $DOCUTILS_SRCFILE ] || curl -Lo $DOCUTILS_SRCFILE http://downloads.sourceforge.net/project/docutils/docutils/$DOCUTILSVER/$DOCUTILS_SRCFILE DOCUTILSMD5=`sed -ne "s/^%global docutilsmd5 //p" $specfile` if [ "$DOCUTILSMD5" ]; then echo "$DOCUTILSMD5 $DOCUTILS_SRCFILE" | md5sum -w -c fi ln -f $DOCUTILS_SRCFILE $RPMBUILDDIR/SOURCES/$DOCUTILS_SRCFILE ) fi mkdir -p $RPMBUILDDIR/SPECS rpmspec=$RPMBUILDDIR/SPECS/mercurial.spec sed -e "s,^Version:.*,Version: $version," \ -e "s,^Release:.*,Release: $release," \ -e "s/^%global pythonexe .*/%global pythonexe $PYTHONEXE/" \ $specfile > $rpmspec echo >> $rpmspec echo "%changelog" >> $rpmspec if echo $version | grep '+' > /dev/null 2>&1; then latesttag="`echo $version | sed -e 's/+.*//'`" $PYTHONEXE $HG log -r .:"$latesttag" -fM \ --template '{date|hgdate}\t{author}\t{desc|firstline}\n' | python -c ' import sys, time def datestr(date, format): return time.strftime(format, time.gmtime(float(date[0]) - date[1])) changelog = [] for l in sys.stdin.readlines(): tok = l.split("\t") hgdate = tuple(int(v) for v in tok[0].split()) changelog.append((datestr(hgdate, "%F"), tok[1], hgdate, tok[2])) prevtitle = "" for l in sorted(changelog, reverse=True): title = "* %s %s" % (datestr(l[2], "%a %b %d %Y"), l[1]) if prevtitle != title: prevtitle = title print print(title) print("- %s" % l[3].strip()) ' >> $rpmspec else $PYTHONEXE $HG log \ --template '{date|hgdate}\t{author}\t{desc|firstline}\n' \ .hgtags | $PYTHONEXE -c ' import sys, time def datestr(date, format): return time.strftime(format, time.gmtime(float(date[0]) - date[1])) for l in sys.stdin.readlines(): tok = l.split("\t") hgdate = tuple(int(v) for v in tok[0].split()) print("* %s %s\n- %s" % (datestr(hgdate, "%a %b %d %Y"), tok[1], tok[2])) ' >> $rpmspec fi sed -i \ -e "s/^%define withpython.*$/%define withpython $RPMPYTHONVER/" \ $rpmspec sed -i \ -e "s/^%global pythondocutils.*$/%global pythondocutils $DOCUTILSPACKAGE/" \ $rpmspec if [ "$BUILD" ]; then rpmbuild --define "_topdir $RPMBUILDDIR" -ba $rpmspec --clean if [ $? = 0 ]; then echo echo "Built packages for $version-$release:" find $RPMBUILDDIR/*RPMS/ -type f -newer $rpmspec fi else echo "Prepared sources for $version-$release $rpmspec are in $RPMBUILDDIR/SOURCES/ - use like:" echo "rpmbuild --define '_topdir $RPMBUILDDIR' -ba $rpmspec --clean" fi