Mercurial > hg
view contrib/packaging/dockerrpm @ 47206:c8001d9c26f5
pyoxidizer: support code signing
Newer versions of PyOxidizer feature built-in support for
code signing. You simply declare a code signer in the Starlark
configuration file, activate it for automatic signing, and
PyOxidizer will add code signatures to signable files as it
encounters them.
This commit teaches our Starlark configuration file to enable
automatic code signing. But only on Windows for the moment, as our
immediate goal is to overhaul the Windows packaging.
The feature is opt-in: you must pass variables to PyOxidizer's
build context via `pyoxidizer build --var` or
`pyoxidizer build --var-env` to activate code signing.
Differential Revision: https://phab.mercurial-scm.org/D10684
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Thu, 06 May 2021 16:04:24 -0700 |
| parents | e66a3bfcb19b |
| children | 4713bcf78037 |
line wrap: on
line source
#!/bin/bash -e BUILDDIR=$(dirname $0) export ROOTDIR=$(cd $BUILDDIR/../..; pwd) PLATFORM="$1" shift # extra params are passed to buildrpm DOCKERFILE="$PLATFORM" OS_RELEASE="${PLATFORM//[a-z]/}" case "$PLATFORM" in fedora*) DOCKERFILE="${PLATFORM//[0-9]/}.template" ;; esac DOCKER=$($BUILDDIR/hg-docker docker-path) CONTAINER=hg-docker-$PLATFORM if [[ -z "${HG_DOCKER_OWN_USER}" ]]; then DOCKERUID=1000 DOCKERGID=1000 else DOCKERUID=$(id -u) DOCKERGID=$(id -g) fi $BUILDDIR/hg-docker build \ --build-arg UID=$DOCKERUID \ --build-arg GID=$DOCKERGID \ --build-arg OS_RELEASE=${OS_RELEASE:-latest} \ $BUILDDIR/docker/$DOCKERFILE $CONTAINER RPMBUILDDIR=$ROOTDIR/packages/$PLATFORM mkdir -p $RPMBUILDDIR $ROOTDIR/contrib/packaging/buildrpm --rpmbuilddir $RPMBUILDDIR --prepare $* DSHARED=/mnt/shared DBUILDUSER=build $DOCKER run -e http_proxy -e https_proxy -u $DBUILDUSER --rm -v $RPMBUILDDIR:$DSHARED $CONTAINER \ rpmbuild --define "_topdir $DSHARED" -ba $DSHARED/SPECS/mercurial.spec --clean $DOCKER run -e http_proxy -e https_proxy -u $DBUILDUSER --rm -v $RPMBUILDDIR:$DSHARED $CONTAINER \ createrepo $DSHARED cat << EOF > $RPMBUILDDIR/mercurial.repo # Place this file in /etc/yum.repos.d/mercurial.repo [mercurial] name=Mercurial packages for $PLATFORM # baseurl=file://$RPMBUILDDIR/ baseurl=http://hg.example.com/build/$PLATFORM/ skip_if_unavailable=True gpgcheck=0 enabled=1 EOF echo echo "Build complete - results can be found in $RPMBUILDDIR"