From 72cfb458af6e38aaf0db033d0a6d4ea0a4c048b6 Mon Sep 17 00:00:00 2001 From: Nadav Ivgi Date: Tue, 22 Sep 2020 08:06:06 +0300 Subject: [PATCH] ci: Report reproducible release SHASUMS on Travis --- .travis.yml | 8 ++++++++ README.md | 11 +++++++++++ scripts/release-footer.md | 6 +++++- scripts/release.sh | 2 +- 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 30f2598..25cc517 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,3 +10,11 @@ script: - ./scripts/check.sh - cargo clippy --all-targets --all-features - ./test/tests.sh + + # Report reproducible builds shasums + - > + docker build -t bwt-builder -f scripts/builder.Dockerfile . && + docker run -v `pwd`:/usr/src/bwt bwt-builder && + echo '-----BEGIN SHA256SUM-----' && + (cd dist && sha256sum *) | sort && + echo '' diff --git a/README.md b/README.md index f263d19..fa726ef 100644 --- a/README.md +++ b/README.md @@ -1204,6 +1204,17 @@ $ docker run -it --rm -v `pwd`:/usr/src/bwt bwt-builder $ sha256sum dist/* ``` +The builds are [reproduced on Travis CI](https://travis-ci.org/github/shesek/bwt). The SHA256 checksums are available at the end of the build log. + +You can get the checksums for the latest stable release via the API as follows: + +```bash +$ jobid=$(curl -s 'https://api.travis-ci.org/v3/repo/shesek%2Fbwt/builds?branch.name=stable&sort_by=started_at:desc&limit=1' | jq -r '.builds[0].jobs[0].id') +$ curl -s https://api.travis-ci.org/v3/job/$jobid/log.txt | sed -nr '/^-----BEGIN SHA256SUM-----\s*$/{:a;n;/^\s*$/q;p;ba}' +``` + +> Verifying the checksums against the CI is highly recommended. + ## Thanks - [@romanz](https://github.com/romanz)'s [electrs](https://github.com/romanz/electrs) for the fantastic electrum server implementation that bwt is based on. diff --git a/scripts/release-footer.md b/scripts/release-footer.md index 1c2b594..4c66892 100644 --- a/scripts/release-footer.md +++ b/scripts/release-footer.md @@ -22,7 +22,11 @@ You should see `Good signature from "Nadav Ivgi " ... Primary #### Reproducible builds -The builds are fully reproducible. See [more details here](https://github.com/shesek/bwt#reproducible-builds). +The builds are fully reproducible. + +You can verify the checksums against [the builds made on Travis CI](https://travis-ci.org/github/shesek/bwt) -- **doing so is highly recommended!** + +See [more details here](https://github.com/shesek/bwt#reproducible-builds). #### Electrum plugin diff --git a/scripts/release.sh b/scripts/release.sh index b4dcf50..9b8b85d 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -44,7 +44,7 @@ if [ -z "$SKIP_BUILD" ]; then fi echo Making SHA256SUMS... - (cd dist && sha256sum *) | gpg --clearsign --digest-algo sha256 > SHA256SUMS.asc + (cd dist && sha256sum *) | sort | gpg --clearsign --digest-algo sha256 > SHA256SUMS.asc fi