Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a Linux .deb installer CI workflow #164

Merged
merged 12 commits into from
Sep 14, 2020
Merged

Add a Linux .deb installer CI workflow #164

Changes from 1 commit
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
9f9f8d4
Start a build-installers GH workflow
Sep 10, 2020
099b350
Add explicit framework
Sep 10, 2020
e03468b
Simplify Linux build script into just build.sh
kyle-rader Sep 10, 2020
9d67e3f
Add steps to create .deb package distro
kyle-rader Sep 10, 2020
2f2f90a
Build Linux.Payload specifically
kyle-rader Sep 10, 2020
57c30d9
Add pre build step
kyle-rader Sep 10, 2020
af514c7
Copy steps from working ci pipeline
kyle-rader Sep 10, 2020
7278801
Try also running tests
kyle-rader Sep 10, 2020
5aea589
Use force
kyle-rader Sep 10, 2020
3cc63f3
build with inherit restore
kyle-rader Sep 10, 2020
2a813f1
Clean up entire payload dir on build and publish deb and tar files.
kyle-rader Sep 11, 2020
3e56e9a
Only remove Payloud as Payload.Linux is built by the parent cs proj a…
kyle-rader Sep 11, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 39 additions & 12 deletions src/linux/Payload.Linux/build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,8 @@ ROOT="$( cd "$THISDIR"/../../.. ; pwd -P )"
SRC="$ROOT/src"
OUT="$ROOT/out"
GCM_SRC="$SRC/shared/Git-Credential-Manager"
PAYLOAD_SRC="$SRC/linux/Payload.Linux"
PAYLOAD_OUT="$OUT/linux/Payload.Linux"
# PAYLOAD_SRC="$SRC/linux/Payload.Linux"
kyle-rader marked this conversation as resolved.
Show resolved Hide resolved
PAYLOAD_OUT="$OUT/linux/"

# Build parameters
FRAMEWORK=netcoreapp3.1
Expand All @@ -57,29 +57,34 @@ if [ -z "$VERSION" ]; then
die "--version was not set"
fi

PAYLOAD="$PAYLOAD_OUT/tar/$CONFIGURATION/payload"
ARCH="`dpkg-architecture -q DEB_HOST_ARCH`"
if test -z "$ARCH"; then
die "Could not determine host architecture!"
fi

PAYLOAD="$PAYLOAD_OUT/payload/$CONFIGURATION"
TAROUT="$PAYLOAD_OUT/gcmcore-linux_$ARCH.$CONFIGURATION.$VERSION.tar.gz"
DEBPKG="$PAYLOAD_OUT/gcmcore-linux/"
DEBOUT="$PAYLOAD_OUT/gcmcore-linux_$ARCH.$CONFIGURATION.$VERSION.deb"
SYMBOLOUT="$PAYLOAD.sym"
TAROUT="$PAYLOAD_OUT/tar/$CONFIGURATION/gcmcore-linux-x86_64-$VERSION.tar.gz"
DEBOUT="$PAYLOAD_OUT/gcmcore.x86_64.$CONFIGURATION.$VERSION"

# Layout and pack
# Cleanup any old payload directory
if [ -d "$PAYLOAD" ]; then
echo "Cleaning old payload directory '$PAYLOAD'..."
rm -rf "$PAYLOAD"
fi

# Ensure payload and symbol directories exists
mkdir -p "$PAYLOAD" "$SYMBOLOUT"
# Ensure directories exists
mkdir -p "$PAYLOAD" "$SYMBOLOUT" "$DEBPKG"

# Publish core application executables
echo "Publishing core application..."
dotnet publish "$GCM_SRC" \
--configuration="$CONFIGURATION" \
--framework="$FRAMEWORK" \
--runtime="$RUNTIME" \
--self-contained \
/p:PublishSingleFile \ # maybe also add /p:Version="$VERSION"
--self-contained=true \
"/p:PublishSingleFile=True" \
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've thought about making GCM Core a .NET Core "single-file" on all platforms recently actually.
Perhaps we should look at setting this in the shared/Git-Credential-Manager project file directly?

One issue however with the single-file model is that of signing. As I understand it, the single-file format is basically a self extracting archive, that extracts to some location and then forwards execution to this extracted location.

The binaries inside the archive (ELF on Linux, Mach-O on macOS, and PE on Windows) will not be themselves signed. Is this an issue? I know Gatekeeper on Mac can be unhappy to run executables, and also there's Apple Notarization. For Windows I know theres some groups inside of MSFT that require all signed binaries on their build machines too.

For Linux this is less an issue of course, since there's no equivalent to Authenticode or Apple Signing for ELF and the disjointed Linux world, AFAIK.

So perhaps what I'm saying is I've just talked myself out of changing this for all projects 😆

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CloudBuild is moving to requiring all binaries be signed IIRC so I would expect that to eventually be an issue if using gcm core to auth in cloud build (windows). This is an excellent question I'll see if I find the answer to.

--output="$(make_absolute "$PAYLOAD")" || exit 1

# Collect symbols
Expand Down Expand Up @@ -107,10 +112,32 @@ echo "Setting file permissions..."

# Build tarball
echo "Building archive..."
cd "$PAYLOAD"
pushd "$PAYLOAD"
tar -czvf "$TAROUT" * || exit 1
popd

# Build .deb
# TODO
INSTALL_TO="$DEBPKG/usr/bin/"
mkdir -p "$DEBPKG/DEBIAN" "$INSTALL_TO"

# make the debian control file
cat >"$DEBPKG/DEBIAN/control" <<EOF
Package: gcmcore
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: do we want the package to be gcmcore or gcm-core or git-credential-manager-core?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mjcheetham I'm guessing we should follow the precedent for the windows and mac distro naming? Which I think is git-credential-manager-core ?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are alias supported? I realise git-credential-manager-core is a mouthful, but it is the official name (and I'm a stickler for formalities 😛)..

Version: $VERSION
Section: vcs
Priority: optional
Architecture: $ARCH
Depends:
Maintainer: GCM-Core <gcmcore@microsoft.com>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a real email address?

Copy link
Contributor Author

@kyle-rader kyle-rader Sep 11, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not yet. But I figured we should create a legit public support email. Happy to create it and add us as owners. I noticed the email used in creating the git-vfs package uses a fake email like gitvfs@exmaple.com or something.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gcmsupport@microsoft.com is a real email. We can use this. It forwards to the team.

Copy link
Collaborator

@mjcheetham mjcheetham Sep 14, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh and https://aka.ms/gcmcore is also a short-link that we own (it redirects to the repository page on GitHub). We also own https://github.com/GitCredentialManager, but this organisation cannot host any code repositories but only contact or readme information, per Microsoft OSS policy.

Description: Cross Platform Git-Credential-Manager-Core command line utility.
Linux build of the GCM-Core project to support auth with a number of
git hosting providers including GitHub, BitBucket, and Azure DevOps.
Hosted at https://github.com/microsoft/Git-Credential-Manager-Core
EOF

# Copy single binary to target installation location
cp "$PAYLOAD/git-credential-manager-core" "$INSTALL_TO"

dpkg-deb --build "$DEBPKG" "$DEBOUT"

echo "Pack complete."
kyle-rader marked this conversation as resolved.
Show resolved Hide resolved