diff --git a/.copr/Makefile b/.copr/Makefile index 3e9b524..445f283 100644 --- a/.copr/Makefile +++ b/.copr/Makefile @@ -3,7 +3,7 @@ SHELL := bash source: - dnf -y install cmake gcc gcc-c++ + dnf -y install cmake gcc gcc-c++ openssl cmake --fresh -DBUILD_RPMS=ON -B build -S . cmake --build build --target srpm diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ea6f488..1abe0b4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,10 +8,6 @@ on: jobs: release-ci: runs-on: ubuntu-latest - outputs: - version: ${{ steps.get_metadata.outputs.version }} - tag: ${{ steps.get_metadata.outputs.tag }} - to_release: ${{ steps.newtag.outputs.to_release }} steps: - name: Local checkout @@ -20,15 +16,15 @@ jobs: - name: Install CI dependencies run: | sudo apt-get update - sudo apt-get -y -qq install cmake g++ gcc + sudo apt-get -y -qq install cmake openssl g++ gcc - name: Get latest package metadata id: get_metadata run: | cmake --fresh -B build -S . echo "tag=v$(cat build/version)" >> $GITHUB_OUTPUT - echo "version=$(cat build/version)" >> $GITHUB_OUTPUT - + echo "hash=$(sha256sum build/hash | sed 's/\s.*//g')" >> $GITHUB_OUTPUT + - name: Check if package version has corresponding git tag id: tagged shell: bash @@ -43,16 +39,17 @@ jobs: id: newtag if: steps.tagged.outputs.tagged == 0 run: | - git tag ${{ steps.get_metadata.outputs.tag }} \ + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git tag -a ${{ steps.get_metadata.outputs.tag }} \ + -m "New cert chain was released" \ + --trailer "SHA256:${{ steps.get_metadata.outputs.hash }}" \ && echo to_release=1 >> $GITHUB_OUTPUT \ && git push origin ${{ steps.get_metadata.outputs.tag }} \ || exit 0 - build-fedora: - needs: release-ci - uses: ./.github/workflows/fedora.yml - with: - containers: "['fedora:latest', 'fedora:41']" - version: ${{ needs.release-ci.outputs.version }} - to_release: ${{ needs.release-ci.outputs.to_release }} - tag: ${{ needs.release-ci.outputs.tag }} + - name: Create and publish GitHub release + if: steps.newtag.outputs.to_release == 1 + uses: softprops/action-gh-release@v2 + with: + tag_name: ${{ steps.get_metadata.outputs.tag }} diff --git a/.github/workflows/fedora.yml b/.github/workflows/fedora.yml deleted file mode 100644 index acb7316..0000000 --- a/.github/workflows/fedora.yml +++ /dev/null @@ -1,70 +0,0 @@ -on: - workflow_call: - inputs: - containers: - default: "['fedora:latest']" - required: false - type: string - tag: - required: true - type: string - to_release: - default: "0" - required: false - type: string - version: - required: true - type: string - -defaults: - run: - shell: bash - -jobs: - build: - strategy: - max-parallel: 2 - matrix: - image: ${{ fromJson(inputs.containers) }} - runs-on: ubuntu-latest - container: ${{ matrix.image }} - - steps: - - name: Prepare - local checkout - uses: actions/checkout@v4 - - - name: Prepare - install build dependencies - run: | - dnf -y install \ - cmake \ - gcc \ - gcc-c++ \ - git \ - openssl \ - rpm-build \ - rpmdevtools \ - tar - - - name: Prepare - setup RPM build tree - run: | - rpmdev-setuptree - - - name: Prepare - configure the source - run: | - cmake -B $(pwd)/build -S $(pwd) - - - name: Build - create source tarball and SRPM package - run: | - cmake --build $(pwd)/build --target srpm - - - name: Build - create RPM package - run: | - cmake --build $(pwd)/build --target rpms - - - name: Publish - create GitHub release - uses: softprops/action-gh-release@v2 - if: inputs.to_release == 1 - with: - tag_name: ${{ inputs.tag }} - files: | - dist/*.rpm diff --git a/CMakeLists.txt b/CMakeLists.txt index 99cd253..288f1cc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -132,7 +132,7 @@ install( ${CMAKE_INSTALL_PREFIX}/${CACERT_INSTALL_DIR} ) -set(DOCS_INSTALL_DIR "share/doc/${PROJECT}") +set(DOCS_INSTALL_DIR "share/doc/${PROJECT_NAME}") install( FILES ${CMAKE_CURRENT_SOURCE_DIR}/LICENSE diff --git a/CPackLists.txt b/CPackLists.txt index f86a7db..9d52f74 100644 --- a/CPackLists.txt +++ b/CPackLists.txt @@ -61,6 +61,14 @@ configure_file( ) if(BUILD_RPMS) +execute_process( + COMMAND bash -c + "LANG=C DATE=$(date +'%a %b %d %Y'); \ + echo \"* $DATE %{packager} - ${PROJECT_VERSION}-1%{?dist}\"; \ + echo \"- This is an automatically built package (See our Git URL for more info).\"; \ + " + OUTPUT_VARIABLE CPACK_RPM_CHANGELOG +) CONFIGURE_FILE("${CMAKE_CURRENT_SOURCE_DIR}/packaging/pkg.spec.in" "${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.spec" @ONLY diff --git a/README.md b/README.md index 1c2ad6d..c2f0b9c 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ chain, supervise and audit the processes. * [Certification Practice Statement Root Certification Authority of Brazil]( https://acraiz.icpbrasil.gov.br/cpsrootca.pdf ) -* [Política de Segurança da AC-Raiz]( +* [Security Policy of Root-CA (in Portuguese)]( https://acraiz.icpbrasil.gov.br/PSacraiz.pdf ) diff --git a/packaging/pkg.spec.in b/packaging/pkg.spec.in index f41cc68..dd0bf97 100644 --- a/packaging/pkg.spec.in +++ b/packaging/pkg.spec.in @@ -1,5 +1,6 @@ %global debug_package %{nil} %global source_date_epoch_from_changelog 0 +%global packager Christian Tosta <7252968+christiantosta@users.noreply.github.com> %define __openssl %{_bindir}/openssl @@ -43,9 +44,9 @@ chain, supervise and audit the processes. %files -%doc %{_datadir}/doc/*.pdf -%doc %{_datadir}/doc/README.md -%license %{_datadir}/doc/LICENSE +%doc %{_datadir}/doc/%{name}/*.pdf +%doc %{_datadir}/doc/%{name}/README.md +%license %{_datadir}/doc/%{name}/LICENSE %{_datadir}/pki/ca-trust-source/anchors/isrg-root-x2.crt %{_datadir}/pki/ca-trust-source/anchors/lets-encrypt-ca-bundle.crt %{_datadir}/pki/ca-trust-source/anchors/icp-brasil-ca-bundle.crt @@ -55,4 +56,4 @@ chain, supervise and audit the processes. %postun -p %{_bindir}/update-ca-trust %changelog -%autochangelog +@CPACK_RPM_CHANGELOG@