From 3377b66eb0ca30bdd43f6675f1560ae8a64b937b Mon Sep 17 00:00:00 2001 From: Christian Tosta <7252968+christiantosta@users.noreply.github.com> Date: Tue, 15 Jul 2025 04:13:50 -0300 Subject: [PATCH 1/5] Fix documentation path --- CMakeLists.txt | 2 +- packaging/pkg.spec.in | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 99cd253..288f1cc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -132,7 +132,7 @@ install( ${CMAKE_INSTALL_PREFIX}/${CACERT_INSTALL_DIR} ) -set(DOCS_INSTALL_DIR "share/doc/${PROJECT}") +set(DOCS_INSTALL_DIR "share/doc/${PROJECT_NAME}") install( FILES ${CMAKE_CURRENT_SOURCE_DIR}/LICENSE diff --git a/packaging/pkg.spec.in b/packaging/pkg.spec.in index f41cc68..ef3d70f 100644 --- a/packaging/pkg.spec.in +++ b/packaging/pkg.spec.in @@ -43,9 +43,9 @@ chain, supervise and audit the processes. %files -%doc %{_datadir}/doc/*.pdf -%doc %{_datadir}/doc/README.md -%license %{_datadir}/doc/LICENSE +%doc %{_datadir}/doc/%{name}/*.pdf +%doc %{_datadir}/doc/%{name}/README.md +%license %{_datadir}/doc/%{name}/LICENSE %{_datadir}/pki/ca-trust-source/anchors/isrg-root-x2.crt %{_datadir}/pki/ca-trust-source/anchors/lets-encrypt-ca-bundle.crt %{_datadir}/pki/ca-trust-source/anchors/icp-brasil-ca-bundle.crt From 7b75def10f7526221b560a6897ab004e6708269f Mon Sep 17 00:00:00 2001 From: Christian Tosta <7252968+christiantosta@users.noreply.github.com> Date: Tue, 15 Jul 2025 04:15:19 -0300 Subject: [PATCH 2/5] Fix RPM changelog --- CPackLists.txt | 8 ++++++++ packaging/pkg.spec.in | 3 ++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CPackLists.txt b/CPackLists.txt index f86a7db..9d52f74 100644 --- a/CPackLists.txt +++ b/CPackLists.txt @@ -61,6 +61,14 @@ configure_file( ) if(BUILD_RPMS) +execute_process( + COMMAND bash -c + "LANG=C DATE=$(date +'%a %b %d %Y'); \ + echo \"* $DATE %{packager} - ${PROJECT_VERSION}-1%{?dist}\"; \ + echo \"- This is an automatically built package (See our Git URL for more info).\"; \ + " + OUTPUT_VARIABLE CPACK_RPM_CHANGELOG +) CONFIGURE_FILE("${CMAKE_CURRENT_SOURCE_DIR}/packaging/pkg.spec.in" "${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.spec" @ONLY diff --git a/packaging/pkg.spec.in b/packaging/pkg.spec.in index ef3d70f..dd0bf97 100644 --- a/packaging/pkg.spec.in +++ b/packaging/pkg.spec.in @@ -1,5 +1,6 @@ %global debug_package %{nil} %global source_date_epoch_from_changelog 0 +%global packager Christian Tosta <7252968+christiantosta@users.noreply.github.com> %define __openssl %{_bindir}/openssl @@ -55,4 +56,4 @@ chain, supervise and audit the processes. %postun -p %{_bindir}/update-ca-trust %changelog -%autochangelog +@CPACK_RPM_CHANGELOG@ From bc93d34d1665c818957512fb287ac6aec5925524 Mon Sep 17 00:00:00 2001 From: Christian Tosta <7252968+christiantosta@users.noreply.github.com> Date: Tue, 15 Jul 2025 04:18:47 -0300 Subject: [PATCH 3/5] [CI-CD] Updated workflows --- .copr/Makefile | 2 +- .github/workflows/ci.yml | 14 ++++++++------ .github/workflows/fedora.yml | 8 +++++--- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/.copr/Makefile b/.copr/Makefile index 3e9b524..445f283 100644 --- a/.copr/Makefile +++ b/.copr/Makefile @@ -3,7 +3,7 @@ SHELL := bash source: - dnf -y install cmake gcc gcc-c++ + dnf -y install cmake gcc gcc-c++ openssl cmake --fresh -DBUILD_RPMS=ON -B build -S . cmake --build build --target srpm diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ea6f488..ee9a2e9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,6 @@ jobs: release-ci: runs-on: ubuntu-latest outputs: - version: ${{ steps.get_metadata.outputs.version }} tag: ${{ steps.get_metadata.outputs.tag }} to_release: ${{ steps.newtag.outputs.to_release }} @@ -20,15 +19,15 @@ jobs: - name: Install CI dependencies run: | sudo apt-get update - sudo apt-get -y -qq install cmake g++ gcc + sudo apt-get -y -qq install cmake openssl g++ gcc - name: Get latest package metadata id: get_metadata run: | cmake --fresh -B build -S . echo "tag=v$(cat build/version)" >> $GITHUB_OUTPUT - echo "version=$(cat build/version)" >> $GITHUB_OUTPUT - + echo "hash=$(sha256sum build/hash | sed 's/\s.*//g')" >> $GITHUB_OUTPUT + - name: Check if package version has corresponding git tag id: tagged shell: bash @@ -43,7 +42,11 @@ jobs: id: newtag if: steps.tagged.outputs.tagged == 0 run: | - git tag ${{ steps.get_metadata.outputs.tag }} \ + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git tag -a ${{ steps.get_metadata.outputs.tag }} \ + -m "New cert chain was released" \ + --trailer "SHA256:${{ steps.get_metadata.outputs.hash }}" \ && echo to_release=1 >> $GITHUB_OUTPUT \ && git push origin ${{ steps.get_metadata.outputs.tag }} \ || exit 0 @@ -53,6 +56,5 @@ jobs: uses: ./.github/workflows/fedora.yml with: containers: "['fedora:latest', 'fedora:41']" - version: ${{ needs.release-ci.outputs.version }} to_release: ${{ needs.release-ci.outputs.to_release }} tag: ${{ needs.release-ci.outputs.tag }} diff --git a/.github/workflows/fedora.yml b/.github/workflows/fedora.yml index acb7316..2c318a8 100644 --- a/.github/workflows/fedora.yml +++ b/.github/workflows/fedora.yml @@ -12,9 +12,6 @@ on: default: "0" required: false type: string - version: - required: true - type: string defaults: run: @@ -34,6 +31,7 @@ jobs: uses: actions/checkout@v4 - name: Prepare - install build dependencies + if: inputs.to_release == 1 run: | dnf -y install \ cmake \ @@ -46,18 +44,22 @@ jobs: tar - name: Prepare - setup RPM build tree + if: inputs.to_release == 1 run: | rpmdev-setuptree - name: Prepare - configure the source + if: inputs.to_release == 1 run: | cmake -B $(pwd)/build -S $(pwd) - name: Build - create source tarball and SRPM package + if: inputs.to_release == 1 run: | cmake --build $(pwd)/build --target srpm - name: Build - create RPM package + if: inputs.to_release == 1 run: | cmake --build $(pwd)/build --target rpms From 026ee513c1f9556906410d1660343a0eb98e8250 Mon Sep 17 00:00:00 2001 From: Christian Tosta <7252968+christiantosta@users.noreply.github.com> Date: Tue, 15 Jul 2025 04:38:47 -0300 Subject: [PATCH 4/5] Updated README file --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1c2ad6d..c2f0b9c 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ chain, supervise and audit the processes. * [Certification Practice Statement Root Certification Authority of Brazil]( https://acraiz.icpbrasil.gov.br/cpsrootca.pdf ) -* [Política de Segurança da AC-Raiz]( +* [Security Policy of Root-CA (in Portuguese)]( https://acraiz.icpbrasil.gov.br/PSacraiz.pdf ) From 2503ccb99dcdfc94a0757322f0c8cd97fb49752a Mon Sep 17 00:00:00 2001 From: Christian Tosta <7252968+christiantosta@users.noreply.github.com> Date: Tue, 15 Jul 2025 05:07:53 -0300 Subject: [PATCH 5/5] Remove rpm-build workflows --- .github/workflows/ci.yml | 15 +++----- .github/workflows/fedora.yml | 72 ------------------------------------ 2 files changed, 5 insertions(+), 82 deletions(-) delete mode 100644 .github/workflows/fedora.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ee9a2e9..1abe0b4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,9 +8,6 @@ on: jobs: release-ci: runs-on: ubuntu-latest - outputs: - tag: ${{ steps.get_metadata.outputs.tag }} - to_release: ${{ steps.newtag.outputs.to_release }} steps: - name: Local checkout @@ -51,10 +48,8 @@ jobs: && git push origin ${{ steps.get_metadata.outputs.tag }} \ || exit 0 - build-fedora: - needs: release-ci - uses: ./.github/workflows/fedora.yml - with: - containers: "['fedora:latest', 'fedora:41']" - to_release: ${{ needs.release-ci.outputs.to_release }} - tag: ${{ needs.release-ci.outputs.tag }} + - name: Create and publish GitHub release + if: steps.newtag.outputs.to_release == 1 + uses: softprops/action-gh-release@v2 + with: + tag_name: ${{ steps.get_metadata.outputs.tag }} diff --git a/.github/workflows/fedora.yml b/.github/workflows/fedora.yml deleted file mode 100644 index 2c318a8..0000000 --- a/.github/workflows/fedora.yml +++ /dev/null @@ -1,72 +0,0 @@ -on: - workflow_call: - inputs: - containers: - default: "['fedora:latest']" - required: false - type: string - tag: - required: true - type: string - to_release: - default: "0" - required: false - type: string - -defaults: - run: - shell: bash - -jobs: - build: - strategy: - max-parallel: 2 - matrix: - image: ${{ fromJson(inputs.containers) }} - runs-on: ubuntu-latest - container: ${{ matrix.image }} - - steps: - - name: Prepare - local checkout - uses: actions/checkout@v4 - - - name: Prepare - install build dependencies - if: inputs.to_release == 1 - run: | - dnf -y install \ - cmake \ - gcc \ - gcc-c++ \ - git \ - openssl \ - rpm-build \ - rpmdevtools \ - tar - - - name: Prepare - setup RPM build tree - if: inputs.to_release == 1 - run: | - rpmdev-setuptree - - - name: Prepare - configure the source - if: inputs.to_release == 1 - run: | - cmake -B $(pwd)/build -S $(pwd) - - - name: Build - create source tarball and SRPM package - if: inputs.to_release == 1 - run: | - cmake --build $(pwd)/build --target srpm - - - name: Build - create RPM package - if: inputs.to_release == 1 - run: | - cmake --build $(pwd)/build --target rpms - - - name: Publish - create GitHub release - uses: softprops/action-gh-release@v2 - if: inputs.to_release == 1 - with: - tag_name: ${{ inputs.tag }} - files: | - dist/*.rpm