Commit Graph

28 Commits

Author SHA1 Message Date
Ben Grande
6eb13fa07f
ci: reproducible license sort 2024-07-08 19:10:14 +02:00
Ben Grande
6e6c7b452f
ci: escape special sed character 2024-07-08 18:34:41 +02:00
Ben Grande
f30e5e11a9
build: dictionary sort licenses names
GHA can sort differently than local.
2024-07-08 18:20:12 +02:00
Ben Grande
0f6aa34a89
test: show RPM Spec differences on status check 2024-07-08 18:00:01 +02:00
Ben Grande
523bca2327
fix: conform files to editorconfig specification 2024-07-08 17:26:34 +02:00
Ben Grande
0e150382e1
ci: check if RPM Specs are up to date 2024-07-08 15:21:49 +02:00
Ben Grande
f60077f1a9
doc: spell check 2024-07-08 11:41:45 +02:00
Ben Grande
077b9b4e5e
ci: lint YAML and spell check code 2024-07-08 11:12:38 +02:00
Ben Grande
35fa43dadf
perf: make pre-commit hooks pass file extensions
- shell-lint: faster evaluation of shell scripts, hook 40% faster;
- *-lint: unify method to find the "find" utility; and
- pre-commit: pass file extensions to lint tools.
2024-07-06 22:25:54 +02:00
Ben Grande
d457302fc3
feat: lint python files 2024-07-05 12:24:24 +02:00
Ben Grande
2a4b453b58
fix: lint GitHub issue and pull request templates 2024-07-04 18:09:38 +02:00
Ben Grande
383c840f2f
doc: lint markdown files
Only way to have a unified markdown syntax is to enforce the wanted
syntax by linting the files. Don't rely on the many markdown syntaxes,
be consistent.
2024-07-04 17:27:31 +02:00
Ben Grande
c0508977c7
build: remove unpackaged hidden files
Dotfiles build failed as it is a submodule and contains ".git" and
"LICENSES". Hidden files in the base directory are normally used to
specify configuration of tools for development, not usable in packages.

For: https://github.com/ben-grande/qusal/issues/59
2024-06-24 17:11:46 +02:00
Ben Grande
e2791139ee
fix: build RPM contained in spec definitions
The spec-build.sh was necessary for a proper build, but it is not
correct to depend on external scripts to generate the correct
RPM_BUILD_ROOT files. Now everything is contained in the spec file. The
spec-build.sh can be used in the future to automate the process of
copying sources to the specified directory and signing, but not
modifying the sources contents on a per file basis.

For: https://github.com/ben-grande/qusal/issues/59
2024-06-24 08:24:48 +02:00
Ben Grande
ac6f707bf5
ci: set spec vendor as git user.name is unset
Fixes: https://github.com/ben-grande/qusal/issues/67
2024-06-22 12:39:51 +02:00
Ben Grande
c84dfea48e
fix: generate RPM Specs for Qubes Builder V2
It doesn't checkout the current directory when querying the spec, so we
provide the already modified version of the spec.
2024-06-21 17:00:06 +02:00
Ben Grande
8640b6d11b
feat: add Qubes Builder configuration
For: https://github.com/ben-grande/qusal/issues/59
2024-06-20 17:54:40 +02:00
Ben Grande
ff41103194
build: spec scriptlet fails when it is empty
Echoing the word true was getting evaluated instead of being assigned as
a string.
2024-06-14 19:22:43 +02:00
Ben Grande
3c2bba2a9a
build: quiet build and verbose changelog 2024-06-13 14:03:16 +02:00
Ben Grande
fe996b3a35
ci: untracked readme is an untracked project 2024-06-13 13:14:41 +02:00
Ben Grande
fc22726ee8
feat: build and sign RPM packages
Passing files to Dom0 is always dangerous:

- Passing a git repository is dangerous as it can have ignored modified
  files and signature verification will pass.
- Passing an archive is troublesome for updates.
- Passing an RPM package depends on the RPM verification to be correct,
  some times it is not.
- Passing a RPM repository definition is less troublesome for the user,
  as it is a small file to verify the contents and update mechanism is
  via the package manager. Trust in RPM verification is still required.

Many improvements were made to the build scripts:

- requires-program: Single function to check if program is installed;
- spec-get: Sort project names for the usage message;
- spec-get: Only running commands that are necessary;
- spec-get: Fix empty summary when readme has copyright header;
- spec-gen: Fix grep warning of escaped symbol;
- spec-build: Sign RPM and verify signature;
- spec-build: Only lint the first SPEC for faster runtime;
- yumrepo-gen: Generate a local yum repository with signed metadata;
- qubesbuilder-gen: Generate a .qubesbuilder based on tracked projects;
- release: Build, sign and push all RPMs to repository.

Goal is to be able to build with qubes-builderv2 Qubes Executor.

For: https://github.com/ben-grande/qusal/issues/37
2024-06-12 14:44:04 +02:00
Ben Grande
40a4107290
fix: verify all subkeys expiration date
For: https://github.com/ben-grande/qusal/issues/46
2024-05-15 15:58:00 +02:00
Ben Grande
c6e4224e1b
feat: monitor pgp key expiration
For: https://github.com/ben-grande/qusal/issues/46
2024-05-15 01:26:59 +02:00
Ben Grande
ee7bfd5089 fix: remove sudo from RPM spec 2024-03-14 16:22:41 +01:00
Ben Grande
9b6895b06f feat: print hex of unicode
Useful to detect unwanted characters in third party contributions
patches using a CI hook.
2024-03-14 12:09:49 +01:00
Ben Grande
6efcc1da77 chore: copyright update 2024-01-29 16:49:54 +01:00
Ben Grande
9b740d8314 feat: allow to run setup outside of its directory 2024-01-18 09:25:01 +01:00
Ben Grande
5eebd789ed refactor: initial commit 2023-11-13 14:33:28 +00:00