From 1372d76a937d7031a71f86f979460f0ef0ce91a2 Mon Sep 17 00:00:00 2001 From: Reilly Brogan Date: Fri, 10 May 2024 15:46:53 -0500 Subject: [PATCH] repo: Generate release archive This adds a script that generates a source archive containing vendored dependencies. This source archive is suitable for building in environments that do not have networking. This archive is bit-for-bit reproducible and will always generate the exact same archive when ran on a given git commit with a given version of system tooling. Signed-off-by: Reilly Brogan --- .gitignore | 3 ++ justfile | 3 ++ scripts/create-release-tar.sh | 86 +++++++++++++++++++++++++++++++++++ 3 files changed, 92 insertions(+) create mode 100755 scripts/create-release-tar.sh diff --git a/.gitignore b/.gitignore index 003dcb88..23b941de 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,6 @@ target install **/db/**/test.db + +# Generated source archives +*.tar.* diff --git a/justfile b/justfile index a9e00ba9..4865af0c 100644 --- a/justfile +++ b/justfile @@ -124,3 +124,6 @@ install-moss: # Cleanup rm -rfv $tmpdir + +create-release-tar: + scripts/create-release-tar.sh diff --git a/scripts/create-release-tar.sh b/scripts/create-release-tar.sh new file mode 100755 index 00000000..4a71161f --- /dev/null +++ b/scripts/create-release-tar.sh @@ -0,0 +1,86 @@ +#!/usr/bin/env bash +set -euxo pipefail + +# Script to generate a tarball of source code and vendored (downloaded) Rust dependencies +# and the cargo configuration to ensure they are used + +# Get the current directory, which we'll use for telling Cargo where to find the sources +wd="$PWD" + +# Get the version from Cargo.toml +VERSION=$(yq -oy '.workspace.package.version' Cargo.toml) + +# The path where we will output the tar file +path=$wd/moss-$VERSION-vendored.tar.zst + +# Clean up stuff we've written before +rm -f "$path" + +# Make sure cargo lock files are in sync with cargo.toml +cargo check --locked + +PREFIX_TMPDIR=$(mktemp -d) +pushd "$PREFIX_TMPDIR" + +# Enable dotglob so we copy over files/folders starting with . +shopt -s dotglob +cp -ra "$wd"/* . + +function get_commit_time() { + TZ=UTC0 git log -1 \ + --format=tformat:%cd \ + --date=format:%Y-%m-%dT%H:%M:%SZ \ + "$@" +} + +# Set each file mtime to that of it's latest commit +# Set each source file timestamp to that of its latest commit. +git ls-files | while read -r file; do + commit_time=$(get_commit_time "$file") && + touch -md "$commit_time" "$file" +done + +# Set timestamp of each directory under $FILES +# to the latest timestamp of any descendant. +find . -depth -type d -exec sh -c \ + 'touch -r "$0/$(ls -At "$0" | head -n 1)" "$0"' \ + {} ';' + +SOURCE_EPOCH=$(get_commit_time) + +# Cleanup repo +git reset --hard +git clean -xdf +git clean -df +rm -rf .git +rm -rf serpent-style + +# Generate vendored dependencies and the configuration to use them +cargo vendor --manifest-path "$wd/Cargo.toml" >> .cargo/config.toml + +# vendoring drags in a lot of Windows dependencies, which makes the resulting tarball enormous +# cargo can't be told only to support a particular platform +# see https://github.com/rust-lang/cargo/issues/7058 +# workaround below from https://github.com/rust-lang/cargo/issues/7058#issuecomment-751856262 +rm -r vendor/winapi*/lib/*.a + +# Reproducible tar flags +TARFLAGS=" + --sort=name --format=posix + --pax-option=exthdr.name=%d/PaxHeaders/%f + --pax-option=delete=atime,delete=ctime + --clamp-mtime --mtime=$SOURCE_EPOCH + --numeric-owner --owner=0 --group=0 + --mode=go+u,go-w +" +ZSTDFLAGS="-19 -T0" + +# shellcheck disable=SC2086 +LC_ALL=C tar $TARFLAGS -C $PREFIX_TMPDIR -cf - . | + zstd $ZSTDFLAGS > $path + +popd +rm -rf "$PREFIX_TMPDIR" + +checksum=$(sha256sum "$path") +echo "Release tar checksum $checksum"