Skip to content

DEB and RPM package autobuilding

DejfCold requested to merge DejfCold/vaultbot:master into goreleaser

Automatically builds Debian and RHEL packages and pushes them to GitLab's generic package registry. It's not entirely up to Debian and Fedora standards, but I'm not aware of a way for it to be and still be entirely automated.

You need to create a gpg key pair to sign the built RPM:

$ gpg --full-gen-key
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Gitlab
Email address:
Comment:
You selected this USER-ID:
    "Gitlab"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key D8D055B108B3D0C6 marked as ultimately trusted
gpg: revocation certificate stored as '/home/dejfcold/.gnupg/openpgp-revocs.d/81242B16B8E383EB814AE789D8D055B108B3D0C6.rev'
public and secret key created and signed.

pub   rsa2048 2021-05-11 [SC]
      81242B16B8E383EB814AE789D8D055B108B3D0C6
uid                      Gitlab
sub   rsa2048 2021-05-11 [E]

$ gpg --export-secret-keys -armor Gitlab > private.key
$ gpg --export -armor Gitlab > public.key

Don't use any password. If it asks, use an empty one.

Copy the contents of private.key to GPG_SIGNING_KEY CI FILE variable.

Also copy the contents of public.key somewhere so people can verify it.

Edited by DejfCold

Merge request reports