Open
Conversation
Manuthor
force-pushed
the
ci/add_packaging
branch
2 times, most recently
from
6c70ef7 to
88626d9
Compare
Manuthor
force-pushed
the
ci/add_packaging
branch
from
88626d9 to
da2717d
Compare
- Add .github/reusable_scripts/get_openssl_binaries.sh stub (auth_server uses vendored OpenSSL so no pre-built binaries are needed) - Remove unused tokio dev-dep from auth_client - Remove unused base32 dep from auth_server - Add .cargo/audit.toml ignoring RUSTSEC-2023-0071 (rsa Marvin Attack – transitive via sqlx-mysql, no upstream fix available) - Fix packaging.yml: remove incorrect github.event_name == 'workflow_call' job conditions (inside a reusable workflow event_name is the original caller's event, not 'workflow_call'); publish-release now only runs on tag pushes
- Remove diskUsage=true from nix/docker.nix (not supported in pinned nixpkgs) - Remove --option substituters "" from package_common.sh and nix.sh to allow binary cache (cache.nixos.org), preventing FTP download of file-5.41 which is blocked on GitHub Actions - Update macOS arm64 static binary hash to 94ff939c... - Add cargo install --locked cargo-packager step for macOS in packaging.yml - Remove unused LINK_EXPLICIT variable in nix.sh (shellcheck SC2034)
- Remove 37 unused [workspace.dependencies] entries - Fix cosmian_logger: git dep -> crates.io 0.7.0 (required for publish) - Fix auth_client: add version = "1.0.0" beside path dep (required for publish) - Fix client description: replace em-dash with ASCII dash - Apply cargo fmt to server sources
… signing
- nix/auth-server.nix: on aarch64 Linux, pkgs234 (nixpkgs 22.05) defaults to
gcc-9.3.0 which aws-lc-sys v0.39.1 rejects (GCC PR#95189 memcmp bug on aarch64).
Use platform.gcc11 for CC/CXX exports in buildPhase on aarch64 — still glibc
2.34 compatible but without the bug. Fixes docker-ubuntu-24.04-arm,
ubuntu-24.04-arm-static, ubuntu-24.04-arm-dynamic CI failures.
- package_common.sh: build_deb/build_rpm set export HOME=${TMPDIR} for Cargo,
which moves the GPG keyring to a fresh empty directory different from where
crazy-max/ghaction-import-gpg imported the signing key. Fix gpg_sign_file() to
re-import $GPG_SIGNING_KEY with passphrase-fd/loopback pinentry in the current
HOME before signing. Fixes ubuntu-24.04-{static,dynamic} CI GPG failures.
- package_dmg.sh: same HOME issue; re-import $GPG_SIGNING_KEY with passphrase
before the DMG signing loop. Fixes macos-15-{static,dynamic} CI GPG failures.
smoke_test_rpm.sh uses rpm2cpio (from the rpm package) and cpio to extract the RPM archive for inspection, but nix.sh only provided binutils, file, and coreutils to the smoke-test nix-shell. Add rpm and cpio to the -p list so rpm2cpio is available.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.