I made a first cut at this: https://github.com/davedoesdev/rumprun-packages
.travis.yml calls .docker-build/build-package-in-docker.sh, which in
turn uses a Docker image
(davedoesdev/rumprun-toolchain-x86_64-rumprun-netbsd-hw) to run
.docker-build/build-package.sh, which builds the package.
The Docker images are automated builds and are listed here:
https://hub.docker.com/u/davedoesdev/
The 'inheritance' heirarchy is:
ubuntu
davedoesdev/rumprun-toolchain-base
davedoesdev/rumprun-toolchain-base-hw
davedoesdev/rumprun-toolchain-x86_64-rumprun-netbsd-hw
Feel free to look at the Dockerfiles.
The Travis build status is here:
https://travis-ci.org/davedoesdev/rumprun-packages
Any feedback or comments welcome!
(I plan to create derivative image(s) which publish the artifacts
automatically too, using https://github.com/davedoesdev/dtuf, but
that's something for another day).
On 11 March 2016 at 11:06, Martin Lucina <martin@xxxxxxxxxx> wrote:
On Thursday, 10.03.2016 at 20:20, David Halls wrote:
https://docs.travis-ci.com/user/encryption-keys/
Uploading to Github requires an OUATH token with permissions to upload to
the Github repository in .travis.yml. What are the security implications of
this? Unless I'm missing something, anyone could trivially steal that token
and use it to upload arbitrary "releases" to the target Github repo...?
Thanks for the pointer!
Of course that means specifying toolchain artefact version in the package
build.
Right. And that doesn't work for our toolchain for two reasons
1) The toolchain just wraps (and is thus dependent on) the host toolchain.
So "version of toolchain" is not meaningful.
If they shared a Docker toolchain base image that should be ok, right?
Yes.
