From 702f198566bc9a0bdada26eda5fccf580af3df8b Mon Sep 17 00:00:00 2001 From: sh <37271604+shumvgolove@users.noreply.github.com> Date: Tue, 2 Dec 2025 11:33:30 +0000 Subject: [PATCH] ci: add cli deb and fix formatting to reproducible-builds (#6483) * scripts/reproducible-builds: add cli deb and fix formatting * scripts/reproducible-builds: properly strip v from tag --- scripts/simplex-chat-reproduce-builds.sh | 216 ++++++++++++----------- 1 file changed, 117 insertions(+), 99 deletions(-) diff --git a/scripts/simplex-chat-reproduce-builds.sh b/scripts/simplex-chat-reproduce-builds.sh index c7d9170c4a..e1a62dc73a 100755 --- a/scripts/simplex-chat-reproduce-builds.sh +++ b/scripts/simplex-chat-reproduce-builds.sh @@ -20,115 +20,133 @@ package direct-sqlcipher export DOCKER_BUILDKIT=1 +version=${TAG#v} +version=${version%-*} + cleanup() { - docker exec -t "${container_name}" sh -c 'rm -rf ./dist-newstyle ./apps' 2>/dev/null || : - rm -rf -- "${tempdir}" - docker rm --force "${container_name}" 2>/dev/null || : - docker image rm "${image_name}" 2>/dev/null || : - cd "${init_dir}" + docker exec -t "${container_name}" sh -c 'rm -rf ./dist-newstyle ./apps' 2>/dev/null || : + rm -rf -- "${tempdir}" + docker rm --force "${container_name}" 2>/dev/null || : + docker image rm "${image_name}" 2>/dev/null || : + cd "${init_dir}" } trap 'cleanup' EXIT INT mkdir -p "${init_dir}/${TAG}-${repo_name}/from-source" "${init_dir}/${TAG}-${repo_name}/prebuilt" git -C "${tempdir}" clone "${repo}.git" &&\ - cd "${tempdir}/${repo_name}" &&\ - git checkout "${TAG}" + cd "${tempdir}/${repo_name}" &&\ + git checkout "${TAG}" for os in '22.04' '24.04'; do - os_url="$(printf '%s' "${os}" | tr '.' '_')" + os_url="$(printf '%s' "${os}" | tr '.' '_')" - cli_name="simplex-chat-ubuntu-${os_url}-x86_64" - deb_name="simplex-desktop-ubuntu-${os_url}-x86_64.deb" - appimage_name="simplex-desktop-x86_64.AppImage" + cli_name="simplex-chat-ubuntu-${os_url}-x86_64" + deb_name="simplex-desktop-ubuntu-${os_url}-x86_64.deb" + appimage_name="simplex-desktop-x86_64.AppImage" - # Build image - docker build \ - --no-cache \ - --build-arg TAG="${os}" \ - --build-arg GHC="${ghc}" \ - -f "${tempdir}/${repo_name}/Dockerfile.build" \ - -t "${image_name}" \ - . + # Build image + docker build \ + --no-cache \ + --build-arg TAG="${os}" \ + --build-arg GHC="${ghc}" \ + -f "${tempdir}/${repo_name}/Dockerfile.build" \ + -t "${image_name}" \ + . - printf '%s' "${cabal_local}" > "${tempdir}/${repo_name}/cabal.project.local" + printf '%s' "${cabal_local}" > "${tempdir}/${repo_name}/cabal.project.local" - # Run container in background - docker run -t -d \ - --name "${container_name}" \ - --device /dev/fuse \ - --cap-add SYS_ADMIN \ - --security-opt apparmor:unconfined \ - -v "${tempdir}/${repo_name}:/project" \ - "${image_name}" + # Run container in background + docker run -t -d \ + --name "${container_name}" \ + --device /dev/fuse \ + --cap-add SYS_ADMIN \ + --security-opt apparmor:unconfined \ + -v "${tempdir}/${repo_name}:/project" \ + "${image_name}" - # Consistent permissions - docker exec \ - -t "${container_name}" \ - sh -c 'find /project -type d -exec chmod 755 {} \; ; find /project -type f -perm /111 -exec chmod 755 {} \; ; find /project -type f ! -perm /111 -exec chmod 644 {} \;' + # Consistent permissions + docker exec \ + -t "${container_name}" \ + sh -c 'find /project -type d -exec chmod 755 {} \; ; find /project -type f -perm /111 -exec chmod 755 {} \; ; find /project -type f ! -perm /111 -exec chmod 644 {} \;' - # CLI - docker exec \ - -t "${container_name}" \ - sh -c 'cabal clean && cabal update && cabal build -j && mkdir -p /out && for i in simplex-chat; do bin=$(find /project/dist-newstyle -name "$i" -type f -executable) && chmod +x "$bin" && mv "$bin" /out/; done && strip /out/simplex-chat' + # CLI + docker exec \ + -t "${container_name}" \ + sh -c 'cabal clean && cabal update && cabal build -j && mkdir -p /out && for i in simplex-chat; do bin=$(find /project/dist-newstyle -name "$i" -type f -executable) && chmod +x "$bin" && mv "$bin" /out/; done && strip /out/simplex-chat' - # Copy CLI - docker cp \ - "${container_name}":/out/simplex-chat \ - "${init_dir}/${TAG}-${repo_name}/from-source/${cli_name}" + # Copy CLI + docker cp \ + "${container_name}":/out/simplex-chat \ + "${init_dir}/${TAG}-${repo_name}/from-source/${cli_name}" - # Download prebuilt CLI binary - curl -L \ - --output-dir "${init_dir}/${TAG}-${repo_name}/prebuilt/" \ - -O "${repo}/releases/download/${TAG}/${cli_name}" + # Download prebuilt CLI binary + curl -L \ + --output-dir "${init_dir}/${TAG}-${repo_name}/prebuilt/" \ + -O "${repo}/releases/download/${TAG}/${cli_name}" - # Desktop: deb - docker exec \ - -t "${container_name}" \ - sh -c './scripts/desktop/make-deb-linux.sh' + # CLI: deb + docker exec \ + -t "${container_name}" \ + sh -c "./scripts/desktop/build-cli-deb.sh ${version}" - # Copy deb - docker cp \ - "${container_name}":/project/apps/multiplatform/release/main/deb/simplex_x86_64.deb \ - "${init_dir}/${TAG}-${repo_name}/from-source/${deb_name}" + # Copy CLI: deb + docker cp \ + "${container_name}":/out/deb-build/simplex-chat.deb \ + "${init_dir}/${TAG}-${repo_name}/from-source/${cli_name}.deb" - # Download prebuilt deb package - curl -L \ - --output-dir "${init_dir}/${TAG}-${repo_name}/prebuilt/" \ - -O "${repo}/releases/download/${TAG}/${deb_name}" + # Download prebuilt CLI: deb binary + curl -L \ + --output-dir "${init_dir}/${TAG}-${repo_name}/prebuilt/" \ + -O "${repo}/releases/download/${TAG}/${cli_name}.deb" - # Desktop: appimage. Build only on 22.04 - case "$os" in - 22.04) - # Appimage - docker exec \ - -t "${container_name}" \ - sh -c './scripts/desktop/make-appimage-linux.sh && mv ./apps/multiplatform/release/main/*imple*.AppImage ./apps/multiplatform/release/main/simplex.appimage' + # Desktop: deb + docker exec \ + -t "${container_name}" \ + sh -c './scripts/desktop/make-deb-linux.sh' - # Copy appimage - docker cp \ - "${container_name}":/project/apps/multiplatform/release/main/simplex.appimage \ - "${init_dir}/${TAG}-${repo_name}/from-source/${appimage_name}" + # Copy deb + docker cp \ + "${container_name}":/project/apps/multiplatform/release/main/deb/simplex_x86_64.deb \ + "${init_dir}/${TAG}-${repo_name}/from-source/${deb_name}" - # Download prebuilt appimage binary - curl -L \ - --output-dir "${init_dir}/${TAG}-${repo_name}/prebuilt/" \ - -O "${repo}/releases/download/${TAG}/${appimage_name}" - ;; - esac - - # Important! Remove dist-newstyle for the next interation - docker exec \ - -t "${container_name}" \ - sh -c 'rm -rf ./dist-newstyle ./apps/multiplatform' + # Download prebuilt deb package + curl -L \ + --output-dir "${init_dir}/${TAG}-${repo_name}/prebuilt/" \ + -O "${repo}/releases/download/${TAG}/${deb_name}" - # Also restore git to previous state - git reset --hard && git clean -dfx + # Desktop: appimage. Build only on 22.04 + case "$os" in + 22.04) + # Appimage + docker exec \ + -t "${container_name}" \ + sh -c './scripts/desktop/make-appimage-linux.sh && mv ./apps/multiplatform/release/main/*imple*.AppImage ./apps/multiplatform/release/main/simplex.appimage' - # Stop containers, delete images - docker stop "${container_name}" - docker rm --force "${container_name}" - docker image rm "${image_name}" + # Copy appimage + docker cp \ + "${container_name}":/project/apps/multiplatform/release/main/simplex.appimage \ + "${init_dir}/${TAG}-${repo_name}/from-source/${appimage_name}" + + # Download prebuilt appimage binary + curl -L \ + --output-dir "${init_dir}/${TAG}-${repo_name}/prebuilt/" \ + -O "${repo}/releases/download/${TAG}/${appimage_name}" + ;; + esac + + # Important! Remove dist-newstyle for the next interation + docker exec \ + -t "${container_name}" \ + sh -c 'rm -rf ./dist-newstyle ./apps/multiplatform' + + # Also restore git to previous state + git reset --hard && git clean -dfx + + # Stop containers, delete images + docker stop "${container_name}" + docker rm --force "${container_name}" + docker image rm "${image_name}" done # Cleanup @@ -145,27 +163,27 @@ bad=0 # Check hashes for all binaries for file in "${path_bin}"/from-source/*; do - # Extract binary name - app="$(basename ${file})" + # Extract binary name + app="$(basename ${file})" - # Compute hash for compiled binary - compiled=$(sha256sum "${path_bin}/from-source/${app}" | awk '{print $1}') - # Compute hash for prebuilt binary - prebuilt=$(sha256sum "${path_bin}/prebuilt/${app}" | awk '{print $1}') + # Compute hash for compiled binary + compiled=$(sha256sum "${path_bin}/from-source/${app}" | awk '{print $1}') + # Compute hash for prebuilt binary + prebuilt=$(sha256sum "${path_bin}/prebuilt/${app}" | awk '{print $1}') - # Compare - if [ "${compiled}" != "${prebuilt}" ]; then - # If hashes doesn't match, set bad... - bad=1 + # Compare + if [ "${compiled}" != "${prebuilt}" ]; then + # If hashes doesn't match, set bad... + bad=1 - # ... and print affected binary - printf "%s - sha256sum hash doesn't match\n" "${app}" - fi + # ... and print affected binary + printf "%s - sha256sum hash doesn't match\n" "${app}" + fi done # If everything is still okay, compute checksums file if [ "${bad}" = 0 ]; then - sha256sum "${path_bin}"/from-source/* | sed -e "s|$PWD/||g" -e 's|from-source/||g' -e "s|-$repo_name||g" > "${path_bin}/_sha256sums" + sha256sum "${path_bin}"/from-source/* | sed -e "s|$PWD/||g" -e 's|from-source/||g' -e "s|-$repo_name||g" > "${path_bin}/_sha256sums" - printf 'Checksums computed - %s\n' "${path_bin}/_sha256sums" + printf 'Checksums computed - %s\n' "${path_bin}/_sha256sums" fi