Unambiguously differentiating official and local builds [Was [Vm-dev] Moving the Cog subversion repository to githup at 2016-6-16 7am UTC]
Hi All,
so after fixing "git remote get-url origin" to fail over to "git remote show origin | filter and munge" the culture shock of "git commit -a" (git commit does nothing ?!?!?) I have a VM that outputs a reasonable version info:
/Users/eliot/oscogvm/build.macos32x86/squeak.cog.spur/CocoaFast.app/Contents/MacOS/Squeak 5.0 5.0.201606161953 Mac OS X built on Jun 16 2016 12:56:52 PDT Compiler: 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57) [Production Spur VM] CoInterpreter VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 StackToRegisterMappingCogit VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 VM: r201606161953 http://github.com/OpenSmalltalk/vm $ Date: Thu Jun 16 12:53:33 2016 -0700 $ Plugins: r201606161953 http://github.com/OpenSmalltalk/vm $
Which begs the question how do I differentiate this from something built officially via Travis? Arguably the URL is wrong, and should only say " http://github.com/OpenSmalltalk/vm" for travis builds, and perhaps should just include my local hostname and current directory when I make any kind of local modification. So the above would read
... VM: r201606161953 McStalker:?users/eliot/oscogvm $ Date: Thu Jun 16 12:53:33 2016 -0700 $ Plugins: r201606161953 McStalker:?users/eliot/oscogvm $
Alternatively we could add another field, or modify one of the existing fields to say "I'm official" however one would do that. I don't know how, I just know we need this. I shouldn't be able to pollute the VM pool by putting some VM on some site somewhere that i just happened to build after several sherries and some cannabis brownies that looks to all intents and purposes just like a VM built by our official Travis slaves. Hic. Chillin'
_,,,^..^,,,_ best, Eliot
Hi Eliot,
how secure does this need to be? One way to differentiate the official VMs is to sign them directly on Travis (which we'll want to do anyway, just didn't get to it, yet).
Another option is to just change the URL replacement code to do something else when not running on Travis --- like adding your hostname and path instead --- but this could be fairly easily messed with.
Not sure how much malicious intent we want to prevent.
cheers, Tim
On 16 June 2016 at 22:07, Eliot Miranda eliot.miranda@gmail.com wrote:
Hi All,
so after fixing "git remote get-url origin" to fail over to "git remoteshow origin | filter and munge" the culture shock of "git commit -a" (git commit does nothing ?!?!?) I have a VM that outputs a reasonable version info:
/Users/eliot/oscogvm/build.macos32x86/squeak.cog.spur/CocoaFast.app/Contents/MacOS/Squeak 5.0 5.0.201606161953 Mac OS X built on Jun 16 2016 12:56:52 PDT Compiler: 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57) [Production Spur VM] CoInterpreter VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 StackToRegisterMappingCogit VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 VM: r201606161953 http://github.com/OpenSmalltalk/vm $ Date: Thu Jun 16 12:53:33 2016 -0700 $ Plugins: r201606161953 http://github.com/OpenSmalltalk/vm $
Which begs the question how do I differentiate this from something built officially via Travis? Arguably the URL is wrong, and should only say "http://github.com/OpenSmalltalk/vm" for travis builds, and perhaps should just include my local hostname and current directory when I make any kind of local modification. So the above would read
... VM: r201606161953 McStalker:?users/eliot/oscogvm $ Date: Thu Jun 16 12:53:33 2016 -0700 $ Plugins: r201606161953 McStalker:?users/eliot/oscogvm $
Alternatively we could add another field, or modify one of the existing fields to say "I'm official" however one would do that. I don't know how, I just know we need this. I shouldn't be able to pollute the VM pool by putting some VM on some site somewhere that i just happened to build after several sherries and some cannabis brownies that looks to all intents and purposes just like a VM built by our official Travis slaves. Hic. Chillin'
_,,,^..^,,,_ best, Eliot
Hi Tim,
On Jun 17, 2016, at 12:22 AM, Tim Felgentreff timfelgentreff@gmail.com wrote:
Hi Eliot,
how secure does this need to be? One way to differentiate the official VMs is to sign them directly on Travis (which we'll want to do anyway, just didn't get to it, yet).
Another option is to just change the URL replacement code to do something else when not running on Travis --- like adding your hostname and path instead --- but this could be fairly easily messed with.
Not sure how much malicious intent we want to prevent.
None. I don't think there's malicious intent at all. I do think we should differentiate between "personal" and Travis builds. It's more for my own information, so u don't get confused, than to prevent maliciousness. So do the simplest thing that could possibly work TSTTCPW. I like username,host name,path as in an scp, eg eliot@McStalker:oscogvm (path relative to ~eliot).
cheers, Tim
On 16 June 2016 at 22:07, Eliot Miranda eliot.miranda@gmail.com wrote: Hi All,
so after fixing "git remote get-url origin" to fail over to "git remoteshow origin | filter and munge" the culture shock of "git commit -a" (git commit does nothing ?!?!?) I have a VM that outputs a reasonable version info:
/Users/eliot/oscogvm/build.macos32x86/squeak.cog.spur/CocoaFast.app/Contents/MacOS/Squeak 5.0 5.0.201606161953 Mac OS X built on Jun 16 2016 12:56:52 PDT Compiler: 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57) [Production Spur VM] CoInterpreter VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 StackToRegisterMappingCogit VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 VM: r201606161953 http://github.com/OpenSmalltalk/vm $ Date: Thu Jun 16 12:53:33 2016 -0700 $ Plugins: r201606161953 http://github.com/OpenSmalltalk/vm $
Which begs the question how do I differentiate this from something built officially via Travis? Arguably the URL is wrong, and should only say "http://github.com/OpenSmalltalk/vm" for travis builds, and perhaps should just include my local hostname and current directory when I make any kind of local modification. So the above would read
... VM: r201606161953 McStalker:?users/eliot/oscogvm $ Date: Thu Jun 16 12:53:33 2016 -0700 $ Plugins: r201606161953 McStalker:?users/eliot/oscogvm $
Alternatively we could add another field, or modify one of the existing fields to say "I'm official" however one would do that. I don't know how, I just know we need this. I shouldn't be able to pollute the VM pool by putting some VM on some site somewhere that i just happened to build after several sherries and some cannabis brownies that looks to all intents and purposes just like a VM built by our official Travis slaves. Hic. Chillin'
_,,,^..^,,,_ best, Eliot
On Fri, Jun 17, 2016 at 3:40 PM, Eliot Miranda eliot.miranda@gmail.com wrote:
On Jun 17, 2016, at 12:22 AM, Tim Felgentreff timfelgentreff@gmail.com wrote:
On 16 June 2016 at 22:07, Eliot Miranda eliot.miranda@gmail.com wrote: Hi All,
so after fixing "git remote get-url origin" to fail over to "git remoteshow origin | filter and munge" the culture shock of "git commit -a" (git commit does nothing ?!?!?) I have a VM that outputs a reasonable version info:
/Users/eliot/oscogvm/build.macos32x86/squeak.cog.spur/CocoaFast.app/Contents/MacOS/Squeak 5.0 5.0.201606161953 Mac OS X built on Jun 16 2016 12:56:52 PDT Compiler: 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57) [Production Spur VM] CoInterpreter VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 StackToRegisterMappingCogit VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 VM: r201606161953 http://github.com/OpenSmalltalk/vm $ Date: Thu Jun 16 12:53:33 2016 -0700 $ Plugins: r201606161953 http://github.com/OpenSmalltalk/vm $
Which begs the question how do I differentiate this from something built officially via Travis? Arguably the URL is wrong, and should only say "http://github.com/OpenSmalltalk/vm" for travis builds, and perhaps should just include my local hostname and current directory when I make any kind of local modification. So the above would read
... VM: r201606161953 McStalker:?users/eliot/oscogvm $ Date: Thu Jun 16 12:53:33 2016 -0700 $ Plugins: r201606161953 McStalker:?users/eliot/oscogvm $
Alternatively we could add another field, or modify one of the existing fields to say "I'm official" however one would do that. I don't know how, I just know we need this. I shouldn't be able to pollute the VM pool by putting some VM on some site somewhere that i just happened to build after several sherries and some cannabis brownies that looks to all intents and purposes just like a VM built by our official Travis slaves. Hic. Chillin'
I just discovered git-describe, which seems like it could be useful... http://alblue.bandlem.com/2010/11/automatically-tagging-builds-with-git.html
So if Travis created "r201606161953" as an *official* tag for successful builds like this... https://github.com/travis-ci/travis-ci/issues/1476
then `git describe` would produce "r201606161953" for that build, and after a couple of commits in my personal repo would produce "r201606161953-2-g169d02a". The "-2-g169d02a" would distinguish non-official builds.
In addition, I can now copy-paste a VM's output revision string to directly do "git checkout r201606161953" instead of "git checkout master@{2016-06-16 19:53} which I read is only viable for 90 days anyway, and has some complexity between whether the given date is author commit date or merge date.
But after doing "git checkout r201606161953" in my personal repo git describe ==> r201606161953 is indistinguishable from the Travis build but... git describe --long ==> r201606161953-0-a264e03b is distinguishable.
In addition, if I edit some files and rebuild before committing I want to distinguish this from when I build a fresh check out , which can be done with... git describe --long --dirty ==> r201606161953-0-a264e03b-dirty
So that last would be used to version personal builds, while Travis would use "git describe" without any flags. ==> r201606161953
how secure does this need to be? One way to differentiate the official VMs is to sign them directly on Travis (which we'll want to do anyway, just didn't get to it, yet).
Another option is to just change the URL replacement code to do something else when not running on Travis --- like adding your hostname and path instead --- but this could be fairly easily messed with.
Not sure how much malicious intent we want to prevent.
Later on we should have Travis signing its build artefacts, but for now keep it simple.
None. I don't think there's malicious intent at all. I do think we should differentiate between "personal" and Travis builds. It's more for my own information, so u don't get confused, than to prevent maliciousness. So do the simplest thing that could possibly work TSTTCPW. I like username,host name,path as in an scp, eg eliot@McStalker:oscogvm (path relative to ~eliot).
I think `git branch` is as important as `path`. Username could come from `git config user.name | sed 's/ //g'
cheers -ben
Hi Ben,
On Fri, Jun 17, 2016 at 8:27 AM, Ben Coman btc@openinworld.com wrote:
On Fri, Jun 17, 2016 at 3:40 PM, Eliot Miranda eliot.miranda@gmail.com wrote:
On Jun 17, 2016, at 12:22 AM, Tim Felgentreff timfelgentreff@gmail.com
wrote:
On 16 June 2016 at 22:07, Eliot Miranda eliot.miranda@gmail.com
wrote:
Hi All,
so after fixing "git remote get-url origin" to fail over to "gitremote
show origin | filter and munge" the culture shock of "git commit -a"
(git
commit does nothing ?!?!?) I have a VM that outputs a reasonable
version
info:
/Users/eliot/oscogvm/build.macos32x86/squeak.cog.spur/CocoaFast.app/Contents/MacOS/Squeak
5.0 5.0.201606161953 Mac OS X built on Jun 16 2016 12:56:52 PDT
Compiler:
4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57) [Production Spur VM] CoInterpreter VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 StackToRegisterMappingCogit VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 VM: r201606161953 http://github.com/OpenSmalltalk/vm $ Date: Thu Jun
16
12:53:33 2016 -0700 $ Plugins: r201606161953 http://github.com/OpenSmalltalk/vm $
Which begs the question how do I differentiate this from something
built
officially via Travis? Arguably the URL is wrong, and should only say "http://github.com/OpenSmalltalk/vm" for travis builds, and perhaps
should
just include my local hostname and current directory when I make any
kind of
local modification. So the above would read
... VM: r201606161953 McStalker:?users/eliot/oscogvm $ Date: Thu Jun 16
12:53:33
2016 -0700 $ Plugins: r201606161953 McStalker:?users/eliot/oscogvm $
Alternatively we could add another field, or modify one of the existing fields to say "I'm official" however one would do that. I don't know
how, I
just know we need this. I shouldn't be able to pollute the VM pool by putting some VM on some site somewhere that i just happened to build
after
several sherries and some cannabis brownies that looks to all intents
and
purposes just like a VM built by our official Travis slaves. Hic.
Chillin'
I just discovered git-describe, which seems like it could be useful...
http://alblue.bandlem.com/2010/11/automatically-tagging-builds-with-git.html
So if Travis created "r201606161953" as an *official* tag for successful builds like this... https://github.com/travis-ci/travis-ci/issues/1476
then `git describe` would produce "r201606161953" for that build, and after a couple of commits in my personal repo would produce "r201606161953-2-g169d02a". The "-2-g169d02a" would distinguish non-official builds.
In addition, I can now copy-paste a VM's output revision string to directly do "git checkout r201606161953" instead of "git checkout master@{2016-06-16 19:53} which I read is only viable for 90 days anyway, and has some complexity between whether the given date is author commit date or merge date.
But after doing "git checkout r201606161953" in my personal repo git describe ==> r201606161953 is indistinguishable from the Travis build but... git describe --long ==> r201606161953-0-a264e03b is distinguishable.
In addition, if I edit some files and rebuild before committing I want to distinguish this from when I build a fresh check out , which can be done with... git describe --long --dirty ==> r201606161953-0-a264e03b-dirty
So that last would be used to version personal builds, while Travis would use "git describe" without any flags. ==> r201606161953
Sounds really good, but
McStalker.oscogvm$ uname -a Darwin McStalker 13.4.0 Darwin Kernel Version 13.4.0: Mon Jan 11 18:17:34 PST 2016; root:xnu-2422.115.15~1/RELEASE_X86_64 x86_64 McStalker.oscogvm$ git --version git version 1.9.5 (Apple Git-50.3) McStalker.oscogvm$ git describe fatal: No names found, cannot describe anything. McStalker.oscogvm$ git describe --long fatal: No names found, cannot describe anything. McStalker.oscogvm$
how secure does this need to be? One way to differentiate the official
VMs is to sign them directly on Travis (which we'll want to do anyway, just didn't get to it, yet).
Another option is to just change the URL replacement code to do something else when not running on Travis --- like adding your hostname and path instead --- but this could be fairly easily messed with.
Not sure how much malicious intent we want to prevent.
Later on we should have Travis signing its build artefacts, but for now keep it simple.
The Mac builds already sign provided a certificate is installed and an environment variable set to point to it. See SIGNING_IDENTITY in build.macos*/common/Makefile.app
None. I don't think there's malicious intent at all. I do think we
should differentiate between "personal" and Travis builds. It's more for my own information, so u don't get confused, than to prevent maliciousness. So do the simplest thing that could possibly work TSTTCPW. I like username,host name,path as in an scp, eg eliot@McStalker:oscogvm (path relative to ~eliot).
I think `git branch` is as important as `path`. Username could come from `git config user.name | sed 's/ //g'
cheers -ben
_,,,^..^,,,_ best, Eliot
Hi Fabio,
On Sat, Jun 18, 2016 at 2:04 AM, Fabio Niephaus lists@fniephaus.com wrote:
--
On Sat, Jun 18, 2016 at 5:28 AM Eliot Miranda eliot.miranda@gmail.com wrote:
Hi Ben,
On Fri, Jun 17, 2016 at 8:27 AM, Ben Coman btc@openinworld.com wrote:
On Fri, Jun 17, 2016 at 3:40 PM, Eliot Miranda eliot.miranda@gmail.com wrote:
On Jun 17, 2016, at 12:22 AM, Tim Felgentreff <
timfelgentreff@gmail.com> wrote:
On 16 June 2016 at 22:07, Eliot Miranda eliot.miranda@gmail.com
wrote:
Hi All,
so after fixing "git remote get-url origin" to fail over to "gitremote
show origin | filter and munge" the culture shock of "git commit -a"
(git
commit does nothing ?!?!?) I have a VM that outputs a reasonable
version
info:
/Users/eliot/oscogvm/build.macos32x86/squeak.cog.spur/CocoaFast.app/Contents/MacOS/Squeak
5.0 5.0.201606161953 Mac OS X built on Jun 16 2016 12:56:52 PDT
Compiler:
4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57) [Production Spur VM] CoInterpreter VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 StackToRegisterMappingCogit VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 VM: r201606161953 http://github.com/OpenSmalltalk/vm $ Date: Thu
Jun 16
12:53:33 2016 -0700 $ Plugins: r201606161953 http://github.com/OpenSmalltalk/vm $
Which begs the question how do I differentiate this from something
built
officially via Travis? Arguably the URL is wrong, and should only
say
"http://github.com/OpenSmalltalk/vm" for travis builds, and perhaps
should
just include my local hostname and current directory when I make any
kind of
local modification. So the above would read
... VM: r201606161953 McStalker:?users/eliot/oscogvm $ Date: Thu Jun 16
12:53:33
2016 -0700 $ Plugins: r201606161953 McStalker:?users/eliot/oscogvm $
Alternatively we could add another field, or modify one of the
existing
fields to say "I'm official" however one would do that. I don't
know how, I
just know we need this. I shouldn't be able to pollute the VM pool
by
putting some VM on some site somewhere that i just happened to build
after
several sherries and some cannabis brownies that looks to all
intents and
purposes just like a VM built by our official Travis slaves. Hic.
Chillin'
I just discovered git-describe, which seems like it could be useful...
http://alblue.bandlem.com/2010/11/automatically-tagging-builds-with-git.html
So if Travis created "r201606161953" as an *official* tag for successful builds like this... https://github.com/travis-ci/travis-ci/issues/1476
then `git describe` would produce "r201606161953" for that build, and after a couple of commits in my personal repo would produce "r201606161953-2-g169d02a". The "-2-g169d02a" would distinguish non-official builds.
In addition, I can now copy-paste a VM's output revision string to directly do "git checkout r201606161953" instead of "git checkout master@{2016-06-16 19:53} which I read is only viable for 90 days anyway, and has some complexity between whether the given date is author commit date or merge date.
But after doing "git checkout r201606161953" in my personal repo git describe ==> r201606161953 is indistinguishable from the Travis build but... git describe --long ==> r201606161953-0-a264e03b is distinguishable.
In addition, if I edit some files and rebuild before committing I want to distinguish this from when I build a fresh check out , which can be done with... git describe --long --dirty ==> r201606161953-0-a264e03b-dirty
So that last would be used to version personal builds, while Travis would use "git describe" without any flags. ==> r201606161953
Sounds really good, but
McStalker.oscogvm$ uname -a Darwin McStalker 13.4.0 Darwin Kernel Version 13.4.0: Mon Jan 11 18:17:34 PST 2016; root:xnu-2422.115.15~1/RELEASE_X86_64 x86_64 McStalker.oscogvm$ git --version git version 1.9.5 (Apple Git-50.3) McStalker.oscogvm$ git describe fatal: No names found, cannot describe anything. McStalker.oscogvm$ git describe --long fatal: No names found, cannot describe anything. McStalker.oscogvm$
how secure does this need to be? One way to differentiate the official
VMs is to sign them directly on Travis (which we'll want to do anyway, just didn't get to it, yet).
Another option is to just change the URL replacement code to do something else when not running on Travis --- like adding your hostname and path instead --- but this could be fairly easily messed with.
Not sure how much malicious intent we want to prevent.
Later on we should have Travis signing its build artefacts, but for now keep it simple.
The Mac builds already sign provided a certificate is installed and an environment variable set to point to it. See SIGNING_IDENTITY in build.macos*/common/Makefile.app
Cool! Now we only need to decide whose certificate to use. We can encrypt the cert securely, add it to the repository and install it during a build. BTW: we are already doing this for the RSqueak VM [1] as well.
[1] https://github.com/HPI-SWA-Lab/RSqueak-App/blob/c8e28879a8a9da97fe06cd5cb82e...
I'm happy to provide mine. I'm more than a little unclear as to how to go about adding it to the repository though. Perhaps we could talk early next week and sort this out. Would you be free to Skype on Monday and hold my hand as we try and get this to work?
None. I don't think there's malicious intent at all. I do think we
should differentiate between "personal" and Travis builds. It's more for my own information, so u don't get confused, than to prevent maliciousness. So do the simplest thing that could possibly work TSTTCPW. I like username,host name,path as in an scp, eg eliot@McStalker:oscogvm (path relative to ~eliot).
I think `git branch` is as important as `path`. Username could come from `git config user.name | sed 's/ //g'
cheers -ben
_,,,^..^,,,_ best, Eliot
_,,,^..^,,,_ best, Eliot
Yes, I have some time on Monday. What time would you prefer?
On Sat, 18 Jun 2016 at 23:16, Eliot Miranda eliot.miranda@gmail.com wrote:
Hi Fabio,
On Sat, Jun 18, 2016 at 2:04 AM, Fabio Niephaus lists@fniephaus.com wrote:
--
On Sat, Jun 18, 2016 at 5:28 AM Eliot Miranda eliot.miranda@gmail.com wrote:
Hi Ben,
On Fri, Jun 17, 2016 at 8:27 AM, Ben Coman btc@openinworld.com wrote:
On Fri, Jun 17, 2016 at 3:40 PM, Eliot Miranda eliot.miranda@gmail.com wrote:
On Jun 17, 2016, at 12:22 AM, Tim Felgentreff <
timfelgentreff@gmail.com> wrote:
> On 16 June 2016 at 22:07, Eliot Miranda eliot.miranda@gmail.com
wrote:
> Hi All, > > so after fixing "git remote get-url origin" to fail over to
"git remote
> show origin | filter and munge" the culture shock of "git commit
-a" (git
> commit does nothing ?!?!?) I have a VM that outputs a reasonable
version
> info: > >
/Users/eliot/oscogvm/build.macos32x86/squeak.cog.spur/CocoaFast.app/Contents/MacOS/Squeak
> 5.0 5.0.201606161953 Mac OS X built on Jun 16 2016 12:56:52 PDT
Compiler:
> 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57) [Production Spur
VM]
> CoInterpreter VMMaker.oscog-eem.1886 uuid: > d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 > StackToRegisterMappingCogit VMMaker.oscog-eem.1886 uuid: > d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 > VM: r201606161953 http://github.com/OpenSmalltalk/vm $ Date: Thu
Jun 16
> 12:53:33 2016 -0700 $ > Plugins: r201606161953 http://github.com/OpenSmalltalk/vm $ > > Which begs the question how do I differentiate this from something
built
> officially via Travis? Arguably the URL is wrong, and should only
say
> "http://github.com/OpenSmalltalk/vm" for travis builds, and
perhaps should
> just include my local hostname and current directory when I make
any kind of
> local modification. So the above would read > > ... > VM: r201606161953 McStalker:?users/eliot/oscogvm $ Date: Thu Jun 16
12:53:33
> 2016 -0700 $ > Plugins: r201606161953 McStalker:?users/eliot/oscogvm $ > > Alternatively we could add another field, or modify one of the
existing
> fields to say "I'm official" however one would do that. I don't
know how, I
> just know we need this. I shouldn't be able to pollute the VM pool
by
> putting some VM on some site somewhere that i just happened to
build after
> several sherries and some cannabis brownies that looks to all
intents and
> purposes just like a VM built by our official Travis slaves. Hic.
Chillin'
I just discovered git-describe, which seems like it could be useful...
http://alblue.bandlem.com/2010/11/automatically-tagging-builds-with-git.html
So if Travis created "r201606161953" as an *official* tag for successful builds like this... https://github.com/travis-ci/travis-ci/issues/1476
then `git describe` would produce "r201606161953" for that build, and after a couple of commits in my personal repo would produce "r201606161953-2-g169d02a". The "-2-g169d02a" would distinguish non-official builds.
In addition, I can now copy-paste a VM's output revision string to directly do "git checkout r201606161953" instead of "git checkout master@{2016-06-16 19:53} which I read is only viable for 90 days anyway, and has some complexity between whether the given date is author commit date or merge date.
But after doing "git checkout r201606161953" in my personal repo git describe ==> r201606161953 is indistinguishable from the Travis build but... git describe --long ==> r201606161953-0-a264e03b is distinguishable.
In addition, if I edit some files and rebuild before committing I want to distinguish this from when I build a fresh check out , which can be done with... git describe --long --dirty ==> r201606161953-0-a264e03b-dirty
So that last would be used to version personal builds, while Travis would use "git describe" without any flags. ==> r201606161953
Sounds really good, but
McStalker.oscogvm$ uname -a Darwin McStalker 13.4.0 Darwin Kernel Version 13.4.0: Mon Jan 11 18:17:34 PST 2016; root:xnu-2422.115.15~1/RELEASE_X86_64 x86_64 McStalker.oscogvm$ git --version git version 1.9.5 (Apple Git-50.3) McStalker.oscogvm$ git describe fatal: No names found, cannot describe anything. McStalker.oscogvm$ git describe --long fatal: No names found, cannot describe anything. McStalker.oscogvm$
how secure does this need to be? One way to differentiate the official
VMs is to sign them directly on Travis (which we'll want to do
anyway,
just didn't get to it, yet).
Another option is to just change the URL replacement code to do something else when not running on Travis --- like adding your hostname and path instead --- but this could be fairly easily messed with.
Not sure how much malicious intent we want to prevent.
Later on we should have Travis signing its build artefacts, but for now keep it simple.
The Mac builds already sign provided a certificate is installed and an environment variable set to point to it. See SIGNING_IDENTITY in build.macos*/common/Makefile.app
Cool! Now we only need to decide whose certificate to use. We can encrypt the cert securely, add it to the repository and install it during a build. BTW: we are already doing this for the RSqueak VM [1] as well.
[1] https://github.com/HPI-SWA-Lab/RSqueak-App/blob/c8e28879a8a9da97fe06cd5cb82e...
I'm happy to provide mine. I'm more than a little unclear as to how to go about adding it to the repository though. Perhaps we could talk early next week and sort this out. Would you be free to Skype on Monday and hold my hand as we try and get this to work?
None. I don't think there's malicious intent at all. I do think we
should differentiate between "personal" and Travis builds. It's more for my own information, so u don't get confused, than to prevent maliciousness. So do the simplest thing that could possibly work TSTTCPW. I like username,host name,path as in an scp, eg eliot@McStalker:oscogvm (path relative to ~eliot).
I think `git branch` is as important as `path`. Username could come from `git config user.name | sed 's/ //g'
cheers -ben
_,,,^..^,,,_ best, Eliot
_,,,^..^,,,_ best, Eliot
On Sat, Jun 18, 2016 at 11:28 AM, Eliot Miranda eliot.miranda@gmail.com wrote:
Hi Ben,
On Fri, Jun 17, 2016 at 8:27 AM, Ben Coman btc@openinworld.com wrote:
On Fri, Jun 17, 2016 at 3:40 PM, Eliot Miranda eliot.miranda@gmail.com wrote:
On Jun 17, 2016, at 12:22 AM, Tim Felgentreff timfelgentreff@gmail.com wrote:
On 16 June 2016 at 22:07, Eliot Miranda eliot.miranda@gmail.com wrote: Hi All,
so after fixing "git remote get-url origin" to fail over to "git remoteshow origin | filter and munge" the culture shock of "git commit -a" (git commit does nothing ?!?!?) I have a VM that outputs a reasonable version info:
/Users/eliot/oscogvm/build.macos32x86/squeak.cog.spur/CocoaFast.app/Contents/MacOS/Squeak 5.0 5.0.201606161953 Mac OS X built on Jun 16 2016 12:56:52 PDT Compiler: 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57) [Production Spur VM] CoInterpreter VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 StackToRegisterMappingCogit VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016 VM: r201606161953 http://github.com/OpenSmalltalk/vm $ Date: Thu Jun 16 12:53:33 2016 -0700 $ Plugins: r201606161953 http://github.com/OpenSmalltalk/vm $
Which begs the question how do I differentiate this from something built officially via Travis? Arguably the URL is wrong, and should only say "http://github.com/OpenSmalltalk/vm" for travis builds, and perhaps should just include my local hostname and current directory when I make any kind of local modification. So the above would read
... VM: r201606161953 McStalker:?users/eliot/oscogvm $ Date: Thu Jun 16 12:53:33 2016 -0700 $ Plugins: r201606161953 McStalker:?users/eliot/oscogvm $
Alternatively we could add another field, or modify one of the existing fields to say "I'm official" however one would do that. I don't know how, I just know we need this. I shouldn't be able to pollute the VM pool by putting some VM on some site somewhere that i just happened to build after several sherries and some cannabis brownies that looks to all intents and purposes just like a VM built by our official Travis slaves. Hic. Chillin'
I just discovered git-describe, which seems like it could be useful... http://alblue.bandlem.com/2010/11/automatically-tagging-builds-with-git.html
So if Travis created "r201606161953" as an *official* tag for successful builds like this... https://github.com/travis-ci/travis-ci/issues/1476
then `git describe` would produce "r201606161953" for that build, and after a couple of commits in my personal repo would produce "r201606161953-2-g169d02a". The "-2-g169d02a" would distinguish non-official builds.
In addition, I can now copy-paste a VM's output revision string to directly do "git checkout r201606161953" instead of "git checkout master@{2016-06-16 19:53} which I read is only viable for 90 days anyway, and has some complexity between whether the given date is author commit date or merge date.
But after doing "git checkout r201606161953" in my personal repo git describe ==> r201606161953 is indistinguishable from the Travis build but... git describe --long ==> r201606161953-0-a264e03b is distinguishable.
In addition, if I edit some files and rebuild before committing I want to distinguish this from when I build a fresh check out , which can be done with... git describe --long --dirty ==> r201606161953-0-a264e03b-dirty
So that last would be used to version personal builds, while Travis would use "git describe" without any flags. ==> r201606161953
Sounds really good, but
McStalker.oscogvm$ uname -a Darwin McStalker 13.4.0 Darwin Kernel Version 13.4.0: Mon Jan 11 18:17:34 PST 2016; root:xnu-2422.115.15~1/RELEASE_X86_64 x86_64 McStalker.oscogvm$ git --version git version 1.9.5 (Apple Git-50.3) McStalker.oscogvm$ git describe fatal: No names found, cannot describe anything. McStalker.oscogvm$ git describe --long fatal: No names found, cannot describe anything. McStalker.oscogvm$
That confused me also for a moment. Its only because there are not yet any tags. Try this... $ git tag -a mytag -m "my message" $ git describe --long --dirty $ touch x $ git add x $ git commit -m "blah de blah" $ git describe --long --dirty $ echo blah > x $ git describe --long --dirty
Plus these tags can be applied retroactively without affecting history... https://git-scm.com/book/en/v2/Git-Basics-Tagging
cheers -ben
how secure does this need to be? One way to differentiate the official VMs is to sign them directly on Travis (which we'll want to do anyway, just didn't get to it, yet).
Another option is to just change the URL replacement code to do something else when not running on Travis --- like adding your hostname and path instead --- but this could be fairly easily messed with.
Not sure how much malicious intent we want to prevent.
Later on we should have Travis signing its build artefacts, but for now keep it simple.
The Mac builds already sign provided a certificate is installed and an environment variable set to point to it. See SIGNING_IDENTITY in build.macos*/common/Makefile.app
None. I don't think there's malicious intent at all. I do think we should differentiate between "personal" and Travis builds. It's more for my own information, so u don't get confused, than to prevent maliciousness. So do the simplest thing that could possibly work TSTTCPW. I like username,host name,path as in an scp, eg eliot@McStalker:oscogvm (path relative to ~eliot).
I think `git branch` is as important as `path`. Username could come from `git config user.name | sed 's/ //g'
vm-dev@lists.squeakfoundation.org
-
Ben Coman -
Eliot Miranda -
Fabio Niephaus -
Tim Felgentreff