[squeak-dev] Unambiguously differentiating official and local builds [Was [Vm-dev] Moving the Cog subversion repository to githup at 2016-6-16 7am UTC]

Ben Coman btc at openinworld.com
Fri Jun 17 15:27:13 UTC 2016 

On Fri, Jun 17, 2016 at 3:40 PM, Eliot Miranda <eliot.miranda at gmail.com> wrote:
>
>> On Jun 17, 2016, at 12:22 AM, Tim Felgentreff <timfelgentreff at gmail.com> wrote:
>>
>>> On 16 June 2016 at 22:07, Eliot Miranda <eliot.miranda at gmail.com> wrote:
>>> Hi All,
>>>
>>>     so after fixing "git remote get-url origin" to fail over to "git remote
>>> show origin | filter and munge" the culture shock of "git commit -a" (git
>>> commit does nothing ?!?!?) I have a VM that outputs a reasonable version
>>> info:
>>>
>>> /Users/eliot/oscogvm/build.macos32x86/squeak.cog.spur/CocoaFast.app/Contents/MacOS/Squeak
>>> 5.0 5.0.201606161953 Mac OS X built on Jun 16 2016 12:56:52 PDT Compiler:
>>> 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57) [Production Spur VM]
>>> CoInterpreter VMMaker.oscog-eem.1886 uuid:
>>> d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016
>>> StackToRegisterMappingCogit VMMaker.oscog-eem.1886 uuid:
>>> d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016
>>> VM: r201606161953 http://github.com/OpenSmalltalk/vm $ Date: Thu Jun 16
>>> 12:53:33 2016 -0700 $
>>> Plugins: r201606161953 http://github.com/OpenSmalltalk/vm $
>>>
>>> Which begs the question how do I differentiate this from something built
>>> officially via Travis?  Arguably the URL is wrong, and should only say
>>> "http://github.com/OpenSmalltalk/vm" for travis builds, and perhaps should
>>> just include my local hostname and current directory when I make any kind of
>>> local modification.  So the above would read
>>>
>>> ...
>>> VM: r201606161953 McStalker:?users/eliot/oscogvm $ Date: Thu Jun 16 12:53:33
>>> 2016 -0700 $
>>> Plugins: r201606161953 McStalker:?users/eliot/oscogvm $
>>>
>>> Alternatively we could add another field, or modify one of the existing
>>> fields to say "I'm official" however one would do that.  I don't know how, I
>>> just know we need this.  I shouldn't be able to pollute the VM pool by
>>> putting some VM on some site somewhere that i just happened to build after
>>> several sherries and some cannabis brownies that looks to all intents and
>>> purposes just like a VM built by our official Travis slaves.  Hic.  Chillin'

I just discovered git-describe, which seems like it could be useful...
http://alblue.bandlem.com/2010/11/automatically-tagging-builds-with-git.html

So if Travis created  "r201606161953" as an *official* tag for
successful builds like this...
https://github.com/travis-ci/travis-ci/issues/1476

then `git describe` would produce "r201606161953" for that build, and
after a couple of commits in my personal repo would produce
"r201606161953-2-g169d02a".    The "-2-g169d02a" would distinguish
non-official builds.

In addition, I can now copy-paste a VM's output revision string
to directly do "git checkout r201606161953"
instead of "git checkout master@{2016-06-16 19:53} which I read is
only viable for 90 days anyway, and has some complexity between
whether the given date is author commit date or merge date.

But after doing "git checkout r201606161953" in my personal repo
   git describe
        ==>    r201606161953  is indistinguishable from the Travis build
but...
   git describe --long
       ==>  r201606161953-0-a264e03b  is distinguishable.

In addition,  if I edit some files and rebuild before committing I
want to distinguish this from when I build a fresh check out , which
can be done with...
   git describe --long --dirty    ==>   r201606161953-0-a264e03b-dirty

So that last would be used to version personal builds,
while Travis would use "git describe" without any flags.
   ==>   r201606161953


>> how secure does this need to be? One way to differentiate the official
>> VMs is to sign them directly on Travis (which we'll want to do anyway,
>> just didn't get to it, yet).
>>
>> Another option is to just change the URL replacement code to do
>> something else when not running on Travis --- like adding your
>> hostname and path instead --- but this could be fairly easily messed
>> with.
>>
>> Not sure how much malicious intent we want to prevent.

Later on we should have Travis signing its build artefacts, but for
now keep it simple.

>
> None.  I don't think there's malicious intent at all.  I do think we should differentiate between "personal" and Travis builds.  It's more for my own information, so u don't get confused, than to prevent maliciousness.  So do the simplest thing that could possibly work TSTTCPW.  I like username,host name,path as in an scp, eg eliot at McStalker:oscogvm (path relative to ~eliot).

I think `git branch` is as important as `path`.
Username could come from `git config user.name | sed 's/ //g'

cheers -ben

More information about the Vm-dev mailing list