[squeak-dev] Unambiguously differentiating official and local builds [Was [Vm-dev] Moving the Cog subversion repository to githup at 2016-6-16 7am UTC]

Fabio Niephaus lists at fniephaus.com
Sat Jun 18 09:04:42 UTC 2016 

-- 

On Sat, Jun 18, 2016 at 5:28 AM Eliot Miranda <eliot.miranda at gmail.com>
wrote:

>
> Hi Ben,
>
> On Fri, Jun 17, 2016 at 8:27 AM, Ben Coman <btc at openinworld.com> wrote:
>
>>
>> On Fri, Jun 17, 2016 at 3:40 PM, Eliot Miranda <eliot.miranda at gmail.com>
>> wrote:
>> >
>> >> On Jun 17, 2016, at 12:22 AM, Tim Felgentreff <
>> timfelgentreff at gmail.com> wrote:
>> >>
>> >>> On 16 June 2016 at 22:07, Eliot Miranda <eliot.miranda at gmail.com>
>> wrote:
>> >>> Hi All,
>> >>>
>> >>>     so after fixing "git remote get-url origin" to fail over to "git
>> remote
>> >>> show origin | filter and munge" the culture shock of "git commit -a"
>> (git
>> >>> commit does nothing ?!?!?) I have a VM that outputs a reasonable
>> version
>> >>> info:
>> >>>
>> >>>
>> /Users/eliot/oscogvm/build.macos32x86/squeak.cog.spur/CocoaFast.app/Contents/MacOS/Squeak
>> >>> 5.0 5.0.201606161953 Mac OS X built on Jun 16 2016 12:56:52 PDT
>> Compiler:
>> >>> 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57) [Production Spur VM]
>> >>> CoInterpreter VMMaker.oscog-eem.1886 uuid:
>> >>> d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016
>> >>> StackToRegisterMappingCogit VMMaker.oscog-eem.1886 uuid:
>> >>> d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016
>> >>> VM: r201606161953 http://github.com/OpenSmalltalk/vm $ Date: Thu Jun
>> 16
>> >>> 12:53:33 2016 -0700 $
>> >>> Plugins: r201606161953 http://github.com/OpenSmalltalk/vm $
>> >>>
>> >>> Which begs the question how do I differentiate this from something
>> built
>> >>> officially via Travis?  Arguably the URL is wrong, and should only say
>> >>> "http://github.com/OpenSmalltalk/vm" for travis builds, and perhaps
>> should
>> >>> just include my local hostname and current directory when I make any
>> kind of
>> >>> local modification.  So the above would read
>> >>>
>> >>> ...
>> >>> VM: r201606161953 McStalker:?users/eliot/oscogvm $ Date: Thu Jun 16
>> 12:53:33
>> >>> 2016 -0700 $
>> >>> Plugins: r201606161953 McStalker:?users/eliot/oscogvm $
>> >>>
>> >>> Alternatively we could add another field, or modify one of the
>> existing
>> >>> fields to say "I'm official" however one would do that.  I don't know
>> how, I
>> >>> just know we need this.  I shouldn't be able to pollute the VM pool by
>> >>> putting some VM on some site somewhere that i just happened to build
>> after
>> >>> several sherries and some cannabis brownies that looks to all intents
>> and
>> >>> purposes just like a VM built by our official Travis slaves.  Hic.
>> Chillin'
>>
>> I just discovered git-describe, which seems like it could be useful...
>>
>> http://alblue.bandlem.com/2010/11/automatically-tagging-builds-with-git.html
>>
>> So if Travis created  "r201606161953" as an *official* tag for
>> successful builds like this...
>> https://github.com/travis-ci/travis-ci/issues/1476
>>
>> then `git describe` would produce "r201606161953" for that build, and
>> after a couple of commits in my personal repo would produce
>> "r201606161953-2-g169d02a".    The "-2-g169d02a" would distinguish
>> non-official builds.
>>
>> In addition, I can now copy-paste a VM's output revision string
>> to directly do "git checkout r201606161953"
>> instead of "git checkout master@{2016-06-16 19:53} which I read is
>> only viable for 90 days anyway, and has some complexity between
>> whether the given date is author commit date or merge date.
>>
>> But after doing "git checkout r201606161953" in my personal repo
>>    git describe
>>         ==>    r201606161953  is indistinguishable from the Travis build
>> but...
>>    git describe --long
>>        ==>  r201606161953-0-a264e03b  is distinguishable.
>>
>> In addition,  if I edit some files and rebuild before committing I
>> want to distinguish this from when I build a fresh check out , which
>> can be done with...
>>    git describe --long --dirty    ==>   r201606161953-0-a264e03b-dirty
>>
>> So that last would be used to version personal builds,
>> while Travis would use "git describe" without any flags.
>>    ==>   r201606161953
>>
>
> Sounds really good, but
>
> McStalker.oscogvm$ uname -a
> Darwin McStalker 13.4.0 Darwin Kernel Version 13.4.0: Mon Jan 11 18:17:34
> PST 2016; root:xnu-2422.115.15~1/RELEASE_X86_64 x86_64
> McStalker.oscogvm$ git --version
> git version 1.9.5 (Apple Git-50.3)
> McStalker.oscogvm$ git describe
> fatal: No names found, cannot describe anything.
> McStalker.oscogvm$ git describe --long
> fatal: No names found, cannot describe anything.
> McStalker.oscogvm$
>
> >> how secure does this need to be? One way to differentiate the official
>> >> VMs is to sign them directly on Travis (which we'll want to do anyway,
>> >> just didn't get to it, yet).
>> >>
>> >> Another option is to just change the URL replacement code to do
>> >> something else when not running on Travis --- like adding your
>> >> hostname and path instead --- but this could be fairly easily messed
>> >> with.
>> >>
>> >> Not sure how much malicious intent we want to prevent.
>>
>> Later on we should have Travis signing its build artefacts, but for
>> now keep it simple.
>>
>
> The Mac builds already sign provided a certificate is installed and an
> environment variable set to point to it.  See SIGNING_IDENTITY in
> build.macos*/common/Makefile.app
>

Cool! Now we only need to decide whose certificate to use. We can encrypt
the cert securely, add it to the repository and install it during a build.
BTW: we are already doing this for the RSqueak VM [1] as well.

[1]
https://github.com/HPI-SWA-Lab/RSqueak-App/blob/c8e28879a8a9da97fe06cd5cb82e9b9c3058924e/prepare.sh#L42-L46


>
>
>>
>> >
>> > None.  I don't think there's malicious intent at all.  I do think we
>> should differentiate between "personal" and Travis builds.  It's more for
>> my own information, so u don't get confused, than to prevent
>> maliciousness.  So do the simplest thing that could possibly work TSTTCPW.
>> I like username,host name,path as in an scp, eg eliot at McStalker:oscogvm
>> (path relative to ~eliot).
>>
>> I think `git branch` is as important as `path`.
>> Username could come from `git config user.name | sed 's/ //g'
>>
>> cheers -ben
>>
>
>
> _,,,^..^,,,_
> best, Eliot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20160618/29fb6bd3/attachment.htm

More information about the Vm-dev mailing list