Automate verification of build results #16
Description
It would be awesome, if we had a way to automate the build result verification, for example via Travis CI.
The process would roughly look like this:
- Clone gitian.sigs
- Clone gitian-builder
- Clone omnicore
- Find build results
- Extract meta data
- Checkout related commit
- Verify results
There are a few issues though:
- extracting and handling the data is a bit tricky, at least for me
- all GPG keys must be available, otherwise the verification fails
- we could add the keys manually (we should publish them somewhere anyway)
- but submissions from new users would fail
I hacked together a Python script: https://gist.github.com/dexX7/4fed3b3e1177097110c5
It can be used as follows (all steps already possible right now):
# one time setup
sudo pip install pyyaml
gpg --recv-keys 0xA6308A6C5B1E67CC7CF7002FBCC02B71BE91B32B 0xF43718054C3E7C5CFB33E8257675E31CF5719832
# project specific setup
PATH_GITIAN=/tmp/verifytest/gitian-builder
PATH_RESULTS=/tmp/verifytest/gitian.sigs
PATH_PROJECT=/tmp/verifytest/omnicore
git clone https://github.com/devrandom/gitian-builder.git $PATH_GITIAN
git clone https://github.com/OmniLayer/gitian.sigs.git $PATH_RESULTS
git clone https://github.com/OmniLayer/omnicore.git $PATH_PROJECT
# get script
wget https://gist.githubusercontent.com/dexX7/4fed3b3e1177097110c5/raw/a0b99320c6aab2f0e467aba67c289c569985ba1c/gveryify_all.py
# ... and go!
python gveryify_all.py $PATH_GITIAN/bin/gverify $PATH_RESULTS $PATH_PROJECTWhy all this? Because it takes of some load, and because I'm obviously not reliable. :/
It's probably also useful, if we start to publish nightly builds, because then we might fire up two build bots, and if their results match, the binaries are published, etc..
I'm going to integrate the script, once all results of this repo match, but it would be great, if you have some input regarding the points I raised above.