diff --git a/.gitignore b/.gitignore index 378eac2..a91faf5 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ build +fuzz_corpus +fuzzing-directory diff --git a/Hashes.md b/Hashes.md index 4e28e1e..e5da651 100644 --- a/Hashes.md +++ b/Hashes.md @@ -1,5 +1,25 @@ # Hashes +2.1.1 cagebreak + + * sha 256: 8632e7e49637e5a3e7ab425a05fbd63d71cf6025143c89d196f309dbf4efdd57 + * sha 512: ca853aca80bde974f00e4cfcb21a77159d2f9f639342e92d049a0c5290a57094a1b2b1f28ac76ebdf89cf76384bb1caca45813d25ba5ef8ba8996e8c10e51e7a + +2.1.1 cagebreak.1 + + * sha 256: 1d56762bcbe4ba5b9015dda3c19ab1d628d08c7a7c731042643c9f2e59cf3a7c + * sha 512: e421da32e8d6f9eec4559c53614427900fd7ae5c17bf9b9fdfa90764017d5d90c08e10e737aacbe46ed97966dbc4c76944b54bce367925fd9899ff8e41fa7947 + +2.1.1 cagebreak-config.5 + + * sha 256: f4405bd650d4cab29e536651f0d45443ebe51628c4dfef75576923ec903d781e + * sha 512: 451c85c7a02f724824499a43929ef6f05eee4d4c666186f766163c01e36503a36b7f6bbf2d5cb632cbd2cd0740b0b3becc2d8c388e914cb0bacfe6134a6ada92 + +2.1.1 cagebreak-socket.7 + + * sha 256: cd67c9de727d6f8727269bc06a80aa77ede26b5652eb4ab35c898939711ae429 + * sha 512: a572710972b19a3872269fd2c52f1afd09a11dd621b4108f6ec3cde383c088c52782d5a240b001328257a66143a045fbf967d327b434e2ca32c2ffafc3b18b7f + 2.1.0 cagebreak * sha 256: 0c90ba529ffc916306a1ca04d4c56a800c62a98d184d3cfcc2ce67dcdffad324 diff --git a/README.md b/README.md index f933980..aca03a6 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Cagebreak: A Wayland Tiling Compositor -[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/6532/badge)](https://bestpractices.coreinfrastructure.org/projects/6532) [![Packaging status](https://repology.org/badge/tiny-repos/cagebreak.svg)](https://repology.org/project/cagebreak/versions) [![AUR package](https://repology.org/badge/version-for-repo/aur/cagebreak.svg?minversion=2.1.0)](https://repology.org/project/cagebreak/versions) +[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/6532/badge)](https://bestpractices.coreinfrastructure.org/projects/6532) [![Packaging status](https://repology.org/badge/tiny-repos/cagebreak.svg)](https://repology.org/project/cagebreak/versions) [![AUR package](https://repology.org/badge/version-for-repo/aur/cagebreak.svg?minversion=2.1.1)](https://repology.org/project/cagebreak/versions) ## Quick Introduction @@ -260,6 +260,156 @@ need to ask for the distribution the user was having the issue on.)). You should use Arch Linux if you want to modify Cagebreak for yourself. +### Review Requirements + +Project-repo will review your proposal before your implementation for feasibility +and desirability. After your pull request, the code will be reviewed in conjunction +with all other changes before the release as per the release procedure. + +All reviews performed by project-repo are verified by at least two people internally. + +### Developer Certificate of Origin (DCO) + +On any pull requests please include a + +``` +signed-off-by: YOUR IDENTIFIER OR NAME +``` + +DCO statement. + +By doing this you claim that you are legally allowed to contribute the +code and agree to let project-repo publish it under the MIT License. + +#### Development Environment + +CAVEAT: This script works exclusively on Arch Linux, which, as outlined above, +is the development distribution of Cagebreak. + +Cloning the Cagebreak repository and building it is sufficient as a starting point. + +All other dependencies can be installed by invoking + +``` +meson compile devel-install -C build +``` + +if meson is already available or + +``` +./scripts/install-development-environment +``` + +otherwise. + +#### Scripts + +Cagebreak provides a few convenience tools to facilitate development. + +##### Fuzzing + +If your fuzzing corpus is located in the directory `fuzz_corpus` you can +just call: + +``` +meson compile fuzz -C build +``` + +If you want to use a different directory, configure cagebreak with +`-Dcorpus=OTHERDIRECTORY` or call `./scripts/fuzz OTHERDIRECTORY`. + +##### Adjusting Epoch + +To facilitate the creation of reproducible man pages an arbitrary release +time has to be set in `meson.build`: + +``` +meson compile adjust-epoch -C build +``` + +or + +``` +./scripts/adjust-epoch +``` + +##### Git tag + +If you are on the master branch, everything is ready and you want to create +a release tag you can call: + +``` +meson compile git-tag -C build +``` + +If you want to use another signing key than the prespecified one, configure +Cagebreak with `-Dgpg_id=GPGID`. + +``` +./scripts/git-tag GPGID CBVERSION +``` + +can be used alternatively. + +##### Output Hashes + +Hashes of release versions of all binaries can be output to `local-hashes.txt` +via: + +``` +meson compile output-hashes -C build +``` + +Or + +``` +./scripts/output-hashes VERSION +``` + +if meson is unavailable. + +##### Create Signatures + +Creation of signatures for releases can be achieved through: + +``` +meson compile create-sigs -C build +``` + +Configure Cagebreak with `-Dgpg_id=GPGID` for a different gpg signing +key. + +Without meson use: + +``` +./scripts/create-signatures GPGID +``` + +##### Set Version Number + +Once the version number is set within meson.build, you can use + +``` +meson compile set-ver -C build +``` + +to set the version number in the man pages and README repology minversion. + +Use of the script without meson is discouraged because meson.build is +not touched by the script. + +##### Create Release Artefacts + +The following command generates the release artefacts which must be created +once a release is completely ready to be published (the commit is tagged with +the version of the master branch, etc.): + +``` +meson compile create-artefacts -C build +``` + +Use of the script version is discouraged. + ### GCC and -fanalyzer Cagebreak should compile with any reasonably new gcc or clang. Consider @@ -312,6 +462,11 @@ There are four test suites: * Note that this is only expected to pass just before a release. This checks mostly administrative things to check that a release is ready. + * Note that non-auto tests are files in `release-non-auto-checks` + and have to contain the release version and current date in + YYYY-mm-dd format on seperate lines. This is our imperfect attempt + to guarantee some hard-to-automate checks are carried out before + a release is undertaken. Every commit should pass at least the basic and devel suites. @@ -359,7 +514,7 @@ find bugs in other areas of the code. #### Caveat Currently, there are memory leaks which do not seem to stem from our code but rather -the code of wl-roots or some other library we depend on. We are working on the problem. +the code of wlroots or some other library we depend on. We are working on the problem. In the meantime, add `-Db_detect-leaks=0` to the meson command to exclude memory leaks. ### Reproducible Builds @@ -456,53 +611,47 @@ The release procedure outlines the process for a release to occur. * [ ] `git checkout development` * [ ] `git pull origin development` * [ ] `git push origin development` - * [ ] New semantic version number determined - * [ ] Adjust version number - * [ ] meson.build - * [ ] git tag - * [ ] Relevant Documentation completed + * [ ] Arch Build System is up to date + * [ ] `meson test -C build/` just to get an overview + * [ ] Update internal wiki + * [ ] Adjust version number in meson.build + * [ ] `meson compile set-ver -C build` + * [ ] Add new files to meson.build or hardcoded testing variable + * [ ] Commit changes + * [ ] `git push origin development` + * [ ] Complete relevant documentation * [ ] New features + * [ ] tests added and old test scripts adjusted * [ ] man pages * [ ] cagebreak * [ ] cagebreak-config * [ ] cagebreak-socket * [ ] example config - * [ ] Set EPOCH to release day in man generation in meson.build * [ ] FAQ.md * [ ] Changelog.md for major and minor releases but not patches - * [ ] Check features for SECURITY.md relevance (changes to socket scope - for example) + * [ ] Check changes for SECURITY.md relevance (changes to socket scope for example) * [ ] Synchronize any socket changes to cagebreak-socket man page - * [ ] Updated internal wiki - * [ ] Added new files to meson.build or hardcoded testing variable - * [ ] Fixed bugs documented in Bugs.md + * [ ] Document fixed bugs in Bugs.md * [ ] Include issue discussion from github, where applicable + * [ ] Commit changes + * [ ] `git push origin development` * [ ] Testing * [ ] Manual testing - * [ ] Libfuzzer testing - * [ ] Arch Build System is up to date - * [ ] wlr_xdg_shell version check - * [ ] Cagebreak is reproducible on multiple machines - * [ ] Documented reproducible build artefacts - * [ ] Hashes of the artefacts in Hashes.md - * [ ] Renamed previous signatures - * [ ] Created gpg signature of the artefacts - * [ ] `gpg --detach-sign -u keyid cagebreak` - * [ ] `gpg --detach-sign -u keyid cagebreak.1` - * [ ] `gpg --detach-sign -u keyid cagebreak-config.5` - * [ ] `gpg --detach-sign -u keyid cagebreak-socket.7` - * [ ] `meson test -C build` + * [ ] `meson compile fuzz -C build` for at least one hour + * [ ] Complete release-non-auto-checks + * [ ] Use `meson compile output-hashes -C build` to add Hashes or aid in repro check + * [ ] `meson compile create-signatures -C build` + * [ ] Commit and push signatures, hashes and non-auto-check files + * [ ] `meson test -C build` passes everything except some release tests * [ ] `git add` relevant files * [ ] `git commit` * [ ] `git push origin development` - * [ ] Determined commit and tag message (Start with "Release version_number\n\n") - * [ ] Mentioned fixed Bugs.md issues ("Fixed Issue n") - * [ ] Mentioned other important changes * [ ] `git checkout master` * [ ] `git merge --squash development` * [ ] `git commit` and insert message - * [ ] `git tag -u keyid version HEAD` and insert message - * [ ] `git tag -v version` and check output + * [ ] `meson compile git-tag -C build` + * [ ] `meson compile create-artefacts -C build` + * [ ] `meson test -C build` THIS MUST PASS WITHOUT ANY FAILURES WHATSOEVER * [ ] `git push --tags origin master` * [ ] `git checkout development` (merge to development depends on whether release was a hotfix) * [ ] `git merge master` @@ -510,33 +659,8 @@ The release procedure outlines the process for a release to occur. * [ ] `git checkout hotfix` (hotfix is to be kept current with master after releases) * [ ] `git merge master` * [ ] `git push --tags origin hotfix` - * [ ] `git archive --prefix=cagebreak/ -o release_version.tar.gz tags/version .` - * [ ] Create release-artefacts_version.tar.gz - * [ ] `mkdir release-artefacts_version` - * [ ] `cp build/cagebreak release-artefacts_version/` - * [ ] `cp build/cagebreak.sig release-artefacts_version/` - * [ ] `cp build/cagebreak.1 release-artefacts_version/` - * [ ] `cp build/cagebreak.1.sig release-artefacts_version/` - * [ ] `cp build/cagebreak-config.5 release-artefacts_version/` - * [ ] `cp build/cagebreak-config.5.sig release-artefacts_version/` - * [ ] `cp build/cagebreak-socket.7 release-artefacts_version/` - * [ ] `cp build/cagebreak-socket.7.sig release-artefacts_version/` - * [ ] `cp LICENSE release-artefacts_version/` - * [ ] `cp README.md release-artefacts_version/` - * [ ] `cp SECURITY.md release-artefacts_version/` - * [ ] `cp FAQ.md release-artefacts_version/` - * [ ] `export SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) ; tar --sort=name --mtime= --owner=0 --group=0 --numeric-owner -czf release-artefacts_version.tar.gz release-artefacts_version` - * [ ] Checked archive - * [ ] tar -xvf release_version.tar.gz - * [ ] cd cagebreak - * [ ] meson setup build -Dxwayland=true -Dman-pages=true --buildtype=release - * [ ] ninja -C build - * [ ] gpg --verify ../signatures/cagebreak.sig build/cagebreak - * [ ] cd .. - * [ ] rm -rf cagebreak - * [ ] `gpg --detach-sign -u keyid release_version.tar.gz` - * [ ] `gpg --detach-sign -u keyid release-artefacts_version.tar.gz` * [ ] Upload archives and signatures as release assets + * [ ] Manage package release ## Roadmap @@ -600,6 +724,17 @@ independent of github, in case this service is unavailable. For other means of contacting the Cagebreak authors and for security issues see [SECURITY.md](SECURITY.md). +## Accessibility + + * We use text input/output to interact with the user whenever possible. For + example, sending text-based commands to the cagebreak sockets allows + one to change every configurable feature of cagebreak. + * Color is displayed but never a vital part to operating cagebreak. + * Text size can be increased and background color adjusted using text commands. + * There is no screen reader support per se but using a screen reader on socket output + would work and cagebreak does not preclude the use of a screen reader + for any software run with it. + ## Contributors * Aisha Tammy diff --git a/man/cagebreak-config.5.md b/man/cagebreak-config.5.md index 1c65b78..bb04547 100644 --- a/man/cagebreak-config.5.md +++ b/man/cagebreak-config.5.md @@ -1,4 +1,4 @@ -cagebreak-config(5) "Version 2.1.0" "Cagebreak Manual" +cagebreak-config(5) "VERSION 2.1.1" "Cagebreak Manual" # NAME diff --git a/man/cagebreak-socket.7.md b/man/cagebreak-socket.7.md index b8e8d9c..19b7370 100644 --- a/man/cagebreak-socket.7.md +++ b/man/cagebreak-socket.7.md @@ -1,4 +1,4 @@ -cagebreak-socket(7) "Version 2.1.0" "Cagebreak Manual" +cagebreak-socket(7) "VERSION 2.1.1" "Cagebreak Manual" # NAME diff --git a/man/cagebreak.1.md b/man/cagebreak.1.md index b3fd209..fdc2da1 100644 --- a/man/cagebreak.1.md +++ b/man/cagebreak.1.md @@ -1,4 +1,4 @@ -cagebreak(1) "Version 2.1.0" "Cagebreak Manual" +cagebreak(1) "VERSION 2.1.1" "Cagebreak Manual" # NAME diff --git a/meson.build b/meson.build index f9708e7..26b0746 100644 --- a/meson.build +++ b/meson.build @@ -3,7 +3,7 @@ project( 'cagebreak', 'c', -version : '2.1.0', +version : '2.1.1', license : 'MIT', default_options : ['c_std=c11', 'warning_level=3'] ) @@ -202,8 +202,8 @@ cagebreak_dependencies_dict = { reproducible_build_versions = { 'server_protos': '-1', 'wayland_server': '1.19.0', - 'wayland_client': '1.21.0', - 'wayland_cursor': '1.21.0', + 'wayland_client': '1.22.0', + 'wayland_cursor': '1.22.0', 'wlroots': '0.16.2', 'xkbcommon': '1.5.0', 'fontconfig': '2.14.2', @@ -260,7 +260,7 @@ install_data('LICENSE', install_dir : '/usr/share/licenses/' + meson.project_nam if get_option('man-pages') scdoc = find_program('scdoc') - secssinceepoch = 1680540192 + secssinceepoch = 1681758922 shcommand = 'export SOURCE_DATE_EPOCH=' + secssinceepoch.to_string() + ' ; @0@ < @INPUT@'.format(scdoc.path()) sh = find_program('sh') mandir1 = join_paths(get_option('mandir'), 'man1') @@ -344,6 +344,30 @@ summary = [ ] message('\n'.join(summary)) +run_target('devel-install', + command : ['scripts/install-development-environment']) + +run_target('fuzz', + command : ['scripts/fuzz', get_option('corpus')]) + +run_target('adjust-epoch', + command : ['scripts/adjust-epoch']) + +run_target('git-tag', + command : ['scripts/git-tag', get_option('gpg_id'), meson.project_version()]) + +run_target('output-hashes', + command : ['scripts/output-hashes', meson.project_version()]) + +run_target('create-sigs', + command : ['scripts/create-signatures', get_option('gpg_id')]) + +run_target('set-ver', + command : ['scripts/set-version', meson.project_version()]) + +run_target('create-artefacts', + command : ['scripts/create-release-artefacts', get_option('gpg_id'), meson.project_version()]) + # Test Suite test('Build without warnings', find_program('test/build-w-o-warnings'), env : [ ''.join('MESONCURRENTCONFIGDIR=', meson.current_source_dir()) ], suite: 'devel') @@ -351,7 +375,13 @@ test('Build without xwayland', find_program('test/build-w-o-xwayland'), env : [ test('Copyright and LICENSE', find_program('test/copyright-license'), args : [ cagebreak_main_file + cagebreak_source_strings + cagebreak_header_strings + fuzz_sources + fuzz_headers + fuzz_override_lib ], env : [ ''.join('MESONCURRENTCONFIGDIR=', meson.current_source_dir()), ''.join('MESONLICENSE=', meson.project_license())], suite: 'devel' ) test('Clang-format (formatting check)', find_program('test/clang-format'), args : [ cagebreak_main_file + cagebreak_source_strings + cagebreak_header_strings + fuzz_sources + fuzz_headers + fuzz_override_lib ], env : [ ''.join('MESONCURRENTCONFIGDIR=', meson.current_source_dir()) ], suite: 'devel') test('Shellcheck (script linting)', find_program('test/shellcheck'), env : [ ''.join('MESONCURRENTCONFIGDIR=', meson.current_source_dir()) ], suite: 'devel') +test('GPG key validity', find_program('test/gpg-validity'), args : [ meson.project_version() ], env : [ ''.join('MESONCURRENTCONFIGDIR=', meson.current_source_dir()) ], suite: 'devel') test('Scan-build (static analysis)', find_program('test/scan-build'), env : [ ''.join('MESONCURRENTCONFIGDIR=', meson.current_source_dir()) ], suite: 'devel-long') test('Arguments', find_program('test/arguments'), args : [ meson.project_version() ], env : [ ''.join('MESONCURRENTCONFIGDIR=', meson.current_source_dir()) ], suite: 'basic') test('Environment Variables', find_program('test/environment-variables'), env : [ ''.join('MESONCURRENTCONFIGDIR=', meson.current_source_dir()) ], suite: 'basic') test('Semantic versioning', find_program('test/versions'), args : [ meson.project_version() ], env : [ ''.join('MESONCURRENTCONFIGDIR=', meson.current_source_dir()) ], suite: 'release') +test('Signature validity', find_program('test/gpg-signatures'), suite: 'release') +test('Hashes.md', find_program('test/hashes-md'), args : [ meson.project_version() ], env : [ ''.join('MESONCURRENTCONFIGDIR=', meson.current_source_dir()) ], suite: 'release') +test('Non-auto tests', find_program('test/non-auto-tests'), args : [ meson.project_version() ], env : [ ''.join('MESONCURRENTCONFIGDIR=', meson.current_source_dir()) ], suite: 'release') +test('Git tag', find_program('test/git-tag'), args : [ meson.project_version() ], suite: 'release') +test('Release-artefacts', find_program('test/check-artefacts'), args : [ meson.project_version() ], env : [ ''.join('MESONCURRENTCONFIGDIR=', meson.current_source_dir()) ], suite: 'release') diff --git a/meson_options.txt b/meson_options.txt index b7fc956..eba2f60 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -4,3 +4,5 @@ option('xwayland', type: 'boolean', value: 'false', description: 'Enable support option('man-pages', type: 'boolean', value: 'false', description: 'Build man pages (requires pandoc)') option('fuzz', type: 'boolean', value: 'false', description: 'Enable building fuzzer targets') option('version_override', type: 'string', description: 'Set the project version to the string specified. Used for creating hashes for reproducible builds.') +option('corpus', type: 'string', value: 'fuzz_corpus', description: 'Set fuzzing corpus directory') +option('gpg_id', type: 'string', value: '4E82C72C6B3E58A7BC4FF8554909F84CA83BB867', description: 'Set gpg signing key for cagebreak') diff --git a/release-non-auto-checks/Bugs.md b/release-non-auto-checks/Bugs.md new file mode 100644 index 0000000..aa7d21e --- /dev/null +++ b/release-non-auto-checks/Bugs.md @@ -0,0 +1,2 @@ +2.1.1 +2023-04-17 diff --git a/release-non-auto-checks/FAQ.md b/release-non-auto-checks/FAQ.md new file mode 100644 index 0000000..aa7d21e --- /dev/null +++ b/release-non-auto-checks/FAQ.md @@ -0,0 +1,2 @@ +2.1.1 +2023-04-17 diff --git a/release-non-auto-checks/SECURITY.md b/release-non-auto-checks/SECURITY.md new file mode 100644 index 0000000..aa7d21e --- /dev/null +++ b/release-non-auto-checks/SECURITY.md @@ -0,0 +1,2 @@ +2.1.1 +2023-04-17 diff --git a/release-non-auto-checks/WLR_XDG_VERSION b/release-non-auto-checks/WLR_XDG_VERSION new file mode 100644 index 0000000..aa7d21e --- /dev/null +++ b/release-non-auto-checks/WLR_XDG_VERSION @@ -0,0 +1,2 @@ +2.1.1 +2023-04-17 diff --git a/release-non-auto-checks/changelog-major-minor b/release-non-auto-checks/changelog-major-minor new file mode 100644 index 0000000..aa7d21e --- /dev/null +++ b/release-non-auto-checks/changelog-major-minor @@ -0,0 +1,2 @@ +2.1.1 +2023-04-17 diff --git a/release-non-auto-checks/internal-wiki b/release-non-auto-checks/internal-wiki new file mode 100644 index 0000000..aa7d21e --- /dev/null +++ b/release-non-auto-checks/internal-wiki @@ -0,0 +1,2 @@ +2.1.1 +2023-04-17 diff --git a/release-non-auto-checks/meson-epoch b/release-non-auto-checks/meson-epoch new file mode 100644 index 0000000..aa7d21e --- /dev/null +++ b/release-non-auto-checks/meson-epoch @@ -0,0 +1,2 @@ +2.1.1 +2023-04-17 diff --git a/release-non-auto-checks/release-note b/release-non-auto-checks/release-note new file mode 100644 index 0000000..aa7d21e --- /dev/null +++ b/release-non-auto-checks/release-note @@ -0,0 +1,2 @@ +2.1.1 +2023-04-17 diff --git a/release-non-auto-checks/reproducibility-checked b/release-non-auto-checks/reproducibility-checked new file mode 100644 index 0000000..aa7d21e --- /dev/null +++ b/release-non-auto-checks/reproducibility-checked @@ -0,0 +1,2 @@ +2.1.1 +2023-04-17 diff --git a/release-non-auto-checks/security-to-man-page-info-transfer b/release-non-auto-checks/security-to-man-page-info-transfer new file mode 100644 index 0000000..aa7d21e --- /dev/null +++ b/release-non-auto-checks/security-to-man-page-info-transfer @@ -0,0 +1,2 @@ +2.1.1 +2023-04-17 diff --git a/scripts/adjust-epoch b/scripts/adjust-epoch new file mode 100755 index 0000000..362c840 --- /dev/null +++ b/scripts/adjust-epoch @@ -0,0 +1,13 @@ +#!/bin/bash +# Copyright 2023, project-repo and the cagebreak contributors +# SPDX-License-Identifier: MIT + +if [[ -n ${MESON_SOURCE_ROOT} ]] +then + # shellcheck disable=2164 + cd "${MESON_SOURCE_ROOT}" +fi + +# shellcheck disable=2034 +ssepoch=$(date +%s) +sed -i -e "/secssinceepoch \=/s/[0-9]*$/$ssepoch/" meson.build diff --git a/scripts/create-release-artefacts b/scripts/create-release-artefacts new file mode 100755 index 0000000..4b16167 --- /dev/null +++ b/scripts/create-release-artefacts @@ -0,0 +1,40 @@ +#!/bin/bash +# Copyright 2023, project-repo and the cagebreak contributors +# SPDX-License-Identifier: MIT + +if [[ -n ${MESON_SOURCE_ROOT} ]] +then + # shellcheck disable=2164 + cd "${MESON_SOURCE_ROOT}" +fi + +readonly gpg_id="${1}" +readonly version="${2}" + +git archive --prefix=cagebreak/ -o "release_${version}.tar.gz" "tags/${version}" . + +rm -rf "release-artefacts_${version}" +mkdir "release-artefacts_${version}" + +rm -rf temp-rel-artefacts +meson setup temp-rel-artefacts -Dxwayland=true -Dman-pages=true --buildtype=release +ninja -C temp-rel-artefacts + +cp LICENSE "release-artefacts_${version}" +cp SECURITY.md "release-artefacts_${version}" +cp FAQ.md "release-artefacts_${version}" +cp README.md "release-artefacts_${version}" +cp temp-rel-artefacts/cagebreak "release-artefacts_${version}" +cp temp-rel-artefacts/cagebreak.1 "release-artefacts_${version}" +cp temp-rel-artefacts/cagebreak-config.5 "release-artefacts_${version}" +cp temp-rel-artefacts/cagebreak-socket.7 "release-artefacts_${version}" +cp signatures/cagebreak*.sig "release-artefacts_${version}" + +# shellcheck disable=2155 +export SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) ; tar --sort=name --mtime= --owner=0 --group=0 --numeric-owner -czf "release-artefacts_${version}.tar.gz" "release-artefacts_${version}" + +gpg -u "${gpg_id}" --detach-sign "release-artefacts_${version}.tar.gz" +gpg -u "${gpg_id}" --detach-sign "release_${version}.tar.gz" + + +rm -rf temp-rel-artefacts diff --git a/scripts/create-signatures b/scripts/create-signatures new file mode 100755 index 0000000..3292374 --- /dev/null +++ b/scripts/create-signatures @@ -0,0 +1,37 @@ +#!/bin/bash +# Copyright 2023, project-repo and the cagebreak contributors +# SPDX-License-Identifier: MIT + +if [[ -n ${MESON_SOURCE_ROOT} ]] +then + # shellcheck disable=2164 + cd "${MESON_SOURCE_ROOT}" +fi + +readonly gpg_id="${1}" +# shellcheck disable=2155 +readonly old_tags=$(git tag| tail -1) + +mv signatures/cagebreak.sig "signatures/${old_tags}-cagebreak.sig" +mv signatures/cagebreak.1.sig "signatures/${old_tags}-cagebreak.1.sig" +mv signatures/cagebreak-config.5.sig "signatures/${old_tags}-cagebreak-config.5.sig" +mv signatures/cagebreak-socket.7.sig "signatures/${old_tags}-cagebreak-socket.7.sig" + +git add "signatures/${old_tags}-cagebreak.sig" +git add "signatures/${old_tags}-cagebreak.1.sig" +git add "signatures/${old_tags}-cagebreak-config.5.sig" +git add "signatures/${old_tags}-cagebreak-socket.7.sig" + +rm -rf temp-sigs +meson setup temp-sigs -Dxwayland=true -Dman-pages=true --buildtype=release +ninja -C temp-sigs + +gpg -u "${gpg_id}" --detach-sign temp-sigs/cagebreak +gpg -u "${gpg_id}" --detach-sign temp-sigs/cagebreak.1 +gpg -u "${gpg_id}" --detach-sign temp-sigs/cagebreak-config.5 +gpg -u "${gpg_id}" --detach-sign temp-sigs/cagebreak-socket.7 + +cp temp-sigs/*.sig signatures/ + + +rm -rf temp-sigs diff --git a/scripts/fuzz b/scripts/fuzz new file mode 100755 index 0000000..7f227ec --- /dev/null +++ b/scripts/fuzz @@ -0,0 +1,17 @@ +#!/bin/bash +# Copyright 2023, project-repo and the cagebreak contributors +# SPDX-License-Identifier: MIT + +readonly fuzzing_corpus="${1}" + +if [[ -n ${MESON_SOURCE_ROOT} ]] +then + # shellcheck disable=2164 + cd "${MESON_SOURCE_ROOT}" +fi + +rm -rf fuzzing-directory +CC=clang meson setup fuzzing-directory -Dfuzz=true -Db_sanitize=address,undefined -Db_lundef=false -Db_detect-leaks=0 +ninja -C fuzzing-directory/ +WLR_BACKENDS=headless ./fuzzing-directory/fuzz-parse -jobs=12 -max_len=50000 -close_fd_mask=3 "${fuzzing_corpus}" +rm -rf fuzzing-directory diff --git a/scripts/git-tag b/scripts/git-tag new file mode 100755 index 0000000..bd8e541 --- /dev/null +++ b/scripts/git-tag @@ -0,0 +1,8 @@ +#!/bin/bash +# Copyright 2023, project-repo and the cagebreak contributors +# SPDX-License-Identifier: MIT + +readonly gpg_id="${1}" +readonly version="${2}" + +git tag -u "${gpg_id}" "${version}" HEAD diff --git a/scripts/install-development-environment b/scripts/install-development-environment new file mode 100755 index 0000000..d1b9793 --- /dev/null +++ b/scripts/install-development-environment @@ -0,0 +1,13 @@ +#!/bin/bash +# Copyright 2023, project-repo and the cagebreak contributors +# SPDX-License-Identifier: MIT + +sudo pacman -Syu --noconfirm git grep sed xev meson ninja clang gcc shellcheck jq openbsd-netcat gnupg binutils alacritty wlroots wayland libxkbcommon cairo pango fontconfig libinput libevdev systemd-libs # systemd-libs is included because of libudev + +if [[ -n ${MESON_SOURCE_ROOT} ]] +then + # shellcheck disable=2164 + cd "${MESON_SOURCE_ROOT}" +fi + +gpg --import keys/* diff --git a/scripts/output-hashes b/scripts/output-hashes new file mode 100755 index 0000000..cf7cacf --- /dev/null +++ b/scripts/output-hashes @@ -0,0 +1,50 @@ +#!/bin/bash +# Copyright 2023, project-repo and the cagebreak contributors +# SPDX-License-Identifier: MIT + +if [[ -n ${MESON_SOURCE_ROOT} ]] +then + # shellcheck disable=2164 + cd "${MESON_SOURCE_ROOT}" +fi + +readonly version="${1}" + +rm -rf hashes +meson setup hashes -Dxwayland=true -Dman-pages=true --buildtype=release +ninja -C hashes + +cb256=$(sha256sum hashes/cagebreak | cut -d " " -f1) +cb512=$(sha512sum hashes/cagebreak | cut -d " " -f1) + +cb1man256=$(sha256sum hashes/cagebreak.1 | cut -d " " -f1) +cb1man512=$(sha512sum hashes/cagebreak.1 | cut -d " " -f1) + +cb5man256=$(sha256sum hashes/cagebreak-config.5 | cut -d " " -f1) +cb5man512=$(sha512sum hashes/cagebreak-config.5 | cut -d " " -f1) + +cb7man256=$(sha256sum hashes/cagebreak-socket.7 | cut -d " " -f1) +cb7man512=$(sha512sum hashes/cagebreak-socket.7 | cut -d " " -f1) + +echo "${version} cagebreak + + * sha 256: ${cb256} + * sha 512: ${cb512} + +${version} cagebreak.1 + + * sha 256: ${cb1man256} + * sha 512: ${cb1man512} + +${version} cagebreak-config.5 + + * sha 256: ${cb5man256} + * sha 512: ${cb5man512} + +${version} cagebreak-socket.7 + + * sha 256: ${cb7man256} + * sha 512: ${cb7man512} +" > local-hashes.txt + +rm -rf hashes diff --git a/scripts/set-version b/scripts/set-version new file mode 100755 index 0000000..c4506cb --- /dev/null +++ b/scripts/set-version @@ -0,0 +1,20 @@ +#!/bin/bash +# Copyright 2023, project-repo and the cagebreak contributors +# SPDX-License-Identifier: MIT + +# TODO man pages + +if [[ -n ${MESON_SOURCE_ROOT} ]] +then + # shellcheck disable=2164 + cd "${MESON_SOURCE_ROOT}" +fi + +# shellcheck disable=2034 +version="${1}" +sed -i -e "s/minversion\=[0-9]*\.[0-9]*.[0-9]*/minversion=$version/" README.md + + +sed -i -e "s/Version [0-9]*\.[0-9]*.[0-9]*/VERSION $version/" man/cagebreak.1.md +sed -i -e "s/Version [0-9]*\.[0-9]*.[0-9]*/VERSION $version/" man/cagebreak-config.5.md +sed -i -e "s/Version [0-9]*\.[0-9]*.[0-9]*/VERSION $version/" man/cagebreak-socket.7.md diff --git a/signatures/2.1.0-cagebreak-config.5.sig b/signatures/2.1.0-cagebreak-config.5.sig new file mode 100644 index 0000000..25072cb Binary files /dev/null and b/signatures/2.1.0-cagebreak-config.5.sig differ diff --git a/signatures/2.1.0-cagebreak-socket.7.sig b/signatures/2.1.0-cagebreak-socket.7.sig new file mode 100644 index 0000000..67c2e16 Binary files /dev/null and b/signatures/2.1.0-cagebreak-socket.7.sig differ diff --git a/signatures/2.1.0-cagebreak.1.sig b/signatures/2.1.0-cagebreak.1.sig new file mode 100644 index 0000000..b0c8dc1 Binary files /dev/null and b/signatures/2.1.0-cagebreak.1.sig differ diff --git a/signatures/2.1.0-cagebreak.sig b/signatures/2.1.0-cagebreak.sig new file mode 100644 index 0000000..f2f774a Binary files /dev/null and b/signatures/2.1.0-cagebreak.sig differ diff --git a/signatures/cagebreak-config.5.sig b/signatures/cagebreak-config.5.sig index 25072cb..e25e49c 100644 Binary files a/signatures/cagebreak-config.5.sig and b/signatures/cagebreak-config.5.sig differ diff --git a/signatures/cagebreak-socket.7.sig b/signatures/cagebreak-socket.7.sig index 67c2e16..6b1a6a5 100644 Binary files a/signatures/cagebreak-socket.7.sig and b/signatures/cagebreak-socket.7.sig differ diff --git a/signatures/cagebreak.1.sig b/signatures/cagebreak.1.sig index b0c8dc1..7674f52 100644 Binary files a/signatures/cagebreak.1.sig and b/signatures/cagebreak.1.sig differ diff --git a/signatures/cagebreak.sig b/signatures/cagebreak.sig index f2f774a..c71037f 100644 Binary files a/signatures/cagebreak.sig and b/signatures/cagebreak.sig differ diff --git a/test/check-artefacts b/test/check-artefacts new file mode 100644 index 0000000..9e62bb5 --- /dev/null +++ b/test/check-artefacts @@ -0,0 +1,27 @@ +#! /bin/sh +# Copyright 2023, project-repo and the cagebreak contributors +# SPDX-License-Identifier: MIT + +RESULT=0 + +readonly version="${1}" + +# shellcheck disable=SC2164 +cd "${MESONCURRENTCONFIGDIR}" + +gpg --verify "release_${version}.tar.gz.sig" || RESULT=1 +gpg --verify "release-artefacts_${version}.tar.gz.sig" || RESULT=1 + +tar -xvf "release_${version}.tar.gz" +cd cagebreak || exit 1 +meson setup build -Dxwayland=true -Dman-pages=true --buildtype=release +ninja -C build +gpg --verify ../signatures/cagebreak.sig build/cagebreak || RESULT=1 +gpg --verify ../signatures/cagebreak.1.sig build/cagebreak.1 || RESULT=1 +gpg --verify ../signatures/cagebreak-config.5.sig build/cagebreak-config.5 || RESULT=1 +gpg --verify ../signatures/cagebreak-socket.7.sig build/cagebreak-socket.7 || RESULT=1 +# shellcheck disable=2103 +cd .. +rm -rf cagebreak + +exit "${RESULT}" diff --git a/test/copyright-license b/test/copyright-license index 4fe517f..630f843 100644 --- a/test/copyright-license +++ b/test/copyright-license @@ -10,7 +10,9 @@ readonly test_deps=$(cd "${MESONCURRENTCONFIGDIR}" ; find . -type f | grep test/ readonly examples_deps=$(cd "${MESONCURRENTCONFIGDIR}" ; find . -type f | grep examples/) # shellcheck disable=2155,2164,2046 readonly example_scripts_deps=$(cd "${MESONCURRENTCONFIGDIR}" ; find . -type f | grep example_scripts/) -readonly deps="${declared_deps} ${hardcoded_deps} ${test_deps} ${examples_deps} ${example_scripts_deps}" +# shellcheck disable=2155,2164,2046 +readonly scripts_deps=$(cd "${MESONCURRENTCONFIGDIR}" ; find . -type f | grep scripts/) +readonly deps="${declared_deps} ${hardcoded_deps} ${test_deps} ${examples_deps} ${example_scripts_deps} ${scripts_deps}" # shellcheck disable=2046,2155 readonly curryear=$(date +%Y) diff --git a/test/git-tag b/test/git-tag new file mode 100644 index 0000000..f080060 --- /dev/null +++ b/test/git-tag @@ -0,0 +1,16 @@ +#!/bin/bash +# Copyright 2023, project-repo and the cagebreak contributors +# SPDX-License-Identifier: MIT + +VERSION=$1 +RESULT=0 + +if git tag -v "${VERSION}" +then + echo "[x] git tag" +else + RESULT=1 + echo "[ ] git tag" +fi + +exit "${RESULT}" diff --git a/test/gpg-signatures b/test/gpg-signatures new file mode 100644 index 0000000..c5d63fd --- /dev/null +++ b/test/gpg-signatures @@ -0,0 +1,43 @@ +#!/bin/bash +# Copyright 2023, project-repo and the cagebreak contributors +# SPDX-License-Identifier: MIT + +RESULT=0 + +# cagebreak +if gpg --verify ../signatures/cagebreak.sig cagebreak +then + echo "[x] cagebreak binary" +else + RESULT=1 + echo "[ ] cagebreak binary" +fi + +# cagebreak-man +if gpg --verify ../signatures/cagebreak.1.sig cagebreak.1 +then + echo "[x] cagebreak.1 man" +else + RESULT=1 + echo "[ ] cagebreak.1 man" +fi + +# cagebreak-config man +if gpg --verify ../signatures/cagebreak-config.5.sig cagebreak-config.5 +then + echo "[x] cagebreak-config.5 man" +else + RESULT=1 + echo "[ ] cagebreak-config.5 man" +fi + +# cagebreak-socket man +if gpg --verify ../signatures/cagebreak-socket.7.sig cagebreak-socket.7 +then + echo "[x] cagebreak-socket.7 man" +else + RESULT=1 + echo "[ ] cagebreak-socket.7 man" +fi + +exit "${RESULT}" diff --git a/test/gpg-validity b/test/gpg-validity new file mode 100644 index 0000000..6340105 --- /dev/null +++ b/test/gpg-validity @@ -0,0 +1,46 @@ +#!/bin/bash +# Copyright 2023, project-repo and the cagebreak contributors +# SPDX-License-Identifier: MIT + +RESULT=0 + +# shellcheck disable=2164 +cd "${MESONCURRENTCONFIGDIR}/keys" +stoday=$(date +%s) +signingmargin=90 + +# shellcheck disable=2046 +skey11exptime=$(date --date=$(gpg --show-keys cagebreak_signing_key_11\@project-repo.co.pub | tail -2 | head -1 | cut -d " " -f 8 | rev | cut -c2- | rev) '+%s') +# shellcheck disable=2046 +skey12exptime=$(date --date=$(gpg --show-keys cagebreak_signing_key_12\@project-repo.co.pub | tail -2 | head -1 | cut -d " " -f 8 | rev | cut -c2- | rev) '+%s') +# shellcheck disable=2046 +mailexptime=$(date --date=$(gpg --show-keys cagebreak\@project-repo.co.pub | tail -2 | head -1 | cut -d " " -f 8 | rev | cut -c2- | rev) '+%s') + +# signing keys +## signing key 11 +if [[ $(( (stoday - skey11exptime) / 86400 )) -lt $signingmargin ]] +then + echo "[x] signign key 11" +else + RESULT=1 + echo "[ ] signing key 11" +fi +## signing key 12 +if [[ $(( (stoday - skey12exptime) / 86400 )) -lt $signingmargin ]] +then + echo "[x] signign key 12" +else + RESULT=1 + echo "[ ] signing key 12" +fi + +# email key +if [[ $(( (stoday - mailexptime) / 86400 )) -lt $signingmargin ]] +then + echo "[x] mail key" +else + RESULT=1 + echo "[ ] mail key" +fi + +exit "${RESULT}" diff --git a/test/hashes-md b/test/hashes-md new file mode 100644 index 0000000..30a5529 --- /dev/null +++ b/test/hashes-md @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright 2023, project-repo and the cagebreak contributors +# SPDX-License-Identifier: MIT + +VERSION=$1 +RESULT=0 + +# shellcheck disable=2164 +cd "${MESONCURRENTCONFIGDIR}" + +cb256=$(sha256sum build/cagebreak | cut -d " " -f1 ) +cb256man1=$(sha256sum build/cagebreak.1 | cut -d " " -f1 ) +cb256man5=$(sha256sum build/cagebreak-config.5 | cut -d " " -f1 ) +cb256man7=$(sha256sum build/cagebreak-socket.7 | cut -d " " -f1 ) +cb512=$(sha512sum build/cagebreak | cut -d " " -f1 ) +cb512man1=$(sha512sum build/cagebreak.1 | cut -d " " -f1 ) +cb512man5=$(sha512sum build/cagebreak-config.5 | cut -d " " -f1 ) +cb512man7=$(sha512sum build/cagebreak-socket.7 | cut -d " " -f1 ) + +hashesdoc=$(head -21 Hashes.md) + +testdoc="# Hashes + +$VERSION cagebreak + + * sha 256: ${cb256} + * sha 512: ${cb512} + +$VERSION cagebreak.1 + + * sha 256: ${cb256man1} + * sha 512: ${cb512man1} + +$VERSION cagebreak-config.5 + + * sha 256: ${cb256man5} + * sha 512: ${cb512man5} + +$VERSION cagebreak-socket.7 + + * sha 256: ${cb256man7} + * sha 512: ${cb512man7}" + +# email key +if [[ "${hashesdoc}" = "${testdoc}" ]] +then + echo "[x] Hashes.md" +else + RESULT=1 + echo "[ ] Hashes.md" +fi + +exit "${RESULT}" diff --git a/test/non-auto-tests b/test/non-auto-tests new file mode 100644 index 0000000..470d494 --- /dev/null +++ b/test/non-auto-tests @@ -0,0 +1,25 @@ +#!/bin/bash +# Copyright 2023, project-repo and the cagebreak contributors +# SPDX-License-Identifier: MIT + +VERSION=$1 +RESULT=0 + +# shellcheck disable=2164 +cd "${MESONCURRENTCONFIGDIR}/release-non-auto-checks" + +filevar="$VERSION +$(date +%Y-%m-%d)" + +for check in ./* +do + if [[ $(cat "$check") = "${filevar}" ]] + then + echo "[x] ${check}" + else + RESULT=1 + echo "[ ] ${check}" + fi +done + +exit "${RESULT}" diff --git a/test/shellcheck b/test/shellcheck index 0727178..8fa5f4e 100644 --- a/test/shellcheck +++ b/test/shellcheck @@ -4,13 +4,15 @@ RESULT=0 -set -x # shellcheck disable=2164 cd "${MESONCURRENTCONFIGDIR}/test" # shellcheck disable=2046 shellcheck --source-path=../example_scripts/ $(ls -Itesting-configurations) || RESULT=1 cd "${MESONCURRENTCONFIGDIR}/example_scripts/" || RESULT=1 -shellcheck ./* +shellcheck ./* || RESULT=1 + +cd "${MESONCURRENTCONFIGDIR}/scripts/" || RESULT=1 +shellcheck ./* || RESULT=1 exit "${RESULT}"