repo: Generate release archive

This adds a script that generates a source archive containing vendored dependencies. This source archive is suitable for building in environments that do not have networking. This archive is bit-for-bit reproducible and will always generate the exact same archive when ran on a given git commit with a given version of system tooling. Signed-off-by: Reilly Brogan <[email protected]>
serpent-os · May 10, 2024 · b07c461 · b07c461
1 parent d99155e
commit b07c461
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,3 +4,6 @@ target
 install
 
 **/db/**/test.db
+
+# Generated source archives
+*.tar.*
diff --git a/justfile b/justfile
@@ -99,3 +99,6 @@ install-moss:
 
   # Cleanup
   rm -rfv $tmpdir
+
+create-release-tar:
+  scripts/create-release-tar.sh
diff --git a/scripts/create-release-tar.sh b/scripts/create-release-tar.sh
@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+set -euxo pipefail
+
+# Script to generate a tarball of source code and vendored (downloaded) Rust dependencies
+# and the cargo configuration to ensure they are used
+
+# Get the current directory, which we'll use for telling Cargo where to find the sources
+wd="$PWD"
+
+# Get the version from git-describe
+#VERSION=$(git describe --dirty 2>/dev/null)
+VERSION="0.10"
+
+# The path where we will output the tar file
+path=$wd/moss-$VERSION-vendored.tar.zst
+
+# Clean up stuff we've written before
+rm -f "$path"
+
+# Make sure cargo lock files are in sync with cargo.toml
+cargo check --locked
+
+PREFIX_TMPDIR=$(mktemp -d)
+pushd "$PREFIX_TMPDIR"
+
+# Enable dotglob so we copy over files/folders starting with .
+shopt -s dotglob
+cp -ra "$wd"/* .
+
+function get_commit_time() {
+  TZ=UTC0 git log -1 \
+    --format=tformat:%cd \
+    --date=format:%Y-%m-%dT%H:%M:%SZ \
+    "$@"
+}
+
+# Set each file mtime to that of it's latest commit
+# Set each source file timestamp to that of its latest commit.
+git ls-files | while read -r file; do
+  commit_time=$(get_commit_time "$file") &&
+  touch -md "$commit_time" "$file"
+done
+
+# Set timestamp of each directory under $FILES
+# to the latest timestamp of any descendant.
+find . -depth -type d -exec sh -c \
+  'touch -r "$0/$(ls -At "$0" | head -n 1)" "$0"' \
+  {} ';'
+
+SOURCE_EPOCH=$(get_commit_time)
+
+# Cleanup repo
+git reset --hard
+git clean -xdf
+git clean -df
+rm -rf .git
+rm -rf serpent-style
+
+# Generate vendored dependencies and the configuration to use them
+mkdir .cargo
+cargo vendor --manifest-path "$wd/Cargo.toml" > .cargo/config
+
+# Cleanup static libraries that support non-Linux platforms
+find vendor -name "*.a" -type f -print -delete
+
+# Reproducible tar flags
+TARFLAGS="
+  --sort=name --format=posix
+  --pax-option=exthdr.name=%d/PaxHeaders/%f
+  --pax-option=delete=atime,delete=ctime
+  --clamp-mtime --mtime=$SOURCE_EPOCH
+  --numeric-owner --owner=0 --group=0
+  --mode=go+u,go-w
+"
+ZSTDFLAGS="-19 -T0"
+
+# shellcheck disable=SC2086
+LC_ALL=C tar $TARFLAGS -C $PREFIX_TMPDIR -cf  - . |
+  zstd $ZSTDFLAGS > $path
+
+popd
+rm -rf "$PREFIX_TMPDIR"
+
+checksum=$(sha256sum "$path")
+echo "Release tar checksum $checksum"
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,3 +4,6 @@ target @@
     install
     **/db/**/test.db
+    # Generated source archives
+    *.tar.*