status-im
/
status-mobile
mirror of https://github.com/status-im/status-mobile.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix keystore generation, pass keystore vars to build 

Changes:
* Drop --keep from nix/scripts/build.sh as it does nothing
* Allow scripts/release-android.sh take passwords from env
* Use env file in extra-sandbox-paths to pass keystore passwords
* Quote ever segment of Nix options to avoid parsing errors

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2020-03-13 13:01:17 +01:00
parent 10fab4e77c
commit eb5fe57e90
No known key found for this signature in database
GPG Key ID: 4EF064D0E6D63020
4 changed files with 55 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nix/scripts/build.sh
View File

@ -49,19 +49,12 @@ nixOpts=(
"--fallback" "--fallback"
"--no-out-link" "--no-out-link"
"--show-trace" "--show-trace"
"--attr ${targetAttr}" "--attr" "${targetAttr}"
"${@}"
) )
# This variable allows specifying which env vars to keep for Nix pure shell.
# The separator is a colon
if [[ -n "${_NIX_KEEP}" ]]; then
nixOpts+=("--keep ${_NIX_KEEP//,/ --keep }")
fi
# Run the actual build # Run the actual build
echo "Running: nix-build ${nixOpts[@]} default.nix" echo "Running: nix-build "${nixOpts[@]}" "${@}" default.nix"
nixResultPath=$(nix-build ${nixOpts[@]} default.nix) nixResultPath=$(nix-build "${nixOpts[@]}" "${@}" default.nix)
echo "Extracting result: ${nixResultPath}" echo "Extracting result: ${nixResultPath}"
extractResults "${nixResultPath}" extractResults "${nixResultPath}"

18
nix/scripts/shell.sh
View File

@ -18,12 +18,12 @@ source "${GIT_ROOT}/nix/scripts/source.sh"
export TERM=xterm # fix for colors export TERM=xterm # fix for colors
shift # we remove the first -c from arguments shift # we remove the first -c from arguments
shellArgs=( nixArgs=(
"--show-trace" "--show-trace"
) )
if [[ -n "${TARGET}" ]]; then if [[ -n "${TARGET}" ]]; then
shellArgs+=("--argstr target ${TARGET}") nixArgs+=("--argstr target ${TARGET}")
else else
echo -e "${YLW}Env is missing TARGET, assuming default target.${RST} See nix/README.md for more details." 1>&2 echo -e "${YLW}Env is missing TARGET, assuming default target.${RST} See nix/README.md for more details." 1>&2
fi fi
@ -32,7 +32,7 @@ if [[ "$TARGET" =~ (linux|windows|darwin|macos) ]]; then
# This is a dirty workaround because 'yarn install' is an impure operation, # This is a dirty workaround because 'yarn install' is an impure operation,
# so we need to call it from an impure shell. # so we need to call it from an impure shell.
# Hopefully we'll be able to fix this later on with something like yarn2nix # Hopefully we'll be able to fix this later on with something like yarn2nix
nix-shell ${shellArgs[@]} --run "scripts/prepare-for-desktop-platform.sh" || exit nix-shell ${nixArgs[@]} --run "scripts/prepare-for-desktop-platform.sh" || exit
fi fi
config='' config=''
@ -45,13 +45,13 @@ fi
config+="status-im.build-type=\"${BUILD_TYPE}\";" config+="status-im.build-type=\"${BUILD_TYPE}\";"
if [ -n "$config" ]; then if [ -n "$config" ]; then
shellArgs+=("--arg config {$config}") nixArgs+=("--arg config {$config}")
fi fi
# if _NIX_ATTR is specified we shouldn't use shell.nix, the path will be different # if _NIX_ATTR is specified we shouldn't use shell.nix, the path will be different
entryPoint="shell.nix" entryPoint="shell.nix"
if [ -n "${_NIX_ATTR}" ]; then if [ -n "${_NIX_ATTR}" ]; then
shellArgs+=("--attr ${_NIX_ATTR}") nixArgs+=("--attr ${_NIX_ATTR}")
entryPoint="default.nix" entryPoint="default.nix"
fi fi
@ -59,18 +59,18 @@ fi
# It is just a special string, not a variable, and a marker to not use `--run`. # It is just a special string, not a variable, and a marker to not use `--run`.
if [[ $@ == "ENTER_NIX_SHELL" ]]; then if [[ $@ == "ENTER_NIX_SHELL" ]]; then
echo -e "${GRN}Configuring ${_NIX_ATTR:-default} Nix shell for target '${TARGET:-default}'...${RST}" 1>&2 echo -e "${GRN}Configuring ${_NIX_ATTR:-default} Nix shell for target '${TARGET:-default}'...${RST}" 1>&2
exec nix-shell ${shellArgs[@]} ${entryPoint} exec nix-shell ${nixArgs[@]} ${entryPoint}
else else
# Not all builds are ready to be run in a pure environment # Not all builds are ready to be run in a pure environment
if [[ -n "${_NIX_PURE}" ]]; then if [[ -n "${_NIX_PURE}" ]]; then
shellArgs+=("--pure") nixArgs+=("--pure")
pureDesc='pure ' pureDesc='pure '
fi fi
# This variable allows specifying which env vars to keep for Nix pure shell # This variable allows specifying which env vars to keep for Nix pure shell
# The separator is a colon # The separator is a colon
if [[ -n "${_NIX_KEEP}" ]]; then if [[ -n "${_NIX_KEEP}" ]]; then
shellArgs+=("--keep ${_NIX_KEEP//,/ --keep }") nixArgs+=("--keep ${_NIX_KEEP//,/ --keep }")
fi fi
echo -e "${GRN}Configuring ${pureDesc}${_NIX_ATTR:-default} Nix shell for target '${TARGET}'...${RST}" 1>&2 echo -e "${GRN}Configuring ${pureDesc}${_NIX_ATTR:-default} Nix shell for target '${TARGET}'...${RST}" 1>&2
exec nix-shell ${shellArgs[@]} --run "$@" ${entryPoint} exec nix-shell ${nixArgs[@]} --run "$@" ${entryPoint}
fi fi

26
scripts/generate-keystore.sh
View File

@ -9,19 +9,25 @@ function property() {
grep "${2}" "${1}" | cut -d'=' -f2 grep "${2}" "${1}" | cut -d'=' -f2
} }
function property_gradle() { function gradle_property() {
property ${GIT_ROOT}/android/gradle.properties ${1} property ${GIT_ROOT}/android/gradle.properties ${1}
} }
KEYSTORE_PASSWORD=$(property_gradle 'KEYSTORE_PASSWORD') function env_var_or_gradle_prop() {
KEYSTORE_ALIAS=$(property_gradle 'KEYSTORE_ALIAS') VAR_NAME="${1}"
KEYSTORE_KEY_PASSWORD=$(property_gradle 'KEYSTORE_KEY_PASSWORD') if [[ -n "${!VAR_NAME}" ]]; then
echo "${!VAR_NAME}"
else
gradle_property "${VAR_NAME}"
fi
}
# Allow Makefile modify Keystore path if necessary KEYSTORE_PASSWORD=$(env_var_or_gradle_prop 'KEYSTORE_PASSWORD')
if [[ -z ${KEYSTORE_PATH} ]]; then KEYSTORE_ALIAS=$(env_var_or_gradle_prop 'KEYSTORE_ALIAS')
KEYSTORE_PATH=$(property_gradle 'KEYSTORE_FILE') KEYSTORE_KEY_PASSWORD=$(env_var_or_gradle_prop 'KEYSTORE_KEY_PASSWORD')
fi KEYSTORE_PATH=$(env_var_or_gradle_prop 'KEYSTORE_PATH')
# Replace ~ with proper absolute path
# Use absolute path for Keystore
KEYSTORE_PATH=${KEYSTORE_PATH/#\~/$HOME} KEYSTORE_PATH=${KEYSTORE_PATH/#\~/$HOME}
if [[ -e "${KEYSTORE_PATH}" ]]; then if [[ -e "${KEYSTORE_PATH}" ]]; then
@ -30,7 +36,7 @@ if [[ -e "${KEYSTORE_PATH}" ]]; then
exit 0 exit 0
fi fi
KEYSTORE_DIR=$(dirname "${S/TATUS_RELEASE_STORE_FILE}") KEYSTORE_DIR=$(dirname "${KEYSTORE_PATH}")
[[ -d $KEYSTORE_DIR ]] || mkdir -p $KEYSTORE_DIR [[ -d $KEYSTORE_DIR ]] || mkdir -p $KEYSTORE_DIR
echo -e "${GRN}Generating keystore...${RST}" > /dev/stderr echo -e "${GRN}Generating keystore...${RST}" > /dev/stderr

33
scripts/release-android.sh
View File

@ -16,6 +16,13 @@ function must_get_env() {
exit 1 exit 1
} }
function append_env_export() {
ENV_VAR_NAME=${1}
if [[ -n "${!ENV_VAR_NAME}" ]]; then
echo "export ${ENV_VAR_NAME}=\"${!ENV_VAR_NAME}\";" >> "${SECRETS_FILE_PATH}"
fi
}
config='' config=''
if [ -n "${STATUS_GO_SRC_OVERRIDE}" ]; then if [ -n "${STATUS_GO_SRC_OVERRIDE}" ]; then
config+="status-im.status-go.src-override=\"${STATUS_GO_SRC_OVERRIDE}\";" config+="status-im.status-go.src-override=\"${STATUS_GO_SRC_OVERRIDE}\";"
@ -26,9 +33,17 @@ fi
config+="status-im.build-type=\"$(must_get_env BUILD_TYPE)\";" config+="status-im.build-type=\"$(must_get_env BUILD_TYPE)\";"
config+="status-im.status-react.build-number=\"$(must_get_env BUILD_NUMBER)\";" config+="status-im.status-react.build-number=\"$(must_get_env BUILD_NUMBER)\";"
config+="status-im.status-react.keystore-file=\"$(must_get_env KEYSTORE_PATH)\";" config+="status-im.status-react.keystore-file=\"$(must_get_env KEYSTORE_PATH)\";"
nixOpts=( nixOpts=()
"--arg config {${config}}"
"--arg env {BUILD_ENV=\"${BUILD_ENV}\";ANDROID_ABI_SPLIT=\"${ANDROID_ABI_SPLIT}\";ANDROID_ABI_INCLUDE=\"${ANDROID_ABI_INCLUDE}\";}" # Secrets like this can't be passed via args or they end up in derivation
SECRETS_FILE_PATH=$(mktemp)
chmod 644 ${SECRETS_FILE_PATH}
trap "rm -f ${SECRETS_FILE_PATH}" EXIT
append_env_export 'KEYSTORE_PASSWORD'
append_env_export 'KEYSTORE_ALIAS'
append_env_export 'KEYSTORE_KEY_PASSWORD'
nixOpts+=(
"--argstr" "secrets-file" "${SECRETS_FILE_PATH}"
) )
if [[ "$OS" =~ Darwin ]]; then if [[ "$OS" =~ Darwin ]]; then
@ -37,13 +52,19 @@ if [[ "$OS" =~ Darwin ]]; then
# we start an ad-hoc nix-shell that imports the packages from nix/nixpkgs-bootstrap. # we start an ad-hoc nix-shell that imports the packages from nix/nixpkgs-bootstrap.
WATCHMAN_SOCKFILE=$(watchman get-sockname --no-pretty | jq -r .sockname) WATCHMAN_SOCKFILE=$(watchman get-sockname --no-pretty | jq -r .sockname)
nixOpts+=( nixOpts+=(
"--argstr watchmanSockPath ${WATCHMAN_SOCKFILE}" " --argstr" "watchmanSockPath" "${WATCHMAN_SOCKFILE}"
"--option extra-sandbox-paths ${KEYSTORE_PATH};${WATCHMAN_SOCKFILE}" " --option" "extra-sandbox-paths" "${KEYSTORE_PATH} ${SECRETS_FILE_PATH} ${WATCHMAN_SOCKFILE}"
) )
else else
echo wtf
nixOpts+=( nixOpts+=(
"--option extra-sandbox-paths ${KEYSTORE_PATH}" "--option" "extra-sandbox-paths" "${KEYSTORE_PATH} ${SECRETS_FILE_PATH}"
) )
fi fi
nixOpts+=(
"--arg" "config" "{${config}}"
"--arg" "env" "{BUILD_ENV=\"${BUILD_ENV}\";ANDROID_ABI_SPLIT=\"${ANDROID_ABI_SPLIT}\";ANDROID_ABI_INCLUDE=\"${ANDROID_ABI_INCLUDE}\";}"
)
${GIT_ROOT}/nix/scripts/build.sh targets.mobile.android.release "${nixOpts[@]}" ${GIT_ROOT}/nix/scripts/build.sh targets.mobile.android.release "${nixOpts[@]}"