From feda2c8e3180cb983c35976d4440cea23a155b7f Mon Sep 17 00:00:00 2001 From: Carl Dong Date: Mon, 3 May 2021 13:12:15 -0400 Subject: [PATCH] guix: Skip attesting to dist-archive We already attest to the relevant dist-archive in inputs.SHA256SUMS, which is recorded at build-time. We use a SKIPATTEST.TAG file to indicate output directories which do not require attestation (much like the CACHEDIR.TAG specification). Generally, it's better to have build scripts declare properties of directories instead of introducing name-based special cases in attest scripts since build scripts have a more detailed context of what is going on. --- contrib/guix/guix-attest | 4 ++++ contrib/guix/libexec/build.sh | 1 + 2 files changed, 5 insertions(+) diff --git a/contrib/guix/guix-attest b/contrib/guix/guix-attest index 5093dcb69d3..8b4746caf9a 100755 --- a/contrib/guix/guix-attest +++ b/contrib/guix/guix-attest @@ -146,6 +146,10 @@ echo "" # MAIN LOGIC: Loop through each output for VERSION and attest to output in # GUIX_SIGS_REPO as SIGNER, if attestation does not exist for outdir in "${OUTDIRS[@]}"; do + if [ -e "${outdir}/SKIPATTEST.TAG" ]; then + echo "${outname}: SKIPPING: Output directory marked with SKIPATTEST.TAG file" + continue + fi outname="$(out_name "$outdir")" outsigdir="$(out_sig_dir "$outdir")" if [ -e "$outsigdir" ]; then diff --git a/contrib/guix/libexec/build.sh b/contrib/guix/libexec/build.sh index ce61cd52c7a..fccd5d1b087 100644 --- a/contrib/guix/libexec/build.sh +++ b/contrib/guix/libexec/build.sh @@ -228,6 +228,7 @@ GIT_ARCHIVE="${DIST_ARCHIVE_BASE}/${DISTNAME}.tar.gz" # Create the source tarball if not already there if [ ! -e "$GIT_ARCHIVE" ]; then mkdir -p "$(dirname "$GIT_ARCHIVE")" + touch "${DIST_ARCHIVE_BASE}"/SKIPATTEST.TAG git archive --prefix="${DISTNAME}/" --output="$GIT_ARCHIVE" HEAD fi