I made a first cut at this: https://github.com/davedoesdev/rumprun-packages
.travis.yml calls .docker-build/build-package-in-docker.sh, which in turn uses a Docker image (davedoesdev/rumprun-toolchain-x86_64-rumprun-netbsd-hw) to run .docker-build/build-package.sh, which builds the package. The Docker images are automated builds and are listed here: https://hub.docker.com/u/davedoesdev/ The 'inheritance' heirarchy is: ubuntu davedoesdev/rumprun-toolchain-base davedoesdev/rumprun-toolchain-base-hw davedoesdev/rumprun-toolchain-x86_64-rumprun-netbsd-hw Feel free to look at the Dockerfiles. The Travis build status is here: https://travis-ci.org/davedoesdev/rumprun-packages Any feedback or comments welcome! (I plan to create derivative image(s) which publish the artifacts automatically too, using https://github.com/davedoesdev/dtuf, but that's something for another day). On 11 March 2016 at 11:06, Martin Lucina <[email protected]> wrote: > On Thursday, 10.03.2016 at 20:20, David Halls wrote: >> > >> > >> > Uploading to Github requires an OUATH token with permissions to upload to >> > the Github repository in .travis.yml. What are the security implications of >> > this? Unless I'm missing something, anyone could trivially steal that token >> > and use it to upload arbitrary "releases" to the target Github repo...? >> > >> > >> https://docs.travis-ci.com/user/encryption-keys/ > > Thanks for the pointer! > >> > > Of course that means specifying toolchain artefact version in the package >> > > build. >> > >> > Right. And that doesn't work for our toolchain for two reasons >> > >> > 1) The toolchain just wraps (and is thus dependent on) the host toolchain. >> > So "version of toolchain" is not meaningful. >> > >> >> If they shared a Docker toolchain base image that should be ok, right? > > Yes. > >
