This is an old revision of the document!

How to prepare buildbot for major release

These are collected notes of the steps done during 21.02 release.

Generate new GPG key for release

Cross sign new GPG key

TODO: check http://lists.openwrt.org/pipermail/openwrt-devel/2018-December/020856.html

Read https://openwrt.org/docs/guide-user/security/keygen and prepare gpg/usign keys for release signing.

Generate gpg key: 

mkdir -p /tmp/signing
chmod 0700 /tmp/signing
gpg --homedir /tmp/signing --full-gen-key
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
		 0 = key does not expire
	  <n>  = key expires in n days
	  <n>w = key expires in n weeks
	  <n>m = key expires in n months
	  <n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Mon 20 Feb 2023 02:19:16 PM CET
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: OpenWrt Build System
Email address: pgpsign-21.02@openwrt.org
Comment: PGP key for 21.02 release builds
You selected this USER-ID:
	"OpenWrt Build System (PGP key for 21.02 release builds) <pgpsign-21.02@openwrt.org>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
pub   rsa4096 2021-02-20 [SC] [expires: 2023-02-20]
	  667205E379BAF348863A5C6688CA59E88F681580
uid                      OpenWrt Build System (PGP key for 21.02 release builds) <pgpsign-21.02@openwrt.org>
sub   rsa4096 2021-02-20 [E] [expires: 2023-02-20]

Export the gpg pubkey:

gpg --homedir /tmp/signing --export --armor 667205E379BAF348863A5C6688CA59E88F681580 > openwrt/keyring.git/gpg/88CA59E8.asc

run: 

gpg --homedir /tmp/signing --export-secret-keys --armor 667205E379BAF348863A5C6688CA59E88F681580

and put the secret keys into ansible/inventory/group_vars/all/openwrt-secrets.yml into following variables:

vault_buildbot_gpg_pass_openwrt_21_02: vault_buildbot_gpg_key_openwrt_21_02:

Generate usign key:

usign -G -c “Public usign key for 21.02 release builds” -s secret.key -p public.key

Add usign public key to keyring:

usign -F -p public.key 2f8b0b98e08306bf

mv public.key openwrt/keyring.git/usign/2f8b0b98e08306bf

Add usign secret.key to ansible/inventory/group_vars/all/openwrt-secrets.yml:

vault_buildbot_usign_key_openwrt_21_02:

add both keys to keyring.git repo: 

  usign: add 21.02 release build pubkey
  	usign/2f8b0b98e08306bf | 2 ++
	1 file changed, 2 insertions(+)
  gpg: add OpenWrt 21.02 signing key
	gpg/88CA59E8.asc | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
	1 file changed, 53 insertions(+)

Cleanup:

rm -fr /tmp/signing reboot

Update package/system/openwrt-keyring/Makefile package: 

commit 9be7a4f679da58b5a97ee608e6470a513ece65c4
Author:     Petr Štetiar <ynezz@true.cz>
AuthorDate: Sat Feb 20 15:56:19 2021 +0100
Commit:     Petr Štetiar <ynezz@true.cz>
CommitDate: Sat Feb 20 15:58:40 2021 +0100
	openwrt-keyring: add OpenWrt 21.02 GPG/usign keys
	
	49283916005d usign: add 21.02 release build pubkey
	bc4d80f064f2 gpg: add OpenWrt 21.02 signing key
	
	Signed-off-by: Petr Štetiar <ynezz@true.cz>
diff --git a/package/system/openwrt-keyring/Makefile b/package/system/openwrt-keyring/Makefile
index 7779e0c5a483..6f3aa65622d5 100644
--- a/package/system/openwrt-keyring/Makefile
+++ b/package/system/openwrt-keyring/Makefile
@@ -7,9 +7,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/keyring.git
-PKG_SOURCE_DATE:=2019-07-25
-PKG_SOURCE_VERSION:=8080ef341b4180e40c4ae8ab63511ac6496f0ad1
-PKG_MIRROR_HASH:=000882364b953691bf02f7ac41462badb68f452f0317cdfd51cfd617c9b1e364
+PKG_SOURCE_DATE:=2021-02-20
+PKG_SOURCE_VERSION:=49283916005d7868923d34ab34f14188cf74812d
+PKG_MIRROR_HASH:=7b58592bb49e4b37c8e80904c8f457ce3f0f2e6b1d2c473ccfe9204a8b7be831
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=GPL-2.0

Prepare buildbot infra and assign buildworkers: 

commit ec7b5803e269911aa45e86ad694f72eec57e68fd
Author:     Petr Štetiar <ynezz@true.cz>
AuthorDate: Tue Feb 16 08:15:45 2021 +0100
Commit:     Petr Štetiar <ynezz@true.cz>
CommitDate: Tue Feb 16 09:14:02 2021 +0100
	inventory: add setup for 21.02 release
	
	Signed-off-by: Petr Štetiar <ynezz@true.cz>
diff --git a/inventory/group_vars/all/openwrt.yml b/inventory/group_vars/all/openwrt.yml
index 38964a4dd725..757039d7a88f 100644
--- a/inventory/group_vars/all/openwrt.yml
+++ b/inventory/group_vars/all/openwrt.yml
@@ -113,6 +113,20 @@ buildmaster:
	   CONFIG_KERNEL_KALLSYMS=y
	   CONFIG_AUTOREMOVE=y
 
+  - name: OpenWrt 21.02
+    branch: openwrt-21.02
+    seedconfig: |-
+      CONFIG_BUILDBOT=y
+      CONFIG_DEVEL=y
+      CONFIG_IMAGEOPT=y
+      CONFIG_VERSIONOPT=y
+      CONFIG_CCACHE=n
+      CONFIG_KERNEL_KALLSYMS=n
+      CONFIG_AUTOREMOVE=y
+      CONFIG_PACKAGE_luci=y
+      CONFIG_IB=y
+      CONFIG_SDK=y
+
   - name: OpenWrt 19.07
	 branch: openwrt-19.07
	 extra_slaves:
diff --git a/inventory/host_vars/fsf-02.yml b/inventory/host_vars/fsf-02.yml
index c71fc30f02b0..613f0982268f 100644
--- a/inventory/host_vars/fsf-02.yml
+++ b/inventory/host_vars/fsf-02.yml
@@ -10,20 +10,20 @@ additional_admins:
 buildslaves:
   fsf-dock-05:
	 master: Snapshot
-    phase: 2
+    phase: 1
	 cpuset: 0-7
 
   fsf-dock-06:
-    master: Snapshot
+    master: OpenWrt 21.02
	 phase: 2
	 cpuset: 8-15
 
   fsf-dock-07:
-    master: Snapshot
+    master: OpenWrt 21.02
	 phase: 2
	 cpuset: 16-23
 
   fsf-dock-08:
-    master: Snapshot
+    master: OpenWrt 21.02
	 phase: 2
	 cpuset: 24-31
diff --git a/inventory/host_vars/fsf-04.yml b/inventory/host_vars/fsf-04.yml
index 76cb874c747e..5c6ec61bbb7a 100644
--- a/inventory/host_vars/fsf-04.yml
+++ b/inventory/host_vars/fsf-04.yml
@@ -9,12 +9,12 @@ additional_admins:
 
 buildslaves:
   fsf-dock-13:
-    master: Snapshot
+    master: OpenWrt 21.02
	 phase: 1
	 cpuset: 0-7
 
   fsf-dock-14:
-    master: Snapshot
+    master: OpenWrt 21.02
	 phase: 1
	 cpuset: 8-15
 
diff --git a/inventory/host_vars/osuosl-vm-03.yml b/inventory/host_vars/osuosl-vm-03.yml
index 7f9cef5d9718..acd3c6037d44 100644
--- a/inventory/host_vars/osuosl-vm-03.yml
+++ b/inventory/host_vars/osuosl-vm-03.yml
@@ -7,5 +7,5 @@ additional_admins:
 
 buildslaves:
   osuosl-dock-03:
-    master: Snapshot
+    master: OpenWrt 21.02
	 phase: 1
diff --git a/inventory/host_vars/osuosl-vm-04.yml b/inventory/host_vars/osuosl-vm-04.yml
index 63db875c3709..e9b7d2ae7567 100644
--- a/inventory/host_vars/osuosl-vm-04.yml
+++ b/inventory/host_vars/osuosl-vm-04.yml
@@ -7,5 +7,5 @@ additional_admins:
 
 buildslaves:
   osuosl-dock-04:
-    master: Snapshot
+    master: OpenWrt 21.02
	 phase: 2
diff --git a/inventory/host_vars/truecz-01.yml b/inventory/host_vars/truecz-01.yml
index 50bc7ca0a655..bd86d1c69360 100644
--- a/inventory/host_vars/truecz-01.yml
+++ b/inventory/host_vars/truecz-01.yml
@@ -4,6 +4,6 @@ contact: Petr Štetiar <ynezz@true.cz>
 
 buildslaves:
   truecz-dock-01:
-    master: Snapshot
+    master: OpenWrt 21.02
	 phase: 1
	 cpuset: 0-7
diff --git a/inventory/host_vars/truecz-02.yml b/inventory/host_vars/truecz-02.yml
index 7199c053a6f3..3263a633acf1 100644
--- a/inventory/host_vars/truecz-02.yml
+++ b/inventory/host_vars/truecz-02.yml
@@ -4,6 +4,6 @@ contact: Petr Štetiar <ynezz@true.cz>
 
 buildslaves:
   truecz-dock-02:
-    master: Snapshot
+    master: OpenWrt 21.02
	 phase: 1
	 cpuset: 0-7

Apply new build infra 21.02

ansible-playbook --diff -i inventories/prod buildworker.yml --tags cfg,recreate-slave --limit fsf-02,fsf-04,osuosl-vm-03,osuosl-vm-04,truecz-01,truecz-02,buildmaster

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2022/03/20 07:43
  • by ynezz