Install rpm build

Use python container, don't install git lfs, update RPM sign script

.circleci/config.yml

@@ -197,18 +197,6 @@ common-steps:
         echo $VERSION_TO_BUILD > ~/packaging/sd_version
         echo 'export VERSION_TO_BUILD=$(cat ~/packaging/sd_version)' >> $BASH_ENV
 
-  - &installgitlfs
-    run:
-      name: Install Git LFS.
-      command: |
-        export GIT_LFS_VERSION=2.9.2
-        export GIT_LFS_CHECKSUM=04346234130e518d165bdc7e9964375bbeb3b98efabd042084530cc34288274c
-        wget https://github.com/git-lfs/git-lfs/releases/download/v$GIT_LFS_VERSION/git-lfs-linux-amd64-v$GIT_LFS_VERSION.tar.gz
-        sha256sum git-lfs-linux-amd64-v$GIT_LFS_VERSION.tar.gz | grep $GIT_LFS_CHECKSUM
-        tar xzf git-lfs-linux-amd64-v$GIT_LFS_VERSION.tar.gz
-        sudo mv git-lfs /usr/local/bin/git-lfs
-        git lfs install
-
   - &commitworkstationdebs
     run:
       name: Commit workstation debs for deployment to apt-test-qubes.freedom.press
@@ -449,11 +437,11 @@ jobs:
       - *builddebianpackage
 
   build-nightly-dom0-rpm:
-    machine:
-      image: ubuntu-1604:201903-01
+    docker:
+      - image: circleci/python:3.7-buster
     steps:
       - checkout
-      - *installgitlfs
+      - *installdeps
       - *clonesecuredropworkstation
       - *getrpmnightlyversion
       - *buildrpm
@@ -462,11 +450,11 @@ jobs:
       - *commitworkstationrpms
 
   make-dom0-rpm:
-    machine:
-      image: ubuntu-1604:201903-01
+    docker:
+      - image: circleci/python:3.7-buster
     steps:
       - checkout
-      - *installgitlfs
+      - *installdeps
       - *clonesecuredropworkstation
       - *getlatestreleasedversion
       - *buildrpm

devops/ci-sign-rpm

@@ -2,31 +2,12 @@ set -u
 set -e
 
 # Same version as: https://github.com/freedomofpress/securedrop-workstation/blob/main/scripts/build-dom0-rpm#L10
-export FEDORA_PKGR_VER=0.6.0.1-1.fc25
-export USER_RPMDIR="/home/circleci/packaging/securedrop-workstation/rpm-build"
-export CI_DEVOPS_FOLDER="/home/circleci/project/devops"
-
-function build_docker_container {
-    docker build ${CI_DEVOPS_FOLDER} \
-                 --build-arg FEDORA_PKGR_VER=${FEDORA_PKGR_VER} \
-                 --tag rpm-sign
-}
-
-function docker_cmd_wrapper() {
-    docker run -it \
-               --network=none \
-               -e SD_TEST_GPG_PRIVKEY \
-               -v "${USER_RPMDIR}:/home/circleci/rpm-build" \
-               rpm-sign \
-               /bin/bash -c "$@"
-}
-
-build_docker_container
-
-RPM_PATH=/home/circleci/rpm-build/RPMS/noarch/*.rpm
-docker_cmd_wrapper "echo $SD_TEST_GPG_PRIVKEY | base64 -di | gpg2 --import && \
-                    gpg2 --export --armor 4A3BE4A92211B03C > pubkey.asc && \
-                    sudo rpm --import pubkey.asc && \
-                    sudo chown -R circleci ~/rpm-build && \
-                    rpmsign --define \"_gpg_name 4ED79CC3362D7D12837046024A3BE4A92211B03C\" --resign $RPM_PATH && \
-                    rpm --checksig -v $RPM_PATH"
+RPMDIR="/home/circleci/packaging/securedrop-workstation/rpm-build"
+RPM_PATH="${RPMDIR}/RPMS/noarch/*.rpm"
+
+echo $SD_TEST_GPG_PRIVKEY | base64 -di | gpg --import
+gpg --export --armor 4A3BE4A92211B03C > pubkey.asc
+sudo rpm --import pubkey.asc
+sudo chown -R circleci ~/packaging/securedrop-workstation/rpm-build
+rpmsign --define \"_gpg_name 4ED79CC3362D7D12837046024A3BE4A92211B03C\" --resign $RPM_PATH
+rpm --checksig -v $RPM_PATH"

scripts/install-deps

@@ -22,6 +22,7 @@ sudo apt-get install  \
     python3-pip \
     python3-setuptools \
     reprotest \
+    rpm \
     desktop-file-utils