commit 1831f3ced2e3b767ef16244346945216e09cbc07 Author: Sukhbir Singh sukhbir@torproject.org Date: Mon Jul 17 14:31:53 2017 -0400
Update rbm.conf to use runc instead of docker --- rbm.conf | 222 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 198 insertions(+), 24 deletions(-)
diff --git a/rbm.conf b/rbm.conf index 175844d..6c6645c 100644 --- a/rbm.conf +++ b/rbm.conf @@ -1,66 +1,175 @@ # vim: filetype=yaml sw=2 -debug: 1 +debug: '[% GET ! ENV.RBM_NO_DEBUG %]' compress_tar: gz output_dir: "out/[% project %]" +build_log: '[% GET ENV.RBM_LOGS_DIR ? ENV.RBM_LOGS_DIR : "logs" %]/[% project %]-[% c("var/osname") %].log'
pkg_type: build
var: tormessenger_version: '0.5.0b1' copyright_year: '2017' + project_name: tor-messenger + multi_lingual: 0 + build_mar: 1 + # By default, we sort the list of installed packages. This allows sharing + # containers with identical list of packages, even if they are not listed + # in the same order. In the cases where the installation order is + # important, sort_deps should be set to 0. + sort_deps: 1 build_id: '[% sha256(c("var/build_id_txt")).substr(0, 6) %]' build_id_txt: | [% c("version") %] [% IF c("git_hash") || c("hg_hash"); GET c("abbrev"); END; %] - [% IF c("remote_docker") -%] - [% c("distribution") %] + [% IF c("var/container/use_container") -%] + [% c("var/container/suite") %] + [% c("var/container/arch") %] [% END -%] input_files: [% c("input_files_id") %] build: [% c("build", { filename => 'f', output_dir => '/out' }) %] + container: + dir: '[% c("tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]' + user: rbm input_files_list: | [% FOREACH file IN c("input_files_by_name").keys.sort -%] [% c("input_files_by_name/" _ file) %] [% END -%]
+ touch: "[% USE date %]touch -m -t [% date.format(c('timestamp'), format = '%Y%m%d%H%M') %]" + + sign_build: '[% ENV.RBM_SIGN_BUILD %]' + sign_build_gpg_opts: '[% ENV.RBM_GPG_OPTS %]' + + rezip: | + rezip_tmpdir=$(mktemp -d) + mkdir -p "$rezip_tmpdir/z" + unzip -d "$rezip_tmpdir/z" -- [% c("rezip_file") %] || [ $? -lt 3 ] + pushd "$rezip_tmpdir/z" + [% c("zip", { + zip_src => [ '.' ], + zip_args => '$rezip_tmpdir/new.zip', + }) %] + popd + mv -f -- "$rezip_tmpdir/new.zip" [% c("rezip_file") %] + rm -Rf "$rezip_tmpdir" + + set_default_env: | + set -e + [% FOREACH env = c('ENV') -%] + export [% env.key %]="[% env.value %]" + [% END -%] + rootdir=$(pwd) + export SHELL=/bin/bash + export HOME=$rootdir + umask 0022 + targets: notarget: linux-x86_64 noint: debug: 0 + + tormessenger-linux-x86_64: + - linux-x86_64 + - linux + - tor-messenger + tormessenger-linux-i686: + - linux-i686 + - linux + - tor-messenger linux-x86_64: - distribution: Debian-7.11 arch: x86_64 var: - linux: 1 + linux-x86_64: 1 osname: linux-x86_64 - compiler: gcc + container: + arch: amd64 linux-i686: - distribution: Debian-7.11 arch: i686 var: - linux: 1 + linux-i686: 1 osname: linux-i686 - configure_opt: '--host=i686-linux-gnu CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32' + container: + arch: i386 + setarch: | + if test -z "$RBM_SETARCH" + then + export RBM_SETARCH=1 + exec setarch i686 ./build + fi + linux: + var: + linux: 1 compiler: gcc - pre_pkginst: dpkg --add-architecture i386 + container: + suite: wheezy + deps: + - build-essential + - python + - bison + - hardening-wrapper + - automake + - libtool + - zip + - unzip + + tormessenger-windows-i686: + - windows-i686 + - tor-messenger windows-i686: - distribution: Ubuntu-14.10 arch: i686 var: windows: 1 osname: windows-i686 + container: + suite: precise + arch: i386 configure_opt: '--host=i686-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]"' - CFLAGS: '-specs=/var/tmp/dist/mingw-w64/msvcr100.spec -mwindows -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security' - LDFLAGS: '-specs=/var/tmp/dist/mingw-w64/msvcr100.spec -mwindows -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$gcclibs' + CFLAGS: '[% c("var/flag_mwindows") %] -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security' + LDFLAGS: '[% c("var/flag_mwindows") %] -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$gcclibs' + flag_mwindows: '-mwindows' compiler: mingw-w64 + deps: + - build-essential + - python + - bison + - automake + - libtool + - zip + - unzip + faketime_path: /usr/lib/faketime/libfaketime.so.1 + setarch: | + if test -z "$RBM_SETARCH" + then + export RBM_SETARCH=1 + exec setarch i686 ./build + fi + + tormessenger-osx-x86_64: + - osx-x86_64 + - tor-messenger osx-x86_64: - distribution: Ubuntu-12.04 arch: x86_64 var: osx: 1 osname: osx-x86_64 + container: + suite: jessie + arch: amd64 compiler: 'macosx-toolchain' - configure_opt: '--host=x86_64-apple-darwin10 CC="x86_64-apple-darwin10-clang $CFLAGS" CXX="x86_64-apple-darwin10-clang++ $CXXFLAGS"' + configure_opt: '--host=x86_64-apple-darwin10 CC="x86_64-apple-darwin10-clang [% c("var/FLAGS") %]" CXX="x86_64-apple-darwin10-clang++ [% c("var/FLAGS") %]"' + FLAGS: "-target x86_64-apple-darwin10 -mlinker-version=136 -B $cctoolsdir -isysroot $sysrootdir" + LDFLAGS: "-Wl,-syslibroot,$sysrootdir -Wl,-dead_strip -Wl,-pie" + locale_ja: ja-JP-mac + deps: + - build-essential + - python + - bison + - automake + - libtool + - zip + - unzip + faketime_path: /usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
tor-messenger: var: @@ -68,12 +177,6 @@ targets: tor_socks_port: 9152 tor_control_port: 9153
- tor-mail: - var: - tor-mail: 1 - tor_socks_port: 9154 - tor_control_port: 9155 - # The no_build_id target can be useful if you want to quickly display # a build template or other option but don't want to spend time to # compute the various build ids @@ -82,9 +185,6 @@ targets: build_id: 1
-docker_image: '[% pc("docker-image", "docker_save_image") %]' -hg_opt: '--config extensions.bundleclone=[% shell_quote(c("basedir") _ "/tools/version-control-tools/hgext/bundleclone/__init__.py") %]' - # change the default gpg_wrapper to allow git tag signed using an # expired key. # https://bugs.torproject.org/19737 @@ -104,3 +204,77 @@ gpg_wrapper: | else exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@" fi + +remote_start: '[% IF c("var/container/use_container") %][% c("runc/remote_start") %][% END %]' +remote_exec: '[% IF c("var/container/use_container") %][% c("runc/remote_exec") %][% END %]' +remote_put: '[% IF c("var/container/use_container") %][% c("runc/remote_put") %][% END %]' +remote_get: '[% IF c("var/container/use_container") %][% c("runc/remote_get") %][% END %]' +remote_finish: '[% IF c("var/container/use_container") %][% c("runc/remote_finish") %][% END %]' + +runc: + remote_start: | + #!/bin/sh + set -e + if [ $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'* | wc -l) -ne 1 ] + then + echo "Can't find container image in input files" >&2 + ls -l '[% c("remote_srcdir") %]' >&2 + exit 1 + fi + mkdir -p '[% c("var/container/dir") %]'/rootfs/rbm + sudo tar -C '[% c("var/container/dir") %]'/rootfs -xf $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'*) + cat > '[% c("var/container/dir") %]'/config.json << EOF + [% INCLUDE 'runc-config.json' %] + EOF + [% SET user = c("var/container/user") -%] + [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'id ' _ user + _ ' >/dev/null 2>&1 || adduser -m ' _ user _ ' || useradd -m ' _ user }) %] + + remote_exec: | + #!/bin/sh + set -e + mkdir -p '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/rbm + echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/cmd + echo [% shell_quote(c('exec_cmd')) %] >> '[% c("var/container/dir") %]'/rootfs/rbm/cmd + echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/run + [% IF c('exec_as_root'); SET user = 'root'; ELSE; SET user = c("var/container/user", { error_if_undef => 1 }); END; %] + echo 'su - [% user %] -c /rbm/cmd' >> '[% c("var/container/dir") %]'/rootfs/rbm/run + chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/cmd + chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/run + sudo runc start -b '[% c("var/container/dir") %]' rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %] + + remote_put: | + #!/bin/sh + set -e + [% + SET src = shell_quote(c('put_src', { error_if_undef => 1 })); + SET dst = shell_quote(c('put_dst', { error_if_undef => 1 })); + -%] + sudo mkdir -p '[% c("var/container/dir") %]'/rootfs/[% dst %] + sudo cp -aP [% src %] '[% c("var/container/dir") %]'/rootfs/[% dst %] + [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'chown -R ' _ c("var/container/user") _ ' ' _ dst }) %] + + remote_get: | + #!/bin/sh + set -e + [% + SET src = shell_quote(c('get_src', { error_if_undef => 1 })); + SET dst = shell_quote(c('get_dst', { error_if_undef => 1 })); + -%] + mkdir -p [% dst %] + srcdir='[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/[% src %] + if [ $(ls -1 "$srcdir"/* 2> /dev/null | wc -l) -gt 0 ] + then + sudo chown $(whoami) "$srcdir"/* + sudo mv -f "$srcdir"/* [% dst %]/ + fi + + remote_finish: | + #!/bin/sh + set -e + sudo rm -Rf '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs '[% c("var/container/dir", { error_if_undef => 1 }) %]'/config.json + rmdir '[% c("var/container/dir") %]' + +ENV: + TZ: UTC + LC_ALL: C