[tor-commits] [tor-messenger-build/master] Update rbm.conf to use runc instead of docker
sukhbir at torproject.org
sukhbir at torproject.org
Mon Jul 31 14:49:38 UTC 2017
commit 1831f3ced2e3b767ef16244346945216e09cbc07
Author: Sukhbir Singh <sukhbir at torproject.org>
Date: Mon Jul 17 14:31:53 2017 -0400
Update rbm.conf to use runc instead of docker
---
rbm.conf | 222 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 198 insertions(+), 24 deletions(-)
diff --git a/rbm.conf b/rbm.conf
index 175844d..6c6645c 100644
--- a/rbm.conf
+++ b/rbm.conf
@@ -1,66 +1,175 @@
# vim: filetype=yaml sw=2
-debug: 1
+debug: '[% GET ! ENV.RBM_NO_DEBUG %]'
compress_tar: gz
output_dir: "out/[% project %]"
+build_log: '[% GET ENV.RBM_LOGS_DIR ? ENV.RBM_LOGS_DIR : "logs" %]/[% project %]-[% c("var/osname") %].log'
pkg_type: build
var:
tormessenger_version: '0.5.0b1'
copyright_year: '2017'
+ project_name: tor-messenger
+ multi_lingual: 0
+ build_mar: 1
+ # By default, we sort the list of installed packages. This allows sharing
+ # containers with identical list of packages, even if they are not listed
+ # in the same order. In the cases where the installation order is
+ # important, sort_deps should be set to 0.
+ sort_deps: 1
build_id: '[% sha256(c("var/build_id_txt")).substr(0, 6) %]'
build_id_txt: |
[% c("version") %]
[% IF c("git_hash") || c("hg_hash"); GET c("abbrev"); END; %]
- [% IF c("remote_docker") -%]
- [% c("distribution") %]
+ [% IF c("var/container/use_container") -%]
+ [% c("var/container/suite") %]
+ [% c("var/container/arch") %]
[% END -%]
input_files: [% c("input_files_id") %]
build:
[% c("build", { filename => 'f', output_dir => '/out' }) %]
+ container:
+ dir: '[% c("tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]'
+ user: rbm
input_files_list: |
[% FOREACH file IN c("input_files_by_name").keys.sort -%]
[% c("input_files_by_name/" _ file) %]
[% END -%]
+ touch: "[% USE date %]touch -m -t [% date.format(c('timestamp'), format = '%Y%m%d%H%M') %]"
+
+ sign_build: '[% ENV.RBM_SIGN_BUILD %]'
+ sign_build_gpg_opts: '[% ENV.RBM_GPG_OPTS %]'
+
+ rezip: |
+ rezip_tmpdir=$(mktemp -d)
+ mkdir -p "$rezip_tmpdir/z"
+ unzip -d "$rezip_tmpdir/z" -- [% c("rezip_file") %] || [ $? -lt 3 ]
+ pushd "$rezip_tmpdir/z"
+ [% c("zip", {
+ zip_src => [ '.' ],
+ zip_args => '$rezip_tmpdir/new.zip',
+ }) %]
+ popd
+ mv -f -- "$rezip_tmpdir/new.zip" [% c("rezip_file") %]
+ rm -Rf "$rezip_tmpdir"
+
+ set_default_env: |
+ set -e
+ [% FOREACH env = c('ENV') -%]
+ export [% env.key %]="[% env.value %]"
+ [% END -%]
+ rootdir=$(pwd)
+ export SHELL=/bin/bash
+ export HOME=$rootdir
+ umask 0022
+
targets:
notarget: linux-x86_64
noint:
debug: 0
+
+ tormessenger-linux-x86_64:
+ - linux-x86_64
+ - linux
+ - tor-messenger
+ tormessenger-linux-i686:
+ - linux-i686
+ - linux
+ - tor-messenger
linux-x86_64:
- distribution: Debian-7.11
arch: x86_64
var:
- linux: 1
+ linux-x86_64: 1
osname: linux-x86_64
- compiler: gcc
+ container:
+ arch: amd64
linux-i686:
- distribution: Debian-7.11
arch: i686
var:
- linux: 1
+ linux-i686: 1
osname: linux-i686
- configure_opt: '--host=i686-linux-gnu CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32'
+ container:
+ arch: i386
+ setarch: |
+ if test -z "$RBM_SETARCH"
+ then
+ export RBM_SETARCH=1
+ exec setarch i686 ./build
+ fi
+ linux:
+ var:
+ linux: 1
compiler: gcc
- pre_pkginst: dpkg --add-architecture i386
+ container:
+ suite: wheezy
+ deps:
+ - build-essential
+ - python
+ - bison
+ - hardening-wrapper
+ - automake
+ - libtool
+ - zip
+ - unzip
+
+ tormessenger-windows-i686:
+ - windows-i686
+ - tor-messenger
windows-i686:
- distribution: Ubuntu-14.10
arch: i686
var:
windows: 1
osname: windows-i686
+ container:
+ suite: precise
+ arch: i386
configure_opt: '--host=i686-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]"'
- CFLAGS: '-specs=/var/tmp/dist/mingw-w64/msvcr100.spec -mwindows -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security'
- LDFLAGS: '-specs=/var/tmp/dist/mingw-w64/msvcr100.spec -mwindows -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$gcclibs'
+ CFLAGS: '[% c("var/flag_mwindows") %] -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security'
+ LDFLAGS: '[% c("var/flag_mwindows") %] -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$gcclibs'
+ flag_mwindows: '-mwindows'
compiler: mingw-w64
+ deps:
+ - build-essential
+ - python
+ - bison
+ - automake
+ - libtool
+ - zip
+ - unzip
+ faketime_path: /usr/lib/faketime/libfaketime.so.1
+ setarch: |
+ if test -z "$RBM_SETARCH"
+ then
+ export RBM_SETARCH=1
+ exec setarch i686 ./build
+ fi
+
+ tormessenger-osx-x86_64:
+ - osx-x86_64
+ - tor-messenger
osx-x86_64:
- distribution: Ubuntu-12.04
arch: x86_64
var:
osx: 1
osname: osx-x86_64
+ container:
+ suite: jessie
+ arch: amd64
compiler: 'macosx-toolchain'
- configure_opt: '--host=x86_64-apple-darwin10 CC="x86_64-apple-darwin10-clang $CFLAGS" CXX="x86_64-apple-darwin10-clang++ $CXXFLAGS"'
+ configure_opt: '--host=x86_64-apple-darwin10 CC="x86_64-apple-darwin10-clang [% c("var/FLAGS") %]" CXX="x86_64-apple-darwin10-clang++ [% c("var/FLAGS") %]"'
+ FLAGS: "-target x86_64-apple-darwin10 -mlinker-version=136 -B $cctoolsdir -isysroot $sysrootdir"
+ LDFLAGS: "-Wl,-syslibroot,$sysrootdir -Wl,-dead_strip -Wl,-pie"
+ locale_ja: ja-JP-mac
+ deps:
+ - build-essential
+ - python
+ - bison
+ - automake
+ - libtool
+ - zip
+ - unzip
+ faketime_path: /usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
tor-messenger:
var:
@@ -68,12 +177,6 @@ targets:
tor_socks_port: 9152
tor_control_port: 9153
- tor-mail:
- var:
- tor-mail: 1
- tor_socks_port: 9154
- tor_control_port: 9155
-
# The no_build_id target can be useful if you want to quickly display
# a build template or other option but don't want to spend time to
# compute the various build ids
@@ -82,9 +185,6 @@ targets:
build_id: 1
-docker_image: '[% pc("docker-image", "docker_save_image") %]'
-hg_opt: '--config extensions.bundleclone=[% shell_quote(c("basedir") _ "/tools/version-control-tools/hgext/bundleclone/__init__.py") %]'
-
# change the default gpg_wrapper to allow git tag signed using an
# expired key.
# https://bugs.torproject.org/19737
@@ -104,3 +204,77 @@ gpg_wrapper: |
else
exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@"
fi
+
+remote_start: '[% IF c("var/container/use_container") %][% c("runc/remote_start") %][% END %]'
+remote_exec: '[% IF c("var/container/use_container") %][% c("runc/remote_exec") %][% END %]'
+remote_put: '[% IF c("var/container/use_container") %][% c("runc/remote_put") %][% END %]'
+remote_get: '[% IF c("var/container/use_container") %][% c("runc/remote_get") %][% END %]'
+remote_finish: '[% IF c("var/container/use_container") %][% c("runc/remote_finish") %][% END %]'
+
+runc:
+ remote_start: |
+ #!/bin/sh
+ set -e
+ if [ $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'* | wc -l) -ne 1 ]
+ then
+ echo "Can't find container image in input files" >&2
+ ls -l '[% c("remote_srcdir") %]' >&2
+ exit 1
+ fi
+ mkdir -p '[% c("var/container/dir") %]'/rootfs/rbm
+ sudo tar -C '[% c("var/container/dir") %]'/rootfs -xf $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'*)
+ cat > '[% c("var/container/dir") %]'/config.json << EOF
+ [% INCLUDE 'runc-config.json' %]
+ EOF
+ [% SET user = c("var/container/user") -%]
+ [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'id ' _ user
+ _ ' >/dev/null 2>&1 || adduser -m ' _ user _ ' || useradd -m ' _ user }) %]
+
+ remote_exec: |
+ #!/bin/sh
+ set -e
+ mkdir -p '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/rbm
+ echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/cmd
+ echo [% shell_quote(c('exec_cmd')) %] >> '[% c("var/container/dir") %]'/rootfs/rbm/cmd
+ echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/run
+ [% IF c('exec_as_root'); SET user = 'root'; ELSE; SET user = c("var/container/user", { error_if_undef => 1 }); END; %]
+ echo 'su - [% user %] -c /rbm/cmd' >> '[% c("var/container/dir") %]'/rootfs/rbm/run
+ chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/cmd
+ chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/run
+ sudo runc start -b '[% c("var/container/dir") %]' rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %]
+
+ remote_put: |
+ #!/bin/sh
+ set -e
+ [%
+ SET src = shell_quote(c('put_src', { error_if_undef => 1 }));
+ SET dst = shell_quote(c('put_dst', { error_if_undef => 1 }));
+ -%]
+ sudo mkdir -p '[% c("var/container/dir") %]'/rootfs/[% dst %]
+ sudo cp -aP [% src %] '[% c("var/container/dir") %]'/rootfs/[% dst %]
+ [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'chown -R ' _ c("var/container/user") _ ' ' _ dst }) %]
+
+ remote_get: |
+ #!/bin/sh
+ set -e
+ [%
+ SET src = shell_quote(c('get_src', { error_if_undef => 1 }));
+ SET dst = shell_quote(c('get_dst', { error_if_undef => 1 }));
+ -%]
+ mkdir -p [% dst %]
+ srcdir='[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/[% src %]
+ if [ $(ls -1 "$srcdir"/* 2> /dev/null | wc -l) -gt 0 ]
+ then
+ sudo chown $(whoami) "$srcdir"/*
+ sudo mv -f "$srcdir"/* [% dst %]/
+ fi
+
+ remote_finish: |
+ #!/bin/sh
+ set -e
+ sudo rm -Rf '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs '[% c("var/container/dir", { error_if_undef => 1 }) %]'/config.json
+ rmdir '[% c("var/container/dir") %]'
+
+ENV:
+ TZ: UTC
+ LC_ALL: C
More information about the tor-commits
mailing list