From 33c7ea6d3b84d8b8fabf7cbf7860d0258d172894 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Thu, 2 Nov 2023 10:39:45 +0100 Subject: [PATCH 01/28] WIP build debian package Struggling with creating an appropriate file name "automatically"; Ideally, - the version is chosen from the STABLE_GIT_VERSION thing - the architecture string is determined based on the chosen "platform" information. I've not figured out how to access this information, and do something with it... Alternative approach could be use a "transition" (?) to _set_ the platform for specific target. Then we could define separate targets to build for amd64, arm, etc. and don't need to find this out. This might even be nicer, because then a single bazel build invocation could build everytrhing without having to specify flags. --- dist/BUILD.bazel | 62 ++++++++++++++++++++++++++++++ dist/debian/scion.postinst | 33 ++++++++++++++++ dist/systemd/scion-router@.service | 20 ++++++++++ 3 files changed, 115 insertions(+) create mode 100644 dist/BUILD.bazel create mode 100644 dist/debian/scion.postinst create mode 100644 dist/systemd/scion-router@.service diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel new file mode 100644 index 0000000000..21b5f99b36 --- /dev/null +++ b/dist/BUILD.bazel @@ -0,0 +1,62 @@ +load("@rules_pkg//pkg:mappings.bzl", "pkg_attributes", "pkg_filegroup", "pkg_files", "pkg_mkdirs", "strip_prefix") +load("@rules_pkg//:pkg.bzl", "pkg_deb", "pkg_tar") +load(":package_name_variables.bzl", "package_name_variables") + +# Variables used to prepare DEB and RPM packages +PKG_HOMEPAGE = "https://github.com/scionproto/scion" +PKG_MAINTAINER = "SCION Contributors" # FIXME +# License +PKG_PRORITY = "optional" +PKG_SECTION = "net" + +package_name_variables( + name = "package_name_variables", + revision = "1", +) + +# SCION Router +pkg_tar( + name = "router-bin", + srcs = [ + "//router/cmd/router:router" + ], + mode = "0755", + package_dir = "/usr/bin", +) + +pkg_tar( + name = "router-systemd", + srcs = [ + "systemd/scion-router@.service", + ], + mode = "0644", + package_dir = "/lib/systemd/system", +) + +pkg_tar( + name = "router", + extension = "tar.gz", + deps = [ + ":router-bin", + ":router-systemd", + ], +) + +pkg_deb( + name = "router-deb", + data = ":router", + depends = [ + "adduser", + ], + description = "SCION router", #FIXME + homepage = PKG_HOMEPAGE, + maintainer = PKG_MAINTAINER, + package = "scion-router", + #postinst = "debian/scripts/scion.postinst", + # TODO: use debhelper library scripts to deal with user mgmt, systemd, ... + priority = PKG_PRORITY, + section = PKG_SECTION, + version = "WHAAAAT", + package_file_name = "scion-router_{version}-{revision}_{target_cpu}.deb", + package_variables = ":package_name_variables", +) diff --git a/dist/debian/scion.postinst b/dist/debian/scion.postinst new file mode 100644 index 0000000000..321dfaa183 --- /dev/null +++ b/dist/debian/scion.postinst @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +# source debconf library +. /usr/share/debconf/confmodule + +case "$1" in + configure) + adduser --system --home /var/lib/scion -create-home --group scion + + # Create configuration directory + mkdir -p /etc/scion/ + chown -R scion:scion /etc/scion/ + ;; + abort-*) + # we get here if e.g. prerm fails + exit 1 + ;; + *) + ;; +esac diff --git a/dist/systemd/scion-router@.service b/dist/systemd/scion-router@.service new file mode 100644 index 0000000000..e9e1cd8719 --- /dev/null +++ b/dist/systemd/scion-router@.service @@ -0,0 +1,20 @@ +[Unit] +Description=SCION Router +Documentation=https://docs.scion.org +After=network-online.target +Wants=network-online.target +PartOf=scion.target + +[Service] +Type=simple +User=scion +Group=scion +ExecStart=/usr/bin/scion-router --config /etc/scion/%i.toml +RemainAfterExit=False +KillMode=control-group +Restart=on-failure + +[Install] +# FIXME unusual wantedby target ? +WantedBy=scion.target +DefaultInstance=br-1 From f97ed2a2a2aa15490b9c0e443a3de623017643e6 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Fri, 10 Nov 2023 11:19:27 +0100 Subject: [PATCH 02/28] WIP: use a transition to cross compile, yeah it works --- dist/BUILD.bazel | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel index 21b5f99b36..923889e97b 100644 --- a/dist/BUILD.bazel +++ b/dist/BUILD.bazel @@ -1,6 +1,7 @@ load("@rules_pkg//pkg:mappings.bzl", "pkg_attributes", "pkg_filegroup", "pkg_files", "pkg_mkdirs", "strip_prefix") load("@rules_pkg//:pkg.bzl", "pkg_deb", "pkg_tar") load(":package_name_variables.bzl", "package_name_variables") +load("@aspect_bazel_lib//lib:transitions.bzl", "platform_transition_binary", "platform_transition_filegroup") # Variables used to prepare DEB and RPM packages PKG_HOMEPAGE = "https://github.com/scionproto/scion" @@ -42,9 +43,16 @@ pkg_tar( ], ) +platform_transition_filegroup( + name = "router-arm64", + srcs = [":router"], + target_platform = "@io_bazel_rules_go//go/toolchain:linux_arm64", +) + + pkg_deb( name = "router-deb", - data = ":router", + data = ":router-arm64", depends = [ "adduser", ], @@ -57,6 +65,7 @@ pkg_deb( priority = PKG_PRORITY, section = PKG_SECTION, version = "WHAAAAT", - package_file_name = "scion-router_{version}-{revision}_{target_cpu}.deb", - package_variables = ":package_name_variables", + package_file_name = "scion-router_v0.9.1-0_arm64.deb" + #package_file_name = "scion-router_{version}-{revision}_{target_cpu}.deb", + #package_variables = ":package_name_variables", ) From 370ec3696a7b219fbc7f4c6ff2e95818cc6b340b Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Thu, 23 Nov 2023 14:52:24 +0100 Subject: [PATCH 03/28] debian packages for all components for multiple platforms --- dist/BUILD.bazel | 141 ++++++++++++++++---------- dist/conffiles/dispatcher.toml | 9 ++ dist/conffiles/sciond.toml | 20 ++++ dist/conffiles/sig.json | 11 ++ dist/conffiles/sig.toml | 8 ++ dist/debian/scion.postinst | 17 +--- dist/package.bzl | 114 +++++++++++++++++++++ dist/systemd/scion-control@.service | 15 +++ dist/systemd/scion-daemon.service | 15 +++ dist/systemd/scion-dispatcher.service | 17 ++++ dist/systemd/scion-ip-gateway.service | 15 +++ dist/systemd/scion-router@.service | 8 +- nogo.json | 3 +- 13 files changed, 320 insertions(+), 73 deletions(-) create mode 100644 dist/conffiles/dispatcher.toml create mode 100644 dist/conffiles/sciond.toml create mode 100644 dist/conffiles/sig.json create mode 100644 dist/conffiles/sig.toml create mode 100644 dist/package.bzl create mode 100644 dist/systemd/scion-control@.service create mode 100644 dist/systemd/scion-daemon.service create mode 100644 dist/systemd/scion-dispatcher.service create mode 100644 dist/systemd/scion-ip-gateway.service diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel index 923889e97b..c4aaffdc3d 100644 --- a/dist/BUILD.bazel +++ b/dist/BUILD.bazel @@ -1,71 +1,106 @@ -load("@rules_pkg//pkg:mappings.bzl", "pkg_attributes", "pkg_filegroup", "pkg_files", "pkg_mkdirs", "strip_prefix") -load("@rules_pkg//:pkg.bzl", "pkg_deb", "pkg_tar") -load(":package_name_variables.bzl", "package_name_variables") -load("@aspect_bazel_lib//lib:transitions.bzl", "platform_transition_binary", "platform_transition_filegroup") +load("@rules_pkg//pkg:pkg.bzl", "pkg_tar") +load(":package.bzl", "scion_multiarch_pkg_deb") -# Variables used to prepare DEB and RPM packages -PKG_HOMEPAGE = "https://github.com/scionproto/scion" -PKG_MAINTAINER = "SCION Contributors" # FIXME -# License -PKG_PRORITY = "optional" -PKG_SECTION = "net" - -package_name_variables( - name = "package_name_variables", - revision = "1", +scion_multiarch_pkg_deb( + name = "router-deb", + package = "scion-router", + executables = { + "//router/cmd/router:router": "/usr/bin/scion-router", + }, + systemds = [ "systemd/scion-router@.service" ], + depends = [ + "adduser", + ], + description = "SCION inter-domain network architecture border router", + postinst = "debian/scion.postinst", ) -# SCION Router -pkg_tar( - name = "router-bin", - srcs = [ - "//router/cmd/router:router" +scion_multiarch_pkg_deb( + name = "control-deb", + package = "scion-control", + executables = { + "//control/cmd/control:control": "scion-control", + }, + systemds = [ "systemd/scion-control@.service" ], + configs = [], + description = "SCION inter-domain network architecture control service", + depends = [ + "adduser", + "scion-dispatcher", ], - mode = "0755", - package_dir = "/usr/bin", + postinst = "debian/scion.postinst", ) -pkg_tar( - name = "router-systemd", - srcs = [ - "systemd/scion-router@.service", +scion_multiarch_pkg_deb( + name = "dispatcher-deb", + package = "scion-dispatcher", + executables = { + "//dispatcher/cmd/dispatcher:dispatcher": "scion-dispatcher", + }, + systemds = [ "systemd/scion-dispatcher.service" ], + configs = [ "conffiles/dispatcher.toml" ], + description = "SCION dispatcher", + depends = [ + "adduser", ], - mode = "0644", - package_dir = "/lib/systemd/system", + postinst = "debian/scion.postinst", ) -pkg_tar( - name = "router", - extension = "tar.gz", - deps = [ - ":router-bin", - ":router-systemd", +scion_multiarch_pkg_deb( + name = "daemon-deb", + package = "scion-daemon", + executables = { + "//daemon/cmd/daemon:daemon": "scion-daemon", + }, + systemds = [ "systemd/scion-daemon.service" ], + configs = [ "conffiles/sciond.toml" ], + description = "SCION dispatcher", + depends = [ + "adduser", ], + postinst = "debian/scion.postinst", ) -platform_transition_filegroup( - name = "router-arm64", - srcs = [":router"], - target_platform = "@io_bazel_rules_go//go/toolchain:linux_arm64", +scion_multiarch_pkg_deb( + name = "gateway-deb", + package = "scion-ip-gateway", + executables = { + "//gateway/cmd/gateway:gateway": "scion-ip-gateway", + }, + systemds = [ "systemd/scion-ip-gateway.service" ], + configs = [ "conffiles/sig.toml", "conffiles/sig.json" ], + description = "SCION-IP Gateway", + depends = [ + "adduser", + "scion-dispatcher", + "scion-daemon", + ], + postinst = "debian/scion.postinst", ) - -pkg_deb( - name = "router-deb", - data = ":router-arm64", +scion_multiarch_pkg_deb( + name = "tools-deb", + package = "scion-tools", + executables = { + "//scion/cmd/scion:scion": "scion", + "//scion-pki/cmd/scion-pki:scion-pki": "scion-pki", + }, + description = "SCION tools", depends = [ "adduser", + "scion-dispatcher", + "scion-daemon", ], - description = "SCION router", #FIXME - homepage = PKG_HOMEPAGE, - maintainer = PKG_MAINTAINER, - package = "scion-router", - #postinst = "debian/scripts/scion.postinst", - # TODO: use debhelper library scripts to deal with user mgmt, systemd, ... - priority = PKG_PRORITY, - section = PKG_SECTION, - version = "WHAAAAT", - package_file_name = "scion-router_v0.9.1-0_arm64.deb" - #package_file_name = "scion-router_{version}-{revision}_{target_cpu}.deb", - #package_variables = ":package_name_variables", +) + +filegroup( + name = "all-deb", + srcs = [ + "router-deb", + "control-deb", + "dispatcher-deb", + "daemon-deb", + "gateway-deb", + "tools-deb", + ] ) diff --git a/dist/conffiles/dispatcher.toml b/dist/conffiles/dispatcher.toml new file mode 100644 index 0000000000..3b3f1921a2 --- /dev/null +++ b/dist/conffiles/dispatcher.toml @@ -0,0 +1,9 @@ +[dispatcher] +id = "dispatcher" +socket_file_mode = "0777" + +[log.console] +level = "info" + +# [metrics] +# prometheus = "[127.0.0.1]:30441" diff --git a/dist/conffiles/sciond.toml b/dist/conffiles/sciond.toml new file mode 100644 index 0000000000..b6be9d00a1 --- /dev/null +++ b/dist/conffiles/sciond.toml @@ -0,0 +1,20 @@ +[general] +id = "sd" +config_dir = "/etc/scion" +reconnect_to_dispatcher = true + +[path_db] +connection = "/var/lib/scion/sd.path.db" + +[trust_db] +connection = "/var/lib/scion/sd.trust.db" + +# [drkey_db] +# connection = "/var/lib/scion/sd.drkey.db" + +[log.console] +level = "info" + +# Optionally expose metrics and other local control endpoints. +# [metrics] +# prometheus = "127.0.0.1:30455" diff --git a/dist/conffiles/sig.json b/dist/conffiles/sig.json new file mode 100644 index 0000000000..346a9f6e29 --- /dev/null +++ b/dist/conffiles/sig.json @@ -0,0 +1,11 @@ +{ + "ASes": { + "": { + "Nets": [ + "" + ] + } + }, + "ConfigVersion": 9001 +} + diff --git a/dist/conffiles/sig.toml b/dist/conffiles/sig.toml new file mode 100644 index 0000000000..151654e78c --- /dev/null +++ b/dist/conffiles/sig.toml @@ -0,0 +1,8 @@ +[gateway] +traffic_policy_file = "/etc/scion/sig.json" + +[tunnel] +name = "sig" + +[log.console] +level = "info" diff --git a/dist/debian/scion.postinst b/dist/debian/scion.postinst index 321dfaa183..4e67e38575 100644 --- a/dist/debian/scion.postinst +++ b/dist/debian/scion.postinst @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/bash set -e # summary of how this script can be called: @@ -13,20 +13,13 @@ set -e # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package -# source debconf library -. /usr/share/debconf/confmodule - case "$1" in configure) - adduser --system --home /var/lib/scion -create-home --group scion - + # Create system user + adduser --system --home /var/lib/scion --group scion # Create configuration directory - mkdir -p /etc/scion/ - chown -R scion:scion /etc/scion/ - ;; - abort-*) - # we get here if e.g. prerm fails - exit 1 + mkdir /etc/scion/ >& /dev/null || true + chown scion:scion /etc/scion/ ;; *) ;; diff --git a/dist/package.bzl b/dist/package.bzl new file mode 100644 index 0000000000..75e902ace2 --- /dev/null +++ b/dist/package.bzl @@ -0,0 +1,114 @@ +load("@rules_pkg//pkg:pkg.bzl", "pkg_deb", "pkg_tar") +load("@aspect_bazel_lib//lib:transitions.bzl", "platform_transition_filegroup") + +SCION_PKG_GIT_VERSION = "0.9.1" +SCION_PKG_REVISION = "1" +SCION_PKG_VERSION = "%s-%s" % (SCION_PKG_GIT_VERSION, SCION_PKG_REVISION) + +SCION_PKG_HOMEPAGE = "https://github.com/scionproto/scion" +SCION_PKG_MAINTAINER = "SCION Contributors" +SCION_PKG_LICENSE = "Apache 2.0" +SCION_PKG_PRIORITY = "optional" +SCION_PKG_SECTION = "net" + +SCION_PKG_PLATFORMS = { + "@io_bazel_rules_go//go/toolchain:linux_amd64": "amd64", + "@io_bazel_rules_go//go/toolchain:linux_arm64": "arm64", + "@io_bazel_rules_go//go/toolchain:linux_386": "i386", + "@io_bazel_rules_go//go/toolchain:linux_arm": "armel", # default GOARM=5, armhf would be GOARM=6; not sure how to set +} + +def scion_multiarch_pkg_deb(name, executables = {}, systemds = [], configs = [], **kwargs): + """ + Create a pkg_deb rule for a fixed range of supported platforms. + + The package content, the _data_ arg for the pkg_deb rule, is assembled from: + + - executables: Map Label (the executable) -> string, the basename of the executable in the package + Executables are installed to /usr/bin/ + - systemds: List[string], the systemd unit files to be installed in /lib/systemd/system/ + - configs: List[string], the configuration files to be installed in /etc/scion/ + + The values for the pkg_deb args + - homepage + - maintainer + - priority + - section + - license + - version + - conffiles + default to SCION-specific values, but can be overridden. + """ + + data = "%s_data" % name + _scion_pkg_deb_data( + name = data, + executables = executables, + systemds = systemds, + configs = configs, + visibility = ["//visibility:private"], + tags = ["manual"], + ) + conffiles = [ "/etc/scion/" + _basename(file) for file in configs ] # FIXME deduplicate + kwargs.setdefault('conffiles', conffiles) + + pkgs = [] + for target_platform, architecture in SCION_PKG_PLATFORMS.items(): + pkg_arch = "%s_%s" % (name, architecture) + data_arch = "%s_data_%s" % (name, architecture) + platform_transition_filegroup( + name = data_arch, + srcs = [data], + target_platform = target_platform, + visibility = ["//visibility:private"], + tags = ["manual"], + ) + _scion_pkg_deb( + name = pkg_arch, + data = data_arch, + architecture = architecture, + **kwargs, + ) + pkgs.append(pkg_arch) + + native.filegroup( + name = name, + srcs = pkgs, + ) + +def _scion_pkg_deb_data(name, executables, systemds, configs, **kwargs): + executable_files = { label : "/usr/bin/" + basename for label, basename in executables.items() } + systemd_files = { file : "/lib/systemd/system/" + _basename(file) for file in systemds } + config_files = { file : "/etc/scion/" + _basename(file) for file in configs } + + files = {} + files.update(executable_files) + files.update(systemd_files) + files.update(config_files) + + pkg_tar( + name = name, + extension = "tar.gz", + files = files, + # executables should be executable + modes = { + exec_filepath: "755" for exec_filepath in executable_files.values() + }, + mode = "644", # for everything else + **kwargs, + ) + +def _scion_pkg_deb(name, **kwargs): + kwargs.setdefault('homepage', SCION_PKG_HOMEPAGE) + kwargs.setdefault('maintainer', SCION_PKG_MAINTAINER) + kwargs.setdefault('priority', SCION_PKG_PRIORITY) + kwargs.setdefault('section', SCION_PKG_SECTION) + kwargs.setdefault('license', SCION_PKG_LICENSE) + kwargs.setdefault('version', SCION_PKG_VERSION) + pkg_deb( + name = name, + **kwargs + ) + +def _basename(s): + return s.split('/')[-1] diff --git a/dist/systemd/scion-control@.service b/dist/systemd/scion-control@.service new file mode 100644 index 0000000000..9db8f9ee0a --- /dev/null +++ b/dist/systemd/scion-control@.service @@ -0,0 +1,15 @@ +[Unit] +Description=SCION Control Service +Documentation=https://docs.scion.org +After=network-online.target scion-dispatcher.service +Wants=scion-dispatcher.service + +[Service] +Type=simple +User=scion +Group=scion +ExecStart=/usr/bin/scion-control --config /etc/scion/%i.toml +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/dist/systemd/scion-daemon.service b/dist/systemd/scion-daemon.service new file mode 100644 index 0000000000..9b5bdc91d8 --- /dev/null +++ b/dist/systemd/scion-daemon.service @@ -0,0 +1,15 @@ +[Unit] +Description=SCION Daemon +Documentation=https://docs.scion.org +After=network-online.target scion-dispatcher.service +Wants=scion-dispatcher.service + +[Service] +Type=simple +User=scion +Group=scion +ExecStart=/usr/bin/sciond --config /etc/scion/sciond.toml +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/dist/systemd/scion-dispatcher.service b/dist/systemd/scion-dispatcher.service new file mode 100644 index 0000000000..644a07a4cb --- /dev/null +++ b/dist/systemd/scion-dispatcher.service @@ -0,0 +1,17 @@ +[Unit] +Description=SCION Dispatcher +Documentation=https://docs.scion.org +After=network-online.target + +[Service] +Type=simple +User=scion +Group=scion +ExecStartPre=/bin/rm -rf /run/shm/dispatcher/ +ExecStart=/usr/bin/scion-dispatcher --config /etc/scion/dispatcher.toml +LimitNOFILE=4096 +Restart=on-failure +RestartSec=10 + +[Install] +WantedBy=multi-user.target diff --git a/dist/systemd/scion-ip-gateway.service b/dist/systemd/scion-ip-gateway.service new file mode 100644 index 0000000000..f5eca46b51 --- /dev/null +++ b/dist/systemd/scion-ip-gateway.service @@ -0,0 +1,15 @@ +[Unit] +Description=SCION IP Gateway +Documentation=https://docs.scion.org +After=network-online.target scion-daemon.service +Wants=scion-daemon.service + +[Service] +Type=simple +User=scion +Group=scion +ExecStart=/usr/bin/scion-ip-gateway --config /etc/scion/sig.toml +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/dist/systemd/scion-router@.service b/dist/systemd/scion-router@.service index e9e1cd8719..1c1d9ba106 100644 --- a/dist/systemd/scion-router@.service +++ b/dist/systemd/scion-router@.service @@ -2,19 +2,13 @@ Description=SCION Router Documentation=https://docs.scion.org After=network-online.target -Wants=network-online.target -PartOf=scion.target [Service] Type=simple User=scion Group=scion ExecStart=/usr/bin/scion-router --config /etc/scion/%i.toml -RemainAfterExit=False -KillMode=control-group Restart=on-failure [Install] -# FIXME unusual wantedby target ? -WantedBy=scion.target -DefaultInstance=br-1 +WantedBy=multi-user.target diff --git a/nogo.json b/nogo.json index d3ada15681..d9ee896b1a 100644 --- a/nogo.json +++ b/nogo.json @@ -102,7 +102,8 @@ }, "shift": { "exclude_files": { - "/com_github_marten_seemann_qtls/": "" + "/com_github_marten_seemann_qtls/": "", + "/org_modernc_mathutil/": "" } }, "stdmethods": { From 39b5b410b45f4819c95ad0e43888c3e46d3ed362 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Thu, 23 Nov 2023 17:58:46 +0100 Subject: [PATCH 04/28] avoid rebuild of mgmtapi targets for different platform --- private/mgmtapi/api.bzl | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/private/mgmtapi/api.bzl b/private/mgmtapi/api.bzl index 51872d095b..5c02b7703e 100644 --- a/private/mgmtapi/api.bzl +++ b/private/mgmtapi/api.bzl @@ -5,6 +5,7 @@ Macros for generating Go code from OpenAPI specs. load("//tools/lint:write_source_files.bzl", "write_source_files") load("//rules_openapi:defs.bzl", _openapi_generate_go = "openapi_generate_go") load("@npm//private/mgmtapi/tools:@redocly/cli/package_json.bzl", redocly_bin = "bin") +load("@aspect_bazel_lib//lib:transitions.bzl", "platform_transition_filegroup") def openapi_docs( name, @@ -20,13 +21,15 @@ def openapi_docs( out: The output HTML file. **kwargs: Additional arguments to pass to openapi binary. """ - - redocly_bin.openapi( + _target_platform_independent( + redocly_bin.openapi, name = name, srcs = [src], outs = [out], args = ["build-docs", "--output", "../../../$@", "../../../$(location {})".format(src)], - **kwargs + visibility = ["//visibility:private"], + tags = ["manual"], + **kwargs, ) def openapi_bundle( @@ -59,7 +62,8 @@ def openapi_bundle( ], **kwargs ) - native.genrule( + _target_platform_independent( + native.genrule, name = name, srcs = [name + "-no-header"], outs = [name + ".bzl.gen.yml"], @@ -104,7 +108,29 @@ def openapi_generate_go( **kwargs ) - write_source_files( + _target_platform_independent( + write_source_files, name = "write_files", files = write_files, ) + +def _target_platform_independent(func, name, **kwargs): + kwargs_vt = {} + if 'visibility' in kwargs: + kwargs_vt['visibility'] = kwargs.pop('visibility') + if 'tags' in kwargs: + kwargs_vt['tags'] = kwargs.pop('tags') + + func( + name = name + "-platform-independent", + visibility = ["//visibility:private"], + tags = ["manual"], + **kwargs + ) + + platform_transition_filegroup( + name = name, + srcs = [name + "-platform-independent"], + target_platform = "@local_config_platform//:host", # reset to default value, to allow reusing this for different target platforms + **kwargs_vt, + ) From 04a4876d22c5e3d6d68bbcbfd1efd1110aba4e3f Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Fri, 24 Nov 2023 12:13:26 +0100 Subject: [PATCH 05/28] different way to structure the multi-platform build --- dist/BUILD.bazel | 18 ++++----- dist/package.bzl | 100 +++++++++++++++++++++++++---------------------- 2 files changed, 63 insertions(+), 55 deletions(-) diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel index c4aaffdc3d..43a8116ca5 100644 --- a/dist/BUILD.bazel +++ b/dist/BUILD.bazel @@ -1,7 +1,7 @@ load("@rules_pkg//pkg:pkg.bzl", "pkg_tar") -load(":package.bzl", "scion_multiarch_pkg_deb") +load(":package.bzl", "scion_pkg_deb", "multiplatform_filegroup") -scion_multiarch_pkg_deb( +scion_pkg_deb( name = "router-deb", package = "scion-router", executables = { @@ -15,7 +15,7 @@ scion_multiarch_pkg_deb( postinst = "debian/scion.postinst", ) -scion_multiarch_pkg_deb( +scion_pkg_deb( name = "control-deb", package = "scion-control", executables = { @@ -31,7 +31,7 @@ scion_multiarch_pkg_deb( postinst = "debian/scion.postinst", ) -scion_multiarch_pkg_deb( +scion_pkg_deb( name = "dispatcher-deb", package = "scion-dispatcher", executables = { @@ -46,7 +46,7 @@ scion_multiarch_pkg_deb( postinst = "debian/scion.postinst", ) -scion_multiarch_pkg_deb( +scion_pkg_deb( name = "daemon-deb", package = "scion-daemon", executables = { @@ -61,7 +61,7 @@ scion_multiarch_pkg_deb( postinst = "debian/scion.postinst", ) -scion_multiarch_pkg_deb( +scion_pkg_deb( name = "gateway-deb", package = "scion-ip-gateway", executables = { @@ -78,7 +78,7 @@ scion_multiarch_pkg_deb( postinst = "debian/scion.postinst", ) -scion_multiarch_pkg_deb( +scion_pkg_deb( name = "tools-deb", package = "scion-tools", executables = { @@ -93,8 +93,8 @@ scion_multiarch_pkg_deb( ], ) -filegroup( - name = "all-deb", +multiplatform_filegroup( + name = "deb", srcs = [ "router-deb", "control-deb", diff --git a/dist/package.bzl b/dist/package.bzl index 75e902ace2..cc2e6d7ca5 100644 --- a/dist/package.bzl +++ b/dist/package.bzl @@ -11,17 +11,15 @@ SCION_PKG_LICENSE = "Apache 2.0" SCION_PKG_PRIORITY = "optional" SCION_PKG_SECTION = "net" -SCION_PKG_PLATFORMS = { - "@io_bazel_rules_go//go/toolchain:linux_amd64": "amd64", - "@io_bazel_rules_go//go/toolchain:linux_arm64": "arm64", - "@io_bazel_rules_go//go/toolchain:linux_386": "i386", - "@io_bazel_rules_go//go/toolchain:linux_arm": "armel", # default GOARM=5, armhf would be GOARM=6; not sure how to set -} - -def scion_multiarch_pkg_deb(name, executables = {}, systemds = [], configs = [], **kwargs): - """ - Create a pkg_deb rule for a fixed range of supported platforms. +SCION_PKG_PLATFORMS = [ + "@io_bazel_rules_go//go/toolchain:linux_amd64", + "@io_bazel_rules_go//go/toolchain:linux_arm64", + "@io_bazel_rules_go//go/toolchain:linux_386", + "@io_bazel_rules_go//go/toolchain:linux_arm", +] +def scion_pkg_deb(name, executables = {}, systemds = [], configs = [], **kwargs): + """ The package content, the _data_ arg for the pkg_deb rule, is assembled from: - executables: Map Label (the executable) -> string, the basename of the executable in the package @@ -38,6 +36,8 @@ def scion_multiarch_pkg_deb(name, executables = {}, systemds = [], configs = [], - version - conffiles default to SCION-specific values, but can be overridden. + + - architecture is set based on the platform. """ data = "%s_data" % name @@ -49,31 +49,30 @@ def scion_multiarch_pkg_deb(name, executables = {}, systemds = [], configs = [], visibility = ["//visibility:private"], tags = ["manual"], ) - conffiles = [ "/etc/scion/" + _basename(file) for file in configs ] # FIXME deduplicate - kwargs.setdefault('conffiles', conffiles) - - pkgs = [] - for target_platform, architecture in SCION_PKG_PLATFORMS.items(): - pkg_arch = "%s_%s" % (name, architecture) - data_arch = "%s_data_%s" % (name, architecture) - platform_transition_filegroup( - name = data_arch, - srcs = [data], - target_platform = target_platform, - visibility = ["//visibility:private"], - tags = ["manual"], - ) - _scion_pkg_deb( - name = pkg_arch, - data = data_arch, - architecture = architecture, - **kwargs, - ) - pkgs.append(pkg_arch) + conffiles = [ "/etc/scion/" + _basename(file) for file in configs ] - native.filegroup( + kwargs.setdefault('homepage', SCION_PKG_HOMEPAGE) + kwargs.setdefault('maintainer', SCION_PKG_MAINTAINER) + kwargs.setdefault('priority', SCION_PKG_PRIORITY) + kwargs.setdefault('section', SCION_PKG_SECTION) + kwargs.setdefault('license', SCION_PKG_LICENSE) + kwargs.setdefault('version', SCION_PKG_VERSION) + kwargs.setdefault('conffiles', conffiles) + pkg_deb( name = name, - srcs = pkgs, + data = data, + architecture = select({ + "@platforms//cpu:x86_64": "amd64", + "@platforms//cpu:x86_32": "i386", + "@platforms//cpu:aarch64": "arm64", + "@platforms//cpu:arm": "armel", + "@platforms//cpu:s390x": "s390x", + # Note: some rules_go toolchains don't (currently) seem to map (cleanly) to @platforms//cpu. + # "@platforms//cpu:ppc": "ppc64", + # "@platforms//cpu:ppc64le": "ppc64le", + }), + target_compatible_with = ["@platforms//os:linux"], + **kwargs, ) def _scion_pkg_deb_data(name, executables, systemds, configs, **kwargs): @@ -90,7 +89,6 @@ def _scion_pkg_deb_data(name, executables, systemds, configs, **kwargs): name = name, extension = "tar.gz", files = files, - # executables should be executable modes = { exec_filepath: "755" for exec_filepath in executable_files.values() }, @@ -98,17 +96,27 @@ def _scion_pkg_deb_data(name, executables, systemds, configs, **kwargs): **kwargs, ) -def _scion_pkg_deb(name, **kwargs): - kwargs.setdefault('homepage', SCION_PKG_HOMEPAGE) - kwargs.setdefault('maintainer', SCION_PKG_MAINTAINER) - kwargs.setdefault('priority', SCION_PKG_PRIORITY) - kwargs.setdefault('section', SCION_PKG_SECTION) - kwargs.setdefault('license', SCION_PKG_LICENSE) - kwargs.setdefault('version', SCION_PKG_VERSION) - pkg_deb( - name = name, - **kwargs - ) - def _basename(s): return s.split('/')[-1] + +def multiplatform_filegroup(name, srcs, target_platforms = SCION_PKG_PLATFORMS): + all_platforms = [] + for target_platform in SCION_PKG_PLATFORMS: + platform_name = target_platform.split(":")[-1] + platform_transition_filegroup( + name = name + "_" + platform_name, + srcs = srcs, + target_platform = target_platform, + ) + all_platforms.append(name + "_" + platform_name) + + native.filegroup( + name = name + "_all", + srcs = all_platforms, + ) + + # also add the default filegroup, without platform transition + native.filegroup( + name = name, + srcs = srcs, + ) From e829f439053ab8b98218c2fe0feefce2b4206e0e Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Tue, 28 Nov 2023 15:18:42 +0100 Subject: [PATCH 06/28] buildifier --- dist/BUILD.bazel | 89 +++++++++++++++++++++-------------------- dist/package.bzl | 51 +++++++++++------------ private/mgmtapi/api.bzl | 14 +++---- 3 files changed, 78 insertions(+), 76 deletions(-) diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel index 43a8116ca5..54c691c607 100644 --- a/dist/BUILD.bazel +++ b/dist/BUILD.bazel @@ -1,106 +1,107 @@ load("@rules_pkg//pkg:pkg.bzl", "pkg_tar") -load(":package.bzl", "scion_pkg_deb", "multiplatform_filegroup") +load(":package.bzl", "multiplatform_filegroup", "scion_pkg_deb") scion_pkg_deb( name = "router-deb", - package = "scion-router", - executables = { - "//router/cmd/router:router": "/usr/bin/scion-router", - }, - systemds = [ "systemd/scion-router@.service" ], depends = [ "adduser", ], description = "SCION inter-domain network architecture border router", + executables = { + "//router/cmd/router:router": "/usr/bin/scion-router", + }, + package = "scion-router", postinst = "debian/scion.postinst", + systemds = ["systemd/scion-router@.service"], ) scion_pkg_deb( name = "control-deb", - package = "scion-control", - executables = { - "//control/cmd/control:control": "scion-control", - }, - systemds = [ "systemd/scion-control@.service" ], configs = [], - description = "SCION inter-domain network architecture control service", depends = [ "adduser", "scion-dispatcher", ], - postinst = "debian/scion.postinst", + description = "SCION inter-domain network architecture control service", + executables = { + "//control/cmd/control:control": "scion-control", + }, + package = "scion-control", + systemds = ["systemd/scion-control@.service"], ) scion_pkg_deb( name = "dispatcher-deb", - package = "scion-dispatcher", - executables = { - "//dispatcher/cmd/dispatcher:dispatcher": "scion-dispatcher", - }, - systemds = [ "systemd/scion-dispatcher.service" ], - configs = [ "conffiles/dispatcher.toml" ], - description = "SCION dispatcher", + configs = ["conffiles/dispatcher.toml"], depends = [ "adduser", ], + description = "SCION dispatcher", + executables = { + "//dispatcher/cmd/dispatcher:dispatcher": "scion-dispatcher", + }, + package = "scion-dispatcher", postinst = "debian/scion.postinst", + systemds = ["systemd/scion-dispatcher.service"], ) scion_pkg_deb( name = "daemon-deb", - package = "scion-daemon", - executables = { - "//daemon/cmd/daemon:daemon": "scion-daemon", - }, - systemds = [ "systemd/scion-daemon.service" ], - configs = [ "conffiles/sciond.toml" ], - description = "SCION dispatcher", + configs = ["conffiles/sciond.toml"], depends = [ "adduser", ], + description = "SCION dispatcher", + executables = { + "//daemon/cmd/daemon:daemon": "scion-daemon", + }, + package = "scion-daemon", postinst = "debian/scion.postinst", + systemds = ["systemd/scion-daemon.service"], ) scion_pkg_deb( name = "gateway-deb", - package = "scion-ip-gateway", - executables = { - "//gateway/cmd/gateway:gateway": "scion-ip-gateway", - }, - systemds = [ "systemd/scion-ip-gateway.service" ], - configs = [ "conffiles/sig.toml", "conffiles/sig.json" ], - description = "SCION-IP Gateway", + configs = [ + "conffiles/sig.json", + "conffiles/sig.toml", + ], depends = [ "adduser", "scion-dispatcher", "scion-daemon", ], - postinst = "debian/scion.postinst", + description = "SCION-IP Gateway", + executables = { + "//gateway/cmd/gateway:gateway": "scion-ip-gateway", + }, + package = "scion-ip-gateway", + systemds = ["systemd/scion-ip-gateway.service"], ) scion_pkg_deb( name = "tools-deb", - package = "scion-tools", - executables = { - "//scion/cmd/scion:scion": "scion", - "//scion-pki/cmd/scion-pki:scion-pki": "scion-pki", - }, - description = "SCION tools", depends = [ "adduser", "scion-dispatcher", "scion-daemon", ], + description = "SCION tools", + executables = { + "//scion/cmd/scion:scion": "scion", + "//scion-pki/cmd/scion-pki:scion-pki": "scion-pki", + }, + package = "scion-tools", ) multiplatform_filegroup( name = "deb", srcs = [ - "router-deb", "control-deb", - "dispatcher-deb", "daemon-deb", + "dispatcher-deb", "gateway-deb", + "router-deb", "tools-deb", - ] + ], ) diff --git a/dist/package.bzl b/dist/package.bzl index cc2e6d7ca5..30362a0ffe 100644 --- a/dist/package.bzl +++ b/dist/package.bzl @@ -49,36 +49,36 @@ def scion_pkg_deb(name, executables = {}, systemds = [], configs = [], **kwargs) visibility = ["//visibility:private"], tags = ["manual"], ) - conffiles = [ "/etc/scion/" + _basename(file) for file in configs ] - - kwargs.setdefault('homepage', SCION_PKG_HOMEPAGE) - kwargs.setdefault('maintainer', SCION_PKG_MAINTAINER) - kwargs.setdefault('priority', SCION_PKG_PRIORITY) - kwargs.setdefault('section', SCION_PKG_SECTION) - kwargs.setdefault('license', SCION_PKG_LICENSE) - kwargs.setdefault('version', SCION_PKG_VERSION) - kwargs.setdefault('conffiles', conffiles) + conffiles = ["/etc/scion/" + _basename(file) for file in configs] + + kwargs.setdefault("homepage", SCION_PKG_HOMEPAGE) + kwargs.setdefault("maintainer", SCION_PKG_MAINTAINER) + kwargs.setdefault("priority", SCION_PKG_PRIORITY) + kwargs.setdefault("section", SCION_PKG_SECTION) + kwargs.setdefault("license", SCION_PKG_LICENSE) + kwargs.setdefault("version", SCION_PKG_VERSION) + kwargs.setdefault("conffiles", conffiles) pkg_deb( name = name, data = data, architecture = select({ - "@platforms//cpu:x86_64": "amd64", - "@platforms//cpu:x86_32": "i386", - "@platforms//cpu:aarch64": "arm64", - "@platforms//cpu:arm": "armel", - "@platforms//cpu:s390x": "s390x", - # Note: some rules_go toolchains don't (currently) seem to map (cleanly) to @platforms//cpu. - # "@platforms//cpu:ppc": "ppc64", - # "@platforms//cpu:ppc64le": "ppc64le", + "@platforms//cpu:x86_64": "amd64", + "@platforms//cpu:x86_32": "i386", + "@platforms//cpu:aarch64": "arm64", + "@platforms//cpu:arm": "armel", + "@platforms//cpu:s390x": "s390x", + # Note: some rules_go toolchains don't (currently) seem to map (cleanly) to @platforms//cpu. + # "@platforms//cpu:ppc": "ppc64", + # "@platforms//cpu:ppc64le": "ppc64le", }), target_compatible_with = ["@platforms//os:linux"], - **kwargs, + **kwargs ) def _scion_pkg_deb_data(name, executables, systemds, configs, **kwargs): - executable_files = { label : "/usr/bin/" + basename for label, basename in executables.items() } - systemd_files = { file : "/lib/systemd/system/" + _basename(file) for file in systemds } - config_files = { file : "/etc/scion/" + _basename(file) for file in configs } + executable_files = {label: "/usr/bin/" + basename for label, basename in executables.items()} + systemd_files = {file: "/lib/systemd/system/" + _basename(file) for file in systemds} + config_files = {file: "/etc/scion/" + _basename(file) for file in configs} files = {} files.update(executable_files) @@ -90,14 +90,15 @@ def _scion_pkg_deb_data(name, executables, systemds, configs, **kwargs): extension = "tar.gz", files = files, modes = { - exec_filepath: "755" for exec_filepath in executable_files.values() + exec_filepath: "755" + for exec_filepath in executable_files.values() }, - mode = "644", # for everything else - **kwargs, + mode = "644", # for everything else + **kwargs ) def _basename(s): - return s.split('/')[-1] + return s.split("/")[-1] def multiplatform_filegroup(name, srcs, target_platforms = SCION_PKG_PLATFORMS): all_platforms = [] diff --git a/private/mgmtapi/api.bzl b/private/mgmtapi/api.bzl index 5c02b7703e..4375430412 100644 --- a/private/mgmtapi/api.bzl +++ b/private/mgmtapi/api.bzl @@ -29,7 +29,7 @@ def openapi_docs( args = ["build-docs", "--output", "../../../$@", "../../../$(location {})".format(src)], visibility = ["//visibility:private"], tags = ["manual"], - **kwargs, + **kwargs ) def openapi_bundle( @@ -116,10 +116,10 @@ def openapi_generate_go( def _target_platform_independent(func, name, **kwargs): kwargs_vt = {} - if 'visibility' in kwargs: - kwargs_vt['visibility'] = kwargs.pop('visibility') - if 'tags' in kwargs: - kwargs_vt['tags'] = kwargs.pop('tags') + if "visibility" in kwargs: + kwargs_vt["visibility"] = kwargs.pop("visibility") + if "tags" in kwargs: + kwargs_vt["tags"] = kwargs.pop("tags") func( name = name + "-platform-independent", @@ -131,6 +131,6 @@ def _target_platform_independent(func, name, **kwargs): platform_transition_filegroup( name = name, srcs = [name + "-platform-independent"], - target_platform = "@local_config_platform//:host", # reset to default value, to allow reusing this for different target platforms - **kwargs_vt, + target_platform = "@local_config_platform//:host", # reset to default value, to allow reusing this for different target platforms + **kwargs_vt ) From 5ad08ffb8b0d9deccdfded8fa8c79011dc722569 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Thu, 7 Dec 2023 16:08:02 +0100 Subject: [PATCH 07/28] flip multiplatform thing, use version from git Instead of forcing building for all platforms, determine the architecture from the current build platform. Packages can now be built for individual platforms, as long as the architecture "select" statement works. Add a filegroup wrapper to still build for a predefined list of target platforms. --- dist/BUILD.bazel | 41 +++++++++++++++++++---------- dist/git_version.bzl | 20 +++++++++++++++ dist/package.bzl | 61 +++++++++++--------------------------------- dist/platform.bzl | 32 +++++++++++++++++++++++ 4 files changed, 94 insertions(+), 60 deletions(-) create mode 100644 dist/git_version.bzl create mode 100644 dist/platform.bzl diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel index 54c691c607..8034e859b3 100644 --- a/dist/BUILD.bazel +++ b/dist/BUILD.bazel @@ -1,8 +1,15 @@ -load("@rules_pkg//pkg:pkg.bzl", "pkg_tar") -load(":package.bzl", "multiplatform_filegroup", "scion_pkg_deb") +load(":package.bzl", "scion_pkg_deb") +load(":platform.bzl", "multiplatform_filegroup") +load(":git_version.bzl", "git_version") + +git_version( + name = "git_version", + tags = ["manual"], + visibility = ["//visibility:private"], +) scion_pkg_deb( - name = "router-deb", + name = "router_deb", depends = [ "adduser", ], @@ -13,10 +20,11 @@ scion_pkg_deb( package = "scion-router", postinst = "debian/scion.postinst", systemds = ["systemd/scion-router@.service"], + version_file = ":git_version", ) scion_pkg_deb( - name = "control-deb", + name = "control_deb", configs = [], depends = [ "adduser", @@ -28,10 +36,11 @@ scion_pkg_deb( }, package = "scion-control", systemds = ["systemd/scion-control@.service"], + version_file = ":git_version", ) scion_pkg_deb( - name = "dispatcher-deb", + name = "dispatcher_deb", configs = ["conffiles/dispatcher.toml"], depends = [ "adduser", @@ -43,10 +52,11 @@ scion_pkg_deb( package = "scion-dispatcher", postinst = "debian/scion.postinst", systemds = ["systemd/scion-dispatcher.service"], + version_file = ":git_version", ) scion_pkg_deb( - name = "daemon-deb", + name = "daemon_deb", configs = ["conffiles/sciond.toml"], depends = [ "adduser", @@ -58,10 +68,11 @@ scion_pkg_deb( package = "scion-daemon", postinst = "debian/scion.postinst", systemds = ["systemd/scion-daemon.service"], + version_file = ":git_version", ) scion_pkg_deb( - name = "gateway-deb", + name = "gateway_deb", configs = [ "conffiles/sig.json", "conffiles/sig.toml", @@ -77,10 +88,11 @@ scion_pkg_deb( }, package = "scion-ip-gateway", systemds = ["systemd/scion-ip-gateway.service"], + version_file = ":git_version", ) scion_pkg_deb( - name = "tools-deb", + name = "tools_deb", depends = [ "adduser", "scion-dispatcher", @@ -92,16 +104,17 @@ scion_pkg_deb( "//scion-pki/cmd/scion-pki:scion-pki": "scion-pki", }, package = "scion-tools", + version_file = ":git_version", ) multiplatform_filegroup( name = "deb", srcs = [ - "control-deb", - "daemon-deb", - "dispatcher-deb", - "gateway-deb", - "router-deb", - "tools-deb", + "control_deb", + "daemon_deb", + "dispatcher_deb", + "gateway_deb", + "router_deb", + "tools_deb", ], ) diff --git a/dist/git_version.bzl b/dist/git_version.bzl new file mode 100644 index 0000000000..3c0164db28 --- /dev/null +++ b/dist/git_version.bzl @@ -0,0 +1,20 @@ +def _git_version_impl(ctx): + ctx.actions.run_shell( + outputs = [ctx.outputs.outfile], + inputs = [ctx.info_file], + command = r"sed -n 's/STABLE_GIT_VERSION\s*v\?//p' " + ctx.info_file.path + " > " + ctx.outputs.outfile.path, + ) + +git_version = rule( + doc = """ + Extracts the STABLE_GIT_VERSION from the workspace_status_command output. + See also .bazelrc and tools/bazel-build-env. + + The output of this rule is a file containing the version only. + The leading "v" from the git tag is removed. + """, + implementation = _git_version_impl, + outputs = { + "outfile": "git-version", + }, +) diff --git a/dist/package.bzl b/dist/package.bzl index 30362a0ffe..6efa2b88d1 100644 --- a/dist/package.bzl +++ b/dist/package.bzl @@ -1,9 +1,4 @@ load("@rules_pkg//pkg:pkg.bzl", "pkg_deb", "pkg_tar") -load("@aspect_bazel_lib//lib:transitions.bzl", "platform_transition_filegroup") - -SCION_PKG_GIT_VERSION = "0.9.1" -SCION_PKG_REVISION = "1" -SCION_PKG_VERSION = "%s-%s" % (SCION_PKG_GIT_VERSION, SCION_PKG_REVISION) SCION_PKG_HOMEPAGE = "https://github.com/scionproto/scion" SCION_PKG_MAINTAINER = "SCION Contributors" @@ -11,13 +6,6 @@ SCION_PKG_LICENSE = "Apache 2.0" SCION_PKG_PRIORITY = "optional" SCION_PKG_SECTION = "net" -SCION_PKG_PLATFORMS = [ - "@io_bazel_rules_go//go/toolchain:linux_amd64", - "@io_bazel_rules_go//go/toolchain:linux_arm64", - "@io_bazel_rules_go//go/toolchain:linux_386", - "@io_bazel_rules_go//go/toolchain:linux_arm", -] - def scion_pkg_deb(name, executables = {}, systemds = [], configs = [], **kwargs): """ The package content, the _data_ arg for the pkg_deb rule, is assembled from: @@ -27,17 +15,20 @@ def scion_pkg_deb(name, executables = {}, systemds = [], configs = [], **kwargs) - systemds: List[string], the systemd unit files to be installed in /lib/systemd/system/ - configs: List[string], the configuration files to be installed in /etc/scion/ - The values for the pkg_deb args + The values for the following pkg_deb args are set to a default value: - homepage - maintainer - priority - section - license - - version - - conffiles - default to SCION-specific values, but can be overridden. - - - architecture is set based on the platform. + - conffiles, set based on data.configs + - architecture, set based on the platform. + + The caller needs to set: + - package + - description + - version/version_file + and any of the optional control directives. """ data = "%s_data" % name @@ -56,12 +47,9 @@ def scion_pkg_deb(name, executables = {}, systemds = [], configs = [], **kwargs) kwargs.setdefault("priority", SCION_PKG_PRIORITY) kwargs.setdefault("section", SCION_PKG_SECTION) kwargs.setdefault("license", SCION_PKG_LICENSE) - kwargs.setdefault("version", SCION_PKG_VERSION) kwargs.setdefault("conffiles", conffiles) - pkg_deb( - name = name, - data = data, - architecture = select({ + if "architecture" not in kwargs: + kwargs["architecture"] = select({ "@platforms//cpu:x86_64": "amd64", "@platforms//cpu:x86_32": "i386", "@platforms//cpu:aarch64": "arm64", @@ -70,7 +58,10 @@ def scion_pkg_deb(name, executables = {}, systemds = [], configs = [], **kwargs) # Note: some rules_go toolchains don't (currently) seem to map (cleanly) to @platforms//cpu. # "@platforms//cpu:ppc": "ppc64", # "@platforms//cpu:ppc64le": "ppc64le", - }), + }) + pkg_deb( + name = name, + data = data, target_compatible_with = ["@platforms//os:linux"], **kwargs ) @@ -99,25 +90,3 @@ def _scion_pkg_deb_data(name, executables, systemds, configs, **kwargs): def _basename(s): return s.split("/")[-1] - -def multiplatform_filegroup(name, srcs, target_platforms = SCION_PKG_PLATFORMS): - all_platforms = [] - for target_platform in SCION_PKG_PLATFORMS: - platform_name = target_platform.split(":")[-1] - platform_transition_filegroup( - name = name + "_" + platform_name, - srcs = srcs, - target_platform = target_platform, - ) - all_platforms.append(name + "_" + platform_name) - - native.filegroup( - name = name + "_all", - srcs = all_platforms, - ) - - # also add the default filegroup, without platform transition - native.filegroup( - name = name, - srcs = srcs, - ) diff --git a/dist/platform.bzl b/dist/platform.bzl new file mode 100644 index 0000000000..fc1bbc651f --- /dev/null +++ b/dist/platform.bzl @@ -0,0 +1,32 @@ +load("@aspect_bazel_lib//lib:transitions.bzl", "platform_transition_filegroup") + +DEFAULT_PLATFORMS = [ + "@io_bazel_rules_go//go/toolchain:linux_amd64", + "@io_bazel_rules_go//go/toolchain:linux_arm64", + "@io_bazel_rules_go//go/toolchain:linux_386", + "@io_bazel_rules_go//go/toolchain:linux_arm", +] + +def multiplatform_filegroup(name, srcs, target_platforms = DEFAULT_PLATFORMS): + all_platforms = [] + for target_platform in target_platforms: + platform_name = target_platform.split(":")[-1] + platform_transition_filegroup( + name = name + "_" + platform_name, + srcs = srcs, + target_platform = target_platform, + ) + all_platforms.append(name + "_" + platform_name) + + native.filegroup( + name = name + "_all", + srcs = all_platforms, + ) + + # also add the default filegroup, without platform transition, but + # only build it when explicitly requested + native.filegroup( + name = name, + srcs = srcs, + tags = ["manual"], + ) From f8ff3b6e9973f6fac47a1d11d2dfd55e59280686 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Fri, 8 Dec 2023 10:54:48 +0100 Subject: [PATCH 08/28] add make dist-deb --- .gitignore | 4 ++++ Makefile | 16 +++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index e994a71edd..d3df276f72 100644 --- a/.gitignore +++ b/.gitignore @@ -66,6 +66,10 @@ doc/venv/ /bin/* !/bin/.keepme +# Generated package files +########################## +/deb/ + # CTags ########################## tags diff --git a/Makefile b/Makefile index ad506aded3..77c9ed31df 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: all build build-dev antlr clean docker-images gazelle go.mod licenses mocks protobuf scion-topo test test-integration write_all_source_files +.PHONY: all build build-dev dist-deb antlr clean docker-images gazelle go.mod licenses mocks protobuf scion-topo test test-integration write_all_source_files build-dev: rm -f bin/* @@ -11,6 +11,20 @@ build: bazel build //:scion tar -kxf bazel-bin/scion.tar -C bin +dist-deb: + bazel build //dist:deb_all + mkdir -p deb; rm -f deb/*; + @ # Bazel cannot include the version in the filename. + @ # Extract the version from the .deb files and expand the "__" in the filename to "__". + @for f in `bazel cquery //dist:deb_all --output=files 2>/dev/null`; do \ + if [ -f "$$f" ]; then \ + bf=`basename $$f`; \ + v="$$(ar p $$f control.tar.gz | tar -xz --to-stdout ./control | sed -n 's/Version: //p')"; \ + bfv=$${bf%%__*}_$${v}_$${bf#*__}; \ + cp -v "$$f" deb/$$bfv; \ + fi \ + done + # all: performs the code-generation steps and then builds; the generated code # is git controlled, and therefore this is only necessary when changing the # sources for the code generation. From ee4baf1b213cdcea8b7d67b78b7324dc560070b6 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Fri, 8 Dec 2023 11:17:02 +0100 Subject: [PATCH 09/28] build packages in buildkite --- .buildkite/pipeline.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 96fd38b643..48d59061f9 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -23,6 +23,28 @@ steps: - exit_status: 255 # Forced agent shutdown timeout_in_minutes: 10 - wait + - label: "Package :debian:" + command: + - make dist-deb + - cd deb; + - tar -chaf scion-deb-amd64.tar.gz *_amd64.deb + - tar -chaf scion-deb-arm64.tar.gz *_arm64.deb + - tar -chaf scion-deb-i386.tar.gz *_i386.deb + - tar -chaf scion-deb-armel.tar.gz *_armel.deb + artifact_paths: + - "deb/*.tar.gz" + plugins: + - scionproto/metahook#v0.3.0: + post-artifact: | + cat << EOF | buildkite-agent annotate --style "info" + #### Packages :debian: + - amd64 + - arm64 + - i386 + - armel + EOF + key: dist-deb + retry: *automatic-retry - label: "Unit Tests :bazel:" command: - bazel test --config=race --config=unit_all @@ -70,6 +92,7 @@ steps: timeout_in_minutes: 20 key: check_generated retry: *automatic-retry + - wait - group: "End to End" key: e2e steps: From 7d1fe767b5af1da1b26e1f41fd3cf6d0866f9b52 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Fri, 8 Dec 2023 12:08:19 +0100 Subject: [PATCH 10/28] fixup --- .buildkite/pipeline.yml | 4 ++-- private/mgmtapi/api.bzl | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 48d59061f9..9b49f0bd5e 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -12,7 +12,7 @@ steps: plugins: - scionproto/metahook#v0.3.0: post-artifact: | - cat << EOF | buildkite-agent annotate --style "info" + cat << EOF | buildkite-agent annotate --style "info" --context "binaries" #### Build outputs - SCION binaries - SCION test tools and utilities @@ -36,7 +36,7 @@ steps: plugins: - scionproto/metahook#v0.3.0: post-artifact: | - cat << EOF | buildkite-agent annotate --style "info" + cat << EOF | buildkite-agent annotate --style "info" --context "packages" #### Packages :debian: - amd64 - arm64 diff --git a/private/mgmtapi/api.bzl b/private/mgmtapi/api.bzl index 4375430412..e9fc05144d 100644 --- a/private/mgmtapi/api.bzl +++ b/private/mgmtapi/api.bzl @@ -103,13 +103,13 @@ def openapi_generate_go( kwargs["out_" + typ] = typ + ".bzl.gen.go" write_files[typ + ".gen.go"] = src - _openapi_generate_go( + _target_platform_independent( + _openapi_generate_go, name = name, **kwargs ) - _target_platform_independent( - write_source_files, + write_source_files( name = "write_files", files = write_files, ) From d08059eabfbec86234152c66164bd869a46d951e Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Fri, 8 Dec 2023 12:19:12 +0100 Subject: [PATCH 11/28] fixup artifact url --- .buildkite/pipeline.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 9b49f0bd5e..233efe828a 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -38,10 +38,10 @@ steps: post-artifact: | cat << EOF | buildkite-agent annotate --style "info" --context "packages" #### Packages :debian: - - amd64 - - arm64 - - i386 - - armel + - amd64 + - arm64 + - i386 + - armel EOF key: dist-deb retry: *automatic-retry From 6cb48a37939e74567dfa5272694197bb1f777fda Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Thu, 14 Dec 2023 14:56:30 +0100 Subject: [PATCH 12/28] dist: add tests for deb packages and fixes --- dist/BUILD.bazel | 3 +- dist/platform.bzl | 4 +- dist/systemd/scion-control@.service | 2 + dist/systemd/scion-daemon.service | 4 +- dist/systemd/scion-dispatcher.service | 2 + dist/systemd/scion-ip-gateway.service | 3 + dist/systemd/scion-router@.service | 2 + dist/test/BUILD.bazel | 16 +++ dist/test/Dockerfile | 12 +++ dist/test/README.md | 35 +++++++ dist/test/deb_test.sh | 143 ++++++++++++++++++++++++++ 11 files changed, 223 insertions(+), 3 deletions(-) create mode 100644 dist/test/BUILD.bazel create mode 100644 dist/test/Dockerfile create mode 100644 dist/test/README.md create mode 100755 dist/test/deb_test.sh diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel index 8034e859b3..8fa66c75e2 100644 --- a/dist/BUILD.bazel +++ b/dist/BUILD.bazel @@ -15,7 +15,7 @@ scion_pkg_deb( ], description = "SCION inter-domain network architecture border router", executables = { - "//router/cmd/router:router": "/usr/bin/scion-router", + "//router/cmd/router:router": "scion-router", }, package = "scion-router", postinst = "debian/scion.postinst", @@ -109,6 +109,7 @@ scion_pkg_deb( multiplatform_filegroup( name = "deb", + visibility = ["//dist:__subpackages__"], srcs = [ "control_deb", "daemon_deb", diff --git a/dist/platform.bzl b/dist/platform.bzl index fc1bbc651f..a85f5086bd 100644 --- a/dist/platform.bzl +++ b/dist/platform.bzl @@ -7,7 +7,7 @@ DEFAULT_PLATFORMS = [ "@io_bazel_rules_go//go/toolchain:linux_arm", ] -def multiplatform_filegroup(name, srcs, target_platforms = DEFAULT_PLATFORMS): +def multiplatform_filegroup(name, srcs, target_platforms = DEFAULT_PLATFORMS, **kwargs): all_platforms = [] for target_platform in target_platforms: platform_name = target_platform.split(":")[-1] @@ -21,6 +21,7 @@ def multiplatform_filegroup(name, srcs, target_platforms = DEFAULT_PLATFORMS): native.filegroup( name = name + "_all", srcs = all_platforms, + **kwargs, ) # also add the default filegroup, without platform transition, but @@ -29,4 +30,5 @@ def multiplatform_filegroup(name, srcs, target_platforms = DEFAULT_PLATFORMS): name = name, srcs = srcs, tags = ["manual"], + **kwargs, ) diff --git a/dist/systemd/scion-control@.service b/dist/systemd/scion-control@.service index 9db8f9ee0a..ba832a40a2 100644 --- a/dist/systemd/scion-control@.service +++ b/dist/systemd/scion-control@.service @@ -3,6 +3,8 @@ Description=SCION Control Service Documentation=https://docs.scion.org After=network-online.target scion-dispatcher.service Wants=scion-dispatcher.service +StartLimitBurst=1 +StartLimitInterval=1s [Service] Type=simple diff --git a/dist/systemd/scion-daemon.service b/dist/systemd/scion-daemon.service index 9b5bdc91d8..1580cdc117 100644 --- a/dist/systemd/scion-daemon.service +++ b/dist/systemd/scion-daemon.service @@ -3,12 +3,14 @@ Description=SCION Daemon Documentation=https://docs.scion.org After=network-online.target scion-dispatcher.service Wants=scion-dispatcher.service +StartLimitBurst=1 +StartLimitInterval=1s [Service] Type=simple User=scion Group=scion -ExecStart=/usr/bin/sciond --config /etc/scion/sciond.toml +ExecStart=/usr/bin/scion-daemon --config /etc/scion/sciond.toml Restart=on-failure [Install] diff --git a/dist/systemd/scion-dispatcher.service b/dist/systemd/scion-dispatcher.service index 644a07a4cb..8621330f70 100644 --- a/dist/systemd/scion-dispatcher.service +++ b/dist/systemd/scion-dispatcher.service @@ -2,6 +2,8 @@ Description=SCION Dispatcher Documentation=https://docs.scion.org After=network-online.target +StartLimitBurst=1 +StartLimitInterval=1s [Service] Type=simple diff --git a/dist/systemd/scion-ip-gateway.service b/dist/systemd/scion-ip-gateway.service index f5eca46b51..f1f9fbbf71 100644 --- a/dist/systemd/scion-ip-gateway.service +++ b/dist/systemd/scion-ip-gateway.service @@ -3,11 +3,14 @@ Description=SCION IP Gateway Documentation=https://docs.scion.org After=network-online.target scion-daemon.service Wants=scion-daemon.service +StartLimitBurst=1 +StartLimitInterval=1s [Service] Type=simple User=scion Group=scion +AmbientCapabilities=cap_net_admin ExecStart=/usr/bin/scion-ip-gateway --config /etc/scion/sig.toml Restart=on-failure diff --git a/dist/systemd/scion-router@.service b/dist/systemd/scion-router@.service index 1c1d9ba106..f4677d7a1e 100644 --- a/dist/systemd/scion-router@.service +++ b/dist/systemd/scion-router@.service @@ -2,6 +2,8 @@ Description=SCION Router Documentation=https://docs.scion.org After=network-online.target +StartLimitBurst=1 +StartLimitInterval=1s [Service] Type=simple diff --git a/dist/test/BUILD.bazel b/dist/test/BUILD.bazel new file mode 100644 index 0000000000..82e0578ee1 --- /dev/null +++ b/dist/test/BUILD.bazel @@ -0,0 +1,16 @@ +sh_test( + name = "deb_test", + srcs = ["deb_test.sh"], + data = [ + "Dockerfile", + "//dist:deb", + ], + env = { + "SCION_DEB_PACKAGES": "$(locations //dist:deb)", + "DEBUG": "1", + }, + tags = [ + "exclusive", + "integration", + ], +) diff --git a/dist/test/Dockerfile b/dist/test/Dockerfile new file mode 100644 index 0000000000..439bb256c4 --- /dev/null +++ b/dist/test/Dockerfile @@ -0,0 +1,12 @@ +FROM debian:12-slim + +# Force debconf (called by apt-get) to be noninteractive +ENV DEBIAN_FRONTEND=noninteractive +RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections + +RUN apt-get update && apt-get install --assume-yes systemd libcap2-bin + +ENV container docker + +# Only "boot" a minimal system with journald and nothing else +CMD ["/bin/systemd", "--unit", "systemd-journald.socket"] diff --git a/dist/test/README.md b/dist/test/README.md new file mode 100644 index 0000000000..2bcbca8cd1 --- /dev/null +++ b/dist/test/README.md @@ -0,0 +1,35 @@ +# Test for Debian packages + +This is a minimal test for the debian packages built in dist/BUILD.bazel. + +### Run + +There are two ways to run this test: + +```sh +# Build packages to bazel internal directory and run test +bazel test --test_output=streamed //dist/test:deb_test +``` + +OR + +```sh +# Build packages .. or any other way to get the packages into deb/ +make dist-deb +# Run the test script +dist/test/deb_test.sh +``` + + +### Scope + +The test should determine whether + +- the packages can be installed +- the binaries in the packages are runnable +- the systemd units in the packages can be used to interact with the SCION services + +The test does **not** attempt to simulate a working SCION network. +The assumption is that if the services installed from the packages +can be started (meaning they don't crash immediately after startup), the +findings of the various acceptence and end-to-end integration tests apply. diff --git a/dist/test/deb_test.sh b/dist/test/deb_test.sh new file mode 100755 index 0000000000..2ae6179774 --- /dev/null +++ b/dist/test/deb_test.sh @@ -0,0 +1,143 @@ +#!/bin/bash + +set -euo pipefail + +set -x +if [ -n ${SCION_DEB_PACKAGES+x} ]; then + # Invocation from bazel: + # SCION_DEB_PACKAGES is a space-separated list of filenames of (symlinks to) .deb packages. + # Below we mount this stuff into a docker container, which won't work with symlinks. + # Copy everything into a tmp directory. + tmpdir="${TEST_TMPDIR?}" + cp ${SCION_DEB_PACKAGES} "${tmpdir}" + SCION_DEB_PACKAGES_DIR=$(realpath ${tmpdir}) +else + SCION_ROOT=$(realpath $(dirname $0)/../../) + SCION_DEB_PACKAGES_DIR=${SCION_DEB_PACKAGES_DIR:-${SCION_ROOT}/deb} +fi +DEBUG=${DEBUG:-0} +set +x + +function cleanup { + docker container rm -f debian-systemd || true + docker image rm --no-prune debian-systemd || true +} +cleanup + +if [ "$DEBUG" == 0 ]; then # if DEBUG: keep container debian-systemd running after test + trap cleanup EXIT +fi + +# Note: specify absolute path to Dockerfile because docker will not follow bazel's symlinks. +# Luckily we don't need anything else in this directory. +docker build -t debian-systemd -f $(realpath dist/test/Dockerfile) dist/test + +# Start container with systemd in PID 1. +# Note: there are ways to avoid --privileged, but its unreliable and appears to depend on the host system +docker run -d --rm --name debian-systemd -t \ + --tmpfs /tmp \ + --tmpfs /run \ + --tmpfs /run/lock \ + --tmpfs /run/shm \ + -v $SCION_DEB_PACKAGES_DIR:/deb \ + --privileged \ + debian-systemd:latest + +docker exec -i debian-systemd /bin/bash <<'EOF' + set -xeuo pipefail + arch=$(dpkg --print-architecture) + + # check that the deb files are all here (avoid cryptic error from apt-get) + stat /deb/scion-{router,control,dispatcher,daemon,ip-gateway,tools}_*_${arch}.deb > /dev/null + + # router + apt-get install /deb/scion-router_*_${arch}.deb + cat > /etc/scion/br-1.toml < /etc/scion/topology.json < /etc/scion/cs-1.toml << INNER_EOF + general.id = "cs-1" + general.config_dir = "/etc/scion" + trust_db.connection = "/var/lib/scion/cs-1.trust.db" + beacon_db.connection = "/var/lib/scion/cs-1.beacon.db" + path_db.connection = "/var/lib/scion/cs-1.path.db" +INNER_EOF + systemctl enable --now scion-control@cs-1.service + sleep 1 + systemctl status scion-control@cs-1.service + systemctl is-active scion-dispatcher.service # should be re-started as dependency + systemctl stop scion-control@cs-1.service scion-dispatcher.service + + # daemon + systemctl enable --now scion-daemon.service + systemctl status scion-daemon.service + sleep 1 + systemctl is-active scion-dispatcher.service # should be re-started as dependency + # ... tools (continued) + # now with the daemon running, we can test `scion` e.g. to inspect our local SCION address + scion address + systemctl stop scion-daemon.service scion-dispatcher.service + + # scion-ip-gateway + apt-get install /deb/scion-ip-gateway_*_${arch}.deb + systemctl start scion-ip-gateway.service + sleep 1 + # Note: this starts even if the default sig.json is not a valid configuration + systemctl status scion-ip-gateway.service + systemctl is-active scion-dispatcher.service scion-daemon.service # should be re-started as dependency + # Note: the gateway will only create a tunnel device once a session with a + # neighbor is up. This is too complicated to arrange in this test. Instead, + # we just ensure that the process has the required capabilities to do so. + getpcaps $(pidof scion-ip-gateway) | tee /dev/stderr | grep -q "cap_net_admin" || echo "missing capability 'cap_net_admin'" + + echo "Success!" +EOF From c2f166eb503fa075d453170165042418c2fd7b5e Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Thu, 14 Dec 2023 15:16:12 +0100 Subject: [PATCH 13/28] buildifier --- dist/BUILD.bazel | 2 +- dist/platform.bzl | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel index 8fa66c75e2..4187ad1f8a 100644 --- a/dist/BUILD.bazel +++ b/dist/BUILD.bazel @@ -109,7 +109,6 @@ scion_pkg_deb( multiplatform_filegroup( name = "deb", - visibility = ["//dist:__subpackages__"], srcs = [ "control_deb", "daemon_deb", @@ -118,4 +117,5 @@ multiplatform_filegroup( "router_deb", "tools_deb", ], + visibility = ["//dist:__subpackages__"], ) diff --git a/dist/platform.bzl b/dist/platform.bzl index a85f5086bd..b107b5746e 100644 --- a/dist/platform.bzl +++ b/dist/platform.bzl @@ -21,7 +21,7 @@ def multiplatform_filegroup(name, srcs, target_platforms = DEFAULT_PLATFORMS, ** native.filegroup( name = name + "_all", srcs = all_platforms, - **kwargs, + **kwargs ) # also add the default filegroup, without platform transition, but @@ -30,5 +30,5 @@ def multiplatform_filegroup(name, srcs, target_platforms = DEFAULT_PLATFORMS, ** name = name, srcs = srcs, tags = ["manual"], - **kwargs, + **kwargs ) From e089dc00ba0b099735a4ea9e9687adf403bb8f29 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Thu, 14 Dec 2023 15:17:08 +0100 Subject: [PATCH 14/28] fixup: mdlint --- dist/test/README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/dist/test/README.md b/dist/test/README.md index 2bcbca8cd1..0432944eba 100644 --- a/dist/test/README.md +++ b/dist/test/README.md @@ -2,7 +2,7 @@ This is a minimal test for the debian packages built in dist/BUILD.bazel. -### Run +## Run There are two ways to run this test: @@ -20,8 +20,7 @@ make dist-deb dist/test/deb_test.sh ``` - -### Scope +## Scope The test should determine whether From 09601cafcf7642cf60de0e45ad2cabd07d7ed041 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Thu, 14 Dec 2023 17:19:35 +0100 Subject: [PATCH 15/28] ci: use valid version number during CI build Just a "ci-fixed" will be invalid in the debian packages. --- .buildkite/hooks/pre-command | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index 38f6307520..13ccb7e58a 100755 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -30,9 +30,10 @@ rm -f $HOME/.bazelrc # --nostamp is required for better caching (only on non-release jobs). if [ "$BUILDKITE_PIPELINE_SLUG" == "scion" ]; then echo "build --nostamp" > $HOME/.bazelrc - # Also set a fixed GIT_VERSION so that the workspace_status_command always - # returns the same value on CI to improve cache reuse. - export GIT_VERSION="ci-fixed" + # Shorten the git version to omit commit information, improving cache reuse. + # The format of git-version is "--" + # This will be shortened to "-modified-ci" + export GIT_VERSION=$(tools/git-version | sed 's/-.*/-modified-ci/') else echo "build --stamp" > $HOME/.bazelrc fi From 056217bab129bfa2148483b627c752a31692d03e Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Fri, 15 Dec 2023 09:48:48 +0100 Subject: [PATCH 16/28] ci: just a test, limit concurrency to build --- .buildkite/pipeline.yml | 18 +++++++++++++++++- .buildkite/pipeline_lib.sh | 2 ++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 233efe828a..5af51a3722 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -1,5 +1,5 @@ env: - GOPROXY: "http://localhost:3200|https://proxy.golang.org|direct" + GOPROXY: "http://localhost:3200|https://proxy.golang.org|direct" steps: - label: "Build :bazel:" command: @@ -22,6 +22,8 @@ steps: - exit_status: -1 # Agent was lost - exit_status: 255 # Forced agent shutdown timeout_in_minutes: 10 + concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" + concurrency: 3 - wait - label: "Package :debian:" command: @@ -45,6 +47,8 @@ steps: EOF key: dist-deb retry: *automatic-retry + concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" + concurrency: 3 - label: "Unit Tests :bazel:" command: - bazel test --config=race --config=unit_all @@ -56,12 +60,16 @@ steps: - bazel-testlogs.tar.gz retry: *automatic-retry timeout_in_minutes: 20 + concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" + concurrency: 3 - label: "Lint :bash:" command: - make lint key: lint retry: *automatic-retry timeout_in_minutes: 20 + concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" + concurrency: 3 - label: "Check Generated :bash:" command: - echo "--- go_deps.bzl" @@ -92,6 +100,8 @@ steps: timeout_in_minutes: 20 key: check_generated retry: *automatic-retry + concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" + concurrency: 3 - wait - group: "End to End" key: e2e @@ -123,6 +133,8 @@ steps: timeout_in_minutes: 15 key: e2e_integration_tests_v2 retry: *automatic-retry + concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" + concurrency: 3 - label: "E2E: failing links :man_in_business_suit_levitating:" command: - echo "--- build" @@ -138,6 +150,8 @@ steps: timeout_in_minutes: 15 key: e2e_revocation_test_v2 retry: *automatic-retry + concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" + concurrency: 3 - label: "E2E: default :docker: (ping)" command: - echo "--- build" @@ -153,3 +167,5 @@ steps: timeout_in_minutes: 15 key: docker_integration_e2e_default retry: *automatic-retry + concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" + concurrency: 3 diff --git a/.buildkite/pipeline_lib.sh b/.buildkite/pipeline_lib.sh index bf61b3cdea..5f2fb9d9ce 100644 --- a/.buildkite/pipeline_lib.sh +++ b/.buildkite/pipeline_lib.sh @@ -60,5 +60,7 @@ gen_bazel_test_steps() { echo " - exit_status: 255 # Forced agent shutdown" echo " - exit_status: 3 # Test may be flaky or it just didn't pass" echo " limit: 2" + echo " concurrency_group: \"\${BUILDKITE_PIPELINE_ID}/\${BUILDKITE_BUILD_NUMBER}\"" + echo " concurrency: 3" done } From c42f342f77a8be88768f58d4466236c7c4cea2f0 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Fri, 15 Dec 2023 10:26:01 +0100 Subject: [PATCH 17/28] Revert "ci: just a test, limit concurrency to build" This reverts commit 012dd9c83180f56c464bae5879e4aab1e3ffb7f1. --- .buildkite/pipeline.yml | 18 +----------------- .buildkite/pipeline_lib.sh | 2 -- 2 files changed, 1 insertion(+), 19 deletions(-) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 5af51a3722..233efe828a 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -1,5 +1,5 @@ env: - GOPROXY: "http://localhost:3200|https://proxy.golang.org|direct" + GOPROXY: "http://localhost:3200|https://proxy.golang.org|direct" steps: - label: "Build :bazel:" command: @@ -22,8 +22,6 @@ steps: - exit_status: -1 # Agent was lost - exit_status: 255 # Forced agent shutdown timeout_in_minutes: 10 - concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" - concurrency: 3 - wait - label: "Package :debian:" command: @@ -47,8 +45,6 @@ steps: EOF key: dist-deb retry: *automatic-retry - concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" - concurrency: 3 - label: "Unit Tests :bazel:" command: - bazel test --config=race --config=unit_all @@ -60,16 +56,12 @@ steps: - bazel-testlogs.tar.gz retry: *automatic-retry timeout_in_minutes: 20 - concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" - concurrency: 3 - label: "Lint :bash:" command: - make lint key: lint retry: *automatic-retry timeout_in_minutes: 20 - concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" - concurrency: 3 - label: "Check Generated :bash:" command: - echo "--- go_deps.bzl" @@ -100,8 +92,6 @@ steps: timeout_in_minutes: 20 key: check_generated retry: *automatic-retry - concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" - concurrency: 3 - wait - group: "End to End" key: e2e @@ -133,8 +123,6 @@ steps: timeout_in_minutes: 15 key: e2e_integration_tests_v2 retry: *automatic-retry - concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" - concurrency: 3 - label: "E2E: failing links :man_in_business_suit_levitating:" command: - echo "--- build" @@ -150,8 +138,6 @@ steps: timeout_in_minutes: 15 key: e2e_revocation_test_v2 retry: *automatic-retry - concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" - concurrency: 3 - label: "E2E: default :docker: (ping)" command: - echo "--- build" @@ -167,5 +153,3 @@ steps: timeout_in_minutes: 15 key: docker_integration_e2e_default retry: *automatic-retry - concurrency_group: "${BUILDKITE_PIPELINE_ID}/${BUILDKITE_BUILD_NUMBER}" - concurrency: 3 diff --git a/.buildkite/pipeline_lib.sh b/.buildkite/pipeline_lib.sh index 5f2fb9d9ce..bf61b3cdea 100644 --- a/.buildkite/pipeline_lib.sh +++ b/.buildkite/pipeline_lib.sh @@ -60,7 +60,5 @@ gen_bazel_test_steps() { echo " - exit_status: 255 # Forced agent shutdown" echo " - exit_status: 3 # Test may be flaky or it just didn't pass" echo " limit: 2" - echo " concurrency_group: \"\${BUILDKITE_PIPELINE_ID}/\${BUILDKITE_BUILD_NUMBER}\"" - echo " concurrency: 3" done } From 5066636c5fbcfa2f9824c75849eb23d9c2ca28cb Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Fri, 15 Dec 2023 10:43:04 +0100 Subject: [PATCH 18/28] doc: mention packages in readme, general update --- README.md | 47 +++++++++++++++++++++++++++++------------------ doc/dev/setup.rst | 12 +----------- 2 files changed, 30 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 0c3016ad61..6f5bc98aab 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,10 @@ # SCION [![Slack chat](https://img.shields.io/badge/chat%20on-slack-blue?logo=slack)](https://scionproto.slack.com) +[![Matrix chat](https://img.shields.io/badge/chat%20on-matrix-blue?logo=matrix)](https://matrix.to/#/#dev:matrix.scion.org) +[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/scionproto/awesome-scion) [![ReadTheDocs](https://img.shields.io/badge/doc-reference-blue?version=latest&style=flat&label=docs&logo=read-the-docs&logoColor=white)](https://docs.scion.org/en/latest) -[![Documentation](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white)](https://pkg.go.dev/github.com/scionproto/scion) +[![Go Docs](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white)](https://pkg.go.dev/github.com/scionproto/scion) [![Nightly Build](https://badge.buildkite.com/b70b65b38a75eb8724f41a6f1203c9327cfb767f07a0c1934e.svg)](https://buildkite.com/scionproto/scion-nightly/builds/latest) [![Go Report Card](https://goreportcard.com/badge/github.com/scionproto/scion)](https://goreportcard.com/report/github.com/scionproto/scion) [![GitHub issues](https://img.shields.io/github/issues/scionproto/scion/help%20wanted.svg?label=help%20wanted&color=purple)](https://github.com/scionproto/scion/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22) @@ -10,28 +12,37 @@ [![Release](https://img.shields.io/github/release-pre/scionproto/scion.svg)](https://github.com/scionproto/scion/releases) [![License](https://img.shields.io/github/license/scionproto/scion.svg?maxAge=2592000)](https://github.com/scionproto/scion/blob/master/LICENSE) -Welcome to the open-source implementation of -[SCION](http://www.scion-architecture.net) (Scalability, Control and Isolation -On next-generation Networks), a future Internet architecture. SCION is the first -clean-slate Internet architecture designed to provide route control, failure -isolation, and explicit trust information for end-to-end communication. To find -out more about the project, please visit our [documentation -site](https://docs.scion.org/en/latest/). +Welcome to the open-source implementation of [SCION](http://www.scion-architecture.net) (Scalability, Control and Isolation On next-generation Networks), a future Internet architecture. +SCION provides route control, failure isolation, and explicit trust information for end-to-end communication. +To find out more about the project, please visit our [documentation site](https://docs.scion.org/en/latest/). -## Connecting to the SCION Test Network +## Installation -Join [SCIONLab](https://www.scionlab.org) if you're interested in playing with -SCION in an operational global test deployment of SCION. As part of the SCIONLab -project, we support [pre-built binaries as Debian -packages](https://docs.scionlab.org/content/install/). +Installation packages for Debian and derivatives are available for x86-64, arm64, x86-32 and arm. +These packages can be found in the [latest release](https://github.com/scionproto/scion/releases/latest). +Packages for in-development versions can be found from the [latest nightly build](https://buildkite.com/scionproto/scion-nightly/builds/latest). -## Building +Alternatively, "naked" pre-built binaries are available for Linux x86-64 and +can be downloaded from the [latest release](https://github.com/scionproto/scion/releases/latest) or the +[latest nightly build](https://buildkite.com/scionproto/scion-nightly/builds/latest). -To find out how to work with SCION, please visit our [documentation -site](https://docs.scion.org/en/latest/dev/setup.html) -for instructions on how to install build dependencies, build and run SCION. +### Build from sources -Pre-built binaries for x86-64 Linux are available from the [latest nightly build](https://buildkite.com/scionproto/scion-nightly/builds/latest). +SCION can be built with `go build`. To build all binaries used in a SCION deployment (i.e. excluding the testing and development tools), run + +``` +CGO_ENABLED=0 go build -o bin ./router/... ./control/... ./dispatcher/... ./daemon/... ./scion/... ./scion-pki/... ./gateway/... +``` + +The default way to build SCION, however, uses Bazel. +In particular, this allows to run all the tests, linters etc. +Please visit our [documentation site](https://docs.scion.org/en/latest/dev/setup.html) for instructions on how to set up Bazel and the full development environment. + +### Connecting to the SCION Network + +Join [SCIONLab](https://www.scionlab.org) if you're interested in playing with SCION in an operational global test deployment of SCION. + +The [awesome-scion](https://github.com/scionproto/awesome-scion#deployments) list containes pointers to production deployments of SCION. ## Contributing diff --git a/doc/dev/setup.rst b/doc/dev/setup.rst index 4b6e5e7aa4..139ddef478 100644 --- a/doc/dev/setup.rst +++ b/doc/dev/setup.rst @@ -113,21 +113,11 @@ rejecting your changes. #. Install go. Either follow `the official instructions `_ or check the `Ubuntu specific installation options on the golang wiki `_. -#. Decide which implementation of sqlite you want to use: - - - `mattn`: A cgo implementation. It is well established but makes go - executables dependent on a minimum glibc version. - - `modernc`: A pure go implementation. It does not cause glibc version - issues but is less common. modernc is currently recommended due to - the glibc issue. - #. Build SCION services and tools. .. code-block:: bash - go build -o -tags sqlite_ bin .//cmd/... - - where is one of `modernc` or `mattn`. + go build -o bin .//cmd/... Tips and Tricks From 4401f065537164d11c9c2f5aac2175c380d07d8f Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Fri, 15 Dec 2023 10:53:27 +0100 Subject: [PATCH 19/28] dist: cleanup conffiles --- dist/conffiles/dispatcher.toml | 1 + dist/conffiles/sciond.toml | 3 ++- dist/conffiles/sig.toml | 4 ++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/dist/conffiles/dispatcher.toml b/dist/conffiles/dispatcher.toml index 3b3f1921a2..d6f83a1ddc 100644 --- a/dist/conffiles/dispatcher.toml +++ b/dist/conffiles/dispatcher.toml @@ -5,5 +5,6 @@ socket_file_mode = "0777" [log.console] level = "info" +# Optionally expose metrics and other local inspection endpoints. # [metrics] # prometheus = "[127.0.0.1]:30441" diff --git a/dist/conffiles/sciond.toml b/dist/conffiles/sciond.toml index b6be9d00a1..8a81ceb29f 100644 --- a/dist/conffiles/sciond.toml +++ b/dist/conffiles/sciond.toml @@ -9,12 +9,13 @@ connection = "/var/lib/scion/sd.path.db" [trust_db] connection = "/var/lib/scion/sd.trust.db" +# Optionally enable DRKey # [drkey_db] # connection = "/var/lib/scion/sd.drkey.db" [log.console] level = "info" -# Optionally expose metrics and other local control endpoints. +# Optionally expose metrics and other local inspection endpoints. # [metrics] # prometheus = "127.0.0.1:30455" diff --git a/dist/conffiles/sig.toml b/dist/conffiles/sig.toml index 151654e78c..5fb8995aef 100644 --- a/dist/conffiles/sig.toml +++ b/dist/conffiles/sig.toml @@ -6,3 +6,7 @@ name = "sig" [log.console] level = "info" + +# Optionally expose metrics and other local inspection endpoints. +# [metrics] +# prometheus = "127.0.0.1:30456" From bf262b8b6e0711eab03eb624a4d119e297b8f4cc Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Fri, 15 Dec 2023 11:14:59 +0100 Subject: [PATCH 20/28] fixup: mdlint --- README.md | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 6f5bc98aab..736ade4f29 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,8 @@ [![Release](https://img.shields.io/github/release-pre/scionproto/scion.svg)](https://github.com/scionproto/scion/releases) [![License](https://img.shields.io/github/license/scionproto/scion.svg?maxAge=2592000)](https://github.com/scionproto/scion/blob/master/LICENSE) -Welcome to the open-source implementation of [SCION](http://www.scion-architecture.net) (Scalability, Control and Isolation On next-generation Networks), a future Internet architecture. +Welcome to the open-source implementation of [SCION](http://www.scion-architecture.net) +(Scalability, Control and Isolation On next-generation Networks), a future Internet architecture. SCION provides route control, failure isolation, and explicit trust information for end-to-end communication. To find out more about the project, please visit our [documentation site](https://docs.scion.org/en/latest/). @@ -28,21 +29,25 @@ can be downloaded from the [latest release](https://github.com/scionproto/scion/ ### Build from sources -SCION can be built with `go build`. To build all binaries used in a SCION deployment (i.e. excluding the testing and development tools), run +SCION can be built with `go build`. To build all binaries used in a SCION deployment (i.e. +excluding the testing and development tools), run -``` +```sh CGO_ENABLED=0 go build -o bin ./router/... ./control/... ./dispatcher/... ./daemon/... ./scion/... ./scion-pki/... ./gateway/... ``` The default way to build SCION, however, uses Bazel. In particular, this allows to run all the tests, linters etc. -Please visit our [documentation site](https://docs.scion.org/en/latest/dev/setup.html) for instructions on how to set up Bazel and the full development environment. +Please visit our [documentation site](https://docs.scion.org/en/latest/dev/setup.html) for +instructions on how to set up Bazel and the full development environment. ### Connecting to the SCION Network -Join [SCIONLab](https://www.scionlab.org) if you're interested in playing with SCION in an operational global test deployment of SCION. +Join [SCIONLab](https://www.scionlab.org) if you're interested in playing with SCION in an +operational global test deployment of SCION. -The [awesome-scion](https://github.com/scionproto/awesome-scion#deployments) list containes pointers to production deployments of SCION. +The [awesome-scion](https://github.com/scionproto/awesome-scion#deployments) list containes +pointers to production deployments of SCION. ## Contributing From 82455d543e6e043bc9a0d99dd27bb34d23d4931d Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Fri, 15 Dec 2023 15:17:49 +0100 Subject: [PATCH 21/28] make: add explanation and reference to .deb file format --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 77c9ed31df..d4527c3a51 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,8 @@ dist-deb: bazel build //dist:deb_all mkdir -p deb; rm -f deb/*; @ # Bazel cannot include the version in the filename. - @ # Extract the version from the .deb files and expand the "__" in the filename to "__". + @ # Extract the version from the .deb "control" manifest and expand the "__" in the filename to "__". + @ # See e.g. https://en.wikipedia.org/wiki/Deb_(file_format)#Control_archive @for f in `bazel cquery //dist:deb_all --output=files 2>/dev/null`; do \ if [ -f "$$f" ]; then \ bf=`basename $$f`; \ From 5371a7bed77c51bb434499806c01ccb469355ef5 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Fri, 15 Dec 2023 15:20:00 +0100 Subject: [PATCH 22/28] fixup: daemon description --- dist/BUILD.bazel | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel index 4187ad1f8a..ca60b5f43b 100644 --- a/dist/BUILD.bazel +++ b/dist/BUILD.bazel @@ -61,7 +61,7 @@ scion_pkg_deb( depends = [ "adduser", ], - description = "SCION dispatcher", + description = "SCION daemon", executables = { "//daemon/cmd/daemon:daemon": "scion-daemon", }, From b9c6695d093ba43e6506c775ea4bd37fac9c5405 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Mon, 18 Dec 2023 11:21:20 +0100 Subject: [PATCH 23/28] fixup: wrong key sciond.toml --- dist/conffiles/sciond.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dist/conffiles/sciond.toml b/dist/conffiles/sciond.toml index 8a81ceb29f..3abf018ab7 100644 --- a/dist/conffiles/sciond.toml +++ b/dist/conffiles/sciond.toml @@ -10,8 +10,8 @@ connection = "/var/lib/scion/sd.path.db" connection = "/var/lib/scion/sd.trust.db" # Optionally enable DRKey -# [drkey_db] -# connection = "/var/lib/scion/sd.drkey.db" +# [drkey_level2_db] +# connection = "/var/lib/scion/sd.drkey_level2.db" [log.console] level = "info" From dbdabf3f9bf6e125236589c14f2a7547d9af786a Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Tue, 19 Dec 2023 14:39:36 +0100 Subject: [PATCH 24/28] doc: add install instructions, reorganize build instruction --- doc/dev/build.rst | 142 ++++++++++++++++++++++++++++++++++++++++ doc/dev/setup.rst | 47 ++++--------- doc/index.rst | 5 ++ doc/manuals/install.rst | 114 ++++++++++++++++++++++++++++++++ 4 files changed, 272 insertions(+), 36 deletions(-) create mode 100644 doc/dev/build.rst create mode 100644 doc/manuals/install.rst diff --git a/doc/dev/build.rst b/doc/dev/build.rst new file mode 100644 index 0000000000..6d21fef7b8 --- /dev/null +++ b/doc/dev/build.rst @@ -0,0 +1,142 @@ +******** +Building +******** + +Building with go build +====================== + +SCION can be built with ``go build`` without any other system prerequisites. + +Please be aware that go build **is not the recommended setup for development** on SCION. +Not all tests and checks can be run in this setup. We use Bazel to orchestrate all of this. +Without running all checks locally, it is likely that there will be frustrating cycles with the CI +system rejecting your changes. +See :doc:`setup` for instructions on how to set up Bazel and the full development environment. + +Prerequisites +------------- + +#. Clone the SCION repository into your workspace. + + .. code-block:: bash + + git clone https://github.com/scionproto/scion + cd scion + +#. Determine the go version used in the bazel setup; the ``WORKSPACE`` file + specifies this version in the ``go_register_toolchains`` clause. + + .. literalinclude:: /../WORKSPACE + :start-at: go_register_toolchains( + :end-at: ) + :emphasize-lines: 3 + + Building with newer go versions *usually* works. + +#. Install go. Either follow `the official instructions `_ + or check the `Ubuntu specific installation options on the golang wiki `_. + +Build +----- + +* **Build only "distributables"**, without development and testing tools + + .. code-block:: bash + + CGO_ENABLED=0 go build -o bin/ ./{router,control,dispatcher,daemon,scion,scion-pki,gateway}/cmd/... + +* **Build all** + + .. code-block:: bash + + go build -o bin/ ./... + +Options +------- + +* sqlite implementations: two different sqlite implementations can be chosen at build time: + + - `modernc/sqlite `_: **default**. A pure go implementation of sqlite (transpiled from C). + - `mattn/go-sqlite3 `_: A CGO wrapper for the official sqlite implementation. + It is well established but requires CGO; this makes it impossible to build static binaries and + executables are dependent on a minimum glibc version. + + Specify build tag (``go build -tags=<...>``) either ``sqlite_modernc`` or ``sqlite_mattn``. + +Building with Bazel +=================== + +Please be aware that the following instructions only result in a minimal build +environment. Not all tests and checks can be run in this setup. +See :doc:`setup` for instructions on how to set up Bazel and the full development environment. + +Prerequites +----------- + +#. Clone the SCION repository into your workspace. + + .. code-block:: bash + + git clone https://github.com/scionproto/scion + cd scion + +#. Install bazel: either follow the official instructions at ``_, or + run our helper script: + + .. code-block:: + + tools/install_bazel + +#. Remove remote cache options from ``.bazelrc``; the default setup is useful to limit bazel's + cache size when contributing to SCION, but require a running docker container acting with the + "remote" cache service + + .. code-block:: + + sed -e '/--remote_cache=/d' -i .bazelrc + + Alternatively, if you have docker installed, you can run ``./scion.sh bazel-remote`` to start + the cache service. + +Build +----- + +* **Build only "distributables"**, without development and testing tools + + .. code-block:: sh + + make build # or, ... + bazel build //:scion # or, ... + bazel build //control/cmd/control //router/cmd/router <...> + +* **Build all** + + .. code-block:: sh + + make build-dev # or, ... + make # or, ... + bazel build //:scion //:scion-ci + +Options +------- + +* Bundling the management API documentation with the binaries. + + .. code-block:: sh + + bazel build --//:mgmtapi_bundle_doc=true //:scion + +* sqlite implementations: specify a build tag, ``sqlite_modernc`` or ``sqlite_mattn``. + + .. code-block:: sh + + bazel build --define gotags=sqlite_mattn <...> + + +.. seealso:: + + :doc:`setup` + Instructions for :doc:`installing the full development environment `. + + :doc:`/manuals/install` + Information for :doc:`installing SCION from per-built binaries or packages `. diff --git a/doc/dev/setup.rst b/doc/dev/setup.rst index 139ddef478..6d477963ed 100644 --- a/doc/dev/setup.rst +++ b/doc/dev/setup.rst @@ -3,6 +3,12 @@ Setting up the Development Environment ====================================== +.. hint:: + + These instructions describe the setup for building and running all integration tests with bazel, + docker and various other tools and scripts. + See :doc:`build` for instructions focussing only on how to build the SCION executables. + Prerequisites ------------- @@ -28,15 +34,13 @@ Prerequisites Please follow the instructions for `Install Compose Plugin `_. -Bazel +Setup ----- -#. Clone the SCION repository into the appropriate directory inside your workspace. In the commands below, - replace ``${WORKSPACE}`` with the directory in which you want to set up the project: +#. Clone the SCION repository into your workspace. .. code-block:: bash - cd ${WORKSPACE} git clone https://github.com/scionproto/scion cd scion @@ -72,8 +76,9 @@ Bazel make - .. hint:: This builds tools for tests in addition to the main SCION services (e.g., `end2end`); - if you don't require those, you can only build the SCION services by running ``make build``. + .. hint:: This builds tools for tests in addition to the main SCION services (e.g., `end2end`); + if you don't require those, you can only build the SCION services by running ``make build``. + See :doc:`build` for more details. #. Finally, check that tests run correctly: @@ -90,36 +95,6 @@ Bazel make lint -Alternative: go build ---------------------- - -Alternatively to building with bazel, the SCION services and tools can be built -with ``go build``. -Please be aware that **this is not the recommended setup for development**. -Not all checks and linters can be run in this setup. Without running all checks -locally, it is likely that there will be frustrating cycles with the CI system -rejecting your changes. - -#. Determine the go version used in the bazel setup; the ``WORKSPACE`` file - specifies this version in the ``go_register_toolchains`` clause. - - .. literalinclude:: /../WORKSPACE - :start-at: go_register_toolchains( - :end-at: ) - :emphasize-lines: 3 - - Building with newer go versions *usually* works. - -#. Install go. Either follow `the official instructions `_ - or check the `Ubuntu specific installation options on the golang wiki `_. - -#. Build SCION services and tools. - - .. code-block:: bash - - go build -o bin .//cmd/... - - Tips and Tricks --------------- .. toctree:: diff --git a/doc/index.rst b/doc/index.rst index ce12baffaa..6c1a83b5af 100644 --- a/doc/index.rst +++ b/doc/index.rst @@ -57,6 +57,7 @@ implementation `_. :caption: Reference Manuals :hidden: + manuals/install manuals/control manuals/router manuals/gateway @@ -70,11 +71,13 @@ implementation `_. snet API * **For operators of SCION end hosts**: + :doc:`manuals/install` | :doc:`command/scion/scion` | :doc:`manuals/daemon` | :doc:`manuals/dispatcher` * **For operators of** :term:`SCION ASes `: + :doc:`manuals/install` | :doc:`manuals/control` | :doc:`manuals/router` | :doc:`manuals/gateway` | @@ -98,6 +101,7 @@ Developer Documentation dev/contribute dev/setup + dev/build dev/run dev/style/index dev/testing/index @@ -113,6 +117,7 @@ Start with the :doc:`dev/contribute` to contribute to the open-source SCION impl * **Building and Running**: :doc:`dev/setup` | + :doc:`dev/build` | :doc:`dev/run` | :doc:`dev/dependencies` | :doc:`dev/testing/index` diff --git a/doc/manuals/install.rst b/doc/manuals/install.rst new file mode 100644 index 0000000000..83ca84aa4d --- /dev/null +++ b/doc/manuals/install.rst @@ -0,0 +1,114 @@ +************ +Installation +************ + +Debian packages +=============== + +Installation packages for Debian and derivatives are available for x86-64, arm64, x86-32 and arm. + +These packages can be found in the `latest release `_. +Packages for in-development versions can be found from the `latest nightly build `_. + +.. warning:: + + Tests are run only for x86-64. For the other platforms, we cross-compile and don't operate a + corresponding test infrastructure. We plan to add test infrastructure also for arm64, but not for + the 32 bit platforms. + +.. note:: + + There is currently no apt repository from which the packages can be installed directly. + +.. hint:: + + **Systemd** + + The packages include systemd units which can be used to run the SCION components. + There are various introduction documents on how to interact with systemd, for example + https://wiki.archlinux.org/title/Systemd#Using_units, or https://linuxhandbook.com/systemctl-commands/. + + Very briefly: + + * ``systemctl start `` / ``systemctl stop ``: start/stop a unit immediately + * ``systemctl enable `` / ``systemctl disable ``: enable/disable a unit to start automatically at boot + * ``systemctl status ``: display the status of a unit + * ``journalct -u ``: show log of unit + + +Packages +-------- + +:doc:`scion-control ` + :Executable: ``/usr/bin/scion-control`` + :Systemd Unit: + The ``scion-control@.service`` systemd unit template file allows running multiple program + instances per host. + Create one :ref:`control-conf-toml` file per program instance in ``/etc/scion``. + The basename of the configuration file is the instance parameter (the part after the ``@``) for + the corresponding systemd template unit instance. + + Example: create configuration ``/etc/scion/cs-1.toml`` and start + ``systemctl start scion-control@cs-1.service``. + +:doc:`scion-router ` + :Executable: ``/usr/bin/scion-router`` + :Systemd Unit: + The ``scion-router@.service`` systemd unit template file allows running multiple program + instances per host. + Create one :ref:`router-conf-toml` file per router instance in ``/etc/scion``. + The basename of the configuration file is the instance parameter (the part after the ``@``) for + the corresponding systemd template unit instance. + + Example: create configuration ``/etc/scion/br-1.toml`` and start + ``systemctl start scion-router@br-1.service``. + +:doc:`scion-ip-gateway ` + :Executable: ``/usr/bin/scion-ip-gateway`` + :Systemd Unit: + The ``scion-ip-gateway.service`` systemd unit refers to the default ``/etc/scion/sig.toml`` + configuration and the traffic policy file ``/etc/scion/sig.json``. + The default traffic policy file is incomplete and must be edited before starting the service. + +:doc:`scion-daemon ` + The scion-daemon and the scion-dispatcher together form the end host SCION stack. + + :Executable: ``/usr/bin/scion-daemon`` + :Systemd Unit: + The ``scion-daemon.service`` systemd unit refers to the default + ``/etc/scion/sciond.toml`` configuration file. + +:doc:`scion-dispatcher ` + :Executable: ``/usr/bin/scion-dispatcher`` + :Systemd Unit: + The ``scion-dispatcher.service`` systemd unit refers to the default + ``/etc/scion/dispatcher.toml`` configuration file. + +scion-tools + The :doc:`scion ` and :doc:`scion-pki` + command line tools. + + :Executables: ``/usr/bin/scion``, ``/usr/bin/scion-pki`` + +.. admonition:: Note + + The configuration manuals for gateway, daemon and dispatcher are currently incomplete. + + In the meantime, the ``sample config`` subcommand (e.g. ``scion-daemon sample config``) + describes the available configuration options. + + +Prebuilt Binaries +================= + +"Naked" pre-built binaries are available for Linux x86-64 and +can be downloaded from the `latest release `_, +or from the `latest nightly build `_. + +These binaries are statically linked and can run with little requirements on the operating system. + + +.. seealso:: + + :doc:`/dev/build` + Instructions for :doc:`building from source `. From 0bcf849ff19098a4c669ada3bd821b6e83235a97 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Tue, 19 Dec 2023 15:00:54 +0100 Subject: [PATCH 25/28] fixup: remove DEBUG --- dist/test/BUILD.bazel | 1 - 1 file changed, 1 deletion(-) diff --git a/dist/test/BUILD.bazel b/dist/test/BUILD.bazel index 82e0578ee1..ac3f31aefe 100644 --- a/dist/test/BUILD.bazel +++ b/dist/test/BUILD.bazel @@ -7,7 +7,6 @@ sh_test( ], env = { "SCION_DEB_PACKAGES": "$(locations //dist:deb)", - "DEBUG": "1", }, tags = [ "exclusive", From 5fd3c96f24572603eb0443d98a3d19c20a3f16a6 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Tue, 19 Dec 2023 15:02:31 +0100 Subject: [PATCH 26/28] fixup: make comment more specific --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index d4527c3a51..48e9aa6e07 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ build: dist-deb: bazel build //dist:deb_all mkdir -p deb; rm -f deb/*; - @ # Bazel cannot include the version in the filename. + @ # Bazel cannot include the version in the filename, if we want to set it automatically from the git tag. @ # Extract the version from the .deb "control" manifest and expand the "__" in the filename to "__". @ # See e.g. https://en.wikipedia.org/wiki/Deb_(file_format)#Control_archive @for f in `bazel cquery //dist:deb_all --output=files 2>/dev/null`; do \ From 26ce490559a4847c0521741a323ee91319d0b8de Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Tue, 19 Dec 2023 15:05:33 +0100 Subject: [PATCH 27/28] fixup: spell --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 736ade4f29..7842cf3a22 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ instructions on how to set up Bazel and the full development environment. Join [SCIONLab](https://www.scionlab.org) if you're interested in playing with SCION in an operational global test deployment of SCION. -The [awesome-scion](https://github.com/scionproto/awesome-scion#deployments) list containes +The [awesome-scion](https://github.com/scionproto/awesome-scion#deployments) list contains pointers to production deployments of SCION. ## Contributing From 792ea4794884044542aaf966e7606121a102c40c Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Thu, 21 Dec 2023 09:41:31 +0100 Subject: [PATCH 28/28] fixup: spelling --- doc/dev/build.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/dev/build.rst b/doc/dev/build.rst index 6d21fef7b8..379499e3c2 100644 --- a/doc/dev/build.rst +++ b/doc/dev/build.rst @@ -23,7 +23,7 @@ Prerequisites git clone https://github.com/scionproto/scion cd scion -#. Determine the go version used in the bazel setup; the ``WORKSPACE`` file +#. Determine the go version used in the Bazel setup; the ``WORKSPACE`` file specifies this version in the ``go_register_toolchains`` clause. .. literalinclude:: /../WORKSPACE @@ -70,8 +70,8 @@ Please be aware that the following instructions only result in a minimal build environment. Not all tests and checks can be run in this setup. See :doc:`setup` for instructions on how to set up Bazel and the full development environment. -Prerequites ------------ +Prerequisites +------------- #. Clone the SCION repository into your workspace. @@ -80,15 +80,15 @@ Prerequites git clone https://github.com/scionproto/scion cd scion -#. Install bazel: either follow the official instructions at ``_, or +#. Install Bazel: either follow the official instructions at ``_, or run our helper script: .. code-block:: tools/install_bazel -#. Remove remote cache options from ``.bazelrc``; the default setup is useful to limit bazel's - cache size when contributing to SCION, but require a running docker container acting with the +#. Remove remote cache options from ``.bazelrc``; the default setup is useful to limit Bazel's + cache size when contributing to SCION, but requires a running docker container acting as the "remote" cache service .. code-block::