From b38ad340f70739bafa99426fe6e2ab649e57e3be Mon Sep 17 00:00:00 2001 From: Jean-Christophe Hugly Date: Wed, 25 Sep 2024 18:11:31 +0200 Subject: [PATCH 01/16] Add rudimentary rpm packaging capability. --- WORKSPACE | 9 ++++++ dist/BUILD.bazel | 15 ++++++++-- dist/package.bzl | 76 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 98 insertions(+), 2 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index 53b4207e4f..8995d4a5ff 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -180,6 +180,7 @@ oci_pull( repository = "library/debian", ) +# Debian packaging http_archive( name = "rules_debian_packages", sha256 = "0ae3b332f9d894e57693ce900769d2bd1b693e1f5ea1d9cdd82fa4479c93bcc8", @@ -204,6 +205,14 @@ load("@tester_debian10_packages//:packages.bzl", tester_debian_packages_install_ tester_debian_packages_install_deps() +# RPM packaging +load("@rules_pkg//toolchains/rpm:rpmbuild_configure.bzl", "find_system_rpmbuild") + +find_system_rpmbuild( + name = "rules_pkg_rpmbuild", + verbose = False, +) + # protobuf/gRPC http_archive( name = "rules_proto_grpc", diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel index 5422f1fae0..4295574622 100644 --- a/dist/BUILD.bazel +++ b/dist/BUILD.bazel @@ -1,5 +1,5 @@ -load(":package.bzl", "scion_pkg_deb") -load(":package.bzl", "scion_pkg_ipk") +load(":package.bzl", "scion_pkg_deb", "scion_pkg_ipk", "scion_pkg_rpm") + load(":platform.bzl", "multiplatform_filegroup") load(":git_version.bzl", "git_version") @@ -39,6 +39,17 @@ git_version( visibility = ["@openwrt_x86_64_SDK//:__subpackages__"], ) +scion_pkg_rpm( + name = "router_rpm", + description = "SCION inter-domain network architecture border router", + executables = { + "//router/cmd/router:router": "scion-router", + }, + package = "scion-router", + systemds = ["systemd/scion-router@.service"], + version_file = ":git_version", +) + scion_pkg_deb( name = "router_deb", depends = [ diff --git a/dist/package.bzl b/dist/package.bzl index 88c9e1544e..fce405152d 100644 --- a/dist/package.bzl +++ b/dist/package.bzl @@ -1,6 +1,8 @@ load("@rules_pkg//pkg:pkg.bzl", "pkg_deb", "pkg_tar") +load("@rules_pkg//pkg:rpm.bzl", "pkg_rpm") load("@bazel_skylib//rules:common_settings.bzl", "BuildSettingInfo") load("@rules_pkg//pkg:providers.bzl", "PackageVariablesInfo") +load("@rules_pkg//pkg:mappings.bzl", "pkg_files", "pkg_attributes") SCION_PKG_HOMEPAGE = "https://github.com/scionproto/scion" SCION_PKG_MAINTAINER = "SCION Contributors" @@ -30,6 +32,80 @@ name_elems = rule( }, ) +def scion_pkg_rpm(name, package, executables = {}, systemds = [], configs = [], **kwargs): + """ + The package content, the _data_ arg for the pkg_rpm rule, is assembled from: + + - executables: Map Label (the executable) -> string, the basename of the executable in the package + Executables are installed to /usr/bin/ + - systemds: List[string], the systemd unit files to be installed in /lib/systemd/system/ + - configs: List[string], the configuration files to be installed in /etc/scion/ + + The values for the following pkg_rpm args are set to a default value: + - url + - license + - architecture, set based on the platform. + + The caller needs to set: + - package: the name of the package (e.g. scion-router) + - description: one-liner + - version/versoin_file: One can use the label ":git_version" + and any of the optional control directives. + """ + + kwargs.setdefault("url", SCION_PKG_HOMEPAGE) + kwargs.setdefault("license", SCION_PKG_LICENSE) + + if "architecture" not in kwargs: + kwargs["architecture"] = select({ + "@platforms//cpu:x86_64": "x86_64", + "@platforms//cpu:x86_32": "i386", + "@platforms//cpu:aarch64": "arm64", + "@platforms//cpu:armv7": "armel", + "@platforms//cpu:s390x": "s390x", + # Note: some rules_go toolchains don't (currently) seem to map (cleanly) to @platforms//cpu. + # "@platforms//cpu:ppc": "ppc64", + # "@platforms//cpu:ppc64le": "ppc64le", + }) + + name_elems( + name = "package_file_naming_" + name, + file_name_version = "@@//:file_name_version", + architecture = kwargs["architecture"], + package = package, + ) + + # Note that our "executables" parameter is a dictionary label->file_name; exactly what pkg_files + # wants for its "renames" param. + pkg_files(name="%s_configs" % name, prefix="/etc/scion/", srcs=configs) + pkg_files(name="%s_systemds" % name, prefix="/lib/systemd/system/", srcs=systemds) + pkg_files(name="%s_execs" % name, prefix="/usr/bin/", srcs=executables.keys(), + attributes=pkg_attributes(mode = "0755"), renames=executables) + + if kwargs.get("version_file"): + native.genrule(name="%s_version" % name, + srcs=[kwargs["version_file"]], outs=["%s_version_file" % name], + cmd="sed 's/-/^/g' < $< > $@") + kwargs.pop("version_file") + elif kwargs.get("version"): + native.genrule(name="%s_version" % name, + srcs=[], outs=["%s_version_file" % name], + cmd="echo \"%s\" | sed 's/-/^/g' > $@" % kwargs["version"]) + kwargs.pop("version") + + pkg_rpm( + name = name, + summary = kwargs["description"], + srcs = ["%s_configs" % name, "%s_systemds" % name, "%s_execs" % name], + target_compatible_with = ["@platforms//os:linux"], + package_file_name = "{package}_{file_name_version}_{architecture}.rpm", + package_variables = ":package_file_naming_" + name, + package_name = package, + release = "%autorelease", + version_file = ":%s_version" % name, + **kwargs + ) + def scion_pkg_deb(name, executables = {}, systemds = [], configs = [], **kwargs): """ The package content, the _data_ arg for the pkg_deb rule, is assembled from: From e7fad5cfca21b30c5ac7b5dc1e2f8bb25ec4f529 Mon Sep 17 00:00:00 2001 From: Jean-Christophe Hugly Date: Wed, 25 Sep 2024 18:37:21 +0200 Subject: [PATCH 02/16] Add creation of x86_64 rpms for all components. --- Makefile | 6 +++ dist/BUILD.bazel | 123 ++++++++++++++++++++++++++++++++++++++++++----- dist/package.bzl | 4 +- 3 files changed, 121 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index 25e994ea58..c27a5a1862 100644 --- a/Makefile +++ b/Makefile @@ -31,6 +31,12 @@ dist-openwrt-testing: @ mkdir -p installables @ cd installables ; ln -sfv ../bazel-out/*/bin/dist/*.ipk . +dist-rpm: + bazel build //dist:rpm_all $(BFLAGS) + @ # These artefacts have unique names but varied locations. Link them somewhere convenient. + @ mkdir -p installables + @ cd installables ; ln -sfv ../bazel-out/*/bin/dist/*.rpm . + # all: performs the code-generation steps and then builds; the generated code # is git controlled, and therefore this is only necessary when changing the # sources for the code generation. diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel index 4295574622..d6594ee459 100644 --- a/dist/BUILD.bazel +++ b/dist/BUILD.bazel @@ -9,6 +9,9 @@ DEB_PLATFORMS = [ "@io_bazel_rules_go//go/toolchain:linux_386", "@io_bazel_rules_go//go/toolchain:linux_arm", ] +RPM_PLATFORMS = [ + "@io_bazel_rules_go//go/toolchain:linux_amd64", +] # TODO(jice@scion.org): # For now only a single openwrt platform can be in this list. If we allow several, they get @@ -39,17 +42,6 @@ git_version( visibility = ["@openwrt_x86_64_SDK//:__subpackages__"], ) -scion_pkg_rpm( - name = "router_rpm", - description = "SCION inter-domain network architecture border router", - executables = { - "//router/cmd/router:router": "scion-router", - }, - package = "scion-router", - systemds = ["systemd/scion-router@.service"], - version_file = ":git_version", -) - scion_pkg_deb( name = "router_deb", depends = [ @@ -232,3 +224,112 @@ multiplatform_filegroup( target_platforms = OPENWRT_PLATFORMS, visibility = ["//dist:__subpackages__"], ) + +scion_pkg_rpm( + name = "router_rpm", + description = "SCION inter-domain network architecture border router", + executables = { + "//router/cmd/router:router": "scion-router", + }, + package = "scion-router", + systemds = ["systemd/scion-router@.service"], + version_file = ":git_version", +) + +scion_pkg_rpm( + name = "control_rpm", + configs = [], + # depends = [ + # "adduser", + # "scion-dispatcher", + # ], + description = "SCION inter-domain network architecture control service", + executables = { + "//control/cmd/control:control": "scion-control", + }, + package = "scion-control", + systemds = ["systemd/scion-control@.service"], + version_file = ":git_version", +) + +scion_pkg_rpm( + name = "dispatcher_rpm", + configs = ["conffiles/dispatcher.toml"], + # depends = [ + # "adduser", + # ], + description = "SCION dispatcher", + executables = { + "//dispatcher/cmd/dispatcher:dispatcher": "scion-dispatcher", + }, + package = "scion-dispatcher", + # postinst = "debian/scion.postinst", + systemds = ["systemd/scion-dispatcher.service"], + version_file = ":git_version", +) + +scion_pkg_rpm( + name = "daemon_rpm", + configs = ["conffiles/daemon.toml"], + # depends = [ + # "adduser", + # ], + description = "SCION daemon", + executables = { + "//daemon/cmd/daemon:daemon": "scion-daemon", + }, + package = "scion-daemon", + # postinst = "debian/scion.postinst", + systemds = ["systemd/scion-daemon.service"], + version_file = ":git_version", +) + +scion_pkg_rpm( + name = "gateway_rpm", + configs = [ + "conffiles/gateway.json", + "conffiles/gateway.toml", + ], + # depends = [ + # "adduser", + # "scion-dispatcher", + # "scion-daemon", + # ], + description = "SCION-IP Gateway", + executables = { + "//gateway/cmd/gateway:gateway": "scion-ip-gateway", + }, + package = "scion-ip-gateway", + systemds = ["systemd/scion-ip-gateway.service"], + version_file = ":git_version", +) + +scion_pkg_rpm( + name = "tools_rpm", + # depends = [ + # "adduser", + # "scion-dispatcher", + # "scion-daemon", + # ], + description = "SCION tools", + executables = { + "//scion/cmd/scion:scion": "scion", + "//scion-pki/cmd/scion-pki:scion-pki": "scion-pki", + }, + package = "scion-tools", + version_file = ":git_version", +) + +multiplatform_filegroup( + name = "rpm", + srcs = [ + "control_rpm", + "daemon_rpm", + "dispatcher_rpm", + "gateway_rpm", + "router_rpm", + "tools_rpm", + ], + target_platforms = RPM_PLATFORMS, + visibility = ["//dist:__subpackages__"], +) diff --git a/dist/package.bzl b/dist/package.bzl index fce405152d..1f71459d4b 100644 --- a/dist/package.bzl +++ b/dist/package.bzl @@ -49,8 +49,10 @@ def scion_pkg_rpm(name, package, executables = {}, systemds = [], configs = [], The caller needs to set: - package: the name of the package (e.g. scion-router) - description: one-liner - - version/versoin_file: One can use the label ":git_version" + - version/version_file: One can use the label ":git_version" and any of the optional control directives. + + The version string gets edited to meet rpm requirements: dashes are replaced with ^. """ kwargs.setdefault("url", SCION_PKG_HOMEPAGE) From ee4bbedca8aedde6c351dd500cd98a0e8e4260d4 Mon Sep 17 00:00:00 2001 From: Jean-Christophe Hugly Date: Thu, 26 Sep 2024 18:27:30 +0200 Subject: [PATCH 03/16] Add requires/provides metadata. --- dist/BUILD.bazel | 44 ++++++++++++++++++++++++-------------------- dist/package.bzl | 8 ++++++++ 2 files changed, 32 insertions(+), 20 deletions(-) diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel index d6594ee459..c072a48fef 100644 --- a/dist/BUILD.bazel +++ b/dist/BUILD.bazel @@ -227,6 +227,10 @@ multiplatform_filegroup( scion_pkg_rpm( name = "router_rpm", + depends = [ + "/sbin/adduser", + "scion-dispatcher", + ], description = "SCION inter-domain network architecture border router", executables = { "//router/cmd/router:router": "scion-router", @@ -239,10 +243,10 @@ scion_pkg_rpm( scion_pkg_rpm( name = "control_rpm", configs = [], - # depends = [ - # "adduser", - # "scion-dispatcher", - # ], + depends = [ + "/sbin/adduser", + "scion-dispatcher", + ], description = "SCION inter-domain network architecture control service", executables = { "//control/cmd/control:control": "scion-control", @@ -255,9 +259,9 @@ scion_pkg_rpm( scion_pkg_rpm( name = "dispatcher_rpm", configs = ["conffiles/dispatcher.toml"], - # depends = [ - # "adduser", - # ], + depends = [ + "/sbin/adduser", + ], description = "SCION dispatcher", executables = { "//dispatcher/cmd/dispatcher:dispatcher": "scion-dispatcher", @@ -271,9 +275,9 @@ scion_pkg_rpm( scion_pkg_rpm( name = "daemon_rpm", configs = ["conffiles/daemon.toml"], - # depends = [ - # "adduser", - # ], + depends = [ + "/sbin/adduser", + ], description = "SCION daemon", executables = { "//daemon/cmd/daemon:daemon": "scion-daemon", @@ -290,11 +294,11 @@ scion_pkg_rpm( "conffiles/gateway.json", "conffiles/gateway.toml", ], - # depends = [ - # "adduser", - # "scion-dispatcher", - # "scion-daemon", - # ], + depends = [ + "/sbin/adduser", + "scion-dispatcher", + "scion-daemon", + ], description = "SCION-IP Gateway", executables = { "//gateway/cmd/gateway:gateway": "scion-ip-gateway", @@ -306,11 +310,11 @@ scion_pkg_rpm( scion_pkg_rpm( name = "tools_rpm", - # depends = [ - # "adduser", - # "scion-dispatcher", - # "scion-daemon", - # ], + depends = [ + "/sbin/adduser", + "scion-dispatcher", + "scion-daemon", + ], description = "SCION tools", executables = { "//scion/cmd/scion:scion": "scion", diff --git a/dist/package.bzl b/dist/package.bzl index 1f71459d4b..3218be7f08 100644 --- a/dist/package.bzl +++ b/dist/package.bzl @@ -95,6 +95,13 @@ def scion_pkg_rpm(name, package, executables = {}, systemds = [], configs = [], cmd="echo \"%s\" | sed 's/-/^/g' > $@" % kwargs["version"]) kwargs.pop("version") + # Use ethe same attributes as scion_pkg_deb, in view of may-be simplifying BUILD.bazel later. + deps = kwargs.get("depends") + if deps: + kwargs.pop("depends") + else: + deps = [] + pkg_rpm( name = name, summary = kwargs["description"], @@ -105,6 +112,7 @@ def scion_pkg_rpm(name, package, executables = {}, systemds = [], configs = [], package_name = package, release = "%autorelease", version_file = ":%s_version" % name, + requires = deps, **kwargs ) From 88ef3ad2c36c258d04f0b14963d29286c8be12c9 Mon Sep 17 00:00:00 2001 From: Jean-Christophe Hugly Date: Thu, 26 Sep 2024 19:02:54 +0200 Subject: [PATCH 04/16] Add postinstalls. --- dist/BUILD.bazel | 7 +++++-- dist/package.bzl | 5 +++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel index c072a48fef..a6fcbdb4f5 100644 --- a/dist/BUILD.bazel +++ b/dist/BUILD.bazel @@ -236,6 +236,7 @@ scion_pkg_rpm( "//router/cmd/router:router": "scion-router", }, package = "scion-router", + postinst = "debian/scion.postinst", systemds = ["systemd/scion-router@.service"], version_file = ":git_version", ) @@ -252,6 +253,7 @@ scion_pkg_rpm( "//control/cmd/control:control": "scion-control", }, package = "scion-control", + postinst = "debian/scion.postinst", systemds = ["systemd/scion-control@.service"], version_file = ":git_version", ) @@ -267,7 +269,7 @@ scion_pkg_rpm( "//dispatcher/cmd/dispatcher:dispatcher": "scion-dispatcher", }, package = "scion-dispatcher", - # postinst = "debian/scion.postinst", + postinst = "debian/scion.postinst", systemds = ["systemd/scion-dispatcher.service"], version_file = ":git_version", ) @@ -283,7 +285,7 @@ scion_pkg_rpm( "//daemon/cmd/daemon:daemon": "scion-daemon", }, package = "scion-daemon", - # postinst = "debian/scion.postinst", + postinst = "debian/scion.postinst", systemds = ["systemd/scion-daemon.service"], version_file = ":git_version", ) @@ -304,6 +306,7 @@ scion_pkg_rpm( "//gateway/cmd/gateway:gateway": "scion-ip-gateway", }, package = "scion-ip-gateway", + postinst = "debian/scion.postinst", systemds = ["systemd/scion-ip-gateway.service"], version_file = ":git_version", ) diff --git a/dist/package.bzl b/dist/package.bzl index 3218be7f08..e1838b19e2 100644 --- a/dist/package.bzl +++ b/dist/package.bzl @@ -102,6 +102,10 @@ def scion_pkg_rpm(name, package, executables = {}, systemds = [], configs = [], else: deps = [] + post = kwargs.get("postinst") + if post: + kwargs.pop("postinst") + pkg_rpm( name = name, summary = kwargs["description"], @@ -113,6 +117,7 @@ def scion_pkg_rpm(name, package, executables = {}, systemds = [], configs = [], release = "%autorelease", version_file = ":%s_version" % name, requires = deps, + post_scriptlet_file = post, **kwargs ) From 67a63d0b5401e71d437af8c341341b2689412afd Mon Sep 17 00:00:00 2001 From: Jean-Christophe Hugly Date: Fri, 27 Sep 2024 14:09:56 +0200 Subject: [PATCH 05/16] Add test for rpm packaging. Fixed dependencies and postinstalls. --- dist/BUILD.bazel | 9 +-- dist/rpm/scion.postinst | 10 +++ dist/test/BUILD.bazel | 16 +++++ dist/test/Dockerfile.rpm | 8 +++ dist/test/deb_test.sh | 1 + dist/test/rpm_test.sh | 144 +++++++++++++++++++++++++++++++++++++++ 6 files changed, 182 insertions(+), 6 deletions(-) create mode 100644 dist/rpm/scion.postinst create mode 100644 dist/test/Dockerfile.rpm create mode 100755 dist/test/rpm_test.sh diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel index a6fcbdb4f5..b77d2de050 100644 --- a/dist/BUILD.bazel +++ b/dist/BUILD.bazel @@ -229,14 +229,13 @@ scion_pkg_rpm( name = "router_rpm", depends = [ "/sbin/adduser", - "scion-dispatcher", ], description = "SCION inter-domain network architecture border router", executables = { "//router/cmd/router:router": "scion-router", }, package = "scion-router", - postinst = "debian/scion.postinst", + postinst = "rpm/scion.postinst", systemds = ["systemd/scion-router@.service"], version_file = ":git_version", ) @@ -253,7 +252,6 @@ scion_pkg_rpm( "//control/cmd/control:control": "scion-control", }, package = "scion-control", - postinst = "debian/scion.postinst", systemds = ["systemd/scion-control@.service"], version_file = ":git_version", ) @@ -269,7 +267,7 @@ scion_pkg_rpm( "//dispatcher/cmd/dispatcher:dispatcher": "scion-dispatcher", }, package = "scion-dispatcher", - postinst = "debian/scion.postinst", + postinst = "rpm/scion.postinst", systemds = ["systemd/scion-dispatcher.service"], version_file = ":git_version", ) @@ -285,7 +283,7 @@ scion_pkg_rpm( "//daemon/cmd/daemon:daemon": "scion-daemon", }, package = "scion-daemon", - postinst = "debian/scion.postinst", + postinst = "rpm/scion.postinst", systemds = ["systemd/scion-daemon.service"], version_file = ":git_version", ) @@ -306,7 +304,6 @@ scion_pkg_rpm( "//gateway/cmd/gateway:gateway": "scion-ip-gateway", }, package = "scion-ip-gateway", - postinst = "debian/scion.postinst", systemds = ["systemd/scion-ip-gateway.service"], version_file = ":git_version", ) diff --git a/dist/rpm/scion.postinst b/dist/rpm/scion.postinst new file mode 100644 index 0000000000..44d6dee5e4 --- /dev/null +++ b/dist/rpm/scion.postinst @@ -0,0 +1,10 @@ +#!/bin/bash +set -e + +# Create system user +adduser --system --user-group --create-home --home /var/lib/scion scion + +# Create configuration directory +mkdir /etc/scion/ >& /dev/null || true +chown scion:scion /etc/scion/ + diff --git a/dist/test/BUILD.bazel b/dist/test/BUILD.bazel index c2cd205e12..1d0f820c76 100644 --- a/dist/test/BUILD.bazel +++ b/dist/test/BUILD.bazel @@ -29,3 +29,19 @@ sh_test( "integration", ], ) + +sh_test( + name = "rpm_test", + srcs = ["rpm_test.sh"], + data = [ + "Dockerfile.rpm", + "//dist:rpm", + ], + env = { + "SCION_RPM_PACKAGES": "$(locations //dist:rpm)", + }, + tags = [ + "exclusive", + "integration", + ], +) diff --git a/dist/test/Dockerfile.rpm b/dist/test/Dockerfile.rpm new file mode 100644 index 0000000000..38a696f908 --- /dev/null +++ b/dist/test/Dockerfile.rpm @@ -0,0 +1,8 @@ +FROM fedora:40 + +RUN dnf --assumeyes install systemd + +ENV container docker + +# Only "boot" a minimal system with journald and nothing else +CMD ["/usr/lib/systemd/systemd", "--unit", "systemd-journald.service"] diff --git a/dist/test/deb_test.sh b/dist/test/deb_test.sh index 295c85097c..6eebacf3d1 100755 --- a/dist/test/deb_test.sh +++ b/dist/test/deb_test.sh @@ -52,6 +52,7 @@ docker exec -i debian-systemd /bin/bash <<'EOF' # router apt-get install /deb/scion-router_*_${arch}.deb + ls -l /etc/scion cat > /etc/scion/br-1.toml < /dev/null + + # router + rpm -iv /rpm/scion-router_*_${arch}.rpm + cat > /etc/scion/br-1.toml < /etc/scion/topology.json < /etc/scion/cs-1.toml << INNER_EOF + general.id = "cs-1" + general.config_dir = "/etc/scion" + trust_db.connection = "/var/lib/scion/cs-1.trust.db" + beacon_db.connection = "/var/lib/scion/cs-1.beacon.db" + path_db.connection = "/var/lib/scion/cs-1.path.db" +INNER_EOF + systemctl enable --now scion-control@cs-1.service + sleep 1 + systemctl status scion-control@cs-1.service + systemctl is-active scion-dispatcher.service # should be re-started as dependency + systemctl stop scion-control@cs-1.service scion-dispatcher.service + + # daemon + systemctl enable --now scion-daemon.service + systemctl status scion-daemon.service + sleep 1 + systemctl is-active scion-dispatcher.service # should be re-started as dependency + # ... tools (continued) + # now with the daemon running, we can test `scion` e.g. to inspect our local SCION address + scion address + systemctl stop scion-daemon.service scion-dispatcher.service + + # scion-ip-gateway + rpm -i /rpm/scion-ip-gateway_*_${arch}.rpm + systemctl start scion-ip-gateway.service + sleep 1 + # Note: this starts even if the default sig.json is not a valid configuration + systemctl status scion-ip-gateway.service + systemctl is-active scion-dispatcher.service scion-daemon.service # should be re-started as dependency + # Note: the gateway will only create a tunnel device once a session with a + # neighbor is up. This is too complicated to arrange in this test. Instead, + # we just ensure that the process has the required capabilities to do so. + getpcaps $(pidof scion-ip-gateway) | tee /dev/stderr | grep -q "cap_net_admin" || echo "missing capability 'cap_net_admin'" + + echo "Success!" +EOF From d3d53beb6d655b4cfdd134ac064875cb6a1420b1 Mon Sep 17 00:00:00 2001 From: Jean-Christophe Hugly Date: Fri, 27 Sep 2024 14:23:37 +0200 Subject: [PATCH 06/16] Minor fixes. --- WORKSPACE | 1 - dist/test/deb_test.sh | 1 - 2 files changed, 2 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index 0322372a9e..a51fdd13f6 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -221,7 +221,6 @@ http_archive( sha256 = "16253b6702dd447ef941b01c9c386a2ab7c8d20bbbc86a5efa5953270f6c9010", strip_prefix = "buf/bin", urls = ["https://github.com/bufbuild/buf/releases/download/v1.32.2/buf-Linux-x86_64.tar.gz"], - ) # protobuf/gRPC diff --git a/dist/test/deb_test.sh b/dist/test/deb_test.sh index 6eebacf3d1..295c85097c 100755 --- a/dist/test/deb_test.sh +++ b/dist/test/deb_test.sh @@ -52,7 +52,6 @@ docker exec -i debian-systemd /bin/bash <<'EOF' # router apt-get install /deb/scion-router_*_${arch}.deb - ls -l /etc/scion cat > /etc/scion/br-1.toml < Date: Fri, 27 Sep 2024 14:28:59 +0200 Subject: [PATCH 07/16] Fix merge snafoo. --- WORKSPACE | 1 + 1 file changed, 1 insertion(+) diff --git a/WORKSPACE b/WORKSPACE index a51fdd13f6..33d58579ed 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -213,6 +213,7 @@ load("@rules_pkg//toolchains/rpm:rpmbuild_configure.bzl", "find_system_rpmbuild" find_system_rpmbuild( name = "rules_pkg_rpmbuild", verbose = False, +) # Buf CLI http_archive( From 640db4f67819b593a85330e2094b3c1788f99a36 Mon Sep 17 00:00:00 2001 From: Jean-Christophe Hugly Date: Fri, 27 Sep 2024 14:39:20 +0200 Subject: [PATCH 08/16] Add rpm packages into the CI pipeline. --- .buildkite/pipeline.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 72c9c14cdb..d3dda80ee9 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -26,10 +26,11 @@ steps: - exit_status: 255 # Forced agent shutdown timeout_in_minutes: 10 - wait - - label: "Package :debian: :openwrt:" + - label: "Package :debian: :openwrt: :rpm:" command: | make dist-deb BFLAGS="--file_name_version=${SCION_VERSION}" make dist-openwrt BFLAGS="--file_name_version=${SCION_VERSION}" + make dist-rpm BFLAGS="--file_name_version=${SCION_VERSION}" artifact_paths: - "installables/scion_*.tar.gz" plugins: @@ -42,6 +43,7 @@ steps: tar -chaf scion_${SCION_VERSION}_deb_i386.tar.gz *_${SCION_VERSION}_i386.deb tar -chaf scion_${SCION_VERSION}_deb_armel.tar.gz *_${SCION_VERSION}_armel.deb tar -chaf scion_${SCION_VERSION}_openwrt_x86_64.tar.gz *_${SCION_VERSION}_x86_64.ipk + tar -chaf scion_${SCION_VERSION}_rpm_x86_64.tar.gz *_${SCION_VERSION}_x86_64.rpm popd ls installables post-artifact: | @@ -53,6 +55,8 @@ steps: - armel #### Packages :openwrt: - x86_64 + #### Packages :rpm: + - x86_64 EOF key: dist retry: *automatic-retry From 262a063fac5487f46588d039cf1b110f7c4801c0 Mon Sep 17 00:00:00 2001 From: Jean-Christophe Hugly Date: Fri, 27 Sep 2024 14:48:18 +0200 Subject: [PATCH 09/16] Buildified --- dist/BUILD.bazel | 2 +- dist/package.bzl | 33 ++++++++++++++++++++++----------- 2 files changed, 23 insertions(+), 12 deletions(-) diff --git a/dist/BUILD.bazel b/dist/BUILD.bazel index b77d2de050..221e68638b 100644 --- a/dist/BUILD.bazel +++ b/dist/BUILD.bazel @@ -1,5 +1,4 @@ load(":package.bzl", "scion_pkg_deb", "scion_pkg_ipk", "scion_pkg_rpm") - load(":platform.bzl", "multiplatform_filegroup") load(":git_version.bzl", "git_version") @@ -9,6 +8,7 @@ DEB_PLATFORMS = [ "@io_bazel_rules_go//go/toolchain:linux_386", "@io_bazel_rules_go//go/toolchain:linux_arm", ] + RPM_PLATFORMS = [ "@io_bazel_rules_go//go/toolchain:linux_amd64", ] diff --git a/dist/package.bzl b/dist/package.bzl index e1838b19e2..06a80a7f9f 100644 --- a/dist/package.bzl +++ b/dist/package.bzl @@ -2,7 +2,7 @@ load("@rules_pkg//pkg:pkg.bzl", "pkg_deb", "pkg_tar") load("@rules_pkg//pkg:rpm.bzl", "pkg_rpm") load("@bazel_skylib//rules:common_settings.bzl", "BuildSettingInfo") load("@rules_pkg//pkg:providers.bzl", "PackageVariablesInfo") -load("@rules_pkg//pkg:mappings.bzl", "pkg_files", "pkg_attributes") +load("@rules_pkg//pkg:mappings.bzl", "pkg_attributes", "pkg_files") SCION_PKG_HOMEPAGE = "https://github.com/scionproto/scion" SCION_PKG_MAINTAINER = "SCION Contributors" @@ -79,20 +79,31 @@ def scion_pkg_rpm(name, package, executables = {}, systemds = [], configs = [], # Note that our "executables" parameter is a dictionary label->file_name; exactly what pkg_files # wants for its "renames" param. - pkg_files(name="%s_configs" % name, prefix="/etc/scion/", srcs=configs) - pkg_files(name="%s_systemds" % name, prefix="/lib/systemd/system/", srcs=systemds) - pkg_files(name="%s_execs" % name, prefix="/usr/bin/", srcs=executables.keys(), - attributes=pkg_attributes(mode = "0755"), renames=executables) + pkg_files(name = "%s_configs" % name, prefix = "/etc/scion/", srcs = configs) + pkg_files(name = "%s_systemds" % name, prefix = "/lib/systemd/system/", srcs = systemds) + pkg_files( + name = "%s_execs" % name, + prefix = "/usr/bin/", + srcs = executables.keys(), + attributes = pkg_attributes(mode = "0755"), + renames = executables, + ) if kwargs.get("version_file"): - native.genrule(name="%s_version" % name, - srcs=[kwargs["version_file"]], outs=["%s_version_file" % name], - cmd="sed 's/-/^/g' < $< > $@") + native.genrule( + name = "%s_version" % name, + srcs = [kwargs["version_file"]], + outs = ["%s_version_file" % name], + cmd = "sed 's/-/^/g' < $< > $@", + ) kwargs.pop("version_file") elif kwargs.get("version"): - native.genrule(name="%s_version" % name, - srcs=[], outs=["%s_version_file" % name], - cmd="echo \"%s\" | sed 's/-/^/g' > $@" % kwargs["version"]) + native.genrule( + name = "%s_version" % name, + srcs = [], + outs = ["%s_version_file" % name], + cmd = "echo \"%s\" | sed 's/-/^/g' > $@" % kwargs["version"], + ) kwargs.pop("version") # Use ethe same attributes as scion_pkg_deb, in view of may-be simplifying BUILD.bazel later. From 40283c30ecaed3c11351ccc9db4de045709c4b89 Mon Sep 17 00:00:00 2001 From: jiceatscion <139873336+jiceatscion@users.noreply.github.com> Date: Tue, 8 Oct 2024 11:56:42 +0200 Subject: [PATCH 10/16] Update dist/package.bzl Co-authored-by: FR4NK-W --- dist/package.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist/package.bzl b/dist/package.bzl index 06a80a7f9f..95a4c48f67 100644 --- a/dist/package.bzl +++ b/dist/package.bzl @@ -106,7 +106,7 @@ def scion_pkg_rpm(name, package, executables = {}, systemds = [], configs = [], ) kwargs.pop("version") - # Use ethe same attributes as scion_pkg_deb, in view of may-be simplifying BUILD.bazel later. + # Use the same attributes as scion_pkg_deb, in view of may-be simplifying BUILD.bazel later. deps = kwargs.get("depends") if deps: kwargs.pop("depends") From d77e051608c2b82a19beec1f1c4e9e1ecf76659c Mon Sep 17 00:00:00 2001 From: jiceatscion <139873336+jiceatscion@users.noreply.github.com> Date: Tue, 8 Oct 2024 12:00:08 +0200 Subject: [PATCH 11/16] Update dist/rpm/scion.postinst Co-authored-by: FR4NK-W --- dist/rpm/scion.postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist/rpm/scion.postinst b/dist/rpm/scion.postinst index 44d6dee5e4..851ab37066 100644 --- a/dist/rpm/scion.postinst +++ b/dist/rpm/scion.postinst @@ -2,7 +2,7 @@ set -e # Create system user -adduser --system --user-group --create-home --home /var/lib/scion scion +adduser --system --gid scion -M -s /sbin/nologin # Create configuration directory mkdir /etc/scion/ >& /dev/null || true From 671f288edf60a31113bcdc223faa106d6e9473d6 Mon Sep 17 00:00:00 2001 From: Jean-Christophe Hugly Date: Tue, 8 Oct 2024 12:01:47 +0200 Subject: [PATCH 12/16] Create /var/lib/scion explicitly. --- dist/rpm/scion.postinst | 1 + 1 file changed, 1 insertion(+) diff --git a/dist/rpm/scion.postinst b/dist/rpm/scion.postinst index 851ab37066..46812962d9 100644 --- a/dist/rpm/scion.postinst +++ b/dist/rpm/scion.postinst @@ -6,5 +6,6 @@ adduser --system --gid scion -M -s /sbin/nologin # Create configuration directory mkdir /etc/scion/ >& /dev/null || true +mkdir /var/lib/scion/ >& /dev/null || true chown scion:scion /etc/scion/ From 7486aedfb700789544c16445b22c8ac6851c5af6 Mon Sep 17 00:00:00 2001 From: Jean-Christophe Hugly Date: Tue, 8 Oct 2024 12:52:05 +0200 Subject: [PATCH 13/16] Create the group too. --- dist/rpm/scion.postinst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dist/rpm/scion.postinst b/dist/rpm/scion.postinst index 46812962d9..cbdba50244 100644 --- a/dist/rpm/scion.postinst +++ b/dist/rpm/scion.postinst @@ -1,8 +1,9 @@ #!/bin/bash set -e -# Create system user -adduser --system --gid scion -M -s /sbin/nologin +# Create system user/group +groupadd --system -f scion +useradd --system --gid scion -M -s /sbin/nologin # Create configuration directory mkdir /etc/scion/ >& /dev/null || true From e14d25c0a4e2506d17af4f4e05818c865d1c8f8f Mon Sep 17 00:00:00 2001 From: Jean-Christophe Hugly Date: Tue, 8 Oct 2024 13:53:06 +0200 Subject: [PATCH 14/16] useradd needs a user name too. --- dist/rpm/scion.postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist/rpm/scion.postinst b/dist/rpm/scion.postinst index cbdba50244..8d64fde9a5 100644 --- a/dist/rpm/scion.postinst +++ b/dist/rpm/scion.postinst @@ -3,7 +3,7 @@ set -e # Create system user/group groupadd --system -f scion -useradd --system --gid scion -M -s /sbin/nologin +useradd --system --gid scion -M -s /sbin/nologin scion # Create configuration directory mkdir /etc/scion/ >& /dev/null || true From 7df8920aae216092bdee9c19aadab09ed48195e5 Mon Sep 17 00:00:00 2001 From: Jean-Christophe Hugly Date: Tue, 8 Oct 2024 15:09:59 +0200 Subject: [PATCH 15/16] Ignore user creation error (due to redundancy). --- dist/rpm/scion.postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist/rpm/scion.postinst b/dist/rpm/scion.postinst index 8d64fde9a5..1b828f110e 100644 --- a/dist/rpm/scion.postinst +++ b/dist/rpm/scion.postinst @@ -3,7 +3,7 @@ set -e # Create system user/group groupadd --system -f scion -useradd --system --gid scion -M -s /sbin/nologin scion +useradd --system --gid scion -M -s /sbin/nologin scion >& /dev/null || true # Create configuration directory mkdir /etc/scion/ >& /dev/null || true From 549b54bd5c9fe20843e1a08f12328cfbb5d77342 Mon Sep 17 00:00:00 2001 From: Jean-Christophe Hugly Date: Tue, 8 Oct 2024 16:35:14 +0200 Subject: [PATCH 16/16] ... give /var/lib/scion to user scion.scion. --- dist/rpm/scion.postinst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dist/rpm/scion.postinst b/dist/rpm/scion.postinst index 1b828f110e..3dbae88ebb 100644 --- a/dist/rpm/scion.postinst +++ b/dist/rpm/scion.postinst @@ -8,5 +8,6 @@ useradd --system --gid scion -M -s /sbin/nologin scion >& /dev/null || true # Create configuration directory mkdir /etc/scion/ >& /dev/null || true mkdir /var/lib/scion/ >& /dev/null || true -chown scion:scion /etc/scion/ +chown scion:scion /etc/scion/ /var/lib/scion +