Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding the generic_package.sh script file #44

Open
wants to merge 18 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 16 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 57 additions & 0 deletions build-gluster-org/jobs/debian-ubuntu-package.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
- job:
name: debian-package-builder
node: master
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use the label debian10 for this job. We have a machine existing on jenkins https://build.gluster.org/computer/builder-deb10-1.int.rht.gluster.org/

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@deepshikhaaa please validate the liburing-devel support as well.

description: glusterfs package script to build both debian and ubuntu
project-type: freestyle

scm:
- glusterfs

parameters:
- string:
default: v7.0
description: Refspec to "git checkout" as the release code snapshot. Typically
a git annotated tag like "v6.0". Specifying a branch name will use the
current HEAD of that branch.
name: GERRIT_REFSPEC
- string:
default: 7
description: Series number for the package to be built against.
name: SERIES
- string:
default: 0
description: Version number for the package to be built against.
name: VERSION
- string:
default:
description: Release number for the package to be built against.
name: RELEASE
- string:
default: all
description: Use the default "all" or leave it empty to build
it for both Debian and Ubuntu. If a specific distribution is needed,
please name it as "debian" or "ubuntu".
name: OS
- string:
default:
description: Leave it empty to build it for both Debian and Ubuntu.
If a specific distribution is selected above, then mention the
specific flavor here. is needed. Flavors can be named as "xenial" or
numbered as "16.04" for ubuntu. For debian it can named as "bullseye"
or it can be numbered as "11".
name: FLAVOR
- string:
default:
description: The latest series with respect to all the existing series.
name: LATEST_SERIES
- string:
default:
Description: The latest version of latest series.
name: LATEST_VERSION
- string:
default: [email protected],[email protected]
description: Mail addresses to send the announcement of the packages too.
name: ANNOUNCE_EMAIL

builders:
- shell: ../scripts/debian-ubuntu-package.sh
63 changes: 63 additions & 0 deletions build-gluster-org/scripts/debian-ubuntu-package.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
#!/bin/bash

#for both the debian and ubuntu packaging of various versions we have to
#ssh to a particular ubuntu machine and package it using pbuilder.

set -xe

deb_flavors=(stretch buster bullseye)
ub_flavors=(bionic groovy xenial focal hirsute)

while [ $# -eq 5 ]
do
echo "building everything"
echo "packing debian distribution"
for i in ${!deb_flavors[@]}; do
${WORKSPACE}/build-gluster-org/scripts/generic_package.sh debian ${deb_flavors[$i]} $SERIES $VERSION $RELEASE $LATEST_SERIES $LATEST_VERSION
done

echo "packing ubuntu distribution"
for i in ${!ub_flavors[@]}; do
${WORKSPACE}/build-gluster-org/scripts/generic_package.sh debian ${ub_flavors[$i]} $SERIES $VERSION $RELEASE $LATEST_SERIES $LATEST_VERSION
done
done

while [ $# -gt 5 ]
do
if [ "$OS" == "all" ]; then
echo "packing all distribution"
echo "packing debian distribution"
flavors=(stretch buster bullseye)
for i in ${!deb_flavors[@]}; do
${WORKSPACE}/build-gluster-org/scripts/generic_package.sh debian ${deb_flavors[$i]} $SERIES $VERSION $RELEASE $LATEST_SERIES $LATEST_VERSION
done

echo "packing ubuntu distribution"
flavors=(bionic groovy xenial focal hirsute)
for i in ${!ub_flavors[@]}; do
${WORKSPACE}/build-gluster-org/scripts/generic_package.sh debian ${ub_flavors[$i]} $SERIES $VERSION $RELEASE $LATEST_SERIES $LATEST_VERSION
done

elif [ "$OS" == "debian" ]; then
echo "packing debian alone"
case $FLAVOR in
"stretch" | "9" | "buster" | "10" | "bullseye" | "11")
echo "packing debian ${FLAVOR} alone"
${WORKSPACE}/build-gluster-org/scripts/generic_package.sh $OS $FLAVOR $SERIES $VERSION $RELEASE $LATEST_SERIES $LATEST_VERSION
;;
esac

elif [ "$OS" == "ubuntu" ]; then
echo "packing ubuntu alone"
case $FLAVOR in
"xenial" | "16.04" | "bionic" | "18.04" | "eoan" | "19.10" | "focal" | "Focal Fossa" | "20.04" | "hirsute" | "21.04" | "hirsute hippo")
echo "packing ubuntu ${FLAVOR} alone"
${WORKSPACE}/build-gluster-org/scripts/generic_package.sh $OS $FLAVOR $SERIES $VERSION $RELEASE $LATEST_SERIES $LATEST_VERSION
;;
esac
fi
done

RET=$?

exit $RET
170 changes: 170 additions & 0 deletions build-gluster-org/scripts/generic_package.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,170 @@
#!/bin/bash

#immediately exit if any command has a non-zero exit status
set -euxo pipefail

#enable debugging
set -x

#cleanup
trap finish EXIT
trap finish SIGQUIT
function finish {
# cleanup code
echo "removing the chroot"
sudo rm -rf /var/cache/pbuilder/base.tgz

#removing folders created while packaging
rm -rf ~/${os}-${flavor}-Glusterfs-${version}

#clean pool/* dists/* db/*
dpath='/var/www/repos/apt/debian/'
rm -rf ${dpath}/pool/* ${dpath}/dists/* ${dpath}/db/*

}

################################################################################################
#OS (e.g. Ubuntu/Debian)
#Series (e.g. 4.1)
#Version (e.g. 4.1.0)
#Release (e.g. 1)
#Flavor(e.g. Ubuntu - xenial/bionic/eoan/focal/groovy, Debian - buster/stretch/bullseye)

# to run use: 'bash -x generic_package.sh debian stretch 6 4.1.0 1'

#Key generation: https://help.ubuntu.com/community/GnuPrivacyGuardHowto#Generating_an_OpenPGP_Key
#Addditional info: sending of pubkey to a keyserv is been done using the MIT keyserv
#################################################################################################
os=$1
flavor=$2
series=$3
version=$4
release=$5
latest_series=$6
latest_version=$7

#Keys required in debian builds
declare -a debuild_keys
debuild_keys="F9C958A3AEE0D2184FAD1CBD43607F0DC2F8238C"

declare -a pbuild_keys
pbuild_keys="BF11C87C"

# Check for OS(Ubuntu or Debian)
if [ "$os" == "ubuntu" ]; then
mirror="http://ubuntu.osuosl.org/ubuntu/"
debuild_key=4F5B5CA5
elif [ "$os" == "debian" ]; then
mirror="http://ftp.us.debian.org/debian/"
if [ "$flavor" == "stretch" ]; then
debuild_key=${pbuild_keys}
else
debuild_key=${debuild_keys}
fi
pbuild_key=${pbuild_keys}
else
echo "Exiting: OS should be debian or ubuntu. Please provide the right one"
exit
fi

mkdir ${WORKSPACE}/build-gluster-org/${os}-${flavor}-Glusterfs-${version}

cd ${WORKSPACE}/build-gluster-org/${os}-${flavor}-Glusterfs-${version}

mkdir build packages

echo "Building glusterfs-${version}-${release} for ${flavor}"

cd build

TGZS=(`ls ${WORKSPACE}/build-gluster-org/glusterfs-${version}-?-*/build/glusterfs-${version}.tar.gz`)
echo ${TGZS[0]}

if [ -z ${TGZS[0]} ]; then
echo "wget https://download.gluster.org/pub/gluster/glusterfs/${series}/${version}/glusterfs-${version}.tar.gz"
wget https://download.gluster.org/pub/gluster/glusterfs/${series}/${version}/glusterfs-${version}.tar.gz
else
echo "found ${TGZS[0]}, using it..."
cp ${TGZS[0]} .
fi

echo "Creating link file.."
ln -s glusterfs-${version}.tar.gz glusterfs_${version}.orig.tar.gz

echo "Untaring.."
tar xpf glusterfs-${version}.tar.gz

# Changelogs needed for building are maintained in a separate repo.
# the repo has to be clone and updated properly so we can copy the changelogs so far.

echo "Cloning the glusterfs-debian repo"
git clone ssh://github.com/gluster/glusterfs-debian.git

cd glusterfs-debian/

git checkout -b ${flavor}-${series}-local origin/${flavor}-glusterfs-${series}

if [ "$os" == "ubuntu" ]; then
dch --distribution ${flavor} -u medium -v ${version}-${os}1~${flavor}1 "GlusterFS ${version} GA"
elif [ "$os" == "debian" ]; then
dch --distribution ${flavor} -u low -v (${version}-1 ${flavor}) "GlusterFS ${version} GA"
fi

git commit -a -m "Glusterfs ${version} G.A (${flavor})"

echo "Copying Changelog to source"
cp -a debian ../glusterfs-${version}/

echo "Building source package.."
cd ../glusterfs-${version}
debuild -S -sa -k${debuild_key}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where would the signing key stored ? (since -k requires that)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

debuild_key variable contains the key.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasn't clear on my question. From what I understand, -k is the key identifier. But the actual private key is somewhere else (I think in ~/.gnupg), and so we need to discuss how that part is going to be managed.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we are initialising the values for debuild keys in https://github.com/gluster/build-jobs/pull/44/files/b32e0625d90b8c89432e753aab502d5e72b64b46#diff-02d2c32f5282eea2a7412f831420ae8c2f55ce0ed17671f6878e110c258b2e6bR29

The key creation is something we have maintained in a particular machine, whose access is not given to wider audience.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then, where is that machine ?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Page does not exist :/

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.


echo "Uploading the packages.."
if [ "$os" == "ubuntu" ]; then
cd ..
dput ppa:gluster/glusterfs-${series} glusterfs_${version}-${os}1~${flavor}1_source.changes
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it requires some authentication ? I do not see how it is done.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, AIFIK. @kalebskeithley any more insights?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, if could be without authentication, but then, we need some kind of signature, cause I do not think anyone can push debian package for us, no ?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, we would need to follow https://help.launchpad.net/Packaging/PPA/Uploading to get required authentiacation

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The documentation do not tell much, but if that use ssh, then we need to have the key available to the builder, which is not declared in the job yaml file. There is example here: https://github.com/gluster/build-jobs/blob/master/build-gluster-org/jobs/centos7-regression.yml#L64 for adding a credential

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The OpenPGP keys are used for signing as described here
The above link also shows how a new key can be created and added to launcpad account.

$ gpg --list-keys on the machine rhs-vm-17.storage-dev.lab.eng.bos.redhat.com under the user glusterpackager, shows the already existing keys. (documented the same in the mojo doc draft: let me know if any more information is needed to be documented)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But that's a internal VM, and Jenkins is hosted outside of the lan. I may miss something obvious, but Jenkins can't connect to that server, and I think Product Security would strongly dislike that a external server (build.gluster.org) is able to remotely execute any code on a internal system ( rhs-vm-17.storage-dev.lab.eng.bos.redhat.com ).

So we need to have the key as secret in the job, and store that in Jenkins. We can't use RH internal system.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, we can store the key as secret in the job. We can add it in jenkins machine, I can help in getting it from rhs-vm-17.storage-dev.lab.eng.bos.redhat.com


echo "Done"
exit
Shwetha-Acharya marked this conversation as resolved.
Show resolved Hide resolved
fi

# we are using the same builder machine to build so we are running the "pbuilder
# create" everytime to create the chroot according to the os and flavor we want to build.
echo "creating chroot for ${os} ${flavor}"
sudo pbuilder create --distribution ${flavor} --mirror ${mirror} --debootstrapopts --keyring=/usr/share/keyrings/${os}-archive-keyring.gpg

echo "Building glusterfs-${version} for ${os} ${flavor} using the chroot and .dsc we created"

# have to use the .dsc file inside the ${os}${flavor} folder
sudo pbuilder build ~/${os}-${flavor}-Glusterfs-${version}/build/glusterfs_${version}-${release}.dsc | tee build.log

#move the packages to packages directory.
mv /var/cache/pbuilder/result/glusterfs*${version}-${release}*.deb ~/${os}-${flavor}-Glusterfs-${version}/packages/
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure jenkins used can erase file in /var/cache , so mv would fail.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kalebskeithley Any suggestions on this?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it can safely replaced by "cp", at least.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems to still be mv :/

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But these files should be removed to avoid eventual filling up of space, How is such case handled generally with jenkins? @mscherer


if [ "$flavor" != "stretch" ]; then
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, why is stretch special here ?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is because /var/cache/pbuilder/result/libg*${version}-${release}*.deb are not created only in stretch. In buster and bullseye, they will be created

mv /var/cache/pbuilder/result/libg*${version}-${release}*.deb ~/${os}-${flavor}-Glusterfs-${version}/packages/
fi
/usr/share/debdelta/dpkg-sig -v -k ${pbuild_key} --sign builder ~/${os}-${flavor}-Glusterfs-${version}/packages/glusterfs-*${version}-${release}*.deb

cp ~/conf.distributions/${series} conf/distributions
Shwetha-Acharya marked this conversation as resolved.
Show resolved Hide resolved

# distribute Debian packages using apt
for i in ${WORKSPACE}/build-gluster-org/${os}-${flavor}-Glusterfs-${version}/packages/glusterfs-*${version}-${release}*; do reprepro includedeb $flavor $i; done
if [ "$flavor" != "stretch" ]; then
for i in ${WORKSPACE}/build-gluster-org/${os}-${flavor}-Glusterfs-${version}/packages/libg*${version}-${release}*.deb; do reprepro includedeb $flavor $i; done
fi
reprepro includedsc ${flavor} ~/${os}-${flavor}-Glusterfs-${version}/build/glusterfs_${version}-${release}.dsc

tar czf ${WORKSPACE}/build-gluster-org/${os}-${flavor}-Glusterfs-${version}/${flavor}-apt-amd64-${version}.tgz pool/ dists/

echo "Pushing Changelog changes.."
git push origin ${flavor}-${series}-local:${flavor}-glusterfs-${series}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not going to work if the clone is done over HTTP

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addressed

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am sorry, but I still see https for the clone. I was not precise enough, I want to point that we can't push over http, including https. And if we need to push a new changelog, we need a ssh key.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clone is now changed to ssh


cd ${WORKSPACE}/build-gluster-org/${os}-${flavor}-Glusterfs-${version}

#copy the tar.gz file produced by the build to download.rht.gluster.org:/var/www/scratch
scp $flavor-apt-amd64-$version.tgz [email protected]:/var/www/scratch

ssh [email protected] /var/www/html/pub/gluster/unpacking-script.sh $series $version $os $flavor $latest_version $latest_series
cd ${WORKSPACE}/build-gluster-org/scripts
echo "Done."