#
# SPDX-License-Identifier: AGPL-3.0
-. `dirname "$(readlink -f "$0")"`/run-library.sh || exit 1
-. `dirname "$(readlink -f "$0")"`/libcloud-pin.sh || exit 1
+. "$(dirname "$(readlink -f "$0")")"/run-library.sh || exit 1
read -rd "\000" helpmessage <<EOF
-$(basename $0): Build Arvados packages
+$(basename "$0"): Build Arvados packages
Syntax:
- WORKSPACE=/path/to/arvados $(basename $0) [options]
+ WORKSPACE=/path/to/arvados $(basename "$0") [options]
Options:
--target <target>
Distribution to build packages for (default: debian10)
--only-build <package>
- Build only a specific package (or $ONLY_BUILD from environment)
+ Build only a specific package (or ONLY_BUILD from environment)
--arch <arch>
- Build a specific architecture (or $ARCH from environment, defaults to native architecture)
+ Build a specific architecture (or ARCH from environment, defaults to native architecture)
--force-build
Build even if the package exists upstream or if it has already been
built locally
declare -a PYTHON3_BACKPORTS
-PYTHON3_VERSION=$(python3 -c 'import sys; print("{v.major}.{v.minor}".format(v=sys.version_info))')
-
-## These defaults are suitable for any Debian-based distribution.
-# You can customize them as needed in distro sections below.
-PYTHON3_PACKAGE=python$PYTHON3_VERSION
+PYTHON3_EXECUTABLE=python3
PYTHON3_PKG_PREFIX=python3
PYTHON3_PREFIX=/usr
-PYTHON3_INSTALL_LIB=lib/python$PYTHON3_VERSION/dist-packages
-## End Debian Python defaults.
-
case "$TARGET" in
- debian*)
- FORMAT=deb
+ centos7)
+ FORMAT=rpm
+ # In CentOS 7, libcurl is linked against libnss. pycurl needs to know
+ # that in order to link to it correctly. This environment variable tells
+ # it that.
+ # libcurl is linked against openssl in RH8+ so this should not be
+ # necessary in later versions.
+ export PYCURL_SSL_LIBRARY=nss
;;
- ubuntu*)
+ ubuntu1804)
FORMAT=deb
+ PYTHON3_EXECUTABLE=python3.8
;;
- centos*)
+ centos*|rocky*)
FORMAT=rpm
- PYTHON3_PACKAGE=$(rpm -qf "$(which python$PYTHON3_VERSION)" --queryformat '%{NAME}\n')
- PYTHON3_PKG_PREFIX=$PYTHON3_PACKAGE
- PYTHON3_PREFIX=/usr
- PYTHON3_INSTALL_LIB=lib/python$PYTHON3_VERSION/site-packages
- export PYCURL_SSL_LIBRARY=nss
+ ;;
+ debian*|ubuntu*)
+ FORMAT=deb
;;
*)
echo -e "$0: Unknown target '$TARGET'.\n" >&2
exit 1
;;
esac
+: "${PYTHON3_VERSION:=$("$PYTHON3_EXECUTABLE" -c 'import sys; print("{v.major}.{v.minor}".format(v=sys.version_info))')}"
+case "$FORMAT" in
+ deb)
+ : "${PYTHON3_INSTALL_LIB:=lib/python$PYTHON3_VERSION/dist-packages}"
+ : "${PYTHON3_PACKAGE:=python$PYTHON3_VERSION}"
+ ;;
+ rpm)
+ : "${PYTHON3_INSTALL_LIB:=lib/python$PYTHON3_VERSION/site-packages}"
+ : "${PYTHON3_PACKAGE:=$(rpm -qf "$(command -v "python$PYTHON3_VERSION")" --queryformat '%{NAME}\n')}"
+ ;;
+esac
-
-if ! [[ -n "$WORKSPACE" ]]; then
+if [[ -z "$WORKSPACE" ]]; then
echo >&2 "$helpmessage"
echo >&2
echo >&2 "Error: WORKSPACE environment variable not set"
# Test for fpm
fpm --version >/dev/null 2>&1
-if [[ "$?" != 0 ]]; then
+if [[ $? -ne 0 ]]; then
echo >&2 "$helpmessage"
echo >&2
echo >&2 "Error: fpm not found"
exit 1
fi
-RUN_BUILD_PACKAGES_PATH="`dirname \"$0\"`"
-RUN_BUILD_PACKAGES_PATH="`( cd \"$RUN_BUILD_PACKAGES_PATH\" && pwd )`" # absolutized and normalized
+RUN_BUILD_PACKAGES_PATH="$(dirname "$0")"
+RUN_BUILD_PACKAGES_PATH="$(cd "$RUN_BUILD_PACKAGES_PATH" && pwd)" # absolutized and normalized
if [ -z "$RUN_BUILD_PACKAGES_PATH" ] ; then
# error; for some reason, the path is not accessible
# to the script (e.g. permissions re-evaled after suid)
chmod o+r "$WORKSPACE" -R
# More cleanup - make sure all executables that we'll package are 755
-cd "$WORKSPACE"
-find -type d -name 'bin' |xargs -I {} find {} -type f |xargs -I {} chmod 755 {}
+cd "$WORKSPACE" || exit 1
+find . -type d -name 'bin' -print0 |xargs -0 -I {} find {} -type f -print0 |xargs -0 -I {} chmod 755 {}
# Now fix our umask to something better suited to building and publishing
# gems and packages
umask 0022
-debug_echo "umask is" `umask`
+debug_echo "umask is" "$(umask)"
if [[ ! -d "$WORKSPACE/packages/$TARGET" ]]; then
- mkdir -p $WORKSPACE/packages/$TARGET
+ mkdir -p "$WORKSPACE/packages/$TARGET"
chown --reference="$WORKSPACE" "$WORKSPACE/packages/$TARGET"
fi
-# Perl packages
-debug_echo -e "\nPerl packages\n"
-
-handle_libarvados_perl
+# Required due to CVE-2022-24765
+git config --global --add safe.directory /arvados
# Ruby gems
debug_echo -e "\nRuby gems\n"
FPM_GEM_PREFIX=$($GEM environment gemdir)
-cd "$WORKSPACE/sdk/ruby"
+cd "$WORKSPACE/sdk/ruby" || exit 1
handle_ruby_gem arvados
-cd "$WORKSPACE/sdk/cli"
+cd "$WORKSPACE/sdk/cli" || exit 1
handle_ruby_gem arvados-cli
-cd "$WORKSPACE/services/login-sync"
+cd "$WORKSPACE/services/login-sync" || exit 1
handle_ruby_gem arvados-login-sync
# arvados-src
debug_echo -e "\nGo packages\n"
# Go binaries
-cd $WORKSPACE/packages/$TARGET
-export GOPATH=$(mktemp -d)
+export GOPATH=~/go
package_go_binary cmd/arvados-client arvados-client "$FORMAT" "$ARCH" \
"Arvados command line tool (beta)"
package_go_binary cmd/arvados-server arvados-server "$FORMAT" "$ARCH" \
"Arvados cluster cloud dispatch"
package_go_binary cmd/arvados-server arvados-dispatch-lsf "$FORMAT" "$ARCH" \
"Dispatch Arvados containers to an LSF cluster"
-package_go_binary services/arv-git-httpd arvados-git-httpd "$FORMAT" "$ARCH" \
+package_go_binary cmd/arvados-server arvados-git-httpd "$FORMAT" "$ARCH" \
"Provide authenticated http access to Arvados-hosted git repositories"
package_go_binary services/crunch-dispatch-local crunch-dispatch-local "$FORMAT" "$ARCH" \
"Dispatch Crunch containers on the local system"
-package_go_binary services/crunch-dispatch-slurm crunch-dispatch-slurm "$FORMAT" "$ARCH" \
+package_go_binary cmd/arvados-server crunch-dispatch-slurm "$FORMAT" "$ARCH" \
"Dispatch Crunch containers to a SLURM cluster"
package_go_binary cmd/arvados-server crunch-run "$FORMAT" "$ARCH" \
"Supervise a single Crunch container"
-package_go_binary services/crunchstat crunchstat "$FORMAT" "$ARCH" \
- "Gather cpu/memory/network statistics of running Crunch jobs"
-package_go_binary services/health arvados-health "$FORMAT" "$ARCH" \
+package_go_binary cmd/arvados-server arvados-health "$FORMAT" "$ARCH" \
"Check health of all Arvados cluster services"
-package_go_binary services/keep-balance keep-balance "$FORMAT" "$ARCH" \
+package_go_binary cmd/arvados-server keep-balance "$FORMAT" "$ARCH" \
"Rebalance and garbage-collect data blocks stored in Arvados Keep"
-package_go_binary services/keepproxy keepproxy "$FORMAT" "$ARCH" \
+package_go_binary cmd/arvados-server keepproxy "$FORMAT" "$ARCH" \
"Make a Keep cluster accessible to clients that are not on the LAN"
package_go_binary cmd/arvados-server keepstore "$FORMAT" "$ARCH" \
"Keep storage daemon, accessible to clients on the LAN"
-package_go_binary services/keep-web keep-web "$FORMAT" "$ARCH" \
+package_go_binary cmd/arvados-server keep-web "$FORMAT" "$ARCH" \
"Static web hosting service for user data stored in Arvados Keep"
package_go_binary cmd/arvados-server arvados-ws "$FORMAT" "$ARCH" \
"Arvados Websocket server"
package_go_binary tools/sync-groups arvados-sync-groups "$FORMAT" "$ARCH" \
"Synchronize remote groups into Arvados from an external source"
+package_go_binary tools/sync-users arvados-sync-users "$FORMAT" "$ARCH" \
+ "Synchronize remote users into Arvados from an external source"
package_go_binary tools/keep-block-check keep-block-check "$FORMAT" "$ARCH" \
"Verify that all data from one set of Keep servers to another was copied"
package_go_binary tools/keep-rsync keep-rsync "$FORMAT" "$ARCH" \