#
# SPDX-License-Identifier: AGPL-3.0
-. `dirname "$(readlink -f "$0")"`/run-library.sh || exit 1
-. `dirname "$(readlink -f "$0")"`/libcloud-pin.sh || exit 1
+. "$(dirname "$(readlink -f "$0")")"/run-library.sh || exit 1
read -rd "\000" helpmessage <<EOF
-$(basename $0): Build Arvados packages
+$(basename "$0"): Build Arvados packages
Syntax:
- WORKSPACE=/path/to/arvados $(basename $0) [options]
+ WORKSPACE=/path/to/arvados $(basename "$0") --target <target> [options]
Options:
--build-bundle-packages (default: false)
- Build api server and workbench packages with vendor/bundle included
+ Build api server package with vendor/bundle included
--debug
Output debug information (default: false)
--target <target>
- Distribution to build packages for (default: debian10)
+ Distribution to build packages for
--only-build <package>
- Build only a specific package (or $ONLY_BUILD from environment)
+ Build only a specific package (or ONLY_BUILD from environment)
--arch <arch>
- Build a specific architecture (or $ARCH from environment, defaults to native architecture)
+ Build a specific architecture (or ARCH from environment, defaults to native architecture)
--force-build
Build even if the package exists upstream or if it has already been
built locally
DEBUG=${ARVADOS_DEBUG:-0}
FORCE_BUILD=${FORCE_BUILD:-0}
EXITCODE=0
-TARGET=debian10
COMMAND=
+TARGET=
PARSEDOPTS=$(getopt --name "$0" --longoptions \
help,build-bundle-packages,debug,target:,only-build:,arch:,force-build \
shift
done
+if [[ -z "$TARGET" ]]; then
+ echo "FATAL: --target must be specified" >&2
+ exit 2
+elif [[ ! -d "$WORKSPACE/build/package-build-dockerfiles/$TARGET" ]]; then
+ echo "FATAL: unknown build target '$TARGET'" >&2
+ exit 2
+fi
+
if [[ "$COMMAND" != "" ]]; then
- COMMAND="/usr/local/rvm/bin/rvm-exec default bash /jenkins/$COMMAND --target $TARGET"
+ COMMAND="bash /jenkins/$COMMAND --target $TARGET"
fi
STDOUT_IF_DEBUG=/dev/null
DASHQ_UNLESS_DEBUG=
fi
-declare -a PYTHON3_BACKPORTS
-
-PYTHON3_VERSION=$(python3 -c 'import sys; print("{v.major}.{v.minor}".format(v=sys.version_info))')
-
-## These defaults are suitable for any Debian-based distribution.
-# You can customize them as needed in distro sections below.
-PYTHON3_PACKAGE=python$PYTHON3_VERSION
+# The next section defines a bunch of constants used to build distro packages
+# for our Python tools. Because those packages include C extensions, they need
+# to depend on and refer to a specific minor version of Python 3. The logic
+# below should Just Work for most cases, but you can override variables for a
+# specific distro if you need to to do something weird.
+# * PYTHON3_VERSION: The major+minor version of Python we build against
+# (e.g., "3.11")
+# * PYTHON3_EXECUTABLE: The command to run that version of Python,
+# either a full path or something in $PATH (e.g., "python3.11")
+# * PYTHON3_PACKAGE: The name of the distro package that provides
+# $PYTHON3_EXECUTABLE. Our Python packages will all depend on this.
+# * PYTHON3_PKG_PREFIX: The prefix used in the names of all of our Python
+# packages. This should match distro convention.
PYTHON3_PKG_PREFIX=python3
-PYTHON3_PREFIX=/usr
-PYTHON3_INSTALL_LIB=lib/python$PYTHON3_VERSION/dist-packages
-## End Debian Python defaults.
-
case "$TARGET" in
- debian*)
- FORMAT=deb
+ centos*|rocky*)
+ FORMAT=rpm
;;
- ubuntu*)
+ debian*|ubuntu*)
FORMAT=deb
;;
- centos*)
- FORMAT=rpm
- PYTHON3_PACKAGE=$(rpm -qf "$(which python$PYTHON3_VERSION)" --queryformat '%{NAME}\n')
- PYTHON3_PKG_PREFIX=$PYTHON3_PACKAGE
- PYTHON3_PREFIX=/usr
- PYTHON3_INSTALL_LIB=lib/python$PYTHON3_VERSION/site-packages
- export PYCURL_SSL_LIBRARY=nss
- ;;
*)
echo -e "$0: Unknown target '$TARGET'.\n" >&2
exit 1
;;
esac
+: "${PYTHON3_VERSION:=$("${PYTHON3_EXECUTABLE:-python3}" -c 'import sys; print("{v.major}.{v.minor}".format(v=sys.version_info))')}"
+: "${PYTHON3_EXECUTABLE:=python$PYTHON3_VERSION}"
+case "$FORMAT" in
+ deb)
+ : "${PYTHON3_PACKAGE:=python$PYTHON3_VERSION}"
+ ;;
+ rpm)
+ : "${PYTHON3_PACKAGE:=$(rpm -qf "$(command -v "$PYTHON3_EXECUTABLE")" --queryformat '%{NAME}\n')}"
+ ;;
+esac
-
-if ! [[ -n "$WORKSPACE" ]]; then
+if [[ -z "$WORKSPACE" ]]; then
echo >&2 "$helpmessage"
echo >&2
echo >&2 "Error: WORKSPACE environment variable not set"
# Test for fpm
fpm --version >/dev/null 2>&1
-if [[ "$?" != 0 ]]; then
+if [[ $? -ne 0 ]]; then
echo >&2 "$helpmessage"
echo >&2
echo >&2 "Error: fpm not found"
exit 1
fi
-RUN_BUILD_PACKAGES_PATH="`dirname \"$0\"`"
-RUN_BUILD_PACKAGES_PATH="`( cd \"$RUN_BUILD_PACKAGES_PATH\" && pwd )`" # absolutized and normalized
+RUN_BUILD_PACKAGES_PATH="$(dirname "$0")"
+RUN_BUILD_PACKAGES_PATH="$(cd "$RUN_BUILD_PACKAGES_PATH" && pwd)" # absolutized and normalized
if [ -z "$RUN_BUILD_PACKAGES_PATH" ] ; then
# error; for some reason, the path is not accessible
# to the script (e.g. permissions re-evaled after suid)
debug_echo "$0 is running from $RUN_BUILD_PACKAGES_PATH"
debug_echo "Workspace is $WORKSPACE"
-if [[ -f /etc/profile.d/rvm.sh ]]; then
- source /etc/profile.d/rvm.sh
- GEM="rvm-exec default gem"
-else
- GEM=gem
-fi
-
# Make all files world-readable -- jenkins runs with umask 027, and has checked
# out our git tree here
chmod o+r "$WORKSPACE" -R
# More cleanup - make sure all executables that we'll package are 755
-cd "$WORKSPACE"
-find -type d -name 'bin' |xargs -I {} find {} -type f |xargs -I {} chmod 755 {}
+cd "$WORKSPACE" || exit 1
+find . -type d -name 'bin' -print0 |xargs -0 -I {} find {} -type f -print0 |xargs -0 -I {} chmod 755 {}
# Now fix our umask to something better suited to building and publishing
# gems and packages
umask 0022
-debug_echo "umask is" `umask`
+debug_echo "umask is" "$(umask)"
if [[ ! -d "$WORKSPACE/packages/$TARGET" ]]; then
- mkdir -p $WORKSPACE/packages/$TARGET
+ mkdir -p "$WORKSPACE/packages/$TARGET"
chown --reference="$WORKSPACE" "$WORKSPACE/packages/$TARGET"
fi
-# Perl packages
-debug_echo -e "\nPerl packages\n"
-
-handle_libarvados_perl
+# Required due to CVE-2022-24765
+git config --global --add safe.directory /arvados
# Ruby gems
debug_echo -e "\nRuby gems\n"
-FPM_GEM_PREFIX=$($GEM environment gemdir)
+FPM_GEM_PREFIX=$(gem environment gemdir)
-cd "$WORKSPACE/sdk/ruby"
+cd "$WORKSPACE/sdk/ruby" || exit 1
handle_ruby_gem arvados
-cd "$WORKSPACE/sdk/cli"
+cd "$WORKSPACE/sdk/cli" || exit 1
handle_ruby_gem arvados-cli
-cd "$WORKSPACE/services/login-sync"
+cd "$WORKSPACE/services/login-sync" || exit 1
handle_ruby_gem arvados-login-sync
# arvados-src
debug_echo -e "\nGo packages\n"
# Go binaries
-cd $WORKSPACE/packages/$TARGET
export GOPATH=~/go
package_go_binary cmd/arvados-client arvados-client "$FORMAT" "$ARCH" \
"Arvados command line tool (beta)"
"Arvados cluster cloud dispatch"
package_go_binary cmd/arvados-server arvados-dispatch-lsf "$FORMAT" "$ARCH" \
"Dispatch Arvados containers to an LSF cluster"
-package_go_binary services/arv-git-httpd arvados-git-httpd "$FORMAT" "$ARCH" \
- "Provide authenticated http access to Arvados-hosted git repositories"
package_go_binary services/crunch-dispatch-local crunch-dispatch-local "$FORMAT" "$ARCH" \
"Dispatch Crunch containers on the local system"
-package_go_binary services/crunch-dispatch-slurm crunch-dispatch-slurm "$FORMAT" "$ARCH" \
+package_go_binary cmd/arvados-server crunch-dispatch-slurm "$FORMAT" "$ARCH" \
"Dispatch Crunch containers to a SLURM cluster"
package_go_binary cmd/arvados-server crunch-run "$FORMAT" "$ARCH" \
"Supervise a single Crunch container"
-package_go_binary services/crunchstat crunchstat "$FORMAT" "$ARCH" \
- "Gather cpu/memory/network statistics of running Crunch jobs"
-package_go_binary services/health arvados-health "$FORMAT" "$ARCH" \
+package_go_binary cmd/arvados-server arvados-health "$FORMAT" "$ARCH" \
"Check health of all Arvados cluster services"
-package_go_binary services/keep-balance keep-balance "$FORMAT" "$ARCH" \
+package_go_binary cmd/arvados-server keep-balance "$FORMAT" "$ARCH" \
"Rebalance and garbage-collect data blocks stored in Arvados Keep"
-package_go_binary services/keepproxy keepproxy "$FORMAT" "$ARCH" \
+package_go_binary cmd/arvados-server keepproxy "$FORMAT" "$ARCH" \
"Make a Keep cluster accessible to clients that are not on the LAN"
package_go_binary cmd/arvados-server keepstore "$FORMAT" "$ARCH" \
"Keep storage daemon, accessible to clients on the LAN"
-package_go_binary services/keep-web keep-web "$FORMAT" "$ARCH" \
+package_go_binary cmd/arvados-server keep-web "$FORMAT" "$ARCH" \
"Static web hosting service for user data stored in Arvados Keep"
package_go_binary cmd/arvados-server arvados-ws "$FORMAT" "$ARCH" \
"Arvados Websocket server"
package_go_binary tools/sync-groups arvados-sync-groups "$FORMAT" "$ARCH" \
"Synchronize remote groups into Arvados from an external source"
+package_go_binary tools/sync-users arvados-sync-users "$FORMAT" "$ARCH" \
+ "Synchronize remote users into Arvados from an external source"
package_go_binary tools/keep-block-check keep-block-check "$FORMAT" "$ARCH" \
"Verify that all data from one set of Keep servers to another was copied"
package_go_binary tools/keep-rsync keep-rsync "$FORMAT" "$ARCH" \
# Python packages
debug_echo -e "\nPython packages\n"
-# The Python SDK - Python3 package
+# Before a Python package can be built, its dependencies must already be built.
+# This list is ordered accordingly.
+setup_build_virtualenv
fpm_build_virtualenv "arvados-python-client" "sdk/python" "$FORMAT" "$ARCH"
-
-# Arvados cwl runner - Python3 package
-fpm_build_virtualenv "arvados-cwl-runner" "sdk/cwl" "$FORMAT" "$ARCH"
-
-# The FUSE driver - Python3 package
-fpm_build_virtualenv "arvados-fuse" "services/fuse" "$FORMAT" "$ARCH"
-
-# The Arvados crunchstat-summary tool
fpm_build_virtualenv "crunchstat-summary" "tools/crunchstat-summary" "$FORMAT" "$ARCH"
-
-# The Docker image cleaner
+fpm_build_virtualenv "arvados-cwl-runner" "sdk/cwl" "$FORMAT" "$ARCH"
fpm_build_virtualenv "arvados-docker-cleaner" "services/dockercleaner" "$FORMAT" "$ARCH"
-
-# The Arvados user activity tool
+fpm_build_virtualenv "arvados-fuse" "services/fuse" "$FORMAT" "$ARCH"
fpm_build_virtualenv "arvados-user-activity" "tools/user-activity" "$FORMAT" "$ARCH"
-# The python->python3 metapackages
-build_metapackage "arvados-fuse" "services/fuse"
-build_metapackage "arvados-python-client" "services/fuse"
-build_metapackage "arvados-cwl-runner" "sdk/cwl"
-build_metapackage "crunchstat-summary" "tools/crunchstat-summary"
-build_metapackage "arvados-docker-cleaner" "services/dockercleaner"
-build_metapackage "arvados-user-activity" "tools/user-activity"
-
-# The cwltest package, which lives out of tree
-handle_cwltest "$FORMAT" "$ARCH"
+# Workbench2
+package_workbench2
# Rails packages
debug_echo -e "\nRails packages\n"
# The rails api server package
handle_api_server "$ARCH"
-# The rails workbench package
-handle_workbench "$ARCH"
# clean up temporary GOPATH
rm -rf "$GOPATH"
projects / arvados.git / blobdiff