#
# SPDX-License-Identifier: AGPL-3.0
-. `dirname "$(readlink -f "$0")"`/run-library.sh
-. `dirname "$(readlink -f "$0")"`/libcloud-pin.sh
+. "$(dirname "$(readlink -f "$0")")"/run-library.sh || exit 1
read -rd "\000" helpmessage <<EOF
-$(basename $0): Build Arvados packages
+$(basename "$0"): Build Arvados packages
Syntax:
- WORKSPACE=/path/to/arvados $(basename $0) [options]
+ WORKSPACE=/path/to/arvados $(basename "$0") [options]
Options:
--debug
Output debug information (default: false)
--target <target>
- Distribution to build packages for (default: debian9)
+ Distribution to build packages for (default: debian10)
--only-build <package>
- Build only a specific package (or $ONLY_BUILD from environment)
+ Build only a specific package (or ONLY_BUILD from environment)
+--arch <arch>
+ Build a specific architecture (or ARCH from environment, defaults to native architecture)
+--force-build
+ Build even if the package exists upstream or if it has already been
+ built locally
--command
Build command to execute (defaults to the run command defined in the
Docker image)
# set to --no-cache-dir to disable pip caching
CACHE_FLAG=
-MAINTAINER="Ward Vandewege <wvandewege@veritasgenetics.com>"
-VENDOR="Veritas Genetics, Inc."
+MAINTAINER="Arvados Package Maintainers <packaging@arvados.org>"
+VENDOR="The Arvados Project"
# End of user configuration
DEBUG=${ARVADOS_DEBUG:-0}
+FORCE_BUILD=${FORCE_BUILD:-0}
EXITCODE=0
-TARGET=debian9
+TARGET=debian10
COMMAND=
PARSEDOPTS=$(getopt --name "$0" --longoptions \
- help,build-bundle-packages,debug,target:,only-build: \
+ help,build-bundle-packages,debug,target:,only-build:,arch:,force-build \
-- "" "$@")
if [ $? -ne 0 ]; then
exit 1
--only-build)
ONLY_BUILD="$2"; shift
;;
+ --force-build)
+ FORCE_BUILD=1
+ ;;
+ --arch)
+ ARCH="$2"; shift
+ ;;
--debug)
DEBUG=1
;;
DASHQ_UNLESS_DEBUG=
fi
-declare -a PYTHON_BACKPORTS PYTHON3_BACKPORTS
+declare -a PYTHON3_BACKPORTS
-PYTHON2_VERSION=2.7
-PYTHON3_VERSION=$(python3 -c 'import sys; print("{v.major}.{v.minor}".format(v=sys.version_info))')
+PYTHON3_EXECUTABLE=python3
+PYTHON3_VERSION=$($PYTHON3_EXECUTABLE -c 'import sys; print("{v.major}.{v.minor}".format(v=sys.version_info))')
## These defaults are suitable for any Debian-based distribution.
# You can customize them as needed in distro sections below.
-PYTHON2_PACKAGE=python$PYTHON2_VERSION
-PYTHON2_PKG_PREFIX=python
-PYTHON2_PREFIX=/usr
-PYTHON2_INSTALL_LIB=lib/python$PYTHON2_VERSION/dist-packages
-
PYTHON3_PACKAGE=python$PYTHON3_VERSION
PYTHON3_PKG_PREFIX=python3
PYTHON3_PREFIX=/usr
debian*)
FORMAT=deb
;;
+ ubuntu1804)
+ FORMAT=deb
+ PYTHON3_EXECUTABLE=python3.8
+ PYTHON3_VERSION=$($PYTHON3_EXECUTABLE -c 'import sys; print("{v.major}.{v.minor}".format(v=sys.version_info))')
+ PYTHON3_PACKAGE=python$PYTHON3_VERSION
+ PYTHON3_INSTALL_LIB=lib/python$PYTHON3_VERSION/dist-packages
+ ;;
ubuntu*)
FORMAT=deb
;;
centos*)
FORMAT=rpm
- PYTHON2_PACKAGE=$(rpm -qf "$(which python$PYTHON2_VERSION)" --queryformat '%{NAME}\n')
- PYTHON2_PKG_PREFIX=$PYTHON2_PACKAGE
- PYTHON2_INSTALL_LIB=lib/python$PYTHON2_VERSION/site-packages
- PYTHON3_PACKAGE=$(rpm -qf "$(which python$PYTHON3_VERSION)" --queryformat '%{NAME}\n')
+ PYTHON3_PACKAGE=$(rpm -qf "$(which python"$PYTHON3_VERSION")" --queryformat '%{NAME}\n')
PYTHON3_PKG_PREFIX=$PYTHON3_PACKAGE
- PYTHON3_PREFIX=/opt/rh/rh-python35/root/usr
+ PYTHON3_PREFIX=/usr
PYTHON3_INSTALL_LIB=lib/python$PYTHON3_VERSION/site-packages
export PYCURL_SSL_LIBRARY=nss
;;
esac
-if ! [[ -n "$WORKSPACE" ]]; then
+if [[ -z "$WORKSPACE" ]]; then
echo >&2 "$helpmessage"
echo >&2
echo >&2 "Error: WORKSPACE environment variable not set"
# Test for fpm
fpm --version >/dev/null 2>&1
-if [[ "$?" != 0 ]]; then
+if [[ $? -ne 0 ]]; then
echo >&2 "$helpmessage"
echo >&2
echo >&2 "Error: fpm not found"
exit 1
fi
-PYTHON2_FPM_INSTALLER=(--python-easyinstall "$(find_python_program easy_install-$PYTHON2_VERSION easy_install)")
-install3=$(find_python_program easy_install-$PYTHON3_VERSION easy_install3 pip-$PYTHON3_VERSION pip3)
-if [[ $install3 =~ easy_ ]]; then
- PYTHON3_FPM_INSTALLER=(--python-easyinstall "$install3")
-else
- PYTHON3_FPM_INSTALLER=(--python-pip "$install3")
-fi
-
-RUN_BUILD_PACKAGES_PATH="`dirname \"$0\"`"
-RUN_BUILD_PACKAGES_PATH="`( cd \"$RUN_BUILD_PACKAGES_PATH\" && pwd )`" # absolutized and normalized
+RUN_BUILD_PACKAGES_PATH="$(dirname "$0")"
+RUN_BUILD_PACKAGES_PATH="$(cd "$RUN_BUILD_PACKAGES_PATH" && pwd)" # absolutized and normalized
if [ -z "$RUN_BUILD_PACKAGES_PATH" ] ; then
# error; for some reason, the path is not accessible
# to the script (e.g. permissions re-evaled after suid)
chmod o+r "$WORKSPACE" -R
# More cleanup - make sure all executables that we'll package are 755
-cd "$WORKSPACE"
-find -type d -name 'bin' |xargs -I {} find {} -type f |xargs -I {} chmod 755 {}
+cd "$WORKSPACE" || exit 1
+find . -type d -name 'bin' -print0 |xargs -0 -I {} find {} -type f -print0 |xargs -0 -I {} chmod 755 {}
# Now fix our umask to something better suited to building and publishing
# gems and packages
umask 0022
-debug_echo "umask is" `umask`
+debug_echo "umask is" "$(umask)"
if [[ ! -d "$WORKSPACE/packages/$TARGET" ]]; then
- mkdir -p $WORKSPACE/packages/$TARGET
+ mkdir -p "$WORKSPACE/packages/$TARGET"
chown --reference="$WORKSPACE" "$WORKSPACE/packages/$TARGET"
fi
-# Perl packages
-debug_echo -e "\nPerl packages\n"
-
-if [[ -z "$ONLY_BUILD" ]] || [[ "libarvados-perl" = "$ONLY_BUILD" ]] ; then
- cd "$WORKSPACE/sdk/perl"
- libarvados_perl_version="$(version_from_git)"
-
- cd $WORKSPACE/packages/$TARGET
- test_package_presence libarvados-perl "$libarvados_perl_version"
-
- if [[ "$?" == "0" ]]; then
- cd "$WORKSPACE/sdk/perl"
-
- if [[ -e Makefile ]]; then
- make realclean >"$STDOUT_IF_DEBUG"
- fi
- find -maxdepth 1 \( -name 'MANIFEST*' -or -name "libarvados-perl*.$FORMAT" \) \
- -delete
- rm -rf install
-
- perl Makefile.PL INSTALL_BASE=install >"$STDOUT_IF_DEBUG" && \
- make install INSTALLDIRS=perl >"$STDOUT_IF_DEBUG" && \
- fpm_build install/lib/=/usr/share libarvados-perl \
- dir "$(version_from_git)" install/man/=/usr/share/man \
- "$WORKSPACE/apache-2.0.txt=/usr/share/doc/libarvados-perl/apache-2.0.txt" && \
- mv --no-clobber libarvados-perl*.$FORMAT "$WORKSPACE/packages/$TARGET/"
- fi
-fi
+# Required due to CVE-2022-24765
+git config --global --add safe.directory /arvados
# Ruby gems
debug_echo -e "\nRuby gems\n"
FPM_GEM_PREFIX=$($GEM environment gemdir)
-cd "$WORKSPACE/sdk/ruby"
+cd "$WORKSPACE/sdk/ruby" || exit 1
handle_ruby_gem arvados
-cd "$WORKSPACE/sdk/cli"
+cd "$WORKSPACE/sdk/cli" || exit 1
handle_ruby_gem arvados-cli
-cd "$WORKSPACE/services/login-sync"
+cd "$WORKSPACE/services/login-sync" || exit 1
handle_ruby_gem arvados-login-sync
-# Python packages
-debug_echo -e "\nPython packages\n"
-
# arvados-src
-(
- cd "$WORKSPACE"
- COMMIT_HASH=$(format_last_commit_here "%H")
- arvados_src_version="$(version_from_git)"
-
- cd $WORKSPACE/packages/$TARGET
- test_package_presence arvados-src $arvados_src_version src ""
-
- if [[ "$?" == "0" ]]; then
- cd "$WORKSPACE"
- SRC_BUILD_DIR=$(mktemp -d)
- # mktemp creates the directory with 0700 permissions by default
- chmod 755 $SRC_BUILD_DIR
- git clone $DASHQ_UNLESS_DEBUG "$WORKSPACE/.git" "$SRC_BUILD_DIR"
- cd "$SRC_BUILD_DIR"
-
- # go into detached-head state
- git checkout $DASHQ_UNLESS_DEBUG "$COMMIT_HASH"
- echo "$COMMIT_HASH" >git-commit.version
-
- cd "$SRC_BUILD_DIR"
- PKG_VERSION=$(version_from_git)
- cd $WORKSPACE/packages/$TARGET
- fpm_build $SRC_BUILD_DIR/=/usr/local/arvados/src arvados-src 'dir' "$PKG_VERSION" "--exclude=usr/local/arvados/src/.git" "--url=https://arvados.org" "--license=GNU Affero General Public License, version 3.0" "--description=The Arvados source code" "--architecture=all"
-
- rm -rf "$SRC_BUILD_DIR"
- fi
-)
+handle_arvados_src
+
+# Go packages
+debug_echo -e "\nGo packages\n"
# Go binaries
-cd $WORKSPACE/packages/$TARGET
-export GOPATH=$(mktemp -d)
-go get github.com/kardianos/govendor
-package_go_binary cmd/arvados-client arvados-client \
+export GOPATH=~/go
+package_go_binary cmd/arvados-client arvados-client "$FORMAT" "$ARCH" \
"Arvados command line tool (beta)"
-package_go_binary cmd/arvados-server arvados-server \
+package_go_binary cmd/arvados-server arvados-server "$FORMAT" "$ARCH" \
"Arvados server daemons"
-package_go_binary cmd/arvados-server arvados-controller \
+package_go_binary cmd/arvados-server arvados-controller "$FORMAT" "$ARCH" \
"Arvados cluster controller daemon"
-package_go_binary cmd/arvados-server arvados-dispatch-cloud \
+package_go_binary cmd/arvados-server arvados-dispatch-cloud "$FORMAT" "$ARCH" \
"Arvados cluster cloud dispatch"
-package_go_binary services/arv-git-httpd arvados-git-httpd \
+package_go_binary cmd/arvados-server arvados-dispatch-lsf "$FORMAT" "$ARCH" \
+ "Dispatch Arvados containers to an LSF cluster"
+package_go_binary cmd/arvados-server arvados-git-httpd "$FORMAT" "$ARCH" \
"Provide authenticated http access to Arvados-hosted git repositories"
-package_go_binary services/crunch-dispatch-local crunch-dispatch-local \
+package_go_binary services/crunch-dispatch-local crunch-dispatch-local "$FORMAT" "$ARCH" \
"Dispatch Crunch containers on the local system"
-package_go_binary services/crunch-dispatch-slurm crunch-dispatch-slurm \
+package_go_binary cmd/arvados-server crunch-dispatch-slurm "$FORMAT" "$ARCH" \
"Dispatch Crunch containers to a SLURM cluster"
-package_go_binary services/crunch-run crunch-run \
+package_go_binary cmd/arvados-server crunch-run "$FORMAT" "$ARCH" \
"Supervise a single Crunch container"
-package_go_binary services/crunchstat crunchstat \
+package_go_binary services/crunchstat crunchstat "$FORMAT" "$ARCH" \
"Gather cpu/memory/network statistics of running Crunch jobs"
-package_go_binary services/health arvados-health \
+package_go_binary cmd/arvados-server arvados-health "$FORMAT" "$ARCH" \
"Check health of all Arvados cluster services"
-package_go_binary services/keep-balance keep-balance \
+package_go_binary cmd/arvados-server keep-balance "$FORMAT" "$ARCH" \
"Rebalance and garbage-collect data blocks stored in Arvados Keep"
-package_go_binary services/keepproxy keepproxy \
+package_go_binary cmd/arvados-server keepproxy "$FORMAT" "$ARCH" \
"Make a Keep cluster accessible to clients that are not on the LAN"
-package_go_binary services/keepstore keepstore \
+package_go_binary cmd/arvados-server keepstore "$FORMAT" "$ARCH" \
"Keep storage daemon, accessible to clients on the LAN"
-package_go_binary services/keep-web keep-web \
+package_go_binary cmd/arvados-server keep-web "$FORMAT" "$ARCH" \
"Static web hosting service for user data stored in Arvados Keep"
-package_go_binary services/ws arvados-ws \
+package_go_binary cmd/arvados-server arvados-ws "$FORMAT" "$ARCH" \
"Arvados Websocket server"
-package_go_binary tools/sync-groups arvados-sync-groups \
+package_go_binary tools/sync-groups arvados-sync-groups "$FORMAT" "$ARCH" \
"Synchronize remote groups into Arvados from an external source"
-package_go_binary tools/keep-block-check keep-block-check \
+package_go_binary tools/sync-users arvados-sync-users "$FORMAT" "$ARCH" \
+ "Synchronize remote users into Arvados from an external source"
+package_go_binary tools/keep-block-check keep-block-check "$FORMAT" "$ARCH" \
"Verify that all data from one set of Keep servers to another was copied"
-package_go_binary tools/keep-rsync keep-rsync \
+package_go_binary tools/keep-rsync keep-rsync "$FORMAT" "$ARCH" \
"Copy all data from one set of Keep servers to another"
-package_go_binary tools/keep-exercise keep-exercise \
+package_go_binary tools/keep-exercise keep-exercise "$FORMAT" "$ARCH" \
"Performance testing tool for Arvados Keep"
+package_go_so lib/pam pam_arvados.so libpam-arvados-go "$FORMAT" "$ARCH" \
+ "Arvados PAM authentication module"
-# The Python SDK - Should be built first because it's needed by others
-fpm_build_virtualenv "arvados-python-client" "sdk/python"
-
-# Arvados cwl runner
-fpm_build_virtualenv "arvados-cwl-runner" "sdk/cwl"
+# Python packages
+debug_echo -e "\nPython packages\n"
-# The PAM module
-fpm_build_virtualenv "libpam-arvados" "sdk/pam"
+# The Python SDK - Python3 package
+fpm_build_virtualenv "arvados-python-client" "sdk/python" "$FORMAT" "$ARCH"
-# The FUSE driver
-fpm_build_virtualenv "arvados-fuse" "services/fuse"
+# Arvados cwl runner - Python3 package
+fpm_build_virtualenv "arvados-cwl-runner" "sdk/cwl" "$FORMAT" "$ARCH"
-# The node manager
-fpm_build_virtualenv "arvados-node-manager" "services/nodemanager"
+# The FUSE driver - Python3 package
+fpm_build_virtualenv "arvados-fuse" "services/fuse" "$FORMAT" "$ARCH"
# The Arvados crunchstat-summary tool
-fpm_build_virtualenv "crunchstat-summary" "tools/crunchstat-summary"
-
-# The Python SDK - Python3 package
-fpm_build_virtualenv "arvados-python-client" "sdk/python" "python3"
+fpm_build_virtualenv "crunchstat-summary" "tools/crunchstat-summary" "$FORMAT" "$ARCH"
# The Docker image cleaner
-fpm_build_virtualenv "arvados-docker-cleaner" "services/dockercleaner" "python3"
+fpm_build_virtualenv "arvados-docker-cleaner" "services/dockercleaner" "$FORMAT" "$ARCH"
+
+# The Arvados user activity tool
+fpm_build_virtualenv "arvados-user-activity" "tools/user-activity" "$FORMAT" "$ARCH"
+
+# The python->python3 metapackages
+build_metapackage "arvados-fuse" "services/fuse"
+build_metapackage "arvados-python-client" "services/fuse"
+build_metapackage "arvados-cwl-runner" "sdk/cwl"
+build_metapackage "crunchstat-summary" "tools/crunchstat-summary"
+build_metapackage "arvados-docker-cleaner" "services/dockercleaner"
+build_metapackage "arvados-user-activity" "tools/user-activity"
# The cwltest package, which lives out of tree
-cd "$WORKSPACE"
-if [[ -e "$WORKSPACE/cwltest" ]]; then
- rm -rf "$WORKSPACE/cwltest"
-fi
-git clone https://github.com/common-workflow-language/cwltest.git
-# signal to our build script that we want a cwltest executable installed in /usr/bin/
-mkdir cwltest/bin && touch cwltest/bin/cwltest
-fpm_build_virtualenv "cwltest" "cwltest"
-rm -rf "$WORKSPACE/cwltest"
-
-# Build the API server package
-test_rails_package_presence arvados-api-server "$WORKSPACE/services/api"
-if [[ "$?" == "0" ]]; then
- handle_rails_package arvados-api-server "$WORKSPACE/services/api" \
- "$WORKSPACE/agpl-3.0.txt" --url="https://arvados.org" \
- --description="Arvados API server - Arvados is a free and open source platform for big data science." \
- --license="GNU Affero General Public License, version 3.0"
-fi
+handle_cwltest "$FORMAT" "$ARCH"
-# Build the workbench server package
-test_rails_package_presence arvados-workbench "$WORKSPACE/apps/workbench"
-if [[ "$?" == "0" ]] ; then
- (
- set -e
- cd "$WORKSPACE/apps/workbench"
-
- # We need to bundle to be ready even when we build a package without vendor directory
- # because asset compilation requires it.
- bundle install --system >"$STDOUT_IF_DEBUG"
-
- # clear the tmp directory; the asset generation step will recreate tmp/cache/assets,
- # and we want that in the package, so it's easier to not exclude the tmp directory
- # from the package - empty it instead.
- rm -rf tmp
- mkdir tmp
-
- # Set up an appropriate config.yml
- arvados-server config-dump -config <(cat /etc/arvados/config.yml 2>/dev/null || echo "Clusters: {zzzzz: {}}") > /tmp/x
- mkdir -p /etc/arvados/
- mv /tmp/x /etc/arvados/config.yml
- perl -p -i -e 'BEGIN{undef $/;} s/WebDAV(.*?):\n( *)ExternalURL: ""/WebDAV$1:\n$2ExternalURL: "example.com"/g' /etc/arvados/config.yml
-
- RAILS_ENV=production RAILS_GROUPS=assets bundle exec rake npm:install >/dev/null
- RAILS_ENV=production RAILS_GROUPS=assets bundle exec rake assets:precompile >/dev/null
-
- # Remove generated configuration files so they don't go in the package.
- rm -rf /etc/arvados/
- )
-
- if [[ "$?" != "0" ]]; then
- echo "ERROR: Asset precompilation failed"
- EXITCODE=1
- else
- handle_rails_package arvados-workbench "$WORKSPACE/apps/workbench" \
- "$WORKSPACE/agpl-3.0.txt" --url="https://arvados.org" \
- --description="Arvados Workbench - Arvados is a free and open source platform for big data science." \
- --license="GNU Affero General Public License, version 3.0"
- fi
-fi
+# Rails packages
+debug_echo -e "\nRails packages\n"
+
+# The rails api server package
+handle_api_server "$ARCH"
+# The rails workbench package
+handle_workbench "$ARCH"
# clean up temporary GOPATH
rm -rf "$GOPATH"