From 004fda675a1064d5bfb7d86c4c74c86a43c0d8bc Mon Sep 17 00:00:00 2001
From: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Date: Wed, 21 Jul 2021 08:46:19 -0400
Subject: [PATCH] Makefile: Repatriate the definition of packaging targets.
Prior to this change, the Makefile packaging targets were generated by
a Python script, supposedly to reduce boilerplate. Make is able to
programmatically define rules, so use its features instead.
The packaging targets 'package-' prefix is dropped, making the targets
names match the distribution directly, such as 'ubuntu_20.04'.
The docker *-ro bind mounts are dropped; instead only the release
tarball file name is exposed to the containers as *the* source, which
makes it unambiguous as to which sources are used.
The files related to RHEL builds are removed, as the RHEL build is
known to be broken and isn't being used.
* Makefile (DISTRIBUTIONS): New variable.
(make-docker-package-target): New function.
(docker/Dockerfile-snap): Adjust accordingly.
docker/*: Standardize to use hyphens instead of a mix of hyphens and
underscores.
* docker/Dockerfile_rhel_8: Delete file.
* docker/profile-seccomp-fedora_28.json: Delete file.
* scripts/make-packaging-target.py: Delete file.
* Jenkinsfile: Adjust accordingly.
Change-Id: I2dc42b489a54b177ad038398a9d23a2a7e3007ec
---
Jenkinsfile | 11 +-
Makefile | 93 +++-
docker/Dockerfile_rhel_8 | 85 ---
docker/profile-seccomp-fedora_28.json | 751 --------------------------
scripts/build-package-debian.sh | 5 +-
scripts/build-package-rpm.sh | 11 +-
scripts/build-package-snap.sh | 2 +-
scripts/make-packaging-target.py | 262 ---------
8 files changed, 97 insertions(+), 1123 deletions(-)
delete mode 100644 docker/Dockerfile_rhel_8
delete mode 100644 docker/profile-seccomp-fedora_28.json
delete mode 100755 scripts/make-packaging-target.py
diff --git a/Jenkinsfile b/Jenkinsfile
index 715925fe..8494fcf0 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -63,7 +63,7 @@ pipeline {
string(name: 'PACKAGING_TARGETS',
defaultValue: '',
description: 'A whitespace-separated list of packaging ' +
- 'targets, e.g. "package-debian_10 package-snap". ' +
+ 'targets, e.g. "debian_10 snap". ' +
'When left unspecified, all the packaging targets are built.')
}
@@ -116,9 +116,6 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client
stage('Build packages') {
environment {
DISABLE_CONTRIB_DOWNLOADS = 'TRUE'
- // The following password is used to register with the
- // RHEL subscription-manager tool, required to build on RHEL.
- PASS = credentials('developers-redhat-com')
}
steps {
script {
@@ -147,6 +144,7 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client
catchError(buildResult: 'FAILURE',
stageResult: 'FAILURE') {
sh """
+ echo Building on node \$NODE_NAME
tar xf *.tar.gz --strip-components=1
make ${target}
"""
@@ -181,10 +179,9 @@ See https://wiki.savoirfairelinux.com/wiki/Jenkins.jami.net#Configuration_client
echo "Failed to unstash ${target}, skipping..."
return
}
- def distribution = target - ~/^package-/
- echo "Deploying packages for ${distribution}..."
+ echo "Deploying packages for ${target}..."
sh """scripts/deploy-packages.sh \
- --distribution=${distribution} \
+ --distribution=${target} \
--keyid="${RING_PUBLIC_KEY_FINGERPRINT}" \
--snapcraft-login="${SNAPCRAFT_KEY}" \
--remote-ssh-identity-file="${SSH_PRIVATE_KEY}" \
diff --git a/Makefile b/Makefile
index 71a907b7..5e8cee2a 100644
--- a/Makefile
+++ b/Makefile
@@ -49,13 +49,13 @@ DEBIAN_VERSION:=$(RELEASE_VERSION)~dfsg1-1
DEBIAN_DSC_FILENAME:=jami_$(DEBIAN_VERSION).dsc
# Qt versions
-QT_MAJOR:=5
-QT_MINOR:=15
-QT_PATCH:=2
-QT_TARBALL_CHECKSUM:="3a530d1b243b5dec00bc54937455471aaa3e56849d2593edb8ded07228202240"
-DEBIAN_QT_VERSION:=$(QT_MAJOR).$(QT_MINOR).$(QT_PATCH)-1
-DEBIAN_QT_DSC_FILENAME:=libqt-jami_$(DEBIAN_QT_VERSION).dsc
-QT_JAMI_PREFIX:="/usr/lib/libqt-jami"
+QT_MAJOR := 5
+QT_MINOR := 15
+QT_PATCH := 2
+QT_TARBALL_CHECKSUM := 3a530d1b243b5dec00bc54937455471aaa3e56849d2593edb8ded07228202240
+DEBIAN_QT_VERSION := $(QT_MAJOR).$(QT_MINOR).$(QT_PATCH)-1
+DEBIAN_QT_DSC_FILENAME := libqt-jami_$(DEBIAN_QT_VERSION).dsc
+QT_JAMI_PREFIX := /usr/lib/libqt-jami
#####################
## Other variables ##
@@ -152,16 +152,87 @@ endif
## Packaging targets ##
#######################
+�
+#
+# Traditionally built packages (in Docker containers).
+#
+DISTRIBUTIONS := \
+ debian_10 \
+ debian_11 \
+ debian_testing \
+ debian_unstable \
+ raspbian_10_armhf \
+ ubuntu_18.04 \
+ ubuntu_20.04 \
+ ubuntu_21.04 \
+ fedora_33 \
+ fedora_34 \
+ opensuse-leap_15.2 \
+ opensuse-leap_15.3 \
+ opensuse-tumbleweed \
+ snap
+
IS_SHELL_INTERACTIVE := $(shell [ -t 0 ] && echo yes)
# The following Make variable can be used to provide extra arguments
# used with the 'docker run' commands invoked to build the packages.
DOCKER_RUN_EXTRA_ARGS =
-# Append the output of make-packaging-target to this Makefile
-# see Makefile.packaging.distro_targets
-$(shell scripts/make-packaging-target.py --generate-all > Makefile.packaging.distro_targets)
-include Makefile.packaging.distro_targets
+# This function is used to produce the rules of the packaging targets
+# that rely on Docker.
+# Arg1: The name-version string of the distribution (e.g., ubuntu-18.04).
+# Arg2: Extra arguments to pass to 'docker build'.
+# Arg3: Extra arguments to pass to 'docker run'.
+define make-docker-package-target
+$(1)-docker-image-name := jami-packaging-$(1)
+$(1)-docker-image-file := .docker-image-$$($(1)-docker-image-name)
+$(1)-docker-run-command := docker run \
+ --rm --privileged --security-opt apparmor=docker-default \
+ -e RELEASE_VERSION="$(RELEASE_VERSION)" \
+ -e RELEASE_TARBALL_FILENAME="$(RELEASE_TARBALL_FILENAME)" \
+ -e DEBIAN_VERSION="$(DEBIAN_VERSION)" \
+ -e DEBIAN_QT_VERSION="$(DEBIAN_QT_VERSION)" \
+ -e CURRENT_UID="$(CURRENT_UID)" \
+ -e CURRENT_GID="$(CURRENT_GID)" \
+ -e DISTRIBUTION="$(1)" \
+ -e QT_JAMI_PREFIX="$(QT_JAMI_PREFIX)" \
+ -e QT_MAJOR="$(QT_MAJOR)" \
+ -e QT_MINOR="$(QT_MINOR)" \
+ -e QT_PATCH="$(QT_PATCH)" \
+ -e QT_TARBALL_CHECKSUM="$(QT_TARBALL_CHECKSUM)" \
+ -e FORCE_REBUILD_QT="$(FORCE_REBUILD_QT)" \
+ -e SNAP_PKG_NAME="$(or $(SNAP_PKG_NAME),jami)" \
+ -e TARBALLS="$(TARBALLS)" \
+ -v '$(TARBALLS)':'$(TARBALLS)' \
+ -v '$(CURDIR)/$(RELEASE_TARBALL_FILENAME)':'/src/$(RELEASE_TARBALL_FILENAME)' \
+ -v '$(CURDIR)/packages/$(1)':/opt/output \
+ -t $(and $(IS_SHELL_INTERACTIVE),-i) \
+ $(3) \
+ "$$($(1)-docker-image-name)"
+
+$$($(1)-docker-image-file): docker/Dockerfile_$(1)
+ docker build \
+ -t $$($(1)-docker-image-name) \
+ -f docker/Dockerfile_$(1) $(2) $(CURDIR) && \
+ touch "$$@"
+
+packages/$(1)/.packages-built: $(RELEASE_TARBALL_FILENAME) $$($(1)-docker-image-file)
+ mkdir -p "$$$$(dirname "$$@")" && \
+ $$($(1)-docker-run-command) && \
+ touch "$$@"
+
+.PHONY: $(1)
+$(1): packages/$(1)/.packages-built
+PACKAGE-TARGETS += $(1)
+
+.PHONY: $(1)-interactive
+$(1)-interactive: $(RELEASE_TARBALL_FILENAME) $$($(1)-docker-image-file)
+ $$($(1)-docker-run-command) bash
+
+endef
+
+$(foreach target,$(DISTRIBUTIONS),\
+ $(eval $(call make-docker-package-target,$(target))))
package-all: $(PACKAGE-TARGETS)
diff --git a/docker/Dockerfile_rhel_8 b/docker/Dockerfile_rhel_8
deleted file mode 100644
index 97597da3..00000000
--- a/docker/Dockerfile_rhel_8
+++ /dev/null
@@ -1,85 +0,0 @@
-FROM docker.io/roboxes/rhel8
-
-ARG PASS
-ENV PASS=$PASS
-
-RUN subscription-manager register --username=jamisfl --password=$PASS
-RUN subscription-manager attach --auto
-RUN subscription-manager repos --enable=codeready-builder-for-rhel-8-x86_64-rpms
-
-RUN dnf clean all
-RUN dnf install -y dnf-command\(builddep\) rpmdevtools && \
- dnf install -y mock
-
-RUN dnf install -y \
- git \
- rpm-build \
- tar \
- make \
- autoconf \
- automake \
- nasm \
- cmake \
- speexdsp-devel \
- pulseaudio-libs-devel \
- libcanberra-devel \
- libcurl-devel \
- libtool \
- mesa-libgbm-devel \
- mesa-dri-drivers \
- dbus-devel \
- expat-devel \
- pcre-devel \
- yaml-cpp-devel \
- dbus-c++-devel \
- dbus-devel \
- libXext-devel \
- libXfixes-devel \
- yasm \
- speex-devel \
- gsm-devel \
- chrpath \
- check \
- astyle \
- gettext-devel \
- gcc-c++ \
- libstdc++-static \
- which \
- alsa-lib-devel \
- systemd-devel \
- libuuid-devel \
- uuid-devel \
- gnutls-devel \
- nettle-devel \
- opus-devel \
- patch \
- jsoncpp-devel \
- libnatpmp-devel \
- webkitgtk4-devel \
- cryptopp-devel \
- libva-devel \
- libvdpau-devel \
- msgpack-devel \
- NetworkManager-libnm-devel \
- openssl-devel \
- clutter-devel \
- clutter-gtk-devel \
- libappindicator-gtk3-devel \
- libnotify-devel \
- libupnp-devel \
- qrencode-devel \
- sqlite-devel \
- libdrm \
- gperf \
- bison \
- flex \
- nodejs \
- nss-devel \
- kernel-headers \
- python2 \
- libargon2-devel \
- wget
-
-ADD scripts/build-package-rpm.sh /opt/build-package-rpm.sh
-
-CMD ["/opt/build-package-rpm.sh"]
\ No newline at end of file
diff --git a/docker/profile-seccomp-fedora_28.json b/docker/profile-seccomp-fedora_28.json
deleted file mode 100644
index 3eee9312..00000000
--- a/docker/profile-seccomp-fedora_28.json
+++ /dev/null
@@ -1,751 +0,0 @@
-{
- "defaultAction": "SCMP_ACT_ERRNO",
- "archMap": [
- {
- "architecture": "SCMP_ARCH_X86_64",
- "subArchitectures": [
- "SCMP_ARCH_X86",
- "SCMP_ARCH_X32"
- ]
- },
- {
- "architecture": "SCMP_ARCH_AARCH64",
- "subArchitectures": [
- "SCMP_ARCH_ARM"
- ]
- },
- {
- "architecture": "SCMP_ARCH_MIPS64",
- "subArchitectures": [
- "SCMP_ARCH_MIPS",
- "SCMP_ARCH_MIPS64N32"
- ]
- },
- {
- "architecture": "SCMP_ARCH_MIPS64N32",
- "subArchitectures": [
- "SCMP_ARCH_MIPS",
- "SCMP_ARCH_MIPS64"
- ]
- },
- {
- "architecture": "SCMP_ARCH_MIPSEL64",
- "subArchitectures": [
- "SCMP_ARCH_MIPSEL",
- "SCMP_ARCH_MIPSEL64N32"
- ]
- },
- {
- "architecture": "SCMP_ARCH_MIPSEL64N32",
- "subArchitectures": [
- "SCMP_ARCH_MIPSEL",
- "SCMP_ARCH_MIPSEL64"
- ]
- },
- {
- "architecture": "SCMP_ARCH_S390X",
- "subArchitectures": [
- "SCMP_ARCH_S390"
- ]
- }
- ],
- "syscalls": [
- {
- "names": [
- "accept",
- "accept4",
- "access",
- "adjtimex",
- "alarm",
- "bind",
- "brk",
- "capget",
- "capset",
- "chdir",
- "chmod",
- "chown",
- "chown32",
- "clock_getres",
- "clock_gettime",
- "clock_nanosleep",
- "close",
- "connect",
- "copy_file_range",
- "creat",
- "dup",
- "dup2",
- "dup3",
- "epoll_create",
- "epoll_create1",
- "epoll_ctl",
- "epoll_ctl_old",
- "epoll_pwait",
- "epoll_wait",
- "epoll_wait_old",
- "eventfd",
- "eventfd2",
- "execve",
- "execveat",
- "exit",
- "exit_group",
- "faccessat",
- "fadvise64",
- "fadvise64_64",
- "fallocate",
- "fanotify_mark",
- "fchdir",
- "fchmod",
- "fchmodat",
- "fchown",
- "fchown32",
- "fchownat",
- "fcntl",
- "fcntl64",
- "fdatasync",
- "fgetxattr",
- "flistxattr",
- "flock",
- "fork",
- "fremovexattr",
- "fsetxattr",
- "fstat",
- "fstat64",
- "fstatat64",
- "fstatfs",
- "fstatfs64",
- "fsync",
- "ftruncate",
- "ftruncate64",
- "futex",
- "futimesat",
- "getcpu",
- "getcwd",
- "getdents",
- "getdents64",
- "getegid",
- "getegid32",
- "geteuid",
- "geteuid32",
- "getgid",
- "getgid32",
- "getgroups",
- "getgroups32",
- "getitimer",
- "getpeername",
- "getpgid",
- "getpgrp",
- "getpid",
- "getppid",
- "getpriority",
- "getrandom",
- "getresgid",
- "getresgid32",
- "getresuid",
- "getresuid32",
- "getrlimit",
- "get_robust_list",
- "getrusage",
- "getsid",
- "getsockname",
- "getsockopt",
- "get_thread_area",
- "gettid",
- "gettimeofday",
- "getuid",
- "getuid32",
- "getxattr",
- "inotify_add_watch",
- "inotify_init",
- "inotify_init1",
- "inotify_rm_watch",
- "io_cancel",
- "ioctl",
- "io_destroy",
- "io_getevents",
- "ioprio_get",
- "ioprio_set",
- "io_setup",
- "io_submit",
- "ipc",
- "kill",
- "lchown",
- "lchown32",
- "lgetxattr",
- "link",
- "linkat",
- "listen",
- "listxattr",
- "llistxattr",
- "_llseek",
- "lremovexattr",
- "lseek",
- "lsetxattr",
- "lstat",
- "lstat64",
- "madvise",
- "memfd_create",
- "mincore",
- "mkdir",
- "mkdirat",
- "mknod",
- "mknodat",
- "mlock",
- "mlock2",
- "mlockall",
- "mmap",
- "mmap2",
- "mprotect",
- "mq_getsetattr",
- "mq_notify",
- "mq_open",
- "mq_timedreceive",
- "mq_timedsend",
- "mq_unlink",
- "mremap",
- "msgctl",
- "msgget",
- "msgrcv",
- "msgsnd",
- "msync",
- "munlock",
- "munlockall",
- "munmap",
- "nanosleep",
- "newfstatat",
- "_newselect",
- "open",
- "openat",
- "pause",
- "pipe",
- "pipe2",
- "poll",
- "ppoll",
- "prctl",
- "pread64",
- "preadv",
- "preadv2",
- "prlimit64",
- "pselect6",
- "pwrite64",
- "pwritev",
- "pwritev2",
- "read",
- "readahead",
- "readlink",
- "readlinkat",
- "readv",
- "recv",
- "recvfrom",
- "recvmmsg",
- "recvmsg",
- "remap_file_pages",
- "removexattr",
- "rename",
- "renameat",
- "renameat2",
- "restart_syscall",
- "rmdir",
- "rt_sigaction",
- "rt_sigpending",
- "rt_sigprocmask",
- "rt_sigqueueinfo",
- "rt_sigreturn",
- "rt_sigsuspend",
- "rt_sigtimedwait",
- "rt_tgsigqueueinfo",
- "sched_getaffinity",
- "sched_getattr",
- "sched_getparam",
- "sched_get_priority_max",
- "sched_get_priority_min",
- "sched_getscheduler",
- "sched_rr_get_interval",
- "sched_setaffinity",
- "sched_setattr",
- "sched_setparam",
- "sched_setscheduler",
- "sched_yield",
- "seccomp",
- "select",
- "semctl",
- "semget",
- "semop",
- "semtimedop",
- "send",
- "sendfile",
- "sendfile64",
- "sendmmsg",
- "sendmsg",
- "sendto",
- "setfsgid",
- "setfsgid32",
- "setfsuid",
- "setfsuid32",
- "setgid",
- "setgid32",
- "setgroups",
- "setgroups32",
- "setitimer",
- "setpgid",
- "setpriority",
- "setregid",
- "setregid32",
- "setresgid",
- "setresgid32",
- "setresuid",
- "setresuid32",
- "setreuid",
- "setreuid32",
- "setrlimit",
- "set_robust_list",
- "setsid",
- "setsockopt",
- "set_thread_area",
- "set_tid_address",
- "setuid",
- "setuid32",
- "setxattr",
- "shmat",
- "shmctl",
- "shmdt",
- "shmget",
- "shutdown",
- "sigaltstack",
- "signalfd",
- "signalfd4",
- "sigreturn",
- "socket",
- "socketcall",
- "socketpair",
- "splice",
- "stat",
- "stat64",
- "statfs",
- "statfs64",
- "statx",
- "symlink",
- "symlinkat",
- "sync",
- "sync_file_range",
- "syncfs",
- "sysinfo",
- "syslog",
- "tee",
- "tgkill",
- "time",
- "timer_create",
- "timer_delete",
- "timerfd_create",
- "timerfd_gettime",
- "timerfd_settime",
- "timer_getoverrun",
- "timer_gettime",
- "timer_settime",
- "times",
- "tkill",
- "truncate",
- "truncate64",
- "ugetrlimit",
- "umask",
- "uname",
- "unlink",
- "unlinkat",
- "utime",
- "utimensat",
- "utimes",
- "vfork",
- "vmsplice",
- "wait4",
- "waitid",
- "waitpid",
- "write",
- "writev"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 0,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 8,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 131072,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 131080,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "personality"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 4294967295,
- "valueTwo": 0,
- "op": "SCMP_CMP_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {}
- },
- {
- "names": [
- "sync_file_range2"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "ppc64le"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "arm_fadvise64_64",
- "arm_sync_file_range",
- "sync_file_range2",
- "breakpoint",
- "cacheflush",
- "set_tls"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "arm",
- "arm64"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "arch_prctl"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "amd64",
- "x32"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "modify_ldt"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "amd64",
- "x32",
- "x86"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "s390_pci_mmio_read",
- "s390_pci_mmio_write",
- "s390_runtime_instr"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "arches": [
- "s390",
- "s390x"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "open_by_handle_at"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_DAC_READ_SEARCH"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "bpf",
- "clone",
- "fanotify_init",
- "lookup_dcookie",
- "mount",
- "name_to_handle_at",
- "perf_event_open",
- "quotactl",
- "setdomainname",
- "sethostname",
- "setns",
- "umount",
- "umount2",
- "unshare"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_ADMIN"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "clone"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 0,
- "value": 2080505856,
- "valueTwo": 0,
- "op": "SCMP_CMP_MASKED_EQ"
- }
- ],
- "comment": "",
- "includes": {},
- "excludes": {
- "caps": [
- "CAP_SYS_ADMIN"
- ],
- "arches": [
- "s390",
- "s390x"
- ]
- }
- },
- {
- "names": [
- "clone"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [
- {
- "index": 1,
- "value": 2080505856,
- "valueTwo": 0,
- "op": "SCMP_CMP_MASKED_EQ"
- }
- ],
- "comment": "s390 parameter ordering for clone is different",
- "includes": {
- "arches": [
- "s390",
- "s390x"
- ]
- },
- "excludes": {
- "caps": [
- "CAP_SYS_ADMIN"
- ]
- }
- },
- {
- "names": [
- "reboot"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_BOOT"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "chroot"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_CHROOT"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "delete_module",
- "init_module",
- "finit_module",
- "query_module"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_MODULE"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "acct"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_PACCT"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "kcmp",
- "process_vm_readv",
- "process_vm_writev",
- "ptrace"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_PTRACE"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "iopl",
- "ioperm"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_RAWIO"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "settimeofday",
- "stime",
- "clock_settime"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_TIME"
- ]
- },
- "excludes": {}
- },
- {
- "names": [
- "vhangup"
- ],
- "action": "SCMP_ACT_ALLOW",
- "args": [],
- "comment": "",
- "includes": {
- "caps": [
- "CAP_SYS_TTY_CONFIG"
- ]
- },
- "excludes": {}
- }
- ]
-}
diff --git a/scripts/build-package-debian.sh b/scripts/build-package-debian.sh
index ef1833df..4a0fb62b 100755
--- a/scripts/build-package-debian.sh
+++ b/scripts/build-package-debian.sh
@@ -81,8 +81,9 @@ ${QT_MAJOR}.${QT_MINOR}/${qt_version}/single
mv "qt-everywhere-src-${qt_version}" "libqt-jami-${qt_version}"
cd "libqt-jami-${qt_version}"
- # Import the debian folder.
- cp --verbose -r /opt/ring-project-ro/packaging/rules/debian-qt debian
+ # Extract the debian folder
+ tar xf "/src/$RELEASE_TARBALL_FILENAME" ring-project/packaging/rules/debian-qt \
+ --strip-components=3 && mv debian-qt debian
# Create the changelog file.
DEBEMAIL="The Jami project <jami@gnu.org>" dch --create \
diff --git a/scripts/build-package-rpm.sh b/scripts/build-package-rpm.sh
index 313415e8..3197fcfa 100755
--- a/scripts/build-package-rpm.sh
+++ b/scripts/build-package-rpm.sh
@@ -26,14 +26,15 @@ set -e
# Import the spec file.
mkdir -p /opt/ring-project
cd /opt/ring-project
-cp /opt/ring-project-ro/packaging/rules/rpm/* .
-rm -f jami-libqt.spec
+tar xf "/src/$RELEASE_TARBALL_FILENAME" ring-project/packaging/rules/rpm \
+ --strip-components=3 && mv rpm/* . && rmdir rpm
+rm jami-libqt.spec
# Prepare the build tree.
rpmdev-setuptree
# Copy the source tarball.
-cp /opt/ring-project-ro/jami_*.tar.gz /root/rpmbuild/SOURCES
+cp --reflink=auto "/src/$RELEASE_TARBALL_FILENAME" /root/rpmbuild/SOURCES
QT_JAMI_PREFIX="/usr/lib64/qt-jami"
PATH="${QT_JAMI_PREFIX}/bin:${PATH}"
@@ -72,7 +73,9 @@ if [[ "${DISTRIBUTION:0:4}" == "rhel" \
mkdir /opt/qt-jami-build
cd /opt/qt-jami-build
- cp /opt/ring-project-ro/packaging/rules/rpm/jami-libqt.spec .
+ tar xf "/src/$RELEASE_TARBALL_FILENAME" \
+ ring-project/packaging/rules/rpm/jami-libqt.spec \
+ --strip-components=4
# Fetch and cache the tarball, if not already available.
if [ ! -f "$CACHED_QT_TARBALL" ]; then
diff --git a/scripts/build-package-snap.sh b/scripts/build-package-snap.sh
index ebad3cb6..c7035560 100755
--- a/scripts/build-package-snap.sh
+++ b/scripts/build-package-snap.sh
@@ -23,7 +23,7 @@
set -e
-cp -rp /opt/ring-project-ro /opt/ring-project
+tar xf "/src/$RELEASE_TARBALL_FILENAME" -C /opt
cd /opt/ring-project/packaging/rules/snap/${SNAP_PKG_NAME}/
# set the version and tarball filename
diff --git a/scripts/make-packaging-target.py b/scripts/make-packaging-target.py
deleted file mode 100755
index 50cd3bce..00000000
--- a/scripts/make-packaging-target.py
+++ /dev/null
@@ -1,262 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright (C) 2016-2021 Savoir-faire Linux Inc.
-#
-# Author: Alexandre Viau <alexandre.viau@savoirfairelinux.com>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-# Creates packaging targets for a distribution and architecture.
-# This helps reduce the length of the top Makefile.
-#
-
-import argparse
-
-template_header = """\
-# -*- mode: makefile -*-
-# This file was auto-generated by: scripts/make-packaging-target.py.
-#
-# We don't simply use jami-packaging-distro as the docker image name because
-# we want to be able to build multiple versions of the same distro at the
-# same time and it could result in race conditions on the machine as we would
-# overwrite the docker image of other builds.
-#
-# This does not impact caching as the docker daemon does not care about the image
-# names, just about the contents of the Dockerfile.
-"""
-
-target_template = """\
-##
-## Distro: %(distribution)s
-##
-
-PACKAGE_%(distribution)s_DOCKER_IMAGE_NAME:=jami-packaging-%(distribution)s$(RING_PACKAGING_IMAGE_SUFFIX)
-PACKAGE_%(distribution)s_DOCKER_IMAGE_FILE:=.docker-image-$(PACKAGE_%(distribution)s_DOCKER_IMAGE_NAME)
-
-PACKAGE_%(distribution)s_DOCKER_RUN_COMMAND = docker run \\
- --rm \\
- -e RELEASE_VERSION=$(RELEASE_VERSION) \\
- -e RELEASE_TARBALL_FILENAME=$(RELEASE_TARBALL_FILENAME) \\
- -e DEBIAN_VERSION=%(version)s \\
- -e DEBIAN_QT_VERSION=%(version_qt)s \\
- -e CURRENT_UID=$(CURRENT_UID) \\
- -e CURRENT_GID=$(CURRENT_GID) \\
- -e DISTRIBUTION=%(distribution)s \\
- -e TARBALLS=$(TARBALLS) \\
- -v $(CURDIR)/$(RELEASE_TARBALL_FILENAME):/src/$(RELEASE_TARBALL_FILENAME) \\
- -v $(CURDIR):/opt/ring-project-ro:ro \\
- -v $(CURDIR)/packages/%(distribution)s:/opt/output \\
- -v $(TARBALLS):$(TARBALLS) \\
- -t $(and $(IS_SHELL_INTERACTIVE),-i) %(options)s \\
- $(DOCKER_RUN_EXTRA_ARGS) \\
- $(PACKAGE_%(distribution)s_DOCKER_IMAGE_NAME)
-
-$(PACKAGE_%(distribution)s_DOCKER_IMAGE_FILE): docker/Dockerfile_%(docker_image)s
- docker build \\
- -t $(PACKAGE_%(distribution)s_DOCKER_IMAGE_NAME) \\
- -f docker/Dockerfile_%(docker_image)s %(docker_build_args)s \\
- $(CURDIR)
- touch $(PACKAGE_%(distribution)s_DOCKER_IMAGE_FILE)
-
-packages/%(distribution)s:
- mkdir -p packages/%(distribution)s
-
-packages/%(distribution)s/%(output_file)s: $(RELEASE_TARBALL_FILENAME) packages/%(distribution)s $(PACKAGE_%(distribution)s_DOCKER_IMAGE_FILE)
- $(PACKAGE_%(distribution)s_DOCKER_RUN_COMMAND)
- touch packages/%(distribution)s/*
-
-.PHONY: package-%(distribution)s
-package-%(distribution)s: packages/%(distribution)s/%(output_file)s
-PACKAGE-TARGETS += package-%(distribution)s
-
-.PHONY: package-%(distribution)s-interactive
-package-%(distribution)s-interactive: $(RELEASE_TARBALL_FILENAME) packages/%(distribution)s $(PACKAGE_%(distribution)s_DOCKER_IMAGE_FILE)
- $(PACKAGE_%(distribution)s_DOCKER_RUN_COMMAND) bash
-"""
-
-
-RPM_BASED_SYSTEMS_DOCKER_RUN_OPTIONS = (
- '--security-opt seccomp=./docker/profile-seccomp-fedora_28.json '
- '--privileged')
-
-DPKG_BASED_SYSTEMS_DOCKER_RUN_OPTIONS = (
- '-e QT_JAMI_PREFIX=$(QT_JAMI_PREFIX) '
- '-e QT_MAJOR=$(QT_MAJOR) '
- '-e QT_MINOR=$(QT_MINOR) '
- '-e QT_PATCH=$(QT_PATCH) '
- '-e QT_TARBALL_CHECKSUM=$(QT_TARBALL_CHECKSUM) '
- '-e FORCE_REBUILD_QT=$(FORCE_REBUILD_QT) '
- '--privileged '
- '--security-opt apparmor=docker-default ')
-
-
-def generate_target(distribution, output_file, options='', docker_image='',
- version='', version_qt='', docker_build_args=''):
- if (docker_image == ''):
- docker_image = distribution
- if (version == ''):
- version = "$(DEBIAN_VERSION)"
- if (version_qt == ''):
- version_qt = "$(DEBIAN_QT_VERSION)"
- return target_template % {
- "distribution": distribution,
- "docker_image": docker_image,
- "output_file": output_file,
- "options": options,
- "version": version,
- "version_qt": version_qt,
- "docker_build_args": docker_build_args,
- }
-
-
-def run_generate(parsed_args):
- print(generate_target(parsed_args.distribution,
- parsed_args.output_file,
- parsed_args.options,
- parsed_args.docker_image,
- parsed_args.version,
- parsed_args.version_qt))
-
-
-def run_generate_all(parsed_args):
- targets = [
- # Debian
- {
- "distribution": "debian_10",
- "output_file": "$(DEBIAN_DSC_FILENAME)",
- "options": DPKG_BASED_SYSTEMS_DOCKER_RUN_OPTIONS,
- },
- {
- "distribution": "debian_11",
- "output_file": "$(DEBIAN_DSC_FILENAME)",
- "options": DPKG_BASED_SYSTEMS_DOCKER_RUN_OPTIONS,
- },
- {
- "distribution": "debian_testing",
- "output_file": "$(DEBIAN_DSC_FILENAME)",
- "options": DPKG_BASED_SYSTEMS_DOCKER_RUN_OPTIONS,
- },
- {
- "distribution": "debian_unstable",
- "output_file": "$(DEBIAN_DSC_FILENAME)",
- "options": DPKG_BASED_SYSTEMS_DOCKER_RUN_OPTIONS,
- },
- # Raspbian
- {
- "distribution": "raspbian_10_armhf",
- "output_file": "$(DEBIAN_DSC_FILENAME)",
- "options": "--privileged --security-opt apparmor=docker-default",
- },
- # Ubuntu
- {
- "distribution": "ubuntu_18.04",
- "output_file": "$(DEBIAN_DSC_FILENAME)",
- "options": DPKG_BASED_SYSTEMS_DOCKER_RUN_OPTIONS,
- },
- {
- "distribution": "ubuntu_20.04",
- "output_file": "$(DEBIAN_DSC_FILENAME)",
- "options": DPKG_BASED_SYSTEMS_DOCKER_RUN_OPTIONS,
- },
- {
- "distribution": "ubuntu_21.04",
- "output_file": "$(DEBIAN_DSC_FILENAME)",
- "options": DPKG_BASED_SYSTEMS_DOCKER_RUN_OPTIONS,
- },
- # Fedora
- {
- "distribution": "fedora_33",
- "output_file": ".packages-built",
- "options": RPM_BASED_SYSTEMS_DOCKER_RUN_OPTIONS
- },
- {
- "distribution": "fedora_34",
- "output_file": ".packages-built",
- "options": RPM_BASED_SYSTEMS_DOCKER_RUN_OPTIONS
- },
- # Disabled 2021/05/21 because it's broken.
- # {
- # "distribution": "rhel_8",
- # "output_file": ".packages-built",
- # "options": RPM_BASED_SYSTEMS_DOCKER_RUN_OPTIONS,
- # "docker_build_args": "--build-arg PASS=$${PASS}"
- # },
- # OpenSUSE
- {
- "distribution": "opensuse-leap_15.2",
- "output_file": ".packages-built",
- "options": RPM_BASED_SYSTEMS_DOCKER_RUN_OPTIONS
- },
- {
- "distribution": "opensuse-leap_15.3",
- "output_file": ".packages-built",
- "options": RPM_BASED_SYSTEMS_DOCKER_RUN_OPTIONS
- },
- {
- "distribution": "opensuse-tumbleweed",
- "output_file": ".packages-built",
- "options": RPM_BASED_SYSTEMS_DOCKER_RUN_OPTIONS
- },
- # Snap
- {
- "distribution": "snap",
- "output_file": ".packages-built",
- "options": "-e SNAP_PKG_NAME=$(or $(SNAP_PKG_NAME),jami)",
- },
-
- ]
-
- for target in targets:
- print(generate_target(**target))
-
-
-def parse_args():
- ap = argparse.ArgumentParser(
- description="Packaging targets generation tool"
- )
-
- ga = ap.add_mutually_exclusive_group(required=True)
-
- # Action arguments
- ga.add_argument('--generate',
- action='store_true',
- help='Generate a single packaging target')
- ga.add_argument('--generate-all',
- action='store_true',
- help='Generates all packaging targets')
-
- # Parameters
- ap.add_argument('--distribution')
- ap.add_argument('--output_file')
- ap.add_argument('--options', default='')
- ap.add_argument('--docker_image', default='')
- ap.add_argument('--version', default='')
- ap.add_argument('--version_qt', default='')
-
- parsed_args = ap.parse_args()
-
- return parsed_args
-
-
-def main():
- parsed_args = parse_args()
-
- print(template_header)
- if parsed_args.generate:
- run_generate(parsed_args)
- elif parsed_args.generate_all:
- run_generate_all(parsed_args)
-
-if __name__ == "__main__":
- main()
--
GitLab