diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..f0cf876 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,10 @@ +on: + push: + workflow_dispatch: + schedule: + - cron: '0 0 * * *' +jobs: + build: + uses: gardenlinux/package-build/.github/workflows/build.yml@main + with: + release: ${{ github.ref == 'refs/heads/main' }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..24e5b0a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.build diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index d6fc5e3..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,23 +0,0 @@ -stages: -- source -- build -- signed source -- signed build -- test -- deploy - -include: - - local: .gitlab/ci/build.yml - - project: gardenlinux/gardenlinux-package-build - file: - - pipeline/variables.yml - - pipeline/workflow.yml - - pipeline/source.yml - - pipeline/signed-source.yml - - pipeline/signed-build.yml - - pipeline/test.yml - - pipeline/deploy.yml - -variables: - SOURCE_NAME: ostree - BUILD_ARCH_ALL: "yes" diff --git a/.gitlab/ci/build.yml b/.gitlab/ci/build.yml deleted file mode 100644 index 9401ac9..0000000 --- a/.gitlab/ci/build.yml +++ /dev/null @@ -1,179 +0,0 @@ -variables: - EXCLUDE_ARTIFACT: ignore - BUILD_DIST: trixie - BUILD_DIST_GARDENLINUX: today - BUILD_IMAGE: debian:${BUILD_DIST}-slim - BUILD_GOLANG_DIST: trixie - BUILD_GOLANG_PKG_NAME: golang - BUILD_SOURCES_LIST: | - deb http://deb.debian.org/debian ${BUILD_DIST} main - deb http://deb.debian.org/debian-security ${BUILD_DIST}-security main - BUILD_GOLANG_SOURCES_LIST: | - deb http://deb.debian.org/debian ${BUILD_GOLANG_DIST} main - BUILD_SOURCES_LIST_GARDENLINUX: | - deb http://repo.gardenlinux.io/gardenlinux ${BUILD_DIST_GARDENLINUX} main - BUILD_GARDENLINUX_PREFERENCES: | - Package: * - Pin: release o=Gardenlinux - Pin-Priority: 700 - BUILD_KEY_GARDENLINUX: | - -----BEGIN PGP PUBLIC KEY BLOCK----- - - mQINBGN3UG4BEACUPRC/gZekjtoaszk7+TdJUi4E6U9asuUu2p9TvXpItQHcjBc4 - XZhKvrtJotft/KJQf7/hkS587QfaRzMqzIJe7WC3ttm/SWNQee9VDUOzNCBaIPrq - 9iv0wZn+UtfbnKqUj8oknuo4BIKBdMJML4WiAsueP2wIrl0K37axoXfBFRXXmIhd - 48xZKGw3MeoZKhv5buATwv7tnJAlWXmSAn1lJolVhcdsl6npN1RPWAUPbhUoeaYQ - zA2crak8PSe9B2foCoJ/7a4wtN4f9aI2+XYbMa97/9UzbcH8c1Cx4hSQpc7p0Csf - 5Ig0h/dLAFQ11xPbCgchh6EqZY46327H5vEXxhNVOAoQqIp+MEW12Gok6fDJX4Ts - zA8k4X8w5SEdhCKd4sUBYU8CzlejXqykHRkqlYi/kR4qAUsbaNy3naIqGb+hdeSs - 1Ch7X5sXArK1ua6a2xTlzpV7UesQddR31XBxg1y8zuqkD4YhxbcLx9i27kC9pyYm - 5aCE215k9NXnmeBI80VsEWbfxRomwIZ4XK0QiVqOS8f/yQtU2dZbAOEEb5hPhLvK - fhfFwBuLCuu4BQLBJCYX4tEvwtecXG31/3w+EbEBoFZ9HKRxIQgNM8u5pS4uKk9S - fBJRbliCtyynOkTRRBy8nUgoPhHAIruBfVo5CiRF8j/NRnCjp5glPNTuoQARAQAB - tEJHYXJkZW4gTGludXggQXV0b21hdGljIFNpZ25pbmcgS2V5ICgyMDIyKSA8Y29u - dGFjdEBnYXJkZW5saW51eC5pbz6JAlQEEwEKAD4WIQTwpt05wx1W5TUPBqaLrXaj - keK7UQUCY3dQbgIbLwUJBaOagAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCL - rXajkeK7UTcQD/9/Jxg34xhrzUpOStFtxo9JrsAUc38rAUEbFL30LSX9DG5fCHff - 6MCOGSI9zenc95O3hXOFb9mlQJrEFc7oYlqePbxqXCstOvyavKw53KddEKrpp+zZ - EIfbcXIsMh6c3G0fxPaAlFnjXprEzEDtPMfr3aa7fLZJENQbpOzyt//8AtFwYv2u - 3sEgYwPo07PQf60g7pIfkC6rkg3RexwMkhquh2gdBQo1I/jloWLsDhn+Hi+/zsbs - ny/IC8YZl3iMu+5pY5eRL+Uu3lslA8IB6Pjp1x2kBIP6PeVANAg/5vXqq1qn8aoG - z6+8JcIMDUETlnx19b6SqZd1shFlxlodU8qUtoAisk+WRoHCetkFSPvLr4EVloTb - SUB7gHPBWqjrCP39lYPsN52fgBiG2Nko+bnU9BSPt5VIvYQfvX3gx0FXQbW1zeZ6 - gq4w3lWajqilmS5F8x2pBJAFdLZw7f5t4w0NoGA2edJEc51+JW0/BgKmImQOjiOg - dD34FwP49P6orG14l/q3meKfJB0O660N09+liEHLo9zJtOUp8v+EwAjB81/LRLpV - HNRHTVOxDJRDDC2wjbhN38BtfjnLKFz2S/hZNIDeqz53fSgpGftdiBNhLS8wI2E1 - ciUIHaRWRlvgpEo1KsHk3Knn+t+f+5Fxyi9Yj9QMU5Hi7zKex9hBDReBrA== - =93j9 - -----END PGP PUBLIC KEY BLOCK----- - -.build: - stage: build - image: ${BUILD_IMAGE} - - before_script: - - > - if [[ $CI_DISPOSABLE_ENVIRONMENT ]]; then - # Install ca-certificates from repo that comes with the container - apt-get update -qy - apt-get install -qy --no-install-recommends ca-certificates - echo -n "$BUILD_SOURCES_LIST" > /etc/apt/sources.list - if [[ $JOB_HOST_ARCH != all ]]; then - dpkg --add-architecture $JOB_HOST_ARCH - fi - if [[ ${BUILD_USE_GARDENLINUX_REPO:-} ]]; then - echo "### Adding Garden Linux today as build dependency repository" - echo -n "$BUILD_SOURCES_LIST_GARDENLINUX" >> /etc/apt/sources.list - echo -n "$BUILD_GARDENLINUX_PREFERENCES" > /etc/apt/preferences.d/gardenlinux.pref - echo "$BUILD_KEY_GARDENLINUX" >> /etc/apt/trusted.gpg.d/gardenlinux.asc - apt-get update -qy - fi - if [[ ${BUILD_REQUIRES_GO:-} ]]; then - apt-get install -qy --no-install-recommends golang - fi - apt-get upgrade -qy -o DPkg::Options::=--force-unsafe-io fakeroot - if [[ $JOB_HOST_ARCH = all ]]; then - apt-get build-dep -qy --indep-only -o DPkg::Options::=--force-unsafe-io ./_output/*.dsc - else - if [[ $JOB_HOST_ARCH != $(dpkg --print-architecture) ]]; then - export DEB_BUILD_PROFILES="${DEB_BUILD_PROFILES:-} cross" - fi - apt-get build-dep -qy -a $JOB_HOST_ARCH --arch-only -o DPkg::Options::=--force-unsafe-io ./_output/*.dsc - # Workaround for non-multiarch build-essential, see https://bugs.debian.org/666743 - apt-get install -qy --no-install-recommends binutils-$JOB_HOST_GNU_TYPE_PACKAGE gcc-$JOB_HOST_GNU_TYPE_PACKAGE g++-$JOB_HOST_GNU_TYPE_PACKAGE libc6-dev:$JOB_HOST_ARCH - fi - fi - - | - if [[ ${UPLOAD_OUTPUT_TO_S3:-} && ${CI_COMMIT_REF_PROTECTED:-} ]]; then - apt-get update -qy - apt-get install -qy --no-install-recommends python3 python3-pip python3-venv - export VIRTUAL_ENV=/opt/venv - python3 -m venv $VIRTUAL_ENV; - PATH="$VIRTUAL_ENV/bin:$PATH" pip install awscli - fi - - | - if [[ ${BUILD_GO_VERSION:-} ]]; then - # If a go version is specified as build env, make sure it is used as default - update-alternatives --install /usr/bin/go go /usr/lib/go-${BUILD_GO_VERSION}/bin/go 100 \ - --slave /usr/bin/gofmt gofmt /usr/lib/go-${BUILD_GO_VERSION}/bin/gofmt - fi - - cd _output - - dpkg-source -x *.dsc src - - chown nobody -R . - - cd src - - script: - - > - if [[ $JOB_HOST_ARCH != $(dpkg --print-architecture) ]]; then - export DEB_BUILD_OPTIONS="${DEB_BUILD_OPTIONS:-} nocheck" - export DEB_BUILD_PROFILES="${DEB_BUILD_PROFILES:-} cross" - fi - - su -s /bin/sh -c "set -euE; DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -B -a $JOB_HOST_ARCH" nobody - - after_script: - - export VIRTUAL_ENV=/opt/venv - - export PACKAGE_VERSION=$(cat _output/*.dsc | grep "^Version:" | cut -d' ' -f2) - - export PATH="$VIRTUAL_ENV/bin:$PATH" - - export OUTPUT_TAR_NAME="${CI_JOB_NAME//build/}-artifacts.tar" - - export OUTPUT_TAR_NAME="${OUTPUT_TAR_NAME// /}" - - | - if [[ ${UPLOAD_OUTPUT_TO_S3:-} && ${CI_COMMIT_REF_PROTECTED:-} ]]; then - if [[ ${ROLE_ARN:-} && ${GITLAB_CACHES_BUCKET:-} ]]; then - echo "Uploading artifacts to S3 Bucket..." - set +x - export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" \ - $(aws sts assume-role-with-web-identity \ - --role-arn ${ROLE_ARN} \ - --role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}" \ - --web-identity-token $CI_JOB_JWT_V2 \ - --duration-seconds 3600 \ - --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' \ - --output text)) - aws sts get-caller-identity - tar cf ${OUTPUT_TAR_NAME} _output/*.deb || echo "failed to compress output artifacts.." - aws s3 cp ${OUTPUT_TAR_NAME} ${GITLAB_CACHES_BUCKET}/${CI_PROJECT_NAME}/${PACKAGE_VERSION// /_}/ || echo "failed to upload.." - echo "done uploading.." - else - echo "Please set ROLE_ARN and GITLAB_CACHES_BUCKET variables in gitlab project" - fi - else - echo "Not uploading artifacts to S3 (default)." - fi - - dependencies: - - source - artifacts: - paths: - - _output/*_${JOB_HOST_ARCH}.* - exclude: - - ${EXCLUDE_ARTIFACT} - expire_in: 2 days - -build all: - extends: .build - script: - - su -s /bin/sh -c "set -euE; DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -A" nobody - variables: - JOB_HOST_ARCH: all - rules: - - if: '$BUILD_ARCH_ALL != ""' - -build amd64: - extends: .build - variables: - JOB_HOST_ARCH: amd64 - JOB_HOST_GNU_TYPE_PACKAGE: x86-64-linux-gnu - tags: - - gardenlinux-build-amd64 - rules: - - if: '$BUILD_ARCH_AMD64 != ""' - -build arm64: - extends: .build - variables: - JOB_HOST_ARCH: arm64 - JOB_HOST_GNU_TYPE_PACKAGE: aarch64-linux-gnu - tags: - - gardenlinux-build-arm64 - rules: - - if: '$BUILD_ARCH_ARM64 != ""' diff --git a/patches/add_patches.patch b/patches/add_patches.patch new file mode 100644 index 0000000..154bc2b --- /dev/null +++ b/patches/add_patches.patch @@ -0,0 +1,50 @@ +diff --git a/debian/patches/debugPrintUpgrade.diff b/debian/patches/debugPrintUpgrade.diff +new file mode 100644 +index 00000000..c36f77d8 +--- /dev/null ++++ b/debian/patches/debugPrintUpgrade.diff +@@ -0,0 +1,13 @@ ++diff --color -Naur deb-pkg-ostree-orig/src/libostree/ostree-sysroot-upgrader.c deb-pkg-ostree-working-copy/src/libostree/ostree-sysroot-upgrader.c ++--- deb-pkg-ostree-orig/src/libostree/ostree-sysroot-upgrader.c 2023-09-06 16:08:48.148445008 +0200 +++++ deb-pkg-ostree-working-copy/src/libostree/ostree-sysroot-upgrader.c 2023-09-20 11:30:26.197032024 +0200 ++@@ -562,6 +562,8 @@ ++ return FALSE; ++ } ++ +++ g_print ("\n>>>DBG: from_revision: %s\n", from_revision); +++ g_print (">>>DBG: new_revision: %s)\n\n", self->new_revision); ++ if (g_strcmp0 (from_revision, self->new_revision) == 0) ++ { ++ *out_changed = FALSE; ++ +diff --git a/debian/patches/mkdirSysroot.diff b/debian/patches/mkdirSysroot.diff +new file mode 100644 +index 00000000..786d4e54 +--- /dev/null ++++ b/debian/patches/mkdirSysroot.diff +@@ -0,0 +1,15 @@ ++diff --color -Naur deb-pkg-ostree-orig/src/switchroot/ostree-prepare-root.c deb-pkg-ostree-working-copy/src/switchroot/ostree-prepare-root.c ++--- deb-pkg-ostree-orig/src/switchroot/ostree-prepare-root.c 2023-09-06 16:08:48.152444851 +0200 +++++ deb-pkg-ostree-working-copy/src/switchroot/ostree-prepare-root.c 2023-09-25 15:38:05.147081727 +0200 ++@@ -672,6 +672,10 @@ ++ * root under /sysroot/sysroot as systemd will be responsible for ++ * moving /sysroot to /. ++ */ +++ +++ if (mkdirat (AT_FDCWD, "sysroot", 0755) < 0) +++ g_print (">>>DBG>>: Failed to create %s", "sysroot"); +++ ++ if (mount (root_mountpoint, "sysroot", NULL, MS_MOVE | MS_SILENT, NULL) < 0) ++ err (EXIT_FAILURE, "failed to MS_MOVE '%s' to 'sysroot'", root_mountpoint); ++ ++ +diff --git a/debian/patches/series b/debian/patches/series +index 78a4e054..7c22215a 100644 +--- a/debian/patches/series ++++ b/debian/patches/series +@@ -1,3 +1,5 @@ + debian/Skip-test-pull-repeated-during-CI.patch + debian/test-sysroot-Skip-on-s390x-by-default.patch + debian/Skip-test-admin-deploy-uboot.sh-on-s390x.patch ++debugPrintUpgrade.diff ++mkdirSysroot.diff diff --git a/patches/debugPrintUpgrade.diff b/patches/debugPrintUpgrade.diff deleted file mode 100644 index 95bf484..0000000 --- a/patches/debugPrintUpgrade.diff +++ /dev/null @@ -1,12 +0,0 @@ -diff --color -Naur deb-pkg-ostree-orig/src/libostree/ostree-sysroot-upgrader.c deb-pkg-ostree-working-copy/src/libostree/ostree-sysroot-upgrader.c ---- deb-pkg-ostree-orig/src/libostree/ostree-sysroot-upgrader.c 2023-09-06 16:08:48.148445008 +0200 -+++ deb-pkg-ostree-working-copy/src/libostree/ostree-sysroot-upgrader.c 2023-09-20 11:30:26.197032024 +0200 -@@ -562,6 +562,8 @@ - return FALSE; - } - -+ g_print ("\n>>>DBG: from_revision: %s\n", from_revision); -+ g_print (">>>DBG: new_revision: %s)\n\n", self->new_revision); - if (g_strcmp0 (from_revision, self->new_revision) == 0) - { - *out_changed = FALSE; diff --git a/patches/mkdirSysroot.diff b/patches/mkdirSysroot.diff deleted file mode 100644 index 12c0a02..0000000 --- a/patches/mkdirSysroot.diff +++ /dev/null @@ -1,14 +0,0 @@ -diff --color -Naur deb-pkg-ostree-orig/src/switchroot/ostree-prepare-root.c deb-pkg-ostree-working-copy/src/switchroot/ostree-prepare-root.c ---- deb-pkg-ostree-orig/src/switchroot/ostree-prepare-root.c 2023-09-06 16:08:48.152444851 +0200 -+++ deb-pkg-ostree-working-copy/src/switchroot/ostree-prepare-root.c 2023-09-25 15:38:05.147081727 +0200 -@@ -672,6 +672,10 @@ - * root under /sysroot/sysroot as systemd will be responsible for - * moving /sysroot to /. - */ -+ -+ if (mkdirat (AT_FDCWD, "sysroot", 0755) < 0) -+ g_print (">>>DBG>>: Failed to create %s", "sysroot"); -+ - if (mount (root_mountpoint, "sysroot", NULL, MS_MOVE | MS_SILENT, NULL) < 0) - err (EXIT_FAILURE, "failed to MS_MOVE '%s' to 'sysroot'", root_mountpoint); - diff --git a/patches/series b/patches/series index 458ae13..d1aa93a 100644 --- a/patches/series +++ b/patches/series @@ -1,2 +1 @@ -debugPrintUpgrade.diff -mkdirSysroot.diff +add_patches.patch diff --git a/prepare_source b/prepare_source new file mode 100644 index 0000000..5ae2140 --- /dev/null +++ b/prepare_source @@ -0,0 +1,2 @@ +apt_src ostree +apply_patches