mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-04 22:40:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'standalone-vagrantfile' into 'master'

Browse source 
Standalone Vagrantfile

@mvdan @CiaranG as a follow up on our work moving to a 64-bit build server VM, this moves the buildserver config to a standalone YAML file and commits a static _Vagrantfile_ to git.  This makes it a lot easier to work with, especially for people who normally use git.  The buildserver config is already a Python _dict_, and its trivial to export a _dict_ to a YAML file.  _Vagrantfile_ is a Ruby script, where its trivial to load a YAML file.  This moves some of the logic into _Vagrantfile_ itself.  This means that someone can mess with _Yagrantfile.yaml_ and/or _Vagrantfile_ to work on the buildserver setup, without having to run `./makebuildserver`.  Then once something is working, it can be ported to the current `./makebuildserver` setup that generates _Vagrantfile.yaml_.

This is important for working on getting this whole thing running in a KVM instance like jenkins.debian.net and elsewhere.  From what I read, VirtualBox in KVM is only possible if VirtualBox is running in 32-bit mode, so that's a dead end for us.  We need to be able to run the buildserver as KVM in KVM #190.  This merge request doesn't get us there yet, but it makes the process a lot easier.

This also moves everything but Kivy to provisioning shell scripts, since the existing chef scripts were really just shell scripts wrapped in Chef wrapped in Vagrant wrapped in `./makebuildserver`.

This passes the gpjenkins CI build that creates the buildserver from scratch, then builds F-Droid and AdAway:
http://qssio5fppcrojdh3.onion:8080/job/fdroidserver-makebuildserver-eighthave/602/

I tried adding Amaze and Retrolambda as test apps for the buildserver too, we'll see how that goes:
http://qssio5fppcrojdh3.onion:8080/job/fdroidserver-makebuildserver-eighthave

See merge request !144
This commit is contained in:
Ciaran Gultnieks 2016-07-07 15:37:26 +00:00
commit 0c5725b5a9
14 changed files with 248 additions and 259 deletions
Download patch file Download diff file Expand all files Collapse all files

2
buildserver/.gitignore vendored
View file

@ -1,4 +1,4 @@
.vagrant
up.log
cache/
Vagrantfile
Vagrantfile.yaml

70
buildserver/Vagrantfile vendored Normal file
View file

@ -0,0 +1,70 @@
require 'yaml'
configfile = YAML.load_file('Vagrantfile.yaml')
Vagrant.configure("2") do |config|
if Vagrant.has_plugin?("vagrant-cachier")
config.cache.scope = :box
config.cache.auto_detect = false
config.cache.enable :apt
config.cache.enable :chef
end
config.vm.box = configfile['basebox']
config.vm.box_url = configfile['baseboxurl']
config.vm.provider "virtualbox" do |v|
v.customize ["modifyvm", :id, "--memory", configfile['memory']]
v.customize ["modifyvm", :id, "--cpus", configfile['cpus']]
v.customize ["modifyvm", :id, "--hwvirtex", configfile['hwvirtex']]
end
config.vm.boot_timeout = configfile['boot_timeout']
config.vm.provision :shell, :path => "fixpaths.sh"
if configfile.has_key? "aptproxy"
config.vm.provision :shell, path: "provision-apt-proxy",
args: [configfile["aptproxy"]]
end
# buildserver/ is shared to the VM's /vagrant by default so the old
# default does not need a custom mount
if configfile["cachedir"] != "buildserver/cache"
config.vm.synced_folder configfile["cachedir"], '/vagrant/cache',
owner: 'root', group: 'root', create: true
end
# cache .deb packages on the host via a mount trick
if configfile.has_key? "aptcachedir"
config.vm.synced_folder configfile["aptcachedir"], "/var/cache/apt/archives",
owner: 'root', group: 'root', create: true
end
config.vm.provision "shell", path: "setup-env-vars",
args: ["/home/vagrant/android-sdk"]
config.vm.provision "shell", path: "provision-apt-get-install",
args: [configfile['debian_mirror']]
config.vm.provision :chef_solo do |chef|
chef.cookbooks_path = "cookbooks"
chef.log_level = :debug
chef.add_recipe "kivy"
end
config.vm.provision "shell", path: "provision-android-sdk"
config.vm.provision "shell", path: "provision-android-ndk",
args: ["/home/vagrant/android-ndk"]
config.vm.provision "shell", path: "provision-pip",
args: ["compare-locales"]
config.vm.provision "shell", path: "provision-gradle"
config.vm.provision "file", source: "gradle",
destination: "/opt/gradle/bin/gradle"
# let Ubuntu/trusty's paramiko work with the VM instance
if `uname -v`.include? "14.04"
config.vm.provision "shell", path: "provision-ubuntu-trusty-paramiko"
end
end

129
buildserver/cookbooks/fdroidbuild-general/recipes/default.rb
View file

@ -1,129 +0,0 @@
user = node[:settings][:user]
debian_mirror = node[:settings][:debian_mirror]
execute 'set_debian_mirror' do
command "sed -i 's,http://ftp.uk.debian.org/debian/,#{debian_mirror},g' /etc/apt/sources.list"
end
execute "jessie_backports" do
command "echo 'deb #{debian_mirror} jessie-backports main' > /etc/apt/sources.list.d/backports.list"
only_if "grep jessie /etc/apt/sources.list"
end
if node['kernel']['machine'] == "x86_64"
execute "archi386" do
command "dpkg --add-architecture i386"
end
end
execute "apt-get-update" do
command "apt-get update"
end
%w{
ant
ant-contrib
autoconf
autoconf2.13
automake1.11
autopoint
bison
bzr
cmake
curl
expect
faketime
flex
gettext
git-core
git-svn
gperf
graphviz
imagemagick
inkscape
javacc
libarchive-zip-perl
libexpat1-dev
libglib2.0-dev
liblzma-dev
librsvg2-bin
libsaxonb-java
libssl-dev
libssl1.0.0
libtool
libtool-bin
make
maven
}.each do |pkg|
package pkg do
action :install
end
end
%w{
mercurial
nasm
openjdk-8-jdk-headless
optipng
p7zip
pandoc
perlmagick
pkg-config
python-gnupg
python-magic
python-setuptools
python3-gnupg
python3-requests
python3-yaml
qt5-default
qtbase5-dev
quilt
realpath
scons
subversion
swig
texinfo
transfig
unzip
vorbis-tools
xsltproc
yasm
zip
}.each do |pkg|
package pkg do
action :install
end
end
if node['kernel']['machine'] == "x86_64"
%w{libstdc++6:i386 libgcc1:i386 zlib1g:i386 libncurses5:i386}.each do |pkg|
package pkg do
action :install
end
end
end
easy_install_package "compare-locales" do
options "-U"
action :install
end
if node['kernel']['machine'] == "x86_64"
execute "set-default-java" do
command "update-java-alternatives --set java-1.8.0-openjdk-amd64"
end
else
execute "set-default-java" do
command "update-java-alternatives --set java-1.8.0-openjdk-i386"
end
end
# Ubuntu trusty 14.04's paramiko does not work with jessie's openssh's default settings
# https://stackoverflow.com/questions/7286929/paramiko-incompatible-ssh-peer-no-acceptable-kex-algorithm/32691055#32691055
execute "support-ubuntu-trusty-paramiko" do
only_if { node[:settings][:ubuntu_trusty] == 'true' }
command "echo Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr >> /etc/ssh/sshd_config"
command "echo MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1 >> /etc/ssh/sshd_config"
command "echo KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 >> /etc/ssh/sshd_config"
end

2
buildserver/cookbooks/kivy/recipes/default.rb
View file

@ -1,6 +1,4 @@
user = node[:settings][:user]
%w{cython python-pygame python-pip python-virtualenv python-opengl python-gst0.10 python-enchant libgl1-mesa-dev libgles2-mesa-dev}.each do |pkg|
package pkg do
action :install

2
buildserver/fixpaths.sh
View file

@ -1,5 +1,7 @@
#!/bin/sh
echo $0
fixit()
{
#Fix sudoers so the PATH gets passed through, otherwise chef

1
buildserver/provision-android-ndk
View file

@ -1,6 +1,7 @@
#!/bin/bash
#
echo $0
set -e
NDK_BASE=$1

8
buildserver/provision-android-sdk
View file

@ -1,7 +1,9 @@
#!/bin/bash
#
echo $0
set -e
set -x
if [ -z $ANDROID_HOME ]; then
echo "ANDROID_HOME env var must be set!"
@ -23,7 +25,7 @@ fi
cd /vagrant/cache
# make hard links for `android update sdk` to use and delete
# make links for `android update sdk` to use and delete
for f in android_*.zip android-[0-9]*.zip platform-[0-9]*.zip build-tools_r*-linux.zip; do
rm -f ${ANDROID_HOME}/temp/$f
ln -s /vagrant/cache/$f ${ANDROID_HOME}/temp/
@ -42,8 +44,8 @@ for f in `ls -1 build-tools*.zip`; do
cached=,build-tools-${ver}${cached}
done
${ANDROID_HOME}/tools/android --silent update sdk --no-ui --all \
--filter platform-tools,extra-android-m2repository${cached} > /dev/null <<EOH
${ANDROID_HOME}/tools/android update sdk --no-ui --all \
--filter platform-tools,extra-android-m2repository${cached} <<EOH
y
EOH

91
buildserver/provision-apt-get-install Normal file
View file

@ -0,0 +1,91 @@
#!/bin/bash
echo $0
set -e
set -x
debian_mirror=$1
sed -i "s,http://ftp.uk.debian.org/debian/,${debian_mirror},g" /etc/apt/sources.list
if grep --quiet jessie /etc/apt/sources.list; then
echo "deb $debian_mirror jessie-backports main" > /etc/apt/sources.list.d/backports.list
fi
dpkg --add-architecture i386
apt-get -y update
apt-get -y upgrade
packages="
ant
ant-contrib
autoconf
autoconf2.13
automake1.11
autopoint
bison
bzr
cmake
curl
expect
faketime
flex
gettext
git-core
git-svn
gperf
graphviz
imagemagick
inkscape
javacc
libarchive-zip-perl
libexpat1-dev
libgcc1:i386
libglib2.0-dev
liblzma-dev
libncurses5:i386
librsvg2-bin
libsaxonb-java
libssl-dev
libssl1.0.0
libstdc++6:i386
libtool
libtool-bin
make
maven
mercurial
nasm
openjdk-8-jdk-headless
optipng
p7zip
pandoc
perlmagick
pkg-config
python-gnupg
python-magic
python-setuptools
python3-gnupg
python3-requests
python3-yaml
qt5-default
qtbase5-dev
quilt
realpath
scons
subversion
swig
texinfo
transfig
unzip
vorbis-tools
xsltproc
yasm
zip
zlib1g:i386
"
apt-get install --yes --no-install-recommends $packages
highestjava=`update-java-alternatives --list | sort -n | tail -1 | cut -d ' ' -f 1`
update-java-alternatives --set $highestjava

11
buildserver/provision-apt-proxy Normal file
View file

@ -0,0 +1,11 @@
#!/bin/bash
echo $0
set -e
rm -f /etc/apt/apt.conf.d/02proxy
echo "Acquire::ftp::Proxy \"$1\";" >> /etc/apt/apt.conf.d/02proxy
echo "Acquire::http::Proxy \"$1\";" >> /etc/apt/apt.conf.d/02proxy
echo "Acquire::https::Proxy \"$1\";" >> /etc/apt/apt.conf.d/02proxy
apt-get update

14
buildserver/provision-pip Normal file
View file

@ -0,0 +1,14 @@
#!/bin/bash
echo $0
set -e
set -x
# cache pypi downloads
if [ -z $PIP_DOWNLOAD_CACHE ]; then
export PIP_DOWNLOAD_CACHE=$HOME/.pip_download_cache
fi
apt-get install --yes --no-install-recommends python-pip
pip install --upgrade $@

19
buildserver/provision-ubuntu-trusty-paramiko Normal file
View file

@ -0,0 +1,19 @@
#!/bin/bash
echo $0
set -e
# Ubuntu trusty 14.04's paramiko does not work with jessie's openssh's default settings
# https://stackoverflow.com/questions/7286929/paramiko-incompatible-ssh-peer-no-acceptable-kex-algorithm/32691055#32691055
if ! grep --quiet ^Ciphers /etc/ssh/sshd_config; then
echo Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr >> /etc/ssh/sshd_config
fi
if ! grep --quiet ^MACs /etc/ssh/sshd_config; then
echo MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1 >> /etc/ssh/sshd_config
fi
if ! grep --quiet ^KexAlgorithms /etc/ssh/sshd_config; then
echo KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 >> /etc/ssh/sshd_config
fi

2
hooks/pre-commit
View file

@ -12,7 +12,7 @@ if [ -z "$files" ]; then
PY_TEST_FILES="tests/*.TestCase"
SH_FILES="hooks/pre-commit"
BASH_FILES="fd-commit jenkins-build docs/update.sh completion/bash-completion buildserver/provision-*"
RB_FILES="buildserver/cookbooks/*/recipes/*.rb"
RB_FILES="buildserver/cookbooks/*/recipes/*.rb buildserver/Vagrantfile"
else
# if actually committing right now, then only run on the files
# that are going to be committed at this moment

10
jenkins-build-makebuildserver
View file

@ -60,13 +60,15 @@ fi
cd fdroiddata
echo "build_server_always = True" > config.py
# if it can't build fdroid, then its really broken
../fdroid build --verbose --stop --latest org.fdroid.fdroid
# Gradle, JNI, preassemble
../fdroid build --stop org.adaway:55
# Maven
../fdroid build --stop org.quantumbadger.redreader:55
#../fdroid build --stop org.quantumbadger.redreader:55
# Custom build (make)
../fdroid build --stop com.amaze.filemanager:29
#../fdroid build --stop com.amaze.filemanager:29
# Uses verification
../fdroid build --stop info.guardianproject.checkey:101
#../fdroid build --stop info.guardianproject.checkey:101
# Gradle with retrolambda (JDK7 and JDK8)
../fdroid build --stop com.moez.QKSMS:124
#../fdroid build --stop com.moez.QKSMS:124

138
makebuildserver
View file

@ -6,6 +6,7 @@ import sys
import subprocess
import time
import hashlib
import yaml
from clint.textui import progress
from optparse import OptionParser
@ -49,7 +50,6 @@ options, args = parser.parse_args()
# set up default config
cachedir = os.path.join(os.getenv('HOME'), '.cache', 'fdroidserver')
config = {
'arch64': True,
'basebox': 'jessie64',
# TODO in py3, convert this to pathlib.Path(absolute_path_string).as_uri()
'baseboxurl': [
@ -62,6 +62,7 @@ config = {
'cachedir': cachedir,
'cpus': 1,
'memory': 1024,
'hwvirtex': 'off',
}
# load config file, if present
@ -70,6 +71,7 @@ if os.path.exists('makebuildserver.config.py'):
elif os.path.exists('makebs.config.py'):
# this is the old name for the config file
exec(compile(open('makebs.config.py').read(), 'makebs.config.py', 'exec'), config)
del(config['__builtins__']) # added by compile/exec
if not os.path.exists('makebuildserver') or not os.path.exists(serverdir):
print('This must be run from the correct directory!')
@ -86,11 +88,16 @@ cachedir = config['cachedir']
if not os.path.exists(cachedir):
os.makedirs(cachedir, 0o755)
if config['apt_package_cache']:
config['aptcachedir'] = cachedir + '/apt/archives'
cachefiles = [
('https://dl.google.com/android/repository/tools_r25.1.7-linux.zip',
'3ca053600a86a5a64d5571edfbb1dad27f2bda3bfd2d38e2fe54322610b1ef0b'),
('https://dl.google.com/android/repository/android_m2repository_r32.zip',
'a6a8d7ffb153161f26d5fdebfa9aa1c9c84b29c62851fffff2cdfad9e094b13b'),
('https://dl.google.com/android/repository/platform-tools_r24-linux.zip',
'076368b337d042d163364594dda63b7e778835f636fafb2c8af4d4a604175c32'),
('https://dl.google.com/android/repository/android_m2repository_r33.zip',
'be9bb4a27aeefb1c9adb0cade8771f764447c4cbde74426303db2ac6bde1879c'),
('https://dl.google.com/android/repository/android-1.5_r04-linux.zip',
'85b6c8f9797e56aa415d3a282428bb640c96b0acb17c11d41621bb2a5302fe64'),
('https://dl.google.com/android/repository/android-1.6_r03-linux.zip',
@ -231,24 +238,13 @@ cachefiles = [
'993b4f33b652c689e9721917d8e021cab6bbd3eae81b39ab2fd46fdb19a928d5'),
('https://pypi.python.org/packages/source/K/Kivy/Kivy-1.7.2.tar.gz',
'0485e2ef97b5086df886eb01f8303cb542183d2d71a159466f99ad6c8a1d03f1'),
]
if config['arch64']:
cachefiles.extend([
('https://dl.google.com/android/ndk/android-ndk-r10e-linux-x86_64.bin',
'102d6723f67ff1384330d12c45854315d6452d6510286f4e5891e00a5a8f1d5a'),
('https://dl.google.com/android/ndk/android-ndk-r9b-linux-x86_64.tar.bz2',
'8956e9efeea95f49425ded8bb697013b66e162b064b0f66b5c75628f76e0f532'),
('https://dl.google.com/android/ndk/android-ndk-r9b-linux-x86_64-legacy-toolchains.tar.bz2',
'de93a394f7c8f3436db44568648f87738a8d09801a52f459dcad3fc047e045a1')])
else:
cachefiles.extend([
('https://dl.google.com/android/ndk/android-ndk-r10e-linux-x86.bin',
'92b07d25aaad9b341a7f2b2a62402d508e948bf2dea3ee7b65a6aeb18bca7df5'),
('https://dl.google.com/android/ndk/android-ndk-r9b-linux-x86.tar.bz2',
'748104b829dd12afb2fdb3044634963abb24cdb0aad3b26030abe2e9e65bfc81'),
('https://dl.google.com/android/ndk/android-ndk-r9b-linux-x86-legacy-toolchains.tar.bz2',
'606aadf815ae28cc7b0154996247c70d609f111b14e44bcbcd6cad4c87fefb6f')])
'de93a394f7c8f3436db44568648f87738a8d09801a52f459dcad3fc047e045a1'),
]
def sha256_for_file(path):
@ -310,118 +306,31 @@ for srcurl, shasum in cachefiles:
print("\t...shasum verified for " + local_filename)
else:
print("Invalid shasum of '" + v + "' detected for " + local_filename)
os.remove(local_filename)
sys.exit(1)
# allow specifying a list/tuple that includes cached local copy
if type(config['baseboxurl']) in (list, tuple) or config['baseboxurl'][0] in ('(', '['):
baseboxurl = config['baseboxurl']
else:
baseboxurl = '"{0}"'.format(config['baseboxurl'])
# use VirtualBox software virtualization if hardware is not available,
# like if this is being run in kvm or some other VM platform, like
# http://jenkins.debian.net, the values are 'on' or 'off'
hwvirtex = 'off'
if sys.platform.startswith('darwin'):
# all < 10 year old Macs work, and OSX servers as VM host are very
# rare, but this could also be auto-detected if someone codes it
hwvirtex = 'on'
config['hwvirtex'] = 'on'
elif os.path.exists('/proc/cpuinfo'):
with open('/proc/cpuinfo') as f:
contents = f.read()
if 'vmx' in contents or 'svm' in contents:
hwvirtex = 'on'
config['hwvirtex'] = 'on'
# Generate an appropriate Vagrantfile for the buildserver, based on our
# settings...
vagrantfile = """
Vagrant.configure("2") do |config|
if Vagrant.has_plugin?("vagrant-cachier")
config.cache.scope = :box
config.cache.auto_detect = false
config.cache.enable :apt
config.cache.enable :chef
end
config.vm.box = "{0}"
config.vm.box_url = {1}
config.vm.provider "virtualbox" do |v|
v.customize ["modifyvm", :id, "--memory", "{2}"]
v.customize ["modifyvm", :id, "--cpus", "{3}"]
v.customize ["modifyvm", :id, "--hwvirtex", "{4}"]
end
config.vm.boot_timeout = {5}
config.vm.provision :shell, :path => "fixpaths.sh"
""".format(config['basebox'],
baseboxurl,
config['memory'],
config.get('cpus', 1),
hwvirtex,
config['boot_timeout'])
if 'aptproxy' in config and config['aptproxy']:
vagrantfile += """
config.vm.provision :shell, :inline => 'sudo echo "Acquire::http {{ Proxy \\"{0}\\"; }};" > /etc/apt/apt.conf.d/02proxy && sudo apt-get update'
""".format(config['aptproxy'])
# buildserver/ is shared to the VM's /vagrant by default so the old default
# does not need a custom mount
if cachedir != 'buildserver/cache':
vagrantfile += """
config.vm.synced_folder '{0}', '/vagrant/cache',
owner: 'root', group: 'root', create: true
""".format(cachedir)
# cache .deb packages on the host via a mount trick
if config['apt_package_cache']:
aptcachedir = cachedir + '/apt/archives'
vagrantfile += """
config.vm.synced_folder "{0}", "/var/cache/apt/archives",
owner: 'root', group: 'root', create: true
""".format(aptcachedir)
vagrantfile += """
config.vm.provision "shell", path: "setup-env-vars",
args: ["/home/vagrant/android-sdk"]
config.vm.provision :chef_solo do |chef|
chef.cookbooks_path = "cookbooks"
chef.log_level = :debug
chef.json = {
:settings => {
:debian_mirror => "%s",
:ubuntu_trusty => "%s",
:user => "vagrant"
}
}
chef.add_recipe "fdroidbuild-general"
chef.add_recipe "kivy"
end
config.vm.provision "shell", path: "provision-android-sdk"
config.vm.provision "shell", path: "provision-android-ndk",
args: ["/home/vagrant/android-ndk"]
config.vm.provision "shell", path: "provision-gradle"
config.vm.provision "file", source: "gradle",
destination: "/opt/gradle/bin/gradle"
end
""" % (config['debian_mirror'],
str('14.04' in os.uname()[3]).lower())
# Check against the existing Vagrantfile, and if they differ, we need to
# create a new box:
vf = os.path.join(serverdir, 'Vagrantfile')
# Check against the existing Vagrantfile.yaml, and if they differ, we
# need to create a new box:
vf = os.path.join(serverdir, 'Vagrantfile.yaml')
writevf = True
if os.path.exists(vf):
vagrant(['halt'], serverdir)
with open(vf, 'r') as f:
oldvf = f.read()
if oldvf != vagrantfile:
with open(vf, 'r', encoding='utf-8') as f:
oldconfig = yaml.load(f)
if config != oldconfig:
print("Server configuration has changed, rebuild from scratch is required")
vagrant(['destroy', '-f'], serverdir)
else:
@ -430,9 +339,8 @@ if os.path.exists(vf):
else:
print("No existing server - building from scratch")
if writevf:
with open(vf, 'w') as f:
f.write(vagrantfile)
with open(vf, 'w', encoding='utf-8') as f:
yaml.dump(config, f)
print("Configuring build server VM")
returncode, out = vagrant(['up', '--provision'], serverdir, printout=True)