From d92286e2826fa3009f75e34e9b4a6d46090aa80a Mon Sep 17 00:00:00 2001 From: Fred Heinecke Date: Wed, 9 Mar 2022 14:50:00 -0600 Subject: [PATCH 1/4] Fixed RPMs using artifacts compiled against a too-new version of glibc --- .drone.yml | 62 +++++++++++++++++------------------ build.assets/build-package.sh | 7 +++- dronegen/tag.go | 25 ++++++++++++-- 3 files changed, 60 insertions(+), 34 deletions(-) diff --git a/.drone.yml b/.drone.yml index 6d0ab79c7ad6c..1494b8da67c4a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1052,7 +1052,7 @@ steps: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:225 +# Generated at dronegen/tag.go:230 ################################################ kind: pipeline @@ -1194,7 +1194,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:225 +# Generated at dronegen/tag.go:230 ################################################ kind: pipeline @@ -1335,7 +1335,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:225 +# Generated at dronegen/tag.go:230 ################################################ kind: pipeline @@ -1474,7 +1474,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:225 +# Generated at dronegen/tag.go:230 ################################################ kind: pipeline @@ -1613,12 +1613,12 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:410 +# Generated at dronegen/tag.go:431 ################################################ kind: pipeline type: kubernetes -name: build-linux-amd64-rpm +name: build-linux-amd64-centos7-rpm trigger: event: include: @@ -1634,7 +1634,7 @@ workspace: clone: disable: true depends_on: -- build-linux-amd64 +- build-linux-amd64-centos7 steps: - name: Check out code image: docker:git @@ -1668,9 +1668,9 @@ steps: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz /go/artifacts/ - - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz /go/artifacts/ environment: AWS_ACCESS_KEY_ID: @@ -1683,7 +1683,7 @@ steps: - name: Build artifacts image: docker commands: - - apk add --no-cache bash curl gzip make tar + - apk add --no-cache bash curl gzip make tar go - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - mkdir -m0700 $GNUPG_DIR @@ -1779,12 +1779,12 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:410 +# Generated at dronegen/tag.go:431 ################################################ kind: pipeline type: kubernetes -name: build-linux-amd64-fips-rpm +name: build-linux-amd64-centos7-fips-rpm trigger: event: include: @@ -1800,7 +1800,7 @@ workspace: clone: disable: true depends_on: -- build-linux-amd64-fips +- build-linux-amd64-centos7-fips steps: - name: Check out code image: docker:git @@ -1834,7 +1834,7 @@ steps: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz /go/artifacts/ environment: AWS_ACCESS_KEY_ID: @@ -1847,7 +1847,7 @@ steps: - name: Build artifacts image: docker commands: - - apk add --no-cache bash curl gzip make tar + - apk add --no-cache bash curl gzip make tar go - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - mkdir -m0700 $GNUPG_DIR @@ -1942,7 +1942,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:410 +# Generated at dronegen/tag.go:431 ################################################ kind: pipeline @@ -2094,7 +2094,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:410 +# Generated at dronegen/tag.go:431 ################################################ kind: pipeline @@ -2243,7 +2243,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:225 +# Generated at dronegen/tag.go:230 ################################################ kind: pipeline @@ -2382,7 +2382,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:410 +# Generated at dronegen/tag.go:431 ################################################ kind: pipeline @@ -2452,7 +2452,7 @@ steps: - name: Build artifacts image: docker commands: - - apk add --no-cache bash curl gzip make tar + - apk add --no-cache bash curl gzip make tar go - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - mkdir -m0700 $GNUPG_DIR @@ -2548,7 +2548,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:410 +# Generated at dronegen/tag.go:431 ################################################ kind: pipeline @@ -3226,7 +3226,7 @@ steps: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:225 +# Generated at dronegen/tag.go:230 ################################################ kind: pipeline @@ -3365,7 +3365,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:225 +# Generated at dronegen/tag.go:230 ################################################ kind: pipeline @@ -3504,7 +3504,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:410 +# Generated at dronegen/tag.go:431 ################################################ kind: pipeline @@ -3656,7 +3656,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:410 +# Generated at dronegen/tag.go:431 ################################################ kind: pipeline @@ -3808,7 +3808,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:410 +# Generated at dronegen/tag.go:431 ################################################ kind: pipeline @@ -3878,7 +3878,7 @@ steps: - name: Build artifacts image: docker commands: - - apk add --no-cache bash curl gzip make tar + - apk add --no-cache bash curl gzip make tar go - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - mkdir -m0700 $GNUPG_DIR @@ -3974,7 +3974,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:410 +# Generated at dronegen/tag.go:431 ################################################ kind: pipeline @@ -4044,7 +4044,7 @@ steps: - name: Build artifacts image: docker commands: - - apk add --no-cache bash curl gzip make tar + - apk add --no-cache bash curl gzip make tar go - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - mkdir -m0700 $GNUPG_DIR @@ -4140,7 +4140,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go:225 +# Generated at dronegen/tag.go:230 ################################################ kind: pipeline @@ -5084,6 +5084,6 @@ volumes: name: drone-s3-debrepo-pvc --- kind: signature -hmac: eb954f5ddc1da7e5f4545ab8a5612fbc381633cd7a29950b9dc47ac19f4b54e1 +hmac: 1dd41a2efd6b7983f62a49578cdcf4eb9058d4319e333f9f958e80e7f8a91877 ... diff --git a/build.assets/build-package.sh b/build.assets/build-package.sh index 22d90fd713d09..6295dd7ca31a2 100755 --- a/build.assets/build-package.sh +++ b/build.assets/build-package.sh @@ -192,9 +192,14 @@ elif [[ "${ARCH}" == "arm64" ]]; then TEXT_ARCH="ARMv8/ARM64" fi +# amd64 RPMs should use CentOS 7 compatible artifacts +if [[ "${PACKAGE_TYPE}" == "rpm" && "${ARCH}" == "x86_64" ]]; then + OPTIONAL_RUNTIME_SECTION+="-centos7" +fi + # set optional runtime section for filename if [[ "${RUNTIME}" == "fips" ]]; then - OPTIONAL_RUNTIME_SECTION="-fips" + OPTIONAL_RUNTIME_SECTION+="-fips" fi # set variables appropriately depending on type of package being built diff --git a/dronegen/tag.go b/dronegen/tag.go index ded497c96e9d8..470c573133d91 100644 --- a/dronegen/tag.go +++ b/dronegen/tag.go @@ -16,6 +16,7 @@ package main import ( "fmt" + "strings" ) const ( @@ -175,7 +176,11 @@ func tagPipelines() []pipeline { // RPM/DEB package builds for _, packageType := range []string{rpmPackage, debPackage} { - ps = append(ps, tagPackagePipeline(packageType, buildType{os: "linux", arch: arch, fips: fips})) + bt := buildType{os: "linux", arch: arch, fips: fips} + if packageType == "rpm" && arch == "amd64" { + bt.centos7 = true + } + ps = append(ps, tagPackagePipeline(packageType, bt)) } } } @@ -283,6 +288,11 @@ func tagDownloadArtifactCommands(b buildType) []string { } artifactOSS := true artifactType := fmt.Sprintf("%s-%s", b.os, b.arch) + + if b.centos7 { + artifactType += "-centos7" + } + if b.fips { artifactType += "-fips" artifactOSS = false @@ -362,8 +372,19 @@ func tagPackagePipeline(packageType string, b buildType) pipeline { } dependentPipeline := fmt.Sprintf("build-%s-%s", b.os, b.arch) + + if b.centos7 { + dependentPipeline += "-centos7" + } + + apkPackages := []string{"bash", "curl", "gzip", "make", "tar"} + if packageType == rpmPackage { + // Required by `make rpm` + apkPackages = append(apkPackages, "go") + } + packageBuildCommands := []string{ - `apk add --no-cache bash curl gzip make tar`, + fmt.Sprintf("apk add --no-cache %s", strings.Join(apkPackages, " ")), `cd /go/src/github.com/gravitational/teleport`, `export VERSION=$(cat /go/.version.txt)`, } From e3955d1d39c69ec86d5d3b52066788b5871a39d3 Mon Sep 17 00:00:00 2001 From: Fred Heinecke Date: Thu, 10 Mar 2022 11:24:04 -0600 Subject: [PATCH 2/4] Fixed RPM naming issue --- build.assets/build-package.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build.assets/build-package.sh b/build.assets/build-package.sh index 6295dd7ca31a2..1c9e23d7ddfc0 100755 --- a/build.assets/build-package.sh +++ b/build.assets/build-package.sh @@ -194,7 +194,7 @@ fi # amd64 RPMs should use CentOS 7 compatible artifacts if [[ "${PACKAGE_TYPE}" == "rpm" && "${ARCH}" == "x86_64" ]]; then - OPTIONAL_RUNTIME_SECTION+="-centos7" + OPTINAL_TARBALL_SECTION+="-centos7" fi # set optional runtime section for filename @@ -204,7 +204,7 @@ fi # set variables appropriately depending on type of package being built if [[ "${TELEPORT_TYPE}" == "ent" ]]; then - TARBALL_FILENAME="teleport-ent-v${TELEPORT_VERSION}-${PLATFORM}-${FILENAME_ARCH}${OPTIONAL_RUNTIME_SECTION}-bin.tar.gz" + TARBALL_FILENAME="teleport-ent-v${TELEPORT_VERSION}-${PLATFORM}-${FILENAME_ARCH}${OPTINAL_TARBALL_SECTION}${OPTIONAL_RUNTIME_SECTION}-bin.tar.gz" URL="${DOWNLOAD_ROOT}/${TARBALL_FILENAME}" TAR_PATH="teleport-ent" RPM_NAME="teleport-ent" @@ -215,7 +215,7 @@ if [[ "${TELEPORT_TYPE}" == "ent" ]]; then TYPE_DESCRIPTION="[${TEXT_ARCH} Enterprise edition]" fi else - TARBALL_FILENAME="teleport-v${TELEPORT_VERSION}-${PLATFORM}-${FILENAME_ARCH}${OPTIONAL_RUNTIME_SECTION}-bin.tar.gz" + TARBALL_FILENAME="teleport-v${TELEPORT_VERSION}-${PLATFORM}-${FILENAME_ARCH}${OPTINAL_TARBALL_SECTION}${OPTIONAL_RUNTIME_SECTION}-bin.tar.gz" URL="${DOWNLOAD_ROOT}/${TARBALL_FILENAME}" TAR_PATH="teleport" RPM_NAME="teleport" From 7042444df35dbb405758faa2bbedef7d129b93e1 Mon Sep 17 00:00:00 2001 From: fheinecke Date: Fri, 25 Mar 2022 15:08:49 -0500 Subject: [PATCH 3/4] Apply suggestions from code review Co-authored-by: Gus Luxton --- build.assets/build-package.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build.assets/build-package.sh b/build.assets/build-package.sh index 1c9e23d7ddfc0..8a793184deb20 100755 --- a/build.assets/build-package.sh +++ b/build.assets/build-package.sh @@ -194,7 +194,7 @@ fi # amd64 RPMs should use CentOS 7 compatible artifacts if [[ "${PACKAGE_TYPE}" == "rpm" && "${ARCH}" == "x86_64" ]]; then - OPTINAL_TARBALL_SECTION+="-centos7" + OPTIONAL_TARBALL_SECTION+="-centos7" fi # set optional runtime section for filename @@ -204,7 +204,7 @@ fi # set variables appropriately depending on type of package being built if [[ "${TELEPORT_TYPE}" == "ent" ]]; then - TARBALL_FILENAME="teleport-ent-v${TELEPORT_VERSION}-${PLATFORM}-${FILENAME_ARCH}${OPTINAL_TARBALL_SECTION}${OPTIONAL_RUNTIME_SECTION}-bin.tar.gz" + TARBALL_FILENAME="teleport-ent-v${TELEPORT_VERSION}-${PLATFORM}-${FILENAME_ARCH}${OPTIONAL_TARBALL_SECTION}${OPTIONAL_RUNTIME_SECTION}-bin.tar.gz" URL="${DOWNLOAD_ROOT}/${TARBALL_FILENAME}" TAR_PATH="teleport-ent" RPM_NAME="teleport-ent" @@ -215,7 +215,7 @@ if [[ "${TELEPORT_TYPE}" == "ent" ]]; then TYPE_DESCRIPTION="[${TEXT_ARCH} Enterprise edition]" fi else - TARBALL_FILENAME="teleport-v${TELEPORT_VERSION}-${PLATFORM}-${FILENAME_ARCH}${OPTINAL_TARBALL_SECTION}${OPTIONAL_RUNTIME_SECTION}-bin.tar.gz" + TARBALL_FILENAME="teleport-v${TELEPORT_VERSION}-${PLATFORM}-${FILENAME_ARCH}${OPTIONAL_TARBALL_SECTION}${OPTIONAL_RUNTIME_SECTION}-bin.tar.gz" URL="${DOWNLOAD_ROOT}/${TARBALL_FILENAME}" TAR_PATH="teleport" RPM_NAME="teleport" From 6cc395bb08983f13c78e055361ef7acb37a1bbef Mon Sep 17 00:00:00 2001 From: Fred Heinecke Date: Fri, 25 Mar 2022 15:21:10 -0500 Subject: [PATCH 4/4] Resigned dronegen --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 1494b8da67c4a..2511955c8abad 100644 --- a/.drone.yml +++ b/.drone.yml @@ -5084,6 +5084,6 @@ volumes: name: drone-s3-debrepo-pvc --- kind: signature -hmac: 1dd41a2efd6b7983f62a49578cdcf4eb9058d4319e333f9f958e80e7f8a91877 +hmac: 3f643ea1aa5c364c56c9c61f71a199828e5e8013d9032239cd4d260510fd6fd0 ...