Merge pull request #1809 from nurse/xenial-arm64

Support arm64 packaging
ossec · Jun 17, 2020 · f3c5a6a · f3c5a6a
2 parents b191a04 + 0e82535
commit f3c5a6a
Show file tree

Hide file tree

Showing 25 changed files with 1,148 additions and 33 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -43,6 +43,12 @@ matrix:
     - compiler: clang
       env: OSSEC_TYPE=server RULES=test PCRE2_SYSTEM=no
 
+jobs:
+  include:
+    - arch: arm64
+      compiler: gcc
+      env: DB=none OSSEC_TYPE=agent GEOIP=no PCRE2_SYSTEM=yes ARCH=arm64
+      env: OSSEC_TYPE=server RULES=test
 
 before_script:
 - sudo apt-get update -qq
@@ -64,6 +70,7 @@ script:
   && if [[ "${PRELUDE}" = "yes" ]]; then COMMAND="${COMMAND} USE_PRELUDE=1"; fi
   && if [[ "${ZEROMQ}" = "yes" ]]; then COMMAND="${COMMAND} USE_ZEROMQ=1"; fi
   && if [[ "${OSSEC_TYPE}" = "test" ]]; then COMMAND="${COMMAND} USE_PCRE2_JIT=0"; fi
+  && if [[ "${ARCH}" = "arm64" ]]; then ./build.sh; fi
   && ( cd src/
      && make --warn-undefined-variables ${COMMAND} settings
      && make --warn-undefined-variables ${COMMAND} external -j

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,29 @@
+FROM ubuntu:16.04
+
+RUN apt-get update \
+    && apt-get --yes install \
+        sudo \
+        curl \
+        wget \
+        git \
+        build-essential \
+        debhelper \
+        libssl-dev \
+        linux-libc-dev \
+        libpcre2-dev \
+        pbuilder \
+        expect \
+        debconf \
+        qemu-user-static
+COPY ./debian_files /home/ubuntu/debian_files
+COPY . /home/ubuntu/ossec-hids
+# `docker build` cannot handle `pbuilder create` because it uses `mount` which needs privilege
+# RUN cd /home/ubuntu/ossec-hids/contrib/debian-packages \
+#     && ./generate_ossec_xenial_arm64.sh -d
+# RUN DIST=xenial ARCH=arm64 pbuilder create --configfile /home/ubuntu/ossec-hids/contrib/debian-packages/pbuilderrc
+# RUN cd /home/ubuntu/ossec-hids/contrib/debian-packages \
+#     && ./generate_ossec_xenial_arm64.sh -u
+# RUN cd /home/ubuntu/ossec-hids/contrib/debian-packages \
+#     && ./generate_ossec_xenial_arm64.sh -b
+
+CMD ["/bin/sh"]
diff --git a/build.sh b/build.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -e -o pipefail
+
+scriptpath=$(dirname $0)
+$scriptpath/contrib/debian-packages/generate_ossec.sh -d
+$scriptpath/contrib/debian-packages/generate_ossec.sh -u
+$scriptpath/contrib/debian-packages/generate_ossec.sh -b
diff --git a/contrib/debian-packages/generate_ossec.sh b/contrib/debian-packages/generate_ossec.sh
@@ -20,25 +20,25 @@
 # CONFIGURATION VARIABLES
 #
 
-ossec_version='2.8.2'
+ossec_version='3.5.0'
 source_file="ossec-hids-${ossec_version}.tar.gz"
 #packages=(ossec-hids ossec-hids-agent) # only options available
-packages=(ossec-hids ossec-hids-agent)
+packages=(ossec-hids-agent)
 
-# codenames=(sid jessie wheezy precise trusty utopic) 
-codenames=(sid jessie wheezy precise trusty utopic) 
+# codenames=(sid jessie wheezy precise trusty utopic)
+codenames=(xenial)
 
 # For Debian use: sid, jessie or wheezy (hardcoded in update_changelog function)
 # For Ubuntu use: lucid, precise, trusty or utopic
-codenames_ubuntu=(precise trusty utopic)
+codenames_ubuntu=(precise trusty xenial)
 codenames_debian=(sid jessie wheezy)
 
 # architectures=(amd64 i386) only options available
-architectures=(amd64 i386)
+architectures=(arm64)
 
 # GPG key
-signing_key='XXXX'
-signing_pass='XXXX'
+signing_key='7A1B7C76'
+signing_pass=`cat /root/.gnupg/passphrase`
 
 # Debian files
 debian_files_path="/home/ubuntu/debian_files"
@@ -200,11 +200,22 @@ update_chroots()
   do
     for arch in ${architectures[@]}
     do
-      echo "Updating chroot environment: ${codename}-${arch}" | write_log
-      if sudo DIST=$codename ARCH=$arch pbuilder update ; then
-        echo "Successfully updated chroot environment: ${codename}-${arch}" | write_log
+      if [ -f /var/cache/pbuilder/$codename-$arrch-base.tgz ]; then
+        echo "Updating chroot environment: ${codename}-${arch}" | write_log
+        if sudo DIST=$codename ARCH=$arch pbuilder update --configfile $scriptpath/pbuilderrc ; then
+          echo "Successfully updated chroot environment: ${codename}-${arch}" | write_log
+        else
+          echo "Error: Problem detected updating chroot environment: ${codename}-${arch}" | write_log
+          exit 1
+        fi
       else
-        echo "Error: Problem detected updating chroot environment: ${codename}-${arch}" | write_log
+        echo "Creating chroot environment: ${codename}-${arch}" | write_log
+        if sudo DIST=$codename ARCH=$arch pbuilder create --configfile $scriptpath/pbuilderrc; then
+          echo "Successfully created chroot environment: ${codename}-${arch}" | write_log
+        else
+          echo "Error: Problem detected creating chroot environment: ${codename}-${arch}" | write_log
+          exit 1
+        fi
       fi
     done
   done
@@ -217,6 +228,7 @@ update_chroots()
 #
 download_source()
 {
+  cd ${scriptpath}
 
   # Checking that Debian files exist for this version
   for package in ${packages[*]}
@@ -311,7 +323,7 @@ do
 
       # Building the package
       cd ${source_path}
-      if sudo /usr/bin/pdebuild --use-pdebuild-internal --architecture ${arch} --buildresult ${results_dir} -- --basetgz \
+      if sudo DIST=$codename ARCH=$arch /usr/bin/pdebuild --configfile $scriptpath/pbuilderrc --use-pdebuild-internal --architecture ${arch} --buildresult ${results_dir} -- --basetgz \
       ${base_tgz} --distribution ${codename} --architecture ${arch} --aptcache ${cache_dir} --override-config ; then
         echo " + Successfully built Debian package ${package} ${codename}-${arch}" | write_log
       else
@@ -346,7 +358,8 @@ do
         send \"${signing_pass}\r\"
         expect -re \".*Enter passphrase:.*\"
         send \"${signing_pass}\r\"
-        expect -re \".*Successfully signed dsc and changes files.*\"
+        expect -re \".*Successfully signed dsc and changes files.*\" exit 0
+        exit 1
       "
       if [ $? -eq 0 ] ; then
         echo " + Successfully signed Debian package ${changes_file} ${codename}-${arch}" | write_log
@@ -469,14 +482,17 @@ case $key in
   -u|--update)
     update_chroots
     shift
+    exit 0
     ;;
   -d|--download)
     download_source
     shift
+    exit 0
     ;;
   -b|--build)
     build_packages
     shift
+    exit 0
     ;;
   -s|--sync)
     sync_repository