From d732ddd2e7664022d43ca41f0a88b71495d43401 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Fri, 20 Dec 2024 14:05:45 +0100 Subject: [PATCH 1/2] drop el-7, debian-buster, amazonlinux-2 --- .github/workflows/build-packages.yml | 16 +------ .github/workflows/builder-dispatch.yml | 2 - .github/workflows/builder.yml | 4 -- BUILDING-PACKAGES.md | 12 ++---- .../docker/repo-test/generate-repo-files.py | 5 --- .../dockerfiles/CentOS-SCLo-scl-rh.repo | 8 ---- .../dockerfiles/Centos-Base-Vault.repo | 34 --------------- .../dockerfiles/Dockerfile.rpmbuild | 42 +++++-------------- .../dockerfiles/Dockerfile.rpmsbom | 19 +++------ .../dockerfiles/Dockerfile.target.amazon-2 | 15 ------- .../dockerfiles/Dockerfile.target.centos-7 | 17 -------- .../Dockerfile.target.debian-buster | 28 ------------- .../dockerfiles/Dockerfile.target.el-7 | 1 - .../Dockerfile.target.oraclelinux-7 | 18 -------- .../Dockerfile.target.raspbian-buster | 27 ------------ builder-support/specs/dnsdist.spec | 29 ------------- builder-support/specs/pdns-recursor.spec | 16 ------- builder-support/specs/pdns.spec | 34 --------------- 18 files changed, 19 insertions(+), 308 deletions(-) delete mode 100644 builder-support/dockerfiles/CentOS-SCLo-scl-rh.repo delete mode 100644 builder-support/dockerfiles/Centos-Base-Vault.repo delete mode 100644 builder-support/dockerfiles/Dockerfile.target.amazon-2 delete mode 100644 builder-support/dockerfiles/Dockerfile.target.centos-7 delete mode 100644 builder-support/dockerfiles/Dockerfile.target.debian-buster delete mode 120000 builder-support/dockerfiles/Dockerfile.target.el-7 delete mode 100644 builder-support/dockerfiles/Dockerfile.target.oraclelinux-7 delete mode 100644 builder-support/dockerfiles/Dockerfile.target.raspbian-buster diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index eed5e63dbeb5..ca70d545180f 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -15,10 +15,8 @@ on: # please remember to update the pkghashes below when you # update this list, as well as the one in builder-dispatch.yml default: >- - el-7 el-8 el-9 - debian-buster debian-bullseye debian-bookworm ubuntu-focal @@ -73,20 +71,14 @@ jobs: matrix: os: ${{fromJson(needs.prepare.outputs.oslist)}} runner-os: ${{ fromJson(needs.prepare.outputs.runnerlist )}} - exclude: - - os: el-7 - runner-os: ubicloud-standard-2-arm fail-fast: false outputs: product-name: ${{ steps.normalize-name.outputs.normalized-package-name }} version: ${{ steps.getversion.outputs.version }} - pkghashes-el-7-x86_64: ${{ steps.pkghashes.outputs.pkghashes-el-7-x86_64 }} pkghashes-el-8-x86_64: ${{ steps.pkghashes.outputs.pkghashes-el-8-x86_64 }} pkghashes-el-8-aarch64: ${{ steps.pkghashes.outputs.pkghashes-el-8-aarch64 }} pkghashes-el-9-x86_64: ${{ steps.pkghashes.outputs.pkghashes-el-9-x86_64 }} pkghashes-el-9-aarch64: ${{ steps.pkghashes.outputs.pkghashes-el-9-aarch64 }} - pkghashes-debian-buster-x86_64: ${{ steps.pkghashes.outputs.pkghashes-debian-buster-x86_64 }} - pkghashes-debian-buster-aarch64: ${{ steps.pkghashes.outputs.pkghashes-debian-buster-aarch64 }} pkghashes-debian-bullseye-x86_64: ${{ steps.pkghashes.outputs.pkghashes-debian-bullseye-x86_64 }} pkghashes-debian-bullseye-aarch64: ${{ steps.pkghashes.outputs.pkghashes-debian-bullseye-aarch64 }} pkghashes-debian-bookworm-x86_64: ${{ steps.pkghashes.outputs.pkghashes-debian-bookworm-x86_64 }} @@ -173,7 +165,7 @@ jobs: run: | for os in ${{ inputs.os }}; do for architecture in x86_64 ${{ vars.ARM64_USE_UBICLOUD == '1' && 'aarch64' || '' }}; do - [[ "$os" != "el-7" || "$architecture" != "aarch64" ]] && echo "\"pkghashes-$os-$architecture\"" | tee -a /tmp/os-inputs.txt + echo "\"pkghashes-$os-$architecture\"" | tee -a /tmp/os-inputs.txt done done sort -o /tmp/os-inputs.txt /tmp/os-inputs.txt @@ -188,9 +180,6 @@ jobs: matrix: os: ${{fromJson(needs.prepare.outputs.oslist)}} architecture: ${{ fromJson(needs.prepare.outputs.archlist )}} - exclude: - - os: el-7 - architecture: aarch64 permissions: actions: read # To read the workflow path. id-token: write # To sign the provenance. @@ -224,9 +213,6 @@ jobs: matrix: os: ${{fromJson(needs.prepare.outputs.oslist)}} architecture: ${{ fromJson(needs.prepare.outputs.archlist )}} - exclude: - - os: el-7 - architecture: aarch64 steps: - name: Download source tarball provenance for ${{ inputs.product }} (${{ inputs.ref }}) id: download-src-provenance diff --git a/.github/workflows/builder-dispatch.yml b/.github/workflows/builder-dispatch.yml index c478118413ba..fe57f661a8e5 100644 --- a/.github/workflows/builder-dispatch.yml +++ b/.github/workflows/builder-dispatch.yml @@ -16,10 +16,8 @@ on: type: string # please remember to update build-packages.yml as well default: >- - el-7 el-8 el-9 - debian-buster debian-bullseye debian-bookworm ubuntu-focal diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml index 1d666c01503d..66f4f634e09b 100644 --- a/.github/workflows/builder.yml +++ b/.github/workflows/builder.yml @@ -35,7 +35,6 @@ jobs: matrix: product: ['authoritative', 'recursor', 'dnsdist'] os: - - el-7 - el-8 - centos-9-stream - ubuntu-noble @@ -44,9 +43,6 @@ jobs: - debian-trixie - amazon-2023 runner-os: ${{ fromJson(needs.prepare.outputs.runnerlist )}} - exclude: - - os: el-7 - runner-os: ubicloud-standard-2-arm fail-fast: false steps: - uses: actions/checkout@v4 diff --git a/BUILDING-PACKAGES.md b/BUILDING-PACKAGES.md index 9ca9c691712b..6490aa13c200 100644 --- a/BUILDING-PACKAGES.md +++ b/BUILDING-PACKAGES.md @@ -44,20 +44,18 @@ Adding a new OS to the list Adding a new OS is usually easy, provided that it does not differ too much from an existing one. For example, to add support for Debian Bookworm (already present in the current repository), one had to: -Copy the existing instructions for Debian Buster: +Copy the existing instructions for Debian bullseye: ``` -cp builder-support/dockerfiles/Dockerfile.target.debian-buster builder-support/dockerfiles/Dockerfile.target.debian-bookworm +cp builder-support/dockerfiles/Dockerfile.target.debian-bullseye builder-support/dockerfiles/Dockerfile.target.debian-bookworm ``` -In the new `builder-support/dockerfiles/Dockerfile.target.debian-bookworm` file, replace every occurrence of `debian-buster` by `debian-bookworm`, and of `debian:buster` by `debian:bookworm` +In the new `builder-support/dockerfiles/Dockerfile.target.debian-bookworm` file, replace every occurrence of `debian-bullseye` by `debian-bookworm`, and of `debian:bullseye` by `debian:bookworm` Then add the new target to the list of OSes in the `.github/workflows/builder-dispatch.yml` workflow file: ``` default: >- - el-7 el-8 el-9 - debian-buster debian-bullseye debian-bookworm ubuntu-focal @@ -68,10 +66,8 @@ If release packages should be automatically built for this new target, then `.gi `` ``` default: >- - el-7 el-8 el-9 - debian-buster debian-bullseye debian-bookworm ubuntu-focal @@ -80,10 +76,8 @@ default: >- Not forgetting to update the list of hashes later in the same file: ``` -pkghashes-el-7: ${{ steps.pkghashes.outputs.pkghashes-el-7 }} pkghashes-el-8: ${{ steps.pkghashes.outputs.pkghashes-el-8 }} pkghashes-el-9: ${{ steps.pkghashes.outputs.pkghashes-el-9 }} -pkghashes-debian-buster: ${{ steps.pkghashes.outputs.pkghashes-debian-buster }} pkghashes-debian-bullseye: ${{ steps.pkghashes.outputs.pkghashes-debian-bullseye }} pkghashes-debian-bookworm: ${{ steps.pkghashes.outputs.pkghashes-debian-bookworm }} pkghashes-ubuntu-focal: ${{ steps.pkghashes.outputs.pkghashes-ubuntu-focal }} diff --git a/build-scripts/docker/repo-test/generate-repo-files.py b/build-scripts/docker/repo-test/generate-repo-files.py index 026a831e9da8..4293c27c5eae 100755 --- a/build-scripts/docker/repo-test/generate-repo-files.py +++ b/build-scripts/docker/repo-test/generate-repo-files.py @@ -140,11 +140,8 @@ def write_release_files (release): 'rec-48', 'rec-49', 'rec-50', 'rec-51', 'rec-master', 'dnsdist-17', 'dnsdist-18', 'dnsdist-19', 'dnsdist-master']: write_pkg_pin_file(release) - write_dockerfile('el', '7', release) write_dockerfile('el', '8', release) write_dockerfile('el', '9', release) - write_dockerfile('debian', 'buster', release) - write_list_file('debian', 'buster', release) write_dockerfile('debian', 'bullseye', release) write_list_file('debian', 'bullseye', release) write_dockerfile('ubuntu', 'focal', release) @@ -241,8 +238,6 @@ def test_release (release, arch='x86_64'): returned_versions = [] print('=== testing {} ({}) ==='.format(release, arch)) for df in dockerfiles: - if arch == 'aarch64' and str(df).endswith('el-7'): - continue if arch == 'aarch64' and not release in ['rec-49', 'rec-50', 'rec-51', 'rec-master', 'dnsdist-19', 'dnsdist-master']: continue diff --git a/builder-support/dockerfiles/CentOS-SCLo-scl-rh.repo b/builder-support/dockerfiles/CentOS-SCLo-scl-rh.repo deleted file mode 100644 index b1bb764e56f2..000000000000 --- a/builder-support/dockerfiles/CentOS-SCLo-scl-rh.repo +++ /dev/null @@ -1,8 +0,0 @@ -[centos-sclo-rh] -name=CentOS-6 - SCLo rh -baseurl=http://vault.centos.org/centos/6/sclo/$basearch/rh/ -#mirrorlist=http://mirrorlist.centos.org?arch=$basearch&release=6&repo=sclo-rh -gpgcheck=1 -enabled=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo - diff --git a/builder-support/dockerfiles/Centos-Base-Vault.repo b/builder-support/dockerfiles/Centos-Base-Vault.repo deleted file mode 100644 index 0fecdb809d06..000000000000 --- a/builder-support/dockerfiles/Centos-Base-Vault.repo +++ /dev/null @@ -1,34 +0,0 @@ -[base] -name=CentOS-6.10 - Base -baseurl=http://vault.centos.org/6.10/os/$basearch/ -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 -enabled=1 - -[updates] -name=CentOS-6.10 - Updates -baseurl=http://vault.centos.org/6.10/updates/$basearch/ -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 -enabled=1 - -[extras] -name=CentOS-6.10 - Extras -baseurl=http://vault.centos.org/6.10/extras/$basearch/ -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 -enabled=1 - -[contrib] -name=CentOS-6.10 - Contrib -baseurl=http://vault.centos.org/6.10/contrib/$basearch/ -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 -enabled=1 - -[centosplus] -name=CentOS-6.10 - CentOSPlus -baseurl=http://vault.centos.org/6.10/centosplus/$basearch/ -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 -enabled=1 diff --git a/builder-support/dockerfiles/Dockerfile.rpmbuild b/builder-support/dockerfiles/Dockerfile.rpmbuild index 1101a56df35b..84924499bb88 100644 --- a/builder-support/dockerfiles/Dockerfile.rpmbuild +++ b/builder-support/dockerfiles/Dockerfile.rpmbuild @@ -1,11 +1,6 @@ FROM dist-base as package-builder -RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \ - yum upgrade -y && \ - yum install -y rpm-build rpmdevtools python2 python3 curl jq "@Development Tools"; \ - else \ - yum upgrade -y && \ - yum install --allowerasing -y rpm-build rpmdevtools python3 curl jq "@Development Tools"; \ - fi +RUN yum upgrade -y && \ + yum install --allowerasing -y rpm-build rpmdevtools python3 curl jq "@Development Tools" RUN mkdir /dist /pdns WORKDIR /pdns @@ -21,14 +16,10 @@ RUN cd /pdns/builder-support/helpers/ && ./install_rust.sh @ENDIF @IF [ -n "$M_dnsdist$M_all" ] -# We do not build Quiche (DNS over QUIC support) on el-7 because the clang -# version is too old to build the 'boring-sys' crate needed by Quiche -RUN if ! $(grep -q 'release 7' /etc/redhat-release); then \ - cd /pdns/builder-support/helpers/ && ./install_rust.sh; \ - yum install -y git cmake clang; \ - cd /pdns/builder-support/helpers/ && \ - ./install_quiche.sh; \ - fi +RUN cd /pdns/builder-support/helpers/ && ./install_rust.sh; \ + yum install -y git cmake clang; \ + cd /pdns/builder-support/helpers/ && \ + ./install_quiche.sh @ENDIF # Used for -p option to only build specific spec files @@ -43,9 +34,7 @@ ADD builder-support/specs/ /pdns/builder-support/specs RUN find /pdns/builder-support/specs/ -not -name '*.spec' -exec ln -s {} /root/rpmbuild/SOURCES/ \; @IF [ -n "$M_authoritative$M_all" ] -RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \ - scl enable devtoolset-11 -- builder/helpers/build-specs.sh builder-support/specs/pdns.spec; \ - elif $(grep -q 'release 8' /etc/redhat-release); then \ +RUN touch /var/lib/rpm/* && if $(grep -q 'release 8' /etc/redhat-release); then \ scl enable gcc-toolset-13 -- builder/helpers/build-specs.sh builder-support/specs/pdns.spec; \ else \ builder/helpers/build-specs.sh builder-support/specs/pdns.spec; \ @@ -53,9 +42,7 @@ RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then @ENDIF @IF [ -n "$M_recursor$M_all" ] -RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \ - scl enable devtoolset-11 -- builder/helpers/build-specs.sh builder-support/specs/pdns-recursor.spec; \ - elif $(grep -q 'release 8' /etc/redhat-release); then \ +RUN touch /var/lib/rpm/* && if $(grep -q 'release 8' /etc/redhat-release); then \ scl enable gcc-toolset-13 -- builder/helpers/build-specs.sh builder-support/specs/pdns-recursor.spec; \ else \ builder/helpers/build-specs.sh builder-support/specs/pdns-recursor.spec; \ @@ -64,16 +51,12 @@ RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then @IF [ -n "$M_dnsdist$M_all" ] -# --allowerasing does not exist on el7, so we fall back to just installing -# this is fine because --allowerasing is only there to deal with libcurl conflicting with libcurl-minimal on some el9 images RUN touch /var/lib/rpm/* && mkdir /libh2o && cd /libh2o && \ - yum install -y --allowerasing curl libcurl openssl-devel cmake || yum install -y curl libcurl openssl-devel cmake && \ + dnf install -y --allowerasing curl libcurl openssl-devel cmake && \ cd /pdns/builder-support/helpers/ && \ ./install_h2o.sh -RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \ - scl enable devtoolset-11 -- builder/helpers/build-specs.sh builder-support/specs/dnsdist.spec; \ - elif $(grep -q 'release 8' /etc/redhat-release); then \ +RUN touch /var/lib/rpm/* && if $(grep -q 'release 8' /etc/redhat-release); then \ scl enable gcc-toolset-13 -- builder/helpers/build-specs.sh builder-support/specs/dnsdist.spec; \ else \ builder/helpers/build-specs.sh builder-support/specs/dnsdist.spec; \ @@ -81,12 +64,7 @@ RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then @ENDIF # Generate provenance -@IF [ "${BUILDER_TARGET}" = "el-7" -o "${BUILDER_TARGET}" = "centos-7" ] -@EVAL RUN python builder/helpers/generate-yum-provenance.py /dist/packages-${BUILDER_TARGET}.json || python3 builder/helpers/generate-yum-provenance.py /dist/packages-${BUILDER_TARGET}.json -@ENDIF -@IF [ "${BUILDER_TARGET}" != "el-7" -a "${BUILDER_TARGET}" != "centos-7" ] @EVAL RUN python builder/helpers/generate-dnf-provenance.py /dist/packages-${BUILDER_TARGET}.json || python3 builder/helpers/generate-dnf-provenance.py /dist/packages-${BUILDER_TARGET}.json -@ENDIF # mv across layers with overlay2 is buggy in some kernel versions (results in empty dirs) # See: https://github.com/moby/moby/issues/33733 diff --git a/builder-support/dockerfiles/Dockerfile.rpmsbom b/builder-support/dockerfiles/Dockerfile.rpmsbom index 264b5d31a689..890a72df4845 100644 --- a/builder-support/dockerfiles/Dockerfile.rpmsbom +++ b/builder-support/dockerfiles/Dockerfile.rpmsbom @@ -1,32 +1,23 @@ ARG BUILDER_VERSION @EVAL ARG BUILDER_TARGET=${BUILDER_TARGET} -# No SBOM on el-7, which only has Python 2 and will be EOL soon anyway RUN touch /var/lib/rpm/* && \ - if ! $(grep -q 'release 7' /etc/redhat-release); then \ - yum install -y python3 python3-dnf; \ - fi + yum install -y python3 python3-dnf ADD builder-support/helpers/ /pdns/builder-support/helpers/ @IF [ -n "$M_recursor$M_all" ] RUN cd /pdns/builder-support/helpers/ && \ - if ! $(grep -q 'release 7' /etc/redhat-release); then \ - python3 generate-sbom-dnf.py /dist/pdns-recursor-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json pdns-recursor rust.json; \ - fi + python3 generate-sbom-dnf.py /dist/pdns-recursor-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json pdns-recursor rust.json @ENDIF @IF [ -n "$M_dnsdist$M_all" ] RUN cd /pdns/builder-support/helpers/; \ - if ! $(grep -q 'release 7' /etc/redhat-release); then \ - python3 generate-sbom-dnf.py /dist/dnsdist-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json dnsdist rust.json quiche.json h2o.json; \ - fi + python3 generate-sbom-dnf.py /dist/dnsdist-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json dnsdist rust.json quiche.json h2o.json @ENDIF @IF [ -n "$M_authoritative$M_all" ] RUN cd /pdns/builder-support/helpers/ && \ - if ! $(grep -q 'release 7' /etc/redhat-release); then \ - for pkg in $(dnf list installed 'pdns*' | grep -E ^'pdns' | grep -vE '\-debuginfo|\-debugsource' | cut -d. -f1); do \ + for pkg in $(dnf list installed 'pdns*' | grep -E ^'pdns' | grep -vE '\-debuginfo|\-debugsource' | cut -d. -f1); do \ python3 generate-sbom-dnf.py /dist/${pkg}-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json ${pkg}; \ - done; \ - fi + done @ENDIF diff --git a/builder-support/dockerfiles/Dockerfile.target.amazon-2 b/builder-support/dockerfiles/Dockerfile.target.amazon-2 deleted file mode 100644 index 01933467b28f..000000000000 --- a/builder-support/dockerfiles/Dockerfile.target.amazon-2 +++ /dev/null @@ -1,15 +0,0 @@ -# First do the source builds -@INCLUDE Dockerfile.target.sdist - -# This defines the distribution base layer -# Put only the bare minimum of common commands here, without dev tools -FROM amazonlinux:2 as dist-base -ARG BUILDER_CACHE_BUSTER= -RUN touch /var/lib/rpm/* && amazon-linux-extras install epel -y - -# Do the actual rpm build -@INCLUDE Dockerfile.rpmbuild - -# Do a test install and verify -# Can be skipped with skippackagetest=1 in the environment -@EXEC [ "$skippackagetest" = "" ] && include Dockerfile.rpmtest diff --git a/builder-support/dockerfiles/Dockerfile.target.centos-7 b/builder-support/dockerfiles/Dockerfile.target.centos-7 deleted file mode 100644 index acf1e45b50e5..000000000000 --- a/builder-support/dockerfiles/Dockerfile.target.centos-7 +++ /dev/null @@ -1,17 +0,0 @@ -# First do the source builds -@INCLUDE Dockerfile.target.sdist - -# This defines the distribution base layer -# Put only the bare minimum of common commands here, without dev tools -FROM centos:7 as dist-base - -ARG BUILDER_CACHE_BUSTER= -RUN touch /var/lib/rpm/* && yum install -y epel-release centos-release-scl-rh -RUN touch /var/lib/rpm/* && yum install -y --nogpgcheck devtoolset-11-gcc-c++ - -# Do the actual rpm build -@INCLUDE Dockerfile.rpmbuild - -# Do a test install and verify -# Can be skipped with skippackagetest=1 in the environment -@EXEC [ "$skippackagetest" = "" ] && include Dockerfile.rpmtest diff --git a/builder-support/dockerfiles/Dockerfile.target.debian-buster b/builder-support/dockerfiles/Dockerfile.target.debian-buster deleted file mode 100644 index bff27c137d58..000000000000 --- a/builder-support/dockerfiles/Dockerfile.target.debian-buster +++ /dev/null @@ -1,28 +0,0 @@ -# First do the source builds -@INCLUDE Dockerfile.target.sdist - -FROM debian:buster as dist-base - -ARG BUILDER_CACHE_BUSTER= -ARG APT_URL -RUN apt-get update && apt-get -y dist-upgrade - -@INCLUDE Dockerfile.debbuild-prepare - -@IF [ -n "$M_authoritative$M_all" ] -ADD builder-support/debian/authoritative/debian-buster/ pdns-${BUILDER_VERSION}/debian/ -@ENDIF - -@IF [ -n "$M_recursor$M_all" ] -ADD builder-support/debian/recursor/debian-buster/ pdns-recursor-${BUILDER_VERSION}/debian/ -@ENDIF - -@IF [ -n "$M_dnsdist$M_all" ] -ADD builder-support/debian/dnsdist/debian-buster/ dnsdist-${BUILDER_VERSION}/debian/ -@ENDIF - -@INCLUDE Dockerfile.debbuild - -# Do a test install and verify -# Can be skipped with skiptests=1 in the environment -# @EXEC [ "$skiptests" = "" ] && include Dockerfile.debtest diff --git a/builder-support/dockerfiles/Dockerfile.target.el-7 b/builder-support/dockerfiles/Dockerfile.target.el-7 deleted file mode 120000 index a67155b251c2..000000000000 --- a/builder-support/dockerfiles/Dockerfile.target.el-7 +++ /dev/null @@ -1 +0,0 @@ -Dockerfile.target.oraclelinux-7 \ No newline at end of file diff --git a/builder-support/dockerfiles/Dockerfile.target.oraclelinux-7 b/builder-support/dockerfiles/Dockerfile.target.oraclelinux-7 deleted file mode 100644 index 7b47e231f079..000000000000 --- a/builder-support/dockerfiles/Dockerfile.target.oraclelinux-7 +++ /dev/null @@ -1,18 +0,0 @@ -# First do the source builds -@INCLUDE Dockerfile.target.sdist - -# This defines the distribution base layer -# Put only the bare minimum of common commands here, without dev tools -FROM oraclelinux:7 as dist-base - -ARG BUILDER_CACHE_BUSTER= -RUN touch /var/lib/rpm/* && yum install -y oracle-epel-release-el7 oracle-softwarecollection-release-el7 && \ - yum-config-manager --add-repo=http://yum.oracle.com/repo/OracleLinux/OL7/optional/developer/$(uname -m)/ && \ - yum install -y --nogpgcheck devtoolset-11-gcc-c++ scl-utils - -# Do the actual rpm build -@INCLUDE Dockerfile.rpmbuild - -# Do a test install and verify -# Can be skipped with skippackagetest=1 in the environment -@EXEC [ "$skippackagetest" = "" ] && include Dockerfile.rpmtest diff --git a/builder-support/dockerfiles/Dockerfile.target.raspbian-buster b/builder-support/dockerfiles/Dockerfile.target.raspbian-buster deleted file mode 100644 index 2dd2f6249a32..000000000000 --- a/builder-support/dockerfiles/Dockerfile.target.raspbian-buster +++ /dev/null @@ -1,27 +0,0 @@ -# First do the source builds -@INCLUDE Dockerfile.target.sdist - -FROM resin/rpi-raspbian:buster as dist-base -ARG BUILDER_CACHE_BUSTER= -ARG APT_URL -RUN apt-get update && apt-get -y dist-upgrade - -@INCLUDE Dockerfile.debbuild-prepare - -@IF [ -n "$M_authoritative$M_all" ] -ADD builder-support/debian/authoritative/debian-buster/ pdns-${BUILDER_VERSION}/debian/ -@ENDIF - -@IF [ -n "$M_recursor$M_all" ] -ADD builder-support/debian/recursor/debian-buster/ pdns-recursor-${BUILDER_VERSION}/debian/ -@ENDIF - -@IF [ -n "$M_dnsdist$M_all" ] -ADD builder-support/debian/dnsdist/debian-buster/ dnsdist-${BUILDER_VERSION}/debian/ -@ENDIF - -@INCLUDE Dockerfile.debbuild - -# Do a test install and verify -# Can be skipped with skiptests=1 in the environment -# @EXEC [ "$skiptests" = "" ] && include Dockerfile.debtest diff --git a/builder-support/specs/dnsdist.spec b/builder-support/specs/dnsdist.spec index 182b7887a283..8611876b60cf 100644 --- a/builder-support/specs/dnsdist.spec +++ b/builder-support/specs/dnsdist.spec @@ -17,13 +17,8 @@ BuildRequires: systemd-units BuildRequires: systemd-devel %endif -%if 0%{?rhel} < 8 && 0%{?amzn} != 2023 -BuildRequires: boost169-devel -%else BuildRequires: boost-devel -%endif -%if 0%{?rhel} >= 7 || 0%{?amzn} == 2023 BuildRequires: gnutls-devel BuildRequires: libcap-devel BuildRequires: libnghttp2-devel @@ -40,21 +35,16 @@ BuildRequires: systemd BuildRequires: systemd-devel BuildRequires: systemd-units BuildRequires: tinycdb-devel -%if 0%{?amzn} != 2023 BuildRequires: libsodium-devel BuildRequires: net-snmp-devel -%endif -%endif %if 0%{?suse_version} Requires(pre): shadow %systemd_requires %endif -%if 0%{?rhel} >= 7 || 0%{?amzn} == 2023 Requires(pre): shadow-utils BuildRequires: fstrm-devel %systemd_requires -%endif %if ( "%{_arch}" != "aarch64" && 0%{?rhel} >= 8 ) || ( "%{_arch}" == "aarch64" && 0%{?rhel} >= 9 ) BuildRequires: libbpf-devel BuildRequires: libxdp-devel @@ -67,10 +57,6 @@ dnsdist is a high-performance DNS loadbalancer that is scriptable in Lua. %autosetup -p1 -n %{name}-%{getenv:BUILDER_VERSION} %build -%if 0%{?rhel} < 8 -export CPPFLAGS=-I/usr/include/boost169 -export LDFLAGS=-L/usr/lib64/boost169 -%endif export AR=gcc-ar export RANLIB=gcc-ranlib @@ -92,7 +78,6 @@ export RANLIB=gcc-ranlib --enable-systemd --with-systemd=%{_unitdir} \ --without-net-snmp %endif -%if 0%{?rhel} >= 7 || 0%{?amzn} == 2023 --enable-dnstap \ --enable-dns-over-https \ --enable-systemd --with-systemd=%{_unitdir} \ @@ -100,16 +85,12 @@ export RANLIB=gcc-ranlib --with-libcap \ --with-lua=%{lua_implementation} \ --with-re2 \ -%if 0%{?amzn} != 2023 --enable-dnscrypt \ --with-libsodium \ --with-net-snmp \ -%endif -%if 0%{?rhel} >= 8 || 0%{?amzn} == 2023 --enable-dns-over-quic \ --enable-dns-over-http3 \ --with-quiche \ -%endif PKG_CONFIG_PATH=/usr/lib/pkgconfig:/opt/lib64/pkgconfig %endif @@ -121,9 +102,7 @@ make %{?_smp_mflags} check || (cat test-suite.log && false) %install %make_install install -d %{buildroot}/%{_sysconfdir}/dnsdist -%if 0%{?rhel} >= 8 || 0%{?amzn} == 2023 install -Dm644 /usr/lib/libdnsdist-quiche.so %{buildroot}/%{_libdir}/libdnsdist-quiche.so -%endif %{__mv} %{buildroot}%{_sysconfdir}/dnsdist/dnsdist.conf-dist %{buildroot}%{_sysconfdir}/dnsdist/dnsdist.conf chmod 0640 %{buildroot}/%{_sysconfdir}/dnsdist/dnsdist.conf @@ -144,35 +123,27 @@ exit 0 %if 0%{?suse_version} %service_add_post %{name}.service %endif -%if 0%{?rhel} >= 7 systemctl daemon-reload ||: %systemd_post %{name}.service -%endif %preun %if 0%{?suse_version} %service_del_preun %{name}.service %endif -%if 0%{?rhel} >= 7 %systemd_preun %{name}.service -%endif %postun %if 0%{?suse_version} %service_del_postun %{name}.service %endif -%if 0%{?rhel} >= 7 %systemd_postun_with_restart %{name}.service -%endif %files %{!?_licensedir:%global license %%doc} %doc README.md %{_bindir}/* -%if 0%{?rhel} >= 8 || 0%{?amzn} == 2023 %define __requires_exclude libdnsdist-quiche\\.so %{_libdir}/libdnsdist-quiche.so -%endif %{_mandir}/man1/* %dir %{_sysconfdir}/dnsdist %attr(-, root, dnsdist) %config(noreplace) %{_sysconfdir}/%{name}/dnsdist.conf diff --git a/builder-support/specs/pdns-recursor.spec b/builder-support/specs/pdns-recursor.spec index bc478d433e55..30e830144eb5 100644 --- a/builder-support/specs/pdns-recursor.spec +++ b/builder-support/specs/pdns-recursor.spec @@ -10,22 +10,15 @@ Source0: %{name}-%{getenv:BUILDER_VERSION}.tar.bz2 Provides: powerdns-recursor = %{version}-%{release} -%if 0%{?rhel} < 8 && 0%{?amzn} != 2023 -BuildRequires: boost169-devel -%else BuildRequires: boost-devel -%endif BuildRequires: libcap-devel BuildRequires: systemd BuildRequires: systemd-devel BuildRequires: openssl-devel BuildRequires: fstrm-devel BuildRequires: libcurl-devel - -%if 0%{?amzn} != 2023 BuildRequires: net-snmp-devel BuildRequires: libsodium-devel -%endif %ifarch aarch64 BuildRequires: lua-devel @@ -51,10 +44,6 @@ package if you need a dns cache for your network. %autosetup -p1 -n %{name}-%{getenv:BUILDER_VERSION} %build -%if 0%{?rhel} < 8 -export CPPFLAGS=-I/usr/include/boost169 -export LDFLAGS=-L/usr/lib64/boost169 -%endif %configure \ --enable-option-checking=fatal \ @@ -66,10 +55,8 @@ export LDFLAGS=-L/usr/lib64/boost169 --enable-dnstap \ --with-libcap \ --with-lua=%{lua_implementation} \ -%if 0%{?amzn} != 2023 --with-libsodium \ --with-net-snmp \ -%endif --enable-systemd --with-systemd=%{_unitdir} \ --enable-nod @@ -104,9 +91,6 @@ EOF # The EL7 and 8 systemd actually supports %t, but its version number is older than that, so we do use seperate runtime dirs, but don't rely on RUNTIME_DIRECTORY %if 0%{?rhel} < 9 sed -e 's!/pdns_recursor!& --socket-dir=%t/pdns-recursor!' -i %{buildroot}/%{_unitdir}/pdns-recursor.service -%if 0%{?rhel} < 8 -sed -e 's!/pdns_recursor!& --socket-dir=%t/pdns-recursor-%i!' -e 's!RuntimeDirectory=pdns-recursor!&-%i!' -i %{buildroot}/%{_unitdir}/pdns-recursor@.service -%endif %endif %pre diff --git a/builder-support/specs/pdns.spec b/builder-support/specs/pdns.spec index ae5db16d1729..6acefb4f0421 100644 --- a/builder-support/specs/pdns.spec +++ b/builder-support/specs/pdns.spec @@ -17,22 +17,13 @@ Requires(postun): systemd BuildRequires: systemd BuildRequires: systemd-units BuildRequires: systemd-devel - BuildRequires: krb5-devel BuildRequires: p11-kit-devel BuildRequires: libcurl-devel -%if 0%{?rhel} < 8 && 0%{?amzn} != 2023 -BuildRequires: boost169-devel -%else BuildRequires: boost-devel -%endif BuildRequires: bison BuildRequires: openssl-devel - -%if 0%{?amzn} != 2023 BuildRequires: libsodium-devel -%endif - Requires(pre): shadow-utils %ifarch aarch64 @@ -63,11 +54,7 @@ This package contains the extra tools for %{name} Summary: MySQL backend for %{name} Group: System Environment/Daemons Requires: %{name}%{?_isa} = %{version}-%{release} -%if 0%{?rhel} < 8 && 0%{?amzn} != 2023 -BuildRequires: mysql-devel -%else BuildRequires: mariadb-connector-c-devel -%endif %global backends %{backends} gmysql %description backend-mysql @@ -145,9 +132,6 @@ Summary: Geo backend for %{name} Group: System Environment/Daemons Requires: %{name}%{?_isa} = %{version}-%{release} BuildRequires: yaml-cpp-devel -%if 0%{?rhel} < 9 && 0%{?amzn} != 2023 -BuildRequires: geoip-devel -%endif BuildRequires: libmaxminddb-devel %global backends %{backends} geoip @@ -176,7 +160,6 @@ BuildRequires: tinycdb-devel %description backend-tinydns This package contains the TinyDNS backend for %{name} -%if 0%{?amzn} != 2 %package ixfrdist BuildRequires: yaml-cpp-devel Summary: A program to redistribute zones over AXFR and IXFR @@ -184,7 +167,6 @@ Group: System Environment/Daemons %description ixfrdist This package contains the ixfrdist program. -%endif %prep %autosetup -p1 -n %{name}-%{getenv:BUILDER_VERSION} @@ -192,11 +174,6 @@ This package contains the ixfrdist program. %build export CPPFLAGS="-DLDAP_DEPRECATED" -%if 0%{?rhel} < 8 -export CPPFLAGS=-I/usr/include/boost169 -export LDFLAGS=-L/usr/lib64/boost169 -%endif - %configure \ --enable-option-checking=fatal \ --sysconfdir=%{_sysconfdir}/%{name} \ @@ -207,12 +184,8 @@ export LDFLAGS=-L/usr/lib64/boost169 --with-lua=%{lua_implementation} \ --with-dynmodules='%{backends}' \ --enable-tools \ -%if 0%{?amzn} != 2023 --with-libsodium \ -%endif -%if 0%{?amzn} != 2 --enable-ixfrdist \ -%endif --enable-unit-tests \ --enable-lua-records \ --enable-experimental-pkcs11 \ @@ -248,9 +221,6 @@ chmod 600 %{buildroot}%{_sysconfdir}/%{name}/pdns.conf # The EL7 and 8 systemd actually supports %t, but its version number is older than that, so we do use seperate runtime dirs, but don't rely on RUNTIME_DIRECTORY %if 0%{?rhel} < 9 sed -e 's!/pdns_server!& --socket-dir=%t/pdns!' -i %{buildroot}/%{_unitdir}/pdns.service -%if 0%{?rhel} < 8 -sed -e 's!/pdns_server!& --socket-dir=%t/pdns-%i!' -e 's!RuntimeDirectory=pdns!&-%i!' -i %{buildroot}/%{_unitdir}/pdns@.service -%endif %endif %check @@ -267,14 +237,12 @@ if [[ $(getent passwd pdns | cut -d: -f6) == "/" ]]; then fi exit 0 -%if 0%{?rhel} >= 7 if [ "`stat -c '%U:%G' %{_sysconfdir}/%{name}`" = "root:root" ]; then chown -R root:pdns /etc/powerdns # Make sure that pdns can read it; the default used to be 0600 chmod g+r /etc/powerdns/pdns.conf fi chown -R pdns:pdns /var/lib/powerdns || : -%endif %post systemctl daemon-reload ||: @@ -407,7 +375,6 @@ systemctl daemon-reload ||: %files backend-tinydns %{_libdir}/%{name}/libtinydnsbackend.so -%if 0%{?amzn} != 2 %files ixfrdist %{_bindir}/ixfrdist %{_mandir}/man1/ixfrdist.1.gz @@ -415,4 +382,3 @@ systemctl daemon-reload ||: %{_sysconfdir}/%{name}/ixfrdist.example.yml %{_unitdir}/ixfrdist.service %{_unitdir}/ixfrdist@.service -%endif From 70a9a456e676dbe552fd650ab55ec8551a726f64 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Fri, 20 Dec 2024 14:06:09 +0100 Subject: [PATCH 2/2] drop circleci --- .circleci/Makefile | 7 - .circleci/config.yml | 460 ------------------------------------------- 2 files changed, 467 deletions(-) delete mode 100644 .circleci/Makefile delete mode 100644 .circleci/config.yml diff --git a/.circleci/Makefile b/.circleci/Makefile deleted file mode 100644 index c70419a2e56b..000000000000 --- a/.circleci/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -# example usage, after https://circleci.com/docs/2.0/local-cli/ : -# -# make -C .circleci && circleci local execute -c .circleci/config.yml-local --job coverity-auth -e COVERITY_EMAIL=myemailhere -e COVERITY_PROJECT=foo -e COVERITY_TOKEN=XX - -config.yml-local: config.yml - circleci config process $< > $@ - diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index f45789806878..000000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,460 +0,0 @@ -version: 2.1 - -commands: - checkout-shallow: - description: "Do a shallow checkout of the repository" - steps: - - run: - name: Install git and openssh - command: apt-get update && apt-get -qq -y install openssh-client git - - run: - name: Store the keyid for the git repo - command: mkdir -p $HOME/.ssh && ssh-keyscan $(echo ${CIRCLE_REPOSITORY_URL} | sed 's,.*@\([^:]*\):.*,\1,') > $HOME/.ssh/known_hosts - - run: - name: Clone the repo - command: | - mkdir -p /opt/project - if [ -n "$CIRCLE_PR_NUMBER" ] - then - echo === Checking out PR "$CIRCLE_PR_NUMBER" from "$CIRCLE_REPOSITORY_URL" - git clone --depth 1 $CIRCLE_REPOSITORY_URL /opt/project - cd /opt/project - git fetch --depth 1 origin +refs/pull/${CIRCLE_PR_NUMBER}/merge - git checkout -qf FETCH_HEAD - else - echo === Checking out branch "${CIRCLE_BRANCH}" from "$CIRCLE_REPOSITORY_URL" - git clone --depth 1 --branch $CIRCLE_BRANCH $CIRCLE_REPOSITORY_URL /opt/project - fi - cd /opt/project - git --no-pager show -s - - get-workspace: - description: "Attach workspace to /opt and symlink checkout into home" - steps: - - run: - name: ensure ca-certificates is installed - command: apt-get update && apt-get -qq -y install ca-certificates - - attach_workspace: - at: /opt - - run: - name: symlink checkout into home - command: rmdir ~/project && ln -s /opt/project ~/project - - run: - name: include $BASH_ENV for both interactive and non-interactive shells - command: echo '. $BASH_ENV' >> $HOME/.bashrc - - install-clang-8: - description: install clang-8 from backports - steps: - - run: - name: add backports and install clang-8 - command: | - echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/backports.list - apt-get update - apt-get -qq -t buster-backports --no-install-recommends install clang-8 llvm-8 - - # FIXME: the build-essential wart below is misformatted intentionally to remind us to replace the remotebackend testing deps with Debian packages - auth-regress-setup: - description: Prepare the environment for auth regression tests - steps: - - get-workspace - - install-auth-deps - - install-clang-8 # for the symbolizer - - run: - name: Install test dependencies - command: | - apt-get -y -qq install \ - authbind \ - bc \ - bind9utils \ - build-essential libsqlite3-dev libzmq3-dev \ - curl \ - default-jre-headless \ - dnsutils \ - gawk \ - git \ - ldnsutils \ - libnet-dns-perl \ - pdns-recursor \ - socat \ - sqlite3 \ - unbound-host - - run: - name: Install jdnssectools - command: | - if [ ! -e $HOME/bin/jdnssec-verifyzone ]; then - apt-get install -qq -y wget - wget https://github.com/dblacka/jdnssec-tools/releases/download/0.14/jdnssec-tools-0.14.tar.gz - tar xfz jdnssec-tools-0.14.tar.gz -C $HOME - rm jdnssec-tools-0.14.tar.gz - fi - echo 'export PATH=$HOME/jdnssec-tools-0.14/bin:$PATH' >> $BASH_ENV - - run: - name: Allow missing tools in verify-dnssec-zone - command: touch regression-tests/tests/verify-dnssec-zone/allow-missing - - run: - name: Start PowerDNS Recursor in the background - command: pdns_recursor - background: true - - run: - name: Set up authbind - command: | - touch /etc/authbind/byport/53 - chmod 755 /etc/authbind/byport/53 - - auth-regress: - description: Run one auth regression context - parameters: - skip: - type: string - default: "" - rootskip: - type: string - default: "" - doroot: - type: boolean - default: true - context: - type: string - default: "" - prefix: - type: string - default: "/opt/pdns-auth/" - steps: - - run: - workdir: ~/project/regression-tests - name: Run << parameters.context >> tests - command: | - [ -e ./vars ] && . ./vars - export - rm -rf tests/*/skip - for t in << parameters.skip >> - do - touch tests/$t/skip - done - PDNS=<< parameters.prefix >>sbin/pdns_server \ - PDNS2=<< parameters.prefix >>sbin/pdns_server \ - SDIG=<< parameters.prefix >>bin/sdig \ - NOTIFY=<< parameters.prefix >>bin/pdns_notify \ - NSEC3DIG=<< parameters.prefix >>bin/nsec3dig \ - SAXFR=<< parameters.prefix >>bin/saxfr \ - ZONE2SQL=<< parameters.prefix >>bin/zone2sql \ - ZONE2LDAP=<< parameters.prefix >>bin/zone2ldap \ - PDNSUTIL=<< parameters.prefix >>bin/pdnsutil \ - PDNSCONTROL=<< parameters.prefix >>bin/pdns_control \ - RESOLVERIP=127.0.0.1 \ - ./start-test-stop 5300 << parameters.context >> - - when: - condition: << parameters.doroot >> - steps: - - run: - workdir: ~/project/regression-tests.rootzone - name: Run << parameters.context >> tests for the root zone - command: | - [ -e ../regression-tests/vars ] && . ../regression-tests/vars - rm -rf tests/*/skip - for t in << parameters.rootskip >> - do - touch tests/$t/skip - done - PDNS=<< parameters.prefix >>sbin/pdns_server \ - PDNS2=<< parameters.prefix >>sbin/pdns_server \ - SDIG=<< parameters.prefix >>bin/sdig \ - NOTIFY=<< parameters.prefix >>bin/pdns_notify \ - NSEC3DIG=<< parameters.prefix >>bin/nsec3dig \ - SAXFR=<< parameters.prefix >>bin/saxfr \ - ZONE2SQL=<< parameters.prefix >>bin/zone2sql \ - ZONE2LDAP=<< parameters.prefix >>bin/zone2ldap \ - PDNSUTIL=<< parameters.prefix >>bin/pdnsutil \ - PDNSCONTROL=<< parameters.prefix >>bin/pdns_control \ - RESOLVERIP=127.0.0.1 \ - ./start-test-stop 5300 << parameters.context >> - - install-auth-deps: - description: Install all libraries needed to run the auth - steps: - - run: | - apt-get install -qq -y --no-install-recommends \ - default-libmysqlclient-dev \ - libboost-all-dev \ - libcdb1 \ - libcurl4 \ - libgeoip1 \ - libkrb5-3 \ - libldap-2.4-2 \ - liblmdb0 \ - libluajit-5.1-2 \ - libmaxminddb0 \ - libp11-kit0 \ - libpq5 \ - libsodium23 \ - libssl1.1 \ - libsystemd0 \ - libyaml-cpp0.6 \ - softhsm2 \ - unixodbc - - install-dnsdist-deps: - description: "Install all libraries needed for testing dnsdist" - steps: - - run: apt-get update - - run: - command: | - apt-get install -qq -y \ - libluajit-5.1-2 \ - libboost-all-dev \ - libcap2 \ - libcdb1 \ - libcurl4-openssl-dev \ - libfstrm0 \ - libgnutls30 \ - libh2o-evloop0.13 \ - liblmdb0 \ - libnghttp2-dev \ - libre2-5 \ - libssl-dev \ - libsystemd0 \ - libsodium23 \ - patch \ - protobuf-compiler \ - python3-venv - - install-auth-dev-deps: - description: Install all packages needed to build the auth - steps: - - run: apt-get update - - run: - command: | - apt-get install -qq -y --no-install-recommends \ - autoconf \ - automake \ - bison \ - bzip2 \ - curl \ - default-libmysqlclient-dev \ - flex \ - g++ \ - git \ - libboost-all-dev \ - libcdb-dev \ - libcurl4-openssl-dev \ - libgeoip-dev \ - libkrb5-dev \ - libldap2-dev \ - liblmdb-dev \ - libluajit-5.1-dev \ - libmaxminddb-dev \ - libp11-kit-dev \ - libpq-dev \ - libsodium-dev \ - libsqlite3-dev \ - libssl-dev \ - libsystemd-dev \ - libtool \ - libyaml-cpp-dev \ - libzmq3-dev \ - make \ - pkg-config \ - python3-venv \ - ragel \ - ruby-bundler \ - ruby2.5-dev \ - sqlite3 \ - systemd \ - unixodbc-dev \ - wget - - add-auth-repo: - description: "Add the debian repo for the auth" - parameters: - version: - type: string - default: "45" - distro: - type: string - default: "debian" - release: - type: string - default: "buster" - steps: - - run: - name: "Install dependencies" - command: "apt-get update && apt-get install -qq -y curl gnupg2" - - run: - name: "Install apt-keys" - command: | - if [ "<< parameters.version >>" = "master" ]; then - curl https://repo.powerdns.com/CBC8B383-pub.asc -o /etc/apt/trusted.gpg.d/CBC8B383-pub.asc - else - curl https://repo.powerdns.com/FD380FBB-pub.asc -o /etc/apt/trusted.gpg.d/FD380FBB-pub.asc - fi - - run: - name: "Add repository" - command: | - echo 'deb [arch=amd64] http://repo.powerdns.com/<< parameters.distro >> << parameters.release >>-auth-<< parameters.version>> main' >> /etc/apt/sources.list.d/pdns.list - - run: - name: "add pinning" - command: | - echo 'Package: pdns-*' > /etc/apt/preferences.d/pdns - echo 'Pin: origin repo.powerdns.com' >> /etc/apt/preferences.d/pdns - echo 'Pin-Priority: 600' >> /etc/apt/preferences.d/pdns - - run: - name: update apt cache - command: apt-get update - - setup-ccache: - description: Install .ccache and set $PATH - steps: - - run: - name: Install ccache - command: apt-get update && apt-get -qq -y install ccache - - run: - name: Setup ccache in $PATH - command: echo 'export PATH=/usr/lib/ccache:$PATH' >> $BASH_ENV - - save-ccache-cache: - description: Store the .ccache directory - parameters: - product: - type: string - default: "" - steps: - - save_cache: - key: ccache-cache-{{ arch }}-<< parameters.product >>-{{ .Branch }} - paths: - - ~/.ccache - - restore-cache-ccache: - description: Restore the .ccache directory - parameters: - product: - type: string - default: "" - steps: - - setup-ccache - - run: - name: ensure ca-certificates is installed - command: apt-get update && apt-get -qq -y install ca-certificates - - restore_cache: - keys: - - ccache-cache-{{ arch }}-<< parameters.product >>-{{ .Branch }} - - ccache-cache-{{ arch }}-<< parameters.product >>- - -jobs: - checkout: - resource_class: small - - docker: - - image: debian:buster - auth: - username: powerdnsreadonly - password: $DOCKERHUB_PASSWORD - - steps: - - checkout-shallow - - persist_to_workspace: - root: /opt - paths: - - project - - build-auth: - docker: - - image: debian:buster - auth: - username: powerdnsreadonly - password: $DOCKERHUB_PASSWORD - environment: - UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1' - ASAN_OPTIONS: detect_leaks=0 - steps: - - get-workspace - - install-auth-dev-deps - - install-clang-8 - - restore-cache-ccache: - product: auth - - run: - name: autoconf - command: BUILDER_VERSION=0.0.0-git1 autoreconf -vfi - - run: - name: configure - command: | - CC='clang-8' \ - CXX='clang++-8' \ - CFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int" \ - CXXFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int -Wp,-D_GLIBCXX_ASSERTIONS" \ - ./configure \ - --enable-option-checking=fatal \ - --with-modules='bind geoip gmysql godbc gpgsql gsqlite3 ldap lmdb lua2 pipe remote tinydns' \ - --enable-systemd \ - --enable-tools \ - --enable-unit-tests \ - --enable-backend-unit-tests \ - --enable-fuzz-targets \ - --enable-experimental-pkcs11 \ - --enable-remotebackend-zeromq \ - --with-lmdb=/usr \ - --with-libsodium \ - --prefix=/opt/pdns-auth \ - --enable-ixfrdist \ - --enable-asan \ - --enable-ubsan - - run: - name: build - command: make -j3 -k - - save-ccache-cache: - product: auth - - run: - name: Install the binaries - command: make install - - persist_to_workspace: - root: /opt - paths: - - pdns-auth - - test-auth-regress-bind: - resource_class: small - - docker: - - image: debian:buster - auth: - username: powerdnsreadonly - password: $DOCKERHUB_PASSWORD - environment: - UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1' - ASAN_OPTIONS: detect_leaks=0 - - image: mysql:5 # for the hybrid test - environment: - MYSQL_ALLOW_EMPTY_PASSWORD: 1 - auth: - username: powerdnsreadonly - password: $DOCKERHUB_PASSWORD - steps: - - auth-regress-setup - - run: - command: apt-get install -qq -y p11-kit softhsm2 - - auth-regress: - context: bind-dnssec-pkcs11 - - run: - command: apt-get install -qq -y default-mysql-client - - run: - command: | - cat >> ~/.my.cnf \<<- __EOF__ - [client] - protocol=TCP - __EOF__ - - run: - name: Set up mysql client lib to force TCP - command: echo 'export GMYSQLHOST=127.0.0.1' > ./vars - workdir: ~/project/regression-tests - - auth-regress: - context: bind-hybrid-nsec3 - -workflows: - version: 2 - - build-and-test-all: - jobs: - - checkout - - build-auth: - requires: - - checkout