restore-keys: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-
- run: inv ci-install-rust ${{ env.REPO_HOME }}
working-directory: ./pdns/dnsdistdist/
- - run: inv ci-build-and-install-quiche
+ - run: inv ci-build-and-install-quiche ${{ env.REPO_HOME }}
working-directory: ./pdns/dnsdistdist/
- run: inv ci-autoconf
working-directory: ./pdns/dnsdistdist/
- run: inv ci-install-rust ${{ env.REPO_HOME }}
if: matrix.product == 'dnsdist'
working-directory: ./pdns/dnsdistdist/
- - run: inv ci-build-and-install-quiche
+ - run: inv ci-build-and-install-quiche ${{ env.REPO_HOME }}
if: matrix.product == 'dnsdist'
working-directory: ./pdns/dnsdistdist/
- name: Configure dnsdist
COVERITY_TOKEN: ${{ secrets.coverity_dnsdist_token }}
SANITIZERS:
UNIT_TESTS: no
+ REPO_HOME: ${{ github.workspace }}
steps:
- uses: PowerDNS/pdns/set-ubuntu-mirror@meta
- uses: actions/checkout@v4
- run: inv coverity-clang-configure
- run: inv ci-autoconf
working-directory: ./pdns/dnsdistdist/
- - run: inv ci-build-and-install-quiche
+ - run: inv ci-build-and-install-quiche ${{ env.REPO_HOME }}
working-directory: ./pdns/dnsdistdist/
- run: inv ci-dnsdist-configure full
working-directory: ./pdns/dnsdistdist/
RUN mkdir /libh2o && cd /libh2o && \
- apt-get update && apt-get install -y cmake curl libssl-dev zlib1g-dev && \
- curl -f -L https://github.com/PowerDNS/h2o/archive/refs/tags/v2.2.6+pdns2.tar.gz | tar xz && \
- CFLAGS='-fPIC' cmake -DWITH_PICOTLS=off -DWITH_BUNDLED_SSL=off -DWITH_MRUBY=off -DCMAKE_INSTALL_PREFIX=/opt ./h2o-2.2.6-pdns2 && \
- make install
+ apt-get update && apt-get install -y cmake curl jq libssl-dev zlib1g-dev && \
+ cd /source/builder-support/helpers/ && \
+ ./install_h2o.sh
RUN mkdir /quiche && cd /quiche && \
apt-get install -y libclang-dev && \
apt-get clean && \
- /source/builder-support/helpers/install_rust.sh && \
- /source/builder-support/helpers/install_quiche.sh
+ cd /source/builder-support/helpers/ && \
+ ./install_rust.sh && \
+ ./install_quiche.sh
RUN mkdir /build && \
LUAVER=$([ -z "${NO_LUA_JIT##*$(dpkg --print-architecture)*}" ] && echo 'lua5.3' || echo 'luajit') && \
RUN apt-get update && apt-get -y dist-upgrade && apt-get clean
# devscripts gives us mk-build-deps (and a lot of other stuff)
-RUN apt-get install -y --no-install-recommends devscripts equivs git curl && apt-get clean
+RUN apt-get install -y --no-install-recommends devscripts equivs git curl jq && apt-get clean
COPY builder-support /source/builder-support
COPY builder/helpers/set-configure-ac-version.sh /usr/local/bin
COPY builder-support/helpers/install_rust.sh /source/install_rust.sh
-RUN /source/install_rust.sh
+COPY builder-support/helpers/rust.json /source/rust.json
+RUN cd /source/ && ./install_rust.sh
# build and install (TODO: before we hit this line, rearrange /source structure if we are coming from a tarball)
WORKDIR /source/pdns/recursordist
@IF [ -n "$M_dnsdist$M_all" ]
RUN mkdir /libh2o && cd /libh2o && \
apt-get update && apt-get install -y cmake curl libssl-dev zlib1g-dev && \
- curl -f -L https://github.com/PowerDNS/h2o/archive/refs/tags/v2.2.6+pdns2.tar.gz | tar xz && \
- CFLAGS='-fPIC' cmake -DWITH_PICOTLS=off -DWITH_BUNDLED_SSL=off -DWITH_MRUBY=off -DCMAKE_INSTALL_PREFIX=/opt ./h2o-2.2.6-pdns2 && \
- make install
+ cd /pdns/builder-support/helpers/ && \
+ ./install_h2o.sh
RUN builder/helpers/build-debs.sh dnsdist-${BUILDER_VERSION}
FROM dist-base as package-builder
ARG APT_URL
-RUN DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends devscripts dpkg-dev build-essential python3-venv equivs curl
+RUN DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends devscripts dpkg-dev build-essential python3-venv equivs curl jq
RUN mkdir /dist /pdns
WORKDIR /pdns
ADD builder-support/helpers/ /pdns/builder-support/helpers/
@IF [ -n "$M_recursor$M_all" ]
-RUN /pdns/builder-support/helpers/install_rust.sh
+RUN cd /pdns/builder-support/helpers/ && ./install_rust.sh
@ENDIF
@IF [ -n "$M_dnsdist$M_all" ]
-RUN /pdns/builder-support/helpers/install_rust.sh
+RUN cd /pdns/builder-support/helpers/ && ./install_rust.sh
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends git cmake clang
-RUN /pdns/builder-support/helpers/install_quiche.sh
+RUN cd /pdns/builder-support/helpers/ && ./install_quiche.sh
@ENDIF
# Used for -p option to only build specific packages
WORKDIR /pdns-recursor/pdns/recursordist
ADD builder-support/helpers/ /pdns/builder-support/helpers/
-RUN /pdns/builder-support/helpers/install_rust.sh
+RUN cd /pdns/builder-support/helpers/ && \
+ ./install_rust.sh
RUN mkdir /sdist
FROM dist-base as package-builder
RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \
yum upgrade -y && \
- yum install -y rpm-build rpmdevtools python2 python3 curl "@Development Tools"; \
+ yum install -y rpm-build rpmdevtools python2 python3 curl jq "@Development Tools"; \
else \
yum upgrade -y && \
- yum install --allowerasing -y rpm-build rpmdevtools python3 curl "@Development Tools"; \
+ yum install --allowerasing -y rpm-build rpmdevtools python3 curl jq "@Development Tools"; \
fi
RUN mkdir /dist /pdns
ADD builder-support/helpers/ /pdns/builder-support/helpers/
@IF [ -n "$M_recursor$M_all" ]
-RUN /pdns/builder-support/helpers/install_rust.sh
+RUN cd pdns/builder-support/helpers/ && ./install_rust.sh
@ENDIF
@IF [ -n "$M_dnsdist$M_all" ]
-RUN /pdns/builder-support/helpers/install_rust.sh
# We do not build Quiche (DNS over QUIC support) on el-7 because the clang
# version is too old to build the 'boring-sys' crate needed by Quiche
RUN if ! $(grep -q 'release 7' /etc/redhat-release); then \
+ cd /pdns/builder-support/helpers/ && ./install_rust.sh; \
yum install -y git cmake clang; \
- /pdns/builder-support/helpers/install_quiche.sh; \
+ cd /pdns/builder-support/helpers/ && \
+ ./install_quiche.sh; \
fi
@ENDIF
# this is fine because --allowerasing is only there to deal with libcurl conflicting with libcurl-minimal on some el9 images
RUN touch /var/lib/rpm/* && mkdir /libh2o && cd /libh2o && \
yum install -y --allowerasing curl libcurl openssl-devel cmake || yum install -y curl libcurl openssl-devel cmake && \
- curl -f -L https://github.com/PowerDNS/h2o/archive/refs/tags/v2.2.6+pdns2.tar.gz | tar xz && \
- CFLAGS='-fPIC' cmake -DWITH_PICOTLS=off -DWITH_BUNDLED_SSL=off -DWITH_MRUBY=off -DCMAKE_INSTALL_PREFIX=/opt ./h2o-2.2.6-pdns2 && \
- make install
+ cd /pdns/builder-support/helpers/ && \
+ ./install_h2o.sh
RUN touch /var/lib/rpm/* && if $(grep -q 'release 7' /etc/redhat-release); then \
scl enable devtoolset-11 -- builder/helpers/build-specs.sh builder-support/specs/dnsdist.spec; \
--- /dev/null
+{
+ "version": "2.2.6-pdns2",
+ "SHA256SUM": "e25959c3f9a102e7a332ca0bb8b3f533eb14919d5a60ca999730c2ebee4b548f"
+}
--- /dev/null
+#!/bin/sh
+set -v
+set -e
+
+readonly H2O_VERSION=$(jq -r .version < h2o.json)
+readonly H2O_TARBALL="v${H2O_VERSION}.tar.gz"
+readonly H2O_TARBALL_URL="https://github.com/PowerDNS/h2o/archive/refs/tags/${H2O_TARBALL}"
+readonly H2O_TARBALL_HASH=$(jq -r .SHA256SUM < h2o.json)
+
+cd /tmp
+echo $0: Downloading $H2O_TARBALL
+curl -f -L -o "${H2O_TARBALL}" "${H2O_TARBALL_URL}"
+
+# Line below should echo two spaces between digest and name
+echo "${H2O_TARBALL_HASH}" "${H2O_TARBALL}" | sha256sum -c -
+tar xf "${H2O_TARBALL}"
+CFLAGS='-fPIC' cmake -DWITH_PICOTLS=off -DWITH_BUNDLED_SSL=off -DWITH_MRUBY=off -DCMAKE_INSTALL_PREFIX=/opt ./h2o-${H2O_VERSION}
+make -j $(nproc)
+make install
+rm -rf "${H2O_TARBALL}" "h2o-${H2O_VERSION}"
set -v
set -e
-readonly QUICHE_VERSION='0.20.1'
+readonly QUICHE_VERSION=$(jq -r .version < quiche.json)
readonly QUICHE_TARBALL="${QUICHE_VERSION}.tar.gz"
readonly QUICHE_TARBALL_URL="https://github.com/cloudflare/quiche/archive/${QUICHE_TARBALL}"
-readonly QUICHE_TARBALL_HASH='9c460d8ecf6c80c06bf9b42f91201ef33f912e2615a871ff2d0e50197b901c71'
+readonly QUICHE_TARBALL_HASH=$(jq -r .SHA256SUM < quiche.json)
INSTALL_PREFIX=/usr
SOEXT=so
fi
cd /tmp
-echo $0: Downloading $QUICHE_TARBALL
+echo $0: Downloading ${QUICHE_TARBALL}
curl -L -o "${QUICHE_TARBALL}" "${QUICHE_TARBALL_URL}"
+echo $0: Checking that the hash of ${QUICHE_TARBALL} is ${QUICHE_TARBALL_HASH}
# Line below should echo two spaces between digest and name
echo "${QUICHE_TARBALL_HASH}" "${QUICHE_TARBALL}" | sha256sum -c -
tar xf "${QUICHE_TARBALL}"
ARCH=$(arch)
# Default version
-RUST_VERSION=rust-1.75.0-$ARCH-unknown-linux-gnu
+RUST_VERSION_NUMBER=$(jq -r .version < rust.json)
+RUST_VERSION=rust-$RUST_VERSION_NUMBER-$ARCH-unknown-linux-gnu
if [ $# -ge 1 ]; then
RUST_VERSION=$1
SITE=https://downloads.powerdns.com/rust
RUST_TARBALL=$RUST_VERSION.tar.gz
-SHA256SUM_x86_64=473978b6f8ff216389f9e89315211c6b683cf95a966196e7914b46e8cf0d74f6
-SHA256SUM_aarch64=30828cd904fcfb47f1ac43627c7033c903889ea4aca538f53dcafbb3744a9a73
+SHA256SUM_x86_64=$(jq -r .SHA256SUM_x86_64 < rust.json)
+SHA256SUM_aarch64=$(jq -r .SHA256SUM_aarch64 < rust.json)
NAME=SHA256SUM_$ARCH
eval VALUE=\$$NAME
#
cd /tmp
echo $0: Downloading $RUST_TARBALL
+echo $0: Expecting hash $VALUE
curl -f -o $RUST_TARBALL $SITE/$RUST_TARBALL
# Line below should echo two spaces between digest and name
--- /dev/null
+{
+ "version": "0.20.1",
+ "SHA256SUM": "9c460d8ecf6c80c06bf9b42f91201ef33f912e2615a871ff2d0e50197b901c71"
+}
--- /dev/null
+{
+ "version": "1.75.0",
+ "SHA256SUM_x86_64": "473978b6f8ff216389f9e89315211c6b683cf95a966196e7914b46e8cf0d74f6",
+ "SHA256SUM_aarch64": "30828cd904fcfb47f1ac43627c7033c903889ea4aca538f53dcafbb3744a9a73"
+}
Summary: Modern, advanced and high performance recursing/non authoritative name server
Group: System Environment/Daemons
License: GPLv2
+Vendor: PowerDNS.COM BV
URL: https://powerdns.com
Source0: %{name}-%{getenv:BUILDER_VERSION}.tar.bz2
Summary: A modern, advanced and high performance authoritative-only nameserver
Group: System Environment/Daemons
License: GPLv2
+Vendor: PowerDNS.COM BV
URL: https://powerdns.com
Source0: %{name}-%{getenv:BUILDER_VERSION}.tar.bz2
from invoke import task
from invoke.exceptions import Failure, UnexpectedExit
+import json
import os
import sys
import time
auth_backend_ip_addr = os.getenv('AUTH_BACKEND_IP_ADDR', '127.0.0.1')
clang_version = os.getenv('CLANG_VERSION', '13')
-quiche_version = '0.20.1'
-quiche_hash = '9c460d8ecf6c80c06bf9b42f91201ef33f912e2615a871ff2d0e50197b901c71'
all_build_deps = [
'ccache',
@task
def ci_install_rust(c, repo):
- c.sudo(f'{repo}/builder-support/helpers/install_rust.sh')
+ with c.cd(f'{repo}/builder-support/helpers/'):
+ c.run('sudo sh install_rust.sh')
def install_libdecaf(c, product):
c.run('git clone https://git.code.sf.net/p/ed448goldilocks/code /tmp/libdecaf')
https://scan.coverity.com/builds?project={project}', hide=True)
@task
-def ci_build_and_install_quiche(c):
+def ci_build_and_install_quiche(c, repo):
+ with open(f'{repo}/builder-support/helpers/quiche.json') as quiche_json:
+ quiche_data = json.load(quiche_json)
+ quiche_version = quiche_data['version']
+ quiche_hash = quiche_data['SHA256SUM']
+
# we have to pass -L because GitHub will do a redirect, sadly
c.run(f'curl -L -o quiche-{quiche_version}.tar.gz https://github.com/cloudflare/quiche/archive/{quiche_version}.tar.gz')
# Line below should echo two spaces between digest and name
projects / thirdparty / pdns.git / commitdiff
