From: Michal Nowak Date: Wed, 30 Apr 2025 11:46:57 +0000 (+0200) Subject: Use AlmaLinux for FIPS testing in AWS X-Git-Tag: v9.21.9~22^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55532564272c3bf472f3eb57ed7dc4b5813ceea9;p=thirdparty%2Fbind9.git Use AlmaLinux for FIPS testing in AWS --- diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e6f5254e0ab..e4274d0bfa2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -63,6 +63,19 @@ variables: SHOTGUN_EVAL_THRESHOLD_LATENCY_PCTL_MIN: '-inf' SHOTGUN_EVAL_THRESHOLD_LATENCY_PCTL_DRIFT_MIN: '-inf' + # Even though there's only one job per runtime environment, the GitLab + # "instance" executor insists on cloning the Git repository to a path that + # contains a variable number from zero to the "maximum concurrent instances + # count" allowed on the GitLab Runner. See the "0" directory in this example + # path: /home/ec2-user/builds/t1_4FZzvz/0/isc-projects/bind9/.git/. + # + # This is not a problem for isolated jobs like "stress" tests that depend on + # no other jobs. However, it is a problem for jobs that need other jobs' + # artifacts. For example, a system test job that has its Git repo cloned to + # the "/1/" sub-path will fail if it downloads build job artifacts that have + # ./configure output files with "/0/" in its sub-path recorded. + GIT_CLONE_PATH_INSTANCE_EXECUTOR: "/home/ec2-user/builds/${CI_PROJECT_PATH}/" + default: # Allow all running CI jobs to be automatically canceled when a new # version of a branch is pushed. @@ -91,10 +104,23 @@ stages: ### Runner Tag Templates -.libvirt-amd64: &libvirt_amd64 +# AlmaLinux autoscaling GitLab Runners on AWS EC2 (amd64) + +.almalinux-8fips-amd64-image: &almalinux_8fips_amd64_image tags: - - libvirt + - almalinux-8 - amd64 + - autoscaler + - aws + - shell + +.almalinux-9fips-amd64-image: &almalinux_9fips_amd64_image + tags: + - almalinux-9 + - amd64 + - autoscaler + - aws + - shell # Autoscaling GitLab Runner on AWS EC2 (amd64) @@ -136,18 +162,7 @@ stages: variables: CC: clang CFLAGS: "${CFLAGS_COMMON} -Og" - # Even though there's only one job per runtime environment, the GitLab - # "instance" executor insists on cloning the Git repository to a path that - # contains a variable number from zero to the "maximum concurrent instances - # count" allowed on the GitLab Runner. See the "0" directory in this - # example path: /home/ec2-user/builds/t1_4FZzvz/0/isc-projects/bind9/.git/. - # - # This is not a problem for isolated jobs like "stress" tests that depend - # on no other jobs. However, it is a problem for jobs that need other jobs' - # artifacts. For example, a system test job that has its Git repo cloned to - # the "/1/" sub-path will fail if it downloads build job artifacts that - # have ./configure output files with "/0/" in its sub-path recorded. - GIT_CLONE_PATH: "/home/ec2-user/builds/${CI_PROJECT_PATH}/" + GIT_CLONE_PATH: "${GIT_CLONE_PATH_INSTANCE_EXECUTOR}" # Use MIT Kerberos5 for BIND 9 GSS-API support because of FreeBSD Heimdal # incompatibility; see https://bugs.freebsd.org/275241. EXTRA_CONFIGURE: "${WITH_LIBEDIT} --with-gssapi=/usr/local/bin/krb5-config" @@ -182,16 +197,6 @@ stages: image: "$CI_REGISTRY_IMAGE:almalinux-9-amd64" <<: *linux_amd64 -# Oracle Linux - -.oraclelinux-8fips-amd64: &oraclelinux_8fips_amd64_image - image: "oraclelinux-8fips-x86_64" - <<: *libvirt_amd64 - -.oraclelinux-9fips-amd64: &oraclelinux_9fips_amd64_image - image: "oraclelinux-9fips-x86_64" - <<: *libvirt_amd64 - # Debian .debian-bookworm-amd64: &debian_bookworm_amd64_image @@ -878,27 +883,32 @@ unit:gcc:almalinux9:amd64: needs: - job: gcc:almalinux9:amd64 -# Jobs for scheduled GCC builds on Oracle Linux 8 & 9 FIPS-aware images with -# FIPS mode in BIND 9 enabled +# Jobs for scheduled GCC builds on AlmaLinux 8 & 9 FIPS-aware images with FIPS +# mode in BIND 9 enabled gcc:8fips:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--with-libidn2 --enable-fips-mode --disable-tracing" - <<: *oraclelinux_8fips_amd64_image + GIT_CLONE_PATH: "${GIT_CLONE_PATH_INSTANCE_EXECUTOR}" + <<: *almalinux_8fips_amd64_image <<: *build_job system:gcc:8fips:amd64: - <<: *oraclelinux_8fips_amd64_image + <<: *almalinux_8fips_amd64_image <<: *system_test_job + variables: + GIT_CLONE_PATH: "${GIT_CLONE_PATH_INSTANCE_EXECUTOR}" needs: - job: gcc:8fips:amd64 artifacts: true unit:gcc:8fips:amd64: - <<: *oraclelinux_8fips_amd64_image + <<: *almalinux_8fips_amd64_image <<: *unit_test_job + variables: + GIT_CLONE_PATH: "${GIT_CLONE_PATH_INSTANCE_EXECUTOR}" needs: - job: gcc:8fips:amd64 artifacts: true @@ -908,21 +918,26 @@ gcc:9fips:amd64: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--with-libidn2 --enable-fips-mode --disable-leak-detection --disable-tracing" - <<: *oraclelinux_9fips_amd64_image + GIT_CLONE_PATH: "${GIT_CLONE_PATH_INSTANCE_EXECUTOR}" + <<: *almalinux_9fips_amd64_image <<: *build_job system:gcc:9fips:amd64: - <<: *oraclelinux_9fips_amd64_image + <<: *almalinux_9fips_amd64_image <<: *system_test_job <<: *api_pipelines_schedules_tags_triggers_web_triggering_rules + variables: + GIT_CLONE_PATH: "${GIT_CLONE_PATH_INSTANCE_EXECUTOR}" needs: - job: gcc:9fips:amd64 artifacts: true unit:gcc:9fips:amd64: - <<: *oraclelinux_9fips_amd64_image + <<: *almalinux_9fips_amd64_image <<: *unit_test_job <<: *api_pipelines_schedules_tags_triggers_web_triggering_rules + variables: + GIT_CLONE_PATH: "${GIT_CLONE_PATH_INSTANCE_EXECUTOR}" needs: - job: gcc:9fips:amd64 artifacts: true diff --git a/doc/arm/platforms.inc.rst b/doc/arm/platforms.inc.rst index def054daea4..fde930d0d7a 100644 --- a/doc/arm/platforms.inc.rst +++ b/doc/arm/platforms.inc.rst @@ -46,7 +46,7 @@ following systems: - Debian 12 - Ubuntu LTS 22.04, 24.04 - Fedora 42 -- Red Hat Enterprise Linux / CentOS / Oracle Linux / AlmaLinux 8, 9 +- Red Hat Enterprise Linux / CentOS / AlmaLinux 8, 9 - FreeBSD 13.4, 14.2 - Alpine Linux 3.21