From: Otto Moerbeek Date: Mon, 26 May 2025 08:38:43 +0000 (+0200) Subject: rec: build dist tarball and el-x packages using meson X-Git-Tag: dnsdist-2.0.0-beta1~56^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=948f8b0b5840438e437395af96ed8cb55b8d97c8;p=thirdparty%2Fpdns.git rec: build dist tarball and el-x packages using meson --- diff --git a/builder-support/dockerfiles/Dockerfile.recursor b/builder-support/dockerfiles/Dockerfile.recursor index 6a2a3f0143..3533a7ef04 100644 --- a/builder-support/dockerfiles/Dockerfile.recursor +++ b/builder-support/dockerfiles/Dockerfile.recursor @@ -1,26 +1,23 @@ -FROM alpine:3.18 as pdns-recursor +FROM alpine:3.21 AS pdns-recursor ARG BUILDER_CACHE_BUSTER= RUN apk add --no-cache gcc g++ make tar autoconf automake protobuf-dev lua-dev \ libtool file boost-dev curl openssl-dev ragel python3 \ - flex bison git bash jq + flex bison git bash jq meson -ADD COPYING NOTICE /pdns-recursor/ -@EXEC sdist_dirs=(build-aux m4 pdns ext docs) -@EXEC for d in ${sdist_dirs[@]} ; do echo "COPY $d/ /pdns-recursor/$d/" ; done -ADD builder/helpers/set-configure-ac-version.sh /pdns-recursor/builder/helpers/ -ADD builder-support/gen-version /pdns-recursor/pdns/recursordist/builder-support/gen-version -WORKDIR /pdns-recursor/pdns/recursordist +COPY . /pdns-recursor +WORKDIR /pdns-recursor -ADD builder-support/helpers/ /pdns/builder-support/helpers/ -RUN cd /pdns/builder-support/helpers/ && \ +#ADD builder-support/helpers/ /pdns/builder-support/helpers/ +RUN cd /pdns-recursor/builder-support/helpers/ && \ ./install_rust.sh RUN mkdir /sdist ARG BUILDER_VERSION -RUN /pdns-recursor/builder/helpers/set-configure-ac-version.sh && \ - autoreconf -v -i --force && \ - ./configure --disable-dependency-tracking && \ - make dist -RUN cp pdns-recursor-${BUILDER_VERSION}.tar.bz2 /sdist/ + +RUN cd /pdns-recursor/pdns/recursordist && \ + meson setup /tmp/rec-meson-dist-build && \ + meson dist -C /tmp/rec-meson-dist-build --no-tests + +RUN cp /tmp/rec-meson-dist-build/meson-dist/pdns-recursor-${BUILDER_VERSION}.tar.xz /sdist/ diff --git a/builder-support/dockerfiles/Dockerfile.rpmbuild b/builder-support/dockerfiles/Dockerfile.rpmbuild index f233c2cbc7..82cd02d435 100644 --- a/builder-support/dockerfiles/Dockerfile.rpmbuild +++ b/builder-support/dockerfiles/Dockerfile.rpmbuild @@ -1,4 +1,4 @@ -FROM dist-base as package-builder +FROM dist-base AS package-builder RUN if $(grep -q 'release 8' /etc/redhat-release); then \ yum upgrade -y && \ yum install --allowerasing -y rpm-build rpmdevtools python3.12 curl jq "@Development Tools" ninja-build hostname python3.12-pip python3.12-yaml ; \ @@ -17,7 +17,9 @@ ADD builder-support/helpers/ /pdns/builder-support/helpers/ @IF [ -n "$M_recursor$M_all" ] COPY --from=pdns-recursor /tmp/rust* /tmp -RUN cd /pdns/builder-support/helpers/ && ./install_rust.sh +RUN cd /pdns/builder-support/helpers/ && ./install_rust.sh && \ + yum install -y git cmake clang +RUN cd /pdns/builder-support/helpers/ && ./install_meson.sh @ENDIF @IF [ -n "$M_dnsdist$M_all" ] diff --git a/builder-support/dockerfiles/Dockerfile.rpmtest b/builder-support/dockerfiles/Dockerfile.rpmtest index e398ffcf46..68d9f6d014 100644 --- a/builder-support/dockerfiles/Dockerfile.rpmtest +++ b/builder-support/dockerfiles/Dockerfile.rpmtest @@ -1,5 +1,5 @@ # Install the built rpms and test them -FROM dist-base as dist +FROM dist-base AS dist # If you want to install extra packages or do generic configuration, # do it before the COPY. Either here, or in the dist-base layer. diff --git a/builder-support/dockerfiles/Dockerfile.target.el-9 b/builder-support/dockerfiles/Dockerfile.target.el-9 index 5aca4059a2..f7a4e50bbe 100644 --- a/builder-support/dockerfiles/Dockerfile.target.el-9 +++ b/builder-support/dockerfiles/Dockerfile.target.el-9 @@ -3,7 +3,7 @@ # This defines the distribution base layer # Put only the bare minimum of common commands here, without dev tools -FROM oraclelinux:9 as dist-base +FROM oraclelinux:9 AS dist-base ARG BUILDER_CACHE_BUSTER= RUN touch /var/lib/rpm/* && dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \ diff --git a/builder-support/dockerfiles/Dockerfile.target.sdist b/builder-support/dockerfiles/Dockerfile.target.sdist index 919fb6ebac..0d220eb426 100644 --- a/builder-support/dockerfiles/Dockerfile.target.sdist +++ b/builder-support/dockerfiles/Dockerfile.target.sdist @@ -10,7 +10,7 @@ @INCLUDE Dockerfile.dnsdist @ENDIF -FROM alpine:3.18 as sdist +FROM alpine:3.18 AS sdist ARG BUILDER_CACHE_BUSTER= @IF [ -z "$M_authoritative$M_recursor$M_dnsdist$M_all" ] diff --git a/builder-support/specs/pdns-recursor.spec b/builder-support/specs/pdns-recursor.spec index 8559a551f0..19986238c6 100644 --- a/builder-support/specs/pdns-recursor.spec +++ b/builder-support/specs/pdns-recursor.spec @@ -6,19 +6,24 @@ Group: System Environment/Daemons License: GPLv2 Vendor: PowerDNS.COM BV URL: https://powerdns.com -Source0: %{name}-%{getenv:BUILDER_VERSION}.tar.bz2 +Source0: %{name}-%{getenv:BUILDER_VERSION}.tar.xz Provides: powerdns-recursor = %{version}-%{release} +BuildRequires: clang +BuildRequires: lld + BuildRequires: boost-devel -BuildRequires: libcap-devel -BuildRequires: systemd -BuildRequires: systemd-devel -BuildRequires: openssl-devel BuildRequires: fstrm-devel +BuildRequires: hostname +BuildRequires: libcap-devel BuildRequires: libcurl-devel -BuildRequires: net-snmp-devel BuildRequires: libsodium-devel +BuildRequires: net-snmp-devel +BuildRequires: ninja-build +BuildRequires: openssl-devel +BuildRequires: systemd +BuildRequires: systemd-devel %ifarch aarch64 BuildRequires: lua-devel @@ -43,30 +48,58 @@ package if you need a dns cache for your network. %prep %autosetup -p1 -n %{name}-%{getenv:BUILDER_VERSION} +%if 0%{?rhel} >= 9 +%global toolchain clang +%else +# we need to disable the hardened flags because they are GCC-only +%undefine _hardened_build +%endif + %build +# We need to build with LLVM/clang to be able to use LTO, since we are linking against a static Rust library built with LLVM +export CC=clang +export CXX=clang++ +# build-id SHA1 prevents an issue with the debug symbols ("export: `-Wl,--build-id=sha1': not a valid identifier") +export LDFLAGS="-fuse-ld=lld -Wl,--build-id=sha1" + +%if 0%{?rhel} < 9 +# starting with EL-9 we get these hardening settings for free by just setting the right toolchain (see above) +%ifarch aarch64 +%define cf_protection %{nil} +%else +%define cf_protection -fcf-protection +%endif +%if "%{_arch}" == "aarch64" && 0%{?amzn2023} +%define stack_clash_protection %{nil} +%else +%define stack_clash_protection -fstack-clash-protection +%endif +export CFLAGS="-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -gdwarf-4" +export CXXFLAGS="-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -gdwarf-4" +%endif -%configure \ - --enable-option-checking=fatal \ +# Note that the RPM meson macro "helpfully" sets +# --auto-features=enabled so our auto-detection is broken +%meson \ --sysconfdir=%{_sysconfdir}/%{name} \ - --disable-silent-rules \ - --disable-static \ - --enable-unit-tests \ - --enable-dns-over-tls \ - --enable-dnstap \ - --with-libcap \ - --with-lua=%{lua_implementation} \ - --with-libsodium \ - --with-net-snmp \ - --enable-systemd --with-systemd=%{_unitdir} \ - --enable-nod - -make %{?_smp_mflags} + -Dunit-tests=true \ + -Db_lto=true \ + -Db_lto_mode=thin \ + -Db_pie=true \ + -Ddns-over-tls=enabled \ + -Ddnstap=enabled \ + -Dlibcap=enabled \ + -Dlua=%{lua_implementation} \ + -Dsigners-libsodium=enabled \ + -Dsnmp=enabled \ + -Dnod=enabled +%meson_build %check -make %{?_smp_mflags} check || (cat test-suite.log && false) +%meson_test %install -make install DESTDIR=%{buildroot} +%meson_install %{__mkdir} %{buildroot}%{_sysconfdir}/%{name}/recursor.d diff --git a/pdns/recursordist/meson.build b/pdns/recursordist/meson.build index 40da702aa8..b466a5ad12 100644 --- a/pdns/recursordist/meson.build +++ b/pdns/recursordist/meson.build @@ -609,6 +609,11 @@ if python.found() foreach man_page: info['manpages'] if not fs.is_file(man_page) generated_man_pages += man_page + else + install_man( + man_page, + install_dir: join_paths(get_option('mandir'), 'man1'), + ) endif endforeach endif