From: Arran Cudbard-Bell Date: Tue, 19 May 2026 02:17:01 +0000 (-0400) Subject: crossbuild: fix double-slash in m4 paths and auth dind to internal registry X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d74e581bbf3313675be81a55d3eeea36b6e1f471;p=thirdparty%2Ffreeradius-server.git crossbuild: fix double-slash in m4 paths and auth dind to internal registry CB_DIR was constructed via `$(dir $(realpath ...))`, which always ends in `/`. Subsequent concatenations of the form `$(CB_DIR)/build` produced rendered paths like `/workspace/scripts/docker//build`, which made the BUILD/REGEN log lines and stamp-file paths ugly (though make itself happily collapses the doubled slash). Strip the trailing slash once at the CB_DIR definition with patsubst so every existing `/foo` concat stays readable. The dind sidecar's daemon isn't pre-authenticated to docker.internal.networkradius.com - only the self-hosted runner host's daemon is, via the runner's job-started hook, and that auth doesn't propagate into dind. crossbuild now FROMs self-hosted-* via the CB_FROM_ overrides, so the inner build was failing with `401 Unauthorized` on the manifest HEAD. Add an explicit `docker login` step via the existing DOCKER_REPO_USERNAME/_PASSWORD secrets, mirroring what ci-multi-server-tests.yml already does for the same reason. --- diff --git a/.github/workflows/crossbuild.yml b/.github/workflows/crossbuild.yml index 416b6dcda1b..2bf9af95861 100644 --- a/.github/workflows/crossbuild.yml +++ b/.github/workflows/crossbuild.yml @@ -115,6 +115,21 @@ jobs: - uses: ./.github/actions/setup-dind + # + # The dind sidecar has its own dockerd that's not pre-authenticated + # to docker.internal.networkradius.com (the host docker daemon on + # the self-hosted runner is, via the runner's job-started hook, + # but that auth doesn't propagate into the dind container). Log in + # explicitly so the inner crossbuild's FROM-pull of self-hosted-* + # works instead of 401-ing. + # + - name: Login to internal Docker registry (via dind) + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_REPO_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_REPO_PASSWORD }} + run: | + echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin https://docker.internal.networkradius.com/ + # # Run the per-distro crossbuild. CB_FROM_ overrides the # `from` build-arg in scripts/docker/crossbuild.mk so the inner diff --git a/scripts/docker/crossbuild.mk b/scripts/docker/crossbuild.mk index ff4b97639dd..8f42b093828 100644 --- a/scripts/docker/crossbuild.mk +++ b/scripts/docker/crossbuild.mk @@ -13,8 +13,10 @@ else # CB_COMMON:=rocky9 debian12 ubuntu24 -# Top level of where all crossbuild and docker files are -CB_DIR:=$(dir $(realpath $(lastword $(MAKEFILE_LIST)))) +# Top level of where all crossbuild and docker files are. `$(dir ...)` +# would leave a trailing slash that doubles up when concatenated with +# `/build` etc., so strip it here once. +CB_DIR:=$(patsubst %/,%,$(dir $(realpath $(lastword $(MAKEFILE_LIST))))) # Where the docker directories are DT:=$(CB_DIR)/build diff --git a/scripts/docker/docker.mk b/scripts/docker/docker.mk index 2bd5b52c6ce..651e37e2f88 100644 --- a/scripts/docker/docker.mk +++ b/scripts/docker/docker.mk @@ -12,8 +12,10 @@ else # DOCKER_COMMON:=ubuntu22 -# Top level of where all crossbuild and docker files are -CB_DIR:=$(dir $(realpath $(lastword $(MAKEFILE_LIST)))) +# Top level of where all crossbuild and docker files are. `$(dir ...)` +# would leave a trailing slash that doubles up when concatenated with +# `/build` etc., so strip it here once. +CB_DIR:=$(patsubst %/,%,$(dir $(realpath $(lastword $(MAKEFILE_LIST))))) # Where the docker directories are DT:=$(CB_DIR)/build