From 4f0ce71a6f728b34f46d1bcbeaf63978ef3aae10 Mon Sep 17 00:00:00 2001 From: Arran Cudbard-Bell Date: Tue, 19 May 2026 16:41:30 -0400 Subject: [PATCH] docker: type-agnostic lifecycle, profiling for all distros, legacy crossbuild aliases Splits the surface area further: docker.mk owns the generic image / container / test machinery for every TYPE; crossbuild.mk is now a thin alias layer (crossbuild.* -> docker.crossbuild.*) plus the legacy crossbuild.help. DOCKER_TEST is the renamed type-parameterised form of the old crossbuild test cycle, so docker...test exists for every (image, type). Profiling is no longer ubuntu24-only. A new profiling.rpm.m4 mirrors the deb variant (valgrind, gperftools, heaptrack, kcachegrind, libkqueue rebuild with debug symbols, FlameGraph, Inferno) using Rocky package names, and common.rpm.debuginfo.m4 / common.deb.dbgsym.m4 are now included unconditionally from both ci.* and crossbuild.* templates. The deb repo URL was wrong (debian-debug.debian.net is unresolvable); swapped to debug.mirrors.debian.org. The rpm side now goes through `dnf debuginfo-install` (via dnf-plugins-core) so Rocky's per-version debug-repo naming shifts don't break the build. --- Makefile | 3 +- scripts/docker/build/debian12/Dockerfile.ci | 8 +- .../build/debian12/Dockerfile.crossbuild | 8 +- .../build/debian12/Dockerfile.profiling | 122 +++++++++++++++++ scripts/docker/build/debian13/Dockerfile.ci | 8 +- .../build/debian13/Dockerfile.crossbuild | 8 +- .../build/debian13/Dockerfile.profiling | 122 +++++++++++++++++ scripts/docker/build/debiansid/Dockerfile.ci | 8 +- .../build/debiansid/Dockerfile.crossbuild | 8 +- .../build/debiansid/Dockerfile.profiling | 122 +++++++++++++++++ scripts/docker/build/rocky10/Dockerfile.ci | 60 ++++----- .../build/rocky10/Dockerfile.crossbuild | 60 ++++----- .../docker/build/rocky10/Dockerfile.profiling | 104 +++++++++++++++ scripts/docker/build/rocky9/Dockerfile.ci | 60 ++++----- .../docker/build/rocky9/Dockerfile.crossbuild | 60 ++++----- .../docker/build/rocky9/Dockerfile.profiling | 104 +++++++++++++++ scripts/docker/build/ubuntu22/Dockerfile.ci | 6 +- .../build/ubuntu22/Dockerfile.crossbuild | 6 +- .../build/ubuntu22/Dockerfile.profiling | 124 ++++++++++++++++++ scripts/docker/build/ubuntu24/Dockerfile.ci | 6 +- .../build/ubuntu24/Dockerfile.crossbuild | 6 +- .../build/ubuntu24/Dockerfile.profiling | 6 +- scripts/docker/build/ubuntu26/Dockerfile.ci | 6 +- .../build/ubuntu26/Dockerfile.crossbuild | 6 +- .../build/ubuntu26/Dockerfile.profiling | 124 ++++++++++++++++++ scripts/docker/crossbuild.mk | 88 +++++++++++++ scripts/docker/docker.mk | 119 ++++++++--------- scripts/docker/dockerfile.mk | 15 +-- scripts/docker/m4/common.deb.dbgsym.m4 | 12 +- scripts/docker/m4/common.rpm.debuginfo.m4 | 60 ++++----- scripts/docker/m4/profiling.rpm.m4 | 66 ++++++++++ 31 files changed, 1246 insertions(+), 269 deletions(-) create mode 100644 scripts/docker/build/debian12/Dockerfile.profiling create mode 100644 scripts/docker/build/debian13/Dockerfile.profiling create mode 100644 scripts/docker/build/debiansid/Dockerfile.profiling create mode 100644 scripts/docker/build/rocky10/Dockerfile.profiling create mode 100644 scripts/docker/build/rocky9/Dockerfile.profiling create mode 100644 scripts/docker/build/ubuntu22/Dockerfile.profiling create mode 100644 scripts/docker/build/ubuntu26/Dockerfile.profiling create mode 100644 scripts/docker/crossbuild.mk create mode 100644 scripts/docker/m4/profiling.rpm.m4 diff --git a/Makefile b/Makefile index 83d0221fb75..748115bdbf9 100644 --- a/Makefile +++ b/Makefile @@ -572,8 +572,7 @@ whitespace: # requested so cross-references resolve cleanly. # ifneq "$(or $(findstring docker,$(MAKECMDGOALS)),$(findstring dockerfile,$(MAKECMDGOALS)),$(findstring crossbuild,$(MAKECMDGOALS)))" "" - include scripts/docker/dockerfile.mk - include scripts/docker/docker.mk + include scripts/docker/crossbuild.mk endif # diff --git a/scripts/docker/build/debian12/Dockerfile.ci b/scripts/docker/build/debian12/Dockerfile.ci index 5042ff25cd8..4bc0bd1108e 100644 --- a/scripts/docker/build/debian12/Dockerfile.ci +++ b/scripts/docker/build/debian12/Dockerfile.ci @@ -84,9 +84,11 @@ RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http: # caught at image-build time, not in production when a profiler # tries to resolve a symbol that isn't there. # -RUN printf 'deb http://debian-debug.debian.net/debian-debug bookworm-debug main\n' \ - > /etc/apt/sources.list.d/debian-debug.list && \ - apt-get update && \ apt-get install -y $APT_OPTS \ +RUN printf 'deb http://debug.mirrors.debian.org/debian-debug bookworm-debug main\n' \ + > /etc/apt/sources.list.d/debian-debug.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ libc6-dbg \ zlib1g-dbgsym \ libreadline8-dbgsym \ diff --git a/scripts/docker/build/debian12/Dockerfile.crossbuild b/scripts/docker/build/debian12/Dockerfile.crossbuild index e3cd4fd2ab6..a0b1e98fbf5 100644 --- a/scripts/docker/build/debian12/Dockerfile.crossbuild +++ b/scripts/docker/build/debian12/Dockerfile.crossbuild @@ -79,9 +79,11 @@ RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http: # caught at image-build time, not in production when a profiler # tries to resolve a symbol that isn't there. # -RUN printf 'deb http://debian-debug.debian.net/debian-debug bookworm-debug main\n' \ - > /etc/apt/sources.list.d/debian-debug.list && \ - apt-get update && \ apt-get install -y $APT_OPTS \ +RUN printf 'deb http://debug.mirrors.debian.org/debian-debug bookworm-debug main\n' \ + > /etc/apt/sources.list.d/debian-debug.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ libc6-dbg \ zlib1g-dbgsym \ libreadline8-dbgsym \ diff --git a/scripts/docker/build/debian12/Dockerfile.profiling b/scripts/docker/build/debian12/Dockerfile.profiling new file mode 100644 index 00000000000..59281931838 --- /dev/null +++ b/scripts/docker/build/debian12/Dockerfile.profiling @@ -0,0 +1,122 @@ +# Auto generated for debian12 +# from scripts/docker/m4/profiling.deb.m4 +# +# Rebuild this file with `make dockerfile.profiling` +# +ARG from=debian:bookworm +FROM ${from} + +# +# Install profiling tools +# +# Valgrind/cachegrind +# kcachegrind + KDE/Qt libs +# gperftools +# heaptrack +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ + libgoogle-perftools-dev \ + google-perftools \ + valgrind \ + heaptrack \ + psmisc \ + kcachegrind \ + kio \ + libkf5iconthemes5 \ + libkf5parts5 \ + libkf5textwidgets5 \ + libqt5gui5 \ + libqt5widgets5 && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +# +# Debug symbols for the FreeRADIUS runtime library closure. +# +# Repo source depends on derivative: +# ubuntu ddebs.ubuntu.com with ubuntu-dbgsym-keyring +# debian debian-debug.debian.net via the existing debian-archive +# keyring (no extra keyring install) +# +# Glibc-linked libs gained the t64 suffix in ubuntu 24.04 and debian +# 13. T64 expands accordingly; `[]' breaks the surrounding token so +# m4 actually expands the macro mid-package-name. +# +# Failure is fatal -- a renamed or retired -dbgsym package gets +# caught at image-build time, not in production when a profiler +# tries to resolve a symbol that isn't there. +# +RUN printf 'deb http://debug.mirrors.debian.org/debian-debug bookworm-debug main\n' \ + > /etc/apt/sources.list.d/debian-debug.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ + libc6-dbg \ + zlib1g-dbgsym \ + libreadline8-dbgsym \ + libssl3-dbgsym \ + libsasl2-2-dbgsym \ + libpam0g-dbgsym \ + libldap2-dbgsym \ + libtalloc2-dbgsym \ + libpcre2-8-0-dbgsym \ + libpcap0.8-dbgsym \ + libunbound8-dbgsym \ + libsqlite3-0-dbgsym \ + libpq5-dbgsym \ + libmariadb3-dbgsym \ + libgdbm6-dbgsym \ + libjson-c5-dbgsym \ + libbrotli1-dbgsym \ + libhiredis1.1.0-dbgsym \ + librdkafka1-dbgsym \ + libwbclient0-dbgsym \ + libcurl4-dbgsym && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +# +# Rebuild libkqueue from source with debug symbols. +# CMAKE_BUILD_TYPE must be explicitly set to prevent +# the libkqueue project from overriding the flags. +# libkqueue source currently uses "-O2 -g -DNDEBUG" by default. +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS --no-install-recommends cmake git && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* && \ + git clone --depth 1 https://github.com/mheily/libkqueue.git /tmp/libkqueue && \ + cd /tmp/libkqueue && \ + cmake -G "Unix Makefiles" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=lib \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DCMAKE_C_FLAGS_RELWITHDEBINFO="-g3 -O1 -fno-omit-frame-pointer -DNDEBUG" \ + . && \ + make && \ + cpack -G DEB && \ + dpkg -i *.deb && \ + cd / && rm -rf /tmp/libkqueue + +# +# Install FlameGraph +# +RUN git clone --depth 1 https://github.com/brendangregg/FlameGraph /opt/flamegraph \ + && chmod +x /opt/flamegraph/*.pl /opt/flamegraph/*.sh + +# Add FlameGraph to path +ENV PATH="/opt/flamegraph:${PATH}" + +# +# Install Inferno for callgrind. Inferno is a Rust port of FlameGraph with broader format support +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS --no-install-recommends \ + cargo && \ + cargo install inferno --version 0.11.21 --locked --root /usr/local && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +EXPOSE 1812/udp 1813/udp +CMD ["/bin/sh", "-c", "while true; do sleep 60; done"] diff --git a/scripts/docker/build/debian13/Dockerfile.ci b/scripts/docker/build/debian13/Dockerfile.ci index 0a0df230a00..dd1637d0b09 100644 --- a/scripts/docker/build/debian13/Dockerfile.ci +++ b/scripts/docker/build/debian13/Dockerfile.ci @@ -84,9 +84,11 @@ RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http: # caught at image-build time, not in production when a profiler # tries to resolve a symbol that isn't there. # -RUN printf 'deb http://debian-debug.debian.net/debian-debug trixie-debug main\n' \ - > /etc/apt/sources.list.d/debian-debug.list && \ - apt-get update && \ apt-get install -y $APT_OPTS \ +RUN printf 'deb http://debug.mirrors.debian.org/debian-debug trixie-debug main\n' \ + > /etc/apt/sources.list.d/debian-debug.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ libc6-dbg \ zlib1g-dbgsym \ libreadline8t64-dbgsym \ diff --git a/scripts/docker/build/debian13/Dockerfile.crossbuild b/scripts/docker/build/debian13/Dockerfile.crossbuild index 516dbd2d878..f2ac3e60c04 100644 --- a/scripts/docker/build/debian13/Dockerfile.crossbuild +++ b/scripts/docker/build/debian13/Dockerfile.crossbuild @@ -79,9 +79,11 @@ RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http: # caught at image-build time, not in production when a profiler # tries to resolve a symbol that isn't there. # -RUN printf 'deb http://debian-debug.debian.net/debian-debug trixie-debug main\n' \ - > /etc/apt/sources.list.d/debian-debug.list && \ - apt-get update && \ apt-get install -y $APT_OPTS \ +RUN printf 'deb http://debug.mirrors.debian.org/debian-debug trixie-debug main\n' \ + > /etc/apt/sources.list.d/debian-debug.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ libc6-dbg \ zlib1g-dbgsym \ libreadline8t64-dbgsym \ diff --git a/scripts/docker/build/debian13/Dockerfile.profiling b/scripts/docker/build/debian13/Dockerfile.profiling new file mode 100644 index 00000000000..6303e027788 --- /dev/null +++ b/scripts/docker/build/debian13/Dockerfile.profiling @@ -0,0 +1,122 @@ +# Auto generated for debian13 +# from scripts/docker/m4/profiling.deb.m4 +# +# Rebuild this file with `make dockerfile.profiling` +# +ARG from=debian:trixie +FROM ${from} + +# +# Install profiling tools +# +# Valgrind/cachegrind +# kcachegrind + KDE/Qt libs +# gperftools +# heaptrack +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ + libgoogle-perftools-dev \ + google-perftools \ + valgrind \ + heaptrack \ + psmisc \ + kcachegrind \ + kio \ + libkf5iconthemes5 \ + libkf5parts5 \ + libkf5textwidgets5 \ + libqt5gui5 \ + libqt5widgets5 && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +# +# Debug symbols for the FreeRADIUS runtime library closure. +# +# Repo source depends on derivative: +# ubuntu ddebs.ubuntu.com with ubuntu-dbgsym-keyring +# debian debian-debug.debian.net via the existing debian-archive +# keyring (no extra keyring install) +# +# Glibc-linked libs gained the t64 suffix in ubuntu 24.04 and debian +# 13. T64 expands accordingly; `[]' breaks the surrounding token so +# m4 actually expands the macro mid-package-name. +# +# Failure is fatal -- a renamed or retired -dbgsym package gets +# caught at image-build time, not in production when a profiler +# tries to resolve a symbol that isn't there. +# +RUN printf 'deb http://debug.mirrors.debian.org/debian-debug trixie-debug main\n' \ + > /etc/apt/sources.list.d/debian-debug.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ + libc6-dbg \ + zlib1g-dbgsym \ + libreadline8t64-dbgsym \ + libssl3t64-dbgsym \ + libsasl2-2-dbgsym \ + libpam0g-dbgsym \ + libldap2-dbgsym \ + libtalloc2-dbgsym \ + libpcre2-8-0-dbgsym \ + libpcap0.8t64-dbgsym \ + libunbound8-dbgsym \ + libsqlite3-0-dbgsym \ + libpq5-dbgsym \ + libmariadb3-dbgsym \ + libgdbm6t64-dbgsym \ + libjson-c5-dbgsym \ + libbrotli1-dbgsym \ + libhiredis1.1.0-dbgsym \ + librdkafka1-dbgsym \ + libwbclient0-dbgsym \ + libcurl4t64-dbgsym && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +# +# Rebuild libkqueue from source with debug symbols. +# CMAKE_BUILD_TYPE must be explicitly set to prevent +# the libkqueue project from overriding the flags. +# libkqueue source currently uses "-O2 -g -DNDEBUG" by default. +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS --no-install-recommends cmake git && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* && \ + git clone --depth 1 https://github.com/mheily/libkqueue.git /tmp/libkqueue && \ + cd /tmp/libkqueue && \ + cmake -G "Unix Makefiles" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=lib \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DCMAKE_C_FLAGS_RELWITHDEBINFO="-g3 -O1 -fno-omit-frame-pointer -DNDEBUG" \ + . && \ + make && \ + cpack -G DEB && \ + dpkg -i *.deb && \ + cd / && rm -rf /tmp/libkqueue + +# +# Install FlameGraph +# +RUN git clone --depth 1 https://github.com/brendangregg/FlameGraph /opt/flamegraph \ + && chmod +x /opt/flamegraph/*.pl /opt/flamegraph/*.sh + +# Add FlameGraph to path +ENV PATH="/opt/flamegraph:${PATH}" + +# +# Install Inferno for callgrind. Inferno is a Rust port of FlameGraph with broader format support +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS --no-install-recommends \ + cargo && \ + cargo install inferno --version 0.11.21 --locked --root /usr/local && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +EXPOSE 1812/udp 1813/udp +CMD ["/bin/sh", "-c", "while true; do sleep 60; done"] diff --git a/scripts/docker/build/debiansid/Dockerfile.ci b/scripts/docker/build/debiansid/Dockerfile.ci index 75728630615..4c701c88f5d 100644 --- a/scripts/docker/build/debiansid/Dockerfile.ci +++ b/scripts/docker/build/debiansid/Dockerfile.ci @@ -84,9 +84,11 @@ RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http: # caught at image-build time, not in production when a profiler # tries to resolve a symbol that isn't there. # -RUN printf 'deb http://debian-debug.debian.net/debian-debug sid-debug main\n' \ - > /etc/apt/sources.list.d/debian-debug.list && \ - apt-get update && \ apt-get install -y $APT_OPTS \ +RUN printf 'deb http://debug.mirrors.debian.org/debian-debug sid-debug main\n' \ + > /etc/apt/sources.list.d/debian-debug.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ libc6-dbg \ zlib1g-dbgsym \ libreadline8t64-dbgsym \ diff --git a/scripts/docker/build/debiansid/Dockerfile.crossbuild b/scripts/docker/build/debiansid/Dockerfile.crossbuild index 5d32b8c968e..1dbb78939e4 100644 --- a/scripts/docker/build/debiansid/Dockerfile.crossbuild +++ b/scripts/docker/build/debiansid/Dockerfile.crossbuild @@ -79,9 +79,11 @@ RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http: # caught at image-build time, not in production when a profiler # tries to resolve a symbol that isn't there. # -RUN printf 'deb http://debian-debug.debian.net/debian-debug sid-debug main\n' \ - > /etc/apt/sources.list.d/debian-debug.list && \ - apt-get update && \ apt-get install -y $APT_OPTS \ +RUN printf 'deb http://debug.mirrors.debian.org/debian-debug sid-debug main\n' \ + > /etc/apt/sources.list.d/debian-debug.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ libc6-dbg \ zlib1g-dbgsym \ libreadline8t64-dbgsym \ diff --git a/scripts/docker/build/debiansid/Dockerfile.profiling b/scripts/docker/build/debiansid/Dockerfile.profiling new file mode 100644 index 00000000000..464b87419cb --- /dev/null +++ b/scripts/docker/build/debiansid/Dockerfile.profiling @@ -0,0 +1,122 @@ +# Auto generated for debiansid +# from scripts/docker/m4/profiling.deb.m4 +# +# Rebuild this file with `make dockerfile.profiling` +# +ARG from=debian:sid +FROM ${from} + +# +# Install profiling tools +# +# Valgrind/cachegrind +# kcachegrind + KDE/Qt libs +# gperftools +# heaptrack +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ + libgoogle-perftools-dev \ + google-perftools \ + valgrind \ + heaptrack \ + psmisc \ + kcachegrind \ + kio \ + libkf5iconthemes5 \ + libkf5parts5 \ + libkf5textwidgets5 \ + libqt5gui5 \ + libqt5widgets5 && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +# +# Debug symbols for the FreeRADIUS runtime library closure. +# +# Repo source depends on derivative: +# ubuntu ddebs.ubuntu.com with ubuntu-dbgsym-keyring +# debian debian-debug.debian.net via the existing debian-archive +# keyring (no extra keyring install) +# +# Glibc-linked libs gained the t64 suffix in ubuntu 24.04 and debian +# 13. T64 expands accordingly; `[]' breaks the surrounding token so +# m4 actually expands the macro mid-package-name. +# +# Failure is fatal -- a renamed or retired -dbgsym package gets +# caught at image-build time, not in production when a profiler +# tries to resolve a symbol that isn't there. +# +RUN printf 'deb http://debug.mirrors.debian.org/debian-debug sid-debug main\n' \ + > /etc/apt/sources.list.d/debian-debug.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ + libc6-dbg \ + zlib1g-dbgsym \ + libreadline8t64-dbgsym \ + libssl3t64-dbgsym \ + libsasl2-2-dbgsym \ + libpam0g-dbgsym \ + libldap2-dbgsym \ + libtalloc2-dbgsym \ + libpcre2-8-0-dbgsym \ + libpcap0.8t64-dbgsym \ + libunbound8-dbgsym \ + libsqlite3-0-dbgsym \ + libpq5-dbgsym \ + libmariadb3-dbgsym \ + libgdbm6t64-dbgsym \ + libjson-c5-dbgsym \ + libbrotli1-dbgsym \ + libhiredis1.1.0-dbgsym \ + librdkafka1-dbgsym \ + libwbclient0-dbgsym \ + libcurl4t64-dbgsym && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +# +# Rebuild libkqueue from source with debug symbols. +# CMAKE_BUILD_TYPE must be explicitly set to prevent +# the libkqueue project from overriding the flags. +# libkqueue source currently uses "-O2 -g -DNDEBUG" by default. +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS --no-install-recommends cmake git && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* && \ + git clone --depth 1 https://github.com/mheily/libkqueue.git /tmp/libkqueue && \ + cd /tmp/libkqueue && \ + cmake -G "Unix Makefiles" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=lib \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DCMAKE_C_FLAGS_RELWITHDEBINFO="-g3 -O1 -fno-omit-frame-pointer -DNDEBUG" \ + . && \ + make && \ + cpack -G DEB && \ + dpkg -i *.deb && \ + cd / && rm -rf /tmp/libkqueue + +# +# Install FlameGraph +# +RUN git clone --depth 1 https://github.com/brendangregg/FlameGraph /opt/flamegraph \ + && chmod +x /opt/flamegraph/*.pl /opt/flamegraph/*.sh + +# Add FlameGraph to path +ENV PATH="/opt/flamegraph:${PATH}" + +# +# Install Inferno for callgrind. Inferno is a Rust port of FlameGraph with broader format support +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS --no-install-recommends \ + cargo && \ + cargo install inferno --version 0.11.21 --locked --root /usr/local && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +EXPOSE 1812/udp 1813/udp +CMD ["/bin/sh", "-c", "while true; do sleep 60; done"] diff --git a/scripts/docker/build/rocky10/Dockerfile.ci b/scripts/docker/build/rocky10/Dockerfile.ci index de23baa1671..be17c5883ca 100644 --- a/scripts/docker/build/rocky10/Dockerfile.ci +++ b/scripts/docker/build/rocky10/Dockerfile.ci @@ -68,40 +68,38 @@ gpgkey=file:///etc/pki/rpm-gpg/packages.networkradius.com.asc'\ > /etc/yum.repos.d/networkradius-extras.repo RUN rpm --import /etc/pki/rpm-gpg/packages.networkradius.com.asc # -# Enable the Rocky debug repos and install debuginfo packages for -# the FreeRADIUS runtime library closure. Failure is fatal so a -# renamed or split debuginfo package gets caught at image-build -# time rather than silently producing an image without symbols. +# Debug symbols for the FreeRADIUS runtime library closure. We use +# `dnf debuginfo-install` (from dnf-plugins-core) because Rocky's +# debug repo naming has shifted between versions; the plugin walks +# the package metadata and enables whichever *-debug repo provides +# the matching debuginfo rpm. # -# The *-debug repos exist on Rocky 9 and 10; gpgcheck stays on so -# a mirror compromise can't smuggle in unsigned debuginfo. +# Failure is fatal -- a renamed or split debuginfo package gets +# caught at image-build time rather than silently producing an +# image without symbols. # RUN dnf install -y dnf-plugins-core && \ - dnf config-manager --set-enabled crb && \ - dnf config-manager --set-enabled baseos-debug && \ - dnf config-manager --set-enabled appstream-debug && \ - dnf config-manager --set-enabled crb-debug && \ - dnf install -y \ - glibc-debuginfo \ - zlib-debuginfo \ - readline-debuginfo \ - openssl-libs-debuginfo \ - cyrus-sasl-lib-debuginfo \ - pam-debuginfo \ - openldap-debuginfo \ - libtalloc-debuginfo \ - pcre2-debuginfo \ - libpcap-debuginfo \ - unbound-libs-debuginfo \ - sqlite-libs-debuginfo \ - libpq-debuginfo \ - mariadb-connector-c-debuginfo \ - gdbm-libs-debuginfo \ - json-c-debuginfo \ - brotli-debuginfo \ - hiredis-debuginfo \ - librdkafka-debuginfo \ - libcurl-debuginfo && \ + dnf debuginfo-install -y \ + glibc \ + zlib \ + readline \ + openssl-libs \ + cyrus-sasl-lib \ + pam \ + openldap \ + libtalloc \ + pcre2 \ + libpcap \ + unbound-libs \ + sqlite-libs \ + libpq \ + mariadb-connector-c \ + gdbm-libs \ + json-c \ + brotli \ + hiredis \ + librdkafka \ + libcurl && \ dnf clean all # diff --git a/scripts/docker/build/rocky10/Dockerfile.crossbuild b/scripts/docker/build/rocky10/Dockerfile.crossbuild index 07afc65bfcc..70c7b8163fd 100644 --- a/scripts/docker/build/rocky10/Dockerfile.crossbuild +++ b/scripts/docker/build/rocky10/Dockerfile.crossbuild @@ -51,40 +51,38 @@ gpgkey=file:///etc/pki/rpm-gpg/packages.networkradius.com.asc'\ > /etc/yum.repos.d/networkradius-extras.repo RUN rpm --import /etc/pki/rpm-gpg/packages.networkradius.com.asc # -# Enable the Rocky debug repos and install debuginfo packages for -# the FreeRADIUS runtime library closure. Failure is fatal so a -# renamed or split debuginfo package gets caught at image-build -# time rather than silently producing an image without symbols. +# Debug symbols for the FreeRADIUS runtime library closure. We use +# `dnf debuginfo-install` (from dnf-plugins-core) because Rocky's +# debug repo naming has shifted between versions; the plugin walks +# the package metadata and enables whichever *-debug repo provides +# the matching debuginfo rpm. # -# The *-debug repos exist on Rocky 9 and 10; gpgcheck stays on so -# a mirror compromise can't smuggle in unsigned debuginfo. +# Failure is fatal -- a renamed or split debuginfo package gets +# caught at image-build time rather than silently producing an +# image without symbols. # RUN dnf install -y dnf-plugins-core && \ - dnf config-manager --set-enabled crb && \ - dnf config-manager --set-enabled baseos-debug && \ - dnf config-manager --set-enabled appstream-debug && \ - dnf config-manager --set-enabled crb-debug && \ - dnf install -y \ - glibc-debuginfo \ - zlib-debuginfo \ - readline-debuginfo \ - openssl-libs-debuginfo \ - cyrus-sasl-lib-debuginfo \ - pam-debuginfo \ - openldap-debuginfo \ - libtalloc-debuginfo \ - pcre2-debuginfo \ - libpcap-debuginfo \ - unbound-libs-debuginfo \ - sqlite-libs-debuginfo \ - libpq-debuginfo \ - mariadb-connector-c-debuginfo \ - gdbm-libs-debuginfo \ - json-c-debuginfo \ - brotli-debuginfo \ - hiredis-debuginfo \ - librdkafka-debuginfo \ - libcurl-debuginfo && \ + dnf debuginfo-install -y \ + glibc \ + zlib \ + readline \ + openssl-libs \ + cyrus-sasl-lib \ + pam \ + openldap \ + libtalloc \ + pcre2 \ + libpcap \ + unbound-libs \ + sqlite-libs \ + libpq \ + mariadb-connector-c \ + gdbm-libs \ + json-c \ + brotli \ + hiredis \ + librdkafka \ + libcurl && \ dnf clean all # diff --git a/scripts/docker/build/rocky10/Dockerfile.profiling b/scripts/docker/build/rocky10/Dockerfile.profiling new file mode 100644 index 00000000000..7778c8d0a75 --- /dev/null +++ b/scripts/docker/build/rocky10/Dockerfile.profiling @@ -0,0 +1,104 @@ +# Auto generated for rocky10 +# from scripts/docker/m4/profiling.rpm.m4 +# +# Rebuild this file with `make dockerfile.profiling` +# +ARG from=rockylinux/rockylinux:10 +FROM ${from} + +# +# Install profiling tools +# +# Valgrind/cachegrind +# kcachegrind +# gperftools +# heaptrack +# +# EPEL is enabled by common.rpm.toolchain.m4 in the crossbuild base; +# heaptrack / gperftools / kcachegrind live there. CRB is also on for +# development headers. +# +RUN dnf install -y \ + gperftools-devel \ + gperftools \ + valgrind \ + heaptrack \ + psmisc \ + kcachegrind && \ + dnf clean all + +# +# Debug symbols for the FreeRADIUS runtime library closure. We use +# `dnf debuginfo-install` (from dnf-plugins-core) because Rocky's +# debug repo naming has shifted between versions; the plugin walks +# the package metadata and enables whichever *-debug repo provides +# the matching debuginfo rpm. +# +# Failure is fatal -- a renamed or split debuginfo package gets +# caught at image-build time rather than silently producing an +# image without symbols. +# +RUN dnf install -y dnf-plugins-core && \ + dnf debuginfo-install -y \ + glibc \ + zlib \ + readline \ + openssl-libs \ + cyrus-sasl-lib \ + pam \ + openldap \ + libtalloc \ + pcre2 \ + libpcap \ + unbound-libs \ + sqlite-libs \ + libpq \ + mariadb-connector-c \ + gdbm-libs \ + json-c \ + brotli \ + hiredis \ + librdkafka \ + libcurl && \ + dnf clean all + +# +# Rebuild libkqueue from source with debug symbols. +# CMAKE_BUILD_TYPE must be explicitly set to prevent +# the libkqueue project from overriding the flags. +# libkqueue source currently uses "-O2 -g -DNDEBUG" by default. +# +RUN dnf install -y cmake git rpm-build && \ + dnf clean all && \ + git clone --depth 1 https://github.com/mheily/libkqueue.git /tmp/libkqueue && \ + cd /tmp/libkqueue && \ + cmake -G "Unix Makefiles" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=lib64 \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DCMAKE_C_FLAGS_RELWITHDEBINFO="-g3 -O1 -fno-omit-frame-pointer -DNDEBUG" \ + . && \ + make && \ + cpack -G RPM && \ + rpm -i --force *.rpm && \ + cd / && rm -rf /tmp/libkqueue + +# +# Install FlameGraph +# +RUN git clone --depth 1 https://github.com/brendangregg/FlameGraph /opt/flamegraph \ + && chmod +x /opt/flamegraph/*.pl /opt/flamegraph/*.sh + +# Add FlameGraph to path +ENV PATH="/opt/flamegraph:${PATH}" + +# +# Install Inferno for callgrind. Inferno is a Rust port of FlameGraph +# with broader format support. +# +RUN dnf install -y cargo && \ + cargo install inferno --version 0.11.21 --locked --root /usr/local && \ + dnf clean all + +EXPOSE 1812/udp 1813/udp +CMD ["/bin/sh", "-c", "while true; do sleep 60; done"] diff --git a/scripts/docker/build/rocky9/Dockerfile.ci b/scripts/docker/build/rocky9/Dockerfile.ci index 7ee1b920e19..db2e78f1b68 100644 --- a/scripts/docker/build/rocky9/Dockerfile.ci +++ b/scripts/docker/build/rocky9/Dockerfile.ci @@ -68,40 +68,38 @@ gpgkey=file:///etc/pki/rpm-gpg/packages.networkradius.com.asc'\ > /etc/yum.repos.d/networkradius-extras.repo RUN rpm --import /etc/pki/rpm-gpg/packages.networkradius.com.asc # -# Enable the Rocky debug repos and install debuginfo packages for -# the FreeRADIUS runtime library closure. Failure is fatal so a -# renamed or split debuginfo package gets caught at image-build -# time rather than silently producing an image without symbols. +# Debug symbols for the FreeRADIUS runtime library closure. We use +# `dnf debuginfo-install` (from dnf-plugins-core) because Rocky's +# debug repo naming has shifted between versions; the plugin walks +# the package metadata and enables whichever *-debug repo provides +# the matching debuginfo rpm. # -# The *-debug repos exist on Rocky 9 and 10; gpgcheck stays on so -# a mirror compromise can't smuggle in unsigned debuginfo. +# Failure is fatal -- a renamed or split debuginfo package gets +# caught at image-build time rather than silently producing an +# image without symbols. # RUN dnf install -y dnf-plugins-core && \ - dnf config-manager --set-enabled crb && \ - dnf config-manager --set-enabled baseos-debug && \ - dnf config-manager --set-enabled appstream-debug && \ - dnf config-manager --set-enabled crb-debug && \ - dnf install -y \ - glibc-debuginfo \ - zlib-debuginfo \ - readline-debuginfo \ - openssl-libs-debuginfo \ - cyrus-sasl-lib-debuginfo \ - pam-debuginfo \ - openldap-debuginfo \ - libtalloc-debuginfo \ - pcre2-debuginfo \ - libpcap-debuginfo \ - unbound-libs-debuginfo \ - sqlite-libs-debuginfo \ - libpq-debuginfo \ - mariadb-connector-c-debuginfo \ - gdbm-libs-debuginfo \ - json-c-debuginfo \ - brotli-debuginfo \ - hiredis-debuginfo \ - librdkafka-debuginfo \ - libcurl-debuginfo && \ + dnf debuginfo-install -y \ + glibc \ + zlib \ + readline \ + openssl-libs \ + cyrus-sasl-lib \ + pam \ + openldap \ + libtalloc \ + pcre2 \ + libpcap \ + unbound-libs \ + sqlite-libs \ + libpq \ + mariadb-connector-c \ + gdbm-libs \ + json-c \ + brotli \ + hiredis \ + librdkafka \ + libcurl && \ dnf clean all # diff --git a/scripts/docker/build/rocky9/Dockerfile.crossbuild b/scripts/docker/build/rocky9/Dockerfile.crossbuild index 809b70f9dbe..a9cc7ada1fb 100644 --- a/scripts/docker/build/rocky9/Dockerfile.crossbuild +++ b/scripts/docker/build/rocky9/Dockerfile.crossbuild @@ -51,40 +51,38 @@ gpgkey=file:///etc/pki/rpm-gpg/packages.networkradius.com.asc'\ > /etc/yum.repos.d/networkradius-extras.repo RUN rpm --import /etc/pki/rpm-gpg/packages.networkradius.com.asc # -# Enable the Rocky debug repos and install debuginfo packages for -# the FreeRADIUS runtime library closure. Failure is fatal so a -# renamed or split debuginfo package gets caught at image-build -# time rather than silently producing an image without symbols. +# Debug symbols for the FreeRADIUS runtime library closure. We use +# `dnf debuginfo-install` (from dnf-plugins-core) because Rocky's +# debug repo naming has shifted between versions; the plugin walks +# the package metadata and enables whichever *-debug repo provides +# the matching debuginfo rpm. # -# The *-debug repos exist on Rocky 9 and 10; gpgcheck stays on so -# a mirror compromise can't smuggle in unsigned debuginfo. +# Failure is fatal -- a renamed or split debuginfo package gets +# caught at image-build time rather than silently producing an +# image without symbols. # RUN dnf install -y dnf-plugins-core && \ - dnf config-manager --set-enabled crb && \ - dnf config-manager --set-enabled baseos-debug && \ - dnf config-manager --set-enabled appstream-debug && \ - dnf config-manager --set-enabled crb-debug && \ - dnf install -y \ - glibc-debuginfo \ - zlib-debuginfo \ - readline-debuginfo \ - openssl-libs-debuginfo \ - cyrus-sasl-lib-debuginfo \ - pam-debuginfo \ - openldap-debuginfo \ - libtalloc-debuginfo \ - pcre2-debuginfo \ - libpcap-debuginfo \ - unbound-libs-debuginfo \ - sqlite-libs-debuginfo \ - libpq-debuginfo \ - mariadb-connector-c-debuginfo \ - gdbm-libs-debuginfo \ - json-c-debuginfo \ - brotli-debuginfo \ - hiredis-debuginfo \ - librdkafka-debuginfo \ - libcurl-debuginfo && \ + dnf debuginfo-install -y \ + glibc \ + zlib \ + readline \ + openssl-libs \ + cyrus-sasl-lib \ + pam \ + openldap \ + libtalloc \ + pcre2 \ + libpcap \ + unbound-libs \ + sqlite-libs \ + libpq \ + mariadb-connector-c \ + gdbm-libs \ + json-c \ + brotli \ + hiredis \ + librdkafka \ + libcurl && \ dnf clean all # diff --git a/scripts/docker/build/rocky9/Dockerfile.profiling b/scripts/docker/build/rocky9/Dockerfile.profiling new file mode 100644 index 00000000000..567448a0f6c --- /dev/null +++ b/scripts/docker/build/rocky9/Dockerfile.profiling @@ -0,0 +1,104 @@ +# Auto generated for rocky9 +# from scripts/docker/m4/profiling.rpm.m4 +# +# Rebuild this file with `make dockerfile.profiling` +# +ARG from=rockylinux/rockylinux:9 +FROM ${from} + +# +# Install profiling tools +# +# Valgrind/cachegrind +# kcachegrind +# gperftools +# heaptrack +# +# EPEL is enabled by common.rpm.toolchain.m4 in the crossbuild base; +# heaptrack / gperftools / kcachegrind live there. CRB is also on for +# development headers. +# +RUN dnf install -y \ + gperftools-devel \ + gperftools \ + valgrind \ + heaptrack \ + psmisc \ + kcachegrind && \ + dnf clean all + +# +# Debug symbols for the FreeRADIUS runtime library closure. We use +# `dnf debuginfo-install` (from dnf-plugins-core) because Rocky's +# debug repo naming has shifted between versions; the plugin walks +# the package metadata and enables whichever *-debug repo provides +# the matching debuginfo rpm. +# +# Failure is fatal -- a renamed or split debuginfo package gets +# caught at image-build time rather than silently producing an +# image without symbols. +# +RUN dnf install -y dnf-plugins-core && \ + dnf debuginfo-install -y \ + glibc \ + zlib \ + readline \ + openssl-libs \ + cyrus-sasl-lib \ + pam \ + openldap \ + libtalloc \ + pcre2 \ + libpcap \ + unbound-libs \ + sqlite-libs \ + libpq \ + mariadb-connector-c \ + gdbm-libs \ + json-c \ + brotli \ + hiredis \ + librdkafka \ + libcurl && \ + dnf clean all + +# +# Rebuild libkqueue from source with debug symbols. +# CMAKE_BUILD_TYPE must be explicitly set to prevent +# the libkqueue project from overriding the flags. +# libkqueue source currently uses "-O2 -g -DNDEBUG" by default. +# +RUN dnf install -y cmake git rpm-build && \ + dnf clean all && \ + git clone --depth 1 https://github.com/mheily/libkqueue.git /tmp/libkqueue && \ + cd /tmp/libkqueue && \ + cmake -G "Unix Makefiles" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=lib64 \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DCMAKE_C_FLAGS_RELWITHDEBINFO="-g3 -O1 -fno-omit-frame-pointer -DNDEBUG" \ + . && \ + make && \ + cpack -G RPM && \ + rpm -i --force *.rpm && \ + cd / && rm -rf /tmp/libkqueue + +# +# Install FlameGraph +# +RUN git clone --depth 1 https://github.com/brendangregg/FlameGraph /opt/flamegraph \ + && chmod +x /opt/flamegraph/*.pl /opt/flamegraph/*.sh + +# Add FlameGraph to path +ENV PATH="/opt/flamegraph:${PATH}" + +# +# Install Inferno for callgrind. Inferno is a Rust port of FlameGraph +# with broader format support. +# +RUN dnf install -y cargo && \ + cargo install inferno --version 0.11.21 --locked --root /usr/local && \ + dnf clean all + +EXPOSE 1812/udp 1813/udp +CMD ["/bin/sh", "-c", "while true; do sleep 60; done"] diff --git a/scripts/docker/build/ubuntu22/Dockerfile.ci b/scripts/docker/build/ubuntu22/Dockerfile.ci index a2846905608..b98bff203c5 100644 --- a/scripts/docker/build/ubuntu22/Dockerfile.ci +++ b/scripts/docker/build/ubuntu22/Dockerfile.ci @@ -87,8 +87,10 @@ RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http: RUN apt-get update && \ apt-get install -y $APT_OPTS ubuntu-dbgsym-keyring && \ printf 'deb http://ddebs.ubuntu.com jammy main restricted universe multiverse\ndeb http://ddebs.ubuntu.com jammy-updates main restricted universe multiverse\n' \ - > /etc/apt/sources.list.d/ddebs.list && \ - apt-get update && \ apt-get install -y $APT_OPTS \ + > /etc/apt/sources.list.d/ddebs.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ libc6-dbg \ zlib1g-dbgsym \ libreadline8-dbgsym \ diff --git a/scripts/docker/build/ubuntu22/Dockerfile.crossbuild b/scripts/docker/build/ubuntu22/Dockerfile.crossbuild index a57e94f2359..739c40f4771 100644 --- a/scripts/docker/build/ubuntu22/Dockerfile.crossbuild +++ b/scripts/docker/build/ubuntu22/Dockerfile.crossbuild @@ -82,8 +82,10 @@ RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http: RUN apt-get update && \ apt-get install -y $APT_OPTS ubuntu-dbgsym-keyring && \ printf 'deb http://ddebs.ubuntu.com jammy main restricted universe multiverse\ndeb http://ddebs.ubuntu.com jammy-updates main restricted universe multiverse\n' \ - > /etc/apt/sources.list.d/ddebs.list && \ - apt-get update && \ apt-get install -y $APT_OPTS \ + > /etc/apt/sources.list.d/ddebs.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ libc6-dbg \ zlib1g-dbgsym \ libreadline8-dbgsym \ diff --git a/scripts/docker/build/ubuntu22/Dockerfile.profiling b/scripts/docker/build/ubuntu22/Dockerfile.profiling new file mode 100644 index 00000000000..4491a7c8315 --- /dev/null +++ b/scripts/docker/build/ubuntu22/Dockerfile.profiling @@ -0,0 +1,124 @@ +# Auto generated for ubuntu22 +# from scripts/docker/m4/profiling.deb.m4 +# +# Rebuild this file with `make dockerfile.profiling` +# +ARG from=ubuntu:22.04 +FROM ${from} + +# +# Install profiling tools +# +# Valgrind/cachegrind +# kcachegrind + KDE/Qt libs +# gperftools +# heaptrack +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ + libgoogle-perftools-dev \ + google-perftools \ + valgrind \ + heaptrack \ + psmisc \ + kcachegrind \ + kio \ + libkf5iconthemes5 \ + libkf5parts5 \ + libkf5textwidgets5 \ + libqt5gui5 \ + libqt5widgets5 && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +# +# Debug symbols for the FreeRADIUS runtime library closure. +# +# Repo source depends on derivative: +# ubuntu ddebs.ubuntu.com with ubuntu-dbgsym-keyring +# debian debian-debug.debian.net via the existing debian-archive +# keyring (no extra keyring install) +# +# Glibc-linked libs gained the t64 suffix in ubuntu 24.04 and debian +# 13. T64 expands accordingly; `[]' breaks the surrounding token so +# m4 actually expands the macro mid-package-name. +# +# Failure is fatal -- a renamed or retired -dbgsym package gets +# caught at image-build time, not in production when a profiler +# tries to resolve a symbol that isn't there. +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS ubuntu-dbgsym-keyring && \ + printf 'deb http://ddebs.ubuntu.com jammy main restricted universe multiverse\ndeb http://ddebs.ubuntu.com jammy-updates main restricted universe multiverse\n' \ + > /etc/apt/sources.list.d/ddebs.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ + libc6-dbg \ + zlib1g-dbgsym \ + libreadline8-dbgsym \ + libssl3-dbgsym \ + libsasl2-2-dbgsym \ + libpam0g-dbgsym \ + libldap2-dbgsym \ + libtalloc2-dbgsym \ + libpcre2-8-0-dbgsym \ + libpcap0.8-dbgsym \ + libunbound8-dbgsym \ + libsqlite3-0-dbgsym \ + libpq5-dbgsym \ + libmariadb3-dbgsym \ + libgdbm6-dbgsym \ + libjson-c5-dbgsym \ + libbrotli1-dbgsym \ + libhiredis1.1.0-dbgsym \ + librdkafka1-dbgsym \ + libwbclient0-dbgsym \ + libcurl4-dbgsym && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +# +# Rebuild libkqueue from source with debug symbols. +# CMAKE_BUILD_TYPE must be explicitly set to prevent +# the libkqueue project from overriding the flags. +# libkqueue source currently uses "-O2 -g -DNDEBUG" by default. +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS --no-install-recommends cmake git && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* && \ + git clone --depth 1 https://github.com/mheily/libkqueue.git /tmp/libkqueue && \ + cd /tmp/libkqueue && \ + cmake -G "Unix Makefiles" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=lib \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DCMAKE_C_FLAGS_RELWITHDEBINFO="-g3 -O1 -fno-omit-frame-pointer -DNDEBUG" \ + . && \ + make && \ + cpack -G DEB && \ + dpkg -i *.deb && \ + cd / && rm -rf /tmp/libkqueue + +# +# Install FlameGraph +# +RUN git clone --depth 1 https://github.com/brendangregg/FlameGraph /opt/flamegraph \ + && chmod +x /opt/flamegraph/*.pl /opt/flamegraph/*.sh + +# Add FlameGraph to path +ENV PATH="/opt/flamegraph:${PATH}" + +# +# Install Inferno for callgrind. Inferno is a Rust port of FlameGraph with broader format support +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS --no-install-recommends \ + cargo && \ + cargo install inferno --version 0.11.21 --locked --root /usr/local && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +EXPOSE 1812/udp 1813/udp +CMD ["/bin/sh", "-c", "while true; do sleep 60; done"] diff --git a/scripts/docker/build/ubuntu24/Dockerfile.ci b/scripts/docker/build/ubuntu24/Dockerfile.ci index 38599b70fb9..28fc4953662 100644 --- a/scripts/docker/build/ubuntu24/Dockerfile.ci +++ b/scripts/docker/build/ubuntu24/Dockerfile.ci @@ -87,8 +87,10 @@ RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http: RUN apt-get update && \ apt-get install -y $APT_OPTS ubuntu-dbgsym-keyring && \ printf 'deb http://ddebs.ubuntu.com noble main restricted universe multiverse\ndeb http://ddebs.ubuntu.com noble-updates main restricted universe multiverse\n' \ - > /etc/apt/sources.list.d/ddebs.list && \ - apt-get update && \ apt-get install -y $APT_OPTS \ + > /etc/apt/sources.list.d/ddebs.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ libc6-dbg \ zlib1g-dbgsym \ libreadline8t64-dbgsym \ diff --git a/scripts/docker/build/ubuntu24/Dockerfile.crossbuild b/scripts/docker/build/ubuntu24/Dockerfile.crossbuild index a00e412bb26..1b2c46406cb 100644 --- a/scripts/docker/build/ubuntu24/Dockerfile.crossbuild +++ b/scripts/docker/build/ubuntu24/Dockerfile.crossbuild @@ -82,8 +82,10 @@ RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http: RUN apt-get update && \ apt-get install -y $APT_OPTS ubuntu-dbgsym-keyring && \ printf 'deb http://ddebs.ubuntu.com noble main restricted universe multiverse\ndeb http://ddebs.ubuntu.com noble-updates main restricted universe multiverse\n' \ - > /etc/apt/sources.list.d/ddebs.list && \ - apt-get update && \ apt-get install -y $APT_OPTS \ + > /etc/apt/sources.list.d/ddebs.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ libc6-dbg \ zlib1g-dbgsym \ libreadline8t64-dbgsym \ diff --git a/scripts/docker/build/ubuntu24/Dockerfile.profiling b/scripts/docker/build/ubuntu24/Dockerfile.profiling index 3229f3cee31..31a1cb51bb3 100644 --- a/scripts/docker/build/ubuntu24/Dockerfile.profiling +++ b/scripts/docker/build/ubuntu24/Dockerfile.profiling @@ -50,8 +50,10 @@ RUN apt-get update && \ RUN apt-get update && \ apt-get install -y $APT_OPTS ubuntu-dbgsym-keyring && \ printf 'deb http://ddebs.ubuntu.com noble main restricted universe multiverse\ndeb http://ddebs.ubuntu.com noble-updates main restricted universe multiverse\n' \ - > /etc/apt/sources.list.d/ddebs.list && \ - apt-get update && \ apt-get install -y $APT_OPTS \ + > /etc/apt/sources.list.d/ddebs.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ libc6-dbg \ zlib1g-dbgsym \ libreadline8t64-dbgsym \ diff --git a/scripts/docker/build/ubuntu26/Dockerfile.ci b/scripts/docker/build/ubuntu26/Dockerfile.ci index 197ac2ddd7c..823761f59d0 100644 --- a/scripts/docker/build/ubuntu26/Dockerfile.ci +++ b/scripts/docker/build/ubuntu26/Dockerfile.ci @@ -87,8 +87,10 @@ RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http: RUN apt-get update && \ apt-get install -y $APT_OPTS ubuntu-dbgsym-keyring && \ printf 'deb http://ddebs.ubuntu.com resolute main restricted universe multiverse\ndeb http://ddebs.ubuntu.com resolute-updates main restricted universe multiverse\n' \ - > /etc/apt/sources.list.d/ddebs.list && \ - apt-get update && \ apt-get install -y $APT_OPTS \ + > /etc/apt/sources.list.d/ddebs.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ libc6-dbg \ zlib1g-dbgsym \ libreadline8t64-dbgsym \ diff --git a/scripts/docker/build/ubuntu26/Dockerfile.crossbuild b/scripts/docker/build/ubuntu26/Dockerfile.crossbuild index eb0b379e438..bbcaa11c0f5 100644 --- a/scripts/docker/build/ubuntu26/Dockerfile.crossbuild +++ b/scripts/docker/build/ubuntu26/Dockerfile.crossbuild @@ -82,8 +82,10 @@ RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http: RUN apt-get update && \ apt-get install -y $APT_OPTS ubuntu-dbgsym-keyring && \ printf 'deb http://ddebs.ubuntu.com resolute main restricted universe multiverse\ndeb http://ddebs.ubuntu.com resolute-updates main restricted universe multiverse\n' \ - > /etc/apt/sources.list.d/ddebs.list && \ - apt-get update && \ apt-get install -y $APT_OPTS \ + > /etc/apt/sources.list.d/ddebs.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ libc6-dbg \ zlib1g-dbgsym \ libreadline8t64-dbgsym \ diff --git a/scripts/docker/build/ubuntu26/Dockerfile.profiling b/scripts/docker/build/ubuntu26/Dockerfile.profiling new file mode 100644 index 00000000000..22a15306f3f --- /dev/null +++ b/scripts/docker/build/ubuntu26/Dockerfile.profiling @@ -0,0 +1,124 @@ +# Auto generated for ubuntu26 +# from scripts/docker/m4/profiling.deb.m4 +# +# Rebuild this file with `make dockerfile.profiling` +# +ARG from=ubuntu:26.04 +FROM ${from} + +# +# Install profiling tools +# +# Valgrind/cachegrind +# kcachegrind + KDE/Qt libs +# gperftools +# heaptrack +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ + libgoogle-perftools-dev \ + google-perftools \ + valgrind \ + heaptrack \ + psmisc \ + kcachegrind \ + kio \ + libkf5iconthemes5 \ + libkf5parts5 \ + libkf5textwidgets5 \ + libqt5gui5 \ + libqt5widgets5 && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +# +# Debug symbols for the FreeRADIUS runtime library closure. +# +# Repo source depends on derivative: +# ubuntu ddebs.ubuntu.com with ubuntu-dbgsym-keyring +# debian debian-debug.debian.net via the existing debian-archive +# keyring (no extra keyring install) +# +# Glibc-linked libs gained the t64 suffix in ubuntu 24.04 and debian +# 13. T64 expands accordingly; `[]' breaks the surrounding token so +# m4 actually expands the macro mid-package-name. +# +# Failure is fatal -- a renamed or retired -dbgsym package gets +# caught at image-build time, not in production when a profiler +# tries to resolve a symbol that isn't there. +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS ubuntu-dbgsym-keyring && \ + printf 'deb http://ddebs.ubuntu.com resolute main restricted universe multiverse\ndeb http://ddebs.ubuntu.com resolute-updates main restricted universe multiverse\n' \ + > /etc/apt/sources.list.d/ddebs.list + +RUN apt-get update && \ + apt-get install -y $APT_OPTS \ + libc6-dbg \ + zlib1g-dbgsym \ + libreadline8t64-dbgsym \ + libssl3t64-dbgsym \ + libsasl2-2-dbgsym \ + libpam0g-dbgsym \ + libldap2-dbgsym \ + libtalloc2-dbgsym \ + libpcre2-8-0-dbgsym \ + libpcap0.8t64-dbgsym \ + libunbound8-dbgsym \ + libsqlite3-0-dbgsym \ + libpq5-dbgsym \ + libmariadb3-dbgsym \ + libgdbm6t64-dbgsym \ + libjson-c5-dbgsym \ + libbrotli1-dbgsym \ + libhiredis1.1.0-dbgsym \ + librdkafka1-dbgsym \ + libwbclient0-dbgsym \ + libcurl4t64-dbgsym && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +# +# Rebuild libkqueue from source with debug symbols. +# CMAKE_BUILD_TYPE must be explicitly set to prevent +# the libkqueue project from overriding the flags. +# libkqueue source currently uses "-O2 -g -DNDEBUG" by default. +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS --no-install-recommends cmake git && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* && \ + git clone --depth 1 https://github.com/mheily/libkqueue.git /tmp/libkqueue && \ + cd /tmp/libkqueue && \ + cmake -G "Unix Makefiles" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=lib \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DCMAKE_C_FLAGS_RELWITHDEBINFO="-g3 -O1 -fno-omit-frame-pointer -DNDEBUG" \ + . && \ + make && \ + cpack -G DEB && \ + dpkg -i *.deb && \ + cd / && rm -rf /tmp/libkqueue + +# +# Install FlameGraph +# +RUN git clone --depth 1 https://github.com/brendangregg/FlameGraph /opt/flamegraph \ + && chmod +x /opt/flamegraph/*.pl /opt/flamegraph/*.sh + +# Add FlameGraph to path +ENV PATH="/opt/flamegraph:${PATH}" + +# +# Install Inferno for callgrind. Inferno is a Rust port of FlameGraph with broader format support +# +RUN apt-get update && \ + apt-get install -y $APT_OPTS --no-install-recommends \ + cargo && \ + cargo install inferno --version 0.11.21 --locked --root /usr/local && \ + apt-get clean && \ + rm -r /var/lib/apt/lists/* + +EXPOSE 1812/udp 1813/udp +CMD ["/bin/sh", "-c", "while true; do sleep 60; done"] diff --git a/scripts/docker/crossbuild.mk b/scripts/docker/crossbuild.mk new file mode 100644 index 00000000000..437057b18c8 --- /dev/null +++ b/scripts/docker/crossbuild.mk @@ -0,0 +1,88 @@ +# +# Legacy `crossbuild.*` command surface. Predates the unified +# docker... shape and is kept here as a thin +# alias layer over the new targets, so existing CI invocations +# and muscle memory keep working. +# + +ifndef CROSSBUILD_MK_INCLUDED +CROSSBUILD_MK_INCLUDED := 1 + +include scripts/docker/docker.mk + +# Short list of common-case crossbuild images used by `make crossbuild`. +CB_COMMON := rocky9 debian12 ubuntu24 + +# +# Per-image alias macro. .clean and .distclean keep their old +# semantics rather than tracking the new naming: +# crossbuild.IMAGE.clean = down container + rm stamps (no rmi) +# crossbuild.IMAGE.distclean = rmi + rm stamps (the full nuke, +# which the new docker.crossbuild.IMAGE.clean does) +# +define CROSSBUILD_ALIASES +.PHONY: crossbuild.${1} \ + crossbuild.${1}.status crossbuild.${1}.up crossbuild.${1}.down \ + crossbuild.${1}.sh crossbuild.${1}.log crossbuild.${1}.refresh \ + crossbuild.${1}.reset crossbuild.${1}.clean crossbuild.${1}.distclean + +crossbuild.${1}: docker.crossbuild.${1}.test +crossbuild.${1}.status: docker.crossbuild.${1}.status +crossbuild.${1}.up: docker.crossbuild.${1}.up +crossbuild.${1}.down: docker.crossbuild.${1}.down +crossbuild.${1}.sh: docker.crossbuild.${1}.sh +crossbuild.${1}.log: docker.crossbuild.${1}.log +crossbuild.${1}.refresh: docker.crossbuild.${1}.refresh +crossbuild.${1}.reset: docker.crossbuild.${1}.reset +crossbuild.${1}.clean: docker.crossbuild.${1}.down docker.crossbuild.${1}.reset +crossbuild.${1}.distclean: docker.crossbuild.${1}.clean +endef + +$(foreach IMG,$(IMAGES),$(eval $(call CROSSBUILD_ALIASES,$(IMG)))) + +# +# Umbrellas across the crossbuild image set. +# +.PHONY: crossbuild crossbuild.common crossbuild.down crossbuild.reset \ + crossbuild.clean crossbuild.distclean crossbuild.info crossbuild.info_header \ + crossbuild.help + +crossbuild: $(foreach IMG,$(IMAGES),crossbuild.$(IMG)) +crossbuild.common: $(foreach IMG,$(CB_COMMON),crossbuild.$(IMG)) +crossbuild.down: docker.crossbuild.down +crossbuild.reset: docker.crossbuild.reset +crossbuild.clean: docker.crossbuild.down docker.crossbuild.reset +crossbuild.distclean: docker.crossbuild.clean + +crossbuild.info: crossbuild.info_header $(foreach IMG,$(IMAGES),crossbuild.$(IMG).status) + @echo Common images: $(CB_COMMON) + +crossbuild.info_header: + @echo Crossbuild images: + +crossbuild.help: + @echo "" + @echo "Legacy crossbuild.* aliases (prefer the docker.crossbuild.* targets):" + @echo " crossbuild - run the test cycle for every IMAGE" + @echo " crossbuild.common - run the test cycle for $(CB_COMMON)" + @echo " crossbuild.info - list IMAGEs and their state" + @echo " crossbuild.down - stop every container" + @echo " crossbuild.reset - rm stamps for every IMAGE" + @echo " crossbuild.clean - down + reset across every IMAGE" + @echo " crossbuild.distclean - rmi + rm stamps across every IMAGE" + @echo "" + @echo "Per-IMAGE legacy aliases (all map to docker.crossbuild.IMAGE.):" + @echo " crossbuild.IMAGE - run the test cycle for one IMAGE" + @echo " crossbuild.IMAGE.status - show built / running state" + @echo " crossbuild.IMAGE.up - start container" + @echo " crossbuild.IMAGE.down - stop container" + @echo " crossbuild.IMAGE.sh - shell in container" + @echo " crossbuild.IMAGE.log - page latest build log" + @echo " crossbuild.IMAGE.refresh - rsync src + git pull inside container" + @echo " crossbuild.IMAGE.reset - rm stamps for one IMAGE" + @echo " crossbuild.IMAGE.clean - down + reset for one IMAGE" + @echo " crossbuild.IMAGE.distclean - rmi + rm stamps for one IMAGE" + @echo "" + @echo "Run 'make docker.help' for the unified docker... targets." + +endif diff --git a/scripts/docker/docker.mk b/scripts/docker/docker.mk index 050893952b8..46e3429a52c 100644 --- a/scripts/docker/docker.mk +++ b/scripts/docker/docker.mk @@ -1,8 +1,10 @@ # # Docker image + container lifecycle. Pulls Dockerfile generation # in via dockerfile.mk; this file owns building images from those -# Dockerfiles plus per-image container up/down/sh/log/reset and -# the crossbuild test cycle. +# Dockerfiles plus per-image container up / down / sh / log / reset +# and an in-container test cycle. Type-agnostic: targets for every +# declared TYPE come from one set of macros. Legacy crossbuild.* +# command aliases live in crossbuild.mk. # ifeq ($(shell which docker 2> /dev/null),) @@ -12,11 +14,10 @@ docker docker.help: else # -# Short list of common-case images: 'make docker' / 'make crossbuild' -# without further qualification fall back to these. +# Short list of common-case images: `make docker` without further +# qualification falls back to this set. # DOCKER_COMMON := ubuntu22 -CB_COMMON := rocky9 debian12 ubuntu24 # dockerfile.mk owns CB_DIR / DT / IMAGES / PROFILING_IMAGES / Q. include scripts/docker/dockerfile.mk @@ -160,51 +161,48 @@ docker.${2}.${1}.reset: endef # -# Crossbuild-specific extras: refresh the source into a writable -# build tree inside the container, then run configure + make test. -# crossbuild. stays as a legacy alias for the test target. +# Per-image test cycle: refresh the source into a writable build tree +# inside the running container, then run configure + make + make test. +# Generic across types -- applied selectively by callers (e.g. the +# crossbuild test workflow only wants this for the crossbuild type). # -define CROSSBUILD_TEST -.PHONY: docker.crossbuild.${1}.refresh docker.crossbuild.${1}.test crossbuild.${1} - -docker.crossbuild.${1}.refresh: docker.crossbuild.${1}.up - $${Q}echo "REFRESH $(DOCKER_IMAGE_PREFIX)-crossbuild-${1}" - $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-crossbuild-${1} sh -lc 'rsync -a /srv/src/ /srv/local-src/' - $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-crossbuild-${1} sh -lc 'git config -f /srv/local-src/config core.bare true' - $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-crossbuild-${1} sh -lc 'git config -f /srv/local-src/config --unset core.worktree || true' - $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-crossbuild-${1} sh -lc 'git config --global --add safe.directory /srv/local-src' - $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-crossbuild-${1} sh -lc '[ -d /srv/build ] || git clone /srv/local-src /srv/build' - $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-crossbuild-${1} sh -lc '(cd /srv/build && git pull --rebase)' - $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-crossbuild-${1} sh -lc '[ -e /srv/build/config.log ] || (cd /srv/build && ./configure -C)' > $(DOCKER_STATE)/configure.${1} 2>&1 - -docker.crossbuild.${1}.test crossbuild.${1}: docker.crossbuild.${1}.refresh - $${Q}echo "TEST $(DOCKER_IMAGE_PREFIX)-crossbuild-${1} > $(DOCKER_STATE)/test.${1}" - $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-crossbuild-${1} sh -lc '(cd /srv/build && make && make test)' > $(DOCKER_STATE)/test.${1} 2>&1 || (echo FAIL ${1} && false) +define DOCKER_TEST +.PHONY: docker.${2}.${1}.refresh docker.${2}.${1}.test + +docker.${2}.${1}.refresh: docker.${2}.${1}.up + $${Q}echo "REFRESH $(DOCKER_IMAGE_PREFIX)-${2}-${1}" + $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-${2}-${1} sh -lc 'rsync -a /srv/src/ /srv/local-src/' + $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-${2}-${1} sh -lc 'git config -f /srv/local-src/config core.bare true' + $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-${2}-${1} sh -lc 'git config -f /srv/local-src/config --unset core.worktree || true' + $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-${2}-${1} sh -lc 'git config --global --add safe.directory /srv/local-src' + $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-${2}-${1} sh -lc '[ -d /srv/build ] || git clone /srv/local-src /srv/build' + $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-${2}-${1} sh -lc '(cd /srv/build && git pull --rebase)' + $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-${2}-${1} sh -lc '[ -e /srv/build/config.log ] || (cd /srv/build && ./configure -C)' > $(DOCKER_STATE)/configure.${1}.${2} 2>&1 + +docker.${2}.${1}.test: docker.${2}.${1}.refresh + $${Q}echo "TEST $(DOCKER_IMAGE_PREFIX)-${2}-${1} > $(DOCKER_STATE)/test.${1}.${2}" + $${Q}docker container exec $(DOCKER_IMAGE_PREFIX)-${2}-${1} sh -lc '(cd /srv/build && make && make test)' > $(DOCKER_STATE)/test.${1}.${2} 2>&1 || (echo FAIL ${1}.${2} && false) endef + $(DOCKER_STATE): @mkdir -p $@ # # Wire build + phony + clean + lifecycle for every (image, type) -# combo. Profiling is gated to PROFILING_IMAGES because it FROMs -# the crossbuild image and only has an ubuntu24 source template. +# combo. Profiling FROMs the crossbuild image of the same distro, +# so its build depends on the corresponding crossbuild stamp. # $(foreach IMG,$(IMAGES),\ $(eval $(call DOCKER_BUILD,$(IMG),service,,)) \ $(eval $(call DOCKER_BUILD,$(IMG),ci,,)) \ $(eval $(call DOCKER_BUILD,$(IMG),crossbuild,$(if $(CB_FROM_$(IMG)),--build-arg=from=$(CB_FROM_$(IMG))),)) \ - $(foreach T,service ci crossbuild, \ + $(eval $(call DOCKER_BUILD,$(IMG),profiling,--build-arg=from=$(DOCKER_IMAGE_PREFIX)-crossbuild/$(IMG):$(GIT_SHA),$(DOCKER_STATE)/stamp-image.$(IMG).crossbuild)) \ + $(foreach T,service ci crossbuild profiling, \ $(eval $(call DOCKER_PHONY,$(IMG),$(T))) \ $(eval $(call DOCKER_CLEAN,$(IMG),$(T))) \ - $(eval $(call DOCKER_LIFECYCLE,$(IMG),$(T)))) \ - $(eval $(call CROSSBUILD_TEST,$(IMG)))) - -$(foreach IMG,$(PROFILING_IMAGES),\ - $(eval $(call DOCKER_BUILD,$(IMG),profiling,--build-arg=from=$(DOCKER_IMAGE_PREFIX)-crossbuild/$(IMG):$(GIT_SHA),$(DOCKER_STATE)/stamp-image.$(IMG).crossbuild)) \ - $(eval $(call DOCKER_PHONY,$(IMG),profiling)) \ - $(eval $(call DOCKER_CLEAN,$(IMG),profiling)) \ - $(eval $(call DOCKER_LIFECYCLE,$(IMG),profiling))) + $(eval $(call DOCKER_LIFECYCLE,$(IMG),$(T))) \ + $(eval $(call DOCKER_TEST,$(IMG),$(T))))) # # Per-type umbrellas. .clean / .up / .down / .reset fan out to the @@ -222,7 +220,7 @@ endef $(eval $(call DOCKER_TYPE_UMBRELLAS,service,$(IMAGES))) $(eval $(call DOCKER_TYPE_UMBRELLAS,ci,$(IMAGES))) $(eval $(call DOCKER_TYPE_UMBRELLAS,crossbuild,$(IMAGES))) -$(eval $(call DOCKER_TYPE_UMBRELLAS,profiling,$(PROFILING_IMAGES))) +$(eval $(call DOCKER_TYPE_UMBRELLAS,profiling,$(IMAGES))) # # Across-type umbrellas. 'docker' stays as a legacy alias for the @@ -243,26 +241,16 @@ docker.info: docker.info_header $(foreach IMG,$(IMAGES),docker.service.$(IMG).st docker.info_header: @echo Built images: -# -# Crossbuild legacy aliases: `crossbuild` runs the test cycle for -# every crossbuild image; `crossbuild.common` does just the common -# subset. -# -.PHONY: crossbuild crossbuild.common crossbuild.help -crossbuild: $(foreach IMG,$(IMAGES),crossbuild.$(IMG)) -crossbuild.common: $(foreach IMG,$(CB_COMMON),crossbuild.$(IMG)) -crossbuild.help: docker.help - .PHONY: docker.help docker.help: @echo "" @echo "Image builds ($(DOCKER_IMAGE_PREFIX)-TYPE/IMAGE:SHA):" - @echo " docker - build all service images (alias for docker.service)" - @echo " docker.common - build common service images ($(DOCKER_COMMON))" - @echo " docker.info - list images and their build status" - @echo " docker.TYPE - build every image of one type" - @echo " docker.TYPE.IMAGE - build a single image" - @echo " docker.TYPE.IMAGE.status - show whether the local image is built" + @echo " docker - build every service IMAGE (alias for docker.service)" + @echo " docker.common - build common service IMAGEs ($(DOCKER_COMMON))" + @echo " docker.info - list IMAGEs and their build status" + @echo " docker.TYPE - build every IMAGE of one TYPE" + @echo " docker.TYPE.IMAGE - build a single IMAGE" + @echo " docker.TYPE.IMAGE.status - show whether the local IMAGE is built" @echo "" @echo "Container lifecycle (sleeping container, /srv/src bind-mounted from host git):" @echo " docker.TYPE.IMAGE.up - start container" @@ -270,20 +258,23 @@ docker.help: @echo " docker.TYPE.IMAGE.sh - interactive shell in container" @echo " docker.TYPE.IMAGE.log - page the last build log" @echo " docker.TYPE.IMAGE.reset - rm stamps so the next build re-runs" - @echo " docker.TYPE.up / .down / .reset - per-type umbrellas" - @echo " docker.up / .down / .reset - every type" + @echo " docker.TYPE.up - start a container for every IMAGE of one TYPE" + @echo " docker.TYPE.down - stop every container of one TYPE" + @echo " docker.TYPE.reset - rm stamps for every IMAGE of one TYPE" + @echo " docker.up - start a container for every (TYPE, IMAGE)" + @echo " docker.down - stop every container across every TYPE" + @echo " docker.reset - rm stamps for every IMAGE, every TYPE" + @echo "" + @echo "Cleanup (removes the docker IMAGE + stamp; IMAGE-in-use is a no-op):" + @echo " docker.clean - remove every locally-built IMAGE" + @echo " docker.TYPE.clean - remove every IMAGE of one TYPE" + @echo " docker.TYPE.IMAGE.clean - remove a single IMAGE" @echo "" - @echo "Cleanup (removes the docker image + stamp; image-in-use is a no-op):" - @echo " docker.clean - remove every locally-built image" - @echo " docker.TYPE.clean - remove every image of one type" - @echo " docker.TYPE.IMAGE.clean - remove a single image" + @echo "Test cycle (configure + make + make test inside a running container):" + @echo " docker.TYPE.IMAGE.refresh - rsync src + git pull inside the container" + @echo " docker.TYPE.IMAGE.test - run configure + make + make test in container" @echo "" - @echo "Crossbuild test cycle (configure + make + make test inside the container):" - @echo " crossbuild - run the test cycle for every image" - @echo " crossbuild.common - run the test cycle for $(CB_COMMON)" - @echo " crossbuild.IMAGE - run the test cycle for one image" - @echo " (alias: docker.crossbuild.IMAGE.test)" - @echo " docker.crossbuild.IMAGE.refresh - rsync src + git pull inside the container" + @echo "Run 'make crossbuild.help' for the legacy crossbuild.* command aliases." @echo "" $(DOCKER_HELP_TYPES) @echo "" diff --git a/scripts/docker/dockerfile.mk b/scripts/docker/dockerfile.mk index 4381cef015c..acbc46a9b99 100644 --- a/scripts/docker/dockerfile.mk +++ b/scripts/docker/dockerfile.mk @@ -27,9 +27,6 @@ DOCKERFILE_M4_SHARED := $(wildcard $(CB_DIR)/m4/common.*.m4) $(wildcard $(CB_DIR # Every distro under build/ is an image we generate Dockerfiles for. IMAGES := $(sort $(patsubst $(DT)/%,%,$(wildcard $(DT)/*))) -# Profiling is ubuntu24-only (ddebs.ubuntu.com + dbgsym names assume -# debian-derivative + recent t64 transition). -PROFILING_IMAGES := $(filter ubuntu24,$(IMAGES)) # $(Q) silences recipe lines unless VERBOSE is set. Defined here so # the macros below work whether dockerfile.mk is included alone or @@ -96,20 +93,18 @@ endef $(foreach IMG,$(IMAGES),\ $(eval $(call DOCKERFILE_RULE,$(IMG),service,$(CB_DIR)/m4/service.deb.m4 $(CB_DIR)/m4/service.rpm.m4)) \ $(eval $(call DOCKERFILE_RULE,$(IMG),ci,$(CB_DIR)/m4/ci.deb.m4 $(CB_DIR)/m4/ci.rpm.m4)) \ - $(eval $(call DOCKERFILE_RULE,$(IMG),crossbuild,$(CB_DIR)/m4/crossbuild.deb.m4 $(CB_DIR)/m4/crossbuild.rpm.m4))) - -$(foreach IMG,$(PROFILING_IMAGES),\ - $(eval $(call DOCKERFILE_RULE,$(IMG),profiling,$(CB_DIR)/m4/profiling.deb.m4))) + $(eval $(call DOCKERFILE_RULE,$(IMG),crossbuild,$(CB_DIR)/m4/crossbuild.deb.m4 $(CB_DIR)/m4/crossbuild.rpm.m4)) \ + $(eval $(call DOCKERFILE_RULE,$(IMG),profiling,$(CB_DIR)/m4/profiling.deb.m4 $(CB_DIR)/m4/profiling.rpm.m4))) $(eval $(call DOCKERFILE_ALL,dockerfile.service,service,$(IMAGES))) $(eval $(call DOCKERFILE_ALL,dockerfile.ci,ci,$(IMAGES))) $(eval $(call DOCKERFILE_ALL,dockerfile.crossbuild,crossbuild,$(IMAGES))) -$(eval $(call DOCKERFILE_ALL,dockerfile.profiling,profiling,$(PROFILING_IMAGES))) +$(eval $(call DOCKERFILE_ALL,dockerfile.profiling,profiling,$(IMAGES))) $(eval $(call DOCKERFILE_CHECK,dockerfile.service.check,service,$(IMAGES),dockerfile.service)) $(eval $(call DOCKERFILE_CHECK,dockerfile.ci.check,ci,$(IMAGES),dockerfile.ci)) $(eval $(call DOCKERFILE_CHECK,dockerfile.crossbuild.check,crossbuild,$(IMAGES),dockerfile.crossbuild)) -$(eval $(call DOCKERFILE_CHECK,dockerfile.profiling.check,profiling,$(PROFILING_IMAGES),dockerfile.profiling)) +$(eval $(call DOCKERFILE_CHECK,dockerfile.profiling.check,profiling,$(IMAGES),dockerfile.profiling)) .PHONY: dockerfile dockerfile.check dockerfile: dockerfile.ci dockerfile.crossbuild dockerfile.profiling dockerfile.service @@ -123,7 +118,7 @@ define DOCKER_HELP_TYPES @echo " service production runtime image" @echo " ci slim toolchain base for ci-deb.yml / ci-rpm.yml" @echo " crossbuild full toolchain for crossbuild.yml" - @echo " profiling ubuntu24-only, layered on the crossbuild image" + @echo " profiling crossbuild + valgrind / gperftools / heaptrack / kcachegrind / debug symbols" endef .PHONY: dockerfile.help diff --git a/scripts/docker/m4/common.deb.dbgsym.m4 b/scripts/docker/m4/common.deb.dbgsym.m4 index 92ea4220226..4cb17223446 100644 --- a/scripts/docker/m4/common.deb.dbgsym.m4 +++ b/scripts/docker/m4/common.deb.dbgsym.m4 @@ -21,14 +21,14 @@ ifelse(OS_NAME, [ubuntu], [dnl RUN apt-get update && \ apt-get install -y $APT_OPTS ubuntu-dbgsym-keyring && \ printf 'deb http://ddebs.ubuntu.com OS_CODENAME main restricted universe multiverse\ndeb http://ddebs.ubuntu.com OS_CODENAME-updates main restricted universe multiverse\n' \ - > /etc/apt/sources.list.d/ddebs.list && \ - apt-get update && \], + > /etc/apt/sources.list.d/ddebs.list], OS_NAME, [debian], [dnl -RUN printf 'deb http://debian-debug.debian.net/debian-debug OS_CODENAME-debug main\n' \ - > /etc/apt/sources.list.d/debian-debug.list && \ - apt-get update && \], +RUN printf 'deb http://debug.mirrors.debian.org/debian-debug OS_CODENAME-debug main\n' \ + > /etc/apt/sources.list.d/debian-debug.list], [errprint([common.deb.dbgsym.m4: unsupported OS_NAME=]OS_NAME[ -])m4exit(1)])dnl +])m4exit(1)]) + +RUN apt-get update && \ apt-get install -y $APT_OPTS \ libc6-dbg \ zlib1g-dbgsym \ diff --git a/scripts/docker/m4/common.rpm.debuginfo.m4 b/scripts/docker/m4/common.rpm.debuginfo.m4 index ed405e76a37..45d6f9473d5 100644 --- a/scripts/docker/m4/common.rpm.debuginfo.m4 +++ b/scripts/docker/m4/common.rpm.debuginfo.m4 @@ -1,36 +1,34 @@ # -# Enable the Rocky debug repos and install debuginfo packages for -# the FreeRADIUS runtime library closure. Failure is fatal so a -# renamed or split debuginfo package gets caught at image-build -# time rather than silently producing an image without symbols. +# Debug symbols for the FreeRADIUS runtime library closure. We use +# `dnf debuginfo-install` (from dnf-plugins-core) because Rocky's +# debug repo naming has shifted between versions; the plugin walks +# the package metadata and enables whichever *-debug repo provides +# the matching debuginfo rpm. # -# The *-debug repos exist on Rocky 9 and 10; gpgcheck stays on so -# a mirror compromise can't smuggle in unsigned debuginfo. +# Failure is fatal -- a renamed or split debuginfo package gets +# caught at image-build time rather than silently producing an +# image without symbols. # RUN dnf install -y dnf-plugins-core && \ - dnf config-manager --set-enabled crb && \ - dnf config-manager --set-enabled baseos-debug && \ - dnf config-manager --set-enabled appstream-debug && \ - dnf config-manager --set-enabled crb-debug && \ - dnf install -y \ - glibc-debuginfo \ - zlib-debuginfo \ - readline-debuginfo \ - openssl-libs-debuginfo \ - cyrus-sasl-lib-debuginfo \ - pam-debuginfo \ - openldap-debuginfo \ - libtalloc-debuginfo \ - pcre2-debuginfo \ - libpcap-debuginfo \ - unbound-libs-debuginfo \ - sqlite-libs-debuginfo \ - libpq-debuginfo \ - mariadb-connector-c-debuginfo \ - gdbm-libs-debuginfo \ - json-c-debuginfo \ - brotli-debuginfo \ - hiredis-debuginfo \ - librdkafka-debuginfo \ - libcurl-debuginfo && \ + dnf debuginfo-install -y \ + glibc \ + zlib \ + readline \ + openssl-libs \ + cyrus-sasl-lib \ + pam \ + openldap \ + libtalloc \ + pcre2 \ + libpcap \ + unbound-libs \ + sqlite-libs \ + libpq \ + mariadb-connector-c \ + gdbm-libs \ + json-c \ + brotli \ + hiredis \ + librdkafka \ + libcurl && \ dnf clean all diff --git a/scripts/docker/m4/profiling.rpm.m4 b/scripts/docker/m4/profiling.rpm.m4 new file mode 100644 index 00000000000..20082eac376 --- /dev/null +++ b/scripts/docker/m4/profiling.rpm.m4 @@ -0,0 +1,66 @@ +ARG from=DOCKER_IMAGE +FROM ${from} + +# +# Install profiling tools +# +# Valgrind/cachegrind +# kcachegrind +# gperftools +# heaptrack +# +# EPEL is enabled by common.rpm.toolchain.m4 in the crossbuild base; +# heaptrack / gperftools / kcachegrind live there. CRB is also on for +# development headers. +# +RUN dnf install -y \ + gperftools-devel \ + gperftools \ + valgrind \ + heaptrack \ + psmisc \ + kcachegrind && \ + dnf clean all + +include(`common.rpm.debuginfo.m4')dnl + +# +# Rebuild libkqueue from source with debug symbols. +# CMAKE_BUILD_TYPE must be explicitly set to prevent +# the libkqueue project from overriding the flags. +# libkqueue source currently uses "-O2 -g -DNDEBUG" by default. +# +RUN dnf install -y cmake git rpm-build && \ + dnf clean all && \ + git clone --depth 1 https://github.com/mheily/libkqueue.git /tmp/libkqueue && \ + cd /tmp/libkqueue && \ + cmake -G "Unix Makefiles" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=lib64 \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DCMAKE_C_FLAGS_RELWITHDEBINFO="-g3 -O1 -fno-omit-frame-pointer -DNDEBUG" \ + . && \ + make && \ + cpack -G RPM && \ + rpm -i --force *.rpm && \ + cd / && rm -rf /tmp/libkqueue + +# +# Install FlameGraph +# +RUN git clone --depth 1 https://github.com/brendangregg/FlameGraph /opt/flamegraph \ + && chmod +x /opt/flamegraph/*.pl /opt/flamegraph/*.sh + +# Add FlameGraph to path +ENV PATH="/opt/flamegraph:${PATH}" + +# +# Install Inferno for callgrind. Inferno is a Rust port of FlameGraph +# with broader format support. +# +RUN dnf install -y cargo && \ + cargo install inferno --version 0.11.21 --locked --root /usr/local && \ + dnf clean all + +EXPOSE 1812/udp 1813/udp +CMD ["/bin/sh", "-c", "while true; do sleep 60; done"] -- 2.47.3