From 46db1bd9b0fe2144b64208f78937d22c6bc9f627 Mon Sep 17 00:00:00 2001 From: Jamie Snape Date: Wed, 16 Sep 2020 16:19:28 -0400 Subject: [PATCH] Add installation and configuration scripts for building debian packages --- setup/debian/.bazelrc | 1 + setup/debian/.gbp.conf | 3 ++ setup/debian/.pbuilderrc | 1 + setup/debian/A10-git-ssh | 25 ++++++++++ setup/debian/A20-locale | 11 +++++ setup/debian/B10-autopkgtest | 11 +++++ setup/debian/D10-apt | 29 +++++++++++ setup/debian/bazel.list | 1 + setup/debian/git_ssh | 7 +++ setup/debian/install_prereqs | 88 +++++++++++++++++++++++++++++++++ tools/build_debian_package.bash | 72 +++++++++++++++++++++++++++ 11 files changed, 249 insertions(+) create mode 100644 setup/debian/.bazelrc create mode 100644 setup/debian/.gbp.conf create mode 100644 setup/debian/.pbuilderrc create mode 100755 setup/debian/A10-git-ssh create mode 100755 setup/debian/A20-locale create mode 100755 setup/debian/B10-autopkgtest create mode 100755 setup/debian/D10-apt create mode 100644 setup/debian/bazel.list create mode 100755 setup/debian/git_ssh create mode 100755 setup/debian/install_prereqs create mode 100755 tools/build_debian_package.bash diff --git a/setup/debian/.bazelrc b/setup/debian/.bazelrc new file mode 100644 index 00000000..7af7a69c --- /dev/null +++ b/setup/debian/.bazelrc @@ -0,0 +1 @@ +build --action_env=GIT_SSH=/home/pbuilder/git_ssh diff --git a/setup/debian/.gbp.conf b/setup/debian/.gbp.conf new file mode 100644 index 00000000..35196264 --- /dev/null +++ b/setup/debian/.gbp.conf @@ -0,0 +1,3 @@ +[buildpackage] +pbuilder = True +pbuilder-options = --bindmounts /var/cache/pbuilder/bindmount --components 'main restricted universe multiverse' --hookdir /var/cache/pbuilder/hook.d --use-network yes diff --git a/setup/debian/.pbuilderrc b/setup/debian/.pbuilderrc new file mode 100644 index 00000000..42944e25 --- /dev/null +++ b/setup/debian/.pbuilderrc @@ -0,0 +1 @@ +BUILD_HOME=/home/pbuilder diff --git a/setup/debian/A10-git-ssh b/setup/debian/A10-git-ssh new file mode 100755 index 00000000..b535f638 --- /dev/null +++ b/setup/debian/A10-git-ssh @@ -0,0 +1,25 @@ +#!/bin/bash + +set -euxo pipefail + +mkdir -p /home/pbuilder + +chown pbuilder:pbuilder /home/pbuilder +chmod 0755 /home/pbuilder + +mkdir -p /home/pbuilder/.ssh + +chown pbuilder:pbuilder /home/pbuilder/.ssh +chmod 0700 /home/pbuilder/.ssh + +cp /var/cache/pbuilder/bindmount/id_rsa /home/pbuilder/.ssh + +chown pbuilder:pbuilder /home/pbuilder/.ssh/id_rsa +chmod 0600 /home/pbuilder/.ssh/id_rsa + +cp /var/cache/pbuilder/bindmount/.bazelrc \ + /var/cache/pbuilder/bindmount/git_ssh \ + /home/pbuilder + +chown pbuilder:pbuilder /home/pbuilder/.bazelrc /home/pbuilder/git_ssh +chmod 0755 /home/pbuilder/git_ssh diff --git a/setup/debian/A20-locale b/setup/debian/A20-locale new file mode 100755 index 00000000..25efc2c2 --- /dev/null +++ b/setup/debian/A20-locale @@ -0,0 +1,11 @@ +#!/bin/bash + +set -euxo pipefail + +apt-get update -o APT::Acquire::Retries=4 \ + || (sleep 15; apt-get update -o APT::Acquire::Retries=4) + +apt-get install -o APT::Acquire::Retries=4 -y --no-install-recommends locales + +locale-gen en_US.UTF-8 +update-locale LANG=en_US.UTF-8 diff --git a/setup/debian/B10-autopkgtest b/setup/debian/B10-autopkgtest new file mode 100755 index 00000000..4ff6040d --- /dev/null +++ b/setup/debian/B10-autopkgtest @@ -0,0 +1,11 @@ +#!/bin/bash + +set -euxo pipefail + +apt-get update -o APT::Acquire::Retries=4 \ + || (sleep 15; apt-get update -o APT::Acquire::Retries=4) + +apt-get install -o APT::Acquire::Retries=4 -y --no-install-recommends \ + autopkgtest + +autopkgtest "${BUILDDIR}"/drake_*_amd64.changes -- null diff --git a/setup/debian/D10-apt b/setup/debian/D10-apt new file mode 100755 index 00000000..2a358b11 --- /dev/null +++ b/setup/debian/D10-apt @@ -0,0 +1,29 @@ +#!/bin/bash + +set -euxo pipefail + +apt-get update -o APT::Acquire::Retries=4 \ + || (sleep 15; apt-get update -o APT::Acquire::Retries=4) + +apt-get install -o APT::Acquire::Retries=4 -y --no-install-recommends \ + lsb-release + +echo "deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-updates main restricted universe multiverse" \ + >> /etc/apt/sources.list + +apt-get update -o APT::Acquire::Retries=4 \ + || (sleep 15; apt-get update -o APT::Acquire::Retries=4) + +apt-get dist-upgrade -o APT::Acquire::Retries=4 -y + +apt-get install -o APT::Acquire::Retries=4 -y --no-install-recommends \ + ca-certificates \ + gnupg + +apt-key adv --fetch-keys https://bazel.build/bazel-release.pub.gpg \ + || (sleep 15; apt-key adv --fetch-keys https://bazel.build/bazel-release.pub.gpg) + +cp /var/cache/pbuilder/bindmount/bazel.list /etc/apt/sources.list.d + +apt-get update -o APT::Acquire::Retries=4 \ + || (sleep 15; apt-get update -o APT::Acquire::Retries=4) diff --git a/setup/debian/bazel.list b/setup/debian/bazel.list new file mode 100644 index 00000000..187b569f --- /dev/null +++ b/setup/debian/bazel.list @@ -0,0 +1 @@ +deb [arch=amd64] https://storage.googleapis.com/bazel-apt stable jdk1.8 diff --git a/setup/debian/git_ssh b/setup/debian/git_ssh new file mode 100755 index 00000000..37646894 --- /dev/null +++ b/setup/debian/git_ssh @@ -0,0 +1,7 @@ +#!/bin/bash + +set -euxo pipefail + +[[ -z "${DISPLAY:-}" ]] && export DISPLAY=:0.0 +ssh -i /home/pbuilder/.ssh/id_rsa -o UserKnownHostsFile=/dev/null \ + -o StrictHostKeyChecking=no "$@" diff --git a/setup/debian/install_prereqs b/setup/debian/install_prereqs new file mode 100755 index 00000000..3983d999 --- /dev/null +++ b/setup/debian/install_prereqs @@ -0,0 +1,88 @@ +#!/bin/bash + +# Copyright (c) 2019, Massachusetts Institute of Technology. +# Copyright (c) 2019, Toyota Research Institute. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# * Neither the name of the copyright holder nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +set -euxo pipefail + +if [[ "${EUID}" -ne 0 ]]; then + echo 'ERROR: This script must be run using sudo -E or as root' >&2 + exit 1 +fi + +export DEBIAN_FRONTEND=noninteractive + +apt-get update -o APT::Acquire::Retries=4 -qq \ + || (sleep 15; apt-get update -o APT::Acquire::Retries=4 -qq) +trap 'set +x; rm -rf /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin /var/lib/apt/lists/* /var/log/apt/*; set -x' EXIT + +apt-get install --no-install-recommends -o APT::Acquire::Retries=4 -o Dpkg::Use-Pty=0 -qy \ + cowbuilder \ + git \ + git-buildpackage \ + lintian \ + lsb-release \ + pristine-tar \ + xz-utils + +git config --global tar.tar.xz.command 'xz -c' +git config --global user.email drake.jenkins.bot@gmail.com +git config --global user.name drake-jenkins-bot + +if [[ -z "${SSH_PRIVATE_KEY_FILE:-}" ]]; then + echo 'ERROR: Environment variable SSH_PRIVATE_KEY_FILE was NOT set' >&2 + exit 2 +fi + +mkdir -p /var/cache/pbuilder/bindmount /var/cache/pbuilder/hook.d + +pushd "${BASH_SOURCE%/*}" + +cp .bazelrc bazel.list git_ssh /var/cache/pbuilder/bindmount +cp .gbp.conf .pbuilderrc /home/ubuntu +cp A10-git-ssh A20-locale B10-autopkgtest D10-apt /var/cache/pbuilder/hook.d + +popd + +chown ubuntu:ubuntu /home/ubuntu/.gbp.conf /home/ubuntu/.pbuilderrc + +chmod 0755 \ + /var/cache/pbuilder/hook.d/A10-git-ssh \ + /var/cache/pbuilder/hook.d/A20-locale \ + /var/cache/pbuilder/hook.d/B10-autopkgtest \ + /var/cache/pbuilder/hook.d/D10-apt + +cp "${SSH_PRIVATE_KEY_FILE:-}" /var/cache/pbuilder/bindmount/id_rsa + +export ARCH=amd64 +export DIST=$(lsb_release -cs) +export GIT_PBUILDER_OPTIONS="--bindmounts /var/cache/pbuilder/bindmount --components 'main restricted universe multiverse' --hookdir /var/cache/pbuilder/hook.d --use-network yes" \ + +git-pbuilder create diff --git a/tools/build_debian_package.bash b/tools/build_debian_package.bash new file mode 100755 index 00000000..decd45ea --- /dev/null +++ b/tools/build_debian_package.bash @@ -0,0 +1,72 @@ +#!/bin/bash + +# Copyright (c) 2020, Massachusetts Institute of Technology. +# Copyright (c) 2020, Toyota Research Institute. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# * Neither the name of the copyright holder nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +set -euxo pipefail + +readonly workspace="$1" + +git config --global user.email drake.jenkins.bot@gmail.com +git config --global user.name drake-jenkins-bot + +readonly codename="$(lsb_release -cs)" + +gbp clone \ + --debian-branch="debian/${codename}" \ + --repo-email=GIT \ + --repo-user=GIT \ + git@github.com:RobotLocomotion/debian-drake.git \ + "${workspace}/debian-drake" + +pushd "${workspace}/debian-drake" + +git remote add upstream "${workspace}/src" + +readonly version="0.0.$(date +%Y%m%d)" + +git checkout upstream +git pull upstream master +git tag "upstream/${version}" + +git checkout "debian/${codename}" +git merge --no-edit "upstream/${version}" + +sudo mk-build-deps --host-arch amd64 -irt 'apt-get --no-install-recommends -qy' \ + "${workspace}/debian-drake/debian/control" + +gbp buildpackage ---git-export=WC --git-no-pristine-tar -us -uc -nc + +popd + + +pbuilderrc + +