diff options
-rw-r--r-- | docker/Dockerfile | 5 | ||||
-rw-r--r-- | packages/linux-kernel/Jenkinsfile | 2 | ||||
-rw-r--r-- | packages/pam_tacplus/Jenkinsfile | 30 | ||||
-rwxr-xr-x | packages/strongswan/build.sh | 5 | ||||
-rw-r--r-- | packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch | 10 | ||||
-rw-r--r-- | packages/vyos-build-container/Jenkinsfile | 69 | ||||
-rwxr-xr-x | packages/vyos-build-container/build.sh | 24 | ||||
-rwxr-xr-x | resources/branding.sh | 64 | ||||
-rwxr-xr-x | scripts/check-qemu-install | 22 | ||||
-rw-r--r-- | vars/buildPackage.groovy | 27 | ||||
-rw-r--r-- | vars/cloneAndBuild.groovy | 2 | ||||
-rw-r--r-- | vars/isCustomBuild.groovy | 4 |
12 files changed, 237 insertions, 27 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile index 48aec028..f700fd20 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -354,6 +354,11 @@ RUN apt-get update && apt-get install -y \ RUN apt-get update && apt-get install -y \ asciidoc-base +# Extra packages +RUN apt-get update +# For owamp +RUN apt-get install -y dh-apparmor dh-exec libcap-dev + # Allow password-less 'sudo' for all users in group 'sudo' RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \ echo "vyos_bld\tALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \ diff --git a/packages/linux-kernel/Jenkinsfile b/packages/linux-kernel/Jenkinsfile index b8766611..f5b27e4f 100644 --- a/packages/linux-kernel/Jenkinsfile +++ b/packages/linux-kernel/Jenkinsfile @@ -72,4 +72,4 @@ def pkgList = [ ] // Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('Kernel', pkgList, null, true, "**/packages/linux-kernel/**") +buildPackage('Kernel', pkgList, null, true, "(.*packages/linux-kernel/.+|.*data/defaults.+)", "ec2_amd64", "REGEXP") diff --git a/packages/pam_tacplus/Jenkinsfile b/packages/pam_tacplus/Jenkinsfile index 3ac6909a..33a36d57 100644 --- a/packages/pam_tacplus/Jenkinsfile +++ b/packages/pam_tacplus/Jenkinsfile @@ -19,16 +19,20 @@ // @Library annotation is not an import statement! @Library('vyos-build@sagitta')_ -def pkgList = [ - ['name': 'pam_tacplus-debian', - 'scmCommit': '50c6fd7', - 'scmUrl': 'https://github.com/kravietz/pam_tacplus-debian', - 'buildCmd': '/bin/true'], - ['name': 'pam_tacplus', - 'scmCommit': '4f91b0d', - 'scmUrl': 'https://github.com/kravietz/pam_tacplus', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('pam_tacplus', pkgList, null, true, "**/packages/pam_tacplus/**") +// +// DISABLED: This is wrong version, the vyos-missing/packages/libnss-tacplus already builds the libpam-tacplus anyway. +// +// def pkgList = [ +// ['name': 'pam_tacplus-debian', +// 'scmCommit': '50c6fd7', +// 'scmUrl': 'https://github.com/kravietz/pam_tacplus-debian', +// 'buildCmd': '/bin/true'], +// ['name': 'pam_tacplus', +// 'scmCommit': '7908a7faa0205beda9ea198bdd3aa37868be6da2', +// 'scmUrl': 'https://github.com/kravietz/pam_tacplus', +// 'buildCmd': 'cd ..; ./build.sh'], +// ] +// +// // Start package build using library function from https://github.com/vyos/vyos-build +// buildPackage('pam_tacplus', pkgList, null, true, "**/packages/pam_tacplus/**") +//
\ No newline at end of file diff --git a/packages/strongswan/build.sh b/packages/strongswan/build.sh index c0dab4d5..8afca39e 100755 --- a/packages/strongswan/build.sh +++ b/packages/strongswan/build.sh @@ -53,4 +53,7 @@ echo "I: bump version" dch -v "5.9.11-2+vyos0" "Patchset for DMVPN support" -b echo "I: Build Debian Package" -dpkg-buildpackage -uc -us -tc -b -d +dpkg-buildpackage -uc -us -b -d + +cd src/libcharon/plugins/vici/python +python setup.py --command-packages=stdeb.command bdist_deb diff --git a/packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch b/packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch index 57a622e8..d9dd8dd7 100644 --- a/packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch +++ b/packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch @@ -81,8 +81,8 @@ index 2fed1f10f..fa0d21a0c 100755 @@ -3,6 +3,15 @@ export DEB_LDFLAGS_MAINT_APPEND=-Wl,-O1 #export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 -Wl,-z,defs export DEB_BUILD_MAINT_OPTIONS=hardening=+all - -+CONFIGUREARGS_VYOS := --disable-warnings \ + ++CONFIGUREARGS_VYOS := --disable-warnings --enable-python-eggs \ + --disable-ldap \ + --disable-led \ + --disable-nm \ @@ -96,11 +96,11 @@ index 2fed1f10f..fa0d21a0c 100755 --enable-agent \ @@ -88,7 +97,7 @@ ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) deb_systemdsystemunitdir = $(shell pkg-config --variable=systemdsystemunitdir systemd | sed s,^/,,) - + override_dh_auto_configure: - dh_auto_configure -- $(CONFIGUREARGS) + dh_auto_configure -- $(CONFIGUREARGS) $(CONFIGUREARGS_VYOS) - + override_dh_auto_clean: dh_auto_clean diff --git a/debian/strongswan-nm.install b/debian/strongswan-nm.install @@ -110,6 +110,6 @@ index b0c05d94f..e69de29bb 100644 @@ -1,2 +0,0 @@ -usr/lib/ipsec/charon-nm -usr/share/dbus-1/system.d/nm-strongswan-service.conf --- +-- 2.30.2 diff --git a/packages/vyos-build-container/Jenkinsfile b/packages/vyos-build-container/Jenkinsfile new file mode 100644 index 00000000..31afdbb9 --- /dev/null +++ b/packages/vyos-build-container/Jenkinsfile @@ -0,0 +1,69 @@ +// Copyright (C) 2020-2024 VyOS maintainers and contributors +// +// This program is free software; you can redistribute it and/or modify +// in order to easy exprort images built to 'external' world +// it under the terms of the GNU General Public License version 2 or later as +// published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. +@NonCPS + +// Using a version specifier library, use 'sagitta' branch. The underscore (_) +// is not a typo! You need this underscore if the line immediately after the +// @Library annotation is not an import statement! +@Library('vyos-build@sagitta')_ + +pipeline { + agent none + options { + disableConcurrentBuilds() + timeout(time: 240, unit: 'MINUTES') + timestamps() + buildDiscarder(logRotator(numToKeepStr: '10')) + } + stages { + stage('Build') { + agent { + label "ec2_amd64" + } + when { + anyOf { + changeset pattern: "**/docker/*", caseSensitive: true + triggeredBy cause: "UserIdCause" + } + } + steps { + script { + // Checkout git repository which hold 'Jenkinsfile' + checkout scm + + // Display Git commit Id used with the Jenkinsfile on the Job 'Build History' pane + def commitId = sh(returnStdout: true, script: 'git rev-parse --short=11 HEAD').trim() + currentBuild.description = 'Git SHA1: ' + commitId + + // Fetch sources and build docker image + dir(getJenkinsfilePath() + 'vyos-build') { + checkout([$class: 'GitSCM', + doGenerateSubmoduleConfigurations: false, + extensions: [[$class: 'CleanCheckout']], + branches: [[name: env.BRANCH_NAME]], + userRemoteConfigs: [[url: 'https://github.com/dd010101/vyos-build.git']]]) + + sh 'cd ..; ./build.sh' + } + } + } + post { + cleanup { + deleteDir() + } + } + } + } +} diff --git a/packages/vyos-build-container/build.sh b/packages/vyos-build-container/build.sh new file mode 100755 index 00000000..5a526220 --- /dev/null +++ b/packages/vyos-build-container/build.sh @@ -0,0 +1,24 @@ +#!/bin/sh +set -e + +cd vyos-build/docker + +echo "Inspecting current image of ${BRANCH_NAME}..." +previousImageId=$(docker images --filter=reference="vyos/vyos-build:${BRANCH_NAME}" --format "{{.ID}}") + +echo "Building docker build container for branch ${BRANCH_NAME}..." +docker build --no-cache -t "vyos/vyos-build:${BRANCH_NAME}" . + +echo "Pushing ${BRANCH_NAME} image to registry ${CUSTOM_DOCKER_REPO}..." +docker tag "vyos/vyos-build:${BRANCH_NAME}" "${CUSTOM_DOCKER_REPO}/vyos/vyos-build:${BRANCH_NAME}" +docker push "${CUSTOM_DOCKER_REPO}/vyos/vyos-build:$BRANCH_NAME" + +echo "Cleaning previous image of ${BRANCH_NAME}..." +if [ "$previousImageId" != "" ]; then + docker rmi --force "$previousImageId" || true +fi + +echo "Cleaning local registry..." +docker exec registry registry garbage-collect /etc/docker/registry/config.yml --delete-untagged=true + +echo "Image ${BRANCH_NAME} was successfully built and pushed to registry ${CUSTOM_DOCKER_REPO}." diff --git a/resources/branding.sh b/resources/branding.sh new file mode 100755 index 00000000..36f0a6ab --- /dev/null +++ b/resources/branding.sh @@ -0,0 +1,64 @@ +#!/usr/bin/env bash +set -e + +echo "NOT_VYOS: $NOT_VYOS" +if [ "$NOT_VYOS" != "" ]; then + name="$NOT_VYOS" + if [ "$name" == "yes" ]; then + name="NOTvyos" + fi + + if [[ "$JOB_NAME" == *"vyos-1x"* ]]; then + # sagitta + echo "Removing branding for $JOB_NAME..." + defaultMotd="./data/templates/login/default_motd.j2" + if [ -f "$defaultMotd" ]; then + sed -i "s/VyOS/$name/" "$defaultMotd" + fi + + systemLoginBannerPy="./src/conf_mode/system_login_banner.py" + if [ -f "$systemLoginBannerPy" ]; then + sed -i "s/Welcome to VyOS/Welcome to $name/" "$systemLoginBannerPy" + fi + + vyosRouter="./src/init/vyos-router" + if [ -f "$vyosRouter" ]; then + sed -i "s/VyOS Config/$name Config/" "$vyosRouter" + sed -i "s/VyOS router/$name router/" "$vyosRouter" + fi + + vyosVersionPy="./src/op_mode/version.py" + if [ -f "$vyosVersionPy" ]; then + sed -i "s/VyOS {{version}}/$name {{version}}/" "$vyosVersionPy" + fi + + airbagPy="./python/vyos/airbag.py" + if [ -f "$airbagPy" ]; then + sed -i "s/VyOS {{version}}/$name {{version}}/" "$airbagPy" + fi + + # equuleus + systemLoginBannerPy2="./src/conf_mode/system-login-banner.py" + if [ -f "$systemLoginBannerPy2" ]; then + sed -i "s/Welcome to VyOS/Welcome to $name/" "$systemLoginBannerPy2" + fi + + vyosVersionPy2="./src/op_mode/show_version.py" + if [ -f "$vyosVersionPy2" ]; then + sed -i "s/VyOS {{version}}/$name {{version}}/" "$vyosVersionPy2" + fi + + elif [[ "$JOB_NAME" == *"vyatta-cfg"* ]]; then + + # equuleus + echo "Removing branding for $JOB_NAME..." + vyosRouter="./scripts/init/vyos-router" + if [ -f "$vyosRouter" ]; then + sed -i "s/VyOS Config/$name Config/" "$vyosRouter" + sed -i "s/VyOS router/$name router/" "$vyosRouter" + fi + + else + echo "No branding to remove for $JOB_NAME" + fi +fi diff --git a/scripts/check-qemu-install b/scripts/check-qemu-install index ed1b6dff..007e0260 100755 --- a/scripts/check-qemu-install +++ b/scripts/check-qemu-install @@ -74,7 +74,7 @@ parser.add_argument('--configtest', help='Execute load/commit config tests', action='store_true', default=False) parser.add_argument('--qemu-cmd', help='Only generate QEMU launch command', action='store_true', default=False) - +parser.add_argument('--sandbox', help='Interactive sandbox mode', action='store_true', default=False) args = parser.parse_args() @@ -378,6 +378,26 @@ try: c.expect(op_mode_prompt) ################################################# + # Sandbox mode + ################################################# + + if args.sandbox: + log.info("SANDBOX: now you are in control!") + c.sendline("") + c.logfile = None + c.interact() + if not args.keep: + log.info("SANDBOX: removing disk file: %s" % args.disk) + try: + os.remove(args.disk) + if diskname_raid: + os.remove(diskname_raid) + except Exception: + pass + log.info("SANDBOX: end") + exit(0) + + ################################################# # Basic Configmode/Opmode switch ################################################# log.info('Basic CLI configuration mode test') diff --git a/vars/buildPackage.groovy b/vars/buildPackage.groovy index 89f9a7d4..344420b8 100644 --- a/vars/buildPackage.groovy +++ b/vars/buildPackage.groovy @@ -14,7 +14,7 @@ // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. -def call(description=null, pkgList=null, buildCmd=null, buildArm=false, changesPattern="**", buildLabel="ec2_amd64") { +def call(description=null, pkgList=null, buildCmd=null, buildArm=false, changesPattern="**", buildLabel="ec2_amd64", changesPatternComparator="GLOB") { // - description: Arbitrary text to print on Jenkins Job Description // instead of package name // - pkgList: Multiple packages can be build at once in a single Pipeline run @@ -44,7 +44,7 @@ def call(description=null, pkgList=null, buildCmd=null, buildArm=false, changesP } when { anyOf { - changeset "${changesPattern}" + changeset pattern: changesPattern, caseSensitive: true, comparator: changesPatternComparator triggeredBy cause: "UserIdCause" } } @@ -70,7 +70,7 @@ def call(description=null, pkgList=null, buildCmd=null, buildArm=false, changesP stage('Build Code') { when { anyOf { - changeset pattern: changesPattern, caseSensitive: true + changeset pattern: changesPattern, caseSensitive: true, comparator: changesPatternComparator triggeredBy cause: "UserIdCause" } } @@ -115,7 +115,13 @@ def call(description=null, pkgList=null, buildCmd=null, buildArm=false, changesP } } when { - equals expected: true, actual: buildArm + beforeAgent true + allOf { + expression { + return env.ARM64_BUILD_DISABLED != 'true' + } + equals expected: true, actual: buildArm + } } steps { script { @@ -134,7 +140,7 @@ def call(description=null, pkgList=null, buildCmd=null, buildArm=false, changesP stage("Finalize") { when { anyOf { - changeset pattern: changesPattern, caseSensitive: true + changeset pattern: changesPattern, caseSensitive: true, comparator: changesPatternComparator triggeredBy cause: "UserIdCause" } } @@ -245,11 +251,20 @@ def call(description=null, pkgList=null, buildCmd=null, buildArm=false, changesP def ARCH = '' if (PACKAGE_ARCH != 'all') ARCH = '-A ' + PACKAGE_ARCH + def EXTRA_ARGS = '' + // Add generic Priority if missing + if (sh(returnStatus: true, script: "dpkg-deb -f ${FILE} | grep Priority:") != 0) { + EXTRA_ARGS = EXTRA_ARGS + ' -P optional' + } + // Add generic Section if missing + if (sh(returnStatus: true, script: "dpkg-deb -f ${FILE} | grep Section:") != 0) { + EXTRA_ARGS = EXTRA_ARGS + ' -S misc' + } sh(script: "scp ${SSH_OPTS} ${FILE} ${SSH_REMOTE}:${SSH_DIR}") // Packages like FRR produce their binary in a nested path e.g. packages/frr/frr-rpki-rtrlib-dbgsym_7.5_arm64.deb, // thus we will only extract the filename portion from FILE as the binary is scp'ed to SSH_DIR without any subpath. def FILENAME = FILE.toString().tokenize('/').last() - sh(script: "ssh ${SSH_OPTS} ${SSH_REMOTE} -t \"uncron-add 'reprepro -v -b ${VYOS_REPO_PATH} ${ARCH} includedeb ${RELEASE} ${SSH_DIR}/${FILENAME}'\"") + sh(script: "ssh ${SSH_OPTS} ${SSH_REMOTE} -t \"uncron-add 'reprepro -v -b ${VYOS_REPO_PATH}${EXTRA_ARGS} ${ARCH} includedeb ${RELEASE} ${SSH_DIR}/${FILENAME}'\"") } sh(script: "ssh ${SSH_OPTS} ${SSH_REMOTE} -t \"uncron-add 'reprepro -v -b ${VYOS_REPO_PATH} deleteunreferenced'\"") } diff --git a/vars/cloneAndBuild.groovy b/vars/cloneAndBuild.groovy index f4114a68..9945da88 100644 --- a/vars/cloneAndBuild.groovy +++ b/vars/cloneAndBuild.groovy @@ -46,6 +46,8 @@ def call(description, architecture, pkgList, buildCmd) { } } + sh(script: libraryResource("branding.sh")) + // compile the source(s) ... if (pkgList) { pkgList.each { pkg -> diff --git a/vars/isCustomBuild.groovy b/vars/isCustomBuild.groovy index c5e5fab7..b1e6fe76 100644 --- a/vars/isCustomBuild.groovy +++ b/vars/isCustomBuild.groovy @@ -22,5 +22,9 @@ def call() { def gitURI = 'git@github.com:vyos/' + getGitRepoName() def httpURI = 'https://github.com/vyos/' + getGitRepoName() + if (env.CUSTOM_BUILD_CHECK_DISABLED) { + return false + } + return !((getGitRepoURL() == gitURI) || (getGitRepoURL() == httpURI)) || isPullRequest() } |