From 933a14e16f0232c5ec883644b7363a59da7bcd90 Mon Sep 17 00:00:00 2001 From: Brandon Pfeifer Date: Mon, 26 Jun 2023 12:23:31 -0400 Subject: [PATCH] chore: fix package permissions (1.10) (#24304) * chore: replace "package builder" shell/docker implemention with python * chore: remove unused packaging files --- .circleci/config.yml | 54 +-- .circleci/scripts/package/build.py | 369 ++++++++++++++++++ .circleci/scripts/package/config.yaml | 51 +++ .../package/influxdb/control/post-install | 0 .../package/influxdb/control/post-uninstall | 0 .../package/influxdb/control/pre-install | 0 .../package/influxdb/fs/etc/influxdb/.keepdir | 1 + .../package/influxdb/fs/usr/bin/.keepdir | 1 + .../scripts}/influxd-systemd-start.sh | 0 .../lib/influxdb/scripts}/influxdb.service | 0 .../fs/usr/lib/influxdb/scripts}/init.sh | 0 .../influxdb/fs/usr/share/man/man1/.keepdir | 1 + .../influxdb/fs/var/lib/influxdb/.keepdir | 1 + .../influxdb/fs/var/log/influxdb/.keepdir | 1 + .circleci/scripts/package/requirements.txt | 2 + releng/packages/Dockerfile | 18 - releng/packages/build.bash | 55 --- .../fs/usr/local/bin/influxdb_packages.bash | 179 --------- scripts/logrotate | 8 - 19 files changed, 454 insertions(+), 287 deletions(-) create mode 100755 .circleci/scripts/package/build.py create mode 100644 .circleci/scripts/package/config.yaml rename scripts/post-install.sh => .circleci/scripts/package/influxdb/control/post-install (100%) rename scripts/post-uninstall.sh => .circleci/scripts/package/influxdb/control/post-uninstall (100%) rename scripts/pre-install.sh => .circleci/scripts/package/influxdb/control/pre-install (100%) mode change 100755 => 100644 create mode 100644 .circleci/scripts/package/influxdb/fs/etc/influxdb/.keepdir create mode 100644 .circleci/scripts/package/influxdb/fs/usr/bin/.keepdir rename {scripts => .circleci/scripts/package/influxdb/fs/usr/lib/influxdb/scripts}/influxd-systemd-start.sh (100%) mode change 100755 => 100644 rename {scripts => .circleci/scripts/package/influxdb/fs/usr/lib/influxdb/scripts}/influxdb.service (100%) rename {scripts => .circleci/scripts/package/influxdb/fs/usr/lib/influxdb/scripts}/init.sh (100%) mode change 100755 => 100644 create mode 100644 .circleci/scripts/package/influxdb/fs/usr/share/man/man1/.keepdir create mode 100644 .circleci/scripts/package/influxdb/fs/var/lib/influxdb/.keepdir create mode 100644 .circleci/scripts/package/influxdb/fs/var/log/influxdb/.keepdir create mode 100644 .circleci/scripts/package/requirements.txt delete mode 100644 releng/packages/Dockerfile delete mode 100755 releng/packages/build.bash delete mode 100755 releng/packages/fs/usr/local/bin/influxdb_packages.bash delete mode 100644 scripts/logrotate diff --git a/.circleci/config.yml b/.circleci/config.yml index db0bfa67c6..7d9222c3f2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -65,28 +65,15 @@ jobs: - run: name: Build binaries command: | - set -x - - tarsum() - { - FROM_DIR=$1 - TARBALL_PATH=$2 - tar -C $FROM_DIR -cvzf ${TARBALL_PATH} . - md5sum ${TARBALL_PATH} > ${TARBALL_PATH}.md5 - sha256sum ${TARBALL_PATH} > ${TARBALL_PATH}.sha256 - } - export CC="$(xcc linux x86_64)" export CGO_ENABLED=1 # linux amd64 (static build) - TMPOUTDIR=$(mktemp -d) export GOOS=linux export GOARCH=amd64 for cmd in github.com/influxdata/influxdb/cmd/{influxd,influx,influx_inspect} do go build \ - -o "${TMPOUTDIR}/$(basename $cmd)" \ -tags "netgo,osusergo,static_build" \ -buildmode=pie \ -ldflags="-s @@ -100,7 +87,14 @@ jobs: done mkdir -p ./bins - tarsum $TMPOUTDIR ./bins/influxdb_bin_${GOOS}_${GOARCH}-${CIRCLE_SHA1}.tar.gz + + target="bins/influxdb_bin_${GOOS}_${GOARCH}-${CIRCLE_SHA1}.tar.gz" + tar -czf "${target}" \ + influx \ + influx_inspect \ + influxd + md5sum "${target}" > "${target}.md5" + sha256sum "${target}" > "${target}.sha256" - store_artifacts: path: bins/ - persist_to_workspace: @@ -122,21 +116,27 @@ jobs: - attach_workspace: at: /tmp/workspace - checkout - - run: - name: Build packages - command: | - set -x + - run: | + export DEBIAN_FRONTEND=noninteractive + sudo -E apt-get update + sudo -E apt-get install --no-install-recommends --yes \ + asciidoc \ + build-essential \ + git \ + python3 \ + rpm \ + ruby-dev \ + xmlto - WORKING_DIR=$(pwd) - OUTDIR=${WORKING_DIR}/packages + sudo gem install fpm - # InfluxDB debs and rpms - # linux - "${WORKING_DIR}/releng/packages/build.bash" \ - -s "/tmp/workspace/tarball/influxdb-src-${CIRCLE_SHA1}.tar.gz" \ - -b "/tmp/workspace/bins/influxdb_bin_linux_amd64-${CIRCLE_SHA1}.tar.gz" \ - -O linux -A amd64 \ - -o "$OUTDIR" + ( cd man ; make build ; gzip -9 ./*.1 ) + + python3 -m pip install -r .circleci/scripts/package/requirements.txt + + # Unfortunately, this must be executed as root. This is so permission + # modifying commands (chown, chmod, etc.) succeed. + sudo --preserve-env=CIRCLE_TAG,CIRCLE_SHA1 .circleci/scripts/package/build.py - store_artifacts: path: packages/ - persist_to_workspace: diff --git a/.circleci/scripts/package/build.py b/.circleci/scripts/package/build.py new file mode 100755 index 0000000000..322893053c --- /dev/null +++ b/.circleci/scripts/package/build.py @@ -0,0 +1,369 @@ +#!/usr/bin/env python3 +import glob +import os +import re +import shutil +import subprocess +import tempfile +import yaml + + +def build_linux_archive(source, package, version): + """ + Builds a Linux Archive. + + This archive contains the binary artifacts, configuration, and scripts + installed by the DEB and RPM packages. This mimics the file-system. So, + binaries are installed into "/usr/bin", configuration into "/etc", and + scripts into their relevant directories. Permissions match those of + the DEB and RPM packages. + """ + with tempfile.TemporaryDirectory() as workspace: + # fmt: off + shutil.copytree(os.path.join(package["source"], "fs"), + workspace, dirs_exist_ok=True, ignore=shutil.ignore_patterns(".keepdir")) + # fmt: on + + for extra in package["extras"]: + shutil.copy(extra["source"], os.path.join(workspace, extra["target"])) + + for binary in package["binaries"]: + # Since the binaries for different platforms and architectures + # are named the same, the binaries are stored within archives. + # The archive name specifies the platform and architecture. + # Each binary must be extracted with `tar`. + # fmt: off + subprocess.check_call( + [ + # globbing is required as the archive name contains the + # release version or git commit of the repository. This + # allows the configuration to remain untouched between + # different builds. + "tar", "-xf", glob.glob(source["binary"])[0], + # binaries are copied to "usr/bin" + "-C", os.path.join(workspace, "usr/bin"), + binary, + ] + ) + # fmt: on + + # After the package contents are copied into the working directory, + # the permissions must be updated. Since the CI executor may change + # occasionally (images/ORBs deprecated over time), the umask may + # not be what we expect. This allows this packaging script to be + # agnostic to umask/system configuration. + for root, dirs, files in os.walk(workspace): + for target in [os.path.join(root, f) for f in files]: + # files in "usr/bin" are executable + if os.path.relpath(root, workspace) == "usr/bin": + os.chmod(target, 0o0755) + else: + # standard file permissions + os.chmod(target, 0o0644) + # fmt: off + shutil.chown( + target, + user = "root", + group = "root") + # fmt: on + + for target in [os.path.join(root, d) for d in dirs]: + # standard directory permissions + os.chmod(target, 0o0755) + # fmt: off + shutil.chown( + target, + user = "root", + group = "root") + # fmt: on + + for override in package["perm_overrides"]: + target = os.path.join(workspace, override["target"]) + os.chmod(target, override["perms"]) + # "owner" and "group" should be a system account and group with + # a well-defined UID and GID. Otherwise, the UID/GID might vary + # between systems. When the archive is extracted/package is + # installed, things may not behave as we would expect. + # fmt: off + shutil.chown( + target, + user = override["owner"], + group = override["group"]) + # fmt: on + + os.makedirs(source["target"], exist_ok=True) + + # fmt: off + subprocess.check_call([ + "tar", "-czf", + os.path.join( + source["target"], + "{:s}-{:s}_{:s}_{:s}.tar.gz".format( + package["name"], + version, + source["plat"], + source["arch"] + ) + ), + # ".keepdir" allows Git to track otherwise empty directories. The presence + # of the directories allows `package["extras"]` and `package["binaries"]` + # to be copied into the archive without requiring "mkdir". These should + # directories are excluded from the final archive. + "--exclude", ".keepdir", + # This re-parents the contents of the archive with `package["name"]-version`. + # It is undocumented, however, when matching, "--transform" always removes + # the trailing slash. This regex must handle "./" and "./". + "--transform", + "s#^.\(/\|$\)#{:s}-{:s}/#".format( + package["name"], + version + ), + # compress everything within `workspace` + "-C", workspace, '.' + ]) + # fmt: on + + +def build_darwin_archive(source, package, version): + """ + Builds a Darwin Archive. + + This archive contains binary artifacts and configuration. Unlike the + linux archive, which contains the configuration and matches the file- + system of the DEB and RPM packages, everything is located within the + root of the archive. However, permissions do match those of the DEB + and RPM packages. + """ + with tempfile.TemporaryDirectory() as workspace: + for extra in package["extras"]: + target = os.path.join(workspace, os.path.basename(extra["target"])) + shutil.copy(extra["source"], target) + os.chmod(target, 0o0644) + # fmt: off + shutil.chown( + target, + user = "root", + group = "root") + # fmt: on + + for binary in package["binaries"]: + # Since the binaries for different platforms and architectures + # are named the same, the binaries are stored within archives. + # The archive name specifies the platform and architecture. + # Each binary must be extracted with `tar`. + # fmt: off + subprocess.check_call([ + # globbing is required as the archive name contains the + # release version or git commit of the repository. This + # allows the configuration to remain untouched between + # different builds. + "tar", "-xf", glob.glob(source["binary"])[0], + # binaries are copied to "/" + "-C", workspace, + binary + ]) + # fmt: on + target = os.path.join(workspace, binary) + os.chmod(target, 0o0755) + # fmt: off + shutil.chown( + target, + user = "root", + group = "root") + # fmt: on + + os.makedirs(source["target"], exist_ok=True) + + # fmt: off + subprocess.check_call([ + "tar", "-czf", + os.path.join( + source["target"], + "{:s}-{:s}_{:s}_{:s}.tar.gz".format( + package["name"], + version, + source["plat"], + source["arch"] + ) + ), + # This re-parents the contents of the archive with `package["name"]-version`. + # It is undocumented, however, when matching, "--transform" always removes + # the trailing slash. This regex must handle "./" and "./". + "--transform", + "s#^.\(/\|$\)#{:s}-{:s}/#".format( + package["name"], + version + ), + # compress everything within `workspace` + "-C", workspace, '.' + ]) + # fmt: on + + +def build_linux_package(source, package, version): + """ + Constructs a DEB or RPM Package. + """ + with tempfile.TemporaryDirectory() as workspace: + # fmt: off + shutil.copytree(package["source"], workspace, + dirs_exist_ok=True, ignore=shutil.ignore_patterns(".keepdir")) + # fmt: on + + for extra in package["extras"]: + shutil.copy(extra["source"], os.path.join(workspace, "fs", extra["target"])) + + for binary in package["binaries"]: + # Since the binaries for different platforms and architectures + # are named the same, the binaries are stored within archives. + # The archive name specifies the platform and architecture. + # Each binary must be extracted with `tar`. + # fmt: off + subprocess.check_call( + [ + # globbing is required as the archive name contains the + # release version or git commit of the repository. This + # allows the configuration to remain untouched between + # different builds. + "tar", "-xf", glob.glob(source["binary"])[0], + # binaries are copied to "usr/bin" + "-C", os.path.join(workspace, "fs/usr/bin"), + binary, + ] + ) + # fmt: on + + # After the package contents are copied into the working directory, + # the permissions must be updated. Since the CI executor may change + # occasionally (images/ORBs deprecated over time), the umask may + # not be what we expect. This allows this packaging script to be + # agnostic to umask/system configuration. + for root, dirs, files in os.walk(workspace): + for target in [os.path.join(root, f) for f in files]: + # files in "fs/usr/bin" are executable + if os.path.relpath(root, workspace) == "fs/usr/bin": + os.chmod(target, 0o0755) + else: + # standard file permissions + os.chmod(target, 0o0644) + # fmt: off + shutil.chown( + target, + user = "root", + group = "root") + # fmt: on + + for target in [os.path.join(root, d) for d in dirs]: + # standard directory permissions + os.chmod(target, 0o0755) + # fmt: off + shutil.chown( + target, + user = "root", + group = "root") + # fmt: on + + for override in package["perm_overrides"]: + target = os.path.join(workspace, "fs", override["target"]) + os.chmod(target, override["perms"]) + # "owner" and "group" should be a system account and group with + # a well-defined UID and GID. Otherwise, the UID/GID might vary + # between systems. When the archive is extracted/package is + # installed, things may not behave as we would expect. + # fmt: off + shutil.chown( + target, + user = override["owner"], + group = override["group"]) + # fmt: on + + os.makedirs(source["target"], exist_ok=True) + fpm_wrapper(source, package, version, workspace, "rpm") + fpm_wrapper(source, package, version, workspace, "deb") + + +def fpm_wrapper(source, package, version, workspace, package_type): + """ + Constructs either a DEB/RPM Package. + + This wraps some configuration settings that are *only* relevant + to `fpm`. + """ + + conffiles = [] + for root, dirs, files in os.walk(os.path.join(workspace, "fs/etc")): + for file in files: + # fmt: off + conffiles.extend([ + "--config-files", os.path.join("/", os.path.relpath(root, os.path.join(workspace, "fs")), file) + ]) + # fmt: on + + # `source["arch"]` matches DEB architecture names. When building RPMs, it must + # be converted into RPM architecture names. + architecture = source["arch"] + if package_type == "rpm": + if architecture == "amd64": + architecture = "x86_64" + + # fmt: off + p = subprocess.check_call([ + "fpm", + "--log", "error", + # package description + "--name", package["name"], + "--vendor", "InfluxData", + "--description", "Distributed time-series database.", + "--url", "https://influxdata.com", + "--maintainer", "support@influxdb.com", + "--license", "Proprietary", + # package configuration + "--input-type", "dir", + "--output-type", package_type, + "--architecture", architecture, + "--version", version, + "--iteration", "1", + # maintainer scripts + "--after-install", os.path.join(workspace, "control/post-install"), + "--after-remove", os.path.join(workspace, "control/post-uninstall"), + "--before-install", os.path.join(workspace, "control/pre-install"), + # package conffiles + "--rpm-attr", "750,influxdb,influxdb:/var/log/influxdb", + "--rpm-attr", "750,influxdb,influxdb:/var/lib/influxdb", + *conffiles, + # package options + "--chdir", os.path.join(workspace, "fs/"), + "--package", source["target"] + ]) + # fmt: on + + +circle_tag = os.getenv("CIRCLE_TAG", default="") +circle_sha = os.getenv("CIRCLE_SHA1", default="DEADBEEF") +# Determine if `circle_tag` matches the semantic version regex. Otherwise, +# assume that `circle_tag` is not intended to tag a release. The regex is +# permissive of what occurs after the semantic version. This allows for +# alphas, betas, and release candidates. +if re.match("^v[0-9]+.[0-9]+.[0-9]+", circle_tag): + version = circle_tag[1:] +else: + # When `circle_tag` cannot be used to construct the package version, + # use `circle_sha`. Since `circle_sha` can start with an alpha (non- + # -numeric) character, prefix it with "1.x-". + version = "1.x-" + circle_sha[:8] + +with open(".circleci/scripts/package/config.yaml") as file: + document = yaml.load(file, Loader=yaml.SafeLoader) + + # fmt: off + for s, p in [ + (s, p) + for s in document["sources" ] + for p in document["packages"] + ]: + # fmt: on + if s["plat"] == "linux": + build_linux_archive(s, p, version) + build_linux_package(s, p, version) + if s["plat"] == "darwin": + build_darwin_archive(s, p, version) diff --git a/.circleci/scripts/package/config.yaml b/.circleci/scripts/package/config.yaml new file mode 100644 index 0000000000..41d7eccbdd --- /dev/null +++ b/.circleci/scripts/package/config.yaml @@ -0,0 +1,51 @@ +--- +sources: + - binary: /tmp/workspace/bins/influxdb_bin_linux_amd64-*.tar.gz + target: packages/ + arch: amd64 + plat: linux + +packages: + - name: influxdb + binaries: + - influx + - influx_inspect + - influxd + extras: + - source: etc/config.sample.toml + target: etc/influxdb/influxdb.conf + + - source: man/influx.1.gz + target: usr/share/man/man1/influx.1.gz + + - source: man/influx_inspect.1.gz + target: usr/share/man/man1/influx_inspect.1.gz + + - source: man/influxd.1.gz + target: usr/share/man/man1/influxd.1.gz + + - source: man/influxd-backup.1.gz + target: usr/share/man/man1/influxd-backup.1.gz + + - source: man/influxd-config.1.gz + target: usr/share/man/man1/influxd-config.1.gz + + - source: man/influxd-restore.1.gz + target: usr/share/man/man1/influxd-restore.1.gz + + - source: man/influxd-run.1.gz + target: usr/share/man/man1/influxd-run.1.gz + + - source: man/influxd-version.1.gz + target: usr/share/man/man1/influxd-version.1.gz + perm_overrides: + - owner: root + group: root + perms: 0755 + target: usr/lib/influxdb/scripts/init.sh + + - owner: root + group: root + perms: 0755 + target: usr/lib/influxdb/scripts/influxd-systemd-start.sh + source: .circleci/scripts/package/influxdb diff --git a/scripts/post-install.sh b/.circleci/scripts/package/influxdb/control/post-install similarity index 100% rename from scripts/post-install.sh rename to .circleci/scripts/package/influxdb/control/post-install diff --git a/scripts/post-uninstall.sh b/.circleci/scripts/package/influxdb/control/post-uninstall similarity index 100% rename from scripts/post-uninstall.sh rename to .circleci/scripts/package/influxdb/control/post-uninstall diff --git a/scripts/pre-install.sh b/.circleci/scripts/package/influxdb/control/pre-install old mode 100755 new mode 100644 similarity index 100% rename from scripts/pre-install.sh rename to .circleci/scripts/package/influxdb/control/pre-install diff --git a/.circleci/scripts/package/influxdb/fs/etc/influxdb/.keepdir b/.circleci/scripts/package/influxdb/fs/etc/influxdb/.keepdir new file mode 100644 index 0000000000..2171f75a0a --- /dev/null +++ b/.circleci/scripts/package/influxdb/fs/etc/influxdb/.keepdir @@ -0,0 +1 @@ +This prevents Git from removing this directory. diff --git a/.circleci/scripts/package/influxdb/fs/usr/bin/.keepdir b/.circleci/scripts/package/influxdb/fs/usr/bin/.keepdir new file mode 100644 index 0000000000..2171f75a0a --- /dev/null +++ b/.circleci/scripts/package/influxdb/fs/usr/bin/.keepdir @@ -0,0 +1 @@ +This prevents Git from removing this directory. diff --git a/scripts/influxd-systemd-start.sh b/.circleci/scripts/package/influxdb/fs/usr/lib/influxdb/scripts/influxd-systemd-start.sh old mode 100755 new mode 100644 similarity index 100% rename from scripts/influxd-systemd-start.sh rename to .circleci/scripts/package/influxdb/fs/usr/lib/influxdb/scripts/influxd-systemd-start.sh diff --git a/scripts/influxdb.service b/.circleci/scripts/package/influxdb/fs/usr/lib/influxdb/scripts/influxdb.service similarity index 100% rename from scripts/influxdb.service rename to .circleci/scripts/package/influxdb/fs/usr/lib/influxdb/scripts/influxdb.service diff --git a/scripts/init.sh b/.circleci/scripts/package/influxdb/fs/usr/lib/influxdb/scripts/init.sh old mode 100755 new mode 100644 similarity index 100% rename from scripts/init.sh rename to .circleci/scripts/package/influxdb/fs/usr/lib/influxdb/scripts/init.sh diff --git a/.circleci/scripts/package/influxdb/fs/usr/share/man/man1/.keepdir b/.circleci/scripts/package/influxdb/fs/usr/share/man/man1/.keepdir new file mode 100644 index 0000000000..2171f75a0a --- /dev/null +++ b/.circleci/scripts/package/influxdb/fs/usr/share/man/man1/.keepdir @@ -0,0 +1 @@ +This prevents Git from removing this directory. diff --git a/.circleci/scripts/package/influxdb/fs/var/lib/influxdb/.keepdir b/.circleci/scripts/package/influxdb/fs/var/lib/influxdb/.keepdir new file mode 100644 index 0000000000..2171f75a0a --- /dev/null +++ b/.circleci/scripts/package/influxdb/fs/var/lib/influxdb/.keepdir @@ -0,0 +1 @@ +This prevents Git from removing this directory. diff --git a/.circleci/scripts/package/influxdb/fs/var/log/influxdb/.keepdir b/.circleci/scripts/package/influxdb/fs/var/log/influxdb/.keepdir new file mode 100644 index 0000000000..2171f75a0a --- /dev/null +++ b/.circleci/scripts/package/influxdb/fs/var/log/influxdb/.keepdir @@ -0,0 +1 @@ +This prevents Git from removing this directory. diff --git a/.circleci/scripts/package/requirements.txt b/.circleci/scripts/package/requirements.txt new file mode 100644 index 0000000000..01403a3815 --- /dev/null +++ b/.circleci/scripts/package/requirements.txt @@ -0,0 +1,2 @@ +PyYAML==6.0 +regex==2023.6.3 diff --git a/releng/packages/Dockerfile b/releng/packages/Dockerfile deleted file mode 100644 index afd4169d75..0000000000 --- a/releng/packages/Dockerfile +++ /dev/null @@ -1,18 +0,0 @@ -FROM ruby:2.6-alpine3.9 - -RUN apk add --no-cache \ - bash \ - jq \ - gcc \ - make \ - musl-dev \ - rpm \ - ruby-dev \ - tar \ - zip - -RUN gem install fpm -v 1.11.0 - -COPY fs/ / - -ENTRYPOINT ["influxdb_packages.bash"] diff --git a/releng/packages/build.bash b/releng/packages/build.bash deleted file mode 100755 index d086798107..0000000000 --- a/releng/packages/build.bash +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash - -function printHelp() { - >&2 echo "\ -USAGE: $0 \\ - -s PATH_TO_SOURCE_TARBALL \\ - -b PATH_TO_BINARIES_TARBALL \\ - -O OS \\ - -A ARCH \\ - -o OUTDIR - -Creates the given package type, using the given binaries in the tarball and -configuration files in the source tarball. -" -} - -if [ $# -eq 0 ]; then - printHelp - exit 1 -fi - -SRCDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" - -SRC_TARBALL="" -BIN_TARBALL="" -OS="" -ARCH="" -OUTDIR="" - -while getopts hs:b:O:A:o: arg; do - case "$arg" in - h) printHelp; exit 1;; - s) SRC_TARBALL="$OPTARG";; - b) BIN_TARBALL="$OPTARG";; - O) OS="$OPTARG";; - A) ARCH="$OPTARG";; - o) OUTDIR="$OPTARG";; - esac -done - -if [ -z "$OUTDIR" ] || [ -z "$SRC_TARBALL" ] || [ -z "$BIN_TARBALL" ] || [ -z "$OS" ] || [ -z "$ARCH" ]; then - printHelp - exit 1 -fi - -# Always build the latest version of the image. -docker build -t influxdata/influxdb/releng/packages:latest "$SRCDIR" - -mkdir -p "$OUTDIR" - -docker run --rm \ - --mount type=bind,source="${OUTDIR}",destination=/out \ - --mount type=bind,source="${SRC_TARBALL}",destination=/influxdb-src.tar.gz \ - --mount type=bind,source="${BIN_TARBALL}",destination=/influxdb-bin.tar.gz \ - influxdata/influxdb/releng/packages:latest -O "$OS" -A "$ARCH" diff --git a/releng/packages/fs/usr/local/bin/influxdb_packages.bash b/releng/packages/fs/usr/local/bin/influxdb_packages.bash deleted file mode 100755 index 2fdd8a3665..0000000000 --- a/releng/packages/fs/usr/local/bin/influxdb_packages.bash +++ /dev/null @@ -1,179 +0,0 @@ -#!/bin/bash - -set -e - -function printHelp() { - >&2 echo "\ -USAGE: $0 -O OS -A ARCH - -Creates packages for the given OS/ARCH, using the influxdb source tarball mounted at -/influxdb-src.tar.gz and the binaries tarball mounted at /influxdb-bin.tar.gz . -" -} - -if [ $# -eq 0 ]; then - printHelp - exit 1 -fi - -OS="" -ARCH="" - -while getopts hO:A:s arg; do - case "$arg" in - h) printHelp; exit 1;; - O) OS="$OPTARG";; - # For backwards compatibility, ensure the packages say i386 if using GOARCH=386. - A) ARCH="$(echo "$OPTARG" | sed 's/386/i386/')";; - esac -done - -if [ -z "$OS" ] || [ -z "$ARCH" ]; then - printHelp - exit 1 -fi - -WORK=/influxdata -mkdir -p ${WORK} -tar x -C ${WORK} -zf /influxdb-src.tar.gz -ln -s ${WORK}/influxdb /isrc # Shorthand for influxdb source. -SHA=$(jq -r .sha < "/isrc/.metadata.json") -VERSION=$(jq -r .version < "/isrc/.metadata.json") -ARCHIVE_ROOT_NAME="influxdb-${VERSION}-1" -PKG_ROOT="/pkg/$ARCHIVE_ROOT_NAME" - -# Extract the respective binaries to dedicated folders. -mkdir -p /ibin -(cd /ibin && tar xzf /influxdb-bin.tar.gz) - -# TODO: $STATIC is always 0 -if [ "$OS" == "linux" ] && [ "$STATIC" == "1" ]; then - # Static linux packages get only the binaries and the conf file in the root directory, - # plus the man pages in the full path. - rm -rf "$PKG_ROOT" - mkdir -p "$PKG_ROOT" - - cp /ibin/* "$PKG_ROOT/" - cp /isrc/etc/config.sample.toml "$PKG_ROOT/influxdb.conf" - - mkdir -p "$PKG_ROOT/usr/share/man/man1" - cp /isrc/man/*.1.gz "$PKG_ROOT/usr/share/man/man1" - - # Creating tarball from /pkg, NOT from $PKG_ROOT, so that influxdb-$VERSION-1 directory is present in archive. - (cd /pkg && tar czf "/out/influxdb-${VERSION}-static_${OS}_${ARCH}.tar.gz" ./*) - - (cd /out && for f in *.tar.gz; do - md5sum "$f" > "$f.md5" - sha256sum "$f" > "$f.sha256" - done) -elif [ "$OS" == "linux" ] || [ "$OS" == "darwin" ]; then - ############################# - ####### Data packages ####### - ############################# - - # Create layout for packaging under $PKG_ROOT. - rm -rf "$PKG_ROOT" - mkdir -p "$PKG_ROOT/usr/bin" \ - "$PKG_ROOT/var/log/influxdb" \ - "$PKG_ROOT/var/lib/influxdb" \ - "$PKG_ROOT/usr/lib/influxdb/scripts" \ - "$PKG_ROOT/usr/share/man/man1" \ - "$PKG_ROOT/etc/influxdb" \ - "$PKG_ROOT/etc/logrotate.d" - chmod -R 0755 /pkg - - # Copy service scripts. - cp /isrc/scripts/init.sh "$PKG_ROOT/usr/lib/influxdb/scripts/init.sh" - chmod 0644 "$PKG_ROOT/usr/lib/influxdb/scripts/init.sh" - cp /isrc/scripts/influxdb.service "$PKG_ROOT/usr/lib/influxdb/scripts/influxdb.service" - chmod 0644 "$PKG_ROOT/usr/lib/influxdb/scripts/influxdb.service" - cp /isrc/scripts/influxd-systemd-start.sh "$PKG_ROOT/usr/lib/influxdb/scripts/influxd-systemd-start.sh" - chmod 0755 "$PKG_ROOT/usr/lib/influxdb/scripts/influxd-systemd-start.sh" - - # Copy logrotate script. - cp /isrc/scripts/logrotate "$PKG_ROOT/etc/logrotate.d/influxdb" - chmod 0644 "$PKG_ROOT/etc/logrotate.d/influxdb" - - # Copy sample config. - cp /isrc/etc/config.sample.toml "$PKG_ROOT/etc/influxdb/influxdb.conf" - - # Copy data binaries. - cp /ibin/* "$PKG_ROOT/usr/bin/" - - # Copy man pages. - cp /isrc/man/*.1.gz "$PKG_ROOT/usr/share/man/man1" - - # Make tarball of files in packaging. - BIN_GZ_NAME="/out/influxdb-${VERSION}_${OS}_${ARCH}.tar.gz" - if [ "$STATIC" == "1" ]; then - BIN_GZ_NAME="/out/influxdb-${VERSION}-static_${OS}_${ARCH}.tar.gz" - fi - - # Creating tarball from /pkg, NOT from $PKG_ROOT, so that influxdb-$VERSION-1 directory is present in archive. - (cd /pkg && tar czf $BIN_GZ_NAME ./*) - - if [ "$OS" == "linux" ] ; then - # Call fpm to build .deb and .rpm packages. - for typeargs in "-t deb" "-t rpm --depends coreutils --depends shadow-utils"; do - ARCH_CONVERTED=$ARCH - pkg_t=$(echo $typeargs | cut -d ' ' -f2) - if [ "$pkg_t" == "rpm" ] && [ $"$ARCH" == "armhf" ]; then - ARCH_CONVERTED="armv7hl" - elif [ "$pkg_t" == "rpm" ] && [ $"$ARCH" == "arm64" ]; then - ARCH_CONVERTED="aarch64" - fi - FPM_NAME=$( - fpm \ - -s dir \ - $typeargs \ - --depends curl \ - --log error \ - --vendor InfluxData \ - --url "https://influxdata.com" \ - --after-install /isrc/scripts/post-install.sh \ - --before-install /isrc/scripts/pre-install.sh \ - --after-remove /isrc/scripts/post-uninstall.sh \ - --license Proprietary \ - --maintainer "support@influxdb.com" \ - --directories /var/log/influxdb \ - --directories /var/lib/influxdb \ - --rpm-attr 755,influxdb,influxdb:/var/log/influxdb \ - --rpm-attr 755,influxdb,influxdb:/var/lib/influxdb \ - --description 'Distributed time-series database.' \ - --config-files /etc/influxdb/influxdb.conf \ - --config-files /etc/logrotate.d/influxdb \ - --name "influxdb" \ - --architecture "$ARCH_CONVERTED" \ - --version "$VERSION" \ - --iteration 1 \ - -C "$PKG_ROOT" \ - -p /out \ - | ruby -e 'puts (eval ARGF.read)[:path]' ) - - echo "fpm created $FPM_NAME" - NEW_NAME=$(echo "$FPM_NAME" | rev | sed "s/1-//" | rev) - echo "renaming to ${NEW_NAME}" - mv "${FPM_NAME}" "${NEW_NAME}" - done - fi - - ############################# - ######### Checksums ######### - ############################# - (cd /out && find . \( -name '*.deb' -o -name '*.rpm' -o -name '*.tar.gz' \) -exec sh -c 'md5sum {} > {}.md5 && sha256sum {} > {}.sha256' \;) -elif [ "$OS" == "windows" ]; then - # Windows gets the binaries and the sample config file. - rm -rf "$PKG_ROOT" - mkdir -p "$PKG_ROOT" - cp /ibin/*.exe "$PKG_ROOT" - cp /isrc/etc/config.sample.toml "$PKG_ROOT/influxdb.conf" - - (cd /pkg && zip -9 -r "/out/influxdb-${VERSION}_${OS}_${ARCH}.zip" ./*) - (cd /out && for f in *.zip; do - md5sum "$f" > "$f.md5" - sha256sum "$f" > "$f.sha256" - done) -else - >&2 echo "Unrecognized OS: $OS" - exit 1 -fi diff --git a/scripts/logrotate b/scripts/logrotate deleted file mode 100644 index de410d48c6..0000000000 --- a/scripts/logrotate +++ /dev/null @@ -1,8 +0,0 @@ -/var/log/influxdb/influxd.log { - daily - rotate 7 - missingok - dateext - copytruncate - compress -}