chore: fix package permissions (1.10) (#24304)
* chore: replace "package builder" shell/docker implemention with python * chore: remove unused packaging filespull/24411/head
parent
57fb6ef327
commit
933a14e16f
|
@ -65,28 +65,15 @@ jobs:
|
|||
- run:
|
||||
name: Build binaries
|
||||
command: |
|
||||
set -x
|
||||
|
||||
tarsum()
|
||||
{
|
||||
FROM_DIR=$1
|
||||
TARBALL_PATH=$2
|
||||
tar -C $FROM_DIR -cvzf ${TARBALL_PATH} .
|
||||
md5sum ${TARBALL_PATH} > ${TARBALL_PATH}.md5
|
||||
sha256sum ${TARBALL_PATH} > ${TARBALL_PATH}.sha256
|
||||
}
|
||||
|
||||
export CC="$(xcc linux x86_64)"
|
||||
export CGO_ENABLED=1
|
||||
|
||||
# linux amd64 (static build)
|
||||
TMPOUTDIR=$(mktemp -d)
|
||||
export GOOS=linux
|
||||
export GOARCH=amd64
|
||||
for cmd in github.com/influxdata/influxdb/cmd/{influxd,influx,influx_inspect}
|
||||
do
|
||||
go build \
|
||||
-o "${TMPOUTDIR}/$(basename $cmd)" \
|
||||
-tags "netgo,osusergo,static_build" \
|
||||
-buildmode=pie \
|
||||
-ldflags="-s
|
||||
|
@ -100,7 +87,14 @@ jobs:
|
|||
done
|
||||
|
||||
mkdir -p ./bins
|
||||
tarsum $TMPOUTDIR ./bins/influxdb_bin_${GOOS}_${GOARCH}-${CIRCLE_SHA1}.tar.gz
|
||||
|
||||
target="bins/influxdb_bin_${GOOS}_${GOARCH}-${CIRCLE_SHA1}.tar.gz"
|
||||
tar -czf "${target}" \
|
||||
influx \
|
||||
influx_inspect \
|
||||
influxd
|
||||
md5sum "${target}" > "${target}.md5"
|
||||
sha256sum "${target}" > "${target}.sha256"
|
||||
- store_artifacts:
|
||||
path: bins/
|
||||
- persist_to_workspace:
|
||||
|
@ -122,21 +116,27 @@ jobs:
|
|||
- attach_workspace:
|
||||
at: /tmp/workspace
|
||||
- checkout
|
||||
- run:
|
||||
name: Build packages
|
||||
command: |
|
||||
set -x
|
||||
- run: |
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
sudo -E apt-get update
|
||||
sudo -E apt-get install --no-install-recommends --yes \
|
||||
asciidoc \
|
||||
build-essential \
|
||||
git \
|
||||
python3 \
|
||||
rpm \
|
||||
ruby-dev \
|
||||
xmlto
|
||||
|
||||
WORKING_DIR=$(pwd)
|
||||
OUTDIR=${WORKING_DIR}/packages
|
||||
sudo gem install fpm
|
||||
|
||||
# InfluxDB debs and rpms
|
||||
# linux
|
||||
"${WORKING_DIR}/releng/packages/build.bash" \
|
||||
-s "/tmp/workspace/tarball/influxdb-src-${CIRCLE_SHA1}.tar.gz" \
|
||||
-b "/tmp/workspace/bins/influxdb_bin_linux_amd64-${CIRCLE_SHA1}.tar.gz" \
|
||||
-O linux -A amd64 \
|
||||
-o "$OUTDIR"
|
||||
( cd man ; make build ; gzip -9 ./*.1 )
|
||||
|
||||
python3 -m pip install -r .circleci/scripts/package/requirements.txt
|
||||
|
||||
# Unfortunately, this must be executed as root. This is so permission
|
||||
# modifying commands (chown, chmod, etc.) succeed.
|
||||
sudo --preserve-env=CIRCLE_TAG,CIRCLE_SHA1 .circleci/scripts/package/build.py
|
||||
- store_artifacts:
|
||||
path: packages/
|
||||
- persist_to_workspace:
|
||||
|
|
|
@ -0,0 +1,369 @@
|
|||
#!/usr/bin/env python3
|
||||
import glob
|
||||
import os
|
||||
import re
|
||||
import shutil
|
||||
import subprocess
|
||||
import tempfile
|
||||
import yaml
|
||||
|
||||
|
||||
def build_linux_archive(source, package, version):
|
||||
"""
|
||||
Builds a Linux Archive.
|
||||
|
||||
This archive contains the binary artifacts, configuration, and scripts
|
||||
installed by the DEB and RPM packages. This mimics the file-system. So,
|
||||
binaries are installed into "/usr/bin", configuration into "/etc", and
|
||||
scripts into their relevant directories. Permissions match those of
|
||||
the DEB and RPM packages.
|
||||
"""
|
||||
with tempfile.TemporaryDirectory() as workspace:
|
||||
# fmt: off
|
||||
shutil.copytree(os.path.join(package["source"], "fs"),
|
||||
workspace, dirs_exist_ok=True, ignore=shutil.ignore_patterns(".keepdir"))
|
||||
# fmt: on
|
||||
|
||||
for extra in package["extras"]:
|
||||
shutil.copy(extra["source"], os.path.join(workspace, extra["target"]))
|
||||
|
||||
for binary in package["binaries"]:
|
||||
# Since the binaries for different platforms and architectures
|
||||
# are named the same, the binaries are stored within archives.
|
||||
# The archive name specifies the platform and architecture.
|
||||
# Each binary must be extracted with `tar`.
|
||||
# fmt: off
|
||||
subprocess.check_call(
|
||||
[
|
||||
# globbing is required as the archive name contains the
|
||||
# release version or git commit of the repository. This
|
||||
# allows the configuration to remain untouched between
|
||||
# different builds.
|
||||
"tar", "-xf", glob.glob(source["binary"])[0],
|
||||
# binaries are copied to "usr/bin"
|
||||
"-C", os.path.join(workspace, "usr/bin"),
|
||||
binary,
|
||||
]
|
||||
)
|
||||
# fmt: on
|
||||
|
||||
# After the package contents are copied into the working directory,
|
||||
# the permissions must be updated. Since the CI executor may change
|
||||
# occasionally (images/ORBs deprecated over time), the umask may
|
||||
# not be what we expect. This allows this packaging script to be
|
||||
# agnostic to umask/system configuration.
|
||||
for root, dirs, files in os.walk(workspace):
|
||||
for target in [os.path.join(root, f) for f in files]:
|
||||
# files in "usr/bin" are executable
|
||||
if os.path.relpath(root, workspace) == "usr/bin":
|
||||
os.chmod(target, 0o0755)
|
||||
else:
|
||||
# standard file permissions
|
||||
os.chmod(target, 0o0644)
|
||||
# fmt: off
|
||||
shutil.chown(
|
||||
target,
|
||||
user = "root",
|
||||
group = "root")
|
||||
# fmt: on
|
||||
|
||||
for target in [os.path.join(root, d) for d in dirs]:
|
||||
# standard directory permissions
|
||||
os.chmod(target, 0o0755)
|
||||
# fmt: off
|
||||
shutil.chown(
|
||||
target,
|
||||
user = "root",
|
||||
group = "root")
|
||||
# fmt: on
|
||||
|
||||
for override in package["perm_overrides"]:
|
||||
target = os.path.join(workspace, override["target"])
|
||||
os.chmod(target, override["perms"])
|
||||
# "owner" and "group" should be a system account and group with
|
||||
# a well-defined UID and GID. Otherwise, the UID/GID might vary
|
||||
# between systems. When the archive is extracted/package is
|
||||
# installed, things may not behave as we would expect.
|
||||
# fmt: off
|
||||
shutil.chown(
|
||||
target,
|
||||
user = override["owner"],
|
||||
group = override["group"])
|
||||
# fmt: on
|
||||
|
||||
os.makedirs(source["target"], exist_ok=True)
|
||||
|
||||
# fmt: off
|
||||
subprocess.check_call([
|
||||
"tar", "-czf",
|
||||
os.path.join(
|
||||
source["target"],
|
||||
"{:s}-{:s}_{:s}_{:s}.tar.gz".format(
|
||||
package["name"],
|
||||
version,
|
||||
source["plat"],
|
||||
source["arch"]
|
||||
)
|
||||
),
|
||||
# ".keepdir" allows Git to track otherwise empty directories. The presence
|
||||
# of the directories allows `package["extras"]` and `package["binaries"]`
|
||||
# to be copied into the archive without requiring "mkdir". These should
|
||||
# directories are excluded from the final archive.
|
||||
"--exclude", ".keepdir",
|
||||
# This re-parents the contents of the archive with `package["name"]-version`.
|
||||
# It is undocumented, however, when matching, "--transform" always removes
|
||||
# the trailing slash. This regex must handle "./" and "./<more components>".
|
||||
"--transform",
|
||||
"s#^.\(/\|$\)#{:s}-{:s}/#".format(
|
||||
package["name"],
|
||||
version
|
||||
),
|
||||
# compress everything within `workspace`
|
||||
"-C", workspace, '.'
|
||||
])
|
||||
# fmt: on
|
||||
|
||||
|
||||
def build_darwin_archive(source, package, version):
|
||||
"""
|
||||
Builds a Darwin Archive.
|
||||
|
||||
This archive contains binary artifacts and configuration. Unlike the
|
||||
linux archive, which contains the configuration and matches the file-
|
||||
system of the DEB and RPM packages, everything is located within the
|
||||
root of the archive. However, permissions do match those of the DEB
|
||||
and RPM packages.
|
||||
"""
|
||||
with tempfile.TemporaryDirectory() as workspace:
|
||||
for extra in package["extras"]:
|
||||
target = os.path.join(workspace, os.path.basename(extra["target"]))
|
||||
shutil.copy(extra["source"], target)
|
||||
os.chmod(target, 0o0644)
|
||||
# fmt: off
|
||||
shutil.chown(
|
||||
target,
|
||||
user = "root",
|
||||
group = "root")
|
||||
# fmt: on
|
||||
|
||||
for binary in package["binaries"]:
|
||||
# Since the binaries for different platforms and architectures
|
||||
# are named the same, the binaries are stored within archives.
|
||||
# The archive name specifies the platform and architecture.
|
||||
# Each binary must be extracted with `tar`.
|
||||
# fmt: off
|
||||
subprocess.check_call([
|
||||
# globbing is required as the archive name contains the
|
||||
# release version or git commit of the repository. This
|
||||
# allows the configuration to remain untouched between
|
||||
# different builds.
|
||||
"tar", "-xf", glob.glob(source["binary"])[0],
|
||||
# binaries are copied to "/"
|
||||
"-C", workspace,
|
||||
binary
|
||||
])
|
||||
# fmt: on
|
||||
target = os.path.join(workspace, binary)
|
||||
os.chmod(target, 0o0755)
|
||||
# fmt: off
|
||||
shutil.chown(
|
||||
target,
|
||||
user = "root",
|
||||
group = "root")
|
||||
# fmt: on
|
||||
|
||||
os.makedirs(source["target"], exist_ok=True)
|
||||
|
||||
# fmt: off
|
||||
subprocess.check_call([
|
||||
"tar", "-czf",
|
||||
os.path.join(
|
||||
source["target"],
|
||||
"{:s}-{:s}_{:s}_{:s}.tar.gz".format(
|
||||
package["name"],
|
||||
version,
|
||||
source["plat"],
|
||||
source["arch"]
|
||||
)
|
||||
),
|
||||
# This re-parents the contents of the archive with `package["name"]-version`.
|
||||
# It is undocumented, however, when matching, "--transform" always removes
|
||||
# the trailing slash. This regex must handle "./" and "./<more components>".
|
||||
"--transform",
|
||||
"s#^.\(/\|$\)#{:s}-{:s}/#".format(
|
||||
package["name"],
|
||||
version
|
||||
),
|
||||
# compress everything within `workspace`
|
||||
"-C", workspace, '.'
|
||||
])
|
||||
# fmt: on
|
||||
|
||||
|
||||
def build_linux_package(source, package, version):
|
||||
"""
|
||||
Constructs a DEB or RPM Package.
|
||||
"""
|
||||
with tempfile.TemporaryDirectory() as workspace:
|
||||
# fmt: off
|
||||
shutil.copytree(package["source"], workspace,
|
||||
dirs_exist_ok=True, ignore=shutil.ignore_patterns(".keepdir"))
|
||||
# fmt: on
|
||||
|
||||
for extra in package["extras"]:
|
||||
shutil.copy(extra["source"], os.path.join(workspace, "fs", extra["target"]))
|
||||
|
||||
for binary in package["binaries"]:
|
||||
# Since the binaries for different platforms and architectures
|
||||
# are named the same, the binaries are stored within archives.
|
||||
# The archive name specifies the platform and architecture.
|
||||
# Each binary must be extracted with `tar`.
|
||||
# fmt: off
|
||||
subprocess.check_call(
|
||||
[
|
||||
# globbing is required as the archive name contains the
|
||||
# release version or git commit of the repository. This
|
||||
# allows the configuration to remain untouched between
|
||||
# different builds.
|
||||
"tar", "-xf", glob.glob(source["binary"])[0],
|
||||
# binaries are copied to "usr/bin"
|
||||
"-C", os.path.join(workspace, "fs/usr/bin"),
|
||||
binary,
|
||||
]
|
||||
)
|
||||
# fmt: on
|
||||
|
||||
# After the package contents are copied into the working directory,
|
||||
# the permissions must be updated. Since the CI executor may change
|
||||
# occasionally (images/ORBs deprecated over time), the umask may
|
||||
# not be what we expect. This allows this packaging script to be
|
||||
# agnostic to umask/system configuration.
|
||||
for root, dirs, files in os.walk(workspace):
|
||||
for target in [os.path.join(root, f) for f in files]:
|
||||
# files in "fs/usr/bin" are executable
|
||||
if os.path.relpath(root, workspace) == "fs/usr/bin":
|
||||
os.chmod(target, 0o0755)
|
||||
else:
|
||||
# standard file permissions
|
||||
os.chmod(target, 0o0644)
|
||||
# fmt: off
|
||||
shutil.chown(
|
||||
target,
|
||||
user = "root",
|
||||
group = "root")
|
||||
# fmt: on
|
||||
|
||||
for target in [os.path.join(root, d) for d in dirs]:
|
||||
# standard directory permissions
|
||||
os.chmod(target, 0o0755)
|
||||
# fmt: off
|
||||
shutil.chown(
|
||||
target,
|
||||
user = "root",
|
||||
group = "root")
|
||||
# fmt: on
|
||||
|
||||
for override in package["perm_overrides"]:
|
||||
target = os.path.join(workspace, "fs", override["target"])
|
||||
os.chmod(target, override["perms"])
|
||||
# "owner" and "group" should be a system account and group with
|
||||
# a well-defined UID and GID. Otherwise, the UID/GID might vary
|
||||
# between systems. When the archive is extracted/package is
|
||||
# installed, things may not behave as we would expect.
|
||||
# fmt: off
|
||||
shutil.chown(
|
||||
target,
|
||||
user = override["owner"],
|
||||
group = override["group"])
|
||||
# fmt: on
|
||||
|
||||
os.makedirs(source["target"], exist_ok=True)
|
||||
fpm_wrapper(source, package, version, workspace, "rpm")
|
||||
fpm_wrapper(source, package, version, workspace, "deb")
|
||||
|
||||
|
||||
def fpm_wrapper(source, package, version, workspace, package_type):
|
||||
"""
|
||||
Constructs either a DEB/RPM Package.
|
||||
|
||||
This wraps some configuration settings that are *only* relevant
|
||||
to `fpm`.
|
||||
"""
|
||||
|
||||
conffiles = []
|
||||
for root, dirs, files in os.walk(os.path.join(workspace, "fs/etc")):
|
||||
for file in files:
|
||||
# fmt: off
|
||||
conffiles.extend([
|
||||
"--config-files", os.path.join("/", os.path.relpath(root, os.path.join(workspace, "fs")), file)
|
||||
])
|
||||
# fmt: on
|
||||
|
||||
# `source["arch"]` matches DEB architecture names. When building RPMs, it must
|
||||
# be converted into RPM architecture names.
|
||||
architecture = source["arch"]
|
||||
if package_type == "rpm":
|
||||
if architecture == "amd64":
|
||||
architecture = "x86_64"
|
||||
|
||||
# fmt: off
|
||||
p = subprocess.check_call([
|
||||
"fpm",
|
||||
"--log", "error",
|
||||
# package description
|
||||
"--name", package["name"],
|
||||
"--vendor", "InfluxData",
|
||||
"--description", "Distributed time-series database.",
|
||||
"--url", "https://influxdata.com",
|
||||
"--maintainer", "support@influxdb.com",
|
||||
"--license", "Proprietary",
|
||||
# package configuration
|
||||
"--input-type", "dir",
|
||||
"--output-type", package_type,
|
||||
"--architecture", architecture,
|
||||
"--version", version,
|
||||
"--iteration", "1",
|
||||
# maintainer scripts
|
||||
"--after-install", os.path.join(workspace, "control/post-install"),
|
||||
"--after-remove", os.path.join(workspace, "control/post-uninstall"),
|
||||
"--before-install", os.path.join(workspace, "control/pre-install"),
|
||||
# package conffiles
|
||||
"--rpm-attr", "750,influxdb,influxdb:/var/log/influxdb",
|
||||
"--rpm-attr", "750,influxdb,influxdb:/var/lib/influxdb",
|
||||
*conffiles,
|
||||
# package options
|
||||
"--chdir", os.path.join(workspace, "fs/"),
|
||||
"--package", source["target"]
|
||||
])
|
||||
# fmt: on
|
||||
|
||||
|
||||
circle_tag = os.getenv("CIRCLE_TAG", default="")
|
||||
circle_sha = os.getenv("CIRCLE_SHA1", default="DEADBEEF")
|
||||
# Determine if `circle_tag` matches the semantic version regex. Otherwise,
|
||||
# assume that `circle_tag` is not intended to tag a release. The regex is
|
||||
# permissive of what occurs after the semantic version. This allows for
|
||||
# alphas, betas, and release candidates.
|
||||
if re.match("^v[0-9]+.[0-9]+.[0-9]+", circle_tag):
|
||||
version = circle_tag[1:]
|
||||
else:
|
||||
# When `circle_tag` cannot be used to construct the package version,
|
||||
# use `circle_sha`. Since `circle_sha` can start with an alpha (non-
|
||||
# -numeric) character, prefix it with "1.x-".
|
||||
version = "1.x-" + circle_sha[:8]
|
||||
|
||||
with open(".circleci/scripts/package/config.yaml") as file:
|
||||
document = yaml.load(file, Loader=yaml.SafeLoader)
|
||||
|
||||
# fmt: off
|
||||
for s, p in [
|
||||
(s, p)
|
||||
for s in document["sources" ]
|
||||
for p in document["packages"]
|
||||
]:
|
||||
# fmt: on
|
||||
if s["plat"] == "linux":
|
||||
build_linux_archive(s, p, version)
|
||||
build_linux_package(s, p, version)
|
||||
if s["plat"] == "darwin":
|
||||
build_darwin_archive(s, p, version)
|
|
@ -0,0 +1,51 @@
|
|||
---
|
||||
sources:
|
||||
- binary: /tmp/workspace/bins/influxdb_bin_linux_amd64-*.tar.gz
|
||||
target: packages/
|
||||
arch: amd64
|
||||
plat: linux
|
||||
|
||||
packages:
|
||||
- name: influxdb
|
||||
binaries:
|
||||
- influx
|
||||
- influx_inspect
|
||||
- influxd
|
||||
extras:
|
||||
- source: etc/config.sample.toml
|
||||
target: etc/influxdb/influxdb.conf
|
||||
|
||||
- source: man/influx.1.gz
|
||||
target: usr/share/man/man1/influx.1.gz
|
||||
|
||||
- source: man/influx_inspect.1.gz
|
||||
target: usr/share/man/man1/influx_inspect.1.gz
|
||||
|
||||
- source: man/influxd.1.gz
|
||||
target: usr/share/man/man1/influxd.1.gz
|
||||
|
||||
- source: man/influxd-backup.1.gz
|
||||
target: usr/share/man/man1/influxd-backup.1.gz
|
||||
|
||||
- source: man/influxd-config.1.gz
|
||||
target: usr/share/man/man1/influxd-config.1.gz
|
||||
|
||||
- source: man/influxd-restore.1.gz
|
||||
target: usr/share/man/man1/influxd-restore.1.gz
|
||||
|
||||
- source: man/influxd-run.1.gz
|
||||
target: usr/share/man/man1/influxd-run.1.gz
|
||||
|
||||
- source: man/influxd-version.1.gz
|
||||
target: usr/share/man/man1/influxd-version.1.gz
|
||||
perm_overrides:
|
||||
- owner: root
|
||||
group: root
|
||||
perms: 0755
|
||||
target: usr/lib/influxdb/scripts/init.sh
|
||||
|
||||
- owner: root
|
||||
group: root
|
||||
perms: 0755
|
||||
target: usr/lib/influxdb/scripts/influxd-systemd-start.sh
|
||||
source: .circleci/scripts/package/influxdb
|
0
scripts/pre-install.sh → .circleci/scripts/package/influxdb/control/pre-install
Executable file → Normal file
0
scripts/pre-install.sh → .circleci/scripts/package/influxdb/control/pre-install
Executable file → Normal file
|
@ -0,0 +1 @@
|
|||
This prevents Git from removing this directory.
|
|
@ -0,0 +1 @@
|
|||
This prevents Git from removing this directory.
|
0
scripts/influxd-systemd-start.sh → .circleci/scripts/package/influxdb/fs/usr/lib/influxdb/scripts/influxd-systemd-start.sh
Executable file → Normal file
0
scripts/influxd-systemd-start.sh → .circleci/scripts/package/influxdb/fs/usr/lib/influxdb/scripts/influxd-systemd-start.sh
Executable file → Normal file
0
scripts/init.sh → .circleci/scripts/package/influxdb/fs/usr/lib/influxdb/scripts/init.sh
Executable file → Normal file
0
scripts/init.sh → .circleci/scripts/package/influxdb/fs/usr/lib/influxdb/scripts/init.sh
Executable file → Normal file
|
@ -0,0 +1 @@
|
|||
This prevents Git from removing this directory.
|
|
@ -0,0 +1 @@
|
|||
This prevents Git from removing this directory.
|
|
@ -0,0 +1 @@
|
|||
This prevents Git from removing this directory.
|
|
@ -0,0 +1,2 @@
|
|||
PyYAML==6.0
|
||||
regex==2023.6.3
|
|
@ -1,18 +0,0 @@
|
|||
FROM ruby:2.6-alpine3.9
|
||||
|
||||
RUN apk add --no-cache \
|
||||
bash \
|
||||
jq \
|
||||
gcc \
|
||||
make \
|
||||
musl-dev \
|
||||
rpm \
|
||||
ruby-dev \
|
||||
tar \
|
||||
zip
|
||||
|
||||
RUN gem install fpm -v 1.11.0
|
||||
|
||||
COPY fs/ /
|
||||
|
||||
ENTRYPOINT ["influxdb_packages.bash"]
|
|
@ -1,55 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
function printHelp() {
|
||||
>&2 echo "\
|
||||
USAGE: $0 \\
|
||||
-s PATH_TO_SOURCE_TARBALL \\
|
||||
-b PATH_TO_BINARIES_TARBALL \\
|
||||
-O OS \\
|
||||
-A ARCH \\
|
||||
-o OUTDIR
|
||||
|
||||
Creates the given package type, using the given binaries in the tarball and
|
||||
configuration files in the source tarball.
|
||||
"
|
||||
}
|
||||
|
||||
if [ $# -eq 0 ]; then
|
||||
printHelp
|
||||
exit 1
|
||||
fi
|
||||
|
||||
SRCDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
|
||||
SRC_TARBALL=""
|
||||
BIN_TARBALL=""
|
||||
OS=""
|
||||
ARCH=""
|
||||
OUTDIR=""
|
||||
|
||||
while getopts hs:b:O:A:o: arg; do
|
||||
case "$arg" in
|
||||
h) printHelp; exit 1;;
|
||||
s) SRC_TARBALL="$OPTARG";;
|
||||
b) BIN_TARBALL="$OPTARG";;
|
||||
O) OS="$OPTARG";;
|
||||
A) ARCH="$OPTARG";;
|
||||
o) OUTDIR="$OPTARG";;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -z "$OUTDIR" ] || [ -z "$SRC_TARBALL" ] || [ -z "$BIN_TARBALL" ] || [ -z "$OS" ] || [ -z "$ARCH" ]; then
|
||||
printHelp
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Always build the latest version of the image.
|
||||
docker build -t influxdata/influxdb/releng/packages:latest "$SRCDIR"
|
||||
|
||||
mkdir -p "$OUTDIR"
|
||||
|
||||
docker run --rm \
|
||||
--mount type=bind,source="${OUTDIR}",destination=/out \
|
||||
--mount type=bind,source="${SRC_TARBALL}",destination=/influxdb-src.tar.gz \
|
||||
--mount type=bind,source="${BIN_TARBALL}",destination=/influxdb-bin.tar.gz \
|
||||
influxdata/influxdb/releng/packages:latest -O "$OS" -A "$ARCH"
|
|
@ -1,179 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
function printHelp() {
|
||||
>&2 echo "\
|
||||
USAGE: $0 -O OS -A ARCH
|
||||
|
||||
Creates packages for the given OS/ARCH, using the influxdb source tarball mounted at
|
||||
/influxdb-src.tar.gz and the binaries tarball mounted at /influxdb-bin.tar.gz .
|
||||
"
|
||||
}
|
||||
|
||||
if [ $# -eq 0 ]; then
|
||||
printHelp
|
||||
exit 1
|
||||
fi
|
||||
|
||||
OS=""
|
||||
ARCH=""
|
||||
|
||||
while getopts hO:A:s arg; do
|
||||
case "$arg" in
|
||||
h) printHelp; exit 1;;
|
||||
O) OS="$OPTARG";;
|
||||
# For backwards compatibility, ensure the packages say i386 if using GOARCH=386.
|
||||
A) ARCH="$(echo "$OPTARG" | sed 's/386/i386/')";;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -z "$OS" ] || [ -z "$ARCH" ]; then
|
||||
printHelp
|
||||
exit 1
|
||||
fi
|
||||
|
||||
WORK=/influxdata
|
||||
mkdir -p ${WORK}
|
||||
tar x -C ${WORK} -zf /influxdb-src.tar.gz
|
||||
ln -s ${WORK}/influxdb /isrc # Shorthand for influxdb source.
|
||||
SHA=$(jq -r .sha < "/isrc/.metadata.json")
|
||||
VERSION=$(jq -r .version < "/isrc/.metadata.json")
|
||||
ARCHIVE_ROOT_NAME="influxdb-${VERSION}-1"
|
||||
PKG_ROOT="/pkg/$ARCHIVE_ROOT_NAME"
|
||||
|
||||
# Extract the respective binaries to dedicated folders.
|
||||
mkdir -p /ibin
|
||||
(cd /ibin && tar xzf /influxdb-bin.tar.gz)
|
||||
|
||||
# TODO: $STATIC is always 0
|
||||
if [ "$OS" == "linux" ] && [ "$STATIC" == "1" ]; then
|
||||
# Static linux packages get only the binaries and the conf file in the root directory,
|
||||
# plus the man pages in the full path.
|
||||
rm -rf "$PKG_ROOT"
|
||||
mkdir -p "$PKG_ROOT"
|
||||
|
||||
cp /ibin/* "$PKG_ROOT/"
|
||||
cp /isrc/etc/config.sample.toml "$PKG_ROOT/influxdb.conf"
|
||||
|
||||
mkdir -p "$PKG_ROOT/usr/share/man/man1"
|
||||
cp /isrc/man/*.1.gz "$PKG_ROOT/usr/share/man/man1"
|
||||
|
||||
# Creating tarball from /pkg, NOT from $PKG_ROOT, so that influxdb-$VERSION-1 directory is present in archive.
|
||||
(cd /pkg && tar czf "/out/influxdb-${VERSION}-static_${OS}_${ARCH}.tar.gz" ./*)
|
||||
|
||||
(cd /out && for f in *.tar.gz; do
|
||||
md5sum "$f" > "$f.md5"
|
||||
sha256sum "$f" > "$f.sha256"
|
||||
done)
|
||||
elif [ "$OS" == "linux" ] || [ "$OS" == "darwin" ]; then
|
||||
#############################
|
||||
####### Data packages #######
|
||||
#############################
|
||||
|
||||
# Create layout for packaging under $PKG_ROOT.
|
||||
rm -rf "$PKG_ROOT"
|
||||
mkdir -p "$PKG_ROOT/usr/bin" \
|
||||
"$PKG_ROOT/var/log/influxdb" \
|
||||
"$PKG_ROOT/var/lib/influxdb" \
|
||||
"$PKG_ROOT/usr/lib/influxdb/scripts" \
|
||||
"$PKG_ROOT/usr/share/man/man1" \
|
||||
"$PKG_ROOT/etc/influxdb" \
|
||||
"$PKG_ROOT/etc/logrotate.d"
|
||||
chmod -R 0755 /pkg
|
||||
|
||||
# Copy service scripts.
|
||||
cp /isrc/scripts/init.sh "$PKG_ROOT/usr/lib/influxdb/scripts/init.sh"
|
||||
chmod 0644 "$PKG_ROOT/usr/lib/influxdb/scripts/init.sh"
|
||||
cp /isrc/scripts/influxdb.service "$PKG_ROOT/usr/lib/influxdb/scripts/influxdb.service"
|
||||
chmod 0644 "$PKG_ROOT/usr/lib/influxdb/scripts/influxdb.service"
|
||||
cp /isrc/scripts/influxd-systemd-start.sh "$PKG_ROOT/usr/lib/influxdb/scripts/influxd-systemd-start.sh"
|
||||
chmod 0755 "$PKG_ROOT/usr/lib/influxdb/scripts/influxd-systemd-start.sh"
|
||||
|
||||
# Copy logrotate script.
|
||||
cp /isrc/scripts/logrotate "$PKG_ROOT/etc/logrotate.d/influxdb"
|
||||
chmod 0644 "$PKG_ROOT/etc/logrotate.d/influxdb"
|
||||
|
||||
# Copy sample config.
|
||||
cp /isrc/etc/config.sample.toml "$PKG_ROOT/etc/influxdb/influxdb.conf"
|
||||
|
||||
# Copy data binaries.
|
||||
cp /ibin/* "$PKG_ROOT/usr/bin/"
|
||||
|
||||
# Copy man pages.
|
||||
cp /isrc/man/*.1.gz "$PKG_ROOT/usr/share/man/man1"
|
||||
|
||||
# Make tarball of files in packaging.
|
||||
BIN_GZ_NAME="/out/influxdb-${VERSION}_${OS}_${ARCH}.tar.gz"
|
||||
if [ "$STATIC" == "1" ]; then
|
||||
BIN_GZ_NAME="/out/influxdb-${VERSION}-static_${OS}_${ARCH}.tar.gz"
|
||||
fi
|
||||
|
||||
# Creating tarball from /pkg, NOT from $PKG_ROOT, so that influxdb-$VERSION-1 directory is present in archive.
|
||||
(cd /pkg && tar czf $BIN_GZ_NAME ./*)
|
||||
|
||||
if [ "$OS" == "linux" ] ; then
|
||||
# Call fpm to build .deb and .rpm packages.
|
||||
for typeargs in "-t deb" "-t rpm --depends coreutils --depends shadow-utils"; do
|
||||
ARCH_CONVERTED=$ARCH
|
||||
pkg_t=$(echo $typeargs | cut -d ' ' -f2)
|
||||
if [ "$pkg_t" == "rpm" ] && [ $"$ARCH" == "armhf" ]; then
|
||||
ARCH_CONVERTED="armv7hl"
|
||||
elif [ "$pkg_t" == "rpm" ] && [ $"$ARCH" == "arm64" ]; then
|
||||
ARCH_CONVERTED="aarch64"
|
||||
fi
|
||||
FPM_NAME=$(
|
||||
fpm \
|
||||
-s dir \
|
||||
$typeargs \
|
||||
--depends curl \
|
||||
--log error \
|
||||
--vendor InfluxData \
|
||||
--url "https://influxdata.com" \
|
||||
--after-install /isrc/scripts/post-install.sh \
|
||||
--before-install /isrc/scripts/pre-install.sh \
|
||||
--after-remove /isrc/scripts/post-uninstall.sh \
|
||||
--license Proprietary \
|
||||
--maintainer "support@influxdb.com" \
|
||||
--directories /var/log/influxdb \
|
||||
--directories /var/lib/influxdb \
|
||||
--rpm-attr 755,influxdb,influxdb:/var/log/influxdb \
|
||||
--rpm-attr 755,influxdb,influxdb:/var/lib/influxdb \
|
||||
--description 'Distributed time-series database.' \
|
||||
--config-files /etc/influxdb/influxdb.conf \
|
||||
--config-files /etc/logrotate.d/influxdb \
|
||||
--name "influxdb" \
|
||||
--architecture "$ARCH_CONVERTED" \
|
||||
--version "$VERSION" \
|
||||
--iteration 1 \
|
||||
-C "$PKG_ROOT" \
|
||||
-p /out \
|
||||
| ruby -e 'puts (eval ARGF.read)[:path]' )
|
||||
|
||||
echo "fpm created $FPM_NAME"
|
||||
NEW_NAME=$(echo "$FPM_NAME" | rev | sed "s/1-//" | rev)
|
||||
echo "renaming to ${NEW_NAME}"
|
||||
mv "${FPM_NAME}" "${NEW_NAME}"
|
||||
done
|
||||
fi
|
||||
|
||||
#############################
|
||||
######### Checksums #########
|
||||
#############################
|
||||
(cd /out && find . \( -name '*.deb' -o -name '*.rpm' -o -name '*.tar.gz' \) -exec sh -c 'md5sum {} > {}.md5 && sha256sum {} > {}.sha256' \;)
|
||||
elif [ "$OS" == "windows" ]; then
|
||||
# Windows gets the binaries and the sample config file.
|
||||
rm -rf "$PKG_ROOT"
|
||||
mkdir -p "$PKG_ROOT"
|
||||
cp /ibin/*.exe "$PKG_ROOT"
|
||||
cp /isrc/etc/config.sample.toml "$PKG_ROOT/influxdb.conf"
|
||||
|
||||
(cd /pkg && zip -9 -r "/out/influxdb-${VERSION}_${OS}_${ARCH}.zip" ./*)
|
||||
(cd /out && for f in *.zip; do
|
||||
md5sum "$f" > "$f.md5"
|
||||
sha256sum "$f" > "$f.sha256"
|
||||
done)
|
||||
else
|
||||
>&2 echo "Unrecognized OS: $OS"
|
||||
exit 1
|
||||
fi
|
|
@ -1,8 +0,0 @@
|
|||
/var/log/influxdb/influxd.log {
|
||||
daily
|
||||
rotate 7
|
||||
missingok
|
||||
dateext
|
||||
copytruncate
|
||||
compress
|
||||
}
|
Loading…
Reference in New Issue