feat(rpm): add RPM build scripts

Add script to build RPMs for Fedora-like distros Signed-off-by: Jagannathan Raman <[email protected]>
veraison · Jan 7, 2025 · 6438dc1 · 6438dc1
1 parent 95808b1
commit 6438dc1
Show file tree

Hide file tree

Showing 5 changed files with 269 additions and 0 deletions.
diff --git a/deployments/rpm/Makefile b/deployments/rpm/Makefile
@@ -0,0 +1,21 @@
+# Copyright 2025 Contributors to the Veraison project.
+# SPDX-License-Identifier: Apache-2.0
+.DEFAULT_TARGET: rpm
+
+SHELL = /bin/bash
+
+THIS_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+
+PACKAGE_DEST ?= /tmp
+
+.PHONY: rpm
+rpm:
+	$(THIS_DIR)/deployment.sh create-rpm $(PACKAGE_DEST)
+
+.PHONY: bootstrap
+bootstrap:
+	$(THIS_DIR)/deployment.sh bootstrap
+
+.PHONY: really-clean
+really-clean:
+	rm -rf $(PACKAGE_DEST)/veraison-rpm-package
diff --git a/deployments/rpm/README.md b/deployments/rpm/README.md
@@ -0,0 +1,38 @@
+This directory contains scripts and other resources for creating .rpm
+packages for installation on Fedora-like distros (such as RHEL and
+Oracle Linux). The build process involves creating a native deployment
+and then packaging it up using `rpmbuild`. Veraison services run as
+`VERAISON_USER` as specified in `deployment.cfg`, which defaults to
+`veraison`. If this user isn't available, RPM creates it. 
+
+## Dependencies
+
+In addition to [dependencies for the native 
+deployment](../native/README.md#dependencies), `rpm-build` must be installed. To
+install all dependencies to build an rpm, run
+
+```sh
+make bootstrap
+```
+
+## Building the package
+
+The location where the package will be built is specified with `PACKAGE_DEST`
+environment variable. It will default to `/tmp` if not set. To build the
+package simply do
+
+```sh
+make rpm
+```
+This will create the following RPM package
+`${PACKAGE_DEST}/veraison_VERSION_ARCH/rpmbuild/RPMS/ARCH/veraison-VERSION.FLA.ARCH.rpm`
+where `VERSION` is the Veraison version as reported by the
+[`get-veraison-version`](../scripts/get-veraison-version) script,
+`ARCH` is the architecture of your system as reported by `arch`, and
+`FLA` is the distro flavor such as el8 and el9.
+
+## Install the package
+
+The following command install the RPM package
+
+`sudo dnf install ${PACKAGE_DEST}/veraison_VERSION_ARCH/rpmbuild/RPMS/ARCH/veraison-VERSION.FLA.ARCH.rpm`
diff --git a/deployments/rpm/deployment.cfg b/deployments/rpm/deployment.cfg
@@ -0,0 +1,32 @@
+##############################################################################
+# Veraison Deployment Configuration
+#
+# Note: this uses Bash syntax, however there is no need to export variables
+#       here, as this file will be sourced with set -a
+##############################################################################
+# shellcheck disable=SC2034
+
+# The ports on which services will be listening.
+VTS_PORT=${VTS_PORT:-50051}
+PROVISIONING_PORT=${PROVISIONING_PORT:-8888}
+VERIFICATION_PORT=${VERIFICATION_PORT:-8080}
+MANAGEMENT_PORT=${MANAGEMENT_PORT:-8088}
+
+# The host the services will be running on.
+VERAISON_HOST=${VERAISON_HOST:-localhost}
+
+# The user Veraison services will be run as by system systemd.
+# (note: this will not be used when starting via start-tmux, start-term, or
+# user systemd. In those cases, the services will aways run as $USER.)
+VERAISON_USER=${VERAISON_USER:-veraison}
+
+VERAISON_GROUP=${VERAISON_GROUP:-veraison}
+
+# Location of certs to be used by veraison services; there must be a cert and
+# corresponding key for each service (e.g. vts.crt and vts.key for
+# vts-service), and a rootCA.crt that was used to sign the service certs.
+VERAISON_CERTS=${VERAISON_CERTS:-}
+
+VERAISON_ROOT=/usr/local/veraison/
+
+# vim: set ft=bash:
diff --git a/deployments/rpm/deployment.sh b/deployments/rpm/deployment.sh
@@ -0,0 +1,112 @@
+#!/bin/bash
+set -eo pipefail
+
+_error='\e[0;31mERROR\e[0m'
+_this_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+
+_repo_root=$(realpath "${_this_dir}/../..")
+_version=$("${_repo_root}/scripts/get-veraison-version")
+
+
+function bootstrap() {
+	sudo dnf install -y rpm-build
+	"${_repo_root}/deployments/native/deployment.sh" bootstrap
+}
+
+function create_rpm() {
+	_check_installed rpmbuild
+
+	local work_dir=${1:-/tmp}
+	local arch; arch="$(arch)"
+	local pkg_dir=${work_dir}/veraison_${_version}_${arch}
+
+	set -a
+	source "${_this_dir}/deployment.cfg"
+	set +a
+
+	export VERAISON_ROOT=${VERAISON_ROOT}
+	export DEPLOYMENT_DEST=${pkg_dir}${VERAISON_ROOT}
+	export VTS_HOST=$VERAISON_HOST
+	export PROVISIONING_HOST=$VERAISON_HOST
+	export VERIFICATION_HOST=$VERAISON_HOST
+	export MANAGEMENT_HOST=$VERAISON_HOST
+
+	export _VERAISON_VERSION=${_version}
+
+	rm -rf "${pkg_dir}"
+	"${_repo_root}/deployments/native/deployment.sh" quick-init-all
+
+	mkdir -p ${pkg_dir}/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
+	tar -C ${DEPLOYMENT_DEST} -cvzf veraison-${_VERAISON_VERSION}.tar.gz .
+	mv veraison-${_VERAISON_VERSION}.tar.gz ${pkg_dir}/rpmbuild/BUILD/
+	cp veraison.spec.template ${pkg_dir}/rpmbuild/BUILD/veraison.spec
+
+	sed -i -e "s/_VERSION_/${_VERAISON_VERSION}/g" ${pkg_dir}/rpmbuild/BUILD/veraison.spec
+	sed -i -e "s/_VERAISON_USER_/${VERAISON_USER}/g" ${pkg_dir}/rpmbuild/BUILD/veraison.spec
+	sed -i -e "s/_VERAISON_GROUP_/${VERAISON_GROUP}/g" ${pkg_dir}/rpmbuild/BUILD/veraison.spec
+
+	rpmbuild --define "_topdir ${pkg_dir}/rpmbuild" -bb ${pkg_dir}/rpmbuild/BUILD/veraison.spec
+
+	echo "done."
+}
+
+function help() {
+	set +e
+	local usage
+	read -r -d '' usage <<-EOF
+	Usage: deployment.sh [OPTIONS...] COMMAND [ARGS...]
+
+	This script allows packaging a Veraison deployment as .rpm package suitable
+	for installation on Fedora-like Linux distros (such as RHEL and Oracle Linux). 
+
+	OPTIONS:
+
+	Please note that opitons MUST be specified before the command and arguments.
+
+	  -h show this message and exist
+
+	COMMANDS:
+
+	help
+	    Show this message and exit. The same as -h option.
+
+        bootstrap
+            Set up the enviroment for creating the deployment, installing any
+            necessary dependencies.
+
+	create-rpm [DIR]
+	    Create a RPM package under DIR. If DIR is not specified, /tmp will be
+            used. Upon successful completion, it will contain the .rpm package and a 
+            subdirectory with the sources used to create the package. This command 
+            relies on the "native" deployment to create the package sources.
+	EOF
+	set -e
+
+	echo "$usage"
+}
+
+function _check_installed() {
+	local what=$1
+
+	if [[ "$(type -p "$what")" == "" ]]; then
+		echo -e "$_error: $what executable must be installed to use this command."
+		exit 1
+	fi
+}
+
+while getopts "h" opt; do
+	case "$opt" in
+		h) help; exit 0;;
+		*) break;;
+	esac
+done
+
+_command=$1; shift
+_command=$(echo "$_command" | tr -- _ -)
+case $_command in 
+	help) help;;
+        bootstrap) bootstrap;;
+	create-rpm) create_rpm "$1";;
+	*) echo -e "$_error: unexpected command: \"$_command\"";;
+esac
+# vim: set noet sts=8 sw=8:
diff --git a/deployments/rpm/veraison.spec.template b/deployments/rpm/veraison.spec.template
@@ -0,0 +1,66 @@
+Name:           veraison
+Version:        _VERSION_
+Release:        1%{?dist}
+Summary:        Veraison server
+
+License:        APACHE
+Source0:        %{name}-%{version}.tar.gz
+
+Requires:       /usr/bin/bash
+
+%global USERNAME _VERAISON_USER_
+%global GROUPNAME _VERAISON_GROUP_
+%global LOGSDIR _VERAISON_LOGS_
+
+%description
+This package installs Veraison server
+
+%prep
+tar -xvzf %{name}-%{version}.tar.gz
+
+%install
+rm -rf $RPM_BUILD_ROOT
+mkdir -p $RPM_BUILD_ROOT/%{_prefix}/local/veraison/
+cp -a bin/ $RPM_BUILD_ROOT/%{_prefix}/local/veraison/
+cp -a certs/ $RPM_BUILD_ROOT/%{_prefix}/local/veraison/
+cp -a config/ $RPM_BUILD_ROOT/%{_prefix}/local/veraison/
+cp -a env/ $RPM_BUILD_ROOT/%{_prefix}/local/veraison/
+cp -a logs/ $RPM_BUILD_ROOT/%{_prefix}/local/veraison/
+cp -a plugins/ $RPM_BUILD_ROOT/%{_prefix}/local/veraison/
+cp -a signing/ $RPM_BUILD_ROOT/%{_prefix}/local/veraison/
+cp -a stores/ $RPM_BUILD_ROOT/%{_prefix}/local/veraison/
+cp -a systemd/ $RPM_BUILD_ROOT/%{_prefix}/local/veraison/
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+/%{_prefix}/local/veraison
+
+%pre
+if ! getent group %{GROUPNAME} >/dev/null 2>&1; then
+     echo "Adding group: %{GROUPNAME}"
+     groupadd --system %{GROUPNAME}
+fi
+
+if ! id -u %{USERNAME} >/dev/null 2>&1; then
+     echo "Adding user: %{USERNAME}"
+     useradd --system --shell /usr/sbin/nologin --gid %{GROUPNAME} \
+             --comment "Veraison User" %{USERNAME} --groups adm,%{GROUPNAME}
+fi
+
+getent group %{GROUPNAME} >/dev/null 2>&1 && usermod -a -G %{GROUPNAME} %{USERNAME} || true
+
+%post
+chown -R %{USERNAME}:%{GROUPNAME} /%{_prefix}/local/veraison/
+chmod 500 /%{_prefix}/local/veraison/certs/*.key
+/%{_prefix}/local/veraison/bin/veraison -s start-services
+
+%preun
+/%{_prefix}/local/veraison/bin/veraison -s stop-services
+/%{_prefix}/local/veraison/bin/veraison -s disable-services
+rm -f /%{_prefix}/local/veraison/logs/*.log
+
+%changelog
+* Tue Nov 21 2023 root
+-