From 4b9ca5a62ef1e5ecc7d0cd74ac56311ec73a0f5c Mon Sep 17 00:00:00 2001 From: Holger Levsen Date: Sun, 19 Oct 2014 00:27:04 +0200 Subject: reproducible: add locking for reproducible schroot creation (which happens daily) --- bin/reproducible_build.sh | 19 ++++++ bin/reproducible_common.sh | 4 ++ bin/reproducible_setup.sh | 85 -------------------------- bin/reproducible_setup_pbuilder.sh | 85 ++++++++++++++++++++++++++ bin/reproducible_setup_schroot.sh | 118 +++++++++++++++++++++++++++++++++++++ 5 files changed, 226 insertions(+), 85 deletions(-) delete mode 100755 bin/reproducible_setup.sh create mode 100755 bin/reproducible_setup_pbuilder.sh create mode 100755 bin/reproducible_setup_schroot.sh (limited to 'bin') diff --git a/bin/reproducible_build.sh b/bin/reproducible_build.sh index d9b558c3..4a7fc84b 100755 --- a/bin/reproducible_build.sh +++ b/bin/reproducible_build.sh @@ -134,10 +134,29 @@ else LOGFILE=$(ls ${SRCPACKAGE}_${EVERSION}.dsc) LOGFILE=$(echo ${LOGFILE%.dsc}.debbindiff.html) BUILDINFO=${SRCPACKAGE}_${EVERSION}_amd64.buildinfo + # the schroot for debbindiff gets updated once a day. wait patiently if that's the case + if [ -f $DBDCHROOT_WRITELOCK ] || [ -f $DBDCHROOT_READLOCK ] ; then + for i in $(seq 0 100) ; do + sleep 15 + echo "sleeping 15s, debbindiff schroot is locked." + if [ ! -f $DBDCHROOT_WRITELOCK ] && [ ! -f $DBDCHROOT_READLOCK ] ; then + break + fi + done + if [ -f $DBDCHROOT_WRITELOCK ] || [ -f $DBDCHROOT_READLOCK ] ; then + echo "Warning: lock $DBDCHROOT_WRITELOCK or [ -f $DBDCHROOT_READLOCK ] still exists, exiting." + exit 1 + fi + else + # we create (more) read-lock(s) but stop on write locks... + # write locks are only done by the schroot setup job + touch $DBDCHROOT_READLOCK + fi ( timeout 15m schroot --directory /tmp -c source:jenkins-reproducible-sid debbindiff -- --html $TMPDIR/${LOGFILE} $TMPDIR/b1/${SRCPACKAGE}_${EVERSION}_amd64.changes $TMPDIR/b2/${SRCPACKAGE}_${EVERSION}_amd64.changes ) 2>&1 >> ${RBUILDLOG} RESULT=$? set +x set -e + rm -f $DBDCHROOT_READLOCK echo | tee -a ${RBUILDLOG} if [ $RESULT -eq 124 ] ; then echo "$(date) - debbindiff was killed after running into timeouot... maybe there is still $JENKINS_URL/userContent/dbd/${LOGFILE}" | tee -a ${RBUILDLOG} diff --git a/bin/reproducible_common.sh b/bin/reproducible_common.sh index 775033c7..f00a4797 100755 --- a/bin/reproducible_common.sh +++ b/bin/reproducible_common.sh @@ -100,6 +100,10 @@ elif [ ! -f ${PACKAGES_DB} ] ; then EOF fi +# common variables +DBDCHROOT_READLOCK=/var/lib/jenkins/reproducible-dbdchroot.readlock +DBDCHROOT_WRITELOCK=/var/lib/jenkins/reproducible-dbdchroot.writelock + # shop trailing slash JENKINS_URL=${JENKINS_URL:0:-1} diff --git a/bin/reproducible_setup.sh b/bin/reproducible_setup.sh deleted file mode 100755 index 6075789f..00000000 --- a/bin/reproducible_setup.sh +++ /dev/null @@ -1,85 +0,0 @@ -#!/bin/bash - -# Copyright 2014 Holger Levsen -# released under the GPLv=2 - -. /srv/jenkins/bin/common-functions.sh -common_init "$@" - -# common code defining db access -. /srv/jenkins/bin/reproducible_common.sh - -set +x -# blacklist some packages -for PKG in linux cups zurl openclipart eigen3 xmds2 ; do - RESULT=$(sqlite3 -init $INIT $PACKAGES_DB " SELECT name FROM source_packages WHERE status = 'blacklisted' AND name = '$PKG'") - if [ "$RESULT" = "" ] ; then - set -x - sqlite3 -init $INIT $PACKAGES_DB "REPLACE into source_packages VALUES ('$PKG','0','blacklisted',date('now'))" - set +x - fi -done - -# -# create script to configure a pbuilder chroot -# -create_setup_tmpfile() { - cat > ${TMPFILE} <<- EOF -# -# this script is run within the pbuilder environment to further customize it -# -echo "-----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.12 (GNU/Linux) - -mQINBFQsy/gBEADKGF55qQpXxpTn7E0Vvqho82/HFB/yT9N2wD8TkrejhJ1I6hfJ -zFXD9fSi8WnNpLc6IjcaepuvvO4cpIQ8620lIuONQZU84sof8nAO0LDoMp/QdN3j -VViXRXQtoUmTAzlOBNpyb8UctAoSzPVgO3jU1Ngr1LWi36hQPvQWSYPNmbsDkGVE -unB0p8DCN88Yq4z2lDdlHgFIy0IDNixuRp/vBouuvKnpe9zyOkijV83Een0XSUsZ -jmoksFzLzjChlS5fAL3FjtLO5XJGng46dibySWwYx2ragsrNUUSkqTTmU7bOVu9a -zlnQNGR09kJRM77UoET5iSXXroK7xQ26UJkhorW2lXE5nQ97QqX7igWp2u0G74RB -e6y3JqH9W8nV+BHuaCVmW0/j+V/l7T3XGAcbjZw1A4w5kj8YGzv3BpztXxqyHQsy -piewXLTBn8dvgDqd1DLXI5gGxC3KGGZbC7v0rQlu2N6OWg2QRbcVKqlE5HeZxmGV -vwGQs/vcChc3BuxJegw/bnP+y0Ys5tsVLw+kkxM5wbpqhWw+hgOlGHKpJLNpmBxn -T+o84iUWTzpvHgHiw6ShJK50AxSbNzDWdbo7p6e0EPHG4Gj41bwO4zVzmQrFz//D -txVBvoATTZYMLF5owdCO+rO6s/xuC3s04pk7GpmDmi/G51oiz7hIhxJyhQARAQAB -tC5EZWJpYW4gUmVwcm9kdWNpYmxlIEJ1aWxkcyBBcmNoaXZlIFNpZ25pbmcgS2V5 -iQI9BBMBCAAnBQJULMv4AhsDBQkFo5qABQsJCAcDBRUKCQgLBRYDAgEAAh4BAheA -AAoJEF23ymfqWaMfFsMP/3jthq65H9avuM469jHcugcd0C5b7/DS+cGQ5E4NQIGL -6tGsqv5k6Nb0MoMMEAQSmWeXRkbYYxmEkrREMNg8tPlh4NiJimH3neNfI+8fGiHY -89FH7QDrrzGfMF9oJQ9zjWZTOs3bjJ4AfS4fkQiQ6UfO7TeMyz5Cw7kz+rS1m1tu -+RgHxD+6A+XxkIZnw5we1MH0SAFoq4j3boR8QkFUNMZsy97xWYON4QLpYwKCbiwL -Q4y06YTw4A7lp+B2JKLc70yRcjbixeAFlZfbhmGITTNAl3j8+48hRLLkJ+s8eT1r -DS1UkYi2xBSNa6TVtNxbDUwVTzzxDe+b8tW2BfC7TBOX2oq6e6ebRa+ghZFVLNY1 -3y+FilXGNMB7IvZ378idHYTNaiJuYXNkrd8UGunwK4NCWdZk05L9GdKeQ6DN380Y -L4QkKpINXSKjneWV7IITMFhvRZCgOVAmoHaq6kaGsl/FwHBA9I8hHXuSyvke8UMP -dmvR8ggv5wiY9NDjW55h7M+UIqEaoXws1algIKB/TWm4/RnQcrxoXBX16wyidzcv -Mb0BawlXZui0MNUSnZtxHMxrjejdvZdqtskHl9srB1QThH0jasmUqbQPxCnxMbf1 -4LhIp6XlXJFF1btgfCexNmcPuqeOMMDQ+du6Hqj2Yl5GYo2McWvjpSgkt5VmQfIz -=X8YA ------END PGP PUBLIC KEY BLOCK-----" | apt-key add - -echo 'deb http://reproducible.alioth.debian.org/debian/ ./' > /etc/apt/sources.list.d/reproducible.list -apt-get update -apt-get install -y dpkg dpkg-dev debhelper dh-python discount -echo -dpkg -l -echo -for i in \$(dpkg -l |grep ^ii |awk -F' ' '{print \$2}'); do apt-cache madison "\$i" | head -1 | grep reproducible.alioth.debian.org || true ; done -echo -EOF -} - -# -# setup pbuilder for reproducible builds -# -setup_pbuilder() { - echo "$(date) - creating /var/cache/pbuilder/${1}.tgz now..." - TMPFILE=$(mktemp) - create_setup_tmpfile - sudo pbuilder --create --basetgz /var/cache/pbuilder/${1}-new.tgz --distribution sid - sudo pbuilder --execute --save-after-exec --basetgz /var/cache/pbuilder/${1}-new.tgz -- ${TMPFILE} - sudo mv /var/cache/pbuilder/${1}-new.tgz /var/cache/pbuilder/${1}.tgz - rm ${TMPFILE} - echo -} - -setup_pbuilder base-reproducible diff --git a/bin/reproducible_setup_pbuilder.sh b/bin/reproducible_setup_pbuilder.sh new file mode 100755 index 00000000..6075789f --- /dev/null +++ b/bin/reproducible_setup_pbuilder.sh @@ -0,0 +1,85 @@ +#!/bin/bash + +# Copyright 2014 Holger Levsen +# released under the GPLv=2 + +. /srv/jenkins/bin/common-functions.sh +common_init "$@" + +# common code defining db access +. /srv/jenkins/bin/reproducible_common.sh + +set +x +# blacklist some packages +for PKG in linux cups zurl openclipart eigen3 xmds2 ; do + RESULT=$(sqlite3 -init $INIT $PACKAGES_DB " SELECT name FROM source_packages WHERE status = 'blacklisted' AND name = '$PKG'") + if [ "$RESULT" = "" ] ; then + set -x + sqlite3 -init $INIT $PACKAGES_DB "REPLACE into source_packages VALUES ('$PKG','0','blacklisted',date('now'))" + set +x + fi +done + +# +# create script to configure a pbuilder chroot +# +create_setup_tmpfile() { + cat > ${TMPFILE} <<- EOF +# +# this script is run within the pbuilder environment to further customize it +# +echo "-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQINBFQsy/gBEADKGF55qQpXxpTn7E0Vvqho82/HFB/yT9N2wD8TkrejhJ1I6hfJ +zFXD9fSi8WnNpLc6IjcaepuvvO4cpIQ8620lIuONQZU84sof8nAO0LDoMp/QdN3j +VViXRXQtoUmTAzlOBNpyb8UctAoSzPVgO3jU1Ngr1LWi36hQPvQWSYPNmbsDkGVE +unB0p8DCN88Yq4z2lDdlHgFIy0IDNixuRp/vBouuvKnpe9zyOkijV83Een0XSUsZ +jmoksFzLzjChlS5fAL3FjtLO5XJGng46dibySWwYx2ragsrNUUSkqTTmU7bOVu9a +zlnQNGR09kJRM77UoET5iSXXroK7xQ26UJkhorW2lXE5nQ97QqX7igWp2u0G74RB +e6y3JqH9W8nV+BHuaCVmW0/j+V/l7T3XGAcbjZw1A4w5kj8YGzv3BpztXxqyHQsy +piewXLTBn8dvgDqd1DLXI5gGxC3KGGZbC7v0rQlu2N6OWg2QRbcVKqlE5HeZxmGV +vwGQs/vcChc3BuxJegw/bnP+y0Ys5tsVLw+kkxM5wbpqhWw+hgOlGHKpJLNpmBxn +T+o84iUWTzpvHgHiw6ShJK50AxSbNzDWdbo7p6e0EPHG4Gj41bwO4zVzmQrFz//D +txVBvoATTZYMLF5owdCO+rO6s/xuC3s04pk7GpmDmi/G51oiz7hIhxJyhQARAQAB +tC5EZWJpYW4gUmVwcm9kdWNpYmxlIEJ1aWxkcyBBcmNoaXZlIFNpZ25pbmcgS2V5 +iQI9BBMBCAAnBQJULMv4AhsDBQkFo5qABQsJCAcDBRUKCQgLBRYDAgEAAh4BAheA +AAoJEF23ymfqWaMfFsMP/3jthq65H9avuM469jHcugcd0C5b7/DS+cGQ5E4NQIGL +6tGsqv5k6Nb0MoMMEAQSmWeXRkbYYxmEkrREMNg8tPlh4NiJimH3neNfI+8fGiHY +89FH7QDrrzGfMF9oJQ9zjWZTOs3bjJ4AfS4fkQiQ6UfO7TeMyz5Cw7kz+rS1m1tu ++RgHxD+6A+XxkIZnw5we1MH0SAFoq4j3boR8QkFUNMZsy97xWYON4QLpYwKCbiwL +Q4y06YTw4A7lp+B2JKLc70yRcjbixeAFlZfbhmGITTNAl3j8+48hRLLkJ+s8eT1r +DS1UkYi2xBSNa6TVtNxbDUwVTzzxDe+b8tW2BfC7TBOX2oq6e6ebRa+ghZFVLNY1 +3y+FilXGNMB7IvZ378idHYTNaiJuYXNkrd8UGunwK4NCWdZk05L9GdKeQ6DN380Y +L4QkKpINXSKjneWV7IITMFhvRZCgOVAmoHaq6kaGsl/FwHBA9I8hHXuSyvke8UMP +dmvR8ggv5wiY9NDjW55h7M+UIqEaoXws1algIKB/TWm4/RnQcrxoXBX16wyidzcv +Mb0BawlXZui0MNUSnZtxHMxrjejdvZdqtskHl9srB1QThH0jasmUqbQPxCnxMbf1 +4LhIp6XlXJFF1btgfCexNmcPuqeOMMDQ+du6Hqj2Yl5GYo2McWvjpSgkt5VmQfIz +=X8YA +-----END PGP PUBLIC KEY BLOCK-----" | apt-key add - +echo 'deb http://reproducible.alioth.debian.org/debian/ ./' > /etc/apt/sources.list.d/reproducible.list +apt-get update +apt-get install -y dpkg dpkg-dev debhelper dh-python discount +echo +dpkg -l +echo +for i in \$(dpkg -l |grep ^ii |awk -F' ' '{print \$2}'); do apt-cache madison "\$i" | head -1 | grep reproducible.alioth.debian.org || true ; done +echo +EOF +} + +# +# setup pbuilder for reproducible builds +# +setup_pbuilder() { + echo "$(date) - creating /var/cache/pbuilder/${1}.tgz now..." + TMPFILE=$(mktemp) + create_setup_tmpfile + sudo pbuilder --create --basetgz /var/cache/pbuilder/${1}-new.tgz --distribution sid + sudo pbuilder --execute --save-after-exec --basetgz /var/cache/pbuilder/${1}-new.tgz -- ${TMPFILE} + sudo mv /var/cache/pbuilder/${1}-new.tgz /var/cache/pbuilder/${1}.tgz + rm ${TMPFILE} + echo +} + +setup_pbuilder base-reproducible diff --git a/bin/reproducible_setup_schroot.sh b/bin/reproducible_setup_schroot.sh new file mode 100755 index 00000000..70f40f5a --- /dev/null +++ b/bin/reproducible_setup_schroot.sh @@ -0,0 +1,118 @@ +#!/bin/bash + +# Copyright 2012-2014 Holger Levsen +# Copyright 2013 Antonio Terceiro +# Copyright 2014 Joachim Breitner +# released under the GPLv=2 + +. /srv/jenkins/bin/common-functions.sh +common_init "$@" + +# bootstraps a new chroot for schroot, and then moves it into the right location + +# $1 = schroot name +# $2 = base distro +# $3 $4 ... = extra packages to install + +if [ $# -lt 2 ]; then + echo "usage: $0 TARGET DISTRO [backports] CMD [ARG1 ARG2 ...]" + exit 1 +fi +TARGET="$1" +shift +DISTRO="$1" +shift + +if [ "$1" == "backports" ] ; then + BACKPORTS="deb $MIRROR ${DISTRO}-backports main" + BACKPORTSSRC="deb-src $MIRROR ${DISTRO}-backports main" + shift +fi + +if [ ! -d "$CHROOT_BASE" ]; then + echo "Directory $CHROOT_BASE does not exist, aborting." + exit 1 +fi + +export CHROOT_TARGET=$(mktemp -d -p $CHROOT_BASE/ schroot-install-$TARGET-XXXX) +if [ -z "$CHROOT_TARGET" ]; then + echo "Could not create a directory to create the chroot in, aborting." + exit 1 +fi + +bootstrap() { + mkdir -p "$CHROOT_TARGET/etc/dpkg/dpkg.cfg.d" + echo force-unsafe-io > "$CHROOT_TARGET/etc/dpkg/dpkg.cfg.d/02dpkg-unsafe-io" + + echo "Bootstraping $DISTRO into $CHROOT_TARGET now." + sudo debootstrap $DISTRO $CHROOT_TARGET $MIRROR + + echo -e '#!/bin/sh\nexit 101' | sudo tee $CHROOT_TARGET/usr/sbin/policy-rc.d >/dev/null + sudo chmod +x $CHROOT_TARGET/usr/sbin/policy-rc.d + echo 'Acquire::http::Proxy "$http_proxy";' | sudo tee $CHROOT_TARGET/etc/apt/apt.conf.d/80proxy >/dev/null + echo "deb-src $MIRROR $DISTRO main" | sudo tee -a $CHROOT_TARGET/etc/apt/sources.list > /dev/null + echo "${BACKPORTS}" | sudo tee -a $CHROOT_TARGET/etc/apt/sources.list >/dev/null + echo "${BACKPORTSSRC}" | sudo tee -a $CHROOT_TARGET/etc/apt/sources.list >/dev/null + + sudo chroot $CHROOT_TARGET apt-get update + if [ -n "$1" ] ; then + sudo chroot $CHROOT_TARGET apt-get install -y --no-install-recommends "$@" + fi +} + +cleanup() { + if [ -d $CHROOT_TARGET ]; then + sudo rm -rf --one-file-system $CHROOT_TARGET || fuser -mv $CHROOT_TARGET + fi +} +trap cleanup INT TERM EXIT +bootstrap $@ + +trap - INT TERM EXIT + +# aquire a write lock in any case +touch $DBDCHROOT_WRITELOCK +if [ -f $DBDCHROOT_READLOCK ] ; then + # patiently wait for our users to using the schroot + for i in $(seq 0 100) ; do + sleep 15 + echo "sleeping 15s, debbindiff schroot is locked and used." + if [ ! -f $DBDCHROOT_READLOCK ] ; then + break + fi + done + if [ -f $DBDCHROOT_READLOCK ] ; then + echo "Warning: lock $DBDCHROOT_READLOCK still exists, exiting." + exit 1 + fi +fi + +# pivot the new schroot in place +rand=$RANDOM +if [ -d $SCHROOT_BASE/"$TARGET" ] +then + sudo mv $SCHROOT_BASE/"$TARGET" $SCHROOT_BASE/"$TARGET"-"$rand" +fi + +sudo mv $CHROOT_TARGET $SCHROOT_BASE/"$TARGET" + +if [ -d $SCHROOT_BASE/"$TARGET"-"$rand" ] +then + sudo rm -rf --one-file-system $SCHROOT_BASE/"$TARGET"-"$rand" +fi + +# write the schroot config +echo "Writing configuration" +sudo tee /etc/schroot/chroot.d/jenkins-"$TARGET" <<-__END__ + [jenkins-$TARGET] + description=Jenkins schroot $TARGET + directory=$SCHROOT_BASE/$TARGET + type=directory + root-users=jenkins + source-root-users=jenkins + union-type=aufs + __END__ + +# remove the lock +rm $DBDCHROOT_WRITELOCK + -- cgit v1.2.3-70-g09d2