From eed52128cf21b0ea9a159dba192b82ead9da2c52 Mon Sep 17 00:00:00 2001 From: Aveen Ismail Date: Thu, 10 Aug 2023 16:43:11 +0200 Subject: [PATCH] Update release scripts --- Cargo.lock | 60 ++++++++++++++++++++++++++-- resources/release/Vagrantfile | 73 +++++++++++++++++++++++++--------- resources/release/build-all.sh | 2 +- resources/release/build-pkg.sh | 63 +++++++++++++++++++++++------ resources/release/build-rpm.sh | 53 ++++++++++++++---------- 5 files changed, 195 insertions(+), 56 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 52394f9..d7aa202 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,6 +2,15 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "aho-corasick" +version = "0.6.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81ce3d38065e618af2d7b77e10c5ad9a069859b4be3c2250f674af3840d9c8a5" +dependencies = [ + "memchr", +] + [[package]] name = "aho-corasick" version = "0.7.18" @@ -190,15 +199,37 @@ dependencies = [ "rand_core 0.3.1", ] +[[package]] +name = "regex" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9329abc99e39129fcceabd24cf5d85b4671ef7c29c50e972bc5afe32438ec384" +dependencies = [ + "aho-corasick 0.6.10", + "memchr", + "regex-syntax 0.5.6", + "thread_local", + "utf8-ranges", +] + [[package]] name = "regex" version = "1.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d83f127d94bdbcda4c8cc2e50f6f84f4b611f69c902699ca385a39c3a75f9ff1" dependencies = [ - "aho-corasick", + "aho-corasick 0.7.18", "memchr", - "regex-syntax", + "regex-syntax 0.6.26", +] + +[[package]] +name = "regex-syntax" +version = "0.5.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d707a4fa2637f2dca2ef9fd02225ec7661fe01a53623c1e6515b6916511f7a7" +dependencies = [ + "ucd-util", ] [[package]] @@ -248,12 +279,33 @@ dependencies = [ "unicode-width", ] +[[package]] +name = "thread_local" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c6b53e329000edc2b34dbe8545fd20e55a333362d0a321909685a19bd28c3f1b" +dependencies = [ + "lazy_static", +] + +[[package]] +name = "ucd-util" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c85f514e095d348c279b1e5cd76795082cf15bd59b93207832abe0b1d8fed236" + [[package]] name = "unicode-width" version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3ed742d4ea2bd1176e236172c8429aaf54486e7ac098db29ffe6529e0ce50973" +[[package]] +name = "utf8-ranges" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fcfc827f90e53a02eaef5e535ee14266c1d569214c6aa70133a624d8a3164ba" + [[package]] name = "vec_map" version = "0.8.2" @@ -289,7 +341,7 @@ dependencies = [ "base64", "clap", "lazy_static", - "regex", + "regex 1.5.6", "rusty_secrets", "scan_dir", "yubihsmrs", @@ -302,6 +354,6 @@ dependencies = [ "lazy_static", "libyubihsm-sys", "log 0.3.9", - "regex", + "regex 0.2.11", "rustc-serialize", ] diff --git a/resources/release/Vagrantfile b/resources/release/Vagrantfile index 04c8a52..64f2c4b 100644 --- a/resources/release/Vagrantfile +++ b/resources/release/Vagrantfile @@ -8,18 +8,32 @@ Vagrant.configure("2") do |config| v.cpus = 2 end - config.vm.define "fedora33" do |fedora33| - fedora33.vm.box = "generic/fedora33" - fedora33.vm.synced_folder "../..", "/shared", type: "rsync", + config.vm.define "fedora35" do |fedora35| + fedora35.vm.box = "generic/fedora35" + fedora35.vm.synced_folder "../..", "/shared", type: "rsync", rsync__args: ["--verbose", "--archive", "-z", "--delete"] - fedora33.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora33", :privileged => false + fedora35.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora35", :privileged => false end - config.vm.define "fedora34" do |fedora34| - fedora34.vm.box = "messyzone/fedora34" - fedora34.vm.synced_folder "../..", "/shared", type: "rsync", + config.vm.define "fedora36" do |fedora36| + fedora36.vm.box = "generic/fedora36" + fedora36.vm.synced_folder "../..", "/shared", type: "rsync", rsync__args: ["--verbose", "--archive", "-z", "--delete"] - fedora34.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora34", :privileged => false + fedora36.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora36", :privileged => false + end + + config.vm.define "fedora37" do |fedora37| + fedora37.vm.box = "generic/fedora37" + fedora37.vm.synced_folder "../..", "/shared", type: "rsync", + rsync__args: ["--verbose", "--archive", "-z", "--delete"] + fedora37.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora37", :privileged => false + end + + config.vm.define "fedora38" do |fedora38| + fedora38.vm.box = "fedora/38-cloud-base" + fedora38.vm.synced_folder "../..", "/shared", type: "rsync", + rsync__args: ["--verbose", "--archive", "-z", "--delete"] + fedora38.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora38", :privileged => false end config.vm.define "centos7" do |centos7| @@ -29,12 +43,12 @@ Vagrant.configure("2") do |config| centos7.vm.provision "shell", :path => "build-rpm.sh", :args => "centos7", :privileged => false end - config.vm.define "centos8" do |centos8| - centos8.vm.box = "zyz/centos8" - centos8.vm.synced_folder "../..", "/shared", type: "rsync", - rsync__args: ["--verbose", "--archive", "-z", "--copy-links"] - centos8.vm.provision "shell", :path => "build-rpm.sh", :args => "centos8", :privileged => false - end +# config.vm.define "centos8" do |centos8| +# centos8.vm.box = "zyz/centos8" +# centos8.vm.synced_folder "../..", "/shared", type: "rsync", +# rsync__args: ["--verbose", "--archive", "-z", "--copy-links"] +# centos8.vm.provision "shell", :path => "build-rpm.sh", :args => "centos8", :privileged => false +# end config.vm.define "debian9" do |debian9| debian9.vm.box = "roboxes/debian9" @@ -50,7 +64,7 @@ Vagrant.configure("2") do |config| end config.vm.define "debian11" do |debian11| - debian11.vm.box = "axcxl/debian11_xfce" + debian11.vm.box = "debian/bullseye64" debian11.vm.synced_folder "../..", "/shared", type: "rsync", rsync__args: ["--verbose", "--archive", "-z", "--delete"] debian11.vm.provision "shell", :path => "build-pkg.sh", :args => "debian11", :privileged => false @@ -82,11 +96,32 @@ Vagrant.configure("2") do |config| focal.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2004", :privileged => false end - config.vm.define "hirsute" do |hirsute| - hirsute.vm.box = "ubuntu/hirsute64" - hirsute.vm.synced_folder "../..", "/shared", type: "rsync", + config.vm.define "impish" do |impish| + impish.vm.box = "ubuntu/impish64" + impish.vm.synced_folder "../..", "/shared", type: "rsync", + rsync__args: ["--verbose", "--archive", "-z", "--copy-links"] + impish.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2110", :privileged => false + end + + config.vm.define "jammy" do |jammy| + jammy.vm.box = "alvistack/ubuntu-22.04" + jammy.vm.synced_folder "../..", "/shared", type: "rsync", + rsync__args: ["--verbose", "--archive", "-z", "--copy-links"] + jammy.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2204", :privileged => false + end + + config.vm.define "kinetic" do |kinetic| + kinetic.vm.box = "ubuntu/kinetic64" + kinetic.vm.synced_folder "../..", "/shared", type: "rsync", + rsync__args: ["--verbose", "--archive", "-z", "--copy-links"] + kinetic.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2210", :privileged => false + end + + config.vm.define "lunar" do |lunar| + lunar.vm.box = "ubuntu/lunar64" + lunar.vm.synced_folder "../..", "/shared", type: "rsync", rsync__args: ["--verbose", "--archive", "-z", "--copy-links"] - hirsute.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2104", :privileged => false + lunar.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2304", :privileged => false end end diff --git a/resources/release/build-all.sh b/resources/release/build-all.sh index ca96c0d..b6da2c3 100755 --- a/resources/release/build-all.sh +++ b/resources/release/build-all.sh @@ -2,7 +2,7 @@ set -e -o pipefail -x -for machine in focal hirsute debian10 fedora33 fedora34 centos7 centos8; do +for machine in focal impish jammy debian10 debian11 fedora35 fedora36 centos7; do vagrant box update $machine time vagrant up $machine vagrant rsync-back $machine diff --git a/resources/release/build-pkg.sh b/resources/release/build-pkg.sh index 711dc0f..0d92ffa 100644 --- a/resources/release/build-pkg.sh +++ b/resources/release/build-pkg.sh @@ -4,11 +4,28 @@ set -x PLATFORM=$1 -YUBIHSMSDK_VERSION="2021-08" # To download the latest released version of yubihsm-shell +YUBIHSMSDK_VERSION="2022-06" # To download the latest released version of yubihsm-shell export DEBIAN_FRONTEND=noninteractive sudo apt-get update && sudo apt-get dist-upgrade -y -sudo apt-get install -y build-essential git +#sudo apt-get install -y build-essential git cmake pkg-config libedit-dev libssl-dev libcurl4-openssl-dev libpcsclite-dev libusb-1.0-0-dev +sudo apt-get install -y build-essential \ + chrpath \ + git \ + cmake \ + pkg-config \ + gengetopt \ + help2man \ + libedit-dev \ + libcurl4-openssl-dev \ + liblzma-dev \ + libssl-dev \ + libseccomp-dev \ + libusb-1.0.0-dev \ + dh-exec \ + git-buildpackage \ + curl \ + libpcsclite-dev export PATH=$PATH:~/.cargo/bin if [[ ! -x $(command -v rustc) ]]; then @@ -28,14 +45,34 @@ mkdir -p "${OUTPUT}" pushd "/tmp" &>/dev/null # install yubihsm-shell - mkdir yubihsm2-sdk - pushd "yubihsm2-sdk" &>/dev/null - curl -L --max-redirs 2 -o - https://developers.yubico.com/YubiHSM2/Releases/yubihsm2-sdk-$YUBIHSMSDK_VERSION-$PLATFORM-amd64.tar.gz |\ - tar -xzvf - - pushd "yubihsm2-sdk" &>/dev/null - sudo dpkg -i ./libyubihsm*_amd64.deb - popd &>/dev/null - popd &>/dev/null +# mkdir yubihsm2-sdk +# pushd "yubihsm2-sdk" &>/dev/null +# curl -L --max-redirs 2 -o - https://developers.yubico.com/YubiHSM2/Releases/yubihsm2-sdk-$YUBIHSMSDK_VERSION-$PLATFORM-amd64.tar.gz |\ +# tar -xzvf - +# pushd "yubihsm2-sdk" &>/dev/null +# sudo dpkg -i ./libyubihsm*_amd64.deb +# popd &>/dev/null +# popd &>/dev/null + + #git clone https://github.com/Yubico/yubihsm-shell.git + #cp -r /shared/resources/yubihsm-shell . + #pushd "yubihsm-shell" &>/dev/null + # mkdir build + # pushd "build" &>/dev/null + # cmake .. -DBUILD_ONLY_LIB=ON + # make + # popd + # if [ "${PLATFORM:0:6}" == "debian" ] || [ "$PLATFORM" == "ubuntu1804" ]; then + # dpkg-buildpackage -b --no-sign + # else + # dpkg-buildpackage + # fi + #popd + #cp libyubihsm1*.deb "${OUTPUT}" + #cp libyubihsm-usb1*.deb "${OUTPUT}" + #cp libyubihsm-http1*.deb "${OUTPUT}" + + sudo dpkg -i $INPUT/resources/release/libyubihsm*_amd64.deb # install yubihsmrs rm -rf yubihsmrs @@ -45,8 +82,10 @@ pushd "/tmp" &>/dev/null rm -rf yubihsm-setup git clone "$INPUT" yubihsm-setup pushd "yubihsm-setup" &>/dev/null - YUBIHSM_LIB_DIR=$(dpkg -L libyubihsm1 | grep -e "libyubihsm.so.2$" | xargs dirname) \ - cargo build --release + #YUBIHSM_LIB_DIR=$(dpkg -L libyubihsm1 | grep -e "libyubihsm.so.2$" | xargs dirname) \ + # cargo build --release + #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell/build/lib cargo build --release + YUBIHSM_LIB_DIR=/usr/lib/x86_64-linux-gnu cargo build --release strip --strip-all target/release/yubihsm-setup cargo deb --no-build cp target/debian/*.deb "${OUTPUT}" diff --git a/resources/release/build-rpm.sh b/resources/release/build-rpm.sh index f0ab613..574d93a 100644 --- a/resources/release/build-rpm.sh +++ b/resources/release/build-rpm.sh @@ -3,7 +3,7 @@ set -e -o pipefail set -x PLATFORM=$1 -LIBYUBIHSM_VERSION="2.2.0" # To download the latest released version of yubihsm-shell +LIBYUBIHSM_VERSION="2.4.0" # To download the latest released version of yubihsm-shell if [ "$PLATFORM" == "centos7" ]; then sudo yum -y install centos-release-scl @@ -37,12 +37,13 @@ elif [ "$PLATFORM" == "centos8" ]; then elif [ "${PLATFORM:0:6}" == "fedora" ]; then sudo dnf -y update sudo dnf -y install binutils \ - git \ - cmake \ - openssl-devel \ - libusb-devel \ - libcurl-devel \ - rpmdevtools + git \ + cmake \ + openssl-devel \ + libusb1-devel \ + libcurl-devel \ + rpmdevtools \ + pcsc-lite-devel export CMAKE="cmake" fi @@ -61,16 +62,24 @@ mkdir -p $OUTPUT pushd "/tmp" &>/dev/null # build yubihsm-shell from source - rm -rf yubihsm-shell-$LIBYUBIHSM_VERSION - curl -L --max-redirs 2 -o - https://developers.yubico.com/yubihsm-shell/Releases/yubihsm-shell-$LIBYUBIHSM_VERSION.tar.gz |\ - tar -xzvf - - pushd "yubihsm-shell-$LIBYUBIHSM_VERSION" &>/dev/null - mkdir build - pushd "build" &>/dev/null - $CMAKE .. -DBUILD_ONLY_LIB=ON - make - popd &>/dev/null - popd &>/dev/null + #rm -rf yubihsm-shell-$LIBYUBIHSM_VERSION + #curl -L --max-redirs 2 -o - https://developers.yubico.com/yubihsm-shell/Releases/yubihsm-shell-$LIBYUBIHSM_VERSION.tar.gz |\ + # tar -xzvf - + + #git clone https://github.com/Yubico/yubihsm-shell.git + #cp -r /shared/resources/yubihsm-shell . + #pushd "yubihsm-shell-$LIBYUBIHSM_VERSION" &>/dev/null + #pushd "yubihsm-shell" &>/dev/null + # mkdir build + # pushd "build" &>/dev/null + # $CMAKE .. -DBUILD_ONLY_LIB=ON + # make + # popd &>/dev/null + #popd &>/dev/null + + sudo dnf -y install yubihsm-shell-2.4.1-1.fc38.x86_64.rpm + sudo dnf -y install yubihsm-devel-2.4.1-1.fc38.x86_64.rpm + # install yubihsmrs rm -rf yubihsmrs @@ -82,8 +91,12 @@ pushd "/tmp" &>/dev/null pushd "yubihsm-setup" &>/dev/null cargo install cargo-rpm cargo rpm init - YUBIHSM_LIB_DIR=/tmp/yubihsm-shell-$LIBYUBIHSM_VERSION/build/lib cargo build --release - YUBIHSM_LIB_DIR=/tmp/yubihsm-shell-$LIBYUBIHSM_VERSION/build/lib cargo rpm build + #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell-$LIBYUBIHSM_VERSION/build/lib cargo build --release + #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell-$LIBYUBIHSM_VERSION/build/lib cargo rpm build + #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell/build/lib cargo build --release + #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell/build/lib cargo rpm build + cargo build --release + cargo rpm build cp target/release/rpmbuild/RPMS/x86_64/*.rpm $OUTPUT popd &>/dev/null popd &>/dev/null @@ -103,4 +116,4 @@ pushd "/shared" &>/dev/null rm -rf licenses rm -rf ../yubihsm-setup popd &>/dev/null -popd &>/dev/null \ No newline at end of file +popd &>/dev/null