ARM Cross Builds

- Upgrade to Trusty for the ARM 64 toolchain.
- Cross-compile to ARM.
- Label binaries and packages when releasing.

.travis.yml

@@ -3,53 +3,35 @@
 # Edit ./tpl/travis.yml.ypl instead #
 #####################################
 
-language: c
+sudo: required
+dist: trusty
 
-compiler:
-- gcc
-- clang
-
-addons:
-  apt:
-    packages:
-    - build-essential
-    - cmake
-    - rpm
-    - git
-    - gdb
-    - valgrind
-    - python-dev
-    - libcap-dev
-    - python-pip
-    - python-virtualenv
-    - hardening-includes
-    - gnupg
-    - vim-common
+language: generic
 
 env:
+  matrix:
+    - CC=gcc ARCH_SUFFIX=amd64 ARCH_NATIVE=1
+    - CC=arm-linux-gnueabihf-gcc ARCH_SUFFIX=armhf ARCH_NATIVE=
+    - CC=aarch64-linux-gnu-gcc ARCH_SUFFIX=arm64 ARCH_NATIVE=
   global:
     - SIGN_BINARIES=1
     - secure: "RKF9Z9gLxp6k/xITqn7ma1E9HfpYcDXuJFf4862WeH9EMnK9lDq+TWnGsQfkIlqh8h9goe7U+BvRiTibj9MiD5u7eluLo3dlwsLxPpYtyswYeLeC1wKKdT5LPGAXbRKomvBalRYMI+dDnGIM4w96mHgGGvx2zZXGkiAQhm6fJ3k="
+    - DIST_DIR="${HOME}/up"
 
 before_install:
   - openssl aes-256-cbc -K $encrypted_2893fd5649e7_key -iv $encrypted_2893fd5649e7_iv -in sign.key.enc -out sign.key -d || echo "Encrypted signing key unavailable"
 
-script: ./ci/run_build.sh
-
-sudo: false
+script:
+  - sudo ./ci/install_deps.sh
+  - ./ci/run_build.sh
+  - ls -lah "$DIST_DIR"
 
 deploy:
   provider: releases
   api_key:
     secure: Yk90ANpSPv1iJy8QDXCPwfaSmEr/WIJ3bzhQ6X8JvZjfrwTosbh0HrUzQyeac3nyvNwj7YJRssolOFc21IBKPpCFTZqYxSkuLPU6ysG4HGHgN6YJhOMm4mG4KKJ6741q3DJendhZpalBhCEi+NcZK/PCSD97Vl4OqRjBUged0fs=
-  file:
-    - "./dist/tini"
-    - "./dist/tini.asc"
-    - "./dist/tini-static"
-    - "./dist/tini-static.asc"
-    - "./dist/tini_0.10.0.deb"
-    - "./dist/tini_0.10.0.rpm"
+  file: "${DIST_DIR}/*"
+  file_glob: true
   on:
     repo: krallin/tini
     tags: true
-    condition: "$CC = gcc"

CMakeLists.txt

@@ -79,6 +79,13 @@ configure_file (
 	@ONLY
 )
 
+configure_file (
+	"${PROJECT_SOURCE_DIR}/tpl/VERSION.in"
+	"${PROJECT_BINARY_DIR}/VERSION"
+	@ONLY
+)
+
+
 include_directories ("${PROJECT_BINARY_DIR}")
 
 add_executable (tini src/tini.c)

Dockerfile

@@ -1,8 +1,7 @@
-FROM ubuntu:precise
+FROM ubuntu:trusty
 
-RUN apt-get update \
- && apt-get install --no-install-recommends --yes build-essential git gdb valgrind cmake rpm python-dev libcap-dev python-pip python-virtualenv hardening-includes gnupg vim-common \
- && rm -rf /var/lib/apt/lists/*
+COPY ci/install_deps.sh /install_deps.sh
+RUN /install_deps.sh
 
 # Pre-install those here for faster local builds.
 RUN CFLAGS="-DPR_SET_CHILD_SUBREAPER=36 -DPR_GET_CHILD_SUBREAPER=37" pip install psutil python-prctl bitmap

ci/install_deps.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+
+apt-get update
+
+apt-get install --no-install-recommends --yes \
+  build-essential git gdb valgrind cmake rpm \
+  python-dev libcap-dev python-pip python-virtualenv \
+  hardening-includes gnupg vim-common \
+  gcc-aarch64-linux-gnu binutils-aarch64-linux-gnu libc6-dev-arm64-cross \
+  gcc-arm-linux-gnueabihf binutils-arm-linux-gnueabi libc6-dev-armhf-cross
+
+rm -rf /var/lib/apt/lists/*

ci/run_build.sh

@@ -7,6 +7,8 @@ set -o pipefail
 # Default compiler
 : ${CC:="gcc"}
 
+echo "CC=${CC}"
+
 # Paths
 : ${SOURCE_DIR:="."}
 : ${DIST_DIR:="${SOURCE_DIR}/dist"}
@@ -50,82 +52,141 @@ make
 make package
 popd
 
-# Smoke tests (actual tests need Docker to run; they don't run within the CI environment)
-for tini in "${BUILD_DIR}/tini" "${BUILD_DIR}/tini-static"; do
-  echo "Smoke test for $tini"
-  "${tini}" -h
+pkg_version="$(cat "${BUILD_DIR}/VERSION")"
 
-  echo "Testing $tini for license"
-  "${tini}" -l | grep -i "mit license"
+if [[ -n "${ARCH_NATIVE:=}" ]]; then
+  echo "Built native package (ARCH_NATIVE=${ARCH_NATIVE})"
+  echo "Running smoke and internal tests"
 
-  echo "Testing $tini with: true"
-  "${tini}" -vvv true
+  # Smoke tests (actual tests need Docker to run; they don't run within the CI environment)
+  for tini in "${BUILD_DIR}/tini" "${BUILD_DIR}/tini-static"; do
+    echo "Smoke test for $tini"
+    "${tini}" -h
 
-  echo "Testing $tini with: false"
-  if "${tini}" -vvv false; then
-    exit 1
+    echo "Testing $tini for license"
+    "${tini}" -l | grep -i "mit license"
+
+    echo "Testing $tini with: true"
+    "${tini}" -vvv true
+
+    echo "Testing $tini with: false"
+    if "${tini}" -vvv false; then
+      exit 1
+    fi
+
+    # Test stdin / stdout are handed over to child
+    echo "Testing pipe"
+    echo "exit 0" | "${tini}" -vvv sh
+    if [[ ! "$?" -eq "0" ]]; then
+      echo "Pipe test failed"
+      exit 1
+    fi
+
+    echo "Checking hardening on $tini"
+    hardening-check --nopie --nostackprotector --nobindnow "${tini}"
+  done
+
+  # Quick package audit
+  if which rpm >/dev/null; then
+    echo "Contents for RPM:"
+    rpm -qlp "${BUILD_DIR}/tini_${pkg_version}.rpm"
+    echo "--"
   fi
 
-  # Test stdin / stdout are handed over to child
-  echo "Testing pipe"
-  echo "exit 0" | "${tini}" -vvv sh
-  if [[ ! "$?" -eq "0" ]]; then
-    echo "Pipe test failed"
-    exit 1
+  if which dpkg >/dev/null; then
+    echo "Contents for DEB:"
+    dpkg --contents "${BUILD_DIR}/tini_${pkg_version}.deb"
+    echo "--"
   fi
 
-  echo "Checking hardening on $tini"
-  hardening-check --nopie --nostackprotector --nobindnow "${tini}"
-done
+  # Compile test code
+  "${CC}" -o "${BUILD_DIR}/sigconf-test" "${SOURCE_DIR}/test/sigconf/sigconf-test.c"
 
-# Move files to the dist dir for testing
-mkdir -p "${DIST_DIR}"
-cp "${BUILD_DIR}"/tini{,-static,*.rpm,*deb} "${DIST_DIR}"
+  # Create virtual environment to run tests.
+  # Accept system site packages for faster local builds.
+  VENV="${BUILD_DIR}/venv"
+  virtualenv --system-site-packages "${VENV}"
 
-# Quick package audit
-if which rpm; then
-  echo "Contents for RPM:"
-  rpm -qlp "${DIST_DIR}/tini"*.rpm
-fi
+  # Don't use activate because it does not play nice with nounset
+  export PATH="${VENV}/bin:${PATH}"
+  export CFLAGS  # We need them to build our test suite, regardless of FORCE_SUBREAPER
+
+  # Install test dependencies
+  pip install psutil python-prctl bitmap
 
-if which dpkg; then
-  echo "Contents for DEB:"
-  dpkg --contents "${DIST_DIR}/tini"*deb
+  # Run tests
+  python "${SOURCE_DIR}/test/run_inner_tests.py"
+else
+  if [[ ! -n "${ARCH_SUFFIX:=}" ]]; then
+    echo "Built cross package, but $ARCH_SUFFIX is empty!"
+    exit 1
+  fi
+  echo "Built cross package (ARCH_SUFFIX=${ARCH_SUFFIX})"
+  echo "Skipping smoke and internal tests"
 fi
 
-# Compile test code
-"${CC}" -o "${BUILD_DIR}/sigconf-test" "${SOURCE_DIR}/test/sigconf/sigconf-test.c"
+# Now, copy over files to DIST_DIR, with appropriate names depending on the
+# architecture.
+# Handle the DEB / RPM
+mkdir -p "${DIST_DIR}"
+
+TINIS=()
+
+for tini in tini tini-static; do
+  if [[ -n "${ARCH_SUFFIX:=}" ]]; then
+    to="${DIST_DIR}/${tini}-${ARCH_SUFFIX}"
+    TINIS+=("$to")
+    cp "${BUILD_DIR}/${tini}" "$to"
+  fi
+
+  if [[ -n "${ARCH_NATIVE:=}" ]]; then
+    to="${DIST_DIR}/${tini}"
+    TINIS+=("$to")
+    cp "${BUILD_DIR}/${tini}" "$to"
+  fi
+done
+
+for pkg_format in deb rpm; do
+  src="${BUILD_DIR}/tini_${pkg_version}.${pkg_format}"
 
-# Create virtual environment to run tests.
-# Accept system site packages for faster local builds.
-VENV="${BUILD_DIR}/venv"
-virtualenv --system-site-packages "${VENV}"
+  if [[ -n "${ARCH_SUFFIX:=}" ]]; then
+    to="${DIST_DIR}/tini_${pkg_version}-${ARCH_SUFFIX}.${pkg_format}"
+    TINIS+=("$to")
+    cp "$src" "$to"
+  fi
 
-# Don't use activate because it does not play nice with nounset
-export PATH="${VENV}/bin:${PATH}"
-export CFLAGS  # We need them to build our test suite, regardless of FORCE_SUBREAPER
+  if [[ -n "${ARCH_NATIVE:=}" ]]; then
+    to="${DIST_DIR}/tini_${pkg_version}.${pkg_format}"
+    TINIS+=("$to")
+    cp "$src" "$to"
+  fi
+done
 
-# Install test dependencies
-pip install psutil python-prctl bitmap
+echo "Tinis: ${TINIS[*]}"
 
-# Run tests
-python "${SOURCE_DIR}/test/run_inner_tests.py"
+for tini in "${TINIS[@]}"; do
+  echo "${tini}:"
+  sha1sum "$tini"
+  file "$tini"
+  echo "--"
+done
 
 # If a signing key and passphrase are made available, then use it to sign the
 # binaries
 if [[ -n "$GPG_PASSPHRASE" ]] && [[ -f "${SOURCE_DIR}/sign.key" ]]; then
-  echo "Signing binaries"
+  echo "Signing tinis"
   GPG_SIGN_HOMEDIR="${BUILD_DIR}/gpg-sign"
   GPG_VERIFY_HOMEDIR="${BUILD_DIR}/gpg-verify"
   PGP_KEY_FINGERPRINT="595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7"
   PGP_KEYSERVER="ha.pool.sks-keyservers.net"
+
   mkdir "${GPG_SIGN_HOMEDIR}" "${GPG_VERIFY_HOMEDIR}"
   chmod 700 "${GPG_SIGN_HOMEDIR}" "${GPG_VERIFY_HOMEDIR}"
 
   gpg --homedir "${GPG_SIGN_HOMEDIR}" --import "${SOURCE_DIR}/sign.key"
   gpg --homedir "${GPG_VERIFY_HOMEDIR}" --keyserver "$PGP_KEYSERVER" --recv-keys "$PGP_KEY_FINGERPRINT"
 
-  for tini in "${DIST_DIR}/tini" "${DIST_DIR}/tini-static"; do
+  for tini in "${TINIS[@]}"; do
     echo "${GPG_PASSPHRASE}" | gpg --homedir "${GPG_SIGN_HOMEDIR}" --passphrase-fd 0 --armor --detach-sign "${tini}"
     gpg --homedir "${GPG_VERIFY_HOMEDIR}" --verify "${tini}.asc"
   done

ddist.sh

@@ -2,8 +2,6 @@
 set -o errexit
 set -o nounset
 
-: ${FORCE_SUBREAPER:="1"}
-
 REL_HERE=$(dirname "${BASH_SOURCE}")
 HERE=$(cd "${REL_HERE}"; pwd)
 
@@ -21,6 +19,9 @@ docker run -it --rm \
   --volume="${HERE}:${SRC}" \
   -e BUILD_DIR=/tmp/tini-build \
   -e SOURCE_DIR="${SRC}" \
-  -e FORCE_SUBREAPER="${FORCE_SUBREAPER}" \
+  -e FORCE_SUBREAPER="${FORCE_SUBREAPER:="1"}" \
   -e GPG_PASSPHRASE="${GPG_PASSPHRASE:=}" \
+  -e CC="${CC:=gcc}" \
+  -e ARCH_NATIVE="${ARCH_NATIVE-1}" \
+  -e ARCH_SUFFIX="${ARCH_SUFFIX-}" \
   "${IMG}" "${SRC}/ci/run_build.sh"

tpl/VERSION.in

@@ -0,0 +1 @@
+@tini_VERSION_MAJOR@.@tini_VERSION_MINOR@.@tini_VERSION_PATCH@

tpl/travis.yml.tpl

@@ -3,53 +3,35 @@
 # Edit ./tpl/travis.yml.ypl instead #
 #####################################
 
-language: c
+sudo: required
+dist: trusty
 
-compiler:
-- gcc
-- clang
-
-addons:
-  apt:
-    packages:
-    - build-essential
-    - cmake
-    - rpm
-    - git
-    - gdb
-    - valgrind
-    - python-dev
-    - libcap-dev
-    - python-pip
-    - python-virtualenv
-    - hardening-includes
-    - gnupg
-    - vim-common
+language: generic
 
 env:
+  matrix:
+    - CC=gcc ARCH_SUFFIX=amd64 ARCH_NATIVE=1
+    - CC=arm-linux-gnueabihf-gcc ARCH_SUFFIX=armhf ARCH_NATIVE=
+    - CC=aarch64-linux-gnu-gcc ARCH_SUFFIX=arm64 ARCH_NATIVE=
   global:
     - SIGN_BINARIES=1
     - secure: "RKF9Z9gLxp6k/xITqn7ma1E9HfpYcDXuJFf4862WeH9EMnK9lDq+TWnGsQfkIlqh8h9goe7U+BvRiTibj9MiD5u7eluLo3dlwsLxPpYtyswYeLeC1wKKdT5LPGAXbRKomvBalRYMI+dDnGIM4w96mHgGGvx2zZXGkiAQhm6fJ3k="
+    - DIST_DIR="${HOME}/up"
 
 before_install:
   - openssl aes-256-cbc -K $encrypted_2893fd5649e7_key -iv $encrypted_2893fd5649e7_iv -in sign.key.enc -out sign.key -d || echo "Encrypted signing key unavailable"
 
-script: ./ci/run_build.sh
-
-sudo: false
+script:
+  - sudo ./ci/install_deps.sh
+  - ./ci/run_build.sh
+  - ls -lah "$DIST_DIR"
 
 deploy:
   provider: releases
   api_key:
     secure: Yk90ANpSPv1iJy8QDXCPwfaSmEr/WIJ3bzhQ6X8JvZjfrwTosbh0HrUzQyeac3nyvNwj7YJRssolOFc21IBKPpCFTZqYxSkuLPU6ysG4HGHgN6YJhOMm4mG4KKJ6741q3DJendhZpalBhCEi+NcZK/PCSD97Vl4OqRjBUged0fs=
-  file:
-    - "./dist/tini"
-    - "./dist/tini.asc"
-    - "./dist/tini-static"
-    - "./dist/tini-static.asc"
-    - "./dist/tini_@tini_VERSION_MAJOR@.@tini_VERSION_MINOR@.@tini_VERSION_PATCH@.deb"
-    - "./dist/tini_@tini_VERSION_MAJOR@.@tini_VERSION_MINOR@.@tini_VERSION_PATCH@.rpm"
+  file: "${DIST_DIR}/*"
+  file_glob: true
   on:
     repo: krallin/tini
     tags: true
-    condition: "$CC = gcc"