ARM Cross Builds

- Upgrade to Trusty for the ARM 64 toolchain.
- Cross-compile to ARM.
- Label binaries and packages when releasing.
arm-cross
Thomas Orozco 8 years ago
parent df9dbc1055
commit c8cc8274b8
  1. 46
      .travis.yml
  2. 7
      CMakeLists.txt
  3. 7
      Dockerfile
  4. 14
      ci/install_deps.sh
  5. 153
      ci/run_build.sh
  6. 7
      ddist.sh
  7. 1
      tpl/VERSION.in
  8. 46
      tpl/travis.yml.tpl

@ -3,53 +3,35 @@
# Edit ./tpl/travis.yml.ypl instead # # Edit ./tpl/travis.yml.ypl instead #
##################################### #####################################
language: c sudo: required
dist: trusty
compiler: language: generic
- gcc
- clang
addons:
apt:
packages:
- build-essential
- cmake
- rpm
- git
- gdb
- valgrind
- python-dev
- libcap-dev
- python-pip
- python-virtualenv
- hardening-includes
- gnupg
- vim-common
env: env:
matrix:
- CC=gcc ARCH_SUFFIX=amd64 ARCH_NATIVE=1
- CC=arm-linux-gnueabihf-gcc ARCH_SUFFIX=armhf ARCH_NATIVE=
- CC=aarch64-linux-gnu-gcc ARCH_SUFFIX=arm64 ARCH_NATIVE=
global: global:
- SIGN_BINARIES=1 - SIGN_BINARIES=1
- secure: "RKF9Z9gLxp6k/xITqn7ma1E9HfpYcDXuJFf4862WeH9EMnK9lDq+TWnGsQfkIlqh8h9goe7U+BvRiTibj9MiD5u7eluLo3dlwsLxPpYtyswYeLeC1wKKdT5LPGAXbRKomvBalRYMI+dDnGIM4w96mHgGGvx2zZXGkiAQhm6fJ3k=" - secure: "RKF9Z9gLxp6k/xITqn7ma1E9HfpYcDXuJFf4862WeH9EMnK9lDq+TWnGsQfkIlqh8h9goe7U+BvRiTibj9MiD5u7eluLo3dlwsLxPpYtyswYeLeC1wKKdT5LPGAXbRKomvBalRYMI+dDnGIM4w96mHgGGvx2zZXGkiAQhm6fJ3k="
- DIST_DIR="${HOME}/up"
before_install: before_install:
- openssl aes-256-cbc -K $encrypted_2893fd5649e7_key -iv $encrypted_2893fd5649e7_iv -in sign.key.enc -out sign.key -d || echo "Encrypted signing key unavailable" - openssl aes-256-cbc -K $encrypted_2893fd5649e7_key -iv $encrypted_2893fd5649e7_iv -in sign.key.enc -out sign.key -d || echo "Encrypted signing key unavailable"
script: ./ci/run_build.sh script:
- sudo ./ci/install_deps.sh
sudo: false - ./ci/run_build.sh
- ls -lah "$DIST_DIR"
deploy: deploy:
provider: releases provider: releases
api_key: api_key:
secure: Yk90ANpSPv1iJy8QDXCPwfaSmEr/WIJ3bzhQ6X8JvZjfrwTosbh0HrUzQyeac3nyvNwj7YJRssolOFc21IBKPpCFTZqYxSkuLPU6ysG4HGHgN6YJhOMm4mG4KKJ6741q3DJendhZpalBhCEi+NcZK/PCSD97Vl4OqRjBUged0fs= secure: Yk90ANpSPv1iJy8QDXCPwfaSmEr/WIJ3bzhQ6X8JvZjfrwTosbh0HrUzQyeac3nyvNwj7YJRssolOFc21IBKPpCFTZqYxSkuLPU6ysG4HGHgN6YJhOMm4mG4KKJ6741q3DJendhZpalBhCEi+NcZK/PCSD97Vl4OqRjBUged0fs=
file: file: "${DIST_DIR}/*"
- "./dist/tini" file_glob: true
- "./dist/tini.asc"
- "./dist/tini-static"
- "./dist/tini-static.asc"
- "./dist/tini_0.10.0.deb"
- "./dist/tini_0.10.0.rpm"
on: on:
repo: krallin/tini repo: krallin/tini
tags: true tags: true
condition: "$CC = gcc"

@ -79,6 +79,13 @@ configure_file (
@ONLY @ONLY
) )
configure_file (
"${PROJECT_SOURCE_DIR}/tpl/VERSION.in"
"${PROJECT_BINARY_DIR}/VERSION"
@ONLY
)
include_directories ("${PROJECT_BINARY_DIR}") include_directories ("${PROJECT_BINARY_DIR}")
add_executable (tini src/tini.c) add_executable (tini src/tini.c)

@ -1,8 +1,7 @@
FROM ubuntu:precise FROM ubuntu:trusty
RUN apt-get update \ COPY ci/install_deps.sh /install_deps.sh
&& apt-get install --no-install-recommends --yes build-essential git gdb valgrind cmake rpm python-dev libcap-dev python-pip python-virtualenv hardening-includes gnupg vim-common \ RUN /install_deps.sh
&& rm -rf /var/lib/apt/lists/*
# Pre-install those here for faster local builds. # Pre-install those here for faster local builds.
RUN CFLAGS="-DPR_SET_CHILD_SUBREAPER=36 -DPR_GET_CHILD_SUBREAPER=37" pip install psutil python-prctl bitmap RUN CFLAGS="-DPR_SET_CHILD_SUBREAPER=36 -DPR_GET_CHILD_SUBREAPER=37" pip install psutil python-prctl bitmap

@ -0,0 +1,14 @@
#!/bin/bash
set -o errexit
set -o nounset
apt-get update
apt-get install --no-install-recommends --yes \
build-essential git gdb valgrind cmake rpm \
python-dev libcap-dev python-pip python-virtualenv \
hardening-includes gnupg vim-common \
gcc-aarch64-linux-gnu binutils-aarch64-linux-gnu libc6-dev-arm64-cross \
gcc-arm-linux-gnueabihf binutils-arm-linux-gnueabi libc6-dev-armhf-cross
rm -rf /var/lib/apt/lists/*

@ -7,6 +7,8 @@ set -o pipefail
# Default compiler # Default compiler
: ${CC:="gcc"} : ${CC:="gcc"}
echo "CC=${CC}"
# Paths # Paths
: ${SOURCE_DIR:="."} : ${SOURCE_DIR:="."}
: ${DIST_DIR:="${SOURCE_DIR}/dist"} : ${DIST_DIR:="${SOURCE_DIR}/dist"}
@ -50,82 +52,141 @@ make
make package make package
popd popd
# Smoke tests (actual tests need Docker to run; they don't run within the CI environment) pkg_version="$(cat "${BUILD_DIR}/VERSION")"
for tini in "${BUILD_DIR}/tini" "${BUILD_DIR}/tini-static"; do
echo "Smoke test for $tini"
"${tini}" -h
echo "Testing $tini for license" if [[ -n "${ARCH_NATIVE:=}" ]]; then
"${tini}" -l | grep -i "mit license" echo "Built native package (ARCH_NATIVE=${ARCH_NATIVE})"
echo "Running smoke and internal tests"
echo "Testing $tini with: true" # Smoke tests (actual tests need Docker to run; they don't run within the CI environment)
"${tini}" -vvv true for tini in "${BUILD_DIR}/tini" "${BUILD_DIR}/tini-static"; do
echo "Smoke test for $tini"
"${tini}" -h
echo "Testing $tini with: false" echo "Testing $tini for license"
if "${tini}" -vvv false; then "${tini}" -l | grep -i "mit license"
exit 1
echo "Testing $tini with: true"
"${tini}" -vvv true
echo "Testing $tini with: false"
if "${tini}" -vvv false; then
exit 1
fi
# Test stdin / stdout are handed over to child
echo "Testing pipe"
echo "exit 0" | "${tini}" -vvv sh
if [[ ! "$?" -eq "0" ]]; then
echo "Pipe test failed"
exit 1
fi
echo "Checking hardening on $tini"
hardening-check --nopie --nostackprotector --nobindnow "${tini}"
done
# Quick package audit
if which rpm >/dev/null; then
echo "Contents for RPM:"
rpm -qlp "${BUILD_DIR}/tini_${pkg_version}.rpm"
echo "--"
fi fi
# Test stdin / stdout are handed over to child if which dpkg >/dev/null; then
echo "Testing pipe" echo "Contents for DEB:"
echo "exit 0" | "${tini}" -vvv sh dpkg --contents "${BUILD_DIR}/tini_${pkg_version}.deb"
if [[ ! "$?" -eq "0" ]]; then echo "--"
echo "Pipe test failed"
exit 1
fi fi
echo "Checking hardening on $tini" # Compile test code
hardening-check --nopie --nostackprotector --nobindnow "${tini}" "${CC}" -o "${BUILD_DIR}/sigconf-test" "${SOURCE_DIR}/test/sigconf/sigconf-test.c"
done
# Move files to the dist dir for testing # Create virtual environment to run tests.
mkdir -p "${DIST_DIR}" # Accept system site packages for faster local builds.
cp "${BUILD_DIR}"/tini{,-static,*.rpm,*deb} "${DIST_DIR}" VENV="${BUILD_DIR}/venv"
virtualenv --system-site-packages "${VENV}"
# Quick package audit # Don't use activate because it does not play nice with nounset
if which rpm; then export PATH="${VENV}/bin:${PATH}"
echo "Contents for RPM:" export CFLAGS # We need them to build our test suite, regardless of FORCE_SUBREAPER
rpm -qlp "${DIST_DIR}/tini"*.rpm
fi # Install test dependencies
pip install psutil python-prctl bitmap
if which dpkg; then # Run tests
echo "Contents for DEB:" python "${SOURCE_DIR}/test/run_inner_tests.py"
dpkg --contents "${DIST_DIR}/tini"*deb else
if [[ ! -n "${ARCH_SUFFIX:=}" ]]; then
echo "Built cross package, but $ARCH_SUFFIX is empty!"
exit 1
fi
echo "Built cross package (ARCH_SUFFIX=${ARCH_SUFFIX})"
echo "Skipping smoke and internal tests"
fi fi
# Compile test code # Now, copy over files to DIST_DIR, with appropriate names depending on the
"${CC}" -o "${BUILD_DIR}/sigconf-test" "${SOURCE_DIR}/test/sigconf/sigconf-test.c" # architecture.
# Handle the DEB / RPM
mkdir -p "${DIST_DIR}"
TINIS=()
for tini in tini tini-static; do
if [[ -n "${ARCH_SUFFIX:=}" ]]; then
to="${DIST_DIR}/${tini}-${ARCH_SUFFIX}"
TINIS+=("$to")
cp "${BUILD_DIR}/${tini}" "$to"
fi
if [[ -n "${ARCH_NATIVE:=}" ]]; then
to="${DIST_DIR}/${tini}"
TINIS+=("$to")
cp "${BUILD_DIR}/${tini}" "$to"
fi
done
for pkg_format in deb rpm; do
src="${BUILD_DIR}/tini_${pkg_version}.${pkg_format}"
# Create virtual environment to run tests. if [[ -n "${ARCH_SUFFIX:=}" ]]; then
# Accept system site packages for faster local builds. to="${DIST_DIR}/tini_${pkg_version}-${ARCH_SUFFIX}.${pkg_format}"
VENV="${BUILD_DIR}/venv" TINIS+=("$to")
virtualenv --system-site-packages "${VENV}" cp "$src" "$to"
fi
# Don't use activate because it does not play nice with nounset if [[ -n "${ARCH_NATIVE:=}" ]]; then
export PATH="${VENV}/bin:${PATH}" to="${DIST_DIR}/tini_${pkg_version}.${pkg_format}"
export CFLAGS # We need them to build our test suite, regardless of FORCE_SUBREAPER TINIS+=("$to")
cp "$src" "$to"
fi
done
# Install test dependencies echo "Tinis: ${TINIS[*]}"
pip install psutil python-prctl bitmap
# Run tests for tini in "${TINIS[@]}"; do
python "${SOURCE_DIR}/test/run_inner_tests.py" echo "${tini}:"
sha1sum "$tini"
file "$tini"
echo "--"
done
# If a signing key and passphrase are made available, then use it to sign the # If a signing key and passphrase are made available, then use it to sign the
# binaries # binaries
if [[ -n "$GPG_PASSPHRASE" ]] && [[ -f "${SOURCE_DIR}/sign.key" ]]; then if [[ -n "$GPG_PASSPHRASE" ]] && [[ -f "${SOURCE_DIR}/sign.key" ]]; then
echo "Signing binaries" echo "Signing tinis"
GPG_SIGN_HOMEDIR="${BUILD_DIR}/gpg-sign" GPG_SIGN_HOMEDIR="${BUILD_DIR}/gpg-sign"
GPG_VERIFY_HOMEDIR="${BUILD_DIR}/gpg-verify" GPG_VERIFY_HOMEDIR="${BUILD_DIR}/gpg-verify"
PGP_KEY_FINGERPRINT="595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7" PGP_KEY_FINGERPRINT="595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7"
PGP_KEYSERVER="ha.pool.sks-keyservers.net" PGP_KEYSERVER="ha.pool.sks-keyservers.net"
mkdir "${GPG_SIGN_HOMEDIR}" "${GPG_VERIFY_HOMEDIR}" mkdir "${GPG_SIGN_HOMEDIR}" "${GPG_VERIFY_HOMEDIR}"
chmod 700 "${GPG_SIGN_HOMEDIR}" "${GPG_VERIFY_HOMEDIR}" chmod 700 "${GPG_SIGN_HOMEDIR}" "${GPG_VERIFY_HOMEDIR}"
gpg --homedir "${GPG_SIGN_HOMEDIR}" --import "${SOURCE_DIR}/sign.key" gpg --homedir "${GPG_SIGN_HOMEDIR}" --import "${SOURCE_DIR}/sign.key"
gpg --homedir "${GPG_VERIFY_HOMEDIR}" --keyserver "$PGP_KEYSERVER" --recv-keys "$PGP_KEY_FINGERPRINT" gpg --homedir "${GPG_VERIFY_HOMEDIR}" --keyserver "$PGP_KEYSERVER" --recv-keys "$PGP_KEY_FINGERPRINT"
for tini in "${DIST_DIR}/tini" "${DIST_DIR}/tini-static"; do for tini in "${TINIS[@]}"; do
echo "${GPG_PASSPHRASE}" | gpg --homedir "${GPG_SIGN_HOMEDIR}" --passphrase-fd 0 --armor --detach-sign "${tini}" echo "${GPG_PASSPHRASE}" | gpg --homedir "${GPG_SIGN_HOMEDIR}" --passphrase-fd 0 --armor --detach-sign "${tini}"
gpg --homedir "${GPG_VERIFY_HOMEDIR}" --verify "${tini}.asc" gpg --homedir "${GPG_VERIFY_HOMEDIR}" --verify "${tini}.asc"
done done

@ -2,8 +2,6 @@
set -o errexit set -o errexit
set -o nounset set -o nounset
: ${FORCE_SUBREAPER:="1"}
REL_HERE=$(dirname "${BASH_SOURCE}") REL_HERE=$(dirname "${BASH_SOURCE}")
HERE=$(cd "${REL_HERE}"; pwd) HERE=$(cd "${REL_HERE}"; pwd)
@ -21,6 +19,9 @@ docker run -it --rm \
--volume="${HERE}:${SRC}" \ --volume="${HERE}:${SRC}" \
-e BUILD_DIR=/tmp/tini-build \ -e BUILD_DIR=/tmp/tini-build \
-e SOURCE_DIR="${SRC}" \ -e SOURCE_DIR="${SRC}" \
-e FORCE_SUBREAPER="${FORCE_SUBREAPER}" \ -e FORCE_SUBREAPER="${FORCE_SUBREAPER:="1"}" \
-e GPG_PASSPHRASE="${GPG_PASSPHRASE:=}" \ -e GPG_PASSPHRASE="${GPG_PASSPHRASE:=}" \
-e CC="${CC:=gcc}" \
-e ARCH_NATIVE="${ARCH_NATIVE-1}" \
-e ARCH_SUFFIX="${ARCH_SUFFIX-}" \
"${IMG}" "${SRC}/ci/run_build.sh" "${IMG}" "${SRC}/ci/run_build.sh"

@ -0,0 +1 @@
@tini_VERSION_MAJOR@.@tini_VERSION_MINOR@.@tini_VERSION_PATCH@

@ -3,53 +3,35 @@
# Edit ./tpl/travis.yml.ypl instead # # Edit ./tpl/travis.yml.ypl instead #
##################################### #####################################
language: c sudo: required
dist: trusty
compiler: language: generic
- gcc
- clang
addons:
apt:
packages:
- build-essential
- cmake
- rpm
- git
- gdb
- valgrind
- python-dev
- libcap-dev
- python-pip
- python-virtualenv
- hardening-includes
- gnupg
- vim-common
env: env:
matrix:
- CC=gcc ARCH_SUFFIX=amd64 ARCH_NATIVE=1
- CC=arm-linux-gnueabihf-gcc ARCH_SUFFIX=armhf ARCH_NATIVE=
- CC=aarch64-linux-gnu-gcc ARCH_SUFFIX=arm64 ARCH_NATIVE=
global: global:
- SIGN_BINARIES=1 - SIGN_BINARIES=1
- secure: "RKF9Z9gLxp6k/xITqn7ma1E9HfpYcDXuJFf4862WeH9EMnK9lDq+TWnGsQfkIlqh8h9goe7U+BvRiTibj9MiD5u7eluLo3dlwsLxPpYtyswYeLeC1wKKdT5LPGAXbRKomvBalRYMI+dDnGIM4w96mHgGGvx2zZXGkiAQhm6fJ3k=" - secure: "RKF9Z9gLxp6k/xITqn7ma1E9HfpYcDXuJFf4862WeH9EMnK9lDq+TWnGsQfkIlqh8h9goe7U+BvRiTibj9MiD5u7eluLo3dlwsLxPpYtyswYeLeC1wKKdT5LPGAXbRKomvBalRYMI+dDnGIM4w96mHgGGvx2zZXGkiAQhm6fJ3k="
- DIST_DIR="${HOME}/up"
before_install: before_install:
- openssl aes-256-cbc -K $encrypted_2893fd5649e7_key -iv $encrypted_2893fd5649e7_iv -in sign.key.enc -out sign.key -d || echo "Encrypted signing key unavailable" - openssl aes-256-cbc -K $encrypted_2893fd5649e7_key -iv $encrypted_2893fd5649e7_iv -in sign.key.enc -out sign.key -d || echo "Encrypted signing key unavailable"
script: ./ci/run_build.sh script:
- sudo ./ci/install_deps.sh
sudo: false - ./ci/run_build.sh
- ls -lah "$DIST_DIR"
deploy: deploy:
provider: releases provider: releases
api_key: api_key:
secure: Yk90ANpSPv1iJy8QDXCPwfaSmEr/WIJ3bzhQ6X8JvZjfrwTosbh0HrUzQyeac3nyvNwj7YJRssolOFc21IBKPpCFTZqYxSkuLPU6ysG4HGHgN6YJhOMm4mG4KKJ6741q3DJendhZpalBhCEi+NcZK/PCSD97Vl4OqRjBUged0fs= secure: Yk90ANpSPv1iJy8QDXCPwfaSmEr/WIJ3bzhQ6X8JvZjfrwTosbh0HrUzQyeac3nyvNwj7YJRssolOFc21IBKPpCFTZqYxSkuLPU6ysG4HGHgN6YJhOMm4mG4KKJ6741q3DJendhZpalBhCEi+NcZK/PCSD97Vl4OqRjBUged0fs=
file: file: "${DIST_DIR}/*"
- "./dist/tini" file_glob: true
- "./dist/tini.asc"
- "./dist/tini-static"
- "./dist/tini-static.asc"
- "./dist/tini_@tini_VERSION_MAJOR@.@tini_VERSION_MINOR@.@tini_VERSION_PATCH@.deb"
- "./dist/tini_@tini_VERSION_MAJOR@.@tini_VERSION_MINOR@.@tini_VERSION_PATCH@.rpm"
on: on:
repo: krallin/tini repo: krallin/tini
tags: true tags: true
condition: "$CC = gcc"

Loading…
Cancel
Save