ARM Cross Builds

- Upgrade to Trusty for the ARM 64 toolchain.
- Cross-compile to ARM.
- Label binaries and packages when releasing.
arm-cross
Thomas Orozco 8 years ago
parent df9dbc1055
commit c8cc8274b8
  1. 46
      .travis.yml
  2. 7
      CMakeLists.txt
  3. 7
      Dockerfile
  4. 14
      ci/install_deps.sh
  5. 117
      ci/run_build.sh
  6. 7
      ddist.sh
  7. 1
      tpl/VERSION.in
  8. 46
      tpl/travis.yml.tpl

@ -3,53 +3,35 @@
# Edit ./tpl/travis.yml.ypl instead #
#####################################
language: c
sudo: required
dist: trusty
compiler:
- gcc
- clang
addons:
apt:
packages:
- build-essential
- cmake
- rpm
- git
- gdb
- valgrind
- python-dev
- libcap-dev
- python-pip
- python-virtualenv
- hardening-includes
- gnupg
- vim-common
language: generic
env:
matrix:
- CC=gcc ARCH_SUFFIX=amd64 ARCH_NATIVE=1
- CC=arm-linux-gnueabihf-gcc ARCH_SUFFIX=armhf ARCH_NATIVE=
- CC=aarch64-linux-gnu-gcc ARCH_SUFFIX=arm64 ARCH_NATIVE=
global:
- SIGN_BINARIES=1
- secure: "RKF9Z9gLxp6k/xITqn7ma1E9HfpYcDXuJFf4862WeH9EMnK9lDq+TWnGsQfkIlqh8h9goe7U+BvRiTibj9MiD5u7eluLo3dlwsLxPpYtyswYeLeC1wKKdT5LPGAXbRKomvBalRYMI+dDnGIM4w96mHgGGvx2zZXGkiAQhm6fJ3k="
- DIST_DIR="${HOME}/up"
before_install:
- openssl aes-256-cbc -K $encrypted_2893fd5649e7_key -iv $encrypted_2893fd5649e7_iv -in sign.key.enc -out sign.key -d || echo "Encrypted signing key unavailable"
script: ./ci/run_build.sh
sudo: false
script:
- sudo ./ci/install_deps.sh
- ./ci/run_build.sh
- ls -lah "$DIST_DIR"
deploy:
provider: releases
api_key:
secure: Yk90ANpSPv1iJy8QDXCPwfaSmEr/WIJ3bzhQ6X8JvZjfrwTosbh0HrUzQyeac3nyvNwj7YJRssolOFc21IBKPpCFTZqYxSkuLPU6ysG4HGHgN6YJhOMm4mG4KKJ6741q3DJendhZpalBhCEi+NcZK/PCSD97Vl4OqRjBUged0fs=
file:
- "./dist/tini"
- "./dist/tini.asc"
- "./dist/tini-static"
- "./dist/tini-static.asc"
- "./dist/tini_0.10.0.deb"
- "./dist/tini_0.10.0.rpm"
file: "${DIST_DIR}/*"
file_glob: true
on:
repo: krallin/tini
tags: true
condition: "$CC = gcc"

@ -79,6 +79,13 @@ configure_file (
@ONLY
)
configure_file (
"${PROJECT_SOURCE_DIR}/tpl/VERSION.in"
"${PROJECT_BINARY_DIR}/VERSION"
@ONLY
)
include_directories ("${PROJECT_BINARY_DIR}")
add_executable (tini src/tini.c)

@ -1,8 +1,7 @@
FROM ubuntu:precise
FROM ubuntu:trusty
RUN apt-get update \
&& apt-get install --no-install-recommends --yes build-essential git gdb valgrind cmake rpm python-dev libcap-dev python-pip python-virtualenv hardening-includes gnupg vim-common \
&& rm -rf /var/lib/apt/lists/*
COPY ci/install_deps.sh /install_deps.sh
RUN /install_deps.sh
# Pre-install those here for faster local builds.
RUN CFLAGS="-DPR_SET_CHILD_SUBREAPER=36 -DPR_GET_CHILD_SUBREAPER=37" pip install psutil python-prctl bitmap

@ -0,0 +1,14 @@
#!/bin/bash
set -o errexit
set -o nounset
apt-get update
apt-get install --no-install-recommends --yes \
build-essential git gdb valgrind cmake rpm \
python-dev libcap-dev python-pip python-virtualenv \
hardening-includes gnupg vim-common \
gcc-aarch64-linux-gnu binutils-aarch64-linux-gnu libc6-dev-arm64-cross \
gcc-arm-linux-gnueabihf binutils-arm-linux-gnueabi libc6-dev-armhf-cross
rm -rf /var/lib/apt/lists/*

@ -7,6 +7,8 @@ set -o pipefail
# Default compiler
: ${CC:="gcc"}
echo "CC=${CC}"
# Paths
: ${SOURCE_DIR:="."}
: ${DIST_DIR:="${SOURCE_DIR}/dist"}
@ -50,8 +52,14 @@ make
make package
popd
# Smoke tests (actual tests need Docker to run; they don't run within the CI environment)
for tini in "${BUILD_DIR}/tini" "${BUILD_DIR}/tini-static"; do
pkg_version="$(cat "${BUILD_DIR}/VERSION")"
if [[ -n "${ARCH_NATIVE:=}" ]]; then
echo "Built native package (ARCH_NATIVE=${ARCH_NATIVE})"
echo "Running smoke and internal tests"
# Smoke tests (actual tests need Docker to run; they don't run within the CI environment)
for tini in "${BUILD_DIR}/tini" "${BUILD_DIR}/tini-static"; do
echo "Smoke test for $tini"
"${tini}" -h
@ -76,56 +84,109 @@ for tini in "${BUILD_DIR}/tini" "${BUILD_DIR}/tini-static"; do
echo "Checking hardening on $tini"
hardening-check --nopie --nostackprotector --nobindnow "${tini}"
done
# Move files to the dist dir for testing
mkdir -p "${DIST_DIR}"
cp "${BUILD_DIR}"/tini{,-static,*.rpm,*deb} "${DIST_DIR}"
done
# Quick package audit
if which rpm; then
# Quick package audit
if which rpm >/dev/null; then
echo "Contents for RPM:"
rpm -qlp "${DIST_DIR}/tini"*.rpm
fi
rpm -qlp "${BUILD_DIR}/tini_${pkg_version}.rpm"
echo "--"
fi
if which dpkg; then
if which dpkg >/dev/null; then
echo "Contents for DEB:"
dpkg --contents "${DIST_DIR}/tini"*deb
dpkg --contents "${BUILD_DIR}/tini_${pkg_version}.deb"
echo "--"
fi
# Compile test code
"${CC}" -o "${BUILD_DIR}/sigconf-test" "${SOURCE_DIR}/test/sigconf/sigconf-test.c"
# Create virtual environment to run tests.
# Accept system site packages for faster local builds.
VENV="${BUILD_DIR}/venv"
virtualenv --system-site-packages "${VENV}"
# Don't use activate because it does not play nice with nounset
export PATH="${VENV}/bin:${PATH}"
export CFLAGS # We need them to build our test suite, regardless of FORCE_SUBREAPER
# Install test dependencies
pip install psutil python-prctl bitmap
# Run tests
python "${SOURCE_DIR}/test/run_inner_tests.py"
else
if [[ ! -n "${ARCH_SUFFIX:=}" ]]; then
echo "Built cross package, but $ARCH_SUFFIX is empty!"
exit 1
fi
echo "Built cross package (ARCH_SUFFIX=${ARCH_SUFFIX})"
echo "Skipping smoke and internal tests"
fi
# Compile test code
"${CC}" -o "${BUILD_DIR}/sigconf-test" "${SOURCE_DIR}/test/sigconf/sigconf-test.c"
# Now, copy over files to DIST_DIR, with appropriate names depending on the
# architecture.
# Handle the DEB / RPM
mkdir -p "${DIST_DIR}"
TINIS=()
# Create virtual environment to run tests.
# Accept system site packages for faster local builds.
VENV="${BUILD_DIR}/venv"
virtualenv --system-site-packages "${VENV}"
for tini in tini tini-static; do
if [[ -n "${ARCH_SUFFIX:=}" ]]; then
to="${DIST_DIR}/${tini}-${ARCH_SUFFIX}"
TINIS+=("$to")
cp "${BUILD_DIR}/${tini}" "$to"
fi
# Don't use activate because it does not play nice with nounset
export PATH="${VENV}/bin:${PATH}"
export CFLAGS # We need them to build our test suite, regardless of FORCE_SUBREAPER
if [[ -n "${ARCH_NATIVE:=}" ]]; then
to="${DIST_DIR}/${tini}"
TINIS+=("$to")
cp "${BUILD_DIR}/${tini}" "$to"
fi
done
# Install test dependencies
pip install psutil python-prctl bitmap
for pkg_format in deb rpm; do
src="${BUILD_DIR}/tini_${pkg_version}.${pkg_format}"
# Run tests
python "${SOURCE_DIR}/test/run_inner_tests.py"
if [[ -n "${ARCH_SUFFIX:=}" ]]; then
to="${DIST_DIR}/tini_${pkg_version}-${ARCH_SUFFIX}.${pkg_format}"
TINIS+=("$to")
cp "$src" "$to"
fi
if [[ -n "${ARCH_NATIVE:=}" ]]; then
to="${DIST_DIR}/tini_${pkg_version}.${pkg_format}"
TINIS+=("$to")
cp "$src" "$to"
fi
done
echo "Tinis: ${TINIS[*]}"
for tini in "${TINIS[@]}"; do
echo "${tini}:"
sha1sum "$tini"
file "$tini"
echo "--"
done
# If a signing key and passphrase are made available, then use it to sign the
# binaries
if [[ -n "$GPG_PASSPHRASE" ]] && [[ -f "${SOURCE_DIR}/sign.key" ]]; then
echo "Signing binaries"
echo "Signing tinis"
GPG_SIGN_HOMEDIR="${BUILD_DIR}/gpg-sign"
GPG_VERIFY_HOMEDIR="${BUILD_DIR}/gpg-verify"
PGP_KEY_FINGERPRINT="595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7"
PGP_KEYSERVER="ha.pool.sks-keyservers.net"
mkdir "${GPG_SIGN_HOMEDIR}" "${GPG_VERIFY_HOMEDIR}"
chmod 700 "${GPG_SIGN_HOMEDIR}" "${GPG_VERIFY_HOMEDIR}"
gpg --homedir "${GPG_SIGN_HOMEDIR}" --import "${SOURCE_DIR}/sign.key"
gpg --homedir "${GPG_VERIFY_HOMEDIR}" --keyserver "$PGP_KEYSERVER" --recv-keys "$PGP_KEY_FINGERPRINT"
for tini in "${DIST_DIR}/tini" "${DIST_DIR}/tini-static"; do
for tini in "${TINIS[@]}"; do
echo "${GPG_PASSPHRASE}" | gpg --homedir "${GPG_SIGN_HOMEDIR}" --passphrase-fd 0 --armor --detach-sign "${tini}"
gpg --homedir "${GPG_VERIFY_HOMEDIR}" --verify "${tini}.asc"
done

@ -2,8 +2,6 @@
set -o errexit
set -o nounset
: ${FORCE_SUBREAPER:="1"}
REL_HERE=$(dirname "${BASH_SOURCE}")
HERE=$(cd "${REL_HERE}"; pwd)
@ -21,6 +19,9 @@ docker run -it --rm \
--volume="${HERE}:${SRC}" \
-e BUILD_DIR=/tmp/tini-build \
-e SOURCE_DIR="${SRC}" \
-e FORCE_SUBREAPER="${FORCE_SUBREAPER}" \
-e FORCE_SUBREAPER="${FORCE_SUBREAPER:="1"}" \
-e GPG_PASSPHRASE="${GPG_PASSPHRASE:=}" \
-e CC="${CC:=gcc}" \
-e ARCH_NATIVE="${ARCH_NATIVE-1}" \
-e ARCH_SUFFIX="${ARCH_SUFFIX-}" \
"${IMG}" "${SRC}/ci/run_build.sh"

@ -0,0 +1 @@
@tini_VERSION_MAJOR@.@tini_VERSION_MINOR@.@tini_VERSION_PATCH@

@ -3,53 +3,35 @@
# Edit ./tpl/travis.yml.ypl instead #
#####################################
language: c
sudo: required
dist: trusty
compiler:
- gcc
- clang
addons:
apt:
packages:
- build-essential
- cmake
- rpm
- git
- gdb
- valgrind
- python-dev
- libcap-dev
- python-pip
- python-virtualenv
- hardening-includes
- gnupg
- vim-common
language: generic
env:
matrix:
- CC=gcc ARCH_SUFFIX=amd64 ARCH_NATIVE=1
- CC=arm-linux-gnueabihf-gcc ARCH_SUFFIX=armhf ARCH_NATIVE=
- CC=aarch64-linux-gnu-gcc ARCH_SUFFIX=arm64 ARCH_NATIVE=
global:
- SIGN_BINARIES=1
- secure: "RKF9Z9gLxp6k/xITqn7ma1E9HfpYcDXuJFf4862WeH9EMnK9lDq+TWnGsQfkIlqh8h9goe7U+BvRiTibj9MiD5u7eluLo3dlwsLxPpYtyswYeLeC1wKKdT5LPGAXbRKomvBalRYMI+dDnGIM4w96mHgGGvx2zZXGkiAQhm6fJ3k="
- DIST_DIR="${HOME}/up"
before_install:
- openssl aes-256-cbc -K $encrypted_2893fd5649e7_key -iv $encrypted_2893fd5649e7_iv -in sign.key.enc -out sign.key -d || echo "Encrypted signing key unavailable"
script: ./ci/run_build.sh
sudo: false
script:
- sudo ./ci/install_deps.sh
- ./ci/run_build.sh
- ls -lah "$DIST_DIR"
deploy:
provider: releases
api_key:
secure: Yk90ANpSPv1iJy8QDXCPwfaSmEr/WIJ3bzhQ6X8JvZjfrwTosbh0HrUzQyeac3nyvNwj7YJRssolOFc21IBKPpCFTZqYxSkuLPU6ysG4HGHgN6YJhOMm4mG4KKJ6741q3DJendhZpalBhCEi+NcZK/PCSD97Vl4OqRjBUged0fs=
file:
- "./dist/tini"
- "./dist/tini.asc"
- "./dist/tini-static"
- "./dist/tini-static.asc"
- "./dist/tini_@tini_VERSION_MAJOR@.@tini_VERSION_MINOR@.@tini_VERSION_PATCH@.deb"
- "./dist/tini_@tini_VERSION_MAJOR@.@tini_VERSION_MINOR@.@tini_VERSION_PATCH@.rpm"
file: "${DIST_DIR}/*"
file_glob: true
on:
repo: krallin/tini
tags: true
condition: "$CC = gcc"

Loading…
Cancel
Save