Difference between revisions of "User:Wizzup/Jenkins"
From Maemo Leste Wiki
Jump to navigationJump to search| Line 10: | Line 10: | ||
useradd -m -s /bin/bash jenkins | useradd -m -s /bin/bash jenkins | ||
passwd jenkins | passwd jenkins | ||
su - jenkins # add key | su - jenkins # add ssh pub key from jenkins master to .ssh/authorized_keys | ||
apt install sudo | apt install sudo | ||
sudo vi /etc/sudoers # allow passwordless sudo for sudo group | sudo vi /etc/sudoers # allow passwordless sudo for sudo group | ||
gpasswd -a jenkins sudo | gpasswd -a jenkins sudo | ||
</pre> | |||
Also, this might not be necessary, but one could add this: | |||
<pre> | |||
# cat /etc/sudoers.d/jenkins | |||
jenkins ALL=NOPASSWD: /usr/sbin/cowbuilder, /usr/sbin/chroot, /bin/chmod, /bin/rm, /bin/mv, /bin/cat | |||
Defaults env_keep+="DEB_* DIST ARCH ADT QEMU_LOG_FILENAME" | |||
</pre> | </pre> | ||
Latest revision as of 08:55, 28 April 2022
Setting up a Jenkins build slave requires the following steps to be executed on a machine that matches the Maemo devuan version (Not sure if this is strictly required, we just did it that way before).
apt install default-jre-headless apt install jenkins-debian-glue jenkins-debian-glue-buildenv-devuan apt purge exim4-base exim4-config exim4-daemon-light apt --purge autoremove apt install ntp useradd -m -s /bin/bash jenkins passwd jenkins su - jenkins # add ssh pub key from jenkins master to .ssh/authorized_keys apt install sudo sudo vi /etc/sudoers # allow passwordless sudo for sudo group gpasswd -a jenkins sudo
Also, this might not be necessary, but one could add this:
# cat /etc/sudoers.d/jenkins jenkins ALL=NOPASSWD: /usr/sbin/cowbuilder, /usr/sbin/chroot, /bin/chmod, /bin/rm, /bin/mv, /bin/cat Defaults env_keep+="DEB_* DIST ARCH ADT QEMU_LOG_FILENAME"
Also copy over /etc/jenkins from one of the existing nodes, specifically for the debian glue config, see below.
Then add it to Jenkins as a node (I just copied an existing node and changed the host/ip).
Then run a build, it will likely fail, because our keys are not yet added to the pbuilder environment that just got created during the first build.
Add it like so:
cd /var/cache/pbuilder/base-beowulf-arm*.cow wget https://maedevu.maemo.org/extras-key.asc wget https://maedevu.maemo.org/testing-key.asc chroot /var/cache/pbuilder/base-beowulf-arm*.cow apt install gnupg1 apt-key add < extras-key.asc apt-key add < testing-key.asc rm *.asc exit cd -
/etc/jenkins/pbuilderrc:
MIRRORSITE="http://pkgmaster.devuan.org/merged/"
COMPONENTS="main contrib non-free"
DEBOOTSTRAPOPTS=("${DEBOOTSTRAPOPTS[@]}" "--keyring=/usr/share/keyrings/devuan-keyring.gpg" "--no-merged-usr")
PBUILDERSATISFYDEPENDSCMD=/usr/lib/pbuilder/pbuilder-satisfydepends-apt
EXTRAPACKAGES="$EXTRAPACKAGES devuan-keyring"
AUTOCLEANAPTCACHE=yes
if [[ $ARCH == arm* ]] ; then
EXTRAPACKAGES="$EXTRAPACKAGES pinthread"
export LD_PRELOAD="$LD_PRELOAD /usr/lib/pinthread.so"
export PINTHREAD_CORE=0
fi
/etc/jenkins/debian_glue:
# Example configuration file for the jenkins-debian-glue software.
# Install this file as /etc/jenkins/debian_glue to enable it.
# Set GnuPG ID that should be used for signing the reprepro repository.
# If you build packages for Squeeze your reprepro repositories *MUST* be
# signed and the keyring that holds the public key (REPOSITORY_KEYRING)
# must be set.
# Expected format: DEADBEEF
if [ "$release" = "leste" ]; then
KEY_ID=4AA81E3E026EFE82E47D6901545FEC4E0927F6FD
else
# extras
KEY_ID=89F632F52BFE13EBBB2EBD0D2700BD8E6604EC2E
fi
# If TRUNK_RELEASE is set then the package(s) of the repository
# receiving the packages that are built will be copied to the
# repository specified in TRUNK_RELEASE. This provides the option
# to have all recent versions of packages in a central repository.
# TRUNK_RELEASE='release-trunk'
# If packages are build for more than one architecture you can
# decide which architecture should build the "Architecture: all"
# packages. On all other architectures only the arch specific
# packages will be build then.
# If unset it will default to the architecture of the host system.
MAIN_ARCHITECTURE="amd64"
# Hook scripts for pbuilder/cowbuilder, used e.g. for autopkgtest.
# Default:
# PBUILDER_HOOKDIR=/usr/share/jenkins-debian-glue/pbuilder-hookdir/
# To enable a pbuilder configuration file for usage as documented
# in man pbuilder(8) under --configfile set this option.
# By default no user specific pbuilder configuration file is used.
# PBUILDER_CONFIG=/etc/jenkins/pbuilderrc
# Base directory for reprepro repositories, can be overwritten
# via REPOSITORY on demand
# Default:
DEFAULT_REPOSITORY='/srv/repository'
# In order to keep the build versions unique and to ensure that there
# are no duplicates, the version number from the changelog is padded
# with the date and the build number.
# To override this behaviour and preserve the version number from the
# changelog, set USE_ORIG_VERSION to true.
USE_ORIG_VERSION=true
SKIP_DCH=true
DCH_OPTS="--multimaint-merge --ignore-branch"
#DCH_EXTRA_OPTS="--distribution=maemo7 --force-distribution -R"
#DCH_EXTRA_OPTS="
#maybe? line 103 in /usr/bin/generate-git-snapshot
UNRELEASEAD_APPEND_COMMIT="false"
# By default reprepro repositories are not verified but assumed to be
# trustworthy.
# Please note that if you build packages for Squeeze, the reprepro
# repositories *MUST* be signed and verifiable. I.e. you need to set
# KEY_ID and the corresponding keyring in REPOSITORY_KEYRING that
# holds the public key portion for that KEY_ID.
# REPOSITORY_KEYRING=/etc/apt/trusted.gpg.d/my-custom-keyring.gpg
REPOSITORY_KEYRING=/var/lib/jenkins/.gnupg/keyring.gpg
#release=${release:-kawai}
#REPOSITORY=/srv/repository
# If $release is set then "${REPOSITORY}/release/${release}"
# is used as release repository. If you want to use a different
# directory set RELEASE_REPOSITORY accordingly.
# Default:
# RELEASE_REPOSITORY="${REPOSITORY}/release/${release}"
RELEASE_REPOSITORY="${DEFAULT_REPOSITORY}/${release}"
# Remove packages from a $release before processing incoming
# This allows to rebuild and provide versions already existent
# in the release repository they are built for.
# Default:
# REMOVE_FROM_RELEASE=false
# By default the underlying build system (cowbuilder/pbuilder)
# automatically destroys the build environment, even if building
# fails for whatever reason. If DEB_KEEP_BUILD_ENV is set then
# a copy of the build environment is created under
# /var/cache/pbuilder/build/debug.$JOBNAME
# Please be aware that those build environments usually require
# quite some disk space, so do not forget to remove them.
# If unset the build environment won't be kept if building fails.
# DEB_KEEP_BUILD_ENV=true
# Comma separated list of extra repositories for resolving dependencies.
# Usage example:
# REPOSITORY_EXTRA='deb http://security.debian.org/ wheezy/updates main,deb-src http://security.debian.org/ wheezy/updates main'
# Default:
# REPOSITORY_EXTRA=
PARENT_DISTRO=
DEVUAN_BUILD=
case "$distribution" in
stretch*)
PARENT_DISTRO=ascii
;;
buster*)
PARENT_DISTRO=beowulf
;;
bullseye*)
PARENT_DISTRO=
;;
bookworm*)
PARENT_DISTRO=
;;
*)
DEVUAN_BUILD=1
esac
if [ -z "$DEVUAN_BUILD" ]; then
# Debian
MIRROR="http://deb.debian.org/debian"
SECURITY_MIRROR="http://security.debian.org/debian-security"
SECURITY_FOLDER="${distribution}/updates"
# This option is needed for pbuilder to work nice in Devuan environment
PBUILDER_CONFIG=/etc/jenkins/debian_mirror
# Initialize it with command:
# echo 'MIRRORSITE=http://deb.debian.org/debian' > /etc/jenkins/debian_mirror
else
# Devuan
MIRROR="http://pkgmaster.devuan.org/merged"
SECURITY_MIRROR="${MIRROR}"
SECURITY_FOLDER="${distribution}-security"
fi
REPOSITORY_EXTRA="deb ${MIRROR} ${distribution}-updates main contrib non-free"
REPOSITORY_EXTRA="${REPOSITORY_EXTRA},deb ${SECURITY_MIRROR} ${SECURITY_FOLDER} main contrib non-free"
REPOSITORY_EXTRA="${REPOSITORY_EXTRA},deb http://maedevu.maemo.org/${release} ${distribution} main contrib non-free"
# Pull in deps from -devel when building -devel
if [ "$ENABLE_MAEMO_DEVEL" = "yes" ]; then
REPOSITORY_EXTRA="${REPOSITORY_EXTRA},deb http://maedevu.maemo.org/${release} ${distribution}-devel main contrib non-free"
fi
if [ "$ENABLE_MAEMO_EXPERIMENTAL" = "yes" ]; then
REPOSITORY_EXTRA="${REPOSITORY_EXTRA},deb http://maedevu.maemo.org/${release} ${distribution}-experimental main contrib non-free"
fi
# Pull in deps from the main repo when building extras
if [ "$release" = "extras" ]; then
REPOSITORY_EXTRA="${REPOSITORY_EXTRA},deb http://maedevu.maemo.org/leste ${distribution} main contrib non-free"
fi
# Pull in deps from main repo when building for Debian
if [ -n "$PARENT_DISTRO" ]; then
REPOSITORY_EXTRA="${REPOSITORY_EXTRA},deb http://maedevu.maemo.org/leste ${PARENT_DISTRO} main contrib non-free"
fi
# Device specifics
backports_jobs="mesa"
#n900_jobs="libmatchbox2-n900 hildon-desktop-n900"
echo "job_name: $JOB_NAME"
case "$JOB_NAME" in
*-source)
_curpkgname="$(echo $JOB_NAME | sed 's,-source$,,')"
;;
*-binaries/*)
_curpkgname="$(echo $JOB_NAME | cut -d '/' -f1 | sed 's,-binaries$,,')"
;;
*-repos/*)
_curpkgname="$(echo $JOB_NAME | cut -d '/' -f1 | sed 's,-repos$,,')"
;;
*)
_curpkgname="irrelevant"
;;
esac
if echo "$backports_jobs" | grep -qw "$_curpkgname"; then
case "$distribution" in
ascii*|stretch*|beowulf*|buster*)
REPOSITORY_EXTRA="${REPOSITORY_EXTRA},deb ${MIRROR} ${distribution}-backports main contrib non-free"
;;
esac
fi
#if echo "$n900_jobs" | grep -qw "$_curpkgname"; then
# REPOSITORY_EXTRA="${REPOSITORY_EXTRA},deb http://maedevu.maemo.org/${release} ${distribution} n900"
#fi
droid4_jobs="pvr-omap4"
if echo "$droid4_jobs" | grep -qw "$_curpkgname"; then
REPOSITORY_EXTRA="${REPOSITORY_EXTRA},deb http://maedevu.maemo.org/${release} ${distribution} droid4"
fi
network_jobs="pine64-uboot zkgroup signald anbox-image"
if echo "$network_jobs" | grep -qw "$_curpkgname"; then
PBUILDER_USENETWORK=yes
fi
# Comma separated list of URLs with keys for extra repositories.
# Usage example:
# REPOSITORY_EXTRA_KEYS='http://foorepo.domain.com/key1.gpg,http://barrepo.domain.com/key2.gpg'
# Default:
# REPOSITORY_EXTRA_KEYS=
REPOSITORY_EXTRA_KEYS='http://maedevu.maemo.org/testing-key.asc,http://maedevu.maemo.org/extras-key.asc'
# autopkgtests are executed automatically inside the cowbuilder environment by
# default, corresponding to the ADT='internal' setting or if ADT is unset.
# To execute autopkgtests also externally via adt-run you need to set ADT to
# either 'external' (no internal runs) or 'all' (internal + external runs).
# The external autopkgtests depend on a configured ADT_RUNNER setting.
# To skip internal as well as external autopkgtests set ADT='skip'.
# Usage example (see adt-virt-qemu(1) for details regarding image setup):
# ADT='external'
# ADT_RUNNER="adt-virt-qemu /srv/adt-${distribution:-}-${architecture:-}.img"
# Default:
# ADT=
# Control usage of eatmydata to speed up builds. If eatmydata is present on the
# host system and when building for a recent distribution (Debian/jessie +
# Ubuntu/vivid or newer) eatmydata is enabled automatically.
# To force its usage (skipping any host + distribution checks) set it to 'true'.
# To disable its usage set it to 'false'.
# USE_EATMYDATA=true
# Enable ccache (compiler cache for fast recompilation of C/C++ code)
# to speed up builds.
USE_CCACHE=true
# Specify the format (as accepted by the 'date' command) for the generated
# build timestamp.
# Default: %Y%m%d%H%M%S
# TIMESTAMP_FORMAT="%Y%m%d%H%M%S"
# In case you are explicitly marking your new package version as "UNRELEASED"
# inside the debian/changelog file, you may not get a package build version
# number containing the SCM commit. Set this to 'true' in order to work around
# this.
# Default: false
# UNRELEASED_APPEND_COMMIT=false
