This is an automated email from the ASF dual-hosted git repository.
bneradt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/trafficserver-ci.git
The following commit(s) were added to refs/heads/main by this push:
new dc1d1bc Adding a fedora:40 Dockerfile (#331)
dc1d1bc is described below
commit dc1d1bc03f4c7a46a522f28afe013f6f9859d71b
Author: Brian Neradt <[email protected]>
AuthorDate: Tue Mar 26 11:22:06 2024 -0500
Adding a fedora:40 Dockerfile (#331)
Cleaning up fedora:38 while I'm at it.
---
docker/{fedora38 => fedora40}/Dockerfile | 109 +++++++++++++++++++++---
docker/{fedora38 => fedora40}/build_h3_tools.sh | 82 +++++++++---------
2 files changed, 134 insertions(+), 57 deletions(-)
diff --git a/docker/fedora38/Dockerfile b/docker/fedora40/Dockerfile
similarity index 53%
rename from docker/fedora38/Dockerfile
rename to docker/fedora40/Dockerfile
index 66f399a..acc0168 100644
--- a/docker/fedora38/Dockerfile
+++ b/docker/fedora40/Dockerfile
@@ -1,7 +1,10 @@
-FROM fedora:38
+FROM fedora:40
#-------------------------------------------------------------------------------
# Install the various system packages we use.
+#
+# Try to keep all or at least most dnf commands at the beginning and clean
+# afterwards to keep the Docker images smaller.
#-------------------------------------------------------------------------------
RUN <<EOF
set -e
@@ -27,12 +30,29 @@ RUN <<EOF
xz-devel libcurl-devel ncurses-devel jemalloc-devel GeoIP-devel
luajit-devel brotli-devel \
ImageMagick-devel ImageMagick-c++-devel hiredis-devel zlib-devel
libmaxminddb-devel \
perl-ExtUtils-MakeMaker perl-Digest-SHA perl-URI perl-IPC-Cmd
perl-Pod-Html \
- curl tcl-devel java
+ curl tcl-devel java cjose-devel protobuf-devel
# autest stuff
dnf -y install \
python3 httpd-tools procps-ng nmap-ncat python3-pip \
python3-gunicorn python3-requests python3-devel python3-psutil telnet
+
+ # Needed to install openssl-quic
+ dnf -y install libev-devel jemalloc-devel libxml2-devel \
+ c-ares-devel libevent-devel cjose-devel jansson-devel zlib-devel \
+ systemd-devel perl-FindBin cargo
+
+ # build_h3_tools will install its own version of golang.
+ dnf remove -y golang
+
+ # lcov is used for code coverage.
+ dnf install -y lcov
+
+ # abi tool dependencies.
+ dnf install -y ctags elfutils-libelf-devel wdiff rfcdiff
+
+ # Cleaning before this RUN command finishes keeps the image size smaller.
+ dnf clean all
EOF
#-------------------------------------------------------------------------------
@@ -50,20 +70,13 @@ RUN <<EOF
EOF
ARG PATH=/opt/bin:$PATH
-# This currently fails with latest fedora:38. Presumably the stock pip is
-# recent enough, so this shouldn't be a big deal.
-# RUN pip3 install --upgrade pip
RUN pip3 install pipenv httpbin
#-------------------------------------------------------------------------------
# Install the HTTP/3 build tools, including openssl-quic.
#-------------------------------------------------------------------------------
-RUN dnf -y install libev-devel jemalloc-devel libxml2-devel \
- c-ares-devel libevent-devel jansson-devel zlib-devel systemd-devel \
- perl-FindBin cargo
# go will be installed by build_h3_tools.
-RUN dnf remove -y golang
ARG h3_tools_dir=/root/build_h3_tools
RUN mkdir -p ${h3_tools_dir}
COPY /build_h3_tools.sh ${h3_tools_dir}/build_h3_tools.sh
@@ -72,10 +85,10 @@ RUN <<EOF
set -e
cd ${h3_tools_dir}
bash ${h3_tools_dir}/build_h3_tools.sh; \
+ cd /root
rm -rf ${h3_tools_dir} /root/.rustup
EOF
-
#-------------------------------------------------------------------------------
# Various CI Job and Test Requirements.
#-------------------------------------------------------------------------------
@@ -93,6 +106,64 @@ RUN <<EOF
cp /root/go/bin/go-httpbin /opt/go/bin/
EOF
+# Install nuraft for the stek_share plugin. Distros, unfortunately, do not
+# package these, so this has to be built by hand.
+RUN <<EOF
+ set -e
+
+ git clone https://github.com/eBay/NuRaft.git
+ cd NuRaft
+ ./prepare.sh
+
+ OPENSSL_PREFIX=/opt/openssl-quic
+ if [ -d "${OPENSSL_PREFIX}/lib" ]; then
+ OPENSSL_LIB="${OPENSSL_PREFIX}/lib"
+ elif [ -d "${OPENSSL_PREFIX}/lib64" ]; then
+ OPENSSL_LIB="${OPENSSL_PREFIX}/lib64"
+ else
+ echo "Could not find the OpenSSL install library directory."
+ exit 1
+ fi
+ cmake \
+ -B build \
+ -G Ninja \
+ -DCMAKE_INSTALL_PREFIX=/opt/ \
+ -DOPENSSL_LIBRARY_PATH=${OPENSSL_LIB} \
+ -DOPENSSL_INCLUDE_PATH=${OPENSSL_PREFIX}/include
+ cmake --build build
+ cmake --install build
+ cd ../
+ rm -rf NuRaft
+EOF
+
+# For Open Telemetry Tracer plugin.
+RUN <<EOF
+ set -e
+
+ cd /root
+ mkdir nlohmann-json
+ cd nlohmann-json
+ wget https://github.com/nlohmann/json/archive/refs/tags/v3.11.3.tar.gz
+ tar zxf v3.11.3.tar.gz
+ cd json-3.11.3
+ cmake -B build -G Ninja -DCMAKE_CXX_STANDARD=17
-DCMAKE_CXX_STANDARD_REQUIRED=ON -DCMAKE_INSTALL_PREFIX=/opt
-DJSON_BuildTests=OFF
+ cmake --build build
+ cmake --install build
+ cd /root
+ rm -rf nlohmann-json
+
+ mkdir opentelemetry-cpp
+ cd opentelemetry-cpp
+ wget
https://github.com/open-telemetry/opentelemetry-cpp/archive/refs/tags/v1.3.0.tar.gz
+ tar zxf v1.3.0.tar.gz
+ cd opentelemetry-cpp-1.3.0
+ cmake -B build -G Ninja -DBUILD_TESTING=OFF -DWITH_EXAMPLES=OFF
-DWITH_JAEGER=OFF -DWITH_OTLP=ON -DWITH_OTLP_GRPC=OFF -DWITH_OTLP_HTTP=ON
-DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_CXX_STANDARD=17
-DCMAKE_CXX_STANDARD_REQUIRED=ON -Dnlohmann_json_ROOT=/opt/
-DCMAKE_INSTALL_PREFIX=/opt
+ cmake --build build --target all
+ cmake --install build --config Debug
+ cd /root
+ rm -rf opentelemetry-cpp
+EOF
+
# Add the CI's test user. N.B: 1200 is the uid that our jenkins user is
# configured with, so that has to be used. Otherwise there will be permissions
# issues.
@@ -111,8 +182,20 @@ RUN <<EOF
chown -R ${username} /home/${username}
EOF
-# Install lcov
-RUN dnf install -y lcov
+# Install abi checking tools.
+RUN <<EOF
+ set -e
+ mkdir -p /root/src/abi
+ cd /root/src/abi
+ git clone https://github.com/lvc/installer.git
+ cd installer
+ for i in abi-dumper abi-tracker abi-compliance-checker vtable-dumper
abi-monitor
+ do
+ make install prefix=/opt target=${i}
+ done
+ cd /root
+ rm -rf src/abi
+EOF
-# Keep this at the end to clean up the dnf cache.
+# Keep this at the end to ensure the dnf cache is cleared out.
RUN dnf clean all
diff --git a/docker/fedora38/build_h3_tools.sh
b/docker/fedora40/build_h3_tools.sh
similarity index 81%
rename from docker/fedora38/build_h3_tools.sh
rename to docker/fedora40/build_h3_tools.sh
index 9ae66f3..8c55773 100644
--- a/docker/fedora38/build_h3_tools.sh
+++ b/docker/fedora40/build_h3_tools.sh
@@ -37,7 +37,7 @@ set -e
# that it later removes.
# Update this as the draft we support updates.
-OPENSSL_BRANCH=${OPENSSL_BRANCH:-"openssl-3.1.0+quic+locks"}
+OPENSSL_BRANCH=${OPENSSL_BRANCH:-"openssl-3.1.4+quic"}
# Set these, if desired, to change these to your preferred installation
# directory
@@ -78,6 +78,14 @@ elif [ -e /etc/debian_version ]; then
echo
fi
+if [ `uname -s` = "Darwin" ]; then
+ echo
"+-------------------------------------------------------------------------+"
+ echo "| When building on a Mac, be aware that the Apple version of clang
may |"
+ echo "| fail to build curl due to the issue described here:
|"
+ echo "| https://github.com/curl/curl/issues/11391#issuecomment-1623890325
|"
+ echo
"+-------------------------------------------------------------------------+"
+fi
+
if [ -z ${QUICHE_BSSL_PATH+x} ]; then
QUICHE_BSSL_PATH=${TMP_QUICHE_BSSL_PATH:-"${BASE}/boringssl/lib"}
fi
@@ -114,29 +122,30 @@ else
OS="linux"
fi
-wget https://go.dev/dl/go1.20.1.${OS}-${ARCH}.tar.gz
-rm -rf ${BASE}/go && tar -C ${BASE} -xf go1.20.1.${OS}-${ARCH}.tar.gz
-rm go1.20.1.${OS}-${ARCH}.tar.gz
+wget https://go.dev/dl/go1.21.6.${OS}-${ARCH}.tar.gz
+rm -rf ${BASE}/go && tar -C ${BASE} -xf go1.21.6.${OS}-${ARCH}.tar.gz
+rm go1.21.6.${OS}-${ARCH}.tar.gz
+chmod -R a+rX ${BASE}
GO_BINARY_PATH=${BASE}/go/bin/go
if [ ! -d boringssl ]; then
git clone https://boringssl.googlesource.com/boringssl
cd boringssl
- git checkout 31bad2514d21f6207f3925ba56754611c462a873
+ git checkout a1843d660b47116207877614af53defa767be46a
cd ..
fi
cd boringssl
-mkdir -p build
-cd build
cmake \
+ -B build \
-DGO_EXECUTABLE=${GO_BINARY_PATH} \
-DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
-DCMAKE_BUILD_TYPE=Release \
- -DBUILD_SHARED_LIBS=1 ../
-
-${MAKE} -j ${num_threads}
-${MAKE} install
-cd ../..
+ -DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \
+ -DBUILD_SHARED_LIBS=1
+cmake --build build -j ${num_threads}
+cmake --install build
+chmod -R a+rX ${BASE}
+cd ..
# Build quiche
# Steps borrowed from:
https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile
@@ -144,11 +153,7 @@ echo "Building quiche"
QUICHE_BASE="${BASE:-/opt}/quiche"
[ ! -d quiche ] && git clone --recursive
https://github.com/cloudflare/quiche.git
cd quiche
-# Latest quiche commits breaks our code so we build from the last commit
-# we know it works, in this case this commit includes the rpath fix commit
-# for quiche. https://github.com/cloudflare/quiche/pull/1508
-# Why does the latest break our code? ->
https://github.com/cloudflare/quiche/pull/1537
-git checkout a1b212761c6cc0b77b9121cdc313e507daf6deb3
+git checkout 0.20.1
QUICHE_BSSL_PATH=${QUICHE_BSSL_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build
-j4 --package quiche --release --features ffi,pkg-config-meta,qlog
mkdir -p ${QUICHE_BASE}/lib/pkgconfig
mkdir -p ${QUICHE_BASE}/include
@@ -156,26 +161,27 @@ cp target/release/libquiche.a ${QUICHE_BASE}/lib/
[ -f target/release/libquiche.so ] && cp target/release/libquiche.so
${QUICHE_BASE}/lib/
cp quiche/include/quiche.h ${QUICHE_BASE}/include/
cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig
+chmod -R a+rX ${BASE}
cd ..
-# OpenSSL needs special hackery ... Only grabbing the branch we need here...
Bryan has shit for network.
echo "Building OpenSSL with QUIC support"
[ ! -d openssl-quic ] && git clone -b ${OPENSSL_BRANCH} --depth 1
https://github.com/quictls/openssl.git openssl-quic
cd openssl-quic
-git checkout 6c41837e9234a8c250f02ae8aa30f44e91342ef6
./config enable-tls1_3 --prefix=${OPENSSL_PREFIX}
${MAKE} -j ${num_threads}
${MAKE} install_sw
+chmod -R a+rX ${BASE}
# The symlink target provides a more convenient path for the user while also
# providing, in the symlink source, the precise branch of the OpenSSL build.
ln -sf ${OPENSSL_PREFIX} ${OPENSSL_BASE}
+chmod -R a+rX ${BASE}
cd ..
# OpenSSL will install in /lib or lib64 depending upon the architecture.
-if [ -f "${OPENSSL_PREFIX}/lib/libssl.so" ]; then
+if [ -d "${OPENSSL_PREFIX}/lib" ]; then
OPENSSL_LIB="${OPENSSL_PREFIX}/lib"
-elif [ -f "${OPENSSL_PREFIX}/lib64/libssl.so" ]; then
+elif [ -d "${OPENSSL_PREFIX}/lib64" ]; then
OPENSSL_LIB="${OPENSSL_PREFIX}/lib64"
else
echo "Could not find the OpenSSL install library directory."
@@ -185,12 +191,9 @@ LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${OPENSSL_LIB}"}
# Then nghttp3
echo "Building nghttp3..."
-if [ ! -d nghttp3 ]; then
- git clone --depth 1 -b v0.12.0 https://github.com/ngtcp2/nghttp3.git
- cd nghttp3
- cd ..
-fi
+[ ! -d nghttp3 ] && git clone --depth 1 -b v1.2.0
https://github.com/ngtcp2/nghttp3.git
cd nghttp3
+git submodule update --init
autoreconf -if
./configure \
--prefix=${BASE} \
@@ -201,15 +204,12 @@ autoreconf -if
--enable-lib-only
${MAKE} -j ${num_threads}
${MAKE} install
+chmod -R a+rX ${BASE}
cd ..
# Now ngtcp2
echo "Building ngtcp2..."
-if [ ! -d ngtcp2 ]; then
- git clone --depth 1 -b v0.16.0 https://github.com/ngtcp2/ngtcp2.git
- cd ngtcp2
- cd ..
-fi
+[ ! -d ngtcp2 ] && git clone --depth 1 -b v1.4.0
https://github.com/ngtcp2/ngtcp2.git
cd ngtcp2
autoreconf -if
./configure \
@@ -221,19 +221,14 @@ autoreconf -if
--enable-lib-only
${MAKE} -j ${num_threads}
${MAKE} install
+chmod -R a+rX ${BASE}
cd ..
# Then nghttp2, with support for H3
echo "Building nghttp2 ..."
-if [ ! -d nghttp2 ]; then
- git clone https://github.com/tatsuhiro-t/nghttp2.git
- cd nghttp2
- # The following has a fix for builds on systems, like Mac, which do not have
- # libev. There isn't currently a release with this fix yet.
- git checkout 2c955ab76b42dfce58e812da6bbe8a526a125fea
- cd ..
-fi
+[ ! -d nghttp2 ] && git clone --depth 1 -b v1.60.0
https://github.com/tatsuhiro-t/nghttp2.git
cd nghttp2
+git submodule update --init
autoreconf -if
if [ `uname -s` = "Darwin" ] || [ `uname -s` = "FreeBSD" ]
then
@@ -249,20 +244,18 @@ fi
PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \
CFLAGS="${CFLAGS}" \
CXXFLAGS="${CXXFLAGS}" \
- LDFLAGS="${LDFLAGS}" \
+ LDFLAGS="${LDFLAGS} -L${OPENSSL_LIB}" \
--enable-http3 \
${ENABLE_APP}
${MAKE} -j ${num_threads}
${MAKE} install
+chmod -R a+rX ${BASE}
cd ..
# Then curl
echo "Building curl ..."
-[ ! -d curl ] && git clone https://github.com/curl/curl.git
+[ ! -d curl ] && git clone --depth 1 -b curl-8_5_0
https://github.com/curl/curl.git
cd curl
-# There isn't currently a released curl yet which has the updates for the above
-# ngtcp2 and nghttp3 library versions.
-git checkout 891e25edb8527bb8de79cdca6d943216c230e905
# On mac autoreconf fails on the first attempt with an issue finding ltmain.sh.
# The second runs fine.
autoreconf -fi || autoreconf -fi
@@ -277,4 +270,5 @@ autoreconf -fi || autoreconf -fi
LDFLAGS="${LDFLAGS}"
${MAKE} -j ${num_threads}
${MAKE} install
+chmod -R a+rX ${BASE}
cd ..
