Verified Commit a7adab56 authored by Josef Schlehofer's avatar Josef Schlehofer 💬
Browse files

Merge branch 'Turris OS 5.2.0'

parents 8e84e12d 1366cae4
# To use this config run: git config --local include.path ../.gitconfig
# You also need bash to interpret hooks and scripts
[core]
hooksPath = .githooks
[alias]
new-mr = "!.gitscripts/new-mr"
new-branch = "!.gitscripts/new-branch"
[sendemail]
to = packaging@turris.com
#!/bin/bash
server="gitlab.nic.cz"
server_old="gitlab.labs.nic.cz"
zero_sha1="0000000000000000000000000000000000000000"
compare_ancestors() {
local local_hash="$1"
[ "$local_hash" != "$zero_sha1" ] || return 0 # ignore removals
git merge-base --is-ancestor \
"$(git merge-base "$local_hash" "$2")" \
"$(git merge-base "$local_hash" "$3")"
}
remote_name="$1"
remote_url="$2"
if [[ "$remote_url" != *$server* && "$remote_url" != *$server_old* ]]; then
# We are interested only in pushes to our server
exit 0
fi
push_master=
push_develop=
while read -r local_ref local_sha1 remote_ref remote_sha1; do
if [ "$local_sha1" = "$zero_sha1" ]; then
# Always allow removal of branches
continue
fi
remote_ref="${remote_ref#refs/heads/}"
case "$remote_ref" in
master)
push_master="$local_sha1"
;;
develop)
push_develop="$local_sha1"
;;
hotfix/*)
if compare_ancestors "$local_sha1" master develop; then
echo "Reference has invalid ancestor, please base it on top of master: $local_ref" >&2
exit 1
fi
;;
feature/*|bugfix/*|refactor/*|hack/*)
if compare_ancestors "$local_sha1" develop master; then
echo "Reference has invalid ancestor, please base it on top of develop: $local_ref" >&2
exit 1
fi
;;
*)
# We terminate push only if this tries to create new branch of invalid
# name. This allows push to existing branches.
if [ "$remote_sha1" = "$zero_sha1" ]; then
echo "Creation of new branch of this name is not allowed: $remote_ref" >&2
exit 1
fi
;;
esac
done
if [ -n "$push_master" ]; then
if [ -z "$push_develop" ]; then
echo "Develop branch has to be always updated with master branch." >&2
echo "Push both at the same time with: git push origin master develop" >&2
exit 1
fi
if ! git merge-base --is-ancestor "$push_master" "$push_develop"; then
echo "Tip commit of master is not merged to develop branch." >&2
exit 1
fi
fi
# CZ.NIC folder
cznic/foris/ @shenek
cznic/fosquitto/ @shenek
cznic/mozilla-iot-gateway-webapp/ @miska
cznic/turrishw/ @shenek
cznic/turris-netboot/ @miska
# Hardware
# Data collection
collect/sentinel/ @Cynerd @VojtechMyslivec @mprudek
collect/haas-proxy/ @shenek
collect/pakon/ @mmtj
collect/pakon-lists/ @mmtj
# Hardware
hardware/ @miska
hardware/crypto-wrapper/ @VojtechMyslivec
hardware/mox/mox-otp/ @VojtechMyslivec
hardware/mox/mox-uboot/ @pali @elkablo
hardware/omnia/omnia-uboot/ @pali @elkablo
# Lang
lang/ @Cynerd
# Lang - Python Packages
lang/ @BKPepe @ja-pa
lang/turrishw/ @mmtj
# Libs
libs/ @ja-pa @Cynerd
libs/ @BKPepe @ja-pa
# Multimedia
multimedia/ @BKPepe
multimedia/ @BKPepe @ja-pa
# Net
net/knot/ @salzmdan
net/knot-resolver/ @ja-pa
net/ @BKPepe
net/knot-resolver/ @vcunat @ja-pa
net/unbound/ @ja-pa
net/tor/ @ja-pa
net/torsocks/ @ja-pa
net/resolver-conf/ @ja-pa
net/resolver-debug/ @ja-pa
net/lighttpd/ @miska
net/lighttpd/ @BKPepe
net/lighttpd-https-cert/ @miska
net/netmetr/ @shenek @mprudek
net/nextcloud/ @miska
net/dnssec-rootkey/ @ja-pa @vcunat
net/lighttpd/ @miska
net/nextcloud/ @miska
net/rmbt/ @mprudek
# Pakon related stuff
cznic/pakon/ @mmatejek
cznic/pakon-dev-detect/ @mmatejek
cznic/pakon-lists/ @mmatejek
net/rmbt-client/ @mprudek
# Updater
updater/ @Cynerd
# Data collection
collect/ @miska
# Utils
utils/ @miska @ja-pa @Cynerd
utils/ @miska @ja-pa @Cynerd @BKPepe
# Web related packages
web/ @miska @shenek @Cynerd
web/foris-controller/ @mmtj @fhron
web/foris/ @mmtj
web/reforis/ @aleksan4g @MarekSasek
web/turris-webapps/ @aleksan4g
ARG ARCH=x86-64
FROM openwrtorg/rootfs:$ARCH
ADD entrypoint.sh /entrypoint.sh
CMD ["/entrypoint.sh"]
#!/bin/sh
color_out() {
printf "\e[0;$1m$PKG_NAME: %s\e[0;0m\n" "$2"
}
success() {
color_out 32 "$1"
}
info() {
color_out 36 "$1"
}
err() {
color_out 31 "$1"
}
warn() {
color_out 33 "$1"
}
err_die() {
err "$1"
exit 1
}
#!/bin/sh
mkdir -p /var/lock/
opkg update
[ -n "$CI_HELPER" ] || CI_HELPER="/ci/.github/workflows/ci_helpers.sh"
for PKG in /ci/*.ipk; do
tar -xzOf "$PKG" ./control.tar.gz | tar xzf - ./control
# package name including variant
PKG_NAME=$(sed -ne 's#^Package: \(.*\)$#\1#p' ./control)
# package version without release
PKG_VERSION=$(sed -ne 's#^Version: \(.*\)-[0-9]*$#\1#p' ./control)
# package source contianing test.sh script
PKG_SOURCE=$(sed -ne 's#^Source: .*/\(.*\)$#\1#p' ./control)
echo "Testing package $PKG_NAME in version $PKG_VERSION from $PKG_SOURCE"
opkg install "$PKG"
export PKG_NAME PKG_VERSION CI_HELPER
TEST_SCRIPT=$(find /ci/ -name "$PKG_SOURCE" -type d)/test.sh
if [ -f "$TEST_SCRIPT" ]; then
echo "Use package specific test.sh"
if sh "$TEST_SCRIPT" "$PKG_NAME" "$PKG_VERSION"; then
echo "Test succesful"
else
echo "Test failed"
exit 1
fi
else
echo "No test.sh script available"
fi
opkg remove "$PKG_NAME" --force-removal-of-dependent-packages --force-remove
done
name: Test Build
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
arch:
- arm_cortex-a9_vfpv3-d16
- powerpc_8540
version:
- master
- 19.07.7
- 21.02-SNAPSHOT
runtime_test: [false]
include:
- arch: aarch64_cortex-a53
version: master
runtime_test: true
- arch: aarch64_cortex-a53
version: 19.07.7
runtime_test: true
- arch: aarch64_cortex-a53
version: 21.02-SNAPSHOT
runtime_test: true
name: Target ${{ matrix.arch }} - OpenWrt ${{ matrix.version }}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Determine changed packages
run: |
# only detect packages with changed Makefiles
PACKAGES="$(git diff --diff-filter=d --name-only origin/develop \
| grep -E 'Makefile$|test.sh$' | grep -Ev '/files/|/src/' \
| awk -F/ '{ print $(NF-1) }' | tr '\n' ' ')"
# fallback to test packages if nothing explicitly changes this is
# should run if other mechanics changed
PACKAGES="${PACKAGES:-notification-system netmetr lighttpd}"
echo "Building $PACKAGES"
echo "PACKAGES=$PACKAGES" >> $GITHUB_ENV
- name: Build
uses: openwrt/gh-action-sdk@v1
env:
ARCH: ${{ matrix.arch }}
FEEDNAME: turrispackages_ci
- name: Move created packages to project dir
run: cp bin/packages/${{ matrix.arch }}/turrispackages_ci/*.ipk . || true
- name: Store packages
uses: actions/upload-artifact@v2
with:
name: ${{ matrix.arch}}-${{ matrix.version }}-packages
path: "*.ipk"
- name: Store logs
uses: actions/upload-artifact@v2
with:
name: ${{ matrix.arch}}-${{ matrix.version }}-logs
path: logs/
- name: Remove logs
run: sudo rm -rf logs/ || true
- name: Register QEMU
if: ${{ matrix.runtime_test }}
run: |
sudo docker run --rm --privileged aptman/qus -s -- -p
- name: Build Docker container
if: ${{ matrix.runtime_test }}
run: |
docker build -t test-container --build-arg ARCH .github/workflows/
env:
ARCH: ${{ matrix.arch }}
- name: Test via Docker container
if: ${{ matrix.runtime_test }}
run: |
docker run --rm -v $GITHUB_WORKSPACE:/ci test-container
# CZ.NIC folder
cznic/foris/ @shenek
cznic/fosquitto/ @shenek
cznic/mozilla-iot-gateway-webapp/ @mhrusecky
cznic/turrishw/ @shenek
cznic/turris-webapps/ @mhrusecky
# Hardware
# Data collection
collect/sentinel/ @kkoci @vmyslivec @mprudek
collect/haas-proxy/ @shenek
collect/pakon/ @mmatejek
collect/pakon-lists/ @mmatejek
# Hardware
hardware/ @mhrusecky
hardware/crypto-wrapper/ @vmyslivec
hardware/mox/mox-otp/ @vmyslivec
hardware/mox/mox-uboot/ @prohar @mbehun
hardware/omnia/omnia-uboot/ @prohar @mbehun
# Lang
lang/ @kkoci
# Lang - Python Packages
lang/ @jschlehofer @jpavlinec
lang/turrishw/ @mmatejek
# Libs
libs/ @jpavlinec @kkoci
libs/ @jschlehofer @jpavlinec
# Multimedia
multimedia/ @jschlehofer
multimedia/ @jschlehofer @jpavlinec
# Net
net/knot/ @dsalzman
net/knot-resolver/ @jpavlinec
net/ @jschlehofer
net/knot-resolver/ @vcunat @jpavlinec
net/unbound/ @jpavlinec
net/tor/ @jpavlinec
net/torsocks/ @jpavlinec
net/resolver-conf/ @jpavlinec
net/resolver-debug/ @jpavlinec
net/lighttpd/ @mhrusecky
net/lighttpd/ @jschlehofer
net/lighttpd-https-cert/ @mhrusecky
net/nextcloud/ @mhrusecky
net/dnssec-rootkey/ @jpavlinec @vcunat
net/lighttpd/ @mhrusecky
net/nextcloud/ @mhrusecky
net/nextcloud/ @mhrusecky
net/rmbt/ @mprudek
# Pakon related stuff
cznic/pakon/ @mmatejek
cznic/pakon-dev-detect/ @mmatejek
cznic/pakon-lists/ @mmatejek
net/rmbt-client/ @mprudek
# Updater
updater/ @kkoci
# Data collection
collect/ @mhrusecky
# Utils
utils/ @mhrusecky @jpavlinec @kkoci
utils/ @mhrusecky @jpavlinec @kkoci @jschlehofer
# Web related packages
web/ @mhrusecky @shenek @kkoci
web/foris-controller/ @mmatejek @fhron
web/foris/ @mmatejek
web/reforis/ @agumroian @msasek
web/turris-webapps/ @agumroian
#!/bin/bash
branch_name="$1"
branch_base="$2"
branch_desig="$3"
valid_base() {
[[ "$1" == "master" || "$1" == "develop" ]]
}
valid_desig() {
local base="$1"
local desig="$2"
case "$base" in
master)
[ "$desig" = "hotfix" ]
return
;;
develop)
[[ "$desig" =~ ^(bugfix|feature|refactor|hack)$ ]]
return
;;
*)
return 1
;;
esac
}
while [ -z "$branch_name" ]; do
read -r -p "Branch name: " branch_name
done
while ! valid_base "$branch_base"; do
read -r -p "Branch base ([d]evelop/[m]aster): " branch_base
case "$branch_base" in
d|dev)
branch_base="develop"
;;
m)
branch_base="master"
;;
esac
done
while ! valid_desig "$branch_base" "$branch_desig"; do
case "$branch_base" in
master)
branch_desig="hotfix"
continue
;;
develop)
read -r -p "Branch designation (bugfix/feature/refactor/hack): " \
branch_desig
case "$branch_desig" in
b|bug)
branch_desig="bugfix"
;;
f)
branch_desig="feature"
;;
r|ref)
branch_desig="refactor"
;;
h)
branch_desig="hack"
;;
esac
;;
esac
done
branch="$branch_desig/$branch_name"
echo "Creating branch: $branch"
git branch "$branch" "$branch_base"
git switch "$branch"
#!/bin/bash
repo="https://gitlab.nic.cz/turris/turris-os-packages"
cur_branch="$(git branch --show-current)"
open_merge_request() {
local target="$1"
local url="$repo/-/merge_requests/new?merge_request%5Bsource_branch%5D=$cur_branch&merge_request%5Btarget_branch%5D=$target"
if command -v xdg-open >/dev/null; then
xdg-open "$url"
else
echo "Open following URL to create merge request for branch: $cur_branch"
echo "$url"
fi
}
case "$cur_branch" in
master)
echo "Master branch is the most stable branch. There is no merge target for it." &2
exit 1
;;
develop)
echo "Develop branch is merged only on new Turris OS release." >&2
exit 1
;;
hotfix/*)
open_merge_request master
;;
feature/*|bugfix/*|refactor/*|hack/*)
open_merge_request develop
;;
*)
echo "Merge requests are not supported for this branch." >&2
;;
esac
......@@ -273,6 +273,14 @@ Tips for developers and maintainers
This is collection of various tips and primarily configuration options you can use
to simplify commands described in this flow.
Use project specific git configuration::
It is highly advised to use project specific git config. You can apply it by
running following command:
[,sh]
----------------------------------------------------------------------------------
git config --local include.path ../.gitconfig
----------------------------------------------------------------------------------
Sign commits and tags with GPG without using `--gpg-sign` and `-s`::
You can configure global or local git option `commit.gpgSign` and `tag.gpgSign`.
[,sh]
......
#
## Copyright (C) 2013-2015 CZ.NIC z.s.p.o. (http://www.nic.cz/)
#
## This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
# #
#
include $(TOPDIR)/rules.mk
PKG_NAME:=cznic-cacert-bundle
PKG_VERSION:=38
PKG_RELEASE:=3
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.nic.cz/turris/misc.git
PKG_SOURCE_VERSION:=1496ca959d1b51c2e98d623363e1fd9eba464d27
PKG_MAINTAINER:=CZ.NIC <packaging@turris.cz>
include $(INCLUDE_DIR)/package.mk
define Package/cznic-cacert-bundle/postinst
#!/bin/sh
[ -n "$$IPKG_INSTROOT" ] || {
# TODO: If ever anything gets removed from this list, use -r, not delete it manually.
/usr/sbin/cert-backup \
/etc/ssl/turris.pem \
/usr/bin/get-api-crl \
/etc/ssl/ucollect-server.pem \
-r /etc/ssl/www_turris_cz_ca.pem \
-r /etc/ssl/startcom.pem \
-r /etc/ssl/api.turris.pem
get-api-crl
}
endef
define Package/cznic-cacert-bundle
TITLE:=CZNIC cacert bundle
DEPENDS:=+cert-backup +c-rehash
endef
# The built is empty. But as there's no makefile in the git repo, we need to
# override the default that runs "make".
define Build/Compile
true
endef
define Package/cznic-cacert-bundle/install
$(INSTALL_DIR) $(1)/etc/ssl/
# TODO: If anything is modified here, it needs to be updated in the postinst too
$(INSTALL_DATA) $(PKG_BUILD_DIR)/cacerts/emergency-ca/ca.crt $(1)/etc/ssl/turris.pem
$(INSTALL_DATA) $(PKG_BUILD_DIR)/cacerts/ucollect-server.pem $(1)/etc/ssl/
ln -s /tmp/crl.pem $(1)/etc/ssl/crl.pem
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/cacerts/get-api-crl $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/cron.d
$(INSTALL_DATA) ./files/get-crl.cron $(1)/etc/cron.d/get-api
endef
$(eval $(call BuildPackage,cznic-cacert-bundle))
MAILTO=""
*/30 * * * * root /usr/bin/get-api-crl
#
## Copyright (C) 2014-2015 CZ.NIC z.s.p.o. (http://www.nic.cz/)
#
## This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
# #
#
include $(TOPDIR)/rules.mk
PKG_NAME:=dhparam
PKG_VERSION:=2.1
PKG_RELEASE:=2
PKG_MAINTAINER:=Michal Hrusecky <michal.hrusecky@nic.cz>
include $(INCLUDE_DIR)/package.mk
define Package/dhparam
TITLE:=Pregenerated Diffie-Hellman parameters
endef