Merge branch 'release-1.1.2' into develop

Internet-of-People · Mar 15, 2019 · b8c00c4 · b8c00c4
2 parents 30f18d4 + 67c7096
commit b8c00c4
Show file tree

Hide file tree

Showing 31 changed files with 387 additions and 255 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -6,13 +6,18 @@ variables:
   BITBAKEDIR: '$CI_PROJECT_DIR/bitbake'
   IMAGE_DIR: '$CI_PROJECT_DIR/build/tmp-glibc/deploy/images'
   VERSION: 'git describe --long'
+  RELEASE_VERSION: 'echo $CI_COMMIT_REF_NAME | cut -d- -f2'
+  PARSE_X86_RELEASE_VERSION: 'python3 ../meta-titania/bin/parse_release_version.py $IMAGE_DIR/qemux86-64/x86-titania-image-qemux86-64.testdata.json'
   SHA_HASH: 'git rev-parse HEAD'
 
 stages:
   - setup
   - build_rpi
   - build_x86
   - convert_x86
+  - release_build_rpi
+  - release_build_x86
+  - release_convert_x86
 
 #
 # Jobs below
@@ -79,20 +84,28 @@ x86:
       - titania-x86-*.img.gz
     expire_in: 3 days
 
+  except:
+    refs:
+      - /^release-.*$/
+
 # Create a vmdk file as artifact for x86-virt image
 create_vmdk:
-    stage: convert_x86
-    # libertaria/yocto-build is all gmacario/build-yocto
-    # with addition of qemu-utils packages
-    image: libertaria/yocto-build                                                                                                                                                                 
-    script:
-        - gunzip $CI_PROJECT_DIR/titania-x86-$(eval $VERSION).img.gz
-        - qemu-img convert -O vmdk $CI_PROJECT_DIR/titania-x86-$(eval $VERSION).img $CI_PROJECT_DIR/titania-x86-$(eval $VERSION).vmdk
-
-    artifacts:
-      paths:
-        - titania-x86-*.vmdk
-      expire_in: 3 days
+  stage: convert_x86
+  # libertaria/yocto-build is all gmacario/build-yocto
+  # with addition of qemu-utils packages
+  image: libertaria/yocto-build
+  script:
+      - gunzip $CI_PROJECT_DIR/titania-x86-$(eval $VERSION).img.gz
+      - qemu-img convert -O vmdk $CI_PROJECT_DIR/titania-x86-$(eval $VERSION).img $CI_PROJECT_DIR/titania-x86-$(eval $VERSION).vmdk
+
+  artifacts:
+    paths:
+      - titania-x86-*.vmdk
+    expire_in: 3 days
+
+  except:
+    refs:
+      - /^release-.*$/
 
 raspberry:
   stage: build_rpi
@@ -124,4 +137,95 @@ raspberry:
       - titania-arm-rpi-*.swu
     expire_in: 3 days
 
+  except:
+    refs:
+      - /^release-.*$/
+
+# ============
+# Release jobs
+# ============
+
+release_raspberry:
+  stage: release_build_rpi
+
+  script:
+    # Adding the SSH key
+    - eval $(ssh-agent)
+    - echo $SSH_KEY_B64 | base64 -d | ssh-add -
+    # Ensure we have the host key
+    - mkdir ~/.ssh || true
+    - echo $SSH_HOST_KEY_B64 | base64 -d >> ~/.ssh/known_hosts
+    - source openembedded-core/oe-init-build-env
+    # Force rebuild for Docker
+    - MACHINE="raspberrypi3" bitbake -C install dapp
+    - MACHINE="raspberrypi3" bitbake rpi-titania-image
+    - MACHINE="raspberrypi3" bitbake rpi-titania-update
+    - cp -H $IMAGE_DIR/raspberrypi3/rpi-titania-image-raspberrypi3.wic.gz $CI_PROJECT_DIR/titania-arm-rpi-$(eval $RELEASE_VERSION).img.gz
+    - cp -H $IMAGE_DIR/raspberrypi3/rpi-titania-update-raspberrypi3.swu $CI_PROJECT_DIR/titania-arm-rpi-$(eval $RELEASE_VERSION).swu
+
+  cache:
+    paths: []
+
+  artifacts:
+    paths:
+      - titania-arm-rpi-*.img.gz
+      - titania-arm-rpi-*.swu
+    expire_in: 90 days
+
+  only:
+    refs:
+      - /^release-.*$/
+
+job_release_build_x86:
+  stage: release_build_x86
+
+  # `extends: x86` doesn't work because if the x86 job is not added (because of release branch),
+  # neither this job will be added to the pipeline.
+  script:
+    # Adding the SSH key
+    - eval $(ssh-agent)
+    - echo $SSH_KEY_B64 | base64 -d | ssh-add -
+    # Ensure we have the host key
+    - mkdir -p ~/.ssh
+    - echo $SSH_HOST_KEY_B64 | base64 -d >> ~/.ssh/known_hosts
+    - source openembedded-core/oe-init-build-env
+    - MACHINE="qemux86-64" bitbake -C install dapp
+    - MACHINE="qemux86-64" bitbake x86-titania-image
+    # Ensure the branch name matches with the distro version defined in titania.conf
+    - test "$(eval $PARSE_X86_RELEASE_VERSION)" = "$(eval $RELEASE_VERSION)"
+    - cp -H $IMAGE_DIR/qemux86-64/x86-titania-image-qemux86-64.wic.gz $CI_PROJECT_DIR/titania-x86-$(eval $RELEASE_VERSION).img.gz
+
+  only:
+    refs:
+      - /^release-.*$/
+
+  cache:
+    paths: []
+
+  artifacts:
+    paths:
+      - titania-x86-*.img.gz
+    expire_in: 90 days
+
+job_release_convert_x86:
+  stage: release_convert_x86
+  image: libertaria/yocto-build                                                                                                                                                                 
+
+  script:
+      - gunzip $CI_PROJECT_DIR/titania-x86-$(eval $RELEASE_VERSION).img.gz
+      - qemu-img convert -O vmdk $CI_PROJECT_DIR/titania-x86-$(eval $RELEASE_VERSION).img $CI_PROJECT_DIR/titania-x86-$(eval $RELEASE_VERSION).vmdk
+
+  only:
+    refs:
+      - /^release-.*$/
+
+  cache:
+    paths: []
+
+  artifacts:
+    paths:
+      - titania-x86-*.vmdk
+    expire_in: 90 days
+
+
 # TODO: add GPG signature
diff --git a/meta-titania/bin/parse_release_version.py b/meta-titania/bin/parse_release_version.py
@@ -0,0 +1,5 @@
+import sys
+import json
+j = open(sys.argv[1]).read()
+vars = json.loads(j)
+print(vars['DISTRO_VERSION'])
diff --git a/meta-titania/conf/distro/titania.conf b/meta-titania/conf/distro/titania.conf
@@ -2,7 +2,7 @@ DISTRO = "titania"
 DISTRO_NAME = "TitaniaOS"
 DISTRO_VERSION_MAJOR ?= "1"
 DISTRO_VERSION_MINOR ?= "1"
-DISTRO_VERSION_PATCH ?= "1"
+DISTRO_VERSION_PATCH ?= "2"
 
 # Override if you need an RC or something like that
 # NOTE: add the hyphen on your own, e.g. "-rc5"

diff --git a/meta-titania/recipes-connectivity/networkmanager/files/generate-issue.sh b/meta-titania/recipes-connectivity/networkmanager/files/generate-issue.sh
@@ -1,17 +1,29 @@
 #!/bin/bash
 
+OLD_ISSUE_HASH=
+if [[ -f /etc/issue ]]
+then
+    OLD_ISSUE_HASH="$(sha256sum /etc/issue)"
+fi
+
 cat /etc/titania.ascii > /etc/issue
 
 IPS=$(ip -4 addr show | grep -w inet | grep -vw lo | grep -wv docker0 | awk '{print $2}' | cut -d/ -f1)
 if [[ $? = 0 ]]
 then
-	for IP in $IPS
-	do
-	    echo -e "\t\t\tTitania Web Interface:  http://$IP/" >> /etc/issue
-	done
+    for IP in $IPS
+    do
+        echo -e "\t\t\tTitania Web Interface:  http://$IP/" >> /etc/issue
+    done
 fi
 
 echo >> /etc/issue
 cat /etc/issue.titania >> /etc/issue
 
-killall -HUP agetty
+NEW_ISSUE_HASH="$(sha256sum /etc/issue)"
+if [[ $NEW_ISSUE_HASH != $OLD_ISSUE_HASH ]]
+then
+    # agetty will show the changed /etc/issue if killed with HUP signal.
+    # If /etc/issue didn't change, no need to kill agetty.
+    killall -HUP agetty
+fi
diff --git a/meta-titania/recipes-core/images/x86-titania-image.bb b/meta-titania/recipes-core/images/x86-titania-image.bb
@@ -4,10 +4,9 @@ inherit x86img
 
 include recipes-core/images/core-image-minimal.bb
 
-IMAGE_CLASSES += " x86img"
+IMAGE_CLASSES += "x86img"
 
-IMAGE_FEATURES += " ssh-server-dropbear "
-# TODO +splash
+IMAGE_FEATURES += "ssh-server-dropbear"
 
 IMAGE_INSTALL += " \
     kernel-modules \

diff --git a/meta-titania/recipes-kernel/linux/linux-raspberrypi_%.bbappend b/meta-titania/recipes-kernel/linux/linux-raspberrypi_%.bbappend
@@ -0,0 +1,3 @@
+require titania-logos.inc
+require titania-tty-console.inc
+require titania-no-default-root.inc
diff --git a/meta-titania/recipes-titania/dapp/dapp.inc b/meta-titania/recipes-titania/dapp/dapp.inc
@@ -4,12 +4,14 @@ RDEPENDS_${PN} = " \
     python3-fusepy \
     python3-modules \
     python3-misc \
+    jq \
 "
 
 # TODO: move dapp_prepare.sh logic inside systemd
 SRC_URI += "file://apps.json \
             file://dapp_prepare.sh \
             file://dapp_register.sh \
+            file://dapp_forward_ports.sh \
             file://dapp_pull.sh \
             file://dapp_load.sh \
             file://dapp_version.sh \
@@ -24,15 +26,12 @@ SRC_URI += "file://apps.json \
 
 inherit systemd
 
-# TODO: how exactly do we ship nginx?
 # Drop-in directory for JSON maybe
 FILES_${PN} = "${systemd_unitdir}/system/[email protected] /opt/titania/* ${sysconfdir}/systemd/* /opt/titania/"
 
 # Systemd recipe doesn't know how to parse things with multiple dots
 # openembedded-core `master` branch has the correct code. 
 # They get replaced in a ROOTFS_POSTPROCESS command (see rpi-titania-image)
-# TODO: Either backport or upgrade branch (painful!), remove this hack
-# TODO: make latter a .target, use ExecStartPost etc.
 SYSTEMD_SERVICE_${PN} = "dapp@world,libertaria,nginx.service \
                          dapp-systemd-bridge.service \
                          dapp-json-merge.service"

diff --git a/meta-titania/recipes-titania/dapp/files/dapp_forward_ports.sh b/meta-titania/recipes-titania/dapp/files/dapp_forward_ports.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+# Open up ports on the router via natpmp for the public ports
+
+if [[ $1 != "start" && $1 != "stop" ]]
+then
+    echo "Usage: $0 [start|stop] <dapp_name>"
+    exit 1
+fi
+
+if [[ -z $2 ]]
+then
+    echo "dapp name must be specified"
+    exit 1
+fi
+
+ACTION=$1
+DAPP_ID=$2
+
+function public_ports()
+{
+    local DAPP_ID_=$1
+    local PROTOCOL=$2
+
+    jq ".[] | select(.id == \"$DAPP_ID_\") | .ports | .[] | select(.type == \"public\") | select(.protocol == \"$PROTOCOL\") | .port" /run/apps.json
+}
+
+case $ACTION in
+    start)
+        echo "Setting up portforwarding via natpmp for public ports."
+        for typ in tcp udp
+        do
+            for port in $(public_ports $DAPP_ID $typ)
+            do
+                echo Setting up $typ portforward on port $port
+                systemctl start forward-port@${port}-${typ}.service || true  # service fails if natpmp is not enabled on router
+            done
+        done
+        ;;
+
+    stop)
+        echo "Removing natpmp portforwards"
+        for typ in tcp udp
+        do
+            for port in $(public_ports $DAPP_ID $typ)
+            do
+                echo Removing $typ portforward from port $port
+                systemctl stop forward-port@${port}-${typ}.service || true  # service fails if natpmp is not enabled on router
+            done
+        done
+        ;;
+
+    *)
+        echo "start/stop command must be specified"
+        exit 1
+        ;;
+esac
diff --git a/meta-titania/recipes-titania/dapp/files/dapp_prepare.sh b/meta-titania/recipes-titania/dapp/files/dapp_prepare.sh
@@ -4,19 +4,23 @@
 if ! docker inspect "$1" >/dev/null 2>&1; then
     echo "Creating dApp container"
     # Getting the detailed image name
-    IMAGE_NAME="$(/opt/titania/bin/dapp_version.sh base $1)"
-    IMAGE_HASH="$(/opt/titania/bin/dapp_version.sh image $1)"
-    IMAGE_SPEC="${IMAGE_NAME}@${IMAGE_HASH}"
+    IMAGE_NAME="$(/opt/titania/bin/dapp_version.sh image $1)"
+    IMAGE_DIGEST="$(/opt/titania/bin/dapp_version.sh digest $1)"
+
+    if [[ -n $IMAGE_DIGEST ]]
+    then
+        IMAGE_SPEC="${IMAGE_NAME}@${IMAGE_DIGEST}"
+    else
+        IMAGE_SPEC="${IMAGE_NAME}"
+    fi
 
     echo "Full image name: ${IMAGE_SPEC}"
 
     # Directory for exchanging static files with nginx
     # - shared allows bind mount to propagate
-    # TODO: only on containers that have it?
-    # TODO: parametrise the path
     EXTRA_VOLUMES="-v /run/dapp/$1:/dapp:shared"
 
-    # -it needed for global.iop.ps TODO: standardize
+    # -it needed for global.iop.ps
     docker create -it $EXTRA_VOLUMES --env-file /run/network_info.env --name $* ${IMAGE_SPEC}
 else
     echo "dApp container already present"

diff --git a/meta-titania/recipes-titania/dapp/files/dapp_register.sh b/meta-titania/recipes-titania/dapp/files/dapp_register.sh
@@ -1,8 +1,6 @@
 #!/bin/bash
 # Utility to create per-dapp http(s) forwards
-# TODO: make configurable
-# TODO: /dapp directory is hardcoded
-DAPP_CONF_PATH="/run/dapp.conf.d/"
+DAPP_CONF_PATH="/run/dapp.conf.d"
 NGINX_SERVICE="[email protected]"
 
 if test -z "$2"; then
@@ -28,14 +26,14 @@ case $1 in
         exit -1
     fi 
 
-    # TODO: currently only http, add https when we have it
-    # TODO: no slash at the end removes automatic redirect feature (e.g. /user to /user/)
+    # NOTE: No slash at the end removes automatic redirect feature (e.g. /user to /user/)
     # refer to nginx docu how to fix it if needed
     # NOTE: implicit directory indexes are hardcoded to index.html and index.htm outside of
     # usual nginx way to configure it to prevent try_files from matching directories and
     # failing with 403 due to prohibited directory listing
-    # NOTE: X-Titania-Content-Source header is always added, even to error responces.
+    # NOTE: X-Titania-Content-Source header is always added, even to error responses.
     # Remove the `always` part to prevent that
+    mkdir -p $DAPP_CONF_PATH
     cat > $DAPP_CONF_PATH/$DAPP_ID.conf <<EOF
 location /dapp/$DAPP_ID {
     rewrite ^/dapp/$DAPP_ID/?(.*)\$ /\$1 break;
@@ -57,7 +55,7 @@ EOF
         PID=$(docker inspect --format {{.State.Pid}} $DAPP_ID)
         # No need to retry, should be up by now
         if test -z "$PID"; then
-            # TODO: WARNING: a malicious app developer can mount system devices
+            # WARNING: a malicious app developer can mount system devices
             # Prevent this by checking that $3 is a valid path (in next commit)
             nsenter --target $PID --mount --uts --ipc --net --pid -- \
                 mount -o bind,ro $3 /dapp 
@@ -68,8 +66,6 @@ EOF
     stop)
     echo "Removing nginx drop-in config"
     rm -f $DAPP_CONF_PATH/$DAPP_ID.conf
-
-    # TODO: study if we should unmount the static directory
     ;;
 
     *)