From 2adb6cb1495abadb74533de3dac7f3f7a3aa5ddc Mon Sep 17 00:00:00 2001 From: Matthew Draper Date: Wed, 1 Jan 2025 11:34:33 -0800 Subject: [PATCH 1/6] Get CI build working again after forking deal with github mysteriously running actions with "ubuntu-latest" not resolving to 24.04. check for current ubuntu version and only do bwrap fix it >= 24.04 also, patch flakey flex mirrors, which were not working --- .github/workflows/bwrap.yml | 6 +- .github/workflows/ubuntu_bwrap_fix.sh | 98 +++++++++++++++++++++++++++ steps/flex-2.5.11/sources | 2 +- steps/flex-2.5.33/sources | 2 +- 4 files changed, 103 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/ubuntu_bwrap_fix.sh diff --git a/.github/workflows/bwrap.yml b/.github/workflows/bwrap.yml index eab6bc4f..3762fd1b 100644 --- a/.github/workflows/bwrap.yml +++ b/.github/workflows/bwrap.yml @@ -26,7 +26,7 @@ jobs: # against a commit != HEAD with depth=1, it errors out. fetch-depth: 0 - name: Work around Ubuntu 24.04 bubblewrap bug - run: sudo cp .github/workflows/bwrap.apparmor /etc/apparmor.d/bwrap && sudo systemctl reload apparmor + run: bash .github/workflows/ubuntu_bwrap_fix.sh - name: Query cache for sources id: cache uses: actions/cache/restore@v4 @@ -75,7 +75,7 @@ jobs: # against a commit != HEAD with depth=1, it errors out. fetch-depth: 0 - name: Work around Ubuntu 24.04 bubblewrap bug - run: sudo cp .github/workflows/bwrap.apparmor /etc/apparmor.d/bwrap && sudo systemctl reload apparmor + run: bash .github/workflows/ubuntu_bwrap_fix.sh - name: Get pass1_image uses: actions/download-artifact@v4 with: @@ -130,7 +130,7 @@ jobs: # against a commit != HEAD with depth=1, it errors out. fetch-depth: 0 - name: Work around Ubuntu 24.04 bubblewrap bug - run: sudo cp .github/workflows/bwrap.apparmor /etc/apparmor.d/bwrap && sudo systemctl reload apparmor + run: bash .github/workflows/ubuntu_bwrap_fix.sh - name: Get pass2_image uses: actions/download-artifact@v4 with: diff --git a/.github/workflows/ubuntu_bwrap_fix.sh b/.github/workflows/ubuntu_bwrap_fix.sh new file mode 100644 index 00000000..aaebe679 --- /dev/null +++ b/.github/workflows/ubuntu_bwrap_fix.sh @@ -0,0 +1,98 @@ +# SPDX-FileCopyrightText: 2025 reshi +# SPDX-License-Identifier: CC0-1.0 + +# We need a handwave to make ubuntu happy in order to run bwrap +# see https://etbe.coker.com.au/2024/04/24/ubuntu-24-04-bubblewrap/ + +# But, in some cases, it seems that 'ubuntu-latest' does not always +# 'resolve' to 20.04, so we do some hand waves to check for +# os version >= 20.04 (otherwise the build can die when +# trying to apply bwrap.apparmor) + +# Figure out current ubuntu version +# https://manpages.ubuntu.com/manpages/noble/man5/os-release.5.html +# +# The /etc/os-release and /usr/lib/os-release files contain +# operating system identification data. +# +# The format of os-release is a newline-separated list of +# environment-like shell-compatible variable assignments. +# +# The file /etc/os-release takes precedence over /usr/lib/os-release. +# Applications should check for the former, +# and exclusively use its data if it exists, +# and only fall back to /usr/lib/os-release if it is missing. +# +# VERSION_ID= +# A lower-case string +# (mostly numeric, no spaces or other characters outside of 0-9, +# a-z, ".", "_" and "-") +# identifying the operating system version, +# excluding any OS name information or release code name, +# and suitable for processing by scripts +# or usage in generated filenames. +# This field is optional. +# +# Examples: "VERSION_ID=17", "VERSION_ID=11.04". + +# Check for /etc/os-release or fall back to /usr/lib/os-release +if [ -f /etc/os-release ]; then + OS_RELEASE_FILE="/etc/os-release" +elif [ -f /usr/lib/os-release ]; then + OS_RELEASE_FILE="/usr/lib/os-release" +else + echo "Error: Neither /etc/os-release nor /usr/lib/os-release found." + exit 1 +fi + +# Extract 'VERSION_ID=' line. +VERSION_ID_LINE=$(grep '^VERSION_ID=' "$OS_RELEASE_FILE") +if [ -z "$VERSION_ID_LINE" ]; then + echo "Error: VERSION_ID not found in $OS_RELEASE_FILE." + echo "Contents of $OS_RELEASE_FILE:" + cat "$OS_RELEASE_FILE" + exit 1 +fi + +# Extract major/minor version +if [[ "$VERSION_ID_LINE" =~ ^VERSION_ID=\"([0-9]+)\.([0-9]+)\"$ ]]; then + # Matches 'VERSION_ID="major.minor"' (e.g., "24.04") + MAJOR="${BASH_REMATCH[1]}" + MINOR="${BASH_REMATCH[2]}" + echo "Ubuntu version: $MAJOR.$MINOR" +elif [[ "$VERSION_ID_LINE" =~ ^VERSION_ID=\"([0-9]+)\"$ ]]; then + # Matches 'VERSION_ID="major"' (e.g., "24") + MAJOR="${BASH_REMATCH[1]}" + MINOR="0" + echo "Ubuntu version: $MAJOR.$MINOR (no minor version specified)" +else + echo "Error: VERSION_ID is malformed in $OS_RELEASE_FILE." + echo "VERSION_ID_LINE: \"$VERSION_ID_LINE\"" + exit 1 +fi + +# Check for version >= 24.04, do workaround if so +check_version_ge() { + local major=$1 + local minor=$2 + (( MAJOR > major || (MAJOR == major && MINOR >= minor) )) +} +if check_version_ge 24 4; then + echo "Ubuntu version is >= 24.04, deploying bwrap work-around..." + sudo cp .github/workflows/bwrap.apparmor /etc/apparmor.d/bwrap || { + echo "Failed to copy AppArmor profile"; + exit 1; + } + echo "Reloading AppArmor service..." + sudo systemctl reload apparmor || { + # error msg from 'systemctl reload apparmor' + # suggests looking at the following... + echo "Failed to reload AppArmor. Checking status..."; + systemctl status apparmor.service; + echo "Checking logs..."; + journalctl -xeu apparmor.service; + exit 1; + } +else + echo "Ubuntu version is < 24.04, skipping bwrap work-around..." +fi diff --git a/steps/flex-2.5.11/sources b/steps/flex-2.5.11/sources index 19dd8799..7d7de24f 100644 --- a/steps/flex-2.5.11/sources +++ b/steps/flex-2.5.11/sources @@ -1 +1 @@ -http://download.nust.na/pub2/openpkg1/sources/DST/flex/flex-2.5.11.tar.gz bc79b890f35ca38d66ff89a6e3758226131e51ccbd10ef78d5ff150b7bd73689 +http://ftp-tel.sjtu.edu.cn/sites/ftp.openpkg.org/sources/DST/flex/flex-2.5.11.tar.gz bc79b890f35ca38d66ff89a6e3758226131e51ccbd10ef78d5ff150b7bd73689 diff --git a/steps/flex-2.5.33/sources b/steps/flex-2.5.33/sources index 226c7204..8acd3235 100644 --- a/steps/flex-2.5.33/sources +++ b/steps/flex-2.5.33/sources @@ -1 +1 @@ -http://download.nust.na/pub2/openpkg1/sources/DST/flex/flex-2.5.33.tar.gz c40385e142989c91989413f3c5a31282b2ffdca16b69cd3ecfde537b8a474921 +http://ftp-tel.sjtu.edu.cn/sites/ftp.openpkg.org/sources/DST/flex/flex-2.5.33.tar.gz c40385e142989c91989413f3c5a31282b2ffdca16b69cd3ecfde537b8a474921 From 6e3754ce6a125c7525d770962c08392b5f8fcf7b Mon Sep 17 00:00:00 2001 From: Matthew Draper Date: Wed, 1 Jan 2025 11:47:25 -0800 Subject: [PATCH 2/6] fix typos in ubuntu_bwrap_fix.sh --- .github/workflows/ubuntu_bwrap_fix.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ubuntu_bwrap_fix.sh b/.github/workflows/ubuntu_bwrap_fix.sh index aaebe679..c3fcece5 100644 --- a/.github/workflows/ubuntu_bwrap_fix.sh +++ b/.github/workflows/ubuntu_bwrap_fix.sh @@ -5,8 +5,8 @@ # see https://etbe.coker.com.au/2024/04/24/ubuntu-24-04-bubblewrap/ # But, in some cases, it seems that 'ubuntu-latest' does not always -# 'resolve' to 20.04, so we do some hand waves to check for -# os version >= 20.04 (otherwise the build can die when +# 'resolve' to 24.04, so we do some hand waves to check for +# os version >= 24.04 (otherwise the build can die when # trying to apply bwrap.apparmor) # Figure out current ubuntu version From f68722ecfe697b0ddca749e951e358c91a9f5881 Mon Sep 17 00:00:00 2001 From: Matthew Draper Date: Wed, 1 Jan 2025 11:51:30 -0800 Subject: [PATCH 3/6] fix email addr --- .github/workflows/ubuntu_bwrap_fix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ubuntu_bwrap_fix.sh b/.github/workflows/ubuntu_bwrap_fix.sh index c3fcece5..26ad911b 100644 --- a/.github/workflows/ubuntu_bwrap_fix.sh +++ b/.github/workflows/ubuntu_bwrap_fix.sh @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2025 reshi +# SPDX-FileCopyrightText: 2025 reshi # SPDX-License-Identifier: CC0-1.0 # We need a handwave to make ubuntu happy in order to run bwrap From 9dfd936970e0900b781f80e0e5dd9b69ee09049f Mon Sep 17 00:00:00 2001 From: Matthew Draper Date: Wed, 1 Jan 2025 14:47:39 -0800 Subject: [PATCH 4/6] Update ubuntu_bwrap_fix.sh add shebang --- .github/workflows/ubuntu_bwrap_fix.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ubuntu_bwrap_fix.sh b/.github/workflows/ubuntu_bwrap_fix.sh index 26ad911b..aebb93d5 100644 --- a/.github/workflows/ubuntu_bwrap_fix.sh +++ b/.github/workflows/ubuntu_bwrap_fix.sh @@ -1,3 +1,4 @@ +#!/usr/bin/env bash # SPDX-FileCopyrightText: 2025 reshi # SPDX-License-Identifier: CC0-1.0 From 4e07982e82ce16638c5dd16879df92543e2daaf9 Mon Sep 17 00:00:00 2001 From: Matthew Draper Date: Wed, 1 Jan 2025 14:48:45 -0800 Subject: [PATCH 5/6] Update lint.yml shellcheck new script in linter workflow --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index ba3fcf64..c79886f6 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -30,7 +30,7 @@ jobs: - name: Checkout repo uses: actions/checkout@v3 - name: shellcheck - run: shellcheck steps/helpers.sh download-distfiles.sh + run: shellcheck steps/helpers.sh download-distfiles.sh .github/workflows/ubuntu_bwrap_fix.sh reuse: name: Lint reuse information From 8b5e87fffcaa12e0194874af9f76d88ef2e5f991 Mon Sep 17 00:00:00 2001 From: Matthew Draper Date: Mon, 6 Jan 2025 10:08:01 -0800 Subject: [PATCH 6/6] switch from ubuntu-latest to ubuntu-24.04 avoid the complicated version detection --- .github/workflows/bwrap.yml | 12 ++-- .github/workflows/lint.yml | 2 +- .github/workflows/ubuntu_bwrap_fix.sh | 99 --------------------------- 3 files changed, 7 insertions(+), 106 deletions(-) delete mode 100644 .github/workflows/ubuntu_bwrap_fix.sh diff --git a/.github/workflows/bwrap.yml b/.github/workflows/bwrap.yml index 3762fd1b..6aa3c01b 100644 --- a/.github/workflows/bwrap.yml +++ b/.github/workflows/bwrap.yml @@ -14,7 +14,7 @@ on: jobs: pass1: name: Run up to Linux build under bubblewrap - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Install bubblewrap run: sudo apt install bubblewrap @@ -26,7 +26,7 @@ jobs: # against a commit != HEAD with depth=1, it errors out. fetch-depth: 0 - name: Work around Ubuntu 24.04 bubblewrap bug - run: bash .github/workflows/ubuntu_bwrap_fix.sh + run: sudo cp .github/workflows/bwrap.apparmor /etc/apparmor.d/bwrap && sudo systemctl reload apparmor - name: Query cache for sources id: cache uses: actions/cache/restore@v4 @@ -63,7 +63,7 @@ jobs: pass2: name: Run up to Python bootstrap under bubblewrap needs: pass1 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Install bubblewrap run: sudo apt install bubblewrap @@ -75,7 +75,7 @@ jobs: # against a commit != HEAD with depth=1, it errors out. fetch-depth: 0 - name: Work around Ubuntu 24.04 bubblewrap bug - run: bash .github/workflows/ubuntu_bwrap_fix.sh + run: sudo cp .github/workflows/bwrap.apparmor /etc/apparmor.d/bwrap && sudo systemctl reload apparmor - name: Get pass1_image uses: actions/download-artifact@v4 with: @@ -118,7 +118,7 @@ jobs: pass3: name: Run remaining builds under bubblewrap needs: pass2 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Install bubblewrap run: sudo apt install bubblewrap @@ -130,7 +130,7 @@ jobs: # against a commit != HEAD with depth=1, it errors out. fetch-depth: 0 - name: Work around Ubuntu 24.04 bubblewrap bug - run: bash .github/workflows/ubuntu_bwrap_fix.sh + run: sudo cp .github/workflows/bwrap.apparmor /etc/apparmor.d/bwrap && sudo systemctl reload apparmor - name: Get pass2_image uses: actions/download-artifact@v4 with: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index c79886f6..ba3fcf64 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -30,7 +30,7 @@ jobs: - name: Checkout repo uses: actions/checkout@v3 - name: shellcheck - run: shellcheck steps/helpers.sh download-distfiles.sh .github/workflows/ubuntu_bwrap_fix.sh + run: shellcheck steps/helpers.sh download-distfiles.sh reuse: name: Lint reuse information diff --git a/.github/workflows/ubuntu_bwrap_fix.sh b/.github/workflows/ubuntu_bwrap_fix.sh deleted file mode 100644 index aebb93d5..00000000 --- a/.github/workflows/ubuntu_bwrap_fix.sh +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/env bash -# SPDX-FileCopyrightText: 2025 reshi -# SPDX-License-Identifier: CC0-1.0 - -# We need a handwave to make ubuntu happy in order to run bwrap -# see https://etbe.coker.com.au/2024/04/24/ubuntu-24-04-bubblewrap/ - -# But, in some cases, it seems that 'ubuntu-latest' does not always -# 'resolve' to 24.04, so we do some hand waves to check for -# os version >= 24.04 (otherwise the build can die when -# trying to apply bwrap.apparmor) - -# Figure out current ubuntu version -# https://manpages.ubuntu.com/manpages/noble/man5/os-release.5.html -# -# The /etc/os-release and /usr/lib/os-release files contain -# operating system identification data. -# -# The format of os-release is a newline-separated list of -# environment-like shell-compatible variable assignments. -# -# The file /etc/os-release takes precedence over /usr/lib/os-release. -# Applications should check for the former, -# and exclusively use its data if it exists, -# and only fall back to /usr/lib/os-release if it is missing. -# -# VERSION_ID= -# A lower-case string -# (mostly numeric, no spaces or other characters outside of 0-9, -# a-z, ".", "_" and "-") -# identifying the operating system version, -# excluding any OS name information or release code name, -# and suitable for processing by scripts -# or usage in generated filenames. -# This field is optional. -# -# Examples: "VERSION_ID=17", "VERSION_ID=11.04". - -# Check for /etc/os-release or fall back to /usr/lib/os-release -if [ -f /etc/os-release ]; then - OS_RELEASE_FILE="/etc/os-release" -elif [ -f /usr/lib/os-release ]; then - OS_RELEASE_FILE="/usr/lib/os-release" -else - echo "Error: Neither /etc/os-release nor /usr/lib/os-release found." - exit 1 -fi - -# Extract 'VERSION_ID=' line. -VERSION_ID_LINE=$(grep '^VERSION_ID=' "$OS_RELEASE_FILE") -if [ -z "$VERSION_ID_LINE" ]; then - echo "Error: VERSION_ID not found in $OS_RELEASE_FILE." - echo "Contents of $OS_RELEASE_FILE:" - cat "$OS_RELEASE_FILE" - exit 1 -fi - -# Extract major/minor version -if [[ "$VERSION_ID_LINE" =~ ^VERSION_ID=\"([0-9]+)\.([0-9]+)\"$ ]]; then - # Matches 'VERSION_ID="major.minor"' (e.g., "24.04") - MAJOR="${BASH_REMATCH[1]}" - MINOR="${BASH_REMATCH[2]}" - echo "Ubuntu version: $MAJOR.$MINOR" -elif [[ "$VERSION_ID_LINE" =~ ^VERSION_ID=\"([0-9]+)\"$ ]]; then - # Matches 'VERSION_ID="major"' (e.g., "24") - MAJOR="${BASH_REMATCH[1]}" - MINOR="0" - echo "Ubuntu version: $MAJOR.$MINOR (no minor version specified)" -else - echo "Error: VERSION_ID is malformed in $OS_RELEASE_FILE." - echo "VERSION_ID_LINE: \"$VERSION_ID_LINE\"" - exit 1 -fi - -# Check for version >= 24.04, do workaround if so -check_version_ge() { - local major=$1 - local minor=$2 - (( MAJOR > major || (MAJOR == major && MINOR >= minor) )) -} -if check_version_ge 24 4; then - echo "Ubuntu version is >= 24.04, deploying bwrap work-around..." - sudo cp .github/workflows/bwrap.apparmor /etc/apparmor.d/bwrap || { - echo "Failed to copy AppArmor profile"; - exit 1; - } - echo "Reloading AppArmor service..." - sudo systemctl reload apparmor || { - # error msg from 'systemctl reload apparmor' - # suggests looking at the following... - echo "Failed to reload AppArmor. Checking status..."; - systemctl status apparmor.service; - echo "Checking logs..."; - journalctl -xeu apparmor.service; - exit 1; - } -else - echo "Ubuntu version is < 24.04, skipping bwrap work-around..." -fi