From 466a12f68778ee737dbc863f010549f224196680 Mon Sep 17 00:00:00 2001
From: Zhanchun Zhang <zzchun@zju.edu.cn>
Date: Wed, 17 Jan 2018 16:29:41 +0800
Subject: [PATCH] feature: build rpm package for pouch

Signed-off-by: Zhanchun Zhang <zzchun@zju.edu.cn>
---
 hack/package/build.sh                      | 155 +++++++++++++++++++++
 hack/package/rpm/Dockerfile                |  45 ++++++
 hack/package/rpm/scripts/after-install.sh  |  11 ++
 hack/package/rpm/scripts/after-remove.sh   |   4 +
 hack/package/rpm/scripts/after-trans.sh    |   8 ++
 hack/package/rpm/scripts/before-install.sh |   7 +
 hack/package/rpm/scripts/before-remove.sh  |   5 +
 hack/package/rpm/service/lxcfs.service     |  15 ++
 hack/package/rpm/service/pouch.service     |  28 ++++
 9 files changed, 278 insertions(+)
 create mode 100644 hack/package/build.sh
 create mode 100644 hack/package/rpm/Dockerfile
 create mode 100644 hack/package/rpm/scripts/after-install.sh
 create mode 100644 hack/package/rpm/scripts/after-remove.sh
 create mode 100644 hack/package/rpm/scripts/after-trans.sh
 create mode 100644 hack/package/rpm/scripts/before-install.sh
 create mode 100644 hack/package/rpm/scripts/before-remove.sh
 create mode 100644 hack/package/rpm/service/lxcfs.service
 create mode 100644 hack/package/rpm/service/pouch.service

diff --git a/hack/package/build.sh b/hack/package/build.sh
new file mode 100644
index 000000000..54cefc1da
--- /dev/null
+++ b/hack/package/build.sh
@@ -0,0 +1,155 @@
+#!/usr/bin/env sh
+
+set -e
+# This script is to build pouch rpm package as follows,
+# Following the below command to build rpm
+# 1. Build pouch:rpm image
+#	cd hack/package/rpm
+#	docker build -t pouch:rpm .
+# 2. Mount a directory which contains gpg keys, eg
+#    $ tree /root/rpm/
+#		rpm
+#		├── config
+#		├── keys
+#		│   ├── gpg
+#		│   └── secretkey
+#
+# Note:
+# In the config file you should configure the version, iteration, et.al
+#
+# VERSION, the version to give to the package, eg:
+# VERSION='0.1.0'
+#
+# The iteration to give to the package. RPM calls this the 'release'.
+# FreeBSD calls it 'PORTREVISION'. Debian calls this 'debian_revision', eg:
+# ITERATION='1.el7.centos'
+#
+# ARCHITECTURE, The architecture name. Usually matches 'uname -m'.
+# ARCHITECTURE='x86_64'
+#
+# the branch to build pouch
+# POUCH_BRANCH='0.1.x'
+# POUCH_COMMIT='6be2080cd9837e9b8a0039c2d21521bb00a30c84'
+#
+# lxcfs stable branch
+# LXC_TAG='stable-2.0'
+# LXC_DIR=$TMP/lxc
+#
+# 3. Run the following command, and enter your pass phrase to sign rpm package
+# docker run -it -v /root/rpm/:/root/rpm pouch:rpm bash -c hack/package/build.sh
+#
+# 4. In this example rpm package will be output in '/root/rpm/package/' directory
+
+DIR="$( cd "$( dirname "$0" )" && pwd )"
+
+TMP=$(mktemp -d /tmp/pouch.XXXXXX)
+
+MOUNTDIR=/root/rpm
+PACKAGEDIR=/root/rpm/package
+
+BASEDIR=/go/src/github.com/alibaba
+SERVICEDIR=$DIR/rpm/service
+SCRIPTSDIR=$DIR/rpm/scripts
+
+POUCHDIR=$TMP/source
+[ -d $POUCHDIR ] || mkdir -p $POUCHDIR
+BINDIR=$POUCHDIR/bin
+[ -d $BINDIR ] || mkdir -p $BINDIR
+
+SUMMARY='The open-source reliable application container engine.'
+
+# load config info
+source $MOUNTDIR/config
+
+# build lxcfs
+function build_lxcfs ()
+{
+    mkdir -p $LXC_DIR && pushd $LXC_DIR
+    git clone -b $LXC_TAG https://github.com/lxc/lxcfs.git && cd lxcfs
+    ./bootstrap.sh > /dev/null 2>&1
+    ./configure > /dev/null 2>&1
+    make install DESTDIR=$LXC_DIR > /dev/null 2>&1
+    popd
+}
+
+# install containerd, runc and pouch
+function build_pouch()
+{
+    # install containerd
+    echo "Downloading containerd."
+    wget --quiet https://github.com/containerd/containerd/releases/download/v1.0.0/containerd-1.0.0.linux-amd64.tar.gz -P $TMP
+    tar xf $TMP/containerd-1.0.0.linux-amd64.tar.gz -C $TMP && cp -f $TMP/bin/* $BINDIR/
+
+    # install runc
+    echo "Downloading runc."
+    wget --quiet https://github.com/opencontainers/runc/releases/download/v1.0.0-rc4/runc.amd64 -P $BINDIR/
+    chmod +x $BINDIR/runc.amd64
+    mv $BINDIR/runc.amd64 $BINDIR/runc
+
+    # build pouch
+    echo "Building pouch."
+    pushd $BASEDIR/pouch
+    git fetch && git checkout $POUCH_BRANCH && git checkout -q $POUCH_COMMIT
+    make install DESTDIR=$POUCHDIR
+    popd
+}
+
+function build_rpm ()
+{
+    pushd $MOUNTDIR
+    # import gpg keys
+    gpg --import $MOUNTDIR/keys/gpg
+    gpg --import $MOUNTDIR/keys/secretkey
+    rpm --import $MOUNTDIR/keys/gpg
+    popd
+
+    # configure gpg
+    echo "%_gpg_name Pouch Packages RPM Signing Key" >> /root/.rpmmacros
+
+    fpm -f -s dir \
+          -t rpm \
+          -n pouch \
+          -v $VERSION \
+          --iteration $ITERATION \
+          -a $ARCHITECTURE \
+          -p $PACKAGEDIR \
+          --description 'Pouch is an open-source project created by Alibaba Group to promote the container technology movement.
+
+    Pouchs vision is to advance container ecosystem and promote container standards OCI, so that container technologies become the foundation for application development in the Cloud era.
+
+    Pouch can pack, deliver and run any application. It provides applications with a lightweight runtime environment with strong isolation and minimal overhead. Pouch isolates applications from varying runtime environment, and minimizes operational workload. Pouch minimizes the effort for application developers to write Cloud-native applications, or to migrate legacy ones to a Cloud platform.' \
+          --url 'https://github.com/alibaba/pouch' \
+          --before-install $SCRIPTSDIR/before-install.sh \
+          --after-install $SCRIPTSDIR/after-install.sh \
+          --before-remove $SCRIPTSDIR/before-remove.sh \
+          --after-remove $SCRIPTSDIR/after-remove.sh \
+          --rpm-posttrans $SCRIPTSDIR/after-trans.sh \
+          --license 'Apache License 2.0' \
+          --verbose \
+          --category 'Tools/Pouch' \
+          -m 'Pouch pouch-dev@list.alibaba-inc.com' \
+          --vendor Pouch \
+          --rpm-sign \
+          -d pam-devel \
+          -d fuse-devel \
+          -d fuse-libs \
+          $BINDIR/=/usr/local/bin/ \
+          $SERVICEDIR/=/usr/lib/systemd/system/ \
+          $LXC_DIR/usr/local/bin/lxcfs=/usr/bin/lxcfs \
+          $LXC_DIR/usr/local/lib/lxcfs/liblxcfs.so=/usr/lib64/liblxcfs.so \
+          $LXC_DIR/usr/local/share/=/usr/share
+
+}
+
+function main()
+{
+	echo "Building rpm package."
+	build_pouch
+	build_lxcfs
+	build_rpm
+
+	# echo "Building deb package."
+	# echo "TODO: build deb"
+}
+
+main "$@"
diff --git a/hack/package/rpm/Dockerfile b/hack/package/rpm/Dockerfile
new file mode 100644
index 000000000..ca9432ff6
--- /dev/null
+++ b/hack/package/rpm/Dockerfile
@@ -0,0 +1,45 @@
+FROM centos:7.2.1511
+
+# install wget to download golang source code
+# install git
+RUN yum update -y \
+    && yum install -y \
+    wget \
+    git \
+    gcc \
+    ruby-devel \
+    fuse-devel \
+    pam-devel \
+    automake \
+    autoconf \
+    libtool \
+    make \
+    rpm-build \
+    rpm-sign \
+    rubygems \
+    vim \
+    tree \
+    && yum clean all
+# install fpm to build rpm package
+RUN gem install --no-ri --no-rdoc fpm
+
+# set go version this image use
+ENV GO_VERSION=1.9.1
+ENV ARCH=amd64
+
+# install golang which version is GO_VERSION
+RUN wget --quiet https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${ARCH}.tar.gz \
+    && tar -C /usr/local -xzf go${GO_VERSION}.linux-${ARCH}.tar.gz \
+    && rm go${GO_VERSION}.linux-${ARCH}.tar.gz
+
+# create GOPATH
+RUN mkdir /go
+ENV GOPATH=/go
+
+RUN git clone https://github.com/zzchun/pouch.git /go/src/github.com/alibaba/pouch
+
+# set go binary path to local $PATH
+# go binary path is /usr/local/go/bin
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+
+WORKDIR /go/src/github.com/alibaba/pouch
\ No newline at end of file
diff --git a/hack/package/rpm/scripts/after-install.sh b/hack/package/rpm/scripts/after-install.sh
new file mode 100644
index 000000000..95b27734d
--- /dev/null
+++ b/hack/package/rpm/scripts/after-install.sh
@@ -0,0 +1,11 @@
+if [ $1 -eq 1 ] ; then
+	systemctl preset pouch > /dev/null 2>&1
+	
+fi
+if ! getent group pouch > /dev/null; then
+	groupadd --system pouch
+fi
+
+if [ ! -d "/var/lib/lxcfs" ] ; then
+    mkdir -p /var/lib/lxcfs
+fi
\ No newline at end of file
diff --git a/hack/package/rpm/scripts/after-remove.sh b/hack/package/rpm/scripts/after-remove.sh
new file mode 100644
index 000000000..65c0360e2
--- /dev/null
+++ b/hack/package/rpm/scripts/after-remove.sh
@@ -0,0 +1,4 @@
+systemctl daemon-reload > /dev/null 2>&1
+if [ $1 -ge 1 ] ; then
+	systemctl try-restart pouch > /dev/null 2>&1
+fi
diff --git a/hack/package/rpm/scripts/after-trans.sh b/hack/package/rpm/scripts/after-trans.sh
new file mode 100644
index 000000000..ee17ead96
--- /dev/null
+++ b/hack/package/rpm/scripts/after-trans.sh
@@ -0,0 +1,8 @@
+if [ $1 -ge 0 ] ; then
+	# check if pouch is running before upgrade
+	if [ -f /var/lib/rpm-state/pouch-is-active ] ; then
+		systemctl start pouch > /dev/null 2>&1
+		rm -f /var/lib/rpm-state/pouch-is-active > /dev/null 2>&1
+	fi
+fi
+
diff --git a/hack/package/rpm/scripts/before-install.sh b/hack/package/rpm/scripts/before-install.sh
new file mode 100644
index 000000000..d45604f44
--- /dev/null
+++ b/hack/package/rpm/scripts/before-install.sh
@@ -0,0 +1,7 @@
+if [ "$1" -gt 0 ] ; then
+	rm -f /var/lib/rpm-state/pouch-is-active > /dev/null 2>&1
+	if systemctl is-active pouch > /dev/null 2>&1 ; then
+		systemctl stop pouch > /dev/null 2>&1
+		touch /var/lib/rpm-state/pouch-is-active > /dev/null 2>&1
+	fi
+fi
diff --git a/hack/package/rpm/scripts/before-remove.sh b/hack/package/rpm/scripts/before-remove.sh
new file mode 100644
index 000000000..f4bb5590a
--- /dev/null
+++ b/hack/package/rpm/scripts/before-remove.sh
@@ -0,0 +1,5 @@
+if [ $1 -eq 0 ] ; then
+	# Package removal
+	systemctl --no-reload disable pouch > /dev/null 2>&1
+	systemctl stop pouch > /dev/null 2>&1
+fi
diff --git a/hack/package/rpm/service/lxcfs.service b/hack/package/rpm/service/lxcfs.service
new file mode 100644
index 000000000..159ed8df0
--- /dev/null
+++ b/hack/package/rpm/service/lxcfs.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=FUSE filesystem for LXC
+ConditionVirtualization=!container
+Before=lxc.service
+Documentation=man:lxcfs(1)
+
+[Service]
+ExecStart=/usr/bin/lxcfs /var/lib/lxcfs/
+KillMode=process
+Restart=on-failure
+ExecStopPost=-/usr/bin/fusermount -u /var/lib/lxcfs
+Delegate=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/hack/package/rpm/service/pouch.service b/hack/package/rpm/service/pouch.service
new file mode 100644
index 000000000..8909e8348
--- /dev/null
+++ b/hack/package/rpm/service/pouch.service
@@ -0,0 +1,28 @@
+[Unit]
+Description=pouch
+
+[Service]
+ExecStart=/usr/local/bin/pouchd --enable-lxcfs=true --lxcfs=/usr/bin/lxcfs
+ExecReload=/bin/kill -HUP $MAINPID
+
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+
+TimeoutStartSec=0
+# set delegate yes so that systemd does not reset the cgroups of pouch containers
+Delegate=yes
+
+# kill only the pouch process, not all processes in the cgroup
+KillMode=process
+
+# restart the pouch process if it exits prematurely
+Restart=on-failure
+StartLimitBurst=3
+StartLimitInterval=60s
+
+[Install]
+WantedBy=multi-user.target
+