Publish RPMs

.dockerignore

@@ -1,12 +1,7 @@
 ./bin
 ./etc
-./build/data
-./build/data.tar.gz
 ./pkg/data/zz_generated_bindata.go
-./package/data.tar.gz
 ./.vagrant
 ./.cache
 ./.dapper
-./data-dir
-./dist
 ./.trash-cache

.drone.yml

@@ -59,6 +59,23 @@ steps:
     event:
     - tag
 
+- name: rpm-publish
+  image: centos:7
+  environment:
+    PRIVATE_KEY:
+      from_secret: private_key
+    PRIVATE_KEY_PASS_PHRASE:
+      from_secret: private_key_pass_phrase
+    AWS_S3_BUCKET:
+      from_secret: aws_s3_bucket
+    AWS_ACCESS_KEY_ID:
+      from_secret: aws_access_key_id
+    AWS_SECRET_ACCESS_KEY:
+      from_secret: aws_secret_access_key
+  commands:
+  - scripts/provision/generic/centos7/yum-install-rpm-tools
+  - scripts/package-rpm
+
 - name: test
   image: rancher/dapper:v0.4.2
   secrets: [ gcloud_auth ]
@@ -154,6 +171,23 @@ steps:
     event:
     - tag
 
+- name: rpm-publish
+  image: centos:7
+  environment:
+    PRIVATE_KEY:
+      from_secret: private_key
+    PRIVATE_KEY_PASS_PHRASE:
+      from_secret: private_key_pass_phrase
+    AWS_S3_BUCKET:
+      from_secret: aws_s3_bucket
+    AWS_ACCESS_KEY_ID:
+      from_secret: aws_access_key_id
+    AWS_SECRET_ACCESS_KEY:
+      from_secret: aws_secret_access_key
+  commands:
+  - scripts/provision/generic/centos7/yum-install-rpm-tools
+  - scripts/package-rpm
+
 - name: test
   image: rancher/dapper:v0.4.2
   secrets: [ gcloud_auth ]
@@ -323,6 +357,6 @@ volumes:
   - name: docker
     host:
       path: /var/run/docker.sock
-      
+
 depends_on:
 - manifest

install.sh

@@ -26,6 +26,9 @@ set -e
 #     If set to 'skip' will not create symlinks, 'force' will overwrite,
 #     default will symlink if command does not exist in path.
 #
+#   - INSTALL_K3S_SKIP_ENABLE
+#     If set to true will not enable or start k3s service.
+#
 #   - INSTALL_K3S_SKIP_START
 #     If set to true will not start k3s service.
 #
@@ -166,11 +169,6 @@ setup_env() {
             ${invalid_chars}"
     fi
 
-    # --- set related files from system name ---
-    SERVICE_K3S=${SYSTEM_NAME}.service
-    UNINSTALL_K3S_SH=${SYSTEM_NAME}-uninstall.sh
-    KILLALL_K3S_SH=k3s-killall.sh
-
     # --- use sudo if we are not already root ---
     SUDO=sudo
     if [ $(id -u) -eq 0 ]; then
@@ -202,6 +200,11 @@ setup_env() {
         SYSTEMD_DIR=/etc/systemd/system
     fi
 
+    # --- set related files from system name ---
+    SERVICE_K3S=${SYSTEM_NAME}.service
+    UNINSTALL_K3S_SH=${UNINSTALL_K3S_SH:-${BIN_DIR}/${SYSTEM_NAME}-uninstall.sh}
+    KILLALL_K3S_SH=${KILLALL_K3S_SH:-${BIN_DIR}/k3s-killall.sh}
+
     # --- use service or environment location depending on systemd/openrc ---
     if [ "${HAS_SYSTEMD}" = true ]; then
         FILE_K3S_SERVICE=${SYSTEMD_DIR}/${SERVICE_K3S}
@@ -396,7 +399,7 @@ setup_binary() {
     $SUDO chown root:root ${TMP_BIN}
     $SUDO mv -f ${TMP_BIN} ${BIN_DIR}/k3s
 
-    if command -v getenforce > /dev/null 2>&1; then
+    if command -v getenforce >/dev/null 2>&1; then
         if [ "Disabled" != $(getenforce) ]; then
 	    info 'SELinux is enabled, setting permissions'
 	    if ! $SUDO semanage fcontext -l | grep "${BIN_DIR}/k3s" > /dev/null 2>&1; then
@@ -439,7 +442,7 @@ create_symlinks() {
 
     for cmd in kubectl crictl ctr; do
         if [ ! -e ${BIN_DIR}/${cmd} ] || [ "${INSTALL_K3S_SYMLINK}" = force ]; then
-            which_cmd=$(which ${cmd} || true)
+            which_cmd=$(which ${cmd} 2>/dev/null || true)
             if [ -z "${which_cmd}" ] || [ "${INSTALL_K3S_SYMLINK}" = force ]; then
                 info "Creating ${BIN_DIR}/${cmd} symlink to k3s"
                 $SUDO ln -sf k3s ${BIN_DIR}/${cmd}
@@ -455,13 +458,13 @@ create_symlinks() {
 # --- create killall script ---
 create_killall() {
     [ "${INSTALL_K3S_BIN_DIR_READ_ONLY}" = true ] && return
-    info "Creating killall script ${BIN_DIR}/${KILLALL_K3S_SH}"
-    $SUDO tee ${BIN_DIR}/${KILLALL_K3S_SH} >/dev/null << \EOF
+    info "Creating killall script ${KILLALL_K3S_SH}"
+    $SUDO tee ${KILLALL_K3S_SH} >/dev/null << \EOF
 #!/bin/sh
 [ $(id -u) -eq 0 ] || exec sudo $0 $@
 
 for bin in /var/lib/rancher/k3s/data/**/bin/; do
-    [ -d $bin ] && export PATH=$bin:$PATH
+    [ -d $bin ] && export PATH=$PATH:$bin:$bin/aux
 done
 
 set -x
@@ -499,7 +502,7 @@ killtree() {
 }
 
 getshims() {
-    lsof | sed -e 's/^[^0-9]*//g; s/  */\t/g' | grep -w 'k3s/data/[^/]*/bin/containerd-shim' | cut -f1 | sort -n -u
+    ps -e -o pid= -o args= | sed -e 's/^ *//; s/\s\s*/\t/;' | grep -w 'k3s/data/[^/]*/bin/containerd-shim' | cut -f1
 }
 
 killtree $({ set +x; } 2>/dev/null; getshims; set -x)
@@ -534,20 +537,20 @@ ip link delete flannel.1
 rm -rf /var/lib/cni/
 iptables-save | grep -v KUBE- | grep -v CNI- | iptables-restore
 EOF
-    $SUDO chmod 755 ${BIN_DIR}/${KILLALL_K3S_SH}
-    $SUDO chown root:root ${BIN_DIR}/${KILLALL_K3S_SH}
+    $SUDO chmod 755 ${KILLALL_K3S_SH}
+    $SUDO chown root:root ${KILLALL_K3S_SH}
 }
 
 # --- create uninstall script ---
 create_uninstall() {
     [ "${INSTALL_K3S_BIN_DIR_READ_ONLY}" = true ] && return
-    info "Creating uninstall script ${BIN_DIR}/${UNINSTALL_K3S_SH}"
-    $SUDO tee ${BIN_DIR}/${UNINSTALL_K3S_SH} >/dev/null << EOF
+    info "Creating uninstall script ${UNINSTALL_K3S_SH}"
+    $SUDO tee ${UNINSTALL_K3S_SH} >/dev/null << EOF
 #!/bin/sh
 set -x
 [ \$(id -u) -eq 0 ] || exec sudo \$0 \$@
 
-${BIN_DIR}/${KILLALL_K3S_SH}
+${KILLALL_K3S_SH}
 
 if which systemctl; then
     systemctl disable ${SYSTEM_NAME}
@@ -562,7 +565,7 @@ rm -f ${FILE_K3S_SERVICE}
 rm -f ${FILE_K3S_ENV}
 
 remove_uninstall() {
-    rm -f ${BIN_DIR}/${UNINSTALL_K3S_SH}
+    rm -f ${UNINSTALL_K3S_SH}
 }
 trap remove_uninstall EXIT
 
@@ -581,10 +584,10 @@ rm -rf /etc/rancher/k3s
 rm -rf /var/lib/rancher/k3s
 rm -rf /var/lib/kubelet
 rm -f ${BIN_DIR}/k3s
-rm -f ${BIN_DIR}/${KILLALL_K3S_SH}
+rm -f ${KILLALL_K3S_SH}
 EOF
-    $SUDO chmod 755 ${BIN_DIR}/${UNINSTALL_K3S_SH}
-    $SUDO chown root:root ${BIN_DIR}/${UNINSTALL_K3S_SH}
+    $SUDO chmod 755 ${UNINSTALL_K3S_SH}
+    $SUDO chown root:root ${UNINSTALL_K3S_SH}
 }
 
 # --- disable current service if loaded --
@@ -718,6 +721,8 @@ openrc_start() {
 
 # --- startup systemd or openrc service ---
 service_enable_and_start() {
+    [ "${INSTALL_K3S_SKIP_ENABLE}" = true ] && return
+
     [ "${HAS_SYSTEMD}" = true ] && systemd_enable
     [ "${HAS_OPENRC}" = true ] && openrc_enable
 

package/k3s.spec

@@ -0,0 +1,57 @@
+# vim: sw=4:ts=4:et
+
+%define install_path  /usr/bin
+%define util_path     %{_datadir}/k3s
+%define install_sh    %{util_path}/.install.sh
+%define uninstall_sh  %{util_path}/.uninstall.sh
+
+Name:    k3s
+Version: %{k3s_version}
+Release: %{k3s_release}%{?dist}
+Summary: Lightweight Kubernetes
+
+Group:   System Environment/Base		
+License: ASL 2.0
+URL:     http://k3s.io
+
+BuildRequires: systemd
+Requires(post): k3s-selinux >= %{k3s_policyver}
+
+%description
+The certified Kubernetes distribution built for IoT & Edge computing.
+
+%install
+install -d %{buildroot}%{install_path}
+install dist/artifacts/%{k3s_binary} %{buildroot}%{install_path}/k3s
+install -d %{buildroot}%{util_path}
+install install.sh %{buildroot}%{install_sh}
+
+%post
+# do not run install script on upgrade
+echo post-install args: $@
+if [ $1 == 1 ]; then
+    INSTALL_K3S_BIN_DIR=%{install_path} \
+    INSTALL_K3S_SKIP_DOWNLOAD=true \
+    INSTALL_K3S_SKIP_ENABLE=true \
+    UNINSTALL_K3S_SH=%{uninstall_sh} \
+        %{install_sh}
+fi
+%systemd_post k3s.service
+exit 0
+
+%postun
+echo post-uninstall args: $@
+# do not run uninstall script on upgrade
+if [ $1 == 0 ]; then
+    %{uninstall_sh}
+    rm -rf %{util_path}
+fi
+exit 0
+
+%files
+%{install_path}/k3s
+%{install_sh}
+
+%changelog
+* Mon Mar 2 2020 Erik Wilson <[email protected]> 0.1-1
+- Initial version

scripts/package-rpm

@@ -0,0 +1,78 @@
+#!/bin/bash
+set -e -x
+
+cd $(dirname $0)/..
+
+ARCH=${DRONE_STAGE_ARCH:-$(arch)}
+. ./scripts/version.sh
+
+if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(\-[^\+]*)?\+k3s.+$ ]]; then
+  echo "k3s version $VERSION does not match regex for rpm upload"
+  exit 0
+fi
+
+TMPDIR=$(mktemp -d)
+cleanup() {
+  exit_code=$?
+  trap - EXIT INT
+  rm -rf ${TMPDIR}
+  exit ${exit_code}
+}
+trap cleanup EXIT INT
+
+export HOME=${TMPDIR}
+
+BIN_SUFFIX=""
+if [ ${ARCH} = aarch64 ] || [ ${ARCH} = arm64 ]; then
+    BIN_SUFFIX="-arm64"
+elif [ ${ARCH} = armv7l ] || [ ${ARCH} = arm ]; then
+    BIN_SUFFIX="-armhf"
+fi
+
+# capture version of k3s
+k3s_version=$(sed -E -e 's/^v([^-+]*).*$/\1/' <<< $VERSION)
+# capture pre-release and metadata information of k3s
+k3s_release=$(sed -E -e 's/\+k3s/+/; s/\+/-/g; s/^[^-]*//; s/^--/dev-/; s/-+/./g; s/^\.+//; s/\.+$//;' <<< $VERSION)
+# k3s-selinux policy version needed for functionality
+k3s_policyver=0.1-1
+
+rpmbuild \
+  --define "k3s_version ${k3s_version}" \
+  --define "k3s_release ${k3s_release}" \
+  --define "k3s_policyver ${k3s_policyver}" \
+  --define "k3s_binary k3s${BIN_SUFFIX}" \
+  --define "_sourcedir ${PWD}" \
+  --define "_specdir ${PWD}" \
+  --define "_builddir ${PWD}" \
+  --define "_srcrpmdir ${PWD}" \
+  --define "_rpmdir ${PWD}/dist/rpm" \
+  --define "_buildrootdir ${PWD}/.rpm-build" \
+  -bb package/k3s.spec
+
+if ! grep "BEGIN PGP PRIVATE KEY BLOCK" <<<"$PRIVATE_KEY"; then
+  echo "PRIVATE_KEY not defined, skipping rpm sign and upload"
+  exit 0
+fi
+
+cat <<\EOF >~/.rpmmacros 
+%_signature gpg
+%_gpg_name [email protected]
+EOF
+gpg --import - <<<"$PRIVATE_KEY"
+
+expect <<EOF
+set timeout 60
+spawn sh -c "rpmsign --addsign dist/rpm/**/k3s-*.rpm"
+expect "Enter pass phrase:"
+send -- "$PRIVATE_KEY_PASS_PHRASE\r"
+expect eof
+lassign [wait] _ _ _ code
+exit \$code
+EOF
+
+if [ -z "$AWS_S3_BUCKET" ]; then
+  echo "AWS_S3_BUCKET skipping rpm upload"
+  exit 0
+fi
+
+rpm-s3 --bucket $AWS_S3_BUCKET dist/rpm/**/k3s-*.rpm

scripts/provision/generic/centos7/gen-gpg-keys

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+set -e -x
+
+TMPDIR=$(mktemp -d)
+cleanup() {
+  exit_code=$?
+  trap - EXIT INT
+  rm -rf ${TMPDIR}
+  exit ${exit_code}
+}
+trap cleanup EXIT INT
+
+export HOME=${TMPDIR}
+
+gpg --batch --gen-key - <<EOF
+%echo Generating a default key
+Key-Type: default
+Subkey-Type: default
+Name-Real: Rancher
+Name-Comment: CI
+Name-Email: [email protected]
+Expire-Date: 0
+
+# Key-Length: 4096
+# Subkey-Length: 4096
+Passphrase: $PRIVATE_KEY_PASS_PHRASE
+# %no-protection
+# %no-ask-passphrase
+
+# Do a commit here, so that we can later print "done" :-)
+%commit
+%echo done
+EOF
+
+gpg --armor --export [email protected] >public.key
+gpg --armor --export-secret-key [email protected] >private.key

scripts/provision/generic/centos7/yum-install-rpm-tools

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -e -x
+
+yum install -y git expect yum-utils rpm-build rpm-sign python-deltarpm epel-release
+yum install -y python2-pip
+pip install git+git://github.com/Voronenko/rpm-s3.git@5695c6ad9a08548141d3713328e1bd3f533d137e