SAC software procedures

From PDP/Grid Wiki
Revision as of 14:33, 10 April 2011 by Dennisvd@nikhef.nl (talk | contribs) (add creating rpm instructions.)
Jump to navigationJump to search

Software release procedure for Grid Security Middleware

The grid security middleware components developed at Nikhef are released as source tarballs, which form the basis of further packaging and distribution methods such as RPM (Red Hat) and DEB (Debian).

The main source repository for these components is https://ndpfsvn.nikhef.nl/cgi-bin/viewvc.cgi/mwsec/, which can be used with SVN in the following ways:

SVN with SSH public key authentication (NB. username is always svn):

svn+ssh://svn@ndpfsvn.nikhef.nl/repos/mwsec/

SVN with https access:

https://ndpfsvn.nikhef.nl/repos/mwsec/

SVN with http access:

http://ndpfsvn.nikhef.nl/ro/mwsec/

The released software tarballs should be placed on http://software.nikhef.nl/security. The exact procedure is as follows:

  1. Create a tag in SVN under .../mwsec/tags/<component>/<version>/
  2. Do a clean build from the software from the freshly checked out tag on a Red Hat 5 (compatible) system, by running ./bootstrap. This is required to have consistency in the versions of the autotools that are used in the distributed software.
  3. Do a 'make dist' to generate a release tarball
  4. copy the tarball to software.nikhef.nl:/project/srv/www/site/software/html/security/<component>/release-candidate/
  5. generate a SHA1 checksum of the tarball and place it in a file with the same name but with the .sha1 extension. Record the checksum in an e-mail to <grid-mw-security@nikhef.nl>,
  6. verify that this tarball can be used for packaging, and that the packaged software works.
  7. After sufficient certification, release the software by moving it to to the parent directory, and have the release manager sign the tarball with GPG.

Creating a tag in Grid Security Middleware

We take the example for glexec, but this will be a valid set of sets for any component:

Go to the trunk, and make sure it's up to date:

# For glexec:
cd mwsec/trunk
svn update
cd ..

Check out the tags directory for the component exclusively:

svn co --depth=empty svn+ssh://svn@ndpfsvn.nikhef.nl/repos/mwsec/tags
cd tags
svn co --depth=immediates svn+ssh://svn@ndpfsvn.nikhef.nl/repos/mwsec/tags/glexec
cd glexec

Copy the HEAD from trunk into the tag directory, the directory name is only named by it's version:

svn copy ../../trunk/glexec 0_8_2
cd 0_8_2

Make a list of the used SVN externals: Resolve the externals as local files for each tag:

svn propget svn:externals > my_externals.txt

Make a list of the files associated to each external and remove the externals in the current SVN directory:

svn propdel svn:externals

For each entry in the my_externals.txt file and each file associated to them do something like:

rm -rf m4
rm -rf src/{safefile-1.0,environ,realpath,fileutil}
svn copy --parents ../../../trunk/m4/lcmaps.m4 m4/lcmaps.m4
svn copy ../../../trunk/cgul/{safefile-1.0,environ,realpath,fileutil} src/
rm my_externals.txt
cd ..

Commit!

svn commit

Creating RPMs from the distributed tarballs

The creation of RPM packages from source tarball is done with the rpmbuild utility. This takes a SPEC file as input; the SPEC file contains the meta-data of the RPM, the sources and patches that should be used, and the commands that produce the binaries.

The RPMs for the security middleware are currently found in SVN, under svn+ssh://svn@ndpfsvn.nikhef.nl/repos/mwsec/packaging/fedora/trunk/. This repository is monitored by the Cruisecontrol instance running on the testbed, and updates to the SPEC files result in build attempts there. To monitor the status of Cruisecontrol at http://cruisecontrol.testbed:8080/ you need to hook up with the testbed network and tinker with the DNS resolution of your browser.

The following steps must be taken under the usercc account.

All output should show up on span.nikhef.nl under /srv/project/rpmbuild/(S)RPMS/...; from this a yum-installable repo needs to be composed by copying the right files to /srv/project/mwsec/el5/mwsec/ and running

cd /srv/project/mwsec/el5/mwsec/x86_64/ && createrepo .
cd /srv/project/mwsec/el5/mwsec/x386/ && createrepo .
cd /srv/project/mwsec/el5/mwsec/SRPMS/ && createrepo .

After this step, the repositories need to be synced with software.nikhef.nl:

rsync -rLt /srv/project/mwsec/ software.nikhef.nl:/project/srv/www/site/software/html/dist/redhat/