[Git][qa/jenkins.debian.net][master] add https://riscv64.reproduce.debian.net
Holger Levsen (@holger)
gitlab at salsa.debian.org
Thu Jan 23 20:13:22 GMT 2025
Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net
Commits:
6f78d2da by Holger Levsen at 2025-01-23T21:13:00+01:00
add https://riscv64.reproduce.debian.net
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
12 changed files:
- hosts/osuosl5-amd64/etc/cron.d/rebuilderd
- hosts/osuosl5-amd64/etc/nginx/nginx.conf
- + hosts/osuosl5-amd64/opt/etc/rebuilderd-riscv64.conf
- + hosts/osuosl5-amd64/opt/etc/rebuilderd-sync-riscv64.conf
- hosts/osuosl5-amd64/var/www/html/index_amd64.html
- hosts/osuosl5-amd64/var/www/html/index_arm64.html
- hosts/osuosl5-amd64/var/www/html/index_armhf.html
- hosts/osuosl5-amd64/var/www/html/index_i386.html
- + hosts/osuosl5-amd64/var/www/html/index_riscv64.html
- hosts/osuosl5-amd64/var/www/html/rdn_index.html
- hosts/osuosl5-amd64/var/www/html/rebuilderd-setup.html
- update_jdn.sh
Changes:
=====================================
hosts/osuosl5-amd64/etc/cron.d/rebuilderd
=====================================
@@ -1,3 +1,3 @@
MAILTO=root
-42 */3 * * * rebuilderd for arch in amd64 i386 arm64 armhf ; do mkdir -p /srv/rebuilderd/$arch/stats/ && /srv/jenkins/bin/rebuilderd_stats.py $arch /srv/rebuilderd/$arch/rebuilderd.db > /srv/rebuilderd/$arch/stats/index.html.tmp && mv /srv/rebuilderd/$arch/stats/index.html.tmp /srv/rebuilderd/$arch/stats/index.html ; done
-23 0,6,12,18 * * * rebuilderd for arch in amd64 i386 arm64 armhf ; do /srv/jenkins/bin/rebuilderd_graph.sh $arch ; done
+42 */3 * * * rebuilderd for arch in amd64 i386 arm64 armhf riscv64 ; do mkdir -p /srv/rebuilderd/$arch/stats/ && /srv/jenkins/bin/rebuilderd_stats.py $arch /srv/rebuilderd/$arch/rebuilderd.db > /srv/rebuilderd/$arch/stats/index.html.tmp && mv /srv/rebuilderd/$arch/stats/index.html.tmp /srv/rebuilderd/$arch/stats/index.html ; done
+23 0,6,12,18 * * * rebuilderd for arch in amd64 i386 arm64 armhf riscv64 ; do /srv/jenkins/bin/rebuilderd_graph.sh $arch ; done
=====================================
hosts/osuosl5-amd64/etc/nginx/nginx.conf
=====================================
@@ -208,6 +208,55 @@ http {
}
+ server {
+ server_name riscv64.reproduce.debian.net;
+ ssi on;
+ index index_riscv64.html;
+ root /var/www/html;
+
+ listen 443 ssl;
+ ssl_certificate /var/lib/dehydrated/certs/riscv64.reproduce.debian.net/fullchain.pem;
+ ssl_certificate_key /var/lib/dehydrated/certs/riscv64.reproduce.debian.net/privkey.pem;
+
+ ssl_session_cache shared:le_nginx_SSL:10m;
+ ssl_session_timeout 1440m;
+ ssl_session_tickets off;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_prefer_server_ciphers off;
+ ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-C
+ HACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+
+ location /.well-known/acme-challenge/ {
+ alias /var/lib/dehydrated/acme-challenges/;
+ disable_symlinks off;
+ autoindex off;
+ }
+
+ location / {
+ # First attempt to serve request as file, then
+ # as directory, then fall back to displaying a 404.
+ try_files $uri $uri/ =404;
+ }
+
+ location /api/ {
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://127.0.0.1:8488;
+ }
+ location = /api/v0/build/report {
+ client_max_body_size 200M;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://127.0.0.1:8488;
+ }
+
+ location /stats/ {
+ alias /srv/rebuilderd/riscv64/stats/ ;
+ disable_symlinks off;
+ autoindex on;
+ index index.html;
+ }
+
+ }
+
server {
server_name reproduce.debian.net;
ssi on;
=====================================
hosts/osuosl5-amd64/opt/etc/rebuilderd-riscv64.conf
=====================================
@@ -0,0 +1,40 @@
+## Configuration for http daemon
+[http]
+## The address to bind to. This is 127.0.0.1:8484 by default.
+bind_addr = "127.0.0.1:8488"
+## If you use a reverse proxy, use this header instead of the actual connecting ip.
+## Make sure the reverse proxy has filters in place to prevent spoofing issues.
+#real_ip_header = "X-Real-IP"
+## Set a default endpoint for rebuildctl. This is especially useful for the sync timer.
+#endpoint = "http://127.0.0.1:8484"
+
+## A random cookie for administration is generated at startup and written to /var/lib/rebuilderd/auth-cookie
+## You can set this to a fixed value here. Use `pwgen -1s 32` to generate one.
+## rebuildctl is searching for this cookie in ~/.config/rebuilderd.conf, /etc/rebuilderd.conf and
+## /var/lib/rebuilderd/auth-cookie in that order.
+#[auth]
+#cookie = "INSECURE"
+
+## The auth cookie above is only used for the default endpoint.
+## You can use different endpoints with `rebuildctl -H https://rebuilder.example.com status`,
+## In that case you need to configure a section below if you want to attach a cookie.
+#[endpoints."https://rebuilder.example.com"]
+#cookie = "INSECURE"
+
+## IMPORTANT: in production, make sure either `authorized_workers` or `signup_secret` is configured.
+[worker]
+## If we have a fixed set of workers we can allow-list the keys here.
+#authorized_workers = ["key1", "key2"]
+## If we want to spawn new workers dynamically we can configure a sign up secret below.
+## Use `pwgen -1s 32` to generate one.
+signup_secret = "INSECURE"
+
+#[schedule]
+## Configure the delay to automatically retry failed rebuilds in hours. The
+## default is 24h, this base is multiplied with the number of rebuilds, so the
+## first retry would happen after 24h, the second retry would happen 48h after the
+## first retry and the third retry would happen 72h after the second retry. There
+## is no upper limit of retries, if you can't afford frequent retries it's
+## recommended to set this to a high value like 168 (1 week) or higher.
+## Successful rebuilds are not retried.
+#retry_delay_base = 24
=====================================
hosts/osuosl5-amd64/opt/etc/rebuilderd-sync-riscv64.conf
=====================================
@@ -0,0 +1,53 @@
+## rebuild all of archlinux core
+[profile."archlinux-core"]
+distro = "archlinux"
+suite = "core"
+architectures = ["x86_64"]
+source = "https://ftp.halifax.rwth-aachen.de/archlinux/$repo/os/$arch"
+
+## rebuild community packages of specific maintainers, or allow-list packages by name.
+## If no filter is set, all packages are imported, if both filters are set the package only
+## has to match one of them to be included.
+#[profile."archlinux-community"]
+#distro = "archlinux"
+#suite = "community"
+#architectures = ["x86_64"]
+#source = "https://ftp.halifax.rwth-aachen.de/archlinux/$repo/os/$arch"
+#maintainers = ["somebody"]
+#pkgs = ["some-pkg", "python-*"]
+#excludes = ["tensorflow*"]
+
+[profile."debian-main"]
+distro = "debian"
+suite = "main"
+architectures = ["riscv64"]
+#releases = ["buster", "sid"]
+releases = ["trixie"]
+source = "http://deb.debian.org/debian"
+
+[profile."debian-anarchism"]
+distro = "debian"
+suite = "main"
+architectures = ["amd64"]
+releases = ["sid"]
+pkgs = ["anarchism"]
+source = "http://deb.debian.org/debian"
+
+# a set of packages to test certain edge-cases
+[profile."debian-misc"]
+distro = "debian"
+suite = "main"
+architectures = ["amd64"]
+releases = ["sid"]
+pkgs = ["anarchism", "binutils-arm-none-eabi", "libglib2.0-bin", "libglib2.0-dev", "sniffglue", "librust-sniffglue-dev", "dfrs", "librust-dfrs-dev"]
+source = "http://deb.debian.org/debian"
+
+[profile."tails"]
+distro = "tails"
+suite = "stable"
+source = "https://mirrors.wikimedia.org/tails/"
+
+[profile."tails-alpha"]
+distro = "tails"
+suite = "alpha"
+source = "https://mirrors.wikimedia.org/tails/"
=====================================
hosts/osuosl5-amd64/var/www/html/index_amd64.html
=====================================
@@ -199,6 +199,7 @@
/ <a href="https://arm64.reproduce.debian.net">arm64</a>
/ <a href="https://armhf.reproduce.debian.net">armhf</a>
/ <a href="https://i386.reproduce.debian.net">i386</a>
+ / <a href="https://riscv64.reproduce.debian.net">riscv64</a>
<br/>
<a href="/stats/">Statistics about BAD packages</a> on amd64.
<br/>
=====================================
hosts/osuosl5-amd64/var/www/html/index_arm64.html
=====================================
@@ -199,6 +199,7 @@
/ arm64
/ <a href="https://armhf.reproduce.debian.net">armhf</a>
/ <a href="https://i386.reproduce.debian.net">i386</a>
+ / <a href="https://riscv64.reproduce.debian.net">riscv64</a>
<br/>
<a href="/stats/">Statistics about BAD packages</a> on arm64.
<br/>
=====================================
hosts/osuosl5-amd64/var/www/html/index_armhf.html
=====================================
@@ -199,6 +199,7 @@
/ <a href="https://arm64.reproduce.debian.net">arm64</a>
/ armhf
/ <a href="https://i386.reproduce.debian.net">i386</a>
+ / <a href="https://riscv64.reproduce.debian.net">riscv64</a>
<br/>
<a href="/stats/">Statistics about BAD packages</a> on armhf.
<br/>
=====================================
hosts/osuosl5-amd64/var/www/html/index_i386.html
=====================================
@@ -199,6 +199,7 @@
/ <a href="https://arm64.reproduce.debian.net">arm64</a>
/ <a href="https://armhf.reproduce.debian.net">armhf</a>
/ i386
+ / <a href="https://riscv64.reproduce.debian.net">riscv64</a>
<br/>
<a href="/stats/">Statistics about BAD packages</a> on i386.
<br/>
=====================================
hosts/osuosl5-amd64/var/www/html/index_riscv64.html
=====================================
@@ -0,0 +1,222 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <title>
+ riscv64.reproduce.debian.net - trixie (arch:riscv64)
+ </title>
+ <style>
+ body {
+ font-family: sans-serif;
+ font-size: 18pt;
+ }
+ h1 {
+ font-size: 24pt;
+ }
+ h3 {
+ font-size: 18pt;
+ }
+
+ #search-results {
+ margin: 18pt 0;
+ }
+
+ pre {
+ margin: 0;
+ }
+
+ #search-results pre {
+ margin: 12pt 0;
+ }
+
+ .status {
+ font-weight: bold;
+ }
+
+ .good {
+ color: green;
+ }
+
+ .bad {
+ color: red;
+ }
+
+ .unknown {
+ color: #957fff;
+ }
+
+ footer {
+ font-size: 12pt;
+ margin: 30pt 0;
+ }
+ </style>
+ <script>
+ document.addEventListener('DOMContentLoaded', function() {
+ // package search
+ function spanWith(text) {
+ let s = document.createElement('span');
+ s.textContent = text;
+ return s;
+ }
+
+ function linkTo(href, text) {
+ let a = document.createElement('a');
+ a.href = href;
+ a.textContent = text;
+ return a;
+ }
+
+ function searchPkgs(query) {
+ let div = document.getElementById('search-results');
+ let url = '/api/v0/pkgs/list?' + new URLSearchParams({
+ name: query,
+ distro: 'debian',
+ });
+ fetch(url)
+ .then(response => response.json())
+ .then(data => {
+ // clear children
+ div.innerHTML = '';
+
+ data.map(pkg => {
+ let build_id = pkg.build_id;
+ let r = document.createElement('pre');
+
+ r.appendChild(spanWith('['));
+ let status = pkg['status'];
+ let statusSpan = spanWith(status);
+ statusSpan.className += ' status';
+ if (status == 'GOOD') {
+ statusSpan.className += ' good';
+ } else if (status == 'BAD') {
+ statusSpan.className += ' bad';
+ } else {
+ statusSpan.className += ' unknown';
+ }
+ r.appendChild(statusSpan);
+ r.appendChild(spanWith(`] ${pkg['name']} ${pkg['version']}\t\t`));
+
+ if (build_id) {
+ r.appendChild(spanWith(' ['));
+ r.appendChild(linkTo(`/api/v0/builds/${build_id}/log`, 'log'));
+ r.appendChild(spanWith(']'));
+ }
+
+ if (pkg.has_attestation) {
+ r.appendChild(spanWith(' ['));
+ r.appendChild(linkTo(`/api/v0/builds/${build_id}/attestation`, 'attestation'));
+ r.appendChild(spanWith(']'));
+ }
+
+ if (pkg.has_diffoscope) {
+ r.appendChild(spanWith(' ['));
+ r.appendChild(linkTo(`/api/v0/builds/${build_id}/diffoscope`, 'diffoscope'));
+ r.appendChild(spanWith(']'));
+ }
+
+ div.appendChild(r);
+ });
+ });
+ }
+
+ if (location.hash) {
+ searchPkgs(location.hash.substr(1));
+ }
+
+ document.getElementById('search').addEventListener('submit', function(e) {
+ e.preventDefault();
+ let query = document.getElementById('search-query').value;
+ location.href = `#${query}`;
+ searchPkgs(query);
+ });
+
+ // display stats
+ function updateStats(data) {
+ let div = document.getElementById('stats');
+ // clear children
+ div.innerHTML = '';
+ // add rows
+ data.map(row => {
+ let r = document.createElement('pre');
+ let key = row[0] + ': ';
+ r.textContent = key.padEnd(20) + row[1];
+ div.appendChild(r);
+ });
+ }
+
+ function fetchStats() {
+ fetch('/api/v0/dashboard')
+ .then(response => response.json())
+ .then(data => {
+ let div = document.getElementById('stats');
+ let main = data['suites']['main'];
+
+ let good = main['good'];
+ let bad = main['bad'];
+ let unknown = main['unknown'];
+
+ updateStats([
+ ['good', good],
+ ['bad', bad],
+ ['unknown', unknown],
+ ['build progress', (100 / (good + unknown + bad) * (good + bad)).toFixed(2) + '%'],
+ ['repro', (100 / (good + bad) * good).toFixed(2) + '%'],
+ ]);
+ });
+ }
+
+ setInterval(fetchStats, 60 * 1000);
+ fetchStats();
+ });
+ </script>
+ </head>
+ <body>
+ <img src="/stats/rb.png" align="right">
+ <h1>
+ riscv64.reproduce.debian.net
+ </h1>
+ <h3>
+ trixie (arch:riscv64)
+ </h3>
+
+ <div id="stats">Loading stats...</div>
+
+ <div>
+ <h3>Binary package search</h3>
+ <form id="search">
+ <input type="text" id="search-query" placeholder="2ping">
+ <input type="submit" value="Search">
+ </form>
+ </div>
+ <div id="search-results">
+ </div>
+
+ <footer>
+ pew pew, <a href="https://github.com/kpcyrd/rebuilderd">rebuilderd</a> using <a href="https://tracker.debian.org/pkg/devscripts">debrebuild</a> (with <a href="https://tracker.debian.org/pkg/sbuild">sbuild+unshare</a> as backend) to reproduce what Debian distributes via <code><a href="https://deb.debian.org/debian/dists/">deb.debian.org</a></code>. ♥️
+ <br/>
+ <a href="https://reproduce.debian.net">https://reproduce.debian.net</a>
+ / <a href="https://amd64.reproduce.debian.net">amd64</a>
+ / <a href="https://arm64.reproduce.debian.net">arm64</a>
+ / <a href="https://armhf.reproduce.debian.net">armhf</a>
+ / <a href="https://i386.reproduce.debian.net">i386</a>
+ / riscv64
+ <br/>
+ <a href="/stats/">Statistics about BAD packages</a> on riscv64.
+ <br/>
+ <a href="/api/v0/pkgs/list">/api/v0/pkgs/list</a> (JSON)
+ <br/>
+ <code>
+ # How to judge your own systen:
+ <br/>
+ sudo apt install <a href="https://tracker.debian.org/rust-debian-repro-status">debian-repro-status</a> ; debian-repro-status
+ </code>
+ <br/>
+ <small>
+ <hr/>
+ This setup is in it's infancy, though by now everything except rebuilderd itself is in trixie. Still, please don't consider any URLs as stable here, and more to the point, especially don't take any numbers here seriously, unless...!?!
+ <br/>Oh, and in case you are wondering why we are doing this, then hopefully the <a href="https://reproducible-builds.org">Reproducible Builds website</a> will explain why this is useful.
+ <!--#config timefmt="%Y-%m-%d" --><br/>Static content last modified: <!--#echo var="date_gmt" -->
+ </small>
+ </footer>
+ </body>
+</html>
=====================================
hosts/osuosl5-amd64/var/www/html/rdn_index.html
=====================================
@@ -67,6 +67,8 @@
<br/>
<a href="https://i386.reproduce.debian.net/">i386.reproduce.debian.net</a> rebuilds trixie (arch:i386).
<br/>
+ <a href="https://riscv64.reproduce.debian.net/">riscv64.reproduce.debian.net</a> rebuilds trixie (arch:riscv64).
+ <br/>
coming soon: unstable/arm64, then...
<br/>
<br/>
=====================================
hosts/osuosl5-amd64/var/www/html/rebuilderd-setup.html
=====================================
@@ -141,6 +141,13 @@ while true ; do env REBUILDERD_COOKIE_PATH=~/.local/share/rebuilderd-auth-cookie
cd ; mkdir -p arm64 ; cd arm64 ; /opt/usr/bin/rebuilderd -c /opt/etc/rebuilderd-arm64.conf
while true ; do env REBUILDERD_COOKIE_PATH=~/.local/share/rebuilderd-auth-cookie /opt/usr/bin/rebuildctl -H http://127.0.0.1:8486 pkgs sync-profile --sync-config /opt/etc/rebuilderd-sync-arm64.conf debian-main --print-json | jq '.[] | select(.architecture != "all")' | jq -s | env REBUILDERD_COOKIE_PATH=~/.local/share/rebuilderd-auth-cookie /opt/usr/bin/rebuildctl -H http://127.0.0.1:8486 pkgs sync-stdin debian main ; echo sleeping 3h now ; sleep 3h ; done
+cd ; mkdir -p armhf ; cd armhf ; /opt/usr/bin/rebuilderd -c /opt/etc/rebuilderd-armhf.conf
+while true ; do env REBUILDERD_COOKIE_PATH=~/.local/share/rebuilderd-auth-cookie /opt/usr/bin/rebuildctl -H http://127.0.0.1:8487 pkgs sync-profile --sync-config /opt/etc/rebuilderd-sync-armhf.conf debian-main --print-json | jq '.[] | select(.architecture != "all")' | jq -s | env REBUILDERD_COOKIE_PATH=~/.local/share/rebuilderd-auth-cookie /opt/usr/bin/rebuildctl -H http://127.0.0.1:8487 pkgs sync-stdin debian main ; echo sleeping 3h now ; sleep 3h ; done
+
+cd ; mkdir -p riscv64 ; cd riscv64 ; /opt/usr/bin/rebuilderd -c /opt/etc/rebuilderd-riscv64.conf
+while true ; do env REBUILDERD_COOKIE_PATH=~/.local/share/rebuilderd-auth-cookie /opt/usr/bin/rebuildctl -H http://127.0.0.1:8488 pkgs sync-profile --sync-config /opt/etc/rebuilderd-sync-riscv64.conf debian-main --print-json | jq '.[] | select(.architecture != "all")' | jq -s | env REBUILDERD_COOKIE_PATH=~/.local/share/rebuilderd-auth-cookie /opt/usr/bin/rebuildctl -H http://127.0.0.1:8488 pkgs sync-stdin debian main ; echo sleeping 3h now ; sleep 3h ; done
+
+
with rebuilderd-worker from trixie:
rebuilderd-worker -c /opt/etc/rebuilderd-worker.conf connect
=====================================
update_jdn.sh
=====================================
@@ -739,7 +739,7 @@ if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "ionos7-amd64" ] || [ "$HOSTNA
fi
# set secret for remote rebuilderd-workers
case $HOSTNAME in
- osuosl5*) for a in i386 arm64 armhf ; do
+ osuosl5*) for a in i386 arm64 armhf riscv64 ; do
SIGNUPSECRET="$(sudo cat /opt/etc/rebuilderd-${a}.secret)"
f=rebuilderd-${a}.conf
if [ -f /opt/etc/$f ] ; then
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/6f78d2dacc2a5e89c370f3dbdbd04becae6ae425
--
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/6f78d2dacc2a5e89c370f3dbdbd04becae6ae425
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20250123/a29c7dbf/attachment-0001.htm>
More information about the Qa-jenkins-scm
mailing list