alex/bcachefs-tools
1
0
Fork 0
mirror of https://github.com/koverstreet/bcachefs-tools.git synced 2025-12-08 00:00:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Merge pull request #458 from LebedevRI/obs

Browse Source 
Open Build Service integration
This commit is contained in:
koverstreet 2025-10-13 16:39:30 -04:00 committed by GitHub
commit 1f990548a2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 375 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/deb-buildd.yml vendored
View File

@ -29,6 +29,8 @@ on:
jobs:
linux:
runs-on: ${{ inputs.runs-on }}
env:
CONTAINER_DISTRO: trixie
permissions:
id-token: write
contents: read
@ -79,7 +81,7 @@ jobs:
shell: sudo eatmydata sh "{0}"
run: |
set -xe
export IMAGE=debian:unstable-slim
export IMAGE=debian:${{ env.CONTAINER_DISTRO }}-slim
podman pull ${IMAGE}
podman run \
--name container \
@ -120,7 +122,9 @@ jobs:
rm -rf /var/lib/apt/lists/*
rm -rf /etc/apt/sources.list*
tee /etc/apt/sources.list > /dev/null <<EOT
deb http://deb.debian.org/debian unstable main
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }} main
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }}-updates main
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }}-backports main
EOT
apt update
apt install eatmydata

16
.github/workflows/deb-orchestrator.yml vendored
View File

@ -26,6 +26,22 @@ jobs:
secrets:
GPG_SECRET_SUBKEYS: ${{ secrets.GPG_SECRET_SUBKEYS }}
GPG_SIGNING_SUBKEY_FINGERPRINT: ${{ secrets.GPG_SIGNING_SUBKEY_FINGERPRINT }}
obs:
needs: source-only
if: github.event_name != 'pull_request' && (github.ref_type == 'tag' || (github.ref_type == 'branch' && github.ref_name == 'master'))
uses: ./.github/workflows/obs.yml
with:
deb-src-artifact-id: ${{ needs.source-only.outputs.deb-src-artifact-id }}
runs-on: "ubuntu-24.04"
arch: amd64
dist-name: debian
dist-version: unstable
secrets:
GPG_SECRET_SUBKEYS: ${{ secrets.GPG_SECRET_SUBKEYS }}
GPG_SIGNING_SUBKEY_FINGERPRINT: ${{ secrets.GPG_SIGNING_SUBKEY_FINGERPRINT }}
GPG_AUTH_SUBKEY_KEYGRIP: ${{ secrets.GPG_AUTH_SUBKEY_KEYGRIP }}
OBS_SNAPSHOT_REPO_URL: ${{ secrets.OBS_SNAPSHOT_REPO_URL }}
OBS_RELEASE_REPO_URL: ${{ secrets.OBS_RELEASE_REPO_URL }}
buildd:
needs: source-only
permissions:

16
.github/workflows/deb-publish.yml vendored
View File

@ -21,6 +21,7 @@ jobs:
concurrency: apt.bcachefs.org
runs-on: ${{ inputs.runs-on }}
env:
CONTAINER_DISTRO: trixie
SUITE: ${{ (github.event_name == 'push' && github.ref_type == 'tag') && 'release' || 'snapshot' }}
steps:
- name: Configure baseline system
@ -61,7 +62,7 @@ jobs:
shell: sudo eatmydata sh "{0}"
run: |
set -xe
export IMAGE=debian:unstable-slim
export IMAGE=debian:${{ env.CONTAINER_DISTRO }}-slim
podman pull ${IMAGE}
podman run \
--name container \
@ -102,7 +103,9 @@ jobs:
rm -rf /var/lib/apt/lists/*
rm -rf /etc/apt/sources.list*
tee /etc/apt/sources.list > /dev/null <<EOT
deb http://deb.debian.org/debian unstable main
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }} main
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }}-updates main
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }}-backports main
EOT
apt update
apt install eatmydata
@ -111,7 +114,6 @@ jobs:
aptly \
devscripts \
gettext-base \
git \
gnupg \
openssh-client \
pandoc \
@ -155,11 +157,6 @@ jobs:
tee -a ~/.devscripts > /dev/null <<EOT
DEBSIGN_KEYID=${{ secrets.GPG_SIGNING_SUBKEY_FINGERPRINT }}
EOT
- name: Fetch our git repository
timeout-minutes: 1
uses: actions/checkout@v4
with:
path: 'bcachefs-tools'
- name: Ensure that the download directory does not exist
timeout-minutes: 1
run: |
@ -274,7 +271,8 @@ jobs:
if [ "${{ (github.event_name == 'push' && github.ref_type == 'branch' && github.ref_name == 'master') && 'true' || 'false' }}" = "true" ]; then
export GPG_SIGNING_SUBKEY_FINGERPRINT=${{ secrets.GPG_SIGNING_SUBKEY_FINGERPRINT }}
mkdir -p "$PUBLIC_ROOT/.footer"
envsubst < "${{ github.workspace }}/bcachefs-tools/doc/apt.bcachefs.org-README.md" | \
tar -xvf "${{ github.workspace }}/incoming/src-artifacts"/*.tar.xz -C "${{ github.workspace }}" --wildcards '*/doc/apt.bcachefs.org-README.md' --strip-components=2
envsubst < "${{ github.workspace }}/apt.bcachefs.org-README.md" | \
pandoc --from=markdown --to=html --output="$PUBLIC_ROOT/.footer/README"
tee "$PUBLIC_ROOT/.footer/README.html" <<EOT
<!--# block name="empty" --><!--# endblock -->

8
.github/workflows/deb-reprotest.yml vendored
View File

@ -23,6 +23,8 @@ on:
jobs:
linux:
runs-on: ${{ inputs.runs-on }}
env:
CONTAINER_DISTRO: trixie
permissions:
id-token: write
contents: read
@ -67,7 +69,7 @@ jobs:
shell: sudo eatmydata sh "{0}"
run: |
set -xe
export IMAGE=debian:unstable-slim
export IMAGE=debian:${{ env.CONTAINER_DISTRO }}-slim
podman pull ${IMAGE}
podman run \
--name container \
@ -109,7 +111,9 @@ jobs:
rm -rf /var/lib/apt/lists/*
rm -rf /etc/apt/sources.list*
tee /etc/apt/sources.list > /dev/null <<EOT
deb http://deb.debian.org/debian unstable main
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }} main
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }}-updates main
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }}-backports main
EOT
apt update
apt install eatmydata

7
.github/workflows/deb-src.yml vendored
View File

@ -15,6 +15,7 @@ jobs:
linux:
runs-on: ${{ inputs.runs-on }}
env:
CONTAINER_DISTRO: trixie
RUST_VERSION: 1.89.0
DEBFULLNAME: apt.bcachefs.org CI bot
DEBEMAIL: linux-bcachefs@vger.kernel.org
@ -59,7 +60,7 @@ jobs:
shell: sudo eatmydata sh "{0}"
run: |
set -xe
export IMAGE=debian:unstable-slim
export IMAGE=debian:${{ env.CONTAINER_DISTRO }}-slim
podman pull ${IMAGE}
podman run \
--name container \
@ -99,7 +100,9 @@ jobs:
rm -rf /var/lib/apt/lists/*
rm -rf /etc/apt/sources.list*
tee /etc/apt/sources.list > /dev/null <<EOT
deb http://deb.debian.org/debian unstable main
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }} main
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }}-updates main
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }}-backports main
EOT
apt update
apt install eatmydata

293
.github/workflows/obs.yml vendored Normal file
View File

@ -0,0 +1,293 @@
on:
workflow_call:
inputs:
deb-src-artifact-id:
required: true
type: string
runs-on:
required: true
type: string
arch:
required: true
type: string
dist-name:
required: true
type: string
dist-version:
required: true
type: string
secrets:
GPG_SECRET_SUBKEYS:
required: true
GPG_SIGNING_SUBKEY_FINGERPRINT:
required: true
GPG_AUTH_SUBKEY_KEYGRIP:
required: true
OBS_SNAPSHOT_REPO_URL:
required: true
OBS_RELEASE_REPO_URL:
required: true
jobs:
linux:
runs-on: ${{ inputs.runs-on }}
env:
CONTAINER_DISTRO: trixie
DEBFULLNAME: apt.bcachefs.org CI bot
DEBEMAIL: linux-bcachefs@vger.kernel.org
SUITE: ${{ (github.event_name == 'push' && github.ref_type == 'tag') && 'RELEASE' || 'SNAPSHOT' }}
steps:
- name: Configure baseline system
timeout-minutes: 1
id: init
shell: sudo sh "{0}"
run: |
set -xe
mount -t tmpfs tmpfs ${{ github.workspace }}
echo "set man-db/auto-update false" | debconf-communicate
dpkg-reconfigure man-db
mkdir -p /etc/apt/apt.conf.d
mkdir -p /etc/dpkg/dpkg.cfg.d
tee /etc/apt/apt.conf.d/99gh > /dev/null <<EOT
APT::ExtractTemplates::TempDir "/tmp/apt/temp";
Acquire::Retries "10";
APT::Install-Recommends "false";
APT::Install-Suggests "false";
APT::Get::Assume-Yes "true";
APT::Get::Fix-Missing "true";
EOT
tee /etc/dpkg/dpkg.cfg.d/99gh > /dev/null <<EOT
force-unsafe-io
force-confdef
EOT
rm -rf /var/lib/apt/lists/*
rm -rf /etc/apt/sources.list*
tee /etc/apt/sources.list > /dev/null <<EOT
deb http://archive.ubuntu.com/ubuntu noble main universe
EOT
apt update
apt install eatmydata
eatmydata apt install \
podman \
;
apt clean
- name: Start the container
timeout-minutes: 1
shell: sudo eatmydata sh "{0}"
run: |
set -xe
export IMAGE=debian:${{ env.CONTAINER_DISTRO }}-slim
podman pull ${IMAGE}
podman run \
--name container \
--image-volume=tmpfs \
--tmpfs=/run \
--tmpfs=/tmp \
--tmpfs=/var/tmp \
--tmpfs=/var/lib/schroot/union/overlay \
--volume=/home/runner:/home/runner \
--volume=${{ github.workspace }}:${{ github.workspace }} \
--privileged \
--cap-add=SYS_ADMIN \
--security-opt=apparmor:unconfined \
--interactive \
--tty \
--detach \
${IMAGE} \
/usr/bin/sh \
;
- name: Install necessary packages
timeout-minutes: 1
shell: sudo podman exec --interactive --tty container sh "{0}"
run: |
set -xe
mkdir -p /etc/apt/apt.conf.d
mkdir -p /etc/dpkg/dpkg.cfg.d
tee /etc/apt/apt.conf.d/99gh > /dev/null <<EOT
APT::ExtractTemplates::TempDir "/tmp/apt/temp";
Acquire::Retries "10";
APT::Install-Recommends "false";
APT::Install-Suggests "false";
APT::Get::Assume-Yes "true";
APT::Get::Fix-Missing "true";
EOT
tee /etc/dpkg/dpkg.cfg.d/99gh > /dev/null <<EOT
force-unsafe-io
force-confdef
EOT
rm -rf /var/lib/apt/lists/*
rm -rf /etc/apt/sources.list*
tee /etc/apt/sources.list > /dev/null <<EOT
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }} main
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }}-updates main
deb http://deb.debian.org/debian ${{ env.CONTAINER_DISTRO }}-backports main
EOT
apt update
apt install eatmydata
eatmydata apt full-upgrade
eatmydata apt install \
ca-certificates \
curl \
git \
git-lfs \
gnupg \
openssh-client \
tar \
xz-utils \
zip \
;
apt clean
USER=`whoami`
usermod --add-subuids 100000-165535 --add-subgids 100000-165535 $USER
- name: Import/Configure GPG
timeout-minutes: 1
id: gpg
if: github.event_name != 'pull_request'
shell: sudo podman exec --interactive --tty container eatmydata sh "{0}"
run: |
set -xe
gpg --import <<EOT
${{ secrets.GPG_SECRET_SUBKEYS }}
EOT
set -xe
gpg \
--output /etc/apt/trusted.gpg.d/apt.bcachefs.org.asc \
--armor \
--export \
${{ secrets.GPG_SIGNING_SUBKEY_FINGERPRINT }} \
;
rm -f ~/.gnupg/trustedkeys.gpg
gpg \
--no-default-keyring \
--keyring ~/.gnupg/trustedkeys.gpg \
--import \
/etc/apt/trusted.gpg.d/apt.bcachefs.org.asc \
;
- name: Ensure that the download directory does not exist
timeout-minutes: 1
run: |
set -xe
rm -rf "${{ github.workspace }}/deb-src"
- name: Download source-only .deb to be built
timeout-minutes: 1
uses: actions/download-artifact@v5
with:
artifact-ids: ${{ inputs.deb-src-artifact-id }}
path: deb-src
- name: Check attestation of all incoming artifact archives
timeout-minutes: 1
if: github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
run: |
set -xe
cd "${{ github.workspace }}/deb-src"
find . -type f -print0 | xargs --null -I'{}' sh -c " \
echo '::group::Attestation check for {}' && \
( \
gh attestation verify \
{} \
--repo ${{ github.repository }} \
--signer-repo ${{ github.repository }} \
--source-digest ${{ github.sha }} \
--signer-digest ${{ github.sha }} \
|| \
( \
echo '::error file={}::NOT ATTESTED!' && \
echo '::endgroup::' && \
exit 1 \
) \
) && \
echo 'ok.' && \
echo '::endgroup::' \
"
- name: Unpack the downloaded tarball
timeout-minutes: 1
shell: sudo podman exec --interactive --tty container eatmydata sh "{0}"
run: |
set -xe
cd "${{ github.workspace }}/deb-src"
tar -xf "${{ github.workspace }}/deb-src/artifact-src.tar"
rm "${{ github.workspace }}/deb-src/artifact-src.tar"
- name: Ensure that all incoming source artifacts are signed
timeout-minutes: 1
if: steps.gpg.conclusion != 'skipped'
shell: sudo podman exec --interactive --tty container eatmydata sh "{0}"
run: |
set -xe
cd "${{ github.workspace }}/deb-src"
find . -type f -not -iname '*.sig' -print0 | xargs --null -I'{}' sh -c " \
echo '::group::Signature check for {}' && \
( \
gpg --verbose --no-default-keyring --keyring ~/.gnupg/trustedkeys.gpg --verify {} || \
gpg --verbose --no-default-keyring --keyring ~/.gnupg/trustedkeys.gpg --verify {}.sig || \
( \
echo '::error file={}::NOT SIGNED!' && \
echo '::endgroup::' && \
exit 1 \
) \
) && \
echo 'ok.' && \
echo '::endgroup::' \
"
- name: Update OBS Repo
timeout-minutes: 1
shell: sudo podman exec --interactive --tty container eatmydata sh "{0}"
run: |
set -xe
git config --global user.email "${{ env.DEBFULLNAME }}"
git config --global user.name "${{ env.DEBEMAIL }}"
git config --global user.signingkey "${{ secrets.GPG_SIGNING_SUBKEY_FINGERPRINT }}"
git config --global commit.gpgsign true
git lfs install
mkdir -p ~/.ssh
echo "" >> ~/.ssh/config
echo "StrictHostKeyChecking=accept-new" >> ~/.ssh/config
echo "" >> ~/.gnupg/gpg-agent.conf
echo "enable-ssh-support" >> ~/.gnupg/gpg-agent.conf
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
gpg-connect-agent 'keyattr ${{ secrets.GPG_AUTH_SUBKEY_KEYGRIP }} Use-for-ssh: true' /bye
OBS_REPO_URL="${{ secrets[format('OBS_{0}_REPO_URL', env.SUITE)] }}"
OBS_REPO_DIR="${{ github.workspace }}/bcachefs-obs"
git clone "$OBS_REPO_URL" "$OBS_REPO_DIR"
cd "$OBS_REPO_DIR"
git config --global --add safe.directory .
git rm -rf --ignore-unmatch -- .
tee .gitattributes > /dev/null <<EOT
*.tar.xz filter=lfs diff=lfs merge=lfs -text
EOT
git add .gitattributes
cp /etc/apt/trusted.gpg.d/apt.bcachefs.org.asc apt.bcachefs.org.keyring
for suffix in .dsc .tar.xz .tar.xz.sig; do
cp "${{ github.workspace }}/deb-src/"*$suffix .
done
tee dkms-bcachefs.rpmlintrc > /dev/null <<EOT
addFilter("dkms-bcachefs.noarch: E: devel-file-in-non-devel-package")
EOT
tar -xvf *.tar.xz -C "$OBS_REPO_DIR" --wildcards '*/bcachefs-tools.spec' --strip-components=1
tar -xvf *.tar.xz -C "$OBS_REPO_DIR" --wildcards '*/debian/cargo.config' --strip-components=2
rm -f "${{ github.workspace }}/_service"
tee -a "${{ github.workspace }}/_service" > /dev/null <<EOT
<services>
<service name="set_version" mode="buildtime" />
EOT
for FILENAME in *; do
CHECKSUM="$(sha256sum "$FILENAME" | awk '{print $1}')"
tee -a "${{ github.workspace }}/_service" > /dev/null <<EOT
<service name="verify_file">
<param name="file">$FILENAME</param>
<param name="verifier">sha256</param>
<param name="checksum">$CHECKSUM</param>
</service>
EOT
done
tee -a "${{ github.workspace }}/_service" > /dev/null <<EOT
</services>
EOT
mv "${{ github.workspace }}/_service" "$OBS_REPO_DIR"
VER="$(basename --suffix=.tar.xz $(ls *.tar.xz))"
git add .
git commit --message="Update to $VER"
git push

50
bcachefs-tools.spec
View File

@ -17,10 +17,12 @@
Name: bcachefs-tools
# define with i.e. --define '_version 1.0'
Version: %{_version}
Version: 0%{?_version}
Release: 0%{?dist}
Summary: Userspace tools for bcachefs
%global MSRV 1.77
# --- rust ---
# Apache-2.0
# Apache-2.0 OR MIT
@ -36,24 +38,36 @@ Summary: Userspace tools for bcachefs
# BSD-3-Clause
License: GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-only AND BSD-3-Clause AND (Apache-2.0 AND (Apache-2.0 OR MIT) AND (Apache-2.0 with LLVM-exception OR Apache-2.0 OR MIT) AND MIT AND MPL-2.0 AND (Unlicense OR MIT))
URL: https://bcachefs.org/
%if 0%{?_version} == 0
Source: bcachefs-tools_%{version}.tar.xz
Source1: bcachefs-tools_%{version}.tar.xz.sig
Source2: apt.bcachefs.org.keyring
Source3: cargo.config
Source99: %{dkmsname}.rpmlintrc
%else
Source: https://evilpiepirate.org/%{name}/%{name}-vendored-%{version}.tar.zst
%endif
BuildRequires: findutils
BuildRequires: gcc
BuildRequires: jq
BuildRequires: make
BuildRequires: tar
BuildRequires: zstd
BuildRequires: cargo
%if 0%{?suse_version}
BuildRequires: rust
%if 0%{?_version} == 0
BuildRequires: xz
%else
BuildRequires: rustc
BuildRequires: zstd
%endif
BuildRequires: libaio-devel
BuildRequires: cargo >= %{MSRV}
%if 0%{?suse_version}
BuildRequires: rust >= %{MSRV}
%else
BuildRequires: rustc >= %{MSRV}
%endif
BuildRequires: libaio-devel >= 0.3.111
BuildRequires: libattr-devel
BuildRequires: pkgconfig(blkid)
BuildRequires: pkgconfig(fuse3) >= 3.7
@ -61,7 +75,7 @@ BuildRequires: pkgconfig(libkeyutils)
BuildRequires: pkgconfig(liblz4)
BuildRequires: pkgconfig(libsodium)
BuildRequires: pkgconfig(libudev)
BuildRequires: pkgconfig(liburcu)
BuildRequires: pkgconfig(liburcu) >= 0.15
BuildRequires: pkgconfig(libzstd)
BuildRequires: pkgconfig(udev)
BuildRequires: pkgconfig(uuid)
@ -161,11 +175,25 @@ fi
%build
%if 0%{?_version} == 0
export CARGO_HOME=$PWD/.cargo
export CARGO_ARGS="--frozen"
rm -rf $PWD/.cargo
mkdir -p $PWD/.cargo
cp %{_sourcedir}/cargo.config $PWD/.cargo/config.toml
%endif
%set_build_flags
%make_build %{make_opts}
%install
%if 0%{?_version} == 0
export CARGO_HOME=$PWD/.cargo
export CARGO_ARGS="--frozen"
rm -rf $PWD/.cargo
mkdir -p $PWD/.cargo
cp %{_sourcedir}/cargo.config $PWD/.cargo/config.toml
%endif
%set_build_flags
%make_install %{make_opts}
@ -174,5 +202,7 @@ rm -rfv %{buildroot}/%{_datadir}/initramfs-tools
%changelog
* Sun Oct 12 2025 Roman Lebedev <lebedev.ri@gmail.com>
- OBS support
* Sat Sep 27 2025 Neal Gompa <neal@gompa.dev>
- Initial package based on Fedora package

2
debian/control vendored
View File

@ -9,7 +9,7 @@ Build-Depends: debhelper-compat (= 13),
dh-dkms,
gcc:native,
jq,
libaio-dev,
libaio-dev (>= 0.3.111),
libblkid-dev,
libclang-dev:native,
libfuse3-dev,

2
debian/gbp.conf vendored
View File

@ -4,7 +4,7 @@ upstream-tag = v%(version)s
ignore-branch = True
cleaner =
export-dir = ../bcachefs-tools-deb-export-dir
postexport = cargo vendor-filterer
postexport = cargo vendor-filterer --versioned-dirs
compression = xz
compression-level = 9