i386-5-latest that are linked to from the index.html are symlinks to
dated directories (e.5.`date`), so the URLs in the error reports will
expire with the start of the next build when the symlink is repointed.
This change makes the URLs in the error reports use the realpath of
the target file, so they do not expire.
* Clients no longer have ssh access to the master, so we need to
push/pull everything on the client from here. This means we need to
know where the build took place so we can go in and get the files
after it finishes. Introduce the claim-chroot script which
atomically claims a free chroot directory on the host and returns
the name. This directory is later populated by the portbuild script
if it does not already contain an extracted bindist.
* Use the per-node portbuild.$(hostname) config file to decide where
in the filesystem to claim the chroot on the build host.
* If a port failed unexpectedly (i.e. is not marked BROKEN), or if
something strange happened when trying to pull in build results from
a client, then send me email (XXX should be configurable).
* Clean up after the build finishes and we have everything we need, by
dispatching the clean-chroot script on the client.
if requested (".keep" file in the port directory), no matter where
we fail.
* Add package dependencies before the corresponding build stage
(e.g. FETCH_DEPENDS before 'make fetch'), and remove them again
afterwards. This allows us to catch ports that list their
dependencies too early/late.
* No need to check for set[ug]id files here, the security-check target
in bsd.port.mk does it for us.
* Exclude some more directories and files from showing up in the mtree
before/after comparison, to trim down the false-positive in the
pkg-plist check.
* Other minor changes
it's done properly^Wbetter in makeparallel
* Script accepts new arguments:
-nodoccvs: skip cvs update of the doc tree
-trybroken: try to build BROKEN ports (off by default because the
i386 cluster is fast enough now that when doing incremental builds we
were spending most of the time rebuilding things we know are probably
going to fail anyway. Conversely, the other clusters are slow enough
that we also usually don't want to waste time on BROKEN ports).
-incremental: compare the interesting fields of the new INDEX with
the previous one, remove packages and log files for the old ports that
have changed, and rebuild the rest. This substantially cuts down on
build times since we don't rebuild ports that we know have not
changed. XXX checkpoint of work-in-progress, not yet working as
committed.
* When setting up the nodes, read in per-node config files
("portbuild.$(hostname)") before dispatching the setupnode script on
each node. For disconnected nodes (which don't mount the master via
NFS), we also rsync the interesting files required by the builds
(ports/src/doc trees, bindist tarballs, scripts) into place on the
client. They will be mounted locally via nullfs in the build chroots.
* Break out the restricted.sh generation into a makerestr script so it
can be called manually as needed.
* Remove the -nocvsup argument which has been unused for a long time.
* For now, don't prune the list of failed ports with prunefail,
since when -trybroken is not specified, every BROKEN port ends up in
the duds file (so the build is skipped), and as a result we would
prune almost everything from the list of failed ports. XXX
prunefailure should be run conditionally on -trybroken, or I should
find a way to prune in both cases.
* Don't run index in the background, it was thrashing against makeduds
and not saving any time by doing it concurrently.
* Build with 'make quickports all' to kick off the quickports builds
earlier.
* Delete restricted and/or cdrom distfiles *after* post-processing the
distfiles, otherwise the script doesn't remove any of them since
they're not in the expected place.
* Miscellaneous other minor changes and cleanups
tells us whether the node has NFS access to the master.
* Also copy the bindist-$(hostname).tar file to allow local
customization of the build chroots (e.g. resolv.conf and make.conf
files for disconnected systems)
* For disconnected hosts, we don't copy the bindist files from the
master, but just set up the local directories and let the server rsync
them into place later. Also set up dangling symlinks to the bindist
files in the build area, which will be filled in by the server too (in
the NFS case it makes sense to cache the bindist files locally to
avoid extra NFS traffic, but here we know the file is local so a
symlink is fine)
* Remove an apparently spurious 'killall fetch' that snuck in for what
were probably transient reasons.
* Forcibly clean up old chroot directories since we are preparing to
start another build and don't want old (possibly orphaned) builds to
skew the job scheduling or use up resources.
host), specified by disconnected=1 in portbuild.$(hostname) file.
These do not mount via NFS, so we need to maintain a local copy of
things needed by the build (like the ports/src/doc trees) on the build
host, which are mounted into the chroot by read-only nullfs. These
local files are maintained in the dopackages script via rsync.
* Download packages via http instead of NFS. Allow fetching via a
local http proxy (http_proxy variable in per-node
portbuild.$(hostname) file). Caching package dependencies saves about
85% of package fetches and similar reduction in package fetch traffic
by byte count.
* Support a per-node tarball (bindist-$(hostname).tar) to customize
the build chroots. This is used for things like local resolv.conf and
make.conf files on disconnected nodes.
* Make sure we don't use a chroot until it is finished extracting.
* Don't set '.' in PATH; this is bad practise, and fortunately nothing
seems to rely on it.
* Only try to build broken packages if requested
* Try harder to unmount leftover linprocfs mounts in the chroot, by copying
in the 5.x mount binary and supporting libraries from the host system.
The 5.x mount is able to unmount by FSID in situations where the 4.x umount
becomes confused.
* Don't clean up when we are signalled, that is done by the build
master from outside.
* Suppress some code relating to jail builds, which are not yet ready
for use.
* Don't push results of the build back to the master; the master now
pulls them from the client when the build completes. Clients no
longer need ssh access into the master; this is good for security as
well as significantly reducing the load on the master since it is not
thrashed by dozens of sshd processes.
advantage is that here we know the value of PKGSUFFIX (.tgz/.tbz) for
the build via buildenv.
* Add a list of 'quickports', which are ports with long dependency chains
that we should kick off straight away to try and avoid bottlenecks later
on when most of the cluster idles waiting for one or two ports to build.
Ideally we'd build dependencies of these ports exclusively first and only
build other ports when we run out (i.e. a build slot becomes free), but I
couldn't work out how to do this. As a compromise, we now do
'make -k -j<#> quickports all' which doesn't give quite as high a
priority to the quickports (i.e. we also build other ports from the
beginning while there are quickport dependencies still to build), but is
better than nothing.
* Pass in the FETCH/EXTRACT/PATCH/BUILD/RUN_DEPENDS separately via env
variables when dispatching a job. This allows us to add and remove
the dependencies at the corresponding build stage to catch ports
with dependencies listed too early/late.
sure we don't try and schedule jobs on it even if all other machines are
busy
* Remove sleep in outer loop, this isn't needed or worthwhile now that there
are so many machines being monitored
for INDEX builds [1]
* Remove the parallel target from Makefile; this is heavily tied to
the package build cluster and can be better done in the makeparallel
script (commit to follow) [2]
* Extend the format of INDEX to separately list the
EXTRACT/PATCH/FETCH_DEPENDS instead of lumping them all in together
with BUILD_DEPENDS. The three new fields are appended to the end of
the record in that order. [2]
* Change BROKEN to IGNORE in BROKEN_WITH_MYSQL failure code [3]
* Support non-default PREFIX for perl 5.00503 [5]
* Use pkg_info -I instead of ls when searching for conflicts [6]
* Allow local customization of the port subdirectories by including
${.CURDIR}/Makefile.local in bsd.subdir.mk if it exists [7]
* Fix 'make search' when ${PORTSDIR} is a symlink to a directory name
containing extended regexp metacharacters [8]
Submitted by: linimon [1] [3], kris [2], lth [4], sem [5], eik [5] [6],
Roman Neuhauser <neuhauser@chello.cz> [7]
PR: 68299 [1], 67705 [3], 67264 [4], 59696 [5], 66568 [6],
68072 [7]
build locking, log files, and cleans things up if a build fails.
This script is the primary starting point for a package build. Symlinks
should be created in the form of dopackages.${branch} -> dopackages.wrapper
where ${branch} is currently one of 4, 4-exp, or 5. This script takes the
place of the unofficial (i.e. uncommitted) dopackages.steveX scripts.
Ok'd by: kris
Tested by: 4.10-RELEASE package build
- CC committers and maintainer [1]
- include affected ports in the subject line [2]
- do a CVS log of the version checked out [3]
Suggsted by: Ade Lovett <ade@FreeBSD.org> [1]
Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> [2]
Pav Lucistnik <pav@FreeBSD.org> [3]
You can even get notified of version changes in your favourite
perl modules by setting
WATCH_REGEX='p5-.*'
Plus, it has a nice configurable nagging option.
used in 20 minutes, as well as directories listed as 'in use' that have not been touched
in 24 hours (corresponding to port builds that have timed out or shut down uncleanly)
and prunes them to reclaim space. This is intended to be run as a cron job.
- Does not execute unknown commands nor call sh(1) at all.
- Does not overwrite existing files by default.
- Does not extract files into upper directories.
- Does have a dry run (-n) flag to see what would have been extracted.
- Does have a strip (-p N) flag to strip any number of levels from
pathnames.
It (so far) only supports shell archives made with BSD shar.
more accurate:
* The tests for "Cannot stat", "can't cd", and "tar command failed" are moved
to the bottom. This will sacrifice a little bit of performance for a gain
in accuracy
* The tests for "configuration errors" needed to be combined and tweaked to
better identify errors that are architecture-specific (usuallly the
"all pointers are ints" assumption)
* The detection of chown was buggy
* There were some duplicate test cases
* As an experiment, another test for dependency problems is added
PR: 61914
Submitted by: linimon
encountered again, nad having it in there slows performance. However,
I'm leaving it in the file in case a bad bindist slips back in, and it
becomes convenient to uncomment this for purposes of seeing what build
failures are cluster-related.
Requested by: kris
processonelog script, that contains all the per-errorlog logic [1]
* Add new error checks, one for detecting CPU problems, and the other for
checking for broken libgnugetopt support [2]
* Add a new "munmap" error type to check for broken bindists
* Add imake and pthread detection to processonelog [3]
* Add errortype column to the bento "New Build Failures" report [4]
PR: 50258 56859 [1]
54406 [2]
57067 [3]
59272 [4]
Submitted by: linimon [1] [2] [3] [4]
also print the exact location of the file to checkout.
This is for those who rarely adds new ports and do not remember the
location of Additional FreeBSD Contributors article.
Approved by: will
Perl before, sometimes we would word wrap too soon. Now we should never
generate a line more than 72 characters long (but as close to 72 characters
long as we can without breaking up a word).
Approved by: will (maintainer)
of master sites.
Before that %SUBDIR% was not expanded and the resulting URL was malformed.
L-o-o-o-ng maintainer timeout waiting for review of a slightly different
solution.
is full
* The newfailure file is no longer maintained, but generated as-needed
by the processfail script
* Update format of failure file (records both initial failure date and
most recent failure date)
of stale entries (removed ports, ports listed in duds that were mistakenly
built, malformed entries) and refreshes the version of entries to the
latest in INDEX. This must be run under lockf (see the comments in the
script) to avoid racing with portbuild which also tries to write to
these files.
processing (e.g. transfer to ftp site). It was taking up too much disk
space to collect distfiles for 14 architecture/version combinations
(including the backup set from the previous run).
Put the cvsdone files in the arch/branch subdirectory, not arch/.
of having the clients scp their loads to bento every 10 seconds. Fix
some indentation and add some sleeps to make sure the startup script
doesn't run too early in the boot process.
Add some new command-line options:
* -continue : restart the build without rebuilding ports that have
already failed
* -nofinish : don't run the post-processing steps when the build finishes
* -finish : run the post-processing steps only
Reorder some code sections appropriately
and removed files.
This can be used as the basis of a pkg-plist, or even just for
curiosity about what files something is touching.
Fairly raw at the moment, and doubtless inefficient, but it should
make a useful tool for port creators.
PR: ports/47424
Submitter: Daniel O'Connor <doconnor@gsoft.com.au>
- Set the UNAME_* variables to make use of the override support in uname(1)
This allows us to get rid of the uname shell script in the build chroots
- Collect some variables that are probably old and mouldy, for later GCing
- If FETCH_ORIGINAL is set in the environment, don't fetch from ftp-master
hosts (non-freefall)" bug: add '-A' argument to ssh(1) command line
for accessing host cointaining modules file. This should fix the
bug for ssh-agent(1) users. Others can just switch to using
ssh-agent(1).
Approved by: will (maintainer)
in portbuild.conf). [1]
* Build stage 2 builds in a jail instead of a chroot. This allows us to
detect ports that attempt IP communication during the build, as well as
allowing clean termination of the port build (packages built in a chroot
can leave processes hanging around after the build finishes). There
are some caveats with this approach which will be worked around in a
future commit.
Requested by: peter [1]
are now collected by polling a small server on the client (using netcat)
instead of having the client scp the load files to the master every 10
seconds (!!!)
- Call processfail to produce 'new port failures' page
- Comment out the 'comparelogs' calls for now until I make them aware
of architectures that don't have 4.x support
and 'buildfailure' and produce a HTML output listing ports with the date
they became broken. The output can surely be made more useful (e.g. it
always links to the ${branch}-latest logs, which may not exist when the
build-in-progress has not yet attempted the build of that port).
keep track of the number of times a port has failed to build, resetting
the counter when it builds successfully. There are still some bugs to be
worked out, but this will be used as the basis for maintainer notification
of port failures.
- Increase timeout to 2 hours (needs to be arch-specific)
- Mount nfs filesystems with nfsv3,intr (the latter so that clients do
not hang if bento panics)
- Run pnohang.${arch} on clients instead of pnohang
- Support builds as non-privileged user
- Increase timeout to 8 hours (this needs to be made per-arch so it
doesn't overly pessimize fast client machines)
- Support building as a non-privileged user
- Use $INDEXFILE
- Use makeparallel script instead of 'make parallel'
- Support building packages as a non-privileged user (needs root access
to client machines)
- Switch to using ${arch}/${branch} subdirectory instead of ${branch}
- export INDEXFILE, MACHINE_ARCH and ARCH variables
- Add (commented out) FETCH_BEFORE_ARGS setting
- Add MASTER_SITE_OVERRIDE to fetch from ftp://bento
- Zap some mouldy old unused variables
from recursive dependency builds a la:
make DEPENDS_TARGET='install package clean' all install package clean
The pkg-list script obtains a list of the packages in the dependency
directories; the pkg-stash script moves them away to a predefined
directory, adding a timestamp to the package file name. This is
convenient for keeping ready-built packages for system rescue
activities.
