├── .ruff.toml
├── requirements-dev.txt
├── .dockerignore
├── docker
    ├── buildworker
    │   ├── files
    │   │   ├── entry.sh
    │   │   └── start.sh
    │   └── Dockerfile
    ├── rsync
    │   ├── Dockerfile
    │   └── files
    │   │   └── entry.sh
    ├── buildmaster
    │   ├── files
    │   │   ├── entry.sh
    │   │   └── start.sh
    │   └── Dockerfile
    ├── certs
    │   ├── buildmaster-phase1.crt
    │   ├── buildmaster-phase2.crt
    │   ├── ca.crt
    │   ├── ca.key
    │   ├── buildmaster-phase1.key
    │   └── buildmaster-phase2.key
    ├── docker-compose.yml
    └── config.ini
├── README.md
├── .gitlab
    ├── docker
    │   ├── README.md
    │   ├── buildmaster
    │   │   └── gitlab.yml
    │   └── buildworker
    │   │   └── gitlab.yml
    └── docker.yml
├── .flake8
├── tests
    └── cram
    │   ├── master
    │       ├── 02-apk.t
    │       └── 01-logs.t
    │   └── worker
    │       └── 01-logs.t
├── scripts
    ├── rsync.sh
    ├── sec2pubkey.pl
    ├── ccache.sh
    ├── findbin.pl
    ├── cleanup.sh
    ├── sha2rsync.pl
    ├── makebranch.sh
    └── signall.sh
├── .gitlab-ci.yml
├── .github
    ├── dependabot.yml
    └── workflows
    │   └── build-push.yml
├── .gitignore
├── phase1
    ├── buildbot.tac
    ├── config.ini.example
    └── master.cfg
└── phase2
    ├── buildbot.tac
    ├── config.ini.example
    └── master.cfg


/.ruff.toml:
--------------------------------------------------------------------------------
1 | ignore = ["E501"]
2 | 


--------------------------------------------------------------------------------
/requirements-dev.txt:
--------------------------------------------------------------------------------
1 | cram==0.7
2 | black==23.12.1
3 | ruff==0.1.9
4 | flake8==6.1.0
5 | 


--------------------------------------------------------------------------------
/.dockerignore:
--------------------------------------------------------------------------------
1 | docker/rsync
2 | !docker/rsync/files
3 | docker/build
4 | docker/docker-compose.yml
5 | 


--------------------------------------------------------------------------------
/docker/buildworker/files/entry.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | 
3 | chown buildbot:buildbot /builder
4 | 
5 | /usr/sbin/gosu buildbot "$@"
6 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # OpenWrt buildbot configuration
2 | 
3 | This repository provides containers used for building OpenWrt at https://buildbot.openwrt.org
4 | 


--------------------------------------------------------------------------------
/.gitlab/docker/README.md:
--------------------------------------------------------------------------------
1 | # Content
2 | 
3 | This directory contains bits for Docker images used on the GitLab CI.
4 | 
5 | ## buildmaster
6 | ## buildworker
7 | 


--------------------------------------------------------------------------------
/.flake8:
--------------------------------------------------------------------------------
1 | [flake8]
2 | max-line-length = 140
3 | per-file-ignores =
4 |     phase2/master.cfg: E101,E117,E128,E201,E202,E203,E221,E225,E251,E266,E302,E305,E501,W191
5 | 


--------------------------------------------------------------------------------
/tests/cram/master/02-apk.t:
--------------------------------------------------------------------------------
1 | Check that apk is available and usable in master container:
2 | 
3 |   $ docker run --entrypoint apk local/master | grep usage
4 |   usage: apk [<OPTIONS>...] COMMAND [<ARGUMENTS>...]
5 | 


--------------------------------------------------------------------------------
/scripts/rsync.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -x
 2 | 
 3 | export LC_ALL=C
 4 | 
 5 | set -o pipefail
 6 | 
 7 | PV=`which pv`
 8 | RSYNC=rsync
 9 | 
10 | if [[ -x $PV ]]; then
11 | 	$RSYNC "$@" | $PV -t -i 60 -f
12 | else
13 | 	$RSYNC "$@"
14 | fi
15 | 


--------------------------------------------------------------------------------
/tests/cram/master/01-logs.t:
--------------------------------------------------------------------------------
1 | Check that logs have expected content after container startup:
2 | 
3 |   $ docker logs test-master
4 |   updating existing installation
5 |   creating /master/master.cfg.sample
6 |   creating database (sqlite:///state.sqlite)
7 |   buildmaster configured in /master
8 | 


--------------------------------------------------------------------------------
/.gitlab-ci.yml:
--------------------------------------------------------------------------------
 1 | variables:
 2 |   BUILDBOT_VERSION: 3.5.0
 3 |   OPENWRT_VERSION: $CI_COMMIT_SHORT_SHA
 4 | 
 5 | include:
 6 |   - local: .gitlab/docker.yml
 7 |   - local: .gitlab/docker/buildmaster/gitlab.yml
 8 |   - local: .gitlab/docker/buildworker/gitlab.yml
 9 | 
10 | stages:
11 |   - docker
12 |   - docker test
13 |   - docker deploy
14 | 


--------------------------------------------------------------------------------
/docker/rsync/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM debian:12
 2 | 
 3 | COPY docker/rsync/files/entry.sh /entry.sh
 4 | 
 5 | RUN apt-get update && \
 6 |     apt-get -y install rsync && \
 7 |     apt-get clean && \
 8 |     mkdir -p /data && \
 9 |     chmod 0755 /entry.sh
10 | 
11 | EXPOSE 873
12 | VOLUME [ "/data" ]
13 | ENTRYPOINT [ "/entry.sh" ]
14 | HEALTHCHECK CMD xargs kill -0 < /tmp/rsyncd.pid
15 | 


--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
 1 | # Set update schedule for GitHub Actions
 2 | 
 3 | version: 2
 4 | updates:
 5 | 
 6 |   - package-ecosystem: "github-actions"
 7 |     directory: "/"
 8 |     schedule:
 9 |       # Check for updates to GitHub Actions every week
10 |       interval: "weekly"
11 |     # Prefix all commit messages with "CI" plus its scope, that is, a
12 |     # list of updated dependencies
13 |     commit-message:
14 |       prefix: "CI"
15 |       include: "scope"
16 | 


--------------------------------------------------------------------------------
/tests/cram/worker/01-logs.t:
--------------------------------------------------------------------------------
 1 | Check that logs have expected content after container startup:
 2 | 
 3 |   $ docker logs test-worker
 4 |   updating existing installation
 5 |   mkdir /builder/info
 6 |   Creating info/admin, you need to edit it appropriately.
 7 |   Creating info/host, you need to edit it appropriately.
 8 |   Not creating info/access_uri - add it if you wish
 9 |   Please edit the files in /builder/info appropriately.
10 |   worker configured in /builder
11 | 


--------------------------------------------------------------------------------
/docker/buildmaster/files/entry.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | for dir in /master /config /certs /home/buildbot; do
 4 |   [ -d "$dir" ] || continue 
 5 | 
 6 |   chown --recursive buildbot:buildbot "$dir"
 7 |   chmod 0700 "$dir"
 8 | done
 9 | 
10 | if [ -S "/home/buildbot/.gnupg/S.gpg-agent" ]; then
11 | 	chown buildbot:buildbot /home/buildbot/.gnupg/S.gpg-agent
12 | 	chmod 0600 /home/buildbot/.gnupg/S.gpg-agent
13 | fi
14 | 
15 | /usr/sbin/gosu buildbot /start.sh "$@"
16 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | *
 2 | !.gitignore
 3 | !.dockerignore
 4 | !build-docker-images.sh
 5 | !docker
 6 | !docker/*
 7 | !docker/*/*
 8 | !docker/*/*/*
 9 | docker/build
10 | !scripts
11 | !scripts/*
12 | !phase[12]
13 | !phase[12]/*
14 | phase[12]/*/*
15 | phase[12]/config.ini
16 | phase[12]/http.log
17 | phase[12]/key-build*
18 | phase[12]/state.sqlite*
19 | phase[12]/twistd.*
20 | !.gitlab-ci.yml
21 | !.gitlab
22 | !.gitlab/*
23 | !.gitlab/**/*
24 | !.github
25 | !.github/**/*
26 | !requirements-dev.txt
27 | !.ruff.toml
28 | !tests
29 | !tests/**/*
30 | !.flake8
31 | 


--------------------------------------------------------------------------------
/scripts/sec2pubkey.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env perl
 2 | 
 3 | use strict;
 4 | use MIME::Base64;
 5 | 
 6 | my @lines = (-t STDIN) ? () : <>;
 7 | 
 8 | if (@lines == 0) {
 9 | 	die "Usage: $0 < key.sec > key.pub\n";
10 | }
11 | 
12 | my $seckey = decode_base64(pop @lines);
13 | my $comment = shift(@lines) || "untrusted comment: secret key";
14 | 
15 | chomp($comment);
16 | 
17 | $comment =~ s/\bsecret key$/public key/;
18 | 
19 | if (length($seckey) != 104) {
20 | 	die "Unexpected secret key length\n";
21 | }
22 | 
23 | my $pubkey = encode_base64(substr($seckey, 0, 2) . substr($seckey, 32, 8) . substr($seckey, 72), "");
24 | 
25 | printf "%s\n%s\n", $comment, $pubkey;
26 | 


--------------------------------------------------------------------------------
/scripts/ccache.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | export LC_ALL=C
 4 | 
 5 | mkdir -p "$HOME/.ccache" || exit 1
 6 | 
 7 | grep -sq max_size "$HOME/.ccache/ccache.conf" || \
 8 | 	echo "max_size = 10.0G" >> "$HOME/.ccache/ccache.conf" || exit 1
 9 | 
10 | grep -sq compiler_check "$HOME/.ccache/ccache.conf" || \
11 | 	echo "compiler_check = %compiler% -dumpmachine; %compiler% -dumpversion" >> "$HOME/.ccache/ccache.conf" || exit 1
12 | 
13 | for dir in $(make --no-print-directory val.TOOLCHAIN_DIR val.STAGING_DIR val.STAGING_DIR_HOST V=s | grep staging_dir/); do
14 | 	if [ ! -L "$dir/ccache" ] || [ -L "$dir/ccache" -a ! -d "$dir/ccache" ]; then
15 | 		mkdir -vp "$dir" || exit 1
16 | 		rm -vrf "$dir/ccache" || exit 1
17 | 		ln -vs "$HOME/.ccache" "$dir/ccache" || exit 1
18 | 	fi
19 | done
20 | 
21 | exit 0
22 | 


--------------------------------------------------------------------------------
/docker/buildmaster/files/start.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | case "${1:-start}" in
 4 | 	reconfig)
 5 | 		exec /opt/venv/bin/buildbot reconfig /master
 6 | 	;;
 7 | 	start)
 8 | 		case "${BUILDMASTER_PHASE:-1}" in
 9 | 			1|2)
10 | 				cp /phase${BUILDMASTER_PHASE:-1}/config.ini.example /master/
11 | 			;;
12 | 			*)
13 | 				echo "Invalid BUILDMASTER_PHASE given. Must be either '1' or '2'" >&2
14 | 				exit 1
15 | 			;;
16 | 		esac
17 | 
18 | 		/opt/venv/bin/buildbot create-master --config=/phase${BUILDMASTER_PHASE:-1}/master.cfg /master
19 | 
20 | 		unset BUILDMASTER_PHASE
21 | 
22 | 		rm -f /master/twistd.pid
23 | 		exec /opt/venv/bin/buildbot start --nodaemon /master
24 | 	;;
25 | 	/*)
26 | 		exec "$@"
27 | 	;;
28 | 	*)
29 | 		echo "Unknown command given. Must be either 'start' or 'reconfig'" >&2
30 | 		exit 1
31 | 	;;
32 | esac
33 | 


--------------------------------------------------------------------------------
/.gitlab/docker/buildmaster/gitlab.yml:
--------------------------------------------------------------------------------
 1 | build Docker image buildmaster:
 2 |   stage: docker
 3 |   extends: .build Docker image
 4 | 
 5 | test Docker image buildmaster:
 6 |   stage: docker test
 7 |   extends: .docker in docker
 8 |   needs: ["build Docker image buildmaster"]
 9 |   script:
10 |     - export IMAGE_NAME="$(echo $CI_JOB_NAME | sed 's/test Docker image \(.*\)/\1/')"
11 |     - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
12 |     - docker pull "$CI_REGISTRY_IMAGE/$IMAGE_NAME-$BUILDBOT_VERSION:$CI_COMMIT_REF_SLUG"
13 |     - >
14 |       docker run --rm "$CI_REGISTRY_IMAGE/$IMAGE_NAME-$BUILDBOT_VERSION:$CI_COMMIT_REF_SLUG" |
15 |       grep "buildmaster configured in /master"
16 | 
17 | deploy Docker image buildmaster:
18 |   stage: docker deploy
19 |   extends: .deploy Docker image
20 |   needs: ["test Docker image buildmaster"]
21 | 


--------------------------------------------------------------------------------
/docker/rsync/files/entry.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | (
 4 | 	echo "use chroot = yes"
 5 | 	echo "[${SHARE_NAME:-data}]"
 6 | 	echo "log file = /dev/null"
 7 | 	echo "uid = ${SHARE_UID:-1000}"
 8 | 	echo "gid = ${SHARE_GID:-1000}"
 9 | 	echo "path = /data"
10 | 	echo "read only = false"
11 | 	echo "write only = false"
12 | 	echo "comment = ${SHARE_COMMENT:-Rsync data share}"
13 | 
14 | 	if [ -n "$SHARE_USER" -a -n "$SHARE_PASSWORD" ]; then
15 | 		echo "auth users = $SHARE_USER"
16 | 		echo "secrets file = /rsyncd.secrets"
17 | 	fi
18 | ) > /rsyncd.conf
19 | 
20 | if [ -n "$SHARE_USER" -a -n "$SHARE_PASSWORD" ]; then
21 | 	echo "$SHARE_USER:$SHARE_PASSWORD" > /rsyncd.secrets
22 | 	chmod 0600 /rsyncd.secrets
23 | fi
24 | 
25 | chown "${SHARE_UID:-1000}:${SHARE_GID:-1000}" /data
26 | 
27 | rm -f /tmp/rsyncd.pid
28 | 
29 | exec /usr/bin/rsync --daemon --no-detach --config=/rsyncd.conf --log-file=/dev/stdout --dparam=pidfile=/tmp/rsyncd.pid "$@"
30 | 


--------------------------------------------------------------------------------
/.gitlab/docker/buildworker/gitlab.yml:
--------------------------------------------------------------------------------
 1 | build Docker image buildworker:
 2 |   stage: docker
 3 |   extends: .build Docker image
 4 | 
 5 | .test Docker image buildworker:
 6 |   stage: docker test
 7 |   extends: .docker in docker
 8 |   needs: ["build Docker image buildworker"]
 9 |   script:
10 |     - export IMAGE_NAME="$(echo $CI_JOB_NAME | sed 's/test Docker image \(.*\)/\1/')"
11 |     - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
12 |     - docker pull "$CI_REGISTRY_IMAGE/$IMAGE_NAME-$BUILDBOT_VERSION:$CI_COMMIT_REF_SLUG"
13 |     - >
14 |       docker run --rm --env BUILDWORKER_NAME=foo --env BUILDWORKER_PASSWORD=XXX
15 |       "$CI_REGISTRY_IMAGE/$IMAGE_NAME-$BUILDBOT_VERSION:$CI_COMMIT_REF_SLUG" |
16 |       grep "worker configured in /builder"
17 | 
18 | deploy Docker image buildworker:
19 |   stage: docker deploy
20 |   extends: .deploy Docker image
21 |   #needs: ["test Docker image buildworker"]
22 | 


--------------------------------------------------------------------------------
/docker/buildworker/files/start.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | cleanup_buildworker_env_variables() {
 4 | 	for var in "${!BUILDWORKER_@}"; do
 5 | 		unset "$var"
 6 | 	done
 7 | }
 8 | 
 9 | [ -n "$BUILDWORKER_NAME" ] || {
10 | 	echo "Please supply a name via --env BUILDWORKER_NAME=XXX" >&2
11 | 	exit 1
12 | }
13 | 
14 | [ -n "$BUILDWORKER_PASSWORD" ] || {
15 | 	echo "Please supply a password via --env BUILDWORKER_PASSWORD=XXX" >&2
16 | 	exit 2
17 | }
18 | 
19 | rm -f /builder/buildbot.tac
20 | 
21 | /opt/venv/bin/buildbot-worker create-worker \
22 | 	--force \
23 | 	--umask="0o22" \
24 | 	${BUILDWORKER_TLS:+--connection-string="SSL:$BUILDWORKER_MASTER"} \
25 | 	/builder \
26 | 	"$BUILDWORKER_MASTER" \
27 | 	"$BUILDWORKER_NAME" \
28 | 	"$BUILDWORKER_PASSWORD"
29 | 
30 | echo "$BUILDWORKER_ADMIN" > /builder/info/admin
31 | echo "$BUILDWORKER_DESCRIPTION" > /builder/info/host
32 | 
33 | cleanup_buildworker_env_variables
34 | rm -f /builder/twistd.pid
35 | exec /opt/venv/bin/buildbot-worker start --nodaemon /builder
36 | 


--------------------------------------------------------------------------------
/phase1/buildbot.tac:
--------------------------------------------------------------------------------
 1 | import os
 2 | 
 3 | from twisted.application import service
 4 | from buildbot.master import BuildMaster
 5 | 
 6 | basedir = '.'
 7 | rotateLength = 10000000
 8 | maxRotatedFiles = 10
 9 | configfile = 'master.cfg'
10 | 
11 | # Default umask for server
12 | umask = None
13 | 
14 | # if this is a relocatable tac file, get the directory containing the TAC
15 | if basedir == '.':
16 |     import os
17 |     basedir = os.path.abspath(os.path.dirname(__file__))
18 | 
19 | # note: this line is matched against to check that this is a buildmaster
20 | # directory; do not edit it.
21 | application = service.Application('buildmaster')
22 | from twisted.python.logfile import LogFile
23 | from twisted.python.log import ILogObserver, FileLogObserver
24 | logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength,
25 |                                 maxRotatedFiles=maxRotatedFiles)
26 | application.setComponent(ILogObserver, FileLogObserver(logfile).emit)
27 | 
28 | m = BuildMaster(basedir, configfile, umask)
29 | m.setServiceParent(application)
30 | m.log_rotation.rotateLength = rotateLength
31 | m.log_rotation.maxRotatedFiles = maxRotatedFiles
32 | 


--------------------------------------------------------------------------------
/phase2/buildbot.tac:
--------------------------------------------------------------------------------
 1 | import os
 2 | 
 3 | from twisted.application import service
 4 | from buildbot.master import BuildMaster
 5 | 
 6 | basedir = '.'
 7 | rotateLength = 10000000
 8 | maxRotatedFiles = 10
 9 | configfile = 'master.cfg'
10 | 
11 | # Default umask for server
12 | umask = None
13 | 
14 | # if this is a relocatable tac file, get the directory containing the TAC
15 | if basedir == '.':
16 |     import os
17 |     basedir = os.path.abspath(os.path.dirname(__file__))
18 | 
19 | # note: this line is matched against to check that this is a buildmaster
20 | # directory; do not edit it.
21 | application = service.Application('buildmaster')
22 | from twisted.python.logfile import LogFile
23 | from twisted.python.log import ILogObserver, FileLogObserver
24 | logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength,
25 |                                 maxRotatedFiles=maxRotatedFiles)
26 | application.setComponent(ILogObserver, FileLogObserver(logfile).emit)
27 | 
28 | m = BuildMaster(basedir, configfile, umask)
29 | m.setServiceParent(application)
30 | m.log_rotation.rotateLength = rotateLength
31 | m.log_rotation.maxRotatedFiles = maxRotatedFiles
32 | 


--------------------------------------------------------------------------------
/docker/certs/buildmaster-phase1.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDbjCCAlYCFBczjElNehQ1sSWjdvGyPBET3j3eMA0GCSqGSIb3DQEBCwUAMGgx
 3 | CzAJBgNVBAYTAlhYMQ4wDAYDVQQIDAVXb3JsZDEiMCAGA1UECgwZQnVpbGRib3Qg
 4 | Q29tcG9zZXIgVGVzdGluZzElMCMGA1UECwwcQnVpbGRib3QgQ29tcG9zZXIgVGVz
 5 | dGluZyBDQTAeFw0yMDAyMDMxNjUwMjlaFw0zMDAxMzExNjUwMjlaMH8xCzAJBgNV
 6 | BAYTAlhYMQ4wDAYDVQQIDAVXb3JsZDEfMB0GA1UECgwWQnVpbGRib3QgQ29tcG9z
 7 | ZXIgVGVzdDEiMCAGA1UECwwZQnVpbGRib3QgQ29tcG9zZXIgVGVzdCBDQTEbMBkG
 8 | A1UEAwwSYnVpbGRtYXN0ZXItcGhhc2UxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 9 | MIIBCgKCAQEAq1b4I44iYmhue1+IPSdeqcK7IL+INl/l2EE1Yw51Z+fPazkZdpiw
10 | +ZkB+dOdhiOL4+LW9SnrCUQ5CBOW8unG+nG7mvi63Pv61G5WLGlqW1pl6+Rt2Cpc
11 | CIhDcxRB+xzt1Yiu+BT+EIZO8NCLl+NHPgNrB1b2B8WmIEfWp/zEtaCTROWsHnax
12 | 1LUaP/mis1exRA1ITCNMwb1drP1eWRw99zGP2ax7nnju4zRK4QiQj3V/SNXqprvS
13 | kAAEogMtnsC6LIqPDABz/lcrfXhbbi4+MGmcy1Wz6ukDkusDf0jhssjVl29d9kL2
14 | grLohPHbmsQqEsumd6/6KUkybwHkdPQc0QIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
15 | AQCd89o+MOX3//XtgsreITq8PVbY8MEATEbd1Q5F0VgMvzVMh0Agzy5zfvNtPfUK
16 | Grj2kTuL9H1TlPvIJ9x4+n6mqbXp46ajIWWlJ22lCV1vgtvA245YnmZKPlFw1FtS
17 | GU0AaIU76VLmlb6NH6sMdRX3/11WpdUJd46kyf/hkXlwk/sG7XR+IVB7cyE/iufq
18 | TTyGU9cUSEq6baYUOW2mVl91XCY2l9s7ZCIAG0MKw7aA0nOBfIutAhnXhhcWjUvp
19 | 9KOkUx14REM7x5mTtiAUwjs7d/6JDT+k2giWm01ca9Wyf2x2kND4fJOepAHIzXBI
20 | fRN/b8wrmWeAyFMBg6v/HG3u
21 | -----END CERTIFICATE-----
22 | 


--------------------------------------------------------------------------------
/docker/certs/buildmaster-phase2.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDbjCCAlYCFBczjElNehQ1sSWjdvGyPBET3j3fMA0GCSqGSIb3DQEBCwUAMGgx
 3 | CzAJBgNVBAYTAlhYMQ4wDAYDVQQIDAVXb3JsZDEiMCAGA1UECgwZQnVpbGRib3Qg
 4 | Q29tcG9zZXIgVGVzdGluZzElMCMGA1UECwwcQnVpbGRib3QgQ29tcG9zZXIgVGVz
 5 | dGluZyBDQTAeFw0yMDAyMDMxNjUwMzdaFw0zMDAxMzExNjUwMzdaMH8xCzAJBgNV
 6 | BAYTAlhYMQ4wDAYDVQQIDAVXb3JsZDEfMB0GA1UECgwWQnVpbGRib3QgQ29tcG9z
 7 | ZXIgVGVzdDEiMCAGA1UECwwZQnVpbGRib3QgQ29tcG9zZXIgVGVzdCBDQTEbMBkG
 8 | A1UEAwwSYnVpbGRtYXN0ZXItcGhhc2UyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 9 | MIIBCgKCAQEAzuwsg3UgB1/xlhuOPF1uXkmsooEyof+/x0rZhDDURCPr8bjGUvzr
10 | WsHcKqrQCujVslVFDSqusmrhM2ONFaIbr3dGSPXBbCRfT6pi6f6XcvPtaeWcOA/g
11 | rXqb7wVUQf8t31lQhWexqmc2lietF6wC2iBOvi7/G352NkYOwy+cyodq9VUQkvT2
12 | BmL/B9On4SQkhblhovN4TtcvyRNuT87J+4yn8GmAu586Gss5xhvFIxnr016vxA/M
13 | NShKLGjsgWzn6THaJTTtAQYlBpRSkoFo+mOXHXqB/WSU0MNDybxu3Puqha8vRFMT
14 | crynEuGya9bpUMdvBedDDmH7aCmUJp0lIQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
15 | AQC/DWvwWNUBAD8znaIcNPYO3Ua4UL/ozERuij5VvZjf9ic0Pzq92qLQkTyDIlGP
16 | 7hL4Tp3g/PaGTg8A4LZfTrt1sPOHXHYR0Ysiw5iYgcljsmUoKWsh6SFaPDS4JnFG
17 | tKE4FJ4YtZOgB2fo2yRuJTGQUDyEYCfpCvhUKlMpofFM2Y/Fu1xZR/c+dxsazNHe
18 | GOqPIRPcbXGcK97H3EasBJ7oHrGV3HqOjkT+Y936Esgr6Y/jJi9NVNeV6Fwu8nWj
19 | O16Q3Yxj1G28uMcbv54SbJ0DzdXfrVs8ylFYd4becVEx2h03qthBM5j70epaHvrP
20 | HFA34mxzOcCsZ3Gc+4qsAOQp
21 | -----END CERTIFICATE-----
22 | 


--------------------------------------------------------------------------------
/docker/certs/ca.crt:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDsTCCApmgAwIBAgIUUmlVvmL3Dz698ZIH9IZ95NfWyW8wDQYJKoZIhvcNAQEL
 3 | BQAwaDELMAkGA1UEBhMCWFgxDjAMBgNVBAgMBVdvcmxkMSIwIAYDVQQKDBlCdWls
 4 | ZGJvdCBDb21wb3NlciBUZXN0aW5nMSUwIwYDVQQLDBxCdWlsZGJvdCBDb21wb3Nl
 5 | ciBUZXN0aW5nIENBMB4XDTIwMDIwMzE2NTAxNVoXDTI5MTEwMjE2NTAxNVowaDEL
 6 | MAkGA1UEBhMCWFgxDjAMBgNVBAgMBVdvcmxkMSIwIAYDVQQKDBlCdWlsZGJvdCBD
 7 | b21wb3NlciBUZXN0aW5nMSUwIwYDVQQLDBxCdWlsZGJvdCBDb21wb3NlciBUZXN0
 8 | aW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZNSkk631K+0
 9 | A+R8HJszw0hqWQo46E3SfYpc746JejXhhrASpKiOHZo2TLuQ4g1XBHsUbY3yt3kp
10 | wW3IR/WomxecfadM+g9JPWNzmAvrhqvE9SFrp6uC0q70Kz9huYq8mu+/n6uds+Bt
11 | RJfdGXxzUMCpUmtlybTqT11nkkRYtWyH/l+PHDpephrqCXd7Zx47q9d4ypavo584
12 | nQ68bV8xosSM/SL1Yo7tkP64WQEsvuA6nhpXIjnlpHVsKhnxxuFGgDGqAkiogdjY
13 | hHIqSRngIlG1yQSATMgyiINYqvloFR0/q1CoU15021l5OnA3ddshYivCPWZIFvNN
14 | eTkF5dxpQQIDAQABo1MwUTAdBgNVHQ4EFgQUe9rUZI62smrqO3x4BOxRJDjuYP8w
15 | HwYDVR0jBBgwFoAUe9rUZI62smrqO3x4BOxRJDjuYP8wDwYDVR0TAQH/BAUwAwEB
16 | /zANBgkqhkiG9w0BAQsFAAOCAQEAPzvuWMXNuP9mTHQ9Jni2ytMXjtvW70G6QUVM
17 | 36JssU7S2kyGGtXepgtuqQ1qwCcU+IZUhbGjr8uoD6hnD/GFxHO1SAJFM1E1qw+U
18 | 2aUreE/DjSLJPj3aHorw19tpnEhzGhd3sK4IruI2iyzm7bBrHjT27u7Vhb5T9O1Q
19 | HWjcM80ntuBZBWZoIb8SCQSXJF0bVSwXEPtr1l6t5iSbe9GDS4BrrRedCIEOlCk4
20 | 2WiKi1gACmxmI9Tz8alZPpzuxWs10Ft6FVHjLsH6ovDjMCBwxie2HxUaIzUK9Huq
21 | X4j0ifxFUcknI5YTWM/zUSWqFJo2aBgsgq7Q9VVr+D2UiBjSVQ==
22 | -----END CERTIFICATE-----
23 | 


--------------------------------------------------------------------------------
/scripts/findbin.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env perl
 2 | 
 3 | use strict;
 4 | use warnings;
 5 | 
 6 | sub vernum($) {
 7 | 	if ($_[0] =~  m!^((?:\d+\.)+\d+)$!) {
 8 | 		my ($maj, $min) = split /\./, $1;
 9 | 		return int($maj) * 256 + int($min);
10 | 	}
11 | 
12 | 	return 0;
13 | }
14 | 
15 | sub vercmp($$$) {
16 | 	my ($op, $v1, $v2) = @_;
17 | 
18 | 	if    ($op eq 'lt') { return $v1  < $v2 }
19 | 	elsif ($op eq 'le') { return $v1 <= $v2 }
20 | 	elsif ($op eq 'gt') { return $v1  > $v2 }
21 | 	elsif ($op eq 'ge') { return $v1 >= $v2 }
22 | 	elsif ($op eq 'eq') { return $v1 == $v2 }
23 | 
24 | 	return 0;
25 | }
26 | 
27 | sub findbin($$$) {
28 | 	my ($basename, $compare, $maxvstr) = @_;
29 | 
30 | 	my $lastversion = 0;
31 | 	my $cmpversion = vernum($maxvstr);
32 | 	my $prog = undef;
33 | 
34 | 	foreach my $dir (split /:/, $ENV{'PATH'}) {
35 | 		foreach my $bin (glob("$dir/$basename?*"), "$dir/$basename") {
36 | 			if (-x $bin && open BIN, '-|', $bin, '--version') {
37 | 				my $vers = 0;
38 | 				my $line = readline(BIN) || '';
39 | 
40 | 				foreach my $token (split /\s+/, $line) {
41 | 					$vers = vernum($token);
42 | 					last if $vers > 0;
43 | 				}
44 | 
45 | 				if ($vers > 0 && (!$cmpversion || vercmp($compare, $vers, $cmpversion))) {
46 | 					if ($vers > $lastversion) {
47 | 						$lastversion = $vers;
48 | 						$prog = $bin;
49 | 					}
50 | 				}
51 | 
52 | 				close BIN;
53 | 			}
54 | 		}
55 | 	}
56 | 
57 | 	return $prog;
58 | }
59 | 
60 | my $bin = findbin($ARGV[0], $ARGV[1], $ARGV[2]);
61 | 
62 | if (defined $bin) {
63 | 	printf "%s\n", $bin;
64 | 	exit 0;
65 | }
66 | else {
67 | 	warn "Cannot find a $ARGV[0] command with version $ARGV[1] $ARGV[2]\n";
68 | 	exit 1;
69 | }
70 | 


--------------------------------------------------------------------------------
/docker/certs/ca.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEowIBAAKCAQEAyZNSkk631K+0A+R8HJszw0hqWQo46E3SfYpc746JejXhhrAS
 3 | pKiOHZo2TLuQ4g1XBHsUbY3yt3kpwW3IR/WomxecfadM+g9JPWNzmAvrhqvE9SFr
 4 | p6uC0q70Kz9huYq8mu+/n6uds+BtRJfdGXxzUMCpUmtlybTqT11nkkRYtWyH/l+P
 5 | HDpephrqCXd7Zx47q9d4ypavo584nQ68bV8xosSM/SL1Yo7tkP64WQEsvuA6nhpX
 6 | IjnlpHVsKhnxxuFGgDGqAkiogdjYhHIqSRngIlG1yQSATMgyiINYqvloFR0/q1Co
 7 | U15021l5OnA3ddshYivCPWZIFvNNeTkF5dxpQQIDAQABAoIBAAxvbTmfZ5HUYQuY
 8 | bdup63CRqBXkHoyeOG0MOx2AMpT6e/Y+KHhF+bZzzAPB0ndPkV2yZhk4F5AgBmZr
 9 | al6eFg+zTjEmQAZxKPiDiR8JJTeCozzoGecXGpP6vQ9p8pJqr6XzQmQMR0dQgg0o
10 | PTiUR9zkdc2i2H2wDoBk573LP5m5gzRzGSJe4WvhFKKEjjae3CrHdMUYjOdu85D7
11 | qExvo45GaWN9uo0Ylgmt1jNkjO411cv9vAB6WTg1Lw93pV9blih4aoII5KXhk/3V
12 | gHhLElrxrLs4ckeG19fUHEs/xuFaFPPMWhPf5crGvtOP1UyzlNMvYsME7xQfEjEV
13 | VzLEDq0CgYEA9B8zq9BC5YIPtEpiuwgNYmIYx5KY5BMfwuE3jW/BG5E6T+wOAT9a
14 | Ohw5iOKetUYmYyPQn1KWHzumXG/lMkrdsRCffZVpdMJSl+/E0F8l6M6spwpbtCD7
15 | 724pWusWP+gZEXyeo2Sos32euzJs8b5NrMUL4XPbXdoZVGIXfoeFNp8CgYEA02Io
16 | 8C8nzIwsGnsw0aV45VdyGrywOqCnSarrjfa4PNNMljn6i/0D//4N8mh4Ws2WsvQU
17 | qChkKITlpkJsq0kLZxUdWcvzvNlH9EFBHoiImUvq+5DOD5ucr5b3hZwrtnI6C76J
18 | oSB7BCAV8oDpMYwvtahRlkxQ+Lv8typIc8vNtB8CgYEAkblCbfB+zmPKHhQ9RWo0
19 | GyN1qURQMe1ci0dHkw0/18Xkair93S7FHGUWzyiAFrOOXKXXdhOle3VvBETjKxdX
20 | qMfEfQHAlqsdBIdjFAOILKWamIftX+REn5NB6nzkpjdVJ4Qdamm+7o4xP4uFTvUL
21 | hvOE+QrgyvBTKHT5k1UwZv8CgYBDg6KXtDf9+PdNLfOVwkgu2BM1vvZ6gz1rJhA+
22 | M4L8ynA3uyTu+U0Bwl8qAXwPZIKxfYvreZsj5e6Df8u9mYLu1aueNqoOs0dsGDt4
23 | SRt3+ut+le16xrTw0EMWhZ7gkvM/NQg4Umt4EddwsQPKM4A5gR0t6Aokp8Y7qmGh
24 | uoJk+QKBgCMEeqEfsuQ8iYfeVNjxoZnTJsWN1cb/ZZzCfHx/Fbo1XXDchcB7MNNM
25 | 56Y6eVRs0tz9f+UNNnKaRNIjJUfqnibsInfBYf7wYJbG4azyD1jORCpf53srOAue
26 | 3gLVBrzUbaul5nRNHLVsTB7Io+vlNTlQ5PJ6OEblIQcZmukeQ9Fo
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/docker/certs/buildmaster-phase1.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEpQIBAAKCAQEAq1b4I44iYmhue1+IPSdeqcK7IL+INl/l2EE1Yw51Z+fPazkZ
 3 | dpiw+ZkB+dOdhiOL4+LW9SnrCUQ5CBOW8unG+nG7mvi63Pv61G5WLGlqW1pl6+Rt
 4 | 2CpcCIhDcxRB+xzt1Yiu+BT+EIZO8NCLl+NHPgNrB1b2B8WmIEfWp/zEtaCTROWs
 5 | Hnax1LUaP/mis1exRA1ITCNMwb1drP1eWRw99zGP2ax7nnju4zRK4QiQj3V/SNXq
 6 | prvSkAAEogMtnsC6LIqPDABz/lcrfXhbbi4+MGmcy1Wz6ukDkusDf0jhssjVl29d
 7 | 9kL2grLohPHbmsQqEsumd6/6KUkybwHkdPQc0QIDAQABAoIBACuC64MD/mFlSeFU
 8 | 0mFNVTHhPOpFGY9NbS4s6STdsB0R9k+xcXD3t8G7BJBwGAnPjx/xJEugOIri42TU
 9 | rLnFen1xUoY5ciLabslxt7qRjqviWg28tdR2dWbJS++2jkb6Ar/+dQiVNCv4H6Xy
10 | H/ETi60I6y4y/Ene/KAn/jAs9bt1wD13wPFNHHHJes46719cqSuVMWBMW0qFJdBW
11 | xWxfeDNEKhRmby43gakzs3BNYtS5eHpmWXqYMhP34H+JURNa1tW1UWD1swqvyZKF
12 | WxXgU+ckvBJG2BLrF6LLLwDYtkwAJwPtA0arpaTs+9QBSvv1hC2G2rpPOrxKz/he
13 | c3ksIcECgYEA3rmkRXLZwTQKTZ1X90upgVJsHEQEuWmb2ETd/ED4rWfyfYaaFk7i
14 | 8bg7g8og9fUsso1gJOOXVgmwhCilKZrwau1xRDkmNOKYirh/35Rf8pEQKF7v3Njd
15 | htMN+OGuLUzqhbm9oH2d6B8VrJwAsgagpCURlCZWpvU5tmpKLaMrjDkCgYEAxPAJ
16 | kvQvCmTNXl4IUZX6sDmEywqpW1szV/ImdmVnUBkrdFQzw/IB8Mo61TW/fGv6+tlZ
17 | gKcLfvfEiP1BBuGHZY6e3ep6U0iN+KQhqsMIy8LnBqSep76E121bpwxrY08sW/R1
18 | gHDku3EAiwDns+dYydLK8QdouLcquL4/NxgtRVkCgYEAtem6ml6sLHls0OfqqTlL
19 | QS0o0A1eLnJrr8DP7vDCLB/yl0QRJpdYFUX8li/JrBqMX2nJVVfui39uhQMNo2XB
20 | aBR3ptlms1tAbE01ZE+z7lM9dzvTffZDOZO4ncb2lFl2U7LZhvQSvTxmX40rpDx1
21 | iJweN3r423T/plY6L/xN3UECgYEAsX4Ngu6kvt9e4KArKyzbBZyxfDWdsYKe4bKS
22 | y75UwLIOogeJqB4jdZsuLx8D9+VyDEd8DSGAkOxJq5Vk2AjHeNZzhFph6VHI8sEq
23 | vraM5OhCQ5B2lYR2QZqEMihVWOnwduf6Rsp4vB76eE1WhqQJN8zNrzIYRfJ/hIWi
24 | f8tAcfECgYEAqpryfEa4W7BXXxFusMCSgNpP7yBJ6x5p/UT1cZ8behVFJb78P4K5
25 | CPK2Pl+LGywEl+CHsbuPAyPzEU66/kwVN66F2W4Jz+n3QWuM1ZK8VWwF2piQL4lz
26 | wDTlzlYLBy3RLLOR4Zgs7wS8emkRhkGH7gZh0QL0//3PmH1gzzVQPSY=
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/docker/certs/buildmaster-phase2.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEpQIBAAKCAQEAzuwsg3UgB1/xlhuOPF1uXkmsooEyof+/x0rZhDDURCPr8bjG
 3 | UvzrWsHcKqrQCujVslVFDSqusmrhM2ONFaIbr3dGSPXBbCRfT6pi6f6XcvPtaeWc
 4 | OA/grXqb7wVUQf8t31lQhWexqmc2lietF6wC2iBOvi7/G352NkYOwy+cyodq9VUQ
 5 | kvT2BmL/B9On4SQkhblhovN4TtcvyRNuT87J+4yn8GmAu586Gss5xhvFIxnr016v
 6 | xA/MNShKLGjsgWzn6THaJTTtAQYlBpRSkoFo+mOXHXqB/WSU0MNDybxu3Puqha8v
 7 | RFMTcrynEuGya9bpUMdvBedDDmH7aCmUJp0lIQIDAQABAoIBAQCiad3GkPhC0Zve
 8 | JmLOHseyWkGWi7IiVYtB8g4pI+p4UXmwkUeZe8t/wQn+s3P4HCkfgK5iV04n3JxG
 9 | qazjfgoc/5G7UqovJ51n+mUJJTvajnua0w57Mns3rzUVtykbZB+tX31EOM/K4JiH
10 | 4zyJiAn1C8bCoEC8Y9aFYxfTPFvk2lxYUh4mPe+rENRTQz6Ms4uVpXnOelcydLnA
11 | O3BpYE4GBZOT8+qWhiXI6ofuMGGno/h1s4gBfDpWpEDS/k00UHsArmur/+Wl7Ii3
12 | Mhd0+YwzBJu3hut9l5kXeS+vHAcdtjI6rN1tGIhC/bI5h1kUFuGWPyj8poZ6dS1a
13 | YKk1zCUBAoGBAOgCosDLzZfVBPjyD3S/c0rQzCSv/TCDS4jWYg4W8bcWTX5BnGHq
14 | d6Tq/7DqF7F444+GTX62kAcjEmKj0/ZV9sRI2rJ0cZVjJZLWf9PeJnn2sKRZnMKm
15 | Co1jWPx6j3ei1eszt+rHkNnSWSBvpvV00gnvVz/KeKXqrrKjRsXZ4BqNAoGBAORR
16 | dcNauLyqPPtQpwwdYWvbEAmmVyhwJ4AlJoDsvKD/bQ9HaI8eTyz1vt6nV13/EQPe
17 | Af6LXjAngx18AVUmxmgFGdxPzLrh3hwAzr+lD9b7+KDEzwBfsnYImKpS3B0UvHsn
18 | xKoKn7hVv7Uu7T+TU5heK3huE75/iBZye263LDnlAoGAWuSldFijq+cFcq4KRhe3
19 | CElyoLDdxUK6tdofQhvVCIBRTbRQmr+rrc1u7JVZQOr2Y8Ue2RSWqmUgD8rVAH2/
20 | FjjgjOc3lGnqT3N/UraGZmOx4kFFO7CnE6snMoqlaB5AJkv1sqIKanuQ9TcotqLU
21 | opXEnbYpu/6MAGodEOgBdwUCgYEAlHSXIuf5WMtEjZCanZj5AH1XBz8+Ss/qDzuY
22 | tpm36ONMkXO3+98UUkKT0ghzGW5BLQeMumr6WktGyMQZxblJptcyQnssvpMgrYqk
23 | 5B26l+oMdtShWDfhPThHs+/eqZYTG+z2xi3UPrKazX9uyjjMUTViBJNmiSY5YYcc
24 | 1ReLTTUCgYEAyXL3k1vpoq2nKWk7SJ8/6C4YrsAbeeqQ2cJiUWPvO81Gxrgb4Tm1
25 | rNOKpXTrRj+4HQ5ovx8Oou4FyUFVL01p5bdKIMtZAXKqgPlqve1kB4rSAjhajiud
26 | J0+atj4hTgqQc8ZEOX6PVhLt35v9TQgiM3AV+e6Q6FmbooDj71DJ6x8=
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/phase2/config.ini.example:
--------------------------------------------------------------------------------
 1 | [general]
 2 | title = OpenWrt Project
 3 | title_url = http://openwrt.org/
 4 | workdir = /buildbot
 5 | 
 6 | [phase2]
 7 | buildbot_url = http://phase2.builds.openwrt.org/
 8 | status_bind = tcp:8011:interface=127.0.0.1
 9 | status_user = example
10 | status_password = example
11 | port = 9990
12 | persistent = false
13 | git_ssh = true
14 | git_ssh_key = -----BEGIN RSA PRIVATE KEY-----
15 | 	MIIEpAIBAAKCAQEAuCJwo6OmrRDxcGfsMgBhq0vdzp2ZIdqnedFH8u6tVYLt9WDU
16 | 	...
17 | 	mHzkh8Uv4OAWTjiLGycbXa0/31hu9PCeNzYmjjrp8tcGjsiJJFxydgS+wc0i2UPV
18 | 	nSI+JbmAAF9vw6gj2i+Hqx7UloRd0tEv/leX354T5lO06LMiNhvN9g==
19 | 	-----END RSA PRIVATE KEY-----
20 | 
21 | [repo]
22 | url = https://git.openwrt.org/openwrt/openwrt.git
23 | branch = main
24 | 
25 | [rsync]
26 | binary_url = user@example.org::upload-packages
27 | binary_password = example
28 | source_url = user@example.org::upload-sources
29 | source_password = example2
30 | sdk_url = user@example.org::download-binary
31 | sdk_password = example3
32 | sdk_pattern = openwrt-sdk-*.tar.*
33 | 
34 | [gpg]
35 | key = -----BEGIN PGP PRIVATE KEY BLOCK-----
36 | 	Version: GnuPG v2
37 | 
38 | 	mQGNBFX4kxkBDACcTUVUl6zbn4r9tDap0/aCpcK9MO+HPatS7p2aBGY51kh78Ixr
39 | 	...
40 | 	HwHLaFTMvYFY7WJDwA==
41 | 	-----END PGP PRIVATE KEY BLOCK-----
42 | passphrase = secret password
43 | comment = Unattended build signature
44 | 
45 | [usign]
46 | key = RWRCSwAAA...OihABfuLvGRVfVaJ6wLf0=
47 | comment = Unattended build signature
48 | 
49 | [apk]
50 | key = -----BEGIN EC PRIVATE KEY-----
51 | 	MHcCAQEEIIP54p1G0UgCleLObh07Gxq0S0Iz22OQpkUj8S1AzXB9oAoGCCqGSM49
52 | 	...
53 | 	-----END EC PRIVATE KEY-----
54 | 
55 | [worker 1]
56 | phase = 2
57 | name = worker-example-1
58 | password = example
59 | builds = 1
60 | 
61 | [worker 2]
62 | phase = 2
63 | name = worker-example-2
64 | password = example2
65 | builds = 3
66 | 


--------------------------------------------------------------------------------
/docker/buildworker/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM        debian:11
 2 | MAINTAINER  OpenWrt Maintainers
 3 | 
 4 | ARG         DEBIAN_FRONTEND=noninteractive
 5 | ARG         BUILDBOT_VERSION=2.10.1
 6 | ARG         OPENWRT_VERSION=unknown
 7 | 
 8 | ENV         BUILDWORKER_MASTER builds.openwrt.org:9990
 9 | ENV         BUILDWORKER_ADMIN contact@openwrt.org
10 | ENV         BUILDWORKER_DESCRIPTION Docker Container https://git.openwrt.org/$OPENWRT_VERSION
11 | 
12 | USER root
13 | 
14 | RUN \
15 | 	apt-get update && \
16 | 	apt-get install -y \
17 | 		build-essential \
18 | 		ccache \
19 | 		curl \
20 | 		file \
21 | 		gawk \
22 | 		g++-multilib \
23 | 		gcc-multilib \
24 | 		genisoimage \
25 | 		git-core \
26 | 		gosu \
27 | 		libdw-dev \
28 | 		libelf-dev \
29 | 		libncurses5-dev \
30 | 		locales \
31 | 		pv \
32 | 		pwgen \
33 | 		python3 \
34 | 		python3-venv \
35 | 		python3-pip \
36 | 		python3-pyelftools \
37 | 		python3-cryptography \
38 | 		qemu-utils \
39 | 		rsync \
40 | 		signify-openbsd \
41 | 		subversion \
42 | 		swig \
43 | 		unzip \
44 | 		wget \
45 | 		zstd && \
46 | 	apt-get clean && \
47 | 	localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
48 | 
49 | RUN python3 -m venv /opt/venv
50 | ENV PATH="/opt/venv/bin:$PATH"
51 | RUN pip3 install -U pip
52 | RUN pip3 install \
53 | 		"buildbot-worker==$BUILDBOT_VERSION" \
54 | 		pyelftools \
55 | 		pyOpenSSL \
56 | 		service_identity
57 | 
58 | ENV LANG=en_US.utf8
59 | 
60 | COPY docker/buildworker/files/entry.sh /entry.sh
61 | COPY docker/buildworker/files/start.sh /start.sh
62 | 
63 | RUN \
64 |     groupadd buildbot && \
65 |     useradd \
66 | 	--create-home --home-dir /builder \
67 | 	--comment "OpenWrt buildbot" \
68 | 	--gid buildbot --shell /bin/bash buildbot && \
69 |     chown buildbot:buildbot /builder && \
70 |     chmod 0755 /entry.sh /start.sh
71 | 
72 | VOLUME [ "/builder" ]
73 | ENTRYPOINT [ "/entry.sh" ]
74 | CMD [ "/start.sh" ]
75 | 


--------------------------------------------------------------------------------
/.gitlab/docker.yml:
--------------------------------------------------------------------------------
 1 | .docker in docker:
 2 |   tags:
 3 |     - linux
 4 |     - openwrt
 5 |     - light-jobs
 6 |     - docker-privileged
 7 |   image: docker:19.03.7
 8 |   services:
 9 |     - docker:19.03.7-dind
10 |   variables:
11 |     DOCKER_DRIVER: overlay2
12 |     DOCKER_TLS_CERTDIR: "/certs"
13 | 
14 | .build Docker image:
15 |   stage: docker
16 |   extends: .docker in docker
17 |   script:
18 |     - export IMAGE_NAME="$(echo $CI_JOB_NAME | sed 's/build Docker image \(.*\)/\1/')"
19 |     - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
20 |     - docker build --build-arg BUILDBOT_VERSION=$BUILDBOT_VERSION --build-arg OPENWRT_VERSION=$OPENWRT_VERSION -t "$IMAGE_NAME" -f "docker/$IMAGE_NAME/Dockerfile" .
21 |     - docker tag "$IMAGE_NAME" "$CI_REGISTRY_IMAGE/$IMAGE_NAME-$BUILDBOT_VERSION:$CI_COMMIT_REF_SLUG"
22 |     - docker push "$CI_REGISTRY_IMAGE/$IMAGE_NAME-$BUILDBOT_VERSION:$CI_COMMIT_REF_SLUG"
23 | 
24 | .deploy Docker image:
25 |   extends: .docker in docker
26 |   rules:
27 |     - if: $CI_COMMIT_TAG
28 |     - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
29 |   script:
30 |     - export IMAGE_NAME="$(echo $CI_JOB_NAME | sed 's/deploy Docker image \(.*\)/\1/')"
31 |     - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
32 |     - docker pull "$CI_REGISTRY_IMAGE/$IMAGE_NAME-$BUILDBOT_VERSION:$CI_COMMIT_REF_SLUG"
33 | 
34 |     - docker tag "$CI_REGISTRY_IMAGE/$IMAGE_NAME-$BUILDBOT_VERSION:$CI_COMMIT_REF_SLUG" "$CI_REGISTRY_IMAGE/$IMAGE_NAME-$BUILDBOT_VERSION:latest"
35 |     - docker tag "$CI_REGISTRY_IMAGE/$IMAGE_NAME-$BUILDBOT_VERSION:latest" "$CI_REGISTRY_IMAGE/$IMAGE_NAME-$BUILDBOT_VERSION:$CI_COMMIT_SHORT_SHA"
36 |     - docker tag "$CI_REGISTRY_IMAGE/$IMAGE_NAME-$BUILDBOT_VERSION:latest" "$CI_REGISTRY_IMAGE/$IMAGE_NAME:latest"
37 | 
38 |     - docker push "$CI_REGISTRY_IMAGE/$IMAGE_NAME-$BUILDBOT_VERSION:latest"
39 |     - docker push "$CI_REGISTRY_IMAGE/$IMAGE_NAME-$BUILDBOT_VERSION:$CI_COMMIT_SHORT_SHA"
40 |     - docker push "$CI_REGISTRY_IMAGE/$IMAGE_NAME:latest"
41 | 


--------------------------------------------------------------------------------
/scripts/cleanup.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | export LC_ALL=C
  4 | 
  5 | master_url="$1"
  6 | current_worker="$2"
  7 | current_builder="$3"
  8 | current_mode="$4"
  9 | 
 10 | worker_id="$(wget -qO- "${master_url%/}/api/v2/workers/$current_worker" | sed -rne 's#^ +"workerid": ([0-9]+),?$#\1#p')"
 11 | active_builder_ids="$(wget -qO- "${master_url%/}/api/v2/workers/$worker_id/builds" | sed -rne '/"builderid"/ { s/^.+: ([0-9]+),$/\1/; h }; /"state_string"/ { s/^.+: "([^"]*)".*$/\1/; H; x; s/\n/ /; p }' | sed -ne 's/ building$//p')"
 12 | 
 13 | find /tmp/ -maxdepth 1 -mtime +1 '(' -name 'npm-*' -or -name 'jsmake-*' ')' -print0 | xargs -0 -r rm -vr
 14 | 
 15 | is_running() {
 16 | 	local id="$(wget -qO- "${master_url%/}/api/v2/builders/${1//\//_}" | sed -rne 's#^ +"builderid": ([0-9]+),$#\1#p')"
 17 | 	local running_builder_id
 18 | 	for running_builder_id in $active_builder_ids; do
 19 | 		if [ "$running_builder_id" = "$id" ]; then
 20 | 			return 0
 21 | 		fi
 22 | 	done
 23 | 	return 1
 24 | }
 25 | 
 26 | do_cleanup() {
 27 | 	printf "Cleaning up '$current_builder' work directory"
 28 | 
 29 | 	if [ -d .git ]; then
 30 | 		echo " using git"
 31 | 		git reset --hard HEAD
 32 | 		git clean -f -d -x
 33 | 	else
 34 | 		find . -mindepth 1 -maxdepth 1 | while read entry; do
 35 | 			rm -vrf "$entry" | while read entry2; do
 36 | 				case "$entry2" in *directory[:\ ]*)
 37 | 					printf "."
 38 | 				esac
 39 | 			done
 40 | 		done
 41 | 	fi
 42 | 
 43 | 	echo ""
 44 | }
 45 | 
 46 | #
 47 | # Sanity check, current builder should be in running builders list
 48 | #
 49 | 
 50 | if ! is_running "$current_builder"; then
 51 | 	echo "Current builder '$current_builder' not found in current builders list, aborting cleanup."
 52 | 	exit 1
 53 | fi
 54 | 
 55 | 
 56 | #
 57 | # Clean up leftovers
 58 | #
 59 | 
 60 | if [ "$current_mode" = full ]; then
 61 | (
 62 | 	if ! flock -x -w 2700 200; then
 63 | 		echo "Unable to obtain exclusive lock, aborting cleanup."
 64 | 		exit 1
 65 | 	fi
 66 | 
 67 | 	for build_dir in ../*; do
 68 | 
 69 | 		current_builder="${build_dir##*/}"
 70 | 		build_dir="$(readlink -f "$build_dir")"
 71 | 
 72 | 		if [ -z "$build_dir" ] || [ -L "$build_dir" ] || [ ! -d "$build_dir/build" ]; then
 73 | 			continue
 74 | 		fi
 75 | 
 76 | 		if is_running "$current_builder"; then
 77 | 			echo "Skipping currently active '$current_builder' work directory."
 78 | 			continue
 79 | 		fi
 80 | 
 81 | 		(
 82 | 			cd "$build_dir/build"
 83 | 			do_cleanup
 84 | 		)
 85 | 	done
 86 | 
 87 | ) 200>../cleanup.lock
 88 | 
 89 | #
 90 | # Clean up current build
 91 | #
 92 | 
 93 | else
 94 | 	if [ -d build ]; then (
 95 | 		cd build
 96 | 		do_cleanup
 97 | 	); fi
 98 | fi
 99 | 
100 | exit 0
101 | 


--------------------------------------------------------------------------------
/docker/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '2'
 2 | 
 3 | services:
 4 |   rsync-server:
 5 |     build:
 6 |       context: ../
 7 |       dockerfile: docker/rsync/Dockerfile
 8 |     image: rsync:latest
 9 |     restart: always
10 |     cpuset: '0'
11 |     environment:
12 |       SHARE_USER: upload
13 |       SHARE_PASSWORD: secret
14 |     volumes:
15 |       - './build/output:/data'
16 | 
17 |   buildmaster-phase1:
18 |     build:
19 |       context: ../
20 |       dockerfile: docker/buildmaster/Dockerfile
21 |     image: buildmaster:latest
22 |     restart: always
23 |     cpuset: '0'
24 |     environment:
25 |       BUILDMASTER_PHASE: 1
26 |       BUILDMASTER_CONFIG: /config.ini
27 |     ports:
28 |       - '8010:8010'
29 |       - '9989:9989'
30 |     volumes:
31 |       - './config.ini:/config.ini'
32 |       - './certs/buildmaster-phase1.crt:/certs/master.crt'
33 |       - './certs/buildmaster-phase1.key:/certs/master.key'
34 |       - './build/master-phase1:/master'
35 | 
36 |   buildmaster-phase2:
37 |     build:
38 |       context: ../
39 |       dockerfile: docker/buildmaster/Dockerfile
40 |     image: buildmaster:latest
41 |     restart: always
42 |     cpuset: '0'
43 |     environment:
44 |       BUILDMASTER_PHASE: 2
45 |       BUILDMASTER_CONFIG: /config.ini
46 |     ports:
47 |       - '8011:8011'
48 |       - '9990:9990'
49 |     volumes:
50 |       - './config.ini:/config.ini'
51 |       - './certs/buildmaster-phase2.crt:/certs/master.crt'
52 |       - './certs/buildmaster-phase2.key:/certs/master.key'
53 |       - './build/master-phase2:/master'
54 | 
55 |   buildworker-phase1:
56 |     build:
57 |       context: ../
58 |       dockerfile: docker/buildworker/Dockerfile
59 |     image: buildworker:latest
60 |     restart: always
61 |     cpuset: 1-3
62 |     environment:
63 |       BUILDWORKER_MASTER: buildmaster-phase1:9989
64 |       BUILDWORKER_NAME: buildworker-phase1
65 |       BUILDWORKER_PASSWORD: secret
66 |       BUILDWORKER_TLS: '1'
67 |     links:
68 |       - 'rsync-server'
69 |       - 'buildmaster-phase1'
70 |     volumes:
71 |       - './certs/ca.crt:/certs/ca.pem'
72 |       - './build/worker-phase1:/builder'
73 | 
74 |   buildworker-phase2:
75 |     build:
76 |       context: ../
77 |       dockerfile: docker/buildworker/Dockerfile
78 |     image: buildworker:latest
79 |     restart: always
80 |     cpuset: 1-3
81 |     environment:
82 |       BUILDWORKER_MASTER: buildmaster-phase2:9990
83 |       BUILDWORKER_NAME: buildworker-phase2
84 |       BUILDWORKER_PASSWORD: secret
85 |       BUILDWORKER_TLS: '1'
86 |     links:
87 |       - 'rsync-server'
88 |       - 'buildmaster-phase2'
89 |     volumes:
90 |       - './certs/ca.crt:/certs/ca.pem'
91 |       - './build/worker-phase2:/builder'
92 | 


--------------------------------------------------------------------------------
/phase1/config.ini.example:
--------------------------------------------------------------------------------
 1 | [general]
 2 | title = OpenWrt Project
 3 | title_url = http://openwrt.org/
 4 | workdir = /buildbot
 5 | 
 6 | [phase1]
 7 | buildbot_url = http://phase1.builds.openwrt.org/
 8 | status_bind = tcp:8010:interface=127.0.0.1
 9 | status_user = example
10 | status_password = example
11 | port = 9989
12 | feeds_host_override =
13 | 
14 | [irc]
15 | host = irc.freenode.net
16 | port = 6667
17 | channel = #example-channel
18 | nickname = example-builder
19 | password = example
20 | 
21 | [repo]
22 | url = https://git.openwrt.org/openwrt/openwrt.git
23 | tree_stable_timer = 900
24 | 
25 | # branches should be listed by decreasing build priority order, typically oldest branch first (less build intensive)
26 | # branch section name should match branch "name" option until signall.sh is reworked
27 | [branch openwrt-21.02]
28 | name = openwrt-21.02
29 | gpg_key = -----BEGIN PGP PRIVATE KEY BLOCK-----
30 | 	Version: GnuPG v2
31 | 
32 | 	mQGNBFX4kxkBDACcTUVUl6zbn4r9tDap0/aCpcK9MO+HPatS7p2aBGY51kh78Ixr
33 | 	...
34 | 	HwHLaFTMvYFY7WJDwA==
35 | 	-----END PGP PRIVATE KEY BLOCK-----
36 | gpg_passphrase = secret password
37 | gpg_comment = Unattended build signature
38 | usign_key = RWRCSwAAA...OihABfuLvGRVfVaJ6wLf0=
39 | usign_comment = Unattended build signature
40 | apk_key = -----BEGIN EC PRIVATE KEY-----
41 | 	MHcCAQEEIIP54p1G0UgCleLObh07Gxq0S0Iz22OQpkUj8S1AzXB9oAoGCCqGSM49
42 | 	...
43 | 	-----END EC PRIVATE KEY-----
44 | binary_url = user@example.org::upload-binary
45 | binary_password = example
46 | source_url = user@example.org::upload-sources
47 | source_password = example2
48 | config_seed = # Seed configuration
49 | 	CONFIG_BUILDBOT=y
50 | 	CONFIG_DEVEL=y
51 | 	CONFIG_CCACHE=n
52 | 	CONFIG_KERNEL_KALLSYMS=y
53 | 	CONFIG_AUTOREMOVE=y
54 | build_targets = armsr/armv8
55 | 	malta/be
56 | 	mediatek/filogic
57 | 	qualcommax/ipq807x
58 | 	x86/64
59 | 
60 | [branch openwrt-22.03]
61 | name = openwrt-22.03
62 | 
63 | [branch main]
64 | name = main
65 | 
66 | [worker 1]
67 | phase = 1
68 | name = example-worker-1
69 | password = example
70 | 
71 | [worker 2]
72 | phase = 1
73 | name = example-worker-2
74 | password = example2
75 | # for workers which share a common pipe, ul/dl resource-access locks can be defined.
76 | # if the identifier is the same for both ul/dl, then all ul/dl operations will be serialized between workers having the same id.
77 | # if the identifier differs for ul and dl, then dl operations will be serialized independently of ul operations.
78 | ul_lock = host1
79 | dl_lock = host1
80 | # tag_only workers will only build forced tag buildrequests (i.e. release builds)
81 | tag_only = yes
82 | # if rsync operations must prefer ipv4 ('rsync -4'), set the following
83 | rsync_ipv4 = yes
84 | 


--------------------------------------------------------------------------------
/docker/buildmaster/Dockerfile:
--------------------------------------------------------------------------------
  1 | FROM alpinelinux/build-base:latest-x86_64 AS apk-builder
  2 | 
  3 | RUN abuild-apk add -u \
  4 | 	gcc \
  5 | 	git \
  6 | 	linux-headers \
  7 | 	lua5.3-dev \
  8 | 	lua5.3-lzlib \
  9 | 	make \
 10 | 	musl-dev \
 11 | 	openssl-dev \
 12 | 	openssl-libs-static \
 13 | 	zlib-dev \
 14 | 	zlib-static \
 15 | 	zstd-dev \
 16 | 	zstd-static
 17 | 
 18 | ARG APK_TOOLS_COMMIT=74de0e9bd73d1af8720df40aa68d472943909804
 19 | 
 20 | RUN git clone https://gitlab.alpinelinux.org/alpine/apk-tools.git /tmp/apk-tools
 21 | WORKDIR /tmp/apk-tools
 22 | RUN git checkout $APK_TOOLS_COMMIT
 23 | RUN make -j$(nproc) static
 24 | 
 25 | 
 26 | FROM        debian:11
 27 | MAINTAINER  OpenWrt Maintainers
 28 | 
 29 | ARG         DEBIAN_FRONTEND=noninteractive
 30 | ARG         BUILDBOT_VERSION=2.10.1
 31 | ARG         OPENWRT_VERSION=unknown
 32 | 
 33 | ENV         BUILDMASTER_CONFIG config.ini
 34 | ENV         BUILDMASTER_PHASE  1
 35 | 
 36 | USER root
 37 | 
 38 | RUN \
 39 | 	apt-get update && \
 40 | 	apt-get install -y \
 41 | 		build-essential \
 42 | 		gawk \
 43 | 		git-core \
 44 | 		gosu \
 45 | 		libncurses5-dev \
 46 | 		locales \
 47 | 		pv \
 48 | 		pwgen \
 49 | 		python3-venv \
 50 | 		python3-pip \
 51 | 		signify-openbsd \
 52 | 		wget && \
 53 | 	apt-get clean && \
 54 | 	localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
 55 | 
 56 | RUN python3 -m venv /opt/venv
 57 | ENV PATH="/opt/venv/bin:$PATH"
 58 | RUN pip3 install -U pip
 59 | RUN \
 60 | 	pip3 install \
 61 | 		"buildbot==$BUILDBOT_VERSION" \
 62 | 		"buildbot-www==$BUILDBOT_VERSION" \
 63 | 		"buildbot-waterfall-view==$BUILDBOT_VERSION" \
 64 | 		"buildbot-console-view==$BUILDBOT_VERSION" \
 65 | 		"buildbot-grid-view==$BUILDBOT_VERSION" \
 66 | 		"buildbot-worker==$BUILDBOT_VERSION" \
 67 | 		pyOpenSSL \
 68 | 		service_identity
 69 | 
 70 | RUN \
 71 | 	sed -i \
 72 | 	's/Welcome to buildbot/Welcome to OpenWrt buildbot/' \
 73 | 	/opt/venv/lib/python*/site-packages/buildbot_www/static/scripts.js
 74 | 
 75 | RUN \
 76 | 	sed -i \
 77 | 	"s;\"col-sm-12\"><ul><li ng-repeat;\"col-sm-12\"><ul><li>OpenWrt version: <a href=\"https://git.openwrt.org/$OPENWRT_VERSION\">$OPENWRT_VERSION</a></li><li ng-repeat;" \
 78 | 	/opt/venv/lib/python*/site-packages/buildbot_www/static/scripts.js
 79 | 
 80 | ENV LANG=en_US.utf8
 81 | 
 82 | COPY docker/buildmaster/files/entry.sh /entry.sh
 83 | COPY docker/buildmaster/files/start.sh /start.sh
 84 | COPY phase1 /phase1
 85 | COPY phase2 /phase2
 86 | COPY scripts /scripts
 87 | COPY --from=apk-builder /tmp/apk-tools/src/apk.static /usr/bin/apk
 88 | 
 89 | RUN \
 90 |     groupadd buildbot && \
 91 |     useradd \
 92 | 	--create-home --home-dir /master \
 93 | 	--comment "OpenWrt buildbot" \
 94 | 	--gid buildbot --shell /bin/bash buildbot && \
 95 |     chown buildbot:buildbot /master && \
 96 |     chmod 0755 /entry.sh /start.sh
 97 | 
 98 | RUN \
 99 | 	mkdir -p /home/buildbot && \
100 | 	chmod u=rwx,go= /home/buildbot && \
101 | 	chown --recursive buildbot:buildbot /home/buildbot && \
102 | 	gosu buildbot sh -c "gpg --homedir /home/buildbot/.gnupg --recv-keys 0x1D53D1877742E911"
103 | 
104 | VOLUME [ "/master" ]
105 | ENTRYPOINT [ "/entry.sh" ]
106 | CMD [ "start" ]
107 | 


--------------------------------------------------------------------------------
/scripts/sha2rsync.pl:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/perl -w
  2 | 
  3 | # ./sha2rsync.pl <rlist> <llist> <torsync>
  4 | 
  5 | # <rlist> is the filename of sha256sums fetched from server
  6 | # <llist> is the filename of sha256sums generated locally
  7 | # <torsync> is the filename of the list of files to upload
  8 | 
  9 | # <rlist> and <llist> are files formatted as follows:
 10 | #checksum *pathtofile
 11 | 
 12 | # both files must be sorted based on pathtofile: the script performs
 13 | # in-place merge (O(n+m)) of both lists based on that assumption.
 14 | # <rlist> and <llist> are parsed only once.
 15 | 
 16 | # the script cannot currently handle any other type of input
 17 | 
 18 | # the script will generate <torsync>, a list of files suitable for
 19 | # using with "rsync --files-from=<torsync>"
 20 | 
 21 | # if <rlist> doesn't exist, all files in <llist> are added to the
 22 | # upload list.
 23 | # if <rlist> exists, the <llist> files are added if:
 24 | # - they're not present in <rlist>
 25 | # - they're present in <rlist> AND their checksums differ
 26 | 
 27 | # the script will clobber <torsync>
 28 | 
 29 | use strict;
 30 | use warnings;
 31 | use integer;
 32 | 
 33 | die ("wrong number of arguments!") if ($#ARGV+1 != 3);
 34 | 
 35 | my $shapat = qr/^(\w+) \*(.+)$/;
 36 | 
 37 | my $rlist = $ARGV[0];
 38 | my $llist = $ARGV[1];
 39 | my $torsync = $ARGV[2];
 40 | 
 41 | my $rlist_fh = undef;
 42 | my $llist_fh = undef;
 43 | my $torsync_fh = undef;
 44 | 
 45 | open($torsync_fh, ">", $torsync) or die("can't create output file!");
 46 | open($llist_fh, "<", $llist) or die("can't read local list!");
 47 | open($rlist_fh, "<", $rlist) or $rlist_fh = undef;
 48 | 
 49 | my $lline = readline($llist_fh);
 50 | my $rline = defined($rlist_fh) ? readline($rlist_fh) : undef;
 51 | 
 52 | 
 53 | MAINLOOP: while () {
 54 | 	# run this loop as long as we have content from both rlist and llist
 55 | 	last (MAINLOOP) unless (defined($lline) && defined($rline));
 56 | 
 57 | 	chomp($lline);
 58 | 	my ($lcsum, $lfname) = $lline =~ $shapat;
 59 | 
 60 | 	chomp($rline);
 61 | 	my ($rcsum, $rfname) = $rline =~ $shapat;
 62 | 
 63 | 	# compare current remote and local filenames
 64 | 	my $rtlcmp = ($rfname cmp $lfname);
 65 | 
 66 | 	while ($rtlcmp < 0) {	# remote fname is before current local fname: remote file doesn't exist localy
 67 | 		$rline = readline($rlist_fh);
 68 | 		next (MAINLOOP);
 69 | 	}
 70 | 
 71 | 	while ($rtlcmp > 0) {	# remote fname is after current local fname: local file doesn't exist remotely
 72 | 		add_file($lfname);	# add lfname to upload list
 73 | 		$lline = readline($llist_fh);
 74 | 		next (MAINLOOP);
 75 | 	}
 76 | 
 77 | 	# if we end here, rtlcmp == 0: fnames matched, the file exist localy and remotely
 78 | 
 79 | 	# fetch next line of both streams for the next iteration
 80 | 	$lline = readline($llist_fh);
 81 | 	$rline = readline($rlist_fh);
 82 | 
 83 | 	# and skip if csums match
 84 | 	next (MAINLOOP) if ($lcsum eq $rcsum);
 85 | 
 86 | 	# otherwise add the file as it's different
 87 | 	add_file($lfname);
 88 | }
 89 | 
 90 | # deal with remainder of llist if any
 91 | while (defined($lline)) {
 92 | 	chomp($lline);
 93 | 	my ($lcsum, $lfname) = $lline =~ $shapat;
 94 | 	add_file($lfname);
 95 | 	$lline = readline($llist_fh);
 96 | }
 97 | 
 98 | # unconditionally add some mandatory files to rsynclist
 99 | # add them last so they're transferred last: if everything else transferred correctly
100 | my @feeds = qw(base luci packages routing telephony);
101 | my @additional_files;
102 | 
103 | for my $feed (@feeds) {
104 |     push @additional_files, (
105 |         "$feed/packages.adb.asc",
106 |         "$feed/packages.adb.sig",
107 |         "$feed/Packages.asc",
108 |         "$feed/Packages.sig",
109 |     );
110 | }
111 | 
112 | push @additional_files, qw(
113 |     sha256sums.asc
114 |     sha256sums.sig
115 |     sha256sums
116 | );
117 | 
118 | (my $basedir = $llist) =~ s!/[^/]+$!!;
119 | 
120 | foreach my $file (@additional_files) {
121 | 	if (-f "$basedir/$file") {
122 | 		add_file($file);
123 | 	}
124 | }
125 | 
126 | exit (0);
127 | 
128 | sub add_file {
129 | 	my $fname = shift;
130 | 	print $torsync_fh "$fname\n";
131 | }
132 | 


--------------------------------------------------------------------------------
/scripts/makebranch.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | git_author="Release Management"
  4 | git_email="lede-dev@lists.infradead.org"
  5 | 
  6 | base_url="http://downloads.lede-project.org/releases"
  7 | 
  8 | [ -f "./feeds.conf.default" ] || {
  9 | 	echo "Please execute as ./${0##*/}" >&2
 10 | 	exit 1
 11 | }
 12 | 
 13 | usage() {
 14 | 	{
 15 | 		echo ""
 16 | 		echo "Usage: $0 [-i] [-a <Git author>] [-e <Git email>] \\"
 17 | 		echo "          [-u <Download base url>] -n <codename> -v <version>"
 18 | 		echo ""
 19 | 		echo "-i"
 20 | 		echo "Exit successfully if branch already exists"
 21 | 		echo ""
 22 | 		echo "-a Git author [$git_author]"
 23 | 		echo "Override the author name used for automated Git commits"
 24 | 		echo ""
 25 | 		echo "-e Git email [$git_email]"
 26 | 		echo "Override the email used for automated Git commits"
 27 | 		echo ""
 28 | 		echo "-u Download base url [$base_url]"
 29 | 		echo "Use the given URL as base for download repositories"
 30 | 		echo ""
 31 | 		exit 1
 32 | 	} >&2
 33 | }
 34 | 
 35 | while getopts "a:e:iu:n:v:" opt; do
 36 | 	case "$opt" in
 37 | 		a) git_author="$OPTARG" ;;
 38 | 		e) git_email="$OPTARG" ;;
 39 | 		i) ignore_existing=1 ;;
 40 | 		u) base_url="${OPTARG%/}" ;;
 41 | 		n) codename="$OPTARG" ;;
 42 | 		v)
 43 | 			case "$OPTARG" in
 44 | 				[0-9]*.[0-9]*)
 45 | 					version="$(echo "$OPTARG" | cut -d. -f1-2)"
 46 | 				;;
 47 | 				*)
 48 | 					echo "Unexpected version format: $OPTARG" >&2
 49 | 					exit 1
 50 | 				;;
 51 | 			esac
 52 | 		;;
 53 | 		\?)
 54 | 			echo "Unexpected option: -$OPTARG" >&2
 55 | 			usage
 56 | 		;;
 57 | 		:)
 58 | 			echo "Missing argument for option: -$OPTARG" >&2
 59 | 			usage
 60 | 		;;
 61 | 	esac
 62 | done
 63 | 
 64 | [ -n "$codename" -a -n "$version" ] || usage
 65 | 
 66 | if git rev-parse "lede-${version}^{tree}" >/dev/null 2>/dev/null; then
 67 | 	if [ -z "$ignore_existing" ]; then
 68 | 		echo "Branch lede-${version} already exists!" >&2
 69 | 		exit 1
 70 | 	fi
 71 | 
 72 | 	exit 0
 73 | fi
 74 | 
 75 | revnum="$(./scripts/getver.sh)"
 76 | githash="$(git log --format=%h -1)"
 77 | 
 78 | prev_branch="$(git symbolic-ref -q HEAD)"
 79 | 
 80 | if [ "$prev_branch" != "refs/heads/main" ]; then
 81 | 	echo "Expecting current branch name to be \"main\"," \
 82 | 	     "but it is \"${prev_branch#refs/heads/}\" - aborting."
 83 | 
 84 | 	exit 1
 85 | fi
 86 | 
 87 | export GIT_AUTHOR_NAME="$git_author"
 88 | export GIT_AUTHOR_EMAIL="$git_email"
 89 | export GIT_COMMITTER_NAME="$git_author"
 90 | export GIT_COMMITTER_EMAIL="$git_email"
 91 | 
 92 | git checkout -b "lede-$version"
 93 | 
 94 | while read type name url; do
 95 | 	case "$type" in
 96 | 		src-git)
 97 | 			case "$url" in
 98 | 				*^*|*\;*) : ;;
 99 | 				*)
100 | 					ref="$(git ls-remote "$url" "lede-$version")"
101 | 
102 | 					if [ -z "$ref" ]; then
103 | 						echo "WARNING: Feed \"$name\" provides no" \
104 | 						     "\"lede-$version\" branch - using main!" >&2
105 | 					else
106 | 						url="$url;lede-$version"
107 | 					fi
108 | 				;;
109 | 			esac
110 | 			echo "$type $name $url"
111 | 		;;
112 | 		src-*)
113 | 			echo "$type $name $url"
114 | 		;;
115 | 	esac
116 | done < feeds.conf.default > feeds.conf.branch && \
117 | 	mv feeds.conf.branch feeds.conf.default
118 | 
119 | sed -e 's!^RELEASE:=.*!RELEASE:='"$codename"'!g' \
120 |     -e 's!\(VERSION_NUMBER:=\$(if .*\),[^,]*)!\1,'"$version-SNAPSHOT"')!g' \
121 |     -e 's!\(VERSION_REPO:=\$(if .*\),[^,]*)!\1,'"$base_url/$version-SNAPSHOT"')!g' \
122 | 	include/version.mk > include/version.branch && \
123 | 		mv include/version.branch include/version.mk
124 | 
125 | sed -e 's!http://downloads.lede-project.org/[^"]*!'"$base_url/$version-SNAPSHOT"'!g' \
126 | 	package/base-files/image-config.in > package/base-files/image-config.branch && \
127 | 		mv package/base-files/image-config.branch package/base-files/image-config.in
128 | 
129 | git commit -sm "LEDE v$version: set branch defaults" \
130 | 	feeds.conf.default \
131 | 	include/version.mk \
132 | 	package/base-files/image-config.in
133 | 
134 | git --no-pager log -p -1
135 | git push origin "refs/heads/lede-$version:refs/heads/lede-$version"
136 | git checkout "${prev_branch#refs/heads/}"
137 | 


--------------------------------------------------------------------------------
/.github/workflows/build-push.yml:
--------------------------------------------------------------------------------
  1 | name: Build and push containers
  2 | on:
  3 |   push:
  4 |     branches:
  5 |       - main
  6 |     tags:
  7 |       - 'v*'
  8 |   pull_request:
  9 | 
 10 | env:
 11 |   BUILDBOT_VERSION: 3.11.8
 12 |   GITHUB_SHA_LEN: 8
 13 | 
 14 | concurrency:
 15 |   group: ${{ github.workflow }}-${{ github.ref }}
 16 |   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 17 | 
 18 | jobs:
 19 |   test-lint:
 20 |     name: Test with Python ${{ matrix.python-version }}
 21 |     runs-on: ubuntu-latest
 22 | 
 23 |     strategy:
 24 |       matrix:
 25 |         python-version:
 26 |           - "3.11"
 27 | 
 28 |     steps:
 29 |       - name: Checkout
 30 |         uses: actions/checkout@v5
 31 | 
 32 |       - uses: actions/setup-python@v5
 33 |         with:
 34 |           python-version: ${{ matrix.python-version }}
 35 | 
 36 |       - name: Install dependencies
 37 |         run: pip install -r requirements-dev.txt
 38 | 
 39 |       - name: Lint with ruff
 40 |         run: ruff phase*/master.cfg
 41 | 
 42 |       - name: Lint with flake8
 43 |         run: flake8 phase*/master.cfg
 44 | 
 45 |       - name: Stylecheck with black
 46 |         run: black phase1/master.cfg
 47 | 
 48 |   build-test:
 49 |     name: Build and Test container
 50 |     runs-on: ubuntu-latest
 51 |     needs: test-lint
 52 | 
 53 |     permissions:
 54 |       packages: write
 55 | 
 56 |     strategy:
 57 |       fail-fast: ${{ github.event_name == 'pull_request' }}
 58 |       matrix:
 59 |         include:
 60 |           - container_flavor: master
 61 |           - container_flavor: worker
 62 |             container_test_command: "--env BUILDWORKER_TLS=1 --env BUILDWORKER_MASTER=Z:1922 --env BUILDWORKER_NAME=X --env BUILDWORKER_PASSWORD=Y"
 63 | 
 64 |     steps:
 65 |       - name: Checkout
 66 |         uses: actions/checkout@v5
 67 | 
 68 |       - name: Environment variables
 69 |         run: |
 70 |           echo "GIT_SHA_SHORT=${GITHUB_SHA::${{ env.GITHUB_SHA_LEN }}}" >> $GITHUB_ENV
 71 | 
 72 |       - name: Build container and export it to local Docker
 73 |         uses: docker/build-push-action@v6
 74 |         with:
 75 |           load: true
 76 |           tags: local/${{ matrix.container_flavor }}
 77 |           file: docker/build${{ matrix.container_flavor }}/Dockerfile
 78 |           build-args: |
 79 |             BUILDBOT_VERSION=${{ env.BUILDBOT_VERSION }}
 80 |             OPENWRT_VERSION=${{ env.GIT_SHA_SHORT }}
 81 | 
 82 |       - name: Test ${{ matrix.container_flavor }} Docker container
 83 |         run: |
 84 |           docker run --detach ${{ matrix.container_test_command }} --name test-${{ matrix.container_flavor }} local/${{ matrix.container_flavor }}
 85 |           sleep 5
 86 |           pip install cram
 87 |           cram --verbose "tests/cram/${{ matrix.container_flavor }}"
 88 | 
 89 |   deploy:
 90 |     name: Push Container
 91 |     if: github.event_name != 'pull_request' || github.repository_owner != 'openwrt'
 92 |     runs-on: ubuntu-latest
 93 |     needs: build-test
 94 | 
 95 |     environment: production
 96 | 
 97 |     permissions:
 98 |       packages: write
 99 | 
100 |     strategy:
101 |       matrix:
102 |         container_flavor:
103 |           - master
104 |           - worker
105 | 
106 |     steps:
107 |       - name: Checkout
108 |         uses: actions/checkout@v5
109 | 
110 |       - name: Environment variables
111 |         run: |
112 |           echo "GIT_SHA_SHORT=${GITHUB_SHA::${{ env.GITHUB_SHA_LEN }}}" >> $GITHUB_ENV
113 | 
114 |       - name: Docker meta
115 |         id: meta
116 |         uses: docker/metadata-action@v5
117 |         with:
118 |           images: name=ghcr.io/${{ github.repository }}/build${{ matrix.container_flavor }}-v${{ env.BUILDBOT_VERSION }}
119 | 
120 |       - name: Login to GitHub Container Registry
121 |         uses: docker/login-action@v3
122 |         with:
123 |           registry: ghcr.io
124 |           username: ${{ github.actor }}
125 |           password: ${{ secrets.GITHUB_TOKEN }}
126 | 
127 |       - name: Build container again and push it
128 |         uses: docker/build-push-action@v6
129 |         with:
130 |           push: true
131 |           tags: ${{ steps.meta.outputs.tags }}
132 |           labels: ${{ steps.meta.outputs.labels }}
133 |           file: docker/build${{ matrix.container_flavor }}/Dockerfile
134 |           build-args: |
135 |             BUILDBOT_VERSION=${{ env.BUILDBOT_VERSION }}
136 |             OPENWRT_VERSION=${{ env.GIT_SHA_SHORT }}
137 | 


--------------------------------------------------------------------------------
/scripts/signall.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | tarball="$1"
  4 | branch="$2"
  5 | 
  6 | tmpdir="signall.$$"
  7 | tarball="$(readlink -f "$tarball")"
  8 | 
  9 | finish() { rm -rf "$tmpdir"; exit $1; }
 10 | 
 11 | iniget() {
 12 | 	local file="$1" section="$2" option="$3"
 13 | 
 14 | 	sed -rne '
 15 | 		/\['"$section"'\]/,$ {
 16 | 			/^[ \t]*'"$option"'[ \t]*=[ \t]*/ {
 17 | 				s/^[^=]+=[ \t]*//; h;
 18 | 				:c; n;
 19 | 				/^([ \t]|$)/ {
 20 | 					s/^[ \t]+//; H;
 21 | 					b c
 22 | 				};
 23 | 				x; p; q
 24 | 			}
 25 | 		}
 26 | 	' "$file" | sed -e :a -e '/^\n*$/{$d;N;ba' -e '}'
 27 | }
 28 | 
 29 | trap "finish 255" HUP INT TERM
 30 | 
 31 | if [ ! -f "$tarball" ] || [ ! -f "${CONFIG_INI:-config.ini}" ]; then
 32 | 	echo "Usage: [CONFIG_INI=...] $0 <tarball>" >&2
 33 | 	finish 1
 34 | fi
 35 | 
 36 | [ ! -e "$tmpdir" ] || {
 37 | 	echo "Temporary directory $tmpdir already exists!" >&2
 38 | 	finish 2
 39 | }
 40 | 
 41 | umask 077
 42 | mkdir "$tmpdir" "$tmpdir/tar" "$tmpdir/gpg" "$tmpdir/gpg/private-keys-v1.d" || finish 2
 43 | 
 44 | umask 022
 45 | chmod 0755 "$tmpdir/tar"
 46 | tar -C "$tmpdir/tar/" -xzf "$tarball" || finish 3
 47 | 
 48 | loopback=""
 49 | 
 50 | case "$(gpg --version | head -n1)" in
 51 | 	*\ 2.*) loopback=1 ;;
 52 | esac
 53 | 
 54 | if [ -z "$branch" ]; then
 55 | GPGKEY="$(iniget "${CONFIG_INI:-config.ini}" gpg key)"
 56 | GPGKEYID="$(iniget "${CONFIG_INI:-config.ini}" gpg keyid)"
 57 | GPGPASS="$(iniget "${CONFIG_INI:-config.ini}" gpg passphrase)"
 58 | GPGCOMMENT="$(iniget "${CONFIG_INI:-config.ini}" gpg comment)"
 59 | 
 60 | USIGNKEY="$(iniget "${CONFIG_INI:-config.ini}" usign key)"
 61 | USIGNCOMMENT="$(iniget "${CONFIG_INI:-config.ini}" usign comment)"
 62 | 
 63 | APKSIGNKEY="$(iniget "${CONFIG_INI:-config.ini}" apk key)"
 64 | else
 65 | GPGKEY="$(iniget "${CONFIG_INI:-config.ini}" "branch $branch" "gpg_key")"
 66 | GPGKEYID="$(iniget "${CONFIG_INI:-config.ini}" "branch $branch" "gpg_keyid")"
 67 | GPGPASS="$(iniget "${CONFIG_INI:-config.ini}" "branch $branch" "gpg_passphrase")"
 68 | GPGCOMMENT="$(iniget "${CONFIG_INI:-config.ini}" "branch $branch" "gpg_comment")"
 69 | 
 70 | USIGNKEY="$(iniget "${CONFIG_INI:-config.ini}" "branch $branch" "usign_key")"
 71 | USIGNCOMMENT="$(iniget "${CONFIG_INI:-config.ini}" "branch $branch" "usign_comment")"
 72 | 
 73 | APKSIGNKEY="$(iniget "${CONFIG_INI:-config.ini}" "branch $branch" "apk_key")"
 74 | fi
 75 | 
 76 | if [ -n "$APKSIGNKEY" ]; then
 77 | 	umask 077
 78 | 	echo "$APKSIGNKEY" > "$tmpdir/apk.pem"
 79 | 
 80 | 	umask 022
 81 | 	find "$tmpdir/tar/" -type f -name "packages.adb" -print0 | while IFS= read -r -d '' file; do
 82 | 		if ! "${APK_BIN:-apk}" adbsign --allow-untrusted --sign-key "$(readlink -f "$tmpdir/apk.pem")" "$file"; then
 83 | 			finish 3
 84 | 		fi
 85 | 	done
 86 | 
 87 | 	find "$tmpdir/tar/" -type f -name sha256sums | while read -r file; do
 88 | 		dir=$(dirname "$file")
 89 | 		pushd "$dir" > /dev/null || finish 3
 90 | 
 91 | 		grep 'packages\.adb' sha256sums | while IFS= read -r line; do
 92 | 			filename="${line#*' *'}"
 93 | 			# Skip updating hash of previous kmods/ if not found in sign tar (already signed)
 94 | 			[ ! -f "$filename" ] && [[ "$filename" == kmods/* ]] && continue
 95 | 			escaped_filename="${filename//\//\\\/}"
 96 | 			escaped_filename="${escaped_filename//&/\\&}"
 97 | 			checksum_output=$(sha256sum --binary -- "$filename")
 98 | 			new_checksum_line="${checksum_output%% *} *${checksum_output#*' *'}"
 99 | 			sed -i "s#.*[[:space:]]\*$escaped_filename\$#$new_checksum_line#" sha256sums
100 | 		done
101 | 
102 | 		popd > /dev/null || finish 3
103 | 	done
104 | fi
105 | 
106 | if echo "$GPGKEY" | grep -q "BEGIN PGP PRIVATE KEY BLOCK" && [ -z "$GPGKEYID" ]; then
107 | 	umask 077
108 | 	echo "$GPGPASS" > "$tmpdir/gpg.pass"
109 | 	echo "$GPGKEY" | gpg --batch --homedir "$tmpdir/gpg" \
110 | 		${loopback:+--pinentry-mode loopback --no-tty --passphrase-fd 0} \
111 | 		${GPGPASS:+--passphrase-file "$tmpdir/gpg.pass"} \
112 | 		--import - || finish 4
113 | 
114 | 	umask 022
115 | 	find "$tmpdir/tar/" -type f -not -name "*.asc" -and -not -name "*.sig" -exec \
116 | 		gpg --no-version --batch --yes -a -b \
117 | 			--homedir "$(readlink -f "$tmpdir/gpg")" \
118 | 			${loopback:+--pinentry-mode loopback --no-tty --passphrase-fd 0} \
119 | 			${GPGPASS:+--passphrase-file "$(readlink -f "$tmpdir/gpg.pass")"} \
120 | 			${GPGCOMMENT:+--comment="$GPGCOMMENT"} \
121 | 			-o "{}.asc" "{}" \; || finish 4
122 | fi
123 | 
124 | if [ -n "$GPGKEYID" ]; then
125 | 	find "$tmpdir/tar/" -type f -not -name "*.asc" -and -not -name "*.sig" -print0 | while IFS= read -r -d '' file; do
126 | 		if ! gpg --no-version --batch --detach-sign --armor \
127 | 			--local-user "${GPGKEYID}" \
128 | 			${GPGCOMMENT:+--comment="$GPGCOMMENT"} \
129 | 			--homedir /home/buildbot/.gnupg "${file}.asc" "$file"; then
130 | 			finish 4
131 | 		fi
132 | 	done
133 | fi
134 | 
135 | if [ -n "$USIGNKEY" ]; then
136 | 	USIGNID="$(echo "$USIGNKEY" | base64 -d -i | dd bs=1 skip=32 count=8 2>/dev/null | od -v -t x1 | sed -rne 's/^0+ //p' | tr -d ' ')"
137 | 
138 | 	if ! echo "$USIGNID" | grep -qxE "[0-9a-f]{16}"; then
139 | 		echo "Invalid usign key specified" >&2
140 | 		finish 5
141 | 	fi
142 | 
143 | 	umask 077
144 | 	printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.sec"
145 | 
146 | 	umask 022
147 | 	find "$tmpdir/tar/" -type f -not -name "*.asc" -and -not -name "*.sig" -exec \
148 | 		signify-openbsd -S -s "$(readlink -f "$tmpdir/usign.sec")" -m "{}" \; || finish 5
149 | fi
150 | 
151 | tar -C "$tmpdir/tar/" -czf "$tarball" . || finish 6
152 | 
153 | finish 0
154 | 


--------------------------------------------------------------------------------
/docker/config.ini:
--------------------------------------------------------------------------------
  1 | [general]
  2 | title = OpenWrt Project
  3 | title_url = http://openwrt.org/
  4 | workdir = /master
  5 | 
  6 | [phase1]
  7 | status_bind = tcp:8010:interface=0.0.0.0
  8 | status_user = admin
  9 | status_password = admin
 10 | buildbot_url = http://buildmaster-phase1:8010/
 11 | expire = 1209600
 12 | port = ssl:9989:privateKey=/certs/master.key:certKey=/certs/master.crt
 13 | feeds_host_override = github.com/openwrt
 14 | config_seed = # Seed configuration
 15 | 	CONFIG_BUILDBOT=y
 16 | 	CONFIG_DEVEL=y
 17 | 	CONFIG_CCACHE=n
 18 | 	CONFIG_KERNEL_KALLSYMS=y
 19 | 	CONFIG_AUTOREMOVE=y
 20 | 
 21 | [phase2]
 22 | status_bind = tcp:8011:interface=0.0.0.0
 23 | status_user = admin
 24 | status_password = admin
 25 | buildbot_url = http://buildmaster-phase2:8011/
 26 | port = ssl:9990:privateKey=/certs/master.key:certKey=/certs/master.crt
 27 | persistent = false
 28 | 
 29 | [repo]
 30 | url = https://git.openwrt.org/openwrt/openwrt.git
 31 | branch = main
 32 | 
 33 | [rsync]
 34 | binary_url = upload@rsync-server::data/bin
 35 | binary_password = secret
 36 | source_url = upload@rsync-server::data/src
 37 | source_password = secret
 38 | sdk_url = upload@rsync-server::data/bin/targets
 39 | sdk_password = secret
 40 | sdk_pattern = openwrt-sdk-*.tar.*
 41 | 
 42 | [gpg]
 43 | key = -----BEGIN PGP PRIVATE KEY BLOCK-----
 44 | 	Comment: Example secret GPG key
 45 | 
 46 | 	lQWGBF0ZCWsBDADXslVt7Rk/bPIduao3exEqGhzgR+Wv7i8H/gxZdxGbe+LpX04h
 47 | 	D60LOpCKf1T1MV0lPNk4FXhoj7I3qa1VQxDAg/6teBWIC4bKKj44pq09sljPVxRx
 48 | 	LJARWjBTM7GgGnu+8/UWTMDoDRLxSabDlFU3sWo4Xh6iCom8IjiZaOcmtDUlOjJs
 49 | 	0jwhelcmULPFBRVhIglNaHEaC06r/4jhpgzyEITQkQsh6QVYbMRtEi2bXoqfxu9f
 50 | 	/1CvYjO/4A6F9G3aG0ubu7SyggQ5lcObVr9poDPZ79x3e+1wGILUfUImE4MxVmN/
 51 | 	WNcPhJ13J6FvmLH2cj8oJhl4U5oWyxMRZg6CDpEO5UlP8wwB25DJ+5d/qsX3gEC5
 52 | 	chJQhwHgthHBGJMbbvCPXuSDW4s4TYbyVuG8IntLuzaowmjyiKH/BVUubFpMoM5p
 53 | 	69hwpjI30T3Dy5hhrgclIrbgeAInZ7y03VTjLbb9FuYSfGGi9FTcW+FJAdw3lWzC
 54 | 	vARoxtbiJ+J2QWkAEQEAAf4HAwKFxhkeBLI6K/CJR8c3UgEPSwvUq5B1KTtBUsBq
 55 | 	wODF1O/tZnZG0YREkqt2HTFU9nGYKyCHiKVqksBLDJx2aL++MwZIyelWTsa1juFV
 56 | 	1VFVp0ggHjHoVBGk37vpoHgqq6kATEKx92Hgd0AMsyvplQrxCtKu3NZu1V+O1wP4
 57 | 	1bgMqJy3uSVXzko6n+DixQOZCNf+6/3r+2pR3XK5aPc2hhMa+CYbNcqWfiVEnTIJ
 58 | 	tskohTsosnUUtPeq2B7c/dTdhGkhW1GiZLlAgOrpYqFqZgUUFwvnSeX3Gz73re6C
 59 | 	tfcWDVZau6dAm9j7z/fmXEmWwgmgPOWTxxbcSoKscFZL4e2rVxghtCsDTHH1PO5O
 60 | 	CJwPvpYty7CmkassnKzYFZ14krqAvCGE3xT6NzesdSyEcvu1RiZfO/7iWWHwNJbk
 61 | 	k0NEgxV+AB8zmg3hUd4D+XlMQLrkZKGGc22BOux3lS16oRvKoKtsjj0OrQ0j0bYY
 62 | 	2YS3Q0Bvbf9YH3h2HXfrjI3JE55MpC5s8bnXRl7ioH+qWh/E2KaZWQPmx566x+hf
 63 | 	hof89ODYc72LKuEOtzSbKGX7O1oivw0IPGm73yTHj6RYhJ16HmNvSmyMvuZCfwpo
 64 | 	cVM2muVnhJj4syrenvr5GeltYlLRrrxj0WWZnCqHo1MyFz7Ax9+knFqrTFiZ6wzU
 65 | 	vVI+/DWX/peMRlFtkxSP3KgFvx/TUu6j1rTsbuH+QauI4AX3RSEqpma2dP4yN3Tn
 66 | 	JDVanvpYqqJzHpmhIDDBDDRAEvLNf7bsWSctaOe4CLjGZC/4AHL2Z55QsZ627p0G
 67 | 	8TwV7lcsWU4q5zdZ8NDyfXuLTNv5A8/zrMy9NeqCitA7eOe+tBS/N7MBTRzZ7mKK
 68 | 	H4AXRpzrwBb0T6F6pjtrYp7cUTu6r1aBP2W61VzWWZChFM1AWfk3qgX4TvGikpe9
 69 | 	RfyUfPdALboZ4ZI2opoU9TQcjyhdLyfojMofoOdYZl68tImdd44+8sidj9ZW7JB3
 70 | 	+rrEBm4yWNOhTJnVnYaau+gY65WGYOb2rnSPlNa81aC2j141U2bxyigqTENH6W6N
 71 | 	xCAdIxWvXIYIRDSfrLFryGHdw/+O0SerK7NdCB3Yhb+YrzGMB1BOLFhbuXPnDMeB
 72 | 	JMN4WGCrxBl9a7Mtck/VSTXYPGqDA33AgOAgiJk/hVCc7Uq3TElro2FlvlOMUUzU
 73 | 	vAcM3ZMVDTa9FG9BGzpusf6P7JHfLJ/pIk6M0AfgWLnFSyR7OQZ26ImfWkOsRnqS
 74 | 	LzuQC4rpPQ8JViOwNdMsJ9Lh9ZIxSmeKdYAIdj0Rjv8xzE+QYVxVlCNzqA5XQSnW
 75 | 	ExyJIb5ZWWgfh7x60OF+7FcmXl7Z8zorxbQnRXhhbXBsZSBHUEcgS2V5IDxkZXZl
 76 | 	bG9wZXJAZXhhbXBsZS5vcmc+iQHUBBMBCAA+FiEE8tv6Y8FEu+A6mMiU4agkU1Bn
 77 | 	2NgFAl0ZCWsCGwMFCQPCZwAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ4agk
 78 | 	U1Bn2NirAwv/dNjiPyvLH57N9d0DTH+8G53JMaNNZiIeW4cbE1lTaVL1nL1cwEkp
 79 | 	enpCWg1S6OKxRQ+gDrPP94dwJFCdEgPdRV7+I4OU6fiPaHKAO7xZQM4MtlWpQnro
 80 | 	qXg7oC5LEj9gGNOE6mmtNEPd5xuIyfWXSbVd2222EbpdmSTrP5L52gehlG4o0GRc
 81 | 	GT3Y7o5LZ6VcJiZJWbjpzicLcJ7NJNIJ8ektYcSugKOEheXW1/ys0oEFlQ2SHuvZ
 82 | 	kjKbfYrCqj6pPd3oJIb4EDc5RK9ADGAsOKnHxcIMy/UyielushtG6E0x6OmONJTm
 83 | 	VNOz1i09nVaIHc4lM5Dq7ktrZQw//JcIJNH7OcnpcvFnnAsnE+UZEJNRIruPMJul
 84 | 	6FYrAGv+buuJ1BhcoCZeJ6ETzj0obrDtMhgpmbfM3HUhqUBJUZumx0zvMUEz+Mtx
 85 | 	+YiN6ECSFad0uLQPp4Qv+atBDvVIK8uSevJIZlxXgYSYpcPH2l4ZlANhF3Z/MWjc
 86 | 	0aK6p/W4Rha1nQWGBF0ZCWsBDAD8WYToIsYRAilX19cZ7V6RG0lGY6CpF8aOKRyY
 87 | 	LcH6T0lva0GrEXVwo2ms3bNSUnLzE8SKOPPam8FMT7xzEZ3caLnI6LB/n9DWPFI0
 88 | 	BVNOEBwFf7aadTBAZIRarO7fqIey/QnkBdw2UQYFTZBQMs7ov9LvZqmu0Ya0b/xs
 89 | 	NfhwWpb2QUGeeZThJlEWsatELphE81BdC4FvpPiAXN+JgL5prGQz2p87VDo6uu+9
 90 | 	W8Si81WQLvVXXEG0175UorQ6CwBiQVLjiaCGQ+Yn0ZkJVpwReKsSdwP7LBsVGuA+
 91 | 	YNoJW0+2oX+suFHrSbGdUGaSKEiR4AnHoSuFu4eK8FZNXyg9zoBv6M5QKU2lGFT6
 92 | 	V8TwbEIhLIIAwil+T+ZUu4tKbuDDFKh4CPalx5GehNN7ZRFOZgNz/rf7aOtA4s3P
 93 | 	kbB5fjR3+Z9ns70xej9z57kIIB1KgcX0Ov9kp5zNtZdpPRzRURPAEmhNveAHtEbR
 94 | 	aqBH64vxilDUXvcs1QlP4066TcsAEQEAAf4HAwJI+fXlrlUZcvBCEaouhaNghWDA
 95 | 	2dSvGyzrp32wmLXoRwC0wUiy4hUduxrEYECd1wjPM9t22j7++7SAfqdfto6RNXYT
 96 | 	AramO2Aj8ldqhJoCfkIh64pU0/hUmQnJ56KTdXLNuoDbF43usnDO0KvfSmvHMyBs
 97 | 	tADZ67fgit3043LZFEPbAov33b37qoLNvrqdQHes2olE32mpNOJoVyG3P5/3YixT
 98 | 	TalKWMhXiZ8xePzyrcw85hj/SBNIeVeJ4QRotlQJA7dvVxbEtATzN7wCv6B9BrE+
 99 | 	Lm3Es5zDrVX6n2zcnwRWh40lADZvEzKSXEI2priFEpdjU4HmMP9BZ2jnMMYB8wkP
100 | 	IMSvlgWuXSt9t27lnpE1G/Wpk+Q02zTOTDsLRk9crUFTw3YoyPsp7QdQCtew0z3S
101 | 	yIn/+Wer+p++d2/qgiZxlh15V8msj5qX6ALTZpZ0hg1+dpvvQMqTRJNiX81oenmF
102 | 	FEWmDA6Q4cRjYhub2nDUdmxU5z3dlxr2F2Lrxuheg3zQyt6P0FD7yzL6aDsU7Eok
103 | 	rvZrYcShWBPW7LigjHNKrdUoTLHAqj5asuPgqw+hQJ2x7e0VC3bAl/e8M1/vQ0Uw
104 | 	UAD8q6wbE7+/C419K7JZchZeqfARl7qC29xsh22yLU33II5yzEwshaQCSF8RWBWi
105 | 	D5Dvdkw9ZV94gz+8ZnAezFpkd1igA7Qcnfcsy/JwzsaOHkZN2nwfTeK2WW+NwMOu
106 | 	PkJG8JuFpQ5QwcL5axion7QrvhrfdmV/o//IaAFyxnhOo3IddLNm8S+qpiU6HIj3
107 | 	pyr6PJFlUq9gxpuCrRW+yXcvlqEdQygmDDr1UWlrblVoKgbIkZAJPvlCD29jhbaM
108 | 	UryrhhOSURmf158FU5wA9DzlcsCwqdCPTnbeqfnxLRS/+hX3zB7T4ezIBya09o0s
109 | 	iCEHP+8cOVsf2metZJ2ONrXnBp+LGoMqD8I4vGNIamvIZivPwq7LefUk1XhBd7Ed
110 | 	aP50tYZuEQnoNpa4S6sR2qgxxCRLmqYRJvaabYdEUBdV8F/0K4XxJfMLPLZfhRO0
111 | 	wdL1fRx2cxoeZH0BsEntQVHdhJJqRmPJNt8SyahwRrpoJ1Lb5iZm9yj0ZU4dP7h/
112 | 	qbc66QCg/eqA+0r66xd6bzxORM/HjM0itNPkVp/4PdSKKQ0JnYRwtPNE3pBvuDCK
113 | 	EZ5GPuCM0szInM11sLTf96HBL0G4VWspKqZIDS7ezZ7zj5TBooLTzglmy2rA0UAE
114 | 	SrxvD0sI3ULEiNIEjogJJtj9MSATjPLXGzt+ekrlb+i6c1A2IrrPOUkEhAa6F4HL
115 | 	0HcJn3/sWfOVH+mj5AinIsiosHvZiYOGoMBGHAmxUfi/74kBvAQYAQgAJhYhBPLb
116 | 	+mPBRLvgOpjIlOGoJFNQZ9jYBQJdGQlrAhsMBQkDwmcAAAoJEOGoJFNQZ9jYMusL
117 | 	+gLg/aXZj8w72Zdabvsuh+FsP1dRAvEpF+RFfmUTyCdxOA7xY9DScCaa5gBN35KI
118 | 	EsKE3EQJr8W+iX0+jIrsyn00Tb4D0MA7oVHDYfDOlxXTk+NHs1GW6CN5aXSCkulT
119 | 	7dP+09oqPXS4z/bcX2UTbhh01VgYAWrMOWj5ycza+OrF2+hK7U7sVQoTN7kMLvQs
120 | 	C2CVJm4wppT6CYMhKOxVEkvL3fcK7ZYXRhBGij97vR7kCbXMoSDPKT7b0Ulm+pOj
121 | 	k69gOBkKw95S2sGXifyp2t6tWrcfNf0K7cnp0yS0OYT64t670x9g/6qxduT4VueJ
122 | 	gR8gW5jTxhyqiIKQ2t7rdlsOQHUAHDolwC/d+BoVC7kUj+450gzuIt9TF0yYRpiz
123 | 	PPjCSsIQfwMGOGj8P5X06tjIAiJy79J1QoM6NaRaT3AX39edzUS5SsX2HaHPvk4D
124 | 	UmP52XKFIRFi1EeDPLt1/JMzHc8+5fVxtXO+mFHKxD3Q3q9bAK7qcNsj0jtY7UzD
125 | 	3w==
126 | 	=zJBW
127 | 	-----END PGP PRIVATE KEY BLOCK-----
128 | passphrase = secret
129 | comment = Example GPG key
130 | 
131 | [usign]
132 | key = RWRCSwAAAADUvtjCkFEF4bWWxpPBo9o8R5FK6Rz5aPUsaZONLu8kxIjud9Fd+Mgu7J2fFJDVyKFAXNH6pKS+AuBW3v+TQT5m1J0W/JYTjqzIrgAZhRtm5v3vSKRl3HUD2zEEbG5j3tg=
133 | comment = Example usign key
134 | 
135 | [apk]
136 | key = -----BEGIN EC PRIVATE KEY-----
137 | 	MHcCAQEEIIP54p1G0UgCleLObh07Gxq0S0Iz22OQpkUj8S1AzXB9oAoGCCqGSM49
138 | 	...
139 | 	-----END EC PRIVATE KEY-----
140 | 
141 | [worker 1]
142 | phase = 1
143 | name = buildworker-phase1
144 | password = secret
145 | builds = 1
146 | cleanup = 1
147 | 
148 | [worker 2]
149 | phase = 2
150 | name = buildworker-phase2
151 | password = secret
152 | builds = 1
153 | cleanup = 1
154 | 


--------------------------------------------------------------------------------
/phase2/master.cfg:
--------------------------------------------------------------------------------
  1 | # -*- python -*-
  2 | # ex: set syntax=python:
  3 | 
  4 | import os
  5 | import re
  6 | import sys
  7 | import base64
  8 | import subprocess
  9 | import configparser
 10 | 
 11 | from dateutil.tz import tzutc
 12 | from datetime import datetime, timedelta
 13 | 
 14 | from twisted.internet import defer
 15 | from twisted.python import log
 16 | 
 17 | from buildbot import locks
 18 | from buildbot.data import resultspec
 19 | from buildbot.changes import filter
 20 | from buildbot.changes.gitpoller import GitPoller
 21 | from buildbot.config import BuilderConfig
 22 | from buildbot.plugins import schedulers
 23 | from buildbot.plugins import steps
 24 | from buildbot.plugins import util
 25 | from buildbot.process import results
 26 | from buildbot.process.factory import BuildFactory
 27 | from buildbot.process.properties import Property
 28 | from buildbot.process.properties import Interpolate
 29 | from buildbot.process import properties
 30 | from buildbot.schedulers.basic import SingleBranchScheduler
 31 | from buildbot.schedulers.forcesched import ForceScheduler
 32 | from buildbot.steps.master import MasterShellCommand
 33 | from buildbot.steps.shell import SetPropertyFromCommand
 34 | from buildbot.steps.shell import ShellCommand
 35 | from buildbot.steps.transfer import FileDownload
 36 | from buildbot.steps.transfer import FileUpload
 37 | from buildbot.steps.transfer import StringDownload
 38 | from buildbot.worker import Worker
 39 | 
 40 | 
 41 | if not os.path.exists("twistd.pid"):
 42 |     with open("twistd.pid", "w") as pidfile:
 43 |         pidfile.write("{}".format(os.getpid()))
 44 | 
 45 | ini = configparser.ConfigParser()
 46 | ini.read(os.getenv("BUILDMASTER_CONFIG", "./config.ini"))
 47 | 
 48 | buildbot_url = ini.get("phase2", "buildbot_url")
 49 | 
 50 | # This is a sample buildmaster config file. It must be installed as
 51 | # 'master.cfg' in your buildmaster's base directory.
 52 | 
 53 | # This is the dictionary that the buildmaster pays attention to. We also use
 54 | # a shorter alias to save typing.
 55 | c = BuildmasterConfig = {}
 56 | 
 57 | ####### BUILDWORKERS
 58 | 
 59 | # The 'workers' list defines the set of recognized buildworkers. Each element is
 60 | # a Worker object, specifying a unique worker name and password.  The same
 61 | # worker name and password must be configured on the worker.
 62 | 
 63 | worker_port = 9990
 64 | persistent = False
 65 | 
 66 | if ini.has_option("phase2", "port"):
 67 | 	worker_port = ini.get("phase2", "port")
 68 | 
 69 | if ini.has_option("phase2", "persistent"):
 70 | 	persistent = ini.getboolean("phase2", "persistent")
 71 | 
 72 | c['workers'] = []
 73 | 
 74 | for section in ini.sections():
 75 | 	if section.startswith("worker "):
 76 | 		if ini.has_option(section, "name") and ini.has_option(section, "password") and \
 77 | 			ini.has_option(section, "phase") and ini.getint(section, "phase") == 2:
 78 | 			name = ini.get(section, "name")
 79 | 			password = ini.get(section, "password")
 80 | 			sl_props = { 'shared_wd': True }
 81 | 
 82 | 			if ini.has_option(section, "shared_wd"):
 83 | 				sl_props['shared_wd'] = ini.getboolean(section, "shared_wd")
 84 | 
 85 | 			c['workers'].append(Worker(name, password, max_builds = 1, properties = sl_props))
 86 | 
 87 | # 'workerPortnum' defines the TCP port to listen on for connections from workers.
 88 | # This must match the value configured into the buildworkers (with their
 89 | # --master option)
 90 | c['protocols'] = {'pb': {'port': worker_port}}
 91 | 
 92 | # coalesce builds
 93 | c['collapseRequests'] = True
 94 | 
 95 | # Reduce amount of backlog data
 96 | c['configurators'] = [util.JanitorConfigurator(
 97 |     logHorizon=timedelta(days=3),
 98 |     hour=6,
 99 | )]
100 | 
101 | ####### CHANGESOURCES
102 | 
103 | work_dir = os.path.abspath(ini.get("general", "workdir") or ".")
104 | scripts_dir = os.path.abspath("../scripts")
105 | 
106 | rsync_bin_url = ini.get("rsync", "binary_url")
107 | rsync_bin_key = ini.get("rsync", "binary_password")
108 | 
109 | rsync_src_url = None
110 | rsync_src_key = None
111 | 
112 | if ini.has_option("rsync", "source_url"):
113 | 	rsync_src_url = ini.get("rsync", "source_url")
114 | 	rsync_src_key = ini.get("rsync", "source_password")
115 | 
116 | rsync_sdk_url = None
117 | rsync_sdk_key = None
118 | rsync_sdk_pat = "openwrt-sdk-*.tar.*"
119 | 
120 | if ini.has_option("rsync", "sdk_url"):
121 | 	rsync_sdk_url = ini.get("rsync", "sdk_url")
122 | 
123 | if ini.has_option("rsync", "sdk_password"):
124 | 	rsync_sdk_key = ini.get("rsync", "sdk_password")
125 | 
126 | if ini.has_option("rsync", "sdk_pattern"):
127 | 	rsync_sdk_pat = ini.get("rsync", "sdk_pattern")
128 | 
129 | rsync_defopts = ["-4", "-v", "--timeout=120"]
130 | 
131 | repo_url = ini.get("repo", "url")
132 | repo_branch = "main"
133 | 
134 | if ini.has_option("repo", "branch"):
135 | 	repo_branch = ini.get("repo", "branch")
136 | 
137 | usign_key = None
138 | usign_comment = "untrusted comment: " + repo_branch.replace("-", " ").title() + " key"
139 | 
140 | if ini.has_option("usign", "key"):
141 | 	usign_key = ini.get("usign", "key")
142 | 
143 | if ini.has_option("usign", "comment"):
144 | 	usign_comment = ini.get("usign", "comment")
145 | 
146 | 
147 | # find arches
148 | arches = [ ]
149 | archnames = [ ]
150 | 
151 | if not os.path.isdir(work_dir+'/source.git'):
152 | 	subprocess.call(["git", "clone", "--depth=1", "--branch="+repo_branch, repo_url, work_dir+'/source.git'])
153 | else:
154 | 	subprocess.call(["git", "pull"], cwd = work_dir+'/source.git')
155 | 
156 | os.makedirs(work_dir+'/source.git/tmp', exist_ok=True)
157 | findarches = subprocess.Popen(['./scripts/dump-target-info.pl', 'architectures'],
158 | 	stdout = subprocess.PIPE, cwd = work_dir+'/source.git')
159 | 
160 | while True:
161 | 	line = findarches.stdout.readline()
162 | 	if not line:
163 | 		break
164 | 	at = line.decode().strip().split()
165 | 	arches.append(at)
166 | 	archnames.append(at[0])
167 | 
168 | 
169 | # find feeds
170 | feeds = []
171 | feedbranches = dict()
172 | 
173 | c['change_source'] = []
174 | 
175 | def parse_feed_entry(line):
176 | 	parts = line.strip().split()
177 | 	if parts[0].startswith("src-git"):
178 | 		feeds.append(parts)
179 | 		url = parts[2].strip().split(';')
180 | 		branches = [url[1]] if len(url) > 1 else ['main', 'master']
181 | 		feedbranches[url[0]] = branches
182 | 		c['change_source'].append(GitPoller(url[0], branches=branches, workdir='%s/%s.git' %(os.getcwd(), parts[1]), pollInterval=300))
183 | 
184 | make = subprocess.Popen(['make', '--no-print-directory', '-C', work_dir+'/source.git/target/sdk/', 'val.BASE_FEED'],
185 | 	env = dict(os.environ, TOPDIR=work_dir+'/source.git'), stdout = subprocess.PIPE)
186 | 
187 | line = make.stdout.readline()
188 | if line:
189 | 	parse_feed_entry(str(line, 'utf-8'))
190 | 
191 | with open(work_dir+'/source.git/feeds.conf.default', 'r', encoding='utf-8') as f:
192 | 	for line in f:
193 | 		parse_feed_entry(line)
194 | 
195 | if len(c['change_source']) == 0:
196 | 	log.err("FATAL ERROR: no change_sources defined, aborting!")
197 | 	sys.exit(-1)
198 | 
199 | ####### SCHEDULERS
200 | 
201 | # Configure the Schedulers, which decide how to react to incoming changes.  In this
202 | # case, just kick off a 'basebuild' build
203 | 
204 | c['schedulers'] = []
205 | c['schedulers'].append(SingleBranchScheduler(
206 | 	name            = "all",
207 | 	change_filter   = filter.ChangeFilter(
208 | 		filter_fn = lambda change: change.branch in feedbranches[change.repository]
209 | 	),
210 | 	treeStableTimer = 60,
211 | 	builderNames    = archnames))
212 | 
213 | c['schedulers'].append(ForceScheduler(
214 | 	name         = "force",
215 | 	buttonName   = "Force builds",
216 | 	label        = "Force build details",
217 | 	builderNames = [ "00_force_build" ],
218 | 
219 | 	codebases = [
220 | 		util.CodebaseParameter(
221 | 			"",
222 | 			label      = "Repository",
223 | 			branch     = util.FixedParameter(name = "branch",     default = ""),
224 | 			revision   = util.FixedParameter(name = "revision",   default = ""),
225 | 			repository = util.FixedParameter(name = "repository", default = ""),
226 | 			project    = util.FixedParameter(name = "project",    default = "")
227 | 		)
228 | 	],
229 | 
230 | 	reason = util.StringParameter(
231 | 		name     = "reason",
232 | 		label    = "Reason",
233 | 		default  = "Trigger build",
234 | 		required = True,
235 | 		size     = 80
236 | 	),
237 | 
238 | 	properties = [
239 | 		util.NestedParameter(
240 | 			name="options",
241 | 			label="Build Options",
242 | 			layout="vertical",
243 | 			fields=[
244 | 				util.ChoiceStringParameter(
245 | 					name    = "architecture",
246 | 					label   = "Build architecture",
247 | 					default = "all",
248 | 					choices = [ "all" ] + archnames
249 | 				)
250 | 			]
251 | 		)
252 | 	]
253 | ))
254 | 
255 | ####### BUILDERS
256 | 
257 | # The 'builders' list defines the Builders, which tell Buildbot how to perform a build:
258 | # what steps, and which workers can execute them.  Note that any particular build will
259 | # only take place on one worker.
260 | 
261 | @properties.renderer
262 | def GetDirectorySuffix(props):
263 | 	verpat = re.compile(r'^([0-9]{2})\.([0-9]{2})(?:\.([0-9]+)(?:-rc([0-9]+))?|-(SNAPSHOT))$')
264 | 	if props.hasProperty("release_version"):
265 | 		m = verpat.match(props["release_version"])
266 | 		if m is not None:
267 | 			return "-%02d.%02d" %(int(m.group(1)), int(m.group(2)))
268 | 	return ""
269 | 
270 | @properties.renderer
271 | def GetCwd(props):
272 | 	if props.hasProperty("builddir"):
273 | 		return props["builddir"]
274 | 	elif props.hasProperty("workdir"):
275 | 		return props["workdir"]
276 | 	else:
277 | 		return "/"
278 | 
279 | def IsArchitectureSelected(target):
280 | 	def CheckArchitectureProperty(step):
281 | 		try:
282 | 			options = step.getProperty("options")
283 | 			if isinstance(options, dict):
284 | 				selected_arch = options.get("architecture", "all")
285 | 				if selected_arch != "all" and selected_arch != target:
286 | 					return False
287 | 		except KeyError:
288 | 			pass
289 | 
290 | 		return True
291 | 
292 | 	return CheckArchitectureProperty
293 | 
294 | def UsignSec2Pub(seckey, comment="untrusted comment: secret key"):
295 | 	try:
296 | 		seckey = base64.b64decode(seckey)
297 | 	except Exception:
298 | 		return None
299 | 
300 | 	return "{}\n{}".format(re.sub(r"\bsecret key$", "public key", comment),
301 | 		base64.b64encode(seckey[0:2] + seckey[32:40] + seckey[72:]))
302 | 
303 | def IsSharedWorkdir(step):
304 | 	return bool(step.getProperty("shared_wd"))
305 | 
306 | def IsUsignEnabled(step):
307 | 	return ini.has_option("usign", "key")
308 | 
309 | def IsApkSigningEnabled(step):
310 | 	return ini.has_option("apk", "key")
311 | 
312 | # gpg_key - contains the key in PGP format
313 | # gpg_keyid - contains the keyid of the key on the nk3
314 | def IsGpgSigningEnabled(step):
315 | 	return ini.has_option("gpg", "key") or ini.has_option("gpg", "keyid")
316 | 
317 | def IsSignEnabled(step):
318 | 	return (
319 | 		IsUsignEnabled(step) or IsApkSigningEnabled(step) or IsGpgSigningEnabled(step)
320 | 	)
321 | 
322 | @defer.inlineCallbacks
323 | def getNewestCompleteTime(bldr):
324 | 	"""Returns the complete_at of the latest completed and not SKIPPED
325 | 	build request for this builder, or None if there are no such build
326 | 	requests. We need to filter out SKIPPED requests because we're
327 | 	using collapseRequests=True which is unfortunately marking all
328 | 	previous requests as complete when new buildset is created.
329 | 
330 | 	@returns: datetime instance or None, via Deferred
331 | 	"""
332 | 
333 | 	bldrid = yield bldr.getBuilderId()
334 | 	completed = yield bldr.master.data.get(
335 | 			('builders', bldrid, 'buildrequests'),
336 | 			[
337 | 				resultspec.Filter('complete', 'eq', [True]),
338 | 				resultspec.Filter('results', 'ne', [results.SKIPPED]),
339 | 			],
340 | 			order=['-complete_at'], limit=1)
341 | 	if not completed:
342 | 		return
343 | 
344 | 	complete_at = completed[0]['complete_at']
345 | 
346 | 	last_build = yield bldr.master.data.get(
347 | 			('builds', ),
348 | 			[
349 | 				resultspec.Filter('builderid', 'eq', [bldrid]),
350 | 			],
351 | 			order=['-started_at'], limit=1)
352 | 
353 | 	if last_build and last_build[0]:
354 | 		last_complete_at = last_build[0]['complete_at']
355 | 		if last_complete_at and (last_complete_at > complete_at):
356 | 			return last_complete_at
357 | 
358 | 	return complete_at
359 | 
360 | @defer.inlineCallbacks
361 | def prioritizeBuilders(master, builders):
362 | 	"""Returns sorted list of builders by their last timestamp of completed and
363 | 	not skipped build.
364 | 
365 | 	@returns: list of sorted builders
366 | 	"""
367 | 
368 | 	def is_building(bldr):
369 | 		return bool(bldr.building) or bool(bldr.old_building)
370 | 
371 | 	def bldr_info(bldr):
372 | 		d = defer.maybeDeferred(getNewestCompleteTime, bldr)
373 | 		d.addCallback(lambda complete_at: (complete_at, bldr))
374 | 		return d
375 | 
376 | 	def bldr_sort(item):
377 | 		(complete_at, bldr) = item
378 | 
379 | 		if not complete_at:
380 | 			date = datetime.min
381 | 			complete_at = date.replace(tzinfo=tzutc())
382 | 
383 | 		if is_building(bldr):
384 | 			date = datetime.max
385 | 			complete_at = date.replace(tzinfo=tzutc())
386 | 
387 | 		return (complete_at, bldr.name)
388 | 
389 | 	results = yield defer.gatherResults([bldr_info(bldr) for bldr in builders])
390 | 	results.sort(key=bldr_sort)
391 | 
392 | 	for r in results:
393 | 		log.msg("prioritizeBuilders: {:>20} complete_at: {}".format(r[1].name, r[0]))
394 | 
395 | 	return [r[1] for r in results]
396 | 
397 | c['prioritizeBuilders'] = prioritizeBuilders
398 | c['builders'] = []
399 | 
400 | dlLock = locks.WorkerLock("worker_dl")
401 | 
402 | workerNames = [ ]
403 | 
404 | for worker in c['workers']:
405 | 	workerNames.append(worker.workername)
406 | 
407 | force_factory = BuildFactory()
408 | 
409 | c['builders'].append(BuilderConfig(
410 | 	name        = "00_force_build",
411 | 	workernames = workerNames,
412 | 	factory     = force_factory))
413 | 
414 | for arch in arches:
415 | 	ts = arch[1].split('/')
416 | 
417 | 	factory = BuildFactory()
418 | 
419 | 	# setup shared work directory if required
420 | 	factory.addStep(ShellCommand(
421 | 		name = "sharedwd",
422 | 		description = "Setting up shared work directory",
423 | 		command = 'test -L "$PWD" || (mkdir -p ../shared-workdir && rm -rf "$PWD" && ln -s shared-workdir "$PWD")',
424 | 		workdir = ".",
425 | 		haltOnFailure = True,
426 | 		doStepIf = IsSharedWorkdir))
427 | 
428 | 	# find number of cores
429 | 	factory.addStep(SetPropertyFromCommand(
430 | 		name = "nproc",
431 | 		property = "nproc",
432 | 		description = "Finding number of CPUs",
433 | 		command = ["nproc"]))
434 | 
435 | 	# prepare workspace
436 | 	factory.addStep(FileDownload(
437 | 		mastersrc = scripts_dir + '/cleanup.sh',
438 | 		workerdest = "../cleanup.sh",
439 | 		mode = 0o755))
440 | 
441 | 	if not persistent:
442 | 		factory.addStep(ShellCommand(
443 | 			name = "cleanold",
444 | 			description = "Cleaning previous builds",
445 | 			command = ["./cleanup.sh", buildbot_url, Interpolate("%(prop:workername)s"), Interpolate("%(prop:buildername)s"), "full"],
446 | 			workdir = ".",
447 | 			haltOnFailure = True,
448 | 			timeout = 2400))
449 | 
450 | 		factory.addStep(ShellCommand(
451 | 			name = "cleanup",
452 | 			description = "Cleaning work area",
453 | 			command = ["./cleanup.sh", buildbot_url, Interpolate("%(prop:workername)s"), Interpolate("%(prop:buildername)s"), "single"],
454 | 			workdir = ".",
455 | 			haltOnFailure = True,
456 | 			timeout = 2400))
457 | 
458 | 	factory.addStep(ShellCommand(
459 | 		name = "mksdkdir",
460 | 		description = "Preparing SDK directory",
461 | 		command = ["mkdir", "-p", "sdk"],
462 | 		haltOnFailure = True))
463 | 
464 | 	factory.addStep(ShellCommand(
465 | 		name = "downloadsdk",
466 | 		description = "Downloading SDK archive",
467 | 		command = ["rsync"] + rsync_defopts + ["-a", "%s/%s/%s/%s" %(rsync_sdk_url, ts[0], ts[1], rsync_sdk_pat), "sdk.archive"],
468 | 		env={'RSYNC_PASSWORD': rsync_sdk_key},
469 | 		haltOnFailure = True,
470 | 		logEnviron = False))
471 | 
472 | 	factory.addStep(ShellCommand(
473 | 		name = "unpacksdk",
474 | 		description = "Unpacking SDK archive",
475 | 		command = "rm -rf sdk_update && mkdir sdk_update && tar --strip-components=1 -C sdk_update/ -vxf sdk.archive",
476 | 		haltOnFailure = True))
477 | 
478 | 	factory.addStep(ShellCommand(
479 | 		name = "updatesdk",
480 | 		description = "Updating SDK",
481 | 		command = "rsync " + (" ").join(rsync_defopts) + " --checksum -a sdk_update/ sdk/ && rm -rf sdk_update",
482 | 		haltOnFailure = True))
483 | 
484 | 	factory.addStep(ShellCommand(
485 | 		name = "cleancmdlinks",
486 | 		description = "Sanitizing host command symlinks",
487 | 		command = "find sdk/staging_dir/host/bin/ -type l -exec sh -c 'case $(readlink {}) in /bin/*|/usr/bin/*) true;; /*) rm -vf {};; esac' \\;",
488 | 		haltOnFailure = True))
489 | 
490 | 	factory.addStep(StringDownload(
491 | 		name = "writeversionmk",
492 | 		s = 'TOPDIR:=${CURDIR}\n\ninclude $(TOPDIR)/include/version.mk\n\nversion:\n\t@echo $(VERSION_NUMBER)\n',
493 | 		workerdest = "sdk/getversion.mk",
494 | 		mode = 0o755))
495 | 
496 | 	factory.addStep(SetPropertyFromCommand(
497 | 		name = "getversion",
498 | 		property = "release_version",
499 | 		description = "Finding SDK release version",
500 | 		workdir = "build/sdk",
501 | 		command = ["make", "-f", "getversion.mk"]))
502 | 
503 | 	# install build key
504 | 	factory.addStep(StringDownload(
505 | 		name = "dlkeybuildpub",
506 | 		s = UsignSec2Pub(usign_key, usign_comment),
507 | 		workerdest = "sdk/key-build.pub",
508 | 		mode = 0o600,
509 | 		doStepIf = IsUsignEnabled))
510 | 
511 | 	factory.addStep(StringDownload(
512 | 		name = "dlkeybuild",
513 | 		s = "# fake private key",
514 | 		workerdest = "sdk/key-build",
515 | 		mode = 0o600,
516 | 		doStepIf = IsUsignEnabled))
517 | 
518 | 	factory.addStep(StringDownload(
519 | 		name = "dlkeybuilducert",
520 | 		s = "# fake certificate",
521 | 		workerdest = "sdk/key-build.ucert",
522 | 		mode = 0o600,
523 | 		doStepIf = IsUsignEnabled))
524 | 
525 | 	factory.addStep(ShellCommand(
526 | 		name = "mkdldir",
527 | 		description = "Preparing download directory",
528 | 		command = ["sh", "-c", "mkdir -p $HOME/dl && rm -rf ./sdk/dl && ln -sf $HOME/dl ./sdk/dl"],
529 | 		haltOnFailure = True))
530 | 
531 | 	factory.addStep(ShellCommand(
532 | 		name = "mkconf",
533 | 		description = "Preparing SDK configuration",
534 | 		workdir = "build/sdk",
535 | 		command = ["sh", "-c", "rm -f .config && make defconfig"]))
536 | 
537 | 	factory.addStep(FileDownload(
538 | 		mastersrc = scripts_dir + '/ccache.sh',
539 | 		workerdest = 'sdk/ccache.sh',
540 | 		mode = 0o755))
541 | 
542 | 	factory.addStep(ShellCommand(
543 | 		name = "prepccache",
544 | 		description = "Preparing ccache",
545 | 		workdir = "build/sdk",
546 | 		command = ["./ccache.sh"],
547 | 		haltOnFailure = True))
548 | 
549 | 	factory.addStep(ShellCommand(
550 | 		name = "updatefeeds",
551 | 		description = "Updating feeds",
552 | 		workdir = "build/sdk",
553 | 		command = ["./scripts/feeds", "update", "-f"],
554 | 		haltOnFailure = True))
555 | 
556 | 	factory.addStep(ShellCommand(
557 | 		name = "installfeeds",
558 | 		description = "Installing feeds",
559 | 		workdir = "build/sdk",
560 | 		command = ["./scripts/feeds", "install", "-a"],
561 | 		haltOnFailure = True))
562 | 
563 | 	factory.addStep(ShellCommand(
564 | 		name = "logclear",
565 | 		description = "Clearing failure logs",
566 | 		workdir = "build/sdk",
567 | 		command = ["rm", "-rf", "logs/package/error.txt", "faillogs/"],
568 | 		haltOnFailure = False,
569 | 		flunkOnFailure = False,
570 | 		warnOnFailure = True,
571 | 	))
572 | 
573 | 	factory.addStep(ShellCommand(
574 | 		name = "compile",
575 | 		description = "Building packages",
576 | 		workdir = "build/sdk",
577 | 		timeout = 3600,
578 | 		command = ["make", Interpolate("-j%(prop:nproc:-1)s"), "IGNORE_ERRORS=n m y", "BUILD_LOG=1", "CONFIG_AUTOREMOVE=y", "CONFIG_SIGNED_PACKAGES="],
579 | 		env = {'CCACHE_BASEDIR': Interpolate("%(kw:cwd)s", cwd=GetCwd)},
580 | 		haltOnFailure = True))
581 | 
582 | 	factory.addStep(ShellCommand(
583 | 		name = "mkfeedsconf",
584 | 		description = "Generating pinned feeds.conf",
585 | 		workdir = "build/sdk",
586 | 		command = "./scripts/feeds list -s -f > bin/packages/%s/feeds.conf" %(arch[0])))
587 | 
588 | 	factory.addStep(ShellCommand(
589 | 		name = "checksums",
590 | 		description = "Calculating checksums",
591 | 		descriptionDone="Checksums calculated",
592 | 		workdir = "build/sdk",
593 | 		command = "cd bin/packages/%s; " %(arch[0])
594 | 		+ "find . -type f -not -name 'sha256sums' -printf \"%P\n\" | "
595 | 		+ "sort | xargs -r ../../../staging_dir/host/bin/mkhash -n sha256 | "
596 | 		+ r"sed -ne 's!^\(.*\) \(.*\)$!\1 *\2!p' > sha256sums",
597 | 		haltOnFailure = True
598 | 	))
599 | 
600 | 	factory.addStep(MasterShellCommand(
601 | 		name = "signprepare",
602 | 		description = "Preparing temporary signing directory",
603 | 		command = ["mkdir", "-p", "%s/signing" %(work_dir)],
604 | 		haltOnFailure = True,
605 | 		doStepIf = IsSignEnabled
606 | 	))
607 | 
608 | 	factory.addStep(ShellCommand(
609 | 		name = "signpack",
610 | 		description = "Packing files to sign",
611 | 		workdir = "build/sdk",
612 | 		command = "find bin/packages/%s/ -mindepth 1 -maxdepth 2 -type f " %(arch[0])
613 | 		+ "-name sha256sums -print0 -or "
614 | 		+ "-name Packages -print0 -or "
615 | 		+ "-name packages.adb -print0 | "
616 | 		+ "xargs -0 tar -czf sign.tar.gz",
617 | 		haltOnFailure = True,
618 | 		doStepIf = IsSignEnabled
619 | 	))
620 | 
621 | 	factory.addStep(FileUpload(
622 | 		workersrc = "sdk/sign.tar.gz",
623 | 		masterdest = "%s/signing/%s.tar.gz" %(work_dir, arch[0]),
624 | 		haltOnFailure = True,
625 | 		doStepIf = IsSignEnabled
626 | 	))
627 | 
628 | 	factory.addStep(MasterShellCommand(
629 | 		name = "signfiles",
630 | 		description = "Signing files",
631 | 		command = ["%s/signall.sh" %(scripts_dir), "%s/signing/%s.tar.gz" %(work_dir, arch[0])],
632 | 		env = { 'CONFIG_INI': os.getenv("BUILDMASTER_CONFIG", "./config.ini") },
633 | 		haltOnFailure = True,
634 | 		doStepIf = IsSignEnabled
635 | 	))
636 | 
637 | 	factory.addStep(FileDownload(
638 | 		mastersrc = "%s/signing/%s.tar.gz" %(work_dir, arch[0]),
639 | 		workerdest = "sdk/sign.tar.gz",
640 | 		haltOnFailure = True,
641 | 		doStepIf = IsSignEnabled
642 | 	))
643 | 
644 | 	factory.addStep(ShellCommand(
645 | 		name = "signunpack",
646 | 		description = "Unpacking signed files",
647 | 		workdir = "build/sdk",
648 | 		command = ["tar", "-xzf", "sign.tar.gz"],
649 | 		haltOnFailure = True,
650 | 		doStepIf = IsSignEnabled
651 | 	))
652 | 
653 | 	# download remote sha256sums to 'target-sha256sums'
654 | 	factory.addStep(ShellCommand(
655 | 		name = "target-sha256sums",
656 | 		description = "Fetching remote sha256sums for arch",
657 | 		command = ["rsync"] + rsync_defopts + ["-z", Interpolate("%(kw:rsyncbinurl)s/packages%(kw:suffix)s/%(kw:archname)s/sha256sums", rsyncbinurl=rsync_bin_url, suffix=GetDirectorySuffix, archname=arch[0]), "arch-sha256sums"],
658 | 		env={'RSYNC_PASSWORD': rsync_bin_key},
659 | 		logEnviron = False,
660 | 		haltOnFailure = False,
661 | 		flunkOnFailure = False,
662 | 		warnOnFailure = False,
663 | 	))
664 | 
665 | 	factory.addStep(FileDownload(
666 | 		name="dlrsync.sh",
667 | 		mastersrc = scripts_dir + "/rsync.sh",
668 | 		workerdest = "../rsync.sh",
669 | 		mode = 0o755
670 | 	))
671 | 
672 | 	factory.addStep(FileDownload(
673 | 		name = "dlsha2rsyncpl",
674 | 		mastersrc = scripts_dir + "/sha2rsync.pl",
675 | 		workerdest = "../sha2rsync.pl",
676 | 		mode = 0o755,
677 | 	))
678 | 
679 | 	factory.addStep(ShellCommand(
680 | 		name = "buildlist",
681 | 		description = "Building list of files to upload",
682 | 		workdir = "build/sdk",
683 | 		command = ["../../sha2rsync.pl", "../arch-sha256sums", "bin/packages/%s/sha256sums" %(arch[0]), "rsynclist"],
684 | 		haltOnFailure = True,
685 | 	))
686 | 
687 | 	factory.addStep(ShellCommand(
688 | 		name = "uploadprepare",
689 | 		description = "Preparing package directory",
690 | 		workdir = "build/sdk",
691 | 		command = ["rsync"] + rsync_defopts + ["-a", "--include", "/%s/" %(arch[0]), "--exclude", "/*", "--exclude", "/%s/*" %(arch[0]), "bin/packages/", Interpolate("%(kw:rsyncbinurl)s/packages%(kw:suffix)s/", rsyncbinurl=rsync_bin_url, suffix=GetDirectorySuffix)],
692 | 		env={'RSYNC_PASSWORD': rsync_bin_key},
693 | 		haltOnFailure = True,
694 | 		logEnviron = False
695 | 	))
696 | 
697 | 	factory.addStep(ShellCommand(
698 | 		name = "packageupload",
699 | 		description = "Uploading package files",
700 | 		workdir = "build/sdk",
701 | 		command = ["../../rsync.sh"] + rsync_defopts + ["--files-from=rsynclist", "--delay-updates", "--partial-dir=.~tmp~%s" %(arch[0]), "-a", "bin/packages/%s/" %(arch[0]), Interpolate("%(kw:rsyncbinurl)s/packages%(kw:suffix)s/%(kw:archname)s/", rsyncbinurl=rsync_bin_url, suffix=GetDirectorySuffix, archname=arch[0])],
702 | 		env={'RSYNC_PASSWORD': rsync_bin_key},
703 | 		haltOnFailure = True,
704 | 		logEnviron = False
705 | 	))
706 | 
707 | 	factory.addStep(ShellCommand(
708 | 		name = "packageprune",
709 | 		description = "Pruning package files",
710 | 		workdir = "build/sdk",
711 | 		command = ["../../rsync.sh"] + rsync_defopts + ["--delete", "--existing", "--ignore-existing", "--delay-updates", "--partial-dir=.~tmp~%s" %(arch[0]), "-a", "bin/packages/%s/" %(arch[0]), Interpolate("%(kw:rsyncbinurl)s/packages%(kw:suffix)s/%(kw:archname)s/", rsyncbinurl=rsync_bin_url, suffix=GetDirectorySuffix, archname=arch[0])],
712 | 		env={'RSYNC_PASSWORD': rsync_bin_key},
713 | 		haltOnFailure = True,
714 | 		logEnviron = False
715 | 	))
716 | 
717 | 	factory.addStep(ShellCommand(
718 | 		name = "logprepare",
719 | 		description = "Preparing log directory",
720 | 		workdir = "build/sdk",
721 | 		command = ["rsync"] + rsync_defopts + ["-a", "--include", "/%s/" %(arch[0]), "--exclude", "/*", "--exclude", "/%s/*" %(arch[0]), "bin/packages/", Interpolate("%(kw:rsyncbinurl)s/faillogs%(kw:suffix)s/", rsyncbinurl=rsync_bin_url, suffix=GetDirectorySuffix)],
722 | 		env={'RSYNC_PASSWORD': rsync_bin_key},
723 | 		haltOnFailure = True,
724 | 		logEnviron = False
725 | 	))
726 | 
727 | 	factory.addStep(ShellCommand(
728 | 		name = "logfind",
729 | 		description = "Finding failure logs",
730 | 		workdir = "build/sdk/logs/package/feeds",
731 | 		command = ["sh", "-c", "sed -ne 's!^ *ERROR: package/feeds/\\([^ ]*\\) .*$!\\1!p' ../error.txt | sort -u | xargs -r find > ../../../logs.txt"],
732 | 		haltOnFailure = False,
733 | 		flunkOnFailure = False,
734 | 		warnOnFailure = True,
735 | 	))
736 | 
737 | 	factory.addStep(ShellCommand(
738 | 		name = "logcollect",
739 | 		description = "Collecting failure logs",
740 | 		workdir = "build/sdk",
741 | 		command = ["rsync"] + rsync_defopts + ["-a", "--files-from=logs.txt", "logs/package/feeds/", "faillogs/"],
742 | 		haltOnFailure = False,
743 | 		flunkOnFailure = False,
744 | 		warnOnFailure = True,
745 | 	))
746 | 
747 | 	factory.addStep(ShellCommand(
748 | 		name = "logupload",
749 | 		description = "Uploading failure logs",
750 | 		workdir = "build/sdk",
751 | 		command = ["../../rsync.sh"] + rsync_defopts + ["--delete", "--delay-updates", "--partial-dir=.~tmp~%s" %(arch[0]), "-az", "faillogs/", Interpolate("%(kw:rsyncbinurl)s/faillogs%(kw:suffix)s/%(kw:archname)s/", rsyncbinurl=rsync_bin_url, suffix=GetDirectorySuffix, archname=arch[0])],
752 | 		env={'RSYNC_PASSWORD': rsync_bin_key},
753 | 		haltOnFailure = False,
754 | 		flunkOnFailure = False,
755 | 		warnOnFailure = True,
756 | 		logEnviron = False
757 | 	))
758 | 
759 | 	if rsync_src_url is not None:
760 | 		factory.addStep(ShellCommand(
761 | 			name = "sourcelist",
762 | 			description = "Finding source archives to upload",
763 | 			workdir = "build/sdk",
764 | 			command = "find dl/ -maxdepth 1 -type f -not -size 0 -not -name '.*' -not -name '*.hash' -not -name '*.dl' -newer ../sdk.archive -printf '%f\\n' > sourcelist",
765 | 			haltOnFailure = True
766 | 		))
767 | 
768 | 		factory.addStep(ShellCommand(
769 | 			name = "sourceupload",
770 | 			description = "Uploading source archives",
771 | 			workdir = "build/sdk",
772 | 			command = ["../../rsync.sh"] + rsync_defopts + ["--files-from=sourcelist", "--size-only", "--delay-updates",
773 | 					Interpolate("--partial-dir=.~tmp~%(kw:archname)s~%(prop:workername)s", archname=arch[0]), "-a", "dl/", "%s/" %(rsync_src_url)],
774 | 			env={'RSYNC_PASSWORD': rsync_src_key},
775 | 			haltOnFailure = False,
776 | 			flunkOnFailure = False,
777 | 			warnOnFailure = True,
778 | 			logEnviron = False
779 | 		))
780 | 
781 | 	factory.addStep(ShellCommand(
782 | 		name = "df",
783 | 		description = "Reporting disk usage",
784 | 		command=["df", "-h", "."],
785 | 		env={'LC_ALL': 'C'},
786 | 		haltOnFailure = False,
787 | 		flunkOnFailure = False,
788 | 		warnOnFailure = False,
789 | 		alwaysRun = True
790 | 	))
791 | 
792 | 	factory.addStep(ShellCommand(
793 | 		name = "du",
794 | 		description = "Reporting estimated file space usage",
795 | 		command=["du", "-sh", "."],
796 | 		env={'LC_ALL': 'C'},
797 | 		haltOnFailure = False,
798 | 		flunkOnFailure = False,
799 | 		warnOnFailure = False,
800 | 		alwaysRun = True
801 | 	))
802 | 
803 | 	factory.addStep(ShellCommand(
804 | 		name = "ccachestat",
805 | 		description = "Reporting ccache stats",
806 | 		command=["ccache", "-s"],
807 | 		want_stderr = False,
808 | 		haltOnFailure = False,
809 | 		flunkOnFailure = False,
810 | 		warnOnFailure = False,
811 | 		alwaysRun = True,
812 | 	))
813 | 
814 | 	c['builders'].append(BuilderConfig(name=arch[0], workernames=workerNames, factory=factory))
815 | 
816 | 	c['schedulers'].append(schedulers.Triggerable(name="trigger_%s" % arch[0], builderNames=[ arch[0] ]))
817 | 	force_factory.addStep(steps.Trigger(
818 | 		name = "trigger_%s" % arch[0],
819 | 		description = "Triggering %s build" % arch[0],
820 | 		schedulerNames = [ "trigger_%s" % arch[0] ],
821 | 		set_properties = { "reason": Property("reason") },
822 | 		doStepIf = IsArchitectureSelected(arch[0])
823 | 	))
824 | 
825 | ####### STATUS arches
826 | 
827 | # 'status' is a list of Status arches. The results of each build will be
828 | # pushed to these arches. buildbot/status/*.py has a variety to choose from,
829 | # including web pages, email senders, and IRC bots.
830 | 
831 | if ini.has_option("phase2", "status_bind"):
832 | 	c['www'] = {
833 | 		'port': ini.get("phase2", "status_bind"),
834 | 		'plugins': {
835 | 			'waterfall_view': True,
836 | 			'console_view': True,
837 | 			'grid_view': True
838 | 		}
839 | 	}
840 | 
841 | 	if ini.has_option("phase2", "status_user") and ini.has_option("phase2", "status_password"):
842 | 		c['www']['auth'] = util.UserPasswordAuth([
843 | 			(ini.get("phase2", "status_user"), ini.get("phase2", "status_password"))
844 | 		])
845 | 		c['www']['authz'] = util.Authz(
846 | 			allowRules=[ util.AnyControlEndpointMatcher(role="admins") ],
847 | 			roleMatchers=[ util.RolesFromUsername(roles=["admins"], usernames=[ini.get("phase2", "status_user")]) ]
848 | 		)
849 | 
850 | ####### PROJECT IDENTITY
851 | 
852 | # the 'title' string will appear at the top of this buildbot
853 | # installation's html.WebStatus home page (linked to the
854 | # 'titleURL') and is embedded in the title of the waterfall HTML page.
855 | 
856 | c['title'] = ini.get("general", "title")
857 | c['titleURL'] = ini.get("general", "title_url")
858 | 
859 | # the 'buildbotURL' string should point to the location where the buildbot's
860 | # internal web server (usually the html.WebStatus page) is visible. This
861 | # typically uses the port number set in the Waterfall 'status' entry, but
862 | # with an externally-visible host name which the buildbot cannot figure out
863 | # without some help.
864 | 
865 | c['buildbotURL'] = buildbot_url
866 | 
867 | ####### DB URL
868 | 
869 | c['db'] = {
870 | 	# This specifies what database buildbot uses to store its state.  You can leave
871 | 	# this at its default for all but the largest installations.
872 | 	'db_url' : "sqlite:///state.sqlite",
873 | }
874 | 
875 | c['buildbotNetUsageData'] = None
876 | 


--------------------------------------------------------------------------------
/phase1/master.cfg:
--------------------------------------------------------------------------------
   1 | # -*- python -*-
   2 | # ex: set syntax=python:
   3 | 
   4 | import os
   5 | import re
   6 | import base64
   7 | import subprocess
   8 | import configparser
   9 | 
  10 | from dateutil.tz import tzutc
  11 | from datetime import datetime, timedelta
  12 | 
  13 | from twisted.internet import defer
  14 | from twisted.python import log
  15 | 
  16 | from buildbot import locks
  17 | from buildbot.data import resultspec
  18 | from buildbot.changes.gitpoller import GitPoller
  19 | from buildbot.config import BuilderConfig
  20 | from buildbot.process import buildstep
  21 | from buildbot.plugins import reporters
  22 | from buildbot.plugins import schedulers
  23 | from buildbot.plugins import steps
  24 | from buildbot.plugins import util
  25 | from buildbot.process import properties
  26 | from buildbot.process import results
  27 | from buildbot.process.factory import BuildFactory
  28 | from buildbot.process.properties import Interpolate
  29 | from buildbot.process.properties import Property
  30 | from buildbot.schedulers.basic import AnyBranchScheduler
  31 | from buildbot.schedulers.forcesched import BaseParameter
  32 | from buildbot.schedulers.forcesched import ForceScheduler
  33 | from buildbot.schedulers.forcesched import ValidationError
  34 | from buildbot.steps.master import MasterShellCommand
  35 | from buildbot.steps.shell import SetPropertyFromCommand
  36 | from buildbot.steps.shell import ShellCommand
  37 | from buildbot.steps.source.git import Git
  38 | from buildbot.steps.transfer import FileDownload
  39 | from buildbot.steps.transfer import FileUpload
  40 | from buildbot.steps.transfer import StringDownload
  41 | from buildbot.worker import Worker
  42 | from buildbot.worker.local import LocalWorker
  43 | 
  44 | 
  45 | if not os.path.exists("twistd.pid"):
  46 |     with open("twistd.pid", "w") as pidfile:
  47 |         pidfile.write("{}".format(os.getpid()))
  48 | 
  49 | # This is a sample buildmaster config file. It must be installed as
  50 | # 'master.cfg' in your buildmaster's base directory.
  51 | 
  52 | ini = configparser.ConfigParser()
  53 | ini.read(os.getenv("BUILDMASTER_CONFIG", "./config.ini"))
  54 | 
  55 | if "general" not in ini or "phase1" not in ini:
  56 |     raise ValueError("Fix your configuration")
  57 | 
  58 | inip1 = ini["phase1"]
  59 | 
  60 | # Globals
  61 | work_dir = os.path.abspath(ini["general"].get("workdir", "."))
  62 | scripts_dir = os.path.abspath("../scripts")
  63 | 
  64 | repo_url = ini["repo"].get("url")
  65 | tree_stable_timer = ini["repo"].getint("tree_stable_timer", 15 * 60)
  66 | 
  67 | rsync_defopts = ["-v", "--timeout=120"]
  68 | 
  69 | # if rsync_bin_url.find("::") > 0 or rsync_bin_url.find("rsync://") == 0:
  70 | # 	rsync_bin_defopts += ["--contimeout=20"]
  71 | 
  72 | branches = {}
  73 | 
  74 | 
  75 | def ini_parse_branch(section):
  76 |     b = {}
  77 |     name = section.get("name")
  78 | 
  79 |     if not name:
  80 |         raise ValueError("missing 'name' in " + repr(section))
  81 |     if name in branches:
  82 |         raise ValueError("duplicate branch name in " + repr(section))
  83 | 
  84 |     b["name"] = name
  85 |     b["bin_url"] = section.get("binary_url")
  86 |     b["bin_key"] = section.get("binary_password")
  87 | 
  88 |     b["src_url"] = section.get("source_url")
  89 |     b["src_key"] = section.get("source_password")
  90 | 
  91 |     b["apk_key"] = section.get("apk_key")
  92 |     b["gpg_key"] = section.get("gpg_key")
  93 |     b["gpg_keyid"] = section.get("gpg_keyid")
  94 | 
  95 |     b["usign_key"] = section.get("usign_key")
  96 |     usign_comment = "untrusted comment: " + name.replace("-", " ").title() + " key"
  97 |     b["usign_comment"] = section.get("usign_comment", usign_comment)
  98 | 
  99 |     b["config_seed"] = section.get("config_seed")
 100 |     b["build_targets"] = section.get("build_targets")
 101 | 
 102 |     b["kmod_archive"] = section.getboolean("kmod_archive", False)
 103 | 
 104 |     branches[name] = b
 105 |     log.msg("Configured branch: {}".format(name))
 106 | 
 107 | 
 108 | # PB port can be either a numeric port or a connection string
 109 | pb_port = inip1.get("port") or 9989
 110 | feeds_host_override = inip1.get("feeds_host_override", "").strip()
 111 | 
 112 | # This is the dictionary that the buildmaster pays attention to. We also use
 113 | # a shorter alias to save typing.
 114 | c = BuildmasterConfig = {}
 115 | 
 116 | # PROJECT IDENTITY
 117 | 
 118 | # the 'title' string will appear at the top of this buildbot
 119 | # installation's html.WebStatus home page (linked to the
 120 | # 'titleURL') and is embedded in the title of the waterfall HTML page.
 121 | 
 122 | c["title"] = ini["general"].get("title")
 123 | c["titleURL"] = ini["general"].get("title_url")
 124 | 
 125 | # the 'buildbotURL' string should point to the location where the buildbot's
 126 | # internal web server (usually the html.WebStatus page) is visible. This
 127 | # typically uses the port number set in the Waterfall 'status' entry, but
 128 | # with an externally-visible host name which the buildbot cannot figure out
 129 | # without some help.
 130 | 
 131 | c["buildbotURL"] = inip1.get("buildbot_url")
 132 | 
 133 | # BUILDWORKERS
 134 | 
 135 | # The 'workers' list defines the set of recognized buildworkers. Each element is
 136 | # a Worker object, specifying a unique worker name and password.  The same
 137 | # worker name and password must be configured on the worker.
 138 | 
 139 | c["workers"] = []
 140 | NetLocks = dict()
 141 | 
 142 | 
 143 | def ini_parse_workers(section):
 144 |     name = section.get("name")
 145 |     password = section.get("password")
 146 |     phase = section.getint("phase")
 147 |     tagonly = section.getboolean("tag_only")
 148 |     rsyncipv4 = section.getboolean("rsync_ipv4")
 149 | 
 150 |     if not name or not password or not phase == 1:
 151 |         log.msg("invalid worker configuration ignored: {}".format(repr(section)))
 152 |         return
 153 | 
 154 |     sl_props = {"tag_only": tagonly}
 155 |     if "dl_lock" in section:
 156 |         lockname = section.get("dl_lock")
 157 |         sl_props["dl_lock"] = lockname
 158 |         if lockname not in NetLocks:
 159 |             NetLocks[lockname] = locks.MasterLock(lockname)
 160 |     if "ul_lock" in section:
 161 |         lockname = section.get("ul_lock")
 162 |         sl_props["ul_lock"] = lockname
 163 |         if lockname not in NetLocks:
 164 |             NetLocks[lockname] = locks.MasterLock(lockname)
 165 |     if rsyncipv4:
 166 |         sl_props[
 167 |             "rsync_ipv4"
 168 |         ] = True  # only set prop if required, we use '+' Interpolate substitution
 169 | 
 170 |     log.msg("Configured worker: {}".format(name))
 171 |     # NB: phase1 build factory requires workers to be single-build only
 172 |     c["workers"].append(Worker(name, password, max_builds=1, properties=sl_props))
 173 | 
 174 | 
 175 | for section in ini.sections():
 176 |     if section.startswith("branch "):
 177 |         ini_parse_branch(ini[section])
 178 | 
 179 |     if section.startswith("worker "):
 180 |         ini_parse_workers(ini[section])
 181 | 
 182 | # list of branches in build-priority order
 183 | branchNames = [branches[b]["name"] for b in branches]
 184 | 
 185 | c["protocols"] = {"pb": {"port": pb_port}}
 186 | 
 187 | # coalesce builds
 188 | c["collapseRequests"] = True
 189 | 
 190 | # Reduce amount of backlog data
 191 | c["configurators"] = [
 192 |     util.JanitorConfigurator(
 193 |         logHorizon=timedelta(days=3),
 194 |         hour=6,
 195 |     )
 196 | ]
 197 | 
 198 | 
 199 | @defer.inlineCallbacks
 200 | def getNewestCompleteTimePrio(bldr):
 201 |     """Returns the priority and the complete_at of the latest completed and not SKIPPED
 202 |     build request for this builder, or None if there are no such build
 203 |     requests. We need to filter out SKIPPED requests because we're
 204 |     using collapseRequests=True which is unfortunately marking all
 205 |     previous requests as complete when new buildset is created.
 206 | 
 207 |     @returns: (priority, datetime instance or None), via Deferred
 208 |     """
 209 | 
 210 |     prio = yield bldr.get_highest_priority()
 211 |     if prio is None:
 212 |         prio = 0
 213 | 
 214 |     bldrid = yield bldr.getBuilderId()
 215 |     completed = yield bldr.master.data.get(
 216 |         ("builders", bldrid, "buildrequests"),
 217 |         [
 218 |             resultspec.Filter("complete", "eq", [True]),
 219 |             resultspec.Filter("results", "ne", [results.SKIPPED]),
 220 |         ],
 221 |         order=["-complete_at"],
 222 |         limit=1,
 223 |     )
 224 |     if not completed:
 225 |         return (prio, None)
 226 | 
 227 |     complete_at = completed[0]["complete_at"]
 228 | 
 229 |     last_build = yield bldr.master.data.get(
 230 |         ("builds",),
 231 |         [
 232 |             resultspec.Filter("builderid", "eq", [bldrid]),
 233 |         ],
 234 |         order=["-started_at"],
 235 |         limit=1,
 236 |     )
 237 | 
 238 |     if last_build and last_build[0]:
 239 |         last_complete_at = last_build[0]["complete_at"]
 240 |         if last_complete_at and (last_complete_at > complete_at):
 241 |             return (prio, last_complete_at)
 242 | 
 243 |     return (prio, complete_at)
 244 | 
 245 | 
 246 | @defer.inlineCallbacks
 247 | def prioritizeBuilders(master, builders):
 248 |     """Returns sorted list of builders by their last timestamp of completed and
 249 |     not skipped build, ordered first by branch name.
 250 | 
 251 |     @returns: list of sorted builders
 252 |     """
 253 | 
 254 |     bldrNamePrio = {"__Janitor": 0, "00_force_build": 0}
 255 |     i = 1
 256 |     for bname in branchNames:
 257 |         bldrNamePrio[bname] = i
 258 | 
 259 |     def is_building(bldr):
 260 |         return bool(bldr.building) or bool(bldr.old_building)
 261 | 
 262 |     def bldr_info(bldr):
 263 |         d = defer.maybeDeferred(getNewestCompleteTimePrio, bldr)
 264 |         d.addCallback(lambda retval: (retval, bldr))
 265 |         return d
 266 | 
 267 |     def bldr_sort(item):
 268 |         ((hiprio, complete_at), bldr) = item
 269 | 
 270 |         # check if we have some high prio build requests pending (i.e. tag builds),
 271 |         # if so, front-run these builders, while preserving the per-branch static priority
 272 |         pos = 99
 273 |         for name, prio in bldrNamePrio.items():
 274 |             if bldr.name.startswith(name):
 275 |                 # higher priority (larger positive number) raises position
 276 |                 pos = prio + 50 - min(hiprio, 50)
 277 |                 break
 278 | 
 279 |         # pos order: janitor/local (0), tag builds if any [1..50], !tag builds [51...]
 280 | 
 281 |         if not complete_at:
 282 |             date = datetime.min
 283 |             complete_at = date.replace(tzinfo=tzutc())
 284 | 
 285 |         if is_building(bldr):
 286 |             date = datetime.max
 287 |             complete_at = date.replace(tzinfo=tzutc())
 288 | 
 289 |         return (pos, complete_at, bldr.name)
 290 | 
 291 |     results = yield defer.gatherResults([bldr_info(bldr) for bldr in builders])
 292 |     results.sort(key=bldr_sort)
 293 | 
 294 |     # for r in results:
 295 |     # 	log.msg("prioritizeBuilders: {:>20} complete_at: {}".format(r[1].name, r[0]))
 296 | 
 297 |     return [r[1] for r in results]
 298 | 
 299 | 
 300 | c["prioritizeBuilders"] = prioritizeBuilders
 301 | 
 302 | # CHANGESOURCES
 303 | 
 304 | # find targets
 305 | targets = dict()
 306 | 
 307 | 
 308 | def populateTargets():
 309 |     def buildTargetsConfigured(branch):
 310 |         builders = branches[branch].get("build_targets")
 311 |         return builders and set(filter(None, [t.strip() for t in builders.split("\n")]))
 312 | 
 313 |     for branch in branchNames:
 314 |         targets[branch] = buildTargetsConfigured(branch)
 315 |         if not targets[branch]:
 316 |             populateTargetsForBranch(branch)
 317 | 
 318 | 
 319 | def populateTargetsForBranch(branch):
 320 |     """fetches a shallow clone for passed `branch` and then
 321 |     executes dump-target-info.pl and collates the results to ensure
 322 |     targets that only exist in specific branches get built.
 323 |     This takes a while during master startup but is executed only once.
 324 |     """
 325 |     targets[branch] = set()
 326 |     sourcegit = work_dir + "/source.git"
 327 | 
 328 |     log.msg(f"Populating targets for {branch}, this will take time")
 329 | 
 330 |     if os.path.isdir(sourcegit):
 331 |         subprocess.call(["rm", "-rf", sourcegit])
 332 | 
 333 |     subprocess.call(
 334 |         [
 335 |             "git",
 336 |             "clone",
 337 |             "-q",
 338 |             "--depth=1",
 339 |             "--branch=" + branch,
 340 |             repo_url,
 341 |             sourcegit,
 342 |         ]
 343 |     )
 344 | 
 345 |     os.makedirs(sourcegit + "/tmp", exist_ok=True)
 346 |     findtargets = subprocess.Popen(
 347 |         ["./scripts/dump-target-info.pl", "targets"],
 348 |         stdout=subprocess.PIPE,
 349 |         stderr=subprocess.DEVNULL,
 350 |         cwd=sourcegit,
 351 |     )
 352 | 
 353 |     while True:
 354 |         line = findtargets.stdout.readline()
 355 |         if not line:
 356 |             break
 357 |         ta = line.decode().strip().split(" ")
 358 |         targets[branch].add(ta[0])
 359 | 
 360 |     subprocess.call(["rm", "-rf", sourcegit])
 361 | 
 362 | 
 363 | populateTargets()
 364 | 
 365 | # the 'change_source' setting tells the buildmaster how it should find out
 366 | # about source code changes.
 367 | 
 368 | c["change_source"] = []
 369 | c["change_source"].append(
 370 |     GitPoller(
 371 |         repo_url,
 372 |         workdir=work_dir + "/work.git",
 373 |         branches=branchNames,
 374 |         pollAtLaunch=True,
 375 |         pollInterval=300,
 376 |     )
 377 | )
 378 | 
 379 | # SCHEDULERS
 380 | 
 381 | # Configure the Schedulers, which decide how to react to incoming changes.
 382 | 
 383 | 
 384 | # Selector for known valid tags
 385 | class TagChoiceParameter(BaseParameter):
 386 |     spec_attributes = ["strict", "choices"]
 387 |     type = "list"
 388 |     strict = True
 389 | 
 390 |     def __init__(self, name, label=None, **kw):
 391 |         super().__init__(name, label, **kw)
 392 |         self._choice_list = []
 393 | 
 394 |     def getRevTags(self, findtag=None):
 395 |         taglist = []
 396 |         branchvers = []
 397 | 
 398 |         # we will filter out tags that do no match the configured branches
 399 |         for b in branchNames:
 400 |             basever = re.search(r"-([0-9]+\.[0-9]+)$", b)
 401 |             if basever:
 402 |                 branchvers.append(basever[1])
 403 | 
 404 |         # grab tags from remote repository
 405 |         alltags = subprocess.Popen(
 406 |             ["git", "ls-remote", "--tags", repo_url], stdout=subprocess.PIPE
 407 |         )
 408 | 
 409 |         while True:
 410 |             line = alltags.stdout.readline()
 411 | 
 412 |             if not line:
 413 |                 break
 414 | 
 415 |             (rev, tag) = line.split()
 416 | 
 417 |             # does it match known format? ('vNN.NN.NN(-rcN)')
 418 |             tagver = re.search(
 419 |                 r"\brefs/tags/(v[0-9]+\.[0-9]+\.[0-9]+(?:-rc[0-9]+)?)$",
 420 |                 tag.decode().strip(),
 421 |             )
 422 | 
 423 |             # only list valid tags matching configured branches
 424 |             if tagver and any(tagver[1][1:].startswith(b) for b in branchvers):
 425 |                 # if we want a specific tag, ignore all that don't match
 426 |                 if findtag and findtag != tagver[1]:
 427 |                     continue
 428 |                 taglist.append({"rev": rev.decode().strip(), "tag": tagver[1]})
 429 | 
 430 |         return taglist
 431 | 
 432 |     @property
 433 |     def choices(self):
 434 |         taglist = [rt["tag"] for rt in self.getRevTags()]
 435 |         taglist.sort(
 436 |             reverse=True,
 437 |             key=lambda tag: tag if re.search(r"-rc[0-9]+$", tag) else tag + "-z",
 438 |         )
 439 |         taglist.insert(0, "")
 440 | 
 441 |         self._choice_list = taglist
 442 | 
 443 |         return self._choice_list
 444 | 
 445 |     def updateFromKwargs(self, properties, kwargs, **unused):
 446 |         tag = self.getFromKwargs(kwargs)
 447 |         properties[self.name] = tag
 448 | 
 449 |         # find the commit matching the tag
 450 |         findtag = self.getRevTags(tag)
 451 | 
 452 |         if not findtag:
 453 |             raise ValidationError("Couldn't find tag")
 454 | 
 455 |         properties["force_revision"] = findtag[0]["rev"]
 456 | 
 457 |         # find the branch matching the tag
 458 |         branch = None
 459 |         branchver = re.search(r"v([0-9]+\.[0-9]+)", tag)
 460 |         for b in branchNames:
 461 |             if b.endswith(branchver[1]):
 462 |                 branch = b
 463 | 
 464 |         if not branch:
 465 |             raise ValidationError("Couldn't find branch")
 466 | 
 467 |         properties["force_branch"] = branch
 468 | 
 469 |     def parse_from_arg(self, s):
 470 |         if self.strict and s not in self._choice_list:
 471 |             raise ValidationError(
 472 |                 "'%s' does not belong to list of available choices '%s'"
 473 |                 % (s, self._choice_list)
 474 |             )
 475 |         return s
 476 | 
 477 | 
 478 | @util.renderer
 479 | @defer.inlineCallbacks
 480 | def builderNames(props):
 481 |     """since we have per branch and per target builders,
 482 |     address the relevant builder for each new buildrequest
 483 |     based on the request's desired branch and target.
 484 |     """
 485 |     branch = props.getProperty("branch")
 486 |     target = props.getProperty("target", "")
 487 | 
 488 |     if target == "all":
 489 |         target = ""
 490 | 
 491 |     # if that didn't work, try sourcestamp to find a branch
 492 |     if not branch:
 493 |         # match builders with target branch
 494 |         ss = props.sourcestamps[0]
 495 |         if ss:
 496 |             branch = ss["branch"]
 497 |         else:
 498 |             log.msg("couldn't find builder")
 499 |             return []  # nothing works
 500 | 
 501 |     bname = branch + "_" + target
 502 |     builders = []
 503 | 
 504 |     for b in (yield props.master.data.get(("builders",))):
 505 |         if not b["name"].startswith(bname):
 506 |             continue
 507 |         builders.append(b["name"])
 508 | 
 509 |     return builders
 510 | 
 511 | 
 512 | c["schedulers"] = []
 513 | c["schedulers"].append(
 514 |     AnyBranchScheduler(
 515 |         name="all",
 516 |         change_filter=util.ChangeFilter(branch=branchNames),
 517 |         treeStableTimer=tree_stable_timer,
 518 |         builderNames=builderNames,
 519 |     )
 520 | )
 521 | 
 522 | c["schedulers"].append(
 523 |     ForceScheduler(
 524 |         name="force",
 525 |         buttonName="Force builds",
 526 |         label="Force build details",
 527 |         builderNames=["00_force_build"],
 528 |         codebases=[
 529 |             util.CodebaseParameter(
 530 |                 "",
 531 |                 label="Repository",
 532 |                 branch=util.FixedParameter(name="branch", default=""),
 533 |                 revision=util.FixedParameter(name="revision", default=""),
 534 |                 repository=util.FixedParameter(name="repository", default=""),
 535 |                 project=util.FixedParameter(name="project", default=""),
 536 |             )
 537 |         ],
 538 |         reason=util.StringParameter(
 539 |             name="reason",
 540 |             label="Reason",
 541 |             default="Trigger build",
 542 |             required=True,
 543 |             size=80,
 544 |         ),
 545 |         properties=[
 546 |             # NB: avoid nesting to simplify processing of properties
 547 |             util.ChoiceStringParameter(
 548 |                 name="target",
 549 |                 label="Build target",
 550 |                 default="all",
 551 |                 choices=["all"] + [t for b in branchNames for t in targets[b]],
 552 |             ),
 553 |             TagChoiceParameter(name="tag", label="Build tag", default=""),
 554 |         ],
 555 |     )
 556 | )
 557 | 
 558 | c["schedulers"].append(
 559 |     schedulers.Triggerable(name="trigger", builderNames=builderNames, priority=20)
 560 | )
 561 | 
 562 | # BUILDERS
 563 | 
 564 | # The 'builders' list defines the Builders, which tell Buildbot how to perform a build:
 565 | # what steps, and which workers can execute them.  Note that any particular build will
 566 | # only take place on one worker.
 567 | 
 568 | 
 569 | def IsNoMasterBuild(step):
 570 |     branch = step.getProperty("branch")
 571 |     return branch not in ["main", "master"]
 572 | 
 573 | 
 574 | def IsUsignEnabled(step):
 575 |     branch = step.getProperty("branch")
 576 |     return branch and branches[branch].get("usign_key")
 577 | 
 578 | 
 579 | def IsApkSigningEnabled(step):
 580 |     branch = step.getProperty("branch")
 581 |     return branch and branches[branch].get("apk_key")
 582 | 
 583 | 
 584 | # gpg_key - contains the key in PGP format
 585 | # gpg_keyid - contains the keyid of the key on the nk3 dongle
 586 | def IsGpgSigningEnabled(step):
 587 |     branch = step.getProperty("branch")
 588 |     return branch and (
 589 |         branches[branch].get("gpg_key") or branches[branch].get("gpg_keyid")
 590 |     )
 591 | 
 592 | 
 593 | def IsSignEnabled(step):
 594 |     return (
 595 |         IsUsignEnabled(step) or IsApkSigningEnabled(step) or IsGpgSigningEnabled(step)
 596 |     )
 597 | 
 598 | 
 599 | def IsKmodArchiveEnabled(step):
 600 |     branch = step.getProperty("branch")
 601 |     return branch and branches[branch].get("kmod_archive")
 602 | 
 603 | 
 604 | def IsKmodArchiveAndRsyncEnabled(step):
 605 |     branch = step.getProperty("branch")
 606 |     return bool(IsKmodArchiveEnabled(step) and branches[branch].get("bin_url"))
 607 | 
 608 | 
 609 | def IsRemoteShaSumsAvailable(step):
 610 |     return step.getProperty("have_remote_shasums")
 611 | 
 612 | 
 613 | def IsFeedsHostOverrideEnabled(step):
 614 |     return bool(feeds_host_override)
 615 | 
 616 | 
 617 | @util.renderer
 618 | def GetFeedsHostOverride(props):
 619 |     return feeds_host_override
 620 | 
 621 | 
 622 | def GetBaseVersion(branch):
 623 |     if re.match(r"^[^-]+-[0-9]+\.[0-9]+$", branch):
 624 |         return branch.split("-")[1]
 625 |     else:
 626 |         return "main"
 627 | 
 628 | 
 629 | @properties.renderer
 630 | def GetVersionPrefix(props):
 631 |     branch = props.getProperty("branch")
 632 |     basever = GetBaseVersion(branch)
 633 |     if props.hasProperty("tag") and re.match(
 634 |         r"^v[0-9]+\.[0-9]+\.[0-9]+(?:-rc[0-9]+)?$", props["tag"]
 635 |     ):
 636 |         return "%s/" % props["tag"][1:]
 637 |     elif basever != "main":
 638 |         return "%s-SNAPSHOT/" % basever
 639 |     else:
 640 |         return ""
 641 | 
 642 | 
 643 | @util.renderer
 644 | def GetConfigSeed(props):
 645 |     branch = props.getProperty("branch")
 646 |     return branch and branches[branch].get("config_seed") or ""
 647 | 
 648 | 
 649 | @util.renderer
 650 | def GetRsyncParams(props, srcorbin, urlorkey):
 651 |     # srcorbin: 'bin' or 'src'; urlorkey: 'url' or 'key'
 652 |     branch = props.getProperty("branch")
 653 |     opt = srcorbin + "_" + urlorkey
 654 |     return branch and branches[branch].get(opt)
 655 | 
 656 | 
 657 | @util.renderer
 658 | def GetUsignKey(props):
 659 |     branch = props.getProperty("branch")
 660 |     return branch and branches[branch].get("usign_key")
 661 | 
 662 | 
 663 | @util.renderer
 664 | def IsSignedPackagesEnabled(props):
 665 |     branch = props.getProperty("branch")
 666 |     if not branch:
 667 |         return False
 668 |     b = branches.get(branch, {})
 669 |     return bool(b.get("usign_key") or b.get("apk_key"))
 670 | 
 671 | 
 672 | def GetNextBuild(builder, requests):
 673 |     for r in requests:
 674 |         if r.properties:
 675 |             # order tagged build first
 676 |             if r.properties.hasProperty("tag"):
 677 |                 return r
 678 | 
 679 |     r = requests[0]
 680 |     # log.msg("GetNextBuild: {:>20} id: {} bsid: {}".format(builder.name, r.id, r.bsid))
 681 |     return r
 682 | 
 683 | 
 684 | def MakeEnv(overrides=None, tryccache=False):
 685 |     env = {
 686 |         "CCC": Interpolate("%(prop:cc_command:-gcc)s"),
 687 |         "CCXX": Interpolate("%(prop:cxx_command:-g++)s"),
 688 |     }
 689 |     if tryccache:
 690 |         env["CC"] = Interpolate("%(prop:builddir)s/ccache_cc.sh")
 691 |         env["CXX"] = Interpolate("%(prop:builddir)s/ccache_cxx.sh")
 692 |         env["CCACHE"] = Interpolate("%(prop:ccache_command:-)s")
 693 |     else:
 694 |         env["CC"] = env["CCC"]
 695 |         env["CXX"] = env["CCXX"]
 696 |         env["CCACHE"] = ""
 697 |     if overrides is not None:
 698 |         env.update(overrides)
 699 |     return env
 700 | 
 701 | 
 702 | @properties.renderer
 703 | def NetLockDl(props, extralock=None):
 704 |     lock = None
 705 |     if props.hasProperty("dl_lock"):
 706 |         lock = NetLocks[props["dl_lock"]]
 707 |     if lock is not None:
 708 |         return [lock.access("exclusive")]
 709 |     else:
 710 |         return []
 711 | 
 712 | 
 713 | @properties.renderer
 714 | def NetLockUl(props):
 715 |     lock = None
 716 |     if props.hasProperty("ul_lock"):
 717 |         lock = NetLocks[props["ul_lock"]]
 718 |     if lock is not None:
 719 |         return [lock.access("exclusive")]
 720 |     else:
 721 |         return []
 722 | 
 723 | 
 724 | def IsTargetSelected(target):
 725 |     def CheckTargetProperty(step):
 726 |         selected_target = step.getProperty("target", "all")
 727 |         if selected_target != "all" and selected_target != target:
 728 |             return False
 729 |         return True
 730 | 
 731 |     return CheckTargetProperty
 732 | 
 733 | 
 734 | @util.renderer
 735 | def UsignSec2Pub(props):
 736 |     branch = props.getProperty("branch")
 737 |     try:
 738 |         comment = (
 739 |             branches[branch].get("usign_comment") or "untrusted comment: secret key"
 740 |         )
 741 |         seckey = branches[branch].get("usign_key")
 742 |         seckey = base64.b64decode(seckey)
 743 |     except Exception:
 744 |         return None
 745 | 
 746 |     return "{}\n{}".format(
 747 |         re.sub(r"\bsecret key$", "public key", comment),
 748 |         base64.b64encode(seckey[0:2] + seckey[32:40] + seckey[72:]),
 749 |     )
 750 | 
 751 | 
 752 | def canStartBuild(builder, wfb, request):
 753 |     """filter out non tag requests for tag_only workers."""
 754 |     wtagonly = wfb.worker.properties.getProperty("tag_only")
 755 |     tag = request.properties.getProperty("tag")
 756 | 
 757 |     if wtagonly and not tag:
 758 |         return False
 759 | 
 760 |     return True
 761 | 
 762 | 
 763 | c["builders"] = []
 764 | 
 765 | workerNames = []
 766 | 
 767 | for worker in c["workers"]:
 768 |     workerNames.append(worker.workername)
 769 | 
 770 | # add a single LocalWorker to handle the forcebuild builder
 771 | c["workers"].append(LocalWorker("__local_force_build", max_builds=1))
 772 | 
 773 | force_factory = BuildFactory()
 774 | force_factory.addStep(
 775 |     steps.Trigger(
 776 |         name="trigger_build",
 777 |         schedulerNames=["trigger"],
 778 |         sourceStamps=[
 779 |             {
 780 |                 "codebase": "",
 781 |                 "branch": Property("force_branch"),
 782 |                 "revision": Property("force_revision"),
 783 |                 "repository": repo_url,
 784 |                 "project": "",
 785 |             }
 786 |         ],
 787 |         set_properties={
 788 |             "reason": Property("reason"),
 789 |             "tag": Property("tag"),
 790 |             "target": Property("target"),
 791 |         },
 792 |     )
 793 | )
 794 | 
 795 | c["builders"].append(
 796 |     BuilderConfig(
 797 |         name="00_force_build", workername="__local_force_build", factory=force_factory
 798 |     )
 799 | )
 800 | 
 801 | 
 802 | # CUSTOM CLASS
 803 | 
 804 | # Extension of ShellCommand and sets in property:
 805 | # - True: the command succeded
 806 | # - False: the command failed
 807 | class ShellCommandAndSetProperty(buildstep.ShellMixin, buildstep.BuildStep):
 808 |     name = "shellandsetproperty"
 809 |     renderables = ['property']
 810 | 
 811 |     def __init__(
 812 |         self,
 813 |         property=None,
 814 |         **kwargs,
 815 |     ):
 816 |         kwargs = self.setupShellMixin(kwargs)
 817 | 
 818 |         self.property = property
 819 | 
 820 |         super().__init__(**kwargs)
 821 | 
 822 |     @defer.inlineCallbacks
 823 |     def run(self):
 824 |         cmd = yield self.makeRemoteShellCommand()
 825 | 
 826 |         yield self.runCommand(cmd)
 827 | 
 828 |         self.setProperty(self.property, not cmd.didFail(), "ShellCommandAndSetProperty Step")
 829 | 
 830 |         return cmd.results()
 831 | 
 832 | 
 833 | # NB the phase1 build factory assumes workers are single-build only
 834 | def prepareFactory(target):
 835 |     (target, subtarget) = target.split("/")
 836 | 
 837 |     factory = BuildFactory()
 838 | 
 839 |     # setup shared work directory if required
 840 |     factory.addStep(
 841 |         ShellCommand(
 842 |             name="sharedwd",
 843 |             descriptionDone="Shared work directory set up",
 844 |             command='test -L "$PWD" || (mkdir -p ../shared-workdir && rm -rf "$PWD" && ln -s shared-workdir "$PWD")',
 845 |             workdir=".",
 846 |             haltOnFailure=True,
 847 |         )
 848 |     )
 849 | 
 850 |     # find number of cores
 851 |     factory.addStep(
 852 |         SetPropertyFromCommand(
 853 |             name="nproc",
 854 |             property="nproc",
 855 |             description="Finding number of CPUs",
 856 |             command=["nproc"],
 857 |         )
 858 |     )
 859 | 
 860 |     # find gcc and g++ compilers
 861 |     factory.addStep(
 862 |         FileDownload(
 863 |             name="dlfindbinpl",
 864 |             mastersrc=scripts_dir + "/findbin.pl",
 865 |             workerdest="../findbin.pl",
 866 |             mode=0o755,
 867 |         )
 868 |     )
 869 | 
 870 |     factory.addStep(
 871 |         SetPropertyFromCommand(
 872 |             name="gcc",
 873 |             property="cc_command",
 874 |             description="Finding gcc command",
 875 |             command=["../findbin.pl", "gcc", "", ""],
 876 |             haltOnFailure=True,
 877 |         )
 878 |     )
 879 | 
 880 |     factory.addStep(
 881 |         SetPropertyFromCommand(
 882 |             name="g++",
 883 |             property="cxx_command",
 884 |             description="Finding g++ command",
 885 |             command=["../findbin.pl", "g++", "", ""],
 886 |             haltOnFailure=True,
 887 |         )
 888 |     )
 889 | 
 890 |     # see if ccache is available
 891 |     factory.addStep(
 892 |         SetPropertyFromCommand(
 893 |             name="ccache",
 894 |             property="ccache_command",
 895 |             description="Testing for ccache command",
 896 |             command=["which", "ccache"],
 897 |             haltOnFailure=False,
 898 |             flunkOnFailure=False,
 899 |             warnOnFailure=False,
 900 |             hideStepIf=lambda r, s: r == results.FAILURE,
 901 |         )
 902 |     )
 903 | 
 904 |     # check out the source
 905 |     # Git() runs:
 906 |     # if repo doesn't exist: 'git clone repourl'
 907 |     # method 'clean' runs 'git clean -d -f', method fresh runs 'git clean -f -f -d -x'. Only works with mode='full'
 908 |     # git cat-file -e <commit>
 909 |     # git checkout -f <commit>
 910 |     # git checkout -B <branch>
 911 |     # git rev-parse HEAD
 912 |     factory.addStep(
 913 |         Git(
 914 |             name="git",
 915 |             repourl=repo_url,
 916 |             mode="full",
 917 |             method="fresh",
 918 |             locks=NetLockDl,
 919 |             haltOnFailure=True,
 920 |         )
 921 |     )
 922 | 
 923 |     # workaround for https://github.com/openwrt/buildbot/issues/5
 924 |     factory.addStep(
 925 |         Git(
 926 |             name="git me once more please",
 927 |             repourl=repo_url,
 928 |             mode="full",
 929 |             method="fresh",
 930 |             locks=NetLockDl,
 931 |             haltOnFailure=True,
 932 |         )
 933 |     )
 934 | 
 935 |     # update remote refs
 936 |     factory.addStep(
 937 |         ShellCommand(
 938 |             name="fetchrefs",
 939 |             description="Fetching Git remote refs",
 940 |             descriptionDone="Git remote refs fetched",
 941 |             command=[
 942 |                 "git",
 943 |                 "fetch",
 944 |                 "origin",
 945 |                 Interpolate(
 946 |                     "+refs/heads/%(prop:branch)s:refs/remotes/origin/%(prop:branch)s"
 947 |                 ),
 948 |             ],
 949 |             haltOnFailure=True,
 950 |         )
 951 |     )
 952 | 
 953 |     # getver.sh requires local branches to track upstream otherwise version computation fails.
 954 |     # Git() does not set tracking branches when cloning or switching, so work around this here
 955 |     factory.addStep(
 956 |         ShellCommand(
 957 |             name="trackupstream",
 958 |             description="Setting upstream branch",
 959 |             descriptionDone="getver.sh is happy now",
 960 |             command=["git", "branch", "-u", Interpolate("origin/%(prop:branch)s")],
 961 |             haltOnFailure=True,
 962 |         )
 963 |     )
 964 | 
 965 |     # Verify that Git HEAD points to a tag or branch
 966 |     # Ref: https://web.archive.org/web/20190729224316/http://lists.infradead.org/pipermail/openwrt-devel/2019-June/017809.html
 967 |     factory.addStep(
 968 |         ShellCommand(
 969 |             name="gitverify",
 970 |             description="Ensuring that Git HEAD is pointing to a branch or tag",
 971 |             descriptionDone="Git HEAD is sane",
 972 |             command=(
 973 |                 "git rev-parse --abbrev-ref HEAD | grep -vxqF HEAD || "
 974 |                 "git show-ref --tags --dereference 2>/dev/null | sed -ne "
 975 |                 '"/^$(git rev-parse HEAD) / { s|^.*/||; s|\\^.*||; p }" | grep -qE "^v[0-9][0-9]\\."'
 976 |             ),
 977 |             haltOnFailure=True,
 978 |         )
 979 |     )
 980 | 
 981 |     factory.addStep(
 982 |         StringDownload(
 983 |             name="ccachecc",
 984 |             s='#!/bin/sh\nexec ${CCACHE} ${CCC} "$@"\n',
 985 |             workerdest="../ccache_cc.sh",
 986 |             mode=0o755,
 987 |         )
 988 |     )
 989 | 
 990 |     factory.addStep(
 991 |         StringDownload(
 992 |             name="ccachecxx",
 993 |             s='#!/bin/sh\nexec ${CCACHE} ${CCXX} "$@"\n',
 994 |             workerdest="../ccache_cxx.sh",
 995 |             mode=0o755,
 996 |         )
 997 |     )
 998 | 
 999 |     factory.addStep(
1000 |         ShellCommand(
1001 |             name="feeds-backup",
1002 |             description="Backing up feeds.conf.default",
1003 |             descriptionDone="feeds.conf.default backed up",
1004 |             command=["cp", "-p", "feeds.conf.default", "feeds.conf.default.bak"],
1005 |             doStepIf=IsFeedsHostOverrideEnabled,
1006 |             haltOnFailure=True,
1007 |         )
1008 |     )
1009 | 
1010 |     factory.addStep(
1011 |         ShellCommand(
1012 |             name="feeds-override",
1013 |             description="Overriding feeds host",
1014 |             descriptionDone="Feeds host overridden",
1015 |             command=[
1016 |                 "sed",
1017 |                 "-i",
1018 |                 "-E",
1019 |                 Interpolate(
1020 |                     "s;git.openwrt.org/(feed|project);%(kw:host)s;",
1021 |                     host=GetFeedsHostOverride,
1022 |                 ),
1023 |                 "feeds.conf.default",
1024 |             ],
1025 |             doStepIf=IsFeedsHostOverrideEnabled,
1026 |             haltOnFailure=True,
1027 |         )
1028 |     )
1029 | 
1030 |     # feed
1031 |     factory.addStep(
1032 |         ShellCommand(
1033 |             name="updatefeeds",
1034 |             description="Updating feeds",
1035 |             command=["./scripts/feeds", "update"],
1036 |             env=MakeEnv(tryccache=True),
1037 |             haltOnFailure=True,
1038 |             locks=NetLockDl,
1039 |         )
1040 |     )
1041 | 
1042 |     factory.addStep(
1043 |         ShellCommand(
1044 |             name="feeds-restore",
1045 |             description="Restoring feeds.conf.default",
1046 |             descriptionDone="feeds.conf.default restored",
1047 |             command="test -f feeds.conf.default.bak && mv -f feeds.conf.default.bak feeds.conf.default || true",
1048 |             doStepIf=IsFeedsHostOverrideEnabled,
1049 |             haltOnFailure=True,
1050 |         )
1051 |     )
1052 | 
1053 |     # feed
1054 |     factory.addStep(
1055 |         ShellCommand(
1056 |             name="installfeeds",
1057 |             description="Installing feeds",
1058 |             command=["./scripts/feeds", "install", "-a"],
1059 |             env=MakeEnv(tryccache=True),
1060 |             haltOnFailure=True,
1061 |         )
1062 |     )
1063 | 
1064 |     # seed config
1065 |     factory.addStep(
1066 |         StringDownload(
1067 |             name="dlconfigseed",
1068 |             s=Interpolate("%(kw:seed)s\n", seed=GetConfigSeed),
1069 |             workerdest=".config",
1070 |             mode=0o644,
1071 |         )
1072 |     )
1073 | 
1074 |     # configure
1075 |     factory.addStep(
1076 |         ShellCommand(
1077 |             name="newconfig",
1078 |             descriptionDone=".config seeded",
1079 |             command=Interpolate(
1080 |                 "printf 'CONFIG_TARGET_%(kw:target)s=y\\n"
1081 |                 "CONFIG_TARGET_%(kw:target)s_%(kw:subtarget)s=y\\n"
1082 |                 "CONFIG_SIGNED_PACKAGES=%(kw:signed:#?|y|n)s\\n' >> .config",
1083 |                 target=target,
1084 |                 subtarget=subtarget,
1085 |                 signed=IsSignedPackagesEnabled,
1086 |             ),
1087 |         )
1088 |     )
1089 | 
1090 |     factory.addStep(
1091 |         ShellCommand(
1092 |             name="defconfig",
1093 |             description="Populating .config",
1094 |             command=["make", "defconfig"],
1095 |             env=MakeEnv(),
1096 |         )
1097 |     )
1098 | 
1099 |     # check arch - exit early if does not exist - NB: some targets do not define CONFIG_TARGET_target_subtarget
1100 |     factory.addStep(
1101 |         ShellCommand(
1102 |             name="checkarch",
1103 |             description="Checking architecture",
1104 |             descriptionDone="Architecture validated",
1105 |             command='grep -sq CONFIG_TARGET_%s=y .config && grep -sq CONFIG_TARGET_SUBTARGET=\\"%s\\" .config'
1106 |             % (target, subtarget),
1107 |             logEnviron=False,
1108 |             want_stdout=False,
1109 |             want_stderr=False,
1110 |             haltOnFailure=True,
1111 |             flunkOnFailure=False,  # this is not a build FAILURE - TODO mark build as SKIPPED
1112 |         )
1113 |     )
1114 | 
1115 |     # find libc suffix
1116 |     factory.addStep(
1117 |         SetPropertyFromCommand(
1118 |             name="libc",
1119 |             property="libc",
1120 |             description="Finding libc suffix",
1121 |             command=[
1122 |                 "sed",
1123 |                 "-ne",
1124 |                 '/^CONFIG_LIBC=/ { s!^CONFIG_LIBC="\\(.*\\)"!\\1!; s!^musl$!!; s!.\\+!-&!p }',
1125 |                 ".config",
1126 |             ],
1127 |         )
1128 |     )
1129 | 
1130 |     # install build key
1131 |     factory.addStep(
1132 |         StringDownload(
1133 |             name="dlkeybuildpub",
1134 |             s=Interpolate("%(kw:sec2pub)s", sec2pub=UsignSec2Pub),
1135 |             workerdest="key-build.pub",
1136 |             mode=0o600,
1137 |             doStepIf=IsUsignEnabled,
1138 |         )
1139 |     )
1140 | 
1141 |     factory.addStep(
1142 |         StringDownload(
1143 |             name="dlkeybuild",
1144 |             s="# fake private key",
1145 |             workerdest="key-build",
1146 |             mode=0o600,
1147 |             doStepIf=IsUsignEnabled,
1148 |         )
1149 |     )
1150 | 
1151 |     factory.addStep(
1152 |         StringDownload(
1153 |             name="dlkeybuilducert",
1154 |             s="# fake certificate",
1155 |             workerdest="key-build.ucert",
1156 |             mode=0o600,
1157 |             doStepIf=IsUsignEnabled,
1158 |         )
1159 |     )
1160 | 
1161 |     # prepare dl
1162 |     factory.addStep(
1163 |         ShellCommand(
1164 |             name="dldir",
1165 |             description="Preparing dl/",
1166 |             descriptionDone="dl/ prepared",
1167 |             command='mkdir -p ../dl && rm -rf "build/dl" && ln -s ../../dl "build/dl"',
1168 |             workdir=Property("builddir"),
1169 |             logEnviron=False,
1170 |             want_stdout=False,
1171 |         )
1172 |     )
1173 | 
1174 |     # cleanup dl
1175 |     factory.addStep(
1176 |         ShellCommand(
1177 |             name="dlprune",
1178 |             description="Pruning dl/",
1179 |             descriptionDone="dl/ pruned",
1180 |             command="find dl/ -mindepth 1 -atime +15 -delete -print",
1181 |             logEnviron=False,
1182 |             haltOnFailure=False,
1183 |             flunkOnFailure=False,
1184 |             warnOnFailure=False,
1185 |         )
1186 |     )
1187 | 
1188 |     # prepare tar
1189 |     factory.addStep(
1190 |         ShellCommand(
1191 |             name="dltar",
1192 |             description="Building and installing GNU tar",
1193 |             descriptionDone="GNU tar built and installed",
1194 |             command=[
1195 |                 "make",
1196 |                 Interpolate("-j%(prop:nproc:-1)s"),
1197 |                 "tools/tar/compile",
1198 |                 "V=s",
1199 |             ],
1200 |             env=MakeEnv(tryccache=True),
1201 |             haltOnFailure=True,
1202 |         )
1203 |     )
1204 | 
1205 |     # populate dl
1206 |     factory.addStep(
1207 |         ShellCommand(
1208 |             name="dlrun",
1209 |             description="Populating dl/",
1210 |             descriptionDone="dl/ populated",
1211 |             command=["make", Interpolate("-j%(prop:nproc:-1)s"), "download", "V=s"],
1212 |             env=MakeEnv(),
1213 |             logEnviron=False,
1214 |             locks=NetLockDl,
1215 |         )
1216 |     )
1217 | 
1218 |     factory.addStep(
1219 |         ShellCommand(
1220 |             name="cleanbase",
1221 |             description="Cleaning base-files",
1222 |             command=["make", "package/base-files/clean", "V=s"],
1223 |         )
1224 |     )
1225 | 
1226 |     # build
1227 |     factory.addStep(
1228 |         ShellCommand(
1229 |             name="tools",
1230 |             description="Building and installing tools",
1231 |             descriptionDone="Tools built and installed",
1232 |             command=[
1233 |                 "make",
1234 |                 Interpolate("-j%(prop:nproc:-1)s"),
1235 |                 "tools/install",
1236 |                 "V=s",
1237 |             ],
1238 |             env=MakeEnv(tryccache=True),
1239 |             haltOnFailure=True,
1240 |         )
1241 |     )
1242 | 
1243 |     factory.addStep(
1244 |         ShellCommand(
1245 |             name="toolchain",
1246 |             description="Building and installing toolchain",
1247 |             descriptionDone="Toolchain built and installed",
1248 |             command=[
1249 |                 "make",
1250 |                 Interpolate("-j%(prop:nproc:-1)s"),
1251 |                 "toolchain/install",
1252 |                 "V=s",
1253 |             ],
1254 |             env=MakeEnv(),
1255 |             haltOnFailure=True,
1256 |         )
1257 |     )
1258 | 
1259 |     factory.addStep(
1260 |         ShellCommand(
1261 |             name="kmods",
1262 |             description="Building kmods",
1263 |             descriptionDone="Kmods built",
1264 |             command=[
1265 |                 "make",
1266 |                 Interpolate("-j%(prop:nproc:-1)s"),
1267 |                 "target/compile",
1268 |                 "V=s",
1269 |                 "IGNORE_ERRORS=n m",
1270 |                 "BUILD_LOG=1",
1271 |             ],
1272 |             env=MakeEnv(),
1273 |             haltOnFailure=True,
1274 |         )
1275 |     )
1276 | 
1277 |     # find kernel version
1278 |     factory.addStep(
1279 |         SetPropertyFromCommand(
1280 |             name="kernelversion",
1281 |             property="kernelversion",
1282 |             description="Finding the effective Kernel version",
1283 |             command=(
1284 |                 "make --no-print-directory -C target/linux/ "
1285 |                 "val.LINUX_VERSION val.LINUX_RELEASE val.LINUX_VERMAGIC | "
1286 |                 "xargs printf '%s-%s-%s\\n'"
1287 |             ),
1288 |             env={"TOPDIR": Interpolate("%(prop:builddir)s/build")},
1289 |         )
1290 |     )
1291 | 
1292 |     factory.addStep(
1293 |         ShellCommand(
1294 |             name="pkgclean",
1295 |             description="Cleaning up package build",
1296 |             descriptionDone="Package build cleaned up",
1297 |             command=["make", "package/cleanup", "V=s"],
1298 |         )
1299 |     )
1300 | 
1301 |     factory.addStep(
1302 |         ShellCommand(
1303 |             name="pkgbuild",
1304 |             description="Building packages",
1305 |             descriptionDone="Packages built",
1306 |             command=[
1307 |                 "make",
1308 |                 Interpolate("-j%(prop:nproc:-1)s"),
1309 |                 "package/compile",
1310 |                 "V=s",
1311 |                 "IGNORE_ERRORS=n m",
1312 |                 "BUILD_LOG=1",
1313 |             ],
1314 |             env=MakeEnv(),
1315 |             haltOnFailure=True,
1316 |         )
1317 |     )
1318 | 
1319 |     factory.addStep(
1320 |         ShellCommand(
1321 |             name="pkginstall",
1322 |             description="Installing packages",
1323 |             descriptionDone="Packages installed",
1324 |             command=[
1325 |                 "make",
1326 |                 Interpolate("-j%(prop:nproc:-1)s"),
1327 |                 "package/install",
1328 |                 "V=s",
1329 |             ],
1330 |             env=MakeEnv(),
1331 |             haltOnFailure=True,
1332 |         )
1333 |     )
1334 | 
1335 |     factory.addStep(
1336 |         ShellCommand(
1337 |             name="images",
1338 |             description="Building and installing images",
1339 |             descriptionDone="Images built and installed",
1340 |             command=[
1341 |                 "make",
1342 |                 Interpolate("-j%(prop:nproc:-1)s"),
1343 |                 "target/install",
1344 |                 "V=s",
1345 |             ],
1346 |             env=MakeEnv(),
1347 |             haltOnFailure=True,
1348 |         )
1349 |     )
1350 | 
1351 |     factory.addStep(
1352 |         ShellCommand(
1353 |             name="buildinfo",
1354 |             description="Generating config.buildinfo, version.buildinfo and feeds.buildinfo",
1355 |             command="make -j1 buildinfo V=s || true",
1356 |             env=MakeEnv(),
1357 |             haltOnFailure=True,
1358 |         )
1359 |     )
1360 | 
1361 |     factory.addStep(
1362 |         ShellCommand(
1363 |             name="json_overview_image_info",
1364 |             description="Generating profiles.json in target folder",
1365 |             command="make -j1 json_overview_image_info V=s || true",
1366 |             env=MakeEnv(),
1367 |             haltOnFailure=True,
1368 |         )
1369 |     )
1370 | 
1371 |     factory.addStep(
1372 |         ShellCommand(
1373 |             name="kmoddir",
1374 |             descriptionDone="Kmod directory created",
1375 |             command=[
1376 |                 "mkdir",
1377 |                 "-p",
1378 |                 Interpolate(
1379 |                     "bin/targets/%(kw:target)s/%(kw:subtarget)s%(prop:libc)s/kmods/%(prop:kernelversion)s",
1380 |                     target=target,
1381 |                     subtarget=subtarget,
1382 |                 ),
1383 |             ],
1384 |             haltOnFailure=True,
1385 |             doStepIf=IsKmodArchiveEnabled,
1386 |         )
1387 |     )
1388 | 
1389 |     factory.addStep(
1390 |         ShellCommand(
1391 |             name="kmodprepare",
1392 |             description="Preparing kmod archive",
1393 |             descriptionDone="Kmod archive prepared",
1394 |             command=[
1395 |                 "rsync",
1396 |                 "--remove-source-files",
1397 |                 "--include=/kmod-*.ipk",
1398 |                 "--include=/kmod-*.apk",
1399 |                 "--exclude=*",
1400 |                 "-va",
1401 |                 Interpolate(
1402 |                     "bin/targets/%(kw:target)s/%(kw:subtarget)s%(prop:libc)s/packages/",
1403 |                     target=target,
1404 |                     subtarget=subtarget,
1405 |                 ),
1406 |                 Interpolate(
1407 |                     "bin/targets/%(kw:target)s/%(kw:subtarget)s%(prop:libc)s/kmods/%(prop:kernelversion)s/",
1408 |                     target=target,
1409 |                     subtarget=subtarget,
1410 |                 ),
1411 |             ],
1412 |             haltOnFailure=True,
1413 |             doStepIf=IsKmodArchiveEnabled,
1414 |         )
1415 |     )
1416 | 
1417 |     factory.addStep(
1418 |         ShellCommand(
1419 |             name="pkgindex",
1420 |             description="Indexing packages",
1421 |             descriptionDone="Packages indexed",
1422 |             command=[
1423 |                 "make",
1424 |                 Interpolate("-j%(prop:nproc:-1)s"),
1425 |                 "package/index",
1426 |                 "V=s",
1427 |                 "CONFIG_SIGNED_PACKAGES=",
1428 |             ],
1429 |             env=MakeEnv(),
1430 |             haltOnFailure=True,
1431 |         )
1432 |     )
1433 | 
1434 |     factory.addStep(
1435 |         ShellCommand(
1436 |             name="kmodindex",
1437 |             description="Indexing kmod archive",
1438 |             descriptionDone="Kmod archive indexed",
1439 |             command=[
1440 |                 "make",
1441 |                 Interpolate("-j%(prop:nproc:-1)s"),
1442 |                 "package/index",
1443 |                 "V=s",
1444 |                 "CONFIG_SIGNED_PACKAGES=",
1445 |                 Interpolate(
1446 |                     "PACKAGE_SUBDIRS=bin/targets/%(kw:target)s/%(kw:subtarget)s%(prop:libc)s/kmods/%(prop:kernelversion)s/",
1447 |                     target=target,
1448 |                     subtarget=subtarget,
1449 |                 ),
1450 |             ],
1451 |             env=MakeEnv(),
1452 |             haltOnFailure=True,
1453 |             doStepIf=IsKmodArchiveEnabled,
1454 |         )
1455 |     )
1456 | 
1457 |     factory.addStep(
1458 |         ShellCommand(
1459 |             name="checksums",
1460 |             description="Calculating checksums",
1461 |             descriptionDone="Checksums calculated",
1462 |             command=["make", "-j1", "checksum", "V=s"],
1463 |             env=MakeEnv(),
1464 |             haltOnFailure=True,
1465 |         )
1466 |     )
1467 | 
1468 |     # download remote sha256sums to 'target-sha256sums'
1469 |     factory.addStep(
1470 |         ShellCommandAndSetProperty(
1471 |             name="target-sha256sums",
1472 |             description="Fetching remote sha256sums for target",
1473 |             descriptionDone="Remote sha256sums for target fetched",
1474 |             command=["rsync", Interpolate("-z%(prop:rsync_ipv4:+4)s")]
1475 |             + rsync_defopts
1476 |             + [
1477 |                 Interpolate(
1478 |                     "%(kw:url)s/%(kw:prefix)stargets/%(kw:target)s/%(kw:subtarget)s/sha256sums",
1479 |                     url=GetRsyncParams.withArgs("bin", "url"),
1480 |                     target=target,
1481 |                     subtarget=subtarget,
1482 |                     prefix=GetVersionPrefix,
1483 |                 ),
1484 |                 "target-sha256sums",
1485 |             ],
1486 |             env={
1487 |                 "RSYNC_PASSWORD": Interpolate(
1488 |                     "%(kw:key)s", key=GetRsyncParams.withArgs("bin", "key")
1489 |                 )
1490 |             },
1491 |             property="have_remote_shasums",
1492 |             logEnviron=False,
1493 |             haltOnFailure=False,
1494 |             flunkOnFailure=False,
1495 |             warnOnFailure=False,
1496 |             doStepIf=util.Transform(bool, GetRsyncParams.withArgs("bin", "url")),
1497 |         )
1498 |     )
1499 | 
1500 |     factory.addStep(
1501 |         ShellCommand(
1502 |             name="target-sha256sums_kmodsparse",
1503 |             description="Extract kmods from remote sha256sums",
1504 |             descriptionDone="Kmods extracted",
1505 |             command="sed \"/ \\*kmods\\//! d\" target-sha256sums | tee target-sha256sums-kmods",
1506 |             haltOnFailure=False,
1507 |             doStepIf=IsRemoteShaSumsAvailable,
1508 |         )
1509 |     )
1510 | 
1511 |     factory.addStep(
1512 |         ShellCommand(
1513 |             name="mergesha256sum",
1514 |             description="Merge sha256sums kmods with sha256sums",
1515 |             descriptionDone="Sha256sums merged",
1516 |             command=[
1517 |                 "sort",
1518 |                 "-t", " ",
1519 |                 "-k", 2,
1520 |                 "-u",
1521 |                 Interpolate(
1522 |                     "bin/targets/%(kw:target)s/%(kw:subtarget)s%(prop:libc)s/sha256sums",
1523 |                     target=target,
1524 |                     subtarget=subtarget,
1525 |                 ),
1526 |                 "target-sha256sums-kmods",
1527 |                 "-o",
1528 |                 Interpolate(
1529 |                     "bin/targets/%(kw:target)s/%(kw:subtarget)s%(prop:libc)s/sha256sums",
1530 |                     target=target,
1531 |                     subtarget=subtarget,
1532 |                 ),
1533 |             ],
1534 |             env={"LC_ALL": "C"},
1535 |             haltOnFailure=False,
1536 |             doStepIf=IsRemoteShaSumsAvailable,
1537 |         )
1538 |     )
1539 | 
1540 |     # sign
1541 |     factory.addStep(
1542 |         MasterShellCommand(
1543 |             name="signprepare",
1544 |             descriptionDone="Temporary signing directory prepared",
1545 |             command=["mkdir", "-p", "%s/signing" % (work_dir)],
1546 |             haltOnFailure=True,
1547 |             doStepIf=IsSignEnabled,
1548 |         )
1549 |     )
1550 | 
1551 |     factory.addStep(
1552 |         ShellCommand(
1553 |             name="signpack",
1554 |             description="Packing files to sign",
1555 |             descriptionDone="Files to sign packed",
1556 |             command=Interpolate(
1557 |                 "find bin/targets/%(kw:target)s/%(kw:subtarget)s%(prop:libc)s/ "
1558 |                 "bin/targets/%(kw:target)s/%(kw:subtarget)s%(prop:libc)s/kmods/ "
1559 |                 "-mindepth 1 -maxdepth 2 -type f -name sha256sums -print0 -or "
1560 |                 "-name Packages -print0 -or -name packages.adb -print0 "
1561 |                 "| xargs -0 tar -czf sign.tar.gz",
1562 |                 target=target,
1563 |                 subtarget=subtarget,
1564 |             ),
1565 |             haltOnFailure=True,
1566 |             doStepIf=IsSignEnabled,
1567 |         )
1568 |     )
1569 | 
1570 |     factory.addStep(
1571 |         FileUpload(
1572 |             workersrc="sign.tar.gz",
1573 |             masterdest="%s/signing/%s.%s.tar.gz" % (work_dir, target, subtarget),
1574 |             haltOnFailure=True,
1575 |             doStepIf=IsSignEnabled,
1576 |         )
1577 |     )
1578 | 
1579 |     factory.addStep(
1580 |         MasterShellCommand(
1581 |             name="signfiles",
1582 |             description="Signing files",
1583 |             descriptionDone="Files signed",
1584 |             command=[
1585 |                 "%s/signall.sh" % (scripts_dir),
1586 |                 "%s/signing/%s.%s.tar.gz" % (work_dir, target, subtarget),
1587 |                 Interpolate("%(prop:branch)s"),
1588 |             ],
1589 |             env={"CONFIG_INI": os.getenv("BUILDMASTER_CONFIG", "./config.ini")},
1590 |             haltOnFailure=True,
1591 |             doStepIf=IsSignEnabled,
1592 |         )
1593 |     )
1594 | 
1595 |     factory.addStep(
1596 |         FileDownload(
1597 |             name="dlsigntargz",
1598 |             mastersrc="%s/signing/%s.%s.tar.gz" % (work_dir, target, subtarget),
1599 |             workerdest="sign.tar.gz",
1600 |             haltOnFailure=True,
1601 |             doStepIf=IsSignEnabled,
1602 |         )
1603 |     )
1604 | 
1605 |     factory.addStep(
1606 |         ShellCommand(
1607 |             name="signunpack",
1608 |             description="Unpacking signed files",
1609 |             descriptionDone="Signed files unpacked",
1610 |             command=["tar", "-xzf", "sign.tar.gz"],
1611 |             haltOnFailure=True,
1612 |             doStepIf=IsSignEnabled,
1613 |         )
1614 |     )
1615 | 
1616 |     # upload
1617 |     factory.addStep(
1618 |         ShellCommand(
1619 |             name="dirprepare",
1620 |             descriptionDone="Upload directory structure prepared",
1621 |             command=[
1622 |                 "mkdir",
1623 |                 "-p",
1624 |                 Interpolate(
1625 |                     "tmp/upload/%(kw:prefix)stargets/%(kw:target)s/%(kw:subtarget)s",
1626 |                     target=target,
1627 |                     subtarget=subtarget,
1628 |                     prefix=GetVersionPrefix,
1629 |                 ),
1630 |             ],
1631 |             haltOnFailure=True,
1632 |         )
1633 |     )
1634 | 
1635 |     factory.addStep(
1636 |         ShellCommand(
1637 |             name="linkprepare",
1638 |             descriptionDone="Repository symlink prepared",
1639 |             command=[
1640 |                 "ln",
1641 |                 "-s",
1642 |                 "-f",
1643 |                 Interpolate(
1644 |                     "../packages-%(kw:basever)s",
1645 |                     basever=util.Transform(GetBaseVersion, Property("branch")),
1646 |                 ),
1647 |                 Interpolate(
1648 |                     "tmp/upload/%(kw:prefix)spackages", prefix=GetVersionPrefix
1649 |                 ),
1650 |             ],
1651 |             doStepIf=IsNoMasterBuild,
1652 |             haltOnFailure=True,
1653 |         )
1654 |     )
1655 | 
1656 |     factory.addStep(
1657 |         ShellCommand(
1658 |             name="kmoddirprepare",
1659 |             descriptionDone="Kmod archive upload directory prepared",
1660 |             command=[
1661 |                 "mkdir",
1662 |                 "-p",
1663 |                 Interpolate(
1664 |                     "tmp/upload/%(kw:prefix)stargets/%(kw:target)s/%(kw:subtarget)s/kmods/%(prop:kernelversion)s",
1665 |                     target=target,
1666 |                     subtarget=subtarget,
1667 |                     prefix=GetVersionPrefix,
1668 |                 ),
1669 |             ],
1670 |             haltOnFailure=True,
1671 |             doStepIf=IsKmodArchiveEnabled,
1672 |         )
1673 |     )
1674 | 
1675 |     factory.addStep(
1676 |         ShellCommand(
1677 |             name="dirupload",
1678 |             description="Uploading directory structure",
1679 |             descriptionDone="Directory structure uploaded",
1680 |             command=["rsync", Interpolate("-az%(prop:rsync_ipv4:+4)s")]
1681 |             + rsync_defopts
1682 |             + [
1683 |                 "tmp/upload/",
1684 |                 Interpolate("%(kw:url)s/", url=GetRsyncParams.withArgs("bin", "url")),
1685 |             ],
1686 |             env={
1687 |                 "RSYNC_PASSWORD": Interpolate(
1688 |                     "%(kw:key)s", key=GetRsyncParams.withArgs("bin", "key")
1689 |                 )
1690 |             },
1691 |             haltOnFailure=True,
1692 |             logEnviron=False,
1693 |             locks=NetLockUl,
1694 |             doStepIf=util.Transform(bool, GetRsyncParams.withArgs("bin", "url")),
1695 |         )
1696 |     )
1697 | 
1698 |     # build list of files to upload
1699 |     factory.addStep(
1700 |         FileDownload(
1701 |             name="dlsha2rsyncpl",
1702 |             mastersrc=scripts_dir + "/sha2rsync.pl",
1703 |             workerdest="../sha2rsync.pl",
1704 |             mode=0o755,
1705 |         )
1706 |     )
1707 | 
1708 |     factory.addStep(
1709 |         ShellCommand(
1710 |             name="buildlist",
1711 |             description="Building list of files to upload",
1712 |             descriptionDone="List of files to upload built",
1713 |             command=[
1714 |                 "../sha2rsync.pl",
1715 |                 "target-sha256sums",
1716 |                 Interpolate(
1717 |                     "bin/targets/%(kw:target)s/%(kw:subtarget)s%(prop:libc)s/sha256sums",
1718 |                     target=target,
1719 |                     subtarget=subtarget,
1720 |                 ),
1721 |                 "rsynclist",
1722 |             ],
1723 |             haltOnFailure=True,
1724 |         )
1725 |     )
1726 | 
1727 |     factory.addStep(
1728 |         FileDownload(
1729 |             name="dlrsync.sh",
1730 |             mastersrc=scripts_dir + "/rsync.sh",
1731 |             workerdest="../rsync.sh",
1732 |             mode=0o755,
1733 |         )
1734 |     )
1735 | 
1736 |     # upload new files and update existing ones
1737 |     factory.addStep(
1738 |         ShellCommand(
1739 |             name="targetupload",
1740 |             description="Uploading target files",
1741 |             descriptionDone="Target files uploaded",
1742 |             command=[
1743 |                 "../rsync.sh",
1744 |                 "--exclude=/kmods/",
1745 |                 "--exclude=/kmods/**",
1746 |                 "--files-from=rsynclist",
1747 |                 "--delay-updates",
1748 |                 "--partial-dir=.~tmp~%s~%s" % (target, subtarget),
1749 |             ]
1750 |             + rsync_defopts
1751 |             + [
1752 |                 Interpolate("-a%(prop:rsync_ipv4:+4)s"),
1753 |                 Interpolate(
1754 |                     "bin/targets/%(kw:target)s/%(kw:subtarget)s%(prop:libc)s/",
1755 |                     target=target,
1756 |                     subtarget=subtarget,
1757 |                 ),
1758 |                 Interpolate(
1759 |                     "%(kw:url)s/%(kw:prefix)stargets/%(kw:target)s/%(kw:subtarget)s/",
1760 |                     url=GetRsyncParams.withArgs("bin", "url"),
1761 |                     target=target,
1762 |                     subtarget=subtarget,
1763 |                     prefix=GetVersionPrefix,
1764 |                 ),
1765 |             ],
1766 |             env={
1767 |                 "RSYNC_PASSWORD": Interpolate(
1768 |                     "%(kw:key)s", key=GetRsyncParams.withArgs("bin", "key")
1769 |                 )
1770 |             },
1771 |             haltOnFailure=True,
1772 |             logEnviron=False,
1773 |             doStepIf=util.Transform(bool, GetRsyncParams.withArgs("bin", "url")),
1774 |         )
1775 |     )
1776 | 
1777 |     # delete files which don't exist locally
1778 |     factory.addStep(
1779 |         ShellCommand(
1780 |             name="targetprune",
1781 |             description="Pruning target files",
1782 |             descriptionDone="Target files pruned",
1783 |             command=[
1784 |                 "../rsync.sh",
1785 |                 "--exclude=/kmods/",
1786 |                 "--delete",
1787 |                 "--existing",
1788 |                 "--ignore-existing",
1789 |                 "--delay-updates",
1790 |                 "--partial-dir=.~tmp~%s~%s" % (target, subtarget),
1791 |             ]
1792 |             + rsync_defopts
1793 |             + [
1794 |                 Interpolate("-a%(prop:rsync_ipv4:+4)s"),
1795 |                 Interpolate(
1796 |                     "bin/targets/%(kw:target)s/%(kw:subtarget)s%(prop:libc)s/",
1797 |                     target=target,
1798 |                     subtarget=subtarget,
1799 |                 ),
1800 |                 Interpolate(
1801 |                     "%(kw:url)s/%(kw:prefix)stargets/%(kw:target)s/%(kw:subtarget)s/",
1802 |                     url=GetRsyncParams.withArgs("bin", "url"),
1803 |                     target=target,
1804 |                     subtarget=subtarget,
1805 |                     prefix=GetVersionPrefix,
1806 |                 ),
1807 |             ],
1808 |             env={
1809 |                 "RSYNC_PASSWORD": Interpolate(
1810 |                     "%(kw:key)s", key=GetRsyncParams.withArgs("bin", "key")
1811 |                 )
1812 |             },
1813 |             haltOnFailure=True,
1814 |             logEnviron=False,
1815 |             locks=NetLockUl,
1816 |             doStepIf=util.Transform(bool, GetRsyncParams.withArgs("bin", "url")),
1817 |         )
1818 |     )
1819 | 
1820 |     factory.addStep(
1821 |         ShellCommand(
1822 |             name="kmodupload",
1823 |             description="Uploading kmod archive",
1824 |             descriptionDone="Kmod archive uploaded",
1825 |             command=[
1826 |                 "../rsync.sh",
1827 |                 "--delete",
1828 |                 "--delay-updates",
1829 |                 "--partial-dir=.~tmp~%s~%s" % (target, subtarget),
1830 |             ]
1831 |             + rsync_defopts
1832 |             + [
1833 |                 Interpolate("-a%(prop:rsync_ipv4:+4)s"),
1834 |                 Interpolate(
1835 |                     "bin/targets/%(kw:target)s/%(kw:subtarget)s%(prop:libc)s/kmods/%(prop:kernelversion)s/",
1836 |                     target=target,
1837 |                     subtarget=subtarget,
1838 |                 ),
1839 |                 Interpolate(
1840 |                     "%(kw:url)s/%(kw:prefix)stargets/%(kw:target)s/%(kw:subtarget)s/kmods/%(prop:kernelversion)s/",
1841 |                     url=GetRsyncParams.withArgs("bin", "url"),
1842 |                     target=target,
1843 |                     subtarget=subtarget,
1844 |                     prefix=GetVersionPrefix,
1845 |                 ),
1846 |             ],
1847 |             env={
1848 |                 "RSYNC_PASSWORD": Interpolate(
1849 |                     "%(kw:key)s", key=GetRsyncParams.withArgs("bin", "key")
1850 |                 )
1851 |             },
1852 |             haltOnFailure=True,
1853 |             logEnviron=False,
1854 |             locks=NetLockUl,
1855 |             doStepIf=IsKmodArchiveAndRsyncEnabled,
1856 |         )
1857 |     )
1858 | 
1859 |     factory.addStep(
1860 |         ShellCommand(
1861 |             name="sourcelist",
1862 |             description="Finding source archives to upload",
1863 |             descriptionDone="Source archives to upload found",
1864 |             command=(
1865 |                 "find dl/ -maxdepth 1 -type f -not -size 0 "
1866 |                 "-not -name '.*' -not -name '*.hash' -not -name "
1867 |                 "'*.dl' -newer .config -printf '%f\\n' > sourcelist"
1868 |             ),
1869 |             haltOnFailure=True,
1870 |         )
1871 |     )
1872 | 
1873 |     factory.addStep(
1874 |         ShellCommand(
1875 |             name="sourceupload",
1876 |             description="Uploading source archives",
1877 |             descriptionDone="Source archives uploaded",
1878 |             command=[
1879 |                 "../rsync.sh",
1880 |                 "--files-from=sourcelist",
1881 |                 "--size-only",
1882 |                 "--delay-updates",
1883 |             ]
1884 |             + rsync_defopts
1885 |             + [
1886 |                 Interpolate(
1887 |                     "--partial-dir=.~tmp~%(kw:target)s~%(kw:subtarget)s~%(prop:workername)s",
1888 |                     target=target,
1889 |                     subtarget=subtarget,
1890 |                 ),
1891 |                 Interpolate("-a%(prop:rsync_ipv4:+4)s"),
1892 |                 "dl/",
1893 |                 Interpolate("%(kw:url)s/", url=GetRsyncParams.withArgs("src", "url")),
1894 |             ],
1895 |             env={
1896 |                 "RSYNC_PASSWORD": Interpolate(
1897 |                     "%(kw:key)s", key=GetRsyncParams.withArgs("src", "key")
1898 |                 )
1899 |             },
1900 |             haltOnFailure=True,
1901 |             logEnviron=False,
1902 |             locks=NetLockUl,
1903 |             doStepIf=util.Transform(bool, GetRsyncParams.withArgs("src", "url")),
1904 |         )
1905 |     )
1906 | 
1907 |     factory.addStep(
1908 |         ShellCommand(
1909 |             name="df",
1910 |             description="Reporting disk usage",
1911 |             command=["df", "-h", "."],
1912 |             env={"LC_ALL": "C"},
1913 |             logEnviron=False,
1914 |             haltOnFailure=False,
1915 |             flunkOnFailure=False,
1916 |             warnOnFailure=False,
1917 |             alwaysRun=True,
1918 |         )
1919 |     )
1920 | 
1921 |     factory.addStep(
1922 |         ShellCommand(
1923 |             name="du",
1924 |             description="Reporting estimated file space usage",
1925 |             command=["du", "-sh", "."],
1926 |             env={"LC_ALL": "C"},
1927 |             logEnviron=False,
1928 |             haltOnFailure=False,
1929 |             flunkOnFailure=False,
1930 |             warnOnFailure=False,
1931 |             alwaysRun=True,
1932 |         )
1933 |     )
1934 | 
1935 |     factory.addStep(
1936 |         ShellCommand(
1937 |             name="ccachestat",
1938 |             description="Reporting ccache stats",
1939 |             command=["ccache", "-s"],
1940 |             logEnviron=False,
1941 |             want_stderr=False,
1942 |             haltOnFailure=False,
1943 |             flunkOnFailure=False,
1944 |             warnOnFailure=False,
1945 |             doStepIf=util.Transform(bool, Property("ccache_command")),
1946 |         )
1947 |     )
1948 | 
1949 |     return factory
1950 | 
1951 | 
1952 | for brname in branchNames:
1953 |     for target in targets[brname]:
1954 |         bldrname = brname + "_" + target
1955 |         c["builders"].append(
1956 |             BuilderConfig(
1957 |                 name=bldrname,
1958 |                 workernames=workerNames,
1959 |                 factory=prepareFactory(target),
1960 |                 tags=[
1961 |                     brname,
1962 |                 ],
1963 |                 nextBuild=GetNextBuild,
1964 |                 canStartBuild=canStartBuild,
1965 |             )
1966 |         )
1967 | 
1968 | 
1969 | # STATUS TARGETS
1970 | 
1971 | # 'status' is a list of Status Targets. The results of each build will be
1972 | # pushed to these targets. buildbot/status/*.py has a variety to choose from,
1973 | # including web pages, email senders, and IRC bots.
1974 | 
1975 | if "status_bind" in inip1:
1976 |     c["www"] = {
1977 |         "port": inip1.get("status_bind"),
1978 |         "plugins": {"waterfall_view": True, "console_view": True, "grid_view": True},
1979 |     }
1980 | 
1981 |     if "status_user" in inip1 and "status_password" in inip1:
1982 |         c["www"]["auth"] = util.UserPasswordAuth(
1983 |             [(inip1.get("status_user"), inip1.get("status_password"))]
1984 |         )
1985 |         c["www"]["authz"] = util.Authz(
1986 |             allowRules=[util.AnyControlEndpointMatcher(role="admins")],
1987 |             roleMatchers=[
1988 |                 util.RolesFromUsername(
1989 |                     roles=["admins"], usernames=[inip1.get("status_user")]
1990 |                 )
1991 |             ],
1992 |         )
1993 | 
1994 | c["services"] = []
1995 | if ini.has_section("irc"):
1996 |     iniirc = ini["irc"]
1997 |     irc_host = iniirc.get("host", None)
1998 |     irc_port = iniirc.getint("port", 6667)
1999 |     irc_chan = iniirc.get("channel", None)
2000 |     irc_nick = iniirc.get("nickname", None)
2001 |     irc_pass = iniirc.get("password", None)
2002 | 
2003 |     if irc_host and irc_nick and irc_chan:
2004 |         irc = reporters.IRC(
2005 |             irc_host,
2006 |             irc_nick,
2007 |             port=irc_port,
2008 |             password=irc_pass,
2009 |             channels=[irc_chan],
2010 |             notify_events=["exception", "problem", "recovery"],
2011 |         )
2012 | 
2013 |         c["services"].append(irc)
2014 | 
2015 | c["revlink"] = util.RevlinkMatch(
2016 |     [r"https://git.openwrt.org/openwrt/(.*).git"],
2017 |     r"https://git.openwrt.org/?p=openwrt/\1.git;a=commit;h=%s",
2018 | )
2019 | 
2020 | # DB URL
2021 | 
2022 | c["db"] = {
2023 |     # This specifies what database buildbot uses to store its state.  You can leave
2024 |     # this at its default for all but the largest installations.
2025 |     "db_url": "sqlite:///state.sqlite",
2026 | }
2027 | 
2028 | c["buildbotNetUsageData"] = None
2029 | 


--------------------------------------------------------------------------------