diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-24 09:54:23 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-24 09:54:44 +0000 |
| commit | 836b47cb7e99a977c5a23b059ca1d0b5065d310e (patch) | |
| tree | 1604da8f482d02effa033c94a84be42bc0c848c3 /packaging/makeself | |
| parent | Releasing debian version 1.44.3-2. (diff) | |
| download | netdata-836b47cb7e99a977c5a23b059ca1d0b5065d310e.tar.xz netdata-836b47cb7e99a977c5a23b059ca1d0b5065d310e.zip | |
Merging upstream version 1.46.3.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'packaging/makeself')
| -rw-r--r-- | packaging/makeself/README.md | 2 | ||||
| -rwxr-xr-x | packaging/makeself/build-static.sh | 20 | ||||
| -rwxr-xr-x | packaging/makeself/build.sh | 5 | ||||
| -rw-r--r-- | packaging/makeself/bundled-packages.version (renamed from packaging/makeself/bundled-packages) | 0 | ||||
| -rwxr-xr-x | packaging/makeself/functions.sh | 2 | ||||
| -rwxr-xr-x | packaging/makeself/install-or-update.sh | 102 | ||||
| -rwxr-xr-x | packaging/makeself/jobs/20-openssl.install.sh | 2 | ||||
| -rwxr-xr-x | packaging/makeself/jobs/50-bash-5.1.16.install.sh | 2 | ||||
| -rwxr-xr-x | packaging/makeself/jobs/50-curl.install.sh | 2 | ||||
| -rwxr-xr-x | packaging/makeself/jobs/50-ioping-1.3.install.sh | 2 | ||||
| -rwxr-xr-x | packaging/makeself/jobs/50-libnetfilter_acct-1.0.3.install.sh | 2 | ||||
| -rwxr-xr-x | packaging/makeself/jobs/70-netdata-git.install.sh | 4 | ||||
| -rwxr-xr-x | packaging/makeself/jobs/90-netdata-runtime-check.sh | 44 | ||||
| -rwxr-xr-x | packaging/makeself/run-all-jobs.sh | 2 | ||||
| -rwxr-xr-x | packaging/makeself/uname2platform.sh | 1 |
15 files changed, 121 insertions, 71 deletions
diff --git a/packaging/makeself/README.md b/packaging/makeself/README.md index 1f2c746bf..d1c492f62 100644 --- a/packaging/makeself/README.md +++ b/packaging/makeself/README.md @@ -26,7 +26,7 @@ you can do so by adding `--static-only` to the options you pass to the installer ## Building a static binary package Before you begin, make sure that your repo and the repo's submodules are clean from any previous builds and up to date. -Otherwise, [perform a cleanup](https://github.com/netdata/netdata/blob/master/packaging/installer/methods/manual.md#perform-a-cleanup-in-your-netdata-repo) +Otherwise, [perform a cleanup](/packaging/installer/methods/manual.md#perform-a-cleanup-in-your-netdata-repo) To build the static binary 64-bit distribution package, into the root folder on the netdata repo, run: diff --git a/packaging/makeself/build-static.sh b/packaging/makeself/build-static.sh index 0c46c12af..7161cfcda 100755 --- a/packaging/makeself/build-static.sh +++ b/packaging/makeself/build-static.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/bash # SPDX-License-Identifier: GPL-3.0-or-later @@ -26,8 +26,13 @@ fi DOCKER_IMAGE_NAME="netdata/static-builder:v1" -if [ "${BUILDARCH}" != "$(uname -m)" ] && [ "$(uname -m)" = 'x86_64' ] && [ -z "${SKIP_EMULATION}" ]; then - ${docker} run --rm --privileged multiarch/qemu-user-static --reset -p yes || exit 1 +if [ "${BUILDARCH}" != "$(uname -m)" ] && [ -z "${SKIP_EMULATION}" ]; then + if [ "$(uname -m)" = "x86_64" ]; then + ${docker} run --rm --privileged multiarch/qemu-user-static --reset -p yes || exit 1 + else + echo "Automatic cross-architecture builds are only supported on x86_64 hosts." + exit 1 + fi fi if ${docker} inspect "${DOCKER_IMAGE_NAME}" > /dev/null 2>&1; then @@ -49,10 +54,11 @@ fi # Run the build script inside the container if [ -t 1 ]; then run ${docker} run --rm -e BUILDARCH="${BUILDARCH}" -a stdin -a stdout -a stderr -i -t -v "$(pwd)":/netdata:rw \ - "${DOCKER_IMAGE_NAME}" \ - /bin/sh /netdata/packaging/makeself/build.sh "${@}" + --platform "${platform}" ${EXTRA_INSTALL_FLAGS:+-e EXTRA_INSTALL_FLAGS="${EXTRA_INSTALL_FLAGS}"} \ + "${DOCKER_IMAGE_NAME}" /bin/sh /netdata/packaging/makeself/build.sh "${@}" else run ${docker} run --rm -e BUILDARCH="${BUILDARCH}" -v "$(pwd)":/netdata:rw \ - -e GITHUB_ACTIONS="${GITHUB_ACTIONS}" "${DOCKER_IMAGE_NAME}" \ - /bin/sh /netdata/packaging/makeself/build.sh "${@}" + -e GITHUB_ACTIONS="${GITHUB_ACTIONS}" --platform "${platform}" \ + ${EXTRA_INSTALL_FLAGS:+-e EXTRA_INSTALL_FLAGS="${EXTRA_INSTALL_FLAGS}"} \ + "${DOCKER_IMAGE_NAME}" /bin/sh /netdata/packaging/makeself/build.sh "${@}" fi diff --git a/packaging/makeself/build.sh b/packaging/makeself/build.sh index 3ac600ed4..dca635f0a 100755 --- a/packaging/makeself/build.sh +++ b/packaging/makeself/build.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/bash # SPDX-License-Identifier: GPL-3.0-or-later # ----------------------------------------------------------------------------- @@ -33,9 +33,6 @@ chown -R root:root /usr/src/netdata cd /usr/src/netdata/packaging/makeself || exit 1 -git clean -dxf -git submodule foreach --recursive git clean -dxf - cat >&2 << EOF This program will create a self-extracting shell package containing a statically linked netdata, able to run on any 64bit Linux system, diff --git a/packaging/makeself/bundled-packages b/packaging/makeself/bundled-packages.version index 02ee4469d..02ee4469d 100644 --- a/packaging/makeself/bundled-packages +++ b/packaging/makeself/bundled-packages.version diff --git a/packaging/makeself/functions.sh b/packaging/makeself/functions.sh index c3289c7cd..4057fbee0 100755 --- a/packaging/makeself/functions.sh +++ b/packaging/makeself/functions.sh @@ -52,7 +52,7 @@ fetch() { # Check SHA256 of gzip'd tar file (apparently alpine's sha256sum requires # two empty spaces between the checksum and the file's path) set +e - echo "${sha256} ${NETDATA_MAKESELF_PATH}/tmp/${tar}" | sha256sum -c -s + echo "${sha256} ${NETDATA_MAKESELF_PATH}/tmp/${tar}" | sha256sum --c --status local rc=$? if [ ${rc} -ne 0 ]; then echo >&2 "SHA256 verification of tar file ${tar} failed (rc=${rc})" diff --git a/packaging/makeself/install-or-update.sh b/packaging/makeself/install-or-update.sh index e4c133459..d2350a790 100755 --- a/packaging/makeself/install-or-update.sh +++ b/packaging/makeself/install-or-update.sh @@ -27,6 +27,8 @@ fi STARTIT=1 REINSTALL_OPTIONS="" +NETDATA_CERT_MODE="${NETDATA_CERT_MODE:-auto}" +NETDATA_CERT_TEST_URL="${NETDATA_CERT_TEST_URL:-https://app.netdata.cloud}" RELEASE_CHANNEL="nightly" while [ "${1}" ]; do @@ -48,6 +50,19 @@ while [ "${1}" ]; do NETDATA_DISABLE_TELEMETRY=1 REINSTALL_OPTIONS="${REINSTALL_OPTIONS} ${1}" ;; + "--certificates") + case "${2}" in + auto|system) NETDATA_CERT_MODE="auto" ;; + check) NETDATA_CERT_MODE="check" ;; + bundled) NETDATA_CERT_MODE="bundled" ;; + *) run_failed "Unknown certificate handling mode '${2}'. Supported modes are auto, check, system, and bundled."; exit 1 ;; + esac + shift 1 + ;; + "--certificate-test-url") + NETDATA_CERT_TEST_URL="${2}" + shift 1 + ;; *) echo >&2 "Unknown option '${1}'. Ignoring it." ;; esac @@ -62,6 +77,14 @@ if [ ! "${DISABLE_TELEMETRY:-0}" -eq 0 ] || REINSTALL_OPTIONS="${REINSTALL_OPTIONS} --disable-telemetry" fi +if [ -n "${NETDATA_CERT_MODE}" ]; then + REINSTALL_OPTIONS="${REINSTALL_OPTIONS} --certificates ${NETDATA_CERT_MODE}" +fi + +if [ -n "${NETDATA_CERT_TEST_URL}" ]; then + REINSTALL_OPTIONS="${REINSTALL_OPTIONS} --certificate-test-url ${NETDATA_CERT_TEST_URL}" +fi + # ----------------------------------------------------------------------------- progress "Attempt to create user/group netdata/netadata" @@ -101,6 +124,10 @@ progress "Install logrotate configuration for netdata" install_netdata_logrotate || run_failed "Cannot install logrotate file for netdata." +progress "Install journald configuration for netdata" + +install_netdata_journald_conf || run_failed "Cannot install journald file for netdata." + # ----------------------------------------------------------------------------- progress "Telemetry configuration" @@ -172,7 +199,7 @@ fi progress "changing plugins ownership and permissions" -for x in apps.plugin perf.plugin slabinfo.plugin debugfs.plugin freeipmi.plugin ioping cgroup-network local-listeners ebpf.plugin nfacct.plugin xenstat.plugin python.d.plugin charts.d.plugin go.d.plugin ioping.plugin cgroup-network-helper.sh; do +for x in ndsudo apps.plugin perf.plugin slabinfo.plugin debugfs.plugin freeipmi.plugin ioping cgroup-network local-listeners network-viewer.plugin ebpf.plugin nfacct.plugin xenstat.plugin python.d.plugin charts.d.plugin go.d.plugin ioping.plugin cgroup-network-helper.sh; do f="usr/libexec/netdata/plugins.d/${x}" if [ -f "${f}" ]; then run chown root:${NETDATA_GROUP} "${f}" @@ -190,7 +217,7 @@ if command -v setcap >/dev/null 2>&1; then run setcap "cap_sys_admin=ep" "usr/libexec/netdata/plugins.d/perf.plugin" fi - run setcap "cap_net_admin,cap_net_raw=eip" "usr/libexec/netdata/plugins.d/go.d.plugin" + run setcap "cap_dac_read_search+epi cap_net_admin+epi cap_net_raw=eip" "usr/libexec/netdata/plugins.d/go.d.plugin" else for x in apps.plugin perf.plugin slabinfo.plugin debugfs.plugin; do f="usr/libexec/netdata/plugins.d/${x}" @@ -198,7 +225,7 @@ else done fi -for x in freeipmi.plugin ioping cgroup-network local-listeners ebpf.plugin nfacct.plugin xenstat.plugin; do +for x in ndsudo freeipmi.plugin ioping cgroup-network local-listeners network-viewer.plugin ebpf.plugin nfacct.plugin xenstat.plugin; do f="usr/libexec/netdata/plugins.d/${x}" if [ -f "${f}" ]; then @@ -208,26 +235,73 @@ done # ----------------------------------------------------------------------------- -echo "Configure TLS certificate paths" -if [ ! -L /opt/netdata/etc/ssl ] && [ -d /opt/netdata/etc/ssl ] ; then - echo "Preserving existing user configuration for TLS" -else +replace_symlink() { + target="${1}" + name="${2}" + rm -f "${name}" + ln -s "${target}" "${name}" +} + +select_system_certs() { if [ -d /etc/pki/tls ] ; then - echo "Using /etc/pki/tls for TLS configuration and certificates" - ln -sf /etc/pki/tls /opt/netdata/etc/ssl + echo "${1} /etc/pki/tls for TLS configuration and certificates" + replace_symlink /etc/pki/tls /opt/netdata/etc/ssl elif [ -d /etc/ssl ] ; then - echo "Using /etc/ssl for TLS configuration and certificates" - ln -sf /etc/ssl /opt/netdata/etc/ssl - else - echo "Using bundled TLS configuration and certificates" - ln -sf /opt/netdata/share/ssl /opt/netdata/etc/ssl + echo "${1} /etc/ssl for TLS configuration and certificates" + replace_symlink /etc/ssl /opt/netdata/etc/ssl fi +} + +select_internal_certs() { + echo "Using bundled TLS configuration and certificates" + replace_symlink /opt/netdata/share/ssl /opt/netdata/etc/ssl +} + +certs_selected() { + [ -L /opt/netdata/etc/ssl ] || return 1 +} + +test_certs() { + /opt/netdata/bin/curl --fail --max-time 300 --silent --output /dev/null "${NETDATA_CERT_TEST_URL}" + + case "$?" in + 35|77) echo "Failed to load certificate files for test." ; return 1 ;; + 60|82|83) echo "Certificates cannot be used to connect to ${NETDATA_CERT_TEST_URL}" ; return 1 ;; + 53|54|66) echo "Unable to use OpenSSL configuration associated with certificates" ; return 1 ;; + 0) echo "Successfully connected to ${NETDATA_CERT_TEST_URL} using certificates" ;; + *) echo "Unable to test certificates due to networking problems, blindly assuming they work" ;; + esac +} + +# If the user has manually set up certificates, don’t mess with it. +if [ ! -L /opt/netdata/etc/ssl ] && [ -d /opt/netdata/etc/ssl ] ; then + echo "Preserving existing user configuration for TLS" +else + echo "Configure TLS certificate paths (mode: ${NETDATA_CERT_MODE})" + case "${NETDATA_CERT_MODE}" in + check) + select_system_certs "Testing" + if certs_selected && test_certs; then + select_system_certs "Using" + else + select_internal_certs + fi + ;; + bundled) select_internal_certs ;; + *) + select_system_certs "Using" + if ! certs_selected; then + select_internal_certs + fi + ;; + esac fi # ----------------------------------------------------------------------------- echo "Save install options" grep -qv 'IS_NETDATA_STATIC_BINARY="yes"' "${NETDATA_PREFIX}/etc/netdata/.environment" || echo IS_NETDATA_STATIC_BINARY=\"yes\" >> "${NETDATA_PREFIX}/etc/netdata/.environment" +REINSTALL_OPTIONS="$(echo "${REINSTALL_OPTIONS}" | awk '{gsub("/", "\\/"); print}')" sed -i "s/REINSTALL_OPTIONS=\".*\"/REINSTALL_OPTIONS=\"${REINSTALL_OPTIONS}\"/" "${NETDATA_PREFIX}/etc/netdata/.environment" # ----------------------------------------------------------------------------- diff --git a/packaging/makeself/jobs/20-openssl.install.sh b/packaging/makeself/jobs/20-openssl.install.sh index 1158a6330..a07f9c947 100755 --- a/packaging/makeself/jobs/20-openssl.install.sh +++ b/packaging/makeself/jobs/20-openssl.install.sh @@ -4,7 +4,7 @@ # shellcheck source=packaging/makeself/functions.sh . "$(dirname "${0}")/../functions.sh" "${@}" || exit 1 # Source of truth for all the packages we bundle in static builds -. "$(dirname "${0}")/../bundled-packages" +. "$(dirname "${0}")/../bundled-packages.version" # shellcheck disable=SC2015 [ "${GITHUB_ACTIONS}" = "true" ] && echo "::group::Building OpenSSL" || true diff --git a/packaging/makeself/jobs/50-bash-5.1.16.install.sh b/packaging/makeself/jobs/50-bash-5.1.16.install.sh index 7a302f2ee..cc74d0fc8 100755 --- a/packaging/makeself/jobs/50-bash-5.1.16.install.sh +++ b/packaging/makeself/jobs/50-bash-5.1.16.install.sh @@ -4,7 +4,7 @@ # shellcheck source=packaging/makeself/functions.sh . "$(dirname "${0}")/../functions.sh" "${@}" || exit 1 # Source of truth for all the packages we bundle in static builds -. "$(dirname "${0}")/../bundled-packages" +. "$(dirname "${0}")/../bundled-packages.version" # shellcheck disable=SC2015 [ "${GITHUB_ACTIONS}" = "true" ] && echo "::group::building bash" || true diff --git a/packaging/makeself/jobs/50-curl.install.sh b/packaging/makeself/jobs/50-curl.install.sh index 824b30562..54f55480f 100755 --- a/packaging/makeself/jobs/50-curl.install.sh +++ b/packaging/makeself/jobs/50-curl.install.sh @@ -4,7 +4,7 @@ # shellcheck source=packaging/makeself/functions.sh . "$(dirname "${0}")/../functions.sh" "${@}" || exit 1 # Source of truth for all the packages we bundle in static builds -. "$(dirname "${0}")/../bundled-packages" +. "$(dirname "${0}")/../bundled-packages.version" # shellcheck disable=SC2015 [ "${GITHUB_ACTIONS}" = "true" ] && echo "::group::Building cURL" || true diff --git a/packaging/makeself/jobs/50-ioping-1.3.install.sh b/packaging/makeself/jobs/50-ioping-1.3.install.sh index 6bd538e35..de6cb3241 100755 --- a/packaging/makeself/jobs/50-ioping-1.3.install.sh +++ b/packaging/makeself/jobs/50-ioping-1.3.install.sh @@ -4,7 +4,7 @@ # shellcheck source=packaging/makeself/functions.sh . "$(dirname "${0}")/../functions.sh" "${@}" || exit 1 # Source of truth for all the packages we bundle in static builds -. "$(dirname "${0}")/../bundled-packages" || exit 1 +. "$(dirname "${0}")/../bundled-packages.version" || exit 1 # shellcheck disable=SC2015 [ "${GITHUB_ACTIONS}" = "true" ] && echo "::group::Building ioping" || true diff --git a/packaging/makeself/jobs/50-libnetfilter_acct-1.0.3.install.sh b/packaging/makeself/jobs/50-libnetfilter_acct-1.0.3.install.sh index 829752178..efde6976f 100755 --- a/packaging/makeself/jobs/50-libnetfilter_acct-1.0.3.install.sh +++ b/packaging/makeself/jobs/50-libnetfilter_acct-1.0.3.install.sh @@ -7,7 +7,7 @@ # shellcheck source=packaging/makeself/functions.sh . "$(dirname "${0}")/../functions.sh" "${@}" || exit 1 # Source of truth for all the packages we bundle in static builds -. "$(dirname "${0}")/../bundled-packages" || exit 1 +. "$(dirname "${0}")/../bundled-packages.version" || exit 1 # shellcheck disable=SC2015 [ "${GITHUB_ACTIONS}" = "true" ] && echo "::group::building libnetfilter_acct" || true diff --git a/packaging/makeself/jobs/70-netdata-git.install.sh b/packaging/makeself/jobs/70-netdata-git.install.sh index 83d28bf87..13144bfcd 100755 --- a/packaging/makeself/jobs/70-netdata-git.install.sh +++ b/packaging/makeself/jobs/70-netdata-git.install.sh @@ -36,7 +36,9 @@ run ./netdata-installer.sh \ --use-system-protobuf \ --dont-scrub-cflags-even-though-it-may-break-things \ --one-time-build \ - --enable-lto + --disable-logsmanagement \ + --enable-lto \ + ${EXTRA_INSTALL_FLAGS:+${EXTRA_INSTALL_FLAGS}} \ # shellcheck disable=SC2015 [ "${GITHUB_ACTIONS}" = "true" ] && echo "::group::Finishing netdata install" || true diff --git a/packaging/makeself/jobs/90-netdata-runtime-check.sh b/packaging/makeself/jobs/90-netdata-runtime-check.sh index a3c94ffcb..86f4883d7 100755 --- a/packaging/makeself/jobs/90-netdata-runtime-check.sh +++ b/packaging/makeself/jobs/90-netdata-runtime-check.sh @@ -8,47 +8,17 @@ dump_log() { cat ./netdata.log } -wait_for() { - host="${1}" - port="${2}" - name="${3}" - timeout="30" - - if command -v nc > /dev/null ; then - netcat="nc" - elif command -v netcat > /dev/null ; then - netcat="netcat" - else - printf "Unable to find a usable netcat command.\n" - return 1 - fi - - printf "Waiting for %s on %s:%s ... " "${name}" "${host}" "${port}" - - sleep 30 - - i=0 - while ! ${netcat} -z "${host}" "${port}"; do - sleep 1 - if [ "$i" -gt "$timeout" ]; then - printf "Timed out!\n" - return 1 - fi - i="$((i + 1))" - done - printf "OK\n" -} - trap dump_log EXIT -"${NETDATA_INSTALL_PATH}/bin/netdata" -D > ./netdata.log 2>&1 & +export NETDATA_LIBEXEC_PREFIX="${NETDATA_INSTALL_PATH}/usr/libexec/netdata" +export NETDATA_SKIP_LIBEXEC_PARTS="logs-management|freeipmi|xenstat|cups" -wait_for localhost 19999 netdata || exit 1 +if [ "$(uname -m)" != "x86_64" ]; then + export NETDATA_SKIP_LIBEXEC_PARTS="${NETDATA_SKIP_LIBEXEC_PARTS}|ebpf" +fi -curl -sS http://127.0.0.1:19999/api/v1/info > ./response || exit 1 - -cat ./response +"${NETDATA_INSTALL_PATH}/bin/netdata" -D > ./netdata.log 2>&1 & -jq '.version' ./response || exit 1 +"${NETDATA_SOURCE_PATH}/packaging/runtime-check.sh" || exit 1 trap - EXIT diff --git a/packaging/makeself/run-all-jobs.sh b/packaging/makeself/run-all-jobs.sh index dd123c218..e9b4327bf 100755 --- a/packaging/makeself/run-all-jobs.sh +++ b/packaging/makeself/run-all-jobs.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/bash # SPDX-License-Identifier: GPL-3.0-or-later set -e diff --git a/packaging/makeself/uname2platform.sh b/packaging/makeself/uname2platform.sh index 7eab706ec..34d76ff9f 100755 --- a/packaging/makeself/uname2platform.sh +++ b/packaging/makeself/uname2platform.sh @@ -8,6 +8,7 @@ BUILDARCH="${1}" case "${BUILDARCH}" in x86_64) echo "linux/amd64" ;; + armv6l) echo "linux/arm/v6" ;; armv7l) echo "linux/arm/v7" ;; aarch64) echo "linux/arm64/v8" ;; ppc64le) echo "linux/ppc64le" ;; |