diff options
Diffstat (limited to 'packaging/makeself')
| -rw-r--r-- | packaging/makeself/README.md | 2 | ||||
| -rwxr-xr-x | packaging/makeself/build-static.sh | 11 | ||||
| -rwxr-xr-x | packaging/makeself/build.sh | 5 | ||||
| -rwxr-xr-x | packaging/makeself/functions.sh | 2 | ||||
| -rwxr-xr-x | packaging/makeself/install-or-update.sh | 100 | ||||
| -rwxr-xr-x | packaging/makeself/jobs/70-netdata-git.install.sh | 3 | ||||
| -rwxr-xr-x | packaging/makeself/jobs/90-netdata-runtime-check.sh | 7 | ||||
| -rwxr-xr-x | packaging/makeself/run-all-jobs.sh | 2 |
8 files changed, 106 insertions, 26 deletions
diff --git a/packaging/makeself/README.md b/packaging/makeself/README.md index 1f2c746bf..d1c492f62 100644 --- a/packaging/makeself/README.md +++ b/packaging/makeself/README.md @@ -26,7 +26,7 @@ you can do so by adding `--static-only` to the options you pass to the installer ## Building a static binary package Before you begin, make sure that your repo and the repo's submodules are clean from any previous builds and up to date. -Otherwise, [perform a cleanup](https://github.com/netdata/netdata/blob/master/packaging/installer/methods/manual.md#perform-a-cleanup-in-your-netdata-repo) +Otherwise, [perform a cleanup](/packaging/installer/methods/manual.md#perform-a-cleanup-in-your-netdata-repo) To build the static binary 64-bit distribution package, into the root folder on the netdata repo, run: diff --git a/packaging/makeself/build-static.sh b/packaging/makeself/build-static.sh index 260581ed1..7161cfcda 100755 --- a/packaging/makeself/build-static.sh +++ b/packaging/makeself/build-static.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/bash # SPDX-License-Identifier: GPL-3.0-or-later @@ -54,10 +54,11 @@ fi # Run the build script inside the container if [ -t 1 ]; then run ${docker} run --rm -e BUILDARCH="${BUILDARCH}" -a stdin -a stdout -a stderr -i -t -v "$(pwd)":/netdata:rw \ - --platform "${platform}" "${DOCKER_IMAGE_NAME}" \ - /bin/sh /netdata/packaging/makeself/build.sh "${@}" + --platform "${platform}" ${EXTRA_INSTALL_FLAGS:+-e EXTRA_INSTALL_FLAGS="${EXTRA_INSTALL_FLAGS}"} \ + "${DOCKER_IMAGE_NAME}" /bin/sh /netdata/packaging/makeself/build.sh "${@}" else run ${docker} run --rm -e BUILDARCH="${BUILDARCH}" -v "$(pwd)":/netdata:rw \ - -e GITHUB_ACTIONS="${GITHUB_ACTIONS}" --platform "${platform}" "${DOCKER_IMAGE_NAME}" \ - /bin/sh /netdata/packaging/makeself/build.sh "${@}" + -e GITHUB_ACTIONS="${GITHUB_ACTIONS}" --platform "${platform}" \ + ${EXTRA_INSTALL_FLAGS:+-e EXTRA_INSTALL_FLAGS="${EXTRA_INSTALL_FLAGS}"} \ + "${DOCKER_IMAGE_NAME}" /bin/sh /netdata/packaging/makeself/build.sh "${@}" fi diff --git a/packaging/makeself/build.sh b/packaging/makeself/build.sh index 3ac600ed4..dca635f0a 100755 --- a/packaging/makeself/build.sh +++ b/packaging/makeself/build.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/bash # SPDX-License-Identifier: GPL-3.0-or-later # ----------------------------------------------------------------------------- @@ -33,9 +33,6 @@ chown -R root:root /usr/src/netdata cd /usr/src/netdata/packaging/makeself || exit 1 -git clean -dxf -git submodule foreach --recursive git clean -dxf - cat >&2 << EOF This program will create a self-extracting shell package containing a statically linked netdata, able to run on any 64bit Linux system, diff --git a/packaging/makeself/functions.sh b/packaging/makeself/functions.sh index c3289c7cd..4057fbee0 100755 --- a/packaging/makeself/functions.sh +++ b/packaging/makeself/functions.sh @@ -52,7 +52,7 @@ fetch() { # Check SHA256 of gzip'd tar file (apparently alpine's sha256sum requires # two empty spaces between the checksum and the file's path) set +e - echo "${sha256} ${NETDATA_MAKESELF_PATH}/tmp/${tar}" | sha256sum -c -s + echo "${sha256} ${NETDATA_MAKESELF_PATH}/tmp/${tar}" | sha256sum --c --status local rc=$? if [ ${rc} -ne 0 ]; then echo >&2 "SHA256 verification of tar file ${tar} failed (rc=${rc})" diff --git a/packaging/makeself/install-or-update.sh b/packaging/makeself/install-or-update.sh index 964d2aa5d..d2350a790 100755 --- a/packaging/makeself/install-or-update.sh +++ b/packaging/makeself/install-or-update.sh @@ -27,6 +27,8 @@ fi STARTIT=1 REINSTALL_OPTIONS="" +NETDATA_CERT_MODE="${NETDATA_CERT_MODE:-auto}" +NETDATA_CERT_TEST_URL="${NETDATA_CERT_TEST_URL:-https://app.netdata.cloud}" RELEASE_CHANNEL="nightly" while [ "${1}" ]; do @@ -48,6 +50,19 @@ while [ "${1}" ]; do NETDATA_DISABLE_TELEMETRY=1 REINSTALL_OPTIONS="${REINSTALL_OPTIONS} ${1}" ;; + "--certificates") + case "${2}" in + auto|system) NETDATA_CERT_MODE="auto" ;; + check) NETDATA_CERT_MODE="check" ;; + bundled) NETDATA_CERT_MODE="bundled" ;; + *) run_failed "Unknown certificate handling mode '${2}'. Supported modes are auto, check, system, and bundled."; exit 1 ;; + esac + shift 1 + ;; + "--certificate-test-url") + NETDATA_CERT_TEST_URL="${2}" + shift 1 + ;; *) echo >&2 "Unknown option '${1}'. Ignoring it." ;; esac @@ -62,6 +77,14 @@ if [ ! "${DISABLE_TELEMETRY:-0}" -eq 0 ] || REINSTALL_OPTIONS="${REINSTALL_OPTIONS} --disable-telemetry" fi +if [ -n "${NETDATA_CERT_MODE}" ]; then + REINSTALL_OPTIONS="${REINSTALL_OPTIONS} --certificates ${NETDATA_CERT_MODE}" +fi + +if [ -n "${NETDATA_CERT_TEST_URL}" ]; then + REINSTALL_OPTIONS="${REINSTALL_OPTIONS} --certificate-test-url ${NETDATA_CERT_TEST_URL}" +fi + # ----------------------------------------------------------------------------- progress "Attempt to create user/group netdata/netadata" @@ -101,6 +124,10 @@ progress "Install logrotate configuration for netdata" install_netdata_logrotate || run_failed "Cannot install logrotate file for netdata." +progress "Install journald configuration for netdata" + +install_netdata_journald_conf || run_failed "Cannot install journald file for netdata." + # ----------------------------------------------------------------------------- progress "Telemetry configuration" @@ -192,13 +219,13 @@ if command -v setcap >/dev/null 2>&1; then run setcap "cap_dac_read_search+epi cap_net_admin+epi cap_net_raw=eip" "usr/libexec/netdata/plugins.d/go.d.plugin" else - for x in ndsudo apps.plugin perf.plugin slabinfo.plugin debugfs.plugin; do + for x in apps.plugin perf.plugin slabinfo.plugin debugfs.plugin; do f="usr/libexec/netdata/plugins.d/${x}" run chmod 4750 "${f}" done fi -for x in freeipmi.plugin ioping cgroup-network local-listeners network-viewer.plugin ebpf.plugin nfacct.plugin xenstat.plugin; do +for x in ndsudo freeipmi.plugin ioping cgroup-network local-listeners network-viewer.plugin ebpf.plugin nfacct.plugin xenstat.plugin; do f="usr/libexec/netdata/plugins.d/${x}" if [ -f "${f}" ]; then @@ -208,26 +235,73 @@ done # ----------------------------------------------------------------------------- -echo "Configure TLS certificate paths" -if [ ! -L /opt/netdata/etc/ssl ] && [ -d /opt/netdata/etc/ssl ] ; then - echo "Preserving existing user configuration for TLS" -else +replace_symlink() { + target="${1}" + name="${2}" + rm -f "${name}" + ln -s "${target}" "${name}" +} + +select_system_certs() { if [ -d /etc/pki/tls ] ; then - echo "Using /etc/pki/tls for TLS configuration and certificates" - ln -sf /etc/pki/tls /opt/netdata/etc/ssl + echo "${1} /etc/pki/tls for TLS configuration and certificates" + replace_symlink /etc/pki/tls /opt/netdata/etc/ssl elif [ -d /etc/ssl ] ; then - echo "Using /etc/ssl for TLS configuration and certificates" - ln -sf /etc/ssl /opt/netdata/etc/ssl - else - echo "Using bundled TLS configuration and certificates" - ln -sf /opt/netdata/share/ssl /opt/netdata/etc/ssl + echo "${1} /etc/ssl for TLS configuration and certificates" + replace_symlink /etc/ssl /opt/netdata/etc/ssl fi +} + +select_internal_certs() { + echo "Using bundled TLS configuration and certificates" + replace_symlink /opt/netdata/share/ssl /opt/netdata/etc/ssl +} + +certs_selected() { + [ -L /opt/netdata/etc/ssl ] || return 1 +} + +test_certs() { + /opt/netdata/bin/curl --fail --max-time 300 --silent --output /dev/null "${NETDATA_CERT_TEST_URL}" + + case "$?" in + 35|77) echo "Failed to load certificate files for test." ; return 1 ;; + 60|82|83) echo "Certificates cannot be used to connect to ${NETDATA_CERT_TEST_URL}" ; return 1 ;; + 53|54|66) echo "Unable to use OpenSSL configuration associated with certificates" ; return 1 ;; + 0) echo "Successfully connected to ${NETDATA_CERT_TEST_URL} using certificates" ;; + *) echo "Unable to test certificates due to networking problems, blindly assuming they work" ;; + esac +} + +# If the user has manually set up certificates, don’t mess with it. +if [ ! -L /opt/netdata/etc/ssl ] && [ -d /opt/netdata/etc/ssl ] ; then + echo "Preserving existing user configuration for TLS" +else + echo "Configure TLS certificate paths (mode: ${NETDATA_CERT_MODE})" + case "${NETDATA_CERT_MODE}" in + check) + select_system_certs "Testing" + if certs_selected && test_certs; then + select_system_certs "Using" + else + select_internal_certs + fi + ;; + bundled) select_internal_certs ;; + *) + select_system_certs "Using" + if ! certs_selected; then + select_internal_certs + fi + ;; + esac fi # ----------------------------------------------------------------------------- echo "Save install options" grep -qv 'IS_NETDATA_STATIC_BINARY="yes"' "${NETDATA_PREFIX}/etc/netdata/.environment" || echo IS_NETDATA_STATIC_BINARY=\"yes\" >> "${NETDATA_PREFIX}/etc/netdata/.environment" +REINSTALL_OPTIONS="$(echo "${REINSTALL_OPTIONS}" | awk '{gsub("/", "\\/"); print}')" sed -i "s/REINSTALL_OPTIONS=\".*\"/REINSTALL_OPTIONS=\"${REINSTALL_OPTIONS}\"/" "${NETDATA_PREFIX}/etc/netdata/.environment" # ----------------------------------------------------------------------------- diff --git a/packaging/makeself/jobs/70-netdata-git.install.sh b/packaging/makeself/jobs/70-netdata-git.install.sh index 0373599a9..13144bfcd 100755 --- a/packaging/makeself/jobs/70-netdata-git.install.sh +++ b/packaging/makeself/jobs/70-netdata-git.install.sh @@ -37,7 +37,8 @@ run ./netdata-installer.sh \ --dont-scrub-cflags-even-though-it-may-break-things \ --one-time-build \ --disable-logsmanagement \ - --enable-lto + --enable-lto \ + ${EXTRA_INSTALL_FLAGS:+${EXTRA_INSTALL_FLAGS}} \ # shellcheck disable=SC2015 [ "${GITHUB_ACTIONS}" = "true" ] && echo "::group::Finishing netdata install" || true diff --git a/packaging/makeself/jobs/90-netdata-runtime-check.sh b/packaging/makeself/jobs/90-netdata-runtime-check.sh index fc1b239b3..86f4883d7 100755 --- a/packaging/makeself/jobs/90-netdata-runtime-check.sh +++ b/packaging/makeself/jobs/90-netdata-runtime-check.sh @@ -10,6 +10,13 @@ dump_log() { trap dump_log EXIT +export NETDATA_LIBEXEC_PREFIX="${NETDATA_INSTALL_PATH}/usr/libexec/netdata" +export NETDATA_SKIP_LIBEXEC_PARTS="logs-management|freeipmi|xenstat|cups" + +if [ "$(uname -m)" != "x86_64" ]; then + export NETDATA_SKIP_LIBEXEC_PARTS="${NETDATA_SKIP_LIBEXEC_PARTS}|ebpf" +fi + "${NETDATA_INSTALL_PATH}/bin/netdata" -D > ./netdata.log 2>&1 & "${NETDATA_SOURCE_PATH}/packaging/runtime-check.sh" || exit 1 diff --git a/packaging/makeself/run-all-jobs.sh b/packaging/makeself/run-all-jobs.sh index dd123c218..e9b4327bf 100755 --- a/packaging/makeself/run-all-jobs.sh +++ b/packaging/makeself/run-all-jobs.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/bash # SPDX-License-Identifier: GPL-3.0-or-later set -e |