Support building packages on noble #7273
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add support for building packages on noble by setting `UBUNTU_VERSION=noble` and passing that through the various layers to build a OCI image on top of noble. The version suffix of +focal/+noble is now automatically added using the fixup-changelog.sh script ported from securedrop-client. Tests now read the environment variable for finding the packages and also determining what Python version is in use.
This is automatically pulled in by the `python3` dependency, and is causes problems for noble packages, since that has libpython3.12.
* setuptools now wants an explicit `package` listing in setup.py, so provide it an empty one. * babel no longer explicitly depends on setuptools, but it still needs it for `pybabel`, so add it into the translation-requirements. * Use pip 24.2, like we upgraded to everywhere else.
`echo ""` adds a single blank line, which dh_conffiles treats as an invalid file, which is an error in noble. If we have a fully empty file, it is happy and still applies our hack. Remove the duplicated dh_gencontrol stanza that was already being overridden later while we're at it.
`-z muldefs` means "Allow multiple definitions of symbols". See <ossec/ossec-hids#2022 (comment)> for details; this can be removed if/when we upgrade to OSSEC 3.7.0.
Normally we're fine with just using ubuntu-latest, except they just downgraded it, which is causing issues building on noble, so explicitly specify 24.04 for now, and once it is always -latest, we can revert this. See <actions/runner-images#10636>.
|
The ossec-agent/ossec-server packages still have hardcoded |
Instead of hardoding dependencies on specific libc and libssl versions, Debian can automatically determine them for us using dh_shlibs.
|
Noble build failing, looks like we're not dropping Will poke at a bit on Monday. |
|
Make sure you're building from a clean folder, there's some cache pollution across focal/noble builds that I thought I had fixed but I guess not. |
Because we need to point to the exact path, which contains a number of variables that vary based on the Python version.
Aside from the duplication of rules for Python 3.12, the /run pid file now has a random string after it, so add a wildcard rule.
legoktm
force-pushed
the
stg-noble-build
branch
from
f679084 to
52dbc2d
Compare
|
I tacked on the last two commits a bit late because I hit them when testing the actual packages; happy to drop them from this PR and submit them independently. |
zenmonkeykstop
approved these changes
Oct 29, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Ready for review
Description of Changes
Basically this adds support for building noble packages without breaking focal builds. It's not exactly but is practically a no-op for focal. The packages have not been tested to work, just that they roughly look right (which should be sufficient for merging, fixes will come later, we just need this in place to actually test the rest of the system).
See commit messages for individual changes.
Refs #7210
Testing
How should the reviewer test this PR?
UBUNTU_VERSION=noble make build-debsUBUNTU_VERSION=noble make build-debs-ossecDeployment
Any special considerations for deployment? Should be a no-op for focal.
Checklist
make lint) and tests (make test) pass in the development containerI have performed a diff review and pasted the contents to the packaging wiki- n/a, pip and setuptools dependencies are exempt as they're maintained by PyPA