diff --git a/.github/workflows/pkg.yml b/.github/workflows/pkg.yml index 26a9d953..7669af2e 100644 --- a/.github/workflows/pkg.yml +++ b/.github/workflows/pkg.yml @@ -12,11 +12,30 @@ on: jobs: package: - uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v8 + uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v9 with: package_build_rules: pkg/rules/packages-to-build.yml package_test_scripts_path: pkg/test-scripts/test-.sh + # About the use of deb_apt_source and rpm_yum_repo: + # ---------------------------------------------------------------------- + # These settings are used below to direct Ploutos to add an alternate + # package repository than the default (also packages.nlnetlabs.nl but + # normal channel rather than the "-proposed" channel). This repository + # is used during the package testing phase and is needed so that when + # the newly built Cascade package is installed that its dependencies, + # dnst and kmip2pkcs11, can be resolved. This is because those + # dependencies are at the time of writing not yet published in the main + # channel but only in the "-proposed" channel. + package_test_always_add_repo: true + deb_extra_build_packages: libssl-dev + deb_apt_source: 'deb [arch=amd64] https://packages.nlnetlabs.nl/linux/${OS_NAME} ${OS_REL}-proposed main' + rpm_extra_build_packages: make openssl-devel rpm_scriptlets_path: pkg/rpm/scriptlets.toml + rpm_yum_repo: | + [nlnetlabs] + name=NLnet Labs Testing + baseurl=https://packages.nlnetlabs.nl/linux/centos/$releasever/proposed/$basearch + enabled=1 diff --git a/Cargo.toml b/Cargo.toml index 3a85a4d2..98bc7193 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -114,39 +114,17 @@ panic = "abort" [package.metadata.deb] assets = [ - [ - "target/release/cascade", - "usr/bin/", - "755", - ], - [ - "target/release/cascaded", - "usr/bin/", - "755", - ], - [ - "README.md", - "usr/share/doc/cascade/", - "644", - ], + ["target/release/cascade", "usr/bin/", "755"], + ["target/release/cascaded", "usr/bin/", "755"], + ["README.md", "usr/share/doc/cascade/", "644"], #["doc/cascade.1", "usr/share/man/man1/cascade.1", "644"], #["doc/cascaded.1", "usr/share/man/man1/cascaded.1", "644"], - [ - "config.toml", - "etc/cascade/config.toml", - "644", - ], - [ - "pkg/common/service.preset", - "usr/lib/systemd/service-preset/50-cascaded.preset", - "644", - ], + ["config.toml", "etc/cascade/config.toml", "644"], + ["pkg/common/service.preset", "usr/lib/systemd/service-preset/50-cascaded.preset", "644"], ] name = "cascade" -# TODO: create email alias maintainer = "NLnet Labs " license-file = ["LICENSE", "0"] -# TODO: come up with a description (also for the git repo) extended-description = """\ Cascade is a friendly DNSSEC signing solution, offering sensible defaults, controllability, observability and flexibility. @@ -159,9 +137,24 @@ maintainer-scripts = "pkg/debian" changelog = "target/debian/changelog" # this will be generated by the pkg workflow copyright = "Copyright (c) 2025, NLnet Labs. All rights reserved." conf-files = ["/etc/cascade/config.toml"] -systemd-units = { unit-name = "cascaded", unit-scripts = "pkg/common", enable = false } +systemd-units = { unit-name = "cascaded", unit-scripts = "pkg/common", enable = false, usr-merge = true } # usr-merge is needed for Bookworm/Noble and later + +[package.metadata.deb.variants.debian-buster] +systemd-units = { unit-name = "cascaded", unit-scripts = "pkg/common", enable = false, usr-merge = false } + +[package.metadata.deb.variants.debian-bullseye] +systemd-units = { unit-name = "cascaded", unit-scripts = "pkg/common", enable = false, usr-merge = false } + +[package.metadata.deb.variants.ubuntu-focal] +systemd-units = { unit-name = "cascaded", unit-scripts = "pkg/common", enable = false, usr-merge = false } + +[package.metadata.deb.variants.ubuntu-jammy] +systemd-units = { unit-name = "cascaded", unit-scripts = "pkg/common", enable = false, usr-merge = false } [package.metadata.generate-rpm] +# Use a shorter summary as rpmlint complains with E: summary-too-long. +# Use an initial capital letter to satisfy rpmlinlt which complains with W: summary-not-capitalized +summary = "Friendly DNSSEC signing solution" assets = [ { source = "target/release/cascade", dest = "/usr/bin/cascade", mode = "755" }, { source = "target/release/cascaded", dest = "/usr/bin/cascaded", mode = "755" }, diff --git a/pkg/common/cascaded.service b/pkg/common/cascaded.service index ec3cfbd2..d4e40322 100644 --- a/pkg/common/cascaded.service +++ b/pkg/common/cascaded.service @@ -4,7 +4,7 @@ Documentation=man:cascade(1) After=network.target [Service] -ExecStart=/usr/bin/cascade --config=/etc/cascade/config.toml +ExecStart=/usr/bin/cascaded --config=/etc/cascade/config.toml Type=exec Restart=on-failure User=cascade diff --git a/pkg/debian/postrm b/pkg/debian/postrm index 19f33d06..bdd3f38f 100755 --- a/pkg/debian/postrm +++ b/pkg/debian/postrm @@ -1,6 +1,6 @@ #!/bin/sh -e -CONFIG_FILE_PATH="/etc/cascade/cascade.conf" +CONFIG_FILE_PATH="/etc/cascade/config.toml" case "$1" in purge) diff --git a/pkg/rpm/scriptlets.toml b/pkg/rpm/scriptlets.toml index 4fe91fd3..2ce26c16 100644 --- a/pkg/rpm/scriptlets.toml +++ b/pkg/rpm/scriptlets.toml @@ -18,7 +18,7 @@ if [ $1 -eq 1 ] ; then fi # Run commands equivalent to what the RPM systemd macros would do - systemd_post cascade.service + systemd_post cascaded.service systemd_triggers fi ''' @@ -30,7 +30,7 @@ pre_uninstall_script = ''' if [ $1 -eq 0 ] ; then # Package removal, not upgrade # Run commands equivalent to what the RPM systemd macros would do - systemd_preun cascade.service + systemd_preun cascaded.service systemd_triggers fi ''' @@ -41,7 +41,7 @@ post_uninstall_script = ''' if [ $1 -ge 1 ] ; then # Run commands equivalent to what the RPM systemd macros would do - systemd_postun_with_restart cascade.service + systemd_postun_with_restart cascaded.service systemd_triggers # TODO: Remove the user account? diff --git a/pkg/rules/packages-to-build.yml b/pkg/rules/packages-to-build.yml index 8c2effa6..ec12740c 100644 --- a/pkg/rules/packages-to-build.yml +++ b/pkg/rules/packages-to-build.yml @@ -4,7 +4,14 @@ pkg: - 'cascade' image: - - "debian:trixie" # debian/13 + - "ubuntu:jammy" # ubuntu/22.04 + - "ubuntu:noble" # ubuntu/24.04 + - "debian:buster" # debian/10 + - "debian:bullseye" # debian/11 + - "debian:bookworm" # debian/12 + - "debian:trixie" # debian/13 + - 'almalinux:8' # compatible with EOL centos:8 + - 'almalinux:9' - 'almalinux:10' target: - 'x86_64' @@ -17,8 +24,14 @@ test-image: # in the original matrix. This is just how GitHub Actions matrix include rules work. - "" include: + - image: 'almalinux:9' + systemd_service_unit_file: pkg/common/cascaded.service + + - image: 'almalinux:8' + systemd_service_unit_file: pkg/common/cascaded.service + - image: 'almalinux:10' - systemd_service_unit_file: pkg/common/cascade.service + systemd_service_unit_file: pkg/common/cascaded.service # 'mode' is not used by the package building workflow job, but is used by the package testing workflow job. # Ploutos will not include this key when using this matrix definition to generate package building matrix diff --git a/pkg/test-scripts/test-cascade.sh b/pkg/test-scripts/test-cascade.sh index beaf845a..43e6678a 100755 --- a/pkg/test-scripts/test-cascade.sh +++ b/pkg/test-scripts/test-cascade.sh @@ -4,32 +4,26 @@ set -eo pipefail set -x case $1 in - post-install) - #echo -e "\nCASCADE VERSION:" - #VER=$(cascade --version) - #echo $VER + post-install|post-upgrade) + echo -e "\nCASCADE VERSION:" + cascade --version - echo -e "\nCASCADE CONF:" - cat /etc/cascade/cascade.conf + echo -e "\nCASCADED VERSION:" + cascaded --version - echo -e "\nCASCADE SERVICE STATUS:" - systemctl status cascade || true + echo -e "\nDNST VERSION:" + dnst --version + + echo -e "\nCASCADED CONF:" + cat /etc/cascade/config.toml + + echo -e "\nCASCADED SERVICE STATUS:" + systemctl status cascaded || true #echo -e "\nCASCADE MAN PAGE (first 20 lines only):" #man -P cat cascade | head -n 20 || true - ;; - post-upgrade) - #echo -e "\nCASCADE VERSION:" - #cascade --version - - echo -e "\nCASCADE CONF:" - cat /etc/cascade/cascade.conf - - echo -e "\nCASCADE SERVICE STATUS:" - systemctl status cascade || true - - #echo -e "\nCASCADE MAN PAGE:" - #man -P cat cascade + #echo -e "\nCASCADED MAN PAGE (first 20 lines only):" + #man -P cat cascaded | head -n 20 || true ;; esac