aboutsummaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/brep-module.conf173
-rwxr-xr-xetc/private/install/brep-install19
-rw-r--r--etc/private/install/brep-module.conf173
-rw-r--r--etc/systemd/brep-clean.service5
4 files changed, 336 insertions, 34 deletions
diff --git a/etc/brep-module.conf b/etc/brep-module.conf
index 83d18da..d5a5e78 100644
--- a/etc/brep-module.conf
+++ b/etc/brep-module.conf
@@ -14,6 +14,13 @@
# search-title Packages
+# Package search page description. If specified, it is displayed before the
+# search form on the first page only. The value is treated as an XHTML5
+# fragment.
+#
+# search-description ""
+
+
# Web page logo. It is displayed in the page header aligned to the left edge.
# The value is treated as an XHTML5 fragment.
#
@@ -112,6 +119,25 @@ menu About=?about
# build-bot-agent-keys
+# Regular expressions in the /<regex>/<replacement>/ form for transforming the
+# interactive build login information, for example, into the actual command
+# that can be used by the user. The regular expressions are matched against
+# the "<agent> <interactive-login>" string containing the respective task
+# request manifest values. The first matching expression is used for the
+# transformation. If no expression matches, then the task request is
+# considered invalid, unless no expressions are specified. Repeat this option
+# to specify multiple expressions.
+#
+# build-interactive-login
+
+
+# Order in which packages are considered for build. The valid values are
+# 'stable' and 'random'. If not specified, then 'stable' is assumed. Note that
+# interactive builds are always preferred.
+#
+#build-package-order stable
+
+
# Number of builds per page.
#
# build-page-entries 20
@@ -128,16 +154,20 @@ menu About=?about
# build-forced-rebuild-timeout 600
-# Time to wait before considering a package for a normal rebuild. Must be
-# specified in seconds. Default is 24 hours.
+# Time to wait before considering a package for a soft rebuild (only to be
+# performed if the build environment or any of the package dependencies have
+# changed). Must be specified in seconds. The special zero value disables soft
+# rebuilds. Default is 24 hours.
#
-# build-normal-rebuild-timeout 86400
+# build-soft-rebuild-timeout 86400
-# Alternative package rebuild timeout to use instead of the normal rebuild
-# timeout (see the build-normal-rebuild-timeout option for details) during
-# the specified time interval. Must be specified in seconds. Default is the
-# time interval length.
+# Alternative package soft rebuild timeout to use instead of the soft rebuild
+# timeout (see the build-soft-rebuild-timeout option for details) during the
+# specified time interval. Must be specified in seconds. Default is the time
+# interval length plus (build-soft-rebuild-timeout - 24h) if soft rebuild
+# timeout is greater than 24 hours (thus the rebuild is only triggered within
+# the last 24 hours of the build-soft-rebuild-timeout expiration).
#
# The alternative rebuild timeout can be used to "pull" the rebuild window to
# the specified time of day, for example, to optimize load and/or power
@@ -157,9 +187,33 @@ menu About=?about
# times must both be either specified or absent. If unspecified, then no
# alternative rebuild timeout will be used.
#
-# build-alt-rebuild-timeout
-# build-alt-rebuild-start
-# build-alt-rebuild-stop
+# build-alt-soft-rebuild-timeout
+# build-alt-soft-rebuild-start
+# build-alt-soft-rebuild-stop
+
+
+# Time to wait before considering a package for a hard rebuild (to be
+# performed unconditionally). Must be specified in seconds. The special zero
+# value disables hard rebuilds. Default is 7 days.
+#
+# build-hard-rebuild-timeout 604800
+
+
+# Alternative package hard rebuild timeout. The semantics is the same as for
+# the build-alt-soft-rebuild-* options but for the build-hard-rebuild-timeout
+# option.
+#
+# build-alt-hard-rebuild-timeout
+# build-alt-hard-rebuild-start
+# build-alt-hard-rebuild-stop
+
+
+# Time to wait before assuming the 'queued' notifications are delivered for
+# package CI requests submitted via third-party services (GitHub, etc). During
+# this time a package is not considered for a build. Must be specified in
+# seconds. Default is 30 seconds.
+#
+# build-queued-timeout 30
# The maximum size of the build task request manifest accepted. Note that the
@@ -183,6 +237,19 @@ menu About=?about
# build-result-request-max-size 10485760
+# Enable or disable package build notification emails in the <name>=<mode>
+# form. The valid <mode> values are 'none', 'latest', and 'all'. If 'all' is
+# specified for a toolchain name, then emails are sent according to the
+# build-*email package manifest values when all versions of a package are
+# built with this toolchain. If 'latest' is specified, then for this toolchain
+# name the emails are only sent for the latest version of a package. If 'none'
+# is specified, then no emails are sent for this toolchain name. By default
+# the 'latest' mode is assumed. Repeat this option to enable/disable emails
+# for multiple toolchains.
+#
+# build-toolchain-email <toolchain-name>=latest|none|all
+
+
# The build database connection configuration. By default, brep will try to
# connect to the local instance of PostgreSQL with the operating system-default
# mechanism (Unix-domain socket, etc) and use operating system (login) user
@@ -211,6 +278,25 @@ menu About=?about
# build-db-retry 10
+# The root directory where the uploaded binary distribution packages are
+# saved to under the following directory hierarchy:
+#
+# [<tenant>/]<distribution>/<os-release>/<project>/<package>/<version>/<package-config>
+#
+# The package configuration directory symlinks that match these paths are
+# mapped to web URLs based on the bindist-url value and displayed on the
+# package version details page. If this option is specified, then bindist-url
+# must be specified as well."
+#
+# bindist-root
+
+
+# The root URL of the directory specified with the bindist-root option. This
+# option must be specified if bindist-root is specified.
+#
+# bindist-url
+
+
# The openssl program to be used for crypto operations. You can also specify
# additional options that should be passed to the openssl program with
# openssl-option. If the openssl program is not explicitly specified, then brep
@@ -287,10 +373,9 @@ menu About=?about
# The handler program to be executed on package submission. The handler is
-# executed as part of the submission request and is passed additional
-# arguments that can be specified with submit-handler-argument followed by
-# the absolute path to the submission directory. Note that the program path
-# must be absolute.
+# executed as part of the HTTP request and is passed additional arguments that
+# can be specified with submit-handler-argument followed by the absolute path
+# to the submission directory. Note that the program path must be absolute.
#
# submit-handler
@@ -354,6 +439,66 @@ menu About=?about
# ci-handler-timeout
+# The directory to save upload data to for the specified upload type. If
+# unspecified, the build artifacts upload functionality will be disabled for
+# this type.
+#
+# Note that the directory path must be absolute and the directory itself must
+# exist and have read, write, and execute permissions granted to the user that
+# runs the web server.
+#
+# upload-data <type>=<dir>
+
+
+# The maximum size of the upload data accepted for the specified upload type.
+# Note that currently the entire upload request is read into memory. The
+# default is 10M.
+#
+# upload-max-size <type>=10485760
+
+
+# The build artifacts upload email. If specified, the upload request and
+# result manifests will be sent to this address.
+#
+# upload-email <type>=<email>
+
+
+# The handler program to be executed on build artifacts upload of the
+# specified type. The handler is executed as part of the HTTP request and is
+# passed additional arguments that can be specified with
+# upload-handler-argument followed by the absolute path to the upload
+# directory (upload-data). Note that the program path must be absolute.
+#
+# upload-handler <type>=<path>
+
+
+# Additional arguments to be passed to the upload handler program for the
+# specified upload type (see upload-handler for details). Repeat this option
+# to specify multiple arguments.
+#
+# upload-handler-argument <type>=<arg>
+
+
+# The upload handler program timeout in seconds for the specified upload type.
+# If specified and the handler does not exit in the allotted time, then it is
+# killed and its termination is treated as abnormal.
+#
+# upload-handler-timeout <type>=<seconds>
+
+
+# Disable upload of the specified type for the specified toolchain name.
+# Repeat this option to disable uploads for multiple toolchains.
+#
+# upload-toolchain-exclude <type>=<name>
+
+
+# Disable upload of the specified type for packages from the repository with
+# the specified canonical name. Repeat this option to disable uploads for
+# multiple repositories.
+#
+# upload-repository-exclude <type>=<name>
+
+
# The default view to display for the global repository root. The value is one
# of the supported services (packages, builds, submit, ci, etc). Default is
# packages.
diff --git a/etc/private/install/brep-install b/etc/private/install/brep-install
index 046f99f..37179c2 100755
--- a/etc/private/install/brep-install
+++ b/etc/private/install/brep-install
@@ -57,15 +57,15 @@ usage="Usage: $0 [<options>]"
# repository the toolchain installation script downloads the build2 packages
# from.
#
-toolchain_repo_cert_fp="86:BA:D4:DE:2C:87:1A:EE:38:C7:F1:64:7F:65:77:02:15:79:F3:C4:83:C0:AB:5A:EA:F4:F7:8C:1D:63:30:C6"
-#toolchain_repo_cert_fp="37:CE:2C:A5:1D:CF:93:81:D7:07:46:AD:66:B3:C3:90:83:B8:96:9E:34:F0:E7:B3:A2:B0:6C:EF:66:A4:BE:65"
+toolchain_repo_cert_fp="70:64:FE:E4:E0:F3:60:F1:B4:51:E1:FA:12:5C:E0:B3:DB:DF:96:33:39:B9:2E:E5:C2:68:63:4C:A6:47:39:43"
+#toolchain_repo_cert_fp="EC:50:13:E2:3D:F7:92:B4:50:0B:BF:2A:1F:7D:31:04:C6:57:6F:BC:BE:04:2E:E0:58:14:FA:66:66:21:1F:14"
# brep package repository URL and certificate fingerprint.
#
#brep_repo_url="https://pkg.cppget.org/1/alpha"
-#brep_repo_cert_fp="86:BA:D4:DE:2C:87:1A:EE:38:C7:F1:64:7F:65:77:02:15:79:F3:C4:83:C0:AB:5A:EA:F4:F7:8C:1D:63:30:C6"
+#brep_repo_cert_fp="70:64:FE:E4:E0:F3:60:F1:B4:51:E1:FA:12:5C:E0:B3:DB:DF:96:33:39:B9:2E:E5:C2:68:63:4C:A6:47:39:43"
brep_repo_url="https://stage.build2.org/1"
-brep_repo_cert_fp="37:CE:2C:A5:1D:CF:93:81:D7:07:46:AD:66:B3:C3:90:83:B8:96:9E:34:F0:E7:B3:A2:B0:6C:EF:66:A4:BE:65"
+brep_repo_cert_fp="EC:50:13:E2:3D:F7:92:B4:50:0B:BF:2A:1F:7D:31:04:C6:57:6F:BC:BE:04:2E:E0:58:14:FA:66:66:21:1F:14"
owd=`pwd`
trap "{ exit 1; }" ERR
@@ -271,6 +271,12 @@ GRANT ALL PRIVILEGES ON DATABASE brep_package, brep_build TO brep;
CREATE USER "www-data" INHERIT IN ROLE brep;
CREATE USER "brep-build" INHERIT IN ROLE brep PASSWORD '-';
+
+\c brep_package
+GRANT ALL PRIVILEGES ON SCHEMA public TO brep;
+
+\c brep_build
+GRANT ALL PRIVILEGES ON SCHEMA public TO brep;
EOF
# Create the "staging" package database for the submit-pub package submission
@@ -284,6 +290,9 @@ LC_COLLATE 'en_US.UTF8'
LC_CTYPE 'en_US.UTF8';
GRANT ALL PRIVILEGES ON DATABASE brep_submit_package TO brep;
+
+\c brep_submit_package
+GRANT ALL PRIVILEGES ON SCHEMA public TO brep;
EOF
# Make sure the 'brep' and Apache2 user's logins work properly.
@@ -303,7 +312,7 @@ CREATE EXTENSION postgres_fdw;
CREATE SERVER package_server
FOREIGN DATA WRAPPER postgres_fdw
-OPTIONS (dbname 'brep_package', updatable 'false');
+OPTIONS (dbname 'brep_package', updatable 'true');
GRANT USAGE ON FOREIGN SERVER package_server to brep;
diff --git a/etc/private/install/brep-module.conf b/etc/private/install/brep-module.conf
index 0bff58d..bfaa8f6 100644
--- a/etc/private/install/brep-module.conf
+++ b/etc/private/install/brep-module.conf
@@ -14,6 +14,13 @@
# search-title Packages
+# Package search page description. If specified, it is displayed before the
+# search form on the first page only. The value is treated as an XHTML5
+# fragment.
+#
+# search-description ""
+
+
# Web page logo. It is displayed in the page header aligned to the left edge.
# The value is treated as an XHTML5 fragment.
#
@@ -112,6 +119,25 @@ menu About=?about
# build-bot-agent-keys
+# Regular expressions in the /<regex>/<replacement>/ form for transforming the
+# interactive build login information, for example, into the actual command
+# that can be used by the user. The regular expressions are matched against
+# the "<agent> <interactive-login>" string containing the respective task
+# request manifest values. The first matching expression is used for the
+# transformation. If no expression matches, then the task request is
+# considered invalid, unless no expressions are specified. Repeat this option
+# to specify multiple expressions.
+#
+# build-interactive-login
+
+
+# Order in which packages are considered for build. The valid values are
+# 'stable' and 'random'. If not specified, then 'stable' is assumed. Note that
+# interactive builds are always preferred.
+#
+#build-package-order stable
+
+
# Number of builds per page.
#
# build-page-entries 20
@@ -128,16 +154,20 @@ menu About=?about
# build-forced-rebuild-timeout 600
-# Time to wait before considering a package for a normal rebuild. Must be
-# specified in seconds. Default is 24 hours.
+# Time to wait before considering a package for a soft rebuild (only to be
+# performed if the build environment or any of the package dependencies have
+# changed). Must be specified in seconds. The special zero value disables soft
+# rebuilds. Default is 24 hours.
#
-# build-normal-rebuild-timeout 86400
+# build-soft-rebuild-timeout 86400
-# Alternative package rebuild timeout to use instead of the normal rebuild
-# timeout (see the build-normal-rebuild-timeout option for details) during
-# the specified time interval. Must be specified in seconds. Default is the
-# time interval length.
+# Alternative package soft rebuild timeout to use instead of the soft rebuild
+# timeout (see the build-soft-rebuild-timeout option for details) during the
+# specified time interval. Must be specified in seconds. Default is the time
+# interval length plus (build-soft-rebuild-timeout - 24h) if soft rebuild
+# timeout is greater than 24 hours (thus the rebuild is only triggered within
+# the last 24 hours of the build-soft-rebuild-timeout expiration).
#
# The alternative rebuild timeout can be used to "pull" the rebuild window to
# the specified time of day, for example, to optimize load and/or power
@@ -157,9 +187,33 @@ menu About=?about
# times must both be either specified or absent. If unspecified, then no
# alternative rebuild timeout will be used.
#
-# build-alt-rebuild-timeout
-# build-alt-rebuild-start
-# build-alt-rebuild-stop
+# build-alt-soft-rebuild-timeout
+# build-alt-soft-rebuild-start
+# build-alt-soft-rebuild-stop
+
+
+# Time to wait before considering a package for a hard rebuild (to be
+# performed unconditionally). Must be specified in seconds. The special zero
+# value disables hard rebuilds. Default is 7 days.
+#
+# build-hard-rebuild-timeout 604800
+
+
+# Alternative package hard rebuild timeout. The semantics is the same as for
+# the build-alt-soft-rebuild-* options but for the build-hard-rebuild-timeout
+# option.
+#
+# build-alt-hard-rebuild-timeout
+# build-alt-hard-rebuild-start
+# build-alt-hard-rebuild-stop
+
+
+# Time to wait before assuming the 'queued' notifications are delivered for
+# package CI requests submitted via third-party services (GitHub, etc). During
+# this time a package is not considered for a build. Must be specified in
+# seconds. Default is 30 seconds.
+#
+# build-queued-timeout 30
# The maximum size of the build task request manifest accepted. Note that the
@@ -183,6 +237,19 @@ menu About=?about
# build-result-request-max-size 10485760
+# Enable or disable package build notification emails in the <name>=<mode>
+# form. The valid <mode> values are 'none', 'latest', and 'all'. If 'all' is
+# specified for a toolchain name, then emails are sent according to the
+# build-*email package manifest values when all versions of a package are
+# built with this toolchain. If 'latest' is specified, then for this toolchain
+# name the emails are only sent for the latest version of a package. If 'none'
+# is specified, then no emails are sent for this toolchain name. By default
+# the 'latest' mode is assumed. Repeat this option to enable/disable emails
+# for multiple toolchains.
+#
+# build-toolchain-email <toolchain-name>=latest|none|all
+
+
# The build database connection configuration. By default, brep will try to
# connect to the local instance of PostgreSQL with the operating system-default
# mechanism (Unix-domain socket, etc) and use operating system (login) user
@@ -211,6 +278,25 @@ menu About=?about
# build-db-retry 10
+# The root directory where the uploaded binary distribution packages are
+# saved to under the following directory hierarchy:
+#
+# [<tenant>/]<distribution>/<os-release>/<project>/<package>/<version>/<package-config>
+#
+# The package configuration directory symlinks that match these paths are
+# mapped to web URLs based on the bindist-url value and displayed on the
+# package version details page. If this option is specified, then bindist-url
+# must be specified as well."
+#
+# bindist-root
+
+
+# The root URL of the directory specified with the bindist-root option. This
+# option must be specified if bindist-root is specified.
+#
+# bindist-url
+
+
# The openssl program to be used for crypto operations. You can also specify
# additional options that should be passed to the openssl program with
# openssl-option. If the openssl program is not explicitly specified, then brep
@@ -289,10 +375,9 @@ submit-form /home/brep/install/share/brep/www/submit.xhtml
# The handler program to be executed on package submission. The handler is
-# executed as part of the submission request and is passed additional
-# arguments that can be specified with submit-handler-argument followed by
-# the absolute path to the submission directory. Note that the program path
-# must be absolute.
+# executed as part of the HTTP request and is passed additional arguments that
+# can be specified with submit-handler-argument followed by the absolute path
+# to the submission directory. Note that the program path must be absolute.
#
submit-handler /home/brep/install/bin/brep-submit-pub
@@ -362,6 +447,66 @@ submit-handler-timeout 120
# ci-handler-timeout
+# The directory to save upload data to for the specified upload type. If
+# unspecified, the build artifacts upload functionality will be disabled for
+# this type.
+#
+# Note that the directory path must be absolute and the directory itself must
+# exist and have read, write, and execute permissions granted to the user that
+# runs the web server.
+#
+# upload-data <type>=<dir>
+
+
+# The maximum size of the upload data accepted for the specified upload type.
+# Note that currently the entire upload request is read into memory. The
+# default is 10M.
+#
+# upload-max-size <type>=10485760
+
+
+# The build artifacts upload email. If specified, the upload request and
+# result manifests will be sent to this address.
+#
+# upload-email <type>=<email>
+
+
+# The handler program to be executed on build artifacts upload of the
+# specified type. The handler is executed as part of the HTTP request and is
+# passed additional arguments that can be specified with
+# upload-handler-argument followed by the absolute path to the upload
+# directory (upload-data). Note that the program path must be absolute.
+#
+# upload-handler <type>=<path>
+
+
+# Additional arguments to be passed to the upload handler program for the
+# specified upload type (see upload-handler for details). Repeat this option
+# to specify multiple arguments.
+#
+# upload-handler-argument <type>=<arg>
+
+
+# The upload handler program timeout in seconds for the specified upload type.
+# If specified and the handler does not exit in the allotted time, then it is
+# killed and its termination is treated as abnormal.
+#
+# upload-handler-timeout <type>=<seconds>
+
+
+# Disable upload of the specified type for the specified toolchain name.
+# Repeat this option to disable uploads for multiple toolchains.
+#
+# upload-toolchain-exclude <type>=<name>
+
+
+# Disable upload of the specified type for packages from the repository with
+# the specified canonical name. Repeat this option to disable uploads for
+# multiple repositories.
+#
+# upload-repository-exclude <type>=<name>
+
+
# The default view to display for the global repository root. The value is one
# of the supported services (packages, builds, submit, ci, etc). Default is
# packages.
diff --git a/etc/systemd/brep-clean.service b/etc/systemd/brep-clean.service
index 739a54a..d2e5630 100644
--- a/etc/systemd/brep-clean.service
+++ b/etc/systemd/brep-clean.service
@@ -1,5 +1,5 @@
[Unit]
-Description=brep build database cleaner service
+Description=brep build database and artifacts cleaner service
[Service]
Type=oneshot
@@ -7,9 +7,12 @@ Type=oneshot
#Group=brep
# Run both tenants and builds cleaners if CI request functionality is enabled.
+# Also run outdated build artifacts cleaners if build artifacts upload
+# functionality is enabled.
#
#ExecStart=/home/brep/install/bin/brep-clean tenants 240
ExecStart=/home/brep/install/bin/brep-clean builds /home/brep/config/buildtab
+#ExecStart=/home/brep/install/bin/brep-upload-bindist-clean /var/bindist 2880
[Install]
WantedBy=default.target