From dd253312107a13628608dcd6ed8498137a362c42 Mon Sep 17 00:00:00 2001 From: Dmitriy Zabolotskiy Date: Tue, 1 Nov 2022 10:27:24 +0300 Subject: [PATCH] [#737] Debian packaging Debian package includes: - user creation; - directories and permissions; - unit file for systemd Signed-off-by: Dmitriy Zabolotskiy --- .gitignore | 3 ++ Makefile | 19 +++++++++ config/rules.json | 81 ++++++++++++++++++++++++++++++++++++ debian/changelog | 5 +++ debian/control | 14 +++++++ debian/copyright | 22 ++++++++++ debian/neofs-s3-gw.dirs | 2 + debian/neofs-s3-gw.docs | 4 ++ debian/neofs-s3-gw.examples | 1 + debian/neofs-s3-gw.install | 4 ++ debian/neofs-s3-gw.postinst | 52 +++++++++++++++++++++++ debian/neofs-s3-gw.postrm | 41 ++++++++++++++++++ debian/neofs-s3-gw.preinst | 35 ++++++++++++++++ debian/neofs-s3-gw.prerm | 38 +++++++++++++++++ debian/neofs-s3-gw.service | 16 +++++++ debian/rules | 16 +++++++ debian/source/format | 1 + docs/building-deb-package.md | 46 ++++++++++++++++++++ 18 files changed, 400 insertions(+) create mode 100644 config/rules.json create mode 100644 debian/changelog create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/neofs-s3-gw.dirs create mode 100644 debian/neofs-s3-gw.docs create mode 100644 debian/neofs-s3-gw.examples create mode 100644 debian/neofs-s3-gw.install create mode 100644 debian/neofs-s3-gw.postinst create mode 100644 debian/neofs-s3-gw.postrm create mode 100644 debian/neofs-s3-gw.preinst create mode 100644 debian/neofs-s3-gw.prerm create mode 100644 debian/neofs-s3-gw.service create mode 100755 debian/rules create mode 100644 debian/source/format create mode 100644 docs/building-deb-package.md diff --git a/.gitignore b/.gitignore index 31f233c..893e743 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,6 @@ bin/ # coverage coverage.txt coverage.html + +# debhelpers +**/.debhelper diff --git a/Makefile b/Makefile index 42a46bd..e1347d4 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,13 @@ HUB_TAG ?= "$(shell echo ${VERSION} | sed 's/^v//')" .PHONY: all $(BINS) $(BINDIR) dep docker/ test cover format image image-push dirty-image lint docker/lint version clean protoc +# .deb package versioning +OS_RELEASE = $(shell lsb_release -cs) +PKG_VERSION ?= $(shell echo $(VERSION) | sed "s/^v//" | \ + sed -E "s/(.*)-(g[a-fA-F0-9]{6,8})(.*)/\1\3~\2/" | \ + sed "s/-/~/")-${OS_RELEASE} +.PHONY: debpackage debclean + # Make all binaries all: $(BINS) @@ -126,4 +133,16 @@ protoc: done rm -rf vendor +# Package for Debian +debpackage: + dch --package neofs-s3-gw \ + --controlmaint \ + --newversion $(PKG_VERSION) \ + --distribution $(OS_RELEASE) \ + "Please see CHANGELOG.md for code changes for $(VERSION)" + dpkg-buildpackage --no-sign -b + +debclean: + dh clean + include help.mk diff --git a/config/rules.json b/config/rules.json new file mode 100644 index 0000000..42d22ba --- /dev/null +++ b/config/rules.json @@ -0,0 +1,81 @@ +{ + "records": [ + { + "operation": "PUT", + "action": "ALLOW", + "filters": [], + "targets": [ + { + "role": "OTHERS", + "keys": [] + } + ] + }, + { + "operation": "GET", + "action": "ALLOW", + "filters": [], + "targets": [ + { + "role": "OTHERS", + "keys": [] + } + ] + }, + { + "operation": "DELETE", + "action": "ALLOW", + "filters": [], + "targets": [ + { + "role": "OTHERS", + "keys": [] + } + ] + }, + { + "operation": "SEARCH", + "action": "ALLOW", + "filters": [], + "targets": [ + { + "role": "OTHERS", + "keys": [] + } + ] + }, + { + "operation": "GETRANGE", + "action": "ALLOW", + "filters": [], + "targets": [ + { + "role": "OTHERS", + "keys": [] + } + ] + }, + { + "operation": "GETRANGEHASH", + "action": "ALLOW", + "filters": [], + "targets": [ + { + "role": "OTHERS", + "keys": [] + } + ] + }, + { + "operation": "HEAD", + "action": "ALLOW", + "filters": [], + "targets": [ + { + "role": "OTHERS", + "keys": [] + } + ] + } + ] +} diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..7cb0e2d --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +neofs-s3-gw (0.0.0) stable; urgency=medium + + * Please see CHANGELOG.md + + -- NeoSPCC Wed, 24 Aug 2022 18:29:49 +0300 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..2eee1ce --- /dev/null +++ b/debian/control @@ -0,0 +1,14 @@ +Source: neofs-s3-gw +Section: misc +Priority: optional +Maintainer: NeoSPCC +Build-Depends: debhelper-compat (= 13), git, devscripts +Standards-Version: 4.5.1 +Homepage: https://fs.neo.org/ +Vcs-Git: https://github.com/nspcc-dev/neofs-s3-gw.git +Vcs-Browser: https://github.com/nspcc-dev/neofs-s3-gw + +Package: neofs-s3-gw +Architecture: any +Depends: ${misc:Depends} +Description: NeoFS S3 gateway provides API compatible with Amazon S3 cloud storage service. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..b9b7a64 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,22 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: neofs-s3-gw +Upstream-Contact: tech@nspcc.ru +Source: https://github.com/nspcc-dev/neofs-s3-gw + +Files: * +Copyright: 2018-2022 NeoSPCC (@nspcc-dev), contributors of neofs-s3-gw project + (https://github.com/nspcc-dev/neofs-s3-gw/blob/master/CREDITS.md) + + +License: AGPL-3.0-only + This program is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation; version 3. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . diff --git a/debian/neofs-s3-gw.dirs b/debian/neofs-s3-gw.dirs new file mode 100644 index 0000000..9f7f6d6 --- /dev/null +++ b/debian/neofs-s3-gw.dirs @@ -0,0 +1,2 @@ +etc/neofs/s3 +var/lib/neofs/s3 diff --git a/debian/neofs-s3-gw.docs b/debian/neofs-s3-gw.docs new file mode 100644 index 0000000..389c8bb --- /dev/null +++ b/debian/neofs-s3-gw.docs @@ -0,0 +1,4 @@ +docs/* +README.md +CREDITS.md +CONTRIBUTING.md diff --git a/debian/neofs-s3-gw.examples b/debian/neofs-s3-gw.examples new file mode 100644 index 0000000..dd04e98 --- /dev/null +++ b/debian/neofs-s3-gw.examples @@ -0,0 +1 @@ +config/* diff --git a/debian/neofs-s3-gw.install b/debian/neofs-s3-gw.install new file mode 100644 index 0000000..40f0322 --- /dev/null +++ b/debian/neofs-s3-gw.install @@ -0,0 +1,4 @@ +config/config.yaml etc/neofs/s3 +config/rules.json var/lib/neofs/s3 +bin/neofs-s3-gw usr/bin +bin/neofs-s3-authmate usr/bin diff --git a/debian/neofs-s3-gw.postinst b/debian/neofs-s3-gw.postinst new file mode 100644 index 0000000..42b6ff3 --- /dev/null +++ b/debian/neofs-s3-gw.postinst @@ -0,0 +1,52 @@ +#!/bin/sh +# postinst script for neofs-s3-gw +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + USERNAME=s3 + id -u neofs-$USERNAME >/dev/null 2>&1 || useradd -s /usr/sbin/nologin -d /var/lib/neofs/s3 --system -M -U -c "NeoFS S3 gateway" neofs-$USERNAME + if ! dpkg-statoverride --list /etc/neofs/$USERNAME >/dev/null; then + chown -f -R root:neofs-$USERNAME /etc/neofs/$USERNAME + chown -f root:neofs-$USERNAME /etc/neofs/$USERNAME/config.yaml || true + chmod -f 0750 /etc/neofs/$USERNAME + chmod -f 0640 /etc/neofs/$USERNAME/config.yaml || true + fi + USERDIR=$(getent passwd "neofs-$USERNAME" | cut -d: -f6) + if ! dpkg-statoverride --list neofs-$USERDIR >/dev/null; then + chown -f neofs-$USERNAME: $USERDIR + chown -f neofs-$USERNAME: $USERDIR/rules.json + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/neofs-s3-gw.postrm b/debian/neofs-s3-gw.postrm new file mode 100644 index 0000000..488791d --- /dev/null +++ b/debian/neofs-s3-gw.postrm @@ -0,0 +1,41 @@ +#!/bin/sh +# postrm script for neofs-s3-gw +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge) + rm -rf /var/lib/neofs/s3 + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/neofs-s3-gw.preinst b/debian/neofs-s3-gw.preinst new file mode 100644 index 0000000..1dcfc1b --- /dev/null +++ b/debian/neofs-s3-gw.preinst @@ -0,0 +1,35 @@ +#!/bin/sh +# preinst script for neofs-s3-gw +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `install' +# * `install' +# * `upgrade' +# * `abort-upgrade' +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + install|upgrade) + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/neofs-s3-gw.prerm b/debian/neofs-s3-gw.prerm new file mode 100644 index 0000000..dc142d3 --- /dev/null +++ b/debian/neofs-s3-gw.prerm @@ -0,0 +1,38 @@ +#!/bin/sh +# prerm script for neofs-s3-gw +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `upgrade' +# * `failed-upgrade' +# * `remove' `in-favour' +# * `deconfigure' `in-favour' +# `removing' +# +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + remove|upgrade|deconfigure) + ;; + + failed-upgrade) + ;; + + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/neofs-s3-gw.service b/debian/neofs-s3-gw.service new file mode 100644 index 0000000..2f2626b --- /dev/null +++ b/debian/neofs-s3-gw.service @@ -0,0 +1,16 @@ +[Unit] +Description=NeoFS S3 Gateway +Requires=network.target + +[Service] +Type=simple +ExecStart=/usr/bin/neofs-s3-gw --config /etc/neofs/s3/config.yaml +User=neofs-s3 +Group=neofs-s3 +WorkingDirectory=/var/lib/neofs/s3 +Restart=always +RestartSec=5 +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..1187dd1 --- /dev/null +++ b/debian/rules @@ -0,0 +1,16 @@ +#!/usr/bin/make -f + +# Do not try to strip Go binaries +export DEB_BUILD_OPTIONS := nostrip +SERVICE = neofs-s3-gw + +%: + dh $@ + +override_dh_installsystemd: + dh_installsystemd --no-enable --no-start $(SERVICE).service + +override_dh_installchangelogs: + dh_installchangelogs -k CHANGELOG.md + + diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/docs/building-deb-package.md b/docs/building-deb-package.md new file mode 100644 index 0000000..26a77a2 --- /dev/null +++ b/docs/building-deb-package.md @@ -0,0 +1,46 @@ +# Building Debian package on host + +## Prerequisites + +For now, we're assuming building for Debian 11 (stable) x86_64. + +Go version 18.4 or later should already be installed, i.e. this runs +successfully: + +* `make all` + +## Installing packaging dependencies + +```shell +$ sudo apt install debhelper-compat dh-sequence-bash-completion devscripts +``` + +Warining: number of package installed is pretty large considering dependecies. + +## Package building + +```shell +$ make debpackage +``` + +## Leftovers cleaning + +```shell +$ make debclean +``` +or +```shell +$ dh clean +``` + +# Package versioning + +By default, package version is based on product version and may also contain git +tags and hashes. + +Package version could be overwritten by setting `PKG_VERSION` variable before +build, Debian package versioning rules should be respected. + +```shell +$ PKG_VERSION=0.32.0 make debpackge +```