Make Rust toolchain available during package building #1818
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
legoktm
force-pushed
the
rust-packaging
branch
from
09d79f2 to
e807a3f
Compare
So far we've been using an ad-hoc image in which the necessary dependencies are all downloaded at build time, which is nice for tooling simplicity but adds up the more things we need to download each time. This adopts the same system used in the SecureDrop server build process. The tooling builds an image with some dependencies and installs the minimal Rust toolchain in an image. The image_prop and dep-check scripts verify all the dependencies are up to date, and rebuild the image if not.
|
Rebased (actually, cherry-picked, to avoid having to resolve the same conflicts) from |
cfm
reviewed
Feb 16, 2024
There was a problem hiding this comment.
- Build a Rust-based package in Implement proxy v2 architecture, in Rust #1718
That's a little sneaky, since it means reviewing on rust-packaging and testing on proxy-rusting. ;-) But I can confirm that the container builds on rust-packaging and builds securedrop-proxy on proxy-rusting.
However:
user@sd:~/securedrop-client/build$ dpkg-deb -c ./securedrop-proxy_0.9.0+bullseye_all.deb | grep "securedrop-proxy" | grep "usr/bin"
lrwxrwxrwx root/root 0 2023-03-16 13:29 ./opt/venvs/securedrop-proxy/bin/python -> /usr/bin/python3
lrwxrwxrwx root/root 0 2023-03-16 13:29 ./usr/bin/sd-proxy -> /opt/venvs/securedrop-proxy/bin/sd-proxyAm I right that no change in the final package actually output is expected here?
cfm
approved these changes
Feb 16, 2024
There was a problem hiding this comment.
My goof. securedrop-proxy is built in an amd64-architecture package, which therefore won't overwrite the old all package:
user@sd:~/securedrop-client/build$ ls -al securedrop-proxy*.deb
-rw-r--r-- 1 root root 1232512 Feb 15 11:56 securedrop-proxy_0.9.0+bullseye_all.deb
-rw-r--r-- 1 root root 1069724 Feb 15 12:07 securedrop-proxy_0.9.0+bullseye_amd64.deb
-rw-r--r-- 1 root root 1093408 Feb 15 12:07 securedrop-proxy-dbgsym_0.9.0+bullseye_amd64.deb
user@sd:~/securedrop-client/build$ dpkg-deb -c ./securedrop-proxy_0.9.0+bullseye_amd64.deb | grep "securedrop-proxy" | grep "usr/bin"
-rwxr-xr-x root/root 3485976 2023-03-16 13:29 ./usr/bin/securedrop-proxyFull steam ahead.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Ready for review, but depends on #1817 to be merged first.
Description
So far we've been using an ad-hoc image in which the necessary
dependencies are all downloaded at build time, which is nice for tooling
simplicity but adds up the more things we need to download each time.
This adopts the same system used in the SecureDrop server build process.
The tooling builds an image with some dependencies and installs the
minimal Rust toolchain in an image. The image_prop and dep-check scripts
verify all the dependencies are up to date, and rebuild the image if
not.
Test Plan