build: add RPM for gateway and agent #1179
Conversation
Let maintainers know that an action is required on their side
|
This commit adds a package like `devolutions-gateway-2024.3.6.0_x86_64.rpm` to release assets. The RPM is generated with fpm, a Linux packaging tool. No cache is used for the fpm dependency since the cache would not persist across release jobs. Installation and execution was tested on RHEL 9 (glibc 2.34).
.github/workflows/ci.yml
Outdated
| @@ -727,6 +727,10 @@ jobs: | |||
| if: matrix.os == 'windows' | |||
| uses: microsoft/setup-msbuild@v2 | |||
|
|
|||
| - name: Install fpm | |||
There was a problem hiding this comment.
Is it in the right place? This is the devolutions-agent job, but the PR references Gateway
.github/workflows/ci.yml
Outdated
| @@ -727,6 +727,10 @@ jobs: | |||
| if: matrix.os == 'windows' | |||
| uses: microsoft/setup-msbuild@v2 | |||
|
|
|||
| - name: Install fpm | |||
| if: runner.os == 'Linux' | |||
There was a problem hiding this comment.
minor nit: maybe use matrix.os; it doesn't really matter here but in a cross compilation environment we could be building on a Linux runner but targeting another OS. The matrix.os holds the OS we are targetting.
This adds an RPM package for agent. Tested with RHEL 9.
allan2
changed the title
|
This PR is not ready for review yet. I'm still adding things to bring it to parity with the Debian package. |
As a hint, can be good to make the PR a draft in this case. Because I think the repo automatically adds arch-maintainers as reviewer, which generates an email prompting for review :) |
Stripping first ensures the packaged binary is identical for both deb and rpm. [skip ci]
ci/tlk.ps1
Outdated
| # Strip first so the included binary is identical for deb and rpm | ||
| & 'strip' $Executable | Out-Host |
There was a problem hiding this comment.
question: Maybe we should strip somewhere else? There is an option in Cargo.toml to enable automatic stripping in profiles: https://doc.rust-lang.org/cargo/reference/profiles.html#strip
Configuring this appropriately for the production profile, and removing manual calls to strip would be superior I think.
There was a problem hiding this comment.
I'd rather strip here.
When working on packaging, I often use debug builds for the faster compile time.
Keeping symbols in the release build can be useful for troubleshooting.
If you still prefer to strip in cargo, I can change it.
There was a problem hiding this comment.
Keeping symbols in the release build can be useful for troubleshooting.
Are you thinking about troubleshooting using a local "release build" on your dev machine?
For binaries that we ship, separating the debug symbols from the binaries and only delivering the binaries without the symbols is still superior (splitting the symbols from the binary). We are doing that at least for Windows builds, not yet for Linux and macOS builds. There is also an option in Cargo that may be used for splitting debug symbols: https://doc.rust-lang.org/cargo/reference/profiles.html#split-debuginfo
But here we are just stripping unconditionally in the script, so I’ll assume you are referring to testing with a local build that is not going through the script.
So for local builds, don’t worry. I’m not asking that we modify the release profile, but the production profile.
We defined additional profiles in the top-level Cargo.toml:
devolutions-gateway/Cargo.toml
Lines 23 to 29 in 0ed70d2
The production profile is only used when we produce final artifacts that we want to ship, in the CI, and this is a parameter of the script itself:
devolutions-gateway/.github/workflows/ci.yml
Lines 117 to 127 in 0ed70d2
devolutions-gateway/.github/workflows/ci.yml
Line 270 in 0ed70d2
I think it’s a more declarative and flexible way of handling this problem. What do you think? I’m open to hear otherwise if I’m missing some drawback.
There was a problem hiding this comment.
Gotcha. I was not aware of the production profile. How's this?
[profile.production]
inherits = "release"
lto = true
strip = "symbols"And I will keep strip disabled on dpkg-buildpackage so that the deb and rpm ship an identical binary, regardless of whether it is debug/release/stripped/not stripped.
There was a problem hiding this comment.
My proposal is in 4b4e413.
There was a problem hiding this comment.
I think this is good. Can you check if you get the same binary size with this option enabled without running strip, and this optional disabled but running strip?
There was a problem hiding this comment.
ls -l --block-size=1 (output edited)
36321608 release
28875432 release-strip
28879528 release-cargostrip
28879528 release-cargostrip-strip (no change)
29466552 release-lto
25467424 release-lto-strip
25451040 release-lto-cargostrip (production profile)
25451040 release-lto-cargostrip-strip (no change)
For thin LTO, manual strip was 1.4% smaller than strip = "symbols".
For fat LTO, strip = "symbols" was 0.06% smaller than manual strip.
So for the production profile, strip = "symbols" won out by the tiniest of margins.
Now please don't ask me to check -O2 and -O3 :)
There was a problem hiding this comment.
Oh… I’m sorry I didn’t mean to ask you to check with various optimization profiles 😂
Just wanted to see if strip = "symbols" was indeed identical to calling strip manually for the same profile, because there are other possible values for this option. Anyway, it’s likely the right value :)
Thank you for the other numbers too!
[skip ci]
ci/tlk.ps1
Outdated
| @@ -674,6 +676,7 @@ class TlkRecipe | |||
| } else { | |||
| throw ("Specify DGATEWAY_WEBCLIENT_PATH environment variable") | |||
| } | |||
| $DGatewayWebPlayer = "$($this.SourcePath)/webapp/player" | |||
There was a problem hiding this comment.
disclaimer: I'm probably just not understanding (I'm only reading the PR without full context)
The player comes direct from the source tree (i.e. it's not something compiled)?
Just reading this implies that there should be something in ./webapp/player, but I don't see anything in that path when I browse the repo?
There was a problem hiding this comment.
Probably a good catch. @irvingoujAtDevolution modified that recently, maybe this branch wasn’t up to date?
There was a problem hiding this comment.
Both the client (root of webapp) and the player (root of webapp/player-project) are Angular frontends which have to be built.
In ci.yml, the client is built here and the player is built here.
Environment variables are then set here, which are read by tlk.ps1 to copy the static files into /usr/share/webapp.
Previously, there was only DGATEWAY_WEBCLIENT_PATH but I just added DGATEWAY_WEBPLAYER_PATH in 6a6442a. Since I am just passing in a prebuilt client and player, this allows for specifying the path to the player, instead of requiring it to be present in the webapp/player directory (the source of your current confusion and my earlier confusion).
|
I queried one more thing that I'm probably just missing context for. Wouldn't it be good if we could build the .deb using fpm as well? As it stands now, if I want to modify the packaging, I need to understand both dpkg and fpm. I understood the promise of fpm was that we could build different package types and have all that inner knowledge abstracted away. Anyway, just a thought; I'm not suggesting making it part of this PR. But it would be a nice additional improvement in future! |
This commit adds DGATEWAY_WEBPLAYER_PATH to accompany the existing DGATEWAY_WEBCLIENT_PATH. When packaging Gateway by running tlk.ps1, the DGATEWAY_WEBCLIENT_PATH must be specified. Before this commit, the player must be present in repo_root/webapp/player. After this commit, the DGATEWAY_WEBPLAYER_PATH must be specified. This allows for packaging with a pre-built player without copying it into the hardcoded path.
|
Two more things are unresolved:
|
Yes, if you can add the environment variable and usage into the managed installer, that would be great. Can just follow what is there for the web client currently. Thank you! 💯 |
|
One more thing if you wouldn't mind @allan2, can you update the file spec here to use the property you added instead the hardcoded path? Can be a followup PR if that suits you better. |
This commit adds RPM packages for Gateway and Agent to the release assets.
tlk.ps1 -TlkVerb package -Platform linuxnow generates both a deb and an rpm for the specified product.The rpm is generated with fpm, a Linux packaging tool.
In CI, no cache is used for the fpm dependency since the cache would not persist across release jobs.
The RPM includes all the assets of the corresponding Debian package, including the changelog, copyright, maintainer scripts, and webapp/libxmf.so for Gateway.
The changelog is copied directly from Debian. A separate PR will be made to convert it to an RPM-friendly changelog format.
Tested with RHEL 9 (glibc 2.34).