CentOS Stream build

Based off Fedora/34 branch, with modifications for CentOS.
centos/8
Jason Rhinelander 3 years ago
parent 71663fafc1
commit dee29fd91e

@ -1,281 +1,57 @@
local default_deps_base='libsystemd-dev python3-dev libuv1-dev libunbound-dev nettle-dev libssl-dev libevent-dev libsqlite3-dev libcurl4-openssl-dev make';
local default_deps_nocxx='libsodium-dev ' + default_deps_base; // libsodium-dev needs to be >= 1.0.18
local default_deps='g++ ' + default_deps_nocxx;
local default_windows_deps='mingw-w64 zip nsis';
local docker_base = 'registry.oxen.rocks/lokinet-ci-';
local distro = 'CentOS-8';
local distro_name = 'CentOS 8';
local distro_docker = 'centos:centos8';
local submodules = {
name: 'submodules',
image: 'drone/git',
commands: ['git fetch --tags', 'git submodule update --init --recursive --depth=1']
commands: ['git fetch --tags', 'git submodule update --init --recursive --depth=1'],
};
local apt_get_quiet = 'apt-get -o=Dpkg::Use-Pty=0 -q';
local dnf(arch) = 'dnf -y --setopt install_weak_deps=False --setopt cachedir=/cache/' + distro + '/' + arch + '/${DRONE_STAGE_MACHINE} ';
// Regular build on a debian-like system:
local debian_pipeline(name, image,
arch='amd64',
deps=default_deps,
build_type='Release',
lto=false,
werror=true,
cmake_extra='',
extra_cmds=[],
jobs=6,
tests=true,
loki_repo=false,
allow_fail=false) = {
local rpm_pipeline(image, buildarch='amd64', rpmarch='x86_64', jobs=6) = {
kind: 'pipeline',
type: 'docker',
name: name,
platform: { arch: arch },
trigger: { branch: { exclude: ['debian/*', 'ubuntu/*'] } },
name: distro_name + ' (' + rpmarch + ')',
platform: { arch: buildarch },
steps: [
submodules,
{
name: 'build',
image: image,
[if allow_fail then "failure"]: "ignore",
environment: { SSH_KEY: { from_secret: "SSH_KEY" } },
environment: {
SSH_KEY: { from_secret: 'SSH_KEY' },
RPM_BUILD_NCPUS: jobs,
},
commands: [
'echo "Building on ${DRONE_STAGE_MACHINE}"',
'echo "man-db man-db/auto-update boolean false" | debconf-set-selections',
apt_get_quiet + ' update',
apt_get_quiet + ' install -y eatmydata',
] + (if loki_repo then [
'eatmydata ' + apt_get_quiet + ' install -y lsb-release',
'cp contrib/deb.loki.network.gpg /etc/apt/trusted.gpg.d',
'echo deb http://deb.loki.network $$(lsb_release -sc) main >/etc/apt/sources.list.d/loki.network.list',
'eatmydata ' + apt_get_quiet + ' update'
] else []
) + [
'eatmydata ' + apt_get_quiet + ' dist-upgrade -y',
'eatmydata ' + apt_get_quiet + ' install -y gdb cmake git pkg-config ccache ' + deps,
'mkdir build',
'cd build',
'cmake .. -DWITH_SETCAP=OFF -DCMAKE_CXX_FLAGS=-fdiagnostics-color=always -DCMAKE_BUILD_TYPE='+build_type+' ' +
(if werror then '-DWARNINGS_AS_ERRORS=ON ' else '') +
'-DWITH_LTO=' + (if lto then 'ON ' else 'OFF ') +
(if tests then '' else '-DWITH_TESTS=OFF ') +
cmake_extra,
'VERBOSE=1 make -j' + jobs,
]
+ (if tests then ['../contrib/ci/drone-gdb.sh ./test/testAll --use-colour yes'] else [])
+ extra_cmds,
}
],
};
local apk_builder(name, image, extra_cmds=[], allow_fail=false, jobs=6) = {
kind: 'pipeline',
type: 'docker',
name: name,
platform: {arch: "amd64"},
trigger: { branch: { exclude: ['debian/*', 'ubuntu/*'] } },
steps: [
submodules,
{
name: 'build',
image: image,
[if allow_fail then "failure"]: "ignore",
environment: { SSH_KEY: { from_secret: "SSH_KEY" }, ANDROID: "android" },
commands: [
'VERBOSE=1 JOBS='+jobs+' NDK=/usr/lib/android-ndk ./contrib/android.sh',
'git clone https://github.com/majestrate/lokinet-mobile',
'cp -av lokinet-jni-*/* lokinet-mobile/lokinet_lib/android/src/main/jniLibs/',
'cd lokinet-mobile',
'flutter build apk --debug',
'cd ..',
'cp lokinet-mobile/build/app/outputs/apk/debug/app-debug.apk lokinet.apk'
] + extra_cmds
}
]
};
// windows cross compile on debian
local windows_cross_pipeline(name, image,
arch='amd64',
build_type='Release',
lto=false,
werror=false,
cmake_extra='',
toolchain='32',
extra_cmds=[],
jobs=6,
allow_fail=false) = {
kind: 'pipeline',
type: 'docker',
name: name,
platform: { arch: arch },
trigger: { branch: { exclude: ['debian/*', 'ubuntu/*'] } },
steps: [
submodules,
{
name: 'build',
image: image,
[if allow_fail then "failure"]: "ignore",
environment: { SSH_KEY: { from_secret: "SSH_KEY" }, WINDOWS_BUILD_NAME: toolchain+"bit" },
commands: [
'echo "Building on ${DRONE_STAGE_MACHINE}"',
'echo "man-db man-db/auto-update boolean false" | debconf-set-selections',
apt_get_quiet + ' update',
apt_get_quiet + ' install -y eatmydata',
'eatmydata ' + apt_get_quiet + ' install -y build-essential cmake git pkg-config ccache g++-mingw-w64-x86-64-posix nsis zip automake libtool',
'update-alternatives --set x86_64-w64-mingw32-gcc /usr/bin/x86_64-w64-mingw32-gcc-posix',
'update-alternatives --set x86_64-w64-mingw32-g++ /usr/bin/x86_64-w64-mingw32-g++-posix',
'VERBOSE=1 JOBS=' + jobs + ' ./contrib/windows.sh'
] + extra_cmds,
}
dnf(rpmarch) + 'clean packages',
dnf(rpmarch) + 'distro-sync',
dnf(rpmarch) + 'install epel-release dnf-plugins-core',
dnf(rpmarch) + 'config-manager --add-repo https://rpm.oxen.io/centos/oxen.repo',
dnf(rpmarch) + 'config-manager --set-enabled powertools',
dnf(rpmarch) + 'install rpm-build python3-pip git make wget gcc openssl-devel gzip ccache',
'pip3 install git-archive-all',
'pkg_src_base="$(rpm -q --queryformat=\'%{NAME}-%{VERSION}\n\' --specfile SPECS/lokinet.spec | head -n 1)"',
'git-archive-all --prefix $pkg_src_base/ SOURCES/$pkg_src_base.src.tar.gz',
'wget https://curl.haxx.se/download/curl-7.79.1.tar.gz',
'gunzip -c curl-7.79.1.tar.gz | tar xvf -',
'cd curl-7.79.1',
'./configure --with-ssl',
'make',
'make install',
'cd ..',
dnf(rpmarch) + 'builddep --spec SPECS/lokinet.spec',
'if [ -n "$CCACHE_DIR" ]; then mkdir -pv ~/.cache; ln -sv "$CCACHE_DIR" ~/.cache/ccache; fi',
'rpmbuild --define "_topdir $(pwd)" -bb SPECS/lokinet.spec',
'./SPECS/ci-upload.sh ' + distro + ' ' + rpmarch,
],
},
],
};
// Builds a snapshot .deb on a debian-like system by merging into the debian/* or ubuntu/* branch
local deb_builder(image, distro, distro_branch, arch='amd64', loki_repo=true) = {
kind: 'pipeline',
type: 'docker',
name: 'DEB (' + distro + (if arch == 'amd64' then '' else '/' + arch) + ')',
platform: { arch: arch },
environment: { distro_branch: distro_branch, distro: distro },
steps: [
submodules,
{
name: 'build',
image: image,
failure: 'ignore',
environment: { SSH_KEY: { from_secret: "SSH_KEY" } },
commands: [
'echo "Building on ${DRONE_STAGE_MACHINE}"',
'echo "man-db man-db/auto-update boolean false" | debconf-set-selections'
] + (if loki_repo then [
'cp contrib/deb.loki.network.gpg /etc/apt/trusted.gpg.d',
'echo deb http://deb.loki.network $${distro} main >/etc/apt/sources.list.d/loki.network.list'
] else []) + [
apt_get_quiet + ' update',
apt_get_quiet + ' install -y eatmydata',
'eatmydata ' + apt_get_quiet + ' install -y git devscripts equivs ccache git-buildpackage python3-dev',
|||
# Look for the debian branch in this repo first, try upstream if that fails.
if ! git checkout $${distro_branch}; then
git remote add --fetch upstream https://github.com/oxen-io/loki-network.git &&
git checkout $${distro_branch}
fi
|||,
# Tell the merge how to resolve conflicts in the source .drone.jsonnet (we don't
# care about it at all since *this* .drone.jsonnet is already loaded).
'git config merge.ours.driver true',
'echo .drone.jsonnet merge=ours >>.gitattributes',
'git merge ${DRONE_COMMIT}',
'export DEBEMAIL="${DRONE_COMMIT_AUTHOR_EMAIL}" DEBFULLNAME="${DRONE_COMMIT_AUTHOR_NAME}"',
'gbp dch -S -s "HEAD^" --spawn-editor=never -U low',
'eatmydata mk-build-deps --install --remove --tool "' + apt_get_quiet + ' -o Debug::pkgProblemResolver=yes --no-install-recommends -y"',
'export DEB_BUILD_OPTIONS="parallel=$$(nproc)"',
#'grep -q lib debian/lokinet-bin.install || echo "/usr/lib/lib*.so*" >>debian/lokinet-bin.install',
'debuild -e CCACHE_DIR -b',
'./contrib/ci/drone-debs-upload.sh ' + distro,
]
}
]
};
// Macos build
local mac_builder(name,
build_type='Release',
werror=true,
cmake_extra='',
extra_cmds=[],
jobs=6,
allow_fail=false) = {
kind: 'pipeline',
type: 'exec',
name: name,
platform: { os: 'darwin', arch: 'amd64' },
steps: [
{ name: 'submodules', commands: ['git fetch --tags', 'git submodule update --init --recursive'] },
{
name: 'build',
environment: { SSH_KEY: { from_secret: "SSH_KEY" } },
commands: [
'echo "Building on ${DRONE_STAGE_MACHINE}"',
// If you don't do this then the C compiler doesn't have an include path containing
// basic system headers. WTF apple:
'export SDKROOT="$(xcrun --sdk macosx --show-sdk-path)"',
'ulimit -n 1024', // because macos sets ulimit to 256 for some reason yeah idk
'./contrib/mac.sh'
] + extra_cmds,
}
]
};
[
{
name: 'lint check',
kind: 'pipeline',
type: 'docker',
steps: [{
name: 'build', image: 'registry.oxen.rocks/lokinet-ci-lint',
commands: [
'echo "Building on ${DRONE_STAGE_MACHINE}"',
apt_get_quiet + ' update',
apt_get_quiet + ' install -y eatmydata',
'eatmydata ' + apt_get_quiet + ' install -y git clang-format-11',
'./contrib/ci/drone-format-verify.sh']
}]
},
// Various debian builds
debian_pipeline("Debian sid (amd64)", "debian:sid"),
debian_pipeline("Debian sid/Debug (amd64)", "debian:sid", build_type='Debug'),
debian_pipeline("Debian sid/clang-11 (amd64)", docker_base+'debian-sid', deps='clang-11 '+default_deps_nocxx,
cmake_extra='-DCMAKE_C_COMPILER=clang-11 -DCMAKE_CXX_COMPILER=clang++-11 '),
debian_pipeline("Debian buster (i386)", "i386/debian:buster", cmake_extra='-DDOWNLOAD_SODIUM=ON'),
debian_pipeline("Ubuntu focal (amd64)", docker_base+'ubuntu-focal'),
debian_pipeline("Ubuntu bionic (amd64)", "ubuntu:bionic", deps='g++-8 ' + default_deps_nocxx,
cmake_extra='-DCMAKE_C_COMPILER=gcc-8 -DCMAKE_CXX_COMPILER=g++-8', loki_repo=true),
// ARM builds (ARM64 and armhf)
debian_pipeline("Debian sid (ARM64)", "debian:sid", arch="arm64", jobs=4),
debian_pipeline("Debian buster (armhf)", "arm32v7/debian:buster", arch="arm64", cmake_extra='-DDOWNLOAD_SODIUM=ON', jobs=4),
// Static armhf build (gets uploaded)
debian_pipeline("Static (buster armhf)", "arm32v7/debian:buster", arch="arm64", deps='g++ python3-dev automake libtool',
cmake_extra='-DBUILD_STATIC_DEPS=ON -DBUILD_SHARED_LIBS=OFF -DSTATIC_LINK=ON ' +
'-DCMAKE_CXX_FLAGS="-march=armv7-a+fp" -DCMAKE_C_FLAGS="-march=armv7-a+fp" -DNATIVE_BUILD=OFF ' +
'-DWITH_SYSTEMD=OFF',
extra_cmds=[
'../contrib/ci/drone-check-static-libs.sh',
'UPLOAD_OS=linux-armhf ../contrib/ci/drone-static-upload.sh'
],
jobs=4),
// android apk builder
apk_builder("android apk", "registry.oxen.rocks/lokinet-ci-android", extra_cmds=['UPLOAD_OS=android ./contrib/ci/drone-static-upload.sh']),
// Windows builds (x64)
windows_cross_pipeline("Windows (amd64)", docker_base+'debian-win32-cross',
toolchain='64', extra_cmds=[
'./contrib/ci/drone-static-upload.sh'
]),
// Static build (on bionic) which gets uploaded to builds.lokinet.dev:
debian_pipeline("Static (bionic amd64)", docker_base+'ubuntu-bionic', deps='g++-8 python3-dev automake libtool', lto=true, tests=false,
cmake_extra='-DBUILD_STATIC_DEPS=ON -DBUILD_SHARED_LIBS=OFF -DSTATIC_LINK=ON -DCMAKE_C_COMPILER=gcc-8 -DCMAKE_CXX_COMPILER=g++-8 ' +
'-DCMAKE_CXX_FLAGS="-march=x86-64 -mtune=haswell" -DCMAKE_C_FLAGS="-march=x86-64 -mtune=haswell" -DNATIVE_BUILD=OFF ' +
'-DWITH_SYSTEMD=OFF',
extra_cmds=[
'../contrib/ci/drone-check-static-libs.sh',
'../contrib/ci/drone-static-upload.sh'
]),
// integration tests
debian_pipeline("Router Hive", "ubuntu:focal", deps='python3-dev python3-pytest python3-pybind11 ' + default_deps,
cmake_extra='-DWITH_HIVE=ON'),
// Deb builds:
deb_builder("debian:sid", "sid", "debian/sid"),
deb_builder("debian:buster", "buster", "debian/buster"),
deb_builder("ubuntu:focal", "focal", "ubuntu/focal"),
deb_builder("debian:sid", "sid", "debian/sid", arch='arm64'),
// Macos builds:
mac_builder('macOS (Release)'),
mac_builder('macOS (Debug)', build_type='Debug'),
rpm_pipeline(distro_docker),
// rpm_pipeline('arm64v8/' + distro_docker, buildarch='arm64', rpmarch='aarch64', jobs=4),
]

@ -0,0 +1,16 @@
diff --git a/llarp/config/config.cpp b/llarp/config/config.cpp
index 78d152602..8b07b0cec 100644
--- a/llarp/config/config.cpp
+++ b/llarp/config/config.cpp
@@ -703,7 +703,10 @@ namespace llarp
// can bind to other 127.* IPs to avoid conflicting with something else that may be listening on
// 127.0.0.1:53.
#ifdef __linux__
- constexpr Default DefaultDNSBind{"127.3.2.1:53"};
+ // Fedora's systemd-resolved seems unable to connect to 127.3.2.1 for unknown reasons,
+ // however since systemd-resolved is perfectly happy with a different port so listen on
+ // localhost:953 as a workaround.
+ constexpr Default DefaultDNSBind{"127.0.0.1:953"};
#else
constexpr Default DefaultDNSBind{"127.0.0.1:53"};
#endif

@ -0,0 +1,23 @@
commit 73f0432b2873d3af91a0c8cf2dd107463318b9d9
Author: Jason Rhinelander <jason@imaginary.ca>
Date: Wed Aug 11 18:24:11 2021 -0300
Fix default upstream DNS not working
The default upstream DNS was being set to 1.1.1.1:0, which doesn't work.
This fixes it to also set the port so that default upstream resolution
(i.e. with an empty config) works again.
diff --git a/llarp/config/config.cpp b/llarp/config/config.cpp
index bef3e521f..721a479df 100644
--- a/llarp/config/config.cpp
+++ b/llarp/config/config.cpp
@@ -711,6 +711,8 @@ namespace llarp
// Default, but if we get any upstream (including upstream=, i.e. empty string) we clear it
constexpr Default DefaultUpstreamDNS{"1.1.1.1"};
m_upstreamDNS.emplace_back(DefaultUpstreamDNS.val);
+ if (!m_upstreamDNS.back().getPort())
+ m_upstreamDNS.back().setPort(53);
conf.defineOption<std::string>(
"dns",

@ -0,0 +1,21 @@
[Unit]
Description=LokiNET: Anonymous Network layer thingydoo, client
AssertFileNotEmpty=/var/lib/lokinet/bootstrap.signed
Wants=network-online.target
After=network-online.target
[Service]
User=_lokinet
Type=notify
WatchdogSec=30s
SyslogIdentifier=lokinet
WorkingDirectory=/var/lib/lokinet
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
ExecStart=/usr/bin/lokinet /var/lib/lokinet/lokinet.ini
Environment=LOKINET_NETID=lokinet
Restart=always
RestartSec=5s
[Install]
WantedBy=multi-user.target

@ -0,0 +1,28 @@
From: Jason Rhinelander <jason@imaginary.ca>
Date: Fri, 13 Dec 2019 17:23:41 -0400
Subject: Pass debian version as GIT_VERSION
---
cmake/Version.cmake | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/cmake/Version.cmake b/cmake/Version.cmake
index 45037a0..d9fdaef 100644
--- a/cmake/Version.cmake
+++ b/cmake/Version.cmake
@@ -1,4 +1,8 @@
+if(GIT_VERSION)
+ set(VERSIONTAG "${GIT_VERSION}")
+ configure_file("${CMAKE_CURRENT_SOURCE_DIR}/constants/version.cpp.in" "${CMAKE_CURRENT_BINARY_DIR}/constants/version.cpp")
+else()
find_package(Git QUIET)
set(GIT_INDEX_FILE "${PROJECT_SOURCE_DIR}/.git/index")
if(EXISTS ${GIT_INDEX_FILE} AND ( GIT_FOUND OR Git_FOUND) )
@@ -18,5 +22,6 @@ else()
set(VERSIONTAG "nogit")
configure_file("${CMAKE_CURRENT_SOURCE_DIR}/constants/version.cpp.in" "${CMAKE_CURRENT_BINARY_DIR}/constants/version.cpp")
endif()
+endif()
add_custom_target(genversion DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/constants/version.cpp")

@ -0,0 +1,59 @@
#!/usr/bin/env bash
# Script used with Drone CI to upload build artifacts (because specifying all this in
# .drone.jsonnet is too painful).
set -o errexit
if [ -z "$SSH_KEY" ]; then
echo -e "\n\n\n\e[31;1mUnable to upload artifact: SSH_KEY not set\e[0m"
# Just warn but don't fail, so that this doesn't trigger a build failure for untrusted builds
exit 0
fi
echo "$SSH_KEY" >ssh_key
set -o xtrace # Don't start tracing until *after* we write the ssh key
chmod 600 ssh_key
distro="${1:-unknown}"
rpmarch="${2:-x86_64}"
base="rpm-$distro-$(date --date=@$DRONE_BUILD_CREATED +%Y%m%dT%H%M%SZ)-${DRONE_COMMIT:0:9}"
br="${DRONE_BRANCH// /_}"
br="${br//\//-}"
upload_to="builds.lokinet.dev/${DRONE_REPO// /_}/$br/$base"
put=
for rpm in RPMS/${rpmarch}/*.rpm; do
put+=$'\n'"put $rpm $upload_to"
echo -e "\n\n\e[35;1m$rpm contents:\e[0m"
rpm --query --list $rpm
done
# sftp doesn't have any equivalent to mkdir -p, so we have to split the above up into a chain of
# -mkdir a/, -mkdir a/b/, -mkdir a/b/c/, ... commands. The leading `-` allows the command to fail
# without error.
upload_dirs=(${upload_to//\// })
mkdirs=
dir_tmp=""
for p in "${upload_dirs[@]}"; do
dir_tmp="$dir_tmp$p/"
mkdirs="$mkdirs
-mkdir $dir_tmp"
done
sftp -i ssh_key -b - -o StrictHostKeyChecking=off drone@builds.lokinet.dev <<SFTP
$mkdirs
$put
SFTP
set +o xtrace
echo -e "\n\n\n\n\e[32;1mUploaded to https://${upload_to}\e[0m\n\n\n"

@ -0,0 +1,199 @@
Name: lokinet
Version: 0.9.6
Release: 1%{?dist}
Summary: Lokinet anonymous, decentralized overlay network
License: GPLv3+
URL: https://lokinet.org
Source0: %{name}-%{version}.src.tar.gz
%global sonamever %{version}
BuildRequires: cmake
BuildRequires: gcc-c++
BuildRequires: pkgconfig
BuildRequires: libuv-devel
BuildRequires: oxenmq-devel
BuildRequires: unbound-devel
BuildRequires: libsodium-devel
BuildRequires: systemd-devel
BuildRequires: systemd-rpm-macros
BuildRequires: jemalloc-devel
BuildRequires: libsqlite3x-devel
# Puts the rpm version instead of the git tag in the version string:
Patch1: version-as-rpm-version.patch
# Backport default upstream dns not working from PR 1715:
Patch2: default-upstream-dns.patch
Requires: lokinet-bin = %{version}-%{release}
%{?systemd_requires}
%description
Lokinet private, decentralized, market-based, Sybil resistant overlay network
for the internet. Lokinet uses Oxen Service Nodes as relays to provide
censorship resistance and privacy for communication between Lokinet network
clients.
This package contains the lokinet configuration and dependencies needed to
connect to lokinet as a client or SNapp.
%package bin
Summary: Lokinet anonymous, decentralized overlay network -- binaries
Requires: epel-release
%description bin
This package contains the common binaries for lokinet packages. Most users will
want to install the lokinet package rather than this one to run lokinet as a
system service.
%package monitor
Summary: lokinetmon monitoring tool for lokinet
Requires: python3
Requires: python3-zmq
Recommends: lokinet
%description monitor
This package contains the lokinetmon command-line tool for advanced monitoring
of a running lokinet instance.
%prep
%autosetup -p1
%build
%define cmake_extra_args %{nil}
%ifarch x86_64
export CXXFLAGS="%{optflags} -mtune=haswell"
export CFLAGS="%{optflags} -mtune=haswell"
%endif
%ifarch aarch64
%define cmake_extra_args -DNON_PC_TARGET=ON
export CXXFLAGS="%{optflags} -march=armv8-a+crc -mtune=cortex-a72"
export CFLAGS="%{optflags} -march=armv8-a+crc -mtune=cortex-a72"
%endif
%ifarch %{arm}
%define cmake_extra_args -DNON_PC_TARGET=ON
export CXXFLAGS="%{optflags} -march=armv6 -mtune=cortex-a53 -mfloat-abi=hard -mfpu=vfp"
export CFLAGS="%{optflags} -march=armv6 -mtune=cortex-a53 -mfloat-abi=hard -mfpu=vfp"
%endif
%undefine __cmake_in_source_build
%cmake -DNATIVE_BUILD=OFF -DUSE_AVX2=OFF -DWITH_TESTS=OFF %{cmake_extra_args} -DCMAKE_BUILD_TYPE=Release -DGIT_VERSION="%{release}" -DWITH_SETCAP=OFF -DSUBMODULE_CHECK=OFF -DBUILD_SHARED_LIBS=OFF -DBUILD_LIBLOKINET=OFF -DWITH_LTO=OFF
%cmake_build
%install
%cmake_install
install -m755 contrib/py/admin/lokinetmon $RPM_BUILD_ROOT/%{_bindir}/
install -Dm644 SOURCES/lokinet.service $RPM_BUILD_ROOT/%{_unitdir}/lokinet.service
install -Dm644 contrib/systemd-resolved/lokinet.rules $RPM_BUILD_ROOT/%{_datadir}/polkit-1/rules.d/50-lokinet.rules
install -Dm644 SOURCES/dnssec-lokinet.negative $RPM_BUILD_ROOT%{_exec_prefix}/lib/dnssec-trust-anchors.d/lokinet.negative
%files
%license LICENSE.txt
%doc readme.*
%{_datadir}/polkit-1/rules.d/50-lokinet.rules
%{_unitdir}/lokinet.service
%files bin
%{_bindir}/lokinet
%{_bindir}/lokinet-bootstrap
%{_bindir}/lokinet-vpn
%{_exec_prefix}/lib/dnssec-trust-anchors.d/lokinet.negative
%files monitor
%{_bindir}/lokinetmon
%pre bin
# Create the _lokinet/_loki user/group
if ! getent group _loki >/dev/null; then
groupadd --system _loki
fi
if ! getent passwd _lokinet >/dev/null; then
useradd --system --home-dir /var/lib/lokinet --group _loki --comment "Lokinet system user" _lokinet
fi
# Make sure the _lokinet user is part of the _loki group (in case it already existed)
if ! id -Gn _lokinet | grep -qw _loki; then
usermod _lokinet -g _loki
fi
%post
datadir=/var/lib/lokinet
mkdir -p $datadir
chown _lokinet:_loki $datadir
if ! [ -e /var/lib/lokinet/bootstrap.signed ]; then
/usr/bin/lokinet-bootstrap lokinet /var/lib/lokinet/bootstrap.signed
chown _lokinet:_loki /var/lib/lokinet/bootstrap.signed
fi
if ! [ -e /etc/loki/lokinet.ini ]; then
mkdir -p /etc/loki
/usr/bin/lokinet -g /etc/loki/lokinet.ini
chmod 640 /etc/loki/lokinet.ini
chown _lokinet:_loki /etc/loki/lokinet.ini
ln -sf /etc/loki/lokinet.ini /var/lib/lokinet/lokinet.ini
fi
%systemd_post lokinet.service
systemctl enable --now lokinet
%preun
%systemd_preun lokinet.service
%postun
%systemd_postun lokinet.service
%changelog
* Mon Oct 11 2021 Technical Tumbleweed <necro_nemesis@hotmail.com - 0.9.6
- Build with -DWITH_LTO=OFF
- Enable and start service with POSTINST using systemctl enable --now
* Mon Sep 27 2021 Technical Tumbleweed <necro_nemesis@hotmail.com - 0.9.6
- Remove dns listener port patch used for Fedora use standard 127.0.0.1:53 tested working.
- postinst requires changes
* Sat Sep 25 2021 Technical Tumbleweed <necro_nemesis@hotmail.com> - 0.9.6
- Remove libcurl-devel from required build dependencies which is to be provided by
building and installing curl v7.79.1 with --ssl. If libcurl-devel is installed remove the package prior to
installation of v7.79.1.
- Add epel-release to build dependencies in order to provide *-devel libs source required.
- enable powertools `dnf config-manager --set-enabled powertools` to provide access to installation of libuv-devel
or install via `dnf --enablerepo=powertools install libuv-devel`
- remove `--badnames` from useradd in postinst
* Thu Aug 12 2021 Jason Rhinelander <jason@imaginary.ca> - 0.9.5-6
- Change default dns port from 1053 to 953 so that it is still privileged.
* Wed Aug 11 2021 Jason Rhinelander <jason@imaginary.ca> - 0.9.5-5
- Apply default upstream dns patch from PR #1715
* Wed Aug 11 2021 Jason Rhinelander <jason@imaginary.ca> - 0.9.5-4
- Change default DNS address to 127.0.0.1:1053 because systemd-resolved has trouble with 127.3.2.1
for unknown reasons.
- Make it work
* Tue Aug 10 2021 Jason Rhinelander <jason@imaginary.ca> - 0.9.5-3
- Updated for rpm.oxen.io packaging
- Split into lokinet/lokinet-bin/lokinet-monitor packages
* Thu Jul 22 2021 Technical Tumbleweed (necro_nemesis@hotmail.com) Lokinet 0.9.5
- Build with systemd-resolved and binary lokinet-bootstrap
* Sun Mar 07 2021 Technical Tumbleweed (necro_nemesis@hotmail.com) Lokinet 0.8.2
- First Lokinet RPM
Loading…
Cancel
Save