You are not logged in.

#1 2018-01-09 05:22:37

chapatt
Member
Registered: 2010-12-23
Posts: 24

Please Review PKGBUILDs for GoCD

So, first time I've written a PKGBUILD that wasn't just for me. I think I've got it right, but I'd like feedback (especially about exiting with non-zero of package() due to not having a required user). I have been using the software solidly for a day and a half, so it's functionally tested on my system.

There are two packages, the server and agent halfs of a Continuous Deployment/Continuous Integration system.

Thanks.

# Maintainer: Chase Patterson <chapatt at gmail dot com>
pkgname=go-server
pkgver=17.12.0
pkgrel=1
pkgdesc='GoCD (continuous delivery) server'
arch=('any')
url='http://gocd.org'
license=('Apache')
source=("go-server-17.12.0-5626.zip::https://download.gocd.org/binaries/17.12.0-5626/generic/g
o-server-17.12.0-5626.zip"
        'go-server.service')
sha1sums=('5fe9b431923a58b67941fb55ad962dae57934b62'
          '1e42d13f8fbafd96a4c45c70b31b1329018689f8')
depends=('java-runtime>=8')

package()
{
        errormsg="Create user \`go' with primary group \`go' before installing."
        # user go exists, save primary group id
        if gid=`id -g go 2>&1`; then
                # saved gid is not that of group go
                if [ $gid != `getent group go | cut -d: -f3` ]; then 
                        echo "User \`go' does not have primary group \`go'." \
                                "$errormsg"
                        return 1
                fi
        else
                echo "User \`go' does not exist." "$errormsg"
                return 1
        fi

        install -dm755 -o go -g go "$pkgdir"/usr/share/go-server/
        install -dm755 -o go -g go "$pkgdir"/var/lib/go-server/
        install -dm755 -o go -g go "$pkgdir"/var/log/go-server/

        install -Dm644 go-server.service \
                "$pkgdir"/usr/lib/systemd/system/go-server.service

        cd $pkgname-$pkgver/
        install -Dm644 go-server.default "$pkgdir"/etc/default/go-server
        install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
        install -Dm644 go.jar "$pkgdir"/usr/share/$pkgname/go.jar
        install -Dm755 server.sh "$pkgdir"/usr/share/$pkgname/server.sh
        install -Dm755 stop-server.sh "$pkgdir"/usr/share/$pkgname/stop-server.sh
}
# Maintainer: Chase Patterson <chapatt at gmail dot com>
pkgname=go-agent
pkgver=17.12.0
pkgrel=1
pkgdesc='GoCD (continuous delivery) agent'
arch=('any')
url='http://gocd.org'
license=('Apache')
source=("go-agent-17.12.0-5626.zip::https://download.gocd.org/binaries/17.12.0-5626/generic/go
-agent-17.12.0-5626.zip"
        'go-agent.service')
sha1sums=('fb13b25b01e08342c0979e0367ddf48ca346ff98'
          '928d09b49c3239d7cb0abeebdc2ef329b5b62c68')
depends=('java-runtime>=8')

package()
{
        errormsg="Create user \`go' with primary group \`go' before installing."
        # user go exists, save primary group id
        if gid=`id -g go 2>&1`; then
                # saved gid is not that of group go
                if [ $gid != `getent group go | cut -d: -f3` ]; then 
                        echo "User \`go' does not have primary group \`go'." "$errormsg"
                        return 1
                fi
        else
                echo "User \`go' does not exist." "$errormsg"
                return 1
        fi

        install -dm755 -o go -g go "$pkgdir"/usr/share/go-agent/
        install -dm755 -o go -g go "$pkgdir"/var/lib/go-agent
        install -dm755 -o go -g go "$pkgdir"/var/lib/go-agent/config
        install -dm755 -o go -g go "$pkgdir"/var/log/go-agent/

        install -Dm644 go-agent.service \
                "$pkgdir"/usr/lib/systemd/system/go-agent.service

        cd $pkgname-$pkgver/
        install -Dm644 go-agent.default "$pkgdir"/etc/default/go-agent
        install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
        install -Dm644 agent-bootstrapper.jar \
                "$pkgdir"/usr/share/$pkgname/agent-bootstrapper.jar
        install -Dm755 agent.sh "$pkgdir"/usr/share/$pkgname/agent.sh
        install -Dm755 stop-agent.sh "$pkgdir"/usr/share/$pkgname/stop-agent.sh
}

Almost forgot--here are the systemd units I had to write.

go-server.service

[Unit]
Description=GoCD server
Wants=network.target remote-fs.target
After=network.target remote-fs.target

[Service]
User=go
Group=go
Type=forking
PIDFile=/var/lib/go-server/go-server.pid
ExecStart=/usr/share/go-server/server.sh service_mode
ExecStop=/usr/share/go-server/stop-server.sh service_mode
KillMode=process

[Install]
WantedBy=multi-user.target

go-agent.service

[Unit]
Description=GoCD agent
Wants=network.target remote-fs.target
After=network.target remote-fs.target

[Service]
User=go
Group=go
Type=forking
PIDFile=/var/lib/go-agent/go-agent.pid
ExecStart=/usr/share/go-agent/agent.sh go-agent service_mode
ExecStop=/usr/share/go-agent/stop-agent.sh go-agent service_mode
KillMode=process

[Install]
WantedBy=multi-user.target

Last edited by chapatt (2018-01-09 05:27:20)

Offline

#2 2018-01-09 05:25:46

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,466

Re: Please Review PKGBUILDs for GoCD

Without looking too closely, your handling of users and groups is totally wrong. What happens when you install the built package on a different machine? You either need to pick a static UID/GID or use systemd-sysusers and systemd-tmpfiles.

Online

#3 2018-01-09 05:52:29

chapatt
Member
Registered: 2010-12-23
Posts: 24

Re: Please Review PKGBUILDs for GoCD

Ah, perfect--systemd-sysusers looks like just what I was looking for. I will play around with this and try again.

I had thought I read something to lead me to believe the username was hardcoded somewhere, but now that I look around, I think that was just an artifact of their init scripts.

Offline

#4 2018-01-09 16:25:36

chapatt
Member
Registered: 2010-12-23
Posts: 24

Re: Please Review PKGBUILDs for GoCD

Okay, here's what I have now.
https://github.com/chapatt/go-server
https://github.com/chapatt/go-agent

It looks like I had to use systemd-sysusers with static ids because systemd-tmpfiles isn't really for persistent storage, and in order to give permissions on /var/lib/go-{agent,server} before systemd-sysusers had created them, I had to use ids. Should I add the ids I used to https://wiki.archlinux.org/index.php/De … D_Database?

Offline

#5 2018-01-09 18:55:12

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: Please Review PKGBUILDs for GoCD

The UID/GID database is for official packages only, you cannot edit it if you try.

I don't see the problem with using systemd-tmpfiles though, it is often used to create persistent data directories that need to be owned by a given user. In fact, we are running a TODO to fix exactly that for all Arch packages, so I've spent the last couple days migrating packages to tmpfiles: https://www.archlinux.org/todo/switch-t … -sysusers/

You can have things owned by a given user rather than a static ID, and since the systemd-sysusers hook runs before the systemd-tmpfiles hook, this works seamlessly. Unless the software itself requires a specific ID in its source code.

Last edited by eschwartz (2018-01-09 18:57:09)


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#6 2018-01-09 21:33:50

chapatt
Member
Registered: 2010-12-23
Posts: 24

Re: Please Review PKGBUILDs for GoCD

As long as no one runs systemd-tmpfiles --remove, it's persistent, apparently.

They're updated to use systemd-tmpfiles to make the files writable by the unpriveleged application user, and to no longer request static ids from systemd-sysusers.

Offline

#7 2018-01-09 21:59:12

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: Please Review PKGBUILDs for GoCD

Even if someone uses systemd-tmpfiles --remove, it is still persistent unless you create the directories using "D" instead of "d".

See tmpfiles.d(5) for details.


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#8 2018-01-10 17:52:59

chapatt
Member
Registered: 2010-12-23
Posts: 24

Re: Please Review PKGBUILDs for GoCD

I, see. Very cool. That clears up any lingering qualms I had over using tmpfiles. Thanks.

Offline

Board footer

Powered by FluxBB