From eadf70ee381c0690443aa6085c970b72943619af Mon Sep 17 00:00:00 2001 From: Jacek Galowicz Date: Sat, 14 Dec 2024 14:46:00 +0100 Subject: [PATCH] Generate and test RPM package for Fedora --- flake.nix | 6 ++- pkgs/package-rpm.nix | 57 +++++++++++++++++++++ tests/legacy-distro-packaging.nix | 71 +++++++++++++++++++++++++++ tests/packaging/deb.nix | 44 ----------------- tests/{packaging => }/prepare-test.sh | 0 5 files changed, 133 insertions(+), 45 deletions(-) create mode 100644 pkgs/package-rpm.nix create mode 100644 tests/legacy-distro-packaging.nix delete mode 100644 tests/packaging/deb.nix rename tests/{packaging => }/prepare-test.sh (100%) diff --git a/flake.nix b/flake.nix index ddec834..851b556 100644 --- a/flake.nix +++ b/flake.nix @@ -93,6 +93,9 @@ packages.package-deb = pkgs.callPackage ./pkgs/package-deb.nix { rosenpass = pkgs.pkgsStatic.rosenpass; }; + packages.package-rpm = pkgs.callPackage ./pkgs/package-rpm.nix { + rosenpass = pkgs.pkgsStatic.rosenpass; + }; # ### Reading materials ### @@ -163,9 +166,10 @@ { nativeBuildInputs = [ pkgs.nodePackages.prettier ]; } '' cd ${./.} && prettier --check . && touch $out ''; - } // pkgs.lib.optionalAttrs (system == "x86_64-linux") (import ./tests/packaging/deb.nix { + } // pkgs.lib.optionalAttrs (system == "x86_64-linux") (import ./tests/legacy-distro-packaging.nix { inherit pkgs; rosenpass-deb = self.packages.${system}.package-deb; + rosenpass-rpm = self.packages.${system}.package-rpm; }); formatter = pkgs.nixpkgs-fmt; diff --git a/pkgs/package-rpm.nix b/pkgs/package-rpm.nix new file mode 100644 index 0000000..aaf6de3 --- /dev/null +++ b/pkgs/package-rpm.nix @@ -0,0 +1,57 @@ +{ lib, system, runCommand, rosenpass, rpm }: + +let + splitVersion = lib.strings.splitString "-" rosenpass.version; + version = builtins.head splitVersion; + release = + if builtins.length splitVersion != 2 + then "release" + else builtins.elemAt splitVersion 1; + arch = builtins.head (builtins.split "-" system); +in + +runCommand "rosenpass-${version}.deb" { } '' + mkdir -p rpmbuild/SPECS + + cat << EOF > rpmbuild/SPECS/rosenpass.spec + Name: rosenpass + Release: ${release} + Version: ${version} + Summary: Post-quantum-secure VPN key exchange + License: Apache-2.0 + + %description + Post-quantum-secure VPN tool Rosenpass + Rosenpass is a post-quantum-secure VPN + that uses WireGuard to transport the actual data. + + %files + /usr/bin/rosenpass + /usr/bin/rp + /etc/systemd/system/rosenpass.target + /etc/systemd/system/rosenpass@.service + /etc/systemd/system/rp@.service + /etc/rosenpass/example.toml + EOF + + buildroot=rpmbuild/BUILDROOT/rosenpass-${version}-${release}.${arch} + mkdir -p $buildroot/usr/bin + install -m755 -t $buildroot/usr/bin ${rosenpass}/bin/* + + mkdir -p $buildroot/etc/rosenpass + cp -r ${rosenpass}/lib/systemd $buildroot/etc/ + chmod -R 744 $buildroot/etc/systemd + cp ${./example.toml} $buildroot/etc/rosenpass/example.toml + + export HOME=/build + mkdir -p /build/tmp + ls -R rpmbuild + + ${rpm}/bin/rpmbuild \ + -bb \ + --dbpath=$HOME \ + --define "_tmppath /build/tmp" \ + rpmbuild/SPECS/rosenpass.spec + + cp rpmbuild/RPMS/${arch}/rosenpass*.rpm $out +'' diff --git a/tests/legacy-distro-packaging.nix b/tests/legacy-distro-packaging.nix new file mode 100644 index 0000000..5c09b2c --- /dev/null +++ b/tests/legacy-distro-packaging.nix @@ -0,0 +1,71 @@ +{ pkgs, rosenpass-deb, rosenpass-rpm }: + +let + wg-deb = pkgs.fetchurl { + url = "http://ftp.de.debian.org/debian/pool/main/w/wireguard/wireguard-tools_1.0.20210914-1.1_amd64.deb"; + hash = "sha256-s/hCUisQLR19kEbV6d8JXzzTAWUPM+NV0APgHizRGA4="; + }; + wg-rpm = pkgs.fetchurl { + url = "https://mirrors.n-ix.net/fedora/linux/releases/40/Everything/x86_64/os/Packages/w/wireguard-tools-1.0.20210914-6.fc40.x86_64.rpm"; + hash = "sha256-lh6kCW5gh9bfuOwzjPv96ol1d6u1JTIr/oKH5QbAlK0="; + }; + + pkgsDirDeb = pkgs.runCommand "packages" { } '' + mkdir $out + cp ${rosenpass-deb} $out/rosenpass.deb + cp ${wg-deb} $out/wireguard.deb + cp ${./prepare-test.sh} $out/prepare-test.sh + ''; + pkgsDirRpm = pkgs.runCommand "packages" { } '' + mkdir $out + cp ${rosenpass-rpm} $out/rosenpass.rpm + cp ${wg-rpm} $out/wireguard.rpm + cp ${./prepare-test.sh} $out/prepare-test.sh + ''; + + test = { tester, installPrefix, suffix, source }: (tester { + sharedDirs.share = { + inherit source; + target = "/mnt/share"; + }; + testScript = '' + vm.wait_for_unit("multi-user.target") + vm.succeed("${installPrefix} /mnt/share/wireguard.${suffix}") + vm.succeed("${installPrefix} /mnt/share/rosenpass.${suffix}") + vm.succeed("bash /mnt/share/prepare-test.sh") + + vm.succeed(f"systemctl start rp@server") + vm.succeed(f"systemctl start rp@client") + + vm.wait_for_unit("rp@server.service") + vm.wait_for_unit("rp@client.service") + + vm.wait_until_succeeds("wg show all preshared-keys | grep --invert-match none", timeout=5); + + psk_server = vm.succeed("wg show rp-server preshared-keys").strip().split()[-1] + psk_client = vm.succeed("wg show rp-client preshared-keys").strip().split()[-1] + + assert psk_server == psk_client, "preshared-key exchange must be successful" + ''; + }).sandboxed; +in +{ + package-deb-debian-13 = test { + tester = pkgs.testers.legacyDistros.debian."13"; + installPrefix = "dpkg --install"; + suffix = "deb"; + source = pkgsDirDeb; + }; + package-deb-ubuntu-23_10 = test { + tester = pkgs.testers.legacyDistros.ubuntu."23_10"; + installPrefix = "dpkg --install"; + suffix = "deb"; + source = pkgsDirDeb; + }; + package-rpm-fedora_40 = test { + tester = pkgs.testers.legacyDistros.fedora."40"; + installPrefix = "rpm -i"; + suffix = "rpm"; + source = pkgsDirRpm; + }; +} diff --git a/tests/packaging/deb.nix b/tests/packaging/deb.nix deleted file mode 100644 index 994d93c..0000000 --- a/tests/packaging/deb.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ pkgs, rosenpass-deb }: - -let - wg-deb = pkgs.fetchurl { - url = "http://ftp.de.debian.org/debian/pool/main/w/wireguard/wireguard-tools_1.0.20210914-1.1_amd64.deb"; - hash = "sha256-s/hCUisQLR19kEbV6d8JXzzTAWUPM+NV0APgHizRGA4="; - }; - pkgsDir = pkgs.runCommand "packages" {} '' - mkdir $out - cp ${rosenpass-deb} $out/rosenpass.deb - cp ${wg-deb} $out/wireguard.deb - cp ${./prepare-test.sh} $out/prepare-test.sh - ''; - - testAttrs = { - sharedDirs.share = { - source = pkgsDir; - target = "/mnt/share"; - }; - testScript = '' - vm.wait_for_unit("multi-user.target") - vm.succeed("dpkg --install /mnt/share/wireguard.deb") - vm.succeed("dpkg --install /mnt/share/rosenpass.deb") - vm.succeed("bash /mnt/share/prepare-test.sh") - - vm.succeed(f"systemctl start rp@server") - vm.succeed(f"systemctl start rp@client") - - vm.wait_for_unit("rp@server.service") - vm.wait_for_unit("rp@client.service") - - vm.wait_until_succeeds("wg show all preshared-keys | grep --invert-match none", timeout=5); - - psk_server = vm.succeed("wg show rp-server preshared-keys").strip().split()[-1] - psk_client = vm.succeed("wg show rp-client preshared-keys").strip().split()[-1] - - assert psk_server == psk_client, "preshared-key exchange must be successful" - ''; - }; -in -{ - debian-13 = (pkgs.testers.legacyDistros.debian."13" testAttrs).sandboxed; - ubuntu-23_10 = (pkgs.testers.legacyDistros.ubuntu."23_10" testAttrs).sandboxed; -} diff --git a/tests/packaging/prepare-test.sh b/tests/prepare-test.sh similarity index 100% rename from tests/packaging/prepare-test.sh rename to tests/prepare-test.sh