diff --git a/Dockerfile b/Dockerfile index a1d2c81..77a2f00 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,9 +11,10 @@ ARG BUILD_ARCH=armhf COPY apt-ci-hardening /etc/apt/apt.conf.d/99-ci-hardening COPY --chmod=0755 retry /usr/local/bin/retry +COPY --chmod=0755 apt_check /usr/local/bin/apt_check COPY --chmod=0755 apt_update /usr/local/bin/apt_update COPY --chmod=0755 apt_install /usr/local/bin/apt_install -RUN apt_update && apt_install -y wget +RUN apt_update && apt_install -y wget iproute2 && apt_check # Checks if the 'crossbuilder' user exists. RUN if ! id crossbuilder 2>/dev/null;then \ diff --git a/Dockerfile-cross b/Dockerfile-cross index b1b6744..8713140 100644 --- a/Dockerfile-cross +++ b/Dockerfile-cross @@ -8,13 +8,14 @@ ARG BUILD_GID=499 ARG KEEP_BUILD_ARTIFACTS=FALSE ARG TARGET_DIR=NON_EXISTENT_FILE ARG BUILD_ARCH=armhf -ARG EARLY_EXIT_STEP= +ARG EARLY_EXIT_STEP="" COPY apt-ci-hardening /etc/apt/apt.conf.d/99-ci-hardening COPY --chmod=0755 retry /usr/local/bin/retry +COPY --chmod=0755 apt_check /usr/local/bin/apt_check COPY --chmod=0755 apt_update /usr/local/bin/apt_update COPY --chmod=0755 apt_install /usr/local/bin/apt_install -RUN apt_update && apt_install -y wget +RUN apt_update && apt_install -y wget iproute2 && apt_check RUN groupadd -g $BUILD_GID crossbuilder RUN useradd -d /home/crossbuilder -m -g $BUILD_GID -u $BUILD_UID -s /bin/bash crossbuilder diff --git a/apt-ci-hardening b/apt-ci-hardening index f00e383..6a26638 100644 --- a/apt-ci-hardening +++ b/apt-ci-hardening @@ -11,4 +11,4 @@ Acquire::ForceIPv4 "true"; Acquire::CompressionTypes::Order { "gz"; "xz"; }; # Be tolerant of transient mirror issues -Acquire::Check-Valid-Until "false"; \ No newline at end of file +Acquire::Check-Valid-Until "false"; diff --git a/apt_check b/apt_check new file mode 100755 index 0000000..f20d7ba --- /dev/null +++ b/apt_check @@ -0,0 +1,36 @@ +#!/bin/bash + +set -e + +REPO_HOST="aptrepo.effective-range.com" + +DNS_RESULT=$(getent hosts "$REPO_HOST") +if [ -z "$DNS_RESULT" ]; then + echo "[ERROR] DNS resolution failed for $REPO_HOST" >&2 + exit 1 +else + echo "[INFO] DNS resolution for $REPO_HOST: $DNS_RESULT" + REPO_IP=$(echo "$DNS_RESULT" | awk '{print $1}') +fi + +ROUTE_RESULT=$(ip route get "$REPO_IP" 2>&1) +if [ $? -ne 0 ]; then + echo "[ERROR] No route to host $REPO_HOST ($REPO_IP)" >&2 + echo "$ROUTE_RESULT" + exit 2 +else + echo "[INFO] Route to $REPO_HOST ($REPO_IP):" + echo "$ROUTE_RESULT" +fi + +KEY_URL="http://$REPO_HOST/effectiverange.gpg.key" +echo "[INFO] Checking HTTP connectivity to $KEY_URL..." +if ! wget --spider --timeout=10 --tries=2 "$KEY_URL"; then + echo "[ERROR] Failed to fetch $KEY_URL" >&2 + exit 3 +else + echo "[INFO] Successfully fetched $KEY_URL" +fi + +echo "[INFO] All connectivity checks passed for $REPO_HOST" +exit 0 diff --git a/retry b/retry index cd74246..1e97d42 100755 --- a/retry +++ b/retry @@ -1,7 +1,7 @@ #!/bin/bash n=0 -max=5 -delay=2 +max=3 +delay=1 until "$@"; do ((n++)) if [ "$n" -ge "$max" ]; then diff --git a/scripts/build_steps_armhf/04-schroot_setup b/scripts/build_steps_armhf/04-schroot_setup index 5362df1..ee21dd2 100755 --- a/scripts/build_steps_armhf/04-schroot_setup +++ b/scripts/build_steps_armhf/04-schroot_setup @@ -28,9 +28,9 @@ EOF # Fetch the latest raspberrypi-archive-keyring .deb and install it in the chroot RPI_KEYRING_URL="https://archive.raspberrypi.com/debian/pool/main/r/raspberrypi-archive-keyring" -RPI_KEYRING_DEB=$(retry curl -4 -fSL --connect-timeout 5 --max-time 20 --retry 8 --retry-all-errors --retry-delay 1 "${RPI_KEYRING_URL}/" \ +RPI_KEYRING_DEB=$(curl -4 -fSL --connect-timeout 5 --max-time 20 --retry 5 --retry-all-errors --retry-delay 1 "${RPI_KEYRING_URL}/" \ | grep -oP 'raspberrypi-archive-keyring_[^"]+_all\.deb' | sort -V | tail -1) -retry curl -4 -fSL --connect-timeout 5 --max-time 20 --retry 8 --retry-all-errors --retry-delay 1 "${RPI_KEYRING_URL}/${RPI_KEYRING_DEB}" -o "/tmp/${RPI_KEYRING_DEB}" +curl -4 -fSL --connect-timeout 5 --max-time 20 --retry 5 --retry-all-errors --retry-delay 1 "${RPI_KEYRING_URL}/${RPI_KEYRING_DEB}" -o "/tmp/${RPI_KEYRING_DEB}" cp "/tmp/${RPI_KEYRING_DEB}" "/var/chroot/buildroot/tmp/${RPI_KEYRING_DEB}" chroot /var/chroot/buildroot dpkg -i "/tmp/${RPI_KEYRING_DEB}" diff --git a/scripts/build_steps_armhf/06-erapt_setup b/scripts/build_steps_armhf/06-erapt_setup index 9859c42..54f54fa 100755 --- a/scripts/build_steps_armhf/06-erapt_setup +++ b/scripts/build_steps_armhf/06-erapt_setup @@ -12,7 +12,7 @@ source /etc/os-release install -d /usr/share/keyrings rm -f /usr/share/keyrings/debian-archive-keys-latest.gpg -retry curl -4 -fSL --connect-timeout 5 --max-time 20 --retry 8 --retry-all-errors --retry-delay 1 https://ftp-master.debian.org/keys/archive-key-$VERSION_ID.asc -o /tmp/archive-key-$VERSION_ID.asc +curl -4 -fSL --connect-timeout 5 --max-time 20 --retry 5 --retry-all-errors --retry-delay 1 https://ftp-master.debian.org/keys/archive-key-$VERSION_ID.asc -o /tmp/archive-key-$VERSION_ID.asc cat /tmp/archive-key-$VERSION_ID.asc | gpg --dearmor -o /usr/share/keyrings/debian-archive-keys-latest.gpg # sanity check the keys received @@ -36,7 +36,7 @@ Components: main Signed-By: /usr/share/keyrings/er-keyring.pgp EOF -retry curl -4 -fSL --connect-timeout 5 --max-time 20 --retry 8 --retry-all-errors --retry-delay 1 http://aptrepo.effective-range.com/effectiverange.gpg.key -o /usr/share/keyrings/er-keyring.pgp +curl -4 -fSL --connect-timeout 5 --max-time 20 --retry 5 --retry-all-errors --retry-delay 1 http://aptrepo.effective-range.com/effectiverange.gpg.key -o /usr/share/keyrings/er-keyring.pgp # sanity check the keys received gpg --show-keys /usr/share/keyrings/er-keyring.pgp diff --git a/scripts/build_steps_cross/11-raspberrysetup b/scripts/build_steps_cross/11-raspberrysetup index 16b7472..05c0bf4 100755 --- a/scripts/build_steps_cross/11-raspberrysetup +++ b/scripts/build_steps_cross/11-raspberrysetup @@ -20,9 +20,9 @@ EOF # Fetch the latest raspberrypi-archive-keyring .deb and install it RPI_KEYRING_URL="https://archive.raspberrypi.com/debian/pool/main/r/raspberrypi-archive-keyring" -RPI_KEYRING_DEB=$(retry curl -4 -fSL --connect-timeout 5 --max-time 20 --retry 8 --retry-all-errors --retry-delay 1 "${RPI_KEYRING_URL}/" \ +RPI_KEYRING_DEB=$(curl -4 -fSL --connect-timeout 5 --max-time 20 --retry 5 --retry-all-errors --retry-delay 1 "${RPI_KEYRING_URL}/" \ | grep -oP 'raspberrypi-archive-keyring_[^"]+_all\.deb' | sort -V | tail -1) -retry curl -4 -fSL --connect-timeout 5 --max-time 20 --retry 8 --retry-all-errors --retry-delay 1 "${RPI_KEYRING_URL}/${RPI_KEYRING_DEB}" -o "/tmp/${RPI_KEYRING_DEB}" +curl -4 -fSL --connect-timeout 5 --max-time 20 --retry 5 --retry-all-errors --retry-delay 1 "${RPI_KEYRING_URL}/${RPI_KEYRING_DEB}" -o "/tmp/${RPI_KEYRING_DEB}" dpkg -i "/tmp/${RPI_KEYRING_DEB}" # sanity check the keys received diff --git a/test/build_complex_test/deps.json b/test/build_complex_test/deps.json index b03823d..a406f94 100644 --- a/test/build_complex_test/deps.json +++ b/test/build_complex_test/deps.json @@ -18,6 +18,11 @@ "libprotobuf32" ] }, + "trixie":{ + "deps":[ + "libprotobuf32t64" + ] + }, "build_deps": [ "libc6-dev", {