...
Solaris is a nightmare (and no longer even supported). Rather than reproducing all the details, see NativeSPSolarisSourceBuild.
Windows
See WindowsBuild for the details.
The expected layout of a Windows build is to place all the dependencies in a common directory, and then checkout or unpack the Shibboleth sources together in a common directory. To build the various Apache modules, installations of Apache should be unpacked to the root of the drive. The newer versions can be obtained from http://www.apachelounge.com/
...
The basic summary follows, and then each step is elaborated.
Generate source distributions for use by the later steps.
...
Test Mac, and macport builds.
Do the Windows build and installers.
Generate prerelease "final" RPM packages.
Upload final source distributions and Windows installers to public site.
Generate official RPM packages.
Update the macports.
Source Prep
The first step is to prepare candidate source releases. The Mac is recommended for this purpose as discussed earlier, because it seems to produce the best autoconf results for the most platforms.
Ensure all the dependencies are available.
Pull the candidate sources from Git.
In sequence, bootstrap each project with
autoreconf
, then run the configure, make, make install sequence.After fixing any build issues, prepare each of the distributions with make dist
...
macOS Smoke Test
Other than the now unsupported Solaris, the next most likely source of regressions will be macOS, so a build there is the next step. After a build from the console, it's a good idea to actually do a macport test because they use the more strict clang compiler now. Local port testing is fairly obnoxious but a straightforward way is as follows:
...
Place the source distributions on an accessible web site.
...
Move to /opt/local/var/macports/sources/rsync.macports.org/release/ports
...
Modify the installed Portfiles beneath these folders. Make sure to update versions and the checksums.
...
.
...
Test port upgrade or installs of the candidate portfiles.
Windows Build
The Windows build tends to be in better shape if its the primary development platform, but for other developers this may not be the case. It may be advantageous to move the Windows build earlier to catch regressions there, because any fixes end up risking regressions to the rest of the builds, so the goal once this step is reached is for the chance of regressions to be low.
...
Linux / RPM Builds
The RPM packages are maintained in the OpenSUSE build service. Prerelease packages can be built and tested in the home:Scott_Cantor project. The official packages are done in the security:shibboleth project.
Once the packages are published in the production project, they're basically official and public, so this is the last step and should only be done once the packages are built and tested in the prerelease project and the sources have been frozen and uploaded as official releases.
Each dependency and the three SP packages are loaded into packages in the build service project. Each separate version of a package is loaded into its own new package named with the version number. For example, xml-security-c 1.7.0 is built in a package called xml-security-c-1.7.0 (duh). This allows multiple versions to co-exist in the repositories so that newer releases won't blow away the older packages (so history is maintained and older versions can be manually installed).
Each package contains two files, the tarball containing the source distribution and the RPM specfile for the package. If there are any source patches required by the specfile (this is rare), they're also added. While the web interface can be used to create packages and such, once they're created the osc
command line tool can be used to add and commit/update source files in the various packages. It can be obtained via macports or on a SUSE Linux machine.
For the builds to be successful, special project configuration settings are required. These are set from the command line or in the "Advanced|Project Config" option tab:
Code Block |
---|
osc meta prjconf -e |
The purpose of these settings is to append a distribution-specific tag (e.g. "el5") to the package names in the Red Hat platforms, and to turn off a package substitution rule on Red Hat and CentOS that prevents us from using our updated xerces-c-3.1.1 package instead of the one that comes with Red Hat. It also fixes dependency issues with Apache on 8.
Other special build notes:
Red Hat and CentOS platforms need to have the "Debuginfo Flag" setting turned off under "Repositories". If not, the builds will fail. I don't know why.
Apart from all that, the builds should be incident-free by the time a release is being done, but there are usually glitches and issues to work out prior to the release being close to done. The specfiles do not come from the actual source distribution, so what usually happens is that once the sources are frozen, a change or two might be made to the specfiles within the build service to get the packages done. Those get checked back in eventually, but may not make it into the actual release being done at the time unless the sources need to be regenerated for some other reason anyway. (As noted earlier, usually this can't be done while the production packages are being generated.)
Note that any time a dependency gets rebuilt, anything above it in the chain will be rebuilt, so usually its best to make sure all packages are disabled and then re-enable them one by one to get a successful build done before moving on to the next packagenow built using a Docker-based process that is driven by a standard makefile in the cpp-linbuild project. It produces packages native to the host’s architecture and we have servers created in EC2 for both x86_64 and aarch64. The packages can be copied via EFS to the staging folders used by the project server to mirror them out.
Release Publication
The initial set of release artifacts (and the appropriate release location) consists of:
...