logo_kerberos.gif

Difference between revisions of "Solaris Build Environment"

From K5Wiki
Jump to: navigation, search
(Install required OpenCSW packages)
Line 52: Line 52:
 
cd /usr/local/src/dejagnu-''version''
 
cd /usr/local/src/dejagnu-''version''
 
./configure && gmake install
 
./configure && gmake install
  +
  +
==Set up buildbot==
  +
  +
This section is under development.
  +
  +
Create and switch to the buildbot account:
  +
  +
useradd -d /var/lib/buildbot -u 101 -s /bin/false -m buildbot
  +
Edit /etc/passwd and make the shell field empty
  +
su - buildbot
  +
bash
  +
  +
Set up ssh for the ssh tunnel to krbdev.mit.edu:
  +
  +
mkdir .ssh
  +
ssh-keygen -q -N '' -f .ssh/id_rsa -t rsa
  +
cat .ssh/id_rsa.pub
  +
In a separate shell, log into krbdev.mit.edu, "su -s /bin/bash - buildbot" and add the contents of id_rsa.pub to .ssh/authorized_keys
  +
Edit .ssh/known_hosts (new file) and add:
  +
krbdev.mit.edu,18.9.62.43 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmV2SWbD5nZah7F0nhzEpBtmdiNa38TTDx58i/HhENlT3yV4xpwyHcqBSObUR+wQlW+LfBRgyGeXEZAoiEMG4kQk93P+JKEsK5G/X9QF2LICsoMSZKW31S1K4axqtlhesFnnlXzZZkWQhYhG3He8DXBBw+2AMWR6jfTnM634fGpl5Vo76r7QuxL09RpnSEZyihR/6n8IG8EaAyX4Rbj23pkLlj6DjfWoYd1CmjN+JKiZ9q/yXHQMW+/yMo+JhmAPwgBVjQkc/pDfVFffavWzRPJ39ZUbRRNBSHU0lweXLcCIq6K4P+Mvt/WKwsFNxASNOOmkbWVDfNflT8L1maFCr7w==
   
 
==Create user accounts==
 
==Create user accounts==
   
By default, /home on Solaris is controlled by the automounter. To avoid needing to change the automounter configuration, we create user accounts with home directories in /export/home:
+
By default, /home on Solaris is controlled by the automounter. To avoid needing to change the automounter configuration, we create user accounts with home directories in /export/home. For example:
   
useradd -d /export/home/ghudson -s /bin/bash -m ghudson
+
useradd -u 3622 -d /export/home/ghudson -s /bin/bash -m ghudson
   
Creating an account allows the Kerberos principal of the same name in the ATHENA.MIT.EDU realm to log in on that account.
+
Creating an account allows the Kerberos principal of the same name in the ATHENA.MIT.EDU realm to log in on that account. Matching the local UID to the Moira UID may be unnecessary as long as we do not make use of remote filesystems on this machine.
   
 
To set a reasonable path for development work, the user can edit .profile to add:
 
To set a reasonable path for development work, the user can edit .profile to add:

Revision as of 13:59, 28 November 2016

This page contains notes on the setup of a Solaris buildbot worker for MIT krb5.

Our current Solaris build hardware is a Sun Fire V240 running Solaris 10 U10.

Solaris 10 includes a variety of free software tools in /usr/sfw, but not the full set of dependencies needed to checkout, build, and test the krb5 tree. We have chosen to use OpenCSW to add most of the dependencies, and local builds in /usr/local for the remaining few.

Set up a useful shell

A root login by default uses a very minimal shell (/bin/sh) with a very minimal path (/usr/sbin:/usr/bin). For any operations performed as root, we begin by starting a functional shell as follows:

   bash
   export PATH=/opt/csw/bin:/usr/sbin:/usr/bin:/usr/sfw/bin:/usr/ccs/bin
   export MANPATH=/opt/csw/share/man:/usr/share/man:/usr/sfw/share/man

For now, we are not modifying /etc/passwd or root's dotfiles to make this happen automatically.

Set up OpenCSW

Installing the pkgutil command (it will be placed in /opt/csw/bin) and update its catalog as follows:

   pkgadd -d http://get.opencsw.org/now
   pkgutil -U

"pkgutil -l" lists installed packages. "pkgutil -a string" looks up string in the catalog. "pkgutil -i packagename" installs a package; the -y flag can be used to skip prompts. "pkgutil -U" followed by "pkgutil -yu" updates all installed packages.

Install required OpenCSW packages

   pkgutil -y -i git
   pkgutil -y -i libssl_dev
   mkdir /opt/csw/sbin/sparcv9  # to work around an apparent bug in openldap package
   pkgutil -y -i openldap
   pkgutil -y -i openldap_back_bdb
   pkgutil -y -i openldap_client
   pkgutil -y -i openldap_dev
   pkgutil -y -i autoconf
   pkgutil -y -i expect
   pkgutil -y -i bison
   pkgutil -y -i buildbot_slave
   pkgutil -y -i emacs
   pkgutil -y -i gdb

We have decided not to support the Solaris 10 native LDAP library and tools (Solaris 11 ships with OpenLDAP and Solaris 12 will make it the default), so we install OpenLDAP from OpenCSW. OpenSSL 0.9 is present in /usr/sfw/lib, but we need 1.0 or later for PKINIT so we install the OpenCSW version. The bison in /usr/sfw/bin is also too old for our x-deltat.y file. emacs and gdb are not needed to build krb5, but are handy to have around for manual testing and debugging work.

buildbot 0.9 changes its terminology to refer to "workers" rather than "slaves". At the time of this writing, OpenCSW only includes buildbot 0.8.4; when it switches to buildbot 0.9, the package we need will likely change to buildbot_worker.

Local builds of remaining dependencies

dejagnu is not present in OpenCSW, so we need to build it ourselves:

   mkdir /usr/local /usr/local/src
   From https://ftp.gnu.org/gnu/dejagnu/ fetch the latest dejagnu; untar it in /usr/local/src
   cd /usr/local/src/dejagnu-version
   ./configure && gmake install

Set up buildbot

This section is under development.

Create and switch to the buildbot account:

   useradd -d /var/lib/buildbot -u 101 -s /bin/false -m buildbot
   Edit /etc/passwd and make the shell field empty
   su - buildbot
   bash

Set up ssh for the ssh tunnel to krbdev.mit.edu:

   mkdir .ssh
   ssh-keygen -q -N  -f .ssh/id_rsa -t rsa
   cat .ssh/id_rsa.pub
   In a separate shell, log into krbdev.mit.edu, "su -s /bin/bash - buildbot" and add the contents of id_rsa.pub to .ssh/authorized_keys
   Edit .ssh/known_hosts (new file) and add:
     krbdev.mit.edu,18.9.62.43 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmV2SWbD5nZah7F0nhzEpBtmdiNa38TTDx58i/HhENlT3yV4xpwyHcqBSObUR+wQlW+LfBRgyGeXEZAoiEMG4kQk93P+JKEsK5G/X9QF2LICsoMSZKW31S1K4axqtlhesFnnlXzZZkWQhYhG3He8DXBBw+2AMWR6jfTnM634fGpl5Vo76r7QuxL09RpnSEZyihR/6n8IG8EaAyX4Rbj23pkLlj6DjfWoYd1CmjN+JKiZ9q/yXHQMW+/yMo+JhmAPwgBVjQkc/pDfVFffavWzRPJ39ZUbRRNBSHU0lweXLcCIq6K4P+Mvt/WKwsFNxASNOOmkbWVDfNflT8L1maFCr7w==

Create user accounts

By default, /home on Solaris is controlled by the automounter. To avoid needing to change the automounter configuration, we create user accounts with home directories in /export/home. For example:

   useradd -u 3622 -d /export/home/ghudson -s /bin/bash -m ghudson

Creating an account allows the Kerberos principal of the same name in the ATHENA.MIT.EDU realm to log in on that account. Matching the local UID to the Moira UID may be unnecessary as long as we do not make use of remote filesystems on this machine.

To set a reasonable path for development work, the user can edit .profile to add:

   PATH=/usr/local/bin:/opt/csw/bin:/usr/bin:/usr/sfw/bin:/usr/ccs/bin
   MANPATH=/usr/local/share/man:/opt/csw/share/man:/usr/share/man:/usr/sfw/share/man
   export PATH MANPATH

The following shell function, or a variant of it, may be useful for configuring a build with the correct paths. This variant is designed to work in a separate build directory placed next to the src directory within a checkout.

   k5configure() { ../src/configure --enable-maintainer-mode --prefix=$HOME/inst --with-ldap CFLAGS=-g CPPFLAGS="-I/opt/csw/include" LDFLAGS="-L/opt/csw/lib -R/opt/csw/lib" "$@"; }

To do

  • t_kdb.py does not know how to find the OpenCSW slapd. Making a copy of /opt/csw/libexec/slapd won't work, because it is a script which chooses an executable based on the architecture and the path to the script.
  • The system needs to be set up as a buildbot worker.
  • We should install the SunPro compiler and do automated builds with that compiler as well as gcc.