diff --git a/docker/create_opam_repo.sh b/docker/create_opam_repo.sh new file mode 100755 index 000000000..6f9db68c9 --- /dev/null +++ b/docker/create_opam_repo.sh @@ -0,0 +1,76 @@ +#!/usr/bin/env bash +# SPDX-FileCopyrightText: 2024 Oxhead Alpha +# SPDX-License-Identifier: LicenseRef-MIT-OA + +set -eu + +# will be set by version.sh +opam_repository_tag='' +ocaml_version='' +. tezos/scripts/version.sh + +echo "Shallow clone of opam repository (requires git protocol version 2)" +mkdir opam-repository +cd opam-repository +git init +git config --local protocol.version 2 +git remote add origin https://github.com/ocaml/opam-repository +git fetch --depth 1 origin "$opam_repository_tag" +git checkout "$opam_repository_tag" +# No need to store the whole Git history in the Docker images. +rm -rf .git .github .gitignore .gitattributes +cd .. + +# copying virtual opam file which depends on everything octez need +mkdir -p opam-repository/packages/octez-deps/octez-deps.dev +cp tezos/opam/virtual/octez-deps.opam.locked opam-repository/packages/octez-deps/octez-deps.dev/opam + +# This package adds some constraints to the solution found by the opam solver. +dummy_pkg=octez-dummy +dummy_opam_dir="opam-repository/packages/${dummy_pkg}/${dummy_pkg}.dev" +dummy_opam="${dummy_opam_dir}/opam" +mkdir -p "${dummy_opam_dir}" +echo 'opam-version: "2.0"' > "$dummy_opam" +echo "depends: [ \"ocaml\" { = \"$ocaml_version\" } ]" >> "$dummy_opam" +echo 'conflicts:[' >> "$dummy_opam" +grep -r "^flags: *\[ *avoid-version *\]" -l opam-repository/packages | + LC_COLLATE=C sort -u | + while read -r f; do + f=$(dirname "$f") + f=$(basename "$f") + p=$(echo "$f" | cut -d '.' -f '1') + v=$(echo "$f" | cut -d '.' -f '2-') + echo "\"$p\" {= \"$v\"}" >> $dummy_opam + done +# FIXME: https://gitlab.com/tezos/tezos/-/issues/5832 +# opam unintentionally picks up a windows dependency. We add a +# conflict here to work around it. +echo '"ocamlbuild" {= "0.14.2+win" }' >> $dummy_opam +echo ']' >> "$dummy_opam" + +# opam solver requires arch variable to be set, otherwise it fails to resolve anything +# but vendored opam deps have to be same for both architectures +# so we filter them separately and then merge with rsync +cp -r opam-repository x86_64 +mv opam-repository arm64 + +filter() { + pushd "$1" + OPAMSOLVERTIMEOUT=600 opam admin filter --yes --resolve \ + "octez-deps,ocaml,ocaml-base-compiler,odoc<2.3.0,ledgerwallet-tezos,caqti-driver-postgresql,$dummy_pkg" \ + --environment "os=linux,arch=$1,os-family=debian" + rm -rf packages/"$dummy_pkg" packages/octez-deps + popd +} + +filter x86_64 +filter arm64 + +rsync -av x86_64/ arm64/ +rm -rf x86_64 +mv arm64 opam-repository + +cd opam-repository +opam admin add-hashes sha256 sha512 +opam admin cache +cd .. diff --git a/docker/fetch_tezos_sources.py b/docker/fetch_tezos_sources.py index da703987e..0886e2013 100755 --- a/docker/fetch_tezos_sources.py +++ b/docker/fetch_tezos_sources.py @@ -25,27 +25,3 @@ ) # NOTE: it's important to keep the `tezos/.git` directory here, because the # git tag is used to set the version in the Octez binaries. - -subprocess.run( - [ - "git", - "clone", - "https://github.com/ocaml/opam-repository.git", - "opam-repository", - ] -) - -opam_repository_tag = ( - subprocess.run( - ". ./tezos/scripts/version.sh; echo $opam_repository_tag", - stdout=subprocess.PIPE, - shell=True, - ) - .stdout.decode() - .strip() -) - -os.chdir("opam-repository") -subprocess.run(["git", "checkout", opam_repository_tag]) -subprocess.run(["rm", "-rf", ".git"]) -subprocess.run(["opam", "admin", "cache"]) diff --git a/docker/package/Dockerfile-fedora b/docker/package/Dockerfile-fedora index cd5ebc5a1..8b07ac59e 100644 --- a/docker/package/Dockerfile-fedora +++ b/docker/package/Dockerfile-fedora @@ -22,6 +22,9 @@ ARG OCTEZ_VERSION COPY docker/fetch_tezos_sources.py . RUN python3 fetch_tezos_sources.py +COPY docker/create_opam_repo.sh . +RUN ./create_opam_repo.sh + WORKDIR /tezos-packaging/docker COPY meta.json /tezos-packaging/meta.json COPY protocols.json /tezos-packaging/protocols.json diff --git a/docker/package/Dockerfile-ubuntu b/docker/package/Dockerfile-ubuntu index b1565aadb..c7510ba3d 100644 --- a/docker/package/Dockerfile-ubuntu +++ b/docker/package/Dockerfile-ubuntu @@ -5,6 +5,7 @@ ARG dist FROM ubuntu:${dist} ENV DEBIAN_FRONTEND="noninteractive" + RUN apt update RUN apt install -y libev-dev libgmp-dev libhidapi-dev libffi-dev \ zlib1g-dev libpq-dev m4 perl pkg-config \ @@ -18,7 +19,7 @@ RUN if [ "$dist" = "focal" ]; then apt-get install -y dh-systemd; fi RUN install -m 0755 /usr/bin/python3 /usr/bin/builder -RUN apt-get -y install opam +RUN apt-get -y install opam cargo cargo-1.78 ENV USER dockerbuilder RUN useradd dockerbuilder @@ -30,12 +31,13 @@ WORKDIR /tezos-packaging/docker/sources COPY docker/fetch_tezos_sources.py . RUN python3 fetch_tezos_sources.py -RUN apt-get -y install cargo cargo-1.78 - COPY docker/vendor-rust-deps.py . RUN python3 vendor-rust-deps.py +COPY docker/create_opam_repo.sh . +RUN ./create_opam_repo.sh + WORKDIR /tezos-packaging/docker COPY meta.json /tezos-packaging/meta.json COPY protocols.json /tezos-packaging/protocols.json diff --git a/docker/package/scripts/build-binary.sh b/docker/package/scripts/build-binary.sh index 08103f6d9..6984ed4fe 100755 --- a/docker/package/scripts/build-binary.sh +++ b/docker/package/scripts/build-binary.sh @@ -11,7 +11,7 @@ export OPAMROOT=$PWD/opamroot dune_filepath="$1" binary_name="$2" -opam init tezos ./opam-repository --bare --disable-sandboxing +opam init local ./opam-repository --bare --disable-sandboxing cd tezos @@ -19,14 +19,14 @@ ocaml_version='' source scripts/version.sh -opam switch create . --repositories=tezos "ocaml-base-compiler.$ocaml_version" --no-install +opam switch create . --repositories=local "ocaml-base-compiler.$ocaml_version" --no-install export OPAMSWITCH="$PWD" opam repository remove default > /dev/null 2>&1 eval "$(opam env)" -OPAMASSUMEDEPEXTS=true opam install conf-rust conf-rust-2021 +OPAMASSUMEDEPEXTS=true opam install conf-rust export CFLAGS="-fPIC ${CFLAGS:-}" OPAMASSUMEDEPEXTS=true opam install opam/virtual/octez-deps.opam.locked --deps-only --criteria="-notuptodate,-changed,-removed"