phusion / passenger_autobuilder

Phusion Passenger binary building automation infrastructure. Superceded by https://github.com/phusion/passenger_binary_build_automation
MIT License
17 stars 5 forks source link

Passenger Binary Builder Automation System

This project is now obsolete. It has been superseded by https://github.com/phusion/passenger_binary_build_automation

This repository contains scripts for automating the building of Linux and OS X binaries for Phusion Passenger. The goal is for us (Phusion) to setup an automated build infrastructure so that every Phusion Passenger release comes with binaries that work for most users. These binaries are built immediately after we push a tag a Github, to minimize the release delay between source code and binaries. Once this infrastructure is in place, most users should never have to compile by themselves again, saving precious time and resources. If you are security minded, then you may want to run this infrastructure on your internal network instead of using our binaries.

The built binaries are signed with GPG and are stored on https://oss-binaries.phusionpassenger.com/. The key used for signing is "auto-software-signing@phusion.nl", key ID 561F9B9CAC40B2F7, fingerprint 1637 8A33 A6EF 1676 2922 526E 561F 9B9C AC40 B2F7.

Linux

On Linux, passenger_autobuilder provides a build environment that is built with pbuilder. The build environment is based on Ubuntu 10.04 and is custom-built to be able to generate Linux binaries that can run on a wide range of Linux distributions. Why Ubuntu 10.04? Read this comment.

Because building binaries involves running build systems that may execute arbitrary code, passenger_autobuilder utilizes multiple user accounts, plus the use of sudo, to protect against build systems wrecking havoc on the system. See the "Local security" section for more information.

passenger_autobuilder must be run on a 64-bit Ubuntu system. It builds x86 and x86-64 binaries. All dependencies besides glibc are statically linked into the produced binaries. The latest glibc symbol version that the produced binaries utilize is GLIBC_2.11, which should make the binaries compatible with all Linux distributions starting from 2009. This includes Ubuntu >= 10.04, Debian >= 6 and Red Hat >= 6.

passenger_autobuilder generates binaries for:

The Nginx version that will be compiled is the version preferred by the Phusion Passenger codebase. It includes the following modules:

The Nginx binary is built with prefix /tmp which will make it store log files, proxy_module buffer files, etc in /tmp by default. Such a prefix has the useful property of working on almost any system, but this prefix should not be used in production because of potential security issues. To solve this, you must there run the Nginx binary with the -p option to force it to use a different prefix (e.g. -p /opt/local/nginx).

passenger_autobuilder can optionally be configured to sign the built binaries using GPG, either by running GPG locally or by forwarding the data through SSH to a remote host for signing. The latter approach provides additional security: in case the build host is compromised, the signing key is not.

Setting up a development environment

We provide a Vagrantfile so that you can easily set up a development VM for developing passenger_autobuilder.

  1. Install Vagrant and VirtualBox.
  2. Run: vagrant up
  3. Run: vagrant ssh
  4. Inside the SSH session, run: sudo /vagrant/setup-images

Setting up the production environment

You need:

Run the following commands on your production server to install passenger_autobuilder:

sudo mkdir /srv/passenger_autobuilder
sudo git clone https://github.com/phusion/passenger_autobuilder.git /srv/passenger_autobuilder/appv5
cd /srv/passenger_autobuilder/appv5
sudo ./setup-system
sudo ./setup-images
sudo -u psg_autobuilder_run -H s3cmd --configure
sudo -u psg_autobuilder_chroot -H s3cmd --configure

Building binaries

To build binaries for the latest git commit, run the following as psg_autobuilder_run. It will call sudo automatically (because it needs to invoke pbuilder).

./autobuild-with-pbuilder <GIT_URL> <NAME>

Build output will be stored in /srv/passenger_autobuilder/output/<NAME>. For example, you can run:

./autobuild-with-pbuilder https://github.com/phusion/passenger.git passenger

To build binaries for a tag (a release), add the --tag=... option, like this:

./autobuild-with-pbuilder https://github.com/phusion/passenger.git passenger --tag=release-4.0.6

Updating passenger_autobuilder itself

Run the following inside the development VM or the production server:

cd /srv/passenger_autobuilder/appv5
sudo -u psg_autobuilder git pull
sudo ./setup-system

Sometimes the images have changed drastically, and need to be rebuilt. In that case, also run:

sudo rm -rf /srv/passenger_autobuilder/images
sudo ./setup-system
sudo ./setup-images

Jenkins integration

setup-system automatically sets up a sudo configuration file that allows Jenkins to run autobuild-with-pbuilder as psg_autobuild_run. Create a Jenkins project that executes the following:

sudo -u psg_autobuilder_run -H /srv/passenger_autobuilder/appv5/autobuild-with-pbuilder <GIT_URL> <NAME>

For example:

sudo -u psg_autobuilder_run -H /srv/passenger_autobuilder/appv5/autobuild-with-pbuilder https://github.com/phusion/passenger.git passenger

Local security

passenger_autobuilder uses multiple user accounts to ensure security. The following users exist, and their roles are as follows:

The most dangerous part of the setup is probably the part where ./autobuilder-with-pbuilder calls sudo. By ensuring that psg_autobuilder_run and psg_autobuilder_chroot only have read-only access to the passenger autobuilder source files, and by locking down the sudo policy, we prevent the system from being able to gain arbitrary root privileges.

The PGP signing key can be secured by means of a signing server. See config.example/signing for more information.

OS X

On OS X, passenger autobuilder provides a build environment for generating binaries compatible with OS X 10.7 (Lion) and beyond. Only x86_64 binaries are supported. Unlike the Linux version, the OS X version does not use multiple user accounts. OS X does not have convenient facilities to run things under multiple user accounts like other Unices do. Technically OS X can do this but its tooling is very very sucky, so we don't bother. The OS X version is designed to be run from an OS X desktop or laptop, since the availability of cheap OS X servers is problematic, to say the least.

passenger_autobuilder generates binaries for:

The Nginx version that will be compiled is the version preferred by the Phusion Passenger codebase. It includes the following modules:

The Nginx binary is built with prefix /tmp which will make it store log files, proxy_module buffer files, etc in /tmp by default. Such a prefix has the useful property of working on almost any system, but this prefix should not be used in production because of potential security issues. To solve this, you must there run the Nginx binary with the -p option to force it to use a different prefix (e.g. -p /opt/local/nginx).

Requirements

Getting started

Run the following command to create the build environment:

./setup-libraries-osx

Building binaries

Running the following command will generate binaries for the latest commit, sign them with auto-software-sigining@phusion.nl and upload them to a remote server. The remote server is assumed to have passenger_autobuilder installed.

./autobuild-osx https://github.com/phusion/passenger.git passenger psg_autobuilder_chroot@yourserver.com

Maintenance

Over time, there will be a lot of by_commit subdirectories that don't have a reference from by_date or by_release. You can clean them up with the cleanup_commits script.

Linux (run as psg_autobuilder_run):

./cleanup_commits /srv/passenger_autobuilder/output/passenger

OS X:

./cleanup_commits osx_buildout/output/passenger

Related projects