From daee776e848b490f6975694da7400dc5ecd55a9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <Joerg.Sachse@slub-dresden.de>
Date: Fri, 4 Sep 2020 14:12:00 +0200
Subject: [PATCH] feat: adaptions for compiling checkit_tif 0.6.0 and build
static binaries for RHEL 6
---
deploy_checkit_tiff/centos6/Dockerfile | 119 ++++++++++-------
.../centos6/Dockerfile_dynlink | 125 ++++++++++++++++++
deploy_checkit_tiff/centos7/Dockerfile | 29 ++--
3 files changed, 218 insertions(+), 55 deletions(-)
create mode 100644 deploy_checkit_tiff/centos6/Dockerfile_dynlink
diff --git a/deploy_checkit_tiff/centos6/Dockerfile b/deploy_checkit_tiff/centos6/Dockerfile
index d3d2bde..349f365 100644
--- a/deploy_checkit_tiff/centos6/Dockerfile
+++ b/deploy_checkit_tiff/centos6/Dockerfile
@@ -1,9 +1,19 @@
-FROM centos:6.10
+###############################################################################
+# Building checkit_tiff 0.6.0 as a dynamically linked binary on RHEL 6 is not
+# possible, because the cmake3 version even from EPEL is not sufficiently
+# recent to build it. This is why we build a statically linked binary of
+# checkit_tiff 0.6.0 on RHEL 7 that can then be run on RHEL 6.
+#
+# Use this Dockerfile as follows:
+# docker build --tag checkit-tiff --rm=true --file Dockerfile ./
+###############################################################################
+
+FROM centos:centos7.8.2003
MAINTAINER Andreas Romeyke <romeyke@slub-dresden.de>
# current could be 0.3.1 or 0.4.0, because 0.4.0 is bugfixed version of
# checkit_tiff with rules compatible to 0.3.1 based on Handreichung TIFF v1.2
# in checkit_tiff 0.4.1 the rules are adapted to Handreichung TIFF v1.3
-ENV checkit_tiff_current_version=v0.5.3
+ENV checkit_tiff_current_version=v0.6.0
ENV checkit_tiff_upcoming_version=v0.6.0
# ENV checkit_tiff_gitrepository=https://github.com/SLUB-digitalpreservation/checkit_tiff.git
ENV checkit_tiff_gitrepository=http://art1pirat.spdns.org/art1/checkit_tiff.git
@@ -21,32 +31,44 @@ ENV PATCH="\
add_definitions(-DVERSION=\"\${BUILD_BRANCH}\")\n\
add_definitions(-DREPO_REVISION=\"\${REPO_REVISION}\")\n"
+# THIS IS A BAD IDEA!!! ONLY SKIP CERTIFICATE VALIDATION IF THERE'S NO OTHER
+# ALTERNATIVE!!!
+ENV GIT_SSL_NO_VERIFY=true
+#RUN yum install -y ca-certificates wget git
+#RUN mkdir -p /usr/local/share/ca-certificates/cacert.org
+#RUN wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt
+#RUN update-ca-trust
+#RUN git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt
# based on https://hub.docker.com/r/rpmbuild/centos6/
-## next steps needed because deprecated certificates
-RUN yum clean all -y
-RUN yum check -y
-RUN yum update ca-certificates -y
-RUN yum upgrade -y
-
## install base environment
-RUN yum install -v -y libtool
-RUN yum install -v -y libtool-ltdl
-RUN yum install -v -y make cmake
-RUN yum install -v -y pkgconfig
-RUN yum install -v -y sudo
-RUN yum install -v -y automake autoconf
-RUN yum install -v -y wget
-RUN yum install -v -y yum-utils rpm-build
-RUN wget http://people.centos.org/tru/devtools-2/devtools-2.repo -O /etc/yum.repos.d/devtools-2.repo
+RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+RUN yum install -y \
+ git \
+ libtool libtool-ltdl \
+ glibc-static \
+ make cmake3 \
+ pkgconfig \
+ sudo \
+ automake autoconf \
+ wget \
+ yum-utils rpm-build && \
+ yum clean all
+#RUN wget http://people.centos.org/tru/devtools-2/devtools-2.repo -O /etc/yum.repos.d/devtools-2.repo
# git [devtools-2] (1.8.4) for "rev-list --count" feature, git [centos6] (1.7.1) too old
-RUN yum install -y devtoolset-2-git
-RUN ln -s /opt/rh/devtoolset-2/root/usr/bin/git /usr/bin/git
-RUN yum install -y devtoolset-2-gcc devtoolset-2-binutils
-RUN yum install -y devtoolset-2-gcc-c++ devtoolset-2-libstdc++-devel devtoolset-2-toolchain
-#RUN yum install -y devtoolset-2
-RUN scl enable devtoolset-2 bash
+#RUN yum install -y devtoolset-2-git
+#RUN ln -s /opt/rh/devtoolset-2/root/usr/bin/git /usr/bin/git
+
+# Doku: https://wiki.centos.org/AdditionalResources/Repositories/SCL#head-9c6aea9c13b921d5258446c4c5e5886571bdb741
+RUN yum --enablerepo=extras install -y centos-release-scl
+RUN yum install -y \
+ devtoolset-8-gcc \
+ devtoolset-8-binutils \
+ devtoolset-8-gcc-c++ \
+ devtoolset-8-libstdc++-devel \
+ devtoolset-8-toolchain
+RUN scl enable devtoolset-8 bash
## add user environment
RUN useradd builder -u 1000 -m -G users,wheel && \
@@ -61,8 +83,8 @@ RUN useradd builder -u 1000 -m -G users,wheel && \
mkdir /home/builder/rpm && \
chown -R builder /home/builder
USER builder
-RUN scl enable devtoolset-2 bash
-ENV FLAVOR=rpmbuild OS=centos DIST=el6 CC=/opt/rh/devtoolset-2/root/usr/bin/gcc CXX=/opt/rh/devtoolset-2/root/usr/bin/g++
+RUN scl enable devtoolset-8 bash
+ENV FLAVOR=rpmbuild OS=centos DIST=el7 CC=/opt/rh/devtoolset-8/root/usr/bin/gcc CXX=/opt/rh/devtoolset-8/root/usr/bin/g++
CMD /srv/pkg
WORKDIR /home/builder/
@@ -80,25 +102,27 @@ WORKDIR /home/builder/
# get checkit_tiff
RUN git clone ${checkit_tiff_gitrepository}
RUN rm -Rf /home/builder/checkit_tiff/build_*
-# compile checkit_tiff stable
-WORKDIR /home/builder/checkit_tiff
-RUN git checkout ${checkit_tiff_current_version}
-RUN git checkout -- src/CMakeLists.txt
-# add patches to workaround outdated git
-RUN cat src/CMakeLists.txt | \
-sed -e "s/execute_process( COMMAND git rev-parse --abbrev-ref HEADOUTPUT_VARIABLE BUILD_BRANCH OUTPUT_STRIP_TRAILING_WHITESPACE)//g" \
- -e "s/execute_process( COMMAND git rev-parse HEAD OUTPUT_VARIABLE BUILD_REV_ID OUTPUT_STRIP_TRAILING_WHITESPACE)//g" \
- -e "s/\(add_definitions(-DVERSION=\"\)\([^\"]*\)/\1${checkit_tiff_current_version}/" \
- -e "s/execute_process( COMMAND git describe --long --tags --dirty --always OUTPUT_VARIABLE BUILD_REV_ID_SHORT OUTPUT_STRIP_TRAILING_WHITESPACE)//g" > src/CMakeLists.txt.patched
-RUN mv src/CMakeLists.txt.patched src/CMakeLists.txt
-RUN cat -n src/CMakeLists.txt
-RUN mkdir build_stable
-WORKDIR /home/builder/checkit_tiff/build_stable
-RUN cmake -DCMAKE_INSTALL_PREFIX=/tmp/checkit_tiff_stable/ \
- -DBUILD_BRANCH=${checkit_tiff_current_version} \
- -DPCRE_LIBRARY=../../pcre-${pcre_version}/.libs/libpcre.a \
- -DPCRE_INCLUDE_DIR=../../pcre-${pcre_version}/ ../src
-RUN make && make install
+## compile checkit_tiff stable
+#WORKDIR /home/builder/checkit_tiff
+#RUN git checkout ${checkit_tiff_current_version}
+#RUN git checkout -- src/CMakeLists.txt
+## add patches to workaround outdated git
+#RUN cat src/CMakeLists.txt | \
+#sed -e "s/execute_process( COMMAND git rev-parse --abbrev-ref HEADOUTPUT_VARIABLE BUILD_BRANCH OUTPUT_STRIP_TRAILING_WHITESPACE)//g" \
+# -e "s/execute_process( COMMAND git rev-parse HEAD OUTPUT_VARIABLE BUILD_REV_ID OUTPUT_STRIP_TRAILING_WHITESPACE)//g" \
+# -e "s/\(add_definitions(-DVERSION=\"\)\([^\"]*\)/\1${checkit_tiff_current_version}/" \
+# -e "s/execute_process( COMMAND git describe --long --tags --dirty --always OUTPUT_VARIABLE BUILD_REV_ID_SHORT OUTPUT_STRIP_TRAILING_WHITESPACE)//g" > src/CMakeLists.txt.patched
+#RUN mv src/CMakeLists.txt.patched src/CMakeLists.txt
+#RUN cat -n src/CMakeLists.txt
+#RUN mkdir build_stable
+#WORKDIR /home/builder/checkit_tiff/build_stable
+#RUN cmake3 -DCMAKE_INSTALL_PREFIX=/tmp/checkit_tiff_stable/ \
+# -DBUILD_BRANCH=${checkit_tiff_current_version} \
+# -DPCRE_LIBRARY=../../pcre-${pcre_version}/.libs/libpcre.a \
+# -DSTATIC=1 -DCMAKE_C_FLAGS="-O3 -s -Wno-unused-function -fstack-check -fstack-protector-strong -Wformat -Werror=format-security" \
+# -DPCRE_INCLUDE_DIR=../../pcre-${pcre_version}/ ../src
+#RUN make && make install
+##RUN make && make package
# compile checkit_tiff development
WORKDIR /home/builder/checkit_tiff
@@ -115,14 +139,15 @@ RUN mv src/CMakeLists.txt.patched src/CMakeLists.txt
RUN cat -n src/CMakeLists.txt
RUN mkdir build_development
WORKDIR /home/builder/checkit_tiff/build_development
-RUN cmake -DCMAKE_INSTALL_PREFIX=/tmp/checkit_tiff_development/ \
+RUN cmake3 -DCMAKE_INSTALL_PREFIX=/tmp/checkit_tiff_development/ \
-DBUILD_BRANCH=${checkit_tiff_upcoming_version} \
-DPCRE_LIBRARY=../../pcre-${pcre_version}/.libs/libpcre.a \
+ -DSTATIC=1 -DCMAKE_C_FLAGS="-O3 -s -Wno-unused-function -fstack-check -fstack-protector-strong -Wformat -Werror=format-security" \
-DPCRE_INCLUDE_DIR=../../pcre-${pcre_version}/ ../src
RUN make && make install
+#RUN make && make package
# create tar-balls
WORKDIR /tmp/
-RUN tar cfz checkit_tiff_current.tgz checkit_tiff_stable/
+#RUN tar cfz checkit_tiff_current.tgz checkit_tiff_stable/
RUN tar cfz checkit_tiff_upcoming.tgz checkit_tiff_development/
-
diff --git a/deploy_checkit_tiff/centos6/Dockerfile_dynlink b/deploy_checkit_tiff/centos6/Dockerfile_dynlink
new file mode 100644
index 0000000..df2f535
--- /dev/null
+++ b/deploy_checkit_tiff/centos6/Dockerfile_dynlink
@@ -0,0 +1,125 @@
+###############################################################################
+# This Dockerfile is deprecated and will no longer be used when checkit_tiff
+# version 0.5.3 becomes outdated, because starting with version 0.6.0,
+# checkit_tiff can be compiled into a statically linked binary that can run on
+# RHEL 6 using newer RHEL versions.
+#
+# Building checkit_tiff 0.6.0 on RHEL 6 is not possible, because the cmake3
+# version even from EPEL is not sufficiently recent to build it.
+#
+# Use this Dockerfile as follows:
+# docker build --tag checkit-tiff --rm=true --file Dockerfile_dynlink ./
+###############################################################################
+
+FROM centos:6.10
+MAINTAINER Andreas Romeyke <romeyke@slub-dresden.de>
+# current could be 0.3.1 or 0.4.0, because 0.4.0 is bugfixed version of
+# checkit_tiff with rules compatible to 0.3.1 based on Handreichung TIFF v1.2
+# in checkit_tiff 0.4.1 the rules are adapted to Handreichung TIFF v1.3
+ENV checkit_tiff_current_version=v0.5.3
+# ENV checkit_tiff_gitrepository=https://github.com/SLUB-digitalpreservation/checkit_tiff.git
+ENV checkit_tiff_gitrepository=http://art1pirat.spdns.org/art1/checkit_tiff.git
+ENV pcre_version=8.41
+ENV PATCH="\
+--- a/src/CMakeLists.txt\n\
++++ b/src/CMakeLists.txt\n\
+@@ -28,9 +28,6 @@\n\
+ # Make a version file containing the current version from git.\n\
+ #\n\
+ execute_process( COMMAND git rev-list HEAD --count OUTPUT_VARIABLE REPO_REVISION OUTPUT_STRIP_TRAILING_WHITESPACE )\n\
+-execute_process( COMMAND git rev-parse --abbrev-ref HEAD OUTPUT_VARIABLE BUILD_BRANCH OUTPUT_STRIP_TRAILING_WHITESPACE)\n\
+-execute_process( COMMAND git rev-parse HEAD OUTPUT_VARIABLE BUILD_REV_ID OUTPUT_STRIP_TRAILING_WHITESPACE)\n\
+-execute_process( COMMAND git describe --long --tags --dirty --always OUTPUT_VARIABLE BUILD_REV_ID_SHORT OUTPUT_STRIP_TRAILING_WHITESPACE)\n\
+ add_definitions(-DVERSION=\"\${BUILD_BRANCH}\")\n\
+ add_definitions(-DREPO_REVISION=\"\${REPO_REVISION}\")\n"
+
+# THIS IS A BAD IDEA!!! ONLY SKIP CERTIFICATE VALIDATION IF THERE'S NO OTHER
+# ALTERNATIVE!!!
+ENV GIT_SSL_NO_VERIFY=true
+
+#RUN yum install -y ca-certificates wget git
+#RUN mkdir -p /usr/local/share/ca-certificates/cacert.org
+#RUN wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt
+#RUN update-ca-trust
+#RUN git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt
+
+# based on https://hub.docker.com/r/rpmbuild/centos6/
+## install base environment
+RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
+RUN yum install -v -y \
+ libtool \
+ libtool-ltdl \
+ make cmake3 \
+ pkgconfig \
+ sudo \
+ automake autoconf \
+ wget \
+ yum-utils rpm-build && \
+ yum clean all
+RUN wget http://people.centos.org/tru/devtools-2/devtools-2.repo -O /etc/yum.repos.d/devtools-2.repo
+# git [devtools-2] (1.8.4) for "rev-list --count" feature, git [centos6] (1.7.1) too old
+RUN yum install -y devtoolset-2-git
+RUN ln -s /opt/rh/devtoolset-2/root/usr/bin/git /usr/bin/git
+RUN yum install -y \
+ devtoolset-2-gcc \
+ devtoolset-2-binutils \
+ devtoolset-2-gcc-c++ \
+ devtoolset-2-libstdc++-devel \
+ devtoolset-2-toolchain
+RUN scl enable devtoolset-2 bash
+
+## add user environment
+RUN useradd builder -u 1000 -m -G users,wheel && \
+ echo "builder ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers && \
+ echo "# macros" > /home/builder/.rpmmacros && \
+ echo "%_topdir /home/builder/rpm" >> /home/builder/.rpmmacros && \
+ echo "%_sourcedir %{_topdir}" >> /home/builder/.rpmmacros && \
+ echo "%_builddir %{_topdir}" >> /home/builder/.rpmmacros && \
+ echo "%_specdir %{_topdir}" >> /home/builder/.rpmmacros && \
+ echo "%_rpmdir %{_topdir}" >> /home/builder/.rpmmacros && \
+ echo "%_srcrpmdir %{_topdir}" >> /home/builder/.rpmmacros && \
+ mkdir /home/builder/rpm && \
+ chown -R builder /home/builder
+USER builder
+RUN scl enable devtoolset-2 bash
+ENV FLAVOR=rpmbuild OS=centos DIST=el6 CC=/opt/rh/devtoolset-2/root/usr/bin/gcc CXX=/opt/rh/devtoolset-2/root/usr/bin/g++
+CMD /srv/pkg
+
+WORKDIR /home/builder/
+
+# get and compile libpcre (v8)
+RUN wget -np https://ftp.pcre.org/pub/pcre/pcre-${pcre_version}.tar.bz2
+RUN tar xfj pcre-${pcre_version}.tar.bz2
+WORKDIR /home/builder/pcre-${pcre_version}/
+RUN ./configure --disable-shared -enable-static && /usr/bin/make -j
+USER root
+RUN /usr/bin/make install
+USER builder
+WORKDIR /home/builder/
+
+# get checkit_tiff
+RUN git clone ${checkit_tiff_gitrepository}
+RUN rm -Rf /home/builder/checkit_tiff/build_*
+# compile checkit_tiff stable
+WORKDIR /home/builder/checkit_tiff
+RUN git checkout ${checkit_tiff_current_version}
+RUN git checkout -- src/CMakeLists.txt
+# add patches to workaround outdated git
+RUN cat src/CMakeLists.txt | \
+sed -e "s/execute_process( COMMAND git rev-parse --abbrev-ref HEADOUTPUT_VARIABLE BUILD_BRANCH OUTPUT_STRIP_TRAILING_WHITESPACE)//g" \
+ -e "s/execute_process( COMMAND git rev-parse HEAD OUTPUT_VARIABLE BUILD_REV_ID OUTPUT_STRIP_TRAILING_WHITESPACE)//g" \
+ -e "s/\(add_definitions(-DVERSION=\"\)\([^\"]*\)/\1${checkit_tiff_current_version}/" \
+ -e "s/execute_process( COMMAND git describe --long --tags --dirty --always OUTPUT_VARIABLE BUILD_REV_ID_SHORT OUTPUT_STRIP_TRAILING_WHITESPACE)//g" > src/CMakeLists.txt.patched
+RUN mv src/CMakeLists.txt.patched src/CMakeLists.txt
+RUN cat -n src/CMakeLists.txt
+RUN mkdir build_stable
+WORKDIR /home/builder/checkit_tiff/build_stable
+RUN cmake3 -DCMAKE_INSTALL_PREFIX=/tmp/checkit_tiff_stable/ \
+ -DBUILD_BRANCH=${checkit_tiff_current_version} \
+ -DPCRE_LIBRARY=../../pcre-${pcre_version}/.libs/libpcre.a \
+ -DPCRE_INCLUDE_DIR=../../pcre-${pcre_version}/ ../src
+RUN make && make install
+
+# create tar-balls
+WORKDIR /tmp/
+RUN tar cfz checkit_tiff_current.tgz checkit_tiff_stable/
diff --git a/deploy_checkit_tiff/centos7/Dockerfile b/deploy_checkit_tiff/centos7/Dockerfile
index 3672b23..b6f046f 100644
--- a/deploy_checkit_tiff/centos7/Dockerfile
+++ b/deploy_checkit_tiff/centos7/Dockerfile
@@ -1,5 +1,4 @@
-FROM centos:7.6.1810
-# FROM centos:6.9
+FROM centos:centos7.8.2003
MAINTAINER Andreas Romeyke <romeyke@slub-dresden.de>
# current could be 0.3.1 or 0.4.0, because 0.4.0 is bugfixed version of
# checkit_tiff with rules compatible to 0.3.1 based on Handreichung TIFF v1.2
@@ -22,14 +21,23 @@ ENV PATCH="\
add_definitions(-DVERSION=\"\${BUILD_BRANCH}\")\n\
add_definitions(-DREPO_REVISION=\"\${REPO_REVISION}\")\n"
+# THIS IS A BAD IDEA!!! ONLY SKIP CERTIFICATE VALIDATION IF THERE'S NO OTHER
+# ALTERNATIVE!!!
+ENV GIT_SSL_NO_VERIFY=true
+#RUN yum install -y ca-certificates wget git
+#RUN mkdir -p /usr/local/share/ca-certificates/cacert.org
+#RUN wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt
+#RUN update-ca-trust
+#RUN git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt
# based on https://hub.docker.com/r/rpmbuild/centos6/
## install base environment
+RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
RUN yum install -y \
git \
libtool libtool-ltdl \
- make cmake \
+ make cmake3 \
pkgconfig \
sudo \
automake autoconf \
@@ -43,9 +51,12 @@ RUN yum install -y \
# Doku: https://wiki.centos.org/AdditionalResources/Repositories/SCL#head-9c6aea9c13b921d5258446c4c5e5886571bdb741
RUN yum --enablerepo=extras install -y centos-release-scl
-RUN yum install -y devtoolset-8-gcc devtoolset-8-binutils
-RUN yum install -y devtoolset-8-gcc-c++ devtoolset-8-libstdc++-devel devtoolset-8-toolchain
-#RUN yum install -y devtoolset-2
+RUN yum install -y \
+ devtoolset-8-gcc \
+ devtoolset-8-binutils \
+ devtoolset-8-gcc-c++ \
+ devtoolset-8-libstdc++-devel \
+ devtoolset-8-toolchain
RUN scl enable devtoolset-8 bash
## add user environment
@@ -94,11 +105,12 @@ RUN mv src/CMakeLists.txt.patched src/CMakeLists.txt
RUN cat -n src/CMakeLists.txt
RUN mkdir build_stable
WORKDIR /home/builder/checkit_tiff/build_stable
-RUN cmake -DCMAKE_INSTALL_PREFIX=/tmp/checkit_tiff_stable/ \
+RUN cmake3 -DCMAKE_INSTALL_PREFIX=/tmp/checkit_tiff_stable/ \
-DBUILD_BRANCH=${checkit_tiff_current_version} \
-DPCRE_LIBRARY=../../pcre-${pcre_version}/.libs/libpcre.a \
-DPCRE_INCLUDE_DIR=../../pcre-${pcre_version}/ ../src
RUN make && make install
+#RUN make && make package
# compile checkit_tiff development
WORKDIR /home/builder/checkit_tiff
@@ -115,11 +127,12 @@ RUN mv src/CMakeLists.txt.patched src/CMakeLists.txt
RUN cat -n src/CMakeLists.txt
RUN mkdir build_development
WORKDIR /home/builder/checkit_tiff/build_development
-RUN cmake -DCMAKE_INSTALL_PREFIX=/tmp/checkit_tiff_development/ \
+RUN cmake3 -DCMAKE_INSTALL_PREFIX=/tmp/checkit_tiff_development/ \
-DBUILD_BRANCH=${checkit_tiff_upcoming_version} \
-DPCRE_LIBRARY=../../pcre-${pcre_version}/.libs/libpcre.a \
-DPCRE_INCLUDE_DIR=../../pcre-${pcre_version}/ ../src
RUN make && make install
+#RUN make && make package
# create tar-balls
WORKDIR /tmp/
--
GitLab