Generate and test RPM package for Fedora

2025-12-05 20:40:02 -08:00 · 2024-12-14 14:46:00 +01:00
parent 7ac0883970
commit eadf70ee38
5 changed files with 133 additions and 45 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -93,6 +93,9 @@
          packages.package-deb = pkgs.callPackage ./pkgs/package-deb.nix {
            rosenpass = pkgs.pkgsStatic.rosenpass;
          };
+          packages.package-rpm = pkgs.callPackage ./pkgs/package-rpm.nix {
+            rosenpass = pkgs.pkgsStatic.rosenpass;
+          };

          #
          ### Reading materials ###
@@ -163,9 +166,10 @@
              { nativeBuildInputs = [ pkgs.nodePackages.prettier ]; } ''
              cd ${./.} && prettier --check . && touch $out
            '';
-          } // pkgs.lib.optionalAttrs (system == "x86_64-linux") (import ./tests/packaging/deb.nix {
+          } // pkgs.lib.optionalAttrs (system == "x86_64-linux") (import ./tests/legacy-distro-packaging.nix {
            inherit pkgs;
            rosenpass-deb = self.packages.${system}.package-deb;
+            rosenpass-rpm = self.packages.${system}.package-rpm;
          });

          formatter = pkgs.nixpkgs-fmt;
--- a/pkgs/package-rpm.nix
+++ b/pkgs/package-rpm.nix
@@ -0,0 +1,57 @@
+{ lib, system, runCommand, rosenpass, rpm }:
+
+let
+  splitVersion = lib.strings.splitString "-" rosenpass.version;
+  version = builtins.head splitVersion;
+  release =
+    if builtins.length splitVersion != 2
+    then "release"
+    else builtins.elemAt splitVersion 1;
+  arch = builtins.head (builtins.split "-" system);
+in
+
+runCommand "rosenpass-${version}.deb" { } ''
+  mkdir -p rpmbuild/SPECS
+
+  cat << EOF > rpmbuild/SPECS/rosenpass.spec
+  Name:           rosenpass
+  Release:        ${release}
+  Version:        ${version}
+  Summary:        Post-quantum-secure VPN key exchange
+  License:        Apache-2.0
+
+  %description
+  Post-quantum-secure VPN tool Rosenpass
+  Rosenpass is a post-quantum-secure VPN
+  that uses WireGuard to transport the actual data.
+
+  %files
+  /usr/bin/rosenpass
+  /usr/bin/rp
+  /etc/systemd/system/rosenpass.target
+  /etc/systemd/system/rosenpass@.service
+  /etc/systemd/system/rp@.service
+  /etc/rosenpass/example.toml
+  EOF
+
+  buildroot=rpmbuild/BUILDROOT/rosenpass-${version}-${release}.${arch}
+  mkdir -p $buildroot/usr/bin
+  install -m755 -t $buildroot/usr/bin ${rosenpass}/bin/*
+
+  mkdir -p $buildroot/etc/rosenpass
+  cp -r ${rosenpass}/lib/systemd $buildroot/etc/
+  chmod -R 744 $buildroot/etc/systemd
+  cp ${./example.toml} $buildroot/etc/rosenpass/example.toml
+
+  export HOME=/build
+  mkdir -p /build/tmp
+  ls -R rpmbuild
+
+  ${rpm}/bin/rpmbuild \
+    -bb \
+    --dbpath=$HOME \
+    --define "_tmppath /build/tmp" \
+    rpmbuild/SPECS/rosenpass.spec
+
+  cp rpmbuild/RPMS/${arch}/rosenpass*.rpm $out
+''
--- a/tests/legacy-distro-packaging.nix
+++ b/tests/legacy-distro-packaging.nix
@@ -0,0 +1,71 @@
+{ pkgs, rosenpass-deb, rosenpass-rpm }:
+
+let
+  wg-deb = pkgs.fetchurl {
+    url = "http://ftp.de.debian.org/debian/pool/main/w/wireguard/wireguard-tools_1.0.20210914-1.1_amd64.deb";
+    hash = "sha256-s/hCUisQLR19kEbV6d8JXzzTAWUPM+NV0APgHizRGA4=";
+  };
+  wg-rpm = pkgs.fetchurl {
+    url = "https://mirrors.n-ix.net/fedora/linux/releases/40/Everything/x86_64/os/Packages/w/wireguard-tools-1.0.20210914-6.fc40.x86_64.rpm";
+    hash = "sha256-lh6kCW5gh9bfuOwzjPv96ol1d6u1JTIr/oKH5QbAlK0=";
+  };
+
+  pkgsDirDeb = pkgs.runCommand "packages" { } ''
+    mkdir $out
+    cp ${rosenpass-deb} $out/rosenpass.deb
+    cp ${wg-deb} $out/wireguard.deb
+    cp ${./prepare-test.sh} $out/prepare-test.sh
+  '';
+  pkgsDirRpm = pkgs.runCommand "packages" { } ''
+    mkdir $out
+    cp ${rosenpass-rpm} $out/rosenpass.rpm
+    cp ${wg-rpm} $out/wireguard.rpm
+    cp ${./prepare-test.sh} $out/prepare-test.sh
+  '';
+
+  test = { tester, installPrefix, suffix, source }: (tester {
+    sharedDirs.share = {
+      inherit source;
+      target = "/mnt/share";
+    };
+    testScript = ''
+      vm.wait_for_unit("multi-user.target")
+      vm.succeed("${installPrefix} /mnt/share/wireguard.${suffix}")
+      vm.succeed("${installPrefix} /mnt/share/rosenpass.${suffix}")
+      vm.succeed("bash /mnt/share/prepare-test.sh")
+
+      vm.succeed(f"systemctl start rp@server")
+      vm.succeed(f"systemctl start rp@client")
+
+      vm.wait_for_unit("rp@server.service")
+      vm.wait_for_unit("rp@client.service")
+
+      vm.wait_until_succeeds("wg show all preshared-keys | grep --invert-match none", timeout=5);
+
+      psk_server = vm.succeed("wg show rp-server preshared-keys").strip().split()[-1]
+      psk_client = vm.succeed("wg show rp-client preshared-keys").strip().split()[-1]
+
+      assert psk_server == psk_client, "preshared-key exchange must be successful"
+    '';
+  }).sandboxed;
+in
+{
+  package-deb-debian-13 = test {
+    tester = pkgs.testers.legacyDistros.debian."13";
+    installPrefix = "dpkg --install";
+    suffix = "deb";
+    source = pkgsDirDeb;
+  };
+  package-deb-ubuntu-23_10 = test {
+    tester = pkgs.testers.legacyDistros.ubuntu."23_10";
+    installPrefix = "dpkg --install";
+    suffix = "deb";
+    source = pkgsDirDeb;
+  };
+  package-rpm-fedora_40 = test {
+    tester = pkgs.testers.legacyDistros.fedora."40";
+    installPrefix = "rpm -i";
+    suffix = "rpm";
+    source = pkgsDirRpm;
+  };
+}
--- a/tests/packaging/deb.nix
+++ b/tests/packaging/deb.nix
@@ -1,44 +0,0 @@
-{ pkgs, rosenpass-deb }:
-
-let
-  wg-deb = pkgs.fetchurl {
-    url = "http://ftp.de.debian.org/debian/pool/main/w/wireguard/wireguard-tools_1.0.20210914-1.1_amd64.deb";
-    hash = "sha256-s/hCUisQLR19kEbV6d8JXzzTAWUPM+NV0APgHizRGA4=";
-  };
-  pkgsDir = pkgs.runCommand "packages" {} ''
-    mkdir $out
-    cp ${rosenpass-deb} $out/rosenpass.deb
-    cp ${wg-deb} $out/wireguard.deb
-    cp ${./prepare-test.sh} $out/prepare-test.sh
-  '';
-
-  testAttrs = {
-    sharedDirs.share = {
-      source = pkgsDir;
-      target = "/mnt/share";
-    };
-    testScript = ''
-      vm.wait_for_unit("multi-user.target")
-      vm.succeed("dpkg --install /mnt/share/wireguard.deb")
-      vm.succeed("dpkg --install /mnt/share/rosenpass.deb")
-      vm.succeed("bash /mnt/share/prepare-test.sh")
-
-      vm.succeed(f"systemctl start rp@server")
-      vm.succeed(f"systemctl start rp@client")
-
-      vm.wait_for_unit("rp@server.service")
-      vm.wait_for_unit("rp@client.service")
-
-      vm.wait_until_succeeds("wg show all preshared-keys | grep --invert-match none", timeout=5);
-
-      psk_server = vm.succeed("wg show rp-server preshared-keys").strip().split()[-1]
-      psk_client = vm.succeed("wg show rp-client preshared-keys").strip().split()[-1]
-
-      assert psk_server == psk_client, "preshared-key exchange must be successful"
-    '';
-  };
-in
-{
-  debian-13 = (pkgs.testers.legacyDistros.debian."13" testAttrs).sandboxed;
-  ubuntu-23_10 = (pkgs.testers.legacyDistros.ubuntu."23_10" testAttrs).sandboxed;
-}
--- a/tests/packaging/prepare-test.sh
+++ b/tests/packaging/prepare-test.sh