From 0b3b101d1bc02a17e03fe6ae11a9155ce2cdbc8a Mon Sep 17 00:00:00 2001
From: Chris Lemmons <alficles@gmail.com>
Date: Wed, 2 Sep 2020 07:43:02 +0000
Subject: [PATCH 1/7] Added transitive source build for ATS.

This provides a basic Apache Traffic Server compile, complete with relevant
libraries, that can be used along with Traffic Control.
---
 infrastructure/docker/build/Dockerfile-tsb    |  40 +++++
 .../docker/build/docker-compose-opt.yml       |  26 ++++
 .../docker/build/docker-compose-opt.yml.ats   |   1 +
 pkg                                           |  63 ++++++--
 traffic_server/tsb/.dependency_license        |  26 ++++
 traffic_server/tsb/.gitignore                 |  21 +++
 traffic_server/tsb/Dockerfile                 |  73 +++++++++
 traffic_server/tsb/cjose.pic.patch            |  10 ++
 traffic_server/tsb/docker-compose.yml         |  31 ++++
 traffic_server/tsb/jansson.pic.patch          |   9 ++
 traffic_server/tsb/patches.yml                |  15 ++
 traffic_server/tsb/repos.yml                  |  27 ++++
 traffic_server/tsb/run.sh                     |  61 ++++++++
 traffic_server/tsb/traffic_server_jemalloc    |  37 +++++
 traffic_server/tsb/trafficserver.spec         | 147 ++++++++++++++++++
 15 files changed, 574 insertions(+), 13 deletions(-)
 create mode 100644 infrastructure/docker/build/Dockerfile-tsb
 create mode 100644 infrastructure/docker/build/docker-compose-opt.yml
 create mode 120000 infrastructure/docker/build/docker-compose-opt.yml.ats
 create mode 100644 traffic_server/tsb/.dependency_license
 create mode 100644 traffic_server/tsb/.gitignore
 create mode 100644 traffic_server/tsb/Dockerfile
 create mode 100644 traffic_server/tsb/cjose.pic.patch
 create mode 100644 traffic_server/tsb/docker-compose.yml
 create mode 100644 traffic_server/tsb/jansson.pic.patch
 create mode 100644 traffic_server/tsb/patches.yml
 create mode 100644 traffic_server/tsb/repos.yml
 create mode 100755 traffic_server/tsb/run.sh
 create mode 100755 traffic_server/tsb/traffic_server_jemalloc
 create mode 100644 traffic_server/tsb/trafficserver.spec

diff --git a/infrastructure/docker/build/Dockerfile-tsb b/infrastructure/docker/build/Dockerfile-tsb
new file mode 100644
index 0000000000..65624ce055
--- /dev/null
+++ b/infrastructure/docker/build/Dockerfile-tsb
@@ -0,0 +1,40 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+ARG RHEL_VERSION=8
+FROM centos:${RHEL_VERSION} as tsb-build
+RUN yum clean all && yum -y install git
+COPY GO_VERSION /
+RUN curl -L https://dl.google.com/go/go$(cat /GO_VERSION).linux-amd64.tar.gz | tar -C /usr/local -xz && ln -s /usr/local/go/bin/go /usr/bin/go
+RUN mkdir -p /go/src/github.com/comcast/tsb && cd /go/src/github.com/comcast/tsb && git init && git remote add origin https://github.com/comcast/tsb && git fetch --depth=1 origin 851be3e137b20ba5d2d1eefd07cd303dc5f53865 && git reset --hard FETCH_HEAD
+RUN cd /go/src/github.com/comcast/tsb && CGOENABLED=0 go build -o /usr/bin/tsb
+
+FROM centos:${RHEL_VERSION}
+MAINTAINER dev@trafficcontrol.apache.org
+
+RUN	yum -y install git sudo
+
+# The current configuration does not require docker-compose for tsb, so a dummy script is included instead of docker-compose.
+# If docker-compose is required, the docker socket will need to be mounted inside this container as well.
+#ADD	https://github.com/docker/compose/releases/download/1.26.2/docker-compose-Linux-x86_64 /usr/bin/docker-compose
+RUN	echo -e "#!/usr/bin/env bash\necho docker-compose is not supported in this container and the build command will not work.\nexit 1" > /usr/bin/docker-compose
+
+RUN	chmod +x /usr/bin/docker-compose
+COPY	--from=tsb-build /usr/bin/tsb /usr/bin/tsb
+RUN	git config --global user.email "dev@trafficcontrol.apache.org"
+RUN	git config --global user.name "Apache Traffic Control"
+CMD	["/usr/bin/tsb", "cd", "/opt/tsb-ats", "fetch", "prebuild"]
diff --git a/infrastructure/docker/build/docker-compose-opt.yml b/infrastructure/docker/build/docker-compose-opt.yml
new file mode 100644
index 0000000000..e93b40a533
--- /dev/null
+++ b/infrastructure/docker/build/docker-compose-opt.yml
@@ -0,0 +1,26 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+---
+version: '2'
+
+services:
+  ats:
+    build:
+      dockerfile: infrastructure/docker/build/Dockerfile-tsb
+      context: ../../..
+    volumes:
+      - ../../../traffic_server/tsb:/opt/tsb-ats:z
diff --git a/infrastructure/docker/build/docker-compose-opt.yml.ats b/infrastructure/docker/build/docker-compose-opt.yml.ats
new file mode 120000
index 0000000000..4b7c3dfa9d
--- /dev/null
+++ b/infrastructure/docker/build/docker-compose-opt.yml.ats
@@ -0,0 +1 @@
+../../../traffic_server/tsb/docker-compose.yml
\ No newline at end of file
diff --git a/pkg b/pkg
index fab4b7ef74..9bf98ccacb 100755
--- a/pkg
+++ b/pkg
@@ -16,6 +16,7 @@
 SELF="${BASH_SOURCE[0]}"
 cd "$( dirname "${BASH_SOURCE[0]}" )"
 COMPOSE_FILE=./infrastructure/docker/build/docker-compose.yml
+COMPOSE_FILE_OPT=./infrastructure/docker/build/docker-compose-opt.yml
 
 # Check for dependencies
 if ! which docker >/dev/null 2>&1; then
@@ -88,20 +89,27 @@ RUN_OPTIONS=(-e RHEL_VERSION)
 
 # Parse command line arguments
 verbose=0
-while getopts :?78bdlpqv opt; do
+debug=0
+quiet=0
+all=0
+build_images=0
+while getopts :?78abdf:lopqv opt; do
 	case $opt in
 		\?)
 			PROJECTS=`$SELF -l | sed "s/^/  - /"`
 			<<-HELP_TEXT cat
 			Usage: $SELF [options] [projects]
-			  -7    Build RPMs targeting CentOS 7 (default)
-			  -8    Build RPMs targeting CentOS 8
-			  -b    Build builder Docker images before building projects
-			  -d    Disable compiler optimizations for debugging.
-			  -l    List available projects.
-			  -p    Pull builder Docker images, do not build them (default)
-			  -q    Quiet mode. Supresses output. (default)
-			  -v    Verbose mode. Lists all build output.
+			  -7           Build RPMs targeting CentOS 7 (default)
+			  -8           Build RPMs targeting CentOS 8
+			  -a           Build all projects, including optional ones.
+			  -b           Build builder Docker images before building projects
+			  -d           Disable compiler optimizations for debugging.
+                          -f <file>    Use <file> as the docker-compose. Default: $COMPOSE_FILE"
+			  -l           List available projects.
+                          -o           Build from the optional list. Same as -f "$COMPOSE_FILE_OPT"
+			  -p           Pull builder Docker images, do not build them (default)
+			  -q           Quiet mode. Supresses output. (default)
+			  -v           Verbose mode. Lists all build output.
 
 			If no projects are listed, all projects will be packaged.
 			Valid projects:
@@ -115,6 +123,9 @@ while getopts :?78bdlpqv opt; do
 		8)
 			RHEL_VERSION=8
 			;;
+		a)
+			all=1
+			;;
 		b)
 			build_images=1
 			;;
@@ -123,16 +134,24 @@ while getopts :?78bdlpqv opt; do
 			# If DEBUG_BUILD is true, then Golang binaries will remain unoptimized and
 			# RPM packaging will not strip binaries.
 			RUN_OPTIONS+=(-e 'DEBUG_BUILD=true');
+			debug=1
+			;;
+		f)
+			COMPOSE_FILE="$OPTARG"
 			;;
 		l)
 			"${COMPOSECMD[@]}" -f $COMPOSE_FILE config --services
 			exit $?
 			;;
+		o)
+			COMPOSE_FILE="$COMPOSE_FILE_OPT"
+			;;
 		p)
 			build_images=0
 			;;
 		q)
 			exec >/dev/null 2>&1
+			quiet=1
 			;;
 		v)
 			verbose=1
@@ -142,9 +161,9 @@ done
 
 shift $((OPTIND-1))
 
-# If no specific packages are listed, run them all.
-if (( ! "$#" )); then
-	set -- `$SELF -l`
+# If no specific packages are listed, or -a is used, run them all.
+if (( ! "$#" || "$all" == 1 )); then
+	set -- `$SELF -f "$COMPOSE_FILE" -l`
 fi
 
 # Build each project in turn.
@@ -156,12 +175,28 @@ while (( "$#" )); do
 		if (( "$verbose" == 0 )); then
 			exec >/dev/null 2>&1
 		fi
+
+		# Build the project
 		if [[ $build_images -eq 1 ]]; then
 			"${COMPOSECMD[@]}" -f $COMPOSE_FILE build $1 || exit 1
 		else
 			"${COMPOSECMD[@]}" -f $COMPOSE_FILE pull $1 || exit 1
 		fi
 		"${COMPOSECMD[@]}" -f $COMPOSE_FILE run "${RUN_OPTIONS[@]}" --rm $1 || exit 1
+
+		# Check for a chained compose file for this particular project.
+		# A chained compose file will be named exactly the same as main docker-compose, with .service added,
+		# where <service> is the name of the specific service to be chained. The file may be a symlink to another
+		# compose file, in which case the symlink will be followed before it is processed.
+		# A "dist" symlink will be temporarily created in that directory to facilitate the collation of artefacts.
+		if [ -e "$COMPOSE_FILE.$1" ] ; then
+			ln -sf "$(dirname -- "$(realpath -e -- "$SELF")")/dist" "$(dirname -- "$(realpath -e -- "$COMPOSE_FILE.$1")")/dist" || exit 1
+			$SELF -f $(realpath -e "$COMPOSE_FILE.$1") $([ "$verbose" == 0 ] || echo "-v") $([ "$quiet" == 0 ] || echo "-q") $([ "$debug" == 0 ] || echo "-d") $([ "$build" == 0 ] || echo "-b") $("${COMPOSECMD[@]}" -f $(realpath -e "$COMPOSE_FILE.$1") config --services) || exit 1
+			rm "$(dirname -- "$(realpath -e -- "$COMPOSE_FILE.$1")")/dist"
+		fi
+
+		# Update the ownership of the artefacts to match the main repo.
+		chown -R "$(stat -c '%u:%g' .)" dist
 	) || {
 		# Don't totally bail out, but make note of the failures.
 		failure=1
@@ -170,7 +205,9 @@ while (( "$#" )); do
 	shift
 done
 
-if (( $failure )); then
+[ "$all" == 0 ] || $SELF -o $([ "$verbose" == 0 ] || echo "-v") $([ "$quiet" == 0 ] || echo "-q") $([ "$debug" == 0 ] || echo "-d") || failure=1
+
+if [[ ! -z $badproj ]]; then
 	echo "Failed to build$badproj."
 fi
 
diff --git a/traffic_server/tsb/.dependency_license b/traffic_server/tsb/.dependency_license
new file mode 100644
index 0000000000..59246dd91a
--- /dev/null
+++ b/traffic_server/tsb/.dependency_license
@@ -0,0 +1,26 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# Patch files, cannot bear comments
+cjose.pic.patch, Apache-2.0
+jansson.pic.patch, Apache-2.0
+
+# YAML files, but are manipulated with scripts that would strip comments.
+patches.yml, Apache-2.0
+repos.yml, Apache-2.0
diff --git a/traffic_server/tsb/.gitignore b/traffic_server/tsb/.gitignore
new file mode 100644
index 0000000000..7e1714cb7b
--- /dev/null
+++ b/traffic_server/tsb/.gitignore
@@ -0,0 +1,21 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+dist
+src
diff --git a/traffic_server/tsb/Dockerfile b/traffic_server/tsb/Dockerfile
new file mode 100644
index 0000000000..93fa9a3612
--- /dev/null
+++ b/traffic_server/tsb/Dockerfile
@@ -0,0 +1,73 @@
+# Licensed to the Apache Software Fou:qndation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+FROM centos:7
+
+RUN	yum clean all \
+	&& yum install -y deltarpm epel-release centos-release-scl-rh \
+	&& yum-config-manager --enable rhel-server-rhscl-7-rpms \
+	&& yum clean all \
+	&& yum install -y \
+		autoconf \
+		automake \
+		devtoolset-7 \
+		ed \
+		expat-devel \
+		flex \
+		gcc-c++ \
+		git \
+		glibc-devel \
+		hwloc \
+		hwloc-devel \
+		libcap-devel \
+		libcurl-devel \
+		libtool \
+		libuuid-devel \
+		lua-devel \
+		luajit-devel \
+		make \
+		man \
+		nano \
+		ncurses-devel \
+		nmap-ncat \
+		openssl \
+		openssl-devel \
+		pcre \
+		pcre-devel \
+		perl-Digest-SHA \
+		perl-ExtUtils-MakeMaker \
+		perl-URI \
+		pkgconfig \
+		python3 \
+		rpm-build \
+		sudo \
+		tcl-devel \
+		zlib \
+		zlib-devel \
+	&& yum clean all
+
+COPY	jansson.pic.patch /opt/src/
+COPY	cjose.pic.patch /opt/src/
+ADD	https://bootstrap.pypa.io/get-pip.py /
+RUN	python get-pip.py
+RUN	pip install --user Sphinx
+COPY	run.sh /
+COPY	trafficserver.spec /rpmbuilddir/SPECS/trafficserver.spec
+COPY	traffic_server_jemalloc /rpmbuilddir/SOURCES/traffic_server_jemalloc
+RUN	/usr/sbin/useradd -u 176 -r ats -s /sbin/nologin -d /
+CMD	set -o pipefail; scl enable devtoolset-7 ./run.sh 2>&1 | tee /rpmbuilddir/RPMS/x86_64/build.log
diff --git a/traffic_server/tsb/cjose.pic.patch b/traffic_server/tsb/cjose.pic.patch
new file mode 100644
index 0000000000..394ed5dcfa
--- /dev/null
+++ b/traffic_server/tsb/cjose.pic.patch
@@ -0,0 +1,10 @@
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 659e1c0..b8da1c3 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -1,4 +1,4 @@
+-AM_CFLAGS =-std=gnu99 --pedantic -Wall -Werror -g -O2 -I$(top_builddir)/include
++AM_CFLAGS =-std=gnu99 --pedantic -Wall -Werror -g -O2 -I$(top_builddir)/include -fpic
+
+ lib_LTLIBRARIES=libcjose.la
+ libcjose_la_CPPFLAGS= -I$(topdir)/include
diff --git a/traffic_server/tsb/docker-compose.yml b/traffic_server/tsb/docker-compose.yml
new file mode 100644
index 0000000000..463713812e
--- /dev/null
+++ b/traffic_server/tsb/docker-compose.yml
@@ -0,0 +1,31 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+---
+version: "2"
+services:
+    ats_build:
+        build:
+            context: .
+            dockerfile: Dockerfile
+        image: ats_build
+        volumes:
+            - ./src/jansson:/opt/src/jansson
+            - ./src/cjose:/opt/src/cjose
+            - ./src/openssl:/opt/src/openssl
+            - ./src/ats:/rpmbuilddir/SOURCES/src
+            - ./src/trafficcontrol/traffic_server/plugins/astats_over_http:/opt/src/astats_over_http
+            - ./dist:/rpmbuilddir/RPMS/x86_64
diff --git a/traffic_server/tsb/jansson.pic.patch b/traffic_server/tsb/jansson.pic.patch
new file mode 100644
index 0000000000..67e58bfa4f
--- /dev/null
+++ b/traffic_server/tsb/jansson.pic.patch
@@ -0,0 +1,9 @@
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 5516927..118ea7c 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -1,3 +1,4 @@
++AM_CFLAGS = -fpic
+ EXTRA_DIST = jansson.def
+
+ include_HEADERS = jansson.h
diff --git a/traffic_server/tsb/patches.yml b/traffic_server/tsb/patches.yml
new file mode 100644
index 0000000000..e6657a014d
--- /dev/null
+++ b/traffic_server/tsb/patches.yml
@@ -0,0 +1,15 @@
+ats:
+    - f5ac00f3606bd826c52552e59f067d3fe3fcda33 # <2018-09-11T17:18:30+00:00!jrushford@apache.org> For Nexthop, add the capability to mark down origin servers utilizing traffic_ctl.
+    - 721f8ffca6ee8782573084c671e45ce392d239ef # <2018-06-21T17:21:58+00:00!jrushford@apache.org> add a reason tag to traffic_control host subcommand.
+    - d295784ba57af7e8e2dba09b85a1cbcaacf797f3 # <2019-05-16T19:33:17+00:00!jrushford@apache.org> Add an ignore_self_detect flag to parent.config so that the local cache host may be a member of a peering cache group.
+    - ef57a68f4f9d6f6dd5563cff82cddb8adcb8c28c # <2020-05-16T00:05:44+00:00!brian_olsen2@comcast.com> forward port of slice plugin from ats7
+    - abe7a933e403b88f1b13ab7f2ebdd6ce95202b42 # <2019-04-02T13:25:48+00:00!brian_olsen2@comcast.com> url_sig debug fix for when url is missing the signature query string
+    - 9ac557ba3c0f28979c996cb49a827940bfb569d8 # <2019-09-30T19:04:12+00:00!brian_olsen2@comcast.com> url_sig: fix memory leak with urlParse and pristine flag
+    - 72e582d3de630008641e7849f7cd42b11f6f081b # <2019-02-04T12:47:10-08:00!randallmeyer@yahoo.com> lua plugin: add support for relative path scripts; moves inline script to switch
+    - ad33e0fff0091093cd31fcfd429933299cb8bf5b # <2020-02-07T00:44:14-08:00!kichan@apache.org> Fix for lua plugin coredump problem during reload
+    - 1f13f346ef9ae4c0035f5755af4fd28b6f84f1e0 # <2020-04-20T14:59:44-06:00!brian_olsen2@comcast.com> code and documentation for lua states configuration and stats printing (#6571)
+    - fc66eea820c8ba44196f2051aa41aedd7b874b0b # <2020-03-16T19:30:54+00:00!jrushford@apache.org> Fixes a bug where getHostStatus() will create a host status record when none is found. A Host status record should only be created when a host is marked up or down when traffic_ctl is used to mark a host up or down.
+    - 5b38fb26737b38267615102775d81136a843075c # <2020-07-01T13:59:15+00:00!brian_olsen2@comcast.com> CacheRead: clear dir entry if doc is found to be truncated
+openssl:
+    - ec6788fb8ca0704b503c3a0030a142d9805895a6 # <2018-09-18T17:45:39+01:00!matt@openssl.org> Delay setting the sig algs until after the cert_cb has been called
+trafficcontrol: []
diff --git a/traffic_server/tsb/repos.yml b/traffic_server/tsb/repos.yml
new file mode 100644
index 0000000000..1532f2df64
--- /dev/null
+++ b/traffic_server/tsb/repos.yml
@@ -0,0 +1,27 @@
+ats:
+    src: https://github.com/apache/trafficserver
+    branch: 8.0.x
+    head: a29528dffb8ea1c6fa57fe0c76ca1ec9d0f08694
+    extra:
+        - https://github.com/jrushford/trafficserver
+        - https://github.com/traeak/trafficserver
+cjose:
+    src: https://github.com/cisco/cjose
+    branch: master
+    head: 254ab05e04cc32d866712bea838990eb4011cbf5
+    extra: []
+jansson:
+    src: https://github.com/akheron/jansson
+    branch: master
+    head: aed855e6920923898b94a1b922fbace27a34ddf2
+    extra: []
+openssl:
+    src: https://github.com/openssl/openssl
+    branch: OpenSSL_1_1_1
+    head: 1708e3e85b4a86bae26860aa5d2913fc8eff6086
+    extra: []
+trafficcontrol:
+    src: https://github.com/apache/trafficcontrol
+    branch: master
+    head: a766f880d3a8f1565867faa27b228eea8e30efed
+    extra: []
diff --git a/traffic_server/tsb/run.sh b/traffic_server/tsb/run.sh
new file mode 100755
index 0000000000..8ef67f2cb3
--- /dev/null
+++ b/traffic_server/tsb/run.sh
@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+die() {
+	{ test -n "$@" && echo "$@"; exit 1; } >&2
+}
+
+mkdir /opt/build
+cp -fa /opt/{src,build}/jansson
+cp -fa /opt/{src,build}/cjose
+cp -fa /opt/{src,build}/openssl
+
+# Build OpenSSL
+(
+	cd /opt/build/openssl && \
+	./config --prefix=/opt/trafficserver/openssl --openssldir=/opt/trafficserver/openssl zlib && \
+	make -j`nproc` && \
+	make install_sw
+) || die "Failed to build OpenSSL"
+	
+
+(cd /opt/build/jansson && patch -p1 < /opt/src/jansson.pic.patch && autoreconf -i && ./configure --enable-shared=no && make -j`nproc` && make install) || die "Failed to install jansson from source."
+(cd /opt/build/cjose && patch -p1 < /opt/src/cjose.pic.patch && autoreconf -i && ./configure --enable-shared=no --with-openssl=/opt/trafficserver/openssl && make -j`nproc` && make install) || die "Failed to install cjose from source."
+
+# Patch astats in so that it builds in-tree.
+cp -far /opt/src/astats_over_http /rpmbuilddir/SOURCES/src/plugins/astats_over_http
+cat > /rpmbuilddir/SOURCES/src/plugins/astats_over_http/Makefile.inc <<MAKEFILE
+pkglib_LTLIBRARIES += astats_over_http/astats_over_http.la
+astats_over_http_astats_over_http_la_SOURCES = astats_over_http/astats_over_http.c
+MAKEFILE
+(ed /rpmbuilddir/SOURCES/src/plugins/Makefile.am <<ED
+/stats_over_http/
+t
+s/stats/astats/g
+w
+ED
+) || die "Failed to patch plugins makefile to include astats."
+
+# Patch trafficserver systemd service
+# This includes changing output redirection to traffic.out and adding udev-settle to wait for disks
+(sed -i 's/ExecStart=@exp_bindir@\/traffic_manager \$TM_DAEMON_ARGS/ExecStart=@exp_bindir@\/traffic_manager --bind_stdout @exp_logdir@\/traffic.out --bind_stderr @exp_logdir@\/traffic.out \$TM_DAEMON_ARGS/g' /rpmbuilddir/SOURCES/src/rc/trafficserver.service.in)
+(sed -i 's/After=syslog.target network.target/Wants=systemd-udev-settle.service \nAfter=syslog.target network.target systemd-udev-settle.service/g' /rpmbuilddir/SOURCES/src/rc/trafficserver.service.in)
+rpmbuild -bb --define "_topdir /rpmbuilddir" /rpmbuilddir/SPECS/trafficserver.spec || die "Failed to build rpm."
diff --git a/traffic_server/tsb/traffic_server_jemalloc b/traffic_server/tsb/traffic_server_jemalloc
new file mode 100755
index 0000000000..fc5b65083b
--- /dev/null
+++ b/traffic_server/tsb/traffic_server_jemalloc
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# This file is a simple shim that configures some basic profiling for
+# traffic_server in jemalloc. If you use it, you'll want to adjust the values
+# in MALLOC_CONF to meet your specific needs. (man jemalloc for details.)
+
+# To use this, set your traffic server binary parameter to be this file instead
+# of traffic_server.
+
+prefix=/usr
+exec_prefix=/usr
+libdir=/usr/lib64
+
+MALLOC_CONF="prof:true,prof_prefix:/tmp/jeprof.out,lg_prof_interval:33,lg_prof_sample:20"
+LD_PRELOAD=${libdir}/libjemalloc.so.2
+export LD_PRELOAD
+export MALLOC_CONF
+/opt/trafficserver/bin/traffic_server $@
diff --git a/traffic_server/tsb/trafficserver.spec b/traffic_server/tsb/trafficserver.spec
new file mode 100644
index 0000000000..681cb4f15c
--- /dev/null
+++ b/traffic_server/tsb/trafficserver.spec
@@ -0,0 +1,147 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+%global src %{_topdir}/SOURCES/src
+%global git_args --git-dir="%{src}/.git" --work-tree="%{src}"
+%global tag %(git %{git_args} describe --long |      sed 's/^\\\(.*\\\)-\\\([0-9]\\\+\\\)-g\\\([0-9a-f]\\\+\\\)$/\\\1/' | sed 's/-/_/')
+%global distance %(git %{git_args} describe --long | sed 's/^\\\(.*\\\)-\\\([0-9]\\\+\\\)-g\\\([0-9a-f]\\\+\\\)$/\\\2/')
+%global commit %(git %{git_args} describe --long |   sed 's/^\\\(.*\\\)-\\\([0-9]\\\+\\\)-g\\\([0-9a-f]\\\+\\\)$/\\\3/')
+%global git_serial %(git %{git_args} rev-list HEAD | wc -l)
+%global install_prefix "/opt"
+%global api_stats "4096"
+%global _find_debuginfo_dwz_opts %{nil}
+
+Name:		trafficserver
+Version:	%{tag}
+Epoch:		%{git_serial}
+Release:	%{distance}.%{commit}%{?dist}
+Summary:	Apache Traffic Server
+Vendor:		Apache
+Group:		Applications/Communications
+License:	Apache License, Version 2.0
+URL:		https://github.com/apache/trafficserver
+BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+Requires:	tcl, hwloc, pcre, libcap
+BuildRequires:	autoconf, automake, libtool, gcc-c++, glibc-devel, expat-devel, pcre, libcap-devel, pcre-devel, perl-ExtUtils-MakeMaker, tcl-devel, hwloc-devel
+Source: src
+
+%description
+Apache Traffic Server with Apache Traffic Control modifications and environment specific modifications
+
+%prep
+%setup -c -T
+cp -far %{src}/. .
+cp -far %{src}/../traffic_server_jemalloc ..
+autoreconf -vfi
+
+%build
+./configure --with-openssl=/opt/trafficserver/openssl --prefix=%{install_prefix}/%{name} --with-user=ats --with-group=ats --with-build-number=%{release} --enable-experimental-plugins --with-max-api-stats=%{api_stats} --disable-unwind
+make %{?_smp_mflags}
+export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/trafficserver/openssl/lib:/usr/local/lib
+make %{?_smp_mflags} check || ( cat ./test-suite.log; exit 1 )
+
+%install
+make DESTDIR=$RPM_BUILD_ROOT install
+
+mkdir -p $RPM_BUILD_ROOT/opt/trafficserver/etc/trafficserver/snapshots
+mkdir -p $RPM_BUILD_ROOT/usr/lib/systemd/system
+cp rc/trafficserver.service $RPM_BUILD_ROOT/usr/lib/systemd/system/
+cp ../traffic_server_jemalloc $RPM_BUILD_ROOT/opt/trafficserver/bin/
+
+mkdir -p $RPM_BUILD_ROOT/opt/trafficserver/openssl
+cp -r /opt/trafficserver/openssl/lib $RPM_BUILD_ROOT/opt/trafficserver/openssl/lib
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%pre
+id ats &>/dev/null || /usr/sbin/useradd -u 176 -r ats -s /sbin/nologin -d /
+
+%post
+/bin/systemctl daemon-reload
+/bin/systemctl enable trafficserver
+
+%preun
+/bin/systemctl stop trafficserver
+
+# if 0 uninstall, if 1 upgrade
+if [ "$1" = "0" ]; then
+	/bin/systemctl disable trafficserver
+fi
+
+%postun
+# Helpful in understanding order of operations in relation to install/uninstall/upgrade:
+#     https://fedoraproject.org/wiki/Packaging:Scriptlets
+
+# Always do this because the service file may have been updated.
+/bin/systemctl daemon-reload
+
+# if 0 uninstall, if 1 upgrade
+if [ "$1" = "0" ]; then
+	id ats &>/dev/null && /usr/sbin/userdel ats
+fi
+
+%files
+%defattr(-,root,root)
+%attr(644,-,-) /usr/lib/systemd/system/trafficserver.service
+%dir /opt/trafficserver
+/opt/trafficserver/openssl
+/opt/trafficserver/bin
+/opt/trafficserver/include
+/opt/trafficserver/lib
+/opt/trafficserver/libexec
+/opt/trafficserver/share
+%dir /opt/trafficserver/var
+%attr(-,ats,ats) /opt/trafficserver/var/trafficserver
+%dir /opt/trafficserver/var/log
+%attr(-,ats,ats) /opt/trafficserver/var/log/trafficserver
+%dir /opt/trafficserver/etc
+%attr(-,ats,ats) %dir /opt/trafficserver/etc/trafficserver
+%attr(-,ats,ats) %dir /opt/trafficserver/etc/trafficserver/snapshots
+/opt/trafficserver/etc/trafficserver/body_factory
+/opt/trafficserver/etc/trafficserver/trafficserver-release
+%config(noreplace) %attr(644,ats,ats) /opt/trafficserver/etc/trafficserver/cache.config
+%config(noreplace) %attr(644,ats,ats) /opt/trafficserver/etc/trafficserver/hosting.config
+%config(noreplace) %attr(644,ats,ats) /opt/trafficserver/etc/trafficserver/ip_allow.config
+%config(noreplace) %attr(644,ats,ats) /opt/trafficserver/etc/trafficserver/logging.yaml
+%config(noreplace) %attr(644,ats,ats) /opt/trafficserver/etc/trafficserver/parent.config
+%config(noreplace) %attr(644,ats,ats) /opt/trafficserver/etc/trafficserver/plugin.config
+%config(noreplace) %attr(644,ats,ats) /opt/trafficserver/etc/trafficserver/records.config
+%config(noreplace) %attr(644,ats,ats) /opt/trafficserver/etc/trafficserver/remap.config
+%config(noreplace) %attr(644,ats,ats) /opt/trafficserver/etc/trafficserver/socks.config
+%config(noreplace) %attr(644,ats,ats) /opt/trafficserver/etc/trafficserver/splitdns.config
+%config(noreplace) %attr(644,ats,ats) /opt/trafficserver/etc/trafficserver/ssl_multicert.config
+%config(noreplace) %attr(644,ats,ats) /opt/trafficserver/etc/trafficserver/ssl_server_name.yaml
+%config(noreplace) %attr(644,ats,ats) /opt/trafficserver/etc/trafficserver/storage.config
+%config(noreplace) %attr(644,ats,ats) /opt/trafficserver/etc/trafficserver/volume.config
+
+%changelog
+* Wed Aug 26 2020 Chris Lemmons <alficles(at)gmail.com>
+- Updated to incorporate new tooling and Apache Traffic Control patches
+* Wed Jun 8 2016 John Rushford <john_rushford(at)cable.comcast.com>
+- Added tools/rc_admin.pl to complete rpm tasks under both Enterprise Linux 6 or 7 using either chkconfig or systemd commands.
+- Modified this spec file to use rc_admin.pl
+* Wed Aug 7 2013 Jeff Elsloo <jeffrey_elsloo(at)cable.comcast.com>
+- Modified to support building 3.3.x
+- Modified to support upgrades
+* Sun Aug 12 2012 John Benton <john_benton(at)cable.comcast.com>
+- Initial RPM build based on SVN version 2376
+- Rev for ATS 3.2.0 based on SVN version 2470
+- Rev for ATS 3.2.0 based on SVN version 2555
+- Rev for ATS 3.2.0 based on SVN version 4812

From 0ae39602fee4a2026e9ea4a848fc8ab5b28c1e09 Mon Sep 17 00:00:00 2001
From: Chris Lemmons <alficles@gmail.com>
Date: Fri, 4 Dec 2020 07:52:01 +0000
Subject: [PATCH 2/7] Fixed line endings on two lines of pkg.

The lines had spaces where the file intended to use tabs. This has been
corrected.
---
 pkg | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg b/pkg
index 9bf98ccacb..c673c34921 100755
--- a/pkg
+++ b/pkg
@@ -104,9 +104,9 @@ while getopts :?78abdf:lopqv opt; do
 			  -a           Build all projects, including optional ones.
 			  -b           Build builder Docker images before building projects
 			  -d           Disable compiler optimizations for debugging.
-                          -f <file>    Use <file> as the docker-compose. Default: $COMPOSE_FILE"
+			  -f <file>    Use <file> as the docker-compose. Default: $COMPOSE_FILE"
 			  -l           List available projects.
-                          -o           Build from the optional list. Same as -f "$COMPOSE_FILE_OPT"
+			  -o           Build from the optional list. Same as -f "$COMPOSE_FILE_OPT"
 			  -p           Pull builder Docker images, do not build them (default)
 			  -q           Quiet mode. Supresses output. (default)
 			  -v           Verbose mode. Lists all build output.

From 0b6798dc4b050eeb84a6e4a196a4631efacdeb6c Mon Sep 17 00:00:00 2001
From: Chris Lemmons <alficles@gmail.com>
Date: Fri, 4 Dec 2020 18:02:17 +0000
Subject: [PATCH 3/7] Removed stray "s from help lines.

These were introduced erroneously as the result of a merge conflict resolution.
---
 pkg | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg b/pkg
index c673c34921..1805488378 100755
--- a/pkg
+++ b/pkg
@@ -104,9 +104,9 @@ while getopts :?78abdf:lopqv opt; do
 			  -a           Build all projects, including optional ones.
 			  -b           Build builder Docker images before building projects
 			  -d           Disable compiler optimizations for debugging.
-			  -f <file>    Use <file> as the docker-compose. Default: $COMPOSE_FILE"
+			  -f <file>    Use <file> as the docker-compose. Default: $COMPOSE_FILE
 			  -l           List available projects.
-			  -o           Build from the optional list. Same as -f "$COMPOSE_FILE_OPT"
+			  -o           Build from the optional list. Same as -f "$COMPOSE_FILE_OPT
 			  -p           Pull builder Docker images, do not build them (default)
 			  -q           Quiet mode. Supresses output. (default)
 			  -v           Verbose mode. Lists all build output.

From bf6172a73b5bff69c670a9b7dcac986af12b3bab Mon Sep 17 00:00:00 2001
From: Chris Lemmons <alficles@gmail.com>
Date: Fri, 4 Dec 2020 18:06:54 +0000
Subject: [PATCH 4/7] Re-added erroneously removed " from pkg help
 documentation.

---
 pkg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg b/pkg
index 1805488378..88616ca79c 100755
--- a/pkg
+++ b/pkg
@@ -106,7 +106,7 @@ while getopts :?78abdf:lopqv opt; do
 			  -d           Disable compiler optimizations for debugging.
 			  -f <file>    Use <file> as the docker-compose. Default: $COMPOSE_FILE
 			  -l           List available projects.
-			  -o           Build from the optional list. Same as -f "$COMPOSE_FILE_OPT
+			  -o           Build from the optional list. Same as -f "$COMPOSE_FILE_OPT"
 			  -p           Pull builder Docker images, do not build them (default)
 			  -q           Quiet mode. Supresses output. (default)
 			  -v           Verbose mode. Lists all build output.

From ba73d8de330e8f72e461053ba9550ac6bc4875b5 Mon Sep 17 00:00:00 2001
From: Chris Lemmons <alficles@gmail.com>
Date: Fri, 4 Dec 2020 18:47:48 +0000
Subject: [PATCH 5/7] Added comment describing which specific version of tsb is
 being pulled.

---
 infrastructure/docker/build/Dockerfile-tsb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/infrastructure/docker/build/Dockerfile-tsb b/infrastructure/docker/build/Dockerfile-tsb
index 65624ce055..bd8b74204b 100644
--- a/infrastructure/docker/build/Dockerfile-tsb
+++ b/infrastructure/docker/build/Dockerfile-tsb
@@ -20,6 +20,8 @@ FROM centos:${RHEL_VERSION} as tsb-build
 RUN yum clean all && yum -y install git
 COPY GO_VERSION /
 RUN curl -L https://dl.google.com/go/go$(cat /GO_VERSION).linux-amd64.tar.gz | tar -C /usr/local -xz && ln -s /usr/local/go/bin/go /usr/bin/go
+# Fetch tested version of tsb:
+# <2020-12-01T20:37:43+00:00!alficles@gmail.com>: Upgraded to go-yaml v3 and added comments to patches.
 RUN mkdir -p /go/src/github.com/comcast/tsb && cd /go/src/github.com/comcast/tsb && git init && git remote add origin https://github.com/comcast/tsb && git fetch --depth=1 origin 851be3e137b20ba5d2d1eefd07cd303dc5f53865 && git reset --hard FETCH_HEAD
 RUN cd /go/src/github.com/comcast/tsb && CGOENABLED=0 go build -o /usr/bin/tsb
 

From 3284abe6c11df9d9f7836638d04f72167e61f557 Mon Sep 17 00:00:00 2001
From: Chris Lemmons <alficles@gmail.com>
Date: Fri, 4 Dec 2020 20:24:24 +0000
Subject: [PATCH 6/7] Fixed potential error in build where temporary dist dir
 was not cleaned up.

It was being left in place when the build did not succeed.
---
 pkg | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg b/pkg
index 88616ca79c..2d58df4a2f 100755
--- a/pkg
+++ b/pkg
@@ -191,8 +191,10 @@ while (( "$#" )); do
 		# A "dist" symlink will be temporarily created in that directory to facilitate the collation of artefacts.
 		if [ -e "$COMPOSE_FILE.$1" ] ; then
 			ln -sf "$(dirname -- "$(realpath -e -- "$SELF")")/dist" "$(dirname -- "$(realpath -e -- "$COMPOSE_FILE.$1")")/dist" || exit 1
-			$SELF -f $(realpath -e "$COMPOSE_FILE.$1") $([ "$verbose" == 0 ] || echo "-v") $([ "$quiet" == 0 ] || echo "-q") $([ "$debug" == 0 ] || echo "-d") $([ "$build" == 0 ] || echo "-b") $("${COMPOSECMD[@]}" -f $(realpath -e "$COMPOSE_FILE.$1") config --services) || exit 1
+			$SELF -f $(realpath -e "$COMPOSE_FILE.$1") $([ "$verbose" == 0 ] || echo "-v") $([ "$quiet" == 0 ] || echo "-q") $([ "$debug" == 0 ] || echo "-d") $([ "$build" == 0 ] || echo "-b") $("${COMPOSECMD[@]}" -f $(realpath -e "$COMPOSE_FILE.$1") config --services)
+			chained_exit=$?
 			rm "$(dirname -- "$(realpath -e -- "$COMPOSE_FILE.$1")")/dist"
+			[ $chained_exit == 0 ] || exit $chained_exit
 		fi
 
 		# Update the ownership of the artefacts to match the main repo.

From 6206a43b203395d988c4c52fc7ce513c9084e2b3 Mon Sep 17 00:00:00 2001
From: Chris Lemmons <alficles@gmail.com>
Date: Fri, 4 Dec 2020 20:26:23 +0000
Subject: [PATCH 7/7] Removed the update of permissions in the dist directory.

This only works when pkg is run with enough permissions to modify the files it
creates.
---
 pkg | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/pkg b/pkg
index 2d58df4a2f..1850bebce2 100755
--- a/pkg
+++ b/pkg
@@ -196,9 +196,6 @@ while (( "$#" )); do
 			rm "$(dirname -- "$(realpath -e -- "$COMPOSE_FILE.$1")")/dist"
 			[ $chained_exit == 0 ] || exit $chained_exit
 		fi
-
-		# Update the ownership of the artefacts to match the main repo.
-		chown -R "$(stat -c '%u:%g' .)" dist
 	) || {
 		# Don't totally bail out, but make note of the failures.
 		failure=1