New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create, install and relocate tarballs of installed packages. #4854
Conversation
A build cache is a tarball of the install directory of a spack installed package. spack buildcache create <> * saves the install path, a list of binary files and a list of text files in install_directory/.spack/binary_distribution * creates a build_cache directory * creates a tarball of the package install directory * signs the tarball using gpg * creates ".spack" file with signature and install directory tarball * puts a renamed copy of ".spec" file in build_cache direcory * puts ".spack" in a subdirectory of build_cache named by platform then compiler * recurses all link and run dependencies of package creating build caches for them * optinally make all rpaths, ids, and deps relative if they are in the spack install tree before creating tarball of install directory options: -d : directory to create build_cache direcory in, default "." -f : overwrite ".spack" in build_cache if it exists -r : make paths in binaries relative before creating tarball -key : the kep to sign package with, defaults to first key in spack gpg directory -ns : don't sign the package with gpg <> : list of package specs or package hashes with leading / spack buildcache list <> * checks the list of configured mirrors for a build_cache directory * downloads all ".spec" files found * prints a list of spack buildcache install commands using the package hash and the equivalent concretized short spec options: <> string to be matched to matched to begining of listed concretized short specs, eg. "spack buildcache list gcc" with print only commands to install gcc package(s) spack buildcache install <> * checks the list of configured mirrors for ".spack" file matching the explicit hash or the hash generated from the input spec * downloads ".spack" file for packages and all link and run dependencies based on ".spec" file which contains all hashes * unpacks ".spack" file and verifies tarball with gpg signature file * unpacks tarball into new install path * changes all rpaths ( ids and deps on macOS ) from original install path to new install path in all binaries * changes all text file replacing original install path with new install path * calls spack reindex routine to add package to installed package db * repeats unpack and verify procedure for dependency .spack files options: -f : remove install directory if it exists before unpacking tarball -nv : don't verify package with gpg <> : list of package specs or package hashes with leading / spack buildcache keys * checks the list of configured mirrors for ".key" files in build_cache directory and a prints a list of keys * optionally adds key to trusted keys options: -i : trust the keys downloaded with prompt for each -y : answer yes to all
@mathstuf @adamjstewart |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Testing shows that if I do not have keys installed, the package contains empty .asc
files. If we're making a unsigned package (which didn't error or even warn), the .asc
files should not be present.
lib/spack/docs/binary_caches.rst
Outdated
Finding and installing build cache files | ||
------------------------------------ | ||
|
||
To find install build caches a spack mirror must be configured with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To find install build caches
reads oddly. To find installed build caches
perhaps?
lib/spack/docs/binary_caches.rst
Outdated
.. _binary_caches: | ||
|
||
Build caches | ||
============================ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The "titlelines" should match the title length (also applies to later titles).
lib/spack/docs/binary_caches.rst
Outdated
Tarballs are created for all of its link and run | ||
dependency packages as well. | ||
Compressed tarballs are signed with gpg and | ||
signature and tarball and put in a ".spack" tarfile. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's no need to mention that it's a tarfile. Also, the wordwrapping here is odd. Consider reflowing?
lib/spack/docs/binary_caches.rst
Outdated
|
||
options: | ||
|
||
-d : directory to create build_cache direcory in, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks like it could use some markup. Also, build_cache
is not an (English) word :) .
lib/spack/docs/binary_caches.rst
Outdated
-key : the kep to sign package with, | ||
defaults to first key in spack gpg directory | ||
-ns : don't sign the package with gpg | ||
<> : list of package specs or package hashes with leading / |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is how this has been specified elsewhere in the docs.
lib/spack/docs/binary_caches.rst
Outdated
-r : make paths in binaries relative before creating tarball | ||
-key : the kep to sign package with, | ||
defaults to first key in spack gpg directory | ||
-ns : don't sign the package with gpg |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Short options should be a single letter with the long option using the full words. It may also be better to discuss the various flags in prose where how the command is usually used is discussed (see the docs for spack gpg
which go discuss a series of actions which make sense using the command).
@@ -0,0 +1,372 @@ | |||
# "Benedikt Hegner (CERN)" | |||
# "Patrick Gartung (FNAL)" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should have the standard Spack copyright header, no?
lib/spack/spack/cmd/buildcache.py
Outdated
create.add_argument('-ns', '--nosign', action='store_true') | ||
create.add_argument('-k', '--key', metavar='key', | ||
type=str, default=None, | ||
help="gpg2 key for signing.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should just be Key for signing
. No need to mention that it's a GPG key.
And if I use |
The -k option should work now. |
Hmm, I'm still getting an empty
|
# Sign the packages. | ||
if sign: | ||
if key is None: | ||
keys = Gpg.signing_keys() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mathstuf Do I need to init the Pgp interface for the signing to work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I found the bug.
It worked on my mac because I had just made the bug fix. |
Yep, that works now :) . Thanks. I'll test it out more later this week. |
40ec524
to
a4ccfe7
Compare
…ome/gartung/spack/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/gartung/.local/bin:/home/gartung/bin, call more fuctions from relocate.pywq
…ested in pytest env
…should have made read-only files writable.
if force: | ||
os.remove(specfile_path) | ||
else: | ||
return NoOverwriteException(specfile_path) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
-> raise NoOverwriteException
(you must raise exceptions vs. returning them)
try: | ||
sign_tarball(yes_to_all, key, force, specfile_path) | ||
signed = True | ||
except (NoGpgException, PickKeyException, NoKeyException) as e: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this case you don't have to surround with try/except, the exception will terminate and be caught in the caller (generally speaking when you have a try/except clause and the except just has a raise
then you don't need to wrap with a try/except)
…ches Conflicts: lib/spack/spack/binary_distribution.py lib/spack/spack/test/packaging.py
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks pretty good to me. All new comments are related to documentation.
I tried running the tests on my system and it hung on account of the key generation. It looks like this didn't cause problems for travis though, and I think it may be problematic at the moment to add a private key. @mathstuf is there a way to add signing and verification keys for a unit test in such a way that it doesn't affect spack signing/verifying outside the test?
lib/spack/docs/binary_caches.rst
Outdated
|
||
spack buildcache install <> | ||
^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
Install "build_cache" available on spack mirror. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer: "retrieve specs available from each mirror's build cache and installs all specs which match the input spec"
Initial build and later installation do not necessarily happen at the same | ||
location. Spack provides a relocation capability and corrects for RPATHs and | ||
non-relocatable scripts. However, many packages compile paths into binary | ||
artificats directly. In such cases, the build instructions of this package would |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
-> "artifacts"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Jenkins speak for binaries.
lib/spack/docs/binary_caches.rst
Outdated
----- | ||
spack buildcache create <> | ||
^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
Create tarball of installed spack package, checksum tarball and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Create tarball of installed spack package
... and all dependencies. Places them in a directory. You can place the directory in a mirror and commands like "spack buildcache install" will search it for pre-compiled packages.
lib/spack/spack/relocate.py
Outdated
|
||
def macho_make_paths_relative(path_name, old_dir, rpaths, deps, idpath): | ||
""" | ||
Replace old_dir with relative path from dirname(path_name) to old_dir |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes more sense to me if you remove "to old_dir" at the end of this line. Also, the same replacement is not being done for idpath
.
The old install dir in LC_RPATH is replaced with the new install dir using | ||
install_name_tool -rpath old new binary | ||
""" | ||
# avoid error message for libgcc_s |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What error comes up for this? I'm curious what context this function gets called on a path_name for libgcc_s
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Packaging the gcc compiler.
That's odd: the failing test is not associated with this PR (and only fails for python 3.4) - could you close and reopen the PR in the github interface? That will rerun the tests. |
Yes, the GPG tests do this by setting the directories to use to mock directories instead. |
@mathstuf mentioned that the exceptions you defined should inherit from
with
(I'm repeating this here because I'm having trouble finding this comment in the review) Other than that this looks good to me and I plan to merge it by 8/14 (pending that minor update) |
@gartung Thanks for the PR, and for all the updates! |
This is a resubmit of previous binary_packages branch #1013 and includes work started in #445
A build cache is a tarball of the install directory of a spack installed package.
spack buildcache create <>
options:
-d : directory to create build_cache direcory in, default "."
-f : overwrite ".spack" in build_cache if it exists
-r : make paths in binaries relative before creating tarball
-key : the kep to sign package with, defaults to first key in spack gpg directory
-ns : don't sign the package with gpg
<> : list of package specs or package hashes with leading /
spack buildcache list <>
options:
<> string to be matched to matched to begining of listed concretized short specs,
eg. "spack buildcache list gcc" with print only commands to install gcc package(s)
spack buildcache install <>
options:
-f : remove install directory if it exists before unpacking tarball
-nv : don't verify package with gpg
<> : list of package specs or package hashes with leading /
spack buildcache keys
options:
-i : trust the keys downloaded with prompt for each
-y : answer yes to all