From 263810e7792b66a33999b7f97602c0c1fa9b35b7 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Tue, 5 Aug 2025 18:16:15 +0200 Subject: [PATCH 1/5] Add Debian "trixie" --- .gitlab-ci.yml | 55 +++++++++++++++++++++++++++++++++++++++ doc/arm/platforms.inc.rst | 2 +- 2 files changed, 56 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4ab1568f1a..43e3f5463e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -219,6 +219,10 @@ stages: image: "$CI_REGISTRY_IMAGE:debian-bookworm-amd64" <<: *linux_amd64 +.debian-trixie-amd64: &debian_trixie_amd64_image + image: "$CI_REGISTRY_IMAGE:debian-trixie-amd64" + <<: *linux_amd64 + .tsan-debian-bookworm-amd64: &tsan_debian_bookworm_amd64_image image: "$CI_REGISTRY_IMAGE:tsan-debian-bookworm-amd64" <<: *linux_amd64 @@ -1078,6 +1082,31 @@ unit:gcc:bookworm:amd64: - job: gcc:bookworm:amd64 artifacts: true +# Jobs for regular GCC builds on Debian 13 "trixie" (amd64) + +gcc:trixie:amd64: + variables: + CC: gcc + CFLAGS: "${CFLAGS_COMMON}" + EXTRA_CONFIGURE: "-Didn=enabled" + RUN_MESON_INSTALL: 1 + <<: *debian_trixie_amd64_image + <<: *build_job + +system:gcc:trixie:amd64: + <<: *debian_trixie_amd64_image + <<: *system_test_job + needs: + - job: gcc:trixie:amd64 + artifacts: true + +unit:gcc:trixie:amd64: + <<: *debian_trixie_amd64_image + <<: *unit_test_job + needs: + - job: gcc:trixie:amd64 + artifacts: true + # Build job for cross-compiled GCC builds on 64-bit Debian 12 "bookworm" # (amd64) with 32-bit BIND 9. @@ -1456,6 +1485,32 @@ unit:clang:bookworm:amd64: - job: clang:bookworm:amd64 artifacts: true +# Jobs for Clang builds on Debian 13 "trixie" (amd64) + +clang:trixie:amd64: + variables: + CC: ${CLANG} + CFLAGS: "${CFLAGS_COMMON}" + RUN_MESON_INSTALL: 1 + <<: *debian_trixie_amd64_image + <<: *build_job + +system:clang:trixie:amd64: + <<: *debian_trixie_amd64_image + <<: *system_test_job + <<: *api_pipelines_schedules_tags_triggers_web_triggering_rules + needs: + - job: clang:trixie:amd64 + artifacts: true + +unit:clang:trixie:amd64: + <<: *debian_trixie_amd64_image + <<: *unit_test_job + <<: *api_pipelines_schedules_tags_triggers_web_triggering_rules + needs: + - job: clang:trixie:amd64 + artifacts: true + # Jobs for Clang builds on FreeBSD 13 (amd64) clang:freebsd13:amd64: diff --git a/doc/arm/platforms.inc.rst b/doc/arm/platforms.inc.rst index 7eb31104fc..d40055b870 100644 --- a/doc/arm/platforms.inc.rst +++ b/doc/arm/platforms.inc.rst @@ -43,7 +43,7 @@ Regularly Tested Platforms Current versions of BIND 9 are fully supported and regularly tested on the following systems: -- Debian 12 +- Debian 12, 13 - Ubuntu LTS 22.04, 24.04 - Fedora 42 - Red Hat Enterprise Linux / CentOS / AlmaLinux 8, 9, 10 From 840069856f5b994e40dff53e4dc02e682798cbb1 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Tue, 5 Aug 2025 18:19:34 +0200 Subject: [PATCH 2/5] Move CI and QA tools from Debian "sid" to "trixie" Debian "sid" is not a stable test bed and should be avoided. --- .gitlab-ci.yml | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 43e3f5463e..5c456ecb6e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -619,7 +619,7 @@ coccinelle: # Revert to using the "precheck_job" anchor after the "base" image is # upgraded to Debian trixie, which has Coccinelle 1.2. <<: *default_triggering_rules - <<: *debian_sid_amd64_image + <<: *debian_trixie_amd64_image stage: precheck ###################################################################### needs: [] @@ -632,7 +632,7 @@ meson-format: # Revert to using the "precheck_job" anchor after the "base" image is # upgraded to Debian trixie, which has muon 0.4.0. <<: *default_triggering_rules - <<: *debian_sid_amd64_image + <<: *debian_trixie_amd64_image stage: precheck ###################################################################### needs: [] @@ -663,7 +663,7 @@ doctest: pylint: <<: *default_triggering_rules - <<: *debian_sid_amd64_image + <<: *debian_trixie_amd64_image stage: precheck needs: [] variables: @@ -712,7 +712,7 @@ checkbashisms: mypy: <<: *default_triggering_rules - <<: *debian_sid_amd64_image + <<: *debian_trixie_amd64_image stage: precheck script: - mypy "bin/tests/system/isctest/" @@ -1146,11 +1146,11 @@ scan-build: - scan-build.reports/ when: on_failure -# Jobs for strict OpenSSL 3.x (no deprecated) GCC builds on Debian "sid" (amd64) +# Jobs for strict OpenSSL 3.x (no deprecated) GCC builds on Debian "trixie" (amd64) # Run with pkcs11-provider tests -gcc:ossl3:sid:amd64: - <<: *debian_sid_amd64_image +gcc:ossl3:trixie:amd64: + <<: *debian_trixie_amd64_image <<: *build_job variables: CC: gcc @@ -1159,22 +1159,22 @@ gcc:ossl3:sid:amd64: EXTRA_CONFIGURE: "-Doptimization=3 -Djemalloc=disabled -Dleak-detection=disabled" RUN_MESON_INSTALL: 1 -system:gcc:ossl3:sid:amd64: +system:gcc:ossl3:trixie:amd64: # Set up environment variables to run pkcs11-provider based system tests variables: OPENSSL_CONF: "/var/tmp/etc/openssl-provider.cnf" SOFTHSM2_CONF: "/var/tmp/softhsm2/softhsm2.conf" - <<: *debian_sid_amd64_image + <<: *debian_trixie_amd64_image <<: *system_test_job needs: - - job: gcc:ossl3:sid:amd64 + - job: gcc:ossl3:trixie:amd64 artifacts: true unit:gcc:ossl3:amd64: - <<: *debian_sid_amd64_image + <<: *debian_trixie_amd64_image <<: *unit_test_job needs: - - job: gcc:ossl3:sid:amd64 + - job: gcc:ossl3:trixie:amd64 artifacts: true # Jobs for regular GCC builds on Debian "sid" (amd64) @@ -1186,8 +1186,7 @@ gcc:sid:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" - EXTRA_CONFIGURE: "-Doptimization=3 -Didn=enabled -Dlmdb=disabled ${WITH_LIBEDIT}" - RUN_MESON_INSTALL: 1 + EXTRA_CONFIGURE: "-Doptimization=3 -Didn=enabled -Dlmdb=disabled" system:gcc:sid:amd64: <<: *debian_sid_amd64_image From bb26409f343418989f7ae27eac19b61d17c969cf Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Tue, 5 Aug 2025 18:23:10 +0200 Subject: [PATCH 3/5] Make "trixie" the base image --- .gitlab-ci.yml | 129 ++++++++++------------------- util/release-tarball-comparison.sh | 2 +- 2 files changed, 44 insertions(+), 87 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5c456ecb6e..4a50dca3aa 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -223,12 +223,12 @@ stages: image: "$CI_REGISTRY_IMAGE:debian-trixie-amd64" <<: *linux_amd64 -.tsan-debian-bookworm-amd64: &tsan_debian_bookworm_amd64_image - image: "$CI_REGISTRY_IMAGE:tsan-debian-bookworm-amd64" +.tsan-debian-trixie-amd64: &tsan_debian_trixie_amd64_image + image: "$CI_REGISTRY_IMAGE:tsan-debian-trixie-amd64" <<: *linux_amd64 -.debian-bookworm-amd64cross32: &debian_bookworm_amd64cross32_image - image: "$CI_REGISTRY_IMAGE:debian-bookworm-amd64cross32" +.debian-trixie-amd64cross32: &debian_trixie_amd64cross32_image + image: "$CI_REGISTRY_IMAGE:debian-trixie-amd64cross32" <<: *linux_amd64 .debian-sid-amd64: &debian_sid_amd64_image @@ -269,7 +269,7 @@ stages: # This is a meta image that is used as a base for non-specific jobs .base: &base_image - <<: *debian_bookworm_amd64_image + <<: *debian_trixie_amd64_image ### Job Templates @@ -615,26 +615,14 @@ clang-format: when: on_failure coccinelle: - ###################################################################### - # Revert to using the "precheck_job" anchor after the "base" image is - # upgraded to Debian trixie, which has Coccinelle 1.2. - <<: *default_triggering_rules - <<: *debian_trixie_amd64_image - stage: precheck - ###################################################################### + <<: *precheck_job needs: [] script: - util/check-cocci - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi meson-format: - ###################################################################### - # Revert to using the "precheck_job" anchor after the "base" image is - # upgraded to Debian trixie, which has muon 0.4.0. - <<: *default_triggering_rules - <<: *debian_trixie_amd64_image - stage: precheck - ###################################################################### + <<: *precheck_job needs: [] script: - git ls-files "*meson.build" | xargs muon-meson fmt -i @@ -662,9 +650,7 @@ doctest: "$PYTEST" --noconftest --doctest-modules pylint: - <<: *default_triggering_rules - <<: *debian_trixie_amd64_image - stage: precheck + <<: *precheck_job needs: [] variables: PYTHONPATH: "${CI_PROJECT_DIR}/bin/tests/system" @@ -711,8 +697,7 @@ checkbashisms: - checkbashisms $(find . -path './.git' -prune -o -type f -exec sh -c 'head -n 1 "{}" | grep -qsF "#!/bin/sh"' \; -print) mypy: - <<: *default_triggering_rules - <<: *debian_trixie_amd64_image + <<: *precheck_job stage: precheck script: - mypy "bin/tests/system/isctest/" @@ -731,7 +716,7 @@ tarball-create: - build/meson-dist/*.tar.xz needs: [] -# Jobs for doc builds on Debian 12 "bookworm" (amd64) +# Jobs for doc builds on Debian 13 "trixie" (amd64) changelog: <<: *base_image @@ -1050,34 +1035,20 @@ gcc:bookworm:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" - # Tracing needs to be disabled otherwise gcovr fails - EXTRA_CONFIGURE: "-Doptimization=0 -Db_coverage=true -Dtracing=disabled -Didn=enabled ${WITH_LIBEDIT}" - RUN_MESON_INSTALL: 1 + EXTRA_CONFIGURE: "-Didn=enabled" <<: *debian_bookworm_amd64_image <<: *build_job system:gcc:bookworm:amd64: <<: *debian_bookworm_amd64_image <<: *system_test_job - variables: - CI_ENABLE_LONG_TESTS: 1 - CLEAN_BUILD_ARTIFACTS_ON_SUCCESS: 0 - TZ: Australia/Sydney - needs: # using artifacts from unit test job is required for gcov - - job: unit:gcc:bookworm:amd64 + needs: + - job: gcc:bookworm:amd64 artifacts: true - rules: - - if: '$CI_PIPELINE_SOURCE == "schedule"' - variables: - CI_ENABLE_LIVE_INTERENT_TESTS: 1 - - *default_triggering_rules_list unit:gcc:bookworm:amd64: <<: *debian_bookworm_amd64_image <<: *unit_test_job - variables: - CI_ENABLE_LONG_TESTS: 1 - CLEAN_BUILD_ARTIFACTS_ON_SUCCESS: 0 needs: - job: gcc:bookworm:amd64 artifacts: true @@ -1088,7 +1059,8 @@ gcc:trixie:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" - EXTRA_CONFIGURE: "-Didn=enabled" + # Tracing needs to be disabled otherwise gcovr fails + EXTRA_CONFIGURE: "-Doptimization=0 -Db_coverage=true -Dtracing=disabled -Didn=enabled ${WITH_LIBEDIT}" RUN_MESON_INSTALL: 1 <<: *debian_trixie_amd64_image <<: *build_job @@ -1096,29 +1068,42 @@ gcc:trixie:amd64: system:gcc:trixie:amd64: <<: *debian_trixie_amd64_image <<: *system_test_job + variables: + CI_ENABLE_LONG_TESTS: 1 + CLEAN_BUILD_ARTIFACTS_ON_SUCCESS: 0 + TZ: Australia/Sydney + # using artifacts from unit test job is required for gcov needs: - - job: gcc:trixie:amd64 + - job: unit:gcc:trixie:amd64 artifacts: true + rules: + - if: '$CI_PIPELINE_SOURCE == "schedule"' + variables: + CI_ENABLE_LIVE_INTERNET_TESTS: 1 + - *default_triggering_rules_list unit:gcc:trixie:amd64: <<: *debian_trixie_amd64_image <<: *unit_test_job + variables: + CI_ENABLE_LONG_TESTS: 1 + CLEAN_BUILD_ARTIFACTS_ON_SUCCESS: 0 needs: - job: gcc:trixie:amd64 artifacts: true -# Build job for cross-compiled GCC builds on 64-bit Debian 12 "bookworm" +# Build job for cross-compiled GCC builds on 64-bit Debian 13 "trixie" # (amd64) with 32-bit BIND 9. -gcc:bookworm:amd64cross32: +gcc:trixie:amd64cross32: variables: CFLAGS: "${CFLAGS_COMMON}" CROSS_COMPILATION: 1 EXTRA_CONFIGURE: "--cross-file ci/amd64cross32.ini -Didn=enabled -Dgssapi=disabled -Dtracing=disabled ${WITH_LIBEDIT}" - <<: *debian_bookworm_amd64cross32_image + <<: *debian_trixie_amd64cross32_image <<: *build_job -# Jobs for scan-build builds on Debian 12 "bookworm" (amd64) +# Jobs for scan-build builds on Debian 13 "trixie" (amd64) .scan_build: &scan_build - ${SCAN_BUILD} --html-title="BIND 9 ($CI_COMMIT_SHORT_SHA)" @@ -1204,7 +1189,7 @@ unit:gcc:sid:amd64: - job: gcc:sid:amd64 artifacts: true -# Jobs for tarball GCC builds on Debian 12 "bookworm" (amd64) +# Jobs for tarball GCC builds on Debian 13 "trixie" (amd64) gcc:tarball: variables: @@ -1401,7 +1386,7 @@ unit:gcc:tsan: artifacts: true clang:tsan: - <<: *tsan_debian_bookworm_amd64_image + <<: *tsan_debian_trixie_amd64_image <<: *build_job variables: CC: "${CLANG}" @@ -1412,7 +1397,7 @@ clang:tsan: system:clang:tsan: variables: TSAN_OPTIONS: "${TSAN_OPTIONS_DEBIAN}" - <<: *tsan_debian_bookworm_amd64_image + <<: *tsan_debian_trixie_amd64_image <<: *system_test_tsan_job needs: - job: clang:tsan @@ -1421,7 +1406,7 @@ system:clang:tsan: unit:clang:tsan: variables: TSAN_OPTIONS: "${TSAN_OPTIONS_DEBIAN}" - <<: *tsan_debian_bookworm_amd64_image + <<: *tsan_debian_trixie_amd64_image <<: *unit_test_tsan_job needs: - job: clang:tsan @@ -1456,34 +1441,6 @@ tsan:stress: - job: clang:tsan artifacts: true -# Jobs for Clang builds on Debian 12 "bookworm" (amd64) - -clang:bookworm:amd64: - variables: - CC: ${CLANG} - CFLAGS: "${CFLAGS_COMMON} -Wenum-conversion -DOPENSSL_API_COMPAT=10100" - # See https://gitlab.isc.org/isc-projects/bind9/-/issues/3444 - EXTRA_CONFIGURE: "-Djemalloc=disabled -Dleak-detection=disabled" - RUN_MESON_INSTALL: 1 - <<: *debian_bookworm_amd64_image - <<: *build_job - -system:clang:bookworm:amd64: - <<: *debian_bookworm_amd64_image - <<: *system_test_job - <<: *api_pipelines_schedules_tags_triggers_web_triggering_rules - needs: - - job: clang:bookworm:amd64 - artifacts: true - -unit:clang:bookworm:amd64: - <<: *debian_bookworm_amd64_image - <<: *unit_test_job - <<: *api_pipelines_schedules_tags_triggers_web_triggering_rules - needs: - - job: clang:bookworm:amd64 - artifacts: true - # Jobs for Clang builds on Debian 13 "trixie" (amd64) clang:trixie:amd64: @@ -1721,7 +1678,7 @@ coverity: respdiff: <<: *respdiff_job <<: *default_triggering_rules - <<: *debian_bookworm_amd64_image + <<: *base_image variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -DISC_TRACK_PTHREADS_OBJECTS" @@ -1734,7 +1691,7 @@ respdiff: respdiff:asan: <<: *respdiff_job <<: *default_triggering_rules - <<: *debian_bookworm_amd64_image + <<: *base_image variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" @@ -1747,7 +1704,7 @@ respdiff:asan: respdiff:tsan: <<: *respdiff_job <<: *default_triggering_rules - <<: *tsan_debian_bookworm_amd64_image + <<: *tsan_debian_trixie_amd64_image variables: CC: "${CLANG}" CFLAGS: "${CFLAGS_COMMON}" @@ -1764,7 +1721,7 @@ respdiff:tsan: respdiff-third-party: <<: *respdiff_job <<: *default_triggering_rules - <<: *debian_bookworm_amd64_image + <<: *base_image variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" @@ -1776,7 +1733,7 @@ respdiff-third-party: .respdiff-recent-named: &respdiff_recent_named <<: *respdiff_job - <<: *debian_bookworm_amd64_image + <<: *base_image <<: *default_triggering_rules needs: - job: ci-variables @@ -1902,7 +1859,7 @@ gcov: <<: *default_triggering_rules stage: postcheck needs: - - job: system:gcc:bookworm:amd64 + - job: system:gcc:trixie:amd64 artifacts: true script: # Ensure gcov files for unit tests are found via tests/ rather than diff --git a/util/release-tarball-comparison.sh b/util/release-tarball-comparison.sh index 1f9267c707..4fac8f9203 100755 --- a/util/release-tarball-comparison.sh +++ b/util/release-tarball-comparison.sh @@ -34,7 +34,7 @@ if [ -z "${GITLAB_USER}" ] || [ -z "${GITLAB_TOKEN}" ]; then fi # Create the container to work in. -CONTAINER_ID=$(docker create --interactive debian:bookworm) +CONTAINER_ID=$(docker create --interactive debian:trixie) trap "docker container rm -f \${CONTAINER_ID} >/dev/null" EXIT docker start "${CONTAINER_ID}" From 2b793d3f142d0634480e58f2ff1bfbad07026afb Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Wed, 6 Aug 2025 17:49:34 +0200 Subject: [PATCH 4/5] scan-build does not need to wait for previous stages --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4a50dca3aa..fc47880bb4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1126,6 +1126,7 @@ scan-build: script: - *configure - *scan_build + needs: [] artifacts: paths: - scan-build.reports/ From 62ed25d7c00398b1496ea16e23235ac120fa3cf0 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Mon, 18 Aug 2025 16:56:48 +0200 Subject: [PATCH 5/5] Drop unused env variable SCANBUILD --- .gitlab-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index fc47880bb4..ca88eaa8ce 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1120,7 +1120,6 @@ scan-build: CC: "${CLANG}" CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "-Didn=enabled" - SCANBUILD: "${CI_PROJECT_DIR}/scan-build.sh" before_script: - *list_installed_package_versions script: