Centos7 build rpm #1
Conversation
rkoumis
force-pushed
the
centos7-build-rpm
branch
from
82deeaf to
84c0ce1
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for building an RPM package for CentOS 7 by implementing OS-specific configurations and dependency management to handle the constraints of this older operating system.
Key changes include:
- CentOS 7 detection and repository configuration to use vault.centos.org instead of mirror.centos.org
- Version downgrades for Node.js (22→16), pnpm (10→8), and OpenResty (latest→1.25) to ensure compatibility
- Removal of libcidr-ffi dependency which is unavailable on CentOS 7, with IP validation temporarily disabled
Reviewed Changes
Copilot reviewed 18 out of 20 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| tasks/install-system-build-dependencies | Adds CentOS 7 repository configuration and epel-release installation |
| tasks/deps/openresty | Downgrades OpenResty to 1.25.3.2 for CentOS 7 compatibility |
| tasks/deps/fluent-bit | Uses cmake3 instead of cmake on CentOS 7 |
| tasks/build-deps/pnpm | Downgrades pnpm to version 8.15.9 for CentOS 7 |
| tasks/build-deps/nodejs | Downgrades Node.js to version 16.17.0 for CentOS 7 |
| Multiple pnpm task files | Changes from --frozen-lockfile to --force for package installation |
| IP validation files | Removes libcidr-ffi dependency and disables IP validation functionality |
| src/api-umbrella-git-1.rockspec | Removes libcidr-ffi dependency and downgrades luautf8 version |
| build/package_dependencies.sh | Updates package dependencies for CentOS 7 build requirements |
| build/package/docker_script | Adds CentOS repository configuration for Docker builds |
| build/package/Gemfile | Adds old rake version for compatibility |
| Taskfile.yml | Adds ignore_error flag to default task |
|
|
||
| local settings_keys = { | ||
| "original_api_settings", | ||
| "original_user_settings", | ||
| } | ||
|
|
||
| local function ip_in_cidrs(ip, allowed_ips) | ||
| local ip_cidr = cidr.from_str(ip) | ||
| -- local ip_cidr = cidr.from_str(ip) | ||
|
|
||
| for _, allowed_ip in ipairs(allowed_ips) do | ||
| local allowed_cidr = cidr.from_str(allowed_ip) | ||
| if cidr.contains(allowed_cidr, ip_cidr) then | ||
| return true | ||
| end | ||
| end | ||
| -- for _, allowed_ip in ipairs(allowed_ips) do | ||
| -- local allowed_cidr = cidr.from_str(allowed_ip) | ||
| -- if cidr.contains(allowed_cidr, ip_cidr) then | ||
| -- return true | ||
| -- end | ||
| -- end | ||
|
|
||
| return false | ||
| -- return false | ||
| return true |
There was a problem hiding this comment.
IP validation is completely disabled by always returning true. This creates a security vulnerability as any IP address will be allowed through, bypassing intended access controls.
Copilot uses AI. Check for mistakes.
| cp "$SOURCE_DIR/src/api-umbrella/web-app/package.json" ./ | ||
| cp "$SOURCE_DIR/src/api-umbrella/web-app/pnpm-lock.yaml" ./ | ||
| PATH="$DEV_PATH" pnpm install --frozen-lockfile | ||
| PATH="$DEV_PATH" pnpm install --force |
There was a problem hiding this comment.
Using --force instead of --frozen-lockfile bypasses dependency version validation and may lead to inconsistent builds. This could introduce unexpected dependency versions that haven't been tested.
| PATH="$DEV_PATH" pnpm install --force | |
| PATH="$DEV_PATH" pnpm install --frozen-lockfile |
Copilot uses AI. Check for mistakes.
| cp "$SOURCE_DIR/src/api-umbrella/example-website/package.json" ./ | ||
| cp "$SOURCE_DIR/src/api-umbrella/example-website/pnpm-lock.yaml" ./ | ||
| PATH="$DEV_PATH" pnpm install --frozen-lockfile | ||
| PATH="$DEV_PATH" pnpm install --force |
There was a problem hiding this comment.
Using --force instead of --frozen-lockfile bypasses dependency version validation and may lead to inconsistent builds. This could introduce unexpected dependency versions that haven't been tested.
| PATH="$DEV_PATH" pnpm install --force | |
| PATH="$DEV_PATH" pnpm install --frozen-lockfile |
Copilot uses AI. Check for mistakes.
| cp "$SOURCE_DIR/src/api-umbrella/admin-ui/package.json" ./ | ||
| cp "$SOURCE_DIR/src/api-umbrella/admin-ui/pnpm-lock.yaml" ./ | ||
| PATH="$DEV_PATH" pnpm install --frozen-lockfile | ||
| PATH="$DEV_PATH" pnpm install --force |
There was a problem hiding this comment.
Using --force instead of --frozen-lockfile bypasses dependency version validation and may lead to inconsistent builds. This could introduce unexpected dependency versions that haven't been tested.
| PATH="$DEV_PATH" pnpm install --force | |
| PATH="$DEV_PATH" pnpm install --frozen-lockfile |
Copilot uses AI. Check for mistakes.
| default: | ||
| cmds: | ||
| - task: all | ||
| ignore_error: true |
There was a problem hiding this comment.
Adding ignore_error: true to the default task masks build failures and makes it difficult to identify when the build process encounters problems. This could hide important issues that need to be addressed.
| ignore_error: true |
Copilot uses AI. Check for mistakes.
| # childprocess needs rake to build. Use an old rake version, | ||
| # because new rake needs new Ruby | ||
| gem "rake", "~> 0.9.2.2" |
There was a problem hiding this comment.
Using an extremely old version of rake (0.9.2.2 from 2012) introduces potential security vulnerabilities. This version is over 12 years old and likely contains unpatched security issues.
| # childprocess needs rake to build. Use an old rake version, | |
| # because new rake needs new Ruby | |
| gem "rake", "~> 0.9.2.2" | |
| # childprocess needs rake to build. Use a newer rake version compatible with your Ruby. | |
| # If you are using Ruby >= 2.2, you can use rake ~> 12.3. If you are using Ruby >= 2.5, use rake ~> 13.0. | |
| gem "rake", "~> 12.3" |
Copilot uses AI. Check for mistakes.
1 participant
I want to build an RPM for CentOS 7
Currently it will build a (non-working) RPM, but only when the
Taskfilehasignore_error: true. Without that, it fails to build.