Merge pull request #10 from maxamillion/rpmbuild

maxamillion · web-flow · commit 3b2a58f70de4 · 2026-04-03T14:42:42.000-05:00
feat(rpm): add packit configuration and RPM spec file
diff --git a/.packit.yaml b/.packit.yaml
@@ -0,0 +1,71 @@
+# SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+# Packit configuration for OpenShell RPM builds via Fedora COPR.
+# See https://packit.dev/docs/configuration for full reference.
+
+upstream_tag_template: "v{version}"
+upstream_package_name: openshell
+downstream_package_name: openshell
+specfile_path: openshell.spec
+
+# Packages needed in the SRPM build environment to create vendor tarball
+srpm_build_deps:
+  - rust
+  - cargo
+  - git-core
+
+actions:
+  get-current-version:
+    # Derive version from the upstream tag nearest to the point where
+    # midstream diverged from main.  This maps the midstream branch back
+    # to the NVIDIA/OpenShell release it is based on.  Tags must be synced
+    # from upstream to this repo (see README / contributing notes).
+    #
+    # NOTE: all bash -c commands are single-quoted to prevent YAML from
+    # misinterpreting colon-space (": ") sequences as key-value mappings.
+    - 'bash -c "MERGE_BASE=$(git merge-base origin/midstream origin/main) && git describe --tags --match ''v*'' --abbrev=0 \"$MERGE_BASE\" | sed ''s/^v//''"'
+
+  create-archive:
+    # Step 1: Create source tarball from git working tree.
+    # Uses git ls-files + tar instead of git archive so the tarball
+    # reflects any patching that Packit may have done (e.g. version bumps).
+    - 'bash -c "VERSION=${PACKIT_PROJECT_VERSION} && TMPDIR=$(mktemp -d) && DIR=openshell-${VERSION} && mkdir -p ${TMPDIR}/${DIR} && git ls-files -z | xargs -0 tar cf - | tar xf - -C ${TMPDIR}/${DIR}/ && tar -czf openshell-${VERSION}.tar.gz -C ${TMPDIR} ${DIR} && rm -rf ${TMPDIR}"'
+    # Step 2: Create vendored Cargo dependencies tarball for offline RPM build.
+    - 'bash -c "VERSION=${PACKIT_PROJECT_VERSION} && cargo vendor --quiet && tar -cJf openshell-${VERSION}-vendor.tar.xz vendor/ && rm -rf vendor/"'
+    # Step 3: Return BOTH archive names. Packit maps each line to Source0, Source1, etc.
+    - 'bash -c "echo openshell-${PACKIT_PROJECT_VERSION}.tar.gz && echo openshell-${PACKIT_PROJECT_VERSION}-vendor.tar.xz"'
+
+  fix-spec-file:
+    # Update Source0 to the generated tarball name
+    - 'bash -c "sed -i \"s|^Source0:.*|Source0: openshell-${PACKIT_PROJECT_VERSION}.tar.gz|\" openshell.spec"'
+    # Update Source1 to the generated vendor tarball name
+    - 'bash -c "sed -i \"s|^Source1:.*|Source1: openshell-${PACKIT_PROJECT_VERSION}-vendor.tar.xz|\" openshell.spec"'
+    # Update Version
+    - 'bash -c "sed -i -r \"s/^Version:(\\s*)\\S+/Version:\\1${PACKIT_RPMSPEC_VERSION}/\" openshell.spec"'
+    # Update Release
+    - 'bash -c "sed -i -r \"s/^Release:(\\s*)\\S+/Release:\\1${PACKIT_RPMSPEC_RELEASE}%{?dist}/\" openshell.spec"'
+
+jobs:
+  # Build on every pull request targeting midstream for CI validation
+  - job: copr_build
+    trigger: pull_request
+    branch: midstream
+    identifier: midstream-pr
+    targets:
+      - fedora-all
+      - epel-10
+
+  # Build on GitHub releases for publishable RPMs.
+  # NOTE: Release builds are tag-based.  Only create GitHub releases from
+  # tags on the midstream branch to ensure builds use midstream content.
+  # See: https://packit.dev/docs/configuration/upstream/copr_build#using-a-custom-copr-project
+  - job: copr_build
+    trigger: release
+    owner: "maxamillion"
+    project: "openshell"
+    targets:
+      - fedora-all
+      - epel-10
+    preserve_project: true
+    list_on_homepage: true
diff --git a/openshell.spec b/openshell.spec
@@ -0,0 +1,135 @@
+# SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+%global crate openshell
+
+# Cargo/Rust builds with vendored deps do not produce debugsource listings
+# in the format redhat-rpm-config expects (especially on EPEL).
+%global debug_package %{nil}
+
+Name:           openshell
+Version:        0.0.20
+Release:        1%{?dist}
+Summary:        Safe, sandboxed runtimes for autonomous AI agents
+
+License:        Apache-2.0
+URL:            https://github.com/LobsterTrap/OpenShell
+Source0:        %{name}-%{version}.tar.gz
+Source1:        %{name}-%{version}-vendor.tar.xz
+
+ExclusiveArch:  x86_64 aarch64
+
+# Rust build dependencies
+# NOTE: MSRV is 1.88 (Rust edition 2024). As of mid-2025, this requires
+# Fedora Rawhide or newer. Stable Fedora and EPEL-10 may ship older Rust;
+# adjust targets in .packit.yaml accordingly or provide a supplementary
+# Rust toolchain via additional_repos in the COPR build config.
+BuildRequires:  rust >= 1.88
+BuildRequires:  cargo
+BuildRequires:  gcc
+BuildRequires:  gcc-c++
+BuildRequires:  make
+BuildRequires:  cmake
+BuildRequires:  pkg-config
+
+# Python sub-package build dependencies
+BuildRequires:  python3-devel
+
+%description
+OpenShell provides safe, sandboxed runtimes for autonomous AI agents.
+It offers a CLI for managing gateways, sandboxes, and providers with
+policy-enforced egress routing, credential proxying, and privacy-aware
+LLM inference routing.
+
+# --- Python SDK sub-package ---
+%package -n python3-%{name}
+Summary:        OpenShell Python SDK for agent execution and management
+Requires:       python3-cloudpickle >= 3.0
+Requires:       python3-grpcio >= 1.60
+Requires:       python3-protobuf >= 4.25
+Recommends:     %{name}
+
+%description -n python3-%{name}
+Python SDK for OpenShell providing programmatic access to sandbox
+management, agent execution, and inference routing via gRPC.
+
+%prep
+%autosetup -n %{name}-%{version}
+
+# Extract vendored Cargo dependencies
+tar xf %{SOURCE1}
+
+# Configure Cargo to use vendored dependencies for offline build
+mkdir -p .cargo
+cat > .cargo/config.toml << 'EOF'
+[source.crates-io]
+replace-with = "vendored-sources"
+
+[source.vendored-sources]
+directory = "vendor"
+EOF
+
+# Patch workspace version from placeholder to actual version
+sed -i 's/^version = "0.0.0"/version = "%{version}"/' Cargo.toml
+grep -q 'version = "%{version}"' Cargo.toml || (echo "ERROR: Cargo.toml version patch failed" && exit 1)
+
+%build
+# Build only the CLI binary
+export CARGO_BUILD_JOBS=%{_smp_build_ncpus}
+cargo build --release --bin openshell
+
+%install
+# Install CLI binary
+install -Dpm 0755 target/release/%{name} %{buildroot}%{_bindir}/%{name}
+
+# Install Python SDK modules (test files are intentionally excluded)
+install -d %{buildroot}%{python3_sitelib}/%{name}
+install -d %{buildroot}%{python3_sitelib}/%{name}/_proto
+
+install -pm 0644 python/%{name}/__init__.py %{buildroot}%{python3_sitelib}/%{name}/
+install -pm 0644 python/%{name}/sandbox.py %{buildroot}%{python3_sitelib}/%{name}/
+install -pm 0644 python/%{name}/_proto/__init__.py %{buildroot}%{python3_sitelib}/%{name}/_proto/
+install -pm 0644 python/%{name}/_proto/*.py %{buildroot}%{python3_sitelib}/%{name}/_proto/
+
+# Create dist-info so importlib.metadata can resolve the package version
+install -d %{buildroot}%{python3_sitelib}/%{name}-%{version}.dist-info
+cat > %{buildroot}%{python3_sitelib}/%{name}-%{version}.dist-info/METADATA << EOF
+Metadata-Version: 2.1
+Name: %{name}
+Version: %{version}
+Summary: OpenShell Python SDK for agent execution and management
+License: Apache-2.0
+Requires-Python: >=3.12
+Requires-Dist: cloudpickle>=3.0
+Requires-Dist: grpcio>=1.60
+Requires-Dist: protobuf>=4.25
+EOF
+
+# INSTALLER marker per PEP 376
+echo "rpm" > %{buildroot}%{python3_sitelib}/%{name}-%{version}.dist-info/INSTALLER
+
+# RECORD can be empty for RPM-managed installs
+touch %{buildroot}%{python3_sitelib}/%{name}-%{version}.dist-info/RECORD
+
+%check
+# Smoke-test the CLI binary
+%{buildroot}%{_bindir}/%{name} --version
+
+# Smoke-test the Python SDK version metadata via importlib.metadata.
+# We query the dist-info directly rather than importing the package because
+# the full import pulls in grpcio and other runtime deps not present in the
+# build environment.
+PYTHONPATH=%{buildroot}%{python3_sitelib} %{python3} -c "from importlib.metadata import version; v = version('openshell'); print(v); assert v == '%{version}', f'expected %{version}, got {v}'"
+
+%files
+%license LICENSE
+%doc README.md
+%{_bindir}/%{name}
+
+%files -n python3-%{name}
+%license LICENSE
+%{python3_sitelib}/%{name}/
+%{python3_sitelib}/%{name}-%{version}.dist-info/
+
+%changelog
+%autochangelog
