Fabrid: Design Document Update

.bazelignore

@@ -1,4 +1,5 @@
 bin
+doc/_build
 docker/_build
-rules_openapi/tools/node_modules
+private/mgmtapi/tools/node_modules
 tools/lint/logctxcheck/testdata/src

.bazelversion

@@ -1 +1 @@
-5.4.0
+6.4.0

.buildkite/hooks/bazel-remote.yml

@@ -1,4 +1,5 @@
 version: "2.4"
+name: bazel_remote
 services:
   bazel-remote:
     container_name: bazel-remote-cache

.buildkite/hooks/go-module-proxy.yml

@@ -1,5 +1,6 @@
 ---
 version: "2.4"
+name: athens
 services:
   go-module-proxy:
     container_name: go-module-proxy

.buildkite/hooks/pre-command

@@ -30,9 +30,10 @@ rm -f $HOME/.bazelrc
 # --nostamp is required for better caching (only on non-release jobs).
 if [ "$BUILDKITE_PIPELINE_SLUG" == "scion" ]; then
     echo "build --nostamp" > $HOME/.bazelrc
-    # Also set a fixed GIT_VERSION so that the workspace_status_command always
-    # returns the same value on CI to improve cache reuse.
-    export GIT_VERSION="ci-fixed"
+    # Shorten the git version to omit commit information, improving cache reuse.
+    # The format of git-version is "<tag>-<number-of-commits-since-the-tag>-<commit-short-hash>"
+    # This will be shortened to "<tag>-modified-ci"
+    export GIT_VERSION=$(tools/git-version | sed 's/-.*/-modified-ci/')
 else
     echo "build --stamp" > $HOME/.bazelrc
 fi
@@ -43,7 +44,7 @@ echo "~~~ Starting bazel remote cache proxy"
 # Start bazel remote cache proxy for S3
 # Note that S3 keys are injected by buildkite, see
 # https://buildkite.com/docs/pipelines/secrets#storing-secrets-with-the-elastic-ci-stack-for-aws
-docker compose --compatibility -f .buildkite/hooks/bazel-remote.yml -p bazel_remote up -d
+docker compose -f .buildkite/hooks/bazel-remote.yml up -d
 
 echo "~~~ Starting go module proxy"
-docker compose --compatibility -f .buildkite/hooks/go-module-proxy.yml -p athens up -d
+docker compose -f .buildkite/hooks/go-module-proxy.yml up -d

.buildkite/pipeline.yml

@@ -12,7 +12,7 @@ steps:
     plugins:
       - scionproto/metahook#v0.3.0:
           post-artifact: |
-            cat << EOF | buildkite-agent annotate --style "info"
+            cat << EOF | buildkite-agent annotate --style "info" --context "binaries"
             #### Build outputs
             - <a href="artifact://bazel-bin/scion.tar">SCION binaries</a>
             - <a href="artifact://bazel-bin/scion-ci.tar">SCION test tools and utilities</a>
@@ -23,6 +23,28 @@ steps:
         - exit_status: 255 # Forced agent shutdown
     timeout_in_minutes: 10
   - wait
+  - label: "Package :debian:"
+    command:
+      - make dist-deb
+      - cd deb;
+      - tar -chaf scion-deb-amd64.tar.gz *_amd64.deb
+      - tar -chaf scion-deb-arm64.tar.gz *_arm64.deb
+      - tar -chaf scion-deb-i386.tar.gz *_i386.deb
+      - tar -chaf scion-deb-armel.tar.gz *_armel.deb
+    artifact_paths:
+      - "deb/*.tar.gz"
+    plugins:
+      - scionproto/metahook#v0.3.0:
+          post-artifact: |
+            cat << EOF | buildkite-agent annotate --style "info" --context "packages"
+            #### Packages :debian:
+            - <a href="artifact://deb/scion-deb-amd64.tar.gz">amd64</a>
+            - <a href="artifact://deb/scion-deb-arm64.tar.gz">arm64</a>
+            - <a href="artifact://deb/scion-deb-i386.tar.gz">i386</a>
+            - <a href="artifact://deb/scion-deb-armel.tar.gz">armel</a>
+            EOF
+    key: dist-deb
+    retry: *automatic-retry
   - label: "Unit Tests :bazel:"
     command:
       - bazel test --config=race --config=unit_all
@@ -70,6 +92,7 @@ steps:
     timeout_in_minutes: 20
     key: check_generated
     retry: *automatic-retry
+  - wait
   - group: "End to End"
     key: e2e
     steps:
@@ -118,7 +141,7 @@ steps:
     - label: "E2E: default :docker: (ping)"
       command:
         - echo "--- build"
-        - make build docker-images
+        - make build-dev docker-images
         - echo "--- start topology"
         - ./scion.sh topology -d
         - ./scion.sh run

.buildkite/pipeline_lib.sh

@@ -53,8 +53,12 @@ gen_bazel_test_steps() {
         echo "          - \"bazel-testlogs.tar.gz\""
         echo "        timeout_in_minutes: 20"
         echo "        retry:"
+        echo "          manual:"
+        echo "            permit_on_passed: true"
         echo "          automatic:"
         echo "            - exit_status: -1 # Agent was lost"
         echo "            - exit_status: 255 # Forced agent shutdown"
+        echo "            - exit_status: 3 # Test may be flaky or it just didn't pass"
+        echo "              limit: 2"
     done
 }

.buildkite/provision-agent.sh

@@ -13,4 +13,4 @@ echo "~~~ Install build tools"
 tools/install_bazel
 tools/install_deps
 
-sha1sum tools/install_bazel tools/install_deps tools/env/pip3/deps tools/env/pip3/requirements.txt tools/env/rhel/deps > /tmp/buildkite-scionproto-runner-provision.sum
+sha1sum tools/install_bazel tools/install_deps tools/env/pip3/deps tools/env/pip3/requirements.txt tools/env/rhel/deps tools/env/rhel/pkgs.txt tools/env/debian/deps tools/env/debian/pkgs.txt > /tmp/buildkite-scionproto-runner-provision.sum

.gitignore

@@ -66,6 +66,10 @@ doc/venv/
 /bin/*
 !/bin/.keepme
 
+# Generated package files
+##########################
+/deb/
+
 # CTags
 ##########################
 tags
@@ -91,6 +95,11 @@ _build
 node_modules
 
 # gobra
+#######
 *.vpr
 tmp/
 logger.log
+
+# emacs backup files
+####################
+*~

BUILD.bazel

@@ -7,7 +7,7 @@ load("//tools/lint:write_source_files.bzl", "write_source_files")
 load("//tools/lint/python:flake8_config.bzl", "flake8_lint_config")
 load("//:nogo.bzl", "nogo_deps")
 load("@com_github_bazelbuild_buildtools//buildifier:def.bzl", "buildifier")
-load("@cgrindel_bazel_starlib//updatesrc:defs.bzl", "updatesrc_update_all")
+load("@npm//private/mgmtapi/tools:@stoplight/spectral-cli/package_json.bzl", spectral_bin = "bin")
 
 # gazelle:prefix github.com/scionproto/scion
 # gazelle:map_kind go_library go_library //tools/lint:go.bzl
@@ -198,6 +198,7 @@ pkg_tar(
         "//tools/buildkite/cmd/buildkite_artifacts",
         "//tools/end2end",
         "//tools/end2end_integration",
+        "//tools/end2endblast",
         "//tools/pktgen/cmd/pktgen",
         "//tools/scion_integration",
         "//tools/udpproxy",
@@ -233,19 +234,25 @@ buildifier(
     mode = "check",
 )
 
-# Runs all update_src targets in this Workspace. Currently, generating the
-# OpenAPI specs is the last target that depends on update_src. Eventually,
-# this should be transitioned to write_all_source_files below.
-updatesrc_update_all(
-    name = "update_all",
+spectral_bin.spectral_binary(
+    name = "spectral",
 )
 
 # Runs all write_source_files targets in this Workspace. To update the list run
 # bazel run @com_github_bazelbuild_buildtools//buildozer -- --root_dir $PWD  "add additional_update_targets $( bazel query 'filter("^.*[^\d]$", kind(_write_source_file, //...)) except //:write_all_source_files' | tr '\n' ' ')" //:write_all_source_files
 write_source_files(
     name = "write_all_source_files",
     additional_update_targets = [
-        "//doc/_build/_static/command:write_files",
+        "//control/mgmtapi:write_files",
+        "//daemon/mgmtapi:write_files",
+        "//dispatcher/mgmtapi:write_files",
         "//doc/command:write_files",
+        "//gateway/mgmtapi:write_files",
+        "//private/ca/api:write_files",
+        "//private/mgmtapi/cppki/api:write_files",
+        "//private/mgmtapi/health/api:write_files",
+        "//private/mgmtapi/segments/api:write_files",
+        "//router/mgmtapi:write_files",
+        "//spec:write_files",
     ],
 )

Makefile

@@ -1,14 +1,38 @@
-.PHONY: all antlr bazel clean docker-images gazelle go.mod licenses mocks protobuf scion-topo test test-integration write_all_source_files
+.PHONY: all build build-dev dist-deb antlr clean docker-images gazelle go.mod licenses mocks protobuf scion-topo test test-integration write_all_source_files
 
-build: bazel
+build-dev:
+	rm -f bin/*
+	bazel build //:scion //:scion-ci
+	tar -kxf bazel-bin/scion.tar -C bin
+	tar -kxf bazel-bin/scion-ci.tar -C bin
+
+build:
+	rm -f bin/*
+	bazel build //:scion
+	tar -kxf bazel-bin/scion.tar -C bin
+
+dist-deb:
+	bazel build //dist:deb_all
+	mkdir -p deb; rm -f deb/*;
+	@ # Bazel cannot include the version in the filename, if we want to set it automatically from the git tag.
+	@ # Extract the version from the .deb "control" manifest and expand the "__" in the filename to "_<version>_".
+	@ #   See e.g. https://en.wikipedia.org/wiki/Deb_(file_format)#Control_archive
+	@for f in `bazel cquery //dist:deb_all --output=files 2>/dev/null`; do \
+		if [ -f "$$f" ]; then \
+			bf=`basename $$f`; \
+			v="$$(ar p $$f control.tar.gz | tar -xz --to-stdout ./control | sed -n 's/Version: //p')"; \
+			bfv=$${bf%%__*}_$${v}_$${bf#*__}; \
+			cp -v "$$f" deb/$$bfv; \
+		fi \
+	done
 
 # all: performs the code-generation steps and then builds; the generated code
 # is git controlled, and therefore this is only necessary when changing the
 # sources for the code generation.
 # Use NOTPARALLEL to force correct order.
 # Note: From GNU make 4.4, this still allows building any other targets (e.g. lint) in parallel.
 .NOTPARALLEL: all
-all: go_deps.bzl protobuf mocks gazelle build antlr write_all_source_files licenses
+all: go_deps.bzl protobuf mocks gazelle build-dev antlr write_all_source_files licenses
 
 clean:
 	bazel clean
@@ -18,12 +42,6 @@ scrub:
 	bazel clean --expunge
 	rm -f bin/*
 
-bazel:
-	rm -f bin/*
-	bazel build //:scion //:scion-ci
-	tar -kxf bazel-bin/scion.tar -C bin
-	tar -kxf bazel-bin/scion-ci.tar -C bin
-
 test:
 	bazel test --config=unit_all
 
@@ -70,7 +88,6 @@ antlr:
 
 write_all_source_files:
 	bazel run //:write_all_source_files
-	bazel run //:update_all
 
 .PHONY: lint lint-bazel lint-bazel-buildifier lint-doc lint-doc-mdlint lint-go lint-go-bazel lint-go-gazelle lint-go-golangci lint-go-semgrep lint-openapi lint-openapi-spectral lint-protobuf lint-protobuf-buf
 
@@ -123,11 +140,11 @@ lint-openapi: lint-openapi-spectral
 
 lint-openapi-spectral:
 	$(info ==> $@)
-	@tools/quiet bazel run --config=quiet @rules_openapi_npm//@stoplight/spectral-cli/bin:spectral -- lint --ruleset ${PWD}/spec/.spectral.yml ${PWD}/spec/*.gen.yml
+	@tools/quiet bazel run --config=quiet //:spectral -- lint --ruleset ${PWD}/spec/.spectral.yml ${PWD}/spec/*.gen.yml
 
 lint-doc: lint-doc-mdlint
 
 lint-doc-mdlint:
 	$(info ==> $@)
-	@FILES=$$(find -type f -iname '*.md' -not -path "./rules_openapi/tools/node_modules/*" -not -path "./.github/**/*" | grep -vf tools/md/skipped); \
+	@FILES=$$(find -type f -iname '*.md' -not -path "./private/mgmtapi/tools/node_modules/*" -not -path "./.github/**/*" | grep -vf tools/md/skipped); \
 		docker run --rm -v ${PWD}:/data -v ${PWD}/tools/md/mdlintstyle.rb:/style.rb $$(docker build -q tools/md) $${FILES} -s /style.rb

README.md

@@ -1,37 +1,53 @@
 # SCION
 
 [![Slack chat](https://img.shields.io/badge/chat%20on-slack-blue?logo=slack)](https://scionproto.slack.com)
+[![Matrix chat](https://img.shields.io/badge/chat%20on-matrix-blue?logo=matrix)](https://matrix.to/#/#dev:matrix.scion.org)
+[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/scionproto/awesome-scion)
 [![ReadTheDocs](https://img.shields.io/badge/doc-reference-blue?version=latest&style=flat&label=docs&logo=read-the-docs&logoColor=white)](https://docs.scion.org/en/latest)
-[![Documentation](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white)](https://pkg.go.dev/github.com/scionproto/scion)
+[![Go Docs](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white)](https://pkg.go.dev/github.com/scionproto/scion)
 [![Nightly Build](https://badge.buildkite.com/b70b65b38a75eb8724f41a6f1203c9327cfb767f07a0c1934e.svg)](https://buildkite.com/scionproto/scion-nightly/builds/latest)
 [![Go Report Card](https://goreportcard.com/badge/github.com/scionproto/scion)](https://goreportcard.com/report/github.com/scionproto/scion)
 [![GitHub issues](https://img.shields.io/github/issues/scionproto/scion/help%20wanted.svg?label=help%20wanted&color=purple)](https://github.com/scionproto/scion/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22)
 [![GitHub issues](https://img.shields.io/github/issues/scionproto/scion/good%20first%20issue.svg?label=good%20first%20issue&color=purple)](https://github.com/scionproto/scion/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22)
 [![Release](https://img.shields.io/github/release-pre/scionproto/scion.svg)](https://github.com/scionproto/scion/releases)
 [![License](https://img.shields.io/github/license/scionproto/scion.svg?maxAge=2592000)](https://github.com/scionproto/scion/blob/master/LICENSE)
 
-Welcome to the open-source implementation of
-[SCION](http://www.scion-architecture.net) (Scalability, Control and Isolation
-On next-generation Networks), a future Internet architecture. SCION is the first
-clean-slate Internet architecture designed to provide route control, failure
-isolation, and explicit trust information for end-to-end communication. To find
-out more about the project, please visit our [documentation
-site](https://docs.scion.org/en/latest/).
+Welcome to the open-source implementation of [SCION](http://www.scion-architecture.net)
+(Scalability, Control and Isolation On next-generation Networks), a future Internet architecture.
+SCION provides route control, failure isolation, and explicit trust information for end-to-end communication.
+To find out more about the project, please visit our [documentation site](https://docs.scion.org/en/latest/).
 
-## Connecting to the SCION Test Network
+## Installation
 
-Join [SCIONLab](https://www.scionlab.org) if you're interested in playing with
-SCION in an operational global test deployment of SCION. As part of the SCIONLab
-project, we support [pre-built binaries as Debian
-packages](https://docs.scionlab.org/content/install/).
+Installation packages for Debian and derivatives are available for x86-64, arm64, x86-32 and arm.
+These packages can be found in the [latest release](https://github.com/scionproto/scion/releases/latest).
+Packages for in-development versions can be found from the [latest nightly build](https://buildkite.com/scionproto/scion-nightly/builds/latest).
 
-## Building
+Alternatively, "naked" pre-built binaries are available for Linux x86-64 and
+can be downloaded from the [latest release](https://github.com/scionproto/scion/releases/latest) or the
+[latest nightly build](https://buildkite.com/scionproto/scion-nightly/builds/latest).
 
-To find out how to work with SCION, please visit our [documentation
-site](https://docs.scion.org/en/latest/dev/setup.html)
-for instructions on how to install build dependencies, build and run SCION.
+### Build from sources
 
-Pre-built binaries for x86-64 Linux are available from the [latest nightly build](https://buildkite.com/scionproto/scion-nightly/builds/latest).
+SCION can be built with `go build`. To build all binaries used in a SCION deployment (i.e.
+excluding the testing and development tools), run
+
+```sh
+CGO_ENABLED=0 go build -o bin ./router/... ./control/... ./dispatcher/... ./daemon/... ./scion/... ./scion-pki/... ./gateway/...
+```
+
+The default way to build SCION, however, uses Bazel.
+In particular, this allows to run all the tests, linters etc.
+Please visit our [documentation site](https://docs.scion.org/en/latest/dev/setup.html) for
+instructions on how to set up Bazel and the full development environment.
+
+### Connecting to the SCION Network
+
+Join [SCIONLab](https://www.scionlab.org) if you're interested in playing with SCION in an
+operational global test deployment of SCION.
+
+The [awesome-scion](https://github.com/scionproto/awesome-scion#deployments) list contains
+pointers to production deployments of SCION.
 
 ## Contributing