Merge branch 'standalone-vagrantfile' into 'master'

Standalone Vagrantfile

@mvdan @CiaranG as a follow up on our work moving to a 64-bit build server VM, this moves the buildserver config to a standalone YAML file and commits a static _Vagrantfile_ to git.  This makes it a lot easier to work with, especially for people who normally use git.  The buildserver config is already a Python _dict_, and its trivial to export a _dict_ to a YAML file.  _Vagrantfile_ is a Ruby script, where its trivial to load a YAML file.  This moves some of the logic into _Vagrantfile_ itself.  This means that someone can mess with _Yagrantfile.yaml_ and/or _Vagrantfile_ to work on the buildserver setup, without having to run `./makebuildserver`.  Then once something is working, it can be ported to the current `./makebuildserver` setup that generates _Vagrantfile.yaml_.

This is important for working on getting this whole thing running in a KVM instance like jenkins.debian.net and elsewhere.  From what I read, VirtualBox in KVM is only possible if VirtualBox is running in 32-bit mode, so that's a dead end for us.  We need to be able to run the buildserver as KVM in KVM #190.  This merge request doesn't get us there yet, but it makes the process a lot easier.

This also moves everything but Kivy to provisioning shell scripts, since the existing chef scripts were really just shell scripts wrapped in Chef wrapped in Vagrant wrapped in `./makebuildserver`.

This passes the gpjenkins CI build that creates the buildserver from scratch, then builds F-Droid and AdAway:
http://qssio5fppcrojdh3.onion:8080/job/fdroidserver-makebuildserver-eighthave/602/

I tried adding Amaze and Retrolambda as test apps for the buildserver too, we'll see how that goes:
http://qssio5fppcrojdh3.onion:8080/job/fdroidserver-makebuildserver-eighthave

See merge request !144

diff --git a/buildserver/.gitignore b/buildserver/.gitignore
index 4a3901edbe24162d7cfe376fff111c633da1fc45..d8165d61a423c6cd4a3c25807526069b5d76c5f1 100644 (file)
--- a/buildserver/.gitignore
+++ b/buildserver/.gitignore
@@ -1,4 +1,4 @@
 .vagrant
 up.log
 cache/
-Vagrantfile
+Vagrantfile.yaml

diff --git a/buildserver/Vagrantfile b/buildserver/Vagrantfile
new file mode 100644 (file)
index 0000000..e586e05
--- /dev/null
+++ b/buildserver/Vagrantfile
@@ -0,0 +1,70 @@
+
+require 'yaml'
+configfile = YAML.load_file('Vagrantfile.yaml')
+
+Vagrant.configure("2") do |config|
+
+  if Vagrant.has_plugin?("vagrant-cachier")
+    config.cache.scope = :box
+    config.cache.auto_detect = false
+    config.cache.enable :apt
+    config.cache.enable :chef
+  end
+
+  config.vm.box = configfile['basebox']
+  config.vm.box_url = configfile['baseboxurl']
+
+  config.vm.provider "virtualbox" do |v|
+    v.customize ["modifyvm", :id, "--memory", configfile['memory']]
+    v.customize ["modifyvm", :id, "--cpus", configfile['cpus']]
+    v.customize ["modifyvm", :id, "--hwvirtex", configfile['hwvirtex']]
+  end
+
+  config.vm.boot_timeout = configfile['boot_timeout']
+
+  config.vm.provision :shell, :path => "fixpaths.sh"
+
+  if configfile.has_key? "aptproxy"
+    config.vm.provision :shell, path: "provision-apt-proxy",
+      args: [configfile["aptproxy"]]
+  end
+
+  # buildserver/ is shared to the VM's /vagrant by default so the old
+  # default does not need a custom mount
+  if configfile["cachedir"] != "buildserver/cache"
+    config.vm.synced_folder configfile["cachedir"], '/vagrant/cache',
+      owner: 'root', group: 'root', create: true
+  end
+
+  # cache .deb packages on the host via a mount trick
+  if configfile.has_key? "aptcachedir"
+    config.vm.synced_folder configfile["aptcachedir"], "/var/cache/apt/archives",
+      owner: 'root', group: 'root', create: true
+  end
+
+  config.vm.provision "shell", path: "setup-env-vars",
+    args: ["/home/vagrant/android-sdk"]
+  config.vm.provision "shell", path: "provision-apt-get-install",
+    args: [configfile['debian_mirror']]
+
+  config.vm.provision :chef_solo do |chef|
+    chef.cookbooks_path = "cookbooks"
+    chef.log_level = :debug
+    chef.add_recipe "kivy"
+  end
+
+  config.vm.provision "shell", path: "provision-android-sdk"
+  config.vm.provision "shell", path: "provision-android-ndk",
+    args: ["/home/vagrant/android-ndk"]
+  config.vm.provision "shell", path: "provision-pip",
+    args: ["compare-locales"]
+  config.vm.provision "shell", path: "provision-gradle"
+  config.vm.provision "file", source: "gradle",
+    destination: "/opt/gradle/bin/gradle"
+
+  # let Ubuntu/trusty's paramiko work with the VM instance
+  if `uname -v`.include? "14.04"
+    config.vm.provision "shell", path: "provision-ubuntu-trusty-paramiko"
+  end
+
+end

diff --git a/buildserver/cookbooks/fdroidbuild-general/recipes/default.rb b/buildserver/cookbooks/fdroidbuild-general/recipes/default.rb
deleted file mode 100644 (file)
index 9ea5f50..0000000
--- a/buildserver/cookbooks/fdroidbuild-general/recipes/default.rb
+++ /dev/null
@@ -1,129 +0,0 @@
-
-user = node[:settings][:user]
-debian_mirror = node[:settings][:debian_mirror]
-
-execute 'set_debian_mirror' do
-  command "sed -i 's,http://ftp.uk.debian.org/debian/,#{debian_mirror},g' /etc/apt/sources.list"
-end
-
-execute "jessie_backports" do
-  command "echo 'deb #{debian_mirror} jessie-backports main' > /etc/apt/sources.list.d/backports.list"
-  only_if "grep jessie /etc/apt/sources.list"
-end
-
-if node['kernel']['machine'] == "x86_64"
-  execute "archi386" do
-    command "dpkg --add-architecture i386"
-  end
-end
-
-execute "apt-get-update" do
-  command "apt-get update"
-end
-
-%w{
-    ant
-    ant-contrib
-    autoconf
-    autoconf2.13
-    automake1.11
-    autopoint
-    bison
-    bzr
-    cmake
-    curl
-    expect
-    faketime
-    flex
-    gettext
-    git-core
-    git-svn
-    gperf
-    graphviz
-    imagemagick
-    inkscape
-    javacc
-    libarchive-zip-perl
-    libexpat1-dev
-    libglib2.0-dev
-    liblzma-dev
-    librsvg2-bin
-    libsaxonb-java
-    libssl-dev
-    libssl1.0.0
-    libtool
-    libtool-bin
-    make
-    maven
-  }.each do |pkg|
-  package pkg do
-    action :install
-  end
-end
-
-%w{
-    mercurial
-    nasm
-    openjdk-8-jdk-headless
-    optipng
-    p7zip
-    pandoc
-    perlmagick
-    pkg-config
-    python-gnupg
-    python-magic
-    python-setuptools
-    python3-gnupg
-    python3-requests
-    python3-yaml
-    qt5-default
-    qtbase5-dev
-    quilt
-    realpath
-    scons
-    subversion
-    swig
-    texinfo
-    transfig
-    unzip
-    vorbis-tools
-    xsltproc
-    yasm
-    zip
-  }.each do |pkg|
-  package pkg do
-    action :install
-  end
-end
-
-if node['kernel']['machine'] == "x86_64"
-  %w{libstdc++6:i386 libgcc1:i386 zlib1g:i386 libncurses5:i386}.each do |pkg|
-    package pkg do
-      action :install
-    end
-  end
-end
-
-easy_install_package "compare-locales" do
-  options "-U"
-  action :install
-end
-
-if node['kernel']['machine'] == "x86_64"
-  execute "set-default-java" do
-    command "update-java-alternatives --set java-1.8.0-openjdk-amd64"
-  end
-else
-  execute "set-default-java" do
-    command "update-java-alternatives --set java-1.8.0-openjdk-i386"
-  end
-end
-
-# Ubuntu trusty 14.04's paramiko does not work with jessie's openssh's default settings
-# https://stackoverflow.com/questions/7286929/paramiko-incompatible-ssh-peer-no-acceptable-kex-algorithm/32691055#32691055
-execute "support-ubuntu-trusty-paramiko" do
-  only_if { node[:settings][:ubuntu_trusty] == 'true' }
-  command "echo Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr >> /etc/ssh/sshd_config"
-  command "echo MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1 >> /etc/ssh/sshd_config"
-  command "echo KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 >> /etc/ssh/sshd_config"
-end

diff --git a/buildserver/cookbooks/kivy/recipes/default.rb b/buildserver/cookbooks/kivy/recipes/default.rb
index 9b8a1caaddd6cfce82848ddba852e7878a1e88b5..426991034eae74e8a739ba298b388fe298a11615 100644 (file)
--- a/buildserver/cookbooks/kivy/recipes/default.rb
+++ b/buildserver/cookbooks/kivy/recipes/default.rb
@@ -1,6 +1,4 @@
 
-user = node[:settings][:user]
-
 %w{cython python-pygame python-pip python-virtualenv python-opengl python-gst0.10 python-enchant libgl1-mesa-dev libgles2-mesa-dev}.each do |pkg|
   package pkg do
     action :install

diff --git a/buildserver/fixpaths.sh b/buildserver/fixpaths.sh
index eb8a81fba9eaf883665ffd0b871e6f894f27abf6..b55fcdf8a1ee3c622b5faedadb623cde2edab46a 100644 (file)
--- a/buildserver/fixpaths.sh
+++ b/buildserver/fixpaths.sh
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+echo $0
+
 fixit()
 {
   #Fix sudoers so the PATH gets passed through, otherwise chef

diff --git a/buildserver/provision-android-ndk b/buildserver/provision-android-ndk
index 9d4a54c0ba2fb32ee75ccb577f3f9e5e74598cdc..4ce42cc21f508529ede432d01cb0229fed36afd0 100644 (file)
--- a/buildserver/provision-android-ndk
+++ b/buildserver/provision-android-ndk
@@ -1,6 +1,7 @@
 #!/bin/bash
 #
 
+echo $0
 set -e
 
 NDK_BASE=$1

diff --git a/buildserver/provision-android-sdk b/buildserver/provision-android-sdk
index 907b2489abf721e9645b38d635ebc617488d3c8d..31bb95b2f873c5c798386a803876476de6bacee3 100644 (file)
--- a/buildserver/provision-android-sdk
+++ b/buildserver/provision-android-sdk
@@ -1,7 +1,9 @@
 #!/bin/bash
 #
 
+echo $0
 set -e
+set -x
 
 if [ -z $ANDROID_HOME ]; then
     echo "ANDROID_HOME env var must be set!"
@@ -23,7 +25,7 @@ fi
 
 cd /vagrant/cache
 
-# make hard links for `android update sdk` to use and delete
+# make links for `android update sdk` to use and delete
 for f in android_*.zip android-[0-9]*.zip platform-[0-9]*.zip build-tools_r*-linux.zip; do
     rm -f ${ANDROID_HOME}/temp/$f
     ln -s /vagrant/cache/$f ${ANDROID_HOME}/temp/
@@ -42,8 +44,8 @@ for f in `ls -1 build-tools*.zip`; do
     cached=,build-tools-${ver}${cached}
 done
 
-${ANDROID_HOME}/tools/android --silent update sdk --no-ui --all \
-    --filter platform-tools,extra-android-m2repository${cached} > /dev/null <<EOH
+${ANDROID_HOME}/tools/android update sdk --no-ui --all \
+    --filter platform-tools,extra-android-m2repository${cached} <<EOH
 y
 
 EOH

diff --git a/buildserver/provision-apt-get-install b/buildserver/provision-apt-get-install
new file mode 100644 (file)
index 0000000..1085c0a
--- /dev/null
+++ b/buildserver/provision-apt-get-install
@@ -0,0 +1,91 @@
+#!/bin/bash
+
+echo $0
+set -e
+set -x
+
+debian_mirror=$1
+
+sed -i "s,http://ftp.uk.debian.org/debian/,${debian_mirror},g" /etc/apt/sources.list
+
+if grep --quiet jessie /etc/apt/sources.list; then
+    echo "deb $debian_mirror jessie-backports main" > /etc/apt/sources.list.d/backports.list
+fi
+
+dpkg --add-architecture i386
+
+apt-get -y update
+apt-get -y upgrade
+
+packages="
+ ant
+ ant-contrib
+ autoconf
+ autoconf2.13
+ automake1.11
+ autopoint
+ bison
+ bzr
+ cmake
+ curl
+ expect
+ faketime
+ flex
+ gettext
+ git-core
+ git-svn
+ gperf
+ graphviz
+ imagemagick
+ inkscape
+ javacc
+ libarchive-zip-perl
+ libexpat1-dev
+ libgcc1:i386
+ libglib2.0-dev
+ liblzma-dev
+ libncurses5:i386
+ librsvg2-bin
+ libsaxonb-java
+ libssl-dev
+ libssl1.0.0
+ libstdc++6:i386
+ libtool
+ libtool-bin
+ make
+ maven
+ mercurial
+ nasm
+ openjdk-8-jdk-headless
+ optipng
+ p7zip
+ pandoc
+ perlmagick
+ pkg-config
+ python-gnupg
+ python-magic
+ python-setuptools
+ python3-gnupg
+ python3-requests
+ python3-yaml
+ qt5-default
+ qtbase5-dev
+ quilt
+ realpath
+ scons
+ subversion
+ swig
+ texinfo
+ transfig
+ unzip
+ vorbis-tools
+ xsltproc
+ yasm
+ zip
+ zlib1g:i386
+"
+
+apt-get install --yes --no-install-recommends $packages
+
+highestjava=`update-java-alternatives --list | sort -n | tail -1 | cut -d ' ' -f 1`
+update-java-alternatives --set $highestjava

diff --git a/buildserver/provision-apt-proxy b/buildserver/provision-apt-proxy
new file mode 100644 (file)
index 0000000..ec9a5ee
--- /dev/null
+++ b/buildserver/provision-apt-proxy
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+echo $0
+set -e
+
+rm -f /etc/apt/apt.conf.d/02proxy
+echo "Acquire::ftp::Proxy \"$1\";" >> /etc/apt/apt.conf.d/02proxy
+echo "Acquire::http::Proxy \"$1\";" >> /etc/apt/apt.conf.d/02proxy
+echo "Acquire::https::Proxy \"$1\";" >> /etc/apt/apt.conf.d/02proxy
+
+apt-get update

diff --git a/buildserver/provision-pip b/buildserver/provision-pip
new file mode 100644 (file)
index 0000000..b0984de
--- /dev/null
+++ b/buildserver/provision-pip
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+echo $0
+set -e
+set -x
+
+# cache pypi downloads
+if [ -z $PIP_DOWNLOAD_CACHE ]; then
+    export PIP_DOWNLOAD_CACHE=$HOME/.pip_download_cache
+fi
+
+apt-get install --yes --no-install-recommends python-pip
+
+pip install --upgrade $@

diff --git a/buildserver/provision-ubuntu-trusty-paramiko b/buildserver/provision-ubuntu-trusty-paramiko
new file mode 100644 (file)
index 0000000..88c046e
--- /dev/null
+++ b/buildserver/provision-ubuntu-trusty-paramiko
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+echo $0
+set -e
+
+# Ubuntu trusty 14.04's paramiko does not work with jessie's openssh's default settings
+# https://stackoverflow.com/questions/7286929/paramiko-incompatible-ssh-peer-no-acceptable-kex-algorithm/32691055#32691055
+
+if ! grep --quiet ^Ciphers /etc/ssh/sshd_config; then
+    echo Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr >> /etc/ssh/sshd_config
+fi
+
+if ! grep --quiet ^MACs /etc/ssh/sshd_config; then
+    echo MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1 >> /etc/ssh/sshd_config
+fi
+
+if ! grep --quiet ^KexAlgorithms /etc/ssh/sshd_config; then
+    echo KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 >> /etc/ssh/sshd_config
+fi

diff --git a/hooks/pre-commit b/hooks/pre-commit
index 9f0dcb77242b1624c8e1fa76b6facf4ab9bc74ef..1929ee9116637d695cd1445feddd2469305dfc3e 100755 (executable)
--- a/hooks/pre-commit
+++ b/hooks/pre-commit
@@ -12,7 +12,7 @@ if [ -z "$files" ]; then
     PY_TEST_FILES="tests/*.TestCase"
     SH_FILES="hooks/pre-commit"
     BASH_FILES="fd-commit jenkins-build docs/update.sh completion/bash-completion buildserver/provision-*"
-    RB_FILES="buildserver/cookbooks/*/recipes/*.rb"
+    RB_FILES="buildserver/cookbooks/*/recipes/*.rb buildserver/Vagrantfile"
 else
     # if actually committing right now, then only run on the files
     # that are going to be committed at this moment

diff --git a/jenkins-build-makebuildserver b/jenkins-build-makebuildserver
index 7f1cdf954cbf8e69be7900ec1e9f6e37f7b20ec7..120ce7981fa2aec58c3918cf23aebda5f9f84583 100755 (executable)
--- a/jenkins-build-makebuildserver
+++ b/jenkins-build-makebuildserver
@@ -60,13 +60,15 @@ fi
 
 cd fdroiddata
 echo "build_server_always = True" > config.py
+# if it can't build fdroid, then its really broken
+../fdroid build --verbose --stop --latest org.fdroid.fdroid
 # Gradle, JNI, preassemble
 ../fdroid build --stop org.adaway:55
 # Maven
-../fdroid build --stop org.quantumbadger.redreader:55
+#../fdroid build --stop org.quantumbadger.redreader:55
 # Custom build (make)
-../fdroid build --stop com.amaze.filemanager:29
+#../fdroid build --stop com.amaze.filemanager:29
 # Uses verification
-../fdroid build --stop info.guardianproject.checkey:101
+#../fdroid build --stop info.guardianproject.checkey:101
 # Gradle with retrolambda (JDK7 and JDK8)
-../fdroid build --stop com.moez.QKSMS:124
+#../fdroid build --stop com.moez.QKSMS:124

diff --git a/makebuildserver b/makebuildserver
index ccc987c6d5d8cf2c7c45106e1d2ce466036a0978..173ca747291379b80abd4fd060b896034ecbe279 100755 (executable)
--- a/makebuildserver
+++ b/makebuildserver
@@ -6,6 +6,7 @@ import sys
 import subprocess
 import time
 import hashlib
+import yaml
 from clint.textui import progress
 from optparse import OptionParser
 
@@ -49,7 +50,6 @@ options, args = parser.parse_args()
 # set up default config
 cachedir = os.path.join(os.getenv('HOME'), '.cache', 'fdroidserver')
 config = {
-    'arch64': True,
     'basebox': 'jessie64',
     # TODO in py3, convert this to pathlib.Path(absolute_path_string).as_uri()
     'baseboxurl': [
@@ -62,6 +62,7 @@ config = {
     'cachedir': cachedir,
     'cpus': 1,
     'memory': 1024,
+    'hwvirtex': 'off',
 }
 
 # load config file, if present
@@ -70,6 +71,7 @@ if os.path.exists('makebuildserver.config.py'):
 elif os.path.exists('makebs.config.py'):
     # this is the old name for the config file
     exec(compile(open('makebs.config.py').read(), 'makebs.config.py', 'exec'), config)
+del(config['__builtins__'])  # added by compile/exec
 
 if not os.path.exists('makebuildserver') or not os.path.exists(serverdir):
     print('This must be run from the correct directory!')
@@ -86,11 +88,16 @@ cachedir = config['cachedir']
 if not os.path.exists(cachedir):
     os.makedirs(cachedir, 0o755)
 
+if config['apt_package_cache']:
+    config['aptcachedir'] = cachedir + '/apt/archives'
+
 cachefiles = [
     ('https://dl.google.com/android/repository/tools_r25.1.7-linux.zip',
      '3ca053600a86a5a64d5571edfbb1dad27f2bda3bfd2d38e2fe54322610b1ef0b'),
-    ('https://dl.google.com/android/repository/android_m2repository_r32.zip',
-     'a6a8d7ffb153161f26d5fdebfa9aa1c9c84b29c62851fffff2cdfad9e094b13b'),
+    ('https://dl.google.com/android/repository/platform-tools_r24-linux.zip',
+     '076368b337d042d163364594dda63b7e778835f636fafb2c8af4d4a604175c32'),
+    ('https://dl.google.com/android/repository/android_m2repository_r33.zip',
+     'be9bb4a27aeefb1c9adb0cade8771f764447c4cbde74426303db2ac6bde1879c'),
     ('https://dl.google.com/android/repository/android-1.5_r04-linux.zip',
      '85b6c8f9797e56aa415d3a282428bb640c96b0acb17c11d41621bb2a5302fe64'),
     ('https://dl.google.com/android/repository/android-1.6_r03-linux.zip',
@@ -231,25 +238,14 @@ cachefiles = [
      '993b4f33b652c689e9721917d8e021cab6bbd3eae81b39ab2fd46fdb19a928d5'),
     ('https://pypi.python.org/packages/source/K/Kivy/Kivy-1.7.2.tar.gz',
      '0485e2ef97b5086df886eb01f8303cb542183d2d71a159466f99ad6c8a1d03f1'),
+    ('https://dl.google.com/android/ndk/android-ndk-r10e-linux-x86_64.bin',
+     '102d6723f67ff1384330d12c45854315d6452d6510286f4e5891e00a5a8f1d5a'),
+    ('https://dl.google.com/android/ndk/android-ndk-r9b-linux-x86_64.tar.bz2',
+     '8956e9efeea95f49425ded8bb697013b66e162b064b0f66b5c75628f76e0f532'),
+    ('https://dl.google.com/android/ndk/android-ndk-r9b-linux-x86_64-legacy-toolchains.tar.bz2',
+     'de93a394f7c8f3436db44568648f87738a8d09801a52f459dcad3fc047e045a1'),
 ]
 
-if config['arch64']:
-    cachefiles.extend([
-        ('https://dl.google.com/android/ndk/android-ndk-r10e-linux-x86_64.bin',
-         '102d6723f67ff1384330d12c45854315d6452d6510286f4e5891e00a5a8f1d5a'),
-        ('https://dl.google.com/android/ndk/android-ndk-r9b-linux-x86_64.tar.bz2',
-         '8956e9efeea95f49425ded8bb697013b66e162b064b0f66b5c75628f76e0f532'),
-        ('https://dl.google.com/android/ndk/android-ndk-r9b-linux-x86_64-legacy-toolchains.tar.bz2',
-         'de93a394f7c8f3436db44568648f87738a8d09801a52f459dcad3fc047e045a1')])
-else:
-    cachefiles.extend([
-        ('https://dl.google.com/android/ndk/android-ndk-r10e-linux-x86.bin',
-         '92b07d25aaad9b341a7f2b2a62402d508e948bf2dea3ee7b65a6aeb18bca7df5'),
-        ('https://dl.google.com/android/ndk/android-ndk-r9b-linux-x86.tar.bz2',
-         '748104b829dd12afb2fdb3044634963abb24cdb0aad3b26030abe2e9e65bfc81'),
-        ('https://dl.google.com/android/ndk/android-ndk-r9b-linux-x86-legacy-toolchains.tar.bz2',
-         '606aadf815ae28cc7b0154996247c70d609f111b14e44bcbcd6cad4c87fefb6f')])
-
 
 def sha256_for_file(path):
     with open(path, 'rb') as f:
@@ -310,118 +306,31 @@ for srcurl, shasum in cachefiles:
         print("\t...shasum verified for " + local_filename)
     else:
         print("Invalid shasum of '" + v + "' detected for " + local_filename)
+        os.remove(local_filename)
         sys.exit(1)
 
-# allow specifying a list/tuple that includes cached local copy
-if type(config['baseboxurl']) in (list, tuple) or config['baseboxurl'][0] in ('(', '['):
-    baseboxurl = config['baseboxurl']
-else:
-    baseboxurl = '"{0}"'.format(config['baseboxurl'])
-
 # use VirtualBox software virtualization if hardware is not available,
 # like if this is being run in kvm or some other VM platform, like
 # http://jenkins.debian.net, the values are 'on' or 'off'
-hwvirtex = 'off'
 if sys.platform.startswith('darwin'):
     # all < 10 year old Macs work, and OSX servers as VM host are very
     # rare, but this could also be auto-detected if someone codes it
-    hwvirtex = 'on'
+    config['hwvirtex'] = 'on'
 elif os.path.exists('/proc/cpuinfo'):
     with open('/proc/cpuinfo') as f:
         contents = f.read()
     if 'vmx' in contents or 'svm' in contents:
-        hwvirtex = 'on'
-
-# Generate an appropriate Vagrantfile for the buildserver, based on our
-# settings...
-vagrantfile = """
-Vagrant.configure("2") do |config|
-
-  if Vagrant.has_plugin?("vagrant-cachier")
-    config.cache.scope = :box
-    config.cache.auto_detect = false
-    config.cache.enable :apt
-    config.cache.enable :chef
-  end
-
-  config.vm.box = "{0}"
-  config.vm.box_url = {1}
-
-  config.vm.provider "virtualbox" do |v|
-    v.customize ["modifyvm", :id, "--memory", "{2}"]
-    v.customize ["modifyvm", :id, "--cpus", "{3}"]
-    v.customize ["modifyvm", :id, "--hwvirtex", "{4}"]
-  end
+        config['hwvirtex'] = 'on'
 
-  config.vm.boot_timeout = {5}
-
-  config.vm.provision :shell, :path => "fixpaths.sh"
-""".format(config['basebox'],
-           baseboxurl,
-           config['memory'],
-           config.get('cpus', 1),
-           hwvirtex,
-           config['boot_timeout'])
-if 'aptproxy' in config and config['aptproxy']:
-    vagrantfile += """
-  config.vm.provision :shell, :inline => 'sudo echo "Acquire::http {{ Proxy \\"{0}\\"; }};" > /etc/apt/apt.conf.d/02proxy && sudo apt-get update'
-""".format(config['aptproxy'])
-
-# buildserver/ is shared to the VM's /vagrant by default so the old default
-# does not need a custom mount
-if cachedir != 'buildserver/cache':
-    vagrantfile += """
-  config.vm.synced_folder '{0}', '/vagrant/cache',
-    owner: 'root', group: 'root', create: true
-""".format(cachedir)
-
-# cache .deb packages on the host via a mount trick
-if config['apt_package_cache']:
-    aptcachedir = cachedir + '/apt/archives'
-    vagrantfile += """
-  config.vm.synced_folder "{0}", "/var/cache/apt/archives",
-    owner: 'root', group: 'root', create: true
-""".format(aptcachedir)
-
-vagrantfile += """
-
-  config.vm.provision "shell", path: "setup-env-vars",
-    args: ["/home/vagrant/android-sdk"]
-
-  config.vm.provision :chef_solo do |chef|
-    chef.cookbooks_path = "cookbooks"
-    chef.log_level = :debug
-    chef.json = {
-      :settings => {
-        :debian_mirror => "%s",
-        :ubuntu_trusty => "%s",
-        :user => "vagrant"
-      }
-    }
-    chef.add_recipe "fdroidbuild-general"
-    chef.add_recipe "kivy"
-  end
-
-  config.vm.provision "shell", path: "provision-android-sdk"
-  config.vm.provision "shell", path: "provision-android-ndk",
-    args: ["/home/vagrant/android-ndk"]
-  config.vm.provision "shell", path: "provision-gradle"
-  config.vm.provision "file", source: "gradle",
-    destination: "/opt/gradle/bin/gradle"
-
-end
-""" % (config['debian_mirror'],
-       str('14.04' in os.uname()[3]).lower())
-
-# Check against the existing Vagrantfile, and if they differ, we need to
-# create a new box:
-vf = os.path.join(serverdir, 'Vagrantfile')
+# Check against the existing Vagrantfile.yaml, and if they differ, we
+# need to create a new box:
+vf = os.path.join(serverdir, 'Vagrantfile.yaml')
 writevf = True
 if os.path.exists(vf):
     vagrant(['halt'], serverdir)
-    with open(vf, 'r') as f:
-        oldvf = f.read()
-    if oldvf != vagrantfile:
+    with open(vf, 'r', encoding='utf-8') as f:
+        oldconfig = yaml.load(f)
+    if config != oldconfig:
         print("Server configuration has changed, rebuild from scratch is required")
         vagrant(['destroy', '-f'], serverdir)
     else:
@@ -430,9 +339,8 @@ if os.path.exists(vf):
 else:
     print("No existing server - building from scratch")
 if writevf:
-    with open(vf, 'w') as f:
-        f.write(vagrantfile)
-
+    with open(vf, 'w', encoding='utf-8') as f:
+        yaml.dump(config, f)
 
 print("Configuring build server VM")
 returncode, out = vagrant(['up', '--provision'], serverdir, printout=True)