add ci checks

.github/workflows/build.yml

@@ -0,0 +1,43 @@
+name: Make distributions and test
+
+on:
+  # run workflows on main master and release/** branches
+  push:
+    branches:
+      - main
+      - master
+      - release/**
+  # run workflows on pull requests against the same branches
+  pull_request:
+    branches:
+      - main
+      - master
+      - release/**
+
+# automatically cancel redundant builds
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  makeandtest:
+    name: ${{ matrix.distro }}:${{ matrix.version }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - distro: eurolinux/centos-7
+            version: latest
+          - distro: rockylinux
+            version: 8
+          - distro: rockylinux
+            version: 9
+          - distro: opensuse/leap
+            version: 15
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Get source code
+        uses: actions/checkout@v3
+
+      - name: Run make-and-test under docker
+        run: ./ci/docker-run ${{ matrix.distro }}:${{ matrix.version }}

ci/docker-run

@@ -0,0 +1,23 @@
+#!/bin/bash -e
+# Run docker as shown at
+#  https://djw8605.github.io/2016/05/03/building-centos-packages-on-travisci/
+#
+# This more complicated setup is needed for github actions too because 
+#  they do not provide a mechanism for reliably enabling user namespaces.
+# Github actions does at least start a VM with docker already running.
+
+# Assumes running on Ubuntu 24+
+
+DOCKER_HUB_URI="$1"
+docker pull "$DOCKER_HUB_URI"
+
+DOCKER_CONTAINER_NAME="test_${OS_TYPE##*/}_${OS_VERSION//./_}"
+
+set -x
+docker run --privileged --network=host -v "$(pwd):/source:rw" \
+  --name "$DOCKER_CONTAINER_NAME" "$DOCKER_HUB_URI" /bin/bash -exc \
+	"cd /source && ./ci/privileged-run"
+
+docker ps -a
+docker stop "$DOCKER_CONTAINER_NAME"
+docker rm -v "$DOCKER_CONTAINER_NAME"

ci/make-and-test

@@ -0,0 +1,16 @@
+#!/bin/bash
+# Now running as an unprivileged user with user namespaces enabled in a
+# container and required packages installed. Make distributions and test.
+
+. /etc/os-release
+
+set -ex
+for DIST in default osg egi; do
+    if [ "$DIST" = egi ] && [[ "$VERSION_ID" != 7* ]]; then
+        # egi not yet supported for el8 or el9
+        continue
+    fi
+    rm -rf dist
+    ./makedist $DIST
+    ./cvmfsexec atlas.cern.ch -- ls /cvmfs/atlas.cern.ch
+done

ci/privileged-run

@@ -0,0 +1,19 @@
+#!/bin/bash
+# Running in a privileged container.  Install required packages and
+# switch to an unprivileged user to run the tests.
+
+set -ex
+if [ -f /usr/bin/zypper ]; then
+    #suse
+    zypper install -y procps cpio findutils
+else
+    yum install -y procps-ng cpio findutils
+fi
+
+# because host kernel is Ubuntu 24+, this enables user namespaces
+sysctl kernel.apparmor_restrict_unprivileged_userns=0
+
+# switch to an unprivileged user
+useradd -u 1000 --create-home -s /bin/bash testuser
+chown -R testuser .
+su testuser -c ci/make-and-test

makedist

@@ -185,6 +185,10 @@ fi
 echo "Making $SINGMSG$DISTTYPE distribution for $MACHTYPE"
 
 getcoprurl() {
+    if [ ! -f /usr/bin/yumdownloader ]; then
+        echo "yumdownloader not found, skipping trying to get $1 from copr" >&2
+        return
+    fi
     typeset TMPF=$(mktemp)
     typeset REPONAME=makedist-$1
     cat >$TMPF <<!EOF!
@@ -285,7 +289,7 @@ if $INCLUDEHELPER; then
     fi
     URLS="$URLS $BASEURL/$HELPER"
     if [ "$EL" -lt 8 ]; then
-        EPELURL="https://download.fedoraproject.org/pub/epel/$EL/$ARCH/Packages"
+        EPELURL="https://archives.fedoraproject.org/pub/archive/epel/$EL/$ARCH/Packages"
     else
         EPELURL="https://download.fedoraproject.org/pub/epel/$EL/Everything/$ARCH/Packages"
     fi