Part of tarantool/tt#286

NO_TEST=third-party dependency
NO_DOC=third-party dependency

(cherry picked from commit 10f7109c)

tarantool/metrics [1] is a lua module (distributed as a separate rock)
for metrics aggregation and export. After this patch, it will be a part
of the tarantool binary.

1. https://github.com/tarantool/metrics

Part of #7725

@TarantoolBot document
Title: embedded metrics

Now tarantool has metrics module on its board. metrics is a lua module
previously distributed as a separate rock which is widely used by
tarantool applications. Metrics has its own documentation section:
https://www.tarantool.io/en/doc/latest/book/monitoring/ , but it doesn't
yet mention anything about the embedding.

(cherry picked from commit 82ebbb35)

tarantool/checks [1] is a lua module (distributed as a separate rock)
for function input validation. After this patch, it will a part of
the tarantool binary.

1. https://github.com/tarantool/checks

Closes #7726
Needed for #7725

@TarantoolBot document
Title: embedded checks

Now tarantool has checks module on its board. checks is a lua module
previously distributed as a separate rock which is widely used by
many other tarantool lua modules (like cartridge, metrics and crud) and
tarantool applications. checks has its own repo with README covering its
API usage: https://github.com/tarantool/checks/blob/master/README.md .

Curl 7.87 uses CMake's keywords (for example GREATER_EQUAL [0])
available since CMake 3.7. However, we are still supporting old Ubuntu
version where CMake version lower than 3.7 is used. This patch adds a
script that enables CMake repository with newer CMake packages for
Ubuntu 16.04 (Xenial) and bumps a required version of CMake.

NOTE (regarding cmake3 package):

Commit 1a62d874 ("build: update CMake minimum version to 3.1") [1]
added an additional package requirement with "cmake3". This package has
been created in addition to package "cmake", because CMake 3 had
breaking changes [2]. Package "cmake3" has been provided only in Ubuntu
14.04 LTS (Trusty Tahr) [4], that will be EOLed in 2024, and CentOS 7,
that was EOLed in Aug 2020 and will have end of security support in Jun
2024 [5]. Latest version of package "cmake3" for Ubuntu 14.04 is 3.5.1
[3], so it is not worth to bump version of cmake3 in requirements and I
left it the same.

0. https://cmake.org/cmake/help/latest/command/if.html#greater-equal
1. https://github.com/tarantool/tarantool/commit/1a62d874db5f4780da5b35b6d4d0e3a296148920
2. https://cmake.org/cmake/help/latest/release/3.0.html#id4
3. https://launchpad.net/ubuntu/trusty/+package/cmake3
4. https://ubuntu.com/about/release-cycle
5. https://wiki.centos.org/About/Product

Needed for #8150

NO_CHANGELOG=see the next commit
NO_DOC=libcurl submodule bump
NO_TEST=libcurl submodule bump

The dependency is redundant, because the library is now bundled into
tarantool (see PR #6877).

There is a practical reason to remove it: this way we'll verify that
presence of system libunwind headers is not necessary to build
tarantool. In other words, we'll verify that #8025 will not appear
again.

Follows up #8025
Follows up #6877
Part of #6998

NO_DOC=No user visible changes, just some validation for a build fix.
NO_TEST=See NO_DOC.
NO_CHANGELOG=See a changelog entry in the previous commit.

Not used anywhere anymore. No need in it, because SHA1 is provided by
the OpenSSL library.

Closes #7987

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

Now we base on some unreleased state of libunwind. This is by itself not
a good practice. Yet the main motivation is that in the current version of
libunwind fast path for backtrace detection on x86_64 does not work.
I guess this is because of libunwind/libunwind@400b3f819ad4 (" x86_64: Stop
aliasing RSP and CFA"). See libunwind/libunwind#440. Fortunately this
commit is not present it the latest release.

Using fast or slow path has a great impact on performance of debug build
where collecting fiber gc allocation backtrace is turned on by default.
It surely depends on frequency and pattern of allocation. Test
sql/delete3 depends on backtrace performance most dramatically. On some
installations collecting backtraces slowed down the test up to 10 times.

If fast path is available then collecting backtrace does not affect
performance in a noticeable way.

I propose not to keep autotools products in the libunwind fork repo as
it is done previously. LOG_CONFIGURE is removed because it somehow
incompatible with using && in CONFIGURE_COMMAND command and not critical
to the build.

Also add autotools build dependencies for packpack package specs.
Currently not all packpack images have autotools preinstalled so this is
required for build to success. Anyway we'b better have precise build
requirements in build specs.

Follow-up #5665

NO_DOC=internal
NO_TEST=internal
NO_CHANGELOG=internal

Introduce cmake option ENABLE_HARDENING, which is TRUE by default for
non-debug regular and static builds, excluding AArch64 and FreeBSD.
It passess compiler flags that harden Tarantool (including the bundled
libraries) against memory corruption attacks. The following flags are
passed:

* -Wformat - Check calls to printf and scanf, etc., to make sure that
  the arguments supplied have types appropriate to the format string
  specified.

* -Wformat-security -Werror=format-security - Warn about uses of format
  functions that represent possible security problems. And make the
  warning into an error.

* -fstack-protector-strong - Emit extra code to check for buffer
  overflows, such as stack smashing attacks.

* -fPIC -pie - Generate position-independent code (PIC). It allows to
  take advantage of the Address Space Layout Randomization (ASLR).

* -z relro -z now - Resolve all dynamically linked functions at the
  beginning of the execution, and then make the GOT read-only.

Also do not disable hardening for Debian and RPM-based Linux distros.

Closes #5372
Closes #7536

NO_DOC=build
NO_TEST=build

Sometimes we need to disable testing while building deb/rpm packages to
speed up the build process. Now it is possible via `MAKE_CHECK` env var.
By default, testing is on, but if one defines `MAKE_CHECK=false`, tests
will be off.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

This patch adds the tzdata package as a dependency for DEB/RPM tarantool
package since some tarantool datetime functionality needs this.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

Now the test-run dependencies (pyyaml, gevent) have the corresponding
deb packages installable via the 'apt' package manager and finally it's
time to enable running tests in the package build process.

Closes #1341

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

This change contains the following improvements:

1. Prettify view in the job list.

   Before:
     - centos_7 / centos_7 (GC64=OFF)
     - centos_7 / centos_7 (GC64=ON)

   After:
     - centos_7 / centos_7
     - centos_7 / centos_7 (gc64)

2. Change possible values for the ${GC64} env variable to
   `true/false` instead of `ON/OFF` which is more traditional.

3. Use `-DLUAJIT_ENABLE_GC64=ON` flag in the `debian/rules` and
   `rpm/tarantool.spec` files directly instead of providing it
   in the workflow files.

Follows-up tarantool/tarantool-qa#159
Follows-up tarantool/tarantool-qa#161

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

To make tarantool-gc64 available in repository we need to provide
a product name in a package itself and in the repository.

To build Tarantool with gc64 enabled, the flag -DLUAJIT_ENABLE_GC64
needs to be passed to cmake flags. For this purposes GC64 env var
was added to all workflows for Debian, Ubuntu, Centos and Fedora.

This variable is processed to rename PRODUCT_NAME. If GC64 is
eanbled, PRODUCT_NAME is `tarantool-gc64`, otherwise it stays
`tarantool`, which goes to repository name and the package itself.
Thus, Tarantool with gc64 enabled can be installed by
`<packaen_manager> install -y tarantool-gc64`
in the one single repository.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

Closes: tarantool/tarantool-qa#161

Before this patch Tarantool http client did not support HTTP/2.
The reasons to enable HTTP/2 support are efficiency offered by
the protocol and potential ability to interact with a GRPC server.
The CMake version requirement is updated from 3.2 to 3.3, because
we need generator expressions in cmake for setting multiple paths
in CMAKE_FIND_ROOT_PATH for nghttp2 support.

Closes #5771

@TarantoolBot document
Title: Now we require CMake 3.3 to build tarantool

In tarantool/doc#2065 we requested to update
the CMake minimum version to 3.2. Now it is time for 3.3.
See details in the linked commit.

tarantool debian package MUST NOT depends on binutils package. This is
due to the fact that binutils include linker and assembler, what in most
cases forbidden on production servers.

This dependency is a residual from times, when tarantool did use libbfd
for stack unwinding. Now it simply does not required at all.

Fixes #6699

This is needed to embed luarocks in static build.

Actualize changelog based on GitHub release pages changelogs. Some
entries were skipped since they are not relevant to modern packages.
Versions 1.8.1 and 2.0.4 changelogs were merged to 2.1.1 changelog.

Part of #6397

This patch checks out to up-to-date tarantool/checks master branch
with checking out to up-to-date tarantool/test-run master branch.
Two commits have been added to tarantool/checks. The first one is
related to submodule CI: tarantool/checks#27, the second one contains
license authors fix: tarantool/checks#28.

Add missing third party licenses to debian/copyright. Update copyright
dates for modules. Remove license entries for unused modules.

Closes #6391

This patch fixes hardening-no-pie lintian warning. Ubuntu Xenial uses
older versions of gcc which not build ELF binaries with PIE by default,
but since Xenial builds did not trigger this warning, we do not change
the behavior with additional flags.

Part of #5372, closes #6390

This patch fixes ancient-standards-version lintian warning for modern
systems. Standards-Version is 4.5.1 recommended for Debian Bullseye,
Ubuntu Groovy and Hirsute. Older versions do not support 4.5.1 and thus
yield newer-standards-version warning. This patch overrides it.

Most notable changes:

- Packages must not call /etc/init.d scripts directly even as a fallback,
  and instead must always use invoke-rc.d (which is essential and
  shouldn’t require any conditional).

- Packages may not install files in both /path and /usr/path, and must
  manage any backward-compatibility symlinks so that they don’t break
  if /path and /usr/path are the same directory.

- Packages are recommended to build reproducibly even when build paths
  and most environment variables are allowed to vary.

- Clarify that programs may invoke either /usr/bin/editor and
  /usr/bin/pager directly, or use editor and pager and rely on PATH.

- If /etc/staff-group-for-usr-local does not exist, /usr/local and all
  subdirectories created by packages should have permissions 0755 and
  be owned by root:root. If the file exists, the old permissions of 2775
  and ownership of root:staff should remain.

- Packages should not contain a non-default series file. That is, dpkg’s
  vendor-specific patch series feature should not be used for packages
  in the Debian archive.

- Binaries should be stripped using strip --strip-unneeded
  --remove-section=.comment --remove-section=.note
  (as dh_strip already does).

- Packages that include system services should include systemd service
  units to start or stop those services.

- Use of update-rc.d is required if the package includes an init script
  (previously, Policy said in one place that it was required, and
  in another said that it was recommended).

- Shared libraries must now invoke ldconfig by means of triggers,
  instead of maintscripts.

- Required targets must not write outside of the unpacked source package
  tree, except for TMPDIR, /tmp and /var/tmp.

You can read full changelog here:
https://www.debian.org/doc/debian-policy/upgrading-checklist.html

No changes was introduced in package building pipeline after upgrade
since there aren't any affecting behavior changes.

Part of #6390

This patch fixes source-contains-prebuilt-windows-binary lintian
warnings.

Part of #6390

Before this patch all PackPack-builded packages was treated as
non-maintainer updates. It fixes no-nmu-in-changelog and
source-nmu-has-incorrect-version-number lintian warnings.

Part of #6390

This patch overrides package-needs-versioned-debhelper-build-depends
lintian warning. This warning triggers when debhelper minimal required
version is less than compat level. Ubuntu Xenial repos do not contain
debhelper 10. This warning also triggers on Ubuntu Bionic and Debian
Stretch and Buster despite using debhelper 10 or newer, which highly
likely is a lintian bug. Debian Bullseye and Ubuntu newer that Bionic
pipelines do not yield this warning.

Part of #6390

This patch overrides embedded-library lintian errors
for curl and libyaml.

Part of #6390

This patch fixes malformed-override lintian warning.

Part of #6390

This patch fixes duplicate-globbing-patterns lintian warning.

Part of #6390

Bump debian/compat to 10 since 9 is deprecated. Bump minimal required
debhelper to 10 (except for Ubuntu Trusty and Xenial) since it is the
recommended practice for compatibility level setup.

Closes #6393

Promote @Totktonada to be a new maintainer for debian packages.

Closes #6392

Bump tarantool-common dependency to use luarocks 3.
Prior to this patch, it was permitted to have
new tarantool package (version >= 2.2.1) installed with
pre-luarocks 3 tarantool-common package (version << 2.2.1).
It caused rocks install to fail.

Closes #5429

Add ubuntu-groovy workflow, which runs on push and pull-requests.
Fix lintian globbing-patterns-out-of-order warnings.

Part of: #5824

The reason of the update is to protect us against possible MITM attack
from a malicious HTTPS proxy server with trusted certificate when TLS
1.3 is used (CVE-2021-22890, [1]). libcurl versions prior to 7.76.0 can
skip a TLS handshake with a target host in this circumstances.

Other vulnerabilities fixed in the (7.71.1; 7.76.0] version range do not
look relevant to our built-in http client. See [2] for the full list.

The CMake version requirement is updated from 3.1 to 3.2, because curl's
CMakeLists.txt has the following clause at beginning:

 | cmake_minimum_required(VERSION 3.2...3.16 FATAL_ERROR)

(It was there in vanilla curl 7.71.1 too and we had to remove it in
order to support CMake 2. Now we don't support CMake 2, so it is good
time to get rid of the extra patch upward vanilla curl repository.)

According to the CMake versions table in
8a7702b1 ('github-ci: purge Debian
Jessie from CI'), CMake 3.2+ is available on all supported OSes.

[1]: https://curl.se/docs/CVE-2021-22890.html
[2]: https://curl.se/docs/vulnerabilities.html

@TarantoolBot document
Title: Now we require CMake 3.2 to build tarantool

In https://github.com/tarantool/doc/issues/1780 we requested to update
the CMake minimum version to 3.1. Now it is time for 3.2. See details in
the linked commit.

Please, update the 'Building from source' manual.

LuaJIT submodule is bumped to introduce the following changes:
* test: run luacheck static analysis via CMake
* test: fix warnings found with luacheck in misclib*
* test: run LuaJIT tests via CMake
* build: replace GNU Make with CMake
* build: preserve the original build system

Since LuaJIT build system is ported to CMake in scope of the changeset
mentioned above, the module building the LuaJIT bundled in Tarantool is
completely reworked. There is no option to build Tarantool against
another prebuilt LuaJIT due to a91962c0
('Until Bug#962848 is fixed, don't try to compile with external
LuaJIT'), so all redundant options defining the libluajit to be used in
Tarantool are dropped with the related auxiliary files.

To run LuaJIT related tests or static analysis for Lua files within
LuaJIT repository, <LuaJIT-test> and <LuaJIT-luacheck> targets are used
respectively as a dependency of the corresponding Tarantool targets.

As an additional dependency to run LuaJIT tests, prove[1] utility is
required, so the necessary binary packages are added to the lists with
build requirements.

[1]: https://metacpan.org/pod/TAP::Harness#prove



Closes #4862
Closes #5470
Closes #5631

Reviewed-by: Sergey Kaplun <skaplun@tarantool.org>
Reviewed-by: Timur Safin <tsafin@tarantool.org>
Signed-off-by: Igor Munkin <imun@tarantool.org>

In scope of implementing self-sufficient testing environment LuaJIT
build system is partially ported to CMake. While integrating the new
build system with Tarantool it was found (on practice of course) that
using generator expressions[1] in target DEPENDS section is introduced
only in CMake 3.1[2]. This CMake feature is used to pass so called
"LuaJIT binary" to be used in LuaJIT tests, so one can run the same
testing machinery with both Tarantool and LuaJIT with no changes in it.

[1]: https://cmake.org/cmake/help/v3.1/manual/cmake-generator-expressions.7.html
[2]: https://cmake.org/cmake/help/latest/release/3.1.html#commands



Relates to #4862

Reviewed-by: Alexander V. Tikhonov <avtikhon@tarantool.org>
Signed-off-by: Igor Munkin <imun@tarantool.org>

@TarantoolBot document
Title: Update CMake minimum required version in build documentation

This commit updates the CMake minimum required version to be used in
Tarantool build infrastructure. However, one can build Tarantool from
sources and the required toolchain list should be updated. CMake minimum
required version is 3.1 since this commit. See the commit message for
more info.

After cURL was changed to use cmake in commit

  2b076019 ('build: enable cmake in curl build')

there is no need to set dependencies to autotools. So removed it from:

  - rpm build spec for packages builds
  - deb build control for packages builds
  - OSX build targets
  - static OSX build target
  - freebsd VBOX VM image setup

Make build dependency on dh-systemd optional, as this package is
deprecated and removed from Debian 11. It part of debhelper (>=
9.20160709) now. No new dependencies, as tarantool already depends on
debhelper (> 9).

After tarantool installation on Debian/Ubuntu from repo, example
instance was automatically started on 3301 port. At the same time
example instance on RHEL/CentOS is started manually. Patch does the same
for Debian/Ubuntu.

Closes #4507

Reviewed-by: Igor Munkin <imun@tarantool.org>
Reviewed-by: Alexander Turenko <alexander.turenko@tarantool.org>

After we started using bundled version of libyaml by default (see commit
47b91e90), we can remove it from
building dependencies for RPM and DEB packages.

Closes #4442

Reviewed-by: Alexander Turenko <alexander.turenko@tarantool.org>

Rope library stores alloc, split and free functions by pointer,
that is a huge slog at performance, as any other virtual
function call. There is no reason, why the rope library may not
become a template, except historical ones.

The patch not only removes virtual functions, but also makes rope
deletion almost no-op in case if free() function is not defined.

A second motivation point of that patch is that original rope
structure was too big. Again, because it stored several pointers
to functions. In forthcoming patches on #1261 multiple ropes can
be created per each update, so it makes sense to reduce size of
this structure.

Hold libcurl-7.65.3. This version is not affected by the following
issues:

* #4180 ('httpc: redirects are broken with libcurl-7.30 and older');
* #4389 ('libcurl memory leak');
* #4397 ('HTTPS seem to be unstable').

After this patch libcurl will be statically linked when
ENABLE_BUNDLED_LIBCURL option is set. This option is set by default.

Closes #4318

@TarantoolBot document
Title: Tarantool dependency list was changed

* Added build dependencies: autoconf, automake, libtool, zlib-devel
  (zlib1g-dev on Debian).
* Added runtime dependencies: zlib (zlib1g on Debian).
* Removed build dependencies: libcurl-devel (libcurl4-openssl-dev on
  Debian).
* Removed runtime dependencies: curl.

The reason is that now we use compiled-in libcurl: so we don't depend on
a system libcurl, but inherit its dependencies.