Skip to content

Commit

Permalink
Infers PKG_PATH by building tarball from source
Browse files Browse the repository at this point in the history 
If no PKG_PATH is set, then let's build it from source, using the
upsream package repository. For Python projects, this amounts to:

  1. Cloning the repo
  2. Verifying the tag for a specific version
  3. Checking out that tag
  4. Running 'python setup.py sdist' to build tarball

Once that's done, we can pass that tarball to the Debian package build
logic. The tarball is not byte-for-byte identical after multiple builds,
due to metadata discrepancies such as timestamps, but Debian package
build logic *is* reproducible, given support of the SOURCE_DATE_EPOCH.
So, even when using a newly built tarball with slightly different
timestamps, rebuilding the same package will yield an identical
checksum.
  • Loading branch information
Conor Schaefer committed Jul 27, 2020
1 parent 4c90021 commit 2a03bcc
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions scripts/build-debianpackage
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,14 +58,26 @@ fi
# Copy over the debian directory (including new changelog) from repo
cp -r "$CUR_DIR/$PKG_NAME/" "$TOP_BUILDDIR/"

function build_source_tarball() {
repo_url="https://github.com/freedomofpress/${PKG_NAME}"
build_dir="/tmp/${PKG_NAME}"
rm -rf "$build_dir"
git clone "$repo_url" "$build_dir"
git -C "$build_dir" tag --verify "$PKG_VERSION" 1>&2
git -C "$build_dir" checkout "$PKG_VERSION" 1>&2
(cd "$build_dir" && python setup.py sdist 1>&2)
find "${build_dir}/dist/" | grep -P '\.tar.gz$' | head -n1
}

# If the package is contained in the list, it should be a python package. In
# that case, we should extract tarball, and validate wheel hashes.
if [[ "${PKG_NAME}" =~ ^(securedrop-client|securedrop-proxy|securedrop-export|securedrop-log)$ ]]; then
echo "${PKG_NAME} is a Python package"

if [[ -z "${PKG_PATH:-}" ]]; then
# Try to find tarball in a reasonable location
candidate_pkg_path="$(realpath "${CUR_DIR}/../${PKG_NAME}/dist/${PKG_NAME}-${PKG_VERSION}.tar.gz")"
# Build from source
echo "PKG_PATH not set, building from source (version $PKG_VERSION)..."
candidate_pkg_path="$(build_source_tarball)"
if [[ -f "$candidate_pkg_path" ]]; then
PKG_PATH="$candidate_pkg_path"
echo "Found tarball at $PKG_PATH, override with PKG_PATH..."
Expand Down

0 comments on commit 2a03bcc

Please sign in to comment.