-
Notifications
You must be signed in to change notification settings - Fork 12
/
build-debianpackage
executable file
·84 lines (63 loc) · 2.46 KB
/
build-debianpackage
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/bin/bash
# Wrapper script to build Debian packages for the SecureDrop Workstation.
# Requires a source tarball to build the package, defined via `PKG_PATH`.
# The script will check for a suitable tarball on an adjacent directory.
# Explicit configuration is available via the following env vars:
#
# * PKG_PATH
# * PKG_VERSION
# * PKG_NAME
#
set -e
set -u
set -o pipefail
# Store root of repo, since we'll change dirs several times.
CUR_DIR="$(git rev-parse --show-toplevel)"
# Verify sha256sums.txt in the git repo
"${CUR_DIR}/scripts/verify-sha256sum-signature"
# Validate required args.
if [[ -z "${PKG_NAME:-}" ]]; then
echo "Set PKG_NAME of the build";
exit 1
fi
if [[ -z "${PKG_VERSION:-}" ]]; then
echo "Set PKG_VERSION of the build";
exit 1
fi
if [[ -z "${PKG_PATH:-}" ]]; then
# Try to find tarball in a reasonable location
candidate_pkg_path="$(realpath "${CUR_DIR}/../${PKG_NAME}/dist/${PKG_NAME}-${PKG_VERSION}.tar.gz")"
if [[ -f "$candidate_pkg_path" ]]; then
PKG_PATH="$candidate_pkg_path"
echo "Found tarball at $PKG_PATH, override with PKG_PATH..."
else
echo "Set PKG_PATH source tarball";
exit 1
fi
fi
# Disable use of pip cache during debhelper build actions.
export DH_PIP_EXTRA_ARGS="--no-cache-dir --require-hashes"
# Declare general packaging building workspace; subdirs will
# be created within, to build specific packages.
TOP_BUILDDIR="$HOME/debbuild/packaging"
mkdir -p "$TOP_BUILDDIR"
rm -rf "${TOP_BUILDDIR:?}/${PKG_NAME}"
mkdir -p "${TOP_BUILDDIR}/${PKG_NAME}"
printf "Building package '%s' from version '%s'...\\n" "$PKG_NAME" "$PKG_VERSION"
# Copy the source tarball to the packaging workspace
cp "$PKG_PATH" "$TOP_BUILDDIR/$PKG_NAME/"
# Extract the source tarball in the packaging workspace
tar --strip-components=1 -C "$TOP_BUILDDIR/$PKG_NAME" -xvf "$PKG_PATH"
# Copy over the debian directory (including new changelog) from repo
cp -r "$CUR_DIR/$PKG_NAME/debian" "$TOP_BUILDDIR/$PKG_NAME/"
# Hop into the package build dir, to run dpkg-buildpackage
cd "$TOP_BUILDDIR/$PKG_NAME/"
# Verify all the hashes from the verified sha256sums.txt
$CUR_DIR/scripts/verify-hashes $CUR_DIR/sha256sums.txt ./build-requirements.txt
echo "All hashes verified."
# Adds reproducibility step
export SOURCE_DATE_EPOCH=`dpkg-parsechangelog -STimestamp`
# Build the package
dpkg-buildpackage -us -uc
# Tell the user the path of the files buillt
echo "Find the .deb and other build files at $TOP_BUILDDIR/$PKG_NAME"