2019-09-04 05:01:34 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
# Copyright 2018 The gVisor Authors.
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
|
|
|
|
# Parse arguments. We require more than two arguments, which are the private
|
|
|
|
# keyring, the e-mail associated with the signer, and the list of packages.
|
2019-09-18 21:55:55 +00:00
|
|
|
if [ "$#" -le 3 ]; then
|
2020-04-24 21:10:28 +00:00
|
|
|
echo "usage: $0 <private-key> <signer-email> <root> <packages...>"
|
2019-09-04 05:01:34 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
2019-11-05 23:06:06 +00:00
|
|
|
declare -r private_key=$(readlink -e "$1"); shift
|
|
|
|
declare -r signer="$1"; shift
|
|
|
|
declare -r root="$1"; shift
|
2019-09-04 05:01:34 +00:00
|
|
|
|
2020-04-24 21:10:28 +00:00
|
|
|
# Ensure that we have the correct packages installed.
|
|
|
|
function apt_install() {
|
|
|
|
while true; do
|
|
|
|
sudo apt-get update &&
|
|
|
|
sudo apt-get install -y "$@" &&
|
|
|
|
true
|
|
|
|
result="${?}"
|
|
|
|
case $result in
|
|
|
|
0)
|
|
|
|
break
|
|
|
|
;;
|
|
|
|
100)
|
|
|
|
# 100 is the error code that apt-get returns.
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
exit $result
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
}
|
|
|
|
dpkg-sig --help >/dev/null || apt_install dpkg-sig
|
|
|
|
apt-ftparchive --help >/dev/null || apt_install apt-utils
|
|
|
|
xz --help >/dev/null || apt_install xz-utils
|
|
|
|
|
2019-09-04 05:01:34 +00:00
|
|
|
# Verbose from this point.
|
|
|
|
set -xeo pipefail
|
|
|
|
|
|
|
|
# Create a temporary working directory. We don't remove this, as we ultimately
|
|
|
|
# print this result and allow the caller to copy wherever they would like.
|
|
|
|
declare -r tmpdir=$(mktemp -d /tmp/repoXXXXXX)
|
|
|
|
|
|
|
|
# Create a temporary keyring, and ensure it is cleaned up.
|
|
|
|
declare -r keyring=$(mktemp /tmp/keyringXXXXXX.gpg)
|
|
|
|
cleanup() {
|
|
|
|
rm -f "${keyring}"
|
|
|
|
}
|
|
|
|
trap cleanup EXIT
|
2019-09-05 23:37:06 +00:00
|
|
|
gpg --no-default-keyring --keyring "${keyring}" --import "${private_key}" >&2
|
2019-09-04 05:01:34 +00:00
|
|
|
|
2019-11-05 23:06:06 +00:00
|
|
|
# Copy the packages into the root.
|
2019-09-12 20:43:07 +00:00
|
|
|
for pkg in "$@"; do
|
|
|
|
name=$(basename "${pkg}" .deb)
|
|
|
|
name=$(basename "${name}" .changes)
|
|
|
|
arch=${name##*_}
|
|
|
|
if [[ "${name}" == "${arch}" ]]; then
|
|
|
|
continue # Not a regular package.
|
|
|
|
fi
|
2019-11-05 23:06:06 +00:00
|
|
|
if [[ "${pkg}" =~ ^.*\.deb$ ]]; then
|
|
|
|
# Extract from the debian file.
|
|
|
|
version=$(dpkg --info "${pkg}" | grep -E 'Version:' | cut -d':' -f2)
|
|
|
|
elif [[ "${pkg}" =~ ^.*\.changes$ ]]; then
|
|
|
|
# Extract from the changes file.
|
|
|
|
version=$(grep -E 'Version:' "${pkg}" | cut -d':' -f2)
|
|
|
|
else
|
|
|
|
# Unsupported file type.
|
|
|
|
echo "Unknown file type: ${pkg}"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
version=${version// /} # Trim whitespace.
|
|
|
|
mkdir -p "${root}"/pool/"${version}"/binary-"${arch}"
|
|
|
|
cp -a "${pkg}" "${root}"/pool/"${version}"/binary-"${arch}"
|
2019-09-12 20:43:07 +00:00
|
|
|
done
|
2019-09-04 05:01:34 +00:00
|
|
|
|
2019-11-05 23:06:06 +00:00
|
|
|
# Ensure all permissions are correct.
|
|
|
|
find "${root}"/pool -type f -exec chmod 0644 {} \;
|
2019-09-04 05:01:34 +00:00
|
|
|
|
|
|
|
# Sign all packages.
|
2019-11-05 23:06:06 +00:00
|
|
|
for file in "${root}"/pool/*/binary-*/*.deb; do
|
2019-09-05 23:37:06 +00:00
|
|
|
dpkg-sig -g "--no-default-keyring --keyring ${keyring}" --sign builder "${file}" >&2
|
2019-09-04 05:01:34 +00:00
|
|
|
done
|
|
|
|
|
|
|
|
# Build the package list.
|
2019-11-05 23:06:06 +00:00
|
|
|
declare arches=()
|
|
|
|
for dir in "${root}"/pool/*/binary-*; do
|
|
|
|
name=$(basename "${dir}")
|
|
|
|
arch=${name##binary-}
|
|
|
|
arches+=("${arch}")
|
2020-04-24 21:10:28 +00:00
|
|
|
repo_packages="${tmpdir}"/main/"${name}"
|
2019-11-05 23:06:06 +00:00
|
|
|
mkdir -p "${repo_packages}"
|
|
|
|
(cd "${root}" && apt-ftparchive --arch "${arch}" packages pool > "${repo_packages}"/Packages)
|
|
|
|
(cd "${repo_packages}" && cat Packages | gzip > Packages.gz)
|
|
|
|
(cd "${repo_packages}" && cat Packages | xz > Packages.xz)
|
2019-09-12 20:43:07 +00:00
|
|
|
done
|
2019-09-04 05:01:34 +00:00
|
|
|
|
|
|
|
# Build the release list.
|
2019-11-05 23:06:06 +00:00
|
|
|
cat > "${tmpdir}"/apt.conf <<EOF
|
|
|
|
APT {
|
|
|
|
FTPArchive {
|
|
|
|
Release {
|
|
|
|
Architectures "${arches[@]}";
|
2020-04-24 21:10:28 +00:00
|
|
|
Components "main";
|
2019-11-05 23:06:06 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
EOF
|
|
|
|
(cd "${tmpdir}" && apt-ftparchive -c=apt.conf release . > Release)
|
|
|
|
rm "${tmpdir}"/apt.conf
|
2019-09-04 05:01:34 +00:00
|
|
|
|
|
|
|
# Sign the release.
|
2019-11-05 23:06:06 +00:00
|
|
|
declare -r digest_opts=("--digest-algo" "SHA512" "--cert-digest-algo" "SHA512")
|
|
|
|
(cd "${tmpdir}" && gpg --no-default-keyring --keyring "${keyring}" --clearsign "${digest_opts[@]}" -o InRelease Release >&2)
|
|
|
|
(cd "${tmpdir}" && gpg --no-default-keyring --keyring "${keyring}" -abs "${digest_opts[@]}" -o Release.gpg Release >&2)
|
2019-09-04 05:01:34 +00:00
|
|
|
|
|
|
|
# Show the results.
|
|
|
|
echo "${tmpdir}"
|