bin/import-package

   1 #!/bin/sh
   2
   3 # Usage: ./bin/import-package SOURCE_PACKAGE
   4 #
   5 # This script automates a part of the process to grant a freeze exception
   6 # to a Debian package:
   7 # https://tails.boum.org/contribute/APT_repository/time-based_snapshots/#freeze-exception
   8 #
   9 # It imports the specified source package, and all binary packages built
  10 # from it, into the Tails custom APT repository's $TARGET_DIST suite.
  11 #
  12 # Packages are downloaded with APT in a pbuilder chroot environment.
  13 # To choose the Debian distribution packages must be pulled from
  14 # (or whatever other options you want to pass to pbuilder),
  15 # use $PBUILDER_OPTIONS: its value will be passed to the pbuilder command-line.
  16 #
  17 # If $TARGET_DIST is unset, packages are added to the APT suite
  18 # corresponding to the current Git branch.
  19 #
  20 # Example:
  21 #
  22 #   PBUILDER_OPTIONS='--basetgz /var/cache/pbuilder/base-sid-amd64.tgz' \
  23 #   TARGET_DIST='testing' \
  24 #   ./bin/import-package libgsecuredelete
  25
  26 set -x
  27 set -e
  28 set -u
  29
  30 SRC_PKG="$1"
  31
  32 GIT_TOPLEVEL_DIR=$(git rev-parse --show-toplevel)
  33 . "$GIT_TOPLEVEL_DIR"/auto/scripts/utils.sh
  34 PBUILDER_OPTIONS="${PBUILDER_OPTIONS:-}"
  35 TARGET_DIST="${TARGET_DIST:-$(branch_name_to_suite $(git_current_branch))}"
  36 REMOTE_USER_AT_HOST='reprepro@incoming.deb.tails.boum.org'
  37
  38 umask 0022
  39 WORKDIR=$(mktemp -d)
  40
  41 trap "rm -r $WORKDIR" EXIT HUP INT QUIT TERM
  42
  43 (
  44    cd "$WORKDIR"
  45
  46    # download source and binary packages
  47    cat > script <<EOF
  48 #!/bin/sh
  49 set -x
  50 set -e
  51 set -u
  52
  53 umask 0022
  54 sed --regexp-extended -e 's,^deb(\s+.*),deb\1 contrib non-free,' \
  55    /etc/apt/sources.list \
  56    > /etc/apt/sources.list.d/tmp-deb.list
  57 sed --regexp-extended -e 's,^deb(\s+),deb-src\1,' \
  58    /etc/apt/sources.list.d/tmp-deb.list \
  59    > /etc/apt/sources.list.d/tmp-deb-src.list
  60 apt-get update
  61 apt-get install dctrl-tools
  62
  63 cd '$WORKDIR'
  64 ORIG_OWNER=\$(stat --format='%u:%g' '$WORKDIR')
  65 # allow APT 1.1+ to drop privileges
  66 if getent passwd _apt >/dev/null 2>&1 ; then
  67    chown _apt '$WORKDIR'
  68 fi
  69 apt-get --download-only source '$SRC_PKG'
  70 apt-get download \
  71         \$(grep-aptavail -S '$SRC_PKG' --exact-match -s Package --no-field-names)
  72 chown "\$ORIG_OWNER" '$WORKDIR'
  73 EOF
  74    chmod 755 script
  75    sudo pbuilder execute --bindmounts "$WORKDIR" $PBUILDER_OPTIONS -- script
  76    rm script
  77
  78    REMOTE_WORKDIR=$(ssh "$REMOTE_USER_AT_HOST" mktemp -d)
  79    scp * "$REMOTE_USER_AT_HOST":"$REMOTE_WORKDIR"/
  80    ssh "$REMOTE_USER_AT_HOST" \
  81        "reprepro includedsc '$TARGET_DIST' '$REMOTE_WORKDIR'/*.dsc && \
  82         reprepro includedeb '$TARGET_DIST' '$REMOTE_WORKDIR'/*.deb && \
  83         rm -r '$REMOTE_WORKDIR'"
  84 )