early_patch: document ownership for files bind mounted into /home/amnesia
[tails.git] / bin / import-package
blob773f0ca76b7572637f81b90b42a7f8c4eb310203
1 #!/bin/sh
3 # Usage: ./bin/import-package SOURCE_PACKAGE
5 # This script automates a part of the process to grant a freeze exception
6 # to a Debian package:
7 # https://tails.net/contribute/APT_repository/time-based_snapshots/#freeze-exception
9 # It imports the specified source package, and all binary packages built
10 # from it, into the Tails custom APT repository's $TARGET_DIST suite.
12 # Packages are downloaded with APT in a pbuilder chroot environment.
13 # To choose the Debian distribution packages must be pulled from
14 # (or whatever other options you want to pass to pbuilder),
15 # use $PBUILDER_OPTIONS: its value will be passed to the pbuilder command-line.
17 # If $TARGET_DIST is unset, packages are added to the APT suite
18 # corresponding to the current Git branch.
20 # Example:
22 # PBUILDER_OPTIONS='--basetgz /var/cache/pbuilder/base-sid-amd64.tgz' \
23 # TARGET_DIST='testing' \
24 # ./bin/import-package libgsecuredelete
26 set -x
27 set -e
28 set -u
30 SRC_PKG="$1"
32 GIT_TOPLEVEL_DIR=$(git rev-parse --show-toplevel)
33 . "$GIT_TOPLEVEL_DIR"/auto/scripts/utils.sh
34 PBUILDER_OPTIONS="${PBUILDER_OPTIONS:-}"
35 TARGET_DIST="${TARGET_DIST:-$(branch_name_to_suite "$(git_current_branch)")}"
36 REMOTE_USER_AT_HOST='reprepro@incoming.deb.tails.boum.org'
38 umask 0022
39 WORKDIR=$(mktemp -d)
41 # shellcheck disable=SC2064
42 trap "rm -r '$WORKDIR'" EXIT HUP INT QUIT TERM
45 cd "$WORKDIR"
47 # download source and binary packages
48 cat > script <<EOF
49 #!/bin/sh
50 set -x
51 set -e
52 set -u
54 umask 0022
55 sed --regexp-extended -e 's,^deb(\s+.*),deb\1 contrib non-free non-free-firmware,' \
56 /etc/apt/sources.list \
57 > /etc/apt/sources.list.d/tmp-deb.list
58 sed --regexp-extended -e 's,^deb(\s+),deb-src\1,' \
59 /etc/apt/sources.list.d/tmp-deb.list \
60 > /etc/apt/sources.list.d/tmp-deb-src.list
61 apt-get update
62 apt-get install dctrl-tools
64 cd '$WORKDIR'
65 ORIG_OWNER=\$(stat --format='%u:%g' '$WORKDIR')
66 # allow APT 1.1+ to drop privileges
67 if getent passwd _apt >/dev/null 2>&1 ; then
68 chown _apt '$WORKDIR'
70 apt-get --download-only source '$SRC_PKG'
71 apt-get download \
72 \$(grep-aptavail -S '$SRC_PKG' --exact-match -s Package --no-field-names)
73 chown "\$ORIG_OWNER" '$WORKDIR'
74 EOF
75 chmod 755 script
76 # shellcheck disable=SC2086
77 sudo pbuilder execute --bindmounts "$WORKDIR" $PBUILDER_OPTIONS -- script
78 rm script
80 REMOTE_WORKDIR=$(ssh "$REMOTE_USER_AT_HOST" mktemp -d)
81 scp ./* "$REMOTE_USER_AT_HOST":"$REMOTE_WORKDIR"/
82 # shellcheck disable=SC2029
83 ssh "$REMOTE_USER_AT_HOST" \
84 "reprepro includedsc '$TARGET_DIST' '$REMOTE_WORKDIR'/*.dsc && \
85 reprepro includedeb '$TARGET_DIST' '$REMOTE_WORKDIR'/*.deb && \
86 rm -r '$REMOTE_WORKDIR'"