bin/import-package

   1 #!/bin/sh
   2
   3 # Usage: ./bin/import-package SOURCE_PACKAGE
   4 #
   5 # This script automates a part of the process to grant a freeze exception
   6 # to a Debian package:
   7 # https://tails.net/contribute/APT_repository/time-based_snapshots/#freeze-exception
   8 #
   9 # It imports the specified source package, and all binary packages built
  10 # from it, into the Tails custom APT repository's $TARGET_DIST suite.
  11 #
  12 # Packages are downloaded with APT in a pbuilder chroot environment.
  13 # To choose the Debian distribution packages must be pulled from
  14 # (or whatever other options you want to pass to pbuilder),
  15 # use $PBUILDER_OPTIONS: its value will be passed to the pbuilder command-line.
  16 #
  17 # If $TARGET_DIST is unset, packages are added to the APT suite
  18 # corresponding to the current Git branch.
  19 #
  20 # Example:
  21 #
  22 #   PBUILDER_OPTIONS='--basetgz /var/cache/pbuilder/base-sid-amd64.tgz' \
  23 #   TARGET_DIST='testing' \
  24 #   ./bin/import-package libgsecuredelete
  25
  26 set -x
  27 set -e
  28 set -u
  29
  30 SRC_PKG="$1"
  31
  32 GIT_TOPLEVEL_DIR=$(git rev-parse --show-toplevel)
  33 . "$GIT_TOPLEVEL_DIR"/auto/scripts/utils.sh
  34 PBUILDER_OPTIONS="${PBUILDER_OPTIONS:-}"
  35 TARGET_DIST="${TARGET_DIST:-$(branch_name_to_suite "$(git_current_branch)")}"
  36 REMOTE_USER_AT_HOST='reprepro@incoming.deb.tails.boum.org'
  37
  38 umask 0022
  39 WORKDIR=$(mktemp -d)
  40
  41 # shellcheck disable=SC2064
  42 trap "rm -r '$WORKDIR'" EXIT HUP INT QUIT TERM
  43
  44 (
  45    cd "$WORKDIR"
  46
  47    # download source and binary packages
  48    cat > script <<EOF
  49 #!/bin/sh
  50 set -x
  51 set -e
  52 set -u
  53
  54 umask 0022
  55 sed --regexp-extended -e 's,^deb(\s+.*),deb\1 contrib non-free non-free-firmware,' \
  56    /etc/apt/sources.list \
  57    > /etc/apt/sources.list.d/tmp-deb.list
  58 sed --regexp-extended -e 's,^deb(\s+),deb-src\1,' \
  59    /etc/apt/sources.list.d/tmp-deb.list \
  60    > /etc/apt/sources.list.d/tmp-deb-src.list
  61 apt-get update
  62 apt-get install dctrl-tools
  63
  64 cd '$WORKDIR'
  65 ORIG_OWNER=\$(stat --format='%u:%g' '$WORKDIR')
  66 # allow APT 1.1+ to drop privileges
  67 if getent passwd _apt >/dev/null 2>&1 ; then
  68    chown _apt '$WORKDIR'
  69 fi
  70 apt-get --download-only source '$SRC_PKG'
  71 apt-get download \
  72         \$(grep-aptavail -S '$SRC_PKG' --exact-match -s Package --no-field-names)
  73 chown "\$ORIG_OWNER" '$WORKDIR'
  74 EOF
  75    chmod 755 script
  76    # shellcheck disable=SC2086
  77    sudo pbuilder execute --bindmounts "$WORKDIR" $PBUILDER_OPTIONS -- script
  78    rm script
  79
  80    REMOTE_WORKDIR=$(ssh "$REMOTE_USER_AT_HOST" mktemp -d)
  81    scp ./* "$REMOTE_USER_AT_HOST":"$REMOTE_WORKDIR"/
  82    # shellcheck disable=SC2029
  83    ssh "$REMOTE_USER_AT_HOST" \
  84        "reprepro includedsc '$TARGET_DIST' '$REMOTE_WORKDIR'/*.dsc && \
  85         reprepro includedeb '$TARGET_DIST' '$REMOTE_WORKDIR'/*.deb && \
  86         rm -r '$REMOTE_WORKDIR'"
  87 )