CMXSL.org/package-helpers-cmxsl
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
package-helpers-cmxsl/helpers/config
Luis Guzmán a6ddb2a9a8 Update security repository for new stable
2021-08-26 07:36:59 +00:00

257 lines
9.4 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
#
# Copyright (C) 2008-2020 Ruben Rodriguez <ruben@trisquel.info>
# Copyright (C) 2014 Santiago Rodriguez <santi@trisquel.info>
# Copyright (C) 2019 David Trudgian <dave@trudgian.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
set -e
set -o pipefail
export LANG=C LC_TIME=C
PACKAGE=$(echo $0 |/bin/sed s/make-//)
export DATE=$(date +'%a, %d %b %Y %T %z')
export DATA="$PWD/DATA/$PACKAGE"
if ! [ 1$COMPONENT = "1main" ]
then
COMPONENT=${COMPONENT:-universe}
export NO_PKG_MANGLE=1
fi
[ -d PACKAGES ] || mkdir PACKAGES
export DEBIAN_FRONTEND=noninteractive
export DEBEMAIL=trisquel-devel@listas.trisquel.info
export DEBFULLNAME="Trisquel GNU/Linux developers"
export CODENAME=nabia
export REVISION=10.0
export RELEASE=trisquel
export DOMAIN=trisquel.info
export UPSTREAM=focal
export UPSTREAMRELEASE=20.04
MIRROR=http://archive.ubuntu.com/ubuntu
LOCALMIRROR=https://archive.trisquel.org/trisquel
LOCAL_APT=`mktemp -d`
export RPL="$PWD/DATA/rpl"
rpl(){
$RPL "$@"
}
pkgversion(){
dpkg-parsechangelog --show-field Version
}
replace(){
find $3 -type f -not -iregex '.*changelog.*' -not -iregex '.*copyright.*' -execdir /bin/sed --follow-symlinks -i s^"$1"^"$2"^g {} \;
}
changelog(){
head -n 1 debian/changelog | grep -q $UPSTREAM-security && REPO=$CODENAME-security || REPO=$CODENAME
[ "$BACKPORT" = true ] || [ "$BACKPORTS" = true ] && REPO=${CODENAME}-backports
echo | dch -D $REPO -v `pkgversion`+${REVISION}trisquel${VERSION} "$1"
# Make sure the changelog file is identical between archs
/bin/sed "/-- Trisquel/s/.*/ -- Trisquel GNU\/Linux developers <trisquel-devel@listas.trisquel.info> $DATE/" -i debian/changelog
}
#Setup local apt
trap "rm -rf ${LOCAL_APT}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
mkdir -p ${LOCAL_APT}/var/lib/apt/partial
mkdir -p ${LOCAL_APT}/var/cache/apt/archives/partial
mkdir -p ${LOCAL_APT}/etc/
mkdir -p ${LOCAL_APT}/var/lib/dpkg
touch ${LOCAL_APT}/var/lib/dpkg/status
touch ${LOCAL_APT}/etc/trusted.gpg
[ $UID = 0 ] && id _apt > /dev/null 2>&1 && chown _apt ${LOCAL_APT} -R
cat << EOF > ${LOCAL_APT}/etc/apt.conf
Dir::State "${LOCAL_APT}/var/lib/apt";
Dir::State::status "${LOCAL_APT}/var/lib/dpkg/status";
Dir::Etc::SourceList "${LOCAL_APT}/etc/apt.sources.list";
Dir::Etc::SourceParts "";
Dir::Cache "${LOCAL_APT}/var/cache/apt";
pkgCacheGen::Essential "none";
Dir::Etc::Trusted "${LOCAL_APT}/etc/trusted.gpg";
Acquire::ForceIPv4 "true";
EOF
export TRUSTEDFILE=${LOCAL_APT}/etc/trusted.gpg
if [ -f trusted.local.gpg ]
then
cp trusted.local.gpg "${LOCAL_APT}/etc/trusted.gpg"
else
# Trisquel key
apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys B4EFB9F38D8AEBF1 > /dev/null
apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys B138CA450C05112F > /dev/null
# Ubuntu gpg keys
apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 40976EAF437D05B5 > /dev/null
apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 3B4FE6ACC0B21F32 > /dev/null
apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 871920D1991BC93C > /dev/null
# Debian gpg keys
apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 9D6D8F6BC857C906 > /dev/null
apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 8B48AD6246925553 > /dev/null
apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys DCC9EFBF77E11517 > /dev/null
apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 648ACFD622F3D138 > /dev/null
apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 54404762BBB6E853 > /dev/null
# Tor gpg key
apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --import DATA/tor/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
fi
# Also import the repository key optionally listed in the helper
[ "1$REPOKEY" != "1" ] && apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver hkps://keyserver.ubuntu.com:443 $REPOKEY
cat << EOF > ${LOCAL_APT}/etc/apt.sources.list
deb-src $MIRROR $UPSTREAM main universe
deb-src $MIRROR $UPSTREAM-updates main universe
deb-src $MIRROR $UPSTREAM-security main universe
EOF
# manage external repository sources. If origin is ubuntu or debian, add updates and security repositories too
if [ "1$EXTERNAL" != "1" ]; then
if eval echo "$EXTERNAL" | grep "archive.ubuntu.com" | grep -qv -e updates -e security -e backports; then
RELNAME=$(eval echo "$EXTERNAL" | cut -d' ' -f 3)
COMPONENTS=$(eval echo "$EXTERNAL" | cut -d' ' -f 4-)
echo "deb-src http://archive.ubuntu.com/ubuntu/ $RELNAME $COMPONENTS" >> ${LOCAL_APT}/etc/apt.sources.list
echo "deb-src http://archive.ubuntu.com/ubuntu/ ${RELNAME}-updates $COMPONENTS" >> ${LOCAL_APT}/etc/apt.sources.list
echo "deb-src http://archive.ubuntu.com/ubuntu/ ${RELNAME}-security $COMPONENTS" >> ${LOCAL_APT}/etc/apt.sources.list
elif eval echo "$EXTERNAL" | grep "ftp.debian.org" |grep -qv -e updates -e security -e backports -e testing -e sid -e unstable -e experimental ; then
RELNAME=$(eval echo "$EXTERNAL" | cut -d' ' -f 3)
COMPONENTS=$(eval echo "$EXTERNAL" | cut -d' ' -f 4-)
echo "deb-src http://deb.debian.org/debian $RELNAME $COMPONENTS" >> ${LOCAL_APT}/etc/apt.sources.list
echo "deb-src http://deb.debian.org/debian ${RELNAME}-updates $COMPONENTS" >> ${LOCAL_APT}/etc/apt.sources.list
echo "deb-src http://security.debian.org/debian-security/ ${RELNAME}-security $COMPONENTS" >> ${LOCAL_APT}/etc/apt.sources.list
else
eval echo "$EXTERNAL" >> ${LOCAL_APT}/etc/apt.sources.list
fi
fi
#Cleanup
rm -rf PACKAGES/$PACKAGE
mkdir PACKAGES/$PACKAGE
cd PACKAGES/$PACKAGE
[ $UID = 0 ] && id _apt > /dev/null 2>&1 && chown _apt .
#Get package and uncompress it
apt-get update -c $LOCAL_APT/etc/apt.conf
apt-get source $PACKAGE --download-only -c ${LOCAL_APT}/etc/apt.conf
# Verify it first
if grep -q "BEGIN PGP SIGNATURE" *.dsc; then
KEY=$(gpg2 --keyid-format 0xlong --verify *.dsc 2>&1 | grep 0x | sed 's/.*0x//' || true)
[ -z "$KEY" ] && KEY=$(gpgv --keyring ${LOCAL_APT}/etc/trusted.gpg *.dsc 2>&1 | egrep ".SA key" | sed 's/.*.SA key //' || true)
apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver hkps://keyserver.ubuntu.com:443 $KEY > /dev/null
touch ${LOCAL_APT}/keyring.gpg
gpg2 --keyring ${LOCAL_APT}/keyring.gpg --import ${LOCAL_APT}/etc/trusted.gpg
gpg2 --verify --keyring ${LOCAL_APT}/etc/trusted.gpg *.dsc
[ -n SCHROOT_COMMAND ] && gpgconf --kill gpg-agent
else
echo WARNING! The dsc file is not gpg signed!
[ -z "$EXTERNAL" ] && exit 1
fi
dpkg-source --no-check -x --skip-patches *.dsc source
find -maxdepth 1 -type f | xargs rm
cd source
#disable 3.0 deb source format
[ -f debian/source/format ] && rm debian/source/format
[ -f debian/source/options ] && rm debian/source/options
#for i in debian.master/control.stub.in debian.master/control.stub debian.master/control debian/control.stub.in debian/control.stub debian/control
#do
# [ -f $i ] && /bin/sed "s_^Maintainer.*_Maintainer: $DEBFULLNAME <$DEBEMAIL>_g" -i $i
#done
compile(){
# Make sure the series file is formated correctly after removals
if [ -f debian/patches/series ]; then
grep -q [a-z] debian/patches/series || echo -n > debian/patches/series
fi
if [ 1$QUILT != 1skip ]; then
export QUILT_PATCHES=debian/patches
grep -qv '^#' debian/patches/series 2>/dev/null && quilt push -a
fi
cd ..
dpkg-source -b source
rm -rf ${LOCAL_APT}
echo "Trisquel source package built!"
}
sedhelper2(){
FILE="$1"
EXPR="$2"";"
while [ 1"$EXPR" != 1 ];do
SUBEXPR=$(cut -d\; -f 1 <<< "$EXPR")
MD5=$(md5sum "$FILE")
echo Running modification-aware sed: sed "$SUBEXPR" -i "$FILE" 1>&2
/bin/sed "$SUBEXPR" -i "$FILE"
if [ "$MD5" = "$(md5sum "$FILE")" ]; then
echo File "$FILE" was not modified, stopping. 1>&2
exit 1
fi
EXPR=$(cut -d\; -f 2- <<< "$EXPR" )
echo $EXPR | egrep ';' -q || break
done
}
sedhelper(){
FILE="$1"
EXPR="$2"
MD5=$(md5sum "$FILE")
echo Running modification-aware sed: sed "$EXPR" -i "$FILE" 1>&2
/bin/sed "$EXPR" -i "$FILE"
if [ "$MD5" = "$(md5sum "$FILE")" ]; then
echo File "$FILE" was not modified, stopping. 1>&2
exit 1
fi
}
sed (){
if ! echo $@ | grep -qw '\-i'; then
echo Running fallback sed: /bin/sed "$@" 1>&2
/bin/sed "$@"
else
[ 1"$1" = "1-i" ] && shift
SEDEXPR="$1"
shift
for FILE in "$@"; do
[ 1"$FILE" = "1-i" ] && continue
if [ -f "$FILE" ]; then
sedhelper "$FILE" "$SEDEXPR"
else
echo File "$FILE" does not exist, stopping. 1>&2
exit 1
fi
done
fi
}
Reference in a new issue View git blame Copy permalink