FabInfra-Mirror/bffh
1
0
Fork 0
mirror of https://gitlab.com/fabinfra/fabaccess/bffh.git synced 2025-04-20 19:26:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

WIP: add GnuPG verifications

Browse Source
This commit is contained in:
Mario Voigt 2025-03-19 01:30:00 +01:00
parent e07317104e
commit 3a606c50fc
1 changed files with 32 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
debian/create-packages.sh vendored
View File

@ -31,6 +31,14 @@ declare -A ARCHES_DP=(
["amd64"]=amd64 ["amd64"]=amd64
) )
#architecture mapping array linux <-> RPM package control file
declare -A ARCHES_FP=(
["armv7"]=armhf
["aarch64"]=arm64
["amd64"]=x86_64
)
echo -e "SRCDIR: ${SRCDIR}" echo -e "SRCDIR: ${SRCDIR}"
BFFHV=$(grep "Standards-Version: " fabaccess-bffh-src/debian/control | awk -F ' ' '{print $2}') BFFHV=$(grep "Standards-Version: " fabaccess-bffh-src/debian/control | awk -F ' ' '{print $2}')
echo -e "BFFH target build version: ${BFFHV}" echo -e "BFFH target build version: ${BFFHV}"
@ -42,12 +50,14 @@ for ARCH_L in "${!ARCHES_LR[@]}"; do
ARCH_R=${ARCHES_LR[$ARCH_L]} ARCH_R=${ARCHES_LR[$ARCH_L]}
ARCH_D=${ARCHES_LD[$ARCH_L]} ARCH_D=${ARCHES_LD[$ARCH_L]}
ARCH_P=${ARCHES_DP[$ARCH_L]} ARCH_P=${ARCHES_DP[$ARCH_L]}
ARCH_F=${ARCHES_FP[$ARCH_L]}
echo -e "\n+++++++++++++++++++++++++++++++++++++++++++" echo -e "\n+++++++++++++++++++++++++++++++++++++++++++"
echo -e "ARCH_L (Linux) : ${ARCH_L}" echo -e "ARCH_L (Linux) : ${ARCH_L}"
echo -e "ARCH_R (Rust) : ${ARCH_R}" echo -e "ARCH_R (Rust) : ${ARCH_R}"
echo -e "ARCH_D (Docker Registry) : ${ARCH_D}" echo -e "ARCH_D (Docker Registry) : ${ARCH_D}"
echo -e "ARCH_P (Debian Package) : ${ARCH_P}" echo -e "ARCH_P (Debian Package) : ${ARCH_P}"
echo -e "ARCH_P (RPM Package) : ${ARCH_F}"
echo -e "+++++++++++++++++++++++++++++++++++++++++++\n" echo -e "+++++++++++++++++++++++++++++++++++++++++++\n"
# remove existing target dir if exists (from possible previous builds) # remove existing target dir if exists (from possible previous builds)
@ -81,15 +91,16 @@ for ARCH_L in "${!ARCHES_LR[@]}"; do
exit 1 exit 1
fi fi
# build deb archive with signing key; export deb package + debug symbol deb package + deb buildinfo
if [[ "${ARCH_L}" == "amd64" ]]; then if [[ "${ARCH_L}" == "amd64" ]]; then
echo -e "native architecture. no podman required. Building deb + rpm" echo -e "native architecture. no podman required. Building deb + rpm"
cd ${SRCDIR}/fabaccess-bffh-${BFFHV}/ cd ${SRCDIR}/fabaccess-bffh-${BFFHV}/
#dpkg-buildpackage -us -uc -k=B8F5D56C64A6161B35FB4892188C8D1E501EBD41 --host-arch "${ARCH_L}" --target-arch "${ARCH_L}" #dpkg-buildpackage -us -uc -k=B8F5D56C64A6161B35FB4892188C8D1E501EBD41 --host-arch "${ARCH_L}" --target-arch "${ARCH_L}"
dpkg-buildpackage -us -uc -k=B8F5D56C64A6161B35FB4892188C8D1E501EBD41 time dpkg-buildpackage -us -uc -k=B8F5D56C64A6161B35FB4892188C8D1E501EBD41
cd ${SRCDIR}/ cd ${SRCDIR}/
cp fabaccess-bffh_${BFFHV}_${ARCH_L}.deb /tmp/ cp fabaccess-bffh_${BFFHV}_${ARCH_L}.deb /tmp/
cp fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_L}.ddeb /tmp/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_L}.deb cp fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_L}.ddeb /tmp/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_L}.deb
cp fabaccess-bffh_${BFFHV}_${ARCH_L}.buildinfo ${DOWNLOAD}/
cd /tmp/ cd /tmp/
sudo alien --keep-version --verbose --scripts --to-rpm /tmp/fabaccess-bffh_${BFFHV}_${ARCH_L}.deb sudo alien --keep-version --verbose --scripts --to-rpm /tmp/fabaccess-bffh_${BFFHV}_${ARCH_L}.deb
sudo alien --keep-version --verbose --scripts --to-rpm /tmp/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_L}.deb sudo alien --keep-version --verbose --scripts --to-rpm /tmp/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_L}.deb
@ -115,20 +126,21 @@ for ARCH_L in "${!ARCHES_LR[@]}"; do
#test the container #test the container
sudo podman exec -u 0 --tty --interactive fabinfra_deb_${ARCH_L} bash -c "echo" sudo podman exec -u 0 --tty --interactive fabinfra_deb_${ARCH_L} bash -c "echo"
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "Error creating or attaching to container 'fabinfra_deb_"${ARCH_L}"'. You might need to re-run 'install-requirements.sh'." echo -e "Error creating or attaching to container 'fabinfra_deb_"${ARCH_L}"'. You might need to re-run 'install-requirements.sh' or reboot system (due to possibly happened library upgrades in the meantime)."
sudo podman logs fabinfra_deb_${ARCH_L} sudo podman logs fabinfra_deb_${ARCH_L}
exit 1 exit 1
fi fi
# now attach to that container and start building the packages # now attach to that container and start building the packages
#sudo podman exec -u 0 --tty --interactive fabinfra_deb_${ARCH_L} bash #sudo podman exec -u 0 --tty --interactive fabinfra_deb_${ARCH_L} bash
sudo podman exec -u 0 --tty --interactive fabinfra_deb_${ARCH_L} bash -c " time sudo podman exec -u 0 --tty --interactive fabinfra_deb_${ARCH_L} bash -c "
apt update && apt upgrade; apt update && apt upgrade -y;
cd /srcdir/fabaccess-bffh-${BFFHV}/; cd /srcdir/fabaccess-bffh-${BFFHV}/;
dpkg-buildpackage -us -uc -k=B8F5D56C64A6161B35FB4892188C8D1E501EBD41; dpkg-buildpackage -us -uc -k=B8F5D56C64A6161B35FB4892188C8D1E501EBD41;
cd /srcdir/; cd /srcdir/;
cp fabaccess-bffh_${BFFHV}_${ARCH_P}.deb /tmp/; cp fabaccess-bffh_${BFFHV}_${ARCH_P}.deb /tmp/;
cp fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.ddeb /tmp/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.deb; cp fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.ddeb /tmp/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.deb;
cp fabaccess-bffh_${BFFHV}_${ARCH_P}.buildinfo /download/;
cd /tmp/; cd /tmp/;
alien --keep-version --verbose --scripts --to-rpm /tmp/fabaccess-bffh_${BFFHV}_${ARCH_P}.deb; alien --keep-version --verbose --scripts --to-rpm /tmp/fabaccess-bffh_${BFFHV}_${ARCH_P}.deb;
alien --keep-version --verbose --scripts --to-rpm /tmp/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.deb; alien --keep-version --verbose --scripts --to-rpm /tmp/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.deb;
@ -141,6 +153,21 @@ for ARCH_L in "${!ARCHES_LR[@]}"; do
# free up resources # free up resources
sudo podman stop fabinfra_deb_${ARCH_L} sudo podman stop fabinfra_deb_${ARCH_L}
fi fi
echo -e "Signing deb files with gpg (AFTER rpm creation) to allow verification for the users who are going to install later (creating sig + asc) ..."
gpg --yes --output ${DOWNLOAD}/fabaccess-bffh_${BFFHV}_${ARCH_P}.sig --detach-sig ${DOWNLOAD}/fabaccess-bffh_${BFFHV}_${ARCH_P}.deb
gpg --yes --output ${DOWNLOAD}/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.sig --detach-sig ${DOWNLOAD}/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.deb
gpg --yes --enarmor ${DOWNLOAD}/fabaccess-bffh_${BFFHV}_${ARCH_P}.sig
gpg --yes --enarmor ${DOWNLOAD}/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.sig
echo -e "Verifying DEB signatures ..."
gpg --verify ${DOWNLOAD}/fabaccess-bffh_${BFFHV}_${ARCH_P}.sig.asc ${DOWNLOAD}/fabaccess-bffh_${BFFHV}_${ARCH_P}.deb
gpg --verify ${DOWNLOAD}/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.sig.asc ${DOWNLOAD}/fabaccess-bffh-dbgsym_${BFFHV}_${ARCH_P}.deb
echo -e "Verifying RPM signatures ..."
rpm --verbose --checksig ${DOWNLOAD}/fabaccess-bffh-${BFFHV}-1.${ARCH_F}.rpm
rpm --verbose --checksig ${DOWNLOAD}/fabaccess-bffh-dbgsym-${BFFHV}-1.${ARCH_F}.rpm
done done
echo -e "\n+++++++++++++++++++++++++++++++++++++++++++" echo -e "\n+++++++++++++++++++++++++++++++++++++++++++"