build: allow to build the package in a clean container.

2024-11-14 23:43:56 +01:00 · 2022-10-04 23:17:11 +01:00 · 2022-10-04 23:17:11 +01:00 · fa1f71a151
commit fa1f71a151
parent 027a506eec
4 changed files with 159 additions and 0 deletions
--- a/dists/build/archlinux/Dockerfile
+++ b/dists/build/archlinux/Dockerfile
@ -0,0 +1,13 @@
+FROM archlinux:base-devel
+
+RUN pacman -Syu --noconfirm --noprogressbar --quiet \
+        devtools git pacman-contrib \
+        go git rsync lsb-release && \
+    paccache -r -k 0 && \
+    pacman -Rscn --noconfirm --noprogressbar pacman-contrib && \
+    useradd -m -s /bin/bash -u 1000 build && \
+    echo "build ALL=NOPASSWD: ALL" >> /etc/sudoers && \
+    chown -R build:build /home/build
+
+USER build
+CMD ["/bin/bash"]
--- a/dists/build/build.sh
+++ b/dists/build/build.sh
@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+# Build the package in a clean Archlinux/Debian/Ubuntu container
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Usage: make <distribution>
+
+set -eu
+
+readonly BASEIMAGE="${BASEIMAGE:-}"
+readonly PKGNAME=apparmor.d
+readonly VOLUME=/tmp/build
+readonly BUILDIR=/home/build/tmp
+readonly COMMAND="$1"
+VERSION="0.$(git rev-list --count HEAD)-1"
+PACKAGER="$(git config user.name) <$(git config user.email)>"
+readonly VERSION PACKAGER
+
+_start() {
+    local name="$1"
+    docker start "$name"
+}
+
+_is_running() {
+    local name="$1"
+    res="$(docker inspect -f '{{ .State.Running }}' "$name")" &>/dev/null
+    exist=$?
+    if [[ $exist -ne 0 ]]; then
+        return $exist
+    elif [[ "$res" == true ]]; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+_exist() {
+    local name="$1"
+    docker inspect -f '{{ .State.Running }}' "$name" &>/dev/null
+}
+
+sync() {
+    mkdir -p "$VOLUME"
+    rsync -ra --delete . "$VOLUME/$PKGNAME"
+}
+
+build_in_docker_makepkg() {
+    local name="$1"
+
+    if _exist "$name"; then
+        if ! _is_running "$name"; then
+            _start "$name"
+        fi
+    else
+        docker build -t "$BASEIMAGE$name" "dists/build/$name"
+        docker run -tid --name "$name" --volume "$VOLUME:$BUILDIR" \
+            --env MAKEFLAGS="-j$(nproc)" --env PACKAGER="$PACKAGER" \
+            --env PKGDEST="$BUILDIR" --env DIST="$name" \
+            "$BASEIMAGE$name"
+    fi
+
+    docker exec -i --workdir="$BUILDIR/$PKGNAME" "$name" \
+        makepkg -sfC --noconfirm --noprogressbar
+    mv "$VOLUME/$PKGNAME"-*.pkg.* .
+}
+
+build_in_docker_dpkg() {
+    local name="$1"
+
+    if _exist "$name"; then
+        if ! _is_running "$name"; then
+            _start "$name"
+        fi
+    else
+        docker build -t "$BASEIMAGE$name" "dists/build/$name"
+        docker run -tid --name "$name" --volume "$VOLUME:$BUILDIR" \
+            --env DEBIAN_FRONTEND=noninteractive --env DIST="$name" \
+            "$BASEIMAGE$name"
+    fi
+
+    docker exec --workdir="$BUILDIR/$PKGNAME" "$name" \
+        dch --newversion="$VERSION" --urgency=medium --distribution=stable --controlmaint "Release $VERSION"
+    docker exec --workdir="$BUILDIR/$PKGNAME" "$name" \
+        dpkg-buildpackage -b -d --no-sign
+    mv "$VOLUME/${PKGNAME}_${VERSION}"_*.* .
+}
+
+main() {
+    case "$COMMAND" in
+    archlinux)
+        sync
+        build_in_docker_makepkg "$COMMAND"
+        ;;
+
+    debian | ubuntu | whonix)
+        sync
+        build_in_docker_dpkg "$COMMAND"
+        ;;
+
+    *) ;;
+    esac
+}
+
+main "$@"
--- a/dists/build/debian/Dockerfile
+++ b/dists/build/debian/Dockerfile
@ -0,0 +1,23 @@
+FROM debian:11
+
+ENV DEBIAN_FRONTEND=noninteractive \
+    TERM=xterm
+
+# hadolint ignore=DL3008
+RUN echo 'deb http://deb.debian.org/debian bullseye-backports main contrib non-free' >> /etc/apt/sources.list && \
+    apt-get update -y && apt-get -qq -y --no-install-recommends upgrade && \
+    apt-get -qq -y --no-install-recommends install \
+        build-essential devscripts debhelper fakeroot config-package-dev \
+		git lsb-release rsync && \
+    apt-get -qq -y --no-install-recommends install \
+        golang-1.19-go -t bullseye-backports && \
+    apt-get -qy autoremove && \
+    apt-get -qq --purge remove -y .\*-doc$ && \
+    apt-get clean && \
+    rm -rf /usr/share/doc /usr/share/man /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
+    ln -s /usr/lib/go-1.19/bin/go /usr/bin/go && \
+    useradd -m -s /bin/bash -u 1000 build && \
+    chown -R build:build /home/build
+
+USER build
+CMD ["/bin/bash"]
--- a/dists/build/ubuntu/Dockerfile
+++ b/dists/build/ubuntu/Dockerfile
@ -0,0 +1,19 @@
+FROM ubuntu:22.04
+
+ENV DEBIAN_FRONTEND=noninteractive \
+    TERM=xterm
+
+# hadolint ignore=DL3008
+RUN apt-get update -y && apt-get -qq -y --no-install-recommends upgrade && \
+    apt-get -qq -y --no-install-recommends install \
+        build-essential devscripts debhelper fakeroot config-package-dev \
+		git lsb-release rsync golang-go && \
+    apt-get -qy autoremove && \
+    apt-get -qq --purge remove -y .\*-doc$ && \
+    apt-get clean && \
+    rm -rf /usr/share/doc /usr/share/man /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
+    useradd -m -s /bin/bash -u 1000 build && \
+    chown -R build:build /home/build
+
+USER build
+CMD ["/bin/bash"]