From fa1f71a1512f19d78cf37c799b9fb69fa0a17358 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Tue, 4 Oct 2022 23:17:11 +0100 Subject: [PATCH] build: allow to build the package in a clean container. --- dists/build/archlinux/Dockerfile | 13 ++++ dists/build/build.sh | 104 +++++++++++++++++++++++++++++++ dists/build/debian/Dockerfile | 23 +++++++ dists/build/ubuntu/Dockerfile | 19 ++++++ 4 files changed, 159 insertions(+) create mode 100644 dists/build/archlinux/Dockerfile create mode 100644 dists/build/build.sh create mode 100644 dists/build/debian/Dockerfile create mode 100644 dists/build/ubuntu/Dockerfile diff --git a/dists/build/archlinux/Dockerfile b/dists/build/archlinux/Dockerfile new file mode 100644 index 000000000..a0698962c --- /dev/null +++ b/dists/build/archlinux/Dockerfile @@ -0,0 +1,13 @@ +FROM archlinux:base-devel + +RUN pacman -Syu --noconfirm --noprogressbar --quiet \ + devtools git pacman-contrib \ + go git rsync lsb-release && \ + paccache -r -k 0 && \ + pacman -Rscn --noconfirm --noprogressbar pacman-contrib && \ + useradd -m -s /bin/bash -u 1000 build && \ + echo "build ALL=NOPASSWD: ALL" >> /etc/sudoers && \ + chown -R build:build /home/build + +USER build +CMD ["/bin/bash"] diff --git a/dists/build/build.sh b/dists/build/build.sh new file mode 100644 index 000000000..12e6789ce --- /dev/null +++ b/dists/build/build.sh @@ -0,0 +1,104 @@ +#!/usr/bin/env bash +# Build the package in a clean Archlinux/Debian/Ubuntu container +# Copyright (C) 2022 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +# Usage: make + +set -eu + +readonly BASEIMAGE="${BASEIMAGE:-}" +readonly PKGNAME=apparmor.d +readonly VOLUME=/tmp/build +readonly BUILDIR=/home/build/tmp +readonly COMMAND="$1" +VERSION="0.$(git rev-list --count HEAD)-1" +PACKAGER="$(git config user.name) <$(git config user.email)>" +readonly VERSION PACKAGER + +_start() { + local name="$1" + docker start "$name" +} + +_is_running() { + local name="$1" + res="$(docker inspect -f '{{ .State.Running }}' "$name")" &>/dev/null + exist=$? + if [[ $exist -ne 0 ]]; then + return $exist + elif [[ "$res" == true ]]; then + return 0 + else + return 1 + fi +} + +_exist() { + local name="$1" + docker inspect -f '{{ .State.Running }}' "$name" &>/dev/null +} + +sync() { + mkdir -p "$VOLUME" + rsync -ra --delete . "$VOLUME/$PKGNAME" +} + +build_in_docker_makepkg() { + local name="$1" + + if _exist "$name"; then + if ! _is_running "$name"; then + _start "$name" + fi + else + docker build -t "$BASEIMAGE$name" "dists/build/$name" + docker run -tid --name "$name" --volume "$VOLUME:$BUILDIR" \ + --env MAKEFLAGS="-j$(nproc)" --env PACKAGER="$PACKAGER" \ + --env PKGDEST="$BUILDIR" --env DIST="$name" \ + "$BASEIMAGE$name" + fi + + docker exec -i --workdir="$BUILDIR/$PKGNAME" "$name" \ + makepkg -sfC --noconfirm --noprogressbar + mv "$VOLUME/$PKGNAME"-*.pkg.* . +} + +build_in_docker_dpkg() { + local name="$1" + + if _exist "$name"; then + if ! _is_running "$name"; then + _start "$name" + fi + else + docker build -t "$BASEIMAGE$name" "dists/build/$name" + docker run -tid --name "$name" --volume "$VOLUME:$BUILDIR" \ + --env DEBIAN_FRONTEND=noninteractive --env DIST="$name" \ + "$BASEIMAGE$name" + fi + + docker exec --workdir="$BUILDIR/$PKGNAME" "$name" \ + dch --newversion="$VERSION" --urgency=medium --distribution=stable --controlmaint "Release $VERSION" + docker exec --workdir="$BUILDIR/$PKGNAME" "$name" \ + dpkg-buildpackage -b -d --no-sign + mv "$VOLUME/${PKGNAME}_${VERSION}"_*.* . +} + +main() { + case "$COMMAND" in + archlinux) + sync + build_in_docker_makepkg "$COMMAND" + ;; + + debian | ubuntu | whonix) + sync + build_in_docker_dpkg "$COMMAND" + ;; + + *) ;; + esac +} + +main "$@" diff --git a/dists/build/debian/Dockerfile b/dists/build/debian/Dockerfile new file mode 100644 index 000000000..85f8c2cf9 --- /dev/null +++ b/dists/build/debian/Dockerfile @@ -0,0 +1,23 @@ +FROM debian:11 + +ENV DEBIAN_FRONTEND=noninteractive \ + TERM=xterm + +# hadolint ignore=DL3008 +RUN echo 'deb http://deb.debian.org/debian bullseye-backports main contrib non-free' >> /etc/apt/sources.list && \ + apt-get update -y && apt-get -qq -y --no-install-recommends upgrade && \ + apt-get -qq -y --no-install-recommends install \ + build-essential devscripts debhelper fakeroot config-package-dev \ + git lsb-release rsync && \ + apt-get -qq -y --no-install-recommends install \ + golang-1.19-go -t bullseye-backports && \ + apt-get -qy autoremove && \ + apt-get -qq --purge remove -y .\*-doc$ && \ + apt-get clean && \ + rm -rf /usr/share/doc /usr/share/man /var/lib/apt/lists/* /tmp/* /var/tmp/* && \ + ln -s /usr/lib/go-1.19/bin/go /usr/bin/go && \ + useradd -m -s /bin/bash -u 1000 build && \ + chown -R build:build /home/build + +USER build +CMD ["/bin/bash"] diff --git a/dists/build/ubuntu/Dockerfile b/dists/build/ubuntu/Dockerfile new file mode 100644 index 000000000..aea5f4471 --- /dev/null +++ b/dists/build/ubuntu/Dockerfile @@ -0,0 +1,19 @@ +FROM ubuntu:22.04 + +ENV DEBIAN_FRONTEND=noninteractive \ + TERM=xterm + +# hadolint ignore=DL3008 +RUN apt-get update -y && apt-get -qq -y --no-install-recommends upgrade && \ + apt-get -qq -y --no-install-recommends install \ + build-essential devscripts debhelper fakeroot config-package-dev \ + git lsb-release rsync golang-go && \ + apt-get -qy autoremove && \ + apt-get -qq --purge remove -y .\*-doc$ && \ + apt-get clean && \ + rm -rf /usr/share/doc /usr/share/man /var/lib/apt/lists/* /tmp/* /var/tmp/* && \ + useradd -m -s /bin/bash -u 1000 build && \ + chown -R build:build /home/build + +USER build +CMD ["/bin/bash"]