blob: 73bd4a0c23aa7e0be2799d6b3eff64f9770d4a51 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
#!/bin/bash
set -eux
# Used to update a Debian Apt repo, e.g. during a staging build or release process
# Where the base of all the repos is
BASE_PATH=${BASE_PATH:?}
if [[ ! -d "$BASE_PATH" ]]; then
echo "ERROR: invalid base path: $BASE_PATH"
exit 1
fi
# "debian/bookworm" "debian/bullseye" "debian/buster" "ubuntu/xenial" "ubuntu/bionic" "ubuntu/focal" "ubuntu/jammy" "raspbian/buster" "raspbian/bullseye"
DEB_REPO=${DEB_REPO:?}
# Set true to prevent signing
DISABLE_SIGNING=${DISABLE_SIGNING:-false}
REPO_DIR=$(realpath -sm "$BASE_PATH/$DEB_REPO" )
if [[ ! -d "$REPO_DIR" ]] ; then
echo "ERROR: missing $REPO_DIR"
exit 1
fi
CODENAME=${DEB_REPO##*/}
echo "Updating $DEB_REPO for $CODENAME"
# We use Aptly to create repos with a local temporary directory as the root.
# Once complete, we then move these to the output directory for upload.
# Based on https://github.com/spotify/debify/blob/master/debify.sh
APTLY_REPO_NAME="debify-$CODENAME"
APTLY_ROOTDIR=$(mktemp -d)
APTLY_CONFIG=$(mktemp)
# The origin and label fields seem to cover the base directory for the repo and codename.
# The docs seems to suggest these fields are optional and free-form: https://wiki.debian.org/DebianRepository/Format#Origin
# They are security checks to verify if they have changed so we match the legacy server.
APTLY_ORIGIN=". $CODENAME"
APTLY_LABEL=". $CODENAME"
if [[ "$DEB_REPO" == "debian/bullseye" ]]; then
# For Bullseye, the legacy server had a slightly different setup we try to reproduce here
APTLY_ORIGIN="bullseye bullseye"
APTLY_LABEL="bullseye bullseye"
fi
cat << EOF > "$APTLY_CONFIG"
{
"rootDir": "$APTLY_ROOTDIR/"
}
EOF
cat "$APTLY_CONFIG"
aptly -config="$APTLY_CONFIG" repo create \
-component="main" \
-distribution="$CODENAME" \
"$APTLY_REPO_NAME"
# Check if any files to add
count=$(find "$REPO_DIR" -maxdepth 1 -type f -name "*.deb" | wc -l)
if [[ $count != 0 ]] ; then
# Do not remove files as we need them from moving to staging-release
aptly -config="$APTLY_CONFIG" repo add -force-replace "$APTLY_REPO_NAME" "$REPO_DIR/"
else
echo "WARNING: no files to add in $DEB_REPO for $CODENAME"
fi
aptly -config="$APTLY_CONFIG" repo show "$APTLY_REPO_NAME"
if [[ "$DISABLE_SIGNING" != "true" ]]; then
aptly -config="$APTLY_CONFIG" publish repo -gpg-key="$GPG_KEY" -origin="$APTLY_ORIGIN" -label="$APTLY_LABEL" "$APTLY_REPO_NAME"
else
aptly -config="$APTLY_CONFIG" publish repo --skip-signing -origin="$APTLY_ORIGIN" -label="$APTLY_LABEL" "$APTLY_REPO_NAME"
fi
rsync -av "$APTLY_ROOTDIR"/public/* "$REPO_DIR"
# Remove unnecessary files
rm -rf "$REPO_DIR/conf/" "$REPO_DIR/db/" "$APTLY_ROOTDIR" "$APTLY_CONFIG"
|
