scripts
/
automate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
automate/020_mmdebstrap.sh

248 lines
8.8 KiB
Bash
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env bash
set -euo pipefail
# git build package has moved to sbuild as a backend for isolated debian package
# building using mmdebstrap generated chroots using 'unshare' for non-priveleged
# operation.
#
# the completed chroots can still be managed by th schroot methos/tools.
#
# sbuild caches the chroots it generated in ${HOME}/.cache/sbuild/ and looks
# there for named chroots suitable for build packages eq unstable-amd64.tar
sudo apt-install mmdebstrap
# You can override any of these variables on the command line:
: "${MMDEBSTRAP_HOME:=${HOME}/.config/mmdebstrap}"
: "${CACHE_DIR:=${HOME}/.cache/sbuild}"
: "${ARCH:=amd64}"
: "${VARIANT:=buildd}"
: "${SUITE:=ceres}"
: "${COMPONENT:=main contrib non-free non-free-firmware}"
# Print a nicelyformatted info line
info() { printf '\033[1;34m%s\033[0m\n' "$*"; }
# Die with an error message
die() {
printf '\033[1;31mERROR: %s\033[0m\n' "$*" >&2
exit 1
}
# Ensure a command exists
require_cmd() {
if ! command -v "$1" >/dev/null 2>&1; then
die "Missing required command: $1"
fi
}
require_cmd mmdebstrap
require_cmd gpg
require_cmd mkdir
require_cmd cp
# Make a directory for the scripts and hooks used to create mmdebstrap chroots.
mkdir -p ${MMDEBSTRAP_HOME}/{hooks,keyrings}
## Keyrings for apt
# https://files.devuan.org/devuan-archive-keyring.gpg
# Fetch the devuan repo keys
# We don't put this in hooks because we won;t have gpg in the chroot
# early on.
conf_print_download_repo_keys() {
cat <<EOF
#!/bin/sh
conf_add_keyring() {
local name="$1"
local keyid="$2"
local fingerprint="$3"
printf '%s\n' "$name ($keyid)"
printf '%s\n' "Fingerprint: ${fingerprint// /}"
gpg --keyserver keyring.devuan.org --recv-keys "$keyid"
gpg --fingerprint "$keyid"
gpg --export "${fingerprint// /}" >"${MMDEBSTRAP_HOME}/keyrings/devuan-${name,,}.gpg"
chmod 644 "${MMDEBSTRAP_HOME}/keyrings/devuan-${name,,}.gpg"
}
conf_print_download_repo_keys() {
conf_add_keyring "Ceres" "010291FF0AECE9B9" "EFA9 5D75 91EA 95A5 A417 945F 0102 91FF 0AEC E9B9"
conf_add_keyring "Excalibur" "B3982868D104092C" "9F8D 6C74 DE66 1075 FD17 1BE3 B398 2868 D104 092C"
conf_add_keyring "Freia" "55C470D57732684B" "6A27 69BF 7BE7 9F17 2569 6E0B 55C4 70D5 7732 684B"
conf_add_keyring "Amprolla3" "BB23C00C61FC752C" "E032 601B 7CA1 0BC3 EA53 FA81 BB23 C00C 61FC 752C"
conf_add_keyring "All others" "94532124541922FB" "72E3 CB77 3315 DFA2 E464 743D 9453 2124 5419 22FB"
}
conf_print_download_repo_keys
# copy-in requires the keyrings in /tmp
cp -a "${MMDEBSTRAP_HOME}/keyrings/" /tmp
EOF
}
mkdir -p ${MMDEBSTRAP_HOME}
conf_print_download_repo_keys | tee ${MMDEBSTRAP_HOME}/download-repo-keys.sh
chmod +x ${MMDEBSTRAP_HOME}/download-repo-keys.sh
info "Downloading keys …"
#${MMDEBSTRAP_HOME}/download-repo-keys.sh
# gitea debian package repository keyring for copy-in
cp -a /usr/share/keyrings/gitea-cyteen.gpg /tmp/keyrings/
cp -a /usr/share/keyrings/gitea-cyteen.gpg ${MMDEBSTRAP_HOME}/keyrings/
## hooks
# setup-hook - before packages are downloaded and installed.
# extract-hook - after essential packages were extracted but before they are installed.
# essential-hook - after the essential packages were installed, but before installing all other packages.
# customize-hook - after the chroot was created but before finalizing.
# cleanup-hook - runs after all customize hooks and before final cleanup actions.
# hook-directory - the files in the hook directory must have the prefix of setup, extract, essential, customize, or finalize.
# they must be executable and their sequence is determined by their number eg setup01.sh customize01.sh customize02.sh
# Set the Hostname and timezone and add a group
conf_print_setup_tz_locales_hostname() {
cat <<-'EOF'
#!/bin/sh
set -e
# Set the default debconf frontend to Readline
echo 'debconf debconf/frontend select Readline' | chroot "$1" debconf-set-selections
# Enable the wheel group.
sed -i '15 s/^# //' "$1"/etc/pam.d/su
chroot "$1" addgroup --system wheel
# Set the system's hostname.
echo "sbuildchroot" >"$1"/etc/hostname
# Set the timezone
echo "tzdata tzdata/Areas select Europe" | chroot "$1" debconf-set-selections
echo "tzdata tzdata/Zones/Europe select London" | chroot "$1" debconf-set-selections
echo 'tzdata tzdata/Zones/Etc select UTC' | chroot "$1" debconf-set-selections
# This has to be done or else dpkg-reconfigure insists on using Etc
# as the default timezone for whatever stupid reason.
echo "Europe/London" >"$1"/etc/timezone
chroot "$1" ln -sf "/usr/share/zoneinfo/Europe/London" /etc/localtime
chroot "$1" dpkg-reconfigure -f noninteractive tzdata
# Set locale
echo "locales locales/default_environment_locale select en_GB.UTF-8" | chroot "$1" debconf-set-selections
echo "locales locales/locales_to_be_generated multiselect en_GB.UTF-8 UTF-8" | chroot "$1" debconf-set-selections
chroot "$1" apt-get install locales -y
EOF
}
mkdir -p ${MMDEBSTRAP_HOME}/hooks
conf_print_setup_tz_locales_hostname | tee ${MMDEBSTRAP_HOME}/hooks/customize01.sh
chmod +x ${MMDEBSTRAP_HOME}/hooks/customize01.sh
# apt sources
conf_print_ceres_sources() {
cat <<-'FOE'
Types: deb
URIs: https://git2.ring-zero.co.uk/api/packages/cyteen/debian/
Suites: ceres
Components: main
Signed-By: /usr/share/keyrings/gitea-cyteen.gpg
FOE
}
mkdir -p ${MMDEBSTRAP_HOME}
conf_print_ceres_sources | tee ${MMDEBSTRAP_HOME}/gitea-cyteen.sources
conf_print_ceres_sources() {
cat <<-'FOE'
Types: deb
URIs: https://pkgmaster.devuan.org/merged/
Suites: ceres
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/devuan-ceres.gpg
Types: deb-src
URIs: https://pkgmaster.devuan.org/merged/
Suites: ceres
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/devuan-ceres.gpg
FOE
}
mkdir -p ${MMDEBSTRAP_HOME}
conf_print_ceres_sources | tee ${MMDEBSTRAP_HOME}/devuan_ceres.sources
# When using sbuild and wanting a gitea as an extra repo add this to
# ${HOME}/.config/sbuild/config.pl works
# $extra_repositories = [ 'deb https://git2.ring-zero.co.uk/api/packages/cyteen/debian ceres main' ];
# $extra_repository_keys = [ '/usr/share/keyrings/gitea-cyteen.gpg' ];
# Copy the sources created above into the chroot
conf_print_copy_in_ceres_sources() {
cat <<EOF
#!/bin/sh
set -e
mkdir -p \"$1\"/usr/share/keyrings
#mkdir -p \"$1\"/etc/apt/trusted.gpg.d
cp "${MMDEBSTRAP_HOME}/keyrings/devuan-ceres.gpg" \"$1\"/usr/share/keyrings/
cp "${MMDEBSTRAP_HOME}/keyrings/gitea-cyteen.gpg" \"$1\"/usr/share/keyrings/
cp "${MMDEBSTRAP_HOME}/devuan_ceres.sources" "\$1\"/etc/apt/sources.list.d/
cp "${MMDEBSTRAP_HOME}/gitea-cyteen.sources" "\$1\"/etc/apt/sources.list.d/
ls "$1"/usr/share/keyrings/
EOF
}
mkdir -p ${MMDEBSTRAP_HOME}/hooks
#conf_print_copy_in_ceres_sources | tee ${MMDEBSTRAP_HOME}/hooks/setup01.sh
#chmod +x ${MMDEBSTRAP_HOME}/hooks/setup01.sh
info "Creating Devuan $SUITE chroot …"
# Use a temporary directory for mmdebstraps cache if TMPDIR is unset
: "${TMPDIR:=/var/tmp}"
export TMPDIR
# Use a temporary directory for mmdebstraps cache if TMPDIR is unset
: "${TMPDIR:=/var/tmp}"
export TMPDIR
# The final tarball location
OUT_TAR="${CACHE_DIR}/unstable-${ARCH}.tar"
# Although the signed-by from the sources is used for the build of the chroot
# if you want the chroot to have working keys for apt you have to copy-in to
# the usual location. They say it can copy any file accessable to the user but
# copying from /tmp/works if copying from $HOME doesn't.
# --setup-hook='copy-in ${MMDEBSTRAP_HOME}/keyrings/devuan-ceres.gpg /usr/share/keyrings/' \
# --setup-hook='copy-in /usr/share/keyrings/gitea-ceres.gpg /usr/share/keyrings/' \
# --setup-hook='copy-in /etc/apt/sources.list.d/gitea-private.sources /etc/apt/sources.list.d/' \
# --setup-hook='copy-in /tmp/keyrings/devuan-ceres.gpg /usr/share/keyrings/' \
# --setup-hook='copy-in /tmp/keyrings/gitea-ceres.gpg /usr/share/keyrings/' \
# --setup-hook='copy-in /etc/apt/sources.list.d/gitea-private.sources /etc/apt/sources.list.d/' \
mmdebstrap \
--mode="unshare" \
--variant=${VARIANT} \
--arch=${ARCH} \
--Components="main contrib non-free non-free-firmware" \
--skip=output/mknod \
--format=tar \
--include=sudo,curl,adduser,tzdata,git,gpg,ca-certificates \
--setup-hook='mkdir -p "$1"/usr/share/keyrings/' \
--setup-hook='mkdir -p "$1"/etc/apt/sources.list.d/' \
--setup-hook='copy-in ${MMDEBSTRAP_HOME}/keyrings/devuan-ceres.gpg /usr/share/keyrings/' \
--setup-hook='copy-in /usr/share/keyrings/gitea-ceres.gpg /usr/share/keyrings/' \
--setup-hook='copy-in /etc/apt/sources.list.d/gitea-private.sources /etc/apt/sources.list.d/' \
--setup-hook='ls -lh "$1"/usr/share/keyrings/' \
--hook-directory=hooks \
--include=ccache \
--customize-hook='chroot "$1" update-ccache-symlinks' \
--include=eatmydata \
unstable "${OUT_TAR}" \
${MMDEBSTRAP_HOME}/devuan_${SUITE}.sources
unset TMPDIR
Reference in New Issue View Git Blame Copy Permalink