forked from tsaarni/docker-deb-builder
-
Notifications
You must be signed in to change notification settings - Fork 0
/
build-helper.sh
157 lines (129 loc) · 5.59 KB
/
build-helper.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
#!/bin/bash
set -euo pipefail
# This script is executed within the container as root. It assumes
# that source code with debian packaging files can be found at
# /source-ro and that resulting packages are written to /output after
# successful build. These directories are mounted as docker volumes to
# allow files to be exchanged between the host and the container.
CDEBB_DIR='/opt/cdebb'
CDEBB_BUILD_DIR="${CDEBB_DIR}/build"
if [ -t 0 ] && [ -t 1 ]; then
Blue='\033[0;34m'
Reset='\033[0m'
else
Blue=
Reset=
fi
function log {
echo -e "${Blue}[*] $1${Reset}"
}
CONTAINER_START_TIME="$EPOCHSECONDS"
# Remove directory owned by _apt
trap "rm -rf /var/cache/apt/archives/partial" EXIT
# force colors from dh and dpkg
export DH_COLORS="always"
export DPKG_COLORS="always"
log "Updating container"
apt-get update
apt-get upgrade -y --no-install-recommends
log "Checking for obsolete packages"
apt-mark minimize-manual -y
apt-get autoremove -y
log "Cleaning apt package cache"
apt-get autoclean
# Install extra dependencies that were provided for the build (if any)
# Note: dpkg can fail due to dependencies, ignore errors, and use
# apt-get to install those afterwards
if [ -d "${CDEBB_DIR}/dependencies" ]; then
log "Installing extra dependencies"
dpkg -i "${CDEBB_DIR}/dependencies"/*.deb || true
apt-get -f install -y --no-install-recommends
fi
adduser --system --no-create-home build-runner
# Install ccache
if [ -n "${USE_CCACHE+x}" ]; then
log "Setting up ccache"
apt-get install -y --no-install-recommends ccache
export CCACHE_DIR="${CDEBB_DIR}/ccache_dir"
ccache --zero-stats
chown -R --preserve-root build-runner: "${CDEBB_DIR}/ccache_dir"
fi
# Make read-write copy of source code
log "Copying source directory"
mkdir "${CDEBB_BUILD_DIR}"
cp -a "${CDEBB_DIR}/source-ro" "${CDEBB_BUILD_DIR}/source"
chown -R --preserve-root build-runner: "${CDEBB_BUILD_DIR}"
# Reset timestamps
if [ -n "${RESET_TIMESTAMPS+x}" ]; then
log "Resetting timestamps"
SOURCE_DATE_RFC2822=$(dpkg-parsechangelog --file "${CDEBB_BUILD_DIR}/source/debian/changelog" --show-field Date)
find "${CDEBB_BUILD_DIR}/source" -exec touch -m --no-dereference --date="${SOURCE_DATE_RFC2822}" {} +;
fi
cd "${CDEBB_BUILD_DIR}/source"
# Install build dependencies
log "Installing build dependencies"
mk-build-deps -ir -t "apt-get -o Debug::pkgProblemResolver=yes -y --no-install-recommends"
# Build packages
log "Building package with DEB_BUILD_OPTIONS set to '${DEB_BUILD_OPTIONS:-}'"
debuild_args=
# supported since Debian 11 (bullseye)
if dpkg-buildpackage --sanitize-env --help &> /dev/null; then
debuild_args+=' --sanitize-env'
fi
BUILD_START_TIME="$EPOCHSECONDS"
# supported since Debian 12 (bookworm)
if unshare --map-users 1,1,100 --help &> /dev/null; then
# shellcheck disable=SC2086
unshare --user --map-root-user --net --map-users 1,1,100 --map-users 65534,65534,1 --map-groups 1,1,100 --map-groups 65534,65534,1 --setuid "$(id -u build-runner)" --setgid "$(id -g build-runner)" -- env PATH="/usr/lib/ccache:$PATH" dpkg-buildpackage -rfakeroot -b --no-sign -sa ${debuild_args} 2>&1 | tee "${CDEBB_BUILD_DIR}/build.log"
else
log "unshare(1) does not support --map-users, falling back to runuser(1); build has network access"
# shellcheck disable=SC2086
runuser -u build-runner -- env PATH="/usr/lib/ccache:$PATH" dpkg-buildpackage -rfakeroot -b --no-sign -sa ${debuild_args} 2>&1 | tee "${CDEBB_BUILD_DIR}/build.log"
fi
log "Build completed in $((EPOCHSECONDS - BUILD_START_TIME)) seconds"
cd /
if [ -n "${USE_CCACHE+x}" ]; then
log "ccache statistics"
# supported since Debian 12 (bookworm)
if ccache --verbose --help &> /dev/null; then
ccache --show-stats --verbose
else
ccache --show-stats
fi
fi
# Run Lintian
if [ -n "${RUN_LINTIAN+x}" ]; then
log "Installing Lintian"
apt-get install -y --no-install-recommends lintian
adduser --system --no-create-home lintian-runner
log "+++ Lintian Report Start +++"
# supported since Debian 11 (bullseye)
if lintian --help | grep -w -- '--fail-on\b' &> /dev/null; then
runuser -u lintian-runner -- lintian --display-experimental --info --display-info --pedantic --tag-display-limit 0 --color always --verbose --fail-on none "${CDEBB_BUILD_DIR}"/*.changes 2>&1 | tee "${CDEBB_BUILD_DIR}/lintian.log"
else
runuser -u lintian-runner -- lintian --display-experimental --info --display-info --pedantic --tag-display-limit 0 --color always --verbose "${CDEBB_BUILD_DIR}"/*.changes 2>&1 | tee "${CDEBB_BUILD_DIR}/lintian.log"
fi
log "+++ Lintian Report End +++"
fi
# Drop color escape sequences from logs
cd "${CDEBB_BUILD_DIR}"
sed -E -e 's/\x1b\[[0-9;]+[mK]//g' --in-place=.color -- *.log
# Run blhc
if [ -n "${RUN_BLHC+x}" ]; then
log "Installing blhc"
apt-get install -y --no-install-recommends blhc
log "+++ blhc Report Start +++"
blhc --all --color "${CDEBB_BUILD_DIR}/build.log" 2>&1 | tee "${CDEBB_BUILD_DIR}/blhc.log" || true
log "+++ blhc Report End +++"
sed -E -e 's/\x1b\[[0-9;]+[mK]//g' --in-place=.color "${CDEBB_BUILD_DIR}/blhc.log"
fi
# Copy packages to output dir with user's permissions
if [ -n "${USER+x}" ] && [ -n "${GROUP+x}" ]; then
chown "${USER}:${GROUP}" -- *.deb *.buildinfo *.changes *.log *.log.color
else
chown root:root -- *.deb *.buildinfo *.changes *.log *.log.color
fi
cp -a -- *.deb *.buildinfo *.changes *.log *.log.color "${CDEBB_DIR}/output/"
log "Generated files:"
ls -l --almost-all --color=always --human-readable --ignore={*.log,*.log.color} "${CDEBB_DIR}/output"
log "Finished in $((EPOCHSECONDS - CONTAINER_START_TIME)) seconds"