#!/bin/bash # # Copyright (C) 2008-2020 Ruben Rodriguez <ruben@trisquel.info> # Copyright (C) 2014 Santiago Rodriguez <santi@trisquel.info> # Copyright (C) 2019 David Trudgian <dave@trudgian.net> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # set -e set -o pipefail export LANG=C LC_TIME=C PACKAGE=$(echo $0 |/bin/sed s/make-//) export DATE=$(date +'%a, %d %b %Y %T %z') export DATA="$PWD/DATA/$PACKAGE" if ! [ 1$COMPONENT = "1main" ] then COMPONENT=${COMPONENT:-universe} export NO_PKG_MANGLE=1 fi [ -d PACKAGES ] || mkdir PACKAGES export DEBIAN_FRONTEND=noninteractive export DEBEMAIL=trisquel-devel@listas.trisquel.info export DEBFULLNAME="Trisquel GNU/Linux developers" export CODENAME=nabia export REVISION=10.0 export RELEASE=trisquel export DOMAIN=trisquel.info export UPSTREAM=focal export UPSTREAMRELEASE=20.04 MIRROR=http://archive.ubuntu.com/ubuntu LOCALMIRROR=http://archive.trisquel.org/trisquel LOCAL_APT=`mktemp -d` if [ -n "$BUILD_UNTIL" ] && (( $(echo "$BUILD_UNTIL $REVISION" | awk '{print ($1 > $2)}') )); then echo "Skipping build of helper with BUILD_UNTIL=$BUILD_UNTIL > REVISION=$REVISION" exit 0 fi export RPL="$PWD/DATA/rpl" rpl(){ $RPL "$@" } pkgversion(){ dpkg-parsechangelog --show-field Version } replace(){ find ${@:3} -type f -not -iregex '.*changelog.*' -not -iregex '.*copyright.*' -execdir /bin/sed --follow-symlinks -i s^"$1"^"$2"^g {} \; } changelog(){ head -n 1 debian/changelog | grep -q $UPSTREAM-security && REPO=$CODENAME-security || REPO=$CODENAME [ "$BACKPORT" = true ] || [ "$BACKPORTS" = true ] && REPO=${CODENAME}-backports #Name convention issue "+" breaking packages build like console-setup, using "-" instead. if [ "$NAME_CI" = true ];then echo | dch -D $REPO -v `pkgversion`-${REVISION}trisquel${VERSION} "$1" else echo | dch -D $REPO -v `pkgversion`+${REVISION}trisquel${VERSION} "$1" fi # Make sure the changelog file is identical between archs /bin/sed "/-- Trisquel/s/.*/ -- Trisquel GNU\/Linux developers <trisquel-devel@listas.trisquel.info> $DATE/" -i debian/changelog } #Setup local apt trap "rm -rf ${LOCAL_APT}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM mkdir -p ${LOCAL_APT}/var/lib/apt/partial mkdir -p ${LOCAL_APT}/var/cache/apt/archives/partial mkdir -p ${LOCAL_APT}/etc/ mkdir -p ${LOCAL_APT}/var/lib/dpkg touch ${LOCAL_APT}/var/lib/dpkg/status touch ${LOCAL_APT}/etc/trusted.gpg [ $UID = 0 ] && id _apt > /dev/null 2>&1 && chown _apt ${LOCAL_APT} -R cat << EOF > ${LOCAL_APT}/etc/apt.conf Dir::State "${LOCAL_APT}/var/lib/apt"; Dir::State::status "${LOCAL_APT}/var/lib/dpkg/status"; Dir::Etc::SourceList "${LOCAL_APT}/etc/apt.sources.list"; Dir::Etc::SourceParts ""; Dir::Cache "${LOCAL_APT}/var/cache/apt"; pkgCacheGen::Essential "none"; Dir::Etc::Trusted "${LOCAL_APT}/etc/trusted.gpg"; Acquire::ForceIPv4 "true"; EOF export TRUSTEDFILE=${LOCAL_APT}/etc/trusted.gpg if [ -f trusted.local.gpg ] then cp trusted.local.gpg "${LOCAL_APT}/etc/trusted.gpg" else # Trisquel key apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys B4EFB9F38D8AEBF1 > /dev/null apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys B138CA450C05112F > /dev/null # Ubuntu gpg keys apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 40976EAF437D05B5 > /dev/null apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 3B4FE6ACC0B21F32 > /dev/null apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 871920D1991BC93C > /dev/null # Debian gpg keys apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 9D6D8F6BC857C906 > /dev/null apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 8B48AD6246925553 > /dev/null apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys DCC9EFBF77E11517 > /dev/null apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 648ACFD622F3D138 > /dev/null apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 54404762BBB6E853 > /dev/null # Tor gpg key apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --import DATA/tor/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc fi # Also import the repository key optionally listed in the helper [ "1$REPOKEY" != "1" ] && apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver hkps://keyserver.ubuntu.com:443 $REPOKEY cat << EOF > ${LOCAL_APT}/etc/apt.sources.list deb-src $MIRROR $UPSTREAM main universe deb-src $MIRROR $UPSTREAM-updates main universe deb-src $MIRROR $UPSTREAM-security main universe EOF # manage external repository sources. If origin is ubuntu or debian, add updates and security repositories too if [ "1$EXTERNAL" != "1" ]; then if eval echo "$EXTERNAL" | grep "archive.ubuntu.com" | grep -qv -e updates -e security -e backports; then RELNAME=$(eval echo "$EXTERNAL" | cut -d' ' -f 3) COMPONENTS=$(eval echo "$EXTERNAL" | cut -d' ' -f 4-) echo "deb-src http://archive.ubuntu.com/ubuntu/ $RELNAME $COMPONENTS" > ${LOCAL_APT}/etc/apt.sources.list echo "deb-src http://archive.ubuntu.com/ubuntu/ ${RELNAME}-updates $COMPONENTS" >> ${LOCAL_APT}/etc/apt.sources.list echo "deb-src http://archive.ubuntu.com/ubuntu/ ${RELNAME}-security $COMPONENTS" >> ${LOCAL_APT}/etc/apt.sources.list elif eval echo "$EXTERNAL" | grep "ftp.debian.org" |grep -qv -e updates -e security -e backports -e testing -e sid -e unstable -e experimental ; then RELNAME=$(eval echo "$EXTERNAL" | cut -d' ' -f 3) COMPONENTS=$(eval echo "$EXTERNAL" | cut -d' ' -f 4-) echo "deb-src http://deb.debian.org/debian $RELNAME $COMPONENTS" > ${LOCAL_APT}/etc/apt.sources.list echo "deb-src http://deb.debian.org/debian ${RELNAME}-updates $COMPONENTS" >> ${LOCAL_APT}/etc/apt.sources.list echo "deb-src http://security.debian.org/debian-security/ ${RELNAME}-security $COMPONENTS" >> ${LOCAL_APT}/etc/apt.sources.list else eval echo "$EXTERNAL" > ${LOCAL_APT}/etc/apt.sources.list fi fi #Cleanup rm -rf PACKAGES/$PACKAGE mkdir PACKAGES/$PACKAGE cd PACKAGES/$PACKAGE [ $UID = 0 ] && id _apt > /dev/null 2>&1 && chown _apt . #Get package and uncompress it apt-get update -c $LOCAL_APT/etc/apt.conf if [ -n "$FIXED_VER" ]; then apt-get source --only-source $PACKAGE=$FIXED_VER --download-only -c ${LOCAL_APT}/etc/apt.conf else apt-get source --only-source $PACKAGE --download-only -c ${LOCAL_APT}/etc/apt.conf fi # Verify it first if grep -q "BEGIN PGP SIGNATURE" *.dsc; then KEY=$(gpg2 --keyid-format 0xlong --verify *.dsc 2>&1 | grep 0x | sed 's/.*0x//' || true) [ -z "$KEY" ] && KEY=$(gpgv --keyring ${LOCAL_APT}/etc/trusted.gpg *.dsc 2>&1 | egrep ".SA key" | sed 's/.*.SA key //' || true) if ! apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver hkps://keyserver.ubuntu.com:443 $KEY > /dev/null; then echo "W: invalid key from keyserver.ubuntu.com, fetching from db.debian.org" apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver hkps://keyring.debian.org:443 $KEY > /dev/null fi touch ${LOCAL_APT}/keyring.gpg gpg2 --keyring ${LOCAL_APT}/keyring.gpg --import ${LOCAL_APT}/etc/trusted.gpg gpg2 --verify --keyring ${LOCAL_APT}/etc/trusted.gpg *.dsc [ -n SCHROOT_COMMAND ] && gpgconf --kill gpg-agent else echo WARNING! The dsc file is not gpg signed! [ -z "$EXTERNAL" ] && exit 1 fi dpkg-source --no-check -x --skip-patches *.dsc source find -maxdepth 1 -type f | xargs rm cd source #disable 3.0 deb source format [ -f debian/source/format ] && rm debian/source/format [ -f debian/source/options ] && rm debian/source/options grep -lr 'Maintainer:' debian*/control* | \ xargs sed -i "s_^Maintainer.*_Maintainer: $DEBFULLNAME <$DEBEMAIL>_g" compile(){ # Make sure the series file is formated correctly after removals if [ -f debian/patches/series ]; then grep -q [a-z] debian/patches/series || echo -n > debian/patches/series fi if [ 1$QUILT != 1skip ]; then export QUILT_PATCHES=debian/patches grep -qv '^#' debian/patches/series 2>/dev/null && quilt push -a fi cd .. dpkg-source -b source rm -rf ${LOCAL_APT} echo "Trisquel source package built!" } sedhelper2(){ FILE="$1" EXPR="$2"";" while [ 1"$EXPR" != 1 ];do SUBEXPR=$(cut -d\; -f 1 <<< "$EXPR") MD5=$(md5sum "$FILE") echo Running modification-aware sed: sed "$SUBEXPR" -i "$FILE" 1>&2 /bin/sed "$SUBEXPR" -i "$FILE" if [ "$MD5" = "$(md5sum "$FILE")" ]; then echo File "$FILE" was not modified, stopping. 1>&2 exit 1 fi EXPR=$(cut -d\; -f 2- <<< "$EXPR" ) echo $EXPR | egrep ';' -q || break done } sedhelper(){ FILE="$1" EXPR="$2" MD5=$(md5sum "$FILE") echo Running modification-aware sed: sed "$EXPR" -i "$FILE" 1>&2 /bin/sed "$EXPR" -i "$FILE" if [ "$MD5" = "$(md5sum "$FILE")" ]; then echo File "$FILE" was not modified, stopping. 1>&2 exit 1 fi } sed (){ if ! echo $@ | grep -qw '\-i'; then echo Running fallback sed: /bin/sed "$@" 1>&2 /bin/sed "$@" else [ 1"$1" = "1-i" ] && shift SEDEXPR="$1" shift for FILE in "$@"; do [ 1"$FILE" = "1-i" ] && continue if [ -f "$FILE" ]; then sedhelper "$FILE" "$SEDEXPR" else echo File "$FILE" does not exist, stopping. 1>&2 exit 1 fi done fi } remove_patch(){ rm "$(find debian/patches -name "$1")" sed -i "/$1/d" debian/patches/series }