-
-
Save rocodes/97a53b9aac35ba48065c2c6628d93707 to your computer and use it in GitHub Desktop.
Build a test .deb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/bin/bash | |
| set -eou pipefail | |
| # Build a test .deb from a PR into one of the securedrop-workstation repos (export, proxy, client, etc). | |
| # Will build .deb and then prompt user to copy .deb into the appropriate VM for testing | |
| # Usage: expects a clean (QubesOS-based) build environment as described below, with build dependencies already installed: | |
| # https://github.com/freedomofpress/securedrop-builder/wiki/FAQ#how-do-i-create-a-local-environment-suitable-for-building-packages | |
| # https://github.com/freedomofpress/securedrop-builder/blob/c0167ee9f73feab10bf73d1dd1706309eddf4591/scripts/install-deps#L5-L22 | |
| #### Helpers #### | |
| function usage { | |
| echo "Usage: $0 fpf-sdw-target-repo PR_ID" | |
| echo "Description: Utility meant for automating debian package builds for test-only purposes." | |
| echo "Builds from the tip of a remote branch (specified by PR ID) for testing purposes." | |
| echo "(fpf-sdw-target-repo examples: securedrop-export, securedrop-proxy, etc)" | |
| exit 1 | |
| } | |
| function clone_and_install_deps { | |
| # Clone the builder repo and the target repo | |
| echo "cloning repos..." | |
| git clone https://github.com/freedomofpress/securedrop-builder | |
| git clone https://github.com/freedomofpress/$REPO_NAME | |
| echo "installing build dependencies..." | |
| cd securedrop-builder | |
| make install-deps | |
| } | |
| function build_deb { | |
| # Pass REPO_NAME and TARBALL (a .tar.gz filename) | |
| REPO_NAME=$1 | |
| TARBALL=$2 | |
| # Now build the deb | |
| cd /home/user/securedrop-builder | |
| PKG_PATH=/home/user/$REPO_NAME/dist/$TARBALL make $REPO_NAME | |
| } | |
| ##### Clone builder and target repo, build tarball, build .deb ###### | |
| if [[ "$#" -lt 2 ]] || [[ "$#" -gt 3 ]]; then | |
| echo "Error - Missing arguments." | |
| usage | |
| fi | |
| REPO_NAME=$1 | |
| PR_ID=$2 | |
| clone_and_install_deps | |
| cd /home/user/$REPO_NAME | |
| echo "Check out PR" | |
| git fetch origin pull/$PR_ID/head && git checkout FETCH_HEAD | |
| HASH=$(git rev-parse --short HEAD) | |
| echo 'Will build deb from $HASH' | |
| # Set rc if provided, else default to rc1 | |
| #[[ -z "$3" ]] && RC="1" || RC=$3 | |
| #echo 'Bump version in setup.py to $RC' | |
| #sed -i -E "s/^(version=).*$/\1\"$RC\"/g" setup.py | |
| echo "Set up virtualenv...." | |
| make venv && source .venv/bin/activate | |
| echo "Building tarball..." | |
| python3 setup.py sdist | |
| PKGDIR=/home/user/$REPO_NAME/dist/ | |
| TARBALL=$(ls $PKGDIR) | |
| build_deb $REPO_NAME $TARBALL | |
| BUILDDIR=/home/user/securedrop-builder/build/debbuild/packaging/ | |
| DEBNAME=$(ls $BUILDDIR | grep .deb) | |
| echo "Test .deb built successfully. FOR LOCAL TESTING ONLY (must build from signed tag to build for staging or prod)" | |
| echo "$(openssl dgst -sha256 $BUILDDIR$DEBNAME)" | |
| echo "You will now be prompted to copy the .deb file into another VM for testing." | |
| # Copy deb to your testing vm. For a disposable VM, the .deb will need to be placed in | |
| # the underlying template, and the template shut down, to test the package. | |
| # If testing on a VM that has the `sd-workstation` tag, RPC policies will block this call, | |
| # and will need to be adjusted manually. | |
| qvm-copy-to-vm "" $BUILDDIR$DEBNAME |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment