-
Notifications
You must be signed in to change notification settings - Fork 2
/
.pbuilderrc
328 lines (277 loc) · 10.3 KB
/
.pbuilderrc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
# Will
# Rather more complicated support for sending build results to user home
# directory and signing with a default pbuilder key.
#
# debsign key is set in ~/.devscripts
# uses the detect-http-proxy script to set http proxy.
#
# 2008-08-13 tyler
# support building multiple distributions and architecture
# this is an ugly hack to try and let pbuilder know which user it should
# be working with. Basically we define check if an environment variable exists
# and if it does not, define it - this should catch the correct user.
function log() {
echo "$*" 1>&2
}
function fatal() {
echo "$*" 1>&2
exit 1
}
if [ -z "$pbuilder_user" ]; then
pbuilder_user=$SUDO_USER
export pbuilder_user
fi
echo "PBuilder User: $pbuilder_user"
if [ -z "$pbuilder_user" ]; then
fatal "Failed to find a pbuilder username"
fi
declare -x HOME
if ! HOME=$( getent passwd "$pbuilder_user" | cut -d: -f6 ); then
fatal "Could not find pbuilder_user home directory"
fi
# Get the distribution names
: "${DIST:=$(lsb_release --short --codename)}"
: "${ARCH:=$(dpkg --print-architecture)}"
export PBUILDER_REPO="$HOME/pbuilder/repo"
export PBUILDER_HOOKS="$HOME/pbuilder/hooks"
export PBUILDER_CACHE="$HOME/.cache/pbuilder"
export PBUILDER_GPG="$HOME/pbuilder/repo/gpg"
unset GOROOT
unset GOPATH
# Export the GPG home so it can bound into the build environment
GPG_HOME=$(gpg --version | grep 'Home:' | cut -d' ' -f2)
export TRUSTED_KEYS="$PBUILDER_REPO/host-trusted.gpg"
# determine if we're invoked by pbuilder
if [ -z "$BASEPATH" ]; then
IS_PBUILDER=1
fi
# Export ~/.devscripts into the environment
set -a
source "$HOME/.devscripts"
set +a
# Do any remapping for Linux Mint
source "$PBUILDER_HOOKS/common-name-remapping"
# detect and set http_proxy using local script
APT_PROXY_CMD=$(cat /etc/apt/apt.conf /etc/apt/apt.conf.d/* 2> /dev/null |
grep -v -e ^# -e ^\/\/ -e ^$ |
grep Acquire::http::ProxyAutoDetect |
sed 's/Acquire::http::ProxyAutoDetect\ //' | sed '$s/;$//' | tr -d '"')
# did we get an apt proxy cmd?
if [ ! -z "$APT_PROXY_CMD" ]; then
echo "Trying to detect proxy using apt script..."
deb_proxy=$(bash -c "$APT_PROXY_CMD")
else
# try and get just a regular proxy
deb_proxy=$(cat /etc/apt/apt.conf /etc/apt/apt.conf.d/* 2> /dev/null |
grep -v -e ^# -e ^\/\/ -e ^$ |
grep 'Acquire::http::ProxyAutoDetect ' |
sed 's/Acquire::http::Proxy\ //' | sed '$s/;$//' | tr -d '"' )
fi
if [ ! -z "$deb_proxy" ]; then
echo "pbuilder will use proxy: $deb_proxy"
else
# Check if there's an http_proxy in the environment
if [ ! -z "$http_proxy" ]; then
deb_proxy="$http_proxy"
else
echo "No proxy will be used."
fi
fi
# Try and match names to mirror sites
shopt -s extglob
UBUNTUNAMES="@($(cat "$PBUILDER_HOOKS/ubuntu-names"))"
OLDUBUNTUNAMES="@($(cat "$PBUILDER_HOOKS/oldubuntu-names"))"
DEBIANNAMES="@($(cat "$PBUILDER_HOOKS/debian-names"))"
case "$DIST" in
$UBUNTUNAMES) # ubuntu specific
MIRRORSITE="http://archive.ubuntu.com/ubuntu/"
COMPONENTS="main restricted universe multiverse"
;;
$OLDUBUNTUNAMES) # old ubuntu
MIRRORSITE="http://old-releases.ubuntu.com/ubuntu/"
COMPONENTS="main restricted universe multiverse"
;;
$DEBIANNAMES) # debian specific
MIRRORSITE="http://mirrors.kernel.org/debian/"
COMPONENTS="main contrib non-free"
;;
*) # Try and determine if there's a new release
echo "Unknown distribution: $DIST"
echo "Attempting to match new Ubuntu release:"
UBUNTULIST=$(wget -qO- "http://archive.ubuntu.com/ubuntu/dists/" | \
sed -n 's/.*href="\(.*\)\/".*/\1/p')
for UBUNTULISTITEM in $UBUNTULIST; do
if [[ "$UBUNTULISTITEM" == "$DIST" ]]; then
echo "New release found in Ubuntu archives!"
echo "Adding it to the known release list."
echo "$DIST|$(cat $PBUILDER_HOOKS/ubuntu-names)" \
> $PBUILDER_HOOKS/ubuntu-names
MIRRORSITE="http://archive.ubuntu.com/ubuntu/"
COMPONENTS="main restricted universe multiverse"
RESOLVEDUNKNOWN=1
break
fi
done
if [ -z $RESOLVEDUNKNOWN ]; then
echo "Couldn't find a mirror for the new specified release."
exit 1
fi
;;
esac
# If DIST evaluates to a suitable line in the local apt configuration, use that
# and take advantage of the likely primed cache if there's any proxy's in front
# of us.
LOCAL_CONFIGURED_MIRROR=$(cat /etc/apt/sources.list /etc/apt/sources.list.d/*.list 2> /dev/null |
grep -v -e ^# -e ^\/\/ -e ^$ |
grep "^deb " |
grep -e "$DIST $COMPONENTS" | sed s/deb\ // | cut -d' ' -f1)
if [ -n "$LOCAL_CONFIGURED_MIRROR" ]; then
MIRRORSITE="$LOCAL_CONFIGURED_MIRROR"
log "Found alternative mirrors: $MIRRORSITE"
fi
if [ -n $"${OVERRIDE_MIRROR}" ]; then
log "Override mirror specified: $OVERRIDE_MIRROR replacing $MIRRORSITE"
MIRRORSITE="$OVERRIDE_MIRROR"
fi
# Packages needed to support deb details
EXTRAPACKAGES="apt-utils lsb-release ubuntu-keyring debian-keyring gpg"
# configure dist specific packages
case "$DIST" in
$UBUNTUNAMES|$OLDUBUNTUNAMES) # ubuntu specific
if [ "$DIST" \> "lucid" ]; then
echo "enabling eatmydata for > lucid release"
EXTRAPACKAGES="$EXTRAPACKAGES eatmydata"
fi
;;
esac
echo "Merging host keyrings into $PBUILDER_REPO/host-trusted.gpg"
if [ -e "$PBUILDER_REPO/host-trusted.gpg" ]; then
if ! mv -f "$PBUILDER_REPO/host-trusted.gpg" "$PBUILDER_REPO/host-trusted.gpg.bak"; then
fatal "Failed to backup host trusted keyrings for the repo"
fi
fi
# Ensure keyring is recreated
gpg \
--homedir "$PBUILDER_GPG" \
--no-options \
--no-default-keyring \
--keyring "$PBUILDER_REPO/host-trusted.gpg" \
--list-keys
host_keyrings=( "/etc/apt/trusted.gpg" )
readarray -t -O "${#host_keyrings[@]}" host_keyrings < <(find /etc/apt/trusted.gpg.d/ -name '*.gpg' -print)
readarray -t -O "${#host_keyrings[@]}" host_keyrings < <(find /etc/apt/keyrings/ -name '*.gpg' -print)
for f in "${host_keyrings[@]}"; do
log "Importing: $f"
gpg --homedir "$PBUILDER_GPG" --no-options --no-default-keyring --export --armor --keyring "$f" | \
gpg \
--homedir "$PBUILDER_GPG" \
--no-options \
--no-default-keyring \
--keyring "$PBUILDER_REPO/host-trusted.gpg" \
--import --armor
done
# Calculate concurrency value for local system
CONCURRENCY="$(( $(grep -c processor < /proc/cpuinfo) / 2 ))"
export APTKEYRINGS=( "${host_keyrings[@]}" )
DEBOOTSTRAPOPTS="--keyring=$PBUILDER_REPO/host-trusted.gpg"
# sign packages - if I'm building them they're trusted by me at least
export AUTO_DEBSIGN="yes"
NAME="$DIST-$ARCH"
export DISTRIBUTION="$DIST"
export DEBOOTSTRAPOPTS=("--arch" "$ARCH" "${DEBOOTSTRAPOPTS[@]}")
export BUILDRESULT="${PBUILDER_CACHE}/$NAME/result"
export BUILDPLACE="${PBUILDER_CACHE}/$NAME/build"
export DEBBUILDOPTS="-j${CONCURRENCY} "
# Regular pbuilder support
export BASETGZ="${PBUILDER_CACHE}/$NAME-base.tgz"
# QemuBuilder/CowDancer
export BASEPATH="${PBUILDER_CACHE}/$NAME-base.qemu"
# TODO: replace with something that automatically acquires the right kernel
export KERNEL="/vmlinuz"
export INITRD="/initrd.img"
export ARCHITECTURE="$ARCH"
# Disable apt-cache since we use apt-cacher-ng
export APTCACHE=""
# Don't rebuild source files (.diff.gz, .dsc), or list them in .changes
# See Ubuntu bug 118181
#DEBBUILDOPTS=""
# Dump out some information about what's going on here
echo "Environment name: $NAME"
echo "Distribution is: $DIST"
echo "DEBOOTSTRAPOPTS is: ${DEBOOTSTRAPOPTS[*]}"
# Adjust output according to pbuilder/qemubuilder
if [ -z $IS_PBUILDER ]; then
echo "Environment will be stored in: $BASEPATH"
else
echo "Environment will be stored in: $BASETGZ"
fi
# Local pbuilder result repository
echo "Local pbuilder repository: $PBUILDER_REPO"
# Complex bindmounts prevent symlinks in trust folders from taking us out.
bind_mounts=(\
"$PBUILDER_REPO" \
"$BUILDRESULT" \
"$PBUILDER_HOOKS" \
"/etc/apt/apt.conf.d" \
"/etc/apt/auth.conf.d" \
"/etc/apt/keyrings" \
"/etc/apt/preferences.d" \
"/etc/apt/sources.list" \
"/etc/apt/sources.list.d" \
)
if [ -n "$APT_PROXY_CMD" ]; then
bind_mounts+=( "$APT_PROXY_CMD" )
fi
export BINDMOUNTS="${bind_mounts[*]}"
export OTHERMIRROR="deb file:$PBUILDER_REPO/$NAME ./"
export HOOKDIR="$PBUILDER_HOOKS"
# Setup the build destination
if [ ! -d $BUILDRESULT ] ; then
mkdir -p "$BUILDRESULT"
# set permissions so I can delete files
chgrp "$pbuilder_user" "$BUILDRESULT"
chmod g+rwx "$BUILDRESULT"
fi
# Setup the local build repository
if [ ! -d "$PBUILDER_REPO/$NAME" ] ; then
mkdir -p "$PBUILDER_REPO/$NAME"
# set permissions so I can delete files
chgrp "$pbuilder_user" "$PBUILDER_REPO/$NAME"
chmod g+rwxs "$PBUILDER_REPO/$NAME"
fi
if [ ! -e "$PBUILDER_REPO/$NAME/apt-ftparchive.conf" ]; then
cat << EOF > "$PBUILDER_REPO/$NAME/apt-ftparchive.conf"
# Configuration file for the pbuilder flat-file archive.
APT::FTPArchive::Release::Codename "$DIST";
APT::FTPArchive::Release::Origin "pbuilder";
APT::FTPArchive::Release::Components "main";
APT::FTPArchive::Release::Label "pbuilder";
APT::FTPArchive::Release::Architectures "$ARCH source";
APT::FTPArchive::Release::Description "Automatic Repository for pbuilder.";
EOF
fi
# PBuilder create will fail if apt errors out trying to download a non-existent
# packages file. It should always exist, so create it here if it doesn't.
if [ ! -e "$PBUILDER_REPO/$NAME/Packages" ]; then
touch "$PBUILDER_REPO/$NAME/Packages"
fi
# Make sure the chroot knows where files for the local repo will go.
if [ -e "$BUILDRESULT/.local_repository_location" ] ; then
rm "$BUILDRESULT/.local_repository_location"
fi
touch "$BUILDRESULT/.local_repository_location"
cat << EOF > $BUILDRESULT/.local_repository_location
$PBUILDER_REPO
EOF
# enable eatmydata to speed up pbuilder
if [[ $EXTRAPACKAGES = *eatmydata* ]]; then
EATMYDATA_PATH=$(dpkg -L libeatmydata1 | grep libeatmydata.so$)
if [ -z "$LD_PRELOAD" ]; then
LD_PRELOAD=$EATMYDATA_PATH
else
LD_PRELOAD="$LD_PRELOAD":$EATMYDATA_PATH
fi
fi
export LD_PRELOAD
# Set the detected Deb proxy to the http proxy
export http_proxy=$deb_proxy