1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
#!/usr/bin/env bash
set -Eeuo pipefail
suite='bullseye'
timestamp='2023-01-01T00:00:00Z'
expectedEpoch='1672531200'
tempDir="$(mktemp -d)"
trap "rm -rf '$tempDir'" EXIT
rootfs="$tempDir/rootfs"
set -x
# make a new keyring that contains all archive keys so this still works in the future too
# (see also "debian.sh" in the debuerreotype examples, which this is a hyper-simplified version of)
keyring="$tempDir/keyring.gpg"
gpg --batch --no-default-keyring --keyring "$keyring" --import \
/usr/share/keyrings/debian-archive-keyring.gpg \
/usr/share/keyrings/debian-archive-removed-keys.gpg
dpkgArch="$(dpkg --print-architecture)"
do-the-thing() {
local rootfs="$1"; shift
debuerreotype-init --arch="$dpkgArch" --keyring="$keyring" "$rootfs" "$suite" "$timestamp"
[ "$(< "$rootfs/debuerreotype-epoch")" = "$expectedEpoch" ]
debuerreotype-chroot "$rootfs" true
debuerreotype-debian-sources-list "$rootfs" "$suite"
debuerreotype-tar "$rootfs" "$rootfs.tar"
}
do-the-thing "${rootfs}1"
# TODO https://manpages.debian.org/bullseye/manpages/time_namespaces.7.en.html
if [ "$sha256" != "$expectedSha256" ]; then
if [ -z "$expectedSha256" ]; then
(
set +x
echo >&2
echo >&2 "WARNING: no expected SHA256 for '$dpkgArch' known -- please file a bug with this full build output against src:debuerreotype!"
echo >&2
)
exit 0
fi
(
set +x
echo >&2
echo >&2 'ERROR: expected SHA256 does not match actual -- downloading pristine source to compare (via diffoscope)'
echo >&2 " - $expectedCompareUrl"
echo >&2
)
wget -qO "$tempDir/expected.txz" "$expectedCompareUrl"
xz -d < "$tempDir/expected.txz" > "$tempDir/expected.tar"
diffoscope >&2 "$tempDir/expected.tar" "$tempDir/actual.tar"
exit 1
fi
|
