File: Dockerfile

package info (click to toggle)
python-securesystemslib 1.2.0-2
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 3,312 kB
  • sloc: python: 5,324; sh: 38; makefile: 5
file content (106 lines) | stat: -rw-r--r-- 3,294 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
# Build secureystemslib for Debian on any host
#
# Release workflow (with example commands)
# ----------------
#
# 1. Checkout "debian" branch and rebase on upstream release tag
#
#        git switch debian && git rebase v0.28.0
#
# 2. Update debian/* files, most notably add new entry to debian/changelog
#
# 3. Build (requires upstream VERSION as argument)
#
#    - Installs dev tools and build dependencies
#    - Configures gpg + dput to upload to mentors
#    - Fetches source dist from GitHub
#    - Builds Debian package
#
#        docker build --build-arg VERSION=0.28.0 -t deb-build .
#
#    HINT: If the build fails, update debian/* files on host and rebuild.
#    This might include downstream patching with `quilt`, which is also
#    available outside of Debian (e.g. via brew on macOS).
#
# 4. Run to sign and upload (requires signing key as argument)
#
#        docker run --rm -it --name deb-build --entrypoint bash \
#             --env GPG_KEY="$(gpg --armor --export-secret-key lukas.puehringer@nyu.edu)" \
#              deb-build
#
# 5. (on container) Import signing key, sign and upload to mentors
#
#        echo "$GPG_KEY" | gpg --import
#        (cd securesystemslib-0.28.0 && debsign -k lukas.puehringer@nyu.edu)
#        dput mentors python-securesystemslib_0.28.0-1_arm64.changes
#
# 6. (optional) Copy package to host, if needed later as build dependency
#
#        docker cp deb-build:/home/build/python3-securesystemslib_0.28.0-1_all.deb .
#
# 7. Commit changed Debian files, push/pr into "debian" branch
#
FROM debian:sid

# Copy debian files
COPY . /tmp/debian

# Install developer tools and build dependencies
RUN apt-get update \
  && apt-get install --no-install-recommends -yV \
    build-essential \
    devscripts \
    debhelper \
    equivs \
    wget \
    lintian \
    dput

RUN mk-build-deps \
    --install \
    --remove \
    --tool 'apt-get --no-install-recommends -yV' /tmp/debian/control

# Create user (some build tests related to permission fail as root)
RUN useradd build --create-home
USER build
WORKDIR /home/build

# Configure GPG
COPY --chown=build:build <<-"EOT" .gnupg/gpg.conf
use-agent
pinentry-mode loopback
EOT

COPY --chown=build:build <<-"EOT" .gnupg/gpg-agent.conf
allow-loopback-pinentry
EOT


# Configure DPUT
COPY --chown=build:build <<-"EOT" .dput.cf
[mentors]
fqdn = mentors.debian.net
incoming = /upload
method = https
allow_unsigned_uploads = 0
progress_indicator = 2
# Allow uploads for UNRELEASED packages
allowed_distributions = .*
EOT

# Grab source dist and sig for VERSION from GitHub and prepare for building
ARG VERSION
RUN wget https://github.com/secure-systems-lab/securesystemslib/releases/download/v${VERSION}/securesystemslib-${VERSION}.tar.gz \
          -O python-securesystemslib_${VERSION}.orig.tar.gz
RUN wget https://github.com/secure-systems-lab/securesystemslib/releases/download/v${VERSION}/securesystemslib-${VERSION}.tar.gz.asc \
          -O python-securesystemslib_${VERSION}.orig.tar.gz.asc
RUN tar xf python-securesystemslib_${VERSION}.orig.tar.gz
RUN cp -r /tmp/debian securesystemslib-${VERSION}

# Build
RUN cd securesystemslib-${VERSION} && debuild \
  --unsigned-source \
  --unsigned-changes \
  --lintian-opts --display-level ">=pedantic" --display-experimental --tag-display-limit 0