config/chroot_local-hooks/XX_debpool


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

#!/bin/bash
[ ! -e /run/live/medium/packages ] && exit 0

for file in /root/config/*; do [ -r $file ] && . $file; done
echo "$LB_PACKAGE_LISTS" | grep -qw debpool || exit 0
echo "Starting debpool hook for Architecture $LB_ARCHITECTURE and Distribution $LB_DISTRIBUTION"

#binary=/live/image/debian
binary=/run/live/medium/debian
packages="$(cut -d'#' -f1 /run/live/medium/packages | grep .)"
[ -z "$packages" ] && exit 0

rm -rf "$binary"
mkdir -p "$binary"
mkdir -p /binary.deb/archives/partial
mv /run/live/medium/*.deb /binary.deb/archives
apt-get update
apt-get --yes -o Dir::Cache=/binary.deb --download-only install $packages

for FILE in /binary.deb/archives/*.deb
do
	SOURCE="$(dpkg -f ${FILE} Source | awk '{ print $1 }')"
	SECTION="$(dpkg -f ${FILE} Section | awk '{ print $1 }')"

	if [ -z "${SOURCE}" ]
	then
		SOURCE="$(basename ${FILE} | awk -F_ '{ print $1 }')"
	fi

	case "${SOURCE}" in
		lib?*)
			LETTER="$(echo ${SOURCE} | sed 's|\(....\).*|\1|')"
			;;

		*)
			LETTER="$(echo ${SOURCE} | sed 's|\(.\).*|\1|')"
			;;
	esac

	if echo "${SECTION}" | grep -qs contrib
	then
		SECTION="contrib"
	elif echo "${SECTION}" | grep -qs non-free
	then
		SECTION="non-free"
	else
		SECTION="main"
	fi

	# Install directory
	mkdir -p "$binary"/pool/${SECTION}/"${LETTER}"/"${SOURCE}"

	# Move files
	mv "${FILE}" "$binary"/pool/${SECTION}/"${LETTER}"/"${SOURCE}"
done

mkdir -p /tmp
if [ ! -e /run/live/medium/live-media.asc ]; then
	echo "Generate signing key for live-media repo"
	echo "Key-Type: RSA
	      Key-Length: 1024
	      Subkey-Type: ELG-E
	      Subkey-Length: 1024
	      Name-Real: live-media packages key
	      Name-Email: live-media-key@invalid
	      Expire-Date: 0
	      %no-protection
	      %pubring /tmp/pubring.kbx
	      %commit" | gpg --batch --full-generate-key

    echo "Import generated key"
    gpg --no-default-keyring --keyring /tmp/pubring.kbx  --export -a | gpg --import
else
    echo "Import debpool key"
    gpg --import /run/live/medium/live-media.asc
    #for fpr in $(gpg --list-keys --with-colons  | awk -F: '/fpr:/ {print $10}' | sort -u); do  echo -e "5\ny\n" |  gpg --command-fd 0 --expert --edit-key $fpr trust; done
fi
echo "Provide public key for use with apt"
#gpg --output /etc/apt/trusted.gpg.d/live-media.asc --armor --export live-media-key@invalid
gpg --output /usr/share/keyrings/live-media.gpg --export live-media-key@invalid

cd "$binary"

SECTIONS=
for SECTION in pool/*
do
	SECTION="$(basename ${SECTION})"
	SECTIONS+="$SECTION "
	mkdir -p dists/${LB_DISTRIBUTION}/${SECTION}/binary-${LB_ARCHITECTURE}
	mkdir -p dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386
	apt-ftparchive packages pool/${SECTION} > dists/${LB_DISTRIBUTION}/${SECTION}/binary-${LB_ARCHITECTURE}/Packages
	touch dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386/Packages
	#apt-ftparchive packages pool/${SECTION} > dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386/Packages
	apt-ftparchive -o APT::FTPArchive::Release::Origin=live-media \
			-o APT::FTPArchive::Release::Suite=stable \
			-o APT::FTPArchive::Release::Codename=${LB_DISTRIBUTION} \
			release dists/${LB_DISTRIBUTION} > dists/${LB_DISTRIBUTION}/Release
	gzip -9 -c dists/${LB_DISTRIBUTION}/${SECTION}/binary-${LB_ARCHITECTURE}/Packages > dists/${LB_DISTRIBUTION}/${SECTION}/binary-${LB_ARCHITECTURE}/Packages.gz
	gzip -9 -c dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386/Packages > dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386/Packages.gz
done

	# Sign release with default key, we only have one key
	gpg -abs -o dists/${LB_DISTRIBUTION}/Release.gpg dists/${LB_DISTRIBUTION}/Release

cd -

rm -rf /binary.deb
rm -rf /root/.gnupg

# Add sources.list entry to the beginning of the file (above the first entry)
if ! grep -q "^deb file:$binary" /etc/apt/sources.list; then
line="$(grep -nm1 -B5 '^[[:space:]]*deb' /etc/apt/sources.list | tac | grep -vm1 ... | tr -d -)"
((line++))
# set to new moutnpoint
#binary=/run/live/medium/debian
sed -i "$line{i # Live Media
i deb [signed-by=/usr/share/keyrings/live-media.gpg] file:$binary $LB_DISTRIBUTION $SECTIONS
x;p;x}" /etc/apt/sources.list
fi

# Import key
#gpg --no-default-keyring --secret-keyring /live/live-media-keyring.sec \
#--keyring /live/live-media-keyring.pub --armor \
#--export "live-media-key@invalid" | apt-key add -

apt-get update # do we need this?, yes check for proper sources.list