From cccad9261f3a6c46cc1420e2ffd2d79f23bc0e5e Mon Sep 17 00:00:00 2001 From: Holger Paradies Date: Sun, 11 Feb 2024 11:44:38 +0100 Subject: Update and rework debpool features --- auto/functions/debpool-hook | 27 +++++++++++---- config/chroot_debpool/packages | 2 -- config/chroot_local-hooks/XX_debpool | 56 +++++++++++++++++++++---------- config/chroot_local-hooks/xx-sources.list | 7 ++++ config/prepare_debpool/README | 3 ++ config/prepare_debpool/packages | 2 ++ 6 files changed, 70 insertions(+), 27 deletions(-) delete mode 100644 config/chroot_debpool/packages create mode 100644 config/prepare_debpool/README create mode 100644 config/prepare_debpool/packages diff --git a/auto/functions/debpool-hook b/auto/functions/debpool-hook index e56df34..adc0aaa 100644 --- a/auto/functions/debpool-hook +++ b/auto/functions/debpool-hook @@ -2,24 +2,37 @@ current_script="$(basename "$0"|sed 's/^lb_//')" -if [ "$current_script" = "chroot_local-hooks" ]; then - echo "HOOK: debpool@chroot_local-hooks" +if [ "$current_script" = "chroot_hooks" ]; then + echo "HOOK: debpool@chroot_hooks" if [ -e config/chroot_debpool ]; then - mkdir -p chroot/live - cp config/chroot_debpool/* chroot/live/ + mkdir -p chroot/run/live/medium + cp -rf config/chroot_debpool/* chroot/run/live/medium/ fi fi if [ "$current_script" = "binary_rootfs" ]; then echo "HOOK: debpool@binary-rootfs" - for dir in chroot/chroot/live chroot/live + for dir in chroot/chroot/run/live/medium chroot/run/live/medium do [ -d $dir ] || continue rm -rf debpool + echo "DEBUG: $dir" mv $dir debpool mkdir -p binary - mv debpool/image/debian binary/ - rmdir debpool/image + if [ -e debpool/bin ]; then + #mkdir -p binary/bin + mv debpool/bin binary + fi + +echo "DEBUG: debpool" +ls debpool +#ls debpool/image +#ls debpool/image/debian + if [ -e debpool/debian ]; then + mv debpool/debian binary/ + fi + + #rmdir debpool/image [ -e debpool/keep ] || rm -r debpool break done diff --git a/config/chroot_debpool/packages b/config/chroot_debpool/packages deleted file mode 100644 index cb172d2..0000000 --- a/config/chroot_debpool/packages +++ /dev/null @@ -1,2 +0,0 @@ -openssh-server -grub-efi diff --git a/config/chroot_local-hooks/XX_debpool b/config/chroot_local-hooks/XX_debpool index f231f54..44733c8 100755 --- a/config/chroot_local-hooks/XX_debpool +++ b/config/chroot_local-hooks/XX_debpool @@ -1,17 +1,19 @@ #!/bin/bash -[ ! -e /live/packages ] && exit 0 +[ ! -e /run/live/medium/packages ] && exit 0 for file in /root/config/*; do [ -r $file ] && . $file; done -[ -z "$LB_ARCHITECTURE" ] && LB_ARCHITECTURE=amd64 -[ -z "$LB_DISTRIBUTION" ] && LB_DISTRIBUTION=wheezy +echo "$LB_PACKAGE_LISTS" | grep -qw debpool || exit 0 +echo "Starting debpool hook for Architecture $LB_ARCHITECTURE and Distribution $LB_DISTRIBUTION" -binary=/live/image/debian -packages="$(cut -d'#' -f1 /live/packages | grep .)" +#binary=/live/image/debian +binary=/run/live/medium/debian +packages="$(cut -d'#' -f1 /run/live/medium/packages | grep .)" [ -z "$packages" ] && exit 0 rm -rf "$binary" mkdir -p "$binary" mkdir -p /binary.deb/archives/partial +mv /run/live/medium/*.deb /binary.deb/archives apt-get update apt-get --yes -o Dir::Cache=/binary.deb --download-only install $packages @@ -52,8 +54,9 @@ do mv "${FILE}" "$binary"/pool/${SECTION}/"${LETTER}"/"${SOURCE}" done -if [ ! -e /live/live-media-keyring.sec -o ! -e /live/live-media-keyring.pub ]; then - # Generate signing key for live-media repo +mkdir -p /tmp +if [ ! -e /run/live/medium/live-media.asc ]; then + echo "Generate signing key for live-media repo" echo "Key-Type: RSA Key-Length: 1024 Subkey-Type: ELG-E @@ -61,10 +64,20 @@ if [ ! -e /live/live-media-keyring.sec -o ! -e /live/live-media-keyring.pub ]; t Name-Real: live-media packages key Name-Email: live-media-key@invalid Expire-Date: 0 - %secring /live/live-media-keyring.sec - %pubring /live/live-media-keyring.pub - %commit" | gpg --batch --gen-key + %no-protection + %pubring /tmp/pubring.kbx + %commit" | gpg --batch --full-generate-key + + echo "Import generated key" + gpg --no-default-keyring --keyring /tmp/pubring.kbx --export -a | gpg --import +else + echo "Import debpool key" + gpg --import /run/live/medium/live-media.asc + #for fpr in $(gpg --list-keys --with-colons | awk -F: '/fpr:/ {print $10}' | sort -u); do echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key $fpr trust; done fi +echo "Provide public key for use with apt" +#gpg --output /etc/apt/trusted.gpg.d/live-media.asc --armor --export live-media-key@invalid +gpg --output /usr/share/keyrings/live-media.gpg --export live-media-key@invalid cd "$binary" @@ -74,34 +87,41 @@ do SECTION="$(basename ${SECTION})" SECTIONS+="$SECTION " mkdir -p dists/${LB_DISTRIBUTION}/${SECTION}/binary-${LB_ARCHITECTURE} + mkdir -p dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386 apt-ftparchive packages pool/${SECTION} > dists/${LB_DISTRIBUTION}/${SECTION}/binary-${LB_ARCHITECTURE}/Packages + touch dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386/Packages + #apt-ftparchive packages pool/${SECTION} > dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386/Packages apt-ftparchive -o APT::FTPArchive::Release::Origin=live-media \ -o APT::FTPArchive::Release::Suite=stable \ -o APT::FTPArchive::Release::Codename=${LB_DISTRIBUTION} \ release dists/${LB_DISTRIBUTION} > dists/${LB_DISTRIBUTION}/Release gzip -9 -c dists/${LB_DISTRIBUTION}/${SECTION}/binary-${LB_ARCHITECTURE}/Packages > dists/${LB_DISTRIBUTION}/${SECTION}/binary-${LB_ARCHITECTURE}/Packages.gz - # Sign release - gpg --no-default-keyring --secret-keyring /live/live-media-keyring.sec --keyring /live/live-media-keyring.pub -abs -o \ - dists/${LB_DISTRIBUTION}/Release.gpg dists/${LB_DISTRIBUTION}/Release + gzip -9 -c dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386/Packages > dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386/Packages.gz done + # Sign release with default key, we only have one key + gpg -abs -o dists/${LB_DISTRIBUTION}/Release.gpg dists/${LB_DISTRIBUTION}/Release + cd - rm -rf /binary.deb +rm -rf /root/.gnupg # Add sources.list entry to the beginning of the file (above the first entry) if ! grep -q "^deb file:$binary" /etc/apt/sources.list; then line="$(grep -nm1 -B5 '^[[:space:]]*deb' /etc/apt/sources.list | tac | grep -vm1 ... | tr -d -)" ((line++)) +# set to new moutnpoint +#binary=/run/live/medium/debian sed -i "$line{i # Live Media -i deb file:$binary $LB_DISTRIBUTION $SECTIONS +i deb [signed-by=/usr/share/keyrings/live-media.gpg] file:$binary $LB_DISTRIBUTION $SECTIONS x;p;x}" /etc/apt/sources.list fi # Import key -gpg --no-default-keyring --secret-keyring /live/live-media-keyring.sec \ ---keyring /live/live-media-keyring.pub --armor \ ---export "live-media-key@invalid" | apt-key add - +#gpg --no-default-keyring --secret-keyring /live/live-media-keyring.sec \ +#--keyring /live/live-media-keyring.pub --armor \ +#--export "live-media-key@invalid" | apt-key add - -apt-get update +apt-get update # do we need this?, yes check for proper sources.list diff --git a/config/chroot_local-hooks/xx-sources.list b/config/chroot_local-hooks/xx-sources.list index 9ea083f..5d1616e 100755 --- a/config/chroot_local-hooks/xx-sources.list +++ b/config/chroot_local-hooks/xx-sources.list @@ -10,3 +10,10 @@ case "${LB_DISTRIBUTION}" in esac sed -i -e "s#${LB_MIRROR_CHROOT}#http://deb.debian.org/debian#"g /etc/apt/sources.list + +# update apt index debpool +cp -f /etc/apt/sources.list /etc/apt/sources.list.bak +sed -i '/live/!d' /etc/apt/sources.list +apt-get update +cp -f /etc/apt/sources.list.bak /etc/apt/sources.list +rm -f /etc/apt/sources.list.bak diff --git a/config/prepare_debpool/README b/config/prepare_debpool/README new file mode 100644 index 0000000..2730448 --- /dev/null +++ b/config/prepare_debpool/README @@ -0,0 +1,3 @@ +The content will be copied to +config/chroot_debpool +during build. diff --git a/config/prepare_debpool/packages b/config/prepare_debpool/packages new file mode 100644 index 0000000..cb172d2 --- /dev/null +++ b/config/prepare_debpool/packages @@ -0,0 +1,2 @@ +openssh-server +grub-efi -- cgit v1.0