From cccad9261f3a6c46cc1420e2ffd2d79f23bc0e5e Mon Sep 17 00:00:00 2001
From: Holger Paradies <retabell@gmx.de>
Date: Sun, 11 Feb 2024 11:44:38 +0100
Subject: Update and rework debpool features
---
auto/functions/debpool-hook | 27 +++++++++++----
config/chroot_debpool/packages | 2 --
config/chroot_local-hooks/XX_debpool | 56 +++++++++++++++++++++----------
config/chroot_local-hooks/xx-sources.list | 7 ++++
config/prepare_debpool/README | 3 ++
config/prepare_debpool/packages | 2 ++
6 files changed, 70 insertions(+), 27 deletions(-)
delete mode 100644 config/chroot_debpool/packages
create mode 100644 config/prepare_debpool/README
create mode 100644 config/prepare_debpool/packages
diff --git a/auto/functions/debpool-hook b/auto/functions/debpool-hook
index e56df34..adc0aaa 100644
--- a/auto/functions/debpool-hook
+++ b/auto/functions/debpool-hook
@@ -2,24 +2,37 @@
current_script="$(basename "$0"|sed 's/^lb_//')"
-if [ "$current_script" = "chroot_local-hooks" ]; then
- echo "HOOK: debpool@chroot_local-hooks"
+if [ "$current_script" = "chroot_hooks" ]; then
+ echo "HOOK: debpool@chroot_hooks"
if [ -e config/chroot_debpool ]; then
- mkdir -p chroot/live
- cp config/chroot_debpool/* chroot/live/
+ mkdir -p chroot/run/live/medium
+ cp -rf config/chroot_debpool/* chroot/run/live/medium/
fi
fi
if [ "$current_script" = "binary_rootfs" ]; then
echo "HOOK: debpool@binary-rootfs"
- for dir in chroot/chroot/live chroot/live
+ for dir in chroot/chroot/run/live/medium chroot/run/live/medium
do
[ -d $dir ] || continue
rm -rf debpool
+ echo "DEBUG: $dir"
mv $dir debpool
mkdir -p binary
- mv debpool/image/debian binary/
- rmdir debpool/image
+ if [ -e debpool/bin ]; then
+ #mkdir -p binary/bin
+ mv debpool/bin binary
+ fi
+
+echo "DEBUG: debpool"
+ls debpool
+#ls debpool/image
+#ls debpool/image/debian
+ if [ -e debpool/debian ]; then
+ mv debpool/debian binary/
+ fi
+
+ #rmdir debpool/image
[ -e debpool/keep ] || rm -r debpool
break
done
diff --git a/config/chroot_debpool/packages b/config/chroot_debpool/packages
deleted file mode 100644
index cb172d2..0000000
--- a/config/chroot_debpool/packages
+++ /dev/null
@@ -1,2 +0,0 @@
-openssh-server
-grub-efi
diff --git a/config/chroot_local-hooks/XX_debpool b/config/chroot_local-hooks/XX_debpool
index f231f54..44733c8 100755
--- a/config/chroot_local-hooks/XX_debpool
+++ b/config/chroot_local-hooks/XX_debpool
@@ -1,17 +1,19 @@
#!/bin/bash
-[ ! -e /live/packages ] && exit 0
+[ ! -e /run/live/medium/packages ] && exit 0
for file in /root/config/*; do [ -r $file ] && . $file; done
-[ -z "$LB_ARCHITECTURE" ] && LB_ARCHITECTURE=amd64
-[ -z "$LB_DISTRIBUTION" ] && LB_DISTRIBUTION=wheezy
+echo "$LB_PACKAGE_LISTS" | grep -qw debpool || exit 0
+echo "Starting debpool hook for Architecture $LB_ARCHITECTURE and Distribution $LB_DISTRIBUTION"
-binary=/live/image/debian
-packages="$(cut -d'#' -f1 /live/packages | grep .)"
+#binary=/live/image/debian
+binary=/run/live/medium/debian
+packages="$(cut -d'#' -f1 /run/live/medium/packages | grep .)"
[ -z "$packages" ] && exit 0
rm -rf "$binary"
mkdir -p "$binary"
mkdir -p /binary.deb/archives/partial
+mv /run/live/medium/*.deb /binary.deb/archives
apt-get update
apt-get --yes -o Dir::Cache=/binary.deb --download-only install $packages
@@ -52,8 +54,9 @@ do
mv "${FILE}" "$binary"/pool/${SECTION}/"${LETTER}"/"${SOURCE}"
done
-if [ ! -e /live/live-media-keyring.sec -o ! -e /live/live-media-keyring.pub ]; then
- # Generate signing key for live-media repo
+mkdir -p /tmp
+if [ ! -e /run/live/medium/live-media.asc ]; then
+ echo "Generate signing key for live-media repo"
echo "Key-Type: RSA
Key-Length: 1024
Subkey-Type: ELG-E
@@ -61,10 +64,20 @@ if [ ! -e /live/live-media-keyring.sec -o ! -e /live/live-media-keyring.pub ]; t
Name-Real: live-media packages key
Name-Email: live-media-key@invalid
Expire-Date: 0
- %secring /live/live-media-keyring.sec
- %pubring /live/live-media-keyring.pub
- %commit" | gpg --batch --gen-key
+ %no-protection
+ %pubring /tmp/pubring.kbx
+ %commit" | gpg --batch --full-generate-key
+
+ echo "Import generated key"
+ gpg --no-default-keyring --keyring /tmp/pubring.kbx --export -a | gpg --import
+else
+ echo "Import debpool key"
+ gpg --import /run/live/medium/live-media.asc
+ #for fpr in $(gpg --list-keys --with-colons | awk -F: '/fpr:/ {print $10}' | sort -u); do echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key $fpr trust; done
fi
+echo "Provide public key for use with apt"
+#gpg --output /etc/apt/trusted.gpg.d/live-media.asc --armor --export live-media-key@invalid
+gpg --output /usr/share/keyrings/live-media.gpg --export live-media-key@invalid
cd "$binary"
@@ -74,34 +87,41 @@ do
SECTION="$(basename ${SECTION})"
SECTIONS+="$SECTION "
mkdir -p dists/${LB_DISTRIBUTION}/${SECTION}/binary-${LB_ARCHITECTURE}
+ mkdir -p dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386
apt-ftparchive packages pool/${SECTION} > dists/${LB_DISTRIBUTION}/${SECTION}/binary-${LB_ARCHITECTURE}/Packages
+ touch dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386/Packages
+ #apt-ftparchive packages pool/${SECTION} > dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386/Packages
apt-ftparchive -o APT::FTPArchive::Release::Origin=live-media \
-o APT::FTPArchive::Release::Suite=stable \
-o APT::FTPArchive::Release::Codename=${LB_DISTRIBUTION} \
release dists/${LB_DISTRIBUTION} > dists/${LB_DISTRIBUTION}/Release
gzip -9 -c dists/${LB_DISTRIBUTION}/${SECTION}/binary-${LB_ARCHITECTURE}/Packages > dists/${LB_DISTRIBUTION}/${SECTION}/binary-${LB_ARCHITECTURE}/Packages.gz
- # Sign release
- gpg --no-default-keyring --secret-keyring /live/live-media-keyring.sec --keyring /live/live-media-keyring.pub -abs -o \
- dists/${LB_DISTRIBUTION}/Release.gpg dists/${LB_DISTRIBUTION}/Release
+ gzip -9 -c dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386/Packages > dists/${LB_DISTRIBUTION}/${SECTION}/binary-i386/Packages.gz
done
+ # Sign release with default key, we only have one key
+ gpg -abs -o dists/${LB_DISTRIBUTION}/Release.gpg dists/${LB_DISTRIBUTION}/Release
+
cd -
rm -rf /binary.deb
+rm -rf /root/.gnupg
# Add sources.list entry to the beginning of the file (above the first entry)
if ! grep -q "^deb file:$binary" /etc/apt/sources.list; then
line="$(grep -nm1 -B5 '^[[:space:]]*deb' /etc/apt/sources.list | tac | grep -vm1 ... | tr -d -)"
((line++))
+# set to new moutnpoint
+#binary=/run/live/medium/debian
sed -i "$line{i # Live Media
-i deb file:$binary $LB_DISTRIBUTION $SECTIONS
+i deb [signed-by=/usr/share/keyrings/live-media.gpg] file:$binary $LB_DISTRIBUTION $SECTIONS
x;p;x}" /etc/apt/sources.list
fi
# Import key
-gpg --no-default-keyring --secret-keyring /live/live-media-keyring.sec \
---keyring /live/live-media-keyring.pub --armor \
---export "live-media-key@invalid" | apt-key add -
+#gpg --no-default-keyring --secret-keyring /live/live-media-keyring.sec \
+#--keyring /live/live-media-keyring.pub --armor \
+#--export "live-media-key@invalid" | apt-key add -
-apt-get update
+apt-get update # do we need this?, yes check for proper sources.list
diff --git a/config/chroot_local-hooks/xx-sources.list b/config/chroot_local-hooks/xx-sources.list
index 9ea083f..5d1616e 100755
--- a/config/chroot_local-hooks/xx-sources.list
+++ b/config/chroot_local-hooks/xx-sources.list
@@ -10,3 +10,10 @@ case "${LB_DISTRIBUTION}" in
esac
sed -i -e "s#${LB_MIRROR_CHROOT}#http://deb.debian.org/debian#"g /etc/apt/sources.list
+
+# update apt index debpool
+cp -f /etc/apt/sources.list /etc/apt/sources.list.bak
+sed -i '/live/!d' /etc/apt/sources.list
+apt-get update
+cp -f /etc/apt/sources.list.bak /etc/apt/sources.list
+rm -f /etc/apt/sources.list.bak
diff --git a/config/prepare_debpool/README b/config/prepare_debpool/README
new file mode 100644
index 0000000..2730448
--- /dev/null
+++ b/config/prepare_debpool/README
@@ -0,0 +1,3 @@
+The content will be copied to
+config/chroot_debpool
+during build.
diff --git a/config/prepare_debpool/packages b/config/prepare_debpool/packages
new file mode 100644
index 0000000..cb172d2
--- /dev/null
+++ b/config/prepare_debpool/packages
@@ -0,0 +1,2 @@
+openssh-server
+grub-efi
--
cgit v1.0