1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/hack/make/release-deb
Derek McGowan 201f804310
Use sha512 when gpg signing builds
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-11-04 09:45:13 -07:00

162 lines
4.9 KiB
Bash
Executable file

#!/bin/bash
set -e
# This script creates the apt repos for the .deb files generated by hack/make/build-deb
#
# The following can then be used as apt sources:
# deb http://apt.dockerproject.org/repo $distro-$release $version
#
# For example:
# deb http://apt.dockerproject.org/repo ubuntu-trusty main
# deb http://apt.dockerproject.org/repo ubuntu-trusty testing
# deb http://apt.dockerproject.org/repo debian-wheezy experimental
# deb http://apt.dockerproject.org/repo debian-jessie main
#
# ... and so on and so forth for the builds created by hack/make/build-deb
: ${DOCKER_RELEASE_DIR:=$DEST}
: ${GPG_KEYID:=releasedocker}
APTDIR=$DOCKER_RELEASE_DIR/apt/repo
# setup the apt repo (if it does not exist)
mkdir -p "$APTDIR/conf" "$APTDIR/db" "$APTDIR/dists"
# supported arches/sections
arches=( amd64 i386 armhf )
# Preserve existing components but don't add any non-existing ones
for component in main testing experimental ; do
exists=$(find "$APTDIR/dists" -mindepth 2 -maxdepth 2 -type d -name "$component" -print -quit)
if [ -n "$exists" ] ; then
components+=( $component )
fi
done
# set the component for the version being released
component="main"
if [[ "$VERSION" == *-rc* ]]; then
component="testing"
fi
if [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
component="experimental"
fi
# Make sure our component is in the list of components
if [[ ! "${components[*]}" =~ $component ]] ; then
components+=( $component )
fi
# create apt-ftparchive file on every run. This is essential to avoid
# using stale versions of the config file that could cause unnecessary
# refreshing of bits for EOL-ed releases.
cat <<-EOF > "$APTDIR/conf/apt-ftparchive.conf"
Dir {
ArchiveDir "${APTDIR}";
CacheDir "${APTDIR}/db";
};
Default {
Packages::Compress ". gzip bzip2";
Sources::Compress ". gzip bzip2";
Contents::Compress ". gzip bzip2";
};
TreeDefault {
BinCacheDB "packages-\$(SECTION)-\$(ARCH).db";
Directory "pool/\$(SECTION)";
Packages "\$(DIST)/\$(SECTION)/binary-\$(ARCH)/Packages";
SrcDirectory "pool/\$(SECTION)";
Sources "\$(DIST)/\$(SECTION)/source/Sources";
Contents "\$(DIST)/\$(SECTION)/Contents-\$(ARCH)";
FileList "$APTDIR/\$(DIST)/\$(SECTION)/filelist";
};
EOF
for dir in bundles/$VERSION/build-deb/*/; do
version="$(basename "$dir")"
suite="${version//debootstrap-}"
cat <<-EOF
Tree "dists/${suite}" {
Sections "${components[*]}";
Architectures "${arches[*]}";
}
EOF
done >> "$APTDIR/conf/apt-ftparchive.conf"
cat <<-EOF > "$APTDIR/conf/docker-engine-release.conf"
APT::FTPArchive::Release::Origin "Docker";
APT::FTPArchive::Release::Components "${components[*]}";
APT::FTPArchive::Release::Label "Docker APT Repository";
APT::FTPArchive::Release::Architectures "${arches[*]}";
EOF
# release the debs
for dir in bundles/$VERSION/build-deb/*/; do
version="$(basename "$dir")"
codename="${version//debootstrap-}"
tempdir="$(mktemp -d /tmp/tmp-docker-release-deb.XXXXXXXX)"
DEBFILE=( "$dir/docker-engine"*.deb )
# add the deb for each component for the distro version into the
# pool (if it is not there already)
mkdir -p "$APTDIR/pool/$component/d/docker-engine/"
for deb in ${DEBFILE[@]}; do
d=$(basename "$deb")
# We do not want to generate a new deb if it has already been
# copied into the APTDIR
if [ ! -f "$APTDIR/pool/$component/d/docker-engine/$d" ]; then
cp "$deb" "$tempdir/"
# if we have a $GPG_PASSPHRASE we may as well
# dpkg-sign before copying the deb into the pool
if [ ! -z "$GPG_PASSPHRASE" ]; then
dpkg-sig -g "--no-tty --digest-algo 'sha512' --passphrase '$GPG_PASSPHRASE'" \
-k "$GPG_KEYID" --sign builder "$tempdir/$d"
fi
mv "$tempdir/$d" "$APTDIR/pool/$component/d/docker-engine/"
fi
done
rm -rf "$tempdir"
# build the right directory structure, needed for apt-ftparchive
for arch in "${arches[@]}"; do
for c in "${components[@]}"; do
mkdir -p "$APTDIR/dists/$codename/$c/binary-$arch"
done
done
# update the filelist for this codename/component
find "$APTDIR/pool/$component" \
-name *~${codename#*-}*.deb > "$APTDIR/dists/$codename/$component/filelist"
done
# run the apt-ftparchive commands so we can have pinning
apt-ftparchive generate "$APTDIR/conf/apt-ftparchive.conf"
for dir in bundles/$VERSION/build-deb/*/; do
version="$(basename "$dir")"
codename="${version//debootstrap-}"
apt-ftparchive \
-c "$APTDIR/conf/docker-engine-release.conf" \
-o "APT::FTPArchive::Release::Codename=$codename" \
-o "APT::FTPArchive::Release::Suite=$codename" \
release \
"$APTDIR/dists/$codename" > "$APTDIR/dists/$codename/Release"
for arch in "${arches[@]}"; do
apt-ftparchive \
-c "$APTDIR/conf/docker-engine-release.conf" \
-o "APT::FTPArchive::Release::Codename=$codename" \
-o "APT::FTPArchive::Release::Suite=$codename" \
-o "APT::FTPArchive::Release::Components=$component" \
-o "APT::FTPArchive::Release::Architecture=$arch" \
release \
"$APTDIR/dists/$codename/$component/binary-$arch" > "$APTDIR/dists/$codename/$component/binary-$arch/Release"
done
done