Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Debian keyring package #8575

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion resources/debian/control.in
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
Package: yarn
Version: $VERSION-1
Recommends: nodejs
Recommends: nodejs, yarn-archive-keyring
Conflicts: nodejs (<< 4.0.0), cmdtest
Section: devel
Priority: optional
Expand Down
11 changes: 11 additions & 0 deletions resources/debian/keyring.control.in
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
Package: $PACKAGE_NAME
Version: $VERSION
Section: misc
Priority: optional
Architecture: all
Installed-Size: $INSTALLED_SIZE
Maintainer: Yarn Developers <yarn@dan.cx>
Homepage: https://yarnpkg.com/
Description: GnuPG keyring for Yarn archives
This package ensures that the signing keys used to verify the integrity of the
package archive are kept updated.
78 changes: 78 additions & 0 deletions scripts/build-deb-keyring.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
#!/usr/bin/env bash

set -ex

# Ensure all the tools we need are available
ensureAvailable() {
command -v "$1" >/dev/null 2>&1 || (echo "You need to install $1" && exit 2)
}
ensureAvailable dpkg-deb
ensureAvailable lintian
ensureAvailable gpg

# If not set, $VERSION will be the current date
: ${VERSION:=$(date +%Y.%m.%d)}
OUTPUT_DIR=artifacts
PACKAGE_NAME=yarn-archive-keyring
DEB_PACKAGE_FILE="${PACKAGE_NAME}_${VERSION}_all.deb"
PACKAGE_TMPDIR="tmp/$PACKAGE_NAME"

if (( ${#@} < 1 )); then
echo "Usage: $0 GPG_KEY_ID" && exit 1
else
GPG_KEY_ID="$1"
fi

mkdir -p $OUTPUT_DIR
# Remove old packages
rm -f $OUTPUT_DIR/*.deb

# Create temporary directory to start building up the package
rm -rf $PACKAGE_TMPDIR
mkdir -p $PACKAGE_TMPDIR/
umask 0022 # Ensure permissions are correct (0755 for dirs, 0644 for files)
PACKAGE_TMPDIR_ABSOLUTE=$(readlink -f $PACKAGE_TMPDIR)

# Create Debian package structure
mkdir -p "${PACKAGE_TMPDIR}/etc/apt/trusted.gpg.d"
mkdir -p "${PACKAGE_TMPDIR}/usr/share/keyrings"
mkdir -p "${PACKAGE_TMPDIR}/usr/share/doc/${PACKAGE_NAME}"
cp \
resources/debian/copyright \
"${PACKAGE_TMPDIR}/usr/share/doc/${PACKAGE_NAME}/copyright"

gpg \
--export \
--output "${PACKAGE_TMPDIR}/etc/apt/trusted.gpg.d/${PACKAGE_NAME}.gpg" \
"$GPG_KEY_ID"
cp \
"${PACKAGE_TMPDIR}/etc/apt/trusted.gpg.d/${PACKAGE_NAME}.gpg" \
"${PACKAGE_TMPDIR}/usr/share/keyrings/${PACKAGE_NAME}.gpg"
# No changelog file at the moment
mkdir -p $PACKAGE_TMPDIR/usr/share/lintian/overrides/
printf "# %s\n%s: %s\n" \
"No changelog file at the moment" \
"${PACKAGE_NAME}" \
"changelog-file-missing-in-native-package" \
> "${PACKAGE_TMPDIR}/usr/share/lintian/overrides/${PACKAGE_NAME}"

# Build up the control files
mkdir -p "${PACKAGE_TMPDIR}/DEBIAN"
echo "/etc/apt/trusted.gpg.d/${PACKAGE_NAME}.gpg" \
> "${PACKAGE_TMPDIR}/DEBIAN/conffiles"

# Replace variables in Debian package control file
INSTALLED_SIZE=`du -sk $PACKAGE_TMPDIR | cut -f 1`
sed \
-e "s/\$VERSION/$VERSION/" \
-e "s/\$INSTALLED_SIZE/$INSTALLED_SIZE/" \
-e "s/\$PACKAGE_NAME/$PACKAGE_NAME/" \
< resources/debian/keyring.control.in \
> $PACKAGE_TMPDIR/DEBIAN/control
fakeroot dpkg-deb -b $PACKAGE_TMPDIR $DEB_PACKAGE_FILE
mv $DEB_PACKAGE_FILE $OUTPUT_DIR

rm -rf $PACKAGE_TMPDIR

# Lint the Debian package to ensure we're not doing something silly
lintian $OUTPUT_DIR/$DEB_PACKAGE_FILE