diff --git a/configuration/build_config.yaml b/configuration/build_config.yaml index 2c77dd0..6ecaa26 100644 --- a/configuration/build_config.yaml +++ b/configuration/build_config.yaml @@ -7,6 +7,7 @@ Layers: - ../layers/base - ../layers/yocto - ../layers/pbuilder + - ../layers/helper - ../layers/appdev - ../layers/build_tools - ../layers/vscode diff --git a/layers/helper/Dockerfile b/layers/helper/Dockerfile new file mode 100644 index 0000000..d1782b4 --- /dev/null +++ b/layers/helper/Dockerfile @@ -0,0 +1,17 @@ +FROM ubuntu:latest + +ARG CONTAINER_USER="ebcl" + +# "Activate" Python env +ENV VIRTUAL_ENV=/build/venv +ENV PATH="$VIRTUAL_ENV/bin:$PATH" + +USER $CONTAINER_USER +WORKDIR /build + +# copy apt helper scripts +COPY scripts/apt/* /build/bin/ + +# copy gpg helper scripts +COPY scripts/gpg/* /build/bin/ + diff --git a/layers/helper/scripts/apt/gen_app_apt_repo b/layers/helper/scripts/apt/gen_app_apt_repo new file mode 100755 index 0000000..5d19461 --- /dev/null +++ b/layers/helper/scripts/apt/gen_app_apt_repo @@ -0,0 +1,58 @@ +#!/bin/bash + +# Generate the apt repo metadata +cd /build/results/packages + +mkdir -p dists/local/main/{binary-arm64,binary-amd64} + +dpkg-scanpackages -m -a amd64 . /dev/null > dists/local/main/binary-amd64/Packages +dpkg-scanpackages -m -a arm64 . /dev/null > dists/local/main/binary-arm64/Packages +dpkg-scanpackages -m -a amd64 . /dev/null | gzip -9c > dists/local/main/binary-amd64/Packages.gz +dpkg-scanpackages -m -a arm64 . /dev/null | gzip -9c > dists/local/main/binary-arm64/Packages.gz +dpkg-scanpackages -m -a amd64 . /dev/null | xz -9 > dists/local/main/binary-amd64/Packages.xz +dpkg-scanpackages -m -a arm64 . /dev/null | xz -9 > dists/local/main/binary-arm64/Packages.xz + +# generate the release file +cd dists/local + +do_hash() { + HASH_NAME=$1 + HASH_CMD=$2 + echo "${HASH_NAME}:" + for f in $(find -type f -name "Packages*"); do + f=$(echo $f | cut -c3-) # remove ./ prefix + if [ "$f" = "Release" ]; then + continue + fi + echo " $(${HASH_CMD} ${f} | cut -d" " -f1) $(wc -c $f)" + done +} + +cat > Release << EOF +Origin: EBcL workspace local repository +Label: LocalRepo +Suite: local +Codename: local +Version: 1.0 +Architectures: amd64 arm64 +Description: An example software repository +Components: main +Date: $(date -Ru) +EOF + +do_hash "MD5Sum" "md5sum" >> Release +do_hash "SHA1" "sha1sum" >> Release +do_hash "SHA256" "sha256sum" >> Release + +# Generate Release signature +gpg -b --output Release.gpg --armor Release + +# Generate InRelease file +gpg --clearsign -o InRelease Release + +# Export signing key +gpg --export $DEBMAIL > Release.key + +# Update local apt config +sudo cp Release.key /etc/apt/trusted.gpg.d/local.gpg +sudo bash -c "echo 'deb file:/build/results/packages local main' > /etc/apt/sources.list.d/local.list" diff --git a/layers/helper/scripts/apt/serve_packages b/layers/helper/scripts/apt/serve_packages new file mode 100755 index 0000000..2bbf40d --- /dev/null +++ b/layers/helper/scripts/apt/serve_packages @@ -0,0 +1,26 @@ +#!/bin/bash + +if [ -z "$APT_PATH" ]; then + export APT_PATH="/build/results/packages" +fi + +if [ -n "$1" ]; then + APT_PATH=$1 + # complete apt path + if [[ "${APT_PATH}" != "/"* ]]; then + # handle relative path + if [ ! -d "${APT_PATH}" ]; then + # relative path from current folder does not exist + # use relative path in workspace apps folder + APT_PATH="/build/workspace/${APT_PATH}" + else + APT_PATH=$(realpath $APT_PATH) + fi + fi + export APT_PATH=${APT_PATH} +fi + +# serve the apt repo +echo "Now serving the local apt repository from ${APT_PATH}." +echo "Press Strg + C to stop the server." +python3 -m http.server --directory ${APT_PATH} diff --git a/layers/helper/scripts/apt/stop_server b/layers/helper/scripts/apt/stop_server new file mode 100755 index 0000000..a609a2f --- /dev/null +++ b/layers/helper/scripts/apt/stop_server @@ -0,0 +1,8 @@ +#!/bin/bash + +PROC=$(lsof -i :8000 | grep LISTEN) +if [ $? -eq 0 ]; then + echo "Killing process ${PROC}." + PID=$(lsof -i :8000 | grep LISTEN | awk '{print $2}') + kill $PID +fi diff --git a/layers/helper/scripts/gpg/gen_key_script b/layers/helper/scripts/gpg/gen_key_script new file mode 100644 index 0000000..dc5672a --- /dev/null +++ b/layers/helper/scripts/gpg/gen_key_script @@ -0,0 +1,9 @@ +Key-Type: 1 +Key-Length: 4096 +Subkey-Type: 1 +Subkey-Length: 4096 +Name-Real: DEBFULLNAME +Name-Email: DEBEMAIL +Expire-Date: 0 +%no-ask-passphrase +%no-protection diff --git a/layers/helper/scripts/gpg/gen_sign_key b/layers/helper/scripts/gpg/gen_sign_key new file mode 100755 index 0000000..9626f94 --- /dev/null +++ b/layers/helper/scripts/gpg/gen_sign_key @@ -0,0 +1,29 @@ +#!/bin/bash + +# Ensure env is up-to-date +source /workspace/identity/env +GNUPGHOME="/workspace/gpg-keys/.gnupg" +export GNUPGHOME + +# prepare folder if not exists +mkdir -p $GNUPGHOME +chmod -R 700 $GNUPGHOME + +# generate gnupg script +mkdir -p /workspace/gpg-keys +cp /build/bin/gen_key_script /workspace/gpg-keys/ +sed -i "s/DEBFULLNAME/${DEBFULLNAME}/g" /workspace/gpg-keys/gen_key_script +sed -i "s/DEBEMAIL/${DEBEMAIL}/g" /workspace/gpg-keys/gen_key_script + +# test if key already exists +gpg --list-secret-keys $DEBEMAIL +# get appliance name +if [ $? -ne 0 ]; then + gpg --batch --gen-key /workspace/gpg-keys/gen_key_script +fi + +gpg --list-keys +gpg --list-secret-keys + +sudo chown -R ebcl:ebcl $GNUPGHOME +sudo chmod -R 700 $GNUPGHOME