From b9490ab1c52facd9a4962612b06bd25ad1e7668f Mon Sep 17 00:00:00 2001 From: Adrian Dombeck Date: Mon, 16 Feb 2026 16:09:34 +0100 Subject: [PATCH] WIP: Add my dev scripts --- scripts/README.md | 11 ++ scripts/build-authd-binaries | 62 +++++++++ scripts/build-authd-deb | 144 ++++++++++++++++++++ scripts/build-broker-binary | 115 ++++++++++++++++ scripts/build-broker-snap | 81 +++++++++++ scripts/create-build-dir | 56 ++++++++ scripts/journal | 38 ++++++ scripts/lrc | 84 ++++++++++++ scripts/pre-push | 82 +++++++++++ scripts/regenerate-cargo-lock-file-on-noble | 46 +++++++ scripts/update-xs-vendored-sources | 53 +++++++ 11 files changed, 772 insertions(+) create mode 100644 scripts/README.md create mode 100755 scripts/build-authd-binaries create mode 100755 scripts/build-authd-deb create mode 100755 scripts/build-broker-binary create mode 100755 scripts/build-broker-snap create mode 100755 scripts/create-build-dir create mode 100755 scripts/journal create mode 100755 scripts/lrc create mode 100755 scripts/pre-push create mode 100755 scripts/regenerate-cargo-lock-file-on-noble create mode 100755 scripts/update-xs-vendored-sources diff --git a/scripts/README.md b/scripts/README.md new file mode 100644 index 0000000000..863aae75f2 --- /dev/null +++ b/scripts/README.md @@ -0,0 +1,11 @@ +# Setup + +To enable the pre-push hook: + +```bash +ln -sf .scripts/pre-push .git/hooks/pre-push +``` + +# Usage + +Check the usage messages of the scripts, they all support `--help` (except the pre-push hook). diff --git a/scripts/build-authd-binaries b/scripts/build-authd-binaries new file mode 100755 index 0000000000..7ea17b789c --- /dev/null +++ b/scripts/build-authd-binaries @@ -0,0 +1,62 @@ +#!/bin/bash + +set -euo pipefail + +usage(){ + cat << EOF +Usage: $0 [--version ] [-h|--help] + +Build the authd binaries. + +Important: Don't trust the PAM module binary built by this script, it behaves +differently from the one built by the deb package. If you encounter any issues +with the PAM module, build and install the deb package instead. + +Options: + --version Version to set in the binary. + -h, --help Show this help message and exit. +EOF +} + +# Parse arguments +while [[ $# -gt 0 ]]; do + case "$1" in + --version) + VERSION="$2" + shift 2 + ;; + -h|--help) + usage + exit 0 + ;; + *) + echo "Unknown option: $1" + exit 1 + ;; + esac +done + +set -x + +if [ -n "${VERSION:=}" ]; then + export GOFLAGS="-ldflags=-X=github.com/canonical/authd/internal/consts.Version=${VERSION} --mod=vendor -buildmode=pie" +fi + +go mod vendor + +go generate -C internal/proto/authd +go generate -C pam/internal/gdm + +go build -v -o authd ./cmd/authd + +go generate -C pam -x -tags pam_debug + +go build -C pam -v . + +if [ -d ./cmd/authctl ]; then + go build -v -o authctl ./cmd/authctl +fi + +# Some protobuf files get updated but the change depends on the locally installed +# version of protoc (I think) so I don't want to commit it +git checkout "*.pb.go" diff --git a/scripts/build-authd-deb b/scripts/build-authd-deb new file mode 100755 index 0000000000..57a095c1de --- /dev/null +++ b/scripts/build-authd-deb @@ -0,0 +1,144 @@ +#!/bin/bash + +set -euo pipefail + +usage(){ + cat << EOF +Usage: $0 [options] + +Build the authd source and binary deb packages. The build is done in a fresh +clone of the repository in a separate build directory, so that files that are +not tracked by git are not included in the package. Uncommitted changes in the +repository are applied to the build directory + +Options: + --build-dir + Directory to use for building the package. Defaults to ../build/. + The build artifacts are created in the parent directory of the build + directory, so in ../build/ by default. + + --no-lintian + Don't run lintian on the source and binary packages. Speeds up the build, + but the resulting package won't be checked for issues. + + --only-source + Only build the source package, don't build the binary package in sbuild. + + --only-binary + Only build the binary package in sbuild, don't build the source package. + Requires that the source package is already built and available in the + parent directory of the build directory. + + --dist + The target distribution to build the package for (default: noble). +EOF +} + +# Parse arguments +while [[ $# -gt 0 ]]; do + case "$1" in + --build-dir) + BUILD_DIR="$2" + shift 2 + ;; + --no-lintian) + NO_LINTIAN=1 + shift + ;; + --only-source) + ONLY_SOURCE=1 + shift + ;; + --only-binary) + ONLY_BINARY=1 + shift + ;; + --dist) + DIST="$2" + shift 2 + ;; + -h|--help) + usage + exit 0 + ;; + *) + echo "Unknown option: $1" + usage + exit 1 + ;; + esac +done + +SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +GIT_ROOT_DIR=$(git rev-parse --show-toplevel) +BUILD_DIR=${BUILD_DIR:-../build/$(basename "${GIT_ROOT_DIR}")} +DIST=${DIST:-"noble"} + +set -x + +if [ -n "${NO_LINTIAN:-}" ]; then + SBUILD_ARGS="--no-run-lintian" +fi + +if ! dpkg --status dh-cargo >/dev/null; then + echo "dh-cargo is not installed, installing it now..." + sudo apt install dh-cargo +fi + +# Create the build directory +"${SCRIPT_DIR}/create-build-dir" --build-dir "${BUILD_DIR}" +cd "${BUILD_DIR}" + +if [ -z "${ONLY_BINARY:-}" ]; then + # Build the source package + env \ + DEB_BUILD_OPTIONS=nocheck \ + debuild \ + --no-lintian \ + -d \ + --prepend-path="${HOME}/.cargo/bin" \ + --prepend-path=/usr/local/bin \ + -S \ + --unsigned-source \ + --unsigned-changes + + if [ -z "${NO_LINTIAN:-}" ]; then + # shellcheck disable=SC2012 # The .dsc file doesn't contain non-alphanumeric characters + DSC_FILE="$(ls -t1 ../*.dsc | head -n1)" + lintian --tag-display-limit 0 \ + --pedantic \ + --fail-on error,warning,info,pedantic \ + "$DSC_FILE" + fi +fi + +if [ -n "${ONLY_SOURCE:-}" ]; then + exit 0 +fi + +CHROOT_TARBALL="$HOME/.cache/sbuild/${DIST}-amd64.tar.zst" +if ! [ -f "$CHROOT_TARBALL" ]; then + # Create the sbuild chroot tarball if it doesn't exist + # shellcheck disable=SC2016 # We don't want the expression in --customize-hook to be expanded + mmdebstrap --variant=buildd --arch=amd64 \ + --components=main,universe \ + --include=software-properties-common \ + --customize-hook='chroot "$1" add-apt-repository -y ppa:ubuntu-enterprise-desktop/golang' \ + "${DIST}" \ + "$CHROOT_TARBALL" +fi + +# Build the amd64 binary package in sbuild +# shellcheck disable=SC2086 # Allow word splitting for SBUILD_ARGS +# shellcheck disable=SC2012 # The .dsc file doesn't contain non-alphanumeric characters +env \ + DEB_BUILD_OPTIONS=nocheck \ + sbuild ${SBUILD_ARGS:-} -A -v \ + --build-dir="$(dirname "$(pwd)")" \ + --build-dep-resolver=aptitude \ + --dist="${DIST}" \ + --chroot-mode=unshare \ + --chroot="source:${CHROOT_TARBALL}" \ + --enable-network \ + --lintian-opts="--pedantic --fail-on error,warning,info,pedantic" \ + "$(ls -t1 ../*.dsc | head -n1)" diff --git a/scripts/build-broker-binary b/scripts/build-broker-binary new file mode 100755 index 0000000000..7903b5da9a --- /dev/null +++ b/scripts/build-broker-binary @@ -0,0 +1,115 @@ +#!/bin/bash + +set -euo pipefail + +usage(){ + cat << EOF +Usage: $0 --broker [options] + +Build the broker binary and place it in the squashfs root directory if it exists. + +This is useful for building the broker binary for the snap without having to +build the entire snap. If the snap was previously extracted into a squashfs root +directory (see build-broker-snap), the squashfs root directory can be installed +via 'sudo snap try '. + +Options: + --broker + The broker to use. Valid values are 'oidc', 'msentraid' and 'google'. + This option is required. + --version + Version to set in the binary. If not set, a version is generated with the + snap/scripts/version script. + --build-dir + Directory containing the squashfs root directory to place the built binary in. + Defaults to ../build. + --skip-libhimmelblau + When building the msentraid broker, by default libhimmelblau is also built + and copied to the squashfs root directory. + This option can be used to skip building libhimmelblau. + -h, --help + Show this help message and exit. +EOF +} + +# Parse arguments +while [[ $# -gt 0 ]]; do + case "$1" in + --version) + VERSION="$2" + shift 2 + ;; + --broker) + BROKER="$2" + shift 2 + ;; + --skip-libhimmelblau) + SKIP_LIBHIMMELBLAU=1 + shift + ;; + -h|--help) + usage + exit 0 + ;; + *) + echo "Unknown option: $1" + exit 1 + ;; + esac +done + +if [ -z "${BROKER:-}" ]; then + echo >&2 "Error: --broker option is required" + usage + exit 1 +fi + +BUILD_DIR=${BUILD_DIR:-"../build"} +SQUASHFS_ROOT_DIR=${SQUASHFS_ROOT_DIR:-"${BUILD_DIR}/authd-${BROKER}-squashfs-root"} + +set -x + +if [ -z "${VERSION:-}" ]; then + # Build the semver tool + go -C authd-oidc-brokers/tools build -o semver ./semver + # Get the version + VERSION=$(SEMVER=authd-oidc-brokers/tools/semver/semver ./snap/scripts/version) +fi + +go mod vendor + +./snap/scripts/prepare-variant --broker "${BROKER}" + +if [ "${BROKER:-}" = "msentraid" ] && [ -z "${SKIP_LIBHIMMELBLAU:-}" ]; then + if ! command -v rustup &> /dev/null; then + echo "rustup is required to build libhimmelblau, installing it now..." + sudo apt install rustup + fi + + # Build the libhimmelblau library and header + RELEASE=1 go -C authd-oidc-brokers generate --tags withmsentraid ./internal/providers/msentraid/himmelblau/... +fi + +if [ "${BROKER:-}" != "oidc" ]; then + export GOFLAGS="--tags=with${BROKER}" + args="--tags=with${BROKER}" +fi + +export GOFLAGS="-ldflags=-X=github.com/canonical/authd/authd-oidc-brokers/internal/consts.Version=${VERSION}" + +# shellcheck disable=SC2086 # Allow word splitting for args +go -C authd-oidc-brokers build -v -o "authd-${BROKER}" ${args:-} ./cmd/authd-oidc + +if [ -d "${SQUASHFS_ROOT_DIR}" ]; then + # Move the broker binary to the squashfs root directory + mv "authd-oidc-brokers/authd-${BROKER}" "${SQUASHFS_ROOT_DIR}/bin/" + + if [ "${BROKER:-}" = "msentraid" ] && [ -z "${SKIP_LIBHIMMELBLAU:-}" ]; then + # Copy the libhimmelblau library to the squashfs root directory. + install -D "./authd-oidc-brokers/internal/providers/msentraid/himmelblau/libhimmelblau.so.0" \ + "${SQUASHFS_ROOT_DIR}/lib/libhimmelblau.so.0" + fi +else + set +x + echo >&2 "Squashfs root directory ${SQUASHFS_ROOT_DIR} does not exist" +fi diff --git a/scripts/build-broker-snap b/scripts/build-broker-snap new file mode 100755 index 0000000000..d68e6faec6 --- /dev/null +++ b/scripts/build-broker-snap @@ -0,0 +1,81 @@ +#!/bin/bash + +set -euo pipefail + +usage() { + cat << EOF +Usage: $0 --broker [--build-dir ] [snapcraft options] + +Builds the broker snap and extracts it into a squashfs root directory. +You can install the extracted snap with: + sudo snap try + +This script must be run from the root of the authd repository. + +Options: + --broker + The broker to use. Valid values are 'oidc', 'msentraid' and 'google'. + This option is required. + --build-dir + Directory to place the built snap and the extracted squashfs root directory. + Defaults to ../build. + +All other options are passed to snapcraft. +EOF +} + +# Parse arguments +while [[ $# -gt 0 ]]; do + case "$1" in + --broker) + BROKER="$2" + shift 2 + ;; + --build-dir) + BUILD_DIR="$2" + shift 2 + ;; + -h|--help) + usage + exit 0 + ;; + *) + break + ;; + esac +done + +if [ -z "${BROKER:-}" ]; then + echo >&2 "Error: --broker option is required" + usage + exit 1 +fi + +BUILD_DIR=${BUILD_DIR:-"$(realpath ../build)"} + +set -x + +go mod vendor + +./snap/scripts/prepare-variant --broker "${BROKER}" + +time snapcraft pack "$@" + +# shellcheck disable=SC2012 # The .snap file doesn't contain non-alphanumeric characters +SNAP_FILE=$(ls -t *.snap | head -n1) + +# Move the snap file to the build directory +mkdir -p "${BUILD_DIR}" +mv "${SNAP_FILE}" "${BUILD_DIR}/" +SNAP_FILE="${BUILD_DIR}/$(basename "${SNAP_FILE}")" + +# Use the snap name before the first underscore (drop version/arch) for squashfs root +SNAP_BASENAME=$(basename "${SNAP_FILE}" .snap) +SNAP_BASENAME=${SNAP_BASENAME%%_*} +squashfs_root_dir="${BUILD_DIR}/${SNAP_BASENAME}-squashfs-root" + +# Remove any existing directory +rm -rf "${squashfs_root_dir}" + +# Extract the snap file +unsquashfs -dest "${squashfs_root_dir}" "${SNAP_FILE}" diff --git a/scripts/create-build-dir b/scripts/create-build-dir new file mode 100755 index 0000000000..a85de1e3e5 --- /dev/null +++ b/scripts/create-build-dir @@ -0,0 +1,56 @@ +#!/bin/bash + +set -euo pipefail + +usage() { + cat << EOF +Usage: $0 [--build-dir ] + +Clone the current git repository to a directory and apply uncommitted changes. +This is useful for building the package in a clean environment without files that +are not tracked by git, while still including uncommitted changes in the build. + +Options: + -d, --build-dir Path to the build directory (default: ../build/) + -h, --help Show this help message +EOF +} + +# Parse arguments +while [[ $# -gt 0 ]]; do + case "$1" in + -d|--build-dir) + BUILD_DIR="$2" + shift 2 + ;; + -h|--help) + usage + exit 0 + ;; + *) + echo "Unknown option: $1" + usage + exit 1 + ;; + esac +done + +GIT_ROOT_DIR=$(git rev-parse --show-toplevel) +BUILD_DIR=${BUILD_DIR:-../build/$(basename "${GIT_ROOT_DIR}")} + +set -x + +# Export uncommitted changes from main repo +git diff > /tmp/uncommitted.patch +git diff --staged >> /tmp/uncommitted.patch + +# Clone the directory +rm -rf "${BUILD_DIR}" +mkdir -p "$(dirname "${BUILD_DIR}")" +git clone "${GIT_ROOT_DIR}" "${BUILD_DIR}" +cd "${BUILD_DIR}" + +# Apply uncommitted changes from the main repo +if [ -s /tmp/uncommitted.patch ]; then + git apply /tmp/uncommitted.patch +fi diff --git a/scripts/journal b/scripts/journal new file mode 100755 index 0000000000..4e618c3e49 --- /dev/null +++ b/scripts/journal @@ -0,0 +1,38 @@ +#!/bin/bash + +set -euo pipefail + +usage(){ + cat << EOF +Usage: $0 [journalctl options] + +Show the logs for authd and authd broker snaps. All options are passed to journalctl. +EOF +} + +while [[ $# -gt 0 ]]; do + case "$1" in + -h|--help) + usage + exit 0 + ;; + *) + break + ;; + esac +done + +journalctl \ + _SYSTEMD_UNIT=authd.service \+ \ + UNIT=authd.service \+ \ + _SYSTEMD_UNIT=snap.authd-msentraid.authd-msentraid.service \+ \ + UNIT=snap.authd-msentraid.authd-msentraid.service \+ \ + SYSLOG_IDENTIFIER=authd-msentraid \+ \ + _SYSTEMD_UNIT=snap.authd-google.authd-google.service \+ \ + UNIT=snap.authd-google.authd-google.service \+ \ + SYSLOG_IDENTIFIER=authd-google \+ \ + _SYSTEMD_UNIT=snap.authd-oidc.authd-oidc.service \+ \ + UNIT=snap.authd-oidc.authd-oidc.service \+ \ + SYSLOG_IDENTIFIER=authd-oidc \+ \ + _COMM=authd-pam \ + "$@" diff --git a/scripts/lrc b/scripts/lrc new file mode 100755 index 0000000000..286a9491ef --- /dev/null +++ b/scripts/lrc @@ -0,0 +1,84 @@ +#!/bin/bash + +set -euo pipefail + +usage(){ + cat << EOF +Usage: $0 [options] + +Build the authd source deb, extract it and run licenserecon on it. + +Options: + --build-dir + Directory to use for building the package and extracting the source package. + Defaults to ../build/authd. + + --skip-build + Skip building the source package and just run lrc on the existing source + package in the build directory. + + --no-lintian + Don't run lintian when building the source package. + Ignored if --skip-build is used. + + --dist + The target distribution to build the package for (default: noble). + Ignored if --skip-build is used. +EOF +} + +# Parse arguments +while [[ $# -gt 0 ]]; do + case "$1" in + --build-dir) + BUILD_DIR="$2" + shift 2 + ;; + --skip-build) + SKIP_BUILD=1 + shift + ;; + --no-lintian) + NO_LINTIAN=1 + shift + ;; + --dist) + DIST="$2" + shift 2 + ;; + -h|--help) + usage + exit 0 + ;; + *) + echo "Unknown option: $1" + usage + exit 1 + ;; + esac +done + +SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +BUILD_DIR=${BUILD_DIR:-"../build/authd/"} +DIST=${DIST:-"noble"} + +set -x + +if [ -z "${SKIP_BUILD:-}" ]; then + # Build the source package + "${SCRIPT_DIR}/build-authd-deb" \ + --build-dir "${BUILD_DIR}" \ + ${NO_LINTIAN:+--no-lintian} \ + --only-source \ + --dist "${DIST}" +fi + +# Extract the source package +# shellcheck disable=SC2012 +tarball=$(ls -t1 "$(dirname "${BUILD_DIR}")"/authd_*.tar* | head -n1) +rm -rf "${BUILD_DIR}" +tar xf "${tarball}" -C "$(dirname "${BUILD_DIR}")" + +# Run lrc on the extracted source package +cd "$(dirname "${BUILD_DIR}")/authd" +lrc diff --git a/scripts/pre-push b/scripts/pre-push new file mode 100755 index 0000000000..0815160ee2 --- /dev/null +++ b/scripts/pre-push @@ -0,0 +1,82 @@ +#!/bin/bash + +set -euo pipefail +set -x + +zero=$(git hash-object --stdin /dev/null 2>&1; then + if ! cargo help fmt >/dev/null 2>&1; then + set +x + echo >&2 "pre-push: Warning: The installed cargo version does not support \`cargo fmt\`" + set -x + elif ! cargo fmt --check; then + set +x + echo >&2 "pre-push: Error: cargo fmt failed" + FAILED=1 + fi +fi + +install_golangci_lint() { + local version + version=$(go mod edit -json "tools/go.mod" | \ + jq -r '.Require[] | select(.Path | test("golangci-lint")) | .Version') + go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@"$version" +} + +if ! golangci-lint run; then + set +x + echo >&2 "pre-push: Error: golangci-lint failed" + FAILED=1 +fi + +while read local_ref local_oid remote_ref remote_oid; do + if [ "$local_oid" = "$zero" ]; then + # Handle delete + : + else + if [ "$remote_oid" = "$zero" ]; then + # New branch, examine all commits + range="$local_oid" + else + # Update to existing branch, examine new commits + range="$remote_oid..$local_oid" + fi + + # Check if the strings "DO-NOT-PUSH" are present in the commits being pushed + if git diff "$range" | grep -e DO-NOT-PUSH | grep -v "mktemp"; then + set +x + echo >&2 "pre-push: Error: Found string DO-NOT-PUSH in $local_ref" + FAILED=1 + fi + + # Check if we can build all the brokers (if there are changes in + # authd-oidc-brokers) + if [ -d ./authd-oidc-brokers/cmd/authd-oidc ] && \ + git diff --name-only "$range" | grep -q '^authd-oidc-brokers/'; then + go -C authd-oidc-brokers build -v -o /dev/null ./cmd/authd-oidc + go -C authd-oidc-brokers build -v -tags=withgoogle -o /dev/null ./cmd/authd-oidc + go -C authd-oidc-brokers build -v -tags=withmsentraid -o /dev/null ./cmd/authd-oidc + fi + + # Check if the golden files containing the registered gRPC services are + # up to date (if there are changes in internal/services) + if [ -d internal/services ] && \ + git diff --name-only "$range" | grep -q '^internal/services/'; then + TESTS_UPDATE_GOLDEN=1 go test -C internal/services -run TestRegisterGRPCServices + # Check if any files were modified + if [ -n "$(git status --porcelain internal/services)" ]; then + set +x + echo >&2 "pre-push: Error: internal/services: golden files were updated, please commit the changes" + FAILED=1 + fi + fi + fi +done + +set +x +if [ -n "${FAILED:-}" ]; then + exit 1 +fi diff --git a/scripts/regenerate-cargo-lock-file-on-noble b/scripts/regenerate-cargo-lock-file-on-noble new file mode 100755 index 0000000000..875b7a976b --- /dev/null +++ b/scripts/regenerate-cargo-lock-file-on-noble @@ -0,0 +1,46 @@ +#!/bin/bash + +set -euo pipefail + +usage() { + cat << EOF +Usage: $0 + +Regenerate Cargo.lock with cargo from Noble (24.04) and commit the change. It +uses an LXC container to run cargo from Noble. + +This should be run after updating any Rust dependencies. It's needed to keep the +Cargo.lock file compatible with the version of cargo in Noble (the oldest Ubuntu +release we support). +EOF +} + +# Parse arguments +while [[ $# -gt 0 ]]; do + case "$1" in + -h|--help) + usage + exit 0 + ;; + *) + echo "Unknown option: $1" + usage + exit 1 + ;; + esac +done + +if ! sudo lxc info u24 >/dev/null; then + sudo lxc launch ubuntu:24.04 u24 +fi + +sudo lxc config device remove u24 workdir +sudo lxc config device add u24 workdir disk source="$PWD" path=/src + +if ! sudo lxc info u24 | grep -q "Status: RUNNING"; then + sudo lxc start u24 +fi +sudo lxc exec --cwd /src u24 -- sh -c "cargo generate-lockfile" + +git add Cargo.lock +git commit -m "Regenerate Cargo.lock with cargo from noble" Cargo.lock diff --git a/scripts/update-xs-vendored-sources b/scripts/update-xs-vendored-sources new file mode 100755 index 0000000000..733b0e69bb --- /dev/null +++ b/scripts/update-xs-vendored-sources @@ -0,0 +1,53 @@ +#!/bin/bash + +set -euo pipefail + +usage(){ + cat << EOF +Usage: $0 + +Update the XS-Vendored-Sources-Rust field in debian/control and commit the +change if the vendored sources have changed. + +This should be run after updating any Rust dependencies. +EOF +} + +# Parse arguments +while [[ $# -gt 0 ]]; do + case "$1" in + -h|--help) + usage + exit 0 + ;; + *) + echo "Unknown option: $1" + usage + exit 1 + ;; + esac +done + +rm -rf vendor_rust || true +cargo vendor-filterer vendor_rust + +export CARGO_VENDOR_DIR=vendor_rust +VENDORED_SOURCES=$(/usr/share/cargo/bin/dh-cargo-vendored-sources 2>&1) || cmd_status=$? +OUTPUT=$(echo "$VENDORED_SOURCES" | grep ^XS-Vendored-Sources-Rust: || true) +if [ -z "${OUTPUT}" ]; then + if [ "${cmd_status:-0}" -ne 0 ]; then + # dh-cargo-vendored-sources failed because of other reason, so let's fail with it! + echo "dh-cargo-vendored-sources failed:" + echo "${VENDORED_SOURCES}" + exit "${cmd_status}" + fi + + echo "XS-Vendored-Sources-Rust is up to date. No change is needed."; + exit 0 +fi + +echo "XS-Vendored-Sources-Rust is out of date. Updating it now." +sed -i "s/^XS-Vendored-Sources-Rust:.*/$OUTPUT/" debian/control + +git add debian/control +git commit -m "debian/control: Update XS-Vendored-Sources-Rust" debian/control