From 0950dfeb028f7ecbd30dc18a41d6f05dc5cb3614 Mon Sep 17 00:00:00 2001 From: Will Ross Date: Mon, 8 Feb 2021 14:02:49 -0500 Subject: [PATCH] Add Debian keyring package Also added a Recommends relationship from the yarn package to the yarn-archive-keyring package. --- resources/debian/control.in | 2 +- resources/debian/keyring.control.in | 11 ++++ scripts/build-deb-keyring.sh | 78 +++++++++++++++++++++++++++++ 3 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 resources/debian/keyring.control.in create mode 100755 scripts/build-deb-keyring.sh diff --git a/resources/debian/control.in b/resources/debian/control.in index 5fe4b6b4da..b4fe816ba5 100644 --- a/resources/debian/control.in +++ b/resources/debian/control.in @@ -1,6 +1,6 @@ Package: yarn Version: $VERSION-1 -Recommends: nodejs +Recommends: nodejs, yarn-archive-keyring Conflicts: nodejs (<< 4.0.0), cmdtest Section: devel Priority: optional diff --git a/resources/debian/keyring.control.in b/resources/debian/keyring.control.in new file mode 100644 index 0000000000..19feca6510 --- /dev/null +++ b/resources/debian/keyring.control.in @@ -0,0 +1,11 @@ +Package: $PACKAGE_NAME +Version: $VERSION +Section: misc +Priority: optional +Architecture: all +Installed-Size: $INSTALLED_SIZE +Maintainer: Yarn Developers +Homepage: https://yarnpkg.com/ +Description: GnuPG keyring for Yarn archives + This package ensures that the signing keys used to verify the integrity of the + package archive are kept updated. diff --git a/scripts/build-deb-keyring.sh b/scripts/build-deb-keyring.sh new file mode 100755 index 0000000000..5c80c4f454 --- /dev/null +++ b/scripts/build-deb-keyring.sh @@ -0,0 +1,78 @@ +#!/usr/bin/env bash + +set -ex + +# Ensure all the tools we need are available +ensureAvailable() { + command -v "$1" >/dev/null 2>&1 || (echo "You need to install $1" && exit 2) +} +ensureAvailable dpkg-deb +ensureAvailable lintian +ensureAvailable gpg + +# If not set, $VERSION will be the current date +: ${VERSION:=$(date +%Y.%m.%d)} +OUTPUT_DIR=artifacts +PACKAGE_NAME=yarn-archive-keyring +DEB_PACKAGE_FILE="${PACKAGE_NAME}_${VERSION}_all.deb" +PACKAGE_TMPDIR="tmp/$PACKAGE_NAME" + +if (( ${#@} < 1 )); then + echo "Usage: $0 GPG_KEY_ID" && exit 1 +else + GPG_KEY_ID="$1" +fi + +mkdir -p $OUTPUT_DIR +# Remove old packages +rm -f $OUTPUT_DIR/*.deb + +# Create temporary directory to start building up the package +rm -rf $PACKAGE_TMPDIR +mkdir -p $PACKAGE_TMPDIR/ +umask 0022 # Ensure permissions are correct (0755 for dirs, 0644 for files) +PACKAGE_TMPDIR_ABSOLUTE=$(readlink -f $PACKAGE_TMPDIR) + +# Create Debian package structure +mkdir -p "${PACKAGE_TMPDIR}/etc/apt/trusted.gpg.d" +mkdir -p "${PACKAGE_TMPDIR}/usr/share/keyrings" +mkdir -p "${PACKAGE_TMPDIR}/usr/share/doc/${PACKAGE_NAME}" +cp \ + resources/debian/copyright \ + "${PACKAGE_TMPDIR}/usr/share/doc/${PACKAGE_NAME}/copyright" + +gpg \ + --export \ + --output "${PACKAGE_TMPDIR}/etc/apt/trusted.gpg.d/${PACKAGE_NAME}.gpg" \ + "$GPG_KEY_ID" +cp \ + "${PACKAGE_TMPDIR}/etc/apt/trusted.gpg.d/${PACKAGE_NAME}.gpg" \ + "${PACKAGE_TMPDIR}/usr/share/keyrings/${PACKAGE_NAME}.gpg" +# No changelog file at the moment +mkdir -p $PACKAGE_TMPDIR/usr/share/lintian/overrides/ +printf "# %s\n%s: %s\n" \ + "No changelog file at the moment" \ + "${PACKAGE_NAME}" \ + "changelog-file-missing-in-native-package" \ + > "${PACKAGE_TMPDIR}/usr/share/lintian/overrides/${PACKAGE_NAME}" + +# Build up the control files +mkdir -p "${PACKAGE_TMPDIR}/DEBIAN" +echo "/etc/apt/trusted.gpg.d/${PACKAGE_NAME}.gpg" \ + > "${PACKAGE_TMPDIR}/DEBIAN/conffiles" + +# Replace variables in Debian package control file +INSTALLED_SIZE=`du -sk $PACKAGE_TMPDIR | cut -f 1` +sed \ + -e "s/\$VERSION/$VERSION/" \ + -e "s/\$INSTALLED_SIZE/$INSTALLED_SIZE/" \ + -e "s/\$PACKAGE_NAME/$PACKAGE_NAME/" \ + < resources/debian/keyring.control.in \ + > $PACKAGE_TMPDIR/DEBIAN/control +fakeroot dpkg-deb -b $PACKAGE_TMPDIR $DEB_PACKAGE_FILE +mv $DEB_PACKAGE_FILE $OUTPUT_DIR + +rm -rf $PACKAGE_TMPDIR + +# Lint the Debian package to ensure we're not doing something silly +lintian $OUTPUT_DIR/$DEB_PACKAGE_FILE