Merge branch 'update-ci' into 'master'

Only deploy the package files from the master branch

See merge request !1

.gitignore

+/output/

.gitlab-ci.yml

@@ -2,57 +2,28 @@ stages:
   - build
   - deploy
 
-build-debian-bullseye:
-  cache: {}
+build:
   stage: build
-  image: registry.uninett.no/public/docker-builder
+  parallel:
+    matrix:
+      - IMAGE:
+        - 'debian:buster' # Debian 10 (buster)
+        - 'debian:bullseye' # Debian 11 (bullseye)
+  image: $IMAGE
   artifacts:
     expire_in: 1h
     paths:
-      - build-bullseye
+      - output
   script:
-    - docker build -f Dockerfile-bullseye -t radsecproxy-debbuild-bullseye .
-    - rm -rf build-bullseye
-    - mkdir build-bullseye
-    - docker run -i radsecproxy-debbuild-bullseye | tar x -C build-bullseye/
-    - ls -l build-bullseye/
-
-build-debian-buster:
-  cache: {}
-  stage: build
-  image: registry.uninett.no/public/docker-builder
-  artifacts:
-    expire_in: 1h
-    paths:
-      - build-buster
-  script:
-    - docker build -f Dockerfile-buster -t radsecproxy-debbuild-buster .
-    - rm -rf build-buster
-    - mkdir build-buster
-    - docker run -i radsecproxy-debbuild-buster | tar x -C build-buster/
-    - ls -l build-buster/
+    - ./build.sh
 
 deploy-apt:
   stage: deploy
+  only:
+    - master
   image: debian:bullseye
   artifacts:
     paths:
-      - build-bullseye
-      - build-buster
+      - output
   script:
-    - apt-get update && apt-get install openssh-client -y
-    - (
-        umask 077;
-        mkdir -p ~/.ssh;
-        echo "${SSH_PRIVKEY}" > ~/.ssh/id_rsa;
-        echo "${SSH_APT_HOSTKEY}" > ~/.ssh/known_hosts;
-      )
-    - ssh jenkins@apt.uninett.no
-        mkdir -p
-          /www/apt.uninett.no/htdocs/debian/pool/bullseye/main/binary-amd64/r/radsecproxy
-          /www/apt.uninett.no/htdocs/debian/pool/buster/main/binary-amd64/r/radsecproxy
-    - scp build-bullseye/radsecproxy*.deb
-          jenkins@apt.uninett.no:/www/apt.uninett.no/htdocs/debian/pool/bullseye/main/binary-amd64/r/radsecproxy/
-    - scp build-buster/radsecproxy*.deb
-          jenkins@apt.uninett.no:/www/apt.uninett.no/htdocs/debian/pool/buster/main/binary-amd64/r/radsecproxy/
-    - ssh jenkins@apt.uninett.no /www/apt.uninett.no/bin/mkrepo.debian
+    - ./upload.sh

Dockerfile-bullseye

-FROM debian:bullseye
-RUN apt-get update && apt-get -y upgrade
-RUN apt-get install -y git curl build-essential debhelper dh-autoreconf autotools-dev libssl-dev nettle-dev docbook2x lsb-release
-WORKDIR /root/
-COPY build.sh build.sh
-RUN ./build.sh
-CMD tar c *.deb

Dockerfile-buster

-FROM debian:buster
-RUN apt-get update && apt-get -y upgrade
-RUN apt-get install -y git curl build-essential debhelper dh-autoreconf autotools-dev libssl-dev nettle-dev docbook2x lsb-release
-WORKDIR /root/
-COPY build.sh build.sh
-RUN ./build.sh
-CMD tar c *.deb

README.md

-# Docker for building debian package of Radsecproxy at UNINETT
+# Build Debian packages of Radsecproxy at UNINETT
 
-This docker will generate a .deb package for Radsecproxy.
+This repository will create and upload Debian packages for Radsecproxy to [apt.uninett.no](https://apt.uninett.no/).
 
 ## Usage
 
 Edit **build.sh** and set the desired version number for Radsecproxy.
 
+To build the packages locally, run:
+
 ```
-docker build -f Dockerfile-[stretch|buster] -t radsecproxy-debbuild .
-docker run -i radsecproxy-debbuild | tar x
+docker run --rm -ti -v "$(pwd -P):/work" debian:bullseye /work/build.sh
 ```

build.sh

-#! /bin/sh
+#!/bin/bash
 # set -x
 set -e
 
-chmod 700 .
-whoami
-pwd
-cd /root
-ls -ld .
+# The directory where this script is located.
+script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 
+# Run all tasks in a temporary directory. This avoids filling up the project
+# directory with temporary files when this script is run locally (outside of
+# GitLab CI). It also allows multiple build commands to be run in parallel
+# locally without conflicting with each other.
+work_dir="$(mktemp -d)"
+cd "${work_dir}"
+
+# Ensure that Debian package installations proceed without configuration prompts
+# or warnings about configuration prompts.
+export DEBIAN_FRONTEND=noninteractive
+
+# Install required build dependencies
+apt-get update
+apt-get -y upgrade
+apt-get install -y --no-install-recommends \
+  autotools-dev \
+  build-essential \
+  curl \
+  debhelper \
+  dh-autoreconf \
+  docbook2x \
+  git \
+  libssl-dev \
+  lsb-release \
+  nettle-dev \
+  --
+
+
+# The distro code name (e.g. "buster", "bullseye") we are building the package for.
 lsb_release_name=$(lsb_release -sc)
 
+# Debian package name for the package we build.
 package="radsecproxy"
+
+# Version of the package we build.
 version="1.9.0"
+
+# A revision of our package. We need to bump this if we rebuild the same version
+# of the package at some point.
 revision="2${lsb_release_name}~uninett"
 
-export TZ="Europe/Oslo"
-now=$(date +"%a, %d %b %Y %T %z")
 
-here=$(pwd)
+# Add source repositories. We will need them to download the original source
+# package for radsecproxy.
+sed -n 's@^deb @deb-src @p' /etc/apt/sources.list > /etc/apt/sources.list.d/sources.list
+apt-get update
 
-export DEBIAN_FRONTEND=noninteractive
 
-cat >> /etc/apt/sources.list << EOF
-deb-src http://cdn-fastly.deb.debian.org/debian ${lsb_release_name} main
-deb-src http://cdn-fastly.deb.debian.org/debian ${lsb_release_name}-updates main
-deb-src http://security.debian.org ${lsb_release_name}-security main
-EOF
+# Download the source code for the project.
+radsecproxy_url="https://github.com/radsecproxy/radsecproxy"
+radsecproxy_srcurl="${radsecproxy_url}/releases/download/${version}/radsecproxy-${version}.tar.gz"
+curl --fail --silent -o "${package}"_"${version}".orig.tar.gz -L "${radsecproxy_srcurl}"
 
-if test ${lsb_release_name} != "bullseye"
-  then
-    sed -i "s/${lsb_release_name}-security/${lsb_release_name}\/updates/" /etc/apt/sources.list
-fi
+# Download the Debian source package for project.
+apt-get source "${package}"
 
-apt-get update
+# Extract the project source code, including the Debian source package.
+tar xzf "${package}_${version}".orig.tar.gz
+tar xf "${package}"_*.debian.tar.xz -C "${package}-${version}/"
 
-RADSECPROXY_URL="https://github.com/${package}/${package}"
-RADSECPROXY_SRCURL="${RADSECPROXY_URL}/releases/download/${version}/${package}-${version}.tar.gz"
-curl --silent -o "${package}"_"${version}".orig.tar.gz -L "${RADSECPROXY_SRCURL}"
-tar xzf "${package}"_"${version}".orig.tar.gz
+# Remove any Debian patches for the project.
+rm -r "${package}-${version}/debian/patches"
 
-apt-get source ${package}
-tar xf "${package}"_*.debian.tar.xz -C "${package}"-"${version}/"
+# The man pages were moved to section 8 after Debian Buster was released.
+# TODO: This can be removed once we no longer build the package for Debian Buster.
+if [ "${lsb_release_name}" = 'buster' ]; then
+  sed -i 's/\.1$/.8/'  "${package}-${version}/debian/manpages"
+fi
 
-rm -r "${package}"-"${version}/debian/patches"
-sed -i 's/\.1$/.8/'  "${package}"-"${version}/debian/manpages"
 
-cat > changelog << EOF
+# Build our changelog file. We want to prepend our changelog entry to the
+# existing file.
+changelog_file="${package}-${version}/debian/changelog"
+cat /dev/stdin "${changelog_file}" > "${changelog_file}.new" << EOF
 radsecproxy (${version}-${revision}) unstable; urgency=medium
 
   * New upstream release - ${version}
 
- -- Kolbjørn Barmen <debian@kolla.no>  ${now}
+ -- Kolbjørn Barmen <debian@kolla.no>  $(TZ="Europe/Oslo" date +"%a, %d %b %Y %T %z")
 
 EOF
-cat "${package}-${version}/debian/changelog" >> changelog
-cat changelog > "${package}-${version}/debian/changelog"
+mv "${changelog_file}.new" "${changelog_file}"
+
 
+# Build the package.
 cd "${package}-${version}/"
 dpkg-buildpackage
-cd "${here}"
+
+# Copy the generated Debian packages to the output directory.
+output_dir="${script_dir}/output/${lsb_release_name}"
+mkdir -p "${output_dir}"
+cp -pv "${work_dir}/"*.deb "${output_dir}/"

upload.sh

+#!/bin/bash
+set -e
+set -o pipefail
+
+# Install SSH client
+apt-get update
+apt-get install -y --no-install-recommends openssh-client
+
+# Create SSH configuration
+(
+    umask 077
+    mkdir -p ~/.ssh
+    echo "${SSH_PRIVKEY}" > ~/.ssh/id_rsa
+    echo "${SSH_APT_HOSTKEY}" > ~/.ssh/known_hosts
+)
+
+# Upload the Debian packages
+for distro_dir in ./output/*; do
+    distro="$(basename "${distro_dir}")"
+    target_dir="/www/apt.uninett.no/htdocs/debian/pool/${distro}/main/binary-amd64/r/radsecproxy"
+    echo "Uploading packages for ${distro}"
+    ssh jenkins@apt.uninett.no mkdir -p "${target_dir}"
+    scp "${distro_dir}"/radsecproxy*.deb "jenkins@apt.uninett.no:${target_dir}/"
+done
+
+echo "Updating APT repository metadata"
+ssh jenkins@apt.uninett.no /www/apt.uninett.no/bin/mkrepo.debian