Skip to content

Commit

Permalink
ubuntu focal build created
Browse files Browse the repository at this point in the history
  • Loading branch information
wsmirnow committed Feb 28, 2024
1 parent ddd438a commit 6d98617
Show file tree
Hide file tree
Showing 6 changed files with 256 additions and 0 deletions.
49 changes: 49 additions & 0 deletions .github/workflows/ubuntu-focal-build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Build Shibboleth Nginx Module for Ubuntu Focal

on:
push:
branches:
- main
paths:
- scripts/ubuntu/focal/*
- .github/workflows/ubuntu-focal-build.yml
schedule:
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
force_rebuild_shibboleth_modules:
description: 'Force rebuild Nginx Shibboleth modules'
required: false
default: false
type: boolean

jobs:
ubuntu-focal-docker-build:
name: Build packages for Ubuntu Focal
runs-on: ubuntu-latest
steps:
- name: Checkout git repo
uses: actions/checkout@v3
with:
lfs: true
sparse-checkout: |
repo/ubuntu/focal
scripts/ubuntu/focal
ssh-key: ${{ secrets.DEPLOY_SSH_KEY }}

- name: Build Shibboleth Nginx modules for Ubuntu Focal
run: >
docker run --rm
-v ${{ github.workspace }}/repo/ubuntu/focal:/repo
-v ${{ github.workspace }}/scripts/ubuntu/focal:/scripts:ro
-e FORCE_REBUILD_SHIBBOLETH_MODULES=$FORCE_REBUILD_SHIBBOLETH_MODULES
ubuntu:focal
/bin/bash /scripts/cron-build-shib-nginx-mod.sh
env:
FORCE_REBUILD_SHIBBOLETH_MODULES: ${{ inputs.force_rebuild_shibboleth_modules }}

- name: Commit build package
run: |
git config --global user.name 'GitHub build bot'
git config --global user.email '[email protected]'
(git add repo/ubuntu/focal/pool/multiverse/*.deb && git commit -m "[automated] Ubuntu Focal package added" && git push) || echo "No new packages found, skip updating."
48 changes: 48 additions & 0 deletions .github/workflows/ubuntu-focal-update-repo.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
name: Udpate Ubuntu Focal repo

on:
push:
branches:
- main
paths:
- repo/ubuntu/focal/pool/multiverse/*.deb
- .github/workflows/ubuntu-focal-update-repo.yml
workflow_dispatch:
inputs:
force_recreate_repo:
description: 'Force recreate Ubuntu repository'
required: false
type: boolean
default: false

jobs:
ubuntu-focal-update-repo:
runs-on: ubuntu-latest
steps:
- name: Checkout git repo
uses: actions/checkout@v3
with:
lfs: true
sparse-checkout: |
repo/ubuntu/focal
scripts/ubuntu/focal
ssh-key: ${{ secrets.DEPLOY_SSH_KEY }}

- name: Update Ubuntu Focal repository
run: >
docker run --rm
-v ${{ github.workspace }}/repo/ubuntu/focal:/repo
-v ${{ github.workspace }}/scripts/ubuntu/focal:/scripts:ro
-e FORCE_RECREATE_REPO=$FORCE_RECREATE_REPO
-e GPG_SIGNING_KEY=$GPG_SIGNING_KEY
ubuntu:focal
/bin/bash /scripts/update-repo.sh
env:
FORCE_RECREATE_REPO: ${{ inputs.force_recreate_repo }}
GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}

- name: Commit Ubuntu Focal repo
run: |
git config --global user.name 'GitHub build bot'
git config --global user.email '[email protected]'
(git add repo/ubuntu/focal/dists/bookworm/Release* && git add repo/ubuntu/focal/dists/bookworm/InRelease && git add repo/ubuntu/focal/dists/bookworm/multiverse/binary-amd64/Packages* && git commit -m "[automated] Ubuntu Focal repo updated" && git push) || echo "No new packages found, skip updating."
Empty file added repo/ubuntu/focal/.gitkeep
Empty file.
82 changes: 82 additions & 0 deletions scripts/ubuntu/focal/build-shib-nginx-mod.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
#!/usr/bin/env sh
_NGINX_MOD_SHIBBOLETH_VERSION="${NGINX_MOD_SHIBBOLETH_VERSION:-2.0.2}"
_PWD="$PWD"

set -e
apt update
DEBIAN_FRONTEND=noninteractive apt install -y tzdata
apt install -y sed
sed -i 's/^#\s*deb-src/deb-src/g' /etc/apt/sources.list
apt update
apt install -y dpkg-dev wget
apt build-dep -y nginx
mkdir /build
cd /build
NGINX_VERSION_FULL="$(apt show nginx | grep Version | sed 's/Version: //')"
NGINX_VERSION="$(echo $NGINX_VERSION_FULL | cut -d- -f1)"
wget https://nginx.org/download/nginx-"$NGINX_VERSION".tar.gz
tar xf "nginx-$NGINX_VERSION.tar.gz"
wget -O - https://github.com/nginx-shib/nginx-http-shibboleth/archive/refs/tags/v"$_NGINX_MOD_SHIBBOLETH_VERSION".tar.gz | tar -xz
NGINX_MOD_SHIBBOLETH_PATH="$(readlink -f nginx-http-shibboleth-$_NGINX_MOD_SHIBBOLETH_VERSION)"
cd nginx-"$NGINX_VERSION"
./configure --add-dynamic-module="$NGINX_MOD_SHIBBOLETH_PATH"
make modules
cd ..
PKG_ROOT="libnginx-mod-http-shibboleth_$NGINX_VERSION.$_NGINX_MOD_SHIBBOLETH_VERSION-1_amd64"
mkdir -p "$PKG_ROOT/usr/lib/nginx/modules" "$PKG_ROOT/usr/share/nginx/modules-available"
install -o root -g root -m 0644 -p nginx-"$NGINX_VERSION"/objs/ngx_http_shibboleth_module.so "$PKG_ROOT/usr/lib/nginx/modules/"
echo "load_module modules/ngx_http_shibboleth_module.so;" > mod-http-shibboleth.conf
install -o root -g root -m 0644 -p mod-http-shibboleth.conf "$PKG_ROOT/usr/share/nginx/modules-available/"
mkdir -p "$PKG_ROOT/usr/share/doc/libnginx-mod-http-shibboleth/"
cat <<-EOF > "$PKG_ROOT/usr/share/doc/libnginx-mod-http-shibboleth/copyright"
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: nginx-http-shibboleth
Upstream-Contact: David Beitey
Luca Bruno
Source: https://github.com/nginx-shib/nginx-http-shibboleth
Files: *
Copyright: 2013-present, David Beitey (davidjb)
2014, Luca Bruno
License: All rights reserved
License: All rights reserved
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
EOF
chmod 0644 "$PKG_ROOT/usr/share/doc/libnginx-mod-http-shibboleth/copyright"
mkdir -p "$PKG_ROOT/DEBIAN"
cat <<EOF > "$PKG_ROOT/DEBIAN/control"
Package: libnginx-mod-http-shibboleth
Version: $NGINX_VERSION.$_NGINX_MOD_SHIBBOLETH_VERSION-1
Maintainer: ELAN e.V. <[email protected]>
Depends: nginx-common (>= $NGINX_VERSION)
Architecture: amd64
Homepage: https://github.com/nginx-shib/nginx-http-shibboleth
Description: Shibboleth auth request module for Nginx
EOF
dpkg --build "$PKG_ROOT"
echo "Build package complete"
#echo "Package metadata:"
#dpkg-deb --info "$PKG_ROOT.deb"
mkdir -p /repo/pool/multiverse
cp -f "$PKG_ROOT.deb" /repo/pool/multiverse/
cd "$_PWD"
23 changes: 23 additions & 0 deletions scripts/ubuntu/focal/cron-build-shib-nginx-mod.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#!/usr/bin/env sh

# If true, shibboleth nginx modules will be rebuild, regardles of aviability of the packages in repository.
_FORCE_REBUILD_SHIBBOLETH_MODULES="${FORCE_REBUILD_SHIBBOLETH_MODULES:-false}"

cat <<EOF > /etc/apt/sources.list.d/nginx-mod-shibboleth.list
deb [allow-insecure=yes] file:///repo/ focal multiverse
EOF
apt update
__NGINX_VERSION="$(apt-cache show nginx | grep Version | sed 's/^Version: //' | cut -d- -f1)"
__NGINX_MOD_SHIBBOLETH_VERSION="$(apt-cache show libnginx-mod-http-shibboleth | grep Version | sed 's/^Version: //')"
case $__NGINX_MOD_SHIBBOLETH_VERSION in
"") __MODULE_EXISTS="false";;
$__NGINX_VERSION*) __MODULE_EXISTS="true";;
*) __MODULE_EXISTS="false";;
esac
if [ "$_FORCE_REBUILD_SHIBBOLETH_MODULES" = "true" ] || [ "$__MODULE_EXISTS" = "false" ]
then
rm -f /etc/apt/sources.list.d/nginx-mod-shibboleth.list
sh /scripts/build-shib-nginx-mod.sh
else
echo "Nginx Shibboleth module is up to date. Skip build."
fi
54 changes: 54 additions & 0 deletions scripts/ubuntu/focal/update-repo.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
#!/usr/bin/env sh

_PWD="$PWD"
set -e
apt update
apt install -y dpkg-dev
mkdir -p /repo/dists/focal/multiverse/binary-amd64
cd /repo/
dpkg-scanpackages --arch amd64 --multiversion pool/ > dists/focal/multiverse/binary-amd64/Packages
gzip -9 > dists/focal/multiverse/binary-amd64/Packages.gz < dists/focal/multiverse/binary-amd64/Packages

hash_files() {
FILES_TO_HASH="$*"
echo MD5Sum:
for FILE_TO_HASH in $FILES_TO_HASH; do
case $FILE_TO_HASH in
Release*);;
*) echo " $(md5sum $FILE_TO_HASH | cut -d' ' -f1) $(wc -c $FILE_TO_HASH)";;
esac
done
echo SHA1:
for FILE_TO_HASH in $FILES_TO_HASH; do
case $FILE_TO_HASH in
Release*);;
*) echo " $(sha1sum $FILE_TO_HASH | cut -d' ' -f1) $(wc -c $FILE_TO_HASH)";;
esac
done
echo SHA256:
for FILE_TO_HASH in $FILES_TO_HASH; do
case $FILE_TO_HASH in
Release*);;
*) echo " $(sha256sum $FILE_TO_HASH | cut -d' ' -f1) $(wc -c $FILE_TO_HASH)";;
esac
done
}

cd dists/focal
cat <<EOF > Release
Origin: Shibboleth Nginx Module Repository
Suite: stable
Codename: focal
Version: 1.0
Architectures: amd64
Components: multiverse
Description: This repository provides a build of Shibboleth auth request module for Nginx.
Date: $(date -Ru)
$(hash_files multiverse/binary-amd64/Packages*)
EOF
# Sign repo
apt install gpg
echo -n "$GPG_SIGNING_KEY" | base64 --decode | gpg --import
cat Release | gpg -abs > Release.gpg
cat Release | gpg -abs --clearsign > InRelease
cd "$_PWD"

0 comments on commit 6d98617

Please sign in to comment.