From 6d98617a3e514ece0b681989c9f1103dd8376f52 Mon Sep 17 00:00:00 2001 From: Waldemar Smirnow Date: Wed, 28 Feb 2024 11:07:48 +0100 Subject: [PATCH] ubuntu focal build created --- .github/workflows/ubuntu-focal-build.yml | 49 +++++++++++ .../workflows/ubuntu-focal-update-repo.yml | 48 +++++++++++ repo/ubuntu/focal/.gitkeep | 0 scripts/ubuntu/focal/build-shib-nginx-mod.sh | 82 +++++++++++++++++++ .../ubuntu/focal/cron-build-shib-nginx-mod.sh | 23 ++++++ scripts/ubuntu/focal/update-repo.sh | 54 ++++++++++++ 6 files changed, 256 insertions(+) create mode 100644 .github/workflows/ubuntu-focal-build.yml create mode 100644 .github/workflows/ubuntu-focal-update-repo.yml create mode 100644 repo/ubuntu/focal/.gitkeep create mode 100644 scripts/ubuntu/focal/build-shib-nginx-mod.sh create mode 100644 scripts/ubuntu/focal/cron-build-shib-nginx-mod.sh create mode 100644 scripts/ubuntu/focal/update-repo.sh diff --git a/.github/workflows/ubuntu-focal-build.yml b/.github/workflows/ubuntu-focal-build.yml new file mode 100644 index 0000000..29f0845 --- /dev/null +++ b/.github/workflows/ubuntu-focal-build.yml @@ -0,0 +1,49 @@ +name: Build Shibboleth Nginx Module for Ubuntu Focal + +on: + push: + branches: + - main + paths: + - scripts/ubuntu/focal/* + - .github/workflows/ubuntu-focal-build.yml + schedule: + - cron: '0 2 * * *' + workflow_dispatch: + inputs: + force_rebuild_shibboleth_modules: + description: 'Force rebuild Nginx Shibboleth modules' + required: false + default: false + type: boolean + +jobs: + ubuntu-focal-docker-build: + name: Build packages for Ubuntu Focal + runs-on: ubuntu-latest + steps: + - name: Checkout git repo + uses: actions/checkout@v3 + with: + lfs: true + sparse-checkout: | + repo/ubuntu/focal + scripts/ubuntu/focal + ssh-key: ${{ secrets.DEPLOY_SSH_KEY }} + + - name: Build Shibboleth Nginx modules for Ubuntu Focal + run: > + docker run --rm + -v ${{ github.workspace }}/repo/ubuntu/focal:/repo + -v ${{ github.workspace }}/scripts/ubuntu/focal:/scripts:ro + -e FORCE_REBUILD_SHIBBOLETH_MODULES=$FORCE_REBUILD_SHIBBOLETH_MODULES + ubuntu:focal + /bin/bash /scripts/cron-build-shib-nginx-mod.sh + env: + FORCE_REBUILD_SHIBBOLETH_MODULES: ${{ inputs.force_rebuild_shibboleth_modules }} + + - name: Commit build package + run: | + git config --global user.name 'GitHub build bot' + git config --global user.email 'buildbot@users.noreply.github.com' + (git add repo/ubuntu/focal/pool/multiverse/*.deb && git commit -m "[automated] Ubuntu Focal package added" && git push) || echo "No new packages found, skip updating." diff --git a/.github/workflows/ubuntu-focal-update-repo.yml b/.github/workflows/ubuntu-focal-update-repo.yml new file mode 100644 index 0000000..fa5ed35 --- /dev/null +++ b/.github/workflows/ubuntu-focal-update-repo.yml @@ -0,0 +1,48 @@ +name: Udpate Ubuntu Focal repo + +on: + push: + branches: + - main + paths: + - repo/ubuntu/focal/pool/multiverse/*.deb + - .github/workflows/ubuntu-focal-update-repo.yml + workflow_dispatch: + inputs: + force_recreate_repo: + description: 'Force recreate Ubuntu repository' + required: false + type: boolean + default: false + +jobs: + ubuntu-focal-update-repo: + runs-on: ubuntu-latest + steps: + - name: Checkout git repo + uses: actions/checkout@v3 + with: + lfs: true + sparse-checkout: | + repo/ubuntu/focal + scripts/ubuntu/focal + ssh-key: ${{ secrets.DEPLOY_SSH_KEY }} + + - name: Update Ubuntu Focal repository + run: > + docker run --rm + -v ${{ github.workspace }}/repo/ubuntu/focal:/repo + -v ${{ github.workspace }}/scripts/ubuntu/focal:/scripts:ro + -e FORCE_RECREATE_REPO=$FORCE_RECREATE_REPO + -e GPG_SIGNING_KEY=$GPG_SIGNING_KEY + ubuntu:focal + /bin/bash /scripts/update-repo.sh + env: + FORCE_RECREATE_REPO: ${{ inputs.force_recreate_repo }} + GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} + + - name: Commit Ubuntu Focal repo + run: | + git config --global user.name 'GitHub build bot' + git config --global user.email 'buildbot@users.noreply.github.com' + (git add repo/ubuntu/focal/dists/bookworm/Release* && git add repo/ubuntu/focal/dists/bookworm/InRelease && git add repo/ubuntu/focal/dists/bookworm/multiverse/binary-amd64/Packages* && git commit -m "[automated] Ubuntu Focal repo updated" && git push) || echo "No new packages found, skip updating." diff --git a/repo/ubuntu/focal/.gitkeep b/repo/ubuntu/focal/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/scripts/ubuntu/focal/build-shib-nginx-mod.sh b/scripts/ubuntu/focal/build-shib-nginx-mod.sh new file mode 100644 index 0000000..7cf8245 --- /dev/null +++ b/scripts/ubuntu/focal/build-shib-nginx-mod.sh @@ -0,0 +1,82 @@ +#!/usr/bin/env sh +_NGINX_MOD_SHIBBOLETH_VERSION="${NGINX_MOD_SHIBBOLETH_VERSION:-2.0.2}" +_PWD="$PWD" + +set -e +apt update +DEBIAN_FRONTEND=noninteractive apt install -y tzdata +apt install -y sed +sed -i 's/^#\s*deb-src/deb-src/g' /etc/apt/sources.list +apt update +apt install -y dpkg-dev wget +apt build-dep -y nginx +mkdir /build +cd /build +NGINX_VERSION_FULL="$(apt show nginx | grep Version | sed 's/Version: //')" +NGINX_VERSION="$(echo $NGINX_VERSION_FULL | cut -d- -f1)" +wget https://nginx.org/download/nginx-"$NGINX_VERSION".tar.gz +tar xf "nginx-$NGINX_VERSION.tar.gz" +wget -O - https://github.com/nginx-shib/nginx-http-shibboleth/archive/refs/tags/v"$_NGINX_MOD_SHIBBOLETH_VERSION".tar.gz | tar -xz +NGINX_MOD_SHIBBOLETH_PATH="$(readlink -f nginx-http-shibboleth-$_NGINX_MOD_SHIBBOLETH_VERSION)" +cd nginx-"$NGINX_VERSION" +./configure --add-dynamic-module="$NGINX_MOD_SHIBBOLETH_PATH" +make modules +cd .. +PKG_ROOT="libnginx-mod-http-shibboleth_$NGINX_VERSION.$_NGINX_MOD_SHIBBOLETH_VERSION-1_amd64" +mkdir -p "$PKG_ROOT/usr/lib/nginx/modules" "$PKG_ROOT/usr/share/nginx/modules-available" +install -o root -g root -m 0644 -p nginx-"$NGINX_VERSION"/objs/ngx_http_shibboleth_module.so "$PKG_ROOT/usr/lib/nginx/modules/" +echo "load_module modules/ngx_http_shibboleth_module.so;" > mod-http-shibboleth.conf +install -o root -g root -m 0644 -p mod-http-shibboleth.conf "$PKG_ROOT/usr/share/nginx/modules-available/" +mkdir -p "$PKG_ROOT/usr/share/doc/libnginx-mod-http-shibboleth/" +cat <<-EOF > "$PKG_ROOT/usr/share/doc/libnginx-mod-http-shibboleth/copyright" +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: nginx-http-shibboleth +Upstream-Contact: David Beitey + Luca Bruno +Source: https://github.com/nginx-shib/nginx-http-shibboleth + +Files: * +Copyright: 2013-present, David Beitey (davidjb) + 2014, Luca Bruno +License: All rights reserved + +License: All rights reserved + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. +EOF +chmod 0644 "$PKG_ROOT/usr/share/doc/libnginx-mod-http-shibboleth/copyright" +mkdir -p "$PKG_ROOT/DEBIAN" +cat < "$PKG_ROOT/DEBIAN/control" +Package: libnginx-mod-http-shibboleth +Version: $NGINX_VERSION.$_NGINX_MOD_SHIBBOLETH_VERSION-1 +Maintainer: ELAN e.V. +Depends: nginx-common (>= $NGINX_VERSION) +Architecture: amd64 +Homepage: https://github.com/nginx-shib/nginx-http-shibboleth +Description: Shibboleth auth request module for Nginx +EOF +dpkg --build "$PKG_ROOT" +echo "Build package complete" +#echo "Package metadata:" +#dpkg-deb --info "$PKG_ROOT.deb" +mkdir -p /repo/pool/multiverse +cp -f "$PKG_ROOT.deb" /repo/pool/multiverse/ +cd "$_PWD" diff --git a/scripts/ubuntu/focal/cron-build-shib-nginx-mod.sh b/scripts/ubuntu/focal/cron-build-shib-nginx-mod.sh new file mode 100644 index 0000000..4f9251d --- /dev/null +++ b/scripts/ubuntu/focal/cron-build-shib-nginx-mod.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env sh + +# If true, shibboleth nginx modules will be rebuild, regardles of aviability of the packages in repository. +_FORCE_REBUILD_SHIBBOLETH_MODULES="${FORCE_REBUILD_SHIBBOLETH_MODULES:-false}" + +cat < /etc/apt/sources.list.d/nginx-mod-shibboleth.list +deb [allow-insecure=yes] file:///repo/ focal multiverse +EOF +apt update +__NGINX_VERSION="$(apt-cache show nginx | grep Version | sed 's/^Version: //' | cut -d- -f1)" +__NGINX_MOD_SHIBBOLETH_VERSION="$(apt-cache show libnginx-mod-http-shibboleth | grep Version | sed 's/^Version: //')" +case $__NGINX_MOD_SHIBBOLETH_VERSION in +"") __MODULE_EXISTS="false";; +$__NGINX_VERSION*) __MODULE_EXISTS="true";; +*) __MODULE_EXISTS="false";; +esac +if [ "$_FORCE_REBUILD_SHIBBOLETH_MODULES" = "true" ] || [ "$__MODULE_EXISTS" = "false" ] +then + rm -f /etc/apt/sources.list.d/nginx-mod-shibboleth.list + sh /scripts/build-shib-nginx-mod.sh +else + echo "Nginx Shibboleth module is up to date. Skip build." +fi \ No newline at end of file diff --git a/scripts/ubuntu/focal/update-repo.sh b/scripts/ubuntu/focal/update-repo.sh new file mode 100644 index 0000000..d96e68d --- /dev/null +++ b/scripts/ubuntu/focal/update-repo.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env sh + +_PWD="$PWD" +set -e +apt update +apt install -y dpkg-dev +mkdir -p /repo/dists/focal/multiverse/binary-amd64 +cd /repo/ +dpkg-scanpackages --arch amd64 --multiversion pool/ > dists/focal/multiverse/binary-amd64/Packages +gzip -9 > dists/focal/multiverse/binary-amd64/Packages.gz < dists/focal/multiverse/binary-amd64/Packages + +hash_files() { + FILES_TO_HASH="$*" + echo MD5Sum: + for FILE_TO_HASH in $FILES_TO_HASH; do + case $FILE_TO_HASH in + Release*);; + *) echo " $(md5sum $FILE_TO_HASH | cut -d' ' -f1) $(wc -c $FILE_TO_HASH)";; + esac + done + echo SHA1: + for FILE_TO_HASH in $FILES_TO_HASH; do + case $FILE_TO_HASH in + Release*);; + *) echo " $(sha1sum $FILE_TO_HASH | cut -d' ' -f1) $(wc -c $FILE_TO_HASH)";; + esac + done + echo SHA256: + for FILE_TO_HASH in $FILES_TO_HASH; do + case $FILE_TO_HASH in + Release*);; + *) echo " $(sha256sum $FILE_TO_HASH | cut -d' ' -f1) $(wc -c $FILE_TO_HASH)";; + esac + done +} + +cd dists/focal +cat < Release +Origin: Shibboleth Nginx Module Repository +Suite: stable +Codename: focal +Version: 1.0 +Architectures: amd64 +Components: multiverse +Description: This repository provides a build of Shibboleth auth request module for Nginx. +Date: $(date -Ru) +$(hash_files multiverse/binary-amd64/Packages*) +EOF +# Sign repo +apt install gpg +echo -n "$GPG_SIGNING_KEY" | base64 --decode | gpg --import +cat Release | gpg -abs > Release.gpg +cat Release | gpg -abs --clearsign > InRelease +cd "$_PWD" \ No newline at end of file