Manage internal DEB repo #34

.github/workflows/install-ubuntu.yml

@@ -12,11 +12,29 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Install deps
-        run: sudo apt-get install -y --no-install-recommends build-essential binutils lintian debhelper dh-make devscripts pandoc rpm rpmlint
+        run: sudo apt-get install -y --no-install-recommends build-essential binutils gpg apt-utils rsync sudo
+      - name: Create gpg keychain for manage-internal-deb-repo
+        run: gpg --batch --passphrase '' --quick-gen-key INTERNAL_TEST_USER default default
+      - name: Create setup dir for manage-internal-deb-repo
+        run: mkdir -p "$HOME/.config";
+      - name: Pre setup manage-internal-deb-repo
+        run: sh -c 'echo "$HOME/.debrepo" > $HOME/.config/.debrepo'
+      - name: Create internal repo dir in root side
+        run: sudo mkdir -p "/opt/internal-repo";
+      - name: Pre setup manage-internal-deb-repo in root side
+        run: sh -c 'echo "/opt/internal-repo" > $HOME/.config/.debrepo-rootdeploy'
+      - name: Install make-deb deps
+        run: sudo apt-get install -y --no-install-recommends lintian debhelper dh-make devscripts pandoc rpm rpmlint
       - name: Prepare app DEB
-        run: ./make-deb.bash 
+        run: ./make-deb.bash
+      - name: Put app DEB to internal repo with manage-internal-deb-repo
+        run: ./src/usr/bin/manage-internal-deb-repo linux-springboot-packager-*.deb
+      - name: Declare internal repo to APT
+        run: sudo echo deb [signed-by=/opt/internal-repo/pubkey.asc arch=all] file:///opt/internal-repo stable main | sudo tee /etc/apt/sources.list.d/internal-deb.list > /dev/null
+      - name: Update APT
+        run: sudo apt-get update
       - name: Install app
-        run: sudo dpkg -i linux-springboot-packager-*.deb
+        run: sudo apt-get install -y --no-install-recommends linux-springboot-packager
       - name: Set up JDK 17
         uses: actions/setup-java@v3
         with:
@@ -31,8 +49,12 @@ jobs:
         run: make-springboot-deb test/demospringboot test/temp
       - name: Run internal make DEB CLI test
         run: make-springboot-deb test/democlispringboot test/temp
+      - name: Publish locally internal DEB CLI test
+        run: manage-internal-deb-repo test/temp/democlispringboot-0.0.1-SNAPSHOT.deb
+      - name: Update APT
+        run: sudo apt-get update
       - name: Install internal DEB CLI test
-        run: sudo dpkg -i test/temp/democlispringboot-0.0.1-SNAPSHOT.deb
+        run: sudo apt-get install -y --no-install-recommends democlispringboot
       - name: Run internal DEB CLI test
         run: democlispringboot A B
       - name: Run internal make RPM test

.github/workflows/publish-release.yml

@@ -46,4 +46,3 @@ jobs:
           -H "Content-Type: text/plain" \
           --data-binary "@${{ env.DEB_FILE }}" \
           ${{ env.UPLOAD_URL }}?name=linux-springboot-packager-${{ env.VERSION }}.deb
-  

.gitignore

@@ -6,6 +6,22 @@ make-springboot-exe.1
 search-winsw.bash.1
 pkgdeb
 
+# bootstrap-deb-repo
+aptftp.conf
+aptgenerate.conf
+packages-all.db
+pubkey.asc
+Release
+Release.gpg
+InRelease
+Contents.gz
+Contents.bz2
+Contents-all.gz
+Contents-all.bz2
+Packages
+Packages.gz
+Packages.bz2
+
 # Maven
 target/
 !**/src/main/**

make-deb.bash

@@ -48,11 +48,10 @@ VERSION="$(git describe --tags || echo "0.SNAPSHOT")";
     echo "Architecture: all"
     echo "Section: devel"
     echo "Priority: optional"
-    echo "Depends: bash (>=5), coreutils (>=8.3), man-db, pandoc, rpmlint, rpm"
-    echo "Recommends: maven"
-    echo "Suggests: nodejs, nsis, default-jdk"
+    echo "Depends: bash (>=5), coreutils (>=8.3), man-db, pandoc, rpmlint, rpm, gpg, apt-utils"
+    echo "Suggests: maven, nodejs, nsis, sudo, rsync"
     echo "Homepage: https://github.com/hdsdi3g/linux-springboot-packager"
-    echo "Description: Create Linux RPM packages and Windows installers"
+    echo "Description: Create Linux RPM/DEB packages and Windows installers"
     echo " for a Spring Boot project."
 } > "$CONTROL_FILE"
 
@@ -75,6 +74,7 @@ mkdir -p "$MAN_DIR"
 pandoc -s -t man -o "$MAN_DIR/make-springboot-rpm.1" "$ROOT/man-make-springboot-rpm.md"
 pandoc -s -t man -o "$MAN_DIR/make-springboot-deb.1" "$ROOT/man-make-springboot-deb.md"
 pandoc -s -t man -o "$MAN_DIR/make-springboot-exe.1" "$ROOT/man-make-springboot-exe.md"
+pandoc -s -t man -o "$MAN_DIR/manage-internal-deb-repo.1" "$ROOT/man-manage-internal-deb-repo.md"
 pandoc -s -t man -o "$MAN_DIR/search-winsw.bash.1" "$ROOT/search-winsw.bash.md"
 
 # PREPARE COPYRIGHT
@@ -110,4 +110,4 @@ lintian --fail-on warning \
     "$PACKAGE_FILE"
 
 echo "";
-echo "Now, you can install this app with sudo dpkg -i $PACKAGE_FILE";
+echo "Now, you can install this app with sudo dpkg -i $PACKAGE_FILE, or publish it via manage-internal-deb-repo";

make-rpm.bash

@@ -55,6 +55,7 @@ pandoc -s -t man -o "$MAN_DIR/make-springboot-rpm.1" "$ROOT/man-make-springboot-
 pandoc -s -t man -o "$MAN_DIR/make-springboot-deb.1" "$ROOT/man-make-springboot-deb.md"
 pandoc -s -t man -o "$MAN_DIR/make-springboot-exe.1" "$ROOT/man-make-springboot-exe.md"
 pandoc -s -t man -o "$MAN_DIR/search-winsw.bash.1" "$ROOT/search-winsw.bash.md"
+pandoc -s -t man -o "$MAN_DIR/manage-internal-deb-repo.1" "$ROOT/man-manage-internal-deb-repo.md"
 
 SPEC_FILE="rpmbuild/SPECS/rpm-centos.spec";
 rpmlint "$SPEC_FILE"

man-manage-internal-deb-repo.md

@@ -0,0 +1,98 @@
+% manage-internal-deb-repo(1) linux-springboot-packager documentation
+% linux-springboot-packager
+
+# NAME
+manage-internal-deb-repo - Create/manage a Debian "internal" repository, and push new deb files to it
+
+# SYNOPSIS
+
+manage-internal-deb-repo *[<NEW_DEB_PACKAGE>]*
+
+# DESCRIPTION
+
+CLI for automate actions with GPG, apt-ftparchive and apt to create a **local** deb/APT repository, signed with your GPG key.
+
+It can optionnaly push it to another directory via sudo and rsync.
+
+It's Debian package agnostic, but only works for architecture "all".
+
+# OPTIONS
+**BY DEFAULT**
+
+Create an empty repository locally (ask on startup a path for it).
+
+Scan new added packages in "./pool" directory and update the repository with these new packages.
+
+**NEW_DEB_PACKAGE**
+
+Add create/update the local repository, if needed, and add it (move) the provided package file.
+
+# SETUP REPO
+
+To add your new repository avaliable from your host **apt** database, update **/etc/apt/sources.list** file or create a new **/etc/apt/sources.list.d/internal-deb.list** file (the name is not important to work) with:
+
+    deb [signed-by=<REPOSITORY_PATH>/pubkey.asc arch=all] file://<REPOSITORY_PATH> stable main
+
+After the first run, the script can help you with a one-line command to do this.
+
+To enable the new setup, just:
+
+    apt-get update
+
+And, as usual:
+
+    apt-get dist-upgrade
+    apt-get install <NEW PACKAGE>
+
+Thanks to the magic of APT, if you push a new version, it will be automatically installed on the next upgrade action.
+
+**BEWARE** 
+
+From a **security** point of view, it's not wise to let a local user be able to propose packages for installation or update for the entire system. If there is an automatic update service on the machine, consider that local user has now **absolute root rights**.
+
+Only root user (or sudoers) should be able to have the right to manage the contents of the repositories. That's why there is a secondary and optional mechanism (rootdeploy/sudo rsync) to push this repository to anther directory, with root rights.
+
+# PREREQUISITES
+
+You must have a functionnal gpg setup, with a default private key. It will be used to sign packages (technically, it sign manifests files). Your public key will be provided to apt to use it.
+
+# FILES
+
+**$HOME/.config/.debrepo**
+
+Default configuration file: just the path to the local repo. Created directly by this script on first start.
+
+**$HOME/.debrepo**
+
+The default local directory. Not created if not needed.
+
+**$HOME/.config/.debrepo-rootdeploy**
+
+The specific rsync target to push the local repo to another directory, with root rights.
+
+If needed, must be created by hand (just a path in a simple text file).
+
+# EXIT CODES
+| Error name                                 | Exit code |
+| ------------------------------------------ | --------- |
+| EXIT_CODE_MISSING_DEPENDENCY_COMMAND       | 1         |
+| EXIT_CODE_MISSING_RSYNC_TARGET_DIR         | 2         |
+
+# BUGS
+Free feel to send issues to https://github.com/hdsdi3g/linux-springboot-packager/issues.
+
+# AUTHORS
+This application was writted by **hdsdi3g**; see on GitHub https://github.com/hdsdi3g/linux-springboot-packager.
+
+# SEE ALSO
+**make-springboot-deb(1)**.
+
+https://unix.stackexchange.com/questions/403485/how-to-generate-the-release-file-on-a-local-package-repository
+
+https://gist.github.com/aarroyoc/1a96b2f8b01fcf34221a
+
+# NOTES
+This document was transformed by *pandoc* from the original markdown documentation file.
+
+# COPYRIGHT
+Copyright (C) hdsdi3g for hd3g.tv 2024, under the **GNU General Public License v3+**

rpmbuild/SPECS/rpm-centos.spec

@@ -28,7 +28,7 @@ Release:             %{getenv:RELEASE}
 BuildArch:           noarch
 Group:               Development/Tools
 Vendor:              hd3g.tv
-Requires:            bash man pandoc xmlstarlet git rpm-build rpmlint
+Requires:            bash man pandoc xmlstarlet git rpm-build rpmlint rsync gpg
 
 %description
 You will need Java, Maven, basename, realpath, and optionnally rpmbuild, rpmlint, npm, makensis.
@@ -39,6 +39,7 @@ Provided by hd3g.tv (https://hd3g.tv), for more information, go to https://githu
 %attr(0755,root,root) %{_bindir}/make-springboot-exe
 %attr(0755,root,root) %{_bindir}/make-springboot-rpm
 %attr(0755,root,root) %{_bindir}/make-springboot-deb
+%attr(0755,root,root) %{_bindir}/manage-internal-deb-repo
 %attr(0755,root,root) %{_bindir}/search-winsw.bash
 %attr(0644, root,root) %{_libdir}/linux-springboot-packager/*
 %doc %attr(0644, root,root) /usr/local/share/man/man1/*

run-tests.bash

@@ -17,6 +17,8 @@
 #    along with this program. If not, see <https://www.gnu.org/licenses/>.
 #
 #    Usage: ./run-tests
+#
+#    manage-internal-deb-repo are not tested here
 
 set -eu
 
@@ -61,7 +63,6 @@ fi
 ################
 # RPM TEST ZONE
 ################
-
 "$PREFIX/usr/bin/make-springboot-rpm" "$TESTROOT/demospringboot" "$TEST_TEMP_DIR"
 
 EXPECTED_TEST_PACKAGE="$TEST_TEMP_DIR/demospringboot-0.0.1-SNAPSHOT.rpm";