debian-forge/scripts/build-debian-packages.sh

#!/bin/bash
# Debian Forge Package Building Script
# This script creates the debian directory structure and builds packages

set -e

echo "Building Debian packages..."

# Get build information for versioning
BUILD_NUMBER="${FORGEJO_RUN_NUMBER:-${GITEA_RUN_NUMBER:-$(date +%Y%m%d%H%M%S)}}"
COMMIT_HASH=$(git rev-parse HEAD 2>/dev/null || echo "unknown")
SHORT_COMMIT=$(echo "$COMMIT_HASH" | cut -c1-10)

# Extract version from setup.py or setup.cfg
extract_version() {
    local version=""

    # Try setup.cfg first
    if [ -f "setup.cfg" ]; then
        version=$(grep "^version" setup.cfg | cut -d'=' -f2 | tr -d ' ')
        [ -n "$version" ] && echo "$version" && return 0
    fi

    # Try setup.py
    if [ -f "setup.py" ]; then
        version=$(grep "version=" setup.py | sed 's/.*version="\([^"]*\)".*/\1/')
        [ -n "$version" ] && echo "$version" && return 0
    fi

    # Try debian/changelog
    if [ -f "debian/changelog" ]; then
        version=$(sed -nE 's/.*\(([^)]+)\).*/\1/p' debian/changelog | head -n1)
        [ -n "$version" ] && echo "$version" && return 0
    fi

    # Ultimate fallback
    echo "0.1.0"
}

PROJECT_VERSION=$(extract_version)
BUILD_VERSION="${PROJECT_VERSION}+build${BUILD_NUMBER}.${SHORT_COMMIT}"

echo "Build Version: $BUILD_VERSION"
echo "Project Version: $PROJECT_VERSION"
echo "Build Number: $BUILD_NUMBER"
echo "Commit Hash: $SHORT_COMMIT"

# Create debian directory structure if it doesn't exist
if [ ! -d "debian" ]; then
    echo "Creating debian directory structure..."
    mkdir -p debian
fi

# Create control file for main package and sub-packages
cat > debian/control << 'EOF'
Source: debian-forge
Section: admin
Priority: optional
Maintainer: Particle OS <packages@particle-os.org>
Build-Depends: debhelper (>= 13), dh-python, python3-all, python3-setuptools
Standards-Version: 4.6.2

Package: debian-forge
Architecture: all
Depends: ${python3:Depends}, ${misc:Depends},
         python3-debian-forge (= ${binary:Version}),
         debian-forge-tools (= ${binary:Version})
Description: Debian-specific fork of osbuild for Debian Atomic systems
 Debian Forge is a 1:1 implementation of osbuild with Debian-specific
 optimizations and support. It provides the core engine for parsing
 build manifests and executing build stages in the correct order.
 .
 This package contains the main debian-forge command (via Python entry point)
 and core functionality.

Package: python3-debian-forge
Architecture: all
Depends: ${python3:Depends}, ${misc:Depends},
         python3-jsonschema, python3-requests, python3-psutil
Description: Python library for debian-forge
 This package contains the Python library that constitutes the core
 of the debian-forge project. It provides the main API and utilities
 for building Debian-based system images.

Package: debian-forge-depsolve-deb
Architecture: all
Depends: ${python3:Depends}, ${misc:Depends},
         python3-debian-forge (= ${binary:Version}),
         libapt-pkg-dev
Description: Dependency solver for Debian packages
 This package provides the "Dependency Solver" stage that integrates
 with apt to resolve package dependencies and create complete lists
 of all DEBs needed for image builds.

Package: debian-forge-ostree
Architecture: all
Depends: ${python3:Depends}, ${misc:Depends},
         python3-debian-forge (= ${binary:Version}),
         ostree
Description: OSTree support for debian-forge
 This package provides stages necessary to interact with OSTree,
 including creating OSTree repositories, committing filesystem trees,
 and configuring images for OSTree deployment.

Package: debian-forge-luks2
Architecture: all
Depends: ${python3:Depends}, ${misc:Depends},
         python3-debian-forge (= ${binary:Version}),
         cryptsetup
Description: LUKS2 encryption support for debian-forge
 This package adds support for creating encrypted disk images using
 the LUKS2 standard, including partitioning, formatting, and setting
 up LUKS2 containers.

Package: debian-forge-lvm2
Architecture: all
Depends: ${python3:Depends}, ${misc:Depends},
         python3-debian-forge (= ${binary:Version}),
         lvm2
Description: LVM2 support for debian-forge
 This package provides support for Logical Volume Management (LVM),
 including stages to create physical volumes, volume groups, and
 logical volumes within disk images.

Package: debian-forge-selinux
Architecture: all
Depends: ${python3:Depends}, ${misc:Depends},
         python3-debian-forge (= ${binary:Version}),
         selinux-policy-default
Description: SELinux support for debian-forge
 This package provides tools and policies to correctly set and manage
 SELinux labels during the build process, ensuring proper security
 context for all files in the resulting image.

Package: debian-forge-apparmor
Architecture: all
Depends: ${python3:Depends}, ${misc:Depends},
         python3-debian-forge (= ${binary:Version}),
         apparmor-utils, apparmor-profiles
Description: AppArmor support for debian-forge
 This package provides tools and profiles to correctly set and manage
 AppArmor security policies during the build process, ensuring proper
 security context for all files in the resulting image.
 AppArmor is the preferred security framework for Debian systems.

Package: debian-forge-tools
Architecture: all
Depends: ${python3:Depends}, ${misc:Depends},
         python3-debian-forge (= ${binary:Version})
Description: Helper tools for debian-forge
 This package contains miscellaneous helper tools and utilities used
 internally by the debian-forge project, packaged separately for
 modularity and optional installation.
EOF

# Create rules file
cat > debian/rules << 'EOF'
#!/usr/bin/make -f

%:
	dh $@ --with python3

override_dh_auto_install:
	dh_auto_install
	# Install main binary (Python entry point)
	# The debian-forge command is created via Python console_scripts entry point
	# No need to manually copy binary - dh_python3 handles this

	# Install Python package
	mkdir -p debian/python3-debian-forge/usr/lib/python3/dist-packages
	cp -r osbuild debian/python3-debian-forge/usr/lib/python3/dist-packages/

	# Install sub-package specific files
	# OSTree stages
	mkdir -p debian/debian-forge-ostree/usr/lib/python3/dist-packages/osbuild/stages
	cp stages/org.osbuild.ostree.* debian/debian-forge-ostree/usr/lib/python3/dist-packages/osbuild/stages/ 2>/dev/null || true

	# LUKS2 stages
	mkdir -p debian/debian-forge-luks2/usr/lib/python3/dist-packages/osbuild/stages
	cp stages/org.osbuild.luks2.* debian/debian-forge-luks2/usr/lib/python3/dist-packages/osbuild/stages/ 2>/dev/null || true

	# LVM2 stages
	mkdir -p debian/debian-forge-lvm2/usr/lib/python3/dist-packages/osbuild/stages
	cp stages/org.osbuild.lvm2.* debian/debian-forge-lvm2/usr/lib/python3/dist-packages/osbuild/stages/ 2>/dev/null || true

	# SELinux stages
	mkdir -p debian/debian-forge-selinux/usr/lib/python3/dist-packages/osbuild/stages
	cp stages/org.osbuild.selinux.* debian/debian-forge-selinux/usr/lib/python3/dist-packages/osbuild/stages/ 2>/dev/null || true

	# AppArmor stages
	mkdir -p debian/debian-forge-apparmor/usr/lib/python3/dist-packages/osbuild/stages
	cp stages/org.osbuild.apparmor.* debian/debian-forge-apparmor/usr/lib/python3/dist-packages/osbuild/stages/ 2>/dev/null || true

	# Dependency solver
	mkdir -p debian/debian-forge-depsolve-deb/usr/lib/python3/dist-packages/osbuild/stages
	cp stages/org.osbuild.apt.* debian/debian-forge-depsolve-deb/usr/lib/python3/dist-packages/osbuild/stages/ 2>/dev/null || true

	# Tools
	mkdir -p debian/debian-forge-tools/usr/bin
	cp tools/* debian/debian-forge-tools/usr/bin/ 2>/dev/null || true
	chmod +x debian/debian-forge-tools/usr/bin/* 2>/dev/null || true

override_dh_auto_test:
	# Skip tests during package build
	true
EOF

chmod +x debian/rules

# Create changelog
cat > debian/changelog << EOF
debian-forge ($BUILD_VERSION) unstable; urgency=medium

  * CI Build #$BUILD_NUMBER from commit $COMMIT_HASH
  * Automated build with comprehensive sub-package support
  * Includes: core, ostree, luks2, lvm2, selinux, apparmor, depsolve-deb, and tools packages

 -- CI Bot <ci@particle-os.org>  $(date -R)
EOF

# Create compat file
echo "13" > debian/compat

# Create copyright file
cat > debian/copyright << 'EOF'
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: debian-forge
Source: https://git.raines.xyz/particle-os/debian-forge

Files: *
Copyright: 2024 Particle OS <packages@particle-os.org>
License: Apache-2.0
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 .
     http://www.apache.org/licenses/LICENSE-2.0
 .
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.

Files: osbuild/*
Copyright: 2024 Red Hat, Inc.
License: Apache-2.0
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 .
     http://www.apache.org/licenses/LICENSE-2.0
 .
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
EOF

# Build packages
echo "Building Debian packages..."
dpkg-buildpackage -b -us -uc

# Check if packages were created
if ls ../*.deb >/dev/null 2>&1; then
    echo "✅ Debian packages created successfully"
    ls -la ../*.deb

    # Copy packages to current directory
    cp ../*.deb .
    echo "✅ Packages copied to current directory"
    ls -la *.deb
else
    echo "❌ No Debian packages found"
    exit 1
fi

echo "✅ Package build completed successfully!"