Debian builds with Podman

Since I no longer have Debian on my desktop computer, I had to arrange an environment for building Debian packages. I could use a virtual machine running Debian for that purpose but this would have several disadvantages:

  • It would consume unnecessarily much resources.
  • I would have to use a nested build environment such as cowbuilder anyway.
  • I would have to synchronize between my working directories and the virtual machine.

Since I’m moving to Podman, I created a Podman environment for clean Debian package builds. My Containerfile looks like this:

FROM debian:sid
COPY sources.list /etc/apt/
RUN apt-get update && \
    apt-get -y dist-upgrade && \
    apt-get -y install build-essential sudo && \
    apt-get clean
RUN adduser --disabled-password --gecos '' build
COPY build.sh /

sources.list is a replacement of /etc/apt/sources.list redirecting downloads to the apt proxy I use for all my Debian machines to save bandwidth. build user is used to build the packages (to prevent installing files to e.g. /usr by mistake). sudo is needed to run commands as build user, with an available tty (this is a difference against su) to make gpg password prompt happy.

build.sh is a script that takes a *.dsc file as its argument and performs the build inside the container:

#!/bin/sh -ex

dscfile="$1"
if [ -z "$dscfile" ] || [ -n "$2" ]; then
    echo "usage: $0 DSC-FILE"
    exit 1
fi
dscfile=$(basename $dscfile)

user=build
# Directory to look the provided *.dsc file in:
packagedir=/debian/packages
# Directory to put the built package to:
destdir=/debian/build
export DEB_BUILD_OPTIONS='parallel=8'

cd /home/$user
# Set up signing, the key to be used and pinentry mode to make
# password prompt working in the container:
cp -a /root/.gnupg .
cat >.gnupg/gpg.conf <<EOF
default-key ...id-of-the-key...
pinentry-mode loopback
EOF
chown -R build:build .gnupg
# Unpack the sources and install build dependencies:
sudo -u $user dpkg-source -x $packagedir/$dscfile
cd ${dscfile%%_*}-*
apt-get -y build-dep .
# Build the package:
sudo -u $user dpkg-buildpackage --changes-option=-S
# Set reasonable owner and group on the host and move the built files
# to the destination directory:
cd ..
chown root:root *
mv *.buildinfo *.changes *.deb *.dsc *.tar.* $destdir/

Now the container image can be built:

podman build -t debian-build .

The last thing needed is a script to run the build from the host, in a container named debian-build and with host package and destination directories in $HOME/debian/:

#!/bin/sh

podman rm -fi debian-build
podman run -it --name debian-build \
       -v $HOME/debian:/debian \
       -v $HOME/.gnupg:/root/.gnupg \
       debian-build /build.sh $*

Leave a Reply

Your email address will not be published. Required fields are marked *