Since I no longer have Debian on my desktop computer, I had to arrange an environment for building Debian packages. I could use a virtual machine running Debian for that purpose but this would have several disadvantages:
- It would consume unnecessarily much resources.
- I would have to use a nested build environment such as cowbuilder anyway.
- I would have to synchronize between my working directories and the virtual machine.
Since I’m moving to Podman, I created a Podman environment for clean Debian package builds. My Containerfile looks like this:
FROM debian:sid COPY sources.list /etc/apt/ RUN apt-get update && \ apt-get -y dist-upgrade && \ apt-get -y install build-essential sudo && \ apt-get clean RUN adduser --disabled-password --gecos '' build COPY build.sh /
sources.list is a replacement of /etc/apt/sources.list redirecting downloads to the apt proxy I use for all my Debian machines to save bandwidth. build user is used to build the packages (to prevent installing files to e.g. /usr by mistake). sudo is needed to run commands as build user, with an available tty (this is a difference against su) to make gpg password prompt happy.
build.sh is a script that takes a *.dsc file as its argument and performs the build inside the container:
#!/bin/sh -ex dscfile="$1" if [ -z "$dscfile" ] || [ -n "$2" ]; then echo "usage: $0 DSC-FILE" exit 1 fi dscfile=$(basename $dscfile) user=build # Directory to look the provided *.dsc file in: packagedir=/debian/packages # Directory to put the built package to: destdir=/debian/build export DEB_BUILD_OPTIONS='parallel=8' cd /home/$user # Set up signing, the key to be used and pinentry mode to make # password prompt working in the container: cp -a /root/.gnupg . cat >.gnupg/gpg.conf <<EOF default-key ...id-of-the-key... pinentry-mode loopback EOF chown -R build:build .gnupg # Unpack the sources and install build dependencies: sudo -u $user dpkg-source -x $packagedir/$dscfile cd ${dscfile%%_*}-* apt-get -y build-dep . # Build the package: sudo -u $user dpkg-buildpackage --changes-option=-S # Set reasonable owner and group on the host and move the built files # to the destination directory: cd .. chown root:root * mv *.buildinfo *.changes *.deb *.dsc *.tar.* $destdir/
Now the container image can be built:
podman build -t debian-build .
The last thing needed is a script to run the build from the host, in a container named debian-build and with host package and destination directories in $HOME/debian/:
#!/bin/sh podman rm -fi debian-build podman run -it --name debian-build \ -v $HOME/debian:/debian \ -v $HOME/.gnupg:/root/.gnupg \ debian-build /build.sh $*
Leave a Reply