Skip to content

Commit

Permalink
Build ECH package
Browse files Browse the repository at this point in the history
  • Loading branch information
jspricke committed May 2, 2024
1 parent 6e4b7ab commit 520a6e8
Show file tree
Hide file tree
Showing 40 changed files with 5,240 additions and 0 deletions.
81 changes: 81 additions & 0 deletions .github/workflows/packages.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
name: builder

on:
workflow_dispatch:
push:

jobs:
build:
runs-on: ubuntu-22.04
steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: merge upstream
run: |
git remote add upstream https://github.com/curl/curl.git
git fetch upstream
git -c user.name=Github -c user.email=none merge upstream/master
- name: Cache ccache
uses: actions/cache@v3
with:
path: /home/runner/.cache/ccache
key: ccache

- name: Prepare build environment
run: |
sudo add-apt-repository -y ppa:v-launchpad-jochen-sprickerhof-de/sbuild
sudo DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends sbuild mmdebstrap debian-archive-keyring ccache uidmap
mkdir -p "$HOME/.cache/sbuild"
mmdebstrap --variant=buildd --include=apt,ccache,ca-certificates \
--keyring=/usr/share/keyrings/debian-archive-keyring.gpg \
--customize-hook='chroot "$1" update-ccache-symlinks' \
testing "$HOME/.cache/sbuild/testing-amd64.tar"
ccache --zero-stats --max-size=10.0G
chmod a+X "$HOME" "$HOME/.cache"
chmod -R a+rwX "$HOME/.cache/ccache"
cat << "EOF" > "$HOME/.sbuildrc"
$build_environment = { "CCACHE_DIR" => "/build/ccache" };
$path = "/usr/lib/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games";
$build_path = "/build/package/";
$dsc_dir = "package";
$unshare_bind_mounts = [ { directory => "$HOME/.cache/ccache", mountpoint => "/build/ccache" } ];
$verbose = 1;
EOF
mkdir "$HOME/apt_repo"
- name: Run sbuild
run: |
sed -i "1 s/([^)]*)/($(git describe --tags | sed 's/^[^0-9]*//;s/-/./g;s/_/./g')-$(date -u '+%Y%m%d.%H%M%S%N'))/" debian/changelog
sbuild -d testing --chroot-mode=unshare --no-clean-source --no-run-lintian \
--extra-repository="deb [trusted=yes] https://github.com/defo-project/openssl/raw/packages/ ./" \
--dpkg-source-opts="-Zgzip -z1 --format=1.0 -sn" --build-dir="$HOME/apt_repo"
cd "$HOME/apt_repo"
apt-ftparchive packages . > Packages
apt-ftparchive release . > Release
- name: Test packages
run: |
mmdebstrap --chrooted-customize-hook="curl --ech true --doh-url 'https://1.1.1.1/dns-query' 'https://defo.ie/ech-check.php' | grep 'SSL_ECH_STATUS: success'" \
--variant=essential --include=ca-certificates,curl testing /dev/null \
"deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian testing main" \
"deb [trusted=yes] https://github.com/defo-project/openssl/raw/packages/ /" \
"deb [trusted=yes] copy:/$HOME/apt_repo /"
- name: Upload apt repository
run: |
cd "$HOME/apt_repo"
BRANCH=packages
REPOSITORY="$(printf "%s" "$GITHUB_REPOSITORY" | tr / _)"
echo "echo \"deb [trusted=yes] $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/raw/$BRANCH/ /\" | sudo tee /etc/apt/sources.list.d/$REPOSITORY.list" >> README.md
git init -b "$BRANCH"
git remote add origin "$(echo "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git" | sed "s#https://#https://x-access-token:${{ secrets.GITHUB_TOKEN }}@#")"
git add .
git -c user.name=Github -c user.email=none commit --message="Generated with $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"
git push --force origin "$BRANCH"
11 changes: 11 additions & 0 deletions debian/README.Debian
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
README for curl Debian package
==============================

Maintaining curl is not an easy task so it's important to have multiple people
taking care of it. With that in mind, the Debian Curl Maintainers team was
created to ease the maintenance burden. We also decided to keep the package
under the Debian namespace on Salsa because of its importance. Nonetheless, if
you would like to make changes to the package please try to reach us first
before committing and uploading.

-- Carlos Henrique Lima Melara <[email protected]> Sun, 26 Nov 2023 22:54:15 -0300
9 changes: 9 additions & 0 deletions debian/README.source
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
Adding New Patches
==================

Note that when adding new patches they must be applied *before* 90_gnutls.patch
and 99_nss.patch. This is needed by curl's package byzantine build process,
which builds the source multiple times with different TLS libraries.

This basically means that when adding new patches to the debian/patches/series
file, they must be listed before the aformentioned patches.
Loading

0 comments on commit 520a6e8

Please sign in to comment.