Bug#652527: pbuilder: No hook option for after .debs are written

Sun Dec 18 15:13:27 UTC 2011

Philip Ashmore dixit:

>In each konsole window to pick up the new packages that the next one requires.

I just use a wrapper around cowbuilder for that. Have a look at:
https://evolvis.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=shellsnippets/shellsnippets.git;a=blob;f=mksh/sysadmin/vcs2deb;h=c2db67e82027e04ca17da37500765c3fc89b214f;hb=HEAD
plus the other scripts in that directory. The order:

* vcs2deb (called)
  - check out (svn and git are tested at work)
  - do some basic sanity checks
  - if $VERSION_AS_SNAPSHOT = "true":
    make this a snapshot upload (append [~.]snapshot.%Y%m%d.%H%M%S)
  - run dpkg-buildpackage -d -rfakeroot -S -us -uc
  * call kuhbauer (in the same directory; name is a pun on cowbuilder)
    with sudo (the jenkins user needs an appropriate sudoers entry)
    - validate and escape arguments
    - create hooks (here: add $companyname-keyring.deb, amend
      sources.list, run a-g update before building; run lintian after)
    - run cowbuilder, create logfile (*.holzscheit, pun on log)
    !!! this sorta needs my /etc/pbuilderrc:
	https://www.mirbsd.org/cvs.cgi/contrib/hosted/tg/deb/pbuilderrc?rev=HEAD
    => this allows to have multiple distros (multiple base.cow)
  - take the result from the _temporary_ RESULTDIR
  - copies the logfile to the cwd of invocation time
  - if $ENABLE_UPLOAD = "true":
    * call /opt/mvn-debs/mvndput.sh (in the same directory)
      - validates changes file
      - puts stuff in appropriate APT repository
      * call mvndebri.sh (in the same directory)
        - run dpkg-scanpackages, dpkg-scansources
        - create Release file
        - run gpg (in batch mode) to sign Release.gpg
        - create debidx.htm, looks like this:
          https://www.freewrt.org/~tg/debs/debidx.htm
  - uses dput to copy the .changes file plus all files it
    references to the cwd of invocation time (this fixes a
    bug in {cow,p}builder to put e.g. the .dsc+.diff.gz into
    RESULTDIR even for a --binary-arch --debbuildopts -B run)
  - exit 0 ;-)

It cannot truly be used as-is, but with some very few changes,
i.e. set up the structure under /opt/mvn-debs (copy the two
scripts there, make it chmod 2775, chgrp to the user running
the builds; in our jenkins installations he's called maven,
hence the name), create a pgp key, put it into place, write
its password to /etc/tarent/maven.kpw (oh well, change that
directory name ;), edit labels in mvndebri.sh and make your
own keyring package; use this as base:
https://www.freewrt.org/~tg/debs/dists/etch/wtf/Pkgs/wtf-debian-keyring/wtf-debian-keyring_20110906.dsc
Put the keyring package to /var/cache/pbuilder/base.cow-*/tmp/
so that the hook can find (and dpkg -i) it, so Secure APT works.

Oh, and apt-get install mksh of course ;-)

Hope this helps,
//mirabilos
-- 
FWIW, I'm quite impressed with mksh interactively. I thought it was much
*much* more bare bones. But it turns out it beats the living hell out of
ksh93 in that respect. I'd even consider it for my daily use if I hadn't
wasted half my life on my zsh setup. :-) -- Frank Terbeck in #!/bin/mksh