debian: add lintian

and fix/improve cross building. build now with PIE and RELRO
2026-01-11 03:11:50 +00:00 · 2024-11-16 12:46:10 +01:00
parent 6050051e04
commit 53c2f8b778
6 changed files with 41 additions and 9 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,6 +1,10 @@
 .go/
 .git/
 obj-x86_64-linux-gnu/
+obj-aarch64-linux-gnu/
+obj-arm-linux-gnueabihf/
+obj-i686-linux-gnu/
 unit.out
 aptly.test
 build/
+dpkgs/
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -142,7 +142,10 @@ jobs:
      - name: "Install packages"
        run: |
          apt-get update
-          apt-get install -y --no-install-recommends make ca-certificates git curl build-essential devscripts dh-golang binutils-i686-linux-gnu binutils-aarch64-linux-gnu binutils-arm-linux-gnueabihf jq bash-completion
+          apt-get install -y --no-install-recommends make ca-certificates git curl build-essential devscripts dh-golang jq bash-completion lintian \
+                          binutils-i686-linux-gnu binutils-aarch64-linux-gnu binutils-arm-linux-gnueabihf \
+                          libc6-dev-i386-cross libc6-dev-armhf-cross libc6-dev-arm64-cross \
+                          gcc-i686-linux-gnu gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu
          git config --global --add safe.directory "$GITHUB_WORKSPACE"

      - name: "Checkout repository"
--- a/.gitignore
+++ b/.gitignore
@@ -50,6 +50,9 @@ system/files/aptly2_passphrase.gpg~

 .go/
 obj-x86_64-linux-gnu/
+obj-aarch64-linux-gnu/
+obj-arm-linux-gnueabihf/
+obj-i686-linux-gnu/

 # debian
 debian/.debhelper/
@@ -63,6 +66,8 @@ debian/*.debhelper.log
 debian/aptly-api.substvars
 debian/aptly-dbg.substvars
 debian/aptly-dbg/
-usr
+usr/bin/aptly
+dpkgs/
+debian/changelog.dpkg-bak

 docs/
--- a/16
+++ b/16
@@ -107,18 +107,24 @@ dpkg: prepare swagger  ## Build debian packages
 	# set debian version
 	@if [ "`make -s releasetype`" = "ci" ]; then  \
 		echo CI Build, setting version... ; \
+		test ! -f debian/changelog.dpkg-bak || mv debian/changelog.dpkg-bak debian/changelog ; \
 		cp debian/changelog debian/changelog.dpkg-bak ; \
-		DEBEMAIL="CI <ci@aptly>" dch -v `make -s version` "CI build" ; \
+		DEBEMAIL="CI <ci@aptly.info>" dch -v `make -s version` "CI build" ; \
 	fi
+	# clean
+	rm -rf obj-i686-linux-gnu obj-arm-linux-gnueabihf obj-aarch64-linux-gnu obj-x86_64-linux-gnu
 	# Run dpkg-buildpackage
-	buildtype="any" ; \
+	@buildtype="any" ; \
 	if [ "$(DEBARCH)" = "amd64" ]; then  \
 	  buildtype="any,all" ; \
 	fi ; \
 	echo "\e[33m\e[1mBuilding: $$buildtype\e[0m" ; \
-	dpkg-buildpackage -us -uc --build=$$buildtype -d --host-arch=$(DEBARCH)
+	cmd="dpkg-buildpackage -us -uc --build=$$buildtype -d --host-arch=$(DEBARCH)" ; \
+	echo "$$cmd" ; \
+	$$cmd
+	lintian ../*_$(DEBARCH).changes || true
 	# cleanup
-	@test -f debian/changelog.dpkg-bak && mv debian/changelog.dpkg-bak debian/changelog || true ; \
+	@test ! -f debian/changelog.dpkg-bak || mv debian/changelog.dpkg-bak debian/changelog; \
 	mkdir -p build && mv ../*.deb build/ ; \
 	cd build && ls -l *.deb

@@ -148,7 +154,7 @@ docker-build:  ## Build aptly in docker container
 	@docker run -it --rm -v ${PWD}:/work/src aptly-dev /work/src/system/docker-wrapper build

 docker-shell:  ## Run aptly and other commands in docker container
-	@docker run -it --rm -v ${PWD}:/work/src aptly-dev /work/src/system/docker-wrapper || true
+	@docker run -it --rm -p 3142:3142 -v ${PWD}:/work/src aptly-dev /work/src/system/docker-wrapper || true

 docker-deb:  ## Build debian packages in docker container
 	@docker run -it --rm -v ${PWD}:/work/src aptly-dev /work/src/system/docker-wrapper dpkg DEBARCH=amd64
--- a/debian/rules
+++ b/debian/rules
@@ -6,6 +6,11 @@ export GOPATH=$(shell pwd)/.go
 export DEB_BUILD_OPTIONS=crossbuildcanrunhostbinaries

 export GOARCH := $(shell if [ $(DEB_TARGET_ARCH) = "i386" ]; then echo "386"; elif [ $(DEB_TARGET_ARCH) = "armhf" ]; then echo "arm"; else echo  $(DEB_TARGET_ARCH); fi)
+export CGO_ENABLED=1
+
+ifneq ($(DEB_HOST_GNU_TYPE), $(DEB_BUILD_GNU_TYPE))
+	export CC=$(DEB_HOST_GNU_TYPE)-gcc
+endif

 %:
 	dh $@ --buildsystem=golang --with=golang,bash-completion
@@ -30,6 +35,13 @@ override_dh_golang: # fails on non native debian build
 override_dh_dwz:  # somehow dwz works only with certain newer debhelper versions
 	dhver=`dpkg-query -f '$${Version}' -W debhelper`; (dpkg --compare-versions "$$dhver" lt 13 || test "$$dhver" = "13.3.4" || test "$$dhver" = "13.6ubuntu1") || dh_dwz

+override_dh_shlibdeps:
+ifneq ($(DEB_HOST_GNU_TYPE), $(DEB_BUILD_GNU_TYPE))
+	LD_LIBRARY_PATH=/usr/$(DEB_HOST_GNU_TYPE)/lib:$$LD_LIBRARY_PATH dh_shlibdeps
+else
+	dh_shlibdeps
+endif
+
 override_dh_auto_build:
 	echo $(DEB_VERSION) > VERSION
-	go build -o usr/bin/aptly
+	go build -buildmode=pie -o usr/bin/aptly
--- a/system/Dockerfile
+++ b/system/Dockerfile
@@ -6,7 +6,9 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends curl gnupg b
        golang/bookworm-backports golang-go/bookworm-backports golang-doc/bookworm-backports golang-src/bookworm-backports \
        make git python3 python3-requests-unixsocket python3-termcolor python3-swiftclient python3-boto python3-azure-storage \
        g++ python3-etcd3 python3-plyvel graphviz devscripts sudo dh-golang binutils-i686-linux-gnu binutils-aarch64-linux-gnu \
-        binutils-arm-linux-gnueabihf bash-completion zip ruby3.1-dev && \
+        binutils-arm-linux-gnueabihf bash-completion zip ruby3.1-dev lintian \
+        libc6-dev-i386-cross libc6-dev-armhf-cross libc6-dev-arm64-cross \
+        gcc-i686-linux-gnu gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu && \
    apt-get clean && rm -rf /var/lib/apt/lists/*

 RUN useradd -m --shell /bin/bash --home-dir /var/lib/aptly aptly