git-echo/linux_patch_api
Private
Public Access
1
0
Fork 0
Code Releases 32 Wiki Activity
Files
32803ff27cd212effb48080793671e8cbe26c9cd
linux_patch_api/scripts/build-package.sh
Draco Lunaris 32803ff27c
Some checks failed
CI/CD Pipeline / Code Format (push) Successful in 2s
CI/CD Pipeline / Clippy Lints (push) Successful in 46s
CI/CD Pipeline / All Unit Tests (push) Successful in 1m11s
CI/CD Pipeline / Security Audit (push) Successful in 5s
CI/CD Pipeline / Enrollment Tests (push) Successful in 1m27s
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Failing after 5s
CI/CD Pipeline / Verify Enrollment CLI Flag (push) Successful in 1m5s
CI/CD Pipeline / Build Debian Package (push) Failing after 4s
CI/CD Pipeline / Build Arch Package (push) Successful in 2m22s
CI/CD Pipeline / Build RPM Package (push) Successful in 2m17s
CI/CD Pipeline / Build Alpine Package (push) Successful in 3m7s
fix: switch to build-package.sh for .deb builds 
* fix: switch to build-package.sh for .deb builds

Replace dpkg-buildpackage with scripts/build-package.sh using
dpkg-deb --build approach. This bypasses the dpkg-buildpackage
subprocess chain (dh → make → debian/rules → cargo) which
does not inherit the rustup environment (RUSTUP_HOME, CARGO_HOME,
default toolchain) from GitHub Actions.

Same approach as Linux-Patch-Manager which passes CI.

- Add scripts/build-package.sh (modeled after Manager)
- Add Version and Installed-Size to debian/control
- Update CI workflow to use build-package.sh
- Fix release files path (project root, not ../)

* fix: extract only binary package paragraph from debian/control

dpkg-deb --build expects a single control paragraph starting
with Package: field. The debian/control file has two paragraphs
(source + binary). The awk command extracts only the binary
package paragraph to avoid dpkg-deb parse errors.

* fix: generate DEBIAN/control from scratch in build-package.sh

dpkg-deb --build is fundamentally incompatible with debian/control
which uses dpkg-buildpackage substitution variables like
${shlibs:Depends} and ${misc:Depends}. Generate a clean control
file from scratch in the script to eliminate all incompatibilities.

- No substitution variables
- No source paragraph
- No Build-Depends
- Homepage points to GitHub
- Installed-Size calculated before control file generation

---------

Co-authored-by: git-echo <git-echo@moon-dragon.us>
2026-05-31 11:19:47 -05:00

144 lines
5.4 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# =============================================================================
# Linux Patch API — Build .deb Package for Ubuntu 24.04
# =============================================================================
# Produces: linux-patch-api_<version>-1_amd64.deb
# Prerequisites:
# - Rust toolchain (cargo, rustc >= 1.75)
# - dpkg-deb
# =============================================================================
set -euo pipefail
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
NC='\033[0m'
info() { echo -e "${GREEN}[INFO]${NC} $*"; }
warn() { echo -e "${YELLOW}[WARN]${NC} $*"; }
error() { echo -e "${RED}[ERROR]${NC} $*" >&2; exit 1; }
PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
VERSION="1.2.0"
RELEASE="1"
PKG_NAME="linux-patch-api"
DEB_NAME="${PKG_NAME}_${VERSION}-${RELEASE}_amd64.deb"
BUILD_DIR="${PROJECT_ROOT}/package-build"
info "=== Linux Patch API — Package Build ==="
info "Version: ${VERSION}-${RELEASE}"
info "Target: Ubuntu 24.04 (noble) amd64"
echo
# ---------------------------------------------------------------------------
# 1. Build Rust binary (release mode)
# ---------------------------------------------------------------------------
info "Step 1/4: Building Rust binary (release mode)..."
cd "${PROJECT_ROOT}"
cargo build --release 2>&1 | tail -5
# Verify binary exists
[[ -f "${PROJECT_ROOT}/target/release/linux-patch-api" ]] || error "linux-patch-api not found in target/release/"
info "Rust binary built successfully."
# Strip debug symbols for smaller package
strip "${PROJECT_ROOT}/target/release/linux-patch-api" 2>/dev/null || warn "strip failed (may already be stripped)"
info "Binary stripped."
# ---------------------------------------------------------------------------
# 2. Assemble package directory structure
# ---------------------------------------------------------------------------
info "Step 2/4: Assembling package structure..."
rm -rf "${BUILD_DIR}"
mkdir -p "${BUILD_DIR}/DEBIAN"
mkdir -p "${BUILD_DIR}/usr/bin"
mkdir -p "${BUILD_DIR}/etc/linux_patch_api"
mkdir -p "${BUILD_DIR}/etc/linux_patch_api/certs"
mkdir -p "${BUILD_DIR}/lib/systemd/system"
mkdir -p "${BUILD_DIR}/var/log/linux_patch_api"
mkdir -p "${BUILD_DIR}/var/lib/linux_patch_api"
# Binary
cp "${PROJECT_ROOT}/target/release/linux-patch-api" "${BUILD_DIR}/usr/bin/linux-patch-api"
chmod 755 "${BUILD_DIR}/usr/bin/linux-patch-api"
# Systemd service
cp "${PROJECT_ROOT}/configs/linux-patch-api.service" "${BUILD_DIR}/lib/systemd/system/"
# Configuration files
cp "${PROJECT_ROOT}/configs/config.yaml.example" "${BUILD_DIR}/etc/linux_patch_api/config.yaml"
cp "${PROJECT_ROOT}/configs/whitelist.yaml.example" "${BUILD_DIR}/etc/linux_patch_api/whitelist.yaml"
# Calculate installed size BEFORE generating control file
INSTALLED_SIZE=$(du -sk "${BUILD_DIR}" | cut -f1)
# Generate DEBIAN/control from scratch for dpkg-deb --build
# (debian/control uses dpkg-buildpackage substitution variables like
# ${shlibs:Depends} that dpkg-deb cannot resolve)
cat > "${BUILD_DIR}/DEBIAN/control" <<EOF
Package: linux-patch-api
Version: ${VERSION}-${RELEASE}
Architecture: amd64
Maintainer: Echo <echo@moon-dragon.us>
Installed-Size: ${INSTALLED_SIZE}
Depends: systemd, libsystemd0
Section: admin
Priority: optional
Homepage: https://github.com/Draco-Lunaris/Linux-Patch-Api
Description: Secure remote package management API for Linux systems
Linux Patch API provides a secure, mTLS-authenticated REST API for
remote package management operations including package installation
and removal, security patch application, system health monitoring,
and job queue management with WebSocket status streaming.
EOF
# Conffiles
cat > "${BUILD_DIR}/DEBIAN/conffiles" << 'EOF'
/etc/linux_patch_api/config.yaml
/etc/linux_patch_api/whitelist.yaml
EOF
# Maintainer scripts
cp "${PROJECT_ROOT}/debian/postinst" "${BUILD_DIR}/DEBIAN/postinst"
cp "${PROJECT_ROOT}/debian/prerm" "${BUILD_DIR}/DEBIAN/prerm"
cp "${PROJECT_ROOT}/debian/postrm" "${BUILD_DIR}/DEBIAN/postrm"
chmod 755 "${BUILD_DIR}/DEBIAN/postinst" "${BUILD_DIR}/DEBIAN/prerm" "${BUILD_DIR}/DEBIAN/postrm"
info "Package structure assembled (${INSTALLED_SIZE} KB)."
# ---------------------------------------------------------------------------
# 3. Build .deb package
# ---------------------------------------------------------------------------
info "Step 3/4: Building .deb package..."
dpkg-deb --build "${BUILD_DIR}" "${PROJECT_ROOT}/${DEB_NAME}"
info ".deb package created: ${DEB_NAME}"
# ---------------------------------------------------------------------------
# 4. Verify and summarize
# ---------------------------------------------------------------------------
info "Step 4/4: Verifying package..."
dpkg-deb --info "${PROJECT_ROOT}/${DEB_NAME}"
echo
dpkg-deb --contents "${PROJECT_ROOT}/${DEB_NAME}" | head -20 || true
echo
PKG_SIZE=$(du -h "${PROJECT_ROOT}/${DEB_NAME}" | cut -f1)
info "=== Package Build Complete ==="
info "Package: ${DEB_NAME}"
info "Size: ${PKG_SIZE}"
echo
echo -e "${CYAN}Installation instructions:${NC}"
echo " 1. Copy ${DEB_NAME} to the target Ubuntu 24.04 host"
echo " 2. Install: sudo dpkg -i ${DEB_NAME}"
echo " 3. Or with auto-deps: sudo apt install ./${DEB_NAME}"
echo " 4. Configure: /etc/linux_patch_api/config.yaml"
echo " 5. Start: systemctl enable --now linux-patch-api.service"
echo
# Cleanup build directory
rm -rf "${BUILD_DIR}"
info "Build directory cleaned up."
View Git Blame Copy Permalink