From c9da9ace26ba69fcbbb3895c34816c6cbc714955 Mon Sep 17 00:00:00 2001
From: finn <finn@janky.solutions>
Date: Wed, 2 Dec 2020 03:00:46 -0800
Subject: [PATCH] Add aarch64 build

---
 .gitlab-ci.yml               | 33 ++++++++++++------
 deb-scripts/get-component.sh | 16 +++++++++
 deb-scripts/release-deb.sh   | 65 ++++++++++++++++++++++++++++++++++++
 deb-scripts/repo-cron.sh     | 27 +++++++++++++++
 signald-builder.Dockerfile   | 21 ++++++++++++
 5 files changed, 152 insertions(+), 10 deletions(-)
 create mode 100644 deb-scripts/get-component.sh
 create mode 100644 deb-scripts/release-deb.sh
 create mode 100644 deb-scripts/repo-cron.sh
 create mode 100644 signald-builder.Dockerfile

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index fa6a751..8dc1bd7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,4 +1,14 @@
-build:signal-server:
+.build: &build
+  image: docker:latest
+  stage: build
+  script:
+    - docker login -u gitlab-ci-token -p "${CI_JOB_TOKEN}" "${CI_REGISTRY}"
+    - docker build -f "${DOCKERFILE}" -t "${CI_REGISTRY_IMAGE}/${NAME}:${CI_COMMIT_SHA:0:8}" .
+    - docker tag "${CI_REGISTRY_IMAGE}/${NAME}:${CI_COMMIT_SHA:0:8}" "${CI_REGISTRY_IMAGE}/${NAME}:${CI_COMMIT_REF_SLUG}"
+    - docker push "${CI_REGISTRY_IMAGE}/${NAME}:${CI_COMMIT_SHA:0:8}"
+    - docker push "${CI_REGISTRY_IMAGE}/${NAME}:${CI_COMMIT_REF_SLUG}"
+
+signal-server:
   image: docker:latest
   stage: build
   script:
@@ -12,12 +22,15 @@ build:signal-server:
     - docker push ${CI_REGISTRY_IMAGE}/signal-server:${VERSION}
     - echo "docker pull ${CI_REGISTRY_IMAGE}/signal-server:${VERSION}"
 
-build:testhelper:
-  image: docker:latest
-  stage: build
-  script:
-    - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
-    - docker build -f testhelper.Dockerfile -t ${CI_REGISTRY_IMAGE}/testhelper:${CI_COMMIT_SHA:0:8} .
-    - docker tag ${CI_REGISTRY_IMAGE}/testhelper:${CI_COMMIT_SHA:0:8} ${CI_REGISTRY_IMAGE}/testhelper:${CI_COMMIT_REF_SLUG}
-    - docker push ${CI_REGISTRY_IMAGE}/testhelper:${CI_COMMIT_SHA:0:8}
-    - docker push ${CI_REGISTRY_IMAGE}/testhelper:${CI_COMMIT_REF_SLUG}
+testhelper:
+  <<: *build
+  variables:
+    DOCKERFILE: "testhelper.Dockerfile"
+    NAME: "testhelper"
+
+builder-image:aarch64:
+  <<: *build
+  tags: [arm-docker-builder]
+  variables:
+    DOCKERFILE: "signald-builder.Dockerfile"
+    NAME: "signald-builder-arm"
\ No newline at end of file
diff --git a/deb-scripts/get-component.sh b/deb-scripts/get-component.sh
new file mode 100644
index 0000000..74b90e9
--- /dev/null
+++ b/deb-scripts/get-component.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+set -euo pipefail
+
+if [[ "${COMPONENT:-}" == "" ]]; then  # no component specified, we can guess
+    if [[ "${CI_BUILD_TAG:-}" == "" ]]; then  # Not building a tag
+        if [[ "${CI_COMMIT_REF_SLUG:-}" != "" ]]; then
+            COMPONENT="${CI_COMMIT_REF_SLUG}"
+        fi
+    else
+        COMPONENT="stable"
+    fi
+fi
+
+COMPONENT="${COMPONENT:-experimental}"
+
+echo $COMPONENT
diff --git a/deb-scripts/release-deb.sh b/deb-scripts/release-deb.sh
new file mode 100644
index 0000000..47eceaa
--- /dev/null
+++ b/deb-scripts/release-deb.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+set -exuo pipefail
+
+## -----------
+## Custom repository
+## -----------------
+
+## - https://wiki.debian.org/DebianRepository
+## - https://debian-handbook.info/browse/stable/sect.setup-apt-package-repository.html
+## - https://lists.debian.org/debian-mentors/2006/04/msg00294.html
+
+## -----
+
+COMPONENT=$(get-component)
+CODENAME=${CODENAME:-$(lsb_release -sc)}
+
+mkdir -p dists/$CODENAME/$COMPONENT/binary-amd64
+# mkdir -p dists/$CODENAME/$COMPONENT/source
+find $1 -maxdepth 1 -name "*.deb" -type f -exec cp -a {} dists/$CODENAME/$COMPONENT/binary-amd64 \;
+# find $OLDPWD -maxdepth 1 -name "*gradle*xy" -type f -exec cp -a {} dists/$CODENAME/$COMPONENT/source \;
+
+while read; do
+    cat > dists/$CODENAME/$COMPONENT/binary-amd64/Release <<-EOF
+    Origin: Debian
+    Label: Debian
+    Suite: $COMPONENT
+    Codename: $CODENAME
+    Valid-Until: $(date --rfc-2822 --utc --date="${REPO_VALID_UNTIL:-1year}")
+    Architectures: amd64
+    Components: $COMPONENT
+    Description: Debian x.y Unstable - Not Released
+EOF
+done <<ARCH
+binary-amd64
+source
+ARCH
+
+dpkg-scanpackages -m dists/$CODENAME/$COMPONENT/binary-amd64/ > dists/$CODENAME/$COMPONENT/binary-amd64/Packages
+#dpkg-scansources dists/$CODENAME/$COMPONENT/source/ > dists/$CODENAME/$COMPONENT/source/Sources
+
+> dists/$CODENAME/Release apt-ftparchive release dists/$COMPONENT \
+    -o APT::FTPArchive::Release::Architectures="amd64 source" \
+    -o APT::FTPArchive::Release::Codename="$CODENAME" \
+    -o APT::FTPArchive::Release::Components="$COMPONENT" \
+    -o APT::FTPArchive::Release::Description="Description: Experimental packages - not released use at your own risk." \
+    -o APT::FTPArchive::Release::Label="Debian" \
+    -o APT::FTPArchive::Release::Origin="Debian" \
+    -o APT::FTPArchive::Release::Suite="$COMPONENT" \
+
+
+# sign files
+gpg --homedir /opt/signing-keys/.gnupg --yes -u $2 --no-tty --passphrase-fd 0 -abs -o dists/$CODENAME/Release.gpg dists/$CODENAME/Release
+gpg --homedir /opt/signing-keys/.gnupg --yes -u $2 --no-tty --passphrase-fd 0 --clearsign -o dists/$CODENAME/InRelease dists/$CODENAME/Release
+
+
+## import signatures on client
+# gpg --recv-key --keyserver localhost 0123456789abcdef
+# gpg --list-sigs
+# gpg --export 0123456789abcdef > /usr/share/keyrings/archive-keyring.gpg
+#
+# cat >> /etc/apt/sources.list <<apt
+# deb [signed-by=/usr/share/keyrings/archive-keyring.gpg] ftp://localhost/debian $(lsb_release -sc) $COMPONENT
+# deb-src [signed-by=/usr/share/keyrings/archive-keyring.gpg] ftp://localhost/debian $(lsb_release -sc) $COMPONENT
+# apt
+## -----
diff --git a/deb-scripts/repo-cron.sh b/deb-scripts/repo-cron.sh
new file mode 100644
index 0000000..0213101
--- /dev/null
+++ b/deb-scripts/repo-cron.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+set -euo pipefail
+
+STORAGE_TIME="${STORAGE_TIME:-604800}"  # Default to 1 week (604800 seconds)
+
+seconds_since() {
+    echo $(($(date --utc +%s)-$(date --date="$1" --utc +%s)))
+}
+
+
+prettyexec() {
+    echo '\x1b[32;1m$ $@\x1b[0;m'
+    $@
+}
+
+# Delete .debs that are older than $STORAGE_TIME and in a non-stable branch
+for codename in $(mc ls --json -q "$1/dists/" | jq -r .key | grep -v -E "^stable$"); do
+    for file in $(mc ls --recursive --json "$1/dists/$codename" | jq -c .); do
+        LAST_MODIFIED=$(echo "$file" | jq -r .lastModified)
+        FILENAME="$1/dists/$codename$(echo "$file" | jq -r .key)"
+        SECONDS_SINCE=$(seconds_since "${LAST_MODIFIED}")
+        if [[ "${SECONDS_SINCE}" -gt "${STORAGE_TIME}" ]]; then
+            echo "Deleting ${FILENAME}"
+            prettyexec mc rm "${FILENAME}"
+        fi
+    done
+done
diff --git a/signald-builder.Dockerfile b/signald-builder.Dockerfile
new file mode 100644
index 0000000..1e33a68
--- /dev/null
+++ b/signald-builder.Dockerfile
@@ -0,0 +1,21 @@
+FROM debian:latest
+RUN apt-get update && apt-get install -y \
+  gpg \
+  dpkg-dev \
+  apt-utils \
+  wget \
+  dh-make \
+  debhelper \
+  javahelper \
+  gradle \
+  default-jdk-headless \
+  git-buildpackage \
+  gradle-debian-helper \
+  jq \
+  && rm -rf /var/lib/apt/lists/*
+RUN adduser signald
+RUN mkdir /home/signald && chown signald:signald /home/signald
+COPY deb-scripts/release-deb.sh /usr/bin/release-deb
+COPY deb-scripts/get-component.sh /usr/bin/get-component
+COPY deb-scripts/repo-cron.sh /usr/bin/repo-cron
+USER signald