From b944a41f7cb1faa794a6ec9e12c0ffadb3edb732 Mon Sep 17 00:00:00 2001
From: "heiko.reese" <heiko.reese@kit.edu>
Date: Sun, 5 Sep 2021 13:57:54 +0200
Subject: [PATCH] Lower Build-Depends on debhelper-compat to version 12 (which
 should have

---
 .gitlab-ci.yml         | 69 ++++++++++++++++++++++++++++--------
 ci_container/README.md | 17 +++++++++
 ci_container/build.sh  | 80 ++++++++++++++++++++++++++++++++++++++++++
 debian/changelog       |  5 +++
 debian/control         | 19 ++++++++++
 debian/copyright       | 29 +++++++++++++++
 debian/rules           | 25 +++++++++++++
 7 files changed, 230 insertions(+), 14 deletions(-)
 create mode 100644 ci_container/README.md
 create mode 100755 ci_container/build.sh
 create mode 100644 debian/changelog
 create mode 100644 debian/control
 create mode 100644 debian/copyright
 create mode 100755 debian/rules

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b9c9095..0837428 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,39 +1,80 @@
 stages:
     - build
-    - test
+    - debian-package
+
+.image-buster:
+    image: '${CONTAINER_REGISTRY_NAME}/exim-encrypt-dlfunc-build-buster'
+
+.image-bullseye:
+    image: '${CONTAINER_REGISTRY_NAME}/exim-encrypt-dlfunc-build-bullseye'
+
+.image-focal:
+    image: '${CONTAINER_REGISTRY_NAME}/exim-encrypt-dlfunc-build-focal'
 
 .build:
     stage: build
-    before_script:
-        - apt-get update
-        - DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install -y build-essential exim4-dev libsodium-dev pkg-config python3-pip exim4-daemon-heavy openssl
-        - pip3 install meson ninja
     script:
         - meson build
         - cd build
         - ninja
         - ninja test
+        - cd ..
     artifacts:
         paths:
             - build/src/generate_encryption_keys
             - build/src/libexim-encrypt-dlfunc.so
 
+.debian-package:
+    stage: debian-package
+    script:
+        - dpkg-buildpackage --no-sign
+        - mv -t . ../*.deb ../*.dsc ../*.tar.gz ../*.changes ../*.buildinfo
+    artifacts:
+        paths:
+            - ./*.deb
+            - ./*.dsc
+            - ./*.tar.gz
+            - ./*.changes
+            - ./*.buildinfo
+
 build:buster:
     extends:
         - .build
-    image: debian:buster
-
+        - .image-buster
+    needs: []
+    
 build:bullseye:
-    image: debian:bullseye
-    extends:
-        - .build
-
-build:bionic:
-    image: ubuntu:bionic
     extends:
+        - .image-bullseye
         - .build
+    needs: []
 
 build:focal:
-    image: ubuntu:focal
     extends:
+        - .image-focal
         - .build
+    needs: []
+
+debian-package:buster:
+    extends:
+        - .image-buster
+        - .debian-package
+    dependencies:
+        - build:buster
+    needs: ["build:buster"]
+
+debian-package:bullseye:
+    extends:
+        - .image-bullseye
+        - .debian-package
+    dependencies:
+        - build:bullseye
+    needs: ["build:bullseye"]
+
+debian-package:focal:
+    extends:
+        - .image-focal
+        - .debian-package
+    dependencies:
+        - build:focal
+    needs: ["build:focal"]
diff --git a/ci_container/README.md b/ci_container/README.md
new file mode 100644
index 0000000..6f54f9c
--- /dev/null
+++ b/ci_container/README.md
@@ -0,0 +1,17 @@
+# How to build and use these images
+
+## Prerequisites
+
+* [buildah](https://buildah.io/)
+* {podman](https://podman.io/)
+
+## Build and upload
+
+Run `build.sh` with the required parameters:
+
+* `-r`: Registry to upload to; set to `none` to skip uploading
+* `-u`: Username for registry (optional if previous cached login exists)
+* `-p`: Passwort for registry (optional if previous cached login exists)
+* `-b`: Image basename (optional; defaults to `exim-encrypt-dlfunc-build`)
+* `-t`: Image tag (optional, defaults to `latest`)
+
diff --git a/ci_container/build.sh b/ci_container/build.sh
new file mode 100755
index 0000000..f3072ce
--- /dev/null
+++ b/ci_container/build.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+# shellcheck disable=SC1004
+
+set -e
+
+images=('debian:buster|buster' 'debian:bullseye|bullseye' 'ubuntu:focal|focal')
+
+BASENAME='exim-encrypt-dlfunc-build'
+TAG='latest'
+REGISTRY='localhost:5000'
+USERNAME='nobody'
+PASSWORD='password'
+
+while getopts "r:u:p:b:t:" OPTION; do
+    case $OPTION in
+        r)
+            REGISTRY="${OPTARG}"
+            ;;
+        u)
+            USERNAME="${OPTARG}"
+            ;;
+        p)
+            PASSWORD="${OPTARG}"
+            ;;
+        b)
+            BASENAME="${OPTARG}"
+            ;;
+        t)
+            TAG="${OPTARG}"
+            ;;
+        *)
+            echo "Invalid argument"
+            exit 127
+    esac
+done
+
+REGHOST="$(echo "${REGISTRY}" | cut -d/ -f1)"
+if [ "${REGISTRY}" != "none" ]; then
+	echo "🔑 Logging into »${REGHOST}«"
+	if ! buildah login --get-login "${REGHOST}" > /dev/null 2> /dev/null; then
+		buildah login --password "${PASSWORD}" --username "${USERNAME}" "${REGHOST}"
+	fi
+fi
+
+for i in "${images[@]}"; do
+	basectr=$(echo "${i}" | cut -d'|' -f1)
+	name=$(echo "${i}" | cut -d'|' -f2)
+
+	ctr="$(buildah from "$basectr")"
+	buildah run "$ctr" /bin/sh -c 'apt-get update; \
+	DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install -y \
+	    build-essential \
+	    git \
+	    exim4-dev \
+	    libsodium-dev \
+	    pkg-config \
+	    python3-pip \
+	    exim4-daemon-heavy \
+	    openssl \
+	    meson; \
+	DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install -y \
+	    debhelper \
+	    dh-make \
+	    devscripts \
+	    git-buildpackage \
+	    debsigs \
+	    gpgv1; \
+	pip3 install meson ninja; \
+	rm -rf /var/lib/apt/lists/*; \
+	rm -rf ~/.cache/pip/*;'
+	IMAGENAME="${BASENAME}-${name}"
+	TARGET="${REGISTRY}/${BASENAME}-${name}:${TAG}"
+	echo "⚙️ Assembling »${IMAGENAME}«"
+	IMAGEID=$(buildah commit --format docker "$ctr" "${IMAGENAME}")
+	if [ "${REGISTRY}" != "none" ]; then
+		echo "🚀 Pushing »${TARGET}«"
+		buildah push "${IMAGEID}" "${TARGET}"
+		echo "💡 Finished »${BASENAME}«"
+	fi
+done
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..ef00888
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5 @@
+exim-encrypt-dlfunc (0.2.0) unstable; urgency=medium
+
+  * Initial Release.
+
+ -- Heiko Reese <heiko.reese@kit.edu>  Sun, 22 Aug 2021 20:00:57 +0000
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..0255a0c
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,19 @@
+Source: exim-encrypt-dlfunc
+Priority: optional
+Maintainer: Heiko Reese <heiko.reese@kit.edu>
+Build-Depends: debhelper-compat (= 12), build-essential, exim4-dev, libsodium-dev, meson, pkg-config, openssl, python3-pip
+Standards-Version: 4.5.1
+Section: libs
+Homepage: https://git.scc.kit.edu/mail/exim-encrypt-dlfunc
+Vcs-Browser: https://git.scc.kit.edu/mail/exim-encrypt-dlfunc
+Vcs-Git: https://git.scc.kit.edu/mail/exim-encrypt-dlfunc.git
+Rules-Requires-Root: no
+
+Package: exim-encrypt-dlfunc
+Architecture: any
+Multi-Arch: same
+Depends: ${shlibs:Depends}, ${misc:Depends}, exim4-daemon-heavy
+Description: String encryption library for exim4
+ This library provides functions to encrypt and decrypt strings within exim4
+ using either passwords or public/private key pairs. All cryptographic
+ functionality is provides by libsodium.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..d40cc5b
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,29 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: exim-encrypt-dlfunc
+Upstream-Contact: Heiko Reese <heiko.reese@kit.edu>
+Source: https://git.scc.kit.edu/mail/exim-encrypt-dlfunc
+
+Files: *
+Copyright: 2021 Heiko Reese <heiko.reese@kit.edu> 
+License: Apache-2.0
+
+Files: debian/*
+Copyright: 2021 Heiko Reese <heiko.reese@kit.edu>
+License: Apache-2.0
+
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache version 2.0 license
+ can be found in "/usr/share/common-licenses/Apache-2.0".
+
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..dcdbe7b
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,25 @@
+#!/usr/bin/make -f
+# See debhelper(7) (uncomment to enable)
+# output every command that modifies files on the build system.
+export DH_VERBOSE = 1
+
+
+# see FEATURE AREAS in dpkg-buildflags(1)
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+# see ENVIRONMENT in dpkg-buildflags(1)
+# package maintainers to append CFLAGS
+#export DEB_CFLAGS_MAINT_APPEND  = -Wall -pedantic
+# package maintainers to append LDFLAGS
+#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+
+%:
+	dh $@
+
+
+# dh_make generated override targets
+# This is example for Cmake (See https://bugs.debian.org/641051 )
+#override_dh_auto_configure:
+#	dh_auto_configure -- \
+#	-DCMAKE_LIBRARY_PATH=$(DEB_HOST_MULTIARCH)