Skip to content

Commit 63c0059

Browse files
authored
Use packaging sources to build packages on non-mainstream architectures (#243)
1 parent f76ccc0 commit 63c0059

File tree

7 files changed

+183
-54
lines changed

7 files changed

+183
-54
lines changed

Dockerfile-debian-perl.template

Lines changed: 30 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -19,24 +19,46 @@ RUN set -x; \
1919
;; \
2020
*) \
2121
# we're on an architecture upstream doesn't officially build for
22-
# let's build binaries from the published source packages
23-
echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \
24-
\
22+
# let's build binaries from the published packaging sources
2523
# new directory for storing sources and .deb files
26-
&& tempDir="$(mktemp -d)" \
24+
tempDir="$(mktemp -d)" \
2725
&& chmod 777 "$tempDir" \
2826
# (777 to ensure APT's "_apt" user can access it too)
2927
\
3028
# save list of currently-installed packages so build dependencies can be cleanly removed later
3129
&& savedAptMark="$(apt-mark showmanual)" \
3230
\
33-
# build .deb files from upstream's source packages (which are verified by apt-get)
31+
# build .deb files from upstream's packaging sources
3432
&& apt-get update \
35-
&& apt-get build-dep -y %%BUILDTARGET%% \
33+
&& apt-get install --no-install-recommends --no-install-suggests -y \
34+
curl \
35+
devscripts \
36+
equivs \
37+
git \
38+
libxml2-utils \
39+
lsb-release \
40+
xsltproc \
3641
&& ( \
3742
cd "$tempDir" \
38-
&& DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
39-
apt-get source --compile %%BUILDTARGET%% \
43+
&& REVISION="%%REVISION%%" \
44+
&& REVISION=${REVISION%~*} \
45+
&& curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
46+
&& PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \
47+
&& if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
48+
echo "pkg-oss tarball checksum verification succeeded!"; \
49+
else \
50+
echo "pkg-oss tarball checksum verification failed!"; \
51+
exit 1; \
52+
fi \
53+
&& tar xzvf ${REVISION}.tar.gz \
54+
&& cd pkg-oss-${REVISION} \
55+
&& cd debian \
56+
&& for target in %%BUILDTARGET%%; do \
57+
make rules-$target; \
58+
mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
59+
debuild-$target/nginx-$NGINX_VERSION/debian/control; \
60+
done \
61+
&& make %%BUILDTARGET%% \
4062
) \
4163
# we don't remove APT lists here because they get re-downloaded and removed later
4264
\

Dockerfile-debian.template

Lines changed: 30 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -47,24 +47,46 @@ RUN set -x \
4747
;; \
4848
*) \
4949
# we're on an architecture upstream doesn't officially build for
50-
# let's build binaries from the published source packages
51-
echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \
52-
\
50+
# let's build binaries from the published packaging sources
5351
# new directory for storing sources and .deb files
54-
&& tempDir="$(mktemp -d)" \
52+
tempDir="$(mktemp -d)" \
5553
&& chmod 777 "$tempDir" \
5654
# (777 to ensure APT's "_apt" user can access it too)
5755
\
5856
# save list of currently-installed packages so build dependencies can be cleanly removed later
5957
&& savedAptMark="$(apt-mark showmanual)" \
6058
\
61-
# build .deb files from upstream's source packages (which are verified by apt-get)
59+
# build .deb files from upstream's packaging sources
6260
&& apt-get update \
63-
&& apt-get build-dep -y %%BUILDTARGET%% \
61+
&& apt-get install --no-install-recommends --no-install-suggests -y \
62+
curl \
63+
devscripts \
64+
equivs \
65+
git \
66+
libxml2-utils \
67+
lsb-release \
68+
xsltproc \
6469
&& ( \
6570
cd "$tempDir" \
66-
&& DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
67-
apt-get source --compile %%BUILDTARGET%% \
71+
&& REVISION="%%REVISION%%" \
72+
&& REVISION=${REVISION%~*} \
73+
&& curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
74+
&& PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \
75+
&& if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
76+
echo "pkg-oss tarball checksum verification succeeded!"; \
77+
else \
78+
echo "pkg-oss tarball checksum verification failed!"; \
79+
exit 1; \
80+
fi \
81+
&& tar xzvf ${REVISION}.tar.gz \
82+
&& cd pkg-oss-${REVISION} \
83+
&& cd debian \
84+
&& for target in %%BUILDTARGET%%; do \
85+
make rules-$target; \
86+
mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
87+
debuild-$target/nginx-$NGINX_VERSION/debian/control; \
88+
done \
89+
&& make %%BUILDTARGET%% \
6890
) \
6991
# we don't remove APT lists here because they get re-downloaded and removed later
7092
\

mainline/debian-perl/Dockerfile

Lines changed: 30 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -30,24 +30,46 @@ RUN set -x; \
3030
;; \
3131
*) \
3232
# we're on an architecture upstream doesn't officially build for
33-
# let's build binaries from the published source packages
34-
echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
35-
\
33+
# let's build binaries from the published packaging sources
3634
# new directory for storing sources and .deb files
37-
&& tempDir="$(mktemp -d)" \
35+
tempDir="$(mktemp -d)" \
3836
&& chmod 777 "$tempDir" \
3937
# (777 to ensure APT's "_apt" user can access it too)
4038
\
4139
# save list of currently-installed packages so build dependencies can be cleanly removed later
4240
&& savedAptMark="$(apt-mark showmanual)" \
4341
\
44-
# build .deb files from upstream's source packages (which are verified by apt-get)
42+
# build .deb files from upstream's packaging sources
4543
&& apt-get update \
46-
&& apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \
44+
&& apt-get install --no-install-recommends --no-install-suggests -y \
45+
curl \
46+
devscripts \
47+
equivs \
48+
git \
49+
libxml2-utils \
50+
lsb-release \
51+
xsltproc \
4752
&& ( \
4853
cd "$tempDir" \
49-
&& DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
50-
apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \
54+
&& REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \
55+
&& REVISION=${REVISION%~*} \
56+
&& curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
57+
&& PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \
58+
&& if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
59+
echo "pkg-oss tarball checksum verification succeeded!"; \
60+
else \
61+
echo "pkg-oss tarball checksum verification failed!"; \
62+
exit 1; \
63+
fi \
64+
&& tar xzvf ${REVISION}.tar.gz \
65+
&& cd pkg-oss-${REVISION} \
66+
&& cd debian \
67+
&& for target in module-perl; do \
68+
make rules-$target; \
69+
mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
70+
debuild-$target/nginx-$NGINX_VERSION/debian/control; \
71+
done \
72+
&& make module-perl \
5173
) \
5274
# we don't remove APT lists here because they get re-downloaded and removed later
5375
\

mainline/debian/Dockerfile

Lines changed: 30 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -57,24 +57,46 @@ RUN set -x \
5757
;; \
5858
*) \
5959
# we're on an architecture upstream doesn't officially build for
60-
# let's build binaries from the published source packages
61-
echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
62-
\
60+
# let's build binaries from the published packaging sources
6361
# new directory for storing sources and .deb files
64-
&& tempDir="$(mktemp -d)" \
62+
tempDir="$(mktemp -d)" \
6563
&& chmod 777 "$tempDir" \
6664
# (777 to ensure APT's "_apt" user can access it too)
6765
\
6866
# save list of currently-installed packages so build dependencies can be cleanly removed later
6967
&& savedAptMark="$(apt-mark showmanual)" \
7068
\
71-
# build .deb files from upstream's source packages (which are verified by apt-get)
69+
# build .deb files from upstream's packaging sources
7270
&& apt-get update \
73-
&& apt-get build-dep -y $nginxPackages \
71+
&& apt-get install --no-install-recommends --no-install-suggests -y \
72+
curl \
73+
devscripts \
74+
equivs \
75+
git \
76+
libxml2-utils \
77+
lsb-release \
78+
xsltproc \
7479
&& ( \
7580
cd "$tempDir" \
76-
&& DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
77-
apt-get source --compile $nginxPackages \
81+
&& REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \
82+
&& REVISION=${REVISION%~*} \
83+
&& curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
84+
&& PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \
85+
&& if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
86+
echo "pkg-oss tarball checksum verification succeeded!"; \
87+
else \
88+
echo "pkg-oss tarball checksum verification failed!"; \
89+
exit 1; \
90+
fi \
91+
&& tar xzvf ${REVISION}.tar.gz \
92+
&& cd pkg-oss-${REVISION} \
93+
&& cd debian \
94+
&& for target in base module-geoip module-image-filter module-njs module-xslt; do \
95+
make rules-$target; \
96+
mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
97+
debuild-$target/nginx-$NGINX_VERSION/debian/control; \
98+
done \
99+
&& make base module-geoip module-image-filter module-njs module-xslt \
78100
) \
79101
# we don't remove APT lists here because they get re-downloaded and removed later
80102
\

stable/debian-perl/Dockerfile

Lines changed: 30 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -30,24 +30,46 @@ RUN set -x; \
3030
;; \
3131
*) \
3232
# we're on an architecture upstream doesn't officially build for
33-
# let's build binaries from the published source packages
34-
echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
35-
\
33+
# let's build binaries from the published packaging sources
3634
# new directory for storing sources and .deb files
37-
&& tempDir="$(mktemp -d)" \
35+
tempDir="$(mktemp -d)" \
3836
&& chmod 777 "$tempDir" \
3937
# (777 to ensure APT's "_apt" user can access it too)
4038
\
4139
# save list of currently-installed packages so build dependencies can be cleanly removed later
4240
&& savedAptMark="$(apt-mark showmanual)" \
4341
\
44-
# build .deb files from upstream's source packages (which are verified by apt-get)
42+
# build .deb files from upstream's packaging sources
4543
&& apt-get update \
46-
&& apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \
44+
&& apt-get install --no-install-recommends --no-install-suggests -y \
45+
curl \
46+
devscripts \
47+
equivs \
48+
git \
49+
libxml2-utils \
50+
lsb-release \
51+
xsltproc \
4752
&& ( \
4853
cd "$tempDir" \
49-
&& DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
50-
apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \
54+
&& REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \
55+
&& REVISION=${REVISION%~*} \
56+
&& curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
57+
&& PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \
58+
&& if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
59+
echo "pkg-oss tarball checksum verification succeeded!"; \
60+
else \
61+
echo "pkg-oss tarball checksum verification failed!"; \
62+
exit 1; \
63+
fi \
64+
&& tar xzvf ${REVISION}.tar.gz \
65+
&& cd pkg-oss-${REVISION} \
66+
&& cd debian \
67+
&& for target in module-perl; do \
68+
make rules-$target; \
69+
mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
70+
debuild-$target/nginx-$NGINX_VERSION/debian/control; \
71+
done \
72+
&& make module-perl \
5173
) \
5274
# we don't remove APT lists here because they get re-downloaded and removed later
5375
\

stable/debian/Dockerfile

Lines changed: 30 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -57,24 +57,46 @@ RUN set -x \
5757
;; \
5858
*) \
5959
# we're on an architecture upstream doesn't officially build for
60-
# let's build binaries from the published source packages
61-
echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
62-
\
60+
# let's build binaries from the published packaging sources
6361
# new directory for storing sources and .deb files
64-
&& tempDir="$(mktemp -d)" \
62+
tempDir="$(mktemp -d)" \
6563
&& chmod 777 "$tempDir" \
6664
# (777 to ensure APT's "_apt" user can access it too)
6765
\
6866
# save list of currently-installed packages so build dependencies can be cleanly removed later
6967
&& savedAptMark="$(apt-mark showmanual)" \
7068
\
71-
# build .deb files from upstream's source packages (which are verified by apt-get)
69+
# build .deb files from upstream's packaging sources
7270
&& apt-get update \
73-
&& apt-get build-dep -y $nginxPackages \
71+
&& apt-get install --no-install-recommends --no-install-suggests -y \
72+
curl \
73+
devscripts \
74+
equivs \
75+
git \
76+
libxml2-utils \
77+
lsb-release \
78+
xsltproc \
7479
&& ( \
7580
cd "$tempDir" \
76-
&& DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
77-
apt-get source --compile $nginxPackages \
81+
&& REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \
82+
&& REVISION=${REVISION%~*} \
83+
&& curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
84+
&& PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \
85+
&& if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
86+
echo "pkg-oss tarball checksum verification succeeded!"; \
87+
else \
88+
echo "pkg-oss tarball checksum verification failed!"; \
89+
exit 1; \
90+
fi \
91+
&& tar xzvf ${REVISION}.tar.gz \
92+
&& cd pkg-oss-${REVISION} \
93+
&& cd debian \
94+
&& for target in base module-geoip module-image-filter module-njs module-xslt; do \
95+
make rules-$target; \
96+
mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
97+
debuild-$target/nginx-$NGINX_VERSION/debian/control; \
98+
done \
99+
&& make base module-geoip module-image-filter module-njs module-xslt \
78100
) \
79101
# we don't remove APT lists here because they get re-downloaded and removed later
80102
\

update.sh

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -158,17 +158,14 @@ get_buildtarget() {
158158
alpine-slim)
159159
echo base
160160
;;
161-
alpine-perl)
162-
echo module-perl
163-
;;
164161
alpine)
165162
echo module-geoip module-image-filter module-njs module-xslt
166163
;;
167164
debian)
168-
echo "\$nginxPackages"
165+
echo base module-geoip module-image-filter module-njs module-xslt
169166
;;
170-
debian-perl)
171-
echo "nginx-module-perl=\${NGINX_VERSION}-\${DYNPKG_RELEASE}"
167+
*-perl)
168+
echo module-perl
172169
;;
173170
esac
174171
}

0 commit comments

Comments
 (0)