From 7ae7869aac29efd29b2e91916d3a528fb78211d4 Mon Sep 17 00:00:00 2001 From: Miguel Jacq Date: Mon, 15 Dec 2025 12:42:37 +1100 Subject: [PATCH 1/2] reprepro to build in the common 'repo' git repo now that we have enroll --- repo/conf/distributions | 35 ----------------------------------- repo/conf/qubes-gpg-sign | 39 --------------------------------------- scripts/publish.sh | 2 +- 3 files changed, 1 insertion(+), 75 deletions(-) delete mode 100644 repo/conf/distributions delete mode 100755 repo/conf/qubes-gpg-sign diff --git a/repo/conf/distributions b/repo/conf/distributions deleted file mode 100644 index 5f2132b..0000000 --- a/repo/conf/distributions +++ /dev/null @@ -1,35 +0,0 @@ -Origin: mig5 -Label: php-sqlcipher -Suite: stable -Codename: trixie -Architectures: amd64 -Components: main -Description: mig5 SQLCipher for PHP packages for Debian 13 (trixie) -SignWith: !qubes-gpg-sign - -Origin: mig5 -Label: php-sqlcipher -Suite: stable -Codename: bookworm -Architectures: amd64 -Components: main -Description: mig5 SQLCipher for PHP packages for Debian 12 (bookworm) -SignWith: !qubes-gpg-sign - -Origin: mig5 -Label: php-sqlcipher -Suite: stable -Codename: noble -Architectures: amd64 -Components: main -Description: mig5 SQLCipher for PHP packages for Ubuntu 24.04 (noble) -SignWith: !qubes-gpg-sign - -Origin: mig5 -Label: php-sqlcipher -Suite: stable -Codename: jammy -Architectures: amd64 -Components: main -Description: mig5 SQLCipher for PHP packages for Ubuntu 22.04 (jammy) -SignWith: !qubes-gpg-sign diff --git a/repo/conf/qubes-gpg-sign b/repo/conf/qubes-gpg-sign deleted file mode 100755 index e448c59..0000000 --- a/repo/conf/qubes-gpg-sign +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh -set -eu - -release="$1" # file to sign (exists in the repo VM) -inrel="${2:-}" # path for InRelease.new (may be empty) -relgpg="${3:-}" # path for Release.gpg.new (may be empty) - -export QUBES_GPG_DOMAIN="${QUBES_GPG_DOMAIN:-vault}" - -WRAP="${WRAP:-/usr/bin/qubes-gpg-client-wrapper}" -KEY="${REPO_SIGN_KEY:-00AE817C24A10C2540461A9C1D7CDE0234DB458D}" - -gpgcmd() { - if [ -n "$KEY" ]; then - "$WRAP" --batch --no-tty -u "$KEY" "$@" - else - "$WRAP" --batch --no-tty "$@" - fi -} - -mkout() { # write stdout to a tmp next to dst, then mv - dst="$1"; dir="$(dirname "$dst")" - tmp="$(mktemp "$dir/.reprepro.XXXXXX")" - cat >"$tmp" - mv -f "$tmp" "$dst" -} - -[ -r "$release" ] || { echo "error: $release not readable" >&2; exit 1; } -umask 022 - -# InRelease (clearsigned) -if [ -n "$inrel" ]; then - gpgcmd --clearsign <"$release" | mkout "$inrel" -fi - -# Release.gpg (detached, armored) -if [ -n "$relgpg" ]; then - gpgcmd --armor --detach-sign <"$release" | mkout "$relgpg" -fi diff --git a/scripts/publish.sh b/scripts/publish.sh index 8abe8e3..ad2c4b1 100755 --- a/scripts/publish.sh +++ b/scripts/publish.sh @@ -8,6 +8,6 @@ for CODENAME in trixie bookworm noble jammy; do # feed all .deb for that codename into the repo if compgen -G "${OUT_DIR}/${CODENAME}/php*/*.deb" >/dev/null 2>&1; then find "${OUT_DIR}/${CODENAME}" -name '*.deb' -print0 \ - | xargs -0 -n1 reprepro -b repo includedeb "$CODENAME" + | xargs -0 -n1 reprepro -b /home/user/git/repo includedeb "$CODENAME" fi done From 7f9370df91433ce5ad22fdf0759a802e20a49be0 Mon Sep 17 00:00:00 2001 From: Miguel Jacq Date: Mon, 15 Dec 2025 13:35:45 +1100 Subject: [PATCH 2/2] Updates to packaging/README to reflect centralised repo repo --- README.md | 60 ++----------------------------------------------------- 1 file changed, 2 insertions(+), 58 deletions(-) diff --git a/README.md b/README.md index 9b6db59..041fad8 100644 --- a/README.md +++ b/README.md @@ -39,72 +39,16 @@ I publish the packages I built, in my own apt repository, using the process desc However, you have no reason to trust me and my apt repository. This git repo exists so that you can build the packages yourself instead. See Option 2 for that. -### 1) Add the GPG key (signed-by) - ```bash sudo mkdir -p /usr/share/keyrings curl -fsSL https://mig5.net/static/mig5.asc | sudo gpg --dearmor -o /usr/share/keyrings/mig5.gpg -``` - -My GPG fingerprint is `00AE817C24A10C2540461A9C1D7CDE0234DB458D`. You can also fetch it from https://keys.openpgp.org or search the fingerprint online to confirm it. - -### 2) Add the APT source - -**Debian 12 (bookworm):** - -```bash -echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net bookworm main" | sudo tee /etc/apt/sources.list.d/mig5.list -``` - -**Debian 13 (trixie):** - -```bash -echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net trixie main" | sudo tee /etc/apt/sources.list.d/mig5.list -``` - -**Ubuntu 22.04 (jammy):** - -```bash -echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net jammy main" | sudo tee /etc/apt/sources.list.d/mig5.list -``` - -**Ubuntu 24.04 (noble):** - -```bash -echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net noble main" | sudo tee /etc/apt/sources.list.d/mig5.list -``` - -### 3) Update & install - -```bash +echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mig5.list sudo apt update -# (example: PHP 8.2) -sudo apt install php8.2-sqlcipher +sudo apt install php8.2-sqlcipher # or php8.0-sqlcipher, php7.4-sqlcipher, etc ``` > Remember: These packages are built to **replace** `phpX.Y-sqlite3` with a SQLCipher-linked build. -### 4) (Recommended) Pin to prefer this repo for sqlcipher packages - -Create `/etc/apt/preferences.d/mig5.pref`: - -```ini -Package: php*-sqlcipher -Pin: release o=mig5, l=php-sqlcipher, n=bookworm # adjust to your distro -Pin-Priority: 990 -``` - -Then: - -```bash -sudo apt update -apt-cache policy php8.2-sqlcipher -``` - -You should see this repo as the selected candidate. - ---- - ## Option 2: Building your own .debs If you’d rather build locally, execute `scripts/package.sh` which in turn executes the Docker build process for each distro and PHP version.