Awesome
debrebuild
usage: debrebuild.py [-h] [--output OUTPUT] [--builder BUILDER] [--query-url QUERY_URL] [--snapshot-mirror SNAPSHOT_MIRROR]
[--metasnap-url METASNAP_URL] [--use-metasnap] [--extra-repository-file EXTRA_REPOSITORY_FILE]
[--extra-repository-key EXTRA_REPOSITORY_KEY] [--gpg-sign-keyid GPG_SIGN_KEYID] [--gpg-verify]
[--gpg-verify-key GPG_VERIFY_KEY] [--proxy PROXY] [--verbose] [--debug]
buildinfo
Given a buildinfo file from a Debian package, generate instructions for attempting to reproduce the binary packages built from the
associated source and build information.
positional arguments:
buildinfo Input buildinfo file. Local or remote file.
optional arguments:
-h, --help show this help message and exit
--output OUTPUT Directory for the build artifacts
--builder BUILDER Which building software should be used. (default: none)
--query-url QUERY_URL
API url for querying package and binary information (default: http://snapshot.notset.fr).
--snapshot-mirror SNAPSHOT_MIRROR
Snapshot mirror to use (default: http://snapshot.notset.fr)
--metasnap-url METASNAP_URL
Metasnap service url (default: http://snapshot.notset.fr).
--use-metasnap Service to query the minimal set of timestamps containing all package versions referenced in a buildinfo file.
--extra-repository-file EXTRA_REPOSITORY_FILE
Add repository file content to the list of apt sources during the package build.
--extra-repository-key EXTRA_REPOSITORY_KEY
Add key file (.asc) to the list of trusted keys during the package build.
--gpg-sign-keyid GPG_SIGN_KEYID
GPG keyid to use for signing in-toto metadata.
--gpg-verify Verify buildinfo GPG signature.
--gpg-verify-key GPG_VERIFY_KEY
GPG key to use for buildinfo GPG check.
--proxy PROXY Proxy address to use.
--verbose Display logger info messages.
--debug Display logger debug messages.
debrebuild
can parse buildinfo file having GPG signature and verify its signature with provided key file.
Highly inspired from original Debian tool debrebuild
https://salsa.debian.org/debian/devscripts and newer features from https://salsa.debian.org/josch/devscripts/-/commits/debrebuild and https://salsa.debian.org/fepitre/devscripts/-/commits/debrebuild.
INSTALLATION
Currently debrebuild
works under bullseye
or sid
. You can install the dependencies by using as root
:
$ apt install -y mmdebstrap in-toto python3-requests python3-apt python3-debian python3-dateutil python3-rstr debian-keyring debian-archive-keyring debian-ports-archive-keyring
It requires notably mmdebstrap >= 0.7.5
and python3-debian >= 0.1.40
. The latter is still not available in bullseye
.
Until it would be available, you may use PyPi
repository (ensure to have python3-pip
installed for pip3
command).
For system-wide installation use the following command as root
:
$ pip3 install 'python-debian>=0.1.40'
You may skip python3-debian
installation in the apt
command in order to not have multiple python-debian
versions
installed.
EXAMPLES
$ ./debrebuild.py --output=./artifacts --builder=mmdebstrap tests/data/gzip_1.10-2_all-amd64-source.buildinfo
BUILDERS
debrebuild
can use different backends to perform the actual package rebuild.
The desired backend is chosen using the --builder option. The default is
none
.
none Dry-run mode. No build is performed.
mmdebstrap Use mmdebstrap to build the package. This requires no
setup and no superuser privileges.