#!/bin/bash function get_arch() { local architecture if uname -m | grep -q "arm64" || uname -m | grep -q "aarch64"; then architecture="arm64" elif uname -m | grep -q "64"; then architecture="amd64" elif uname -m | grep -q "86"; then architecture="i386" elif uname -m | grep -q "arm"; then architecture="armhf" else architecture="unknown" fi echo $architecture } function rotate_image() { local instance_to_publish=$1 local alias_image=$2 # Save the finger print to delete the old image later local finger_print_to_delete=$(lxc image info "$alias_image" | grep Fingerprint | awk '{print $2}') local should_restart=0 # If the container is running, stop it if [ "$(lxc info $instance_to_publish | grep Status | awk '{print tolower($2)}')" = "running" ] then should_restart=1 lxc stop "$instance_to_publish" fi # Create image before install lxc publish "$instance_to_publish" --alias "$alias_image" --public "${@:3}" # Remove old image lxc image delete "$finger_print_to_delete" if [ $should_restart = 1 ] then lxc start "$instance_to_publish" sleep 5 fi } function rebuild_base_lxc() { local YNH_BRANCH=${1:-stable} local DIST=${2:-bullseye} local ARCH=${3:-amd64} local img_name=$YNH_BRANCH-$DIST-$ARCH set -x lxc info $img_name >/dev/null && lxc delete $img_name --force if [ $(get_arch) = $ARCH ]; then lxc launch images:debian/$DIST/$ARCH $img_name -c security.privileged=true -c security.nesting=true else lxc image info $img_name >/dev/null && lxc image delete $img_name tmp_dir=$(mktemp -d) pushd $tmp_dir lxc image export images:debian/$DIST/$ARCH tar xJf lxd.tar.xz local current_arch=$(get_arch) sed -i "0,/architecture: $ARCH/s//architecture: $current_arch/" metadata.yaml tar cJf lxd.tar.xz metadata.yaml templates lxc image import lxd.tar.xz rootfs.squashfs --alias $img_name popd rm -rf "$tmp_dir" lxc launch $img_name $img_name -c security.privileged=true -c security.nesting=true fi sleep 5 IN_LXC="lxc exec $img_name --" local INSTALL_SCRIPT="https://install.yunohost.org/$DIST" $IN_LXC apt install curl -y $IN_LXC /bin/bash -c "echo exit 101 > /usr/sbin/policy-rc.d" $IN_LXC /bin/bash -c "chmod +x /usr/sbin/policy-rc.d" $IN_LXC /bin/bash -c "curl $INSTALL_SCRIPT | bash -s -- -a -d $YNH_BRANCH" $IN_LXC /bin/bash -c "rm /usr/sbin/policy-rc.d" $IN_LXC systemctl -q disable apt-daily.timer $IN_LXC systemctl -q disable apt-daily-upgrade.timer $IN_LXC systemctl -q disable apt-daily.service $IN_LXC systemctl -q disable apt-daily-upgrade.service $IN_LXC rm -f /etc/cron.daily/apt-compat $IN_LXC cp /bin/true /usr/lib/apt/apt.systemd.daily # Disable services that are useless in the vast majority of cases to try to improve perfs $IN_LXC systemctl -q disable rspamd $IN_LXC systemctl -q disable dovecot $IN_LXC systemctl -q disable postsrsd $IN_LXC systemctl -q disable metronome $IN_LXC systemctl -q disable yunohost-api $IN_LXC sed -i 's/worker_processes.*;/worker_processes 4;/g' /etc/nginx/nginx.conf $IN_LXC /bin/bash -c "reboot 0" sleep 5 # Publish ynh-dev image local LXC_BASE="ynh-dev-$DIST-$ARCH-$YNH_BRANCH-base" rotate_image $img_name $LXC_BASE "os=YunoHost" "ynh-release=$YNH_BRANCH" "stage=ynh-dev" "release=${DIST^}" "architecture=$ARCH" "description=YunoHost $DIST $YNH_BRANCH ynh-dev $ARCH ($(date '+%Y%m%d'))" local YUNO_PWD="SomeSuperStrongPassword" local DOMAIN="domain.tld" local SUBDOMAIN="sub.$DOMAIN" local TEST_USER="package_checker" local TEST_USER_DISPLAY=${TEST_USER//"_"/""} # Disable password strength check $IN_LXC yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD --username $TEST_USER --fullname "$TEST_USER_DISPLAY" echo 'admin_strength: -1' >> /etc/yunohost/settings.yml echo 'user_strength: -1' >> /etc/yunohost/settings.yml $IN_LXC yunohost domain add $SUBDOMAIN $IN_LXC "yunohost --version" LXC_BASE="ynh-appci-$DIST-$ARCH-$YNH_BRANCH-base" lxc stop $img_name rotate_image $img_name $LXC_BASE "os=YunoHost" "ynh-release=$YNH_BRANCH" "stage=ynh-appci" "release=${DIST^}" "architecture=$ARCH" "description=YunoHost $DIST $YNH_BRANCH ynh-appci $ARCH ($(date '+%Y%m%d'))" lxc delete $img_name set +x } function from_stable_to_another_version() { local YNH_BRANCH=${1:-testing} local DIST=${2:-bullseye} local ARCH=${3:-amd64} local OLD_LXC_BASE="ynh-dev-$DIST-$ARCH-stable-base" local NEW_LXC_BASE="ynh-dev-$DIST-$ARCH-$YNH_BRANCH-base" local CUSTOMAPT=/etc/apt/sources.list.d/yunohost.list if [[ "$YNH_BRANCH" == "testing" ]] ; then CHANNELS="testing" elif [[ "$YNH_BRANCH" == "unstable" ]] ; then CHANNELS="testing unstable" fi local CUSTOMDEB="deb [signed-by=/usr/share/keyrings/yunohost-archive-keyring.gpg] http://forge.yunohost.org/debian/ $DIST stable $CHANNELS" #curl --fail --silent https://forge.yunohost.org/yunohost_bullseye.asc | gpg --dearmor > /usr/share/keyrings/yunohost-archive-keyring.gpg set -x IN_LXC="lxc exec $NEW_LXC_BASE --" lxc launch $OLD_LXC_BASE $NEW_LXC_BASE -c security.privileged=true -c security.nesting=true sleep 5 $IN_LXC /bin/bash -c "echo '$CUSTOMDEB' > $CUSTOMAPT" $IN_LXC /bin/bash -c "apt-get update" $IN_LXC /bin/bash -c "apt-get dist-upgrade -y" lxc stop $NEW_LXC_BASE rotate_image $NEW_LXC_BASE $NEW_LXC_BASE "os=YunoHost" "ynh-release=$YNH_BRANCH" "stage=ynh-dev" "release=${DIST^}" "architecture=$ARCH" "description=YunoHost $DIST $YNH_BRANCH ynh-dev $ARCH ($(date '+%Y%m%d'))" lxc delete $NEW_LXC_BASE OLD_LXC_BASE="ynh-appci-$DIST-$ARCH-stable-base" NEW_LXC_BASE="ynh-appci-$DIST-$ARCH-$YNH_BRANCH-base" IN_LXC="lxc exec $NEW_LXC_BASE --" lxc launch $OLD_LXC_BASE $NEW_LXC_BASE -c security.privileged=true -c security.nesting=true sleep 5 $IN_LXC /bin/bash -c "echo '$CUSTOMDEB' > $CUSTOMAPT" $IN_LXC /bin/bash -c "apt-get update" $IN_LXC /bin/bash -c "apt-get dist-upgrade -y" lxc stop $NEW_LXC_BASE rotate_image $NEW_LXC_BASE $NEW_LXC_BASE "os=YunoHost" "ynh-release=$YNH_BRANCH" "stage=ynh-appci" "release=${DIST^}" "architecture=$ARCH" "description=YunoHost $DIST $YNH_BRANCH ynh-appci $ARCH ($(date '+%Y%m%d'))" lxc delete $NEW_LXC_BASE set +x } for DIST in "bullseye" # Add new debian version here do for ARCH in "$(get_arch)" do rebuild_base_lxc "stable" $DIST $ARCH for YNH_BRANCH in "testing" "unstable" do from_stable_to_another_version $YNH_BRANCH $DIST $ARCH done done done