diff options
| author | Linus Färnstrand <linus@mullvad.net> | 2025-05-16 09:25:55 +0200 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2025-05-16 11:55:31 +0200 |
| commit | f8ba9d03022f67f1c353ba865f2d6b1b552e3b2a (patch) | |
| tree | 5fbf4376e87c8346847da3a5ce4ba4cedb1f8968 | |
| parent | 11392995db7a3acabcf5b0293264f8f9d0ba4da9 (diff) | |
| download | mullvadvpn-f8ba9d03022f67f1c353ba865f2d6b1b552e3b2a.tar.xz mullvadvpn-f8ba9d03022f67f1c353ba865f2d6b1b552e3b2a.zip | |
Add release channel name as extra deb repo codename
Allows specifying a static codename. Allows users on non Debian/Ubuntu
distros to successfully use the repositories even though their
lsb_release command does not print a supported codename.
We are transitioning towards only having the "stable" and "beta" code
names
| -rw-r--r-- | CHANGELOG.md | 6 | ||||
| -rw-r--r-- | ci/linux-repository-builder/build-linux-repositories-config.sh | 3 | ||||
| -rwxr-xr-x | ci/linux-repository-builder/build-linux-repositories.sh | 4 | ||||
| -rwxr-xr-x | ci/linux-repository-builder/prepare-apt-repository.sh | 14 | ||||
| -rwxr-xr-x | desktop/scripts/release/print-package-versions | 2 |
5 files changed, 23 insertions, 6 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index b242dee159..f5d4bd63e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,12 @@ Line wrap the file at 100 chars. Th * **Security**: in case of vulnerabilities. ## [Unreleased] +### Added +#### Linux +- The deb package repositores now have static codenames on top of the existing distro version + specific codenames. The stable repository always have the "stable" codename, + and the beta repository has the "beta" codename. + ### Changed - Replace Classic McEliece with HQC as one of the post-quantum safe key exchange mechanisms used for the quantum-resistant tunnels. The main benefits here are that HQC diff --git a/ci/linux-repository-builder/build-linux-repositories-config.sh b/ci/linux-repository-builder/build-linux-repositories-config.sh index 8559b2833b..e1a096d4e8 100644 --- a/ci/linux-repository-builder/build-linux-repositories-config.sh +++ b/ci/linux-repository-builder/build-linux-repositories-config.sh @@ -7,6 +7,9 @@ export CODE_SIGNING_KEY_FINGERPRINT="A1198702FC3E0A09A9AE5B75D5A1D4F266DE8DDF" # Debian codenames we support. +# On top of these we also add the name of the repository as a codename as +# well. Meaning the `stable` repository will also have a `stable` codename, +# and `beta` will have `beta` as a codename. SUPPORTED_DEB_CODENAMES=("sid" "testing" "trixie" "bookworm" "bullseye") # Ubuntu codenames we support. Latest two LTS. But when adding a new # don't immediately remove the oldest one. Allow for some transition period diff --git a/ci/linux-repository-builder/build-linux-repositories.sh b/ci/linux-repository-builder/build-linux-repositories.sh index 2fe9ad5c10..a2fbf91f72 100755 --- a/ci/linux-repository-builder/build-linux-repositories.sh +++ b/ci/linux-repository-builder/build-linux-repositories.sh @@ -159,6 +159,8 @@ repositories_were_updated="false" for repository in "${REPOSITORIES[@]}"; do deb_remote_repo_dir="deb/$repository" rpm_remote_repo_dir="rpm/$repository" + # Stable or beta + release_channel="$repository" repository_inbox_dir="$inbox_dir/$repository" if ! process_inbox "$repository_inbox_dir"; then @@ -179,7 +181,7 @@ for repository in "${REPOSITORIES[@]}"; do deb_repo_dir="$repository_inbox_dir/repos/deb" rm -rf "$deb_repo_dir" && mkdir -p "$deb_repo_dir" || exit 1 - "$SCRIPT_DIR/prepare-apt-repository.sh" "$deb_repo_dir" "${artifact_dirs[@]}" + "$SCRIPT_DIR/prepare-apt-repository.sh" "$release_channel" "$deb_repo_dir" "${artifact_dirs[@]}" # Generate rpm repository from all the .latest artifacts diff --git a/ci/linux-repository-builder/prepare-apt-repository.sh b/ci/linux-repository-builder/prepare-apt-repository.sh index 18a2d5bdf9..cefb136628 100755 --- a/ci/linux-repository-builder/prepare-apt-repository.sh +++ b/ci/linux-repository-builder/prepare-apt-repository.sh @@ -5,7 +5,7 @@ set -eu shopt -s nullglob function usage() { - echo "Usage: $0 <repository dir> <artifact dirs...>" + echo "Usage: $0 <release channel> <repository dir> <artifact dirs...>" echo echo "Will create a deb repository in <repository dir> and add all .deb files from all <artifact dirs>" echo @@ -23,11 +23,12 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" # shellcheck source=ci/linux-repository-builder/build-linux-repositories-config.sh source "$SCRIPT_DIR/build-linux-repositories-config.sh" -repo_dir=${1:?"Specify the output repository directory as the first argument"} +release_channel=${1:?"Specify the release channel as the first argument"} +repo_dir=${2:?"Specify the output repository directory as the first argument"} artifact_dirs=() -while [ "$#" -gt 1 ]; do - artifact_dirs+=("$2") +while [ "$#" -gt 2 ]; do + artifact_dirs+=("$3") shift done @@ -50,6 +51,10 @@ SignWith: $CODE_SIGNING_KEY_FINGERPRINT" function generate_deb_distributions_content { local distributions="" + # Also add a codename matching the release channel. We are transitioning + # away from distro code names and instead aim to only have the "stable" and "beta" + # code names. + distributions+=$(generate_repository_configuration "$release_channel")$'\n'$'\n' for codename in "${SUPPORTED_DEB_CODENAMES[@]}"; do distributions+=$(generate_repository_configuration "$codename")$'\n'$'\n' distributions+=$(generate_repository_configuration "$codename"-testing)$'\n'$'\n' @@ -73,6 +78,7 @@ echo "" for artifact_dir in "${artifact_dirs[@]}"; do for deb_path in "$artifact_dir"/*.deb; do + add_deb_to_repo "$deb_path" "$release_channel" for codename in "${SUPPORTED_DEB_CODENAMES[@]}"; do add_deb_to_repo "$deb_path" "$codename" echo "" diff --git a/desktop/scripts/release/print-package-versions b/desktop/scripts/release/print-package-versions index e5b39fbdcc..ee9c8b1f7e 100755 --- a/desktop/scripts/release/print-package-versions +++ b/desktop/scripts/release/print-package-versions @@ -76,7 +76,7 @@ if [[ $deb == "true" ]]; then \"apt update $silent_stderr $silent_stdout; \ apt install -y curl $silent_stderr $silent_stdout; \ curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc $repository_server_public_url/deb/mullvad-keyring.asc; \ - echo \\\"deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=amd64] $repository_server_public_url/deb/$release_channel bookworm main\\\" > /etc/apt/sources.list.d/mullvad.list; \ + echo \\\"deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=amd64] $repository_server_public_url/deb/$release_channel $release_channel main\\\" > /etc/apt/sources.list.d/mullvad.list; \ apt update $silent_stderr $silent_stdout; \ apt list mullvad-* $silent_stderr | grep 'amd64'\" $silent_stderr" fi |