cozy · sblaisot · Oct 16, 2023 · Oct 12, 2023 · Oct 13, 2023
@@ -3,3 +3,10 @@
 
 # These owners will be the default owners for everything in the repo.
 *       @cozy/back
+
+# Order is important; the last matching pattern takes the most
+# precedence. When someone opens a pull request that only
+# impact debian packaging files, only sblaisot and not the global
+# owner(s) will be requested for a review.
+debian/*               @sblaisot
+scripts/packaging/*    @sblaisot
@@ -2,16 +2,16 @@ name: Create releases
 on:
   push:
     tags:
-    - '*.*.*' # Matching a version number like 1.4.19
+      - "*.*.*" # Matching a version number like 1.4.19
 jobs:
   publish_on_release:
     runs-on: ubuntu-22.04
     steps:
       - name: Install Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.21.x'
-      - name: Check code
+          go-version: "1.21.x"
+      - name: Checkout code
         uses: actions/checkout@v4
       - name: Build the binaries
         run: |
@@ -31,3 +31,30 @@ jobs:
           password: ${{ secrets.DOCKERHUB_SECRET }}
       - name: Build and publish the cozy-app-dev image
         run: scripts/release.sh
+  build_deb_packages:
+    strategy:
+      matrix:
+        os: [debian-10, debian-11, debian-12, ubuntu-20.04, ubuntu-22.04]
+    runs-on: ${{ matrix.os }}
+    needs: publish_on_release
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.21.x"
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Install requirements
+        env:
+          SKIP_GO: "true"
+        run: |
+          scripts/packaging/installrequirements.sh
+      - name: Build package
+        run: |
+          scripts/packaging/buildpackage.sh
+      - name: Upload package to release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          tag_name="${GITHUB_REF##*/}"
+          gh release upload "$tag_name" packages/*.deb
@@ -3,7 +3,6 @@
 /.assets
 /.cozy
 /cozy-stack*
-/debian
 /debug-assets
 node_modules
 /scripts/cozy-stack*
@@ -14,3 +13,16 @@ tmp
 *.log
 *.enc
 *.dec
+
+# Debian packaging stuff / temporary files
+/.pc/
+/bin
+/packages
+/debian/changelog
+/debian/*.debhelper
+/debian/*.log
+/debian/*.substvars
+/debian/files
+/debian/cozy/
+/debian/cozy-stack/
+/debian/tmp/
@@ -0,0 +1 @@
+10
@@ -0,0 +1,24 @@
+Source: cozy-stack
+Section: devel
+Priority: extra
+Maintainer: Cozycloud Packaging Team <debian@cozycloud.cc>
+Build-Depends: debhelper (>= 9), dh-exec
+Standards-Version: 3.9.8
+Homepage: https://github.com/cozy/cozy-stack
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-go/packages/cozy-stack.git
+Vcs-Git: https://anonscm.debian.org/git/pkg-go/packages/cozy-stack.git
+XS-Go-Import-Path: github.com/cozy/cozy-stack
+
+Package: cozy-stack
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends},
+			adduser, members, curl, sed,
+			git, imagemagick, libprotobuf-c1, fonts-lato
+Recommends: couchdb (>= 2.3), nginx,
+			debootstrap, lsb-release,
+			mail-transport-agent, nodejs (>= 16)
+Description: Cozy: Simple, Versatile, Yours
+ Cozy (https://cozy.io) is a platform that brings all your web services
+ in the same private space.
+ .
+ This package installs the cozy stack.
@@ -0,0 +1,19 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: cozy-stack
+Source: https://github.com/cozy/cozy-stack
+
+Files: *
+Copyright: Copyright 2012, 2023 Cozy Cloud <contact@cozycloud.cc>
+License: AGPL-3.0-only
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU Affero General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  .
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU Affero General Public License for more details.
+  .
+  You should have received a copy of the GNU Affero General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
@@ -0,0 +1,56 @@
+#!/bin/sh
+set -e
+. /usr/share/debconf/confmodule
+
+# prompt for password + confirmation until we get matching entries
+# or an empty password
+promptpass() {
+	TARGET="${1}"
+	PRIORITY="${2:-high}"
+
+	while :; do
+		RET=""
+		db_input ${PRIORITY} ${TARGET} || true
+		db_go
+		db_get ${TARGET}
+		# if password isn't empty we ask for password verification
+		if [ -z "${RET}" ]; then
+			break
+		fi
+		PW="${RET}"
+		db_input ${PRIORITY} ${TARGET}_again || true
+		db_go
+		db_get ${TARGET}_again
+		if [ "${RET}" = "${PW}" ]; then
+			PW=""
+			break
+		fi
+		db_fset ${TARGET}_mismatch seen false
+		db_input critical ${TARGET}_mismatch
+		db_set ${TARGET} ""
+		db_set ${TARGET}_again ""
+		db_go
+	done
+}
+
+prompt() {
+	TARGET="${1}"
+	PRIORITY="${2:-high}"
+
+	db_input ${PRIORITY} ${TARGET} || true
+	db_go
+	db_get ${TARGET}
+}
+
+prompt cozy-stack/couchdb/address
+prompt cozy-stack/couchdb/nodename
+prompt cozy-stack/couchdb/admin/user
+promptpass cozy-stack/couchdb/admin/password
+prompt cozy-stack/couchdb/cozy/user
+promptpass cozy-stack/couchdb/cozy/password
+promptpass cozy-stack/cozy/password
+
+prompt cozy-stack/address low
+prompt cozy-stack/port low
+prompt cozy-stack/admin/address low
+prompt cozy-stack/admin/port low
@@ -0,0 +1,8 @@
+#!/usr/bin/dh-exec
+bin/cozy-stack usr/bin/
+scripts/konnector-node16-run.sh => usr/share/cozy/konnector-run.sh
+
+debian/cozy.yml etc/cozy/
+debian/cozy-stack.syslog => etc/rsyslog.d/cozy.conf
+debian/uninstall-onboarding.sh usr/share/cozy/
+debian/websocket.conf etc/nginx/conf.d/
@@ -0,0 +1,96 @@
+#!/bin/sh
+set -e
+. /usr/share/debconf/confmodule
+
+case $1 in
+configure)
+	db_get cozy-stack/couchdb/address && COUCH_ADDRESS="${RET}"
+	db_get cozy-stack/couchdb/cozy/user && COUCH_USER="${RET}"
+	db_get cozy-stack/couchdb/cozy/password && COUCH_PASS="${RET}"
+	db_get cozy-stack/address && ADDRESS="${RET}"
+	db_get cozy-stack/port && PORT="${RET}"
+	db_get cozy-stack/admin/address && ADMIN_ADDRESS="${RET}"
+	db_get cozy-stack/admin/port && ADMIN_PORT="${RET}"
+	COUCH_URL="http://${COUCH_USER}:${COUCH_PASS}@${COUCH_ADDRESS}/"
+
+	if [ -z "$2" ]; then
+		getent group cozy >/dev/null 2>&1 || \
+			addgroup --quiet --system cozy
+		getent passwd cozy-stack >/dev/null 2>&1 || \
+			adduser --quiet --system \
+			--home /var/lib/cozy --no-create-home \
+			--shell /usr/sbin/nologin --ingroup cozy cozy-stack
+
+		[ -d /var/log/cozy ] || \
+			install -o root -g cozy -m u=rwX,g=rwX,o= -d /var/log/cozy
+
+		db_get cozy-stack/couchdb/nodename && COUCH_NODE="${RET}"
+		db_get cozy-stack/couchdb/admin/user && COUCH_ADMIN_USER="${RET}"
+		db_get cozy-stack/couchdb/admin/password && COUCH_ADMIN_PASS="${RET}"
+		ENCODED_COUCH_ADMIN_USER=$(echo "${COUCH_ADMIN_USER}" | sed -e 's/:/%3A/g')
+		curl -fsX PUT -u "${ENCODED_COUCH_ADMIN_USER}:${COUCH_ADMIN_PASS}" "${COUCH_ADDRESS}/_node/${COUCH_NODE}/_config/admins/${COUCH_USER}" -d "\"${COUCH_PASS}\"" >/dev/null || \
+		(
+			echo "=====================" >&2
+			echo "Unable to create cozy user in couchdb" >&2
+			echo "Check that you provided the correct couchdb admin user, password and address" >&2
+			echo "You can try again by purging and reinstalling the cozy-stack package" >&2
+			echo "apt-get purge cozy-stack; apt-get install cozy-stack" >&2
+			echo "=====================" >&2
+		)
+
+		if [ ! -f /etc/cozy/cozy-admin-passphrase ]; then
+			db_get cozy-stack/cozy/password && COZY_PASS="${RET}"
+			COZY_ADMIN_PASSPHRASE="${COZY_PASS}" cozy-stack config passwd /etc/cozy/cozy-admin-passphrase
+			printf "%s" "${COZY_PASS}" > /etc/cozy/.cozy-admin-passphrase
+			chmod u=rw,og= /etc/cozy/.cozy-admin-passphrase
+		fi
+
+		chown cozy-stack: /etc/cozy/cozy.yml
+		chown cozy-stack: /etc/cozy/cozy-admin-passphrase
+		chown -R cozy-stack: /usr/share/cozy
+
+		install -o cozy-stack -g cozy -m u=rwX,g=rwX,o= -d /var/lib/cozy
+
+		[ -f /usr/sbin/rsyslogd ] && systemctl restart rsyslog
+		[ -f /usr/sbin/nginx ] && systemctl reload nginx
+	else
+		if [ ! -f /etc/cozy/.cozy-admin-passphrase ]; then
+			db_input critical cozy-stack/admin/passphrase
+			db_go
+			db_get cozy-stack/admin/passphrase && COZY_PASS="${RET}"
+			echo "${COZY_PASS}" > /etc/cozy/.cozy-admin-passphrase
+			chmod u=rw,og= /etc/cozy/.cozy-admin-passphrase
+		fi
+
+		if dpkg --compare-versions "${2}" lt 2:1.2.0-1; then
+			/usr/share/cozy/uninstall-onboarding.sh
+		fi
+	fi
+
+	if [ ! -f /etc/cozy/cozy.yml.local ]; then
+		cat > /etc/cozy/cozy.yml.local <<-EOF
+			host: ${ADDRESS}
+			port: ${PORT}
+
+			admin:
+			  host: ${ADMIN_ADDRESS}
+			  port: ${ADMIN_PORT}
+
+			couchdb:
+			  url: ${COUCH_URL}
+		EOF
+		chown cozy-stack: /etc/cozy/cozy.yml.local
+		chmod u=rw,og= /etc/cozy/cozy.yml.local
+	fi
+
+	if [ ! -f /etc/cozy/vault.enc ] || [ ! -f /etc/cozy/vault.dec ]; then
+		cozy-stack config gen-keys /etc/cozy/vault
+		chown cozy-stack: /etc/cozy/vault.enc /etc/cozy/vault.dec
+		chmod u=rw,og= /etc/cozy/vault.enc /etc/cozy/vault.dec
+	fi
+
+	systemctl restart cozy-stack
+;;
+esac
+
+#DEBHELPER#
@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+#DEBHELPER#
+
+case $1 in
+remove)
+	#rm -rf /var/lib/cozy
+	rm -f /etc/cozy/cozy-admin-passphrase
+
+	getent passwd cozy-stack 2>&1 >/dev/null && deluser --quiet cozy-stack
+	members cozy &>/dev/null || delgroup cozy
+;;
+esac
@@ -0,0 +1,15 @@
+[Unit]
+Description=Cozy service
+Wants=couchdb.service
+After=network.target couchdb.service
+
+[Service]
+User=cozy-stack
+Group=cozy
+WorkingDirectory=/var/lib/cozy/
+PermissionsStartOnly=true
+ExecStart=/usr/bin/cozy-stack serve
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,7 @@
+if $programname == 'cozy' then {
+	if $syslogseverity <= '6' then /var/log/cozy/stack.log
+	/var/log/cozy/stack.debug.log
+}
+if $programname == 'cozy-stack' then {
+	/var/log/cozy/stack.log
+}