Switch to using fpm for Debian package builds

- Simplify the structure of the directories since we map included files
  in the fpm invocation
- Remove the DEBIAN directories and move control file values to fpm
  parameters in per-package build scripts
- Add VERSION files to each build directory as a simple way to update
  the version number manually or with automation
- Separate each package build to its own stage in order to normalize
  them and be able to target them individually for release
- Simplify the structure within the build containers to cut down on
  noise in the Dockerfile and use simple, conventional paths
- Add aggregation stage for collecting all packages from /debs/out

apache/Dockerfile

@@ -43,26 +43,42 @@ RUN meson configure -Dtests=true -Dintegration-tests=true && meson compile
 CMD ["meson", "test", "-v"]
 
 ###
-FROM build-base AS packages
+FROM ruby:3.2.4 AS package-base
 
-COPY ./apache/debpkgs /lauth/apache/debpkgs
-WORKDIR /lauth/apache/debpkgs
+RUN apt update && apt install -y --no-install-recommends binutils
+RUN gem install fpm
+RUN mkdir -p /debs/out
+WORKDIR /debs
 
-# http-check
-COPY --from=module /lauth/apache/build/http-check /lauth/apache/debpkgs/http-check/usr/bin/
-RUN ./package http-check
+### http-check .deb
+FROM package-base AS http-check
+COPY ./apache/debpkgs/http-check .
 
-# mod-authn-remoteuser
-COPY --from=module /usr/lib/apache2/modules/mod_authn_remoteuser.so /lauth/apache/debpkgs/mod-authn-remoteuser/usr/lib/apache2/modules/
-RUN ./package mod-authn-remoteuser
+COPY --from=module /lauth/apache/build/http-check .
+RUN ./build && mv *.deb *.changes out/
 
-# mod-lauth
-COPY --from=module /usr/local/ /lauth/apache/debpkgs/mod-lauth/usr/
-COPY --from=module /usr/lib/apache2/modules/mod_lauth.so /lauth/apache/debpkgs/mod-lauth/usr/lib/apache2/modules/
-RUN ./package mod-lauth
+### mod-authn-remoteuser .deb
+FROM package-base AS mod-authn-remoteuser
+COPY ./apache/debpkgs/mod-authn-remoteuser .
 
-# Docker Compose Volume Mapping Directory
-COPY ./apache/packages /lauth/apache/packages
+COPY --from=module /usr/lib/apache2/modules/mod_authn_remoteuser.so .
+RUN ./build && mv *.deb *.changes out/
+
+### mod-lauth .deb
+FROM package-base AS mod-lauth
+COPY ./apache/debpkgs/mod-lauth .
+
+COPY --from=module /usr/lib/apache2/modules/mod_lauth.so .
+RUN ./build && cp *.deb *.changes out/
+
+###
+FROM package-base AS packages
+WORKDIR /debs/out
+
+COPY --from=http-check /debs/out/* .
+COPY --from=mod-authn-remoteuser /debs/out/* .
+COPY --from=mod-lauth /debs/out/* .
+CMD ["ls", "-la"]
 
 ##
 FROM debian:bullseye-slim AS server
@@ -75,7 +91,7 @@ RUN apt update; \
 RUN a2enmod authz_groupfile cgid headers proxy proxy_http remoteip rewrite
 
 # install debian packages: http-check, mod-authn-remoteuser, mod-lauth
-COPY --from=packages /lauth/apache/debpkgs/*.deb /tmp
+COPY --from=packages /debs/out/*.deb /tmp
 RUN dpkg -i /tmp/*.deb
 RUN rm -f /tmp/*.deb
 

apache/debpkgs/http-check/VERSION

@@ -0,0 +1 @@
+0.0.1

apache/debpkgs/http-check/build

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+if [ ! -f "VERSION" ]; then
+  echo "VERSION file is missing!"
+  exit -1
+fi
+
+fpm --input-type dir \
+  --output-type deb \
+  --architecture native \
+  --deb-generate-changes \
+  \
+  --name http-check \
+  --version "$(<VERSION)" \
+  --url 'https://github.com/mlibrary/lauth' \
+  --maintainer 'University of Michigan Library Information Technology' \
+  --description 'Health Check for Apache2' \
+  http-check=/usr/bin/http-check

apache/debpkgs/mod-authn-remoteuser/VERSION

@@ -0,0 +1 @@
+0.0.1

apache/debpkgs/mod-authn-remoteuser/build

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+if [ ! -f "VERSION" ]; then
+  echo "VERSION file is missing!"
+  exit -1
+fi
+
+fpm --input-type dir \
+  --output-type deb \
+  --architecture native \
+  --deb-generate-changes \
+  \
+  --name libapache2-mod-authn-remoteuser \
+  --version "$(<VERSION)" \
+  --depends apache2 \
+  --url 'https://github.com/mlibrary/lauth' \
+  --maintainer 'University of Michigan Library Information Technology' \
+  --description 'Fake Remote User Authentication Module for Apache2' \
+  conf=/etc/apache2/mods-available \
+  mod_authn_remoteuser.so=/usr/lib/apache2/modules/mod_authn_remoteuser.so

apache/debpkgs/mod-authn-remoteuser/etc/apache2/mods-available/authn_remoteuser.load → apache/debpkgs/mod-authn-remoteuser/conf/authn_remoteuser.load

@@ -1,2 +1 @@
-# Depends:
 LoadModule authn_remoteuser_module /usr/lib/apache2/modules/mod_authn_remoteuser.so

apache/debpkgs/mod-lauth/VERSION

@@ -0,0 +1 @@
+0.0.8

apache/debpkgs/mod-lauth/build

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+if [ ! -f "VERSION" ]; then
+  echo "VERSION file is missing!"
+  exit -1
+fi
+
+fpm --input-type dir \
+  --output-type deb \
+  --architecture native \
+  --deb-generate-changes \
+  \
+  --name libapache2-mod-lauth \
+  --version "$(<VERSION)" \
+  --depends apache2 \
+  --depends libstdc++6 \
+  --depends libssl3 \
+  --after-install postinst \
+  --url 'https://github.com/mlibrary/lauth' \
+  --maintainer 'University of Michigan Library Information Technology' \
+  --description 'Library Authentication/Authorization Module for Apache2' \
+  conf=/etc/apache2/mods-available \
+  mod_lauth.so=/usr/lib/apache2/modules/mod_lauth.so

apache/debpkgs/mod-lauth/etc/apache2/mods-available/lauth.load → apache/debpkgs/mod-lauth/conf/lauth.load

@@ -1,2 +1 @@
-# Depends:
 LoadModule lauth_module /usr/lib/apache2/modules/mod_lauth.so

docker-compose.yml

@@ -119,7 +119,7 @@ services:
     restart: "no"
     volumes:
       - ./apache/packages:/lauth/apache/packages
-    command: ["sh", "-c", "cp *.deb /lauth/apache/packages"]
+    command: ["sh", "-c", "cp *.deb *.changes /lauth/apache/packages"]
 
   mock-api:
     profiles: [ "test", "integration" ]