diff --git a/.github/actions/package/action.yml b/.github/actions/package/action.yml index b5831ab..f27cf2a 100644 --- a/.github/actions/package/action.yml +++ b/.github/actions/package/action.yml @@ -29,6 +29,7 @@ runs: env: GPG_PRIVATE_KEY: ${{ inputs.private_key }} GPG_PASSPHRASE: ${{ inputs.passphrase }} + MAKE_DEB: 1 run: bash ./package/docker-package.sh --sign - name: List build artifacts @@ -59,3 +60,11 @@ runs: build/release/helium-${{ steps.version.outputs.version }}-${{ env.ARCH }}_linux.tar.xz.asc if-no-files-found: error compression-level: 0 + + - name: Upload .deb artifact + uses: actions/upload-artifact@v4 + with: + name: helium-${{ steps.version.outputs.version }}-${{ env.ARCH }}-deb + path: build/release/helium-bin_${{ steps.version.outputs.version }}-1_*.deb + if-no-files-found: error + compression-level: 0 diff --git a/.github/actions/release/action.yml b/.github/actions/release/action.yml index 658e052..cb5b5ea 100644 --- a/.github/actions/release/action.yml +++ b/.github/actions/release/action.yml @@ -25,6 +25,13 @@ runs: path: ./release/ merge-multiple: true + - name: Download .deb artifacts + uses: actions/download-artifact@v4 + with: + pattern: helium-*-deb + path: ./release/ + merge-multiple: true + - name: List release files shell: bash run: ls -la release/ @@ -63,3 +70,4 @@ runs: release/helium-*.AppImage release/helium-*.AppImage.zsync release/helium-*_linux.tar.xz* + release/helium-bin_*.deb diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1291779..cfeb1bf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: Build Linux AppImage for Helium +name: Build Linux release on: workflow_dispatch: inputs: diff --git a/README.md b/README.md index d988aa7..92bd272 100644 --- a/README.md +++ b/README.md @@ -30,9 +30,9 @@ The `scripts/docker-build.sh` script will: Running `scripts/build.sh` directly will not work unless you're running a Debian-based distro and have all necessary dependencies installed. This repo is designed to avoid having to configure the building environment on your Linux installation. ### Packaging -After building, run `scripts/package.sh`. Alternatively, you can run `package/docker-package.sh` to build inside a Docker image. If you would like to sign the resulting AppImage, you can pass the `--sign` argument. +After building, run `scripts/package.sh`. Alternatively, you can run `package/docker-package.sh` to build inside a Docker image. Either of these scripts will create `tar.xz` and `AppImage` files under `build/`. -Either of these scripts will create `tar.xz` and `AppImage` files under `build/`. +If you would like to also generate a .deb file, you can set `MAKE_DEB=1` when running the release script. ### Development By default, the build script uses tarball. If you need to use a source tree clone, you can run `scripts/docker-build.sh -c` instead. This may be useful if a tarball for a release isn't available yet. diff --git a/docker/package.Dockerfile b/docker/package.Dockerfile index d95263c..ddd3b48 100644 --- a/docker/package.Dockerfile +++ b/docker/package.Dockerfile @@ -8,7 +8,16 @@ RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selectio RUN apt -y update && apt -y upgrade ## Install system dependencies -RUN apt -y install binutils elfutils desktop-file-utils dpkg file imagemagick wget xz-utils pv curl jq python3 zsync gnupg +RUN apt -y install binutils elfutils desktop-file-utils dpkg dpkg-dev fakeroot file git imagemagick wget xz-utils pv curl jq python3 zsync gnupg perl make liblocale-gettext-perl + +## Install debbuild for .deb packaging +RUN git clone --depth 1 --branch 24.12.0 https://github.com/debbuild/debbuild.git /tmp/debbuild \ + && cd /tmp/debbuild \ + && git checkout 65c140bf902aa4860709a899a0f197fd7aa05e56 \ + && perl configure --prefix=/usr \ + && make \ + && make install \ + && rm -rf /tmp/debbuild RUN curl -s https://api.github.com/repos/AppImage/appimagetool/releases/tags/1.9.0 \ | jq -r '.assets[].browser_download_url' \ diff --git a/package/apparmor.cfg b/package/apparmor.cfg new file mode 100644 index 0000000..c6523d4 --- /dev/null +++ b/package/apparmor.cfg @@ -0,0 +1,7 @@ +abi , +include + +profile helium-bin "/opt/helium/helium" flags=(default_allow) { + userns, + include if exists +} diff --git a/package/docker-package.sh b/package/docker-package.sh index cd096c7..2433f2b 100755 --- a/package/docker-package.sh +++ b/package/docker-package.sh @@ -8,6 +8,7 @@ _git_submodule="helium-chromium" _image="helium-chromium-trixie-slim:packager" _user_uidgid="$(id -u):$(id -g)" _docker_image_args=() +_make_deb=${MAKE_DEB:-0} if [ "$_user_uidgid" != "0:0" ]; then _docker_image_args+=(--build-arg "UID=$(id -u)") @@ -30,5 +31,6 @@ cd "${_root_dir}" && docker run --rm -i \ -e APPIMAGE_EXTRACT_AND_RUN=1 \ -e HOME=/home/builder \ -e GNUPGHOME=/home/builder/.gnupg \ + -e MAKE_DEB=$_make_deb \ -v "${_root_dir}:/repo" \ "${_image}" bash "/repo/scripts/package.sh" "$@" diff --git a/package/helium-bin.spec b/package/helium-bin.spec index 8c25274..dac69a7 100644 --- a/package/helium-bin.spec +++ b/package/helium-bin.spec @@ -10,15 +10,20 @@ URL: https://github.com/imputnet/helium-linux Source0: https://github.com/imputnet/helium-linux/releases/download/%{version}/helium-%{version}-x86_64_linux.tar.xz Source1: https://github.com/imputnet/helium-linux/releases/download/%{version}/helium-%{version}-arm64_linux.tar.xz +%if 0%{?debbuild} +Packager: imput +Provides: www-browser +%endif + %description Private, fast, and honest web browser based on Chromium %prep -%ifarch x86_64 +%ifarch x86_64 amd64 %setup -q -n helium-%{version}-x86_64_linux %endif -%ifarch aarch64 +%ifarch aarch64 arm64 %setup -q -T -b 1 -n helium-%{version}-arm64_linux %endif @@ -36,8 +41,13 @@ mkdir -p %{heliumdir} \ cp -a . %{heliumdir} +%if 0%{?debbuild} +sed -Ei "s/(CHROME_VERSION_EXTRA=).*/\1deb/" \ + %{heliumdir}/helium-wrapper +%else sed -Ei "s/(CHROME_VERSION_EXTRA=).*/\1rpm/" \ %{heliumdir}/helium-wrapper +%endif install -m 644 product_logo_256.png \ %{buildroot}%{_datadir}/icons/hicolor/256x256/apps/helium.png @@ -60,16 +70,28 @@ ln -sf %{helium_base}/helium-wrapper \ /usr/bin/update-desktop-database &> /dev/null || : /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || : +if [ -d /etc/apparmor.d ]; then + cp %{helium_base}/apparmor.cfg /etc/apparmor.d/helium-bin + apparmor_parser -r /etc/apparmor.d/helium-bin || : +fi + %postun # Refresh icon cache and update desktop database /usr/bin/update-desktop-database &> /dev/null || : if [ $1 -eq 0 ] ; then /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : + + if [ -f /etc/apparmor.d/helium-bin ]; then + apparmor_parser -R helium-bin || : + rm -f /etc/apparmor.d/helium-bin + fi fi %posttrans /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %changelog +%if "%{_vendor}" != "debbuild" %autochangelog +%endif diff --git a/package/mkdeb.sh b/package/mkdeb.sh new file mode 100755 index 0000000..cc7f696 --- /dev/null +++ b/package/mkdeb.sh @@ -0,0 +1,44 @@ +#!/bin/bash +set -euxo pipefail + +_current_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd)" +_root_dir="$(cd "$_current_dir/.." && pwd)" +_release_dir="$_root_dir/build/release" +_spec="$_root_dir/package/helium-bin.spec" + +_version=$(python3 "$_root_dir/helium-chromium/utils/helium_version.py" \ + --tree "$_root_dir/helium-chromium" \ + --platform-tree "$_root_dir" \ + --print) +_tarball="$(realpath "${1:-}")" + +if ! [ -f "$_tarball" ]; then + echo "usage: $0 &2 + exit 1 +fi + +_tarball_basename="$(basename "$_tarball")" +case "$_tarball_basename" in + *x86_64*) _deb_arch="amd64" ;; + *arm64*) _deb_arch="arm64" ;; + *) exit 1;; +esac + +_debbuild_dir=$(mktemp -d) +trap 'rm -rf "$_debbuild_dir"' EXIT + +mkdir -p "$_debbuild_dir"/{BUILD,SOURCES,SPECS,DEBS} +ln -s "$_tarball" "$_debbuild_dir/SOURCES/" +cp "$_spec" "$_debbuild_dir/SPECS/" + +debbuild \ + --define "_topdir $_debbuild_dir" \ + --define "debbuild 1" \ + --define "version $_version" \ + --define "_arch $_deb_arch" \ + --define "dist %{nil}" \ + -bb "$_debbuild_dir/SPECS/helium-bin.spec" + +mkdir -p "$_release_dir" +mv "$_debbuild_dir"/DEBS/*/*.deb "$_release_dir/" +ls "$_release_dir"/*.deb diff --git a/scripts/package.sh b/scripts/package.sh index 0765ac8..e50c9af 100755 --- a/scripts/package.sh +++ b/scripts/package.sh @@ -58,6 +58,7 @@ for file in $_files; do done cp "$_root_dir/package/helium.desktop" "$_tarball_dir" +cp "$_root_dir/package/apparmor.cfg" "$_tarball_dir" cp "$_root_dir/package/helium-wrapper.sh" "$_tarball_dir/helium-wrapper" wait @@ -110,8 +111,13 @@ appimagetool \ popd wait +if [ "${MAKE_DEB:-0}" = 1 ]; then + "$_root_dir/package/mkdeb.sh" "$TAR_PATH" +fi + if [ -n "${SIGN_TARBALL:-}" ]; then - gpg --detach-sign --passphrase "$GPG_PASSPHRASE" \ + gpg --batch --pinentry-mode loopback \ + --detach-sign --passphrase "$GPG_PASSPHRASE" \ --output "$TAR_PATH.asc" "$TAR_PATH" fi