This file is indexed.

/usr/bin/nd_build_testrdepends is in neurodebian-dev 0.37.2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
#!/bin/bash

# no undefined
set -u
# no failures
set -e

CMD=
#echo

family=$1
dist=$2
arch=$3      # limit to 1 for now

dscfile=$4
dscfilef=$(readlink -f $dscfile)
dscfilef_base=${dscfilef%%.dsc}

pkg=${dscfile%_*}

#? TODO -- should be a parameter as well?

testdir=${dscfilef_base}_$arch.testrdepends.$family-$dist
secdir=${dscfilef_base}_$arch.testrdepends.$family-$dist.secure
bindir=$testdir/bin
debdir=$testdir/debs
srcdir=$testdir/srcs
oldbuildsdir=$srcdir/old
newbuildsdir=$srcdir/new

echo "I: Updating target chroot $family $dist"
$CMD nd_updatedist $family $dist $arch

mkdir -p $debdir $srcdir $bindir $secdir

echo "I: Building the new package for $pkg"
$CMD nd_build $family $dist $arch $dscfile --buildresult=$debdir

echo "I: Initiating the repository"
cd $debdir
dpkg-scanpackages . >| Packages
apt-ftparchive release . >| Release

gpgargs="--no-default-keyring --secret-keyring $secdir/keyring.sec --keyring $secdir/keyring.pub"
if [ ! -e $secdir/keyring.sec ]; then
	# Generate a key to sign the Release file
	cat >| $secdir/keyring.gen <<EOF
	     %echo Generating a standard key
	     Key-Type: DSA
	     Key-Length: 1024
	     Subkey-Type: ELG-E
	     Subkey-Length: 1024
	     Name-Real: NeuroDebian Tester
	     Name-Comment: Temporary key
	     Name-Email: team@neuro.debian.net
	     Expire-Date: 0
	     Passphrase: salty salt
	     %pubring $secdir/keyring.pub
	     %secring $secdir/keyring.sec
	     # Do a commit here, so that we can later print "done" :-)
	     %commit
	     %echo done
EOF

	gpg --batch --gen-key $secdir/keyring.gen
	gpg $gpgargs --list-secret-keys
fi

echo "I: signing Release file"
gpg $gpgargs --list-secret-keys
gpg --yes -abs -u "NeuroDebian Tester" \
    $gpgargs --passphrase "salty salt" \
    -o Release.gpg Release
pubkey=$(gpg $gpgargs -a --export -u "NeuroDebian Tester")

# All binary packages produced
pkgs=$(awk '/^Package:/{print $2;}' Packages)
cd - > /dev/null

echo "I: Fetching all bdepends for $pkgs in $family $dist under $arch"
# need first to provide the necessary scripts out there
cp -p $(dirname $0)/nd_fetch_bdepends $bindir
$CMD nd_execute $family $dist $arch --bindmounts $testdir $bindir/nd_fetch_bdepends $dist $srcdir $pkgs

echo "I: preparing the hook"
cat << EOF >| $bindir/D00add_custom_repo
echo 'deb file://$debdir ./' >| /etc/apt/sources.list.d/custom.list
echo "$pubkey" | apt-key add -
apt-get update || /bin/bash < /dev/tty > /dev/tty 2> /dev/tty
EOF
chmod a+x $bindir/D00add_custom_repo

echo "I: Going throught the packages and testing the builds"
cd $srcdir
summary_file=${testdir}.summary
echo -e "\nTesting builds against $dscfile" >> $summary_file
for dsc in *.dsc; do
	echo " I: Building $dsc with native versions"
	src=${dsc%%_*}
	dscbase=${dsc%%.dsc}
	nd_build $family $dist $arch $dsc --buildresult=$oldbuildsdir \
		&& old=ok || old=FAILED
	mv ${dscbase}_$arch.build $oldbuildsdir
	echo " I: Building $dsc with new versions"
	nd_build $family $dist $arch $dsc --buildresult=$newbuildsdir \
		--hookdir=$bindir --bindmount=$testdir \
		&& new=ok || new="FAILED $newbuildsdir/${dscbase}_$arch.build"
	mv ${dscbase}_$arch.build $newbuildsdir
	printf '%-40s\t%5s\t%5s\n' $dsc "$old" "$new" >> $summary_file
done