From 78a0ca291cf8a68641540a2bcd25059b9362f03d Mon Sep 17 00:00:00 2001
From: Emanuele Aina <emanuele.aina@collabora.com>
Date: Tue, 6 Jun 2023 15:11:18 +0200
Subject: [PATCH 1/3] Publish .orig-$component.tar.*.asc files as well

The `freetype` Debian package uses multi-component orig tarballs, and
also includes PGP signatures for them:

    freetype_2.10.4+dfsg-1+deb11u1+apertis0.debian.tar.xz
    freetype_2.10.4+dfsg-1+deb11u1+apertis0.dsc
    freetype_2.10.4+dfsg.orig-ft2demos.tar.xz
    freetype_2.10.4+dfsg.orig-ft2demos.tar.xz.asc
    freetype_2.10.4+dfsg.orig-ft2docs.tar.xz
    freetype_2.10.4+dfsg.orig-ft2docs.tar.xz.asc
    freetype_2.10.4+dfsg.orig.tar.xz

However, at publishing time OBS was ignoring these
`.orig-$component.tar.*.asc` files, causing the archive manager
(reprepro or aptly) to fail since it was not getting some of the files
listed in the `.dsc`.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>
---
 src/backend/bs_publish | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/backend/bs_publish b/src/backend/bs_publish
index 21e99fa0bc..911439b8cc 100755
--- a/src/backend/bs_publish
+++ b/src/backend/bs_publish
@@ -2024,7 +2024,7 @@ sub publish {
 	  $p = "$bin";
 	} elsif ($bin =~ /\.dsc(?:\.sha256)?$/) {
 	  $p = "$bin";
-	} elsif ($bin =~ /\.orig\.tar\.(gz|xz|bz2)\.asc$/) {
+	} elsif ($bin =~ /\.orig(?:-.*)?\.tar\.(gz|xz|bz2)\.asc$/) {
 	  # Debian upstream tarball signature
 	  $p = "$bin";
         } elsif ($bin =~ /^(.*)\.(?:box|json|ovf|phar|qcow2|vdi|vhdfixed|vmx|vmdk|vhdx)(?:\.xz)?(\.sha256)?$/) {
-- 
GitLab


From bdb0f649fef0cabed1e57d889fa52d49122ab559 Mon Sep 17 00:00:00 2001
From: Andrej Shadura <andrew.shadura@collabora.co.uk>
Date: Mon, 12 Jun 2023 11:45:55 +0200
Subject: [PATCH 2/3] =?UTF-8?q?Waiting=205=C3=9730=20is=20enough=20to=20te?=
 =?UTF-8?q?ll=20a=20restart=20is=20needed?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
---
 tests/01-build-dash        | 4 ++--
 tests/scripts/wait-for-pkg | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/01-build-dash b/tests/01-build-dash
index 32f4bba3de..139571659f 100755
--- a/tests/01-build-dash
+++ b/tests/01-build-dash
@@ -14,9 +14,9 @@ osc dput bullseye-derivative *.dsc
 
 cd "$OLDPWD"
 
-if ! wait-for-pkg bullseye-derivative dash main
+if ! wait-for-pkg bullseye-derivative dash main x86_64 5
 then
 	# DoD didn't wake up, restart the backend and try again
 	docker-compose exec -T backend supervisorctl restart all
-	wait-for-pkg bullseye-derivative dash main
+	wait-for-pkg bullseye-derivative dash main x86_64
 fi
diff --git a/tests/scripts/wait-for-pkg b/tests/scripts/wait-for-pkg
index 5105f6ab79..de06669c59 100755
--- a/tests/scripts/wait-for-pkg
+++ b/tests/scripts/wait-for-pkg
@@ -4,7 +4,7 @@ project=$1
 pkg=$2
 prj_repo=${3:-main}
 prj_arch=${4:-x86_64}
-iterations=30
+iterations=${5:-30}
 wait=30
 
 echo "Checking build result: $project $pkg $prj_repo $prj_arch"
-- 
GitLab


From 93c7e3b21bed33f700e258e6dcf8b5c649fae4a5 Mon Sep 17 00:00:00 2001
From: Andrej Shadura <andrew.shadura@collabora.co.uk>
Date: Mon, 12 Jun 2023 10:55:25 +0200
Subject: [PATCH 3/3] Test publishing multitarballs with signatures

Verify that packages with multiple tarballs are handled correctly:
their component tarballs should be published, as well as their
signatures.

For this, artificially extend the dash package with an empty component
tarball called "vendor", with fake unverifiable signature files only
containing the word "signature".

Instead of editing the .dsc file to include those, unpack the source
package and generate it again, allowing dpkg-buildpackage to pick up
the new component tarball.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
---
 .gitlab-ci.yml              |  8 +++++++-
 tests/01-build-dash         | 32 ++++++++++++++++++++++++++++++++
 tests/scripts/wait-for-file | 23 +++++++++++++++++++++++
 3 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100755 tests/scripts/wait-for-file

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 118f96ffc3..8212bf6877 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -96,6 +96,11 @@ worker:
         worker:
           image: $CI_REGISTRY_IMAGE/worker:$TAG_SHA
       volumes:
+        backend-storage:
+          driver_opts:
+            type: none
+            o: bind
+            device: './storage/backend'
         backend-logs:
           driver_opts:
             type: none
@@ -114,6 +119,7 @@ worker:
   before_script:
     - apt update && apt install -y --no-install-recommends
         curl
+        debhelper
         docker-compose
         docker.io
         dpkg-dev
@@ -123,7 +129,7 @@ worker:
     - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
     - docker info
     - echo "$COMPOSE_OVERLAY" > docker-compose.override.yml
-    - mkdir -p logs/backend logs/frontend logs/worker
+    - mkdir -p logs/backend logs/frontend logs/worker storage/backend
     - |
       cat << EOF > ~/.oscrc
       [general]
diff --git a/tests/01-build-dash b/tests/01-build-dash
index 139571659f..81045a781b 100755
--- a/tests/01-build-dash
+++ b/tests/01-build-dash
@@ -10,6 +10,26 @@ cd "$dir"
 
 apt-get source --download-only dash
 
+tarball=$(echo dash_*.orig.tar.*)
+# pretend the tarball is signed
+echo signature > $tarball.asc
+
+pkgver=${tarball%.orig.tar.*}
+ver=${pkgver#dash_}
+
+# create fake extra tarball
+mkdir vendor
+tar -zcf dash_$ver.orig-vendor.tar.gz vendor/
+
+# pretend this is a valid signature
+echo signature > dash_$ver.orig-vendor.tar.gz.asc
+
+(
+	dpkg-source -x *dsc
+	cd dash-$ver
+	dpkg-buildpackage -d -S
+)
+
 osc dput bullseye-derivative *.dsc
 
 cd "$OLDPWD"
@@ -20,3 +40,15 @@ then
 	docker-compose exec -T backend supervisorctl restart all
 	wait-for-pkg bullseye-derivative dash main x86_64
 fi
+
+wait-for-file -d storage/backend/repos/bullseye-derivative/main
+
+wait-for-file -f storage/backend/repos/bullseye-derivative/main/$tarball
+
+ls storage/backend/repos/bullseye-derivative/main -lR
+
+set -x
+
+test -f storage/backend/repos/bullseye-derivative/main/$tarball.asc
+test -f storage/backend/repos/bullseye-derivative/main/dash_$ver.orig-vendor.tar.gz
+test -f storage/backend/repos/bullseye-derivative/main/dash_$ver.orig-vendor.tar.gz.asc
diff --git a/tests/scripts/wait-for-file b/tests/scripts/wait-for-file
new file mode 100755
index 0000000000..228aa397cf
--- /dev/null
+++ b/tests/scripts/wait-for-file
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+iterations=30
+wait=30
+
+echo "Checking for file presence: $@"
+
+for i in $(seq $iterations)
+do
+	echo test "$@"
+	if test "$@"
+	then
+		echo "Condition reached." >&2
+		break
+	fi
+	if [ $i -eq $iterations ]
+	then
+		echo "ERROR: file failed to appear within the time limit!" >&2
+		exit 1
+	fi
+	echo "Sleeping ${wait}s (iteration $i/$iterations)"
+	sleep $wait
+done
-- 
GitLab