ops2deb
Are you tired of checking if your favorite devops tools are up-to-date? Are you using a debian based GNU/Linux distribution?
ops2deb
is designed to generate Debian packages for common devops tools such as kubectl, kustomize, helm, ...,
but can be used to package any portable application. In short, it consumes a configuration file and outputs .deb
packages.
ops2deb
can also track new releases of upstream applications and automatically bump application versions in its configuration file.
Installation
sudo apt-get install ops2deb
pipx install ops2deb
Dependencies
- Python >= 3.10 if installed with
pip
or pipx
- To build debian packages with
ops2deb build
you need the following packages on your host:
sudo apt install build-essential fakeroot debhelper
If you plan to build packages for armhf
and arm64
you will also need the following packages:
sudo apt install binutils-aarch64-linux-gnu binutils-arm-linux-gnueabihf
Getting started
In a test directory run:
curl https://raw.githubusercontent.com/upciti/ops2deb/main/ops2deb.yml
ops2deb lock # generate lockfile where downloaded file hashes are stored
ops2deb # equivalent to ops2deb generate && ops2deb build
To check for new releases run:
ops2deb update
This command updates each blueprint in the ops2deb.yml
configuration file with the latest version of the upstream application.
By default ops2deb
caches downloaded content in /tmp/ops2deb_cache
:
tree /tmp/ops2deb_cache
The cache can be flushed with:
ops2deb purge
For more information about existing subcommands and options run ops2deb --help
.
Usage examples
Packaging kubectl
The fetch
field tells ops2deb to download a file. ops2deb
will check the hash
of downloaded files against a lockfile. To generate/update this lockfile, run
ops2dbe lock
. By default, the lockfile is named ops2deb.lock.yml
.
name: kubectl
version: 1.20.1
summary: command line client for controlling a Kubernetes cluster
description: |
kubectl is a command line client for running commands against Kubernetes clusters.
fetch: https://storage.googleapis.com/kubernetes-release/release/v{{version}}/bin/linux/amd64/kubectl
install:
- kubectl:/usr/bin/
Creating a metapackage
Ops2deb can be used to create metapackages:
name: allthethings
version: 0.1.9
architecture: all
summary: install various devops tools
description: Some great description.
depends:
- kubectl
- kustomize
- helm
- helmfile
- devspace
Packaging ops2deb with ops2deb
Note that when the fetch key is not used, ops2deb will run the build script from the directory where it was called.
Hence for the following blueprint to succeed, you have to run ops2deb from the root directory of this github project.
name: ops2deb
version: 0.15.0
homepage: https://github.com/upciti/ops2deb
summary: debian packaging tool for portable applications
description: |-
Ops2deb is primarily designed to easily generate Debian packages for portable
applications such as single binary applications and scripts. Packages are
described using a simple configuration file format. Ops2deb can track new
releases of upstream applications and automatically bump application versions
in its configuration file.
script:
- poetry install -E pyinstaller
- poetry run task single_binary_application
- install -m 755 build/x86_64-unknown-linux-gnu/release/install/ops2deb {{src}}/usr/bin/
Building packages for multiple architectures at once
If the upstream application is released for multiple architectures,
use the matrix
object to generate one source package for each architecture:
name: helm
matrix:
architectures:
- amd64
- armhf
- arm64
version: 3.7.2
homepage: https://helm.sh/
summary: Kubernetes package manager
description: |-
Tool for managing Kubernetes charts.
Charts are packages of pre-configured Kubernetes resources.
depends:
- kubectl
fetch: https://get.helm.sh/helm-v{{version}}-linux-{{goarch}}.tar.gz
script:
- mv linux-*/helm {{src}}/usr/bin/
The blueprint above will generate three packages: helm_3.7.2-1~ops2deb_armhf.deb
, helm_3.7.2-1~ops2deb_arm64.deb
and helm_3.7.2-1~ops2deb_amd64.deb
Note the use of the {{goarch}}
variable which maps debian architectures to sensible go architectures.
You can also define your own architecture maps using the fetch.targets
field and the {{target}}
jinja variable:
name: bottom
matrix:
architectures:
- amd64
- armhf
version: 0.6.6
revision: 2
homepage: https://clementtsang.github.io/bottom
summary: cross-platform graphical process/system monitor
description: |-
A cross-platform graphical process/system monitor with a customizable interface
and a multitude of features. Supports Linux, macOS, and Windows.
Inspired by gtop, gotop, and htop.
fetch:
url: https://github.com/ClementTsang/bottom/releases/download/{{version}}/bottom_{{target}}.tar.gz
targets:
amd64: x86_64-unknown-linux-gnu
armhf: armv7-unknown-linux-gnueabihf
install:
- btm:/usr/bin/
Using environment variables
You can use {{env("VARIABLE", "a_default")}}
in all fields except fetch.targets.*
.
The example below uses environment variables set by Gitlab CI:
name: "{{env('CI_PROJECT_NAME')}}"
version: "{{env('CI_COMMIT_TAG', '0')}}"
homepage: "{{env('CI_PROJECT_URL')}}"
summary: awesome application for doing things
description: |-
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor
incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis
nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
script:
- install -m 755 build/x86_64-unknown-linux-gnu/release/install/great-app {{src}}/usr/bin/
Configuration file
Written in YAML and composed of a single blueprint object or a list of blueprints objects. A blueprint is defined by the following:
Field | Meaning | Default |
---|
name | Component name, e.g. kustomize . | |
matrix | Generate multiple packages from a single blueprint. | None |
version | Application release to package. | |
revision | Package revistion. | 1 |
epoch | Package epoch. | 0 |
architecture | Package architecture. | amd64 |
homepage | Upstream project homepage. | None |
summary | Package short description. | |
description | Package full description. | |
depends | List of package dependencies. Corresponds to Depends entry in debian/control . | [] |
recommends | List of package recommended dependencies. Corresponds to Recommends entry in debian/control . | [] |
conflicts | List of conflicting packages. Corresponds to Conflicts entry in debian/control . | [] |
fetch | A file to download. tar.gz , tar.xz , tar , zip and deb archives are extracted automatically. | None |
install | List of here-documents and files/directories to add to the debian package. | [] |
script | List of build instructions templated with jinja2 and interpreted with the default shell . | [] |
Development
You will need poetry, and probably pyenv if you don't have python 3.10 on your host.
poetry install
To run ops2deb test suite run:
poetry run task check
To build a python wheel:
poetry run poetry build
Note that the poetry run
is important to enable poetry-dynamic-versioning
which is installed as a dev dependency.
To build a single binary application:
Install required build dependencies:
sudo apt install binutils python3-dev
poetry install -E pyinstaller
And run:
poetry run task single_binary_application
Important notes
ops2deb
DOES NOT sandbox build instructions so if you do something like:
script:
- rm -rf ~/*
You will loose your files... To make sure that you won't mess with your system, run it within a container.
Migration guides
Migrating to v1
Lockfile ops2deb.lock.yml
was introduced in ops2deb v1.0.0, before that downloaded file hashes where stored in the configuration file, in the blueprint fetch
object.
To migrate from ops2deb <= 1.0.3 to ops2deb > 1.0.3:
- Install ops2deb 1.0.3
- Run
ops2deb migrate
Breaking changes in v2
GITHUB_TOKEN
environment variable renamed to OPS2DEB_GITHUB_TOKEN
- Command line argument
-k
was removed. Start ops2deb.yml
with # lockfile={path_to_lockfile}
to override the default lockfile path.