My final GSoC work submit
June 7th I started packaging the Caddy webserver for the Debian archives.
Since I have been busy packaging its many missing dependencies (and their dependencies..) and finally started packaging Caddy itself beginning of last week.
What has been done?
Packaging missing build-dependencies
Caddy ships in a single, statically linked binary with no dependencies, but it also has a lot of build-dependencies: Current version lists 27 direct build-dependencies in its go.mod file; some of these, including their respective build-dependencies, were missing in the archives (sources linked):
- golang-github-aryann-difflib: accepted into archives (application task)
- golang-github-caddyserver-certmagic: uploaded to NEW queue1
- golang-github-google-cel-go: uploaded to NEW queue
- golang-github-google-cel-spec: uploaded to NEW queue
- golang-github-stoewer-go-strcase: uploaded to NEW queue
- golang-github-antlr-antlr4: uploaded to NEW queue
- golang-github-masterminds-sprig: accepted into archives
- golang-github-smallstep-certificates: uploaded to NEW queue
- golang-step-cli-utils: uploaded to NEW queue
- golang-step-crypto: uploaded to NEW queue
- golang-github-newrelic-go-agent: uploaded to NEW queue
- golang-github-thalesignite-crypto11: uploaded to NEW queue
- golang-github-thales-e-security-pool: uploaded to NEW queue
- golang-github-smallstep-cli: uploaded to NEW queue
- golang-github-smallstep-nosql: uploaded to NEW queue
- golang-github-smallstep-truststore: accepted into archives
Packages maintained by others:
Some packages were already in Debian but needed to be updated as required by Caddys build-dependencies: here and here and here
Work that will pay off later:
Sometimes packaging build-dependencies in an “ideal state” (most recent upstream version and fully featured) turned out not to be feasable within schedule or because of chains of dependencies that would affect other core packages. One obstacle here is definitely that Debian is in a full freeze most of the GSoC period.
These were packaged and will be needed for upgrading/polishing some of the packaged build-dependencies at later point:
- golang-github-thomasrooney-gexpect: accepted into archives
- golang-github-micromdm-scep: uploaded to NEW queue
- golang-step-linkedca
- golang-github-zmap-zlint
- golang-github-zmap-zcertificate
- golang-github-zmap-rc2: accepted into archives
- golang-github-zmap-zcrypto
Packaging Caddy
I uploaded my current packaging of Caddy here
So, does Caddy build with dpkg-buildpackage2?
Yes, it does! 🥳
Cool! And.. does it function? Like, does it serve an html page?
Yes, it does:
Great! Then it is ready to be uploaded?
Well, not yet 🙃
What is still to be done:
- Caddys recent version has one last unsatisfied build-dependency: It requires a newer version of an already packaged library. I created a personal fork so I could build and test caddy on my own machine3 but this needs to be resolved before Caddy can be uploaded. Related bugreport
- Upstream lacks manual pages. Manpages for applications are mandatory for Debian packaging. Writing manpages will also be beneficial for upstream and other distros. Related bugreport
The latter one is what I am currently working on in order to get Caddy into Debian.
Future polishing:
These are not blockers for a Debian package and were desirable goals in my proposed schedule. I intend to get started with these once Caddy is readily packaged and uploaded:
- Hardening with an Apparmor profile
- Check if Caddy and other binaries packaged with build-dependencies build reproducibly, and fix them if not.
Making this possible:
Of course, all of this would not have been worked out without the great support of my mentors georg and mejo, the people at #debian-mentors and the Debian Go Packaging Team, especially Nilesh from the go team who put a lot of time into reviewing my work and providing feedback. And of course, this would not have been possible without Google Summer of Code.
Thank you all for this great opportunity and learning experience!