3
0
Fork
You've already forked meson-mksourcepkg
0
Create pristine source tarballs from a project using Meson ----- Development mirror of rad:z3XVUs9hFSow3vBk8s3BZPQyaPaiw https://radicle.network/nodes/rad.basenordic.org/rad:z3XVUs9hFSow3vBk8s3BZPQyaPaiw
  • Shell 88.5%
  • Dockerfile 11.5%
Find a file
David Sommerseth 1e37fed50e
Add support for verifying PGP signed git tags
Signed-off-by: David Sommerseth <dazo@eurephia.org>
2026年07月09日 00:41:13 +02:00
LICENSES Initial import 2026年07月07日 19:26:09 +02:00
build-srcpkg.sh Add support for verifying PGP signed git tags 2026年07月09日 00:41:13 +02:00
Containerfile Add support for verifying PGP signed git tags 2026年07月09日 00:41:13 +02:00
README.md Add support for verifying PGP signed git tags 2026年07月09日 00:41:13 +02:00

meson-mksourcepkg

This is a simple helper tool to quickly generate a source package for projects using Meson. It makes use of the meson dist to create the source package.

Packages are built inside a small podman/docker container, using the latest Alpine image. This images created are expected to be ephemeral to ensure the built source package is as clean as possible.

Quick Setup

A buildroot directory need to be created where a build-setup.sh must be present. The content of this file must have these variables defined:

# URL to the git repository to clone
repo_url=""
# The directory where the clone operation should be cloned into
clone_dir=""
# The git branch or tag to checkout for this build
checkout="master"
# Which dependencies need to be installed to complete 'meson setup'
dependencies=""

There are two additional functions which can be declared:

prepare_build() {
 echo "Build directory: ${BUILDDIR}"
 # steps to run to make the git checkout ready to run 'meson setup'
}
pre_dist() {
 echo "Build directory: ${BUILDDIR}"
 # steps to run before 'meson dist' is being run
}

The generated source tarball will appear at the root inside of the buildroot directory.

PGP git tag verification

This tool can also verify the git tag it will create the source tarball package from. This is enabled by settings these variables:

# The filename of the PGP public key to use for verification.
# This file must be placed in the buildroot directory, together with
# the `build-setup.sh` file.
verify_key='key.pub'
# The full PGP fingerprint ID of the public PGP key
verify_keyid="...."
# The full name and e-mail address of the owner of the PGP key
verify_userid="John Doe <john.doe@example.com>"

This script uses Sequoia-PGP to handle the PGP operations. The ${verify_keyid} and ${verify_userid} is used when calling the sq pki link add command to make the key and the user identity of the public key a trusted key (aka Authenticating the certificate). For more information: https://book.sequoia-pgp.org/auth_certs.html

Creating the source tarball

To generate a source tarball, run this command after preparing the buildroot directory and the build-setup.sh.

$ mkdir my-buildroot
# Edit my-buildroot/build-setup.sh
$ build-srcpkg.sh build my-buildroot

To debug a few of the steps, build-srcpkg.sh has these operations:

  • build-srcpkg.sh prepare ${BUILDROOT}

    This prepares the Podman images but will not run the build.

  • build-srcpkg.sh just_build ${BUILDROOT}

    This will expect images to be ready and it will only run the final build step.

  • build-srcpkg.sh cleanup ${BUILDROOT}

    This will remove the work images for the build process.

  • build-srcpkg.sh full-cleanup [${BUILDROOT}]

    This will also cleanup the base image which the worker images depends on.

  • build-srcpkg.sh build ${BUILDROOT} Quick way of running the prepare, just_build and cleanup steps in a single command.

Contribution

This project uses Radicle and Codeberg as the main development repositores. To use Radcile (preferred), see inststructions on https://radicle.dev/guides/quick-start to get started. Then run this command:

$ rad clone rad:z3XVUs9hFSow3vBk8s3BZPQyaPaiw

Collaborating via Codeberg.org is also possible, via https://codeberg.org/OpenVPN/meson-mksourcepkg

$ git clone https://codeberg.org/OpenVPN/meson-mksourcepkg

License

Copyright (C) 2026- OpenVPN Inc sales@openvpn.net Copyright (C) 2026- David Sommerseth dazo@eurephia.org

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see https://www.gnu.org/licenses/.