Add debian packaging

.github/CODEOWNERS

@@ -3,3 +3,10 @@
 
 # These owners will be the default owners for everything in the repo.
 *       @cozy/back
+
+# Order is important; the last matching pattern takes the most
+# precedence. When someone opens a pull request that only
+# impact debian packaging files, only sblaisot and not the global
+# owner(s) will be requested for a review.
+debian/*               @sblaisot
+scripts/packaging/*    @sblaisot

.gitignore

@@ -3,7 +3,6 @@
 /.assets
 /.cozy
 /cozy-stack*
-/debian
 /debug-assets
 node_modules
 /scripts/cozy-stack*
@@ -14,3 +13,16 @@ tmp
 *.log
 *.enc
 *.dec
+
+# Debian packaging stuff / temporary files
+/.pc/
+/bin
+/packages
+/debian/changelog
+/debian/*.debhelper
+/debian/*.log
+/debian/*.substvars
+/debian/files
+/debian/cozy/
+/debian/cozy-stack/
+/debian/tmp/

debian/compat

@@ -0,0 +1 @@
+10

debian/control

@@ -0,0 +1,24 @@
+Source: cozy-stack
+Section: devel
+Priority: extra
+Maintainer: Cozycloud Packaging Team <debian@cozycloud.cc>
+Build-Depends: debhelper (>= 9), dh-exec
+Standards-Version: 3.9.8
+Homepage: https://github.com/cozy/cozy-stack
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-go/packages/cozy-stack.git
+Vcs-Git: https://anonscm.debian.org/git/pkg-go/packages/cozy-stack.git
+XS-Go-Import-Path: github.com/cozy/cozy-stack
+
+Package: cozy-stack
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends},
+			adduser, members, curl, sed,
+			git, imagemagick, libprotobuf-c1, fonts-lato
+Recommends: couchdb (>= 2.3), cozy-coclyco, nginx,
+			debootstrap, lsb-release,
+			mail-transport-agent, nodejs (>= 16)
+Description: Cozy: Simple, Versatile, Yours
+ Cozy (https://cozy.io) is a platform that brings all your web services
+ in the same private space.
+ .
+ This package installs the cozy stack.

debian/copyright

@@ -0,0 +1,19 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: cozy-stack
+Source: https://github.com/cozy/cozy-stack
+
+Files: *
+Copyright: Copyright 2012, 2023 Cozy Cloud <contact@cozycloud.cc>
+License: AGPL-3.0-only
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU Affero General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  .
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU Affero General Public License for more details.
+  .
+  You should have received a copy of the GNU Affero General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.

debian/cozy-stack.config

@@ -0,0 +1,56 @@
+#!/bin/sh
+set -e
+. /usr/share/debconf/confmodule
+
+# prompt for password + confirmation until we get matching entries
+# or an empty password
+promptpass() {
+	TARGET="${1}"
+	PRIORITY="${2:-high}"
+
+	while :; do
+		RET=""
+		db_input ${PRIORITY} ${TARGET} || true
+		db_go
+		db_get ${TARGET}
+		# if password isn't empty we ask for password verification
+		if [ -z "${RET}" ]; then
+			break
+		fi
+		PW="${RET}"
+		db_input ${PRIORITY} ${TARGET}_again || true
+		db_go
+		db_get ${TARGET}_again
+		if [ "${RET}" = "${PW}" ]; then
+			PW=""
+			break
+		fi
+		db_fset ${TARGET}_mismatch seen false
+		db_input critical ${TARGET}_mismatch
+		db_set ${TARGET} ""
+		db_set ${TARGET}_again ""
+		db_go
+	done
+}
+
+prompt() {
+	TARGET="${1}"
+	PRIORITY="${2:-high}"
+
+	db_input ${PRIORITY} ${TARGET} || true
+	db_go
+	db_get ${TARGET}
+}
+
+prompt cozy-stack/couchdb/address
+prompt cozy-stack/couchdb/nodename
+prompt cozy-stack/couchdb/admin/user
+promptpass cozy-stack/couchdb/admin/password
+prompt cozy-stack/couchdb/cozy/user
+promptpass cozy-stack/couchdb/cozy/password
+promptpass cozy-stack/cozy/password
+
+prompt cozy-stack/address low
+prompt cozy-stack/port low
+prompt cozy-stack/admin/address low
+prompt cozy-stack/admin/port low

debian/cozy-stack.install

@@ -0,0 +1,8 @@
+#!/usr/bin/dh-exec
+bin/cozy-stack usr/bin/
+scripts/konnector-node16-run.sh => usr/share/cozy/konnector-run.sh
+
+debian/cozy.yml etc/cozy/
+debian/cozy-stack.syslog => etc/rsyslog.d/cozy.conf
+debian/uninstall-onboarding.sh usr/share/cozy/
+debian/websocket.conf etc/nginx/conf.d/

debian/cozy-stack.postinst

@@ -0,0 +1,96 @@
+#!/bin/sh
+set -e
+. /usr/share/debconf/confmodule
+
+case $1 in
+configure)
+	db_get cozy-stack/couchdb/address && COUCH_ADDRESS="${RET}"
+	db_get cozy-stack/couchdb/cozy/user && COUCH_USER="${RET}"
+	db_get cozy-stack/couchdb/cozy/password && COUCH_PASS="${RET}"
+	db_get cozy-stack/address && ADDRESS="${RET}"
+	db_get cozy-stack/port && PORT="${RET}"
+	db_get cozy-stack/admin/address && ADMIN_ADDRESS="${RET}"
+	db_get cozy-stack/admin/port && ADMIN_PORT="${RET}"
+	COUCH_URL="http://${COUCH_USER}:${COUCH_PASS}@${COUCH_ADDRESS}/"
+
+	if [ -z "$2" ]; then
+		getent group cozy >/dev/null 2>&1 || \
+			addgroup --quiet --system cozy
+		getent passwd cozy-stack >/dev/null 2>&1 || \
+			adduser --quiet --system \
+			--home /var/lib/cozy --no-create-home \
+			--shell /usr/sbin/nologin --ingroup cozy cozy-stack
+
+		[ -d /var/log/cozy ] || \
+			install -o root -g cozy -m u=rwX,g=rwX,o= -d /var/log/cozy
+
+		db_get cozy-stack/couchdb/nodename && COUCH_NODE="${RET}"
+		db_get cozy-stack/couchdb/admin/user && COUCH_ADMIN_USER="${RET}"
+		db_get cozy-stack/couchdb/admin/password && COUCH_ADMIN_PASS="${RET}"
+		ENCODED_COUCH_ADMIN_USER=$(echo "${COUCH_ADMIN_USER}" | sed -e 's/:/%3A/g')
+		curl -fsX PUT -u "${ENCODED_COUCH_ADMIN_USER}:${COUCH_ADMIN_PASS}" "${COUCH_ADDRESS}/_node/${COUCH_NODE}/_config/admins/${COUCH_USER}" -d "\"${COUCH_PASS}\"" >/dev/null || \
+		(
+			echo "=====================" >&2
+			echo "Unable to create cozy user in couchdb" >&2
+			echo "Check that you provided the correct couchdb admin user, password and address" >&2
+			echo "You can try again by purging and reinstalling the cozy-stack package" >&2
+			echo "apt-get purge cozy-stack; apt-get install cozy-stack" >&2
+			echo "=====================" >&2
+		)
+
+		if [ ! -f /etc/cozy/cozy-admin-passphrase ]; then
+			db_get cozy-stack/cozy/password && COZY_PASS="${RET}"
+			COZY_ADMIN_PASSPHRASE="${COZY_PASS}" cozy-stack config passwd /etc/cozy/cozy-admin-passphrase
+			printf "%s" "${COZY_PASS}" > /etc/cozy/.cozy-admin-passphrase
+			chmod u=rw,og= /etc/cozy/.cozy-admin-passphrase
+		fi
+
+		chown cozy-stack: /etc/cozy/cozy.yml
+		chown cozy-stack: /etc/cozy/cozy-admin-passphrase
+		chown -R cozy-stack: /usr/share/cozy
+
+		install -o cozy-stack -g cozy -m u=rwX,g=rwX,o= -d /var/lib/cozy
+
+		[ -f /usr/sbin/rsyslogd ] && systemctl restart rsyslog
+		[ -f /usr/sbin/nginx ] && systemctl reload nginx
+	else
+		if [ ! -f /etc/cozy/.cozy-admin-passphrase ]; then
+			db_input critical cozy-stack/admin/passphrase
+			db_go
+			db_get cozy-stack/admin/passphrase && COZY_PASS="${RET}"
+			echo "${COZY_PASS}" > /etc/cozy/.cozy-admin-passphrase
+			chmod u=rw,og= /etc/cozy/.cozy-admin-passphrase
+		fi
+
+		if dpkg --compare-versions "${2}" lt 2:1.2.0-1; then
+			/usr/share/cozy/uninstall-onboarding.sh
+		fi
+	fi
+
+	if [ ! -f /etc/cozy/cozy.yml.local ]; then
+		cat > /etc/cozy/cozy.yml.local <<-EOF
+			host: ${ADDRESS}
+			port: ${PORT}
+
+			admin:
+			  host: ${ADMIN_ADDRESS}
+			  port: ${ADMIN_PORT}
+
+			couchdb:
+			  url: ${COUCH_URL}
+		EOF
+		chown cozy-stack: /etc/cozy/cozy.yml.local
+		chmod u=rw,og= /etc/cozy/cozy.yml.local
+	fi
+
+	if [ ! -f /etc/cozy/vault.enc ] || [ ! -f /etc/cozy/vault.dec ]; then
+		cozy-stack config gen-keys /etc/cozy/vault
+		chown cozy-stack: /etc/cozy/vault.enc /etc/cozy/vault.dec
+		chmod u=rw,og= /etc/cozy/vault.enc /etc/cozy/vault.dec
+	fi
+
+	systemctl restart cozy-stack
+;;
+esac
+
+#DEBHELPER#

debian/cozy-stack.prerm

@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+#DEBHELPER#
+
+case $1 in
+remove)
+	#rm -rf /var/lib/cozy
+	rm -f /etc/cozy/cozy-admin-passphrase
+
+	getent passwd cozy-stack 2>&1 >/dev/null && deluser --quiet cozy-stack
+	members cozy &>/dev/null || delgroup cozy
+;;
+esac

debian/cozy-stack.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Cozy service
+Wants=couchdb.service
+After=network.target couchdb.service
+
+[Service]
+User=cozy-stack
+Group=cozy
+WorkingDirectory=/var/lib/cozy/
+PermissionsStartOnly=true
+ExecStart=/usr/bin/cozy-stack serve
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

debian/cozy-stack.syslog

@@ -0,0 +1,7 @@
+if $programname == 'cozy' then {
+	if $syslogseverity <= '6' then /var/log/cozy/stack.log
+	/var/log/cozy/stack.debug.log
+}
+if $programname == 'cozy-stack' then {
+	/var/log/cozy/stack.log
+}