From c20545b37a5a08f8092b4904f2f4fa6f08f44765 Mon Sep 17 00:00:00 2001
From: Jonathan Lloyd <jonathan@thisisjonathan.com>
Date: Sat, 10 Oct 2020 21:36:49 +0100
Subject: [PATCH] feat: Add deb packager-specific nfpm config (#1829)

---
 internal/pipe/nfpm/nfpm.go     | 20 ++++++++++++
 pkg/config/config.go           | 58 ++++++++++++++++++++++++++++++++++
 www/docs/customization/nfpm.md | 33 +++++++++++++++++++
 3 files changed, 111 insertions(+)

diff --git a/internal/pipe/nfpm/nfpm.go b/internal/pipe/nfpm/nfpm.go
index 7162ef8f75fc..93190557a29e 100644
--- a/internal/pipe/nfpm/nfpm.go
+++ b/internal/pipe/nfpm/nfpm.go
@@ -173,6 +173,26 @@ func create(ctx *context.Context, fpm config.NFPM, format, arch string, binaries
 				PreRemove:   overridden.Scripts.PreRemove,
 				PostRemove:  overridden.Scripts.PostRemove,
 			},
+			Deb: nfpm.Deb{
+				Scripts: nfpm.DebScripts{
+					Rules: overridden.Deb.Scripts.Rules,
+				},
+				Triggers: nfpm.DebTriggers{
+					Interest:        overridden.Deb.Triggers.Interest,
+					InterestAwait:   overridden.Deb.Triggers.InterestAwait,
+					InterestNoAwait: overridden.Deb.Triggers.InterestNoAwait,
+					Activate:        overridden.Deb.Triggers.Activate,
+					ActivateAwait:   overridden.Deb.Triggers.ActivateAwait,
+					ActivateNoAwait: overridden.Deb.Triggers.ActivateNoAwait,
+				},
+				Breaks:          overridden.Deb.Breaks,
+				VersionMetadata: overridden.Deb.VersionMetadata,
+				Signature: nfpm.DebSignature{
+					KeyFile:       overridden.Deb.Signature.KeyFile,
+					KeyPassphrase: overridden.Deb.Signature.KeyPassphrase,
+					Type:          overridden.Deb.Signature.Type,
+				},
+			},
 		},
 	}
 
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 83d58f2601f8..03c65001bda9 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -322,6 +322,63 @@ type NFPMScripts struct {
 	PostRemove  string `yaml:"postremove,omitempty"`
 }
 
+// NFPMDebScripts is scripts only available on deb packages.
+type NFPMDebScripts struct {
+	Rules string `yaml:"rules,omitempty"`
+}
+
+// NFPMDebTriggers contains triggers only available for deb packages.
+// https://wiki.debian.org/DpkgTriggers
+// https://man7.org/linux/man-pages/man5/deb-triggers.5.html
+type NFPMDebTriggers struct {
+	Interest        []string `yaml:"interest,omitempty"`
+	InterestAwait   []string `yaml:"interest_await,omitempty"`
+	InterestNoAwait []string `yaml:"interest_noawait,omitempty"`
+	Activate        []string `yaml:"activate,omitempty"`
+	ActivateAwait   []string `yaml:"activate_await,omitempty"`
+	ActivateNoAwait []string `yaml:"activate_noawait,omitempty"`
+}
+
+// NFPMDebSignature contains config for signing deb packages created by nfpm
+type NFPMDebSignature struct {
+	// PGP secret key, can be ASCII-armored
+	KeyFile       string `yaml:"key_file,omitempty"`
+	KeyPassphrase string `yaml:"-"` // populated from environment variable
+	// origin, maint or archive (defaults to origin)
+	Type string `yaml:"type,omitempty"`
+}
+
+// type alias to prevent stack overflowing in the custom unmarshaler.
+type nfpmDebSignature NFPMDebSignature
+
+func (nds *NFPMDebSignature) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	var sig nfpmDebSignature
+	if err := unmarshal(&sig); err != nil {
+		return err
+	}
+
+	debPassphrase := os.Getenv("NFPM_DEB_PASSPHRASE")
+	if debPassphrase != "" {
+		sig.KeyPassphrase = debPassphrase
+	} else {
+		generalPassphrase := os.Getenv("NFPM_PASSPHRASE")
+		sig.KeyPassphrase = generalPassphrase
+	}
+
+	*nds = NFPMDebSignature(sig)
+
+	return nil
+}
+
+// NFPMDeb is custom configs that are only available on deb packages.
+type NFPMDeb struct {
+	Scripts         NFPMDebScripts   `yaml:"scripts,omitempty"`
+	Triggers        NFPMDebTriggers  `yaml:"triggers,omitempty"`
+	Breaks          []string         `yaml:"breaks,omitempty"`
+	VersionMetadata string           `yaml:"metadata,omitempty"` // Deprecated: Moved to Info
+	Signature       NFPMDebSignature `yaml:"signature,omitempty"`
+}
+
 // NFPMOverridables is used to specify per package format settings.
 type NFPMOverridables struct {
 	FileNameTemplate string            `yaml:"file_name_template,omitempty"`
@@ -337,6 +394,7 @@ type NFPMOverridables struct {
 	Files            map[string]string `yaml:",omitempty"`
 	ConfigFiles      map[string]string `yaml:"config_files,omitempty"`
 	Scripts          NFPMScripts       `yaml:"scripts,omitempty"`
+	Deb              NFPMDeb           `yaml:"deb,omitempty"`
 }
 
 // Sign config.
diff --git a/www/docs/customization/nfpm.md b/www/docs/customization/nfpm.md
index 15e4ac366063..e4bc6d28504a 100644
--- a/www/docs/customization/nfpm.md
+++ b/www/docs/customization/nfpm.md
@@ -156,6 +156,39 @@ nfpms:
           "tmp/app_generated.conf": "/etc/app-rpm.conf"
         scripts:
           preinstall: "scripts/preinstall-rpm.sh"
+
+    # Custon configuration applied only to the Deb packager.
+    deb:
+      # Custom deb rules script.
+      scripts:
+        rules: foo.sh
+
+      # Custom deb triggers
+      triggers:
+        # register interrest on a trigger activated by another package
+        # (also available: interest_await, interest_noawait)
+        interest:
+          - some-trigger-name
+        # activate a trigger for another package
+        # (also available: activate_await, activate_noawait)
+        activate:
+          - another-trigger-name
+
+      # Packages which would break if this package would be installed.
+      # The installation of this package is blocked if `some-package`
+      # is already installed.
+      breaks:
+        - some-package
+
+      # The package is signed if a key_file is set
+      signature:
+        # PGP secret key (can also be ASCII-armored). The passphrase is taken
+        # from the environment variable $NFPM_DEB_PASSPHRASE with a fallback
+        # to #NFPM_PASSPHRASE.
+        key_file: key.gpg
+        # The type describes the signers role, possible values are "origin",
+        # "maint" and "archive". If unset, the type defaults to "origin".
+        type: origin
 ```
 
 !!! tip