modified debian publisher script

publish-qortal-hub-deb.sh

@@ -11,8 +11,8 @@ DEB_URL="${DEB_URL:-https://github.com/Qortal/Qortal-Hub/releases/latest/downloa
 # From your output: primary fpr = 20C64216BB5C080569F0F6BA2B4015FB935F5F2A
 SIGNING_KEY="${SIGNING_KEY:-20C64216BB5C080569F0F6BA2B4015FB935F5F2A}"
 
-# Optionally override auto owner/group after publish. If empty, owner is inferred from
-# the directory above REPO_DIR and used as owner:owner.
+# Optionally override auto owner/group after publish. If empty, owner+group are inferred
+# from the directory above REPO_DIR and used as owner:group.
 CHOWN_TO="${CHOWN_TO:-}"
 
 # -------- helpers --------
@@ -45,7 +45,7 @@ Environment overrides:
   DEB_SUBDIR=...        (default: $DEB_SUBDIR)
   DEB_URL=...           (default: $DEB_URL)
   SIGNING_KEY=...       (default: $SIGNING_KEY)
-  CHOWN_TO=...          (optional override; default auto owner:owner)
+  CHOWN_TO=...          (optional override; default auto owner:group)
 
 Example:
   SIGNING_KEY=20C64216BB5C080569F0F6BA2B4015FB935F5F2A REPO_DIR=/home/hubdeb.qortal.org/public_html $0
@@ -60,6 +60,9 @@ require_root
 SRC_DEB="${1:-}"
 TMP_DEB_DIR=""
 STAGE_DIR=""
+BACKUP_DIR=""
+PUBLISH_STARTED=0
+PUBLISH_COMPLETED=0
 
 need_cmd dpkg-deb
 need_cmd dpkg-scanpackages
@@ -75,7 +78,22 @@ need_cmd install
 need_cmd chown
 need_cmd dirname
 
-cleanup() { rm -rf "${TMP_DEB_DIR:-}" "${STAGE_DIR:-}"; }
+rollback_publish() {
+  if [[ "$PUBLISH_STARTED" -eq 1 && "$PUBLISH_COMPLETED" -eq 0 && -n "${BACKUP_DIR:-}" && -d "$BACKUP_DIR" ]]; then
+    echo "Publish failed; attempting rollback..." >&2
+    for p in "$DEB_SUBDIR" Packages Packages.gz Release Release.gpg InRelease; do
+      rm -rf "$REPO_DIR/$p"
+      if [[ -e "$BACKUP_DIR/$p" ]]; then
+        mv "$BACKUP_DIR/$p" "$REPO_DIR/$p"
+      fi
+    done
+  fi
+}
+
+cleanup() {
+  rollback_publish
+  rm -rf "${TMP_DEB_DIR:-}" "${STAGE_DIR:-}"
+}
 trap cleanup EXIT
 
 # Validate repo dirs
@@ -87,8 +105,10 @@ if [[ -z "$CHOWN_TO" ]]; then
   REPO_PARENT="$(dirname "$REPO_DIR")"
   [[ -d "$REPO_PARENT" ]] || die "Parent directory not found: $REPO_PARENT"
   OWNER_NAME="$(stat -c '%U' "$REPO_PARENT")"
+  GROUP_NAME="$(stat -c '%G' "$REPO_PARENT")"
   [[ -n "$OWNER_NAME" && "$OWNER_NAME" != "UNKNOWN" ]] || die "Could not determine owner for: $REPO_PARENT"
-  CHOWN_TO="${OWNER_NAME}:${OWNER_NAME}"
+  [[ -n "$GROUP_NAME" && "$GROUP_NAME" != "UNKNOWN" ]] || die "Could not determine group for: $REPO_PARENT"
+  CHOWN_TO="${OWNER_NAME}:${GROUP_NAME}"
 fi
 
 # Ensure signing key exists (public + secret)
@@ -141,9 +161,13 @@ if [[ -n "$OLD_HASH" && "$OLD_HASH" == "$NEW_HASH" ]]; then
   echo "No changes: $DEB_NAME is identical (sha256: $NEW_HASH). Still rebuilding metadata to be safe..."
 fi
 
-# Build Packages + Packages.gz inside stage
-dpkg-scanpackages -m "$STAGE_DIR/$DEB_SUBDIR" /dev/null > "$STAGE_DIR/Packages"
-gzip -9c "$STAGE_DIR/Packages" > "$STAGE_DIR/Packages.gz"
+# Build Packages + Packages.gz inside stage.
+# Run from STAGE_DIR so package filenames stay repo-relative (deb-packages/...).
+(
+  cd "$STAGE_DIR"
+  dpkg-scanpackages -m "$DEB_SUBDIR" /dev/null > Packages
+  gzip -9c Packages > Packages.gz
+)
 
 # Build Release inside stage
 (
@@ -161,6 +185,7 @@ gzip -9c "$STAGE_DIR/Packages" > "$STAGE_DIR/Packages.gz"
 # 3) Remove old backup
 BACKUP_DIR="$REPO_DIR/.backup.$(date -u +%Y%m%dT%H%M%SZ)"
 mkdir -p "$BACKUP_DIR"
+PUBLISH_STARTED=1
 
 # Move current repo files that we manage into backup
 for p in "$DEB_SUBDIR" Packages Packages.gz Release Release.gpg InRelease; do
@@ -176,9 +201,11 @@ mv "$STAGE_DIR/Packages.gz" "$REPO_DIR/Packages.gz"
 mv "$STAGE_DIR/Release" "$REPO_DIR/Release"
 mv "$STAGE_DIR/Release.gpg" "$REPO_DIR/Release.gpg"
 mv "$STAGE_DIR/InRelease" "$REPO_DIR/InRelease"
+PUBLISH_COMPLETED=1
 
 # If you want to keep the backup, comment the next line
 rm -rf "$BACKUP_DIR"
+BACKUP_DIR=""
 
 # Ownership fixup on final repo path
 chown -R "$CHOWN_TO" "$REPO_DIR"