Create tooling for building packages

[conorsch]

The package build logic is documented over at https://securedrop-debian-packaging-guide.readthedocs.io/en/latest/, but all the steps must be followed manually by developers in order to create packages. That's slowing us down, and runs the risk of introducing mistakes in the packaging creation. Let's add some basic tooling to keep the process on the rails.

Using a Makefile

A Makefile should be added to the root of this repository, that wraps logic used for creating the various packages. Reasonable targets:

clean                            Removes all non-version controlled packaging artifacts
help                             Prints this message and exits
securedrop-client                Builds Debian package for securedrop-client code
securedrop-proxy                 Builds Debian package for securedrop-proxy code
securedrop-workstation-config    Builds Debian metapackage for Qubes Workstation base dependencies
securedrop-workstation-grsec     Builds Debian metapackage for Qubes Workstation hardened kernel

We can make the following assumptions when creating the logic:

1. Code directories to be packaged are adjacent to the repo root.
2. Code directory location can be overridden by an env var.
3. Complicated build script logic can be stored in a script, and called by the Makefile (to keep things DRY).

Comments welcome, particularly from @kushaldas and @heartsucker.

[heartsucker]

No comments, lgtm.

[conorsch]

Having the build logic codified in this repo will also enable regular CI (not just on PRs) to build the packages and monitor for problems.

[kushaldas]

The package build logic is documented over at https://securedrop-debian-packaging-guide.readthedocs.io/en/latest/, but all the steps must be followed manually by developers in order to create packages. That's slowing us down, and runs the risk of introducing mistakes in the packaging creation.

Correct, and this repo+tools inside should follow the guide to do the packaging in an automated way. The whole idea of the guide is to explain each every step of the process so that people can learn how and what exactly happening in our build process.

1. Code directories to be packaged are adjacent to the repo root.
2. Code directory location can be overridden by an env var.

We should build against a tarball instead of the code directory. As in the requirements.txt the developer has to make sure that the right dependencies and sha256sums located. In future we can even add a step to create the tarball, but, I would love to increase details step by step.

[conorsch]

There are several open PRs improving the build workflow via additional tooling refinements:

• Removes dch and localwheels syncing part of build steps #21
• Makefile updates and tools for requirements.txt and wheels #23
• Updates dependency of sdk to 0.0.4 #26

Leaving this issue open until those are reviewed and merged.

[conorsch]

Most recent merges have checked the boxes on core tooling. We'll surely be making changes in the future, but the original intent of this issue is satisfied.