Offline vendored build for Debian packaging

Add GOPROXY=off, GONOSUMCHECK=*, GOTOOLCHAIN=local to debian/rules
to block all network access from Go during build. Remove go mod vendor
from configure and vendor cleanup from clean since vendor/ is now
shipped in the orig tarball.

Add debian/make-orig-tarball.sh to create the vendored orig tarball
from git archive + autotools + go mod vendor.

Author: ppomes

debian/make-orig-tarball.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+# Build a vendored orig tarball for Debian packaging.
+#
+# Launchpad and other Debian build hosts have no network access, so the
+# orig tarball must ship everything needed to build offline:
+#   - autotools generated files (configure, Makefile.in, ...)
+#   - Go vendor/ directory (all Go module dependencies)
+#
+# The tarball is created from the current git HEAD, not from a GitHub
+# release download (which lacks both autotools files and vendor/).
+#
+# Output: ../libcoraza_<version>.orig.tar.gz
+#
+# Prerequisites: git, dpkg-parsechangelog, autoconf, automake, libtool, go
+#
+# Usage: debian/make-orig-tarball.sh
+#   Run from the top-level source directory (must be a git repo).
+
+set -euo pipefail
+
+VERSION=$(dpkg-parsechangelog -S Version | sed 's/-.*//')
+TARBALL="libcoraza_${VERSION}.orig.tar.gz"
+DISTNAME="libcoraza-${VERSION}"
+WORKDIR=$(mktemp -d)
+
+trap 'rm -rf "$WORKDIR"' EXIT
+
+echo "==> Exporting git tree..."
+git archive --prefix="${DISTNAME}/" HEAD | tar xf - -C "$WORKDIR"
+
+echo "==> Generating autotools files..."
+(
+    cd "$WORKDIR/${DISTNAME}"
+    echo "$VERSION" > .tarball-version
+    ./build.sh
+)
+
+echo "==> Running go mod vendor..."
+(
+    cd "$WORKDIR/${DISTNAME}"
+    go mod vendor
+)
+
+echo "==> Creating tarball..."
+tar czf "../${TARBALL}" -C "$WORKDIR" "${DISTNAME}"
+
+echo "==> Created ../${TARBALL}"
+echo "    $(tar tzf "../${TARBALL}" | grep -c vendor/) vendor entries included"

debian/rules

@@ -7,6 +7,9 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 export GOPATH = $(CURDIR)/.gopath
 export GOCACHE = $(CURDIR)/.gocache
 export GOFLAGS = -mod=vendor
+export GOPROXY = off
+export GONOSUMCHECK = *
+export GOTOOLCHAIN = local
 
 SOMAJOR = 1
 SOVER = $(DEB_VERSION_UPSTREAM)
@@ -19,7 +22,6 @@ override_dh_autoreconf:
 	./build.sh
 
 override_dh_auto_configure:
-	go mod vendor
 	dh_auto_configure -- --libdir=/usr/lib/$(DEB_HOST_MULTIARCH)
 
 override_dh_auto_build:
@@ -53,5 +55,5 @@ override_dh_strip:
 
 override_dh_auto_clean:
 	[ ! -f Makefile ] || $(MAKE) distclean
-	chmod -Rf u+w .gopath .gocache vendor 2>/dev/null || true
-	rm -rf .gopath .gocache vendor
+	chmod -Rf u+w .gopath .gocache 2>/dev/null || true
+	rm -rf .gopath .gocache