Compare commits

..

79 commits
edge ... v3.20

Author SHA1 Message Date
0281030f5d user/zotero: upgrade to 7.0.9 2024-10-31 16:37:51 +00:00
9b6ec1cf28
backports/signal-desktop: upgrade to 7.31.0
All checks were successful
/ lint (pull_request) Successful in 28s
/ deploy-x86_64 (pull_request) Successful in 30s
/ build-x86_64 (pull_request) Successful in 17m55s
/ build-aarch64 (pull_request) Successful in 1h1m25s
/ deploy-aarch64 (pull_request) Successful in 1m1s
2024-10-30 19:17:18 -04:00
87f6a19b06 backports/signal-desktop: upgrade to 7.30.0 2024-10-27 18:38:33 +00:00
5ce564a73a
user/zotero: upgrade to 7.0.8
All checks were successful
/ lint (pull_request) Successful in 27s
/ build-x86_64 (pull_request) Successful in 43m43s
/ deploy-x86_64 (pull_request) Successful in 29s
/ build-aarch64 (pull_request) Successful in 2h25m25s
/ deploy-aarch64 (pull_request) Successful in 1m2s
2024-10-22 08:44:56 -04:00
472f8f55a8 user/zotero: fix pdf reader 2024-10-17 03:33:44 +00:00
72cdc2045b user/zotero: upgrade to 7.0.7 2024-10-17 03:33:44 +00:00
eb5826e7b3
user/signal-desktop: upgrade to 7.29.0
All checks were successful
/ lint (pull_request) Successful in 28s
/ deploy-x86_64 (pull_request) Successful in 39s
/ build-x86_64 (pull_request) Successful in 23m44s
/ deploy-aarch64 (pull_request) Successful in 1m4s
/ build-aarch64 (pull_request) Successful in 1h10m28s
2024-10-16 20:37:04 -04:00
616a92e03d
backports/signal-desktop: upgrade to 7.28.0
All checks were successful
/ lint (pull_request) Successful in 27s
/ build-x86_64 (pull_request) Successful in 24m49s
/ deploy-x86_64 (pull_request) Successful in 28s
/ deploy-aarch64 (pull_request) Successful in 59s
/ build-aarch64 (pull_request) Successful in 1h6m44s
2024-10-09 18:24:17 -04:00
82e19a3d4a
testing/signal-desktop: upgrade to 7.27.0
All checks were successful
/ lint (pull_request) Successful in 38s
/ deploy-x86_64 (pull_request) Successful in 35s
/ build-x86_64 (pull_request) Successful in 36m22s
/ build-aarch64 (pull_request) Successful in 1h20m49s
/ deploy-aarch64 (pull_request) Successful in 1m1s
2024-10-07 09:40:15 -04:00
7c383aa8ea
backports/signal-desktop: upgrade to 7.26.0
All checks were successful
/ lint (pull_request) Successful in 30s
/ deploy-x86_64 (pull_request) Successful in 24s
/ build-x86_64 (pull_request) Successful in 29m20s
/ build-aarch64 (pull_request) Successful in 1h12m33s
/ deploy-aarch64 (pull_request) Successful in 59s
2024-09-27 17:30:39 -04:00
3ca73dbb66 user/zotero: upgrade to 7.0.6 2024-09-26 19:24:07 +00:00
73e22fe503
backports/signal-desktop: upgrade to 7.25.0
All checks were successful
/ lint (pull_request) Successful in 31s
/ deploy-x86_64 (pull_request) Successful in 26s
/ build-x86_64 (pull_request) Successful in 24m41s
/ deploy-aarch64 (pull_request) Successful in 1m0s
/ build-aarch64 (pull_request) Successful in 1h1m32s
2024-09-18 21:38:12 -04:00
99326806aa
backports/signal-desktop: upgrade to 7.24.1
All checks were successful
/ lint (pull_request) Successful in 32s
/ deploy-x86_64 (pull_request) Successful in 24s
/ build-x86_64 (pull_request) Successful in 22m34s
/ build-aarch64 (pull_request) Successful in 59m23s
/ deploy-aarch64 (pull_request) Successful in 58s
2024-09-13 10:31:12 -04:00
1ce95a5406
backports/signal-desktop: upgrade to 7.24.0
All checks were successful
/ lint (pull_request) Successful in 26s
/ deploy-x86_64 (pull_request) Successful in 25s
/ build-x86_64 (pull_request) Successful in 23m2s
/ build-aarch64 (pull_request) Successful in 1h1m54s
/ deploy-aarch64 (pull_request) Successful in 57s
2024-09-12 13:11:30 -04:00
a57b72bb5a
backports/signal-desktop: upgrade to 7.23.0
All checks were successful
/ lint (pull_request) Successful in 27s
/ deploy-x86_64 (pull_request) Successful in 26s
/ build-x86_64 (pull_request) Successful in 15m46s
/ deploy-aarch64 (pull_request) Successful in 59s
/ build-aarch64 (pull_request) Successful in 1h3m11s
2024-09-09 13:27:21 -04:00
23ffb6208a
backports/signal-desktop: upgrade to 7.22.2
All checks were successful
/ lint (pull_request) Successful in 43s
/ deploy-x86_64 (pull_request) Successful in 34s
/ build-x86_64 (pull_request) Successful in 21m43s
/ build-aarch64 (pull_request) Successful in 1h4m20s
/ deploy-aarch64 (pull_request) Successful in 59s
2024-09-05 16:17:26 -04:00
3e7c550f1a
forgejo: always create artifacts for build stage 2024-09-03 12:16:28 -04:00
d4020a9fb1
user/rstudio-desktop: enable build
Some checks failed
/ lint (pull_request) Successful in 28s
/ deploy-aarch64 (pull_request) Failing after 2m2s
/ build-aarch64 (pull_request) Successful in 1m9s
/ deploy-x86_64 (pull_request) Has been cancelled
/ build-x86_64 (pull_request) Has been cancelled
2024-09-03 11:46:32 -04:00
ed1236a577 user/zotero: upgrade to 7.0.3
All checks were successful
/ lint (pull_request) Successful in 27s
/ build-x86_64 (pull_request) Successful in 41m42s
/ deploy-x86_64 (pull_request) Successful in 27s
/ deploy-aarch64 (pull_request) Successful in 59s
/ build-aarch64 (pull_request) Successful in 2h21m2s
2024-08-27 13:28:46 +00:00
0e24de75be
forgejo-ci: build.sh is now local rather than patched
All checks were successful
/ lint (pull_request) Successful in 34s
/ deploy-x86_64 (pull_request) Successful in 26s
/ build-x86_64 (pull_request) Successful in 2m33s
/ build-aarch64 (pull_request) Successful in 9m1s
/ deploy-aarch64 (pull_request) Successful in 53s
2024-08-26 11:05:17 -04:00
48a860beef
forgejo-ci: fix double v in repo 2024-08-26 11:05:16 -04:00
cf413eb7cf
user/rmfakecloud: upgrade to 0.0.19 2024-08-26 11:05:11 -04:00
bddc037752
forgejo-ci: use new forge repo 2024-08-21 10:56:07 -04:00
15bbca20ca
README: update name 2024-08-12 12:56:25 -04:00
d28c73b877
README: update upstream 2024-08-12 12:55:26 -04:00
7c746983b3
README: update to use forge repo 2024-08-12 12:53:33 -04:00
bdb8bc8518
forgejo: initial implementation 2024-08-12 12:44:12 -04:00
fd7336f6d2
gitlab-ci: drop in favor of forgejo actions 2024-08-12 12:44:02 -04:00
048aa7ee77
README.md: new repo location 2024-08-10 16:34:20 -04:00
1343a7cbed
gitlab-ci: use git-annex instead of git-lfs 2024-08-10 11:34:27 -04:00
0069af2d1c
Update README.md 2024-08-10 11:31:59 -04:00
45035c9a28 user/forgejo-aneksajo: new aport 2024-08-10 04:54:01 +00:00
62c454c37b README.md: update for codeberg 2024-08-10 04:54:01 +00:00
9ab8769319
backports/forgejo-runner: new aport 2024-08-10 00:30:04 -04:00
c8865c2e02
user/zotero: upgrade to 7.0.0 2024-08-09 10:53:08 -04:00
3da559ea48
backports/calibre: new aport 2024-08-08 11:13:22 -04:00
684b9977e3
backports/py3-apsw: new aport 2024-08-08 11:13:14 -04:00
ec7c2275c4
backports/py3-html5-parser: new aport 2024-08-08 11:13:00 -04:00
e608d5e5b2 backports/freetube: upgrade to 0.21.3 2024-08-07 21:32:20 +00:00
b6364ff724
backports/looking-glass: upgrade to 7b_git20240607 2024-08-07 15:33:40 -04:00
20e50f06fc
backports/looking-glass: new aport 2024-07-30 23:37:50 -04:00
55561483a6 user/gitaly: upgrade to 17.0.4 2024-07-27 05:02:57 +00:00
60ff104dc6 user/gitlab-pages: upgrade to 17.0.4 2024-07-27 05:02:57 +00:00
3222ade97a user/gitlab-foss: upgrade to 17.0.4, fix initd 2024-07-27 05:02:57 +00:00
1ee7414bcc backports/signal-desktop: upgrade to 7.14.0 2024-07-26 16:45:55 +00:00
85a029dd50
user/mastodon: fix initd scripts 2024-07-11 07:08:10 -04:00
9e69051fd4
user/mastodon: upgrade to 4.2.10 2024-07-04 22:52:47 -04:00
c3e241d3f6
user/gitlab-foss: upgrade to 17.0.3 2024-07-03 16:57:18 -04:00
fd335bb018
user/gitlab-pages: upgrade to 17.0.3 2024-07-03 16:57:14 -04:00
4dabf671a2
user/gitaly: upgrade to 17.0.3 2024-07-03 16:57:09 -04:00
1dfc9f1356
user/gitlab-shell: upgrade to 14.36.0 2024-07-03 16:57:01 -04:00
e6255e8cd5
user/authentik: add custom css to config dir 2024-06-30 23:51:52 -04:00
0b65593908
user/authentik: upgrade to 2024.4.3 2024-06-30 10:29:59 -04:00
f4de0e83cd
user/gitlab-pages: upgrade to 17.0.2 2024-06-14 08:33:40 -04:00
4bf996ab56
user/gitaly: upgrade to 17.0.2 2024-06-14 08:33:38 -04:00
7c9023e361
user/gitlab-foss: upgrade to 17.0.2 2024-06-14 08:33:34 -04:00
50edf4baf8 user/gitlab-foss: upgrade to 16.11.4 2024-06-13 22:07:28 +00:00
813c564a5c user/gitlab-pages: upgrade to 16.11.4 2024-06-13 22:07:28 +00:00
9bddda28b9 user/gitaly: upgrade to 16.11.4 2024-06-13 22:07:28 +00:00
83679826ca
user/php82-pecl-inotify: new aport 2024-06-13 16:20:16 -04:00
04cb97c9e8
user/php83-pecl-inotify: new aport 2024-06-13 13:47:08 -04:00
3fd57eb3c1 user/authentik: add missing depends 2024-06-13 03:12:29 +00:00
4aec78a3b8 user/py3-django-rest-framework: fix to version 3.14.0 2024-06-13 03:12:29 +00:00
a490288341 user/py3-scim2-filter-parser: new aport 2024-06-13 03:12:29 +00:00
78dd460279 user/py3-tenant-schemas-celery: new aports 2024-06-13 03:12:29 +00:00
177d06fdcf user/py3-django-tenants: new aports 2024-06-13 03:12:29 +00:00
3f0fa05986 user/mastodon: upgrade to 4.2.9 2024-06-13 00:32:37 +00:00
7f3d871018
user/gitlab-pages: upgrade to 16.9.8 2024-06-07 14:14:23 -04:00
0a949f694d
user/gitaly: upgrade to 16.9.8 2024-06-07 14:14:22 -04:00
fe1a2bc74e
user/gitlab-shell: upgrade to 14.35.0 2024-06-07 14:14:18 -04:00
bc9e04fdd0
user/gitlab-foss: upgrade to 16.9.8 2024-06-07 14:13:39 -04:00
0557e612ef backports/signal-desktop: upgrade to 7.11.0 2024-06-04 16:15:10 +00:00
9104c894d8 user/zotero: upgrade to 7.0.0_beta83 2024-06-04 15:59:19 +00:00
5e339cfb4d user/zotero: enable build 2024-06-04 15:59:19 +00:00
1e15c3796c
user/peertube: enable build 2024-06-04 09:33:20 -04:00
1cf4e12629 user/firefly-iii: use php83 2024-06-04 13:27:36 +00:00
2bb75a1df8 unmaintained/firefly-iii-plaid-connector: move from user 2024-06-04 13:27:36 +00:00
cc7154fe54 user/gitlab-foss: enable build 2024-06-04 13:15:08 +00:00
684c44bc00
user/mastodon: enable build 2024-06-03 23:02:55 -04:00
172 changed files with 14837 additions and 337 deletions

View file

@ -1,31 +0,0 @@
#!/bin/bash
# expects the following env variables:
# downstream: downstream repo
repo=${downstream/*\/}
curl --silent $downstream/x86_64/APKINDEX.tar.gz | tar -O -zx APKINDEX > APKINDEX
owned_by_you=$(awk -v RS= -v ORS="\n\n" '/m:Antoine Martin \(ayakael\) <dev@ayakael.net>/' APKINDEX | awk -F ':' '{if($1=="o"){print $2}}' | sort | uniq)
echo "Found $(printf '%s\n' $owned_by_you | wc -l ) packages owned by you"
rm -f out_of_date not_in_anitya
for pkg in $owned_by_you; do
upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_version')
downstream_version=$(sed -n "/^P:$pkg$/,/^$/p" APKINDEX | awk -F ':' '{if($1=="V"){print $2}}' | sort -V | tail -n 1)
downstream_version=${downstream_version/-*}
if [ -z "$upstream_version" ]; then
echo "$pkg not in anitya"
echo "$pkg" >> not_in_anitya
elif [ "$downstream_version" != "$(printf '%s\n' $upstream_version $downstream_version | sort -V | head -n 1)" ]; then
echo "$pkg higher downstream"
continue
elif [ "$upstream_version" != "$downstream_version" ]; then
echo "$pkg upstream version $upstream_version does not match downstream version $downstream_version"
echo "$pkg $downstream_version $upstream_version $repo" >> out_of_date
fi
done

View file

@ -1,165 +0,0 @@
#!/bin/bash
# expects:
# env variable FORGEJO_TOKEN
# file out_of_date
IFS='
'
repo=${downstream/*\/}
does_it_exist() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
query="$repo/$name: upgrade to $upstream_version"
query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )"
result="$(curl --silent -X 'GET' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN"
)"
if [ "$result" == "[]" ]; then
return 1
fi
}
is_it_old() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
query="$repo/$name: upgrade to"
query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )"
result="$(curl --silent -X 'GET' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN"
)"
result_title="$(echo $result | jq -r '.[].title' )"
result_id="$(echo $result | jq -r '.[].number' )"
result_upstream_version="$(echo $result_title | awk '{print $4}')"
if [ "$upstream_version" != "$result_upstream_version" ]; then
echo $result_id
else
echo 0
fi
}
update_title() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
id=$5
result=$(curl --silent -X 'PATCH' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$id" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"title\": \"$repo/$name: upgrade to $upstream_version\"
}"
)
return 0
}
create_issue() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
result=$(curl --silent -X 'POST' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"title\": \"$repo/$name: upgrade to $upstream_version\",
\"labels\": [
$LABEL_NUMBER
]
}")
return 0
}
if [ -f out_of_date ]; then
out_of_date="$(cat out_of_date)"
echo "Detected $(wc -l out_of_date) out-of-date packages, creating issues"
for pkg in $out_of_date; do
name="$(echo $pkg | awk '{print $1}')"
downstream_version="$(echo $pkg | awk '{print $2}')"
upstream_version="$(echo $pkg | awk '{print $3}')"
repo="$(echo $pkg | awk '{print $4}')"
if does_it_exist $name $downstream_version $upstream_version $repo; then
echo "Issue for $repo/$name already exists"
continue
fi
id=$(is_it_old $name $downstream_version $upstream_version $repo)
if [ "$id" != "0" ] && [ -n "$id" ]; then
echo "Issue for $repo/$name needs updating"
update_title $name $downstream_version $upstream_version $repo $id
continue
fi
echo "Creating issue for $repo/$name"
create_issue $name $downstream_version $upstream_version $repo
done
fi
if [ -f not_in_anitya ]; then
query="Add missing $repo packages to anitya"
query="$(echo $query | sed 's| |%20|g')"
result="$(curl --silent -X 'GET' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN"
)"
if [ "$result" == "[]" ]; then
echo "Creating anitya issue"
result=$(curl --silent -X 'POST' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"title\": \"Add missing $repo packages to anitya\",
\"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\",
\"labels\": [
$LABEL_NUMBER
]
}")
else
echo "Updating anitya issue"
result_id="$(echo $result | jq -r '.[].number' )"
result=$(curl --silent -X 'PATCH' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$result_id" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\"
}"
)
fi
fi

View file

@ -1,27 +0,0 @@
on:
workflow_dispatch:
schedule:
- cron: '0 5 * * *'
jobs:
check-community:
name: Check community repo
runs-on: x86_64
container:
image: alpine:latest
env:
downstream: https://dl-cdn.alpinelinux.org/alpine/edge/community
FORGEJO_TOKEN: ${{ secrets.forgejo_token }}
LABEL_NUMBER: 4
steps:
- name: Environment setup
run: apk add grep coreutils gawk curl wget bash nodejs git jq sed
- name: Get scripts
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Check out-of-date packages
run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh
- name: Create issues
run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh

View file

@ -1,27 +0,0 @@
on:
workflow_dispatch:
schedule:
- cron: '0 5 * * *'
jobs:
check-community:
name: Check testing repo
runs-on: x86_64
container:
image: alpine:latest
env:
downstream: https://dl-cdn.alpinelinux.org/alpine/edge/testing
FORGEJO_TOKEN: ${{ secrets.forgejo_token }}
LABEL_NUMBER: 4
steps:
- name: Environment setup
run: apk add grep coreutils gawk curl wget bash nodejs git jq sed
- name: Get scripts
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Check out-of-date packages
run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh
- name: Create issues
run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh

View file

@ -1,27 +0,0 @@
on:
workflow_dispatch:
schedule:
- cron: '0 5 * * *'
jobs:
check-user:
name: Check user repo
runs-on: x86_64
container:
image: alpine:latest
env:
downstream: https://ayakael.net/api/packages/forge/alpine/edge/user
FORGEJO_TOKEN: ${{ secrets.forgejo_token }}
LABEL_NUMBER: 4
steps:
- name: Environment setup
run: apk add grep coreutils gawk curl wget bash nodejs git jq sed
- name: Get scripts
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Check out-of-date packages
run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh
- name: Create issues
run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh

View file

@ -18,14 +18,14 @@ Affixed to each repository description is the appropriate link for use in
#### Backports
```
https://ayakael.net/api/packages/forge/alpine/edge/backports
https://ayakael.net/api/packages/forge/alpine/v3.20/backports
```
Aports from the official Alpine repositories backported from edge.
#### User
```
https://ayakael.net/api/packages/forge/alpine/edge/user
https://ayakael.net/api/packages/forge/alpine/v3.20/backports
```
Aports that have yet to be (or may never be) upstreamed to the official
@ -37,7 +37,7 @@ Add security key of the apk repository to your /etc/apk/keys:
```shell
cd /etc/apk/keys
curl -JO https://ayakael.net/api/packages/forge/alpine/key
wget https://ayakael.net/pkgs/apk/raw/branch/v3.20/antoine.martin@protonmail.com-5b3109ad.rsa.pub
```
Add repositories that you want to use (see above) to `/etc/apk/repositories`.

View file

@ -1,2 +0,0 @@
#!/bin/sh
/usr/bin/electron "/usr/lib/caprine"

View file

@ -0,0 +1,47 @@
# Contributor: Patrycja Rosa <alpine@ptrcnull.me>
# Maintainer: Patrycja Rosa <alpine@ptrcnull.me>
pkgname=forgejo-runner
pkgver=3.5.0
pkgrel=2
pkgdesc="CI/CD job runner for Forgejo"
url="https://code.forgejo.org/forgejo/runner"
arch="all"
license="MIT"
makedepends="go"
install="$pkgname.pre-install $pkgname.pre-upgrade"
subpackages="$pkgname-openrc"
source="$pkgname-$pkgver.tar.gz::https://code.forgejo.org/forgejo/runner/archive/v$pkgver.tar.gz
forgejo-runner.logrotate
forgejo-runner.initd
forgejo-runner.confd
"
builddir="$srcdir/runner"
options="!check" # tests require running forgejo
build() {
go build \
-o forgejo-runner \
-ldflags "-X gitea.com/gitea/act_runner/internal/pkg/ver.version=$pkgver"
./forgejo-runner generate-config > config.example.yaml
}
check() {
go test ./...
}
package() {
install -Dm755 forgejo-runner -t "$pkgdir"/usr/bin/
install -Dm644 config.example.yaml -t "$pkgdir"/etc/forgejo-runner/
install -Dm755 "$srcdir"/forgejo-runner.initd "$pkgdir"/etc/init.d/forgejo-runner
install -Dm644 "$srcdir"/forgejo-runner.confd "$pkgdir"/etc/conf.d/forgejo-runner
install -Dm644 "$srcdir"/forgejo-runner.logrotate "$pkgdir"/etc/logrotate.d/forgejo-runner
}
sha512sums="
e78968a5f9b6e797fb759a5c8cbf46a5c2fef2083dabc88599c9017729faface963576c63a948b0add424cb267902e864fb1a1b619202660296976d93e670713 forgejo-runner-3.5.0.tar.gz
a3c7238b0c63053325d31e09277edd88690ef5260854517f82d9042d6173fb5d24ebfe36e1d7363673dd8801972638a6e69b6af8ad43debb6057515c73655236 forgejo-runner.logrotate
bb0c6fbe90109c77f9ef9cb0d35d20b8033be0e4b7a60839b596aa5528dfa24309ec894d8c04066bf8fb30143e63a5fd8cc6fc89aac364422b583e0f840e2da6 forgejo-runner.initd
e11eab27f88f1181112389befa7de3aa0bac7c26841861918707ede53335535425c805e6682e25704e9c8a6aecba3dc13e20900a99df1183762b012b62f26d5f forgejo-runner.confd
"

View file

@ -0,0 +1,17 @@
# Configuration for /etc/init.d/forgejo-runner
# Path to the config file (--config).
#cfgfile="/etc/forgejo-runner/config.yaml"
# Path to the working directory (--working-directory).
#datadir="/var/lib/forgejo-runner"
# Path to the log file where stdout/stderr will be redirected.
# Leave empty/commented out to use syslog instead.
#output_log="/var/log/forgejo-runner.log"
# You may change this to root, e.g. to run jobs in LXC
#command_user="forgejo-runner"
# Comment out to run without process supervisor.
supervisor=supervise-daemon

View file

@ -0,0 +1,38 @@
#!/sbin/openrc-run
description="Forgejo CI Runner"
name="Forgejo Runner"
: ${cfgfile:="/etc/forgejo-runner/config.yaml"}
: ${datadir:="/var/lib/forgejo-runner"}
: ${command_user:="forgejo-runner"}
command="/usr/bin/forgejo-runner"
command_args="daemon --config $cfgfile"
command_background="yes"
directory="$datadir"
pidfile="/run/$RC_SVCNAME.pid"
depend() {
need net
use dns logger
}
start_pre() {
checkpath -d -o "$command_user" /etc/forgejo-runner
checkpath -d -o "$command_user" "$datadir"
if ! [ -e "$cfgfile" ]; then
eerror "Config file $cfgfile doesn't exist."
eerror "You can generate it with: forgejo-runner generate-config,"
eerror "or use the auto-generated one in /etc/forgejo-runner/config.example.yaml"
return 1
fi
if [ "$error_log" ]; then
output_log="$error_log"
else
output_logger="logger -t '${RC_SVCNAME}' -p daemon.info"
error_logger="logger -t '${RC_SVCNAME}' -p daemon.error"
fi
}

View file

@ -0,0 +1,5 @@
/var/log/forgejo-runner.log {
copytruncate
missingok
notifempty
}

View file

@ -0,0 +1,14 @@
#!/bin/sh
addgroup -S forgejo-runner 2>/dev/null
adduser -S -D -H -h /var/lib/forgejo-runner -s /sbin/nologin -G forgejo-runner -g forgejo-runner forgejo-runner 2>/dev/null
cat >&2 <<EOF
* In order to setup the runner, create a config file
* in /etc/forgejo-runner/config.yaml (either from .example.yaml,
* or generating your own with 'forgejo-runner generate-config'),
* then register it with 'doas -u forgejo-runner forgejo-runner register'
* ran in the /var/lib/forgejo-runner directory.
EOF
exit 0

View file

@ -0,0 +1 @@
forgejo-runner.pre-install

View file

@ -0,0 +1,38 @@
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Maintainer: Will Sinatra <wpsinatra@gmail.com>
pkgname=py3-django-debug-toolbar
_pkgname=django-debug-toolbar
pkgver=4.3
pkgrel=1
pkgdesc="Configurable set of panels that display various debug information about the current request/response"
options="!check" # Requires unpackaged Selenium python3 module
url="https://github.com/jazzband/django-debug-toolbar"
arch="noarch"
license="BSD-3-Clause"
depends="py3-django py3-sqlparse"
makedepends="
py3-gpep517
py3-hatchling
"
# options="!check" #no testsuite
subpackages="$pkgname-pyc"
source="$pkgname-$pkgver.tar.gz::https://github.com/jazzband/$_pkgname/archive/$pkgver.tar.gz"
builddir="$srcdir"/$_pkgname-$pkgver
replaces="py-django-debug-toolbar" # Backwards compatibility
provides="py-django-debug-toolbar=$pkgver-r$pkgrel" # Backwards compatibility
build() {
gpep517 build-wheel \
--wheel-dir .dist \
--output-fd 3 3>&1 >&2
}
package() {
python3 -m installer -d "$pkgdir" \
.dist/*.whl
}
sha512sums="
caa8563d38e8c96305828b7a07006ce2ee0afae099d70d75d332f2196fc3ffcf7f3848440ea22c00f2b918029477672a172e30714f6f73a630404175aef3b925 py3-django-debug-toolbar-4.3.tar.gz
"

View file

@ -2,14 +2,13 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=signal-desktop
pkgver=7.29.0
pkgver=7.31.0
pkgrel=0
pkgdesc="A messaging app for simple private communication with friends"
url="https://github.com/signalapp/Signal-Desktop/"
# same as electron
arch="aarch64 x86_64"
license="AGPL-3.0-only"
_llvmver=18
depends="
electron
font-barlow
@ -25,7 +24,7 @@ makedepends="
cargo
cargo-auditable
cbindgen
clang$_llvmver-dev
clang-dev
cmake
crc32c-dev
dav1d-dev
@ -45,8 +44,8 @@ makedepends="
libvpx-dev
libwebp-dev
libxml2-dev
lld$_llvmver
llvm$_llvmver-dev
lld
llvm-dev
mesa-dev
nodejs
npm
@ -475,7 +474,7 @@ package() {
}
sha512sums="
b97155dc2ca70436d6fdf15fff059f905f065738a288679aeee2199d43824206f4c7e4bae0c228b55b4cc76b7e00875b738ee4f7dea3c2a5414acec3e208aa1e Signal-Desktop-7.29.0.tar.gz
ed9acf4f9effbd4bb6cf66d7057ce9faf63ec456d0874620424067a7c1f1832ccc865993f2644dd72384d8d051c01933da8f15aa5eefc7ddf995aeeef183a899 Signal-Desktop-7.31.0.tar.gz
6fb62213d8177ac5abe83ea71a18ea4b1c7b323983c41087166658fe9c47c1fd39e5323ca6acefe3db2a9a9376b6f385b5f2c006154da3ab705741d848b28943 libsignal-0.58.0.tar.gz
6777354b60650c6c3d359714f3aff92a315996f3725ba05c74ed054d3c4ba5506406b30c940853b5ba426ac0271cdb4dd930a759c570f486a70e1f5adc5a2aae ringrtc-2.48.3.tar.gz
fe04fcf13f55b124f03ce9d516b1c53fc4f20c6a016819c62eeaa0500eda92c5a0c0d7dc5d1e360a27691dfd404c254e91bed9fb25d0fc40a27795c1b674a82e webrtc-6613c.tar.zst

258
user/authentik/APKBUILD Normal file
View file

@ -0,0 +1,258 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=authentik
pkgver=2024.4.3
pkgrel=1
pkgdesc="An open-source Identity Provider focused on flexibility and versatility"
url="https://github.com/goauthentik/authentik"
# s390x: missing py3-celery py3-flower and py3-kombu
# armhf/armv7/x86: out of memory error when building goauthentik
# ppc64le: not supported by Rollup build
arch="aarch64 x86_64"
license="MIT"
depends="
libcap-setcap
nginx
postgresql
procps
pwgen
py3-aiohttp
py3-aiosignal
py3-amqp
py3-anyio
py3-asgiref
py3-asn1
py3-asn1crypto
py3-async-timeout
py3-attrs
py3-autobahn
py3-automat
py3-bcrypt
py3-billiard
py3-cachetools
py3-cbor2
py3-celery
py3-certifi
py3-cffi
py3-channels
py3-channels_redis
py3-charset-normalizer
py3-click
py3-click-didyoumean
py3-click-plugins
py3-click-repl
py3-codespell
py3-colorama
py3-constantly
py3-cparser
py3-cryptography
py3-dacite
py3-daphne
py3-dateutil
py3-deepmerge
py3-defusedxml
py3-deprecated
py3-dnspython
py3-django
py3-django-filter
py3-django-guardian
py3-django-model-utils
py3-django-otp
py3-django-prometheus
py3-django-redis
py3-django-rest-framework~=3.14.0
py3-django-rest-framework-guardian
py3-django-storages
py3-django-tenants
py3-docker-py
py3-dotenv
py3-dumb-init
py3-duo_client
py3-drf-spectacular
py3-email-validator
py3-facebook-sdk
py3-fido2
py3-flower
py3-frozenlist
py3-geoip2
py3-google-auth
py3-gunicorn
py3-h11
py3-httptools
py3-humanize
py3-hyperlink
py3-idna
py3-incremental
py3-inflection
py3-jsonschema
py3-jsonpatch
py3-jwt
py3-kombu
py3-kubernetes
py3-ldap3
py3-lxml
py3-maxminddb
py3-msgpack
py3-multidict
py3-oauthlib
py3-opencontainers
py3-openssl
py3-packaging
py3-paramiko
py3-parsing
py3-prometheus-client
py3-prompt_toolkit
py3-psycopg
py3-psycopg-c
py3-pydantic-scim
py3-pynacl
py3-pyrsistent
py3-python-jwt
py3-redis
py3-requests
py3-requests-oauthlib
py3-rsa
py3-scim2-filter-parser
py3-setproctitle
py3-sentry-sdk
py3-service_identity
py3-setuptools
py3-six
py3-sniffio
py3-sqlparse
py3-structlog
py3-swagger-spec-validator
py3-tornado
py3-twilio
py3-twisted
py3-txaio
py3-tenant-schemas-celery
py3-typing-extensions
py3-tz
py3-ua-parser
py3-uritemplate
py3-urllib3-secure-extra
py3-uvloop
py3-vine
py3-watchdog
py3-watchfiles
py3-wcwidth
py3-webauthn
py3-websocket-client
py3-websockets
py3-wrapt
py3-wsproto
py3-xmlsec
py3-yaml
py3-yarl
py3-zope-interface
py3-zxcvbn
redis
uvicorn
"
makedepends="go npm"
# checkdepends scooped up by poetry due to number
checkdepends="poetry py3-coverage"
# tests disabled for now
options="!check"
install="$pkgname.post-install $pkgname.post-upgrade $pkgname.pre-install"
source="
$pkgname-$pkgver.tar.gz::https://github.com/goauthentik/authentik/archive/refs/tags/version/$pkgver.tar.gz
authentik.openrc
authentik-worker.openrc
authentik-ldap.openrc
authentik-ldap.conf
authentik-manage.sh
fix-ak-bash.patch
root-settings-csrf_trusted_origins.patch
"
builddir="$srcdir/"authentik-version-$pkgver
subpackages="$pkgname-openrc $pkgname-doc"
pkgusers="authentik"
pkggroups="authentik"
export GOPATH=$srcdir/go
export GOCACHE=$srcdir/go-build
export GOTMPDIR=$srcdir
build() {
msg "Building authentik-ldap"
go build -o ldap cmd/ldap/main.go
msg "Building authentik-proxy"
go build -o proxy cmd/proxy/main.go
msg "Building authentik-radius"
go build -o radius cmd/proxy/main.go
msg "Building authentik-server"
go build -o server cmd/server/*.go
msg "Building authentik-web"
cd web
npm ci --no-audit
npm run build
cd ..
msg "Building website"
cd website
npm ci --no-audit
npm run build
}
package() {
msg "Packaging $pkgname"
mkdir -p "$pkgdir"/usr/share/webapps/authentik/web
mkdir -p "$pkgdir"/usr/share/webapps/authentik/website
mkdir -p "$pkgdir"/var/lib/authentik
mkdir -p "$pkgdir"/usr/share/doc
mkdir -p "$pkgdir"/usr/bin
cp -dr "$builddir"/authentik "$pkgdir"/usr/share/webapps/authentik
cp -dr "$builddir"/web/dist "$pkgdir"/usr/share/webapps/authentik/web/dist
cp -dr "$builddir"/web/authentik "$pkgdir"/usr/share/webapps/authentik/web/authentik
cp -dr "$builddir"/website/build "$pkgdir"/usr/share/doc/authentik
cp -dr "$builddir"/tests "$pkgdir"/usr/share/webapps/authentik/tests
cp -dr "$builddir"/lifecycle "$pkgdir"/usr/share/webapps/authentik/lifecycle
cp -dr "$builddir"/locale "$pkgdir"/usr/share/webapps/authentik/locale
cp -dr "$builddir"/blueprints "$pkgdir"/var/lib/authentik/blueprints
install -Dm755 "$builddir"/manage.py "$pkgdir"/usr/share/webapps/authentik/manage.py
install -Dm755 "$builddir"/server "$pkgdir"/usr/share/webapps/authentik/server
ln -s "/etc/authentik/config.yml" "$pkgdir"/usr/share/webapps/authentik/local.env.yml
install -Dm755 "$builddir"/proxy "$pkgdir"/usr/bin/authentik-proxy
install -Dm755 "$builddir"/ldap "$pkgdir"/usr/bin/authentik-ldap
install -Dm755 "$builddir"/radius "$pkgdir"/usr/bin/authentik-radius
install -Dm755 "$srcdir"/$pkgname.openrc \
"$pkgdir"/etc/init.d/$pkgname
install -Dm755 "$srcdir"/$pkgname-worker.openrc \
"$pkgdir"/etc/init.d/$pkgname-worker
install -Dm755 "$srcdir"/$pkgname-ldap.openrc \
"$pkgdir"/etc/init.d/$pkgname-ldap
install -Dm640 "$srcdir"/$pkgname-ldap.conf \
"$pkgdir"/etc/conf.d/$pkgname-ldap
install -Dm640 "$builddir"/authentik/lib/default.yml \
"$pkgdir"/etc/authentik/config.yml
chown root:www-data "$pkgdir"/etc/authentik/config.yml
mv "$pkgdir"/usr/share/webapps/authentik/web/dist/custom.css "$pkgdir"/etc/authentik/custom.css
ln -s "/etc/authentik/custom.css" "$pkgdir"/usr/share/webapps/authentik/web/dist/custom.css
chown root:www-data "$pkgdir"/etc/authentik/custom.css
sed -i 's|cert_discovery_dir.*|cert_discovery_dir: /var/lib/authentik/certs|' "$pkgdir"/etc/authentik/config.yml
sed -i 's|blueprints_dir.*|blueprints_dir: /var/lib/authentik/blueprints|' "$pkgdir"/etc/authentik/config.yml
sed -i 's|template_dir.*|template_dir: /var/lib/authentik/templates|' "$pkgdir"/etc/authentik/config.yml
printf "\ncsrf:\n trusted_origins: ['auth.example.com']" >> "$pkgdir"/etc/authentik/config.yml
printf "\nsecret_key: '@@SECRET_KEY@@'" >> "$pkgdir"/etc/authentik/config.yml
# Install wrapper script to /usr/bin.
install -m755 -D "$srcdir"/authentik-manage.sh "$pkgdir"/usr/bin/authentik-manage
}
sha512sums="
121ed925d81a5cb2a14fed8ec8b324352e40b1fcbba83573bfdc1d1f66a91d9670cd64d7ef752c8a2df6c34fc3e19e8aec5c6752d33e87b487a462a590212ab0 authentik-2024.4.3.tar.gz
4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1 authentik.openrc
6cb03b9b69df39bb4539fe05c966536314d766b2e9307a92d87070ba5f5b7e7ab70f1b5ee1ab3c0c50c23454f9c5a4caec29e63fdf411bbb7a124ad687569b89 authentik-worker.openrc
351e6920d987861f8bf0d7ab2f942db716a8dbdad1f690ac662a6ef29ac0fd46cf817cf557de08f1c024703503d36bc8b46f0d9eb1ecaeb399dce4c3bb527d17 authentik-ldap.openrc
89ee5f0ffdade1c153f3a56ff75b25a7104aa81d8c7a97802a8f4b0eab34850cee39f874dabe0f3c6da3f71d6a0f938f5e8904169e8cdd34d407c8984adee6b0 authentik-ldap.conf
f1a3cb215b6210fa7d857a452a9f2bc4dc0520e49b9fa7027547cff093d740a7e2548f1bf1f8831f7d5ccb80c8e523ee0c8bafcc4dc42d2788725f2137d21bee authentik-manage.sh
3e47db684a3f353dcecdb7bab8836b9d5198766735d77f676a51d952141a0cf9903fcb92e6306c48d2522d7a1f3028b37247fdc1dc74d4d6e043da7eb4f36d49 fix-ak-bash.patch
5c60e54b6a7829d611af66f5cb8184a002b5ae927efbd024c054a7c176fcb9efcfbe5685279ffcf0390b0f0abb3bb03e02782c6867c2b38d1ad2d508aae83fa0 root-settings-csrf_trusted_origins.patch
"

View file

@ -0,0 +1,3 @@
AUTHENTIK_HOST=https://example.com
AUTHENTIK_TOKEN=your-authentik-token
AUTHENTIK_INSECURE=true

View file

@ -0,0 +1,24 @@
#!/sbin/openrc-run
name="$RC_SVCNAME"
cfgfile="/etc/conf.d/$RC_SVCNAME"
pidfile="/run/$RC_SVCNAME.pid"
working_directory="/usr/share/webapps/authentik"
command="/usr/bin/authentik-ldap"
command_user="authentik"
command_group="authentik"
start_stop_daemon_args=""
command_background="yes"
output_log="/var/log/authentik/$RC_SVCNAME.log"
error_log="/var/log/authentik/$RC_SVCNAME.err"
depend() {
need authentik
}
start_pre() {
cd "$working_directory"
checkpath --directory --owner $command_user:$command_group --mode 0775 \
/var/log/authentik
export AUTHENTIK_HOST AUTHENTIK_TOKEN AUTHENTIK_INSECURE AUTHENTIK_DEBUG
}

View file

@ -0,0 +1,11 @@
#!/bin/sh
BUNDLE_DIR='/usr/share/webapps/authentik'
cd $BUNDLE_DIR
if [ "$(id -un)" != 'authentik' ]; then
exec su authentik -c '"$0" "$@"' -- ./manage.py "$@"
else
exec ./manage.py "$@"
fi

View file

@ -0,0 +1,32 @@
#!/sbin/openrc-run
name="$RC_SVCNAME"
cfgfile="/etc/conf.d/$RC_SVCNAME.conf"
pidfile="/run/$RC_SVCNAME.pid"
working_directory="/usr/share/webapps/authentik"
command="/usr/bin/authentik-manage"
command_args="worker"
command_user="authentik"
command_group="authentik"
start_stop_daemon_args=""
command_background="yes"
output_log="/var/log/authentik/$RC_SVCNAME.log"
error_log="/var/log/authentik/$RC_SVCNAME.err"
depend() {
need redis
need postgresql
}
start_pre() {
cd "$working_directory"
checkpath --directory --owner $command_user:$command_group --mode 0775 \
/var/log/authentik \
/var/lib/authentik/certs \
/var/lib/authentik/blueprints
}
stop_pre() {
ebegin "Killing child processes"
kill $(ps -o pid= --ppid $(cat $pidfile)) || true
}

View file

@ -0,0 +1,30 @@
#!/sbin/openrc-run
name="$RC_SVCNAME"
cfgfile="/etc/conf.d/$RC_SVCNAME.conf"
pidfile="/run/$RC_SVCNAME.pid"
working_directory="/usr/share/webapps/authentik"
command="/usr/share/webapps/authentik/server"
command_user="authentik"
command_group="authentik"
start_stop_daemon_args=""
command_background="yes"
output_log="/var/log/authentik/$RC_SVCNAME.log"
error_log="/var/log/authentik/$RC_SVCNAME.err"
depend() {
need redis
need postgresql
}
start_pre() {
cd "$working_directory"
checkpath --directory --owner $command_user:$command_group --mode 0775 \
/var/log/authentik \
/var/lib/authentik/certs
}
stop_pre() {
ebegin "Killing child processes"
kill $(ps -o pid= --ppid $(cat $pidfile)) || true
}

View file

@ -0,0 +1,39 @@
#!/bin/sh
set -eu
group=authentik
config_file='/etc/authentik/config.yml'
setcap 'cap_net_bind_service=+ep' /usr/share/webapps/authentik/server
if [ $(grep '@@SECRET_KEY@@' "$config_file") ]; then
echo "* Generating random secret in $config_file" >&2
secret_key="$(pwgen -s 50 1)"
sed -i "s|@@SECRET_KEY@@|$secret_key|" "$config_file"
chown root:$group "$config_file"
fi
if [ "${0##*.}" = 'post-upgrade' ]; then
cat >&2 <<-EOF
*
* To finish Authentik upgrade run:
*
* authentik-manage migrate
*
EOF
else
cat >&2 <<-EOF
*
* 1. Adjust settings in /etc/authentik/config.yml.
*
* 2. Create database for Authentik:
*
* psql -c "CREATE ROLE authentik PASSWORD 'top-secret' INHERIT LOGIN;"
* psql -c "CREATE DATABASE authentik OWNER authentik ENCODING 'UTF-8';"
*
* 3. Run "authentik-manage migrate"
* 4. Setup admin user at https://<your server>/if/flow/initial-setup/
*
EOF
fi

View file

@ -0,0 +1 @@
authentik.post-install

View file

@ -0,0 +1,26 @@
#!/bin/sh
# It's very important to set user/group correctly.
authentik_dir='/var/lib/authentik'
if ! getent group authentik 1>/dev/null; then
echo '* Creating group authentik' 1>&2
addgroup -S authentik
fi
if ! id authentik 2>/dev/null 1>&2; then
echo '* Creating user authentik' 1>&2
adduser -DHS -G authentik -h "$authentik_dir" -s /bin/sh \
-g "added by apk for authentik" authentik
passwd -u authentik 1>/dev/null # unlock
fi
if ! id -Gn authentik | grep -Fq redis; then
echo '* Adding user authentik to group redis' 1>&2
addgroup authentik redis
fi
exit 0

View file

@ -0,0 +1,10 @@
diff --git a/lifecycle/ak.orig b/lifecycle/ak
index 615bfe9..1646274 100755
--- a/lifecycle/ak.orig
+++ b/lifecycle/ak
@@ -1,4 +1,4 @@
-#!/usr/bin/env -S bash -e
+#!/usr/bin/env bash
MODE_FILE="${TMPDIR}/authentik-mode"
function log {

View file

@ -0,0 +1,12 @@
diff --git a/authentik/root/settings.py b/authentik/root/settings.py
index 15e689b06..8b0c1d744 100644
--- a/authentik/root/settings.py
+++ b/authentik/root/settings.py
@@ -33,6 +33,7 @@ AUTH_USER_MODEL = "authentik_core.User"
CSRF_COOKIE_NAME = "authentik_csrf"
CSRF_HEADER_NAME = "HTTP_X_AUTHENTIK_CSRF"
+CSRF_TRUSTED_ORIGINS = CONFIG.get("csrf.trusted_origins")
LANGUAGE_COOKIE_NAME = "authentik_language"
SESSION_COOKIE_NAME = "authentik_session"
SESSION_COOKIE_DOMAIN = CONFIG.get("cookie_domain", None)

View file

@ -1,19 +1,20 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=caprine
pkgver=2.60.1
pkgrel=1
pkgver=2.59.1
pkgrel=0
pkgdesc="Elegant Facebook Messenger desktop app"
arch="x86_64 aarch64" # blocked by electron
arch="x86_64 aarch64" # bloced by electron
url="https://github.com/sindresorhus/caprine"
license="MIT"
depends="electron"
makedepends="npm findutils coreutils"
options="!check" # No test suite
options="!check"
source="
$pkgname-$pkgver.tar.gz::https://github.com/sindresorhus/caprine/archive/refs/tags/v$pkgver.tar.gz
caprine.desktop
caprine.sh
caprine.js
"
build() {
@ -26,7 +27,7 @@ build() {
}
package() {
local appdir=/usr/lib/caprine
local appdir=/usr/lib/$pkgname
install -d "$pkgdir"$appdir
cp -r ./* "$pkgdir"$appdir
@ -34,13 +35,13 @@ package() {
install -dm755 "$pkgdir/usr/share/pixmaps"
install -m644 build/icon.png "$pkgdir/usr/share/pixmaps/$pkgname.png"
install -Dm755 "$srcdir"/caprine.sh "$pkgdir"/usr/bin/caprine
install -Dm644 "$srcdir"/caprine.desktop \
"$pkgdir"/usr/share/applications/caprine.desktop
install -Dm755 "$srcdir"/$pkgname.js "$pkgdir"/usr/bin/$pkgname
install -Dm644 "$srcdir"/$pkgname.desktop \
"$pkgdir"/usr/share/applications/$pkgname.desktop
install -dm755 "$pkgdir"/usr/share/licenses/caprine
ln -s "$(realpath -m --relative-to=/usr/share/licenses/caprine $appdir/license)" \
"$pkgdir"/usr/share/licenses/caprine
install -dm755 "$pkgdir"/usr/share/licenses/$pkgname
ln -s "$(realpath -m --relative-to=/usr/share/licenses/$pkgname $appdir/license)" \
"$pkgdir"/usr/share/licenses/$pkgname
# Clean up
rm -r "$pkgdir"$appdir/build
@ -48,7 +49,7 @@ package() {
rm -r "$pkgdir"$appdir/tsconfig.json
find "$pkgdir"$appdir \
-name "package.json" \
-exec sed -e "s|$srcdir/caprine|$appdir|" \
-exec sed -e "s|$srcdir/$pkgname|$appdir|" \
-i {} \; \
-or -name ".*" -prune -exec rm -r '{}' \; \
-or -name "bin" -prune -exec rm -r '{}' \; \
@ -59,7 +60,7 @@ package() {
-or -name "test" -prune -exec rm -r '{}' \;
}
sha512sums="
0df7f233c91f5a044dcffde94b976c6ad71e6d355518615c48cd825a249c01d63f455de31ece69193a66ca0fd8157506f9b88088da1bd47fc75e9d3800784ed0 caprine-2.60.1.tar.gz
a525bafb6a53dd2dbdfc4b9b3e96d3939d93be950a3287f2a5ef6465d5a6b64ecda79b6d393023d067f939e1a6e85debc35f83bbb1f758011db9d94dd9ff8a72 caprine-2.59.1.tar.gz
a469e3bea24926119e51642b777ef794c5fa65421107903f967c36d81bbb1adb3d52469ce3a3301b2c890f1aa53ab989ded22a7c6e811fb8cf0a582dbd835e19 caprine.desktop
3ad8994c1a0417e73d622587769e527b4236a32c1a89442ff76413b75b4392d667c9e2908979b453e5926e54db6d94b31625340c5a94e84e91ea77f56feae778 caprine.sh
44280c62ce43bdafa8528729371fccb16b8a0e3db7aca28d5c157ae0144dca5fbb023b8883b561955aa28ab62e967f2674d8c6bcaff186e2cdd0e7ba8beab9ac caprine.js
"

29
user/caprine/caprine.js Normal file
View file

@ -0,0 +1,29 @@
#!/usr/bin/electron
const name = 'caprine';
const {app} = require('electron');
const fs = require('fs');
const path = require('path');
// Change command name.
const fd = fs.openSync('/proc/self/comm', fs.constants.O_WRONLY);
fs.writeSync(fd, name);
fs.closeSync(fd);
// Remove first command line argument (/usr/bin/electron).
process.argv.splice(0, 1);
// Set application paths.
const appPath = path.join(path.dirname(__dirname), 'lib', name);
const packageJson = require(path.join(appPath, 'package.json'));
const productName = packageJson.productName;
app.setAppPath(appPath);
app.setDesktopName(name + '.desktop');
app.setName(productName);
app.setPath('userCache', path.join(app.getPath('cache'), productName));
app.setPath('userData', path.join(app.getPath('appData'), productName));
app.setVersion(packageJson.version);
// Run the application.
require('module')._load(appPath, module, true);

View file

@ -0,0 +1,112 @@
# Contributor: Carlo Landmeter <clandmeter@alpinelinux.org>
# Contributor: 6543 <6543@obermui.de>
# Contributor: techknowlogick <techknowlogick@gitea.io>
# Contributor: Patrycja Rosa <alpine@ptrcnull.me>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=forgejo-aneksajo
pkgver=8.0.0
_gittag=v$pkgver-git-annex0
pkgrel=0
pkgdesc="Self-hosted Git service written in Go with git-annex support"
url="https://forgejo.org"
# riscv64: builds fail https://codeberg.org/forgejo/forgejo/issues/3025
arch="all !riscv64"
license="MIT"
depends="git git-lfs gnupg"
makedepends="go nodejs npm"
checkdepends="bash openssh openssh-keygen sqlite tzdata"
install="$pkgname.pre-install"
pkgusers="forgejo"
pkggroups="www-data"
subpackages="$pkgname-openrc"
source="$pkgname-$_gittag.tar.gz::https://codeberg.org/matrss/forgejo-aneksajo/archive/$_gittag.tar.gz
$pkgname.initd
$pkgname.ini
"
builddir="$srcdir/forgejo-aneksajo"
options="!check net chmod-clean" # broken with GIT_CEILING
# secfixes:
# 7.0.4-r0:
# - CVE-2024-24789
# 7.0.3-r0:
# - CVE-2024-24788
# 1.21.10.0-r0:
# - CVE-2023-45288
# 1.21.3.0-r0:
# - CVE-2023-48795
export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
export GOTMPDIR="${GOTMPDIR:-"$srcdir"}"
export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}"
# Skip tests for archs that fail unrelated in CI
case "$CARCH" in
s390x|x86|armhf|armv7) options="$options !check" ;;
esac
prepare() {
default_prepare
npm ci
}
build() {
# XXX: LARGEFILE64
export CGO_CFLAGS="$CFLAGS -O2 -D_LARGEFILE64_SOURCE"
export TAGS="bindata sqlite sqlite_unlock_notify"
export GITEA_VERSION="$pkgver"
export EXTRA_GOFLAGS="$GOFLAGS"
export CGO_LDFLAGS="$LDFLAGS"
unset LDFLAGS
## make FHS compliant
local setting="code.gitea.io/gitea/modules/setting"
export LDFLAGS="$LDFLAGS -X $setting.CustomConf=/etc/forgejo/app.ini"
export LDFLAGS="$LDFLAGS -X $setting.AppWorkPath=/var/lib/forgejo/"
make -j1 build
}
check() {
local home="$srcdir"/home
mkdir -p "$home"
install -d -m700 "$home"/.ssh
touch "$home"/.gitconfig
env GITEA_ROOT="$home" HOME="$home" GITEA_WORK_DIR="$(pwd)" timeout -s ABRT 20m make -j1 test-sqlite
## "make test" - modified (exclude broken tests)
## 'code.gitea.io/gitea/modules/migrations': github hase rate limits! 403 API
local tests=$(go list ./... | grep -v /vendor/ |
grep -v 'code.gitea.io/gitea/modules/migrations' |
grep -v 'code.gitea.io/gitea/modules/charset' |
grep -v 'code.gitea.io/gitea/models/migrations' |
grep -v 'code.gitea.io/gitea/services/migrations' |
grep -v 'code.gitea.io/gitea/integrations')
env GITEA_CONF="$PWD/tests/sqlite.ini" GITEA_ROOT="$home" HOME="$home" GO111MODULE=on go test -mod=vendor -tags='sqlite sqlite_unlock_notify' $tests
}
package() {
for dir in $pkgname $pkgname/git $pkgname/data $pkgname/db $pkgname/custom; do
install -dm750 -o forgejo -g www-data \
"$pkgdir"/var/lib/$dir
done
install -dm755 -o forgejo -g www-data "$pkgdir"/var/log/forgejo
# TODO: rename when upstream does
install -Dm755 -g www-data gitea "$pkgdir"/usr/bin/forgejo
install -Dm644 -o forgejo -g www-data "$srcdir"/forgejo-aneksajo.ini \
"$pkgdir"/etc/forgejo/app.ini
chown forgejo:www-data "$pkgdir"/etc/forgejo
install -Dm755 "$srcdir"/forgejo-aneksajo.initd \
"$pkgdir"/etc/init.d/forgejo
}
sha512sums="
6836da3996a4bc51c88d82afcffbcd30965111a41d2cdf91d9539b0f0a4832496ed071b52e6eedf2eeaec7623a32aec3a3fdd1dedefedf5c2323690bd1f60937 forgejo-aneksajo-v8.0.0-git-annex0.tar.gz
eb93a9f6c8f204de5c813f58727015f53f9feaab546589e016c60743131559f04fc1518f487b6d2a0e7fa8fab6d4a67cd0cd9713a7ccd9dec767a8c1ddebe129 forgejo-aneksajo.initd
b537b41b6b3a945274a6028800f39787b48c318425a37cf5d40ace0d1b305444fd07f17b4acafcd31a629bedd7d008b0bb3e30f82ffeb3d7e7e947bdbe0ff4f3 forgejo-aneksajo.ini
"

View file

@ -0,0 +1,26 @@
# Configuration cheat sheet: https://forgejo.org/docs/latest/admin/config-cheat-sheet/
RUN_USER = forgejo
RUN_MODE = prod
[repository]
ROOT = /var/lib/forgejo/git
SCRIPT_TYPE = sh
[server]
STATIC_ROOT_PATH = /usr/share/webapps/forgejo
APP_DATA_PATH = /var/lib/forgejo/data
LFS_START_SERVER = true
[database]
DB_TYPE = sqlite3
PATH = /var/lib/forgejo/db/forgejo.db
SSL_MODE = disable
[session]
PROVIDER = file
[log]
ROOT_PATH = /var/log/forgejo
MODE = file
LEVEL = Info

View file

@ -0,0 +1,15 @@
#!/sbin/openrc-run
supervisor=supervise-daemon
name=forgejo
command="/usr/bin/forgejo"
command_user="${FORGEJO_USER:-forgejo}:www-data"
command_args="web --config '${FORGEJO_CONF:-/etc/forgejo/app.ini}'"
supervise_daemon_args="--env FORGEJO_WORK_DIR='${FORGEJO_WORK_DIR:-/var/lib/forgejo}' --chdir '${FORGEJO_WORK_DIR:-/var/lib/forgejo}' --stdout '${FORGEJO_LOG_FILE:-/var/log/forgejo/http.log}' --stderr '${FORGEJO_LOG_FILE:-/var/log/forgejo/http.log}'"
pidfile="/run/forgejo.pid"
depend() {
use logger dns
need net
after firewall mysql postgresql
}

View file

@ -0,0 +1,7 @@
#!/bin/sh
addgroup -S -g 82 www-data 2>/dev/null
adduser -S -D -h /var/lib/forgejo -s /bin/sh -G www-data -g forgejo forgejo 2>/dev/null \
&& passwd -u forgejo 2>/dev/null
exit 0

82
user/freescout/APKBUILD Normal file
View file

@ -0,0 +1,82 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=freescout
pkgver=1.8.139
pkgrel=0
pkgdesc="Free self-hosted help desk & shared mailbox"
arch="noarch"
url="freescout.net"
license="AGPL-3.0"
_php=php83
_php_mods="-fpm -mbstring -xml -imap -zip -gd -curl -intl -tokenizer -pdo_pgsql -openssl -session -iconv -fileinfo -dom -pcntl"
depends="$_php ${_php_mods//-/$_php-} nginx postgresql pwgen"
makedepends="composer pcre"
install="$pkgname.post-install $pkgname.post-upgrade $pkgname.pre-install"
source="
$pkgname-$pkgver.tar.gz::https://github.com/freescout-helpdesk/freescout/archive/refs/tags/$pkgver.tar.gz
freescout.nginx
freescout-manage.sh
rename-client-to-membre-fr-en.patch
"
pkgusers="freescout"
pkggroups="freescout"
build() {
composer install --ignore-platform-reqs
}
package() {
local logdir="/var/log/$pkgname"
local datadir="/var/lib/$pkgname"
local wwwdir="/usr/share/webapps/$pkgname"
local confdir="/etc/$pkgname"
# Make directories
install -dm 755 \
"$pkgdir"/$wwwdir \
"$pkgdir"/$confdir \
"$pkgdir"/$logdir \
"$pkgdir"/$datadir
# Copy and ln operations
cp $builddir/* -R "$pkgdir"/$wwwdir/.
for i in storage/app storage/framework bootstrap/cache \
public/css/builds public/js/builds public/modules Modules; do
if [ -d "$pkgdir"$wwwdir/$i ]; then
if [ ! -d "$pkgdir"/$datadir/${i%/*} ]; then
mkdir -p "$pkgdir"/$datadir/${i%/*}
fi
mv "$pkgdir"$wwwdir/$i "$pkgdir"/$datadir/$i
else
mkdir -p "$pkgdir"/$datadir/$i
fi
ln -s $datadir/$i "$pkgdir"/$wwwdir/$i
done
ln -s /etc/freescout/freescout.conf "$pkgdir"/usr/share/webapps/freescout/.env
ln -s $wwwdir/storage/app/public "$pkgdir"/$wwwdir/public/storage
# log dir
rm -R "$pkgdir"/$wwwdir/storage/logs
ln -s "$logdir" "$pkgdir"/$wwwdir/storage/logs
# Permission settings
chown -R freescout:www-data "$pkgdir"/$datadir "$pkgdir"/$logdir
# config files
install -Dm644 "$srcdir"/freescout.nginx \
"$pkgdir"/etc/nginx/http.d/freescout.conf
install -Dm640 "$builddir"/.env.example \
"$pkgdir"/etc/freescout/freescout.conf
sed -i 's|APP_KEY.*|APP_KEY=@@SECRET_KEY@@|' "$pkgdir"/etc/freescout/freescout.conf
chown root:www-data "$pkgdir"/etc/freescout/freescout.conf
# Install wrapper script to /usr/bin.
install -m755 -D "$srcdir"/freescout-manage.sh "$pkgdir"/usr/bin/freescout-manage
}
sha512sums="
11d81fa670bd67a7db9f5bff3a067a1d1cf3c812a34c805a3fc83edc978ded3accc8334581eca1e73cf0ad95f8e289278add57de096528728e2989135b3057a3 freescout-1.8.139.tar.gz
e4af6c85dc12f694bef2a02e4664e31ed50b2c109914d7ffad5001c2bbd764ef25b17ecaa59ff55ef41bccf17169bf910d1a08888364bdedd0ecc54d310e661f freescout.nginx
7ce9b3ee3a979db44f5e6d7daa69431e04a5281f364ae7be23e5a0a0547f96abc858d2a8010346be2fb99bd2355fb529e7030ed20d54f310249e61ed5db4d0ba freescout-manage.sh
3416da98d71aea5a7093913ea34e783e21ff05dca90bdc5ff3d00c548db5889f6d0ec98441cd65ab9f590be5cd59fdd0d7f1c98b5deef7bb3adbc8db435ec9bf rename-client-to-membre-fr-en.patch
"

View file

@ -0,0 +1,11 @@
#!/bin/sh
BUNDLE_DIR='/usr/share/webapps/freescout'
cd $BUNDLE_DIR
if [ "$(id -un)" != 'freescout' ]; then
exec su freescout -c '"$0" "$@"' -- php artisan "$@"
else
exec php artisan "$@"
fi

View file

@ -0,0 +1,56 @@
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
root /usr/share/webapps/freescout/public;
index index.php index.html index.htm;
error_log /var/www/html/storage/logs/web-server.log;
# Max. attachment size.
# It must be also set in PHP.ini via "upload_max_filesize" and "post_max_size" directives.
client_max_body_size 20M;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Uncomment this location if you want to improve attachments downloading speed.
# Also make sure to set APP_DOWNLOAD_ATTACHMENTS_VIA=nginx in the .env file.
#location ^~ /storage/app/attachment/ {
# internal;
# alias /var/www/html/storage/app/attachment/;
#}
location ~* ^/storage/attachment/ {
expires 1M;
access_log off;
try_files $uri $uri/ /index.php?$query_string;
}
location ~* ^/(?:css|js)/.*\.(?:css|js)$ {
expires 2d;
access_log off;
add_header Cache-Control "public, must-revalidate";
}
# The list should be in sync with /storage/app/public/uploads/.htaccess and /config/app.php
location ~* ^/storage/.*\.((?!(jpg|jpeg|jfif|pjpeg|pjp|apng|bmp|gif|ico|cur|png|tif|tiff|webp|pdf|txt|diff|patch|json|mp3|wav|ogg|wma)).)*$ {
add_header Content-disposition "attachment; filename=$2";
default_type application/octet-stream;
}
location ~* ^/(?:css|fonts|img|installer|js|modules|[^\\\]+\..*)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
location ~ /\. {
deny all;
}
}

View file

@ -0,0 +1,48 @@
#!/bin/sh
set -eu
group=www-data
config_file='/etc/freescout/freescout.conf'
if [ $(grep '@@SECRET_KEY@@' "$config_file") ]; then
echo "* Generating random secret in $config_file" >&2
secret_key="$(freescout-manage key:generate --show)"
sed -i "s|@@SECRET_KEY@@|$secret_key|" "$config_file"
fi
if [ "${0##*.}" = 'post-upgrade' ]; then
cat >&2 <<-EOF
*
* To finish Freescout upgrade run:
*
* freescout-manage freescout:after-app-update
*
EOF
else
cat >&2 <<-EOF
*
* 1. Adjust settings in /etc/freescout/freescout.conf
*
* 2. Make sure cgi.fix_pathinfo=0 is set in /etc/php8x/php.ini is set
*
* 3. Create database for Freescout:
*
* psql -c "CREATE ROLE freescout PASSWORD 'top-secret' INHERIT LOGIN;"
* psql -c "CREATE DATABASE freescout OWNER freescout ENCODING 'UTF-8';"
*
* 4. Clear application cache and apply .env file changes:
*
* freescout-manage freescout:clear-cache
*
* 5. Create tables:
*
* freescout-manage migrate
*
* 6. Create admin user
*
* freescout-manage freescout:create-user
*
EOF
fi

View file

@ -0,0 +1 @@
freescout.post-install

View file

@ -0,0 +1,25 @@
#!/bin/sh
freescout_dir='/var/lib/freescout'
if ! getent group freescout 1>/dev/null; then
echo '* Creating group freescout' 1>&2
addgroup -S freescout
fi
if ! id freescout 2>/dev/null 1>&2; then
echo '* Creating user freescout' 1>&2
adduser -DHS -G freescout -h "$freescout_dir" -s /bin/sh \
-g "added by apk for freescout" freescout
passwd -u freescout 1>/dev/null # unlock
fi
if ! id -Gn freescout | grep -Fq www-data; then
echo '* Adding user freescout to group www-data' 1>&2
addgroup freescout www-data
fi
exit 0

View file

@ -0,0 +1,220 @@
diff --git a/resources/lang/en.json b/resources/lang/en.json
new file mode 100644
index 00000000..82d26052
--- /dev/null
+++ b/resources/lang/en.json
@@ -0,0 +1,32 @@
+{
+ ":person changed the customer to :customer": ":person changed the member to :customer",
+ ":person changed the customer to :customer in conversation #:conversation_number": ":person changed the member to :customer in conversation #:conversation_number",
+ "Auto reply to customer": "Auto reply to member",
+ "Change Customer": "Change Member",
+ "Change the customer to :customer_email?": "Change the member to :customer_email?",
+ "Create a new customer": "Create a new member",
+ "Customer": "Member",
+ "Customer Name": "Member Name",
+ "Customer Profile": "Member Profile",
+ "Customer changed": "Member changed",
+ "Customer saved successfully.": "Member saved successfully",
+ "Customer viewed :when": "Member viewed :when",
+ "Customers": "Members",
+ "Customers email this address for help (e.g. support@domain.com)": "Members email this address for help (e.g. support@domain.com)",
+ "Email :tag_email_begin:email:tag_email_end has been moved from another customer: :a_begin:customer:a_end.": "Email :tag_email_begin:email:tag_email_end has been moved from another member: :a_begin:customer:a_end.",
+ "Email to customer": "Email to member",
+ "Emails to Customers": "Emails to Members",
+ "Error sending email to customer": "Error sending email to member",
+ "Message not sent to customer": "Message not sent to member",
+ "Name that will appear in the <strong>From<\/strong> field when a customer views your email.": "Name that will appear in the <strong>From<\/strong> field when a member views your email.",
+ "No customers found": "No members found",
+ "No customers found. Would you like to create one?": "No members found. Would you like to create one?",
+ "Notify :person when a customer replies…": "Notify :person when a member replies…",
+ "Notify me when a customer replies…": "Notify me when a member replies…",
+ "Search for a customer by name or email": "Search for a member by name or email",
+ "Sending emails need to be configured for the mailbox in order to send emails to customers and support agents": "Sending emails need to be configured for the mailbox in order to send emails to members and support agents",
+ "This number is not visible to customers. It is only used to track conversations within :app_name": "This number is not visible to members. It is only used to track conversations within :app_name",
+ "This reply will go to the customer. :%switch_start%Switch to a note:switch_end if you are replying to :user_name.": "This reply will go to the member. :%switch_start%Switch to a note:switch_end if you are replying to :user_name.",
+ "This text will be added to the beginning of each email reply sent to a customer.": "This text will be added to the beginning of each email reply sent to a member.",
+ "When a customer emails this mailbox, application can send an auto reply to the customer immediately.<br\/><br\/>Only one auto reply is sent per new conversation.": "When a member emails this mailbox, application can send an auto reply to the member immediately.<br\/><br\/>Only one auto reply is sent per new conversation."
+}
\ No newline at end of file
diff --git a/resources/lang/fr.json.orig b/resources/lang/fr.json
index ff8d9d4..98d158f 100644
--- a/resources/lang/fr.json.orig
+++ b/resources/lang/fr.json
@@ -26,8 +26,8 @@
":person added a note to conversation #:conversation_number": ":person a ajouté une note à la conversation #:conversation_number",
":person assigned :assignee conversation #:conversation_number": ":person a assigné :assignee à la conversation #:conversation_number",
":person assigned to :assignee": ":person a assigné :assignee",
- ":person changed the customer to :customer": ":person a changé le client en :customer",
- ":person changed the customer to :customer in conversation #:conversation_number": ":person a changé le client en :customer dans la conversation #:conversation_number",
+ ":person changed the customer to :customer": ":person a changé le membre en :customer",
+ ":person changed the customer to :customer in conversation #:conversation_number": ":person a changé le membre en :customer dans la conversation #:conversation_number",
":person created a draft": ":person a créé un brouillon",
":person deleted": ":person supprimée",
":person edited :creator's draft": ":person a modifié brouillon de :creator",
@@ -112,7 +112,7 @@
"Auto Reply": "Réponse Automatique",
"Auto Reply status saved": "Statut de réponse automatique enregistré",
"Auto replies don't include your mailbox signature, so be sure to add your contact information if necessary.": "Les réponses automatiques n'incluent pas la signature de votre boîte aux lettres, assurez-vous d'ajouter vos coordonnées si nécessaire.",
- "Auto reply to customer": "Réponse automatique au client",
+ "Auto reply to customer": "Réponse automatique au membre",
"Back": "Retour",
"Back to folder": "Retour au dossier",
"Background Jobs": "Emplois d'arrière-plan",
@@ -123,10 +123,10 @@
"Cancel": "Annuler",
"Cc": "Cc",
"Change": "Modifier",
- "Change Customer": "Changer de client",
+ "Change Customer": "Changer de membre",
"Change address in mailbox settings": "Modifier l'adresse dans les paramètres de la boîte aux lettres",
"Change default redirect": "Modifier la redirection par défaut",
- "Change the customer to :customer_email?": "Changer le client en :customer_email ?",
+ "Change the customer to :customer_email?": "Changer le membre en :customer_email ?",
"Change your password": "Changer votre mot de passe",
"Chat": "Tchat",
"Check Connection": "Vérifier la connexion",
@@ -182,7 +182,7 @@
"Create a New User": "Créer un nouvel utilisateur",
"Create a Password": "Créer un mot de passe",
"Create a mailbox": "Créer une boîte de réception",
- "Create a new customer": "Créer un nouveau client",
+ "Create a new customer": "Créer un nouveau membre",
"Create symlink manually": "Créer un lien symbolique manuellement",
"Created At": "Créé à",
"Created by :person": "Créé par :person",
@@ -190,14 +190,14 @@
"Current Password": "Mot de passe actuel",
"Custom From Name": "Nom de l'expéditeur personnalisé",
"Custom Name": "Nom personnalisé",
- "Customer": "Client",
- "Customer Name": "Nom du client",
- "Customer Profile": "Profil client",
- "Customer changed": "Client changé",
- "Customer saved successfully.": "Client enregistré avec succès.",
- "Customer viewed :when": "Client vu :when",
- "Customers": "Clients",
- "Customers email this address for help (e.g. support@domain.com)": "Les clients utilisent cette adresse par e-mail pour obtenir de l'aide (par exemple, support@domain.com)",
+ "Customer": "Membre",
+ "Customer Name": "Nom du membre",
+ "Customer Profile": "Profil membre",
+ "Customer changed": "Membre changé",
+ "Customer saved successfully.": "Membre enregistré avec succès.",
+ "Customer viewed :when": "Membre vu :when",
+ "Customers": "Membres",
+ "Customers email this address for help (e.g. support@domain.com)": "Les membres utilisent cette adresse par e-mail pour obtenir de l'aide (par exemple, support@domain.com)",
"Daily": "Quotidien",
"Dashboard": "Tableau de bord",
"Date": "Date",
@@ -247,15 +247,15 @@
"Edit User": "Modifier l'utilisateur",
"Edited by :whom :when": "Édité par :whom :when",
"Email": "Email",
- "Email :tag_email_begin:email:tag_email_end has been moved from another customer: :a_begin:customer:a_end.": "Email :tag_email_begin:email:tag_email_end a été déplacé depuis un autre client : :a_begin:customer:a_end.",
+ "Email :tag_email_begin:email:tag_email_end has been moved from another customer: :a_begin:customer:a_end.": "Email :tag_email_begin:email:tag_email_end a été déplacé depuis un autre membre : :a_begin:customer:a_end.",
"Email Address": "Adresse e-mail",
"Email Alerts For Administrators": "Envoyez des alertes par e-mail aux administrateurs",
"Email Header": "En-tête de l'e-mail",
"Email Signature": "Signature e-mail",
"Email Template": "Modèle d'e-mail",
"Email passed for delivery. If you don't receive a test email, check your mail server logs.": "E-mail transmis pour livraison. Si vous ne recevez pas d'e-mail de test, consultez les journaux de votre serveur de messagerie.",
- "Email to customer": "Courriel au client",
- "Emails to Customers": "Emails aux clients",
+ "Email to customer": "Courriel au membre",
+ "Emails to Customers": "Emails aux membres",
"Empty Trash": "Vider la corbeille",
"Empty license key": "Clé de licence vide",
"Enable Auto Reply": "Activer la réponse automatique",
@@ -276,7 +276,7 @@
"Error occurred. Please try again later.": "Erreur est survenue. Veuillez réessayer plus tard.",
"Error occurred. Please try again or try another :%a_start%update method:%a_end%": "Erreur est survenue. Veuillez réessayer ou en essayer une autre :%a_start% méthode de mise à jour:%a_end%",
"Error sending alert": "Erreur lors de l'envoi de l'alerte",
- "Error sending email to customer": "Erreur lors de l'envoi d'un e-mail au client",
+ "Error sending email to customer": "Erreur lors de l'envoi d'un e-mail au membre",
"Error sending email to the user who replied to notification from wrong email": "Erreur lors de l'envoi d'un e-mail à l'utilisateur qui a répondu à la notification d'un mauvais e-mail",
"Error sending email to user": "Erreur lors de l'envoi d'un e-mail à l'utilisateur",
"Error sending invitation email to user": "Erreur lors de l'envoi d'un e-mail d'invitation à l'utilisateur",
@@ -419,7 +419,7 @@
"Message bounced (:link)": "Message renvoyé (:link)",
"Message cannot be empty": "Le message ne peut pas être vide",
"Message has been already sent. Please discard this draft.": "Le message a déjà été envoyé. Veuillez effacer ce brouillon.",
- "Message not sent to customer": "Message non envoyé au client",
+ "Message not sent to customer": "Message non envoyé au membre",
"Method": "Méthode",
"Migrate DB": "Migrer la base de données",
"Mine": "Mes conversations",
@@ -439,7 +439,7 @@
"My Apps": "Mes Applications",
"My open conversations": "Mes conversations ouvertes",
"Name": "Nom",
- "Name that will appear in the <strong>From<\/strong> field when a customer views your email.": "Nom qui apparaîtra dans le champ <strong>De<\/strong> lorsqu'un client consulte votre e-mail.",
+ "Name that will appear in the <strong>From<\/strong> field when a customer views your email.": "Nom qui apparaîtra dans le champ <strong>De<\/strong> lorsqu'un membre consulte votre e-mail.",
"New Conversation": "Nouvelle conversation",
"New Mailbox": "Nouvelle boîte de réception",
"New Password": "Nouveau mot de passe",
@@ -451,8 +451,8 @@
"Next active conversation": "Conversation active suivante",
"No": "Non",
"No activations left for this license key": "Il ne reste aucune activation pour cette clé de licence",
- "No customers found": "Aucun client trouvé",
- "No customers found. Would you like to create one?": "Aucun client trouvé. Souhaitez-vous en créer un?",
+ "No customers found": "Aucun membre trouvé",
+ "No customers found. Would you like to create one?": "Aucun membre trouvé. Souhaitez-vous en créer un?",
"No invite was found. Please contact your administrator to have a new invite email sent.": "Aucune invitation trouvée. Veuillez contacter votre administrateur pour qu'il envoie une nouvelle invitation par email.",
"Non-writable files found": "Fichiers non-inscriptibles trouvés",
"None": "Aucun",
@@ -471,10 +471,10 @@
"Notifications": "Notifications",
"Notifications saved successfully": "Notifications enregistrées",
"Notifications will start showing up here soon": "Les notifications commenceront bientôt à apparaître ici",
- "Notify :person when a customer replies…": "Avertir :person lorsqu'un client répond…",
+ "Notify :person when a customer replies…": "Avertir :person lorsqu'un membre répond…",
"Notify :person when another :app_name user replies or adds a note…": "Notifier :person quand un autre utilisateur :app_name répond ou ajoute une note…",
"Notify :person when…": "Avertir :person lorsque…",
- "Notify me when a customer replies…": "M'avertir lorsqu'un client répond…",
+ "Notify me when a customer replies…": "M'avertir lorsqu'un membre répond…",
"Notify me when another :app_name user replies or adds a note…": "M'avertir lorsqu'un autre utilisateur :app_name répond ou ajoute une note…",
"Notify me when…": "Prévenez-moi quand…",
"Number": "Numéro",
@@ -587,7 +587,7 @@
"Search": "Recherche",
"Search Conversation by Number": "Rechercher une conversation par identifiant",
"Search Users": "Rechercher des utilisateurs",
- "Search for a customer by name or email": "Rechercher un client par nom ou par e-mail",
+ "Search for a customer by name or email": "Rechercher un membre par nom ou par e-mail",
"See logs": "Voir les journaux",
"Select Mailbox": "Sélectionnez une boîte aux lettres",
"Selected Users have access to this mailbox:": "Les utilisateurs sélectionnés ont accès à cette boîte aux lettres:",
@@ -613,7 +613,7 @@
"Sending": "Envoi en cours",
"Sending Emails": "Sending Emails",
"Sending can not be undone": "L'envoie ne peut être annulé",
- "Sending emails need to be configured for the mailbox in order to send emails to customers and support agents": "L'envoi d'e-mails doit être configuré pour la boîte aux lettres afin d'envoyer des e-mails aux clients et aux agents de support",
+ "Sending emails need to be configured for the mailbox in order to send emails to customers and support agents": "L'envoi d'e-mails doit être configuré pour la boîte aux lettres afin d'envoyer des e-mails aux membre et aux agents de support",
"Sendmail": "Exécutable Sendmail",
"Separate each email with a comma.": "Séparez chaque e-mail par une virgule",
"Server": "Serveur",
@@ -670,11 +670,11 @@
"This is a test mail sent by :app_name. It means that outgoing email settings of your :mailbox mailbox are fine.": "Il s'agit d'un mail de test envoyé par :app_name. Cela signifie que les paramètres de courrier électronique sortant de votre boîte aux lettres :mailbox sont corrects.",
"This is a test system mail sent by :app_name. It means that mail settings are fine.": "Il s'agit d'un e-mail du système de test envoyé par :app_name. Cela signifie que les paramètres de messagerie sont corrects.",
"This may take several minutes": "Cela peut prendre plusieurs minutes",
- "This number is not visible to customers. It is only used to track conversations within :app_name": "Ce numéro n'est pas visible pour les clients. Il est uniquement utilisé pour suivre les conversations dans :app_name",
+ "This number is not visible to customers. It is only used to track conversations within :app_name": "Ce numéro n'est pas visible pour les membres. Il est uniquement utilisé pour suivre les conversations dans :app_name",
"This password is incorrect.": "Ce mot de passe est incorrect.",
- "This reply will go to the customer. :%switch_start%Switch to a note:switch_end if you are replying to :user_name.": "Cette réponse ira au client. :%switch_start%Passez à une note:switch_end si vous répondez à :user_name.",
+ "This reply will go to the customer. :%switch_start%Switch to a note:switch_end if you are replying to :user_name.": "Cette réponse ira au membre. :%switch_start%Passez à une note:switch_end si vous répondez à :user_name.",
"This setting gives you control over what page loads after you perform an action (send a reply, add a note, change conversation status or assignee).": "Ce paramètre vous permet de contrôler la page qui se charge après avoir effectué une action (envoyer une réponse, ajouter une note, etc.).",
- "This text will be added to the beginning of each email reply sent to a customer.": "Ce texte sera ajouté au début de chaque réponse par e-mail envoyée à un client.",
+ "This text will be added to the beginning of each email reply sent to a customer.": "Ce texte sera ajouté au début de chaque réponse par e-mail envoyée à un membre.",
"Thread is not in a draft state": "Le fil n'est pas à l'état de brouillon",
"Thread not found": "Fil non trouvé",
"Time Format": "Format de l'heure",
@@ -751,7 +751,7 @@
"Welcome to :company_name!": "Bienvenue chez :company_name !",
"Welcome to :company_name, :first_name!": "Bienvenue chez :company_name, :first_name!",
"Welcome to the team!": "Bienvenue dans l'équipe !",
- "When a customer emails this mailbox, application can send an auto reply to the customer immediately.<br\/><br\/>Only one auto reply is sent per new conversation.": "Lorsqu'un client envoie un e-mail à cette boîte aux lettres, l'application peut envoyer immédiatement une réponse automatique au client. <br\/> <br\/> Une seule réponse automatique est envoyée par nouvelle conversation.",
+ "When a customer emails this mailbox, application can send an auto reply to the customer immediately.<br\/><br\/>Only one auto reply is sent per new conversation.": "Lorsqu'un membre envoie un e-mail à cette boîte aux lettres, l'application peut envoyer immédiatement une réponse automatique au membre. <br\/> <br\/> Une seule réponse automatique est envoyée par nouvelle conversation.",
"Which mailboxes will user use?": "Quelles boîtes aux lettres l'utilisateur utilisera-t-il?",
"Who Else Will Use This Mailbox": "Qui d'autre utilisera cette boîte aux lettres",
"Work": "Professionnel",

86
user/gitaly/APKBUILD Normal file
View file

@ -0,0 +1,86 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
pkgname=gitaly
pkgver=17.0.4
pkgrel=0
pkgdesc="A Git RPC service for handling all the git calls made by GitLab"
url="https://gitlab.com/gitlab-org/gitaly/"
arch="all"
# GPL-2.0-only WITH GCC-exception-2.0: bundled libgit2
license="MIT AND GPL-2.0-only WITH GCC-exception-2.0"
depends="
git>=2.42
"
makedepends="
bash
cmake
go
icu-dev
libssh2-dev
libxml2-dev
libxslt-dev
"
subpackages="
$pkgname-backup
$pkgname-blackbox
$pkgname-praefect
$pkgname-openrc
"
source="https://gitlab.com/gitlab-org/gitaly/-/archive/v$pkgver/gitaly-v$pkgver.tar.gz
config.patch
$pkgname.initd
"
builddir="$srcdir/$pkgname-v$pkgver"
options="!check"
build() {
make V=1 BUILD_TAGS="tracer_static tracer_static_jaeger"
}
package() {
## Go part
make install DESTDIR="$pkgdir" PREFIX=/usr
# Not very useful for us.
rm "$pkgdir"/usr/bin/gitaly-debug
rm "$pkgdir"/usr/bin/gitaly-wrapper
install -m644 -D config.toml.example "$pkgdir"/etc/gitlab/gitaly.toml
install -m644 -D config.praefect.toml.example "$pkgdir"/etc/gitlab/praefect.toml
install -m644 -D cmd/gitaly-blackbox/config.toml.example "$pkgdir"/etc/gitlab/gitaly-blackbox.toml
install -m755 -D "$srcdir"/gitaly.initd "$pkgdir"/etc/init.d/gitlab.gitaly
}
backup() {
pkgdesc="Utility used by the backup Rake task to create/restore repository backups from Gitaly"
depends=""
amove usr/bin/gitaly-backup
}
# TODO: Add init script.
blackbox() {
pkgdesc="Prometheus exporter that measures GitLab server performance by performing a Git HTTP clone"
depends=""
amove etc/gitlab/gitaly-blackbox.toml
amove usr/bin/gitaly-blackbox
}
# TODO: Add init script.
praefect() {
pkgdesc="A reverse-proxy for Gitaly to manage a cluster of Gitaly nodes for HA"
depends=""
amove etc/gitlab/praefect.toml
amove usr/bin/praefect
}
sha512sums="
2d06498c519c20804dd592cac3214cf8124ece1dda0d15342f8ccc6d9c9d2715dad24f9940e4d87b824320483c9882004bcef3747a8de347c1d48ec983a9f5cb gitaly-v17.0.4.tar.gz
7685330e637c3a34db941c9e6b8776d0611ec16297e8be998a3eb4716c455d9f015d433a4d27720c24e520d489dd56bdab7c0e4264f2852b4b0bfd6ecaa7f773 config.patch
c32105d921be16eaf559cf21d6840bc346cd92b5e37974cedecdb5a2d2ca1eb5e8fbb144f5fc8a1289bf9415102b313cf2d61ee510c80f08ab33a799f5ac7122 gitaly.initd
"

91
user/gitaly/config.patch Normal file
View file

@ -0,0 +1,91 @@
diff --git a/config.toml.example.orig b/config.toml.example
index 82b8502..9982087 100644
--- a/config.toml.example.orig
+++ b/config.toml.example
@@ -2,19 +2,24 @@
# For Gitaly documentation, see https://docs.gitlab.com/ee/administration/gitaly/.
# A path which Gitaly should open a Unix socket.
-socket_path = "/home/git/gitlab/tmp/sockets/private/gitaly.socket"
+socket_path = "/run/gitlab/gitaly.socket"
# Directory containing Gitaly executables.
-bin_dir = "/home/git/gitaly/_build/bin"
+bin_dir = "/usr/bin"
# # Optional. The directory where Gitaly can create all files required to
# # properly operate at runtime. If not set, Gitaly will create a directory in
# # the global temporary directory. This directory must exist.
-# runtime_dir = "/home/git/gitaly/run"
+runtime_dir = "/run/gitaly"
# # Optional if socket_path is set. TCP address for Gitaly to listen on. This is insecure (unencrypted connection).
# listen_addr = "localhost:9999"
+# # Optional: configure where the Gitaly creates the sockets for internal connections. If unset, Gitaly will create a randomly
+# # named temp directory each time it boots.
+# # Non Gitaly clients should never connect to these sockets.
+internal_socket_dir = "/run/gitaly/internal"
+
# # Optional. TCP over TLS address for Gitaly to listen on.
# tls_listen_addr = "localhost:8888"
@@ -35,9 +40,9 @@ bin_dir = "/home/git/gitaly/_build/bin"
# # Gitaly supports TLS encryption. You must bring your own certificates because this isnt provided automatically.
# [tls]
# # Path to the certificate.
-# certificate_path = '/home/git/cert.cert'
+# certificate_path = '/etc/gitlab/ssl/gitaly.crt'
# # Path to the key.
-# key_path = '/home/git/key.pem'
+# key_path = '/etc/gitlab/ssl/gitaly.key'
# # Git settings
# [git]
@@ -58,7 +63,7 @@ bin_dir = "/home/git/gitaly/_build/bin"
# # The name of the storage
name = "default"
# # The path to the storage.
-path = "/home/git/repositories"
+path = "/var/lib/gitlab/repositories"
# # You can optionally configure more storages for this Gitaly instance to serve up
#
@@ -70,12 +75,12 @@ path = "/home/git/repositories"
# # Optional. Configure Gitaly to output JSON-formatted log messages to stdout.
# [logging]
# # Directory where Gitaly stores extra log files.
-dir = "/home/git/gitlab/log"
+dir = "/vat/log/gitlab"
# # Log format. Either 'text' or 'json'.
-# format = "json"
+format = "text"
# # Optional. Set log level to only log entries with that severity or above.
# # Valid values are, in order, 'debug', 'info', 'warn', 'error', 'fatal', and 'panic'. Defaults to 'info'.
-# level = "warn"
+level = "warn"
# # Additionally, exceptions from the Go server can be reported to Sentry. Sentry DSN (Data Source Name)
# # for exception monitoring.
# sentry_dsn = "https://<key>:<secret>@sentry.io/<project>"
@@ -91,18 +96,18 @@ sentry_environment = ""
# # Custom Git hooks that are used to perform tasks based on changes performed in any repository.
[hooks]
# # Directory where custom Git hooks are installed. If left unset, no custom hooks are used.
-custom_hooks_dir = "/home/git/custom_hooks"
+custom_hooks_dir = "/etc/gitlab/custom_hooks"
# # Gitaly must connect to the GitLab application to perform access checks when a user performs a change.
[gitlab]
# # URL of the GitLab server.
-url = "http+unix://%2Fhome%2Fgit%2Fgitlab%2Ftmp%2Fsockets%2Fgitlab-workhorse.socket"
+url = "http+unix://%2Frun%2Fgitlab%2Fworkhorse.socket"
# # 'relative_url_root' is only needed if a UNIX socket is used in 'url' and GitLab is configured to
# # use a relative path. For example, '/gitlab'.
# relative_url_root = '/'
# # Path of the file containing the secret token used to authenticate with GitLab. Use either 'secret_token' or 'secret'
# # but not both.
-secret_file = "/home/git/gitlab-shell/.gitlab_shell_secret"
+secret_file = "/etc/gitlab/gitlab_shell_secret"
# # Secret token used to authenticate with GitLab.
# secret = ""

39
user/gitaly/gitaly.initd Normal file
View file

@ -0,0 +1,39 @@
#!/sbin/openrc-run
name="Gitaly"
description="A Git RPC service for handling all the git calls made by GitLab"
: ${gitaly_config:="/etc/gitlab/gitaly.toml"}
: ${gitaly_logfile:="/var/log/gitlab/gitaly.log"}
command="/usr/bin/gitaly"
command_args="$gitaly_config"
command_background="yes"
command_user="git"
output_log="$gitaly_logfile"
error_log="$gitaly_logfile"
pidfile="/run/gitaly.pid"
supervise_daemon_args="--env TZ=:/etc/localtime"
start_stop_daemon_args="$supervise_daemon_args"
rc_ulimit="-n 15000"
required_files="$gitaly_config"
depend() {
use net
}
start_pre() {
local socket_path=$(sed -En "s/^\s*socket_path\s*=\s*[\"']([^\"']+)[\"']/\1/p" "$gitaly_config")
local runtime_dir=$(sed -En "s/^\s*runtime_dir\s*=\s*[\"']([^\"']+)[\"']/\1/p" "$gitaly_config")
if [ "$socket_path" ]; then
checkpath -q -d -m 755 -o $command_user "${socket_path%/*}" || return 1
fi
if [ "$runtime_dir" ]; then
checkpath -q -d -m 750 -o $command_user "$runtime_dir" || return 1
fi
checkpath -f -m 640 -o $command_user "$gitaly_logfile"
}

375
user/gitlab-foss/APKBUILD Normal file
View file

@ -0,0 +1,375 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=gitlab-foss
_pkgname=${pkgname%-foss}
pkgver=17.0.4
_gittag=v$pkgver
pkgrel=0
pkgdesc="A version control for your server"
url="https://gitlab.com/gitlab-org/gitlab-foss"
arch="x86_64 aarch64"
license="MIT"
# ruby-irb is needed only for Rails console (gitlab-rails console)
depends="
$pkgname-assets=$pkgver-r$pkgrel
ca-certificates
cmd:dpkg-deb
exiftool
git>=2.42.0
gitaly~=17.0
gitlab-shell>=14.35
graphicsmagick
http-parser
procps
py-docutils
python3
redis>=2.8
ruby3.2
ruby3.2-bigdecimal
ruby3.2-bundler
ruby3.2-fiddle
ruby3.2-io-console
ruby3.2-irb
ruby3.2-json
ruby3.2-rake
ruby3.2-rdoc
ruby3.2-webrick
shared-mime-info
tzdata
"
makedepends="
cargo
clang-dev
cmd:chrpath
cmake
file-dev
go
gpgme-dev
icu-dev
libffi-dev
libgcrypt-dev
libpq-dev
libxml2-dev
libxslt-dev
linux-headers
llvm
nodejs
openssl-dev
protobuf-dev
re2-dev
ruby3.2-dev
rust
yarn>=1.2.0
"
pkgusers="git"
pkggroups="git www-data"
install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
subpackages="$pkgname-assets::noarch $pkgname-openrc"
source="https://gitlab.com/gitlab-org/gitlab-foss/-/archive/$_gittag/gitlab-foss-$_gittag.tar.gz
database-config.patch
$_pkgname.initd
$_pkgname.mailroom.initd
$_pkgname.rails.initd
$_pkgname.sidekiq.initd
$_pkgname.workhorse.initd
$_pkgname.confd
$_pkgname.logrotate
bin-wrapper.in
upgrade-sys-filesystem-depend.patch
"
builddir="$srcdir/gitlab-foss-$_gittag"
_prefix="usr/lib/bundles/$_pkgname"
export BUNDLE_DEPLOYMENT=true
export BUNDLE_FORCE_RUBY_PLATFORM=true
export BUNDLE_FROZEN=true
# Should be tied to $JOBS, but rust native code fails to build
export BUNDLE_JOBS=1
prepare() {
default_prepare
# The default log level is very chatty.
sed -i 's/^\(\s*config.log_level\s*=\).*$/\1 :warn/' \
config/environments/production.rb
# This is not needed, the secret_token is generated by the
# gitlab-shell package. It also makes problems in the build phase.
rm config/initializers/gitlab_shell_secret_token.rb
# Remove all locale files except en.
find locale -type d -mindepth 1 ! -name en -exec rm -rf {} +
# Allow use of any bundler
sed -i -e '/BUNDLED/,+1d' Gemfile.lock
}
build() {
local bundle_without='exclude development kerberos mysql test'
cd "$builddir"/workhorse
make
cd "$builddir"
msg "Installing Ruby gems..."
bundle config --local without "$bundle_without"
bundle config --local build.ffi --enable-system-libffi
bundle config --local build.gpgme --use-system-libraries
bundle config --local build.re2 --enable-system-libraries
bundle config --local build.nokogiri --use-system-libraries \
--with-xml2-include=/usr/include/libxml2 \
--with-xslt-include=/usr/include/libxslt
bundle config --local build.ruby-magic --enable-system-libraries
bundle config --local build.google-protobuf '-- --with-cflags=-D__va_copy=va_copy'
bundle config --local path "vendor/bundle"
bundle install --no-cache
# Replace bundled CA bundle with symlink.
(
cd vendor/bundle/ruby/*/gems/aws-sdk-core-*/
rm ca-bundle.crt
ln -s /etc/ssl/certs/ca-certificates.crt ca-bundle.crt
)
# Remove faulty RPATH.
chrpath -d vendor/bundle/ruby/*/extensions/*/*/ruby-magic-*/magic/magic.so
# Patch installed gem gitlab-markup to use python3.
# Option "-S" causes that Python cannot find docutils module.
sed -i 's/python2 -S/python3/g' \
vendor/bundle/ruby/*/gems/gitlab-markup-*/lib/github/markups.rb
# Remove non-sense require of code for tests from top-level module
# (we're gonna delete tests from the package).
sed -i '/require .carrierwave\/test\/matchers./d' \
vendor/bundle/ruby/*/gems/carrierwave-*/lib/carrierwave.rb
msg "Installing npm modules..."
yarn install --production --frozen-lockfile
# Since we have moved assets gems into a group, they are not implicitly
# loaded by default. This will be reverted after compiling assets.
sed -i.bak '/Bundler.require(\*Rails.groups/s/)/, :assets)/' \
config/application.rb
# assets:precompile and gettext:compile bootstraps the app,
# so they needs configs.
cp config/gitlab.yml.example config/gitlab.yml
cp config/database.yml.postgresql config/database.yml
cp config/secrets.yml.example config/secrets.yml
# The configured path is not readable for the user building
# the package, so we must remove it; GitLab will use the default path.
sed -i '/^\s*secret_file:.*/d' config/gitlab.yml
(
export NODE_ENV=production
export RAILS_ENV=production
export SKIP_STORAGE_VALIDATION=true
export USE_DB=false
export NO_SOURCEMAPS=true
export NODE_OPTIONS="--max_old_space_size=3584"
msg "Compiling GetText PO files..."
bundle exec rake gettext:compile
msg "Compiling assets (this will take few minutes)..."
bundle exec rake gitlab:assets:compile
)
# Revert changes.
mv config/application.rb.bak config/application.rb
msg "Cleaning assets gems..."
bundle config --local without 'exclude development kerberos mysql test assets'
bundle clean
# Create executables in bin/*.
# See also https://github.com/bundler/bundler/issues/6149.
bundle binstubs --force bundler gitlab-mail_room puma sidekiq
# Cleanup
rm config/database.yml config/gitlab.yml config/secrets.yml
}
package() {
local destdir="$pkgdir/$_prefix"
local datadir="$pkgdir/var/lib/gitlab"
local file dest
install -d -m755 "$destdir" "$destdir"/bin
install -d -m755 -o git -g git \
"$datadir" \
"$pkgdir"/etc/gitlab \
"$pkgdir"/var/log/gitlab \
"$datadir"/pages
install -d -m700 -o git -g git \
"$datadir"/artifacts \
"$datadir"/builds \
"$datadir"/ci_secure_files \
"$datadir"/dependency_proxy \
"$datadir"/encrypted_settings \
"$datadir"/external-diffs \
"$datadir"/lfs-objects \
"$datadir"/packages \
"$datadir"/pages \
"$datadir"/terraform_state \
"$datadir"/uploads
install -d -m0750 -o git -g www-data \
"$datadir"/pages
install -d -m02770 -o git -g git \
"$datadir"/repositories
# Install application files.
# Note: *VERSION files and doc directory are required (Help in GitLab
# menu refers to the doc directory).
cp -rl .bundle config.ru Gemfile* INSTALLATION_TYPE Rakefile ./*VERSION \
app data db doc fixtures config lib locale metrics_server public sidekiq_cluster vendor gems \
"$destdir"/
install -m755 -t "$destdir"/bin/ \
bin/bundle \
bin/mail_room \
bin/metrics-server \
bin/rails \
bin/rake \
bin/sidekiq \
bin/sidekiq-cluster \
bin/sidekiqmon \
bin/puma
cd "$destdir"
# Not needed in runtime since we have already compiled all assets.
rm -r app/assets
rm -r vendor/assets
find public/assets -name '*.vue' -delete
find public/assets -type d -exec rmdir --ignore-fail-on-non-empty '{}' \;
# These load gems in the assets group.
rm config/initializers/sprockets.rb
# Remove more stuff not neeeded in production.
rm -r lib/support
rm -r db/fixtures/development
find lib/tasks -maxdepth 1 -type f ! -name cache.rake ! -name setup.rake -delete
find lib/tasks/gitlab \( -name 'generate_docs.*' \
-o -name 'shell.*' \
-o -name 'test.*' \) -delete
cd "$destdir"/vendor/bundle/ruby/*/
# Remove tests, documentations and other useless files.
find gems/ \( -name 'doc' \
-o -name 'spec' \
-o -name 'test' \) \
-type d -maxdepth 2 -exec rm -fr "{}" +
find gems/ \( -name 'README*' \
-o -name 'CHANGELOG*' \
-o -name 'CONTRIBUT*' \
-o -name '*LICENSE*' \
-o -name 'Rakefile' \
-o -name '.*' \) \
-type f -delete
# Remove bundled libgit2 sources.
rm -r gems/rugged-*/vendor/libgit2
# Remove assets, they are already compiled.
rm -r gems/tanuki_emoji-*/app/assets
# Remove build logs and cache.
rm -rf build_info/ cache/
find extensions/ \( -name gem_make.out -o -name mkmf.log \) -delete
cd "$destdir"
# Install and symlink config files.
for file in cable.yml.example \
database.yml.postgresql \
gitlab.yml.example \
puma.rb.example \
resque.yml.example \
sidekiq.yml.example \
initializers/smtp_settings.rb.sample
do
dest="$(basename "${file%.*}")"
install -m640 -g git -D config/$file "$pkgdir"/etc/gitlab/$dest
ln -sf /etc/gitlab/$dest "$pkgdir"/$_prefix/config/${file%.*}
done
# This file will be generated by the post-install script, just prepare symlink.
ln -sf /etc/gitlab/secrets.yml config/secrets.yml
# These shouldn't be necessary, they are all configurable, but OmniBus
# creates them too, so just to be sure...
ln -sf /etc/gitlab/gitlab_kas_secret .gitlab_kas_secret
ln -sf /etc/gitlab/gitlab_pages_secret .gitlab_pages_secret
ln -sf /etc/gitlab/gitlab_shell_secret .gitlab_shell_secret
ln -sf /etc/gitlab/gitlab_workhorse_secret .gitlab_workhorse_secret
# Some paths are hard-coded in GitLab, so we must make symlinks. :(
ln -sf /var/lib/gitlab/uploads public/uploads
ln -sf /var/log/gitlab log
ln -sf /var/tmp/gitlab tmp
cat > "$datadir"/.profile <<-EOF
export RAILS_ENV=production
export NODE_ENV=production
export EXECJS_RUNTIME=Disabled
EOF
# Install wrapper scripts to /usr/bin.
local name; for name in rake rails; do
sed "s/__COMMAND__/$name/g" "$srcdir"/bin-wrapper.in \
> "$builddir"/gitlab-$name
install -m755 -D "$builddir"/gitlab-$name "$pkgdir"/usr/bin/gitlab-$name
done
cd "$builddir"/workhorse
# Install workhorse.
make install DESTDIR="$pkgdir" PREFIX=/usr
install -m644 config.toml.example "$pkgdir"/etc/gitlab/workhorse.toml
for file in $_pkgname $_pkgname.rails $_pkgname.sidekiq $_pkgname.mailroom $_pkgname.workhorse; do
install -m755 -D "$srcdir"/$file.initd "$pkgdir"/etc/init.d/$file
done
install -m644 -D "$srcdir"/$_pkgname.confd \
"$pkgdir"/etc/conf.d/$_pkgname
install -m644 -D "$srcdir"/$_pkgname.logrotate \
"$pkgdir"/etc/logrotate.d/$_pkgname
}
assets() {
depends=""
amove $_prefix/public/assets
}
sha512sums="
e09cfbbe4237f42bd8509c551031fd3526b75762beae7dac5164ecc4056ae07890a3ddb8500f1573f0ca9d697150654d1fcab3b3d0a3b93e5382addcee298c5b gitlab-foss-v17.0.4.tar.gz
daa496f3d9146f9dbddff62477bf49d5c7bd2f2a4cdbadc70ee51c8230f3ef01dc950ef157154b31c7e7bef0beecc5cbac50fbac65a79d6d9099b27bcba8b2ab database-config.patch
80d9bf2d064c1d4310566e087e14220e075430c46d9a6c4641c1141fbdc05381ae14a3ae7dfcb7dcb75dbf7af17a136f81764c7a4d109f248a81033782dce23b gitlab.initd
1f451b67a5d5e58650b0fe862a2b65cfb8bff5502b37d94ae90619c1ff9affbecf24428303a2849bebce5f94bef37078f0e5710e344bbab616134e910938384a gitlab.mailroom.initd
d8cdeb54c46f8204936bf5750833649e4586d3dd1942eed45955ed1661ae5f5080f59184fcb59a8f73c1405faccbf02b3db3d2c12fc2a4a81424cd35ce390768 gitlab.rails.initd
cb4ec100f0ea7ffcbb37aead8423e636629e2f4848b2974a7b2468e96cb1081ca732ac336417b08dd943afb961df888c73af1334dcbe054dfd361e74f492fd86 gitlab.sidekiq.initd
85c4e257a030832bd70ad1e257ae7cb568b31e01201fc845abac02d00f02492ca694be1fa2bf743dd8c8623e6a79d36adee3f4de02040134c11158a6001c064b gitlab.workhorse.initd
4dc00b16462f30591297fcb535fc364185d3ed76e9956597f0423a8dfd8a9a351f6ac29d9f0c73052c11324fba4768eb89a21c6bef4da99f15baaea8c9ab8407 gitlab.confd
57f258246925fbef0780caebdf005983c72fe3db1ab3242a1e00137bd322f5ec6c0fd958db7178b8fc22103d071f550d6f71f08422bcd9e859d2a734b2ecef00 gitlab.logrotate
a944c3886388ba1574bf8c96b6de4d9f24ef4a83f553c31a224e17a3b01f2a5c65b60c59b7ed7ca4b25670c60ea8dd41b96a8a623d909d2bb09bdf2520ed7f23 bin-wrapper.in
0eaa7de9a906ddb0fe84b7afbaec893a134bbbdb9e71da75cf4095ef40404643e51447aee88d3cad6e565bc709b34ffd8901cc93061e4a2a410838aed42d3644 upgrade-sys-filesystem-depend.patch
"

View file

@ -0,0 +1,15 @@
#!/bin/sh
BUNDLE_DIR='/usr/lib/bundles/gitlab'
export RAILS_ENV='production'
export NODE_ENV='production'
export EXECJS_RUNTIME='Disabled'
cd $BUNDLE_DIR
install -m 700 -o git -g git -d "$(readlink ./tmp)"
if [ "$(id -un)" != 'git' ]; then
exec su git -c '"$0" "$@"' -- bin/__COMMAND__ "$@"
else
exec bin/__COMMAND__ "$@"
fi

View file

@ -0,0 +1,66 @@
diff --git a/config/database.yml.postgresql.orig b/config/database.yml.postgresql
index da9f458..2d6d44e 100644
--- a/config/database.yml.postgresql.orig
+++ b/config/database.yml.postgresql
@@ -26,13 +26,6 @@ production:
username: git
password: "secure password"
host: localhost
- geo:
- adapter: postgresql
- encoding: unicode
- database: gitlabhq_geo_production
- username: git
- password: "secure password"
- host: localhost
#
# Development specific
@@ -57,13 +50,6 @@ development:
host: localhost
variables:
statement_timeout: 15s
- geo:
- adapter: postgresql
- encoding: unicode
- database: gitlabhq_geo_development
- username: postgres
- password: "secure password"
- host: localhost
#
# Staging specific
@@ -84,13 +70,6 @@ staging:
username: git
password: "secure password"
host: localhost
- geo:
- adapter: postgresql
- encoding: unicode
- database: gitlabhq_geo_staging
- username: git
- password: "secure password"
- host: localhost
# Warning: The database defined as "test" will be erased and
# re-generated from your development database when you run "rake".
@@ -119,19 +98,3 @@ test: &test
reaping_frequency: nil
variables:
statement_timeout: 15s
- geo:
- adapter: postgresql
- encoding: unicode
- database: gitlabhq_geo_test
- username: postgres
- password:
- host: localhost
- reaping_frequency: nil
- embedding:
- adapter: postgresql
- encoding: unicode
- database: gitlabhq_embedding_test
- username: postgres
- password:
- host: localhost
- reaping_frequency: nil

View file

@ -0,0 +1,108 @@
#!/bin/sh
set -eu
group='git'
data_dir='/var/lib/gitlab'
secrets_file='/etc/gitlab/secrets.yml'
shell_secret_file='/etc/gitlab/gitlab_shell_secret'
workhorse_secret_file='/etc/gitlab/gitlab_workhorse_secret'
kas_secret_file='/etc/gitlab/gitlab_kas_secret'
gen_random_b64() {
local bits="$1"
ruby <<-EOF
require 'securerandom'
require 'base64'
puts Base64.strict_encode64(SecureRandom.random_bytes($bits))
EOF
}
echo "* Checking $secrets_file" >&2
ruby <<-EOF
require 'openssl'
require 'securerandom'
require 'yaml'
secrets_file = '$secrets_file'
changed = false
secrets = YAML.load_file(secrets_file) if File.exist?(secrets_file)
secrets ||= {}
prod = secrets['production'] ||= {}
prod['db_key_base'] ||= ( changed = true; SecureRandom.hex(64) )
prod['secret_key_base'] ||= ( changed = true; SecureRandom.hex(64) )
prod['otp_key_base'] ||= ( changed = true; SecureRandom.hex(64) )
prod['encrypted_settings_key_base'] ||= ( changed = true; SecureRandom.hex(64) )
prod['openid_connect_signing_key'] ||= begin
changed = true
prod.delete('jws_private_key') || OpenSSL::PKey::RSA.new(2048).to_pem
end
# db/fixtures/production/010_settings.rb
prod['ci_jwt_signing_key'] ||= ( changed = true; OpenSSL::PKey::RSA.new(2048).to_pem )
if changed
STDERR.puts "* Generating random secrets into #{secrets_file}"
File.write(secrets_file, YAML.dump(secrets), mode: 'w', perm: 0640)
end
EOF
chown root:$group "$secrets_file"
if [ ! -f "$shell_secret_file" ]; then
echo "* Generating random secret in $shell_secret_file" >&2
head -c 512 /dev/urandom | LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 64 > "$shell_secret_file"
chown root:$group "$shell_secret_file"
chmod 0640 "$shell_secret_file"
fi
if [ ! -f "$workhorse_secret_file" ]; then
echo "* Generating random secret in $workhorse_secret_file" >&2
# Sync with lib/gitlab/workhorse.rb.
gen_random_b64 32 > "$workhorse_secret_file"
chown root:$group "$workhorse_secret_file"
chmod 0640 "$workhorse_secret_file"
fi
if [ ! -f "$kas_secret_file" ]; then
echo "* Generating random secret in $kas_secret_file" >&2
# Sync with lib/gitlab/workhorse.rb.
gen_random_b64 32 > "$kas_secret_file"
chown root:$group "$kas_secret_file"
chmod 0640 "$kas_secret_file"
fi
# NOTE: We create this symlink in post-install script instead of APKBULD,
# so user can decide to have tmp dir inside $data_dir (e.g. it's on bigger disk).
if [ ! -e "$data_dir"/tmp ]; then
ln -s /var/tmp/gitlab "$data_dir"/tmp
fi
if [ "${0##*.}" = 'post-upgrade' ]; then
cat >&2 <<-EOF
*
* To finish GitLab upgrade run:
*
* gitlab-rake gitlab:db:configure
*
EOF
else
cat >&2 <<-EOF
*
* 1. Adjust settings in /etc/gitlab/database.yml and gitlab.yml.
*
* 2. Create database for GitLab:
*
* psql -c "CREATE ROLE gitlab PASSWORD 'top-secret' INHERIT LOGIN;"
* psql -c "CREATE DATABASE gitlab OWNER gitlab ENCODING 'UTF-8';"
* psql -d gitlab -c "CREATE EXTENSION pg_trgm; CREATE EXTENSION btree_gist;"
*
* 3. Run "gitlab-rake gitlab:setup", or "gitlab-rake gitlab:db:configure" if
* you are updating existing database.
*
EOF
fi

View file

@ -0,0 +1 @@
gitlab-foss.post-install

View file

@ -0,0 +1,53 @@
#!/bin/sh
# It's very important to set user/group correctly.
git_dir='/var/lib/gitlab'
if ! getent group git 1>/dev/null; then
echo '* Creating group git' 1>&2
addgroup -S git
fi
if ! id git 2>/dev/null 1>&2; then
echo '* Creating user git' 1>&2
adduser -DHS -G git -h "$git_dir" -s /bin/sh \
-g "added by apk for gitlab-foss" git
passwd -u git 1>/dev/null # unlock
fi
if ! id -Gn git | grep -Fq redis; then
echo '* Adding user git to group redis' 1>&2
addgroup git redis
fi
if [ "$(id -gn git)" != 'git' ]; then
cat >&2 <<-EOF
!!
!! User git has primary group $(id -gn git). We strongly recommend to change
!! git's primary group to git, otherwise GitLab may not work correctly.
!!
EOF
# Add it at least as a supplementary group.
adduser git git
fi
user_home="$(getent passwd git | cut -d: -f6)"
if [ "$user_home" != "$git_dir" ]; then
cat >&2 <<-EOF
!!
!! User git has home directory in $user_home, but this package assumes
!! $git_dir. Although it's possible to use a different directory,
!! it's really not easy.
!!
!! Please change git's home directory to $git_dir, or adjust settings
!! and move files yourself. Otherwise GitLab will not work!
!!
EOF
fi
exit 0

View file

@ -0,0 +1,20 @@
# Configuration for /etc/init.d/gitlab.rails
# Path to the Puma configuration file.
#puma_config="/etc/gitlab/puma.rb"
# IP address and port for Puma server to listen on.
#puma_listen_tcp="127.0.0.1:8080"
# Absolute path of unix socket for Puma server to listen on.
#puma_listen_unix="/run/gitlab/gitlab.socket"
# Path to the file to redirect stdout from Puma server to.
#puma_stdout_file="/var/log/gitlab/puma_stdout.log"
# Path to the file to redirect stderr from Puma server to.
#puma_stderr_file="/var/log/gitlab/puma_stderr.log"
# Action Cable uses a separate thread pool per Puma worker. This configures
# number of threads in the pool.
#action_cable_worker_pool_size=4

View file

@ -0,0 +1,85 @@
# Configuration file for /etc/init.d/gitlab and
# /etc/init.d/gitlab.{mailroom,rails,sidekiq,workhorse}
# Path to the base directory for the Prometheus metrics used by Puma and
# Sidekiq.
#metrics_dir=/dev/shm/gitlab
# How many Puma worker processes to create (0 to disable cluster mode).
#puma_workers=3
# IP address and port for Puma server to listen on.
#puma_listen_tcp="127.0.0.1:8080"
# Absolute path of unix socket for Puma server to listen on.
#puma_listen_unix="/run/gitlab/gitlab.socket"
# Action Cable uses a separate thread pool per Puma worker. This configures
# number of threads in the pool.
#action_cable_worker_pool_size=4
# IP address and port, or absolute path of the unix socket, where should
# Workhorse listen on for connections from a web server.
#workhorse_listen="/run/gitlab/workhorse.socket"
# How long to wait for response headers when proxying the request.
#workhorse_proxy_header_timeout="1m0s"
# Number of API requests allowed at single time.
#workhorse_api_limit=
# Maximum queueing duration of requests (default 30s).
#workhorse_api_queue_duration=
# Number of API requests allowed to be queued.
#workhorse_api_queue_limit=
# Long polling duration for job requesting for runners (default 0s - disabled)
#workhorse_ci_long_polling_duration=
# Log format to use: text, json, structured, none. Defaults to "text".
#workhorse_log_format=
# Prometheus listening address.
#workhorse_prometheus_listen=
# Sentry DSN for Workhorse.
#workhorse_sentry_dsn=
# Specify how many processes to create using sidekiq-cluster and which queue
# they should handle. Each whitespace-separated item equates to one additional
# Sidekiq process, and comma-separated values in each item determine the queues
# it works on. The special queue name "*" means all queues.
# Example: "* gitlab_shell process_commit,post_receive"
# See https://docs.gitlab.com/ee/administration/sidekiq/extra_sidekiq_processes.html.
#sidekiq_queue_groups="*"
# Maximum threads to use with Sidekiq (default: 50, 0 to disable).
#sidekiq_max_concurrency=
# Minimum threads to use with Sidekiq (default: 0).
#sidekiq_min_concurrency=
# The number of seconds to wait between worker checks.
#sidekiq_interval=
# Graceful timeout for all running processes.
#sidekiq_shutdown_timeout=
# Run workers for all queues in sidekiq_queues.yml except the given ones.
#sidekiq_negate=no
# Run workers based on the provided selector.
#sidekiq_queue_selector=no
# Memory limit (in MiB) for the Sidekiq process. If the RSS (Resident Set Size)
# of the Sidekiq process exceeds this limit, a delayed shutdown is triggered.
#sidekiq_memkiller_max_rss=2000
# Enable mail_room to handle incoming mails?
#mailroom_enabled="no"

View file

@ -0,0 +1,50 @@
#!/sbin/openrc-run
name="GitLab"
description="Meta script for starting/stopping all the GitLab components"
: ${mailroom_enabled:="no"}
: ${pages_enabled:="yes"}
subservices="gitlab.rails gitlab.gitaly gitlab.sidekiq gitlab.workhorse"
if yesno "$mailroom_enabled"; then
subservices="$subservices gitlab.mailroom"
fi
if yesno "$pages_enabled" && [ -e /etc/init.d/gitlab.pages ]; then
subservices="$subservices gitlab.pages"
fi
depend() {
need redis postgresql
use net
}
start() {
local ret=0
ebegin "Starting all GitLab components"
local svc; for svc in $subservices; do
service $svc start || ret=1
done
eend $ret
}
stop() {
local ret=0
ebegin "Stopping all GitLab components"
local svc; for svc in $subservices; do
service $svc stop || ret=1
done
eend $ret
}
status() {
local ret=0
local svc; for svc in $subservices; do
echo "$svc:"
service $svc status || ret=1
done
eend $ret
}

View file

@ -0,0 +1,24 @@
/var/log/gitlab/workhorse.log {
compress
maxsize 10M
minsize 1M
missingok
postrotate
/etc/init.d/gitlab.workhorse --quiet --ifstarted reopen
endscript
sharedscripts
rotate 5
weekly
}
/var/log/gitlab/*.log {
compress
copytruncate
delaycompress
maxsize 10M
minsize 1M
missingok
sharedscripts
rotate 10
weekly
}

View file

@ -0,0 +1,40 @@
#!/sbin/openrc-run
supervisor=supervise-daemon
name="GitLab (mailroom)"
description="GitLab service for processing incoming mails."
: ${gitlab_base:="/usr/lib/bundles/gitlab"}
: ${gitlab_config:="/etc/gitlab/gitlab.yml"}
: ${mailroom_logfile:="/var/log/gitlab/mail_room.log"}
: ${mailroom_config:="$gitlab_base/config/mail_room.yml"}
command="$gitlab_base/bin/mail_room"
command_args="-c $mailroom_config"
command_background="yes"
command_user="git"
directory="$gitlab_base"
error_log="$mailroom_logfile"
output_log="$mailroom_logfile"
supervise_daemon_args="
--env RAILS_ENV=production
--env TZ=:/etc/localtime
--env MAIL_ROOM_GITLAB_CONFIG_FILE=$gitlab_config
"
start_stop_daemon_args="--interpreted $supervise_daemon_args"
pidfile="/run/gitlab/mail_room.pid"
required_files="$mailroom_config $gitlab_config"
depend() {
need redis
use net
}
start_pre() {
checkpath -d -m 755 -o $command_user -q "${pidfile%/*}" || return 1
checkpath -f -m 640 -o $command_user "$mailroom_logfile"
}

View file

@ -0,0 +1,119 @@
#!/sbin/openrc-run
name="GitLab Rails"
description="GitLab application"
extra_started_commands="reload reopen"
description_reload="Reload configuration"
description_reopen="Reopen log files"
: ${gitlab_base:="/usr/lib/bundles/gitlab"}
: ${metrics_dir:="/dev/shm/gitlab"}
: ${action_cable_worker_pool_size:=4}
: ${gitlab_config:="/etc/gitlab/gitlab.yml"}
: ${puma_workers:=3}
: ${puma_listen_unix:="/run/gitlab/gitlab.socket"}
: ${puma_listen_tcp:="127.0.0.1:8080"}
: ${puma_stdout_file:="/var/log/gitlab/puma_stdout.log"}
: ${puma_stderr_file:="/var/log/gitlab/puma_stderr.log"}
: ${puma_config:="/etc/gitlab/puma.rb"}
: ${puma_metrics_dir:="$metrics_dir/puma"}
command="$gitlab_base/bin/puma"
command_args="
--config $puma_config
--workers $puma_workers
--bind tcp://$puma_listen_tcp
--bind unix://$puma_listen_unix
--redirect-stdout $puma_stdout_file
--redirect-stderr $puma_stderr_file
--redirect-append
--state /run/gitlab/puma.state
"
command_background="yes"
command_user="git"
directory="$gitlab_base"
supervise_daemon_args="
--env ACTION_CABLE_WORKER_POOL_SIZE=$action_cable_worker_pool_size
--env RAILS_ENV=production
--env NODE_ENV=production
--env EXECJS_RUNTIME=Disabled
--env GITLAB_BASE=$gitlab_base
--env TZ=:/etc/localtime
--env prometheus_multiproc_dir=$puma_metrics_dir
${supervise_daemon_args:-}
"
start_stop_daemon_args="
--interpreted
$supervise_daemon_args
$start_stop_daemon_args
"
pidfile="/run/gitlab/puma.pid"
required_files="$gitlab_config $puma_config"
depend() {
need redis
want sshd postgresql docker-registry
use net
}
start_pre() {
checkpath -d -m 755 -o $command_user -q "${pidfile%/*}" || return 1
checkpath -d -m 700 -o $command_user -q "$(readlink -f "$gitlab_base"/tmp)" || return 1
checkpath -d -m 700 -o $command_user -q "$metrics_dir" || return 1
checkpath -d -m 700 -o $command_user --directory-truncate "$puma_metrics_dir" || return 1
checkpath -f -m 644 -o $command_user "$puma_stdout_file" || return 1
checkpath -f -m 644 -o $command_user "$puma_stderr_file" || return 1
# Ruby requires sticky bit on TMP directory.
checkpath -d -m 1777 /tmp
local downloads_path="$(_parse_yaml "$gitlab_config" \
production.gitlab.repository_downloads_path)"
if [ -n "$downloads_path" ]; then
checkpath -d -m 700 -o $command_user -q "$downloads_path"
fi
checkpath --directory --owner $command_user --mode 0775 \
/var/tmp/gitlab/downloads \
/var/tmp/gitlab/backups
}
reload() {
ebegin "Reloading $name"
if [ "$supervisor" ]; then
$supervisor "$RC_SVCNAME" --signal USR2
else
start-stop-daemon --pidfile "$pidfile" --signal USR2
fi
eend $?
}
reopen() {
ebegin "Telling $name to reopen log files"
if [ "$supervisor" ]; then
$supervisor "$RC_SVCNAME" --signal USR1
else
start-stop-daemon --pidfile "$pidfile" --signal USR1
fi
eend $?
}
_parse_yaml() {
local file="$1"
local key="$2"
local default="${3:-}"
local key_path="$(echo "[\"$key\"]" | sed 's/\./"]["/g')"
ruby <<-EOF
require "yaml"
puts YAML.load_file("$file")$key_path rescue puts "$default"
EOF
}

View file

@ -0,0 +1,76 @@
#!/sbin/openrc-run
extra_started_commands="finish"
name="GitLab Sidekiq"
description="GitLab backgroud workers"
description_finish="Stop fetching new jobs and finish current ones"
: ${gitlab_base:="/usr/lib/bundles/gitlab"}
: ${metrics_dir:="/dev/shm/gitlab"}
: ${sidekiq_logfile:="/var/log/gitlab/sidekiq.log"}
: ${sidekiq_memkiller_max_rss:="2000"} # default per Omnibus
: ${sidekiq_metrics_dir:="$metrics_dir/sidekiq"}
: ${sidekiq_negate:="no"}
: ${sidekiq_queue_groups:="*"}
: ${sidekiq_queue_selector:="no"}
command="$gitlab_base/bin/sidekiq-cluster"
# Note: The rest of the options is set in start_pre().
command_args="-r $gitlab_base -e production ${command_args:-}"
command_background="yes"
command_user="git"
directory="$gitlab_base"
error_log="$sidekiq_logfile"
output_log="$sidekiq_logfile"
supervise_daemon_args="
--env RAILS_ENV=production
--env NODE_ENV=production
--env EXECJS_RUNTIME=Disabled
--env TZ=:/etc/localtime
--env SIDEKIQ_MEMORY_KILLER_MAX_RSS=$(( sidekiq_memkiller_max_rss * 1024 ))
--env prometheus_multiproc_dir=$sidekiq_metrics_dir
"
start_stop_daemon_args="--interpreted $supervise_daemon_args"
pidfile="/run/gitlab/sidekiq.pid"
depend() {
need redis
use net postgresql
}
start_pre() {
yesno "$sidekiq_queue_selector" && command_args="$command_args --queue-selector"
command_args="$command_args
$(optif --max-concurrency ${sidekiq_max_concurrency:-})
$(optif --min-concurrency ${sidekiq_min_concurrency:-})
$(optif --interval ${sidekiq_interval:-})
$(optif --timeout ${sidekiq_shutdown_timeout:-})
$(set -f; printf "'%s' " $sidekiq_queue_groups)
"
yesno "$sidekiq_negate" && command_args="$command_args --negate"
checkpath -d -m 755 -o $command_user -q "${pidfile%/*}" || return 1
checkpath -d -m 700 -o $command_user -q "$metrics_dir" || return 1
checkpath -d -m 700 -o $command_user --directory-truncate "$sidekiq_metrics_dir" || return 1
checkpath -f -m 644 -o $command_user "$sidekiq_logfile"
}
finish() {
ebegin "Telling $name to stop fetching new jobs"
if [ "$supervisor" ]; then
$supervisor "$RC_SVCNAME" --signal TSTP
else
start-stop-daemon --pidfile "$pidfile" --signal TSTP
fi
eend $?
}
optif() {
test -n "$2" && printf '%s/n' "$1=$2" || true
}

View file

@ -0,0 +1,75 @@
#!/sbin/openrc-run
extra_started_commands="reopen"
name="GitLab Workhorse"
description="A reverse proxy for GitLab."
description_reopen="Reopen log files"
: ${gitlab_base:="/usr/lib/bundles/gitlab"}
: ${workhorse_logfile:="/var/log/gitlab/workhorse.log"}
: ${workhorse_access_log:="no"}
command="/usr/bin/gitlab-workhorse"
# Note: The rest of the options is set in start_pre().
command_args="
-authBackend=http://${puma_listen_tcp:="127.0.0.1:8080"}
-config=${workhorse_config:="/etc/gitlab/workhorse.toml"}
-documentRoot=${gitlab_public_dir:="$gitlab_base/public"}
-listenAddr=${workhorse_listen:="/run/gitlab/workhorse.socket"}
-listenUmask=${workhorse_listen_umask:="000"}
-logFile=$workhorse_logfile
-secretPath=${workhorse_secret_path:="/etc/gitlab/gitlab_workhorse_secret"}
"
command_background="yes"
command_user="git"
directory="$gitlab_base"
pidfile="/run/gitlab/workhorse.pid"
depend() {
use net
}
start_pre() {
local listen_net="tcp"
[ "${workhorse_listen:0:1}" = '/' ] && listen_net="unix"
command_args="$command_args
-listenNetwork=$listen_net
$(optif -apiCiLongPollingDuration "$workhorse_ci_long_polling_duration")
$(optif -apiLimit "$workhorse_api_limit")
$(optif -apiQueueDuration "$workhorse_api_queue_duration")
$(optif -apiQueueLimit "$workhorse_api_queue_limit")
$(optif -authSocket "$puma_listen_unix")
$(optif -logFormat "$workhorse_log_format")
$(optif -prometheusListenAddr "$workhorse_prometheus_listen_addr")
$(optif -proxyHeadersTimeout "$workhorse_proxy_header_timeout")"
# FIXME: not implemented
#yesno "$workhorse_access_log" || command_args="$command_args -disableAccessLog"
start_stop_daemon_args="$start_stop_daemon_args
$(optif '--env GITLAB_WORKHORSE_SENTRY_DSN' "$workhorse_sentry_dns")"
supervise_daemon_args="$supervise_daemon_args
$(optif '--env GITLAB_WORKHORSE_SENTRY_DSN' "$workhorse_sentry_dns")"
checkpath -d -m 755 -o $command_user -q "${pidfile%/*}" || return 1
if [ "$listen_net" = "unix" ]; then
checkpath -d -m 755 -o $command_user -q "${workhorse_listen%/*}" || return 1
fi
checkpath -f -m 640 -o $command_user "$workhorse_logfile"
}
reopen() {
ebegin "Telling $name to reopen log files"
if [ "$supervisor" ]; then
$supervisor "$RC_SVCNAME" --signal HUP
else
start-stop-daemon --pidfile "$pidfile" --signal HUP
fi
eend $?
}
optif() {
test -n "$2" && printf '%s/n' "$1=$2" || true
}

View file

@ -0,0 +1,35 @@
diff --git a/Gemfile.orig b/Gemfile
index c1e9e34..a4448b7 100644
--- a/Gemfile.orig
+++ b/Gemfile
@@ -525,7 +525,7 @@ gem 'health_check', '~> 3.0' # rubocop:todo Gemfile/MissingFeatureCategory
# System information
gem 'vmstat', '~> 2.3.0' # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'sys-filesystem', '~> 1.4.3' # rubocop:todo Gemfile/MissingFeatureCategory
+gem 'sys-filesystem', '~> 1.4.5' # rubocop:todo Gemfile/MissingFeatureCategory
# NTP client
gem 'net-ntp' # rubocop:todo Gemfile/MissingFeatureCategory
diff --git a/Gemfile.lock.orig b/Gemfile.lock
index bb66169..a4da10b 100644
--- a/Gemfile.lock.orig
+++ b/Gemfile.lock
@@ -1657,7 +1657,7 @@ GEM
attr_required (>= 0.0.5)
httpclient (>= 2.4)
sync (0.5.0)
- sys-filesystem (1.4.3)
+ sys-filesystem (1.4.5)
ffi (~> 1.1)
sysexits (1.2.0)
table_print (1.5.7)
@@ -2123,7 +2123,7 @@ DEPENDENCIES
stackprof (~> 0.2.25)
state_machines-activerecord (~> 0.8.0)
static_holmes (~> 0.7.7)
- sys-filesystem (~> 1.4.3)
+ sys-filesystem (~> 1.4.5)
tanuki_emoji (~> 0.9)
telesignenterprise (~> 2.2)
terser (= 1.0.2)

View file

@ -0,0 +1,35 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
pkgname=gitlab-pages
pkgver=17.0.4
_gittag="v$pkgver"
pkgrel=0
pkgdesc="A daemon used to serve static websites for GitLab users"
url="https://gitlab.com/gitlab-org/gitlab-pages/"
arch="all"
license="MIT"
makedepends="go>=1.5"
source="
https://gitlab.com/gitlab-org/gitlab-pages/-/archive/$_gittag/gitlab-pages-$_gittag.tar.gz
ungit-makefile.patch
$pkgname.initd
"
subpackages="$pkgname-openrc"
builddir="$srcdir"/$pkgname-$_gittag
build() {
make VERSION=$pkgver REVISION=$pkgrel GOPATH="$srcdir" CGO_ENABLED=0
}
package() {
install -D -m 755 $pkgname "$pkgdir"/usr/bin/$pkgname
install -m755 -D "$srcdir"/$pkgname.initd \
"$pkgdir"/etc/init.d/gitlab.pages
}
sha512sums="
fde33d01f7b3810a9a094c09fce19976c41a2ccc9eaf720a0f4dd285eb2d0f35de8d2d607cdbaa670221711919043d681fd3fda6e14d67ae1454619746c1e453 gitlab-pages-v17.0.4.tar.gz
710a9b652327e57e620c2bdb02bf912a6f61044eaaf61d36c6612284e9b951d2ac6f5eef77dfea16a0cde328bd4c556d9e47791c560139c27cb9659076f809b1 ungit-makefile.patch
20bc66c1c3548568ed353ca8d584f9108b9688f9375f212a18efc7b8386fdaafb3b2dc9e865f21c7f8fd31ada6e91842a8bb8d397f64851d853bb0de3e0e60bb gitlab-pages.initd
"

View file

@ -0,0 +1,55 @@
#!/sbin/openrc-run
name="GitLab Pages"
description="A daemon used to serve static websites for GitLab users"
: ${pages_user:=${user:-"git"}}
: ${pages_root:="/var/lib/gitlab/pages"}
: ${pages_logfile:="/var/log/gitlab/pages.log"}
command="/usr/bin/gitlab-pages"
# Note: The rest of the options is set in start_pre().
command_args="
-pages-domain=$pages_domain
-pages-root=$pages_root
-redirect-http=${pages_redirect_http:-true}
-use-http2=${pages_use_http2:-true}
"
command_background="yes"
start_stop_daemon_args="
--chdir $pages_root
--user $pages_user
--stdout $pages_logfile
--stderr $pages_logfile"
pidfile="/run/gitlab-pages.pid"
depend() {
use net
}
start_pre() {
local item
for item in $pages_listen_http; do
command_args="$command_args -listen-http=$item"
done
for item in $pages_listen_https; do
command_args="$command_args -listen-https=$item"
done
for item in $pages_listen_proxy; do
command_args="$command_args -listen-proxy=$item"
done
command_args="$command_args
$(optif -metrics-address "$pages_metrics_address")
$(optif -root-cert "$pages_root_cert")
$(optif -root-key "$pages_root_key")"
checkpath -m 640 -o $pages_user -f "$pages_logfile"
}
optif() {
test -n "$2" && printf '%s/n' "$1=$2" || true
}

View file

@ -0,0 +1,18 @@
diff --git a/Makefile.internal.mk.orig b/Makefile.internal.mk
index 6dfaa1b..207bdaf 100644
--- a/Makefile.internal.mk.orig
+++ b/Makefile.internal.mk
@@ -1,13 +1,3 @@
-REVISION := $(shell git rev-parse --short HEAD || echo unknown)
-LAST_TAG := $(shell git describe --tags --abbrev=0)
-COMMITS := $(shell echo `git log --oneline $(LAST_TAG)..HEAD | wc -l`)
-VERSION := $(shell cat VERSION)
-BRANCH := $(shell git rev-parse --abbrev-ref HEAD)
-
-ifneq (v$(VERSION),$(LAST_TAG))
- VERSION := $(shell echo $(VERSION)~beta.$(COMMITS).g$(REVISION))
-endif
-
VERSION_FLAGS :=-X "main.VERSION=$(VERSION)" -X "main.REVISION=$(REVISION)"
export GOBIN := $(CURDIR)/bin

View file

@ -0,0 +1,66 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
pkgname=gitlab-shell
pkgver=14.36.0
pkgrel=0
pkgdesc="GitLab Shell handles git SSH sessions for GitLab"
url="https://gitlab.com/gitlab-org/gitlab-shell"
arch="all"
license="MIT"
depends="git openssh"
makedepends="go krb5-dev"
pkgusers="git"
pkggroups="git"
install="$pkgname.pre-install $pkgname.post-install"
# NOTE: user vs system gitconfig, see https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/6166
source="https://gitlab.com/gitlab-org/gitlab-shell/-/archive/v$pkgver/gitlab-shell-v$pkgver.tar.gz
config.patch
change-config-path.patch
gitconfig
"
builddir="$srcdir/$pkgname-v$pkgver"
options="!check"
build() {
# BUILD_TAGS - build without tracing libs,
# see https://gitlab.com/gitlab-org/labkit/-/merge_requests/2
make build \
VERSION_STRING="$pkgver" \
BUILD_TAGS=""
}
package() {
local datadir="$pkgdir/var/lib/gitlab"
local libdir="$pkgdir/usr/lib/gitlab-shell"
# XXX: I couldn't figure out how/where is gitlab-shell called,
# so I kept /usr/lib/gitlab-shell. It should be changed to /usr.
make install DESTDIR="$pkgdir" PREFIX=/usr/lib/gitlab-shell
install -m644 VERSION "$libdir"/
install -m644 -D config.yml.example "$pkgdir"/etc/gitlab/gitlab-shell.yml
cd "$pkgdir"
rm "$libdir"/bin/gitlab-sshd
install -d -m755 -o git -g git \
"$pkgdir"/var/log/gitlab \
"$datadir"
install -d -m02770 -o git -g git \
"$datadir"/repositories
install -m644 -o git -g git "$srcdir"/gitconfig "$datadir"/.gitconfig
ln -s /etc/gitlab/gitlab-shell.yml "$libdir"/config.yml
ln -s /etc/gitlab/gitlab_shell_secret "$libdir"/.gitlab_shell_secret
}
sha512sums="
6b302be3630e60e3c9f76e58c61674bf08c3fe1395c9af5f354b9a557ecd1ddb43d27c9a995f868c4e4e2e734dd424a37c73e78d26b00f1f6a78f8670b45c371 gitlab-shell-v14.36.0.tar.gz
e9dd69c57c65197493f75bdde682075c6ab22892ed07d37c7a73129fb42a8349a676d5986bfd17f1df331645334248383845f21ce08d1e9664c38e4bbf5343ba config.patch
499b3a46ea94a33a23b01f6a7509d74f5a6781b930619b3b8ae42bdeae8a052cc636578744d7992b4ae4f9b9f72b11ee3d3c0f5e50986fa3f7e35b979b08aada change-config-path.patch
c53da7f145593693392d9fa880ad5a1909bfc7504fd1c93d94a468c3e0f5cc80f712f41ee1dc8bf38105b410c1165658f208bd88a70c4674104c78af33d8d09c gitconfig
"

View file

@ -0,0 +1,11 @@
--- a/support/gitlab_config.rb
+++ b/support/gitlab_config.rb
@@ -4,7 +4,7 @@ class GitlabConfig
attr_reader :config
def initialize
- @config = YAML.load_file(File.join(ROOT_PATH, 'config.yml'))
+ @config = YAML.load_file(ENV.fetch('GITLAB_SHELL_CONFIG', '/etc/gitlab/gitlab-shell.yml'))
end
def home

View file

@ -0,0 +1,112 @@
diff --git a/config.yml.example.orig b/config.yml.example
index fb147c4..98eb0e3 100644
--- a/config.yml.example.orig
+++ b/config.yml.example
@@ -13,7 +13,7 @@ user: git
# only listen on a Unix domain socket. For Unix domain sockets use
# "http+unix://<urlquoted-path-to-socket>", e.g.
# "http+unix://%2Fpath%2Fto%2Fsocket"
-gitlab_url: "http+unix://%2Fhome%2Fgit%2Fgitlab%2Ftmp%2Fsockets%2Fgitlab-workhorse.socket"
+gitlab_url: "http+unix://%2Frun%2Fgitlab%2Fworkhorse.socket"
# When a http+unix:// is used in gitlab_url, this is the relative URL root to GitLab.
# Not used if gitlab_url is http:// or https://.
@@ -29,15 +29,15 @@ http_settings:
#
# File used as authorized_keys for gitlab user
-auth_file: "/home/git/.ssh/authorized_keys"
+auth_file: "/var/lib/gitlab/.ssh/authorized_keys"
# SSL certificate dir where custom certificates can be placed
# https://golang.org/pkg/crypto/x509/
-# ssl_cert_dir: /opt/gitlab/embedded/ssl/certs/
+# ssl_cert_dir: /etc/gitlab/ssl/certs/
# File that contains the secret key for verifying access to GitLab.
# Default is .gitlab_shell_secret in the gitlab-shell directory.
-# secret_file: "/home/git/gitlab-shell/.gitlab_shell_secret"
+secret_file: "/etc/gitlab/gitlab_shell_secret"
#
# The secret field supersedes the secret_file, and if set that
# file will not be read.
@@ -45,13 +45,13 @@ auth_file: "/home/git/.ssh/authorized_keys"
# Log file.
# Default is gitlab-shell.log in the root directory.
-# log_file: "/home/git/gitlab-shell/gitlab-shell.log"
+log_file: "/var/log/gitlab/gitlab-shell.log"
# Log level. INFO by default
-log_level: INFO
+log_level: WARN
# Log format. 'json' by default, can be changed to 'text' if needed
-# log_format: json
+log_format: text
# Audit usernames.
# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but
@@ -62,62 +62,6 @@ audit_usernames: false
# For more details, visit https://docs.gitlab.com/ee/development/distributed_tracing.html
# gitlab_tracing: opentracing://driver
-# This section configures the built-in SSH server. Ignored when running on OpenSSH.
-sshd:
- # Address which the SSH server listens on. Defaults to [::]:22.
- listen: "[::]:22"
- # Set to true if gitlab-sshd is being fronted by a load balancer that implements
- # the PROXY protocol.
- proxy_protocol: false
- # Proxy protocol policy ("use", "require", "reject", "ignore"), "use" is the default value
- # Values: https://github.com/pires/go-proxyproto/blob/195fedcfbfc1be163f3a0d507fac1709e9d81fed/policy.go#L20
- proxy_policy: "use"
- # Proxy allowed IP addresses. Takes precedent over proxy_policy. Disabled by default.
- # proxy_allowed:
- # - "192.168.0.1"
- # - "192.168.1.0/24"
- # Address which the server listens on HTTP for monitoring/health checks. Defaults to localhost:9122.
- web_listen: "localhost:9122"
- # Maximum number of concurrent sessions allowed on a single SSH connection. Defaults to 10.
- concurrent_sessions_limit: 10
- # Sets an interval after which server will send keepalive message to a client. Defaults to 15s.
- client_alive_interval: 15
- # The server waits for this time for the ongoing connections to complete before shutting down. Defaults to 10s.
- grace_period: 10
- # The server disconnects after this time if the user has not successfully logged in. Defaults to 60s.
- login_grace_time: 60
- # A short timeout to decide to abort the connection if the protocol header is not seen within it. Defaults to 500ms
- proxy_header_timeout: 500ms
- # The endpoint that returns 200 OK if the server is ready to receive incoming connections; otherwise, it returns 503 Service Unavailable. Defaults to "/start".
- readiness_probe: "/start"
- # The endpoint that returns 200 OK if the server is alive. Defaults to "/health".
- liveness_probe: "/health"
- # Specifies the available message authentication code algorithms that are used for protecting data integrity
- macs: [hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1]
- # Specifies the available Key Exchange algorithms
- kex_algorithms: [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1]
- # Specified the ciphers allowed
- ciphers: [aes128-gcm@openssh.com, chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-ctr, aes192-ctr,aes256-ctr]
- # Specified the available Public Key algorithms
- public_key_algorithms: [ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, sk-ecdsa-sha2-nistp256@openssh.com, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519, sk-ssh-ed25519@openssh.com, rsa-sha2-256, rsa-sha2-512]
- # SSH host key files.
- host_key_files:
- - /run/secrets/ssh-hostkeys/ssh_host_rsa_key
- - /run/secrets/ssh-hostkeys/ssh_host_ecdsa_key
- - /run/secrets/ssh-hostkeys/ssh_host_ed25519_key
- host_key_certs:
- - /run/secrets/ssh-hostkeys/ssh_host_rsa_key-cert.pub
- - /run/secrets/ssh-hostkeys/ssh_host_ecdsa_key-cert.pub
- - /run/secrets/ssh-hostkeys/ssh_host_ed25519_key-cert.pub
- # GSSAPI-related settings
- gssapi:
- # Enable the gssapi-with-mic authentication method. Defaults to false.
- enabled: false
- # Keytab path. Defaults to "", system default (usually /etc/krb5.keytab).
- keytab: ""
- # The Kerberos service name to be used by sshd. Defaults to "", accepts any service name in keytab file.
- service_principal_name: ""
-
lfs:
# https://gitlab.com/groups/gitlab-org/-/epics/11872, disabled by default.
pure_ssh_protocol: false

View file

@ -0,0 +1,17 @@
# Based on files/gitlab-cookbooks/gitlab/templates/default/gitconfig.erb
# in omnibus-gitlab.
[user]
name = GitLab
email = gitlab@local.host
[core]
# Needed for the web editor.
autocrlf = input
alternateRefsCommand="exit 0 #"
# This option is unnecessary on journaled file systems and it's not recognized
# by git >= 2.36.
# fsyncObjectFiles = true
[gc]
auto = 0

View file

@ -0,0 +1,23 @@
#!/bin/sh
set -eu
keys_file='/var/lib/gitlab/.ssh/authorized_keys'
if [ ! -f "$keys_file" ]; then
keys_dir="$(dirname "$keys_file")"
echo "* Initializing authorized_keys file in $keys_dir" 1>&2
mkdir -m0700 -p "$keys_dir"
chown git:git "$keys_dir"
touch "$keys_file"
chmod 0600 "$keys_file"
chown git:git "$keys_file"
fi
cat <<EOF >&2
*
* GitLab Shell has been initialized. Read /etc/gitlab/gitlab-shell.yml and
* modify settings as need.
*
EOF

View file

@ -0,0 +1,41 @@
#!/bin/sh
# It's very important to set user/group correctly.
git_dir='/var/lib/gitlab'
if ! getent group git >/dev/null; then
echo '* Creating group git' >&2
addgroup -S git
fi
if ! id git 2>/dev/null 1>&2; then
echo '* Creating user git' >&2
adduser -DHS -G git -h "$git_dir" -s /bin/sh \
-g "added by apk for gitlab-shell" git
passwd -u git >/dev/null # unlock
fi
if ! id -Gn git | grep -Fq redis; then
echo '* Adding user git to group redis' >&2
addgroup git redis
fi
user_home="$(getent passwd git | cut -d: -f6)"
if [ "$user_home" != "$git_dir" ]; then
cat >&2 <<-EOF
!!
!! User git has home directory in $user_home, but this package and gitlab-ce
!! package assumes $git_dir. Although it's possible to use a different
!! directory, it's really not easy.
!!
!! Please change git's home directory to $git_dir, or adjust settings
!! and move files yourself. Otherwise GitLab will not work!
!!
EOF
fi
exit 0

View file

@ -0,0 +1,10 @@
--- a/src/core/ext/transport/chttp2/transport/chttp2_transport.cc
+++ b/src/core/ext/transport/chttp2/transport/chttp2_transport.cc
@@ -978,6 +978,7 @@
} else {
r = grpc_chttp2_begin_write(t);
}
+ #pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
if (r.writing) {
if (r.partial) {
GRPC_STATS_INC_HTTP2_PARTIAL_WRITES();

273
user/grpc/APKBUILD Normal file
View file

@ -0,0 +1,273 @@
# Contributor: Keith Maxwell <keith.maxwell@gmail.com>
# Contributor: wener <wenermail@gmail.com>
# Maintainer: wener <wenermail@gmail.com>
pkgname=grpc
pkgver=1.58.0
pkgrel=2
pkgdesc="The C based gRPC"
url="https://grpc.io/"
arch="all"
# BSD-3-Clause: third_party/upb, third_party/address_sorting
# MIT: third_party/upb/third_party/utf8_range
license="Apache-2.0 AND BSD-3-Clause AND MIT"
depends="ca-certificates"
depends_dev="
$pkgname-cpp=$pkgver-r$pkgrel
$pkgname-plugins=$pkgver-r$pkgrel
"
_pythondepends="
cython
python3-dev
py3-setuptools
"
_rubydepends="
$pkgname=$pkgver-r$pkgrel
ruby3.2-google-protobuf>=3.19
"
makedepends="
abseil-cpp-dev
autoconf
automake
benchmark-dev
c-ares-dev
chrpath
cmake
libstdc++
libtool
linux-headers
openssl-dev>3
protobuf-dev
re2-dev
ruby3.2-dev
samurai
yaml-dev
xxhash-dev
zlib-dev
$_pythondepends
$_rubydepends
"
checkdepends="coreutils python3 py3-six"
subpackages="
$pkgname-dev
$pkgname-cpp
$pkgname-plugins
$pkgname-doc
py3-grpcio-pyc
py3-grpcio:grpcio
ruby3.2-grpc:_ruby
libaddress_sorting:lib
libgpr:lib
libgrpc:lib
libgrpc_authorization_provider:lib
libgrpc_unsecure:lib
libupb:lib
"
_googletest_rev=0e402173c97aea7a00749e825b194bfede4f2e45
# ruby-dont-strip-library.patch: abuild will dot the strip
source="https://github.com/grpc/grpc/archive/v$pkgver/grpc-v$pkgver.tar.gz
googletest-$_googletest_rev.tar.gz::https://github.com/google/googletest/archive/$_googletest_rev.tar.gz
01-chttp2-maybe-uninitialized.patch
find-dependency.patch
ruby-fix-protoc-path.patch
ruby-use-shared-libs.patch
ruby-use-system-certs.patch
makefile-use-system-abseil.patch
cython3.patch
"
options="net !check" # sometimes hang indefinitely on builders
prepare() {
rm -r third_party/googletest
mv "$srcdir"/googletest-$_googletest_rev third_party/googletest
# Remove bundled xxhash.
# Since grpc sets XXH_INCLUDE_ALL wherever it uses xxhash, it is using xxhash
# as a header-only library. This means we can replace it with the system copy
# by doing nothing further; xxhash.h is in the system include path and will be
# found instead, and there are no linker flags to add. See also
# https://github.com/grpc/grpc/issues/25945.
rm -rvf third_party/xxhash/*
# This will be replaced with a symlink to system certs.
echo '' > etc/roots.pem
default_prepare
# Remove some bundled dependencies from the gem's files list.
sed -i \
-e '/etc\/roots.pem/d' \
-e '/third_party\/abseil/d' \
-e '/third_party\/boringssl/d' \
-e '/third_party\/cares/d' \
-e '/third_party\/re2/d' \
-e '/third_party\/xxhash/d' \
-e '/third_party\/zlib/d' \
grpc.gemspec
# Remove unused dependency from gemspec - it's not required anyhwere,
# it's just Google pushing their crap everywhere...
sed -i '/add_dependency.*googleapis-common-protos-types/d' \
grpc.gemspec
}
build() {
export CFLAGS="$CFLAGS -flto=auto -DNDEBUG -O2"
export CXXFLAGS="$CXXFLAGS -flto=auto -DNDEBUG -O2"
cmake -B _build -G Ninja \
-DCMAKE_BUILD_TYPE=None \
-DCMAKE_INSTALL_PREFIX=/usr \
-DCMAKE_CXX_STANDARD=17 \
-DBUILD_SHARED_LIBS=True \
-DgRPC_INSTALL=ON \
-DgRPC_CARES_PROVIDER=package \
-DgRPC_PROTOBUF_PROVIDER=package \
-DgRPC_SSL_PROVIDER=package \
-DgRPC_ZLIB_PROVIDER=package \
-DgRPC_ABSL_PROVIDER=package \
-DgRPC_BENCHMARK_PROVIDER=package \
-DgRPC_RE2_PROVIDER=package \
-DgRPC_BACKWARDS_COMPATIBILITY_MODE=OFF \
-DgRPC_BUILD_TESTS="$(want_check && echo ON || echo OFF)"
cmake --build _build
GRPC_PYTHON_CFLAGS="-std=c++17" \
GRPC_PYTHON_DISABLE_LIBC_COMPATIBILITY=1 \
GRPC_PYTHON_BUILD_SYSTEM_CARES=1 \
GRPC_PYTHON_BUILD_SYSTEM_OPENSSL=1 \
GRPC_PYTHON_BUILD_SYSTEM_ZLIB=1 \
GRPC_PYTHON_BUILD_SYSTEM_RE2=1 \
GRPC_PYTHON_BUILD_SYSTEM_ABSL=1 \
python3 setup.py build
# grpcio-tools
cd tools/distrib/python
python3 make_grpcio_tools.py
cd "$builddir"
gem build grpc.gemspec
TOPDIR="$PWD/_build" gem install \
--local \
--install-dir _build/ruby \
--ignore-dependencies \
--no-document \
--verbose \
grpc-$pkgver.gem
}
check() {
# delete times out in ci or broken for ci tests
rm -f _build/spinlock_test _build/resolve_address_using_ares_resolver_posix_test build/resolve_address_using_native_resolver_posix_test
rm -f _build/flaky_network_test _build/unknown_frame_bad_client_test _build/ssl_transport_security_test _build/httpscli_test
rm -f _build/headers_bad_client_test _build/httpcli_test
case $CARCH in
aarch64|ppc64le) rm -f _build/server_test _build/grpc_tool_test ;;
s390x) rm -f _build/client_lb_end2end_test _build/alts_frame_protector_test _build/alts_iovec_record_protocol_test ;;
armv7) rm -f _build/initial_settings_frame_bad_client_test ;;
x86) rm -f _build/time_jump_test _build/connection_prefix_bad_client_test ;;
esac
# start helper
./tools/run_tests/start_port_server.py &
find build/ -maxdepth 1 -type f -executable -name "*_test" -exec {} \;
# kill helper
pkill -9 python3
}
package() {
DESTDIR="$pkgdir" cmake --install _build
python3 setup.py install --skip-build --root="$pkgdir"
cd doc
find ./ -type f -print -exec install -Dm644 {} "$pkgdir"/usr/share/doc/grpc/{} \;
rm "$pkgdir"/usr/share/doc/grpc/.gitignore
find "$pkgdir" -type f -name roots.pem -exec \
sh -c 'rm $0 && ln -s /etc/ssl/certs/ca-certificates.crt $0' "{}" \;
}
cpp() {
pkgdesc="C++ language bindings for gRPC"
depends="$pkgname=$pkgver-r$pkgrel"
amove usr/lib/libgrpc++*.so.*
amove usr/lib/libgrpc_plugin_support.so.*
amove usr/lib/libgrpcpp*.so.*
}
plugins() {
pkgdesc="Protocol buffers compiler plugins for gRPC"
depends="$pkgname-cpp=$pkgver-r$pkgrel protobuf"
amove usr/bin/grpc_*_plugin
}
cli() {
pkgdesc="gRPC command line tool"
install -Dm644 -t "$subpkgdir"/usr/lib "$builddir"/_build/libgrpc++_test_config.so.$pkgver
install -Dm755 -t "$subpkgdir"/usr/bin "$builddir"/_build/grpc_cli
# Fix "Has /home/... in rpath"
chrpath -d "$subpkgdir"/usr/lib/libgrpc++_test_config.so.$pkgver
chrpath -d "$subpkgdir"/usr/bin/grpc_cli
}
grpcio() {
pkgdesc="gRPC Python HTTP/2-based RPC framework"
depends="py3-six"
amove usr/lib/python3*
}
_ruby() {
pkgdesc="Send RPCs from Ruby using GRPC"
depends="$_rubydepends"
local gemdir="$subpkgdir/$(ruby -e 'puts Gem.default_dir')"
cd "$builddir"/_build/ruby
mkdir -p "$gemdir"
cp -r extensions gems specifications "$gemdir"/
# Remove unnecessary files and rubbish...
cd "$gemdir"/extensions/*/*/grpc-$pkgver
rm gem_make.out mkmf.log || true
cd "$gemdir"/gems/grpc-$pkgver
rm -rf .yardopts \
Makefile \
include/ \
src/core/ \
third_party/
cd src/ruby
rm -rf bin/ \
ext/ \
lib/grpc/*.so \
pb/generate_proto_ruby.sh \
pb/README.md \
pb/src/ \
pb/test/ \
spec/
}
lib() {
pkgdesc="$pkgdesc ($subpkgname library)"
depends="$pkgname=$pkgver-r$pkgrel"
amove usr/lib/$subpkgname.so.*
}
sha512sums="
fb2fd211a22dd777cf4df39a9dd72e5c8014f1546a89d3910b006503aac80a74d5797705e02911e9c07316ed973f71110b94cc0e86225f648d4ff91773748a43 grpc-v1.58.0.tar.gz
5c5eaf6ff9f3c1bca025b7ef0234ba97232ba85b43e6354a92f49b7208f5c47581ebaf18bf58618498e5d264f2620c2b6676e81bb0f7df77112b96ba271ececf googletest-0e402173c97aea7a00749e825b194bfede4f2e45.tar.gz
7fa146ce86ddd4f160bb1ca9ff01cb7aca6b2b8c9aa50e4fa6b84504b9117b104be0d1e31ccb452d846549dfe1e9012ceccfcdc1f2357ed567621d71fb8b08c5 01-chttp2-maybe-uninitialized.patch
6702e39c6a3c065fe4ff5ae48898057135c09bf6851e35fc958cf95ee5d77e9dd34e8c34d978efe60682384e46c4c4b2e51156d546b06a0eb1feed89adcc024b find-dependency.patch
4ea72d2acd8bee9c9022a4412aa0af0477faca7b0810d14decb3ad5d4da044247f51189512323bfee855b9b260a7f82b812310391451e5d8ee718297800d7a73 ruby-fix-protoc-path.patch
7123bf1bbc48ceb303ce1e9820ea45a06dabd25e20e3c1c116ef68e629e80f229cf20314c415d74f0c5c1725f23a00b446656e0cffba3dcd3cc766ae29d8fb2f ruby-use-shared-libs.patch
631af4b9ac29c1ebabb2c88394ea2993e36cec1beda38195e1587dbd9d3c8c9eef75a17d2326d3cd2e682de551401216075ba08fdc501c098b8092d718ded381 ruby-use-system-certs.patch
89e260934da83eb45fa6b73884cba1b1c30f99c0eb883a726e2d36ee4788246f4c6fa1b201077038af956bcb58e625f83bedba4f186c711785ec240373ce4fc5 makefile-use-system-abseil.patch
896d2771fbb726db97efc7a76687a8fddfae18b0492977fc1f7cec4002803f7aed29e8276c94c6b60a06ecfe3ee7795d4ec3f8f90031dd3eda32d3e23dc9c98c cython3.patch
"

172
user/grpc/cython3.patch Normal file
View file

@ -0,0 +1,172 @@
From b3277bac1585ddee88a170b0a95c260d909cce9c Mon Sep 17 00:00:00 2001
From: Atri Bhattacharya <A.Bhattacharya@uliege.be>
Date: Sat, 24 Feb 2024 04:06:08 +0530
Subject: [PATCH] [python] Cython 3 compatibility: declare functions noexcept.
In Cython 3, cdef functions that really will not raise exceptions must
be declared as `noexcept`. Fixed by this commit.
Update requirements to `cython >= 3.0` in requirements*.txt and
setup.py.
Fixes issue #33918.
---
requirements.bazel.txt | 2 +-
requirements.txt | 2 +-
setup.py | 2 +-
.../grpcio/grpc/_cython/_cygrpc/aio/callback_common.pxd.pxi | 2 +-
.../grpcio/grpc/_cython/_cygrpc/aio/callback_common.pyx.pxi | 2 +-
src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi | 2 +-
src/python/grpcio/grpc/_cython/_cygrpc/fork_posix.pxd.pxi | 6 +++---
src/python/grpcio/grpc/_cython/_cygrpc/fork_posix.pyx.pxi | 6 +++---
src/python/grpcio/grpc/_cython/_cygrpc/vtable.pyx.pxi | 6 +++---
9 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/requirements.bazel.txt b/requirements.bazel.txt
index f46432cc88891..905c092ce4c33 100644
--- a/requirements.bazel.txt
+++ b/requirements.bazel.txt
@@ -1,6 +1,6 @@
# GRPC Python setup requirements
coverage==4.5.4
-cython==0.29.21
+cython==3.0.0
protobuf>=3.5.0.post1, < 4.0dev
wheel==0.38.1
oauth2client==4.1.0
diff --git a/requirements.txt b/requirements.txt
index 05390850559f1..56169434b1b78 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,5 @@
# GRPC Python setup requirements
coverage>=4.0
-cython>=0.29.8,<3.0.0rc1
+cython>=3.0.0
protobuf>=4.21.3,<5.0dev
wheel>=0.29
diff --git a/setup.py b/setup.py
index 2ce5fef422316..8b4ce5c16736a 100644
--- a/setup.py
+++ b/setup.py
@@ -539,7 +539,7 @@ def cython_extensions_and_necessity():
sys.stderr.write(
"We could not find Cython. Setup may take 10-20 minutes.\n"
)
- SETUP_REQUIRES += ("cython>=0.23,<3.0.0rc1",)
+ SETUP_REQUIRES += ("cython>=3.0.0",)
COMMAND_CLASS = {
"doc": commands.SphinxDocumentation,
diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/aio/callback_common.pxd.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/aio/callback_common.pxd.pxi
index e54e5107547c1..26edbdb917b10 100644
--- a/src/python/grpcio/grpc/_cython/_cygrpc/aio/callback_common.pxd.pxi
+++ b/src/python/grpcio/grpc/_cython/_cygrpc/aio/callback_common.pxd.pxi
@@ -48,7 +48,7 @@ cdef class CallbackWrapper:
@staticmethod
cdef void functor_run(
grpc_completion_queue_functor* functor,
- int succeed)
+ int succeed) noexcept
cdef grpc_completion_queue_functor *c_functor(self)
diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/aio/callback_common.pyx.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/aio/callback_common.pyx.pxi
index 14a0098fc2041..2b0df0e5ce7f7 100644
--- a/src/python/grpcio/grpc/_cython/_cygrpc/aio/callback_common.pyx.pxi
+++ b/src/python/grpcio/grpc/_cython/_cygrpc/aio/callback_common.pyx.pxi
@@ -50,7 +50,7 @@ cdef class CallbackWrapper:
@staticmethod
cdef void functor_run(
grpc_completion_queue_functor* functor,
- int success):
+ int success) noexcept:
cdef CallbackContext *context = <CallbackContext *>functor
cdef object waiter = <object>context.waiter
if not waiter.cancelled():
diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi
index 74a3f16d72dbb..600c0f304e067 100644
--- a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi
+++ b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi
@@ -316,7 +316,7 @@ def server_credentials_ssl_dynamic_cert_config(initial_cert_config,
return credentials
cdef grpc_ssl_certificate_config_reload_status _server_cert_config_fetcher_wrapper(
- void* user_data, grpc_ssl_server_certificate_config **config) with gil:
+ void* user_data, grpc_ssl_server_certificate_config **config) noexcept with gil:
# This is a credentials.ServerCertificateConfig
cdef ServerCertificateConfig cert_config = None
if not user_data:
diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/fork_posix.pxd.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/fork_posix.pxd.pxi
index 13a02434787ba..b300883abae81 100644
--- a/src/python/grpcio/grpc/_cython/_cygrpc/fork_posix.pxd.pxi
+++ b/src/python/grpcio/grpc/_cython/_cygrpc/fork_posix.pxd.pxi
@@ -12,10 +12,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-cdef void __prefork() nogil
+cdef void __prefork() noexcept nogil
-cdef void __postfork_parent() nogil
+cdef void __postfork_parent() noexcept nogil
-cdef void __postfork_child() nogil
\ No newline at end of file
+cdef void __postfork_child() noexcept nogil
diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/fork_posix.pyx.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/fork_posix.pyx.pxi
index 565f483b2ae00..d901cfddf4321 100644
--- a/src/python/grpcio/grpc/_cython/_cygrpc/fork_posix.pyx.pxi
+++ b/src/python/grpcio/grpc/_cython/_cygrpc/fork_posix.pyx.pxi
@@ -35,7 +35,7 @@ _GRPC_ENABLE_FORK_SUPPORT = (
_fork_handler_failed = False
-cdef void __prefork() nogil:
+cdef void __prefork() noexcept nogil:
with gil:
global _fork_handler_failed
_fork_handler_failed = False
@@ -49,14 +49,14 @@ cdef void __prefork() nogil:
_fork_handler_failed = True
-cdef void __postfork_parent() nogil:
+cdef void __postfork_parent() noexcept nogil:
with gil:
with _fork_state.fork_in_progress_condition:
_fork_state.fork_in_progress = False
_fork_state.fork_in_progress_condition.notify_all()
-cdef void __postfork_child() nogil:
+cdef void __postfork_child() noexcept nogil:
with gil:
try:
if _fork_handler_failed:
diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/vtable.pyx.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/vtable.pyx.pxi
index da4b81bd97e65..f59410073b736 100644
--- a/src/python/grpcio/grpc/_cython/_cygrpc/vtable.pyx.pxi
+++ b/src/python/grpcio/grpc/_cython/_cygrpc/vtable.pyx.pxi
@@ -13,16 +13,16 @@
# limitations under the License.
# TODO(https://github.com/grpc/grpc/issues/15662): Reform this.
-cdef void* _copy_pointer(void* pointer):
+cdef void* _copy_pointer(void* pointer) noexcept:
return pointer
# TODO(https://github.com/grpc/grpc/issues/15662): Reform this.
-cdef void _destroy_pointer(void* pointer):
+cdef void _destroy_pointer(void* pointer) noexcept:
pass
-cdef int _compare_pointer(void* first_pointer, void* second_pointer):
+cdef int _compare_pointer(void* first_pointer, void* second_pointer) noexcept:
if first_pointer < second_pointer:
return -1
elif first_pointer > second_pointer:

View file

@ -0,0 +1,13 @@
without this find_dependency() doesn't exist
--
diff --git a/cmake/gRPCConfig.cmake.in b/cmake/gRPCConfig.cmake.in
index 98d8c6d..5500ca2 100644
--- a/cmake/gRPCConfig.cmake.in
+++ b/cmake/gRPCConfig.cmake.in
@@ -1,5 +1,6 @@
# Module path
list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_LIST_DIR}/modules)
+include(CMakeFindDependencyMacro)
# Depend packages
@_gRPC_FIND_ZLIB@

View file

@ -0,0 +1,22 @@
--- a/Makefile
+++ b/Makefile
@@ -575,8 +575,8 @@
# Setup abseil dependency
-GRPC_ABSEIL_DEP = $(LIBDIR)/$(CONFIG)/libgrpc_abseil.a
-GRPC_ABSEIL_MERGE_LIBS = $(LIBDIR)/$(CONFIG)/libgrpc_abseil.a
+GRPC_ABSEIL_DEP = -labsl_base -labsl_int128 -labsl_strings -labsl_time -labsl_bad_optional_access -labsl_throw_delegate -labsl_str_format_internal
+GRPC_ABSEIL_MERGE_LIBS = -labsl_base -labsl_int128 -labsl_strings -labsl_time -labsl_bad_optional_access -labsl_throw_delegate -labsl_str_format_internal
# Setup re2 dependency
@@ -2809,7 +2809,7 @@
third_party/abseil-cpp/absl/types/bad_variant_access.cc \
-LIBGRPC_ABSEIL_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(LIBGRPC_ABSEIL_SRC))))
+LIBGRPC_ABSEIL_OBJS =
$(LIBGRPC_ABSEIL_OBJS): CPPFLAGS += -g -Ithird_party/abseil-cpp

View file

@ -0,0 +1,25 @@
Patch-Source: https://sources.debian.org/src/grpc/1.44.0-3/debian/patches/fix-protoc-path.patch (modified)
--- a/src/ruby/end2end/package_with_underscore_test.rb
+++ b/src/ruby/end2end/package_with_underscore_test.rb
@@ -20,8 +20,8 @@ def main
pb_dir = File.join(root_dir, 'src', 'ruby', 'end2end', 'protos')
- bins_dir = File.join(root_dir, 'cmake', 'build')
+ bins_dir = '/usr/bin'
plugin = File.join(bins_dir, 'grpc_ruby_plugin')
- protoc = File.join(bins_dir, 'third_party', 'protobuf', 'protoc')
+ protoc = File.join(bins_dir, 'protoc')
got = nil
--- a/src/ruby/tools/bin/grpc_tools_ruby_protoc
+++ b/src/ruby/tools/bin/grpc_tools_ruby_protoc
@@ -25,6 +25,5 @@ plugin_name = 'grpc_ruby_plugin' + ext
-protoc_dir = File.join(File.dirname(__FILE__),
- PLATFORM.architecture + '-' + PLATFORM.os_name)
+protoc_dir = '/usr/bin'
protoc_path = File.join(protoc_dir, protoc_name)

View file

@ -0,0 +1,81 @@
From: Jakub Jirutka <jakub@jirutka.cz>
Date: Wed, 24 Aug 2022 21:20:22 +0200
Subject: [PATCH] Link with shared libraries, don't embed anything
- Don't statically link openssl, zlib and cares.
- Don't build and statically link libgrpc, link shared libgrpc.
- Don't statically link libgcc and libstdc++.
diff --git a/src/ruby/ext/grpc/extconf.rb b/src/ruby/ext/grpc/extconf.rb
index 98a8876..808ecfe 100644
--- a/src/ruby/ext/grpc/extconf.rb
+++ b/src/ruby/ext/grpc/extconf.rb
@@ -69,11 +69,11 @@ if apple_toolchain && !cross_compiling
end
# Don't embed on TruffleRuby (constant-time crypto is unsafe with Sulong, slow build times)
-ENV['EMBED_OPENSSL'] = (RUBY_ENGINE != 'truffleruby').to_s
+ENV['EMBED_OPENSSL'] = 'false'
# Don't embed on TruffleRuby (the system zlib is already linked for the zlib C extension, slow build times)
-ENV['EMBED_ZLIB'] = (RUBY_ENGINE != 'truffleruby').to_s
+ENV['EMBED_ZLIB'] = 'false'
-ENV['EMBED_CARES'] = 'true'
+ENV['EMBED_CARES'] = 'false'
ENV['ARCH_FLAGS'] = RbConfig::CONFIG['ARCH_FLAG']
if apple_toolchain && !cross_compiling
@@ -97,32 +97,7 @@
strip_tool = RbConfig::CONFIG['STRIP']
strip_tool += ' -x' if apple_toolchain
-unless windows
- puts 'Building internal gRPC into ' + grpc_lib_dir
- nproc = 4
- nproc = Etc.nprocessors if Etc.respond_to? :nprocessors
- nproc_override = ENV['GRPC_RUBY_BUILD_PROCS']
- unless nproc_override.nil? or nproc_override.size == 0
- nproc = nproc_override
- puts "Overriding make parallelism to #{nproc}"
- end
- make = bsd ? 'gmake' : 'make'
- cmd = "#{make} -j#{nproc} -C #{grpc_root} #{grpc_lib_dir}/libgrpc.a CONFIG=#{grpc_config} Q="
- puts "Building grpc native library: #{cmd}"
- system(cmd)
- exit 1 unless $? == 0
-
- if grpc_config == 'opt'
- rm_obj_cmd = "rm -rf #{File.join(output_dir, 'objs')}"
- puts "Removing grpc object files: #{rm_obj_cmd}"
- system(rm_obj_cmd)
- exit 1 unless $? == 0
- strip_cmd = "#{strip_tool} #{grpc_lib_dir}/*.a"
- puts "Stripping grpc native library: #{strip_cmd}"
- system(strip_cmd)
- exit 1 unless $? == 0
- end
-end
+$LDFLAGS << ' -L' + ENV.fetch('TOPDIR', '.')
$CFLAGS << ' -DGRPC_RUBY_WINDOWS_UCRT' if windows_ucrt
$CFLAGS << ' -I' + File.join(grpc_root, 'include')
@@ -118,7 +103,7 @@ ext_export_file += '-truffleruby' if RUBY_ENGINE == 'truffleruby'
$LDFLAGS << ' -Wl,--version-script="' + ext_export_file + '.gcc"' if linux
$LDFLAGS << ' -Wl,-exported_symbols_list,"' + ext_export_file + '.clang"' if apple_toolchain
-$LDFLAGS << ' ' + File.join(grpc_lib_dir, 'libgrpc.a') unless windows
+$LDFLAGS << ' -Wl,-wrap,memcpy -lgrpc' unless windows
if grpc_config == 'gcov'
$CFLAGS << ' -O0 -fprofile-arcs -ftest-coverage'
$LDFLAGS << ' -fprofile-arcs -ftest-coverage -rdynamic'
@@ -129,10 +114,6 @@ if grpc_config == 'dbg'
end
$LDFLAGS << ' -Wl,-wrap,memcpy' if linux
-# Do not statically link standard libraries on TruffleRuby as this does not work when compiling to bitcode
-if linux && RUBY_ENGINE != 'truffleruby'
- $LDFLAGS << ' -static-libgcc -static-libstdc++'
-end
$LDFLAGS << ' -static' if windows
$CFLAGS << ' -std=c11 '

View file

@ -0,0 +1,15 @@
From: Jakub Jirutka <jakub@jirutka.cz>
Date: Fri, 20 May 2017 01:35:00 +0200
Subject: [PATCH] Use system CA certificates
--- a/src/ruby/lib/grpc.rb
+++ b/src/ruby/lib/grpc.rb
@@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-ssl_roots_path = File.expand_path('../../../../etc/roots.pem', __FILE__)
+ssl_roots_path = '/etc/ssl/certs/ca-certificates.crt'
require_relative 'grpc/errors'
require_relative 'grpc/structs'

View file

@ -1,31 +0,0 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=i18nspector
pkgver=0.27.1
pkgrel=0
pkgdesc="checking tool for gettext POT, PO and MO files"
url="https://jwilk.net/software/i18nspector"
arch="noarch"
license="MIT"
depends="py3-polib py3-rply"
checkdepends="python3-dev py3-pytest"
makedepends="py3-docutils py3-setuptools py3-gpep517 py3-wheel perl"
source="$pkgname-$pkgver.tar.gz::https://github.com/jwilk/i18nspector/archive/refs/tags/$pkgver.tar.gz"
subpackages="$pkgname-doc"
options="!check" # test failure
build() {
make -C doc
}
check() {
pytest -v
}
package() {
make PREFIX=/usr DESTDIR="$pkgdir" install
}
sha512sums="
b6b3d68ba03ead88393d6fff7233ec6d67196496f3eaaba8fe036ac9976746370885f72ec3c4e6b4dbf892f3d04c505a306900fafade1623e90ec9c1ad546166 i18nspector-0.27.1.tar.gz
"

71
user/listmonk/APKBUILD Normal file
View file

@ -0,0 +1,71 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=listmonk
pkgver=3.0.0
pkgrel=0
pkgdesc='Self-hosted newsletter and mailing list manager with a modern dashboard'
arch="all"
url=https://listmonk.app
license="AGPL3"
depends="
libcap-setcap
postgresql
procps
"
makedepends="go npm nodejs yarn"
source="
$pkgname-$pkgver.tar.gz::https://github.com/knadh/listmonk/archive/v$pkgver.tar.gz
listmonk.sh
listmonk.openrc
"
install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
subpackages="$pkgname-openrc"
pkgusers="listmonk"
pkggroups="listmonk"
build() {
go build \
-trimpath \
-buildmode=pie \
-mod=readonly \
-modcacherw \
-ldflags "-extldflags '$LDFLAGS' -X 'main.buildString=Alpine Linux v$pkgver-$pkgrel' -X 'main.versionString=v$pkgver'" \
-o $pkgname \
cmd/*.go
(
cd frontend
export YARN_CACHE_FOLDER="$srcdir/node_modules"
export VUE_APP_VERSION="v$pkgver"
yarn install --frozen-lockfile
yarn build
)
}
check() {
go test ./...
}
package() {
install -Dm755 "$srcdir"/listmonk.sh "$pkgdir"/usr/bin/listmonk
install -Dm644 config.toml.sample "$pkgdir"/etc/listmonk/config.toml
install -Dm644 -t "$pkgdir"/usr/share/webapps/listmonk/ \
schema.sql \
queries.sql \
config.toml.sample
install -Dm755 listmonk "$pkgdir"/usr/share/webapps/listmonk/
install -Dm644 -t "$pkgdir"/usr/share/webapps/listmonk/frontend/dist/ \
frontend/dist/static/favicon.png
cp -a frontend/dist/static "$pkgdir"/usr/share/webapps/listmonk/frontend/dist/static
cp -a frontend/dist/index.html "$pkgdir"/usr/share/webapps/listmonk/frontend/dist/index.html
cp -a static "$pkgdir"/usr/share/webapps/listmonk/
cp -a i18n "$pkgdir"/usr/share/webapps/listmonk/
install -Dm755 "$srcdir"/$pkgname.openrc \
"$pkgdir"/etc/init.d/$pkgname
ln -s /etc/listmonk/config.toml "$pkgdir"/usr/share/webapps/listmonk/config.toml
}
sha512sums="
afd0ea1d4d2b2753c3043526590cf09c45a541a2d818f5d1581644ffd10818326fd553a3b04bca59494860a7bb6e96364b08afd33d337a9fc5c71bedd1a5ee6c listmonk-3.0.0.tar.gz
939450af4b23708e3d23a5a88fad4c24b957090bdd21351a6dd520959e52e45e5fcac117a3eafa280d9506616dae39ad3943589571f008cac5abe1ffd8062424 listmonk.sh
8e9c0b1f335c295fb741418246eb17c7566e5e4200a284c6483433e8ddbf5250aa692435211cf062ad1dfcdce3fae9148def28f03f2492d33fe5e66cbeebd4bd listmonk.openrc
"

View file

@ -0,0 +1,29 @@
#!/sbin/openrc-run
name="$RC_SVCNAME"
cfgfile="/etc/conf.d/$RC_SVCNAME.conf"
pidfile="/run/$RC_SVCNAME.pid"
working_directory="/usr/share/webapps/listmonk"
command="/usr/share/webapps/listmonk/listmonk"
command_user="listmonk"
command_group="listmonk"
start_stop_daemon_args=""
command_background="yes"
output_log="/var/log/listmonk/$RC_SVCNAME.log"
error_log="/var/log/listmonk/$RC_SVCNAME.err"
depend() {
need postgresql
}
start_pre() {
cd "$working_directory"
checkpath --directory --owner $command_user:$command_group --mode 0775 \
/var/log/listmonk \
/var/lib/listmonk
}
stop_pre() {
ebegin "Killing child processes"
kill $(ps -o pid= --ppid $(cat $pidfile)) || true
}

View file

@ -0,0 +1,27 @@
#!/bin/sh
set -eu
setcap 'cap_net_bind_service=+ep' /usr/share/webapps/listmonk/listmonk
if [ "${0##*.}" = 'post-upgrade' ]; then
cat >&2 <<-EOF
*
* To finish Listmonk upgrade run:
*
* listmonk --upgrade
*
EOF
else
cat >&2 <<-EOF
*
* 1. Adjust settings in /etc/listmonk/config.toml.
*
* 2. Create database for Listmonk:
*
* psql -c "CREATE ROLE listmonk PASSWORD 'top-secret' INHERIT LOGIN;"
* psql -c "CREATE DATABASE listmonk OWNER listmonk ENCODING 'UTF-8';"
*
* 3. Run "listmonk --install"
*
EOF
fi

View file

@ -0,0 +1 @@
listmonk.post-install

View file

@ -0,0 +1,21 @@
#!/bin/sh
# It's very important to set user/group correctly.
listmonk_dir='/var/lib/listmonk'
if ! getent group listmonk 1>/dev/null; then
echo '* Creating group listmonk' 1>&2
addgroup -S listmonk
fi
if ! id listmonk 2>/dev/null 1>&2; then
echo '* Creating user listmonk' 1>&2
adduser -DHS -G listmonk -h "$listmonk_dir" -s /bin/sh \
-g "added by apk for listmonk" listmonk
passwd -u listmonk 1>/dev/null # unlock
fi
exit 0

12
user/listmonk/listmonk.sh Normal file
View file

@ -0,0 +1,12 @@
#!/bin/sh
BUNDLE_DIR='/usr/share/webapps/listmonk'
cd $BUNDLE_DIR
if [ "$(id -un)" != 'listmonk' ]; then
exec su listmonk -c '"$0" "$@"' -- ./listmonk "$@"
else
exec ./listmonk "$@"
fi

196
user/loomio/APKBUILD Normal file
View file

@ -0,0 +1,196 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=loomio
pkgver=2.21.4
_gittag=v$pkgver
pkgrel=0
pkgdesc="A collaborative decision making tool"
url="https://github.com/loomio/loomio"
arch="x86_64"
license="MIT"
depends="
postgresql
postgresql-contrib
python3
redis
ruby3.2
ruby3.2-bundler
ruby3.2-grpc
vips
npm
procps-ng
"
makedepends="
cmd:chrpath
ruby3.2-dev
nodejs
openssl-dev
readline-dev
zlib-dev
libpq-dev
libffi-dev
imagemagick-dev
"
pkgusers="loomio"
pkggroups="loomio www-data"
install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
subpackages="$pkgname-openrc"
source="
$pkgname-$pkgver.tar.gz::https://github.com/loomio/loomio/archive/refs/tags/v$pkgver.tar.gz
bin-wrapper.in
loomio.confd
loomio.logrotate
loomio.sidekiq.initd
loomio.vue.initd
loomio.initd
"
_prefix="usr/lib/webapps/loomio"
export BUNDLE_DEPLOYMENT=true
export BUNDLE_FORCE_RUBY_PLATFORM=true
export BUNDLE_FROZEN=true
export BUNDLE_JOBS=${JOBS:-2}
prepare() {
local sysgemdir=$(ruby -e 'puts Gem.default_dir')
default_prepare
# Allow use of any bundler
sed -i -e '/BUNDLED/,+1d' Gemfile.lock
# Allow use of any platform
sed -i -e 's/PLATFORMS/PLATFORMS\n ruby/' Gemfile.lock
# Some gems are broken, so we copy our fixed version
# instead of installing it from RubyGems using Bundler.
mkdir -p vendor/gems/grpc/src/ruby/lib/grpc
cp -r "$sysgemdir"/gems/grpc-*/* vendor/gems/grpc/
cp "$sysgemdir"/specifications/grpc-*.gemspec \
vendor/gems/grpc/grpc.gemspec
cp "$sysgemdir"/extensions/*/*/grpc-*/grpc/*.so \
vendor/gems/grpc/src/ruby/lib/grpc/
}
build() {
local bundle_without='exclude development test'
bundle config --local build.ffi --enable-system-libffi
bundle config --local build.vips --enable-system-libraries
bundle config --local build.nokogiri --use-system-libraries \
--with-xml2-include=/usr/include/libxml2 \
--with-xslt-include=/usr/include/libxslt
bundle config --local build.google-protobuf '-- --with-cflags=-D__va_copy=va_copy'
msg "Installing Ruby gems..."
bundle config --local without "$bundle_without"
bundle config --local path "vendor/bundle"
bundle install --no-cache
msg "Precompiling static assets..."
bundle exec bootsnap precompile --gemfile app/ lib/
# Create executables in bin/*.
# See also https://github.com/bundler/bundler/issues/6149.
bundle binstubs --force bundler puma sidekiq
# Remove faulty RPATH.
chrpath -d vendor/bundle/ruby/*/gems/*/lib/nokogiri/*/nokogiri.so
# cp grpc so
cp vendor/gems/grpc/src/ruby/lib/grpc/grpc_c.so vendor/bundle/ruby/*/gems/grpc*/src/ruby/lib/grpc/.
rm -R vendor/bundle/ruby/*/gems/grpc*/src/ruby/lib/grpc/3* vendor/bundle/ruby/*/gems/grpc*/src/ruby/lib/grpc/2*
msg "Installing npm modules..."
cd vue
# force as vite-plugin-yaml hasn't updated their peerDependencies list yet
npm ci --force
npm run build
}
package() {
local destdir="$pkgdir/$_prefix"
local datadir="$pkgdir/var/lib/loomio"
local file dest
# Make directories
install -dm 755 \
"$(dirname $destdir)" \
"$datadir"
mkdir -p "$(dirname $destdir)"
cp -R "$builddir" "$destdir"
cd "$destdir"/vendor/bundle/ruby/*/
# Remove tests, documentations and other useless files.
find gems/ \( -name 'doc' \
-o -name 'spec' \
-o -name 'test' \) \
-type d -maxdepth 2 -exec rm -fr "{}" +
find gems/ \( -name 'README*' \
-o -name 'CHANGELOG*' \
-o -name 'CONTRIBUT*' \
-o -name '*LICENSE*' \
-o -name 'Rakefile' \
-o -name '.*' \) \
-type f -delete
# Remove build logs and cache.
rm -rf build_info/ cache/
find extensions/ \( -name gem_make.out -o -name mkmf.log \) -delete
cd "$destdir"
# Install and symlink config files.
for file in database.yml.postgresql puma.rb sidekiq.yml; do
dest="$(basename "${file/.postgresql/}")"
install -m640 -g loomio -D config/$file "$pkgdir"/etc/loomio/$dest
ln -sf /etc/loomio/$dest "$pkgdir"/$_prefix/config/${file/.postgrewsql/}
done
# This file will be generated by the post-install script, just prepare symlink.
ln -sf /etc/loomio/secrets.yml config/secrets.yml
# These shouldn't be necessary, they are all configurable, but OmniBus
cat > "$datadir"/.profile <<-EOF
export RAILS_ENV=production
export NODE_ENV=production
export EXECJS_RUNTIME=Disabled
EOF
# Install wrapper scripts to /usr/bin.
local name; for name in rake rails; do
sed "s/__COMMAND__/$name/g" "$srcdir"/bin-wrapper.in \
> "$builddir"/loomio-$name
install -m755 -D "$builddir"/loomio-$name "$pkgdir"/usr/bin/loomio-$name
done
for file in $pkgname $pkgname.sidekiq $pkgname.vue; do
install -m755 -D "$srcdir"/$file.initd "$pkgdir"/etc/init.d/$file
done
install -m644 -D "$srcdir"/loomio.confd \
"$pkgdir"/etc/conf.d/loomio
install -m644 -D "$srcdir"/loomio.logrotate \
"$pkgdir"/etc/logrotate.d/loomio
}
assets() {
depends=""
amove $_prefix/public/assets
}
sha512sums="
72a1238c1eaa3b963bd20a09d4fc2e52798264779bdf06d3f32891f2880d246059c77381329d1274bfa5979a35740017f0ced324f88b205369e77335b403ffba loomio-2.21.4.tar.gz
6cd4bb030660a9f4697eeb7c6de3f7509558aab3651e68218583dfeea56634f3b9f58acb50c7c9a4188a38c19434a815dd6c347e30207c4c0ae028c8dcb6ccaf bin-wrapper.in
0f1c91fbd4b8099f0a115705d5af799e4492fa2a0fd54175f3bfbfb5be1122bd7fd73a7709695c7caf2dcc667f3b8715051c24f424472e1115753e43a38fdf50 loomio.confd
1ecb0717cd5f04b894467b21d226b98d8f83b8f62afbf8da7edd57973aeabb13d121e9061cc48aec7572b1c710e82c8b44a1cedc0a924efd4bc4a124b3afe9a8 loomio.logrotate
c5dae2b6f9a23853c3c7ac068d97a7b0269b1775f6e0169c3d8999ec67c2baf3545515ea21037e882d900b15a7abf9061dd5a584bdc82c347b54d8c134f6d7a4 loomio.sidekiq.initd
f774954d8b06aacab27af9593b1b12fbe18ec2d0593dd4f82e4d3dfbc7e325fb1a423347fd974a2ec6665776a6cfe85f255f4fd7493c97eb840f34eb7fbdb329 loomio.vue.initd
645637c4112ec91ec2ea6022713e77a8ee76c0f0a81f9adf1f9210b52a578e94b5b02f0b6244b173905f580f72dc362b5434c714aae11e3619f73af223891bb8 loomio.initd
"

View file

@ -0,0 +1,15 @@
#!/bin/sh
BUNDLE_DIR='/usr/lib/webapps/loomio'
export RAILS_ENV='production'
export NODE_ENV='production'
export EXECJS_RUNTIME='Disabled'
cd $BUNDLE_DIR
install -m 700 -o loomio -g loomio -d "$(readlink ./tmp)"
if [ "$(id -un)" != 'loomio' ]; then
exec su loomio -c '"$0" "$@"' -- bin/__COMMAND__ "$@"
else
exec bin/__COMMAND__ "$@"
fi

32
user/loomio/loomio.confd Normal file
View file

@ -0,0 +1,32 @@
# Configuration file for /etc/init.d/loomio and
# /etc/init.d/loomio.{vue,sidekiq}
# Specify how many processes to create using sidekiq-cluster and which queue
# they should handle. Each whitespace-separated item equates to one additional
# Sidekiq process, and comma-separated values in each item determine the queues
# it works on. The special queue name "*" means all queues.
# Example: "* gitlab_shell process_commit,post_receive"
# See https://docs.gitlab.com/ee/administration/sidekiq/extra_sidekiq_processes.html.
#sidekiq_queue_groups="*"
# Maximum threads to use with Sidekiq (default: 50, 0 to disable).
#sidekiq_max_concurrency=
# Minimum threads to use with Sidekiq (default: 0).
#sidekiq_min_concurrency=
# The number of seconds to wait between worker checks.
#sidekiq_interval=
# Graceful timeout for all running processes.
#sidekiq_shutdown_timeout=
# Run workers for all queues in sidekiq_queues.yml except the given ones.
#sidekiq_negate=no
# Run workers based on the provided selector.
#sidekiq_queue_selector=no
# Memory limit (in MiB) for the Sidekiq process. If the RSS (Resident Set Size)
# of the Sidekiq process exceeds this limit, a delayed shutdown is triggered.
#sidekiq_memkiller_max_rss=2000

39
user/loomio/loomio.initd Normal file
View file

@ -0,0 +1,39 @@
#!/sbin/openrc-run
name="Loomio"
description="Meta script for starting/stopping all the Loomio components"
subservices="loomio.sidekiq loomio.vue"
depend() {
use net
}
start() {
local ret=0
ebegin "Starting all Loomio components"
local svc; for svc in $subservices; do
service $svc start || ret=1
done
eend $ret
}
stop() {
local ret=0
ebegin "Stopping all Loomio components"
local svc; for svc in $subservices; do
service $svc stop || ret=1
done
eend $ret
}
status() {
local ret=0
local svc; for svc in $subservices; do
echo "$svc:"
service $svc status || ret=1
done
eend $ret
}

View file

@ -0,0 +1,11 @@
/var/log/loomio/*.log {
compress
copytruncate
delaycompress
maxsize 10M
minsize 1M
missingok
sharedscripts
rotate 10
weekly
}

32
user/loomio/loomio.post-install Executable file
View file

@ -0,0 +1,32 @@
#!/bin/sh
set -eu
group=loomio
config_file='/etc/loomio/config.yml'
#if [ $(grep '@@SECRET_KEY@@' "$config_file") ]; then
# echo "* Generating random secret in $config_file" >&2
# secret_key="$(pwgen -s 50 1)"
# sed -i "s|@@SECRET_KEY@@|$secret_key|" "$config_file"
#fi
if [ "${0##*.}" = 'post-upgrade' ]; then
cat >&2 <<-EOF
*
* To finish Loomio upgrade run:
*
*
EOF
else
cat >&2 <<-EOF
*
* 1. Adjust settings in /etc/loomio/config.yml.
*
* 2. Create database for loomio:
*
* psql -c "CREATE ROLE loomio PASSWORD 'top-secret' INHERIT LOGIN;"
* psql -c "CREATE DATABASE loomio OWNER loomio ENCODING 'UTF-8';"
*
EOF
fi

View file

@ -0,0 +1 @@
loomio.post-install

View file

@ -0,0 +1,26 @@
#!/bin/sh
# It's very important to set user/group correctly.
loomio_dir='/var/lib/loomio'
if ! getent group loomio 1>/dev/null; then
echo '* Creating group loomio' 1>&2
addgroup -S loomio
fi
if ! id loomio 2>/dev/null 1>&2; then
echo '* Creating user loomio' 1>&2
adduser -DHS -G loomio -h "$loomio_dir" -s /bin/sh \
-g "added by apk for loomio" loomio
passwd -u loomio 1>/dev/null # unlock
fi
if ! id -Gn loomio | grep -Fq redis; then
echo '* Adding user loomio to group www-data' 1>&2
addgroup loomio www-data
fi
exit 0

View file

@ -0,0 +1,32 @@
#!/sbin/openrc-run
name="Loomio background workers Service"
root="/usr/share/webapps/loomio"
pidfile="/run/loomio-sidekiq.pid"
logfile="/var/log/loomio/sidekiq.log"
depend() {
use net
need redis
}
start() {
ebegin "Starting Loomio background workers"
cd $root
start-stop-daemon --start --background \
--chdir "${root}" \
--user="loomio" \
--make-pidfile --pidfile="${pidfile}" \
-1 "${logfile}" -2 "${logfile}" \
--exec /usr/bin/env -- RAILS_ENV=production bundle exec rails s
eend $?
}
stop() {
ebegin "Stopping Loomio background workers"
start-stop-daemon --stop \
--pidfile=${pidfile} \
eend $?
}

View file

@ -0,0 +1,31 @@
#!/sbin/openrc-run
name="$RC_SVCNAME"
cfgfile="/etc/conf.d/$RC_SVCNAME.conf"
pidfile="/run/$RC_SVCNAME.pid"
working_directory="/usr/share/bundles/loomio"
command="npm"
command_args="run serve"
command_user="loomio"
command_group="loomio"
start_stop_daemon_args=""
command_background="yes"
output_log="/var/log/loomio/$RC_SVCNAME.log"
error_log="/var/log/loomio/$RC_SVCNAME.err"
depend() {
need redis
need postgresql
}
start_pre() {
cd "$working_directory"
checkpath --directory --owner $command_user:$command_group --mode 0775 \
/var/log/loomio \
/var/lib/loomio
}
stop_pre() {
ebegin "Killing child processes"
kill $(ps -o pid= --ppid $(cat $pidfile)) || true
}

202
user/mastodon/APKBUILD Normal file
View file

@ -0,0 +1,202 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=mastodon
_pkgname=$pkgname
pkgver=4.2.10
_gittag=v$pkgver
pkgrel=1
pkgdesc="Self-hosted social media and network server based on ActivityPub and OStatus"
arch="x86_64"
url="https://github.com/mastodon/mastodon"
license="AGPL-3.0-only"
depends="
$pkgname-assets=$pkgver-r$pkgrel
ffmpeg
file
gcompat
imagemagick
nodejs
npm
protobuf
py3-elasticsearch
redis
ruby3.2
ruby3.2-bundler
yarn
"
makedepends="
gnu-libiconv-dev
icu-dev
libffi-dev
libidn-dev
libxml2-dev
libxslt-dev
openssl-dev
postgresql-dev
protobuf-dev
ruby3.2-dev
yaml-dev
zlib-dev
"
install="
$pkgname.pre-install
$pkgname.post-upgrade
$pkgname.post-install
"
source="
mastodon-$_gittag.tar.gz::https://github.com/mastodon/mastodon/archive/$_gittag.tar.gz
mastodon.initd
mastodon.web.initd
mastodon.sidekiq.initd
mastodon.streaming.initd
mastodon.logrotate
bin-wrapper.in
"
subpackages="$pkgname-openrc $pkgname-assets::noarch"
options="!check" # No test suite
_prefix="usr/lib/bundles/$_pkgname"
export BUNDLE_DEPLOYMENT=true
export BUNDLE_FORCE_RUBY_PLATFORM=true
export BUNDLE_FROZEN=true
export BUNDLE_JOBS=${JOBS:-2}
prepare() {
default_prepare
# Allow use of any bundler
sed -i -e '/BUNDLED/,+1d' Gemfile.lock
# Allow use of higher Node versions
sed -i 's/"node": .*"/"node": ">=14.15"/' package.json
mkdir -p "$srcdir"/gem-cache
}
build() {
local bundle_without='exclude development'
msg "Installing Ruby gems..."
bundle config --local build.nokogiri --use-system-libraries \
--with-xml2-include=/usr/include/libxml2 \
--with-xslt-include=/usr/include/libxslt
bundle config --local build.ffi --enable-system-libffi
bundle config --local build.idn --enable-system-libidn
bundle config --local path "vendor/bundle"
bundle config --local set deployment 'false'
bundle config --local set without "$bundle_without"
bundle install --no-cache -j"$(getconf _NPROCESSORS_ONLN)"
msg "Installing npm modules..."
yarn install --production --frozen-lockfile
(
msg "Compiling assets..."
export NODE_ENV=production
export RAILS_ENV=production
export NODE_OPTIONS="--openssl-legacy-provider"
OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder bundle exec rails assets:precompile
)
msg "Cleaning assets gems..."
bundle config --local without "$bundle_without"
bundle clean
# Create executables in bin/*.
# See also https://github.com/bundler/bundler/issues/6149.
bundle binstubs --force bundler puma sidekiq
}
package() {
local destdir="$pkgdir"/$_prefix
local datadir="$pkgdir/var/lib/gitlab"
# directory creation
install -dm 755 \
"$destdir" \
"$datadir" \
"$pkgdir"/etc/init.d
# Install application files.
rmdir "$destdir"
cp -a "$builddir" "$destdir"
install -m755 -t "$destdir"/bin/ \
bin/bundle \
bin/rails \
bin/rake \
bin/sidekiq \
bin/sidekiqmon \
bin/tootctl \
bin/puma
cd "$destdir"/vendor/bundle/ruby/*/
# Remove tests, documentations and other useless files.
find gems/ \( -name 'doc' \
-o -name 'spec' \
-o -name 'test' \) \
-type d -maxdepth 2 -exec rm -fr "{}" +
find gems/ \( -name 'README*' \
-o -name 'CHANGELOG*' \
-o -name 'CONTRIBUT*' \
-o -name '*LICENSE*' \
-o -name 'Rakefile' \
-o -name '.*' \) \
-type f -delete
# Remove assets, they are already compiled.
rm -r gems/doorkeeper-*/app/assets
rm -r gems/pghero-*/app/assets
# Remove build logs and cache.
rm -rf build_info/ cache/
find extensions/ \( -name gem_make.out -o -name mkmf.log \) -delete
cat > "$datadir"/.profile <<-EOF
export RAILS_ENV=production
export NODE_ENV=production
export EXECJS_RUNTIME=Disabled
EOF
# Install wrapper scripts to /usr/bin.
local name; for name in rake rails tootctl; do
sed "s/__COMMAND__/$name/g" "$srcdir"/bin-wrapper.in \
> "$builddir"/mastodon-$name
install -m755 -D "$builddir"/mastodon-$name "$pkgdir"/usr/bin/mastodon-$name
done
# Put the config file in /etc and link to it
touch "$pkgdir"/etc/mastodon.conf
ln -s /etc/mastodon.conf "$destdir"/.env.production
ln -s /usr/bin/node "$destdir"/node
for file in $_pkgname $_pkgname.sidekiq $_pkgname.web $_pkgname.streaming; do
install -m755 -D "$srcdir"/$file.initd "$pkgdir"/etc/init.d/$file
done
# Removing all prebuilt artifacts
rm -R "$destdir"/node_modules/*/prebuilds 2>&1 || true
install -m644 -D "$srcdir"/$_pkgname.logrotate \
"$pkgdir"/etc/logrotate.d/$_pkgname
}
assets() {
depends=""
amove $_prefix/public/assets
}
sha512sums="
1fe5417136bc020a83b83eaccef7f1f46c13fc8318681f12ba556b1b6b03e25ef7b6335c28f4e6722101e97b63020cbd0d3fbacdaf9b3b5a4b73c3cf3e230813 mastodon-v4.2.10.tar.gz
d49fea9451c97ccefe5e35b68e4274aeb427f9d1e910b89c1f6c810489c3bec1ccff72952fdaef95abf944b8aff0da84a52347540d36ff1fba5ccc19e1d935c6 mastodon.initd
eefe12a31268245f802222c0001dac884e03adb0d301e53a1512a3cd204836ca03ad083908cd14d146cf0dce99e3a4366570efd0e40a9a490ccd381d4c63c32f mastodon.web.initd
8fc9249c01693bb02b8d1a6177288d5d3549addde8c03eb35cc7a32dde669171872ebc2b5deb8019dc7a12970098f1af707171fa41129be31b04e1dc1651a777 mastodon.sidekiq.initd
03433a2f58600ca0d58e7c3713df2146ccdfc92033ccfe801dbd38bac39b66d6297f2b5ca02300caa36455b484eab2caa68c912c2f72150203bfa0e106c375fc mastodon.streaming.initd
83b3bae5b6fdb4d0dbc1cbe546c62c0aa77397b97d1a5d5377af032466677de188065b556710c0d96576bbae89cc76800f1ffb8cd718155eb2784da818f27619 mastodon.logrotate
dfd0e43ac6c28387bd4aa57fd98ae41aeb5a098b6deb3e44b89f07818e2470773b025364afee7ef6fd0f664cb86bbbbe8796c9f222f5436c256a787282fbe3e1 bin-wrapper.in
"

View file

@ -0,0 +1,15 @@
#!/bin/sh
BUNDLE_DIR='/usr/lib/bundles/mastodon'
export RAILS_ENV='production'
export NODE_ENV='production'
export EXECJS_RUNTIME='Disabled'
cd $BUNDLE_DIR
if [ "$(id -un)" != 'mastodon' ]; then
exec su mastodon -c '"$0" "$@"' -- bin/__COMMAND__ "$@"
else
exec bin/__COMMAND__ "$@"
fi

View file

@ -0,0 +1,41 @@
#!/sbin/openrc-run
name="Mastodon"
description="Meta script for starting/stopping all the Mastodon components"
subservices="mastodon.sidekiq mastodon.streaming mastodon.web"
depend() {
need redis postgresql
use net
}
start() {
local ret=0
ebegin "Starting all Mastodon components"
local svc; for svc in $subservices; do
service $svc start || ret=1
done
eend $ret
}
stop() {
local ret=0
ebegin "Stopping all Mastodon components"
local svc; for svc in $subservices; do
service $svc stop || ret=1
done
eend $ret
}
status() {
local ret=0
local svc; for svc in $subservices; do
echo "$svc:"
service $svc status || ret=1
done
eend $ret
}

View file

@ -0,0 +1,11 @@
/var/log/mastodon/*.log {
compress
copytruncate
delaycompress
maxsize 10M
minsize 1M
missingok
sharedscripts
rotate 10
weekly
}

View file

@ -0,0 +1,27 @@
#!/bin/sh
set -eu
if [ "${0##*.}" = 'post-upgrade' ]; then
cat >&2 <<-EOF
*
* To finish Mastodon upgrade run:
*
* mastodon-rails db:migrate
*
EOF
else
cat >&2 <<-EOF
*
* 1. Adjust settings in /etc/mastodon.conf
*
* 2. Create database for Mastodon:
*
* psql -c "CREATE ROLE mastodon PASSWORD 'top-secret' INHERIT LOGIN;"
* psql -c "CREATE DATABASE mastodon OWNER mastodon ENCODING 'UTF-8';"
* psql -d mastodon -c "CREATE EXTENSION pg_trgm; CREATE EXTENSION btree_gist;"
* psql -c "ALTER DATABASE name OWNER TO new_owner;"
*
* 3. Run "mastodon-rake db:migrate"
*
EOF
fi

View file

@ -0,0 +1 @@
mastodon.post-install

View file

@ -0,0 +1,54 @@
#!/bin/sh
# It's very important to set user/group correctly.
mastodon_dir='/var/lib/mastodon'
if ! getent group mastodon 1>/dev/null; then
echo '* Creating group mastodon' 1>&2
addgroup -S mastodon
fi
if ! id mastodon 2>/dev/null 1>&2; then
echo '* Creating user mastodon' 1>&2
adduser -DHS -G mastodon -h "$mastodon_dir" -s /bin/sh \
-g "added by apk for mastodon" mastodon
passwd -u mastodon 1>/dev/null # unlock
fi
if ! id -Gn mastodon | grep -Fq redis; then
echo '* Adding user mastodon to group redis' 1>&2
addgroup mastodon redis
fi
if [ "$(id -gn mastodon)" != 'mastodon' ]; then
cat >&2 <<-EOF
!!
!! User mastodon has primary group $(id -gn mastodon). We strongly recommend to change
!! mastodon's primary group to mastodon.
!!
EOF
# Add it at least as a supplementary group.
adduser mastodon mastodon
fi
user_home="$(getent passwd mastodon | cut -d: -f6)"
if [ "$user_home" != "$mastodon_dir" ]; then
cat >&2 <<-EOF
!!
!! User mastodon has home directory in $user_home, but this package assumes
!! $mastodon_dir. Although it's possible to use a different directory,
!! it's really not easy.
!!
!! Please change mastodon's home directory to $mastodon_dir, or adjust settings
!! and move files yourself. Otherwise Mastodon will not work!
!!
EOF
fi
exit 0

View file

@ -0,0 +1,32 @@
#!/sbin/openrc-run
name="Mastodon background workers Service"
root="/usr/lib/bundles/mastodon"
pidfile="/run/mastodon-sidekiq.pid"
logfile="/var/log/mastodon/sidekiq.log"
depend() {
use net
need redis
}
start() {
ebegin "Starting Mastodon background workers"
cd $root
start-stop-daemon --start --background \
--chdir "${root}" \
--user="mastodon" \
--make-pidfile --pidfile="${pidfile}" \
-1 "${logfile}" -2 "${logfile}" \
--exec /usr/bin/env -- RAILS_ENV=production DB_POOL=25 MALLOC_ARENA_MAX=2 bundle exec sidekiq -c 25
eend $?
}
stop() {
ebegin "Stopping Mastodon background workers"
start-stop-daemon --stop \
--pidfile=${pidfile} \
eend $?
}

Some files were not shown because too many files have changed in this diff Show more