Compare commits
29 commits
Author | SHA1 | Date | |
---|---|---|---|
6e019ecb0f | |||
fa354dfddf | |||
db97332670 | |||
192238ebb7 | |||
93090f1a62 | |||
b450bca1af | |||
76b0fad538 | |||
52b885f4c2 | |||
fa30c6dde1 | |||
90f0e5a43c | |||
09bda96bd4 | |||
6e9c36400e | |||
08db8671dd | |||
99c4b6f5e8 | |||
b85c3fdc2c | |||
e9fb57aa39 | |||
aa1765e457 | |||
597e7886a3 | |||
7b0bcd1550 | |||
960293833e | |||
6d4cb0f4f1 | |||
8d0f7b55ce | |||
4f4c87063f | |||
54447345b4 | |||
14b2ac8af5 | |||
e1f435d938 | |||
cc3a7230e9 | |||
51e314e969 | |||
d366575faa |
31 changed files with 617 additions and 873 deletions
33
.forgejo/bin/deploy.sh
Executable file
33
.forgejo/bin/deploy.sh
Executable file
|
@ -0,0 +1,33 @@
|
|||
#!/bin/sh
|
||||
|
||||
# shellcheck disable=SC3040
|
||||
set -eu -o pipefail
|
||||
|
||||
readonly BASEBRANCH=$CI_ALPINE_TARGET
|
||||
readonly TARGET_REPO=$CI_ALPINE_REPO
|
||||
|
||||
get_qubes_release() {
|
||||
case $GITHUB_BASE_REF in
|
||||
r*) echo $GITHUB_BASE_REF;;
|
||||
main) echo r4.3;;
|
||||
esac
|
||||
}
|
||||
|
||||
readonly QUBES_REL=$(get_qubes_release)
|
||||
|
||||
apkgs=$(find package -type f -name "*.apk")
|
||||
|
||||
for apk in $apkgs; do
|
||||
arch=$(echo $apk | awk -F '/' '{print $3}')
|
||||
name=$(echo $apk | awk -F '/' '{print $4}')
|
||||
|
||||
echo "Sending $name of arch $arch to $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL"
|
||||
return=$(curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL 2>&1)
|
||||
echo $return
|
||||
if [ "$return" == "package file already exists" ]; then
|
||||
echo "Package already exists, refreshing..."
|
||||
curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN -X DELETE $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL/$arch/$name
|
||||
curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL
|
||||
fi
|
||||
done
|
||||
|
140
.forgejo/patches/build.patch
Normal file
140
.forgejo/patches/build.patch
Normal file
|
@ -0,0 +1,140 @@
|
|||
diff --git a/usr/local/bin/build.sh.orig b/usr/local/bin/build.sh
|
||||
old mode 100644
|
||||
new mode 100755
|
||||
index c3b8f7a..0b1c9a5
|
||||
--- a/usr/local/bin/build.sh.orig
|
||||
+++ b/usr/local/bin/build.sh
|
||||
@@ -7,13 +7,14 @@
|
||||
set -eu -o pipefail
|
||||
|
||||
readonly APORTSDIR=$CI_PROJECT_DIR
|
||||
-readonly REPOS="main community testing non-free"
|
||||
+readonly REPOS="main community testing"
|
||||
readonly ARCH=$(apk --print-arch)
|
||||
# gitlab variables
|
||||
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
|
||||
|
||||
: "${REPODEST:=$HOME/packages}"
|
||||
-: "${MIRROR:=https://dl-cdn.alpinelinux.org/alpine}"
|
||||
+: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}"
|
||||
+: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
|
||||
: "${MAX_ARTIFACT_SIZE:=300000000}" #300M
|
||||
: "${CI_DEBUG_BUILD:=}"
|
||||
|
||||
@@ -67,13 +68,32 @@ report() {
|
||||
}
|
||||
|
||||
get_release() {
|
||||
+ echo $CI_ALPINE_TARGET
|
||||
+}
|
||||
+
|
||||
+
|
||||
+get_qubes_release() {
|
||||
case $BASEBRANCH in
|
||||
- *-stable) echo v"${BASEBRANCH%-*}";;
|
||||
- master) echo edge;;
|
||||
- *) die "Branch \"$BASEBRANCH\" not supported!"
|
||||
+ r*) echo $BASEBRANCH;;
|
||||
+ main) echo r4.3;;
|
||||
esac
|
||||
}
|
||||
|
||||
+changed_aports() {
|
||||
+ : "${APORTSDIR?APORTSDIR missing}"
|
||||
+ : "${BASEBRANCH?BASEBRANCH missing}"
|
||||
+
|
||||
+ cd "$APORTSDIR"
|
||||
+ local aports
|
||||
+
|
||||
+ aports=$(git diff --name-only --diff-filter=ACMR \
|
||||
+ "$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
|
||||
+
|
||||
+ # shellcheck disable=2086
|
||||
+ ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
|
||||
+}
|
||||
+
|
||||
+
|
||||
build_aport() {
|
||||
local repo="$1" aport="$2"
|
||||
cd "$APORTSDIR/$repo/$aport"
|
||||
@@ -99,13 +119,13 @@ set_repositories_for() {
|
||||
local release
|
||||
|
||||
release=$(get_release)
|
||||
- for repo in $REPOS; do
|
||||
+ for repo in qubes-$(get_qubes_release); do
|
||||
[ "$repo" = "non-free" ] && continue
|
||||
- [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
|
||||
+ [ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue
|
||||
repos="$repos $MIRROR/$release/$repo $REPODEST/$repo"
|
||||
[ "$repo" = "$target_repo" ] && break
|
||||
done
|
||||
- doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
|
||||
+ doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
|
||||
doas apk update
|
||||
}
|
||||
|
||||
@@ -118,7 +138,15 @@ apply_offset_limit() {
|
||||
}
|
||||
|
||||
setup_system() {
|
||||
- doas sh -c "echo $MIRROR/$(get_release)/main > /etc/apk/repositories"
|
||||
+ local repos='' repo=''
|
||||
+ local release
|
||||
+
|
||||
+ release=$(get_release)
|
||||
+ for repo in $REPOS; do
|
||||
+ [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
|
||||
+ repos="$repos $ALPINE_MIRROR/$release/$repo"
|
||||
+ done
|
||||
+ doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
|
||||
doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system"
|
||||
abuild-keygen -ain
|
||||
doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
|
||||
@@ -192,32 +220,22 @@ section_end setup
|
||||
build_start=$CI_ALPINE_BUILD_OFFSET
|
||||
build_limit=$CI_ALPINE_BUILD_LIMIT
|
||||
|
||||
-for repo in $(changed_repos); do
|
||||
- set_repositories_for "$repo"
|
||||
- built_aports=0
|
||||
- changed_aports_in_repo=$(changed_aports "$repo")
|
||||
- changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
|
||||
- changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
|
||||
+set_repositories_for $(get_qubes_release)
|
||||
+built_aports=0
|
||||
+changed_aports_in_repo=$(changed_aports $BASEBRANCH)
|
||||
+changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
|
||||
+changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
|
||||
|
||||
- msg "Changed aports in $repo:"
|
||||
- # shellcheck disable=SC2086 # Splitting is expected here
|
||||
- printf " - %s\n" $changed_aports_to_build
|
||||
- for pkgname in $changed_aports_to_build; do
|
||||
- section_start "build_$pkgname" "Building package $pkgname"
|
||||
- built_aports=$((built_aports+1))
|
||||
- if check_aport "$repo" "$pkgname"; then
|
||||
- build_aport "$repo" "$pkgname"
|
||||
- fi
|
||||
- section_end "build_$pkgname"
|
||||
- done
|
||||
-
|
||||
- build_start=$((build_start-(changed_aports_in_repo_count-built_aports)))
|
||||
- build_limit=$((build_limit-built_aports))
|
||||
-
|
||||
- if [ $build_limit -le 0 ]; then
|
||||
- msg "Limit reached, breaking"
|
||||
- break
|
||||
+msg "Changed aports:"
|
||||
+# shellcheck disable=SC2086 # Splitting is expected here
|
||||
+printf " - %s\n" $changed_aports_to_build
|
||||
+for pkgname in $changed_aports_to_build; do
|
||||
+ section_start "build_$pkgname" "Building package $pkgname"
|
||||
+ built_aports=$((built_aports+1))
|
||||
+ if check_aport . "$pkgname"; then
|
||||
+ build_aport . "$pkgname"
|
||||
fi
|
||||
+ section_end "build_$pkgname"
|
||||
done
|
||||
|
||||
section_start artifacts "Handeling artifacts" collapse
|
54
.forgejo/workflows/build-edge.yaml
Normal file
54
.forgejo/workflows/build-edge.yaml
Normal file
|
@ -0,0 +1,54 @@
|
|||
on:
|
||||
pull_request:
|
||||
types: [ assigned, opened, synchronize, reopened ]
|
||||
|
||||
jobs:
|
||||
build-edge:
|
||||
runs-on: x86_64
|
||||
container:
|
||||
image: alpinelinux/alpine-gitlab-ci:latest
|
||||
env:
|
||||
CI_PROJECT_DIR: ${{ github.workspace }}
|
||||
CI_DEBUG_BUILD: ${{ runner.debug }}
|
||||
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
|
||||
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
|
||||
CI_ALPINE_TARGET: edge
|
||||
steps:
|
||||
- name: Environment setup
|
||||
run: |
|
||||
doas apk add nodejs git patch curl
|
||||
cd /etc/apk/keys
|
||||
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
|
||||
- name: Repo pull
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 500
|
||||
- name: Package build
|
||||
run: |
|
||||
doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
|
||||
build.sh
|
||||
- name: Package upload
|
||||
uses: forgejo/upload-artifact@v3
|
||||
with:
|
||||
name: package
|
||||
path: packages
|
||||
|
||||
deploy-edge:
|
||||
needs: [build-edge]
|
||||
runs-on: x86_64
|
||||
container:
|
||||
image: alpine:latest
|
||||
env:
|
||||
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
|
||||
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
|
||||
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
|
||||
CI_ALPINE_TARGET: edge
|
||||
steps:
|
||||
- name: Setting up environment
|
||||
run: apk add nodejs curl findutils git gawk
|
||||
- name: Repo pull
|
||||
uses: actions/checkout@v4
|
||||
- name: Package download
|
||||
uses: forgejo/download-artifact@v3
|
||||
- name: Package deployment
|
||||
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh
|
54
.forgejo/workflows/build-v3.19.yaml
Normal file
54
.forgejo/workflows/build-v3.19.yaml
Normal file
|
@ -0,0 +1,54 @@
|
|||
on:
|
||||
pull_request:
|
||||
types: [ assigned, opened, synchronize, reopened ]
|
||||
|
||||
jobs:
|
||||
build-v3.19:
|
||||
runs-on: x86_64
|
||||
container:
|
||||
image: alpinelinux/alpine-gitlab-ci:latest
|
||||
env:
|
||||
CI_PROJECT_DIR: ${{ github.workspace }}
|
||||
CI_DEBUG_BUILD: ${{ runner.debug }}
|
||||
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
|
||||
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
|
||||
CI_ALPINE_TARGET: v3.19
|
||||
steps:
|
||||
- name: Environment setup
|
||||
run: |
|
||||
doas apk add nodejs git patch curl
|
||||
cd /etc/apk/keys
|
||||
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
|
||||
- name: Repo pull
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 500
|
||||
- name: Package build
|
||||
run: |
|
||||
doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
|
||||
build.sh
|
||||
- name: Package upload
|
||||
uses: forgejo/upload-artifact@v3
|
||||
with:
|
||||
name: package
|
||||
path: packages
|
||||
|
||||
deploy-v3.19:
|
||||
needs: [build-v3.19]
|
||||
runs-on: x86_64
|
||||
container:
|
||||
image: alpine:latest
|
||||
env:
|
||||
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
|
||||
CI_ALPINE_TARGET: v3.19
|
||||
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
|
||||
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
|
||||
steps:
|
||||
- name: Setting up environment
|
||||
run: apk add nodejs curl findutils git gawk
|
||||
- name: Repo pull
|
||||
uses: actions/checkout@v4
|
||||
- name: Package download
|
||||
uses: forgejo/download-artifact@v3
|
||||
- name: Package deployment
|
||||
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh
|
54
.forgejo/workflows/build-v3.20.yaml
Normal file
54
.forgejo/workflows/build-v3.20.yaml
Normal file
|
@ -0,0 +1,54 @@
|
|||
on:
|
||||
pull_request:
|
||||
types: [ assigned, opened, synchronize, reopened ]
|
||||
|
||||
jobs:
|
||||
build-v3.20:
|
||||
runs-on: x86_64
|
||||
container:
|
||||
image: alpinelinux/alpine-gitlab-ci:latest
|
||||
env:
|
||||
CI_PROJECT_DIR: ${{ github.workspace }}
|
||||
CI_DEBUG_BUILD: ${{ runner.debug }}
|
||||
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
|
||||
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
|
||||
CI_ALPINE_TARGET: v3.20
|
||||
steps:
|
||||
- name: Environment setup
|
||||
run: |
|
||||
doas apk add nodejs git patch curl
|
||||
cd /etc/apk/keys
|
||||
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
|
||||
- name: Repo pull
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 500
|
||||
- name: Package build
|
||||
run: |
|
||||
doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
|
||||
build.sh
|
||||
- name: Package upload
|
||||
uses: forgejo/upload-artifact@v3
|
||||
with:
|
||||
name: package
|
||||
path: packages
|
||||
|
||||
deploy-v3.20:
|
||||
needs: [build-v3.20]
|
||||
runs-on: x86_64
|
||||
container:
|
||||
image: alpine:latest
|
||||
env:
|
||||
CI_ALPINE_TARGET: v3.20
|
||||
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
|
||||
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
|
||||
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
|
||||
steps:
|
||||
- name: Setting up environment
|
||||
run: apk add nodejs curl findutils git gawk
|
||||
- name: Repo pull
|
||||
uses: actions/checkout@v4
|
||||
- name: Package download
|
||||
uses: forgejo/download-artifact@v3
|
||||
- name: Package deployment
|
||||
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh
|
21
.forgejo/workflows/lint.yaml
Normal file
21
.forgejo/workflows/lint.yaml
Normal file
|
@ -0,0 +1,21 @@
|
|||
on:
|
||||
pull_request:
|
||||
types: [ assigned, opened, synchronize, reopened ]
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
run-name: lint
|
||||
runs-on: x86_64
|
||||
container:
|
||||
image: alpinelinux/apkbuild-lint-tools:latest
|
||||
env:
|
||||
CI_PROJECT_DIR: ${{ github.workspace }}
|
||||
CI_DEBUG_BUILD: ${{ runner.debug }}
|
||||
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
|
||||
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
|
||||
steps:
|
||||
- run: doas apk add nodejs git
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 500
|
||||
- run: lint
|
|
@ -1,67 +0,0 @@
|
|||
stages:
|
||||
- verify
|
||||
- build
|
||||
- deploy
|
||||
|
||||
variables:
|
||||
GIT_STRATEGY: clone
|
||||
GIT_DEPTH: "500"
|
||||
|
||||
lint:
|
||||
stage: verify
|
||||
interruptible: true
|
||||
script:
|
||||
- |
|
||||
sudo apk add shellcheck atools sudo abuild
|
||||
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
|
||||
lint
|
||||
allow_failure: true
|
||||
only:
|
||||
- merge_requests
|
||||
tags:
|
||||
- apk-v3.18-x86_64
|
||||
|
||||
.build:
|
||||
stage: build
|
||||
interruptible: true
|
||||
script:
|
||||
- |
|
||||
sudo apk add alpine-sdk lua-aports sudo
|
||||
sudo addgroup $USER abuild
|
||||
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
|
||||
sudo -Eu $USER build.sh
|
||||
artifacts:
|
||||
paths:
|
||||
- packages/
|
||||
- keys/
|
||||
- logs/
|
||||
expire_in: 7 days
|
||||
only:
|
||||
- merge_requests
|
||||
|
||||
build-v3.18:
|
||||
extends: .build
|
||||
when: always
|
||||
tags:
|
||||
- apk-v3.18-x86_64
|
||||
|
||||
build-v3.17:
|
||||
extends: .build
|
||||
when: manual
|
||||
tags:
|
||||
- apk-v3.17-x86_64
|
||||
|
||||
push:
|
||||
interruptible: true
|
||||
stage: deploy
|
||||
script:
|
||||
- |
|
||||
sudo apk add abuild git-lfs findutils
|
||||
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
|
||||
push.sh
|
||||
rules:
|
||||
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||
when: manual
|
||||
tags:
|
||||
- repo
|
||||
|
|
@ -1,111 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
arch=
|
||||
builddir=
|
||||
checkdepends=
|
||||
depends=
|
||||
depends_dev=
|
||||
depends_doc=
|
||||
depends_libs=
|
||||
depends_openrc=
|
||||
depends_static=
|
||||
install=
|
||||
install_if=
|
||||
langdir=
|
||||
ldpath=
|
||||
license=
|
||||
makedepends=
|
||||
makedepends_build=
|
||||
makedepends_host=
|
||||
md5sums=
|
||||
options=
|
||||
patch_args=
|
||||
pkgbasedir=
|
||||
pkgdesc=
|
||||
pkgdir=
|
||||
pkgname=
|
||||
pkgrel=
|
||||
pkgver=
|
||||
pkggroups=
|
||||
pkgusers=
|
||||
provides=
|
||||
provider_priority=
|
||||
replaces=
|
||||
sha256sums=
|
||||
sha512sums=
|
||||
sonameprefix=
|
||||
source=
|
||||
srcdir=
|
||||
startdir=
|
||||
subpackages=
|
||||
subpkgdir=
|
||||
subpkgname=
|
||||
triggers=
|
||||
url=
|
||||
|
||||
# abuild.conf
|
||||
|
||||
CFLAGS=
|
||||
CXXFLAGS=
|
||||
CPPFLAGS=
|
||||
LDFLAGS=
|
||||
JOBS=
|
||||
MAKEFLAGS=
|
||||
CMAKE_CROSSOPTS=
|
||||
|
||||
. ./APKBUILD
|
||||
|
||||
: "$arch"
|
||||
: "$builddir"
|
||||
: "$checkdepends"
|
||||
: "$depends"
|
||||
: "$depends_dev"
|
||||
: "$depends_doc"
|
||||
: "$depends_libs"
|
||||
: "$depends_openrc"
|
||||
: "$depends_static"
|
||||
: "$install"
|
||||
: "$install_if"
|
||||
: "$langdir"
|
||||
: "$ldpath"
|
||||
: "$license"
|
||||
: "$makedepends"
|
||||
: "$makedepends_build"
|
||||
: "$makedepends_host"
|
||||
: "$md5sums"
|
||||
: "$options"
|
||||
: "$patch_args"
|
||||
: "$pkgbasedir"
|
||||
: "$pkgdesc"
|
||||
: "$pkgdir"
|
||||
: "$pkgname"
|
||||
: "$pkgrel"
|
||||
: "$pkgver"
|
||||
: "$pkggroups"
|
||||
: "$pkgusers"
|
||||
: "$provides"
|
||||
: "$provider_priority"
|
||||
: "$replaces"
|
||||
: "$sha256sums"
|
||||
: "$sha512sums"
|
||||
: "$sonameprefix"
|
||||
: "$source"
|
||||
: "$srcdir"
|
||||
: "$startdir"
|
||||
: "$subpackages"
|
||||
: "$subpkgdir"
|
||||
: "$subpkgname"
|
||||
: "$triggers"
|
||||
: "$url"
|
||||
|
||||
# abuild.conf
|
||||
|
||||
: "$CFLAGS"
|
||||
: "$CXXFLAGS"
|
||||
: "$CPPFLAGS"
|
||||
: "$LDFLAGS"
|
||||
: "$JOBS"
|
||||
: "$MAKEFLAGS"
|
||||
: "$CMAKE_CROSSOPTS"
|
|
@ -1,16 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
shellcheck -s ash \
|
||||
-e SC3043 \
|
||||
-e SC3057 \
|
||||
-e SC3060 \
|
||||
-e SC2016 \
|
||||
-e SC2086 \
|
||||
-e SC2169 \
|
||||
-e SC2155 \
|
||||
-e SC2100 \
|
||||
-e SC2209 \
|
||||
-e SC2030 \
|
||||
-e SC2031 \
|
||||
-e SC1090 \
|
||||
-xa $CI_PROJECT_DIR/.gitlab/bin/APKBUILD_SHIM
|
|
@ -1,269 +0,0 @@
|
|||
#!/bin/sh
|
||||
# shellcheck disable=SC3043
|
||||
|
||||
. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
|
||||
|
||||
# shellcheck disable=SC3040
|
||||
set -eu -o pipefail
|
||||
|
||||
readonly APORTSDIR=$CI_PROJECT_DIR
|
||||
readonly REPOS="qubes/r4.1"
|
||||
readonly ALPINE_REPOS="main community testing"
|
||||
readonly ARCH=$(apk --print-arch)
|
||||
# gitlab variables
|
||||
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
|
||||
|
||||
: "${REPODEST:=$HOME/packages}"
|
||||
: "${MIRROR:=https://lab.ilot.io/ayakael/repo-apk/-/raw}"
|
||||
: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
|
||||
: "${MAX_ARTIFACT_SIZE:=300000000}" #300M
|
||||
: "${CI_DEBUG_BUILD:=}"
|
||||
|
||||
: "${CI_ALPINE_BUILD_OFFSET:=0}"
|
||||
: "${CI_ALPINE_BUILD_LIMIT:=9999}"
|
||||
: "${CI_ALPINE_TARGET_ARCH:=$(uname -m)}"
|
||||
|
||||
msg() {
|
||||
local color=${2:-green}
|
||||
case "$color" in
|
||||
red) color="31";;
|
||||
green) color="32";;
|
||||
yellow) color="33";;
|
||||
blue) color="34";;
|
||||
*) color="32";;
|
||||
esac
|
||||
printf "\033[1;%sm>>>\033[1;0m %s\n" "$color" "$1" | xargs >&2
|
||||
}
|
||||
|
||||
verbose() {
|
||||
echo "> " "$@"
|
||||
# shellcheck disable=SC2068
|
||||
$@
|
||||
}
|
||||
|
||||
debugging() {
|
||||
[ -n "$CI_DEBUG_BUILD" ]
|
||||
}
|
||||
|
||||
debug() {
|
||||
if debugging; then
|
||||
verbose "$@"
|
||||
fi
|
||||
}
|
||||
|
||||
die() {
|
||||
msg "$1" red
|
||||
exit 1
|
||||
}
|
||||
|
||||
capture_stderr() {
|
||||
"$@" 2>&1
|
||||
}
|
||||
|
||||
report() {
|
||||
report=$1
|
||||
|
||||
reportsdir=$APORTSDIR/logs/
|
||||
mkdir -p "$reportsdir"
|
||||
|
||||
tee -a "$reportsdir/$report.log"
|
||||
}
|
||||
|
||||
get_release() {
|
||||
local RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}')
|
||||
case $RELEASE in
|
||||
v*) echo "${RELEASE%-*}";;
|
||||
edge) echo edge;;
|
||||
*) die "Branch \"$RELEASE\" not supported!"
|
||||
esac
|
||||
}
|
||||
|
||||
get_qubes_release() {
|
||||
case $BASEBRANCH in
|
||||
r*) echo $BASEBRANCH;;
|
||||
master) echo r4.2;;
|
||||
*) die "Branch \"$BASEBRANCH\" not supported!"
|
||||
esac
|
||||
}
|
||||
|
||||
build_aport() {
|
||||
local repo="$1" aport="$2"
|
||||
cd "$APORTSDIR/$aport"
|
||||
if abuild -r 2>&1 | report "build-$aport"; then
|
||||
checkapk | report "checkapk-$aport" || true
|
||||
aport_ok="$aport_ok $aport"
|
||||
else
|
||||
aport_ng="$aport_ng $aport"
|
||||
fi
|
||||
}
|
||||
|
||||
check_aport() {
|
||||
local repo="$1" aport="$2"
|
||||
cd "$APORTSDIR/$aport"
|
||||
if ! abuild check_arch 2>/dev/null; then
|
||||
aport_na="$aport_na $aport"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
set_repositories_for() {
|
||||
local target_repo="$1" repos='' repo=''
|
||||
local release
|
||||
|
||||
release=$(get_release)
|
||||
repos="$MIRROR/$release/qubes/$target_repo $REPODEST/qubes-aports"
|
||||
sudo sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
|
||||
sudo apk update || true
|
||||
}
|
||||
|
||||
apply_offset_limit() {
|
||||
start=$1
|
||||
limit=$2
|
||||
end=$((start+limit))
|
||||
|
||||
sed -n "$((start+1)),${end}p"
|
||||
}
|
||||
|
||||
setup_system() {
|
||||
local repos='' repo=''
|
||||
local release
|
||||
|
||||
release=$(get_release)
|
||||
for repo in $ALPINE_REPOS; do
|
||||
[ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
|
||||
repos="$repos $ALPINE_MIRROR/$release/$repo"
|
||||
done
|
||||
repos="$repos $MIRROR/$release/cross"
|
||||
sudo sh -c "printf '%s\n' $repos > /etc/apk/repositories"
|
||||
sudo apk -U upgrade -a || sudo apk fix || die "Failed to up/downgrade system"
|
||||
gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
|
||||
gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
|
||||
chmod 700 $HOME/.abuild/$ABUILD_KEY_NAME.rsa
|
||||
echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" >> $HOME/.abuild/abuild.conf
|
||||
sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/$ABUILD_KEY_NAME.rsa.pub
|
||||
|
||||
sudo sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
|
||||
( . /etc/abuild.conf && echo "Building with $JOBS jobs" )
|
||||
mkdir -p "$REPODEST"
|
||||
git config --global init.defaultBranch master
|
||||
}
|
||||
|
||||
sysinfo() {
|
||||
printf ">>> Host system information (arch: %s, release: %s) <<<\n" "$ARCH" "$(get_release)"
|
||||
printf "- Number of Cores: %s\n" "$(nproc)"
|
||||
printf "- Memory: %s Gb\n" "$(awk '/^MemTotal/ {print ($2/1024/1024)}' /proc/meminfo)"
|
||||
printf "- Free space: %s\n" "$(df -hP / | awk '/\/$/ {print $4}')"
|
||||
}
|
||||
|
||||
copy_artifacts() {
|
||||
cd "$APORTSDIR"
|
||||
|
||||
packages_size="$(du -sk "$REPODEST" | awk '{print $1 * 1024}')"
|
||||
if [ -z "$packages_size" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
echo "Artifact size: $packages_size bytes"
|
||||
|
||||
mkdir -p keys/ packages/
|
||||
|
||||
if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then
|
||||
msg "Copying packages for artifact upload"
|
||||
cp -ar "$REPODEST"/* packages/ 2>/dev/null
|
||||
cp ~/.abuild/*.rsa.pub keys/
|
||||
else
|
||||
msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow
|
||||
fi
|
||||
}
|
||||
|
||||
section_start setup "Setting up the system" collapse
|
||||
|
||||
if debugging; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
aport_ok=
|
||||
aport_na=
|
||||
aport_ng=
|
||||
failed=
|
||||
|
||||
sysinfo || true
|
||||
setup_system || die "Failed to setup system"
|
||||
|
||||
# git no longer allows to execute in repositories owned by different users
|
||||
sudo chown -R $USER: .
|
||||
|
||||
fetch_flags="-qn"
|
||||
debugging && fetch_flags="-v"
|
||||
|
||||
git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
|
||||
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
|
||||
|
||||
if debugging; then
|
||||
merge_base=$(git merge-base "$BASEBRANCH" HEAD) || echo "Could not determine merge-base"
|
||||
echo "Merge base: $merge_base"
|
||||
git --version
|
||||
git config -l
|
||||
[ -n "$merge_base" ] && git tag -f merge-base "$merge_base"
|
||||
git --no-pager log -200 --oneline --graph --decorate --all
|
||||
fi
|
||||
|
||||
section_end setup
|
||||
|
||||
build_start=$CI_ALPINE_BUILD_OFFSET
|
||||
build_limit=$CI_ALPINE_BUILD_LIMIT
|
||||
|
||||
mkdir -p "$APORTSDIR"/logs "$APORTSDIR"/packages "$APORTSDIR"/keys
|
||||
set_repositories_for $(get_qubes_release)
|
||||
built_aports=0
|
||||
changed_aports_in_repo=$(changed_aports $BASEBRANCH)
|
||||
changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
|
||||
changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
|
||||
|
||||
msg "Changed aports:"
|
||||
# shellcheck disable=SC2086 # Splitting is expected here
|
||||
printf " - %s\n" $changed_aports_to_build
|
||||
for pkgname in $changed_aports_to_build; do
|
||||
section_start "build_$pkgname" "Building package $pkgname"
|
||||
built_aports=$((built_aports+1))
|
||||
if check_aport qubes-aports "$pkgname"; then
|
||||
build_aport qubes-aports "$pkgname"
|
||||
fi
|
||||
section_end "build_$pkgname"
|
||||
done
|
||||
|
||||
build_start=$((build_start-(changed_aports_in_repo_count-built_aports)))
|
||||
build_limit=$((build_limit-built_aports))
|
||||
|
||||
if [ $build_limit -le 0 ]; then
|
||||
msg "Limit reached, breaking"
|
||||
break
|
||||
fi
|
||||
|
||||
section_start artifacts "Handeling artifacts" collapse
|
||||
copy_artifacts || true
|
||||
section_end artifacts
|
||||
|
||||
section_start summary "Build summary"
|
||||
|
||||
echo "### Build summary ###"
|
||||
|
||||
for ok in $aport_ok; do
|
||||
msg "$ok: build succesfully"
|
||||
done
|
||||
|
||||
for na in $aport_na; do
|
||||
msg "$na: disabled for $CI_ALPINE_TARGET_ARCH" yellow
|
||||
done
|
||||
|
||||
for ng in $aport_ng; do
|
||||
msg "$ng: build failed" red
|
||||
failed=true
|
||||
done
|
||||
section_end summary
|
||||
|
||||
if [ "$failed" = true ]; then
|
||||
exit 1
|
||||
elif [ -z "$aport_ok" ]; then
|
||||
msg "No packages found to be built." yellow
|
||||
fi
|
|
@ -1,20 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [ $# -lt 1 ]; then
|
||||
echo "Usage: $0 <basebranch>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
|
||||
echo "Fatal: not inside a git repository"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
basebranch=$1
|
||||
|
||||
if ! git rev-parse --verify --quiet $basebranch >/dev/null; then
|
||||
# The base branch does not eixst, probably due to a shallow clone
|
||||
git fetch -v $CI_MERGE_REQUEST_PROJECT_URL.git +refs/heads/$basebranch:refs/heads/$basebranch
|
||||
fi
|
||||
|
||||
git --no-pager diff --diff-filter=ACMR --name-only $basebranch...HEAD -- "*/APKBUILD" | xargs -r -n1 dirname
|
|
@ -1,63 +0,0 @@
|
|||
# shellcheck disable=SC3043
|
||||
|
||||
:
|
||||
|
||||
# shellcheck disable=SC3040
|
||||
set -eu -o pipefail
|
||||
|
||||
changed_aports() {
|
||||
: "${APORTSDIR?APORTSDIR missing}"
|
||||
: "${BASEBRANCH?BASEBRANCH missing}"
|
||||
|
||||
cd "$APORTSDIR"
|
||||
local repo="$1"
|
||||
local aports
|
||||
|
||||
aports=$(git diff --name-only --diff-filter=ACMR \
|
||||
"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
|
||||
|
||||
# shellcheck disable=2086
|
||||
ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
|
||||
}
|
||||
|
||||
section_start() {
|
||||
name=${1?arg 1 name missing}
|
||||
header=${2?arg 2 header missing}
|
||||
collapsed=$2
|
||||
timestamp=$(date +%s)
|
||||
|
||||
options=""
|
||||
case $collapsed in
|
||||
yes|on|collapsed|true) options="[collapsed=true]";;
|
||||
esac
|
||||
|
||||
printf "\e[0Ksection_start:%d:%s%s\r\e[0K%s\n" "$timestamp" "$name" "$options" "$header"
|
||||
}
|
||||
|
||||
section_end() {
|
||||
name=$1
|
||||
timestamp=$(date +%s)
|
||||
|
||||
printf "\e[0Ksection_end:%d:%s\r\e[0K" "$timestamp" "$name"
|
||||
}
|
||||
|
||||
gitlab_key_to_rsa() {
|
||||
KEY=$1
|
||||
TYPE=$2
|
||||
TGT=$3
|
||||
TGT_DIR=${TGT%/*}
|
||||
if [ "$TGT" == "$TGT_DIR" ]; then
|
||||
TGT_DIR="./"
|
||||
fi
|
||||
if [ ! -d "$TGT_DIR" ]; then
|
||||
mkdir -p "$TGT_DIR"
|
||||
fi
|
||||
case $TYPE in
|
||||
rsa-public) local type="PUBLIC";;
|
||||
rsa-private) local type="RSA PRIVATE";;
|
||||
esac
|
||||
echo "-----BEGIN $type KEY-----" > "$TGT"
|
||||
echo $1 | sed 's/.\{64\}/&\
|
||||
/g' >> "$TGT"
|
||||
echo "-----END $type KEY-----" >> "$TGT"
|
||||
}
|
|
@ -1,96 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
BLUE="\e[34m"
|
||||
MAGENTA="\e[35m"
|
||||
RESET="\e[0m"
|
||||
|
||||
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
|
||||
|
||||
verbose() {
|
||||
echo "> " "$@"
|
||||
# shellcheck disable=SC2068
|
||||
$@
|
||||
}
|
||||
|
||||
debugging() {
|
||||
[ -n "$CI_DEBUG_BUILD" ]
|
||||
}
|
||||
|
||||
debug() {
|
||||
if debugging; then
|
||||
verbose "$@"
|
||||
fi
|
||||
}
|
||||
|
||||
# git no longer allows to execute in repositories owned by different users
|
||||
sudo chown -R gitlab-runner: .
|
||||
|
||||
fetch_flags="-qn"
|
||||
debugging && fetch_flags="-v"
|
||||
|
||||
git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
|
||||
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
|
||||
|
||||
if debugging; then
|
||||
merge_base=$(git merge-base "$BASEBRANCH" HEAD)
|
||||
echo "$merge_base"
|
||||
git --version
|
||||
git config -l
|
||||
git tag merge-base "$merge_base" || { echo "Could not determine merge-base"; exit 50; }
|
||||
git log --oneline --graph --decorate --all
|
||||
fi
|
||||
|
||||
has_problems=0
|
||||
|
||||
for PKG in $(changed-aports "$BASEBRANCH"); do
|
||||
printf "$BLUE==>$RESET Linting $PKG\n"
|
||||
|
||||
(
|
||||
cd "$PKG"
|
||||
|
||||
repo=$(basename $(dirname $PKG));
|
||||
|
||||
if [ "$repo" == "backports" ]; then
|
||||
echo "Skipping $PKG as backports (we don't care)"
|
||||
continue
|
||||
fi
|
||||
|
||||
printf "\n\n"
|
||||
printf "$BLUE"
|
||||
printf '======================================================\n'
|
||||
printf " parse APKBUILD:\n"
|
||||
printf '======================================================'
|
||||
printf "$RESET\n\n"
|
||||
( . ./APKBUILD ) || has_problems=1
|
||||
|
||||
printf "\n\n"
|
||||
printf "$BLUE"
|
||||
printf '======================================================\n'
|
||||
printf " abuild sanitycheck:\n"
|
||||
printf '======================================================'
|
||||
printf "$RESET\n\n"
|
||||
abuild sanitycheck || has_problems=1
|
||||
|
||||
printf "\n\n"
|
||||
printf "$BLUE"
|
||||
printf '======================================================\n'
|
||||
printf " apkbuild-shellcheck:\n"
|
||||
printf '======================================================'
|
||||
printf "$RESET\n"
|
||||
apkbuild-shellcheck || has_problems=1
|
||||
|
||||
printf "\n\n"
|
||||
printf "$BLUE"
|
||||
printf '======================================================\n'
|
||||
printf " apkbuild-lint:\n"
|
||||
printf '======================================================'
|
||||
printf "$RESET\n\n"
|
||||
apkbuild-lint APKBUILD || has_problems=1
|
||||
|
||||
return $has_problems
|
||||
) || has_problems=1
|
||||
|
||||
echo
|
||||
done
|
||||
|
||||
exit $has_problems
|
|
@ -1,64 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
# shellcheck disable=SC3043
|
||||
|
||||
. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
|
||||
|
||||
# shellcheck disable=SC3040
|
||||
set -eu -o pipefail
|
||||
|
||||
readonly APORTSDIR=$CI_PROJECT_DIR
|
||||
readonly REPOS="backports user"
|
||||
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
|
||||
|
||||
ALPINE_RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}')
|
||||
|
||||
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
|
||||
|
||||
gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
|
||||
gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
|
||||
gitlab_key_to_rsa $SSH_KEY rsa-private $HOME/.ssh/id_rsa
|
||||
chmod 700 "$HOME"/.ssh/id_rsa
|
||||
chmod 700 "$HOME"/.abuild/$ABUILD_KEY_NAME.rsa
|
||||
|
||||
echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" > $HOME/.abuild/abuild.conf
|
||||
echo "REPODEST=$HOME/repo-apk/qubes" >> $HOME/.abuild/abuild.conf
|
||||
sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/.
|
||||
|
||||
if [ -d $HOME/repo-apk ]; then
|
||||
git -C $HOME/repo-apk fetch
|
||||
git -C $HOME/repo-apk checkout $ALPINE_RELEASE
|
||||
git -C $HOME/repo-apk pull --rebase
|
||||
else
|
||||
git clone git@lab.ilot.io:ayakael/repo-apk -b $ALPINE_RELEASE $HOME/repo-apk
|
||||
fi
|
||||
|
||||
get_qubes_release() {
|
||||
case $BASEBRANCH in
|
||||
r*) echo $BASEBRANCH;;
|
||||
master) echo r4.2;;
|
||||
*) die "Branch \"$BASEBRANCH\" not supported!"
|
||||
esac
|
||||
}
|
||||
|
||||
QUBES_REL=$(get_qubes_release)
|
||||
|
||||
for i in $(find packages -type f -name "*.apk"); do
|
||||
install -vDm644 $i ${i/packages\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL}
|
||||
done
|
||||
|
||||
fetch_flags="-qn"
|
||||
git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
|
||||
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
|
||||
|
||||
rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true
|
||||
mkdir -p qubes/$QUBES_REL/DUMMY
|
||||
echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD
|
||||
cd qubes/$QUBES_REL/DUMMY
|
||||
abuild index
|
||||
cd "$CI_PROJECT_DIR"
|
||||
rm -R qubes/$QUBES_REL/DUMMY
|
||||
|
||||
git -C $HOME/repo-apk add .
|
||||
git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE"
|
||||
git -C $HOME/repo-apk push
|
70
README.md
Normal file
70
README.md
Normal file
|
@ -0,0 +1,70 @@
|
|||
# qports
|
||||
Upstream: https://ayakael.net/forge/qports
|
||||
|
||||
## Description
|
||||
|
||||
This repository contains aports that allow Alpine Linux to be used as an Alpine
|
||||
Linux template. The upstream repo uses GitLab's CI to build and deploy packages
|
||||
targetting multiple Alpine Linux versions. QubesOS releases are tracked using
|
||||
branches.
|
||||
|
||||
#### Template builder
|
||||
The template builder is housed in its [own repo](https://ayakael.net/forge/qubes-builder-alpine)
|
||||
RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate
|
||||
installation of your very own Alpine Linux template on QubesOS.
|
||||
|
||||
#### Provided packages
|
||||
|
||||
Use `abuild-r` to build the following packages.
|
||||
For more information on how to build an Alpine Package, read [this](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package)
|
||||
|
||||
Core VM packages
|
||||
* qubes-vm-xen - Qubes's version of xen
|
||||
* qubes-libvchan-xen - libvchan library dependency
|
||||
* qubes-db-vm - qubes-db package
|
||||
* qubes-vm-utils - qubes-meminfo-writer service package
|
||||
* qubes-vm-core - Core init.d / qubes scripts
|
||||
* qubes-vm-gui-dev - Library dependencies for `qubes-vm-gui`
|
||||
* qubes-vm-gui - GUI agent
|
||||
* qubes-vm-qrexec - qrexec agent
|
||||
* qubes-gpg-split
|
||||
* qubes-usb-proxy
|
||||
* qubes-meta-packages - Meta package that pulls everything when added to world
|
||||
|
||||
Extra packages
|
||||
* qubes-pass - Aport for Rudd-O's inter-VM password manager for Qubes OS
|
||||
|
||||
Omitted packages
|
||||
* qubes-vmm-xen - The default Alpine xen package seems to provide the necessary modules
|
||||
|
||||
## How to use
|
||||
|
||||
Built packages are made available on a Forgejo-based Alpine repo for you convenience. You can follow these steps to use them:
|
||||
|
||||
Add security key of the apk repository to your /etc/apk/keys:
|
||||
|
||||
```shell
|
||||
cd /etc/apk/keys
|
||||
curl -JO https://ayakael.net/api/packages/forge/alpine/key
|
||||
```
|
||||
Add repository to `/etc/apk/repositories`:
|
||||
|
||||
```shell
|
||||
echo "https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.1" > /etc/apk/repositories
|
||||
```
|
||||
|
||||
|
||||
#### Known issues
|
||||
Known issues are currently being tracked in [qubes-builder-alpine](https://ayakael.net/forge/qubes-builder-alpine/issues)
|
||||
|
||||
#### Issues, recommendations and proposals
|
||||
**To report an issue or share a recommendation**
|
||||
|
||||
Go [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports/-/issues)
|
||||
|
||||
**To make a merge request**
|
||||
* Fork the repo from Alpine's GitLab [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports)
|
||||
* Clone your fork locally. (`git clone $repo`)
|
||||
* Make a branch with a descriptive name (`git checkout -b $descriptivename`)
|
||||
* Make the changes you want to see in the world, commit, and push to the GitLab's remote repo
|
||||
* Request a merge [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports/-/merge_requests)
|
|
@ -1,10 +1,9 @@
|
|||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
|
||||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
pkgname=qubes-db-vm
|
||||
subpackages="$pkgname-openrc"
|
||||
pkgver=4.1.17
|
||||
pkgrel=0
|
||||
pkgrel=4
|
||||
_gittag="v$pkgver"
|
||||
pkgdesc="QubesDB libs and daemon service."
|
||||
arch="x86_64"
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
|
||||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
pkgname=qubes-gpg-split
|
||||
subpackages="$pkgname-doc"
|
||||
pkgver=2.0.69
|
||||
pkgver=2.0.70
|
||||
_gittag="v$pkgver"
|
||||
pkgrel=0
|
||||
pkgrel=1
|
||||
pkgdesc="Used Qubes AppVM as a “smart card”"
|
||||
arch="x86_64"
|
||||
url="https://github.com/QubesOS/qubes-app-linux-split-gpg"
|
||||
|
@ -35,5 +34,5 @@ package() {
|
|||
rm -r "$pkgdir/var/run"
|
||||
}
|
||||
sha512sums="
|
||||
e20b4303934d41d537f4efd3d2811802b5f5c86ac97beb1169d5c302dd150b56a3f6ca5c61788ad5cd8731747aa4f91b79806bf863df427603ba6aebab27448b qubes-gpg-split-v2.0.69.tar.gz
|
||||
a38ca61433c16168f44ef458f9fbc7eb37712f6edfb2bde7af7e08c6d98907e2038335ccda402b97a7940286af58be197a0bea3a20f5843b292766c7277a8350 qubes-gpg-split-v2.0.70.tar.gz
|
||||
"
|
||||
|
|
|
@ -0,0 +1,61 @@
|
|||
From 8c4c3807119f27957e6c7f87d505d66d0ea4c3d0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
|
||||
<marmarek@invisiblethingslab.com>
|
||||
Date: Sat, 18 Nov 2023 18:27:28 +0100
|
||||
Subject: [PATCH] Support changed libxenctrl API in Xen 4.18.0
|
||||
|
||||
The xc_domain_getinfo() is gone, it's replaced with
|
||||
xc_domain_getinfo_single. While the new API is a bit nicer, xenctrl.h
|
||||
does not provide any #define to know which one is available. Check
|
||||
library version in the makefile for that.
|
||||
---
|
||||
vchan/Makefile.linux | 4 ++++
|
||||
vchan/io.c | 10 ++++++++++
|
||||
2 files changed, 14 insertions(+)
|
||||
|
||||
diff --git a/vchan/Makefile.linux b/vchan/Makefile.linux
|
||||
index 281f2b5..587cb34 100644
|
||||
--- a/vchan/Makefile.linux
|
||||
+++ b/vchan/Makefile.linux
|
||||
@@ -27,6 +27,11 @@ CFLAGS += -g -Wall -Wextra -Werror -fPIC -O2 -D_GNU_SOURCE -D_FORTIFY_SOURCE=2 -
|
||||
all: libvchan-xen.so vchan-xen.pc
|
||||
-include *.dep
|
||||
|
||||
+# xenctrl.h does not provide any #define to distinguish API versions
|
||||
+XENCTRL_VERSION := $(shell pkg-config --modversion xencontrol)
|
||||
+CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \
|
||||
+ sort -CV; then echo -DHAVE_XC_DOMAIN_GETINFO_SINGLE; fi)
|
||||
+
|
||||
libvchan-xen.so : init.o io.o
|
||||
$(CC) $(LDFLAGS) -shared -o libvchan-xen.so $^ -lxenvchan -lxenctrl
|
||||
clean:
|
||||
diff --git a/vchan/io.c b/vchan/io.c
|
||||
index 3d0ed35..0c23223 100644
|
||||
--- a/vchan/io.c
|
||||
+++ b/vchan/io.c
|
||||
@@ -33,14 +33,24 @@
|
||||
/* check if domain is still alive */
|
||||
int libvchan__check_domain_alive(xc_interface *xc_handle, int dom) {
|
||||
struct evtchn_status evst;
|
||||
+#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE
|
||||
+ xc_domaininfo_t dominfo;
|
||||
+#else
|
||||
xc_dominfo_t dominfo;
|
||||
+#endif
|
||||
int ret;
|
||||
|
||||
/* first try using domctl, more reliable but available in a privileged
|
||||
* domain only */
|
||||
+#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE
|
||||
+ ret = xc_domain_getinfo_single(xc_handle, dom, &dominfo);
|
||||
+ if (ret == 0)
|
||||
+ return !(dominfo.flags & XEN_DOMINF_dying);
|
||||
+#else
|
||||
ret = xc_domain_getinfo(xc_handle, dom, 1, &dominfo);
|
||||
if (ret == 1)
|
||||
return dominfo.domid == (uint32_t)dom && !dominfo.dying;
|
||||
+#endif
|
||||
else if (ret == -1 && errno == ESRCH)
|
||||
return 0;
|
||||
/* otherwise fallback to xc_evtchn_status method */
|
||||
|
|
@ -1,20 +1,22 @@
|
|||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
|
||||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
pkgname=qubes-libvchan-xen
|
||||
pkgver=4.1.13
|
||||
pkgrel=1
|
||||
pkgrel=5
|
||||
_gittag=v$pkgver
|
||||
pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM."
|
||||
arch="x86_64"
|
||||
url="https://github.com/QubesOS/qubes-core-vchan-xen"
|
||||
license='GPL'
|
||||
depends="xen"
|
||||
makedepends="xen-dev"
|
||||
makedepends="xen-dev coreutils"
|
||||
builddir="$srcdir"/qubes-core-vchan-xen-$pkgver
|
||||
subpackages="$pkgname-dev"
|
||||
|
||||
source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz"
|
||||
source="
|
||||
$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz
|
||||
39_support-changed-libxenctrl-api-xen418.patch
|
||||
"
|
||||
|
||||
build() {
|
||||
cd "$builddir"/vchan
|
||||
|
@ -27,4 +29,5 @@ package() {
|
|||
|
||||
sha512sums="
|
||||
cefb6b89f75936d791910d2169170536221d3123a1b33a14bea1fc5c08950ce934666719bf08eb3cc86ac055f85e6834f71e21c31189fa7299af09296c3cd99f qubes-libvchan-xen-v4.1.13.tar.gz
|
||||
fedcba617d3843e41f257ff16b0a3108af844184252d4e702df8eccba21a4ef17d62c96acdb87bb4964e783b7f2f026305777be3379e7e7b51f4535a4704b52a 39_support-changed-libxenctrl-api-xen418.patch
|
||||
"
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
|
||||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
pkgname=qubes-meta-packages
|
||||
subpackages="
|
||||
qubes-vm-dependencies
|
||||
|
@ -8,7 +7,7 @@ subpackages="
|
|||
"
|
||||
pkgver=4.1.24
|
||||
_gittag="v$pkgver"
|
||||
pkgrel=0
|
||||
pkgrel=3
|
||||
pkgdesc="Meta packages for Qubes-specific components"
|
||||
arch="noarch"
|
||||
url="https://github.com/QubesOS/qubes-meta-packages"
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
|
||||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
pkgname=qubes-pass
|
||||
pkgver=0.1.0
|
||||
_gittag="v$pkgver"
|
||||
pkgrel=0
|
||||
pkgrel=3
|
||||
pkgdesc="An inter-VM password manager for Qubes OS"
|
||||
arch="noarch"
|
||||
url="https://github.com/Rudd-O/qubes-pass"
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
|
||||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
pkgname=qubes-usb-proxy
|
||||
pkgver=1.1.5
|
||||
pkgver=1.2.1
|
||||
_gittag="v$pkgver"
|
||||
pkgrel=0
|
||||
pkgrel=1
|
||||
pkgdesc="The Qubes service for proxying USB devices"
|
||||
arch="noarch"
|
||||
url="https://github.com/QubesOS/qubes-app-linux-usb-proxy"
|
||||
|
@ -32,5 +31,5 @@ package() {
|
|||
done
|
||||
}
|
||||
sha512sums="
|
||||
27d28faec2ab9cc9df1e361dac244bc1b10afc406860ca2e3fc2dff3b666c6adaed615625aeba785918f8e08cffb215ef028698a178d795e586740caf1566fc9 qubes-usb-proxy-v1.1.5.tar.gz
|
||||
e034ce9ec163fdcd4ad2ceb0cb1f5158ae670484b589a34ef610731a379f0f76f280cabb195c2e97228bbeb61cfb9296ccc89ad533a050f0d464a50724724cbb qubes-usb-proxy-v1.2.1.tar.gz
|
||||
"
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
|
||||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
pkgname=qubes-vm-core
|
||||
subpackages="
|
||||
qubes-vm-networking:networking:noarch
|
||||
|
@ -8,8 +7,8 @@ subpackages="
|
|||
$pkgname-openrc
|
||||
$pkgname-doc
|
||||
"
|
||||
pkgver=4.1.44
|
||||
pkgrel=0
|
||||
pkgver=4.1.48
|
||||
pkgrel=1
|
||||
_gittag="v$pkgver"
|
||||
pkgdesc="The Qubes core files for installation inside a Qubes VM."
|
||||
arch="x86_64"
|
||||
|
@ -17,10 +16,14 @@ url="https://github.com/QubesOS/qubes-core-agent-linux"
|
|||
license="GPL"
|
||||
options="!check" # No testsuite
|
||||
depends="
|
||||
blkid
|
||||
coreutils
|
||||
dconf
|
||||
desktop-file-utils
|
||||
device-mapper
|
||||
diffutils
|
||||
e2fsprogs
|
||||
e2fsprogs-extra
|
||||
ethtool
|
||||
fakeroot
|
||||
gawk
|
||||
|
@ -35,7 +38,6 @@ depends="
|
|||
py3-dbus
|
||||
py3-gobject3
|
||||
py3-xdg
|
||||
python3
|
||||
qubes-db-vm
|
||||
qubes-libvchan-xen
|
||||
qubes-vm-utils
|
||||
|
@ -48,6 +50,7 @@ makedepends="
|
|||
gcc
|
||||
libx11-dev
|
||||
linux-pam-dev
|
||||
lsb-release-minimal
|
||||
make
|
||||
pandoc
|
||||
pkgconf
|
||||
|
@ -68,6 +71,7 @@ source="
|
|||
qubes-sysinit.openrc
|
||||
qubes-updates-proxy-forwarder.openrc
|
||||
qubes-updates-proxy.openrc
|
||||
apk-proxy.sh
|
||||
qvm-sync-clock.sh
|
||||
"
|
||||
builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v}
|
||||
|
@ -107,6 +111,9 @@ package() {
|
|||
make -C network DESTDIR="$pkgdir" install
|
||||
install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/.
|
||||
install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/.
|
||||
install -Dm644 "$srcdir"/apk-proxy.sh "$pkgdir"/etc/profile.d/apk-proxy.sh
|
||||
install -dm755 "$pkgdir"/etc/bash
|
||||
ln -s /etc/profile.d/apk-proxy.sh "$pkgdir"/etc/bash/apk-proxy.sh
|
||||
|
||||
for i in $source; do
|
||||
case $i in
|
||||
|
@ -116,7 +123,6 @@ package() {
|
|||
"$pkgdir"/etc/conf.d/${i%.*};;
|
||||
esac
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
@ -138,7 +144,6 @@ networking() {
|
|||
net-tools
|
||||
networkmanager
|
||||
nftables
|
||||
python3
|
||||
qubes-db-vm
|
||||
qubes-vm-core
|
||||
qubes-vm-utils
|
||||
|
@ -156,14 +161,15 @@ root() {
|
|||
make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
|
||||
}
|
||||
sha512sums="
|
||||
34ba5d84fa621ff25e8a9cc0d6ca69ee25bc7dbf37f13b08ccec13692ec9ebb8b12732878464e7e2909366de68727bdb66f960692be41e5186126701dfe861dd qubes-vm-core-v4.1.44.tar.gz
|
||||
c7db62f9d35984080c1665847c90d2ffba01c44ce3df2e1d76379a972beb5ed921a7c1e2de541933b9623979087d079c6da6ba2272cd7a2ee94c39a94d4af27a qubes-vm-core-v4.1.48.tar.gz
|
||||
95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc
|
||||
61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc
|
||||
da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc
|
||||
8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0 qubes-firewall.openrc
|
||||
437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f qubes-iptables.openrc
|
||||
e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30 qubes-sysinit.openrc
|
||||
b1e8af2335955e52cf1817c56296f94f8c472e68d7a17a28f516fe4f5fa8a8053d4f9333efbb007a82a06f9442a4a6cfe5f9c751de07f337e47ee04cb18b9395 qubes-updates-proxy-forwarder.openrc
|
||||
99ec0afc167866727072606aa183f0c7a539e68e0d8b9a57f6b9c129d3722c9135e1487eef438807d7138af0e669fb14608cbc1f1d5620ee9e995f294a8929f8 qubes-updates-proxy-forwarder.openrc
|
||||
29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c qubes-updates-proxy.openrc
|
||||
517d59e4699c24f23ccd59f5d4be3a519a426eee99d742c637fe1a9e69caa073621f4e9362c30182ba5a1a3eb0a769070c96e2c6b24cd8366a1f8f450a0b1c01 apk-proxy.sh
|
||||
cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh
|
||||
"
|
||||
|
|
5
qubes-vm-core/apk-proxy.sh
Normal file
5
qubes-vm-core/apk-proxy.sh
Normal file
|
@ -0,0 +1,5 @@
|
|||
# Use the update proxy over the QubesOS RPC for apk
|
||||
# /etc/init.d/qubes-updates-proxy-forwarder creates the socket to the proxy
|
||||
alias apk='https_proxy="http://127.0.0.1:8082/" http_proxy="http://127.0.0.1:8082/" apk'
|
||||
# allow aliases with sudo
|
||||
alias sudo='sudo '
|
|
@ -1,116 +1,34 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
#!/sbin/openrc-run
|
||||
# Updates proxy forwarder Startup script for the updates proxy forwarder
|
||||
#
|
||||
# chkconfig: 345 85 15
|
||||
# description: forwards connection to updates proxy over Qubes RPC
|
||||
#
|
||||
# processname: ncat
|
||||
# pidfile: /var/run/qubes-updates-proxy-forwarder.pid
|
||||
#
|
||||
# The clients should use the below shell variable exports:
|
||||
# http_proxy="http://127.0.0.1:8082/"
|
||||
# https_proxy="http://127.0.0.1:8082/"
|
||||
# For apk, see the /etc/profile.d/apk-proxy.sh alias
|
||||
|
||||
# Source function library.
|
||||
# shellcheck disable=SC1091
|
||||
. /etc/init.d/functions.sh
|
||||
name=$RC_SVCNAME
|
||||
cfgfile="/etc/qubes/$RC_SVCNAME.conf"
|
||||
command="/bin/busybox"
|
||||
command_args="nc -lk -s 127.0.0.1 -p 8082 -e /usr/bin/qrexec-client-vm @default qubes.UpdatesProxy"
|
||||
command_user="root"
|
||||
pidfile="/run/qubes/$RC_SVCNAME.pid"
|
||||
command_background="yes"
|
||||
output_log="/var/log/qubes/$RC_SVCNAME.log"
|
||||
error_log="/var/log/qubes/$RC_SVCNAME.err"
|
||||
|
||||
# Source Qubes library.
|
||||
# shellcheck source=init/functions
|
||||
. /usr/lib/qubes/init/functions
|
||||
|
||||
# Check that networking is up.
|
||||
[ "$NETWORKING" = "no" ] && exit 0
|
||||
|
||||
exec="/usr/bin/ncat"
|
||||
prog=$(basename $exec)
|
||||
pidfile="/var/run/qubes-updates-proxy-forwarder.pid"
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
[ -e /etc/sysconfig/qubes-updates-proxy-forwarder ] && . /etc/sysconfig/qubes-updates-proxy-forwarder
|
||||
|
||||
lockfile=/var/lock/subsys/qubes-updates-proxy-forwarder
|
||||
|
||||
start() {
|
||||
have_qubesdb || return
|
||||
|
||||
if ! qsvc updates-proxy-setup ; then
|
||||
# updates proxy configuration disabled
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if qsvc qubes-updates-proxy ; then
|
||||
# updates proxy running here too, avoid looping traffic back to itself
|
||||
exit 0
|
||||
fi
|
||||
|
||||
[ -x $exec ] || exit 5
|
||||
|
||||
echo -n $"Starting $prog (as Qubes updates proxy forwarder): "
|
||||
# shellcheck disable=SC2016
|
||||
start-stop-daemon \
|
||||
--exec $exec \
|
||||
--pidfile "$pidfile" \
|
||||
--make-pidfile \
|
||||
--background \
|
||||
--start \
|
||||
-- \
|
||||
-k -l -e 'qrexec-client-vm $default qubes.UpdatesProxy'
|
||||
retval=$?
|
||||
echo
|
||||
[ $retval -eq 0 ] && touch $lockfile
|
||||
return $retval
|
||||
depend() {
|
||||
need qubes-qrexec-agent
|
||||
need net
|
||||
}
|
||||
|
||||
stop() {
|
||||
echo -n $"Stopping $prog: "
|
||||
killproc -p $pidfile "$prog"
|
||||
retval=$?
|
||||
echo
|
||||
[ $retval -eq 0 ] && rm -f $lockfile
|
||||
return $retval
|
||||
start_pre() {
|
||||
checkpath --directory --owner $command_user:qubes --mode 0775 \
|
||||
/run/qubes \
|
||||
/var/log/qubes \
|
||||
/var/run/qubes
|
||||
# TODO should fail if qubes-update-proxy is running
|
||||
# if qsvc qubes-updates-proxy ; then
|
||||
# # updates proxy running here too, avoid looping traffic back to itself
|
||||
# exit 0
|
||||
# fi
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
||||
force_reload() {
|
||||
restart
|
||||
}
|
||||
|
||||
rh_status() {
|
||||
status "$prog"
|
||||
}
|
||||
|
||||
rh_status_q() {
|
||||
rh_status >/dev/null 2>&1
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
rh_status_q && exit 0
|
||||
$1
|
||||
;;
|
||||
stop)
|
||||
rh_status_q || exit 0
|
||||
$1
|
||||
;;
|
||||
restart)
|
||||
$1
|
||||
;;
|
||||
force-reload)
|
||||
force_reload
|
||||
;;
|
||||
status)
|
||||
rh_status
|
||||
;;
|
||||
condrestart|try-restart)
|
||||
rh_status_q || exit 0
|
||||
restart
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|force-reload}"
|
||||
exit 2
|
||||
esac
|
||||
exit $?
|
||||
|
||||
|
|
2
qubes-vm-core/sudo-aliases.sh
Normal file
2
qubes-vm-core/sudo-aliases.sh
Normal file
|
@ -0,0 +1,2 @@
|
|||
# allow aliases with sudo
|
||||
alias sudo='sudo '
|
|
@ -1,10 +1,9 @@
|
|||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
|
||||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
pkgname=qubes-vm-gui-dev
|
||||
pkgver=4.1.1
|
||||
_gittag="v$pkgver"
|
||||
pkgrel=1
|
||||
pkgrel=4
|
||||
pkgdesc="Common files for Qubes GUI - protocol headers."
|
||||
arch="noarch"
|
||||
url="https://github.com/QubesOS/qubes-gui-common"
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
|
||||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
pkgname=qubes-vm-gui
|
||||
subpackages="qubes-vm-pulseaudio $pkgname-openrc"
|
||||
pkgver=4.1.31
|
||||
pkgrel=0
|
||||
pkgver=4.1.33
|
||||
pkgrel=2
|
||||
_gittag="v$pkgver"
|
||||
pkgdesc="The Qubes GUI Agent for AppVMs"
|
||||
arch="x86_64"
|
||||
|
@ -62,10 +61,6 @@ build() {
|
|||
sed 's:ExecStartPre=/bin/touch:#ExecStartPre=/bin/touch:' -i appvm-scripts/qubes-gui-agent.service
|
||||
# Ensure that qubes-gui-agent starts after user autologin
|
||||
sed 's/After=\(.*\)qubes-misc-post.service/After=\1qubes-misc-post.service getty.target/' -i appvm-scripts/qubes-gui-agent.service
|
||||
# Starts qubes-session after X11 start
|
||||
install -Dm 755 "$srcdir"/qubes-sessions.sh "$pkgdir"/etc/X11/xinit/xinitrc.d/90-qubes-sessions.sh
|
||||
# Remove broken pam and replace with adequate
|
||||
install -Dm 644 "$srcdir"/qubes-gui-agent.pam "$pkgdir"/etc/pam.d/qubes-gui-agent
|
||||
|
||||
make BACKEND_VMM="$_qubes_backend_vmm" appvm
|
||||
make appvm
|
||||
|
@ -80,6 +75,12 @@ build() {
|
|||
package() {
|
||||
make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
|
||||
install -Dm 755 "$srcdir"/qubes-gui-agent.openrc "$pkgdir"/etc/init.d/qubes-gui-agent
|
||||
|
||||
# Starts qubes-session after X11 start
|
||||
install -Dm 755 "$srcdir"/qubes-sessions.sh "$pkgdir"/etc/X11/xinit/xinitrc.d/90-qubes-sessions.sh
|
||||
|
||||
# Remove broken pam and replace with adequate
|
||||
install -Dm 644 "$srcdir"/qubes-gui-agent.pam "$pkgdir"/etc/pam.d/qubes-gui-agent
|
||||
}
|
||||
|
||||
pulseaudio() {
|
||||
|
@ -96,7 +97,7 @@ pulseaudio() {
|
|||
make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
|
||||
}
|
||||
sha512sums="
|
||||
6a72fde5b3c1c6025b13b58340bb8d3eccab05050c8cbe3741d7c18ca48826e45a3df3716d77e2dd733c119ff8db5d920faa73f05cb94049306a0dad6f58349f qubes-vm-gui-v4.1.31.tar.gz
|
||||
1ace8f7510db02c7df3eebdf633e4c0dae0e29f43e51ef7605f5ae96c838b32c0a3776c7157108181b310ae17d777e78c6a793e3100a8b28688649494e4a0bc9 qubes-vm-gui-v4.1.33.tar.gz
|
||||
f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch
|
||||
262b93b4ea172926dc18b7af372168ff3f645a02db1529cb73af3d5aa6252a75500bfbd95344a835bbf646e753018d0e27885e41a03f06247226a485edb5e028 0001-initd-fix.patch
|
||||
68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
|
||||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
pkgname=qubes-vm-qrexec
|
||||
subpackages="$pkgname-openrc $pkgname-doc"
|
||||
pkgver=4.1.22
|
||||
pkgver=4.1.24
|
||||
_gittag="v$pkgver"
|
||||
pkgrel=0
|
||||
pkgrel=2
|
||||
pkgdesc="The Qubes qrexec files (qube side)"
|
||||
arch="x86_64"
|
||||
url="https://github.com/QubesOS/qubes-core-qrexec"
|
||||
|
@ -13,17 +12,18 @@ license='GPL'
|
|||
depends="qubes-libvchan-xen"
|
||||
options="!check" # No testsuite
|
||||
makedepends="
|
||||
gcc
|
||||
grep
|
||||
make
|
||||
lsb-release-minimal
|
||||
pandoc
|
||||
pkgconf
|
||||
py3-setuptools
|
||||
lld
|
||||
qubes-libvchan-xen-dev
|
||||
"
|
||||
source="
|
||||
$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-qrexec/archive/refs/tags/$_gittag.tar.gz
|
||||
qubes-qrexec-agent.openrc
|
||||
makefile-remove-cc-cflags.patch
|
||||
agent-qrexec-fork-server-undef-fortify-source.patch
|
||||
"
|
||||
builddir="$srcdir/qubes-core-qrexec-${_gittag/v}"
|
||||
|
@ -47,13 +47,13 @@ build() {
|
|||
}
|
||||
|
||||
package() {
|
||||
export LDFLAGS="$LDFLAGS -fuse-ld=lld"
|
||||
make install-base DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
|
||||
make install-vm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
|
||||
install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent
|
||||
}
|
||||
sha512sums="
|
||||
c4d993dae87446fe73f390bdf0aa3bcfacce1a630b1f0e5f20c6ea7710c14cd9a7a0a66a66e5731dee47c6958c659e61b3c0ebea5a99a31317a52fb326650a2f qubes-vm-qrexec-v4.1.22.tar.gz
|
||||
c263c2ebc878de41c9f8bd495855955096c5c69c2e48006170a3117793a64cfd1c65eee9c8b85dfca15b45f9e49db2cf8acf7bea51433708fffa49dcde8083a0 qubes-vm-qrexec-v4.1.24.tar.gz
|
||||
e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc
|
||||
e48a06778a880915827fb2ef3e38379eb2bc6cf63f7fed79472be4732f7110b0c642c7a62a43236f53404ce69afddd40a5bc92a984403aae74caae1580c31200 makefile-remove-cc-cflags.patch
|
||||
69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch
|
||||
"
|
||||
|
|
35
qubes-vm-qrexec/makefile-remove-cc-cflags.patch
Normal file
35
qubes-vm-qrexec/makefile-remove-cc-cflags.patch
Normal file
|
@ -0,0 +1,35 @@
|
|||
diff --git a/Makefile.orig b/Makefile
|
||||
index ade10bf..7de05a4 100644
|
||||
--- a/Makefile.orig
|
||||
+++ b/Makefile
|
||||
@@ -26,7 +24,7 @@ all-base:
|
||||
$(PYTHON) setup.py build
|
||||
.PHONY: all-base
|
||||
|
||||
-install-base: all-base
|
||||
+install-base:
|
||||
+$(MAKE) install -C libqrexec
|
||||
$(PYTHON) setup.py install -O1 $(PYTHON_PREFIX_ARG) --skip-build --root $(DESTDIR)
|
||||
ln -sf qrexec-policy-exec $(DESTDIR)/usr/bin/qrexec-policy
|
||||
@@ -75,7 +73,7 @@ all-vm-selinux:
|
||||
+$(MAKE) -f /usr/share/selinux/devel/Makefile -C selinux qubes-core-qrexec.pp
|
||||
.PHONY: all-vm
|
||||
|
||||
-install-vm: all-vm
|
||||
+install-vm:
|
||||
+$(MAKE) install -C agent
|
||||
install -d $(DESTDIR)/$(SYSLIBDIR)/systemd/system -m 755
|
||||
install -t $(DESTDIR)/$(SYSLIBDIR)/systemd/system -m 644 systemd/qubes-qrexec-agent.service
|
||||
diff --git a/agent/Makefile.orig b/agent/Makefile
|
||||
index e1500f1..d75f60e 100644
|
||||
--- a/agent/Makefile.orig
|
||||
+++ b/agent/Makefile
|
||||
@@ -32,7 +32,7 @@ else
|
||||
endif
|
||||
|
||||
|
||||
-install: all
|
||||
+install:
|
||||
install -d $(DESTDIR)/etc/qubes-rpc $(DESTDIR)/usr/lib/qubes \
|
||||
$(DESTDIR)/usr/bin $(DESTDIR)/usr/share/man/man1
|
||||
install qrexec-agent $(DESTDIR)/usr/lib/qubes
|
|
@ -1,13 +1,12 @@
|
|||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
|
||||
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
|
||||
pkgname=qubes-vm-utils
|
||||
subpackages="
|
||||
qubes-vm-kernel-support:support:noarch
|
||||
$pkgname-openrc
|
||||
"
|
||||
pkgver=4.1.19
|
||||
pkgrel=0
|
||||
pkgver=4.1.20
|
||||
pkgrel=1
|
||||
_gittag="v$pkgver"
|
||||
pkgdesc="Common Linux files for Qubes VM."
|
||||
arch="x86_64"
|
||||
|
@ -58,6 +57,6 @@ support() {
|
|||
install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh
|
||||
}
|
||||
sha512sums="
|
||||
adfa6190af80e8ff92b899056370b8e820820154dcbad2d141debc72a6f122d94894eb0ffd5f56715db8ff7c3166c63b8832a78f70c35d86d42af071297b7d35 qubes-vm-utils-v4.1.19.tar.gz
|
||||
fda4dde19b4a413da269442cd214682518dc0f83c69b02a1383dc448a974b59ac9bd85a49c3125938acbf03708df6f364c24f0bc7c8f8d98ef7b318486aa9c02 qubes-vm-utils-v4.1.20.tar.gz
|
||||
aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3 qubes-meminfo-writer.openrc
|
||||
"
|
||||
|
|
Loading…
Reference in a new issue