[4.2] *: rebuild for v3.21 release #135

Merged
forge merged 3 commits from 4.2/3.21 into r4.2 2024-12-01 02:21:32 +00:00
18 changed files with 289 additions and 167 deletions

268
.forgejo/bin/build.sh Executable file
View file

@ -0,0 +1,268 @@
#!/bin/sh
# shellcheck disable=SC3043
. /usr/local/lib/functions.sh
# shellcheck disable=SC3040
set -eu -o pipefail
readonly APORTSDIR=$CI_PROJECT_DIR
readonly REPOS="main community testing"
readonly ARCH=$(apk --print-arch)
# gitlab variables
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
: "${REPODEST:=$HOME/packages}"
: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}"
: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
: "${MAX_ARTIFACT_SIZE:=300000000}" #300M
: "${CI_DEBUG_BUILD:=}"
: "${CI_ALPINE_BUILD_OFFSET:=0}"
: "${CI_ALPINE_BUILD_LIMIT:=9999}"
msg() {
local color=${2:-green}
case "$color" in
red) color="31";;
green) color="32";;
yellow) color="33";;
blue) color="34";;
*) color="32";;
esac
printf "\033[1;%sm>>>\033[1;0m %s\n" "$color" "$1" | xargs >&2
}
verbose() {
echo "> " "$@"
# shellcheck disable=SC2068
$@
}
debugging() {
[ -n "$CI_DEBUG_BUILD" ]
}
debug() {
if debugging; then
verbose "$@"
fi
}
die() {
msg "$1" red
exit 1
}
capture_stderr() {
"$@" 2>&1
}
report() {
report=$1
reportsdir=$APORTSDIR/logs/
mkdir -p "$reportsdir"
tee -a "$reportsdir/$report.log"
}
get_release() {
echo $CI_ALPINE_TARGET
}
get_qubes_release() {
case $BASEBRANCH in
r*) echo $BASEBRANCH;;
main) echo r4.3;;
esac
}
changed_aports() {
: "${APORTSDIR?APORTSDIR missing}"
: "${BASEBRANCH?BASEBRANCH missing}"
cd "$APORTSDIR"
local aports
aports=$(git diff --name-only --diff-filter=ACMR \
"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
# shellcheck disable=2086
ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
}
build_aport() {
local repo="$1" aport="$2"
cd "$APORTSDIR/$repo/$aport"
if abuild -r 2>&1 | report "build-$aport"; then
checkapk 2>&1 | report "checkapk-$aport" || true
aport_ok="$aport_ok $repo/$aport"
else
aport_ng="$aport_ng $repo/$aport"
fi
}
check_aport() {
local repo="$1" aport="$2"
cd "$APORTSDIR/$repo/$aport"
if ! abuild check_arch 2>/dev/null; then
aport_na="$aport_na $repo/$aport"
return 1
fi
}
set_repositories_for() {
local target_repo="$1" repos='' repo=''
local release
release=$(get_release)
for repo in qubes-$(get_qubes_release); do
[ "$repo" = "non-free" ] && continue
[ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue
repos="$repos $MIRROR/$release/$repo $REPODEST/$repo"
[ "$repo" = "$target_repo" ] && break
done
doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
doas apk update || true
}
apply_offset_limit() {
start=$1
limit=$2
end=$((start+limit))
sed -n "$((start+1)),${end}p"
}
setup_system() {
local repos='' repo=''
local release
release=$(get_release)
for repo in $REPOS; do
[ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
repos="$repos $ALPINE_MIRROR/$release/$repo"
done
doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system"
abuild-keygen -ain
doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
( . /usr/share/abuild/default.conf; . /etc/abuild.conf; echo "Building with ${JOBS-1} jobs" )
mkdir -p "$REPODEST"
git config --global init.defaultBranch master
}
sysinfo() {
printf ">>> Host system information (arch: %s, release: %s) <<<\n" "$ARCH" "$(get_release)"
printf "- Number of Cores: %s\n" "$(nproc)"
printf "- Memory: %s Gb\n" "$(awk '/^MemTotal/ {print ($2/1024/1024)}' /proc/meminfo)"
printf "- Free space: %s\n" "$(df -hP / | awk '/\/$/ {print $4}')"
}
copy_artifacts() {
cd "$APORTSDIR"
packages_size="$(du -sk "$REPODEST" | awk '{print $1 * 1024}')"
if [ -z "$packages_size" ]; then
return
fi
echo "Artifact size: $packages_size bytes"
mkdir -p keys/ packages/
if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then
msg "Copying packages for artifact upload"
cp -ar "$REPODEST"/* packages/ 2>/dev/null
cp ~/.abuild/*.rsa.pub keys/
else
msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow
fi
}
section_start setup "Setting up the system" collapse
if debugging; then
set -x
fi
aport_ok=
aport_na=
aport_ng=
failed=
sysinfo || true
setup_system || die "Failed to setup system"
# git no longer allows to execute in repositories owned by different users
doas chown -R buildozer: .
fetch_flags="-qn"
debugging && fetch_flags="-v"
git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
if debugging; then
merge_base=$(git merge-base "$BASEBRANCH" HEAD) || echo "Could not determine merge-base"
echo "Merge base: $merge_base"
git --version
git config -l
[ -n "$merge_base" ] && git tag -f merge-base "$merge_base"
git --no-pager log -200 --oneline --graph --decorate --all
fi
section_end setup
build_start=$CI_ALPINE_BUILD_OFFSET
build_limit=$CI_ALPINE_BUILD_LIMIT
set_repositories_for $(get_qubes_release)
built_aports=0
changed_aports_in_repo=$(changed_aports $BASEBRANCH)
changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
msg "Changed aports:"
# shellcheck disable=SC2086 # Splitting is expected here
printf " - %s\n" $changed_aports_to_build
for pkgname in $changed_aports_to_build; do
section_start "build_$pkgname" "Building package $pkgname"
built_aports=$((built_aports+1))
if check_aport . "$pkgname"; then
build_aport . "$pkgname"
fi
section_end "build_$pkgname"
done
section_start artifacts "Handeling artifacts" collapse
copy_artifacts || true
section_end artifacts
section_start summary "Build summary"
echo "### Build summary ###"
for ok in $aport_ok; do
msg "$ok: build succesfully"
done
for na in $aport_na; do
msg "$na: disabled for $ARCH" yellow
done
for ng in $aport_ng; do
msg "$ng: build failed" red
failed=true
done
section_end summary
if [ "$failed" = true ]; then
exit 1
elif [ -z "$aport_ok" ]; then
msg "No packages found to be built." yellow
fi

View file

@ -1,140 +0,0 @@
diff --git a/usr/local/bin/build.sh.orig b/usr/local/bin/build.sh
old mode 100644
new mode 100755
index c3b8f7a..0b1c9a5
--- a/usr/local/bin/build.sh.orig
+++ b/usr/local/bin/build.sh
@@ -7,13 +7,14 @@
set -eu -o pipefail
readonly APORTSDIR=$CI_PROJECT_DIR
-readonly REPOS="main community testing non-free"
+readonly REPOS="main community testing"
readonly ARCH=$(apk --print-arch)
# gitlab variables
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
: "${REPODEST:=$HOME/packages}"
-: "${MIRROR:=https://dl-cdn.alpinelinux.org/alpine}"
+: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}"
+: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
: "${MAX_ARTIFACT_SIZE:=300000000}" #300M
: "${CI_DEBUG_BUILD:=}"
@@ -67,13 +68,32 @@ report() {
}
get_release() {
+ echo $CI_ALPINE_TARGET
+}
+
+
+get_qubes_release() {
case $BASEBRANCH in
- *-stable) echo v"${BASEBRANCH%-*}";;
- master) echo edge;;
- *) die "Branch \"$BASEBRANCH\" not supported!"
+ r*) echo $BASEBRANCH;;
+ main) echo r4.3;;
esac
}
+changed_aports() {
+ : "${APORTSDIR?APORTSDIR missing}"
+ : "${BASEBRANCH?BASEBRANCH missing}"
+
+ cd "$APORTSDIR"
+ local aports
+
+ aports=$(git diff --name-only --diff-filter=ACMR \
+ "$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
+
+ # shellcheck disable=2086
+ ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
+}
+
+
build_aport() {
local repo="$1" aport="$2"
cd "$APORTSDIR/$repo/$aport"
@@ -99,13 +119,13 @@ set_repositories_for() {
local release
release=$(get_release)
- for repo in $REPOS; do
+ for repo in qubes-$(get_qubes_release); do
[ "$repo" = "non-free" ] && continue
- [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
+ [ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue
repos="$repos $MIRROR/$release/$repo $REPODEST/$repo"
[ "$repo" = "$target_repo" ] && break
done
- doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
+ doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
doas apk update
}
@@ -118,7 +138,15 @@ apply_offset_limit() {
}
setup_system() {
- doas sh -c "echo $MIRROR/$(get_release)/main > /etc/apk/repositories"
+ local repos='' repo=''
+ local release
+
+ release=$(get_release)
+ for repo in $REPOS; do
+ [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
+ repos="$repos $ALPINE_MIRROR/$release/$repo"
+ done
+ doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system"
abuild-keygen -ain
doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
@@ -192,32 +220,22 @@ section_end setup
build_start=$CI_ALPINE_BUILD_OFFSET
build_limit=$CI_ALPINE_BUILD_LIMIT
-for repo in $(changed_repos); do
- set_repositories_for "$repo"
- built_aports=0
- changed_aports_in_repo=$(changed_aports "$repo")
- changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
- changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
+set_repositories_for $(get_qubes_release)
+built_aports=0
+changed_aports_in_repo=$(changed_aports $BASEBRANCH)
+changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
+changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
- msg "Changed aports in $repo:"
- # shellcheck disable=SC2086 # Splitting is expected here
- printf " - %s\n" $changed_aports_to_build
- for pkgname in $changed_aports_to_build; do
- section_start "build_$pkgname" "Building package $pkgname"
- built_aports=$((built_aports+1))
- if check_aport "$repo" "$pkgname"; then
- build_aport "$repo" "$pkgname"
- fi
- section_end "build_$pkgname"
- done
-
- build_start=$((build_start-(changed_aports_in_repo_count-built_aports)))
- build_limit=$((build_limit-built_aports))
-
- if [ $build_limit -le 0 ]; then
- msg "Limit reached, breaking"
- break
+msg "Changed aports:"
+# shellcheck disable=SC2086 # Splitting is expected here
+printf " - %s\n" $changed_aports_to_build
+for pkgname in $changed_aports_to_build; do
+ section_start "build_$pkgname" "Building package $pkgname"
+ built_aports=$((built_aports+1))
+ if check_aport . "$pkgname"; then
+ build_aport . "$pkgname"
fi
+ section_end "build_$pkgname"
done
section_start artifacts "Handeling artifacts" collapse

View file

@ -24,9 +24,7 @@ jobs:
with: with:
fetch-depth: 500 fetch-depth: 500
- name: Package build - name: Package build
run: | run: ${{ github.workspace }}/.forgejo/bin/build.sh
doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
build.sh
- name: Package upload - name: Package upload
uses: forgejo/upload-artifact@v3 uses: forgejo/upload-artifact@v3
with: with:

View file

@ -24,9 +24,7 @@ jobs:
with: with:
fetch-depth: 500 fetch-depth: 500
- name: Package build - name: Package build
run: | run: ${{ github.workspace }}/.forgejo/bin/build.sh
doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
build.sh
- name: Package upload - name: Package upload
uses: forgejo/upload-artifact@v3 uses: forgejo/upload-artifact@v3
with: with:

View file

@ -3,7 +3,7 @@ on:
types: [ assigned, opened, synchronize, reopened ] types: [ assigned, opened, synchronize, reopened ]
jobs: jobs:
build-v3.19: build-v3.21:
runs-on: x86_64 runs-on: x86_64
container: container:
image: alpinelinux/alpine-gitlab-ci:latest image: alpinelinux/alpine-gitlab-ci:latest
@ -12,7 +12,7 @@ jobs:
CI_DEBUG_BUILD: ${{ runner.debug }} CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }} CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }} CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
CI_ALPINE_TARGET: v3.19 CI_ALPINE_TARGET: v3.21
steps: steps:
- name: Environment setup - name: Environment setup
run: | run: |
@ -24,23 +24,21 @@ jobs:
with: with:
fetch-depth: 500 fetch-depth: 500
- name: Package build - name: Package build
run: | run: ${{ github.workspace }}/.forgejo/bin/build.sh
doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
build.sh
- name: Package upload - name: Package upload
uses: forgejo/upload-artifact@v3 uses: forgejo/upload-artifact@v3
with: with:
name: package name: package
path: packages path: packages
deploy-v3.19: deploy-v3.21:
needs: [build-v3.19] needs: [build-v3.21]
runs-on: x86_64 runs-on: x86_64
container: container:
image: alpine:latest image: alpine:latest
env: env:
CI_ALPINE_TARGET: v3.21
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine' CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
CI_ALPINE_TARGET: v3.19
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }} FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }} FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
steps: steps:

View file

@ -3,7 +3,7 @@
pkgname=qubes-app-linux-druide-antidote pkgname=qubes-app-linux-druide-antidote
pkgver=0.0.1_git20240201 pkgver=0.0.1_git20240201
_gittag=c724c88aa2a20b1e422b464499015ff05753316d _gittag=c724c88aa2a20b1e422b464499015ff05753316d
pkgrel=1 pkgrel=2
arch="noarch" arch="noarch"
pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file" pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file"
url=https://github.com/neowutran/qubes-app-linux-druide-antidote url=https://github.com/neowutran/qubes-app-linux-druide-antidote

View file

@ -3,7 +3,7 @@
pkgname=qubes-db-vm pkgname=qubes-db-vm
subpackages="$pkgname-openrc" subpackages="$pkgname-openrc"
pkgver=4.2.6 pkgver=4.2.6
pkgrel=1 pkgrel=2
_gittag="v$pkgver" _gittag="v$pkgver"
pkgdesc="QubesDB libs and daemon service." pkgdesc="QubesDB libs and daemon service."
arch="x86_64" arch="x86_64"

View file

@ -4,7 +4,7 @@ pkgname=qubes-gpg-split
subpackages="$pkgname-doc" subpackages="$pkgname-doc"
pkgver=2.0.75 pkgver=2.0.75
_gittag="v$pkgver" _gittag="v$pkgver"
pkgrel=0 pkgrel=1
pkgdesc="Used Qubes AppVM as a “smart card”" pkgdesc="Used Qubes AppVM as a “smart card”"
arch="x86_64" arch="x86_64"
url="https://github.com/QubesOS/qubes-app-linux-split-gpg" url="https://github.com/QubesOS/qubes-app-linux-split-gpg"

View file

@ -3,7 +3,7 @@
pkgname=qubes-input-proxy pkgname=qubes-input-proxy
pkgver=1.0.39 pkgver=1.0.39
_gittag=v$pkgver _gittag=v$pkgver
pkgrel=0 pkgrel=1
pkgdesc="The Qubes service for proxying input devices" pkgdesc="The Qubes service for proxying input devices"
arch="x86_64" arch="x86_64"
url="https://github.com/QubesOS/qubes-app-linux-input-proxy" url="https://github.com/QubesOS/qubes-app-linux-input-proxy"

View file

@ -2,7 +2,7 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net> # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-libvchan-xen pkgname=qubes-libvchan-xen
pkgver=4.2.4 pkgver=4.2.4
pkgrel=1 pkgrel=2
_gittag=v$pkgver _gittag=v$pkgver
pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM."
arch="x86_64" arch="x86_64"

View file

@ -7,7 +7,7 @@ subpackages="
" "
pkgver=4.2.14 pkgver=4.2.14
_gittag="v$pkgver" _gittag="v$pkgver"
pkgrel=0 pkgrel=1
pkgdesc="Meta packages for Qubes-specific components" pkgdesc="Meta packages for Qubes-specific components"
arch="noarch" arch="noarch"
url="https://github.com/QubesOS/qubes-meta-packages" url="https://github.com/QubesOS/qubes-meta-packages"

View file

@ -3,7 +3,7 @@
pkgname=qubes-pass pkgname=qubes-pass
pkgver=0.1.0 pkgver=0.1.0
_gittag="v$pkgver" _gittag="v$pkgver"
pkgrel=4 pkgrel=5
pkgdesc="An inter-VM password manager for Qubes OS" pkgdesc="An inter-VM password manager for Qubes OS"
arch="noarch" arch="noarch"
url="https://github.com/Rudd-O/qubes-pass" url="https://github.com/Rudd-O/qubes-pass"

View file

@ -3,7 +3,7 @@
pkgname=qubes-usb-proxy pkgname=qubes-usb-proxy
pkgver=1.3.2 pkgver=1.3.2
_gittag="v$pkgver" _gittag="v$pkgver"
pkgrel=0 pkgrel=1
pkgdesc="The Qubes service for proxying USB devices" pkgdesc="The Qubes service for proxying USB devices"
arch="noarch" arch="noarch"
url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy"

View file

@ -9,7 +9,7 @@ subpackages="
$pkgname-pyc $pkgname-pyc
" "
pkgver=4.2.38 pkgver=4.2.38
pkgrel=0 pkgrel=1
_gittag="v$pkgver" _gittag="v$pkgver"
pkgdesc="The Qubes core files for installation inside a Qubes VM." pkgdesc="The Qubes core files for installation inside a Qubes VM."
arch="x86_64" arch="x86_64"

View file

@ -3,7 +3,7 @@
pkgname=qubes-vm-gui-dev pkgname=qubes-vm-gui-dev
pkgver=4.2.5 pkgver=4.2.5
_gittag="v$pkgver" _gittag="v$pkgver"
pkgrel=0 pkgrel=1
pkgdesc="Common files for Qubes GUI - protocol headers." pkgdesc="Common files for Qubes GUI - protocol headers."
arch="noarch" arch="noarch"
url="https://github.com/QubesOS/qubes-gui-common" url="https://github.com/QubesOS/qubes-gui-common"

View file

@ -6,7 +6,7 @@ subpackages="
qubes-vm-pipewire qubes-vm-pipewire
$pkgname-openrc" $pkgname-openrc"
pkgver=4.2.19 pkgver=4.2.19
pkgrel=0 pkgrel=1
_gittag="v$pkgver" _gittag="v$pkgver"
pkgdesc="The Qubes GUI Agent for AppVMs" pkgdesc="The Qubes GUI Agent for AppVMs"
arch="x86_64" arch="x86_64"

View file

@ -4,7 +4,7 @@ pkgname=qubes-vm-qrexec
subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc"
pkgver=4.2.22 pkgver=4.2.22
_gittag="v$pkgver" _gittag="v$pkgver"
pkgrel=1 pkgrel=2
pkgdesc="The Qubes qrexec files (qube side)" pkgdesc="The Qubes qrexec files (qube side)"
arch="x86_64" arch="x86_64"
url="https://github.com/QubesOS/qubes-core-qrexec" url="https://github.com/QubesOS/qubes-core-qrexec"

View file

@ -7,7 +7,7 @@ subpackages="
$pkgname-pyc $pkgname-pyc
" "
pkgver=4.2.17 pkgver=4.2.17
pkgrel=4 pkgrel=5
_gittag="v$pkgver" _gittag="v$pkgver"
pkgdesc="Common Linux files for Qubes VM." pkgdesc="Common Linux files for Qubes VM."
arch="x86_64" arch="x86_64"