Compare commits
10 commits
alpine320-
...
r4.2
Author | SHA1 | Date | |
---|---|---|---|
ad50a8679f | |||
a789b33382 | |||
0370c1b641 | |||
c850a81498 | |||
57cc5b49b3 | |||
a8b3f4c64d | |||
ac8b32880b | |||
7554d1246d | |||
4b365531b5 | |||
e358235d30 |
10 changed files with 570 additions and 122 deletions
29
.forgejo/bin/deploy.sh
Executable file
29
.forgejo/bin/deploy.sh
Executable file
|
@ -0,0 +1,29 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# shellcheck disable=SC3040
|
||||||
|
set -eu -o pipefail
|
||||||
|
|
||||||
|
readonly REPOS="backports user"
|
||||||
|
readonly QUBES_REL=$( echo $GITHUB_REF_NAME | awk -F '-' '{print $2}')
|
||||||
|
readonly TARGET_REPO=$CI_RPM_REPO
|
||||||
|
|
||||||
|
readonly group="qubes/$QUBES_REL"
|
||||||
|
readonly rpm=$(find . -name 'qubes-template-*.rpm')
|
||||||
|
|
||||||
|
echo "Signing $rpm"
|
||||||
|
gpg --import <<< $FORGE_REPO_PRIVKEY
|
||||||
|
gpg --export -a > forge-repo.pub
|
||||||
|
rpm --import forge-repo.pub
|
||||||
|
|
||||||
|
cat << EOF > $HOME/.rpmmacros
|
||||||
|
%_signature gpg
|
||||||
|
%_gpg_path $HOME/.gnupg
|
||||||
|
%_gpg_name RPM Registry
|
||||||
|
%_gpgbin /usr/bin/gpg
|
||||||
|
EOF
|
||||||
|
|
||||||
|
rpm --addsign $rpm
|
||||||
|
|
||||||
|
echo "Sending $rpm to $TARGET_REPO/$group/upload"
|
||||||
|
curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $rpm $TARGET_REPO/$group/upload
|
||||||
|
|
184
.forgejo/patches/linux-template-builder_use-fuse.patch
Normal file
184
.forgejo/patches/linux-template-builder_use-fuse.patch
Normal file
|
@ -0,0 +1,184 @@
|
||||||
|
diff --git a/cleanup_image b/cleanup_image
|
||||||
|
index 224c04a..911b238 100755
|
||||||
|
--- a/cleanup_image
|
||||||
|
+++ b/cleanup_image
|
||||||
|
@@ -1,6 +1,7 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
export INSTALLDIR=$1
|
||||||
|
+export TEMPLATE_USE_FUSE=1
|
||||||
|
|
||||||
|
. ./builder_setup
|
||||||
|
|
||||||
|
@@ -20,5 +21,8 @@ fi
|
||||||
|
echo "--> Cleaning up image file..."
|
||||||
|
$SCRIPTSDIR/09_cleanup.sh
|
||||||
|
|
||||||
|
-echo "--> Compacting image file..."
|
||||||
|
-/sbin/fstrim -v "$INSTALLDIR"
|
||||||
|
+# fstrim not supported in userspace
|
||||||
|
+if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
|
||||||
|
+ echo "--> Compacting image file..."
|
||||||
|
+ /sbin/fstrim -v "$INSTALLDIR"
|
||||||
|
+fi
|
||||||
|
diff --git a/prepare_image b/prepare_image
|
||||||
|
index 6334879..de1a2af 100755
|
||||||
|
--- a/prepare_image
|
||||||
|
+++ b/prepare_image
|
||||||
|
@@ -19,6 +19,8 @@ RETCODE=0
|
||||||
|
. ./builder_setup >/dev/null
|
||||||
|
. ./umount_kill.sh >/dev/null
|
||||||
|
|
||||||
|
+export TEMPLATE_USE_FUSE=1
|
||||||
|
+
|
||||||
|
if ! [ $# -eq 1 ]; then
|
||||||
|
echo "usage ${0} <img_file_name>"
|
||||||
|
exit
|
||||||
|
@@ -55,11 +57,20 @@ echo "-> Preparing instalation of ${DIST} template..."
|
||||||
|
if [ -f "${IMG}" ]; then
|
||||||
|
echo "-> Image file already exists, assuming *update*..."
|
||||||
|
if [ "0$TEMPLATE_ROOT_WITH_PARTITIONS" -eq 1 ]; then
|
||||||
|
- IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
|
||||||
|
- IMG_DEV=${IMG_LOOP}p3
|
||||||
|
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true"
|
||||||
|
+ exit
|
||||||
|
+ else
|
||||||
|
+ IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
|
||||||
|
+ IMG_DEV=${IMG_LOOP}p3
|
||||||
|
+ fi
|
||||||
|
else
|
||||||
|
- IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
|
||||||
|
- IMG_DEV=${IMG_LOOP}
|
||||||
|
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ IMG_DEV=$IMG
|
||||||
|
+ else
|
||||||
|
+ IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
|
||||||
|
+ IMG_DEV=${IMG_LOOP}
|
||||||
|
+ fi
|
||||||
|
fi
|
||||||
|
udevadm settle --exit-if-exists="$IMG_DEV"
|
||||||
|
else
|
||||||
|
@@ -78,11 +89,20 @@ size=2MiB, type=21686148-6449-6E6F-744E-656564454649, uuid=1e6c9db4-1e91-46c4-84
|
||||||
|
type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=693244e6-3e07-47bf-ad79-acade4293fe7, name="Root filesystem"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
- IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
|
||||||
|
- IMG_DEV=${IMG_LOOP}p3
|
||||||
|
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true"
|
||||||
|
+ exit
|
||||||
|
+ else
|
||||||
|
+ IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
|
||||||
|
+ IMG_DEV=${IMG_LOOP}p3
|
||||||
|
+ fi
|
||||||
|
else
|
||||||
|
- IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
|
||||||
|
- IMG_DEV=${IMG_LOOP}
|
||||||
|
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ IMG_DEV=$IMG
|
||||||
|
+ else
|
||||||
|
+ IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
|
||||||
|
+ IMG_DEV=${IMG_LOOP}
|
||||||
|
+ fi
|
||||||
|
fi
|
||||||
|
udevadm settle --exit-if-exists="$IMG_DEV"
|
||||||
|
|
||||||
|
@@ -90,7 +110,9 @@ EOF
|
||||||
|
/sbin/mkfs.ext4 -q -F "${IMG_DEV}" || exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
-mount "${IMG_DEV}" "${INSTALLDIR}" || exit 1
|
||||||
|
+if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ fuse2fs "${IMG_DEV}" "${INSTALLDIR}" || exit 1
|
||||||
|
+fi
|
||||||
|
trap "umount_kill $(readlink -m ${INSTALLDIR})" EXIT
|
||||||
|
"${SCRIPTSDIR}/01_install_core.sh"
|
||||||
|
|
||||||
|
@@ -107,6 +129,8 @@ trap - EXIT
|
||||||
|
|
||||||
|
echo "-> Unmounting prepared_image..."
|
||||||
|
umount_kill "$(readlink -m ${INSTALLDIR})" || true
|
||||||
|
-/sbin/losetup -d ${IMG_LOOP}
|
||||||
|
+if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
|
||||||
|
+ /sbin/losetup -d ${IMG_LOOP}
|
||||||
|
+fi
|
||||||
|
|
||||||
|
exit ${RETCODE}
|
||||||
|
diff --git a/qubeize_image b/qubeize_image
|
||||||
|
index 19c37cb..9e5179d 100755
|
||||||
|
--- a/qubeize_image
|
||||||
|
+++ b/qubeize_image
|
||||||
|
@@ -13,6 +13,8 @@ export CLEANIMG="$1"
|
||||||
|
export NAME="$2"
|
||||||
|
export LC_ALL=POSIX
|
||||||
|
|
||||||
|
+export TEMPLATE_USE_FUSE=1
|
||||||
|
+
|
||||||
|
. ./builder_setup >/dev/null
|
||||||
|
. ./umount_kill.sh >/dev/null
|
||||||
|
|
||||||
|
@@ -50,7 +52,9 @@ function cleanup() {
|
||||||
|
trap - ERR
|
||||||
|
trap
|
||||||
|
umount_kill "$PWD/mnt" || true
|
||||||
|
- /sbin/losetup -d ${IMG_LOOP}
|
||||||
|
+ if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
|
||||||
|
+ /sbin/losetup -d ${IMG_LOOP}
|
||||||
|
+ fi
|
||||||
|
exit $errval
|
||||||
|
}
|
||||||
|
trap cleanup ERR
|
||||||
|
@@ -72,14 +76,27 @@ fi
|
||||||
|
echo "--> Mounting $IMG"
|
||||||
|
mkdir -p mnt
|
||||||
|
if [ "0$TEMPLATE_ROOT_WITH_PARTITIONS" -eq 1 ]; then
|
||||||
|
- IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
|
||||||
|
- IMG_DEV=${IMG_LOOP}p3
|
||||||
|
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true"
|
||||||
|
+ exit
|
||||||
|
+ else
|
||||||
|
+ IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
|
||||||
|
+ IMG_DEV=${IMG_LOOP}p3
|
||||||
|
+ fi
|
||||||
|
else
|
||||||
|
- IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
|
||||||
|
- IMG_DEV=${IMG_LOOP}
|
||||||
|
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ IMG_DEV=$IMG
|
||||||
|
+ else
|
||||||
|
+ IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
|
||||||
|
+ IMG_DEV=${IMG_LOOP}
|
||||||
|
+ fi
|
||||||
|
fi
|
||||||
|
udevadm settle --exit-if-exists="$IMG_DEV"
|
||||||
|
-mount "$IMG_DEV" mnt || exit 1
|
||||||
|
+if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ fuse2fs "$IMG_DEV" mnt
|
||||||
|
+else
|
||||||
|
+ mount "$IMG_DEV" mnt || exit 1
|
||||||
|
+fi
|
||||||
|
export INSTALLDIR=mnt
|
||||||
|
|
||||||
|
# prepare for template.conf, so the qubeize script may generate it dynamically
|
||||||
|
@@ -159,7 +176,9 @@ ls -als $IMG
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
echo "--> Unmounting $IMG"
|
||||||
|
umount_kill "$PWD/mnt" || true
|
||||||
|
-/sbin/losetup -d ${IMG_LOOP}
|
||||||
|
+if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
|
||||||
|
+ /sbin/losetup -d ${IMG_LOOP}
|
||||||
|
+fi
|
||||||
|
|
||||||
|
echo "Qubeized image stored at: $IMG"
|
||||||
|
|
||||||
|
diff --git a/templates.spec b/templates.spec
|
||||||
|
index e1a82e9..210ef57 100644
|
||||||
|
--- a/templates.spec
|
||||||
|
+++ b/templates.spec
|
||||||
|
@@ -193,3 +193,4 @@ rm -rf $RPM_BUILD_ROOT
|
||||||
|
%attr (664,root,qubes) %{dest_dir}/vm-whitelisted-appmenus.list
|
||||||
|
%attr (664,root,qubes) %{dest_dir}/netvm-whitelisted-appmenus.list
|
||||||
|
%attr (664,root,qubes) %{dest_dir}/template.conf
|
||||||
|
+%define _arch x86_64
|
80
.forgejo/workflows/release-build.yaml
Normal file
80
.forgejo/workflows/release-build.yaml
Normal file
|
@ -0,0 +1,80 @@
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
tags:
|
||||||
|
- 'alpine*'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
release-build:
|
||||||
|
runs-on: x86_64
|
||||||
|
container:
|
||||||
|
image: alpine:latest
|
||||||
|
env:
|
||||||
|
QUBES_REL: r4.2
|
||||||
|
DIST: alpine320
|
||||||
|
steps:
|
||||||
|
- name: Environment setup
|
||||||
|
run: |
|
||||||
|
apk add rpm wget coreutils eudev e2fsprogs xen doas sudo curl nodejs git alpine-sdk fuse2fs patch findutils grep
|
||||||
|
cd /etc/apk/keys
|
||||||
|
curl -JO https://ayakael.net/api/packages/forge/alpine/key
|
||||||
|
- name: Repo pull
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 500
|
||||||
|
- name: RPM build
|
||||||
|
run: |
|
||||||
|
git clone https://github.com/QubesOS/qubes-builder
|
||||||
|
mkdir qubes-builder/qubes-src
|
||||||
|
ln -s $GITHUB_WORKSPACE qubes-builder/qubes-src/builder-alpine
|
||||||
|
cp builder.conf qubes-builder/.
|
||||||
|
git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
|
||||||
|
patch -d qubes-builder/qubes-src/linux-template-builder -p1 -i $GITHUB_WORKSPACE/.forgejo/patches/linux-template-builder_use-fuse.patch
|
||||||
|
echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
|
||||||
|
echo "4.2.0" > qubes-builder/qubes-src/linux-template-builder/version
|
||||||
|
sed "s|DISTS_VM :.*|DISTS_VM := $DIST|" -i ./qubes-builder/builder.conf
|
||||||
|
cd qubes-builder
|
||||||
|
make linux-template-builder
|
||||||
|
cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/.
|
||||||
|
- name: Package upload
|
||||||
|
uses: forgejo/upload-artifact@v3
|
||||||
|
with:
|
||||||
|
name: package
|
||||||
|
path: qubes-template-*.rpm
|
||||||
|
release-deploy:
|
||||||
|
needs: [release-build]
|
||||||
|
runs-on: x86_64
|
||||||
|
container:
|
||||||
|
image: alpine:latest
|
||||||
|
env:
|
||||||
|
CI_RPM_REPO: 'https://ayakael.net/api/packages/forge/rpm'
|
||||||
|
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
|
||||||
|
FORGE_REPO_PRIVKEY: ${{ secrets.FORGE_REPO_PRIVKEY }}
|
||||||
|
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
|
||||||
|
steps:
|
||||||
|
- name: Setting up environment
|
||||||
|
run: apk add nodejs curl findutils git gawk bash rpm gpg gpg-agent
|
||||||
|
- name: Repo pull
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
- name: Package download
|
||||||
|
uses: forgejo/download-artifact@v3
|
||||||
|
- name: Package deployment
|
||||||
|
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh
|
||||||
|
release-create:
|
||||||
|
needs: [release-build]
|
||||||
|
runs-on: x86_64
|
||||||
|
container:
|
||||||
|
image: node:latest
|
||||||
|
steps:
|
||||||
|
- name: Package download
|
||||||
|
uses: forgejo/download-artifact@v3
|
||||||
|
- name: Release creation
|
||||||
|
uses: actions/forgejo-release@v2.3.1
|
||||||
|
with:
|
||||||
|
direction: upload
|
||||||
|
url: "https://ayakael.net"
|
||||||
|
repo: "forge/qubes-builder-alpine"
|
||||||
|
verbose: true
|
||||||
|
token: "${{ secrets.FORGE_REPO_TOKEN }}"
|
||||||
|
release-dir: ./package
|
||||||
|
release-notes: "For download of template through DNF, please go to https://ayakael.net/forge/-/packages/rpm/qubes-template-alpine320"
|
||||||
|
|
41
.forgejo/workflows/test-build-319.yaml
Normal file
41
.forgejo/workflows/test-build-319.yaml
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
types: [ assigned, opened, synchronize, reopened ]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build-test-319:
|
||||||
|
runs-on: x86_64
|
||||||
|
container:
|
||||||
|
image: alpine:3.20
|
||||||
|
env:
|
||||||
|
QUBES_REL: r4.2
|
||||||
|
DIST: alpine319
|
||||||
|
steps:
|
||||||
|
- name: Environment setup
|
||||||
|
run: |
|
||||||
|
apk add rpm wget coreutils eudev e2fsprogs xen doas sudo curl nodejs git alpine-sdk fuse2fs patch findutils grep
|
||||||
|
cd /etc/apk/keys
|
||||||
|
curl -JO https://ayakael.net/api/packages/forge/alpine/key
|
||||||
|
- name: Repo pull
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 500
|
||||||
|
- name: RPM build
|
||||||
|
run: |
|
||||||
|
git clone https://github.com/QubesOS/qubes-builder
|
||||||
|
mkdir qubes-builder/qubes-src
|
||||||
|
ln -s $GITHUB_WORKSPACE qubes-builder/qubes-src/builder-alpine
|
||||||
|
cp builder.conf qubes-builder/.
|
||||||
|
git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
|
||||||
|
patch -d qubes-builder/qubes-src/linux-template-builder -p1 -i $GITHUB_WORKSPACE/.forgejo/patches/linux-template-builder_use-fuse.patch
|
||||||
|
echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
|
||||||
|
echo "4.2.0" > qubes-builder/qubes-src/linux-template-builder/version
|
||||||
|
sed "s|DISTS_VM :.*|DISTS_VM := $DIST|" -i ./qubes-builder/builder.conf
|
||||||
|
cd qubes-builder
|
||||||
|
make linux-template-builder
|
||||||
|
cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/.
|
||||||
|
- name: Package upload
|
||||||
|
uses: forgejo/upload-artifact@v3
|
||||||
|
with:
|
||||||
|
name: package
|
||||||
|
path: qubes-template-*.rpm
|
41
.forgejo/workflows/test-build-320.yaml
Normal file
41
.forgejo/workflows/test-build-320.yaml
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
types: [ assigned, opened, synchronize, reopened ]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build-test-320:
|
||||||
|
runs-on: x86_64
|
||||||
|
container:
|
||||||
|
image: alpine:3.20
|
||||||
|
env:
|
||||||
|
QUBES_REL: r4.2
|
||||||
|
DIST: alpine320
|
||||||
|
steps:
|
||||||
|
- name: Environment setup
|
||||||
|
run: |
|
||||||
|
apk add rpm wget coreutils eudev e2fsprogs xen doas sudo curl nodejs git alpine-sdk fuse2fs patch findutils grep
|
||||||
|
cd /etc/apk/keys
|
||||||
|
curl -JO https://ayakael.net/api/packages/forge/alpine/key
|
||||||
|
- name: Repo pull
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 500
|
||||||
|
- name: RPM build
|
||||||
|
run: |
|
||||||
|
git clone https://github.com/QubesOS/qubes-builder
|
||||||
|
mkdir qubes-builder/qubes-src
|
||||||
|
ln -s $GITHUB_WORKSPACE qubes-builder/qubes-src/builder-alpine
|
||||||
|
cp builder.conf qubes-builder/.
|
||||||
|
git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
|
||||||
|
patch -d qubes-builder/qubes-src/linux-template-builder -p1 -i $GITHUB_WORKSPACE/.forgejo/patches/linux-template-builder_use-fuse.patch
|
||||||
|
echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
|
||||||
|
echo "4.2.0" > qubes-builder/qubes-src/linux-template-builder/version
|
||||||
|
sed "s|DISTS_VM :.*|DISTS_VM := $DIST|" -i ./qubes-builder/builder.conf
|
||||||
|
cd qubes-builder
|
||||||
|
make linux-template-builder
|
||||||
|
cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/.
|
||||||
|
- name: Package upload
|
||||||
|
uses: forgejo/upload-artifact@v3
|
||||||
|
with:
|
||||||
|
name: package
|
||||||
|
path: qubes-template-*.rpm
|
41
.forgejo/workflows/test-build-edge.yaml
Normal file
41
.forgejo/workflows/test-build-edge.yaml
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
types: [ assigned, opened, synchronize, reopened ]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build-test-edge:
|
||||||
|
runs-on: x86_64
|
||||||
|
container:
|
||||||
|
image: alpine:3.20
|
||||||
|
env:
|
||||||
|
QUBES_REL: r4.2
|
||||||
|
DIST: alpineedge
|
||||||
|
steps:
|
||||||
|
- name: Environment setup
|
||||||
|
run: |
|
||||||
|
apk add rpm wget coreutils eudev e2fsprogs xen doas sudo curl nodejs git alpine-sdk fuse2fs patch findutils grep
|
||||||
|
cd /etc/apk/keys
|
||||||
|
curl -JO https://ayakael.net/api/packages/forge/alpine/key
|
||||||
|
- name: Repo pull
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 500
|
||||||
|
- name: RPM build
|
||||||
|
run: |
|
||||||
|
git clone https://github.com/QubesOS/qubes-builder
|
||||||
|
mkdir qubes-builder/qubes-src
|
||||||
|
ln -s $GITHUB_WORKSPACE qubes-builder/qubes-src/builder-alpine
|
||||||
|
cp builder.conf qubes-builder/.
|
||||||
|
git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
|
||||||
|
patch -d qubes-builder/qubes-src/linux-template-builder -p1 -i $GITHUB_WORKSPACE/.forgejo/patches/linux-template-builder_use-fuse.patch
|
||||||
|
echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
|
||||||
|
echo "4.2.0" > qubes-builder/qubes-src/linux-template-builder/version
|
||||||
|
sed "s|DISTS_VM :.*|DISTS_VM := $DIST|" -i ./qubes-builder/builder.conf
|
||||||
|
cd qubes-builder
|
||||||
|
make linux-template-builder
|
||||||
|
cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/.
|
||||||
|
- name: Package upload
|
||||||
|
uses: forgejo/upload-artifact@v3
|
||||||
|
with:
|
||||||
|
name: package
|
||||||
|
path: qubes-template-*.rpm
|
107
.gitlab-ci.yml
107
.gitlab-ci.yml
|
@ -1,107 +0,0 @@
|
||||||
stages:
|
|
||||||
- build
|
|
||||||
- release
|
|
||||||
|
|
||||||
variables:
|
|
||||||
GIT_STRATEGY: clone
|
|
||||||
GIT_DEPTH: "500"
|
|
||||||
|
|
||||||
.verify:
|
|
||||||
stage: build
|
|
||||||
rules:
|
|
||||||
- if: $CI_MERGE_REQUEST_ID
|
|
||||||
interruptible: true
|
|
||||||
script:
|
|
||||||
- |
|
|
||||||
sudo apk add rpm wget losetup coreutils eudev e2fsprogs xen
|
|
||||||
doas addgroup $USER abuild
|
|
||||||
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
|
|
||||||
git clone https://github.com/QubesOS/qubes-builder
|
|
||||||
mkdir qubes-builder/qubes-src
|
|
||||||
ln -s $CI_PROJECT_DIR qubes-builder/qubes-src/builder-alpine
|
|
||||||
cp builder.conf qubes-builder/.
|
|
||||||
git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
|
|
||||||
echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
|
|
||||||
cd qubes-builder
|
|
||||||
make linux-template-builder
|
|
||||||
cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $CI_PROJECT_DIR/.
|
|
||||||
artifacts:
|
|
||||||
paths:
|
|
||||||
- qubes-template-*.rpm
|
|
||||||
expire_in: 7 days
|
|
||||||
when: always
|
|
||||||
tags:
|
|
||||||
- qubes-template
|
|
||||||
|
|
||||||
verify-alpine320:
|
|
||||||
extends: .verify
|
|
||||||
variables:
|
|
||||||
CI_ALPINE_TARGET_RELEASE: alpine320
|
|
||||||
|
|
||||||
.build:
|
|
||||||
stage: build
|
|
||||||
rules:
|
|
||||||
- if: $CI_COMMIT_TAG
|
|
||||||
interruptible: true
|
|
||||||
script:
|
|
||||||
- |
|
|
||||||
sudo apk add rpm wget losetup coreutils eudev e2fsprogs xen
|
|
||||||
doas addgroup $USER abuild
|
|
||||||
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
|
|
||||||
git clone https://github.com/QubesOS/qubes-builder
|
|
||||||
mkdir qubes-builder/qubes-src
|
|
||||||
ln -s $CI_PROJECT_DIR qubes-builder/qubes-src/builder-alpine
|
|
||||||
cp builder.conf qubes-builder/.
|
|
||||||
git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
|
|
||||||
echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
|
|
||||||
cd qubes-builder
|
|
||||||
make linux-template-builder
|
|
||||||
cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $CI_PROJECT_DIR/.
|
|
||||||
cd $CI_PROJECT_DIR
|
|
||||||
CI_ALPINE_RPM_NAME="$(find qubes-template*.rpm)"
|
|
||||||
echo "ALPINE_RPM_NAME=$CI_ALPINE_RPM_NAME" > job.env
|
|
||||||
echo "Generating sha512sum"
|
|
||||||
sha512sum $CI_ALPINE_RPM_NAME > $CI_ALPINE_RPM_NAME.sha512sum
|
|
||||||
after_script:
|
|
||||||
- echo "JOB_ID=$CI_JOB_ID" >> job.env
|
|
||||||
artifacts:
|
|
||||||
paths:
|
|
||||||
- qubes-template*.rpm
|
|
||||||
- qubes-template*.sha512sum
|
|
||||||
expire_in: never
|
|
||||||
when: always
|
|
||||||
reports:
|
|
||||||
dotenv: job.env
|
|
||||||
tags:
|
|
||||||
- qubes-template
|
|
||||||
|
|
||||||
build-alpine320:
|
|
||||||
extends: .build
|
|
||||||
variables:
|
|
||||||
CI_ALPINE_TARGET_RELEASE: alpine320
|
|
||||||
|
|
||||||
release:
|
|
||||||
stage: release
|
|
||||||
allow_failure: false
|
|
||||||
tags:
|
|
||||||
- qubes-template
|
|
||||||
rules:
|
|
||||||
- if: $CI_COMMIT_TAG
|
|
||||||
when: on_success
|
|
||||||
script:
|
|
||||||
- echo "Create Release $GI_COMMIT_TAG"
|
|
||||||
- echo $JOB_ID
|
|
||||||
- echo $ALPINE_RPM_NAME
|
|
||||||
release:
|
|
||||||
name: 'Release $CI_COMMIT_TAG'
|
|
||||||
description: 'Release $CI_COMMIT_TAG'
|
|
||||||
tag_name: '$CI_COMMIT_TAG'
|
|
||||||
ref: '$CI_COMMIT_SHA'
|
|
||||||
assets:
|
|
||||||
links:
|
|
||||||
- name: "$ALPINE_RPM_NAME"
|
|
||||||
filepath: "/template/qubes-template-$CI_COMMIT_TAG.rpm"
|
|
||||||
url: "https://lab.ilot.io/ayakael/qubes-builder-alpine/-/jobs/$JOB_ID/artifacts/raw/$ALPINE_RPM_NAME"
|
|
||||||
- name: "$ALPINE_RPM_NAME.sha512sum"
|
|
||||||
filepath: "/template/qubes-template-$CI_COMMIT_TAG.rpm.sha512sum"
|
|
||||||
url: "https://lab.ilot.io/ayakael/qubes-builder-alpine/-/jobs/$JOB_ID/artifacts/raw/$ALPINE_RPM_NAME.sha512sum"
|
|
157
README.md
157
README.md
|
@ -1,5 +1,5 @@
|
||||||
# qubes-builder-alpine
|
# qubes-builder-alpine
|
||||||
Upstream: https://lab.ilot.io/ayakael/qubes-builder-alpine
|
Upstream: https://ayakael.net/forge/qubes-builder-alpine
|
||||||
|
|
||||||
## Description
|
## Description
|
||||||
|
|
||||||
|
@ -13,22 +13,159 @@ encouraged to make bug reports.
|
||||||
|
|
||||||
#### The yet-to-be-implemented list
|
#### The yet-to-be-implemented list
|
||||||
Thus the following use cases are still not supported / tested:
|
Thus the following use cases are still not supported / tested:
|
||||||
* QubesOS r4.2
|
* sys-net service VM
|
||||||
* Service VMs (sys-net, sys-usb, sys-firewall)
|
* sys-firewall service VM
|
||||||
* Firewall (not tested)
|
|
||||||
* `qubes-builder` hooks (thus no `dom0` template RPM yet, see [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine) for progress)
|
|
||||||
* `apk` proxying from within template (thus you must allow internet access to template to install packages)
|
|
||||||
* `qubes-vm-kernel-support` Not adapted for use on Alpine yet, due to it providing a Dracut module. In most cases, it is not necessary as Qubes provides the kernel.
|
* `qubes-vm-kernel-support` Not adapted for use on Alpine yet, due to it providing a Dracut module. In most cases, it is not necessary as Qubes provides the kernel.
|
||||||
This package is only neccessary when VM uses its own kernel, thus a hook is added to Dracut to generate the initrd for use within qubes.
|
This package is only neccessary when VM uses its own kernel, thus a hook is added to Dracut to generate the initrd for use within qubes.
|
||||||
|
|
||||||
#### Issues, recommendations and proposals
|
## How to install
|
||||||
|
|
||||||
|
First, we need to transfer to dom0 the template key.
|
||||||
|
|
||||||
|
**Within VM, download template key:**
|
||||||
|
|
||||||
|
```
|
||||||
|
curl -JO https://ayakael.net/api/packages/forge/rpm/repository.key
|
||||||
|
```
|
||||||
|
|
||||||
|
**On dom0, transfer and copy key to key store:**
|
||||||
|
|
||||||
|
```
|
||||||
|
qvm-run -p <curl-vm> 'cat </path/to/downloaded/key ' > repository.key
|
||||||
|
sudo mv repository.key /etc/qubes/repo-templates/keys/RPM-GPG-KEY-ayakael-forge
|
||||||
|
```
|
||||||
|
|
||||||
|
For installation, you have two options.
|
||||||
|
|
||||||
|
### Using qvm-template
|
||||||
|
|
||||||
|
**1) Create repository definition**
|
||||||
|
|
||||||
|
On dom0, create and edit `/etc/qubes/repo-templates/ayakael-templates.repo` to match the following
|
||||||
|
|
||||||
|
```
|
||||||
|
[ayakael-templates]
|
||||||
|
name=Ayakael templates
|
||||||
|
baseurl=https://ayakael.net/api/packages/forge/rpm/qubes/r$releasever
|
||||||
|
enabled=1
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey = file:////etc/qubes/repo-templates/keys/RPM-GPG-KEY-ayakael-forge
|
||||||
|
```
|
||||||
|
|
||||||
|
**2) Install template**
|
||||||
|
|
||||||
|
```
|
||||||
|
qvm-template install alpine320
|
||||||
|
```
|
||||||
|
|
||||||
|
### Manually
|
||||||
|
|
||||||
|
**1) Download and transfer template RPM**
|
||||||
|
|
||||||
|
|
||||||
|
On VM, download desired template RPM available in `Packages` section
|
||||||
|
```
|
||||||
|
curl -JO https:<url/rpm>
|
||||||
|
```
|
||||||
|
|
||||||
|
On dom0, transfer RPM
|
||||||
|
|
||||||
|
```
|
||||||
|
qvm-run -p <curl-vm> 'cat </path/to/downloaded/rpm ' > qubes-template-alpine.rpm
|
||||||
|
```
|
||||||
|
|
||||||
|
**2) Install template**
|
||||||
|
|
||||||
|
```
|
||||||
|
qvm-template --keyring /etc/qubes/repo-templates/keys/RPM-GPG-KEY-forge-ayakael install $(pwd)/qubes-template-alpine.rpm
|
||||||
|
```
|
||||||
|
|
||||||
|
## How to build
|
||||||
|
|
||||||
|
Since this template builder uses pre-built Alpine Linux packages for QubesOS template support, it by defaults does not build everything locally. If you want to build them locally, you can follow these steps. If not, you can skip to the next section.
|
||||||
|
|
||||||
|
### Build packages
|
||||||
|
|
||||||
|
**1) Set-up build environment on Alpine Linux**
|
||||||
|
```
|
||||||
|
apk add alpine-sdk lua-aports
|
||||||
|
addgroup <yourusername> abuild
|
||||||
|
mkdir -p /var/cache/distfiles
|
||||||
|
chmod a+w /var/cache/distfiles
|
||||||
|
abuild-keygen -a -i
|
||||||
|
cp /home/user/.abuild/*.pub /etc/apk/keys
|
||||||
|
```
|
||||||
|
(see [Creating an Alpine package](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package) on Alpine Linux Wiki for more details)
|
||||||
|
|
||||||
|
**2) Create work directory and clone `qports` with appropriate branch**
|
||||||
|
|
||||||
|
```
|
||||||
|
mkdir work
|
||||||
|
cd work
|
||||||
|
git clone https://ayakael.net/forge/qports -b <desired Qubes Rel, i.e r4.2>
|
||||||
|
```
|
||||||
|
|
||||||
|
**3) Build all packages using `buildrepo`**
|
||||||
|
|
||||||
|
`buildrepo -a <path/to/qports> -d <path/to/work/dir>/packages qports`
|
||||||
|
|
||||||
|
**4) Make these packages available on an HTTP server and export the following variables that will be picked up by template build**
|
||||||
|
|
||||||
|
```
|
||||||
|
export QUBESALPINE_MIRROR=<https://url-to-custom-repo>
|
||||||
|
export QUBESALPINE_KEYFILE=<https://url-to-custom-repo-key>
|
||||||
|
```
|
||||||
|
|
||||||
|
### Build template
|
||||||
|
|
||||||
|
**1) Create work directory and clone `qubes-builder-alpine` with appropriate branch**
|
||||||
|
|
||||||
|
```
|
||||||
|
mkdir work
|
||||||
|
cd work
|
||||||
|
git clone https://ayakael.net/forge/qubes-builder-alpine -b <desired Qubes Rel, i.e r4.2>
|
||||||
|
```
|
||||||
|
|
||||||
|
**2) Set-up build environment for QubesOS template build**
|
||||||
|
|
||||||
|
```
|
||||||
|
git clone https://github.com/QubesOS/qubes-builder
|
||||||
|
mkdir qubes-builder/qubes-src
|
||||||
|
ln -s $(pwd) qubes-builder/qubes-src/builder-alpine
|
||||||
|
cp builder.conf qubes-builder/.
|
||||||
|
git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
|
||||||
|
```
|
||||||
|
|
||||||
|
**3) Setup build information**
|
||||||
|
|
||||||
|
```
|
||||||
|
echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
|
||||||
|
echo "4.2.0" > qubes-builder/qubes-src/linux-template-builder/version
|
||||||
|
```
|
||||||
|
If you want to build a different Alpine version than default, you can modify `qubes-builder/builder.conf` on line `DIST_VM` to alpine<desired-version-without-dot> (i.e alpine320).
|
||||||
|
|
||||||
|
**4) Build template**
|
||||||
|
|
||||||
|
```
|
||||||
|
cd qubes-builder
|
||||||
|
make linux-template-builder
|
||||||
|
```
|
||||||
|
|
||||||
|
**5) Install produced RPM on dom0**
|
||||||
|
|
||||||
|
```
|
||||||
|
qvm-run --pass-io <build-vm> 'cat <path/to/work/dir>/qubes-builder/qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm' > qubes-template-alpine.rpm
|
||||||
|
qvm-template install --nogpgcheck $(pwd)/qubes-template-alpine.rpm
|
||||||
|
```
|
||||||
|
|
||||||
|
## Issues, recommendations and proposals
|
||||||
**To report an issue or share a recommendation**
|
**To report an issue or share a recommendation**
|
||||||
|
|
||||||
Go [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine/-/issues)
|
This repo is also mirrored on Codeberg. This facilitates receiving pull requests, and managing issues. You can open an issue [here](https://codeberg.org/ayakael/qubes-builder-alpine/issues)
|
||||||
|
|
||||||
**To make a merge request**
|
**To make a merge request**
|
||||||
* Fork the repo from Alpine's GitLab [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine)
|
* Fork the repo from Codeberg's mirror [here](https://codeberg.org/ayakael/qubes-builder-alpine)
|
||||||
* Clone your fork locally. (`git clone $repo`)
|
* Clone your fork locally. (`git clone $repo`)
|
||||||
* Make a branch with a descriptive name (`git checkout -b $descriptivename`)
|
* Make a branch with a descriptive name (`git checkout -b $descriptivename`)
|
||||||
* Make the changes you want to see in the world, commit, and push to the GitLab's remote repo
|
* Make the changes you want to see in the world, commit, and push to the GitLab's remote repo
|
||||||
* Request a merge [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine/-/merge_requests)
|
* Request a merge [here](https://codeberg.org/ayakael/qubes-builder-alpine/pulls)
|
||||||
|
|
|
@ -17,8 +17,8 @@ fi
|
||||||
|
|
||||||
APKTOOLS_CACHE_DIR="${CACHEDIR}/apk_cache"
|
APKTOOLS_CACHE_DIR="${CACHEDIR}/apk_cache"
|
||||||
ALPINELINUX_VERSION=${DIST_VER:-latest-stable}
|
ALPINELINUX_VERSION=${DIST_VER:-latest-stable}
|
||||||
QUBESALPINE_MIRROR="${QUBESALPINE_MIRROR:-https://lab.ilot.io/ayakael/repo-apk/-/raw}"
|
QUBESALPINE_MIRROR="${QUBESALPINE_MIRROR:-https://ayakael.net/api/packages/forge/alpine}"
|
||||||
QUBESALPINE_KEYFILE="${QUBESALPINE_KEYFILE:-antoine.martin@protonmail.com-5b3109ad.rsa.pub}"
|
QUBESALPINE_KEYFILE="${QUBESALPINE_KEYFILE:-https://ayakael.net/api/packages/forge/alpine/key}"
|
||||||
QUBES_REL="${QUBES_REL:-r4.2}"
|
QUBES_REL="${QUBES_REL:-r4.2}"
|
||||||
export APK_CACHE_DIR
|
export APK_CACHE_DIR
|
||||||
|
|
||||||
|
@ -28,8 +28,10 @@ if [ "$VERBOSE" -ge 2 ] || [ "$DEBUG" -gt 0 ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo " --> Adding Qubes custom repository..."
|
echo " --> Adding Qubes custom repository..."
|
||||||
su -c "echo '$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/qubes/$QUBES_REL' >> $INSTALLDIR/etc/apk/repositories"
|
su -c "echo '$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/qubes-$QUBES_REL' >> $INSTALLDIR/etc/apk/repositories"
|
||||||
wget "$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/$QUBESALPINE_KEYFILE" -P "$INSTALLDIR"/etc/apk/keys
|
pushd "$INSTALLDIR"/etc/apk/keys
|
||||||
|
curl -JO "$QUBESALPINE_KEYFILE"
|
||||||
|
popd
|
||||||
|
|
||||||
echo " --> Synchronize resolv.conf..."
|
echo " --> Synchronize resolv.conf..."
|
||||||
cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf"
|
cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf"
|
||||||
|
|
|
@ -31,7 +31,7 @@ chroot_setup() {
|
||||||
chroot_add_mount sys "$1/sys" -t sysfs -o nosuid,noexec,nodev,ro &&
|
chroot_add_mount sys "$1/sys" -t sysfs -o nosuid,noexec,nodev,ro &&
|
||||||
# alpine-chroot will never have occasion to use efivars, so don't bother
|
# alpine-chroot will never have occasion to use efivars, so don't bother
|
||||||
# mounting efivarfs here
|
# mounting efivarfs here
|
||||||
chroot_add_mount udev "$1/dev" -t devtmpfs -o mode=0755,nosuid &&
|
chroot_add_mount /dev "$1/dev" -o bind &&
|
||||||
chroot_add_mount devpts "$1/dev/pts" -t devpts -o mode=0620,gid=5,nosuid,noexec &&
|
chroot_add_mount devpts "$1/dev/pts" -t devpts -o mode=0620,gid=5,nosuid,noexec &&
|
||||||
chroot_add_mount shm "$1/dev/shm" -t tmpfs -o mode=1777,nosuid,nodev &&
|
chroot_add_mount shm "$1/dev/shm" -t tmpfs -o mode=1777,nosuid,nodev &&
|
||||||
chroot_add_mount run "$1/run" -t tmpfs -o nosuid,nodev,mode=0755 &&
|
chroot_add_mount run "$1/run" -t tmpfs -o nosuid,nodev,mode=0755 &&
|
||||||
|
|
Loading…
Reference in a new issue