~ajhalili2006/ppa

e67c5392227c9bff30a33748a8e731d5ba0e5934 — Andrei Jiroh Halili 1 year, 9 days ago 5cff969
chore(alpine): add pacakging recipes for alpine linux and some docs

Signed-off-by: Andrei Jiroh Halili <ajhalili2006@andreijiroh.eu.org>
A README.md => README.md +1 -0
@@ 0,0 1,1 @@
# ~ajhalili2006's packaging recipes (mostly for Alpine Linux)
\ No newline at end of file

A alpine/README.md => alpine/README.md +30 -0
@@ 0,0 1,30 @@
# Package recipes for Alpine

## Usage for end-users

### Adding the repo

Currently packages are being built against the unstable releases (aka `edge`), so proceed with caution.
I'll consider building for at least 2 latest stable releases in the future once I afford paying for
VPS in Google Cloud or Azure, or even have a decent homelab for that (as seperate computer and not
just a VM within my current dual-boot setup).

```shell
wget https://mau.dev/andreijiroh.dev/dotfiles/-/raw/main/.abuild/releases@andreijiroh.eu.org.rsa.pub -O /etc/apk/keys/releases@andreijiroh.eu.org.rsa.pub
echo "https://pkgs.andreijiroh.eu.org/alpine/edge/stable" | tee -a /etc/apk/repositories
```

Frankly if you're here for the unstable releases of Tailscale built from sources:

```bash
echo "@ajhalili2006 https://pkgs.andreijiroh.eu.org/alpine/edge/unstable" | tee -a /etc/apk/repositories
apk add tailscale@ajhalili2006
```

### Release Tracks

There are three tracks available in the PPA:

* `stable` - Stable releases of different software
* `unstable` - Unstable releases, particularly built from development branch OR from
* `testing` - similar to `edge/testing` in the main aports repo

A alpine/testing/hadolint/.gitkeep => alpine/testing/hadolint/.gitkeep +0 -0
A alpine/testing/hadolint/APKBUILD => alpine/testing/hadolint/APKBUILD +49 -0
@@ 0,0 1,49 @@
# Contributor: Andrei Jiroh Eugenio Halili <ajhalili2006@andreijiroh.eu.org>
# Maintainer: Andrei Jiroh Eugenio Halili <ajhalili2006@andreijiroh.eu.org>
pkgname=hadolint
pkgver=2.12.0
pkgrel=0
pkgdesc="Dockerfile linter, validate inline bash, written in Haskell"
url="https://github.com/hadolint/hadolint/"
arch="all"
license="GPL-3.0"
subpackages="$pkgname-dev $pkgname-doc"
source="https://github.com/hadolint/hadolint/archive/v$pkgver/hadolint-$pkgver.tar.gz"
builddir="$srcdir/hadolint-$pkgver"

_cabal_home="$srcdir/dist"

cabal_update() {
	msg "Freezing $pkgname dependencies"

	# Resolve deps and generate fresh cabal.config with version constraints.
	HOME="$_cabal_home" cabal update
	(
		cd "$builddir"
		HOME="$_cabal_home" cabal v1-freeze --shadow-installed-packages

		# Add version tag at the first line.
		sed -i "1i--$pkgver" "cabal.config"

		mv "cabal.config" "$startdir/"
	)

	if ! abuild checksum; then
		die "Failed to update checksum, run 'abuild checksum' manually"
	fi
}

prepare() {
	default_prepare
	./striptests

	if [ "$(head -n 1 "$srcdir/cabal.config")" != "--$pkgver" ]; then
		die "Requirements file is outdated, run 'abuild cabal_update'"
	fi

	ln -sf "$srcdir/cabal.config" "$builddir/cabal.config"
}

sha512sums="
668d9006c36f21a34405b3a5b499125aa283dc2fe37712950709b8e5059eac557b58d0733161b1520fc82db81132fbc199ae4bb519928c4b5ca79bf0ebec147b  hadolint-2.12.0.tar.gz
"

A alpine/unstable/tailscale/APKBUILD => alpine/unstable/tailscale/APKBUILD +92 -0
@@ 0,0 1,92 @@
# Contributor: Andrei Jiroh Eugenio Halili <ajhalili2006@andreijiroh.eu.org>
# Contributor: Robert Günzler <r@gnzler.io>
# Contributor: Xe <xe@tailscale.com>
# Maintainer: Andrei Jiroh Eugenio Halili <ajhalili2006@andreijiroh.eu.org>
# Maintainer: Robert Günzler <r@gnzler.io>
pkgname=tailscale
pkgver=1.55.0
pkgrel=0
pkgdesc="The easiest, most secure way to use WireGuard and 2FA"
url="https://tailscale.com/"
license="BSD-3-Clause"
arch="all !s390x" # upstream still doesn't have hardware to debug this
options="chmod-clean"
depends="iptables" # https://github.com/tailscale/tailscale/issues/391
makedepends="go linux-headers"
checkdepends="openssh iproute2-minimal"
subpackages="$pkgname-doc $pkgname-openrc"
source="$pkgname-$pkgver.tar.gz::https://github.com/tailscale/tailscale/archive/v$pkgver.tar.gz
	tailscale.confd
	tailscale.initd
	tailscale.logrotate
	tailscale.modules-load
	upstream-patch-10363.patch
	"
_giturl="https://github.com/tailscale/tailscale/archive"

export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
export GOTMPDIR="${GOTMPDIR:-"$srcdir"}"
export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}"

# secfixes:
#   1.32.3-r0:
#     - CVE-2022-41924 TS-2022-004
#   0:
#     - CVE-2022-41925 TS-2022-005

build() {
	msg2 "Building tailscale..."

	TAGS="netcgo osusergo static_build xversion"
	VERSIONFLAGS="
	-X tailscale.com/version.shortStamp=$pkgver
	-X tailscale.com/version.longStamp=$pkgver-AlpineLinux
	-X tailscale.com/version.gitCommitStamp=AlpineLinux
	"

	go build -tags "$TAGS" -ldflags "$VERSIONFLAGS" ./cmd/tailscale
	go build -tags "$TAGS" -ldflags "$VERSIONFLAGS" ./cmd/tailscaled
}

check() {
	# shellcheck disable=SC2046
	go test $(go list ./... | grep -Ev '(util/linuxfw|net/netcheck|wgengine/magicsock|tstest/archtest|tstest/integration|tstest/jsdeps|tstest/iosdeps|ssh/tailssh|containerboot|net/connstats)')
}

package() {
	install -m755 -D tailscale \
		"$pkgdir"/usr/bin/tailscale
	install -m755 -D tailscaled \
		"$pkgdir"/usr/sbin/tailscaled

	install -m644 -D -t "$pkgdir"/usr/share/doc/$pkgname README.md

	install -m755 -D "$srcdir"/tailscale.initd "$pkgdir"/etc/init.d/tailscale
	install -m644 -D "$srcdir"/tailscale.confd "$pkgdir"/etc/conf.d/tailscale
	install -m644 -D "$srcdir"/tailscale.logrotate "$pkgdir"/etc/logrotate.d/tailscale
	install -m644 -D "$srcdir"/tailscale.modules-load "$pkgdir"/usr/lib/modules-load.d/tailscale.conf
}

snapshot() {
	mkdir -p "$srcdir"
	cd "${SRCDEST:-$srcdir}"
	if ! [ -d $_pkgname.git ]; then
		git clone --bare  $_giturl || return 1
		cd $_pkgname.git
	else
		cd $_pkgname.git
		git fetch || return 1
	fi
	
	git archive --prefix=$pkgname/ -o "$SRCDEST"/$pkgname-$pkgver.tar.gz $
	rclone cp "$SRCDEST"/$pkgname-$pkgver.tar.gz dev.alpinelinux.org:/archive/$_pkgname/
}

sha512sums="
e429750c4942fb5fbb3790d29adf3d6a3952d9ea19b5c957826406ba7c97fd3827e217b410dc7d2a15b10530db9db2024ad0e179d8206448bcd1ab540df573cf  tailscale-1.54.0.tar.gz
24706f10a6f5f7091c0f73a13e0c2d72e969e92e6f7aa21abe504f8e2c16af4d1d80fd28c33acbe4866dd8174abd9dc201d97eb5271f6355f7589a56f470f52c  tailscale.confd
5cb35e0144d3bc2c20b1fde1ee402aab642b666c259bb324bf1c742a79fd8b3892cf2e7419e684764a50b6a29dc562ee674915bbf16a76eda543fd9c8988428c  tailscale.initd
c139461ff829359bfdc66866ef4cd6561f781e2bc3b40e5cfe9c9d06e3e749d179835ee8548d2b2e725f9a59644db64b1136393dff78ae29955c905e76c8ef46  tailscale.logrotate
871b650ff982be061532b4c5fe4812f41e6e2c58fc69b24f8a745f9a43389da44e742a69b0467b3c3d9e2b031af0728e20f10fa4584695c4f5ac87768a1fd34e  tailscale.modules-load
ef40855de0fa125054c0d11de66d0d3da80e13d6fff4704452f978cd4a25ee55aacc9a2ed08617b57c12dec242bf3fe7c7c4b8b178fb5f911c038f7744840d3f  upstream-patch-10363.patch
"

A alpine/unstable/tailscale/tailscale.confd => alpine/unstable/tailscale/tailscale.confd +5 -0
@@ 0,0 1,5 @@
# tailscaled options
#
# TAILSCALED_LOGFILE
# TAILSCALED_PORT
# TAILSCALED_OPTS

A alpine/unstable/tailscale/tailscale.initd => alpine/unstable/tailscale/tailscale.initd +27 -0
@@ 0,0 1,27 @@
#!/sbin/openrc-run

TAILSCALED_LOGFILE="${TAILSCALED_LOGFILE:-/var/log/${RC_SVCNAME}d.log}"
TAILSCALED_PORT="${TAILSCALED_PORT:-41641}"

supervisor=supervise-daemon

name="tailscaled"
command="/usr/sbin/tailscaled"
command_args="--state=/var/lib/tailscale/tailscaled.state --port ${TAILSCALED_PORT} ${TAILSCALED_OPTS} >>${TAILSCALED_LOGFILE} 2>&1"

output_log=${TAILSCALED_LOGFILE}
error_log=${TAILSCALED_LOGFILE}

pidfile="/run/tailscaled.pid"
respawn_delay=5
respawn_max=0

depend() {
	need net
	after firewall
	use logger
}

start_pre() {
	checkpath -f -m 0644 -o root:root "${TAILSCALED_LOGFILE}"
}

A alpine/unstable/tailscale/tailscale.logrotate => alpine/unstable/tailscale/tailscale.logrotate +6 -0
@@ 0,0 1,6 @@
/var/log/tailscaled.log {
        missingok
        notifempty
        sharedscripts
        endscript
}

A alpine/unstable/tailscale/tailscale.modules-load => alpine/unstable/tailscale/tailscale.modules-load +1 -0
@@ 0,0 1,1 @@
tun