~dvn/gnunet-apkbuilds

3afb1fb14a2623c52a1817f319f788689ef9acd1 — Devan Carpenter 1 year, 8 months ago
Initial commit: start of GNUnet APKBUILD
A  => build.yml +29 -0
@@ 1,29 @@
image: alpine/3.10
repositories:
  sr.ht: >
    https://mirror.sr.ht/alpine/v3.10/sr.ht/
    https://mirror.sr.ht/alpine/alpine%40sr.ht.rsa.pub
    alpine@sr.ht.rsa.pub
packages:
  - openssl
  - rsync
environment:
  remote: deploy@mirror.sr.ht
  remote_path: /var/www/mirror.sr.ht/alpine
  packages: []
sources:
  - https://git.sr.ht/~sircmpwn/sr.ht-apkbuilds
secrets:
  - fa00a8d3-7b63-42d5-8060-3bb31c3e3018 # ssh deploy key
  - d0adc1d4-af78-4852-920f-1134392f5d10 # package signing key
tasks:
  - setup: |
      cd sr.ht-apkbuilds
      ./pkgkit add-repo -s sr.ht ~/.abuild/alpine@sr.ht.rsa
  - build: |
      cd sr.ht-apkbuilds
      ./pkgkit build -Rcu "${packages[@]}"
  - deploy: |
      cd sr.ht-apkbuilds
      echo "StrictHostKeyChecking=no" >> ~/.ssh/config
      ./pkgkit upload "$remote" "$remote_path" "${packages[@]}"

A  => gnunet/APKBUILD +61 -0
@@ 1,61 @@
# Contributor: xrs <xrs@mail36.net>
# Maintainer: xrs <xrs@mail36.net>
pkgname="gnunet"
pkgver="0.11.6"
pkgrel=0
pkgdesc="A framework for secure and privacy enhancing peer-to-peer networking"
url="https://gnunet.org"
arch="all"
license="AGPL-3.0"
depends="libgpg-error libgcrypt nettle unbound-libs gnutls gnutls-utils gnurl libmicrohttpd openssl libunistring libidn2 nss sqlite zlib miniupnpc gmp gettext bash which iptables coreutils"
depends_dev="libgpg-error-dev libgcrypt-dev nettle-dev unbound-dev gnutls-dev libmicrohttpd-dev openssl-dev libunistring-dev libidn2-dev nss-dev sqlite-dev zlib-dev miniupnpc-dev gmp-dev gettext libintl"
makedepends="$depends_dev autoconf automake libtool gettext-dev python3 texlive texinfo"
install="$pkgname.pre-install $pkgname.post-install $pkgname.pre-deinstall $pkgname.post-deinstall"
subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
builddir="$srcdir/$pkgname-$pkgver"
options="!check"
source="
        https://mirrors.ocf.berkeley.edu/gnu/gnunet/$pkgname-$pkgver.tar.gz
        gnunet.system.conf
        gnunet.user.conf
	gnunet.initd
        gnunet.xsession
	"

prepare() {
	cd "$builddir"
        default_prepare
        #autoreconf -if # FIXME: do we really need this?
}

build() {
	cd "$builddir"
	./configure --prefix=/usr
	make
}

check() {
	make DESTDIR="$pkgdir" check
        exit 0
}

package() {
	make DESTDIR="$pkgdir" install

        install -m644 -D "$srcdir"/$pkgname.user.conf "$pkgdir"/etc/skel/.config/$pkgname.conf
        install -m644 -D "$srcdir"/$pkgname.system.conf "$pkgdir"/etc/$pkgname.conf
        install -m755 -D "$srcdir"/$pkgname.xsession "$pkgdir"/etc/X11/xinit/xinitrc.d/80-$pkgname-user-services
	install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname

        # Create per user configs
        users=`awk -F ':' '$3>=1000 && $3<2000 {print $1}' /etc/passwd`
        for user in $users; do
                install -m644 -D "$srcdir"/$pkgname.user.conf "$pkgdir"/home/$user/.config/$pkgname.conf
        done
}

sha512sums="1c6ea2ac7280d2edb30df627b79e017d199e93cd3970ce49f3f049abfb1dddfed541118e55766c422edf4a80e140c4eb2cfc681e0d4a1384e39811d024df9278  gnunet-0.11.6.tar.gz
a0f55413ed2c6edd6746a751d92ddac95ba70f20eefb07330817870d749456448f44bba95d245911a00f6078e0c2ac626004e3b764be5e5e049c00626c4c5ac0  gnunet.system.conf
b21112ff16aee771332aa9c33f55b0c7f46fe0266053543241e3efbe25dba56482c0e11112a192eefe59f1c74d2af5d7071b6a4e1e875cfc7e9d55b5fe8a0a33  gnunet.user.conf
8254d596897731858489fda355345e2d254f560d730d5b3a5557b13b9c575df61b74b7c245065e56a83fc7a27ea1bd0e9bee4508c11dd691edee562030d65490  gnunet.initd
c2ddb5447d62b74f92d8ddcc830ea80d163c11e6336865955a96830615c8ba5303474b6ae8ada398a217e994f2ebcfde3d3abbecfe13eb346b5d402d2101ab02  gnunet.xsession"

A  => gnunet/gnunet.initd +15 -0
@@ 1,15 @@
#!/sbin/openrc-run
# Contributor: xrs <xrs@mail36.net>
# Maintainer: xrs <xrs@mail36.net>

name="gnunet"
description="A secure and privacy enhancing peer-to-peer overlay network"
command="/usr/lib/gnunet/libexec/gnunet-service-arm"
command_args="-c /etc/$name.conf"
command_user="gnunet:gnunet"
command_background="yes"
pidfile="/run/${SVCNAME}.pid"

depend() {
	need net
}

A  => gnunet/gnunet.post-deinstall +6 -0
@@ 1,6 @@
#!/bin/sh

deluser --remove-home gnunet # implicitly removes group gnunet
delgroup gnunetdns

exit 0

A  => gnunet/gnunet.post-install +17 -0
@@ 1,17 @@
#!/bin/sh

echo "Do you wish to configure your browser to use the GNUnet Name System? [y,N]"
read -r yn
case $yn in
y|Y )
        echo "Here code for changing firefox/chrome config"
        # TODO: configure SOCKS proxy
        ;;
* )
        ;;
esac

rc-update add gnunet
rc-service gnunet start

exit 0

A  => gnunet/gnunet.pre-deinstall +6 -0
@@ 1,6 @@
#!/bin/sh

rc-service gnunet stop
rc-update del gnunet

exit 0

A  => gnunet/gnunet.pre-install +19 -0
@@ 1,19 @@
#!/bin/sh

# Add special group gnunetdns for controlling access to "gnunet-helper-dns".
# See: https://docs.gnunet.org/handbook/gnunet.html#Recommendation-_002d-Limit-access-to-critical-gnunet_002dhelper_002ddns-to-group-_0022gnunetdns_0022
addgroup -S gnunetdns
addgroup -S gnunet

# Add system user/group gnunet for system services
adduser -S -h "/var/lib/gnunet" -s /bin/sh -G gnunet -g gnunet gnunet

# add users on host system to group "gnunet"
while IFS=: read -r user pass id gid desc home shell; do
	# FIXME: improve condition for finding "normal" users
	if [[ "$desc" = "Linux User,,," ]]; then
		adduser $user gnunet
	fi
done < /etc/passwd

exit 0

A  => gnunet/gnunet.system.conf +3 -0
@@ 1,3 @@
[arm]
START_SYSTEM_SERVICES = YES
START_USER_SERVICES = NO

A  => gnunet/gnunet.user.conf +3 -0
@@ 1,3 @@
[arm]
START_SYSTEM_SERVICES = NO
START_USER_SERVICES = YES

A  => gnunet/gnunet.xsession +8 -0
@@ 1,8 @@
#!/bin/sh

# Create GNS certificate authority (CA)
gnunet-gns-proxy-setup-ca &
# Start GNUnet user services
gnunet-arm -c ~/.config/gnunet.conf -s
# Start SOCKS proxy for GNS
gnunet-gns-proxy &

A  => pkgkit +311 -0
@@ 1,311 @@
#!/bin/sh -eu
usage() {
	printf "%s\n\n" "Usage: $0 [command...] [flags...] [args...]"
	printf "%s\n" "$0 add-repo [-s] <name> <key>"
	printf "\t%s\n" "Trusts <key> and adds the local repo to /etc/apk/repositories"
	printf "\t%s\n\n" "-s: set this key as default in abuild.conf"
	printf "%s\n" "$0 build [-cu] [-v <pkgver>] <packages...>"
	printf "\t%s\n" "Builds packages"
	printf "\t%s\n" "-c: update checksums"
	printf "\t%s\n" "-u: update pkgrel"
	printf "\t%s\n\n" "-v <pkgver>: update pkgver"
	printf "%s\n" "$0 pkgver"
	printf "\t%s\n\n" "Prints the suggested package ver for this directory"
	printf "%s\n" "$0 upload <ssh server> <remote path> <packages...>"
	printf "\t%s\n" "Uploads packages via rsync and updates remote APKINDEX"
}

get_pkgvar() (
	var="$1"
	set +u
	. APKBUILD
	eval 'printf "%s\n" "$'"$var"'"'
)

find_repos() (
	find . -maxdepth 1 -type d -not -name . -not -name .git
)

find_pkg_repo() (
	pkg=$1
	for repo in $(find_repos)
	do
		if [ -d "$repo"/"$pkg" ]
		then
			echo "$repo"
			return 0
		fi
	done
	return 1
)

update_pkgrel() (
	pkg="$1"
	pkgver="$(get_pkgvar pkgver)"
	prev_ver=$(apk search -x "$pkg" | cut -c$((${#pkg}+2))-)
	prev_pkgver=$(printf "%s" "$prev_ver" | cut -d'-' -f1)
	prev_pkgrel=$(printf "%s" "$prev_ver" | cut -d'-' -f2 | cut -d'r' -f2-)
	if [ "$prev_pkgver" == "$pkgver" ]
	then
		pkgrel=$((prev_pkgrel + 1))
		sed -e "s/pkgrel=.*/pkgrel=$pkgrel/" -i APKBUILD
	fi
)

update_pkgver() {
	pkgver="$1"
	prev_pkgver=$(apk search -x ${project} | cut -d '-' -f2)
	sed -e "s/pkgver=.*/pkgver=$pkgver/" -i APKBUILD
	if [ "$prev_pkgver" != "$pkgver" ]
	then
		sed -e "s/pkgrel=.*/pkgrel=0/" -i APKBUILD
	fi
}

add_repo() {
	set_default=0
	while getopts s flag
	do
		case $flag in
			s) set_default=1 ;;
			*) usage && exit 1 ;;
		esac
	done
	shift $((OPTIND-1))
	echo "$@"
	if [ $# -ne 2 ]
	then
		usage
		exit 1
	fi
	repo="$1"
	key="$2"
	mkdir -p ~/packages/$repo
	echo ~/packages/$repo | cat - /etc/apk/repositories > /tmp/repositories
	sudo mv /tmp/repositories /etc/apk/repositories
	sudo openssl rsa -in $key -pubout \
		-out /etc/apk/keys/$(basename "$key").pub
	if [ $set_default -eq 1 ]
	then
		echo "PACKAGER_PRIVKEY="'"'$key'"' >> \
			~/.abuild/abuild.conf
	fi
}

build() (
	builddeps=0
	checksum=0
	updpkgrel=0
	pkgver=""
	# Disable progress on abuild-apk
	cat <<-"EOF" | sudo tee /usr/local/bin/abuild-apk
	#!/bin/sh
	exec /usr/bin/abuild-apk --no-progress $@
	EOF
	sudo chmod +x /usr/local/bin/abuild-apk
	export PATH=/usr/local/bin:$PATH
	while getopts Rcuv: flag
	do
		case $flag in
			R) builddeps=1 ;;
			c) checksum=1 ;;
			u) updpkgrel=1 ;;
			v) pkgver="$OPTARG" ;;
			*) usage && exit 1 ;;
		esac
	done
	shift $((OPTIND-1))
	if [ $# -eq 0 ]
	then
		echo "No packages specified."
		exit 1
	fi
	for pkg in $@
	do
		repo="$(find_pkg_repo "$pkg")"
		(
			cd "$repo"/"$pkg"
			if [ -n "$pkgver" ]
			then
				update_pkgver "$pkgver"
			fi
			if [ $updpkgrel -eq 1 ]
			then
				update_pkgrel "$pkg"
			fi
			if [ $checksum -eq 1 ]
			then
				abuild checksum
			fi
			if [ $builddeps -eq 1 ]
			then
				abuild -R
			else
				abuild -r
			fi
		)
	done
)

print_pkgver() {
	if [ $# -ne 0 ]
	then
		usage
		exit 1
	fi
	if [ -d .git ]
	then
		pkgver=$(git describe --abbrev=0)
		if ! git describe --exact-match HEAD >/dev/null 2>&1
		then
			cdate=$(git show -s -1 --format='%ci' HEAD)
			cdate=$(echo "$cdate" | cut -d' ' -f1 | sed -e 's/-//g')
			pkgver="${pkgver}_git${cdate}"
		fi
	elif [ -d .hg ]
	then
		pkgver=$(hg id -T '{latesttag}')
		if [ "$(hg id -T '{latesttagdistance}')" -ne 0 ]
		then
			pkgver="$(hg id -T '{latesttag}_hg{sub("-", "", date|shortdate)}')"
		fi
	else
		pkgver=unknown_0000
	fi
	echo "$pkgver"
}

mirror_ver() (
	mirror="$1"
	pkg="$2"
	apk policy "$pkg" | while read -r line
	do
		case "$line" in
			*:)
				ver="${line%:}"
				ver="${ver## }"
				;;
			*$mirror*)
				echo "$ver"
				;;
		esac
	done
)

upload_pkg() (
	repo="$1"
	pkg="$2"
	arch="$(uname -m)"
	. /etc/os-release
	aver="v$(printf "%s" "$VERSION_ID" | cut -d. -f1-2)"

	set -x
	path="$remote_path/$aver/$repo/$arch"
	ssh "$remote" mkdir -p "$path"

	url=$(echo "$remote" | cut -d@ -f2)
	prev_ver=$(mirror_ver "$url" "$pkg")

	for ver in $prev_ver
	do
		if [ "$prev_ver" != "none" ]
		then
			ssh "$remote" rm -f "$path/$pkg-$ver.apk"
		fi
	done
	pkgver="$(get_pkgvar pkgver)"
	pkgrel="$(get_pkgvar pkgrel)"

	rsync --blocking-io -rsP \
		~/packages/"$repo/$arch/$pkg-$pkgver-r$pkgrel.apk" "$remote":"$path/"
	set +x
)

update_index() (
	repo="$1"
	arch="$(uname -m)"

	. /etc/os-release
	aver="v$(printf "%s" "$VERSION_ID" | cut -d. -f1-2)"

	path="$remote_path/$aver/$repo/$arch"

	set -x
	ssh "$remote" \
		find "$path" -type f -name '*.apk' -print0 |
		ssh "$remote" xargs -0 apk index \
			--rewrite-arch "$(uname -m)" \
			-x "$path"/APKINDEX.tar.gz \
			-o "$path"/APKINDEX.unsigned.tar.gz
	rsync --blocking-io -rP \
		"$remote:$path/APKINDEX.unsigned.tar.gz" \
		/tmp/APKINDEX.tar.gz
	abuild-sign /tmp/APKINDEX.tar.gz
	rsync --blocking-io -rP /tmp/APKINDEX.tar.gz "$remote:$path/"
	set +x
)

upload() (
	if [ $# -lt 2 ]
	then
		usage
		exit 1
	fi
	remote="$1"
	remote_path="$2"
	shift 2
	if [ $# -eq 0 ]
	then
		echo "No packages specified"
		exit 1
	fi
	repos=""
	for pkg in $@
	do
		repo=$(find_pkg_repo "$pkg")
		if ! echo "$repos" | grep "$repo" >/dev/null
		then
			repos="$repo $repos"
		fi
		(
			cd "$repo"/"$pkg"
			arch="$(get_pkgvar arch)"
			subpkgs="$pkg:_:$arch $(get_pkgvar subpackages)"
			for subpkg in $subpkgs
			do
				name="$(echo "$subpkg" | cut -d':' -f1)"
				upload_pkg "$repo" "$name"
			done
		)
	done
	for repo in $repos
	do
		update_index $repo
	done
)

if [ $# -lt 1 ]
then
	usage
	exit 1
fi
cmd="$1"
shift

case "$cmd" in
	add-repo)
		add_repo "$@"
		;;
	build)
		build "$@"
		;;
	pkgver)
		print_pkgver "$@"
		;;
	upload)
		upload "$@"
		;;
	help|-h)
		usage
		;;
esac

A  => submit-builds +51 -0
@@ 1,51 @@
#!/bin/sh
upstream=https://builds.sr.ht

if [ -e ~/.config/sr.ht ]
then
	. ~/.config/sr.ht
fi

while getopts u:t:h flag
do
	case $flag in
		u)
			upstream="$OPTARG"
			;;
		t)
			oauth_token="$OPTARG"
			;;
		h)
			echo "Usage: $0 [-u https://upstream...] [-t oauth token] <packages...>"
			exit 0
			;;
	esac
done
shift $((OPTIND-1))

builds=""
note=""
for target in $*
do
	if [ "$builds" = "" ]
	then
		builds="'${target#sr.ht/}'"
		note="${target#sr.ht/}"
	else
		builds="$builds, '${target#sr.ht/}'"
		if [ "${#note}" -lt 128 ]
		then
			note="$note, ${target#sr.ht/}"
		fi
	fi
done
sed "s/packages: \\[\\]/packages: [$builds]/g" < build.yml | jq -sR '{
			"manifest": .,
			"tags": ["sr.ht-apkbuilds"],
			"note": "'"$note"'"
		}' | curl \
	-H Authorization:"token $oauth_token" \
	-H Content-Type:application/json \
	-X POST \
	-d @- $upstream/api/jobs
printf '\n'