diff --git a/.forgejo/bin/check_ver.sh b/.forgejo/bin/check_ver.sh index 05c2b54..66c7fd0 100755 --- a/.forgejo/bin/check_ver.sh +++ b/.forgejo/bin/check_ver.sh @@ -18,30 +18,8 @@ for pkg in $owned_by_you; do downstream_version=$(sed -n "/^P:$pkg$/,/^$/p" APKINDEX | awk -F ':' '{if($1=="V"){print $2}}' | sort -V | tail -n 1) downstream_version=${downstream_version/-*} - # special cases - case $pkg in - forgejo-aneksajo)upstream_version=${upstream_version/-git-annex/_git};; - authentik) - upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/projects/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_versions' | jq -r ".[] | match(\"${downstream_version%.*}.*\").string" | head -n 1) - latest_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_version' ) - # append version number to signal that this is not latest major version - if [ "${upstream_version%.*}" != "${latest_version%.*}" ]; then - echo "$pkg${latest_version%.*} major version available" - echo "$pkg${latest_version%.*} $downstream_version $latest_version $repo" >> out_of_date - pkg=$pkg${upstream_version%.*} - fi - ;; - mastodon) - upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/projects/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_versions' | jq -r ".[] | match(\"${downstream_version%.*}.*\").string" | head -n 1) - latest_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_version' ) - # append version number to signal that this is not latest major version - if [ "${upstream_version%.*}" != "${latest_version%.*}" ]; then - echo "$pkg${latest_version%.*} major version available" - echo "$pkg${latest_version%.*} $downstream_version $latest_version $repo" >> out_of_date - pkg=$pkg${upstream_version%.*} - fi - ;; - esac + # special case for forgejo-aneksajo: + upstream_version=${upstream_version/-git-annex/_git} if [ -z "$upstream_version" ]; then echo "$pkg not in anitya" diff --git a/.forgejo/bin/create_issue.sh b/.forgejo/bin/create_issue.sh index 995e519..6369371 100755 --- a/.forgejo/bin/create_issue.sh +++ b/.forgejo/bin/create_issue.sh @@ -15,10 +15,10 @@ does_it_exist() { repo=$4 query="$repo/$name: upgrade to $upstream_version" - query="%22$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )%22" + query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )" result="$(curl --silent -X 'GET' \ - "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ -H 'accept: application/json' \ -H "Authorization: token $ISSUE_TOKEN" )" @@ -35,10 +35,10 @@ is_it_old() { repo=$4 query="$repo/$name: upgrade to" - query="%22$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )%22" + query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )" result="$(curl --silent -X 'GET' \ - "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ -H 'accept: application/json' \ -H "authorization: token $ISSUE_TOKEN" )" @@ -126,10 +126,10 @@ fi if [ -f not_in_anitya ]; then query="Add missing $repo packages to anitya" - query="%22$(echo $query | sed 's| |%20|g')%22" + query="$(echo $query | sed 's| |%20|g')" result="$(curl --silent -X 'GET' \ - "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ -H 'accept: application/json' \ -H "authorization: token $ISSUE_TOKEN" )" diff --git a/.forgejo/workflows/build-aarch64.yaml b/.forgejo/workflows/build-aarch64.yaml index 2a4dfc0..0364014 100644 --- a/.forgejo/workflows/build-aarch64.yaml +++ b/.forgejo/workflows/build-aarch64.yaml @@ -19,7 +19,6 @@ jobs: steps: - name: Environment setup run: | - doas apk upgrade -a doas apk add nodejs git patch curl net-tools doas hostname host.docker.internal cd /etc/apk/keys @@ -48,7 +47,7 @@ jobs: GITHUB_EVENT_NUMBER: ${{ github.event.number }} steps: - name: Setting up environment - run: apk add nodejs-current curl findutils git gawk jq + run: apk add nodejs curl findutils git gawk jq - name: Repo pull uses: actions/checkout@v4 - name: Package download diff --git a/.forgejo/workflows/build-x86_64.yaml b/.forgejo/workflows/build-x86_64.yaml index aaffb72..c805199 100644 --- a/.forgejo/workflows/build-x86_64.yaml +++ b/.forgejo/workflows/build-x86_64.yaml @@ -19,7 +19,6 @@ jobs: steps: - name: Environment setup run: | - doas apk upgrade -a doas apk add nodejs git patch curl net-tools doas hostname host.docker.internal cd /etc/apk/keys @@ -48,7 +47,7 @@ jobs: GITHUB_EVENT_NUMBER: ${{ github.event.number }} steps: - name: Setting up environment - run: apk add nodejs-current curl findutils git gawk jq + run: apk add nodejs curl findutils git gawk jq - name: Repo pull uses: actions/checkout@v4 - name: Package download diff --git a/.forgejo/workflows/check-ilot.yml b/.forgejo/workflows/check-ilot.yml index b57e80d..4361dba 100644 --- a/.forgejo/workflows/check-ilot.yml +++ b/.forgejo/workflows/check-ilot.yml @@ -16,7 +16,7 @@ jobs: LABEL_NUMBER: 8 steps: - name: Environment setup - run: apk add grep coreutils gawk curl wget bash nodejs-current git jq sed + run: apk add grep coreutils gawk curl wget bash nodejs git jq sed - name: Get scripts uses: actions/checkout@v4 with: diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml index 743cefc..3614deb 100644 --- a/.forgejo/workflows/lint.yaml +++ b/.forgejo/workflows/lint.yaml @@ -14,9 +14,7 @@ jobs: CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }} CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }} steps: - - run: | - doas apk upgrade -a - doas apk add nodejs git + - run: doas apk add nodejs git - uses: actions/checkout@v4 with: fetch-depth: 500 diff --git a/ilot/authentik/APKBUILD b/ilot/authentik/APKBUILD index 79b5870..42b271d 100644 --- a/ilot/authentik/APKBUILD +++ b/ilot/authentik/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=authentik -pkgver=2025.2.4 +pkgver=2024.10.5 pkgrel=0 pkgdesc="An open-source Identity Provider focused on flexibility and versatility" url="https://github.com/goauthentik/authentik" @@ -53,14 +53,13 @@ depends=" py3-fido2 py3-flower py3-geoip2 - py3-geopy py3-google-api-python-client py3-gunicorn py3-httptools py3-jsonpatch py3-jwt py3-jwcrypto - py3-kadmin-rs + py3-kadmin py3-kubernetes py3-ldap3 py3-lxml @@ -284,13 +283,13 @@ pyc() { } sha512sums=" -75928b3ab9ae126f3cbe88ff1256de8adba7add099b0d93615abb8c91a2b7f275e83664a232e8c5393c5031bd9757af2f20fdb9d0153dacdf9a482b6b4bb8b00 authentik-2025.2.4.tar.gz +f6e04ac1d1ac3a46e6d0f89548c0c2748f2214c551157e65f9071721dfdccac53c98b1664ecd1bc70650b4fceec47c5a5ab805da34e82ccc86d6a64087441702 authentik-2024.10.5.tar.gz 4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1 authentik.openrc 6cb03b9b69df39bb4539fe05c966536314d766b2e9307a92d87070ba5f5b7e7ab70f1b5ee1ab3c0c50c23454f9c5a4caec29e63fdf411bbb7a124ad687569b89 authentik-worker.openrc 351e6920d987861f8bf0d7ab2f942db716a8dbdad1f690ac662a6ef29ac0fd46cf817cf557de08f1c024703503d36bc8b46f0d9eb1ecaeb399dce4c3bb527d17 authentik-ldap.openrc 89ee5f0ffdade1c153f3a56ff75b25a7104aa81d8c7a97802a8f4b0eab34850cee39f874dabe0f3c6da3f71d6a0f938f5e8904169e8cdd34d407c8984adee6b0 authentik-ldap.conf f1a3cb215b6210fa7d857a452a9f2bc4dc0520e49b9fa7027547cff093d740a7e2548f1bf1f8831f7d5ccb80c8e523ee0c8bafcc4dc42d2788725f2137d21bee authentik-manage.sh -3d38076606d18a438a2d76cdd2067774d5471bb832e641050630726b4d7bd8b8c2218d25d7e987a1fb46ee6a4a81d13e899145f015b3c94204cece039c7fb182 fix-ak-bash.patch +3e47db684a3f353dcecdb7bab8836b9d5198766735d77f676a51d952141a0cf9903fcb92e6306c48d2522d7a1f3028b37247fdc1dc74d4d6e043da7eb4f36d49 fix-ak-bash.patch 5c60e54b6a7829d611af66f5cb8184a002b5ae927efbd024c054a7c176fcb9efcfbe5685279ffcf0390b0f0abb3bb03e02782c6867c2b38d1ad2d508aae83fa0 root-settings-csrf_trusted_origins.patch badff70b19aad79cf16046bd46cb62db25c2a8b85b2673ce7c44c42eb60d42f6fcb1b9a7a7236c00f24803b25d3c66a4d64423f7ce14a59763b8415db292a5b9 go-downgrade-1.22.patch " diff --git a/ilot/authentik/fix-ak-bash.patch b/ilot/authentik/fix-ak-bash.patch index 080b29f..c6afafb 100644 --- a/ilot/authentik/fix-ak-bash.patch +++ b/ilot/authentik/fix-ak-bash.patch @@ -1,10 +1,10 @@ diff --git a/lifecycle/ak.orig b/lifecycle/ak -index 44dc480..49a0cef 100755 +index 615bfe9..1646274 100755 --- a/lifecycle/ak.orig +++ b/lifecycle/ak @@ -1,4 +1,4 @@ --#!/usr/bin/env -S bash +-#!/usr/bin/env -S bash -e +#!/usr/bin/env bash - set -e -o pipefail MODE_FILE="${TMPDIR}/authentik-mode" + function log { diff --git a/ilot/codeberg-pages-server/APKBUILD b/ilot/codeberg-pages-server/APKBUILD index 359c118..75ecfbb 100644 --- a/ilot/codeberg-pages-server/APKBUILD +++ b/ilot/codeberg-pages-server/APKBUILD @@ -1,21 +1,19 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=codeberg-pages-server -pkgver=6.2.1 -pkgrel=1 +pkgver=6.2 +pkgrel=0 pkgdesc="The Codeberg Pages Server – with custom domain support, per-repo pages using the pages branch, caching and more." url="https://codeberg.org/Codeberg/pages-server" arch="all" license="EUPL-1.2" -depends="libcap-setcap nginx" +depends="nginx" makedepends="go just" -install="$pkgname.post-install" # tests disabled for now options="!check" source=" $pkgname-$pkgver.tar.gz::https://codeberg.org/Codeberg/pages-server/archive/v$pkgver.tar.gz codeberg-pages-server.openrc - downgrade-go.patch " builddir="$srcdir/"pages-server subpackages="$pkgname-openrc" @@ -32,18 +30,13 @@ build() { package() { msg "Packaging $pkgname" - install -Dm755 "$builddir"/build/codeberg-pages-server \ - "$pkgdir"/usr/bin/codeberg-pages-server + install -Dm755 "$builddir"/build/codeberg-pages-server "$pkgdir"/usr/bin/codeberg-pages-server install -Dm755 "$srcdir"/$pkgname.openrc \ "$pkgdir"/etc/init.d/$pkgname - - install -Dm600 "$builddir"/example_config.toml \ - "$pkgdir"/etc/codeberg-pages-server/pages.conf } sha512sums=" -87992a244a580ef109fa891fd4e4ab5bf8320076f396c63e23b83e2c49e3c34fed2d6562283fc57dd89ebc13596dd7b8cbdfa7202eee43cbbd86b6a7f3b52c26 codeberg-pages-server-6.2.1.tar.gz -4808057de5d539fd9ad3db67b650d45ed60c53e07eff840115af09729ac198791b465b61da547eac1dffd0633e5855c348aa7663d6f6cb5984f7fc999be08589 codeberg-pages-server.openrc -1f02e3e9a6f0aab9b516fa7ffaaeb92da3ab839fbcf07f672398063d784c8c0ca373edc0f9a26132d40a60345c4894a5f757c13bf7500f5753f5ffcdf10c52db downgrade-go.patch +d48e10262e94eb2e36696646e3431da066d2f820e037ab713f4446dd72c2e3895c9bf153fcbf702e05b21ec5750aa15ed9b71e2fb383f9357aeeef61073a721a codeberg-pages-server-6.2.tar.gz +4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1 codeberg-pages-server.openrc " diff --git a/ilot/codeberg-pages-server/codeberg-pages-server.openrc b/ilot/codeberg-pages-server/codeberg-pages-server.openrc index fe2ce85..a036393 100644 --- a/ilot/codeberg-pages-server/codeberg-pages-server.openrc +++ b/ilot/codeberg-pages-server/codeberg-pages-server.openrc @@ -1,23 +1,30 @@ #!/sbin/openrc-run - -: ${config:=/etc/codeberg-pages-server/pages.conf} - + name="$RC_SVCNAME" cfgfile="/etc/conf.d/$RC_SVCNAME.conf" pidfile="/run/$RC_SVCNAME.pid" -working_directory="/var/lib/codeberg-pages-server" -command="/usr/bin/codeberg-pages-server" -command_args="--config-file $config" -command_user="nginx" -command_group="nginx" +working_directory="/usr/share/webapps/authentik" +command="/usr/share/webapps/authentik/server" +command_user="authentik" +command_group="authentik" start_stop_daemon_args="" command_background="yes" -output_log="/var/log/codeberg-pages-server/$RC_SVCNAME.log" -error_log="/var/log/codeberg-pages-server/$RC_SVCNAME.err" +output_log="/var/log/authentik/$RC_SVCNAME.log" +error_log="/var/log/authentik/$RC_SVCNAME.err" + +depend() { + need redis + need postgresql +} start_pre() { - checkpath --directory --owner $command_user:$command_group --mode 0775 \ - /var/log/codeberg-pages-server \ - /var/lib/codeberg-pages-server cd "$working_directory" + checkpath --directory --owner $command_user:$command_group --mode 0775 \ + /var/log/authentik \ + /var/lib/authentik/certs +} + +stop_pre() { + ebegin "Killing child processes" + kill $(ps -o pid= --ppid $(cat $pidfile)) || true } diff --git a/ilot/codeberg-pages-server/codeberg-pages-server.post-install b/ilot/codeberg-pages-server/codeberg-pages-server.post-install deleted file mode 100755 index d55e213..0000000 --- a/ilot/codeberg-pages-server/codeberg-pages-server.post-install +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -set -eu - -setcap 'cap_net_bind_service=+ep' /usr/bin/codeberg-pages-server - -cat >&2 <<-EOF -* -* 1. Adjust settings in /etc/codeberg-pages-server/pages.conf -* -EOF diff --git a/ilot/codeberg-pages-server/downgrade-go.patch b/ilot/codeberg-pages-server/downgrade-go.patch deleted file mode 100644 index 80988d5..0000000 --- a/ilot/codeberg-pages-server/downgrade-go.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/go.mod.orig b/go.mod -index bff6b77..2b9f2e4 100644 ---- a/go.mod.orig -+++ b/go.mod -@@ -1,6 +1,6 @@ - module codeberg.org/codeberg/pages - --go 1.24.0 -+go 1.23.6 - - require ( - code.gitea.io/sdk/gitea v0.20.0 diff --git a/ilot/forgejo-aneksajo/APKBUILD b/ilot/forgejo-aneksajo/APKBUILD index d3a4462..4cf97ae 100644 --- a/ilot/forgejo-aneksajo/APKBUILD +++ b/ilot/forgejo-aneksajo/APKBUILD @@ -4,7 +4,7 @@ # Contributor: Patrycja Rosa # Maintainer: Antoine Martin (ayakael) pkgname=forgejo-aneksajo -pkgver=11.0.0_git0 +pkgver=10.0.1_git0 _gittag=v${pkgver/_git/-git-annex} pkgrel=0 pkgdesc="Self-hosted Git service written in Go with git-annex support" @@ -60,7 +60,7 @@ build() { export CGO_LDFLAGS="$LDFLAGS" unset LDFLAGS ## make FHS compliant - local setting="forgejo.org/modules/setting" + local setting="code.gitea.io/gitea/modules/setting" export LDFLAGS="$LDFLAGS -X $setting.CustomConf=/etc/forgejo/app.ini" export LDFLAGS="$LDFLAGS -X $setting.AppWorkPath=/var/lib/forgejo/" @@ -106,7 +106,7 @@ package() { } sha512sums=" -07f72fcd3bb02a6bbfbcf73f8526c51f1f3fe39d2a504395dfb0997743a190bd210389d58114aaf546fb6d0fabaa80a54240632e11eeba35250b9e6b9b63f438 forgejo-aneksajo-v11.0.0-git-annex0.tar.gz +1dcc4655bd19e6e29dbe854a43693c60518d69db80f53c7f3fd759717e68782d1c1b181aee1286a0e19a253e197da512b3d051097ffc501b6717f2dfee8c67de forgejo-aneksajo-v10.0.1-git-annex0.tar.gz 497d8575f2eb5ac43baf82452e76007ef85e22cca2cc769f1cf55ffd03d7ce4d50ac4dc2b013e23086b7a5577fc6de5a4c7e5ec7c287f0e3528e908aaa2982aa forgejo-aneksajo.initd b537b41b6b3a945274a6028800f39787b48c318425a37cf5d40ace0d1b305444fd07f17b4acafcd31a629bedd7d008b0bb3e30f82ffeb3d7e7e947bdbe0ff4f3 forgejo-aneksajo.ini " diff --git a/ilot/freescout/APKBUILD b/ilot/freescout/APKBUILD index 5f4eb2d..12e0117 100644 --- a/ilot/freescout/APKBUILD +++ b/ilot/freescout/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Antoine Martin (ayakael) # Contributor: Antoine Martin (ayakael) pkgname=freescout -pkgver=1.8.175 +pkgver=1.8.171 pkgrel=0 pkgdesc="Free self-hosted help desk & shared mailbox" arch="noarch" @@ -76,7 +76,7 @@ package() { install -m755 -D "$srcdir"/freescout-manage.sh "$pkgdir"/usr/bin/freescout-manage } sha512sums=" -aa5f762eddaac34977a42bb59a0c2ec2113b0ad4f04b767465e9c23c4bb5d0dd722432735fb10975c23b0a5ca4a11abcfc52d893a3c6678d4908ceb29cefa736 freescout-1.8.175.tar.gz +ae99edd7ab1f944cfc8606ae26b67a4898c2490c099a06cde0fa6f8dd35e737fdc3bfd9f96a13694f18a29704ad80c11f9bcd77e149e8d03dbb70defbfbf9c19 freescout-1.8.171.tar.gz e4af6c85dc12f694bef2a02e4664e31ed50b2c109914d7ffad5001c2bbd764ef25b17ecaa59ff55ef41bccf17169bf910d1a08888364bdedd0ecc54d310e661f freescout.nginx 7ce9b3ee3a979db44f5e6d7daa69431e04a5281f364ae7be23e5a0a0547f96abc858d2a8010346be2fb99bd2355fb529e7030ed20d54f310249e61ed5db4d0ba freescout-manage.sh 0cba00b7d945ce84f72a2812d40028a073a5278856f610e46dbfe0ac78deff6bf5eba7643635fa4bc64d070c4d49eb47d24ea0a05ba1e6ea76690bfd77906366 rename-client-to-membre-fr-en.patch diff --git a/ilot/go/0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch b/ilot/go/0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch deleted file mode 100644 index 2cbbcd9..0000000 --- a/ilot/go/0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch +++ /dev/null @@ -1,45 +0,0 @@ -From fa8e52baedd21265f69b5f425157e11c8c4ec24a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=B6ren=20Tempel?= -Date: Sat, 25 Mar 2023 09:08:04 +0100 -Subject: [PATCH] cmd/link: prefer musl's over glibc's ld.so during dynamic - linking - -Without this commit glibc's is preferred over musl by default. This -causes issues on Alpine when a dynamically linked Go binary is created -while gcompat is installed, causing the binary to be linked against -the ld.so provided by the gcompat package. - -This commit changes the logic to check for musl's ld.so first, if it -does not exist we fallback to glibc. This default can be overwritten -using the `-I` option of cmd/link. - -See https://gitlab.alpinelinux.org/alpine/aports/-/issues/14737 ---- - src/cmd/link/internal/ld/elf.go | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/cmd/link/internal/ld/elf.go b/src/cmd/link/internal/ld/elf.go -index 713f7739a5..8cf9377858 100644 ---- a/src/cmd/link/internal/ld/elf.go -+++ b/src/cmd/link/internal/ld/elf.go -@@ -1886,14 +1886,14 @@ func asmbElf(ctxt *Link) { - Exitf("ELF interpreter not set") - } - } else { -- interpreter = thearch.ELF.Linuxdynld -- // If interpreter does not exist, try musl instead. -+ interpreter = thearch.ELF.LinuxdynldMusl -+ // If interpreter does not exist, try glibc instead. - // This lets the same cmd/link binary work on -- // both glibc-based and musl-based systems. -+ // both musl-based and glibc-based systems. - if _, err := os.Stat(interpreter); err != nil { -- if musl := thearch.ELF.LinuxdynldMusl; musl != "" { -- if _, err := os.Stat(musl); err == nil { -- interpreter = musl -+ if glibc := thearch.ELF.Linuxdynld; glibc != "" { -+ if _, err := os.Stat(glibc); err == nil { -+ interpreter = glibc - } - } - } diff --git a/ilot/go/0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch b/ilot/go/0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch deleted file mode 100644 index db82330..0000000 --- a/ilot/go/0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 82ac7268f746c31d771e584c1c83f93890b33404 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=B6ren=20Tempel?= -Date: Tue, 11 Jul 2023 05:18:00 +0200 -Subject: [PATCH] go.env: Don't switch Go toolchain version as directed in - go.mod - -We want users and packages to use the version of Go that is provided -in our package repository. We don't want to download pre-built -toolchains from golang.org. - -Also note that prior to Go 1.21, pre-built Go binaries are linked -against glibc and hence do not work on Alpine. ---- - go.env | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/go.env b/go.env -index 6ff2b921d4..a106fb4638 100644 ---- a/go.env -+++ b/go.env -@@ -7,6 +7,5 @@ - GOPROXY=https://proxy.golang.org,direct - GOSUMDB=sum.golang.org - --# Automatically download newer toolchains as directed by go.mod files. --# See https://go.dev/doc/toolchain for details. --GOTOOLCHAIN=auto -+# Don't attempt to switch to a newer toolchains by default. -+GOTOOLCHAIN=local diff --git a/ilot/go/0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch b/ilot/go/0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch deleted file mode 100644 index 2e02033..0000000 --- a/ilot/go/0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch +++ /dev/null @@ -1,245 +0,0 @@ -From 5c5b24702f5542fba019d6b98eec6121bc21df31 Mon Sep 17 00:00:00 2001 -From: Michael Pratt -Date: Thu, 3 Apr 2025 11:15:13 +0000 -Subject: [PATCH] runtime: cleanup M vgetrandom state before dropping P - -When an M is destroyed, we put its vgetrandom state back on the shared -list for another M to reuse. This list is simply a slice, so appending -to the slice may allocate. Currently this operation is performed in -mdestroy, after the P is released, meaning allocation is not allowed. - -More the cleanup earlier in mdestroy when allocation is still OK. - -Also add //go:nowritebarrierrec to mdestroy since it runs without a P, -which would have caught this bug. - -Fixes #73141. - -Change-Id: I6a6a636c3fbf5c6eec09d07a260e39dbb4d2db12 -Reviewed-on: https://go-review.googlesource.com/c/go/+/662455 -Reviewed-by: Jason Donenfeld -LUCI-TryBot-Result: Go LUCI -Reviewed-by: Keith Randall -Reviewed-by: Keith Randall ---- - src/runtime/os3_solaris.go | 5 ++++- - src/runtime/os_aix.go | 5 ++++- - src/runtime/os_darwin.go | 5 ++++- - src/runtime/os_dragonfly.go | 5 ++++- - src/runtime/os_linux.go | 9 ++++----- - src/runtime/os_netbsd.go | 5 ++++- - src/runtime/os_openbsd.go | 5 ++++- - src/runtime/os_plan9.go | 5 ++++- - src/runtime/os_windows.go | 4 +++- - src/runtime/proc.go | 3 +++ - src/runtime/vgetrandom_linux.go | 11 +++++++++-- - src/runtime/vgetrandom_unsupported.go | 2 +- - 12 files changed, 48 insertions(+), 16 deletions(-) - -diff --git a/src/runtime/os3_solaris.go b/src/runtime/os3_solaris.go -index cf163a6bf4..ded821b2e6 100644 ---- a/src/runtime/os3_solaris.go -+++ b/src/runtime/os3_solaris.go -@@ -234,8 +234,11 @@ func unminit() { - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_aix.go b/src/runtime/os_aix.go -index 93464cb997..1b483c2a7e 100644 ---- a/src/runtime/os_aix.go -+++ b/src/runtime/os_aix.go -@@ -186,8 +186,11 @@ func unminit() { - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_darwin.go b/src/runtime/os_darwin.go -index 0ecbea7ae4..6eab3b5c3d 100644 ---- a/src/runtime/os_darwin.go -+++ b/src/runtime/os_darwin.go -@@ -344,8 +344,11 @@ func unminit() { - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_dragonfly.go b/src/runtime/os_dragonfly.go -index a02696eb4f..9b3235084d 100644 ---- a/src/runtime/os_dragonfly.go -+++ b/src/runtime/os_dragonfly.go -@@ -216,8 +216,11 @@ func unminit() { - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_linux.go b/src/runtime/os_linux.go -index 8b3c4d0ecc..fb46b81682 100644 ---- a/src/runtime/os_linux.go -+++ b/src/runtime/os_linux.go -@@ -412,13 +412,12 @@ func unminit() { - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { -- if mp.vgetrandomState != 0 { -- vgetrandomPutState(mp.vgetrandomState) -- mp.vgetrandomState = 0 -- } - } - - // #ifdef GOARCH_386 -diff --git a/src/runtime/os_netbsd.go b/src/runtime/os_netbsd.go -index 735ace25ad..a06e5febbd 100644 ---- a/src/runtime/os_netbsd.go -+++ b/src/runtime/os_netbsd.go -@@ -320,8 +320,11 @@ func unminit() { - // must continue working after unminit. - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_openbsd.go b/src/runtime/os_openbsd.go -index 574bfa8b17..4ce4c3c58d 100644 ---- a/src/runtime/os_openbsd.go -+++ b/src/runtime/os_openbsd.go -@@ -182,8 +182,11 @@ func unminit() { - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_plan9.go b/src/runtime/os_plan9.go -index 2dbb42ad03..3b5965ab99 100644 ---- a/src/runtime/os_plan9.go -+++ b/src/runtime/os_plan9.go -@@ -217,8 +217,11 @@ func minit() { - func unminit() { - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_windows.go b/src/runtime/os_windows.go -index 7183e79f7d..54407a320c 100644 ---- a/src/runtime/os_windows.go -+++ b/src/runtime/os_windows.go -@@ -906,9 +906,11 @@ func unminit() { - mp.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. - // -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - //go:nosplit - func mdestroy(mp *m) { - if mp.highResTimer != 0 { -diff --git a/src/runtime/proc.go b/src/runtime/proc.go -index e9873e54cd..21bee4df71 100644 ---- a/src/runtime/proc.go -+++ b/src/runtime/proc.go -@@ -1935,6 +1935,9 @@ func mexit(osStack bool) { - mp.gsignal = nil - } - -+ // Free vgetrandom state. -+ vgetrandomDestroy(mp) -+ - // Remove m from allm. - lock(&sched.lock) - for pprev := &allm; *pprev != nil; pprev = &(*pprev).alllink { -diff --git a/src/runtime/vgetrandom_linux.go b/src/runtime/vgetrandom_linux.go -index a6ec4b701c..40be022f24 100644 ---- a/src/runtime/vgetrandom_linux.go -+++ b/src/runtime/vgetrandom_linux.go -@@ -73,9 +73,16 @@ func vgetrandomGetState() uintptr { - return state - } - --func vgetrandomPutState(state uintptr) { -+// Free vgetrandom state from the M (if any) prior to destroying the M. -+// -+// This may allocate, so it must have a P. -+func vgetrandomDestroy(mp *m) { -+ if mp.vgetrandomState == 0 { -+ return -+ } -+ - lock(&vgetrandomAlloc.statesLock) -- vgetrandomAlloc.states = append(vgetrandomAlloc.states, state) -+ vgetrandomAlloc.states = append(vgetrandomAlloc.states, mp.vgetrandomState) - unlock(&vgetrandomAlloc.statesLock) - } - -diff --git a/src/runtime/vgetrandom_unsupported.go b/src/runtime/vgetrandom_unsupported.go -index 070392cfaa..43c53e1198 100644 ---- a/src/runtime/vgetrandom_unsupported.go -+++ b/src/runtime/vgetrandom_unsupported.go -@@ -13,6 +13,6 @@ func vgetrandom(p []byte, flags uint32) (ret int, supported bool) { - return -1, false - } - --func vgetrandomPutState(state uintptr) {} -+func vgetrandomDestroy(mp *m) {} - - func vgetrandomInit() {} diff --git a/ilot/go/APKBUILD b/ilot/go/APKBUILD deleted file mode 100644 index 82a98ba..0000000 --- a/ilot/go/APKBUILD +++ /dev/null @@ -1,318 +0,0 @@ -# Contributor: Sören Tempel -# Contributor: Eivind Uggedal -# Maintainer: Sören Tempel -pkgname=go -# go binaries are statically linked, security updates require rebuilds -pkgver=1.24.2 -pkgrel=1 -pkgdesc="Go programming language compiler" -url="https://go.dev/" -arch="all" -license="BSD-3-Clause" -depends="binutils gcc musl-dev" -makedepends="bash" -options="!check" -checkdepends="binutils-gold git git-daemon" -subpackages="$pkgname-doc" -source="https://go.dev/dl/go$pkgver.src.tar.gz - 0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch - 0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch - 0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch - tests-fchmodat-not-supported.patch - " -case "$CARCH" in - arm*|aarch64) depends="$depends binutils-gold";; - riscv64|loongarch64) - # binutils-gold is not supported on riscv64 and loongarch64. - checkdepends="${checkdepends/binutils-gold/}" - ;; -esac - -# secfixes: -# 0: -# - CVE-2022-41716 -# - CVE-2022-41720 -# - CVE-2022-41722 -# - CVE-2024-24787 -# 1.24.2-r0: -# - CVE-2025-22871 -# 1.24.1-r0: -# - CVE-2025-22870 -# 1.23.6-r0: -# - CVE-2025-22866 -# 1.23.5-r0: -# - CVE-2024-45336 -# - CVE-2024-45341 -# 1.23.1-r0: -# - CVE-2024-34155 -# - CVE-2024-34156 -# - CVE-2024-34158 -# 1.22.5-r0: -# - CVE-2024-24791 -# 1.22.4-r0: -# - CVE-2024-24789 -# - CVE-2024-24790 -# 1.22.3-r0: -# - CVE-2024-24788 -# 1.22.2-r0: -# - CVE-2023-45288 -# 1.22.1-r0: -# - CVE-2024-24783 -# - CVE-2023-45290 -# - CVE-2023-45289 -# - CVE-2024-24785 -# - CVE-2024-24784 -# 1.21.5-r0: -# - CVE-2023-39324 -# - CVE-2023-39326 -# 1.21.3-r0: -# - CVE-2023-39325 -# - CVE-2023-44487 -# 1.21.2-r0: -# - CVE-2023-39323 -# 1.21.1-r0: -# - CVE-2023-39318 -# - CVE-2023-39319 -# - CVE-2023-39320 -# - CVE-2023-39321 -# - CVE-2023-39322 -# 1.20.7-r0: -# - CVE-2023-29409 -# 1.20.6-r0: -# - CVE-2023-29406 -# 1.20.5-r0: -# - CVE-2023-29402 -# - CVE-2023-29403 -# - CVE-2023-29404 -# - CVE-2023-29405 -# 1.20.4-r0: -# - CVE-2023-24539 -# - CVE-2023-24540 -# - CVE-2023-29400 -# 1.20.3-r0: -# - CVE-2023-24537 -# - CVE-2023-24538 -# - CVE-2023-24534 -# - CVE-2023-24536 -# 1.20.2-r0: -# - CVE-2023-24532 -# 1.20.1-r0: -# - CVE-2022-41725 -# - CVE-2022-41724 -# - CVE-2022-41723 -# 1.19.4-r0: -# - CVE-2022-41717 -# 1.19.2-r0: -# - CVE-2022-2879 -# - CVE-2022-2880 -# - CVE-2022-41715 -# 1.19.1-r0: -# - CVE-2022-27664 -# - CVE-2022-32190 -# 1.18.5-r0: -# - CVE-2022-32189 -# 1.18.4-r0: -# - CVE-2022-1705 -# - CVE-2022-1962 -# - CVE-2022-28131 -# - CVE-2022-30630 -# - CVE-2022-30631 -# - CVE-2022-30632 -# - CVE-2022-30633 -# - CVE-2022-30635 -# - CVE-2022-32148 -# 1.18.1-r0: -# - CVE-2022-28327 -# - CVE-2022-27536 -# - CVE-2022-24675 -# 1.17.8-r0: -# - CVE-2022-24921 -# 1.17.7-r0: -# - CVE-2022-23772 -# - CVE-2022-23773 -# - CVE-2022-23806 -# 1.17.6-r0: -# - CVE-2021-44716 -# - CVE-2021-44717 -# 1.17.3-r0: -# - CVE-2021-41772 -# - CVE-2021-41771 -# 1.17.2-r0: -# - CVE-2021-38297 -# 1.17.1-r0: -# - CVE-2021-39293 -# 1.17-r0: -# - CVE-2020-29509 -# - CVE-2020-29511 -# - CVE-2021-29923 -# 1.16.7-r0: -# - CVE-2021-36221 -# 1.16.6-r0: -# - CVE-2021-34558 -# 1.16.5-r0: -# - CVE-2021-33195 -# - CVE-2021-33196 -# - CVE-2021-33197 -# - CVE-2021-33198 -# 1.16.4-r0: -# - CVE-2021-31525 -# 1.16.2-r0: -# - CVE-2021-27918 -# - CVE-2021-27919 -# 1.15.7-r0: -# - CVE-2021-3114 -# - CVE-2021-3115 -# 1.15.5-r0: -# - CVE-2020-28362 -# - CVE-2020-28366 -# - CVE-2020-28367 -# 1.15.2-r0: -# - CVE-2020-24553 -# 1.15-r0: -# - CVE-2020-16845 -# 1.14.5-r0: -# - CVE-2020-15586 -# 1.13.7-r0: -# - CVE-2020-7919 -# 1.13.2-r0: -# - CVE-2019-17596 -# 1.13.1-r0: -# - CVE-2019-16276 -# 1.12.8-r0: -# - CVE-2019-9512 -# - CVE-2019-9514 -# - CVE-2019-14809 -# 1.11.5-r0: -# - CVE-2019-6486 -# 1.9.4-r0: -# - CVE-2018-6574 - -if [ "$CBUILD" = "$CTARGET" ]; then - makedepends="go-bootstrap $makedepends" - provides="go-bootstrap=$pkgver-r$pkgrel" -else - pkgname="go-bootstrap" - makedepends="go $makedepends" - # Go expect host linker instead of the cross-compiler - export CC_FOR_TARGET="$CC" - export CC="${HOSTLD:-gcc}" - export CXX="${HOSTLD:-g++}" - export LD="${HOSTLD:-ld}" -fi - -case "$CTARGET_ARCH" in -aarch64) export GOARCH="arm64" ;; -armel) export GOARCH="arm" GOARM=5 ;; -armhf) export GOARCH="arm" GOARM=6 ;; -armv7) export GOARCH="arm" GOARM=7 ;; -s390x) export GOARCH="s390x" ;; -x86) export GOARCH="386" ;; -x86_64) export GOARCH="amd64" ;; -ppc64) export GOARCH="ppc64" ;; -ppc64le) export GOARCH="ppc64le" ;; -riscv64) export GOARCH="riscv64" ;; -loongarch64) export GOARCH="loong64" ;; -*) export GOARCH="unsupported";; -esac - -# compile go itself as a PIE on supported arches. -case "$CARCH" in -x86_64|s390x|aarch64) export GO_LDFLAGS=-buildmode=pie ;; -esac - -prepare() { - default_prepare - - # The GitLab CI builds aports in a container. On ppc64le, ASLR - # needs to be disabled in order to have the following test case - # pass. However, the container doesn't have permissions to - # disable ASLR, hence we just disable this test for now. - # - # See https://github.com/golang/go/issues/49066#issuecomment-1252948861 - if [ "$CTARGET_ARCH" = "ppc64le" ]; then - rm test/fixedbugs/bug513.go - fi -} - -builddir="$srcdir"/go -build() { - cd "$builddir/src" - - export GOOS="linux" - export GOPATH="$srcdir" - export GOROOT="$builddir" - export GOBIN="$GOROOT"/bin - export GOROOT_FINAL=/usr/lib/go - - local p; for p in /usr/lib/go-bootstrap /usr/lib/go-linux-$GOARCH-bootstrap /usr/lib/go; do - if [ -d "$p" ]; then - export GOROOT_BOOTSTRAP="$p" - break - fi - done - - ./make.bash -v - - # copied from bootstrap.bash to fixup cross-built bootstrap go - if [ "$CBUILD" != "$CTARGET" ]; then - local gohostos="$(../bin/go env GOHOSTOS)" - local gohostarch="$(../bin/go env GOHOSTARCH)" - mv ../bin/*_*/* ../bin - rmdir ../bin/*_* - rm -rf "../pkg/${gohostos}_$gohostarch"* "../pkg/tool/${gohostos}_$gohostarch"* - rm -rf ../pkg/bootstrap ../pkg/obj - fi -} - -check() { - cd "$builddir/src" - if [ "$CTARGET_ARCH" = "armhf" ]; then - export GO_TEST_TIMEOUT_SCALE=2 - fi - - # Test suite does not pass with ccache, thus remove it form $PATH. - export PATH="$(echo "$PATH" | sed 's|/usr/lib/ccache/bin:||g')" - - PATH="$builddir/bin:$PATH" ./run.bash -no-rebuild -} - -package() { - mkdir -p "$pkgdir"/usr/bin "$pkgdir"/usr/lib/go/bin "$pkgdir"/usr/share/doc/go - - for binary in go gofmt; do - install -Dm755 bin/"$binary" "$pkgdir"/usr/lib/go/bin/"$binary" - ln -s /usr/lib/go/bin/"$binary" "$pkgdir"/usr/bin/ - done - - cp -a misc pkg src lib "$pkgdir"/usr/lib/go - cp -r doc "$pkgdir"/usr/share/doc/go - rm -rf "$pkgdir"/usr/lib/go/pkg/obj - rm -rf "$pkgdir"/usr/lib/go/pkg/bootstrap - rm -f "$pkgdir"/usr/lib/go/pkg/tool/*/api - - # Install go.env, see https://go.dev/doc/toolchain#GOTOOLCHAIN. - install -Dm644 "$builddir"/go.env "$pkgdir"/usr/lib/go/go.env - install -Dm644 VERSION "$pkgdir/usr/lib/go/VERSION" - - # Remove tests from /usr/lib/go/src to reduce package size, - # these should not be needed at run-time by any program. - find "$pkgdir"/usr/lib/go/src \( -type f -a -name "*_test.go" \) \ - -exec rm -rf \{\} \+ - find "$pkgdir"/usr/lib/go/src \( -type d -a -name "testdata" \) \ - -exec rm -rf \{\} \+ - - # Remove rc (plan 9) and bat scripts (windows) to reduce package - # size further. The bash scripts are actually needed at run-time. - # - # See: https://gitlab.alpinelinux.org/alpine/aports/issues/11091 - find "$pkgdir"/usr/lib/go/src -type f -a \( -name "*.rc" -o -name "*.bat" \) \ - -exec rm -rf \{\} \+ -} - -sha512sums=" -6366a32f6678e7908b138f62dafeed96f7144b3b93505e75fba374b33727da8b1d087c1f979f493382b319758ebfcbeb30e9d7dadcb2923b628c8abe7db41c6f go1.24.2.src.tar.gz -34dbe032c5f08dd8a7aad36fc4d54e746a876fdadc25466888a2f04f5a9d53103190ebd68d3cf978d3a041976185e30ffb25611fb577d031c159810d2d4c7c41 0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch -8061e4ef9d7dd31804bd8d98c95afa5dd82567940b3436f45f874e0419e324b49713d8a814df04617e575ec3c6155199c4661352ea8aef63ead81ca3020f3dc4 0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch -d56b796ac81f8901cf426711e381b386ec6e039090fd914ebb2246e5b2ccaa6c1dcb40810a886c5e1b0a748c9bcd4cfe9749d85da91e7ce4c11aaf470295e549 0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch -33ecefca77fa0af52a3b2b66a76977af27a88c8dddb89f03e0a5ae6794b9aac53a62d7be33020b49022e9a89d4cdfa383038ee10e160eb94548b2430bf3cfb5e tests-fchmodat-not-supported.patch -" diff --git a/ilot/go/tests-fchmodat-not-supported.patch b/ilot/go/tests-fchmodat-not-supported.patch deleted file mode 100644 index 168ca71..0000000 --- a/ilot/go/tests-fchmodat-not-supported.patch +++ /dev/null @@ -1,19 +0,0 @@ -Without this patch, the TestFchmodat fails on our arm CI with: - - syscall_linux_test.go:139: Fchmodat: unexpected error: operation not permitted, expected EOPNOTSUPP - -The "operation not permitted" means that EPERM was returned which -is likely due to the security policy of our CI container. - -diff -upr go.orig/src/syscall/syscall_linux_test.go go/src/syscall/syscall_linux_test.go ---- go.orig/src/syscall/syscall_linux_test.go 2024-02-07 22:54:39.316022227 +0100 -+++ go/src/syscall/syscall_linux_test.go 2024-02-07 22:56:05.104871102 +0100 -@@ -135,7 +135,7 @@ func TestFchmodat(t *testing.T) { - } - - err = syscall.Fchmodat(_AT_FDCWD, "symlink1", 0444, _AT_SYMLINK_NOFOLLOW) -- if err != syscall.EOPNOTSUPP { -+ if !testenv.SyscallIsNotSupported(err) && err != syscall.EOPNOTSUPP { - t.Fatalf("Fchmodat: unexpected error: %v, expected EOPNOTSUPP", err) - } - } diff --git a/ilot/listmonk/APKBUILD b/ilot/listmonk/APKBUILD index 704084b..1bf9721 100644 --- a/ilot/listmonk/APKBUILD +++ b/ilot/listmonk/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=listmonk -pkgver=5.0.0 +pkgver=4.1.0 pkgrel=0 pkgdesc='Self-hosted newsletter and mailing list manager with a modern dashboard' arch="all" @@ -67,7 +67,7 @@ package() { ln -s /etc/listmonk/config.toml "$pkgdir"/usr/share/webapps/listmonk/config.toml } sha512sums=" -b0875124106ac737550eb340c209f079698c0b9e1f1e55c70eca113720dbc9dcfaac63aa65722299a1448a582cedf0f9ee20b24ea0625d4e780d83e0d6bab198 listmonk-5.0.0.tar.gz +936b33d6de1d69ee4e7f768810116ac997c516754aace0371089bc8106bebee944197864afc11b7bc5725afa9a4f195d6629957bfcdd37c847e3780aa34558ec listmonk-4.1.0.tar.gz 939450af4b23708e3d23a5a88fad4c24b957090bdd21351a6dd520959e52e45e5fcac117a3eafa280d9506616dae39ad3943589571f008cac5abe1ffd8062424 listmonk.sh 8e9c0b1f335c295fb741418246eb17c7566e5e4200a284c6483433e8ddbf5250aa692435211cf062ad1dfcdce3fae9148def28f03f2492d33fe5e66cbeebd4bd listmonk.openrc " diff --git a/ilot/mastodon/APKBUILD b/ilot/mastodon/APKBUILD index dcf1bd5..35d6e3c 100644 --- a/ilot/mastodon/APKBUILD +++ b/ilot/mastodon/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=mastodon _pkgname=$pkgname -pkgver=4.2.20 +pkgver=4.2.15 _gittag=v$pkgver pkgrel=0 pkgdesc="Self-hosted social media and network server based on ActivityPub and OStatus" @@ -192,7 +192,7 @@ assets() { } sha512sums=" -132df11b54bf0f900e2ee6e149ddb730706a67fc6130ead63b327028fa590944f21a19bcba07d859885717208b6abc005d0aee7675fd8e0fb09ad8d6f8f631b7 mastodon-v4.2.20.tar.gz +3fbd6b865c4321c74251b8cfb78185d2c0454c4fe1d3c85cc01b2eaa37cf478e5ad78ab4df3c207e6d2257b223494c516878e180b6cae7f0ef9a1430b937f553 mastodon-v4.2.15.tar.gz d49fea9451c97ccefe5e35b68e4274aeb427f9d1e910b89c1f6c810489c3bec1ccff72952fdaef95abf944b8aff0da84a52347540d36ff1fba5ccc19e1d935c6 mastodon.initd eefe12a31268245f802222c0001dac884e03adb0d301e53a1512a3cd204836ca03ad083908cd14d146cf0dce99e3a4366570efd0e40a9a490ccd381d4c63c32f mastodon.web.initd 8fc9249c01693bb02b8d1a6177288d5d3549addde8c03eb35cc7a32dde669171872ebc2b5deb8019dc7a12970098f1af707171fa41129be31b04e1dc1651a777 mastodon.sidekiq.initd diff --git a/ilot/nextcloud30/50813_check-if-storage-id-is-set-on-cache.patch b/ilot/nextcloud30/50813_check-if-storage-id-is-set-on-cache.patch new file mode 100644 index 0000000..1f704c7 --- /dev/null +++ b/ilot/nextcloud30/50813_check-if-storage-id-is-set-on-cache.patch @@ -0,0 +1,62 @@ +From 59a0bc99824402fc126e58dfcc8da68fc6e41349 Mon Sep 17 00:00:00 2001 +From: Git'Fellow <12234510+solracsf@users.noreply.github.com> +Date: Wed, 12 Feb 2025 11:30:14 +0100 +Subject: [PATCH] fix(SharedStorage): Check if storage ID is set on cache + +Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> +--- + apps/files_sharing/lib/SharedStorage.php | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/apps/files_sharing/lib/SharedStorage.php b/apps/files_sharing/lib/SharedStorage.php +index 2ac157f7970b6..a70632d6faa54 100644 +--- a/apps/files_sharing/lib/SharedStorage.php ++++ b/apps/files_sharing/lib/SharedStorage.php +@@ -29,6 +29,7 @@ use OCP\Files\Storage\IDisableEncryptionStorage; + use OCP\Files\Storage\ISharedStorage; + use OCP\Files\Storage\IStorage; + use OCP\Lock\ILockingProvider; ++use OCP\Server; + use OCP\Share\IShare; + use Psr\Log\LoggerInterface; + +@@ -82,7 +83,7 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements LegacyISha + + public function __construct($arguments) { + $this->ownerView = $arguments['ownerView']; +- $this->logger = \OC::$server->get(LoggerInterface::class); ++ $this->logger = Server::get(LoggerInterface::class); + + $this->superShare = $arguments['superShare']; + $this->groupedShares = $arguments['groupedShares']; +@@ -142,7 +143,7 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements LegacyISha + } + + /** @var IRootFolder $rootFolder */ +- $rootFolder = \OC::$server->get(IRootFolder::class); ++ $rootFolder = Server::get(IRootFolder::class); + $this->ownerUserFolder = $rootFolder->getUserFolder($this->superShare->getShareOwner()); + $sourceId = $this->superShare->getNodeId(); + $ownerNodes = $this->ownerUserFolder->getById($sourceId); +@@ -431,7 +432,7 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements LegacyISha + $this->cache = new \OCA\Files_Sharing\Cache( + $storage, + $sourceRoot, +- \OC::$server->get(CacheDependencies::class), ++ Server::get(CacheDependencies::class), + $this->getShare() + ); + return $this->cache; +@@ -456,10 +457,10 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements LegacyISha + // Get node information + $node = $this->getShare()->getNodeCacheEntry(); + if ($node instanceof CacheEntry) { +- $storageId = $node->getData()['storage_string_id']; ++ $storageId = $node->getData()['storage_string_id'] ?? null; + // for shares from the home storage we can rely on the home storage to keep itself up to date + // for other storages we need use the proper watcher +- if (!(str_starts_with($storageId, 'home::') || str_starts_with($storageId, 'object::user'))) { ++ if ($storageId !== null && !(str_starts_with($storageId, 'home::') || str_starts_with($storageId, 'object::user'))) { + $this->watcher = parent::getWatcher($path, $storage); + return $this->watcher; + } diff --git a/ilot/nextcloud30/APKBUILD b/ilot/nextcloud30/APKBUILD index 161f723..0380785 100644 --- a/ilot/nextcloud30/APKBUILD +++ b/ilot/nextcloud30/APKBUILD @@ -2,8 +2,8 @@ # Contributor: jahway603 # Maintainer: Leonardo Arena _pkgname=nextcloud -pkgver=30.0.10 -pkgrel=0 +pkgver=30.0.6 +pkgrel=1 is_latest=true _pkgvermaj=${pkgver%%.*} pkgname=nextcloud$_pkgvermaj @@ -87,6 +87,7 @@ source="https://download.nextcloud.com/server/releases/nextcloud-$pkgver.tar.bz2 dont-update-htaccess.patch disable-integrity-check-as-default.patch use-external-docs-if-local-not-avail.patch + 50813_check-if-storage-id-is-set-on-cache.patch $_pkgname-config.php $_pkgname.logrotate @@ -310,11 +311,12 @@ _package_app() { } sha512sums=" -c8c9800fff46c5634576b9e0696afd4083e34d24000762ebf3a66192d1dea3f664d1c1d42e6ae262535757991d0a60ee7ee1e1d24757677be56bb8ea7d4d3fd5 nextcloud-30.0.10.tar.bz2 -daeabeaa315bb908cc1e49612cce4b2debd71d17acb84b5d14e15fe124c907884b72d54e9aa669ec209eee1b1934d0bc242d72a28d8db7339cfb08383f66fd5c nextcloud-dont-chmod.patch +5eb98bf8badcf9a1e0b0482c230dae573a7e577281502dd7ac46804bec2a1bb5aa82dd5e5dc800380a9852e8d076432a819032fdabbf39c09bc902c257aeffa3 nextcloud-30.0.6.tar.bz2 +aea0adb2c3a48ec6af2958c6ccfe13adff86316a56084e763b7e6df9e21aa3435b13305b7c15cc2b795e83c9388b05006862f6465c29e3dc2c1fbd8eb8befcb9 nextcloud-dont-chmod.patch 12f4a39aef0f81a0115c81bf2b345cc194537a7e8300748b800b0e35bc07928091296074b23c2019c17aced69854a11d1ed7225f67eefd27cf00c3969a75c5b0 dont-update-htaccess.patch cb04252d01407c7030e87dd54616c621ea0f85ef0212674b1161288182538cae0fb31c67e7cc07c66f9607075774c64e386009cc66365b1f1b155f6ad4f83ac0 disable-integrity-check-as-default.patch c0a9b7c31c8beaca711f8e97d98441007b3dca7fb3d316d2eacd28a73b5233def6f846c02d98202f75efb9cb248b8787a80e20b07c32d1c7534a0e54bb20feab use-external-docs-if-local-not-avail.patch +5925787e34c39ad217103b9ebe82654c612a97e70d4b2208c77f84847afb1bcccd929366a807fa76ff929a7ee7e8008eaa58fd950915ffcce8ef2ddf97ef9d1d 50813_check-if-storage-id-is-set-on-cache.patch 5f73cd9399fa484ef15bd47e803c93381deffbc7699eceadbb5c27e43b20156806d74e5021a64d28f0165ef87b519e962780651711a37bceb9f0b04455dfdce1 nextcloud-config.php 7388458a9e8b7afd3d3269718306410ffa59c3c23da4bef367a4d7f6d2570136fae9dd421b19c1441e7ffb15a5405e18bb5da67b1a15f9f45e8b98d3fda532ba nextcloud.logrotate dcc57735d7d4af4a7ebbdd1186d301e51d2ae4675022aea6bf1111222dfa188a3a490ebd6e7c8a7ac30046cb7d93f81cec72a51acbc60d0c10b7fb64630c637a nextcloud.confd diff --git a/ilot/nextcloud30/nextcloud-dont-chmod.patch b/ilot/nextcloud30/nextcloud-dont-chmod.patch index 1929185..2145508 100644 --- a/ilot/nextcloud30/nextcloud-dont-chmod.patch +++ b/ilot/nextcloud30/nextcloud-dont-chmod.patch @@ -32,6 +32,18 @@ index 9e9abb11..7db25286 100644 if ($handle) { fwrite($handle, $entry."\n"); fclose($handle); +diff --git a/lib/private/TempManager.php b/lib/private/TempManager.php +index 49d4ee94..b0943843 100644 +--- a/lib/private/TempManager.php ++++ b/lib/private/TempManager.php +@@ -96,7 +96,6 @@ class TempManager implements ITempManager { + if ($postFix !== '') { + $fileNameWithPostfix = $this->buildFileNameWithSuffix($file, $postFix); + touch($fileNameWithPostfix); +- chmod($fileNameWithPostfix, 0600); + $this->current[] = $fileNameWithPostfix; + return $fileNameWithPostfix; + } diff --git a/lib/private/legacy/OC_Util.php b/lib/private/legacy/OC_Util.php index 71f6edba..216abdf8 100644 --- a/lib/private/legacy/OC_Util.php diff --git a/ilot/nextcloud31/APKBUILD b/ilot/nextcloud31/APKBUILD new file mode 100644 index 0000000..3a4dc30 --- /dev/null +++ b/ilot/nextcloud31/APKBUILD @@ -0,0 +1,327 @@ +# Contributor: Jakub Jirutka +# Contributor: jahway603 +# Maintainer: Leonardo Arena +_pkgname=nextcloud +pkgver=31.0.0 +pkgrel=0 +is_latest=true +_pkgvermaj=${pkgver%%.*} +pkgname=nextcloud$_pkgvermaj +_replaced_ver=$(( _pkgvermaj - 1 )) +pkgdesc="A safe home for all your data" +url="https://nextcloud.com/" +arch="noarch" +license="AGPL-3.0-only" +_php=php83 +_php_mods="-bcmath -ctype -curl -dom -gd -fileinfo -gmp -iconv -intl + -mbstring -opcache -openssl -pcntl -posix -session + -simplexml -xml -xmlreader -xmlwriter -zip" +depends="ca-certificates $_php ${_php_mods//-/$_php-}" +makedepends="xmlstarlet" +$is_latest && provides="$_pkgname=$pkgver-r$pkgrel + $_pkgname-accessibility=$pkgver-r$pkgrel + $pkgname-accessibility=$pkgver-r$pkgrel + $_pkgname-bruteforcesettings=$pkgver-r$pkgrel + $pkgname-bruteforcesettings=$pkgver-r$pkgrel + $_pkgname-contactsinteraction=$pkgver-r$pkgrel + $pkgname-contactsinteraction=$pkgver-r$pkgrel + $_pkgname-cloud_federation_api=$pkgver-r$pkgrel + $pkgname-cloud_federation_api=$pkgver-r$pkgrel + $_pkgname-dav=$pkgver-r$pkgrel + $pkgname-dav=$pkgver-r$pkgrel + $_pkgname-files=$pkgver-r$pkgrel + $pkgname-files=$pkgver-r$pkgrel + $_pkgname-files_videoplayer=$pkgver-r$pkgrel + $pkgname-files_videoplayer=$pkgver-r$pkgrel + $_pkgname-federatedfilesharing=$pkgver-r$pkgrel + $pkgname-federatedfilesharing=$pkgver-r$pkgrel + $_pkgname-lookup_server_connector=$pkgver-r$pkgrel + $pkgname-lookup_server_connector=$pkgver-r$pkgrel + $_pkgname-oauth2=$pkgver-r$pkgrel + $pkgname-oauth2=$pkgver-r$pkgrel + $_pkgname-provisioning_api=$pkgver-r$pkgrel + $pkgname-provisioning_api=$pkgver-r$pkgrel + $_pkgname-related_resources=$pkgver-r$pkgrel + $pkgname-related_resources=$pkgver-r$pkgrel + $_pkgname-settings=$pkgver-r$pkgrel + $pkgname-settings=$pkgver-r$pkgrel + $_pkgname-theming=$pkgver-r$pkgrel + $pkgname-theming=$pkgver-r$pkgrel + $_pkgname-twofactor_backupcodes=$pkgver-r$pkgrel + $pkgname-twofactor_backupcodes=$pkgver-r$pkgrel + $_pkgname-twofactor_nextcloud_notification=$pkgver-r$pkgrel + $pkgname-twofactor_nextcloud_notification=$pkgver-r$pkgrel + $_pkgname-twofactor_totp=$pkgver-r$pkgrel + $pkgname-twofactor_totp=$pkgver-r$pkgrel + $_pkgname-viewer=$pkgver-r$pkgrel + $pkgname-viewer=$pkgver-r$pkgrel + $_pkgname-workflowengine=$pkgver-r$pkgrel + $pkgname-workflowengine=$pkgver-r$pkgrel + " || provides="$pkgname-accessibility=$pkgver-r$pkgrel + $pkgname-bruteforcesettings=$pkgver-r$pkgrel + $pkgname-contactsinteraction=$pkgver-r$pkgrel + $pkgname-cloud_federation_api=$pkgver-r$pkgrel + $pkgname-dav=$pkgver-r$pkgrel + $pkgname-files=$pkgver-r$pkgrel + $pkgname-files_videoplayer=$pkgver-r$pkgrel + $pkgname-federatedfilesharing=$pkgver-r$pkgrel + $pkgname-lookup_server_connector=$pkgver-r$pkgrel + $pkgname-oauth2=$pkgver-r$pkgrel + $pkgname-provisioning_api=$pkgver-r$pkgrel + $pkgname-related_resources=$pkgver-r$pkgrel + $pkgname-settings=$pkgver-r$pkgrel + $pkgname-theming=$pkgver-r$pkgrel + $pkgname-twofactor_backupcodes=$pkgver-r$pkgrel + $pkgname-twofactor_nextcloud_notification=$pkgver-r$pkgrel + $pkgname-twofactor_totp=$pkgver-r$pkgrel + $pkgname-viewer=$pkgver-r$pkgrel + $pkgname-workflowengine=$pkgver-r$pkgrel + " +replaces="nextcloud$_replaced_ver" +install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade $pkgname.post-install + $pkgname-initscript.post-install" +subpackages="$pkgname-doc $pkgname-initscript $pkgname-mysql $pkgname-pgsql $pkgname-sqlite + $pkgname-default-apps:_default_apps $pkgname-occ" +source="https://download.nextcloud.com/server/releases/nextcloud-$pkgver.tar.bz2 + nextcloud-dont-chmod.patch + dont-update-htaccess.patch + disable-integrity-check-as-default.patch + use-external-docs-if-local-not-avail.patch + + $_pkgname-config.php + $_pkgname.logrotate + $_pkgname.confd + $_pkgname.cron + $_pkgname-mysql.cnf + fpm-pool.conf + occ + " +options="!check" +pkgusers="nextcloud" +pkggroups="www-data" +builddir="$srcdir"/$_pkgname + +# List of bundled apps to separate into subpackages. Keep it in sync! +# Note: Don't add "bruteforcesettings", "contactsinteraction", +# "cloud_federation_api", "dav", "files", +# "federatedfilesharing", "lookup_server_connector", "provisioning_api", +# "oauth2", "settings", "twofactor_backupcodes", "twofactor_totp", +# "twofactor_nextcloud_notification", "theming", "viewer", +# "workflowengine", "related_resources" +# here, these should be always installed. +_apps="activity + admin_audit + app_api + circles + comments + dashboard + encryption + federation + files_downloadlimit + files_external + files_pdfviewer + files_reminders + files_sharing + files_trashbin + files_versions + firstrunwizard + logreader + nextcloud_announcements + notifications + password_policy + photos + privacy + recommendations + serverinfo + support + sharebymail + survey_client + suspicious_login + systemtags + text + user_ldap + user_status + weather_status + webhook_listeners + " +for _i in $_apps; do + subpackages="$subpackages $pkgname-$_i:_package_app" +done + +# Directory for apps shipped with Nextcloud. +_appsdir="usr/share/webapps/$_pkgname/apps" + +package() { + local basedir="var/lib/$_pkgname" + local datadir="$basedir/data" + local wwwdir="usr/share/webapps/$_pkgname" + local confdir="etc/$_pkgname" + + mkdir -p "$pkgdir" + cd "$pkgdir" + + mkdir -p ./${wwwdir%/*} + cp -a "$builddir" ./$wwwdir + + chmod +x ./$wwwdir/occ + chmod 664 ./$wwwdir/.htaccess \ + ./$wwwdir/.user.ini + + # Let's not ship upstream's 'updatenotification' app and updater, which + # has zero chance of working and a big chance of blowing things up. + rm -r ./$wwwdir/apps/updatenotification \ + ./$wwwdir/lib/private/Updater/VersionCheck.php + + # Replace bundled CA bundle with ours. + ln -sf /etc/ssl/certs/ca-certificates.crt ./$wwwdir/resources/config/ca-bundle.crt + + install -d -m 770 -o nextcloud -g www-data \ + ./$confdir ./$datadir ./$basedir/apps + install -d -m 775 -o nextcloud -g www-data \ + ./var/log/$_pkgname + + # Create symlink from web root to site-apps, so web server can find + # assets w/o explicit configuration for this layout. + ln -s /$basedir/apps ./$wwwdir/apps-appstore + + mv ./$wwwdir/config/* ./$confdir/ + rm -r ./$wwwdir/config + ln -s /$confdir ./$wwwdir/config + + mkdir -p ./usr/share/doc/$pkgname + mv ./$wwwdir/core/doc ./usr/share/doc/$pkgname/core + + install -m 660 -o nextcloud -g www-data \ + "$srcdir"/$_pkgname-config.php ./$confdir/config.php + + install -m 644 -D "$srcdir"/$_pkgname.logrotate ./etc/logrotate.d/$_pkgname + + install -m 755 -D "$srcdir"/occ ./usr/bin/occ + + # Clean some unnecessary files. + find . -name .gitignore -delete \ + -o -name .bower.json -delete \ + -o -name 'README*' -delete \ + -o -name 'CHANGELOG*' -delete \ + -o -name 'CONTRIBUTING*' -delete + find . -name .github -type d -prune -exec rm -r {} \; +} + +doc() { + replaces="nextcloud$_replaced_ver-doc" + $is_latest && provides="$_pkgname-doc=$pkgver-r$pkgrel" + default_doc + + local target="$subpkgdir"/usr/share/webapps/$_pkgname/core/doc + mkdir -p "${target%/*}" + ln -s ../../../doc/$pkgname/core "$target" + install -m644 README.alpine "$subpkgdir"/usr/share/webapps/$_pkgname/README.alpine +} + +initscript() { + pkgdesc="Init script that runs Nextcloud with php-fpm" + depends="$pkgname $_php-fpm" + replaces="nextcloud$_replaced_ver-initscript" + $is_latest && provides="$_pkgname-initscript=$pkgver-r$pkgrel" + + local confdir="$subpkgdir/etc/$_php/php-fpm.d" + local fpm_name="php-fpm${_php#php}" + + install -m 644 -D "$srcdir"/fpm-pool.conf "$confdir"/$_pkgname.conf + install -m 644 -D "$srcdir"/$_pkgname.confd "$subpkgdir"/etc/conf.d/$_pkgname + install -m 755 -D "$srcdir"/$_pkgname.cron "$subpkgdir"/etc/periodic/15min/$_pkgname + + mkdir -p "$subpkgdir"/etc/init.d + ln -s $fpm_name "$subpkgdir"/etc/init.d/$_pkgname +} + +pgsql() { + pkgdesc="Nextcloud PostgreSQL support" + depends="$pkgname $_php-pgsql $_php-pdo_pgsql" + replaces="nextcloud$_replaced_ver-pgsql" + $is_latest && provides="$_pkgname-pgsql=$pkgver-r$pkgrel" + mkdir -p "$subpkgdir" +} + +sqlite() { + pkgdesc="Nextcloud SQLite support" + depends="$pkgname $_php-sqlite3 $_php-pdo_sqlite" + replaces="nextcloud$_replaced_ver-sqlite" + $is_latest && provides="$_pkgname-sqlite=$pkgver-r$pkgrel" + mkdir -p "$subpkgdir" +} + +mysql() { + pkgdesc="Nextcloud MySQL support" + depends="$pkgname $_php-pdo_mysql" + replaces="nextcloud$_replaced_ver-mysql" + $is_latest && provides="$_pkgname-mysql=$pkgver-r$pkgrel" + + mkdir -p "$subpkgdir" + install -m 644 -D "$srcdir"/$_pkgname-mysql.cnf "$subpkgdir"/etc/my.cnf.d/$_pkgname.cnf +} + +occ() { + pkgdesc="Nextcloud OCC cmd" + replaces="nextcloud$_replaced_ver-occ" + $is_latest && provides="$_pkgname-occ=$pkgver-r$pkgrel" + mkdir -p "$subpkgdir/usr/share/webapps/$_pkgname" + amove "usr/share/webapps/$_pkgname/occ" + amove "usr/bin/occ" +} + +_default_apps() { + pkgdesc="Nextcloud default apps" + depends="$pkgname" + replaces="nextcloud$_replaced_ver-default-apps" + $is_latest && provides="$_pkgname-default-apps=$pkgver-r$pkgrel" + + local path; for path in "$pkgdir"/"$_appsdir"/*; do + if grep -q '' "$path"/appinfo/info.xml; then + depends="$depends $pkgname-${path##*/}" + fi + done + + mkdir -p "$subpkgdir" +} + +_package_app() { + local appname="${subpkgname#"$pkgname"-}" + local appinfo="$pkgdir/$_appsdir/$appname/appinfo/info.xml" + + local name=$(xmlstarlet sel -t -v 'info/name/text()' "$appinfo") + pkgdesc="Nextcloud ${name:-$appname} app" + replaces="nextcloud$_replaced_ver-$appname" + $is_latest && provides="$_pkgname-$appname=$pkgver-r$pkgrel" + + local php_deps=$(xmlstarlet sel -t -v 'info/dependencies/lib/text()' "$appinfo" \ + | xargs -r -n1 printf "$_php-%s\n") + local app_deps="" + + case "$appname" in + files_sharing) app_deps="-federatedfilesharing" + ;; + serverinfo) app_deps="-files_sharing" + esac + + depends="$pkgname $php_deps ${app_deps//-/$pkgname-}" + + mkdir -p "$subpkgdir"/$_appsdir + mv "$pkgdir"/$_appsdir/$appname "$subpkgdir"/$_appsdir/ +} + +sha512sums=" +e9311423ba42c9f3d30b455fe47105f216262cc75dd7ea227fb939bfd10c3614b84e9aef1da6b3737fc0c0fe136d4ebe19107f8b97da5fd3910a47f7b2811eb1 nextcloud-31.0.0.tar.bz2 +aea0adb2c3a48ec6af2958c6ccfe13adff86316a56084e763b7e6df9e21aa3435b13305b7c15cc2b795e83c9388b05006862f6465c29e3dc2c1fbd8eb8befcb9 nextcloud-dont-chmod.patch +12f4a39aef0f81a0115c81bf2b345cc194537a7e8300748b800b0e35bc07928091296074b23c2019c17aced69854a11d1ed7225f67eefd27cf00c3969a75c5b0 dont-update-htaccess.patch +cb04252d01407c7030e87dd54616c621ea0f85ef0212674b1161288182538cae0fb31c67e7cc07c66f9607075774c64e386009cc66365b1f1b155f6ad4f83ac0 disable-integrity-check-as-default.patch +c0a9b7c31c8beaca711f8e97d98441007b3dca7fb3d316d2eacd28a73b5233def6f846c02d98202f75efb9cb248b8787a80e20b07c32d1c7534a0e54bb20feab use-external-docs-if-local-not-avail.patch +5925787e34c39ad217103b9ebe82654c612a97e70d4b2208c77f84847afb1bcccd929366a807fa76ff929a7ee7e8008eaa58fd950915ffcce8ef2ddf97ef9d1d 50813_check-if-storage-id-is-set-on-cache.patch +5f73cd9399fa484ef15bd47e803c93381deffbc7699eceadbb5c27e43b20156806d74e5021a64d28f0165ef87b519e962780651711a37bceb9f0b04455dfdce1 nextcloud-config.php +7388458a9e8b7afd3d3269718306410ffa59c3c23da4bef367a4d7f6d2570136fae9dd421b19c1441e7ffb15a5405e18bb5da67b1a15f9f45e8b98d3fda532ba nextcloud.logrotate +dcc57735d7d4af4a7ebbdd1186d301e51d2ae4675022aea6bf1111222dfa188a3a490ebd6e7c8a7ac30046cb7d93f81cec72a51acbc60d0c10b7fb64630c637a nextcloud.confd +06a62deae219d09df7acbf38ccb1dcac691dd882459ef70243b5583d7ed21d1ea81dbf0751b4e7199c0de9878755a3882e139d9ccc280bf2e90cbe33fb565487 nextcloud.cron +b9ad5434c384c96608f00d65c45f782e279c6756da8fb706f62ecaf7b7aa420077cb6989da5e85becc47418884ec0672e7db874174454ca679fdca84a50f537f nextcloud-mysql.cnf +78ef204ee7c12b228c0b7b04333514e561c1c8e19153f5507224fa4fdd112aaaa6331747014f3b72181298f52ecd4223bcff4bd963b49b49153265254b07e79b fpm-pool.conf +be54ad9308c8250ff3aef3514b10b228487fc2fbdefa1d28dbbb18a4770f7d9fda90e80c722de8e3c25ce752d124ff79314f16f783b1e5ad67df4e1fe6e880f9 occ +" diff --git a/ilot/nextcloud31/README.alpine b/ilot/nextcloud31/README.alpine new file mode 100644 index 0000000..229ab60 --- /dev/null +++ b/ilot/nextcloud31/README.alpine @@ -0,0 +1,5 @@ +## nextcloud-serverinfo package + +If you are using the provided nextcloud php-fpm configuration, +nextcloud-serverinfo package requires to enable 'shell_exec' function +in php configuration file 'nextcloud.conf'. diff --git a/ilot/nextcloud31/disable-integrity-check-as-default.patch b/ilot/nextcloud31/disable-integrity-check-as-default.patch new file mode 100644 index 0000000..f6a3a11 --- /dev/null +++ b/ilot/nextcloud31/disable-integrity-check-as-default.patch @@ -0,0 +1,23 @@ +We patch some files and Nextcloud's integrity check doesn't like it... +APK ensures integrity of all installed files, so this Nextcloud's integrity +check doesn't add any value. +--- + lib/private/IntegrityCheck/Checker.php | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php +index e8fd087e..cfbaeb7d 100644 +--- a/lib/private/IntegrityCheck/Checker.php ++++ b/lib/private/IntegrityCheck/Checker.php +@@ -91,7 +91,7 @@ class Checker { + * applicable for very specific scenarios and we should not advertise it + * too prominent. So please do not add it to config.sample.php. + */ +- return !($this->config?->getSystemValueBool('integrity.check.disabled', false) ?? false); ++ return !($this->config?->getSystemValueBool('integrity.check.disabled', true) ?? true); + } + + /** +-- +2.44.0 + diff --git a/ilot/nextcloud31/dont-update-htaccess.patch b/ilot/nextcloud31/dont-update-htaccess.patch new file mode 100644 index 0000000..87ec6a1 --- /dev/null +++ b/ilot/nextcloud31/dont-update-htaccess.patch @@ -0,0 +1,42 @@ +Don't mess with .htaccess files. + +Patch ported from https://src.fedoraproject.org/cgit/rpms/nextcloud.git/tree/nextcloud-9.1.0-dont_update_htacess.patch +--- + core/register_command.php | 1 - + lib/private/Updater.php | 8 -------- + 2 files changed, 9 deletions(-) + +diff --git a/core/register_command.php b/core/register_command.php +index 4a84e551..a5158dc4 100644 +--- a/core/register_command.php ++++ b/core/register_command.php +@@ -136,7 +136,6 @@ if ($config->getSystemValueBool('installed', false)) { + $application->add(Server::get(Command\Maintenance\Mimetype\UpdateDB::class)); + $application->add(Server::get(Command\Maintenance\Mimetype\UpdateJS::class)); + $application->add(Server::get(Command\Maintenance\Mode::class)); +- $application->add(Server::get(Command\Maintenance\UpdateHtaccess::class)); + $application->add(Server::get(Command\Maintenance\UpdateTheme::class)); + + $application->add(Server::get(Command\Upgrade::class)); +diff --git a/lib/private/Updater.php b/lib/private/Updater.php +index 09866273..59144308 100644 +--- a/lib/private/Updater.php ++++ b/lib/private/Updater.php +@@ -230,14 +230,6 @@ class Updater extends BasicEmitter { + throw new \Exception('Updates between multiple major versions and downgrades are unsupported.'); + } + +- // Update .htaccess files +- try { +- Setup::updateHtaccess(); +- Setup::protectDataDirectory(); +- } catch (\Exception $e) { +- throw new \Exception($e->getMessage()); +- } +- + // create empty file in data dir, so we can later find + // out that this is indeed an ownCloud data directory + // (in case it didn't exist before) +-- +2.44.0 + diff --git a/ilot/nextcloud31/fpm-pool.conf b/ilot/nextcloud31/fpm-pool.conf new file mode 100644 index 0000000..cae9acc --- /dev/null +++ b/ilot/nextcloud31/fpm-pool.conf @@ -0,0 +1,200 @@ +[global] +; Error log file +; Default Value: log/php-fpm.log +error_log = /var/log/nextcloud/php-fpm.log + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +log_level = warning + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +emergency_restart_threshold = 10 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +emergency_restart_interval = 1m + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +process_control_timeout = 10s + + +[nextcloud] +user = nextcloud +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses on a +; specific port; +; '/path/to/unix/socket' - to listen on a unix socket (the path is *not* +; relative to chroot!) +; Note: This value is mandatory. +listen = /run/nextcloud/fastcgi.sock + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0666 +listen.mode = 0660 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static ... a fixed number of child processes. +; dynamic ... the number of child processes are set dynamically. +; ondemand ... no children are created at startup; children will be forked +; when new requests will connect. +; Note: This value is mandatory. +pm = ondemand + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 10 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +pm.process_idle_timeout = 120s + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +pm.status_path = + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +ping.path = /ping + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +; Note: the path is *not* relative to chroot. +;slowlog = /var/log/nextcloud/php-fpm.slow.log + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. +; +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. +; +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr/lib/php7.x) + +; Allow HTTP file uploads. +php_admin_flag[file_uploads] = true + +; Maximal size of a file that can be uploaded via web interface. +php_admin_value[memory_limit] = 512M +php_admin_value[post_max_size] = 513M +php_admin_value[upload_max_filesize] = 513M + +; Where to store temporary files. +php_admin_value[session.save_path] = /var/tmp/nextcloud +php_admin_value[sys_temp_dir] = /var/tmp/nextcloud +php_admin_value[upload_tmp_dir] = /var/tmp/nextcloud + +; Log errors to specified file. +php_admin_flag[log_errors] = on +php_admin_value[error_log] = /var/log/nextcloud/php.error.log + +; OPcache error_log file name. Empty string assumes "stderr" +php_admin_value[opcache.error_log] = /var/log/nextcloud/php.error.log + +; Output buffering is a mechanism for controlling how much output data +; (excluding headers and cookies) PHP should keep internally before pushing that +; data to the client. If your application's output exceeds this setting, PHP +; will send that data in chunks of roughly the size you specify. +; This must be disabled for ownCloud. +php_admin_flag[output_buffering] = false + +; Overload(replace) single byte functions by mbstring functions. +; This must be disabled for ownCloud. +php_admin_flag[mbstring.func_overload] = false + +; Never populate the $HTTP_RAW_POST_DATA variable. +; http://php.net/always-populate-raw-post-data +php_admin_value[always_populate_raw_post_data] = -1 + +; Disable certain functions for security reasons. +; http://php.net/disable-functions +php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,curl_multi_exec,show_source + +; Set recommended settings for OpCache. +; https://docs.nextcloud.com/server/13/admin_manual/configuration_server/server_tuning.html#enable-php-opcache +php_admin_flag[opcache.enable] = true +php_admin_flag[opcache.enable_cli] = true +php_admin_flag[opcache.save_comments] = true +php_admin_value[opcache.interned_strings_buffer] = 8 +php_admin_value[opcache.max_accelerated_files] = 10000 +php_admin_value[opcache.memory_consumption] = 128 +php_admin_value[opcache.revalidate_freq] = 1 diff --git a/ilot/nextcloud31/nextcloud-config.php b/ilot/nextcloud31/nextcloud-config.php new file mode 100644 index 0000000..035fb79 --- /dev/null +++ b/ilot/nextcloud31/nextcloud-config.php @@ -0,0 +1,37 @@ + '/var/lib/nextcloud/data', + 'logfile' => '/var/log/nextcloud/nextcloud.log', + 'apps_paths' => array ( + // Read-only location for apps shipped with Nextcloud and installed by apk. + 0 => array ( + 'path' => '/usr/share/webapps/nextcloud/apps', + 'url' => '/apps', + 'writable' => false, + ), + // Writable location for apps installed from AppStore. + 1 => array ( + 'path' => '/var/lib/nextcloud/apps', + 'url' => '/apps-appstore', + 'writable' => true, + ), + ), + 'updatechecker' => false, + 'check_for_working_htaccess' => false, + + // Uncomment to enable Zend OPcache. + //'memcache.local' => '\OC\Memcache\APCu', + + // Uncomment this and add user nextcloud to the redis group to enable Redis + // cache for file locking. This is highly recommended, see + // https://github.com/nextcloud/server/issues/9305. + //'memcache.locking' => '\OC\Memcache\Redis', + //'redis' => array( + // 'host' => '/run/redis/redis.sock', + // 'port' => 0, + // 'dbindex' => 0, + // 'timeout' => 1.5, + //), + + 'installed' => false, +); diff --git a/ilot/nextcloud31/nextcloud-dont-chmod.patch b/ilot/nextcloud31/nextcloud-dont-chmod.patch new file mode 100644 index 0000000..2145508 --- /dev/null +++ b/ilot/nextcloud31/nextcloud-dont-chmod.patch @@ -0,0 +1,58 @@ +commit d8f09abd65e5fd620b8b0d720daee293c355660c +Author: Leonardo Arena +Date: Mon Aug 31 06:59:15 2020 +0000 + + Don't chmod. The package takes care of setting the right permissions for directories and files + +diff --git a/lib/private/Config.php b/lib/private/Config.php +index cbdbc5b2..1118981b 100644 +--- a/lib/private/Config.php ++++ b/lib/private/Config.php +@@ -242,9 +242,6 @@ class Config { + touch($this->configFilePath); + $filePointer = fopen($this->configFilePath, 'r+'); + +- // Prevent others not to read the config +- chmod($this->configFilePath, 0640); +- + // File does not exist, this can happen when doing a fresh install + if (!is_resource($filePointer)) { + throw new HintException( +diff --git a/lib/private/Log/File.php b/lib/private/Log/File.php +index 9e9abb11..7db25286 100644 +--- a/lib/private/Log/File.php ++++ b/lib/private/Log/File.php +@@ -82,9 +82,6 @@ class File extends LogDetails implements IWriter, IFileBased { + public function write(string $app, $message, int $level) { + $entry = $this->logDetailsAsJSON($app, $message, $level); + $handle = @fopen($this->logFile, 'a'); +- if ($this->logFileMode > 0 && is_file($this->logFile) && (fileperms($this->logFile) & 0777) != $this->logFileMode) { +- @chmod($this->logFile, $this->logFileMode); +- } + if ($handle) { + fwrite($handle, $entry."\n"); + fclose($handle); +diff --git a/lib/private/TempManager.php b/lib/private/TempManager.php +index 49d4ee94..b0943843 100644 +--- a/lib/private/TempManager.php ++++ b/lib/private/TempManager.php +@@ -96,7 +96,6 @@ class TempManager implements ITempManager { + if ($postFix !== '') { + $fileNameWithPostfix = $this->buildFileNameWithSuffix($file, $postFix); + touch($fileNameWithPostfix); +- chmod($fileNameWithPostfix, 0600); + $this->current[] = $fileNameWithPostfix; + return $fileNameWithPostfix; + } +diff --git a/lib/private/legacy/OC_Util.php b/lib/private/legacy/OC_Util.php +index 71f6edba..216abdf8 100644 +--- a/lib/private/legacy/OC_Util.php ++++ b/lib/private/legacy/OC_Util.php +@@ -1004,7 +1004,6 @@ class OC_Util { + . ' cannot be listed by other users.'); + $perms = substr(decoct(@fileperms($dataDirectory)), -3); + if (substr($perms, -1) !== '0') { +- chmod($dataDirectory, 0770); + clearstatcache(); + $perms = substr(decoct(@fileperms($dataDirectory)), -3); + if ($perms[2] !== '0') { diff --git a/ilot/nextcloud31/nextcloud-mysql.cnf b/ilot/nextcloud31/nextcloud-mysql.cnf new file mode 100644 index 0000000..ff90630 --- /dev/null +++ b/ilot/nextcloud31/nextcloud-mysql.cnf @@ -0,0 +1,3 @@ +[server] +# See https://github.com/nextcloud/server/issues/25436 +innodb_read_only_compressed=off diff --git a/ilot/nextcloud31/nextcloud.confd b/ilot/nextcloud31/nextcloud.confd new file mode 100644 index 0000000..b24f26d --- /dev/null +++ b/ilot/nextcloud31/nextcloud.confd @@ -0,0 +1,8 @@ +# Config file for /etc/init.d/nextcloud + +name="Nextcloud" +user="nextcloud" +group="www-data" + +# Uncomment if you use Nextcloud with Redis for caching. +#rc_need="redis" diff --git a/ilot/nextcloud31/nextcloud.cron b/ilot/nextcloud31/nextcloud.cron new file mode 100644 index 0000000..398cb11 --- /dev/null +++ b/ilot/nextcloud31/nextcloud.cron @@ -0,0 +1,6 @@ +#!/bin/sh + +# Run only when nextcloud service is started. +if rc-service nextcloud -q status >/dev/null 2>&1; then + su nextcloud -s /bin/sh -c 'php83 -f /usr/share/webapps/nextcloud/cron.php' +fi diff --git a/ilot/nextcloud31/nextcloud.logrotate b/ilot/nextcloud31/nextcloud.logrotate new file mode 100644 index 0000000..19e17fd --- /dev/null +++ b/ilot/nextcloud31/nextcloud.logrotate @@ -0,0 +1,6 @@ +/var/log/nextcloud/*.log { + daily + compress + copytruncate + su nextcloud www-data +} diff --git a/ilot/nextcloud31/nextcloud31-initscript.post-install b/ilot/nextcloud31/nextcloud31-initscript.post-install new file mode 100644 index 0000000..48f1351 --- /dev/null +++ b/ilot/nextcloud31/nextcloud31-initscript.post-install @@ -0,0 +1,28 @@ +#!/bin/sh + +# It's not needed to be writable for www-data group when running with php-fpm. +for dir in /etc/nextcloud \ + /etc/nextcloud/config.php \ + /var/lib/nextcloud/data \ + /var/lib/nextcloud/apps +do + chmod g-w $dir +done +chgrp root /etc/nextcloud/config.php + +# This must be writable (only) by nextcloud user. +chmod 750 /var/log/nextcloud + +mkdir /var/tmp/nextcloud # If /var/tmp doesn't exist there's a big problem +chown nextcloud /var/tmp/nextcloud +chmod 700 /var/tmp/nextcloud + +cat <&2 +echo ' please do the following:' >&2 +echo +echo ' * Run "apk upgrade -a" a second time to complete the upgrade of all' >&2 +echo ' nextcloud packages' >&2 +echo ' * Run "occ upgrade" to finish upgrading your Nextcloud instance' >&2 +echo ' * NOTE: since v29.0.4-r1 "occ" command is now in package "nextcloudNN-occ"' >&2 +echo diff --git a/ilot/nextcloud31/nextcloud31.post-upgrade b/ilot/nextcloud31/nextcloud31.post-upgrade new file mode 100644 index 0000000..be7e267 --- /dev/null +++ b/ilot/nextcloud31/nextcloud31.post-upgrade @@ -0,0 +1,47 @@ +#!/bin/sh + +ver_new="$1" +ver_old="$2" + +if [ $(apk version -t "$ver_old" '12.0.0-r2') = '<' ]; then + cat >&2 <<-EOF + * + * All Nextcloud's bundled apps (except "files" and "dav") have been moved to + * separate subpackages (e.g. nextcloud-activity). If you want to install + * all apps that are enabled by default at once, run: + * + * apk add nextcloud-default-apps + * + EOF + + if [ "$(ls -A /var/lib/nextcloud/apps)" ]; then + cat >&2 <<-EOF + * + * Nextcloud's bundled apps have been moved from /var/lib/nextcloud/apps + * to /usr/share/webapps/nextcloud/apps. Only apps installed from App Store + * should be stored in /var/lib/nextcloud/apps. + * + * It seems that you have installed some apps from App Store, so you have to + * add /var/lib/nextcloud/apps to your apps_paths. Copy "apps_paths" key + * from /etc/nextcloud/config.php.apk-new to your config.php. + * + EOF + fi +fi + +if [ $(apk version -t "$ver_old" '15.0.2-r0') = '<' ]; then + cat >&2 <<-EOF + * + * App "user_external" is no longer available via release channel. + * You need to uninstall the package and install it via appstore: + * + * apk del nextcloud-user_external + * + EOF + +fi + +if [ "${ver_new%-r*}" != "${ver_old%-r*}" ]; then + echo ' * Run "occ upgrade" to finish upgrading your NextCloud instance!' >&2 + echo ' * NOTE: since v29.0.4-r1 "occ" command is now in package "nextcloudNN-occ"' >&2 +fi diff --git a/ilot/nextcloud31/nextcloud31.pre-install b/ilot/nextcloud31/nextcloud31.pre-install new file mode 100644 index 0000000..e9cf539 --- /dev/null +++ b/ilot/nextcloud31/nextcloud31.pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup -S -g 82 www-data 2>/dev/null +adduser -S -D -H -h /var/lib/nextcloud -s /sbin/nologin -G www-data -g Nextcloud nextcloud 2>/dev/null + +exit 0 diff --git a/ilot/nextcloud31/nextcloud31.pre-upgrade b/ilot/nextcloud31/nextcloud31.pre-upgrade new file mode 100644 index 0000000..f444e78 --- /dev/null +++ b/ilot/nextcloud31/nextcloud31.pre-upgrade @@ -0,0 +1,10 @@ +#!/bin/sh + +ver_old="$2" +apps_link='/usr/share/webapps/nextcloud/apps' + +# Remove apps symlink before replacing files to avoid losing installed apps. +# This is a workaround for some issue in apk. +if [ $(apk version -t "$ver_old" '12.0.0-r2') = '<' ] && [ -L "$apps_link" ]; then + rm "$apps_link" +fi diff --git a/ilot/nextcloud31/occ b/ilot/nextcloud31/occ new file mode 100644 index 0000000..57b8ef3 --- /dev/null +++ b/ilot/nextcloud31/occ @@ -0,0 +1,10 @@ +#!/bin/sh + +NEXTCLOUD_DIR='/usr/share/webapps/nextcloud' +: ${NEXTCLOUD_USER:="nextcloud"} + +if [ "$(id -un)" != "$NEXTCLOUD_USER" ]; then + exec su -s /bin/sh "$NEXTCLOUD_USER" -c '$0 "$@"' -- php83 $NEXTCLOUD_DIR/occ "$@" +else + exec php83 $NEXTCLOUD_DIR/occ "$@" +fi diff --git a/ilot/nextcloud31/use-external-docs-if-local-not-avail.patch b/ilot/nextcloud31/use-external-docs-if-local-not-avail.patch new file mode 100644 index 0000000..42af94b --- /dev/null +++ b/ilot/nextcloud31/use-external-docs-if-local-not-avail.patch @@ -0,0 +1,36 @@ +From f17c14956c51206ad82acc5d9b66fd752f0e3c03 Mon Sep 17 00:00:00 2001 +From: Jakub Jirutka +Date: Tue, 19 Dec 2023 07:53:40 +0000 +Subject: [PATCH] use external docs if local not available + +--- + apps/settings/templates/help.php | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/apps/settings/templates/help.php b/apps/settings/templates/help.php +index 649178c1..29b5ac4c 100644 +--- a/apps/settings/templates/help.php ++++ b/apps/settings/templates/help.php +@@ -48,8 +48,19 @@ + + +
++ + ++ ++
++

Local documentation is not installed

++

Please use ++ ++ t('online documentation')); ?> ↗ ++ ++

++
++ +
+ +
+-- +2.42.0 + diff --git a/ilot/py3-kadmin-rs/APKBUILD b/ilot/py3-kadmin-rs/APKBUILD deleted file mode 100644 index fae9ad1..0000000 --- a/ilot/py3-kadmin-rs/APKBUILD +++ /dev/null @@ -1,56 +0,0 @@ -# Contributor: Antoine Martin (ayakael) -# Maintainer: Antoine Martin (ayakael) -pkgname=py3-kadmin-rs -pkgver=0.5.3 -pkgrel=0 -pkgdesc="Rust and Python interfaces to the Kerberos administration interface (kadm5)" -url="https://github.com/authentik-community/kadmin-rs" -arch="all" -license="MIT" -checkdepends="py3-pytest py3-k5test" -makedepends=" - cargo - cargo-auditable - clang-libclang - py3-setuptools - py3-setuptools-rust - py3-gpep517 - py3-wheel - poetry - python3-dev - sccache - " -source="$pkgname-$pkgver.tar.gz::https://github.com/authentik-community/kadmin-rs/archive/refs/tags/kadmin/version/$pkgver.tar.gz" -builddir="$srcdir"/kadmin-rs-kadmin-version-$pkgver -subpackages="$pkgname-pyc" - -prepare() { - default_prepare - - cargo fetch --target="$CTARGET" --locked -} - - -build() { - cargo auditable build --release --locked - gpep517 build-wheel \ - --wheel-dir .dist \ - --output-fd 3 3>&1 >&2 -} - -check() { - cargo test --locked - - python3 -m venv --clear --without-pip --system-site-packages .testenv - .testenv/bin/python3 -m installer .dist/*.whl - .testenv/bin/python3 -m unittest python/tests/test_*.py -} - -package() { - python3 -m installer -d "$pkgdir" \ - .dist/*.whl -} - -sha512sums=" -61d3ddfe619827cef83af944b2281f2cf6966d95c3d4a5883b82169bf1f34e6b7173cfa086198e3e0f9a227590a497dcb1c9b209cd4d0c6d361fdfce9b98eec0 py3-kadmin-rs-0.5.3.tar.gz -" diff --git a/ilot/py3-kadmin/APKBUILD b/ilot/py3-kadmin/APKBUILD new file mode 100644 index 0000000..894a945 --- /dev/null +++ b/ilot/py3-kadmin/APKBUILD @@ -0,0 +1,40 @@ +# Contributor: Antoine Martin (ayakael) +# Maintainer: Antoine Martin (ayakael) +pkgname=py3-kadmin +#_pkgreal is used by apkbuild-pypi to find modules at PyPI +_pkgreal=kadmin +pkgver=0.2.0 +pkgrel=0 +pkgdesc="Python module for kerberos admin (kadm5)" +url="https://github.com/authentik-community/python-kadmin" +arch="all" +license="MIT" +checkdepends="py3-pytest py3-k5test" +makedepends="py3-setuptools py3-gpep517 py3-wheel poetry python3-dev" +source=" + $pkgname-$pkgver.tar.gz::https://github.com/authentik-community/python-kadmin/archive/refs/tags/v$pkgver.tar.gz + fix-int-conversion-error.patch" +builddir="$srcdir"/python-kadmin-$pkgver +subpackages="$pkgname-pyc" + +build() { + gpep517 build-wheel \ + --wheel-dir .dist \ + --output-fd 3 3>&1 >&2 +} + +check() { + python3 -m venv --clear --without-pip --system-site-packages .testenv + .testenv/bin/python3 -m installer .dist/*.whl + .testenv/bin/python3 test/tests.py +} + +package() { + python3 -m installer -d "$pkgdir" \ + .dist/*.whl +} + +sha512sums=" +b405e914cb296f2bfe4f78d2791329804a0db02816182517b59ed1452a21d51dafe303609fddafbbeea57128bba4bcdfcd9b363f193ae0402cc52cf1b3b9020e py3-kadmin-0.2.0.tar.gz +e17223f8597d51ea099f5d4483dd72545b7d64ad76895553a6b7112416536aae93a59a2fd7aea044420495ab8146db7290abd826b268b2d6e518442c3c85c506 fix-int-conversion-error.patch +" diff --git a/ilot/py3-kadmin/fix-int-conversion-error.patch b/ilot/py3-kadmin/fix-int-conversion-error.patch new file mode 100644 index 0000000..445b76b --- /dev/null +++ b/ilot/py3-kadmin/fix-int-conversion-error.patch @@ -0,0 +1,13 @@ +diff --git a/src/PyKAdminPolicyObject.c.orig b/src/PyKAdminPolicyObject.c +index 0bf3ee8..68387c4 100644 +--- a/src/PyKAdminPolicyObject.c.orig ++++ b/src/PyKAdminPolicyObject.c +@@ -120,7 +120,7 @@ PyTypeObject PyKAdminPolicyObject_Type = { + sizeof(PyKAdminPolicyObject), /*tp_basicsize*/ + 0, /*tp_itemsize*/ + (destructor)PyKAdminPolicyObject_dealloc, /*tp_dealloc*/ +- KAdminPolicyObject_print, /*tp_print*/ ++ 0, /*tp_print*/ + 0, /*tp_getattr*/ + 0, /*tp_setattr*/ + 0, /*tp_compare*/ diff --git a/ilot/wikijs/APKBUILD b/ilot/wikijs/APKBUILD index bdf9fc2..a95329d 100644 --- a/ilot/wikijs/APKBUILD +++ b/ilot/wikijs/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Antoine Martin (ayakael) # Contributor: Antoine Martin (ayakael) pkgname=wikijs -pkgver=2.5.307 +pkgver=2.5.306 pkgrel=0 pkgdesc="Wiki.js | A modern, lightweight and powerful wiki app built on Node.js" license="AGPL-3.0" @@ -56,7 +56,7 @@ package() { chown 5494:5494 "$pkgdir"/var/lib/wikijs } sha512sums=" -8bf22ae87a9e3b8dd6f7114d0cf59913ad2cb05a2ed0e9bb7ac302b546d71f34a14de64cbe6e0f8b887d5df65e9d2b065ca18fe4493d3939895b8fa7076dd567 wikijs-2.5.307.tar.gz +f4ffa4d83dfeb118d410ec1363bdb593ba2ecf5736abffe8cf4bf9507f2452c59a090e69d9a69d4f240f1d22f5627d6c578537ea7d990d7bcd6eceece42a327c wikijs-2.5.306.tar.gz 355131ee5617348b82681cb8543c784eea59689990a268ecd3b77d44fe9abcca9c86fb8b047f0a8faeba079c650faa7790c5dd65418d313cd7561f38bb590c03 wikijs.initd 07b536c20e370d2a926038165f0e953283259c213a80a8648419565f5359ab05f528ac310e81606914013da212270df6feddb22e514cbcb2464c8274c956e4af config.sample.yml.patch "