From 5174969f74f80d35459a281420da7401dd7404b5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 25 Aug 2024 09:15:05 -0400 Subject: [PATCH 1/6] ilot/codeberg-pages-server: new aport --- ilot/codeberg-pages-server/APKBUILD | 45 +++++++++++++++++++ .../codeberg-pages-server.openrc | 30 +++++++++++++ .../codeberg-pages-server.post-install | 39 ++++++++++++++++ .../codeberg-pages-server.post-upgrade | 1 + .../codeberg-pages-server.pre-install | 26 +++++++++++ .../upgrade-go-sqlite3-to-1.14.19.patch | 26 +++++++++++ 6 files changed, 167 insertions(+) create mode 100644 ilot/codeberg-pages-server/APKBUILD create mode 100644 ilot/codeberg-pages-server/codeberg-pages-server.openrc create mode 100755 ilot/codeberg-pages-server/codeberg-pages-server.post-install create mode 120000 ilot/codeberg-pages-server/codeberg-pages-server.post-upgrade create mode 100644 ilot/codeberg-pages-server/codeberg-pages-server.pre-install create mode 100644 ilot/codeberg-pages-server/upgrade-go-sqlite3-to-1.14.19.patch diff --git a/ilot/codeberg-pages-server/APKBUILD b/ilot/codeberg-pages-server/APKBUILD new file mode 100644 index 0000000..5eab680 --- /dev/null +++ b/ilot/codeberg-pages-server/APKBUILD @@ -0,0 +1,45 @@ +# Contributor: Antoine Martin (ayakael) +# Maintainer: Antoine Martin (ayakael) +pkgname=codeberg-pages-server +pkgver=5.1 +pkgrel=0 +pkgdesc="The Codeberg Pages Server – with custom domain support, per-repo pages using the "pages" branch, caching and more." +url="https://codeberg.org/Codeberg/pages-server" +arch="all" +license="EUPL-1.2" +depends="nginx" +makedepends="go just" +# tests disabled for now +options="!check" +install="$pkgname.post-install $pkgname.post-upgrade $pkgname.pre-install" +source=" + $pkgname-$pkgver.tar.gz::https://codeberg.org/Codeberg/pages-server/archive/v$pkgver.tar.gz + codeberg-pages-server.openrc + upgrade-go-sqlite3-to-1.14.19.patch + " +builddir="$srcdir/"pages-server +subpackages="$pkgname-openrc" +pkgusers="git" +pkggroups="www-data" + +export GOPATH=$srcdir/go +export GOCACHE=$srcdir/go-build +export GOTMPDIR=$srcdir + +build() { + just build +} + +package() { + msg "Packaging $pkgname" + install -Dm755 "$builddir"/build/codeberg-pages-server "$pkgdir"/usr/bin/codeberg-pages-server + + install -Dm755 "$srcdir"/$pkgname.openrc \ + "$pkgdir"/etc/init.d/$pkgname +} + +sha512sums=" +55a1dd5ed0f1cb2aaad1066eca8bfbd1d537169ed3712c748163ebff64edc45d05ac1f6f062433e232e2638a790232438282f96dd7410eb4cbaff7208f5f2427 codeberg-pages-server-5.1.tar.gz +4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1 codeberg-pages-server.openrc +895f1c8d22fcf1d5491a6fe0ce5d93201f83b6dd5fc81b24016b609988fb6c66fdde75bb3830f385a5c83d96366ca3a5f4f9524f52058b6c5dfd8b80d14bac5b upgrade-go-sqlite3-to-1.14.19.patch +" diff --git a/ilot/codeberg-pages-server/codeberg-pages-server.openrc b/ilot/codeberg-pages-server/codeberg-pages-server.openrc new file mode 100644 index 0000000..a036393 --- /dev/null +++ b/ilot/codeberg-pages-server/codeberg-pages-server.openrc @@ -0,0 +1,30 @@ +#!/sbin/openrc-run + +name="$RC_SVCNAME" +cfgfile="/etc/conf.d/$RC_SVCNAME.conf" +pidfile="/run/$RC_SVCNAME.pid" +working_directory="/usr/share/webapps/authentik" +command="/usr/share/webapps/authentik/server" +command_user="authentik" +command_group="authentik" +start_stop_daemon_args="" +command_background="yes" +output_log="/var/log/authentik/$RC_SVCNAME.log" +error_log="/var/log/authentik/$RC_SVCNAME.err" + +depend() { + need redis + need postgresql +} + +start_pre() { + cd "$working_directory" + checkpath --directory --owner $command_user:$command_group --mode 0775 \ + /var/log/authentik \ + /var/lib/authentik/certs +} + +stop_pre() { + ebegin "Killing child processes" + kill $(ps -o pid= --ppid $(cat $pidfile)) || true +} diff --git a/ilot/codeberg-pages-server/codeberg-pages-server.post-install b/ilot/codeberg-pages-server/codeberg-pages-server.post-install new file mode 100755 index 0000000..a715d20 --- /dev/null +++ b/ilot/codeberg-pages-server/codeberg-pages-server.post-install @@ -0,0 +1,39 @@ +#!/bin/sh +set -eu + +group=authentik +config_file='/etc/authentik/config.yml' + +setcap 'cap_net_bind_service=+ep' /usr/share/webapps/authentik/server + +if [ $(grep '@@SECRET_KEY@@' "$config_file") ]; then + echo "* Generating random secret in $config_file" >&2 + + secret_key="$(pwgen -s 50 1)" + sed -i "s|@@SECRET_KEY@@|$secret_key|" "$config_file" + chown root:$group "$config_file" +fi + +if [ "${0##*.}" = 'post-upgrade' ]; then + cat >&2 <<-EOF + * + * To finish Authentik upgrade run: + * + * authentik-manage migrate + * + EOF +else + cat >&2 <<-EOF + * + * 1. Adjust settings in /etc/authentik/config.yml. + * + * 2. Create database for Authentik: + * + * psql -c "CREATE ROLE authentik PASSWORD 'top-secret' INHERIT LOGIN;" + * psql -c "CREATE DATABASE authentik OWNER authentik ENCODING 'UTF-8';" + * + * 3. Run "authentik-manage migrate" + * 4. Setup admin user at https:///if/flow/initial-setup/ + * + EOF +fi diff --git a/ilot/codeberg-pages-server/codeberg-pages-server.post-upgrade b/ilot/codeberg-pages-server/codeberg-pages-server.post-upgrade new file mode 120000 index 0000000..d7ffea2 --- /dev/null +++ b/ilot/codeberg-pages-server/codeberg-pages-server.post-upgrade @@ -0,0 +1 @@ +codeberg-pages-server.post-install \ No newline at end of file diff --git a/ilot/codeberg-pages-server/codeberg-pages-server.pre-install b/ilot/codeberg-pages-server/codeberg-pages-server.pre-install new file mode 100644 index 0000000..792f304 --- /dev/null +++ b/ilot/codeberg-pages-server/codeberg-pages-server.pre-install @@ -0,0 +1,26 @@ +#!/bin/sh +# It's very important to set user/group correctly. + +authentik_dir='/var/lib/authentik' + +if ! getent group authentik 1>/dev/null; then + echo '* Creating group authentik' 1>&2 + + addgroup -S authentik +fi + +if ! id authentik 2>/dev/null 1>&2; then + echo '* Creating user authentik' 1>&2 + + adduser -DHS -G authentik -h "$authentik_dir" -s /bin/sh \ + -g "added by apk for authentik" authentik + passwd -u authentik 1>/dev/null # unlock +fi + +if ! id -Gn authentik | grep -Fq redis; then + echo '* Adding user authentik to group redis' 1>&2 + + addgroup authentik redis +fi + +exit 0 diff --git a/ilot/codeberg-pages-server/upgrade-go-sqlite3-to-1.14.19.patch b/ilot/codeberg-pages-server/upgrade-go-sqlite3-to-1.14.19.patch new file mode 100644 index 0000000..fabb214 --- /dev/null +++ b/ilot/codeberg-pages-server/upgrade-go-sqlite3-to-1.14.19.patch @@ -0,0 +1,26 @@ +diff --git a/go.mod.orig b/go.mod +index eba292e..00310e5 100644 +--- a/go.mod.orig ++++ b/go.mod +@@ -11,7 +11,7 @@ require ( + github.com/go-sql-driver/mysql v1.6.0 + github.com/joho/godotenv v1.4.0 + github.com/lib/pq v1.10.7 +- github.com/mattn/go-sqlite3 v1.14.16 ++ github.com/mattn/go-sqlite3 v1.14.19 + github.com/microcosm-cc/bluemonday v1.0.26 + github.com/reugn/equalizer v0.0.0-20210216135016-a959c509d7ad + github.com/rs/zerolog v1.27.0 +diff --git a/go.sum.orig b/go.sum +index 7ea8b78..19145ea 100644 +--- a/go.sum.orig ++++ b/go.sum +@@ -479,6 +479,8 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m + github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= + github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y= + github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= ++github.com/mattn/go-sqlite3 v1.14.19 h1:fhGleo2h1p8tVChob4I9HpmVFIAkKGpiukdrgQbWfGI= ++github.com/mattn/go-sqlite3 v1.14.19/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= + github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4fJH25nqRHfWLMa1ONC8Amw+mIA639KxkE= + github.com/mattn/go-tty v0.0.3/go.mod h1:ihxohKRERHTVzN+aSVRwACLCeqIoZAWpoICkkvrWyR0= + github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= From d985367f7b1b8dbc00a1105770a5294ecb2063f7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 25 Aug 2024 09:38:13 -0400 Subject: [PATCH 2/6] ilot/authentik: upgrade to 2024.4.4 --- ilot/authentik/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ilot/authentik/APKBUILD b/ilot/authentik/APKBUILD index 72e65ad..615f078 100644 --- a/ilot/authentik/APKBUILD +++ b/ilot/authentik/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=authentik -pkgver=2024.4.3 -pkgrel=2 +pkgver=2024.4.4 +pkgrel=0 pkgdesc="An open-source Identity Provider focused on flexibility and versatility" url="https://github.com/goauthentik/authentik" # s390x: missing py3-celery py3-flower and py3-kombu @@ -247,7 +247,7 @@ package() { } sha512sums=" -121ed925d81a5cb2a14fed8ec8b324352e40b1fcbba83573bfdc1d1f66a91d9670cd64d7ef752c8a2df6c34fc3e19e8aec5c6752d33e87b487a462a590212ab0 authentik-2024.4.3.tar.gz +22c8ff16b93b9fcb84478b6476dd4f6413719037affc7756f20ba1dc3afff1fbaae2f1fc89d7b3a9c4372fcc856009d8a4ef5eb7854855e4528523fb456a2491 authentik-2024.4.4.tar.gz 4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1 authentik.openrc 6cb03b9b69df39bb4539fe05c966536314d766b2e9307a92d87070ba5f5b7e7ab70f1b5ee1ab3c0c50c23454f9c5a4caec29e63fdf411bbb7a124ad687569b89 authentik-worker.openrc 351e6920d987861f8bf0d7ab2f942db716a8dbdad1f690ac662a6ef29ac0fd46cf817cf557de08f1c024703503d36bc8b46f0d9eb1ecaeb399dce4c3bb527d17 authentik-ldap.openrc From 61ef8d893c037eed10d90d5673c532dcec48632c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 25 Aug 2024 09:42:24 -0400 Subject: [PATCH 3/6] ilot/py3-django-rest-framework: bump --- ilot/py3-django-rest-framework/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ilot/py3-django-rest-framework/APKBUILD b/ilot/py3-django-rest-framework/APKBUILD index 82a1497..69f9f63 100644 --- a/ilot/py3-django-rest-framework/APKBUILD +++ b/ilot/py3-django-rest-framework/APKBUILD @@ -4,7 +4,7 @@ pkgname=py3-django-rest-framework _pkgname=django-rest-framework pkgver=3.14.0 -pkgrel=1 +pkgrel=2 pkgdesc="Web APIs for Django" url="https://github.com/encode/django-rest-framework" arch="noarch" From c9dc783fcb66c849355021bab69eb5fc5c907086 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 25 Aug 2024 09:11:54 -0400 Subject: [PATCH 4/6] backports/forgejo-runner: new aport --- backports/forgejo-runner/APKBUILD | 47 +++++++++++++++++++ backports/forgejo-runner/forgejo-runner.confd | 17 +++++++ backports/forgejo-runner/forgejo-runner.initd | 38 +++++++++++++++ .../forgejo-runner/forgejo-runner.logrotate | 5 ++ .../forgejo-runner/forgejo-runner.pre-install | 14 ++++++ .../forgejo-runner/forgejo-runner.pre-upgrade | 1 + 6 files changed, 122 insertions(+) create mode 100644 backports/forgejo-runner/APKBUILD create mode 100644 backports/forgejo-runner/forgejo-runner.confd create mode 100644 backports/forgejo-runner/forgejo-runner.initd create mode 100644 backports/forgejo-runner/forgejo-runner.logrotate create mode 100644 backports/forgejo-runner/forgejo-runner.pre-install create mode 120000 backports/forgejo-runner/forgejo-runner.pre-upgrade diff --git a/backports/forgejo-runner/APKBUILD b/backports/forgejo-runner/APKBUILD new file mode 100644 index 0000000..1005964 --- /dev/null +++ b/backports/forgejo-runner/APKBUILD @@ -0,0 +1,47 @@ +# Contributor: Patrycja Rosa +# Maintainer: Patrycja Rosa +pkgname=forgejo-runner +pkgver=3.5.0 +pkgrel=2 +pkgdesc="CI/CD job runner for Forgejo" +url="https://code.forgejo.org/forgejo/runner" +arch="all" +license="MIT" +makedepends="go" +install="$pkgname.pre-install $pkgname.pre-upgrade" +subpackages="$pkgname-openrc" +source="$pkgname-$pkgver.tar.gz::https://code.forgejo.org/forgejo/runner/archive/v$pkgver.tar.gz + + forgejo-runner.logrotate + forgejo-runner.initd + forgejo-runner.confd + " +builddir="$srcdir/runner" +options="!check" # tests require running forgejo + +build() { + go build \ + -o forgejo-runner \ + -ldflags "-X gitea.com/gitea/act_runner/internal/pkg/ver.version=$pkgver" + ./forgejo-runner generate-config > config.example.yaml +} + +check() { + go test ./... +} + +package() { + install -Dm755 forgejo-runner -t "$pkgdir"/usr/bin/ + install -Dm644 config.example.yaml -t "$pkgdir"/etc/forgejo-runner/ + + install -Dm755 "$srcdir"/forgejo-runner.initd "$pkgdir"/etc/init.d/forgejo-runner + install -Dm644 "$srcdir"/forgejo-runner.confd "$pkgdir"/etc/conf.d/forgejo-runner + install -Dm644 "$srcdir"/forgejo-runner.logrotate "$pkgdir"/etc/logrotate.d/forgejo-runner +} + +sha512sums=" +e78968a5f9b6e797fb759a5c8cbf46a5c2fef2083dabc88599c9017729faface963576c63a948b0add424cb267902e864fb1a1b619202660296976d93e670713 forgejo-runner-3.5.0.tar.gz +a3c7238b0c63053325d31e09277edd88690ef5260854517f82d9042d6173fb5d24ebfe36e1d7363673dd8801972638a6e69b6af8ad43debb6057515c73655236 forgejo-runner.logrotate +bb0c6fbe90109c77f9ef9cb0d35d20b8033be0e4b7a60839b596aa5528dfa24309ec894d8c04066bf8fb30143e63a5fd8cc6fc89aac364422b583e0f840e2da6 forgejo-runner.initd +e11eab27f88f1181112389befa7de3aa0bac7c26841861918707ede53335535425c805e6682e25704e9c8a6aecba3dc13e20900a99df1183762b012b62f26d5f forgejo-runner.confd +" diff --git a/backports/forgejo-runner/forgejo-runner.confd b/backports/forgejo-runner/forgejo-runner.confd new file mode 100644 index 0000000..874e695 --- /dev/null +++ b/backports/forgejo-runner/forgejo-runner.confd @@ -0,0 +1,17 @@ +# Configuration for /etc/init.d/forgejo-runner + +# Path to the config file (--config). +#cfgfile="/etc/forgejo-runner/config.yaml" + +# Path to the working directory (--working-directory). +#datadir="/var/lib/forgejo-runner" + +# Path to the log file where stdout/stderr will be redirected. +# Leave empty/commented out to use syslog instead. +#output_log="/var/log/forgejo-runner.log" + +# You may change this to root, e.g. to run jobs in LXC +#command_user="forgejo-runner" + +# Comment out to run without process supervisor. +supervisor=supervise-daemon diff --git a/backports/forgejo-runner/forgejo-runner.initd b/backports/forgejo-runner/forgejo-runner.initd new file mode 100644 index 0000000..c54acdd --- /dev/null +++ b/backports/forgejo-runner/forgejo-runner.initd @@ -0,0 +1,38 @@ +#!/sbin/openrc-run + +description="Forgejo CI Runner" +name="Forgejo Runner" + +: ${cfgfile:="/etc/forgejo-runner/config.yaml"} +: ${datadir:="/var/lib/forgejo-runner"} +: ${command_user:="forgejo-runner"} + +command="/usr/bin/forgejo-runner" +command_args="daemon --config $cfgfile" +command_background="yes" +directory="$datadir" +pidfile="/run/$RC_SVCNAME.pid" + +depend() { + need net + use dns logger +} + +start_pre() { + checkpath -d -o "$command_user" /etc/forgejo-runner + checkpath -d -o "$command_user" "$datadir" + + if ! [ -e "$cfgfile" ]; then + eerror "Config file $cfgfile doesn't exist." + eerror "You can generate it with: forgejo-runner generate-config," + eerror "or use the auto-generated one in /etc/forgejo-runner/config.example.yaml" + return 1 + fi + + if [ "$error_log" ]; then + output_log="$error_log" + else + output_logger="logger -t '${RC_SVCNAME}' -p daemon.info" + error_logger="logger -t '${RC_SVCNAME}' -p daemon.error" + fi +} diff --git a/backports/forgejo-runner/forgejo-runner.logrotate b/backports/forgejo-runner/forgejo-runner.logrotate new file mode 100644 index 0000000..1a0539e --- /dev/null +++ b/backports/forgejo-runner/forgejo-runner.logrotate @@ -0,0 +1,5 @@ +/var/log/forgejo-runner.log { + copytruncate + missingok + notifempty +} diff --git a/backports/forgejo-runner/forgejo-runner.pre-install b/backports/forgejo-runner/forgejo-runner.pre-install new file mode 100644 index 0000000..5ce27be --- /dev/null +++ b/backports/forgejo-runner/forgejo-runner.pre-install @@ -0,0 +1,14 @@ +#!/bin/sh + +addgroup -S forgejo-runner 2>/dev/null +adduser -S -D -H -h /var/lib/forgejo-runner -s /sbin/nologin -G forgejo-runner -g forgejo-runner forgejo-runner 2>/dev/null + +cat >&2 < Date: Sun, 25 Aug 2024 09:12:12 -0400 Subject: [PATCH 5/6] ilot/forgejo-aneksajo: new aport --- ilot/forgejo-aneksajo/APKBUILD | 112 ++++++++++++++++++ ilot/forgejo-aneksajo/forgejo-aneksajo.ini | 26 ++++ ilot/forgejo-aneksajo/forgejo-aneksajo.initd | 15 +++ .../forgejo-aneksajo.pre-install | 7 ++ 4 files changed, 160 insertions(+) create mode 100644 ilot/forgejo-aneksajo/APKBUILD create mode 100644 ilot/forgejo-aneksajo/forgejo-aneksajo.ini create mode 100644 ilot/forgejo-aneksajo/forgejo-aneksajo.initd create mode 100644 ilot/forgejo-aneksajo/forgejo-aneksajo.pre-install diff --git a/ilot/forgejo-aneksajo/APKBUILD b/ilot/forgejo-aneksajo/APKBUILD new file mode 100644 index 0000000..ca50a59 --- /dev/null +++ b/ilot/forgejo-aneksajo/APKBUILD @@ -0,0 +1,112 @@ +# Contributor: Carlo Landmeter +# Contributor: 6543 <6543@obermui.de> +# Contributor: techknowlogick +# Contributor: Patrycja Rosa +# Maintainer: Antoine Martin (ayakael) +pkgname=forgejo-aneksajo +pkgver=8.0.1 +_gittag=v$pkgver-git-annex0 +pkgrel=0 +pkgdesc="Self-hosted Git service written in Go with git-annex support" +url="https://forgejo.org" +# riscv64: builds fail https://codeberg.org/forgejo/forgejo/issues/3025 +arch="all !riscv64" +license="MIT" +depends="git git-lfs gnupg" +makedepends="go nodejs npm" +checkdepends="bash openssh openssh-keygen sqlite tzdata" +install="$pkgname.pre-install" +pkgusers="forgejo" +pkggroups="www-data" +subpackages="$pkgname-openrc" +source="$pkgname-$_gittag.tar.gz::https://codeberg.org/matrss/forgejo-aneksajo/archive/$_gittag.tar.gz + $pkgname.initd + $pkgname.ini + " +builddir="$srcdir/forgejo-aneksajo" +options="!check net chmod-clean" # broken with GIT_CEILING + +# secfixes: +# 7.0.4-r0: +# - CVE-2024-24789 +# 7.0.3-r0: +# - CVE-2024-24788 +# 1.21.10.0-r0: +# - CVE-2023-45288 +# 1.21.3.0-r0: +# - CVE-2023-48795 + +export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}" +export GOTMPDIR="${GOTMPDIR:-"$srcdir"}" +export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}" + +# Skip tests for archs that fail unrelated in CI +case "$CARCH" in +s390x|x86|armhf|armv7) options="$options !check" ;; +esac + +prepare() { + default_prepare + + npm ci +} + +build() { + # XXX: LARGEFILE64 + export CGO_CFLAGS="$CFLAGS -O2 -D_LARGEFILE64_SOURCE" + export TAGS="bindata sqlite sqlite_unlock_notify" + export GITEA_VERSION="$pkgver" + export EXTRA_GOFLAGS="$GOFLAGS" + export CGO_LDFLAGS="$LDFLAGS" + unset LDFLAGS + ## make FHS compliant + local setting="code.gitea.io/gitea/modules/setting" + export LDFLAGS="$LDFLAGS -X $setting.CustomConf=/etc/forgejo/app.ini" + export LDFLAGS="$LDFLAGS -X $setting.AppWorkPath=/var/lib/forgejo/" + + make -j1 build +} + +check() { + local home="$srcdir"/home + mkdir -p "$home" + install -d -m700 "$home"/.ssh + touch "$home"/.gitconfig + + env GITEA_ROOT="$home" HOME="$home" GITEA_WORK_DIR="$(pwd)" timeout -s ABRT 20m make -j1 test-sqlite + ## "make test" - modified (exclude broken tests) + ## 'code.gitea.io/gitea/modules/migrations': github hase rate limits! 403 API + local tests=$(go list ./... | grep -v /vendor/ | + grep -v 'code.gitea.io/gitea/modules/migrations' | + grep -v 'code.gitea.io/gitea/modules/charset' | + grep -v 'code.gitea.io/gitea/models/migrations' | + grep -v 'code.gitea.io/gitea/services/migrations' | + grep -v 'code.gitea.io/gitea/integrations') + env GITEA_CONF="$PWD/tests/sqlite.ini" GITEA_ROOT="$home" HOME="$home" GO111MODULE=on go test -mod=vendor -tags='sqlite sqlite_unlock_notify' $tests + +} + +package() { + for dir in $pkgname $pkgname/git $pkgname/data $pkgname/db $pkgname/custom; do + install -dm750 -o forgejo -g www-data \ + "$pkgdir"/var/lib/$dir + done + + install -dm755 -o forgejo -g www-data "$pkgdir"/var/log/forgejo + + # TODO: rename when upstream does + install -Dm755 -g www-data gitea "$pkgdir"/usr/bin/forgejo + + install -Dm644 -o forgejo -g www-data "$srcdir"/forgejo-aneksajo.ini \ + "$pkgdir"/etc/forgejo/app.ini + chown forgejo:www-data "$pkgdir"/etc/forgejo + + install -Dm755 "$srcdir"/forgejo-aneksajo.initd \ + "$pkgdir"/etc/init.d/forgejo +} + +sha512sums=" +d8e273d369c934eec7ff84795cd0d896cda53bc1a2d17f610dd8476ff92dc50c4a24c4598366ef8aac3be52ddef6630489043183085334376c30bc5d4d5f15c2 forgejo-aneksajo-v8.0.1-git-annex0.tar.gz +eb93a9f6c8f204de5c813f58727015f53f9feaab546589e016c60743131559f04fc1518f487b6d2a0e7fa8fab6d4a67cd0cd9713a7ccd9dec767a8c1ddebe129 forgejo-aneksajo.initd +b537b41b6b3a945274a6028800f39787b48c318425a37cf5d40ace0d1b305444fd07f17b4acafcd31a629bedd7d008b0bb3e30f82ffeb3d7e7e947bdbe0ff4f3 forgejo-aneksajo.ini +" diff --git a/ilot/forgejo-aneksajo/forgejo-aneksajo.ini b/ilot/forgejo-aneksajo/forgejo-aneksajo.ini new file mode 100644 index 0000000..3b46259 --- /dev/null +++ b/ilot/forgejo-aneksajo/forgejo-aneksajo.ini @@ -0,0 +1,26 @@ +# Configuration cheat sheet: https://forgejo.org/docs/latest/admin/config-cheat-sheet/ + +RUN_USER = forgejo +RUN_MODE = prod + +[repository] +ROOT = /var/lib/forgejo/git +SCRIPT_TYPE = sh + +[server] +STATIC_ROOT_PATH = /usr/share/webapps/forgejo +APP_DATA_PATH = /var/lib/forgejo/data +LFS_START_SERVER = true + +[database] +DB_TYPE = sqlite3 +PATH = /var/lib/forgejo/db/forgejo.db +SSL_MODE = disable + +[session] +PROVIDER = file + +[log] +ROOT_PATH = /var/log/forgejo +MODE = file +LEVEL = Info diff --git a/ilot/forgejo-aneksajo/forgejo-aneksajo.initd b/ilot/forgejo-aneksajo/forgejo-aneksajo.initd new file mode 100644 index 0000000..24dd085 --- /dev/null +++ b/ilot/forgejo-aneksajo/forgejo-aneksajo.initd @@ -0,0 +1,15 @@ +#!/sbin/openrc-run + +supervisor=supervise-daemon +name=forgejo +command="/usr/bin/forgejo" +command_user="${FORGEJO_USER:-forgejo}:www-data" +command_args="web --config '${FORGEJO_CONF:-/etc/forgejo/app.ini}'" +supervise_daemon_args="--env FORGEJO_WORK_DIR='${FORGEJO_WORK_DIR:-/var/lib/forgejo}' --chdir '${FORGEJO_WORK_DIR:-/var/lib/forgejo}' --stdout '${FORGEJO_LOG_FILE:-/var/log/forgejo/http.log}' --stderr '${FORGEJO_LOG_FILE:-/var/log/forgejo/http.log}'" +pidfile="/run/forgejo.pid" + +depend() { + use logger dns + need net + after firewall mysql postgresql +} diff --git a/ilot/forgejo-aneksajo/forgejo-aneksajo.pre-install b/ilot/forgejo-aneksajo/forgejo-aneksajo.pre-install new file mode 100644 index 0000000..c7e8b7b --- /dev/null +++ b/ilot/forgejo-aneksajo/forgejo-aneksajo.pre-install @@ -0,0 +1,7 @@ +#!/bin/sh + +addgroup -S -g 82 www-data 2>/dev/null +adduser -S -D -h /var/lib/forgejo -s /bin/sh -G www-data -g forgejo forgejo 2>/dev/null \ + && passwd -u forgejo 2>/dev/null + +exit 0 From a882011e973e7783064c049d5dc0ffaa4b2294cf Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 25 Aug 2024 09:15:05 -0400 Subject: [PATCH 6/6] ilot/codeberg-pages-server: new aport --- ilot/codeberg-pages-server/APKBUILD | 45 +++++++++++++++++++ .../codeberg-pages-server.openrc | 30 +++++++++++++ .../codeberg-pages-server.post-install | 39 ++++++++++++++++ .../codeberg-pages-server.post-upgrade | 1 + .../codeberg-pages-server.pre-install | 26 +++++++++++ .../upgrade-go-sqlite3-to-1.14.19.patch | 26 +++++++++++ 6 files changed, 167 insertions(+) create mode 100644 ilot/codeberg-pages-server/APKBUILD create mode 100644 ilot/codeberg-pages-server/codeberg-pages-server.openrc create mode 100755 ilot/codeberg-pages-server/codeberg-pages-server.post-install create mode 120000 ilot/codeberg-pages-server/codeberg-pages-server.post-upgrade create mode 100644 ilot/codeberg-pages-server/codeberg-pages-server.pre-install create mode 100644 ilot/codeberg-pages-server/upgrade-go-sqlite3-to-1.14.19.patch diff --git a/ilot/codeberg-pages-server/APKBUILD b/ilot/codeberg-pages-server/APKBUILD new file mode 100644 index 0000000..5eab680 --- /dev/null +++ b/ilot/codeberg-pages-server/APKBUILD @@ -0,0 +1,45 @@ +# Contributor: Antoine Martin (ayakael) +# Maintainer: Antoine Martin (ayakael) +pkgname=codeberg-pages-server +pkgver=5.1 +pkgrel=0 +pkgdesc="The Codeberg Pages Server – with custom domain support, per-repo pages using the "pages" branch, caching and more." +url="https://codeberg.org/Codeberg/pages-server" +arch="all" +license="EUPL-1.2" +depends="nginx" +makedepends="go just" +# tests disabled for now +options="!check" +install="$pkgname.post-install $pkgname.post-upgrade $pkgname.pre-install" +source=" + $pkgname-$pkgver.tar.gz::https://codeberg.org/Codeberg/pages-server/archive/v$pkgver.tar.gz + codeberg-pages-server.openrc + upgrade-go-sqlite3-to-1.14.19.patch + " +builddir="$srcdir/"pages-server +subpackages="$pkgname-openrc" +pkgusers="git" +pkggroups="www-data" + +export GOPATH=$srcdir/go +export GOCACHE=$srcdir/go-build +export GOTMPDIR=$srcdir + +build() { + just build +} + +package() { + msg "Packaging $pkgname" + install -Dm755 "$builddir"/build/codeberg-pages-server "$pkgdir"/usr/bin/codeberg-pages-server + + install -Dm755 "$srcdir"/$pkgname.openrc \ + "$pkgdir"/etc/init.d/$pkgname +} + +sha512sums=" +55a1dd5ed0f1cb2aaad1066eca8bfbd1d537169ed3712c748163ebff64edc45d05ac1f6f062433e232e2638a790232438282f96dd7410eb4cbaff7208f5f2427 codeberg-pages-server-5.1.tar.gz +4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1 codeberg-pages-server.openrc +895f1c8d22fcf1d5491a6fe0ce5d93201f83b6dd5fc81b24016b609988fb6c66fdde75bb3830f385a5c83d96366ca3a5f4f9524f52058b6c5dfd8b80d14bac5b upgrade-go-sqlite3-to-1.14.19.patch +" diff --git a/ilot/codeberg-pages-server/codeberg-pages-server.openrc b/ilot/codeberg-pages-server/codeberg-pages-server.openrc new file mode 100644 index 0000000..a036393 --- /dev/null +++ b/ilot/codeberg-pages-server/codeberg-pages-server.openrc @@ -0,0 +1,30 @@ +#!/sbin/openrc-run + +name="$RC_SVCNAME" +cfgfile="/etc/conf.d/$RC_SVCNAME.conf" +pidfile="/run/$RC_SVCNAME.pid" +working_directory="/usr/share/webapps/authentik" +command="/usr/share/webapps/authentik/server" +command_user="authentik" +command_group="authentik" +start_stop_daemon_args="" +command_background="yes" +output_log="/var/log/authentik/$RC_SVCNAME.log" +error_log="/var/log/authentik/$RC_SVCNAME.err" + +depend() { + need redis + need postgresql +} + +start_pre() { + cd "$working_directory" + checkpath --directory --owner $command_user:$command_group --mode 0775 \ + /var/log/authentik \ + /var/lib/authentik/certs +} + +stop_pre() { + ebegin "Killing child processes" + kill $(ps -o pid= --ppid $(cat $pidfile)) || true +} diff --git a/ilot/codeberg-pages-server/codeberg-pages-server.post-install b/ilot/codeberg-pages-server/codeberg-pages-server.post-install new file mode 100755 index 0000000..a715d20 --- /dev/null +++ b/ilot/codeberg-pages-server/codeberg-pages-server.post-install @@ -0,0 +1,39 @@ +#!/bin/sh +set -eu + +group=authentik +config_file='/etc/authentik/config.yml' + +setcap 'cap_net_bind_service=+ep' /usr/share/webapps/authentik/server + +if [ $(grep '@@SECRET_KEY@@' "$config_file") ]; then + echo "* Generating random secret in $config_file" >&2 + + secret_key="$(pwgen -s 50 1)" + sed -i "s|@@SECRET_KEY@@|$secret_key|" "$config_file" + chown root:$group "$config_file" +fi + +if [ "${0##*.}" = 'post-upgrade' ]; then + cat >&2 <<-EOF + * + * To finish Authentik upgrade run: + * + * authentik-manage migrate + * + EOF +else + cat >&2 <<-EOF + * + * 1. Adjust settings in /etc/authentik/config.yml. + * + * 2. Create database for Authentik: + * + * psql -c "CREATE ROLE authentik PASSWORD 'top-secret' INHERIT LOGIN;" + * psql -c "CREATE DATABASE authentik OWNER authentik ENCODING 'UTF-8';" + * + * 3. Run "authentik-manage migrate" + * 4. Setup admin user at https:///if/flow/initial-setup/ + * + EOF +fi diff --git a/ilot/codeberg-pages-server/codeberg-pages-server.post-upgrade b/ilot/codeberg-pages-server/codeberg-pages-server.post-upgrade new file mode 120000 index 0000000..d7ffea2 --- /dev/null +++ b/ilot/codeberg-pages-server/codeberg-pages-server.post-upgrade @@ -0,0 +1 @@ +codeberg-pages-server.post-install \ No newline at end of file diff --git a/ilot/codeberg-pages-server/codeberg-pages-server.pre-install b/ilot/codeberg-pages-server/codeberg-pages-server.pre-install new file mode 100644 index 0000000..792f304 --- /dev/null +++ b/ilot/codeberg-pages-server/codeberg-pages-server.pre-install @@ -0,0 +1,26 @@ +#!/bin/sh +# It's very important to set user/group correctly. + +authentik_dir='/var/lib/authentik' + +if ! getent group authentik 1>/dev/null; then + echo '* Creating group authentik' 1>&2 + + addgroup -S authentik +fi + +if ! id authentik 2>/dev/null 1>&2; then + echo '* Creating user authentik' 1>&2 + + adduser -DHS -G authentik -h "$authentik_dir" -s /bin/sh \ + -g "added by apk for authentik" authentik + passwd -u authentik 1>/dev/null # unlock +fi + +if ! id -Gn authentik | grep -Fq redis; then + echo '* Adding user authentik to group redis' 1>&2 + + addgroup authentik redis +fi + +exit 0 diff --git a/ilot/codeberg-pages-server/upgrade-go-sqlite3-to-1.14.19.patch b/ilot/codeberg-pages-server/upgrade-go-sqlite3-to-1.14.19.patch new file mode 100644 index 0000000..fabb214 --- /dev/null +++ b/ilot/codeberg-pages-server/upgrade-go-sqlite3-to-1.14.19.patch @@ -0,0 +1,26 @@ +diff --git a/go.mod.orig b/go.mod +index eba292e..00310e5 100644 +--- a/go.mod.orig ++++ b/go.mod +@@ -11,7 +11,7 @@ require ( + github.com/go-sql-driver/mysql v1.6.0 + github.com/joho/godotenv v1.4.0 + github.com/lib/pq v1.10.7 +- github.com/mattn/go-sqlite3 v1.14.16 ++ github.com/mattn/go-sqlite3 v1.14.19 + github.com/microcosm-cc/bluemonday v1.0.26 + github.com/reugn/equalizer v0.0.0-20210216135016-a959c509d7ad + github.com/rs/zerolog v1.27.0 +diff --git a/go.sum.orig b/go.sum +index 7ea8b78..19145ea 100644 +--- a/go.sum.orig ++++ b/go.sum +@@ -479,6 +479,8 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m + github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= + github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y= + github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= ++github.com/mattn/go-sqlite3 v1.14.19 h1:fhGleo2h1p8tVChob4I9HpmVFIAkKGpiukdrgQbWfGI= ++github.com/mattn/go-sqlite3 v1.14.19/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= + github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4fJH25nqRHfWLMa1ONC8Amw+mIA639KxkE= + github.com/mattn/go-tty v0.0.3/go.mod h1:ihxohKRERHTVzN+aSVRwACLCeqIoZAWpoICkkvrWyR0= + github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=