From c4ba4602296bee7c020c96c883a3691fdf25a396 Mon Sep 17 00:00:00 2001 From: Tobias Manske Date: Mon, 27 Mar 2023 04:28:02 +0200 Subject: [PATCH] Initial --- .drone.yml | 32 ++++++++++ entrypoint.sh | 66 +++++++++++++++++++++ makepkg.conf | 158 ++++++++++++++++++++++++++++++++++++++++++++++++++ pacman.conf | 103 ++++++++++++++++++++++++++++++++ trustroot.asc | 10 ++++ 5 files changed, 369 insertions(+) create mode 100644 .drone.yml create mode 100755 entrypoint.sh create mode 100644 makepkg.conf create mode 100644 pacman.conf create mode 100644 trustroot.asc diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..aef7f43 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,32 @@ +--- +kind: pipeline +type: docker +name: Build ArchLinux packages! + +trigger: + event: + include: + - push + - custom + - cron + - tag + +steps: + + - name: Update Repository + image: registry.gitlab.com/geraldwuhoo/docker-aurutils:latest + pull: always + environment: + AUR_REPO_NAME: rad4day + BUILD_GPG_KEY: + from_secret: repo_signing_key + REPO_ACCESS_KEY: + from_secret: repo_access_key + REPO_SECRET_KEY: + from_secret: repo_secret_key + commands: + - "sudo cp ./pacman.conf /etc/pacman.conf" + - "sudo cp ./makepkg.conf /etc/makepkg.conf" + - "sudo chown aurutils: /repo" + - "sudo chown -R aurutils: /drone/src" + - "./entrypoint.sh" diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..16b4511 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,66 @@ +#!/bin/sh +set -u +set -e + +sudo pacman-key --init + +# Pull Repo + +## Needed so pacman doesnt complain. +repo-add "/repo/${AUR_REPO_NAME}.db.tar.xz" +sudo pacman -Syu --noconfirm minio-client + +mcli alias set s3 https://s3.tobiasmanske.de $REPO_ACCESS_KEY $REPO_SECRET_KEY +mcli cp s3/repo/x86_64/rad4day.db.tar.xz /repo/x86_64/rad4day.db.tar.xz +mcli cp s3/repo/x86_64/rad4day.files.tar.xz /repo/x86_64/rad4day.files.tar.xz + +mcli cp s3/repo/x86_64/rad4day.db.tar.xz.sig /repo/x86_64/rad4day.db.tar.xz.sig +mcli cp s3/repo/x86_64/rad4day.files.tar.xz.sig /repo/x86_64/rad4day.files.tar.xz.sig + +if ! (aur repo > /dev/null 2>&1); then + printf "Aur repo not initialized, initializing /repo...\n" + repo-add "/repo/${AUR_REPO_NAME}.db.tar.xz" +fi + + +# Keyring Signing Key +sudo pacman-key --add trustroot.asc +gpg --import --batch trustroot.asc +sudo pacman-key --lsign 10BE06BC275CE0E17373B368F67996C486D1B56B + + +repoctl conf new "$(readlink -f \"/repo/${AUR_REPO_NAME}.db\")" + +# Setup signing +echo "$BUILD_GPG_KEY" | base64 -d | gpg --import --batch +echo "C3FE87CFB8F8D503AE03EC1C033E7F3DC71FE89E:6:" | gpg --import-ownertrust --batch + +sudo pacman --noconfirm -Sy archlinux-keyring +sudo pacman --noconfirm -Syu + + +git clone --recursive https://git.tobiasmanske.de/archlinux-repo/package_sources.git packages +cd packages + +git submodule update --remote --merge # Make sure we are up to date if something is linked as a submodule +find . -name PKGBUILD -execdir sh -c 'makepkg --printsrcinfo > .SRCINFO' \; + +# Build all packages defined in our git +cat */.SRCINFO | aur graph | tsort | tac > queue +echo +echo QUEUE +echo +cat queue +aur build -S --noconfirm -a queue --no-sync --margs -s + +# build all packages defined in our repo +#paclist custom | awk '{print $1}' | xargs -r aur sync --noconfirm +aur sync -u -S --noview --noconfirm + + +## Upload to repo +mcli mirror --overwrite /repo s3/repo/x86_64 + + +exec "$@" + diff --git a/makepkg.conf b/makepkg.conf new file mode 100644 index 0000000..c818ce3 --- /dev/null +++ b/makepkg.conf @@ -0,0 +1,158 @@ +# +# /etc/makepkg.conf +# + +######################################################################### +# SOURCE ACQUISITION +######################################################################### +# +#-- The download utilities that makepkg should use to acquire sources +# Format: 'protocol::agent' +DLAGENTS=('file::/usr/bin/curl -qgC - -o %o %u' + 'ftp::/usr/bin/curl -qgfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u' + 'http::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u' + 'https::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u' + 'rsync::/usr/bin/rsync --no-motd -z %u %o' + 'scp::/usr/bin/scp -C %u %o') + +# Other common tools: +# /usr/bin/snarf +# /usr/bin/lftpget -c +# /usr/bin/wget + +#-- The package required by makepkg to download VCS sources +# Format: 'protocol::package' +VCSCLIENTS=('bzr::bzr' + 'fossil::fossil' + 'git::git' + 'hg::mercurial' + 'svn::subversion') + +######################################################################### +# ARCHITECTURE, COMPILE FLAGS +######################################################################### +# +CARCH="x86_64" +CHOST="x86_64-pc-linux-gnu" + +#-- Compiler and Linker Flags +#CPPFLAGS="" +CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \ + -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \ + -fstack-clash-protection -fcf-protection" +CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS" +LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now" +LTOFLAGS="-flto=auto" +#RUSTFLAGS="-C opt-level=2" +#-- Make Flags: change this for DistCC/SMP systems +#MAKEFLAGS="-j2" +#-- Debugging flags +DEBUG_CFLAGS="-g" +DEBUG_CXXFLAGS="$DEBUG_CFLAGS" +#DEBUG_RUSTFLAGS="-C debuginfo=2" + +######################################################################### +# BUILD ENVIRONMENT +######################################################################### +# +# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign) +# A negated environment option will do the opposite of the comments below. +# +#-- distcc: Use the Distributed C/C++/ObjC compiler +#-- color: Colorize output messages +#-- ccache: Use ccache to cache compilation +#-- check: Run the check() function if present in the PKGBUILD +#-- sign: Generate PGP signature file +# +BUILDENV=(!distcc color !ccache check sign) +# +#-- If using DistCC, your MAKEFLAGS will also need modification. In addition, +#-- specify a space-delimited list of hosts running in the DistCC cluster. +#DISTCC_HOSTS="" +# +#-- Specify a directory for package building. +#BUILDDIR=/tmp/makepkg + +######################################################################### +# GLOBAL PACKAGE OPTIONS +# These are default values for the options=() settings +######################################################################### +# +# Makepkg defaults: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto) +# A negated option will do the opposite of the comments below. +# +#-- strip: Strip symbols from binaries/libraries +#-- docs: Save doc directories specified by DOC_DIRS +#-- libtool: Leave libtool (.la) files in packages +#-- staticlibs: Leave static library (.a) files in packages +#-- emptydirs: Leave empty directories in packages +#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip +#-- purge: Remove files specified by PURGE_TARGETS +#-- debug: Add debugging flags as specified in DEBUG_* variables +#-- lto: Add compile flags for building with link time optimization +# +OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto) + +#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2 +INTEGRITY_CHECK=(sha256) +#-- Options to be used when stripping binaries. See `man strip' for details. +STRIP_BINARIES="--strip-all" +#-- Options to be used when stripping shared libraries. See `man strip' for details. +STRIP_SHARED="--strip-unneeded" +#-- Options to be used when stripping static libraries. See `man strip' for details. +STRIP_STATIC="--strip-debug" +#-- Manual (man and info) directories to compress (if zipman is specified) +MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info}) +#-- Doc directories to remove (if !docs is specified) +DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc}) +#-- Files to be removed from all packages (if purge is specified) +PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod) +#-- Directory to store source code in for debug packages +DBGSRCDIR="/usr/src/debug" + +######################################################################### +# PACKAGE OUTPUT +######################################################################### +# +# Default: put built package and cached source in build directory +# +#-- Destination: specify a fixed directory where all packages will be placed +#PKGDEST=/home/packages +#-- Source cache: specify a fixed directory where source files will be cached +#SRCDEST=/home/sources +#-- Source packages: specify a fixed directory where all src packages will be placed +#SRCPKGDEST=/home/srcpackages +#-- Log files: specify a fixed directory where all log files will be placed +#LOGDEST=/home/makepkglogs +#-- Packager: name/email of the person or organization building packages +PACKAGER="Tobias Manske " +#-- Specify a key to use for package signing +GPGKEY="033E7F3DC71FE89E" + +######################################################################### +# COMPRESSION DEFAULTS +######################################################################### +# +COMPRESSGZ=(gzip -c -f -n) +COMPRESSBZ2=(bzip2 -c -f) +COMPRESSXZ=(xz -c -z -) +COMPRESSZST=(zstd -c -z -q -) +COMPRESSLRZ=(lrzip -q) +COMPRESSLZO=(lzop -q) +COMPRESSZ=(compress -c -f) +COMPRESSLZ4=(lz4 -q) +COMPRESSLZ=(lzip -c -f) + +######################################################################### +# EXTENSION DEFAULTS +######################################################################### +# +PKGEXT='.pkg.tar.zst' +SRCEXT='.src.tar.gz' + +######################################################################### +# OTHER +######################################################################### +# +#-- Command used to run pacman as root, instead of trying sudo and su +#PACMAN_AUTH=() diff --git a/pacman.conf b/pacman.conf new file mode 100644 index 0000000..daf30b5 --- /dev/null +++ b/pacman.conf @@ -0,0 +1,103 @@ +# /etc/pacman.conf +# +# See the pacman.conf(5) manpage for option and repository directives + +# +# GENERAL OPTIONS +# +[options] +# The following paths are commented out with their default values listed. +# If you wish to use different paths, uncomment and update the paths. +#RootDir = / +#DBPath = /var/lib/pacman/ +#CacheDir = /var/cache/pacman/pkg/ +#LogFile = /var/log/pacman.log +#GPGDir = /etc/pacman.d/gnupg/ +#HookDir = /etc/pacman.d/hooks/ +HoldPkg = pacman glibc +#XferCommand = /usr/bin/curl -L -C - -f -o %o %u +#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u +#CleanMethod = KeepInstalled +Architecture = auto + +# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup +#IgnorePkg = +#IgnoreGroup = + +#NoUpgrade = +#NoExtract = + +# Misc options +#UseSyslog +Color +# We cannot check disk space from within a chroot environment +#CheckSpace +VerbosePkgLists +ParallelDownloads = 10 + +# By default, pacman accepts packages signed by keys that its local keyring +# trusts (see pacman-key and its man page), as well as unsigned packages. +SigLevel = Required DatabaseOptional +LocalFileSigLevel = Never +#RemoteFileSigLevel = Required + +# NOTE: You must run `pacman-key --init` before first using pacman; the local +# keyring can then be populated with the keys of all official Arch Linux +# packagers with `pacman-key --populate archlinux`. + +# +# REPOSITORIES +# - can be defined here or included from another file +# - pacman will search repositories in the order defined here +# - local/custom mirrors can be added here or in separate files +# - repositories listed first will take precedence when packages +# have identical names, regardless of version number +# - URLs will have $repo replaced by the name of the current repo +# - URLs will have $arch replaced by the name of the architecture +# +# Repository entries are of the format: +# [repo-name] +# Server = ServerName +# Include = IncludePath +# +# The header [repo-name] is crucial - it must be present and +# uncommented to enable the repo. +# + +# The testing repositories are disabled by default. To enable, uncomment the +# repo name header and Include lines. You can add preferred servers immediately +# after the header, and they will be used before the default mirrors. + +#[testing] +#Include = /etc/pacman.d/mirrorlist + +[core] +Include = /etc/pacman.d/mirrorlist + +[extra] +Include = /etc/pacman.d/mirrorlist + +#[community-testing] +#Include = /etc/pacman.d/mirrorlist + +[community] +Include = /etc/pacman.d/mirrorlist + +[multilib] +Include = /etc/pacman.d/mirrorlist + +# An example of a custom package repository. See the pacman manpage for +# tips on creating your own repositories. +[rad4day] +SigLevel = Never +Server = file:///repo + +[options] +NoExtract = usr/share/help/* !usr/share/help/en* +NoExtract = usr/share/gtk-doc/html/* usr/share/doc/* +NoExtract = usr/share/locale/* usr/share/X11/locale/* usr/share/i18n/* +NoExtract = !*locale*/en*/* !usr/share/i18n/charmaps/UTF-8.gz !usr/share/*locale*/locale.* +NoExtract = !usr/share/*locales/en_?? !usr/share/*locales/i18n* !usr/share/*locales/iso* +NoExtract = !usr/share/*locales/trans* +NoExtract = usr/share/man/* usr/share/info/* +NoExtract = usr/share/vim/vim*/lang/* diff --git a/trustroot.asc b/trustroot.asc new file mode 100644 index 0000000..f245f7d --- /dev/null +++ b/trustroot.asc @@ -0,0 +1,10 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZB8u6hYJKwYBBAHaRw8BAQdAZlSFx3jxgtGDLcaQDyl/XgJjBs9qeXLpAjlQ +pL/Y2NK0QFJvb3Qgb2YgVHJ1c3QgKFBhY2thZ2VyIFNpZ25pbmcgS2V5KSA8YXJj +aC1yZXBvQHRvYmlhc21hbnNrZS5kZT6ImQQTFgoAQRYhBBC+BrwnXODhc3OzaPZ5 +lsSG0bVrBQJkHy7qAhsDBQkJZgGABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheA +AAoJEPZ5lsSG0bVr3bsBAKui4HdlCPqYckKbrTnWwqt++XrQbpjFPGhYEfunmjOz +AQCMFKEIIGkxTJiWLhdsi4x0C8DypPpFqaM4zfj8/8a4CQ== +=/krf +-----END PGP PUBLIC KEY BLOCK-----