Initial

.drone.yml

@@ -0,0 +1,32 @@
+---
+kind: pipeline
+type: docker
+name: Build ArchLinux packages!
+
+trigger:
+  event:
+    include:
+      - push
+      - custom
+      - cron
+      - tag
+
+steps:
+
+  - name: Update Repository
+    image: registry.gitlab.com/geraldwuhoo/docker-aurutils:latest
+    pull: always
+    environment:
+      AUR_REPO_NAME: rad4day
+      BUILD_GPG_KEY:
+        from_secret: repo_signing_key
+      REPO_ACCESS_KEY:
+        from_secret: repo_access_key
+      REPO_SECRET_KEY:
+        from_secret: repo_secret_key
+    commands:
+      - "sudo cp ./pacman.conf /etc/pacman.conf"
+      - "sudo cp ./makepkg.conf /etc/makepkg.conf"
+      - "sudo chown aurutils: /repo"
+      - "sudo chown -R aurutils: /drone/src"
+      - "./entrypoint.sh"

entrypoint.sh

@@ -0,0 +1,66 @@
+#!/bin/sh
+set -u
+set -e
+
+sudo pacman-key --init
+
+# Pull Repo
+
+## Needed so pacman doesnt complain.
+repo-add "/repo/${AUR_REPO_NAME}.db.tar.xz"
+sudo pacman -Syu --noconfirm minio-client
+
+mcli alias set s3 https://s3.tobiasmanske.de $REPO_ACCESS_KEY $REPO_SECRET_KEY
+mcli cp s3/repo/x86_64/rad4day.db.tar.xz /repo/x86_64/rad4day.db.tar.xz
+mcli cp s3/repo/x86_64/rad4day.files.tar.xz /repo/x86_64/rad4day.files.tar.xz
+
+mcli cp s3/repo/x86_64/rad4day.db.tar.xz.sig /repo/x86_64/rad4day.db.tar.xz.sig
+mcli cp s3/repo/x86_64/rad4day.files.tar.xz.sig /repo/x86_64/rad4day.files.tar.xz.sig
+
+if ! (aur repo > /dev/null 2>&1); then
+    printf "Aur repo not initialized, initializing /repo...\n"
+    repo-add "/repo/${AUR_REPO_NAME}.db.tar.xz"
+fi
+
+
+# Keyring Signing Key
+sudo pacman-key --add trustroot.asc
+gpg --import --batch trustroot.asc
+sudo pacman-key --lsign 10BE06BC275CE0E17373B368F67996C486D1B56B
+
+
+repoctl conf new "$(readlink -f \"/repo/${AUR_REPO_NAME}.db\")"
+
+# Setup signing
+echo "$BUILD_GPG_KEY" | base64 -d | gpg --import --batch
+echo "C3FE87CFB8F8D503AE03EC1C033E7F3DC71FE89E:6:" | gpg --import-ownertrust --batch
+
+sudo pacman --noconfirm -Sy archlinux-keyring
+sudo pacman --noconfirm -Syu
+
+
+git clone --recursive https://git.tobiasmanske.de/archlinux-repo/package_sources.git packages
+cd packages
+
+git submodule update --remote --merge # Make sure we are up to date if something is linked as a submodule
+find . -name PKGBUILD -execdir sh -c 'makepkg --printsrcinfo > .SRCINFO' \;
+
+# Build all packages defined in our git
+cat */.SRCINFO | aur graph | tsort | tac > queue
+echo
+echo QUEUE
+echo
+cat queue
+aur build -S --noconfirm -a queue --no-sync --margs -s
+
+# build all packages defined in our repo
+#paclist custom | awk '{print $1}' | xargs -r aur sync --noconfirm
+aur sync -u -S --noview --noconfirm
+
+
+## Upload to repo
+mcli mirror --overwrite /repo s3/repo/x86_64
+
+
+exec "$@"
+

makepkg.conf

@@ -0,0 +1,158 @@
+#
+# /etc/makepkg.conf
+#
+
+#########################################################################
+# SOURCE ACQUISITION
+#########################################################################
+#
+#-- The download utilities that makepkg should use to acquire sources
+#  Format: 'protocol::agent'
+DLAGENTS=('file::/usr/bin/curl -qgC - -o %o %u'
+          'ftp::/usr/bin/curl -qgfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
+          'http::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'https::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'rsync::/usr/bin/rsync --no-motd -z %u %o'
+          'scp::/usr/bin/scp -C %u %o')
+
+# Other common tools:
+# /usr/bin/snarf
+# /usr/bin/lftpget -c
+# /usr/bin/wget
+
+#-- The package required by makepkg to download VCS sources
+#  Format: 'protocol::package'
+VCSCLIENTS=('bzr::bzr'
+            'fossil::fossil'
+            'git::git'
+            'hg::mercurial'
+            'svn::subversion')
+
+#########################################################################
+# ARCHITECTURE, COMPILE FLAGS
+#########################################################################
+#
+CARCH="x86_64"
+CHOST="x86_64-pc-linux-gnu"
+
+#-- Compiler and Linker Flags
+#CPPFLAGS=""
+CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
+        -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
+        -fstack-clash-protection -fcf-protection"
+CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
+LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
+LTOFLAGS="-flto=auto"
+#RUSTFLAGS="-C opt-level=2"
+#-- Make Flags: change this for DistCC/SMP systems
+#MAKEFLAGS="-j2"
+#-- Debugging flags
+DEBUG_CFLAGS="-g"
+DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
+#DEBUG_RUSTFLAGS="-C debuginfo=2"
+
+#########################################################################
+# BUILD ENVIRONMENT
+#########################################################################
+#
+# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign)
+#  A negated environment option will do the opposite of the comments below.
+#
+#-- distcc:   Use the Distributed C/C++/ObjC compiler
+#-- color:    Colorize output messages
+#-- ccache:   Use ccache to cache compilation
+#-- check:    Run the check() function if present in the PKGBUILD
+#-- sign:     Generate PGP signature file
+#
+BUILDENV=(!distcc color !ccache check sign)
+#
+#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
+#-- specify a space-delimited list of hosts running in the DistCC cluster.
+#DISTCC_HOSTS=""
+#
+#-- Specify a directory for package building.
+#BUILDDIR=/tmp/makepkg
+
+#########################################################################
+# GLOBAL PACKAGE OPTIONS
+#   These are default values for the options=() settings
+#########################################################################
+#
+# Makepkg defaults: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto)
+#  A negated option will do the opposite of the comments below.
+#
+#-- strip:      Strip symbols from binaries/libraries
+#-- docs:       Save doc directories specified by DOC_DIRS
+#-- libtool:    Leave libtool (.la) files in packages
+#-- staticlibs: Leave static library (.a) files in packages
+#-- emptydirs:  Leave empty directories in packages
+#-- zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
+#-- purge:      Remove files specified by PURGE_TARGETS
+#-- debug:      Add debugging flags as specified in DEBUG_* variables
+#-- lto:        Add compile flags for building with link time optimization
+#
+OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto)
+
+#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
+INTEGRITY_CHECK=(sha256)
+#-- Options to be used when stripping binaries. See `man strip' for details.
+STRIP_BINARIES="--strip-all"
+#-- Options to be used when stripping shared libraries. See `man strip' for details.
+STRIP_SHARED="--strip-unneeded"
+#-- Options to be used when stripping static libraries. See `man strip' for details.
+STRIP_STATIC="--strip-debug"
+#-- Manual (man and info) directories to compress (if zipman is specified)
+MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
+#-- Doc directories to remove (if !docs is specified)
+DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
+#-- Files to be removed from all packages (if purge is specified)
+PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
+#-- Directory to store source code in for debug packages
+DBGSRCDIR="/usr/src/debug"
+
+#########################################################################
+# PACKAGE OUTPUT
+#########################################################################
+#
+# Default: put built package and cached source in build directory
+#
+#-- Destination: specify a fixed directory where all packages will be placed
+#PKGDEST=/home/packages
+#-- Source cache: specify a fixed directory where source files will be cached
+#SRCDEST=/home/sources
+#-- Source packages: specify a fixed directory where all src packages will be placed
+#SRCPKGDEST=/home/srcpackages
+#-- Log files: specify a fixed directory where all log files will be placed
+#LOGDEST=/home/makepkglogs
+#-- Packager: name/email of the person or organization building packages
+PACKAGER="Tobias Manske <arch-repo@tobiasmanske.de>"
+#-- Specify a key to use for package signing
+GPGKEY="033E7F3DC71FE89E"
+
+#########################################################################
+# COMPRESSION DEFAULTS
+#########################################################################
+#
+COMPRESSGZ=(gzip -c -f -n)
+COMPRESSBZ2=(bzip2 -c -f)
+COMPRESSXZ=(xz -c -z -)
+COMPRESSZST=(zstd -c -z -q -)
+COMPRESSLRZ=(lrzip -q)
+COMPRESSLZO=(lzop -q)
+COMPRESSZ=(compress -c -f)
+COMPRESSLZ4=(lz4 -q)
+COMPRESSLZ=(lzip -c -f)
+
+#########################################################################
+# EXTENSION DEFAULTS
+#########################################################################
+#
+PKGEXT='.pkg.tar.zst'
+SRCEXT='.src.tar.gz'
+
+#########################################################################
+# OTHER
+#########################################################################
+#
+#-- Command used to run pacman as root, instead of trying sudo and su
+#PACMAN_AUTH=()

pacman.conf

@@ -0,0 +1,103 @@
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+#CacheDir    = /var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
+HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg   =
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+Color
+# We cannot check disk space from within a chroot environment
+#CheckSpace
+VerbosePkgLists
+ParallelDownloads = 10
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Never
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+#[testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+#[community-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+[multilib]
+Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+[rad4day]
+SigLevel = Never
+Server = file:///repo
+
+[options]
+NoExtract  = usr/share/help/* !usr/share/help/en*
+NoExtract  = usr/share/gtk-doc/html/* usr/share/doc/*
+NoExtract  = usr/share/locale/* usr/share/X11/locale/* usr/share/i18n/*
+NoExtract   = !*locale*/en*/* !usr/share/i18n/charmaps/UTF-8.gz !usr/share/*locale*/locale.*
+NoExtract   = !usr/share/*locales/en_?? !usr/share/*locales/i18n* !usr/share/*locales/iso*
+NoExtract   = !usr/share/*locales/trans*
+NoExtract  = usr/share/man/* usr/share/info/*
+NoExtract  = usr/share/vim/vim*/lang/*

trustroot.asc

@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZB8u6hYJKwYBBAHaRw8BAQdAZlSFx3jxgtGDLcaQDyl/XgJjBs9qeXLpAjlQ
+pL/Y2NK0QFJvb3Qgb2YgVHJ1c3QgKFBhY2thZ2VyIFNpZ25pbmcgS2V5KSA8YXJj
+aC1yZXBvQHRvYmlhc21hbnNrZS5kZT6ImQQTFgoAQRYhBBC+BrwnXODhc3OzaPZ5
+lsSG0bVrBQJkHy7qAhsDBQkJZgGABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheA
+AAoJEPZ5lsSG0bVr3bsBAKui4HdlCPqYckKbrTnWwqt++XrQbpjFPGhYEfunmjOz
+AQCMFKEIIGkxTJiWLhdsi4x0C8DypPpFqaM4zfj8/8a4CQ==
+=/krf
+-----END PGP PUBLIC KEY BLOCK-----