My aports

This repository contains aports that are not merged in the official Alpine Linux repository yet or don’t adhere to Alpine polices (e.g. bundles). Packages are automatically built on GitHub Actions for x86_64 architecture and synchronized with a remote server using SSHFS (SSH Filesystem).

The master branch targets Alpine Linux v3.20. Aports for older Alpine release branches are in the same named branches in this repository, e.g. v3.15. Alpine Edge (aka unstable, development branch) is not supported.

Repositories

All the repositories are also available over rsync://repo.jirutka.cz/alpine/.

Backports

• https://repo.jirutka.cz/alpine/v3.20/backports

Aports from the official Alpine repositories backported from edge to v3.20.

User

• https://repo.jirutka.cz/alpine/v3.20/user

My aports that are not available in the official Alpine repository.

Some aports in this repository are “bundles” – an aport with (some) bundled dependencies. It’s something that Alpine devs really don’t like, but it’s very convenient ^[1] for packaging applications with a lot dependencies that are already managed by some language-specific package manager (e.g. pip, bundler, …). All bundles are installed in /usr/lib/bundles/<pkgname>.

How to use

1. Add security key of this repository to your /etc/apk/keys:

   cd /etc/apk/keys
   wget https://raw.githubusercontent.com/jirutka/user-aports/master/.keys/jakub@jirutka.cz-655775c4.rsa.pub

2. Add repositories that you want to use (see above) to /etc/apk/repositories.

Git Hooks

You can find some useful git hooks in the .githooks directory. To use them, run the following command after cloning this repository:

git config --local core.hooksPath .githooks

How to setup your own repository

This guide will help you to set up your own aports repository and infrastructure for building packages using CI. It targets GitHub and GitHub Actions, but it might be modified for any other git hosting and CI. However, if you want to build packages on your own CI server, then this approach might be unnecessarily complicated.

You will need:

• Account on GitHub.

• Some server with SSH access for serving static files via HTTP(S) (e.g. using nginx), with enough disk space for binary packages.

We will use the following variables:

• Domain name of your server: alpine.example.org (replace with your own domain)

• Name of the user on your server for deploying abuilds: ci (you may choose different user)

• Path of directory on your server for deploying abuilds: /var/www/alpine (you may choose different directory)

Set up server

1. Create user ci:

   useradd --no-create-home --shell=/bin/sh --gid www-data ci
   
   # or if you don' have useradd
   adduser -h /var/www/alpine -s /bin/sh -G www-data -D -H ci
   sed -i- 's/^ci:!:/ci:*:/' /etc/shadow

2. Prepare directories:

   install -d -m 0755 -o root -g root /var/www/alpine
   cd /var/www/alpine
   
   install -d -m 0755 -o ci -g root packages
   install -d -m 0700 -o ci -g root .secret ~/.ssh

3. Jail user ci to /var/www/alpine and restrict him to use sftp only; add the following lines to /etc/ssh/sshd_config:

   Match User ci
       ChrootDirectory /var/www/alpine
       ForceCommand internal-sftp
       X11Forwarding no
       AllowTcpForwarding no

4. Set up web server to serve /var/www/alpine/packages on http://alpine.example.org/packages. Ensure that /var/www/alpine/.secret/ is not accessible from web! Example configuration for nginx:

   server {
       listen [::]:80;
       server_name alpine.example.org;
       root /var/www/alpine;
   
       location /.security {
           deny all;
       }
   
       location / {
           autoindex on;
       }
   }

Set up repository

1. Create repository for your aports on GitHub. Let’s assume that it’s named user-aports.

2. Clone branch template of this repository, change remote to your own repository and create branch master:

   git clone --branch template https://github.com/jirutka/user-aports.git user-aports
   cd user-aports
   git remote remove origin
   git remote add origin git@github.com:YOUR-USERNAME/user-aports.git
   git checkout -b master

3. Generate SSH deploy key:

   mkdir -p .keys
   ssh-keygen -C '' -t ed25519 -N '' -f .keys/deploy-key

4. Go to Settings > Secret in your repository on GitHub and add new secrets:

   • SSH_KNOWN_HOSTS – paste output of ssh-keyscan alpine.example.org

   • SSH_PRIVATE_KEY – paste content of .keys/deploy-key

   • SSH_REMOTE – ci@alpine.example.org:/

5. Copy .keys/deploy-key.pub to file ~/.ssh/authorized_keys in home directory of user ci on your server. This file must be owned by ci and has mode 0600!

6. Generate a security key for signing packages:

   KEY_NAME="$(git config --get user.email)-$(printf "%x" $(date +%s)).rsa"
   openssl genrsa -out ".keys/$KEY_NAME" 2048
   openssl rsa -in ".keys/$KEY_NAME" -pubout -out ".keys/$KEY_NAME.pub"

7. Copy $KEY_NAME to file /var/www/alpine/.secret/$KEY_NAME on the server, set owner ci and mode 0400.

8. Delete generated private keys:

   rm .keys/deploy-key ".keys/$KEY_NAME"

9. Adjust BRANCH, BUILD_REPOS and repositories (step “Configure repositories”) in .github/workflows/ci.yml.

10. Change variables :repo-name:, :repo-branch:, :gh-name:, :repos-uri:, and :key-file: on the top of file README.adoc.

11. Commit changes and push to GitHub.

Now create directories for your repositories (e.g. user, backports, …) and add your aports.

License

This readme, abuilds and support scripts are licensed under MIT License.

---

1. Creating and maintaining gazillion distro-specific packages for Python modules, Rubygems, …, installing them globally and resolving version conflicts is nothing but totally insane…