My aports

This repository contains aports that are not merged in the official Alpine Linux repository yet or don’t adhere to Alpine polices (e.g. bundles). Packages are automatically build on Travis CI for x86_64 architecture and synchronized with a remote server using SSHFS (SSH Filesystem).

Repositories

Ugly

http://links.ctrlc.hu/packages/ugly

This repo contains a few major ecosystems, such as:

• gnuradio, and other SDR and HAM related tools

• sigrok

• kicad

• yosys FPGA toolchain

How to use

1. Add security key of this repository to your /etc/apk/keys:

   cd /etc/apk/keys
   wget https://raw.githubusercontent.com/ugly-aports/aports/master/.keys/7o5rfu92t@ctrlc.hu-5d89072f.rsa.pub

2. Add repositories that you want to use (see above) to /etc/apk/repositories.

Git Hooks

You can find some useful git hooks in the .githooks directory. To use them, run the following command after cloning this repository:

git config --local core.hooksPath .githooks

How to setup your own repository

This guide will help you to set up your own aports repository and infrastructure for building packages using CI. It targets GitHub and Travis CI, but it might be modified for any other git hosting and CI. However, if you want to build packages on your own CI server, then this approach might be unnecessarily complicated.

You will need:

• Account on GitHub and Travis CI.

• Some server with SSH access for serving static files via HTTP(S) (e.g. using nginx), with enough disk space for binary packages.

• Travis CLI utility (install it using gem install travis).

We will use the following variables:

• Domain name of your server: alpine.example.org (replace with your own domain)

• Name of the user on your server for deploying abuilds: alpine (you may choose different user)

• Path of directory on your server for deploying abuilds: /var/www/alpine (you may choose different directory)

Set up server

1. Create user alpine:

   useradd --create-home --shell=/sbin/nologin --user-group alpine
   
   # or if you don' have useradd
   addgroup alpine
   adduser -s /sbin/nologin -G alpine -DH

2. Prepare directories:

   mkdir -m0755 -p /var/www/alpine
   cd /var/www/alpine
   
   chown root:root .
   mkdir -m0755 packages
   chown alpine:alpine packages
   
   mkdir -m0700 .secret
   chown alpine:alpine .secret
   
   mkdir -m0700 ~/.ssh
   chown alpine:alpine ~/.ssh

3. Jail user alpine to /var/www/alpine and restrict him to use sftp only; add the following lines to /etc/ssh/sshd_config:

   Match User alpine
       ChrootDirectory /var/www/alpine
       ForceCommand internal-sftp
       X11Forwarding no
       AllowTcpForwarding no

4. Set up web server to serve /var/www/alpine/packages on http://alpine.example.org/packages. Ensure that /var/www/alpine/.secret/ is not accessible from web! Example configuration for nginx:

   server {
       listen [::]:80;
       server_name alpine.example.org;
       root /var/www/alpine;
   
       location /.security {
           deny all;
       }
   
       location / {
           autoindex on;
       }
   }

Set up repository

1. Create repository for your aports on GitHub. Let’s assume that it’s named aports.

2. Clone branch template of this repository, change remote to your own repository and create branch edge:

   git clone --branch template https://github.com/ugly-aports/aports.git aports
   cd aports
   git remote remove origin
   git remote add origin git@github.com:/aports.git
   git checkout -b edge

3. Enable Travis for your repository:

   travis enable

4. Encrypt variable REMOTE and add it to .travis.yml:

   travis encrypt REMOTE="alpine@alpine.example.org:/" --add

5. Generate SSH deploy key:

   ssh-keygen -b 3096 -C "" -P "" -f .travis/deploy-key

6. Encrypt the private part of the deploy key:

   travis encrypt-file .travis/deploy-key .travis/deploy-key.enc --add

7. Copy .travis/deploy-key.pub to file ~/.ssh/authorized_keys in home directory of user alpine on your server. This file must be owned by alpine and has mode 0600!

8. Generate a security key for signing packages:

   KEY_NAME="$(git config --get user.email)-$(printf "%x" $(date +%s)).rsa"
   openssl genrsa -out ".keys/$KEY_NAME" 2048
   openssl rsa -in ".keys/$KEY_NAME" -pubout -out ".keys/$KEY_NAME.pub"
   chmod 0400 ".keys/$KEY_NAME"

9. Copy .keys/$KEY_NAME to file /var/www/alpine/.secret/$KEY_NAME on the server, set owner alpine and mode 0400.

10. Remove unencrypted private keys:

    rm .travis/deploy-key ".keys/$KEY_NAME"

11. Change variables :gh-name:, :repos-uri:, and :key-file: on the top of file README.adoc.

12. Commit changes and push to GitHub.

Now create directories for your repositories (e.g. testing, main, …) and add your abuilds.

License

This readme, abuilds and support scripts are licensed under MIT License.