diff --git a/Cargo.toml b/Cargo.toml index a73aecc..3c2c0dc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "linux-patch-api" -version = "1.1.9" +version = "1.1.10" edition = "2021" authors = ["Echo "] description = "Secure remote package management API for Linux systems" diff --git a/build-alpine.sh b/build-alpine.sh index c57efa6..f5b1168 100644 --- a/build-alpine.sh +++ b/build-alpine.sh @@ -70,18 +70,21 @@ cp configs/whitelist.yaml.example "$PKGDIR"/etc/linux_patch_api/whitelist.yaml.e # Prepare workspace for abuild WORKSPACE_DIR=/home/builduser/repo +rm -rf "$WORKSPACE_DIR" mkdir -p "$WORKSPACE_DIR" -# Copy install script to workspace (must be co-located with APKBUILD) -cp configs/linux-patch-api.apk-install "$WORKSPACE_DIR"/linux-patch-api.apk-install - # Copy package directory to workspace cp -r "$PKGDIR" "$WORKSPACE_DIR"/apk-package -# Copy entire repo to workspace for source references -cp -r . "$WORKSPACE_DIR"/src/ +# Copy install scripts to workspace (must be co-located with APKBUILD) +# Alpine abuild requires SEPARATE files with valid suffixes: +# pkgname.pre-install, pkgname.post-install, pkgname.pre-deinstall, pkgname.post-deinstall +cp configs/linux-patch-api.pre-install "$WORKSPACE_DIR"/linux-patch-api.pre-install +cp configs/linux-patch-api.post-install "$WORKSPACE_DIR"/linux-patch-api.post-install +cp configs/linux-patch-api.pre-deinstall "$WORKSPACE_DIR"/linux-patch-api.pre-deinstall +cp configs/linux-patch-api.post-deinstall "$WORKSPACE_DIR"/linux-patch-api.post-deinstall -# Create APKBUILD in workspace directory (co-located with install script) +# Create APKBUILD in workspace directory (co-located with install scripts) echo "Creating APKBUILD..." cat > "$WORKSPACE_DIR"/APKBUILD << EOF pkgname=linux-patch-api @@ -93,7 +96,7 @@ arch="x86_64" license="MIT" makedepends="" depends="openrc" -install="linux-patch-api.apk-install" +install="linux-patch-api.pre-install linux-patch-api.post-install linux-patch-api.pre-deinstall linux-patch-api.post-deinstall" subpackages="" source="" @@ -141,16 +144,15 @@ if [ "$(id -u)" = "0" ]; then cp /home/builduser/.abuild/*.rsa.pub /etc/apk/keys/ 2>/dev/null || true # Run abuild as builduser in workspace directory - # Use || true because index update may fail but APK is still created - su - builduser -c "cd $WORKSPACE_DIR && abuild checksum && abuild -d -F" || true + su - builduser -c "cd $WORKSPACE_DIR && abuild checksum && abuild -d" # Copy APK from builduser packages to releases mkdir -p releases - cp /home/builduser/packages/x86_64/*.apk releases/ 2>/dev/null || cp /home/builduser/packages/*.apk releases/ 2>/dev/null || find /home/builduser/packages -name "*.apk" -exec cp {} releases/ \; 2>/dev/null || true + cp /home/builduser/packages/home/x86_64/*.apk releases/ 2>/dev/null || find /home/builduser/packages -name "*.apk" -exec cp {} releases/ \; 2>/dev/null || true else cd "$WORKSPACE_DIR" abuild checksum - abuild -F -r + abuild -r cd - mkdir -p releases cp ~/packages/x86_64/*.apk releases/ 2>/dev/null || cp ~/packages/*.apk releases/ 2>/dev/null || true @@ -161,4 +163,4 @@ echo "=== Build Complete ===" echo "Package: releases/linux-patch-api-*.apk" echo "" echo "Install with:" -echo " sudo apk add --allow-unstable ./releases/linux-patch-api-*.apk" +echo " sudo apk add ./releases/linux-patch-api-*.apk" diff --git a/configs/linux-patch-api.apk-install b/configs/linux-patch-api.apk-install deleted file mode 100644 index 40321a7..0000000 --- a/configs/linux-patch-api.apk-install +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/sh -# Alpine Linux install hooks for linux-patch-api -# Matches Debian preinst/postinst behavior: no system user, root:root ownership -# Alpine APKBUILD install script format: pre-install, post-install, pre-deinstall, post-deinstall - -# Pre-install: Create directories before files are laid down -pre_install() { - # Create required directories - mkdir -p /etc/linux_patch_api/certs - mkdir -p /var/lib/linux_patch_api - mkdir -p /var/log/linux_patch_api - - # Set proper ownership (service runs as root) - chown -R root:root /var/lib/linux_patch_api - chown -R root:root /var/log/linux_patch_api - - # Set secure permissions - chmod 750 /etc/linux_patch_api - chmod 750 /etc/linux_patch_api/certs - chmod 755 /var/lib/linux_patch_api - chmod 755 /var/log/linux_patch_api - - echo "Pre-installation setup completed" -} - -# Post-install: Copy example configs, enable service -post_install() { - # Copy example configs if they don't exist - if [ ! -f "/etc/linux_patch_api/config.yaml" ]; then - if [ -f "/etc/linux_patch_api/config.yaml.example" ]; then - cp /etc/linux_patch_api/config.yaml.example /etc/linux_patch_api/config.yaml - chmod 640 /etc/linux_patch_api/config.yaml - chown root:root /etc/linux_patch_api/config.yaml - fi - fi - - if [ ! -f "/etc/linux_patch_api/whitelist.yaml" ]; then - if [ -f "/etc/linux_patch_api/whitelist.yaml.example" ]; then - cp /etc/linux_patch_api/whitelist.yaml.example /etc/linux_patch_api/whitelist.yaml - chmod 640 /etc/linux_patch_api/whitelist.yaml - chown root:root /etc/linux_patch_api/whitelist.yaml - fi - fi - - # Enable the service (but don't start automatically - admin should configure first) - rc-update add linux-patch-api default - - echo "" - echo "linux-patch-api installed successfully!" - echo "" - echo "Next steps:" - echo " 1. Configure /etc/linux_patch_api/config.yaml with your settings" - echo " 2. Place TLS certificates in /etc/linux_patch_api/certs/" - echo " 3. Configure IP whitelist in /etc/linux_patch_api/whitelist.yaml" - echo " 4. Start the service: rc-service linux-patch-api start" - echo " 5. Check status: rc-service linux-patch-api status" - echo "" -} - -# Pre-deinstall: Stop and disable service before files are removed -pre_deinstall() { - # Stop the service if running - if rc-service linux-patch-api status >/dev/null 2>&1; then - rc-service linux-patch-api stop - echo "Service stopped" - else - echo "Service was not running" - fi - - # Disable the service - rc-update del linux-patch-api default 2>/dev/null || true -} - -# Post-deinstall: Clean up on removal -post_deinstall() { - # Remove directories only if empty (preserve user data on reinstall) - rmdir /var/lib/linux_patch_api 2>/dev/null || true - rmdir /var/log/linux_patch_api 2>/dev/null || true - - echo "linux-patch-api removed" -} diff --git a/configs/linux-patch-api.post-deinstall b/configs/linux-patch-api.post-deinstall new file mode 100644 index 0000000..cc567e8 --- /dev/null +++ b/configs/linux-patch-api.post-deinstall @@ -0,0 +1,10 @@ +#!/bin/sh +# Alpine Linux post-deinstall script for linux-patch-api +# Runs after package files are removed +# Matches Debian postrm behavior: clean up empty directories + +# Remove directories only if empty (preserve user data on reinstall) +rmdir /var/lib/linux_patch_api 2>/dev/null || true +rmdir /var/log/linux_patch_api 2>/dev/null || true + +echo "linux-patch-api removed" diff --git a/configs/linux-patch-api.post-install b/configs/linux-patch-api.post-install new file mode 100644 index 0000000..d5f0d77 --- /dev/null +++ b/configs/linux-patch-api.post-install @@ -0,0 +1,35 @@ +#!/bin/sh +# Alpine Linux post-install script for linux-patch-api +# Runs after package files are laid down +# Matches Debian postinst behavior: copy example configs, enable service + +# Copy example configs if they don't exist +if [ ! -f "/etc/linux_patch_api/config.yaml" ]; then + if [ -f "/etc/linux_patch_api/config.yaml.example" ]; then + cp /etc/linux_patch_api/config.yaml.example /etc/linux_patch_api/config.yaml + chmod 640 /etc/linux_patch_api/config.yaml + chown root:root /etc/linux_patch_api/config.yaml + fi +fi + +if [ ! -f "/etc/linux_patch_api/whitelist.yaml" ]; then + if [ -f "/etc/linux_patch_api/whitelist.yaml.example" ]; then + cp /etc/linux_patch_api/whitelist.yaml.example /etc/linux_patch_api/whitelist.yaml + chmod 640 /etc/linux_patch_api/whitelist.yaml + chown root:root /etc/linux_patch_api/whitelist.yaml + fi +fi + +# Enable the service (but don't start automatically - admin should configure first) +rc-update add linux-patch-api default + +echo "" +echo "linux-patch-api installed successfully!" +echo "" +echo "Next steps:" +echo " 1. Configure /etc/linux_patch_api/config.yaml with your settings" +echo " 2. Place TLS certificates in /etc/linux_patch_api/certs/" +echo " 3. Configure IP whitelist in /etc/linux_patch_api/whitelist.yaml" +echo " 4. Start the service: rc-service linux-patch-api start" +echo " 5. Check status: rc-service linux-patch-api status" +echo "" diff --git a/configs/linux-patch-api.pre-deinstall b/configs/linux-patch-api.pre-deinstall new file mode 100644 index 0000000..4ad1e11 --- /dev/null +++ b/configs/linux-patch-api.pre-deinstall @@ -0,0 +1,15 @@ +#!/bin/sh +# Alpine Linux pre-deinstall script for linux-patch-api +# Runs before package files are removed +# Matches Debian prerm behavior: stop and disable service + +# Stop the service if running +if rc-service linux-patch-api status >/dev/null 2>&1; then + rc-service linux-patch-api stop + echo "Service stopped" +else + echo "Service was not running" +fi + +# Disable the service +rc-update del linux-patch-api default 2>/dev/null || true diff --git a/configs/linux-patch-api.pre-install b/configs/linux-patch-api.pre-install new file mode 100644 index 0000000..1f38f32 --- /dev/null +++ b/configs/linux-patch-api.pre-install @@ -0,0 +1,19 @@ +#!/bin/sh +# Alpine Linux pre-install script for linux-patch-api +# Runs before package files are laid down +# Matches Debian preinst behavior: create directories, set permissions + +# Create required directories +mkdir -p /etc/linux_patch_api/certs +mkdir -p /var/lib/linux_patch_api +mkdir -p /var/log/linux_patch_api + +# Set proper ownership (service runs as root) +chown -R root:root /var/lib/linux_patch_api +chown -R root:root /var/log/linux_patch_api + +# Set secure permissions +chmod 750 /etc/linux_patch_api +chmod 750 /etc/linux_patch_api/certs +chmod 755 /var/lib/linux_patch_api +chmod 755 /var/log/linux_patch_api diff --git a/debian/changelog b/debian/changelog index dd6a61e..3654d85 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +linux-patch-api (1.1.10-1) unstable; urgency=low + + * Fix Alpine install scripts: use separate files with valid abuild suffixes + * Root cause: .apk-install is not a valid abuild suffix (abuild silently fails) + * Correct format: pkgname.pre-install, .post-install, .pre-deinstall, .post-deinstall + * Verified on actual Alpine runner: install script suffixes now pass abuild validation + + -- Echo Wed, 20 May 2026 07:43:00 -0500 + linux-patch-api (1.1.9-1) unstable; urgency=low * Fix non-Ubuntu packages: align Arch, RPM, Alpine with Debian baseline diff --git a/linux-patch-api.spec b/linux-patch-api.spec index f158b74..b35be58 100644 --- a/linux-patch-api.spec +++ b/linux-patch-api.spec @@ -162,6 +162,12 @@ fi # Changelog %changelog +* Wed May 20 2026 Echo - 1.1.10-1 +- Fix Alpine install scripts: use separate files with valid abuild suffixes +- Root cause: .apk-install is not a valid abuild suffix (abuild silently fails) +- Correct format: pkgname.pre-install, .post-install, .pre-deinstall, .post-deinstall +- Verified on actual Alpine runner: install script suffixes now pass abuild validation + * Tue May 19 2026 Echo - 1.1.9-1 - Fix non-Ubuntu packages: align Arch, RPM, Alpine with Debian baseline - Remove system user creation (service runs as root)