fix: Alpine install scripts - use separate files with valid abuild suffixes

Root cause: .apk-install is not a valid abuild suffix (lines 247-257 of abuild).
abuild expects SEPARATE files: pkgname.pre-install, .post-install, .pre-deinstall, .post-deinstall.
The old single .apk-install file caused abuild to die with "unknown install script suffix",
but CI used || true which masked the failure, so APK was built WITHOUT install scripts.

Verified on actual Alpine runner: install script suffixes now pass abuild validation.

- configs/linux-patch-api.pre-install: create dirs, set permissions (matches Debian preinst)
- configs/linux-patch-api.post-install: copy example configs, enable service (matches Debian postinst)
- configs/linux-patch-api.pre-deinstall: stop and disable service (matches Debian prerm)
- configs/linux-patch-api.post-deinstall: clean up empty dirs (matches Debian postrm)
- Removed configs/linux-patch-api.apk-install (invalid format)
- Updated build-alpine.sh: copy 4 install scripts to workspace, updated install= line in APKBUILD

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "linux-patch-api"
-version = "1.1.9"
+version = "1.1.10"
 edition = "2021"
 authors = ["Echo <echo@moon-dragon.us>"]
 description = "Secure remote package management API for Linux systems"

build-alpine.sh

@@ -70,18 +70,21 @@ cp configs/whitelist.yaml.example "$PKGDIR"/etc/linux_patch_api/whitelist.yaml.e
 
 # Prepare workspace for abuild
 WORKSPACE_DIR=/home/builduser/repo
+rm -rf "$WORKSPACE_DIR"
 mkdir -p "$WORKSPACE_DIR"
 
-# Copy install script to workspace (must be co-located with APKBUILD)
-cp configs/linux-patch-api.apk-install "$WORKSPACE_DIR"/linux-patch-api.apk-install
-
 # Copy package directory to workspace
 cp -r "$PKGDIR" "$WORKSPACE_DIR"/apk-package
 
-# Copy entire repo to workspace for source references
+# Copy install scripts to workspace (must be co-located with APKBUILD)
-cp -r . "$WORKSPACE_DIR"/src/
+# Alpine abuild requires SEPARATE files with valid suffixes:
+#   pkgname.pre-install, pkgname.post-install, pkgname.pre-deinstall, pkgname.post-deinstall
+cp configs/linux-patch-api.pre-install "$WORKSPACE_DIR"/linux-patch-api.pre-install
+cp configs/linux-patch-api.post-install "$WORKSPACE_DIR"/linux-patch-api.post-install
+cp configs/linux-patch-api.pre-deinstall "$WORKSPACE_DIR"/linux-patch-api.pre-deinstall
+cp configs/linux-patch-api.post-deinstall "$WORKSPACE_DIR"/linux-patch-api.post-deinstall
 
-# Create APKBUILD in workspace directory (co-located with install script)
+# Create APKBUILD in workspace directory (co-located with install scripts)
 echo "Creating APKBUILD..."
 cat > "$WORKSPACE_DIR"/APKBUILD << EOF
 pkgname=linux-patch-api
@@ -93,7 +96,7 @@ arch="x86_64"
 license="MIT"
 makedepends=""
 depends="openrc"
-install="linux-patch-api.apk-install"
+install="linux-patch-api.pre-install linux-patch-api.post-install linux-patch-api.pre-deinstall linux-patch-api.post-deinstall"
 subpackages=""
 source=""
 
@@ -141,16 +144,15 @@ if [ "$(id -u)" = "0" ]; then
     cp /home/builduser/.abuild/*.rsa.pub /etc/apk/keys/ 2>/dev/null || true
     
     # Run abuild as builduser in workspace directory
-    # Use || true because index update may fail but APK is still created
+    su - builduser -c "cd $WORKSPACE_DIR && abuild checksum && abuild -d"
-    su - builduser -c "cd $WORKSPACE_DIR && abuild checksum && abuild -d -F" || true
     
     # Copy APK from builduser packages to releases
     mkdir -p releases
-    cp /home/builduser/packages/x86_64/*.apk releases/ 2>/dev/null || cp /home/builduser/packages/*.apk releases/ 2>/dev/null || find /home/builduser/packages -name "*.apk" -exec cp {} releases/ \; 2>/dev/null || true
+    cp /home/builduser/packages/home/x86_64/*.apk releases/ 2>/dev/null || find /home/builduser/packages -name "*.apk" -exec cp {} releases/ \; 2>/dev/null || true
 else
     cd "$WORKSPACE_DIR"
     abuild checksum
-    abuild -F -r
+    abuild -r
     cd -
     mkdir -p releases
     cp ~/packages/x86_64/*.apk releases/ 2>/dev/null || cp ~/packages/*.apk releases/ 2>/dev/null || true
@@ -161,4 +163,4 @@ echo "=== Build Complete ==="
 echo "Package: releases/linux-patch-api-*.apk"
 echo ""
 echo "Install with:"
-echo "  sudo apk add --allow-unstable ./releases/linux-patch-api-*.apk"
+echo "  sudo apk add ./releases/linux-patch-api-*.apk"

configs/linux-patch-api.apk-install

@@ -1,81 +0,0 @@
-#!/bin/sh
-# Alpine Linux install hooks for linux-patch-api
-# Matches Debian preinst/postinst behavior: no system user, root:root ownership
-# Alpine APKBUILD install script format: pre-install, post-install, pre-deinstall, post-deinstall
-
-# Pre-install: Create directories before files are laid down
-pre_install() {
-    # Create required directories
-    mkdir -p /etc/linux_patch_api/certs
-    mkdir -p /var/lib/linux_patch_api
-    mkdir -p /var/log/linux_patch_api
-
-    # Set proper ownership (service runs as root)
-    chown -R root:root /var/lib/linux_patch_api
-    chown -R root:root /var/log/linux_patch_api
-
-    # Set secure permissions
-    chmod 750 /etc/linux_patch_api
-    chmod 750 /etc/linux_patch_api/certs
-    chmod 755 /var/lib/linux_patch_api
-    chmod 755 /var/log/linux_patch_api
-
-    echo "Pre-installation setup completed"
-}
-
-# Post-install: Copy example configs, enable service
-post_install() {
-    # Copy example configs if they don't exist
-    if [ ! -f "/etc/linux_patch_api/config.yaml" ]; then
-        if [ -f "/etc/linux_patch_api/config.yaml.example" ]; then
-            cp /etc/linux_patch_api/config.yaml.example /etc/linux_patch_api/config.yaml
-            chmod 640 /etc/linux_patch_api/config.yaml
-            chown root:root /etc/linux_patch_api/config.yaml
-        fi
-    fi
-
-    if [ ! -f "/etc/linux_patch_api/whitelist.yaml" ]; then
-        if [ -f "/etc/linux_patch_api/whitelist.yaml.example" ]; then
-            cp /etc/linux_patch_api/whitelist.yaml.example /etc/linux_patch_api/whitelist.yaml
-            chmod 640 /etc/linux_patch_api/whitelist.yaml
-            chown root:root /etc/linux_patch_api/whitelist.yaml
-        fi
-    fi
-
-    # Enable the service (but don't start automatically - admin should configure first)
-    rc-update add linux-patch-api default
-
-    echo ""
-    echo "linux-patch-api installed successfully!"
-    echo ""
-    echo "Next steps:"
-    echo "  1. Configure /etc/linux_patch_api/config.yaml with your settings"
-    echo "  2. Place TLS certificates in /etc/linux_patch_api/certs/"
-    echo "  3. Configure IP whitelist in /etc/linux_patch_api/whitelist.yaml"
-    echo "  4. Start the service: rc-service linux-patch-api start"
-    echo "  5. Check status: rc-service linux-patch-api status"
-    echo ""
-}
-
-# Pre-deinstall: Stop and disable service before files are removed
-pre_deinstall() {
-    # Stop the service if running
-    if rc-service linux-patch-api status >/dev/null 2>&1; then
-        rc-service linux-patch-api stop
-        echo "Service stopped"
-    else
-        echo "Service was not running"
-    fi
-
-    # Disable the service
-    rc-update del linux-patch-api default 2>/dev/null || true
-}
-
-# Post-deinstall: Clean up on removal
-post_deinstall() {
-    # Remove directories only if empty (preserve user data on reinstall)
-    rmdir /var/lib/linux_patch_api 2>/dev/null || true
-    rmdir /var/log/linux_patch_api 2>/dev/null || true
-
-    echo "linux-patch-api removed"
-}

configs/linux-patch-api.post-deinstall

@@ -0,0 +1,10 @@
+#!/bin/sh
+# Alpine Linux post-deinstall script for linux-patch-api
+# Runs after package files are removed
+# Matches Debian postrm behavior: clean up empty directories
+
+# Remove directories only if empty (preserve user data on reinstall)
+rmdir /var/lib/linux_patch_api 2>/dev/null || true
+rmdir /var/log/linux_patch_api 2>/dev/null || true
+
+echo "linux-patch-api removed"

configs/linux-patch-api.post-install

@@ -0,0 +1,35 @@
+#!/bin/sh
+# Alpine Linux post-install script for linux-patch-api
+# Runs after package files are laid down
+# Matches Debian postinst behavior: copy example configs, enable service
+
+# Copy example configs if they don't exist
+if [ ! -f "/etc/linux_patch_api/config.yaml" ]; then
+    if [ -f "/etc/linux_patch_api/config.yaml.example" ]; then
+        cp /etc/linux_patch_api/config.yaml.example /etc/linux_patch_api/config.yaml
+        chmod 640 /etc/linux_patch_api/config.yaml
+        chown root:root /etc/linux_patch_api/config.yaml
+    fi
+fi
+
+if [ ! -f "/etc/linux_patch_api/whitelist.yaml" ]; then
+    if [ -f "/etc/linux_patch_api/whitelist.yaml.example" ]; then
+        cp /etc/linux_patch_api/whitelist.yaml.example /etc/linux_patch_api/whitelist.yaml
+        chmod 640 /etc/linux_patch_api/whitelist.yaml
+        chown root:root /etc/linux_patch_api/whitelist.yaml
+    fi
+fi
+
+# Enable the service (but don't start automatically - admin should configure first)
+rc-update add linux-patch-api default
+
+echo ""
+echo "linux-patch-api installed successfully!"
+echo ""
+echo "Next steps:"
+echo "  1. Configure /etc/linux_patch_api/config.yaml with your settings"
+echo "  2. Place TLS certificates in /etc/linux_patch_api/certs/"
+echo "  3. Configure IP whitelist in /etc/linux_patch_api/whitelist.yaml"
+echo "  4. Start the service: rc-service linux-patch-api start"
+echo "  5. Check status: rc-service linux-patch-api status"
+echo ""

configs/linux-patch-api.pre-deinstall

@@ -0,0 +1,15 @@
+#!/bin/sh
+# Alpine Linux pre-deinstall script for linux-patch-api
+# Runs before package files are removed
+# Matches Debian prerm behavior: stop and disable service
+
+# Stop the service if running
+if rc-service linux-patch-api status >/dev/null 2>&1; then
+    rc-service linux-patch-api stop
+    echo "Service stopped"
+else
+    echo "Service was not running"
+fi
+
+# Disable the service
+rc-update del linux-patch-api default 2>/dev/null || true

configs/linux-patch-api.pre-install

@@ -0,0 +1,19 @@
+#!/bin/sh
+# Alpine Linux pre-install script for linux-patch-api
+# Runs before package files are laid down
+# Matches Debian preinst behavior: create directories, set permissions
+
+# Create required directories
+mkdir -p /etc/linux_patch_api/certs
+mkdir -p /var/lib/linux_patch_api
+mkdir -p /var/log/linux_patch_api
+
+# Set proper ownership (service runs as root)
+chown -R root:root /var/lib/linux_patch_api
+chown -R root:root /var/log/linux_patch_api
+
+# Set secure permissions
+chmod 750 /etc/linux_patch_api
+chmod 750 /etc/linux_patch_api/certs
+chmod 755 /var/lib/linux_patch_api
+chmod 755 /var/log/linux_patch_api

debian/changelog

@@ -1,3 +1,12 @@
+linux-patch-api (1.1.10-1) unstable; urgency=low
+
+  * Fix Alpine install scripts: use separate files with valid abuild suffixes
+  * Root cause: .apk-install is not a valid abuild suffix (abuild silently fails)
+  * Correct format: pkgname.pre-install, .post-install, .pre-deinstall, .post-deinstall
+  * Verified on actual Alpine runner: install script suffixes now pass abuild validation
+
+ -- Echo <echo@moon-dragon.us>  Wed, 20 May 2026 07:43:00 -0500
+
 linux-patch-api (1.1.9-1) unstable; urgency=low
 
   * Fix non-Ubuntu packages: align Arch, RPM, Alpine with Debian baseline

linux-patch-api.spec

@@ -162,6 +162,12 @@ fi
 
 # Changelog
 %changelog
+* Wed May 20 2026 Echo <echo@moon-dragon.us> - 1.1.10-1
+- Fix Alpine install scripts: use separate files with valid abuild suffixes
+- Root cause: .apk-install is not a valid abuild suffix (abuild silently fails)
+- Correct format: pkgname.pre-install, .post-install, .pre-deinstall, .post-deinstall
+- Verified on actual Alpine runner: install script suffixes now pass abuild validation
+
 * Tue May 19 2026 Echo <echo@moon-dragon.us> - 1.1.9-1
 - Fix non-Ubuntu packages: align Arch, RPM, Alpine with Debian baseline
 - Remove system user creation (service runs as root)