- Force HOME=/root in build-alpine.sh for consistent key location
- Use find instead of ls for key discovery (handles dash-prefixed filenames)
- Search multiple paths for generated keys
- Copy keys from KEY_DIR to builduser home directory
- Set env.HOME=/root in Alpine container spec
- Remove separate abuild-keygen step (handled by build-alpine.sh)
- Add error exit if no signing key found
Co-authored-by: git-echo <git-echo@moon-dragon.us>
Root causes of ALL Alpine build failures:
1. ci.yml: Verify Alpine package step was TRUNCATED at line 339 -
missing closing quote, then clause, fi, and entire upload step.
This caused YAML parse failure every run.
2. build-alpine.sh: Copy path was /home/builduser/packages/home/x86_64/
but abuild outputs to /home/builduser/packages/builduser/x86_64/.
The find fallback caught stale packages from previous builds.
Fixes:
- Complete the Verify Alpine package step with proper if/fi
- Add Upload to Gitea Release step for Alpine (was completely missing)
- Fix abuild output path in build-alpine.sh
- Revert build-alpine.sh to original (no cleanup lines)
- Remove CI Alpine cleanup step entirely
- Keep version verification and exact version upload in CI
- The original build worked fine without cleanup; stale packages
are caught by version verification
- Remove mkdir -p /home/builduser/packages/home/x86_64/ that was creating
root-owned directories that abuild (running as builduser) couldnt write to
- Keep targeted rm -f of stale .apk files only
- abuild creates its own output directories with correct ownership
- Alpine: clean entire /home/builduser/packages/ before abuild (not just releases/)
- Alpine: add version verification step to CI (like RPM already has)
- Alpine: upload uses exact version match instead of head -1
- Debian: add u2404 suffix to build-deb output filename
- Remove duplicate 1.1.12 entry from debian/changelog
- Add /releases/ to .gitignore to prevent tracking build artifacts
- Remove old 1.0.0 .deb files from git tracking
- Add stale .apk cleanup to build-alpine.sh (matching build-arch.sh)
- Add cleanup step to CI Alpine workflow to remove stale packages
Fixes Alpine package version mismatch caused by old artifacts in releases/
Root cause: .apk-install is not a valid abuild suffix (lines 247-257 of abuild).
abuild expects SEPARATE files: pkgname.pre-install, .post-install, .pre-deinstall, .post-deinstall.
The old single .apk-install file caused abuild to die with "unknown install script suffix",
but CI used || true which masked the failure, so APK was built WITHOUT install scripts.
Verified on actual Alpine runner: install script suffixes now pass abuild validation.
- configs/linux-patch-api.pre-install: create dirs, set permissions (matches Debian preinst)
- configs/linux-patch-api.post-install: copy example configs, enable service (matches Debian postinst)
- configs/linux-patch-api.pre-deinstall: stop and disable service (matches Debian prerm)
- configs/linux-patch-api.post-deinstall: clean up empty dirs (matches Debian postrm)
- Removed configs/linux-patch-api.apk-install (invalid format)
- Updated build-alpine.sh: copy 4 install scripts to workspace, updated install= line in APKBUILD
- Arch: remove system user creation, root:root ownership, fix $startdir path in PKGBUILD
- RPM: uncomment BuildRequires, add runtime deps (openssl-libs, ca-certificates), remove system user, root:root ownership
- Alpine: remove system user creation, root:root ownership, co-locate install script with APKBUILD
- All platforms now match Debian: no system user, root:root, create dirs, copy example configs, enable service
Bug fixes:
- get_fqdn() now prioritizes 'hostname -f' (returns full FQDN) over /etc/hostname (returns short hostname)
- Added get_hostname() for short hostname extraction
- Added hostname field to EnrollmentRequest for manager display_name population
- Updated SPEC.md and API_DOCUMENTATION.md
Package fixes:
- Arch: Added linux-patch-api.install with post_install/upgrade/remove hooks, user creation, directory creation, config handling
- Alpine: Added linux-patch-api.apk-install with pre/post install/deinstall hooks, user creation, directory creation, config handling, missing config.yaml.example
- RPM: Dynamic version from Cargo.toml, %ghost %config(noreplace) for live configs, tarball exclusions, /var/log in %files
CRITICAL: Previous commit 0984684 did not include these fixes.
Debian (debian/rules):
- Use && to keep cargo build in same shell as . "$HOME/.cargo/env"
- Make runs each recipe line in a separate shell
Arch (build-arch.sh):
- Use << "EOF" heredoc with hardcoded path to prevent $pkgdir expansion
- $pkgdir must be literal for makepkg to expand at runtime
Alpine (build-alpine.sh):
- Copy signing public key to /etc/apk/keys/ BEFORE abuild
- Use || true on abuild because index update may fail but APK is still created
debian/rules: Escape $HOME for make (use $$HOME)
- Make interprets $H as variable, $$ escapes it
build-alpine.sh: Install signing public key
- Copy .abuild/*.rsa.pub to /etc/apk/keys/
- Fixes UNTRUSTED signature error on index update
build-arch.sh: Use /home/builduser/repo for all paths
- PKGDIR=/home/builduser/repo/arch-package
- WORKSPACE_DIR=/home/builduser/repo
- Fixes permission denied on act cache path
debian/rules: Source cargo env before calling cargo
- Add `. "$HOME/.cargo/env"` to override_dh_auto_build
build-alpine.sh: Use /home/builduser for all paths
- PKGDIR=/home/builduser/apk-package (accessible by builduser)
- WORKSPACE_DIR=/home/builduser (for APKBUILD package function)
- Removed duplicate else line
build-arch.sh: Copy repo to accessible directory
- Copy repo contents to /home/builduser/repo before makepkg
- Run makepkg in /home/builduser/repo (not act cache path)
CI workflow (ci.yml):
- Proper YAML structure for all steps
- curl+tar checkout (act runners lack git)
- GITEATOKEN authentication for private repo access
- build-essential/gcc added to all jobs
- dpkg-buildpackage -d flag (skip apt dep check)
Build scripts:
- build-alpine.sh: Copy APKBUILD to /home/builduser before abuild
- build-arch.sh: Use REPO_DIR variable instead of $(pwd) in su commands
Debian: Add -d flag to dpkg-buildpackage (skip dep check,
rustup installed Rust not apt)
RPM/Arch: Fix missing run: | YAML syntax in dependency steps
Alpine: Fix abuild working directory - use /home/builduser
explicitly instead of $(pwd) which referenced act cache path
- build-rpm.sh: Build RPM packages on RHEL/CentOS/Fedora
- build-alpine.sh: Build APK packages on Alpine Linux
- build-arch.sh: Build Arch packages on Arch Linux/Manjaro
Each script can also run in Docker containers for cross-platform builds.
Complements CI/CD pipeline for local package building.
