blob: 2e96ed04882d4add84c61099d7990efd2c9f4121 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
# AUR PKG Builder
Automated *Arch-Linux User Repository* package buildsystem built on Podman.
**CAUTION:** Automatically building AUR packages is inherently **dangerous**.
You are de-facto granting the submitter *arbitrary code execution* on the build machine as well as the users system.
For more information, consult the [Arch Wiki](https://wiki.archlinux.org/title/Arch_User_Repository).
## Usage
In normal operation, no intervention should be required.
See **Configuration** and **Installation** for Instruction on setup.
Builds can be manually triggered by `systemctl start aurbuilder-package.service`.
This requires a `aurbuilder-container.service` run to have completed beforehand.
The repository index can be force-updated with `systemctl start aurbuilder-repo.service`.
## Client pacman Configuration
```ini
[<repo name>]
Server = http://aurbuilder.example.com/
SigLevel = Optional TrustAll
```
## Configuration
### Packages to build
To build, the *exact* name has to be added in a new line `/etc/aurbuilder/packages`.
It will be included in the next run.
**CAUTION:** Packages removed from this list will *NOT* be automatically deleted.
It is possible for old (possibly insecure) builds to linger around.
Delete them manually for now.
### Build settings
General settings are stored in `/etc/aurbuilder/config`.
#### `FORCE_REBUILD`
`yes/[no]`
All packages will be rebuilt every run
#### `PACKAGER`
Name and mail of the packager to be stored in the packages.
Format: `Na Me <name@mail.com>`
#### `REPONAME`
The name to be used for the package database.
This has to match with the repositories name in `pacman.conf`.
## Installation
aurbuilder is designed to be run on Arch Linux.
Use the `PKGBUILD` in `pkgbuild/` to install with `makepkg -si`.
Enable the systemd timers to activate the automated builds:
`systemctl enable aurbuilder-container.timer` and
`systemctl enable aurbuilder-package.timer`.
### nginx
To access the repository conveniently from remote hosts, a webserver is needed.
aurbuilder comes with a sensible default configuration in `/usr/share/aurbuilder/nginx/aurbuilder.conf`.
It has to be included in a `location` block:
```nginx
# /etc/nginx/nginx.conf
http {
# ...
server {
# ...
location /mycoolrepo {
include /usr/share/aurbuilder/nginx/aurbuilder.conf;
}
}
}
```
## Roadmap
aurbuilder is very bare-bones.
There are several features and improvements that I plan to add to improve security and ease of use.
I would strongly recommend against using aurbuilder in any mission critical capacity.
* Package and repo signing with GPG
* Better repo management, autodelete and cleanups
* Allow specifying a git repo instead of a pkgname for external/custom packages
* warn / protect from submitter changes and orphan packages
## Locations
| location | description |
| --- | --- |
| `/srv/pkg` | Package output directory |
| `/etc/aurbuilder` | Configuration files |
| `/var/lib/aurbuilder` | Homedir of user (for podman storage) |
| `/usr/share/aurbuilder` | Container buildfiles and nginx config |
| `/usr/lib/aurbuilder` | Executables |
| `/usr/lib/systemd/system` | Systemd Unitfiles |
## License
This project is licensed under the MIT License.
See file `LICENSE` for details.
|