diff --git a/gitea/PKGBUILD b/gitea/PKGBUILD new file mode 100644 index 0000000..5617780 --- /dev/null +++ b/gitea/PKGBUILD @@ -0,0 +1,75 @@ +# Maintainer: Bruno Pagani +# Maintainer: Maxime Gauduin +# Contributor: Frederik Schwan + +pkgname=gitea +pkgver=1.15.9 +pkgrel=1 +pkgdesc="Painless self-hosted Git service, community managed." +arch=(x86_64) +url="https://gitea.io" +license=(MIT) +depends=(git) +makedepends=(go nodejs npm) +optdepends=( + 'mariadb: MariaDB support' + 'memcached: MemCached support' + 'openssh: GIT over SSH support' + 'pam: Authentication via PAM support' + 'postgresql: PostgreSQL support' + 'redis: Redis support' + 'sqlite: SQLite support' +) +options=(!lto) +_tag=cb1f4426e7932caf0c7a0c704d35b2090d711b2f # git rev-parse v${pkgver} +source=("git+https://github.com/go-gitea/gitea.git#tag=${_tag}?signed" + gitea.tmpfiles + gitea.service + gitea.sysusers) +sha256sums=('SKIP' + '9f63a517e8da6865fa6d9e87f6b08fe25ea56285304115e052809663c48dc3d7' + 'b16d02a9f32a17cc14dfa46a980bad795a4ed744627e6342248f60236dc2be43' + '7e7b798b8ce035c1fb55993ece41c5efb6cad5922708866804fa50ada0cf9fa5') +validpgpkeys=( + 8C4033A23895237CB27D52D9D9B5613BEB813F99 # Matti Ranta old RSA2048, retrieved from https://github.com/techknowlogick.gpg + B56E3C7437A49E136862F5DE9D8A57ADAA232E95 # Matti Ranta new RSA4096, retrieved from https://github.com/techknowlogick.gpg + ED810FD31FBE67F406ED71BDD4F1E9B6493ED946 # Jonas Franz + 9C5BCD799B3CDB124147A748E0DDFEC24C48784C # Lauris Bukšis-Haberkorns + D8F9672D77C0BB60A024C23EDFDE60A0093EB926 # Lauris Bukšis-Haberkorns new RSA4096 + BA66F67FD73F7058D712D308C3B7C91B632F738A # Lunny Xiao , retrieved from https://github.com/lunny.gpg + B5F0915813554C32C1D599C2C99B82E40B027BAE # '6543' <6543@obermui.de> + D2CF76DA95F201E9901532AB3CDE74631F13A748 # Andrew Thornton , retrieved from https://github.com/zeripath.gpg +) +install=gitea.install + +prepare() { + cd ${pkgname} + # Fetch dependency using go mod + make vendor +} + +pkgver() { + cd ${pkgname} + git describe --tags | sed 's/^v//' +} + +build() { + cd ${pkgname} + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" + export EXTRA_GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw" + export LDFLAGS="-X 'code.gitea.io/gitea/modules/setting.AppWorkPath=/var/lib/gitea/' -X 'code.gitea.io/gitea/modules/setting.CustomConf=/etc/gitea/app.ini'" + export TAGS="bindata sqlite sqlite_unlock_notify pam" + make -j1 +} + +package() { + install -Dm755 ${pkgname}/${pkgname} -t "${pkgdir}"/usr/bin/ + install -Dm644 ${pkgname}/LICENSE -t "${pkgdir}"/usr/share/licenses/${pkgname}/ + install -Dm644 ${pkgname}.service -t "${pkgdir}"/usr/lib/systemd/system/ + install -Dm644 ${pkgname}.tmpfiles "${pkgdir}"/usr/lib/tmpfiles.d/${pkgname}.conf + install -Dm644 ${pkgname}.sysusers "${pkgdir}"/usr/lib/sysusers.d/${pkgname}.conf + install -D ${pkgname}/custom/conf/app.example.ini -t "${pkgdir}"/etc/gitea/ +} diff --git a/gitea/gitea.install b/gitea/gitea.install new file mode 100644 index 0000000..b252fc7 --- /dev/null +++ b/gitea/gitea.install @@ -0,0 +1,8 @@ +post_upgrade() { + if [ "$(vercmp "$2" "1.15.0")" -le 0 ]; then + echo "The app.ini configuration file is not prefilled anymore. The current" + echo "one has been saved to .pacsave, you need to at least rename it before" + echo "restarting gitea. The app.example.ini file is provided for a reference" + echo "of settings." + fi +} diff --git a/gitea/gitea.service b/gitea/gitea.service new file mode 100644 index 0000000..126ea94 --- /dev/null +++ b/gitea/gitea.service @@ -0,0 +1,51 @@ +[Unit] +Description=Gitea (Git with a cup of tea) +After=syslog.target +After=network.target +After=mysqld.service +After=postgresql.service +After=memcached.service +After=redis.service + +[Service] +User=gitea +Group=gitea +Type=simple +WorkingDirectory=~ +RuntimeDirectory=gitea +LogsDirectory=gitea +StateDirectory=gitea +Environment=USER=gitea HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea +ExecStart=/usr/bin/gitea web -c /etc/gitea/app.ini +Restart=always +RestartSec=2s +ReadWritePaths=/etc/gitea/app.ini +AmbientCapabilities= +CapabilityBoundingSet= +LockPersonality=true +#Required by commit search +#MemoryDenyWriteExecute=true +NoNewPrivileges=True +#SecureBits=noroot-locked +PrivateDevices=true +PrivateTmp=true +PrivateUsers=true +ProtectClock=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectProc=invisible +ProtectSystem=strict +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX +RestrictNamespaces=true +RestrictRealtime=true +RestrictSUIDSGID=true +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallErrorNumber=EPERM + +[Install] +WantedBy=multi-user.target diff --git a/gitea/gitea.sysusers b/gitea/gitea.sysusers new file mode 100644 index 0000000..9da9393 --- /dev/null +++ b/gitea/gitea.sysusers @@ -0,0 +1 @@ +u gitea - "Gitea daemon user" /var/lib/gitea /bin/bash diff --git a/gitea/gitea.tmpfiles b/gitea/gitea.tmpfiles new file mode 100644 index 0000000..ad19970 --- /dev/null +++ b/gitea/gitea.tmpfiles @@ -0,0 +1,10 @@ +d /var/lib/gitea 0750 +d /var/lib/gitea/attachments 0750 +d /var/lib/gitea/data 0750 +d /var/lib/gitea/indexers 0750 +d /var/lib/gitea/repos 0750 +d /var/lib/gitea/tmp 0750 +Z /var/lib/gitea - gitea gitea +d /var/log/gitea 0750 gitea gitea +z /etc/gitea 0755 gitea gitea +z /etc/gitea/app.ini 0600 gitea gitea