diff --git a/gitea/PKGBUILD b/gitea/PKGBUILD new file mode 100644 index 0000000..6f97142 --- /dev/null +++ b/gitea/PKGBUILD @@ -0,0 +1,77 @@ +# Maintainer: Bruno Pagani +# Maintainer: Maxime Gauduin +# Contributor: Frederik Schwan + +pkgname=gitea +pkgver=1.14.5 +pkgrel=1 +pkgdesc="Painless self-hosted Git service. Community managed fork of Gogs." +arch=(x86_64) +url="https://gitea.io" +license=(MIT) +depends=(git) +makedepends=(go nodejs npm) +optdepends=( + 'mariadb: MariaDB support' + 'memcached: MemCached support' + 'openssh: GIT over SSH support' + 'pam: Authentication via PAM support' + 'postgresql: PostgreSQL support' + 'redis: Redis support' + 'sqlite: SQLite support' +) +backup=('etc/gitea/app.ini') +_tag=62fa153f9f36fed810e99f6f53f93dd756288096 # git rev-parse v${pkgver} +source=("git+https://github.com/go-gitea/gitea.git#tag=${_tag}?signed" + gitea.tmpfiles + gitea.service + gitea.sysusers + gitea-arch-defaults.patch) +sha256sums=('SKIP' + '1521fd7edc3830c695698ffe9835709f1408040b5ec989f07410972c894fa8ba' + 'd4e6b0dc3d5b40c3f1254b5a8bc8f62e0b1126e0559b1f024b3ebf0ccda91af8' + '7e7b798b8ce035c1fb55993ece41c5efb6cad5922708866804fa50ada0cf9fa5' + '9209c385a59cef83fd4c526b445de998c7b30c345c0b6101570142b4ce29ee1f') +validpgpkeys=( + 8C4033A23895237CB27D52D9D9B5613BEB813F99 # Matti Ranta old RSA2048, retrieved from https://github.com/techknowlogick.gpg + B56E3C7437A49E136862F5DE9D8A57ADAA232E95 # Matti Ranta new RSA4096, retrieved from https://github.com/techknowlogick.gpg + ED810FD31FBE67F406ED71BDD4F1E9B6493ED946 # Jonas Franz + 9C5BCD799B3CDB124147A748E0DDFEC24C48784C # Lauris Bukšis-Haberkorns + D8F9672D77C0BB60A024C23EDFDE60A0093EB926 # Lauris Bukšis-Haberkorns new RSA4096 + BA66F67FD73F7058D712D308C3B7C91B632F738A # Lunny Xiao , retrieved from https://github.com/lunny.gpg + B5F0915813554C32C1D599C2C99B82E40B027BAE # '6543' <6543@obermui.de> +) + +prepare() { + cd ${pkgname} + # Change some defaults for ArchLinux + patch -Np1 -i ../gitea-arch-defaults.patch + # Fetch dependency using go mod + make vendor +} + +pkgver() { + cd ${pkgname} + git describe --tags | sed 's/^v//' +} + +build() { + cd ${pkgname} + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" + export EXTRA_GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw" + export LDFLAGS="-X 'code.gitea.io/gitea/modules/setting.AppWorkPath=/var/lib/gitea/'" + export TAGS="bindata sqlite sqlite_unlock_notify pam" + make -j1 +} + +package() { + install -Dm755 ${pkgname}/${pkgname} -t "${pkgdir}"/usr/bin/ + install -Dm644 ${pkgname}/LICENSE -t "${pkgdir}"/usr/share/licenses/${pkgname}/ + install -Dm644 ${pkgname}.service -t "${pkgdir}"/usr/lib/systemd/system/ + install -Dm644 ${pkgname}.tmpfiles "${pkgdir}"/usr/lib/tmpfiles.d/${pkgname}.conf + install -Dm644 ${pkgname}.sysusers "${pkgdir}"/usr/lib/sysusers.d/${pkgname}.conf + install -D ${pkgname}/custom/conf/app.example.ini "${pkgdir}"/etc/gitea/app.ini +} diff --git a/gitea/gitea-arch-defaults.patch b/gitea/gitea-arch-defaults.patch new file mode 100644 index 0000000..5db64dd --- /dev/null +++ b/gitea/gitea-arch-defaults.patch @@ -0,0 +1,48 @@ +--- a/custom/conf/app.example.ini ++++ b/custom/conf/app.example.ini +@@ -7,6 +7,6 @@ + ; App name that shows in every page title + APP_NAME = Gitea: Git with a cup of tea + ; Change it if you run locally +-RUN_USER = git ++RUN_USER = gitea + ; Application run mode, affects performance and debugging. Either "dev", "prod" or "test", default is "prod" + RUN_MODE = prod +@@ -18,5 +18,5 @@ + + [repository] +-ROOT = ++ROOT = /var/lib/gitea/repos + SCRIPT_TYPE = bash + ; DETECTED_CHARSETS_ORDER tie-break order for detected charsets. +@@ -424,7 +424,7 @@ SQLITE_TIMEOUT = 500 + ; For iterate buffer, default is 50 + ITERATE_BUFFER_SIZE = 50 + ; Show the database generated SQL +-LOG_SQL = true ++LOG_SQL = false + ; Maximum number of DB Connect retries + DB_RETRIES = 10 + ; Backoff time per DB retry (time.Duration) +@@ -838,10 +838,10 @@ FORMAT = + DEFAULT_UI_LOCATION = + + [log] +-ROOT_PATH = ++ROOT_PATH = /var/log/gitea/ + ; Either "console", "file", "conn", "smtp" or "database", default is "console" + ; Use comma to separate multiple modes, e.g. "console, file" +-MODE = console ++MODE = console, file + ; Buffer length of the channel, keep it as it is if you don't know what it is. + BUFFER_LEN = 10000 + REDIRECT_MACARON_LOG = false +@@ -866,7 +866,7 @@ COLORIZE = false + + ; For "console" mode only + [log.console] +-LEVEL = ++LEVEL = Info + STDERR = false + + ; For "file" mode only diff --git a/gitea/gitea.service b/gitea/gitea.service new file mode 100644 index 0000000..dfc1d73 --- /dev/null +++ b/gitea/gitea.service @@ -0,0 +1,47 @@ +[Unit] +Description=Gitea (Git with a cup of tea) +After=syslog.target +After=network.target +After=mysqld.service +After=postgresql.service +After=memcached.service +After=redis.service + +[Service] +User=gitea +Group=gitea +Type=simple +WorkingDirectory=~ +RuntimeDirectory=gitea +LogsDirectory=gitea +StateDirectory=gitea +Environment=USER=gitea HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea +ExecStart=/usr/bin/gitea web -c /etc/gitea/app.ini +Restart=always +RestartSec=2s +CapabilityBoundingSet= +NoNewPrivileges=True +#SecureBits=noroot-locked +ProtectSystem=strict +ProtectHome=true +ReadWritePaths=/etc/gitea/app.ini +PrivateTmp=true +PrivateDevices=true +PrivateUsers=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +LockPersonality=true +MemoryDenyWriteExecute=true +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX +RestrictRealtime=true +RestrictSUIDSGID=true +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallErrorNumber=EPERM + +[Install] +WantedBy=multi-user.target diff --git a/gitea/gitea.sysusers b/gitea/gitea.sysusers new file mode 100644 index 0000000..9da9393 --- /dev/null +++ b/gitea/gitea.sysusers @@ -0,0 +1 @@ +u gitea - "Gitea daemon user" /var/lib/gitea /bin/bash diff --git a/gitea/gitea.tmpfiles b/gitea/gitea.tmpfiles new file mode 100644 index 0000000..7d92761 --- /dev/null +++ b/gitea/gitea.tmpfiles @@ -0,0 +1,10 @@ +d /var/lib/gitea 0750 +d /var/lib/gitea/attachments 0750 +d /var/lib/gitea/data 0750 +d /var/lib/gitea/indexers 0750 +d /var/lib/gitea/repos 0750 +d /var/lib/gitea/tmp 0750 +Z /var/lib/gitea - gitea gitea +d /var/log/gitea 0750 gitea gitea +z /etc/gitea 0755 root gitea +z /etc/gitea/app.ini 0660 root gitea