3.2 KiB

Alpine build and packaging

Alpine build system is used for all custom non-LXC packages, such as Acme.sh Let's Encrypt ACME client and VMMgr virtual machine manager.

Alpine wiki references

The usage of Abuild, APK package manager and syntax of APKBUILD files is best described on Alpine wiki.

Abuild in a nutshell

Building with abuild requires alpine-sdk package installed, /etc/abuild.conf configured and an RSA private key created in /srv/repo.spotter.cz.rsa and subsequently registered by abuild-keygen command. All these are taken care of in install-toolchain.sh script as part of Build environment installation.

Abuild toolchain is intended to be used in automated builds, therefore it requires some dependencies normally not found in other packaging systems. Abuild expects that APKBUILD files are a part of git repository and tries to read current commit hash. Then it tries to automatically download, build (compile), strip binaries, find out dependencies, and generally perform a lot of tasks normally useful when you are compiling from sources. Finally it packages the result to one or more subpackages, according to the build recipe. For purposes of LXC packaging, this is mostly useless, which is the reason why we have a custom package manager. It is however perfectly suitable for packages installed directly on the basic VM.

APKFILE and build example

Following is an APKFILE example with some commonly used options to skip or bypass the default features of Abuild in case you simply need to package a bunch of existing files without any compilation or other build tasks.

# Contributor: Disassembler <disassembler@dasm.cz>
# Maintainer: Disassembler <disassembler@dasm.cz>
pkgname=somepackage
pkgver=0.0.1
pkgrel=0
pkgdesc="Some description"
url="https://spotter.vm/"
arch="noarch"
license="GPL"
depends="python3"
options="!check !strip"

build() {
    return 0
}

package() {
    mkdir -p ${pkgdir}
    cp -rp mydir ${pkgdir}
}

The directive options="!check !strip" requests Abuild not to run post-build checks and not to strip binaries. The build() function is mandated by the Abuild documentation and simply returns an exit code without doing anything. Finally in package() function, the desired existing files are copied to ${pkgdir} (which is a variable automatically set by Abuild) and packaged.

Such APKFILE recipe is then executed using abuild command. Abuild normally uses fakeroot to isolate the build environment and discourages using root user for packaging, however our build instance is highly specialized for this purpose, so we package as root anyway. Any user (including root) needs to be a member of abuild group in order to perform the task. For our root user, this is again handled in install-toolchain.sh. If you do the packaging as root, you need to run abuild -F as seen in build-all.sh.