Safing/portmaster-packaging
1
0
Fork 0
mirror of https://github.com/safing/portmaster-packaging.git synced 2026-05-20 20:10:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #68 from safing/feature/curl-pipe-bash

Browse Source 
Added support for custom shell installer
This commit is contained in:
Daniel Hovie
2022-10-11 09:27:40 +02:00
committed by GitHub
parent 19878b4036 9021eecc9d
commit ebb43c375f
22 changed files with 615 additions and 276 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/linux.yml
+49 -1
View File
@@ -49,6 +49,55 @@ jobs:
name: portmaster-next
path: linux/dist/*
test-shell-install:
name: Test curl|bash installer
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
with:
name: portmaster-current
path: linux
- name: Install tooling
run: sudo bash -c "apt-get update && apt-get install -y systemd desktop-file-utils"
env:
DEBIAN_FRONTEND: noninteractive
- name: Install dependencies
run: sudo apt-get install -y libnetfilter-queue1 ca-certificates
env:
DEBIAN_FRONTEND: noninteractive
- name: Install using SHELL installer
run: yes | sudo bash ./install.sh --assets-url file://$(echo $(pwd)/installer-assets-*.tar.gz)
working-directory: linux
- uses: actions/checkout@v2
- name: Verify installation
run: ./linux/tests/test-install.sh
- uses: actions/download-artifact@v2
with:
name: portmaster-next
path: linux/next
- name: "Upgrade to next pkgrev"
run: yes | sudo bash ./install.sh --assets-url file://$(echo $(pwd)/next/installer-assets-*.tar.gz)
working-directory: linux
- name: Verify upgrade
run: ./linux/tests/test-upgrade.sh
- name: Uninstall portmaster
run: yes | sudo bash ./install.sh --uninstall
working-directory: linux
- name: Verify uninstallation
run: ./linux/tests/test-uninstall.sh
test-ubuntu:
name: Test DEB package (ubuntu VM)
runs-on: ubuntu-latest
@@ -161,7 +210,6 @@ jobs:
- fedora:33
- fedora:34
- centos:7
- centos:8
container: ${{ matrix.container }}
steps:
- uses: actions/download-artifact@v2
.github/workflows/release-aur.yml
+35
View File
@@ -0,0 +1,35 @@
name: release-aur
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
jobs:
release-to-aur:
name: Release to AUR
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install nfpm@latest
run: curl -o /tmp/nfpm.tar.gz -sSL https://github.com/goreleaser/nfpm/releases/download/v2.7.1/nfpm_2.7.1_Linux_x86_64.tar.gz && cd /tmp && tar xf /tmp/nfpm.tar.gz && sudo mv nfpm /usr/local/bin && sudo chmod a+x /usr/local/bin/nfpm
- name: Install gomplate
run: sudo curl -o /usr/local/bin/gomplate -sSL https://github.com/hairyhenderson/gomplate/releases/download/v3.10.0/gomplate_linux-amd64 && sudo chmod +x /usr/local/bin/gomplate
- name: Build packages
run: make gen-pkgbuild
working-directory: linux
- name: Prepare SSH config
uses: MrSquaare/ssh-setup-action@v1
with:
host: aur.archlinux.org
private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: Run AUR release process
run: ./release_to_aur.sh
working-directory: linux
env:
GITHUB_COMMIT_MESSAGE: "${{ github.event.head_commit.message }}"
linux/.gitignore
+1
View File
@@ -3,3 +3,4 @@
/icons
/nfpm.yaml
/dist
/archive.install
linux/Makefile
+6 -2
View File
@@ -4,7 +4,7 @@ NFPM ?= nfpm
.PHONY: icons test-debian test-ubuntu nfpm.yaml
all: deb rpm
all: deb rpm gen-pkgbuild gen-archive
nfpm.yaml: portmaster-start
sed -e "s/^version:.*$$/version: v$(shell ./portmaster-start version --short)-$(shell cat ./pkgrev)/g" ./nfpm.yaml.template > ./nfpm.yaml
@@ -31,7 +31,7 @@ distdir:
mkdir -p ./dist
clean:
rm -r ./portmaster-start ./scripts ./dist icons/ PKGBUILD arch.install nfpm.yaml src pkg portmaster-bin-*.pkg.tar.xz|| true
rm -r ./portmaster-start ./scripts ./dist icons/ PKGBUILD arch.install nfpm.yaml src pkg portmaster-stub-bin-*.pkg.tar.xz archive.install || true
test-debian: build deb
docker run -ti --rm -v $(shell pwd)/dist:/work -w /work debian:latest bash -c 'apt update && apt install -y ca-certificates && dpkg -i /work/portmaster*.deb ; bash'
@@ -55,5 +55,9 @@ gen-pkgbuild: nfpm.yaml
gomplate -d "nfpm=./nfpm.yaml" -f templates/arch.install > arch.install
gomplate -d "nfpm=./nfpm.yaml" -f templates/PKGBUILD > PKGBUILD
gen-archive: nfpm.yaml icons
gomplate -d "nfpm=./nfpm.yaml" -f templates/no-log-install.sh > archive.install
gomplate -d "nfpm=./nfpm.yaml" -f templates/create-archive.sh | bash
lint:
shellcheck ./scripts/* ./arch.install
linux/PKGBUILD
-55
View File
@@ -1,55 +0,0 @@
# Maintainer: Safing ICS Technologies <noc@safing.io>
#
# Application Firewall: Block Mass Surveillance - Love Freedom
# The Portmaster enables you to protect your data on your device. You
# are back in charge of your outgoing connections: you choose what data
# you share and what data stays private. Read more on docs.safing.io.
#
pkgname=portmaster-bin
pkgver=0.7.0
pkgrel=2
pkgdesc='Application Firewall: Block Mass Surveillance - Love Freedom'
arch=('x86_64')
url='https://safing.io/portmaster'
license=('AGPL3')
depends=('libnetfilter_queue')
makedepends=('imagemagick') # for convert
optdepends=('libappindicator-gtk3: for systray indicator')
options=('!strip')
provides=('portmaster')
conflicts=('portmaster')
install=arch.install
source=("portmaster-start::https://updates.safing.io/linux_amd64/start/portmaster-start_v${pkgver//./-}"
'portmaster.desktop'
'portmaster_notifier.desktop'
'portmaster_logo.png'
"portmaster.service")
noextract=('portmaster-start')
sha256sums=('6ade636aaf2b608f251972fd98b25a8020b301023a6377e5275de5195a132e7f'
'7b0c03e4552dd86caeff2d628b13346cfe70a646af11abac6555e348e46c28da'
'490b586f185218fdd947e8f12aa2dc412d78d89c8ce9b8ef5a75cb2e5ffb94ae'
'ecb02625952594af86d3b53762363c1e227c2b9604fc9c9423682fc87a92a957'
'bc26dd37e6953af018ad3676ee77570070e075f2b9f5df6fa59d65651a481468')
prepare() {
for res in 16 32 48 96 128 ; do
local iconpath="${srcdir}/icons/${res}x${res}/"
mkdir -p "${iconpath}" ;
convert ./portmaster_logo.png -resize "${res}x${res}" "${iconpath}/portmaster.png" ;
done
}
package() {
install -Dm 0755 "${srcdir}/portmaster-start" "${pkgdir}/opt/safing/portmaster/portmaster-start"
install -Dm 0644 "${srcdir}/portmaster.desktop" "${pkgdir}/opt/safing/portmaster/portmaster.desktop"
install -Dm 0644 "${srcdir}/portmaster_notifier.desktop" "${pkgdir}/opt/safing/portmaster/portmaster_notifier.desktop"
install -dm 0755 "${pkgdir}/etc/xdg/autostart"
ln -s "/opt/safing/portmaster/portmaster_notifier.desktop" "${pkgdir}/etc/xdg/autostart/portmaster_notifier.desktop"
install -Dm 0644 "${srcdir}/portmaster.service" "${pkgdir}/opt/safing/portmaster/portmaster.service"
install -Dm 0644 "${srcdir}/icons/32x32/portmaster.png" "${pkgdir}/usr/share/pixmaps/portmaster.png"
install -Dm 0644 "${srcdir}/icons/16x16/portmaster.png" "${pkgdir}/usr/share/icons/hicolor/16x16/apps/portmaster.png"
install -Dm 0644 "${srcdir}/icons/32x32/portmaster.png" "${pkgdir}/usr/share/icons/hicolor/32x32/apps/portmaster.png"
install -Dm 0644 "${srcdir}/icons/48x48/portmaster.png" "${pkgdir}/usr/share/icons/hicolor/48x48/apps/portmaster.png"
install -Dm 0644 "${srcdir}/icons/96x96/portmaster.png" "${pkgdir}/usr/share/icons/hicolor/96x96/apps/portmaster.png"
install -Dm 0644 "${srcdir}/icons/128x128/portmaster.png" "${pkgdir}/usr/share/icons/hicolor/128x128/apps/portmaster.png"
}
linux/arch.install
-166
View File
@@ -1,166 +0,0 @@
post_install() {
log() {
echo "$@"
}
#
# Prepares systemd support by creating a symlink for the .service file
# and enabling/disabling certain features of our .service unit based on
# the available systemd version.
#
installSystemdSupport() {
local changed="False"
if command -V systemctl >/dev/null 2>&1; then
local systemd_version="$(systemctl --version | head -1 | sed -n 's/systemd \([0-9]*\).*/\1/p')"
# not all distros have migrated /lib to /usr/lib yet but all that
# have provide a symlink from /lib -> /usr/lib so we just prefix with
# /lib here.
ln -s /opt/safing/portmaster/portmaster.service /lib/systemd/system/portmaster.service 2>/dev/null >&2 ||:
# rhel/centos8 does not yet have ProtectKernelLogs available
if [ "${systemd_version}" -lt 244 ]; then
sed -i "s/^ProtectKernelLogs/#ProtectKernelLogs/g" /opt/safing/portmaster/portmaster.service ||:
changed="True"
fi
if [ "${changed}" = "True" ] && [ "$1" = "upgrade" ]; then
systemctl daemon-reload ||:
fi
log "Configuring portmaster.service to launch at boot"
systemctl enable portmaster.service ||:
fi
}
#
# install .desktop files, either using desktop-file-install when available
# or by just copying the files into /usr/share/applications.
#
if command -V desktop-file-install >/dev/null 2>&1; then
desktop-file-install /opt/safing/portmaster/portmaster.desktop ||:
desktop-file-install /opt/safing/portmaster/portmaster_notifier.desktop ||:
elif [ -d /usr/share/applications ]; then
cp /opt/safing/portmaster/portmaster.desktop /usr/share/applications 2>/dev/null ||:
cp /opt/safing/portmaster/portmaster_notifier.desktop /usr/share/applications 2>/dev/null ||:
fi
installSystemdSupport
#
# Fix selinux permissions for portmaster-start
#
if command -V getenforce >/dev/null 2>&1; then
chcon -t bin_t /opt/safing/portmaster/portmaster-start
fi
#
# Prepare the installation directory tree
#
/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster clean-structure
#
# Finally, trigger downloading modules. As this requires internet access
# it is more likely to fail and is thus the last thing we do.
#
if [ "${skip_downloads}" = "True" ]; then
log "Downloading of Portmaster modules skipped!"
log "Please run '/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update' manually.\n"
return
fi
log "Downloading portmaster modules. This may take a while ..."
/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update --update-agent "${download_agent}" 2>/dev/null >/dev/null || (
log "Failed to download modules"
log "Please run '/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update' manually.\n"
)
}
post_upgrade() {
log() {
echo "$@"
}
#
# Prepares systemd support by creating a symlink for the .service file
# and enabling/disabling certain features of our .service unit based on
# the available systemd version.
#
installSystemdSupport() {
local changed="False"
if command -V systemctl >/dev/null 2>&1; then
local systemd_version="$(systemctl --version | head -1 | sed -n 's/systemd \([0-9]*\).*/\1/p')"
# not all distros have migrated /lib to /usr/lib yet but all that
# have provide a symlink from /lib -> /usr/lib so we just prefix with
# /lib here.
ln -s /opt/safing/portmaster/portmaster.service /lib/systemd/system/portmaster.service 2>/dev/null >&2 ||:
# rhel/centos8 does not yet have ProtectKernelLogs available
if [ "${systemd_version}" -lt 244 ]; then
sed -i "s/^ProtectKernelLogs/#ProtectKernelLogs/g" /opt/safing/portmaster/portmaster.service ||:
changed="True"
fi
if [ "${changed}" = "True" ] && [ "$1" = "upgrade" ]; then
systemctl daemon-reload ||:
fi
log "Configuring portmaster.service to launch at boot"
systemctl enable portmaster.service ||:
fi
}
#
# As of 0.4.0 portmaster-control has been renamed to portmaster-start
# and is not placed in /usr/bin anymore. Unfortunately, the postrm script
# of the old installer does not get rid of portmaster-control so we should
# take care during an upgrade.
#
rm /usr/bin/portmaster-control 2>/dev/null >&2 ||:
#
# If there's already a /var/lib/portmaster installation we're going to move
# configs and databases and remove the complete directory
# The preinstall.sh already checked that /var/lib/portmaster/updates MUST NOT
# exist so we should be safe to touch the databases here.
#
if [ -d /var/lib/portmaster ]; then
if [ ! -d /opt/safing/portmaster/config.json ]; then
log "Migrating from previous installation at /var/lib/portmaster to /opt/safing/portmaster ..."
mv /var/lib/portmaster/databases /opt/safing/portmaster/databases ||:
mv /var/lib/portmaster/config.json /opt/safing/portmaster/config.json ||:
fi
log "Removing previous installation directory at /var/lib/portmaster"
rm -r /var/lib/portmaster 2>/dev/null >&2 ||:
fi
}
pre_remove() {
log() {
echo "$@"
}
# stop the portmaster service and disable it if it's enabled.
if command -V systemctl >/dev/null 2>&1; then
if (systemctl -q is-active portmaster.service); then
log "Stopping portmaster.service"
systemctl stop portmaster.service ||:
fi
if (systemctl -q is-enabled portmaster.service); then
log "Disabling portmaster.service to launch at boot"
systemctl disable portmaster.service ||:
fi
fi
}
post_remove() {
log() {
echo "$@"
}
rm -rf /opt/safing/portmaster/updates ||:
# file is marked as a ghost on RPM system so it might have
# been automatically deleted by the package manager.
rm /lib/systemd/system/portmaster.service 2>/dev/null >&2 ||:
rm /usr/share/applications/portmaster.desktop 2>/dev/null >&2 ||:
rm /usr/share/applications/portmaster_notifier.desktop 2>/dev/null >&2 ||:
if [ "$1" = "purge" ]; then
rm -rf /opt/safing/portmaster ||:
fi
}
linux/aur_ssh_config
+3
View File
@@ -0,0 +1,3 @@
Host aur.archlinux.org
IdentityFile ~/.ssh/aur
User aur
linux/install.sh
Executable
+355
View File
@@ -0,0 +1,355 @@
#!/bin/bash
set -- $(getopt -u -o uhd:t: -l no-color,no-download,purge,uninstall,no-upgrade,debug,help,assets-url:,start-url:,arch:,tmp-dir: -n 'portmaster-installer' -- "$@")
if [[ $? -ne 0 ]]; then
exit 1
fi
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
arch=""
start_url=""
asset_url=""
tmp_dir=""
remove_tmp="no"
upgrade="no"
action="install"
skip_downloads="False"
colorize="yes"
print_help() {
cat <<EOH
Portmaster Installer
This script will install the Portmaster Application Firewall into
/opt/safing/portmaster.
Options:
-h, --help Display this help text.
-t TMP, --tmp-dir TMP The temporary directory to download assets to
-u, --uninstall Remove a portmaster installation
--purge Link --uninstall but also purges configuration and logs
--no-upgrade Force installation rather than upgrade routine
--debug Enable debugging
This defaults to /
--start-url URL The URL to use when downloading portmaster-start. Defaults to the latest version of the local architecture.
--assets-url URL The URl to use when downloading the installer assets. Defauls to the lastes version.
--arch ARCH Overwrite the architecture to use.
--no-download Disable downloading modules. Note that the Portmaster will need
to download the modules during first start and will not immediately
work.
--no-color Disabled colorized output
EOH
}
log() {
local color=""
if [[ ${colorize} == "yes" ]]; then
case "$1" in
info )
color="\u001b[37m- "
;;
warn )
color="\u001b[11m! "
;;
debug )
color="\u001b[36m "
;;
success )
color="\u001b[32m* "
;;
error )
color="\u001b[31mx "
;;
* )
# just in case someone called "log" without a level
# we need to make sure we dont' lose the message during "shift"
# below
color="$1 "
;;
esac
else
color="$1: "
fi
shift
echo -e "${color}$*\u001b[0m"
}
header() {
local color=""
if [[ ${colorize} == "yes" ]]; then
color="\u001b[32m"
fi
echo -e "${color}Portmaster Installer\u001b[0m"
echo -e ""
echo -e "${color} Application Firewall: Block Mass Surveillance - Love Freedom
The Portmaster enables you to protect your data on your device. You
are back in charge of your outgoing connections: you choose what data
you share and what data stays private. Read more on docs.safing.io.\u001b[0m"
echo -e ""
}
check_bin() {
command -V "$1" >/dev/null 2>&1
result=$?
if [[ $result -ne 0 ]]; then
log error "$1 is not available locally. Please install it first. (command -V returned $result)"
exit 1
fi
}
check_deps() {
log info "Checking dependencies ..."
for cmd in curl tar ; do
check_bin ${cmd}
done
}
check_arch() {
if [[ ${arch} == "" ]]; then
case $(uname -m) in
x86_64 )
arch="amd64"
;;
arm64 )
arch="arm64"
;;
* )
echo "Unsupported installer architecture $(uname -m). Try running with --arch to overwrite these checks."
exit 1
esac
log info "Detected supported architecture ${arch}"
fi
}
download_file() {
curl -fsS --compressed "$1" -o "$2"
}
download_assets() {
local assets=$1
if [[ ${asset_url} == "" ]]; then
asset_url="https://updates.safing.io/latest/linux_all/packages/installer-assets.tar.gz"
fi
log info " Downloading assets from ${asset_url}"
download_file "${asset_url}" "${assets}"
log success " Installer assets downloaded to ${assets}"
}
download_pmstart() {
local pmstart=$1
if [[ ${start_url} == "" ]]; then
start_url="https://updates.safing.io/latest/linux_${arch}/start/portmaster-start"
fi
log info " Downloading portmaster-start from ${start_url}"
download_file "${start_url}" "${pmstart}"
log success " portmaster-start downloaded to ${pmstart}"
}
copy_icons() {
local failure=0
for res in /opt/safing/portmaster/icons/* ; do
cp $res/* "/usr/share/icons/hicolor/$(basename $res)" >/dev/null 2>&1 || failure=1
if [[ $failure -ne 0 ]]; then
break
fi
echo "/usr/share/icons/hicolor/$(basename $res)" >> /opt/safing/portmaster/.installed-files
done
if [[ $failure -ne 0 ]]; then
log error "Failed to install portmaster icons to /usr/share/icons/hicolor"
log debug "If you experience issues with Portmaster application icons try to copy them there manually."
log debug "You can always find the current portmaster icons at /opt/safing/portmaster/icons"
else
log info " Installed application icons to /usr/share/icons/hicolor"
fi
}
install_or_upgrade() {
header
check_deps
check_arch
# form here on, any non-catched error is fatal
set -e
if [[ ${tmp_dir} == "" ]]; then
tmp_dir=$(mktemp -d -t portmaster-installer-XXXXXXXXXX)
remove_tmp="yes"
fi
log info "Downloading portmaster-start and installer assets"
assets="${tmp_dir}/assets.tar.gz"
pmstart="${tmp_dir}/portmaster-start"
download_assets $assets
download_pmstart $pmstart
if [[ "${upgrade}" != "yes" ]]; then
log info "Creating /opt/safing/portmaster"
mkdir -p /opt/safing/portmaster
fi
# Switch to our new install root
cd /opt/safing/portmaster
# Untar the archive on root
log info "Extracting assets to /opt/safing/portmaster"
tar --extract --no-same-owner --no-same-permissions --no-overwrite-dir -m --file="${assets}"
cp ${pmstart} /opt/safing/portmaster/portmaster-start
chmod 0755 /opt/safing/portmaster/portmaster-start
log success "Extracted assets to /opt/safing/portmaster"
log info "Copying system files"
copy_icons
# Source installer script
source /opt/safing/portmaster/.INSTALL.sh
if [[ "${upgrade}" == "yes" ]]; then
log info "Running post-upgrade scripts ..."
post_upgrade
else
log info "Running post-install scripts ..."
log debug "This will download all required portmaster modules and files."
log debug "Depending on your internet connection speed this may take a few minutes"
log debug "to complete."
log debug "If you don't want to download modules abort the installer and re-run with"
log debug "--no-download --no-upgrade"
# skip_downloads is used in post_install which is sourced from .INSTALL.sh
# so we need to export it here.
export skip_downloads
post_install
fi
log info "Cleaning up temporary directory"
# Remove the temporary directory
if [[ "$remove_tmp" != "no" ]]; then
rm -rf "${tmp_dir}"
fi
log success "Portmaster is now installed."
log success "Please restart your device to start Portmaster"
exit 0
}
remove() {
if ! test -f /opt/safing/portmaster/.installed-files ; then
log error "Portmaster has not been installed with this install script."
log error "Please try to use the uninstallation method of your package manager"
exit 1
fi
log info "Removing portmaster installation"
# Switch to our install root
cd /opt/safing/portmaster
# Source installer script
source /opt/safing/portmaster/.INSTALL.sh
log info "Running pre-remove scripts ..."
pre_remove "$1"
# for the next steps we need to switch to the system root
cat .installed-files | xargs rm -v 2>/dev/null >&2
log success "Installed files deleted"
log info "Running post-remove scripts ..."
post_remove "$1"
exit 0
}
# detect if this is an upgrade or not
if test -d /opt/safing/portmaster ; then
upgrade="yes"
fi
while true; do
case "$1" in
--debug )
set -x
shift
;;
--assets-url )
asset_url="$2"
shift 2
;;
--start-url )
start_url="$2"
shift 2
;;
--arch )
arch="$2"
shift 2
;;
-t | --tmp-dir )
tmp_dir="$2"
remove_tmp="no"
shift 2
;;
-h | --help )
print_help
exit 0
;;
--no-upgrade )
upgrade="no"
shift
;;
-u | --uninstall )
action="uninstall"
shift
;;
--purge )
action="purge"
shift
;;
--no-download )
skip_downloads="True"
shift
;;
--no-color )
colorize="no"
shift
;;
-- )
shift
break
;;
* )
break
;;
esac
done
case "$action" in
install )
install_or_upgrade
;;
uninstall | purge )
remove "$action"
;;
esac
linux/release_to_aur.sh
Executable
+51
View File
@@ -0,0 +1,51 @@
#!/bin/bash
source tests/common.sh
if [ ! -e ./PKGBUILD ]; then
error 'Run `make gen-pkgbuild` first'
exit 1
fi
if [ -z $GITHUB_COMMIT_MESSAGE ]; then
error "No commit message defined in GITHUB_COMMIT_MESSAGE"
exit 1
fi
set -e
group "Configuring git"
git config user.name "Safing"
git config user.email "noc@safing.io"
endgroup
target="/tmp/portmaster-stub-bin"
group "Cloning AUR repository to /tmp/portmaster-stub-bin"
git clone ssh://aur@aur.archlinux.org/portmaster-stub-bin.git "${target}"
endgroup
group "Copying files to AUR repository"
for file in PKGBUILD arch.install portmaster.desktop portmaster_notifier.desktop portmaster_logo.png portmaster.service
do
info "Copying ${file}"
cp "${file}" "${target}"
done
endgroup
cd "${target}"
if [[ `git status --porcelain` ]]; then
# we only generate a new .SRCINFO file if we have actual changes to the AUR repo
# that we want to publish.
group "Generating .SRCINFO"
docker run --rm -v "$(pwd):/workspace" -w /workspace -u 1000 archlinux:latest makepkg --printsrcinfo > "${target}/.SRCINFO"
endgroup
group "Commiting and pushing to AUR"
git add .
git commit --author "Safing <noc@safing.io>" -m "${GITHUB_COMMIT_MESSAGE}" --no-gpg-sign
git log
git push
endgroup
else
info "No changes detected, aborting"
fi
linux/templates/PKGBUILD
+3 -3
View File
@@ -4,14 +4,14 @@
#
{{ strings.Indent 1 "# " $nfpm.description -}}
#
pkgname=portmaster-bin
pkgname=portmaster-stub-bin
pkgver={{ index ($nfpm.version | strings.TrimPrefix "v" | strings.SplitN "-" 2) 0 }}
pkgrel={{ index ($nfpm.version | strings.SplitN "-" 2) 1 }}
pkgdesc='Application Firewall: Block Mass Surveillance - Love Freedom'
pkgdesc='Privacy Suite and Firewall: Installer to download the current binaries'
arch=('x86_64')
url='https://safing.io/portmaster'
license=('AGPL3')
depends=('libnetfilter_queue')
depends=()
makedepends=('imagemagick') # for convert
optdepends=('libappindicator-gtk3: for systray indicator')
options=('!strip')
linux/templates/arch-base.install
+23
View File
@@ -0,0 +1,23 @@
{{/* Template file expects repo root as working directory */}}
post_install() {
{{ template "log" }}
{{ file.Read "templates/snippets/install-systemd-utils.sh" | strings.Indent 4 " " }}
{{ file.Read "templates/snippets/post-install.sh" | strings.Indent 4 " " }}
}
post_upgrade() {
{{ template "log" }}
{{ file.Read "templates/snippets/install-systemd-utils.sh" | strings.Indent 4 " " }}
{{ file.Read "templates/snippets/post-upgrade.sh" | strings.Indent 4 " " }}
}
pre_remove() {
{{ template "log" }}
{{ file.Read "templates/snippets/pre-remove.sh" | strings.Indent 4 " " }}
}
post_remove() {
{{ template "log" }}
{{ file.Read "templates/snippets/post-remove.sh" | strings.Indent 4 " " }}
}
linux/templates/arch.install
+1 -21
View File
@@ -5,24 +5,4 @@
}
{{- end -}}
post_install() {
{{ template "log" }}
{{ file.Read "templates/snippets/install-systemd-utils.sh" | strings.Indent 4 " " }}
{{ file.Read "templates/snippets/post-install.sh" | strings.Indent 4 " " }}
}
post_upgrade() {
{{ template "log" }}
{{ file.Read "templates/snippets/install-systemd-utils.sh" | strings.Indent 4 " " }}
{{ file.Read "templates/snippets/post-upgrade.sh" | strings.Indent 4 " " }}
}
pre_remove() {
{{ template "log" }}
{{ file.Read "templates/snippets/pre-remove.sh" | strings.Indent 4 " " }}
}
post_remove() {
{{ template "log" }}
{{ file.Read "templates/snippets/post-remove.sh" | strings.Indent 4 " " }}
}
{{ file.Read "templates/arch-base.install" | tmpl.Inline }}
linux/templates/create-archive.sh
+39
View File
@@ -0,0 +1,39 @@
#
# We emulate a simple ArchLinux makepkg here in order to build a
# archive that contains everything we need for our curl|bash
# installer.
#
{{- $nfpm := (datasource "nfpm") }}
pkgdir=dist/installer-assets-{{ $nfpm.version }}
srcdir=$(pwd)
set -ex
mkdir -p "${pkgdir}"
# Copy assets to our installer directory
assets_to_copy=(
'portmaster.desktop'
'portmaster_notifier.desktop'
'icons'
'portmaster.service'
)
for file in "${assets_to_copy[@]}"
do
cp -rv "${file}" "${pkgdir}"
done
# Copy the arch.install file into our assets
cp archive.install "${pkgdir}/.INSTALL.sh"
# Create filelist to support easy uninstallation
# like doing a `cat /opt/safing/portmaster/.installed-files | sudo xargs rm`
( cd ${pkgdir} && find . -type f ) >> ${pkgdir}/.installed-files
# Create archive
( cd ${pkgdir} && tar cfz ../installer-assets-{{ $nfpm.version }}.tar.gz . )
linux/templates/no-log-install.sh
+4
View File
@@ -0,0 +1,4 @@
{{- define "log" }}
{{- end }}
{{ file.Read "templates/arch-base.install" | tmpl.Inline }}
linux/templates/postremove.sh
+4 -4
View File
@@ -23,16 +23,16 @@ fi
case "$action" in
"0" | "uninstall" | "purge")
log "post remove of complete uninstall"
log "debug" "post remove of complete uninstall"
uninstall "$action"
;;
"1" | "upgrade")
log "post remove of upgrade"
log "debug" "post remove of upgrade"
;;
*)
# $1 == version being installed
log "post remove of alpine"
log "Alpine linux is not yet supported"
log "debug" "post remove of alpine"
log "debug" "Alpine linux is not yet supported"
exit 1
;;
esac
linux/templates/preinstall.sh
+4 -4
View File
@@ -3,9 +3,9 @@
{{ file.Read "templates/snippets/common.sh"}}
if [ -d /var/lib/portmaster/updates ]; then
log "Detected previous installation of Portmaster at"
log "/var/lib/portmaster"
log "Please uninstall the portmaster package and try again!"
log "You settings will be migrated automatically during re-installation."
log "info" "Detected previous installation of Portmaster at"
log "info" "/var/lib/portmaster"
log "info" "Please uninstall the portmaster package and try again!"
log "info" "You settings will be migrated automatically during re-installation."
exit 1
fi
linux/templates/preremove.sh
+1 -1
View File
@@ -28,7 +28,7 @@ case "$action" in
;;
*)
# $1 == version being installed
log "Alpine linux is not yet supported"
log "error" "Alpine linux is not yet supported"
exit 1
;;
esac
linux/templates/snippets/install-systemd-utils.sh
+3 -2
View File
@@ -10,7 +10,8 @@ installSystemdSupport() {
# not all distros have migrated /lib to /usr/lib yet but all that
# have provide a symlink from /lib -> /usr/lib so we just prefix with
# /lib here.
ln -s /opt/safing/portmaster/portmaster.service /lib/systemd/system/portmaster.service 2>/dev/null >&2 ||:
ln -s /opt/safing/portmaster/portmaster.service /lib/systemd/system/portmaster.service 2>/dev/null >&2 ||
log error "Failed to install systemd unit file. Please copy /opt/safing/portmaster/portmaster.service to /etc/systemd/system manually"
# rhel/centos8 does not yet have ProtectKernelLogs available
if [ "${systemd_version}" -lt 244 ]; then
@@ -22,7 +23,7 @@ installSystemdSupport() {
systemctl daemon-reload ||:
fi
log "Configuring portmaster.service to launch at boot"
log "info" "Configuring portmaster.service to launch at boot"
systemctl enable portmaster.service ||:
fi
}
linux/templates/snippets/post-install.sh
+22 -12
View File
@@ -3,20 +3,24 @@
# or by just copying the files into /usr/share/applications.
#
if command -V desktop-file-install >/dev/null 2>&1; then
desktop-file-install /opt/safing/portmaster/portmaster.desktop ||:
desktop-file-install /opt/safing/portmaster/portmaster_notifier.desktop ||:
desktop-file-install /opt/safing/portmaster/portmaster.desktop 2>/dev/null ||:
desktop-file-install /opt/safing/portmaster/portmaster_notifier.desktop 2>/dev/null ||
log error "Failed to install .desktop files. Please copy /opt/safing/portmaster/*.desktop manually"
elif [ -d /usr/share/applications ]; then
cp /opt/safing/portmaster/portmaster.desktop /usr/share/applications 2>/dev/null ||:
cp /opt/safing/portmaster/portmaster_notifier.desktop /usr/share/applications 2>/dev/null ||:
cp /opt/safing/portmaster/portmaster.desktop /opt/safing/portmaster/portmaster_notifier.desktop /usr/share/applications 2>/dev/null ||
log error "Failed to install .desktop files. Please copy /opt/safing/portmaster/*.desktop manually"
fi
installSystemdSupport
#
# Fix selinux permissions for portmaster-start
# Fix selinux permissions for portmaster-start if we have semanage
# available.
#
if command -V getenforce >/dev/null 2>&1; then
chcon -t bin_t /opt/safing/portmaster/portmaster-start
if command -V semanage >/dev/null 2>&1; then
semanage fcontext -a -t bin_t -s system_u $(realpath /opt)'/safing/portmaster/portmaster-start' || :
semanage fcontext -a -t bin_t -s system_u $(realpath /opt)'/safing/portmaster/updates/linux_(.*)' || :
restorecon -R /opt/safing/portmaster 2>/dev/null >&2 || :
fi
#
@@ -29,12 +33,18 @@ fi
# it is more likely to fail and is thus the last thing we do.
#
if [ "${skip_downloads}" = "True" ]; then
log "Downloading of Portmaster modules skipped!"
log "Please run '/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update' manually.\n"
log "info" "Downloading of Portmaster modules skipped!"
log "info" "Please run '/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update' manually.\n"
return
fi
log "Downloading portmaster modules. This may take a while ..."
/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update --update-agent "${download_agent}" 2>/dev/null >/dev/null || (
log "Failed to download modules"
log "Please run '/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update' manually.\n"
)
log "error" "Failed to download modules"
log "error" "Please run '/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update' manually.\n"
)
# finally, once we donwloaded the modules restore the SE-linux context
# for all downloaded files
if command -V semanage >/dev/null 2>&1; then
restorecon -R /opt/safing/portmaster 2>/dev/null >&2 || :
fi
linux/templates/snippets/post-remove.sh
+7 -1
View File
@@ -6,6 +6,12 @@ rm /lib/systemd/system/portmaster.service 2>/dev/null >&2 ||:
rm /usr/share/applications/portmaster.desktop 2>/dev/null >&2 ||:
rm /usr/share/applications/portmaster_notifier.desktop 2>/dev/null >&2 ||:
if command -V semanage >/dev/null 2>&1; then
semanage fcontext --delete $(realpath /opt)'/safing/portmaster/portmaster-start' || :
semanage fcontext --delete $(realpath /opt)'/safing/portmaster/updates/linux_(.*)' || :
restorecon -R /opt/safing/portmaster 2>/dev/null >&2 || :
fi
if [ "$1" = "purge" ]; then
rm -rf /opt/safing/portmaster ||:
fi
fi
linux/templates/snippets/post-upgrade.sh
+2 -2
View File
@@ -14,10 +14,10 @@ rm /usr/bin/portmaster-control 2>/dev/null >&2 ||:
#
if [ -d /var/lib/portmaster ]; then
if [ ! -d /opt/safing/portmaster/config.json ]; then
log "Migrating from previous installation at /var/lib/portmaster to /opt/safing/portmaster ..."
log "info" "Migrating from previous installation at /var/lib/portmaster to /opt/safing/portmaster ..."
mv /var/lib/portmaster/databases /opt/safing/portmaster/databases ||:
mv /var/lib/portmaster/config.json /opt/safing/portmaster/config.json ||:
fi
log "Removing previous installation directory at /var/lib/portmaster"
log "info" "Removing previous installation directory at /var/lib/portmaster"
rm -r /var/lib/portmaster 2>/dev/null >&2 ||:
fi
linux/templates/snippets/pre-remove.sh
+2 -2
View File
@@ -1,11 +1,11 @@
# stop the portmaster service and disable it if it's enabled.
if command -V systemctl >/dev/null 2>&1; then
if (systemctl -q is-active portmaster.service); then
log "Stopping portmaster.service"
log "info" "Stopping portmaster.service"
systemctl stop portmaster.service ||:
fi
if (systemctl -q is-enabled portmaster.service); then
log "Disabling portmaster.service to launch at boot"
log "info" "Disabling portmaster.service to launch at boot"
systemctl disable portmaster.service ||:
fi
fi