Creating an Alpine package: Difference between revisions
| Eddsalkield (talk | contribs)  (→Testing the package locally:  s/sudo/doas) | Eddsalkield (talk | contribs)  m (→Code review:  s/sudo/doas) | ||
| Line 413: | Line 413: | ||
| Additionally, make sure to run the linter on your package: | Additionally, make sure to run the linter on your package: | ||
| {{Cmd| | {{Cmd|doas apk add atools | ||
| apkbuild-lint APKBUILD}} | apkbuild-lint APKBUILD}} | ||
Revision as of 19:48, 25 November 2021
Requirements
To build a package for Alpine Linux you need an Alpine Linux installation. Check the Installation page to see all available installation options.
Setup your system and account
The alpine-sdk is a metapackage that pulls in the most essential packages used to build new packages. Also install and configure a way to elevate privileges, such as sudo or doas, and an editor, such as vi, nano, micro.
# apk add alpine-sdk
This would be a good time to create a normal user account for you to work in. To make life easier later, it's a good idea to add this user to the wheel group; operations that require superuser privileges can now be done with sudo or doas.
The aports tree is in git so before we clone it, let's configure git. Refer Development using git page for a quick reference.
Configure your global git config
Configure your name and email address in git. This name and email address will show up in all your commits:
$ git config --global user.name "Your Name" $ git config --global user.email "your@email.address"
Using git config without --global let you configure other details for a specific git repository.
For aports, configure git to use rebase instead of merge when you execute git pull:
$ git config pull.rebase true
Configure abuild
Abuild needs to be configured for both the system and user.
Edit the file /etc/abuild.conf as per requirements. Most of the defaults can be left alone, unless you are developing for a custom platform, in which case the comments in the file should guide you. The one field to edit is PACKAGER, so that you can get credit (or blame) for packages you create.
In order to use abuild command The user executing abuild must be a member of the abuild group:
# addgroup <yourusername> abuild
For abuild a public/private rsa key pair is needed. The abuild-keygen command from abuild package generates and configures the security keys.
$ abuild-keygen -a -i
Getting some help
It might be wise to start by checking what the abuild program can/cannot do.
abuild -h
For real help, you can also go on OFTC's #alpine-devel on IRC.
A reference for APKBUILD files is available as a man page in the 'abuild-doc' package:
man APKBUILD
Creating an APKBUILD file
Use a template APKBUILD
To create the actual APKBUILD file newapkbuild can serve you a template to start with. It will create a directory with the given package name, place an example/template APKBUILD file to the given directory, and fill some variables if those are provided. Please check the package policies page about naming details.
If you doubt to which repository your package belongs to you can safely use testing. Building package in your aports/testing directory is not mandatory but this way the package is already at the right place.
The newapkbuild tool, which is installed as part of the abuild package, can generate a new APKBUILD template to use as a starting point. The manual page (available via man newapkbuild) describes all options for newapkbuild. 
If you doubt to which repository your package belongs to you can safely use testing. Building package in your aports/testing directory is not mandatory but this way the package is already at the right place.
The following command will create a directory with the given package name, place an example/template APKBUILD file in the directory, and fill some variables if those are provided.
newapkbuild packagename
If you are creating a daemon package which needs initd scripts you can add the -c option as follows:
newapkbuild -c packagename
This will copy the sample initd and confd files to the build directory. A third file sample.install file will be copied as well (we will discuss this later on).
apkbuild-cpan simplifies the creation of perl packages from CPAN and apkbuild-pypi ease the generation of APKBUILD files for python packages from PyPi.
If you are creating a daemon package which needs initd scripts you can add the -c making it:
newapkbuild -c packagename
This will copy the sample initd and confd files to the build directory.
A third file sample.install file will be copied as well (we will discuss this later on).
Modify your APKBUILD
Edit APKBUILD and fill in the needed info (especially pkgname, pkgver, pkgdesc, url, license, depends and source).
If you are going to use any of the variables for directories like $pkgdir, always make sure they are double quoted like:
"$pkgdir"/somedir
This will prevent issues with spaces/special characters in the future.
APKBUILD variables/functions
source
The source variable is not only used to list the remote source files to fetch, it is also used to list the local files that abuild will need in order to build the apk. Examples of such local files include: init.d files, conf.d files, install files (see install variable), patches, and all other necessary files.
Here are few things to note:
- When you are finished adding local and/or remote files to source, you can execute the following command to add their checksums to the APKBUILD file:
- abuild checksum 
- Note: When later updating the content of source, or updating a file that is listed in source, you must also update their checksums again with the same command.
- When the remote file is hosted at SourceForge, it's best to specify the special mirrors link used by SourceForge:
- http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz 
- (or similar depending on the package).
- When the remote filename is not specified in the URI (ie, does not end in '/software-1.0.tar.gz'), such as:
- http://oss.example.org/?get=software&ver=1.0 
- You must prepend '${pkgname}-${pkgver}.tar.gz::' to the protocol, like so:
- source="${pkgname}-${pkgver}.tar.gz::http://oss.example.org/?get=software&ver=1.0"
- This causes the file to be saved as software-1.0.tar.gz where abuild can use it, instead of ?get=software&ver=1.0, where abuild cannot use it.
- Some projects didn't provide a release tarball. Beware that some git services (gitweg, cgit, …?) doesn’t provide stable tarballs, so when you point source to an tarball like http://repo.or.cz/w/gitstats.git/snapshot/ad7efbb9399e60cee6cb217c6b47e604174a8093.tar.gz, then you will run into issues because the checksum changes when downloading on the build system. This is not a problem on GitHub, GitLab and other decent services provides, they provide stable tarballs.
- abuild currently supports the following protocols for remote file retrieval:
- http
- https
- ftp
 
 
- abuild currently supports the following archive types/archive file extensions:
- .tar
- .tar.gz / .tgz
- .tar.bz2
- .tar.lz (only in Alpine >=3.7)
- .tar.lzma
- .tar.xz
- .zip
 
depends & makedepends
Depends are the actual running dependencies that a package would need when it is running. Makedepends are only needed when you are building a package. If you set a package in depends, you do not need to add it to makedepends as well. The best way to find out what the depends and makedepends of a package are is to RTFM.
No kidding, lots of important information can be found in the package INSTALL and README files (or the likes). Another good way is the run ./configure --help from the source directory to see which options are needed for configure to finish without errors. If you do not yet have a source directory you can create one with the command: 
abuild unpack
Running configure will also show you how you can disable a specific option for this package. For instance, a good example is "--disable-nls" which will disable native language support and thus does not depend on gettext (libiconv, glib, ...). 
Alpine likes to keep things small, so we try to disable as much as possible without losing too many features. The exact disable/enable options are decided by the package builder but please try to follow Alpine's design concept as much as possible.
An easy way of quickly finding out the build info for a package is to check Arch Linux (Alpine package management and build scripts are similar) or Gentoo Linux ebuilds (previous versions of Alpine were based on Gentoo).
After the package is successfully compiled and created we should make sure it didn't link to any package that is not present in the $depends variable. We do this by using scanelf. If scanelf is not yet installed on your system you can do that by installing pax-utils.
scanelf -nR pkg
An example output of libcurl would be:
ET_DYN libssl.so.0.9.8,libcrypto.so.0.9.8,libz.so.1,libc.so.0,ld-uClibc.so.0 pkg/usr/lib/libcurl.so.4.1.1
You can see the needed files and should be able to find out which file belongs to which package.
license
The license tag must reflect the license of the source code. Please check the source tarball for COPYING, LICENSE, or other files with names that indicates that it contains licensing information. Beside the license file most developer include headers in the source code files with licensing details.
If the license is on the SPDX License List or SPDX License Exceptions, use the identifier specified by SPDX.
If a package has a special/custom license or is not listed as OSI approved, use the identifier "custom". We additionally need to provide the license file with the release. Because we want to save space and don't like to have licenses all over our system we have decided to include the license in the doc subpackage. Please follow the following guidelines to add a proper license. Locate the license file inside the source package. Add the doc subpackage to the $subpackages variable as follows:
subpackages="$pkgname-doc"
Add a similar line to the following to your package() function, depending on the license description file:
install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
If you follow these steps then abuild will automatically add the license to the package-doc apk for you.

arch
The package architecture(s) to build for. This can be one of: x86, x86_64, all, or noarch, where all means all architectures, and noarch means it's architecture-independent (e.g., a pure-python package).
url
Website address for the program. This is useful later on when either finding documentation or other information about the package.
pkgdesc
A brief, one line, description of what the package does. Useful for the package management system. It should start with a capital letter and does not end with a period.
Here is an example from apk_info for the OpenSSH client package:
pkgdesc="Port of OpenBSD's free SSH release - client"
pkgver
Provide the release number of the package you are building.
pkgrel
The $pkgrel versioning is made so that if you change something in your APKBUILD file without changing the actual $pkgver, you can increment pkgrel so apk tools will detect it as an update. For instance, if you forget to add a dependency, you can add it afterward and you can +1 pkgver so apk finds this update and adds the missing dependency. When there's an upstream version change, we reset the pkgrel to 0.
pkgname
The base name of the package you are creating. For Freeswitch 1.0.6, you would use "freeswitch"
install
There are 6 different kinds of install scripts. Each script is called with the $pkgname.<action> where <action> is one of the following:
- $pkgname.pre-install
- This script is executed before package is installed. Typical use is when package needs a group and a user to be created. For example:
#!/bin/sh addgroup -S clamav 2>/dev/null adduser -S -D -H -s /bin/false -G clamav -g clamav clamav 2>/dev/null exit 0 Note the exit 0 at the end. If the script exits with failure (if the user already exist), the package will not be installed and apk addwill exit with failure.
- $pkgname.post-install
- This script is executed after the package is installed. Can be used to generate font cache and similar.
- $pkgname.pre-upgrade
- Same as pre-install but is executed before upgrading/downgrading/reinstalling an already installed package. Note that exiting with failure will not cause apk to exit with failure, but will mark the package as broken.
- $pkgname.post-upgrade
- Same as post-install but is executed after upgrading/downgrading/reinstalling an already installed package.
- $pkgname.pre-deinstall
- This script is executed before uninstalling a package. If script exits with failure apk will not uninstall the package.
- $pkgname.post-deinstall
- This script is executed after a package have been uninstalled. Can be used to update font caches and restore busybox links. For example:
#!/bin/sh busybox --install -s 
If the package has a pre-install and post-install script the APKBUILD should have the install variable defined:
... install="$pkgname.pre-install $pkgname.post-install" ...
subpackages
$subpackages are made to split up the normal "make install" into separate packages. The most common subpackages we use are doc and dev. Because we like to keep our target system small we move documentation and development files (only needed when building packages) into separate packages. To use the specific program a user only need to install the base apk without package-doc or package-dev, but if he wants to read the manual he will need to install package-doc.
The easiest way to find out if you need to use -dev and -doc is to first build the package without these options set and wait until the build finishes. When its finished you should have a pkg directory which is the fake root directory. Inside this directory you will see the structure as how it would be installed in / on the target system.
To see if you need the -dev package you can run the following cmd:
find pkg/usr/ -name '*.[acho]' -o -name '*.la'
If this returns any files you need to include the -dev package.
 To see if you need the -doc package you can run the following cmd: 
find pkg/usr/share -name doc -o -name man -o -name info -o -name html -o -name sgml -o -name licenses
If this returns any directories you need to include the -doc package.
Custom subpackages
Some software additionally has non-essential files that do not qualify as either documentation or development content. These files should be placed in their own, specialized subpackage(s). Some packages include large test suites which are only needed in specific circumstances or binaries which have depends which we prefer not to install. To handle those we create our own package/function. In the APKBUILD below the build() function we create another function:
test() {
       mkdir -p "$subpkgdir"/usr
       mv "$pkgdir"/usr/package-test "$subpkgdir"/usr/
       # or amove usr/package-test
}
We also need to add the package info to $subpackages variable:
subpackages="$pkgname-doc $pkgname-dev $pkgname-test"
After we finish building the package you should see another apk called packagename-test.apk which includes the files which we moved to the $subpkgdir dir.
The above mentioned variables can also be used in our custom function. If we want for instance to build the test() function with perl support we would add:
depends="perl" makedepends="perl-dev"
If we would install the base package it would not install perl, but if we install the package-test package it would.
Patches
Please make sure you always submit human readable patches. Ways to create them are:
directory compare:
diff -Nurp original_directory new_directory > filename.patch
file compare:
diff -up original.file new.file > filename.patch
If a patch contains a completely new file but not *.rej or *.orig file, you need to add -N option to diff, but you may need to add exclusions with --exclude PATTERN so that you do not inadvertently add files.  You may need to manually delete unwanted files inside the patch file.
Because multiple patches can patch the same file, they can change the offsets required by subsequent patches. To make sure we always patch in a specific way, we should number the patches as follows:
10-patch1.patch 20-patch2.patch 30-patch3.patch
This way we are always sure that patch 1 is applied first, and if we want to add additional patches between them we can use appropriate indexes (e.g. 11, 12, 21, 22).
Add the names of the patch files to the source variable. If you haven't declared a custom prepare function, no further action is necessary. Otherwise, be sure to call default_prepare in your prepare function. For example:
prepare() {
	default_prepare
	# do your stuff
}
Note: Some older packages contain a for loop in the prepare function to apply patches. This is not needed anymore, as patches are handled by default_prepare.
In Alpine >=3.4 you can define patch_args to supply the patch level. This only works if all the patches have the same patch level. If there are a lot of patches from different sources, there is a good chance that you may need to edit them, as discussed below.
To automatically patch the package (available only in Alpine >=3.4) if it uses a patch level (-pX) other than the default (-p1), you need to carefully modify the patch.  First, you'll need a text editor that does not automatically convert  between Windows and Unix new lines (or, disable this feature) so that it preserves the old code.  The next thing you'll need to do is modify the paths on "+++" and "---" lines in the .patch file.  You can begin the path with a/ and b/ like shown below.  Next, you need to adjust the paths so that the relative base path is from inside $builddir.  Anything to the left of $builddir, including $builddir itself, needs to be removed from the path.  So, if $builddir is /home/USER/aports/community/chromium/src/chromium-65, you need to erase it on the "+++" and "---" lines.  Inside the chromium-65 folder you can see a src folder that has 3rdparty as a descendant.  If a patch originally has a deeper patch level, you may need to fill in the missing portion of the path.  For example, use the find . -name "Assertions.cpp" command to find the full path to the file relative to the base.
Contents of example.patch
Portions of the patch may be outdated, removed completely as in the source code file completely removed, or moved or renamed files. You need to delete that section of the patch or find where that section of code changed and re-diff it.
It is good etiquette to give credit at the top and the location of where you originally found them with notes.
Excluding patches with global variable resembling patch_opts is not available on Alpine. To exclude patches you need to create your own custom prepare().
If you have a monolithic patch where there are a bunch of patches in one big patch, you could use filterdiff which is available in the patchutils package.
Just do something like:
makedepends="patchutils"
prepare() {
  ...
  cd "$builddir"
  filterdiff -x '*drivers/video/logo*' "$srcdir"/original.patch > "$builddir"/modified.patch
  patch -p1 -i "$builddir"/modified.patch
}
You need to put the wildcard pattern in single quotes for it to work.
Configure options
Alpine has some default configure options we set by default. We use /usr for prefix to make sure everything is installed with /usr in front of it. If you notice that anything is installed in the wrong directory please run
./configure --help
and see if you can set the correct location.
We are not covering the depend switches here we have discussed this already in the depend section.
Make options
If you notice weird problems when compiling or installing the package with make/make install you could try to disable parallel building/installing. A normal make line would be:
make
To disable parallel we use:
make -j1
We can use the same for make install.
Because we do not want to install the package in our build environment but we want to install it in a fake root directory we need to tell 'make install' to use another destination directory instead of '/'. We do this by setting a variable when we execute make install as followed:
make DESTDIR="$pkgdir" install
Please note that some Makefiles do not support this variable and will always install software in '/'. To make sure you do not mess up your build system NEVER run your build system as root but always use a custom user and doas when needed. If by accident the Makefile does not support DESTDIR variable it will fail to install in our build system system directories.
builddir
If you used newapkbuild to create your APKBUILD file, you must specify the path to your unpacked sources. Inside the sections during the prepare/build/install process builddir is used. Most of the time a combination of $srcdir and $pkgname-$pkgver will work. When not, check the /src directory or the source tarball for the right string. Especially when you are working with automatically generated tarballs (like from github and gitorious), this needs to be adjusted.
builddir="$srcdir"/$pkgname-$pkgver
Additional files
If you want/need to install additional files not mentioned above you can use the following cmd (this is an example of a conf file):
install -Dm644 doc/$pkgname.conf "$pkgdir"/etc/$pkgname.conf
Build the package
If you did not already create the checksums as mentioned above you can do so now:
cd $pkgname abuild checksum
It's about time we build our package. Because a build system should never have all the package installed to prevent linking to packages we don't want it to link we use a abuild recursively with the -r switch. It will install all dependencies from your repository and builds it, afterwards it will uninstall all those depending packages again. You could also use the -R switch which would build your package including the dependency packages.
abuild -r
Testing the package locally
When it completes, your package will be found in a subfolder of ~/packages.  You may want to test it on your machine but only if the package is not a critical system package like musl or apk-tools package.  To avoid borking your system (as in making it impossible to use apk add or to restore back the system and the compiler toolchain) for a critical system package, you should test on a chroot first before using it live.
The best way to test a package locally is to modify your /etc/apk/repositories so that it includes the indexes to your locally built packages - the directories that contain ARCH/APKINDEX.tar.gz. For example the /etc/apk/repositories below includes locally built packages in testing, community and main. To use this example change USER to your login name.
Contents of /etc/apk/repositories
If you prefer to test a package without changing any other configuration you can use the -X, --repository option to apk:
doas apk add --repository /home/USER/packages/testing $pkgname
Code review
To successfully have your package pass through code reviewers (as of Feb 18, 2018 are nmeum and jirutka on GitHub) and possible increased acceptance, the following conventions need to be followed:
- Custom global variables should be prefixed with underscore (_).
- Compact code as in merged commands, removed unused variables, removal of functions that do the same thing that are automatically handled by abuild.
- Versioning is done properly. For details see APKBUILD_Reference#pkgver.
- Licensing is done properly. Remove unnecessary copying of licensing that is already OSI approved.
- Naming conventions rules for unofficial variables as in _gitrev is preferred over commit.
- Indent with tabs not spaces.
- Removal of explicit return 1. (They are still found the old APKBUILD files if you are learning but are now strongly discouraged.)
- Disabling check() requires either (1) a comment (#) stating next to options="!check" that there is no test suite/unit tests or (2) functioning working check() function.
- Explicit call to subpackages="$pkgname-doc" must be used instead of explicit gzip man page compression.
- Ideally, lines should be no more than 80 columns wide
Additionally, make sure to run the linter on your package:
doas apk add atools apkbuild-lint APKBUILD
For more information see Development using git:Quality assurance and Package_policies.
Commit your work
After you successfully build your package and properly followed the conventions and requirements in the code review section, you can submit your APKBUILD to Alpine's git repository.
Update your git repo, before adding new files:
cd $aportsdir git pull
This should pull all the changes made by others into your local git repo.
When you think you are ready you can add your files to git:
NOTE: when using our Gitlab instance, you can create MR's for each package. Please squash all commits related to the same package into a single one per MR.
cd $aportsdir git add testing/$pkgdir (include any other files needed for the build; $pkgname.install...) git commit
Use the following commit message template for new aports (without the comments):
Contents of template
Or you could add the following and chmod +x ports/.git/hooks/prepare-commit-msg to automatically generate commit message which the default aports/.githooks/ does not:
Contents of aports/.git/hooks/prepare-commit-msg
Now your changes are only available locally in your repository.
Because you do not have push rights to the Alpine aports repository you need to create a merge request to Alpine's GitLab instance.
Alternatively you can also create a diff (patch) of the changes you made and send this patch to the alpine-aports mailinglist.
To create a diff patch:
git format-patch HEAD^
or if you have sprunge, you can create a link to your patch for convenience
git format-patch HEAD^ --stdout | sprunge
Travis CI and automated testing
Travis CI, as in continuous integration automated testing, isn't always required, but 99% of the time it is strongly encouraged to pass with a green checkmark. Passing Travis CI ensures that your package works on another machine and builds the image starting from nothing. One reason why your package fails to build on the remote server is that you may inadvertently add a package dependency as in creating multiple packages at the same time or forgot to remove a dependency and forgot to mark it as a makedepends.
When you submit your APKBUILD as a pull request, the Travis CI server will construct the build environment from main Edge apks.
The environment is just like a boot into command line so it is minimal. Don't assume that you boot into X.
The server/configuration cannot do testing/check() testing on hardware accelerated OpenGL apps.
Send a patch
git send-email will do that for you.
GitHub Tagging
If you see your pull requested labeled on GitHub this is what they mean:
- A-add - The pull requester wanted to add this brand new package.
- A-upgrade - The pull requester wanted to update the package.
- A-improve - The pull requester wanted to improve an existing package.
- A-fix - The pull requester wanted to fix a bug with the existing package.
- S-changes-requested - An admin wants you to add or remove a subpackage or fix something as in messy code.
- S-needs-review - An admin needs someone to do a code review on your package.
- S-broken - The package fails to build locally on the code reviewer machine.
- ci-malfunction - Travis CI doesn't work with this package as in exceeded time.