dearsky/numa
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 25 Wiki Activity

fix: make AUR packaging x86_64-only and stabilize local validation

Browse Source 
Turns out Arch Linux doesn't officially support aarch64 architecture, so we will drop if from this AUR build process.

Changes:

- drop aarch64 from PKGBUILD, .SRCINFO, and AUR validation workflow
- keep AUR process aligned with official Arch Linux x86_64 support
- install rust directly in CI to avoid Arch cargo provider prompts
- fetch sources before running cargo audit and audit inside the
fetched repo
- disable makepkg LTO for this package to avoid Arch packaging link
failures
- mark /etc/numa.toml as a backup file
- Add local AUR build scratch directory exclusion to .gitignore
This commit is contained in:
Sean Casey
2026-04-08 13:29:40 -07:00
parent 8d28ae9bbe
commit 6d4593683f
4 changed files with 19 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.SRCINFO
View File

@@ -4,14 +4,15 @@ pkgbase = numa-git
pkgrel = 1 pkgrel = 1
url = https://github.com/razvandimescu/numa url = https://github.com/razvandimescu/numa
arch = x86_64 arch = x86_64
arch = aarch64
license = MIT license = MIT
options = !lto
makedepends = cargo makedepends = cargo
makedepends = git makedepends = git
depends = gcc-libs depends = gcc-libs
depends = glibc depends = glibc
provides = numa provides = numa
conflicts = numa conflicts = numa
backup = etc/numa.toml
source = numa::git+https://github.com/razvandimescu/numa.git source = numa::git+https://github.com/razvandimescu/numa.git
sha256sums = SKIP sha256sums = SKIP

32
.github/workflows/publish-aur.yml vendored
View File

@@ -35,50 +35,44 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
# We test both standard PC (x86_64) and ARM64 (aarch64) architectures. arch: [x86_64]
arch: [x86_64, aarch64]
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# QEMU allows us to run ARM64 containers on x86_64 GitHub runners.
- name: Set up QEMU
if: matrix.arch == 'aarch64'
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Build and Test Package - name: Build and Test Package
timeout-minutes: 60 timeout-minutes: 60
env: env:
AUR_PKGNAME: ${{ secrets.AUR_PACKAGE_NAME }} AUR_PKGNAME: ${{ secrets.AUR_PACKAGE_NAME }}
run: | run: |
# Select the appropriate Arch Linux image for the architecture.
if [ "${{ matrix.arch }}" = "x86_64" ]; then
IMAGE="archlinux:latest"
else
IMAGE="agners/archlinuxarm:latest"
fi
# We use a temporary directory to avoid Docker permission issues with the workspace. # We use a temporary directory to avoid Docker permission issues with the workspace.
mkdir -p build-dir mkdir -p build-dir
cp PKGBUILD build-dir/ cp PKGBUILD build-dir/
docker run --rm -v $PWD/build-dir:/pkg -w /pkg $IMAGE /bin/bash -c " docker run --rm -v $PWD/build-dir:/pkg -w /pkg archlinux:latest /bin/bash -c "
# ARCH LINUX SECURITY REQUIREMENT: # ARCH LINUX SECURITY REQUIREMENT:
# 'makepkg' (the tool that builds Arch packages) refuses to run as root for safety. # 'makepkg' (the tool that builds Arch packages) refuses to run as root for safety.
# We must create a standard user and give them sudo access. # We must create a standard user and give them sudo access.
useradd -m builduser
chown -R builduser:builduser /pkg
# Install build-time dependencies. # Install build-time dependencies.
# 'base-devel' includes essential tools like gcc, make, and binutils. # 'base-devel' includes essential tools like gcc, make, and binutils.
pacman -Syu --noconfirm --needed base-devel cargo git sudo cargo-audit # Install 'rust' directly to avoid the interactive virtual-package
# prompt for 'cargo' on current Arch images.
pacman -Syu --noconfirm --needed base-devel rust git sudo cargo-audit
useradd -m builduser
chown -R builduser:builduser /pkg
# Allow the build user to install dependencies during the build process. # Allow the build user to install dependencies during the build process.
echo 'builduser ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/builduser echo 'builduser ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/builduser
# Fetch the source tree first so pkgver() and cargo-audit have a
# real Cargo.lock to inspect.
sudo -u builduser makepkg -o --nobuild --nocheck --nodeps --noprepare
# SECURITY AUDIT: # SECURITY AUDIT:
# Fail early if any dependencies have known security vulnerabilities. # Fail early if any dependencies have known security vulnerabilities.
sudo -u builduser cargo audit sudo -u builduser sh -lc 'cd /pkg/src/numa && cargo audit'
# BUILD & TEST: # BUILD & TEST:
# 'makepkg -s' will: # 'makepkg -s' will:

1
.gitignore vendored
View File

@@ -1,4 +1,5 @@
/target /target
/build-dir
CLAUDE.md CLAUDE.md
docs/ docs/
site/blog/posts/ site/blog/posts/

4
PKGBUILD
View File

@@ -4,13 +4,15 @@ _pkgname=numa
pkgver=0.10.1.r0.g0000000 # Placeholder — pkgver() rewrites this on each makepkg run pkgver=0.10.1.r0.g0000000 # Placeholder — pkgver() rewrites this on each makepkg run
pkgrel=1 pkgrel=1
pkgdesc="Portable DNS resolver in Rust — .numa local domains, ad blocking, developer overrides, DNS-over-HTTPS" pkgdesc="Portable DNS resolver in Rust — .numa local domains, ad blocking, developer overrides, DNS-over-HTTPS"
arch=('x86_64' 'aarch64') arch=('x86_64')
url="https://github.com/razvandimescu/numa" url="https://github.com/razvandimescu/numa"
license=('MIT') license=('MIT')
options=('!lto')
depends=('gcc-libs' 'glibc') depends=('gcc-libs' 'glibc')
makedepends=('cargo' 'git') makedepends=('cargo' 'git')
provides=("$_pkgname") provides=("$_pkgname")
conflicts=("$_pkgname") conflicts=("$_pkgname")
backup=('etc/numa.toml')
source=("$_pkgname::git+$url.git") source=("$_pkgname::git+$url.git")
sha256sums=('SKIP') sha256sums=('SKIP')