build_gitea: multi arch/cross-compile support

Notable changes:
-> move Nginx build repository from hg.nginx.org to github
-> add freenginx

Minor changes:
-> force lower case on user input variable
-> Permission fix
---------

Signed-off-by: minoplhy <c@3qx.nl>

alpine-initramfs-dropbear/dropbear/unlock_disk

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+set -- $(cat /proc/cmdline)
+
+for opt; do
+	case "$opt" in
+		cryptroot=*)
+			KOPT_cryptroot=${opt#cryptroot=}
+			continue
+			;;
+		cryptdm=*)
+			KOPT_cryptdm=${opt#cryptdm=}
+			continue
+			;;
+		root=*)
+			KOPT_root=${opt#root=}
+			continue
+			;;
+	esac
+done
+
+while [ ! -b /dev/mapper/${KOPT_cryptdm} ]; do
+	/sbin/nlplug-findfs -c ${KOPT_cryptroot} -m ${KOPT_cryptdm} ${KOPT_debug_init:+-d} -p /sbin/mdev ${KOPT_root}
+	sleep 2
+done
+
+# Kill all struck nlplug-findfs jobs and dropbear
+killall -9 nlplug-findfs
+killall -9 dropbear

alpine-initramfs-dropbear/features.d/dropbear.files

@@ -0,0 +1,3 @@
+/usr/sbin/dropbear
+/sbin/cryptsetup
+/etc/dropbear/*

alpine-initramfs-dropbear/features.d/dropbear.modules

@@ -0,0 +1,3 @@
+kernel/crypto/*
+kernel/arch/*/crypto/*
+kernel/drivers/md/dm-crypt.ko

build_gitea/Linux/init.d/gitea.initd

@@ -0,0 +1,32 @@
+#!/sbin/openrc-run
+
+supervisor=supervise-daemon
+name=gitea
+command="/usr/bin/gitea"
+command_user="${GITEA_USER:-gitea}"
+command_args="web --config '${GITEA_CONF:-/etc/gitea/app.ini}'"
+supervise_daemon_args="--env GITEA_WORK_DIR='${GITEA_WORK_DIR:-/var/lib/gitea}' --chdir '${GITEA_WORK_DIR:-/var/lib/gitea}' --stdout '${GITEA_LOG_FILE:-/var/log/gitea/http.log}' --stderr '${GITEA_LOG_FILE:-/var/log/gitea/http.log}'"
+pidfile="/run/gitea.pid"
+extra_started_commands="reopen_log"
+capabilities="^cap_net_bind_service"
+
+depend() {
+  use logger dns
+  need net
+  after firewall mysql postgresql
+}
+
+#https://github.com/go-gitea/gitea/issues/17976
+#reload() {
+#  ebegin "Reloading ${RC_SVCNAME}"
+#  ${supervisor} ${RC_SVCNAME} --signal HUP --pidfile "${pidfile}"
+#  eend $?
+#}
+
+reopen_log() {
+  ebegin "Reopening logfile for ${RC_SVCNAME}"
+  ${supervisor} ${RC_SVCNAME} --signal USR1 --pidfile "${pidfile}"
+  eend $?
+}
+
+# Taken from https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/community/gitea/gitea.initd

build_gitea/README.md

@@ -15,21 +15,63 @@ curl -L https://github.com/minoplhy/scriptbox/raw/main/build_gitea/Linux/build.s
 ```bash
 while [ ${#} -gt 0 ]; do
     case "$1" in
-        --git-tag | -v) 
+        --git-tag | -v)
             shift
             GITEA_GIT_TAG=$1
             ;;                          # Gitea Git Tag
-        --golang-version | -g) 
+        --golang-version | -g)
             shift
-            GO_VERSION=$1 
+            GO_VERSION=$1
             ;;                          # GOLANG Version
-        --nodejs-version | -n) 
+        --nodejs-version | -n)
             shift
-            NODEJS_VERSION=$1 
+            NODEJS_VERSION=$1
             ;;                          # NodeJS Version
-        --static | -s) 
-            BUILD_STATIC=true 
-            ;;                          # Build as Static Assets file
+        --static | -s)
+            BUILD_STATIC=true
+            ;;                          # Also Build Static Assets file
+        --type=* )
+            BUILD_TYPE="${1#*=}"
+            BUILD_TYPE="${BUILD_TYPE,,}"
+            case $BUILD_TYPE in
+                "gitea")                    BUILD_TYPE="gitea"      ;;
+                "forgejo")                  BUILD_TYPE="forgejo"    ;;
+                "")
+                    echo "ERROR : --type= is empty!"
+                    exit 1
+                    ;;
+                *)
+                    echo "ERROR :  Vaild values for --type are -> gitea, forgejo"
+                    exit 1
+                    ;;
+            esac
+            ;;
+        --patch=* )
+            PATCH_FILES="${1#*=}"
+            case $PATCH_FILES in
+                "")
+                    echo "ERROR: --patch= is empty!"
+                    exit 1
+                    ;;
+                *)
+                    ;;
+            esac                                                    # Add Patches to your Gitea build. Format -> patch1.patch or patch1.patch,https://patch (Absolute path)
+            ;;
+        --build-arch=* )
+            BUILD_ARCH="${1#*=}"
+            case $BUILD_ARCH in
+                "x86_64")   BUILD_ARCH="x86_64"          ;;
+                "aarch64")  BUILD_ARCH="aarch64"         ;;
+                "")
+                    echo "ERROR : --build-arch= is empty!"
+                    exit 1
+                    ;;
+                *)
+                    echo "ERROR :  Vaild values for --build-arch are -> x86_64, aarch64"
+                    exit 1
+                    ;;
+            esac                                                    # Architect for your binary to be build. This is for Cross-compiling etc.
+            ;;
         *)
             ;;
     esac
@@ -39,4 +81,5 @@ done
 
 # Known Issues
 
+- For Alpine Linux: to get `npm` installation working, please ensure community package is enable in `/etc/apk/repositories`
 - This script required root privileges because of dependencies installation, which is hard to avoid.

cryptsetup-veracrypt/cryptsetup-veracrypt.sh

@@ -0,0 +1,82 @@
+#!/bin/bash
+
+#   Veracrypt Cryptsetup script.
+#   
+#   Mount Veracrypt drive using cryptsetup
+#   Currently, only working as promting script, CLI style is not Yet supported.
+
+mount(){
+    ${SUDOERS} cryptsetup --type tcrypt --veracrypt open /dev/$drive $container_name
+
+    if [ -e "/dev/mapper/$container_name" ]; then
+        ${SUDOERS} mkdir -p "/mnt/$container_name"
+        printf "Directory /mnt/%s created.\n" $container_name
+    else
+        printf "Device /dev/mapper/%s does not exist.\n" $container_name
+        exit 1
+    fi
+
+
+    ${SUDOERS} mount ${MOUNT_PARAMETERS[@]} /dev/mapper/$container_name /mnt/$container_name
+}
+
+unmount(){
+    ${SUDOERS} umount /mnt/$container_name
+    
+    if [ -e "/dev/mapper/$container_name" ]; then
+        DIRECTORY_CLEANUP=true
+    else
+        printf "Device /dev/mapper/%s does not exist.\n" $container_name
+        exit 1
+    fi
+
+    ${SUDOERS} cryptsetup close /dev/mapper/$container_name
+
+    if [[ "$DIRECTORY_CLEANUP" == true ]]; then
+        ${SUDOERS} rmdir /mnt/$container_name
+    fi
+}
+
+prompting() {
+    MODE=$1
+    printf "Available Disks:\n%s\n\nChoose: " "$DISKS"
+    read drive
+
+    printf "\nSelect Container Name: "
+    read container_name
+
+    case $MODE in
+        "mount") mount_permission_prompt && mount;;
+        "unmount") unmount;;
+    esac
+}
+
+mount_permission_prompt() {
+    printf "Currently the Mount Parameters is hardcoded, so you have not much choice!\n"
+    printf "Mounting with '-o umask=000' (Y/n)? "
+    read mount_permission
+    case $mount_permission in
+        "Y"|"y") MOUNT_PARAMETERS+="-o umask=000"   ;;
+        "N"|"n")                                    ;;
+        *)       mount_permission_prompt            ;;
+    esac
+}
+
+if sudo --validate; then
+    SUDOERS=sudo
+else
+    SUDOERS=""
+fi
+
+DISKS=$(lsblk -n -o NAME,SIZE,TYPE)
+MOUNT_PARAMETERS=()
+
+printf "NOTICE! This script is intended to work with Veracrypt drives in linux only!\n"
+printf "Mode: mount/unmount -> "
+read MODE
+
+MODE="${MODE,,}"
+case $MODE in
+    "mount") prompting "mount";;
+    "unmount"|"umount") prompting "unmount";;
+esac

gitea-patches/Readme.md

@@ -0,0 +1,7 @@
+# Gitea Patches
+
+`gitea-v1.22.3-activitypub.patch` Security/Privacy improvement for Gitea and Forgejo(the patch is focused on Gitea but should've work on forgejo too!). Return a fake 404 Page when user visiblity is either "private" or "limited"
+
+`gitea-v1.22.3-no-contributorStats.patch` Gitea's Activity: "Recent Commit" "Code Frequency" "Contributors" is a resource-intensive tasks. This could turn small device into flames! This patch is remove 'ContributorStats'.
+
+`gitea-v1.22.3-no-contributorStats-all.patch` same as above, But this patch also remove paths from web.go and templates

gitea-patches/gitea-v1.22.3-activitypub.patch

@@ -0,0 +1,27 @@
+diff --git a/routers/api/v1/activitypub/person.go b/routers/api/v1/activitypub/person.go
+index 995a148f0b..10043fcbe1 100644
+--- a/routers/api/v1/activitypub/person.go
++++ b/routers/api/v1/activitypub/person.go
+@@ -8,6 +8,7 @@ import (
+ 	"net/http"
+ 	"strings"
+ 
++	user_model "code.gitea.io/gitea/models/user"
+ 	"code.gitea.io/gitea/modules/activitypub"
+ 	"code.gitea.io/gitea/modules/log"
+ 	"code.gitea.io/gitea/modules/setting"
+@@ -36,6 +37,14 @@ func Person(ctx *context.APIContext) {
+ 
+ 	// TODO: the setting.AppURL during the test doesn't follow the definition: "It always has a '/' suffix"
+ 	link := fmt.Sprintf("%s/api/v1/activitypub/user-id/%d", strings.TrimSuffix(setting.AppURL, "/"), ctx.ContextUser.ID)
++
++	// Fake 404 Error when user visiblity is private/limited
++	if ctx.ContextUser.Visibility.IsPrivate() || ctx.ContextUser.Visibility.IsLimited() {
++		// ctx.Error(status, title, obj)
++		ctx.Error(http.StatusNotFound, "", user_model.ErrUserNotExist{UID: ctx.ContextUser.ID}.Error())
++		return
++	}
++
+ 	person := ap.PersonNew(ap.IRI(link))
+ 
+ 	person.Name = ap.NaturalLanguageValuesNew()