Make package function more compact

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "mullvad-vpn-daemon/mullvadvpn-app"]
+	path = mullvad-vpn-daemon/mullvadvpn-app
+	url = git@github.com:mullvad/mullvadvpn-app-priv.git
+	branch = poc-slint

Dockerfile

@@ -6,17 +6,16 @@ RUN apk update && apk add \
   build-base \
   abuild \
   git \
-	rustup \
+	rust \
-  musl-dev \
+	cargo-auditable \
   pkgconfig \
   protobuf-dev \
   protobuf-dev \
-  libmnl-dev \
+  libmnl libmnl-dev \
-  libnftnl-dev \
+  libnftnl libnftnl-dev \
-  dbus-dev \
+  dbus dbus-dev \
-  fontconfig-dev
+  fontconfig-dev \
-  
+  wayland-dev
-RUN rustup-init -y --default-toolchain stable
 
 # Set pkg-config to use static libraries
 ENV PKG_CONFIG_ALLOW_STATIC=1

README.md

@@ -4,7 +4,7 @@
 
 1. Install `abuild`
 2. Create keys: `abuild-keygen`
-   The keys will end up in ~/.abuild/, and will be mounted into the build container by podma, and will be mounted into the build container.
+   The keys will end up in ~/.abuild/, and will be mounted into the build container.
 3. Remember to keep keys around.
 
 ## Building

docker-build.sh

@@ -4,7 +4,10 @@ set -ex
 cd "$(dirname "$0")"
 
 package="$1"
+shift
+
 builder_image="mullvad-slint-musl-builder"
+cargo_home="${CARGO_HOME:-$HOME/.cargo}"
 . "$HOME/.abuild/abuild.conf"
 
 docker build . -f Dockerfile -t "$builder_image"
@@ -14,10 +17,12 @@ docker run --rm \
     -v "$PACKAGER_PRIVKEY":/key.rsa:ro \
     -v "$PACKAGER_PRIVKEY.pub":/key.rsa.pub:ro \
     -v "$PACKAGER_PRIVKEY.pub":/etc/apk/keys/key.rsa.pub:ro \
-    -v ./target:/cargo-target \
     -v ./packages:/root/packages \
+    -v "$cargo_home":/cargo-home \
+    -e "CARGO_HOME=/cargo-home" \
+    -v ./target:/cargo-target \
     -e "CARGO_TARGET_DIR=/cargo-target" \
     -it \
     "$builder_image" \
-    abuild -F
+    abuild -F "$@"
 

mullvad-vpn-daemon/APKBUILD

@@ -1,75 +1,93 @@
-# Contributor:
+maintainer="Joakim Hulthe <joakim@hulthe.net>"
-# Maintainer: Joakim Hulthe <joakim@hulthe.net>
 pkgname=mullvad-vpn-daemon
-pkgver=2026.1_git
+pkgver=2026.2_beta1
 pkgrel=0
-pkgdesc="Mullvad VPN GUI"
+pkgdesc="Mullvad VPN client (daemon and CLI)"
 url="https://mullvad.net/"
-arch="$(uname -m)"
+# Mullvad depends on old versions of the `nix` library
-license="GPL-3-or-later"
+# which are broken on on loongarch64 and s390x
-depends="
+arch="all !loongarch64 !s390x"
-"
+license="GPL-3.0-or-later"
-# TODO: dbus-dev? also Dockerfile
-# TODO: libmnl-dev? also Dockerfile
-# TODO: libnftnl-dev? also Dockerfile
-# TODO: git? also Dockerfile
 makedepends="
-  build-base
+	cargo-auditable
-	rustup
+	git
-  musl-dev
+	protobuf-dev
-  pkgconfig
+	dbus-dev
-  git
+	libmnl-dev
-  protobuf-dev
+	libnftnl-dev
-  libmnl-dev
-  libnftnl-dev
-  dbus-dev
 "
-checkdepends=""
+install="
-install=""
+	$pkgname.pre-upgrade
-subpackages=""
+	$pkgname.pre-deinstall
-source=""
+	$pkgname-systemd.post-install
-builddir="$srcdir/"
+	$pkgname-systemd.post-upgrade
-options="net !check suid"
+	$pkgname-systemd.pre-deinstall
+"
+subpackages="
+	$pkgname-systemd
+	$pkgname-suid
+"
+source="
+	https://github.com/mullvad/mullvadvpn-app/archive/refs/tags/${pkgver//_/-}.tar.gz
+"
+builddir="$srcdir/mullvadvpn-app-${pkgver//_/-}/"
+options="net suid"
 
-_cargo_target_dir="${CARGO_TARGET_DIR:-$startdir/mullvadvpn-app/target}"
+_cargo_target_dir="${CARGO_TARGET_DIR:-$builddir/target}"
+_cargo_release_dir="$_cargo_target_dir/$CHOST/release"
+
+prepare() {
+	default_prepare
+
+	cargo fetch --target "$CHOST" --locked
+}
 
 build() {
-	# rustup-init -y --default-toolchain stable
+	# Specify `--target` so that build artifacts will be in target/<target>/release
-	source "$HOME/.cargo/env"
+	# This avoids clashes with host system when building in a container.
 
-	cd "$startdir/mullvadvpn-app"
+	# Compile all binaries
+	cargo auditable build --release --frozen \
+		--target "$CHOST" \
+		-p mullvad-cli \
+		-p mullvad-daemon \
+		-p mullvad-exclude \
+		-p mullvad-problem-report \
+		-p mullvad-setup
+}
 
-	local target="$(rustup +stable show active-toolchain | sed 's/^[^-]*-//' | grep -o "^[^ ]*")"
+check() {
-
+	cargo test --target "$CHOST" --frozen
-	# * Force the `stable` toolchain since it's installed in the container.
-	#   We don't wan't to needlessly download rust while building.
-	# * Specify `--target` so that the final binary ends up in target/<target>/release.
-	cargo +stable build --release --locked \
-	    --target "$target" \
-	    -p mullvad-daemon \
-	    -p mullvad-cli \
-	    -p mullvad-exclude \
-	    -p mullvad-problem-report
 }
 
 package() {
-	local target="$(rustup +stable show active-toolchain | sed 's/^[^-]*-//' | grep -o "^[^ ]*")"
+	install -m755 -Dt "$pkgdir/usr/bin/" \
+		"$_cargo_release_dir/mullvad" \
+		"$_cargo_release_dir/mullvad-daemon" \
+		"$_cargo_release_dir/mullvad-problem-report" \
+		"$_cargo_release_dir/mullvad-setup"		
 
-	install -m755 -D "$_cargo_target_dir/$target/release/mullvad-daemon" \
+	# TODO: Bundle a relay list.
-		"$pkgdir"/usr/bin/mullvad-daemon
+	# We can't generate one at build time since that would break build reproducibility.
+	# Once mullvad starts checking a relay list into their release branches, we can bundle that.
+	#install -m644 -D "$builddir/<todo>/relays.json" \
+	#	"$pkgdir/usr/share/mullvad-vpn/relays.json"
+	# TODO: Copy relay list into /var/cache/ in post-upgrade/post-install
 
-	install -m755 -D "$_cargo_target_dir/$target/release/mullvad" \
+	# files in /usr/lib/systemd/ are automatically put in systemd subpackage
-		"$pkgdir"/usr/bin/mullvad
+	install -m755 -Dt "$pkgdir/usr/lib/systemd/system/" \
-
+		"$builddir/dist-assets/linux/mullvad-daemon.service" \
-  # TODO: setuid
+		"$builddir/dist-assets/linux/mullvad-early-boot-blocking.service"
-	install -m755 -D "$_cargo_target_dir/$target/release/mullvad-exclude" \
-		"$pkgdir"/usr/bin/mullvad-exclude
-
-	install -m755 -D "$_cargo_target_dir/$target/release/mullvad-problem-report" \
-		"$pkgdir"/usr/bin/mullvad-problem-report
-	chmod u+s "$pkgdir"/usr/bin/mullvad-problem-report
-
-	# TODO: systemd services
-	# TODO: pre/post(de)install-scripts
 }
 
+suid() {
+	pkgdesc="mullvad-exclude cli for split tunneling"
+	depends="$pkgname=$pkgver-r$pkgrel"
+
+	install -m4755 -Dt "$subpkgdir/usr/bin/" \
+		"$_cargo_release_dir/mullvad-exclude"
+}
+
+sha512sums="
+9af0c263f0e5985d7842099f50a5070da0b23691f08ffe57c3b6d239d2c1c9acea89c07890f31d89bd75448a2dd1fd3c878b85be458baba0bcd90760e714b032  2026.2-beta1.tar.gz
+"

mullvad-vpn-daemon/mullvad-vpn-daemon-systemd.post-install

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -eu
+
+# Enable and start systemd services
+if which systemctl >/dev/null 2>&1 && systemctl is-system-running | grep -vq offline >/dev/null 2>&1; then
+  systemctl enable "/usr/lib/systemd/system/mullvad-daemon.service"
+  systemctl start mullvad-daemon.service || echo "Failed to start mullvad-daemon.service"
+  systemctl enable "/usr/lib/systemd/system/mullvad-early-boot-blocking.service"
+fi

mullvad-vpn-daemon/mullvad-vpn-daemon-systemd.post-upgrade

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -eu
+
+# Enable and start systemd services
+if which systemctl >/dev/null 2>&1 && systemctl is-system-running | grep -vq offline >/dev/null 2>&1; then
+  systemctl enable "/usr/lib/systemd/system/mullvad-daemon.service"
+  systemctl start mullvad-daemon.service || echo "Failed to start mullvad-daemon.service"
+  systemctl enable "/usr/lib/systemd/system/mullvad-early-boot-blocking.service"
+fi

mullvad-vpn-daemon/mullvad-vpn-daemon-systemd.pre-deinstall

@@ -0,0 +1,8 @@
+#!/bin/sh
+set -eu
+
+# Stop and disable all mullvad services
+systemctl stop mullvad-daemon.service || true
+systemctl disable mullvad-daemon.service || true
+systemctl stop mullvad-early-boot-blocking.service || true
+systemctl disable mullvad-early-boot-blocking.service || true

mullvad-vpn-daemon/mullvad-vpn-daemon.post-install

@@ -0,0 +1,8 @@
+#!/bin/sh
+set -eu
+
+# TODO: see `package()` in APKBUILD
+# Copy vendored relay list into place
+# mkdir -p /var/cache/mullvad-vpn \
+#   && cp /usr/share/mullvad-vpn/relays.json /var/cache/mullvad-vpn/relays.json \
+#   || echo "failed to install /var/cache/mullvad-vpn/relays.json"

mullvad-vpn-daemon/mullvad-vpn-daemon.post-upgrade

@@ -0,0 +1,8 @@
+#!/bin/sh
+set -eu
+
+# TODO: see `package()` in APKBUILD
+# Overwrite the cached relay list with the vendored one.
+# mkdir -p /var/cache/mullvad-vpn \
+#   && cp /usr/share/mullvad-vpn/relays.json /var/cache/mullvad-vpn/relays.json \
+#   || echo "failed to install /var/cache/mullvad-vpn/relays.json"

mullvad-vpn-daemon/mullvad-vpn-daemon.pre-deinstall

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -eu
+
+# Log out and remove any firewall rules
+mullvad-setup reset-firewall || echo "Failed to reset firewall"
+mullvad-setup remove-device || echo "Failed to remove device from account"

mullvad-vpn-daemon/mullvad-vpn-daemon.pre-upgrade

@@ -0,0 +1,18 @@
+#!/bin/sh
+set -eu
+
+# Stop the daemon gracefully, and set up firewall rules to prevent network
+# leaks during upgrade.
+if which systemctl >/dev/null 2>&1 && systemctl is-system-running | grep -vq offline >/dev/null 2>&1; then
+    if systemctl status mullvad-daemon >/dev/null 2>&1; then
+        mullvad-setup prepare-restart || true
+        systemctl stop mullvad-daemon.service
+        systemctl disable mullvad-daemon.service
+        systemctl disable mullvad-early-boot-blocking.service || true
+        cp /var/log/mullvad-vpn/daemon.log /var/log/mullvad-vpn/old-install-daemon.log \
+            || echo "Failed to copy old daemon log"
+    fi
+fi
+
+# Clear the cached API IP address.
+rm -f /var/cache/mullvad-vpn/api-ip-address.txt

mullvad-vpn-slint/APKBUILD

@@ -2,22 +2,23 @@
 # Maintainer: Joakim Hulthe <joakim@hulthe.net>
 pkgname=mullvad-vpn-slint
 pkgver=2026.1_git
-pkgrel=0
+pkgrel=4
 pkgdesc="Mullvad VPN GUI"
 url="https://mullvad.net/"
-arch="$(uname -m)"
+arch="all"
 license="GPL-3-or-later"
 # TODO: maybe depend on mullvad-vpn-daemon?
 depends="
 "
 makedepends="
-  build-base
+	build-base
-	rustup
+	cargo-auditable
-  musl-dev
+	rust
-  pkgconfig
+	pkgconfig
-  protobuf-dev
+	protobuf-dev
-  fontconfig-dev
+	fontconfig-dev
-  dbus-dev
+	dbus-dev
+	wayland-dev
 "
 checkdepends=""
 install=""
@@ -28,30 +29,57 @@ options="net !check"
 
 _cargo_target_dir="${CARGO_TARGET_DIR:-$startdir/mullvadvpn-app/target}"
 
-build() {
+prepare() {
-	# rustup-init -y --default-toolchain stable
+	default_prepare
-	source "$HOME/.cargo/env"
 
 	cd "$startdir/mullvadvpn-app"
+	cargo fetch --target "$CHOST" --locked
+}
 
-	# rustup default stable
+build() {
-	local target="$(rustup +stable show active-toolchain | sed 's/^[^-]*-//' | grep -o "^[^ ]*")"
+	cd "$startdir/mullvadvpn-app"
 
-	# * Force the `stable` toolchain since it's installed in the container.
+	# Specify `--target` so that the final binary ends up in target/<target>/release.
-	#   We don't wan't to needlessly download rust while building.
+	cargo build --release --locked \
-	# * Specify `--target` so that the final binary ends up in target/<target>/release.
+	    --target "$CHOST" \
-	cargo +stable build --release --locked \
-	    --target "$target" \
 	    -p mullvad-slint
 }
 
 package() {
-	local target="$(rustup +stable show active-toolchain | sed 's/^[^-]*-//' | grep -o "^[^ ]*")"
+	# Executable
-
+	install -m755 -D "$_cargo_target_dir/$CHOST/release/mullvad-slint" \
-	# TODO: .desktop
-	# TODO: icon
-
-	install -m755 -D "$_cargo_target_dir/$target/release/mullvad-slint" \
 		"$pkgdir"/usr/bin/mullvad-slint
+
+	# .desktop file
+	install -m644 -D "$startdir/mullvadvpn-app/dist-assets/linux/slint/mullvad-vpn-slint.desktop" \
+		"$pkgdir"/usr/share/applications/mullvad-vpn-slint.desktop
+	
+  # Icons
+	install -m644 -D "$startdir/mullvadvpn-app/dist-assets/linux/slint/16x16/apps/mullvad.png" \
+		"$pkgdir"/usr/share/icons/hicolor/16x16/apps/mullvad.png
+	install -m644 -D "$startdir/mullvadvpn-app/dist-assets/linux/slint/20x20/apps/mullvad.png" \
+		"$pkgdir"/usr/share/icons/hicolor/20x20/apps/mullvad.png
+	install -m644 -D "$startdir/mullvadvpn-app/dist-assets/linux/slint/24x24/apps/mullvad.png" \
+		"$pkgdir"/usr/share/icons/hicolor/24x24/apps/mullvad.png
+	install -m644 -D "$startdir/mullvadvpn-app/dist-assets/linux/slint/30x30/apps/mullvad.png" \
+		"$pkgdir"/usr/share/icons/hicolor/30x30/apps/mullvad.png
+	install -m644 -D "$startdir/mullvadvpn-app/dist-assets/linux/slint/32x32/apps/mullvad.png" \
+		"$pkgdir"/usr/share/icons/hicolor/32x32/apps/mullvad.png
+	install -m644 -D "$startdir/mullvadvpn-app/dist-assets/linux/slint/36x36/apps/mullvad.png" \
+		"$pkgdir"/usr/share/icons/hicolor/36x36/apps/mullvad.png
+	install -m644 -D "$startdir/mullvadvpn-app/dist-assets/linux/slint/40x40/apps/mullvad.png" \
+		"$pkgdir"/usr/share/icons/hicolor/40x40/apps/mullvad.png
+	install -m644 -D "$startdir/mullvadvpn-app/dist-assets/linux/slint/48x48/apps/mullvad.png" \
+		"$pkgdir"/usr/share/icons/hicolor/48x48/apps/mullvad.png
+	install -m644 -D "$startdir/mullvadvpn-app/dist-assets/linux/slint/64x64/apps/mullvad.png" \
+		"$pkgdir"/usr/share/icons/hicolor/64x64/apps/mullvad.png
+	install -m644 -D "$startdir/mullvadvpn-app/dist-assets/linux/slint/72x72/apps/mullvad.png" \
+		"$pkgdir"/usr/share/icons/hicolor/72x72/apps/mullvad.png
+	install -m644 -D "$startdir/mullvadvpn-app/dist-assets/linux/slint/96x96/apps/mullvad.png" \
+		"$pkgdir"/usr/share/icons/hicolor/96x96/apps/mullvad.png
+	install -m644 -D "$startdir/mullvadvpn-app/dist-assets/linux/slint/256x256/apps/mullvad.png" \
+		"$pkgdir"/usr/share/icons/hicolor/256x256/apps/mullvad.png
+	install -m644 -D "$startdir/mullvadvpn-app/dist-assets/linux/slint/512x512/apps/mullvad.png" \
+		"$pkgdir"/usr/share/icons/hicolor/512x512/apps/mullvad.png
 }
 

podman-build.sh

@@ -4,7 +4,10 @@ set -ex
 cd "$(dirname "$0")"
 
 package="$1"
+shift
+
 builder_image="mullvad-slint-musl-builder"
+cargo_home="${CARGO_HOME:-$HOME/.cargo}"
 . "$HOME/.abuild/abuild.conf"
 
 podman build . -f Dockerfile -t "$builder_image"
@@ -14,10 +17,12 @@ podman run --rm \
     -v "$PACKAGER_PRIVKEY":/key.rsa:ro \
     -v "$PACKAGER_PRIVKEY.pub":/key.rsa.pub:ro \
     -v "$PACKAGER_PRIVKEY.pub":/etc/apk/keys/key.rsa.pub:ro \
-    -v ./target:/cargo-target \
     -v ./packages:/root/packages \
+    -v "$cargo_home":/cargo-home \
+    -e "CARGO_HOME=/cargo-home" \
+    -v ./target:/cargo-target \
     -e "CARGO_TARGET_DIR=/cargo-target" \
     -it \
     "$builder_image" \
-    abuild -F
+    abuild -F "$@"