Fix install-scripts, and bundle relay list

.gitmodules

@@ -2,3 +2,7 @@
 	path = mullvad-vpn-daemon/mullvadvpn-app
 	url = git@github.com:mullvad/mullvadvpn-app-priv.git
 	branch = poc-slint
+[submodule "mullvad-vpn-slint/mullvadvpn-app"]
+	path = mullvad-vpn-slint/mullvadvpn-app
+	url = git@github.com:mullvad/mullvadvpn-app-priv.git
+	branch = poc-slint

docker-build.sh

@@ -4,8 +4,6 @@ set -ex
 cd "$(dirname "$0")"
 
 package="$1"
-shift
-
 builder_image="mullvad-slint-musl-builder"
 cargo_home="${CARGO_HOME:-$HOME/.cargo}"
 . "$HOME/.abuild/abuild.conf"
@@ -24,5 +22,5 @@ docker run --rm \
     -e "CARGO_TARGET_DIR=/cargo-target" \
     -it \
     "$builder_image" \
-    abuild -F "$@"
+    abuild -F
 

mullvad-vpn-daemon/APKBUILD

@@ -1,93 +1,105 @@
-maintainer="Joakim Hulthe <joakim@hulthe.net>"
+# Contributor:
+# Maintainer: Joakim Hulthe <joakim@hulthe.net>
 pkgname=mullvad-vpn-daemon
-pkgver=2026.2_beta1
+pkgver=2026.1_git
-pkgrel=0
+pkgrel=4
-pkgdesc="Mullvad VPN client (daemon and CLI)"
+pkgdesc="Mullvad VPN system service"
 url="https://mullvad.net/"
-# Mullvad depends on old versions of the `nix` library
+arch="all"
-# which are broken on on loongarch64 and s390x
+license="GPL-3-or-later"
-arch="all !loongarch64 !s390x"
+depends="
-license="GPL-3.0-or-later"
+	dbus
+	libmnl
+	libnftnl
+"
 makedepends="
+	build-base
 	cargo-auditable
+	rust
+	pkgconfig
 	git
 	protobuf-dev
 	dbus-dev
 	libmnl-dev
 	libnftnl-dev
 "
+checkdepends=""
 install="
+	$pkgname.post-install
 	$pkgname.pre-upgrade
+	$pkgname.post-upgrade
 	$pkgname.pre-deinstall
+	$pkgname.post-deinstall
  	$pkgname-systemd.post-install
 	$pkgname-systemd.post-upgrade
-	$pkgname-systemd.pre-deinstall
 "
-subpackages="
+subpackages="$pkgname-systemd"
-	$pkgname-systemd
+source=""
-	$pkgname-suid
+builddir="$srcdir/"
-"
-source="
-	https://github.com/mullvad/mullvadvpn-app/archive/refs/tags/${pkgver//_/-}.tar.gz
-"
-builddir="$srcdir/mullvadvpn-app-${pkgver//_/-}/"
 options="net suid"
 
-_cargo_target_dir="${CARGO_TARGET_DIR:-$builddir/target}"
+_cargo_target_dir="${CARGO_TARGET_DIR:-$startdir/mullvadvpn-app/target}"
-_cargo_release_dir="$_cargo_target_dir/$CHOST/release"
 
 prepare() {
 	default_prepare
 
+	cd "$startdir/mullvadvpn-app"
 	cargo fetch --target "$CHOST" --locked
 }
 
 build() {
-	# Specify `--target` so that build artifacts will be in target/<target>/release
+	cd "$startdir/mullvadvpn-app"
-	# This avoids clashes with host system when building in a container.
+
+	# Specify `--target` so that the build artifacts ends up in target/<target>/release to
+	# avoid clashes with host system when running in a container with a mounted target folder.
 
 	# Compile all binaries
-	cargo auditable build --release --frozen \
+	cargo auditable build --release --locked \
 	    --target "$CHOST" \
 	    -p mullvad-cli \
 	    -p mullvad-daemon \
 	    -p mullvad-exclude \
 	    -p mullvad-problem-report \
 	    -p mullvad-setup
+
+	# Generate vendored relay list
+	cargo run --release --locked \
+	    -p mullvad-api --bin relay_list \
+	    --target "$CHOST" \
+	    > "$builddir/relays.json"
 }
 
 check() {
+	cd "$startdir/mullvadvpn-app"
 	cargo test --target "$CHOST" --frozen
 }
 
 package() {
-	install -m755 -Dt "$pkgdir/usr/bin/" \
+	install -m755 -D "$_cargo_target_dir/$CHOST/release/mullvad" \
-		"$_cargo_release_dir/mullvad" \
+		"$pkgdir"/usr/bin/mullvad
-		"$_cargo_release_dir/mullvad-daemon" \
-		"$_cargo_release_dir/mullvad-problem-report" \
-		"$_cargo_release_dir/mullvad-setup"		
 
-	# TODO: Bundle a relay list.
+	install -m755 -D "$_cargo_target_dir/$CHOST/release/mullvad-daemon" \
-	# We can't generate one at build time since that would break build reproducibility.
+		"$pkgdir"/usr/bin/mullvad-daemon
-	# Once mullvad starts checking a relay list into their release branches, we can bundle that.
-	#install -m644 -D "$builddir/<todo>/relays.json" \
-	#	"$pkgdir/usr/share/mullvad-vpn/relays.json"
-	# TODO: Copy relay list into /var/cache/ in post-upgrade/post-install
 
-	# files in /usr/lib/systemd/ are automatically put in systemd subpackage
+	# mullvad-exclude requires setuid
-	install -m755 -Dt "$pkgdir/usr/lib/systemd/system/" \
+	install -m4755 -D "$_cargo_target_dir/$CHOST/release/mullvad-exclude" \
-		"$builddir/dist-assets/linux/mullvad-daemon.service" \
+		"$pkgdir"/usr/bin/mullvad-exclude
-		"$builddir/dist-assets/linux/mullvad-early-boot-blocking.service"
+
+	install -m755 -D "$_cargo_target_dir/$CHOST/release/mullvad-problem-report" \
+		"$pkgdir"/usr/bin/mullvad-problem-report
+
+	install -m755 -D "$_cargo_target_dir/$CHOST/release/mullvad-setup" \
+		"$pkgdir"/usr/bin/mullvad-setup
+
+	# Bundle the vendored relay list. It's copied to /var/cache/mullvad-vpn/ by the post-* scripts.
+	install -m644 -D "$builddir/relays.json" \
+		"$pkgdir"/usr/share/mullvad-vpn/relays.json
 }
 
-suid() {
+systemd() {
-	pkgdesc="mullvad-exclude cli for split tunneling"
+	install -m755 -D "$startdir/mullvadvpn-app/dist-assets/linux/mullvad-daemon.service" \
-	depends="$pkgname=$pkgver-r$pkgrel"
+		"$subpkgdir"/usr/lib/systemd/system/mullvad-daemon.service
 
-	install -m4755 -Dt "$subpkgdir/usr/bin/" \
+	install -m755 -D "$startdir/mullvadvpn-app/dist-assets/linux/mullvad-early-boot-blocking.service" \
-		"$_cargo_release_dir/mullvad-exclude"
+		"$subpkgdir"/usr/lib/systemd/system/mullvad-early-boot-blocking.service
 }
-
-sha512sums="
-9af0c263f0e5985d7842099f50a5070da0b23691f08ffe57c3b6d239d2c1c9acea89c07890f31d89bd75448a2dd1fd3c878b85be458baba0bcd90760e714b032  2026.2-beta1.tar.gz
-"

mullvad-vpn-daemon/mullvad-vpn-daemon-systemd.post-install

@@ -1,9 +1,13 @@
-#!/bin/sh
+#!/usr/bin/env bash
 set -eu
 
-# Enable and start systemd services
+echo "mullvad-systemd post-install"
-if which systemctl >/dev/null 2>&1 && systemctl is-system-running | grep -vq offline >/dev/null 2>&1; then
+# Are we running systemd?
+if which systemctl &> /dev/null && systemctl is-system-running | grep -vq offline &> /dev/null; then
+    # Does `mullvad-daemon.service` exist?
+    if systemctl list-unit-files mullvad-daemon.service &> /dev/null; then
       systemctl enable "/usr/lib/systemd/system/mullvad-daemon.service"
       systemctl start mullvad-daemon.service || echo "Failed to start mullvad-daemon.service"
       systemctl enable "/usr/lib/systemd/system/mullvad-early-boot-blocking.service"
     fi
+fi

mullvad-vpn-daemon/mullvad-vpn-daemon-systemd.post-upgrade

@@ -1,9 +1,25 @@
-#!/bin/sh
+#!/usr/bin/env bash
 set -eu
 
-# Enable and start systemd services
+echo "mullvad-systemd post-upgrade"
-if which systemctl >/dev/null 2>&1 && systemctl is-system-running | grep -vq offline >/dev/null 2>&1; then
+# Are we running systemd?
+if which systemctl &> /dev/null && systemctl is-system-running | grep -vq offline &> /dev/null; then
+    echo "systemctl exists and is running"
+    # Does `mullvad-daemon.service` exist?
+    if systemctl list-unit-files mullvad-daemon.service &> /dev/null; then
+      echo "enable mullvad-daemon"
       systemctl enable "/usr/lib/systemd/system/mullvad-daemon.service"
+      echo "start mullvad-daemon"
       systemctl start mullvad-daemon.service || echo "Failed to start mullvad-daemon.service"
+      echo "enable mullvad-early-boot-blocking"
       systemctl enable "/usr/lib/systemd/system/mullvad-early-boot-blocking.service"
+    else
+      echo "mullvad-daemon.service does not exist!!"
+      systemctl list-unit-files mullvad-daemon.service
     fi
+else
+    echo "systemctl does not exit!"
+fi
+
+echo "sleep 5"
+sleep 5

mullvad-vpn-daemon/mullvad-vpn-daemon-systemd.pre-deinstall

@@ -1,8 +0,0 @@
-#!/bin/sh
-set -eu
-
-# Stop and disable all mullvad services
-systemctl stop mullvad-daemon.service || true
-systemctl disable mullvad-daemon.service || true
-systemctl stop mullvad-early-boot-blocking.service || true
-systemctl disable mullvad-early-boot-blocking.service || true

mullvad-vpn-daemon/mullvad-vpn-daemon.post-deinstall

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -eu
+
+echo "mullvad post-deinstall"
+
+rm -r --interactive=never /var/log/mullvad-vpn/ || \
+  echo "Failed to remove mullvad-vpn logs"
+rm -r --interactive=never /var/cache/mullvad-vpn/ || \
+  echo "Failed to remove mullvad-vpn cache"
+rm -r --interactive=never /etc/mullvad-vpn || \
+  echo "Failed to remove mullvad-vpn config"

mullvad-vpn-daemon/mullvad-vpn-daemon.post-install

@@ -1,8 +1,9 @@
-#!/bin/sh
+#!/usr/bin/env bash
 set -eu
 
-# TODO: see `package()` in APKBUILD
+echo "mullvad post-install"
-# Copy vendored relay list into place
+
-# mkdir -p /var/cache/mullvad-vpn \
+# Overwrite the cached relay list with the one embedded in the package.
-#   && cp /usr/share/mullvad-vpn/relays.json /var/cache/mullvad-vpn/relays.json \
+mkdir -p /var/cache/mullvad-vpn \
-#   || echo "failed to install /var/cache/mullvad-vpn/relays.json"
+  && cp /usr/share/mullvad-vpn/relays.json /var/cache/mullvad-vpn/relays.json \
+  || echo "failed to install /var/cache/mullvad-vpn/relays.json"

mullvad-vpn-daemon/mullvad-vpn-daemon.post-upgrade

@@ -1,8 +1,8 @@
-#!/bin/sh
+#!/usr/bin/env bash
 set -eu
 
-# TODO: see `package()` in APKBUILD
+echo "mullvad post-upgrade"
-# Overwrite the cached relay list with the vendored one.
+
-# mkdir -p /var/cache/mullvad-vpn \
+# Overwrite the cached relay list with the one embedded in the package.
-#   && cp /usr/share/mullvad-vpn/relays.json /var/cache/mullvad-vpn/relays.json \
+mkdir /var/cache/mullvad-vpn
-#   || echo "failed to install /var/cache/mullvad-vpn/relays.json"
+cp /usr/share/mullvad-vpn/relays.json /var/cache/mullvad-vpn/relays.json

mullvad-vpn-daemon/mullvad-vpn-daemon.pre-deinstall

@@ -1,6 +1,23 @@
-#!/bin/sh
+#!/usr/bin/env bash
 set -eu
 
-# Log out and remove any firewall rules
+echo "mullvad pre-deinstall"
+is_number_re='^[0-9]+$'
+# Check if we're running during an upgrade step on Fedora
+# https://fedoraproject.org/wiki/Packaging:Scriptlets#Syntax
+if [[ "$1" =~ $is_number_re ]] && [ "$1" -gt 0 ]; then
+    exit 0;
+fi
+
+if [[ "$1" == "upgrade" ]]; then
+    exit 0;
+fi
+
+# the user might've disabled or stopped the service themselves already
+systemctl stop mullvad-daemon.service || true
+systemctl disable mullvad-daemon.service || true
+systemctl stop mullvad-early-boot-blocking.service || true
+systemctl disable mullvad-early-boot-blocking.service || true
+
 mullvad-setup reset-firewall || echo "Failed to reset firewall"
 mullvad-setup remove-device || echo "Failed to remove device from account"

mullvad-vpn-daemon/mullvad-vpn-daemon.pre-upgrade

@@ -1,10 +1,11 @@
-#!/bin/sh
+#!/usr/bin/env bash
 set -eu
 
-# Stop the daemon gracefully, and set up firewall rules to prevent network
+echo "mullvad pre-upgrade"
-# leaks during upgrade.
+# Are we running systemd?
-if which systemctl >/dev/null 2>&1 && systemctl is-system-running | grep -vq offline >/dev/null 2>&1; then
+if which systemctl &> /dev/null && systemctl is-system-running | grep -vq offline &> /dev/null; then
-    if systemctl status mullvad-daemon >/dev/null 2>&1; then
+    # Is `mullvad-daemon.service` running?
+    if systemctl status mullvad-daemon &> /dev/null; then
         mullvad-setup prepare-restart || true
         systemctl stop mullvad-daemon.service
         systemctl disable mullvad-daemon.service
@@ -14,5 +15,5 @@ if which systemctl >/dev/null 2>&1 && systemctl is-system-running | grep -vq off
     fi
 fi
 
-# Clear the cached API IP address.
+# Since we are upgrading mullvad-daemon, it will probably have current IP baked into itself.
 rm -f /var/cache/mullvad-vpn/api-ip-address.txt

podman-build.sh

@@ -4,8 +4,6 @@ set -ex
 cd "$(dirname "$0")"
 
 package="$1"
-shift
-
 builder_image="mullvad-slint-musl-builder"
 cargo_home="${CARGO_HOME:-$HOME/.cargo}"
 . "$HOME/.abuild/abuild.conf"
@@ -24,5 +22,5 @@ podman run --rm \
     -e "CARGO_TARGET_DIR=/cargo-target" \
     -it \
     "$builder_image" \
-    abuild -F "$@"
+    abuild -F