From 659c669c9bb010a01a6204896c7f148e145375a5 Mon Sep 17 00:00:00 2001 From: RJ Sampson Date: Thu, 14 Mar 2024 20:29:10 -0600 Subject: [PATCH 1/3] feat(packages): Add Jellyfin Server for managing and streaming media Signed-off-by: RJ Sampson --- jellyfin.yaml | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 jellyfin.yaml diff --git a/jellyfin.yaml b/jellyfin.yaml new file mode 100644 index 0000000000..c74366d961 --- /dev/null +++ b/jellyfin.yaml @@ -0,0 +1,62 @@ +package: + name: jellyfin + version: 10.8.13 + epoch: 0 + description: The Free Software Media System + copyright: + - license: GPL-2.0-only + dependencies: + runtime: + - aspnet-6-runtime + - dotnet-6 + - ffmpeg + +environment: + contents: + packages: + - aspnet-6-runtime + - busybox + - dotnet-6-sdk + - ffmpeg + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/jellyfin/jellyfin + tag: v${{package.version}} + expected-commit: e93d03d8cbff2122d7296f477604146f64758a73 + + - runs: | + # Set runtime arch + if [[ "${{build.arch}}" == "aarch64" ]]; then + runtime_arch="arm64" + elif [[ "${{build.arch}}" == "x86_64" ]]; then + runtime_arch="x64" + fi + + dotnet publish \ + --configuration Release Jellyfin.Server \ + --no-self-contained \ + --output publish \ + --runtime linux-$runtime_arch \ + -p:DebugSymbols=false \ + -p:DebugType=none + + mkdir -p "${{targets.destdir}}"/usr/lib + cp -dr publish "${{targets.destdir}}"/usr/lib/jellyfin + + mkdir -p "${{targets.destdir}}"/usr/bin + ln -s /usr/lib/jellyfin/jellyfin "${{targets.destdir}}"/usr/bin/jellyfin + + - uses: strip + +update: + enabled: true + ignore-regex-patterns: + - '.*alpha.*' + - '.*beta.*' + - '.*rc.*' + github: + identifier: jellyfin/jellyfin + use-tag: true + strip-prefix: v From b2a05895092b5163304b1259390957f47d510182 Mon Sep 17 00:00:00 2001 From: RJ Sampson Date: Thu, 14 Mar 2024 20:54:57 -0600 Subject: [PATCH 2/3] feat(packages): Add Jellyfin Web Signed-off-by: RJ Sampson --- jellyfin-web.yaml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 jellyfin-web.yaml diff --git a/jellyfin-web.yaml b/jellyfin-web.yaml new file mode 100644 index 0000000000..ad98f13f5a --- /dev/null +++ b/jellyfin-web.yaml @@ -0,0 +1,46 @@ +package: + name: jellyfin-web + version: 10.8.13 + epoch: 0 + description: Web Client for Jellyfin + copyright: + - license: GPL-2.0-only + dependencies: + runtime: + - jellyfin + - nodejs + +environment: + contents: + packages: + - busybox + - jellyfin + - nodejs + - npm + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/jellyfin/jellyfin-web + tag: v${{package.version}} + expected-commit: 8e37078b6066715b27fd2dde1f7d1eda216044d9 + + - runs: | + npm ci --no-audit --unsafe-perm + npm run build:production + + mkdir -p "${{targets.destdir}}"/usr/lib/jellyfin/jellyfin-web + cp -r dist/* "${{targets.destdir}}"/usr/lib/jellyfin/jellyfin-web + + - uses: strip + +update: + enabled: true + ignore-regex-patterns: + - '.*alpha.*' + - '.*beta.*' + - '.*rc.*' + github: + identifier: jellyfin/jellyfin-web + use-tag: true + strip-prefix: v From 90a1c14f70ef97a4f00c5c2466eb424fa7b63e45 Mon Sep 17 00:00:00 2001 From: RJ Sampson Date: Thu, 14 Mar 2024 23:57:59 -0600 Subject: [PATCH 3/3] fix(jellyfin): Remediate CVEs Signed-off-by: RJ Sampson --- jellyfin.yaml | 6 ++++++ jellyfin/GHSA-j7hp-h8jx-5ppr.patch | 15 +++++++++++++++ jellyfin/GHSA-qrmm-w75w-3wpx.patch | 13 +++++++++++++ 3 files changed, 34 insertions(+) create mode 100644 jellyfin/GHSA-j7hp-h8jx-5ppr.patch create mode 100644 jellyfin/GHSA-qrmm-w75w-3wpx.patch diff --git a/jellyfin.yaml b/jellyfin.yaml index c74366d961..6224f271d8 100644 --- a/jellyfin.yaml +++ b/jellyfin.yaml @@ -26,6 +26,12 @@ pipeline: tag: v${{package.version}} expected-commit: e93d03d8cbff2122d7296f477604146f64758a73 + - uses: patch + with: + patches: | + GHSA-j7hp-h8jx-5ppr.patch \ + GHSA-qrmm-w75w-3wpx.patch + - runs: | # Set runtime arch if [[ "${{build.arch}}" == "aarch64" ]]; then diff --git a/jellyfin/GHSA-j7hp-h8jx-5ppr.patch b/jellyfin/GHSA-j7hp-h8jx-5ppr.patch new file mode 100644 index 0000000000..97fafa5e9d --- /dev/null +++ b/jellyfin/GHSA-j7hp-h8jx-5ppr.patch @@ -0,0 +1,15 @@ +diff --git a/Jellyfin.Drawing.Skia/Jellyfin.Drawing.Skia.csproj b/Jellyfin.Drawing.Skia/Jellyfin.Drawing.Skia.csproj +index 9debe555e..76a65fa08 100644 +--- a/Jellyfin.Drawing.Skia/Jellyfin.Drawing.Skia.csproj ++++ b/Jellyfin.Drawing.Skia/Jellyfin.Drawing.Skia.csproj +@@ -18,8 +18,8 @@ + + + +- +- ++ ++ + + + diff --git a/jellyfin/GHSA-qrmm-w75w-3wpx.patch b/jellyfin/GHSA-qrmm-w75w-3wpx.patch new file mode 100644 index 0000000000..5e316133e4 --- /dev/null +++ b/jellyfin/GHSA-qrmm-w75w-3wpx.patch @@ -0,0 +1,13 @@ +diff --git a/Jellyfin.Api/Jellyfin.Api.csproj b/Jellyfin.Api/Jellyfin.Api.csproj +index 76831b77b..172a162eb 100644 +--- a/Jellyfin.Api/Jellyfin.Api.csproj ++++ b/Jellyfin.Api/Jellyfin.Api.csproj +@@ -19,7 +19,7 @@ + + + +- ++ + + +