From 75bfc763752fd286b63ef5afbc5780042f26ebbe Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Sat, 17 Dec 2022 15:26:14 -0500
Subject: [PATCH] community/dotnet6-runtime: security upgrade to 6.0.12

---
 community/dotnet6-runtime/APKBUILD  |   7 +-
 community/dotnet6-runtime/README.md | 162 ++++++++++++++++++++++++----
 2 files changed, 147 insertions(+), 22 deletions(-)

diff --git a/community/dotnet6-runtime/APKBUILD b/community/dotnet6-runtime/APKBUILD
index ec97fa27b76..60b834bb0fb 100644
--- a/community/dotnet6-runtime/APKBUILD
+++ b/community/dotnet6-runtime/APKBUILD
@@ -10,10 +10,12 @@
 #     - CVE-2022-38013
 #   6.0.10-r0:
 #     - CVE-2022-41032
+#   6.0.12-r0:
+#     - CVE-2022-41089
 
 pkgname=dotnet6-runtime
-pkgver=6.0.11
-_bldver=6.0.111-r0
+pkgver=6.0.12
+_bldver=6.0.112-r0
 pkgrel=0
 
 _pkgver_macro=${pkgver%.*}
@@ -48,7 +50,6 @@ case $CARCH in
 	aarch64) _dotnet_arch="arm64";;
 	armv7) _dotnet_arch="arm";;
 	armhf) _dotnet_arch="armv6";;
-	i586) _dotnet_arch="x86";;
 	*) _dotnet_arch="$CARCH";;
 esac
 
diff --git a/community/dotnet6-runtime/README.md b/community/dotnet6-runtime/README.md
index 6a4ac11e4e5..59dadd27385 100644
--- a/community/dotnet6-runtime/README.md
+++ b/community/dotnet6-runtime/README.md
@@ -1,20 +1,144 @@
-# Description
-APKBUILD for dotnet6-runtime. Note that this doesn't actually build anything.
-It depends on dotnet6-build, which handles the actual dotnet build process
-This is a workaround to abuild / lua-aports not supporting custom pkgver
-for subpackages. While there are pending MRs for this feature, the feature
-is yet to be introduced. See abuild!137 and lua-aports!4
+# dotnet6-runtime
 
-# Generated packages
-* aspnetcore6-runtime
-* aspnetcore6-targeting-pack
-* dotnet6-apphost-pack (used by dotnet6-runtime)
-* dotnet6-hostfxr (used by dotnet-host)
-* dotnet6-runtime
-* dotnet6-targeting-pack
-* dotnet-host
- 
-# How to build dotnet6 stack
-* Build testing/dotnet6-stage0 (builds stage0 dotnet bootstrap)
-* Build testing/dotnet6-build ("untainted" build of dotnet, and packages sdk)
-* Build testing/dotnet6-runtime (packages runtime bits from dotnet6-build)
+This is the .NET 6.0 package for Alpine Linux.
+
+Please report any issues [using Gitlab](https://gitlab.alpinelinux.org/alpine/aports/-/issues/new) and tag @ayakael
+
+# Building info
+
+## Generated packages
+* `aspnetcore6-runtime`
+* `aspnetcore6-targeting-pack`
+* `dotnet6-apphost-pack` (used by dotnet6-runtime)
+* `dotnet6-hostfxr` (used by dotnet-host)
+* `dotnet6-runtime`
+* `dotnet6-targeting-pack`
+* `dotnet-host`
+
+## How to build dotnet6 on Alpine
+As dotnet is a self-hosting compiler (thus it compiles using itself), it
+requires a bootstrap for the initial build. To solve this problem, this package
+follows the `stage0` proposal outlined [here](https://lists.alpinelinux.org/~alpine/devel/%3C33KG0XO61I4IL.2Z7RTAZ5J3SY6%408pit.net%3E)
+
+The goal of `stage0` is to bootstrap dotnet with as little intervention as
+possible, thus allowing seamless Alpine upgrades. Unfortunately, upstream only
+builds bootstraps for Alpine on `x86_64`, `aarch64`, and `armv7`. Thus, `stage0`
+has also been designed to be crossbuild aware, allowing bootstrapping to other
+platforms.
+
+In summary, dotnet6 is built using three different aports.
+
+* `community/dotnet6-stage0`
+Builds minimum components for full build of dotnet6, and packages these in an initial 
+`dotnet6-stage0-bootstrap` package that `dotnet6-build` pulls.
+* `community/dotnet6-build`
+Builds full and packages dotnet6 fully using either stage0 or previoulsy built
+dotnet6 build.
+* `community/dotnet6-runtime`
+As abuild does not allow different versions for subpackages, a different aport
+is required to package runtime bits from dotnet6-build.
+
+## Crossbuilding with `stage0`
+Crossbuilding `stage0` is a three step process:
+1. Build sysroot for target platform by using `scripts/bootstrap.sh` in aports repo:
+```
+./bootstrap.sh $CTARGET_ARCH
+```
+2. Although not necessary, it is recommended to add Alpine repositories to
+   `$HOME/sysroot-$CTARGET_ARCH/etc/apk/repositories`, making sure to add required
+   keys. This makes it so that whatever package is not built in step 1 will
+   be pulled from package repos
+3. Crossbuild `dotnet6-stage0` via:
+```
+CHOST=$CTARGET_ARCH abuild -r
+```
+
+# Specification
+
+This package follows [package naming and contents suggested by upstream](https://docs.microsoft.com/en-us/dotnet/core/build/distribution-packaging),
+with two exceptions. It installs dotnet to `/usr/lib/dotnet` (aka `$_libdir`). 
+In addition, the package is named `dotnet6` as opposed to `dotnet-6.0`
+to match Alpine Linux naming conventions for packages with many installable versions
+
+# Contributing
+
+The steps below are for the final package. Please only contribute to a
+pre-release version if you know what you are doing. Original instructions
+follow.
+
+## General Changes
+
+1. Fork the main aports repo.
+
+2. Checkout the forked repository.
+
+    - `git clone ssh://git@gitlab.alpinelinux.org/$USER/aports`
+    - `cd community/dotnet6-runtime`
+
+3. Make your changes. Don't forget to add a changelog.
+
+4. Do local builds.
+
+    - `abuild -r`
+
+5. Fix any errors that come up and rebuild until it works locally.
+
+6. Commit the changes to the git repo in a git branch
+
+    - `git checkout -b dotnet6/<name>`
+    - `git add` any new patches
+    - `git remove` any now-unnecessary patches
+    - `git commit -m 'community/dotnet6-runtime: descriptive description'`
+    - `git push`
+
+7. Create a merge request with your changes, tagging @ayakael for review.
+
+8. Once the tests in the pull-request pass, and reviewers are happy, your changes
+   will be merged.
+
+## Updating to an new upstream release
+
+1. Fork the main aports repo.
+
+2. Checkout the forked repository.
+
+    - `git clone ssh://git@gitlab.alpinelinux.org/$USER/aports`
+    - `cd community/dotnet6-runtime`
+
+
+3. Build the new upstream source tarball. Update the versions in the
+   APKBUILD file, and then create a snapshot. After build, update checksum.
+
+    - `abuild snapshot`
+    - `abuild checksum`
+
+4. Do local builds.
+
+    - `abuild -r`
+
+5. Fix any errors that come up and rebuild until it works locally. Any
+   patches that are needed at this point should be added to the APKBUILD file
+   in `_patches` variable.
+
+6. Upload the source archive to a remote location, and update `source` variable.
+
+7. Commit the changes to the git repo in a git branch.
+
+    - `git checkout -b dotnet6/<name>`	
+    - `git add` any new patches
+    - `git remove` any now-unnecessary patches
+    - `git commit -m 'community/dotnet6-runtime: upgrade to <new-version>`
+    - `git push`
+
+8. Create a merge request with your changes, tagging @ayakael for review.
+
+9. Once the tests in the pull-request pass, and reviewers are happy, your changes
+   will be merged.
+
+# Testing
+
+This package uses CI tests as defined in `check()` function. Creating a
+merge-request or running a build will fire off tests and flag any issues.
+
+The tests themselves are contained in this external repository:
+https://github.com/redhat-developer/dotnet-regular-tests/