TecharoHQ · kouhaidev · Nov 14, 2025 · Nov 17, 2025 · Nov 17, 2025
diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
@@ -9,6 +9,7 @@
 anthro
 anubis
 anubistest
+apk
 apnic
 APNICRANDNETAU
 Applebot
@@ -156,7 +157,7 @@
 htmlc
 htmx
 httpdebug
 Huawei
 huawei
 hypertext
 iaskspider
@@ -267,7 +268,6 @@
 rac
 rawler
 rcvar
-rdb
 redhat
 redir
 redirectscheme
@@ -357,7 +357,7 @@
 withthothmock
 wolfbeast
 wordpress
 Workaround
 workaround
 workdir
 wpbot

diff --git a/.github/workflows/package-builds-stable.yml b/.github/workflows/package-builds-stable.yml
@@ -50,5 +50,6 @@ jobs:
           RELEASE="${RELEASE_VERSION}"
           cd var
           for file in *; do
+            [[ file == *.apk ]] && continue
             gh release upload $RELEASE $file
           done
diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md
@@ -20,6 +20,7 @@
 - Add Ukrainian locale ([#1044](https://github.com/TecharoHQ/anubis/pull/1044)).
 - Allow Renovate as an OCI registry client.
 - Properly handle 4in6 addresses so that IP matching works with those addresses.
+- Add unstable/experimental APK packages to CI, powered by yeet. Please let us know if there's any issues with the packaging!
 - Add support to simple Valkey/Redis cluster mode
 - Stabilize the CVE-2025-24369 regression test by always submitting an invalid proof instead of relying on random POW failures.
 
@@ -205,7 +206,7 @@

 #### Fixes a problem with nonstandard URLs and redirects

 Fixes [GHSA-jhjj-2g64-px7c](https://github.com/TecharoHQ/anubis/security/advisories/GHSA-jhjj-2g64-px7c).

 This could allow an attacker to craft an Anubis pass-challenge URL that forces a redirect to nonstandard URLs, such as the `javascript:` scheme which executes arbitrary JavaScript code in a browser context when the user clicks the "Try again" button.

@@ -232,7 +233,7 @@

 - [Czech](https://github.com/TecharoHQ/anubis/pull/849)
 - [Finnish](https://github.com/TecharoHQ/anubis/pull/863)
 - [Norwegian Bokmål](https://github.com/TecharoHQ/anubis/pull/855)
 - [Norwegian Nynorsk](https://github.com/TecharoHQ/anubis/pull/855)
 - [Russian](https://github.com/TecharoHQ/anubis/pull/882)


diff --git a/yeetfile.js b/yeetfile.js
@@ -6,7 +6,12 @@ $`npm run assets`;
     "ppc64le",
     "riscv64",
 ].forEach(goarch => {
-    [deb, rpm, tarball].forEach(method => method.build({
+    [
+        apk,
+        deb,
+        rpm,
+        tarball,
+    ].forEach(method => method.build({
         name: "anubis",
         description: "Anubis weighs the souls of incoming HTTP requests and uses a sha256 proof-of-work challenge in order to protect upstream resources from scraper bots.",
         homepage: "https://anubis.techaro.lol",
@@ -19,11 +24,19 @@ $`npm run assets`;
             "./data/botPolicies.yaml": "botPolicies.yaml",
         },
 
-        build: ({ bin, etc, systemd, doc }) => {
+        build: ({ bin, etc, systemd, openrc, doc }) => {
             $`go build -o ${bin}/anubis -ldflags '-s -w -extldflags "-static" -X "github.com/TecharoHQ/anubis.Version=${git.tag()}"' ./cmd/anubis`;
             $`go build -o ${bin}/anubis-robots2policy -ldflags '-s -w -extldflags "-static" -X "github.com/TecharoHQ/anubis.Version=${git.tag()}"' ./cmd/robots2policy`;
 
-            file.install("./run/anubis@.service", `${systemd}/anubis@.service`);
+            if (systemd) {
+                file.install("./run/anubis@.service", `${systemd}/anubis@.service`);
+            }
+
+            if (openrc) {
+                file.install("./run/openrc/anubis.initd", `${openrc.initd}/anubis`)
+                file.install("./run/openrc/anubis.confd", `${openrc.confd}/anubis`)
+            }
+
             file.install("./run/default.env", `${etc}/default.env`);
 
             $`mkdir -p ${doc}/docs`