Merge branch 'initial-mr' into 'master'

[main] *: initial migration from user-aports See merge request ayakael/qubes-aports!1
2023-08-14 06:02:02 +00:00 · 2023-08-14 06:02:02 +00:00 · 2cec671502
commit 2cec671502
parent 765249be06 b62162574c
34 changed files with 1374 additions and 54 deletions
--- a/.gitlab/bin/build.sh
+++ b/.gitlab/bin/build.sh
@ -11,7 +11,7 @@ readonly REPOS="qubes-aports"
 readonly ALPINE_REPOS="main community testing"
 readonly ARCH=$(apk --print-arch)
 # gitlab variables
-readonly BASEBRANCH=$(echo ${CI_RUNNER_TAGS%%-*} | sed 's|apk||')
+readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME

 : "${REPODEST:=$HOME/packages}"
 : "${MIRROR:=https://lab.ilot.io/ayakael/repo-apk/-/raw}"
@ -70,36 +70,30 @@ report() {
 }

 get_release() {
-	case $BASEBRANCH in
-		v*) echo "${BASEBRANCH%-*}";;
+	local RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}')
+	case $RELEASE in
+		v*) echo "${RELEASE%-*}";;
 		edge) echo edge;;
-		*) die "Branch \"$BASEBRANCH\" not supported!"
+		*) die "Branch \"$RELEASE\" not supported!"
 	esac
 }

 build_aport() {
 	local repo="$1" aport="$2"
-	cd "$APORTSDIR/$repo/$aport"
-	export CHOST=$CI_ALPINE_TARGET_ARCH
+	cd "$APORTSDIR/$aport"
 	if abuild -r 2>&1 | report "build-$aport"; then
 		checkapk | report "checkapk-$aport" || true
-		aport_ok="$aport_ok $repo/$aport"
+		aport_ok="$aport_ok $aport"
 	else
-		aport_ng="$aport_ng $repo/$aport"
+		aport_ng="$aport_ng $aport"
 	fi
 }

 check_aport() {
 	local repo="$1" aport="$2"
-	cd "$APORTSDIR/$repo/$aport"
-	export CHOST=$CI_ALPINE_TARGET_ARCH
-	# TODO: this enables crossbuild only on user, this should be cleaner
-	if [ "$repo" != "user" ] && [ "$repo" != "backports" ] && [ "$CI_ALPINE_TARGET_ARCH" != "$ARCH" ]; then
-		aport_na="$aport_na $repo/$aport"
-		return 1
-	fi
+	cd "$APORTSDIR/$aport"
 	if ! abuild check_arch 2>/dev/null; then
-		aport_na="$aport_na $repo/$aport"
+		aport_na="$aport_na $aport"
 		return 1
 	fi
 }
@ -115,11 +109,6 @@ set_repositories_for() {
 	done
 	sudo sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
 	sudo apk update || true
-	if [ "$CI_ALPINE_TARGET_ARCH" != "$ARCH" ]; then
-		sudo sh -c "printf '%s\n' $repos >> $HOME/sysroot-$CI_ALPINE_TARGET_ARCH/etc/apk/repositories"
-		sudo cp -R /etc/apk/keys/* $HOME/sysroot-$CI_ALPINE_TARGET_ARCH/etc/apk/keys/.
-		sudo apk --root=$HOME/sysroot-$CI_ALPINE_TARGET_ARCH update || true
-	fi
 }

 apply_offset_limit() {
@ -142,9 +131,6 @@ setup_system() {
 	repos="$repos $MIRROR/$release/cross"
 	sudo sh -c "printf '%s\n' $repos > /etc/apk/repositories"
 	sudo apk -U upgrade -a || sudo apk fix || die "Failed to up/downgrade system"
-	if [ "$CI_ALPINE_TARGET_ARCH" != "$ARCH" ]; then
-		sudo apk add gcc-$CI_ALPINE_TARGET_ARCH
-	fi
 	gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
 	gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
 	chmod 700 $HOME/.abuild/$ABUILD_KEY_NAME.rsa
@ -222,11 +208,11 @@ section_end setup
 build_start=$CI_ALPINE_BUILD_OFFSET
 build_limit=$CI_ALPINE_BUILD_LIMIT

-for repo in $(changed_repos); do
+for repo in qubes-aports; do
 	mkdir -p "$APORTSDIR"/logs "$APORTSDIR"/packages "$APORTSDIR"/keys
 	set_repositories_for "$repo"
 	built_aports=0
-	changed_aports_in_repo=$(changed_aports "$repo")
+	changed_aports_in_repo=$(changed_aports $BASEBRANCH)
 	changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
 	changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")

--- a/.gitlab/bin/functions.sh
+++ b/.gitlab/bin/functions.sh
@ -5,17 +5,6 @@
 # shellcheck disable=SC3040
 set -eu -o pipefail

-changed_repos() {
-	: "${APORTSDIR?APORTSDIR missing}"
-	: "${BASEBRANCH?BASEBRANCH missing}"
-
-	cd "$APORTSDIR"
-	for repo in $REPOS; do
-		git diff --diff-filter=ACMR --exit-code "$BASEBRANCH"...HEAD -- "$repo" >/dev/null \
-			|| echo "$repo"
-	done
-}
-
 changed_aports() {
 	: "${APORTSDIR?APORTSDIR missing}"
 	: "${BASEBRANCH?BASEBRANCH missing}"
@ -24,11 +13,11 @@ changed_aports() {
 	local repo="$1"
 	local aports

-	aports=$(git diff --name-only --diff-filter=ACMR --relative="$repo" \
+	aports=$(git diff --name-only --diff-filter=ACMR \
 		"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)

 	# shellcheck disable=2086
-	ap builddirs -d "$APORTSDIR/$repo" $aports 2>/dev/null | xargs -rn1 basename
+	ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
 }

 section_start() {
--- a/.gitlab/bin/push.sh
+++ b/.gitlab/bin/push.sh
@ -11,6 +11,8 @@ readonly APORTSDIR=$CI_PROJECT_DIR
 readonly REPOS="backports user"
 readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME

+ALPINE_RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}')
+
 export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"

 gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
@ -20,36 +22,35 @@ chmod 700 "$HOME"/.ssh/id_rsa
 chmod 700 "$HOME"/.abuild/$ABUILD_KEY_NAME.rsa

 echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" > $HOME/.abuild/abuild.conf
-echo "REPODEST=$HOME/repo-apk" >> $HOME/.abuild/abuild.conf
+echo "REPODEST=$HOME/repo-apk/qubes" >> $HOME/.abuild/abuild.conf
 sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/.

 if [ -d $HOME/repo-apk ]; then
 	git -C $HOME/repo-apk fetch
-	git -C $HOME/repo-apk checkout $BASEBRANCH
+	git -C $HOME/repo-apk checkout $ALPINE_RELEASE
 	git -C $HOME/repo-apk pull --rebase
 else
-	git clone git@lab.ilot.io:ayakael/repo-apk -b $BASEBRANCH $HOME/repo-apk
+	git clone git@lab.ilot.io:ayakael/repo-apk -b $ALPINE_RELEASE $HOME/repo-apk
 fi

+# TODO: Detect qubes release
+QUBES_REL=r41
+
 for i in $(find packages -type f -name "*.apk"); do
-	install -vDm644 $i ${i/packages/$HOME\/repo-apk}
+	install -vDm644 $i ${i/packages\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL}
 done

 fetch_flags="-qn"
 git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
 	"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"

-for repo in $(changed_repos); do
-	rm $HOME/repo-apk/$repo/*/APKINDEX.tar.gz | true
-	mkdir -p $repo/DUMMY
-	echo "pkgname=DUMMY" > $repo/DUMMY/APKBUILD
-	cd $repo/DUMMY
-	for i in $(find $HOME/repo-apk/$repo -maxdepth 1 -mindepth 1 -printf '%P '); do
-		CHOST=$i abuild index
-	done
-	cd "$CI_PROJECT_DIR"
-	rm -R $repo/DUMMY
-done
+rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true
+mkdir -p qubes/$QUBES_REL/DUMMY
+echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD
+cd qubes/$QUBES_REL/DUMMY
+abuild index
+cd "$CI_PROJECT_DIR"
+rm -R qubes/$QUBES_REL/DUMMY

 git -C $HOME/repo-apk add .
 git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE"
--- a/qubes-db-vm/0001-create_pidfile.patch
+++ b/qubes-db-vm/0001-create_pidfile.patch
@ -0,0 +1,50 @@
+From d20a9db122608e0992c9ab6f675920d4bb1ee88f Mon Sep 17 00:00:00 2001
+From: "build@apk-groulx" <build@apk-groulx.praxis>
+Date: Fri, 4 Mar 2022 22:50:19 +0000
+Subject: [PATCH 1/1] create_pidfile
+
+---
+ daemon/db-daemon.c | 11 +++--------
+ 1 file changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/daemon/db-daemon.c b/daemon/db-daemon.c
+index 9934d16..2b28995 100644
+--- a/daemon/db-daemon.c
+++ b/daemon/db-daemon.c
+@@ -618,11 +618,8 @@ int create_pidfile(struct db_daemon_data *d) {
+     mode_t old_umask;
+     struct stat stat_buf;
+ 
+-    /* do not create pidfile for VM daemon - service is managed by systemd */
+-    if (!d->remote_name)
+-        return 1;
+     snprintf(pidfile_name, sizeof(pidfile_name),
+-            "/var/run/qubes/qubesdb.%s.pid", d->remote_name);
+            "/var/run/qubes/qubes-db.pid");
+ 
+     old_umask = umask(0002);
+     pidfile = fopen(pidfile_name, "w");
+@@ -643,10 +640,8 @@ void remove_pidfile(struct db_daemon_data *d) {
+     struct stat stat_buf;
+ 
+     /* no pidfile for VM daemon - service is managed by systemd */
+-    if (!d->remote_name)
+-        return;
+     snprintf(pidfile_name, sizeof(pidfile_name),
+-            "/var/run/qubes/qubesdb.%s.pid", d->remote_name);
+            "/var/run/qubes/qubes-db.pid");
+ 
+     if (stat(pidfile_name, &stat_buf) == 0) {
+         /* remove pidfile only if it's the one created this process */
+@@ -754,7 +749,7 @@ int fuzz_main(int argc, char **argv) {
+                 exit(1);
+             case 0:
+                 close(ready_pipe[0]);
+-                snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name);
+                snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubes-db.log");
+ 
+                 close(0);
+                 old_umask = umask(0);
+-- 
+2.34.1
+
--- a/qubes-db-vm/0001-musl-build.patch
+++ b/qubes-db-vm/0001-musl-build.patch
@ -0,0 +1,37 @@
+From 24fd21fe10476a83d9dee30cf2ef9dbb8b238730 Mon Sep 17 00:00:00 2001
+From: "build@apk-groulx" <build@apk-groulx.praxis>
+Date: Sat, 26 Feb 2022 21:05:26 +0000
+Subject: [PATCH 1/1] musl-build.patch
+
+---
+ client/qdb-client.c | 1 +
+ daemon/db-daemon.c  | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/client/qdb-client.c b/client/qdb-client.c
+index 77f6566..e289019 100644
+--- a/client/qdb-client.c
+++ b/client/qdb-client.c
+@@ -17,6 +17,7 @@
+ 
+ #include <qubesdb.h>
+ #include <qubesdb-client.h>
+#include <string.h>
+ 
+ #define MAX_FILE_NAME 256
+ 
+diff --git a/daemon/db-daemon.c b/daemon/db-daemon.c
+index 9934d16..2f35f00 100644
+--- a/daemon/db-daemon.c
+++ b/daemon/db-daemon.c
+@@ -37,6 +37,7 @@ struct thread_param {
+ #include "buffer.h"
+ #include <qubesdb.h>
+ #include "qubesdb_internal.h"
+#include <string.h>
+ 
+ int init_vchan(struct db_daemon_data *d);
+ 
+-- 
+2.35.1
+
--- a/qubes-db-vm/APKBUILD
+++ b/qubes-db-vm/APKBUILD
@ -0,0 +1,50 @@
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
+pkgname=qubes-db-vm
+subpackages="$pkgname-openrc"
+pkgver=4.1.15
+pkgrel=0
+_gittag="v$pkgver"
+pkgdesc="QubesDB libs and daemon service."
+arch="x86_64"
+url="https://github.com/QubesOS/qubes-core-qubesdb"
+license='GPL'
+options="!check" # No testsuite
+depends="python3"
+makedepends="
+	python3-dev
+	qubes-libvchan-xen-dev
+	qubes-libvchan-xen
+	"
+source="
+	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-qubesdb/archive/refs/tags/$_gittag.tar.gz
+	0001-musl-build.patch
+	0001-create_pidfile.patch
+	qubes-db.openrc
+	"
+builddir="$srcdir"/qubes-core-qubesdb-$pkgver
+subpackages="$pkgname-dev"
+
+build() {
+	# Build all with python bindings
+	CFLAGS="$CFLAGS -Wno-implicit-function-declaration" make all BACKEND_VMM=xen SYSTEMD=0
+
+	# replace all shebangs with /bin/sh as qubes expects bash
+	# shellcheck disable=SC2013
+	for i in $(grep '/bin/sh' -Rl .); do
+		sed -i 's|/bin/sh|/bin/bash|' "$i"
+	done
+}
+
+package() {
+	# Install all with python bindings
+	make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/sbin
+	install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db
+}
+sha512sums="
+13f67292c4ae1f143b2b3b7a3e57727de84b961559a0094f594ff379df27a4e078ab1473062e3ef0662f2174131237890fdaa3d54d041d6f66a901dd516732ec  qubes-db-vm-v4.1.15.tar.gz
+af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207  0001-musl-build.patch
+ffe9ea8f65b4e164c3a0d1c8762d1e3b39de3799ae3e63f825457d52de49c6522820950e6262deaa9235ad97cd7c60bf1c9a077fff716c4ca9dbd688e9a73c91  0001-create_pidfile.patch
+3d87f82d3637cf10bf1a3058ebbd2590ab17f65d1b49058f62d892f126635497abd5045f6797bc8069e5de08bb6e08fc6146deb6422090ad02122764cc6d72f0  qubes-db.openrc
+"
--- a/qubes-db-vm/qubes-db.openrc
+++ b/qubes-db-vm/qubes-db.openrc
@ -0,0 +1,19 @@
+#!/sbin/openrc-run
+  
+name=$RC_SVCNAME
+cfgfile="/etc/qubes/$RC_SVCNAME.conf"
+command="/sbin/qubesdb-daemon"
+command_args="0"
+command_user="root"
+pidfile="/run/qubes/$RC_SVCNAME.pid"
+start_stop_daemon_args=""
+command_background="true"
+output_log="/var/log/qubes/$RC_SVCNAME.log"
+error_log="/var/log/qubes/$RC_SVCNAME.err"
+
+start_pre() {
+        checkpath --directory --owner $command_user:qubes --mode 0775 \
+                /run/qubes \
+		/var/log/qubes \
+		/var/run/qubes
+}
--- a/qubes-gpg-split/APKBUILD
+++ b/qubes-gpg-split/APKBUILD
@ -0,0 +1,39 @@
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
+pkgname=qubes-gpg-split
+subpackages="$pkgname-doc"
+pkgver=2.0.64
+_gittag="v$pkgver"
+pkgrel=0
+pkgdesc="Used Qubes AppVM as a “smart card”"
+arch="x86_64"
+url="https://github.com/QubesOS/qubes-app-linux-split-gpg"
+license='GPL'
+depends="
+	gnupg
+	zenity
+	"
+makedepends="
+	gcc
+	make
+	pandoc
+	pkgconf
+	"
+source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-split-gpg/archive/refs/tags/$_gittag.tar.gz"
+builddir="$srcdir"/qubes-app-linux-split-gpg-${_gittag/v}
+
+build() {
+	cd "src/"
+	make
+}
+
+package() {
+	make install-vm DESTDIR="$pkgdir"
+
+	# Alpine packaging guidelines: /var/run is a symlink to a tmpfs. Don't create it.
+	rm -r "$pkgdir/var/run"
+}
+sha512sums="
+8701ce5b5fe213e1f6294c4d67eb1a4afcb23b14c11af127d4a44108275287733bdc4e8ab0d0ed8882aeaee9391c68ba40bcb6448e325a25d25823e893b5d96a  qubes-gpg-split-v2.0.64.tar.gz
+"
--- a/qubes-libvchan-xen/APKBUILD
+++ b/qubes-libvchan-xen/APKBUILD
@ -0,0 +1,30 @@
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
+pkgname=qubes-libvchan-xen
+pkgver=4.1.13
+pkgrel=1
+_gittag=v$pkgver
+pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM."
+arch="x86_64"
+url="https://github.com/QubesOS/qubes-core-vchan-xen"
+license='GPL'
+depends="xen"
+makedepends="xen-dev"
+builddir="$srcdir"/qubes-core-vchan-xen-$pkgver
+subpackages="$pkgname-dev"
+
+source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz"
+
+build() {
+	cd "$builddir"/vchan
+	make -f Makefile.linux
+}
+
+package() {
+	make install DESTDIR="$pkgdir" LIBDIR=/usr/lib INCLUDEDIR=/usr/include
+}
+
+sha512sums="
+cefb6b89f75936d791910d2169170536221d3123a1b33a14bea1fc5c08950ce934666719bf08eb3cc86ac055f85e6834f71e21c31189fa7299af09296c3cd99f  qubes-libvchan-xen-v4.1.13.tar.gz
+"
--- a/qubes-meta-packages/APKBUILD
+++ b/qubes-meta-packages/APKBUILD
@ -0,0 +1,43 @@
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
+pkgname=qubes-meta-packages
+subpackages="
+	qubes-vm-dependencies
+	qubes-vm-recommended
+	"
+pkgver=4.1.21
+_gittag="v$pkgver"
+pkgrel=0
+pkgdesc="Meta packages for Qubes-specific components"
+arch="noarch"
+url="https://github.com/QubesOS/qubes-meta-packages"
+license='GPL'
+source="$pkgname-$_gittag::https://github.com/QubesOS/qubes-meta-packages/archive/refs/tags/$_gittag.tar.gz"
+options="!check" # No testsuite
+builddir="$pkgname-${_gittag/v}"
+
+package() {
+	mkdir -p "$pkgdir"
+}
+
+dependencies() {
+	depends="
+		qubes-vm-core
+		qubes-vm-gui
+		qubes-vm-pulseaudio
+		qubes-vm-qrexec
+		"
+	mkdir -p "$subpkgdir"
+}
+
+recommended() {
+	depends="
+		qubes-gpg-split
+		qubes-usb-proxy
+		"
+	mkdir -p "$subpkgdir"
+}
+sha512sums="
+3431b7ce80a40d0a7b30461b2e8fa99527bef4acada22c7533c581421103125b2635acfe66196dc8183748c78154904edbcc0064e368c8eaa9d77d25d9514729  qubes-meta-packages-v4.1.21
+"
--- a/qubes-pass/APKBUILD
+++ b/qubes-pass/APKBUILD
@ -0,0 +1,25 @@
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
+pkgname=qubes-pass
+pkgver=0.0.35
+_gittag="v$pkgver"
+pkgrel=1
+pkgdesc="An inter-VM password manager for Qubes OS"
+arch="noarch"
+url="https://github.com/Rudd-O/qubes-pass"
+license="GPL3"
+depends="qubes-vm-core"
+makedepends="
+	make
+	pkgconf
+	"
+options="!check"
+source="$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz"
+
+package() {
+	make install-client DESTDIR="$pkgdir"
+}
+sha512sums="
+68701d0b4a6a1a58041c7af331dfb1c58f44b8d8c878dfcfc93d0ca16326bea0865990d33b0ea2090e91bf3a7de864865541d5b1c05a187dc17515c0792b5511  qubes-pass-v0.0.35.tar.gz
+"
--- a/qubes-usb-proxy/APKBUILD
+++ b/qubes-usb-proxy/APKBUILD
@ -0,0 +1,36 @@
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
+pkgname=qubes-usb-proxy
+pkgver=1.1.2
+_gittag="v$pkgver"
+pkgrel=0
+pkgdesc="The Qubes service for proxying USB devices"
+arch="noarch"
+url="https://github.com/QubesOS/qubes-app-linux-usb-proxy"
+license="GPL"
+options="!check" # No testsuite
+depends="
+	qubes-vm-core
+	usbutils
+	"
+makedepends="
+	gcc
+	make
+	pkgconf
+	"
+source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz"
+builddir="$srcdir"/qubes-app-linux-usb-proxy-${_gittag/v}
+
+package() {
+	make install-vm DESTDIR="$pkgdir"
+
+	# replace all shebangs with /bin/sh as qubes expects bash
+	# shellcheck disable=SC2013
+	for i in $(grep '/bin/sh' -Rl .); do
+		sed -i 's|/bin/sh|/bin/bash|' "$i"
+	done
+}
+sha512sums="
+d82dd944b8a420e1509fd84992d56120a1df802448675f390faec28af0e622dc2ee74542b007dd95e18c04d81786da396058270e6e0282943cbcbeadf184ec77  qubes-usb-proxy-v1.1.2.tar.gz
+"
--- a/qubes-vm-core/APKBUILD
+++ b/qubes-vm-core/APKBUILD
@ -0,0 +1,169 @@
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
+pkgname=qubes-vm-core
+subpackages="
+	qubes-vm-networking:networking:noarch
+	qubes-vm-passwordless-root:root:noarch
+	$pkgname-openrc
+	$pkgname-doc
+	"
+pkgver=4.1.39
+pkgrel=1
+_gittag="v$pkgver"
+pkgdesc="The Qubes core files for installation inside a Qubes VM."
+arch="x86_64"
+url="https://github.com/QubesOS/qubes-core-agent-linux"
+license="GPL"
+options="!check" # No testsuite
+depends="
+	coreutils
+	dconf
+	desktop-file-utils
+	device-mapper
+	ethtool
+	fakeroot
+	gawk
+	grep
+	haveged
+	icu
+	imagemagick
+	librsvg
+	net-tools
+	ntpsec
+	procps
+	py3-dbus
+	py3-gobject3
+	py3-xdg
+	python3
+	qubes-db-vm
+	qubes-libvchan-xen
+	qubes-vm-utils
+	sed
+	socat
+	xdg-utils
+	zenity
+	"
+makedepends="
+	gcc
+	libx11-dev
+	linux-pam-dev
+	make
+	pandoc
+	pkgconf
+	py3-setuptools
+	python3
+	qubes-db-vm
+	qubes-libvchan-xen
+	qubes-vm-utils
+	"
+options="suid"
+source="
+	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-agent-linux/archive/refs/tags/$_gittag.tar.gz
+	qubes-core-early.openrc
+	qubes-core-netvm.openrc
+	qubes-core.openrc
+	qubes-firewall.openrc
+	qubes-iptables.openrc
+	qubes-sysinit.openrc
+	qubes-updates-proxy-forwarder.openrc
+	qubes-updates-proxy.openrc
+	qvm-sync-clock.sh
+	"
+builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v}
+
+
+build() {
+	# Fix for network tools paths
+	sed 's:/sbin/ethtool:ethtool:g' -i network/*
+	sed 's:/sbin/ip:ip:g' -i network/*
+	sed 's:/bin/grep:grep:g' -i network/*
+
+	for dir in qubes-rpc misc; do
+		make -C "$dir"
+	done
+
+	# replace all shebangs with /bin/sh as qubes expects bash
+	# shellcheck disable=SC2013
+	for i in $(grep '/bin/sh' -Rl .); do
+		sed -i 's|/bin/sh|/bin/bash|' "$i"
+	done
+}
+
+#This package provides:
+# * qrexec agent
+# * qubes rpc scripts
+# * core linux tools and scripts
+# * core systemd services and drop-ins
+# * basic network functionality (setting IP address, DNS, default gateway)
+package() {
+	make install-corevm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
+	make -C app-menu install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib
+	make -C misc install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib
+	make -C qubes-rpc DESTDIR="$pkgdir" install
+	make -C qubes-rpc/kde DESTDIR="$pkgdir" install
+	make -C qubes-rpc/nautilus DESTDIR="$pkgdir" install
+	make -C qubes-rpc/thunar DESTDIR="$pkgdir" install
+	make -C network DESTDIR="$pkgdir" install
+	install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/.
+	install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/.
+
+	for i in $source; do
+		case $i in
+		*.openrc) install -Dm755 "$srcdir"/$i \
+				"$pkgdir"/etc/init.d/${i%.*};;
+		*.confd) install -Dm644 "$srcdir"/$i \
+				"$pkgdir"/etc/conf.d/${i%.*};;
+		esac
+	done
+
+}
+
+
+#This package provides:
+# * proxy service used by TemplateVMs to download updates
+# * qubes-firewall service (FirewallVM)
+#
+#Integration of NetworkManager for Qubes VM:
+# * make connections config persistent
+# * adjust DNS redirections when needed
+# * show/hide NetworkManager applet icon
+#
+networking() {
+	pkgdesc="Qubes OS tools allowing to use a Qubes VM as a NetVM/ProxyVM"
+	depends="
+		conntrack-tools
+		ethtool
+		iptables
+		net-tools
+		networkmanager
+		nftables
+		python3
+		qubes-db-vm
+		qubes-vm-core
+		qubes-vm-utils
+		tinyproxy
+		"
+	cd "$builddir"
+	install -dm 755 "$subpkgdir"/usr/bin
+	mv "$pkgdir"/usr/bin/qubes-firewall "$subpkgdir"/usr/bin/.
+	make install-netvm DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
+}
+
+root() {
+	cd "$builddir"
+	pkgdesc="Qubes OS Passwordless root access from normal user"
+	make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
+}
+sha512sums="
+2ac642946ed6ca12857d7d88ec54bb293ca5f9fe99c79fceffd4717bbcc0265367bc1cfbddd0ec52cd1a0dc714a3f2978aa08c32199e76d761c53910ae1d5908  qubes-vm-core-v4.1.39.tar.gz
+95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155  qubes-core-early.openrc
+61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07  qubes-core-netvm.openrc
+da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca  qubes-core.openrc
+8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0  qubes-firewall.openrc
+437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f  qubes-iptables.openrc
+e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30  qubes-sysinit.openrc
+b1e8af2335955e52cf1817c56296f94f8c472e68d7a17a28f516fe4f5fa8a8053d4f9333efbb007a82a06f9442a4a6cfe5f9c751de07f337e47ee04cb18b9395  qubes-updates-proxy-forwarder.openrc
+29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c  qubes-updates-proxy.openrc
+cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d  qvm-sync-clock.sh
+"
--- a/qubes-vm-core/qubes-core-early.openrc
+++ b/qubes-vm-core/qubes-core-early.openrc
@ -0,0 +1,39 @@
+#!/sbin/openrc-run
+  
+name=$RC_SVCNAME
+error_log=/var/log/qubes/$RC_SVCNAME.log
+
+depend() {
+	need qubes-sysinit
+        need qubes-db
+}
+
+start_pre() {
+        checkpath --directory --owner $command_user:qubes --mode 0775 \
+                /var/lib/qubes
+}
+
+
+start()
+{
+	echo "Enabling transparent hugepages" | tee -a "$error_log"
+	echo "madvise" > /sys/kernel/mm/transparent_hugepage/enabled
+
+	echo "Setting up early config" | tee -a "$error_log"
+	/usr/lib/qubes/init/qubes-early-vm-config.sh 2>&1 | tee -a "$error_log"
+
+	echo "Adjusting root filesystem size:" | tee -a "$error_log"
+	/usr/lib/qubes/init/resize-rootfs-if-needed.sh 2>&1 | tee -a "$error_log"
+
+	echo "Setting up Qubes persistent file systems:" 2>&1 | tee -a "$error_log"
+	/usr/lib/qubes/init/mount-dirs.sh 2>&1 | tee -a "$error_log"
+
+	echo "Executing Qubes random seed scripts:" | tee -a "$error_log"
+	/usr/lib/qubes/init/qubes-random-seed.sh 2>&1 | tee -a "$error_log"
+
+}
+
+stop()
+{
+	return 0
+}
--- a/qubes-vm-core/qubes-core-netvm.openrc
+++ b/qubes-vm-core/qubes-core-netvm.openrc
@ -0,0 +1,30 @@
+#!/sbin/openrc-run
+  
+name=$RC_SVCNAME
+cfgfile="/etc/qubes/$RC_SVCNAME.conf"
+command="/usr/lib/qubes/init/network-proxy-setup"
+command_args=""
+command_user="root"
+pidfile="/run/qubes/$RC_SVCNAME.pid"
+start_stop_daemon_args=""
+command_background="yes"
+output_log="/var/log/qubes/$RC_SVCNAME.log"
+error_log="/var/log/qubes/$RC_SVCNAME.err"
+
+# Source Qubes library.
+# shellcheck source=init/functions
+. /usr/lib/qubes/init/functions
+
+depend() {
+        need net
+}
+
+start_pre() {
+	if is_netvm; then
+		/usr/lib/qubes/network-manager-prepare-conf-dir
+		/sbin/service networkmanager start
+	fi
+
+        checkpath --directory --owner $command_user:qubes --mode 0775 \
+                /run/$RC_SVCNAME /var/log/$RC_SVCNAME
+}
--- a/qubes-vm-core/qubes-core.openrc
+++ b/qubes-vm-core/qubes-core.openrc
@ -0,0 +1,30 @@
+#!/sbin/openrc-run
+  
+name=$RC_SVCNAME
+error_log=/var/log/qubes/$RC_SVCNAME.log
+
+depend() {
+        need qubes-db
+	need qubes-meminfo-writer
+	need qubes-core-early
+}
+
+start()
+{
+	echo "Finagling printer icon:" | tee -a "$error_log"
+	/usr/lib/qubes/init/control-printer-icon.sh 2>&1 | tee -a "$error_log"
+
+	echo "Executing Qubes misc post scripts:" | tee -a "$error_log"
+	/usr/lib/qubes/init/misc-post.sh 2>&1 | tee -a "$error_log"
+
+	echo "Setting up IP:" | tee -a "$error_log"
+	/usr/lib/qubes/setup-ip add eth0 2>&1 | tee -a "$error_log"
+
+	echo "Syncing clock" | tee -a "$error_log"
+	/usr/bin/qvm-sync-clock | tee -a "$error_log"
+}
+
+stop()
+{
+	/usr/lib/qubes/init/misc-post-stop.sh
+}
--- a/qubes-vm-core/qubes-firewall.openrc
+++ b/qubes-vm-core/qubes-firewall.openrc
@ -0,0 +1,22 @@
+#!/sbin/openrc-run
+  
+name=$RC_SVCNAME
+cfgfile="/etc/qubes/$RC_SVCNAME.conf"
+command="/usr/bin/qubes-firewall"
+command_args=""
+command_user="root"
+pidfile="/run/qubes/$RC_SVCNAME.pid"
+start_stop_daemon_args=""
+command_background="yes"
+output_log="/var/log/qubes/$RC_SVCNAME.log"
+error_log="/var/log/qubes/$RC_SVCNAME.err"
+
+depend() {
+        need qubes-db
+}
+
+start_pre() {
+        /sbin/ethtool -K "$(get_qubes_managed_iface)" sg off
+        checkpath --directory --owner $command_user:qubes --mode 0775 \
+                /run/$RC_SVCNAME /var/log/qubes
+}
--- a/qubes-vm-core/qubes-iptables.openrc
+++ b/qubes-vm-core/qubes-iptables.openrc
@ -0,0 +1,75 @@
+#!/bin/bash
+#
+# qubes-iptables	Start Qubes base iptables firewall
+#
+# chkconfig: 2345 08 92
+# description:	Loads iptables firewall
+#
+# config: /etc/qubes/iptables.rules
+# config: /etc/qubes/ip6tables.rules
+#
+### BEGIN INIT INFO
+# Provides: iptables
+# Required-Start:
+# Required-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Loads Qubes base iptables firewall
+# Description: Loads Qubes base iptables firewall
+### END INIT INFO
+
+IPTABLES=iptables
+IPTABLES_DATA_DIR=/etc/qubes
+
+if [ ! -x /sbin/$IPTABLES ]; then
+    echo $"${IPTABLES}: /sbin/$IPTABLES does not exist."
+    exit 5
+fi
+
+start() {
+    ipt=$1
+    IPTABLES_DATA=$IPTABLES_DATA_DIR/${ipt}.rules
+    ipv6_enabled=
+    if qubesdb-read /qubes-ip6 >/dev/null 2>&1 || \
+        qubesdb-read /qubes-netvm-gateway6 >/dev/null 2>&1; then
+        ipv6_enabled=true
+    fi
+    # if IPv6 is enabled, load alternative rules file
+    if [ "$ipt" = "ip6tables" ] && [ -n "$ipv6_enabled" ]; then
+        IPTABLES_DATA=$IPTABLES_DATA_DIR/${ipt}-enabled.rules
+    fi
+    CMD=$ipt
+    # Do not start if there is no config file.
+    [ ! -f "$IPTABLES_DATA" ] && return 6
+
+    CMD_ARGS=
+    if "$CMD-restore" --help 2>&1 | grep -q wait=; then
+        # 'wait' must be last on command line if secs not specified
+        CMD_ARGS=--wait
+    fi
+
+    echo -n $"${CMD}: Applying firewall rules: "
+
+    "$CMD-restore" "$IPTABLES_DATA" $CMD_ARGS
+    ret="$?"
+    if [ "$ret" -eq 0 ]; then
+        echo OK
+    else
+        echo FAIL; return 1
+    fi
+
+    return $ret
+}
+
+case "$1" in
+    start)
+	start iptables && start ip6tables
+	RETVAL=$?
+	;;
+    *)
+	echo $"Usage: ${IPTABLES} start"
+	RETVAL=2
+	;;
+esac
+
+exit $RETVAL
--- a/qubes-vm-core/qubes-sysinit.openrc
+++ b/qubes-vm-core/qubes-sysinit.openrc
@ -0,0 +1,18 @@
+#!/sbin/openrc-run
+  
+name=$RC_SVCNAME
+error_log="/var/log/qubes/$RC_SVCNAME.log"
+depend() {
+        need qubes-db
+}
+
+start()
+{
+	echo "Executing Qubes system initialization scripts:"
+	/usr/lib/qubes/init/qubes-sysinit.sh 2>&1 | tee -a $error_log
+}
+
+stop()
+{
+	return 0
+}
--- a/qubes-vm-core/qubes-updates-proxy-forwarder.openrc
+++ b/qubes-vm-core/qubes-updates-proxy-forwarder.openrc
@ -0,0 +1,116 @@
+#!/bin/bash
+#
+# Updates proxy forwarder     Startup script for the updates proxy forwarder
+#
+# chkconfig: 345 85 15
+# description: forwards connection to updates proxy over Qubes RPC
+#
+# processname: ncat
+# pidfile:     /var/run/qubes-updates-proxy-forwarder.pid
+#
+
+# Source function library.
+# shellcheck disable=SC1091
+. /etc/init.d/functions.sh
+
+# Source Qubes library.
+# shellcheck source=init/functions
+. /usr/lib/qubes/init/functions
+
+# Check that networking is up.
+[ "$NETWORKING" = "no" ] && exit 0
+
+exec="/usr/bin/ncat"
+prog=$(basename $exec)
+pidfile="/var/run/qubes-updates-proxy-forwarder.pid"
+
+# shellcheck disable=SC1091
+[ -e /etc/sysconfig/qubes-updates-proxy-forwarder ] && . /etc/sysconfig/qubes-updates-proxy-forwarder
+
+lockfile=/var/lock/subsys/qubes-updates-proxy-forwarder
+
+start() {
+    have_qubesdb || return
+
+    if ! qsvc updates-proxy-setup ; then
+        # updates proxy configuration disabled
+        exit 0
+    fi
+
+    if qsvc qubes-updates-proxy ; then
+        # updates proxy running here too, avoid looping traffic back to itself
+        exit 0
+    fi
+
+    [ -x $exec ] || exit 5
+
+    echo -n $"Starting $prog (as Qubes updates proxy forwarder): "
+    # shellcheck disable=SC2016
+    start-stop-daemon \
+        --exec $exec \
+        --pidfile "$pidfile" \
+        --make-pidfile \
+        --background \
+        --start \
+        -- \
+        -k -l -e 'qrexec-client-vm $default qubes.UpdatesProxy'
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && touch $lockfile
+    return $retval
+}
+
+stop() {
+    echo -n $"Stopping $prog: "
+    killproc -p $pidfile "$prog"
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && rm -f $lockfile
+    return $retval
+}
+
+restart() {
+    stop
+    start
+}
+
+force_reload() {
+    restart
+}
+
+rh_status() {
+    status "$prog"
+}
+
+rh_status_q() {
+    rh_status >/dev/null 2>&1
+}
+
+case "$1" in
+    start)
+        rh_status_q && exit 0
+        $1
+        ;;
+    stop)
+        rh_status_q || exit 0
+        $1
+        ;;
+    restart)
+        $1
+        ;;
+    force-reload)
+        force_reload
+        ;;
+    status)
+        rh_status
+        ;;
+    condrestart|try-restart)
+        rh_status_q || exit 0
+        restart
+        ;;
+    *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|force-reload}"
+        exit 2
+esac
+exit $?
+
--- a/qubes-vm-core/qubes-updates-proxy.openrc
+++ b/qubes-vm-core/qubes-updates-proxy.openrc
@ -0,0 +1,124 @@
+#!/bin/bash
+#
+# tinyproxy     Startup script for the tinyproxy server as Qubes updates proxy
+#
+# chkconfig: 345 85 15
+# description: small, efficient HTTP/SSL proxy daemon
+#
+# processname: tinyproxy
+# config:      /etc/tinyproxy/tinyproxy-updates.conf
+# config:      /etc/sysconfig/tinyproxy-updates
+# pidfile:     /var/run/tinyproxy/tinyproxy-updates.pid
+#
+# Note: pidfile is created by tinyproxy in its config
+# see PidFile in the configuration file.
+
+# Source function library.
+# shellcheck disable=SC1091
+. /etc/init.d/functions.sh
+
+# Source Qubes library.
+# shellcheck source=init/functions
+. /usr/lib/qubes/init/functions
+
+# Check that networking is up.
+[ "$NETWORKING" = "no" ] && exit 0
+
+exec="$(command -v tinyproxy)"
+prog=$(basename "$exec")
+config="/etc/tinyproxy/tinyproxy-updates.conf"
+pidfile="/var/run/tinyproxy-updates/tinyproxy.pid"
+
+# shellcheck disable=SC1091
+[ -e /etc/sysconfig/tinyproxy-updates ] && . /etc/sysconfig/tinyproxy-updates
+
+lockfile=/var/lock/subsys/tinyproxy-updates
+
+start() {
+    have_qubesdb || return
+
+    if qsvc qubes-updates-proxy ; then
+        # Yum proxy disabled
+        exit 0
+    fi
+
+    [ -x "$exec" ] || exit 5
+    [ -f $config ] || exit 6
+    # setup network redirection
+    /sbin/iptables -I INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
+    /sbin/iptables -t nat -A PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
+
+    echo -n $"Starting $prog (as Qubes updates proxy): "
+    daemon "$exec" -c $config
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && touch $lockfile
+    return $retval
+}
+
+stop() {
+    echo -n $"Stopping $prog: "
+    killproc -p $pidfile "$prog"
+    retval=$?
+    echo
+    /sbin/iptables -t nat -D PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
+    /sbin/iptables -D INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
+    [ $retval -eq 0 ] && rm -f "$lockfile"
+    return $retval
+}
+
+restart() {
+    stop
+    start
+}
+
+reload() {
+    echo -n $"Reloading $prog: "
+    killproc -p $pidfile "$prog" -HUP
+    echo
+}
+
+force_reload() {
+    restart
+}
+
+rh_status() {
+    status "$prog"
+}
+
+rh_status_q() {
+    rh_status >/dev/null 2>&1
+}
+
+case "$1" in
+    start)
+        rh_status_q && exit 0
+        $1
+        ;;
+    stop)
+        rh_status_q || exit 0
+        $1
+        ;;
+    restart)
+        $1
+        ;;
+    reload)
+        rh_status_q || exit 7
+        $1
+        ;;
+    force-reload)
+        force_reload
+        ;;
+    status)
+        rh_status
+        ;;
+    condrestart|try-restart)
+        rh_status_q || exit 0
+        restart
+        ;;
+    *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+        exit 2
+esac
+exit $?
+
--- a/qubes-vm-core/qvm-sync-clock.sh
+++ b/qubes-vm-core/qvm-sync-clock.sh
@ -0,0 +1,6 @@
+#!/bin/sh
+
+if [ ! -f /var/run/qubes-service/clocksync ]; then
+    # https://github.com/QubesOS/qubes-issues/issues/7265
+    /usr/bin/qvm-sync-clock
+fi
--- a/qubes-vm-gui-dev/APKBUILD
+++ b/qubes-vm-gui-dev/APKBUILD
@ -0,0 +1,23 @@
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
+pkgname=qubes-vm-gui-dev
+pkgver=4.1.1
+_gittag="v$pkgver"
+pkgrel=1
+pkgdesc="Common files for Qubes GUI - protocol headers."
+arch="noarch"
+url="https://github.com/QubesOS/qubes-gui-common"
+license="GPL"
+options="!check" # No testsuite
+builddir="$srcdir"/qubes-gui-common-${_gittag/v}
+
+source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-gui-common/archive/refs/tags/$_gittag.tar.gz"
+
+package() {
+	install -dm 755 -p $pkgdir/usr/include
+	cp include/*.h $pkgdir/usr/include/
+}
+sha512sums="
+2d962822413b1e4da6ef9303bce9b25e179829080a4ab96aeb7b274682c32b4620201d1de9c177346ab8d80913ae5e5384792b301d350850408fa790cb77d641  qubes-vm-gui-dev-v4.1.1.tar.gz
+"
--- a/qubes-vm-gui/0001-initd-fix.patch
+++ b/qubes-vm-gui/0001-initd-fix.patch
@ -0,0 +1,22 @@
+From 7f7914fc2d0957012f1c4b130b0e442d43110c7d Mon Sep 17 00:00:00 2001
+From: "build@apk-groulx" <build@apk-groulx.praxis>
+Date: Sat, 5 Mar 2022 00:59:30 +0000
+Subject: [PATCH 1/1] initd fix
+
+---
+ appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
+index dc0a578..4c9623a 100755
+--- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
+++ b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
+@@ -23,4 +23,4 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
+     gui_opts="$gui_opts -vv"
+ fi
+ 
+-echo "GUI_OPTS=$gui_opts" >> /var/run/qubes-service-environment
+echo "GUI_OPTS=\"$gui_opts\"" >> /var/run/qubes-service-environment
+-- 
+2.34.1
+
--- a/qubes-vm-gui/0001-musl-build.patch
+++ b/qubes-vm-gui/0001-musl-build.patch
@ -0,0 +1,24 @@
+From 5713c7f16d2634947804a7d7bd4882cba93a21f1 Mon Sep 17 00:00:00 2001
+From: "build@apk-groulx" <build@apk-groulx.praxis>
+Date: Wed, 2 Mar 2022 17:07:20 +0000
+Subject: [PATCH 1/1] musl build
+
+---
+ gui-agent/vmside.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/gui-agent/vmside.c b/gui-agent/vmside.c
+index fd76f4d..89a41c8 100644
+--- a/gui-agent/vmside.c
+++ b/gui-agent/vmside.c
+@@ -50,6 +50,7 @@
+ #include "list.h"
+ #include "error.h"
+ #include "encoding.h"
+#include <string.h>
+ #include <libvchan.h>
+ 
+ /* Get the size of an array.  Error out on pointers. */
+-- 
+2.35.1
+
--- a/qubes-vm-gui/APKBUILD
+++ b/qubes-vm-gui/APKBUILD
@ -0,0 +1,105 @@
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
+pkgname=qubes-vm-gui
+subpackages="qubes-vm-pulseaudio $pkgname-openrc"
+pkgver=4.1.27
+pkgrel=1
+_gittag="v$pkgver"
+pkgdesc="The Qubes GUI Agent for AppVMs"
+arch="x86_64"
+url="https://github.com/QubesOS/qubes-gui-agent-linux"
+license="GPL"
+options="!check" # No testsuite
+depends="
+	libxcomposite
+	py3-xcffib
+	xinit
+	zenity
+	"
+makedepends="
+	autoconf
+	automake
+	gcc
+	git
+	libtool
+	libxcomposite-dev
+	libxt
+	linux-pam-dev
+	make
+	patch
+	pixman
+	pkgconf
+	pulseaudio-dev
+	qubes-db-vm
+	qubes-db-vm-dev
+	qubes-libvchan-xen-dev
+	qubes-vm-gui-dev
+	xen-dev
+	util-macros
+	xorg-server-dev
+	"
+
+source="
+	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-gui-agent-linux/archive/refs/tags/$_gittag.tar.gz
+	0001-musl-build.patch
+	0001-initd-fix.patch
+	qubes-gui-agent.openrc
+	qubes-sessions.sh
+	qubes-gui-agent.pam
+	"
+builddir="$srcdir"/qubes-gui-agent-linux-${_gittag/v}
+_qubes_backend_vmm=xen
+
+build() {
+	local pa_ver=$(pkg-config --modversion libpulse 2>/dev/null | cut -f 1 -d "-")
+
+	rm -f pulse/pulsecore
+	ln -s pulsecore-$pa_ver pulse/pulsecore
+
+	# Bug fixes : /var/run/console depends on pam_console, which is fedora specific
+	# As a consequece, /var/run/console does not exists and qubes-gui-agent will always fail
+	sed 's:ExecStartPre=/bin/touch:#ExecStartPre=/bin/touch:' -i appvm-scripts/qubes-gui-agent.service
+	# Ensure that qubes-gui-agent starts after user autologin
+	sed 's/After=\(.*\)qubes-misc-post.service/After=\1qubes-misc-post.service getty.target/' -i appvm-scripts/qubes-gui-agent.service
+	# Starts qubes-session after X11 start
+	install -Dm 755 "$srcdir"/qubes-sessions.sh "$pkgdir"/etc/X11/xinit/xinitrc.d/90-qubes-sessions.sh
+	# Remove broken pam and replace with adequate
+	install -Dm 644 "$srcdir"/qubes-gui-agent.pam "$pkgdir"/etc/pam.d/qubes-gui-agent
+
+	make BACKEND_VMM="$_qubes_backend_vmm" appvm
+	make appvm
+
+	# replace all shebangs with /bin/sh as qubes expects bash
+	# shellcheck disable=SC2013
+	for i in $(grep '/bin/sh' -Rl .); do
+		sed -i 's|/bin/sh|/bin/bash|' "$i"
+	done
+}
+
+package() {
+	make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
+	install -Dm 755 "$srcdir"/qubes-gui-agent.openrc "$pkgdir"/etc/init.d/qubes-gui-agent
+}
+
+pulseaudio() {
+	pkgdesc="Pulseaudio support for Qubes VM"
+	depends="
+		alsa-lib
+		alsa-utils
+		pulseaudio
+		pulseaudio-alsa
+		"
+	local pa_ver=$(pkg-config --modversion libpulse 2>/dev/null | cut -f 1 -d "-")
+
+	cd "$builddir"
+	make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
+}
+sha512sums="
+118f5e94562a04f2f3322708dcf7e21c35e8f8fe8dec8a3cb5fc7c7b8c8948a04e4d26b7ddea1e283dbab13508d2a91792df8c9edb661047e68ce4b2004357e7  qubes-vm-gui-v4.1.27.tar.gz
+f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d  0001-musl-build.patch
+262b93b4ea172926dc18b7af372168ff3f645a02db1529cb73af3d5aa6252a75500bfbd95344a835bbf646e753018d0e27885e41a03f06247226a485edb5e028  0001-initd-fix.patch
+68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194  qubes-gui-agent.openrc
+bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0  qubes-sessions.sh
+b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7  qubes-gui-agent.pam
+"
--- a/qubes-vm-gui/qubes-gui-agent.openrc
+++ b/qubes-vm-gui/qubes-gui-agent.openrc
@ -0,0 +1,26 @@
+#!/sbin/openrc-run
+  
+name=$RC_SVCNAME
+cfgfile="/etc/qubes/$RC_SVCNAME.conf"
+command="/usr/bin/qubes-gui"
+pidfile="/run/qubes/$RC_SVCNAME.pid"
+command_background="yes"
+output_log="/var/log/qubes/$RC_SVCNAME.log"
+error_log="/var/log/qubes/$RC_SVCNAME.err"
+
+depend() {
+        need qubes-db
+}
+
+start_pre() {
+	checkpath --directory --owner $command_user:qubes --mode 0775 \
+                /run/qubes /var/log/qubes /var/run/console
+	# start console-kit-daemon
+	/usr/bin/ck-list-sessions > /dev/null 2>&1
+	# pretend tha user is at local console
+	touch /var/run/console/user
+	/bin/sh -c /usr/lib/qubes/qubes-gui-agent-pre.sh
+	. /var/run/qubes-service-environment
+	command_args="$command_args $GUI_OPTS"
+	export DISPLAY=:0
+}
--- a/qubes-vm-gui/qubes-gui-agent.pam
+++ b/qubes-vm-gui/qubes-gui-agent.pam
@ -0,0 +1,6 @@
+# basic PAM configuration for Alpine.
+auth		sufficient	pam_rootok.so
+auth		include		base-auth
+account		include		base-account
+password	include		base-password
+session		include		base-session-noninteractive
--- a/qubes-vm-gui/qubes-sessions.sh
+++ b/qubes-vm-gui/qubes-sessions.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+echo "qubes-session initializing..."
+
+exec /usr/bin/qubes-session
+
+echo "qubes-session initialized"
--- a/qubes-vm-qrexec/APKBUILD
+++ b/qubes-vm-qrexec/APKBUILD
@ -0,0 +1,59 @@
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
+pkgname=qubes-vm-qrexec
+subpackages="$pkgname-openrc $pkgname-doc"
+pkgver=4.1.20
+_gittag="v$pkgver"
+pkgrel=0
+pkgdesc="The Qubes qrexec files (qube side)"
+arch="x86_64"
+url="https://github.com/QubesOS/qubes-core-qrexec"
+license='GPL'
+depends="qubes-libvchan-xen"
+options="!check" # No testsuite
+makedepends="
+	gcc
+	make
+	pandoc
+	pkgconf
+	py3-setuptools
+	lld
+	qubes-libvchan-xen-dev
+	"
+source="
+	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-qrexec/archive/refs/tags/$_gittag.tar.gz
+	qubes-qrexec-agent.openrc
+	agent-qrexec-fork-server-undef-fortify-source.patch
+	"
+builddir="$srcdir/qubes-core-qrexec-${_gittag/v}"
+
+prepare() {
+	default_prepare
+	# remove all -Werror
+	msg "Eradicating -Werror..."
+	find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror//g' {} +
+}
+
+build() {
+	make all-base
+	make all-vm
+
+	# change all shebangs to bash as expected
+	# shellcheck disable=SC2013
+	for i in $(grep '/bin/sh' -RlI .); do
+		sed -i 's|/bin/sh|/bin/bash|' "$i"
+	done
+}
+
+package() {
+	export LDFLAGS="$LDFLAGS -fuse-ld=lld"
+	make install-base DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
+	make install-vm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
+	install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent
+}
+sha512sums="
+650d6ae2a48dddc8207b0b1466024fc2bc48b6d10f11ba35411fa1e44049ddc5d1fe9ca77d968598444db34bac8fb781b6fa4c837846af52161dbf246f3a99fb  qubes-vm-qrexec-v4.1.20.tar.gz
+e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f  qubes-qrexec-agent.openrc
+69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13  agent-qrexec-fork-server-undef-fortify-source.patch
+"
--- a/qubes-vm-qrexec/agent-qrexec-fork-server-undef-fortify-source.patch
+++ b/qubes-vm-qrexec/agent-qrexec-fork-server-undef-fortify-source.patch
@ -0,0 +1,12 @@
+diff --git a/agent/qrexec-fork-server.c b/agent/qrexec-fork-server.c
+index e9bcab7..655d138 100644
+--- a/agent/qrexec-fork-server.c
+++ b/agent/qrexec-fork-server.c
+@@ -32,6 +32,7 @@
+ #include <libvchan.h>
+ #include "libqrexec-utils.h"
+ #include "qrexec-agent.h"
+#undef _FORTIFY_SOURCE
+ 
+ extern char **environ;
+ const bool qrexec_is_fork_server = true;
--- a/qubes-vm-qrexec/qubes-qrexec-agent.openrc
+++ b/qubes-vm-qrexec/qubes-qrexec-agent.openrc
@ -0,0 +1,22 @@
+#!/sbin/openrc-run
+  
+name=$RC_SVCNAME
+cfgfile="/etc/qubes/$RC_SVCNAME.conf"
+command="/usr/lib/qubes/qrexec-agent"
+command_args=""
+command_user="root"
+pidfile="/run/qubes/$RC_SVCNAME.pid"
+start_stop_daemon_args=""
+command_background="yes"
+output_log="/var/log/qubes/$RC_SVCNAME.log"
+error_log="/var/log/qubes/$RC_SVCNAME.err"
+
+depend() {
+	need xendriverdomain
+}
+
+start_pre() {
+	/bin/sh -c '[ -e /dev/xen/evtchn ] || modprobe xen_evtchn'
+        checkpath --directory --owner $command_user:qubes --mode 0775 \
+                /run/qubes /var/log/qubes
+}
--- a/qubes-vm-utils/APKBUILD
+++ b/qubes-vm-utils/APKBUILD
@ -0,0 +1,63 @@
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
+pkgname=qubes-vm-utils
+subpackages="
+	qubes-vm-kernel-support:support:noarch
+	$pkgname-openrc
+	"
+pkgver=4.1.19
+pkgrel=0
+_gittag="v$pkgver"
+pkgdesc="Common Linux files for Qubes VM."
+arch="x86_64"
+url="https://github.com/QubesOS/qubes-linux-utils"
+license='GPL'
+depends="
+	imagemagick
+	py3-pillow
+	py3-numpy
+	"
+makedepends="
+	gcc
+	make
+	pkgconfig
+	py3-setuptools
+	qubes-libvchan-xen-dev
+	xen-dev
+	"
+source="
+	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-linux-utils/archive/refs/tags/$_gittag.tar.gz
+	qubes-meminfo-writer.openrc
+	"
+options="!check" # No testsuite
+builddir="$srcdir"/${pkgname/vm/linux}-${_gittag/v}
+
+build() {
+	export BACKEND_VMM=xen
+	make all
+}
+
+package() {
+	make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/lib SBINDIR=/sbin
+	install -Dm 755 "$srcdir"/qubes-meminfo-writer.openrc "$pkgdir"/etc/init.d/qubes-meminfo-writer
+}
+
+support() {
+	depends="
+		mkinitcpio
+		dkms
+		grub
+		"
+	cd "$builddir"
+	mkdir -p "$subpkgdir"/usr/lib/initcpio/install/
+	mkdir -p "$subpkgdir"/usr/lib/initcpio/hooks/
+	mkdir -p "$subpkgdir"/usr/lib/qubes/
+	mkdir -p "$subpkgdir"/usr/bin/
+
+	install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh
+}
+sha512sums="
+adfa6190af80e8ff92b899056370b8e820820154dcbad2d141debc72a6f122d94894eb0ffd5f56715db8ff7c3166c63b8832a78f70c35d86d42af071297b7d35  qubes-vm-utils-v4.1.19.tar.gz
+aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3  qubes-meminfo-writer.openrc
+"
--- a/qubes-vm-utils/qubes-meminfo-writer.openrc
+++ b/qubes-vm-utils/qubes-meminfo-writer.openrc
@ -0,0 +1,17 @@
+#!/sbin/openrc-run
+  
+name=$RC_SVCNAME
+cfgfile="/etc/qubes/$RC_SVCNAME.conf"
+pidfile="/var/run/meminfo-writer.pid"
+command="/sbin/meminfo-writer"
+command_args="30000 100000 $pidfile"
+command_user="root"
+start_stop_daemon_args=""
+command_background="yes"
+output_log="/var/log/qubes/$RC_SVCNAME.log"
+error_log="/var/log/qubes/$RC_SVCNAME.err"
+
+start_pre() {
+        checkpath --directory --owner $command_user:qubes --mode 0775 \
+                /var/log/qubes
+}