Compare commits

...

104 commits

Author SHA1 Message Date
e9170df040 qubes-vm-utils: upgrade to 4.3.5 2024-11-08 00:41:33 +00:00
8ecc7b48ea
qubes-vm-core: upgrade to 4.3.11
All checks were successful
/ lint (pull_request) Successful in 32s
/ deploy-edge (pull_request) Successful in 37s
/ build-edge (pull_request) Successful in 2m10s
/ deploy-v3.19 (pull_request) Successful in 33s
/ build-v3.19 (pull_request) Successful in 1m39s
/ deploy-v3.20 (pull_request) Successful in 34s
/ build-v3.20 (pull_request) Successful in 2m3s
2024-11-07 18:54:57 -05:00
e65971b3ab qubes-vm-gui-dev: upgrade to 4.3.0 2024-10-31 20:08:25 +00:00
a914b685f2 qubes-vm-gui: upgrade to 4.3.0 2024-10-31 20:08:25 +00:00
1c13a950c2
qubes-libvchan-xen: rebuild against xen 4.19
All checks were successful
/ lint (pull_request) Successful in 35s
/ build-v3.20 (pull_request) Successful in 1m52s
/ deploy-v3.20 (pull_request) Successful in 36s
/ build-v3.19 (pull_request) Successful in 1m54s
/ deploy-v3.19 (pull_request) Successful in 37s
/ deploy-edge (pull_request) Successful in 31s
/ build-edge (pull_request) Successful in 2m41s
2024-10-31 15:58:53 -04:00
7779c42918
qubes-vm-core: upgrade to 4.3.0
Some checks failed
/ lint (pull_request) Successful in 31s
/ deploy-edge (pull_request) Has been skipped
/ build-edge (pull_request) Failing after 44s
/ build-v3.19 (pull_request) Successful in 1m56s
/ deploy-v3.19 (pull_request) Successful in 33s
/ build-v3.20 (pull_request) Successful in 1m40s
/ deploy-v3.20 (pull_request) Successful in 28s
2024-10-31 15:54:29 -04:00
637a92578a
forcejo: fix bad if statement 2024-10-31 15:45:21 -04:00
4953c4c159
forgego: add package version checks 2024-10-31 15:32:52 -04:00
a0e397c918
*: /usr merge
Some checks failed
/ deploy-v3.20 (pull_request) Has been cancelled
/ build-v3.20 (pull_request) Has been cancelled
/ deploy-v3.19 (pull_request) Has been cancelled
/ build-v3.19 (pull_request) Has been cancelled
/ deploy-edge (pull_request) Has been cancelled
/ build-edge (pull_request) Has been cancelled
/ lint (pull_request) Successful in 24s
2024-10-16 20:10:31 -04:00
8109344b8e qubes-vm-qrexec: upgrade to 4.3.0 2024-10-10 16:21:31 +00:00
2cdae9bc59 qubes-vm-gui: upgrade to 4.2.18 2024-10-10 16:18:23 +00:00
573c747ff9 qubes-vm-gui-dev: upgrade to 4.2.5 2024-10-10 16:18:23 +00:00
64d500c042 qubes-vm-utils: upgrade to 4.3.4 2024-10-10 16:18:15 +00:00
907e65b867 qubes-vm-core: upgrade to 4.3.7 2024-10-10 16:02:34 +00:00
c7d021b224 qubes-usb-proxy: upgrade to 1.3.2 2024-10-10 16:01:16 +00:00
df786a0292 qubes-libvchan-xen: upgrade to 4.2.4 2024-10-10 16:01:10 +00:00
5ebb82e9d3
qubes-input-proxy: fix url
Some checks failed
/ lint (pull_request) Successful in 29s
/ deploy-edge (pull_request) Failing after 1m48s
/ build-edge (pull_request) Successful in 44s
/ deploy-v3.19 (pull_request) Failing after 1m49s
/ build-v3.19 (pull_request) Successful in 45s
/ deploy-v3.20 (pull_request) Failing after 1m41s
/ build-v3.20 (pull_request) Successful in 45s
2024-10-10 12:00:30 -04:00
79be5d7efa qubes-gpg-split: upgrade to 2.0.75 2024-10-10 15:57:39 +00:00
43a72bd078
qubes-input-proxy: upgrade to 1.0.38
All checks were successful
/ lint (pull_request) Successful in 34s
/ deploy-v3.20 (pull_request) Successful in 32s
/ build-v3.20 (pull_request) Successful in 1m10s
/ build-v3.19 (pull_request) Successful in 1m12s
/ deploy-v3.19 (pull_request) Successful in 35s
/ deploy-edge (pull_request) Successful in 31s
/ build-edge (pull_request) Successful in 1m19s
2024-10-10 11:49:19 -04:00
931be466e8
README: update 2024-08-16 21:45:56 -04:00
a138662e44
qubes-vm-utils: bump
Some checks failed
/ lint (pull_request) Successful in 33s
/ build-edge (pull_request) Successful in 37s
/ deploy-edge (pull_request) Failing after 1m45s
/ deploy-v3.19 (pull_request) Failing after 1m41s
/ build-v3.19 (pull_request) Successful in 38s
/ deploy-v3.20 (pull_request) Failing after 1m38s
/ build-v3.20 (pull_request) Successful in 44s
2024-08-16 08:13:01 -04:00
6909ec2185
forgejo-ci: add multitarget build workflows 2024-08-16 08:12:42 -04:00
b117d95024
qubes-vm-utils: bump
All checks were successful
/ lint (pull_request) Successful in 32s
/ build-edge (pull_request) Successful in 1m24s
/ deploy-edge (pull_request) Successful in 28s
2024-08-16 01:17:02 -04:00
88c519bae4
qubes-input-proxy: bump 2024-08-16 01:16:52 -04:00
69eb028438
forgejo-ci: initial
Some checks failed
/ lint (pull_request) Successful in 25s
/ build-edge (pull_request) Successful in 32s
/ deploy-edge (pull_request) Failing after 1m41s
2024-08-16 01:16:26 -04:00
1a3e88d955
gitlab-ci: drop for forgejo-ci 2024-08-15 21:59:02 -04:00
a7e184bf93
gitlab-ci: use git-annex instead of git-lfs 2024-08-10 12:01:01 -04:00
264c954d9b
qubes-vm-core: add missing rsvg-convert and dbus-x11 depend 2024-07-27 19:18:49 -04:00
bd6e8cac43
qubes-usb-proxy: fix usb reset with udevadm 2024-07-27 19:18:17 -04:00
cc021097dc
qubes-usb-proxy: add vhci-hcd module to modules-load.d 2024-07-27 19:17:41 -04:00
01db78f365
qubes-pass: add service subpackage 2024-07-27 19:17:02 -04:00
34f3abf6b1
qubes-vm-core: pull findutils depend 2024-07-27 19:16:49 -04:00
339e3da21b
qubes-input-proxy: add openrc support 2024-07-27 15:01:53 -04:00
fbba245e39
qubes-input-proxy: new aport 2024-07-27 01:04:34 -04:00
c04972d9f1
qubes-usb-proxy: fix usb import 2024-07-27 00:13:13 -04:00
0c45e05df1 README: update for r4.3 2024-07-11 17:26:23 +00:00
1a7b0e2a7f qubes-vm-gui-dev: bump pkgrel 2024-07-11 17:26:23 +00:00
4472d7d6a2 qubes-vm-utils: upgrade to 4.3.3 2024-07-11 17:26:23 +00:00
55581b72cb qubes-vm-qrexec: upgrade to 4.2.21 2024-07-11 17:26:23 +00:00
47011fa7a7 qubes-vm-gui: upgrade to 4.2.16 2024-07-11 17:26:23 +00:00
1f86673220 qubes-vm-core: upgrade to 4.3.4 2024-07-11 17:26:23 +00:00
e06a14c1c2 qubes-usb-proxy; upgrade to 1.3.0 2024-07-11 17:26:23 +00:00
4254194dd5 qubes-pass: push rel 2024-07-11 17:26:23 +00:00
26dee9677c qubes-meta-packages: upgrade to 4.3.0 2024-07-11 17:26:23 +00:00
8d62b30e1e qubes-libvchan-xen: bump pkgrel 2024-07-11 17:26:23 +00:00
9c720e6fa9 qubes-gpg-split: upgrade to 2.0.71 2024-07-11 17:26:23 +00:00
bee9163ca4 qubes-db-vm: upgrade to 4.2.6 2024-07-11 17:26:23 +00:00
2e9c021866 qubes-app-linux-druide-antidore: bump rel 2024-07-11 17:26:23 +00:00
24126beac8
gitlab/bin: consider main as r4.3 2024-07-11 12:51:58 -04:00
9917fa1bc2 qubes-vm-gui: upgrade to 4.2.14 2024-07-11 16:32:55 +00:00
2e68f01cbd qubes-vm-core: upgrade to 4.2.35 2024-07-11 16:30:41 +00:00
620fb8549f qubes-vm-qrexec: bump rel 2024-07-11 16:30:10 +00:00
80ff2032b4 qubes-usb-proxy: bump rel 2024-07-11 16:00:24 +00:00
b5029e0b18
qubes-vm-utils: bump rel 2024-07-11 11:45:43 -04:00
55f5330870 qubes-vm-utils: upgrade to 4.2.17 2024-07-11 14:07:16 +00:00
ef4af36b67 qubes-vm-qrexec: upgrade to 4.2.19 2024-07-11 14:05:41 +00:00
0a2a71595a qubes-usb-proxy: upgrade to 1.2.2 2024-07-11 14:03:30 +00:00
7065956f34
gitlab-ci.yml: drop v3.18 2024-06-03 10:39:12 -04:00
1673bc8eb3
*: bump pkgrel 2024-06-03 08:24:31 -04:00
d48384836e
gitlab-ci.yml: add 3.20 runners 2024-06-03 08:22:49 -04:00
56cf19c7a0 qubes-vm-qrexec: upgrade to 4.2.18 2024-04-20 21:51:55 +00:00
49f1ce1b16 qubes-vm-gui: upgrade to 4.2.13 2024-04-20 21:51:31 +00:00
227af42e30 qubes-vm-core: upgrade to 4.2.29 2024-04-20 21:51:09 +00:00
ac0ee6bd66 qubes-usb-proxy: upgrade to 1.2.1 2024-04-20 21:50:54 +00:00
a1e2bc03ed qubes-meta-packages: upgrade to 4.2.11 2024-04-20 21:50:37 +00:00
97a464e6dd
qubes-libvchan-xen: upgrade to 4.2.3 2024-04-20 17:03:34 -04:00
83bbfa3567 *: rebuild for python 3.12 2024-04-15 12:45:43 +00:00
cd9f43755c
qubes-gpg-split: upgrade to 2.0.70 2024-02-08 13:23:24 -05:00
b6fe31696d
qubes-vm-core: fix apk proxy 2024-02-08 12:30:26 -05:00
ef1b123c4e qubes-vm-qrexec: upgrade to 4.2.17 2024-02-01 22:34:16 +00:00
9fe00c24a9 qubes-libvchan-xen: upgrade to 4.2.2 2024-02-01 22:33:55 +00:00
ee522ee737 qubes-vm-gui: upgrade to 4.2.12 2024-02-01 22:33:46 +00:00
bb598454c0
qubes-vm-core: upgrade to 4.2.28 2024-02-01 16:50:37 -05:00
0e47e975b5 qubes-vm-core: upgrade to 4.2.27 2024-02-01 21:17:00 +00:00
0da3281cfc qubes-vm-utils: upgrade to 4.2.15 2024-02-01 20:25:01 +00:00
02c6bda4d4 qubes-app-linux-druide-antidote: new aport 2024-02-01 19:26:25 +00:00
0b252eff75
qubes-libvchan-xen: rebuild against sen 4.18 2023-12-07 19:41:37 -05:00
71f28ef65f
*: push pkgrel 2023-11-28 11:16:51 -05:00
fda3916231
gitlab-ci: add v3.19 build 2023-11-28 11:16:32 -05:00
c22569cd4c
qubes-vm-gui: bump pkgrel 2023-09-11 01:06:23 -04:00
0daee72675 qubes-vm-utils: upgrade to 4.2.13 2023-09-11 05:00:45 +00:00
1d70caa122 qubes-vm-qrexec: upgrade to 4.2.11 2023-09-11 04:58:14 +00:00
0338fea880 qubes-vm-core: upgrade to 4.2.21 2023-09-11 04:56:08 +00:00
42327016e6
qubes-vm-gui: upgrade to 4.2.9 2023-09-11 00:53:16 -04:00
5dc97166f4
qubes-vm-gui: remove deprecation of pulseaudio 2023-09-11 00:53:15 -04:00
b213e35465 qubes-vm-gui: do not use systemctl for qubes-session 2023-09-11 04:48:45 +00:00
04a40cece8 qubes-vm-core: fix setup-ip 2023-09-11 04:48:45 +00:00
9bf9b57855
*: bump pkgrel 2023-08-30 15:58:12 -04:00
8308c0cf42
gltlab-ci: implement target multiple Alpine releases 2023-08-30 15:51:22 -04:00
7390b8343d Update README.md 2023-08-27 19:02:01 +00:00
35da3eea11 qubes-usb-proxy: bump pkgrel 2023-08-27 19:02:01 +00:00
ff0aab1f60 qubes-gpg-split: bump pkgrel 2023-08-27 19:02:01 +00:00
346d069995 qubes-vm-gui: fix pam.d install 2023-08-26 19:32:09 +00:00
41572968b2
qubes-vm-core: add missing depends 2023-08-26 15:28:25 -04:00
376caaae3c
qubes-vm-core: add eudev depend 2023-08-25 16:45:39 -04:00
52f5847075 Add readme 2023-08-16 04:44:03 +00:00
bad57cc2ed
qubes-vm-qrexec: upgrade to 4.2.8 2023-08-16 00:03:14 -04:00
cbc2602c34
qubes-vm-utils: upgrade to 4.2.11 2023-08-15 23:08:50 -04:00
c96a0efda8
qubes-vm-gui-dev: upgrade to 4.2.4 2023-08-15 23:08:48 -04:00
6b94ec6cc4
qubes-vm-gui: upgrade to 4.2.8 2023-08-15 23:08:45 -04:00
f9192ee9c6
qubes-vm-core: upgrade to 4.2.19 2023-08-15 23:08:40 -04:00
83468ae4a0
qubes-meta-packages: upgrade to 4.2.9 2023-08-15 22:01:55 -04:00
bb07394c5c
qubes-libvchan-xen: upgrade to 4.2.1 2023-08-15 22:00:53 -04:00
4ca75689c6
qubes-db-vm: upgrade to 4.2.4 2023-08-15 21:58:40 -04:00
49 changed files with 1227 additions and 938 deletions

35
.forgejo/bin/check_ver.sh Executable file
View file

@ -0,0 +1,35 @@
#!/bin/bash
# expects the following env variables:
# downstream: downstream repo
repo=${downstream/*\/}
curl --silent $downstream/x86_64/APKINDEX.tar.gz | tar -O -zx APKINDEX > APKINDEX
owned_by_you=$(awk -v RS= -v ORS="\n\n" '/m:Antoine Martin \(ayakael\) <dev@ayakael.net>/' APKINDEX | awk -F ':' '{if($1=="o"){print $2}}' | sort | uniq)
echo "Found $(printf '%s\n' $owned_by_you | wc -l ) packages owned by you"
rm -f out_of_date not_in_anitya
for pkg in $owned_by_you; do
if [ $CHECK_LATEST -eq 1 ]; then
upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].version')
else
upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_version')
fi
downstream_version=$(sed -n "/^P:$pkg$/,/^$/p" APKINDEX | awk -F ':' '{if($1=="V"){print $2}}' | sort -V | tail -n 1)
downstream_version=${downstream_version/-*}
if [ -z "$upstream_version" ]; then
echo "$pkg not in anitya"
echo "$pkg" >> not_in_anitya
elif [ "$downstream_version" != "$(printf '%s\n' $upstream_version $downstream_version | sort -V | head -n 1)" ]; then
echo "$pkg higher downstream"
continue
elif [ "$upstream_version" != "$downstream_version" ]; then
echo "$pkg upstream version $upstream_version does not match downstream version $downstream_version"
echo "$pkg $downstream_version $upstream_version $repo" >> out_of_date
fi
done

165
.forgejo/bin/create_issue.sh Executable file
View file

@ -0,0 +1,165 @@
#!/bin/bash
# expects:
# env variable FORGEJO_TOKEN
# file out_of_date
IFS='
'
repo=${downstream/*\/}
does_it_exist() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
query="$repo/$name: upgrade to $upstream_version"
query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )"
result="$(curl --silent -X 'GET' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN"
)"
if [ "$result" == "[]" ]; then
return 1
fi
}
is_it_old() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
query="$repo/$name: upgrade to"
query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )"
result="$(curl --silent -X 'GET' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN"
)"
result_title="$(echo $result | jq -r '.[].title' )"
result_id="$(echo $result | jq -r '.[].number' )"
result_upstream_version="$(echo $result_title | awk '{print $4}')"
if [ "$upstream_version" != "$result_upstream_version" ]; then
echo $result_id
else
echo 0
fi
}
update_title() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
id=$5
result=$(curl --silent -X 'PATCH' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$id" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"title\": \"$repo/$name: upgrade to $upstream_version\"
}"
)
return 0
}
create_issue() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
result=$(curl --silent -X 'POST' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"title\": \"$repo/$name: upgrade to $upstream_version\",
\"labels\": [
$LABEL_NUMBER
]
}")
return 0
}
if [ -f out_of_date ]; then
out_of_date="$(cat out_of_date)"
echo "Detected $(wc -l out_of_date) out-of-date packages, creating issues"
for pkg in $out_of_date; do
name="$(echo $pkg | awk '{print $1}')"
downstream_version="$(echo $pkg | awk '{print $2}')"
upstream_version="$(echo $pkg | awk '{print $3}')"
repo="$(echo $pkg | awk '{print $4}')"
if does_it_exist $name $downstream_version $upstream_version $repo; then
echo "Issue for $repo/$name already exists"
continue
fi
id=$(is_it_old $name $downstream_version $upstream_version $repo)
if [ "$id" != "0" ] && [ -n "$id" ]; then
echo "Issue for $repo/$name needs updating"
update_title $name $downstream_version $upstream_version $repo $id
continue
fi
echo "Creating issue for $repo/$name"
create_issue $name $downstream_version $upstream_version $repo
done
fi
if [ -f not_in_anitya ]; then
query="Add missing $repo packages to anitya"
query="$(echo $query | sed 's| |%20|g')"
result="$(curl --silent -X 'GET' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN"
)"
if [ "$result" == "[]" ]; then
echo "Creating anitya issue"
result=$(curl --silent -X 'POST' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"title\": \"Add missing $repo packages to anitya\",
\"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\",
\"labels\": [
$LABEL_NUMBER
]
}")
else
echo "Updating anitya issue"
result_id="$(echo $result | jq -r '.[].number' )"
result=$(curl --silent -X 'PATCH' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$result_id" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\"
}"
)
fi
fi

33
.forgejo/bin/deploy.sh Executable file
View file

@ -0,0 +1,33 @@
#!/bin/sh
# shellcheck disable=SC3040
set -eu -o pipefail
readonly BASEBRANCH=$CI_ALPINE_TARGET
readonly TARGET_REPO=$CI_ALPINE_REPO
get_qubes_release() {
case $GITHUB_BASE_REF in
r*) echo $GITHUB_BASE_REF;;
main) echo r4.3;;
esac
}
readonly QUBES_REL=$(get_qubes_release)
apkgs=$(find package -type f -name "*.apk")
for apk in $apkgs; do
arch=$(echo $apk | awk -F '/' '{print $3}')
name=$(echo $apk | awk -F '/' '{print $4}')
echo "Sending $name of arch $arch to $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL"
return=$(curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL 2>&1)
echo $return
if [ "$return" == "package file already exists" ]; then
echo "Package already exists, refreshing..."
curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN -X DELETE $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL/$arch/$name
curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL
fi
done

View file

@ -0,0 +1,140 @@
diff --git a/usr/local/bin/build.sh.orig b/usr/local/bin/build.sh
old mode 100644
new mode 100755
index c3b8f7a..0b1c9a5
--- a/usr/local/bin/build.sh.orig
+++ b/usr/local/bin/build.sh
@@ -7,13 +7,14 @@
set -eu -o pipefail
readonly APORTSDIR=$CI_PROJECT_DIR
-readonly REPOS="main community testing non-free"
+readonly REPOS="main community testing"
readonly ARCH=$(apk --print-arch)
# gitlab variables
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
: "${REPODEST:=$HOME/packages}"
-: "${MIRROR:=https://dl-cdn.alpinelinux.org/alpine}"
+: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}"
+: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
: "${MAX_ARTIFACT_SIZE:=300000000}" #300M
: "${CI_DEBUG_BUILD:=}"
@@ -67,13 +68,32 @@ report() {
}
get_release() {
+ echo $CI_ALPINE_TARGET
+}
+
+
+get_qubes_release() {
case $BASEBRANCH in
- *-stable) echo v"${BASEBRANCH%-*}";;
- master) echo edge;;
- *) die "Branch \"$BASEBRANCH\" not supported!"
+ r*) echo $BASEBRANCH;;
+ main) echo r4.3;;
esac
}
+changed_aports() {
+ : "${APORTSDIR?APORTSDIR missing}"
+ : "${BASEBRANCH?BASEBRANCH missing}"
+
+ cd "$APORTSDIR"
+ local aports
+
+ aports=$(git diff --name-only --diff-filter=ACMR \
+ "$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
+
+ # shellcheck disable=2086
+ ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
+}
+
+
build_aport() {
local repo="$1" aport="$2"
cd "$APORTSDIR/$repo/$aport"
@@ -99,13 +119,13 @@ set_repositories_for() {
local release
release=$(get_release)
- for repo in $REPOS; do
+ for repo in qubes-$(get_qubes_release); do
[ "$repo" = "non-free" ] && continue
- [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
+ [ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue
repos="$repos $MIRROR/$release/$repo $REPODEST/$repo"
[ "$repo" = "$target_repo" ] && break
done
- doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
+ doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
doas apk update
}
@@ -118,7 +138,15 @@ apply_offset_limit() {
}
setup_system() {
- doas sh -c "echo $MIRROR/$(get_release)/main > /etc/apk/repositories"
+ local repos='' repo=''
+ local release
+
+ release=$(get_release)
+ for repo in $REPOS; do
+ [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
+ repos="$repos $ALPINE_MIRROR/$release/$repo"
+ done
+ doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system"
abuild-keygen -ain
doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
@@ -192,32 +220,22 @@ section_end setup
build_start=$CI_ALPINE_BUILD_OFFSET
build_limit=$CI_ALPINE_BUILD_LIMIT
-for repo in $(changed_repos); do
- set_repositories_for "$repo"
- built_aports=0
- changed_aports_in_repo=$(changed_aports "$repo")
- changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
- changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
+set_repositories_for $(get_qubes_release)
+built_aports=0
+changed_aports_in_repo=$(changed_aports $BASEBRANCH)
+changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
+changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
- msg "Changed aports in $repo:"
- # shellcheck disable=SC2086 # Splitting is expected here
- printf " - %s\n" $changed_aports_to_build
- for pkgname in $changed_aports_to_build; do
- section_start "build_$pkgname" "Building package $pkgname"
- built_aports=$((built_aports+1))
- if check_aport "$repo" "$pkgname"; then
- build_aport "$repo" "$pkgname"
- fi
- section_end "build_$pkgname"
- done
-
- build_start=$((build_start-(changed_aports_in_repo_count-built_aports)))
- build_limit=$((build_limit-built_aports))
-
- if [ $build_limit -le 0 ]; then
- msg "Limit reached, breaking"
- break
+msg "Changed aports:"
+# shellcheck disable=SC2086 # Splitting is expected here
+printf " - %s\n" $changed_aports_to_build
+for pkgname in $changed_aports_to_build; do
+ section_start "build_$pkgname" "Building package $pkgname"
+ built_aports=$((built_aports+1))
+ if check_aport . "$pkgname"; then
+ build_aport . "$pkgname"
fi
+ section_end "build_$pkgname"
done
section_start artifacts "Handeling artifacts" collapse

View file

@ -0,0 +1,54 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
build-edge:
runs-on: x86_64
container:
image: alpinelinux/alpine-gitlab-ci:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
CI_ALPINE_TARGET: edge
steps:
- name: Environment setup
run: |
doas apk add nodejs git patch curl
cd /etc/apk/keys
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
- name: Repo pull
uses: actions/checkout@v4
with:
fetch-depth: 500
- name: Package build
run: |
doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
build.sh
- name: Package upload
uses: forgejo/upload-artifact@v3
with:
name: package
path: packages
deploy-edge:
needs: [build-edge]
runs-on: x86_64
container:
image: alpine:latest
env:
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
CI_ALPINE_TARGET: edge
steps:
- name: Setting up environment
run: apk add nodejs curl findutils git gawk
- name: Repo pull
uses: actions/checkout@v4
- name: Package download
uses: forgejo/download-artifact@v3
- name: Package deployment
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

View file

@ -0,0 +1,54 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
build-v3.19:
runs-on: x86_64
container:
image: alpinelinux/alpine-gitlab-ci:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
CI_ALPINE_TARGET: v3.19
steps:
- name: Environment setup
run: |
doas apk add nodejs git patch curl
cd /etc/apk/keys
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
- name: Repo pull
uses: actions/checkout@v4
with:
fetch-depth: 500
- name: Package build
run: |
doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
build.sh
- name: Package upload
uses: forgejo/upload-artifact@v3
with:
name: package
path: packages
deploy-v3.19:
needs: [build-v3.19]
runs-on: x86_64
container:
image: alpine:latest
env:
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
CI_ALPINE_TARGET: v3.19
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
steps:
- name: Setting up environment
run: apk add nodejs curl findutils git gawk
- name: Repo pull
uses: actions/checkout@v4
- name: Package download
uses: forgejo/download-artifact@v3
- name: Package deployment
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

View file

@ -0,0 +1,54 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
build-v3.20:
runs-on: x86_64
container:
image: alpinelinux/alpine-gitlab-ci:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
CI_ALPINE_TARGET: v3.20
steps:
- name: Environment setup
run: |
doas apk add nodejs git patch curl
cd /etc/apk/keys
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
- name: Repo pull
uses: actions/checkout@v4
with:
fetch-depth: 500
- name: Package build
run: |
doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
build.sh
- name: Package upload
uses: forgejo/upload-artifact@v3
with:
name: package
path: packages
deploy-v3.20:
needs: [build-v3.20]
runs-on: x86_64
container:
image: alpine:latest
env:
CI_ALPINE_TARGET: v3.20
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
steps:
- name: Setting up environment
run: apk add nodejs curl findutils git gawk
- name: Repo pull
uses: actions/checkout@v4
- name: Package download
uses: forgejo/download-artifact@v3
- name: Package deployment
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

View file

@ -0,0 +1,28 @@
on:
workflow_dispatch:
schedule:
- cron: '0 5 * * *'
jobs:
check-r4.2:
name: Check user repo
runs-on: x86_64
container:
image: alpine:latest
env:
downstream: https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.2
FORGEJO_TOKEN: ${{ secrets.forgejo_token }}
LABEL_NUMBER: 9
CHECK_LATEST: 0
steps:
- name: Environment setup
run: apk add grep coreutils gawk curl wget bash nodejs git jq sed
- name: Get scripts
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Check out-of-date packages
run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh
- name: Create issues
run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh

View file

@ -0,0 +1,28 @@
on:
workflow_dispatch:
schedule:
- cron: '0 5 * * *'
jobs:
check-r4.3:
name: Check user repo
runs-on: x86_64
container:
image: alpine:latest
env:
downstream: https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3
FORGEJO_TOKEN: ${{ secrets.forgejo_token }}
LABEL_NUMBER: 9
CHECK_LATEST: 1
steps:
- name: Environment setup
run: apk add grep coreutils gawk curl wget bash nodejs git jq sed
- name: Get scripts
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Check out-of-date packages
run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh
- name: Create issues
run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh

View file

@ -0,0 +1,21 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
lint:
run-name: lint
runs-on: x86_64
container:
image: alpinelinux/apkbuild-lint-tools:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
steps:
- run: doas apk add nodejs git
- uses: actions/checkout@v4
with:
fetch-depth: 500
- run: lint

View file

@ -1,67 +0,0 @@
stages:
- verify
- build
- deploy
variables:
GIT_STRATEGY: clone
GIT_DEPTH: "500"
lint:
stage: verify
interruptible: true
script:
- |
sudo apk add shellcheck atools sudo abuild
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
lint
allow_failure: true
only:
- merge_requests
tags:
- apk-v3.18-x86_64
.build:
stage: build
interruptible: true
script:
- |
sudo apk add alpine-sdk lua-aports sudo
sudo addgroup $USER abuild
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
sudo -Eu $USER build.sh
artifacts:
paths:
- packages/
- keys/
- logs/
expire_in: 7 days
only:
- merge_requests
build-v3.18:
extends: .build
when: always
tags:
- apk-v3.18-x86_64
build-v3.17:
extends: .build
when: manual
tags:
- apk-v3.17-x86_64
push:
interruptible: true
stage: deploy
script:
- |
sudo apk add abuild git-lfs findutils
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
push.sh
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
when: manual
tags:
- repo

View file

@ -1,111 +0,0 @@
#!/bin/sh
set -e
arch=
builddir=
checkdepends=
depends=
depends_dev=
depends_doc=
depends_libs=
depends_openrc=
depends_static=
install=
install_if=
langdir=
ldpath=
license=
makedepends=
makedepends_build=
makedepends_host=
md5sums=
options=
patch_args=
pkgbasedir=
pkgdesc=
pkgdir=
pkgname=
pkgrel=
pkgver=
pkggroups=
pkgusers=
provides=
provider_priority=
replaces=
sha256sums=
sha512sums=
sonameprefix=
source=
srcdir=
startdir=
subpackages=
subpkgdir=
subpkgname=
triggers=
url=
# abuild.conf
CFLAGS=
CXXFLAGS=
CPPFLAGS=
LDFLAGS=
JOBS=
MAKEFLAGS=
CMAKE_CROSSOPTS=
. ./APKBUILD
: "$arch"
: "$builddir"
: "$checkdepends"
: "$depends"
: "$depends_dev"
: "$depends_doc"
: "$depends_libs"
: "$depends_openrc"
: "$depends_static"
: "$install"
: "$install_if"
: "$langdir"
: "$ldpath"
: "$license"
: "$makedepends"
: "$makedepends_build"
: "$makedepends_host"
: "$md5sums"
: "$options"
: "$patch_args"
: "$pkgbasedir"
: "$pkgdesc"
: "$pkgdir"
: "$pkgname"
: "$pkgrel"
: "$pkgver"
: "$pkggroups"
: "$pkgusers"
: "$provides"
: "$provider_priority"
: "$replaces"
: "$sha256sums"
: "$sha512sums"
: "$sonameprefix"
: "$source"
: "$srcdir"
: "$startdir"
: "$subpackages"
: "$subpkgdir"
: "$subpkgname"
: "$triggers"
: "$url"
# abuild.conf
: "$CFLAGS"
: "$CXXFLAGS"
: "$CPPFLAGS"
: "$LDFLAGS"
: "$JOBS"
: "$MAKEFLAGS"
: "$CMAKE_CROSSOPTS"

View file

@ -1,16 +0,0 @@
#!/bin/sh
shellcheck -s ash \
-e SC3043 \
-e SC3057 \
-e SC3060 \
-e SC2016 \
-e SC2086 \
-e SC2169 \
-e SC2155 \
-e SC2100 \
-e SC2209 \
-e SC2030 \
-e SC2031 \
-e SC1090 \
-xa $CI_PROJECT_DIR/.gitlab/bin/APKBUILD_SHIM

View file

@ -1,269 +0,0 @@
#!/bin/sh
# shellcheck disable=SC3043
. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
# shellcheck disable=SC3040
set -eu -o pipefail
readonly APORTSDIR=$CI_PROJECT_DIR
readonly REPOS="qubes/r4.1"
readonly ALPINE_REPOS="main community testing"
readonly ARCH=$(apk --print-arch)
# gitlab variables
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
: "${REPODEST:=$HOME/packages}"
: "${MIRROR:=https://lab.ilot.io/ayakael/repo-apk/-/raw}"
: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
: "${MAX_ARTIFACT_SIZE:=300000000}" #300M
: "${CI_DEBUG_BUILD:=}"
: "${CI_ALPINE_BUILD_OFFSET:=0}"
: "${CI_ALPINE_BUILD_LIMIT:=9999}"
: "${CI_ALPINE_TARGET_ARCH:=$(uname -m)}"
msg() {
local color=${2:-green}
case "$color" in
red) color="31";;
green) color="32";;
yellow) color="33";;
blue) color="34";;
*) color="32";;
esac
printf "\033[1;%sm>>>\033[1;0m %s\n" "$color" "$1" | xargs >&2
}
verbose() {
echo "> " "$@"
# shellcheck disable=SC2068
$@
}
debugging() {
[ -n "$CI_DEBUG_BUILD" ]
}
debug() {
if debugging; then
verbose "$@"
fi
}
die() {
msg "$1" red
exit 1
}
capture_stderr() {
"$@" 2>&1
}
report() {
report=$1
reportsdir=$APORTSDIR/logs/
mkdir -p "$reportsdir"
tee -a "$reportsdir/$report.log"
}
get_release() {
local RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}')
case $RELEASE in
v*) echo "${RELEASE%-*}";;
edge) echo edge;;
*) die "Branch \"$RELEASE\" not supported!"
esac
}
get_qubes_release() {
case $BASEBRANCH in
r*) echo $BASEBRANCH;;
master) echo r4.2;;
*) die "Branch \"$BASEBRANCH\" not supported!"
esac
}
build_aport() {
local repo="$1" aport="$2"
cd "$APORTSDIR/$aport"
if abuild -r 2>&1 | report "build-$aport"; then
checkapk | report "checkapk-$aport" || true
aport_ok="$aport_ok $aport"
else
aport_ng="$aport_ng $aport"
fi
}
check_aport() {
local repo="$1" aport="$2"
cd "$APORTSDIR/$aport"
if ! abuild check_arch 2>/dev/null; then
aport_na="$aport_na $aport"
return 1
fi
}
set_repositories_for() {
local target_repo="$1" repos='' repo=''
local release
release=$(get_release)
repos="$MIRROR/$release/qubes/$target_repo $REPODEST/qubes-aports"
sudo sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
sudo apk update || true
}
apply_offset_limit() {
start=$1
limit=$2
end=$((start+limit))
sed -n "$((start+1)),${end}p"
}
setup_system() {
local repos='' repo=''
local release
release=$(get_release)
for repo in $ALPINE_REPOS; do
[ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
repos="$repos $ALPINE_MIRROR/$release/$repo"
done
repos="$repos $MIRROR/$release/cross"
sudo sh -c "printf '%s\n' $repos > /etc/apk/repositories"
sudo apk -U upgrade -a || sudo apk fix || die "Failed to up/downgrade system"
gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
chmod 700 $HOME/.abuild/$ABUILD_KEY_NAME.rsa
echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" >> $HOME/.abuild/abuild.conf
sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/$ABUILD_KEY_NAME.rsa.pub
sudo sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
( . /etc/abuild.conf && echo "Building with $JOBS jobs" )
mkdir -p "$REPODEST"
git config --global init.defaultBranch master
}
sysinfo() {
printf ">>> Host system information (arch: %s, release: %s) <<<\n" "$ARCH" "$(get_release)"
printf "- Number of Cores: %s\n" "$(nproc)"
printf "- Memory: %s Gb\n" "$(awk '/^MemTotal/ {print ($2/1024/1024)}' /proc/meminfo)"
printf "- Free space: %s\n" "$(df -hP / | awk '/\/$/ {print $4}')"
}
copy_artifacts() {
cd "$APORTSDIR"
packages_size="$(du -sk "$REPODEST" | awk '{print $1 * 1024}')"
if [ -z "$packages_size" ]; then
return
fi
echo "Artifact size: $packages_size bytes"
mkdir -p keys/ packages/
if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then
msg "Copying packages for artifact upload"
cp -ar "$REPODEST"/* packages/ 2>/dev/null
cp ~/.abuild/*.rsa.pub keys/
else
msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow
fi
}
section_start setup "Setting up the system" collapse
if debugging; then
set -x
fi
aport_ok=
aport_na=
aport_ng=
failed=
sysinfo || true
setup_system || die "Failed to setup system"
# git no longer allows to execute in repositories owned by different users
sudo chown -R $USER: .
fetch_flags="-qn"
debugging && fetch_flags="-v"
git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
if debugging; then
merge_base=$(git merge-base "$BASEBRANCH" HEAD) || echo "Could not determine merge-base"
echo "Merge base: $merge_base"
git --version
git config -l
[ -n "$merge_base" ] && git tag -f merge-base "$merge_base"
git --no-pager log -200 --oneline --graph --decorate --all
fi
section_end setup
build_start=$CI_ALPINE_BUILD_OFFSET
build_limit=$CI_ALPINE_BUILD_LIMIT
mkdir -p "$APORTSDIR"/logs "$APORTSDIR"/packages "$APORTSDIR"/keys
set_repositories_for $(get_qubes_release)
built_aports=0
changed_aports_in_repo=$(changed_aports $BASEBRANCH)
changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
msg "Changed aports:"
# shellcheck disable=SC2086 # Splitting is expected here
printf " - %s\n" $changed_aports_to_build
for pkgname in $changed_aports_to_build; do
section_start "build_$pkgname" "Building package $pkgname"
built_aports=$((built_aports+1))
if check_aport qubes-aports "$pkgname"; then
build_aport qubes-aports "$pkgname"
fi
section_end "build_$pkgname"
done
build_start=$((build_start-(changed_aports_in_repo_count-built_aports)))
build_limit=$((build_limit-built_aports))
if [ $build_limit -le 0 ]; then
msg "Limit reached, breaking"
break
fi
section_start artifacts "Handeling artifacts" collapse
copy_artifacts || true
section_end artifacts
section_start summary "Build summary"
echo "### Build summary ###"
for ok in $aport_ok; do
msg "$ok: build succesfully"
done
for na in $aport_na; do
msg "$na: disabled for $CI_ALPINE_TARGET_ARCH" yellow
done
for ng in $aport_ng; do
msg "$ng: build failed" red
failed=true
done
section_end summary
if [ "$failed" = true ]; then
exit 1
elif [ -z "$aport_ok" ]; then
msg "No packages found to be built." yellow
fi

View file

@ -1,20 +0,0 @@
#!/bin/sh
if [ $# -lt 1 ]; then
echo "Usage: $0 <basebranch>"
exit 1
fi
if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
echo "Fatal: not inside a git repository"
exit 2
fi
basebranch=$1
if ! git rev-parse --verify --quiet $basebranch >/dev/null; then
# The base branch does not eixst, probably due to a shallow clone
git fetch -v $CI_MERGE_REQUEST_PROJECT_URL.git +refs/heads/$basebranch:refs/heads/$basebranch
fi
git --no-pager diff --diff-filter=ACMR --name-only $basebranch...HEAD -- "*/APKBUILD" | xargs -r -n1 dirname

View file

@ -1,63 +0,0 @@
# shellcheck disable=SC3043
:
# shellcheck disable=SC3040
set -eu -o pipefail
changed_aports() {
: "${APORTSDIR?APORTSDIR missing}"
: "${BASEBRANCH?BASEBRANCH missing}"
cd "$APORTSDIR"
local repo="$1"
local aports
aports=$(git diff --name-only --diff-filter=ACMR \
"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
# shellcheck disable=2086
ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
}
section_start() {
name=${1?arg 1 name missing}
header=${2?arg 2 header missing}
collapsed=$2
timestamp=$(date +%s)
options=""
case $collapsed in
yes|on|collapsed|true) options="[collapsed=true]";;
esac
printf "\e[0Ksection_start:%d:%s%s\r\e[0K%s\n" "$timestamp" "$name" "$options" "$header"
}
section_end() {
name=$1
timestamp=$(date +%s)
printf "\e[0Ksection_end:%d:%s\r\e[0K" "$timestamp" "$name"
}
gitlab_key_to_rsa() {
KEY=$1
TYPE=$2
TGT=$3
TGT_DIR=${TGT%/*}
if [ "$TGT" == "$TGT_DIR" ]; then
TGT_DIR="./"
fi
if [ ! -d "$TGT_DIR" ]; then
mkdir -p "$TGT_DIR"
fi
case $TYPE in
rsa-public) local type="PUBLIC";;
rsa-private) local type="RSA PRIVATE";;
esac
echo "-----BEGIN $type KEY-----" > "$TGT"
echo $1 | sed 's/.\{64\}/&\
/g' >> "$TGT"
echo "-----END $type KEY-----" >> "$TGT"
}

View file

@ -1,96 +0,0 @@
#!/bin/sh
BLUE="\e[34m"
MAGENTA="\e[35m"
RESET="\e[0m"
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
verbose() {
echo "> " "$@"
# shellcheck disable=SC2068
$@
}
debugging() {
[ -n "$CI_DEBUG_BUILD" ]
}
debug() {
if debugging; then
verbose "$@"
fi
}
# git no longer allows to execute in repositories owned by different users
sudo chown -R gitlab-runner: .
fetch_flags="-qn"
debugging && fetch_flags="-v"
git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
if debugging; then
merge_base=$(git merge-base "$BASEBRANCH" HEAD)
echo "$merge_base"
git --version
git config -l
git tag merge-base "$merge_base" || { echo "Could not determine merge-base"; exit 50; }
git log --oneline --graph --decorate --all
fi
has_problems=0
for PKG in $(changed-aports "$BASEBRANCH"); do
printf "$BLUE==>$RESET Linting $PKG\n"
(
cd "$PKG"
repo=$(basename $(dirname $PKG));
if [ "$repo" == "backports" ]; then
echo "Skipping $PKG as backports (we don't care)"
continue
fi
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " parse APKBUILD:\n"
printf '======================================================'
printf "$RESET\n\n"
( . ./APKBUILD ) || has_problems=1
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " abuild sanitycheck:\n"
printf '======================================================'
printf "$RESET\n\n"
abuild sanitycheck || has_problems=1
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " apkbuild-shellcheck:\n"
printf '======================================================'
printf "$RESET\n"
apkbuild-shellcheck || has_problems=1
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " apkbuild-lint:\n"
printf '======================================================'
printf "$RESET\n\n"
apkbuild-lint APKBUILD || has_problems=1
return $has_problems
) || has_problems=1
echo
done
exit $has_problems

View file

@ -1,64 +0,0 @@
#!/bin/sh
# shellcheck disable=SC3043
. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
# shellcheck disable=SC3040
set -eu -o pipefail
readonly APORTSDIR=$CI_PROJECT_DIR
readonly REPOS="backports user"
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
ALPINE_RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}')
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
gitlab_key_to_rsa $SSH_KEY rsa-private $HOME/.ssh/id_rsa
chmod 700 "$HOME"/.ssh/id_rsa
chmod 700 "$HOME"/.abuild/$ABUILD_KEY_NAME.rsa
echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" > $HOME/.abuild/abuild.conf
echo "REPODEST=$HOME/repo-apk/qubes" >> $HOME/.abuild/abuild.conf
sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/.
if [ -d $HOME/repo-apk ]; then
git -C $HOME/repo-apk fetch
git -C $HOME/repo-apk checkout $ALPINE_RELEASE
git -C $HOME/repo-apk pull --rebase
else
git clone git@lab.ilot.io:ayakael/repo-apk -b $ALPINE_RELEASE $HOME/repo-apk
fi
get_qubes_release() {
case $BASEBRANCH in
r*) echo $BASEBRANCH;;
master) echo r4.2;;
*) die "Branch \"$BASEBRANCH\" not supported!"
esac
}
QUBES_REL=$(get_qubes_release)
for i in $(find packages -type f -name "*.apk"); do
install -vDm644 $i ${i/packages\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL}
done
fetch_flags="-qn"
git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true
mkdir -p qubes/$QUBES_REL/DUMMY
echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD
cd qubes/$QUBES_REL/DUMMY
abuild index
cd "$CI_PROJECT_DIR"
rm -R qubes/$QUBES_REL/DUMMY
git -C $HOME/repo-apk add .
git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE"
git -C $HOME/repo-apk push

74
README.md Normal file
View file

@ -0,0 +1,74 @@
# qports
Upstream: https://ayakael.net/forge/qports
## Description
This repository contains aports that allow Alpine Linux to be used as an Alpine
Linux template. The upstream repo uses GitLab's CI to build and deploy packages
targetting multiple Alpine Linux versions. QubesOS releases are tracked using
branches.
Note for `main` branch: This is currently tracking r4.3 packages, thus are
experimental. Use this branch at your own risk. For latest r4.2 packages,
navigate to that branch.
#### Template builder
The template builder is housed in its [own repo](https://ayakael.net/forge/qubes-builder-alpine)
RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate
installation of your very own Alpine Linux template on QubesOS.
#### Provided packages
Use `abuild-r` to build the following packages.
For more information on how to build an Alpine Package, read [this](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package)
Core VM packages
* qubes-vm-xen - Qubes's version of xen
* qubes-libvchan-xen - libvchan library dependency
* qubes-db-vm - qubes-db package
* qubes-vm-utils - qubes-meminfo-writer service package
* qubes-vm-core - Core init.d / qubes scripts
* qubes-vm-gui-dev - Library dependencies for `qubes-vm-gui`
* qubes-vm-gui - GUI agent
* qubes-vm-qrexec - qrexec agent
* qubes-gpg-split
* qubes-usb-proxy
* qubes-meta-packages - Meta package that pulls everything when added to world
Extra packages
* qubes-pass - Aport for Rudd-O's inter-VM password manager for Qubes OS
Omitted packages
* qubes-vmm-xen - The default Alpine xen package seems to provide the necessary modules
## How to use
Built packages are made available on a Forgejo-based Alpine repo for you convenience. You can follow these steps to use them:
Add security key of the apk repository to your /etc/apk/keys:
```shell
cd /etc/apk/keys
curl -JO https://ayakael.net/api/packages/forge/alpine/key
```
Add repository to `/etc/apk/repositories`:
```shell
echo "https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3" > /etc/apk/repositories
```
#### Known issues
Known issues are currently being tracked in [qubes-builder-alpine](https://ayakael.net/forge/qubes-builder-alpine/issues)
#### Issues, recommendations and proposals
**To report an issue or share a recommendation**
Go [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports/-/issues)
**To make a merge request**
* Fork the repo from Alpine's GitLab [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports)
* Clone your fork locally. (`git clone $repo`)
* Make a branch with a descriptive name (`git checkout -b $descriptivename`)
* Make the changes you want to see in the world, commit, and push to the GitLab's remote repo
* Request a merge [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports/-/merge_requests)

View file

@ -0,0 +1,25 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-app-linux-druide-antidote
pkgver=0.0.1_git20240201
_gittag=c724c88aa2a20b1e422b464499015ff05753316d
pkgrel=2
arch="noarch"
pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file"
url=https://github.com/neowutran/qubes-app-linux-druide-antidote
license="GPL-3.0-only"
source="$pkgname-$_gittag.tar.gz::https://github.com/neowutran/qubes-app-linux-druide-antidote/archive/$_gittag.tar.gz"
depends="bash"
makedepends="pandoc"
builddir="$srcdir"/$pkgname-$_gittag
check() {
tests/all
}
package() {
make install-vm DESTDIR="$pkgdir/"
}
sha512sums="
e3597804bdcea25b2938aa325dfe9495f5bcde47c8515c7680c19882120e065d0a9ef8d120545ff3c9966b84a329cf87c5b993380510311ec8b5d9f5a8b35833 qubes-app-linux-druide-antidote-c724c88aa2a20b1e422b464499015ff05753316d.tar.gz
"

View file

@ -1,17 +1,17 @@
From d20a9db122608e0992c9ab6f675920d4bb1ee88f Mon Sep 17 00:00:00 2001
From: "build@apk-groulx" <build@apk-groulx.praxis>
Date: Fri, 4 Mar 2022 22:50:19 +0000
Subject: [PATCH 1/1] create_pidfile
---
daemon/db-daemon.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/daemon/db-daemon.c b/daemon/db-daemon.c
index 9934d16..2b28995 100644
--- a/daemon/db-daemon.c
diff --git a/daemon/db-daemon.c.orig b/daemon/db-daemon.c
index bcf77df..c7b1a50 100644
--- a/daemon/db-daemon.c.orig
+++ b/daemon/db-daemon.c
@@ -618,11 +618,8 @@ int create_pidfile(struct db_daemon_data *d) {
@@ -156,7 +156,7 @@ int mainloop(struct db_daemon_data *d) {
return 0;
}
d->multiread_requested = 1;
- /* wait for complete response */
+ /* wait for complete rsponse */
while (d->multiread_requested) {
AcquireSRWLockExclusive(&d->lock);
if (!handle_vchan_data(d)) {
@@ -627,11 +627,8 @@ static int create_pidfile(struct db_daemon_data *d) {
mode_t old_umask;
struct stat stat_buf;
@ -24,7 +24,7 @@ index 9934d16..2b28995 100644
old_umask = umask(0002);
pidfile = fopen(pidfile_name, "w");
@@ -643,10 +640,8 @@ void remove_pidfile(struct db_daemon_data *d) {
@@ -652,10 +649,8 @@ static void remove_pidfile(struct db_daemon_data *d) {
struct stat stat_buf;
/* no pidfile for VM daemon - service is managed by systemd */
@ -36,15 +36,12 @@ index 9934d16..2b28995 100644
if (stat(pidfile_name, &stat_buf) == 0) {
/* remove pidfile only if it's the one created this process */
@@ -754,7 +749,7 @@ int fuzz_main(int argc, char **argv) {
@@ -763,7 +758,7 @@ int fuzz_main(int argc, char **argv) {
exit(1);
case 0:
close(ready_pipe[0]);
- snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name);
- snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name ? d.remote_name : "dom0");
+ snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubes-db.log");
close(0);
old_umask = umask(0);
--
2.34.1

View file

@ -1,10 +1,9 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-db-vm
subpackages="$pkgname-openrc"
pkgver=4.1.17
pkgrel=0
pkgver=4.2.6
pkgrel=1
_gittag="v$pkgver"
pkgdesc="QubesDB libs and daemon service."
arch="x86_64"
@ -25,7 +24,7 @@ source="
qubes-db.openrc
"
builddir="$srcdir"/qubes-core-qubesdb-$pkgver
subpackages="$pkgname-dev"
subpackages="$pkgname-dev $pkgname-openrc"
build() {
# Build all with python bindings
@ -40,12 +39,12 @@ build() {
package() {
# Install all with python bindings
make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/sbin
make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/usr/sbin
install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db
}
sha512sums="
dad1580afa7d152551b7292051b624090ce57c006174d7c0f5273f4d9cecadcb70d46547263dcf23131d5f5df921519c9d8ca739acd9f0e9be303b20e73083bb qubes-db-vm-v4.1.17.tar.gz
182ae7edb7235a21c45334d8d7aa20a7a9f63056d411fe66fe20d67ea0de7cf63d2a79886016561f69c5f444704f3728ee7b1aa6343f5ce15667ba458c08c9c7 qubes-db-vm-v4.2.6.tar.gz
af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207 0001-musl-build.patch
ffe9ea8f65b4e164c3a0d1c8762d1e3b39de3799ae3e63f825457d52de49c6522820950e6262deaa9235ad97cd7c60bf1c9a077fff716c4ca9dbd688e9a73c91 0001-create_pidfile.patch
3d87f82d3637cf10bf1a3058ebbd2590ab17f65d1b49058f62d892f126635497abd5045f6797bc8069e5de08bb6e08fc6146deb6422090ad02122764cc6d72f0 qubes-db.openrc
892eb29b9bab4d9e662678d13a5607df04cdb024c2f28332f40fa4b7c644476a4b26a9fc038dfcdac1e0b8d328165d21d50d894d2c1e27f792287dd57449e7eb 0001-create_pidfile.patch
6f48b4bee6a3517bdbb884bd6f7e21916e8438c5e8b8d9d1b1cfffe970c4549d941056f9022998ed7f9edb799d9b123564f01e69cdca7da241d0fb6a8e9a1c5e qubes-db.openrc
"

View file

@ -2,7 +2,7 @@
name=$RC_SVCNAME
cfgfile="/etc/qubes/$RC_SVCNAME.conf"
command="/sbin/qubesdb-daemon"
command="/usr/sbin/qubesdb-daemon"
command_args="0"
command_user="root"
pidfile="/run/qubes/$RC_SVCNAME.pid"

View file

@ -1,9 +1,8 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-gpg-split
subpackages="$pkgname-doc"
pkgver=2.0.69
pkgver=2.0.75
_gittag="v$pkgver"
pkgrel=0
pkgdesc="Used Qubes AppVM as a “smart card”"
@ -30,10 +29,7 @@ build() {
package() {
make install-vm DESTDIR="$pkgdir"
# Alpine packaging guidelines: /var/run is a symlink to a tmpfs. Don't create it.
rm -r "$pkgdir/var/run"
}
sha512sums="
e20b4303934d41d537f4efd3d2811802b5f5c86ac97beb1169d5c302dd150b56a3f6ca5c61788ad5cd8731747aa4f91b79806bf863df427603ba6aebab27448b qubes-gpg-split-v2.0.69.tar.gz
212b819c959d66c5b3e73d0c0765e348b97b278a3df45903fdeaab3de49f60c455044e664bd8a95393f5e800d75706fda4198a5ea36e9ab933250d606f8cabbd qubes-gpg-split-v2.0.75.tar.gz
"

View file

@ -0,0 +1,53 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-input-proxy
pkgver=1.0.38
_gittag=v$pkgver
pkgrel=0
pkgdesc="The Qubes service for proxying input devices"
arch="x86_64"
url="https://github.com/QubesOS/qubes-app-linux-input-proxy"
license='GPL'
depends="
usbutils
qubes-vm-core
"
makedepends="linux-headers"
subpackages="$pkgname-openrc"
source="
$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-input-proxy/archive/refs/tags/$_gittag.tar.gz
qubes-input-trigger_use-openrc.patch
makefile_skip-systemd.patch
qubes-input-sender.openrc
"
builddir="$srcdir"/qubes-app-linux-input-proxy-$pkgver
build() {
make all \
LIBDIR=/usr/lib \
USRLIBDIR=/usr/lib \
SYSLIBDIR=/usr/lib
}
package() {
make install-vm \
DESTDIR="$pkgdir" \
LIBDIR=/usr/lib \
USRLIBDIR=/usr/lib \
SYSLIBDIR=/usr/lib
# replace all shebangs with /bin/sh as qubes expects bash
# shellcheck disable=SC2013
for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
sed -i 's|/bin/sh|/bin/bash|' "$i"
done
# move openrc to init.d
install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender
}
sha512sums="
bf4b44ee58347d78682a9b2c9eac10679a7ff17dfd56019a83b009b1165fd3833bc484df3cf9b13068b6754343c017f38a8d2ac2c06e1a0ee53646066daf658a qubes-input-proxy-v1.0.38.tar.gz
53f898f4d611e0a9be18127cff90ebc3946dc7e270548a84407067b02cb918546e8425c1722a60efb73b93af05c79889eaa16a4c7d596c948fdb9291d218c803 qubes-input-trigger_use-openrc.patch
21e7b95c94ec1a3f3499e79cf8b1931da2c3e33d8f1af2efe6b52b7e2678d4648bb0597b3a4a95cc10d0ca3cb83df93075b99cf1b615d8493a9e2fd21fb7f8f7 makefile_skip-systemd.patch
2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299 qubes-input-sender.openrc
"

View file

@ -0,0 +1,18 @@
diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
index 22ec526..bf7e0ea 100644
--- a/qubes-rpc/Makefile.orig
+++ b/qubes-rpc/Makefile
@@ -12,13 +12,6 @@ install-dom0:
$(DESTDIR)/etc/qubes-rpc/policy/qubes.InputTablet
install-vm:
- install -d $(DESTDIR)$(USRLIBDIR)/systemd/system
- install -m 0644 \
- qubes-input-sender-keyboard@.service \
- qubes-input-sender-keyboard-mouse@.service \
- qubes-input-sender-mouse@.service \
- qubes-input-sender-tablet@.service \
- $(DESTDIR)$(USRLIBDIR)/systemd/system
install -d $(DESTDIR)$(LIBDIR)/udev/rules.d
install -m 0644 qubes-input-proxy.rules \
$(DESTDIR)$(LIBDIR)/udev/rules.d/90-qubes-input-proxy.rules

View file

@ -0,0 +1,28 @@
#!/sbin/openrc-run
name=$RC_SVCNAME
cfgfile="/etc/qubes/$RC_SVCNAME.conf"
input="${RC_SVCNAME/*.}"
svcname="${RC_SVCNAME/.*}."
type="${RC_SVCNAME%.*}"
type="${type/$svcname/}"
type="$(echo $type | sed 's/.*/\u&/')"
command="/usr/bin/qubes-input-sender"
command_args="qubes.Input$type /dev/input/$input dom0"
command_user="root"
pidfile="/run/qubes/$RC_SVCNAME.pid"
start_stop_daemon_args=""
command_background="true"
output_log="/var/log/qubes/$RC_SVCNAME.log"
error_log="/var/log/qubes/$RC_SVCNAME.err"
start_pre() {
checkpath --directory --owner $command_user:qubes --mode 0775 \
/run/qubes \
/var/log/qubes \
/var/run/qubes
}
stop_post() {
pkill -f "input-proxy-sender /dev/input/$input" || true
}

View file

@ -0,0 +1,92 @@
diff --git a/qubes-rpc/qubes-input-trigger.orig b/qubes-rpc/qubes-input-trigger
index 5fa0e5a..0dd3773 100755
--- a/qubes-rpc/qubes-input-trigger.orig
+++ b/qubes-rpc/qubes-input-trigger
@@ -42,48 +42,68 @@ def get_service_name(udevreturn, input_dev):
('ID_INPUT_TOUCHPAD' in udevreturn) or
('QEMU_USB_Tablet' in udevreturn)
) and 'ID_INPUT_KEY' not in udevreturn:
- service = 'qubes-input-sender-tablet'
+ service = 'qubes-input-sender.tablet'
# PiKVM "mouse" is special, as it sends absolute events
elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_USB_VENDOR=PiKVM' in udevreturn:
- service = 'qubes-input-sender-tablet'
+ service = 'qubes-input-sender.tablet'
elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' not in udevreturn:
- service = 'qubes-input-sender-mouse'
+ service = 'qubes-input-sender.mouse'
elif 'ID_INPUT_KEY' in udevreturn and 'ID_INPUT_MOUSE' not in udevreturn:
- service = 'qubes-input-sender-keyboard'
+ service = 'qubes-input-sender.keyboard'
elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' in udevreturn:
- service = 'qubes-input-sender-keyboard-mouse'
+ service = 'qubes-input-sender.keyboardmouse'
if service:
- service = '{}@{}.service'.format(service, input_dev)
+ service = '{}.{}'.format(service, input_dev)
return service
def handle_service(service, action):
- retcode = subprocess.call(
- ["/bin/systemctl", "is-active", "--quiet", "service", service])
+ serviceFile = os.path.join("/etc/init.d", service)
+
+ sudo = []
+ if os.getuid() != 0:
+ sudo = ["sudo"]
+
if action == "add":
- systemctl_action = "start"
+ # create service link is not created
+ serviceFile = os.path.join("/etc/init.d", service)
+ if not os.path.exists(serviceFile):
+ subprocess.call(
+ ["/bin/ln", "-s", "/etc/init.d/qubes-input-sender", serviceFile])
+
# Ignore if service is already started
+ retcode = subprocess.call(
+ ["/sbin/rc-service","--quiet", service, "status"])
if retcode == 0:
return
+
+ subprocess.call(
+ sudo + ["/sbin/service", service, "start"])
+
elif action == "remove":
- systemctl_action = "stop"
+ # Ignore if service does not exist
+ if not os.path.exists(serviceFile):
+ return
+
# Ignore if service is not active
- if retcode != 0:
+ retcode = subprocess.call(
+ ["/sbin/rc-service", "--quiet", service, "status"])
+ if retcode == 3:
return
+
+ subprocess.call(
+ sudo + ["/sbin/service", service, "stop"])
+
+ # remove ln once stopped
+ if os.path.exists(serviceFile):
+ subprocess.call(
+ sudo + ["/bin/rm", serviceFile])
else:
print("Unknown action: %s" % action)
sys.exit(1)
- sudo = []
- if os.getuid() != 0:
- sudo = ["sudo"]
-
- subprocess.call(
- sudo + ["/bin/systemctl", "--no-block", systemctl_action, service])
-
-
def handle_event(input_dev, action, dom0):
udevreturn = None
if 'event' in input_dev: # if filename contains 'event'

View file

@ -1,8 +1,7 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-libvchan-xen
pkgver=4.1.13
pkgver=4.2.4
pkgrel=1
_gittag=v$pkgver
pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM."
@ -10,7 +9,7 @@ arch="x86_64"
url="https://github.com/QubesOS/qubes-core-vchan-xen"
license='GPL'
depends="xen"
makedepends="xen-dev"
makedepends="xen-dev coreutils"
builddir="$srcdir"/qubes-core-vchan-xen-$pkgver
subpackages="$pkgname-dev"
@ -26,5 +25,5 @@ package() {
}
sha512sums="
cefb6b89f75936d791910d2169170536221d3123a1b33a14bea1fc5c08950ce934666719bf08eb3cc86ac055f85e6834f71e21c31189fa7299af09296c3cd99f qubes-libvchan-xen-v4.1.13.tar.gz
05b0d8964da1ba321aa7a7651f969692c470b8f9910f7324f10a54b0c6e43ae3270a26a6a49a0e26d5c50b14370b64fbfb340fe28b8f191a0a67c07aba0426c3 qubes-libvchan-xen-v4.2.4.tar.gz
"

View file

@ -1,12 +1,11 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-meta-packages
subpackages="
qubes-vm-dependencies
qubes-vm-recommended
"
pkgver=4.1.24
pkgver=4.3.0
_gittag="v$pkgver"
pkgrel=0
pkgdesc="Meta packages for Qubes-specific components"
@ -39,5 +38,5 @@ recommended() {
mkdir -p "$subpkgdir"
}
sha512sums="
5dfbdbc5a7fa3ae352d5c9de6822869065ebb1601880348ebb69fc1f91092bd3be333d5d8409575649d76412acce326f643ed5f95e07c2ac9b3f82a0dcc84293 qubes-meta-packages-v4.1.24
7567bc7edd6a17315bb5a968ff512a7758ef9697d11ed5200f8ffefe7069b0ebbbb790bffdc7a8717b9707c24309bb6d83cfc6306eb1d48724480af36ba95594 qubes-meta-packages-v4.3.0
"

View file

@ -1,10 +1,9 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-pass
pkgver=0.1.0
_gittag="v$pkgver"
pkgrel=0
pkgrel=4
pkgdesc="An inter-VM password manager for Qubes OS"
arch="noarch"
url="https://github.com/Rudd-O/qubes-pass"
@ -15,11 +14,21 @@ makedepends="
pkgconf
"
options="!check"
source="$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz"
subpackages="$pkgname-service"
source="
$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz
service-passquery.sh
"
package() {
make install-client DESTDIR="$pkgdir"
}
service() {
make -C "$builddir" install-service DESTDIR="$subpkgdir"
install -Dm755 "$srcdir"/service-passquery.sh "$subpkgdir"/etc/qubes-rpc/ruddo.PassQuery
}
sha512sums="
b304bf8e6b8d04e7df4b52a02984ab03b6f3221c9178f1d91c99cab61e8b5ded45500b51de6d89aa76f4e73c0a3670ce6d07649c0ac159d048c3f0ac736c4d63 qubes-pass-v0.1.0.tar.gz
77807ba7bd8e1627785358ef2f9e165712ef41ef76f11e7a7b989b1057f462abc433df96265c6c7d669f81e39d89de0f7ea3dcbb207c5a7a22738b843fd7e160 service-passquery.sh
"

View file

@ -0,0 +1,13 @@
#!/bin/bash
set -e
read -n 4096 cmd
cmd=$(echo "$cmd" | base64 -d)
if [ "$cmd" == "list-files" ] ; then
logger -t ruddo.PassQuery "requested password file list"
exec pass git ls-files | sed -e '/.gitattributes/d' -e '/.gpg-id/d'
fi

View file

@ -1,8 +1,7 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-usb-proxy
pkgver=1.1.5
pkgver=1.3.2
_gittag="v$pkgver"
pkgrel=0
pkgdesc="The Qubes service for proxying USB devices"
@ -19,7 +18,10 @@ makedepends="
make
pkgconf
"
source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz"
source="
$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz
usb-import-alpine-udevadm.patch
"
builddir="$srcdir"/qubes-app-linux-usb-proxy-${_gittag/v}
package() {
@ -27,10 +29,14 @@ package() {
# replace all shebangs with /bin/sh as qubes expects bash
# shellcheck disable=SC2013
for i in $(grep '/bin/sh' -Rl .); do
for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
sed -i 's|/bin/sh|/bin/bash|' "$i"
done
mkdir -p "$pkgdir"/etc/modules-load.d
echo "vhci-hcd" > "$pkgdir"/etc/modules-load.d/qubes-usb-proxy.conf
}
sha512sums="
27d28faec2ab9cc9df1e361dac244bc1b10afc406860ca2e3fc2dff3b666c6adaed615625aeba785918f8e08cffb215ef028698a178d795e586740caf1566fc9 qubes-usb-proxy-v1.1.5.tar.gz
36d34af695b3d765c24e4bd9abe2ec0fad82adaf8618db642dd44b2d7b5fda9faf1d92eaba7815fd1c276551278cd8f40b1c1be066fee2cc06a738ef92b40ae0 qubes-usb-proxy-v1.3.2.tar.gz
c6519982f7eef8586ee823dc96efa7b1b90f489114edcc348bc5221837090d19a2a3533eac83e3269ba68c2cf24447c018e0ac850ed1423a1280ebae364223fa usb-import-alpine-udevadm.patch
"

View file

@ -0,0 +1,27 @@
diff --git a/src/usb-import.orig b/src/usb-import
index 7b17799..e718795 100755
--- a/src/usb-import.orig
+++ b/src/usb-import
@@ -95,7 +95,7 @@ wait_for_attached() {
ERROR "Attach timeout, check kernel log for details."
fi
done
- [ -f "/usr/bin/udevadm" ] && udevadm settle
+ [ -f "/bin/udevadm" ] && udevadm settle
}
wait_for_detached() {
diff --git a/src/usb-export.orig b/src/usb-export
index ad2ab2b..37cff16 100755
--- a/src/usb-export.orig
+++ b/src/usb-export
@@ -110,8 +110,7 @@ if [ -n "$attach_to_usbip" ]; then
echo "$busid" > "$SYS_USBIP_HOST/bind" || exit 1
# optionally reset the device to clear any state from previous driver
- reset_on_attach=$(udevadm info --query=property \
- --value --property=QUBES_USB_RESET --path="$devpath")
+ reset_on_attach=$(udevadm info --query=property --path="$devpath" | awk -F "=" '{if($1=="QUBES_USB_RESET"){print $2}}' )
if [ -f /run/qubes-service/usb-reset-on-attach ]; then
reset_on_attach=1
fi

View file

@ -1,14 +1,14 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-core
subpackages="
qubes-vm-networking:networking:noarch
qubes-vm-passwordless-root:root:noarch
$pkgname-openrc
$pkgname-doc
$pkgname-pyc
"
pkgver=4.1.44
pkgver=4.3.11
pkgrel=0
_gittag="v$pkgver"
pkgdesc="The Qubes core files for installation inside a Qubes VM."
@ -17,12 +17,18 @@ url="https://github.com/QubesOS/qubes-core-agent-linux"
license="GPL"
options="!check" # No testsuite
depends="
blkid
coreutils
dbus-x11
dconf
desktop-file-utils
device-mapper
diffutils
e2fsprogs
e2fsprogs-extra
ethtool
fakeroot
findutils
gawk
grep
haveged
@ -35,10 +41,10 @@ depends="
py3-dbus
py3-gobject3
py3-xdg
python3
qubes-db-vm
qubes-libvchan-xen
qubes-vm-utils
rsvg-convert
sed
socat
xdg-utils
@ -48,6 +54,7 @@ makedepends="
gcc
libx11-dev
linux-pam-dev
lsb-release-minimal
make
pandoc
pkgconf
@ -68,7 +75,10 @@ source="
qubes-sysinit.openrc
qubes-updates-proxy-forwarder.openrc
qubes-updates-proxy.openrc
apk-proxy.sh
qvm-sync-clock.sh
setupip-do-not-use-systemctl.patch
silence-stringop-overread-error.patch
"
builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v}
@ -97,9 +107,9 @@ build() {
# * core systemd services and drop-ins
# * basic network functionality (setting IP address, DNS, default gateway)
package() {
make install-corevm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
make -C app-menu install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib
make -C misc install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib
make DESTDIR="$pkgdir" SYSTEM_DROPIN_DIR=/usr/lib/systemd SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install-corevm
make -C app-menu DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install
make -C misc DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install
make -C qubes-rpc DESTDIR="$pkgdir" install
make -C qubes-rpc/kde DESTDIR="$pkgdir" install
make -C qubes-rpc/nautilus DESTDIR="$pkgdir" install
@ -107,6 +117,9 @@ package() {
make -C network DESTDIR="$pkgdir" install
install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/.
install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/.
install -Dm644 "$srcdir"/apk-proxy.sh "$pkgdir"/etc/profile.d/apk-proxy.sh
install -dm755 "$pkgdir"/etc/bash
ln -s /etc/profile.d/apk-proxy.sh "$pkgdir"/etc/bash/apk-proxy.sh
for i in $source; do
case $i in
@ -116,7 +129,6 @@ package() {
"$pkgdir"/etc/conf.d/${i%.*};;
esac
done
}
@ -138,32 +150,34 @@ networking() {
net-tools
networkmanager
nftables
python3
qubes-db-vm
qubes-vm-core
qubes-vm-utils
tinyproxy
"
cd "$builddir"
install -dm 755 "$subpkgdir"/usr/bin
install -dm 755 "$subpkgdir"/usr/bin "$subpkgdir"/usr/lib/systemd/system
mv "$pkgdir"/usr/bin/qubes-firewall "$subpkgdir"/usr/bin/.
make install-netvm DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
make install-netvm DESTDIR="$subpkgdir" SYSTEM_DROPIN_DIR=/usr/lib/systemd SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
}
root() {
cd "$builddir"
pkgdesc="Qubes OS Passwordless root access from normal user"
make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
}
sha512sums="
34ba5d84fa621ff25e8a9cc0d6ca69ee25bc7dbf37f13b08ccec13692ec9ebb8b12732878464e7e2909366de68727bdb66f960692be41e5186126701dfe861dd qubes-vm-core-v4.1.44.tar.gz
b35253b0118eea35d20f38bed57d28ef1e094885ab6e5c17bb89bb54c1b356deb3f1147289f9edc9e0ec0dfec20dcfeb5728910dc678975a11c79de6fad76de4 qubes-vm-core-v4.3.11.tar.gz
95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc
61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc
da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc
8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0 qubes-firewall.openrc
164159a80d00c160e74a0ebf4695c047ca7720821e4a9c395405cd96f680b6765e9c4cf426aea94fcb26e08274ec2b42adf45ecc12d26cf683ab3bd0c01afed9 qubes-firewall.openrc
437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f qubes-iptables.openrc
e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30 qubes-sysinit.openrc
b1e8af2335955e52cf1817c56296f94f8c472e68d7a17a28f516fe4f5fa8a8053d4f9333efbb007a82a06f9442a4a6cfe5f9c751de07f337e47ee04cb18b9395 qubes-updates-proxy-forwarder.openrc
99ec0afc167866727072606aa183f0c7a539e68e0d8b9a57f6b9c129d3722c9135e1487eef438807d7138af0e669fb14608cbc1f1d5620ee9e995f294a8929f8 qubes-updates-proxy-forwarder.openrc
29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c qubes-updates-proxy.openrc
517d59e4699c24f23ccd59f5d4be3a519a426eee99d742c637fe1a9e69caa073621f4e9362c30182ba5a1a3eb0a769070c96e2c6b24cd8366a1f8f450a0b1c01 apk-proxy.sh
cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh
eb59321c800e65ce873085a1105b1b697d2a8ecaefcdaa8280a81d0082c0022653ecd746c7ec37e2c544265892afb77531effa17b0fa6c45a6a86925b513bdea setupip-do-not-use-systemctl.patch
6b96edf070706da596e7abcb9fe6419fbf17eecb46cbd65aeceea83d078458efaedfadec33021253c2bd1b356a85fa721316fa18d5a535491004046ba2c812d3 silence-stringop-overread-error.patch
"

View file

@ -0,0 +1,5 @@
# Use the update proxy over the QubesOS RPC for apk
# /etc/init.d/qubes-updates-proxy-forwarder creates the socket to the proxy
alias apk='https_proxy="http://127.0.0.1:8082/" http_proxy="http://127.0.0.1:8082/" apk'
# allow aliases with sudo
alias sudo='sudo '

View file

@ -16,7 +16,7 @@ depend() {
}
start_pre() {
/sbin/ethtool -K "$(get_qubes_managed_iface)" sg off
/usr/sbin/ethtool -K "$(get_qubes_managed_iface)" sg off
checkpath --directory --owner $command_user:qubes --mode 0775 \
/run/$RC_SVCNAME /var/log/qubes
}

View file

@ -1,116 +1,34 @@
#!/bin/bash
#
#!/sbin/openrc-run
# Updates proxy forwarder Startup script for the updates proxy forwarder
#
# chkconfig: 345 85 15
# description: forwards connection to updates proxy over Qubes RPC
#
# processname: ncat
# pidfile: /var/run/qubes-updates-proxy-forwarder.pid
#
# The clients should use the below shell variable exports:
# http_proxy="http://127.0.0.1:8082/"
# https_proxy="http://127.0.0.1:8082/"
# For apk, see the /etc/profile.d/apk-proxy.sh alias
# Source function library.
# shellcheck disable=SC1091
. /etc/init.d/functions.sh
name=$RC_SVCNAME
cfgfile="/etc/qubes/$RC_SVCNAME.conf"
command="/bin/busybox"
command_args="nc -lk -s 127.0.0.1 -p 8082 -e /usr/bin/qrexec-client-vm @default qubes.UpdatesProxy"
command_user="root"
pidfile="/run/qubes/$RC_SVCNAME.pid"
command_background="yes"
output_log="/var/log/qubes/$RC_SVCNAME.log"
error_log="/var/log/qubes/$RC_SVCNAME.err"
# Source Qubes library.
# shellcheck source=init/functions
. /usr/lib/qubes/init/functions
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
exec="/usr/bin/ncat"
prog=$(basename $exec)
pidfile="/var/run/qubes-updates-proxy-forwarder.pid"
# shellcheck disable=SC1091
[ -e /etc/sysconfig/qubes-updates-proxy-forwarder ] && . /etc/sysconfig/qubes-updates-proxy-forwarder
lockfile=/var/lock/subsys/qubes-updates-proxy-forwarder
start() {
have_qubesdb || return
if ! qsvc updates-proxy-setup ; then
# updates proxy configuration disabled
exit 0
fi
if qsvc qubes-updates-proxy ; then
# updates proxy running here too, avoid looping traffic back to itself
exit 0
fi
[ -x $exec ] || exit 5
echo -n $"Starting $prog (as Qubes updates proxy forwarder): "
# shellcheck disable=SC2016
start-stop-daemon \
--exec $exec \
--pidfile "$pidfile" \
--make-pidfile \
--background \
--start \
-- \
-k -l -e 'qrexec-client-vm $default qubes.UpdatesProxy'
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
depend() {
need qubes-qrexec-agent
need net
}
stop() {
echo -n $"Stopping $prog: "
killproc -p $pidfile "$prog"
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
start_pre() {
checkpath --directory --owner $command_user:qubes --mode 0775 \
/run/qubes \
/var/log/qubes \
/var/run/qubes
# TODO should fail if qubes-update-proxy is running
# if qsvc qubes-updates-proxy ; then
# # updates proxy running here too, avoid looping traffic back to itself
# exit 0
# fi
}
restart() {
stop
start
}
force_reload() {
restart
}
rh_status() {
status "$prog"
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|force-reload}"
exit 2
esac
exit $?

View file

@ -0,0 +1,20 @@
diff --git a/network/setup-ip.orig b/network/setup-ip
index 9126f90..c1f401c 100755
--- a/network/setup-ip.orig
+++ b/network/setup-ip
@@ -244,15 +244,6 @@ if [ "$ACTION" == "add" ]; then
primary_dns=$(/usr/bin/qubesdb-read /qubes-primary-dns 2>/dev/null) || primary_dns=
secondary_dns=$(/usr/bin/qubesdb-read /qubes-secondary-dns 2>/dev/null) || secondary_dns=
- /lib/systemd/systemd-sysctl \
- "--prefix=/net/ipv4/conf/all" \
- "--prefix=/net/ipv4/neigh/all" \
- "--prefix=/net/ipv6/conf/all" \
- "--prefix=/net/ipv6/neigh/all" \
- "--prefix=/net/ipv4/conf/$INTERFACE" \
- "--prefix=/net/ipv4/neigh/$INTERFACE" \
- "--prefix=/net/ipv6/conf/$INTERFACE" \
- "--prefix=/net/ipv6/neigh/$INTERFACE"
if [ -n "$ip4" ]; then
# If NetworkManager is enabled, let it configure the network

View file

@ -0,0 +1,13 @@
diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
index 63bd924..e5973e6 100644
--- a/qubes-rpc/Makefile.orig
+++ b/qubes-rpc/Makefile
@@ -11,7 +11,7 @@ ifneq ($(DEBUG),0)
DEBUG_FLAGS := -g
endif
CPPFLAGS := -I.
-CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie $(CFLAGS)
+CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie -Wno-stringop-overread $(CFLAGS)
LDFLAGS := $(DEBUG_FLAGS) -pie $(LDFLAGS)
LDLIBS := -lqubes-rpc-filecopy

View file

@ -0,0 +1,2 @@
# allow aliases with sudo
alias sudo='sudo '

View file

@ -1,10 +1,9 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-gui-dev
pkgver=4.1.1
pkgver=4.3.0
_gittag="v$pkgver"
pkgrel=1
pkgrel=0
pkgdesc="Common files for Qubes GUI - protocol headers."
arch="noarch"
url="https://github.com/QubesOS/qubes-gui-common"
@ -19,5 +18,5 @@ package() {
cp include/*.h $pkgdir/usr/include/
}
sha512sums="
2d962822413b1e4da6ef9303bce9b25e179829080a4ab96aeb7b274682c32b4620201d1de9c177346ab8d80913ae5e5384792b301d350850408fa790cb77d641 qubes-vm-gui-dev-v4.1.1.tar.gz
c1046fda6395c6c7907fa3d9c963089169e860d4e0f79c2cf7bafe8a673c93ac0aec3ca312f97510541127510dc7d2ad585949599ed1fffbb0758ff1098ea518 qubes-vm-gui-dev-v4.3.0.tar.gz
"

View file

@ -1,22 +1,13 @@
From 7f7914fc2d0957012f1c4b130b0e442d43110c7d Mon Sep 17 00:00:00 2001
From: "build@apk-groulx" <build@apk-groulx.praxis>
Date: Sat, 5 Mar 2022 00:59:30 +0000
Subject: [PATCH 1/1] initd fix
---
appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
index dc0a578..4c9623a 100755
--- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
index 76e0227..268cb00 100755
--- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig
+++ b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
@@ -23,4 +23,4 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
@@ -25,7 +25,7 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
gui_opts="$gui_opts -vv"
fi
-echo "GUI_OPTS=$gui_opts" >> /var/run/qubes-service-environment
+echo "GUI_OPTS=\"$gui_opts\"" >> /var/run/qubes-service-environment
--
2.34.1
# 2**30
echo 1073741824 > /sys/module/xen_gntalloc/parameters/limit

View file

@ -1,9 +1,11 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-gui
subpackages="qubes-vm-pulseaudio $pkgname-openrc"
pkgver=4.1.31
subpackages="
qubes-vm-pulseaudio
qubes-vm-pipewire
$pkgname-openrc"
pkgver=4.3.0
pkgrel=0
_gittag="v$pkgver"
pkgdesc="The Qubes GUI Agent for AppVMs"
@ -26,10 +28,12 @@ makedepends="
libxcomposite-dev
libxt
linux-pam-dev
lsb-release-minimal
make
patch
pixman
pkgconf
pipewire-dev
pulseaudio-dev
qubes-db-vm
qubes-db-vm-dev
@ -47,6 +51,7 @@ source="
qubes-gui-agent.openrc
qubes-sessions.sh
qubes-gui-agent.pam
qubes-sessions_do-not-use-systemd.patch
"
builddir="$srcdir"/qubes-gui-agent-linux-${_gittag/v}
_qubes_backend_vmm=xen
@ -62,10 +67,6 @@ build() {
sed 's:ExecStartPre=/bin/touch:#ExecStartPre=/bin/touch:' -i appvm-scripts/qubes-gui-agent.service
# Ensure that qubes-gui-agent starts after user autologin
sed 's/After=\(.*\)qubes-misc-post.service/After=\1qubes-misc-post.service getty.target/' -i appvm-scripts/qubes-gui-agent.service
# Starts qubes-session after X11 start
install -Dm 755 "$srcdir"/qubes-sessions.sh "$pkgdir"/etc/X11/xinit/xinitrc.d/90-qubes-sessions.sh
# Remove broken pam and replace with adequate
install -Dm 644 "$srcdir"/qubes-gui-agent.pam "$pkgdir"/etc/pam.d/qubes-gui-agent
make BACKEND_VMM="$_qubes_backend_vmm" appvm
make appvm
@ -78,8 +79,14 @@ build() {
}
package() {
make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/usr/lib
install -Dm 755 "$srcdir"/qubes-gui-agent.openrc "$pkgdir"/etc/init.d/qubes-gui-agent
# Starts qubes-session after X11 start
install -Dm 755 "$srcdir"/qubes-sessions.sh "$pkgdir"/etc/X11/xinit/xinitrc.d/90-qubes-sessions.sh
# Remove broken pam and replace with adequate
install -Dm 644 "$srcdir"/qubes-gui-agent.pam "$pkgdir"/etc/pam.d/qubes-gui-agent
}
pulseaudio() {
@ -93,13 +100,27 @@ pulseaudio() {
local pa_ver=$(pkg-config --modversion libpulse 2>/dev/null | cut -f 1 -d "-")
cd "$builddir"
make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/usr/lib
}
pipewire() {
pkgdesc="PipeWire support for Qubes VM."
depends="pipewire"
cd "$builddir"
make install-pipewire \
"DESTDIR=$subpkgdir" \
LIBDIR=/usr/lib \
USRLIBDIR=/usr/lib \
SYSLIBDIR=/usr/lib
}
sha512sums="
6a72fde5b3c1c6025b13b58340bb8d3eccab05050c8cbe3741d7c18ca48826e45a3df3716d77e2dd733c119ff8db5d920faa73f05cb94049306a0dad6f58349f qubes-vm-gui-v4.1.31.tar.gz
725df11ee64ae100b149b2f70253ab4cf0b73b05b5faa503df755925fa8b568f891ea8cd653999618d238a445103014e08ab741bf0ddbed7446f5df62e6076cd qubes-vm-gui-v4.3.0.tar.gz
f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch
262b93b4ea172926dc18b7af372168ff3f645a02db1529cb73af3d5aa6252a75500bfbd95344a835bbf646e753018d0e27885e41a03f06247226a485edb5e028 0001-initd-fix.patch
01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch
68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc
bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0 qubes-sessions.sh
b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7 qubes-gui-agent.pam
5d44bed65772e0300cfdb5960327ccff923159f1c0c6b980a3b37758a7330f5d8befa3c053990f6e5e7d2e71bf0eca047040439446a8b91bb1c2672e9e1497a0 qubes-sessions_do-not-use-systemd.patch
"

View file

@ -0,0 +1,21 @@
diff --git a/appvm-scripts/usrbin/qubes-session.orig b/appvm-scripts/usrbin/qubes-session
index cacac4b..e5bedc2 100755
--- a/appvm-scripts/usrbin/qubes-session.orig
+++ b/appvm-scripts/usrbin/qubes-session
@@ -27,16 +27,6 @@
loginctl activate "$XDG_SESSION_ID"
-# Now import the environment from the systemd user session.
-# This is necessary to enable users to configure their
-# Qubes environment using the standard environment.d
-# facility. Documentation for the facility is at:
-# https://www.freedesktop.org/software/systemd/man/environment.d.html
-set -a # export all variables
-env=$(systemctl --user show-environment) && eval "$env" || exit
-set +a
-
-
if qsvc guivm-gui-agent; then
if [ -e "$HOME/.xinitrc" ]; then
. "$HOME/.xinitrc"

View file

@ -1,11 +1,10 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-qrexec
subpackages="$pkgname-openrc $pkgname-doc"
pkgver=4.1.22
subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc"
pkgver=4.3.0
_gittag="v$pkgver"
pkgrel=0
pkgrel=1
pkgdesc="The Qubes qrexec files (qube side)"
arch="x86_64"
url="https://github.com/QubesOS/qubes-core-qrexec"
@ -13,17 +12,18 @@ license='GPL'
depends="qubes-libvchan-xen"
options="!check" # No testsuite
makedepends="
gcc
grep
make
lsb-release-minimal
pandoc
pkgconf
py3-setuptools
lld
qubes-libvchan-xen-dev
"
source="
$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-qrexec/archive/refs/tags/$_gittag.tar.gz
qubes-qrexec-agent.openrc
makefile-remove-cc-cflags.patch
agent-qrexec-fork-server-undef-fortify-source.patch
"
builddir="$srcdir/qubes-core-qrexec-${_gittag/v}"
@ -32,7 +32,7 @@ prepare() {
default_prepare
# remove all -Werror
msg "Eradicating -Werror..."
find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror//g' {} +
find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror*. //g' {} +
}
build() {
@ -47,13 +47,13 @@ build() {
}
package() {
export LDFLAGS="$LDFLAGS -fuse-ld=lld"
make install-base DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
make install-vm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
make install-base DESTDIR="$pkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
make install-vm DESTDIR="$pkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent
}
sha512sums="
c4d993dae87446fe73f390bdf0aa3bcfacce1a630b1f0e5f20c6ea7710c14cd9a7a0a66a66e5731dee47c6958c659e61b3c0ebea5a99a31317a52fb326650a2f qubes-vm-qrexec-v4.1.22.tar.gz
e872f64702fd2e990d1d71836207c8ccfec98ae45b3af9537036248ba43c435f1bf77c369f8c7e613f74f17cca49a3a0b6c27db2c5cf6ead6f9a8337bda17e79 qubes-vm-qrexec-v4.3.0.tar.gz
e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc
c3009ddb97656be7d0a78910217c852f0f9b20cd37b4537d99724e629bc87f1c675ada084eba3c641c4ae54dab8aacd87514d73de72f42d6ccc976e6255212bc makefile-remove-cc-cflags.patch
69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch
"

View file

@ -0,0 +1,43 @@
diff --git a/Makefile.orig b/Makefile
index ade10bf..7de05a4 100644
--- a/Makefile.orig
+++ b/Makefile
@@ -1,6 +1,5 @@
MAKEFLAGS=-r
-CC ?= gcc
-CFLAGS += -Werror=strict-prototypes -Werror=old-style-definition -Werror=missing-declarations -Werror=missing-prototypes
+CFLAGS += -Wno-incompatible-pointer-types -Wno-int-conversion -Wno-implicit-function-declaration
PYTHON ?= python3
export PYTHON CC MAKEFLAGS CFLAGS
@@ -26,7 +24,7 @@ all-base:
$(PYTHON) setup.py build
.PHONY: all-base
-install-base: all-base
+install-base:
+$(MAKE) install -C libqrexec
$(PYTHON) setup.py install -O1 $(PYTHON_PREFIX_ARG) --skip-build --root $(DESTDIR)
ln -sf qrexec-policy-exec $(DESTDIR)/usr/bin/qrexec-policy
@@ -75,7 +73,7 @@ all-vm-selinux:
+$(MAKE) -f /usr/share/selinux/devel/Makefile -C selinux qubes-core-qrexec.pp
.PHONY: all-vm
-install-vm: all-vm
+install-vm:
+$(MAKE) install -C agent
install -d $(DESTDIR)/$(SYSLIBDIR)/systemd/system -m 755
install -t $(DESTDIR)/$(SYSLIBDIR)/systemd/system -m 644 systemd/qubes-qrexec-agent.service
diff --git a/agent/Makefile.orig b/agent/Makefile
index e1500f1..d75f60e 100644
--- a/agent/Makefile.orig
+++ b/agent/Makefile
@@ -32,7 +32,7 @@ else
endif
-install: all
+install:
install -d $(DESTDIR)/etc/qubes-rpc $(DESTDIR)/usr/lib/qubes \
$(DESTDIR)/usr/bin $(DESTDIR)/usr/share/man/man1
install qrexec-agent $(DESTDIR)/usr/lib/qubes

View file

@ -1,12 +1,12 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-utils
subpackages="
qubes-vm-kernel-support:support:noarch
$pkgname-openrc
$pkgname-pyc
"
pkgver=4.1.19
pkgver=4.3.5
pkgrel=0
_gittag="v$pkgver"
pkgdesc="Common Linux files for Qubes VM."
@ -23,6 +23,7 @@ makedepends="
make
pkgconfig
py3-setuptools
icu-dev
qubes-libvchan-xen-dev
xen-dev
"
@ -39,7 +40,7 @@ build() {
}
package() {
make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/lib SBINDIR=/sbin
make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SBINDIR=/usr/sbin
install -Dm 755 "$srcdir"/qubes-meminfo-writer.openrc "$pkgdir"/etc/init.d/qubes-meminfo-writer
}
@ -58,6 +59,6 @@ support() {
install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh
}
sha512sums="
adfa6190af80e8ff92b899056370b8e820820154dcbad2d141debc72a6f122d94894eb0ffd5f56715db8ff7c3166c63b8832a78f70c35d86d42af071297b7d35 qubes-vm-utils-v4.1.19.tar.gz
aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3 qubes-meminfo-writer.openrc
98cbcee3d459635257703cbc44b710b301d644f5d9a5af3348f523707d7acc7ffd8d74bde2917b916e5b3ae2e9332ece695c71521b4041c209451a86643e26f3 qubes-vm-utils-v4.3.5.tar.gz
c29bac0c6b9a0c81ee42e88541d9216549276448a02c3005ea20d85c7eda483cee28bbc159098bd42badc7ed80058734311931ee4ef13e170e49f83cf3f5a9ae qubes-meminfo-writer.openrc
"

View file

@ -3,7 +3,7 @@
name=$RC_SVCNAME
cfgfile="/etc/qubes/$RC_SVCNAME.conf"
pidfile="/var/run/meminfo-writer.pid"
command="/sbin/meminfo-writer"
command="/usr/sbin/meminfo-writer"
command_args="30000 100000 $pidfile"
command_user="root"
start_stop_daemon_args=""