diff --git a/.forgejo/bin/check_ver.sh b/.forgejo/bin/check_ver.sh
deleted file mode 100755
index 1b2d471..0000000
--- a/.forgejo/bin/check_ver.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/bash
-
-# expects the following env variables:
-# downstream: downstream repo
-
-repo=${downstream/*\/}
-
-curl --silent $downstream/x86_64/APKINDEX.tar.gz | tar -O -zx APKINDEX > APKINDEX
-
-owned_by_you=$(awk -v RS= -v ORS="\n\n" '/m:Antoine Martin \(ayakael\) <dev@ayakael.net>/' APKINDEX | awk -F ':' '{if($1=="o"){print $2}}' | sort | uniq)
-
-echo "Found $(printf '%s\n' $owned_by_you | wc -l ) packages owned by you"
-
-rm -f out_of_date not_in_anitya
-
-for pkg in $owned_by_you; do
-	if [ $CHECK_LATEST -eq 1 ]; then
-		upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].version')
-	else
-		upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_version')
-	fi
-	downstream_version=$(sed -n "/^P:$pkg$/,/^$/p" APKINDEX | awk -F ':' '{if($1=="V"){print $2}}' | sort -V | tail -n 1)
-	downstream_version=${downstream_version/-*}
-
-	if [ -z "$upstream_version" ]; then
-		echo "$pkg not in anitya"
-		echo "$pkg" >> not_in_anitya
-	elif [ "$downstream_version" != "$(printf '%s\n' $upstream_version $downstream_version | sort -V | head -n 1)" ]; then
-		echo "$pkg higher downstream"
-		continue
-	elif [ "$upstream_version" != "$downstream_version" ]; then
-		echo "$pkg upstream version $upstream_version does not match downstream version $downstream_version"
-		echo "$pkg $downstream_version $upstream_version $repo" >> out_of_date
-	fi
-done
diff --git a/.forgejo/bin/create_issue.sh b/.forgejo/bin/create_issue.sh
deleted file mode 100755
index 995e519..0000000
--- a/.forgejo/bin/create_issue.sh
+++ /dev/null
@@ -1,165 +0,0 @@
-#!/bin/bash
-
-# expects:
-# env variable ISSUE_TOKEN
-# file out_of_date
-
-IFS='
-'
-repo=${downstream/*\/}
-
-does_it_exist() {
-	name=$1
-	downstream_version=$2
-	upstream_version=$3
-	repo=$4
-
-	query="$repo/$name: upgrade to $upstream_version"
-	query="%22$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )%22"
-
-	result="$(curl --silent -X 'GET' \
-		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \
-		-H 'accept: application/json' \
-		-H "Authorization: token $ISSUE_TOKEN"
-	)"
-
-	if [ "$result" == "[]" ]; then
-		return 1
-	fi
-}
-
-is_it_old() {
-	name=$1
-	downstream_version=$2
-	upstream_version=$3
-	repo=$4
-
-	query="$repo/$name: upgrade to"
-	query="%22$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )%22"
-
-	result="$(curl --silent -X 'GET' \
-		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \
-		-H 'accept: application/json' \
-		-H "authorization: token $ISSUE_TOKEN"
-	)"
-
-	result_title="$(echo $result | jq -r '.[].title' )"
-	result_id="$(echo $result | jq -r '.[].number' )"
-	result_upstream_version="$(echo $result_title | awk '{print $4}')"
-
-	if [ "$upstream_version" != "$result_upstream_version" ]; then
-		echo $result_id
-	else
-		echo 0
-	fi
-}
-
-update_title() {
-	name=$1
-	downstream_version=$2
-	upstream_version=$3
-	repo=$4
-	id=$5
-
-	result=$(curl --silent -X 'PATCH' \
-		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$id" \
-		-H 'accept: application/json' \
-		-H "authorization: token $ISSUE_TOKEN" \
-		-H 'Content-Type: application/json' \
-		-d "{
-			\"title\": \"$repo/$name: upgrade to $upstream_version\"
-		}"
-	)
-	
-	return 0
-}
-
-create_issue() {
-	name=$1
-	downstream_version=$2
-	upstream_version=$3
-	repo=$4
-
-	result=$(curl --silent -X 'POST' \
-		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \
-		-H 'accept: application/json' \
-		-H "authorization: token $ISSUE_TOKEN" \
-		-H 'Content-Type: application/json' \
-		-d "{
-			\"title\": \"$repo/$name: upgrade to $upstream_version\",
-			\"labels\": [
-				$LABEL_NUMBER
-			]
-		}")
-
-	return 0
-}
-
-if [ -f out_of_date ]; then
-	out_of_date="$(cat out_of_date)"
-
-	echo "Detected $(wc -l out_of_date) out-of-date packages, creating issues"
-
-	for pkg in $out_of_date; do
-		name="$(echo $pkg | awk '{print $1}')"
-		downstream_version="$(echo $pkg | awk '{print $2}')"
-		upstream_version="$(echo $pkg | awk '{print $3}')"
-		repo="$(echo $pkg | awk '{print $4}')"
-
-		if does_it_exist $name $downstream_version $upstream_version $repo; then
-			echo "Issue for $repo/$name already exists"
-			continue
-		fi
-
-		id=$(is_it_old $name $downstream_version $upstream_version $repo)
-	
-		if [  "$id" != "0" ] && [ -n "$id" ]; then
-			echo "Issue for $repo/$name needs updating"
-			update_title $name $downstream_version $upstream_version $repo $id
-			continue
-		fi
-
-		echo "Creating issue for $repo/$name"
-		create_issue $name $downstream_version $upstream_version $repo
-	done
-fi
-
-if [ -f not_in_anitya ]; then
-	query="Add missing $repo packages to anitya"
-	query="%22$(echo $query | sed 's| |%20|g')%22"
-
-	result="$(curl --silent -X 'GET' \
-		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \
-		-H 'accept: application/json' \
-		-H "authorization: token $ISSUE_TOKEN"
-	)"
-
-	if [ "$result" == "[]" ]; then
-		echo "Creating anitya issue"
-		result=$(curl --silent -X 'POST' \
-			"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \
-			-H 'accept: application/json' \
-			-H "authorization: token $ISSUE_TOKEN" \
-			-H 'Content-Type: application/json' \
-			-d "{
-				\"title\": \"Add missing $repo packages to anitya\",
-				\"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\",
-				\"labels\": [
-					$LABEL_NUMBER
-				]
-			}")
-
-	else
-		echo "Updating anitya issue"
-		result_id="$(echo $result | jq -r '.[].number' )"
-		result=$(curl --silent -X 'PATCH' \
-			"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$result_id" \
-			-H 'accept: application/json' \
-			-H "authorization: token $ISSUE_TOKEN" \
-			-H 'Content-Type: application/json' \
-			-d "{
-				\"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\"
-			}"
-		)
-	fi
-fi
diff --git a/.forgejo/bin/deploy.sh b/.forgejo/bin/deploy.sh
deleted file mode 100755
index a75d5e6..0000000
--- a/.forgejo/bin/deploy.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/sh
-
-# shellcheck disable=SC3040
-set -eu -o pipefail
-
-readonly BASEBRANCH=$CI_ALPINE_TARGET
-readonly TARGET_REPO=$CI_ALPINE_REPO
-
-get_qubes_release() {
- 	case $GITHUB_BASE_REF in
-		r*) echo $GITHUB_BASE_REF;;
-		main) echo r4.3;;
- 	esac
-}
-
-readonly QUBES_REL=$(get_qubes_release)
-
-apkgs=$(find package -type f -name "*.apk")
-
-for apk in $apkgs; do
-	arch=$(echo $apk | awk -F '/' '{print $3}')
-	name=$(echo $apk | awk -F '/' '{print $4}')
-
-	echo "Sending $name of arch $arch to $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL"
-	return=$(curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL 2>&1)
-	echo $return
-	if [ "$return" == "package file already exists" ]; then
-		echo "Package already exists, refreshing..."
-		curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN -X DELETE $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL/$arch/$name
-		curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL
-	fi
-done
-
diff --git a/.forgejo/workflows/build-edge.yaml b/.forgejo/workflows/build-edge.yaml
deleted file mode 100644
index 3ed95e3..0000000
--- a/.forgejo/workflows/build-edge.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-on: 
-  pull_request:
-    types: [ assigned, opened, synchronize, reopened ]
-
-jobs:
-  build-edge:
-    runs-on: x86_64
-    container:
-      image: alpinelinux/alpine-gitlab-ci:latest
-    env:
-      CI_PROJECT_DIR: ${{ github.workspace }}
-      CI_DEBUG_BUILD: ${{ runner.debug }}
-      CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
-      CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
-      CI_ALPINE_TARGET: edge
-    steps:
-      - name: Environment setup
-        run: |
-          doas apk upgrade -a
-          doas apk add nodejs git patch curl
-          cd /etc/apk/keys
-          doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
-      - name: Repo pull
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 500
-      - name: Package build
-        run: ${{ github.workspace }}/.forgejo/bin/build.sh
-      - name: Package upload
-        uses: actions/upload-artifact@v3
-        with:
-          name: package
-          path: packages
-
-  deploy-edge:
-    needs: [build-edge]
-    runs-on: x86_64
-    container:
-      image: alpine:latest
-    env:
-      CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
-      FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
-      FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
-      CI_ALPINE_TARGET: edge
-    steps:
-      - name: Setting up environment
-        run: apk add nodejs curl findutils git gawk
-      - name: Repo pull
-        uses: actions/checkout@v4
-      - name: Package download
-        uses: actions/download-artifact@v3
-      - name: Package deployment
-        run: ${{ github.workspace }}/.forgejo/bin/deploy.sh
diff --git a/.forgejo/workflows/build-v3.22.yaml b/.forgejo/workflows/build-v3.22.yaml
deleted file mode 100644
index 76060ab..0000000
--- a/.forgejo/workflows/build-v3.22.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-on: 
-  pull_request:
-    types: [ assigned, opened, synchronize, reopened ]
-
-jobs:
-  build-v3.22:
-    runs-on: x86_64
-    container:
-      image: alpinelinux/alpine-gitlab-ci:latest
-    env:
-      CI_PROJECT_DIR: ${{ github.workspace }}
-      CI_DEBUG_BUILD: ${{ runner.debug }}
-      CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
-      CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
-      CI_ALPINE_TARGET: v3.22
-    steps:
-      - name: Environment setup
-        run: |
-          doas apk upgrade -a
-          doas apk add nodejs git patch curl
-          cd /etc/apk/keys
-          doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
-      - name: Repo pull
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 500
-      - name: Package build
-        run: ${{ github.workspace }}/.forgejo/bin/build.sh
-      - name: Package upload
-        uses: actions/upload-artifact@v3
-        with:
-          name: package
-          path: packages
-
-  deploy-v3.22:
-    needs: [build-v3.22]
-    runs-on: x86_64
-    container:
-      image: alpine:latest
-    env:
-      CI_ALPINE_TARGET: v3.22
-      CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
-      FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
-      FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
-    steps:
-      - name: Setting up environment
-        run: apk add nodejs curl findutils git gawk
-      - name: Repo pull
-        uses: actions/checkout@v4
-      - name: Package download
-        uses: actions/download-artifact@v3
-      - name: Package deployment
-        run: ${{ github.workspace }}/.forgejo/bin/deploy.sh
diff --git a/.forgejo/workflows/build-v3.23.yaml b/.forgejo/workflows/build-v3.23.yaml
deleted file mode 100644
index 6837da0..0000000
--- a/.forgejo/workflows/build-v3.23.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-on: 
-  pull_request:
-    types: [ assigned, opened, synchronize, reopened ]
-
-jobs:
-  build-v3.23:
-    runs-on: x86_64
-    container:
-      image: alpinelinux/alpine-gitlab-ci:latest
-    env:
-      CI_PROJECT_DIR: ${{ github.workspace }}
-      CI_DEBUG_BUILD: ${{ runner.debug }}
-      CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
-      CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
-      CI_ALPINE_TARGET: v3.23
-    steps:
-      - name: Environment setup
-        run: |
-          doas apk upgrade -a
-          doas apk add nodejs git patch curl
-          cd /etc/apk/keys
-          doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
-      - name: Repo pull
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 500
-      - name: Package build
-        run: ${{ github.workspace }}/.forgejo/bin/build.sh
-      - name: Package upload
-        uses: actions/upload-artifact@v3
-        with:
-          name: package
-          path: packages
-
-  deploy-v3.23:
-    needs: [build-v3.23]
-    runs-on: x86_64
-    container:
-      image: alpine:latest
-    env:
-      CI_ALPINE_TARGET: v3.23
-      CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
-      FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
-      FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
-    steps:
-      - name: Setting up environment
-        run: apk add nodejs curl findutils git gawk
-      - name: Repo pull
-        uses: actions/checkout@v4
-      - name: Package download
-        uses: actions/download-artifact@v3
-      - name: Package deployment
-        run: ${{ github.workspace }}/.forgejo/bin/deploy.sh
diff --git a/.forgejo/workflows/check-r4.2.yml b/.forgejo/workflows/check-r4.2.yml
deleted file mode 100644
index b1830c8..0000000
--- a/.forgejo/workflows/check-r4.2.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-on:
-  workflow_dispatch:
-
-  schedule:
-    - cron: '0 5 * * *'
-
-jobs:
-  check-r4.2:
-    name: Check user repo
-    runs-on: x86_64
-    container:
-      image: alpine:latest
-    env:
-      downstream: https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.2
-      ISSUE_TOKEN: ${{ secrets.issue_token }}
-      LABEL_NUMBER: 9
-      CHECK_LATEST: 0
-    steps:
-      - name: Environment setup
-        run: apk add grep coreutils gawk curl wget bash nodejs git jq sed
-      - name: Get scripts
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-      - name: Check out-of-date packages
-        run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh
-      - name: Create issues
-        run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh
diff --git a/.forgejo/workflows/check-r4.3.yml b/.forgejo/workflows/check-r4.3.yml
deleted file mode 100644
index bbdf8aa..0000000
--- a/.forgejo/workflows/check-r4.3.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-on:
-  workflow_dispatch:
-
-  schedule:
-    - cron: '0 5 * * *'
-
-jobs:
-  check-r4.3:
-    name: Check user repo
-    runs-on: x86_64
-    container:
-      image: alpine:latest
-    env:
-      downstream: https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3
-      ISSUE_TOKEN: ${{ secrets.issue_token }}
-      LABEL_NUMBER: 9
-      CHECK_LATEST: 1
-    steps:
-      - name: Environment setup
-        run: apk add grep coreutils gawk curl wget bash nodejs git jq sed
-      - name: Get scripts
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-      - name: Check out-of-date packages
-        run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh
-      - name: Create issues
-        run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh
diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml
deleted file mode 100644
index 743cefc..0000000
--- a/.forgejo/workflows/lint.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-on: 
-  pull_request:
-    types: [ assigned, opened, synchronize, reopened ]
-
-jobs:
-  lint:
-    run-name: lint
-    runs-on: x86_64
-    container:
-      image: alpinelinux/apkbuild-lint-tools:latest
-    env:
-      CI_PROJECT_DIR: ${{ github.workspace }}
-      CI_DEBUG_BUILD: ${{ runner.debug }}
-      CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
-      CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
-    steps:
-      - run: |
-          doas apk upgrade -a
-          doas apk add nodejs git
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 500
-      - run: lint
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..971d962
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,80 @@
+stages:
+  - verify
+  - build
+  - deploy
+
+variables:
+  GIT_STRATEGY: clone
+  GIT_DEPTH: "500"
+
+lint:
+  stage: verify
+  interruptible: true
+  script:
+    - |
+      sudo apk add shellcheck atools sudo abuild
+      export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
+      lint
+  allow_failure: true
+  only:
+    - merge_requests
+  tags:
+    - apk-v3.18-x86_64
+
+.build:
+  stage: build
+  interruptible: true
+  script:
+    - |
+      sudo apk add alpine-sdk lua-aports sudo
+      sudo addgroup $USER abuild
+      export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
+      sudo -Eu $USER build.sh
+  artifacts:
+    paths:
+      - packages/
+      - keys/
+      - logs/
+    expire_in: 7 days
+  only:
+    - merge_requests
+
+build-v3.18:
+  extends: .build
+  when: always
+  variables:
+    CI_ALPINE_TARGET_RELEASE: v3.18
+  tags:
+    - apk-$CI_ALPINE_TARGET_RELEASE-x86_64
+
+build-v3.19:
+  extends: .build
+  when: always
+  variables:
+    CI_ALPINE_TARGET_RELEASE: v3.19
+  tags:
+    - apk-$CI_ALPINE_TARGET_RELEASE-x86_64
+
+build-edge:
+  extends: .build
+  when: always
+  variables:
+    CI_ALPINE_TARGET_RELEASE: edge
+  tags:
+    - apk-$CI_ALPINE_TARGET_RELEASE-x86_64
+
+
+push:
+  interruptible: true
+  stage: deploy
+  script:
+    - |
+      sudo apk add abuild git-lfs findutils
+      export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
+      push.sh
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+      when: manual
+  tags:
+    - repo
+
diff --git a/.gitlab/bin/APKBUILD_SHIM b/.gitlab/bin/APKBUILD_SHIM
new file mode 100755
index 0000000..76577ff
--- /dev/null
+++ b/.gitlab/bin/APKBUILD_SHIM
@@ -0,0 +1,111 @@
+#!/bin/sh
+
+set -e
+
+arch=
+builddir=
+checkdepends=
+depends=
+depends_dev=
+depends_doc=
+depends_libs=
+depends_openrc=
+depends_static=
+install=
+install_if=
+langdir=
+ldpath=
+license=
+makedepends=
+makedepends_build=
+makedepends_host=
+md5sums=
+options=
+patch_args=
+pkgbasedir=
+pkgdesc=
+pkgdir=
+pkgname=
+pkgrel=
+pkgver=
+pkggroups=
+pkgusers=
+provides=
+provider_priority=
+replaces=
+sha256sums=
+sha512sums=
+sonameprefix=
+source=
+srcdir=
+startdir=
+subpackages=
+subpkgdir=
+subpkgname=
+triggers=
+url=
+
+# abuild.conf
+
+CFLAGS=
+CXXFLAGS=
+CPPFLAGS=
+LDFLAGS=
+JOBS=
+MAKEFLAGS=
+CMAKE_CROSSOPTS=
+
+. ./APKBUILD
+
+: "$arch"
+: "$builddir"
+: "$checkdepends"
+: "$depends"
+: "$depends_dev"
+: "$depends_doc"
+: "$depends_libs"
+: "$depends_openrc"
+: "$depends_static"
+: "$install"
+: "$install_if"
+: "$langdir"
+: "$ldpath"
+: "$license"
+: "$makedepends"
+: "$makedepends_build"
+: "$makedepends_host"
+: "$md5sums"
+: "$options"
+: "$patch_args"
+: "$pkgbasedir"
+: "$pkgdesc"
+: "$pkgdir"
+: "$pkgname"
+: "$pkgrel"
+: "$pkgver"
+: "$pkggroups"
+: "$pkgusers"
+: "$provides"
+: "$provider_priority"
+: "$replaces"
+: "$sha256sums"
+: "$sha512sums"
+: "$sonameprefix"
+: "$source"
+: "$srcdir"
+: "$startdir"
+: "$subpackages"
+: "$subpkgdir"
+: "$subpkgname"
+: "$triggers"
+: "$url"
+
+# abuild.conf
+
+: "$CFLAGS"
+: "$CXXFLAGS"
+: "$CPPFLAGS"
+: "$LDFLAGS"
+: "$JOBS"
+: "$MAKEFLAGS"
+: "$CMAKE_CROSSOPTS"
diff --git a/.gitlab/bin/apkbuild-shellcheck b/.gitlab/bin/apkbuild-shellcheck
new file mode 100755
index 0000000..3126684
--- /dev/null
+++ b/.gitlab/bin/apkbuild-shellcheck
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+shellcheck -s ash \
+        -e SC3043 \
+        -e SC3057 \
+        -e SC3060 \
+        -e SC2016 \
+        -e SC2086 \
+        -e SC2169 \
+        -e SC2155 \
+        -e SC2100 \
+        -e SC2209 \
+        -e SC2030 \
+        -e SC2031 \
+        -e SC1090 \
+        -xa $CI_PROJECT_DIR/.gitlab/bin/APKBUILD_SHIM
diff --git a/.forgejo/bin/build.sh b/.gitlab/bin/build.sh
similarity index 68%
rename from .forgejo/bin/build.sh
rename to .gitlab/bin/build.sh
index c065c38..5905fbc 100755
--- a/.forgejo/bin/build.sh
+++ b/.gitlab/bin/build.sh
@@ -1,25 +1,27 @@
 #!/bin/sh
 # shellcheck disable=SC3043
 
-. /usr/local/lib/functions.sh
+. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
 
 # shellcheck disable=SC3040
 set -eu -o pipefail
 
 readonly APORTSDIR=$CI_PROJECT_DIR
-readonly REPOS="main community testing"
+readonly REPOS="qubes/r4.1"
+readonly ALPINE_REPOS="main community testing"
 readonly ARCH=$(apk --print-arch)
 # gitlab variables
 readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
 
 : "${REPODEST:=$HOME/packages}"
-: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}"
+: "${MIRROR:=https://lab.ilot.io/ayakael/repo-apk/-/raw}"
 : "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
 : "${MAX_ARTIFACT_SIZE:=300000000}" #300M
 : "${CI_DEBUG_BUILD:=}"
 
 : "${CI_ALPINE_BUILD_OFFSET:=0}"
 : "${CI_ALPINE_BUILD_LIMIT:=9999}"
+: "${CI_ALPINE_TARGET_ARCH:=$(uname -m)}"
 
 msg() {
 	local color=${2:-green}
@@ -68,48 +70,38 @@ report() {
 }
 
 get_release() {
-	echo $CI_ALPINE_TARGET
+	local RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}')
+	case $RELEASE in
+		v*) echo "${RELEASE%-*}";;
+		edge) echo edge;;
+		*) die "Branch \"$RELEASE\" not supported!"
+	esac
 }
 
-
 get_qubes_release() {
 	case $BASEBRANCH in
 		r*) echo $BASEBRANCH;;
-		main) echo r4.3;;
+		master) echo r4.2;;
+		*) die "Branch \"$BASEBRANCH\" not supported!"
 	esac
 }
 
-changed_aports() {
-	: "${APORTSDIR?APORTSDIR missing}"
-	: "${BASEBRANCH?BASEBRANCH missing}"
-
-	cd "$APORTSDIR"
-	local aports
-
-	aports=$(git diff --name-only --diff-filter=ACMR \
-		"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
-
-	# shellcheck disable=2086
-	ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
-}
-
-
 build_aport() {
 	local repo="$1" aport="$2"
-	cd "$APORTSDIR/$repo/$aport"
+	cd "$APORTSDIR/$aport"
 	if abuild -r 2>&1 | report "build-$aport"; then
-		checkapk 2>&1 | report "checkapk-$aport" || true
-		aport_ok="$aport_ok $repo/$aport"
+		checkapk | report "checkapk-$aport" || true
+		aport_ok="$aport_ok $aport"
 	else
-		aport_ng="$aport_ng $repo/$aport"
+		aport_ng="$aport_ng $aport"
 	fi
 }
 
 check_aport() {
 	local repo="$1" aport="$2"
-	cd "$APORTSDIR/$repo/$aport"
+	cd "$APORTSDIR/$aport"
 	if ! abuild check_arch 2>/dev/null; then
-		aport_na="$aport_na $repo/$aport"
+		aport_na="$aport_na $aport"
 		return 1
 	fi
 }
@@ -119,14 +111,9 @@ set_repositories_for() {
 	local release
 
 	release=$(get_release)
-	for repo in qubes-$(get_qubes_release); do
-		[ "$repo" = "non-free" ] && continue
-		[ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue
-		repos="$repos $MIRROR/$release/$repo $REPODEST/$repo"
-		[ "$repo" = "$target_repo" ] && break
-	done
-	doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
-	doas apk update || true
+	repos="$MIRROR/$release/qubes/$target_repo $REPODEST/qubes-aports"
+	sudo sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
+	sudo apk update || true
 }
 
 apply_offset_limit() {
@@ -142,15 +129,21 @@ setup_system() {
 	local release
 
 	release=$(get_release)
-	for repo in $REPOS; do
+	for repo in $ALPINE_REPOS; do
 		[ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
 		repos="$repos $ALPINE_MIRROR/$release/$repo"
 	done
-	doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
-	doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system"
-	abuild-keygen -ain
-	doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
-	( . /usr/share/abuild/default.conf; . /etc/abuild.conf; echo "Building with ${JOBS-1} jobs" )
+	repos="$repos $MIRROR/$release/cross"
+	sudo sh -c "printf '%s\n' $repos > /etc/apk/repositories"
+	sudo apk -U upgrade -a || sudo apk fix || die "Failed to up/downgrade system"
+	gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
+	gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
+	chmod 700 $HOME/.abuild/$ABUILD_KEY_NAME.rsa
+	echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" >> $HOME/.abuild/abuild.conf
+	sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/$ABUILD_KEY_NAME.rsa.pub
+
+	sudo sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
+	( . /etc/abuild.conf && echo "Building with $JOBS jobs" )
 	mkdir -p "$REPODEST"
 	git config --global init.defaultBranch master
 }
@@ -176,7 +169,8 @@ copy_artifacts() {
 
 	if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then
 		msg "Copying packages for artifact upload"
-		cp -ar "$REPODEST"/* packages/ 2>/dev/null
+		mkdir packages/$CI_ALPINE_TARGET_RELEASE
+		cp -ar "$REPODEST"/* packages/$CI_ALPINE_TARGET_RELEASE 2>/dev/null
 		cp ~/.abuild/*.rsa.pub keys/
 	else
 		msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow
@@ -198,7 +192,7 @@ sysinfo || true
 setup_system || die "Failed to setup system"
 
 # git no longer allows to execute in repositories owned by different users
-doas chown -R buildozer: .
+sudo chown -R $USER: .
 
 fetch_flags="-qn"
 debugging && fetch_flags="-v"
@@ -220,6 +214,7 @@ section_end setup
 build_start=$CI_ALPINE_BUILD_OFFSET
 build_limit=$CI_ALPINE_BUILD_LIMIT
 
+mkdir -p "$APORTSDIR"/logs "$APORTSDIR"/packages "$APORTSDIR"/keys
 set_repositories_for $(get_qubes_release)
 built_aports=0
 changed_aports_in_repo=$(changed_aports $BASEBRANCH)
@@ -232,12 +227,20 @@ printf " - %s\n" $changed_aports_to_build
 for pkgname in $changed_aports_to_build; do
 	section_start "build_$pkgname" "Building package $pkgname"
 	built_aports=$((built_aports+1))
-	if check_aport . "$pkgname"; then
-		build_aport . "$pkgname"
+	if check_aport qubes-aports "$pkgname"; then
+		build_aport qubes-aports "$pkgname"
 	fi
 	section_end "build_$pkgname"
 done
 
+build_start=$((build_start-(changed_aports_in_repo_count-built_aports)))
+build_limit=$((build_limit-built_aports))
+
+if [ $build_limit -le 0 ]; then
+	msg "Limit reached, breaking"
+	break
+fi
+
 section_start artifacts "Handeling artifacts" collapse
 copy_artifacts || true
 section_end artifacts
@@ -251,7 +254,7 @@ for ok in $aport_ok; do
 done
 
 for na in $aport_na; do
-	msg "$na: disabled for $ARCH" yellow
+	msg "$na: disabled for $CI_ALPINE_TARGET_ARCH" yellow
 done
 
 for ng in $aport_ng; do
@@ -265,4 +268,3 @@ if [ "$failed" = true ]; then
 elif [ -z "$aport_ok" ]; then
 	msg "No packages found to be built." yellow
 fi
-
diff --git a/.gitlab/bin/changed-aports b/.gitlab/bin/changed-aports
new file mode 100755
index 0000000..4541230
--- /dev/null
+++ b/.gitlab/bin/changed-aports
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+    echo "Usage: $0 <basebranch>"
+    exit 1
+fi
+
+if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
+    echo "Fatal: not inside a git repository"
+    exit 2
+fi
+
+basebranch=$1
+
+if ! git rev-parse --verify --quiet $basebranch >/dev/null; then
+    # The base branch does not eixst, probably due to a shallow clone
+    git fetch -v $CI_MERGE_REQUEST_PROJECT_URL.git +refs/heads/$basebranch:refs/heads/$basebranch
+fi
+
+git --no-pager diff --diff-filter=ACMR --name-only $basebranch...HEAD -- "*/APKBUILD" | xargs -r -n1 dirname
diff --git a/.gitlab/bin/functions.sh b/.gitlab/bin/functions.sh
new file mode 100755
index 0000000..3792bb7
--- /dev/null
+++ b/.gitlab/bin/functions.sh
@@ -0,0 +1,63 @@
+# shellcheck disable=SC3043
+
+:
+
+# shellcheck disable=SC3040
+set -eu -o pipefail
+
+changed_aports() {
+	: "${APORTSDIR?APORTSDIR missing}"
+	: "${BASEBRANCH?BASEBRANCH missing}"
+
+	cd "$APORTSDIR"
+	local repo="$1"
+	local aports
+
+	aports=$(git diff --name-only --diff-filter=ACMR \
+		"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
+
+	# shellcheck disable=2086
+	ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
+}
+
+section_start() {
+	name=${1?arg 1 name missing}
+	header=${2?arg 2 header missing}
+	collapsed=$2
+	timestamp=$(date +%s)
+
+	options=""
+	case $collapsed in
+		yes|on|collapsed|true) options="[collapsed=true]";;
+	esac
+
+	printf "\e[0Ksection_start:%d:%s%s\r\e[0K%s\n" "$timestamp" "$name" "$options" "$header"
+}
+
+section_end() {
+	name=$1
+	timestamp=$(date +%s)
+
+	printf "\e[0Ksection_end:%d:%s\r\e[0K" "$timestamp" "$name"
+}
+
+gitlab_key_to_rsa() {
+	KEY=$1
+	TYPE=$2
+	TGT=$3
+	TGT_DIR=${TGT%/*}
+	if [ "$TGT" == "$TGT_DIR" ]; then
+		TGT_DIR="./"
+	fi
+	if [ ! -d "$TGT_DIR" ]; then
+		mkdir -p "$TGT_DIR"
+	fi
+	case $TYPE in
+		rsa-public) local type="PUBLIC";;
+		rsa-private) local type="RSA PRIVATE";;
+	esac
+	echo "-----BEGIN $type KEY-----" > "$TGT"
+	echo $1 | sed 's/.\{64\}/&\
+/g' >> "$TGT"
+	echo "-----END $type KEY-----" >> "$TGT"
+}
diff --git a/.gitlab/bin/lint b/.gitlab/bin/lint
new file mode 100755
index 0000000..c1edcfb
--- /dev/null
+++ b/.gitlab/bin/lint
@@ -0,0 +1,96 @@
+#!/bin/sh
+
+BLUE="\e[34m"
+MAGENTA="\e[35m"
+RESET="\e[0m"
+
+readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
+
+verbose() {
+    echo "> " "$@"
+    # shellcheck disable=SC2068
+    $@
+}
+
+debugging() {
+    [ -n "$CI_DEBUG_BUILD" ]
+}
+
+debug() {
+    if debugging; then
+        verbose "$@"
+    fi
+}
+
+# git no longer allows to execute in repositories owned by different users
+sudo chown -R gitlab-runner: .
+
+fetch_flags="-qn"
+debugging && fetch_flags="-v"
+
+git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
+	"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
+
+if debugging; then
+    merge_base=$(git merge-base "$BASEBRANCH" HEAD)
+    echo "$merge_base"
+    git --version
+    git config -l
+    git tag merge-base "$merge_base" || { echo "Could not determine merge-base"; exit 50; }
+    git log --oneline --graph --decorate --all
+fi
+
+has_problems=0
+
+for PKG in $(changed-aports "$BASEBRANCH"); do
+    printf "$BLUE==>$RESET Linting $PKG\n"
+
+    (
+        cd "$PKG"
+
+        repo=$(basename $(dirname $PKG));
+
+        if [ "$repo" == "backports" ]; then
+			echo "Skipping $PKG as backports (we don't care)"
+			continue
+		fi
+
+        printf "\n\n"
+        printf "$BLUE"
+        printf '======================================================\n'
+        printf "                  parse APKBUILD:\n"
+        printf '======================================================'
+        printf "$RESET\n\n"
+        ( . ./APKBUILD ) || has_problems=1
+
+        printf "\n\n"
+        printf "$BLUE"
+        printf '======================================================\n'
+        printf "                abuild sanitycheck:\n"
+        printf '======================================================'
+        printf "$RESET\n\n"
+        abuild sanitycheck || has_problems=1
+
+        printf "\n\n"
+        printf "$BLUE"
+        printf '======================================================\n'
+        printf "                apkbuild-shellcheck:\n"
+        printf '======================================================'
+        printf "$RESET\n"
+        apkbuild-shellcheck || has_problems=1
+
+        printf "\n\n"
+        printf "$BLUE"
+        printf '======================================================\n'
+        printf "                  apkbuild-lint:\n"
+        printf '======================================================'
+        printf "$RESET\n\n"
+        apkbuild-lint APKBUILD || has_problems=1
+
+        return $has_problems
+    ) || has_problems=1
+
+    echo
+done
+
+exit $has_problems
diff --git a/.gitlab/bin/push.sh b/.gitlab/bin/push.sh
new file mode 100755
index 0000000..3c35179
--- /dev/null
+++ b/.gitlab/bin/push.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# shellcheck disable=SC3043
+
+. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
+
+# shellcheck disable=SC3040
+set -eu -o pipefail
+
+readonly APORTSDIR=$CI_PROJECT_DIR
+readonly REPOS="backports user"
+readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
+
+export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
+
+gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
+gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
+gitlab_key_to_rsa $SSH_KEY rsa-private $HOME/.ssh/id_rsa
+chmod 700 "$HOME"/.ssh/id_rsa
+chmod 700 "$HOME"/.abuild/$ABUILD_KEY_NAME.rsa
+
+echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" > $HOME/.abuild/abuild.conf
+echo "REPODEST=$HOME/repo-apk/qubes" >> $HOME/.abuild/abuild.conf
+sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/.
+
+get_qubes_release() {
+	case $BASEBRANCH in
+		r*) echo $BASEBRANCH;;
+		master) echo r4.2;;
+		*) die "Branch \"$BASEBRANCH\" not supported!"
+	esac
+}
+
+QUBES_REL=$(get_qubes_release)
+
+for release in $(find packages -type d -maxdepth 1 -mindepth 1 -printf '%f\n'); do
+
+	if [ -d $HOME/repo-apk ]; then
+		git -C $HOME/repo-apk fetch
+		git -C $HOME/repo-apk checkout $release
+		git -C $HOME/repo-apk pull --rebase
+	else
+		git clone git@lab.ilot.io:ayakael/repo-apk -b $release $HOME/repo-apk
+	fi
+
+	for i in $(find packages/$release -type f -name "*.apk"); do
+		install -vDm644 $i ${i/packages\/$release\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL}
+	done
+
+	fetch_flags="-qn"
+	git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
+		"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
+
+	rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true
+	mkdir -p qubes/$QUBES_REL/DUMMY
+	echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD
+	cd qubes/$QUBES_REL/DUMMY
+	abuild index
+	cd "$CI_PROJECT_DIR"
+	rm -R qubes/$QUBES_REL/DUMMY
+
+	git -C $HOME/repo-apk add .
+	git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE"
+	git -C $HOME/repo-apk push
+done
diff --git a/README.md b/README.md
index 5509b11..089400a 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
-# qports
-Upstream: https://ayakael.net/forge/qports
+# qubes-aports
+Upstream: https://lab.ilot.io/ayakael/qubes-aports
 
 ## Description
 
@@ -8,12 +8,8 @@ Linux template. The upstream repo uses GitLab's CI to build and deploy packages
 targetting multiple Alpine Linux versions. QubesOS releases are tracked using
 branches.
 
-Note for `main` branch: This is currently tracking r4.3 packages, thus are
-experimental. Use this branch at your own risk. For latest r4.2 packages,
-navigate to that branch.
-
 #### Template builder
-The template builder is housed in its [own repo](https://ayakael.net/forge/qubes-builder-alpine)
+The template builder is housed in its [own repo](https://lab.ilot.io/ayakael/qubes-builder-alpine).
 RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate
 installation of your very own Alpine Linux template on QubesOS.
 
@@ -41,25 +37,8 @@ Extra packages
 Omitted packages
   * qubes-vmm-xen - The default Alpine xen package seems to provide the necessary modules
 
-## How to use
-
-Built packages are made available on a Forgejo-based Alpine repo for you convenience. You can follow these steps to use them:
-
-Add security key of the apk repository to your /etc/apk/keys:
-
-```shell
-cd /etc/apk/keys
-curl -JO https://ayakael.net/api/packages/forge/alpine/key
-```
-Add repository to `/etc/apk/repositories`:
-
-```shell
-echo "https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3" > /etc/apk/repositories
-```
-
-
 #### Known issues
-Known issues are currently being tracked in [qubes-builder-alpine](https://ayakael.net/forge/qubes-builder-alpine/issues)
+Known issues are currently being tracked in [qubes-builder-alpine](https://lab.ilot.io/ayakael/qubes-builder-alpine) repo.
 
 #### Issues, recommendations and proposals
 **To report an issue or share a recommendation**
diff --git a/git-remote-qubes/APKBUILD b/git-remote-qubes/APKBUILD
deleted file mode 100644
index 017700c..0000000
--- a/git-remote-qubes/APKBUILD
+++ /dev/null
@@ -1,29 +0,0 @@
-# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
-pkgname=git-remote-qubes
-pkgver=0.1.1
-pkgrel=2
-pkgdesc="Inter-VM Git for Qubes OS"
-url="https://github.com/Rudd-O/git-remote-qubes"
-license="GPL-3.0-only"
-source="
-	$pkgname-$pkgver.tar.gz::https://github.com/Rudd-O/git-remote-qubes/archive/refs/tags/v$pkgver.tar.gz
-	do-not-use-systemd.patch
-	qubes-rpc-ruddo-use-sh.patch
-"
-arch="noarch"
-makedepends="python3"
-
-build() {
-	local site_packages=$(python -c "import site; print(site.getsitepackages()[0])")
-	make LIBEXECDIR="/usr/lib/git-remote-qubes" SITELIBDIR="$site_packages" all
-}
-
-package() {
-	local site_packages=$(python -c "import site; print(site.getsitepackages()[0])")
-	make LIBEXECDIR="/usr/lib/git-remote-qubes" DESTDIR="$pkgdir" SITELIBDIR="$site_packages" install-vm
-}
-sha512sums="
-69aeead4eaa3202964af9845c00115680277cbf12dbba8bd4b9669418aa17c6220708a5372db7ef76c3d7682f6a0b03b4b8a79dd438ee984db78c024fb9003ac  git-remote-qubes-0.1.1.tar.gz
-64475923bc4030ce96f6029732d3907a3164ac9baa0854b24ad8d206afd77120e63fa0d0bf9f7c07b07c7dea002bf3914a24cced39ed0f46893f15b891334f56  do-not-use-systemd.patch
-7cbb9391aa8da81564c321b20db512968bd6a080fd90f0814fa684d85f3bdadd03236f7d88b2569f345623a1e4abd1f163fb571b63179e7633a8b28aac95b592  qubes-rpc-ruddo-use-sh.patch
-"
diff --git a/git-remote-qubes/do-not-use-systemd.patch b/git-remote-qubes/do-not-use-systemd.patch
deleted file mode 100644
index 3725745..0000000
--- a/git-remote-qubes/do-not-use-systemd.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-diff --git a/git-remote-qubes.spec.orig b/git-remote-qubes.spec
-index ec745d0..80fddfb 100644
---- a/git-remote-qubes.spec.orig
-+++ b/git-remote-qubes.spec
-@@ -21,14 +21,12 @@ BuildRequires:  git
- 
- Requires:       python3
- Requires:       git-core
--# systemd is required because of systemd-escape.
--Requires:       systemd
- 
- %package dom0
- Summary:        Policy package for Qubes OS dom0s that arbitrates %{name}
- Requires:       qubes-core-dom0 >= 4.1
- 
--Requires: systemd qubes-core-dom0-linux
-+Requires: qubes-core-dom0-linux
- 
- %description
- This package lets you setup Git servers on your Qubes OS VMs.
-diff --git a/src/gitremotequbes/server.py.orig b/src/gitremotequbes/server.py
-index ca6e9c7..c7d06d5 100644
---- a/src/gitremotequbes/server.py.orig
-+++ b/src/gitremotequbes/server.py
-@@ -2,7 +2,6 @@ import logging
- import os
- import shlex
- import signal
--import subprocess
- import sys
- 
- import gitremotequbes.copier
-@@ -35,15 +34,6 @@ def main():
-     logging.basicConfig(format="remote:" + logging.BASIC_FORMAT, level=level)
-     l = logging.getLogger()
- 
--    trustedarg = os.getenv("QREXEC_SERVICE_ARGUMENT")
--    if trustedarg:
--        # Qubes OS subsystem has sent us an argument, and that argument
--        # is trusted, so trust that over whatever the remote process said.
--        l.debug("trustworthy argument %r sent by Qubes OS", trustedarg)
--        git_dir = subprocess.check_output([
--            "systemd-escape", "--unescape", "--", trustedarg
--        ], universal_newlines=True)[:-1]
--
-     sys.stdout.write("confirmed\n")
- 
-     while True:
-diff --git a/src/gitremotequbes/client.py.orig b/src/gitremotequbes/client.py
-index 1adf379..826c17c 100644
---- a/src/gitremotequbes/client.py.orig
-+++ b/src/gitremotequbes/client.py
-@@ -29,17 +29,10 @@ def main():
- 
-     l = logging.getLogger()
- 
--    rpcarg = subprocess.check_output([
--        "systemd-escape", "--", url.path
--    ], universal_newlines=True)[:-1]
--    if len(rpcarg) > 64 or "\\" in rpcarg:
--        # Path is too long!  We must do without rpcarg.
--        rpcarg = None
--
-     vm = subprocess.Popen(
-         ["/usr/lib/qubes/qrexec-client-vm",
-          url.netloc,
--         "ruddo.Git" + ("+%s" % rpcarg if rpcarg else "")],
-+         "ruddo.Git"],
-         stdin=subprocess.PIPE,
-         stdout=subprocess.PIPE,
-         bufsize=0,
diff --git a/git-remote-qubes/qubes-rpc-ruddo-use-sh.patch b/git-remote-qubes/qubes-rpc-ruddo-use-sh.patch
deleted file mode 100644
index 54e60cd..0000000
--- a/git-remote-qubes/qubes-rpc-ruddo-use-sh.patch
+++ /dev/null
@@ -1,7 +0,0 @@
-diff --git a/etc/qubes-rpc/ruddo.Git.in.orig b/etc/qubes-rpc/ruddo.Git.in
-index cb19123..62af422 100755
---- a/etc/qubes-rpc/ruddo.Git.in.orig
-+++ b/etc/qubes-rpc/ruddo.Git.in
-@@ -1 +1,2 @@
-+#!/bin/sh
- @LIBEXECDIR@/git-local-qubes
diff --git a/qubes-app-linux-druide-antidote/APKBUILD b/qubes-app-linux-druide-antidote/APKBUILD
index 8765a19..80b9426 100644
--- a/qubes-app-linux-druide-antidote/APKBUILD
+++ b/qubes-app-linux-druide-antidote/APKBUILD
@@ -1,9 +1,7 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
-# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-app-linux-druide-antidote
 pkgver=0.0.1_git20240201
 _gittag=c724c88aa2a20b1e422b464499015ff05753316d
-pkgrel=5
+pkgrel=0
 arch="noarch"
 pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file"
 url=https://github.com/neowutran/qubes-app-linux-druide-antidote
@@ -13,10 +11,9 @@ depends="bash"
 makedepends="pandoc"
 builddir="$srcdir"/$pkgname-$_gittag
 
-check() {
+check(){
 	tests/all
 }
-
 package() {
 	make install-vm DESTDIR="$pkgdir/"
 }
diff --git a/qubes-db-vm/0001-create_pidfile.patch b/qubes-db-vm/0001-create_pidfile.patch
index 0603ee1..947f45c 100644
--- a/qubes-db-vm/0001-create_pidfile.patch
+++ b/qubes-db-vm/0001-create_pidfile.patch
@@ -1,17 +1,17 @@
-diff --git a/daemon/db-daemon.c.orig b/daemon/db-daemon.c
-index bcf77df..c7b1a50 100644
---- a/daemon/db-daemon.c.orig
+From d20a9db122608e0992c9ab6f675920d4bb1ee88f Mon Sep 17 00:00:00 2001
+From: "build@apk-groulx" <build@apk-groulx.praxis>
+Date: Fri, 4 Mar 2022 22:50:19 +0000
+Subject: [PATCH 1/1] create_pidfile
+
+---
+ daemon/db-daemon.c | 11 +++--------
+ 1 file changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/daemon/db-daemon.c b/daemon/db-daemon.c
+index 9934d16..2b28995 100644
+--- a/daemon/db-daemon.c
 +++ b/daemon/db-daemon.c
-@@ -156,7 +156,7 @@ int mainloop(struct db_daemon_data *d) {
-             return 0;
-         }
-         d->multiread_requested = 1;
--        /* wait for complete response */
-+        /* wait for complete rsponse */
-         while (d->multiread_requested) {
-             AcquireSRWLockExclusive(&d->lock);
-             if (!handle_vchan_data(d)) {
-@@ -627,11 +627,8 @@ static int create_pidfile(struct db_daemon_data *d) {
+@@ -618,11 +618,8 @@ int create_pidfile(struct db_daemon_data *d) {
      mode_t old_umask;
      struct stat stat_buf;
  
@@ -24,7 +24,7 @@ index bcf77df..c7b1a50 100644
  
      old_umask = umask(0002);
      pidfile = fopen(pidfile_name, "w");
-@@ -652,10 +649,8 @@ static void remove_pidfile(struct db_daemon_data *d) {
+@@ -643,10 +640,8 @@ void remove_pidfile(struct db_daemon_data *d) {
      struct stat stat_buf;
  
      /* no pidfile for VM daemon - service is managed by systemd */
@@ -36,12 +36,15 @@ index bcf77df..c7b1a50 100644
  
      if (stat(pidfile_name, &stat_buf) == 0) {
          /* remove pidfile only if it's the one created this process */
-@@ -763,7 +758,7 @@ int fuzz_main(int argc, char **argv) {
+@@ -754,7 +749,7 @@ int fuzz_main(int argc, char **argv) {
                  exit(1);
              case 0:
                  close(ready_pipe[0]);
--                snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name ? d.remote_name : "dom0");
+-                snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name);
 +                snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubes-db.log");
  
                  close(0);
                  old_umask = umask(0);
+-- 
+2.34.1
+
diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD
index a68fdba..4056d3c 100644
--- a/qubes-db-vm/APKBUILD
+++ b/qubes-db-vm/APKBUILD
@@ -1,9 +1,10 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-db-vm
 subpackages="$pkgname-openrc"
-pkgver=4.3.1
-pkgrel=3
+pkgver=4.1.17
+pkgrel=2
 _gittag="v$pkgver"
 pkgdesc="QubesDB libs and daemon service."
 arch="x86_64"
@@ -24,7 +25,7 @@ source="
 	qubes-db.openrc
 	"
 builddir="$srcdir"/qubes-core-qubesdb-$pkgver
-subpackages="$pkgname-dev $pkgname-openrc"
+subpackages="$pkgname-dev"
 
 build() {
 	# Build all with python bindings
@@ -39,12 +40,12 @@ build() {
 
 package() {
 	# Install all with python bindings
-	make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/usr/sbin
+	make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/sbin
 	install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db
 }
 sha512sums="
-fcfa7321e1ca6af2943e900690695bde74e0b7e706e530ce92e297aeb036bbf9c12e191b7434ead4054690342a1c9ef517c6cf6e211debe5cc66474ceb57bd87  qubes-db-vm-v4.3.1.tar.gz
+dad1580afa7d152551b7292051b624090ce57c006174d7c0f5273f4d9cecadcb70d46547263dcf23131d5f5df921519c9d8ca739acd9f0e9be303b20e73083bb  qubes-db-vm-v4.1.17.tar.gz
 af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207  0001-musl-build.patch
-892eb29b9bab4d9e662678d13a5607df04cdb024c2f28332f40fa4b7c644476a4b26a9fc038dfcdac1e0b8d328165d21d50d894d2c1e27f792287dd57449e7eb  0001-create_pidfile.patch
-e8c8dc6975d5b59a2afed0e397dca008c95ae747a5e5dedb4b847bbd876d9d50e937d9ed3b8ea08592c8d0e05e7929d1a85467a72c4d45175ef77236a0c3fdec  qubes-db.openrc
+ffe9ea8f65b4e164c3a0d1c8762d1e3b39de3799ae3e63f825457d52de49c6522820950e6262deaa9235ad97cd7c60bf1c9a077fff716c4ca9dbd688e9a73c91  0001-create_pidfile.patch
+3d87f82d3637cf10bf1a3058ebbd2590ab17f65d1b49058f62d892f126635497abd5045f6797bc8069e5de08bb6e08fc6146deb6422090ad02122764cc6d72f0  qubes-db.openrc
 "
diff --git a/qubes-db-vm/qubes-db.openrc b/qubes-db-vm/qubes-db.openrc
index e0e0cd2..0d6bf0c 100644
--- a/qubes-db-vm/qubes-db.openrc
+++ b/qubes-db-vm/qubes-db.openrc
@@ -2,7 +2,7 @@
   
 name=$RC_SVCNAME
 cfgfile="/etc/qubes/$RC_SVCNAME.conf"
-command="/usr/bin/qubesdb-daemon"
+command="/sbin/qubesdb-daemon"
 command_args="0"
 command_user="root"
 pidfile="/run/qubes/$RC_SVCNAME.pid"
diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD
index e788a2a..18cdc76 100644
--- a/qubes-gpg-split/APKBUILD
+++ b/qubes-gpg-split/APKBUILD
@@ -1,10 +1,11 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-gpg-split
 subpackages="$pkgname-doc"
-pkgver=2.0.81
+pkgver=2.0.69
 _gittag="v$pkgver"
-pkgrel=0
+pkgrel=2
 pkgdesc="Used Qubes AppVM as a “smart card”"
 arch="x86_64"
 url="https://github.com/QubesOS/qubes-app-linux-split-gpg"
@@ -29,7 +30,10 @@ build() {
 
 package() {
 	make install-vm DESTDIR="$pkgdir"
+
+	# Alpine packaging guidelines: /var/run is a symlink to a tmpfs. Don't create it.
+	rm -r "$pkgdir/var/run"
 }
 sha512sums="
-78765694e05d2d46aeea859521dcb33b1899dfc0e49ff3d593377c47a3ff86487225f0983f7db5bdd2020463272bdfdcbe066a8dbf87c89c38da14a6fdb3e12f  qubes-gpg-split-v2.0.81.tar.gz
+e20b4303934d41d537f4efd3d2811802b5f5c86ac97beb1169d5c302dd150b56a3f6ca5c61788ad5cd8731747aa4f91b79806bf863df427603ba6aebab27448b  qubes-gpg-split-v2.0.69.tar.gz
 "
diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD
deleted file mode 100644
index 9a2c00e..0000000
--- a/qubes-input-proxy/APKBUILD
+++ /dev/null
@@ -1,53 +0,0 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
-# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
-pkgname=qubes-input-proxy
-pkgver=1.0.45
-_gittag="v$pkgver"
-pkgrel=0
-pkgdesc="The Qubes service for proxying input devices"
-arch="x86_64"
-url="https://github.com/QubesOS/qubes-app-linux-input-proxy"
-license='GPL'
-depends="
-	usbutils
-	qubes-vm-core
-	"
-makedepends="linux-headers"
-subpackages="$pkgname-openrc"
-source="
-	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-input-proxy/archive/refs/tags/$_gittag.tar.gz
-	qubes-input-trigger_use-openrc.patch
-	makefile_skip-systemd.patch
-	qubes-input-sender.openrc
-	"
-builddir="$srcdir"/qubes-app-linux-input-proxy-$pkgver
-
-build() {
-	make all \
-		LIBDIR=/usr/lib \
-		USRLIBDIR=/usr/lib \
-		SYSLIBDIR=/usr/lib
-}
-
-package() {
-	make install-vm \
-		DESTDIR="$pkgdir" \
-		LIBDIR=/usr/lib \
-		USRLIBDIR=/usr/lib \
-		SYSLIBDIR=/usr/lib
-
-	# replace all shebangs with /bin/sh as qubes expects bash
-	# shellcheck disable=SC2013
-	for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
-		sed -i 's|/bin/sh|/bin/bash|' "$i"
-	done
-
-	# move openrc to init.d
-	install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender
-}
-sha512sums="
-df7e3b34feac1479a9e181cad06dcb1973d85967dd42f45d47838615e48b98566484db39c9069882df19aadddba9d4c7fd65a6206e966def82481000e4dd0289  qubes-input-proxy-v1.0.45.tar.gz
-e21e6ae680f98474cbb8b6213768ca1f8d5ffb0088173a387a309e1b40a9aabbb946f3201aa143088f144f13a5c85c3710b7ade1a1189655a08ed574e3d26df4  qubes-input-trigger_use-openrc.patch
-d199c586e146c0846169a04419fcd72764c528f6d270388927bf79273bddd50a307b40db8be482847a93de473553c3cea00fc7b08b5f93f3d79e0a3f8e620f64  makefile_skip-systemd.patch
-2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299  qubes-input-sender.openrc
-"
diff --git a/qubes-input-proxy/makefile_skip-systemd.patch b/qubes-input-proxy/makefile_skip-systemd.patch
deleted file mode 100644
index 1c24467..0000000
--- a/qubes-input-proxy/makefile_skip-systemd.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
-index 22ec526..bf7e0ea 100644
---- a/qubes-rpc/Makefile.orig
-+++ b/qubes-rpc/Makefile
-@@ -12,13 +12,6 @@ install-dom0:
- 		$(DESTDIR)/etc/qubes-rpc/policy/qubes.InputTablet
- 
- install-vm:
--	install -d $(DESTDIR)$(USRLIBDIR)/systemd/system
--	install -m 0644 \
--		qubes-input-sender-keyboard@.service \
--		qubes-input-sender-keyboard-mouse@.service \
--		qubes-input-sender-mouse@.service \
--		qubes-input-sender-tablet@.service \
--		$(DESTDIR)$(USRLIBDIR)/systemd/system
- 	install -d $(DESTDIR)$(USRLIBDIR)/udev/rules.d
- 	install -m 0644 qubes-input-proxy.rules \
- 		$(DESTDIR)$(USRLIBDIR)/udev/rules.d/90-qubes-input-proxy.rules
diff --git a/qubes-input-proxy/qubes-input-sender.openrc b/qubes-input-proxy/qubes-input-sender.openrc
deleted file mode 100755
index 0f67937..0000000
--- a/qubes-input-proxy/qubes-input-sender.openrc
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/sbin/openrc-run
-  
-name=$RC_SVCNAME
-cfgfile="/etc/qubes/$RC_SVCNAME.conf"
-input="${RC_SVCNAME/*.}"
-svcname="${RC_SVCNAME/.*}."
-type="${RC_SVCNAME%.*}"
-type="${type/$svcname/}"
-type="$(echo $type | sed 's/.*/\u&/')"
-command="/usr/bin/qubes-input-sender"
-command_args="qubes.Input$type /dev/input/$input dom0"
-command_user="root"
-pidfile="/run/qubes/$RC_SVCNAME.pid"
-start_stop_daemon_args=""
-command_background="true"
-output_log="/var/log/qubes/$RC_SVCNAME.log"
-error_log="/var/log/qubes/$RC_SVCNAME.err"
-
-start_pre() {
-        checkpath --directory --owner $command_user:qubes --mode 0775 \
-                /run/qubes \
-		/var/log/qubes \
-		/var/run/qubes
-}
-
-stop_post() {
-	pkill -f "input-proxy-sender /dev/input/$input" || true
-}
diff --git a/qubes-input-proxy/qubes-input-trigger_use-openrc.patch b/qubes-input-proxy/qubes-input-trigger_use-openrc.patch
deleted file mode 100644
index ca8683e..0000000
--- a/qubes-input-proxy/qubes-input-trigger_use-openrc.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-diff --git a/qubes-rpc/qubes-input-trigger.orig b/qubes-rpc/qubes-input-trigger
-index 264788e..edd40ec 100755
---- a/qubes-rpc/qubes-input-trigger.orig
-+++ b/qubes-rpc/qubes-input-trigger
-@@ -51,49 +51,69 @@ def get_service_name(udevreturn, input_dev):
-             ('ID_INPUT_TOUCHPAD' in udevreturn) or
-             ('QEMU_USB_Tablet' in udevreturn)
-     ) and 'ID_INPUT_KEY' not in udevreturn:
--        service = 'qubes-input-sender-tablet'
-+        service = 'qubes-input-sender.tablet'
-     # if mouse report absolute events, prefer tablet service
-     # (0x3 is ABS_X | ABS_Y)
-     elif 'ID_INPUT_MOUSE' in udevreturn and abs_caps & 0x3:
--        service = 'qubes-input-sender-tablet'
-+        service = 'qubes-input-sender.tablet'
-     elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' not in udevreturn:
--        service = 'qubes-input-sender-mouse'
-+        service = 'qubes-input-sender.mouse'
-     elif 'ID_INPUT_KEY' in udevreturn and 'ID_INPUT_MOUSE' not in udevreturn:
--        service = 'qubes-input-sender-keyboard'
-+        service = 'qubes-input-sender.keyboard'
-     elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' in udevreturn:
--        service = 'qubes-input-sender-keyboard-mouse'
-+        service = 'qubes-input-sender.mouse'
- 
-     if service:
--        service = '{}@{}.service'.format(service, input_dev)
-+        service = '{}.{}'.format(service, input_dev)
- 
-     return service
- 
- 
- def handle_service(service, action):
--    retcode = subprocess.call(
--        ["/bin/systemctl", "is-active", "--quiet", "service", service])
-+    serviceFile = os.path.join("/etc/init.d", service)
-+
-+    sudo = []
-+    if os.getuid() != 0:
-+        sudo = ["sudo"]
-+
-     if action == "add":
--        systemctl_action = "start"
-+        # create service link is not created
-+        serviceFile = os.path.join("/etc/init.d", service)
-+        if not os.path.exists(serviceFile):
-+            subprocess.call(
-+                ["/bin/ln", "-s", "/etc/init.d/qubes-input-sender", serviceFile])
-+
-         # Ignore if service is already started
-+        retcode = subprocess.call(
-+            ["/sbin/rc-service","--quiet", service, "status"])
-         if retcode == 0:
-             return
-+
-+        subprocess.call(
-+            sudo + ["/sbin/service", service, "start"])
-+
-     elif action == "remove":
--        systemctl_action = "stop"
-+        # Ignore if service does not exist
-+        if not os.path.exists(serviceFile):
-+            return
-+
-         # Ignore if service is not active
--        if retcode != 0:
-+        retcode = subprocess.call(
-+            ["/sbin/rc-service", "--quiet", service, "status"])
-+        if retcode == 3:
-             return
-+
-+        subprocess.call(
-+            sudo + ["/sbin/service", service, "stop"])
-+
-+        # remove ln once stopped
-+        if os.path.exists(serviceFile):
-+            subprocess.call(
-+                sudo + ["/bin/rm", serviceFile])
-     else:
-         print("Unknown action: %s" % action)
-         sys.exit(1)
- 
--    sudo = []
--    if os.getuid() != 0:
--        sudo = ["sudo"]
--
--    subprocess.call(
--        sudo + ["/bin/systemctl", "--no-block", systemctl_action, service])
--
--
- def handle_event(input_dev, action, dom0):
-     udevreturn = None
-     if 'event' in input_dev:  # if filename contains 'event'
diff --git a/qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch b/qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch
new file mode 100644
index 0000000..43850b1
--- /dev/null
+++ b/qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch
@@ -0,0 +1,61 @@
+From 8c4c3807119f27957e6c7f87d505d66d0ea4c3d0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
+ <marmarek@invisiblethingslab.com>
+Date: Sat, 18 Nov 2023 18:27:28 +0100
+Subject: [PATCH] Support changed libxenctrl API in Xen 4.18.0
+
+The xc_domain_getinfo() is gone, it's replaced with
+xc_domain_getinfo_single. While the new API is a bit nicer, xenctrl.h
+does not provide any #define to know which one is available. Check
+library version in the makefile for that.
+---
+ vchan/Makefile.linux |  4 ++++
+ vchan/io.c           | 10 ++++++++++
+ 2 files changed, 14 insertions(+)
+
+diff --git a/vchan/Makefile.linux b/vchan/Makefile.linux
+index 281f2b5..587cb34 100644
+--- a/vchan/Makefile.linux
++++ b/vchan/Makefile.linux
+@@ -27,6 +27,11 @@ CFLAGS += -g -Wall -Wextra -Werror -fPIC -O2 -D_GNU_SOURCE -D_FORTIFY_SOURCE=2 -
+ all: libvchan-xen.so vchan-xen.pc
+ -include *.dep
+ 
++# xenctrl.h does not provide any #define to distinguish API versions
++XENCTRL_VERSION := $(shell pkg-config --modversion xencontrol)
++CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \
++                  sort -CV; then echo -DHAVE_XC_DOMAIN_GETINFO_SINGLE; fi)
++
+ libvchan-xen.so : init.o io.o
+ 	$(CC) $(LDFLAGS) -shared -o libvchan-xen.so $^ -lxenvchan -lxenctrl
+ clean:
+diff --git a/vchan/io.c b/vchan/io.c
+index 3d0ed35..0c23223 100644
+--- a/vchan/io.c
++++ b/vchan/io.c
+@@ -33,14 +33,24 @@
+ /* check if domain is still alive */
+ int libvchan__check_domain_alive(xc_interface *xc_handle, int dom) {
+     struct evtchn_status evst;
++#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE
++    xc_domaininfo_t dominfo;
++#else
+     xc_dominfo_t dominfo;
++#endif
+     int ret;
+ 
+     /* first try using domctl, more reliable but available in a privileged
+      * domain only */
++#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE
++    ret = xc_domain_getinfo_single(xc_handle, dom, &dominfo);
++    if (ret == 0)
++        return !(dominfo.flags & XEN_DOMINF_dying);
++#else
+     ret = xc_domain_getinfo(xc_handle, dom, 1, &dominfo);
+     if (ret == 1)
+         return dominfo.domid == (uint32_t)dom && !dominfo.dying;
++#endif
+     else if (ret == -1 && errno == ESRCH)
+         return 0;
+     /* otherwise fallback to xc_evtchn_status method */
+
diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD
index 0d4963d..08994a2 100644
--- a/qubes-libvchan-xen/APKBUILD
+++ b/qubes-libvchan-xen/APKBUILD
@@ -1,32 +1,24 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-libvchan-xen
-pkgver=4.2.7
-pkgrel=3
+pkgver=4.1.13
+pkgrel=4
 _gittag=v$pkgver
 pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM."
 arch="x86_64"
 url="https://github.com/QubesOS/qubes-core-vchan-xen"
 license='GPL'
-depends="xen xen-dev"
-makedepends="xen-dev coreutils patchelf"
+depends="xen"
+makedepends="xen-dev coreutils"
 builddir="$srcdir"/qubes-core-vchan-xen-$pkgver
 subpackages="$pkgname-dev"
 
 source="
 	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz
-	link-against-patched-libs.patch
+	39_support-changed-libxenctrl-api-xen418.patch
 	"
 
-prepare() {
-	default_prepare
-	cd "$builddir"/vchan
-	for i in libxenvchan.so libxenctrl.so; do
-		cp /usr/lib/$i ./
-		patchelf --set-soname $i $i
-	done
-}
-
 build() {
 	cd "$builddir"/vchan
 	make -f Makefile.linux
@@ -37,6 +29,6 @@ package() {
 }
 
 sha512sums="
-e6d85407e40ca12df5042ed2ed98d77b6e7b88360e4d6369c3c781c06654246ea81ceabfeae5a506537259fcca3db46f1fc0f1ded5e04e38035601e060fe24ed  qubes-libvchan-xen-v4.2.7.tar.gz
-db33b54121b172dfdbfddb620d56998f1be893608c23b5fbdfe373005650ab012c0462a4a01d8da12611c22c0bb9877c7b42f0bf58871dfc4474386c44ab2249  link-against-patched-libs.patch
+cefb6b89f75936d791910d2169170536221d3123a1b33a14bea1fc5c08950ce934666719bf08eb3cc86ac055f85e6834f71e21c31189fa7299af09296c3cd99f  qubes-libvchan-xen-v4.1.13.tar.gz
+fedcba617d3843e41f257ff16b0a3108af844184252d4e702df8eccba21a4ef17d62c96acdb87bb4964e783b7f2f026305777be3379e7e7b51f4535a4704b52a  39_support-changed-libxenctrl-api-xen418.patch
 "
diff --git a/qubes-libvchan-xen/link-against-patched-libs.patch b/qubes-libvchan-xen/link-against-patched-libs.patch
deleted file mode 100644
index b6a512f..0000000
--- a/qubes-libvchan-xen/link-against-patched-libs.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/vchan/Makefile.linux.orig b/vchan/Makefile.linux
-index 587cb34..cccb5de 100644
---- a/vchan/Makefile.linux.orig
-+++ b/vchan/Makefile.linux
-@@ -34,7 +34,7 @@ CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \
- SO_VER = 1
- 
- libvchan-xen.so.$(SO_VER): init.o io.o
--	$(CC) $(LDFLAGS) -Wl,-soname,$@ -shared -o $@ $^ -lxenvchan -lxenctrl -lxenstore
-+	$(CC) $(LDFLAGS) -Wl,-soname,$@ -shared -o $@ $^ ./libxenvchan.so ./libxenctrl.so -lxenstore
- 
- libvchan-xen.so: libvchan-xen.so.$(SO_VER)
- 	ln -sf $< $@
diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD
index 0e0d91c..62b7337 100644
--- a/qubes-meta-packages/APKBUILD
+++ b/qubes-meta-packages/APKBUILD
@@ -1,13 +1,14 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-meta-packages
 subpackages="
 	qubes-vm-dependencies
 	qubes-vm-recommended
 	"
-pkgver=4.3.5
+pkgver=4.1.24
 _gittag="v$pkgver"
-pkgrel=0
+pkgrel=2
 pkgdesc="Meta packages for Qubes-specific components"
 arch="noarch"
 url="https://github.com/QubesOS/qubes-meta-packages"
@@ -38,5 +39,5 @@ recommended() {
 	mkdir -p "$subpkgdir"
 }
 sha512sums="
-ed671aee73b00a99a99039fcf690e43c20d5fdc9c82617290f1741aaefd5e2e234954e68c038c7d640207cfc04a7f8fe625a0708e220a84095cb976a6ddca013  qubes-meta-packages-v4.3.5
+5dfbdbc5a7fa3ae352d5c9de6822869065ebb1601880348ebb69fc1f91092bd3be333d5d8409575649d76412acce326f643ed5f95e07c2ac9b3f82a0dcc84293  qubes-meta-packages-v4.1.24
 "
diff --git a/qubes-pass/APKBUILD b/qubes-pass/APKBUILD
index 68df164..77142e3 100644
--- a/qubes-pass/APKBUILD
+++ b/qubes-pass/APKBUILD
@@ -1,9 +1,10 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-pass
 pkgver=0.1.0
 _gittag="v$pkgver"
-pkgrel=7
+pkgrel=2
 pkgdesc="An inter-VM password manager for Qubes OS"
 arch="noarch"
 url="https://github.com/Rudd-O/qubes-pass"
@@ -14,21 +15,11 @@ makedepends="
 	pkgconf
 	"
 options="!check"
-subpackages="$pkgname-service"
-source="
-	$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz
-	service-passquery.sh
-	"
+source="$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz"
 
 package() {
 	make install-client DESTDIR="$pkgdir"
 }
-
-service() {
-	make -C "$builddir" install-service DESTDIR="$subpkgdir"
-	install -Dm755 "$srcdir"/service-passquery.sh "$subpkgdir"/etc/qubes-rpc/ruddo.PassQuery
-}
 sha512sums="
 b304bf8e6b8d04e7df4b52a02984ab03b6f3221c9178f1d91c99cab61e8b5ded45500b51de6d89aa76f4e73c0a3670ce6d07649c0ac159d048c3f0ac736c4d63  qubes-pass-v0.1.0.tar.gz
-77807ba7bd8e1627785358ef2f9e165712ef41ef76f11e7a7b989b1057f462abc433df96265c6c7d669f81e39d89de0f7ea3dcbb207c5a7a22738b843fd7e160  service-passquery.sh
 "
diff --git a/qubes-pass/service-passquery.sh b/qubes-pass/service-passquery.sh
deleted file mode 100644
index 78fa74f..0000000
--- a/qubes-pass/service-passquery.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-set -e
-
-read -n 4096 cmd
-cmd=$(echo "$cmd" | base64 -d)
-
-if [ "$cmd" == "list-files" ] ; then
-  
-  logger -t ruddo.PassQuery "requested password file list"
-  exec pass git ls-files | sed -e '/.gitattributes/d' -e '/.gpg-id/d' 
-
-fi
diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD
index 3f1ef89..92c8c85 100644
--- a/qubes-usb-proxy/APKBUILD
+++ b/qubes-usb-proxy/APKBUILD
@@ -1,9 +1,10 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-usb-proxy
-pkgver=4.3.2
+pkgver=1.1.5
 _gittag="v$pkgver"
-pkgrel=1
+pkgrel=2
 pkgdesc="The Qubes service for proxying USB devices"
 arch="noarch"
 url="https://github.com/QubesOS/qubes-app-linux-usb-proxy"
@@ -18,10 +19,7 @@ makedepends="
 	make
 	pkgconf
 	"
-source="
-	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz
-	usb-import-alpine-udevadm.patch
-	"
+source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz"
 builddir="$srcdir"/qubes-app-linux-usb-proxy-${_gittag/v}
 
 package() {
@@ -29,14 +27,10 @@ package() {
 
 	# replace all shebangs with /bin/sh as qubes expects bash
 	# shellcheck disable=SC2013
-	for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
+	for i in $(grep '/bin/sh' -Rl .); do
 		sed -i 's|/bin/sh|/bin/bash|' "$i"
 	done
-
-	mkdir -p "$pkgdir"/etc/modules-load.d
-	echo "vhci-hcd" > "$pkgdir"/etc/modules-load.d/qubes-usb-proxy.conf
 }
 sha512sums="
-e243612c3e0856f140baed274ce578c463b07f87d43074a333b09eecd5637b6b0dbcbcad693bb834bbfb5f879463886e722018154802852364ee965623a2a619  qubes-usb-proxy-v4.3.2.tar.gz
-c6519982f7eef8586ee823dc96efa7b1b90f489114edcc348bc5221837090d19a2a3533eac83e3269ba68c2cf24447c018e0ac850ed1423a1280ebae364223fa  usb-import-alpine-udevadm.patch
+27d28faec2ab9cc9df1e361dac244bc1b10afc406860ca2e3fc2dff3b666c6adaed615625aeba785918f8e08cffb215ef028698a178d795e586740caf1566fc9  qubes-usb-proxy-v1.1.5.tar.gz
 "
diff --git a/qubes-usb-proxy/usb-import-alpine-udevadm.patch b/qubes-usb-proxy/usb-import-alpine-udevadm.patch
deleted file mode 100644
index 12a2234..0000000
--- a/qubes-usb-proxy/usb-import-alpine-udevadm.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-diff --git a/src/usb-import.orig b/src/usb-import
-index 7b17799..e718795 100755
---- a/src/usb-import.orig
-+++ b/src/usb-import
-@@ -95,7 +95,7 @@ wait_for_attached() {
-             ERROR "Attach timeout, check kernel log for details."
-         fi
-     done
--    [ -f "/usr/bin/udevadm" ] && udevadm settle
-+    [ -f "/bin/udevadm" ] && udevadm settle
- }
- 
- wait_for_detached() {
-diff --git a/src/usb-export.orig b/src/usb-export
-index ad2ab2b..37cff16 100755
---- a/src/usb-export.orig
-+++ b/src/usb-export
-@@ -110,8 +110,7 @@ if [ -n "$attach_to_usbip" ]; then
-     echo "$busid" > "$SYS_USBIP_HOST/bind" || exit 1
- 
-     # optionally reset the device to clear any state from previous driver
--    reset_on_attach=$(udevadm info --query=property \
--        --value --property=QUBES_USB_RESET --path="$devpath")
-+    reset_on_attach=$(udevadm info --query=property --path="$devpath" |  awk -F "=" '{if($1=="QUBES_USB_RESET"){print $2}}' )
-     if [ -f /run/qubes-service/usb-reset-on-attach ]; then
-         reset_on_attach=1
-     fi
diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD
index e9b5b65..162fb31 100644
--- a/qubes-vm-core/APKBUILD
+++ b/qubes-vm-core/APKBUILD
@@ -1,15 +1,15 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-vm-core
 subpackages="
 	qubes-vm-networking:networking:noarch
 	qubes-vm-passwordless-root:root:noarch
 	$pkgname-openrc
 	$pkgname-doc
-	$pkgname-pyc
 	"
-pkgver=4.3.37
-pkgrel=0
+pkgver=4.1.44
+pkgrel=6
 _gittag="v$pkgver"
 pkgdesc="The Qubes core files for installation inside a Qubes VM."
 arch="x86_64"
@@ -17,9 +17,8 @@ url="https://github.com/QubesOS/qubes-core-agent-linux"
 license="GPL"
 options="!check" # No testsuite
 depends="
-	blkid
 	coreutils
-	dbus-x11
+	blkid
 	dconf
 	desktop-file-utils
 	device-mapper
@@ -28,7 +27,6 @@ depends="
 	e2fsprogs-extra
 	ethtool
 	fakeroot
-	findutils
 	gawk
 	grep
 	haveged
@@ -41,10 +39,10 @@ depends="
 	py3-dbus
 	py3-gobject3
 	py3-xdg
+	python3
 	qubes-db-vm
 	qubes-libvchan-xen
 	qubes-vm-utils
-	rsvg-convert
 	sed
 	socat
 	xdg-utils
@@ -75,10 +73,7 @@ source="
 	qubes-sysinit.openrc
 	qubes-updates-proxy-forwarder.openrc
 	qubes-updates-proxy.openrc
-	apk-proxy.sh
 	qvm-sync-clock.sh
-	setupip-do-not-use-systemctl.patch
-	silence-stringop-overread-error.patch
 	"
 builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v}
 
@@ -107,9 +102,9 @@ build() {
 # * core systemd services and drop-ins
 # * basic network functionality (setting IP address, DNS, default gateway)
 package() {
-	make DESTDIR="$pkgdir" SYSTEM_DROPIN_DIR=/usr/lib/systemd SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install-corevm
-	make -C app-menu DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install
-	make -C misc DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install
+	make install-corevm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
+	make -C app-menu install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib
+	make -C misc install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib
 	make -C qubes-rpc DESTDIR="$pkgdir" install
 	make -C qubes-rpc/kde DESTDIR="$pkgdir" install
 	make -C qubes-rpc/nautilus DESTDIR="$pkgdir" install
@@ -117,9 +112,6 @@ package() {
 	make -C network DESTDIR="$pkgdir" install
 	install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/.
 	install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/.
-	install -Dm644 "$srcdir"/apk-proxy.sh "$pkgdir"/etc/profile.d/apk-proxy.sh
-	install -dm755 "$pkgdir"/etc/bash
-	ln -s /etc/profile.d/apk-proxy.sh "$pkgdir"/etc/bash/apk-proxy.sh
 
 	for i in $source; do
 		case $i in
@@ -129,6 +121,7 @@ package() {
 				"$pkgdir"/etc/conf.d/${i%.*};;
 		esac
 	done
+
 }
 
 
@@ -150,34 +143,32 @@ networking() {
 		net-tools
 		networkmanager
 		nftables
+		python3
 		qubes-db-vm
 		qubes-vm-core
 		qubes-vm-utils
 		tinyproxy
 		"
 	cd "$builddir"
-	install -dm 755 "$subpkgdir"/usr/bin "$subpkgdir"/usr/lib/systemd/system
+	install -dm 755 "$subpkgdir"/usr/bin
 	mv "$pkgdir"/usr/bin/qubes-firewall "$subpkgdir"/usr/bin/.
-	make install-netvm DESTDIR="$subpkgdir" SYSTEM_DROPIN_DIR=/usr/lib/systemd SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
+	make install-netvm DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
 }
 
 root() {
 	cd "$builddir"
 	pkgdesc="Qubes OS Passwordless root access from normal user"
-	make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
+	make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
 }
 sha512sums="
-6c54b45ad9a53fd67901e3017e4992ebae7d30093ffe7a251ade715655b327b25588c495fe50f402a2ea2b89172b9234b2e6f3c94d471984596231d302d4771c  qubes-vm-core-v4.3.37.tar.gz
+34ba5d84fa621ff25e8a9cc0d6ca69ee25bc7dbf37f13b08ccec13692ec9ebb8b12732878464e7e2909366de68727bdb66f960692be41e5186126701dfe861dd  qubes-vm-core-v4.1.44.tar.gz
 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155  qubes-core-early.openrc
 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07  qubes-core-netvm.openrc
 da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca  qubes-core.openrc
-164159a80d00c160e74a0ebf4695c047ca7720821e4a9c395405cd96f680b6765e9c4cf426aea94fcb26e08274ec2b42adf45ecc12d26cf683ab3bd0c01afed9  qubes-firewall.openrc
+8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0  qubes-firewall.openrc
 437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f  qubes-iptables.openrc
 e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30  qubes-sysinit.openrc
-99ec0afc167866727072606aa183f0c7a539e68e0d8b9a57f6b9c129d3722c9135e1487eef438807d7138af0e669fb14608cbc1f1d5620ee9e995f294a8929f8  qubes-updates-proxy-forwarder.openrc
+b1e8af2335955e52cf1817c56296f94f8c472e68d7a17a28f516fe4f5fa8a8053d4f9333efbb007a82a06f9442a4a6cfe5f9c751de07f337e47ee04cb18b9395  qubes-updates-proxy-forwarder.openrc
 29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c  qubes-updates-proxy.openrc
-517d59e4699c24f23ccd59f5d4be3a519a426eee99d742c637fe1a9e69caa073621f4e9362c30182ba5a1a3eb0a769070c96e2c6b24cd8366a1f8f450a0b1c01  apk-proxy.sh
 cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d  qvm-sync-clock.sh
-eb59321c800e65ce873085a1105b1b697d2a8ecaefcdaa8280a81d0082c0022653ecd746c7ec37e2c544265892afb77531effa17b0fa6c45a6a86925b513bdea  setupip-do-not-use-systemctl.patch
-6b96edf070706da596e7abcb9fe6419fbf17eecb46cbd65aeceea83d078458efaedfadec33021253c2bd1b356a85fa721316fa18d5a535491004046ba2c812d3  silence-stringop-overread-error.patch
 "
diff --git a/qubes-vm-core/apk-proxy.sh b/qubes-vm-core/apk-proxy.sh
deleted file mode 100644
index 957ee76..0000000
--- a/qubes-vm-core/apk-proxy.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-# Use the update proxy over the QubesOS RPC for apk
-# /etc/init.d/qubes-updates-proxy-forwarder creates the socket to the proxy
-alias apk='https_proxy="http://127.0.0.1:8082/" http_proxy="http://127.0.0.1:8082/"  apk'
-# allow aliases with sudo
-alias sudo='sudo '
diff --git a/qubes-vm-core/qubes-firewall.openrc b/qubes-vm-core/qubes-firewall.openrc
index 93828a1..6cc4b38 100755
--- a/qubes-vm-core/qubes-firewall.openrc
+++ b/qubes-vm-core/qubes-firewall.openrc
@@ -16,7 +16,7 @@ depend() {
 }
 
 start_pre() {
-        /usr/sbin/ethtool -K "$(get_qubes_managed_iface)" sg off
+        /sbin/ethtool -K "$(get_qubes_managed_iface)" sg off
         checkpath --directory --owner $command_user:qubes --mode 0775 \
                 /run/$RC_SVCNAME /var/log/qubes
 }
diff --git a/qubes-vm-core/qubes-updates-proxy-forwarder.openrc b/qubes-vm-core/qubes-updates-proxy-forwarder.openrc
index fe84480..52e53f8 100755
--- a/qubes-vm-core/qubes-updates-proxy-forwarder.openrc
+++ b/qubes-vm-core/qubes-updates-proxy-forwarder.openrc
@@ -1,34 +1,116 @@
-#!/sbin/openrc-run
+#!/bin/bash
+#
 # Updates proxy forwarder     Startup script for the updates proxy forwarder
+#
+# chkconfig: 345 85 15
 # description: forwards connection to updates proxy over Qubes RPC
-# The clients should use the below shell variable exports:
-#   http_proxy="http://127.0.0.1:8082/"
-#   https_proxy="http://127.0.0.1:8082/"
-# For apk, see the /etc/profile.d/apk-proxy.sh alias
+#
+# processname: ncat
+# pidfile:     /var/run/qubes-updates-proxy-forwarder.pid
+#
 
-name=$RC_SVCNAME
-cfgfile="/etc/qubes/$RC_SVCNAME.conf"
-command="/bin/busybox"
-command_args="nc -lk -s 127.0.0.1 -p 8082 -e /usr/bin/qrexec-client-vm @default qubes.UpdatesProxy"
-command_user="root"
-pidfile="/run/qubes/$RC_SVCNAME.pid"
-command_background="yes"
-output_log="/var/log/qubes/$RC_SVCNAME.log"
-error_log="/var/log/qubes/$RC_SVCNAME.err"
+# Source function library.
+# shellcheck disable=SC1091
+. /etc/init.d/functions.sh
 
-depend() {
-    need qubes-qrexec-agent
-    need net
+# Source Qubes library.
+# shellcheck source=init/functions
+. /usr/lib/qubes/init/functions
+
+# Check that networking is up.
+[ "$NETWORKING" = "no" ] && exit 0
+
+exec="/usr/bin/ncat"
+prog=$(basename $exec)
+pidfile="/var/run/qubes-updates-proxy-forwarder.pid"
+
+# shellcheck disable=SC1091
+[ -e /etc/sysconfig/qubes-updates-proxy-forwarder ] && . /etc/sysconfig/qubes-updates-proxy-forwarder
+
+lockfile=/var/lock/subsys/qubes-updates-proxy-forwarder
+
+start() {
+    have_qubesdb || return
+
+    if ! qsvc updates-proxy-setup ; then
+        # updates proxy configuration disabled
+        exit 0
+    fi
+
+    if qsvc qubes-updates-proxy ; then
+        # updates proxy running here too, avoid looping traffic back to itself
+        exit 0
+    fi
+
+    [ -x $exec ] || exit 5
+
+    echo -n $"Starting $prog (as Qubes updates proxy forwarder): "
+    # shellcheck disable=SC2016
+    start-stop-daemon \
+        --exec $exec \
+        --pidfile "$pidfile" \
+        --make-pidfile \
+        --background \
+        --start \
+        -- \
+        -k -l -e 'qrexec-client-vm $default qubes.UpdatesProxy'
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && touch $lockfile
+    return $retval
 }
 
-start_pre() {
-    checkpath --directory --owner $command_user:qubes --mode 0775 \
-              /run/qubes \
-	      /var/log/qubes \
-	      /var/run/qubes
-    # TODO should fail if qubes-update-proxy is running
-    # if qsvc qubes-updates-proxy ; then
-    #     # updates proxy running here too, avoid looping traffic back to itself
-    #     exit 0
-    # fi
+stop() {
+    echo -n $"Stopping $prog: "
+    killproc -p $pidfile "$prog"
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && rm -f $lockfile
+    return $retval
 }
+
+restart() {
+    stop
+    start
+}
+
+force_reload() {
+    restart
+}
+
+rh_status() {
+    status "$prog"
+}
+
+rh_status_q() {
+    rh_status >/dev/null 2>&1
+}
+
+case "$1" in
+    start)
+        rh_status_q && exit 0
+        $1
+        ;;
+    stop)
+        rh_status_q || exit 0
+        $1
+        ;;
+    restart)
+        $1
+        ;;
+    force-reload)
+        force_reload
+        ;;
+    status)
+        rh_status
+        ;;
+    condrestart|try-restart)
+        rh_status_q || exit 0
+        restart
+        ;;
+    *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|force-reload}"
+        exit 2
+esac
+exit $?
+
diff --git a/qubes-vm-core/setupip-do-not-use-systemctl.patch b/qubes-vm-core/setupip-do-not-use-systemctl.patch
deleted file mode 100644
index 1fd4001..0000000
--- a/qubes-vm-core/setupip-do-not-use-systemctl.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff --git a/network/setup-ip.orig b/network/setup-ip
-index 9126f90..c1f401c 100755
---- a/network/setup-ip.orig
-+++ b/network/setup-ip
-@@ -244,15 +244,6 @@ if [ "$ACTION" == "add" ]; then
- 
-         primary_dns=$(/usr/bin/qubesdb-read /qubes-primary-dns 2>/dev/null) || primary_dns=
-         secondary_dns=$(/usr/bin/qubesdb-read /qubes-secondary-dns 2>/dev/null) || secondary_dns=
--        /lib/systemd/systemd-sysctl \
--            "--prefix=/net/ipv4/conf/all" \
--            "--prefix=/net/ipv4/neigh/all" \
--            "--prefix=/net/ipv6/conf/all" \
--            "--prefix=/net/ipv6/neigh/all" \
--            "--prefix=/net/ipv4/conf/$INTERFACE" \
--            "--prefix=/net/ipv4/neigh/$INTERFACE" \
--            "--prefix=/net/ipv6/conf/$INTERFACE" \
--            "--prefix=/net/ipv6/neigh/$INTERFACE"
- 
-         if [ -n "$ip4" ]; then
-             # If NetworkManager is enabled, let it configure the network
diff --git a/qubes-vm-core/silence-stringop-overread-error.patch b/qubes-vm-core/silence-stringop-overread-error.patch
deleted file mode 100644
index 2e3e2c4..0000000
--- a/qubes-vm-core/silence-stringop-overread-error.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
-index 63bd924..e5973e6 100644
---- a/qubes-rpc/Makefile.orig
-+++ b/qubes-rpc/Makefile
-@@ -11,7 +11,7 @@ ifneq ($(DEBUG),0)
- DEBUG_FLAGS := -g
- endif
- CPPFLAGS := -I.
--CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie $(CFLAGS)
-+CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie -Wno-stringop-overread $(CFLAGS)
- LDFLAGS := $(DEBUG_FLAGS) -pie $(LDFLAGS)
- LDLIBS := -lqubes-rpc-filecopy
- 
diff --git a/qubes-vm-core/sudo-aliases.sh b/qubes-vm-core/sudo-aliases.sh
deleted file mode 100644
index 3ee7ff3..0000000
--- a/qubes-vm-core/sudo-aliases.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-# allow aliases with sudo
-alias sudo='sudo '
diff --git a/qubes-vm-gui-dev/APKBUILD b/qubes-vm-gui-dev/APKBUILD
index dc3536f..65b51bb 100644
--- a/qubes-vm-gui-dev/APKBUILD
+++ b/qubes-vm-gui-dev/APKBUILD
@@ -1,9 +1,10 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-vm-gui-dev
-pkgver=4.3.1
+pkgver=4.1.1
 _gittag="v$pkgver"
-pkgrel=2
+pkgrel=3
 pkgdesc="Common files for Qubes GUI - protocol headers."
 arch="noarch"
 url="https://github.com/QubesOS/qubes-gui-common"
@@ -18,5 +19,5 @@ package() {
 	cp include/*.h $pkgdir/usr/include/
 }
 sha512sums="
-2961f3aaecd4af5a2b0a99624a0364441573e60867bd113e39a6c8b0b825f1f1947d7889ed39e8de63c238c2d6b06ff11b32680c7261a79a2185a9f2b320fc12  qubes-vm-gui-dev-v4.3.1.tar.gz
+2d962822413b1e4da6ef9303bce9b25e179829080a4ab96aeb7b274682c32b4620201d1de9c177346ab8d80913ae5e5384792b301d350850408fa790cb77d641  qubes-vm-gui-dev-v4.1.1.tar.gz
 "
diff --git a/qubes-vm-gui/0001-initd-fix.patch b/qubes-vm-gui/0001-initd-fix.patch
index bad5c33..7bb8a3c 100644
--- a/qubes-vm-gui/0001-initd-fix.patch
+++ b/qubes-vm-gui/0001-initd-fix.patch
@@ -1,13 +1,22 @@
-diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
-index 76e0227..268cb00 100755
---- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig
+From 7f7914fc2d0957012f1c4b130b0e442d43110c7d Mon Sep 17 00:00:00 2001
+From: "build@apk-groulx" <build@apk-groulx.praxis>
+Date: Sat, 5 Mar 2022 00:59:30 +0000
+Subject: [PATCH 1/1] initd fix
+
+---
+ appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
+index dc0a578..4c9623a 100755
+--- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
 +++ b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
-@@ -25,7 +25,7 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
+@@ -23,4 +23,4 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
      gui_opts="$gui_opts -vv"
  fi
  
 -echo "GUI_OPTS=$gui_opts" >> /var/run/qubes-service-environment
 +echo "GUI_OPTS=\"$gui_opts\"" >> /var/run/qubes-service-environment
- 
- # 2**30
- echo 1073741824 > /sys/module/xen_gntalloc/parameters/limit
+-- 
+2.34.1
+
diff --git a/qubes-vm-gui/0001-musl-build.patch b/qubes-vm-gui/0001-musl-build.patch
index 02c7d3d..c14f2e8 100644
--- a/qubes-vm-gui/0001-musl-build.patch
+++ b/qubes-vm-gui/0001-musl-build.patch
@@ -7,19 +7,18 @@ Subject: [PATCH 1/1] musl build
  gui-agent/vmside.c | 1 +
  1 file changed, 1 insertion(+)
 
-diff --git a/gui-agent/vmside.c.orig b/gui-agent/vmside.c
-index 09286c5..cc9ec8b 100644
---- a/gui-agent/vmside.c.orig
+diff --git a/gui-agent/vmside.c b/gui-agent/vmside.c
+index fd76f4d..89a41c8 100644
+--- a/gui-agent/vmside.c
 +++ b/gui-agent/vmside.c
-@@ -51,6 +51,7 @@
+@@ -50,6 +50,7 @@
  #include "list.h"
  #include "error.h"
  #include "encoding.h"
 +#include <string.h>
- #include "unix-addr.h"
  #include <libvchan.h>
- #include <poll.h>
-
+ 
+ /* Get the size of an array.  Error out on pointers. */
 -- 
 2.35.1
 
diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD
index fdae92a..34487df 100644
--- a/qubes-vm-gui/APKBUILD
+++ b/qubes-vm-gui/APKBUILD
@@ -1,12 +1,10 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-vm-gui
-subpackages="
-	qubes-vm-pulseaudio
-	qubes-vm-pipewire
-	$pkgname-openrc"
-pkgver=4.3.15
-pkgrel=0
+subpackages="qubes-vm-pulseaudio $pkgname-openrc"
+pkgver=4.1.31
+pkgrel=3
 _gittag="v$pkgver"
 pkgdesc="The Qubes GUI Agent for AppVMs"
 arch="x86_64"
@@ -22,21 +20,16 @@ depends="
 makedepends="
 	autoconf
 	automake
-	dbus-dev
-	gettext
 	gcc
 	git
 	libtool
 	libxcomposite-dev
 	libxt
 	linux-pam-dev
-	libunistring-dev
-	lsb-release-minimal
 	make
 	patch
 	pixman
 	pkgconf
-	pipewire-dev
 	pulseaudio-dev
 	qubes-db-vm
 	qubes-db-vm-dev
@@ -81,7 +74,7 @@ build() {
 }
 
 package() {
-	make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/usr/lib
+	make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
 	install -Dm 755 "$srcdir"/qubes-gui-agent.openrc "$pkgdir"/etc/init.d/qubes-gui-agent
 
 	# Starts qubes-session after X11 start
@@ -102,25 +95,12 @@ pulseaudio() {
 	local pa_ver=$(pkg-config --modversion libpulse 2>/dev/null | cut -f 1 -d "-")
 
 	cd "$builddir"
-	make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/usr/lib
+	make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
 }
-
-pipewire() {
-	pkgdesc="PipeWire support for Qubes VM."
-	depends="pipewire"
-
-	cd "$builddir"
-	make install-pipewire \
-		"DESTDIR=$subpkgdir" \
-		LIBDIR=/usr/lib \
-		USRLIBDIR=/usr/lib \
-		SYSLIBDIR=/usr/lib
-}
-
 sha512sums="
-d3fcd5b70ec27f637cac620d299c2bca8c14b15c86011aa364a6079c871abdde2b69f871e4329ccc6bce20d72ffa34c1f78d8bd3797f9084797e792815b92463  qubes-vm-gui-v4.3.15.tar.gz
-1a97b45ecb53926dcf840ea6954529002a6dfe3474cbe0a224dbb397d7fa91d8f08a819a2054be60883e02749b9904c128d0a226f66827dd3b7a29068662549a  0001-musl-build.patch
-01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6  0001-initd-fix.patch
+6a72fde5b3c1c6025b13b58340bb8d3eccab05050c8cbe3741d7c18ca48826e45a3df3716d77e2dd733c119ff8db5d920faa73f05cb94049306a0dad6f58349f  qubes-vm-gui-v4.1.31.tar.gz
+f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d  0001-musl-build.patch
+262b93b4ea172926dc18b7af372168ff3f645a02db1529cb73af3d5aa6252a75500bfbd95344a835bbf646e753018d0e27885e41a03f06247226a485edb5e028  0001-initd-fix.patch
 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194  qubes-gui-agent.openrc
 bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0  qubes-sessions.sh
 b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7  qubes-gui-agent.pam
diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD
index 0bdc2bb..cc7cfb4 100644
--- a/qubes-vm-qrexec/APKBUILD
+++ b/qubes-vm-qrexec/APKBUILD
@@ -1,10 +1,11 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-vm-qrexec
-subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc"
-pkgver=4.3.11
+subpackages="$pkgname-openrc $pkgname-doc"
+pkgver=4.1.22
 _gittag="v$pkgver"
-pkgrel=1
+pkgrel=3
 pkgdesc="The Qubes qrexec files (qube side)"
 arch="x86_64"
 url="https://github.com/QubesOS/qubes-core-qrexec"
@@ -32,7 +33,7 @@ prepare() {
 	default_prepare
 	# remove all -Werror
 	msg "Eradicating -Werror..."
-	find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror*. //g' {} +
+	find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror//g' {} +
 }
 
 build() {
@@ -47,13 +48,13 @@ build() {
 }
 
 package() {
-	make install-base DESTDIR="$pkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
-	make install-vm DESTDIR="$pkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
+	make install-base DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
+	make install-vm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
 	install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent
 }
 sha512sums="
-316f2608294b4e351f74962a23664f545ccf535c4b77e432335ceb5f937dc8655d82dffe37a8ce3ec7f004130a565feeb1a5ee345736cce7d059c591dc61e765  qubes-vm-qrexec-v4.3.11.tar.gz
+c4d993dae87446fe73f390bdf0aa3bcfacce1a630b1f0e5f20c6ea7710c14cd9a7a0a66a66e5731dee47c6958c659e61b3c0ebea5a99a31317a52fb326650a2f  qubes-vm-qrexec-v4.1.22.tar.gz
 e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f  qubes-qrexec-agent.openrc
-c3009ddb97656be7d0a78910217c852f0f9b20cd37b4537d99724e629bc87f1c675ada084eba3c641c4ae54dab8aacd87514d73de72f42d6ccc976e6255212bc  makefile-remove-cc-cflags.patch
+e48a06778a880915827fb2ef3e38379eb2bc6cf63f7fed79472be4732f7110b0c642c7a62a43236f53404ce69afddd40a5bc92a984403aae74caae1580c31200  makefile-remove-cc-cflags.patch
 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13  agent-qrexec-fork-server-undef-fortify-source.patch
 "
diff --git a/qubes-vm-qrexec/makefile-remove-cc-cflags.patch b/qubes-vm-qrexec/makefile-remove-cc-cflags.patch
index b126ee3..383970b 100644
--- a/qubes-vm-qrexec/makefile-remove-cc-cflags.patch
+++ b/qubes-vm-qrexec/makefile-remove-cc-cflags.patch
@@ -2,14 +2,6 @@ diff --git a/Makefile.orig b/Makefile
 index ade10bf..7de05a4 100644
 --- a/Makefile.orig
 +++ b/Makefile
-@@ -1,6 +1,5 @@
- MAKEFLAGS=-r
--CC ?= gcc
--CFLAGS += -Werror=strict-prototypes -Werror=old-style-definition -Werror=missing-declarations -Werror=missing-prototypes
-+CFLAGS += -Wno-incompatible-pointer-types -Wno-int-conversion -Wno-implicit-function-declaration
- PYTHON ?= python3
- export PYTHON CC MAKEFLAGS CFLAGS
- 
 @@ -26,7 +24,7 @@ all-base:
  	$(PYTHON) setup.py build
  .PHONY: all-base
diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD
index a872af7..9a989c5 100644
--- a/qubes-vm-utils/APKBUILD
+++ b/qubes-vm-utils/APKBUILD
@@ -1,13 +1,13 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-vm-utils
 subpackages="
 	qubes-vm-kernel-support:support:noarch
 	$pkgname-openrc
-	$pkgname-pyc
 	"
-pkgver=4.3.13
-pkgrel=1
+pkgver=4.1.19
+pkgrel=2
 _gittag="v$pkgver"
 pkgdesc="Common Linux files for Qubes VM."
 arch="x86_64"
@@ -23,7 +23,6 @@ makedepends="
 	make
 	pkgconfig
 	py3-setuptools
-	icu-dev
 	qubes-libvchan-xen-dev
 	xen-dev
 	"
@@ -40,7 +39,7 @@ build() {
 }
 
 package() {
-	make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SBINDIR=/usr/sbin
+	make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/lib SBINDIR=/sbin
 	install -Dm 755 "$srcdir"/qubes-meminfo-writer.openrc "$pkgdir"/etc/init.d/qubes-meminfo-writer
 }
 
@@ -59,6 +58,6 @@ support() {
 	install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh
 }
 sha512sums="
-58de5e357f560d4670a685de04cd72c173e5fa9568e6eb417370978dc5fb2cd76fadb8527232186452c7b7962d98dbc4441799e92d0e86bd934c7a915975826b  qubes-vm-utils-v4.3.13.tar.gz
-288636ea0ea9bda0560478f487b8f5491c2767c6460e7f4f04f653aee0121920c8d823d12e537e26cbecf4909336f6e0c360bbc221ed39407fe3f09f23462acd  qubes-meminfo-writer.openrc
+adfa6190af80e8ff92b899056370b8e820820154dcbad2d141debc72a6f122d94894eb0ffd5f56715db8ff7c3166c63b8832a78f70c35d86d42af071297b7d35  qubes-vm-utils-v4.1.19.tar.gz
+aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3  qubes-meminfo-writer.openrc
 "
diff --git a/qubes-vm-utils/qubes-meminfo-writer.openrc b/qubes-vm-utils/qubes-meminfo-writer.openrc
index 996c0f8..9e8acdc 100644
--- a/qubes-vm-utils/qubes-meminfo-writer.openrc
+++ b/qubes-vm-utils/qubes-meminfo-writer.openrc
@@ -3,7 +3,7 @@
 name=$RC_SVCNAME
 cfgfile="/etc/qubes/$RC_SVCNAME.conf"
 pidfile="/var/run/meminfo-writer.pid"
-command="/usr/bin/meminfo-writer"
+command="/sbin/meminfo-writer"
 command_args="30000 100000 $pidfile"
 command_user="root"
 start_stop_daemon_args=""