From 4ca75689c6698c5c7ae1a7c724aa9877d4b2cfe0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 15 Aug 2023 21:58:40 -0400 Subject: [PATCH 001/184] qubes-db-vm: upgrade to 4.2.4 --- qubes-db-vm/0001-create_pidfile.patch | 35 ++++++++++++--------------- qubes-db-vm/APKBUILD | 8 +++--- 2 files changed, 20 insertions(+), 23 deletions(-) diff --git a/qubes-db-vm/0001-create_pidfile.patch b/qubes-db-vm/0001-create_pidfile.patch index 947f45c..0603ee1 100644 --- a/qubes-db-vm/0001-create_pidfile.patch +++ b/qubes-db-vm/0001-create_pidfile.patch @@ -1,17 +1,17 @@ -From d20a9db122608e0992c9ab6f675920d4bb1ee88f Mon Sep 17 00:00:00 2001 -From: "build@apk-groulx" -Date: Fri, 4 Mar 2022 22:50:19 +0000 -Subject: [PATCH 1/1] create_pidfile - ---- - daemon/db-daemon.c | 11 +++-------- - 1 file changed, 3 insertions(+), 8 deletions(-) - -diff --git a/daemon/db-daemon.c b/daemon/db-daemon.c -index 9934d16..2b28995 100644 ---- a/daemon/db-daemon.c +diff --git a/daemon/db-daemon.c.orig b/daemon/db-daemon.c +index bcf77df..c7b1a50 100644 +--- a/daemon/db-daemon.c.orig +++ b/daemon/db-daemon.c -@@ -618,11 +618,8 @@ int create_pidfile(struct db_daemon_data *d) { +@@ -156,7 +156,7 @@ int mainloop(struct db_daemon_data *d) { + return 0; + } + d->multiread_requested = 1; +- /* wait for complete response */ ++ /* wait for complete rsponse */ + while (d->multiread_requested) { + AcquireSRWLockExclusive(&d->lock); + if (!handle_vchan_data(d)) { +@@ -627,11 +627,8 @@ static int create_pidfile(struct db_daemon_data *d) { mode_t old_umask; struct stat stat_buf; @@ -24,7 +24,7 @@ index 9934d16..2b28995 100644 old_umask = umask(0002); pidfile = fopen(pidfile_name, "w"); -@@ -643,10 +640,8 @@ void remove_pidfile(struct db_daemon_data *d) { +@@ -652,10 +649,8 @@ static void remove_pidfile(struct db_daemon_data *d) { struct stat stat_buf; /* no pidfile for VM daemon - service is managed by systemd */ @@ -36,15 +36,12 @@ index 9934d16..2b28995 100644 if (stat(pidfile_name, &stat_buf) == 0) { /* remove pidfile only if it's the one created this process */ -@@ -754,7 +749,7 @@ int fuzz_main(int argc, char **argv) { +@@ -763,7 +758,7 @@ int fuzz_main(int argc, char **argv) { exit(1); case 0: close(ready_pipe[0]); -- snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name); +- snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name ? d.remote_name : "dom0"); + snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubes-db.log"); close(0); old_umask = umask(0); --- -2.34.1 - diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index 8796368..2c83c5a 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-db-vm subpackages="$pkgname-openrc" -pkgver=4.1.17 +pkgver=4.2.4 pkgrel=0 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." @@ -25,7 +25,7 @@ source=" qubes-db.openrc " builddir="$srcdir"/qubes-core-qubesdb-$pkgver -subpackages="$pkgname-dev" +subpackages="$pkgname-dev $pkgname-openrc" build() { # Build all with python bindings @@ -44,8 +44,8 @@ package() { install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db } sha512sums=" -dad1580afa7d152551b7292051b624090ce57c006174d7c0f5273f4d9cecadcb70d46547263dcf23131d5f5df921519c9d8ca739acd9f0e9be303b20e73083bb qubes-db-vm-v4.1.17.tar.gz +c252772c53b3cb6727f6d7c1ea13d54fc0a55e6dd558244da12e17b8a9ab80c338281f6123dc1f08965d310cab5ef8684266bfd4f47ac344c4f35851ce5f7f9f qubes-db-vm-v4.2.4.tar.gz af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207 0001-musl-build.patch -ffe9ea8f65b4e164c3a0d1c8762d1e3b39de3799ae3e63f825457d52de49c6522820950e6262deaa9235ad97cd7c60bf1c9a077fff716c4ca9dbd688e9a73c91 0001-create_pidfile.patch +892eb29b9bab4d9e662678d13a5607df04cdb024c2f28332f40fa4b7c644476a4b26a9fc038dfcdac1e0b8d328165d21d50d894d2c1e27f792287dd57449e7eb 0001-create_pidfile.patch 3d87f82d3637cf10bf1a3058ebbd2590ab17f65d1b49058f62d892f126635497abd5045f6797bc8069e5de08bb6e08fc6146deb6422090ad02122764cc6d72f0 qubes-db.openrc " From bb07394c5c6f0ed204a4c9efcf9a193b4a445f7d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 15 Aug 2023 22:00:53 -0400 Subject: [PATCH 002/184] qubes-libvchan-xen: upgrade to 4.2.1 --- qubes-libvchan-xen/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index 42b721e..de48de7 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -2,8 +2,8 @@ # Contributor: Antoine Martin (ayakael) pkgname=qubes-libvchan-xen -pkgver=4.1.13 -pkgrel=1 +pkgver=4.2.1 +pkgrel=0 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" @@ -26,5 +26,5 @@ package() { } sha512sums=" -cefb6b89f75936d791910d2169170536221d3123a1b33a14bea1fc5c08950ce934666719bf08eb3cc86ac055f85e6834f71e21c31189fa7299af09296c3cd99f qubes-libvchan-xen-v4.1.13.tar.gz +2094f84fd3ca36b61c4d2a243a499425153dc4d3ca944f75763c7e23b985a40cb8ac2b41aad99074b8a7f1d871aaad87da9db2ec5bbc68adc7e717a0a2fbebff qubes-libvchan-xen-v4.2.1.tar.gz " From 83468ae4a0538136627dbaf59228140e4342b72d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 15 Aug 2023 22:01:55 -0400 Subject: [PATCH 003/184] qubes-meta-packages: upgrade to 4.2.9 --- qubes-meta-packages/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index 15336c0..6770831 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -6,7 +6,7 @@ subpackages=" qubes-vm-dependencies qubes-vm-recommended " -pkgver=4.1.24 +pkgver=4.2.9 _gittag="v$pkgver" pkgrel=0 pkgdesc="Meta packages for Qubes-specific components" @@ -39,5 +39,5 @@ recommended() { mkdir -p "$subpkgdir" } sha512sums=" -5dfbdbc5a7fa3ae352d5c9de6822869065ebb1601880348ebb69fc1f91092bd3be333d5d8409575649d76412acce326f643ed5f95e07c2ac9b3f82a0dcc84293 qubes-meta-packages-v4.1.24 +b30abf53c3cfb90ba7090b227a862f66d71c85021b25e49c9de7d57f77bf6e83a9b730c3d4175ffefa7562952f9be57e4ca6a85552a175716592676413ceee86 qubes-meta-packages-v4.2.9 " From f9192ee9c68d5097c2f6749a10529d61f137ced9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 15 Aug 2023 22:03:53 -0400 Subject: [PATCH 004/184] qubes-vm-core: upgrade to 4.2.19 --- qubes-vm-core/APKBUILD | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 27ea45d..3d32b85 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -7,8 +7,9 @@ subpackages=" qubes-vm-passwordless-root:root:noarch $pkgname-openrc $pkgname-doc + $pkgname-pyc " -pkgver=4.1.44 +pkgver=4.2.19 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." @@ -48,6 +49,7 @@ makedepends=" gcc libx11-dev linux-pam-dev + lsb-release-minimal make pandoc pkgconf @@ -156,7 +158,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib } sha512sums=" -34ba5d84fa621ff25e8a9cc0d6ca69ee25bc7dbf37f13b08ccec13692ec9ebb8b12732878464e7e2909366de68727bdb66f960692be41e5186126701dfe861dd qubes-vm-core-v4.1.44.tar.gz +4280e6dc5901a2f1d2dcf046aab553d996b0b6af6f5ad75e09779b4c43df1f868defa400ce95959bceeba359f34485b336af2d5c887d2aa46c2198990c1304d1 qubes-vm-core-v4.2.19.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From 6b94ec6cc4b7fe1bd048dd349b44d1b0cbd90d89 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 15 Aug 2023 22:14:12 -0400 Subject: [PATCH 005/184] qubes-vm-gui: upgrade to 4.2.8 --- qubes-vm-gui/0001-initd-fix.patch | 23 +++++++---------------- qubes-vm-gui/APKBUILD | 27 +++++++++++++++++++++++---- 2 files changed, 30 insertions(+), 20 deletions(-) diff --git a/qubes-vm-gui/0001-initd-fix.patch b/qubes-vm-gui/0001-initd-fix.patch index 7bb8a3c..bad5c33 100644 --- a/qubes-vm-gui/0001-initd-fix.patch +++ b/qubes-vm-gui/0001-initd-fix.patch @@ -1,22 +1,13 @@ -From 7f7914fc2d0957012f1c4b130b0e442d43110c7d Mon Sep 17 00:00:00 2001 -From: "build@apk-groulx" -Date: Sat, 5 Mar 2022 00:59:30 +0000 -Subject: [PATCH 1/1] initd fix - ---- - appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh -index dc0a578..4c9623a 100755 ---- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh +diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh +index 76e0227..268cb00 100755 +--- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig +++ b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh -@@ -23,4 +23,4 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then +@@ -25,7 +25,7 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then gui_opts="$gui_opts -vv" fi -echo "GUI_OPTS=$gui_opts" >> /var/run/qubes-service-environment +echo "GUI_OPTS=\"$gui_opts\"" >> /var/run/qubes-service-environment --- -2.34.1 - + + # 2**30 + echo 1073741824 > /sys/module/xen_gntalloc/parameters/limit diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 316a2cb..3d259df 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -2,8 +2,11 @@ # Contributor: Antoine Martin (ayakael) pkgname=qubes-vm-gui -subpackages="qubes-vm-pulseaudio $pkgname-openrc" -pkgver=4.1.31 +subpackages=" + qubes-vm-pulseaudio + qubes-vm-pipewire + $pkgname-openrc" +pkgver=4.2.8 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" @@ -26,10 +29,12 @@ makedepends=" libxcomposite-dev libxt linux-pam-dev + lsb-release-minimal make patch pixman pkgconf + pipewire-dev pulseaudio-dev qubes-db-vm qubes-db-vm-dev @@ -95,10 +100,24 @@ pulseaudio() { cd "$builddir" make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib } + +pipewire() { + pkgdesc="PipeWire support for Qubes VM. This replaces the legacy PulseAudio module." + depends="pipewire" + provides="qubes-vm-pulseaudio=$pkgver-r$pkgrel" + + cd "$builddir" + make install-pipewire \ + "DESTDIR=$subpkgdir" \ + LIBDIR=/usr/lib \ + USRLIBDIR=/usr/lib \ + SYSLIBDIR=/usr/lib +} + sha512sums=" -6a72fde5b3c1c6025b13b58340bb8d3eccab05050c8cbe3741d7c18ca48826e45a3df3716d77e2dd733c119ff8db5d920faa73f05cb94049306a0dad6f58349f qubes-vm-gui-v4.1.31.tar.gz +a6e1ed0ca640b25b27caa209c7027c44c9e745ac56cbde05b4b4c6f48bd5ae923e727f2debd3244fc1172c6430eaba5661316666b9cfa14fdc202124b37c4efe qubes-vm-gui-v4.2.8.tar.gz f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch -262b93b4ea172926dc18b7af372168ff3f645a02db1529cb73af3d5aa6252a75500bfbd95344a835bbf646e753018d0e27885e41a03f06247226a485edb5e028 0001-initd-fix.patch +01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0 qubes-sessions.sh b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7 qubes-gui-agent.pam From c96a0efda841246cb56c93ce9697a6cc9bfb344a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 15 Aug 2023 22:14:34 -0400 Subject: [PATCH 006/184] qubes-vm-gui-dev: upgrade to 4.2.4 --- qubes-vm-gui-dev/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-gui-dev/APKBUILD b/qubes-vm-gui-dev/APKBUILD index 558fb78..4c79283 100644 --- a/qubes-vm-gui-dev/APKBUILD +++ b/qubes-vm-gui-dev/APKBUILD @@ -2,9 +2,9 @@ # Contributor: Antoine Martin (ayakael) pkgname=qubes-vm-gui-dev -pkgver=4.1.1 +pkgver=4.2.4 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="Common files for Qubes GUI - protocol headers." arch="noarch" url="https://github.com/QubesOS/qubes-gui-common" @@ -19,5 +19,5 @@ package() { cp include/*.h $pkgdir/usr/include/ } sha512sums=" -2d962822413b1e4da6ef9303bce9b25e179829080a4ab96aeb7b274682c32b4620201d1de9c177346ab8d80913ae5e5384792b301d350850408fa790cb77d641 qubes-vm-gui-dev-v4.1.1.tar.gz +be9d71abc991d6d2dabaf17f647a5cf2a73b947f15fc36117e309d493f4f6a7e151d9ab6f6df8bd99ac33ea873413a47f72aeb98bf6b7b4ed2a217c8fbd0bd51 qubes-vm-gui-dev-v4.2.4.tar.gz " From cbc2602c347f4ccb33c3ffc2cc203c7494a9f93d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 15 Aug 2023 22:29:57 -0400 Subject: [PATCH 007/184] qubes-vm-utils: upgrade to 4.2.11 --- qubes-vm-utils/APKBUILD | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index b90507a..78dc58e 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -5,8 +5,9 @@ pkgname=qubes-vm-utils subpackages=" qubes-vm-kernel-support:support:noarch $pkgname-openrc + $pkgname-pyc " -pkgver=4.1.19 +pkgver=4.2.11 pkgrel=0 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." @@ -23,6 +24,7 @@ makedepends=" make pkgconfig py3-setuptools + icu-dev qubes-libvchan-xen-dev xen-dev " @@ -58,6 +60,6 @@ support() { install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh } sha512sums=" -adfa6190af80e8ff92b899056370b8e820820154dcbad2d141debc72a6f122d94894eb0ffd5f56715db8ff7c3166c63b8832a78f70c35d86d42af071297b7d35 qubes-vm-utils-v4.1.19.tar.gz +b7a60219d7928ae1cf20accc843f1c0408e0d4219dd029357ce780b24110f070a5296dfbf3f6ecac8132d2798a76fac0a61228ac092443a490d0356ae6bfadbb qubes-vm-utils-v4.2.11.tar.gz aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3 qubes-meminfo-writer.openrc " From bad57cc2edd967402951d08020f0a8caf6e6f1a7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 15 Aug 2023 22:28:25 -0400 Subject: [PATCH 008/184] qubes-vm-qrexec: upgrade to 4.2.8 --- qubes-vm-qrexec/APKBUILD | 13 +++--- .../makefile-remove-cc-cflags.patch | 42 +++++++++++++++++++ 2 files changed, 49 insertions(+), 6 deletions(-) create mode 100644 qubes-vm-qrexec/makefile-remove-cc-cflags.patch diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index efc1296..87b1278 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -2,8 +2,8 @@ # Contributor: Antoine Martin (ayakael) pkgname=qubes-vm-qrexec -subpackages="$pkgname-openrc $pkgname-doc" -pkgver=4.1.22 +subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" +pkgver=4.2.8 _gittag="v$pkgver" pkgrel=0 pkgdesc="The Qubes qrexec files (qube side)" @@ -13,17 +13,18 @@ license='GPL' depends="qubes-libvchan-xen" options="!check" # No testsuite makedepends=" - gcc + grep make + lsb-release-minimal pandoc pkgconf py3-setuptools - lld qubes-libvchan-xen-dev " source=" $pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-qrexec/archive/refs/tags/$_gittag.tar.gz qubes-qrexec-agent.openrc + makefile-remove-cc-cflags.patch agent-qrexec-fork-server-undef-fortify-source.patch " builddir="$srcdir/qubes-core-qrexec-${_gittag/v}" @@ -47,13 +48,13 @@ build() { } package() { - export LDFLAGS="$LDFLAGS -fuse-ld=lld" make install-base DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib make install-vm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent } sha512sums=" -c4d993dae87446fe73f390bdf0aa3bcfacce1a630b1f0e5f20c6ea7710c14cd9a7a0a66a66e5731dee47c6958c659e61b3c0ebea5a99a31317a52fb326650a2f qubes-vm-qrexec-v4.1.22.tar.gz +be8ec20fb272d8fd059114fd29bba62b11c979172f0897113f06d0daf2c5ff9212d2170e7fb1b8933396abb34739481ff43f107caf3b4fd4f56b4537308dc2e7 qubes-vm-qrexec-v4.2.8.tar.gz e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc +3cbe66c8251d0cbe078d78ac9a2aef2d6c095c4f514ff0aab69dd724dee7488cf84dff4af2210d8a2298a052db49e85b0e38ac45456a8aa9bd1e4a7de0311b69 makefile-remove-cc-cflags.patch 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch " diff --git a/qubes-vm-qrexec/makefile-remove-cc-cflags.patch b/qubes-vm-qrexec/makefile-remove-cc-cflags.patch new file mode 100644 index 0000000..9c1ee70 --- /dev/null +++ b/qubes-vm-qrexec/makefile-remove-cc-cflags.patch @@ -0,0 +1,42 @@ +diff --git a/Makefile.orig b/Makefile +index ade10bf..7de05a4 100644 +--- a/Makefile.orig ++++ b/Makefile +@@ -1,6 +1,4 @@ + MAKEFLAGS=-r +-CC ?= gcc +-CFLAGS += -Werror=strict-prototypes -Werror=old-style-definition -Werror=missing-declarations -Werror=missing-prototypes + PYTHON ?= python3 + export PYTHON CC MAKEFLAGS CFLAGS + +@@ -26,7 +24,7 @@ all-base: + $(PYTHON) setup.py build + .PHONY: all-base + +-install-base: all-base ++install-base: + +$(MAKE) install -C libqrexec + $(PYTHON) setup.py install -O1 $(PYTHON_PREFIX_ARG) --skip-build --root $(DESTDIR) + ln -sf qrexec-policy-exec $(DESTDIR)/usr/bin/qrexec-policy +@@ -75,7 +73,7 @@ all-vm-selinux: + +$(MAKE) -f /usr/share/selinux/devel/Makefile -C selinux qubes-core-qrexec.pp + .PHONY: all-vm + +-install-vm: all-vm ++install-vm: + +$(MAKE) install -C agent + install -d $(DESTDIR)/$(SYSLIBDIR)/systemd/system -m 755 + install -t $(DESTDIR)/$(SYSLIBDIR)/systemd/system -m 644 systemd/qubes-qrexec-agent.service +diff --git a/agent/Makefile.orig b/agent/Makefile +index e1500f1..d75f60e 100644 +--- a/agent/Makefile.orig ++++ b/agent/Makefile +@@ -32,7 +32,7 @@ else + endif + + +-install: all ++install: + install -d $(DESTDIR)/etc/qubes-rpc $(DESTDIR)/usr/lib/qubes \ + $(DESTDIR)/usr/bin $(DESTDIR)/usr/share/man/man1 + install qrexec-agent $(DESTDIR)/usr/lib/qubes From d366575faac6647d5b60747e2aa534014184a2d1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 16 Aug 2023 00:08:45 -0400 Subject: [PATCH 009/184] qubes-vm-qrexec: fix build --- qubes-vm-qrexec/APKBUILD | 9 ++--- .../makefile-remove-cc-cflags.patch | 35 +++++++++++++++++++ 2 files changed, 40 insertions(+), 4 deletions(-) create mode 100644 qubes-vm-qrexec/makefile-remove-cc-cflags.patch diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index efc1296..d732667 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -5,7 +5,7 @@ pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc" pkgver=4.1.22 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" @@ -13,17 +13,18 @@ license='GPL' depends="qubes-libvchan-xen" options="!check" # No testsuite makedepends=" - gcc + grep make + lsb-release-minimal pandoc pkgconf py3-setuptools - lld qubes-libvchan-xen-dev " source=" $pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-qrexec/archive/refs/tags/$_gittag.tar.gz qubes-qrexec-agent.openrc + makefile-remove-cc-cflags.patch agent-qrexec-fork-server-undef-fortify-source.patch " builddir="$srcdir/qubes-core-qrexec-${_gittag/v}" @@ -47,7 +48,6 @@ build() { } package() { - export LDFLAGS="$LDFLAGS -fuse-ld=lld" make install-base DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib make install-vm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent @@ -55,5 +55,6 @@ package() { sha512sums=" c4d993dae87446fe73f390bdf0aa3bcfacce1a630b1f0e5f20c6ea7710c14cd9a7a0a66a66e5731dee47c6958c659e61b3c0ebea5a99a31317a52fb326650a2f qubes-vm-qrexec-v4.1.22.tar.gz e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc +e48a06778a880915827fb2ef3e38379eb2bc6cf63f7fed79472be4732f7110b0c642c7a62a43236f53404ce69afddd40a5bc92a984403aae74caae1580c31200 makefile-remove-cc-cflags.patch 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch " diff --git a/qubes-vm-qrexec/makefile-remove-cc-cflags.patch b/qubes-vm-qrexec/makefile-remove-cc-cflags.patch new file mode 100644 index 0000000..383970b --- /dev/null +++ b/qubes-vm-qrexec/makefile-remove-cc-cflags.patch @@ -0,0 +1,35 @@ +diff --git a/Makefile.orig b/Makefile +index ade10bf..7de05a4 100644 +--- a/Makefile.orig ++++ b/Makefile +@@ -26,7 +24,7 @@ all-base: + $(PYTHON) setup.py build + .PHONY: all-base + +-install-base: all-base ++install-base: + +$(MAKE) install -C libqrexec + $(PYTHON) setup.py install -O1 $(PYTHON_PREFIX_ARG) --skip-build --root $(DESTDIR) + ln -sf qrexec-policy-exec $(DESTDIR)/usr/bin/qrexec-policy +@@ -75,7 +73,7 @@ all-vm-selinux: + +$(MAKE) -f /usr/share/selinux/devel/Makefile -C selinux qubes-core-qrexec.pp + .PHONY: all-vm + +-install-vm: all-vm ++install-vm: + +$(MAKE) install -C agent + install -d $(DESTDIR)/$(SYSLIBDIR)/systemd/system -m 755 + install -t $(DESTDIR)/$(SYSLIBDIR)/systemd/system -m 644 systemd/qubes-qrexec-agent.service +diff --git a/agent/Makefile.orig b/agent/Makefile +index e1500f1..d75f60e 100644 +--- a/agent/Makefile.orig ++++ b/agent/Makefile +@@ -32,7 +32,7 @@ else + endif + + +-install: all ++install: + install -d $(DESTDIR)/etc/qubes-rpc $(DESTDIR)/usr/lib/qubes \ + $(DESTDIR)/usr/bin $(DESTDIR)/usr/share/man/man1 + install qrexec-agent $(DESTDIR)/usr/lib/qubes From 51e314e96937566080d0074e06299fdef87e2a4d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 16 Aug 2023 00:08:58 -0400 Subject: [PATCH 010/184] qubes-vm-core: fix build --- qubes-vm-core/APKBUILD | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 27ea45d..9f56a34 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,7 +9,7 @@ subpackages=" $pkgname-doc " pkgver=4.1.44 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -29,6 +29,7 @@ depends=" icu imagemagick librsvg + lsb-release-minimal net-tools ntpsec procps From cc3a7230e9ba227d22be7db1007eced704afb87b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 16 Aug 2023 00:27:39 -0400 Subject: [PATCH 011/184] qubes-vm-core: fix lsb depend --- qubes-vm-core/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 9f56a34..03a7fe9 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,7 +9,7 @@ subpackages=" $pkgname-doc " pkgver=4.1.44 -pkgrel=1 +pkgrel=2 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -29,7 +29,6 @@ depends=" icu imagemagick librsvg - lsb-release-minimal net-tools ntpsec procps @@ -49,6 +48,7 @@ makedepends=" gcc libx11-dev linux-pam-dev + lsb-release-minimal make pandoc pkgconf From e1f435d9389456ca012c1529f12eee778537fcf0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 16 Aug 2023 00:42:37 -0400 Subject: [PATCH 012/184] Add readme --- README.md | 140 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..bf74fdd --- /dev/null +++ b/README.md @@ -0,0 +1,140 @@ +# qubes-aports +Upstream: https://lab.ilot.io/ayakael/qubes-aports + +## Description + +This repository contains aports that allow Alpine Linux to be used as an Alpine +Linux template. The upstream repo uses GitLab's CI to build and deploy packages +targetting multiple Alpine Linux versions. QubesOS releases are tracked using +branches. + +#### Provided packages + +Use `abuild-r` to build the following packages. +For more information on how to build an Alpine Package, read [this](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package) + +Core VM packages + * qubes-vm-xen - Qubes's version of xen + * qubes-libvchan-xen - libvchan library dependency + * qubes-db-vm - qubes-db package + * qubes-vm-utils - qubes-meminfo-writer service package + * qubes-vm-core - Core init.d / qubes scripts + * qubes-vm-gui-dev - Library dependencies for `qubes-vm-gui` + * qubes-vm-gui - GUI agent + * qubes-vm-qrexec - qrexec agent + * qubes-gpg-split + * qubes-usb-proxy + * qubes-meta-packages - Meta package that pulls everything when added to world + +Extra packages + * qubes-pass - Aport for Rudd-O's inter-VM password manager for Qubes OS + +#### Drawbacks +QubesOS does not by default support openrc based templates. All of the init scripts have thus been implemented. +This might mean some bugs along the way, thus this project is still very much considered a WIP. Although I use +these packages on a daily basis, I can't test for all use-cases. + +#### The yet-to-be-implemented list +Thus the following use cases are still not supported: + * Service VMs (sys-net, sys-usb, sys-firewall) + * Firewall (not tested) + * `qubes-builder` hooks (thus no `dom0` template RPM yet, see [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine) for progress) + * `apk` proxying from within template (thus you must allow internet access to template to install packages) + * `qubes-vm-kernel-support` Not adapted for use on Alpine yet, due to it providing a Dracut module. In most cases, it is not necessary as Qubes provides the kernel. + This package is only neccessary when VM uses its own kernel, thus a hook is added to Dracut to generate the initrd for use within qubes. + +#### Issues, recommendations and proposals +**To report an issue or share a recommendation** + +Go [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports/-/issues) + +**To make a merge request** + * Fork the repo from Alpine's GitLab [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports) + * Clone your fork locally. (`git clone $repo`) + * Make a branch with a descriptive name (`git checkout -b $descriptivename`) + * Make the changes you want to see in the world, commit, and push to the GitLab's remote repo + * Request a merge [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports/-/merge_requests) + +### Installation steps + +It might require a few tweaks as these steps havn't been tested to their fullest extent. Some things +may have been forgotten along the way + +#### 0. HVM Setup + +* Create a new HVM by following [this guide](https://www.qubes-os.org/doc/standalones-and-hvms/#creating-an-hvm) +* Set the memory to fixed 4G +* Execute `qvm-prefs kernel ""` - Otherwise it will not start +* For network, ensure you've followed [this part of the guide](https://www.qubes-os.org/doc/standalones-and-hvms/#setting-up-networking-for-hvms) +* Use `alpine-setup` to install the system on `/dev/xvda`, and feed it the network information from the previous step. +* Make sure your partition setup looks like this, and uses gpt partition scheme. (note the name for xvda3 as "Root filesystem") +``` +/dev/xvda1 200M EFI System +/dev/xvda2 2048K BIOS boot partition +/dev/xvda3 (whatever) Root filesystem +``` + +#### 1. The metapackage + +Following [this guide](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package), +you can setup a build environment where you can build this repo's packages. +After, pointing to your local repo in `/etc/apk/repositories` +(usually `/home/user/packages/main`), you can run `apk add qubes-vm-dependencies` + +This will install everything required. + +You may also use the repo-apk repo [https://lab.ilot.io/ayakael/repo-apk](https://lab.ilot.io/ayakael/repo-apk). + +#### 2. Services and Checks + +**Ensure that:** + + * `user ALL=(ALL) ALL` is present in `/etc/sudoers` + * `/home/user` does exist and contains the usual skeleton + * The user "user" and group "user" do exist. + * `hvc0::respawn:/sbin/getty -L hvc0 115200 vt220` is in `/etc/inittab` + * `eudev` is installed + * The following is in `/etc/fstab`: +``` +/dev/mapper/dmroot / ext4 defaults,discard,noatime 1 1 +/dev/xvdb /rw auto noauto,defaults,discard,nosuid,nodev 1 2 +/dev/xvdc1 swap swap defaults 0 0 +/rw/home /home none noauto,bind,defaults,nosuid,nodev 0 0 +/rw/usrlocal /usr/local none noauto,bind,defaults 0 0 +none /dev/shm tmpfs defaults,size=1G 0 0 +``` + +**Enable the services:** + +Using `rc-update add $service`, add the following services: + * udev + * udev-trigger + * xendriverdomain + * qubes-qrexec-agent + * qubes-db + * qubes-meminfo-qriter + * qubes-sysinit + * qubes-core-early + * qubes-core + * qubes-gui-agent + +#### 3. Test boot + +You may now try a reboot and hope it doesn't end up in the rescue console. +If the boot is successful you should be able to use all the usual qvm commands, +pass devices, use the gui-agent, etc. + +For debugging any `gui-agent` issues, set ensure that the VM type is `hvm` and access console via +`xl console $vm` + +Final test by trying to run a Xorg based program, in my case: `qvm-run $vm urxvt` + +#### 4. Converting to template +**Do the following** + * convert to template using the following command, which also sets custom kernelopts: + `qvm-clone --class TemplateVM --property virt_mode=pvh --property kernel='modules=ext4 rootfstype=ext4' $vm $template` + * From within Qubes Manager, ensure that memory balancing is on. + * test the template by running `qvm-run $template $gui-program` + * APK proxying is a known-issue, please allow internet to template + +You should now be able to install your own packages and setup your template to fit your use case. From 52f5847075fb3441d98a0f9418f308765662bf59 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 16 Aug 2023 00:42:37 -0400 Subject: [PATCH 013/184] Add readme --- README.md | 140 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..bf74fdd --- /dev/null +++ b/README.md @@ -0,0 +1,140 @@ +# qubes-aports +Upstream: https://lab.ilot.io/ayakael/qubes-aports + +## Description + +This repository contains aports that allow Alpine Linux to be used as an Alpine +Linux template. The upstream repo uses GitLab's CI to build and deploy packages +targetting multiple Alpine Linux versions. QubesOS releases are tracked using +branches. + +#### Provided packages + +Use `abuild-r` to build the following packages. +For more information on how to build an Alpine Package, read [this](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package) + +Core VM packages + * qubes-vm-xen - Qubes's version of xen + * qubes-libvchan-xen - libvchan library dependency + * qubes-db-vm - qubes-db package + * qubes-vm-utils - qubes-meminfo-writer service package + * qubes-vm-core - Core init.d / qubes scripts + * qubes-vm-gui-dev - Library dependencies for `qubes-vm-gui` + * qubes-vm-gui - GUI agent + * qubes-vm-qrexec - qrexec agent + * qubes-gpg-split + * qubes-usb-proxy + * qubes-meta-packages - Meta package that pulls everything when added to world + +Extra packages + * qubes-pass - Aport for Rudd-O's inter-VM password manager for Qubes OS + +#### Drawbacks +QubesOS does not by default support openrc based templates. All of the init scripts have thus been implemented. +This might mean some bugs along the way, thus this project is still very much considered a WIP. Although I use +these packages on a daily basis, I can't test for all use-cases. + +#### The yet-to-be-implemented list +Thus the following use cases are still not supported: + * Service VMs (sys-net, sys-usb, sys-firewall) + * Firewall (not tested) + * `qubes-builder` hooks (thus no `dom0` template RPM yet, see [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine) for progress) + * `apk` proxying from within template (thus you must allow internet access to template to install packages) + * `qubes-vm-kernel-support` Not adapted for use on Alpine yet, due to it providing a Dracut module. In most cases, it is not necessary as Qubes provides the kernel. + This package is only neccessary when VM uses its own kernel, thus a hook is added to Dracut to generate the initrd for use within qubes. + +#### Issues, recommendations and proposals +**To report an issue or share a recommendation** + +Go [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports/-/issues) + +**To make a merge request** + * Fork the repo from Alpine's GitLab [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports) + * Clone your fork locally. (`git clone $repo`) + * Make a branch with a descriptive name (`git checkout -b $descriptivename`) + * Make the changes you want to see in the world, commit, and push to the GitLab's remote repo + * Request a merge [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports/-/merge_requests) + +### Installation steps + +It might require a few tweaks as these steps havn't been tested to their fullest extent. Some things +may have been forgotten along the way + +#### 0. HVM Setup + +* Create a new HVM by following [this guide](https://www.qubes-os.org/doc/standalones-and-hvms/#creating-an-hvm) +* Set the memory to fixed 4G +* Execute `qvm-prefs kernel ""` - Otherwise it will not start +* For network, ensure you've followed [this part of the guide](https://www.qubes-os.org/doc/standalones-and-hvms/#setting-up-networking-for-hvms) +* Use `alpine-setup` to install the system on `/dev/xvda`, and feed it the network information from the previous step. +* Make sure your partition setup looks like this, and uses gpt partition scheme. (note the name for xvda3 as "Root filesystem") +``` +/dev/xvda1 200M EFI System +/dev/xvda2 2048K BIOS boot partition +/dev/xvda3 (whatever) Root filesystem +``` + +#### 1. The metapackage + +Following [this guide](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package), +you can setup a build environment where you can build this repo's packages. +After, pointing to your local repo in `/etc/apk/repositories` +(usually `/home/user/packages/main`), you can run `apk add qubes-vm-dependencies` + +This will install everything required. + +You may also use the repo-apk repo [https://lab.ilot.io/ayakael/repo-apk](https://lab.ilot.io/ayakael/repo-apk). + +#### 2. Services and Checks + +**Ensure that:** + + * `user ALL=(ALL) ALL` is present in `/etc/sudoers` + * `/home/user` does exist and contains the usual skeleton + * The user "user" and group "user" do exist. + * `hvc0::respawn:/sbin/getty -L hvc0 115200 vt220` is in `/etc/inittab` + * `eudev` is installed + * The following is in `/etc/fstab`: +``` +/dev/mapper/dmroot / ext4 defaults,discard,noatime 1 1 +/dev/xvdb /rw auto noauto,defaults,discard,nosuid,nodev 1 2 +/dev/xvdc1 swap swap defaults 0 0 +/rw/home /home none noauto,bind,defaults,nosuid,nodev 0 0 +/rw/usrlocal /usr/local none noauto,bind,defaults 0 0 +none /dev/shm tmpfs defaults,size=1G 0 0 +``` + +**Enable the services:** + +Using `rc-update add $service`, add the following services: + * udev + * udev-trigger + * xendriverdomain + * qubes-qrexec-agent + * qubes-db + * qubes-meminfo-qriter + * qubes-sysinit + * qubes-core-early + * qubes-core + * qubes-gui-agent + +#### 3. Test boot + +You may now try a reboot and hope it doesn't end up in the rescue console. +If the boot is successful you should be able to use all the usual qvm commands, +pass devices, use the gui-agent, etc. + +For debugging any `gui-agent` issues, set ensure that the VM type is `hvm` and access console via +`xl console $vm` + +Final test by trying to run a Xorg based program, in my case: `qvm-run $vm urxvt` + +#### 4. Converting to template +**Do the following** + * convert to template using the following command, which also sets custom kernelopts: + `qvm-clone --class TemplateVM --property virt_mode=pvh --property kernel='modules=ext4 rootfstype=ext4' $vm $template` + * From within Qubes Manager, ensure that memory balancing is on. + * test the template by running `qvm-run $template $gui-program` + * APK proxying is a known-issue, please allow internet to template + +You should now be able to install your own packages and setup your template to fit your use case. From 14b2ac8af534666b1b7193ca06d58211dcf202c4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 25 Aug 2023 16:40:54 -0400 Subject: [PATCH 014/184] qubes-vm-core: add eudev depend --- qubes-vm-core/APKBUILD | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 03a7fe9..163be18 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,7 +9,7 @@ subpackages=" $pkgname-doc " pkgver=4.1.44 -pkgrel=2 +pkgrel=3 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -25,6 +25,7 @@ depends=" fakeroot gawk grep + eudev haveged icu imagemagick From 376caaae3c604dfed883b982ced4f07060d60f74 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 25 Aug 2023 16:40:54 -0400 Subject: [PATCH 015/184] qubes-vm-core: add eudev depend --- qubes-vm-core/APKBUILD | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 3d32b85..f967acc 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -10,7 +10,7 @@ subpackages=" $pkgname-pyc " pkgver=4.2.19 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -26,6 +26,7 @@ depends=" fakeroot gawk grep + eudev haveged icu imagemagick From 54447345b46270fbb048edbca5cc7673eb8fbde3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 26 Aug 2023 14:08:50 -0400 Subject: [PATCH 016/184] qubes-vm-gui: fix pam.d install --- qubes-vm-gui/APKBUILD | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 316a2cb..b997402 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-vm-gui subpackages="qubes-vm-pulseaudio $pkgname-openrc" pkgver=4.1.31 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" @@ -62,10 +62,6 @@ build() { sed 's:ExecStartPre=/bin/touch:#ExecStartPre=/bin/touch:' -i appvm-scripts/qubes-gui-agent.service # Ensure that qubes-gui-agent starts after user autologin sed 's/After=\(.*\)qubes-misc-post.service/After=\1qubes-misc-post.service getty.target/' -i appvm-scripts/qubes-gui-agent.service - # Starts qubes-session after X11 start - install -Dm 755 "$srcdir"/qubes-sessions.sh "$pkgdir"/etc/X11/xinit/xinitrc.d/90-qubes-sessions.sh - # Remove broken pam and replace with adequate - install -Dm 644 "$srcdir"/qubes-gui-agent.pam "$pkgdir"/etc/pam.d/qubes-gui-agent make BACKEND_VMM="$_qubes_backend_vmm" appvm make appvm @@ -80,6 +76,12 @@ build() { package() { make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib install -Dm 755 "$srcdir"/qubes-gui-agent.openrc "$pkgdir"/etc/init.d/qubes-gui-agent + + # Starts qubes-session after X11 start + install -Dm 755 "$srcdir"/qubes-sessions.sh "$pkgdir"/etc/X11/xinit/xinitrc.d/90-qubes-sessions.sh + + # Remove broken pam and replace with adequate + install -Dm 644 "$srcdir"/qubes-gui-agent.pam "$pkgdir"/etc/pam.d/qubes-gui-agent } pulseaudio() { From 41572968b2aed67df1708e5e59517a640782ecb6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 26 Aug 2023 15:26:56 -0400 Subject: [PATCH 017/184] qubes-vm-core: add missing depends --- qubes-vm-core/APKBUILD | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index f967acc..2bdf34d 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -10,7 +10,7 @@ subpackages=" $pkgname-pyc " pkgver=4.2.19 -pkgrel=1 +pkgrel=2 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -19,14 +19,17 @@ license="GPL" options="!check" # No testsuite depends=" coreutils + blkid dconf desktop-file-utils device-mapper + diffutils + e2fsprogs + e2fsprogs-extra ethtool fakeroot gawk grep - eudev haveged icu imagemagick From 4f4c87063f34ffeb82afb87e01ea73bea4f63f46 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 26 Aug 2023 15:26:56 -0400 Subject: [PATCH 018/184] qubes-vm-core: add missing depends --- qubes-vm-core/APKBUILD | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 163be18..83001e9 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,7 +9,7 @@ subpackages=" $pkgname-doc " pkgver=4.1.44 -pkgrel=3 +pkgrel=4 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -18,14 +18,17 @@ license="GPL" options="!check" # No testsuite depends=" coreutils + blkid dconf desktop-file-utils device-mapper + diffutils + e2fsprogs + e2fsprogs-extra ethtool fakeroot gawk grep - eudev haveged icu imagemagick From 346d0699950603ca5245b8ae5bdf4570889cb5e4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 26 Aug 2023 14:08:50 -0400 Subject: [PATCH 019/184] qubes-vm-gui: fix pam.d install --- qubes-vm-gui/APKBUILD | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 3d259df..6c3d969 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -7,7 +7,7 @@ subpackages=" qubes-vm-pipewire $pkgname-openrc" pkgver=4.2.8 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" @@ -67,10 +67,6 @@ build() { sed 's:ExecStartPre=/bin/touch:#ExecStartPre=/bin/touch:' -i appvm-scripts/qubes-gui-agent.service # Ensure that qubes-gui-agent starts after user autologin sed 's/After=\(.*\)qubes-misc-post.service/After=\1qubes-misc-post.service getty.target/' -i appvm-scripts/qubes-gui-agent.service - # Starts qubes-session after X11 start - install -Dm 755 "$srcdir"/qubes-sessions.sh "$pkgdir"/etc/X11/xinit/xinitrc.d/90-qubes-sessions.sh - # Remove broken pam and replace with adequate - install -Dm 644 "$srcdir"/qubes-gui-agent.pam "$pkgdir"/etc/pam.d/qubes-gui-agent make BACKEND_VMM="$_qubes_backend_vmm" appvm make appvm @@ -85,6 +81,12 @@ build() { package() { make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib install -Dm 755 "$srcdir"/qubes-gui-agent.openrc "$pkgdir"/etc/init.d/qubes-gui-agent + + # Starts qubes-session after X11 start + install -Dm 755 "$srcdir"/qubes-sessions.sh "$pkgdir"/etc/X11/xinit/xinitrc.d/90-qubes-sessions.sh + + # Remove broken pam and replace with adequate + install -Dm 644 "$srcdir"/qubes-gui-agent.pam "$pkgdir"/etc/pam.d/qubes-gui-agent } pulseaudio() { From 8d0f7b55ce1d2c156388f291c3030d555128361e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Aug 2023 17:19:12 +0000 Subject: [PATCH 020/184] Update README.md --- README.md | 105 +++++------------------------------------------------- 1 file changed, 9 insertions(+), 96 deletions(-) diff --git a/README.md b/README.md index bf74fdd..089400a 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,11 @@ Linux template. The upstream repo uses GitLab's CI to build and deploy packages targetting multiple Alpine Linux versions. QubesOS releases are tracked using branches. +#### Template builder +The template builder is housed in its [own repo](https://lab.ilot.io/ayakael/qubes-builder-alpine). +RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate +installation of your very own Alpine Linux template on QubesOS. + #### Provided packages Use `abuild-r` to build the following packages. @@ -29,19 +34,11 @@ Core VM packages Extra packages * qubes-pass - Aport for Rudd-O's inter-VM password manager for Qubes OS -#### Drawbacks -QubesOS does not by default support openrc based templates. All of the init scripts have thus been implemented. -This might mean some bugs along the way, thus this project is still very much considered a WIP. Although I use -these packages on a daily basis, I can't test for all use-cases. +Omitted packages + * qubes-vmm-xen - The default Alpine xen package seems to provide the necessary modules -#### The yet-to-be-implemented list -Thus the following use cases are still not supported: - * Service VMs (sys-net, sys-usb, sys-firewall) - * Firewall (not tested) - * `qubes-builder` hooks (thus no `dom0` template RPM yet, see [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine) for progress) - * `apk` proxying from within template (thus you must allow internet access to template to install packages) - * `qubes-vm-kernel-support` Not adapted for use on Alpine yet, due to it providing a Dracut module. In most cases, it is not necessary as Qubes provides the kernel. - This package is only neccessary when VM uses its own kernel, thus a hook is added to Dracut to generate the initrd for use within qubes. +#### Known issues +Known issues are currently being tracked in [qubes-builder-alpine](https://lab.ilot.io/ayakael/qubes-builder-alpine) repo. #### Issues, recommendations and proposals **To report an issue or share a recommendation** @@ -54,87 +51,3 @@ Go [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports/-/issues) * Make a branch with a descriptive name (`git checkout -b $descriptivename`) * Make the changes you want to see in the world, commit, and push to the GitLab's remote repo * Request a merge [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports/-/merge_requests) - -### Installation steps - -It might require a few tweaks as these steps havn't been tested to their fullest extent. Some things -may have been forgotten along the way - -#### 0. HVM Setup - -* Create a new HVM by following [this guide](https://www.qubes-os.org/doc/standalones-and-hvms/#creating-an-hvm) -* Set the memory to fixed 4G -* Execute `qvm-prefs kernel ""` - Otherwise it will not start -* For network, ensure you've followed [this part of the guide](https://www.qubes-os.org/doc/standalones-and-hvms/#setting-up-networking-for-hvms) -* Use `alpine-setup` to install the system on `/dev/xvda`, and feed it the network information from the previous step. -* Make sure your partition setup looks like this, and uses gpt partition scheme. (note the name for xvda3 as "Root filesystem") -``` -/dev/xvda1 200M EFI System -/dev/xvda2 2048K BIOS boot partition -/dev/xvda3 (whatever) Root filesystem -``` - -#### 1. The metapackage - -Following [this guide](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package), -you can setup a build environment where you can build this repo's packages. -After, pointing to your local repo in `/etc/apk/repositories` -(usually `/home/user/packages/main`), you can run `apk add qubes-vm-dependencies` - -This will install everything required. - -You may also use the repo-apk repo [https://lab.ilot.io/ayakael/repo-apk](https://lab.ilot.io/ayakael/repo-apk). - -#### 2. Services and Checks - -**Ensure that:** - - * `user ALL=(ALL) ALL` is present in `/etc/sudoers` - * `/home/user` does exist and contains the usual skeleton - * The user "user" and group "user" do exist. - * `hvc0::respawn:/sbin/getty -L hvc0 115200 vt220` is in `/etc/inittab` - * `eudev` is installed - * The following is in `/etc/fstab`: -``` -/dev/mapper/dmroot / ext4 defaults,discard,noatime 1 1 -/dev/xvdb /rw auto noauto,defaults,discard,nosuid,nodev 1 2 -/dev/xvdc1 swap swap defaults 0 0 -/rw/home /home none noauto,bind,defaults,nosuid,nodev 0 0 -/rw/usrlocal /usr/local none noauto,bind,defaults 0 0 -none /dev/shm tmpfs defaults,size=1G 0 0 -``` - -**Enable the services:** - -Using `rc-update add $service`, add the following services: - * udev - * udev-trigger - * xendriverdomain - * qubes-qrexec-agent - * qubes-db - * qubes-meminfo-qriter - * qubes-sysinit - * qubes-core-early - * qubes-core - * qubes-gui-agent - -#### 3. Test boot - -You may now try a reboot and hope it doesn't end up in the rescue console. -If the boot is successful you should be able to use all the usual qvm commands, -pass devices, use the gui-agent, etc. - -For debugging any `gui-agent` issues, set ensure that the VM type is `hvm` and access console via -`xl console $vm` - -Final test by trying to run a Xorg based program, in my case: `qvm-run $vm urxvt` - -#### 4. Converting to template -**Do the following** - * convert to template using the following command, which also sets custom kernelopts: - `qvm-clone --class TemplateVM --property virt_mode=pvh --property kernel='modules=ext4 rootfstype=ext4' $vm $template` - * From within Qubes Manager, ensure that memory balancing is on. - * test the template by running `qvm-run $template $gui-program` - * APK proxying is a known-issue, please allow internet to template - -You should now be able to install your own packages and setup your template to fit your use case. From ff0aab1f603d29f2cd3cef67b55f10a972e7a664 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Aug 2023 14:48:37 -0400 Subject: [PATCH 021/184] qubes-gpg-split: bump pkgrel --- qubes-gpg-split/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index 2c21f6f..126aa8c 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -5,7 +5,7 @@ pkgname=qubes-gpg-split subpackages="$pkgname-doc" pkgver=2.0.69 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Used Qubes AppVM as a “smart card”" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-split-gpg" From 35da3eea116060c2f736b486da462d4117feeca1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Aug 2023 14:48:55 -0400 Subject: [PATCH 022/184] qubes-usb-proxy: bump pkgrel --- qubes-usb-proxy/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index 4eaf637..d93ec04 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-usb-proxy pkgver=1.1.5 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" From 7390b8343dd735d278f9e486ef75713d642e8d5e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Aug 2023 17:19:12 +0000 Subject: [PATCH 023/184] Update README.md --- README.md | 105 +++++------------------------------------------------- 1 file changed, 9 insertions(+), 96 deletions(-) diff --git a/README.md b/README.md index bf74fdd..089400a 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,11 @@ Linux template. The upstream repo uses GitLab's CI to build and deploy packages targetting multiple Alpine Linux versions. QubesOS releases are tracked using branches. +#### Template builder +The template builder is housed in its [own repo](https://lab.ilot.io/ayakael/qubes-builder-alpine). +RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate +installation of your very own Alpine Linux template on QubesOS. + #### Provided packages Use `abuild-r` to build the following packages. @@ -29,19 +34,11 @@ Core VM packages Extra packages * qubes-pass - Aport for Rudd-O's inter-VM password manager for Qubes OS -#### Drawbacks -QubesOS does not by default support openrc based templates. All of the init scripts have thus been implemented. -This might mean some bugs along the way, thus this project is still very much considered a WIP. Although I use -these packages on a daily basis, I can't test for all use-cases. +Omitted packages + * qubes-vmm-xen - The default Alpine xen package seems to provide the necessary modules -#### The yet-to-be-implemented list -Thus the following use cases are still not supported: - * Service VMs (sys-net, sys-usb, sys-firewall) - * Firewall (not tested) - * `qubes-builder` hooks (thus no `dom0` template RPM yet, see [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine) for progress) - * `apk` proxying from within template (thus you must allow internet access to template to install packages) - * `qubes-vm-kernel-support` Not adapted for use on Alpine yet, due to it providing a Dracut module. In most cases, it is not necessary as Qubes provides the kernel. - This package is only neccessary when VM uses its own kernel, thus a hook is added to Dracut to generate the initrd for use within qubes. +#### Known issues +Known issues are currently being tracked in [qubes-builder-alpine](https://lab.ilot.io/ayakael/qubes-builder-alpine) repo. #### Issues, recommendations and proposals **To report an issue or share a recommendation** @@ -54,87 +51,3 @@ Go [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports/-/issues) * Make a branch with a descriptive name (`git checkout -b $descriptivename`) * Make the changes you want to see in the world, commit, and push to the GitLab's remote repo * Request a merge [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports/-/merge_requests) - -### Installation steps - -It might require a few tweaks as these steps havn't been tested to their fullest extent. Some things -may have been forgotten along the way - -#### 0. HVM Setup - -* Create a new HVM by following [this guide](https://www.qubes-os.org/doc/standalones-and-hvms/#creating-an-hvm) -* Set the memory to fixed 4G -* Execute `qvm-prefs kernel ""` - Otherwise it will not start -* For network, ensure you've followed [this part of the guide](https://www.qubes-os.org/doc/standalones-and-hvms/#setting-up-networking-for-hvms) -* Use `alpine-setup` to install the system on `/dev/xvda`, and feed it the network information from the previous step. -* Make sure your partition setup looks like this, and uses gpt partition scheme. (note the name for xvda3 as "Root filesystem") -``` -/dev/xvda1 200M EFI System -/dev/xvda2 2048K BIOS boot partition -/dev/xvda3 (whatever) Root filesystem -``` - -#### 1. The metapackage - -Following [this guide](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package), -you can setup a build environment where you can build this repo's packages. -After, pointing to your local repo in `/etc/apk/repositories` -(usually `/home/user/packages/main`), you can run `apk add qubes-vm-dependencies` - -This will install everything required. - -You may also use the repo-apk repo [https://lab.ilot.io/ayakael/repo-apk](https://lab.ilot.io/ayakael/repo-apk). - -#### 2. Services and Checks - -**Ensure that:** - - * `user ALL=(ALL) ALL` is present in `/etc/sudoers` - * `/home/user` does exist and contains the usual skeleton - * The user "user" and group "user" do exist. - * `hvc0::respawn:/sbin/getty -L hvc0 115200 vt220` is in `/etc/inittab` - * `eudev` is installed - * The following is in `/etc/fstab`: -``` -/dev/mapper/dmroot / ext4 defaults,discard,noatime 1 1 -/dev/xvdb /rw auto noauto,defaults,discard,nosuid,nodev 1 2 -/dev/xvdc1 swap swap defaults 0 0 -/rw/home /home none noauto,bind,defaults,nosuid,nodev 0 0 -/rw/usrlocal /usr/local none noauto,bind,defaults 0 0 -none /dev/shm tmpfs defaults,size=1G 0 0 -``` - -**Enable the services:** - -Using `rc-update add $service`, add the following services: - * udev - * udev-trigger - * xendriverdomain - * qubes-qrexec-agent - * qubes-db - * qubes-meminfo-qriter - * qubes-sysinit - * qubes-core-early - * qubes-core - * qubes-gui-agent - -#### 3. Test boot - -You may now try a reboot and hope it doesn't end up in the rescue console. -If the boot is successful you should be able to use all the usual qvm commands, -pass devices, use the gui-agent, etc. - -For debugging any `gui-agent` issues, set ensure that the VM type is `hvm` and access console via -`xl console $vm` - -Final test by trying to run a Xorg based program, in my case: `qvm-run $vm urxvt` - -#### 4. Converting to template -**Do the following** - * convert to template using the following command, which also sets custom kernelopts: - `qvm-clone --class TemplateVM --property virt_mode=pvh --property kernel='modules=ext4 rootfstype=ext4' $vm $template` - * From within Qubes Manager, ensure that memory balancing is on. - * test the template by running `qvm-run $template $gui-program` - * APK proxying is a known-issue, please allow internet to template - -You should now be able to install your own packages and setup your template to fit your use case. From 6d4cb0f4f14ddc42c63d3f461c26018245b4ff8c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 30 Aug 2023 15:08:50 -0400 Subject: [PATCH 024/184] gltlab-ci: implement target multiple Alpine releases --- .gitlab-ci.yml | 13 ++++++---- .gitlab/bin/build.sh | 3 ++- .gitlab/bin/push.sh | 57 ++++++++++++++++++++++---------------------- 3 files changed, 40 insertions(+), 33 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9d6dcdf..200be49 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -42,14 +42,19 @@ lint: build-v3.18: extends: .build when: always + variables: + CI_ALPINE_TARGET_RELEASE: v3.18 tags: - - apk-v3.18-x86_64 + - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 -build-v3.17: +build-edge: extends: .build - when: manual + when: always + variables: + CI_ALPINE_TARGET_RELEASE: edge tags: - - apk-v3.17-x86_64 + - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 + push: interruptible: true diff --git a/.gitlab/bin/build.sh b/.gitlab/bin/build.sh index f04a0ad..5905fbc 100755 --- a/.gitlab/bin/build.sh +++ b/.gitlab/bin/build.sh @@ -169,7 +169,8 @@ copy_artifacts() { if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then msg "Copying packages for artifact upload" - cp -ar "$REPODEST"/* packages/ 2>/dev/null + mkdir packages/$CI_ALPINE_TARGET_RELEASE + cp -ar "$REPODEST"/* packages/$CI_ALPINE_TARGET_RELEASE 2>/dev/null cp ~/.abuild/*.rsa.pub keys/ else msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow diff --git a/.gitlab/bin/push.sh b/.gitlab/bin/push.sh index 1dfd15c..3c35179 100755 --- a/.gitlab/bin/push.sh +++ b/.gitlab/bin/push.sh @@ -11,8 +11,6 @@ readonly APORTSDIR=$CI_PROJECT_DIR readonly REPOS="backports user" readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME -ALPINE_RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}') - export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa @@ -25,14 +23,6 @@ echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" > $HOME/.abuild/abuil echo "REPODEST=$HOME/repo-apk/qubes" >> $HOME/.abuild/abuild.conf sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/. -if [ -d $HOME/repo-apk ]; then - git -C $HOME/repo-apk fetch - git -C $HOME/repo-apk checkout $ALPINE_RELEASE - git -C $HOME/repo-apk pull --rebase -else - git clone git@lab.ilot.io:ayakael/repo-apk -b $ALPINE_RELEASE $HOME/repo-apk -fi - get_qubes_release() { case $BASEBRANCH in r*) echo $BASEBRANCH;; @@ -43,22 +33,33 @@ get_qubes_release() { QUBES_REL=$(get_qubes_release) -for i in $(find packages -type f -name "*.apk"); do - install -vDm644 $i ${i/packages\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL} +for release in $(find packages -type d -maxdepth 1 -mindepth 1 -printf '%f\n'); do + + if [ -d $HOME/repo-apk ]; then + git -C $HOME/repo-apk fetch + git -C $HOME/repo-apk checkout $release + git -C $HOME/repo-apk pull --rebase + else + git clone git@lab.ilot.io:ayakael/repo-apk -b $release $HOME/repo-apk + fi + + for i in $(find packages/$release -type f -name "*.apk"); do + install -vDm644 $i ${i/packages\/$release\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL} + done + + fetch_flags="-qn" + git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ + "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" + + rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true + mkdir -p qubes/$QUBES_REL/DUMMY + echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD + cd qubes/$QUBES_REL/DUMMY + abuild index + cd "$CI_PROJECT_DIR" + rm -R qubes/$QUBES_REL/DUMMY + + git -C $HOME/repo-apk add . + git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE" + git -C $HOME/repo-apk push done - -fetch_flags="-qn" -git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ - "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" - -rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true -mkdir -p qubes/$QUBES_REL/DUMMY -echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD -cd qubes/$QUBES_REL/DUMMY -abuild index -cd "$CI_PROJECT_DIR" -rm -R qubes/$QUBES_REL/DUMMY - -git -C $HOME/repo-apk add . -git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE" -git -C $HOME/repo-apk push From 960293833e70746de805086da96f7efbc22250cf Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 30 Aug 2023 15:13:02 -0400 Subject: [PATCH 025/184] *: bump pkgrel --- qubes-db-vm/APKBUILD | 2 +- qubes-gpg-split/APKBUILD | 2 +- qubes-libvchan-xen/APKBUILD | 2 +- qubes-meta-packages/APKBUILD | 2 +- qubes-pass/APKBUILD | 2 +- qubes-usb-proxy/APKBUILD | 2 +- qubes-vm-core/APKBUILD | 2 +- qubes-vm-gui-dev/APKBUILD | 2 +- qubes-vm-gui/APKBUILD | 2 +- qubes-vm-qrexec/APKBUILD | 2 +- qubes-vm-utils/APKBUILD | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index 8796368..dea6339 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-db-vm subpackages="$pkgname-openrc" pkgver=4.1.17 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." arch="x86_64" diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index 2c21f6f..126aa8c 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -5,7 +5,7 @@ pkgname=qubes-gpg-split subpackages="$pkgname-doc" pkgver=2.0.69 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Used Qubes AppVM as a “smart card”" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-split-gpg" diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index 42b721e..b652fd7 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-libvchan-xen pkgver=4.1.13 -pkgrel=1 +pkgrel=2 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index 15336c0..9683b5c 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -8,7 +8,7 @@ subpackages=" " pkgver=4.1.24 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Meta packages for Qubes-specific components" arch="noarch" url="https://github.com/QubesOS/qubes-meta-packages" diff --git a/qubes-pass/APKBUILD b/qubes-pass/APKBUILD index a1c6b55..17eea31 100644 --- a/qubes-pass/APKBUILD +++ b/qubes-pass/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-pass pkgver=0.1.0 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="An inter-VM password manager for Qubes OS" arch="noarch" url="https://github.com/Rudd-O/qubes-pass" diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index 4eaf637..d93ec04 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-usb-proxy pkgver=1.1.5 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 83001e9..fa06688 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,7 +9,7 @@ subpackages=" $pkgname-doc " pkgver=4.1.44 -pkgrel=4 +pkgrel=5 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" diff --git a/qubes-vm-gui-dev/APKBUILD b/qubes-vm-gui-dev/APKBUILD index 558fb78..09ad23d 100644 --- a/qubes-vm-gui-dev/APKBUILD +++ b/qubes-vm-gui-dev/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-vm-gui-dev pkgver=4.1.1 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="Common files for Qubes GUI - protocol headers." arch="noarch" url="https://github.com/QubesOS/qubes-gui-common" diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index b997402..7463fb4 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-vm-gui subpackages="qubes-vm-pulseaudio $pkgname-openrc" pkgver=4.1.31 -pkgrel=1 +pkgrel=2 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index d732667..9bcf289 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -5,7 +5,7 @@ pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc" pkgver=4.1.22 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index b90507a..d8c0d6f 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -7,7 +7,7 @@ subpackages=" $pkgname-openrc " pkgver=4.1.19 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" From 8308c0cf42aa94fb6ad795a89047ab190b651fca Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 30 Aug 2023 15:08:50 -0400 Subject: [PATCH 026/184] gltlab-ci: implement target multiple Alpine releases --- .gitlab-ci.yml | 13 ++++++---- .gitlab/bin/build.sh | 3 ++- .gitlab/bin/push.sh | 57 ++++++++++++++++++++++---------------------- 3 files changed, 40 insertions(+), 33 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9d6dcdf..200be49 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -42,14 +42,19 @@ lint: build-v3.18: extends: .build when: always + variables: + CI_ALPINE_TARGET_RELEASE: v3.18 tags: - - apk-v3.18-x86_64 + - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 -build-v3.17: +build-edge: extends: .build - when: manual + when: always + variables: + CI_ALPINE_TARGET_RELEASE: edge tags: - - apk-v3.17-x86_64 + - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 + push: interruptible: true diff --git a/.gitlab/bin/build.sh b/.gitlab/bin/build.sh index f04a0ad..5905fbc 100755 --- a/.gitlab/bin/build.sh +++ b/.gitlab/bin/build.sh @@ -169,7 +169,8 @@ copy_artifacts() { if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then msg "Copying packages for artifact upload" - cp -ar "$REPODEST"/* packages/ 2>/dev/null + mkdir packages/$CI_ALPINE_TARGET_RELEASE + cp -ar "$REPODEST"/* packages/$CI_ALPINE_TARGET_RELEASE 2>/dev/null cp ~/.abuild/*.rsa.pub keys/ else msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow diff --git a/.gitlab/bin/push.sh b/.gitlab/bin/push.sh index 1dfd15c..3c35179 100755 --- a/.gitlab/bin/push.sh +++ b/.gitlab/bin/push.sh @@ -11,8 +11,6 @@ readonly APORTSDIR=$CI_PROJECT_DIR readonly REPOS="backports user" readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME -ALPINE_RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}') - export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa @@ -25,14 +23,6 @@ echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" > $HOME/.abuild/abuil echo "REPODEST=$HOME/repo-apk/qubes" >> $HOME/.abuild/abuild.conf sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/. -if [ -d $HOME/repo-apk ]; then - git -C $HOME/repo-apk fetch - git -C $HOME/repo-apk checkout $ALPINE_RELEASE - git -C $HOME/repo-apk pull --rebase -else - git clone git@lab.ilot.io:ayakael/repo-apk -b $ALPINE_RELEASE $HOME/repo-apk -fi - get_qubes_release() { case $BASEBRANCH in r*) echo $BASEBRANCH;; @@ -43,22 +33,33 @@ get_qubes_release() { QUBES_REL=$(get_qubes_release) -for i in $(find packages -type f -name "*.apk"); do - install -vDm644 $i ${i/packages\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL} +for release in $(find packages -type d -maxdepth 1 -mindepth 1 -printf '%f\n'); do + + if [ -d $HOME/repo-apk ]; then + git -C $HOME/repo-apk fetch + git -C $HOME/repo-apk checkout $release + git -C $HOME/repo-apk pull --rebase + else + git clone git@lab.ilot.io:ayakael/repo-apk -b $release $HOME/repo-apk + fi + + for i in $(find packages/$release -type f -name "*.apk"); do + install -vDm644 $i ${i/packages\/$release\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL} + done + + fetch_flags="-qn" + git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ + "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" + + rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true + mkdir -p qubes/$QUBES_REL/DUMMY + echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD + cd qubes/$QUBES_REL/DUMMY + abuild index + cd "$CI_PROJECT_DIR" + rm -R qubes/$QUBES_REL/DUMMY + + git -C $HOME/repo-apk add . + git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE" + git -C $HOME/repo-apk push done - -fetch_flags="-qn" -git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ - "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" - -rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true -mkdir -p qubes/$QUBES_REL/DUMMY -echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD -cd qubes/$QUBES_REL/DUMMY -abuild index -cd "$CI_PROJECT_DIR" -rm -R qubes/$QUBES_REL/DUMMY - -git -C $HOME/repo-apk add . -git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE" -git -C $HOME/repo-apk push From 9bf9b57855a64d053987399770d774fb514db2d4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 30 Aug 2023 15:10:03 -0400 Subject: [PATCH 027/184] *: bump pkgrel --- qubes-db-vm/APKBUILD | 2 +- qubes-gpg-split/APKBUILD | 2 +- qubes-libvchan-xen/APKBUILD | 2 +- qubes-meta-packages/APKBUILD | 2 +- qubes-pass/APKBUILD | 2 +- qubes-usb-proxy/APKBUILD | 2 +- qubes-vm-core/APKBUILD | 2 +- qubes-vm-gui-dev/APKBUILD | 2 +- qubes-vm-qrexec/APKBUILD | 2 +- qubes-vm-utils/APKBUILD | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index 2c83c5a..32da7e6 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-db-vm subpackages="$pkgname-openrc" pkgver=4.2.4 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." arch="x86_64" diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index 126aa8c..18cdc76 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -5,7 +5,7 @@ pkgname=qubes-gpg-split subpackages="$pkgname-doc" pkgver=2.0.69 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="Used Qubes AppVM as a “smart card”" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-split-gpg" diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index de48de7..85c20cc 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-libvchan-xen pkgver=4.2.1 -pkgrel=0 +pkgrel=1 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index 6770831..e572d14 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -8,7 +8,7 @@ subpackages=" " pkgver=4.2.9 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Meta packages for Qubes-specific components" arch="noarch" url="https://github.com/QubesOS/qubes-meta-packages" diff --git a/qubes-pass/APKBUILD b/qubes-pass/APKBUILD index a1c6b55..17eea31 100644 --- a/qubes-pass/APKBUILD +++ b/qubes-pass/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-pass pkgver=0.1.0 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="An inter-VM password manager for Qubes OS" arch="noarch" url="https://github.com/Rudd-O/qubes-pass" diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index d93ec04..92c8c85 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-usb-proxy pkgver=1.1.5 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 2bdf34d..1f6fcc2 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -10,7 +10,7 @@ subpackages=" $pkgname-pyc " pkgver=4.2.19 -pkgrel=2 +pkgrel=3 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" diff --git a/qubes-vm-gui-dev/APKBUILD b/qubes-vm-gui-dev/APKBUILD index 4c79283..8c8b218 100644 --- a/qubes-vm-gui-dev/APKBUILD +++ b/qubes-vm-gui-dev/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-vm-gui-dev pkgver=4.2.4 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Common files for Qubes GUI - protocol headers." arch="noarch" url="https://github.com/QubesOS/qubes-gui-common" diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 87b1278..8dc1250 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -5,7 +5,7 @@ pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" pkgver=4.2.8 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 78dc58e..e6611e2 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -8,7 +8,7 @@ subpackages=" $pkgname-pyc " pkgver=4.2.11 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" From 04a40cece873c9eed98b31c66cf0431f35d6d987 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 10 Sep 2023 23:14:33 -0400 Subject: [PATCH 028/184] qubes-vm-core: fix setup-ip --- qubes-vm-core/APKBUILD | 2 ++ .../setupip-do-not-use-systemctl.patch | 20 +++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 qubes-vm-core/setupip-do-not-use-systemctl.patch diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 1f6fcc2..c67e38e 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -75,6 +75,7 @@ source=" qubes-updates-proxy-forwarder.openrc qubes-updates-proxy.openrc qvm-sync-clock.sh + setupip-do-not-use-systemctl.patch " builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v} @@ -172,4 +173,5 @@ e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e375201 b1e8af2335955e52cf1817c56296f94f8c472e68d7a17a28f516fe4f5fa8a8053d4f9333efbb007a82a06f9442a4a6cfe5f9c751de07f337e47ee04cb18b9395 qubes-updates-proxy-forwarder.openrc 29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c qubes-updates-proxy.openrc cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh +fc115d8cb9a279232bad8362903cb74dafbeac988a9d519ef3b6ff2849ab80fb77d648589974d05e565933444dd04c4b3427cdba69c167310f9a57916c5f0499 setupip-do-not-use-systemctl.patch " diff --git a/qubes-vm-core/setupip-do-not-use-systemctl.patch b/qubes-vm-core/setupip-do-not-use-systemctl.patch new file mode 100644 index 0000000..eb6f318 --- /dev/null +++ b/qubes-vm-core/setupip-do-not-use-systemctl.patch @@ -0,0 +1,20 @@ +diff --git a/./network/setup-ip.orig b/./network/setup-ip +index d82a593..8e44847 100755 +--- a/./network/setup-ip.orig ++++ b/./network/setup-ip +@@ -244,15 +244,6 @@ if [ "$ACTION" == "add" ]; then + + primary_dns=$(/usr/bin/qubesdb-read /qubes-primary-dns 2>/dev/null) || primary_dns= + secondary_dns=$(/usr/bin/qubesdb-read /qubes-secondary-dns 2>/dev/null) || secondary_dns= +- /usr/lib/systemd/systemd-sysctl \ +- "--prefix=/net/ipv4/conf/all" \ +- "--prefix=/net/ipv4/neigh/all" \ +- "--prefix=/net/ipv6/conf/all" \ +- "--prefix=/net/ipv6/neigh/all" \ +- "--prefix=/net/ipv4/conf/$INTERFACE" \ +- "--prefix=/net/ipv4/neigh/$INTERFACE" \ +- "--prefix=/net/ipv6/conf/$INTERFACE" \ +- "--prefix=/net/ipv6/neigh/$INTERFACE" + + if [ -n "$ip4" ]; then + # If NetworkManager is enabled, let it configure the network From b213e354656606b3566a424e31aaf083481dc448 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 10 Sep 2023 23:18:19 -0400 Subject: [PATCH 029/184] qubes-vm-gui: do not use systemctl for qubes-session --- qubes-vm-gui/APKBUILD | 4 +++- .../qubes-sessions_do-not-use-systemd.patch | 21 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 6c3d969..76ad3ae 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -7,7 +7,7 @@ subpackages=" qubes-vm-pipewire $pkgname-openrc" pkgver=4.2.8 -pkgrel=1 +pkgrel=2 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" @@ -52,6 +52,7 @@ source=" qubes-gui-agent.openrc qubes-sessions.sh qubes-gui-agent.pam + qubes-sessions_do-not-use-systemd.patch " builddir="$srcdir"/qubes-gui-agent-linux-${_gittag/v} _qubes_backend_vmm=xen @@ -123,4 +124,5 @@ f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f58 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0 qubes-sessions.sh b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7 qubes-gui-agent.pam +5d44bed65772e0300cfdb5960327ccff923159f1c0c6b980a3b37758a7330f5d8befa3c053990f6e5e7d2e71bf0eca047040439446a8b91bb1c2672e9e1497a0 qubes-sessions_do-not-use-systemd.patch " diff --git a/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch b/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch new file mode 100644 index 0000000..1dedcc4 --- /dev/null +++ b/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch @@ -0,0 +1,21 @@ +diff --git a/appvm-scripts/usrbin/qubes-session.orig b/appvm-scripts/usrbin/qubes-session +index cacac4b..e5bedc2 100755 +--- a/appvm-scripts/usrbin/qubes-session.orig ++++ b/appvm-scripts/usrbin/qubes-session +@@ -27,16 +27,6 @@ + + loginctl activate "$XDG_SESSION_ID" + +-# Now import the environment from the systemd user session. +-# This is necessary to enable users to configure their +-# Qubes environment using the standard environment.d +-# facility. Documentation for the facility is at: +-# https://www.freedesktop.org/software/systemd/man/environment.d.html +-set -a # export all variables +-env=$(systemctl --user show-environment) && eval "$env" || exit +-set +a +- +- + if qsvc guivm-gui-agent; then + if [ -e "$HOME/.xinitrc" ]; then + . "$HOME/.xinitrc" From 5dc97166f4f170b642d2d4a3251d7eb0a0cd9b26 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Sep 2023 00:44:43 -0400 Subject: [PATCH 030/184] qubes-vm-gui: remove deprecation of pulseaudio --- qubes-vm-gui/APKBUILD | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 76ad3ae..9e76a96 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -105,9 +105,8 @@ pulseaudio() { } pipewire() { - pkgdesc="PipeWire support for Qubes VM. This replaces the legacy PulseAudio module." + pkgdesc="PipeWire support for Qubes VM." depends="pipewire" - provides="qubes-vm-pulseaudio=$pkgver-r$pkgrel" cd "$builddir" make install-pipewire \ From 42327016e6fa70cd26ee6bf0790de4153bc87442 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Sep 2023 00:47:30 -0400 Subject: [PATCH 031/184] qubes-vm-gui: upgrade to 4.2.9 --- qubes-vm-gui/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 9e76a96..65d012a 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -6,8 +6,8 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.2.8 -pkgrel=2 +pkgver=4.2.9 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" @@ -117,7 +117,7 @@ pipewire() { } sha512sums=" -a6e1ed0ca640b25b27caa209c7027c44c9e745ac56cbde05b4b4c6f48bd5ae923e727f2debd3244fc1172c6430eaba5661316666b9cfa14fdc202124b37c4efe qubes-vm-gui-v4.2.8.tar.gz +d73e04d867451f1f63a8f29531a68d820a068ae67c8c332bd76ab91696055d6e20adfebd5b40e7a2a31cecbc8293030ebb02e8c03a4f79f33b814c2076e5c1bb qubes-vm-gui-v4.2.9.tar.gz f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc From 0338fea880c6d0b40b63a391a6d17ceba2bad420 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Sep 2023 00:50:03 -0400 Subject: [PATCH 032/184] qubes-vm-core: upgrade to 4.2.21 --- qubes-vm-core/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index c67e38e..0584d74 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,8 +9,8 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.2.19 -pkgrel=3 +pkgver=4.2.21 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -163,7 +163,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib } sha512sums=" -4280e6dc5901a2f1d2dcf046aab553d996b0b6af6f5ad75e09779b4c43df1f868defa400ce95959bceeba359f34485b336af2d5c887d2aa46c2198990c1304d1 qubes-vm-core-v4.2.19.tar.gz +1441b10a0018dc05dd7dc8390db741ce372598d4a86b0daedcd3bcfe2c7ea2bebc7bc6ab7c93719c469175fed880644175aea24cdd42e94a84325df09eef39c3 qubes-vm-core-v4.2.21.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From 1d70caa122236ed4bfdacac32de90cfab645b8f3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Sep 2023 00:51:49 -0400 Subject: [PATCH 033/184] qubes-vm-qrexec: upgrade to 4.2.11 --- qubes-vm-qrexec/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 8dc1250..2d09e06 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -3,9 +3,9 @@ pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" -pkgver=4.2.8 +pkgver=4.2.11 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" @@ -53,7 +53,7 @@ package() { install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent } sha512sums=" -be8ec20fb272d8fd059114fd29bba62b11c979172f0897113f06d0daf2c5ff9212d2170e7fb1b8933396abb34739481ff43f107caf3b4fd4f56b4537308dc2e7 qubes-vm-qrexec-v4.2.8.tar.gz +40382ef5ddcacc3b1eef1cf9701e2a32ff71324e274761dc8bd38bd47a2512c622a57689106dda2ba451ff614c434144dba2fdc3286c7caefb7b3f3565d0e6c4 qubes-vm-qrexec-v4.2.11.tar.gz e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc 3cbe66c8251d0cbe078d78ac9a2aef2d6c095c4f514ff0aab69dd724dee7488cf84dff4af2210d8a2298a052db49e85b0e38ac45456a8aa9bd1e4a7de0311b69 makefile-remove-cc-cflags.patch 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch From 0daee726755c2372ddcaf036b75da9eb53aef089 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Sep 2023 00:55:35 -0400 Subject: [PATCH 034/184] qubes-vm-utils: upgrade to 4.2.13 --- qubes-vm-utils/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index e6611e2..8844029 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -7,8 +7,8 @@ subpackages=" $pkgname-openrc $pkgname-pyc " -pkgver=4.2.11 -pkgrel=1 +pkgver=4.2.13 +pkgrel=0 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" @@ -60,6 +60,6 @@ support() { install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh } sha512sums=" -b7a60219d7928ae1cf20accc843f1c0408e0d4219dd029357ce780b24110f070a5296dfbf3f6ecac8132d2798a76fac0a61228ac092443a490d0356ae6bfadbb qubes-vm-utils-v4.2.11.tar.gz +7fb29ed90bc73be774c6e831d48021fa3533bdc8e84e0a628859bcd589aae23d08090bea0a7feebc262d2a57a70c7a735764a85a82edd0e540baffadfdbe70ce qubes-vm-utils-v4.2.13.tar.gz aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3 qubes-meminfo-writer.openrc " From c22569cd4c726ec8846b4c287a3849d96659038c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 11 Sep 2023 01:06:23 -0400 Subject: [PATCH 035/184] qubes-vm-gui: bump pkgrel --- qubes-vm-gui/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 65d012a..3dffae0 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -7,7 +7,7 @@ subpackages=" qubes-vm-pipewire $pkgname-openrc" pkgver=4.2.9 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" From fda39162314122864f4d7c3c62f34ac7c1591574 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 28 Nov 2023 11:16:32 -0500 Subject: [PATCH 036/184] gitlab-ci: add v3.19 build --- .gitlab-ci.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 200be49..971d962 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -47,6 +47,14 @@ build-v3.18: tags: - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 +build-v3.19: + extends: .build + when: always + variables: + CI_ALPINE_TARGET_RELEASE: v3.19 + tags: + - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 + build-edge: extends: .build when: always From 71f28ef65fd8c5a3bb02c077d62c0bc5cac226eb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 28 Nov 2023 11:16:51 -0500 Subject: [PATCH 037/184] *: push pkgrel --- qubes-db-vm/APKBUILD | 2 +- qubes-gpg-split/APKBUILD | 2 +- qubes-libvchan-xen/APKBUILD | 2 +- qubes-meta-packages/APKBUILD | 2 +- qubes-pass/APKBUILD | 2 +- qubes-usb-proxy/APKBUILD | 2 +- qubes-vm-core/APKBUILD | 2 +- qubes-vm-gui-dev/APKBUILD | 2 +- qubes-vm-gui/APKBUILD | 2 +- qubes-vm-qrexec/APKBUILD | 2 +- qubes-vm-utils/APKBUILD | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index 32da7e6..b1204fe 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-db-vm subpackages="$pkgname-openrc" pkgver=4.2.4 -pkgrel=1 +pkgrel=2 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." arch="x86_64" diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index 18cdc76..13a1887 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -5,7 +5,7 @@ pkgname=qubes-gpg-split subpackages="$pkgname-doc" pkgver=2.0.69 _gittag="v$pkgver" -pkgrel=2 +pkgrel=3 pkgdesc="Used Qubes AppVM as a “smart card”" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-split-gpg" diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index 85c20cc..cca6839 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-libvchan-xen pkgver=4.2.1 -pkgrel=1 +pkgrel=2 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index e572d14..bfb245c 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -8,7 +8,7 @@ subpackages=" " pkgver=4.2.9 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="Meta packages for Qubes-specific components" arch="noarch" url="https://github.com/QubesOS/qubes-meta-packages" diff --git a/qubes-pass/APKBUILD b/qubes-pass/APKBUILD index 17eea31..77142e3 100644 --- a/qubes-pass/APKBUILD +++ b/qubes-pass/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-pass pkgver=0.1.0 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="An inter-VM password manager for Qubes OS" arch="noarch" url="https://github.com/Rudd-O/qubes-pass" diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index 92c8c85..eb91a3c 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-usb-proxy pkgver=1.1.5 _gittag="v$pkgver" -pkgrel=2 +pkgrel=3 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 0584d74..136b50c 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -10,7 +10,7 @@ subpackages=" $pkgname-pyc " pkgver=4.2.21 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" diff --git a/qubes-vm-gui-dev/APKBUILD b/qubes-vm-gui-dev/APKBUILD index 8c8b218..ad5390a 100644 --- a/qubes-vm-gui-dev/APKBUILD +++ b/qubes-vm-gui-dev/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-vm-gui-dev pkgver=4.2.4 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="Common files for Qubes GUI - protocol headers." arch="noarch" url="https://github.com/QubesOS/qubes-gui-common" diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 3dffae0..3477c61 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -7,7 +7,7 @@ subpackages=" qubes-vm-pipewire $pkgname-openrc" pkgver=4.2.9 -pkgrel=1 +pkgrel=2 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 2d09e06..85ca192 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -5,7 +5,7 @@ pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" pkgver=4.2.11 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 8844029..ee818f2 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -8,7 +8,7 @@ subpackages=" $pkgname-pyc " pkgver=4.2.13 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" From 7b0bcd15502b7c9ee3664c3ea92afb184cbfa05d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 28 Nov 2023 11:18:20 -0500 Subject: [PATCH 038/184] gitlab-ci: add v3.19 build --- .gitlab-ci.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 200be49..971d962 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -47,6 +47,14 @@ build-v3.18: tags: - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 +build-v3.19: + extends: .build + when: always + variables: + CI_ALPINE_TARGET_RELEASE: v3.19 + tags: + - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 + build-edge: extends: .build when: always From 597e7886a3926d7ed4868ab533cf0fc1f7c6b963 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 28 Nov 2023 11:19:45 -0500 Subject: [PATCH 039/184] *: bump pkgrel --- qubes-db-vm/APKBUILD | 2 +- qubes-gpg-split/APKBUILD | 2 +- qubes-libvchan-xen/APKBUILD | 2 +- qubes-meta-packages/APKBUILD | 2 +- qubes-pass/APKBUILD | 2 +- qubes-usb-proxy/APKBUILD | 2 +- qubes-vm-core/APKBUILD | 2 +- qubes-vm-gui-dev/APKBUILD | 2 +- qubes-vm-gui/APKBUILD | 2 +- qubes-vm-qrexec/APKBUILD | 2 +- qubes-vm-utils/APKBUILD | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index dea6339..4056d3c 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-db-vm subpackages="$pkgname-openrc" pkgver=4.1.17 -pkgrel=1 +pkgrel=2 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." arch="x86_64" diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index 126aa8c..18cdc76 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -5,7 +5,7 @@ pkgname=qubes-gpg-split subpackages="$pkgname-doc" pkgver=2.0.69 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="Used Qubes AppVM as a “smart card”" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-split-gpg" diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index b652fd7..2106098 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-libvchan-xen pkgver=4.1.13 -pkgrel=2 +pkgrel=3 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index 9683b5c..62b7337 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -8,7 +8,7 @@ subpackages=" " pkgver=4.1.24 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="Meta packages for Qubes-specific components" arch="noarch" url="https://github.com/QubesOS/qubes-meta-packages" diff --git a/qubes-pass/APKBUILD b/qubes-pass/APKBUILD index 17eea31..77142e3 100644 --- a/qubes-pass/APKBUILD +++ b/qubes-pass/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-pass pkgver=0.1.0 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="An inter-VM password manager for Qubes OS" arch="noarch" url="https://github.com/Rudd-O/qubes-pass" diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index d93ec04..92c8c85 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-usb-proxy pkgver=1.1.5 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index fa06688..162fb31 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,7 +9,7 @@ subpackages=" $pkgname-doc " pkgver=4.1.44 -pkgrel=5 +pkgrel=6 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" diff --git a/qubes-vm-gui-dev/APKBUILD b/qubes-vm-gui-dev/APKBUILD index 09ad23d..65b51bb 100644 --- a/qubes-vm-gui-dev/APKBUILD +++ b/qubes-vm-gui-dev/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-vm-gui-dev pkgver=4.1.1 _gittag="v$pkgver" -pkgrel=2 +pkgrel=3 pkgdesc="Common files for Qubes GUI - protocol headers." arch="noarch" url="https://github.com/QubesOS/qubes-gui-common" diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 7463fb4..34487df 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-vm-gui subpackages="qubes-vm-pulseaudio $pkgname-openrc" pkgver=4.1.31 -pkgrel=2 +pkgrel=3 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 9bcf289..cc7cfb4 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -5,7 +5,7 @@ pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc" pkgver=4.1.22 _gittag="v$pkgver" -pkgrel=2 +pkgrel=3 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index d8c0d6f..9a989c5 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -7,7 +7,7 @@ subpackages=" $pkgname-openrc " pkgver=4.1.19 -pkgrel=1 +pkgrel=2 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" From 0b252eff753d557b49938f248c9ab9e6518ac88c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Dec 2023 19:33:57 -0500 Subject: [PATCH 040/184] qubes-libvchan-xen: rebuild against sen 4.18 --- ...upport-changed-libxenctrl-api-xen418.patch | 59 +++++++++++++++++++ qubes-libvchan-xen/APKBUILD | 10 +++- 2 files changed, 66 insertions(+), 3 deletions(-) create mode 100644 qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch diff --git a/qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch b/qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch new file mode 100644 index 0000000..f25fbff --- /dev/null +++ b/qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch @@ -0,0 +1,59 @@ +From 8c4c3807119f27957e6c7f87d505d66d0ea4c3d0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Sat, 18 Nov 2023 18:27:28 +0100 +Subject: [PATCH] Support changed libxenctrl API in Xen 4.18.0 + +The xc_domain_getinfo() is gone, it's replaced with +xc_domain_getinfo_single. While the new API is a bit nicer, xenctrl.h +does not provide any #define to know which one is available. Check +library version in the makefile for that. +--- + vchan/Makefile.linux | 4 ++++ + vchan/io.c | 10 ++++++++++ + 2 files changed, 14 insertions(+) + +diff --git a/vchan/Makefile.linux b/vchan/Makefile.linux +index 281f2b5..587cb34 100644 +--- a/vchan/Makefile.linux ++++ b/vchan/Makefile.linux +@@ -27,6 +27,10 @@ CFLAGS += -g -Wall -Wextra -Werror -fPIC -O2 -D_GNU_SOURCE -MD -MP -MF $@.dep + all: libvchan-xen.so vchan-xen.pc + -include *.dep + ++# xenctrl.h does not provide any #define to distinguish API versions ++XENCTRL_VERSION := $(shell pkg-config --modversion xencontrol) ++CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \ ++ sort -CV; then echo -DHAVE_XC_DOMAIN_GETINFO_SINGLE; fi) + SO_VER = 1 + + libvchan-xen.so.$(SO_VER): init.o io.o +diff --git a/vchan/io.c b/vchan/io.c +index 3d0ed35..0c23223 100644 +--- a/vchan/io.c ++++ b/vchan/io.c +@@ -33,14 +33,24 @@ + /* check if domain is still alive */ + int libvchan__check_domain_alive(xc_interface *xc_handle, int dom) { + struct evtchn_status evst; ++#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE ++ xc_domaininfo_t dominfo; ++#else + xc_dominfo_t dominfo; ++#endif + int ret; + + /* first try using domctl, more reliable but available in a privileged + * domain only */ ++#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE ++ ret = xc_domain_getinfo_single(xc_handle, dom, &dominfo); ++ if (ret == 0) ++ return !(dominfo.flags & XEN_DOMINF_dying); ++#else + ret = xc_domain_getinfo(xc_handle, dom, 1, &dominfo); + if (ret == 1) + return dominfo.domid == (uint32_t)dom && !dominfo.dying; ++#endif + else if (ret == -1 && errno == ESRCH) + return 0; + /* otherwise fallback to xc_evtchn_status method */ diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index cca6839..32bb793 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -3,18 +3,21 @@ pkgname=qubes-libvchan-xen pkgver=4.2.1 -pkgrel=2 +pkgrel=3 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" url="https://github.com/QubesOS/qubes-core-vchan-xen" license='GPL' depends="xen" -makedepends="xen-dev" +makedepends="xen-dev coreutils" builddir="$srcdir"/qubes-core-vchan-xen-$pkgver subpackages="$pkgname-dev" -source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz" +source=" + $pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz + 39_support-changed-libxenctrl-api-xen418.patch + " build() { cd "$builddir"/vchan @@ -27,4 +30,5 @@ package() { sha512sums=" 2094f84fd3ca36b61c4d2a243a499425153dc4d3ca944f75763c7e23b985a40cb8ac2b41aad99074b8a7f1d871aaad87da9db2ec5bbc68adc7e717a0a2fbebff qubes-libvchan-xen-v4.2.1.tar.gz +90a67ff34d3f4aa5a0534fd88192f61e4d1d94cfa26e7b2ae52ecdb0862d5b27500162a7a1eb83db072387a4573f082afdf5482caaf7070d282267ef9e044bad 39_support-changed-libxenctrl-api-xen418.patch " From 6d48b785ff338a570eb67887afe2c265b45db1dc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Dec 2023 19:20:59 -0500 Subject: [PATCH 041/184] qubes-libvchan-xen: rebuild againt xen v4.18 --- ...upport-changed-libxenctrl-api-xen418.patch | 61 +++++++++++++++++++ qubes-libvchan-xen/APKBUILD | 10 ++- 2 files changed, 68 insertions(+), 3 deletions(-) create mode 100644 qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch diff --git a/qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch b/qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch new file mode 100644 index 0000000..43850b1 --- /dev/null +++ b/qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch @@ -0,0 +1,61 @@ +From 8c4c3807119f27957e6c7f87d505d66d0ea4c3d0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Sat, 18 Nov 2023 18:27:28 +0100 +Subject: [PATCH] Support changed libxenctrl API in Xen 4.18.0 + +The xc_domain_getinfo() is gone, it's replaced with +xc_domain_getinfo_single. While the new API is a bit nicer, xenctrl.h +does not provide any #define to know which one is available. Check +library version in the makefile for that. +--- + vchan/Makefile.linux | 4 ++++ + vchan/io.c | 10 ++++++++++ + 2 files changed, 14 insertions(+) + +diff --git a/vchan/Makefile.linux b/vchan/Makefile.linux +index 281f2b5..587cb34 100644 +--- a/vchan/Makefile.linux ++++ b/vchan/Makefile.linux +@@ -27,6 +27,11 @@ CFLAGS += -g -Wall -Wextra -Werror -fPIC -O2 -D_GNU_SOURCE -D_FORTIFY_SOURCE=2 - + all: libvchan-xen.so vchan-xen.pc + -include *.dep + ++# xenctrl.h does not provide any #define to distinguish API versions ++XENCTRL_VERSION := $(shell pkg-config --modversion xencontrol) ++CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \ ++ sort -CV; then echo -DHAVE_XC_DOMAIN_GETINFO_SINGLE; fi) ++ + libvchan-xen.so : init.o io.o + $(CC) $(LDFLAGS) -shared -o libvchan-xen.so $^ -lxenvchan -lxenctrl + clean: +diff --git a/vchan/io.c b/vchan/io.c +index 3d0ed35..0c23223 100644 +--- a/vchan/io.c ++++ b/vchan/io.c +@@ -33,14 +33,24 @@ + /* check if domain is still alive */ + int libvchan__check_domain_alive(xc_interface *xc_handle, int dom) { + struct evtchn_status evst; ++#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE ++ xc_domaininfo_t dominfo; ++#else + xc_dominfo_t dominfo; ++#endif + int ret; + + /* first try using domctl, more reliable but available in a privileged + * domain only */ ++#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE ++ ret = xc_domain_getinfo_single(xc_handle, dom, &dominfo); ++ if (ret == 0) ++ return !(dominfo.flags & XEN_DOMINF_dying); ++#else + ret = xc_domain_getinfo(xc_handle, dom, 1, &dominfo); + if (ret == 1) + return dominfo.domid == (uint32_t)dom && !dominfo.dying; ++#endif + else if (ret == -1 && errno == ESRCH) + return 0; + /* otherwise fallback to xc_evtchn_status method */ + diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index 2106098..08994a2 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -3,18 +3,21 @@ pkgname=qubes-libvchan-xen pkgver=4.1.13 -pkgrel=3 +pkgrel=4 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" url="https://github.com/QubesOS/qubes-core-vchan-xen" license='GPL' depends="xen" -makedepends="xen-dev" +makedepends="xen-dev coreutils" builddir="$srcdir"/qubes-core-vchan-xen-$pkgver subpackages="$pkgname-dev" -source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz" +source=" + $pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz + 39_support-changed-libxenctrl-api-xen418.patch + " build() { cd "$builddir"/vchan @@ -27,4 +30,5 @@ package() { sha512sums=" cefb6b89f75936d791910d2169170536221d3123a1b33a14bea1fc5c08950ce934666719bf08eb3cc86ac055f85e6834f71e21c31189fa7299af09296c3cd99f qubes-libvchan-xen-v4.1.13.tar.gz +fedcba617d3843e41f257ff16b0a3108af844184252d4e702df8eccba21a4ef17d62c96acdb87bb4964e783b7f2f026305777be3379e7e7b51f4535a4704b52a 39_support-changed-libxenctrl-api-xen418.patch " From b2d3f186f4192f18b5482b3da450bb9283886225 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Feb 2024 14:18:08 -0500 Subject: [PATCH 042/184] qubes-app-linux-druide-antidote: new aport --- qubes-app-linux-druide-antidote/APKBUILD | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 qubes-app-linux-druide-antidote/APKBUILD diff --git a/qubes-app-linux-druide-antidote/APKBUILD b/qubes-app-linux-druide-antidote/APKBUILD new file mode 100644 index 0000000..80b9426 --- /dev/null +++ b/qubes-app-linux-druide-antidote/APKBUILD @@ -0,0 +1,22 @@ +pkgname=qubes-app-linux-druide-antidote +pkgver=0.0.1_git20240201 +_gittag=c724c88aa2a20b1e422b464499015ff05753316d +pkgrel=0 +arch="noarch" +pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file" +url=https://github.com/neowutran/qubes-app-linux-druide-antidote +license="GPL-3.0-only" +source="$pkgname-$_gittag.tar.gz::https://github.com/neowutran/qubes-app-linux-druide-antidote/archive/$_gittag.tar.gz" +depends="bash" +makedepends="pandoc" +builddir="$srcdir"/$pkgname-$_gittag + +check(){ + tests/all +} +package() { + make install-vm DESTDIR="$pkgdir/" +} +sha512sums=" +e3597804bdcea25b2938aa325dfe9495f5bcde47c8515c7680c19882120e065d0a9ef8d120545ff3c9966b84a329cf87c5b993380510311ec8b5d9f5a8b35833 qubes-app-linux-druide-antidote-c724c88aa2a20b1e422b464499015ff05753316d.tar.gz +" From 02c6bda4d4baae7a3adf37fa02b7d4d7bc2e87d5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Feb 2024 14:18:08 -0500 Subject: [PATCH 043/184] qubes-app-linux-druide-antidote: new aport --- qubes-app-linux-druide-antidote/APKBUILD | 25 ++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 qubes-app-linux-druide-antidote/APKBUILD diff --git a/qubes-app-linux-druide-antidote/APKBUILD b/qubes-app-linux-druide-antidote/APKBUILD new file mode 100644 index 0000000..dd234f1 --- /dev/null +++ b/qubes-app-linux-druide-antidote/APKBUILD @@ -0,0 +1,25 @@ +# Contributor: Antoine Martin (ayakael) +# Maintainer: Antoine Martin (ayakael) +pkgname=qubes-app-linux-druide-antidote +pkgver=0.0.1_git20240201 +_gittag=c724c88aa2a20b1e422b464499015ff05753316d +pkgrel=0 +arch="noarch" +pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file" +url=https://github.com/neowutran/qubes-app-linux-druide-antidote +license="GPL-3.0-only" +source="$pkgname-$_gittag.tar.gz::https://github.com/neowutran/qubes-app-linux-druide-antidote/archive/$_gittag.tar.gz" +depends="bash" +makedepends="pandoc" +builddir="$srcdir"/$pkgname-$_gittag + +check() { + tests/all +} + +package() { + make install-vm DESTDIR="$pkgdir/" +} +sha512sums=" +e3597804bdcea25b2938aa325dfe9495f5bcde47c8515c7680c19882120e065d0a9ef8d120545ff3c9966b84a329cf87c5b993380510311ec8b5d9f5a8b35833 qubes-app-linux-druide-antidote-c724c88aa2a20b1e422b464499015ff05753316d.tar.gz +" From 0da3281cfcc5e2190dd9d7f61fde44c93d9efdcb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Feb 2024 15:17:12 -0500 Subject: [PATCH 044/184] qubes-vm-utils: upgrade to 4.2.15 --- qubes-vm-utils/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index ee818f2..6f06841 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -7,8 +7,8 @@ subpackages=" $pkgname-openrc $pkgname-pyc " -pkgver=4.2.13 -pkgrel=1 +pkgver=4.2.15 +pkgrel=0 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" @@ -60,6 +60,6 @@ support() { install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh } sha512sums=" -7fb29ed90bc73be774c6e831d48021fa3533bdc8e84e0a628859bcd589aae23d08090bea0a7feebc262d2a57a70c7a735764a85a82edd0e540baffadfdbe70ce qubes-vm-utils-v4.2.13.tar.gz +ae32941eb11024d2f1e5c6cffa1a61c8408fb6127323a089d2975b275e9ed55be549e6cfc3bc81b2dce758ae9550743032b80fadebd8e8e90fdf026b8f5889ee qubes-vm-utils-v4.2.15.tar.gz aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3 qubes-meminfo-writer.openrc " From 0e47e975b5f3d9a0311f73e72d60e9e85565ab97 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Feb 2024 15:13:21 -0500 Subject: [PATCH 045/184] qubes-vm-core: upgrade to 4.2.27 --- qubes-vm-core/APKBUILD | 8 ++++---- qubes-vm-core/setupip-do-not-use-systemctl.patch | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 136b50c..12232b3 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,8 +9,8 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.2.21 -pkgrel=1 +pkgver=4.2.27 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -163,7 +163,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib } sha512sums=" -1441b10a0018dc05dd7dc8390db741ce372598d4a86b0daedcd3bcfe2c7ea2bebc7bc6ab7c93719c469175fed880644175aea24cdd42e94a84325df09eef39c3 qubes-vm-core-v4.2.21.tar.gz +fc9cc73da3898d73ea95f859b7db7e55c887ef38f8e1d326541fcea9cae3a0214b27fdf1e93587cd49dca8f67109d0358f3082f6eedf2e898e153f64f3458576 qubes-vm-core-v4.2.27.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc @@ -173,5 +173,5 @@ e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e375201 b1e8af2335955e52cf1817c56296f94f8c472e68d7a17a28f516fe4f5fa8a8053d4f9333efbb007a82a06f9442a4a6cfe5f9c751de07f337e47ee04cb18b9395 qubes-updates-proxy-forwarder.openrc 29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c qubes-updates-proxy.openrc cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh -fc115d8cb9a279232bad8362903cb74dafbeac988a9d519ef3b6ff2849ab80fb77d648589974d05e565933444dd04c4b3427cdba69c167310f9a57916c5f0499 setupip-do-not-use-systemctl.patch +eb59321c800e65ce873085a1105b1b697d2a8ecaefcdaa8280a81d0082c0022653ecd746c7ec37e2c544265892afb77531effa17b0fa6c45a6a86925b513bdea setupip-do-not-use-systemctl.patch " diff --git a/qubes-vm-core/setupip-do-not-use-systemctl.patch b/qubes-vm-core/setupip-do-not-use-systemctl.patch index eb6f318..1fd4001 100644 --- a/qubes-vm-core/setupip-do-not-use-systemctl.patch +++ b/qubes-vm-core/setupip-do-not-use-systemctl.patch @@ -1,12 +1,12 @@ -diff --git a/./network/setup-ip.orig b/./network/setup-ip -index d82a593..8e44847 100755 ---- a/./network/setup-ip.orig -+++ b/./network/setup-ip +diff --git a/network/setup-ip.orig b/network/setup-ip +index 9126f90..c1f401c 100755 +--- a/network/setup-ip.orig ++++ b/network/setup-ip @@ -244,15 +244,6 @@ if [ "$ACTION" == "add" ]; then primary_dns=$(/usr/bin/qubesdb-read /qubes-primary-dns 2>/dev/null) || primary_dns= secondary_dns=$(/usr/bin/qubesdb-read /qubes-secondary-dns 2>/dev/null) || secondary_dns= -- /usr/lib/systemd/systemd-sysctl \ +- /lib/systemd/systemd-sysctl \ - "--prefix=/net/ipv4/conf/all" \ - "--prefix=/net/ipv4/neigh/all" \ - "--prefix=/net/ipv6/conf/all" \ From bb598454c0dcb8d67ee73aa59a8beac5dfa0da85 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Feb 2024 16:50:37 -0500 Subject: [PATCH 046/184] qubes-vm-core: upgrade to 4.2.28 --- qubes-vm-core/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 12232b3..5295f8a 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,7 +9,7 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.2.27 +pkgver=4.2.28 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." @@ -163,7 +163,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib } sha512sums=" -fc9cc73da3898d73ea95f859b7db7e55c887ef38f8e1d326541fcea9cae3a0214b27fdf1e93587cd49dca8f67109d0358f3082f6eedf2e898e153f64f3458576 qubes-vm-core-v4.2.27.tar.gz +1e6678f095fff6ec48a7dd8846d05ae1f318c2ec297d5e4b9cc892a8ce39e707049289caf7a9f4bc351ed727c003a09f981fcad62366ef3e0a76459d211204b8 qubes-vm-core-v4.2.28.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From ee522ee737847e1d98b07f5f744a108d5298db11 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Feb 2024 16:59:02 -0500 Subject: [PATCH 047/184] qubes-vm-gui: upgrade to 4.2.12 --- qubes-vm-gui/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 3477c61..355129c 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -6,8 +6,8 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.2.9 -pkgrel=2 +pkgver=4.2.12 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" @@ -117,7 +117,7 @@ pipewire() { } sha512sums=" -d73e04d867451f1f63a8f29531a68d820a068ae67c8c332bd76ab91696055d6e20adfebd5b40e7a2a31cecbc8293030ebb02e8c03a4f79f33b814c2076e5c1bb qubes-vm-gui-v4.2.9.tar.gz +b51a0844ed40ee32a24e01b172d3650203a9423d783c0de40f1725cd17466f3966dcc163afef6d436499a5bb59ef471442ffa5dc534a146139ed431d56de43ee qubes-vm-gui-v4.2.12.tar.gz f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc From 9fe00c24a9f6b84cf9bb950e55283ba35a80670d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Feb 2024 16:55:15 -0500 Subject: [PATCH 048/184] qubes-libvchan-xen: upgrade to 4.2.2 --- qubes-libvchan-xen/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index 32bb793..a032f01 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -2,8 +2,8 @@ # Contributor: Antoine Martin (ayakael) pkgname=qubes-libvchan-xen -pkgver=4.2.1 -pkgrel=3 +pkgver=4.2.2 +pkgrel=0 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" @@ -29,6 +29,6 @@ package() { } sha512sums=" -2094f84fd3ca36b61c4d2a243a499425153dc4d3ca944f75763c7e23b985a40cb8ac2b41aad99074b8a7f1d871aaad87da9db2ec5bbc68adc7e717a0a2fbebff qubes-libvchan-xen-v4.2.1.tar.gz +dbdd32533b7bcabdf0b2c9df8eac9b3eacc75b3b29467ee4d485420817801544a967826ff450d035109f218f2711624c64adbb190c0a83cbad4df7eb56da344e qubes-libvchan-xen-v4.2.2.tar.gz 90a67ff34d3f4aa5a0534fd88192f61e4d1d94cfa26e7b2ae52ecdb0862d5b27500162a7a1eb83db072387a4573f082afdf5482caaf7070d282267ef9e044bad 39_support-changed-libxenctrl-api-xen418.patch " From ef1b123c4eb5af6ef27587503a5172d91cbd7377 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 1 Feb 2024 15:15:47 -0500 Subject: [PATCH 049/184] qubes-vm-qrexec: upgrade to 4.2.17 --- qubes-vm-qrexec/APKBUILD | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 85ca192..16fc4eb 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -3,9 +3,9 @@ pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" -pkgver=4.2.11 +pkgver=4.2.17 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" @@ -33,7 +33,7 @@ prepare() { default_prepare # remove all -Werror msg "Eradicating -Werror..." - find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror//g' {} + + find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror*. //g' {} + } build() { @@ -53,7 +53,7 @@ package() { install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent } sha512sums=" -40382ef5ddcacc3b1eef1cf9701e2a32ff71324e274761dc8bd38bd47a2512c622a57689106dda2ba451ff614c434144dba2fdc3286c7caefb7b3f3565d0e6c4 qubes-vm-qrexec-v4.2.11.tar.gz +5e4df225e29d9f24823338a03ca40c384fff9c1623d8b718367b65516fe25db7bbb0729dd8323a0366937e756c560a22c9f77ef5fe3717dd2e053f3b5d156879 qubes-vm-qrexec-v4.2.17.tar.gz e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc 3cbe66c8251d0cbe078d78ac9a2aef2d6c095c4f514ff0aab69dd724dee7488cf84dff4af2210d8a2298a052db49e85b0e38ac45456a8aa9bd1e4a7de0311b69 makefile-remove-cc-cflags.patch 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch From b6fe31696df142f1e7d732b673671c01a547c6c5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 8 Feb 2024 10:46:11 -0500 Subject: [PATCH 050/184] qubes-vm-core: fix apk proxy --- qubes-vm-core/APKBUILD | 14 +- qubes-vm-core/apk-proxy.sh | 5 + .../qubes-updates-proxy-forwarder.openrc | 136 ++++-------------- qubes-vm-core/sudo-aliases.sh | 2 + 4 files changed, 42 insertions(+), 115 deletions(-) create mode 100644 qubes-vm-core/apk-proxy.sh create mode 100644 qubes-vm-core/sudo-aliases.sh diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 5295f8a..56dbdf5 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -10,7 +10,7 @@ subpackages=" $pkgname-pyc " pkgver=4.2.28 -pkgrel=0 +pkgrel=3 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -18,8 +18,8 @@ url="https://github.com/QubesOS/qubes-core-agent-linux" license="GPL" options="!check" # No testsuite depends=" - coreutils blkid + coreutils dconf desktop-file-utils device-mapper @@ -40,7 +40,6 @@ depends=" py3-dbus py3-gobject3 py3-xdg - python3 qubes-db-vm qubes-libvchan-xen qubes-vm-utils @@ -74,6 +73,7 @@ source=" qubes-sysinit.openrc qubes-updates-proxy-forwarder.openrc qubes-updates-proxy.openrc + apk-proxy.sh qvm-sync-clock.sh setupip-do-not-use-systemctl.patch " @@ -114,6 +114,9 @@ package() { make -C network DESTDIR="$pkgdir" install install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/. install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/. + install -Dm644 "$srcdir"/apk-proxy.sh "$pkgdir"/etc/profile.d/apk-proxy.sh + install -dm755 "$pkgdir"/etc/bash + ln -s /etc/profile.d/apk-proxy.sh "$pkgdir"/etc/bash/apk-proxy.sh for i in $source; do case $i in @@ -123,7 +126,6 @@ package() { "$pkgdir"/etc/conf.d/${i%.*};; esac done - } @@ -145,7 +147,6 @@ networking() { net-tools networkmanager nftables - python3 qubes-db-vm qubes-vm-core qubes-vm-utils @@ -170,8 +171,9 @@ da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac 8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0 qubes-firewall.openrc 437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f qubes-iptables.openrc e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30 qubes-sysinit.openrc -b1e8af2335955e52cf1817c56296f94f8c472e68d7a17a28f516fe4f5fa8a8053d4f9333efbb007a82a06f9442a4a6cfe5f9c751de07f337e47ee04cb18b9395 qubes-updates-proxy-forwarder.openrc +99ec0afc167866727072606aa183f0c7a539e68e0d8b9a57f6b9c129d3722c9135e1487eef438807d7138af0e669fb14608cbc1f1d5620ee9e995f294a8929f8 qubes-updates-proxy-forwarder.openrc 29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c qubes-updates-proxy.openrc +517d59e4699c24f23ccd59f5d4be3a519a426eee99d742c637fe1a9e69caa073621f4e9362c30182ba5a1a3eb0a769070c96e2c6b24cd8366a1f8f450a0b1c01 apk-proxy.sh cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh eb59321c800e65ce873085a1105b1b697d2a8ecaefcdaa8280a81d0082c0022653ecd746c7ec37e2c544265892afb77531effa17b0fa6c45a6a86925b513bdea setupip-do-not-use-systemctl.patch " diff --git a/qubes-vm-core/apk-proxy.sh b/qubes-vm-core/apk-proxy.sh new file mode 100644 index 0000000..957ee76 --- /dev/null +++ b/qubes-vm-core/apk-proxy.sh @@ -0,0 +1,5 @@ +# Use the update proxy over the QubesOS RPC for apk +# /etc/init.d/qubes-updates-proxy-forwarder creates the socket to the proxy +alias apk='https_proxy="http://127.0.0.1:8082/" http_proxy="http://127.0.0.1:8082/" apk' +# allow aliases with sudo +alias sudo='sudo ' diff --git a/qubes-vm-core/qubes-updates-proxy-forwarder.openrc b/qubes-vm-core/qubes-updates-proxy-forwarder.openrc index 52e53f8..fe84480 100755 --- a/qubes-vm-core/qubes-updates-proxy-forwarder.openrc +++ b/qubes-vm-core/qubes-updates-proxy-forwarder.openrc @@ -1,116 +1,34 @@ -#!/bin/bash -# +#!/sbin/openrc-run # Updates proxy forwarder Startup script for the updates proxy forwarder -# -# chkconfig: 345 85 15 # description: forwards connection to updates proxy over Qubes RPC -# -# processname: ncat -# pidfile: /var/run/qubes-updates-proxy-forwarder.pid -# +# The clients should use the below shell variable exports: +# http_proxy="http://127.0.0.1:8082/" +# https_proxy="http://127.0.0.1:8082/" +# For apk, see the /etc/profile.d/apk-proxy.sh alias -# Source function library. -# shellcheck disable=SC1091 -. /etc/init.d/functions.sh +name=$RC_SVCNAME +cfgfile="/etc/qubes/$RC_SVCNAME.conf" +command="/bin/busybox" +command_args="nc -lk -s 127.0.0.1 -p 8082 -e /usr/bin/qrexec-client-vm @default qubes.UpdatesProxy" +command_user="root" +pidfile="/run/qubes/$RC_SVCNAME.pid" +command_background="yes" +output_log="/var/log/qubes/$RC_SVCNAME.log" +error_log="/var/log/qubes/$RC_SVCNAME.err" -# Source Qubes library. -# shellcheck source=init/functions -. /usr/lib/qubes/init/functions - -# Check that networking is up. -[ "$NETWORKING" = "no" ] && exit 0 - -exec="/usr/bin/ncat" -prog=$(basename $exec) -pidfile="/var/run/qubes-updates-proxy-forwarder.pid" - -# shellcheck disable=SC1091 -[ -e /etc/sysconfig/qubes-updates-proxy-forwarder ] && . /etc/sysconfig/qubes-updates-proxy-forwarder - -lockfile=/var/lock/subsys/qubes-updates-proxy-forwarder - -start() { - have_qubesdb || return - - if ! qsvc updates-proxy-setup ; then - # updates proxy configuration disabled - exit 0 - fi - - if qsvc qubes-updates-proxy ; then - # updates proxy running here too, avoid looping traffic back to itself - exit 0 - fi - - [ -x $exec ] || exit 5 - - echo -n $"Starting $prog (as Qubes updates proxy forwarder): " - # shellcheck disable=SC2016 - start-stop-daemon \ - --exec $exec \ - --pidfile "$pidfile" \ - --make-pidfile \ - --background \ - --start \ - -- \ - -k -l -e 'qrexec-client-vm $default qubes.UpdatesProxy' - retval=$? - echo - [ $retval -eq 0 ] && touch $lockfile - return $retval +depend() { + need qubes-qrexec-agent + need net } -stop() { - echo -n $"Stopping $prog: " - killproc -p $pidfile "$prog" - retval=$? - echo - [ $retval -eq 0 ] && rm -f $lockfile - return $retval +start_pre() { + checkpath --directory --owner $command_user:qubes --mode 0775 \ + /run/qubes \ + /var/log/qubes \ + /var/run/qubes + # TODO should fail if qubes-update-proxy is running + # if qsvc qubes-updates-proxy ; then + # # updates proxy running here too, avoid looping traffic back to itself + # exit 0 + # fi } - -restart() { - stop - start -} - -force_reload() { - restart -} - -rh_status() { - status "$prog" -} - -rh_status_q() { - rh_status >/dev/null 2>&1 -} - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - force-reload) - force_reload - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|force-reload}" - exit 2 -esac -exit $? - diff --git a/qubes-vm-core/sudo-aliases.sh b/qubes-vm-core/sudo-aliases.sh new file mode 100644 index 0000000..3ee7ff3 --- /dev/null +++ b/qubes-vm-core/sudo-aliases.sh @@ -0,0 +1,2 @@ +# allow aliases with sudo +alias sudo='sudo ' From cd9f43755c23fdadfa5c99dc58c97763f916b4ae Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 8 Feb 2024 13:23:24 -0500 Subject: [PATCH 051/184] qubes-gpg-split: upgrade to 2.0.70 --- qubes-gpg-split/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index 13a1887..4d704c8 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -3,9 +3,9 @@ pkgname=qubes-gpg-split subpackages="$pkgname-doc" -pkgver=2.0.69 +pkgver=2.0.70 _gittag="v$pkgver" -pkgrel=3 +pkgrel=0 pkgdesc="Used Qubes AppVM as a “smart card”" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-split-gpg" @@ -35,5 +35,5 @@ package() { rm -r "$pkgdir/var/run" } sha512sums=" -e20b4303934d41d537f4efd3d2811802b5f5c86ac97beb1169d5c302dd150b56a3f6ca5c61788ad5cd8731747aa4f91b79806bf863df427603ba6aebab27448b qubes-gpg-split-v2.0.69.tar.gz +a38ca61433c16168f44ef458f9fbc7eb37712f6edfb2bde7af7e08c6d98907e2038335ccda402b97a7940286af58be197a0bea3a20f5843b292766c7277a8350 qubes-gpg-split-v2.0.70.tar.gz " From 83bbfa3567ffeed29a944eb3c62ea422fe5fe78b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 14 Apr 2024 19:01:17 -0400 Subject: [PATCH 052/184] *: rebuild for python 3.12 --- qubes-db-vm/APKBUILD | 2 +- qubes-vm-core/APKBUILD | 2 +- qubes-vm-gui/APKBUILD | 2 +- qubes-vm-qrexec/APKBUILD | 2 +- qubes-vm-utils/APKBUILD | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index b1204fe..b31b236 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-db-vm subpackages="$pkgname-openrc" pkgver=4.2.4 -pkgrel=2 +pkgrel=3 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." arch="x86_64" diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 56dbdf5..ecf0479 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -10,7 +10,7 @@ subpackages=" $pkgname-pyc " pkgver=4.2.28 -pkgrel=3 +pkgrel=4 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 355129c..02147ad 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -7,7 +7,7 @@ subpackages=" qubes-vm-pipewire $pkgname-openrc" pkgver=4.2.12 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 16fc4eb..2df17ad 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -5,7 +5,7 @@ pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" pkgver=4.2.17 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 6f06841..399d398 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -8,7 +8,7 @@ subpackages=" $pkgname-pyc " pkgver=4.2.15 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" From 97a464e6dd7cba35d9eb3b26ac794cdc45399d90 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 20 Apr 2024 17:03:34 -0400 Subject: [PATCH 053/184] qubes-libvchan-xen: upgrade to 4.2.3 --- qubes-libvchan-xen/APKBUILD | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index a032f01..45adfb0 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Antoine Martin (ayakael) pkgname=qubes-libvchan-xen -pkgver=4.2.2 +pkgver=4.2.3 pkgrel=0 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." @@ -14,10 +14,7 @@ makedepends="xen-dev coreutils" builddir="$srcdir"/qubes-core-vchan-xen-$pkgver subpackages="$pkgname-dev" -source=" - $pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz - 39_support-changed-libxenctrl-api-xen418.patch - " +source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz" build() { cd "$builddir"/vchan @@ -29,6 +26,5 @@ package() { } sha512sums=" -dbdd32533b7bcabdf0b2c9df8eac9b3eacc75b3b29467ee4d485420817801544a967826ff450d035109f218f2711624c64adbb190c0a83cbad4df7eb56da344e qubes-libvchan-xen-v4.2.2.tar.gz -90a67ff34d3f4aa5a0534fd88192f61e4d1d94cfa26e7b2ae52ecdb0862d5b27500162a7a1eb83db072387a4573f082afdf5482caaf7070d282267ef9e044bad 39_support-changed-libxenctrl-api-xen418.patch +cbdeb025a7bd0c837cb079708b4cfc3b1eda10482999b1eeda33a1cfa2869a4a629d99dd556f9a8b9d83f4b5df9d686b8c524d2093a3bafac35df2192bf2983d qubes-libvchan-xen-v4.2.3.tar.gz " From a1e2bc03ed349f51ba9f8db47c1bfa2eaec50ca4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 20 Apr 2024 17:04:53 -0400 Subject: [PATCH 054/184] qubes-meta-packages: upgrade to 4.2.11 --- qubes-meta-packages/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index bfb245c..a41f1af 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -6,9 +6,9 @@ subpackages=" qubes-vm-dependencies qubes-vm-recommended " -pkgver=4.2.9 +pkgver=4.2.11 _gittag="v$pkgver" -pkgrel=2 +pkgrel=0 pkgdesc="Meta packages for Qubes-specific components" arch="noarch" url="https://github.com/QubesOS/qubes-meta-packages" @@ -39,5 +39,5 @@ recommended() { mkdir -p "$subpkgdir" } sha512sums=" -b30abf53c3cfb90ba7090b227a862f66d71c85021b25e49c9de7d57f77bf6e83a9b730c3d4175ffefa7562952f9be57e4ca6a85552a175716592676413ceee86 qubes-meta-packages-v4.2.9 +f08e8a2d218bbb34fdae0dd21600b6b2500e1a0f8d69fed672818e62b44cf1e40a6a49f7be208b188ac484a6a9368b2e96015a8c1335a5685ffe9308db094b46 qubes-meta-packages-v4.2.11 " From ac0ee6bd66104eac765d522a5191e6a9b30fa9cc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 20 Apr 2024 17:06:59 -0400 Subject: [PATCH 055/184] qubes-usb-proxy: upgrade to 1.2.1 --- qubes-usb-proxy/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index eb91a3c..b93ee50 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -2,9 +2,9 @@ # Contributor: Antoine Martin (ayakael) pkgname=qubes-usb-proxy -pkgver=1.1.5 +pkgver=1.2.1 _gittag="v$pkgver" -pkgrel=3 +pkgrel=0 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" @@ -32,5 +32,5 @@ package() { done } sha512sums=" -27d28faec2ab9cc9df1e361dac244bc1b10afc406860ca2e3fc2dff3b666c6adaed615625aeba785918f8e08cffb215ef028698a178d795e586740caf1566fc9 qubes-usb-proxy-v1.1.5.tar.gz +e034ce9ec163fdcd4ad2ceb0cb1f5158ae670484b589a34ef610731a379f0f76f280cabb195c2e97228bbeb61cfb9296ccc89ad533a050f0d464a50724724cbb qubes-usb-proxy-v1.2.1.tar.gz " From 227af42e30b252f0cc6ea226dd51d7c0290ea625 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 20 Apr 2024 17:08:06 -0400 Subject: [PATCH 056/184] qubes-vm-core: upgrade to 4.2.29 --- qubes-vm-core/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index ecf0479..f0c2df4 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,8 +9,8 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.2.28 -pkgrel=4 +pkgver=4.2.29 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -164,7 +164,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib } sha512sums=" -1e6678f095fff6ec48a7dd8846d05ae1f318c2ec297d5e4b9cc892a8ce39e707049289caf7a9f4bc351ed727c003a09f981fcad62366ef3e0a76459d211204b8 qubes-vm-core-v4.2.28.tar.gz +8d43333ef772fbb7f9b2da9a63ce5d8115215c7a85928389616624c69b851e66da01c4fec184fd8713f01205f7fd19ed3547bedfc796b6ec43ef62412d67e373 qubes-vm-core-v4.2.29.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From 49f1ce1b169b9ec56b8807d4e282584a5c9913dd Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 20 Apr 2024 17:09:09 -0400 Subject: [PATCH 057/184] qubes-vm-gui: upgrade to 4.2.13 --- qubes-vm-gui/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 02147ad..4acf6c0 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -6,8 +6,8 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.2.12 -pkgrel=1 +pkgver=4.2.13 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" @@ -117,7 +117,7 @@ pipewire() { } sha512sums=" -b51a0844ed40ee32a24e01b172d3650203a9423d783c0de40f1725cd17466f3966dcc163afef6d436499a5bb59ef471442ffa5dc534a146139ed431d56de43ee qubes-vm-gui-v4.2.12.tar.gz +c0b7fd5d4f12134b3bd77f1297995bd84c1ecc5db633c02078f621fb4cae3df8f4b7936b4977ce96c0c29f861a504edd70b8b624d166ce0e3b9f86171c1499b9 qubes-vm-gui-v4.2.13.tar.gz f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc From 56cf19c7a0d6a1329a9fe25a01c4d4be4584a136 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 20 Apr 2024 17:10:40 -0400 Subject: [PATCH 058/184] qubes-vm-qrexec: upgrade to 4.2.18 --- qubes-vm-qrexec/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 2df17ad..5eb9671 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -3,9 +3,9 @@ pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" -pkgver=4.2.17 +pkgver=4.2.18 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" @@ -53,7 +53,7 @@ package() { install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent } sha512sums=" -5e4df225e29d9f24823338a03ca40c384fff9c1623d8b718367b65516fe25db7bbb0729dd8323a0366937e756c560a22c9f77ef5fe3717dd2e053f3b5d156879 qubes-vm-qrexec-v4.2.17.tar.gz +ce2dc3bf25bf4c643578345a73ae34b594d0f476f4887c5bd588d9816327e59cff7d2757516ce3ad0a86d21b237bb5be6e45431121c4f2b69099cf608705a963 qubes-vm-qrexec-v4.2.18.tar.gz e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc 3cbe66c8251d0cbe078d78ac9a2aef2d6c095c4f514ff0aab69dd724dee7488cf84dff4af2210d8a2298a052db49e85b0e38ac45456a8aa9bd1e4a7de0311b69 makefile-remove-cc-cflags.patch 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch From d48384836eba7bc3cd64055c754ef7c63c305909 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 3 Jun 2024 08:15:19 -0400 Subject: [PATCH 059/184] gitlab-ci.yml: add 3.20 runners --- .gitlab-ci.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 971d962..ab747b5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -55,6 +55,14 @@ build-v3.19: tags: - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 +build-v3.20: + extends: .build + when: always + variables: + CI_ALPINE_TARGET_RELEASE: v3.20 + tags: + - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 + build-edge: extends: .build when: always From 1673bc8eb384d64b89eb5e34d146e00eb2502730 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 3 Jun 2024 08:15:29 -0400 Subject: [PATCH 060/184] *: bump pkgrel --- qubes-app-linux-druide-antidote/APKBUILD | 2 +- qubes-db-vm/APKBUILD | 5 ++--- qubes-gpg-split/APKBUILD | 5 ++--- qubes-libvchan-xen/APKBUILD | 5 ++--- qubes-meta-packages/APKBUILD | 5 ++--- qubes-pass/APKBUILD | 5 ++--- qubes-usb-proxy/APKBUILD | 5 ++--- qubes-vm-core/APKBUILD | 5 ++--- qubes-vm-gui-dev/APKBUILD | 5 ++--- qubes-vm-gui/APKBUILD | 5 ++--- qubes-vm-qrexec/APKBUILD | 5 ++--- qubes-vm-utils/APKBUILD | 5 ++--- 12 files changed, 23 insertions(+), 34 deletions(-) diff --git a/qubes-app-linux-druide-antidote/APKBUILD b/qubes-app-linux-druide-antidote/APKBUILD index dd234f1..3a6cce4 100644 --- a/qubes-app-linux-druide-antidote/APKBUILD +++ b/qubes-app-linux-druide-antidote/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-app-linux-druide-antidote pkgver=0.0.1_git20240201 _gittag=c724c88aa2a20b1e422b464499015ff05753316d -pkgrel=0 +pkgrel=1 arch="noarch" pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file" url=https://github.com/neowutran/qubes-app-linux-druide-antidote diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index b31b236..48f390c 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -1,10 +1,9 @@ -# Maintainer: Antoine Martin (ayakael) # Contributor: Antoine Martin (ayakael) - +# Maintainer: Antoine Martin (ayakael) pkgname=qubes-db-vm subpackages="$pkgname-openrc" pkgver=4.2.4 -pkgrel=3 +pkgrel=4 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." arch="x86_64" diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index 4d704c8..a3fbbca 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -1,11 +1,10 @@ -# Maintainer: Antoine Martin (ayakael) # Contributor: Antoine Martin (ayakael) - +# Maintainer: Antoine Martin (ayakael) pkgname=qubes-gpg-split subpackages="$pkgname-doc" pkgver=2.0.70 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Used Qubes AppVM as a “smart card”" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-split-gpg" diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index 45adfb0..f26d637 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -1,9 +1,8 @@ -# Maintainer: Antoine Martin (ayakael) # Contributor: Antoine Martin (ayakael) - +# Maintainer: Antoine Martin (ayakael) pkgname=qubes-libvchan-xen pkgver=4.2.3 -pkgrel=0 +pkgrel=1 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index a41f1af..9831571 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -1,6 +1,5 @@ -# Maintainer: Antoine Martin (ayakael) # Contributor: Antoine Martin (ayakael) - +# Maintainer: Antoine Martin (ayakael) pkgname=qubes-meta-packages subpackages=" qubes-vm-dependencies @@ -8,7 +7,7 @@ subpackages=" " pkgver=4.2.11 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Meta packages for Qubes-specific components" arch="noarch" url="https://github.com/QubesOS/qubes-meta-packages" diff --git a/qubes-pass/APKBUILD b/qubes-pass/APKBUILD index 77142e3..85e5703 100644 --- a/qubes-pass/APKBUILD +++ b/qubes-pass/APKBUILD @@ -1,10 +1,9 @@ -# Maintainer: Antoine Martin (ayakael) # Contributor: Antoine Martin (ayakael) - +# Maintainer: Antoine Martin (ayakael) pkgname=qubes-pass pkgver=0.1.0 _gittag="v$pkgver" -pkgrel=2 +pkgrel=3 pkgdesc="An inter-VM password manager for Qubes OS" arch="noarch" url="https://github.com/Rudd-O/qubes-pass" diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index b93ee50..69c1005 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -1,10 +1,9 @@ -# Maintainer: Antoine Martin (ayakael) # Contributor: Antoine Martin (ayakael) - +# Maintainer: Antoine Martin (ayakael) pkgname=qubes-usb-proxy pkgver=1.2.1 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index f0c2df4..eaec588 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -1,6 +1,5 @@ -# Maintainer: Antoine Martin (ayakael) # Contributor: Antoine Martin (ayakael) - +# Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-core subpackages=" qubes-vm-networking:networking:noarch @@ -10,7 +9,7 @@ subpackages=" $pkgname-pyc " pkgver=4.2.29 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" diff --git a/qubes-vm-gui-dev/APKBUILD b/qubes-vm-gui-dev/APKBUILD index ad5390a..9501734 100644 --- a/qubes-vm-gui-dev/APKBUILD +++ b/qubes-vm-gui-dev/APKBUILD @@ -1,10 +1,9 @@ -# Maintainer: Antoine Martin (ayakael) # Contributor: Antoine Martin (ayakael) - +# Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-gui-dev pkgver=4.2.4 _gittag="v$pkgver" -pkgrel=2 +pkgrel=3 pkgdesc="Common files for Qubes GUI - protocol headers." arch="noarch" url="https://github.com/QubesOS/qubes-gui-common" diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 4acf6c0..7ee20d8 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -1,13 +1,12 @@ -# Maintainer: Antoine Martin (ayakael) # Contributor: Antoine Martin (ayakael) - +# Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-gui subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" pkgver=4.2.13 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 5eb9671..399d3e4 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -1,11 +1,10 @@ -# Maintainer: Antoine Martin (ayakael) # Contributor: Antoine Martin (ayakael) - +# Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" pkgver=4.2.18 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 399d398..b262070 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -1,6 +1,5 @@ -# Maintainer: Antoine Martin (ayakael) # Contributor: Antoine Martin (ayakael) - +# Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-utils subpackages=" qubes-vm-kernel-support:support:noarch @@ -8,7 +7,7 @@ subpackages=" $pkgname-pyc " pkgver=4.2.15 -pkgrel=1 +pkgrel=2 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" From 7065956f343178daec9bfce4f0d40ddba16272bc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 3 Jun 2024 10:39:12 -0400 Subject: [PATCH 061/184] gitlab-ci.yml: drop v3.18 --- .gitlab-ci.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ab747b5..19168aa 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -39,14 +39,6 @@ lint: only: - merge_requests -build-v3.18: - extends: .build - when: always - variables: - CI_ALPINE_TARGET_RELEASE: v3.18 - tags: - - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 - build-v3.19: extends: .build when: always From 0a2a71595a30649a468944380ac82817f9de99c6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 09:07:14 -0400 Subject: [PATCH 062/184] qubes-usb-proxy: upgrade to 1.2.2 --- qubes-usb-proxy/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index 69c1005..a048330 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-usb-proxy -pkgver=1.2.1 +pkgver=1.2.2 _gittag="v$pkgver" pkgrel=1 pkgdesc="The Qubes service for proxying USB devices" @@ -31,5 +31,5 @@ package() { done } sha512sums=" -e034ce9ec163fdcd4ad2ceb0cb1f5158ae670484b589a34ef610731a379f0f76f280cabb195c2e97228bbeb61cfb9296ccc89ad533a050f0d464a50724724cbb qubes-usb-proxy-v1.2.1.tar.gz +8083b49c913020e5f44b3b7f051773af0e98f3d4687186358b4f273dd3c8c62cb8eac31af2a6ffe4b9088e18ba92a94d89f5980997bad283026e654466202490 qubes-usb-proxy-v1.2.2.tar.gz " From ef4af36b67d65bb28a2f444fe141e585a8c5cd41 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 09:11:45 -0400 Subject: [PATCH 063/184] qubes-vm-qrexec: upgrade to 4.2.19 --- qubes-vm-qrexec/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 399d3e4..3e761ef 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" -pkgver=4.2.18 +pkgver=4.2.19 _gittag="v$pkgver" pkgrel=1 pkgdesc="The Qubes qrexec files (qube side)" @@ -52,7 +52,7 @@ package() { install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent } sha512sums=" -ce2dc3bf25bf4c643578345a73ae34b594d0f476f4887c5bd588d9816327e59cff7d2757516ce3ad0a86d21b237bb5be6e45431121c4f2b69099cf608705a963 qubes-vm-qrexec-v4.2.18.tar.gz +79481953921e98a1dfeeba02a2be1d2e92fd2ec04c12986aa4f788987c2f74ec2e67e0c20f87e9d329097fccda76ef648dbf02d08affdf7cb43380380afd595d qubes-vm-qrexec-v4.2.19.tar.gz e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc 3cbe66c8251d0cbe078d78ac9a2aef2d6c095c4f514ff0aab69dd724dee7488cf84dff4af2210d8a2298a052db49e85b0e38ac45456a8aa9bd1e4a7de0311b69 makefile-remove-cc-cflags.patch 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch From 55f5330870c64336811d751a9f6ad391a74d3650 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 09:12:26 -0400 Subject: [PATCH 064/184] qubes-vm-utils: upgrade to 4.2.17 --- qubes-vm-utils/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index b262070..ba8a034 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -6,8 +6,8 @@ subpackages=" $pkgname-openrc $pkgname-pyc " -pkgver=4.2.15 -pkgrel=2 +pkgver=4.2.17 +pkgrel=0 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" @@ -59,6 +59,6 @@ support() { install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh } sha512sums=" -ae32941eb11024d2f1e5c6cffa1a61c8408fb6127323a089d2975b275e9ed55be549e6cfc3bc81b2dce758ae9550743032b80fadebd8e8e90fdf026b8f5889ee qubes-vm-utils-v4.2.15.tar.gz +3a3ddd46d94b0fae608dc7436a1a43437968b65830de2c65a5735d3264063df493ce12514071b0214ae3c906c364b420e09fcf569c0395629292b1f34f90dd83 qubes-vm-utils-v4.2.17.tar.gz aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3 qubes-meminfo-writer.openrc " From b5029e0b18683536a00688e347e72cab4e98fa24 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 11:45:32 -0400 Subject: [PATCH 065/184] qubes-vm-utils: bump rel --- qubes-vm-utils/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index ba8a034..99d7e22 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -7,7 +7,7 @@ subpackages=" $pkgname-pyc " pkgver=4.2.17 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" From 80ff2032b4ae51b6fbb4b5ea451e75190277e814 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 11:47:45 -0400 Subject: [PATCH 066/184] qubes-usb-proxy: bump rel --- qubes-usb-proxy/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index a048330..7e9cffe 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-usb-proxy pkgver=1.2.2 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" From 620fb8549f48fb0845284a142c49633ff16825cd Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 11:49:51 -0400 Subject: [PATCH 067/184] qubes-vm-qrexec: bump rel --- qubes-vm-qrexec/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 3e761ef..8db1738 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" pkgver=4.2.19 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" From 2e68f01cbd0a1df7eb87768bb5e7ec08dbd0ab6a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 09:08:46 -0400 Subject: [PATCH 068/184] qubes-vm-core: upgrade to 4.2.35 --- qubes-vm-core/APKBUILD | 8 +++++--- qubes-vm-core/silence-stringop-overread-error.patch | 13 +++++++++++++ 2 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 qubes-vm-core/silence-stringop-overread-error.patch diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index eaec588..5ecf59e 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -8,8 +8,8 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.2.29 -pkgrel=1 +pkgver=4.2.35 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -75,6 +75,7 @@ source=" apk-proxy.sh qvm-sync-clock.sh setupip-do-not-use-systemctl.patch + silence-stringop-overread-error.patch " builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v} @@ -163,7 +164,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib } sha512sums=" -8d43333ef772fbb7f9b2da9a63ce5d8115215c7a85928389616624c69b851e66da01c4fec184fd8713f01205f7fd19ed3547bedfc796b6ec43ef62412d67e373 qubes-vm-core-v4.2.29.tar.gz +bbc98ef29d04ac50fad4ff531fad34578df835820b8bd5c838689254e813124e7bc8536703e246487e4e64470610189cfee2ab773daf8b867b0e1f41419ef1d9 qubes-vm-core-v4.2.35.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc @@ -175,4 +176,5 @@ e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e375201 517d59e4699c24f23ccd59f5d4be3a519a426eee99d742c637fe1a9e69caa073621f4e9362c30182ba5a1a3eb0a769070c96e2c6b24cd8366a1f8f450a0b1c01 apk-proxy.sh cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh eb59321c800e65ce873085a1105b1b697d2a8ecaefcdaa8280a81d0082c0022653ecd746c7ec37e2c544265892afb77531effa17b0fa6c45a6a86925b513bdea setupip-do-not-use-systemctl.patch +6b96edf070706da596e7abcb9fe6419fbf17eecb46cbd65aeceea83d078458efaedfadec33021253c2bd1b356a85fa721316fa18d5a535491004046ba2c812d3 silence-stringop-overread-error.patch " diff --git a/qubes-vm-core/silence-stringop-overread-error.patch b/qubes-vm-core/silence-stringop-overread-error.patch new file mode 100644 index 0000000..2e3e2c4 --- /dev/null +++ b/qubes-vm-core/silence-stringop-overread-error.patch @@ -0,0 +1,13 @@ +diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile +index 63bd924..e5973e6 100644 +--- a/qubes-rpc/Makefile.orig ++++ b/qubes-rpc/Makefile +@@ -11,7 +11,7 @@ ifneq ($(DEBUG),0) + DEBUG_FLAGS := -g + endif + CPPFLAGS := -I. +-CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie $(CFLAGS) ++CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie -Wno-stringop-overread $(CFLAGS) + LDFLAGS := $(DEBUG_FLAGS) -pie $(LDFLAGS) + LDLIBS := -lqubes-rpc-filecopy + From 9917fa1bc23ae1341d8828f6b3adf5388b38316c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 09:10:33 -0400 Subject: [PATCH 069/184] qubes-vm-gui: upgrade to 4.2.14 --- qubes-vm-gui/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 7ee20d8..c2b364e 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -5,8 +5,8 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.2.13 -pkgrel=1 +pkgver=4.2.14 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" @@ -116,7 +116,7 @@ pipewire() { } sha512sums=" -c0b7fd5d4f12134b3bd77f1297995bd84c1ecc5db633c02078f621fb4cae3df8f4b7936b4977ce96c0c29f861a504edd70b8b624d166ce0e3b9f86171c1499b9 qubes-vm-gui-v4.2.13.tar.gz +5e4f323b5378076766169831cdd6dabaf6f0b65003cd8fb52111a9ce8d60424f7617eea085162376101013641c2f01ad8dcbdf1842c11f0e2409fe4a4bc3c97d qubes-vm-gui-v4.2.14.tar.gz f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc From 24126beac809039338327947ac4ecf4f2cee01dc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 12:36:46 -0400 Subject: [PATCH 070/184] gitlab/bin: consider main as r4.3 --- .gitlab/bin/build.sh | 2 +- .gitlab/bin/push.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab/bin/build.sh b/.gitlab/bin/build.sh index 5905fbc..333eab7 100755 --- a/.gitlab/bin/build.sh +++ b/.gitlab/bin/build.sh @@ -81,7 +81,7 @@ get_release() { get_qubes_release() { case $BASEBRANCH in r*) echo $BASEBRANCH;; - master) echo r4.2;; + main) echo r4.3;; *) die "Branch \"$BASEBRANCH\" not supported!" esac } diff --git a/.gitlab/bin/push.sh b/.gitlab/bin/push.sh index 3c35179..b364688 100755 --- a/.gitlab/bin/push.sh +++ b/.gitlab/bin/push.sh @@ -26,7 +26,7 @@ sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/. get_qubes_release() { case $BASEBRANCH in r*) echo $BASEBRANCH;; - master) echo r4.2;; + main) echo r4.3;; *) die "Branch \"$BASEBRANCH\" not supported!" esac } From 2e9c02186681985cf7edeb33701e634484125bdc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 12:38:30 -0400 Subject: [PATCH 071/184] qubes-app-linux-druide-antidore: bump rel --- qubes-app-linux-druide-antidote/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-app-linux-druide-antidote/APKBUILD b/qubes-app-linux-druide-antidote/APKBUILD index 3a6cce4..df073e2 100644 --- a/qubes-app-linux-druide-antidote/APKBUILD +++ b/qubes-app-linux-druide-antidote/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-app-linux-druide-antidote pkgver=0.0.1_git20240201 _gittag=c724c88aa2a20b1e422b464499015ff05753316d -pkgrel=1 +pkgrel=2 arch="noarch" pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file" url=https://github.com/neowutran/qubes-app-linux-druide-antidote From bee9163ca4c72ab560a3037f1c1f311fcc6175d1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 12:39:49 -0400 Subject: [PATCH 072/184] qubes-db-vm: upgrade to 4.2.6 --- qubes-db-vm/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index 48f390c..8541e2a 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -2,8 +2,8 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-db-vm subpackages="$pkgname-openrc" -pkgver=4.2.4 -pkgrel=4 +pkgver=4.2.6 +pkgrel=0 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." arch="x86_64" @@ -43,7 +43,7 @@ package() { install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db } sha512sums=" -c252772c53b3cb6727f6d7c1ea13d54fc0a55e6dd558244da12e17b8a9ab80c338281f6123dc1f08965d310cab5ef8684266bfd4f47ac344c4f35851ce5f7f9f qubes-db-vm-v4.2.4.tar.gz +182ae7edb7235a21c45334d8d7aa20a7a9f63056d411fe66fe20d67ea0de7cf63d2a79886016561f69c5f444704f3728ee7b1aa6343f5ce15667ba458c08c9c7 qubes-db-vm-v4.2.6.tar.gz af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207 0001-musl-build.patch 892eb29b9bab4d9e662678d13a5607df04cdb024c2f28332f40fa4b7c644476a4b26a9fc038dfcdac1e0b8d328165d21d50d894d2c1e27f792287dd57449e7eb 0001-create_pidfile.patch 3d87f82d3637cf10bf1a3058ebbd2590ab17f65d1b49058f62d892f126635497abd5045f6797bc8069e5de08bb6e08fc6146deb6422090ad02122764cc6d72f0 qubes-db.openrc From 9c720e6fa994ddbc68bcd8c30c750b8209488b3b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 12:40:41 -0400 Subject: [PATCH 073/184] qubes-gpg-split: upgrade to 2.0.71 --- qubes-gpg-split/APKBUILD | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index a3fbbca..96a7be1 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -2,9 +2,9 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-gpg-split subpackages="$pkgname-doc" -pkgver=2.0.70 +pkgver=2.0.71 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="Used Qubes AppVM as a “smart card”" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-split-gpg" @@ -29,10 +29,7 @@ build() { package() { make install-vm DESTDIR="$pkgdir" - - # Alpine packaging guidelines: /var/run is a symlink to a tmpfs. Don't create it. - rm -r "$pkgdir/var/run" } sha512sums=" -a38ca61433c16168f44ef458f9fbc7eb37712f6edfb2bde7af7e08c6d98907e2038335ccda402b97a7940286af58be197a0bea3a20f5843b292766c7277a8350 qubes-gpg-split-v2.0.70.tar.gz +fb0d2b48e0e742cfb25fd85728370eb3eb02071e94c737ac885919f79dc4e62901b3ce80e06a6233767b71826c967ab1de3ca700edc19a7276a456456deb8ecb qubes-gpg-split-v2.0.71.tar.gz " From 8d62b30e1e8d3986736533f285ffc6666740171c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 12:41:21 -0400 Subject: [PATCH 074/184] qubes-libvchan-xen: bump pkgrel --- qubes-libvchan-xen/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index f26d637..977ebaa 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-libvchan-xen pkgver=4.2.3 -pkgrel=1 +pkgrel=2 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" From 26dee9677c43ff2eea35c1389e996ee40c807af5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 12:41:57 -0400 Subject: [PATCH 075/184] qubes-meta-packages: upgrade to 4.3.0 --- qubes-meta-packages/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index 9831571..7a16163 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -5,9 +5,9 @@ subpackages=" qubes-vm-dependencies qubes-vm-recommended " -pkgver=4.2.11 +pkgver=4.3.0 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="Meta packages for Qubes-specific components" arch="noarch" url="https://github.com/QubesOS/qubes-meta-packages" @@ -38,5 +38,5 @@ recommended() { mkdir -p "$subpkgdir" } sha512sums=" -f08e8a2d218bbb34fdae0dd21600b6b2500e1a0f8d69fed672818e62b44cf1e40a6a49f7be208b188ac484a6a9368b2e96015a8c1335a5685ffe9308db094b46 qubes-meta-packages-v4.2.11 +7567bc7edd6a17315bb5a968ff512a7758ef9697d11ed5200f8ffefe7069b0ebbbb790bffdc7a8717b9707c24309bb6d83cfc6306eb1d48724480af36ba95594 qubes-meta-packages-v4.3.0 " From 4254194dd5ab47c57678c5881a26320347c29985 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 12:42:31 -0400 Subject: [PATCH 076/184] qubes-pass: push rel --- qubes-pass/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-pass/APKBUILD b/qubes-pass/APKBUILD index 85e5703..1ea33cf 100644 --- a/qubes-pass/APKBUILD +++ b/qubes-pass/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-pass pkgver=0.1.0 _gittag="v$pkgver" -pkgrel=3 +pkgrel=4 pkgdesc="An inter-VM password manager for Qubes OS" arch="noarch" url="https://github.com/Rudd-O/qubes-pass" From e06a14c1c26a8c6eef927cfc342e8672492b7f00 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 12:43:07 -0400 Subject: [PATCH 077/184] qubes-usb-proxy; upgrade to 1.3.0 --- qubes-usb-proxy/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index 7e9cffe..d5d213f 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-usb-proxy -pkgver=1.2.2 +pkgver=1.3.0 _gittag="v$pkgver" -pkgrel=2 +pkgrel=0 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" @@ -31,5 +31,5 @@ package() { done } sha512sums=" -8083b49c913020e5f44b3b7f051773af0e98f3d4687186358b4f273dd3c8c62cb8eac31af2a6ffe4b9088e18ba92a94d89f5980997bad283026e654466202490 qubes-usb-proxy-v1.2.2.tar.gz +822718decff8d2d15e56208b51603d3104cacb42981576985c2955e2bb73a66119397359314ebb6e6b52e3985b4d797e02b1074faf40aa6ca9cce067c753d830 qubes-usb-proxy-v1.3.0.tar.gz " From 1f86673220bc2e5a93c2274653c94c9c6a2d656d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 12:43:54 -0400 Subject: [PATCH 078/184] qubes-vm-core: upgrade to 4.3.4 --- qubes-vm-core/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 5ecf59e..e49d7c3 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -8,7 +8,7 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.2.35 +pkgver=4.3.4 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." @@ -164,7 +164,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib } sha512sums=" -bbc98ef29d04ac50fad4ff531fad34578df835820b8bd5c838689254e813124e7bc8536703e246487e4e64470610189cfee2ab773daf8b867b0e1f41419ef1d9 qubes-vm-core-v4.2.35.tar.gz +2fa1274cf52d3a81308685dd2522e3787b97bf74135a2333a2271882b498ac600e3f862d6f07dec387864407951423913114a1c7c10ef0d51bb96c23c5dc2cf7 qubes-vm-core-v4.3.4.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From 47011fa7a7c405545e7efeccbc99de8691e74ef7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 12:44:28 -0400 Subject: [PATCH 079/184] qubes-vm-gui: upgrade to 4.2.16 --- qubes-vm-gui/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index c2b364e..2416454 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -5,7 +5,7 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.2.14 +pkgver=4.2.16 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" @@ -116,7 +116,7 @@ pipewire() { } sha512sums=" -5e4f323b5378076766169831cdd6dabaf6f0b65003cd8fb52111a9ce8d60424f7617eea085162376101013641c2f01ad8dcbdf1842c11f0e2409fe4a4bc3c97d qubes-vm-gui-v4.2.14.tar.gz +38e63b09f62b07785c199d71959d8c7387b75509b9b234cae1325f700509f8f2afcc1acaf8766c22768acb4508cbb8fed80da04c974eeafd9f1099e5a37893f2 qubes-vm-gui-v4.2.16.tar.gz f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc From 55581b72cbb8de78a3d445fdbebaf516a46f0118 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 12:45:24 -0400 Subject: [PATCH 080/184] qubes-vm-qrexec: upgrade to 4.2.21 --- qubes-vm-qrexec/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 8db1738..0f50046 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -2,9 +2,9 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" -pkgver=4.2.19 +pkgver=4.2.21 _gittag="v$pkgver" -pkgrel=2 +pkgrel=0 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" @@ -52,7 +52,7 @@ package() { install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent } sha512sums=" -79481953921e98a1dfeeba02a2be1d2e92fd2ec04c12986aa4f788987c2f74ec2e67e0c20f87e9d329097fccda76ef648dbf02d08affdf7cb43380380afd595d qubes-vm-qrexec-v4.2.19.tar.gz +756d349e9322da6fd96e737c3f4430b503abba90ac0a6ca6b9b92cbce656f4e714c4e39aff7b9cfc302629ff15011e5ca7d8e273840b314b78d1f5823ff00c6c qubes-vm-qrexec-v4.2.21.tar.gz e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc 3cbe66c8251d0cbe078d78ac9a2aef2d6c095c4f514ff0aab69dd724dee7488cf84dff4af2210d8a2298a052db49e85b0e38ac45456a8aa9bd1e4a7de0311b69 makefile-remove-cc-cflags.patch 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch From 4472d7d6a27b855561b3199369c0f2200d6c6da0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 12:45:59 -0400 Subject: [PATCH 081/184] qubes-vm-utils: upgrade to 4.3.3 --- qubes-vm-utils/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 99d7e22..70bc8e2 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -6,8 +6,8 @@ subpackages=" $pkgname-openrc $pkgname-pyc " -pkgver=4.2.17 -pkgrel=1 +pkgver=4.3.3 +pkgrel=0 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" @@ -59,6 +59,6 @@ support() { install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh } sha512sums=" -3a3ddd46d94b0fae608dc7436a1a43437968b65830de2c65a5735d3264063df493ce12514071b0214ae3c906c364b420e09fcf569c0395629292b1f34f90dd83 qubes-vm-utils-v4.2.17.tar.gz +95da1f511bb30bca2f895111d91f901a8d17077ea5bf6a363891557e24f3a7bc40b2450eae476932b2450749ff8a94dd78c7590bef428c7ba2d647ebbcf5a86b qubes-vm-utils-v4.3.3.tar.gz aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3 qubes-meminfo-writer.openrc " From 1a7b0e2a7fd0e434a8da22120bb1dd89c00682e8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 13:07:26 -0400 Subject: [PATCH 082/184] qubes-vm-gui-dev: bump pkgrel --- qubes-vm-gui-dev/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-vm-gui-dev/APKBUILD b/qubes-vm-gui-dev/APKBUILD index 9501734..ec408aa 100644 --- a/qubes-vm-gui-dev/APKBUILD +++ b/qubes-vm-gui-dev/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-vm-gui-dev pkgver=4.2.4 _gittag="v$pkgver" -pkgrel=3 +pkgrel=4 pkgdesc="Common files for Qubes GUI - protocol headers." arch="noarch" url="https://github.com/QubesOS/qubes-gui-common" From 0c45e05df1fbe4c17542bb02d38cae6d275a34bd Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 13:14:44 -0400 Subject: [PATCH 083/184] README: update for r4.3 --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 089400a..7cfb296 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,10 @@ Linux template. The upstream repo uses GitLab's CI to build and deploy packages targetting multiple Alpine Linux versions. QubesOS releases are tracked using branches. +Note for `main` branch: This is currently tracking r4.3 packages, thus are +experimental. Use this branch at your own risk. For latest r4.2 packages, +navigate to that branch. + #### Template builder The template builder is housed in its [own repo](https://lab.ilot.io/ayakael/qubes-builder-alpine). RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate From c04972d9f19f70bcb545e7b6b0a4eb6edcbc97ef Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 27 Jul 2024 00:09:09 -0400 Subject: [PATCH 084/184] qubes-usb-proxy: fix usb import --- qubes-usb-proxy/APKBUILD | 10 +++++++--- qubes-usb-proxy/usb-import-alpine-udevadm.patch | 13 +++++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 qubes-usb-proxy/usb-import-alpine-udevadm.patch diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index d5d213f..2c8a182 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-usb-proxy pkgver=1.3.0 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" @@ -18,7 +18,10 @@ makedepends=" make pkgconf " -source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz" +source=" + $pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz + usb-import-alpine-udevadm.patch + " builddir="$srcdir"/qubes-app-linux-usb-proxy-${_gittag/v} package() { @@ -26,10 +29,11 @@ package() { # replace all shebangs with /bin/sh as qubes expects bash # shellcheck disable=SC2013 - for i in $(grep '/bin/sh' -Rl .); do + for i in $(grep '/bin/sh' -Rl "$pkgdir"); do sed -i 's|/bin/sh|/bin/bash|' "$i" done } sha512sums=" 822718decff8d2d15e56208b51603d3104cacb42981576985c2955e2bb73a66119397359314ebb6e6b52e3985b4d797e02b1074faf40aa6ca9cce067c753d830 qubes-usb-proxy-v1.3.0.tar.gz +d0eb969122a41be8fa9647ca824aabf3cb3d39324b156b3e05872099e7c4b600dbc8060ab2a63186d84f60364c28c5db9da4d06e37ad36877a2222bdc2cdbd74 usb-import-alpine-udevadm.patch " diff --git a/qubes-usb-proxy/usb-import-alpine-udevadm.patch b/qubes-usb-proxy/usb-import-alpine-udevadm.patch new file mode 100644 index 0000000..adb4ccb --- /dev/null +++ b/qubes-usb-proxy/usb-import-alpine-udevadm.patch @@ -0,0 +1,13 @@ +diff --git a/src/usb-import.orig b/src/usb-import +index 7b17799..e718795 100755 +--- a/src/usb-import.orig ++++ b/src/usb-import +@@ -95,7 +95,7 @@ wait_for_attached() { + ERROR "Attach timeout, check kernel log for details." + fi + done +- [ -f "/usr/bin/udevadm" ] && udevadm settle ++ [ -f "/bin/udevadm" ] && udevadm settle + } + + wait_for_detached() { From fbba245e392f2873fe2018f953e61aac756cb962 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 27 Jul 2024 00:35:48 -0400 Subject: [PATCH 085/184] qubes-input-proxy: new aport --- qubes-input-proxy/APKBUILD | 41 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 qubes-input-proxy/APKBUILD diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD new file mode 100644 index 0000000..f5d15c9 --- /dev/null +++ b/qubes-input-proxy/APKBUILD @@ -0,0 +1,41 @@ +# Contributor: Antoine Martin (ayakael) +# Maintainer: Antoine Martin (ayakael) +pkgname=qubes-input-proxy +pkgver=1.0.37 +_gittag=v$pkgver +pkgrel=0 +pkgdesc="The Qubes service for proxying input devices" +arch="x86_64" +url="http://qubes-os.org/" +license='GPL' +depends=" + usbutils + qubes-vm-core + " +makedepends="linux-headers" +source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-input-proxy/archive/refs/tags/$_gittag.tar.gz" +builddir="$srcdir"/qubes-app-linux-input-proxy-$pkgver + +build() { + make all \ + LIBDIR=/usr/lib \ + USRLIBDIR=/usr/lib \ + SYSLIBDIR=/usr/lib +} + +package() { + make install-vm \ + DESTDIR="$pkgdir" \ + LIBDIR=/usr/lib \ + USRLIBDIR=/usr/lib \ + SYSLIBDIR=/usr/lib + + # replace all shebangs with /bin/sh as qubes expects bash + # shellcheck disable=SC2013 + for i in $(grep '/bin/sh' -Rl "$pkgdir"); do + sed -i 's|/bin/sh|/bin/bash|' "$i" + done +} +sha512sums=" +0abe75960531c96f2760a462710de2d5e54d95792d719e42d7ae7e2a22b586e4573835584df74ba288e761ed64149f6a951c19301039cf3293621b4032085292 qubes-input-proxy-v1.0.37.tar.gz +" From 339e3da21b5c899e939e2f745e42b116e69a5906 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 27 Jul 2024 14:59:43 -0400 Subject: [PATCH 086/184] qubes-input-proxy: add openrc support --- qubes-input-proxy/APKBUILD | 16 +++- qubes-input-proxy/makefile_skip-systemd.patch | 18 ++++ qubes-input-proxy/qubes-input-sender.openrc | 28 ++++++ .../qubes-input-trigger_use-openrc.patch | 92 +++++++++++++++++++ 4 files changed, 152 insertions(+), 2 deletions(-) create mode 100644 qubes-input-proxy/makefile_skip-systemd.patch create mode 100755 qubes-input-proxy/qubes-input-sender.openrc create mode 100644 qubes-input-proxy/qubes-input-trigger_use-openrc.patch diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index f5d15c9..d32f375 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-input-proxy pkgver=1.0.37 _gittag=v$pkgver -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes service for proxying input devices" arch="x86_64" url="http://qubes-os.org/" @@ -13,7 +13,13 @@ depends=" qubes-vm-core " makedepends="linux-headers" -source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-input-proxy/archive/refs/tags/$_gittag.tar.gz" +subpackages="$pkgname-openrc" +source=" + $pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-input-proxy/archive/refs/tags/$_gittag.tar.gz + qubes-input-trigger_use-openrc.patch + makefile_skip-systemd.patch + qubes-input-sender.openrc + " builddir="$srcdir"/qubes-app-linux-input-proxy-$pkgver build() { @@ -35,7 +41,13 @@ package() { for i in $(grep '/bin/sh' -Rl "$pkgdir"); do sed -i 's|/bin/sh|/bin/bash|' "$i" done + + # move openrc to init.d + install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender } sha512sums=" 0abe75960531c96f2760a462710de2d5e54d95792d719e42d7ae7e2a22b586e4573835584df74ba288e761ed64149f6a951c19301039cf3293621b4032085292 qubes-input-proxy-v1.0.37.tar.gz +53f898f4d611e0a9be18127cff90ebc3946dc7e270548a84407067b02cb918546e8425c1722a60efb73b93af05c79889eaa16a4c7d596c948fdb9291d218c803 qubes-input-trigger_use-openrc.patch +21e7b95c94ec1a3f3499e79cf8b1931da2c3e33d8f1af2efe6b52b7e2678d4648bb0597b3a4a95cc10d0ca3cb83df93075b99cf1b615d8493a9e2fd21fb7f8f7 makefile_skip-systemd.patch +2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299 qubes-input-sender.openrc " diff --git a/qubes-input-proxy/makefile_skip-systemd.patch b/qubes-input-proxy/makefile_skip-systemd.patch new file mode 100644 index 0000000..8fc8504 --- /dev/null +++ b/qubes-input-proxy/makefile_skip-systemd.patch @@ -0,0 +1,18 @@ +diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile +index 22ec526..bf7e0ea 100644 +--- a/qubes-rpc/Makefile.orig ++++ b/qubes-rpc/Makefile +@@ -12,13 +12,6 @@ install-dom0: + $(DESTDIR)/etc/qubes-rpc/policy/qubes.InputTablet + + install-vm: +- install -d $(DESTDIR)$(USRLIBDIR)/systemd/system +- install -m 0644 \ +- qubes-input-sender-keyboard@.service \ +- qubes-input-sender-keyboard-mouse@.service \ +- qubes-input-sender-mouse@.service \ +- qubes-input-sender-tablet@.service \ +- $(DESTDIR)$(USRLIBDIR)/systemd/system + install -d $(DESTDIR)$(LIBDIR)/udev/rules.d + install -m 0644 qubes-input-proxy.rules \ + $(DESTDIR)$(LIBDIR)/udev/rules.d/90-qubes-input-proxy.rules diff --git a/qubes-input-proxy/qubes-input-sender.openrc b/qubes-input-proxy/qubes-input-sender.openrc new file mode 100755 index 0000000..0f67937 --- /dev/null +++ b/qubes-input-proxy/qubes-input-sender.openrc @@ -0,0 +1,28 @@ +#!/sbin/openrc-run + +name=$RC_SVCNAME +cfgfile="/etc/qubes/$RC_SVCNAME.conf" +input="${RC_SVCNAME/*.}" +svcname="${RC_SVCNAME/.*}." +type="${RC_SVCNAME%.*}" +type="${type/$svcname/}" +type="$(echo $type | sed 's/.*/\u&/')" +command="/usr/bin/qubes-input-sender" +command_args="qubes.Input$type /dev/input/$input dom0" +command_user="root" +pidfile="/run/qubes/$RC_SVCNAME.pid" +start_stop_daemon_args="" +command_background="true" +output_log="/var/log/qubes/$RC_SVCNAME.log" +error_log="/var/log/qubes/$RC_SVCNAME.err" + +start_pre() { + checkpath --directory --owner $command_user:qubes --mode 0775 \ + /run/qubes \ + /var/log/qubes \ + /var/run/qubes +} + +stop_post() { + pkill -f "input-proxy-sender /dev/input/$input" || true +} diff --git a/qubes-input-proxy/qubes-input-trigger_use-openrc.patch b/qubes-input-proxy/qubes-input-trigger_use-openrc.patch new file mode 100644 index 0000000..2c49700 --- /dev/null +++ b/qubes-input-proxy/qubes-input-trigger_use-openrc.patch @@ -0,0 +1,92 @@ +diff --git a/qubes-rpc/qubes-input-trigger.orig b/qubes-rpc/qubes-input-trigger +index 5fa0e5a..0dd3773 100755 +--- a/qubes-rpc/qubes-input-trigger.orig ++++ b/qubes-rpc/qubes-input-trigger +@@ -42,48 +42,68 @@ def get_service_name(udevreturn, input_dev): + ('ID_INPUT_TOUCHPAD' in udevreturn) or + ('QEMU_USB_Tablet' in udevreturn) + ) and 'ID_INPUT_KEY' not in udevreturn: +- service = 'qubes-input-sender-tablet' ++ service = 'qubes-input-sender.tablet' + # PiKVM "mouse" is special, as it sends absolute events + elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_USB_VENDOR=PiKVM' in udevreturn: +- service = 'qubes-input-sender-tablet' ++ service = 'qubes-input-sender.tablet' + elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' not in udevreturn: +- service = 'qubes-input-sender-mouse' ++ service = 'qubes-input-sender.mouse' + elif 'ID_INPUT_KEY' in udevreturn and 'ID_INPUT_MOUSE' not in udevreturn: +- service = 'qubes-input-sender-keyboard' ++ service = 'qubes-input-sender.keyboard' + elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' in udevreturn: +- service = 'qubes-input-sender-keyboard-mouse' ++ service = 'qubes-input-sender.keyboardmouse' + + if service: +- service = '{}@{}.service'.format(service, input_dev) ++ service = '{}.{}'.format(service, input_dev) + + return service + + + def handle_service(service, action): +- retcode = subprocess.call( +- ["/bin/systemctl", "is-active", "--quiet", "service", service]) ++ serviceFile = os.path.join("/etc/init.d", service) ++ ++ sudo = [] ++ if os.getuid() != 0: ++ sudo = ["sudo"] ++ + if action == "add": +- systemctl_action = "start" ++ # create service link is not created ++ serviceFile = os.path.join("/etc/init.d", service) ++ if not os.path.exists(serviceFile): ++ subprocess.call( ++ ["/bin/ln", "-s", "/etc/init.d/qubes-input-sender", serviceFile]) ++ + # Ignore if service is already started ++ retcode = subprocess.call( ++ ["/sbin/rc-service","--quiet", service, "status"]) + if retcode == 0: + return ++ ++ subprocess.call( ++ sudo + ["/sbin/service", service, "start"]) ++ + elif action == "remove": +- systemctl_action = "stop" ++ # Ignore if service does not exist ++ if not os.path.exists(serviceFile): ++ return ++ + # Ignore if service is not active +- if retcode != 0: ++ retcode = subprocess.call( ++ ["/sbin/rc-service", "--quiet", service, "status"]) ++ if retcode == 3: + return ++ ++ subprocess.call( ++ sudo + ["/sbin/service", service, "stop"]) ++ ++ # remove ln once stopped ++ if os.path.exists(serviceFile): ++ subprocess.call( ++ sudo + ["/bin/rm", serviceFile]) + else: + print("Unknown action: %s" % action) + sys.exit(1) + +- sudo = [] +- if os.getuid() != 0: +- sudo = ["sudo"] +- +- subprocess.call( +- sudo + ["/bin/systemctl", "--no-block", systemctl_action, service]) +- +- + def handle_event(input_dev, action, dom0): + udevreturn = None + if 'event' in input_dev: # if filename contains 'event' From 34f3abf6b12e2031b662d577bf9dcf72eade4d51 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 27 Jul 2024 16:05:50 -0400 Subject: [PATCH 087/184] qubes-vm-core: pull findutils depend --- qubes-vm-core/APKBUILD | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index e49d7c3..918449a 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,7 +9,7 @@ subpackages=" $pkgname-pyc " pkgver=4.3.4 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -27,6 +27,7 @@ depends=" e2fsprogs-extra ethtool fakeroot + findutils gawk grep haveged From 01db78f365599cf4d924cca51fa371142b269d23 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 27 Jul 2024 16:48:00 -0400 Subject: [PATCH 088/184] qubes-pass: add service subpackage --- qubes-pass/APKBUILD | 12 +++++++++++- qubes-pass/service-passquery.sh | 13 +++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 qubes-pass/service-passquery.sh diff --git a/qubes-pass/APKBUILD b/qubes-pass/APKBUILD index 1ea33cf..0f63e26 100644 --- a/qubes-pass/APKBUILD +++ b/qubes-pass/APKBUILD @@ -14,11 +14,21 @@ makedepends=" pkgconf " options="!check" -source="$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz" +subpackages="$pkgname-service" +source=" + $pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz + service-passquery.sh + " package() { make install-client DESTDIR="$pkgdir" } + +service() { + make -C "$builddir" install-service DESTDIR="$subpkgdir" + install -Dm755 "$srcdir"/service-passquery.sh "$subpkgdir"/etc/qubes-rpc/ruddo.PassQuery +} sha512sums=" b304bf8e6b8d04e7df4b52a02984ab03b6f3221c9178f1d91c99cab61e8b5ded45500b51de6d89aa76f4e73c0a3670ce6d07649c0ac159d048c3f0ac736c4d63 qubes-pass-v0.1.0.tar.gz +77807ba7bd8e1627785358ef2f9e165712ef41ef76f11e7a7b989b1057f462abc433df96265c6c7d669f81e39d89de0f7ea3dcbb207c5a7a22738b843fd7e160 service-passquery.sh " diff --git a/qubes-pass/service-passquery.sh b/qubes-pass/service-passquery.sh new file mode 100644 index 0000000..78fa74f --- /dev/null +++ b/qubes-pass/service-passquery.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +read -n 4096 cmd +cmd=$(echo "$cmd" | base64 -d) + +if [ "$cmd" == "list-files" ] ; then + + logger -t ruddo.PassQuery "requested password file list" + exec pass git ls-files | sed -e '/.gitattributes/d' -e '/.gpg-id/d' + +fi From cc021097dcb428c1e9164ac4bd4e4e23268f254e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 27 Jul 2024 17:33:00 -0400 Subject: [PATCH 089/184] qubes-usb-proxy: add vhci-hcd module to modules-load.d --- qubes-usb-proxy/APKBUILD | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index 2c8a182..bd8f336 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-usb-proxy pkgver=1.3.0 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" @@ -32,6 +32,9 @@ package() { for i in $(grep '/bin/sh' -Rl "$pkgdir"); do sed -i 's|/bin/sh|/bin/bash|' "$i" done + + mkdir -p "$pkgdir"/etc/modules-load.d + echo "vhci-hcd" > "$pkgdir"/etc/modules-load.d/qubes-usb-proxy.conf } sha512sums=" 822718decff8d2d15e56208b51603d3104cacb42981576985c2955e2bb73a66119397359314ebb6e6b52e3985b4d797e02b1074faf40aa6ca9cce067c753d830 qubes-usb-proxy-v1.3.0.tar.gz From bd6e8cac435378d56ed9ea8f8c6174e37a00a40e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 27 Jul 2024 18:42:15 -0400 Subject: [PATCH 090/184] qubes-usb-proxy: fix usb reset with udevadm --- qubes-usb-proxy/APKBUILD | 2 +- qubes-usb-proxy/usb-import-alpine-udevadm.patch | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index bd8f336..bd6f246 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -38,5 +38,5 @@ package() { } sha512sums=" 822718decff8d2d15e56208b51603d3104cacb42981576985c2955e2bb73a66119397359314ebb6e6b52e3985b4d797e02b1074faf40aa6ca9cce067c753d830 qubes-usb-proxy-v1.3.0.tar.gz -d0eb969122a41be8fa9647ca824aabf3cb3d39324b156b3e05872099e7c4b600dbc8060ab2a63186d84f60364c28c5db9da4d06e37ad36877a2222bdc2cdbd74 usb-import-alpine-udevadm.patch +c6519982f7eef8586ee823dc96efa7b1b90f489114edcc348bc5221837090d19a2a3533eac83e3269ba68c2cf24447c018e0ac850ed1423a1280ebae364223fa usb-import-alpine-udevadm.patch " diff --git a/qubes-usb-proxy/usb-import-alpine-udevadm.patch b/qubes-usb-proxy/usb-import-alpine-udevadm.patch index adb4ccb..12a2234 100644 --- a/qubes-usb-proxy/usb-import-alpine-udevadm.patch +++ b/qubes-usb-proxy/usb-import-alpine-udevadm.patch @@ -11,3 +11,17 @@ index 7b17799..e718795 100755 } wait_for_detached() { +diff --git a/src/usb-export.orig b/src/usb-export +index ad2ab2b..37cff16 100755 +--- a/src/usb-export.orig ++++ b/src/usb-export +@@ -110,8 +110,7 @@ if [ -n "$attach_to_usbip" ]; then + echo "$busid" > "$SYS_USBIP_HOST/bind" || exit 1 + + # optionally reset the device to clear any state from previous driver +- reset_on_attach=$(udevadm info --query=property \ +- --value --property=QUBES_USB_RESET --path="$devpath") ++ reset_on_attach=$(udevadm info --query=property --path="$devpath" | awk -F "=" '{if($1=="QUBES_USB_RESET"){print $2}}' ) + if [ -f /run/qubes-service/usb-reset-on-attach ]; then + reset_on_attach=1 + fi From 264c954d9ba23b484600bdcc628537b35df9e62c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 27 Jul 2024 18:46:06 -0400 Subject: [PATCH 091/184] qubes-vm-core: add missing rsvg-convert and dbus-x11 depend --- qubes-vm-core/APKBUILD | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 918449a..c04a910 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,7 +9,7 @@ subpackages=" $pkgname-pyc " pkgver=4.3.4 -pkgrel=1 +pkgrel=2 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -19,6 +19,7 @@ options="!check" # No testsuite depends=" blkid coreutils + dbus-x11 dconf desktop-file-utils device-mapper @@ -43,6 +44,7 @@ depends=" qubes-db-vm qubes-libvchan-xen qubes-vm-utils + rsvg-convert sed socat xdg-utils From a7e184bf93da53a4a4486edbabc131e0d6561605 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 10 Aug 2024 12:01:01 -0400 Subject: [PATCH 092/184] gitlab-ci: use git-annex instead of git-lfs --- .gitlab-ci.yml | 2 +- .gitlab/bin/build.sh | 2 +- .gitlab/bin/push.sh | 8 +++++--- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 19168aa..9fdf349 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -69,7 +69,7 @@ push: stage: deploy script: - | - sudo apk add abuild git-lfs findutils + sudo apk add abuild git-annex findutils export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin" push.sh rules: diff --git a/.gitlab/bin/build.sh b/.gitlab/bin/build.sh index 333eab7..5905fbc 100755 --- a/.gitlab/bin/build.sh +++ b/.gitlab/bin/build.sh @@ -81,7 +81,7 @@ get_release() { get_qubes_release() { case $BASEBRANCH in r*) echo $BASEBRANCH;; - main) echo r4.3;; + master) echo r4.2;; *) die "Branch \"$BASEBRANCH\" not supported!" esac } diff --git a/.gitlab/bin/push.sh b/.gitlab/bin/push.sh index b364688..47185e7 100755 --- a/.gitlab/bin/push.sh +++ b/.gitlab/bin/push.sh @@ -26,7 +26,7 @@ sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/. get_qubes_release() { case $BASEBRANCH in r*) echo $BASEBRANCH;; - main) echo r4.3;; + master) echo r4.2;; *) die "Branch \"$BASEBRANCH\" not supported!" esac } @@ -40,9 +40,11 @@ for release in $(find packages -type d -maxdepth 1 -mindepth 1 -printf '%f\n'); git -C $HOME/repo-apk checkout $release git -C $HOME/repo-apk pull --rebase else - git clone git@lab.ilot.io:ayakael/repo-apk -b $release $HOME/repo-apk + git clone forgejo@ayakael.net:forge/repo-apk.git -b $BASEBRANCH $HOME/repo-apk fi + git -C $HOME/repo-apk annex sync --content + for i in $(find packages/$release -type f -name "*.apk"); do install -vDm644 $i ${i/packages\/$release\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL} done @@ -61,5 +63,5 @@ for release in $(find packages -type d -maxdepth 1 -mindepth 1 -printf '%f\n'); git -C $HOME/repo-apk add . git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE" - git -C $HOME/repo-apk push + git -C $HOME/repo-apk annex sync --content done From 1a3e88d9553a5656159aa32c71a7729e52db4eb9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 15 Aug 2024 21:59:02 -0400 Subject: [PATCH 093/184] gitlab-ci: drop for forgejo-ci --- .gitlab-ci.yml | 80 ---------- .gitlab/bin/APKBUILD_SHIM | 111 ------------- .gitlab/bin/apkbuild-shellcheck | 16 -- .gitlab/bin/build.sh | 270 -------------------------------- .gitlab/bin/changed-aports | 20 --- .gitlab/bin/functions.sh | 63 -------- .gitlab/bin/lint | 96 ------------ .gitlab/bin/push.sh | 67 -------- 8 files changed, 723 deletions(-) delete mode 100644 .gitlab-ci.yml delete mode 100755 .gitlab/bin/APKBUILD_SHIM delete mode 100755 .gitlab/bin/apkbuild-shellcheck delete mode 100755 .gitlab/bin/build.sh delete mode 100755 .gitlab/bin/changed-aports delete mode 100755 .gitlab/bin/functions.sh delete mode 100755 .gitlab/bin/lint delete mode 100755 .gitlab/bin/push.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 9fdf349..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,80 +0,0 @@ -stages: - - verify - - build - - deploy - -variables: - GIT_STRATEGY: clone - GIT_DEPTH: "500" - -lint: - stage: verify - interruptible: true - script: - - | - sudo apk add shellcheck atools sudo abuild - export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin" - lint - allow_failure: true - only: - - merge_requests - tags: - - apk-v3.18-x86_64 - -.build: - stage: build - interruptible: true - script: - - | - sudo apk add alpine-sdk lua-aports sudo - sudo addgroup $USER abuild - export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin" - sudo -Eu $USER build.sh - artifacts: - paths: - - packages/ - - keys/ - - logs/ - expire_in: 7 days - only: - - merge_requests - -build-v3.19: - extends: .build - when: always - variables: - CI_ALPINE_TARGET_RELEASE: v3.19 - tags: - - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 - -build-v3.20: - extends: .build - when: always - variables: - CI_ALPINE_TARGET_RELEASE: v3.20 - tags: - - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 - -build-edge: - extends: .build - when: always - variables: - CI_ALPINE_TARGET_RELEASE: edge - tags: - - apk-$CI_ALPINE_TARGET_RELEASE-x86_64 - - -push: - interruptible: true - stage: deploy - script: - - | - sudo apk add abuild git-annex findutils - export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin" - push.sh - rules: - - if: $CI_PIPELINE_SOURCE == "merge_request_event" - when: manual - tags: - - repo - diff --git a/.gitlab/bin/APKBUILD_SHIM b/.gitlab/bin/APKBUILD_SHIM deleted file mode 100755 index 76577ff..0000000 --- a/.gitlab/bin/APKBUILD_SHIM +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/sh - -set -e - -arch= -builddir= -checkdepends= -depends= -depends_dev= -depends_doc= -depends_libs= -depends_openrc= -depends_static= -install= -install_if= -langdir= -ldpath= -license= -makedepends= -makedepends_build= -makedepends_host= -md5sums= -options= -patch_args= -pkgbasedir= -pkgdesc= -pkgdir= -pkgname= -pkgrel= -pkgver= -pkggroups= -pkgusers= -provides= -provider_priority= -replaces= -sha256sums= -sha512sums= -sonameprefix= -source= -srcdir= -startdir= -subpackages= -subpkgdir= -subpkgname= -triggers= -url= - -# abuild.conf - -CFLAGS= -CXXFLAGS= -CPPFLAGS= -LDFLAGS= -JOBS= -MAKEFLAGS= -CMAKE_CROSSOPTS= - -. ./APKBUILD - -: "$arch" -: "$builddir" -: "$checkdepends" -: "$depends" -: "$depends_dev" -: "$depends_doc" -: "$depends_libs" -: "$depends_openrc" -: "$depends_static" -: "$install" -: "$install_if" -: "$langdir" -: "$ldpath" -: "$license" -: "$makedepends" -: "$makedepends_build" -: "$makedepends_host" -: "$md5sums" -: "$options" -: "$patch_args" -: "$pkgbasedir" -: "$pkgdesc" -: "$pkgdir" -: "$pkgname" -: "$pkgrel" -: "$pkgver" -: "$pkggroups" -: "$pkgusers" -: "$provides" -: "$provider_priority" -: "$replaces" -: "$sha256sums" -: "$sha512sums" -: "$sonameprefix" -: "$source" -: "$srcdir" -: "$startdir" -: "$subpackages" -: "$subpkgdir" -: "$subpkgname" -: "$triggers" -: "$url" - -# abuild.conf - -: "$CFLAGS" -: "$CXXFLAGS" -: "$CPPFLAGS" -: "$LDFLAGS" -: "$JOBS" -: "$MAKEFLAGS" -: "$CMAKE_CROSSOPTS" diff --git a/.gitlab/bin/apkbuild-shellcheck b/.gitlab/bin/apkbuild-shellcheck deleted file mode 100755 index 3126684..0000000 --- a/.gitlab/bin/apkbuild-shellcheck +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -shellcheck -s ash \ - -e SC3043 \ - -e SC3057 \ - -e SC3060 \ - -e SC2016 \ - -e SC2086 \ - -e SC2169 \ - -e SC2155 \ - -e SC2100 \ - -e SC2209 \ - -e SC2030 \ - -e SC2031 \ - -e SC1090 \ - -xa $CI_PROJECT_DIR/.gitlab/bin/APKBUILD_SHIM diff --git a/.gitlab/bin/build.sh b/.gitlab/bin/build.sh deleted file mode 100755 index 5905fbc..0000000 --- a/.gitlab/bin/build.sh +++ /dev/null @@ -1,270 +0,0 @@ -#!/bin/sh -# shellcheck disable=SC3043 - -. $CI_PROJECT_DIR/.gitlab/bin/functions.sh - -# shellcheck disable=SC3040 -set -eu -o pipefail - -readonly APORTSDIR=$CI_PROJECT_DIR -readonly REPOS="qubes/r4.1" -readonly ALPINE_REPOS="main community testing" -readonly ARCH=$(apk --print-arch) -# gitlab variables -readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME - -: "${REPODEST:=$HOME/packages}" -: "${MIRROR:=https://lab.ilot.io/ayakael/repo-apk/-/raw}" -: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}" -: "${MAX_ARTIFACT_SIZE:=300000000}" #300M -: "${CI_DEBUG_BUILD:=}" - -: "${CI_ALPINE_BUILD_OFFSET:=0}" -: "${CI_ALPINE_BUILD_LIMIT:=9999}" -: "${CI_ALPINE_TARGET_ARCH:=$(uname -m)}" - -msg() { - local color=${2:-green} - case "$color" in - red) color="31";; - green) color="32";; - yellow) color="33";; - blue) color="34";; - *) color="32";; - esac - printf "\033[1;%sm>>>\033[1;0m %s\n" "$color" "$1" | xargs >&2 -} - -verbose() { - echo "> " "$@" - # shellcheck disable=SC2068 - $@ -} - -debugging() { - [ -n "$CI_DEBUG_BUILD" ] -} - -debug() { - if debugging; then - verbose "$@" - fi -} - -die() { - msg "$1" red - exit 1 -} - -capture_stderr() { - "$@" 2>&1 -} - -report() { - report=$1 - - reportsdir=$APORTSDIR/logs/ - mkdir -p "$reportsdir" - - tee -a "$reportsdir/$report.log" -} - -get_release() { - local RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}') - case $RELEASE in - v*) echo "${RELEASE%-*}";; - edge) echo edge;; - *) die "Branch \"$RELEASE\" not supported!" - esac -} - -get_qubes_release() { - case $BASEBRANCH in - r*) echo $BASEBRANCH;; - master) echo r4.2;; - *) die "Branch \"$BASEBRANCH\" not supported!" - esac -} - -build_aport() { - local repo="$1" aport="$2" - cd "$APORTSDIR/$aport" - if abuild -r 2>&1 | report "build-$aport"; then - checkapk | report "checkapk-$aport" || true - aport_ok="$aport_ok $aport" - else - aport_ng="$aport_ng $aport" - fi -} - -check_aport() { - local repo="$1" aport="$2" - cd "$APORTSDIR/$aport" - if ! abuild check_arch 2>/dev/null; then - aport_na="$aport_na $aport" - return 1 - fi -} - -set_repositories_for() { - local target_repo="$1" repos='' repo='' - local release - - release=$(get_release) - repos="$MIRROR/$release/qubes/$target_repo $REPODEST/qubes-aports" - sudo sh -c "printf '%s\n' $repos >> /etc/apk/repositories" - sudo apk update || true -} - -apply_offset_limit() { - start=$1 - limit=$2 - end=$((start+limit)) - - sed -n "$((start+1)),${end}p" -} - -setup_system() { - local repos='' repo='' - local release - - release=$(get_release) - for repo in $ALPINE_REPOS; do - [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue - repos="$repos $ALPINE_MIRROR/$release/$repo" - done - repos="$repos $MIRROR/$release/cross" - sudo sh -c "printf '%s\n' $repos > /etc/apk/repositories" - sudo apk -U upgrade -a || sudo apk fix || die "Failed to up/downgrade system" - gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa - gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub - chmod 700 $HOME/.abuild/$ABUILD_KEY_NAME.rsa - echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" >> $HOME/.abuild/abuild.conf - sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/$ABUILD_KEY_NAME.rsa.pub - - sudo sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf - ( . /etc/abuild.conf && echo "Building with $JOBS jobs" ) - mkdir -p "$REPODEST" - git config --global init.defaultBranch master -} - -sysinfo() { - printf ">>> Host system information (arch: %s, release: %s) <<<\n" "$ARCH" "$(get_release)" - printf "- Number of Cores: %s\n" "$(nproc)" - printf "- Memory: %s Gb\n" "$(awk '/^MemTotal/ {print ($2/1024/1024)}' /proc/meminfo)" - printf "- Free space: %s\n" "$(df -hP / | awk '/\/$/ {print $4}')" -} - -copy_artifacts() { - cd "$APORTSDIR" - - packages_size="$(du -sk "$REPODEST" | awk '{print $1 * 1024}')" - if [ -z "$packages_size" ]; then - return - fi - - echo "Artifact size: $packages_size bytes" - - mkdir -p keys/ packages/ - - if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then - msg "Copying packages for artifact upload" - mkdir packages/$CI_ALPINE_TARGET_RELEASE - cp -ar "$REPODEST"/* packages/$CI_ALPINE_TARGET_RELEASE 2>/dev/null - cp ~/.abuild/*.rsa.pub keys/ - else - msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow - fi -} - -section_start setup "Setting up the system" collapse - -if debugging; then - set -x -fi - -aport_ok= -aport_na= -aport_ng= -failed= - -sysinfo || true -setup_system || die "Failed to setup system" - -# git no longer allows to execute in repositories owned by different users -sudo chown -R $USER: . - -fetch_flags="-qn" -debugging && fetch_flags="-v" - -git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ - "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" - -if debugging; then - merge_base=$(git merge-base "$BASEBRANCH" HEAD) || echo "Could not determine merge-base" - echo "Merge base: $merge_base" - git --version - git config -l - [ -n "$merge_base" ] && git tag -f merge-base "$merge_base" - git --no-pager log -200 --oneline --graph --decorate --all -fi - -section_end setup - -build_start=$CI_ALPINE_BUILD_OFFSET -build_limit=$CI_ALPINE_BUILD_LIMIT - -mkdir -p "$APORTSDIR"/logs "$APORTSDIR"/packages "$APORTSDIR"/keys -set_repositories_for $(get_qubes_release) -built_aports=0 -changed_aports_in_repo=$(changed_aports $BASEBRANCH) -changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l) -changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit") - -msg "Changed aports:" -# shellcheck disable=SC2086 # Splitting is expected here -printf " - %s\n" $changed_aports_to_build -for pkgname in $changed_aports_to_build; do - section_start "build_$pkgname" "Building package $pkgname" - built_aports=$((built_aports+1)) - if check_aport qubes-aports "$pkgname"; then - build_aport qubes-aports "$pkgname" - fi - section_end "build_$pkgname" -done - -build_start=$((build_start-(changed_aports_in_repo_count-built_aports))) -build_limit=$((build_limit-built_aports)) - -if [ $build_limit -le 0 ]; then - msg "Limit reached, breaking" - break -fi - -section_start artifacts "Handeling artifacts" collapse -copy_artifacts || true -section_end artifacts - -section_start summary "Build summary" - -echo "### Build summary ###" - -for ok in $aport_ok; do - msg "$ok: build succesfully" -done - -for na in $aport_na; do - msg "$na: disabled for $CI_ALPINE_TARGET_ARCH" yellow -done - -for ng in $aport_ng; do - msg "$ng: build failed" red - failed=true -done -section_end summary - -if [ "$failed" = true ]; then - exit 1 -elif [ -z "$aport_ok" ]; then - msg "No packages found to be built." yellow -fi diff --git a/.gitlab/bin/changed-aports b/.gitlab/bin/changed-aports deleted file mode 100755 index 4541230..0000000 --- a/.gitlab/bin/changed-aports +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh - -if [ $# -lt 1 ]; then - echo "Usage: $0 " - exit 1 -fi - -if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then - echo "Fatal: not inside a git repository" - exit 2 -fi - -basebranch=$1 - -if ! git rev-parse --verify --quiet $basebranch >/dev/null; then - # The base branch does not eixst, probably due to a shallow clone - git fetch -v $CI_MERGE_REQUEST_PROJECT_URL.git +refs/heads/$basebranch:refs/heads/$basebranch -fi - -git --no-pager diff --diff-filter=ACMR --name-only $basebranch...HEAD -- "*/APKBUILD" | xargs -r -n1 dirname diff --git a/.gitlab/bin/functions.sh b/.gitlab/bin/functions.sh deleted file mode 100755 index 3792bb7..0000000 --- a/.gitlab/bin/functions.sh +++ /dev/null @@ -1,63 +0,0 @@ -# shellcheck disable=SC3043 - -: - -# shellcheck disable=SC3040 -set -eu -o pipefail - -changed_aports() { - : "${APORTSDIR?APORTSDIR missing}" - : "${BASEBRANCH?BASEBRANCH missing}" - - cd "$APORTSDIR" - local repo="$1" - local aports - - aports=$(git diff --name-only --diff-filter=ACMR \ - "$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname) - - # shellcheck disable=2086 - ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename -} - -section_start() { - name=${1?arg 1 name missing} - header=${2?arg 2 header missing} - collapsed=$2 - timestamp=$(date +%s) - - options="" - case $collapsed in - yes|on|collapsed|true) options="[collapsed=true]";; - esac - - printf "\e[0Ksection_start:%d:%s%s\r\e[0K%s\n" "$timestamp" "$name" "$options" "$header" -} - -section_end() { - name=$1 - timestamp=$(date +%s) - - printf "\e[0Ksection_end:%d:%s\r\e[0K" "$timestamp" "$name" -} - -gitlab_key_to_rsa() { - KEY=$1 - TYPE=$2 - TGT=$3 - TGT_DIR=${TGT%/*} - if [ "$TGT" == "$TGT_DIR" ]; then - TGT_DIR="./" - fi - if [ ! -d "$TGT_DIR" ]; then - mkdir -p "$TGT_DIR" - fi - case $TYPE in - rsa-public) local type="PUBLIC";; - rsa-private) local type="RSA PRIVATE";; - esac - echo "-----BEGIN $type KEY-----" > "$TGT" - echo $1 | sed 's/.\{64\}/&\ -/g' >> "$TGT" - echo "-----END $type KEY-----" >> "$TGT" -} diff --git a/.gitlab/bin/lint b/.gitlab/bin/lint deleted file mode 100755 index c1edcfb..0000000 --- a/.gitlab/bin/lint +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/sh - -BLUE="\e[34m" -MAGENTA="\e[35m" -RESET="\e[0m" - -readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME - -verbose() { - echo "> " "$@" - # shellcheck disable=SC2068 - $@ -} - -debugging() { - [ -n "$CI_DEBUG_BUILD" ] -} - -debug() { - if debugging; then - verbose "$@" - fi -} - -# git no longer allows to execute in repositories owned by different users -sudo chown -R gitlab-runner: . - -fetch_flags="-qn" -debugging && fetch_flags="-v" - -git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ - "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" - -if debugging; then - merge_base=$(git merge-base "$BASEBRANCH" HEAD) - echo "$merge_base" - git --version - git config -l - git tag merge-base "$merge_base" || { echo "Could not determine merge-base"; exit 50; } - git log --oneline --graph --decorate --all -fi - -has_problems=0 - -for PKG in $(changed-aports "$BASEBRANCH"); do - printf "$BLUE==>$RESET Linting $PKG\n" - - ( - cd "$PKG" - - repo=$(basename $(dirname $PKG)); - - if [ "$repo" == "backports" ]; then - echo "Skipping $PKG as backports (we don't care)" - continue - fi - - printf "\n\n" - printf "$BLUE" - printf '======================================================\n' - printf " parse APKBUILD:\n" - printf '======================================================' - printf "$RESET\n\n" - ( . ./APKBUILD ) || has_problems=1 - - printf "\n\n" - printf "$BLUE" - printf '======================================================\n' - printf " abuild sanitycheck:\n" - printf '======================================================' - printf "$RESET\n\n" - abuild sanitycheck || has_problems=1 - - printf "\n\n" - printf "$BLUE" - printf '======================================================\n' - printf " apkbuild-shellcheck:\n" - printf '======================================================' - printf "$RESET\n" - apkbuild-shellcheck || has_problems=1 - - printf "\n\n" - printf "$BLUE" - printf '======================================================\n' - printf " apkbuild-lint:\n" - printf '======================================================' - printf "$RESET\n\n" - apkbuild-lint APKBUILD || has_problems=1 - - return $has_problems - ) || has_problems=1 - - echo -done - -exit $has_problems diff --git a/.gitlab/bin/push.sh b/.gitlab/bin/push.sh deleted file mode 100755 index 47185e7..0000000 --- a/.gitlab/bin/push.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh - -# shellcheck disable=SC3043 - -. $CI_PROJECT_DIR/.gitlab/bin/functions.sh - -# shellcheck disable=SC3040 -set -eu -o pipefail - -readonly APORTSDIR=$CI_PROJECT_DIR -readonly REPOS="backports user" -readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME - -export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" - -gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa -gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub -gitlab_key_to_rsa $SSH_KEY rsa-private $HOME/.ssh/id_rsa -chmod 700 "$HOME"/.ssh/id_rsa -chmod 700 "$HOME"/.abuild/$ABUILD_KEY_NAME.rsa - -echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" > $HOME/.abuild/abuild.conf -echo "REPODEST=$HOME/repo-apk/qubes" >> $HOME/.abuild/abuild.conf -sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/. - -get_qubes_release() { - case $BASEBRANCH in - r*) echo $BASEBRANCH;; - master) echo r4.2;; - *) die "Branch \"$BASEBRANCH\" not supported!" - esac -} - -QUBES_REL=$(get_qubes_release) - -for release in $(find packages -type d -maxdepth 1 -mindepth 1 -printf '%f\n'); do - - if [ -d $HOME/repo-apk ]; then - git -C $HOME/repo-apk fetch - git -C $HOME/repo-apk checkout $release - git -C $HOME/repo-apk pull --rebase - else - git clone forgejo@ayakael.net:forge/repo-apk.git -b $BASEBRANCH $HOME/repo-apk - fi - - git -C $HOME/repo-apk annex sync --content - - for i in $(find packages/$release -type f -name "*.apk"); do - install -vDm644 $i ${i/packages\/$release\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL} - done - - fetch_flags="-qn" - git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ - "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" - - rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true - mkdir -p qubes/$QUBES_REL/DUMMY - echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD - cd qubes/$QUBES_REL/DUMMY - abuild index - cd "$CI_PROJECT_DIR" - rm -R qubes/$QUBES_REL/DUMMY - - git -C $HOME/repo-apk add . - git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE" - git -C $HOME/repo-apk annex sync --content -done From 69eb028438116a8ebef682eb3124d6bfb45b8109 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 16 Aug 2024 01:16:26 -0400 Subject: [PATCH 094/184] forgejo-ci: initial --- .forgejo/bin/deploy.sh | 33 +++++++ .forgejo/patches/build.patch | 140 +++++++++++++++++++++++++++++ .forgejo/workflows/build-edge.yaml | 52 +++++++++++ .forgejo/workflows/lint.yaml | 21 +++++ 4 files changed, 246 insertions(+) create mode 100755 .forgejo/bin/deploy.sh create mode 100644 .forgejo/patches/build.patch create mode 100644 .forgejo/workflows/build-edge.yaml create mode 100644 .forgejo/workflows/lint.yaml diff --git a/.forgejo/bin/deploy.sh b/.forgejo/bin/deploy.sh new file mode 100755 index 0000000..05de4d6 --- /dev/null +++ b/.forgejo/bin/deploy.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +# shellcheck disable=SC3040 +set -eu -o pipefail + +readonly BASEBRANCH=$(grep PRETTY_NAME /etc/os-release | awk '{print $3}' | tr -d '"') +readonly TARGET_REPO=$CI_ALPINE_REPO + +get_qubes_release() { + case $GITHUB_BASE_REF in + r*) echo $GITHUB_BASE_REF;; + main) echo r4.3;; + esac +} + +readonly QUBES_REL=$(get_qubes_release) + +apkgs=$(find package -type f -name "*.apk") + +for apk in $apkgs; do + arch=$(echo $apk | awk -F '/' '{print $3}') + name=$(echo $apk | awk -F '/' '{print $4}') + + echo "Sending $name of arch $arch to $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL" + return=$(curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL 2>&1) + echo $return + if [ "$return" == "package file already exists" ]; then + echo "Package already exists, refreshing..." + curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN -X DELETE $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL/$arch/$name + curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL + fi +done + diff --git a/.forgejo/patches/build.patch b/.forgejo/patches/build.patch new file mode 100644 index 0000000..eb17134 --- /dev/null +++ b/.forgejo/patches/build.patch @@ -0,0 +1,140 @@ +diff --git a/usr/local/bin/build.sh.orig b/usr/local/bin/build.sh +old mode 100644 +new mode 100755 +index c3b8f7a..0b1c9a5 +--- a/usr/local/bin/build.sh.orig ++++ b/usr/local/bin/build.sh +@@ -7,13 +7,14 @@ + set -eu -o pipefail + + readonly APORTSDIR=$CI_PROJECT_DIR +-readonly REPOS="main community testing non-free" ++readonly REPOS="main community testing" + readonly ARCH=$(apk --print-arch) + # gitlab variables + readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME + + : "${REPODEST:=$HOME/packages}" +-: "${MIRROR:=https://dl-cdn.alpinelinux.org/alpine}" ++: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}" ++: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}" + : "${MAX_ARTIFACT_SIZE:=300000000}" #300M + : "${CI_DEBUG_BUILD:=}" + +@@ -67,13 +68,32 @@ report() { + } + + get_release() { ++ echo $(grep PRETTY_NAME /etc/os-release | awk '{print $3}' | tr -d '"') ++} ++ ++ ++get_qubes_release() { + case $BASEBRANCH in +- *-stable) echo v"${BASEBRANCH%-*}";; +- master) echo edge;; +- *) die "Branch \"$BASEBRANCH\" not supported!" ++ r*) echo $BASEBRANCH;; ++ main) echo r4.3;; + esac + } + ++changed_aports() { ++ : "${APORTSDIR?APORTSDIR missing}" ++ : "${BASEBRANCH?BASEBRANCH missing}" ++ ++ cd "$APORTSDIR" ++ local aports ++ ++ aports=$(git diff --name-only --diff-filter=ACMR \ ++ "$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname) ++ ++ # shellcheck disable=2086 ++ ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename ++} ++ ++ + build_aport() { + local repo="$1" aport="$2" + cd "$APORTSDIR/$repo/$aport" +@@ -99,13 +119,13 @@ set_repositories_for() { + local release + + release=$(get_release) +- for repo in $REPOS; do ++ for repo in qubes-$(get_qubes_release); do + [ "$repo" = "non-free" ] && continue +- [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue ++ [ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue + repos="$repos $MIRROR/$release/$repo $REPODEST/$repo" + [ "$repo" = "$target_repo" ] && break + done +- doas sh -c "printf '%s\n' $repos > /etc/apk/repositories" ++ doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories" + doas apk update + } + +@@ -118,7 +138,15 @@ apply_offset_limit() { + } + + setup_system() { +- doas sh -c "echo $MIRROR/$(get_release)/main > /etc/apk/repositories" ++ local repos='' repo='' ++ local release ++ ++ release=$(get_release) ++ for repo in $REPOS; do ++ [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue ++ repos="$repos $ALPINE_MIRROR/$release/$repo" ++ done ++ doas sh -c "printf '%s\n' $repos > /etc/apk/repositories" + doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system" + abuild-keygen -ain + doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf +@@ -192,32 +220,22 @@ section_end setup + build_start=$CI_ALPINE_BUILD_OFFSET + build_limit=$CI_ALPINE_BUILD_LIMIT + +-for repo in $(changed_repos); do +- set_repositories_for "$repo" +- built_aports=0 +- changed_aports_in_repo=$(changed_aports "$repo") +- changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l) +- changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit") ++set_repositories_for $(get_qubes_release) ++built_aports=0 ++changed_aports_in_repo=$(changed_aports $BASEBRANCH) ++changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l) ++changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit") + +- msg "Changed aports in $repo:" +- # shellcheck disable=SC2086 # Splitting is expected here +- printf " - %s\n" $changed_aports_to_build +- for pkgname in $changed_aports_to_build; do +- section_start "build_$pkgname" "Building package $pkgname" +- built_aports=$((built_aports+1)) +- if check_aport "$repo" "$pkgname"; then +- build_aport "$repo" "$pkgname" +- fi +- section_end "build_$pkgname" +- done +- +- build_start=$((build_start-(changed_aports_in_repo_count-built_aports))) +- build_limit=$((build_limit-built_aports)) +- +- if [ $build_limit -le 0 ]; then +- msg "Limit reached, breaking" +- break ++msg "Changed aports:" ++# shellcheck disable=SC2086 # Splitting is expected here ++printf " - %s\n" $changed_aports_to_build ++for pkgname in $changed_aports_to_build; do ++ section_start "build_$pkgname" "Building package $pkgname" ++ built_aports=$((built_aports+1)) ++ if check_aport . "$pkgname"; then ++ build_aport . "$pkgname" + fi ++ section_end "build_$pkgname" + done + + section_start artifacts "Handeling artifacts" collapse diff --git a/.forgejo/workflows/build-edge.yaml b/.forgejo/workflows/build-edge.yaml new file mode 100644 index 0000000..d077e49 --- /dev/null +++ b/.forgejo/workflows/build-edge.yaml @@ -0,0 +1,52 @@ +on: + pull_request: + types: [ assigned, opened, synchronize, reopened ] + +jobs: + build-edge: + runs-on: x86_64 + container: + image: alpinelinux/alpine-gitlab-ci:latest + env: + CI_PROJECT_DIR: ${{ github.workspace }} + CI_DEBUG_BUILD: ${{ runner.debug }} + CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }} + CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }} + steps: + - name: Environment setup + run: | + doas apk add nodejs git patch curl + cd /etc/apk/keys + doas curl -JO https://ayakael.net/api/packages/forge/alpine/key + - name: Repo pull + uses: actions/checkout@v4 + with: + fetch-depth: 500 + - name: Package build + run: | + doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch + build.sh + - name: Package upload + uses: forgejo/upload-artifact@v3 + with: + name: package + path: packages + + deploy-edge: + needs: [build-edge] + runs-on: x86_64 + container: + image: alpine:latest + env: + CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine' + FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }} + FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }} + steps: + - name: Setting up environment + run: apk add nodejs curl findutils git gawk + - name: Repo pull + uses: actions/checkout@v4 + - name: Package download + uses: forgejo/download-artifact@v3 + - name: Package deployment + run: ${{ github.workspace }}/.forgejo/bin/deploy.sh diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml new file mode 100644 index 0000000..3614deb --- /dev/null +++ b/.forgejo/workflows/lint.yaml @@ -0,0 +1,21 @@ +on: + pull_request: + types: [ assigned, opened, synchronize, reopened ] + +jobs: + lint: + run-name: lint + runs-on: x86_64 + container: + image: alpinelinux/apkbuild-lint-tools:latest + env: + CI_PROJECT_DIR: ${{ github.workspace }} + CI_DEBUG_BUILD: ${{ runner.debug }} + CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }} + CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }} + steps: + - run: doas apk add nodejs git + - uses: actions/checkout@v4 + with: + fetch-depth: 500 + - run: lint From 88c519bae45428557a9acd7c57bd31cfc9c4e7d0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 16 Aug 2024 01:16:52 -0400 Subject: [PATCH 095/184] qubes-input-proxy: bump --- qubes-input-proxy/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index d32f375..ead9d80 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-input-proxy pkgver=1.0.37 _gittag=v$pkgver -pkgrel=1 +pkgrel=2 pkgdesc="The Qubes service for proxying input devices" arch="x86_64" url="http://qubes-os.org/" From b117d950243885d03fcf3b07d9ccf646c349c21f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 16 Aug 2024 01:17:02 -0400 Subject: [PATCH 096/184] qubes-vm-utils: bump --- qubes-vm-utils/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 70bc8e2..b0e59e1 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -7,7 +7,7 @@ subpackages=" $pkgname-pyc " pkgver=4.3.3 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" From 6909ec2185cf91c9821acf7ac0c6482bd2107eb8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 16 Aug 2024 01:22:23 -0400 Subject: [PATCH 097/184] forgejo-ci: add multitarget build workflows --- .forgejo/bin/deploy.sh | 2 +- .forgejo/patches/build.patch | 2 +- .forgejo/workflows/build-edge.yaml | 2 ++ .forgejo/workflows/build-v3.19.yaml | 54 +++++++++++++++++++++++++++++ .forgejo/workflows/build-v3.20.yaml | 54 +++++++++++++++++++++++++++++ 5 files changed, 112 insertions(+), 2 deletions(-) create mode 100644 .forgejo/workflows/build-v3.19.yaml create mode 100644 .forgejo/workflows/build-v3.20.yaml diff --git a/.forgejo/bin/deploy.sh b/.forgejo/bin/deploy.sh index 05de4d6..a75d5e6 100755 --- a/.forgejo/bin/deploy.sh +++ b/.forgejo/bin/deploy.sh @@ -3,7 +3,7 @@ # shellcheck disable=SC3040 set -eu -o pipefail -readonly BASEBRANCH=$(grep PRETTY_NAME /etc/os-release | awk '{print $3}' | tr -d '"') +readonly BASEBRANCH=$CI_ALPINE_TARGET readonly TARGET_REPO=$CI_ALPINE_REPO get_qubes_release() { diff --git a/.forgejo/patches/build.patch b/.forgejo/patches/build.patch index eb17134..81015ef 100644 --- a/.forgejo/patches/build.patch +++ b/.forgejo/patches/build.patch @@ -25,7 +25,7 @@ index c3b8f7a..0b1c9a5 } get_release() { -+ echo $(grep PRETTY_NAME /etc/os-release | awk '{print $3}' | tr -d '"') ++ echo $CI_ALPINE_TARGET +} + + diff --git a/.forgejo/workflows/build-edge.yaml b/.forgejo/workflows/build-edge.yaml index d077e49..91f86a4 100644 --- a/.forgejo/workflows/build-edge.yaml +++ b/.forgejo/workflows/build-edge.yaml @@ -12,6 +12,7 @@ jobs: CI_DEBUG_BUILD: ${{ runner.debug }} CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }} CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }} + CI_ALPINE_TARGET: edge steps: - name: Environment setup run: | @@ -41,6 +42,7 @@ jobs: CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine' FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }} FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }} + CI_ALPINE_TARGET: edge steps: - name: Setting up environment run: apk add nodejs curl findutils git gawk diff --git a/.forgejo/workflows/build-v3.19.yaml b/.forgejo/workflows/build-v3.19.yaml new file mode 100644 index 0000000..2561981 --- /dev/null +++ b/.forgejo/workflows/build-v3.19.yaml @@ -0,0 +1,54 @@ +on: + pull_request: + types: [ assigned, opened, synchronize, reopened ] + +jobs: + build-v3.19: + runs-on: x86_64 + container: + image: alpinelinux/alpine-gitlab-ci:latest + env: + CI_PROJECT_DIR: ${{ github.workspace }} + CI_DEBUG_BUILD: ${{ runner.debug }} + CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }} + CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }} + CI_ALPINE_TARGET: v3.19 + steps: + - name: Environment setup + run: | + doas apk add nodejs git patch curl + cd /etc/apk/keys + doas curl -JO https://ayakael.net/api/packages/forge/alpine/key + - name: Repo pull + uses: actions/checkout@v4 + with: + fetch-depth: 500 + - name: Package build + run: | + doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch + build.sh + - name: Package upload + uses: forgejo/upload-artifact@v3 + with: + name: package + path: packages + + deploy-v3.19: + needs: [build-v3.19] + runs-on: x86_64 + container: + image: alpine:latest + env: + CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine' + CI_ALPINE_TARGET: v3.19 + FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }} + FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }} + steps: + - name: Setting up environment + run: apk add nodejs curl findutils git gawk + - name: Repo pull + uses: actions/checkout@v4 + - name: Package download + uses: forgejo/download-artifact@v3 + - name: Package deployment + run: ${{ github.workspace }}/.forgejo/bin/deploy.sh diff --git a/.forgejo/workflows/build-v3.20.yaml b/.forgejo/workflows/build-v3.20.yaml new file mode 100644 index 0000000..d693f55 --- /dev/null +++ b/.forgejo/workflows/build-v3.20.yaml @@ -0,0 +1,54 @@ +on: + pull_request: + types: [ assigned, opened, synchronize, reopened ] + +jobs: + build-v3.20: + runs-on: x86_64 + container: + image: alpinelinux/alpine-gitlab-ci:latest + env: + CI_PROJECT_DIR: ${{ github.workspace }} + CI_DEBUG_BUILD: ${{ runner.debug }} + CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }} + CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }} + CI_ALPINE_TARGET: v3.20 + steps: + - name: Environment setup + run: | + doas apk add nodejs git patch curl + cd /etc/apk/keys + doas curl -JO https://ayakael.net/api/packages/forge/alpine/key + - name: Repo pull + uses: actions/checkout@v4 + with: + fetch-depth: 500 + - name: Package build + run: | + doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch + build.sh + - name: Package upload + uses: forgejo/upload-artifact@v3 + with: + name: package + path: packages + + deploy-v3.20: + needs: [build-v3.20] + runs-on: x86_64 + container: + image: alpine:latest + env: + CI_ALPINE_TARGET: v3.20 + CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine' + FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }} + FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }} + steps: + - name: Setting up environment + run: apk add nodejs curl findutils git gawk + - name: Repo pull + uses: actions/checkout@v4 + - name: Package download + uses: forgejo/download-artifact@v3 + - name: Package deployment + run: ${{ github.workspace }}/.forgejo/bin/deploy.sh From a138662e442d741172d477ac2cf01df5efd2bd45 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 16 Aug 2024 08:04:36 -0400 Subject: [PATCH 098/184] qubes-vm-utils: bump --- qubes-vm-utils/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index b0e59e1..e5df3cd 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -7,7 +7,7 @@ subpackages=" $pkgname-pyc " pkgver=4.3.3 -pkgrel=1 +pkgrel=2 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" From 931be466e8f706ae14f3def051b0d513ec060cc1 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 16 Aug 2024 21:41:35 -0400 Subject: [PATCH 099/184] README: update --- README.md | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 7cfb296..5509b11 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -# qubes-aports -Upstream: https://lab.ilot.io/ayakael/qubes-aports +# qports +Upstream: https://ayakael.net/forge/qports ## Description @@ -13,7 +13,7 @@ experimental. Use this branch at your own risk. For latest r4.2 packages, navigate to that branch. #### Template builder -The template builder is housed in its [own repo](https://lab.ilot.io/ayakael/qubes-builder-alpine). +The template builder is housed in its [own repo](https://ayakael.net/forge/qubes-builder-alpine) RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate installation of your very own Alpine Linux template on QubesOS. @@ -41,8 +41,25 @@ Extra packages Omitted packages * qubes-vmm-xen - The default Alpine xen package seems to provide the necessary modules +## How to use + +Built packages are made available on a Forgejo-based Alpine repo for you convenience. You can follow these steps to use them: + +Add security key of the apk repository to your /etc/apk/keys: + +```shell +cd /etc/apk/keys +curl -JO https://ayakael.net/api/packages/forge/alpine/key +``` +Add repository to `/etc/apk/repositories`: + +```shell +echo "https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3" > /etc/apk/repositories +``` + + #### Known issues -Known issues are currently being tracked in [qubes-builder-alpine](https://lab.ilot.io/ayakael/qubes-builder-alpine) repo. +Known issues are currently being tracked in [qubes-builder-alpine](https://ayakael.net/forge/qubes-builder-alpine/issues) #### Issues, recommendations and proposals **To report an issue or share a recommendation** From 43a72bd0786b32f61c1700849b690790625c1c0f Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Oct 2024 11:49:19 -0400 Subject: [PATCH 100/184] qubes-input-proxy: upgrade to 1.0.38 --- qubes-input-proxy/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index ead9d80..72e883c 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-input-proxy -pkgver=1.0.37 +pkgver=1.0.38 _gittag=v$pkgver -pkgrel=2 +pkgrel=0 pkgdesc="The Qubes service for proxying input devices" arch="x86_64" url="http://qubes-os.org/" @@ -46,7 +46,7 @@ package() { install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender } sha512sums=" -0abe75960531c96f2760a462710de2d5e54d95792d719e42d7ae7e2a22b586e4573835584df74ba288e761ed64149f6a951c19301039cf3293621b4032085292 qubes-input-proxy-v1.0.37.tar.gz +bf4b44ee58347d78682a9b2c9eac10679a7ff17dfd56019a83b009b1165fd3833bc484df3cf9b13068b6754343c017f38a8d2ac2c06e1a0ee53646066daf658a qubes-input-proxy-v1.0.38.tar.gz 53f898f4d611e0a9be18127cff90ebc3946dc7e270548a84407067b02cb918546e8425c1722a60efb73b93af05c79889eaa16a4c7d596c948fdb9291d218c803 qubes-input-trigger_use-openrc.patch 21e7b95c94ec1a3f3499e79cf8b1931da2c3e33d8f1af2efe6b52b7e2678d4648bb0597b3a4a95cc10d0ca3cb83df93075b99cf1b615d8493a9e2fd21fb7f8f7 makefile_skip-systemd.patch 2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299 qubes-input-sender.openrc From 79be5d7efa43c9134f85558786483c092496b69e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Oct 2024 11:50:07 -0400 Subject: [PATCH 101/184] qubes-gpg-split: upgrade to 2.0.75 --- qubes-gpg-split/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index 96a7be1..8ab57fd 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-gpg-split subpackages="$pkgname-doc" -pkgver=2.0.71 +pkgver=2.0.75 _gittag="v$pkgver" pkgrel=0 pkgdesc="Used Qubes AppVM as a “smart card”" @@ -31,5 +31,5 @@ package() { make install-vm DESTDIR="$pkgdir" } sha512sums=" -fb0d2b48e0e742cfb25fd85728370eb3eb02071e94c737ac885919f79dc4e62901b3ce80e06a6233767b71826c967ab1de3ca700edc19a7276a456456deb8ecb qubes-gpg-split-v2.0.71.tar.gz +212b819c959d66c5b3e73d0c0765e348b97b278a3df45903fdeaab3de49f60c455044e664bd8a95393f5e800d75706fda4198a5ea36e9ab933250d606f8cabbd qubes-gpg-split-v2.0.75.tar.gz " From 5ebb82e9d3bbb793f09fb2efd61c3a0669a64697 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Oct 2024 11:49:19 -0400 Subject: [PATCH 102/184] qubes-input-proxy: fix url --- qubes-input-proxy/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index 72e883c..29ca603 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -6,7 +6,7 @@ _gittag=v$pkgver pkgrel=0 pkgdesc="The Qubes service for proxying input devices" arch="x86_64" -url="http://qubes-os.org/" +url="https://github.com/QubesOS/qubes-app-linux-input-proxy" license='GPL' depends=" usbutils From df786a029271374f8301f0feb9ddb58ec3c8a281 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Oct 2024 11:51:32 -0400 Subject: [PATCH 103/184] qubes-libvchan-xen: upgrade to 4.2.4 --- ...upport-changed-libxenctrl-api-xen418.patch | 59 ------------------- qubes-libvchan-xen/APKBUILD | 6 +- 2 files changed, 3 insertions(+), 62 deletions(-) delete mode 100644 qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch diff --git a/qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch b/qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch deleted file mode 100644 index f25fbff..0000000 --- a/qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 8c4c3807119f27957e6c7f87d505d66d0ea4c3d0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= - -Date: Sat, 18 Nov 2023 18:27:28 +0100 -Subject: [PATCH] Support changed libxenctrl API in Xen 4.18.0 - -The xc_domain_getinfo() is gone, it's replaced with -xc_domain_getinfo_single. While the new API is a bit nicer, xenctrl.h -does not provide any #define to know which one is available. Check -library version in the makefile for that. ---- - vchan/Makefile.linux | 4 ++++ - vchan/io.c | 10 ++++++++++ - 2 files changed, 14 insertions(+) - -diff --git a/vchan/Makefile.linux b/vchan/Makefile.linux -index 281f2b5..587cb34 100644 ---- a/vchan/Makefile.linux -+++ b/vchan/Makefile.linux -@@ -27,6 +27,10 @@ CFLAGS += -g -Wall -Wextra -Werror -fPIC -O2 -D_GNU_SOURCE -MD -MP -MF $@.dep - all: libvchan-xen.so vchan-xen.pc - -include *.dep - -+# xenctrl.h does not provide any #define to distinguish API versions -+XENCTRL_VERSION := $(shell pkg-config --modversion xencontrol) -+CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \ -+ sort -CV; then echo -DHAVE_XC_DOMAIN_GETINFO_SINGLE; fi) - SO_VER = 1 - - libvchan-xen.so.$(SO_VER): init.o io.o -diff --git a/vchan/io.c b/vchan/io.c -index 3d0ed35..0c23223 100644 ---- a/vchan/io.c -+++ b/vchan/io.c -@@ -33,14 +33,24 @@ - /* check if domain is still alive */ - int libvchan__check_domain_alive(xc_interface *xc_handle, int dom) { - struct evtchn_status evst; -+#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE -+ xc_domaininfo_t dominfo; -+#else - xc_dominfo_t dominfo; -+#endif - int ret; - - /* first try using domctl, more reliable but available in a privileged - * domain only */ -+#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE -+ ret = xc_domain_getinfo_single(xc_handle, dom, &dominfo); -+ if (ret == 0) -+ return !(dominfo.flags & XEN_DOMINF_dying); -+#else - ret = xc_domain_getinfo(xc_handle, dom, 1, &dominfo); - if (ret == 1) - return dominfo.domid == (uint32_t)dom && !dominfo.dying; -+#endif - else if (ret == -1 && errno == ESRCH) - return 0; - /* otherwise fallback to xc_evtchn_status method */ diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index 977ebaa..2ede6bc 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-libvchan-xen -pkgver=4.2.3 -pkgrel=2 +pkgver=4.2.4 +pkgrel=0 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" @@ -25,5 +25,5 @@ package() { } sha512sums=" -cbdeb025a7bd0c837cb079708b4cfc3b1eda10482999b1eeda33a1cfa2869a4a629d99dd556f9a8b9d83f4b5df9d686b8c524d2093a3bafac35df2192bf2983d qubes-libvchan-xen-v4.2.3.tar.gz +05b0d8964da1ba321aa7a7651f969692c470b8f9910f7324f10a54b0c6e43ae3270a26a6a49a0e26d5c50b14370b64fbfb340fe28b8f191a0a67c07aba0426c3 qubes-libvchan-xen-v4.2.4.tar.gz " From c7d021b224b1cc037e4de407c0585d4680712a15 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Oct 2024 11:52:32 -0400 Subject: [PATCH 104/184] qubes-usb-proxy: upgrade to 1.3.2 --- qubes-usb-proxy/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index bd6f246..4dacfe2 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-usb-proxy -pkgver=1.3.0 +pkgver=1.3.2 _gittag="v$pkgver" -pkgrel=2 +pkgrel=0 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" @@ -37,6 +37,6 @@ package() { echo "vhci-hcd" > "$pkgdir"/etc/modules-load.d/qubes-usb-proxy.conf } sha512sums=" -822718decff8d2d15e56208b51603d3104cacb42981576985c2955e2bb73a66119397359314ebb6e6b52e3985b4d797e02b1074faf40aa6ca9cce067c753d830 qubes-usb-proxy-v1.3.0.tar.gz +36d34af695b3d765c24e4bd9abe2ec0fad82adaf8618db642dd44b2d7b5fda9faf1d92eaba7815fd1c276551278cd8f40b1c1be066fee2cc06a738ef92b40ae0 qubes-usb-proxy-v1.3.2.tar.gz c6519982f7eef8586ee823dc96efa7b1b90f489114edcc348bc5221837090d19a2a3533eac83e3269ba68c2cf24447c018e0ac850ed1423a1280ebae364223fa usb-import-alpine-udevadm.patch " From 907e65b867753bbf22752a8048cc31956883e322 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Oct 2024 11:53:31 -0400 Subject: [PATCH 105/184] qubes-vm-core: upgrade to 4.3.7 --- qubes-vm-core/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index c04a910..d4e7589 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -8,8 +8,8 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.3.4 -pkgrel=2 +pkgver=4.3.7 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -167,7 +167,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib } sha512sums=" -2fa1274cf52d3a81308685dd2522e3787b97bf74135a2333a2271882b498ac600e3f862d6f07dec387864407951423913114a1c7c10ef0d51bb96c23c5dc2cf7 qubes-vm-core-v4.3.4.tar.gz +4fd7d72a7500a4b97db194a272bf27aa87a475e65b14e8509e651e70da01509fa0dc946d34e5d6c49187e9bb7df79e4f5fbdc76ce4d23b5d172cc489c7fc1c41 qubes-vm-core-v4.3.7.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From 64d500c042dc55159b770f4b45fbc8bdc782f9f6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Oct 2024 11:56:54 -0400 Subject: [PATCH 106/184] qubes-vm-utils: upgrade to 4.3.4 --- qubes-vm-utils/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index e5df3cd..843fbbc 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -6,8 +6,8 @@ subpackages=" $pkgname-openrc $pkgname-pyc " -pkgver=4.3.3 -pkgrel=2 +pkgver=4.3.4 +pkgrel=0 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" @@ -59,6 +59,6 @@ support() { install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh } sha512sums=" -95da1f511bb30bca2f895111d91f901a8d17077ea5bf6a363891557e24f3a7bc40b2450eae476932b2450749ff8a94dd78c7590bef428c7ba2d647ebbcf5a86b qubes-vm-utils-v4.3.3.tar.gz +6acdc385be834cd3db0c13f5a1e81ae148a0602eb65d5fabd1a3c1740fa213a76ec4b95fac33754adc8455f16dd5e342a3379662d53999a3c03c3f8946051c7d qubes-vm-utils-v4.3.4.tar.gz aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3 qubes-meminfo-writer.openrc " From 573c747ff97fc92db3364d62f6f9a64148ee0d2b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Oct 2024 11:54:35 -0400 Subject: [PATCH 107/184] qubes-vm-gui-dev: upgrade to 4.2.5 --- qubes-vm-gui-dev/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-gui-dev/APKBUILD b/qubes-vm-gui-dev/APKBUILD index ec408aa..acc6b53 100644 --- a/qubes-vm-gui-dev/APKBUILD +++ b/qubes-vm-gui-dev/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-gui-dev -pkgver=4.2.4 +pkgver=4.2.5 _gittag="v$pkgver" -pkgrel=4 +pkgrel=0 pkgdesc="Common files for Qubes GUI - protocol headers." arch="noarch" url="https://github.com/QubesOS/qubes-gui-common" @@ -18,5 +18,5 @@ package() { cp include/*.h $pkgdir/usr/include/ } sha512sums=" -be9d71abc991d6d2dabaf17f647a5cf2a73b947f15fc36117e309d493f4f6a7e151d9ab6f6df8bd99ac33ea873413a47f72aeb98bf6b7b4ed2a217c8fbd0bd51 qubes-vm-gui-dev-v4.2.4.tar.gz +12bdf5c2dfcc594b034f5dd94a4fa398ef51a42e8bf425386ff34af63510b749fb0aaa6966f569cc16205efbb310076bd370ceefcd1d254fa5d2e8599554a64d qubes-vm-gui-dev-v4.2.5.tar.gz " From 2cdae9bc599ab51a348019f3730c666a644be6e4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Oct 2024 11:54:52 -0400 Subject: [PATCH 108/184] qubes-vm-gui: upgrade to 4.2.18 --- qubes-vm-gui/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 2416454..150e5da 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -5,7 +5,7 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.2.16 +pkgver=4.2.18 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" @@ -116,7 +116,7 @@ pipewire() { } sha512sums=" -38e63b09f62b07785c199d71959d8c7387b75509b9b234cae1325f700509f8f2afcc1acaf8766c22768acb4508cbb8fed80da04c974eeafd9f1099e5a37893f2 qubes-vm-gui-v4.2.16.tar.gz +44943e431530a28f2b6fa892278ba34efbf925e2fb2720dd66dbcb293ceab0ebe59f269716e59e4cec82fc865226565fee70f3b016a1cd1396703e1d81314d4c qubes-vm-gui-v4.2.18.tar.gz f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc From 8109344b8e3b86f39c2cd528695b4f6358a651d5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Oct 2024 11:55:51 -0400 Subject: [PATCH 109/184] qubes-vm-qrexec: upgrade to 4.3.0 --- qubes-vm-qrexec/APKBUILD | 6 +++--- qubes-vm-qrexec/makefile-remove-cc-cflags.patch | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 0f50046..4152cbf 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" -pkgver=4.2.21 +pkgver=4.3.0 _gittag="v$pkgver" pkgrel=0 pkgdesc="The Qubes qrexec files (qube side)" @@ -52,8 +52,8 @@ package() { install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent } sha512sums=" -756d349e9322da6fd96e737c3f4430b503abba90ac0a6ca6b9b92cbce656f4e714c4e39aff7b9cfc302629ff15011e5ca7d8e273840b314b78d1f5823ff00c6c qubes-vm-qrexec-v4.2.21.tar.gz +e872f64702fd2e990d1d71836207c8ccfec98ae45b3af9537036248ba43c435f1bf77c369f8c7e613f74f17cca49a3a0b6c27db2c5cf6ead6f9a8337bda17e79 qubes-vm-qrexec-v4.3.0.tar.gz e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc -3cbe66c8251d0cbe078d78ac9a2aef2d6c095c4f514ff0aab69dd724dee7488cf84dff4af2210d8a2298a052db49e85b0e38ac45456a8aa9bd1e4a7de0311b69 makefile-remove-cc-cflags.patch +c3009ddb97656be7d0a78910217c852f0f9b20cd37b4537d99724e629bc87f1c675ada084eba3c641c4ae54dab8aacd87514d73de72f42d6ccc976e6255212bc makefile-remove-cc-cflags.patch 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch " diff --git a/qubes-vm-qrexec/makefile-remove-cc-cflags.patch b/qubes-vm-qrexec/makefile-remove-cc-cflags.patch index 9c1ee70..b126ee3 100644 --- a/qubes-vm-qrexec/makefile-remove-cc-cflags.patch +++ b/qubes-vm-qrexec/makefile-remove-cc-cflags.patch @@ -2,10 +2,11 @@ diff --git a/Makefile.orig b/Makefile index ade10bf..7de05a4 100644 --- a/Makefile.orig +++ b/Makefile -@@ -1,6 +1,4 @@ +@@ -1,6 +1,5 @@ MAKEFLAGS=-r -CC ?= gcc -CFLAGS += -Werror=strict-prototypes -Werror=old-style-definition -Werror=missing-declarations -Werror=missing-prototypes ++CFLAGS += -Wno-incompatible-pointer-types -Wno-int-conversion -Wno-implicit-function-declaration PYTHON ?= python3 export PYTHON CC MAKEFLAGS CFLAGS From a0e397c9180334654ea2307bf5fbfba846576669 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 16 Oct 2024 19:36:49 -0400 Subject: [PATCH 110/184] *: /usr merge --- qubes-db-vm/APKBUILD | 6 +++--- qubes-db-vm/qubes-db.openrc | 2 +- qubes-vm-core/APKBUILD | 16 ++++++++-------- qubes-vm-core/qubes-firewall.openrc | 2 +- qubes-vm-gui/APKBUILD | 6 +++--- qubes-vm-qrexec/APKBUILD | 6 +++--- qubes-vm-utils/APKBUILD | 6 +++--- qubes-vm-utils/qubes-meminfo-writer.openrc | 2 +- 8 files changed, 23 insertions(+), 23 deletions(-) diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index 8541e2a..bf20d45 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-db-vm subpackages="$pkgname-openrc" pkgver=4.2.6 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." arch="x86_64" @@ -39,12 +39,12 @@ build() { package() { # Install all with python bindings - make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/sbin + make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/usr/sbin install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db } sha512sums=" 182ae7edb7235a21c45334d8d7aa20a7a9f63056d411fe66fe20d67ea0de7cf63d2a79886016561f69c5f444704f3728ee7b1aa6343f5ce15667ba458c08c9c7 qubes-db-vm-v4.2.6.tar.gz af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207 0001-musl-build.patch 892eb29b9bab4d9e662678d13a5607df04cdb024c2f28332f40fa4b7c644476a4b26a9fc038dfcdac1e0b8d328165d21d50d894d2c1e27f792287dd57449e7eb 0001-create_pidfile.patch -3d87f82d3637cf10bf1a3058ebbd2590ab17f65d1b49058f62d892f126635497abd5045f6797bc8069e5de08bb6e08fc6146deb6422090ad02122764cc6d72f0 qubes-db.openrc +6f48b4bee6a3517bdbb884bd6f7e21916e8438c5e8b8d9d1b1cfffe970c4549d941056f9022998ed7f9edb799d9b123564f01e69cdca7da241d0fb6a8e9a1c5e qubes-db.openrc " diff --git a/qubes-db-vm/qubes-db.openrc b/qubes-db-vm/qubes-db.openrc index 0d6bf0c..eac5e5e 100644 --- a/qubes-db-vm/qubes-db.openrc +++ b/qubes-db-vm/qubes-db.openrc @@ -2,7 +2,7 @@ name=$RC_SVCNAME cfgfile="/etc/qubes/$RC_SVCNAME.conf" -command="/sbin/qubesdb-daemon" +command="/usr/sbin/qubesdb-daemon" command_args="0" command_user="root" pidfile="/run/qubes/$RC_SVCNAME.pid" diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index d4e7589..90bce1d 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,7 +9,7 @@ subpackages=" $pkgname-pyc " pkgver=4.3.7 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -107,9 +107,9 @@ build() { # * core systemd services and drop-ins # * basic network functionality (setting IP address, DNS, default gateway) package() { - make install-corevm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib - make -C app-menu install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib - make -C misc install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib + make DESTDIR="$pkgdir" SYSTEM_DROPIN_DIR=/usr/lib/systemd SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install-corevm + make -C app-menu DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install + make -C misc DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install make -C qubes-rpc DESTDIR="$pkgdir" install make -C qubes-rpc/kde DESTDIR="$pkgdir" install make -C qubes-rpc/nautilus DESTDIR="$pkgdir" install @@ -156,22 +156,22 @@ networking() { tinyproxy " cd "$builddir" - install -dm 755 "$subpkgdir"/usr/bin + install -dm 755 "$subpkgdir"/usr/bin "$subpkgdir"/usr/lib/systemd/system mv "$pkgdir"/usr/bin/qubes-firewall "$subpkgdir"/usr/bin/. - make install-netvm DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib + make install-netvm DESTDIR="$subpkgdir" SYSTEM_DROPIN_DIR=/usr/lib/systemd SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib } root() { cd "$builddir" pkgdesc="Qubes OS Passwordless root access from normal user" - make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib + make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib } sha512sums=" 4fd7d72a7500a4b97db194a272bf27aa87a475e65b14e8509e651e70da01509fa0dc946d34e5d6c49187e9bb7df79e4f5fbdc76ce4d23b5d172cc489c7fc1c41 qubes-vm-core-v4.3.7.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc -8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0 qubes-firewall.openrc +164159a80d00c160e74a0ebf4695c047ca7720821e4a9c395405cd96f680b6765e9c4cf426aea94fcb26e08274ec2b42adf45ecc12d26cf683ab3bd0c01afed9 qubes-firewall.openrc 437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f qubes-iptables.openrc e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30 qubes-sysinit.openrc 99ec0afc167866727072606aa183f0c7a539e68e0d8b9a57f6b9c129d3722c9135e1487eef438807d7138af0e669fb14608cbc1f1d5620ee9e995f294a8929f8 qubes-updates-proxy-forwarder.openrc diff --git a/qubes-vm-core/qubes-firewall.openrc b/qubes-vm-core/qubes-firewall.openrc index 6cc4b38..93828a1 100755 --- a/qubes-vm-core/qubes-firewall.openrc +++ b/qubes-vm-core/qubes-firewall.openrc @@ -16,7 +16,7 @@ depend() { } start_pre() { - /sbin/ethtool -K "$(get_qubes_managed_iface)" sg off + /usr/sbin/ethtool -K "$(get_qubes_managed_iface)" sg off checkpath --directory --owner $command_user:qubes --mode 0775 \ /run/$RC_SVCNAME /var/log/qubes } diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 150e5da..fc37599 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -6,7 +6,7 @@ subpackages=" qubes-vm-pipewire $pkgname-openrc" pkgver=4.2.18 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" @@ -79,7 +79,7 @@ build() { } package() { - make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib + make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/usr/lib install -Dm 755 "$srcdir"/qubes-gui-agent.openrc "$pkgdir"/etc/init.d/qubes-gui-agent # Starts qubes-session after X11 start @@ -100,7 +100,7 @@ pulseaudio() { local pa_ver=$(pkg-config --modversion libpulse 2>/dev/null | cut -f 1 -d "-") cd "$builddir" - make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib + make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/usr/lib } pipewire() { diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 4152cbf..3f3f959 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" pkgver=4.3.0 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" @@ -47,8 +47,8 @@ build() { } package() { - make install-base DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib - make install-vm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib + make install-base DESTDIR="$pkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib + make install-vm DESTDIR="$pkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent } sha512sums=" diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 843fbbc..5df9eaa 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -7,7 +7,7 @@ subpackages=" $pkgname-pyc " pkgver=4.3.4 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" @@ -40,7 +40,7 @@ build() { } package() { - make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/lib SBINDIR=/sbin + make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SBINDIR=/usr/sbin install -Dm 755 "$srcdir"/qubes-meminfo-writer.openrc "$pkgdir"/etc/init.d/qubes-meminfo-writer } @@ -60,5 +60,5 @@ support() { } sha512sums=" 6acdc385be834cd3db0c13f5a1e81ae148a0602eb65d5fabd1a3c1740fa213a76ec4b95fac33754adc8455f16dd5e342a3379662d53999a3c03c3f8946051c7d qubes-vm-utils-v4.3.4.tar.gz -aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3 qubes-meminfo-writer.openrc +c29bac0c6b9a0c81ee42e88541d9216549276448a02c3005ea20d85c7eda483cee28bbc159098bd42badc7ed80058734311931ee4ef13e170e49f83cf3f5a9ae qubes-meminfo-writer.openrc " diff --git a/qubes-vm-utils/qubes-meminfo-writer.openrc b/qubes-vm-utils/qubes-meminfo-writer.openrc index 9e8acdc..eae50a0 100644 --- a/qubes-vm-utils/qubes-meminfo-writer.openrc +++ b/qubes-vm-utils/qubes-meminfo-writer.openrc @@ -3,7 +3,7 @@ name=$RC_SVCNAME cfgfile="/etc/qubes/$RC_SVCNAME.conf" pidfile="/var/run/meminfo-writer.pid" -command="/sbin/meminfo-writer" +command="/usr/sbin/meminfo-writer" command_args="30000 100000 $pidfile" command_user="root" start_stop_daemon_args="" From 4953c4c159920394cc3c3a06b7fdce598a0d7321 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 31 Oct 2024 15:32:52 -0400 Subject: [PATCH 111/184] forgego: add package version checks --- .forgejo/bin/check_ver.sh | 35 +++++++ .forgejo/bin/create_issue.sh | 165 ++++++++++++++++++++++++++++++ .forgejo/workflows/check-r4.2.yml | 28 +++++ .forgejo/workflows/check-r4.3.yml | 28 +++++ 4 files changed, 256 insertions(+) create mode 100755 .forgejo/bin/check_ver.sh create mode 100755 .forgejo/bin/create_issue.sh create mode 100644 .forgejo/workflows/check-r4.2.yml create mode 100644 .forgejo/workflows/check-r4.3.yml diff --git a/.forgejo/bin/check_ver.sh b/.forgejo/bin/check_ver.sh new file mode 100755 index 0000000..799c44f --- /dev/null +++ b/.forgejo/bin/check_ver.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +# expects the following env variables: +# downstream: downstream repo + +repo=${downstream/*\/} + +curl --silent $downstream/x86_64/APKINDEX.tar.gz | tar -O -zx APKINDEX > APKINDEX + +owned_by_you=$(awk -v RS= -v ORS="\n\n" '/m:Antoine Martin \(ayakael\) /' APKINDEX | awk -F ':' '{if($1=="o"){print $2}}' | sort | uniq) + +echo "Found $(printf '%s\n' $owned_by_you | wc -l ) packages owned by you" + +rm -f out_of_date not_in_anitya + +for pkg in $owned_by_you; do + if $CHECK_LATEST; then + upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].version') + else + upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_version') + fi + downstream_version=$(sed -n "/^P:$pkg$/,/^$/p" APKINDEX | awk -F ':' '{if($1=="V"){print $2}}' | sort -V | tail -n 1) + downstream_version=${downstream_version/-*} + + if [ -z "$upstream_version" ]; then + echo "$pkg not in anitya" + echo "$pkg" >> not_in_anitya + elif [ "$downstream_version" != "$(printf '%s\n' $upstream_version $downstream_version | sort -V | head -n 1)" ]; then + echo "$pkg higher downstream" + continue + elif [ "$upstream_version" != "$downstream_version" ]; then + echo "$pkg upstream version $upstream_version does not match downstream version $downstream_version" + echo "$pkg $downstream_version $upstream_version $repo" >> out_of_date + fi +done diff --git a/.forgejo/bin/create_issue.sh b/.forgejo/bin/create_issue.sh new file mode 100755 index 0000000..d162758 --- /dev/null +++ b/.forgejo/bin/create_issue.sh @@ -0,0 +1,165 @@ +#!/bin/bash + +# expects: +# env variable FORGEJO_TOKEN +# file out_of_date + +IFS=' +' +repo=${downstream/*\/} + +does_it_exist() { + name=$1 + downstream_version=$2 + upstream_version=$3 + repo=$4 + + query="$repo/$name: upgrade to $upstream_version" + query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )" + + result="$(curl --silent -X 'GET' \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ + -H 'accept: application/json' \ + -H "authorization: Basic $FORGEJO_TOKEN" + )" + + if [ "$result" == "[]" ]; then + return 1 + fi +} + +is_it_old() { + name=$1 + downstream_version=$2 + upstream_version=$3 + repo=$4 + + query="$repo/$name: upgrade to" + query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )" + + result="$(curl --silent -X 'GET' \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ + -H 'accept: application/json' \ + -H "authorization: Basic $FORGEJO_TOKEN" + )" + + result_title="$(echo $result | jq -r '.[].title' )" + result_id="$(echo $result | jq -r '.[].number' )" + result_upstream_version="$(echo $result_title | awk '{print $4}')" + + if [ "$upstream_version" != "$result_upstream_version" ]; then + echo $result_id + else + echo 0 + fi +} + +update_title() { + name=$1 + downstream_version=$2 + upstream_version=$3 + repo=$4 + id=$5 + + result=$(curl --silent -X 'PATCH' \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$id" \ + -H 'accept: application/json' \ + -H "authorization: Basic $FORGEJO_TOKEN" \ + -H 'Content-Type: application/json' \ + -d "{ + \"title\": \"$repo/$name: upgrade to $upstream_version\" + }" + ) + + return 0 +} + +create_issue() { + name=$1 + downstream_version=$2 + upstream_version=$3 + repo=$4 + + result=$(curl --silent -X 'POST' \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \ + -H 'accept: application/json' \ + -H "authorization: Basic $FORGEJO_TOKEN" \ + -H 'Content-Type: application/json' \ + -d "{ + \"title\": \"$repo/$name: upgrade to $upstream_version\", + \"labels\": [ + $LABEL_NUMBER + ] + }") + + return 0 +} + +if [ -f out_of_date ]; then + out_of_date="$(cat out_of_date)" + + echo "Detected $(wc -l out_of_date) out-of-date packages, creating issues" + + for pkg in $out_of_date; do + name="$(echo $pkg | awk '{print $1}')" + downstream_version="$(echo $pkg | awk '{print $2}')" + upstream_version="$(echo $pkg | awk '{print $3}')" + repo="$(echo $pkg | awk '{print $4}')" + + if does_it_exist $name $downstream_version $upstream_version $repo; then + echo "Issue for $repo/$name already exists" + continue + fi + + id=$(is_it_old $name $downstream_version $upstream_version $repo) + + if [ "$id" != "0" ] && [ -n "$id" ]; then + echo "Issue for $repo/$name needs updating" + update_title $name $downstream_version $upstream_version $repo $id + continue + fi + + echo "Creating issue for $repo/$name" + create_issue $name $downstream_version $upstream_version $repo + done +fi + +if [ -f not_in_anitya ]; then + query="Add missing $repo packages to anitya" + query="$(echo $query | sed 's| |%20|g')" + + result="$(curl --silent -X 'GET' \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ + -H 'accept: application/json' \ + -H "authorization: Basic $FORGEJO_TOKEN" + )" + + if [ "$result" == "[]" ]; then + echo "Creating anitya issue" + result=$(curl --silent -X 'POST' \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \ + -H 'accept: application/json' \ + -H "authorization: Basic $FORGEJO_TOKEN" \ + -H 'Content-Type: application/json' \ + -d "{ + \"title\": \"Add missing $repo packages to anitya\", + \"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\", + \"labels\": [ + $LABEL_NUMBER + ] + }") + + else + echo "Updating anitya issue" + result_id="$(echo $result | jq -r '.[].number' )" + result=$(curl --silent -X 'PATCH' \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$result_id" \ + -H 'accept: application/json' \ + -H "authorization: Basic $FORGEJO_TOKEN" \ + -H 'Content-Type: application/json' \ + -d "{ + \"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\" + }" + ) + fi +fi diff --git a/.forgejo/workflows/check-r4.2.yml b/.forgejo/workflows/check-r4.2.yml new file mode 100644 index 0000000..6124fd3 --- /dev/null +++ b/.forgejo/workflows/check-r4.2.yml @@ -0,0 +1,28 @@ +on: + workflow_dispatch: + + schedule: + - cron: '0 5 * * *' + +jobs: + check-r4.2: + name: Check user repo + runs-on: x86_64 + container: + image: alpine:latest + env: + downstream: https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.2 + FORGEJO_TOKEN: ${{ secrets.forgejo_token }} + LABEL_NUMBER: 9 + CHECK_LATEST: 0 + steps: + - name: Environment setup + run: apk add grep coreutils gawk curl wget bash nodejs git jq sed + - name: Get scripts + uses: actions/checkout@v4 + with: + fetch-depth: 1 + - name: Check out-of-date packages + run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh + - name: Create issues + run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh diff --git a/.forgejo/workflows/check-r4.3.yml b/.forgejo/workflows/check-r4.3.yml new file mode 100644 index 0000000..01f7e77 --- /dev/null +++ b/.forgejo/workflows/check-r4.3.yml @@ -0,0 +1,28 @@ +on: + workflow_dispatch: + + schedule: + - cron: '0 5 * * *' + +jobs: + check-r4.3: + name: Check user repo + runs-on: x86_64 + container: + image: alpine:latest + env: + downstream: https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3 + FORGEJO_TOKEN: ${{ secrets.forgejo_token }} + LABEL_NUMBER: 9 + CHECK_LATEST: 1 + steps: + - name: Environment setup + run: apk add grep coreutils gawk curl wget bash nodejs git jq sed + - name: Get scripts + uses: actions/checkout@v4 + with: + fetch-depth: 1 + - name: Check out-of-date packages + run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh + - name: Create issues + run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh From 637a92578afc46570c77706d6dd9cd4f797dc2bb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 31 Oct 2024 15:45:21 -0400 Subject: [PATCH 112/184] forcejo: fix bad if statement --- .forgejo/bin/check_ver.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/bin/check_ver.sh b/.forgejo/bin/check_ver.sh index 799c44f..1b2d471 100755 --- a/.forgejo/bin/check_ver.sh +++ b/.forgejo/bin/check_ver.sh @@ -14,7 +14,7 @@ echo "Found $(printf '%s\n' $owned_by_you | wc -l ) packages owned by you" rm -f out_of_date not_in_anitya for pkg in $owned_by_you; do - if $CHECK_LATEST; then + if [ $CHECK_LATEST -eq 1 ]; then upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].version') else upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_version') From 7779c42918384d5ad720b821e6bc1fdb51d787c8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 31 Oct 2024 15:54:29 -0400 Subject: [PATCH 113/184] qubes-vm-core: upgrade to 4.3.0 --- qubes-vm-core/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 90bce1d..6ae7a3a 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -8,8 +8,8 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.3.7 -pkgrel=1 +pkgver=4.3.10 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -167,7 +167,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib } sha512sums=" -4fd7d72a7500a4b97db194a272bf27aa87a475e65b14e8509e651e70da01509fa0dc946d34e5d6c49187e9bb7df79e4f5fbdc76ce4d23b5d172cc489c7fc1c41 qubes-vm-core-v4.3.7.tar.gz +d4b7a0defbb1b5c85a950fd823eba8e068b68b952a1c2aca34b794393d731d742c06ffa90479ecc0a792ef16bb30e7671011964de978f9f712de6eee39d57d11 qubes-vm-core-v4.3.10.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From 1c13a950c287f57326cb0ff51ccd67f8faec0846 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 31 Oct 2024 15:58:53 -0400 Subject: [PATCH 114/184] qubes-libvchan-xen: rebuild against xen 4.19 --- qubes-libvchan-xen/APKBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index 2ede6bc..8a76bce 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-libvchan-xen pkgver=4.2.4 -pkgrel=0 +pkgrel=1 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" From a914b685f27ed80621a697e6069e35dff473e0cb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 31 Oct 2024 15:53:09 -0400 Subject: [PATCH 115/184] qubes-vm-gui: upgrade to 4.3.0 --- qubes-vm-gui/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index fc37599..4e37216 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -5,8 +5,8 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.2.18 -pkgrel=1 +pkgver=4.3.0 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" @@ -116,7 +116,7 @@ pipewire() { } sha512sums=" -44943e431530a28f2b6fa892278ba34efbf925e2fb2720dd66dbcb293ceab0ebe59f269716e59e4cec82fc865226565fee70f3b016a1cd1396703e1d81314d4c qubes-vm-gui-v4.2.18.tar.gz +725df11ee64ae100b149b2f70253ab4cf0b73b05b5faa503df755925fa8b568f891ea8cd653999618d238a445103014e08ab741bf0ddbed7446f5df62e6076cd qubes-vm-gui-v4.3.0.tar.gz f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc From e65971b3abbb3fe194d5ad6b82491918f6cf7705 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 31 Oct 2024 15:53:22 -0400 Subject: [PATCH 116/184] qubes-vm-gui-dev: upgrade to 4.3.0 --- qubes-vm-gui-dev/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-gui-dev/APKBUILD b/qubes-vm-gui-dev/APKBUILD index acc6b53..952ea31 100644 --- a/qubes-vm-gui-dev/APKBUILD +++ b/qubes-vm-gui-dev/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-gui-dev -pkgver=4.2.5 +pkgver=4.3.0 _gittag="v$pkgver" pkgrel=0 pkgdesc="Common files for Qubes GUI - protocol headers." @@ -18,5 +18,5 @@ package() { cp include/*.h $pkgdir/usr/include/ } sha512sums=" -12bdf5c2dfcc594b034f5dd94a4fa398ef51a42e8bf425386ff34af63510b749fb0aaa6966f569cc16205efbb310076bd370ceefcd1d254fa5d2e8599554a64d qubes-vm-gui-dev-v4.2.5.tar.gz +c1046fda6395c6c7907fa3d9c963089169e860d4e0f79c2cf7bafe8a673c93ac0aec3ca312f97510541127510dc7d2ad585949599ed1fffbb0758ff1098ea518 qubes-vm-gui-dev-v4.3.0.tar.gz " From 8ecc7b48ea4f502af627e80abcf48f30fc8d45c4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Nov 2024 18:54:57 -0500 Subject: [PATCH 117/184] qubes-vm-core: upgrade to 4.3.11 --- qubes-vm-core/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 6ae7a3a..32b458a 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -8,7 +8,7 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.3.10 +pkgver=4.3.11 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." @@ -167,7 +167,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib } sha512sums=" -d4b7a0defbb1b5c85a950fd823eba8e068b68b952a1c2aca34b794393d731d742c06ffa90479ecc0a792ef16bb30e7671011964de978f9f712de6eee39d57d11 qubes-vm-core-v4.3.10.tar.gz +b35253b0118eea35d20f38bed57d28ef1e094885ab6e5c17bb89bb54c1b356deb3f1147289f9edc9e0ec0dfec20dcfeb5728910dc678975a11c79de6fad76de4 qubes-vm-core-v4.3.11.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From e9170df0405c7bd2988c97e0904d897c557ec85b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Nov 2024 18:55:55 -0500 Subject: [PATCH 118/184] qubes-vm-utils: upgrade to 4.3.5 --- qubes-vm-utils/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 5df9eaa..4b2aaaf 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -6,8 +6,8 @@ subpackages=" $pkgname-openrc $pkgname-pyc " -pkgver=4.3.4 -pkgrel=1 +pkgver=4.3.5 +pkgrel=0 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" @@ -59,6 +59,6 @@ support() { install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh } sha512sums=" -6acdc385be834cd3db0c13f5a1e81ae148a0602eb65d5fabd1a3c1740fa213a76ec4b95fac33754adc8455f16dd5e342a3379662d53999a3c03c3f8946051c7d qubes-vm-utils-v4.3.4.tar.gz +98cbcee3d459635257703cbc44b710b301d644f5d9a5af3348f523707d7acc7ffd8d74bde2917b916e5b3ae2e9332ece695c71521b4041c209451a86643e26f3 qubes-vm-utils-v4.3.5.tar.gz c29bac0c6b9a0c81ee42e88541d9216549276448a02c3005ea20d85c7eda483cee28bbc159098bd42badc7ed80058734311931ee4ef13e170e49f83cf3f5a9ae qubes-meminfo-writer.openrc " From a4800f9e03b36a373e433ff07d0916bf6bea4e10 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 10 Nov 2024 09:33:38 -0500 Subject: [PATCH 119/184] qubes-vm-gui: upgrade to 4.3.1 --- qubes-vm-gui/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 4e37216..4526e96 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -5,7 +5,7 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.3.0 +pkgver=4.3.1 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" @@ -116,7 +116,7 @@ pipewire() { } sha512sums=" -725df11ee64ae100b149b2f70253ab4cf0b73b05b5faa503df755925fa8b568f891ea8cd653999618d238a445103014e08ab741bf0ddbed7446f5df62e6076cd qubes-vm-gui-v4.3.0.tar.gz +7b91dc48da7c153a736e7a4d0f96fdad142a3718ad27477301bd744329afce187379858e8da1ec5dce27bbf4f32be5a4b0e5f0ec89e481e5a7910e9321384f10 qubes-vm-gui-v4.3.1.tar.gz f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc From 9a48d213f3cb663d23efd94714820cdabcd51baa Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 10 Nov 2024 09:32:04 -0500 Subject: [PATCH 120/184] qubes-input-proxy: upgrade to 1.0.39 --- qubes-input-proxy/APKBUILD | 6 +++--- qubes-input-proxy/qubes-input-trigger_use-openrc.patch | 9 +++++---- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index 29ca603..1e206d6 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-input-proxy -pkgver=1.0.38 +pkgver=1.0.39 _gittag=v$pkgver pkgrel=0 pkgdesc="The Qubes service for proxying input devices" @@ -46,8 +46,8 @@ package() { install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender } sha512sums=" -bf4b44ee58347d78682a9b2c9eac10679a7ff17dfd56019a83b009b1165fd3833bc484df3cf9b13068b6754343c017f38a8d2ac2c06e1a0ee53646066daf658a qubes-input-proxy-v1.0.38.tar.gz -53f898f4d611e0a9be18127cff90ebc3946dc7e270548a84407067b02cb918546e8425c1722a60efb73b93af05c79889eaa16a4c7d596c948fdb9291d218c803 qubes-input-trigger_use-openrc.patch +097056a4700a70b9e1e109f622bbff100728166ff30bfc4b58edf3b18f8f4b053c3152f7e43b60c6c671cb2ad2eb8de7d6544d844ba6456d74f2376d6967dcaf qubes-input-proxy-v1.0.39.tar.gz +4f8881928a32d83dbf0872067e04ab269e8f4cc622bdf0e35c53ccc330456e4b15112a142aa648fb07070ae88d9c327e6958cc8e39600820a9291fc4cd7ea242 qubes-input-trigger_use-openrc.patch 21e7b95c94ec1a3f3499e79cf8b1931da2c3e33d8f1af2efe6b52b7e2678d4648bb0597b3a4a95cc10d0ca3cb83df93075b99cf1b615d8493a9e2fd21fb7f8f7 makefile_skip-systemd.patch 2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299 qubes-input-sender.openrc " diff --git a/qubes-input-proxy/qubes-input-trigger_use-openrc.patch b/qubes-input-proxy/qubes-input-trigger_use-openrc.patch index 2c49700..3abfd86 100644 --- a/qubes-input-proxy/qubes-input-trigger_use-openrc.patch +++ b/qubes-input-proxy/qubes-input-trigger_use-openrc.patch @@ -1,15 +1,16 @@ diff --git a/qubes-rpc/qubes-input-trigger.orig b/qubes-rpc/qubes-input-trigger -index 5fa0e5a..0dd3773 100755 +index 264788e..edd40ec 100755 --- a/qubes-rpc/qubes-input-trigger.orig +++ b/qubes-rpc/qubes-input-trigger -@@ -42,48 +42,68 @@ def get_service_name(udevreturn, input_dev): +@@ -51,49 +51,69 @@ def get_service_name(udevreturn, input_dev): ('ID_INPUT_TOUCHPAD' in udevreturn) or ('QEMU_USB_Tablet' in udevreturn) ) and 'ID_INPUT_KEY' not in udevreturn: - service = 'qubes-input-sender-tablet' + service = 'qubes-input-sender.tablet' - # PiKVM "mouse" is special, as it sends absolute events - elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_USB_VENDOR=PiKVM' in udevreturn: + # if mouse report absolute events, prefer tablet service + # (0x3 is ABS_X | ABS_Y) + elif 'ID_INPUT_MOUSE' in udevreturn and abs_caps & 0x3: - service = 'qubes-input-sender-tablet' + service = 'qubes-input-sender.tablet' elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' not in udevreturn: From 1a427d854dfca9d48a739b1f83852ce64e9ea4c7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 30 Nov 2024 20:52:25 -0500 Subject: [PATCH 121/184] forgejo-ci: drop 3.19 builder, add 3.21 --- .../workflows/{build-v3.19.yaml => build-v3.21.yaml} | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) rename .forgejo/workflows/{build-v3.19.yaml => build-v3.21.yaml} (93%) diff --git a/.forgejo/workflows/build-v3.19.yaml b/.forgejo/workflows/build-v3.21.yaml similarity index 93% rename from .forgejo/workflows/build-v3.19.yaml rename to .forgejo/workflows/build-v3.21.yaml index 2561981..29ddff9 100644 --- a/.forgejo/workflows/build-v3.19.yaml +++ b/.forgejo/workflows/build-v3.21.yaml @@ -3,7 +3,7 @@ on: types: [ assigned, opened, synchronize, reopened ] jobs: - build-v3.19: + build-v3.21: runs-on: x86_64 container: image: alpinelinux/alpine-gitlab-ci:latest @@ -12,7 +12,7 @@ jobs: CI_DEBUG_BUILD: ${{ runner.debug }} CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }} CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }} - CI_ALPINE_TARGET: v3.19 + CI_ALPINE_TARGET: v3.21 steps: - name: Environment setup run: | @@ -33,14 +33,14 @@ jobs: name: package path: packages - deploy-v3.19: - needs: [build-v3.19] + deploy-v3.21: + needs: [build-v3.21] runs-on: x86_64 container: image: alpine:latest env: + CI_ALPINE_TARGET: v3.21 CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine' - CI_ALPINE_TARGET: v3.19 FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }} FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }} steps: From 3254fe973803d4310ea9cbfde3828b68eaffb549 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 30 Nov 2024 20:56:01 -0500 Subject: [PATCH 122/184] *: rebuild for 3.21 --- qubes-app-linux-druide-antidote/APKBUILD | 2 +- qubes-db-vm/APKBUILD | 2 +- qubes-gpg-split/APKBUILD | 2 +- qubes-input-proxy/APKBUILD | 2 +- qubes-libvchan-xen/APKBUILD | 2 +- qubes-meta-packages/APKBUILD | 2 +- qubes-pass/APKBUILD | 2 +- qubes-usb-proxy/APKBUILD | 2 +- qubes-vm-core/APKBUILD | 2 +- qubes-vm-gui-dev/APKBUILD | 2 +- qubes-vm-gui/APKBUILD | 2 +- qubes-vm-qrexec/APKBUILD | 2 +- qubes-vm-utils/APKBUILD | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/qubes-app-linux-druide-antidote/APKBUILD b/qubes-app-linux-druide-antidote/APKBUILD index df073e2..cf111c5 100644 --- a/qubes-app-linux-druide-antidote/APKBUILD +++ b/qubes-app-linux-druide-antidote/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-app-linux-druide-antidote pkgver=0.0.1_git20240201 _gittag=c724c88aa2a20b1e422b464499015ff05753316d -pkgrel=2 +pkgrel=3 arch="noarch" pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file" url=https://github.com/neowutran/qubes-app-linux-druide-antidote diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index bf20d45..b577fe2 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-db-vm subpackages="$pkgname-openrc" pkgver=4.2.6 -pkgrel=1 +pkgrel=2 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." arch="x86_64" diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index 8ab57fd..ff37869 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-gpg-split subpackages="$pkgname-doc" pkgver=2.0.75 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Used Qubes AppVM as a “smart card”" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-split-gpg" diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index 1e206d6..fe51824 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-input-proxy pkgver=1.0.39 _gittag=v$pkgver -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes service for proxying input devices" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-input-proxy" diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index 8a76bce..d1ebb7f 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-libvchan-xen pkgver=4.2.4 -pkgrel=1 +pkgrel=2 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index 7a16163..7f5f3f2 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -7,7 +7,7 @@ subpackages=" " pkgver=4.3.0 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Meta packages for Qubes-specific components" arch="noarch" url="https://github.com/QubesOS/qubes-meta-packages" diff --git a/qubes-pass/APKBUILD b/qubes-pass/APKBUILD index 0f63e26..98f74cb 100644 --- a/qubes-pass/APKBUILD +++ b/qubes-pass/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-pass pkgver=0.1.0 _gittag="v$pkgver" -pkgrel=4 +pkgrel=5 pkgdesc="An inter-VM password manager for Qubes OS" arch="noarch" url="https://github.com/Rudd-O/qubes-pass" diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index 4dacfe2..e14dcf2 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-usb-proxy pkgver=1.3.2 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 32b458a..7e5039d 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,7 +9,7 @@ subpackages=" $pkgname-pyc " pkgver=4.3.11 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" diff --git a/qubes-vm-gui-dev/APKBUILD b/qubes-vm-gui-dev/APKBUILD index 952ea31..a6b5e38 100644 --- a/qubes-vm-gui-dev/APKBUILD +++ b/qubes-vm-gui-dev/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-vm-gui-dev pkgver=4.3.0 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Common files for Qubes GUI - protocol headers." arch="noarch" url="https://github.com/QubesOS/qubes-gui-common" diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 4526e96..f142e37 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -6,7 +6,7 @@ subpackages=" qubes-vm-pipewire $pkgname-openrc" pkgver=4.3.1 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 3f3f959..9ea75f5 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" pkgver=4.3.0 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 4b2aaaf..f193c61 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -7,7 +7,7 @@ subpackages=" $pkgname-pyc " pkgver=4.3.5 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" From e867721ad65ddf4434e8874b1bbd0f7cb03e6098 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 30 Nov 2024 21:03:05 -0500 Subject: [PATCH 123/184] forgejo: import build.sh in repo --- .forgejo/bin/build.sh | 268 ++++++++++++++++++++++++++++ .forgejo/patches/build.patch | 140 --------------- .forgejo/workflows/build-edge.yaml | 4 +- .forgejo/workflows/build-v3.20.yaml | 4 +- .forgejo/workflows/build-v3.21.yaml | 4 +- 5 files changed, 271 insertions(+), 149 deletions(-) create mode 100755 .forgejo/bin/build.sh delete mode 100644 .forgejo/patches/build.patch diff --git a/.forgejo/bin/build.sh b/.forgejo/bin/build.sh new file mode 100755 index 0000000..c065c38 --- /dev/null +++ b/.forgejo/bin/build.sh @@ -0,0 +1,268 @@ +#!/bin/sh +# shellcheck disable=SC3043 + +. /usr/local/lib/functions.sh + +# shellcheck disable=SC3040 +set -eu -o pipefail + +readonly APORTSDIR=$CI_PROJECT_DIR +readonly REPOS="main community testing" +readonly ARCH=$(apk --print-arch) +# gitlab variables +readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME + +: "${REPODEST:=$HOME/packages}" +: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}" +: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}" +: "${MAX_ARTIFACT_SIZE:=300000000}" #300M +: "${CI_DEBUG_BUILD:=}" + +: "${CI_ALPINE_BUILD_OFFSET:=0}" +: "${CI_ALPINE_BUILD_LIMIT:=9999}" + +msg() { + local color=${2:-green} + case "$color" in + red) color="31";; + green) color="32";; + yellow) color="33";; + blue) color="34";; + *) color="32";; + esac + printf "\033[1;%sm>>>\033[1;0m %s\n" "$color" "$1" | xargs >&2 +} + +verbose() { + echo "> " "$@" + # shellcheck disable=SC2068 + $@ +} + +debugging() { + [ -n "$CI_DEBUG_BUILD" ] +} + +debug() { + if debugging; then + verbose "$@" + fi +} + +die() { + msg "$1" red + exit 1 +} + +capture_stderr() { + "$@" 2>&1 +} + +report() { + report=$1 + + reportsdir=$APORTSDIR/logs/ + mkdir -p "$reportsdir" + + tee -a "$reportsdir/$report.log" +} + +get_release() { + echo $CI_ALPINE_TARGET +} + + +get_qubes_release() { + case $BASEBRANCH in + r*) echo $BASEBRANCH;; + main) echo r4.3;; + esac +} + +changed_aports() { + : "${APORTSDIR?APORTSDIR missing}" + : "${BASEBRANCH?BASEBRANCH missing}" + + cd "$APORTSDIR" + local aports + + aports=$(git diff --name-only --diff-filter=ACMR \ + "$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname) + + # shellcheck disable=2086 + ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename +} + + +build_aport() { + local repo="$1" aport="$2" + cd "$APORTSDIR/$repo/$aport" + if abuild -r 2>&1 | report "build-$aport"; then + checkapk 2>&1 | report "checkapk-$aport" || true + aport_ok="$aport_ok $repo/$aport" + else + aport_ng="$aport_ng $repo/$aport" + fi +} + +check_aport() { + local repo="$1" aport="$2" + cd "$APORTSDIR/$repo/$aport" + if ! abuild check_arch 2>/dev/null; then + aport_na="$aport_na $repo/$aport" + return 1 + fi +} + +set_repositories_for() { + local target_repo="$1" repos='' repo='' + local release + + release=$(get_release) + for repo in qubes-$(get_qubes_release); do + [ "$repo" = "non-free" ] && continue + [ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue + repos="$repos $MIRROR/$release/$repo $REPODEST/$repo" + [ "$repo" = "$target_repo" ] && break + done + doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories" + doas apk update || true +} + +apply_offset_limit() { + start=$1 + limit=$2 + end=$((start+limit)) + + sed -n "$((start+1)),${end}p" +} + +setup_system() { + local repos='' repo='' + local release + + release=$(get_release) + for repo in $REPOS; do + [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue + repos="$repos $ALPINE_MIRROR/$release/$repo" + done + doas sh -c "printf '%s\n' $repos > /etc/apk/repositories" + doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system" + abuild-keygen -ain + doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf + ( . /usr/share/abuild/default.conf; . /etc/abuild.conf; echo "Building with ${JOBS-1} jobs" ) + mkdir -p "$REPODEST" + git config --global init.defaultBranch master +} + +sysinfo() { + printf ">>> Host system information (arch: %s, release: %s) <<<\n" "$ARCH" "$(get_release)" + printf "- Number of Cores: %s\n" "$(nproc)" + printf "- Memory: %s Gb\n" "$(awk '/^MemTotal/ {print ($2/1024/1024)}' /proc/meminfo)" + printf "- Free space: %s\n" "$(df -hP / | awk '/\/$/ {print $4}')" +} + +copy_artifacts() { + cd "$APORTSDIR" + + packages_size="$(du -sk "$REPODEST" | awk '{print $1 * 1024}')" + if [ -z "$packages_size" ]; then + return + fi + + echo "Artifact size: $packages_size bytes" + + mkdir -p keys/ packages/ + + if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then + msg "Copying packages for artifact upload" + cp -ar "$REPODEST"/* packages/ 2>/dev/null + cp ~/.abuild/*.rsa.pub keys/ + else + msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow + fi +} + +section_start setup "Setting up the system" collapse + +if debugging; then + set -x +fi + +aport_ok= +aport_na= +aport_ng= +failed= + +sysinfo || true +setup_system || die "Failed to setup system" + +# git no longer allows to execute in repositories owned by different users +doas chown -R buildozer: . + +fetch_flags="-qn" +debugging && fetch_flags="-v" + +git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ + "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" + +if debugging; then + merge_base=$(git merge-base "$BASEBRANCH" HEAD) || echo "Could not determine merge-base" + echo "Merge base: $merge_base" + git --version + git config -l + [ -n "$merge_base" ] && git tag -f merge-base "$merge_base" + git --no-pager log -200 --oneline --graph --decorate --all +fi + +section_end setup + +build_start=$CI_ALPINE_BUILD_OFFSET +build_limit=$CI_ALPINE_BUILD_LIMIT + +set_repositories_for $(get_qubes_release) +built_aports=0 +changed_aports_in_repo=$(changed_aports $BASEBRANCH) +changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l) +changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit") + +msg "Changed aports:" +# shellcheck disable=SC2086 # Splitting is expected here +printf " - %s\n" $changed_aports_to_build +for pkgname in $changed_aports_to_build; do + section_start "build_$pkgname" "Building package $pkgname" + built_aports=$((built_aports+1)) + if check_aport . "$pkgname"; then + build_aport . "$pkgname" + fi + section_end "build_$pkgname" +done + +section_start artifacts "Handeling artifacts" collapse +copy_artifacts || true +section_end artifacts + +section_start summary "Build summary" + +echo "### Build summary ###" + +for ok in $aport_ok; do + msg "$ok: build succesfully" +done + +for na in $aport_na; do + msg "$na: disabled for $ARCH" yellow +done + +for ng in $aport_ng; do + msg "$ng: build failed" red + failed=true +done +section_end summary + +if [ "$failed" = true ]; then + exit 1 +elif [ -z "$aport_ok" ]; then + msg "No packages found to be built." yellow +fi + diff --git a/.forgejo/patches/build.patch b/.forgejo/patches/build.patch deleted file mode 100644 index 81015ef..0000000 --- a/.forgejo/patches/build.patch +++ /dev/null @@ -1,140 +0,0 @@ -diff --git a/usr/local/bin/build.sh.orig b/usr/local/bin/build.sh -old mode 100644 -new mode 100755 -index c3b8f7a..0b1c9a5 ---- a/usr/local/bin/build.sh.orig -+++ b/usr/local/bin/build.sh -@@ -7,13 +7,14 @@ - set -eu -o pipefail - - readonly APORTSDIR=$CI_PROJECT_DIR --readonly REPOS="main community testing non-free" -+readonly REPOS="main community testing" - readonly ARCH=$(apk --print-arch) - # gitlab variables - readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME - - : "${REPODEST:=$HOME/packages}" --: "${MIRROR:=https://dl-cdn.alpinelinux.org/alpine}" -+: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}" -+: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}" - : "${MAX_ARTIFACT_SIZE:=300000000}" #300M - : "${CI_DEBUG_BUILD:=}" - -@@ -67,13 +68,32 @@ report() { - } - - get_release() { -+ echo $CI_ALPINE_TARGET -+} -+ -+ -+get_qubes_release() { - case $BASEBRANCH in -- *-stable) echo v"${BASEBRANCH%-*}";; -- master) echo edge;; -- *) die "Branch \"$BASEBRANCH\" not supported!" -+ r*) echo $BASEBRANCH;; -+ main) echo r4.3;; - esac - } - -+changed_aports() { -+ : "${APORTSDIR?APORTSDIR missing}" -+ : "${BASEBRANCH?BASEBRANCH missing}" -+ -+ cd "$APORTSDIR" -+ local aports -+ -+ aports=$(git diff --name-only --diff-filter=ACMR \ -+ "$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname) -+ -+ # shellcheck disable=2086 -+ ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename -+} -+ -+ - build_aport() { - local repo="$1" aport="$2" - cd "$APORTSDIR/$repo/$aport" -@@ -99,13 +119,13 @@ set_repositories_for() { - local release - - release=$(get_release) -- for repo in $REPOS; do -+ for repo in qubes-$(get_qubes_release); do - [ "$repo" = "non-free" ] && continue -- [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue -+ [ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue - repos="$repos $MIRROR/$release/$repo $REPODEST/$repo" - [ "$repo" = "$target_repo" ] && break - done -- doas sh -c "printf '%s\n' $repos > /etc/apk/repositories" -+ doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories" - doas apk update - } - -@@ -118,7 +138,15 @@ apply_offset_limit() { - } - - setup_system() { -- doas sh -c "echo $MIRROR/$(get_release)/main > /etc/apk/repositories" -+ local repos='' repo='' -+ local release -+ -+ release=$(get_release) -+ for repo in $REPOS; do -+ [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue -+ repos="$repos $ALPINE_MIRROR/$release/$repo" -+ done -+ doas sh -c "printf '%s\n' $repos > /etc/apk/repositories" - doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system" - abuild-keygen -ain - doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf -@@ -192,32 +220,22 @@ section_end setup - build_start=$CI_ALPINE_BUILD_OFFSET - build_limit=$CI_ALPINE_BUILD_LIMIT - --for repo in $(changed_repos); do -- set_repositories_for "$repo" -- built_aports=0 -- changed_aports_in_repo=$(changed_aports "$repo") -- changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l) -- changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit") -+set_repositories_for $(get_qubes_release) -+built_aports=0 -+changed_aports_in_repo=$(changed_aports $BASEBRANCH) -+changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l) -+changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit") - -- msg "Changed aports in $repo:" -- # shellcheck disable=SC2086 # Splitting is expected here -- printf " - %s\n" $changed_aports_to_build -- for pkgname in $changed_aports_to_build; do -- section_start "build_$pkgname" "Building package $pkgname" -- built_aports=$((built_aports+1)) -- if check_aport "$repo" "$pkgname"; then -- build_aport "$repo" "$pkgname" -- fi -- section_end "build_$pkgname" -- done -- -- build_start=$((build_start-(changed_aports_in_repo_count-built_aports))) -- build_limit=$((build_limit-built_aports)) -- -- if [ $build_limit -le 0 ]; then -- msg "Limit reached, breaking" -- break -+msg "Changed aports:" -+# shellcheck disable=SC2086 # Splitting is expected here -+printf " - %s\n" $changed_aports_to_build -+for pkgname in $changed_aports_to_build; do -+ section_start "build_$pkgname" "Building package $pkgname" -+ built_aports=$((built_aports+1)) -+ if check_aport . "$pkgname"; then -+ build_aport . "$pkgname" - fi -+ section_end "build_$pkgname" - done - - section_start artifacts "Handeling artifacts" collapse diff --git a/.forgejo/workflows/build-edge.yaml b/.forgejo/workflows/build-edge.yaml index 91f86a4..5ee48ea 100644 --- a/.forgejo/workflows/build-edge.yaml +++ b/.forgejo/workflows/build-edge.yaml @@ -24,9 +24,7 @@ jobs: with: fetch-depth: 500 - name: Package build - run: | - doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch - build.sh + run: ${{ github.workspace }}/.forgejo/bin/build.sh - name: Package upload uses: forgejo/upload-artifact@v3 with: diff --git a/.forgejo/workflows/build-v3.20.yaml b/.forgejo/workflows/build-v3.20.yaml index d693f55..573aa23 100644 --- a/.forgejo/workflows/build-v3.20.yaml +++ b/.forgejo/workflows/build-v3.20.yaml @@ -24,9 +24,7 @@ jobs: with: fetch-depth: 500 - name: Package build - run: | - doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch - build.sh + run: ${{ github.workspace }}/.forgejo/bin/build.sh - name: Package upload uses: forgejo/upload-artifact@v3 with: diff --git a/.forgejo/workflows/build-v3.21.yaml b/.forgejo/workflows/build-v3.21.yaml index 29ddff9..6ed7279 100644 --- a/.forgejo/workflows/build-v3.21.yaml +++ b/.forgejo/workflows/build-v3.21.yaml @@ -24,9 +24,7 @@ jobs: with: fetch-depth: 500 - name: Package build - run: | - doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch - build.sh + run: ${{ github.workspace }}/.forgejo/bin/build.sh - name: Package upload uses: forgejo/upload-artifact@v3 with: From 7d9253d8c9ab81115791ed513546f7c4bfb1dcb9 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 2 Dec 2024 19:12:28 -0500 Subject: [PATCH 124/184] qubes-input-proxy: fix openrc patch --- qubes-input-proxy/APKBUILD | 4 ++-- qubes-input-proxy/qubes-input-trigger_use-openrc.patch | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index fe51824..edc0e01 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-input-proxy pkgver=1.0.39 _gittag=v$pkgver -pkgrel=1 +pkgrel=2 pkgdesc="The Qubes service for proxying input devices" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-input-proxy" @@ -47,7 +47,7 @@ package() { } sha512sums=" 097056a4700a70b9e1e109f622bbff100728166ff30bfc4b58edf3b18f8f4b053c3152f7e43b60c6c671cb2ad2eb8de7d6544d844ba6456d74f2376d6967dcaf qubes-input-proxy-v1.0.39.tar.gz -4f8881928a32d83dbf0872067e04ab269e8f4cc622bdf0e35c53ccc330456e4b15112a142aa648fb07070ae88d9c327e6958cc8e39600820a9291fc4cd7ea242 qubes-input-trigger_use-openrc.patch +e21e6ae680f98474cbb8b6213768ca1f8d5ffb0088173a387a309e1b40a9aabbb946f3201aa143088f144f13a5c85c3710b7ade1a1189655a08ed574e3d26df4 qubes-input-trigger_use-openrc.patch 21e7b95c94ec1a3f3499e79cf8b1931da2c3e33d8f1af2efe6b52b7e2678d4648bb0597b3a4a95cc10d0ca3cb83df93075b99cf1b615d8493a9e2fd21fb7f8f7 makefile_skip-systemd.patch 2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299 qubes-input-sender.openrc " diff --git a/qubes-input-proxy/qubes-input-trigger_use-openrc.patch b/qubes-input-proxy/qubes-input-trigger_use-openrc.patch index 3abfd86..ca8683e 100644 --- a/qubes-input-proxy/qubes-input-trigger_use-openrc.patch +++ b/qubes-input-proxy/qubes-input-trigger_use-openrc.patch @@ -21,7 +21,7 @@ index 264788e..edd40ec 100755 + service = 'qubes-input-sender.keyboard' elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' in udevreturn: - service = 'qubes-input-sender-keyboard-mouse' -+ service = 'qubes-input-sender.keyboardmouse' ++ service = 'qubes-input-sender.mouse' if service: - service = '{}@{}.service'.format(service, input_dev) From 2072bf2d036c5427a2ce527a89f862587f94aa07 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 13 Dec 2024 15:51:32 -0500 Subject: [PATCH 125/184] qubes-vm-qrexec: upgrade to 4.3.1 --- qubes-vm-qrexec/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 9ea75f5..948e46c 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -2,9 +2,9 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" -pkgver=4.3.0 +pkgver=4.3.1 _gittag="v$pkgver" -pkgrel=2 +pkgrel=0 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" @@ -52,7 +52,7 @@ package() { install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent } sha512sums=" -e872f64702fd2e990d1d71836207c8ccfec98ae45b3af9537036248ba43c435f1bf77c369f8c7e613f74f17cca49a3a0b6c27db2c5cf6ead6f9a8337bda17e79 qubes-vm-qrexec-v4.3.0.tar.gz +f25d4a6ae587666bc2db6c42978779f6ea52bac10c17e399aed7cd99ecf9b6cedb48a2baa54386f8994c086a9f12b8ed6f8d911f63eee17f86c8e36c0ea7049c qubes-vm-qrexec-v4.3.1.tar.gz e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc c3009ddb97656be7d0a78910217c852f0f9b20cd37b4537d99724e629bc87f1c675ada084eba3c641c4ae54dab8aacd87514d73de72f42d6ccc976e6255212bc makefile-remove-cc-cflags.patch 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch From 101031d8d86f34a86facc871cffb880a7517f013 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 13 Dec 2024 15:52:19 -0500 Subject: [PATCH 126/184] qubes-vm-utils: upgrade to 4.3.6 --- qubes-vm-utils/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index f193c61..25fe2f0 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -6,8 +6,8 @@ subpackages=" $pkgname-openrc $pkgname-pyc " -pkgver=4.3.5 -pkgrel=1 +pkgver=4.3.6 +pkgrel=0 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" @@ -59,6 +59,6 @@ support() { install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh } sha512sums=" -98cbcee3d459635257703cbc44b710b301d644f5d9a5af3348f523707d7acc7ffd8d74bde2917b916e5b3ae2e9332ece695c71521b4041c209451a86643e26f3 qubes-vm-utils-v4.3.5.tar.gz +cda5d7820cba3667577f561b3df4f7d4e7db47927daf2aaa1181118b5231d4c02259c1b3d2f6d69bb67b6f043ffff563f6d172afcbb966fb511f563e9a3c0d0c qubes-vm-utils-v4.3.6.tar.gz c29bac0c6b9a0c81ee42e88541d9216549276448a02c3005ea20d85c7eda483cee28bbc159098bd42badc7ed80058734311931ee4ef13e170e49f83cf3f5a9ae qubes-meminfo-writer.openrc " From 32686a47547bc0f8435c352b4b0e7ecf9276667b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 13 Dec 2024 15:50:43 -0500 Subject: [PATCH 127/184] qubes-vm-gui: upgrade to 4.3.2 --- qubes-vm-gui/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index f142e37..ab064b2 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -5,8 +5,8 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.3.1 -pkgrel=1 +pkgver=4.3.2 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" @@ -116,7 +116,7 @@ pipewire() { } sha512sums=" -7b91dc48da7c153a736e7a4d0f96fdad142a3718ad27477301bd744329afce187379858e8da1ec5dce27bbf4f32be5a4b0e5f0ec89e481e5a7910e9321384f10 qubes-vm-gui-v4.3.1.tar.gz +13e047759f6fb45e074547c9739aa073e1eddbd55eac814265cd7949883b1b9217e24503ba9c3921801d820c2a48725cb3d88aa42c14a1e3788e3da1abd4a773 qubes-vm-gui-v4.3.2.tar.gz f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc From d5fac1bec3b1a2db27e72b03f4831563213bce96 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 13 Dec 2024 15:55:29 -0500 Subject: [PATCH 128/184] qubes-usb-proxy: upgrade to 4.3.0 --- qubes-usb-proxy/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index e14dcf2..e2e4821 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-usb-proxy -pkgver=1.3.2 +pkgver=4.3.0 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" @@ -37,6 +37,6 @@ package() { echo "vhci-hcd" > "$pkgdir"/etc/modules-load.d/qubes-usb-proxy.conf } sha512sums=" -36d34af695b3d765c24e4bd9abe2ec0fad82adaf8618db642dd44b2d7b5fda9faf1d92eaba7815fd1c276551278cd8f40b1c1be066fee2cc06a738ef92b40ae0 qubes-usb-proxy-v1.3.2.tar.gz +b193a4df3b0281b2619528ac0a6542a47bd7204a073c9f0cb7c17233d0537f742eb83a58d591fc0e2599aea1a4783f07c7c90dcccdf08fa5845d36e14adae1e3 qubes-usb-proxy-v4.3.0.tar.gz c6519982f7eef8586ee823dc96efa7b1b90f489114edcc348bc5221837090d19a2a3533eac83e3269ba68c2cf24447c018e0ac850ed1423a1280ebae364223fa usb-import-alpine-udevadm.patch " From e2e5c67379852b9e4e9cf11ace7c10ee85cad368 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 13 Dec 2024 15:57:20 -0500 Subject: [PATCH 129/184] qubes-vm-core: upgrade to 4.3.13 --- qubes-vm-core/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 7e5039d..c77a5e0 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -8,8 +8,8 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.3.11 -pkgrel=1 +pkgver=4.3.13 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -167,7 +167,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib } sha512sums=" -b35253b0118eea35d20f38bed57d28ef1e094885ab6e5c17bb89bb54c1b356deb3f1147289f9edc9e0ec0dfec20dcfeb5728910dc678975a11c79de6fad76de4 qubes-vm-core-v4.3.11.tar.gz +dbbeef8cf0f7e541aa66172b1c9959fb35b42db67f27ee52f0926bae97109de606250b9464ea6cabbaf0e2fd78d5da0796aa496374625d075f4ffc4bb2919450 qubes-vm-core-v4.3.13.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From c4a33f0f821175d464e8774f56e027cfd3a36c78 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 13 Dec 2024 15:48:44 -0500 Subject: [PATCH 130/184] qubes-input-proxy: upgrade to 1.0.40 --- qubes-input-proxy/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index edc0e01..d52de09 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-input-proxy -pkgver=1.0.39 +pkgver=1.0.40 _gittag=v$pkgver -pkgrel=2 +pkgrel=0 pkgdesc="The Qubes service for proxying input devices" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-input-proxy" @@ -46,7 +46,7 @@ package() { install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender } sha512sums=" -097056a4700a70b9e1e109f622bbff100728166ff30bfc4b58edf3b18f8f4b053c3152f7e43b60c6c671cb2ad2eb8de7d6544d844ba6456d74f2376d6967dcaf qubes-input-proxy-v1.0.39.tar.gz +0aba4db0bba20dd3bc7f152de08e31e31b71f9d2ccf41f52b2273807cb68f46841663c46f66bc422edc66e7557a7293d641d818517abbfad2c7147a720bf7022 qubes-input-proxy-v1.0.40.tar.gz e21e6ae680f98474cbb8b6213768ca1f8d5ffb0088173a387a309e1b40a9aabbb946f3201aa143088f144f13a5c85c3710b7ade1a1189655a08ed574e3d26df4 qubes-input-trigger_use-openrc.patch 21e7b95c94ec1a3f3499e79cf8b1931da2c3e33d8f1af2efe6b52b7e2678d4648bb0597b3a4a95cc10d0ca3cb83df93075b99cf1b615d8493a9e2fd21fb7f8f7 makefile_skip-systemd.patch 2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299 qubes-input-sender.openrc From 47c44f0ff9a7deb6d68eff8a5dc53219bf2d06f4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 26 Dec 2024 00:12:44 -0500 Subject: [PATCH 131/184] qubes-vm-utils: upgrade to 4.3.7 --- qubes-vm-utils/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 25fe2f0..cf7653e 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -6,7 +6,7 @@ subpackages=" $pkgname-openrc $pkgname-pyc " -pkgver=4.3.6 +pkgver=4.3.7 pkgrel=0 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." @@ -59,6 +59,6 @@ support() { install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh } sha512sums=" -cda5d7820cba3667577f561b3df4f7d4e7db47927daf2aaa1181118b5231d4c02259c1b3d2f6d69bb67b6f043ffff563f6d172afcbb966fb511f563e9a3c0d0c qubes-vm-utils-v4.3.6.tar.gz +557a3f4d0e95f9e999367f103bfe80d4d5a9734bb841dc24cc67804641d805cfdee99ebef68b47027ae6bf255ca9e1fd15446d0f5aa21a906d10da43eb9a733a qubes-vm-utils-v4.3.7.tar.gz c29bac0c6b9a0c81ee42e88541d9216549276448a02c3005ea20d85c7eda483cee28bbc159098bd42badc7ed80058734311931ee4ef13e170e49f83cf3f5a9ae qubes-meminfo-writer.openrc " From c1166d75b59ed6d628bfbaaeb9d87b5531666ee5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 26 Dec 2024 00:11:02 -0500 Subject: [PATCH 132/184] qubes-db-vm: upgrade to 4.2.7 --- qubes-db-vm/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index b577fe2..ad44bc7 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -2,8 +2,8 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-db-vm subpackages="$pkgname-openrc" -pkgver=4.2.6 -pkgrel=2 +pkgver=4.2.7 +pkgrel=0 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." arch="x86_64" @@ -43,7 +43,7 @@ package() { install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db } sha512sums=" -182ae7edb7235a21c45334d8d7aa20a7a9f63056d411fe66fe20d67ea0de7cf63d2a79886016561f69c5f444704f3728ee7b1aa6343f5ce15667ba458c08c9c7 qubes-db-vm-v4.2.6.tar.gz +f45fe0716395efa3c077498ff5eb3d0ec8c748ad7f77dee1641167ff93278ac30e117fcdc2d42f4befef8ce05776900172b565a8d443ddc1298cd48f62132b73 qubes-db-vm-v4.2.7.tar.gz af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207 0001-musl-build.patch 892eb29b9bab4d9e662678d13a5607df04cdb024c2f28332f40fa4b7c644476a4b26a9fc038dfcdac1e0b8d328165d21d50d894d2c1e27f792287dd57449e7eb 0001-create_pidfile.patch 6f48b4bee6a3517bdbb884bd6f7e21916e8438c5e8b8d9d1b1cfffe970c4549d941056f9022998ed7f9edb799d9b123564f01e69cdca7da241d0fb6a8e9a1c5e qubes-db.openrc From 6a70005a3a60cc0ca58ab1395190b39d0e3a2c2a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 29 Dec 2024 13:22:18 -0500 Subject: [PATCH 133/184] qubes-vm-core: upgrade to 4.3.14 --- qubes-vm-core/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index c77a5e0..f1e9d93 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -8,7 +8,7 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.3.13 +pkgver=4.3.14 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." @@ -167,7 +167,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib } sha512sums=" -dbbeef8cf0f7e541aa66172b1c9959fb35b42db67f27ee52f0926bae97109de606250b9464ea6cabbaf0e2fd78d5da0796aa496374625d075f4ffc4bb2919450 qubes-vm-core-v4.3.13.tar.gz +3a868dd32bbb8e8eb8e7ab519e28a3345d92a3d4d6891cf0763d3c8dc3475d0a089f1bafc1cee0adac70aad76c129d00b87e2f9833b2e6e05b3c828363e45b19 qubes-vm-core-v4.3.14.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From c7100461e4485b2d11d48fbaf05dd50fb9e0a971 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 29 Dec 2024 13:19:28 -0500 Subject: [PATCH 134/184] qubes-vm-gui: upgrade to 4.3.4 --- qubes-vm-gui/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index ab064b2..03c8459 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -5,7 +5,7 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.3.2 +pkgver=4.3.4 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" @@ -116,7 +116,7 @@ pipewire() { } sha512sums=" -13e047759f6fb45e074547c9739aa073e1eddbd55eac814265cd7949883b1b9217e24503ba9c3921801d820c2a48725cb3d88aa42c14a1e3788e3da1abd4a773 qubes-vm-gui-v4.3.2.tar.gz +8d3ed290496ccb667020c53b2171f4616d8078c3e554ce32154ca32465594217d025ebd54dfc374c7e7c4a2d09c07bae445d56f23980c47424468555af584e9c qubes-vm-gui-v4.3.4.tar.gz f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc From 6d964453bed848070cb332d72b59cf2483c3cb9b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 15 Jan 2025 09:19:00 -0500 Subject: [PATCH 135/184] qubes-vm-core: upgrade to 4.3.15 --- qubes-vm-core/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index f1e9d93..23269d9 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -8,7 +8,7 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.3.14 +pkgver=4.3.15 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." @@ -167,7 +167,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib } sha512sums=" -3a868dd32bbb8e8eb8e7ab519e28a3345d92a3d4d6891cf0763d3c8dc3475d0a089f1bafc1cee0adac70aad76c129d00b87e2f9833b2e6e05b3c828363e45b19 qubes-vm-core-v4.3.14.tar.gz +bf065cb5037ba8ef80b7c50dc9d37fb80e8337357496d3bfca8c052d34be29fa57e96e48af3a3354b93ac9adb81bd18ed00f32a91f7cee76867dbb4c4d446c79 qubes-vm-core-v4.3.15.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From 7042c2131d39e031a92f163a99ff5f96b67918da Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 26 Feb 2025 19:29:32 -0500 Subject: [PATCH 136/184] forgejo: use ISSUE_TOKEN instead of FORGE_TOKEN --- .forgejo/bin/create_issue.sh | 16 ++++++++-------- .forgejo/workflows/check-r4.2.yml | 2 +- .forgejo/workflows/check-r4.3.yml | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.forgejo/bin/create_issue.sh b/.forgejo/bin/create_issue.sh index d162758..6369371 100755 --- a/.forgejo/bin/create_issue.sh +++ b/.forgejo/bin/create_issue.sh @@ -1,7 +1,7 @@ #!/bin/bash # expects: -# env variable FORGEJO_TOKEN +# env variable ISSUE_TOKEN # file out_of_date IFS=' @@ -20,7 +20,7 @@ does_it_exist() { result="$(curl --silent -X 'GET' \ "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ -H 'accept: application/json' \ - -H "authorization: Basic $FORGEJO_TOKEN" + -H "Authorization: token $ISSUE_TOKEN" )" if [ "$result" == "[]" ]; then @@ -40,7 +40,7 @@ is_it_old() { result="$(curl --silent -X 'GET' \ "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ -H 'accept: application/json' \ - -H "authorization: Basic $FORGEJO_TOKEN" + -H "authorization: token $ISSUE_TOKEN" )" result_title="$(echo $result | jq -r '.[].title' )" @@ -64,7 +64,7 @@ update_title() { result=$(curl --silent -X 'PATCH' \ "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$id" \ -H 'accept: application/json' \ - -H "authorization: Basic $FORGEJO_TOKEN" \ + -H "authorization: token $ISSUE_TOKEN" \ -H 'Content-Type: application/json' \ -d "{ \"title\": \"$repo/$name: upgrade to $upstream_version\" @@ -83,7 +83,7 @@ create_issue() { result=$(curl --silent -X 'POST' \ "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \ -H 'accept: application/json' \ - -H "authorization: Basic $FORGEJO_TOKEN" \ + -H "authorization: token $ISSUE_TOKEN" \ -H 'Content-Type: application/json' \ -d "{ \"title\": \"$repo/$name: upgrade to $upstream_version\", @@ -131,7 +131,7 @@ if [ -f not_in_anitya ]; then result="$(curl --silent -X 'GET' \ "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ -H 'accept: application/json' \ - -H "authorization: Basic $FORGEJO_TOKEN" + -H "authorization: token $ISSUE_TOKEN" )" if [ "$result" == "[]" ]; then @@ -139,7 +139,7 @@ if [ -f not_in_anitya ]; then result=$(curl --silent -X 'POST' \ "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \ -H 'accept: application/json' \ - -H "authorization: Basic $FORGEJO_TOKEN" \ + -H "authorization: token $ISSUE_TOKEN" \ -H 'Content-Type: application/json' \ -d "{ \"title\": \"Add missing $repo packages to anitya\", @@ -155,7 +155,7 @@ if [ -f not_in_anitya ]; then result=$(curl --silent -X 'PATCH' \ "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$result_id" \ -H 'accept: application/json' \ - -H "authorization: Basic $FORGEJO_TOKEN" \ + -H "authorization: token $ISSUE_TOKEN" \ -H 'Content-Type: application/json' \ -d "{ \"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\" diff --git a/.forgejo/workflows/check-r4.2.yml b/.forgejo/workflows/check-r4.2.yml index 6124fd3..b1830c8 100644 --- a/.forgejo/workflows/check-r4.2.yml +++ b/.forgejo/workflows/check-r4.2.yml @@ -12,7 +12,7 @@ jobs: image: alpine:latest env: downstream: https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.2 - FORGEJO_TOKEN: ${{ secrets.forgejo_token }} + ISSUE_TOKEN: ${{ secrets.issue_token }} LABEL_NUMBER: 9 CHECK_LATEST: 0 steps: diff --git a/.forgejo/workflows/check-r4.3.yml b/.forgejo/workflows/check-r4.3.yml index 01f7e77..bbdf8aa 100644 --- a/.forgejo/workflows/check-r4.3.yml +++ b/.forgejo/workflows/check-r4.3.yml @@ -12,7 +12,7 @@ jobs: image: alpine:latest env: downstream: https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3 - FORGEJO_TOKEN: ${{ secrets.forgejo_token }} + ISSUE_TOKEN: ${{ secrets.issue_token }} LABEL_NUMBER: 9 CHECK_LATEST: 1 steps: From 1e1ccd74546d77ffee0cf7a9087971ff431be966 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 11 May 2025 11:30:35 -0400 Subject: [PATCH 137/184] ci: upgrade before pulling nodejs --- .forgejo/workflows/build-edge.yaml | 1 + .forgejo/workflows/build-v3.20.yaml | 1 + .forgejo/workflows/build-v3.21.yaml | 1 + .forgejo/workflows/lint.yaml | 4 +++- 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/build-edge.yaml b/.forgejo/workflows/build-edge.yaml index 5ee48ea..dcb6dc4 100644 --- a/.forgejo/workflows/build-edge.yaml +++ b/.forgejo/workflows/build-edge.yaml @@ -16,6 +16,7 @@ jobs: steps: - name: Environment setup run: | + doas apk upgrade -a doas apk add nodejs git patch curl cd /etc/apk/keys doas curl -JO https://ayakael.net/api/packages/forge/alpine/key diff --git a/.forgejo/workflows/build-v3.20.yaml b/.forgejo/workflows/build-v3.20.yaml index 573aa23..5248198 100644 --- a/.forgejo/workflows/build-v3.20.yaml +++ b/.forgejo/workflows/build-v3.20.yaml @@ -16,6 +16,7 @@ jobs: steps: - name: Environment setup run: | + doas apk upgrade -a doas apk add nodejs git patch curl cd /etc/apk/keys doas curl -JO https://ayakael.net/api/packages/forge/alpine/key diff --git a/.forgejo/workflows/build-v3.21.yaml b/.forgejo/workflows/build-v3.21.yaml index 6ed7279..0134ce6 100644 --- a/.forgejo/workflows/build-v3.21.yaml +++ b/.forgejo/workflows/build-v3.21.yaml @@ -16,6 +16,7 @@ jobs: steps: - name: Environment setup run: | + doas apk upgrade -a doas apk add nodejs git patch curl cd /etc/apk/keys doas curl -JO https://ayakael.net/api/packages/forge/alpine/key diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml index 3614deb..743cefc 100644 --- a/.forgejo/workflows/lint.yaml +++ b/.forgejo/workflows/lint.yaml @@ -14,7 +14,9 @@ jobs: CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }} CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }} steps: - - run: doas apk add nodejs git + - run: | + doas apk upgrade -a + doas apk add nodejs git - uses: actions/checkout@v4 with: fetch-depth: 500 From 73d93b0269e71da57ea7e3ac3b16329f17363886 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 11 May 2025 11:32:48 -0400 Subject: [PATCH 138/184] ci: fix issue creation with forgejo 11 --- .forgejo/bin/create_issue.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.forgejo/bin/create_issue.sh b/.forgejo/bin/create_issue.sh index 6369371..995e519 100755 --- a/.forgejo/bin/create_issue.sh +++ b/.forgejo/bin/create_issue.sh @@ -15,10 +15,10 @@ does_it_exist() { repo=$4 query="$repo/$name: upgrade to $upstream_version" - query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )" + query="%22$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )%22" result="$(curl --silent -X 'GET' \ - "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \ -H 'accept: application/json' \ -H "Authorization: token $ISSUE_TOKEN" )" @@ -35,10 +35,10 @@ is_it_old() { repo=$4 query="$repo/$name: upgrade to" - query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )" + query="%22$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )%22" result="$(curl --silent -X 'GET' \ - "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \ -H 'accept: application/json' \ -H "authorization: token $ISSUE_TOKEN" )" @@ -126,10 +126,10 @@ fi if [ -f not_in_anitya ]; then query="Add missing $repo packages to anitya" - query="$(echo $query | sed 's| |%20|g')" + query="%22$(echo $query | sed 's| |%20|g')%22" result="$(curl --silent -X 'GET' \ - "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \ -H 'accept: application/json' \ -H "authorization: token $ISSUE_TOKEN" )" From a302ce60cd82943f5c4080ccd4aa1ff9f7dcc4d6 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 11 May 2025 12:33:55 -0400 Subject: [PATCH 139/184] qubes-libvchan-xen: do not depend directly on xen Depending on xen directly caused apk to update xen before qubes-libvchan-xen, thus causing failure to upgrade template due to apk proxying being broken. --- qubes-libvchan-xen/APKBUILD | 1 - 1 file changed, 1 deletion(-) diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index d1ebb7f..c88328d 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -8,7 +8,6 @@ pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" url="https://github.com/QubesOS/qubes-core-vchan-xen" license='GPL' -depends="xen" makedepends="xen-dev coreutils" builddir="$srcdir"/qubes-core-vchan-xen-$pkgver subpackages="$pkgname-dev" From 6c1620ebef9935ad0163542e24cdd45145708c44 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 11 May 2025 12:38:32 -0400 Subject: [PATCH 140/184] qubes-libvchan-xen: upgrade to 4.2.7 --- qubes-libvchan-xen/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index c88328d..301b715 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-libvchan-xen -pkgver=4.2.4 -pkgrel=2 +pkgver=4.2.7 +pkgrel=0 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" @@ -24,5 +24,5 @@ package() { } sha512sums=" -05b0d8964da1ba321aa7a7651f969692c470b8f9910f7324f10a54b0c6e43ae3270a26a6a49a0e26d5c50b14370b64fbfb340fe28b8f191a0a67c07aba0426c3 qubes-libvchan-xen-v4.2.4.tar.gz +e6d85407e40ca12df5042ed2ed98d77b6e7b88360e4d6369c3c781c06654246ea81ceabfeae5a506537259fcca3db46f1fc0f1ded5e04e38035601e060fe24ed qubes-libvchan-xen-v4.2.7.tar.gz " From d3b32bb176b0e04169a83dc382db4a974467e8d8 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 11 May 2025 12:40:47 -0400 Subject: [PATCH 141/184] qubes-vm-gui: upgrade to 4.3.6 --- qubes-vm-gui/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 03c8459..a5fd565 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -5,7 +5,7 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.3.4 +pkgver=4.3.6 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" @@ -116,7 +116,7 @@ pipewire() { } sha512sums=" -8d3ed290496ccb667020c53b2171f4616d8078c3e554ce32154ca32465594217d025ebd54dfc374c7e7c4a2d09c07bae445d56f23980c47424468555af584e9c qubes-vm-gui-v4.3.4.tar.gz +e6bad500fcb3c81e23e5645f95e1aae46935ccb97befe43cf1bb6cd781134896b3afbd447a9e8cbba41765962ef9b10a3c4b9a4df60b9853b59ea4772a18c718 qubes-vm-gui-v4.3.6.tar.gz f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc From e3d0ee018795ed11aef87916c7c81bc40b15614a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 11 May 2025 12:41:09 -0400 Subject: [PATCH 142/184] qubes-vm-gui-dev: upgrade to 4.3.1 --- qubes-vm-gui-dev/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-gui-dev/APKBUILD b/qubes-vm-gui-dev/APKBUILD index a6b5e38..df05fe1 100644 --- a/qubes-vm-gui-dev/APKBUILD +++ b/qubes-vm-gui-dev/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-gui-dev -pkgver=4.3.0 +pkgver=4.3.1 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="Common files for Qubes GUI - protocol headers." arch="noarch" url="https://github.com/QubesOS/qubes-gui-common" @@ -18,5 +18,5 @@ package() { cp include/*.h $pkgdir/usr/include/ } sha512sums=" -c1046fda6395c6c7907fa3d9c963089169e860d4e0f79c2cf7bafe8a673c93ac0aec3ca312f97510541127510dc7d2ad585949599ed1fffbb0758ff1098ea518 qubes-vm-gui-dev-v4.3.0.tar.gz +2961f3aaecd4af5a2b0a99624a0364441573e60867bd113e39a6c8b0b825f1f1947d7889ed39e8de63c238c2d6b06ff11b32680c7261a79a2185a9f2b320fc12 qubes-vm-gui-dev-v4.3.1.tar.gz " From 001a683c76ce84d1513397e31389993113a99d79 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 11 May 2025 12:42:09 -0400 Subject: [PATCH 143/184] qubes-vm-core: upgrade to 4.3.23 --- qubes-vm-core/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 23269d9..0c53f5b 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -8,7 +8,7 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.3.15 +pkgver=4.3.23 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." @@ -167,7 +167,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib } sha512sums=" -bf065cb5037ba8ef80b7c50dc9d37fb80e8337357496d3bfca8c052d34be29fa57e96e48af3a3354b93ac9adb81bd18ed00f32a91f7cee76867dbb4c4d446c79 qubes-vm-core-v4.3.15.tar.gz +6ff9944b07fd024512bb5d618d785abdb6d3519663fe5b580c8606b019ed5edef1fe01eb9619419f31ef7e1702367b4303faf5adf2905d5b9162e912b515698c qubes-vm-core-v4.3.23.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From cdbb385ff90f89be7c963c34fc48780bee29f284 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 11 May 2025 12:44:37 -0400 Subject: [PATCH 144/184] qubes-db-vm: upgrade to 4.3.1 --- qubes-db-vm/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index ad44bc7..fca1f47 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-db-vm subpackages="$pkgname-openrc" -pkgver=4.2.7 +pkgver=4.3.1 pkgrel=0 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." @@ -43,7 +43,7 @@ package() { install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db } sha512sums=" -f45fe0716395efa3c077498ff5eb3d0ec8c748ad7f77dee1641167ff93278ac30e117fcdc2d42f4befef8ce05776900172b565a8d443ddc1298cd48f62132b73 qubes-db-vm-v4.2.7.tar.gz +fcfa7321e1ca6af2943e900690695bde74e0b7e706e530ce92e297aeb036bbf9c12e191b7434ead4054690342a1c9ef517c6cf6e211debe5cc66474ceb57bd87 qubes-db-vm-v4.3.1.tar.gz af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207 0001-musl-build.patch 892eb29b9bab4d9e662678d13a5607df04cdb024c2f28332f40fa4b7c644476a4b26a9fc038dfcdac1e0b8d328165d21d50d894d2c1e27f792287dd57449e7eb 0001-create_pidfile.patch 6f48b4bee6a3517bdbb884bd6f7e21916e8438c5e8b8d9d1b1cfffe970c4549d941056f9022998ed7f9edb799d9b123564f01e69cdca7da241d0fb6a8e9a1c5e qubes-db.openrc From 69fcc1b99301b6dfdb3dbb57253dbdd72d4b9d7d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 11 May 2025 12:45:29 -0400 Subject: [PATCH 145/184] qubes-vm-utils: upgrade to 4.3.9 --- qubes-vm-utils/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index cf7653e..8c1b8f4 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -6,7 +6,7 @@ subpackages=" $pkgname-openrc $pkgname-pyc " -pkgver=4.3.7 +pkgver=4.3.9 pkgrel=0 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." @@ -59,6 +59,6 @@ support() { install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh } sha512sums=" -557a3f4d0e95f9e999367f103bfe80d4d5a9734bb841dc24cc67804641d805cfdee99ebef68b47027ae6bf255ca9e1fd15446d0f5aa21a906d10da43eb9a733a qubes-vm-utils-v4.3.7.tar.gz +523a54e4ea935cba67813e116aa29b3b441c3dddbe105fb744e159ed3c9487f5d98fcfb706a2965e7c1a3762e7bf4420d5cb24810bb7a28c3e398b8f922e4608 qubes-vm-utils-v4.3.9.tar.gz c29bac0c6b9a0c81ee42e88541d9216549276448a02c3005ea20d85c7eda483cee28bbc159098bd42badc7ed80058734311931ee4ef13e170e49f83cf3f5a9ae qubes-meminfo-writer.openrc " From 48148f983185ef416431acb7fd17b3cefcbba5b3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 11 May 2025 12:46:31 -0400 Subject: [PATCH 146/184] qubes-vm-qrexec: upgrade to 4.3.7 --- qubes-vm-qrexec/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 948e46c..cf319b0 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" -pkgver=4.3.1 +pkgver=4.3.7 _gittag="v$pkgver" pkgrel=0 pkgdesc="The Qubes qrexec files (qube side)" @@ -52,7 +52,7 @@ package() { install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent } sha512sums=" -f25d4a6ae587666bc2db6c42978779f6ea52bac10c17e399aed7cd99ecf9b6cedb48a2baa54386f8994c086a9f12b8ed6f8d911f63eee17f86c8e36c0ea7049c qubes-vm-qrexec-v4.3.1.tar.gz +1ca7854082a3181b9ccfd95f3c29ebf8a4a8fc5343783b67df872a761604e865ecccf5c6533760a08671ba9bd80aa749dbc986ea72ba0fb301a6d587f5a48623 qubes-vm-qrexec-v4.3.7.tar.gz e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc c3009ddb97656be7d0a78910217c852f0f9b20cd37b4537d99724e629bc87f1c675ada084eba3c641c4ae54dab8aacd87514d73de72f42d6ccc976e6255212bc makefile-remove-cc-cflags.patch 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch From ad1e4b3def234fa4a406e37e11aa071a1a5eb573 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 11 May 2025 12:47:22 -0400 Subject: [PATCH 147/184] qubes-meta-packages: upgrade to 4.3.2 --- qubes-meta-packages/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index 7f5f3f2..1341e2a 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -5,9 +5,9 @@ subpackages=" qubes-vm-dependencies qubes-vm-recommended " -pkgver=4.3.0 +pkgver=4.3.2 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="Meta packages for Qubes-specific components" arch="noarch" url="https://github.com/QubesOS/qubes-meta-packages" @@ -38,5 +38,5 @@ recommended() { mkdir -p "$subpkgdir" } sha512sums=" -7567bc7edd6a17315bb5a968ff512a7758ef9697d11ed5200f8ffefe7069b0ebbbb790bffdc7a8717b9707c24309bb6d83cfc6306eb1d48724480af36ba95594 qubes-meta-packages-v4.3.0 +de1ee62e90e9e6d3662cd30f4ddd0649c9fda270a7dbf7f3de9a83362f5c8440c9ef3e3e6779a08627d3280258a047237e184c220421a941332b1151dc8bfe68 qubes-meta-packages-v4.3.2 " From 83e9dbce8df75ca1be031516e8d6a5545c65c0ec Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 11 May 2025 13:15:22 -0400 Subject: [PATCH 148/184] qubes-gpg-split: upgrade to 2.0.77 --- qubes-gpg-split/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index ff37869..f33d4cc 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -2,9 +2,9 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-gpg-split subpackages="$pkgname-doc" -pkgver=2.0.75 +pkgver=2.0.77 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="Used Qubes AppVM as a “smart card”" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-split-gpg" @@ -31,5 +31,5 @@ package() { make install-vm DESTDIR="$pkgdir" } sha512sums=" -212b819c959d66c5b3e73d0c0765e348b97b278a3df45903fdeaab3de49f60c455044e664bd8a95393f5e800d75706fda4198a5ea36e9ab933250d606f8cabbd qubes-gpg-split-v2.0.75.tar.gz +8633ab824072825a12aaa48d79cf5c97df4162da4d62579d0ec65bbd661414e8df22701587994c3e8fe64c7a478f91368d8b155388d14514a8830eadc2587730 qubes-gpg-split-v2.0.77.tar.gz " From a7ffe0ba7326cbcc413a1aeab30d75b4334b28a3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 11 May 2025 13:14:31 -0400 Subject: [PATCH 149/184] qubes-input-proxy: upgrade to 1.0.41 --- qubes-input-proxy/APKBUILD | 8 ++++---- qubes-input-proxy/makefile_skip-systemd.patch | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index d52de09..0e8f3b3 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-input-proxy -pkgver=1.0.40 -_gittag=v$pkgver +pkgver=1.0.41 +_gittag="v$pkgver" pkgrel=0 pkgdesc="The Qubes service for proxying input devices" arch="x86_64" @@ -46,8 +46,8 @@ package() { install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender } sha512sums=" -0aba4db0bba20dd3bc7f152de08e31e31b71f9d2ccf41f52b2273807cb68f46841663c46f66bc422edc66e7557a7293d641d818517abbfad2c7147a720bf7022 qubes-input-proxy-v1.0.40.tar.gz +b4178939d6c6a328a3001f2cb871e1eaf344571cd03ea5371efa4211fc293461a8e146fc8e3ac660b2ded08a3a5d21247dfaef0e54fcb5e85e90229d29eaf11b qubes-input-proxy-v1.0.41.tar.gz e21e6ae680f98474cbb8b6213768ca1f8d5ffb0088173a387a309e1b40a9aabbb946f3201aa143088f144f13a5c85c3710b7ade1a1189655a08ed574e3d26df4 qubes-input-trigger_use-openrc.patch -21e7b95c94ec1a3f3499e79cf8b1931da2c3e33d8f1af2efe6b52b7e2678d4648bb0597b3a4a95cc10d0ca3cb83df93075b99cf1b615d8493a9e2fd21fb7f8f7 makefile_skip-systemd.patch +d199c586e146c0846169a04419fcd72764c528f6d270388927bf79273bddd50a307b40db8be482847a93de473553c3cea00fc7b08b5f93f3d79e0a3f8e620f64 makefile_skip-systemd.patch 2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299 qubes-input-sender.openrc " diff --git a/qubes-input-proxy/makefile_skip-systemd.patch b/qubes-input-proxy/makefile_skip-systemd.patch index 8fc8504..1c24467 100644 --- a/qubes-input-proxy/makefile_skip-systemd.patch +++ b/qubes-input-proxy/makefile_skip-systemd.patch @@ -13,6 +13,6 @@ index 22ec526..bf7e0ea 100644 - qubes-input-sender-mouse@.service \ - qubes-input-sender-tablet@.service \ - $(DESTDIR)$(USRLIBDIR)/systemd/system - install -d $(DESTDIR)$(LIBDIR)/udev/rules.d + install -d $(DESTDIR)$(USRLIBDIR)/udev/rules.d install -m 0644 qubes-input-proxy.rules \ - $(DESTDIR)$(LIBDIR)/udev/rules.d/90-qubes-input-proxy.rules + $(DESTDIR)$(USRLIBDIR)/udev/rules.d/90-qubes-input-proxy.rules From bcc832b2cedd5aeb7ef6111821416837ba22ccbc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 12 May 2025 08:42:07 -0400 Subject: [PATCH 150/184] qubes-libvchan-xen: link against non-versionned xen libraries Previous workaround to the xen upgrade race condition actually caused xen to be uninstalled on most systems, breaking the template. This is thus another approach at fixing the race condition by linking against non-versionned xen libraries. Thus, a minor version upgrade of xen will not cause libxenvchan.so to lose xen libraries. The linking process is changed by adding a step before linking where ld is linked against libraries where DT_SONAME has been patched with patchelf. This is not an elegant solution, but it does work. Ideally, we would find a way for seamless upgrading of xen while the proxy is up. --- qubes-libvchan-xen/APKBUILD | 20 ++++++++++++++++--- .../link-against-patched-libs.patch | 13 ++++++++++++ 2 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 qubes-libvchan-xen/link-against-patched-libs.patch diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index 301b715..88642dc 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -2,17 +2,30 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-libvchan-xen pkgver=4.2.7 -pkgrel=0 +pkgrel=1 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" url="https://github.com/QubesOS/qubes-core-vchan-xen" license='GPL' -makedepends="xen-dev coreutils" +depends="xen xen-dev" +makedepends="xen-dev coreutils patchelf" builddir="$srcdir"/qubes-core-vchan-xen-$pkgver subpackages="$pkgname-dev" -source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz" +source=" + $pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz + link-against-patched-libs.patch + " + +prepare() { + default_prepare + cd "$builddir"/vchan + for i in libxenvchan.so libxenctrl.so; do + cp /usr/lib/$i ./ + patchelf --set-soname $i $i + done +} build() { cd "$builddir"/vchan @@ -25,4 +38,5 @@ package() { sha512sums=" e6d85407e40ca12df5042ed2ed98d77b6e7b88360e4d6369c3c781c06654246ea81ceabfeae5a506537259fcca3db46f1fc0f1ded5e04e38035601e060fe24ed qubes-libvchan-xen-v4.2.7.tar.gz +db33b54121b172dfdbfddb620d56998f1be893608c23b5fbdfe373005650ab012c0462a4a01d8da12611c22c0bb9877c7b42f0bf58871dfc4474386c44ab2249 link-against-patched-libs.patch " diff --git a/qubes-libvchan-xen/link-against-patched-libs.patch b/qubes-libvchan-xen/link-against-patched-libs.patch new file mode 100644 index 0000000..b6a512f --- /dev/null +++ b/qubes-libvchan-xen/link-against-patched-libs.patch @@ -0,0 +1,13 @@ +diff --git a/vchan/Makefile.linux.orig b/vchan/Makefile.linux +index 587cb34..cccb5de 100644 +--- a/vchan/Makefile.linux.orig ++++ b/vchan/Makefile.linux +@@ -34,7 +34,7 @@ CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \ + SO_VER = 1 + + libvchan-xen.so.$(SO_VER): init.o io.o +- $(CC) $(LDFLAGS) -Wl,-soname,$@ -shared -o $@ $^ -lxenvchan -lxenctrl -lxenstore ++ $(CC) $(LDFLAGS) -Wl,-soname,$@ -shared -o $@ $^ ./libxenvchan.so ./libxenctrl.so -lxenstore + + libvchan-xen.so: libvchan-xen.so.$(SO_VER) + ln -sf $< $@ From fbd9be6e89cdf2336547c76d98ac1af8566109ac Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 27 May 2025 16:27:16 -0400 Subject: [PATCH 151/184] ci: drop v3.20 workflow, add v3.22 workflow --- .../workflows/{build-v3.20.yaml => build-v3.22.yaml} | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) rename .forgejo/workflows/{build-v3.20.yaml => build-v3.22.yaml} (93%) diff --git a/.forgejo/workflows/build-v3.20.yaml b/.forgejo/workflows/build-v3.22.yaml similarity index 93% rename from .forgejo/workflows/build-v3.20.yaml rename to .forgejo/workflows/build-v3.22.yaml index 5248198..e349cc5 100644 --- a/.forgejo/workflows/build-v3.20.yaml +++ b/.forgejo/workflows/build-v3.22.yaml @@ -3,7 +3,7 @@ on: types: [ assigned, opened, synchronize, reopened ] jobs: - build-v3.20: + build-v3.22: runs-on: x86_64 container: image: alpinelinux/alpine-gitlab-ci:latest @@ -12,7 +12,7 @@ jobs: CI_DEBUG_BUILD: ${{ runner.debug }} CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }} CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }} - CI_ALPINE_TARGET: v3.20 + CI_ALPINE_TARGET: v3.22 steps: - name: Environment setup run: | @@ -32,13 +32,13 @@ jobs: name: package path: packages - deploy-v3.20: - needs: [build-v3.20] + deploy-v3.22: + needs: [build-v3.22] runs-on: x86_64 container: image: alpine:latest env: - CI_ALPINE_TARGET: v3.20 + CI_ALPINE_TARGET: v3.22 CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine' FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }} FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }} From e191cf780286374d9653bbc8088fee5d4df76964 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 27 May 2025 16:29:44 -0400 Subject: [PATCH 152/184] *: rebuild for v3.22 --- qubes-app-linux-druide-antidote/APKBUILD | 2 +- qubes-db-vm/APKBUILD | 2 +- qubes-gpg-split/APKBUILD | 2 +- qubes-input-proxy/APKBUILD | 2 +- qubes-libvchan-xen/APKBUILD | 2 +- qubes-meta-packages/APKBUILD | 2 +- qubes-pass/APKBUILD | 2 +- qubes-usb-proxy/APKBUILD | 2 +- qubes-vm-core/APKBUILD | 2 +- qubes-vm-gui-dev/APKBUILD | 2 +- qubes-vm-gui/APKBUILD | 2 +- qubes-vm-qrexec/APKBUILD | 2 +- qubes-vm-utils/APKBUILD | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/qubes-app-linux-druide-antidote/APKBUILD b/qubes-app-linux-druide-antidote/APKBUILD index cf111c5..161d706 100644 --- a/qubes-app-linux-druide-antidote/APKBUILD +++ b/qubes-app-linux-druide-antidote/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-app-linux-druide-antidote pkgver=0.0.1_git20240201 _gittag=c724c88aa2a20b1e422b464499015ff05753316d -pkgrel=3 +pkgrel=4 arch="noarch" pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file" url=https://github.com/neowutran/qubes-app-linux-druide-antidote diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index fca1f47..c7f8e41 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-db-vm subpackages="$pkgname-openrc" pkgver=4.3.1 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." arch="x86_64" diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index f33d4cc..3bc1b4c 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-gpg-split subpackages="$pkgname-doc" pkgver=2.0.77 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Used Qubes AppVM as a “smart card”" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-split-gpg" diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index 0e8f3b3..b8f4cc6 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-input-proxy pkgver=1.0.41 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes service for proxying input devices" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-input-proxy" diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index 88642dc..0e66336 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-libvchan-xen pkgver=4.2.7 -pkgrel=1 +pkgrel=2 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index 1341e2a..72f923b 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -7,7 +7,7 @@ subpackages=" " pkgver=4.3.2 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Meta packages for Qubes-specific components" arch="noarch" url="https://github.com/QubesOS/qubes-meta-packages" diff --git a/qubes-pass/APKBUILD b/qubes-pass/APKBUILD index 98f74cb..67e0b60 100644 --- a/qubes-pass/APKBUILD +++ b/qubes-pass/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-pass pkgver=0.1.0 _gittag="v$pkgver" -pkgrel=5 +pkgrel=6 pkgdesc="An inter-VM password manager for Qubes OS" arch="noarch" url="https://github.com/Rudd-O/qubes-pass" diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index e2e4821..28ea822 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-usb-proxy pkgver=4.3.0 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 0c53f5b..6b8af0a 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,7 +9,7 @@ subpackages=" $pkgname-pyc " pkgver=4.3.23 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" diff --git a/qubes-vm-gui-dev/APKBUILD b/qubes-vm-gui-dev/APKBUILD index df05fe1..3eccd86 100644 --- a/qubes-vm-gui-dev/APKBUILD +++ b/qubes-vm-gui-dev/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-vm-gui-dev pkgver=4.3.1 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Common files for Qubes GUI - protocol headers." arch="noarch" url="https://github.com/QubesOS/qubes-gui-common" diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index a5fd565..08abccc 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -6,7 +6,7 @@ subpackages=" qubes-vm-pipewire $pkgname-openrc" pkgver=4.3.6 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index cf319b0..11261e1 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" pkgver=4.3.7 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 8c1b8f4..9ae5f81 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -7,7 +7,7 @@ subpackages=" $pkgname-pyc " pkgver=4.3.9 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" From 192737e9c3c10dce488187dbbf59c6cad65e2523 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Jul 2025 19:27:42 -0400 Subject: [PATCH 153/184] qubes-vm-gui: upgrade to 4.3.8 --- qubes-vm-gui/APKBUILD | 9 +++++---- qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch | 5 +++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 08abccc..49df4e0 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -5,8 +5,8 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.3.6 -pkgrel=1 +pkgver=4.3.8 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" @@ -28,6 +28,7 @@ makedepends=" libxcomposite-dev libxt linux-pam-dev + libunistring-dev lsb-release-minimal make patch @@ -116,11 +117,11 @@ pipewire() { } sha512sums=" -e6bad500fcb3c81e23e5645f95e1aae46935ccb97befe43cf1bb6cd781134896b3afbd447a9e8cbba41765962ef9b10a3c4b9a4df60b9853b59ea4772a18c718 qubes-vm-gui-v4.3.6.tar.gz +9fbb5cbbc7f1669d1c26a37de3f1459503f86fdebde56355ea653159de617123ba0014a4cc38dffe9ea4f6ce86f5e853fedde9c49850cd75fc3b520c96953f58 qubes-vm-gui-v4.3.8.tar.gz f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0 qubes-sessions.sh b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7 qubes-gui-agent.pam -5d44bed65772e0300cfdb5960327ccff923159f1c0c6b980a3b37758a7330f5d8befa3c053990f6e5e7d2e71bf0eca047040439446a8b91bb1c2672e9e1497a0 qubes-sessions_do-not-use-systemd.patch +ebd169122c4de1eb2a293eef7f462557abc45d98c696677afe3b18d5a372eb3fc9c42b4eba6718eb22abdf71a1d6885a8f3e1254ce342ffa5ad630f662503925 qubes-sessions_do-not-use-systemd.patch " diff --git a/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch b/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch index 1dedcc4..6682e22 100644 --- a/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch +++ b/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch @@ -1,8 +1,8 @@ diff --git a/appvm-scripts/usrbin/qubes-session.orig b/appvm-scripts/usrbin/qubes-session -index cacac4b..e5bedc2 100755 +index 4417ba7..e5bedc2 100755 --- a/appvm-scripts/usrbin/qubes-session.orig +++ b/appvm-scripts/usrbin/qubes-session -@@ -27,16 +27,6 @@ +@@ -27,17 +27,6 @@ loginctl activate "$XDG_SESSION_ID" @@ -14,6 +14,7 @@ index cacac4b..e5bedc2 100755 -set -a # export all variables -env=$(systemctl --user show-environment) && eval "$env" || exit -set +a +-unset env - - if qsvc guivm-gui-agent; then From 42e3608eb3a12e5ec691e7df364d8efe4a37a8ac Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Jul 2025 18:53:41 -0400 Subject: [PATCH 154/184] qubes-gpg-split: upgrade to 2.0.78 --- qubes-gpg-split/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index 3bc1b4c..60f378e 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-gpg-split subpackages="$pkgname-doc" -pkgver=2.0.77 +pkgver=2.0.78 _gittag="v$pkgver" pkgrel=1 pkgdesc="Used Qubes AppVM as a “smart card”" @@ -31,5 +31,5 @@ package() { make install-vm DESTDIR="$pkgdir" } sha512sums=" -8633ab824072825a12aaa48d79cf5c97df4162da4d62579d0ec65bbd661414e8df22701587994c3e8fe64c7a478f91368d8b155388d14514a8830eadc2587730 qubes-gpg-split-v2.0.77.tar.gz +c65feec105df442dd531f0453d9d9cfa8b7e84bd73c8823427c60bb757ac823f0912c964bdfcd64348343cb03266cadd5cc179f17e6d91b0376d8c2883776712 qubes-gpg-split-v2.0.78.tar.gz " From f0ee96b39306f463cd79c51f95f9bdaf60eb54f2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Jul 2025 19:18:53 -0400 Subject: [PATCH 155/184] qubes-vm-utils: upgrade to 4.3.11 --- qubes-vm-utils/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 9ae5f81..6db3eda 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -6,8 +6,8 @@ subpackages=" $pkgname-openrc $pkgname-pyc " -pkgver=4.3.9 -pkgrel=1 +pkgver=4.3.11 +pkgrel=0 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" @@ -59,6 +59,6 @@ support() { install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh } sha512sums=" -523a54e4ea935cba67813e116aa29b3b441c3dddbe105fb744e159ed3c9487f5d98fcfb706a2965e7c1a3762e7bf4420d5cb24810bb7a28c3e398b8f922e4608 qubes-vm-utils-v4.3.9.tar.gz +76dd3e8eba8751cec090d012e654706be5f94e9334bc5f86796f9be16ea931c64a8c52ecbe6f225b8abdb47bd55368984cc2fd3797fe714af3cd13c572ae9089 qubes-vm-utils-v4.3.11.tar.gz c29bac0c6b9a0c81ee42e88541d9216549276448a02c3005ea20d85c7eda483cee28bbc159098bd42badc7ed80058734311931ee4ef13e170e49f83cf3f5a9ae qubes-meminfo-writer.openrc " From b7c9b7e09a5c03d3386309ee20a5f2b8242e3843 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Jul 2025 19:19:45 -0400 Subject: [PATCH 156/184] qubes-vm-qrexec: upgrade to 4.3.10 --- qubes-vm-qrexec/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 11261e1..ee8de3b 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -2,9 +2,9 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" -pkgver=4.3.7 +pkgver=4.3.10 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" @@ -52,7 +52,7 @@ package() { install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent } sha512sums=" -1ca7854082a3181b9ccfd95f3c29ebf8a4a8fc5343783b67df872a761604e865ecccf5c6533760a08671ba9bd80aa749dbc986ea72ba0fb301a6d587f5a48623 qubes-vm-qrexec-v4.3.7.tar.gz +6b3d72d384e65436c04a89ec504822a1ae952f39f8660f8ad65af677207a302ca355ae8904430673a902779e0df3b548b62c6eda52171adb0e5a8552e1d1f7eb qubes-vm-qrexec-v4.3.10.tar.gz e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc c3009ddb97656be7d0a78910217c852f0f9b20cd37b4537d99724e629bc87f1c675ada084eba3c641c4ae54dab8aacd87514d73de72f42d6ccc976e6255212bc makefile-remove-cc-cflags.patch 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch From 2d91a0e8ace88be8039c64f6967f2778dd7e4b1a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Jul 2025 19:20:26 -0400 Subject: [PATCH 157/184] qubes-input-proxy: upgrade to 1.0.42 --- qubes-input-proxy/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index b8f4cc6..b9775ef 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-input-proxy -pkgver=1.0.41 +pkgver=1.0.42 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="The Qubes service for proxying input devices" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-input-proxy" @@ -46,7 +46,7 @@ package() { install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender } sha512sums=" -b4178939d6c6a328a3001f2cb871e1eaf344571cd03ea5371efa4211fc293461a8e146fc8e3ac660b2ded08a3a5d21247dfaef0e54fcb5e85e90229d29eaf11b qubes-input-proxy-v1.0.41.tar.gz +f7d33793c406069d63f2e61f8d8425fedba18ae6ab5b507f66e6f869fdc27e201c57ac60f7d10014601e35f08c6a86da3c3123c805f2802a8f15e3f1d13a3f9c qubes-input-proxy-v1.0.42.tar.gz e21e6ae680f98474cbb8b6213768ca1f8d5ffb0088173a387a309e1b40a9aabbb946f3201aa143088f144f13a5c85c3710b7ade1a1189655a08ed574e3d26df4 qubes-input-trigger_use-openrc.patch d199c586e146c0846169a04419fcd72764c528f6d270388927bf79273bddd50a307b40db8be482847a93de473553c3cea00fc7b08b5f93f3d79e0a3f8e620f64 makefile_skip-systemd.patch 2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299 qubes-input-sender.openrc From b68dd71646a2e51f8fe70a7ab6aa37953272ad2e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 10 Jul 2025 19:22:55 -0400 Subject: [PATCH 158/184] qubes-vm-core: upgrade to 4.3.27 --- qubes-vm-core/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index 6b8af0a..ed025c5 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -8,8 +8,8 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.3.23 -pkgrel=1 +pkgver=4.3.27 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -167,7 +167,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib } sha512sums=" -6ff9944b07fd024512bb5d618d785abdb6d3519663fe5b580c8606b019ed5edef1fe01eb9619419f31ef7e1702367b4303faf5adf2905d5b9162e912b515698c qubes-vm-core-v4.3.23.tar.gz +5d308411c9d01ee80853cab6cc53902c7109543e237a7944ea234849f84f2e487c8e6b9ce0a2802e369ec7f677edc20b77a2585181c7a273fc7979402de07208 qubes-vm-core-v4.3.27.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From f0353acae6130afc700be2ebed360b787e0b18c0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 24 Aug 2025 14:15:14 -0400 Subject: [PATCH 159/184] qubes-usb-proxy: upgrade to 4.3.2 --- qubes-usb-proxy/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index 28ea822..cb6ec16 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-usb-proxy -pkgver=4.3.0 +pkgver=4.3.2 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" @@ -37,6 +37,6 @@ package() { echo "vhci-hcd" > "$pkgdir"/etc/modules-load.d/qubes-usb-proxy.conf } sha512sums=" -b193a4df3b0281b2619528ac0a6542a47bd7204a073c9f0cb7c17233d0537f742eb83a58d591fc0e2599aea1a4783f07c7c90dcccdf08fa5845d36e14adae1e3 qubes-usb-proxy-v4.3.0.tar.gz +e243612c3e0856f140baed274ce578c463b07f87d43074a333b09eecd5637b6b0dbcbcad693bb834bbfb5f879463886e722018154802852364ee965623a2a619 qubes-usb-proxy-v4.3.2.tar.gz c6519982f7eef8586ee823dc96efa7b1b90f489114edcc348bc5221837090d19a2a3533eac83e3269ba68c2cf24447c018e0ac850ed1423a1280ebae364223fa usb-import-alpine-udevadm.patch " From 9003bba1a7ed8eb65f18a3ed3dc23825c8d9b1fb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 24 Aug 2025 16:01:02 -0400 Subject: [PATCH 160/184] qubes-vm-gui: upgrade to 4.3.10 --- qubes-vm-gui/0001-musl-build.patch | 13 +++++++------ qubes-vm-gui/APKBUILD | 6 +++--- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/qubes-vm-gui/0001-musl-build.patch b/qubes-vm-gui/0001-musl-build.patch index c14f2e8..02c7d3d 100644 --- a/qubes-vm-gui/0001-musl-build.patch +++ b/qubes-vm-gui/0001-musl-build.patch @@ -7,18 +7,19 @@ Subject: [PATCH 1/1] musl build gui-agent/vmside.c | 1 + 1 file changed, 1 insertion(+) -diff --git a/gui-agent/vmside.c b/gui-agent/vmside.c -index fd76f4d..89a41c8 100644 ---- a/gui-agent/vmside.c +diff --git a/gui-agent/vmside.c.orig b/gui-agent/vmside.c +index 09286c5..cc9ec8b 100644 +--- a/gui-agent/vmside.c.orig +++ b/gui-agent/vmside.c -@@ -50,6 +50,7 @@ +@@ -51,6 +51,7 @@ #include "list.h" #include "error.h" #include "encoding.h" +#include + #include "unix-addr.h" #include - - /* Get the size of an array. Error out on pointers. */ + #include + -- 2.35.1 diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 49df4e0..67326fe 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -5,7 +5,7 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.3.8 +pkgver=4.3.10 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" @@ -117,8 +117,8 @@ pipewire() { } sha512sums=" -9fbb5cbbc7f1669d1c26a37de3f1459503f86fdebde56355ea653159de617123ba0014a4cc38dffe9ea4f6ce86f5e853fedde9c49850cd75fc3b520c96953f58 qubes-vm-gui-v4.3.8.tar.gz -f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch +0a1dcf724224f8e03a5d847a5f1d6270237f48f9e434d63cdb6d386205439c78163a7ca742d04d4f02d472fb002e045333b0d31799b62d68c4cf50ec3f68383f qubes-vm-gui-v4.3.10.tar.gz +1a97b45ecb53926dcf840ea6954529002a6dfe3474cbe0a224dbb397d7fa91d8f08a819a2054be60883e02749b9904c128d0a226f66827dd3b7a29068662549a 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0 qubes-sessions.sh From 752906bbb3f2ffbb84da63a27e93b5b11e27dd7a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 24 Aug 2025 14:16:49 -0400 Subject: [PATCH 161/184] qubes-input-proxy: upgrade to 1.0.43 --- qubes-input-proxy/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index b9775ef..ebac7be 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-input-proxy -pkgver=1.0.42 +pkgver=1.0.43 _gittag="v$pkgver" pkgrel=0 pkgdesc="The Qubes service for proxying input devices" @@ -46,7 +46,7 @@ package() { install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender } sha512sums=" -f7d33793c406069d63f2e61f8d8425fedba18ae6ab5b507f66e6f869fdc27e201c57ac60f7d10014601e35f08c6a86da3c3123c805f2802a8f15e3f1d13a3f9c qubes-input-proxy-v1.0.42.tar.gz +b113c62926b78e4d5df0194e0e3770fb8fdd9e6009dc9982c62c77a592b494fdd14d5babc1e3da660c385503a6e78eea6950818e8722208f752c02ac04b7035f qubes-input-proxy-v1.0.43.tar.gz e21e6ae680f98474cbb8b6213768ca1f8d5ffb0088173a387a309e1b40a9aabbb946f3201aa143088f144f13a5c85c3710b7ade1a1189655a08ed574e3d26df4 qubes-input-trigger_use-openrc.patch d199c586e146c0846169a04419fcd72764c528f6d270388927bf79273bddd50a307b40db8be482847a93de473553c3cea00fc7b08b5f93f3d79e0a3f8e620f64 makefile_skip-systemd.patch 2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299 qubes-input-sender.openrc From ed188488b1e8a37e1c96d1071182d0e3e2852067 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 24 Aug 2025 14:17:51 -0400 Subject: [PATCH 162/184] qubes-gpg-split: upgrade to 2.0.79 --- qubes-gpg-split/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index 60f378e..7824a73 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -2,9 +2,9 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-gpg-split subpackages="$pkgname-doc" -pkgver=2.0.78 +pkgver=2.0.79 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="Used Qubes AppVM as a “smart card”" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-split-gpg" @@ -31,5 +31,5 @@ package() { make install-vm DESTDIR="$pkgdir" } sha512sums=" -c65feec105df442dd531f0453d9d9cfa8b7e84bd73c8823427c60bb757ac823f0912c964bdfcd64348343cb03266cadd5cc179f17e6d91b0376d8c2883776712 qubes-gpg-split-v2.0.78.tar.gz +9ab1295047d5ba52225c984529f11231cf8b458615e0a1188de9f02ca6000c359858c24be5f28c6e117879fa6c55443ecc53bd0f15e1c342a45b5438cb1b39bc qubes-gpg-split-v2.0.79.tar.gz " From 05e8309342ddc6a320c57567420f1a3ae95a27fc Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 24 Aug 2025 14:18:34 -0400 Subject: [PATCH 163/184] qubes-vm-core: upgrade to 4.3.29 --- qubes-vm-core/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index ed025c5..c599600 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -8,7 +8,7 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.3.27 +pkgver=4.3.29 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." @@ -167,7 +167,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib } sha512sums=" -5d308411c9d01ee80853cab6cc53902c7109543e237a7944ea234849f84f2e487c8e6b9ce0a2802e369ec7f677edc20b77a2585181c7a273fc7979402de07208 qubes-vm-core-v4.3.27.tar.gz +add53d1490f5b418bd742ebb507500719aad72597826f36bfa88e13f3a15ac96eb21f1b0e795d2b6e7f09ae6554657647a026c9cd07094abca89d2c0a03c75cf qubes-vm-core-v4.3.29.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From 9d4bc81ddc66b72a41aa9ec26cd074eee76e0f82 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 24 Aug 2025 14:19:17 -0400 Subject: [PATCH 164/184] qubes-meta-packages: upgrade to 4.3.3 --- qubes-meta-packages/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index 72f923b..2a41111 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -5,9 +5,9 @@ subpackages=" qubes-vm-dependencies qubes-vm-recommended " -pkgver=4.3.2 +pkgver=4.3.3 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="Meta packages for Qubes-specific components" arch="noarch" url="https://github.com/QubesOS/qubes-meta-packages" @@ -38,5 +38,5 @@ recommended() { mkdir -p "$subpkgdir" } sha512sums=" -de1ee62e90e9e6d3662cd30f4ddd0649c9fda270a7dbf7f3de9a83362f5c8440c9ef3e3e6779a08627d3280258a047237e184c220421a941332b1151dc8bfe68 qubes-meta-packages-v4.3.2 +8d369417dfcf1875009565f13ca5665a6d14db274b8247632450d1f79f2493b97d1341b651d7a13329e3b1f0ceb2d185cf9167c14f9e4a69201f2bfb4ef99505 qubes-meta-packages-v4.3.3 " From 5e37860dfee9538cd512da19ee543f2b2534e752 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 11 Jul 2025 21:21:36 -0400 Subject: [PATCH 165/184] qubes-vm-utils: update openrc for new bin location --- qubes-vm-utils/APKBUILD | 4 ++-- qubes-vm-utils/qubes-meminfo-writer.openrc | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 6db3eda..27cdc09 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -7,7 +7,7 @@ subpackages=" $pkgname-pyc " pkgver=4.3.11 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" @@ -60,5 +60,5 @@ support() { } sha512sums=" 76dd3e8eba8751cec090d012e654706be5f94e9334bc5f86796f9be16ea931c64a8c52ecbe6f225b8abdb47bd55368984cc2fd3797fe714af3cd13c572ae9089 qubes-vm-utils-v4.3.11.tar.gz -c29bac0c6b9a0c81ee42e88541d9216549276448a02c3005ea20d85c7eda483cee28bbc159098bd42badc7ed80058734311931ee4ef13e170e49f83cf3f5a9ae qubes-meminfo-writer.openrc +288636ea0ea9bda0560478f487b8f5491c2767c6460e7f4f04f653aee0121920c8d823d12e537e26cbecf4909336f6e0c360bbc221ed39407fe3f09f23462acd qubes-meminfo-writer.openrc " diff --git a/qubes-vm-utils/qubes-meminfo-writer.openrc b/qubes-vm-utils/qubes-meminfo-writer.openrc index eae50a0..996c0f8 100644 --- a/qubes-vm-utils/qubes-meminfo-writer.openrc +++ b/qubes-vm-utils/qubes-meminfo-writer.openrc @@ -3,7 +3,7 @@ name=$RC_SVCNAME cfgfile="/etc/qubes/$RC_SVCNAME.conf" pidfile="/var/run/meminfo-writer.pid" -command="/usr/sbin/meminfo-writer" +command="/usr/bin/meminfo-writer" command_args="30000 100000 $pidfile" command_user="root" start_stop_daemon_args="" From 9be63bdcee1025cb43399d1afd1f5de9869db1d2 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 25 Aug 2025 00:43:41 -0400 Subject: [PATCH 166/184] qubes-db-vm: fix openrc bin location --- qubes-db-vm/APKBUILD | 4 ++-- qubes-db-vm/qubes-db.openrc | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index c7f8e41..16f94f4 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-db-vm subpackages="$pkgname-openrc" pkgver=4.3.1 -pkgrel=1 +pkgrel=2 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." arch="x86_64" @@ -46,5 +46,5 @@ sha512sums=" fcfa7321e1ca6af2943e900690695bde74e0b7e706e530ce92e297aeb036bbf9c12e191b7434ead4054690342a1c9ef517c6cf6e211debe5cc66474ceb57bd87 qubes-db-vm-v4.3.1.tar.gz af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207 0001-musl-build.patch 892eb29b9bab4d9e662678d13a5607df04cdb024c2f28332f40fa4b7c644476a4b26a9fc038dfcdac1e0b8d328165d21d50d894d2c1e27f792287dd57449e7eb 0001-create_pidfile.patch -6f48b4bee6a3517bdbb884bd6f7e21916e8438c5e8b8d9d1b1cfffe970c4549d941056f9022998ed7f9edb799d9b123564f01e69cdca7da241d0fb6a8e9a1c5e qubes-db.openrc +e8c8dc6975d5b59a2afed0e397dca008c95ae747a5e5dedb4b847bbd876d9d50e937d9ed3b8ea08592c8d0e05e7929d1a85467a72c4d45175ef77236a0c3fdec qubes-db.openrc " diff --git a/qubes-db-vm/qubes-db.openrc b/qubes-db-vm/qubes-db.openrc index eac5e5e..e0e0cd2 100644 --- a/qubes-db-vm/qubes-db.openrc +++ b/qubes-db-vm/qubes-db.openrc @@ -2,7 +2,7 @@ name=$RC_SVCNAME cfgfile="/etc/qubes/$RC_SVCNAME.conf" -command="/usr/sbin/qubesdb-daemon" +command="/usr/bin/qubesdb-daemon" command_args="0" command_user="root" pidfile="/run/qubes/$RC_SVCNAME.pid" From 09f33955aa0c8357c499725501b017189ef46af4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 7 Sep 2025 13:13:10 -0400 Subject: [PATCH 167/184] ci: update upload-artifacts URL --- .forgejo/workflows/build-edge.yaml | 4 ++-- .forgejo/workflows/build-v3.21.yaml | 4 ++-- .forgejo/workflows/build-v3.22.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.forgejo/workflows/build-edge.yaml b/.forgejo/workflows/build-edge.yaml index dcb6dc4..3ed95e3 100644 --- a/.forgejo/workflows/build-edge.yaml +++ b/.forgejo/workflows/build-edge.yaml @@ -27,7 +27,7 @@ jobs: - name: Package build run: ${{ github.workspace }}/.forgejo/bin/build.sh - name: Package upload - uses: forgejo/upload-artifact@v3 + uses: actions/upload-artifact@v3 with: name: package path: packages @@ -48,6 +48,6 @@ jobs: - name: Repo pull uses: actions/checkout@v4 - name: Package download - uses: forgejo/download-artifact@v3 + uses: actions/download-artifact@v3 - name: Package deployment run: ${{ github.workspace }}/.forgejo/bin/deploy.sh diff --git a/.forgejo/workflows/build-v3.21.yaml b/.forgejo/workflows/build-v3.21.yaml index 0134ce6..85aa629 100644 --- a/.forgejo/workflows/build-v3.21.yaml +++ b/.forgejo/workflows/build-v3.21.yaml @@ -27,7 +27,7 @@ jobs: - name: Package build run: ${{ github.workspace }}/.forgejo/bin/build.sh - name: Package upload - uses: forgejo/upload-artifact@v3 + uses: actions/upload-artifact@v3 with: name: package path: packages @@ -48,6 +48,6 @@ jobs: - name: Repo pull uses: actions/checkout@v4 - name: Package download - uses: forgejo/download-artifact@v3 + uses: actions/download-artifact@v3 - name: Package deployment run: ${{ github.workspace }}/.forgejo/bin/deploy.sh diff --git a/.forgejo/workflows/build-v3.22.yaml b/.forgejo/workflows/build-v3.22.yaml index e349cc5..76060ab 100644 --- a/.forgejo/workflows/build-v3.22.yaml +++ b/.forgejo/workflows/build-v3.22.yaml @@ -27,7 +27,7 @@ jobs: - name: Package build run: ${{ github.workspace }}/.forgejo/bin/build.sh - name: Package upload - uses: forgejo/upload-artifact@v3 + uses: actions/upload-artifact@v3 with: name: package path: packages @@ -48,6 +48,6 @@ jobs: - name: Repo pull uses: actions/checkout@v4 - name: Package download - uses: forgejo/download-artifact@v3 + uses: actions/download-artifact@v3 - name: Package deployment run: ${{ github.workspace }}/.forgejo/bin/deploy.sh From ff93c04f63d568c4ec7813342fdc6ffa27e8f13d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 7 Sep 2025 13:06:02 -0400 Subject: [PATCH 168/184] qubes-vm-qrexec: upgrade to 4.3.11, qubes-session now sources /etc/profile --- qubes-vm-gui/APKBUILD | 2 +- qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch | 9 +++++---- qubes-vm-qrexec/APKBUILD | 4 ++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 67326fe..7234e1f 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -123,5 +123,5 @@ sha512sums=" 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0 qubes-sessions.sh b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7 qubes-gui-agent.pam -ebd169122c4de1eb2a293eef7f462557abc45d98c696677afe3b18d5a372eb3fc9c42b4eba6718eb22abdf71a1d6885a8f3e1254ce342ffa5ad630f662503925 qubes-sessions_do-not-use-systemd.patch +256bab24dbec885241d0bc52be76bdaa5f5c695275828e5deb4115177d58e255e459c0fc45f9a3f16c12e77afbd1ab43fafee05cb3690e248f5fabb4741e6640 qubes-sessions_do-not-use-systemd.patch " diff --git a/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch b/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch index 6682e22..2cfc7d2 100644 --- a/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch +++ b/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch @@ -1,8 +1,8 @@ diff --git a/appvm-scripts/usrbin/qubes-session.orig b/appvm-scripts/usrbin/qubes-session -index 4417ba7..e5bedc2 100755 +index 4417ba7..31840ef 100755 --- a/appvm-scripts/usrbin/qubes-session.orig +++ b/appvm-scripts/usrbin/qubes-session -@@ -27,17 +27,6 @@ +@@ -27,16 +27,8 @@ loginctl activate "$XDG_SESSION_ID" @@ -16,7 +16,8 @@ index 4417ba7..e5bedc2 100755 -set +a -unset env - -- ++# source profile instead of getting env variables from systemctl ++. /etc/profile + if qsvc guivm-gui-agent; then if [ -e "$HOME/.xinitrc" ]; then - . "$HOME/.xinitrc" diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index ee8de3b..514d73b 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" -pkgver=4.3.10 +pkgver=4.3.11 _gittag="v$pkgver" pkgrel=0 pkgdesc="The Qubes qrexec files (qube side)" @@ -52,7 +52,7 @@ package() { install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent } sha512sums=" -6b3d72d384e65436c04a89ec504822a1ae952f39f8660f8ad65af677207a302ca355ae8904430673a902779e0df3b548b62c6eda52171adb0e5a8552e1d1f7eb qubes-vm-qrexec-v4.3.10.tar.gz +316f2608294b4e351f74962a23664f545ccf535c4b77e432335ceb5f937dc8655d82dffe37a8ce3ec7f004130a565feeb1a5ee345736cce7d059c591dc61e765 qubes-vm-qrexec-v4.3.11.tar.gz e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc c3009ddb97656be7d0a78910217c852f0f9b20cd37b4537d99724e629bc87f1c675ada084eba3c641c4ae54dab8aacd87514d73de72f42d6ccc976e6255212bc makefile-remove-cc-cflags.patch 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch From f829d52c2166226a0a4b4b364775cdd56a14db35 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 7 Sep 2025 13:17:30 -0400 Subject: [PATCH 169/184] git-remote-qubes: new aport --- git-remote-qubes/APKBUILD | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 git-remote-qubes/APKBUILD diff --git a/git-remote-qubes/APKBUILD b/git-remote-qubes/APKBUILD new file mode 100644 index 0000000..dbbe729 --- /dev/null +++ b/git-remote-qubes/APKBUILD @@ -0,0 +1,23 @@ +# Maintainer: Antoine Martin (ayakael) +pkgname=git-remote-qubes +pkgver=0.1.1 +pkgrel=0 +pkgdesc="Inter-VM Git for Qubes OS" +url="https://github.com/Rudd-O/git-remote-qubes" +license="GPL-3.0-only" +source="$pkgname-$pkgver.tar.gz::https://github.com/Rudd-O/git-remote-qubes/archive/refs/tags/v$pkgver.tar.gz" +arch="noarch" +makedepends="python3" + +build() { + local site_packages=$(python -c "import site; print(site.getsitepackages()[0])") + make LIBEXECDIR="/usr/lib/git-remote-qubes" SITELIBDIR="$site_packages" all +} + +package() { + local site_packages=$(python -c "import site; print(site.getsitepackages()[0])") + make LIBEXECDIR="/usr/lib/git-remote-qubes" DESTDIR="$pkgdir" SITELIBDIR="$site_packages" install-vm +} +sha512sums=" +69aeead4eaa3202964af9845c00115680277cbf12dbba8bd4b9669418aa17c6220708a5372db7ef76c3d7682f6a0b03b4b8a79dd438ee984db78c024fb9003ac git-remote-qubes-0.1.1.tar.gz +" From 6e326fa58a3bf7726687ae5ebdf29a2fab93e4fb Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 7 Sep 2025 13:14:37 -0400 Subject: [PATCH 170/184] qubes-vm-core: upgrade to 4.3.30 --- qubes-vm-core/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index c599600..f0e8f15 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -8,7 +8,7 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.3.29 +pkgver=4.3.30 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." @@ -167,7 +167,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib } sha512sums=" -add53d1490f5b418bd742ebb507500719aad72597826f36bfa88e13f3a15ac96eb21f1b0e795d2b6e7f09ae6554657647a026c9cd07094abca89d2c0a03c75cf qubes-vm-core-v4.3.29.tar.gz +bda6a1a76be570e1983fb0142d50f74510a1abe8293faffed5617de3b610deca54f148fc541254748beaee8ad47d853d6938b6f8c1a9aa4b46fefaa92e3c5193 qubes-vm-core-v4.3.30.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From 870a7b39760b83dfe37ac2581031bcf79eab29f4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 7 Sep 2025 14:40:11 -0400 Subject: [PATCH 171/184] git-remote-qubes: remove systemd dependency, fix RPC binary by adding shebang --- git-remote-qubes/APKBUILD | 10 ++- git-remote-qubes/do-not-use-systemd.patch | 71 +++++++++++++++++++ git-remote-qubes/qubes-rpc-ruddo-use-sh.patch | 7 ++ 3 files changed, 86 insertions(+), 2 deletions(-) create mode 100644 git-remote-qubes/do-not-use-systemd.patch create mode 100644 git-remote-qubes/qubes-rpc-ruddo-use-sh.patch diff --git a/git-remote-qubes/APKBUILD b/git-remote-qubes/APKBUILD index dbbe729..abfc981 100644 --- a/git-remote-qubes/APKBUILD +++ b/git-remote-qubes/APKBUILD @@ -1,11 +1,15 @@ # Maintainer: Antoine Martin (ayakael) pkgname=git-remote-qubes pkgver=0.1.1 -pkgrel=0 +pkgrel=1 pkgdesc="Inter-VM Git for Qubes OS" url="https://github.com/Rudd-O/git-remote-qubes" license="GPL-3.0-only" -source="$pkgname-$pkgver.tar.gz::https://github.com/Rudd-O/git-remote-qubes/archive/refs/tags/v$pkgver.tar.gz" +source=" + $pkgname-$pkgver.tar.gz::https://github.com/Rudd-O/git-remote-qubes/archive/refs/tags/v$pkgver.tar.gz + do-not-use-systemd.patch + qubes-rpc-ruddo-use-sh.patch +" arch="noarch" makedepends="python3" @@ -20,4 +24,6 @@ package() { } sha512sums=" 69aeead4eaa3202964af9845c00115680277cbf12dbba8bd4b9669418aa17c6220708a5372db7ef76c3d7682f6a0b03b4b8a79dd438ee984db78c024fb9003ac git-remote-qubes-0.1.1.tar.gz +64475923bc4030ce96f6029732d3907a3164ac9baa0854b24ad8d206afd77120e63fa0d0bf9f7c07b07c7dea002bf3914a24cced39ed0f46893f15b891334f56 do-not-use-systemd.patch +7cbb9391aa8da81564c321b20db512968bd6a080fd90f0814fa684d85f3bdadd03236f7d88b2569f345623a1e4abd1f163fb571b63179e7633a8b28aac95b592 qubes-rpc-ruddo-use-sh.patch " diff --git a/git-remote-qubes/do-not-use-systemd.patch b/git-remote-qubes/do-not-use-systemd.patch new file mode 100644 index 0000000..3725745 --- /dev/null +++ b/git-remote-qubes/do-not-use-systemd.patch @@ -0,0 +1,71 @@ +diff --git a/git-remote-qubes.spec.orig b/git-remote-qubes.spec +index ec745d0..80fddfb 100644 +--- a/git-remote-qubes.spec.orig ++++ b/git-remote-qubes.spec +@@ -21,14 +21,12 @@ BuildRequires: git + + Requires: python3 + Requires: git-core +-# systemd is required because of systemd-escape. +-Requires: systemd + + %package dom0 + Summary: Policy package for Qubes OS dom0s that arbitrates %{name} + Requires: qubes-core-dom0 >= 4.1 + +-Requires: systemd qubes-core-dom0-linux ++Requires: qubes-core-dom0-linux + + %description + This package lets you setup Git servers on your Qubes OS VMs. +diff --git a/src/gitremotequbes/server.py.orig b/src/gitremotequbes/server.py +index ca6e9c7..c7d06d5 100644 +--- a/src/gitremotequbes/server.py.orig ++++ b/src/gitremotequbes/server.py +@@ -2,7 +2,6 @@ import logging + import os + import shlex + import signal +-import subprocess + import sys + + import gitremotequbes.copier +@@ -35,15 +34,6 @@ def main(): + logging.basicConfig(format="remote:" + logging.BASIC_FORMAT, level=level) + l = logging.getLogger() + +- trustedarg = os.getenv("QREXEC_SERVICE_ARGUMENT") +- if trustedarg: +- # Qubes OS subsystem has sent us an argument, and that argument +- # is trusted, so trust that over whatever the remote process said. +- l.debug("trustworthy argument %r sent by Qubes OS", trustedarg) +- git_dir = subprocess.check_output([ +- "systemd-escape", "--unescape", "--", trustedarg +- ], universal_newlines=True)[:-1] +- + sys.stdout.write("confirmed\n") + + while True: +diff --git a/src/gitremotequbes/client.py.orig b/src/gitremotequbes/client.py +index 1adf379..826c17c 100644 +--- a/src/gitremotequbes/client.py.orig ++++ b/src/gitremotequbes/client.py +@@ -29,17 +29,10 @@ def main(): + + l = logging.getLogger() + +- rpcarg = subprocess.check_output([ +- "systemd-escape", "--", url.path +- ], universal_newlines=True)[:-1] +- if len(rpcarg) > 64 or "\\" in rpcarg: +- # Path is too long! We must do without rpcarg. +- rpcarg = None +- + vm = subprocess.Popen( + ["/usr/lib/qubes/qrexec-client-vm", + url.netloc, +- "ruddo.Git" + ("+%s" % rpcarg if rpcarg else "")], ++ "ruddo.Git"], + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + bufsize=0, diff --git a/git-remote-qubes/qubes-rpc-ruddo-use-sh.patch b/git-remote-qubes/qubes-rpc-ruddo-use-sh.patch new file mode 100644 index 0000000..54e60cd --- /dev/null +++ b/git-remote-qubes/qubes-rpc-ruddo-use-sh.patch @@ -0,0 +1,7 @@ +diff --git a/etc/qubes-rpc/ruddo.Git.in.orig b/etc/qubes-rpc/ruddo.Git.in +index cb19123..62af422 100755 +--- a/etc/qubes-rpc/ruddo.Git.in.orig ++++ b/etc/qubes-rpc/ruddo.Git.in +@@ -1 +1,2 @@ ++#!/bin/sh + @LIBEXECDIR@/git-local-qubes From fcae03eedd0360126c065b01b272d9075baf0b72 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 8 Nov 2025 08:24:44 -0500 Subject: [PATCH 172/184] qubes-meta-packages: upgrade to 4.3.4 --- qubes-meta-packages/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index 2a41111..8b8c0fa 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -5,7 +5,7 @@ subpackages=" qubes-vm-dependencies qubes-vm-recommended " -pkgver=4.3.3 +pkgver=4.3.4 _gittag="v$pkgver" pkgrel=0 pkgdesc="Meta packages for Qubes-specific components" @@ -38,5 +38,5 @@ recommended() { mkdir -p "$subpkgdir" } sha512sums=" -8d369417dfcf1875009565f13ca5665a6d14db274b8247632450d1f79f2493b97d1341b651d7a13329e3b1f0ceb2d185cf9167c14f9e4a69201f2bfb4ef99505 qubes-meta-packages-v4.3.3 +74ce5d1fb2448fb95306b7d183225ff7003ebe67712c99a4509fe9b66279fe2e3337a1e8abab1ca6a038e987a119897883c64772a1405d5c62a82f92de1533a9 qubes-meta-packages-v4.3.4 " From 5ef70cec8e9b03a0122abf5dbeaffeed1fd83b1c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 8 Nov 2025 08:23:36 -0500 Subject: [PATCH 173/184] qubes-gpg-split: upgrade to 2.0.80 --- qubes-gpg-split/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index 7824a73..a464d39 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-gpg-split subpackages="$pkgname-doc" -pkgver=2.0.79 +pkgver=2.0.80 _gittag="v$pkgver" pkgrel=0 pkgdesc="Used Qubes AppVM as a “smart card”" @@ -31,5 +31,5 @@ package() { make install-vm DESTDIR="$pkgdir" } sha512sums=" -9ab1295047d5ba52225c984529f11231cf8b458615e0a1188de9f02ca6000c359858c24be5f28c6e117879fa6c55443ecc53bd0f15e1c342a45b5438cb1b39bc qubes-gpg-split-v2.0.79.tar.gz +307587175ff9da217fb6e3743142c1ee89106a427321eff2e6e77f39c47e5c3e8d06fb6dc51b525b761fafa49b11d9e6408b554e40d114ea2df592e455de3632 qubes-gpg-split-v2.0.80.tar.gz " From a98a4ffc847d69dfb5dd66f165f506b7fb2e9aa3 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 8 Nov 2025 08:25:33 -0500 Subject: [PATCH 174/184] qubes-vm-utils: upgrade to 4.3.13 --- qubes-vm-utils/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index 27cdc09..a0d8fa3 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -6,8 +6,8 @@ subpackages=" $pkgname-openrc $pkgname-pyc " -pkgver=4.3.11 -pkgrel=1 +pkgver=4.3.13 +pkgrel=0 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" @@ -59,6 +59,6 @@ support() { install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh } sha512sums=" -76dd3e8eba8751cec090d012e654706be5f94e9334bc5f86796f9be16ea931c64a8c52ecbe6f225b8abdb47bd55368984cc2fd3797fe714af3cd13c572ae9089 qubes-vm-utils-v4.3.11.tar.gz +58de5e357f560d4670a685de04cd72c173e5fa9568e6eb417370978dc5fb2cd76fadb8527232186452c7b7962d98dbc4441799e92d0e86bd934c7a915975826b qubes-vm-utils-v4.3.13.tar.gz 288636ea0ea9bda0560478f487b8f5491c2767c6460e7f4f04f653aee0121920c8d823d12e537e26cbecf4909336f6e0c360bbc221ed39407fe3f09f23462acd qubes-meminfo-writer.openrc " From 51e5c225c070db6942e5d9754f0123389841d2ba Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 8 Nov 2025 08:35:12 -0500 Subject: [PATCH 175/184] qubes-input-proxy: upgrade to 1.0.44 --- qubes-input-proxy/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index ebac7be..5edcd85 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-input-proxy -pkgver=1.0.43 +pkgver=1.0.44 _gittag="v$pkgver" pkgrel=0 pkgdesc="The Qubes service for proxying input devices" @@ -46,7 +46,7 @@ package() { install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender } sha512sums=" -b113c62926b78e4d5df0194e0e3770fb8fdd9e6009dc9982c62c77a592b494fdd14d5babc1e3da660c385503a6e78eea6950818e8722208f752c02ac04b7035f qubes-input-proxy-v1.0.43.tar.gz +026e7a4869a394f9588a2f0ec31d82128ad811c3d6c6d9a3978d1ba930707d5c3cc7b0c11c3f21ae7a5bd6b4bb10f3ffa54e41f25252896aa76705ab148d02a3 qubes-input-proxy-v1.0.44.tar.gz e21e6ae680f98474cbb8b6213768ca1f8d5ffb0088173a387a309e1b40a9aabbb946f3201aa143088f144f13a5c85c3710b7ade1a1189655a08ed574e3d26df4 qubes-input-trigger_use-openrc.patch d199c586e146c0846169a04419fcd72764c528f6d270388927bf79273bddd50a307b40db8be482847a93de473553c3cea00fc7b08b5f93f3d79e0a3f8e620f64 makefile_skip-systemd.patch 2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299 qubes-input-sender.openrc From 6bc36121ed2c63c233089b594fa270d8ca219922 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 8 Nov 2025 08:27:09 -0500 Subject: [PATCH 176/184] qubes-vm-core: upgrade to 4.3.34 --- qubes-vm-core/APKBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index f0e8f15..f2c7545 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -8,7 +8,7 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.3.30 +pkgver=4.3.34 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." @@ -167,7 +167,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib } sha512sums=" -bda6a1a76be570e1983fb0142d50f74510a1abe8293faffed5617de3b610deca54f148fc541254748beaee8ad47d853d6938b6f8c1a9aa4b46fefaa92e3c5193 qubes-vm-core-v4.3.30.tar.gz +a441b8338bc0c174b7ede125d17f078d499439393231fd44bef87ea10a9212c45618c5486b009d76b01f7ed4c05651442fd13fa80c555fe6e990b5bddaa3cd28 qubes-vm-core-v4.3.34.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From 73679431cbce39c8fbe6f6e16759878231697a48 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 8 Nov 2025 08:42:27 -0500 Subject: [PATCH 177/184] qubes-vm-gui: upgrade to 4.3.13 --- qubes-vm-gui/APKBUILD | 8 +++---- .../qubes-sessions_do-not-use-systemd.patch | 23 ------------------- 2 files changed, 4 insertions(+), 27 deletions(-) delete mode 100644 qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 7234e1f..1f10b76 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -5,7 +5,7 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.3.10 +pkgver=4.3.13 pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" @@ -22,6 +22,8 @@ depends=" makedepends=" autoconf automake + dbus-dev + gettext gcc git libtool @@ -52,7 +54,6 @@ source=" qubes-gui-agent.openrc qubes-sessions.sh qubes-gui-agent.pam - qubes-sessions_do-not-use-systemd.patch " builddir="$srcdir"/qubes-gui-agent-linux-${_gittag/v} _qubes_backend_vmm=xen @@ -117,11 +118,10 @@ pipewire() { } sha512sums=" -0a1dcf724224f8e03a5d847a5f1d6270237f48f9e434d63cdb6d386205439c78163a7ca742d04d4f02d472fb002e045333b0d31799b62d68c4cf50ec3f68383f qubes-vm-gui-v4.3.10.tar.gz +52abaa673546d02cf14baad4cce2c93f6bfd53b0b327d985b7b712d64a1dd4478adda0e09094a2cae8b4b5e991fd6354714d7f981fde0fecbd0a61da82083f14 qubes-vm-gui-v4.3.13.tar.gz 1a97b45ecb53926dcf840ea6954529002a6dfe3474cbe0a224dbb397d7fa91d8f08a819a2054be60883e02749b9904c128d0a226f66827dd3b7a29068662549a 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0 qubes-sessions.sh b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7 qubes-gui-agent.pam -256bab24dbec885241d0bc52be76bdaa5f5c695275828e5deb4115177d58e255e459c0fc45f9a3f16c12e77afbd1ab43fafee05cb3690e248f5fabb4741e6640 qubes-sessions_do-not-use-systemd.patch " diff --git a/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch b/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch deleted file mode 100644 index 2cfc7d2..0000000 --- a/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff --git a/appvm-scripts/usrbin/qubes-session.orig b/appvm-scripts/usrbin/qubes-session -index 4417ba7..31840ef 100755 ---- a/appvm-scripts/usrbin/qubes-session.orig -+++ b/appvm-scripts/usrbin/qubes-session -@@ -27,16 +27,8 @@ - - loginctl activate "$XDG_SESSION_ID" - --# Now import the environment from the systemd user session. --# This is necessary to enable users to configure their --# Qubes environment using the standard environment.d --# facility. Documentation for the facility is at: --# https://www.freedesktop.org/software/systemd/man/environment.d.html --set -a # export all variables --env=$(systemctl --user show-environment) && eval "$env" || exit --set +a --unset env -- -+# source profile instead of getting env variables from systemctl -+. /etc/profile - - if qsvc guivm-gui-agent; then - if [ -e "$HOME/.xinitrc" ]; then From 67d4a6a41a6d910a33940f662dcfb590ad250f56 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Dec 2025 16:37:25 -0500 Subject: [PATCH 178/184] ci: drop v3.21, add v3.23 workflow --- .../workflows/{build-v3.21.yaml => build-v3.23.yaml} | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) rename .forgejo/workflows/{build-v3.21.yaml => build-v3.23.yaml} (93%) diff --git a/.forgejo/workflows/build-v3.21.yaml b/.forgejo/workflows/build-v3.23.yaml similarity index 93% rename from .forgejo/workflows/build-v3.21.yaml rename to .forgejo/workflows/build-v3.23.yaml index 85aa629..6837da0 100644 --- a/.forgejo/workflows/build-v3.21.yaml +++ b/.forgejo/workflows/build-v3.23.yaml @@ -3,7 +3,7 @@ on: types: [ assigned, opened, synchronize, reopened ] jobs: - build-v3.21: + build-v3.23: runs-on: x86_64 container: image: alpinelinux/alpine-gitlab-ci:latest @@ -12,7 +12,7 @@ jobs: CI_DEBUG_BUILD: ${{ runner.debug }} CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }} CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }} - CI_ALPINE_TARGET: v3.21 + CI_ALPINE_TARGET: v3.23 steps: - name: Environment setup run: | @@ -32,13 +32,13 @@ jobs: name: package path: packages - deploy-v3.21: - needs: [build-v3.21] + deploy-v3.23: + needs: [build-v3.23] runs-on: x86_64 container: image: alpine:latest env: - CI_ALPINE_TARGET: v3.21 + CI_ALPINE_TARGET: v3.23 CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine' FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }} FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }} From 4777fd5c511af6790e8e1a7d036b7597c2629ac4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Dec 2025 16:39:23 -0500 Subject: [PATCH 179/184] *: rebuild for v3.23 --- git-remote-qubes/APKBUILD | 2 +- qubes-app-linux-druide-antidote/APKBUILD | 2 +- qubes-db-vm/APKBUILD | 2 +- qubes-gpg-split/APKBUILD | 2 +- qubes-input-proxy/APKBUILD | 2 +- qubes-libvchan-xen/APKBUILD | 2 +- qubes-meta-packages/APKBUILD | 2 +- qubes-pass/APKBUILD | 2 +- qubes-usb-proxy/APKBUILD | 2 +- qubes-vm-core/APKBUILD | 2 +- qubes-vm-gui-dev/APKBUILD | 2 +- qubes-vm-gui/APKBUILD | 2 +- qubes-vm-qrexec/APKBUILD | 2 +- qubes-vm-utils/APKBUILD | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/git-remote-qubes/APKBUILD b/git-remote-qubes/APKBUILD index abfc981..017700c 100644 --- a/git-remote-qubes/APKBUILD +++ b/git-remote-qubes/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=git-remote-qubes pkgver=0.1.1 -pkgrel=1 +pkgrel=2 pkgdesc="Inter-VM Git for Qubes OS" url="https://github.com/Rudd-O/git-remote-qubes" license="GPL-3.0-only" diff --git a/qubes-app-linux-druide-antidote/APKBUILD b/qubes-app-linux-druide-antidote/APKBUILD index 161d706..8765a19 100644 --- a/qubes-app-linux-druide-antidote/APKBUILD +++ b/qubes-app-linux-druide-antidote/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-app-linux-druide-antidote pkgver=0.0.1_git20240201 _gittag=c724c88aa2a20b1e422b464499015ff05753316d -pkgrel=4 +pkgrel=5 arch="noarch" pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file" url=https://github.com/neowutran/qubes-app-linux-druide-antidote diff --git a/qubes-db-vm/APKBUILD b/qubes-db-vm/APKBUILD index 16f94f4..a68fdba 100644 --- a/qubes-db-vm/APKBUILD +++ b/qubes-db-vm/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-db-vm subpackages="$pkgname-openrc" pkgver=4.3.1 -pkgrel=2 +pkgrel=3 _gittag="v$pkgver" pkgdesc="QubesDB libs and daemon service." arch="x86_64" diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index a464d39..f90a461 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-gpg-split subpackages="$pkgname-doc" pkgver=2.0.80 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Used Qubes AppVM as a “smart card”" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-split-gpg" diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index 5edcd85..d08c4ce 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-input-proxy pkgver=1.0.44 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes service for proxying input devices" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-input-proxy" diff --git a/qubes-libvchan-xen/APKBUILD b/qubes-libvchan-xen/APKBUILD index 0e66336..0d4963d 100644 --- a/qubes-libvchan-xen/APKBUILD +++ b/qubes-libvchan-xen/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-libvchan-xen pkgver=4.2.7 -pkgrel=2 +pkgrel=3 _gittag=v$pkgver pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." arch="x86_64" diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index 8b8c0fa..abd8c71 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -7,7 +7,7 @@ subpackages=" " pkgver=4.3.4 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="Meta packages for Qubes-specific components" arch="noarch" url="https://github.com/QubesOS/qubes-meta-packages" diff --git a/qubes-pass/APKBUILD b/qubes-pass/APKBUILD index 67e0b60..68df164 100644 --- a/qubes-pass/APKBUILD +++ b/qubes-pass/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-pass pkgver=0.1.0 _gittag="v$pkgver" -pkgrel=6 +pkgrel=7 pkgdesc="An inter-VM password manager for Qubes OS" arch="noarch" url="https://github.com/Rudd-O/qubes-pass" diff --git a/qubes-usb-proxy/APKBUILD b/qubes-usb-proxy/APKBUILD index cb6ec16..3f1ef89 100644 --- a/qubes-usb-proxy/APKBUILD +++ b/qubes-usb-proxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-usb-proxy pkgver=4.3.2 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes service for proxying USB devices" arch="noarch" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index f2c7545..dd02043 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -9,7 +9,7 @@ subpackages=" $pkgname-pyc " pkgver=4.3.34 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" diff --git a/qubes-vm-gui-dev/APKBUILD b/qubes-vm-gui-dev/APKBUILD index 3eccd86..dc3536f 100644 --- a/qubes-vm-gui-dev/APKBUILD +++ b/qubes-vm-gui-dev/APKBUILD @@ -3,7 +3,7 @@ pkgname=qubes-vm-gui-dev pkgver=4.3.1 _gittag="v$pkgver" -pkgrel=1 +pkgrel=2 pkgdesc="Common files for Qubes GUI - protocol headers." arch="noarch" url="https://github.com/QubesOS/qubes-gui-common" diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 1f10b76..84658f3 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -6,7 +6,7 @@ subpackages=" qubes-vm-pipewire $pkgname-openrc" pkgver=4.3.13 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD index 514d73b..0bdc2bb 100644 --- a/qubes-vm-qrexec/APKBUILD +++ b/qubes-vm-qrexec/APKBUILD @@ -4,7 +4,7 @@ pkgname=qubes-vm-qrexec subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc" pkgver=4.3.11 _gittag="v$pkgver" -pkgrel=0 +pkgrel=1 pkgdesc="The Qubes qrexec files (qube side)" arch="x86_64" url="https://github.com/QubesOS/qubes-core-qrexec" diff --git a/qubes-vm-utils/APKBUILD b/qubes-vm-utils/APKBUILD index a0d8fa3..a872af7 100644 --- a/qubes-vm-utils/APKBUILD +++ b/qubes-vm-utils/APKBUILD @@ -7,7 +7,7 @@ subpackages=" $pkgname-pyc " pkgver=4.3.13 -pkgrel=0 +pkgrel=1 _gittag="v$pkgver" pkgdesc="Common Linux files for Qubes VM." arch="x86_64" From cc1cdbd35e87cbb53eb8589486432e93b9ac9b36 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Dec 2025 17:05:25 -0500 Subject: [PATCH 180/184] qubes-gpg-split: upgrade to 2.0.81 --- qubes-gpg-split/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-gpg-split/APKBUILD b/qubes-gpg-split/APKBUILD index f90a461..e788a2a 100644 --- a/qubes-gpg-split/APKBUILD +++ b/qubes-gpg-split/APKBUILD @@ -2,9 +2,9 @@ # Maintainer: Antoine Martin (ayakael) pkgname=qubes-gpg-split subpackages="$pkgname-doc" -pkgver=2.0.80 +pkgver=2.0.81 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="Used Qubes AppVM as a “smart card”" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-split-gpg" @@ -31,5 +31,5 @@ package() { make install-vm DESTDIR="$pkgdir" } sha512sums=" -307587175ff9da217fb6e3743142c1ee89106a427321eff2e6e77f39c47e5c3e8d06fb6dc51b525b761fafa49b11d9e6408b554e40d114ea2df592e455de3632 qubes-gpg-split-v2.0.80.tar.gz +78765694e05d2d46aeea859521dcb33b1899dfc0e49ff3d593377c47a3ff86487225f0983f7db5bdd2020463272bdfdcbe066a8dbf87c89c38da14a6fdb3e12f qubes-gpg-split-v2.0.81.tar.gz " From 049bc4f2e6e86b80c6c4d4f924f0ad46f64d2592 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Dec 2025 17:06:16 -0500 Subject: [PATCH 181/184] qubes-vm-gui: upgrade to 4.3.15 --- qubes-vm-gui/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-gui/APKBUILD b/qubes-vm-gui/APKBUILD index 84658f3..fdae92a 100644 --- a/qubes-vm-gui/APKBUILD +++ b/qubes-vm-gui/APKBUILD @@ -5,8 +5,8 @@ subpackages=" qubes-vm-pulseaudio qubes-vm-pipewire $pkgname-openrc" -pkgver=4.3.13 -pkgrel=1 +pkgver=4.3.15 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes GUI Agent for AppVMs" arch="x86_64" @@ -118,7 +118,7 @@ pipewire() { } sha512sums=" -52abaa673546d02cf14baad4cce2c93f6bfd53b0b327d985b7b712d64a1dd4478adda0e09094a2cae8b4b5e991fd6354714d7f981fde0fecbd0a61da82083f14 qubes-vm-gui-v4.3.13.tar.gz +d3fcd5b70ec27f637cac620d299c2bca8c14b15c86011aa364a6079c871abdde2b69f871e4329ccc6bce20d72ffa34c1f78d8bd3797f9084797e792815b92463 qubes-vm-gui-v4.3.15.tar.gz 1a97b45ecb53926dcf840ea6954529002a6dfe3474cbe0a224dbb397d7fa91d8f08a819a2054be60883e02749b9904c128d0a226f66827dd3b7a29068662549a 0001-musl-build.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc From 658a8a41cdc2542127325fbb666f34a49fcc5a8b Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Dec 2025 17:07:26 -0500 Subject: [PATCH 182/184] qubes-input-proxy: upgrade to 1.0.45 --- qubes-input-proxy/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-input-proxy/APKBUILD b/qubes-input-proxy/APKBUILD index d08c4ce..9a2c00e 100644 --- a/qubes-input-proxy/APKBUILD +++ b/qubes-input-proxy/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=qubes-input-proxy -pkgver=1.0.44 +pkgver=1.0.45 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="The Qubes service for proxying input devices" arch="x86_64" url="https://github.com/QubesOS/qubes-app-linux-input-proxy" @@ -46,7 +46,7 @@ package() { install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender } sha512sums=" -026e7a4869a394f9588a2f0ec31d82128ad811c3d6c6d9a3978d1ba930707d5c3cc7b0c11c3f21ae7a5bd6b4bb10f3ffa54e41f25252896aa76705ab148d02a3 qubes-input-proxy-v1.0.44.tar.gz +df7e3b34feac1479a9e181cad06dcb1973d85967dd42f45d47838615e48b98566484db39c9069882df19aadddba9d4c7fd65a6206e966def82481000e4dd0289 qubes-input-proxy-v1.0.45.tar.gz e21e6ae680f98474cbb8b6213768ca1f8d5ffb0088173a387a309e1b40a9aabbb946f3201aa143088f144f13a5c85c3710b7ade1a1189655a08ed574e3d26df4 qubes-input-trigger_use-openrc.patch d199c586e146c0846169a04419fcd72764c528f6d270388927bf79273bddd50a307b40db8be482847a93de473553c3cea00fc7b08b5f93f3d79e0a3f8e620f64 makefile_skip-systemd.patch 2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299 qubes-input-sender.openrc From aa32d8ed2fd89a00cf834b9329454378d165cb52 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Dec 2025 17:08:34 -0500 Subject: [PATCH 183/184] qubes-vm-core: upgrade to 4.3.37 --- qubes-vm-core/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-vm-core/APKBUILD b/qubes-vm-core/APKBUILD index dd02043..e9b5b65 100644 --- a/qubes-vm-core/APKBUILD +++ b/qubes-vm-core/APKBUILD @@ -8,8 +8,8 @@ subpackages=" $pkgname-doc $pkgname-pyc " -pkgver=4.3.34 -pkgrel=1 +pkgver=4.3.37 +pkgrel=0 _gittag="v$pkgver" pkgdesc="The Qubes core files for installation inside a Qubes VM." arch="x86_64" @@ -167,7 +167,7 @@ root() { make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib } sha512sums=" -a441b8338bc0c174b7ede125d17f078d499439393231fd44bef87ea10a9212c45618c5486b009d76b01f7ed4c05651442fd13fa80c555fe6e990b5bddaa3cd28 qubes-vm-core-v4.3.34.tar.gz +6c54b45ad9a53fd67901e3017e4992ebae7d30093ffe7a251ade715655b327b25588c495fe50f402a2ea2b89172b9234b2e6f3c94d471984596231d302d4771c qubes-vm-core-v4.3.37.tar.gz 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc From a52040259f6a47b7aabae33e8e153d3ddf43ee03 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Dec 2025 17:09:16 -0500 Subject: [PATCH 184/184] qubes-meta-packages: upgrade to 4.3.5 --- qubes-meta-packages/APKBUILD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-meta-packages/APKBUILD b/qubes-meta-packages/APKBUILD index abd8c71..0e0d91c 100644 --- a/qubes-meta-packages/APKBUILD +++ b/qubes-meta-packages/APKBUILD @@ -5,9 +5,9 @@ subpackages=" qubes-vm-dependencies qubes-vm-recommended " -pkgver=4.3.4 +pkgver=4.3.5 _gittag="v$pkgver" -pkgrel=1 +pkgrel=0 pkgdesc="Meta packages for Qubes-specific components" arch="noarch" url="https://github.com/QubesOS/qubes-meta-packages" @@ -38,5 +38,5 @@ recommended() { mkdir -p "$subpkgdir" } sha512sums=" -74ce5d1fb2448fb95306b7d183225ff7003ebe67712c99a4509fe9b66279fe2e3337a1e8abab1ca6a038e987a119897883c64772a1405d5c62a82f92de1533a9 qubes-meta-packages-v4.3.4 +ed671aee73b00a99a99039fcf690e43c20d5fdc9c82617290f1741aaefd5e2e234954e68c038c7d640207cfc04a7f8fe625a0708e220a84095cb976a6ddca013 qubes-meta-packages-v4.3.5 "