forge/qports
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages 35 Wiki Activity Actions 1

Compare commits

base: forge:libvchan/bump
Branches Tags
forge:main
forge:r4.2
forge:r4.1
forge:4.2/druide
forge:libvchan/bump
..
compare: forge:main
Branches Tags
forge:r4.2
forge:main
forge:r4.1
forge:4.2/druide
forge:libvchan/bump

144 commits
libvchan/b ... main

Author SHA1 Message Date
Antoine Martin
b68dd71646 qubes-vm-core: upgrade to 4.3.27 2025-07-11 03:59:53 +00:00
Antoine Martin
2d91a0e8ac qubes-input-proxy: upgrade to 1.0.42 2025-07-11 03:59:50 +00:00
Antoine Martin
b7c9b7e09a qubes-vm-qrexec: upgrade to 4.3.10 2025-07-11 03:59:48 +00:00
Antoine Martin
f0ee96b393 qubes-vm-utils: upgrade to 4.3.11 2025-07-11 03:59:44 +00:00
Antoine Martin
42e3608eb3 qubes-gpg-split: upgrade to 2.0.78 2025-07-11 03:59:41 +00:00
Antoine Martin
192737e9c3
qubes-vm-gui: upgrade to 4.3.8
All checks were successful
/ lint (pull_request) Successful in 41s
Details
/ deploy-edge (pull_request) Successful in 34s
Details
/ build-edge (pull_request) Successful in 1m31s
Details
/ build-v3.21 (pull_request) Successful in 1m33s
Details
/ deploy-v3.21 (pull_request) Successful in 32s
Details
/ build-v3.22 (pull_request) Successful in 1m36s
Details
/ deploy-v3.22 (pull_request) Successful in 29s
Details
2025-07-10 22:44:58 -04:00
Antoine Martin
e191cf7802
*: rebuild for v3.22
All checks were successful
/ lint (pull_request) Successful in 37s
Details
/ deploy-edge (pull_request) Successful in 1m3s
Details
/ build-edge (pull_request) Successful in 7m29s
Details
/ build-v3.22 (pull_request) Successful in 6m28s
Details
/ deploy-v3.22 (pull_request) Successful in 38s
Details
/ deploy-v3.21 (pull_request) Successful in 43s
Details
/ build-v3.21 (pull_request) Successful in 6m34s
Details
2025-05-27 16:29:44 -04:00
Antoine Martin
fbd9be6e89
ci: drop v3.20 workflow, add v3.22 workflow 2025-05-27 16:29:23 -04:00
Antoine Martin
bcc832b2ce
qubes-libvchan-xen: link against non-versionned xen libraries
All checks were successful
/ lint (pull_request) Successful in 33s
Details
/ deploy-v3.21 (pull_request) Successful in 32s
Details
/ build-v3.21 (pull_request) Successful in 1m14s
Details
/ build-v3.20 (pull_request) Successful in 1m15s
Details
/ deploy-v3.20 (pull_request) Successful in 34s
Details
/ deploy-edge (pull_request) Successful in 39s
Details
/ build-edge (pull_request) Successful in 1m20s
Details 
Previous workaround to the xen upgrade race condition actually caused
xen to be uninstalled on most systems, breaking the template. This is
thus another approach at fixing the race condition by linking against
non-versionned xen libraries. Thus, a minor version upgrade of xen will
not cause libxenvchan.so to lose xen libraries.

The linking process is changed by adding a step before linking where ld
is linked against libraries where DT_SONAME has been patched with
patchelf. This is not an elegant solution, but it does work. Ideally, we
would find a way for seamless upgrading of xen while the proxy is up.
 2025-05-12 08:57:33 -04:00
Antoine Martin
a7ffe0ba73 qubes-input-proxy: upgrade to 1.0.41 2025-05-11 17:21:54 +00:00
Antoine Martin
83e9dbce8d
qubes-gpg-split: upgrade to 2.0.77
All checks were successful
/ lint (pull_request) Successful in 39s
Details
/ deploy-edge (pull_request) Successful in 40s
Details
/ build-edge (pull_request) Successful in 1m7s
Details
/ build-v3.21 (pull_request) Successful in 59s
Details
/ deploy-v3.21 (pull_request) Successful in 35s
Details
/ deploy-v3.20 (pull_request) Successful in 38s
Details
/ build-v3.20 (pull_request) Successful in 1m5s
Details
2025-05-11 13:15:22 -04:00
Antoine Martin
ad1e4b3def qubes-meta-packages: upgrade to 4.3.2 2025-05-11 17:12:34 +00:00
Antoine Martin
48148f9831 qubes-vm-qrexec: upgrade to 4.3.7 2025-05-11 17:12:28 +00:00
Antoine Martin
69fcc1b993 qubes-vm-utils: upgrade to 4.3.9 2025-05-11 17:12:22 +00:00
Antoine Martin
cdbb385ff9 qubes-db-vm: upgrade to 4.3.1 2025-05-11 17:12:15 +00:00
Antoine Martin
001a683c76 qubes-vm-core: upgrade to 4.3.23 2025-05-11 17:12:08 +00:00
Antoine Martin
e3d0ee0187 qubes-vm-gui-dev: upgrade to 4.3.1 2025-05-11 17:12:00 +00:00
Antoine Martin
d3b32bb176 qubes-vm-gui: upgrade to 4.3.6 2025-05-11 17:12:00 +00:00
Antoine Martin
6c1620ebef
qubes-libvchan-xen: upgrade to 4.2.7
All checks were successful
/ lint (pull_request) Successful in 36s
Details
/ deploy-v3.20 (pull_request) Successful in 38s
Details
/ build-v3.20 (pull_request) Successful in 1m32s
Details
/ build-v3.21 (pull_request) Successful in 1m30s
Details
/ deploy-v3.21 (pull_request) Successful in 35s
Details
/ deploy-edge (pull_request) Successful in 33s
Details
/ build-edge (pull_request) Successful in 1m36s
Details
2025-05-11 12:38:32 -04:00
Antoine Martin
a302ce60cd
qubes-libvchan-xen: do not depend directly on xen 
Depending on xen directly caused apk to update xen
before qubes-libvchan-xen, thus causing failure to
upgrade template due to apk proxying being broken.
 2025-05-11 12:38:08 -04:00
Antoine Martin
73d93b0269
ci: fix issue creation with forgejo 11 2025-05-11 11:32:48 -04:00
Antoine Martin
1e1ccd7454
ci: upgrade before pulling nodejs 2025-05-11 11:31:45 -04:00
Antoine Martin
7042c2131d
forgejo: use ISSUE_TOKEN instead of FORGE_TOKEN 2025-02-26 19:29:32 -05:00
Antoine Martin
6d964453be
qubes-vm-core: upgrade to 4.3.15
All checks were successful
/ lint (pull_request) Successful in 41s
Details
/ deploy-v3.20 (pull_request) Successful in 38s
Details
/ build-v3.20 (pull_request) Successful in 1m29s
Details
/ deploy-edge (pull_request) Successful in 34s
Details
/ build-edge (pull_request) Successful in 1m41s
Details
/ deploy-v3.21 (pull_request) Successful in 30s
Details
/ build-v3.21 (pull_request) Successful in 1m42s
Details
2025-01-15 09:19:00 -05:00
Antoine Martin
c7100461e4 qubes-vm-gui: upgrade to 4.3.4 2024-12-29 18:32:16 +00:00
Antoine Martin
6a70005a3a
qubes-vm-core: upgrade to 4.3.14
All checks were successful
/ lint (pull_request) Successful in 31s
Details
/ deploy-v3.20 (pull_request) Successful in 1m5s
Details
/ build-v3.20 (pull_request) Successful in 1m39s
Details
/ deploy-edge (pull_request) Successful in 57s
Details
/ build-edge (pull_request) Successful in 1m49s
Details
/ deploy-v3.21 (pull_request) Successful in 57s
Details
/ build-v3.21 (pull_request) Successful in 1m32s
Details
2024-12-29 13:22:18 -05:00
Antoine Martin
c1166d75b5 qubes-db-vm: upgrade to 4.2.7 2024-12-26 06:25:03 +00:00
Antoine Martin
47c44f0ff9
qubes-vm-utils: upgrade to 4.3.7
All checks were successful
/ lint (pull_request) Successful in 34s
Details
/ build-v3.20 (pull_request) Successful in 1m18s
Details
/ deploy-v3.20 (pull_request) Successful in 1m18s
Details
/ deploy-edge (pull_request) Successful in 1m50s
Details
/ build-edge (pull_request) Successful in 1m28s
Details
/ build-v3.21 (pull_request) Successful in 1m20s
Details
/ deploy-v3.21 (pull_request) Successful in 1m13s
Details
2024-12-26 00:12:44 -05:00
Antoine Martin
c4a33f0f82 qubes-input-proxy: upgrade to 1.0.40 2024-12-13 21:09:19 +00:00
Antoine Martin
e2e5c67379 qubes-vm-core: upgrade to 4.3.13 2024-12-13 21:07:05 +00:00
Antoine Martin
d5fac1bec3 qubes-usb-proxy: upgrade to 4.3.0 2024-12-13 21:06:16 +00:00
Antoine Martin
32686a4754 qubes-vm-gui: upgrade to 4.3.2 2024-12-13 21:03:02 +00:00
Antoine Martin
101031d8d8 qubes-vm-utils: upgrade to 4.3.6 2024-12-13 21:02:56 +00:00
Antoine Martin
2072bf2d03 qubes-vm-qrexec: upgrade to 4.3.1 2024-12-13 21:02:55 +00:00
Antoine Martin
7d9253d8c9
qubes-input-proxy: fix openrc patch
All checks were successful
/ lint (pull_request) Successful in 26s
Details
/ deploy-v3.20 (pull_request) Successful in 29s
Details
/ build-v3.20 (pull_request) Successful in 1m14s
Details
/ deploy-edge (pull_request) Successful in 29s
Details
/ build-edge (pull_request) Successful in 1m20s
Details
/ deploy-v3.21 (pull_request) Successful in 27s
Details
/ build-v3.21 (pull_request) Successful in 1m8s
Details
2024-12-02 19:15:32 -05:00
Antoine Martin
e867721ad6
forgejo: import build.sh in repo
All checks were successful
/ lint (pull_request) Successful in 33s
Details
/ deploy-v3.20 (pull_request) Successful in 1m57s
Details
/ build-v3.20 (pull_request) Successful in 4m20s
Details
/ build-v3.21 (pull_request) Successful in 5m52s
Details
/ deploy-v3.21 (pull_request) Successful in 52s
Details
/ deploy-edge (pull_request) Successful in 1m39s
Details
/ build-edge (pull_request) Successful in 4m59s
Details
2024-11-30 21:07:29 -05:00
Antoine Martin
3254fe9738
*: rebuild for 3.21
Some checks failed
/ deploy-v3.21 (pull_request) Has been skipped
Details
/ build-v3.21 (pull_request) Failing after 38s
Details
/ lint (pull_request) Successful in 30s
Details
/ deploy-edge (pull_request) Successful in 1m7s
Details
/ build-edge (pull_request) Successful in 6m20s
Details
/ deploy-v3.20 (pull_request) Successful in 1m13s
Details
/ build-v3.20 (pull_request) Successful in 5m10s
Details
2024-11-30 20:56:01 -05:00
Antoine Martin
1a427d854d
forgejo-ci: drop 3.19 builder, add 3.21 2024-11-30 20:55:39 -05:00
Antoine Martin
9a48d213f3 qubes-input-proxy: upgrade to 1.0.39 2024-11-10 19:36:05 +00:00
Antoine Martin
a4800f9e03
qubes-vm-gui: upgrade to 4.3.1
All checks were successful
/ lint (pull_request) Successful in 34s
Details
/ deploy-v3.19 (pull_request) Successful in 57s
Details
/ build-v3.19 (pull_request) Successful in 2m4s
Details
/ build-v3.20 (pull_request) Successful in 1m57s
Details
/ deploy-v3.20 (pull_request) Successful in 36s
Details
/ deploy-edge (pull_request) Successful in 30s
Details
/ build-edge (pull_request) Successful in 1m54s
Details
2024-11-10 09:33:38 -05:00
Antoine Martin
e9170df040 qubes-vm-utils: upgrade to 4.3.5 2024-11-08 00:41:33 +00:00
Antoine Martin
8ecc7b48ea
qubes-vm-core: upgrade to 4.3.11
All checks were successful
/ lint (pull_request) Successful in 32s
Details
/ deploy-edge (pull_request) Successful in 37s
Details
/ build-edge (pull_request) Successful in 2m10s
Details
/ deploy-v3.19 (pull_request) Successful in 33s
Details
/ build-v3.19 (pull_request) Successful in 1m39s
Details
/ deploy-v3.20 (pull_request) Successful in 34s
Details
/ build-v3.20 (pull_request) Successful in 2m3s
Details
2024-11-07 18:54:57 -05:00
Antoine Martin
e65971b3ab qubes-vm-gui-dev: upgrade to 4.3.0 2024-10-31 20:08:25 +00:00
Antoine Martin
a914b685f2 qubes-vm-gui: upgrade to 4.3.0 2024-10-31 20:08:25 +00:00
Antoine Martin
1c13a950c2
qubes-libvchan-xen: rebuild against xen 4.19
All checks were successful
/ lint (pull_request) Successful in 35s
Details
/ build-v3.20 (pull_request) Successful in 1m52s
Details
/ deploy-v3.20 (pull_request) Successful in 36s
Details
/ build-v3.19 (pull_request) Successful in 1m54s
Details
/ deploy-v3.19 (pull_request) Successful in 37s
Details
/ deploy-edge (pull_request) Successful in 31s
Details
/ build-edge (pull_request) Successful in 2m41s
Details
2024-10-31 15:58:53 -04:00
Antoine Martin
7779c42918
qubes-vm-core: upgrade to 4.3.0
Some checks failed
/ lint (pull_request) Successful in 31s
Details
/ deploy-edge (pull_request) Has been skipped
Details
/ build-edge (pull_request) Failing after 44s
Details
/ build-v3.19 (pull_request) Successful in 1m56s
Details
/ deploy-v3.19 (pull_request) Successful in 33s
Details
/ build-v3.20 (pull_request) Successful in 1m40s
Details
/ deploy-v3.20 (pull_request) Successful in 28s
Details
2024-10-31 15:54:29 -04:00
Antoine Martin
637a92578a
forcejo: fix bad if statement 2024-10-31 15:45:21 -04:00
Antoine Martin
4953c4c159
forgego: add package version checks 2024-10-31 15:32:52 -04:00
Antoine Martin
a0e397c918
*: /usr merge
Some checks failed
/ deploy-v3.20 (pull_request) Has been cancelled
Details
/ build-v3.20 (pull_request) Has been cancelled
Details
/ deploy-v3.19 (pull_request) Has been cancelled
Details
/ build-v3.19 (pull_request) Has been cancelled
Details
/ deploy-edge (pull_request) Has been cancelled
Details
/ build-edge (pull_request) Has been cancelled
Details
/ lint (pull_request) Successful in 24s
Details
2024-10-16 20:10:31 -04:00
Antoine Martin
8109344b8e qubes-vm-qrexec: upgrade to 4.3.0 2024-10-10 16:21:31 +00:00
Antoine Martin
2cdae9bc59 qubes-vm-gui: upgrade to 4.2.18 2024-10-10 16:18:23 +00:00
Antoine Martin
573c747ff9 qubes-vm-gui-dev: upgrade to 4.2.5 2024-10-10 16:18:23 +00:00
Antoine Martin
64d500c042 qubes-vm-utils: upgrade to 4.3.4 2024-10-10 16:18:15 +00:00
Antoine Martin
907e65b867 qubes-vm-core: upgrade to 4.3.7 2024-10-10 16:02:34 +00:00
Antoine Martin
c7d021b224 qubes-usb-proxy: upgrade to 1.3.2 2024-10-10 16:01:16 +00:00
Antoine Martin
df786a0292 qubes-libvchan-xen: upgrade to 4.2.4 2024-10-10 16:01:10 +00:00
Antoine Martin
5ebb82e9d3
qubes-input-proxy: fix url
Some checks failed
/ lint (pull_request) Successful in 29s
Details
/ deploy-edge (pull_request) Failing after 1m48s
Details
/ build-edge (pull_request) Successful in 44s
Details
/ deploy-v3.19 (pull_request) Failing after 1m49s
Details
/ build-v3.19 (pull_request) Successful in 45s
Details
/ deploy-v3.20 (pull_request) Failing after 1m41s
Details
/ build-v3.20 (pull_request) Successful in 45s
Details
2024-10-10 12:00:30 -04:00
Antoine Martin
79be5d7efa qubes-gpg-split: upgrade to 2.0.75 2024-10-10 15:57:39 +00:00
Antoine Martin
43a72bd078
qubes-input-proxy: upgrade to 1.0.38
All checks were successful
/ lint (pull_request) Successful in 34s
Details
/ deploy-v3.20 (pull_request) Successful in 32s
Details
/ build-v3.20 (pull_request) Successful in 1m10s
Details
/ build-v3.19 (pull_request) Successful in 1m12s
Details
/ deploy-v3.19 (pull_request) Successful in 35s
Details
/ deploy-edge (pull_request) Successful in 31s
Details
/ build-edge (pull_request) Successful in 1m19s
Details
2024-10-10 11:49:19 -04:00
Antoine Martin
931be466e8
README: update 2024-08-16 21:45:56 -04:00
Antoine Martin
a138662e44
qubes-vm-utils: bump
Some checks failed
/ lint (pull_request) Successful in 33s
Details
/ build-edge (pull_request) Successful in 37s
Details
/ deploy-edge (pull_request) Failing after 1m45s
Details
/ deploy-v3.19 (pull_request) Failing after 1m41s
Details
/ build-v3.19 (pull_request) Successful in 38s
Details
/ deploy-v3.20 (pull_request) Failing after 1m38s
Details
/ build-v3.20 (pull_request) Successful in 44s
Details
2024-08-16 08:13:01 -04:00
Antoine Martin
6909ec2185
forgejo-ci: add multitarget build workflows 2024-08-16 08:12:42 -04:00
Antoine Martin
b117d95024
qubes-vm-utils: bump
All checks were successful
/ lint (pull_request) Successful in 32s
Details
/ build-edge (pull_request) Successful in 1m24s
Details
/ deploy-edge (pull_request) Successful in 28s
Details
2024-08-16 01:17:02 -04:00
Antoine Martin
88c519bae4
qubes-input-proxy: bump 2024-08-16 01:16:52 -04:00
Antoine Martin
69eb028438
forgejo-ci: initial
Some checks failed
/ lint (pull_request) Successful in 25s
Details
/ build-edge (pull_request) Successful in 32s
Details
/ deploy-edge (pull_request) Failing after 1m41s
Details
2024-08-16 01:16:26 -04:00
Antoine Martin
1a3e88d955
gitlab-ci: drop for forgejo-ci 2024-08-15 21:59:02 -04:00
Antoine Martin
a7e184bf93
gitlab-ci: use git-annex instead of git-lfs 2024-08-10 12:01:01 -04:00
Antoine Martin
264c954d9b
qubes-vm-core: add missing rsvg-convert and dbus-x11 depend 2024-07-27 19:18:49 -04:00
Antoine Martin
bd6e8cac43
qubes-usb-proxy: fix usb reset with udevadm 2024-07-27 19:18:17 -04:00
Antoine Martin
cc021097dc
qubes-usb-proxy: add vhci-hcd module to modules-load.d 2024-07-27 19:17:41 -04:00
Antoine Martin
01db78f365
qubes-pass: add service subpackage 2024-07-27 19:17:02 -04:00
Antoine Martin
34f3abf6b1
qubes-vm-core: pull findutils depend 2024-07-27 19:16:49 -04:00
Antoine Martin
339e3da21b
qubes-input-proxy: add openrc support 2024-07-27 15:01:53 -04:00
Antoine Martin
fbba245e39
qubes-input-proxy: new aport 2024-07-27 01:04:34 -04:00
Antoine Martin
c04972d9f1
qubes-usb-proxy: fix usb import 2024-07-27 00:13:13 -04:00
Antoine Martin
0c45e05df1 README: update for r4.3 2024-07-11 17:26:23 +00:00
Antoine Martin
1a7b0e2a7f qubes-vm-gui-dev: bump pkgrel 2024-07-11 17:26:23 +00:00
Antoine Martin
4472d7d6a2 qubes-vm-utils: upgrade to 4.3.3 2024-07-11 17:26:23 +00:00
Antoine Martin
55581b72cb qubes-vm-qrexec: upgrade to 4.2.21 2024-07-11 17:26:23 +00:00
Antoine Martin
47011fa7a7 qubes-vm-gui: upgrade to 4.2.16 2024-07-11 17:26:23 +00:00
Antoine Martin
1f86673220 qubes-vm-core: upgrade to 4.3.4 2024-07-11 17:26:23 +00:00
Antoine Martin
e06a14c1c2 qubes-usb-proxy; upgrade to 1.3.0 2024-07-11 17:26:23 +00:00
Antoine Martin
4254194dd5 qubes-pass: push rel 2024-07-11 17:26:23 +00:00
Antoine Martin
26dee9677c qubes-meta-packages: upgrade to 4.3.0 2024-07-11 17:26:23 +00:00
Antoine Martin
8d62b30e1e qubes-libvchan-xen: bump pkgrel 2024-07-11 17:26:23 +00:00
Antoine Martin
9c720e6fa9 qubes-gpg-split: upgrade to 2.0.71 2024-07-11 17:26:23 +00:00
Antoine Martin
bee9163ca4 qubes-db-vm: upgrade to 4.2.6 2024-07-11 17:26:23 +00:00
Antoine Martin
2e9c021866 qubes-app-linux-druide-antidore: bump rel 2024-07-11 17:26:23 +00:00
Antoine Martin
24126beac8
gitlab/bin: consider main as r4.3 2024-07-11 12:51:58 -04:00
Antoine Martin
9917fa1bc2 qubes-vm-gui: upgrade to 4.2.14 2024-07-11 16:32:55 +00:00
Antoine Martin
2e68f01cbd qubes-vm-core: upgrade to 4.2.35 2024-07-11 16:30:41 +00:00
Antoine Martin
620fb8549f qubes-vm-qrexec: bump rel 2024-07-11 16:30:10 +00:00
Antoine Martin
80ff2032b4 qubes-usb-proxy: bump rel 2024-07-11 16:00:24 +00:00
Antoine Martin
b5029e0b18
qubes-vm-utils: bump rel 2024-07-11 11:45:43 -04:00
Antoine Martin
55f5330870 qubes-vm-utils: upgrade to 4.2.17 2024-07-11 14:07:16 +00:00
Antoine Martin
ef4af36b67 qubes-vm-qrexec: upgrade to 4.2.19 2024-07-11 14:05:41 +00:00
Antoine Martin
0a2a71595a qubes-usb-proxy: upgrade to 1.2.2 2024-07-11 14:03:30 +00:00
Antoine Martin
7065956f34
gitlab-ci.yml: drop v3.18 2024-06-03 10:39:12 -04:00
Antoine Martin
1673bc8eb3
*: bump pkgrel 2024-06-03 08:24:31 -04:00
Antoine Martin
d48384836e
gitlab-ci.yml: add 3.20 runners 2024-06-03 08:22:49 -04:00
Antoine Martin
56cf19c7a0 qubes-vm-qrexec: upgrade to 4.2.18 2024-04-20 21:51:55 +00:00
Antoine Martin
49f1ce1b16 qubes-vm-gui: upgrade to 4.2.13 2024-04-20 21:51:31 +00:00
Antoine Martin
227af42e30 qubes-vm-core: upgrade to 4.2.29 2024-04-20 21:51:09 +00:00
Antoine Martin
ac0ee6bd66 qubes-usb-proxy: upgrade to 1.2.1 2024-04-20 21:50:54 +00:00
Antoine Martin
a1e2bc03ed qubes-meta-packages: upgrade to 4.2.11 2024-04-20 21:50:37 +00:00
Antoine Martin
97a464e6dd
qubes-libvchan-xen: upgrade to 4.2.3 2024-04-20 17:03:34 -04:00
Antoine Martin
83bbfa3567 *: rebuild for python 3.12 2024-04-15 12:45:43 +00:00
Antoine Martin
cd9f43755c
qubes-gpg-split: upgrade to 2.0.70 2024-02-08 13:23:24 -05:00
Antoine Martin
b6fe31696d
qubes-vm-core: fix apk proxy 2024-02-08 12:30:26 -05:00
Antoine Martin
ef1b123c4e qubes-vm-qrexec: upgrade to 4.2.17 2024-02-01 22:34:16 +00:00
Antoine Martin
9fe00c24a9 qubes-libvchan-xen: upgrade to 4.2.2 2024-02-01 22:33:55 +00:00
Antoine Martin
ee522ee737 qubes-vm-gui: upgrade to 4.2.12 2024-02-01 22:33:46 +00:00
Antoine Martin
bb598454c0
qubes-vm-core: upgrade to 4.2.28 2024-02-01 16:50:37 -05:00
Antoine Martin
0e47e975b5 qubes-vm-core: upgrade to 4.2.27 2024-02-01 21:17:00 +00:00
Antoine Martin
0da3281cfc qubes-vm-utils: upgrade to 4.2.15 2024-02-01 20:25:01 +00:00
Antoine Martin
02c6bda4d4 qubes-app-linux-druide-antidote: new aport 2024-02-01 19:26:25 +00:00
Antoine Martin
0b252eff75
qubes-libvchan-xen: rebuild against sen 4.18 2023-12-07 19:41:37 -05:00
Antoine Martin
71f28ef65f
*: push pkgrel 2023-11-28 11:16:51 -05:00
Antoine Martin
fda3916231
gitlab-ci: add v3.19 build 2023-11-28 11:16:32 -05:00
Antoine Martin
c22569cd4c
qubes-vm-gui: bump pkgrel 2023-09-11 01:06:23 -04:00
Antoine Martin
0daee72675 qubes-vm-utils: upgrade to 4.2.13 2023-09-11 05:00:45 +00:00
Antoine Martin
1d70caa122 qubes-vm-qrexec: upgrade to 4.2.11 2023-09-11 04:58:14 +00:00
Antoine Martin
0338fea880 qubes-vm-core: upgrade to 4.2.21 2023-09-11 04:56:08 +00:00
Antoine Martin
42327016e6
qubes-vm-gui: upgrade to 4.2.9 2023-09-11 00:53:16 -04:00
Antoine Martin
5dc97166f4
qubes-vm-gui: remove deprecation of pulseaudio 2023-09-11 00:53:15 -04:00
Antoine Martin
b213e35465 qubes-vm-gui: do not use systemctl for qubes-session 2023-09-11 04:48:45 +00:00
Antoine Martin
04a40cece8 qubes-vm-core: fix setup-ip 2023-09-11 04:48:45 +00:00
Antoine Martin
9bf9b57855
*: bump pkgrel 2023-08-30 15:58:12 -04:00
Antoine Martin
8308c0cf42
gltlab-ci: implement target multiple Alpine releases 2023-08-30 15:51:22 -04:00
Antoine Martin
7390b8343d Update README.md 2023-08-27 19:02:01 +00:00
Antoine Martin
35da3eea11 qubes-usb-proxy: bump pkgrel 2023-08-27 19:02:01 +00:00
Antoine Martin
ff0aab1f60 qubes-gpg-split: bump pkgrel 2023-08-27 19:02:01 +00:00
Antoine Martin
346d069995 qubes-vm-gui: fix pam.d install 2023-08-26 19:32:09 +00:00
Antoine Martin
41572968b2
qubes-vm-core: add missing depends 2023-08-26 15:28:25 -04:00
Antoine Martin
376caaae3c
qubes-vm-core: add eudev depend 2023-08-25 16:45:39 -04:00
Antoine Martin
52f5847075 Add readme 2023-08-16 04:44:03 +00:00
Antoine Martin
bad57cc2ed
qubes-vm-qrexec: upgrade to 4.2.8 2023-08-16 00:03:14 -04:00
Antoine Martin
cbc2602c34
qubes-vm-utils: upgrade to 4.2.11 2023-08-15 23:08:50 -04:00
Antoine Martin
c96a0efda8
qubes-vm-gui-dev: upgrade to 4.2.4 2023-08-15 23:08:48 -04:00
Antoine Martin
6b94ec6cc4
qubes-vm-gui: upgrade to 4.2.8 2023-08-15 23:08:45 -04:00
Antoine Martin
f9192ee9c6
qubes-vm-core: upgrade to 4.2.19 2023-08-15 23:08:40 -04:00
Antoine Martin
83468ae4a0
qubes-meta-packages: upgrade to 4.2.9 2023-08-15 22:01:55 -04:00
Antoine Martin
bb07394c5c
qubes-libvchan-xen: upgrade to 4.2.1 2023-08-15 22:00:53 -04:00
Antoine Martin
4ca75689c6
qubes-db-vm: upgrade to 4.2.4 2023-08-15 21:58:40 -04:00
50 changed files with 1071 additions and 802 deletions
Download patch file Download diff file Expand all files Collapse all files

96
.gitlab/bin/build.sh → .forgejo/bin/build.sh
View file

@ -1,27 +1,25 @@
#!/bin/sh #!/bin/sh
# shellcheck disable=SC3043 # shellcheck disable=SC3043
. $CI_PROJECT_DIR/.gitlab/bin/functions.sh . /usr/local/lib/functions.sh
# shellcheck disable=SC3040 # shellcheck disable=SC3040
set -eu -o pipefail set -eu -o pipefail
readonly APORTSDIR=$CI_PROJECT_DIR readonly APORTSDIR=$CI_PROJECT_DIR
readonly REPOS="qubes/r4.1" readonly REPOS="main community testing"
readonly ALPINE_REPOS="main community testing"
readonly ARCH=$(apk --print-arch) readonly ARCH=$(apk --print-arch)
# gitlab variables # gitlab variables
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
: "${REPODEST:=$HOME/packages}" : "${REPODEST:=$HOME/packages}"
: "${MIRROR:=https://lab.ilot.io/ayakael/repo-apk/-/raw}" : "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}"
: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}" : "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
: "${MAX_ARTIFACT_SIZE:=300000000}" #300M : "${MAX_ARTIFACT_SIZE:=300000000}" #300M
: "${CI_DEBUG_BUILD:=}" : "${CI_DEBUG_BUILD:=}"
: "${CI_ALPINE_BUILD_OFFSET:=0}" : "${CI_ALPINE_BUILD_OFFSET:=0}"
: "${CI_ALPINE_BUILD_LIMIT:=9999}" : "${CI_ALPINE_BUILD_LIMIT:=9999}"
: "${CI_ALPINE_TARGET_ARCH:=$(uname -m)}"
msg() { msg() {
local color=${2:-green} local color=${2:-green}
@ -70,38 +68,48 @@ report() {
} }
get_release() { get_release() {
local RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}') echo $CI_ALPINE_TARGET
case $RELEASE in
v*) echo "${RELEASE%-*}";;
edge) echo edge;;
*) die "Branch \"$RELEASE\" not supported!"
esac
} }
get_qubes_release() { get_qubes_release() {
case $BASEBRANCH in case $BASEBRANCH in
r*) echo $BASEBRANCH;; r*) echo $BASEBRANCH;;
master) echo r4.2;; main) echo r4.3;;
*) die "Branch \"$BASEBRANCH\" not supported!"
esac esac
} }
changed_aports() {
: "${APORTSDIR?APORTSDIR missing}"
: "${BASEBRANCH?BASEBRANCH missing}"
cd "$APORTSDIR"
local aports
aports=$(git diff --name-only --diff-filter=ACMR \
"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
# shellcheck disable=2086
ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
}
build_aport() { build_aport() {
local repo="$1" aport="$2" local repo="$1" aport="$2"
cd "$APORTSDIR/$aport" cd "$APORTSDIR/$repo/$aport"
if abuild -r 2>&1 | report "build-$aport"; then if abuild -r 2>&1 | report "build-$aport"; then
checkapk | report "checkapk-$aport" || true checkapk 2>&1 | report "checkapk-$aport" || true
aport_ok="$aport_ok $aport" aport_ok="$aport_ok $repo/$aport"
else else
aport_ng="$aport_ng $aport" aport_ng="$aport_ng $repo/$aport"
fi fi
} }
check_aport() { check_aport() {
local repo="$1" aport="$2" local repo="$1" aport="$2"
cd "$APORTSDIR/$aport" cd "$APORTSDIR/$repo/$aport"
if ! abuild check_arch 2>/dev/null; then if ! abuild check_arch 2>/dev/null; then
aport_na="$aport_na $aport" aport_na="$aport_na $repo/$aport"
return 1 return 1
fi fi
} }
@ -111,9 +119,14 @@ set_repositories_for() {
local release local release
release=$(get_release) release=$(get_release)
repos="$MIRROR/$release/qubes/$target_repo $REPODEST/qubes-aports" for repo in qubes-$(get_qubes_release); do
sudo sh -c "printf '%s\n' $repos >> /etc/apk/repositories" [ "$repo" = "non-free" ] && continue
sudo apk update || true [ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue
repos="$repos $MIRROR/$release/$repo $REPODEST/$repo"
[ "$repo" = "$target_repo" ] && break
done
doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
doas apk update || true
} }
apply_offset_limit() { apply_offset_limit() {
@ -129,21 +142,15 @@ setup_system() {
local release local release
release=$(get_release) release=$(get_release)
for repo in $ALPINE_REPOS; do for repo in $REPOS; do
[ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
repos="$repos $ALPINE_MIRROR/$release/$repo" repos="$repos $ALPINE_MIRROR/$release/$repo"
done done
repos="$repos $MIRROR/$release/cross" doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
sudo sh -c "printf '%s\n' $repos > /etc/apk/repositories" doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system"
sudo apk -U upgrade -a || sudo apk fix || die "Failed to up/downgrade system" abuild-keygen -ain
gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub ( . /usr/share/abuild/default.conf; . /etc/abuild.conf; echo "Building with ${JOBS-1} jobs" )
chmod 700 $HOME/.abuild/$ABUILD_KEY_NAME.rsa
echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" >> $HOME/.abuild/abuild.conf
sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/$ABUILD_KEY_NAME.rsa.pub
sudo sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
( . /etc/abuild.conf && echo "Building with $JOBS jobs" )
mkdir -p "$REPODEST" mkdir -p "$REPODEST"
git config --global init.defaultBranch master git config --global init.defaultBranch master
} }
@ -169,8 +176,7 @@ copy_artifacts() {
if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then
msg "Copying packages for artifact upload" msg "Copying packages for artifact upload"
mkdir packages/$CI_ALPINE_TARGET_RELEASE cp -ar "$REPODEST"/* packages/ 2>/dev/null
cp -ar "$REPODEST"/* packages/$CI_ALPINE_TARGET_RELEASE 2>/dev/null
cp ~/.abuild/*.rsa.pub keys/ cp ~/.abuild/*.rsa.pub keys/
else else
msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow
@ -192,7 +198,7 @@ sysinfo || true
setup_system || die "Failed to setup system" setup_system || die "Failed to setup system"
# git no longer allows to execute in repositories owned by different users # git no longer allows to execute in repositories owned by different users
sudo chown -R $USER: . doas chown -R buildozer: .
fetch_flags="-qn" fetch_flags="-qn"
debugging && fetch_flags="-v" debugging && fetch_flags="-v"
@ -214,7 +220,6 @@ section_end setup
build_start=$CI_ALPINE_BUILD_OFFSET build_start=$CI_ALPINE_BUILD_OFFSET
build_limit=$CI_ALPINE_BUILD_LIMIT build_limit=$CI_ALPINE_BUILD_LIMIT
mkdir -p "$APORTSDIR"/logs "$APORTSDIR"/packages "$APORTSDIR"/keys
set_repositories_for $(get_qubes_release) set_repositories_for $(get_qubes_release)
built_aports=0 built_aports=0
changed_aports_in_repo=$(changed_aports $BASEBRANCH) changed_aports_in_repo=$(changed_aports $BASEBRANCH)
@ -227,20 +232,12 @@ printf " - %s\n" $changed_aports_to_build
for pkgname in $changed_aports_to_build; do for pkgname in $changed_aports_to_build; do
section_start "build_$pkgname" "Building package $pkgname" section_start "build_$pkgname" "Building package $pkgname"
built_aports=$((built_aports+1)) built_aports=$((built_aports+1))
if check_aport qubes-aports "$pkgname"; then if check_aport . "$pkgname"; then
build_aport qubes-aports "$pkgname" build_aport . "$pkgname"
fi fi
section_end "build_$pkgname" section_end "build_$pkgname"
done done
build_start=$((build_start-(changed_aports_in_repo_count-built_aports)))
build_limit=$((build_limit-built_aports))
if [ $build_limit -le 0 ]; then
msg "Limit reached, breaking"
break
fi
section_start artifacts "Handeling artifacts" collapse section_start artifacts "Handeling artifacts" collapse
copy_artifacts || true copy_artifacts || true
section_end artifacts section_end artifacts
@ -254,7 +251,7 @@ for ok in $aport_ok; do
done done
for na in $aport_na; do for na in $aport_na; do
msg "$na: disabled for $CI_ALPINE_TARGET_ARCH" yellow msg "$na: disabled for $ARCH" yellow
done done
for ng in $aport_ng; do for ng in $aport_ng; do
@ -268,3 +265,4 @@ if [ "$failed" = true ]; then
elif [ -z "$aport_ok" ]; then elif [ -z "$aport_ok" ]; then
msg "No packages found to be built." yellow msg "No packages found to be built." yellow
fi fi

35
.forgejo/bin/check_ver.sh Executable file
View file

@ -0,0 +1,35 @@
#!/bin/bash
# expects the following env variables:
# downstream: downstream repo
repo=${downstream/*\/}
curl --silent $downstream/x86_64/APKINDEX.tar.gz | tar -O -zx APKINDEX > APKINDEX
owned_by_you=$(awk -v RS= -v ORS="\n\n" '/m:Antoine Martin \(ayakael\) <dev@ayakael.net>/' APKINDEX | awk -F ':' '{if($1=="o"){print $2}}' | sort | uniq)
echo "Found $(printf '%s\n' $owned_by_you | wc -l ) packages owned by you"
rm -f out_of_date not_in_anitya
for pkg in $owned_by_you; do
if [ $CHECK_LATEST -eq 1 ]; then
upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].version')
else
upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_version')
fi
downstream_version=$(sed -n "/^P:$pkg$/,/^$/p" APKINDEX | awk -F ':' '{if($1=="V"){print $2}}' | sort -V | tail -n 1)
downstream_version=${downstream_version/-*}
if [ -z "$upstream_version" ]; then
echo "$pkg not in anitya"
echo "$pkg" >> not_in_anitya
elif [ "$downstream_version" != "$(printf '%s\n' $upstream_version $downstream_version | sort -V | head -n 1)" ]; then
echo "$pkg higher downstream"
continue
elif [ "$upstream_version" != "$downstream_version" ]; then
echo "$pkg upstream version $upstream_version does not match downstream version $downstream_version"
echo "$pkg $downstream_version $upstream_version $repo" >> out_of_date
fi
done

165
.forgejo/bin/create_issue.sh Executable file
View file

@ -0,0 +1,165 @@
#!/bin/bash
# expects:
# env variable ISSUE_TOKEN
# file out_of_date
IFS='
'
repo=${downstream/*\/}
does_it_exist() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
query="$repo/$name: upgrade to $upstream_version"
query="%22$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )%22"
result="$(curl --silent -X 'GET' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \
-H 'accept: application/json' \
-H "Authorization: token $ISSUE_TOKEN"
)"
if [ "$result" == "[]" ]; then
return 1
fi
}
is_it_old() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
query="$repo/$name: upgrade to"
query="%22$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )%22"
result="$(curl --silent -X 'GET' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \
-H 'accept: application/json' \
-H "authorization: token $ISSUE_TOKEN"
)"
result_title="$(echo $result | jq -r '.[].title' )"
result_id="$(echo $result | jq -r '.[].number' )"
result_upstream_version="$(echo $result_title | awk '{print $4}')"
if [ "$upstream_version" != "$result_upstream_version" ]; then
echo $result_id
else
echo 0
fi
}
update_title() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
id=$5
result=$(curl --silent -X 'PATCH' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$id" \
-H 'accept: application/json' \
-H "authorization: token $ISSUE_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"title\": \"$repo/$name: upgrade to $upstream_version\"
}"
)
return 0
}
create_issue() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
result=$(curl --silent -X 'POST' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \
-H 'accept: application/json' \
-H "authorization: token $ISSUE_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"title\": \"$repo/$name: upgrade to $upstream_version\",
\"labels\": [
$LABEL_NUMBER
]
}")
return 0
}
if [ -f out_of_date ]; then
out_of_date="$(cat out_of_date)"
echo "Detected $(wc -l out_of_date) out-of-date packages, creating issues"
for pkg in $out_of_date; do
name="$(echo $pkg | awk '{print $1}')"
downstream_version="$(echo $pkg | awk '{print $2}')"
upstream_version="$(echo $pkg | awk '{print $3}')"
repo="$(echo $pkg | awk '{print $4}')"
if does_it_exist $name $downstream_version $upstream_version $repo; then
echo "Issue for $repo/$name already exists"
continue
fi
id=$(is_it_old $name $downstream_version $upstream_version $repo)
if [ "$id" != "0" ] && [ -n "$id" ]; then
echo "Issue for $repo/$name needs updating"
update_title $name $downstream_version $upstream_version $repo $id
continue
fi
echo "Creating issue for $repo/$name"
create_issue $name $downstream_version $upstream_version $repo
done
fi
if [ -f not_in_anitya ]; then
query="Add missing $repo packages to anitya"
query="%22$(echo $query | sed 's| |%20|g')%22"
result="$(curl --silent -X 'GET' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \
-H 'accept: application/json' \
-H "authorization: token $ISSUE_TOKEN"
)"
if [ "$result" == "[]" ]; then
echo "Creating anitya issue"
result=$(curl --silent -X 'POST' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \
-H 'accept: application/json' \
-H "authorization: token $ISSUE_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"title\": \"Add missing $repo packages to anitya\",
\"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\",
\"labels\": [
$LABEL_NUMBER
]
}")
else
echo "Updating anitya issue"
result_id="$(echo $result | jq -r '.[].number' )"
result=$(curl --silent -X 'PATCH' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$result_id" \
-H 'accept: application/json' \
-H "authorization: token $ISSUE_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\"
}"
)
fi
fi

33
.forgejo/bin/deploy.sh Executable file
View file

@ -0,0 +1,33 @@
#!/bin/sh
# shellcheck disable=SC3040
set -eu -o pipefail
readonly BASEBRANCH=$CI_ALPINE_TARGET
readonly TARGET_REPO=$CI_ALPINE_REPO
get_qubes_release() {
case $GITHUB_BASE_REF in
r*) echo $GITHUB_BASE_REF;;
main) echo r4.3;;
esac
}
readonly QUBES_REL=$(get_qubes_release)
apkgs=$(find package -type f -name "*.apk")
for apk in $apkgs; do
arch=$(echo $apk | awk -F '/' '{print $3}')
name=$(echo $apk | awk -F '/' '{print $4}')
echo "Sending $name of arch $arch to $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL"
return=$(curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL 2>&1)
echo $return
if [ "$return" == "package file already exists" ]; then
echo "Package already exists, refreshing..."
curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN -X DELETE $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL/$arch/$name
curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL
fi
done

53
.forgejo/workflows/build-edge.yaml Normal file
View file

@ -0,0 +1,53 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
build-edge:
runs-on: x86_64
container:
image: alpinelinux/alpine-gitlab-ci:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
CI_ALPINE_TARGET: edge
steps:
- name: Environment setup
run: |
doas apk upgrade -a
doas apk add nodejs git patch curl
cd /etc/apk/keys
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
- name: Repo pull
uses: actions/checkout@v4
with:
fetch-depth: 500
- name: Package build
run: ${{ github.workspace }}/.forgejo/bin/build.sh
- name: Package upload
uses: forgejo/upload-artifact@v3
with:
name: package
path: packages
deploy-edge:
needs: [build-edge]
runs-on: x86_64
container:
image: alpine:latest
env:
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
CI_ALPINE_TARGET: edge
steps:
- name: Setting up environment
run: apk add nodejs curl findutils git gawk
- name: Repo pull
uses: actions/checkout@v4
- name: Package download
uses: forgejo/download-artifact@v3
- name: Package deployment
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

53
.forgejo/workflows/build-v3.21.yaml Normal file
View file

@ -0,0 +1,53 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
build-v3.21:
runs-on: x86_64
container:
image: alpinelinux/alpine-gitlab-ci:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
CI_ALPINE_TARGET: v3.21
steps:
- name: Environment setup
run: |
doas apk upgrade -a
doas apk add nodejs git patch curl
cd /etc/apk/keys
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
- name: Repo pull
uses: actions/checkout@v4
with:
fetch-depth: 500
- name: Package build
run: ${{ github.workspace }}/.forgejo/bin/build.sh
- name: Package upload
uses: forgejo/upload-artifact@v3
with:
name: package
path: packages
deploy-v3.21:
needs: [build-v3.21]
runs-on: x86_64
container:
image: alpine:latest
env:
CI_ALPINE_TARGET: v3.21
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
steps:
- name: Setting up environment
run: apk add nodejs curl findutils git gawk
- name: Repo pull
uses: actions/checkout@v4
- name: Package download
uses: forgejo/download-artifact@v3
- name: Package deployment
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

53
.forgejo/workflows/build-v3.22.yaml Normal file
View file

@ -0,0 +1,53 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
build-v3.22:
runs-on: x86_64
container:
image: alpinelinux/alpine-gitlab-ci:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
CI_ALPINE_TARGET: v3.22
steps:
- name: Environment setup
run: |
doas apk upgrade -a
doas apk add nodejs git patch curl
cd /etc/apk/keys
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
- name: Repo pull
uses: actions/checkout@v4
with:
fetch-depth: 500
- name: Package build
run: ${{ github.workspace }}/.forgejo/bin/build.sh
- name: Package upload
uses: forgejo/upload-artifact@v3
with:
name: package
path: packages
deploy-v3.22:
needs: [build-v3.22]
runs-on: x86_64
container:
image: alpine:latest
env:
CI_ALPINE_TARGET: v3.22
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
steps:
- name: Setting up environment
run: apk add nodejs curl findutils git gawk
- name: Repo pull
uses: actions/checkout@v4
- name: Package download
uses: forgejo/download-artifact@v3
- name: Package deployment
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

28
.forgejo/workflows/check-r4.2.yml Normal file
View file

@ -0,0 +1,28 @@
on:
workflow_dispatch:
schedule:
- cron: '0 5 * * *'
jobs:
check-r4.2:
name: Check user repo
runs-on: x86_64
container:
image: alpine:latest
env:
downstream: https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.2
ISSUE_TOKEN: ${{ secrets.issue_token }}
LABEL_NUMBER: 9
CHECK_LATEST: 0
steps:
- name: Environment setup
run: apk add grep coreutils gawk curl wget bash nodejs git jq sed
- name: Get scripts
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Check out-of-date packages
run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh
- name: Create issues
run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh

28
.forgejo/workflows/check-r4.3.yml Normal file
View file

@ -0,0 +1,28 @@
on:
workflow_dispatch:
schedule:
- cron: '0 5 * * *'
jobs:
check-r4.3:
name: Check user repo
runs-on: x86_64
container:
image: alpine:latest
env:
downstream: https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3
ISSUE_TOKEN: ${{ secrets.issue_token }}
LABEL_NUMBER: 9
CHECK_LATEST: 1
steps:
- name: Environment setup
run: apk add grep coreutils gawk curl wget bash nodejs git jq sed
- name: Get scripts
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Check out-of-date packages
run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh
- name: Create issues
run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh

23
.forgejo/workflows/lint.yaml Normal file
View file

@ -0,0 +1,23 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
lint:
run-name: lint
runs-on: x86_64
container:
image: alpinelinux/apkbuild-lint-tools:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
steps:
- run: |
doas apk upgrade -a
doas apk add nodejs git
- uses: actions/checkout@v4
with:
fetch-depth: 500
- run: lint

80
.gitlab-ci.yml
View file

@ -1,80 +0,0 @@
stages:
- verify
- build
- deploy
variables:
GIT_STRATEGY: clone
GIT_DEPTH: "500"
lint:
stage: verify
interruptible: true
script:
- |
sudo apk add shellcheck atools sudo abuild
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
lint
allow_failure: true
only:
- merge_requests
tags:
- apk-v3.18-x86_64
.build:
stage: build
interruptible: true
script:
- |
sudo apk add alpine-sdk lua-aports sudo
sudo addgroup $USER abuild
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
sudo -Eu $USER build.sh
artifacts:
paths:
- packages/
- keys/
- logs/
expire_in: 7 days
only:
- merge_requests
build-v3.18:
extends: .build
when: always
variables:
CI_ALPINE_TARGET_RELEASE: v3.18
tags:
- apk-$CI_ALPINE_TARGET_RELEASE-x86_64
build-v3.19:
extends: .build
when: always
variables:
CI_ALPINE_TARGET_RELEASE: v3.19
tags:
- apk-$CI_ALPINE_TARGET_RELEASE-x86_64
build-edge:
extends: .build
when: always
variables:
CI_ALPINE_TARGET_RELEASE: edge
tags:
- apk-$CI_ALPINE_TARGET_RELEASE-x86_64
push:
interruptible: true
stage: deploy
script:
- |
sudo apk add abuild git-lfs findutils
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
push.sh
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
when: manual
tags:
- repo

111
.gitlab/bin/APKBUILD_SHIM
View file

@ -1,111 +0,0 @@
#!/bin/sh
set -e
arch=
builddir=
checkdepends=
depends=
depends_dev=
depends_doc=
depends_libs=
depends_openrc=
depends_static=
install=
install_if=
langdir=
ldpath=
license=
makedepends=
makedepends_build=
makedepends_host=
md5sums=
options=
patch_args=
pkgbasedir=
pkgdesc=
pkgdir=
pkgname=
pkgrel=
pkgver=
pkggroups=
pkgusers=
provides=
provider_priority=
replaces=
sha256sums=
sha512sums=
sonameprefix=
source=
srcdir=
startdir=
subpackages=
subpkgdir=
subpkgname=
triggers=
url=
# abuild.conf
CFLAGS=
CXXFLAGS=
CPPFLAGS=
LDFLAGS=
JOBS=
MAKEFLAGS=
CMAKE_CROSSOPTS=
. ./APKBUILD
: "$arch"
: "$builddir"
: "$checkdepends"
: "$depends"
: "$depends_dev"
: "$depends_doc"
: "$depends_libs"
: "$depends_openrc"
: "$depends_static"
: "$install"
: "$install_if"
: "$langdir"
: "$ldpath"
: "$license"
: "$makedepends"
: "$makedepends_build"
: "$makedepends_host"
: "$md5sums"
: "$options"
: "$patch_args"
: "$pkgbasedir"
: "$pkgdesc"
: "$pkgdir"
: "$pkgname"
: "$pkgrel"
: "$pkgver"
: "$pkggroups"
: "$pkgusers"
: "$provides"
: "$provider_priority"
: "$replaces"
: "$sha256sums"
: "$sha512sums"
: "$sonameprefix"
: "$source"
: "$srcdir"
: "$startdir"
: "$subpackages"
: "$subpkgdir"
: "$subpkgname"
: "$triggers"
: "$url"
# abuild.conf
: "$CFLAGS"
: "$CXXFLAGS"
: "$CPPFLAGS"
: "$LDFLAGS"
: "$JOBS"
: "$MAKEFLAGS"
: "$CMAKE_CROSSOPTS"

16
.gitlab/bin/apkbuild-shellcheck
View file

@ -1,16 +0,0 @@
#!/bin/sh
shellcheck -s ash \
-e SC3043 \
-e SC3057 \
-e SC3060 \
-e SC2016 \
-e SC2086 \
-e SC2169 \
-e SC2155 \
-e SC2100 \
-e SC2209 \
-e SC2030 \
-e SC2031 \
-e SC1090 \
-xa $CI_PROJECT_DIR/.gitlab/bin/APKBUILD_SHIM

20
.gitlab/bin/changed-aports
View file

@ -1,20 +0,0 @@
#!/bin/sh
if [ $# -lt 1 ]; then
echo "Usage: $0 <basebranch>"
exit 1
fi
if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
echo "Fatal: not inside a git repository"
exit 2
fi
basebranch=$1
if ! git rev-parse --verify --quiet $basebranch >/dev/null; then
# The base branch does not eixst, probably due to a shallow clone
git fetch -v $CI_MERGE_REQUEST_PROJECT_URL.git +refs/heads/$basebranch:refs/heads/$basebranch
fi
git --no-pager diff --diff-filter=ACMR --name-only $basebranch...HEAD -- "*/APKBUILD" | xargs -r -n1 dirname

63
.gitlab/bin/functions.sh
View file

@ -1,63 +0,0 @@
# shellcheck disable=SC3043
:
# shellcheck disable=SC3040
set -eu -o pipefail
changed_aports() {
: "${APORTSDIR?APORTSDIR missing}"
: "${BASEBRANCH?BASEBRANCH missing}"
cd "$APORTSDIR"
local repo="$1"
local aports
aports=$(git diff --name-only --diff-filter=ACMR \
"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
# shellcheck disable=2086
ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
}
section_start() {
name=${1?arg 1 name missing}
header=${2?arg 2 header missing}
collapsed=$2
timestamp=$(date +%s)
options=""
case $collapsed in
yes|on|collapsed|true) options="[collapsed=true]";;
esac
printf "\e[0Ksection_start:%d:%s%s\r\e[0K%s\n" "$timestamp" "$name" "$options" "$header"
}
section_end() {
name=$1
timestamp=$(date +%s)
printf "\e[0Ksection_end:%d:%s\r\e[0K" "$timestamp" "$name"
}
gitlab_key_to_rsa() {
KEY=$1
TYPE=$2
TGT=$3
TGT_DIR=${TGT%/*}
if [ "$TGT" == "$TGT_DIR" ]; then
TGT_DIR="./"
fi
if [ ! -d "$TGT_DIR" ]; then
mkdir -p "$TGT_DIR"
fi
case $TYPE in
rsa-public) local type="PUBLIC";;
rsa-private) local type="RSA PRIVATE";;
esac
echo "-----BEGIN $type KEY-----" > "$TGT"
echo $1 | sed 's/.\{64\}/&\
/g' >> "$TGT"
echo "-----END $type KEY-----" >> "$TGT"
}

96
.gitlab/bin/lint
View file

@ -1,96 +0,0 @@
#!/bin/sh
BLUE="\e[34m"
MAGENTA="\e[35m"
RESET="\e[0m"
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
verbose() {
echo "> " "$@"
# shellcheck disable=SC2068
$@
}
debugging() {
[ -n "$CI_DEBUG_BUILD" ]
}
debug() {
if debugging; then
verbose "$@"
fi
}
# git no longer allows to execute in repositories owned by different users
sudo chown -R gitlab-runner: .
fetch_flags="-qn"
debugging && fetch_flags="-v"
git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
if debugging; then
merge_base=$(git merge-base "$BASEBRANCH" HEAD)
echo "$merge_base"
git --version
git config -l
git tag merge-base "$merge_base" || { echo "Could not determine merge-base"; exit 50; }
git log --oneline --graph --decorate --all
fi
has_problems=0
for PKG in $(changed-aports "$BASEBRANCH"); do
printf "$BLUE==>$RESET Linting $PKG\n"
(
cd "$PKG"
repo=$(basename $(dirname $PKG));
if [ "$repo" == "backports" ]; then
echo "Skipping $PKG as backports (we don't care)"
continue
fi
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " parse APKBUILD:\n"
printf '======================================================'
printf "$RESET\n\n"
( . ./APKBUILD ) || has_problems=1
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " abuild sanitycheck:\n"
printf '======================================================'
printf "$RESET\n\n"
abuild sanitycheck || has_problems=1
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " apkbuild-shellcheck:\n"
printf '======================================================'
printf "$RESET\n"
apkbuild-shellcheck || has_problems=1
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " apkbuild-lint:\n"
printf '======================================================'
printf "$RESET\n\n"
apkbuild-lint APKBUILD || has_problems=1
return $has_problems
) || has_problems=1
echo
done
exit $has_problems

65
.gitlab/bin/push.sh
View file

@ -1,65 +0,0 @@
#!/bin/sh
# shellcheck disable=SC3043
. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
# shellcheck disable=SC3040
set -eu -o pipefail
readonly APORTSDIR=$CI_PROJECT_DIR
readonly REPOS="backports user"
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
gitlab_key_to_rsa $SSH_KEY rsa-private $HOME/.ssh/id_rsa
chmod 700 "$HOME"/.ssh/id_rsa
chmod 700 "$HOME"/.abuild/$ABUILD_KEY_NAME.rsa
echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" > $HOME/.abuild/abuild.conf
echo "REPODEST=$HOME/repo-apk/qubes" >> $HOME/.abuild/abuild.conf
sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/.
get_qubes_release() {
case $BASEBRANCH in
r*) echo $BASEBRANCH;;
master) echo r4.2;;
*) die "Branch \"$BASEBRANCH\" not supported!"
esac
}
QUBES_REL=$(get_qubes_release)
for release in $(find packages -type d -maxdepth 1 -mindepth 1 -printf '%f\n'); do
if [ -d $HOME/repo-apk ]; then
git -C $HOME/repo-apk fetch
git -C $HOME/repo-apk checkout $release
git -C $HOME/repo-apk pull --rebase
else
git clone git@lab.ilot.io:ayakael/repo-apk -b $release $HOME/repo-apk
fi
for i in $(find packages/$release -type f -name "*.apk"); do
install -vDm644 $i ${i/packages\/$release\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL}
done
fetch_flags="-qn"
git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true
mkdir -p qubes/$QUBES_REL/DUMMY
echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD
cd qubes/$QUBES_REL/DUMMY
abuild index
cd "$CI_PROJECT_DIR"
rm -R qubes/$QUBES_REL/DUMMY
git -C $HOME/repo-apk add .
git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE"
git -C $HOME/repo-apk push
done

29
README.md
View file

@ -1,5 +1,5 @@
# qubes-aports # qports
Upstream: https://lab.ilot.io/ayakael/qubes-aports Upstream: https://ayakael.net/forge/qports
## Description ## Description
@ -8,8 +8,12 @@ Linux template. The upstream repo uses GitLab's CI to build and deploy packages
targetting multiple Alpine Linux versions. QubesOS releases are tracked using targetting multiple Alpine Linux versions. QubesOS releases are tracked using
branches. branches.
Note for `main` branch: This is currently tracking r4.3 packages, thus are
experimental. Use this branch at your own risk. For latest r4.2 packages,
navigate to that branch.
#### Template builder #### Template builder
The template builder is housed in its [own repo](https://lab.ilot.io/ayakael/qubes-builder-alpine). The template builder is housed in its [own repo](https://ayakael.net/forge/qubes-builder-alpine)
RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate
installation of your very own Alpine Linux template on QubesOS. installation of your very own Alpine Linux template on QubesOS.
@ -37,8 +41,25 @@ Extra packages
Omitted packages Omitted packages
* qubes-vmm-xen - The default Alpine xen package seems to provide the necessary modules * qubes-vmm-xen - The default Alpine xen package seems to provide the necessary modules
## How to use
Built packages are made available on a Forgejo-based Alpine repo for you convenience. You can follow these steps to use them:
Add security key of the apk repository to your /etc/apk/keys:
```shell
cd /etc/apk/keys
curl -JO https://ayakael.net/api/packages/forge/alpine/key
```
Add repository to `/etc/apk/repositories`:
```shell
echo "https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3" > /etc/apk/repositories
```
#### Known issues #### Known issues
Known issues are currently being tracked in [qubes-builder-alpine](https://lab.ilot.io/ayakael/qubes-builder-alpine) repo. Known issues are currently being tracked in [qubes-builder-alpine](https://ayakael.net/forge/qubes-builder-alpine/issues)
#### Issues, recommendations and proposals #### Issues, recommendations and proposals
**To report an issue or share a recommendation** **To report an issue or share a recommendation**

25
qubes-app-linux-druide-antidote/APKBUILD Normal file
View file

@ -0,0 +1,25 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-app-linux-druide-antidote
pkgver=0.0.1_git20240201
_gittag=c724c88aa2a20b1e422b464499015ff05753316d
pkgrel=4
arch="noarch"
pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file"
url=https://github.com/neowutran/qubes-app-linux-druide-antidote
license="GPL-3.0-only"
source="$pkgname-$_gittag.tar.gz::https://github.com/neowutran/qubes-app-linux-druide-antidote/archive/$_gittag.tar.gz"
depends="bash"
makedepends="pandoc"
builddir="$srcdir"/$pkgname-$_gittag
check() {
tests/all
}
package() {
make install-vm DESTDIR="$pkgdir/"
}
sha512sums="
e3597804bdcea25b2938aa325dfe9495f5bcde47c8515c7680c19882120e065d0a9ef8d120545ff3c9966b84a329cf87c5b993380510311ec8b5d9f5a8b35833 qubes-app-linux-druide-antidote-c724c88aa2a20b1e422b464499015ff05753316d.tar.gz
"

35
qubes-db-vm/0001-create_pidfile.patch
View file

@ -1,17 +1,17 @@
From d20a9db122608e0992c9ab6f675920d4bb1ee88f Mon Sep 17 00:00:00 2001 diff --git a/daemon/db-daemon.c.orig b/daemon/db-daemon.c
From: "build@apk-groulx" <build@apk-groulx.praxis> index bcf77df..c7b1a50 100644
Date: Fri, 4 Mar 2022 22:50:19 +0000 --- a/daemon/db-daemon.c.orig
Subject: [PATCH 1/1] create_pidfile
---
daemon/db-daemon.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/daemon/db-daemon.c b/daemon/db-daemon.c
index 9934d16..2b28995 100644
--- a/daemon/db-daemon.c
+++ b/daemon/db-daemon.c +++ b/daemon/db-daemon.c
@@ -618,11 +618,8 @@ int create_pidfile(struct db_daemon_data *d) { @@ -156,7 +156,7 @@ int mainloop(struct db_daemon_data *d) {
return 0;
}
d->multiread_requested = 1;
- /* wait for complete response */
+ /* wait for complete rsponse */
while (d->multiread_requested) {
AcquireSRWLockExclusive(&d->lock);
if (!handle_vchan_data(d)) {
@@ -627,11 +627,8 @@ static int create_pidfile(struct db_daemon_data *d) {
mode_t old_umask; mode_t old_umask;
struct stat stat_buf; struct stat stat_buf;
@ -24,7 +24,7 @@ index 9934d16..2b28995 100644
old_umask = umask(0002); old_umask = umask(0002);
pidfile = fopen(pidfile_name, "w"); pidfile = fopen(pidfile_name, "w");
@@ -643,10 +640,8 @@ void remove_pidfile(struct db_daemon_data *d) { @@ -652,10 +649,8 @@ static void remove_pidfile(struct db_daemon_data *d) {
struct stat stat_buf; struct stat stat_buf;
/* no pidfile for VM daemon - service is managed by systemd */ /* no pidfile for VM daemon - service is managed by systemd */
@ -36,15 +36,12 @@ index 9934d16..2b28995 100644
if (stat(pidfile_name, &stat_buf) == 0) { if (stat(pidfile_name, &stat_buf) == 0) {
/* remove pidfile only if it's the one created this process */ /* remove pidfile only if it's the one created this process */
@@ -754,7 +749,7 @@ int fuzz_main(int argc, char **argv) { @@ -763,7 +758,7 @@ int fuzz_main(int argc, char **argv) {
exit(1); exit(1);
case 0: case 0:
close(ready_pipe[0]); close(ready_pipe[0]);
- snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name); - snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name ? d.remote_name : "dom0");
+ snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubes-db.log"); + snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubes-db.log");
close(0); close(0);
old_umask = umask(0); old_umask = umask(0);
--
2.34.1

17
qubes-db-vm/APKBUILD
View file

@ -1,10 +1,9 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net> # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-db-vm pkgname=qubes-db-vm
subpackages="$pkgname-openrc" subpackages="$pkgname-openrc"
pkgver=4.1.17 pkgver=4.3.1
pkgrel=2 pkgrel=1
_gittag="v$pkgver" _gittag="v$pkgver"
pkgdesc="QubesDB libs and daemon service." pkgdesc="QubesDB libs and daemon service."
arch="x86_64" arch="x86_64"
@ -25,7 +24,7 @@ source="
qubes-db.openrc qubes-db.openrc
" "
builddir="$srcdir"/qubes-core-qubesdb-$pkgver builddir="$srcdir"/qubes-core-qubesdb-$pkgver
subpackages="$pkgname-dev" subpackages="$pkgname-dev $pkgname-openrc"
build() { build() {
# Build all with python bindings # Build all with python bindings
@ -40,12 +39,12 @@ build() {
package() { package() {
# Install all with python bindings # Install all with python bindings
make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/sbin make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/usr/sbin
install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db
} }
sha512sums=" sha512sums="
dad1580afa7d152551b7292051b624090ce57c006174d7c0f5273f4d9cecadcb70d46547263dcf23131d5f5df921519c9d8ca739acd9f0e9be303b20e73083bb qubes-db-vm-v4.1.17.tar.gz fcfa7321e1ca6af2943e900690695bde74e0b7e706e530ce92e297aeb036bbf9c12e191b7434ead4054690342a1c9ef517c6cf6e211debe5cc66474ceb57bd87 qubes-db-vm-v4.3.1.tar.gz
af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207 0001-musl-build.patch af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207 0001-musl-build.patch
ffe9ea8f65b4e164c3a0d1c8762d1e3b39de3799ae3e63f825457d52de49c6522820950e6262deaa9235ad97cd7c60bf1c9a077fff716c4ca9dbd688e9a73c91 0001-create_pidfile.patch 892eb29b9bab4d9e662678d13a5607df04cdb024c2f28332f40fa4b7c644476a4b26a9fc038dfcdac1e0b8d328165d21d50d894d2c1e27f792287dd57449e7eb 0001-create_pidfile.patch
3d87f82d3637cf10bf1a3058ebbd2590ab17f65d1b49058f62d892f126635497abd5045f6797bc8069e5de08bb6e08fc6146deb6422090ad02122764cc6d72f0 qubes-db.openrc 6f48b4bee6a3517bdbb884bd6f7e21916e8438c5e8b8d9d1b1cfffe970c4549d941056f9022998ed7f9edb799d9b123564f01e69cdca7da241d0fb6a8e9a1c5e qubes-db.openrc
" "

2
qubes-db-vm/qubes-db.openrc
View file

@ -2,7 +2,7 @@
name=$RC_SVCNAME name=$RC_SVCNAME
cfgfile="/etc/qubes/$RC_SVCNAME.conf" cfgfile="/etc/qubes/$RC_SVCNAME.conf"
command="/sbin/qubesdb-daemon" command="/usr/sbin/qubesdb-daemon"
command_args="0" command_args="0"
command_user="root" command_user="root"
pidfile="/run/qubes/$RC_SVCNAME.pid" pidfile="/run/qubes/$RC_SVCNAME.pid"

12
qubes-gpg-split/APKBUILD
View file

@ -1,11 +1,10 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net> # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-gpg-split pkgname=qubes-gpg-split
subpackages="$pkgname-doc" subpackages="$pkgname-doc"
pkgver=2.0.69 pkgver=2.0.78
_gittag="v$pkgver" _gittag="v$pkgver"
pkgrel=2 pkgrel=1
pkgdesc="Used Qubes AppVM as a “smart card”" pkgdesc="Used Qubes AppVM as a “smart card”"
arch="x86_64" arch="x86_64"
url="https://github.com/QubesOS/qubes-app-linux-split-gpg" url="https://github.com/QubesOS/qubes-app-linux-split-gpg"
@ -30,10 +29,7 @@ build() {
package() { package() {
make install-vm DESTDIR="$pkgdir" make install-vm DESTDIR="$pkgdir"
# Alpine packaging guidelines: /var/run is a symlink to a tmpfs. Don't create it.
rm -r "$pkgdir/var/run"
} }
sha512sums=" sha512sums="
e20b4303934d41d537f4efd3d2811802b5f5c86ac97beb1169d5c302dd150b56a3f6ca5c61788ad5cd8731747aa4f91b79806bf863df427603ba6aebab27448b qubes-gpg-split-v2.0.69.tar.gz c65feec105df442dd531f0453d9d9cfa8b7e84bd73c8823427c60bb757ac823f0912c964bdfcd64348343cb03266cadd5cc179f17e6d91b0376d8c2883776712 qubes-gpg-split-v2.0.78.tar.gz
" "

53
qubes-input-proxy/APKBUILD Normal file
View file

@ -0,0 +1,53 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-input-proxy
pkgver=1.0.42
_gittag="v$pkgver"
pkgrel=0
pkgdesc="The Qubes service for proxying input devices"
arch="x86_64"
url="https://github.com/QubesOS/qubes-app-linux-input-proxy"
license='GPL'
depends="
usbutils
qubes-vm-core
"
makedepends="linux-headers"
subpackages="$pkgname-openrc"
source="
$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-input-proxy/archive/refs/tags/$_gittag.tar.gz
qubes-input-trigger_use-openrc.patch
makefile_skip-systemd.patch
qubes-input-sender.openrc
"
builddir="$srcdir"/qubes-app-linux-input-proxy-$pkgver
build() {
make all \
LIBDIR=/usr/lib \
USRLIBDIR=/usr/lib \
SYSLIBDIR=/usr/lib
}
package() {
make install-vm \
DESTDIR="$pkgdir" \
LIBDIR=/usr/lib \
USRLIBDIR=/usr/lib \
SYSLIBDIR=/usr/lib
# replace all shebangs with /bin/sh as qubes expects bash
# shellcheck disable=SC2013
for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
sed -i 's|/bin/sh|/bin/bash|' "$i"
done
# move openrc to init.d
install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender
}
sha512sums="
f7d33793c406069d63f2e61f8d8425fedba18ae6ab5b507f66e6f869fdc27e201c57ac60f7d10014601e35f08c6a86da3c3123c805f2802a8f15e3f1d13a3f9c qubes-input-proxy-v1.0.42.tar.gz
e21e6ae680f98474cbb8b6213768ca1f8d5ffb0088173a387a309e1b40a9aabbb946f3201aa143088f144f13a5c85c3710b7ade1a1189655a08ed574e3d26df4 qubes-input-trigger_use-openrc.patch
d199c586e146c0846169a04419fcd72764c528f6d270388927bf79273bddd50a307b40db8be482847a93de473553c3cea00fc7b08b5f93f3d79e0a3f8e620f64 makefile_skip-systemd.patch
2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299 qubes-input-sender.openrc
"

18
qubes-input-proxy/makefile_skip-systemd.patch Normal file
View file

@ -0,0 +1,18 @@
diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
index 22ec526..bf7e0ea 100644
--- a/qubes-rpc/Makefile.orig
+++ b/qubes-rpc/Makefile
@@ -12,13 +12,6 @@ install-dom0:
$(DESTDIR)/etc/qubes-rpc/policy/qubes.InputTablet
install-vm:
- install -d $(DESTDIR)$(USRLIBDIR)/systemd/system
- install -m 0644 \
- qubes-input-sender-keyboard@.service \
- qubes-input-sender-keyboard-mouse@.service \
- qubes-input-sender-mouse@.service \
- qubes-input-sender-tablet@.service \
- $(DESTDIR)$(USRLIBDIR)/systemd/system
install -d $(DESTDIR)$(USRLIBDIR)/udev/rules.d
install -m 0644 qubes-input-proxy.rules \
$(DESTDIR)$(USRLIBDIR)/udev/rules.d/90-qubes-input-proxy.rules

28
qubes-input-proxy/qubes-input-sender.openrc Executable file
View file

@ -0,0 +1,28 @@
#!/sbin/openrc-run
name=$RC_SVCNAME
cfgfile="/etc/qubes/$RC_SVCNAME.conf"
input="${RC_SVCNAME/*.}"
svcname="${RC_SVCNAME/.*}."
type="${RC_SVCNAME%.*}"
type="${type/$svcname/}"
type="$(echo $type | sed 's/.*/\u&/')"
command="/usr/bin/qubes-input-sender"
command_args="qubes.Input$type /dev/input/$input dom0"
command_user="root"
pidfile="/run/qubes/$RC_SVCNAME.pid"
start_stop_daemon_args=""
command_background="true"
output_log="/var/log/qubes/$RC_SVCNAME.log"
error_log="/var/log/qubes/$RC_SVCNAME.err"
start_pre() {
checkpath --directory --owner $command_user:qubes --mode 0775 \
/run/qubes \
/var/log/qubes \
/var/run/qubes
}
stop_post() {
pkill -f "input-proxy-sender /dev/input/$input" || true
}

93
qubes-input-proxy/qubes-input-trigger_use-openrc.patch Normal file
View file

@ -0,0 +1,93 @@
diff --git a/qubes-rpc/qubes-input-trigger.orig b/qubes-rpc/qubes-input-trigger
index 264788e..edd40ec 100755
--- a/qubes-rpc/qubes-input-trigger.orig
+++ b/qubes-rpc/qubes-input-trigger
@@ -51,49 +51,69 @@ def get_service_name(udevreturn, input_dev):
('ID_INPUT_TOUCHPAD' in udevreturn) or
('QEMU_USB_Tablet' in udevreturn)
) and 'ID_INPUT_KEY' not in udevreturn:
- service = 'qubes-input-sender-tablet'
+ service = 'qubes-input-sender.tablet'
# if mouse report absolute events, prefer tablet service
# (0x3 is ABS_X | ABS_Y)
elif 'ID_INPUT_MOUSE' in udevreturn and abs_caps & 0x3:
- service = 'qubes-input-sender-tablet'
+ service = 'qubes-input-sender.tablet'
elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' not in udevreturn:
- service = 'qubes-input-sender-mouse'
+ service = 'qubes-input-sender.mouse'
elif 'ID_INPUT_KEY' in udevreturn and 'ID_INPUT_MOUSE' not in udevreturn:
- service = 'qubes-input-sender-keyboard'
+ service = 'qubes-input-sender.keyboard'
elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' in udevreturn:
- service = 'qubes-input-sender-keyboard-mouse'
+ service = 'qubes-input-sender.mouse'
if service:
- service = '{}@{}.service'.format(service, input_dev)
+ service = '{}.{}'.format(service, input_dev)
return service
def handle_service(service, action):
- retcode = subprocess.call(
- ["/bin/systemctl", "is-active", "--quiet", "service", service])
+ serviceFile = os.path.join("/etc/init.d", service)
+
+ sudo = []
+ if os.getuid() != 0:
+ sudo = ["sudo"]
+
if action == "add":
- systemctl_action = "start"
+ # create service link is not created
+ serviceFile = os.path.join("/etc/init.d", service)
+ if not os.path.exists(serviceFile):
+ subprocess.call(
+ ["/bin/ln", "-s", "/etc/init.d/qubes-input-sender", serviceFile])
+
# Ignore if service is already started
+ retcode = subprocess.call(
+ ["/sbin/rc-service","--quiet", service, "status"])
if retcode == 0:
return
+
+ subprocess.call(
+ sudo + ["/sbin/service", service, "start"])
+
elif action == "remove":
- systemctl_action = "stop"
+ # Ignore if service does not exist
+ if not os.path.exists(serviceFile):
+ return
+
# Ignore if service is not active
- if retcode != 0:
+ retcode = subprocess.call(
+ ["/sbin/rc-service", "--quiet", service, "status"])
+ if retcode == 3:
return
+
+ subprocess.call(
+ sudo + ["/sbin/service", service, "stop"])
+
+ # remove ln once stopped
+ if os.path.exists(serviceFile):
+ subprocess.call(
+ sudo + ["/bin/rm", serviceFile])
else:
print("Unknown action: %s" % action)
sys.exit(1)
- sudo = []
- if os.getuid() != 0:
- sudo = ["sudo"]
-
- subprocess.call(
- sudo + ["/bin/systemctl", "--no-block", systemctl_action, service])
-
-
def handle_event(input_dev, action, dom0):
udevreturn = None
if 'event' in input_dev: # if filename contains 'event'

61
qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch
View file

@ -1,61 +0,0 @@
From 8c4c3807119f27957e6c7f87d505d66d0ea4c3d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
<marmarek@invisiblethingslab.com>
Date: Sat, 18 Nov 2023 18:27:28 +0100
Subject: [PATCH] Support changed libxenctrl API in Xen 4.18.0
The xc_domain_getinfo() is gone, it's replaced with
xc_domain_getinfo_single. While the new API is a bit nicer, xenctrl.h
does not provide any #define to know which one is available. Check
library version in the makefile for that.
---
vchan/Makefile.linux | 4 ++++
vchan/io.c | 10 ++++++++++
2 files changed, 14 insertions(+)
diff --git a/vchan/Makefile.linux b/vchan/Makefile.linux
index 281f2b5..587cb34 100644
--- a/vchan/Makefile.linux
+++ b/vchan/Makefile.linux
@@ -27,6 +27,11 @@ CFLAGS += -g -Wall -Wextra -Werror -fPIC -O2 -D_GNU_SOURCE -D_FORTIFY_SOURCE=2 -
all: libvchan-xen.so vchan-xen.pc
-include *.dep
+# xenctrl.h does not provide any #define to distinguish API versions
+XENCTRL_VERSION := $(shell pkg-config --modversion xencontrol)
+CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \
+ sort -CV; then echo -DHAVE_XC_DOMAIN_GETINFO_SINGLE; fi)
+
libvchan-xen.so : init.o io.o
$(CC) $(LDFLAGS) -shared -o libvchan-xen.so $^ -lxenvchan -lxenctrl
clean:
diff --git a/vchan/io.c b/vchan/io.c
index 3d0ed35..0c23223 100644
--- a/vchan/io.c
+++ b/vchan/io.c
@@ -33,14 +33,24 @@
/* check if domain is still alive */
int libvchan__check_domain_alive(xc_interface *xc_handle, int dom) {
struct evtchn_status evst;
+#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE
+ xc_domaininfo_t dominfo;
+#else
xc_dominfo_t dominfo;
+#endif
int ret;
/* first try using domctl, more reliable but available in a privileged
* domain only */
+#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE
+ ret = xc_domain_getinfo_single(xc_handle, dom, &dominfo);
+ if (ret == 0)
+ return !(dominfo.flags & XEN_DOMINF_dying);
+#else
ret = xc_domain_getinfo(xc_handle, dom, 1, &dominfo);
if (ret == 1)
return dominfo.domid == (uint32_t)dom && !dominfo.dying;
+#endif
else if (ret == -1 && errno == ESRCH)
return 0;
/* otherwise fallback to xc_evtchn_status method */

26
qubes-libvchan-xen/APKBUILD
View file

@ -1,24 +1,32 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net> # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-libvchan-xen pkgname=qubes-libvchan-xen
pkgver=4.1.13 pkgver=4.2.7
pkgrel=4 pkgrel=2
_gittag=v$pkgver _gittag=v$pkgver
pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM." pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM."
arch="x86_64" arch="x86_64"
url="https://github.com/QubesOS/qubes-core-vchan-xen" url="https://github.com/QubesOS/qubes-core-vchan-xen"
license='GPL' license='GPL'
depends="xen" depends="xen xen-dev"
makedepends="xen-dev coreutils" makedepends="xen-dev coreutils patchelf"
builddir="$srcdir"/qubes-core-vchan-xen-$pkgver builddir="$srcdir"/qubes-core-vchan-xen-$pkgver
subpackages="$pkgname-dev" subpackages="$pkgname-dev"
source=" source="
$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz $pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz
39_support-changed-libxenctrl-api-xen418.patch link-against-patched-libs.patch
" "
prepare() {
default_prepare
cd "$builddir"/vchan
for i in libxenvchan.so libxenctrl.so; do
cp /usr/lib/$i ./
patchelf --set-soname $i $i
done
}
build() { build() {
cd "$builddir"/vchan cd "$builddir"/vchan
make -f Makefile.linux make -f Makefile.linux
@ -29,6 +37,6 @@ package() {
} }
sha512sums=" sha512sums="
cefb6b89f75936d791910d2169170536221d3123a1b33a14bea1fc5c08950ce934666719bf08eb3cc86ac055f85e6834f71e21c31189fa7299af09296c3cd99f qubes-libvchan-xen-v4.1.13.tar.gz e6d85407e40ca12df5042ed2ed98d77b6e7b88360e4d6369c3c781c06654246ea81ceabfeae5a506537259fcca3db46f1fc0f1ded5e04e38035601e060fe24ed qubes-libvchan-xen-v4.2.7.tar.gz
fedcba617d3843e41f257ff16b0a3108af844184252d4e702df8eccba21a4ef17d62c96acdb87bb4964e783b7f2f026305777be3379e7e7b51f4535a4704b52a 39_support-changed-libxenctrl-api-xen418.patch db33b54121b172dfdbfddb620d56998f1be893608c23b5fbdfe373005650ab012c0462a4a01d8da12611c22c0bb9877c7b42f0bf58871dfc4474386c44ab2249 link-against-patched-libs.patch
" "

13
qubes-libvchan-xen/link-against-patched-libs.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/vchan/Makefile.linux.orig b/vchan/Makefile.linux
index 587cb34..cccb5de 100644
--- a/vchan/Makefile.linux.orig
+++ b/vchan/Makefile.linux
@@ -34,7 +34,7 @@ CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \
SO_VER = 1
libvchan-xen.so.$(SO_VER): init.o io.o
- $(CC) $(LDFLAGS) -Wl,-soname,$@ -shared -o $@ $^ -lxenvchan -lxenctrl -lxenstore
+ $(CC) $(LDFLAGS) -Wl,-soname,$@ -shared -o $@ $^ ./libxenvchan.so ./libxenctrl.so -lxenstore
libvchan-xen.so: libvchan-xen.so.$(SO_VER)
ln -sf $< $@

9
qubes-meta-packages/APKBUILD
View file

@ -1,14 +1,13 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net> # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-meta-packages pkgname=qubes-meta-packages
subpackages=" subpackages="
qubes-vm-dependencies qubes-vm-dependencies
qubes-vm-recommended qubes-vm-recommended
" "
pkgver=4.1.24 pkgver=4.3.2
_gittag="v$pkgver" _gittag="v$pkgver"
pkgrel=2 pkgrel=1
pkgdesc="Meta packages for Qubes-specific components" pkgdesc="Meta packages for Qubes-specific components"
arch="noarch" arch="noarch"
url="https://github.com/QubesOS/qubes-meta-packages" url="https://github.com/QubesOS/qubes-meta-packages"
@ -39,5 +38,5 @@ recommended() {
mkdir -p "$subpkgdir" mkdir -p "$subpkgdir"
} }
sha512sums=" sha512sums="
5dfbdbc5a7fa3ae352d5c9de6822869065ebb1601880348ebb69fc1f91092bd3be333d5d8409575649d76412acce326f643ed5f95e07c2ac9b3f82a0dcc84293 qubes-meta-packages-v4.1.24 de1ee62e90e9e6d3662cd30f4ddd0649c9fda270a7dbf7f3de9a83362f5c8440c9ef3e3e6779a08627d3280258a047237e184c220421a941332b1151dc8bfe68 qubes-meta-packages-v4.3.2
" "

17
qubes-pass/APKBUILD
View file

@ -1,10 +1,9 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net> # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-pass pkgname=qubes-pass
pkgver=0.1.0 pkgver=0.1.0
_gittag="v$pkgver" _gittag="v$pkgver"
pkgrel=2 pkgrel=6
pkgdesc="An inter-VM password manager for Qubes OS" pkgdesc="An inter-VM password manager for Qubes OS"
arch="noarch" arch="noarch"
url="https://github.com/Rudd-O/qubes-pass" url="https://github.com/Rudd-O/qubes-pass"
@ -15,11 +14,21 @@ makedepends="
pkgconf pkgconf
" "
options="!check" options="!check"
source="$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz" subpackages="$pkgname-service"
source="
$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz
service-passquery.sh
"
package() { package() {
make install-client DESTDIR="$pkgdir" make install-client DESTDIR="$pkgdir"
} }
service() {
make -C "$builddir" install-service DESTDIR="$subpkgdir"
install -Dm755 "$srcdir"/service-passquery.sh "$subpkgdir"/etc/qubes-rpc/ruddo.PassQuery
}
sha512sums=" sha512sums="
b304bf8e6b8d04e7df4b52a02984ab03b6f3221c9178f1d91c99cab61e8b5ded45500b51de6d89aa76f4e73c0a3670ce6d07649c0ac159d048c3f0ac736c4d63 qubes-pass-v0.1.0.tar.gz b304bf8e6b8d04e7df4b52a02984ab03b6f3221c9178f1d91c99cab61e8b5ded45500b51de6d89aa76f4e73c0a3670ce6d07649c0ac159d048c3f0ac736c4d63 qubes-pass-v0.1.0.tar.gz
77807ba7bd8e1627785358ef2f9e165712ef41ef76f11e7a7b989b1057f462abc433df96265c6c7d669f81e39d89de0f7ea3dcbb207c5a7a22738b843fd7e160 service-passquery.sh
" "

13
qubes-pass/service-passquery.sh Normal file
View file

@ -0,0 +1,13 @@
#!/bin/bash
set -e
read -n 4096 cmd
cmd=$(echo "$cmd" | base64 -d)
if [ "$cmd" == "list-files" ] ; then
logger -t ruddo.PassQuery "requested password file list"
exec pass git ls-files | sed -e '/.gitattributes/d' -e '/.gpg-id/d'
fi

20
qubes-usb-proxy/APKBUILD
View file

@ -1,10 +1,9 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net> # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-usb-proxy pkgname=qubes-usb-proxy
pkgver=1.1.5 pkgver=4.3.0
_gittag="v$pkgver" _gittag="v$pkgver"
pkgrel=2 pkgrel=1
pkgdesc="The Qubes service for proxying USB devices" pkgdesc="The Qubes service for proxying USB devices"
arch="noarch" arch="noarch"
url="https://github.com/QubesOS/qubes-app-linux-usb-proxy" url="https://github.com/QubesOS/qubes-app-linux-usb-proxy"
@ -19,7 +18,10 @@ makedepends="
make make
pkgconf pkgconf
" "
source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz" source="
$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz
usb-import-alpine-udevadm.patch
"
builddir="$srcdir"/qubes-app-linux-usb-proxy-${_gittag/v} builddir="$srcdir"/qubes-app-linux-usb-proxy-${_gittag/v}
package() { package() {
@ -27,10 +29,14 @@ package() {
# replace all shebangs with /bin/sh as qubes expects bash # replace all shebangs with /bin/sh as qubes expects bash
# shellcheck disable=SC2013 # shellcheck disable=SC2013
for i in $(grep '/bin/sh' -Rl .); do for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
sed -i 's|/bin/sh|/bin/bash|' "$i" sed -i 's|/bin/sh|/bin/bash|' "$i"
done done
mkdir -p "$pkgdir"/etc/modules-load.d
echo "vhci-hcd" > "$pkgdir"/etc/modules-load.d/qubes-usb-proxy.conf
} }
sha512sums=" sha512sums="
27d28faec2ab9cc9df1e361dac244bc1b10afc406860ca2e3fc2dff3b666c6adaed615625aeba785918f8e08cffb215ef028698a178d795e586740caf1566fc9 qubes-usb-proxy-v1.1.5.tar.gz b193a4df3b0281b2619528ac0a6542a47bd7204a073c9f0cb7c17233d0537f742eb83a58d591fc0e2599aea1a4783f07c7c90dcccdf08fa5845d36e14adae1e3 qubes-usb-proxy-v4.3.0.tar.gz
c6519982f7eef8586ee823dc96efa7b1b90f489114edcc348bc5221837090d19a2a3533eac83e3269ba68c2cf24447c018e0ac850ed1423a1280ebae364223fa usb-import-alpine-udevadm.patch
" "

27
qubes-usb-proxy/usb-import-alpine-udevadm.patch Normal file
View file

@ -0,0 +1,27 @@
diff --git a/src/usb-import.orig b/src/usb-import
index 7b17799..e718795 100755
--- a/src/usb-import.orig
+++ b/src/usb-import
@@ -95,7 +95,7 @@ wait_for_attached() {
ERROR "Attach timeout, check kernel log for details."
fi
done
- [ -f "/usr/bin/udevadm" ] && udevadm settle
+ [ -f "/bin/udevadm" ] && udevadm settle
}
wait_for_detached() {
diff --git a/src/usb-export.orig b/src/usb-export
index ad2ab2b..37cff16 100755
--- a/src/usb-export.orig
+++ b/src/usb-export
@@ -110,8 +110,7 @@ if [ -n "$attach_to_usbip" ]; then
echo "$busid" > "$SYS_USBIP_HOST/bind" || exit 1
# optionally reset the device to clear any state from previous driver
- reset_on_attach=$(udevadm info --query=property \
- --value --property=QUBES_USB_RESET --path="$devpath")
+ reset_on_attach=$(udevadm info --query=property --path="$devpath" | awk -F "=" '{if($1=="QUBES_USB_RESET"){print $2}}' )
if [ -f /run/qubes-service/usb-reset-on-attach ]; then
reset_on_attach=1
fi

43
qubes-vm-core/APKBUILD
View file

@ -1,15 +1,15 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net> # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-core pkgname=qubes-vm-core
subpackages=" subpackages="
qubes-vm-networking:networking:noarch qubes-vm-networking:networking:noarch
qubes-vm-passwordless-root:root:noarch qubes-vm-passwordless-root:root:noarch
$pkgname-openrc $pkgname-openrc
$pkgname-doc $pkgname-doc
$pkgname-pyc
" "
pkgver=4.1.44 pkgver=4.3.27
pkgrel=6 pkgrel=0
_gittag="v$pkgver" _gittag="v$pkgver"
pkgdesc="The Qubes core files for installation inside a Qubes VM." pkgdesc="The Qubes core files for installation inside a Qubes VM."
arch="x86_64" arch="x86_64"
@ -17,8 +17,9 @@ url="https://github.com/QubesOS/qubes-core-agent-linux"
license="GPL" license="GPL"
options="!check" # No testsuite options="!check" # No testsuite
depends=" depends="
coreutils
blkid blkid
coreutils
dbus-x11
dconf dconf
desktop-file-utils desktop-file-utils
device-mapper device-mapper
@ -27,6 +28,7 @@ depends="
e2fsprogs-extra e2fsprogs-extra
ethtool ethtool
fakeroot fakeroot
findutils
gawk gawk
grep grep
haveged haveged
@ -39,10 +41,10 @@ depends="
py3-dbus py3-dbus
py3-gobject3 py3-gobject3
py3-xdg py3-xdg
python3
qubes-db-vm qubes-db-vm
qubes-libvchan-xen qubes-libvchan-xen
qubes-vm-utils qubes-vm-utils
rsvg-convert
sed sed
socat socat
xdg-utils xdg-utils
@ -73,7 +75,10 @@ source="
qubes-sysinit.openrc qubes-sysinit.openrc
qubes-updates-proxy-forwarder.openrc qubes-updates-proxy-forwarder.openrc
qubes-updates-proxy.openrc qubes-updates-proxy.openrc
apk-proxy.sh
qvm-sync-clock.sh qvm-sync-clock.sh
setupip-do-not-use-systemctl.patch
silence-stringop-overread-error.patch
" "
builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v} builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v}
@ -102,9 +107,9 @@ build() {
# * core systemd services and drop-ins # * core systemd services and drop-ins
# * basic network functionality (setting IP address, DNS, default gateway) # * basic network functionality (setting IP address, DNS, default gateway)
package() { package() {
make install-corevm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib make DESTDIR="$pkgdir" SYSTEM_DROPIN_DIR=/usr/lib/systemd SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install-corevm
make -C app-menu install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib make -C app-menu DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install
make -C misc install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib make -C misc DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install
make -C qubes-rpc DESTDIR="$pkgdir" install make -C qubes-rpc DESTDIR="$pkgdir" install
make -C qubes-rpc/kde DESTDIR="$pkgdir" install make -C qubes-rpc/kde DESTDIR="$pkgdir" install
make -C qubes-rpc/nautilus DESTDIR="$pkgdir" install make -C qubes-rpc/nautilus DESTDIR="$pkgdir" install
@ -112,6 +117,9 @@ package() {
make -C network DESTDIR="$pkgdir" install make -C network DESTDIR="$pkgdir" install
install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/. install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/.
install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/. install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/.
install -Dm644 "$srcdir"/apk-proxy.sh "$pkgdir"/etc/profile.d/apk-proxy.sh
install -dm755 "$pkgdir"/etc/bash
ln -s /etc/profile.d/apk-proxy.sh "$pkgdir"/etc/bash/apk-proxy.sh
for i in $source; do for i in $source; do
case $i in case $i in
@ -121,7 +129,6 @@ package() {
"$pkgdir"/etc/conf.d/${i%.*};; "$pkgdir"/etc/conf.d/${i%.*};;
esac esac
done done
} }
@ -143,32 +150,34 @@ networking() {
net-tools net-tools
networkmanager networkmanager
nftables nftables
python3
qubes-db-vm qubes-db-vm
qubes-vm-core qubes-vm-core
qubes-vm-utils qubes-vm-utils
tinyproxy tinyproxy
" "
cd "$builddir" cd "$builddir"
install -dm 755 "$subpkgdir"/usr/bin install -dm 755 "$subpkgdir"/usr/bin "$subpkgdir"/usr/lib/systemd/system
mv "$pkgdir"/usr/bin/qubes-firewall "$subpkgdir"/usr/bin/. mv "$pkgdir"/usr/bin/qubes-firewall "$subpkgdir"/usr/bin/.
make install-netvm DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib make install-netvm DESTDIR="$subpkgdir" SYSTEM_DROPIN_DIR=/usr/lib/systemd SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
} }
root() { root() {
cd "$builddir" cd "$builddir"
pkgdesc="Qubes OS Passwordless root access from normal user" pkgdesc="Qubes OS Passwordless root access from normal user"
make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
} }
sha512sums=" sha512sums="
34ba5d84fa621ff25e8a9cc0d6ca69ee25bc7dbf37f13b08ccec13692ec9ebb8b12732878464e7e2909366de68727bdb66f960692be41e5186126701dfe861dd qubes-vm-core-v4.1.44.tar.gz 5d308411c9d01ee80853cab6cc53902c7109543e237a7944ea234849f84f2e487c8e6b9ce0a2802e369ec7f677edc20b77a2585181c7a273fc7979402de07208 qubes-vm-core-v4.3.27.tar.gz
95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc
61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc
da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc
8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0 qubes-firewall.openrc 164159a80d00c160e74a0ebf4695c047ca7720821e4a9c395405cd96f680b6765e9c4cf426aea94fcb26e08274ec2b42adf45ecc12d26cf683ab3bd0c01afed9 qubes-firewall.openrc
437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f qubes-iptables.openrc 437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f qubes-iptables.openrc
e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30 qubes-sysinit.openrc e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30 qubes-sysinit.openrc
b1e8af2335955e52cf1817c56296f94f8c472e68d7a17a28f516fe4f5fa8a8053d4f9333efbb007a82a06f9442a4a6cfe5f9c751de07f337e47ee04cb18b9395 qubes-updates-proxy-forwarder.openrc 99ec0afc167866727072606aa183f0c7a539e68e0d8b9a57f6b9c129d3722c9135e1487eef438807d7138af0e669fb14608cbc1f1d5620ee9e995f294a8929f8 qubes-updates-proxy-forwarder.openrc
29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c qubes-updates-proxy.openrc 29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c qubes-updates-proxy.openrc
517d59e4699c24f23ccd59f5d4be3a519a426eee99d742c637fe1a9e69caa073621f4e9362c30182ba5a1a3eb0a769070c96e2c6b24cd8366a1f8f450a0b1c01 apk-proxy.sh
cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh
eb59321c800e65ce873085a1105b1b697d2a8ecaefcdaa8280a81d0082c0022653ecd746c7ec37e2c544265892afb77531effa17b0fa6c45a6a86925b513bdea setupip-do-not-use-systemctl.patch
6b96edf070706da596e7abcb9fe6419fbf17eecb46cbd65aeceea83d078458efaedfadec33021253c2bd1b356a85fa721316fa18d5a535491004046ba2c812d3 silence-stringop-overread-error.patch
" "

5
qubes-vm-core/apk-proxy.sh Normal file
View file

@ -0,0 +1,5 @@
# Use the update proxy over the QubesOS RPC for apk
# /etc/init.d/qubes-updates-proxy-forwarder creates the socket to the proxy
alias apk='https_proxy="http://127.0.0.1:8082/" http_proxy="http://127.0.0.1:8082/" apk'
# allow aliases with sudo
alias sudo='sudo '

2
qubes-vm-core/qubes-firewall.openrc
View file

@ -16,7 +16,7 @@ depend() {
} }
start_pre() { start_pre() {
/sbin/ethtool -K "$(get_qubes_managed_iface)" sg off /usr/sbin/ethtool -K "$(get_qubes_managed_iface)" sg off
checkpath --directory --owner $command_user:qubes --mode 0775 \ checkpath --directory --owner $command_user:qubes --mode 0775 \
/run/$RC_SVCNAME /var/log/qubes /run/$RC_SVCNAME /var/log/qubes
} }

136
qubes-vm-core/qubes-updates-proxy-forwarder.openrc
View file

@ -1,116 +1,34 @@
#!/bin/bash #!/sbin/openrc-run
#
# Updates proxy forwarder Startup script for the updates proxy forwarder # Updates proxy forwarder Startup script for the updates proxy forwarder
#
# chkconfig: 345 85 15
# description: forwards connection to updates proxy over Qubes RPC # description: forwards connection to updates proxy over Qubes RPC
# # The clients should use the below shell variable exports:
# processname: ncat # http_proxy="http://127.0.0.1:8082/"
# pidfile: /var/run/qubes-updates-proxy-forwarder.pid # https_proxy="http://127.0.0.1:8082/"
# # For apk, see the /etc/profile.d/apk-proxy.sh alias
# Source function library. name=$RC_SVCNAME
# shellcheck disable=SC1091 cfgfile="/etc/qubes/$RC_SVCNAME.conf"
. /etc/init.d/functions.sh command="/bin/busybox"
command_args="nc -lk -s 127.0.0.1 -p 8082 -e /usr/bin/qrexec-client-vm @default qubes.UpdatesProxy"
command_user="root"
pidfile="/run/qubes/$RC_SVCNAME.pid"
command_background="yes"
output_log="/var/log/qubes/$RC_SVCNAME.log"
error_log="/var/log/qubes/$RC_SVCNAME.err"
# Source Qubes library. depend() {
# shellcheck source=init/functions need qubes-qrexec-agent
. /usr/lib/qubes/init/functions need net
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
exec="/usr/bin/ncat"
prog=$(basename $exec)
pidfile="/var/run/qubes-updates-proxy-forwarder.pid"
# shellcheck disable=SC1091
[ -e /etc/sysconfig/qubes-updates-proxy-forwarder ] && . /etc/sysconfig/qubes-updates-proxy-forwarder
lockfile=/var/lock/subsys/qubes-updates-proxy-forwarder
start() {
have_qubesdb || return
if ! qsvc updates-proxy-setup ; then
# updates proxy configuration disabled
exit 0
fi
if qsvc qubes-updates-proxy ; then
# updates proxy running here too, avoid looping traffic back to itself
exit 0
fi
[ -x $exec ] || exit 5
echo -n $"Starting $prog (as Qubes updates proxy forwarder): "
# shellcheck disable=SC2016
start-stop-daemon \
--exec $exec \
--pidfile "$pidfile" \
--make-pidfile \
--background \
--start \
-- \
-k -l -e 'qrexec-client-vm $default qubes.UpdatesProxy'
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
} }
stop() { start_pre() {
echo -n $"Stopping $prog: " checkpath --directory --owner $command_user:qubes --mode 0775 \
killproc -p $pidfile "$prog" /run/qubes \
retval=$? /var/log/qubes \
echo /var/run/qubes
[ $retval -eq 0 ] && rm -f $lockfile # TODO should fail if qubes-update-proxy is running
return $retval # if qsvc qubes-updates-proxy ; then
# # updates proxy running here too, avoid looping traffic back to itself
# exit 0
# fi
} }
restart() {
stop
start
}
force_reload() {
restart
}
rh_status() {
status "$prog"
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|force-reload}"
exit 2
esac
exit $?

20
qubes-vm-core/setupip-do-not-use-systemctl.patch Normal file
View file

@ -0,0 +1,20 @@
diff --git a/network/setup-ip.orig b/network/setup-ip
index 9126f90..c1f401c 100755
--- a/network/setup-ip.orig
+++ b/network/setup-ip
@@ -244,15 +244,6 @@ if [ "$ACTION" == "add" ]; then
primary_dns=$(/usr/bin/qubesdb-read /qubes-primary-dns 2>/dev/null) || primary_dns=
secondary_dns=$(/usr/bin/qubesdb-read /qubes-secondary-dns 2>/dev/null) || secondary_dns=
- /lib/systemd/systemd-sysctl \
- "--prefix=/net/ipv4/conf/all" \
- "--prefix=/net/ipv4/neigh/all" \
- "--prefix=/net/ipv6/conf/all" \
- "--prefix=/net/ipv6/neigh/all" \
- "--prefix=/net/ipv4/conf/$INTERFACE" \
- "--prefix=/net/ipv4/neigh/$INTERFACE" \
- "--prefix=/net/ipv6/conf/$INTERFACE" \
- "--prefix=/net/ipv6/neigh/$INTERFACE"
if [ -n "$ip4" ]; then
# If NetworkManager is enabled, let it configure the network

13
qubes-vm-core/silence-stringop-overread-error.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
index 63bd924..e5973e6 100644
--- a/qubes-rpc/Makefile.orig
+++ b/qubes-rpc/Makefile
@@ -11,7 +11,7 @@ ifneq ($(DEBUG),0)
DEBUG_FLAGS := -g
endif
CPPFLAGS := -I.
-CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie $(CFLAGS)
+CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie -Wno-stringop-overread $(CFLAGS)
LDFLAGS := $(DEBUG_FLAGS) -pie $(LDFLAGS)
LDLIBS := -lqubes-rpc-filecopy

2
qubes-vm-core/sudo-aliases.sh Normal file
View file

@ -0,0 +1,2 @@
# allow aliases with sudo
alias sudo='sudo '

9
qubes-vm-gui-dev/APKBUILD
View file

@ -1,10 +1,9 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net> # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-gui-dev pkgname=qubes-vm-gui-dev
pkgver=4.1.1 pkgver=4.3.1
_gittag="v$pkgver" _gittag="v$pkgver"
pkgrel=3 pkgrel=1
pkgdesc="Common files for Qubes GUI - protocol headers." pkgdesc="Common files for Qubes GUI - protocol headers."
arch="noarch" arch="noarch"
url="https://github.com/QubesOS/qubes-gui-common" url="https://github.com/QubesOS/qubes-gui-common"
@ -19,5 +18,5 @@ package() {
cp include/*.h $pkgdir/usr/include/ cp include/*.h $pkgdir/usr/include/
} }
sha512sums=" sha512sums="
2d962822413b1e4da6ef9303bce9b25e179829080a4ab96aeb7b274682c32b4620201d1de9c177346ab8d80913ae5e5384792b301d350850408fa790cb77d641 qubes-vm-gui-dev-v4.1.1.tar.gz 2961f3aaecd4af5a2b0a99624a0364441573e60867bd113e39a6c8b0b825f1f1947d7889ed39e8de63c238c2d6b06ff11b32680c7261a79a2185a9f2b320fc12 qubes-vm-gui-dev-v4.3.1.tar.gz
" "

21
qubes-vm-gui/0001-initd-fix.patch
View file

@ -1,22 +1,13 @@
From 7f7914fc2d0957012f1c4b130b0e442d43110c7d Mon Sep 17 00:00:00 2001 diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
From: "build@apk-groulx" <build@apk-groulx.praxis> index 76e0227..268cb00 100755
Date: Sat, 5 Mar 2022 00:59:30 +0000 --- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig
Subject: [PATCH 1/1] initd fix
---
appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
index dc0a578..4c9623a 100755
--- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
+++ b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh +++ b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
@@ -23,4 +23,4 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then @@ -25,7 +25,7 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
gui_opts="$gui_opts -vv" gui_opts="$gui_opts -vv"
fi fi
-echo "GUI_OPTS=$gui_opts" >> /var/run/qubes-service-environment -echo "GUI_OPTS=$gui_opts" >> /var/run/qubes-service-environment
+echo "GUI_OPTS=\"$gui_opts\"" >> /var/run/qubes-service-environment +echo "GUI_OPTS=\"$gui_opts\"" >> /var/run/qubes-service-environment
--
2.34.1
# 2**30
echo 1073741824 > /sys/module/xen_gntalloc/parameters/limit

38
qubes-vm-gui/APKBUILD
View file

@ -1,10 +1,12 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net> # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-gui pkgname=qubes-vm-gui
subpackages="qubes-vm-pulseaudio $pkgname-openrc" subpackages="
pkgver=4.1.31 qubes-vm-pulseaudio
pkgrel=3 qubes-vm-pipewire
$pkgname-openrc"
pkgver=4.3.8
pkgrel=0
_gittag="v$pkgver" _gittag="v$pkgver"
pkgdesc="The Qubes GUI Agent for AppVMs" pkgdesc="The Qubes GUI Agent for AppVMs"
arch="x86_64" arch="x86_64"
@ -26,10 +28,13 @@ makedepends="
libxcomposite-dev libxcomposite-dev
libxt libxt
linux-pam-dev linux-pam-dev
libunistring-dev
lsb-release-minimal
make make
patch patch
pixman pixman
pkgconf pkgconf
pipewire-dev
pulseaudio-dev pulseaudio-dev
qubes-db-vm qubes-db-vm
qubes-db-vm-dev qubes-db-vm-dev
@ -47,6 +52,7 @@ source="
qubes-gui-agent.openrc qubes-gui-agent.openrc
qubes-sessions.sh qubes-sessions.sh
qubes-gui-agent.pam qubes-gui-agent.pam
qubes-sessions_do-not-use-systemd.patch
" "
builddir="$srcdir"/qubes-gui-agent-linux-${_gittag/v} builddir="$srcdir"/qubes-gui-agent-linux-${_gittag/v}
_qubes_backend_vmm=xen _qubes_backend_vmm=xen
@ -74,7 +80,7 @@ build() {
} }
package() { package() {
make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/usr/lib
install -Dm 755 "$srcdir"/qubes-gui-agent.openrc "$pkgdir"/etc/init.d/qubes-gui-agent install -Dm 755 "$srcdir"/qubes-gui-agent.openrc "$pkgdir"/etc/init.d/qubes-gui-agent
# Starts qubes-session after X11 start # Starts qubes-session after X11 start
@ -95,13 +101,27 @@ pulseaudio() {
local pa_ver=$(pkg-config --modversion libpulse 2>/dev/null | cut -f 1 -d "-") local pa_ver=$(pkg-config --modversion libpulse 2>/dev/null | cut -f 1 -d "-")
cd "$builddir" cd "$builddir"
make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/usr/lib
} }
pipewire() {
pkgdesc="PipeWire support for Qubes VM."
depends="pipewire"
cd "$builddir"
make install-pipewire \
"DESTDIR=$subpkgdir" \
LIBDIR=/usr/lib \
USRLIBDIR=/usr/lib \
SYSLIBDIR=/usr/lib
}
sha512sums=" sha512sums="
6a72fde5b3c1c6025b13b58340bb8d3eccab05050c8cbe3741d7c18ca48826e45a3df3716d77e2dd733c119ff8db5d920faa73f05cb94049306a0dad6f58349f qubes-vm-gui-v4.1.31.tar.gz 9fbb5cbbc7f1669d1c26a37de3f1459503f86fdebde56355ea653159de617123ba0014a4cc38dffe9ea4f6ce86f5e853fedde9c49850cd75fc3b520c96953f58 qubes-vm-gui-v4.3.8.tar.gz
f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch
262b93b4ea172926dc18b7af372168ff3f645a02db1529cb73af3d5aa6252a75500bfbd95344a835bbf646e753018d0e27885e41a03f06247226a485edb5e028 0001-initd-fix.patch 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch
68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc
bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0 qubes-sessions.sh bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0 qubes-sessions.sh
b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7 qubes-gui-agent.pam b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7 qubes-gui-agent.pam
ebd169122c4de1eb2a293eef7f462557abc45d98c696677afe3b18d5a372eb3fc9c42b4eba6718eb22abdf71a1d6885a8f3e1254ce342ffa5ad630f662503925 qubes-sessions_do-not-use-systemd.patch
" "

22
qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch Normal file
View file

@ -0,0 +1,22 @@
diff --git a/appvm-scripts/usrbin/qubes-session.orig b/appvm-scripts/usrbin/qubes-session
index 4417ba7..e5bedc2 100755
--- a/appvm-scripts/usrbin/qubes-session.orig
+++ b/appvm-scripts/usrbin/qubes-session
@@ -27,17 +27,6 @@
loginctl activate "$XDG_SESSION_ID"
-# Now import the environment from the systemd user session.
-# This is necessary to enable users to configure their
-# Qubes environment using the standard environment.d
-# facility. Documentation for the facility is at:
-# https://www.freedesktop.org/software/systemd/man/environment.d.html
-set -a # export all variables
-env=$(systemctl --user show-environment) && eval "$env" || exit
-set +a
-unset env
-
-
if qsvc guivm-gui-agent; then
if [ -e "$HOME/.xinitrc" ]; then
. "$HOME/.xinitrc"

19
qubes-vm-qrexec/APKBUILD
View file

@ -1,11 +1,10 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net> # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-qrexec pkgname=qubes-vm-qrexec
subpackages="$pkgname-openrc $pkgname-doc" subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc"
pkgver=4.1.22 pkgver=4.3.10
_gittag="v$pkgver" _gittag="v$pkgver"
pkgrel=3 pkgrel=0
pkgdesc="The Qubes qrexec files (qube side)" pkgdesc="The Qubes qrexec files (qube side)"
arch="x86_64" arch="x86_64"
url="https://github.com/QubesOS/qubes-core-qrexec" url="https://github.com/QubesOS/qubes-core-qrexec"
@ -33,7 +32,7 @@ prepare() {
default_prepare default_prepare
# remove all -Werror # remove all -Werror
msg "Eradicating -Werror..." msg "Eradicating -Werror..."
find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror//g' {} + find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror*. //g' {} +
} }
build() { build() {
@ -48,13 +47,13 @@ build() {
} }
package() { package() {
make install-base DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib make install-base DESTDIR="$pkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
make install-vm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib make install-vm DESTDIR="$pkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent
} }
sha512sums=" sha512sums="
c4d993dae87446fe73f390bdf0aa3bcfacce1a630b1f0e5f20c6ea7710c14cd9a7a0a66a66e5731dee47c6958c659e61b3c0ebea5a99a31317a52fb326650a2f qubes-vm-qrexec-v4.1.22.tar.gz 6b3d72d384e65436c04a89ec504822a1ae952f39f8660f8ad65af677207a302ca355ae8904430673a902779e0df3b548b62c6eda52171adb0e5a8552e1d1f7eb qubes-vm-qrexec-v4.3.10.tar.gz
e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc
e48a06778a880915827fb2ef3e38379eb2bc6cf63f7fed79472be4732f7110b0c642c7a62a43236f53404ce69afddd40a5bc92a984403aae74caae1580c31200 makefile-remove-cc-cflags.patch c3009ddb97656be7d0a78910217c852f0f9b20cd37b4537d99724e629bc87f1c675ada084eba3c641c4ae54dab8aacd87514d73de72f42d6ccc976e6255212bc makefile-remove-cc-cflags.patch
69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch
" "

8
qubes-vm-qrexec/makefile-remove-cc-cflags.patch
View file

@ -2,6 +2,14 @@ diff --git a/Makefile.orig b/Makefile
index ade10bf..7de05a4 100644 index ade10bf..7de05a4 100644
--- a/Makefile.orig --- a/Makefile.orig
+++ b/Makefile +++ b/Makefile
@@ -1,6 +1,5 @@
MAKEFLAGS=-r
-CC ?= gcc
-CFLAGS += -Werror=strict-prototypes -Werror=old-style-definition -Werror=missing-declarations -Werror=missing-prototypes
+CFLAGS += -Wno-incompatible-pointer-types -Wno-int-conversion -Wno-implicit-function-declaration
PYTHON ?= python3
export PYTHON CC MAKEFLAGS CFLAGS
@@ -26,7 +24,7 @@ all-base: @@ -26,7 +24,7 @@ all-base:
$(PYTHON) setup.py build $(PYTHON) setup.py build
.PHONY: all-base .PHONY: all-base

15
qubes-vm-utils/APKBUILD
View file

@ -1,13 +1,13 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net> # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-utils pkgname=qubes-vm-utils
subpackages=" subpackages="
qubes-vm-kernel-support:support:noarch qubes-vm-kernel-support:support:noarch
$pkgname-openrc $pkgname-openrc
$pkgname-pyc
" "
pkgver=4.1.19 pkgver=4.3.11
pkgrel=2 pkgrel=0
_gittag="v$pkgver" _gittag="v$pkgver"
pkgdesc="Common Linux files for Qubes VM." pkgdesc="Common Linux files for Qubes VM."
arch="x86_64" arch="x86_64"
@ -23,6 +23,7 @@ makedepends="
make make
pkgconfig pkgconfig
py3-setuptools py3-setuptools
icu-dev
qubes-libvchan-xen-dev qubes-libvchan-xen-dev
xen-dev xen-dev
" "
@ -39,7 +40,7 @@ build() {
} }
package() { package() {
make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/lib SBINDIR=/sbin make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SBINDIR=/usr/sbin
install -Dm 755 "$srcdir"/qubes-meminfo-writer.openrc "$pkgdir"/etc/init.d/qubes-meminfo-writer install -Dm 755 "$srcdir"/qubes-meminfo-writer.openrc "$pkgdir"/etc/init.d/qubes-meminfo-writer
} }
@ -58,6 +59,6 @@ support() {
install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh
} }
sha512sums=" sha512sums="
adfa6190af80e8ff92b899056370b8e820820154dcbad2d141debc72a6f122d94894eb0ffd5f56715db8ff7c3166c63b8832a78f70c35d86d42af071297b7d35 qubes-vm-utils-v4.1.19.tar.gz 76dd3e8eba8751cec090d012e654706be5f94e9334bc5f86796f9be16ea931c64a8c52ecbe6f225b8abdb47bd55368984cc2fd3797fe714af3cd13c572ae9089 qubes-vm-utils-v4.3.11.tar.gz
aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3 qubes-meminfo-writer.openrc c29bac0c6b9a0c81ee42e88541d9216549276448a02c3005ea20d85c7eda483cee28bbc159098bd42badc7ed80058734311931ee4ef13e170e49f83cf3f5a9ae qubes-meminfo-writer.openrc
" "

2
qubes-vm-utils/qubes-meminfo-writer.openrc
View file

@ -3,7 +3,7 @@
name=$RC_SVCNAME name=$RC_SVCNAME
cfgfile="/etc/qubes/$RC_SVCNAME.conf" cfgfile="/etc/qubes/$RC_SVCNAME.conf"
pidfile="/var/run/meminfo-writer.pid" pidfile="/var/run/meminfo-writer.pid"
command="/sbin/meminfo-writer" command="/usr/sbin/meminfo-writer"
command_args="30000 100000 $pidfile" command_args="30000 100000 $pidfile"
command_user="root" command_user="root"
start_stop_daemon_args="" start_stop_daemon_args=""