qubes-vm-gui: upgrade to 4.2.20

m

.forgejo/bin/build.sh

@@ -1,27 +1,25 @@
 #!/bin/sh
 # shellcheck disable=SC3043
 
-. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
+. /usr/local/lib/functions.sh
 
 # shellcheck disable=SC3040
 set -eu -o pipefail
 
 readonly APORTSDIR=$CI_PROJECT_DIR
-readonly REPOS="qubes/r4.1"
-readonly ALPINE_REPOS="main community testing"
+readonly REPOS="main community testing"
 readonly ARCH=$(apk --print-arch)
 # gitlab variables
 readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
 
 : "${REPODEST:=$HOME/packages}"
-: "${MIRROR:=https://lab.ilot.io/ayakael/repo-apk/-/raw}"
+: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}"
 : "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
 : "${MAX_ARTIFACT_SIZE:=300000000}" #300M
 : "${CI_DEBUG_BUILD:=}"
 
 : "${CI_ALPINE_BUILD_OFFSET:=0}"
 : "${CI_ALPINE_BUILD_LIMIT:=9999}"
-: "${CI_ALPINE_TARGET_ARCH:=$(uname -m)}"
 
 msg() {
 	local color=${2:-green}
@@ -70,38 +68,48 @@ report() {
 }
 
 get_release() {
-	local RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}')
-	case $RELEASE in
-		v*) echo "${RELEASE%-*}";;
-		edge) echo edge;;
-		*) die "Branch \"$RELEASE\" not supported!"
-	esac
+	echo $CI_ALPINE_TARGET
 }
 
+
 get_qubes_release() {
 	case $BASEBRANCH in
 		r*) echo $BASEBRANCH;;
-		master) echo r4.2;;
-		*) die "Branch \"$BASEBRANCH\" not supported!"
+		main) echo r4.3;;
 	esac
 }
 
+changed_aports() {
+	: "${APORTSDIR?APORTSDIR missing}"
+	: "${BASEBRANCH?BASEBRANCH missing}"
+
+	cd "$APORTSDIR"
+	local aports
+
+	aports=$(git diff --name-only --diff-filter=ACMR \
+		"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
+
+	# shellcheck disable=2086
+	ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
+}
+
+
 build_aport() {
 	local repo="$1" aport="$2"
-	cd "$APORTSDIR/$aport"
+	cd "$APORTSDIR/$repo/$aport"
 	if abuild -r 2>&1 | report "build-$aport"; then
-		checkapk | report "checkapk-$aport" || true
-		aport_ok="$aport_ok $aport"
+		checkapk 2>&1 | report "checkapk-$aport" || true
+		aport_ok="$aport_ok $repo/$aport"
 	else
-		aport_ng="$aport_ng $aport"
+		aport_ng="$aport_ng $repo/$aport"
 	fi
 }
 
 check_aport() {
 	local repo="$1" aport="$2"
-	cd "$APORTSDIR/$aport"
+	cd "$APORTSDIR/$repo/$aport"
 	if ! abuild check_arch 2>/dev/null; then
-		aport_na="$aport_na $aport"
+		aport_na="$aport_na $repo/$aport"
 		return 1
 	fi
 }
@@ -111,9 +119,14 @@ set_repositories_for() {
 	local release
 
 	release=$(get_release)
-	repos="$MIRROR/$release/qubes/$target_repo $REPODEST/qubes-aports"
-	sudo sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
-	sudo apk update || true
+	for repo in qubes-$(get_qubes_release); do
+		[ "$repo" = "non-free" ] && continue
+		[ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue
+		repos="$repos $MIRROR/$release/$repo $REPODEST/$repo"
+		[ "$repo" = "$target_repo" ] && break
+	done
+	doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
+	doas apk update || true
 }
 
 apply_offset_limit() {
@@ -129,21 +142,15 @@ setup_system() {
 	local release
 
 	release=$(get_release)
-	for repo in $ALPINE_REPOS; do
+	for repo in $REPOS; do
 		[ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
 		repos="$repos $ALPINE_MIRROR/$release/$repo"
 	done
-	repos="$repos $MIRROR/$release/cross"
-	sudo sh -c "printf '%s\n' $repos > /etc/apk/repositories"
-	sudo apk -U upgrade -a || sudo apk fix || die "Failed to up/downgrade system"
-	gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
-	gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
-	chmod 700 $HOME/.abuild/$ABUILD_KEY_NAME.rsa
-	echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" >> $HOME/.abuild/abuild.conf
-	sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/$ABUILD_KEY_NAME.rsa.pub
-
-	sudo sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
-	( . /etc/abuild.conf && echo "Building with $JOBS jobs" )
+	doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
+	doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system"
+	abuild-keygen -ain
+	doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
+	( . /usr/share/abuild/default.conf; . /etc/abuild.conf; echo "Building with ${JOBS-1} jobs" )
 	mkdir -p "$REPODEST"
 	git config --global init.defaultBranch master
 }
@@ -169,8 +176,7 @@ copy_artifacts() {
 
 	if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then
 		msg "Copying packages for artifact upload"
-		mkdir packages/$CI_ALPINE_TARGET_RELEASE
-		cp -ar "$REPODEST"/* packages/$CI_ALPINE_TARGET_RELEASE 2>/dev/null
+		cp -ar "$REPODEST"/* packages/ 2>/dev/null
 		cp ~/.abuild/*.rsa.pub keys/
 	else
 		msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow
@@ -192,7 +198,7 @@ sysinfo || true
 setup_system || die "Failed to setup system"
 
 # git no longer allows to execute in repositories owned by different users
-sudo chown -R $USER: .
+doas chown -R buildozer: .
 
 fetch_flags="-qn"
 debugging && fetch_flags="-v"
@@ -214,7 +220,6 @@ section_end setup
 build_start=$CI_ALPINE_BUILD_OFFSET
 build_limit=$CI_ALPINE_BUILD_LIMIT
 
-mkdir -p "$APORTSDIR"/logs "$APORTSDIR"/packages "$APORTSDIR"/keys
 set_repositories_for $(get_qubes_release)
 built_aports=0
 changed_aports_in_repo=$(changed_aports $BASEBRANCH)
@@ -227,20 +232,12 @@ printf " - %s\n" $changed_aports_to_build
 for pkgname in $changed_aports_to_build; do
 	section_start "build_$pkgname" "Building package $pkgname"
 	built_aports=$((built_aports+1))
-	if check_aport qubes-aports "$pkgname"; then
-		build_aport qubes-aports "$pkgname"
+	if check_aport . "$pkgname"; then
+		build_aport . "$pkgname"
 	fi
 	section_end "build_$pkgname"
 done
 
-build_start=$((build_start-(changed_aports_in_repo_count-built_aports)))
-build_limit=$((build_limit-built_aports))
-
-if [ $build_limit -le 0 ]; then
-	msg "Limit reached, breaking"
-	break
-fi
-
 section_start artifacts "Handeling artifacts" collapse
 copy_artifacts || true
 section_end artifacts
@@ -254,7 +251,7 @@ for ok in $aport_ok; do
 done
 
 for na in $aport_na; do
-	msg "$na: disabled for $CI_ALPINE_TARGET_ARCH" yellow
+	msg "$na: disabled for $ARCH" yellow
 done
 
 for ng in $aport_ng; do
@@ -268,3 +265,4 @@ if [ "$failed" = true ]; then
 elif [ -z "$aport_ok" ]; then
 	msg "No packages found to be built." yellow
 fi
+

.forgejo/bin/deploy.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# shellcheck disable=SC3040
+set -eu -o pipefail
+
+readonly BASEBRANCH=$CI_ALPINE_TARGET
+readonly TARGET_REPO=$CI_ALPINE_REPO
+
+get_qubes_release() {
+ 	case $GITHUB_BASE_REF in
+		r*) echo $GITHUB_BASE_REF;;
+		main) echo r4.3;;
+ 	esac
+}
+
+readonly QUBES_REL=$(get_qubes_release)
+
+apkgs=$(find package -type f -name "*.apk")
+
+for apk in $apkgs; do
+	arch=$(echo $apk | awk -F '/' '{print $3}')
+	name=$(echo $apk | awk -F '/' '{print $4}')
+
+	echo "Sending $name of arch $arch to $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL"
+	return=$(curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL 2>&1)
+	echo $return
+	if [ "$return" == "package file already exists" ]; then
+		echo "Package already exists, refreshing..."
+		curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN -X DELETE $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL/$arch/$name
+		curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL
+	fi
+done
+

.forgejo/workflows/build-edge.yaml

@@ -0,0 +1,52 @@
+on: 
+  pull_request:
+    types: [ assigned, opened, synchronize, reopened ]
+
+jobs:
+  build-edge:
+    runs-on: x86_64
+    container:
+      image: alpinelinux/alpine-gitlab-ci:latest
+    env:
+      CI_PROJECT_DIR: ${{ github.workspace }}
+      CI_DEBUG_BUILD: ${{ runner.debug }}
+      CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
+      CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
+      CI_ALPINE_TARGET: edge
+    steps:
+      - name: Environment setup
+        run: |
+          doas apk add nodejs git patch curl
+          cd /etc/apk/keys
+          doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
+      - name: Repo pull
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 500
+      - name: Package build
+        run: ${{ github.workspace }}/.forgejo/bin/build.sh
+      - name: Package upload
+        uses: forgejo/upload-artifact@v3
+        with:
+          name: package
+          path: packages
+
+  deploy-edge:
+    needs: [build-edge]
+    runs-on: x86_64
+    container:
+      image: alpine:latest
+    env:
+      CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
+      FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
+      FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
+      CI_ALPINE_TARGET: edge
+    steps:
+      - name: Setting up environment
+        run: apk add nodejs curl findutils git gawk
+      - name: Repo pull
+        uses: actions/checkout@v4
+      - name: Package download
+        uses: forgejo/download-artifact@v3
+      - name: Package deployment
+        run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

.forgejo/workflows/build-v3.20.yaml

@@ -0,0 +1,52 @@
+on: 
+  pull_request:
+    types: [ assigned, opened, synchronize, reopened ]
+
+jobs:
+  build-v3.20:
+    runs-on: x86_64
+    container:
+      image: alpinelinux/alpine-gitlab-ci:latest
+    env:
+      CI_PROJECT_DIR: ${{ github.workspace }}
+      CI_DEBUG_BUILD: ${{ runner.debug }}
+      CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
+      CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
+      CI_ALPINE_TARGET: v3.20
+    steps:
+      - name: Environment setup
+        run: |
+          doas apk add nodejs git patch curl
+          cd /etc/apk/keys
+          doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
+      - name: Repo pull
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 500
+      - name: Package build
+        run: ${{ github.workspace }}/.forgejo/bin/build.sh
+      - name: Package upload
+        uses: forgejo/upload-artifact@v3
+        with:
+          name: package
+          path: packages
+
+  deploy-v3.20:
+    needs: [build-v3.20]
+    runs-on: x86_64
+    container:
+      image: alpine:latest
+    env:
+      CI_ALPINE_TARGET: v3.20
+      CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
+      FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
+      FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
+    steps:
+      - name: Setting up environment
+        run: apk add nodejs curl findutils git gawk
+      - name: Repo pull
+        uses: actions/checkout@v4
+      - name: Package download
+        uses: forgejo/download-artifact@v3
+      - name: Package deployment
+        run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

.forgejo/workflows/build-v3.21.yaml

@@ -0,0 +1,52 @@
+on: 
+  pull_request:
+    types: [ assigned, opened, synchronize, reopened ]
+
+jobs:
+  build-v3.21:
+    runs-on: x86_64
+    container:
+      image: alpinelinux/alpine-gitlab-ci:latest
+    env:
+      CI_PROJECT_DIR: ${{ github.workspace }}
+      CI_DEBUG_BUILD: ${{ runner.debug }}
+      CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
+      CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
+      CI_ALPINE_TARGET: v3.21
+    steps:
+      - name: Environment setup
+        run: |
+          doas apk add nodejs git patch curl
+          cd /etc/apk/keys
+          doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
+      - name: Repo pull
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 500
+      - name: Package build
+        run: ${{ github.workspace }}/.forgejo/bin/build.sh
+      - name: Package upload
+        uses: forgejo/upload-artifact@v3
+        with:
+          name: package
+          path: packages
+
+  deploy-v3.21:
+    needs: [build-v3.21]
+    runs-on: x86_64
+    container:
+      image: alpine:latest
+    env:
+      CI_ALPINE_TARGET: v3.21
+      CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
+      FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
+      FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
+    steps:
+      - name: Setting up environment
+        run: apk add nodejs curl findutils git gawk
+      - name: Repo pull
+        uses: actions/checkout@v4
+      - name: Package download
+        uses: forgejo/download-artifact@v3
+      - name: Package deployment
+        run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

.forgejo/workflows/lint.yaml

@@ -0,0 +1,21 @@
+on: 
+  pull_request:
+    types: [ assigned, opened, synchronize, reopened ]
+
+jobs:
+  lint:
+    run-name: lint
+    runs-on: x86_64
+    container:
+      image: alpinelinux/apkbuild-lint-tools:latest
+    env:
+      CI_PROJECT_DIR: ${{ github.workspace }}
+      CI_DEBUG_BUILD: ${{ runner.debug }}
+      CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
+      CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
+    steps:
+      - run: doas apk add nodejs git
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 500
+      - run: lint

.gitlab-ci.yml

@@ -1,80 +0,0 @@
-stages:
-  - verify
-  - build
-  - deploy
-
-variables:
-  GIT_STRATEGY: clone
-  GIT_DEPTH: "500"
-
-lint:
-  stage: verify
-  interruptible: true
-  script:
-    - |
-      sudo apk add shellcheck atools sudo abuild
-      export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
-      lint
-  allow_failure: true
-  only:
-    - merge_requests
-  tags:
-    - apk-v3.18-x86_64
-
-.build:
-  stage: build
-  interruptible: true
-  script:
-    - |
-      sudo apk add alpine-sdk lua-aports sudo
-      sudo addgroup $USER abuild
-      export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
-      sudo -Eu $USER build.sh
-  artifacts:
-    paths:
-      - packages/
-      - keys/
-      - logs/
-    expire_in: 7 days
-  only:
-    - merge_requests
-
-build-v3.19:
-  extends: .build
-  when: always
-  variables:
-    CI_ALPINE_TARGET_RELEASE: v3.19
-  tags:
-    - apk-$CI_ALPINE_TARGET_RELEASE-x86_64
-
-build-v3.20:
-  extends: .build
-  when: always
-  variables:
-    CI_ALPINE_TARGET_RELEASE: v3.20
-  tags:
-    - apk-$CI_ALPINE_TARGET_RELEASE-x86_64
-
-build-edge:
-  extends: .build
-  when: always
-  variables:
-    CI_ALPINE_TARGET_RELEASE: edge
-  tags:
-    - apk-$CI_ALPINE_TARGET_RELEASE-x86_64
-
-
-push:
-  interruptible: true
-  stage: deploy
-  script:
-    - |
-      sudo apk add abuild git-lfs findutils
-      export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
-      push.sh
-  rules:
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-      when: manual
-  tags:
-    - repo
-

.gitlab/bin/APKBUILD_SHIM

@@ -1,111 +0,0 @@
-#!/bin/sh
-
-set -e
-
-arch=
-builddir=
-checkdepends=
-depends=
-depends_dev=
-depends_doc=
-depends_libs=
-depends_openrc=
-depends_static=
-install=
-install_if=
-langdir=
-ldpath=
-license=
-makedepends=
-makedepends_build=
-makedepends_host=
-md5sums=
-options=
-patch_args=
-pkgbasedir=
-pkgdesc=
-pkgdir=
-pkgname=
-pkgrel=
-pkgver=
-pkggroups=
-pkgusers=
-provides=
-provider_priority=
-replaces=
-sha256sums=
-sha512sums=
-sonameprefix=
-source=
-srcdir=
-startdir=
-subpackages=
-subpkgdir=
-subpkgname=
-triggers=
-url=
-
-# abuild.conf
-
-CFLAGS=
-CXXFLAGS=
-CPPFLAGS=
-LDFLAGS=
-JOBS=
-MAKEFLAGS=
-CMAKE_CROSSOPTS=
-
-. ./APKBUILD
-
-: "$arch"
-: "$builddir"
-: "$checkdepends"
-: "$depends"
-: "$depends_dev"
-: "$depends_doc"
-: "$depends_libs"
-: "$depends_openrc"
-: "$depends_static"
-: "$install"
-: "$install_if"
-: "$langdir"
-: "$ldpath"
-: "$license"
-: "$makedepends"
-: "$makedepends_build"
-: "$makedepends_host"
-: "$md5sums"
-: "$options"
-: "$patch_args"
-: "$pkgbasedir"
-: "$pkgdesc"
-: "$pkgdir"
-: "$pkgname"
-: "$pkgrel"
-: "$pkgver"
-: "$pkggroups"
-: "$pkgusers"
-: "$provides"
-: "$provider_priority"
-: "$replaces"
-: "$sha256sums"
-: "$sha512sums"
-: "$sonameprefix"
-: "$source"
-: "$srcdir"
-: "$startdir"
-: "$subpackages"
-: "$subpkgdir"
-: "$subpkgname"
-: "$triggers"
-: "$url"
-
-# abuild.conf
-
-: "$CFLAGS"
-: "$CXXFLAGS"
-: "$CPPFLAGS"
-: "$LDFLAGS"
-: "$JOBS"
-: "$MAKEFLAGS"
-: "$CMAKE_CROSSOPTS"

.gitlab/bin/apkbuild-shellcheck

@@ -1,16 +0,0 @@
-#!/bin/sh
-
-shellcheck -s ash \
-        -e SC3043 \
-        -e SC3057 \
-        -e SC3060 \
-        -e SC2016 \
-        -e SC2086 \
-        -e SC2169 \
-        -e SC2155 \
-        -e SC2100 \
-        -e SC2209 \
-        -e SC2030 \
-        -e SC2031 \
-        -e SC1090 \
-        -xa $CI_PROJECT_DIR/.gitlab/bin/APKBUILD_SHIM

.gitlab/bin/changed-aports

@@ -1,20 +0,0 @@
-#!/bin/sh
-
-if [ $# -lt 1 ]; then
-    echo "Usage: $0 <basebranch>"
-    exit 1
-fi
-
-if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
-    echo "Fatal: not inside a git repository"
-    exit 2
-fi
-
-basebranch=$1
-
-if ! git rev-parse --verify --quiet $basebranch >/dev/null; then
-    # The base branch does not eixst, probably due to a shallow clone
-    git fetch -v $CI_MERGE_REQUEST_PROJECT_URL.git +refs/heads/$basebranch:refs/heads/$basebranch
-fi
-
-git --no-pager diff --diff-filter=ACMR --name-only $basebranch...HEAD -- "*/APKBUILD" | xargs -r -n1 dirname

.gitlab/bin/functions.sh

@@ -1,63 +0,0 @@
-# shellcheck disable=SC3043
-
-:
-
-# shellcheck disable=SC3040
-set -eu -o pipefail
-
-changed_aports() {
-	: "${APORTSDIR?APORTSDIR missing}"
-	: "${BASEBRANCH?BASEBRANCH missing}"
-
-	cd "$APORTSDIR"
-	local repo="$1"
-	local aports
-
-	aports=$(git diff --name-only --diff-filter=ACMR \
-		"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
-
-	# shellcheck disable=2086
-	ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
-}
-
-section_start() {
-	name=${1?arg 1 name missing}
-	header=${2?arg 2 header missing}
-	collapsed=$2
-	timestamp=$(date +%s)
-
-	options=""
-	case $collapsed in
-		yes|on|collapsed|true) options="[collapsed=true]";;
-	esac
-
-	printf "\e[0Ksection_start:%d:%s%s\r\e[0K%s\n" "$timestamp" "$name" "$options" "$header"
-}
-
-section_end() {
-	name=$1
-	timestamp=$(date +%s)
-
-	printf "\e[0Ksection_end:%d:%s\r\e[0K" "$timestamp" "$name"
-}
-
-gitlab_key_to_rsa() {
-	KEY=$1
-	TYPE=$2
-	TGT=$3
-	TGT_DIR=${TGT%/*}
-	if [ "$TGT" == "$TGT_DIR" ]; then
-		TGT_DIR="./"
-	fi
-	if [ ! -d "$TGT_DIR" ]; then
-		mkdir -p "$TGT_DIR"
-	fi
-	case $TYPE in
-		rsa-public) local type="PUBLIC";;
-		rsa-private) local type="RSA PRIVATE";;
-	esac
-	echo "-----BEGIN $type KEY-----" > "$TGT"
-	echo $1 | sed 's/.\{64\}/&\
-/g' >> "$TGT"
-	echo "-----END $type KEY-----" >> "$TGT"
-}

.gitlab/bin/lint

@@ -1,96 +0,0 @@
-#!/bin/sh
-
-BLUE="\e[34m"
-MAGENTA="\e[35m"
-RESET="\e[0m"
-
-readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
-
-verbose() {
-    echo "> " "$@"
-    # shellcheck disable=SC2068
-    $@
-}
-
-debugging() {
-    [ -n "$CI_DEBUG_BUILD" ]
-}
-
-debug() {
-    if debugging; then
-        verbose "$@"
-    fi
-}
-
-# git no longer allows to execute in repositories owned by different users
-sudo chown -R gitlab-runner: .
-
-fetch_flags="-qn"
-debugging && fetch_flags="-v"
-
-git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
-	"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
-
-if debugging; then
-    merge_base=$(git merge-base "$BASEBRANCH" HEAD)
-    echo "$merge_base"
-    git --version
-    git config -l
-    git tag merge-base "$merge_base" || { echo "Could not determine merge-base"; exit 50; }
-    git log --oneline --graph --decorate --all
-fi
-
-has_problems=0
-
-for PKG in $(changed-aports "$BASEBRANCH"); do
-    printf "$BLUE==>$RESET Linting $PKG\n"
-
-    (
-        cd "$PKG"
-
-        repo=$(basename $(dirname $PKG));
-
-        if [ "$repo" == "backports" ]; then
-			echo "Skipping $PKG as backports (we don't care)"
-			continue
-		fi
-
-        printf "\n\n"
-        printf "$BLUE"
-        printf '======================================================\n'
-        printf "                  parse APKBUILD:\n"
-        printf '======================================================'
-        printf "$RESET\n\n"
-        ( . ./APKBUILD ) || has_problems=1
-
-        printf "\n\n"
-        printf "$BLUE"
-        printf '======================================================\n'
-        printf "                abuild sanitycheck:\n"
-        printf '======================================================'
-        printf "$RESET\n\n"
-        abuild sanitycheck || has_problems=1
-
-        printf "\n\n"
-        printf "$BLUE"
-        printf '======================================================\n'
-        printf "                apkbuild-shellcheck:\n"
-        printf '======================================================'
-        printf "$RESET\n"
-        apkbuild-shellcheck || has_problems=1
-
-        printf "\n\n"
-        printf "$BLUE"
-        printf '======================================================\n'
-        printf "                  apkbuild-lint:\n"
-        printf '======================================================'
-        printf "$RESET\n\n"
-        apkbuild-lint APKBUILD || has_problems=1
-
-        return $has_problems
-    ) || has_problems=1
-
-    echo
-done
-
-exit $has_problems

.gitlab/bin/push.sh

@@ -1,65 +0,0 @@
-#!/bin/sh
-
-# shellcheck disable=SC3043
-
-. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
-
-# shellcheck disable=SC3040
-set -eu -o pipefail
-
-readonly APORTSDIR=$CI_PROJECT_DIR
-readonly REPOS="backports user"
-readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
-
-export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
-
-gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
-gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
-gitlab_key_to_rsa $SSH_KEY rsa-private $HOME/.ssh/id_rsa
-chmod 700 "$HOME"/.ssh/id_rsa
-chmod 700 "$HOME"/.abuild/$ABUILD_KEY_NAME.rsa
-
-echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" > $HOME/.abuild/abuild.conf
-echo "REPODEST=$HOME/repo-apk/qubes" >> $HOME/.abuild/abuild.conf
-sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/.
-
-get_qubes_release() {
-	case $BASEBRANCH in
-		r*) echo $BASEBRANCH;;
-		master) echo r4.2;;
-		*) die "Branch \"$BASEBRANCH\" not supported!"
-	esac
-}
-
-QUBES_REL=$(get_qubes_release)
-
-for release in $(find packages -type d -maxdepth 1 -mindepth 1 -printf '%f\n'); do
-
-	if [ -d $HOME/repo-apk ]; then
-		git -C $HOME/repo-apk fetch
-		git -C $HOME/repo-apk checkout $release
-		git -C $HOME/repo-apk pull --rebase
-	else
-		git clone git@lab.ilot.io:ayakael/repo-apk -b $release $HOME/repo-apk
-	fi
-
-	for i in $(find packages/$release -type f -name "*.apk"); do
-		install -vDm644 $i ${i/packages\/$release\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL}
-	done
-
-	fetch_flags="-qn"
-	git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
-		"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
-
-	rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true
-	mkdir -p qubes/$QUBES_REL/DUMMY
-	echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD
-	cd qubes/$QUBES_REL/DUMMY
-	abuild index
-	cd "$CI_PROJECT_DIR"
-	rm -R qubes/$QUBES_REL/DUMMY
-
-	git -C $HOME/repo-apk add .
-	git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE"
-	git -C $HOME/repo-apk push
-done

README.md

@@ -1,5 +1,5 @@
-# qubes-aports
-Upstream: https://lab.ilot.io/ayakael/qubes-aports
+# qports
+Upstream: https://ayakael.net/forge/qports
 
 ## Description
 
@@ -9,7 +9,7 @@ targetting multiple Alpine Linux versions. QubesOS releases are tracked using
 branches.
 
 #### Template builder
-The template builder is housed in its [own repo](https://lab.ilot.io/ayakael/qubes-builder-alpine).
+The template builder is housed in its [own repo](https://ayakael.net/forge/qubes-builder-alpine)
 RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate
 installation of your very own Alpine Linux template on QubesOS.
 
@@ -37,8 +37,25 @@ Extra packages
 Omitted packages
   * qubes-vmm-xen - The default Alpine xen package seems to provide the necessary modules
 
+## How to use
+
+Built packages are made available on a Forgejo-based Alpine repo for you convenience. You can follow these steps to use them:
+
+Add security key of the apk repository to your /etc/apk/keys:
+
+```shell
+cd /etc/apk/keys
+curl -JO https://ayakael.net/api/packages/forge/alpine/key
+```
+Add repository to `/etc/apk/repositories`:
+
+```shell
+echo "https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.2" > /etc/apk/repositories
+```
+
+
 #### Known issues
-Known issues are currently being tracked in [qubes-builder-alpine](https://lab.ilot.io/ayakael/qubes-builder-alpine) repo.
+Known issues are currently being tracked in [qubes-builder-alpine](https://ayakael.net/forge/qubes-builder-alpine/issues)
 
 #### Issues, recommendations and proposals
 **To report an issue or share a recommendation**

qubes-app-linux-druide-antidote/APKBUILD

@@ -3,7 +3,7 @@
 pkgname=qubes-app-linux-druide-antidote
 pkgver=0.0.1_git20240201
 _gittag=c724c88aa2a20b1e422b464499015ff05753316d
-pkgrel=1
+pkgrel=2
 arch="noarch"
 pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file"
 url=https://github.com/neowutran/qubes-app-linux-druide-antidote

qubes-db-vm/APKBUILD

@@ -2,8 +2,8 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-db-vm
 subpackages="$pkgname-openrc"
-pkgver=4.2.4
-pkgrel=4
+pkgver=4.2.7
+pkgrel=0
 _gittag="v$pkgver"
 pkgdesc="QubesDB libs and daemon service."
 arch="x86_64"
@@ -39,12 +39,12 @@ build() {
 
 package() {
 	# Install all with python bindings
-	make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/sbin
+	make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/usr/sbin
 	install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db
 }
 sha512sums="
-c252772c53b3cb6727f6d7c1ea13d54fc0a55e6dd558244da12e17b8a9ab80c338281f6123dc1f08965d310cab5ef8684266bfd4f47ac344c4f35851ce5f7f9f  qubes-db-vm-v4.2.4.tar.gz
+f45fe0716395efa3c077498ff5eb3d0ec8c748ad7f77dee1641167ff93278ac30e117fcdc2d42f4befef8ce05776900172b565a8d443ddc1298cd48f62132b73  qubes-db-vm-v4.2.7.tar.gz
 af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207  0001-musl-build.patch
 892eb29b9bab4d9e662678d13a5607df04cdb024c2f28332f40fa4b7c644476a4b26a9fc038dfcdac1e0b8d328165d21d50d894d2c1e27f792287dd57449e7eb  0001-create_pidfile.patch
-3d87f82d3637cf10bf1a3058ebbd2590ab17f65d1b49058f62d892f126635497abd5045f6797bc8069e5de08bb6e08fc6146deb6422090ad02122764cc6d72f0  qubes-db.openrc
+6f48b4bee6a3517bdbb884bd6f7e21916e8438c5e8b8d9d1b1cfffe970c4549d941056f9022998ed7f9edb799d9b123564f01e69cdca7da241d0fb6a8e9a1c5e  qubes-db.openrc
 "

qubes-db-vm/qubes-db.openrc

@@ -2,7 +2,7 @@
   
 name=$RC_SVCNAME
 cfgfile="/etc/qubes/$RC_SVCNAME.conf"
-command="/sbin/qubesdb-daemon"
+command="/usr/sbin/qubesdb-daemon"
 command_args="0"
 command_user="root"
 pidfile="/run/qubes/$RC_SVCNAME.pid"

qubes-gpg-split/APKBUILD

@@ -2,7 +2,7 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-gpg-split
 subpackages="$pkgname-doc"
-pkgver=2.0.70
+pkgver=2.0.75
 _gittag="v$pkgver"
 pkgrel=1
 pkgdesc="Used Qubes AppVM as a “smart card”"
@@ -29,10 +29,7 @@ build() {
 
 package() {
 	make install-vm DESTDIR="$pkgdir"
-
-	# Alpine packaging guidelines: /var/run is a symlink to a tmpfs. Don't create it.
-	rm -r "$pkgdir/var/run"
 }
 sha512sums="
-a38ca61433c16168f44ef458f9fbc7eb37712f6edfb2bde7af7e08c6d98907e2038335ccda402b97a7940286af58be197a0bea3a20f5843b292766c7277a8350  qubes-gpg-split-v2.0.70.tar.gz
+212b819c959d66c5b3e73d0c0765e348b97b278a3df45903fdeaab3de49f60c455044e664bd8a95393f5e800d75706fda4198a5ea36e9ab933250d606f8cabbd  qubes-gpg-split-v2.0.75.tar.gz
 "

qubes-input-proxy/APKBUILD

@@ -0,0 +1,53 @@
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+pkgname=qubes-input-proxy
+pkgver=1.0.40
+_gittag="v$pkgver"
+pkgrel=0
+pkgdesc="The Qubes service for proxying input devices"
+arch="x86_64"
+url="https://github.com/QubesOS/qubes-app-linux-input-proxy"
+license='GPL'
+depends="
+	usbutils
+	qubes-vm-core
+	"
+makedepends="linux-headers"
+subpackages="$pkgname-openrc"
+source="
+	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-input-proxy/archive/refs/tags/$_gittag.tar.gz
+	qubes-input-trigger_use-openrc.patch
+	makefile_skip-systemd.patch
+	qubes-input-sender.openrc
+	"
+builddir="$srcdir"/qubes-app-linux-input-proxy-$pkgver
+
+build() {
+	make all \
+		LIBDIR=/usr/lib \
+		USRLIBDIR=/usr/lib \
+		SYSLIBDIR=/usr/lib
+}
+
+package() {
+	make install-vm \
+		DESTDIR="$pkgdir" \
+		LIBDIR=/usr/lib \
+		USRLIBDIR=/usr/lib \
+		SYSLIBDIR=/usr/lib
+
+	# replace all shebangs with /bin/sh as qubes expects bash
+	# shellcheck disable=SC2013
+	for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
+		sed -i 's|/bin/sh|/bin/bash|' "$i"
+	done
+
+	# move openrc to init.d
+	install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender
+}
+sha512sums="
+0aba4db0bba20dd3bc7f152de08e31e31b71f9d2ccf41f52b2273807cb68f46841663c46f66bc422edc66e7557a7293d641d818517abbfad2c7147a720bf7022  qubes-input-proxy-v1.0.40.tar.gz
+e21e6ae680f98474cbb8b6213768ca1f8d5ffb0088173a387a309e1b40a9aabbb946f3201aa143088f144f13a5c85c3710b7ade1a1189655a08ed574e3d26df4  qubes-input-trigger_use-openrc.patch
+21e7b95c94ec1a3f3499e79cf8b1931da2c3e33d8f1af2efe6b52b7e2678d4648bb0597b3a4a95cc10d0ca3cb83df93075b99cf1b615d8493a9e2fd21fb7f8f7  makefile_skip-systemd.patch
+2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299  qubes-input-sender.openrc
+"

qubes-input-proxy/makefile_skip-systemd.patch

@@ -0,0 +1,18 @@
+diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
+index 22ec526..bf7e0ea 100644
+--- a/qubes-rpc/Makefile.orig
++++ b/qubes-rpc/Makefile
+@@ -12,13 +12,6 @@ install-dom0:
+ 		$(DESTDIR)/etc/qubes-rpc/policy/qubes.InputTablet
+ 
+ install-vm:
+-	install -d $(DESTDIR)$(USRLIBDIR)/systemd/system
+-	install -m 0644 \
+-		qubes-input-sender-keyboard@.service \
+-		qubes-input-sender-keyboard-mouse@.service \
+-		qubes-input-sender-mouse@.service \
+-		qubes-input-sender-tablet@.service \
+-		$(DESTDIR)$(USRLIBDIR)/systemd/system
+ 	install -d $(DESTDIR)$(LIBDIR)/udev/rules.d
+ 	install -m 0644 qubes-input-proxy.rules \
+ 		$(DESTDIR)$(LIBDIR)/udev/rules.d/90-qubes-input-proxy.rules

qubes-input-proxy/qubes-input-sender.openrc

@@ -0,0 +1,28 @@
+#!/sbin/openrc-run
+  
+name=$RC_SVCNAME
+cfgfile="/etc/qubes/$RC_SVCNAME.conf"
+input="${RC_SVCNAME/*.}"
+svcname="${RC_SVCNAME/.*}."
+type="${RC_SVCNAME%.*}"
+type="${type/$svcname/}"
+type="$(echo $type | sed 's/.*/\u&/')"
+command="/usr/bin/qubes-input-sender"
+command_args="qubes.Input$type /dev/input/$input dom0"
+command_user="root"
+pidfile="/run/qubes/$RC_SVCNAME.pid"
+start_stop_daemon_args=""
+command_background="true"
+output_log="/var/log/qubes/$RC_SVCNAME.log"
+error_log="/var/log/qubes/$RC_SVCNAME.err"
+
+start_pre() {
+        checkpath --directory --owner $command_user:qubes --mode 0775 \
+                /run/qubes \
+		/var/log/qubes \
+		/var/run/qubes
+}
+
+stop_post() {
+	pkill -f "input-proxy-sender /dev/input/$input" || true
+}

qubes-input-proxy/qubes-input-trigger_use-openrc.patch

@@ -0,0 +1,93 @@
+diff --git a/qubes-rpc/qubes-input-trigger.orig b/qubes-rpc/qubes-input-trigger
+index 264788e..edd40ec 100755
+--- a/qubes-rpc/qubes-input-trigger.orig
++++ b/qubes-rpc/qubes-input-trigger
+@@ -51,49 +51,69 @@ def get_service_name(udevreturn, input_dev):
+             ('ID_INPUT_TOUCHPAD' in udevreturn) or
+             ('QEMU_USB_Tablet' in udevreturn)
+     ) and 'ID_INPUT_KEY' not in udevreturn:
+-        service = 'qubes-input-sender-tablet'
++        service = 'qubes-input-sender.tablet'
+     # if mouse report absolute events, prefer tablet service
+     # (0x3 is ABS_X | ABS_Y)
+     elif 'ID_INPUT_MOUSE' in udevreturn and abs_caps & 0x3:
+-        service = 'qubes-input-sender-tablet'
++        service = 'qubes-input-sender.tablet'
+     elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' not in udevreturn:
+-        service = 'qubes-input-sender-mouse'
++        service = 'qubes-input-sender.mouse'
+     elif 'ID_INPUT_KEY' in udevreturn and 'ID_INPUT_MOUSE' not in udevreturn:
+-        service = 'qubes-input-sender-keyboard'
++        service = 'qubes-input-sender.keyboard'
+     elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' in udevreturn:
+-        service = 'qubes-input-sender-keyboard-mouse'
++        service = 'qubes-input-sender.mouse'
+ 
+     if service:
+-        service = '{}@{}.service'.format(service, input_dev)
++        service = '{}.{}'.format(service, input_dev)
+ 
+     return service
+ 
+ 
+ def handle_service(service, action):
+-    retcode = subprocess.call(
+-        ["/bin/systemctl", "is-active", "--quiet", "service", service])
++    serviceFile = os.path.join("/etc/init.d", service)
++
++    sudo = []
++    if os.getuid() != 0:
++        sudo = ["sudo"]
++
+     if action == "add":
+-        systemctl_action = "start"
++        # create service link is not created
++        serviceFile = os.path.join("/etc/init.d", service)
++        if not os.path.exists(serviceFile):
++            subprocess.call(
++                ["/bin/ln", "-s", "/etc/init.d/qubes-input-sender", serviceFile])
++
+         # Ignore if service is already started
++        retcode = subprocess.call(
++            ["/sbin/rc-service","--quiet", service, "status"])
+         if retcode == 0:
+             return
++
++        subprocess.call(
++            sudo + ["/sbin/service", service, "start"])
++
+     elif action == "remove":
+-        systemctl_action = "stop"
++        # Ignore if service does not exist
++        if not os.path.exists(serviceFile):
++            return
++
+         # Ignore if service is not active
+-        if retcode != 0:
++        retcode = subprocess.call(
++            ["/sbin/rc-service", "--quiet", service, "status"])
++        if retcode == 3:
+             return
++
++        subprocess.call(
++            sudo + ["/sbin/service", service, "stop"])
++
++        # remove ln once stopped
++        if os.path.exists(serviceFile):
++            subprocess.call(
++                sudo + ["/bin/rm", serviceFile])
+     else:
+         print("Unknown action: %s" % action)
+         sys.exit(1)
+ 
+-    sudo = []
+-    if os.getuid() != 0:
+-        sudo = ["sudo"]
+-
+-    subprocess.call(
+-        sudo + ["/bin/systemctl", "--no-block", systemctl_action, service])
+-
+-
+ def handle_event(input_dev, action, dom0):
+     udevreturn = None
+     if 'event' in input_dev:  # if filename contains 'event'

qubes-libvchan-xen/APKBUILD

@@ -1,8 +1,8 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-libvchan-xen
-pkgver=4.2.3
-pkgrel=1
+pkgver=4.2.4
+pkgrel=2
 _gittag=v$pkgver
 pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM."
 arch="x86_64"
@@ -25,5 +25,5 @@ package() {
 }
 
 sha512sums="
-cbdeb025a7bd0c837cb079708b4cfc3b1eda10482999b1eeda33a1cfa2869a4a629d99dd556f9a8b9d83f4b5df9d686b8c524d2093a3bafac35df2192bf2983d  qubes-libvchan-xen-v4.2.3.tar.gz
+05b0d8964da1ba321aa7a7651f969692c470b8f9910f7324f10a54b0c6e43ae3270a26a6a49a0e26d5c50b14370b64fbfb340fe28b8f191a0a67c07aba0426c3  qubes-libvchan-xen-v4.2.4.tar.gz
 "

qubes-meta-packages/APKBUILD

@@ -5,7 +5,7 @@ subpackages="
 	qubes-vm-dependencies
 	qubes-vm-recommended
 	"
-pkgver=4.2.11
+pkgver=4.2.14
 _gittag="v$pkgver"
 pkgrel=1
 pkgdesc="Meta packages for Qubes-specific components"
@@ -38,5 +38,5 @@ recommended() {
 	mkdir -p "$subpkgdir"
 }
 sha512sums="
-f08e8a2d218bbb34fdae0dd21600b6b2500e1a0f8d69fed672818e62b44cf1e40a6a49f7be208b188ac484a6a9368b2e96015a8c1335a5685ffe9308db094b46  qubes-meta-packages-v4.2.11
+6227eb7dbbfd10d047c8f31222702a171f9134b404db7c2da6cf154a3d4856bc50c2f6bd0016860255a50d4f6e12723ea82026368ab8ee0d1aff8c316f2f77e9  qubes-meta-packages-v4.2.14
 "

qubes-pass/APKBUILD

@@ -3,7 +3,7 @@
 pkgname=qubes-pass
 pkgver=0.1.0
 _gittag="v$pkgver"
-pkgrel=3
+pkgrel=5
 pkgdesc="An inter-VM password manager for Qubes OS"
 arch="noarch"
 url="https://github.com/Rudd-O/qubes-pass"
@@ -14,11 +14,21 @@ makedepends="
 	pkgconf
 	"
 options="!check"
-source="$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz"
+subpackages="$pkgname-service"
+source="
+	$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz
+	service-passquery.sh
+	"
 
 package() {
 	make install-client DESTDIR="$pkgdir"
 }
+
+service() {
+	make -C "$builddir" install-service DESTDIR="$subpkgdir"
+	install -Dm755 "$srcdir"/service-passquery.sh "$subpkgdir"/etc/qubes-rpc/ruddo.PassQuery
+}
 sha512sums="
 b304bf8e6b8d04e7df4b52a02984ab03b6f3221c9178f1d91c99cab61e8b5ded45500b51de6d89aa76f4e73c0a3670ce6d07649c0ac159d048c3f0ac736c4d63  qubes-pass-v0.1.0.tar.gz
+77807ba7bd8e1627785358ef2f9e165712ef41ef76f11e7a7b989b1057f462abc433df96265c6c7d669f81e39d89de0f7ea3dcbb207c5a7a22738b843fd7e160  service-passquery.sh
 "

qubes-pass/service-passquery.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+read -n 4096 cmd
+cmd=$(echo "$cmd" | base64 -d)
+
+if [ "$cmd" == "list-files" ] ; then
+  
+  logger -t ruddo.PassQuery "requested password file list"
+  exec pass git ls-files | sed -e '/.gitattributes/d' -e '/.gpg-id/d' 
+
+fi

qubes-usb-proxy/APKBUILD

@@ -1,9 +1,9 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-usb-proxy
-pkgver=1.2.2
+pkgver=1.3.3
 _gittag="v$pkgver"
-pkgrel=2
+pkgrel=0
 pkgdesc="The Qubes service for proxying USB devices"
 arch="noarch"
 url="https://github.com/QubesOS/qubes-app-linux-usb-proxy"
@@ -18,7 +18,10 @@ makedepends="
 	make
 	pkgconf
 	"
-source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz"
+source="
+	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz
+	usb-import-alpine-udevadm.patch
+	"
 builddir="$srcdir"/qubes-app-linux-usb-proxy-${_gittag/v}
 
 package() {
@@ -26,10 +29,14 @@ package() {
 
 	# replace all shebangs with /bin/sh as qubes expects bash
 	# shellcheck disable=SC2013
-	for i in $(grep '/bin/sh' -Rl .); do
+	for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
 		sed -i 's|/bin/sh|/bin/bash|' "$i"
 	done
+
+	mkdir -p "$pkgdir"/etc/modules-load.d
+	echo "vhci-hcd" > "$pkgdir"/etc/modules-load.d/qubes-usb-proxy.conf
 }
 sha512sums="
-8083b49c913020e5f44b3b7f051773af0e98f3d4687186358b4f273dd3c8c62cb8eac31af2a6ffe4b9088e18ba92a94d89f5980997bad283026e654466202490  qubes-usb-proxy-v1.2.2.tar.gz
+975f851f674d7ef30bc7b4661c8725667e068da5d149244d63c4f929492eb515b5edc23a1e7b849924cf715a10b13eccbbe7de83f6dbed9a80500e57470d1221  qubes-usb-proxy-v1.3.3.tar.gz
+c6519982f7eef8586ee823dc96efa7b1b90f489114edcc348bc5221837090d19a2a3533eac83e3269ba68c2cf24447c018e0ac850ed1423a1280ebae364223fa  usb-import-alpine-udevadm.patch
 "

qubes-usb-proxy/usb-import-alpine-udevadm.patch

@@ -0,0 +1,27 @@
+diff --git a/src/usb-import.orig b/src/usb-import
+index 7b17799..e718795 100755
+--- a/src/usb-import.orig
++++ b/src/usb-import
+@@ -95,7 +95,7 @@ wait_for_attached() {
+             ERROR "Attach timeout, check kernel log for details."
+         fi
+     done
+-    [ -f "/usr/bin/udevadm" ] && udevadm settle
++    [ -f "/bin/udevadm" ] && udevadm settle
+ }
+ 
+ wait_for_detached() {
+diff --git a/src/usb-export.orig b/src/usb-export
+index ad2ab2b..37cff16 100755
+--- a/src/usb-export.orig
++++ b/src/usb-export
+@@ -110,8 +110,7 @@ if [ -n "$attach_to_usbip" ]; then
+     echo "$busid" > "$SYS_USBIP_HOST/bind" || exit 1
+ 
+     # optionally reset the device to clear any state from previous driver
+-    reset_on_attach=$(udevadm info --query=property \
+-        --value --property=QUBES_USB_RESET --path="$devpath")
++    reset_on_attach=$(udevadm info --query=property --path="$devpath" |  awk -F "=" '{if($1=="QUBES_USB_RESET"){print $2}}' )
+     if [ -f /run/qubes-service/usb-reset-on-attach ]; then
+         reset_on_attach=1
+     fi

qubes-vm-core/APKBUILD

@@ -8,7 +8,7 @@ subpackages="
 	$pkgname-doc
 	$pkgname-pyc
 	"
-pkgver=4.2.35
+pkgver=4.2.39
 pkgrel=0
 _gittag="v$pkgver"
 pkgdesc="The Qubes core files for installation inside a Qubes VM."
@@ -19,6 +19,7 @@ options="!check" # No testsuite
 depends="
 	blkid
 	coreutils
+	dbus-x11
 	dconf
 	desktop-file-utils
 	device-mapper
@@ -27,6 +28,7 @@ depends="
 	e2fsprogs-extra
 	ethtool
 	fakeroot
+	findutils
 	gawk
 	grep
 	haveged
@@ -42,6 +44,7 @@ depends="
 	qubes-db-vm
 	qubes-libvchan-xen
 	qubes-vm-utils
+	rsvg-convert
 	sed
 	socat
 	xdg-utils
@@ -104,9 +107,9 @@ build() {
 # * core systemd services and drop-ins
 # * basic network functionality (setting IP address, DNS, default gateway)
 package() {
-	make install-corevm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
-	make -C app-menu install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib
-	make -C misc install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib
+	make DESTDIR="$pkgdir" SYSTEM_DROPIN_DIR=/usr/lib/systemd SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install-corevm
+	make -C app-menu DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install
+	make -C misc DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install
 	make -C qubes-rpc DESTDIR="$pkgdir" install
 	make -C qubes-rpc/kde DESTDIR="$pkgdir" install
 	make -C qubes-rpc/nautilus DESTDIR="$pkgdir" install
@@ -153,22 +156,22 @@ networking() {
 		tinyproxy
 		"
 	cd "$builddir"
-	install -dm 755 "$subpkgdir"/usr/bin
+	install -dm 755 "$subpkgdir"/usr/bin "$subpkgdir"/usr/lib/systemd/system
 	mv "$pkgdir"/usr/bin/qubes-firewall "$subpkgdir"/usr/bin/.
-	make install-netvm DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
+	make install-netvm DESTDIR="$subpkgdir" SYSTEM_DROPIN_DIR=/usr/lib/systemd SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
 }
 
 root() {
 	cd "$builddir"
 	pkgdesc="Qubes OS Passwordless root access from normal user"
-	make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
+	make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
 }
 sha512sums="
-bbc98ef29d04ac50fad4ff531fad34578df835820b8bd5c838689254e813124e7bc8536703e246487e4e64470610189cfee2ab773daf8b867b0e1f41419ef1d9  qubes-vm-core-v4.2.35.tar.gz
+60f674805a3fdcdc9aa9edda30c705c5815b5ab61a66967f1bf5974c4c23175d5265b0eec5d5067e03fa87aa5c1cc90ec1eafee092a5b807c3e96c4adef2da0e  qubes-vm-core-v4.2.39.tar.gz
 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155  qubes-core-early.openrc
 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07  qubes-core-netvm.openrc
 da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca  qubes-core.openrc
-8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0  qubes-firewall.openrc
+164159a80d00c160e74a0ebf4695c047ca7720821e4a9c395405cd96f680b6765e9c4cf426aea94fcb26e08274ec2b42adf45ecc12d26cf683ab3bd0c01afed9  qubes-firewall.openrc
 437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f  qubes-iptables.openrc
 e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30  qubes-sysinit.openrc
 99ec0afc167866727072606aa183f0c7a539e68e0d8b9a57f6b9c129d3722c9135e1487eef438807d7138af0e669fb14608cbc1f1d5620ee9e995f294a8929f8  qubes-updates-proxy-forwarder.openrc

qubes-vm-core/qubes-firewall.openrc

@@ -16,7 +16,7 @@ depend() {
 }
 
 start_pre() {
-        /sbin/ethtool -K "$(get_qubes_managed_iface)" sg off
+        /usr/sbin/ethtool -K "$(get_qubes_managed_iface)" sg off
         checkpath --directory --owner $command_user:qubes --mode 0775 \
                 /run/$RC_SVCNAME /var/log/qubes
 }

qubes-vm-gui-dev/APKBUILD

@@ -1,9 +1,9 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-vm-gui-dev
-pkgver=4.2.4
+pkgver=4.2.5
 _gittag="v$pkgver"
-pkgrel=3
+pkgrel=1
 pkgdesc="Common files for Qubes GUI - protocol headers."
 arch="noarch"
 url="https://github.com/QubesOS/qubes-gui-common"
@@ -18,5 +18,5 @@ package() {
 	cp include/*.h $pkgdir/usr/include/
 }
 sha512sums="
-be9d71abc991d6d2dabaf17f647a5cf2a73b947f15fc36117e309d493f4f6a7e151d9ab6f6df8bd99ac33ea873413a47f72aeb98bf6b7b4ed2a217c8fbd0bd51  qubes-vm-gui-dev-v4.2.4.tar.gz
+12bdf5c2dfcc594b034f5dd94a4fa398ef51a42e8bf425386ff34af63510b749fb0aaa6966f569cc16205efbb310076bd370ceefcd1d254fa5d2e8599554a64d  qubes-vm-gui-dev-v4.2.5.tar.gz
 "

qubes-vm-gui/APKBUILD

@@ -5,7 +5,7 @@ subpackages="
 	qubes-vm-pulseaudio
 	qubes-vm-pipewire
 	$pkgname-openrc"
-pkgver=4.2.14
+pkgver=4.2.20
 pkgrel=0
 _gittag="v$pkgver"
 pkgdesc="The Qubes GUI Agent for AppVMs"
@@ -79,7 +79,7 @@ build() {
 }
 
 package() {
-	make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
+	make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/usr/lib
 	install -Dm 755 "$srcdir"/qubes-gui-agent.openrc "$pkgdir"/etc/init.d/qubes-gui-agent
 
 	# Starts qubes-session after X11 start
@@ -100,7 +100,7 @@ pulseaudio() {
 	local pa_ver=$(pkg-config --modversion libpulse 2>/dev/null | cut -f 1 -d "-")
 
 	cd "$builddir"
-	make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
+	make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/usr/lib
 }
 
 pipewire() {
@@ -116,7 +116,7 @@ pipewire() {
 }
 
 sha512sums="
-5e4f323b5378076766169831cdd6dabaf6f0b65003cd8fb52111a9ce8d60424f7617eea085162376101013641c2f01ad8dcbdf1842c11f0e2409fe4a4bc3c97d  qubes-vm-gui-v4.2.14.tar.gz
+a44acb287ac5c67fa8a35f8f6589ebd2d4bf17781c7074d3b0b79a4e4ff535de409b9da4d8175d9712bce9bbe6eb98ceab21d5e1f0526e359090ab44efac54a7  qubes-vm-gui-v4.2.20.tar.gz
 f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d  0001-musl-build.patch
 01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6  0001-initd-fix.patch
 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194  qubes-gui-agent.openrc

qubes-vm-qrexec/APKBUILD

@@ -2,7 +2,7 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-vm-qrexec
 subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc"
-pkgver=4.2.19
+pkgver=4.2.22
 _gittag="v$pkgver"
 pkgrel=2
 pkgdesc="The Qubes qrexec files (qube side)"
@@ -47,13 +47,13 @@ build() {
 }
 
 package() {
-	make install-base DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
-	make install-vm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
+	make install-base DESTDIR="$pkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
+	make install-vm DESTDIR="$pkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
 	install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent
 }
 sha512sums="
-79481953921e98a1dfeeba02a2be1d2e92fd2ec04c12986aa4f788987c2f74ec2e67e0c20f87e9d329097fccda76ef648dbf02d08affdf7cb43380380afd595d  qubes-vm-qrexec-v4.2.19.tar.gz
+df93577344af228a8fc699576155e2327164ff7d80236dad234919ad686a457e81942a7e57d50bf2e76886b64b23dd4fc3e848f003bdc15defff2621f4514d84  qubes-vm-qrexec-v4.2.22.tar.gz
 e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f  qubes-qrexec-agent.openrc
-3cbe66c8251d0cbe078d78ac9a2aef2d6c095c4f514ff0aab69dd724dee7488cf84dff4af2210d8a2298a052db49e85b0e38ac45456a8aa9bd1e4a7de0311b69  makefile-remove-cc-cflags.patch
+c3009ddb97656be7d0a78910217c852f0f9b20cd37b4537d99724e629bc87f1c675ada084eba3c641c4ae54dab8aacd87514d73de72f42d6ccc976e6255212bc  makefile-remove-cc-cflags.patch
 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13  agent-qrexec-fork-server-undef-fortify-source.patch
 "

qubes-vm-qrexec/makefile-remove-cc-cflags.patch

@@ -2,10 +2,11 @@ diff --git a/Makefile.orig b/Makefile
 index ade10bf..7de05a4 100644
 --- a/Makefile.orig
 +++ b/Makefile
-@@ -1,6 +1,4 @@
+@@ -1,6 +1,5 @@
  MAKEFLAGS=-r
 -CC ?= gcc
 -CFLAGS += -Werror=strict-prototypes -Werror=old-style-definition -Werror=missing-declarations -Werror=missing-prototypes
++CFLAGS += -Wno-incompatible-pointer-types -Wno-int-conversion -Wno-implicit-function-declaration
  PYTHON ?= python3
  export PYTHON CC MAKEFLAGS CFLAGS
  

qubes-vm-utils/APKBUILD

@@ -6,8 +6,8 @@ subpackages="
 	$pkgname-openrc
 	$pkgname-pyc
 	"
-pkgver=4.2.17
-pkgrel=1
+pkgver=4.2.19
+pkgrel=0
 _gittag="v$pkgver"
 pkgdesc="Common Linux files for Qubes VM."
 arch="x86_64"
@@ -40,7 +40,7 @@ build() {
 }
 
 package() {
-	make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/lib SBINDIR=/sbin
+	make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SBINDIR=/usr/sbin
 	install -Dm 755 "$srcdir"/qubes-meminfo-writer.openrc "$pkgdir"/etc/init.d/qubes-meminfo-writer
 }
 
@@ -59,6 +59,6 @@ support() {
 	install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh
 }
 sha512sums="
-3a3ddd46d94b0fae608dc7436a1a43437968b65830de2c65a5735d3264063df493ce12514071b0214ae3c906c364b420e09fcf569c0395629292b1f34f90dd83  qubes-vm-utils-v4.2.17.tar.gz
-aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3  qubes-meminfo-writer.openrc
+6fc8dd61a1263b2ea3a578f9cf791060a1ad5f46b132c9002ecbb44a60c956b110b409a127c25f1753d5a6be0744df752f9dd8a88a164417f5c4980e2fb199fd  qubes-vm-utils-v4.2.19.tar.gz
+c29bac0c6b9a0c81ee42e88541d9216549276448a02c3005ea20d85c7eda483cee28bbc159098bd42badc7ed80058734311931ee4ef13e170e49f83cf3f5a9ae  qubes-meminfo-writer.openrc
 "

qubes-vm-utils/qubes-meminfo-writer.openrc

@@ -3,7 +3,7 @@
 name=$RC_SVCNAME
 cfgfile="/etc/qubes/$RC_SVCNAME.conf"
 pidfile="/var/run/meminfo-writer.pid"
-command="/sbin/meminfo-writer"
+command="/usr/sbin/meminfo-writer"
 command_args="30000 100000 $pidfile"
 command_user="root"
 start_stop_daemon_args=""