forge/qports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: forge:main
Branches Tags
forge:main
forge:r4.2
forge:r4.1
forge:4.2/druide
forge:libvchan/bump
...
pull from: forge:r4.1
Branches Tags
forge:main
forge:r4.2
forge:r4.1
forge:4.2/druide
forge:libvchan/bump

29 commits
main ... r4.1

Author SHA1 Message Date
Antoine Martin
6e019ecb0f
README: update 2024-08-16 21:44:07 -04:00
Antoine Martin
fa354dfddf
forgejo-ci: add multitarget build workflows 2024-08-16 08:16:43 -04:00
Antoine Martin
db97332670
forgejo-ci: initial 2024-08-16 01:20:08 -04:00
Antoine Martin
192238ebb7
gitlab-ci: drop 2024-08-16 01:20:04 -04:00
Antoine Martin
93090f1a62
gitlab-ci.yml: drop v3.18 2024-06-03 10:39:41 -04:00
Antoine Martin
b450bca1af
*: bump pkgrel 2024-06-03 08:25:31 -04:00
Antoine Martin
76b0fad538
gitlab-ci.yml: add 3.20 runners 2024-06-03 08:24:55 -04:00
Antoine Martin
52b885f4c2 qubes-vm-utils: upgrade to 4.1.20 2024-04-20 22:00:06 +00:00
Antoine Martin
fa30c6dde1 qubes-vm-core: upgrade to 4.1.48 2024-04-20 21:55:26 +00:00
Antoine Martin
90f0e5a43c
qubes-usb-proxy: upgrade to 1.2.1 2024-04-20 17:13:45 -04:00
Antoine Martin
09bda96bd4
*: rebuild for python 3.12 2024-04-20 16:57:27 -04:00
Antoine Martin
6e9c36400e qubes-vm-qrexec: upgrade to 4.1.24 2024-02-10 22:00:14 +00:00
Antoine Martin
08db8671dd qubes-gpg-split: upgrade to 2.0.70 2024-02-08 18:32:22 +00:00
Antoine Martin
99c4b6f5e8 qubes-vm-gui: upgrade to 4.1.33 2024-02-08 18:25:51 +00:00
Antoine Martin
b85c3fdc2c
qubes-vm-core: upgrade to 4.1.47 2024-02-08 13:15:15 -05:00
Antoine Martin
e9fb57aa39
qubes-vm-core: fix apk proxy 2024-02-08 12:53:13 -05:00
Antoine Martin
aa1765e457
qubes-libvchan-xen: rebuild againt xen v4.18 2023-12-07 19:46:17 -05:00
Antoine Martin
597e7886a3
*: bump pkgrel 2023-11-28 11:19:45 -05:00
Antoine Martin
7b0bcd1550
gitlab-ci: add v3.19 build 2023-11-28 11:18:20 -05:00
Antoine Martin
960293833e
*: bump pkgrel 2023-08-30 15:48:04 -04:00
Antoine Martin
6d4cb0f4f1
gltlab-ci: implement target multiple Alpine releases 2023-08-30 15:47:59 -04:00
Antoine Martin
8d0f7b55ce Update README.md 2023-08-27 17:19:12 +00:00
Antoine Martin
4f4c87063f
qubes-vm-core: add missing depends 2023-08-26 15:29:43 -04:00
Antoine Martin
54447345b4
qubes-vm-gui: fix pam.d install 2023-08-26 14:08:50 -04:00
Antoine Martin
14b2ac8af5
qubes-vm-core: add eudev depend 2023-08-25 16:40:54 -04:00
Antoine Martin
e1f435d938
Add readme 2023-08-16 00:43:05 -04:00
Antoine Martin
cc3a7230e9
qubes-vm-core: fix lsb depend 2023-08-16 00:27:39 -04:00
Antoine Martin
51e314e969
qubes-vm-core: fix build 2023-08-16 00:12:52 -04:00
Antoine Martin
d366575faa
qubes-vm-qrexec: fix build 2023-08-16 00:12:48 -04:00
31 changed files with 617 additions and 873 deletions
Show stats Expand all files Collapse all files

33
.forgejo/bin/deploy.sh Executable file
View file

@ -0,0 +1,33 @@
#!/bin/sh
# shellcheck disable=SC3040
set -eu -o pipefail
readonly BASEBRANCH=$CI_ALPINE_TARGET
readonly TARGET_REPO=$CI_ALPINE_REPO
get_qubes_release() {
case $GITHUB_BASE_REF in
r*) echo $GITHUB_BASE_REF;;
main) echo r4.3;;
esac
}
readonly QUBES_REL=$(get_qubes_release)
apkgs=$(find package -type f -name "*.apk")
for apk in $apkgs; do
arch=$(echo $apk | awk -F '/' '{print $3}')
name=$(echo $apk | awk -F '/' '{print $4}')
echo "Sending $name of arch $arch to $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL"
return=$(curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL 2>&1)
echo $return
if [ "$return" == "package file already exists" ]; then
echo "Package already exists, refreshing..."
curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN -X DELETE $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL/$arch/$name
curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL
fi
done

140
.forgejo/patches/build.patch Normal file
View file

@ -0,0 +1,140 @@
diff --git a/usr/local/bin/build.sh.orig b/usr/local/bin/build.sh
old mode 100644
new mode 100755
index c3b8f7a..0b1c9a5
--- a/usr/local/bin/build.sh.orig
+++ b/usr/local/bin/build.sh
@@ -7,13 +7,14 @@
set -eu -o pipefail
readonly APORTSDIR=$CI_PROJECT_DIR
-readonly REPOS="main community testing non-free"
+readonly REPOS="main community testing"
readonly ARCH=$(apk --print-arch)
# gitlab variables
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
: "${REPODEST:=$HOME/packages}"
-: "${MIRROR:=https://dl-cdn.alpinelinux.org/alpine}"
+: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}"
+: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
: "${MAX_ARTIFACT_SIZE:=300000000}" #300M
: "${CI_DEBUG_BUILD:=}"
@@ -67,13 +68,32 @@ report() {
}
get_release() {
+ echo $CI_ALPINE_TARGET
+}
+
+
+get_qubes_release() {
case $BASEBRANCH in
- *-stable) echo v"${BASEBRANCH%-*}";;
- master) echo edge;;
- *) die "Branch \"$BASEBRANCH\" not supported!"
+ r*) echo $BASEBRANCH;;
+ main) echo r4.3;;
esac
}
+changed_aports() {
+ : "${APORTSDIR?APORTSDIR missing}"
+ : "${BASEBRANCH?BASEBRANCH missing}"
+
+ cd "$APORTSDIR"
+ local aports
+
+ aports=$(git diff --name-only --diff-filter=ACMR \
+ "$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
+
+ # shellcheck disable=2086
+ ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
+}
+
+
build_aport() {
local repo="$1" aport="$2"
cd "$APORTSDIR/$repo/$aport"
@@ -99,13 +119,13 @@ set_repositories_for() {
local release
release=$(get_release)
- for repo in $REPOS; do
+ for repo in qubes-$(get_qubes_release); do
[ "$repo" = "non-free" ] && continue
- [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
+ [ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue
repos="$repos $MIRROR/$release/$repo $REPODEST/$repo"
[ "$repo" = "$target_repo" ] && break
done
- doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
+ doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
doas apk update
}
@@ -118,7 +138,15 @@ apply_offset_limit() {
}
setup_system() {
- doas sh -c "echo $MIRROR/$(get_release)/main > /etc/apk/repositories"
+ local repos='' repo=''
+ local release
+
+ release=$(get_release)
+ for repo in $REPOS; do
+ [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
+ repos="$repos $ALPINE_MIRROR/$release/$repo"
+ done
+ doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system"
abuild-keygen -ain
doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
@@ -192,32 +220,22 @@ section_end setup
build_start=$CI_ALPINE_BUILD_OFFSET
build_limit=$CI_ALPINE_BUILD_LIMIT
-for repo in $(changed_repos); do
- set_repositories_for "$repo"
- built_aports=0
- changed_aports_in_repo=$(changed_aports "$repo")
- changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
- changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
+set_repositories_for $(get_qubes_release)
+built_aports=0
+changed_aports_in_repo=$(changed_aports $BASEBRANCH)
+changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
+changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
- msg "Changed aports in $repo:"
- # shellcheck disable=SC2086 # Splitting is expected here
- printf " - %s\n" $changed_aports_to_build
- for pkgname in $changed_aports_to_build; do
- section_start "build_$pkgname" "Building package $pkgname"
- built_aports=$((built_aports+1))
- if check_aport "$repo" "$pkgname"; then
- build_aport "$repo" "$pkgname"
- fi
- section_end "build_$pkgname"
- done
-
- build_start=$((build_start-(changed_aports_in_repo_count-built_aports)))
- build_limit=$((build_limit-built_aports))
-
- if [ $build_limit -le 0 ]; then
- msg "Limit reached, breaking"
- break
+msg "Changed aports:"
+# shellcheck disable=SC2086 # Splitting is expected here
+printf " - %s\n" $changed_aports_to_build
+for pkgname in $changed_aports_to_build; do
+ section_start "build_$pkgname" "Building package $pkgname"
+ built_aports=$((built_aports+1))
+ if check_aport . "$pkgname"; then
+ build_aport . "$pkgname"
fi
+ section_end "build_$pkgname"
done
section_start artifacts "Handeling artifacts" collapse

54
.forgejo/workflows/build-edge.yaml Normal file
View file

@ -0,0 +1,54 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
build-edge:
runs-on: x86_64
container:
image: alpinelinux/alpine-gitlab-ci:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
CI_ALPINE_TARGET: edge
steps:
- name: Environment setup
run: |
doas apk add nodejs git patch curl
cd /etc/apk/keys
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
- name: Repo pull
uses: actions/checkout@v4
with:
fetch-depth: 500
- name: Package build
run: |
doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
build.sh
- name: Package upload
uses: forgejo/upload-artifact@v3
with:
name: package
path: packages
deploy-edge:
needs: [build-edge]
runs-on: x86_64
container:
image: alpine:latest
env:
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
CI_ALPINE_TARGET: edge
steps:
- name: Setting up environment
run: apk add nodejs curl findutils git gawk
- name: Repo pull
uses: actions/checkout@v4
- name: Package download
uses: forgejo/download-artifact@v3
- name: Package deployment
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

54
.forgejo/workflows/build-v3.19.yaml Normal file
View file

@ -0,0 +1,54 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
build-v3.19:
runs-on: x86_64
container:
image: alpinelinux/alpine-gitlab-ci:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
CI_ALPINE_TARGET: v3.19
steps:
- name: Environment setup
run: |
doas apk add nodejs git patch curl
cd /etc/apk/keys
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
- name: Repo pull
uses: actions/checkout@v4
with:
fetch-depth: 500
- name: Package build
run: |
doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
build.sh
- name: Package upload
uses: forgejo/upload-artifact@v3
with:
name: package
path: packages
deploy-v3.19:
needs: [build-v3.19]
runs-on: x86_64
container:
image: alpine:latest
env:
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
CI_ALPINE_TARGET: v3.19
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
steps:
- name: Setting up environment
run: apk add nodejs curl findutils git gawk
- name: Repo pull
uses: actions/checkout@v4
- name: Package download
uses: forgejo/download-artifact@v3
- name: Package deployment
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

54
.forgejo/workflows/build-v3.20.yaml Normal file
View file

@ -0,0 +1,54 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
build-v3.20:
runs-on: x86_64
container:
image: alpinelinux/alpine-gitlab-ci:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
CI_ALPINE_TARGET: v3.20
steps:
- name: Environment setup
run: |
doas apk add nodejs git patch curl
cd /etc/apk/keys
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
- name: Repo pull
uses: actions/checkout@v4
with:
fetch-depth: 500
- name: Package build
run: |
doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
build.sh
- name: Package upload
uses: forgejo/upload-artifact@v3
with:
name: package
path: packages
deploy-v3.20:
needs: [build-v3.20]
runs-on: x86_64
container:
image: alpine:latest
env:
CI_ALPINE_TARGET: v3.20
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
steps:
- name: Setting up environment
run: apk add nodejs curl findutils git gawk
- name: Repo pull
uses: actions/checkout@v4
- name: Package download
uses: forgejo/download-artifact@v3
- name: Package deployment
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

21
.forgejo/workflows/lint.yaml Normal file
View file

@ -0,0 +1,21 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
lint:
run-name: lint
runs-on: x86_64
container:
image: alpinelinux/apkbuild-lint-tools:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
steps:
- run: doas apk add nodejs git
- uses: actions/checkout@v4
with:
fetch-depth: 500
- run: lint

67
.gitlab-ci.yml
View file

@ -1,67 +0,0 @@
stages:
- verify
- build
- deploy
variables:
GIT_STRATEGY: clone
GIT_DEPTH: "500"
lint:
stage: verify
interruptible: true
script:
- |
sudo apk add shellcheck atools sudo abuild
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
lint
allow_failure: true
only:
- merge_requests
tags:
- apk-v3.18-x86_64
.build:
stage: build
interruptible: true
script:
- |
sudo apk add alpine-sdk lua-aports sudo
sudo addgroup $USER abuild
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
sudo -Eu $USER build.sh
artifacts:
paths:
- packages/
- keys/
- logs/
expire_in: 7 days
only:
- merge_requests
build-v3.18:
extends: .build
when: always
tags:
- apk-v3.18-x86_64
build-v3.17:
extends: .build
when: manual
tags:
- apk-v3.17-x86_64
push:
interruptible: true
stage: deploy
script:
- |
sudo apk add abuild git-lfs findutils
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
push.sh
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
when: manual
tags:
- repo

111
.gitlab/bin/APKBUILD_SHIM
View file

@ -1,111 +0,0 @@
#!/bin/sh
set -e
arch=
builddir=
checkdepends=
depends=
depends_dev=
depends_doc=
depends_libs=
depends_openrc=
depends_static=
install=
install_if=
langdir=
ldpath=
license=
makedepends=
makedepends_build=
makedepends_host=
md5sums=
options=
patch_args=
pkgbasedir=
pkgdesc=
pkgdir=
pkgname=
pkgrel=
pkgver=
pkggroups=
pkgusers=
provides=
provider_priority=
replaces=
sha256sums=
sha512sums=
sonameprefix=
source=
srcdir=
startdir=
subpackages=
subpkgdir=
subpkgname=
triggers=
url=
# abuild.conf
CFLAGS=
CXXFLAGS=
CPPFLAGS=
LDFLAGS=
JOBS=
MAKEFLAGS=
CMAKE_CROSSOPTS=
. ./APKBUILD
: "$arch"
: "$builddir"
: "$checkdepends"
: "$depends"
: "$depends_dev"
: "$depends_doc"
: "$depends_libs"
: "$depends_openrc"
: "$depends_static"
: "$install"
: "$install_if"
: "$langdir"
: "$ldpath"
: "$license"
: "$makedepends"
: "$makedepends_build"
: "$makedepends_host"
: "$md5sums"
: "$options"
: "$patch_args"
: "$pkgbasedir"
: "$pkgdesc"
: "$pkgdir"
: "$pkgname"
: "$pkgrel"
: "$pkgver"
: "$pkggroups"
: "$pkgusers"
: "$provides"
: "$provider_priority"
: "$replaces"
: "$sha256sums"
: "$sha512sums"
: "$sonameprefix"
: "$source"
: "$srcdir"
: "$startdir"
: "$subpackages"
: "$subpkgdir"
: "$subpkgname"
: "$triggers"
: "$url"
# abuild.conf
: "$CFLAGS"
: "$CXXFLAGS"
: "$CPPFLAGS"
: "$LDFLAGS"
: "$JOBS"
: "$MAKEFLAGS"
: "$CMAKE_CROSSOPTS"

16
.gitlab/bin/apkbuild-shellcheck
View file

@ -1,16 +0,0 @@
#!/bin/sh
shellcheck -s ash \
-e SC3043 \
-e SC3057 \
-e SC3060 \
-e SC2016 \
-e SC2086 \
-e SC2169 \
-e SC2155 \
-e SC2100 \
-e SC2209 \
-e SC2030 \
-e SC2031 \
-e SC1090 \
-xa $CI_PROJECT_DIR/.gitlab/bin/APKBUILD_SHIM

269
.gitlab/bin/build.sh
View file

@ -1,269 +0,0 @@
#!/bin/sh
# shellcheck disable=SC3043
. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
# shellcheck disable=SC3040
set -eu -o pipefail
readonly APORTSDIR=$CI_PROJECT_DIR
readonly REPOS="qubes/r4.1"
readonly ALPINE_REPOS="main community testing"
readonly ARCH=$(apk --print-arch)
# gitlab variables
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
: "${REPODEST:=$HOME/packages}"
: "${MIRROR:=https://lab.ilot.io/ayakael/repo-apk/-/raw}"
: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
: "${MAX_ARTIFACT_SIZE:=300000000}" #300M
: "${CI_DEBUG_BUILD:=}"
: "${CI_ALPINE_BUILD_OFFSET:=0}"
: "${CI_ALPINE_BUILD_LIMIT:=9999}"
: "${CI_ALPINE_TARGET_ARCH:=$(uname -m)}"
msg() {
local color=${2:-green}
case "$color" in
red) color="31";;
green) color="32";;
yellow) color="33";;
blue) color="34";;
*) color="32";;
esac
printf "\033[1;%sm>>>\033[1;0m %s\n" "$color" "$1" | xargs >&2
}
verbose() {
echo "> " "$@"
# shellcheck disable=SC2068
$@
}
debugging() {
[ -n "$CI_DEBUG_BUILD" ]
}
debug() {
if debugging; then
verbose "$@"
fi
}
die() {
msg "$1" red
exit 1
}
capture_stderr() {
"$@" 2>&1
}
report() {
report=$1
reportsdir=$APORTSDIR/logs/
mkdir -p "$reportsdir"
tee -a "$reportsdir/$report.log"
}
get_release() {
local RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}')
case $RELEASE in
v*) echo "${RELEASE%-*}";;
edge) echo edge;;
*) die "Branch \"$RELEASE\" not supported!"
esac
}
get_qubes_release() {
case $BASEBRANCH in
r*) echo $BASEBRANCH;;
master) echo r4.2;;
*) die "Branch \"$BASEBRANCH\" not supported!"
esac
}
build_aport() {
local repo="$1" aport="$2"
cd "$APORTSDIR/$aport"
if abuild -r 2>&1 | report "build-$aport"; then
checkapk | report "checkapk-$aport" || true
aport_ok="$aport_ok $aport"
else
aport_ng="$aport_ng $aport"
fi
}
check_aport() {
local repo="$1" aport="$2"
cd "$APORTSDIR/$aport"
if ! abuild check_arch 2>/dev/null; then
aport_na="$aport_na $aport"
return 1
fi
}
set_repositories_for() {
local target_repo="$1" repos='' repo=''
local release
release=$(get_release)
repos="$MIRROR/$release/qubes/$target_repo $REPODEST/qubes-aports"
sudo sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
sudo apk update || true
}
apply_offset_limit() {
start=$1
limit=$2
end=$((start+limit))
sed -n "$((start+1)),${end}p"
}
setup_system() {
local repos='' repo=''
local release
release=$(get_release)
for repo in $ALPINE_REPOS; do
[ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
repos="$repos $ALPINE_MIRROR/$release/$repo"
done
repos="$repos $MIRROR/$release/cross"
sudo sh -c "printf '%s\n' $repos > /etc/apk/repositories"
sudo apk -U upgrade -a || sudo apk fix || die "Failed to up/downgrade system"
gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
chmod 700 $HOME/.abuild/$ABUILD_KEY_NAME.rsa
echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" >> $HOME/.abuild/abuild.conf
sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/$ABUILD_KEY_NAME.rsa.pub
sudo sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
( . /etc/abuild.conf && echo "Building with $JOBS jobs" )
mkdir -p "$REPODEST"
git config --global init.defaultBranch master
}
sysinfo() {
printf ">>> Host system information (arch: %s, release: %s) <<<\n" "$ARCH" "$(get_release)"
printf "- Number of Cores: %s\n" "$(nproc)"
printf "- Memory: %s Gb\n" "$(awk '/^MemTotal/ {print ($2/1024/1024)}' /proc/meminfo)"
printf "- Free space: %s\n" "$(df -hP / | awk '/\/$/ {print $4}')"
}
copy_artifacts() {
cd "$APORTSDIR"
packages_size="$(du -sk "$REPODEST" | awk '{print $1 * 1024}')"
if [ -z "$packages_size" ]; then
return
fi
echo "Artifact size: $packages_size bytes"
mkdir -p keys/ packages/
if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then
msg "Copying packages for artifact upload"
cp -ar "$REPODEST"/* packages/ 2>/dev/null
cp ~/.abuild/*.rsa.pub keys/
else
msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow
fi
}
section_start setup "Setting up the system" collapse
if debugging; then
set -x
fi
aport_ok=
aport_na=
aport_ng=
failed=
sysinfo || true
setup_system || die "Failed to setup system"
# git no longer allows to execute in repositories owned by different users
sudo chown -R $USER: .
fetch_flags="-qn"
debugging && fetch_flags="-v"
git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
if debugging; then
merge_base=$(git merge-base "$BASEBRANCH" HEAD) || echo "Could not determine merge-base"
echo "Merge base: $merge_base"
git --version
git config -l
[ -n "$merge_base" ] && git tag -f merge-base "$merge_base"
git --no-pager log -200 --oneline --graph --decorate --all
fi
section_end setup
build_start=$CI_ALPINE_BUILD_OFFSET
build_limit=$CI_ALPINE_BUILD_LIMIT
mkdir -p "$APORTSDIR"/logs "$APORTSDIR"/packages "$APORTSDIR"/keys
set_repositories_for $(get_qubes_release)
built_aports=0
changed_aports_in_repo=$(changed_aports $BASEBRANCH)
changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
msg "Changed aports:"
# shellcheck disable=SC2086 # Splitting is expected here
printf " - %s\n" $changed_aports_to_build
for pkgname in $changed_aports_to_build; do
section_start "build_$pkgname" "Building package $pkgname"
built_aports=$((built_aports+1))
if check_aport qubes-aports "$pkgname"; then
build_aport qubes-aports "$pkgname"
fi
section_end "build_$pkgname"
done
build_start=$((build_start-(changed_aports_in_repo_count-built_aports)))
build_limit=$((build_limit-built_aports))
if [ $build_limit -le 0 ]; then
msg "Limit reached, breaking"
break
fi
section_start artifacts "Handeling artifacts" collapse
copy_artifacts || true
section_end artifacts
section_start summary "Build summary"
echo "### Build summary ###"
for ok in $aport_ok; do
msg "$ok: build succesfully"
done
for na in $aport_na; do
msg "$na: disabled for $CI_ALPINE_TARGET_ARCH" yellow
done
for ng in $aport_ng; do
msg "$ng: build failed" red
failed=true
done
section_end summary
if [ "$failed" = true ]; then
exit 1
elif [ -z "$aport_ok" ]; then
msg "No packages found to be built." yellow
fi

20
.gitlab/bin/changed-aports
View file

@ -1,20 +0,0 @@
#!/bin/sh
if [ $# -lt 1 ]; then
echo "Usage: $0 <basebranch>"
exit 1
fi
if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
echo "Fatal: not inside a git repository"
exit 2
fi
basebranch=$1
if ! git rev-parse --verify --quiet $basebranch >/dev/null; then
# The base branch does not eixst, probably due to a shallow clone
git fetch -v $CI_MERGE_REQUEST_PROJECT_URL.git +refs/heads/$basebranch:refs/heads/$basebranch
fi
git --no-pager diff --diff-filter=ACMR --name-only $basebranch...HEAD -- "*/APKBUILD" | xargs -r -n1 dirname

63
.gitlab/bin/functions.sh
View file

@ -1,63 +0,0 @@
# shellcheck disable=SC3043
:
# shellcheck disable=SC3040
set -eu -o pipefail
changed_aports() {
: "${APORTSDIR?APORTSDIR missing}"
: "${BASEBRANCH?BASEBRANCH missing}"
cd "$APORTSDIR"
local repo="$1"
local aports
aports=$(git diff --name-only --diff-filter=ACMR \
"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
# shellcheck disable=2086
ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
}
section_start() {
name=${1?arg 1 name missing}
header=${2?arg 2 header missing}
collapsed=$2
timestamp=$(date +%s)
options=""
case $collapsed in
yes|on|collapsed|true) options="[collapsed=true]";;
esac
printf "\e[0Ksection_start:%d:%s%s\r\e[0K%s\n" "$timestamp" "$name" "$options" "$header"
}
section_end() {
name=$1
timestamp=$(date +%s)
printf "\e[0Ksection_end:%d:%s\r\e[0K" "$timestamp" "$name"
}
gitlab_key_to_rsa() {
KEY=$1
TYPE=$2
TGT=$3
TGT_DIR=${TGT%/*}
if [ "$TGT" == "$TGT_DIR" ]; then
TGT_DIR="./"
fi
if [ ! -d "$TGT_DIR" ]; then
mkdir -p "$TGT_DIR"
fi
case $TYPE in
rsa-public) local type="PUBLIC";;
rsa-private) local type="RSA PRIVATE";;
esac
echo "-----BEGIN $type KEY-----" > "$TGT"
echo $1 | sed 's/.\{64\}/&\
/g' >> "$TGT"
echo "-----END $type KEY-----" >> "$TGT"
}

96
.gitlab/bin/lint
View file

@ -1,96 +0,0 @@
#!/bin/sh
BLUE="\e[34m"
MAGENTA="\e[35m"
RESET="\e[0m"
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
verbose() {
echo "> " "$@"
# shellcheck disable=SC2068
$@
}
debugging() {
[ -n "$CI_DEBUG_BUILD" ]
}
debug() {
if debugging; then
verbose "$@"
fi
}
# git no longer allows to execute in repositories owned by different users
sudo chown -R gitlab-runner: .
fetch_flags="-qn"
debugging && fetch_flags="-v"
git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
if debugging; then
merge_base=$(git merge-base "$BASEBRANCH" HEAD)
echo "$merge_base"
git --version
git config -l
git tag merge-base "$merge_base" || { echo "Could not determine merge-base"; exit 50; }
git log --oneline --graph --decorate --all
fi
has_problems=0
for PKG in $(changed-aports "$BASEBRANCH"); do
printf "$BLUE==>$RESET Linting $PKG\n"
(
cd "$PKG"
repo=$(basename $(dirname $PKG));
if [ "$repo" == "backports" ]; then
echo "Skipping $PKG as backports (we don't care)"
continue
fi
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " parse APKBUILD:\n"
printf '======================================================'
printf "$RESET\n\n"
( . ./APKBUILD ) || has_problems=1
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " abuild sanitycheck:\n"
printf '======================================================'
printf "$RESET\n\n"
abuild sanitycheck || has_problems=1
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " apkbuild-shellcheck:\n"
printf '======================================================'
printf "$RESET\n"
apkbuild-shellcheck || has_problems=1
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " apkbuild-lint:\n"
printf '======================================================'
printf "$RESET\n\n"
apkbuild-lint APKBUILD || has_problems=1
return $has_problems
) || has_problems=1
echo
done
exit $has_problems

64
.gitlab/bin/push.sh
View file

@ -1,64 +0,0 @@
#!/bin/sh
# shellcheck disable=SC3043
. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
# shellcheck disable=SC3040
set -eu -o pipefail
readonly APORTSDIR=$CI_PROJECT_DIR
readonly REPOS="backports user"
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
ALPINE_RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}')
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
gitlab_key_to_rsa $SSH_KEY rsa-private $HOME/.ssh/id_rsa
chmod 700 "$HOME"/.ssh/id_rsa
chmod 700 "$HOME"/.abuild/$ABUILD_KEY_NAME.rsa
echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" > $HOME/.abuild/abuild.conf
echo "REPODEST=$HOME/repo-apk/qubes" >> $HOME/.abuild/abuild.conf
sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/.
if [ -d $HOME/repo-apk ]; then
git -C $HOME/repo-apk fetch
git -C $HOME/repo-apk checkout $ALPINE_RELEASE
git -C $HOME/repo-apk pull --rebase
else
git clone git@lab.ilot.io:ayakael/repo-apk -b $ALPINE_RELEASE $HOME/repo-apk
fi
get_qubes_release() {
case $BASEBRANCH in
r*) echo $BASEBRANCH;;
master) echo r4.2;;
*) die "Branch \"$BASEBRANCH\" not supported!"
esac
}
QUBES_REL=$(get_qubes_release)
for i in $(find packages -type f -name "*.apk"); do
install -vDm644 $i ${i/packages\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL}
done
fetch_flags="-qn"
git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true
mkdir -p qubes/$QUBES_REL/DUMMY
echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD
cd qubes/$QUBES_REL/DUMMY
abuild index
cd "$CI_PROJECT_DIR"
rm -R qubes/$QUBES_REL/DUMMY
git -C $HOME/repo-apk add .
git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE"
git -C $HOME/repo-apk push

70
README.md Normal file
View file

@ -0,0 +1,70 @@
# qports
Upstream: https://ayakael.net/forge/qports
## Description
This repository contains aports that allow Alpine Linux to be used as an Alpine
Linux template. The upstream repo uses GitLab's CI to build and deploy packages
targetting multiple Alpine Linux versions. QubesOS releases are tracked using
branches.
#### Template builder
The template builder is housed in its [own repo](https://ayakael.net/forge/qubes-builder-alpine)
RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate
installation of your very own Alpine Linux template on QubesOS.
#### Provided packages
Use `abuild-r` to build the following packages.
For more information on how to build an Alpine Package, read [this](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package)
Core VM packages
* qubes-vm-xen - Qubes's version of xen
* qubes-libvchan-xen - libvchan library dependency
* qubes-db-vm - qubes-db package
* qubes-vm-utils - qubes-meminfo-writer service package
* qubes-vm-core - Core init.d / qubes scripts
* qubes-vm-gui-dev - Library dependencies for `qubes-vm-gui`
* qubes-vm-gui - GUI agent
* qubes-vm-qrexec - qrexec agent
* qubes-gpg-split
* qubes-usb-proxy
* qubes-meta-packages - Meta package that pulls everything when added to world
Extra packages
* qubes-pass - Aport for Rudd-O's inter-VM password manager for Qubes OS
Omitted packages
* qubes-vmm-xen - The default Alpine xen package seems to provide the necessary modules
## How to use
Built packages are made available on a Forgejo-based Alpine repo for you convenience. You can follow these steps to use them:
Add security key of the apk repository to your /etc/apk/keys:
```shell
cd /etc/apk/keys
curl -JO https://ayakael.net/api/packages/forge/alpine/key
```
Add repository to `/etc/apk/repositories`:
```shell
echo "https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.1" > /etc/apk/repositories
```
#### Known issues
Known issues are currently being tracked in [qubes-builder-alpine](https://ayakael.net/forge/qubes-builder-alpine/issues)
#### Issues, recommendations and proposals
**To report an issue or share a recommendation**
Go [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports/-/issues)
**To make a merge request**
* Fork the repo from Alpine's GitLab [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports)
* Clone your fork locally. (`git clone $repo`)
* Make a branch with a descriptive name (`git checkout -b $descriptivename`)
* Make the changes you want to see in the world, commit, and push to the GitLab's remote repo
* Request a merge [here](https://gitlab.alpinelinux.org/ayakael/qubes-aports/-/merge_requests)

5
qubes-db-vm/APKBUILD
View file

@ -1,10 +1,9 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-db-vm
subpackages="$pkgname-openrc"
pkgver=4.1.17
pkgrel=0
pkgrel=4
_gittag="v$pkgver"
pkgdesc="QubesDB libs and daemon service."
arch="x86_64"

9
qubes-gpg-split/APKBUILD
View file

@ -1,11 +1,10 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-gpg-split
subpackages="$pkgname-doc"
pkgver=2.0.69
pkgver=2.0.70
_gittag="v$pkgver"
pkgrel=0
pkgrel=1
pkgdesc="Used Qubes AppVM as a “smart card”"
arch="x86_64"
url="https://github.com/QubesOS/qubes-app-linux-split-gpg"
@ -35,5 +34,5 @@ package() {
rm -r "$pkgdir/var/run"
}
sha512sums="
e20b4303934d41d537f4efd3d2811802b5f5c86ac97beb1169d5c302dd150b56a3f6ca5c61788ad5cd8731747aa4f91b79806bf863df427603ba6aebab27448b qubes-gpg-split-v2.0.69.tar.gz
a38ca61433c16168f44ef458f9fbc7eb37712f6edfb2bde7af7e08c6d98907e2038335ccda402b97a7940286af58be197a0bea3a20f5843b292766c7277a8350 qubes-gpg-split-v2.0.70.tar.gz
"

61
qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch Normal file
View file

@ -0,0 +1,61 @@
From 8c4c3807119f27957e6c7f87d505d66d0ea4c3d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
<marmarek@invisiblethingslab.com>
Date: Sat, 18 Nov 2023 18:27:28 +0100
Subject: [PATCH] Support changed libxenctrl API in Xen 4.18.0
The xc_domain_getinfo() is gone, it's replaced with
xc_domain_getinfo_single. While the new API is a bit nicer, xenctrl.h
does not provide any #define to know which one is available. Check
library version in the makefile for that.
---
vchan/Makefile.linux | 4 ++++
vchan/io.c | 10 ++++++++++
2 files changed, 14 insertions(+)
diff --git a/vchan/Makefile.linux b/vchan/Makefile.linux
index 281f2b5..587cb34 100644
--- a/vchan/Makefile.linux
+++ b/vchan/Makefile.linux
@@ -27,6 +27,11 @@ CFLAGS += -g -Wall -Wextra -Werror -fPIC -O2 -D_GNU_SOURCE -D_FORTIFY_SOURCE=2 -
all: libvchan-xen.so vchan-xen.pc
-include *.dep
+# xenctrl.h does not provide any #define to distinguish API versions
+XENCTRL_VERSION := $(shell pkg-config --modversion xencontrol)
+CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \
+ sort -CV; then echo -DHAVE_XC_DOMAIN_GETINFO_SINGLE; fi)
+
libvchan-xen.so : init.o io.o
$(CC) $(LDFLAGS) -shared -o libvchan-xen.so $^ -lxenvchan -lxenctrl
clean:
diff --git a/vchan/io.c b/vchan/io.c
index 3d0ed35..0c23223 100644
--- a/vchan/io.c
+++ b/vchan/io.c
@@ -33,14 +33,24 @@
/* check if domain is still alive */
int libvchan__check_domain_alive(xc_interface *xc_handle, int dom) {
struct evtchn_status evst;
+#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE
+ xc_domaininfo_t dominfo;
+#else
xc_dominfo_t dominfo;
+#endif
int ret;
/* first try using domctl, more reliable but available in a privileged
* domain only */
+#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE
+ ret = xc_domain_getinfo_single(xc_handle, dom, &dominfo);
+ if (ret == 0)
+ return !(dominfo.flags & XEN_DOMINF_dying);
+#else
ret = xc_domain_getinfo(xc_handle, dom, 1, &dominfo);
if (ret == 1)
return dominfo.domid == (uint32_t)dom && !dominfo.dying;
+#endif
else if (ret == -1 && errno == ESRCH)
return 0;
/* otherwise fallback to xc_evtchn_status method */

13
qubes-libvchan-xen/APKBUILD
View file

@ -1,20 +1,22 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-libvchan-xen
pkgver=4.1.13
pkgrel=1
pkgrel=5
_gittag=v$pkgver
pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM."
arch="x86_64"
url="https://github.com/QubesOS/qubes-core-vchan-xen"
license='GPL'
depends="xen"
makedepends="xen-dev"
makedepends="xen-dev coreutils"
builddir="$srcdir"/qubes-core-vchan-xen-$pkgver
subpackages="$pkgname-dev"
source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz"
source="
$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz
39_support-changed-libxenctrl-api-xen418.patch
"
build() {
cd "$builddir"/vchan
@ -27,4 +29,5 @@ package() {
sha512sums="
cefb6b89f75936d791910d2169170536221d3123a1b33a14bea1fc5c08950ce934666719bf08eb3cc86ac055f85e6834f71e21c31189fa7299af09296c3cd99f qubes-libvchan-xen-v4.1.13.tar.gz
fedcba617d3843e41f257ff16b0a3108af844184252d4e702df8eccba21a4ef17d62c96acdb87bb4964e783b7f2f026305777be3379e7e7b51f4535a4704b52a 39_support-changed-libxenctrl-api-xen418.patch
"

5
qubes-meta-packages/APKBUILD
View file

@ -1,6 +1,5 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-meta-packages
subpackages="
qubes-vm-dependencies
@ -8,7 +7,7 @@ subpackages="
"
pkgver=4.1.24
_gittag="v$pkgver"
pkgrel=0
pkgrel=3
pkgdesc="Meta packages for Qubes-specific components"
arch="noarch"
url="https://github.com/QubesOS/qubes-meta-packages"

5
qubes-pass/APKBUILD
View file

@ -1,10 +1,9 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-pass
pkgver=0.1.0
_gittag="v$pkgver"
pkgrel=0
pkgrel=3
pkgdesc="An inter-VM password manager for Qubes OS"
arch="noarch"
url="https://github.com/Rudd-O/qubes-pass"

9
qubes-usb-proxy/APKBUILD
View file

@ -1,10 +1,9 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-usb-proxy
pkgver=1.1.5
pkgver=1.2.1
_gittag="v$pkgver"
pkgrel=0
pkgrel=1
pkgdesc="The Qubes service for proxying USB devices"
arch="noarch"
url="https://github.com/QubesOS/qubes-app-linux-usb-proxy"
@ -32,5 +31,5 @@ package() {
done
}
sha512sums="
27d28faec2ab9cc9df1e361dac244bc1b10afc406860ca2e3fc2dff3b666c6adaed615625aeba785918f8e08cffb215ef028698a178d795e586740caf1566fc9 qubes-usb-proxy-v1.1.5.tar.gz
e034ce9ec163fdcd4ad2ceb0cb1f5158ae670484b589a34ef610731a379f0f76f280cabb195c2e97228bbeb61cfb9296ccc89ad533a050f0d464a50724724cbb qubes-usb-proxy-v1.2.1.tar.gz
"

24
qubes-vm-core/APKBUILD
View file

@ -1,6 +1,5 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-core
subpackages="
qubes-vm-networking:networking:noarch
@ -8,8 +7,8 @@ subpackages="
$pkgname-openrc
$pkgname-doc
"
pkgver=4.1.44
pkgrel=0
pkgver=4.1.48
pkgrel=1
_gittag="v$pkgver"
pkgdesc="The Qubes core files for installation inside a Qubes VM."
arch="x86_64"
@ -17,10 +16,14 @@ url="https://github.com/QubesOS/qubes-core-agent-linux"
license="GPL"
options="!check" # No testsuite
depends="
blkid
coreutils
dconf
desktop-file-utils
device-mapper
diffutils
e2fsprogs
e2fsprogs-extra
ethtool
fakeroot
gawk
@ -35,7 +38,6 @@ depends="
py3-dbus
py3-gobject3
py3-xdg
python3
qubes-db-vm
qubes-libvchan-xen
qubes-vm-utils
@ -48,6 +50,7 @@ makedepends="
gcc
libx11-dev
linux-pam-dev
lsb-release-minimal
make
pandoc
pkgconf
@ -68,6 +71,7 @@ source="
qubes-sysinit.openrc
qubes-updates-proxy-forwarder.openrc
qubes-updates-proxy.openrc
apk-proxy.sh
qvm-sync-clock.sh
"
builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v}
@ -107,6 +111,9 @@ package() {
make -C network DESTDIR="$pkgdir" install
install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/.
install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/.
install -Dm644 "$srcdir"/apk-proxy.sh "$pkgdir"/etc/profile.d/apk-proxy.sh
install -dm755 "$pkgdir"/etc/bash
ln -s /etc/profile.d/apk-proxy.sh "$pkgdir"/etc/bash/apk-proxy.sh
for i in $source; do
case $i in
@ -116,7 +123,6 @@ package() {
"$pkgdir"/etc/conf.d/${i%.*};;
esac
done
}
@ -138,7 +144,6 @@ networking() {
net-tools
networkmanager
nftables
python3
qubes-db-vm
qubes-vm-core
qubes-vm-utils
@ -156,14 +161,15 @@ root() {
make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
}
sha512sums="
34ba5d84fa621ff25e8a9cc0d6ca69ee25bc7dbf37f13b08ccec13692ec9ebb8b12732878464e7e2909366de68727bdb66f960692be41e5186126701dfe861dd qubes-vm-core-v4.1.44.tar.gz
c7db62f9d35984080c1665847c90d2ffba01c44ce3df2e1d76379a972beb5ed921a7c1e2de541933b9623979087d079c6da6ba2272cd7a2ee94c39a94d4af27a qubes-vm-core-v4.1.48.tar.gz
95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc
61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc
da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc
8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0 qubes-firewall.openrc
437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f qubes-iptables.openrc
e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30 qubes-sysinit.openrc
b1e8af2335955e52cf1817c56296f94f8c472e68d7a17a28f516fe4f5fa8a8053d4f9333efbb007a82a06f9442a4a6cfe5f9c751de07f337e47ee04cb18b9395 qubes-updates-proxy-forwarder.openrc
99ec0afc167866727072606aa183f0c7a539e68e0d8b9a57f6b9c129d3722c9135e1487eef438807d7138af0e669fb14608cbc1f1d5620ee9e995f294a8929f8 qubes-updates-proxy-forwarder.openrc
29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c qubes-updates-proxy.openrc
517d59e4699c24f23ccd59f5d4be3a519a426eee99d742c637fe1a9e69caa073621f4e9362c30182ba5a1a3eb0a769070c96e2c6b24cd8366a1f8f450a0b1c01 apk-proxy.sh
cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh
"

5
qubes-vm-core/apk-proxy.sh Normal file
View file

@ -0,0 +1,5 @@
# Use the update proxy over the QubesOS RPC for apk
# /etc/init.d/qubes-updates-proxy-forwarder creates the socket to the proxy
alias apk='https_proxy="http://127.0.0.1:8082/" http_proxy="http://127.0.0.1:8082/" apk'
# allow aliases with sudo
alias sudo='sudo '

136
qubes-vm-core/qubes-updates-proxy-forwarder.openrc
View file

@ -1,116 +1,34 @@
#!/bin/bash
#
#!/sbin/openrc-run
# Updates proxy forwarder Startup script for the updates proxy forwarder
#
# chkconfig: 345 85 15
# description: forwards connection to updates proxy over Qubes RPC
#
# processname: ncat
# pidfile: /var/run/qubes-updates-proxy-forwarder.pid
#
# The clients should use the below shell variable exports:
# http_proxy="http://127.0.0.1:8082/"
# https_proxy="http://127.0.0.1:8082/"
# For apk, see the /etc/profile.d/apk-proxy.sh alias
# Source function library.
# shellcheck disable=SC1091
. /etc/init.d/functions.sh
name=$RC_SVCNAME
cfgfile="/etc/qubes/$RC_SVCNAME.conf"
command="/bin/busybox"
command_args="nc -lk -s 127.0.0.1 -p 8082 -e /usr/bin/qrexec-client-vm @default qubes.UpdatesProxy"
command_user="root"
pidfile="/run/qubes/$RC_SVCNAME.pid"
command_background="yes"
output_log="/var/log/qubes/$RC_SVCNAME.log"
error_log="/var/log/qubes/$RC_SVCNAME.err"
# Source Qubes library.
# shellcheck source=init/functions
. /usr/lib/qubes/init/functions
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
exec="/usr/bin/ncat"
prog=$(basename $exec)
pidfile="/var/run/qubes-updates-proxy-forwarder.pid"
# shellcheck disable=SC1091
[ -e /etc/sysconfig/qubes-updates-proxy-forwarder ] && . /etc/sysconfig/qubes-updates-proxy-forwarder
lockfile=/var/lock/subsys/qubes-updates-proxy-forwarder
start() {
have_qubesdb || return
if ! qsvc updates-proxy-setup ; then
# updates proxy configuration disabled
exit 0
fi
if qsvc qubes-updates-proxy ; then
# updates proxy running here too, avoid looping traffic back to itself
exit 0
fi
[ -x $exec ] || exit 5
echo -n $"Starting $prog (as Qubes updates proxy forwarder): "
# shellcheck disable=SC2016
start-stop-daemon \
--exec $exec \
--pidfile "$pidfile" \
--make-pidfile \
--background \
--start \
-- \
-k -l -e 'qrexec-client-vm $default qubes.UpdatesProxy'
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
depend() {
need qubes-qrexec-agent
need net
}
stop() {
echo -n $"Stopping $prog: "
killproc -p $pidfile "$prog"
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
start_pre() {
checkpath --directory --owner $command_user:qubes --mode 0775 \
/run/qubes \
/var/log/qubes \
/var/run/qubes
# TODO should fail if qubes-update-proxy is running
# if qsvc qubes-updates-proxy ; then
# # updates proxy running here too, avoid looping traffic back to itself
# exit 0
# fi
}
restart() {
stop
start
}
force_reload() {
restart
}
rh_status() {
status "$prog"
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|force-reload}"
exit 2
esac
exit $?

2
qubes-vm-core/sudo-aliases.sh Normal file
View file

@ -0,0 +1,2 @@
# allow aliases with sudo
alias sudo='sudo '

5
qubes-vm-gui-dev/APKBUILD
View file

@ -1,10 +1,9 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-gui-dev
pkgver=4.1.1
_gittag="v$pkgver"
pkgrel=1
pkgrel=4
pkgdesc="Common files for Qubes GUI - protocol headers."
arch="noarch"
url="https://github.com/QubesOS/qubes-gui-common"

19
qubes-vm-gui/APKBUILD
View file

@ -1,10 +1,9 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-gui
subpackages="qubes-vm-pulseaudio $pkgname-openrc"
pkgver=4.1.31
pkgrel=0
pkgver=4.1.33
pkgrel=2
_gittag="v$pkgver"
pkgdesc="The Qubes GUI Agent for AppVMs"
arch="x86_64"
@ -62,10 +61,6 @@ build() {
sed 's:ExecStartPre=/bin/touch:#ExecStartPre=/bin/touch:' -i appvm-scripts/qubes-gui-agent.service
# Ensure that qubes-gui-agent starts after user autologin
sed 's/After=\(.*\)qubes-misc-post.service/After=\1qubes-misc-post.service getty.target/' -i appvm-scripts/qubes-gui-agent.service
# Starts qubes-session after X11 start
install -Dm 755 "$srcdir"/qubes-sessions.sh "$pkgdir"/etc/X11/xinit/xinitrc.d/90-qubes-sessions.sh
# Remove broken pam and replace with adequate
install -Dm 644 "$srcdir"/qubes-gui-agent.pam "$pkgdir"/etc/pam.d/qubes-gui-agent
make BACKEND_VMM="$_qubes_backend_vmm" appvm
make appvm
@ -80,6 +75,12 @@ build() {
package() {
make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
install -Dm 755 "$srcdir"/qubes-gui-agent.openrc "$pkgdir"/etc/init.d/qubes-gui-agent
# Starts qubes-session after X11 start
install -Dm 755 "$srcdir"/qubes-sessions.sh "$pkgdir"/etc/X11/xinit/xinitrc.d/90-qubes-sessions.sh
# Remove broken pam and replace with adequate
install -Dm 644 "$srcdir"/qubes-gui-agent.pam "$pkgdir"/etc/pam.d/qubes-gui-agent
}
pulseaudio() {
@ -96,7 +97,7 @@ pulseaudio() {
make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
}
sha512sums="
6a72fde5b3c1c6025b13b58340bb8d3eccab05050c8cbe3741d7c18ca48826e45a3df3716d77e2dd733c119ff8db5d920faa73f05cb94049306a0dad6f58349f qubes-vm-gui-v4.1.31.tar.gz
1ace8f7510db02c7df3eebdf633e4c0dae0e29f43e51ef7605f5ae96c838b32c0a3776c7157108181b310ae17d777e78c6a793e3100a8b28688649494e4a0bc9 qubes-vm-gui-v4.1.33.tar.gz
f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch
262b93b4ea172926dc18b7af372168ff3f645a02db1529cb73af3d5aa6252a75500bfbd95344a835bbf646e753018d0e27885e41a03f06247226a485edb5e028 0001-initd-fix.patch
68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc

16
qubes-vm-qrexec/APKBUILD
View file

@ -1,11 +1,10 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-qrexec
subpackages="$pkgname-openrc $pkgname-doc"
pkgver=4.1.22
pkgver=4.1.24
_gittag="v$pkgver"
pkgrel=0
pkgrel=2
pkgdesc="The Qubes qrexec files (qube side)"
arch="x86_64"
url="https://github.com/QubesOS/qubes-core-qrexec"
@ -13,17 +12,18 @@ license='GPL'
depends="qubes-libvchan-xen"
options="!check" # No testsuite
makedepends="
gcc
grep
make
lsb-release-minimal
pandoc
pkgconf
py3-setuptools
lld
qubes-libvchan-xen-dev
"
source="
$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-qrexec/archive/refs/tags/$_gittag.tar.gz
qubes-qrexec-agent.openrc
makefile-remove-cc-cflags.patch
agent-qrexec-fork-server-undef-fortify-source.patch
"
builddir="$srcdir/qubes-core-qrexec-${_gittag/v}"
@ -47,13 +47,13 @@ build() {
}
package() {
export LDFLAGS="$LDFLAGS -fuse-ld=lld"
make install-base DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
make install-vm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent
}
sha512sums="
c4d993dae87446fe73f390bdf0aa3bcfacce1a630b1f0e5f20c6ea7710c14cd9a7a0a66a66e5731dee47c6958c659e61b3c0ebea5a99a31317a52fb326650a2f qubes-vm-qrexec-v4.1.22.tar.gz
c263c2ebc878de41c9f8bd495855955096c5c69c2e48006170a3117793a64cfd1c65eee9c8b85dfca15b45f9e49db2cf8acf7bea51433708fffa49dcde8083a0 qubes-vm-qrexec-v4.1.24.tar.gz
e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc
e48a06778a880915827fb2ef3e38379eb2bc6cf63f7fed79472be4732f7110b0c642c7a62a43236f53404ce69afddd40a5bc92a984403aae74caae1580c31200 makefile-remove-cc-cflags.patch
69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch
"

35
qubes-vm-qrexec/makefile-remove-cc-cflags.patch Normal file
View file

@ -0,0 +1,35 @@
diff --git a/Makefile.orig b/Makefile
index ade10bf..7de05a4 100644
--- a/Makefile.orig
+++ b/Makefile
@@ -26,7 +24,7 @@ all-base:
$(PYTHON) setup.py build
.PHONY: all-base
-install-base: all-base
+install-base:
+$(MAKE) install -C libqrexec
$(PYTHON) setup.py install -O1 $(PYTHON_PREFIX_ARG) --skip-build --root $(DESTDIR)
ln -sf qrexec-policy-exec $(DESTDIR)/usr/bin/qrexec-policy
@@ -75,7 +73,7 @@ all-vm-selinux:
+$(MAKE) -f /usr/share/selinux/devel/Makefile -C selinux qubes-core-qrexec.pp
.PHONY: all-vm
-install-vm: all-vm
+install-vm:
+$(MAKE) install -C agent
install -d $(DESTDIR)/$(SYSLIBDIR)/systemd/system -m 755
install -t $(DESTDIR)/$(SYSLIBDIR)/systemd/system -m 644 systemd/qubes-qrexec-agent.service
diff --git a/agent/Makefile.orig b/agent/Makefile
index e1500f1..d75f60e 100644
--- a/agent/Makefile.orig
+++ b/agent/Makefile
@@ -32,7 +32,7 @@ else
endif
-install: all
+install:
install -d $(DESTDIR)/etc/qubes-rpc $(DESTDIR)/usr/lib/qubes \
$(DESTDIR)/usr/bin $(DESTDIR)/usr/share/man/man1
install qrexec-agent $(DESTDIR)/usr/lib/qubes

9
qubes-vm-utils/APKBUILD
View file

@ -1,13 +1,12 @@
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-utils
subpackages="
qubes-vm-kernel-support:support:noarch
$pkgname-openrc
"
pkgver=4.1.19
pkgrel=0
pkgver=4.1.20
pkgrel=1
_gittag="v$pkgver"
pkgdesc="Common Linux files for Qubes VM."
arch="x86_64"
@ -58,6 +57,6 @@ support() {
install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh
}
sha512sums="
adfa6190af80e8ff92b899056370b8e820820154dcbad2d141debc72a6f122d94894eb0ffd5f56715db8ff7c3166c63b8832a78f70c35d86d42af071297b7d35 qubes-vm-utils-v4.1.19.tar.gz
fda4dde19b4a413da269442cd214682518dc0f83c69b02a1383dc448a974b59ac9bd85a49c3125938acbf03708df6f364c24f0bc7c8f8d98ef7b318486aa9c02 qubes-vm-utils-v4.1.20.tar.gz
aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3 qubes-meminfo-writer.openrc
"