qubes-app-linux-druide-antidote: new aport

qubes-libvchan-xen: rebuild againt xen v4.18
*: bump pkgrel
2024-02-01 14:18:08 -05:00 · 2023-12-07 20:01:21 -05:00 · 2023-11-28 11:19:45 -05:00 · 2023-11-28 11:18:20 -05:00 · 2023-08-30 15:48:04 -04:00 · 2023-08-30 15:47:59 -04:00
43 changed files with 951 additions and 844 deletions
--- a/.forgejo/bin/deploy.sh
+++ b/.forgejo/bin/deploy.sh
@ -1,33 +0,0 @@
-#!/bin/sh
-
-# shellcheck disable=SC3040
-set -eu -o pipefail
-
-readonly BASEBRANCH=$CI_ALPINE_TARGET
-readonly TARGET_REPO=$CI_ALPINE_REPO
-
-get_qubes_release() {
- 	case $GITHUB_BASE_REF in
-		r*) echo $GITHUB_BASE_REF;;
-		main) echo r4.3;;
- 	esac
-}
-
-readonly QUBES_REL=$(get_qubes_release)
-
-apkgs=$(find package -type f -name "*.apk")
-
-for apk in $apkgs; do
-	arch=$(echo $apk | awk -F '/' '{print $3}')
-	name=$(echo $apk | awk -F '/' '{print $4}')
-
-	echo "Sending $name of arch $arch to $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL"
-	return=$(curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL 2>&1)
-	echo $return
-	if [ "$return" == "package file already exists" ]; then
-		echo "Package already exists, refreshing..."
-		curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN -X DELETE $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL/$arch/$name
-		curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL
-	fi
-done
-
--- a/.forgejo/patches/build.patch
+++ b/.forgejo/patches/build.patch
@ -1,140 +0,0 @@
-diff --git a/usr/local/bin/build.sh.orig b/usr/local/bin/build.sh
-old mode 100644
-new mode 100755
-index c3b8f7a..0b1c9a5
--- a/usr/local/bin/build.sh.orig
-+++ b/usr/local/bin/build.sh
-@@ -7,13 +7,14 @@
- set -eu -o pipefail
- 
- readonly APORTSDIR=$CI_PROJECT_DIR
-readonly REPOS="main community testing non-free"
-+readonly REPOS="main community testing"
- readonly ARCH=$(apk --print-arch)
- # gitlab variables
- readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
- 
- : "${REPODEST:=$HOME/packages}"
-: "${MIRROR:=https://dl-cdn.alpinelinux.org/alpine}"
-+: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}"
-+: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
- : "${MAX_ARTIFACT_SIZE:=300000000}" #300M
- : "${CI_DEBUG_BUILD:=}"
- 
-@@ -67,13 +68,32 @@ report() {
- }
- 
- get_release() {
-+	echo $CI_ALPINE_TARGET
-+}
-+
-+
-+get_qubes_release() {
- 	case $BASEBRANCH in
-		*-stable) echo v"${BASEBRANCH%-*}";;
-		master) echo edge;;
-		*) die "Branch \"$BASEBRANCH\" not supported!"
-+		r*) echo $BASEBRANCH;;
-+		main) echo r4.3;;
- 	esac
- }
- 
-+changed_aports() {
-+	: "${APORTSDIR?APORTSDIR missing}"
-+	: "${BASEBRANCH?BASEBRANCH missing}"
-+
-+	cd "$APORTSDIR"
-+	local aports
-+
-+	aports=$(git diff --name-only --diff-filter=ACMR \
-+		"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
-+
-+	# shellcheck disable=2086
-+	ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
-+}
-+
-+
- build_aport() {
- 	local repo="$1" aport="$2"
- 	cd "$APORTSDIR/$repo/$aport"
-@@ -99,13 +119,13 @@ set_repositories_for() {
- 	local release
- 
- 	release=$(get_release)
-	for repo in $REPOS; do
-+	for repo in qubes-$(get_qubes_release); do
- 		[ "$repo" = "non-free" ] && continue
-		[ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
-+		[ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue
- 		repos="$repos $MIRROR/$release/$repo $REPODEST/$repo"
- 		[ "$repo" = "$target_repo" ] && break
- 	done
-	doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
-+	doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
- 	doas apk update
- }
- 
-@@ -118,7 +138,15 @@ apply_offset_limit() {
- }
- 
- setup_system() {
-	doas sh -c "echo $MIRROR/$(get_release)/main > /etc/apk/repositories"
-+	local repos='' repo=''
-+	local release
-+
-+	release=$(get_release)
-+	for repo in $REPOS; do
-+		[ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
-+		repos="$repos $ALPINE_MIRROR/$release/$repo"
-+	done
-+	doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
- 	doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system"
- 	abuild-keygen -ain
- 	doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
-@@ -192,32 +220,22 @@ section_end setup
- build_start=$CI_ALPINE_BUILD_OFFSET
- build_limit=$CI_ALPINE_BUILD_LIMIT
- 
-for repo in $(changed_repos); do
-	set_repositories_for "$repo"
-	built_aports=0
-	changed_aports_in_repo=$(changed_aports "$repo")
-	changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
-	changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
-+set_repositories_for $(get_qubes_release)
-+built_aports=0
-+changed_aports_in_repo=$(changed_aports $BASEBRANCH)
-+changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
-+changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
- 
-	msg "Changed aports in $repo:"
-	# shellcheck disable=SC2086 # Splitting is expected here
-	printf " - %s\n" $changed_aports_to_build
-	for pkgname in $changed_aports_to_build; do
-		section_start "build_$pkgname" "Building package $pkgname"
-		built_aports=$((built_aports+1))
-		if check_aport "$repo" "$pkgname"; then
-			build_aport "$repo" "$pkgname"
-		fi
-		section_end "build_$pkgname"
-	done
-
-	build_start=$((build_start-(changed_aports_in_repo_count-built_aports)))
-	build_limit=$((build_limit-built_aports))
-
-	if [ $build_limit -le 0 ]; then
-		msg "Limit reached, breaking"
-		break
-+msg "Changed aports:"
-+# shellcheck disable=SC2086 # Splitting is expected here
-+printf " - %s\n" $changed_aports_to_build
-+for pkgname in $changed_aports_to_build; do
-+	section_start "build_$pkgname" "Building package $pkgname"
-+	built_aports=$((built_aports+1))
-+	if check_aport . "$pkgname"; then
-+		build_aport . "$pkgname"
- 	fi
-+	section_end "build_$pkgname"
- done
- 
- section_start artifacts "Handeling artifacts" collapse
--- a/.forgejo/workflows/build-edge.yaml
+++ b/.forgejo/workflows/build-edge.yaml
@ -1,54 +0,0 @@
-on: 
-  pull_request:
-    types: [ assigned, opened, synchronize, reopened ]
-
-jobs:
-  build-edge:
-    runs-on: x86_64
-    container:
-      image: alpinelinux/alpine-gitlab-ci:latest
-    env:
-      CI_PROJECT_DIR: ${{ github.workspace }}
-      CI_DEBUG_BUILD: ${{ runner.debug }}
-      CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
-      CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
-      CI_ALPINE_TARGET: edge
-    steps:
-      - name: Environment setup
-        run: |
-          doas apk add nodejs git patch curl
-          cd /etc/apk/keys
-          doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
-      - name: Repo pull
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 500
-      - name: Package build
-        run: |
-          doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
-          build.sh
-      - name: Package upload
-        uses: forgejo/upload-artifact@v3
-        with:
-          name: package
-          path: packages
-
-  deploy-edge:
-    needs: [build-edge]
-    runs-on: x86_64
-    container:
-      image: alpine:latest
-    env:
-      CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
-      FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
-      FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
-      CI_ALPINE_TARGET: edge
-    steps:
-      - name: Setting up environment
-        run: apk add nodejs curl findutils git gawk
-      - name: Repo pull
-        uses: actions/checkout@v4
-      - name: Package download
-        uses: forgejo/download-artifact@v3
-      - name: Package deployment
-        run: ${{ github.workspace }}/.forgejo/bin/deploy.sh
--- a/.forgejo/workflows/build-v3.19.yaml
+++ b/.forgejo/workflows/build-v3.19.yaml
@ -1,54 +0,0 @@
-on: 
-  pull_request:
-    types: [ assigned, opened, synchronize, reopened ]
-
-jobs:
-  build-v3.19:
-    runs-on: x86_64
-    container:
-      image: alpinelinux/alpine-gitlab-ci:latest
-    env:
-      CI_PROJECT_DIR: ${{ github.workspace }}
-      CI_DEBUG_BUILD: ${{ runner.debug }}
-      CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
-      CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
-      CI_ALPINE_TARGET: v3.19
-    steps:
-      - name: Environment setup
-        run: |
-          doas apk add nodejs git patch curl
-          cd /etc/apk/keys
-          doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
-      - name: Repo pull
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 500
-      - name: Package build
-        run: |
-          doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
-          build.sh
-      - name: Package upload
-        uses: forgejo/upload-artifact@v3
-        with:
-          name: package
-          path: packages
-
-  deploy-v3.19:
-    needs: [build-v3.19]
-    runs-on: x86_64
-    container:
-      image: alpine:latest
-    env:
-      CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
-      CI_ALPINE_TARGET: v3.19
-      FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
-      FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
-    steps:
-      - name: Setting up environment
-        run: apk add nodejs curl findutils git gawk
-      - name: Repo pull
-        uses: actions/checkout@v4
-      - name: Package download
-        uses: forgejo/download-artifact@v3
-      - name: Package deployment
-        run: ${{ github.workspace }}/.forgejo/bin/deploy.sh
--- a/.forgejo/workflows/build-v3.20.yaml
+++ b/.forgejo/workflows/build-v3.20.yaml
@ -1,54 +0,0 @@
-on: 
-  pull_request:
-    types: [ assigned, opened, synchronize, reopened ]
-
-jobs:
-  build-v3.20:
-    runs-on: x86_64
-    container:
-      image: alpinelinux/alpine-gitlab-ci:latest
-    env:
-      CI_PROJECT_DIR: ${{ github.workspace }}
-      CI_DEBUG_BUILD: ${{ runner.debug }}
-      CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
-      CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
-      CI_ALPINE_TARGET: v3.20
-    steps:
-      - name: Environment setup
-        run: |
-          doas apk add nodejs git patch curl
-          cd /etc/apk/keys
-          doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
-      - name: Repo pull
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 500
-      - name: Package build
-        run: |
-          doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
-          build.sh
-      - name: Package upload
-        uses: forgejo/upload-artifact@v3
-        with:
-          name: package
-          path: packages
-
-  deploy-v3.20:
-    needs: [build-v3.20]
-    runs-on: x86_64
-    container:
-      image: alpine:latest
-    env:
-      CI_ALPINE_TARGET: v3.20
-      CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
-      FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
-      FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
-    steps:
-      - name: Setting up environment
-        run: apk add nodejs curl findutils git gawk
-      - name: Repo pull
-        uses: actions/checkout@v4
-      - name: Package download
-        uses: forgejo/download-artifact@v3
-      - name: Package deployment
-        run: ${{ github.workspace }}/.forgejo/bin/deploy.sh
--- a/.forgejo/workflows/lint.yaml
+++ b/.forgejo/workflows/lint.yaml
@ -1,21 +0,0 @@
-on: 
-  pull_request:
-    types: [ assigned, opened, synchronize, reopened ]
-
-jobs:
-  lint:
-    run-name: lint
-    runs-on: x86_64
-    container:
-      image: alpinelinux/apkbuild-lint-tools:latest
-    env:
-      CI_PROJECT_DIR: ${{ github.workspace }}
-      CI_DEBUG_BUILD: ${{ runner.debug }}
-      CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
-      CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
-    steps:
-      - run: doas apk add nodejs git
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 500
-      - run: lint
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -0,0 +1,80 @@
+stages:
+  - verify
+  - build
+  - deploy
+
+variables:
+  GIT_STRATEGY: clone
+  GIT_DEPTH: "500"
+
+lint:
+  stage: verify
+  interruptible: true
+  script:
+    - |
+      sudo apk add shellcheck atools sudo abuild
+      export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
+      lint
+  allow_failure: true
+  only:
+    - merge_requests
+  tags:
+    - apk-v3.18-x86_64
+
+.build:
+  stage: build
+  interruptible: true
+  script:
+    - |
+      sudo apk add alpine-sdk lua-aports sudo
+      sudo addgroup $USER abuild
+      export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
+      sudo -Eu $USER build.sh
+  artifacts:
+    paths:
+      - packages/
+      - keys/
+      - logs/
+    expire_in: 7 days
+  only:
+    - merge_requests
+
+build-v3.18:
+  extends: .build
+  when: always
+  variables:
+    CI_ALPINE_TARGET_RELEASE: v3.18
+  tags:
+    - apk-$CI_ALPINE_TARGET_RELEASE-x86_64
+
+build-v3.19:
+  extends: .build
+  when: always
+  variables:
+    CI_ALPINE_TARGET_RELEASE: v3.19
+  tags:
+    - apk-$CI_ALPINE_TARGET_RELEASE-x86_64
+
+build-edge:
+  extends: .build
+  when: always
+  variables:
+    CI_ALPINE_TARGET_RELEASE: edge
+  tags:
+    - apk-$CI_ALPINE_TARGET_RELEASE-x86_64
+
+
+push:
+  interruptible: true
+  stage: deploy
+  script:
+    - |
+      sudo apk add abuild git-lfs findutils
+      export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
+      push.sh
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+      when: manual
+  tags:
+    - repo
+
--- a/.gitlab/bin/APKBUILD_SHIM
+++ b/.gitlab/bin/APKBUILD_SHIM
@ -0,0 +1,111 @@
+#!/bin/sh
+
+set -e
+
+arch=
+builddir=
+checkdepends=
+depends=
+depends_dev=
+depends_doc=
+depends_libs=
+depends_openrc=
+depends_static=
+install=
+install_if=
+langdir=
+ldpath=
+license=
+makedepends=
+makedepends_build=
+makedepends_host=
+md5sums=
+options=
+patch_args=
+pkgbasedir=
+pkgdesc=
+pkgdir=
+pkgname=
+pkgrel=
+pkgver=
+pkggroups=
+pkgusers=
+provides=
+provider_priority=
+replaces=
+sha256sums=
+sha512sums=
+sonameprefix=
+source=
+srcdir=
+startdir=
+subpackages=
+subpkgdir=
+subpkgname=
+triggers=
+url=
+
+# abuild.conf
+
+CFLAGS=
+CXXFLAGS=
+CPPFLAGS=
+LDFLAGS=
+JOBS=
+MAKEFLAGS=
+CMAKE_CROSSOPTS=
+
+. ./APKBUILD
+
+: "$arch"
+: "$builddir"
+: "$checkdepends"
+: "$depends"
+: "$depends_dev"
+: "$depends_doc"
+: "$depends_libs"
+: "$depends_openrc"
+: "$depends_static"
+: "$install"
+: "$install_if"
+: "$langdir"
+: "$ldpath"
+: "$license"
+: "$makedepends"
+: "$makedepends_build"
+: "$makedepends_host"
+: "$md5sums"
+: "$options"
+: "$patch_args"
+: "$pkgbasedir"
+: "$pkgdesc"
+: "$pkgdir"
+: "$pkgname"
+: "$pkgrel"
+: "$pkgver"
+: "$pkggroups"
+: "$pkgusers"
+: "$provides"
+: "$provider_priority"
+: "$replaces"
+: "$sha256sums"
+: "$sha512sums"
+: "$sonameprefix"
+: "$source"
+: "$srcdir"
+: "$startdir"
+: "$subpackages"
+: "$subpkgdir"
+: "$subpkgname"
+: "$triggers"
+: "$url"
+
+# abuild.conf
+
+: "$CFLAGS"
+: "$CXXFLAGS"
+: "$CPPFLAGS"
+: "$LDFLAGS"
+: "$JOBS"
+: "$MAKEFLAGS"
+: "$CMAKE_CROSSOPTS"
--- a/.gitlab/bin/apkbuild-shellcheck
+++ b/.gitlab/bin/apkbuild-shellcheck
@ -0,0 +1,16 @@
+#!/bin/sh
+
+shellcheck -s ash \
+        -e SC3043 \
+        -e SC3057 \
+        -e SC3060 \
+        -e SC2016 \
+        -e SC2086 \
+        -e SC2169 \
+        -e SC2155 \
+        -e SC2100 \
+        -e SC2209 \
+        -e SC2030 \
+        -e SC2031 \
+        -e SC1090 \
+        -xa $CI_PROJECT_DIR/.gitlab/bin/APKBUILD_SHIM
--- a/.gitlab/bin/build.sh
+++ b/.gitlab/bin/build.sh
@ -0,0 +1,270 @@
+#!/bin/sh
+# shellcheck disable=SC3043
+
+. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
+
+# shellcheck disable=SC3040
+set -eu -o pipefail
+
+readonly APORTSDIR=$CI_PROJECT_DIR
+readonly REPOS="qubes/r4.1"
+readonly ALPINE_REPOS="main community testing"
+readonly ARCH=$(apk --print-arch)
+# gitlab variables
+readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
+
+: "${REPODEST:=$HOME/packages}"
+: "${MIRROR:=https://lab.ilot.io/ayakael/repo-apk/-/raw}"
+: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
+: "${MAX_ARTIFACT_SIZE:=300000000}" #300M
+: "${CI_DEBUG_BUILD:=}"
+
+: "${CI_ALPINE_BUILD_OFFSET:=0}"
+: "${CI_ALPINE_BUILD_LIMIT:=9999}"
+: "${CI_ALPINE_TARGET_ARCH:=$(uname -m)}"
+
+msg() {
+	local color=${2:-green}
+	case "$color" in
+		red) color="31";;
+		green) color="32";;
+		yellow) color="33";;
+		blue) color="34";;
+		*) color="32";;
+	esac
+	printf "\033[1;%sm>>>\033[1;0m %s\n" "$color" "$1" | xargs >&2
+}
+
+verbose() {
+	echo "> " "$@"
+	# shellcheck disable=SC2068
+	$@
+}
+
+debugging() {
+	[ -n "$CI_DEBUG_BUILD" ]
+}
+
+debug() {
+	if debugging; then
+		verbose "$@"
+	fi
+}
+
+die() {
+	msg "$1" red
+	exit 1
+}
+
+capture_stderr() {
+	"$@" 2>&1
+}
+
+report() {
+	report=$1
+
+	reportsdir=$APORTSDIR/logs/
+	mkdir -p "$reportsdir"
+
+	tee -a "$reportsdir/$report.log"
+}
+
+get_release() {
+	local RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}')
+	case $RELEASE in
+		v*) echo "${RELEASE%-*}";;
+		edge) echo edge;;
+		*) die "Branch \"$RELEASE\" not supported!"
+	esac
+}
+
+get_qubes_release() {
+	case $BASEBRANCH in
+		r*) echo $BASEBRANCH;;
+		master) echo r4.2;;
+		*) die "Branch \"$BASEBRANCH\" not supported!"
+	esac
+}
+
+build_aport() {
+	local repo="$1" aport="$2"
+	cd "$APORTSDIR/$aport"
+	if abuild -r 2>&1 | report "build-$aport"; then
+		checkapk | report "checkapk-$aport" || true
+		aport_ok="$aport_ok $aport"
+	else
+		aport_ng="$aport_ng $aport"
+	fi
+}
+
+check_aport() {
+	local repo="$1" aport="$2"
+	cd "$APORTSDIR/$aport"
+	if ! abuild check_arch 2>/dev/null; then
+		aport_na="$aport_na $aport"
+		return 1
+	fi
+}
+
+set_repositories_for() {
+	local target_repo="$1" repos='' repo=''
+	local release
+
+	release=$(get_release)
+	repos="$MIRROR/$release/qubes/$target_repo $REPODEST/qubes-aports"
+	sudo sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
+	sudo apk update || true
+}
+
+apply_offset_limit() {
+	start=$1
+	limit=$2
+	end=$((start+limit))
+
+	sed -n "$((start+1)),${end}p"
+}
+
+setup_system() {
+	local repos='' repo=''
+	local release
+
+	release=$(get_release)
+	for repo in $ALPINE_REPOS; do
+		[ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
+		repos="$repos $ALPINE_MIRROR/$release/$repo"
+	done
+	repos="$repos $MIRROR/$release/cross"
+	sudo sh -c "printf '%s\n' $repos > /etc/apk/repositories"
+	sudo apk -U upgrade -a || sudo apk fix || die "Failed to up/downgrade system"
+	gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
+	gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
+	chmod 700 $HOME/.abuild/$ABUILD_KEY_NAME.rsa
+	echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" >> $HOME/.abuild/abuild.conf
+	sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/$ABUILD_KEY_NAME.rsa.pub
+
+	sudo sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
+	( . /etc/abuild.conf && echo "Building with $JOBS jobs" )
+	mkdir -p "$REPODEST"
+	git config --global init.defaultBranch master
+}
+
+sysinfo() {
+	printf ">>> Host system information (arch: %s, release: %s) <<<\n" "$ARCH" "$(get_release)"
+	printf "- Number of Cores: %s\n" "$(nproc)"
+	printf "- Memory: %s Gb\n" "$(awk '/^MemTotal/ {print ($2/1024/1024)}' /proc/meminfo)"
+	printf "- Free space: %s\n" "$(df -hP / | awk '/\/$/ {print $4}')"
+}
+
+copy_artifacts() {
+	cd "$APORTSDIR"
+
+	packages_size="$(du -sk "$REPODEST" | awk '{print $1 * 1024}')"
+	if [ -z "$packages_size" ]; then
+		return
+	fi
+
+	echo "Artifact size: $packages_size bytes"
+
+	mkdir -p keys/ packages/
+
+	if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then
+		msg "Copying packages for artifact upload"
+		mkdir packages/$CI_ALPINE_TARGET_RELEASE
+		cp -ar "$REPODEST"/* packages/$CI_ALPINE_TARGET_RELEASE 2>/dev/null
+		cp ~/.abuild/*.rsa.pub keys/
+	else
+		msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow
+	fi
+}
+
+section_start setup "Setting up the system" collapse
+
+if debugging; then
+	set -x
+fi
+
+aport_ok=
+aport_na=
+aport_ng=
+failed=
+
+sysinfo || true
+setup_system || die "Failed to setup system"
+
+# git no longer allows to execute in repositories owned by different users
+sudo chown -R $USER: .
+
+fetch_flags="-qn"
+debugging && fetch_flags="-v"
+
+git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
+	"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
+
+if debugging; then
+	merge_base=$(git merge-base "$BASEBRANCH" HEAD) || echo "Could not determine merge-base"
+	echo "Merge base: $merge_base"
+	git --version
+	git config -l
+	[ -n "$merge_base" ] && git tag -f merge-base "$merge_base"
+	git --no-pager log -200 --oneline --graph --decorate --all
+fi
+
+section_end setup
+
+build_start=$CI_ALPINE_BUILD_OFFSET
+build_limit=$CI_ALPINE_BUILD_LIMIT
+
+mkdir -p "$APORTSDIR"/logs "$APORTSDIR"/packages "$APORTSDIR"/keys
+set_repositories_for $(get_qubes_release)
+built_aports=0
+changed_aports_in_repo=$(changed_aports $BASEBRANCH)
+changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
+changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
+
+msg "Changed aports:"
+# shellcheck disable=SC2086 # Splitting is expected here
+printf " - %s\n" $changed_aports_to_build
+for pkgname in $changed_aports_to_build; do
+	section_start "build_$pkgname" "Building package $pkgname"
+	built_aports=$((built_aports+1))
+	if check_aport qubes-aports "$pkgname"; then
+		build_aport qubes-aports "$pkgname"
+	fi
+	section_end "build_$pkgname"
+done
+
+build_start=$((build_start-(changed_aports_in_repo_count-built_aports)))
+build_limit=$((build_limit-built_aports))
+
+if [ $build_limit -le 0 ]; then
+	msg "Limit reached, breaking"
+	break
+fi
+
+section_start artifacts "Handeling artifacts" collapse
+copy_artifacts || true
+section_end artifacts
+
+section_start summary "Build summary"
+
+echo "### Build summary ###"
+
+for ok in $aport_ok; do
+	msg "$ok: build succesfully"
+done
+
+for na in $aport_na; do
+	msg "$na: disabled for $CI_ALPINE_TARGET_ARCH" yellow
+done
+
+for ng in $aport_ng; do
+	msg "$ng: build failed" red
+	failed=true
+done
+section_end summary
+
+if [ "$failed" = true ]; then
+	exit 1
+elif [ -z "$aport_ok" ]; then
+	msg "No packages found to be built." yellow
+fi
--- a/.gitlab/bin/changed-aports
+++ b/.gitlab/bin/changed-aports
@ -0,0 +1,20 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+    echo "Usage: $0 <basebranch>"
+    exit 1
+fi
+
+if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
+    echo "Fatal: not inside a git repository"
+    exit 2
+fi
+
+basebranch=$1
+
+if ! git rev-parse --verify --quiet $basebranch >/dev/null; then
+    # The base branch does not eixst, probably due to a shallow clone
+    git fetch -v $CI_MERGE_REQUEST_PROJECT_URL.git +refs/heads/$basebranch:refs/heads/$basebranch
+fi
+
+git --no-pager diff --diff-filter=ACMR --name-only $basebranch...HEAD -- "*/APKBUILD" | xargs -r -n1 dirname
--- a/.gitlab/bin/functions.sh
+++ b/.gitlab/bin/functions.sh
@ -0,0 +1,63 @@
+# shellcheck disable=SC3043
+
+:
+
+# shellcheck disable=SC3040
+set -eu -o pipefail
+
+changed_aports() {
+	: "${APORTSDIR?APORTSDIR missing}"
+	: "${BASEBRANCH?BASEBRANCH missing}"
+
+	cd "$APORTSDIR"
+	local repo="$1"
+	local aports
+
+	aports=$(git diff --name-only --diff-filter=ACMR \
+		"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
+
+	# shellcheck disable=2086
+	ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
+}
+
+section_start() {
+	name=${1?arg 1 name missing}
+	header=${2?arg 2 header missing}
+	collapsed=$2
+	timestamp=$(date +%s)
+
+	options=""
+	case $collapsed in
+		yes|on|collapsed|true) options="[collapsed=true]";;
+	esac
+
+	printf "\e[0Ksection_start:%d:%s%s\r\e[0K%s\n" "$timestamp" "$name" "$options" "$header"
+}
+
+section_end() {
+	name=$1
+	timestamp=$(date +%s)
+
+	printf "\e[0Ksection_end:%d:%s\r\e[0K" "$timestamp" "$name"
+}
+
+gitlab_key_to_rsa() {
+	KEY=$1
+	TYPE=$2
+	TGT=$3
+	TGT_DIR=${TGT%/*}
+	if [ "$TGT" == "$TGT_DIR" ]; then
+		TGT_DIR="./"
+	fi
+	if [ ! -d "$TGT_DIR" ]; then
+		mkdir -p "$TGT_DIR"
+	fi
+	case $TYPE in
+		rsa-public) local type="PUBLIC";;
+		rsa-private) local type="RSA PRIVATE";;
+	esac
+	echo "-----BEGIN $type KEY-----" > "$TGT"
+	echo $1 | sed 's/.\{64\}/&\
+/g' >> "$TGT"
+	echo "-----END $type KEY-----" >> "$TGT"
+}
--- a/.gitlab/bin/lint
+++ b/.gitlab/bin/lint
@ -0,0 +1,96 @@
+#!/bin/sh
+
+BLUE="\e[34m"
+MAGENTA="\e[35m"
+RESET="\e[0m"
+
+readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
+
+verbose() {
+    echo "> " "$@"
+    # shellcheck disable=SC2068
+    $@
+}
+
+debugging() {
+    [ -n "$CI_DEBUG_BUILD" ]
+}
+
+debug() {
+    if debugging; then
+        verbose "$@"
+    fi
+}
+
+# git no longer allows to execute in repositories owned by different users
+sudo chown -R gitlab-runner: .
+
+fetch_flags="-qn"
+debugging && fetch_flags="-v"
+
+git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
+	"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
+
+if debugging; then
+    merge_base=$(git merge-base "$BASEBRANCH" HEAD)
+    echo "$merge_base"
+    git --version
+    git config -l
+    git tag merge-base "$merge_base" || { echo "Could not determine merge-base"; exit 50; }
+    git log --oneline --graph --decorate --all
+fi
+
+has_problems=0
+
+for PKG in $(changed-aports "$BASEBRANCH"); do
+    printf "$BLUE==>$RESET Linting $PKG\n"
+
+    (
+        cd "$PKG"
+
+        repo=$(basename $(dirname $PKG));
+
+        if [ "$repo" == "backports" ]; then
+			echo "Skipping $PKG as backports (we don't care)"
+			continue
+		fi
+
+        printf "\n\n"
+        printf "$BLUE"
+        printf '======================================================\n'
+        printf "                  parse APKBUILD:\n"
+        printf '======================================================'
+        printf "$RESET\n\n"
+        ( . ./APKBUILD ) || has_problems=1
+
+        printf "\n\n"
+        printf "$BLUE"
+        printf '======================================================\n'
+        printf "                abuild sanitycheck:\n"
+        printf '======================================================'
+        printf "$RESET\n\n"
+        abuild sanitycheck || has_problems=1
+
+        printf "\n\n"
+        printf "$BLUE"
+        printf '======================================================\n'
+        printf "                apkbuild-shellcheck:\n"
+        printf '======================================================'
+        printf "$RESET\n"
+        apkbuild-shellcheck || has_problems=1
+
+        printf "\n\n"
+        printf "$BLUE"
+        printf '======================================================\n'
+        printf "                  apkbuild-lint:\n"
+        printf '======================================================'
+        printf "$RESET\n\n"
+        apkbuild-lint APKBUILD || has_problems=1
+
+        return $has_problems
+    ) || has_problems=1
+
+    echo
+done
+
+exit $has_problems
--- a/.gitlab/bin/push.sh
+++ b/.gitlab/bin/push.sh
@ -0,0 +1,65 @@
+#!/bin/sh
+
+# shellcheck disable=SC3043
+
+. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
+
+# shellcheck disable=SC3040
+set -eu -o pipefail
+
+readonly APORTSDIR=$CI_PROJECT_DIR
+readonly REPOS="backports user"
+readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
+
+export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
+
+gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
+gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
+gitlab_key_to_rsa $SSH_KEY rsa-private $HOME/.ssh/id_rsa
+chmod 700 "$HOME"/.ssh/id_rsa
+chmod 700 "$HOME"/.abuild/$ABUILD_KEY_NAME.rsa
+
+echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" > $HOME/.abuild/abuild.conf
+echo "REPODEST=$HOME/repo-apk/qubes" >> $HOME/.abuild/abuild.conf
+sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/.
+
+get_qubes_release() {
+	case $BASEBRANCH in
+		r*) echo $BASEBRANCH;;
+		master) echo r4.2;;
+		*) die "Branch \"$BASEBRANCH\" not supported!"
+	esac
+}
+
+QUBES_REL=$(get_qubes_release)
+
+for release in $(find packages -type d -maxdepth 1 -mindepth 1 -printf '%f\n'); do
+
+	if [ -d $HOME/repo-apk ]; then
+		git -C $HOME/repo-apk fetch
+		git -C $HOME/repo-apk checkout $release
+		git -C $HOME/repo-apk pull --rebase
+	else
+		git clone git@lab.ilot.io:ayakael/repo-apk -b $release $HOME/repo-apk
+	fi
+
+	for i in $(find packages/$release -type f -name "*.apk"); do
+		install -vDm644 $i ${i/packages\/$release\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL}
+	done
+
+	fetch_flags="-qn"
+	git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
+		"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
+
+	rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true
+	mkdir -p qubes/$QUBES_REL/DUMMY
+	echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD
+	cd qubes/$QUBES_REL/DUMMY
+	abuild index
+	cd "$CI_PROJECT_DIR"
+	rm -R qubes/$QUBES_REL/DUMMY
+
+	git -C $HOME/repo-apk add .
+	git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE"
+	git -C $HOME/repo-apk push
+done
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@
-# qports
-Upstream: https://ayakael.net/forge/qports
+# qubes-aports
+Upstream: https://lab.ilot.io/ayakael/qubes-aports

 ## Description

@ -8,12 +8,8 @@ Linux template. The upstream repo uses GitLab's CI to build and deploy packages
 targetting multiple Alpine Linux versions. QubesOS releases are tracked using
 branches.

-Note for `main` branch: This is currently tracking r4.3 packages, thus are
-experimental. Use this branch at your own risk. For latest r4.2 packages,
-navigate to that branch.
-
 #### Template builder
-The template builder is housed in its [own repo](https://ayakael.net/forge/qubes-builder-alpine)
+The template builder is housed in its [own repo](https://lab.ilot.io/ayakael/qubes-builder-alpine).
 RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate
 installation of your very own Alpine Linux template on QubesOS.

@ -41,25 +37,8 @@ Extra packages
 Omitted packages
  * qubes-vmm-xen - The default Alpine xen package seems to provide the necessary modules

-## How to use
-
-Built packages are made available on a Forgejo-based Alpine repo for you convenience. You can follow these steps to use them:
-
-Add security key of the apk repository to your /etc/apk/keys:
-
-```shell
-cd /etc/apk/keys
-curl -JO https://ayakael.net/api/packages/forge/alpine/key
-```
-Add repository to `/etc/apk/repositories`:
-
-```shell
-echo "https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3" > /etc/apk/repositories
-```
-
-
 #### Known issues
-Known issues are currently being tracked in [qubes-builder-alpine](https://ayakael.net/forge/qubes-builder-alpine/issues)
+Known issues are currently being tracked in [qubes-builder-alpine](https://lab.ilot.io/ayakael/qubes-builder-alpine) repo.

 #### Issues, recommendations and proposals
 **To report an issue or share a recommendation**
--- a/qubes-app-linux-druide-antidote/APKBUILD
+++ b/qubes-app-linux-druide-antidote/APKBUILD
@ -1,9 +1,7 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
-# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-app-linux-druide-antidote
 pkgver=0.0.1_git20240201
 _gittag=c724c88aa2a20b1e422b464499015ff05753316d
-pkgrel=2
+pkgrel=0
 arch="noarch"
 pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file"
 url=https://github.com/neowutran/qubes-app-linux-druide-antidote
@ -13,10 +11,9 @@ depends="bash"
 makedepends="pandoc"
 builddir="$srcdir"/$pkgname-$_gittag

-check() {
+check(){
 	tests/all
 }
-
 package() {
 	make install-vm DESTDIR="$pkgdir/"
 }
--- a/qubes-db-vm/0001-create_pidfile.patch
+++ b/qubes-db-vm/0001-create_pidfile.patch
@ -1,17 +1,17 @@
-diff --git a/daemon/db-daemon.c.orig b/daemon/db-daemon.c
-index bcf77df..c7b1a50 100644
--- a/daemon/db-daemon.c.orig
+From d20a9db122608e0992c9ab6f675920d4bb1ee88f Mon Sep 17 00:00:00 2001
+From: "build@apk-groulx" <build@apk-groulx.praxis>
+Date: Fri, 4 Mar 2022 22:50:19 +0000
+Subject: [PATCH 1/1] create_pidfile
+
+---
+ daemon/db-daemon.c | 11 +++--------
+ 1 file changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/daemon/db-daemon.c b/daemon/db-daemon.c
+index 9934d16..2b28995 100644
+--- a/daemon/db-daemon.c
 +++ b/daemon/db-daemon.c
-@@ -156,7 +156,7 @@ int mainloop(struct db_daemon_data *d) {
-             return 0;
-         }
-         d->multiread_requested = 1;
-        /* wait for complete response */
-+        /* wait for complete rsponse */
-         while (d->multiread_requested) {
-             AcquireSRWLockExclusive(&d->lock);
-             if (!handle_vchan_data(d)) {
-@@ -627,11 +627,8 @@ static int create_pidfile(struct db_daemon_data *d) {
+@@ -618,11 +618,8 @@ int create_pidfile(struct db_daemon_data *d) {
     mode_t old_umask;
     struct stat stat_buf;
 
@ -24,7 +24,7 @@ index bcf77df..c7b1a50 100644
 
     old_umask = umask(0002);
     pidfile = fopen(pidfile_name, "w");
-@@ -652,10 +649,8 @@ static void remove_pidfile(struct db_daemon_data *d) {
+@@ -643,10 +640,8 @@ void remove_pidfile(struct db_daemon_data *d) {
     struct stat stat_buf;
 
     /* no pidfile for VM daemon - service is managed by systemd */
@ -36,12 +36,15 @@ index bcf77df..c7b1a50 100644
 
     if (stat(pidfile_name, &stat_buf) == 0) {
         /* remove pidfile only if it's the one created this process */
-@@ -763,7 +758,7 @@ int fuzz_main(int argc, char **argv) {
+@@ -754,7 +749,7 @@ int fuzz_main(int argc, char **argv) {
                 exit(1);
             case 0:
                 close(ready_pipe[0]);
-                snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name ? d.remote_name : "dom0");
+-                snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name);
 +                snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubes-db.log");
 
                 close(0);
                 old_umask = umask(0);
+-- 
+2.34.1
+
--- a/qubes-db-vm/APKBUILD
+++ b/qubes-db-vm/APKBUILD
@ -1,9 +1,10 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-db-vm
 subpackages="$pkgname-openrc"
-pkgver=4.2.6
-pkgrel=0
+pkgver=4.1.17
+pkgrel=2
 _gittag="v$pkgver"
 pkgdesc="QubesDB libs and daemon service."
 arch="x86_64"
@ -24,7 +25,7 @@ source="
 	qubes-db.openrc
 	"
 builddir="$srcdir"/qubes-core-qubesdb-$pkgver
-subpackages="$pkgname-dev $pkgname-openrc"
+subpackages="$pkgname-dev"

 build() {
 	# Build all with python bindings
@ -43,8 +44,8 @@ package() {
 	install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db
 }
 sha512sums="
-182ae7edb7235a21c45334d8d7aa20a7a9f63056d411fe66fe20d67ea0de7cf63d2a79886016561f69c5f444704f3728ee7b1aa6343f5ce15667ba458c08c9c7  qubes-db-vm-v4.2.6.tar.gz
+dad1580afa7d152551b7292051b624090ce57c006174d7c0f5273f4d9cecadcb70d46547263dcf23131d5f5df921519c9d8ca739acd9f0e9be303b20e73083bb  qubes-db-vm-v4.1.17.tar.gz
 af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207  0001-musl-build.patch
-892eb29b9bab4d9e662678d13a5607df04cdb024c2f28332f40fa4b7c644476a4b26a9fc038dfcdac1e0b8d328165d21d50d894d2c1e27f792287dd57449e7eb  0001-create_pidfile.patch
+ffe9ea8f65b4e164c3a0d1c8762d1e3b39de3799ae3e63f825457d52de49c6522820950e6262deaa9235ad97cd7c60bf1c9a077fff716c4ca9dbd688e9a73c91  0001-create_pidfile.patch
 3d87f82d3637cf10bf1a3058ebbd2590ab17f65d1b49058f62d892f126635497abd5045f6797bc8069e5de08bb6e08fc6146deb6422090ad02122764cc6d72f0  qubes-db.openrc
 "
--- a/qubes-gpg-split/APKBUILD
+++ b/qubes-gpg-split/APKBUILD
@ -1,10 +1,11 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-gpg-split
 subpackages="$pkgname-doc"
-pkgver=2.0.71
+pkgver=2.0.69
 _gittag="v$pkgver"
-pkgrel=0
+pkgrel=2
 pkgdesc="Used Qubes AppVM as a “smart card”"
 arch="x86_64"
 url="https://github.com/QubesOS/qubes-app-linux-split-gpg"
@ -29,7 +30,10 @@ build() {

 package() {
 	make install-vm DESTDIR="$pkgdir"
+
+	# Alpine packaging guidelines: /var/run is a symlink to a tmpfs. Don't create it.
+	rm -r "$pkgdir/var/run"
 }
 sha512sums="
-fb0d2b48e0e742cfb25fd85728370eb3eb02071e94c737ac885919f79dc4e62901b3ce80e06a6233767b71826c967ab1de3ca700edc19a7276a456456deb8ecb  qubes-gpg-split-v2.0.71.tar.gz
+e20b4303934d41d537f4efd3d2811802b5f5c86ac97beb1169d5c302dd150b56a3f6ca5c61788ad5cd8731747aa4f91b79806bf863df427603ba6aebab27448b  qubes-gpg-split-v2.0.69.tar.gz
 "
--- a/qubes-input-proxy/APKBUILD
+++ b/qubes-input-proxy/APKBUILD
@ -1,53 +0,0 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
-# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
-pkgname=qubes-input-proxy
-pkgver=1.0.37
-_gittag=v$pkgver
-pkgrel=2
-pkgdesc="The Qubes service for proxying input devices"
-arch="x86_64"
-url="http://qubes-os.org/"
-license='GPL'
-depends="
-	usbutils
-	qubes-vm-core
-	"
-makedepends="linux-headers"
-subpackages="$pkgname-openrc"
-source="
-	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-input-proxy/archive/refs/tags/$_gittag.tar.gz
-	qubes-input-trigger_use-openrc.patch
-	makefile_skip-systemd.patch
-	qubes-input-sender.openrc
-	"
-builddir="$srcdir"/qubes-app-linux-input-proxy-$pkgver
-
-build() {
-	make all \
-		LIBDIR=/usr/lib \
-		USRLIBDIR=/usr/lib \
-		SYSLIBDIR=/usr/lib
-}
-
-package() {
-	make install-vm \
-		DESTDIR="$pkgdir" \
-		LIBDIR=/usr/lib \
-		USRLIBDIR=/usr/lib \
-		SYSLIBDIR=/usr/lib
-
-	# replace all shebangs with /bin/sh as qubes expects bash
-	# shellcheck disable=SC2013
-	for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
-		sed -i 's|/bin/sh|/bin/bash|' "$i"
-	done
-
-	# move openrc to init.d
-	install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender
-}
-sha512sums="
-0abe75960531c96f2760a462710de2d5e54d95792d719e42d7ae7e2a22b586e4573835584df74ba288e761ed64149f6a951c19301039cf3293621b4032085292  qubes-input-proxy-v1.0.37.tar.gz
-53f898f4d611e0a9be18127cff90ebc3946dc7e270548a84407067b02cb918546e8425c1722a60efb73b93af05c79889eaa16a4c7d596c948fdb9291d218c803  qubes-input-trigger_use-openrc.patch
-21e7b95c94ec1a3f3499e79cf8b1931da2c3e33d8f1af2efe6b52b7e2678d4648bb0597b3a4a95cc10d0ca3cb83df93075b99cf1b615d8493a9e2fd21fb7f8f7  makefile_skip-systemd.patch
-2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299  qubes-input-sender.openrc
-"
--- a/qubes-input-proxy/makefile_skip-systemd.patch
+++ b/qubes-input-proxy/makefile_skip-systemd.patch
@ -1,18 +0,0 @@
-diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
-index 22ec526..bf7e0ea 100644
--- a/qubes-rpc/Makefile.orig
-+++ b/qubes-rpc/Makefile
-@@ -12,13 +12,6 @@ install-dom0:
- 		$(DESTDIR)/etc/qubes-rpc/policy/qubes.InputTablet
- 
- install-vm:
-	install -d $(DESTDIR)$(USRLIBDIR)/systemd/system
-	install -m 0644 \
-		qubes-input-sender-keyboard@.service \
-		qubes-input-sender-keyboard-mouse@.service \
-		qubes-input-sender-mouse@.service \
-		qubes-input-sender-tablet@.service \
-		$(DESTDIR)$(USRLIBDIR)/systemd/system
- 	install -d $(DESTDIR)$(LIBDIR)/udev/rules.d
- 	install -m 0644 qubes-input-proxy.rules \
- 		$(DESTDIR)$(LIBDIR)/udev/rules.d/90-qubes-input-proxy.rules
--- a/qubes-input-proxy/qubes-input-sender.openrc
+++ b/qubes-input-proxy/qubes-input-sender.openrc
@ -1,28 +0,0 @@
-#!/sbin/openrc-run
-  
-name=$RC_SVCNAME
-cfgfile="/etc/qubes/$RC_SVCNAME.conf"
-input="${RC_SVCNAME/*.}"
-svcname="${RC_SVCNAME/.*}."
-type="${RC_SVCNAME%.*}"
-type="${type/$svcname/}"
-type="$(echo $type | sed 's/.*/\u&/')"
-command="/usr/bin/qubes-input-sender"
-command_args="qubes.Input$type /dev/input/$input dom0"
-command_user="root"
-pidfile="/run/qubes/$RC_SVCNAME.pid"
-start_stop_daemon_args=""
-command_background="true"
-output_log="/var/log/qubes/$RC_SVCNAME.log"
-error_log="/var/log/qubes/$RC_SVCNAME.err"
-
-start_pre() {
-        checkpath --directory --owner $command_user:qubes --mode 0775 \
-                /run/qubes \
-		/var/log/qubes \
-		/var/run/qubes
-}
-
-stop_post() {
-	pkill -f "input-proxy-sender /dev/input/$input" || true
-}
--- a/qubes-input-proxy/qubes-input-trigger_use-openrc.patch
+++ b/qubes-input-proxy/qubes-input-trigger_use-openrc.patch
@ -1,92 +0,0 @@
-diff --git a/qubes-rpc/qubes-input-trigger.orig b/qubes-rpc/qubes-input-trigger
-index 5fa0e5a..0dd3773 100755
--- a/qubes-rpc/qubes-input-trigger.orig
-+++ b/qubes-rpc/qubes-input-trigger
-@@ -42,48 +42,68 @@ def get_service_name(udevreturn, input_dev):
-             ('ID_INPUT_TOUCHPAD' in udevreturn) or
-             ('QEMU_USB_Tablet' in udevreturn)
-     ) and 'ID_INPUT_KEY' not in udevreturn:
-        service = 'qubes-input-sender-tablet'
-+        service = 'qubes-input-sender.tablet'
-     # PiKVM "mouse" is special, as it sends absolute events
-     elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_USB_VENDOR=PiKVM' in udevreturn:
-        service = 'qubes-input-sender-tablet'
-+        service = 'qubes-input-sender.tablet'
-     elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' not in udevreturn:
-        service = 'qubes-input-sender-mouse'
-+        service = 'qubes-input-sender.mouse'
-     elif 'ID_INPUT_KEY' in udevreturn and 'ID_INPUT_MOUSE' not in udevreturn:
-        service = 'qubes-input-sender-keyboard'
-+        service = 'qubes-input-sender.keyboard'
-     elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' in udevreturn:
-        service = 'qubes-input-sender-keyboard-mouse'
-+        service = 'qubes-input-sender.keyboardmouse'
- 
-     if service:
-        service = '{}@{}.service'.format(service, input_dev)
-+        service = '{}.{}'.format(service, input_dev)
- 
-     return service
- 
- 
- def handle_service(service, action):
-    retcode = subprocess.call(
-        ["/bin/systemctl", "is-active", "--quiet", "service", service])
-+    serviceFile = os.path.join("/etc/init.d", service)
-+
-+    sudo = []
-+    if os.getuid() != 0:
-+        sudo = ["sudo"]
-+
-     if action == "add":
-        systemctl_action = "start"
-+        # create service link is not created
-+        serviceFile = os.path.join("/etc/init.d", service)
-+        if not os.path.exists(serviceFile):
-+            subprocess.call(
-+                ["/bin/ln", "-s", "/etc/init.d/qubes-input-sender", serviceFile])
-+
-         # Ignore if service is already started
-+        retcode = subprocess.call(
-+            ["/sbin/rc-service","--quiet", service, "status"])
-         if retcode == 0:
-             return
-+
-+        subprocess.call(
-+            sudo + ["/sbin/service", service, "start"])
-+
-     elif action == "remove":
-        systemctl_action = "stop"
-+        # Ignore if service does not exist
-+        if not os.path.exists(serviceFile):
-+            return
-+
-         # Ignore if service is not active
-        if retcode != 0:
-+        retcode = subprocess.call(
-+            ["/sbin/rc-service", "--quiet", service, "status"])
-+        if retcode == 3:
-             return
-+
-+        subprocess.call(
-+            sudo + ["/sbin/service", service, "stop"])
-+
-+        # remove ln once stopped
-+        if os.path.exists(serviceFile):
-+            subprocess.call(
-+                sudo + ["/bin/rm", serviceFile])
-     else:
-         print("Unknown action: %s" % action)
-         sys.exit(1)
- 
-    sudo = []
-    if os.getuid() != 0:
-        sudo = ["sudo"]
-
-    subprocess.call(
-        sudo + ["/bin/systemctl", "--no-block", systemctl_action, service])
-
-
- def handle_event(input_dev, action, dom0):
-     udevreturn = None
-     if 'event' in input_dev:  # if filename contains 'event'
--- a/qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch
+++ b/qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch
@ -17,7 +17,7 @@ diff --git a/vchan/Makefile.linux b/vchan/Makefile.linux
 index 281f2b5..587cb34 100644
 --- a/vchan/Makefile.linux
 +++ b/vchan/Makefile.linux
-@@ -27,6 +27,10 @@ CFLAGS += -g -Wall -Wextra -Werror -fPIC -O2 -D_GNU_SOURCE -MD -MP -MF $@.dep
+@@ -27,6 +27,11 @@ CFLAGS += -g -Wall -Wextra -Werror -fPIC -O2 -D_GNU_SOURCE -D_FORTIFY_SOURCE=2 -
 all: libvchan-xen.so vchan-xen.pc
 -include *.dep
 
@ -25,9 +25,10 @@ index 281f2b5..587cb34 100644
 +XENCTRL_VERSION := $(shell pkg-config --modversion xencontrol)
 +CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \
 +                  sort -CV; then echo -DHAVE_XC_DOMAIN_GETINFO_SINGLE; fi)
- SO_VER = 1
- 
- libvchan-xen.so.$(SO_VER): init.o io.o
+
+ libvchan-xen.so : init.o io.o
+ 	$(CC) $(LDFLAGS) -shared -o libvchan-xen.so $^ -lxenvchan -lxenctrl
+ clean:
 diff --git a/vchan/io.c b/vchan/io.c
 index 3d0ed35..0c23223 100644
 --- a/vchan/io.c
@ -57,3 +58,4 @@ index 3d0ed35..0c23223 100644
     else if (ret == -1 && errno == ESRCH)
         return 0;
     /* otherwise fallback to xc_evtchn_status method */
+
--- a/qubes-libvchan-xen/APKBUILD
+++ b/qubes-libvchan-xen/APKBUILD
@ -1,8 +1,9 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-libvchan-xen
-pkgver=4.2.3
-pkgrel=2
+pkgver=4.1.13
+pkgrel=4
 _gittag=v$pkgver
 pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM."
 arch="x86_64"
@ -13,7 +14,10 @@ makedepends="xen-dev coreutils"
 builddir="$srcdir"/qubes-core-vchan-xen-$pkgver
 subpackages="$pkgname-dev"

-source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz"
+source="
+	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz
+	39_support-changed-libxenctrl-api-xen418.patch
+	"

 build() {
 	cd "$builddir"/vchan
@ -25,5 +29,6 @@ package() {
 }

 sha512sums="
-cbdeb025a7bd0c837cb079708b4cfc3b1eda10482999b1eeda33a1cfa2869a4a629d99dd556f9a8b9d83f4b5df9d686b8c524d2093a3bafac35df2192bf2983d  qubes-libvchan-xen-v4.2.3.tar.gz
+cefb6b89f75936d791910d2169170536221d3123a1b33a14bea1fc5c08950ce934666719bf08eb3cc86ac055f85e6834f71e21c31189fa7299af09296c3cd99f  qubes-libvchan-xen-v4.1.13.tar.gz
+fedcba617d3843e41f257ff16b0a3108af844184252d4e702df8eccba21a4ef17d62c96acdb87bb4964e783b7f2f026305777be3379e7e7b51f4535a4704b52a  39_support-changed-libxenctrl-api-xen418.patch
 "
--- a/qubes-meta-packages/APKBUILD
+++ b/qubes-meta-packages/APKBUILD
@ -1,13 +1,14 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-meta-packages
 subpackages="
 	qubes-vm-dependencies
 	qubes-vm-recommended
 	"
-pkgver=4.3.0
+pkgver=4.1.24
 _gittag="v$pkgver"
-pkgrel=0
+pkgrel=2
 pkgdesc="Meta packages for Qubes-specific components"
 arch="noarch"
 url="https://github.com/QubesOS/qubes-meta-packages"
@ -38,5 +39,5 @@ recommended() {
 	mkdir -p "$subpkgdir"
 }
 sha512sums="
-7567bc7edd6a17315bb5a968ff512a7758ef9697d11ed5200f8ffefe7069b0ebbbb790bffdc7a8717b9707c24309bb6d83cfc6306eb1d48724480af36ba95594  qubes-meta-packages-v4.3.0
+5dfbdbc5a7fa3ae352d5c9de6822869065ebb1601880348ebb69fc1f91092bd3be333d5d8409575649d76412acce326f643ed5f95e07c2ac9b3f82a0dcc84293  qubes-meta-packages-v4.1.24
 "
--- a/qubes-pass/APKBUILD
+++ b/qubes-pass/APKBUILD
@ -1,9 +1,10 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-pass
 pkgver=0.1.0
 _gittag="v$pkgver"
-pkgrel=4
+pkgrel=2
 pkgdesc="An inter-VM password manager for Qubes OS"
 arch="noarch"
 url="https://github.com/Rudd-O/qubes-pass"
@ -14,21 +15,11 @@ makedepends="
 	pkgconf
 	"
 options="!check"
-subpackages="$pkgname-service"
-source="
-	$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz
-	service-passquery.sh
-	"
+source="$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz"

 package() {
 	make install-client DESTDIR="$pkgdir"
 }
-
-service() {
-	make -C "$builddir" install-service DESTDIR="$subpkgdir"
-	install -Dm755 "$srcdir"/service-passquery.sh "$subpkgdir"/etc/qubes-rpc/ruddo.PassQuery
-}
 sha512sums="
 b304bf8e6b8d04e7df4b52a02984ab03b6f3221c9178f1d91c99cab61e8b5ded45500b51de6d89aa76f4e73c0a3670ce6d07649c0ac159d048c3f0ac736c4d63  qubes-pass-v0.1.0.tar.gz
-77807ba7bd8e1627785358ef2f9e165712ef41ef76f11e7a7b989b1057f462abc433df96265c6c7d669f81e39d89de0f7ea3dcbb207c5a7a22738b843fd7e160  service-passquery.sh
 "
--- a/qubes-pass/service-passquery.sh
+++ b/qubes-pass/service-passquery.sh
@ -1,13 +0,0 @@
-#!/bin/bash
-
-set -e
-
-read -n 4096 cmd
-cmd=$(echo "$cmd" | base64 -d)
-
-if [ "$cmd" == "list-files" ] ; then
-  
-  logger -t ruddo.PassQuery "requested password file list"
-  exec pass git ls-files | sed -e '/.gitattributes/d' -e '/.gpg-id/d' 
-
-fi
--- a/qubes-usb-proxy/APKBUILD
+++ b/qubes-usb-proxy/APKBUILD
@ -1,7 +1,8 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-usb-proxy
-pkgver=1.3.0
+pkgver=1.1.5
 _gittag="v$pkgver"
 pkgrel=2
 pkgdesc="The Qubes service for proxying USB devices"
@ -18,10 +19,7 @@ makedepends="
 	make
 	pkgconf
 	"
-source="
-	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz
-	usb-import-alpine-udevadm.patch
-	"
+source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz"
 builddir="$srcdir"/qubes-app-linux-usb-proxy-${_gittag/v}

 package() {
@ -29,14 +27,10 @@ package() {

 	# replace all shebangs with /bin/sh as qubes expects bash
 	# shellcheck disable=SC2013
-	for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
+	for i in $(grep '/bin/sh' -Rl .); do
 		sed -i 's|/bin/sh|/bin/bash|' "$i"
 	done
-
-	mkdir -p "$pkgdir"/etc/modules-load.d
-	echo "vhci-hcd" > "$pkgdir"/etc/modules-load.d/qubes-usb-proxy.conf
 }
 sha512sums="
-822718decff8d2d15e56208b51603d3104cacb42981576985c2955e2bb73a66119397359314ebb6e6b52e3985b4d797e02b1074faf40aa6ca9cce067c753d830  qubes-usb-proxy-v1.3.0.tar.gz
-c6519982f7eef8586ee823dc96efa7b1b90f489114edcc348bc5221837090d19a2a3533eac83e3269ba68c2cf24447c018e0ac850ed1423a1280ebae364223fa  usb-import-alpine-udevadm.patch
+27d28faec2ab9cc9df1e361dac244bc1b10afc406860ca2e3fc2dff3b666c6adaed615625aeba785918f8e08cffb215ef028698a178d795e586740caf1566fc9  qubes-usb-proxy-v1.1.5.tar.gz
 "
--- a/qubes-usb-proxy/usb-import-alpine-udevadm.patch
+++ b/qubes-usb-proxy/usb-import-alpine-udevadm.patch
@ -1,27 +0,0 @@
-diff --git a/src/usb-import.orig b/src/usb-import
-index 7b17799..e718795 100755
--- a/src/usb-import.orig
-+++ b/src/usb-import
-@@ -95,7 +95,7 @@ wait_for_attached() {
-             ERROR "Attach timeout, check kernel log for details."
-         fi
-     done
-    [ -f "/usr/bin/udevadm" ] && udevadm settle
-+    [ -f "/bin/udevadm" ] && udevadm settle
- }
- 
- wait_for_detached() {
-diff --git a/src/usb-export.orig b/src/usb-export
-index ad2ab2b..37cff16 100755
--- a/src/usb-export.orig
-+++ b/src/usb-export
-@@ -110,8 +110,7 @@ if [ -n "$attach_to_usbip" ]; then
-     echo "$busid" > "$SYS_USBIP_HOST/bind" || exit 1
- 
-     # optionally reset the device to clear any state from previous driver
-    reset_on_attach=$(udevadm info --query=property \
-        --value --property=QUBES_USB_RESET --path="$devpath")
-+    reset_on_attach=$(udevadm info --query=property --path="$devpath" |  awk -F "=" '{if($1=="QUBES_USB_RESET"){print $2}}' )
-     if [ -f /run/qubes-service/usb-reset-on-attach ]; then
-         reset_on_attach=1
-     fi
--- a/qubes-vm-core/APKBUILD
+++ b/qubes-vm-core/APKBUILD
@ -1,15 +1,15 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-vm-core
 subpackages="
 	qubes-vm-networking:networking:noarch
 	qubes-vm-passwordless-root:root:noarch
 	$pkgname-openrc
 	$pkgname-doc
-	$pkgname-pyc
 	"
-pkgver=4.3.4
-pkgrel=2
+pkgver=4.1.44
+pkgrel=6
 _gittag="v$pkgver"
 pkgdesc="The Qubes core files for installation inside a Qubes VM."
 arch="x86_64"
@ -17,9 +17,8 @@ url="https://github.com/QubesOS/qubes-core-agent-linux"
 license="GPL"
 options="!check" # No testsuite
 depends="
-	blkid
 	coreutils
-	dbus-x11
+	blkid
 	dconf
 	desktop-file-utils
 	device-mapper
@ -28,7 +27,6 @@ depends="
 	e2fsprogs-extra
 	ethtool
 	fakeroot
-	findutils
 	gawk
 	grep
 	haveged
@ -41,10 +39,10 @@ depends="
 	py3-dbus
 	py3-gobject3
 	py3-xdg
+	python3
 	qubes-db-vm
 	qubes-libvchan-xen
 	qubes-vm-utils
-	rsvg-convert
 	sed
 	socat
 	xdg-utils
@ -75,10 +73,7 @@ source="
 	qubes-sysinit.openrc
 	qubes-updates-proxy-forwarder.openrc
 	qubes-updates-proxy.openrc
-	apk-proxy.sh
 	qvm-sync-clock.sh
-	setupip-do-not-use-systemctl.patch
-	silence-stringop-overread-error.patch
 	"
 builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v}

@ -117,9 +112,6 @@ package() {
 	make -C network DESTDIR="$pkgdir" install
 	install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/.
 	install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/.
-	install -Dm644 "$srcdir"/apk-proxy.sh "$pkgdir"/etc/profile.d/apk-proxy.sh
-	install -dm755 "$pkgdir"/etc/bash
-	ln -s /etc/profile.d/apk-proxy.sh "$pkgdir"/etc/bash/apk-proxy.sh

 	for i in $source; do
 		case $i in
@ -129,6 +121,7 @@ package() {
 				"$pkgdir"/etc/conf.d/${i%.*};;
 		esac
 	done
+
 }


@ -150,6 +143,7 @@ networking() {
 		net-tools
 		networkmanager
 		nftables
+		python3
 		qubes-db-vm
 		qubes-vm-core
 		qubes-vm-utils
@ -167,17 +161,14 @@ root() {
 	make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
 }
 sha512sums="
-2fa1274cf52d3a81308685dd2522e3787b97bf74135a2333a2271882b498ac600e3f862d6f07dec387864407951423913114a1c7c10ef0d51bb96c23c5dc2cf7  qubes-vm-core-v4.3.4.tar.gz
+34ba5d84fa621ff25e8a9cc0d6ca69ee25bc7dbf37f13b08ccec13692ec9ebb8b12732878464e7e2909366de68727bdb66f960692be41e5186126701dfe861dd  qubes-vm-core-v4.1.44.tar.gz
 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155  qubes-core-early.openrc
 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07  qubes-core-netvm.openrc
 da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca  qubes-core.openrc
 8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0  qubes-firewall.openrc
 437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f  qubes-iptables.openrc
 e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30  qubes-sysinit.openrc
-99ec0afc167866727072606aa183f0c7a539e68e0d8b9a57f6b9c129d3722c9135e1487eef438807d7138af0e669fb14608cbc1f1d5620ee9e995f294a8929f8  qubes-updates-proxy-forwarder.openrc
+b1e8af2335955e52cf1817c56296f94f8c472e68d7a17a28f516fe4f5fa8a8053d4f9333efbb007a82a06f9442a4a6cfe5f9c751de07f337e47ee04cb18b9395  qubes-updates-proxy-forwarder.openrc
 29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c  qubes-updates-proxy.openrc
-517d59e4699c24f23ccd59f5d4be3a519a426eee99d742c637fe1a9e69caa073621f4e9362c30182ba5a1a3eb0a769070c96e2c6b24cd8366a1f8f450a0b1c01  apk-proxy.sh
 cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d  qvm-sync-clock.sh
-eb59321c800e65ce873085a1105b1b697d2a8ecaefcdaa8280a81d0082c0022653ecd746c7ec37e2c544265892afb77531effa17b0fa6c45a6a86925b513bdea  setupip-do-not-use-systemctl.patch
-6b96edf070706da596e7abcb9fe6419fbf17eecb46cbd65aeceea83d078458efaedfadec33021253c2bd1b356a85fa721316fa18d5a535491004046ba2c812d3  silence-stringop-overread-error.patch
 "
--- a/qubes-vm-core/apk-proxy.sh
+++ b/qubes-vm-core/apk-proxy.sh
@ -1,5 +0,0 @@
-# Use the update proxy over the QubesOS RPC for apk
-# /etc/init.d/qubes-updates-proxy-forwarder creates the socket to the proxy
-alias apk='https_proxy="http://127.0.0.1:8082/" http_proxy="http://127.0.0.1:8082/"  apk'
-# allow aliases with sudo
-alias sudo='sudo '
--- a/qubes-vm-core/qubes-updates-proxy-forwarder.openrc
+++ b/qubes-vm-core/qubes-updates-proxy-forwarder.openrc
@ -1,34 +1,116 @@
-#!/sbin/openrc-run
+#!/bin/bash
+#
 # Updates proxy forwarder     Startup script for the updates proxy forwarder
+#
+# chkconfig: 345 85 15
 # description: forwards connection to updates proxy over Qubes RPC
-# The clients should use the below shell variable exports:
-#   http_proxy="http://127.0.0.1:8082/"
-#   https_proxy="http://127.0.0.1:8082/"
-# For apk, see the /etc/profile.d/apk-proxy.sh alias
+#
+# processname: ncat
+# pidfile:     /var/run/qubes-updates-proxy-forwarder.pid
+#

-name=$RC_SVCNAME
-cfgfile="/etc/qubes/$RC_SVCNAME.conf"
-command="/bin/busybox"
-command_args="nc -lk -s 127.0.0.1 -p 8082 -e /usr/bin/qrexec-client-vm @default qubes.UpdatesProxy"
-command_user="root"
-pidfile="/run/qubes/$RC_SVCNAME.pid"
-command_background="yes"
-output_log="/var/log/qubes/$RC_SVCNAME.log"
-error_log="/var/log/qubes/$RC_SVCNAME.err"
+# Source function library.
+# shellcheck disable=SC1091
+. /etc/init.d/functions.sh

-depend() {
-    need qubes-qrexec-agent
-    need net
+# Source Qubes library.
+# shellcheck source=init/functions
+. /usr/lib/qubes/init/functions
+
+# Check that networking is up.
+[ "$NETWORKING" = "no" ] && exit 0
+
+exec="/usr/bin/ncat"
+prog=$(basename $exec)
+pidfile="/var/run/qubes-updates-proxy-forwarder.pid"
+
+# shellcheck disable=SC1091
+[ -e /etc/sysconfig/qubes-updates-proxy-forwarder ] && . /etc/sysconfig/qubes-updates-proxy-forwarder
+
+lockfile=/var/lock/subsys/qubes-updates-proxy-forwarder
+
+start() {
+    have_qubesdb || return
+
+    if ! qsvc updates-proxy-setup ; then
+        # updates proxy configuration disabled
+        exit 0
+    fi
+
+    if qsvc qubes-updates-proxy ; then
+        # updates proxy running here too, avoid looping traffic back to itself
+        exit 0
+    fi
+
+    [ -x $exec ] || exit 5
+
+    echo -n $"Starting $prog (as Qubes updates proxy forwarder): "
+    # shellcheck disable=SC2016
+    start-stop-daemon \
+        --exec $exec \
+        --pidfile "$pidfile" \
+        --make-pidfile \
+        --background \
+        --start \
+        -- \
+        -k -l -e 'qrexec-client-vm $default qubes.UpdatesProxy'
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && touch $lockfile
+    return $retval
 }

-start_pre() {
-    checkpath --directory --owner $command_user:qubes --mode 0775 \
-              /run/qubes \
-	      /var/log/qubes \
-	      /var/run/qubes
-    # TODO should fail if qubes-update-proxy is running
-    # if qsvc qubes-updates-proxy ; then
-    #     # updates proxy running here too, avoid looping traffic back to itself
-    #     exit 0
-    # fi
+stop() {
+    echo -n $"Stopping $prog: "
+    killproc -p $pidfile "$prog"
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && rm -f $lockfile
+    return $retval
 }
+
+restart() {
+    stop
+    start
+}
+
+force_reload() {
+    restart
+}
+
+rh_status() {
+    status "$prog"
+}
+
+rh_status_q() {
+    rh_status >/dev/null 2>&1
+}
+
+case "$1" in
+    start)
+        rh_status_q && exit 0
+        $1
+        ;;
+    stop)
+        rh_status_q || exit 0
+        $1
+        ;;
+    restart)
+        $1
+        ;;
+    force-reload)
+        force_reload
+        ;;
+    status)
+        rh_status
+        ;;
+    condrestart|try-restart)
+        rh_status_q || exit 0
+        restart
+        ;;
+    *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|force-reload}"
+        exit 2
+esac
+exit $?
+
--- a/qubes-vm-core/setupip-do-not-use-systemctl.patch
+++ b/qubes-vm-core/setupip-do-not-use-systemctl.patch
@ -1,20 +0,0 @@
-diff --git a/network/setup-ip.orig b/network/setup-ip
-index 9126f90..c1f401c 100755
--- a/network/setup-ip.orig
-+++ b/network/setup-ip
-@@ -244,15 +244,6 @@ if [ "$ACTION" == "add" ]; then
- 
-         primary_dns=$(/usr/bin/qubesdb-read /qubes-primary-dns 2>/dev/null) || primary_dns=
-         secondary_dns=$(/usr/bin/qubesdb-read /qubes-secondary-dns 2>/dev/null) || secondary_dns=
-        /lib/systemd/systemd-sysctl \
-            "--prefix=/net/ipv4/conf/all" \
-            "--prefix=/net/ipv4/neigh/all" \
-            "--prefix=/net/ipv6/conf/all" \
-            "--prefix=/net/ipv6/neigh/all" \
-            "--prefix=/net/ipv4/conf/$INTERFACE" \
-            "--prefix=/net/ipv4/neigh/$INTERFACE" \
-            "--prefix=/net/ipv6/conf/$INTERFACE" \
-            "--prefix=/net/ipv6/neigh/$INTERFACE"
- 
-         if [ -n "$ip4" ]; then
-             # If NetworkManager is enabled, let it configure the network
--- a/qubes-vm-core/silence-stringop-overread-error.patch
+++ b/qubes-vm-core/silence-stringop-overread-error.patch
@ -1,13 +0,0 @@
-diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
-index 63bd924..e5973e6 100644
--- a/qubes-rpc/Makefile.orig
-+++ b/qubes-rpc/Makefile
-@@ -11,7 +11,7 @@ ifneq ($(DEBUG),0)
- DEBUG_FLAGS := -g
- endif
- CPPFLAGS := -I.
-CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie $(CFLAGS)
-+CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie -Wno-stringop-overread $(CFLAGS)
- LDFLAGS := $(DEBUG_FLAGS) -pie $(LDFLAGS)
- LDLIBS := -lqubes-rpc-filecopy
- 
--- a/qubes-vm-core/sudo-aliases.sh
+++ b/qubes-vm-core/sudo-aliases.sh
@ -1,2 +0,0 @@
-# allow aliases with sudo
-alias sudo='sudo '
--- a/qubes-vm-gui-dev/APKBUILD
+++ b/qubes-vm-gui-dev/APKBUILD
@ -1,9 +1,10 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-vm-gui-dev
-pkgver=4.2.4
+pkgver=4.1.1
 _gittag="v$pkgver"
-pkgrel=4
+pkgrel=3
 pkgdesc="Common files for Qubes GUI - protocol headers."
 arch="noarch"
 url="https://github.com/QubesOS/qubes-gui-common"
@ -18,5 +19,5 @@ package() {
 	cp include/*.h $pkgdir/usr/include/
 }
 sha512sums="
-be9d71abc991d6d2dabaf17f647a5cf2a73b947f15fc36117e309d493f4f6a7e151d9ab6f6df8bd99ac33ea873413a47f72aeb98bf6b7b4ed2a217c8fbd0bd51  qubes-vm-gui-dev-v4.2.4.tar.gz
+2d962822413b1e4da6ef9303bce9b25e179829080a4ab96aeb7b274682c32b4620201d1de9c177346ab8d80913ae5e5384792b301d350850408fa790cb77d641  qubes-vm-gui-dev-v4.1.1.tar.gz
 "
--- a/qubes-vm-gui/0001-initd-fix.patch
+++ b/qubes-vm-gui/0001-initd-fix.patch
@ -1,13 +1,22 @@
-diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
-index 76e0227..268cb00 100755
--- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig
+From 7f7914fc2d0957012f1c4b130b0e442d43110c7d Mon Sep 17 00:00:00 2001
+From: "build@apk-groulx" <build@apk-groulx.praxis>
+Date: Sat, 5 Mar 2022 00:59:30 +0000
+Subject: [PATCH 1/1] initd fix
+
+---
+ appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
+index dc0a578..4c9623a 100755
+--- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
 +++ b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
-@@ -25,7 +25,7 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
+@@ -23,4 +23,4 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
     gui_opts="$gui_opts -vv"
 fi
 
 -echo "GUI_OPTS=$gui_opts" >> /var/run/qubes-service-environment
 +echo "GUI_OPTS=\"$gui_opts\"" >> /var/run/qubes-service-environment
- 
- # 2**30
- echo 1073741824 > /sys/module/xen_gntalloc/parameters/limit
+-- 
+2.34.1
+
--- a/qubes-vm-gui/APKBUILD
+++ b/qubes-vm-gui/APKBUILD
@ -1,12 +1,10 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-vm-gui
-subpackages="
-	qubes-vm-pulseaudio
-	qubes-vm-pipewire
-	$pkgname-openrc"
-pkgver=4.2.16
-pkgrel=0
+subpackages="qubes-vm-pulseaudio $pkgname-openrc"
+pkgver=4.1.31
+pkgrel=3
 _gittag="v$pkgver"
 pkgdesc="The Qubes GUI Agent for AppVMs"
 arch="x86_64"
@ -28,12 +26,10 @@ makedepends="
 	libxcomposite-dev
 	libxt
 	linux-pam-dev
-	lsb-release-minimal
 	make
 	patch
 	pixman
 	pkgconf
-	pipewire-dev
 	pulseaudio-dev
 	qubes-db-vm
 	qubes-db-vm-dev
@ -51,7 +47,6 @@ source="
 	qubes-gui-agent.openrc
 	qubes-sessions.sh
 	qubes-gui-agent.pam
-	qubes-sessions_do-not-use-systemd.patch
 	"
 builddir="$srcdir"/qubes-gui-agent-linux-${_gittag/v}
 _qubes_backend_vmm=xen
@ -102,25 +97,11 @@ pulseaudio() {
 	cd "$builddir"
 	make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
 }
-
-pipewire() {
-	pkgdesc="PipeWire support for Qubes VM."
-	depends="pipewire"
-
-	cd "$builddir"
-	make install-pipewire \
-		"DESTDIR=$subpkgdir" \
-		LIBDIR=/usr/lib \
-		USRLIBDIR=/usr/lib \
-		SYSLIBDIR=/usr/lib
-}
-
 sha512sums="
-38e63b09f62b07785c199d71959d8c7387b75509b9b234cae1325f700509f8f2afcc1acaf8766c22768acb4508cbb8fed80da04c974eeafd9f1099e5a37893f2  qubes-vm-gui-v4.2.16.tar.gz
+6a72fde5b3c1c6025b13b58340bb8d3eccab05050c8cbe3741d7c18ca48826e45a3df3716d77e2dd733c119ff8db5d920faa73f05cb94049306a0dad6f58349f  qubes-vm-gui-v4.1.31.tar.gz
 f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d  0001-musl-build.patch
-01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6  0001-initd-fix.patch
+262b93b4ea172926dc18b7af372168ff3f645a02db1529cb73af3d5aa6252a75500bfbd95344a835bbf646e753018d0e27885e41a03f06247226a485edb5e028  0001-initd-fix.patch
 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194  qubes-gui-agent.openrc
 bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0  qubes-sessions.sh
 b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7  qubes-gui-agent.pam
-5d44bed65772e0300cfdb5960327ccff923159f1c0c6b980a3b37758a7330f5d8befa3c053990f6e5e7d2e71bf0eca047040439446a8b91bb1c2672e9e1497a0  qubes-sessions_do-not-use-systemd.patch
 "
--- a/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch
+++ b/qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch
@ -1,21 +0,0 @@
-diff --git a/appvm-scripts/usrbin/qubes-session.orig b/appvm-scripts/usrbin/qubes-session
-index cacac4b..e5bedc2 100755
--- a/appvm-scripts/usrbin/qubes-session.orig
-+++ b/appvm-scripts/usrbin/qubes-session
-@@ -27,16 +27,6 @@
- 
- loginctl activate "$XDG_SESSION_ID"
- 
-# Now import the environment from the systemd user session.
-# This is necessary to enable users to configure their
-# Qubes environment using the standard environment.d
-# facility.  Documentation for the facility is at:
-# https://www.freedesktop.org/software/systemd/man/environment.d.html
-set -a # export all variables
-env=$(systemctl --user show-environment) && eval "$env" || exit
-set +a
-
-
- if qsvc guivm-gui-agent; then
-     if [ -e "$HOME/.xinitrc" ]; then
-         . "$HOME/.xinitrc"
--- a/qubes-vm-qrexec/APKBUILD
+++ b/qubes-vm-qrexec/APKBUILD
@ -1,10 +1,11 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-vm-qrexec
-subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc"
-pkgver=4.2.21
+subpackages="$pkgname-openrc $pkgname-doc"
+pkgver=4.1.22
 _gittag="v$pkgver"
-pkgrel=0
+pkgrel=3
 pkgdesc="The Qubes qrexec files (qube side)"
 arch="x86_64"
 url="https://github.com/QubesOS/qubes-core-qrexec"
@ -32,7 +33,7 @@ prepare() {
 	default_prepare
 	# remove all -Werror
 	msg "Eradicating -Werror..."
-	find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror*. //g' {} +
+	find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror//g' {} +
 }

 build() {
@ -52,8 +53,8 @@ package() {
 	install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent
 }
 sha512sums="
-756d349e9322da6fd96e737c3f4430b503abba90ac0a6ca6b9b92cbce656f4e714c4e39aff7b9cfc302629ff15011e5ca7d8e273840b314b78d1f5823ff00c6c  qubes-vm-qrexec-v4.2.21.tar.gz
+c4d993dae87446fe73f390bdf0aa3bcfacce1a630b1f0e5f20c6ea7710c14cd9a7a0a66a66e5731dee47c6958c659e61b3c0ebea5a99a31317a52fb326650a2f  qubes-vm-qrexec-v4.1.22.tar.gz
 e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f  qubes-qrexec-agent.openrc
-3cbe66c8251d0cbe078d78ac9a2aef2d6c095c4f514ff0aab69dd724dee7488cf84dff4af2210d8a2298a052db49e85b0e38ac45456a8aa9bd1e4a7de0311b69  makefile-remove-cc-cflags.patch
+e48a06778a880915827fb2ef3e38379eb2bc6cf63f7fed79472be4732f7110b0c642c7a62a43236f53404ce69afddd40a5bc92a984403aae74caae1580c31200  makefile-remove-cc-cflags.patch
 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13  agent-qrexec-fork-server-undef-fortify-source.patch
 "
--- a/qubes-vm-qrexec/makefile-remove-cc-cflags.patch
+++ b/qubes-vm-qrexec/makefile-remove-cc-cflags.patch
@ -2,13 +2,6 @@ diff --git a/Makefile.orig b/Makefile
 index ade10bf..7de05a4 100644
 --- a/Makefile.orig
 +++ b/Makefile
-@@ -1,6 +1,4 @@
- MAKEFLAGS=-r
-CC ?= gcc
-CFLAGS += -Werror=strict-prototypes -Werror=old-style-definition -Werror=missing-declarations -Werror=missing-prototypes
- PYTHON ?= python3
- export PYTHON CC MAKEFLAGS CFLAGS
- 
@@ -26,7 +24,7 @@ all-base:
 	$(PYTHON) setup.py build
 .PHONY: all-base
--- a/qubes-vm-utils/APKBUILD
+++ b/qubes-vm-utils/APKBUILD
@ -1,12 +1,12 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+
 pkgname=qubes-vm-utils
 subpackages="
 	qubes-vm-kernel-support:support:noarch
 	$pkgname-openrc
-	$pkgname-pyc
 	"
-pkgver=4.3.3
+pkgver=4.1.19
 pkgrel=2
 _gittag="v$pkgver"
 pkgdesc="Common Linux files for Qubes VM."
@ -23,7 +23,6 @@ makedepends="
 	make
 	pkgconfig
 	py3-setuptools
-	icu-dev
 	qubes-libvchan-xen-dev
 	xen-dev
 	"
@ -59,6 +58,6 @@ support() {
 	install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh
 }
 sha512sums="
-95da1f511bb30bca2f895111d91f901a8d17077ea5bf6a363891557e24f3a7bc40b2450eae476932b2450749ff8a94dd78c7590bef428c7ba2d647ebbcf5a86b  qubes-vm-utils-v4.3.3.tar.gz
+adfa6190af80e8ff92b899056370b8e820820154dcbad2d141debc72a6f122d94894eb0ffd5f56715db8ff7c3166c63b8832a78f70c35d86d42af071297b7d35  qubes-vm-utils-v4.1.19.tar.gz
 aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3  qubes-meminfo-writer.openrc
 "
Author	SHA1	Message	Date
Antoine Martin	b2d3f186f4	qubes-app-linux-druide-antidote: new aport	2024-02-01 14:18:08 -05:00
Antoine Martin	6d48b785ff	qubes-libvchan-xen: rebuild againt xen v4.18	2023-12-07 20:01:21 -05:00
Antoine Martin	597e7886a3	*: bump pkgrel	2023-11-28 11:19:45 -05:00
Antoine Martin	7b0bcd1550	gitlab-ci: add v3.19 build	2023-11-28 11:18:20 -05:00
Antoine Martin	960293833e	*: bump pkgrel	2023-08-30 15:48:04 -04:00
Antoine Martin	6d4cb0f4f1	gltlab-ci: implement target multiple Alpine releases	2023-08-30 15:47:59 -04:00
Antoine Martin	8d0f7b55ce	Update README.md	2023-08-27 17:19:12 +00:00
Antoine Martin	4f4c87063f	qubes-vm-core: add missing depends	2023-08-26 15:29:43 -04:00
Antoine Martin	54447345b4	qubes-vm-gui: fix pam.d install	2023-08-26 14:08:50 -04:00
Antoine Martin	14b2ac8af5	qubes-vm-core: add eudev depend	2023-08-25 16:40:54 -04:00
Antoine Martin	e1f435d938	Add readme	2023-08-16 00:43:05 -04:00
Antoine Martin	cc3a7230e9	qubes-vm-core: fix lsb depend	2023-08-16 00:27:39 -04:00
Antoine Martin	51e314e969	qubes-vm-core: fix build	2023-08-16 00:12:52 -04:00
Antoine Martin	d366575faa	qubes-vm-qrexec: fix build	2023-08-16 00:12:48 -04:00