Compare commits

..

13 commits

49 changed files with 803 additions and 1039 deletions

View file

@ -1,35 +0,0 @@
#!/bin/bash
# expects the following env variables:
# downstream: downstream repo
repo=${downstream/*\/}
curl --silent $downstream/x86_64/APKINDEX.tar.gz | tar -O -zx APKINDEX > APKINDEX
owned_by_you=$(awk -v RS= -v ORS="\n\n" '/m:Antoine Martin \(ayakael\) <dev@ayakael.net>/' APKINDEX | awk -F ':' '{if($1=="o"){print $2}}' | sort | uniq)
echo "Found $(printf '%s\n' $owned_by_you | wc -l ) packages owned by you"
rm -f out_of_date not_in_anitya
for pkg in $owned_by_you; do
if [ $CHECK_LATEST -eq 1 ]; then
upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].version')
else
upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_version')
fi
downstream_version=$(sed -n "/^P:$pkg$/,/^$/p" APKINDEX | awk -F ':' '{if($1=="V"){print $2}}' | sort -V | tail -n 1)
downstream_version=${downstream_version/-*}
if [ -z "$upstream_version" ]; then
echo "$pkg not in anitya"
echo "$pkg" >> not_in_anitya
elif [ "$downstream_version" != "$(printf '%s\n' $upstream_version $downstream_version | sort -V | head -n 1)" ]; then
echo "$pkg higher downstream"
continue
elif [ "$upstream_version" != "$downstream_version" ]; then
echo "$pkg upstream version $upstream_version does not match downstream version $downstream_version"
echo "$pkg $downstream_version $upstream_version $repo" >> out_of_date
fi
done

View file

@ -1,165 +0,0 @@
#!/bin/bash
# expects:
# env variable FORGEJO_TOKEN
# file out_of_date
IFS='
'
repo=${downstream/*\/}
does_it_exist() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
query="$repo/$name: upgrade to $upstream_version"
query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )"
result="$(curl --silent -X 'GET' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN"
)"
if [ "$result" == "[]" ]; then
return 1
fi
}
is_it_old() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
query="$repo/$name: upgrade to"
query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )"
result="$(curl --silent -X 'GET' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN"
)"
result_title="$(echo $result | jq -r '.[].title' )"
result_id="$(echo $result | jq -r '.[].number' )"
result_upstream_version="$(echo $result_title | awk '{print $4}')"
if [ "$upstream_version" != "$result_upstream_version" ]; then
echo $result_id
else
echo 0
fi
}
update_title() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
id=$5
result=$(curl --silent -X 'PATCH' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$id" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"title\": \"$repo/$name: upgrade to $upstream_version\"
}"
)
return 0
}
create_issue() {
name=$1
downstream_version=$2
upstream_version=$3
repo=$4
result=$(curl --silent -X 'POST' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"title\": \"$repo/$name: upgrade to $upstream_version\",
\"labels\": [
$LABEL_NUMBER
]
}")
return 0
}
if [ -f out_of_date ]; then
out_of_date="$(cat out_of_date)"
echo "Detected $(wc -l out_of_date) out-of-date packages, creating issues"
for pkg in $out_of_date; do
name="$(echo $pkg | awk '{print $1}')"
downstream_version="$(echo $pkg | awk '{print $2}')"
upstream_version="$(echo $pkg | awk '{print $3}')"
repo="$(echo $pkg | awk '{print $4}')"
if does_it_exist $name $downstream_version $upstream_version $repo; then
echo "Issue for $repo/$name already exists"
continue
fi
id=$(is_it_old $name $downstream_version $upstream_version $repo)
if [ "$id" != "0" ] && [ -n "$id" ]; then
echo "Issue for $repo/$name needs updating"
update_title $name $downstream_version $upstream_version $repo $id
continue
fi
echo "Creating issue for $repo/$name"
create_issue $name $downstream_version $upstream_version $repo
done
fi
if [ -f not_in_anitya ]; then
query="Add missing $repo packages to anitya"
query="$(echo $query | sed 's| |%20|g')"
result="$(curl --silent -X 'GET' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN"
)"
if [ "$result" == "[]" ]; then
echo "Creating anitya issue"
result=$(curl --silent -X 'POST' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"title\": \"Add missing $repo packages to anitya\",
\"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\",
\"labels\": [
$LABEL_NUMBER
]
}")
else
echo "Updating anitya issue"
result_id="$(echo $result | jq -r '.[].number' )"
result=$(curl --silent -X 'PATCH' \
"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$result_id" \
-H 'accept: application/json' \
-H "authorization: Basic $FORGEJO_TOKEN" \
-H 'Content-Type: application/json' \
-d "{
\"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\"
}"
)
fi
fi

View file

@ -1,33 +0,0 @@
#!/bin/sh
# shellcheck disable=SC3040
set -eu -o pipefail
readonly BASEBRANCH=$CI_ALPINE_TARGET
readonly TARGET_REPO=$CI_ALPINE_REPO
get_qubes_release() {
case $GITHUB_BASE_REF in
r*) echo $GITHUB_BASE_REF;;
main) echo r4.3;;
esac
}
readonly QUBES_REL=$(get_qubes_release)
apkgs=$(find package -type f -name "*.apk")
for apk in $apkgs; do
arch=$(echo $apk | awk -F '/' '{print $3}')
name=$(echo $apk | awk -F '/' '{print $4}')
echo "Sending $name of arch $arch to $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL"
return=$(curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL 2>&1)
echo $return
if [ "$return" == "package file already exists" ]; then
echo "Package already exists, refreshing..."
curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN -X DELETE $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL/$arch/$name
curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL
fi
done

View file

@ -1,52 +0,0 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
build-edge:
runs-on: x86_64
container:
image: alpinelinux/alpine-gitlab-ci:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
CI_ALPINE_TARGET: edge
steps:
- name: Environment setup
run: |
doas apk add nodejs git patch curl
cd /etc/apk/keys
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
- name: Repo pull
uses: actions/checkout@v4
with:
fetch-depth: 500
- name: Package build
run: ${{ github.workspace }}/.forgejo/bin/build.sh
- name: Package upload
uses: forgejo/upload-artifact@v3
with:
name: package
path: packages
deploy-edge:
needs: [build-edge]
runs-on: x86_64
container:
image: alpine:latest
env:
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
CI_ALPINE_TARGET: edge
steps:
- name: Setting up environment
run: apk add nodejs curl findutils git gawk
- name: Repo pull
uses: actions/checkout@v4
- name: Package download
uses: forgejo/download-artifact@v3
- name: Package deployment
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

View file

@ -1,52 +0,0 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
build-v3.20:
runs-on: x86_64
container:
image: alpinelinux/alpine-gitlab-ci:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
CI_ALPINE_TARGET: v3.20
steps:
- name: Environment setup
run: |
doas apk add nodejs git patch curl
cd /etc/apk/keys
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
- name: Repo pull
uses: actions/checkout@v4
with:
fetch-depth: 500
- name: Package build
run: ${{ github.workspace }}/.forgejo/bin/build.sh
- name: Package upload
uses: forgejo/upload-artifact@v3
with:
name: package
path: packages
deploy-v3.20:
needs: [build-v3.20]
runs-on: x86_64
container:
image: alpine:latest
env:
CI_ALPINE_TARGET: v3.20
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
steps:
- name: Setting up environment
run: apk add nodejs curl findutils git gawk
- name: Repo pull
uses: actions/checkout@v4
- name: Package download
uses: forgejo/download-artifact@v3
- name: Package deployment
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

View file

@ -1,52 +0,0 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
build-v3.21:
runs-on: x86_64
container:
image: alpinelinux/alpine-gitlab-ci:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
CI_ALPINE_TARGET: v3.21
steps:
- name: Environment setup
run: |
doas apk add nodejs git patch curl
cd /etc/apk/keys
doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
- name: Repo pull
uses: actions/checkout@v4
with:
fetch-depth: 500
- name: Package build
run: ${{ github.workspace }}/.forgejo/bin/build.sh
- name: Package upload
uses: forgejo/upload-artifact@v3
with:
name: package
path: packages
deploy-v3.21:
needs: [build-v3.21]
runs-on: x86_64
container:
image: alpine:latest
env:
CI_ALPINE_TARGET: v3.21
CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
steps:
- name: Setting up environment
run: apk add nodejs curl findutils git gawk
- name: Repo pull
uses: actions/checkout@v4
- name: Package download
uses: forgejo/download-artifact@v3
- name: Package deployment
run: ${{ github.workspace }}/.forgejo/bin/deploy.sh

View file

@ -1,28 +0,0 @@
on:
workflow_dispatch:
schedule:
- cron: '0 5 * * *'
jobs:
check-r4.2:
name: Check user repo
runs-on: x86_64
container:
image: alpine:latest
env:
downstream: https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.2
FORGEJO_TOKEN: ${{ secrets.forgejo_token }}
LABEL_NUMBER: 9
CHECK_LATEST: 0
steps:
- name: Environment setup
run: apk add grep coreutils gawk curl wget bash nodejs git jq sed
- name: Get scripts
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Check out-of-date packages
run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh
- name: Create issues
run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh

View file

@ -1,28 +0,0 @@
on:
workflow_dispatch:
schedule:
- cron: '0 5 * * *'
jobs:
check-r4.3:
name: Check user repo
runs-on: x86_64
container:
image: alpine:latest
env:
downstream: https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3
FORGEJO_TOKEN: ${{ secrets.forgejo_token }}
LABEL_NUMBER: 9
CHECK_LATEST: 1
steps:
- name: Environment setup
run: apk add grep coreutils gawk curl wget bash nodejs git jq sed
- name: Get scripts
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Check out-of-date packages
run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh
- name: Create issues
run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh

View file

@ -1,21 +0,0 @@
on:
pull_request:
types: [ assigned, opened, synchronize, reopened ]
jobs:
lint:
run-name: lint
runs-on: x86_64
container:
image: alpinelinux/apkbuild-lint-tools:latest
env:
CI_PROJECT_DIR: ${{ github.workspace }}
CI_DEBUG_BUILD: ${{ runner.debug }}
CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
steps:
- run: doas apk add nodejs git
- uses: actions/checkout@v4
with:
fetch-depth: 500
- run: lint

80
.gitlab-ci.yml Normal file
View file

@ -0,0 +1,80 @@
stages:
- verify
- build
- deploy
variables:
GIT_STRATEGY: clone
GIT_DEPTH: "500"
lint:
stage: verify
interruptible: true
script:
- |
sudo apk add shellcheck atools sudo abuild
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
lint
allow_failure: true
only:
- merge_requests
tags:
- apk-v3.18-x86_64
.build:
stage: build
interruptible: true
script:
- |
sudo apk add alpine-sdk lua-aports sudo
sudo addgroup $USER abuild
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
sudo -Eu $USER build.sh
artifacts:
paths:
- packages/
- keys/
- logs/
expire_in: 7 days
only:
- merge_requests
build-v3.18:
extends: .build
when: always
variables:
CI_ALPINE_TARGET_RELEASE: v3.18
tags:
- apk-$CI_ALPINE_TARGET_RELEASE-x86_64
build-v3.19:
extends: .build
when: always
variables:
CI_ALPINE_TARGET_RELEASE: v3.19
tags:
- apk-$CI_ALPINE_TARGET_RELEASE-x86_64
build-edge:
extends: .build
when: always
variables:
CI_ALPINE_TARGET_RELEASE: edge
tags:
- apk-$CI_ALPINE_TARGET_RELEASE-x86_64
push:
interruptible: true
stage: deploy
script:
- |
sudo apk add abuild git-lfs findutils
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
push.sh
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
when: manual
tags:
- repo

111
.gitlab/bin/APKBUILD_SHIM Executable file
View file

@ -0,0 +1,111 @@
#!/bin/sh
set -e
arch=
builddir=
checkdepends=
depends=
depends_dev=
depends_doc=
depends_libs=
depends_openrc=
depends_static=
install=
install_if=
langdir=
ldpath=
license=
makedepends=
makedepends_build=
makedepends_host=
md5sums=
options=
patch_args=
pkgbasedir=
pkgdesc=
pkgdir=
pkgname=
pkgrel=
pkgver=
pkggroups=
pkgusers=
provides=
provider_priority=
replaces=
sha256sums=
sha512sums=
sonameprefix=
source=
srcdir=
startdir=
subpackages=
subpkgdir=
subpkgname=
triggers=
url=
# abuild.conf
CFLAGS=
CXXFLAGS=
CPPFLAGS=
LDFLAGS=
JOBS=
MAKEFLAGS=
CMAKE_CROSSOPTS=
. ./APKBUILD
: "$arch"
: "$builddir"
: "$checkdepends"
: "$depends"
: "$depends_dev"
: "$depends_doc"
: "$depends_libs"
: "$depends_openrc"
: "$depends_static"
: "$install"
: "$install_if"
: "$langdir"
: "$ldpath"
: "$license"
: "$makedepends"
: "$makedepends_build"
: "$makedepends_host"
: "$md5sums"
: "$options"
: "$patch_args"
: "$pkgbasedir"
: "$pkgdesc"
: "$pkgdir"
: "$pkgname"
: "$pkgrel"
: "$pkgver"
: "$pkggroups"
: "$pkgusers"
: "$provides"
: "$provider_priority"
: "$replaces"
: "$sha256sums"
: "$sha512sums"
: "$sonameprefix"
: "$source"
: "$srcdir"
: "$startdir"
: "$subpackages"
: "$subpkgdir"
: "$subpkgname"
: "$triggers"
: "$url"
# abuild.conf
: "$CFLAGS"
: "$CXXFLAGS"
: "$CPPFLAGS"
: "$LDFLAGS"
: "$JOBS"
: "$MAKEFLAGS"
: "$CMAKE_CROSSOPTS"

16
.gitlab/bin/apkbuild-shellcheck Executable file
View file

@ -0,0 +1,16 @@
#!/bin/sh
shellcheck -s ash \
-e SC3043 \
-e SC3057 \
-e SC3060 \
-e SC2016 \
-e SC2086 \
-e SC2169 \
-e SC2155 \
-e SC2100 \
-e SC2209 \
-e SC2030 \
-e SC2031 \
-e SC1090 \
-xa $CI_PROJECT_DIR/.gitlab/bin/APKBUILD_SHIM

View file

@ -1,25 +1,27 @@
#!/bin/sh
# shellcheck disable=SC3043
. /usr/local/lib/functions.sh
. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
# shellcheck disable=SC3040
set -eu -o pipefail
readonly APORTSDIR=$CI_PROJECT_DIR
readonly REPOS="main community testing"
readonly REPOS="qubes/r4.1"
readonly ALPINE_REPOS="main community testing"
readonly ARCH=$(apk --print-arch)
# gitlab variables
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
: "${REPODEST:=$HOME/packages}"
: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}"
: "${MIRROR:=https://lab.ilot.io/ayakael/repo-apk/-/raw}"
: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
: "${MAX_ARTIFACT_SIZE:=300000000}" #300M
: "${CI_DEBUG_BUILD:=}"
: "${CI_ALPINE_BUILD_OFFSET:=0}"
: "${CI_ALPINE_BUILD_LIMIT:=9999}"
: "${CI_ALPINE_TARGET_ARCH:=$(uname -m)}"
msg() {
local color=${2:-green}
@ -68,48 +70,38 @@ report() {
}
get_release() {
echo $CI_ALPINE_TARGET
local RELEASE=$(echo $CI_RUNNER_TAGS | awk -F '-' '{print $2}')
case $RELEASE in
v*) echo "${RELEASE%-*}";;
edge) echo edge;;
*) die "Branch \"$RELEASE\" not supported!"
esac
}
get_qubes_release() {
case $BASEBRANCH in
r*) echo $BASEBRANCH;;
main) echo r4.3;;
master) echo r4.2;;
*) die "Branch \"$BASEBRANCH\" not supported!"
esac
}
changed_aports() {
: "${APORTSDIR?APORTSDIR missing}"
: "${BASEBRANCH?BASEBRANCH missing}"
cd "$APORTSDIR"
local aports
aports=$(git diff --name-only --diff-filter=ACMR \
"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
# shellcheck disable=2086
ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
}
build_aport() {
local repo="$1" aport="$2"
cd "$APORTSDIR/$repo/$aport"
cd "$APORTSDIR/$aport"
if abuild -r 2>&1 | report "build-$aport"; then
checkapk 2>&1 | report "checkapk-$aport" || true
aport_ok="$aport_ok $repo/$aport"
checkapk | report "checkapk-$aport" || true
aport_ok="$aport_ok $aport"
else
aport_ng="$aport_ng $repo/$aport"
aport_ng="$aport_ng $aport"
fi
}
check_aport() {
local repo="$1" aport="$2"
cd "$APORTSDIR/$repo/$aport"
cd "$APORTSDIR/$aport"
if ! abuild check_arch 2>/dev/null; then
aport_na="$aport_na $repo/$aport"
aport_na="$aport_na $aport"
return 1
fi
}
@ -119,14 +111,9 @@ set_repositories_for() {
local release
release=$(get_release)
for repo in qubes-$(get_qubes_release); do
[ "$repo" = "non-free" ] && continue
[ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue
repos="$repos $MIRROR/$release/$repo $REPODEST/$repo"
[ "$repo" = "$target_repo" ] && break
done
doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
doas apk update || true
repos="$MIRROR/$release/qubes/$target_repo $REPODEST/qubes-aports"
sudo sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
sudo apk update || true
}
apply_offset_limit() {
@ -142,15 +129,21 @@ setup_system() {
local release
release=$(get_release)
for repo in $REPOS; do
for repo in $ALPINE_REPOS; do
[ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
repos="$repos $ALPINE_MIRROR/$release/$repo"
done
doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system"
abuild-keygen -ain
doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
( . /usr/share/abuild/default.conf; . /etc/abuild.conf; echo "Building with ${JOBS-1} jobs" )
repos="$repos $MIRROR/$release/cross"
sudo sh -c "printf '%s\n' $repos > /etc/apk/repositories"
sudo apk -U upgrade -a || sudo apk fix || die "Failed to up/downgrade system"
gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
chmod 700 $HOME/.abuild/$ABUILD_KEY_NAME.rsa
echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" >> $HOME/.abuild/abuild.conf
sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/$ABUILD_KEY_NAME.rsa.pub
sudo sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
( . /etc/abuild.conf && echo "Building with $JOBS jobs" )
mkdir -p "$REPODEST"
git config --global init.defaultBranch master
}
@ -176,7 +169,8 @@ copy_artifacts() {
if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then
msg "Copying packages for artifact upload"
cp -ar "$REPODEST"/* packages/ 2>/dev/null
mkdir packages/$CI_ALPINE_TARGET_RELEASE
cp -ar "$REPODEST"/* packages/$CI_ALPINE_TARGET_RELEASE 2>/dev/null
cp ~/.abuild/*.rsa.pub keys/
else
msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow
@ -198,7 +192,7 @@ sysinfo || true
setup_system || die "Failed to setup system"
# git no longer allows to execute in repositories owned by different users
doas chown -R buildozer: .
sudo chown -R $USER: .
fetch_flags="-qn"
debugging && fetch_flags="-v"
@ -220,6 +214,7 @@ section_end setup
build_start=$CI_ALPINE_BUILD_OFFSET
build_limit=$CI_ALPINE_BUILD_LIMIT
mkdir -p "$APORTSDIR"/logs "$APORTSDIR"/packages "$APORTSDIR"/keys
set_repositories_for $(get_qubes_release)
built_aports=0
changed_aports_in_repo=$(changed_aports $BASEBRANCH)
@ -232,12 +227,20 @@ printf " - %s\n" $changed_aports_to_build
for pkgname in $changed_aports_to_build; do
section_start "build_$pkgname" "Building package $pkgname"
built_aports=$((built_aports+1))
if check_aport . "$pkgname"; then
build_aport . "$pkgname"
if check_aport qubes-aports "$pkgname"; then
build_aport qubes-aports "$pkgname"
fi
section_end "build_$pkgname"
done
build_start=$((build_start-(changed_aports_in_repo_count-built_aports)))
build_limit=$((build_limit-built_aports))
if [ $build_limit -le 0 ]; then
msg "Limit reached, breaking"
break
fi
section_start artifacts "Handeling artifacts" collapse
copy_artifacts || true
section_end artifacts
@ -251,7 +254,7 @@ for ok in $aport_ok; do
done
for na in $aport_na; do
msg "$na: disabled for $ARCH" yellow
msg "$na: disabled for $CI_ALPINE_TARGET_ARCH" yellow
done
for ng in $aport_ng; do
@ -265,4 +268,3 @@ if [ "$failed" = true ]; then
elif [ -z "$aport_ok" ]; then
msg "No packages found to be built." yellow
fi

20
.gitlab/bin/changed-aports Executable file
View file

@ -0,0 +1,20 @@
#!/bin/sh
if [ $# -lt 1 ]; then
echo "Usage: $0 <basebranch>"
exit 1
fi
if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
echo "Fatal: not inside a git repository"
exit 2
fi
basebranch=$1
if ! git rev-parse --verify --quiet $basebranch >/dev/null; then
# The base branch does not eixst, probably due to a shallow clone
git fetch -v $CI_MERGE_REQUEST_PROJECT_URL.git +refs/heads/$basebranch:refs/heads/$basebranch
fi
git --no-pager diff --diff-filter=ACMR --name-only $basebranch...HEAD -- "*/APKBUILD" | xargs -r -n1 dirname

63
.gitlab/bin/functions.sh Executable file
View file

@ -0,0 +1,63 @@
# shellcheck disable=SC3043
:
# shellcheck disable=SC3040
set -eu -o pipefail
changed_aports() {
: "${APORTSDIR?APORTSDIR missing}"
: "${BASEBRANCH?BASEBRANCH missing}"
cd "$APORTSDIR"
local repo="$1"
local aports
aports=$(git diff --name-only --diff-filter=ACMR \
"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
# shellcheck disable=2086
ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
}
section_start() {
name=${1?arg 1 name missing}
header=${2?arg 2 header missing}
collapsed=$2
timestamp=$(date +%s)
options=""
case $collapsed in
yes|on|collapsed|true) options="[collapsed=true]";;
esac
printf "\e[0Ksection_start:%d:%s%s\r\e[0K%s\n" "$timestamp" "$name" "$options" "$header"
}
section_end() {
name=$1
timestamp=$(date +%s)
printf "\e[0Ksection_end:%d:%s\r\e[0K" "$timestamp" "$name"
}
gitlab_key_to_rsa() {
KEY=$1
TYPE=$2
TGT=$3
TGT_DIR=${TGT%/*}
if [ "$TGT" == "$TGT_DIR" ]; then
TGT_DIR="./"
fi
if [ ! -d "$TGT_DIR" ]; then
mkdir -p "$TGT_DIR"
fi
case $TYPE in
rsa-public) local type="PUBLIC";;
rsa-private) local type="RSA PRIVATE";;
esac
echo "-----BEGIN $type KEY-----" > "$TGT"
echo $1 | sed 's/.\{64\}/&\
/g' >> "$TGT"
echo "-----END $type KEY-----" >> "$TGT"
}

96
.gitlab/bin/lint Executable file
View file

@ -0,0 +1,96 @@
#!/bin/sh
BLUE="\e[34m"
MAGENTA="\e[35m"
RESET="\e[0m"
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
verbose() {
echo "> " "$@"
# shellcheck disable=SC2068
$@
}
debugging() {
[ -n "$CI_DEBUG_BUILD" ]
}
debug() {
if debugging; then
verbose "$@"
fi
}
# git no longer allows to execute in repositories owned by different users
sudo chown -R gitlab-runner: .
fetch_flags="-qn"
debugging && fetch_flags="-v"
git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
if debugging; then
merge_base=$(git merge-base "$BASEBRANCH" HEAD)
echo "$merge_base"
git --version
git config -l
git tag merge-base "$merge_base" || { echo "Could not determine merge-base"; exit 50; }
git log --oneline --graph --decorate --all
fi
has_problems=0
for PKG in $(changed-aports "$BASEBRANCH"); do
printf "$BLUE==>$RESET Linting $PKG\n"
(
cd "$PKG"
repo=$(basename $(dirname $PKG));
if [ "$repo" == "backports" ]; then
echo "Skipping $PKG as backports (we don't care)"
continue
fi
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " parse APKBUILD:\n"
printf '======================================================'
printf "$RESET\n\n"
( . ./APKBUILD ) || has_problems=1
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " abuild sanitycheck:\n"
printf '======================================================'
printf "$RESET\n\n"
abuild sanitycheck || has_problems=1
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " apkbuild-shellcheck:\n"
printf '======================================================'
printf "$RESET\n"
apkbuild-shellcheck || has_problems=1
printf "\n\n"
printf "$BLUE"
printf '======================================================\n'
printf " apkbuild-lint:\n"
printf '======================================================'
printf "$RESET\n\n"
apkbuild-lint APKBUILD || has_problems=1
return $has_problems
) || has_problems=1
echo
done
exit $has_problems

65
.gitlab/bin/push.sh Executable file
View file

@ -0,0 +1,65 @@
#!/bin/sh
# shellcheck disable=SC3043
. $CI_PROJECT_DIR/.gitlab/bin/functions.sh
# shellcheck disable=SC3040
set -eu -o pipefail
readonly APORTSDIR=$CI_PROJECT_DIR
readonly REPOS="backports user"
readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
gitlab_key_to_rsa $SSH_KEY rsa-private $HOME/.ssh/id_rsa
chmod 700 "$HOME"/.ssh/id_rsa
chmod 700 "$HOME"/.abuild/$ABUILD_KEY_NAME.rsa
echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" > $HOME/.abuild/abuild.conf
echo "REPODEST=$HOME/repo-apk/qubes" >> $HOME/.abuild/abuild.conf
sudo cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/.
get_qubes_release() {
case $BASEBRANCH in
r*) echo $BASEBRANCH;;
master) echo r4.2;;
*) die "Branch \"$BASEBRANCH\" not supported!"
esac
}
QUBES_REL=$(get_qubes_release)
for release in $(find packages -type d -maxdepth 1 -mindepth 1 -printf '%f\n'); do
if [ -d $HOME/repo-apk ]; then
git -C $HOME/repo-apk fetch
git -C $HOME/repo-apk checkout $release
git -C $HOME/repo-apk pull --rebase
else
git clone git@lab.ilot.io:ayakael/repo-apk -b $release $HOME/repo-apk
fi
for i in $(find packages/$release -type f -name "*.apk"); do
install -vDm644 $i ${i/packages\/$release\/qubes-aports/$HOME\/repo-apk\/qubes\/$QUBES_REL}
done
fetch_flags="-qn"
git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
rm $HOME/repo-apk/qubes/$QUBES_REL/*/APKINDEX.tar.gz || true
mkdir -p qubes/$QUBES_REL/DUMMY
echo "pkgname=DUMMY" > qubes/$QUBES_REL/DUMMY/APKBUILD
cd qubes/$QUBES_REL/DUMMY
abuild index
cd "$CI_PROJECT_DIR"
rm -R qubes/$QUBES_REL/DUMMY
git -C $HOME/repo-apk add .
git -C $HOME/repo-apk commit -m "Update from $CI_MERGE_REQUEST_IID - $CI_MERGE_REQUEST_TITLE"
git -C $HOME/repo-apk push
done

View file

@ -1,5 +1,5 @@
# qports
Upstream: https://ayakael.net/forge/qports
# qubes-aports
Upstream: https://lab.ilot.io/ayakael/qubes-aports
## Description
@ -8,12 +8,8 @@ Linux template. The upstream repo uses GitLab's CI to build and deploy packages
targetting multiple Alpine Linux versions. QubesOS releases are tracked using
branches.
Note for `main` branch: This is currently tracking r4.3 packages, thus are
experimental. Use this branch at your own risk. For latest r4.2 packages,
navigate to that branch.
#### Template builder
The template builder is housed in its [own repo](https://ayakael.net/forge/qubes-builder-alpine)
The template builder is housed in its [own repo](https://lab.ilot.io/ayakael/qubes-builder-alpine).
RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate
installation of your very own Alpine Linux template on QubesOS.
@ -41,25 +37,8 @@ Extra packages
Omitted packages
* qubes-vmm-xen - The default Alpine xen package seems to provide the necessary modules
## How to use
Built packages are made available on a Forgejo-based Alpine repo for you convenience. You can follow these steps to use them:
Add security key of the apk repository to your /etc/apk/keys:
```shell
cd /etc/apk/keys
curl -JO https://ayakael.net/api/packages/forge/alpine/key
```
Add repository to `/etc/apk/repositories`:
```shell
echo "https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3" > /etc/apk/repositories
```
#### Known issues
Known issues are currently being tracked in [qubes-builder-alpine](https://ayakael.net/forge/qubes-builder-alpine/issues)
Known issues are currently being tracked in [qubes-builder-alpine](https://lab.ilot.io/ayakael/qubes-builder-alpine) repo.
#### Issues, recommendations and proposals
**To report an issue or share a recommendation**

View file

@ -1,25 +0,0 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-app-linux-druide-antidote
pkgver=0.0.1_git20240201
_gittag=c724c88aa2a20b1e422b464499015ff05753316d
pkgrel=3
arch="noarch"
pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file"
url=https://github.com/neowutran/qubes-app-linux-druide-antidote
license="GPL-3.0-only"
source="$pkgname-$_gittag.tar.gz::https://github.com/neowutran/qubes-app-linux-druide-antidote/archive/$_gittag.tar.gz"
depends="bash"
makedepends="pandoc"
builddir="$srcdir"/$pkgname-$_gittag
check() {
tests/all
}
package() {
make install-vm DESTDIR="$pkgdir/"
}
sha512sums="
e3597804bdcea25b2938aa325dfe9495f5bcde47c8515c7680c19882120e065d0a9ef8d120545ff3c9966b84a329cf87c5b993380510311ec8b5d9f5a8b35833 qubes-app-linux-druide-antidote-c724c88aa2a20b1e422b464499015ff05753316d.tar.gz
"

View file

@ -1,17 +1,17 @@
diff --git a/daemon/db-daemon.c.orig b/daemon/db-daemon.c
index bcf77df..c7b1a50 100644
--- a/daemon/db-daemon.c.orig
From d20a9db122608e0992c9ab6f675920d4bb1ee88f Mon Sep 17 00:00:00 2001
From: "build@apk-groulx" <build@apk-groulx.praxis>
Date: Fri, 4 Mar 2022 22:50:19 +0000
Subject: [PATCH 1/1] create_pidfile
---
daemon/db-daemon.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/daemon/db-daemon.c b/daemon/db-daemon.c
index 9934d16..2b28995 100644
--- a/daemon/db-daemon.c
+++ b/daemon/db-daemon.c
@@ -156,7 +156,7 @@ int mainloop(struct db_daemon_data *d) {
return 0;
}
d->multiread_requested = 1;
- /* wait for complete response */
+ /* wait for complete rsponse */
while (d->multiread_requested) {
AcquireSRWLockExclusive(&d->lock);
if (!handle_vchan_data(d)) {
@@ -627,11 +627,8 @@ static int create_pidfile(struct db_daemon_data *d) {
@@ -618,11 +618,8 @@ int create_pidfile(struct db_daemon_data *d) {
mode_t old_umask;
struct stat stat_buf;
@ -24,7 +24,7 @@ index bcf77df..c7b1a50 100644
old_umask = umask(0002);
pidfile = fopen(pidfile_name, "w");
@@ -652,10 +649,8 @@ static void remove_pidfile(struct db_daemon_data *d) {
@@ -643,10 +640,8 @@ void remove_pidfile(struct db_daemon_data *d) {
struct stat stat_buf;
/* no pidfile for VM daemon - service is managed by systemd */
@ -36,12 +36,15 @@ index bcf77df..c7b1a50 100644
if (stat(pidfile_name, &stat_buf) == 0) {
/* remove pidfile only if it's the one created this process */
@@ -763,7 +758,7 @@ int fuzz_main(int argc, char **argv) {
@@ -754,7 +749,7 @@ int fuzz_main(int argc, char **argv) {
exit(1);
case 0:
close(ready_pipe[0]);
- snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name ? d.remote_name : "dom0");
- snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name);
+ snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubes-db.log");
close(0);
old_umask = umask(0);
--
2.34.1

View file

@ -1,9 +1,10 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-db-vm
subpackages="$pkgname-openrc"
pkgver=4.2.7
pkgrel=0
pkgver=4.1.17
pkgrel=2
_gittag="v$pkgver"
pkgdesc="QubesDB libs and daemon service."
arch="x86_64"
@ -24,7 +25,7 @@ source="
qubes-db.openrc
"
builddir="$srcdir"/qubes-core-qubesdb-$pkgver
subpackages="$pkgname-dev $pkgname-openrc"
subpackages="$pkgname-dev"
build() {
# Build all with python bindings
@ -39,12 +40,12 @@ build() {
package() {
# Install all with python bindings
make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/usr/sbin
make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/sbin
install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db
}
sha512sums="
f45fe0716395efa3c077498ff5eb3d0ec8c748ad7f77dee1641167ff93278ac30e117fcdc2d42f4befef8ce05776900172b565a8d443ddc1298cd48f62132b73 qubes-db-vm-v4.2.7.tar.gz
dad1580afa7d152551b7292051b624090ce57c006174d7c0f5273f4d9cecadcb70d46547263dcf23131d5f5df921519c9d8ca739acd9f0e9be303b20e73083bb qubes-db-vm-v4.1.17.tar.gz
af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207 0001-musl-build.patch
892eb29b9bab4d9e662678d13a5607df04cdb024c2f28332f40fa4b7c644476a4b26a9fc038dfcdac1e0b8d328165d21d50d894d2c1e27f792287dd57449e7eb 0001-create_pidfile.patch
6f48b4bee6a3517bdbb884bd6f7e21916e8438c5e8b8d9d1b1cfffe970c4549d941056f9022998ed7f9edb799d9b123564f01e69cdca7da241d0fb6a8e9a1c5e qubes-db.openrc
ffe9ea8f65b4e164c3a0d1c8762d1e3b39de3799ae3e63f825457d52de49c6522820950e6262deaa9235ad97cd7c60bf1c9a077fff716c4ca9dbd688e9a73c91 0001-create_pidfile.patch
3d87f82d3637cf10bf1a3058ebbd2590ab17f65d1b49058f62d892f126635497abd5045f6797bc8069e5de08bb6e08fc6146deb6422090ad02122764cc6d72f0 qubes-db.openrc
"

View file

@ -2,7 +2,7 @@
name=$RC_SVCNAME
cfgfile="/etc/qubes/$RC_SVCNAME.conf"
command="/usr/sbin/qubesdb-daemon"
command="/sbin/qubesdb-daemon"
command_args="0"
command_user="root"
pidfile="/run/qubes/$RC_SVCNAME.pid"

View file

@ -1,10 +1,11 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-gpg-split
subpackages="$pkgname-doc"
pkgver=2.0.75
pkgver=2.0.69
_gittag="v$pkgver"
pkgrel=1
pkgrel=2
pkgdesc="Used Qubes AppVM as a “smart card”"
arch="x86_64"
url="https://github.com/QubesOS/qubes-app-linux-split-gpg"
@ -29,7 +30,10 @@ build() {
package() {
make install-vm DESTDIR="$pkgdir"
# Alpine packaging guidelines: /var/run is a symlink to a tmpfs. Don't create it.
rm -r "$pkgdir/var/run"
}
sha512sums="
212b819c959d66c5b3e73d0c0765e348b97b278a3df45903fdeaab3de49f60c455044e664bd8a95393f5e800d75706fda4198a5ea36e9ab933250d606f8cabbd qubes-gpg-split-v2.0.75.tar.gz
e20b4303934d41d537f4efd3d2811802b5f5c86ac97beb1169d5c302dd150b56a3f6ca5c61788ad5cd8731747aa4f91b79806bf863df427603ba6aebab27448b qubes-gpg-split-v2.0.69.tar.gz
"

View file

@ -1,53 +0,0 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-input-proxy
pkgver=1.0.40
_gittag=v$pkgver
pkgrel=0
pkgdesc="The Qubes service for proxying input devices"
arch="x86_64"
url="https://github.com/QubesOS/qubes-app-linux-input-proxy"
license='GPL'
depends="
usbutils
qubes-vm-core
"
makedepends="linux-headers"
subpackages="$pkgname-openrc"
source="
$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-input-proxy/archive/refs/tags/$_gittag.tar.gz
qubes-input-trigger_use-openrc.patch
makefile_skip-systemd.patch
qubes-input-sender.openrc
"
builddir="$srcdir"/qubes-app-linux-input-proxy-$pkgver
build() {
make all \
LIBDIR=/usr/lib \
USRLIBDIR=/usr/lib \
SYSLIBDIR=/usr/lib
}
package() {
make install-vm \
DESTDIR="$pkgdir" \
LIBDIR=/usr/lib \
USRLIBDIR=/usr/lib \
SYSLIBDIR=/usr/lib
# replace all shebangs with /bin/sh as qubes expects bash
# shellcheck disable=SC2013
for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
sed -i 's|/bin/sh|/bin/bash|' "$i"
done
# move openrc to init.d
install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender
}
sha512sums="
0aba4db0bba20dd3bc7f152de08e31e31b71f9d2ccf41f52b2273807cb68f46841663c46f66bc422edc66e7557a7293d641d818517abbfad2c7147a720bf7022 qubes-input-proxy-v1.0.40.tar.gz
e21e6ae680f98474cbb8b6213768ca1f8d5ffb0088173a387a309e1b40a9aabbb946f3201aa143088f144f13a5c85c3710b7ade1a1189655a08ed574e3d26df4 qubes-input-trigger_use-openrc.patch
21e7b95c94ec1a3f3499e79cf8b1931da2c3e33d8f1af2efe6b52b7e2678d4648bb0597b3a4a95cc10d0ca3cb83df93075b99cf1b615d8493a9e2fd21fb7f8f7 makefile_skip-systemd.patch
2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299 qubes-input-sender.openrc
"

View file

@ -1,18 +0,0 @@
diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
index 22ec526..bf7e0ea 100644
--- a/qubes-rpc/Makefile.orig
+++ b/qubes-rpc/Makefile
@@ -12,13 +12,6 @@ install-dom0:
$(DESTDIR)/etc/qubes-rpc/policy/qubes.InputTablet
install-vm:
- install -d $(DESTDIR)$(USRLIBDIR)/systemd/system
- install -m 0644 \
- qubes-input-sender-keyboard@.service \
- qubes-input-sender-keyboard-mouse@.service \
- qubes-input-sender-mouse@.service \
- qubes-input-sender-tablet@.service \
- $(DESTDIR)$(USRLIBDIR)/systemd/system
install -d $(DESTDIR)$(LIBDIR)/udev/rules.d
install -m 0644 qubes-input-proxy.rules \
$(DESTDIR)$(LIBDIR)/udev/rules.d/90-qubes-input-proxy.rules

View file

@ -1,28 +0,0 @@
#!/sbin/openrc-run
name=$RC_SVCNAME
cfgfile="/etc/qubes/$RC_SVCNAME.conf"
input="${RC_SVCNAME/*.}"
svcname="${RC_SVCNAME/.*}."
type="${RC_SVCNAME%.*}"
type="${type/$svcname/}"
type="$(echo $type | sed 's/.*/\u&/')"
command="/usr/bin/qubes-input-sender"
command_args="qubes.Input$type /dev/input/$input dom0"
command_user="root"
pidfile="/run/qubes/$RC_SVCNAME.pid"
start_stop_daemon_args=""
command_background="true"
output_log="/var/log/qubes/$RC_SVCNAME.log"
error_log="/var/log/qubes/$RC_SVCNAME.err"
start_pre() {
checkpath --directory --owner $command_user:qubes --mode 0775 \
/run/qubes \
/var/log/qubes \
/var/run/qubes
}
stop_post() {
pkill -f "input-proxy-sender /dev/input/$input" || true
}

View file

@ -1,93 +0,0 @@
diff --git a/qubes-rpc/qubes-input-trigger.orig b/qubes-rpc/qubes-input-trigger
index 264788e..edd40ec 100755
--- a/qubes-rpc/qubes-input-trigger.orig
+++ b/qubes-rpc/qubes-input-trigger
@@ -51,49 +51,69 @@ def get_service_name(udevreturn, input_dev):
('ID_INPUT_TOUCHPAD' in udevreturn) or
('QEMU_USB_Tablet' in udevreturn)
) and 'ID_INPUT_KEY' not in udevreturn:
- service = 'qubes-input-sender-tablet'
+ service = 'qubes-input-sender.tablet'
# if mouse report absolute events, prefer tablet service
# (0x3 is ABS_X | ABS_Y)
elif 'ID_INPUT_MOUSE' in udevreturn and abs_caps & 0x3:
- service = 'qubes-input-sender-tablet'
+ service = 'qubes-input-sender.tablet'
elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' not in udevreturn:
- service = 'qubes-input-sender-mouse'
+ service = 'qubes-input-sender.mouse'
elif 'ID_INPUT_KEY' in udevreturn and 'ID_INPUT_MOUSE' not in udevreturn:
- service = 'qubes-input-sender-keyboard'
+ service = 'qubes-input-sender.keyboard'
elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' in udevreturn:
- service = 'qubes-input-sender-keyboard-mouse'
+ service = 'qubes-input-sender.mouse'
if service:
- service = '{}@{}.service'.format(service, input_dev)
+ service = '{}.{}'.format(service, input_dev)
return service
def handle_service(service, action):
- retcode = subprocess.call(
- ["/bin/systemctl", "is-active", "--quiet", "service", service])
+ serviceFile = os.path.join("/etc/init.d", service)
+
+ sudo = []
+ if os.getuid() != 0:
+ sudo = ["sudo"]
+
if action == "add":
- systemctl_action = "start"
+ # create service link is not created
+ serviceFile = os.path.join("/etc/init.d", service)
+ if not os.path.exists(serviceFile):
+ subprocess.call(
+ ["/bin/ln", "-s", "/etc/init.d/qubes-input-sender", serviceFile])
+
# Ignore if service is already started
+ retcode = subprocess.call(
+ ["/sbin/rc-service","--quiet", service, "status"])
if retcode == 0:
return
+
+ subprocess.call(
+ sudo + ["/sbin/service", service, "start"])
+
elif action == "remove":
- systemctl_action = "stop"
+ # Ignore if service does not exist
+ if not os.path.exists(serviceFile):
+ return
+
# Ignore if service is not active
- if retcode != 0:
+ retcode = subprocess.call(
+ ["/sbin/rc-service", "--quiet", service, "status"])
+ if retcode == 3:
return
+
+ subprocess.call(
+ sudo + ["/sbin/service", service, "stop"])
+
+ # remove ln once stopped
+ if os.path.exists(serviceFile):
+ subprocess.call(
+ sudo + ["/bin/rm", serviceFile])
else:
print("Unknown action: %s" % action)
sys.exit(1)
- sudo = []
- if os.getuid() != 0:
- sudo = ["sudo"]
-
- subprocess.call(
- sudo + ["/bin/systemctl", "--no-block", systemctl_action, service])
-
-
def handle_event(input_dev, action, dom0):
udevreturn = None
if 'event' in input_dev: # if filename contains 'event'

View file

@ -0,0 +1,61 @@
From 8c4c3807119f27957e6c7f87d505d66d0ea4c3d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
<marmarek@invisiblethingslab.com>
Date: Sat, 18 Nov 2023 18:27:28 +0100
Subject: [PATCH] Support changed libxenctrl API in Xen 4.18.0
The xc_domain_getinfo() is gone, it's replaced with
xc_domain_getinfo_single. While the new API is a bit nicer, xenctrl.h
does not provide any #define to know which one is available. Check
library version in the makefile for that.
---
vchan/Makefile.linux | 4 ++++
vchan/io.c | 10 ++++++++++
2 files changed, 14 insertions(+)
diff --git a/vchan/Makefile.linux b/vchan/Makefile.linux
index 281f2b5..587cb34 100644
--- a/vchan/Makefile.linux
+++ b/vchan/Makefile.linux
@@ -27,6 +27,11 @@ CFLAGS += -g -Wall -Wextra -Werror -fPIC -O2 -D_GNU_SOURCE -D_FORTIFY_SOURCE=2 -
all: libvchan-xen.so vchan-xen.pc
-include *.dep
+# xenctrl.h does not provide any #define to distinguish API versions
+XENCTRL_VERSION := $(shell pkg-config --modversion xencontrol)
+CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \
+ sort -CV; then echo -DHAVE_XC_DOMAIN_GETINFO_SINGLE; fi)
+
libvchan-xen.so : init.o io.o
$(CC) $(LDFLAGS) -shared -o libvchan-xen.so $^ -lxenvchan -lxenctrl
clean:
diff --git a/vchan/io.c b/vchan/io.c
index 3d0ed35..0c23223 100644
--- a/vchan/io.c
+++ b/vchan/io.c
@@ -33,14 +33,24 @@
/* check if domain is still alive */
int libvchan__check_domain_alive(xc_interface *xc_handle, int dom) {
struct evtchn_status evst;
+#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE
+ xc_domaininfo_t dominfo;
+#else
xc_dominfo_t dominfo;
+#endif
int ret;
/* first try using domctl, more reliable but available in a privileged
* domain only */
+#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE
+ ret = xc_domain_getinfo_single(xc_handle, dom, &dominfo);
+ if (ret == 0)
+ return !(dominfo.flags & XEN_DOMINF_dying);
+#else
ret = xc_domain_getinfo(xc_handle, dom, 1, &dominfo);
if (ret == 1)
return dominfo.domid == (uint32_t)dom && !dominfo.dying;
+#endif
else if (ret == -1 && errno == ESRCH)
return 0;
/* otherwise fallback to xc_evtchn_status method */

View file

@ -1,8 +1,9 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-libvchan-xen
pkgver=4.2.4
pkgrel=2
pkgver=4.1.13
pkgrel=4
_gittag=v$pkgver
pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM."
arch="x86_64"
@ -13,7 +14,10 @@ makedepends="xen-dev coreutils"
builddir="$srcdir"/qubes-core-vchan-xen-$pkgver
subpackages="$pkgname-dev"
source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz"
source="
$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz
39_support-changed-libxenctrl-api-xen418.patch
"
build() {
cd "$builddir"/vchan
@ -25,5 +29,6 @@ package() {
}
sha512sums="
05b0d8964da1ba321aa7a7651f969692c470b8f9910f7324f10a54b0c6e43ae3270a26a6a49a0e26d5c50b14370b64fbfb340fe28b8f191a0a67c07aba0426c3 qubes-libvchan-xen-v4.2.4.tar.gz
cefb6b89f75936d791910d2169170536221d3123a1b33a14bea1fc5c08950ce934666719bf08eb3cc86ac055f85e6834f71e21c31189fa7299af09296c3cd99f qubes-libvchan-xen-v4.1.13.tar.gz
fedcba617d3843e41f257ff16b0a3108af844184252d4e702df8eccba21a4ef17d62c96acdb87bb4964e783b7f2f026305777be3379e7e7b51f4535a4704b52a 39_support-changed-libxenctrl-api-xen418.patch
"

View file

@ -1,13 +1,14 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-meta-packages
subpackages="
qubes-vm-dependencies
qubes-vm-recommended
"
pkgver=4.3.0
pkgver=4.1.24
_gittag="v$pkgver"
pkgrel=1
pkgrel=2
pkgdesc="Meta packages for Qubes-specific components"
arch="noarch"
url="https://github.com/QubesOS/qubes-meta-packages"
@ -38,5 +39,5 @@ recommended() {
mkdir -p "$subpkgdir"
}
sha512sums="
7567bc7edd6a17315bb5a968ff512a7758ef9697d11ed5200f8ffefe7069b0ebbbb790bffdc7a8717b9707c24309bb6d83cfc6306eb1d48724480af36ba95594 qubes-meta-packages-v4.3.0
5dfbdbc5a7fa3ae352d5c9de6822869065ebb1601880348ebb69fc1f91092bd3be333d5d8409575649d76412acce326f643ed5f95e07c2ac9b3f82a0dcc84293 qubes-meta-packages-v4.1.24
"

View file

@ -1,9 +1,10 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-pass
pkgver=0.1.0
_gittag="v$pkgver"
pkgrel=5
pkgrel=2
pkgdesc="An inter-VM password manager for Qubes OS"
arch="noarch"
url="https://github.com/Rudd-O/qubes-pass"
@ -14,21 +15,11 @@ makedepends="
pkgconf
"
options="!check"
subpackages="$pkgname-service"
source="
$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz
service-passquery.sh
"
source="$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz"
package() {
make install-client DESTDIR="$pkgdir"
}
service() {
make -C "$builddir" install-service DESTDIR="$subpkgdir"
install -Dm755 "$srcdir"/service-passquery.sh "$subpkgdir"/etc/qubes-rpc/ruddo.PassQuery
}
sha512sums="
b304bf8e6b8d04e7df4b52a02984ab03b6f3221c9178f1d91c99cab61e8b5ded45500b51de6d89aa76f4e73c0a3670ce6d07649c0ac159d048c3f0ac736c4d63 qubes-pass-v0.1.0.tar.gz
77807ba7bd8e1627785358ef2f9e165712ef41ef76f11e7a7b989b1057f462abc433df96265c6c7d669f81e39d89de0f7ea3dcbb207c5a7a22738b843fd7e160 service-passquery.sh
"

View file

@ -1,13 +0,0 @@
#!/bin/bash
set -e
read -n 4096 cmd
cmd=$(echo "$cmd" | base64 -d)
if [ "$cmd" == "list-files" ] ; then
logger -t ruddo.PassQuery "requested password file list"
exec pass git ls-files | sed -e '/.gitattributes/d' -e '/.gpg-id/d'
fi

View file

@ -1,9 +1,10 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-usb-proxy
pkgver=4.3.0
pkgver=1.1.5
_gittag="v$pkgver"
pkgrel=0
pkgrel=2
pkgdesc="The Qubes service for proxying USB devices"
arch="noarch"
url="https://github.com/QubesOS/qubes-app-linux-usb-proxy"
@ -18,10 +19,7 @@ makedepends="
make
pkgconf
"
source="
$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz
usb-import-alpine-udevadm.patch
"
source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz"
builddir="$srcdir"/qubes-app-linux-usb-proxy-${_gittag/v}
package() {
@ -29,14 +27,10 @@ package() {
# replace all shebangs with /bin/sh as qubes expects bash
# shellcheck disable=SC2013
for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
for i in $(grep '/bin/sh' -Rl .); do
sed -i 's|/bin/sh|/bin/bash|' "$i"
done
mkdir -p "$pkgdir"/etc/modules-load.d
echo "vhci-hcd" > "$pkgdir"/etc/modules-load.d/qubes-usb-proxy.conf
}
sha512sums="
b193a4df3b0281b2619528ac0a6542a47bd7204a073c9f0cb7c17233d0537f742eb83a58d591fc0e2599aea1a4783f07c7c90dcccdf08fa5845d36e14adae1e3 qubes-usb-proxy-v4.3.0.tar.gz
c6519982f7eef8586ee823dc96efa7b1b90f489114edcc348bc5221837090d19a2a3533eac83e3269ba68c2cf24447c018e0ac850ed1423a1280ebae364223fa usb-import-alpine-udevadm.patch
27d28faec2ab9cc9df1e361dac244bc1b10afc406860ca2e3fc2dff3b666c6adaed615625aeba785918f8e08cffb215ef028698a178d795e586740caf1566fc9 qubes-usb-proxy-v1.1.5.tar.gz
"

View file

@ -1,27 +0,0 @@
diff --git a/src/usb-import.orig b/src/usb-import
index 7b17799..e718795 100755
--- a/src/usb-import.orig
+++ b/src/usb-import
@@ -95,7 +95,7 @@ wait_for_attached() {
ERROR "Attach timeout, check kernel log for details."
fi
done
- [ -f "/usr/bin/udevadm" ] && udevadm settle
+ [ -f "/bin/udevadm" ] && udevadm settle
}
wait_for_detached() {
diff --git a/src/usb-export.orig b/src/usb-export
index ad2ab2b..37cff16 100755
--- a/src/usb-export.orig
+++ b/src/usb-export
@@ -110,8 +110,7 @@ if [ -n "$attach_to_usbip" ]; then
echo "$busid" > "$SYS_USBIP_HOST/bind" || exit 1
# optionally reset the device to clear any state from previous driver
- reset_on_attach=$(udevadm info --query=property \
- --value --property=QUBES_USB_RESET --path="$devpath")
+ reset_on_attach=$(udevadm info --query=property --path="$devpath" | awk -F "=" '{if($1=="QUBES_USB_RESET"){print $2}}' )
if [ -f /run/qubes-service/usb-reset-on-attach ]; then
reset_on_attach=1
fi

View file

@ -1,15 +1,15 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-core
subpackages="
qubes-vm-networking:networking:noarch
qubes-vm-passwordless-root:root:noarch
$pkgname-openrc
$pkgname-doc
$pkgname-pyc
"
pkgver=4.3.14
pkgrel=0
pkgver=4.1.44
pkgrel=6
_gittag="v$pkgver"
pkgdesc="The Qubes core files for installation inside a Qubes VM."
arch="x86_64"
@ -17,9 +17,8 @@ url="https://github.com/QubesOS/qubes-core-agent-linux"
license="GPL"
options="!check" # No testsuite
depends="
blkid
coreutils
dbus-x11
blkid
dconf
desktop-file-utils
device-mapper
@ -28,7 +27,6 @@ depends="
e2fsprogs-extra
ethtool
fakeroot
findutils
gawk
grep
haveged
@ -41,10 +39,10 @@ depends="
py3-dbus
py3-gobject3
py3-xdg
python3
qubes-db-vm
qubes-libvchan-xen
qubes-vm-utils
rsvg-convert
sed
socat
xdg-utils
@ -75,10 +73,7 @@ source="
qubes-sysinit.openrc
qubes-updates-proxy-forwarder.openrc
qubes-updates-proxy.openrc
apk-proxy.sh
qvm-sync-clock.sh
setupip-do-not-use-systemctl.patch
silence-stringop-overread-error.patch
"
builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v}
@ -107,9 +102,9 @@ build() {
# * core systemd services and drop-ins
# * basic network functionality (setting IP address, DNS, default gateway)
package() {
make DESTDIR="$pkgdir" SYSTEM_DROPIN_DIR=/usr/lib/systemd SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install-corevm
make -C app-menu DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install
make -C misc DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install
make install-corevm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
make -C app-menu install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib
make -C misc install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib
make -C qubes-rpc DESTDIR="$pkgdir" install
make -C qubes-rpc/kde DESTDIR="$pkgdir" install
make -C qubes-rpc/nautilus DESTDIR="$pkgdir" install
@ -117,9 +112,6 @@ package() {
make -C network DESTDIR="$pkgdir" install
install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/.
install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/.
install -Dm644 "$srcdir"/apk-proxy.sh "$pkgdir"/etc/profile.d/apk-proxy.sh
install -dm755 "$pkgdir"/etc/bash
ln -s /etc/profile.d/apk-proxy.sh "$pkgdir"/etc/bash/apk-proxy.sh
for i in $source; do
case $i in
@ -129,6 +121,7 @@ package() {
"$pkgdir"/etc/conf.d/${i%.*};;
esac
done
}
@ -150,34 +143,32 @@ networking() {
net-tools
networkmanager
nftables
python3
qubes-db-vm
qubes-vm-core
qubes-vm-utils
tinyproxy
"
cd "$builddir"
install -dm 755 "$subpkgdir"/usr/bin "$subpkgdir"/usr/lib/systemd/system
install -dm 755 "$subpkgdir"/usr/bin
mv "$pkgdir"/usr/bin/qubes-firewall "$subpkgdir"/usr/bin/.
make install-netvm DESTDIR="$subpkgdir" SYSTEM_DROPIN_DIR=/usr/lib/systemd SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
make install-netvm DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
}
root() {
cd "$builddir"
pkgdesc="Qubes OS Passwordless root access from normal user"
make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
}
sha512sums="
3a868dd32bbb8e8eb8e7ab519e28a3345d92a3d4d6891cf0763d3c8dc3475d0a089f1bafc1cee0adac70aad76c129d00b87e2f9833b2e6e05b3c828363e45b19 qubes-vm-core-v4.3.14.tar.gz
34ba5d84fa621ff25e8a9cc0d6ca69ee25bc7dbf37f13b08ccec13692ec9ebb8b12732878464e7e2909366de68727bdb66f960692be41e5186126701dfe861dd qubes-vm-core-v4.1.44.tar.gz
95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155 qubes-core-early.openrc
61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07 qubes-core-netvm.openrc
da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca qubes-core.openrc
164159a80d00c160e74a0ebf4695c047ca7720821e4a9c395405cd96f680b6765e9c4cf426aea94fcb26e08274ec2b42adf45ecc12d26cf683ab3bd0c01afed9 qubes-firewall.openrc
8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0 qubes-firewall.openrc
437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f qubes-iptables.openrc
e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30 qubes-sysinit.openrc
99ec0afc167866727072606aa183f0c7a539e68e0d8b9a57f6b9c129d3722c9135e1487eef438807d7138af0e669fb14608cbc1f1d5620ee9e995f294a8929f8 qubes-updates-proxy-forwarder.openrc
b1e8af2335955e52cf1817c56296f94f8c472e68d7a17a28f516fe4f5fa8a8053d4f9333efbb007a82a06f9442a4a6cfe5f9c751de07f337e47ee04cb18b9395 qubes-updates-proxy-forwarder.openrc
29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c qubes-updates-proxy.openrc
517d59e4699c24f23ccd59f5d4be3a519a426eee99d742c637fe1a9e69caa073621f4e9362c30182ba5a1a3eb0a769070c96e2c6b24cd8366a1f8f450a0b1c01 apk-proxy.sh
cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh
eb59321c800e65ce873085a1105b1b697d2a8ecaefcdaa8280a81d0082c0022653ecd746c7ec37e2c544265892afb77531effa17b0fa6c45a6a86925b513bdea setupip-do-not-use-systemctl.patch
6b96edf070706da596e7abcb9fe6419fbf17eecb46cbd65aeceea83d078458efaedfadec33021253c2bd1b356a85fa721316fa18d5a535491004046ba2c812d3 silence-stringop-overread-error.patch
"

View file

@ -1,5 +0,0 @@
# Use the update proxy over the QubesOS RPC for apk
# /etc/init.d/qubes-updates-proxy-forwarder creates the socket to the proxy
alias apk='https_proxy="http://127.0.0.1:8082/" http_proxy="http://127.0.0.1:8082/" apk'
# allow aliases with sudo
alias sudo='sudo '

View file

@ -16,7 +16,7 @@ depend() {
}
start_pre() {
/usr/sbin/ethtool -K "$(get_qubes_managed_iface)" sg off
/sbin/ethtool -K "$(get_qubes_managed_iface)" sg off
checkpath --directory --owner $command_user:qubes --mode 0775 \
/run/$RC_SVCNAME /var/log/qubes
}

View file

@ -1,34 +1,116 @@
#!/sbin/openrc-run
#!/bin/bash
#
# Updates proxy forwarder Startup script for the updates proxy forwarder
#
# chkconfig: 345 85 15
# description: forwards connection to updates proxy over Qubes RPC
# The clients should use the below shell variable exports:
# http_proxy="http://127.0.0.1:8082/"
# https_proxy="http://127.0.0.1:8082/"
# For apk, see the /etc/profile.d/apk-proxy.sh alias
#
# processname: ncat
# pidfile: /var/run/qubes-updates-proxy-forwarder.pid
#
name=$RC_SVCNAME
cfgfile="/etc/qubes/$RC_SVCNAME.conf"
command="/bin/busybox"
command_args="nc -lk -s 127.0.0.1 -p 8082 -e /usr/bin/qrexec-client-vm @default qubes.UpdatesProxy"
command_user="root"
pidfile="/run/qubes/$RC_SVCNAME.pid"
command_background="yes"
output_log="/var/log/qubes/$RC_SVCNAME.log"
error_log="/var/log/qubes/$RC_SVCNAME.err"
# Source function library.
# shellcheck disable=SC1091
. /etc/init.d/functions.sh
depend() {
need qubes-qrexec-agent
need net
# Source Qubes library.
# shellcheck source=init/functions
. /usr/lib/qubes/init/functions
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
exec="/usr/bin/ncat"
prog=$(basename $exec)
pidfile="/var/run/qubes-updates-proxy-forwarder.pid"
# shellcheck disable=SC1091
[ -e /etc/sysconfig/qubes-updates-proxy-forwarder ] && . /etc/sysconfig/qubes-updates-proxy-forwarder
lockfile=/var/lock/subsys/qubes-updates-proxy-forwarder
start() {
have_qubesdb || return
if ! qsvc updates-proxy-setup ; then
# updates proxy configuration disabled
exit 0
fi
if qsvc qubes-updates-proxy ; then
# updates proxy running here too, avoid looping traffic back to itself
exit 0
fi
[ -x $exec ] || exit 5
echo -n $"Starting $prog (as Qubes updates proxy forwarder): "
# shellcheck disable=SC2016
start-stop-daemon \
--exec $exec \
--pidfile "$pidfile" \
--make-pidfile \
--background \
--start \
-- \
-k -l -e 'qrexec-client-vm $default qubes.UpdatesProxy'
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
start_pre() {
checkpath --directory --owner $command_user:qubes --mode 0775 \
/run/qubes \
/var/log/qubes \
/var/run/qubes
# TODO should fail if qubes-update-proxy is running
# if qsvc qubes-updates-proxy ; then
# # updates proxy running here too, avoid looping traffic back to itself
# exit 0
# fi
stop() {
echo -n $"Stopping $prog: "
killproc -p $pidfile "$prog"
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
force_reload() {
restart
}
rh_status() {
status "$prog"
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|force-reload}"
exit 2
esac
exit $?

View file

@ -1,20 +0,0 @@
diff --git a/network/setup-ip.orig b/network/setup-ip
index 9126f90..c1f401c 100755
--- a/network/setup-ip.orig
+++ b/network/setup-ip
@@ -244,15 +244,6 @@ if [ "$ACTION" == "add" ]; then
primary_dns=$(/usr/bin/qubesdb-read /qubes-primary-dns 2>/dev/null) || primary_dns=
secondary_dns=$(/usr/bin/qubesdb-read /qubes-secondary-dns 2>/dev/null) || secondary_dns=
- /lib/systemd/systemd-sysctl \
- "--prefix=/net/ipv4/conf/all" \
- "--prefix=/net/ipv4/neigh/all" \
- "--prefix=/net/ipv6/conf/all" \
- "--prefix=/net/ipv6/neigh/all" \
- "--prefix=/net/ipv4/conf/$INTERFACE" \
- "--prefix=/net/ipv4/neigh/$INTERFACE" \
- "--prefix=/net/ipv6/conf/$INTERFACE" \
- "--prefix=/net/ipv6/neigh/$INTERFACE"
if [ -n "$ip4" ]; then
# If NetworkManager is enabled, let it configure the network

View file

@ -1,13 +0,0 @@
diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
index 63bd924..e5973e6 100644
--- a/qubes-rpc/Makefile.orig
+++ b/qubes-rpc/Makefile
@@ -11,7 +11,7 @@ ifneq ($(DEBUG),0)
DEBUG_FLAGS := -g
endif
CPPFLAGS := -I.
-CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie $(CFLAGS)
+CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie -Wno-stringop-overread $(CFLAGS)
LDFLAGS := $(DEBUG_FLAGS) -pie $(LDFLAGS)
LDLIBS := -lqubes-rpc-filecopy

View file

@ -1,2 +0,0 @@
# allow aliases with sudo
alias sudo='sudo '

View file

@ -1,9 +1,10 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-gui-dev
pkgver=4.3.0
pkgver=4.1.1
_gittag="v$pkgver"
pkgrel=1
pkgrel=3
pkgdesc="Common files for Qubes GUI - protocol headers."
arch="noarch"
url="https://github.com/QubesOS/qubes-gui-common"
@ -18,5 +19,5 @@ package() {
cp include/*.h $pkgdir/usr/include/
}
sha512sums="
c1046fda6395c6c7907fa3d9c963089169e860d4e0f79c2cf7bafe8a673c93ac0aec3ca312f97510541127510dc7d2ad585949599ed1fffbb0758ff1098ea518 qubes-vm-gui-dev-v4.3.0.tar.gz
2d962822413b1e4da6ef9303bce9b25e179829080a4ab96aeb7b274682c32b4620201d1de9c177346ab8d80913ae5e5384792b301d350850408fa790cb77d641 qubes-vm-gui-dev-v4.1.1.tar.gz
"

View file

@ -1,13 +1,22 @@
diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
index 76e0227..268cb00 100755
--- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig
From 7f7914fc2d0957012f1c4b130b0e442d43110c7d Mon Sep 17 00:00:00 2001
From: "build@apk-groulx" <build@apk-groulx.praxis>
Date: Sat, 5 Mar 2022 00:59:30 +0000
Subject: [PATCH 1/1] initd fix
---
appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
index dc0a578..4c9623a 100755
--- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
+++ b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
@@ -25,7 +25,7 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
@@ -23,4 +23,4 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
gui_opts="$gui_opts -vv"
fi
-echo "GUI_OPTS=$gui_opts" >> /var/run/qubes-service-environment
+echo "GUI_OPTS=\"$gui_opts\"" >> /var/run/qubes-service-environment
--
2.34.1
# 2**30
echo 1073741824 > /sys/module/xen_gntalloc/parameters/limit

View file

@ -1,12 +1,10 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-gui
subpackages="
qubes-vm-pulseaudio
qubes-vm-pipewire
$pkgname-openrc"
pkgver=4.3.4
pkgrel=0
subpackages="qubes-vm-pulseaudio $pkgname-openrc"
pkgver=4.1.31
pkgrel=3
_gittag="v$pkgver"
pkgdesc="The Qubes GUI Agent for AppVMs"
arch="x86_64"
@ -28,12 +26,10 @@ makedepends="
libxcomposite-dev
libxt
linux-pam-dev
lsb-release-minimal
make
patch
pixman
pkgconf
pipewire-dev
pulseaudio-dev
qubes-db-vm
qubes-db-vm-dev
@ -51,7 +47,6 @@ source="
qubes-gui-agent.openrc
qubes-sessions.sh
qubes-gui-agent.pam
qubes-sessions_do-not-use-systemd.patch
"
builddir="$srcdir"/qubes-gui-agent-linux-${_gittag/v}
_qubes_backend_vmm=xen
@ -79,7 +74,7 @@ build() {
}
package() {
make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/usr/lib
make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
install -Dm 755 "$srcdir"/qubes-gui-agent.openrc "$pkgdir"/etc/init.d/qubes-gui-agent
# Starts qubes-session after X11 start
@ -100,27 +95,13 @@ pulseaudio() {
local pa_ver=$(pkg-config --modversion libpulse 2>/dev/null | cut -f 1 -d "-")
cd "$builddir"
make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/usr/lib
make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
}
pipewire() {
pkgdesc="PipeWire support for Qubes VM."
depends="pipewire"
cd "$builddir"
make install-pipewire \
"DESTDIR=$subpkgdir" \
LIBDIR=/usr/lib \
USRLIBDIR=/usr/lib \
SYSLIBDIR=/usr/lib
}
sha512sums="
8d3ed290496ccb667020c53b2171f4616d8078c3e554ce32154ca32465594217d025ebd54dfc374c7e7c4a2d09c07bae445d56f23980c47424468555af584e9c qubes-vm-gui-v4.3.4.tar.gz
6a72fde5b3c1c6025b13b58340bb8d3eccab05050c8cbe3741d7c18ca48826e45a3df3716d77e2dd733c119ff8db5d920faa73f05cb94049306a0dad6f58349f qubes-vm-gui-v4.1.31.tar.gz
f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d 0001-musl-build.patch
01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6 0001-initd-fix.patch
262b93b4ea172926dc18b7af372168ff3f645a02db1529cb73af3d5aa6252a75500bfbd95344a835bbf646e753018d0e27885e41a03f06247226a485edb5e028 0001-initd-fix.patch
68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194 qubes-gui-agent.openrc
bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0 qubes-sessions.sh
b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7 qubes-gui-agent.pam
5d44bed65772e0300cfdb5960327ccff923159f1c0c6b980a3b37758a7330f5d8befa3c053990f6e5e7d2e71bf0eca047040439446a8b91bb1c2672e9e1497a0 qubes-sessions_do-not-use-systemd.patch
"

View file

@ -1,21 +0,0 @@
diff --git a/appvm-scripts/usrbin/qubes-session.orig b/appvm-scripts/usrbin/qubes-session
index cacac4b..e5bedc2 100755
--- a/appvm-scripts/usrbin/qubes-session.orig
+++ b/appvm-scripts/usrbin/qubes-session
@@ -27,16 +27,6 @@
loginctl activate "$XDG_SESSION_ID"
-# Now import the environment from the systemd user session.
-# This is necessary to enable users to configure their
-# Qubes environment using the standard environment.d
-# facility. Documentation for the facility is at:
-# https://www.freedesktop.org/software/systemd/man/environment.d.html
-set -a # export all variables
-env=$(systemctl --user show-environment) && eval "$env" || exit
-set +a
-
-
if qsvc guivm-gui-agent; then
if [ -e "$HOME/.xinitrc" ]; then
. "$HOME/.xinitrc"

View file

@ -1,10 +1,11 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-qrexec
subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc"
pkgver=4.3.1
subpackages="$pkgname-openrc $pkgname-doc"
pkgver=4.1.22
_gittag="v$pkgver"
pkgrel=0
pkgrel=3
pkgdesc="The Qubes qrexec files (qube side)"
arch="x86_64"
url="https://github.com/QubesOS/qubes-core-qrexec"
@ -32,7 +33,7 @@ prepare() {
default_prepare
# remove all -Werror
msg "Eradicating -Werror..."
find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror*. //g' {} +
find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror//g' {} +
}
build() {
@ -47,13 +48,13 @@ build() {
}
package() {
make install-base DESTDIR="$pkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
make install-vm DESTDIR="$pkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
make install-base DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
make install-vm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent
}
sha512sums="
f25d4a6ae587666bc2db6c42978779f6ea52bac10c17e399aed7cd99ecf9b6cedb48a2baa54386f8994c086a9f12b8ed6f8d911f63eee17f86c8e36c0ea7049c qubes-vm-qrexec-v4.3.1.tar.gz
c4d993dae87446fe73f390bdf0aa3bcfacce1a630b1f0e5f20c6ea7710c14cd9a7a0a66a66e5731dee47c6958c659e61b3c0ebea5a99a31317a52fb326650a2f qubes-vm-qrexec-v4.1.22.tar.gz
e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc
c3009ddb97656be7d0a78910217c852f0f9b20cd37b4537d99724e629bc87f1c675ada084eba3c641c4ae54dab8aacd87514d73de72f42d6ccc976e6255212bc makefile-remove-cc-cflags.patch
e48a06778a880915827fb2ef3e38379eb2bc6cf63f7fed79472be4732f7110b0c642c7a62a43236f53404ce69afddd40a5bc92a984403aae74caae1580c31200 makefile-remove-cc-cflags.patch
69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch
"

View file

@ -2,14 +2,6 @@ diff --git a/Makefile.orig b/Makefile
index ade10bf..7de05a4 100644
--- a/Makefile.orig
+++ b/Makefile
@@ -1,6 +1,5 @@
MAKEFLAGS=-r
-CC ?= gcc
-CFLAGS += -Werror=strict-prototypes -Werror=old-style-definition -Werror=missing-declarations -Werror=missing-prototypes
+CFLAGS += -Wno-incompatible-pointer-types -Wno-int-conversion -Wno-implicit-function-declaration
PYTHON ?= python3
export PYTHON CC MAKEFLAGS CFLAGS
@@ -26,7 +24,7 @@ all-base:
$(PYTHON) setup.py build
.PHONY: all-base

View file

@ -1,13 +1,13 @@
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
pkgname=qubes-vm-utils
subpackages="
qubes-vm-kernel-support:support:noarch
$pkgname-openrc
$pkgname-pyc
"
pkgver=4.3.7
pkgrel=0
pkgver=4.1.19
pkgrel=2
_gittag="v$pkgver"
pkgdesc="Common Linux files for Qubes VM."
arch="x86_64"
@ -23,7 +23,6 @@ makedepends="
make
pkgconfig
py3-setuptools
icu-dev
qubes-libvchan-xen-dev
xen-dev
"
@ -40,7 +39,7 @@ build() {
}
package() {
make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SBINDIR=/usr/sbin
make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/lib SBINDIR=/sbin
install -Dm 755 "$srcdir"/qubes-meminfo-writer.openrc "$pkgdir"/etc/init.d/qubes-meminfo-writer
}
@ -59,6 +58,6 @@ support() {
install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh
}
sha512sums="
557a3f4d0e95f9e999367f103bfe80d4d5a9734bb841dc24cc67804641d805cfdee99ebef68b47027ae6bf255ca9e1fd15446d0f5aa21a906d10da43eb9a733a qubes-vm-utils-v4.3.7.tar.gz
c29bac0c6b9a0c81ee42e88541d9216549276448a02c3005ea20d85c7eda483cee28bbc159098bd42badc7ed80058734311931ee4ef13e170e49f83cf3f5a9ae qubes-meminfo-writer.openrc
adfa6190af80e8ff92b899056370b8e820820154dcbad2d141debc72a6f122d94894eb0ffd5f56715db8ff7c3166c63b8832a78f70c35d86d42af071297b7d35 qubes-vm-utils-v4.1.19.tar.gz
aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3 qubes-meminfo-writer.openrc
"

View file

@ -3,7 +3,7 @@
name=$RC_SVCNAME
cfgfile="/etc/qubes/$RC_SVCNAME.conf"
pidfile="/var/run/meminfo-writer.pid"
command="/usr/sbin/meminfo-writer"
command="/sbin/meminfo-writer"
command_args="30000 100000 $pidfile"
command_user="root"
start_stop_daemon_args=""