README: update

README.md

@@ -8,10 +8,6 @@ Linux template. The upstream repo uses GitLab's CI to build and deploy packages
 targetting multiple Alpine Linux versions. QubesOS releases are tracked using
 branches.
 
-Note for `main` branch: This is currently tracking r4.3 packages, thus are
-experimental. Use this branch at your own risk. For latest r4.2 packages,
-navigate to that branch.
-
 #### Template builder
 The template builder is housed in its [own repo](https://ayakael.net/forge/qubes-builder-alpine)
 RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate
@@ -54,7 +50,7 @@ curl -JO https://ayakael.net/api/packages/forge/alpine/key
 Add repository to `/etc/apk/repositories`:
 
 ```shell
-echo "https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3" > /etc/apk/repositories
+echo "https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.1" > /etc/apk/repositories
 ```
 
 

qubes-app-linux-druide-antidote/APKBUILD

@@ -1,25 +0,0 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
-# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
-pkgname=qubes-app-linux-druide-antidote
-pkgver=0.0.1_git20240201
-_gittag=c724c88aa2a20b1e422b464499015ff05753316d
-pkgrel=2
-arch="noarch"
-pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file"
-url=https://github.com/neowutran/qubes-app-linux-druide-antidote
-license="GPL-3.0-only"
-source="$pkgname-$_gittag.tar.gz::https://github.com/neowutran/qubes-app-linux-druide-antidote/archive/$_gittag.tar.gz"
-depends="bash"
-makedepends="pandoc"
-builddir="$srcdir"/$pkgname-$_gittag
-
-check() {
-	tests/all
-}
-
-package() {
-	make install-vm DESTDIR="$pkgdir/"
-}
-sha512sums="
-e3597804bdcea25b2938aa325dfe9495f5bcde47c8515c7680c19882120e065d0a9ef8d120545ff3c9966b84a329cf87c5b993380510311ec8b5d9f5a8b35833  qubes-app-linux-druide-antidote-c724c88aa2a20b1e422b464499015ff05753316d.tar.gz
-"

qubes-db-vm/0001-create_pidfile.patch

@@ -1,17 +1,17 @@
-diff --git a/daemon/db-daemon.c.orig b/daemon/db-daemon.c
-index bcf77df..c7b1a50 100644
---- a/daemon/db-daemon.c.orig
+From d20a9db122608e0992c9ab6f675920d4bb1ee88f Mon Sep 17 00:00:00 2001
+From: "build@apk-groulx" <build@apk-groulx.praxis>
+Date: Fri, 4 Mar 2022 22:50:19 +0000
+Subject: [PATCH 1/1] create_pidfile
+
+---
+ daemon/db-daemon.c | 11 +++--------
+ 1 file changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/daemon/db-daemon.c b/daemon/db-daemon.c
+index 9934d16..2b28995 100644
+--- a/daemon/db-daemon.c
 +++ b/daemon/db-daemon.c
-@@ -156,7 +156,7 @@ int mainloop(struct db_daemon_data *d) {
-             return 0;
-         }
-         d->multiread_requested = 1;
--        /* wait for complete response */
-+        /* wait for complete rsponse */
-         while (d->multiread_requested) {
-             AcquireSRWLockExclusive(&d->lock);
-             if (!handle_vchan_data(d)) {
-@@ -627,11 +627,8 @@ static int create_pidfile(struct db_daemon_data *d) {
+@@ -618,11 +618,8 @@ int create_pidfile(struct db_daemon_data *d) {
      mode_t old_umask;
      struct stat stat_buf;
  
@@ -24,7 +24,7 @@ index bcf77df..c7b1a50 100644
  
      old_umask = umask(0002);
      pidfile = fopen(pidfile_name, "w");
-@@ -652,10 +649,8 @@ static void remove_pidfile(struct db_daemon_data *d) {
+@@ -643,10 +640,8 @@ void remove_pidfile(struct db_daemon_data *d) {
      struct stat stat_buf;
  
      /* no pidfile for VM daemon - service is managed by systemd */
@@ -36,12 +36,15 @@ index bcf77df..c7b1a50 100644
  
      if (stat(pidfile_name, &stat_buf) == 0) {
          /* remove pidfile only if it's the one created this process */
-@@ -763,7 +758,7 @@ int fuzz_main(int argc, char **argv) {
+@@ -754,7 +749,7 @@ int fuzz_main(int argc, char **argv) {
                  exit(1);
              case 0:
                  close(ready_pipe[0]);
--                snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name ? d.remote_name : "dom0");
+-                snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name);
 +                snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubes-db.log");
  
                  close(0);
                  old_umask = umask(0);
+-- 
+2.34.1
+

qubes-db-vm/APKBUILD

@@ -2,8 +2,8 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-db-vm
 subpackages="$pkgname-openrc"
-pkgver=4.2.6
-pkgrel=0
+pkgver=4.1.17
+pkgrel=4
 _gittag="v$pkgver"
 pkgdesc="QubesDB libs and daemon service."
 arch="x86_64"
@@ -24,7 +24,7 @@ source="
 	qubes-db.openrc
 	"
 builddir="$srcdir"/qubes-core-qubesdb-$pkgver
-subpackages="$pkgname-dev $pkgname-openrc"
+subpackages="$pkgname-dev"
 
 build() {
 	# Build all with python bindings
@@ -43,8 +43,8 @@ package() {
 	install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db
 }
 sha512sums="
-182ae7edb7235a21c45334d8d7aa20a7a9f63056d411fe66fe20d67ea0de7cf63d2a79886016561f69c5f444704f3728ee7b1aa6343f5ce15667ba458c08c9c7  qubes-db-vm-v4.2.6.tar.gz
+dad1580afa7d152551b7292051b624090ce57c006174d7c0f5273f4d9cecadcb70d46547263dcf23131d5f5df921519c9d8ca739acd9f0e9be303b20e73083bb  qubes-db-vm-v4.1.17.tar.gz
 af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207  0001-musl-build.patch
-892eb29b9bab4d9e662678d13a5607df04cdb024c2f28332f40fa4b7c644476a4b26a9fc038dfcdac1e0b8d328165d21d50d894d2c1e27f792287dd57449e7eb  0001-create_pidfile.patch
+ffe9ea8f65b4e164c3a0d1c8762d1e3b39de3799ae3e63f825457d52de49c6522820950e6262deaa9235ad97cd7c60bf1c9a077fff716c4ca9dbd688e9a73c91  0001-create_pidfile.patch
 3d87f82d3637cf10bf1a3058ebbd2590ab17f65d1b49058f62d892f126635497abd5045f6797bc8069e5de08bb6e08fc6146deb6422090ad02122764cc6d72f0  qubes-db.openrc
 "

qubes-gpg-split/APKBUILD

@@ -2,9 +2,9 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-gpg-split
 subpackages="$pkgname-doc"
-pkgver=2.0.71
+pkgver=2.0.70
 _gittag="v$pkgver"
-pkgrel=0
+pkgrel=1
 pkgdesc="Used Qubes AppVM as a “smart card”"
 arch="x86_64"
 url="https://github.com/QubesOS/qubes-app-linux-split-gpg"
@@ -29,7 +29,10 @@ build() {
 
 package() {
 	make install-vm DESTDIR="$pkgdir"
+
+	# Alpine packaging guidelines: /var/run is a symlink to a tmpfs. Don't create it.
+	rm -r "$pkgdir/var/run"
 }
 sha512sums="
-fb0d2b48e0e742cfb25fd85728370eb3eb02071e94c737ac885919f79dc4e62901b3ce80e06a6233767b71826c967ab1de3ca700edc19a7276a456456deb8ecb  qubes-gpg-split-v2.0.71.tar.gz
+a38ca61433c16168f44ef458f9fbc7eb37712f6edfb2bde7af7e08c6d98907e2038335ccda402b97a7940286af58be197a0bea3a20f5843b292766c7277a8350  qubes-gpg-split-v2.0.70.tar.gz
 "

qubes-input-proxy/APKBUILD

@@ -1,53 +0,0 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
-# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
-pkgname=qubes-input-proxy
-pkgver=1.0.37
-_gittag=v$pkgver
-pkgrel=2
-pkgdesc="The Qubes service for proxying input devices"
-arch="x86_64"
-url="http://qubes-os.org/"
-license='GPL'
-depends="
-	usbutils
-	qubes-vm-core
-	"
-makedepends="linux-headers"
-subpackages="$pkgname-openrc"
-source="
-	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-input-proxy/archive/refs/tags/$_gittag.tar.gz
-	qubes-input-trigger_use-openrc.patch
-	makefile_skip-systemd.patch
-	qubes-input-sender.openrc
-	"
-builddir="$srcdir"/qubes-app-linux-input-proxy-$pkgver
-
-build() {
-	make all \
-		LIBDIR=/usr/lib \
-		USRLIBDIR=/usr/lib \
-		SYSLIBDIR=/usr/lib
-}
-
-package() {
-	make install-vm \
-		DESTDIR="$pkgdir" \
-		LIBDIR=/usr/lib \
-		USRLIBDIR=/usr/lib \
-		SYSLIBDIR=/usr/lib
-
-	# replace all shebangs with /bin/sh as qubes expects bash
-	# shellcheck disable=SC2013
-	for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
-		sed -i 's|/bin/sh|/bin/bash|' "$i"
-	done
-
-	# move openrc to init.d
-	install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender
-}
-sha512sums="
-0abe75960531c96f2760a462710de2d5e54d95792d719e42d7ae7e2a22b586e4573835584df74ba288e761ed64149f6a951c19301039cf3293621b4032085292  qubes-input-proxy-v1.0.37.tar.gz
-53f898f4d611e0a9be18127cff90ebc3946dc7e270548a84407067b02cb918546e8425c1722a60efb73b93af05c79889eaa16a4c7d596c948fdb9291d218c803  qubes-input-trigger_use-openrc.patch
-21e7b95c94ec1a3f3499e79cf8b1931da2c3e33d8f1af2efe6b52b7e2678d4648bb0597b3a4a95cc10d0ca3cb83df93075b99cf1b615d8493a9e2fd21fb7f8f7  makefile_skip-systemd.patch
-2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299  qubes-input-sender.openrc
-"

qubes-input-proxy/makefile_skip-systemd.patch

@@ -1,18 +0,0 @@
-diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
-index 22ec526..bf7e0ea 100644
---- a/qubes-rpc/Makefile.orig
-+++ b/qubes-rpc/Makefile
-@@ -12,13 +12,6 @@ install-dom0:
- 		$(DESTDIR)/etc/qubes-rpc/policy/qubes.InputTablet
- 
- install-vm:
--	install -d $(DESTDIR)$(USRLIBDIR)/systemd/system
--	install -m 0644 \
--		qubes-input-sender-keyboard@.service \
--		qubes-input-sender-keyboard-mouse@.service \
--		qubes-input-sender-mouse@.service \
--		qubes-input-sender-tablet@.service \
--		$(DESTDIR)$(USRLIBDIR)/systemd/system
- 	install -d $(DESTDIR)$(LIBDIR)/udev/rules.d
- 	install -m 0644 qubes-input-proxy.rules \
- 		$(DESTDIR)$(LIBDIR)/udev/rules.d/90-qubes-input-proxy.rules

qubes-input-proxy/qubes-input-sender.openrc

@@ -1,28 +0,0 @@
-#!/sbin/openrc-run
-  
-name=$RC_SVCNAME
-cfgfile="/etc/qubes/$RC_SVCNAME.conf"
-input="${RC_SVCNAME/*.}"
-svcname="${RC_SVCNAME/.*}."
-type="${RC_SVCNAME%.*}"
-type="${type/$svcname/}"
-type="$(echo $type | sed 's/.*/\u&/')"
-command="/usr/bin/qubes-input-sender"
-command_args="qubes.Input$type /dev/input/$input dom0"
-command_user="root"
-pidfile="/run/qubes/$RC_SVCNAME.pid"
-start_stop_daemon_args=""
-command_background="true"
-output_log="/var/log/qubes/$RC_SVCNAME.log"
-error_log="/var/log/qubes/$RC_SVCNAME.err"
-
-start_pre() {
-        checkpath --directory --owner $command_user:qubes --mode 0775 \
-                /run/qubes \
-		/var/log/qubes \
-		/var/run/qubes
-}
-
-stop_post() {
-	pkill -f "input-proxy-sender /dev/input/$input" || true
-}

qubes-input-proxy/qubes-input-trigger_use-openrc.patch

@@ -1,92 +0,0 @@
-diff --git a/qubes-rpc/qubes-input-trigger.orig b/qubes-rpc/qubes-input-trigger
-index 5fa0e5a..0dd3773 100755
---- a/qubes-rpc/qubes-input-trigger.orig
-+++ b/qubes-rpc/qubes-input-trigger
-@@ -42,48 +42,68 @@ def get_service_name(udevreturn, input_dev):
-             ('ID_INPUT_TOUCHPAD' in udevreturn) or
-             ('QEMU_USB_Tablet' in udevreturn)
-     ) and 'ID_INPUT_KEY' not in udevreturn:
--        service = 'qubes-input-sender-tablet'
-+        service = 'qubes-input-sender.tablet'
-     # PiKVM "mouse" is special, as it sends absolute events
-     elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_USB_VENDOR=PiKVM' in udevreturn:
--        service = 'qubes-input-sender-tablet'
-+        service = 'qubes-input-sender.tablet'
-     elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' not in udevreturn:
--        service = 'qubes-input-sender-mouse'
-+        service = 'qubes-input-sender.mouse'
-     elif 'ID_INPUT_KEY' in udevreturn and 'ID_INPUT_MOUSE' not in udevreturn:
--        service = 'qubes-input-sender-keyboard'
-+        service = 'qubes-input-sender.keyboard'
-     elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' in udevreturn:
--        service = 'qubes-input-sender-keyboard-mouse'
-+        service = 'qubes-input-sender.keyboardmouse'
- 
-     if service:
--        service = '{}@{}.service'.format(service, input_dev)
-+        service = '{}.{}'.format(service, input_dev)
- 
-     return service
- 
- 
- def handle_service(service, action):
--    retcode = subprocess.call(
--        ["/bin/systemctl", "is-active", "--quiet", "service", service])
-+    serviceFile = os.path.join("/etc/init.d", service)
-+
-+    sudo = []
-+    if os.getuid() != 0:
-+        sudo = ["sudo"]
-+
-     if action == "add":
--        systemctl_action = "start"
-+        # create service link is not created
-+        serviceFile = os.path.join("/etc/init.d", service)
-+        if not os.path.exists(serviceFile):
-+            subprocess.call(
-+                ["/bin/ln", "-s", "/etc/init.d/qubes-input-sender", serviceFile])
-+
-         # Ignore if service is already started
-+        retcode = subprocess.call(
-+            ["/sbin/rc-service","--quiet", service, "status"])
-         if retcode == 0:
-             return
-+
-+        subprocess.call(
-+            sudo + ["/sbin/service", service, "start"])
-+
-     elif action == "remove":
--        systemctl_action = "stop"
-+        # Ignore if service does not exist
-+        if not os.path.exists(serviceFile):
-+            return
-+
-         # Ignore if service is not active
--        if retcode != 0:
-+        retcode = subprocess.call(
-+            ["/sbin/rc-service", "--quiet", service, "status"])
-+        if retcode == 3:
-             return
-+
-+        subprocess.call(
-+            sudo + ["/sbin/service", service, "stop"])
-+
-+        # remove ln once stopped
-+        if os.path.exists(serviceFile):
-+            subprocess.call(
-+                sudo + ["/bin/rm", serviceFile])
-     else:
-         print("Unknown action: %s" % action)
-         sys.exit(1)
- 
--    sudo = []
--    if os.getuid() != 0:
--        sudo = ["sudo"]
--
--    subprocess.call(
--        sudo + ["/bin/systemctl", "--no-block", systemctl_action, service])
--
--
- def handle_event(input_dev, action, dom0):
-     udevreturn = None
-     if 'event' in input_dev:  # if filename contains 'event'

qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch

@@ -17,7 +17,7 @@ diff --git a/vchan/Makefile.linux b/vchan/Makefile.linux
 index 281f2b5..587cb34 100644
 --- a/vchan/Makefile.linux
 +++ b/vchan/Makefile.linux
-@@ -27,6 +27,10 @@ CFLAGS += -g -Wall -Wextra -Werror -fPIC -O2 -D_GNU_SOURCE -MD -MP -MF $@.dep
+@@ -27,6 +27,11 @@ CFLAGS += -g -Wall -Wextra -Werror -fPIC -O2 -D_GNU_SOURCE -D_FORTIFY_SOURCE=2 -
  all: libvchan-xen.so vchan-xen.pc
  -include *.dep
  
@@ -25,9 +25,10 @@ index 281f2b5..587cb34 100644
 +XENCTRL_VERSION := $(shell pkg-config --modversion xencontrol)
 +CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \
 +                  sort -CV; then echo -DHAVE_XC_DOMAIN_GETINFO_SINGLE; fi)
- SO_VER = 1
- 
- libvchan-xen.so.$(SO_VER): init.o io.o
++
+ libvchan-xen.so : init.o io.o
+ 	$(CC) $(LDFLAGS) -shared -o libvchan-xen.so $^ -lxenvchan -lxenctrl
+ clean:
 diff --git a/vchan/io.c b/vchan/io.c
 index 3d0ed35..0c23223 100644
 --- a/vchan/io.c
@@ -57,3 +58,4 @@ index 3d0ed35..0c23223 100644
      else if (ret == -1 && errno == ESRCH)
          return 0;
      /* otherwise fallback to xc_evtchn_status method */
+

qubes-libvchan-xen/APKBUILD

@@ -1,8 +1,8 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-libvchan-xen
-pkgver=4.2.3
-pkgrel=2
+pkgver=4.1.13
+pkgrel=5
 _gittag=v$pkgver
 pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM."
 arch="x86_64"
@@ -13,7 +13,10 @@ makedepends="xen-dev coreutils"
 builddir="$srcdir"/qubes-core-vchan-xen-$pkgver
 subpackages="$pkgname-dev"
 
-source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz"
+source="
+	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz
+	39_support-changed-libxenctrl-api-xen418.patch
+	"
 
 build() {
 	cd "$builddir"/vchan
@@ -25,5 +28,6 @@ package() {
 }
 
 sha512sums="
-cbdeb025a7bd0c837cb079708b4cfc3b1eda10482999b1eeda33a1cfa2869a4a629d99dd556f9a8b9d83f4b5df9d686b8c524d2093a3bafac35df2192bf2983d  qubes-libvchan-xen-v4.2.3.tar.gz
+cefb6b89f75936d791910d2169170536221d3123a1b33a14bea1fc5c08950ce934666719bf08eb3cc86ac055f85e6834f71e21c31189fa7299af09296c3cd99f  qubes-libvchan-xen-v4.1.13.tar.gz
+fedcba617d3843e41f257ff16b0a3108af844184252d4e702df8eccba21a4ef17d62c96acdb87bb4964e783b7f2f026305777be3379e7e7b51f4535a4704b52a  39_support-changed-libxenctrl-api-xen418.patch
 "

qubes-meta-packages/APKBUILD

@@ -5,9 +5,9 @@ subpackages="
 	qubes-vm-dependencies
 	qubes-vm-recommended
 	"
-pkgver=4.3.0
+pkgver=4.1.24
 _gittag="v$pkgver"
-pkgrel=0
+pkgrel=3
 pkgdesc="Meta packages for Qubes-specific components"
 arch="noarch"
 url="https://github.com/QubesOS/qubes-meta-packages"
@@ -38,5 +38,5 @@ recommended() {
 	mkdir -p "$subpkgdir"
 }
 sha512sums="
-7567bc7edd6a17315bb5a968ff512a7758ef9697d11ed5200f8ffefe7069b0ebbbb790bffdc7a8717b9707c24309bb6d83cfc6306eb1d48724480af36ba95594  qubes-meta-packages-v4.3.0
+5dfbdbc5a7fa3ae352d5c9de6822869065ebb1601880348ebb69fc1f91092bd3be333d5d8409575649d76412acce326f643ed5f95e07c2ac9b3f82a0dcc84293  qubes-meta-packages-v4.1.24
 "

qubes-pass/APKBUILD

@@ -3,7 +3,7 @@
 pkgname=qubes-pass
 pkgver=0.1.0
 _gittag="v$pkgver"
-pkgrel=4
+pkgrel=3
 pkgdesc="An inter-VM password manager for Qubes OS"
 arch="noarch"
 url="https://github.com/Rudd-O/qubes-pass"
@@ -14,21 +14,11 @@ makedepends="
 	pkgconf
 	"
 options="!check"
-subpackages="$pkgname-service"
-source="
-	$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz
-	service-passquery.sh
-	"
+source="$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz"
 
 package() {
 	make install-client DESTDIR="$pkgdir"
 }
-
-service() {
-	make -C "$builddir" install-service DESTDIR="$subpkgdir"
-	install -Dm755 "$srcdir"/service-passquery.sh "$subpkgdir"/etc/qubes-rpc/ruddo.PassQuery
-}
 sha512sums="
 b304bf8e6b8d04e7df4b52a02984ab03b6f3221c9178f1d91c99cab61e8b5ded45500b51de6d89aa76f4e73c0a3670ce6d07649c0ac159d048c3f0ac736c4d63  qubes-pass-v0.1.0.tar.gz
-77807ba7bd8e1627785358ef2f9e165712ef41ef76f11e7a7b989b1057f462abc433df96265c6c7d669f81e39d89de0f7ea3dcbb207c5a7a22738b843fd7e160  service-passquery.sh
 "

qubes-pass/service-passquery.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-
-set -e
-
-read -n 4096 cmd
-cmd=$(echo "$cmd" | base64 -d)
-
-if [ "$cmd" == "list-files" ] ; then
-  
-  logger -t ruddo.PassQuery "requested password file list"
-  exec pass git ls-files | sed -e '/.gitattributes/d' -e '/.gpg-id/d' 
-
-fi

qubes-usb-proxy/APKBUILD

@@ -1,9 +1,9 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-usb-proxy
-pkgver=1.3.0
+pkgver=1.2.1
 _gittag="v$pkgver"
-pkgrel=2
+pkgrel=1
 pkgdesc="The Qubes service for proxying USB devices"
 arch="noarch"
 url="https://github.com/QubesOS/qubes-app-linux-usb-proxy"
@@ -18,10 +18,7 @@ makedepends="
 	make
 	pkgconf
 	"
-source="
-	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz
-	usb-import-alpine-udevadm.patch
-	"
+source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz"
 builddir="$srcdir"/qubes-app-linux-usb-proxy-${_gittag/v}
 
 package() {
@@ -29,14 +26,10 @@ package() {
 
 	# replace all shebangs with /bin/sh as qubes expects bash
 	# shellcheck disable=SC2013
-	for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
+	for i in $(grep '/bin/sh' -Rl .); do
 		sed -i 's|/bin/sh|/bin/bash|' "$i"
 	done
-
-	mkdir -p "$pkgdir"/etc/modules-load.d
-	echo "vhci-hcd" > "$pkgdir"/etc/modules-load.d/qubes-usb-proxy.conf
 }
 sha512sums="
-822718decff8d2d15e56208b51603d3104cacb42981576985c2955e2bb73a66119397359314ebb6e6b52e3985b4d797e02b1074faf40aa6ca9cce067c753d830  qubes-usb-proxy-v1.3.0.tar.gz
-c6519982f7eef8586ee823dc96efa7b1b90f489114edcc348bc5221837090d19a2a3533eac83e3269ba68c2cf24447c018e0ac850ed1423a1280ebae364223fa  usb-import-alpine-udevadm.patch
+e034ce9ec163fdcd4ad2ceb0cb1f5158ae670484b589a34ef610731a379f0f76f280cabb195c2e97228bbeb61cfb9296ccc89ad533a050f0d464a50724724cbb  qubes-usb-proxy-v1.2.1.tar.gz
 "

qubes-usb-proxy/usb-import-alpine-udevadm.patch

@@ -1,27 +0,0 @@
-diff --git a/src/usb-import.orig b/src/usb-import
-index 7b17799..e718795 100755
---- a/src/usb-import.orig
-+++ b/src/usb-import
-@@ -95,7 +95,7 @@ wait_for_attached() {
-             ERROR "Attach timeout, check kernel log for details."
-         fi
-     done
--    [ -f "/usr/bin/udevadm" ] && udevadm settle
-+    [ -f "/bin/udevadm" ] && udevadm settle
- }
- 
- wait_for_detached() {
-diff --git a/src/usb-export.orig b/src/usb-export
-index ad2ab2b..37cff16 100755
---- a/src/usb-export.orig
-+++ b/src/usb-export
-@@ -110,8 +110,7 @@ if [ -n "$attach_to_usbip" ]; then
-     echo "$busid" > "$SYS_USBIP_HOST/bind" || exit 1
- 
-     # optionally reset the device to clear any state from previous driver
--    reset_on_attach=$(udevadm info --query=property \
--        --value --property=QUBES_USB_RESET --path="$devpath")
-+    reset_on_attach=$(udevadm info --query=property --path="$devpath" |  awk -F "=" '{if($1=="QUBES_USB_RESET"){print $2}}' )
-     if [ -f /run/qubes-service/usb-reset-on-attach ]; then
-         reset_on_attach=1
-     fi

qubes-vm-core/APKBUILD

@@ -6,10 +6,9 @@ subpackages="
 	qubes-vm-passwordless-root:root:noarch
 	$pkgname-openrc
 	$pkgname-doc
-	$pkgname-pyc
 	"
-pkgver=4.3.4
-pkgrel=2
+pkgver=4.1.48
+pkgrel=1
 _gittag="v$pkgver"
 pkgdesc="The Qubes core files for installation inside a Qubes VM."
 arch="x86_64"
@@ -19,7 +18,6 @@ options="!check" # No testsuite
 depends="
 	blkid
 	coreutils
-	dbus-x11
 	dconf
 	desktop-file-utils
 	device-mapper
@@ -28,7 +26,6 @@ depends="
 	e2fsprogs-extra
 	ethtool
 	fakeroot
-	findutils
 	gawk
 	grep
 	haveged
@@ -44,7 +41,6 @@ depends="
 	qubes-db-vm
 	qubes-libvchan-xen
 	qubes-vm-utils
-	rsvg-convert
 	sed
 	socat
 	xdg-utils
@@ -77,8 +73,6 @@ source="
 	qubes-updates-proxy.openrc
 	apk-proxy.sh
 	qvm-sync-clock.sh
-	setupip-do-not-use-systemctl.patch
-	silence-stringop-overread-error.patch
 	"
 builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v}
 
@@ -167,7 +161,7 @@ root() {
 	make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
 }
 sha512sums="
-2fa1274cf52d3a81308685dd2522e3787b97bf74135a2333a2271882b498ac600e3f862d6f07dec387864407951423913114a1c7c10ef0d51bb96c23c5dc2cf7  qubes-vm-core-v4.3.4.tar.gz
+c7db62f9d35984080c1665847c90d2ffba01c44ce3df2e1d76379a972beb5ed921a7c1e2de541933b9623979087d079c6da6ba2272cd7a2ee94c39a94d4af27a  qubes-vm-core-v4.1.48.tar.gz
 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155  qubes-core-early.openrc
 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07  qubes-core-netvm.openrc
 da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca  qubes-core.openrc
@@ -178,6 +172,4 @@ e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e375201
 29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c  qubes-updates-proxy.openrc
 517d59e4699c24f23ccd59f5d4be3a519a426eee99d742c637fe1a9e69caa073621f4e9362c30182ba5a1a3eb0a769070c96e2c6b24cd8366a1f8f450a0b1c01  apk-proxy.sh
 cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d  qvm-sync-clock.sh
-eb59321c800e65ce873085a1105b1b697d2a8ecaefcdaa8280a81d0082c0022653ecd746c7ec37e2c544265892afb77531effa17b0fa6c45a6a86925b513bdea  setupip-do-not-use-systemctl.patch
-6b96edf070706da596e7abcb9fe6419fbf17eecb46cbd65aeceea83d078458efaedfadec33021253c2bd1b356a85fa721316fa18d5a535491004046ba2c812d3  silence-stringop-overread-error.patch
 "

qubes-vm-core/setupip-do-not-use-systemctl.patch

@@ -1,20 +0,0 @@
-diff --git a/network/setup-ip.orig b/network/setup-ip
-index 9126f90..c1f401c 100755
---- a/network/setup-ip.orig
-+++ b/network/setup-ip
-@@ -244,15 +244,6 @@ if [ "$ACTION" == "add" ]; then
- 
-         primary_dns=$(/usr/bin/qubesdb-read /qubes-primary-dns 2>/dev/null) || primary_dns=
-         secondary_dns=$(/usr/bin/qubesdb-read /qubes-secondary-dns 2>/dev/null) || secondary_dns=
--        /lib/systemd/systemd-sysctl \
--            "--prefix=/net/ipv4/conf/all" \
--            "--prefix=/net/ipv4/neigh/all" \
--            "--prefix=/net/ipv6/conf/all" \
--            "--prefix=/net/ipv6/neigh/all" \
--            "--prefix=/net/ipv4/conf/$INTERFACE" \
--            "--prefix=/net/ipv4/neigh/$INTERFACE" \
--            "--prefix=/net/ipv6/conf/$INTERFACE" \
--            "--prefix=/net/ipv6/neigh/$INTERFACE"
- 
-         if [ -n "$ip4" ]; then
-             # If NetworkManager is enabled, let it configure the network

qubes-vm-core/silence-stringop-overread-error.patch

@@ -1,13 +0,0 @@
-diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
-index 63bd924..e5973e6 100644
---- a/qubes-rpc/Makefile.orig
-+++ b/qubes-rpc/Makefile
-@@ -11,7 +11,7 @@ ifneq ($(DEBUG),0)
- DEBUG_FLAGS := -g
- endif
- CPPFLAGS := -I.
--CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie $(CFLAGS)
-+CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie -Wno-stringop-overread $(CFLAGS)
- LDFLAGS := $(DEBUG_FLAGS) -pie $(LDFLAGS)
- LDLIBS := -lqubes-rpc-filecopy
- 

qubes-vm-gui-dev/APKBUILD

@@ -1,7 +1,7 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-vm-gui-dev
-pkgver=4.2.4
+pkgver=4.1.1
 _gittag="v$pkgver"
 pkgrel=4
 pkgdesc="Common files for Qubes GUI - protocol headers."
@@ -18,5 +18,5 @@ package() {
 	cp include/*.h $pkgdir/usr/include/
 }
 sha512sums="
-be9d71abc991d6d2dabaf17f647a5cf2a73b947f15fc36117e309d493f4f6a7e151d9ab6f6df8bd99ac33ea873413a47f72aeb98bf6b7b4ed2a217c8fbd0bd51  qubes-vm-gui-dev-v4.2.4.tar.gz
+2d962822413b1e4da6ef9303bce9b25e179829080a4ab96aeb7b274682c32b4620201d1de9c177346ab8d80913ae5e5384792b301d350850408fa790cb77d641  qubes-vm-gui-dev-v4.1.1.tar.gz
 "

qubes-vm-gui/0001-initd-fix.patch

@@ -1,13 +1,22 @@
-diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
-index 76e0227..268cb00 100755
---- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig
+From 7f7914fc2d0957012f1c4b130b0e442d43110c7d Mon Sep 17 00:00:00 2001
+From: "build@apk-groulx" <build@apk-groulx.praxis>
+Date: Sat, 5 Mar 2022 00:59:30 +0000
+Subject: [PATCH 1/1] initd fix
+
+---
+ appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
+index dc0a578..4c9623a 100755
+--- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
 +++ b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
-@@ -25,7 +25,7 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
+@@ -23,4 +23,4 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
      gui_opts="$gui_opts -vv"
  fi
  
 -echo "GUI_OPTS=$gui_opts" >> /var/run/qubes-service-environment
 +echo "GUI_OPTS=\"$gui_opts\"" >> /var/run/qubes-service-environment
- 
- # 2**30
- echo 1073741824 > /sys/module/xen_gntalloc/parameters/limit
+-- 
+2.34.1
+

qubes-vm-gui/APKBUILD

@@ -1,12 +1,9 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-vm-gui
-subpackages="
-	qubes-vm-pulseaudio
-	qubes-vm-pipewire
-	$pkgname-openrc"
-pkgver=4.2.16
-pkgrel=0
+subpackages="qubes-vm-pulseaudio $pkgname-openrc"
+pkgver=4.1.33
+pkgrel=2
 _gittag="v$pkgver"
 pkgdesc="The Qubes GUI Agent for AppVMs"
 arch="x86_64"
@@ -28,12 +25,10 @@ makedepends="
 	libxcomposite-dev
 	libxt
 	linux-pam-dev
-	lsb-release-minimal
 	make
 	patch
 	pixman
 	pkgconf
-	pipewire-dev
 	pulseaudio-dev
 	qubes-db-vm
 	qubes-db-vm-dev
@@ -51,7 +46,6 @@ source="
 	qubes-gui-agent.openrc
 	qubes-sessions.sh
 	qubes-gui-agent.pam
-	qubes-sessions_do-not-use-systemd.patch
 	"
 builddir="$srcdir"/qubes-gui-agent-linux-${_gittag/v}
 _qubes_backend_vmm=xen
@@ -102,25 +96,11 @@ pulseaudio() {
 	cd "$builddir"
 	make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
 }
-
-pipewire() {
-	pkgdesc="PipeWire support for Qubes VM."
-	depends="pipewire"
-
-	cd "$builddir"
-	make install-pipewire \
-		"DESTDIR=$subpkgdir" \
-		LIBDIR=/usr/lib \
-		USRLIBDIR=/usr/lib \
-		SYSLIBDIR=/usr/lib
-}
-
 sha512sums="
-38e63b09f62b07785c199d71959d8c7387b75509b9b234cae1325f700509f8f2afcc1acaf8766c22768acb4508cbb8fed80da04c974eeafd9f1099e5a37893f2  qubes-vm-gui-v4.2.16.tar.gz
+1ace8f7510db02c7df3eebdf633e4c0dae0e29f43e51ef7605f5ae96c838b32c0a3776c7157108181b310ae17d777e78c6a793e3100a8b28688649494e4a0bc9  qubes-vm-gui-v4.1.33.tar.gz
 f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d  0001-musl-build.patch
-01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6  0001-initd-fix.patch
+262b93b4ea172926dc18b7af372168ff3f645a02db1529cb73af3d5aa6252a75500bfbd95344a835bbf646e753018d0e27885e41a03f06247226a485edb5e028  0001-initd-fix.patch
 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194  qubes-gui-agent.openrc
 bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0  qubes-sessions.sh
 b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7  qubes-gui-agent.pam
-5d44bed65772e0300cfdb5960327ccff923159f1c0c6b980a3b37758a7330f5d8befa3c053990f6e5e7d2e71bf0eca047040439446a8b91bb1c2672e9e1497a0  qubes-sessions_do-not-use-systemd.patch
 "

qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch

@@ -1,21 +0,0 @@
-diff --git a/appvm-scripts/usrbin/qubes-session.orig b/appvm-scripts/usrbin/qubes-session
-index cacac4b..e5bedc2 100755
---- a/appvm-scripts/usrbin/qubes-session.orig
-+++ b/appvm-scripts/usrbin/qubes-session
-@@ -27,16 +27,6 @@
- 
- loginctl activate "$XDG_SESSION_ID"
- 
--# Now import the environment from the systemd user session.
--# This is necessary to enable users to configure their
--# Qubes environment using the standard environment.d
--# facility.  Documentation for the facility is at:
--# https://www.freedesktop.org/software/systemd/man/environment.d.html
--set -a # export all variables
--env=$(systemctl --user show-environment) && eval "$env" || exit
--set +a
--
--
- if qsvc guivm-gui-agent; then
-     if [ -e "$HOME/.xinitrc" ]; then
-         . "$HOME/.xinitrc"

qubes-vm-qrexec/APKBUILD

@@ -1,10 +1,10 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-vm-qrexec
-subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc"
-pkgver=4.2.21
+subpackages="$pkgname-openrc $pkgname-doc"
+pkgver=4.1.24
 _gittag="v$pkgver"
-pkgrel=0
+pkgrel=2
 pkgdesc="The Qubes qrexec files (qube side)"
 arch="x86_64"
 url="https://github.com/QubesOS/qubes-core-qrexec"
@@ -32,7 +32,7 @@ prepare() {
 	default_prepare
 	# remove all -Werror
 	msg "Eradicating -Werror..."
-	find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror*. //g' {} +
+	find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror//g' {} +
 }
 
 build() {
@@ -52,8 +52,8 @@ package() {
 	install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent
 }
 sha512sums="
-756d349e9322da6fd96e737c3f4430b503abba90ac0a6ca6b9b92cbce656f4e714c4e39aff7b9cfc302629ff15011e5ca7d8e273840b314b78d1f5823ff00c6c  qubes-vm-qrexec-v4.2.21.tar.gz
+c263c2ebc878de41c9f8bd495855955096c5c69c2e48006170a3117793a64cfd1c65eee9c8b85dfca15b45f9e49db2cf8acf7bea51433708fffa49dcde8083a0  qubes-vm-qrexec-v4.1.24.tar.gz
 e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f  qubes-qrexec-agent.openrc
-3cbe66c8251d0cbe078d78ac9a2aef2d6c095c4f514ff0aab69dd724dee7488cf84dff4af2210d8a2298a052db49e85b0e38ac45456a8aa9bd1e4a7de0311b69  makefile-remove-cc-cflags.patch
+e48a06778a880915827fb2ef3e38379eb2bc6cf63f7fed79472be4732f7110b0c642c7a62a43236f53404ce69afddd40a5bc92a984403aae74caae1580c31200  makefile-remove-cc-cflags.patch
 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13  agent-qrexec-fork-server-undef-fortify-source.patch
 "

qubes-vm-qrexec/makefile-remove-cc-cflags.patch

@@ -2,13 +2,6 @@ diff --git a/Makefile.orig b/Makefile
 index ade10bf..7de05a4 100644
 --- a/Makefile.orig
 +++ b/Makefile
-@@ -1,6 +1,4 @@
- MAKEFLAGS=-r
--CC ?= gcc
--CFLAGS += -Werror=strict-prototypes -Werror=old-style-definition -Werror=missing-declarations -Werror=missing-prototypes
- PYTHON ?= python3
- export PYTHON CC MAKEFLAGS CFLAGS
- 
 @@ -26,7 +24,7 @@ all-base:
  	$(PYTHON) setup.py build
  .PHONY: all-base

qubes-vm-utils/APKBUILD

@@ -4,10 +4,9 @@ pkgname=qubes-vm-utils
 subpackages="
 	qubes-vm-kernel-support:support:noarch
 	$pkgname-openrc
-	$pkgname-pyc
 	"
-pkgver=4.3.3
-pkgrel=2
+pkgver=4.1.20
+pkgrel=1
 _gittag="v$pkgver"
 pkgdesc="Common Linux files for Qubes VM."
 arch="x86_64"
@@ -23,7 +22,6 @@ makedepends="
 	make
 	pkgconfig
 	py3-setuptools
-	icu-dev
 	qubes-libvchan-xen-dev
 	xen-dev
 	"
@@ -59,6 +57,6 @@ support() {
 	install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh
 }
 sha512sums="
-95da1f511bb30bca2f895111d91f901a8d17077ea5bf6a363891557e24f3a7bc40b2450eae476932b2450749ff8a94dd78c7590bef428c7ba2d647ebbcf5a86b  qubes-vm-utils-v4.3.3.tar.gz
+fda4dde19b4a413da269442cd214682518dc0f83c69b02a1383dc448a974b59ac9bd85a49c3125938acbf03708df6f364c24f0bc7c8f8d98ef7b318486aa9c02  qubes-vm-utils-v4.1.20.tar.gz
 aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3  qubes-meminfo-writer.openrc
 "