README: update

.forgejo/bin/check_ver.sh

@@ -1,35 +0,0 @@
-#!/bin/bash
-
-# expects the following env variables:
-# downstream: downstream repo
-
-repo=${downstream/*\/}
-
-curl --silent $downstream/x86_64/APKINDEX.tar.gz | tar -O -zx APKINDEX > APKINDEX
-
-owned_by_you=$(awk -v RS= -v ORS="\n\n" '/m:Antoine Martin \(ayakael\) <dev@ayakael.net>/' APKINDEX | awk -F ':' '{if($1=="o"){print $2}}' | sort | uniq)
-
-echo "Found $(printf '%s\n' $owned_by_you | wc -l ) packages owned by you"
-
-rm -f out_of_date not_in_anitya
-
-for pkg in $owned_by_you; do
-	if [ $CHECK_LATEST -eq 1 ]; then
-		upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].version')
-	else
-		upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_version')
-	fi
-	downstream_version=$(sed -n "/^P:$pkg$/,/^$/p" APKINDEX | awk -F ':' '{if($1=="V"){print $2}}' | sort -V | tail -n 1)
-	downstream_version=${downstream_version/-*}
-
-	if [ -z "$upstream_version" ]; then
-		echo "$pkg not in anitya"
-		echo "$pkg" >> not_in_anitya
-	elif [ "$downstream_version" != "$(printf '%s\n' $upstream_version $downstream_version | sort -V | head -n 1)" ]; then
-		echo "$pkg higher downstream"
-		continue
-	elif [ "$upstream_version" != "$downstream_version" ]; then
-		echo "$pkg upstream version $upstream_version does not match downstream version $downstream_version"
-		echo "$pkg $downstream_version $upstream_version $repo" >> out_of_date
-	fi
-done

.forgejo/bin/create_issue.sh

@@ -1,165 +0,0 @@
-#!/bin/bash
-
-# expects:
-# env variable FORGEJO_TOKEN
-# file out_of_date
-
-IFS='
-'
-repo=${downstream/*\/}
-
-does_it_exist() {
-	name=$1
-	downstream_version=$2
-	upstream_version=$3
-	repo=$4
-
-	query="$repo/$name: upgrade to $upstream_version"
-	query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )"
-
-	result="$(curl --silent -X 'GET' \
-		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
-		-H 'accept: application/json' \
-		-H "authorization: Basic $FORGEJO_TOKEN"
-	)"
-
-	if [ "$result" == "[]" ]; then
-		return 1
-	fi
-}
-
-is_it_old() {
-	name=$1
-	downstream_version=$2
-	upstream_version=$3
-	repo=$4
-
-	query="$repo/$name: upgrade to"
-	query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )"
-
-	result="$(curl --silent -X 'GET' \
-		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
-		-H 'accept: application/json' \
-		-H "authorization: Basic $FORGEJO_TOKEN"
-	)"
-
-	result_title="$(echo $result | jq -r '.[].title' )"
-	result_id="$(echo $result | jq -r '.[].number' )"
-	result_upstream_version="$(echo $result_title | awk '{print $4}')"
-
-	if [ "$upstream_version" != "$result_upstream_version" ]; then
-		echo $result_id
-	else
-		echo 0
-	fi
-}
-
-update_title() {
-	name=$1
-	downstream_version=$2
-	upstream_version=$3
-	repo=$4
-	id=$5
-
-	result=$(curl --silent -X 'PATCH' \
-		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$id" \
-		-H 'accept: application/json' \
-		-H "authorization: Basic $FORGEJO_TOKEN" \
-		-H 'Content-Type: application/json' \
-		-d "{
-			\"title\": \"$repo/$name: upgrade to $upstream_version\"
-		}"
-	)
-	
-	return 0
-}
-
-create_issue() {
-	name=$1
-	downstream_version=$2
-	upstream_version=$3
-	repo=$4
-
-	result=$(curl --silent -X 'POST' \
-		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \
-		-H 'accept: application/json' \
-		-H "authorization: Basic $FORGEJO_TOKEN" \
-		-H 'Content-Type: application/json' \
-		-d "{
-			\"title\": \"$repo/$name: upgrade to $upstream_version\",
-			\"labels\": [
-				$LABEL_NUMBER
-			]
-		}")
-
-	return 0
-}
-
-if [ -f out_of_date ]; then
-	out_of_date="$(cat out_of_date)"
-
-	echo "Detected $(wc -l out_of_date) out-of-date packages, creating issues"
-
-	for pkg in $out_of_date; do
-		name="$(echo $pkg | awk '{print $1}')"
-		downstream_version="$(echo $pkg | awk '{print $2}')"
-		upstream_version="$(echo $pkg | awk '{print $3}')"
-		repo="$(echo $pkg | awk '{print $4}')"
-
-		if does_it_exist $name $downstream_version $upstream_version $repo; then
-			echo "Issue for $repo/$name already exists"
-			continue
-		fi
-
-		id=$(is_it_old $name $downstream_version $upstream_version $repo)
-	
-		if [  "$id" != "0" ] && [ -n "$id" ]; then
-			echo "Issue for $repo/$name needs updating"
-			update_title $name $downstream_version $upstream_version $repo $id
-			continue
-		fi
-
-		echo "Creating issue for $repo/$name"
-		create_issue $name $downstream_version $upstream_version $repo
-	done
-fi
-
-if [ -f not_in_anitya ]; then
-	query="Add missing $repo packages to anitya"
-	query="$(echo $query | sed 's| |%20|g')"
-
-	result="$(curl --silent -X 'GET' \
-		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
-		-H 'accept: application/json' \
-		-H "authorization: Basic $FORGEJO_TOKEN"
-	)"
-
-	if [ "$result" == "[]" ]; then
-		echo "Creating anitya issue"
-		result=$(curl --silent -X 'POST' \
-			"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues" \
-			-H 'accept: application/json' \
-			-H "authorization: Basic $FORGEJO_TOKEN" \
-			-H 'Content-Type: application/json' \
-			-d "{
-				\"title\": \"Add missing $repo packages to anitya\",
-				\"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\",
-				\"labels\": [
-					$LABEL_NUMBER
-				]
-			}")
-
-	else
-		echo "Updating anitya issue"
-		result_id="$(echo $result | jq -r '.[].number' )"
-		result=$(curl --silent -X 'PATCH' \
-			"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues/$result_id" \
-			-H 'accept: application/json' \
-			-H "authorization: Basic $FORGEJO_TOKEN" \
-			-H 'Content-Type: application/json' \
-			-d "{
-				\"body\": \"- [ ] $(sed '{:q;N;s/\n/\\n- [ ] /g;t q}' not_in_anitya)\"
-			}"
-		)
-	fi
-fi

.forgejo/workflows/check-r4.2.yml

@@ -1,28 +0,0 @@
-on:
-  workflow_dispatch:
-
-  schedule:
-    - cron: '0 5 * * *'
-
-jobs:
-  check-r4.2:
-    name: Check user repo
-    runs-on: x86_64
-    container:
-      image: alpine:latest
-    env:
-      downstream: https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.2
-      FORGEJO_TOKEN: ${{ secrets.forgejo_token }}
-      LABEL_NUMBER: 9
-      CHECK_LATEST: 0
-    steps:
-      - name: Environment setup
-        run: apk add grep coreutils gawk curl wget bash nodejs git jq sed
-      - name: Get scripts
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-      - name: Check out-of-date packages
-        run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh
-      - name: Create issues
-        run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh

.forgejo/workflows/check-r4.3.yml

@@ -1,28 +0,0 @@
-on:
-  workflow_dispatch:
-
-  schedule:
-    - cron: '0 5 * * *'
-
-jobs:
-  check-r4.3:
-    name: Check user repo
-    runs-on: x86_64
-    container:
-      image: alpine:latest
-    env:
-      downstream: https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3
-      FORGEJO_TOKEN: ${{ secrets.forgejo_token }}
-      LABEL_NUMBER: 9
-      CHECK_LATEST: 1
-    steps:
-      - name: Environment setup
-        run: apk add grep coreutils gawk curl wget bash nodejs git jq sed
-      - name: Get scripts
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-      - name: Check out-of-date packages
-        run: ${{ github.workspace }}/.forgejo/bin/check_ver.sh
-      - name: Create issues
-        run: ${{ github.workspace }}/.forgejo/bin/create_issue.sh

README.md

@@ -8,10 +8,6 @@ Linux template. The upstream repo uses GitLab's CI to build and deploy packages
 targetting multiple Alpine Linux versions. QubesOS releases are tracked using
 branches.
 
-Note for `main` branch: This is currently tracking r4.3 packages, thus are
-experimental. Use this branch at your own risk. For latest r4.2 packages,
-navigate to that branch.
-
 #### Template builder
 The template builder is housed in its [own repo](https://ayakael.net/forge/qubes-builder-alpine)
 RPMs are built in-pipeline using the build artifacts produced by this repo. These RPMs facilitate
@@ -54,7 +50,7 @@ curl -JO https://ayakael.net/api/packages/forge/alpine/key
 Add repository to `/etc/apk/repositories`:
 
 ```shell
-echo "https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.3" > /etc/apk/repositories
+echo "https://ayakael.net/api/packages/forge/alpine/edge/qubes-r4.1" > /etc/apk/repositories
 ```
 
 

qubes-app-linux-druide-antidote/APKBUILD

@@ -1,25 +0,0 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
-# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
-pkgname=qubes-app-linux-druide-antidote
-pkgver=0.0.1_git20240201
-_gittag=c724c88aa2a20b1e422b464499015ff05753316d
-pkgrel=2
-arch="noarch"
-pkgdesc="Qubes Druide-Antidote is a Qubes Application. It send a file to the Antidote Qube, invoke Antidote, and retrieve the file"
-url=https://github.com/neowutran/qubes-app-linux-druide-antidote
-license="GPL-3.0-only"
-source="$pkgname-$_gittag.tar.gz::https://github.com/neowutran/qubes-app-linux-druide-antidote/archive/$_gittag.tar.gz"
-depends="bash"
-makedepends="pandoc"
-builddir="$srcdir"/$pkgname-$_gittag
-
-check() {
-	tests/all
-}
-
-package() {
-	make install-vm DESTDIR="$pkgdir/"
-}
-sha512sums="
-e3597804bdcea25b2938aa325dfe9495f5bcde47c8515c7680c19882120e065d0a9ef8d120545ff3c9966b84a329cf87c5b993380510311ec8b5d9f5a8b35833  qubes-app-linux-druide-antidote-c724c88aa2a20b1e422b464499015ff05753316d.tar.gz
-"

qubes-db-vm/0001-create_pidfile.patch

@@ -1,17 +1,17 @@
-diff --git a/daemon/db-daemon.c.orig b/daemon/db-daemon.c
-index bcf77df..c7b1a50 100644
---- a/daemon/db-daemon.c.orig
+From d20a9db122608e0992c9ab6f675920d4bb1ee88f Mon Sep 17 00:00:00 2001
+From: "build@apk-groulx" <build@apk-groulx.praxis>
+Date: Fri, 4 Mar 2022 22:50:19 +0000
+Subject: [PATCH 1/1] create_pidfile
+
+---
+ daemon/db-daemon.c | 11 +++--------
+ 1 file changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/daemon/db-daemon.c b/daemon/db-daemon.c
+index 9934d16..2b28995 100644
+--- a/daemon/db-daemon.c
 +++ b/daemon/db-daemon.c
-@@ -156,7 +156,7 @@ int mainloop(struct db_daemon_data *d) {
-             return 0;
-         }
-         d->multiread_requested = 1;
--        /* wait for complete response */
-+        /* wait for complete rsponse */
-         while (d->multiread_requested) {
-             AcquireSRWLockExclusive(&d->lock);
-             if (!handle_vchan_data(d)) {
-@@ -627,11 +627,8 @@ static int create_pidfile(struct db_daemon_data *d) {
+@@ -618,11 +618,8 @@ int create_pidfile(struct db_daemon_data *d) {
      mode_t old_umask;
      struct stat stat_buf;
  
@@ -24,7 +24,7 @@ index bcf77df..c7b1a50 100644
  
      old_umask = umask(0002);
      pidfile = fopen(pidfile_name, "w");
-@@ -652,10 +649,8 @@ static void remove_pidfile(struct db_daemon_data *d) {
+@@ -643,10 +640,8 @@ void remove_pidfile(struct db_daemon_data *d) {
      struct stat stat_buf;
  
      /* no pidfile for VM daemon - service is managed by systemd */
@@ -36,12 +36,15 @@ index bcf77df..c7b1a50 100644
  
      if (stat(pidfile_name, &stat_buf) == 0) {
          /* remove pidfile only if it's the one created this process */
-@@ -763,7 +758,7 @@ int fuzz_main(int argc, char **argv) {
+@@ -754,7 +749,7 @@ int fuzz_main(int argc, char **argv) {
                  exit(1);
              case 0:
                  close(ready_pipe[0]);
--                snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name ? d.remote_name : "dom0");
+-                snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubesdb.%s.log", d.remote_name);
 +                snprintf(log_path, sizeof(log_path), "/var/log/qubes/qubes-db.log");
  
                  close(0);
                  old_umask = umask(0);
+-- 
+2.34.1
+

qubes-db-vm/APKBUILD

@@ -2,8 +2,8 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-db-vm
 subpackages="$pkgname-openrc"
-pkgver=4.2.6
-pkgrel=1
+pkgver=4.1.17
+pkgrel=4
 _gittag="v$pkgver"
 pkgdesc="QubesDB libs and daemon service."
 arch="x86_64"
@@ -24,7 +24,7 @@ source="
 	qubes-db.openrc
 	"
 builddir="$srcdir"/qubes-core-qubesdb-$pkgver
-subpackages="$pkgname-dev $pkgname-openrc"
+subpackages="$pkgname-dev"
 
 build() {
 	# Build all with python bindings
@@ -39,12 +39,12 @@ build() {
 
 package() {
 	# Install all with python bindings
-	make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/usr/sbin
+	make install DESTDIR=$pkgdir LIBDIR=/usr/lib BINDIR=/usr/bin SBINDIR=/sbin
 	install -Dm 755 "$srcdir"/qubes-db.openrc "$pkgdir"/etc/init.d/qubes-db
 }
 sha512sums="
-182ae7edb7235a21c45334d8d7aa20a7a9f63056d411fe66fe20d67ea0de7cf63d2a79886016561f69c5f444704f3728ee7b1aa6343f5ce15667ba458c08c9c7  qubes-db-vm-v4.2.6.tar.gz
+dad1580afa7d152551b7292051b624090ce57c006174d7c0f5273f4d9cecadcb70d46547263dcf23131d5f5df921519c9d8ca739acd9f0e9be303b20e73083bb  qubes-db-vm-v4.1.17.tar.gz
 af86268c264c843b94f9cefb735b9d078dc58819c890fc0a31dd79fa2761d3c2fa87aed73752bca1db07948ba86ecfe16a745b19672ccc10dfb9461df24aa207  0001-musl-build.patch
-892eb29b9bab4d9e662678d13a5607df04cdb024c2f28332f40fa4b7c644476a4b26a9fc038dfcdac1e0b8d328165d21d50d894d2c1e27f792287dd57449e7eb  0001-create_pidfile.patch
-6f48b4bee6a3517bdbb884bd6f7e21916e8438c5e8b8d9d1b1cfffe970c4549d941056f9022998ed7f9edb799d9b123564f01e69cdca7da241d0fb6a8e9a1c5e  qubes-db.openrc
+ffe9ea8f65b4e164c3a0d1c8762d1e3b39de3799ae3e63f825457d52de49c6522820950e6262deaa9235ad97cd7c60bf1c9a077fff716c4ca9dbd688e9a73c91  0001-create_pidfile.patch
+3d87f82d3637cf10bf1a3058ebbd2590ab17f65d1b49058f62d892f126635497abd5045f6797bc8069e5de08bb6e08fc6146deb6422090ad02122764cc6d72f0  qubes-db.openrc
 "

qubes-db-vm/qubes-db.openrc

@@ -2,7 +2,7 @@
   
 name=$RC_SVCNAME
 cfgfile="/etc/qubes/$RC_SVCNAME.conf"
-command="/usr/sbin/qubesdb-daemon"
+command="/sbin/qubesdb-daemon"
 command_args="0"
 command_user="root"
 pidfile="/run/qubes/$RC_SVCNAME.pid"

qubes-gpg-split/APKBUILD

@@ -2,9 +2,9 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-gpg-split
 subpackages="$pkgname-doc"
-pkgver=2.0.75
+pkgver=2.0.70
 _gittag="v$pkgver"
-pkgrel=0
+pkgrel=1
 pkgdesc="Used Qubes AppVM as a “smart card”"
 arch="x86_64"
 url="https://github.com/QubesOS/qubes-app-linux-split-gpg"
@@ -29,7 +29,10 @@ build() {
 
 package() {
 	make install-vm DESTDIR="$pkgdir"
+
+	# Alpine packaging guidelines: /var/run is a symlink to a tmpfs. Don't create it.
+	rm -r "$pkgdir/var/run"
 }
 sha512sums="
-212b819c959d66c5b3e73d0c0765e348b97b278a3df45903fdeaab3de49f60c455044e664bd8a95393f5e800d75706fda4198a5ea36e9ab933250d606f8cabbd  qubes-gpg-split-v2.0.75.tar.gz
+a38ca61433c16168f44ef458f9fbc7eb37712f6edfb2bde7af7e08c6d98907e2038335ccda402b97a7940286af58be197a0bea3a20f5843b292766c7277a8350  qubes-gpg-split-v2.0.70.tar.gz
 "

qubes-input-proxy/APKBUILD

@@ -1,53 +0,0 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
-# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
-pkgname=qubes-input-proxy
-pkgver=1.0.38
-_gittag=v$pkgver
-pkgrel=0
-pkgdesc="The Qubes service for proxying input devices"
-arch="x86_64"
-url="https://github.com/QubesOS/qubes-app-linux-input-proxy"
-license='GPL'
-depends="
-	usbutils
-	qubes-vm-core
-	"
-makedepends="linux-headers"
-subpackages="$pkgname-openrc"
-source="
-	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-input-proxy/archive/refs/tags/$_gittag.tar.gz
-	qubes-input-trigger_use-openrc.patch
-	makefile_skip-systemd.patch
-	qubes-input-sender.openrc
-	"
-builddir="$srcdir"/qubes-app-linux-input-proxy-$pkgver
-
-build() {
-	make all \
-		LIBDIR=/usr/lib \
-		USRLIBDIR=/usr/lib \
-		SYSLIBDIR=/usr/lib
-}
-
-package() {
-	make install-vm \
-		DESTDIR="$pkgdir" \
-		LIBDIR=/usr/lib \
-		USRLIBDIR=/usr/lib \
-		SYSLIBDIR=/usr/lib
-
-	# replace all shebangs with /bin/sh as qubes expects bash
-	# shellcheck disable=SC2013
-	for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
-		sed -i 's|/bin/sh|/bin/bash|' "$i"
-	done
-
-	# move openrc to init.d
-	install -Dm755 "$srcdir"/qubes-input-sender.openrc "$pkgdir"/etc/init.d/qubes-input-sender
-}
-sha512sums="
-bf4b44ee58347d78682a9b2c9eac10679a7ff17dfd56019a83b009b1165fd3833bc484df3cf9b13068b6754343c017f38a8d2ac2c06e1a0ee53646066daf658a  qubes-input-proxy-v1.0.38.tar.gz
-53f898f4d611e0a9be18127cff90ebc3946dc7e270548a84407067b02cb918546e8425c1722a60efb73b93af05c79889eaa16a4c7d596c948fdb9291d218c803  qubes-input-trigger_use-openrc.patch
-21e7b95c94ec1a3f3499e79cf8b1931da2c3e33d8f1af2efe6b52b7e2678d4648bb0597b3a4a95cc10d0ca3cb83df93075b99cf1b615d8493a9e2fd21fb7f8f7  makefile_skip-systemd.patch
-2d5cb4369bc4d4c83403bb3e7cd7bc784769950a8fbf581996074fe53cc65c56fe4039e2689b6fa34e51ce22e552fc145115c12e71601809767962a3682dd299  qubes-input-sender.openrc
-"

qubes-input-proxy/makefile_skip-systemd.patch

@@ -1,18 +0,0 @@
-diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
-index 22ec526..bf7e0ea 100644
---- a/qubes-rpc/Makefile.orig
-+++ b/qubes-rpc/Makefile
-@@ -12,13 +12,6 @@ install-dom0:
- 		$(DESTDIR)/etc/qubes-rpc/policy/qubes.InputTablet
- 
- install-vm:
--	install -d $(DESTDIR)$(USRLIBDIR)/systemd/system
--	install -m 0644 \
--		qubes-input-sender-keyboard@.service \
--		qubes-input-sender-keyboard-mouse@.service \
--		qubes-input-sender-mouse@.service \
--		qubes-input-sender-tablet@.service \
--		$(DESTDIR)$(USRLIBDIR)/systemd/system
- 	install -d $(DESTDIR)$(LIBDIR)/udev/rules.d
- 	install -m 0644 qubes-input-proxy.rules \
- 		$(DESTDIR)$(LIBDIR)/udev/rules.d/90-qubes-input-proxy.rules

qubes-input-proxy/qubes-input-sender.openrc

@@ -1,28 +0,0 @@
-#!/sbin/openrc-run
-  
-name=$RC_SVCNAME
-cfgfile="/etc/qubes/$RC_SVCNAME.conf"
-input="${RC_SVCNAME/*.}"
-svcname="${RC_SVCNAME/.*}."
-type="${RC_SVCNAME%.*}"
-type="${type/$svcname/}"
-type="$(echo $type | sed 's/.*/\u&/')"
-command="/usr/bin/qubes-input-sender"
-command_args="qubes.Input$type /dev/input/$input dom0"
-command_user="root"
-pidfile="/run/qubes/$RC_SVCNAME.pid"
-start_stop_daemon_args=""
-command_background="true"
-output_log="/var/log/qubes/$RC_SVCNAME.log"
-error_log="/var/log/qubes/$RC_SVCNAME.err"
-
-start_pre() {
-        checkpath --directory --owner $command_user:qubes --mode 0775 \
-                /run/qubes \
-		/var/log/qubes \
-		/var/run/qubes
-}
-
-stop_post() {
-	pkill -f "input-proxy-sender /dev/input/$input" || true
-}

qubes-input-proxy/qubes-input-trigger_use-openrc.patch

@@ -1,92 +0,0 @@
-diff --git a/qubes-rpc/qubes-input-trigger.orig b/qubes-rpc/qubes-input-trigger
-index 5fa0e5a..0dd3773 100755
---- a/qubes-rpc/qubes-input-trigger.orig
-+++ b/qubes-rpc/qubes-input-trigger
-@@ -42,48 +42,68 @@ def get_service_name(udevreturn, input_dev):
-             ('ID_INPUT_TOUCHPAD' in udevreturn) or
-             ('QEMU_USB_Tablet' in udevreturn)
-     ) and 'ID_INPUT_KEY' not in udevreturn:
--        service = 'qubes-input-sender-tablet'
-+        service = 'qubes-input-sender.tablet'
-     # PiKVM "mouse" is special, as it sends absolute events
-     elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_USB_VENDOR=PiKVM' in udevreturn:
--        service = 'qubes-input-sender-tablet'
-+        service = 'qubes-input-sender.tablet'
-     elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' not in udevreturn:
--        service = 'qubes-input-sender-mouse'
-+        service = 'qubes-input-sender.mouse'
-     elif 'ID_INPUT_KEY' in udevreturn and 'ID_INPUT_MOUSE' not in udevreturn:
--        service = 'qubes-input-sender-keyboard'
-+        service = 'qubes-input-sender.keyboard'
-     elif 'ID_INPUT_MOUSE' in udevreturn and 'ID_INPUT_KEY' in udevreturn:
--        service = 'qubes-input-sender-keyboard-mouse'
-+        service = 'qubes-input-sender.keyboardmouse'
- 
-     if service:
--        service = '{}@{}.service'.format(service, input_dev)
-+        service = '{}.{}'.format(service, input_dev)
- 
-     return service
- 
- 
- def handle_service(service, action):
--    retcode = subprocess.call(
--        ["/bin/systemctl", "is-active", "--quiet", "service", service])
-+    serviceFile = os.path.join("/etc/init.d", service)
-+
-+    sudo = []
-+    if os.getuid() != 0:
-+        sudo = ["sudo"]
-+
-     if action == "add":
--        systemctl_action = "start"
-+        # create service link is not created
-+        serviceFile = os.path.join("/etc/init.d", service)
-+        if not os.path.exists(serviceFile):
-+            subprocess.call(
-+                ["/bin/ln", "-s", "/etc/init.d/qubes-input-sender", serviceFile])
-+
-         # Ignore if service is already started
-+        retcode = subprocess.call(
-+            ["/sbin/rc-service","--quiet", service, "status"])
-         if retcode == 0:
-             return
-+
-+        subprocess.call(
-+            sudo + ["/sbin/service", service, "start"])
-+
-     elif action == "remove":
--        systemctl_action = "stop"
-+        # Ignore if service does not exist
-+        if not os.path.exists(serviceFile):
-+            return
-+
-         # Ignore if service is not active
--        if retcode != 0:
-+        retcode = subprocess.call(
-+            ["/sbin/rc-service", "--quiet", service, "status"])
-+        if retcode == 3:
-             return
-+
-+        subprocess.call(
-+            sudo + ["/sbin/service", service, "stop"])
-+
-+        # remove ln once stopped
-+        if os.path.exists(serviceFile):
-+            subprocess.call(
-+                sudo + ["/bin/rm", serviceFile])
-     else:
-         print("Unknown action: %s" % action)
-         sys.exit(1)
- 
--    sudo = []
--    if os.getuid() != 0:
--        sudo = ["sudo"]
--
--    subprocess.call(
--        sudo + ["/bin/systemctl", "--no-block", systemctl_action, service])
--
--
- def handle_event(input_dev, action, dom0):
-     udevreturn = None
-     if 'event' in input_dev:  # if filename contains 'event'

qubes-libvchan-xen/39_support-changed-libxenctrl-api-xen418.patch

@@ -0,0 +1,61 @@
+From 8c4c3807119f27957e6c7f87d505d66d0ea4c3d0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
+ <marmarek@invisiblethingslab.com>
+Date: Sat, 18 Nov 2023 18:27:28 +0100
+Subject: [PATCH] Support changed libxenctrl API in Xen 4.18.0
+
+The xc_domain_getinfo() is gone, it's replaced with
+xc_domain_getinfo_single. While the new API is a bit nicer, xenctrl.h
+does not provide any #define to know which one is available. Check
+library version in the makefile for that.
+---
+ vchan/Makefile.linux |  4 ++++
+ vchan/io.c           | 10 ++++++++++
+ 2 files changed, 14 insertions(+)
+
+diff --git a/vchan/Makefile.linux b/vchan/Makefile.linux
+index 281f2b5..587cb34 100644
+--- a/vchan/Makefile.linux
++++ b/vchan/Makefile.linux
+@@ -27,6 +27,11 @@ CFLAGS += -g -Wall -Wextra -Werror -fPIC -O2 -D_GNU_SOURCE -D_FORTIFY_SOURCE=2 -
+ all: libvchan-xen.so vchan-xen.pc
+ -include *.dep
+ 
++# xenctrl.h does not provide any #define to distinguish API versions
++XENCTRL_VERSION := $(shell pkg-config --modversion xencontrol)
++CFLAGS += $(shell if printf '%s\n' '4.18.0' '$(XENCTRL_VERSION)' | \
++                  sort -CV; then echo -DHAVE_XC_DOMAIN_GETINFO_SINGLE; fi)
++
+ libvchan-xen.so : init.o io.o
+ 	$(CC) $(LDFLAGS) -shared -o libvchan-xen.so $^ -lxenvchan -lxenctrl
+ clean:
+diff --git a/vchan/io.c b/vchan/io.c
+index 3d0ed35..0c23223 100644
+--- a/vchan/io.c
++++ b/vchan/io.c
+@@ -33,14 +33,24 @@
+ /* check if domain is still alive */
+ int libvchan__check_domain_alive(xc_interface *xc_handle, int dom) {
+     struct evtchn_status evst;
++#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE
++    xc_domaininfo_t dominfo;
++#else
+     xc_dominfo_t dominfo;
++#endif
+     int ret;
+ 
+     /* first try using domctl, more reliable but available in a privileged
+      * domain only */
++#ifdef HAVE_XC_DOMAIN_GETINFO_SINGLE
++    ret = xc_domain_getinfo_single(xc_handle, dom, &dominfo);
++    if (ret == 0)
++        return !(dominfo.flags & XEN_DOMINF_dying);
++#else
+     ret = xc_domain_getinfo(xc_handle, dom, 1, &dominfo);
+     if (ret == 1)
+         return dominfo.domid == (uint32_t)dom && !dominfo.dying;
++#endif
+     else if (ret == -1 && errno == ESRCH)
+         return 0;
+     /* otherwise fallback to xc_evtchn_status method */
+

qubes-libvchan-xen/APKBUILD

@@ -1,8 +1,8 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-libvchan-xen
-pkgver=4.2.4
-pkgrel=1
+pkgver=4.1.13
+pkgrel=5
 _gittag=v$pkgver
 pkgdesc="The Qubes core libraries for installation inside a Qubes Dom0 and VM."
 arch="x86_64"
@@ -13,7 +13,10 @@ makedepends="xen-dev coreutils"
 builddir="$srcdir"/qubes-core-vchan-xen-$pkgver
 subpackages="$pkgname-dev"
 
-source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz"
+source="
+	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-vchan-xen/archive/refs/tags/$_gittag.tar.gz
+	39_support-changed-libxenctrl-api-xen418.patch
+	"
 
 build() {
 	cd "$builddir"/vchan
@@ -25,5 +28,6 @@ package() {
 }
 
 sha512sums="
-05b0d8964da1ba321aa7a7651f969692c470b8f9910f7324f10a54b0c6e43ae3270a26a6a49a0e26d5c50b14370b64fbfb340fe28b8f191a0a67c07aba0426c3  qubes-libvchan-xen-v4.2.4.tar.gz
+cefb6b89f75936d791910d2169170536221d3123a1b33a14bea1fc5c08950ce934666719bf08eb3cc86ac055f85e6834f71e21c31189fa7299af09296c3cd99f  qubes-libvchan-xen-v4.1.13.tar.gz
+fedcba617d3843e41f257ff16b0a3108af844184252d4e702df8eccba21a4ef17d62c96acdb87bb4964e783b7f2f026305777be3379e7e7b51f4535a4704b52a  39_support-changed-libxenctrl-api-xen418.patch
 "

qubes-meta-packages/APKBUILD

@@ -5,9 +5,9 @@ subpackages="
 	qubes-vm-dependencies
 	qubes-vm-recommended
 	"
-pkgver=4.3.0
+pkgver=4.1.24
 _gittag="v$pkgver"
-pkgrel=0
+pkgrel=3
 pkgdesc="Meta packages for Qubes-specific components"
 arch="noarch"
 url="https://github.com/QubesOS/qubes-meta-packages"
@@ -38,5 +38,5 @@ recommended() {
 	mkdir -p "$subpkgdir"
 }
 sha512sums="
-7567bc7edd6a17315bb5a968ff512a7758ef9697d11ed5200f8ffefe7069b0ebbbb790bffdc7a8717b9707c24309bb6d83cfc6306eb1d48724480af36ba95594  qubes-meta-packages-v4.3.0
+5dfbdbc5a7fa3ae352d5c9de6822869065ebb1601880348ebb69fc1f91092bd3be333d5d8409575649d76412acce326f643ed5f95e07c2ac9b3f82a0dcc84293  qubes-meta-packages-v4.1.24
 "

qubes-pass/APKBUILD

@@ -3,7 +3,7 @@
 pkgname=qubes-pass
 pkgver=0.1.0
 _gittag="v$pkgver"
-pkgrel=4
+pkgrel=3
 pkgdesc="An inter-VM password manager for Qubes OS"
 arch="noarch"
 url="https://github.com/Rudd-O/qubes-pass"
@@ -14,21 +14,11 @@ makedepends="
 	pkgconf
 	"
 options="!check"
-subpackages="$pkgname-service"
-source="
-	$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz
-	service-passquery.sh
-	"
+source="$pkgname-$_gittag.tar.gz::https://github.com/Rudd-O/qubes-pass/archive/$_gittag.tar.gz"
 
 package() {
 	make install-client DESTDIR="$pkgdir"
 }
-
-service() {
-	make -C "$builddir" install-service DESTDIR="$subpkgdir"
-	install -Dm755 "$srcdir"/service-passquery.sh "$subpkgdir"/etc/qubes-rpc/ruddo.PassQuery
-}
 sha512sums="
 b304bf8e6b8d04e7df4b52a02984ab03b6f3221c9178f1d91c99cab61e8b5ded45500b51de6d89aa76f4e73c0a3670ce6d07649c0ac159d048c3f0ac736c4d63  qubes-pass-v0.1.0.tar.gz
-77807ba7bd8e1627785358ef2f9e165712ef41ef76f11e7a7b989b1057f462abc433df96265c6c7d669f81e39d89de0f7ea3dcbb207c5a7a22738b843fd7e160  service-passquery.sh
 "

qubes-pass/service-passquery.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-
-set -e
-
-read -n 4096 cmd
-cmd=$(echo "$cmd" | base64 -d)
-
-if [ "$cmd" == "list-files" ] ; then
-  
-  logger -t ruddo.PassQuery "requested password file list"
-  exec pass git ls-files | sed -e '/.gitattributes/d' -e '/.gpg-id/d' 
-
-fi

qubes-usb-proxy/APKBUILD

@@ -1,9 +1,9 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-usb-proxy
-pkgver=1.3.2
+pkgver=1.2.1
 _gittag="v$pkgver"
-pkgrel=0
+pkgrel=1
 pkgdesc="The Qubes service for proxying USB devices"
 arch="noarch"
 url="https://github.com/QubesOS/qubes-app-linux-usb-proxy"
@@ -18,10 +18,7 @@ makedepends="
 	make
 	pkgconf
 	"
-source="
-	$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz
-	usb-import-alpine-udevadm.patch
-	"
+source="$pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-app-linux-usb-proxy/archive/refs/tags/$_gittag.tar.gz"
 builddir="$srcdir"/qubes-app-linux-usb-proxy-${_gittag/v}
 
 package() {
@@ -29,14 +26,10 @@ package() {
 
 	# replace all shebangs with /bin/sh as qubes expects bash
 	# shellcheck disable=SC2013
-	for i in $(grep '/bin/sh' -Rl "$pkgdir"); do
+	for i in $(grep '/bin/sh' -Rl .); do
 		sed -i 's|/bin/sh|/bin/bash|' "$i"
 	done
-
-	mkdir -p "$pkgdir"/etc/modules-load.d
-	echo "vhci-hcd" > "$pkgdir"/etc/modules-load.d/qubes-usb-proxy.conf
 }
 sha512sums="
-36d34af695b3d765c24e4bd9abe2ec0fad82adaf8618db642dd44b2d7b5fda9faf1d92eaba7815fd1c276551278cd8f40b1c1be066fee2cc06a738ef92b40ae0  qubes-usb-proxy-v1.3.2.tar.gz
-c6519982f7eef8586ee823dc96efa7b1b90f489114edcc348bc5221837090d19a2a3533eac83e3269ba68c2cf24447c018e0ac850ed1423a1280ebae364223fa  usb-import-alpine-udevadm.patch
+e034ce9ec163fdcd4ad2ceb0cb1f5158ae670484b589a34ef610731a379f0f76f280cabb195c2e97228bbeb61cfb9296ccc89ad533a050f0d464a50724724cbb  qubes-usb-proxy-v1.2.1.tar.gz
 "

qubes-usb-proxy/usb-import-alpine-udevadm.patch

@@ -1,27 +0,0 @@
-diff --git a/src/usb-import.orig b/src/usb-import
-index 7b17799..e718795 100755
---- a/src/usb-import.orig
-+++ b/src/usb-import
-@@ -95,7 +95,7 @@ wait_for_attached() {
-             ERROR "Attach timeout, check kernel log for details."
-         fi
-     done
--    [ -f "/usr/bin/udevadm" ] && udevadm settle
-+    [ -f "/bin/udevadm" ] && udevadm settle
- }
- 
- wait_for_detached() {
-diff --git a/src/usb-export.orig b/src/usb-export
-index ad2ab2b..37cff16 100755
---- a/src/usb-export.orig
-+++ b/src/usb-export
-@@ -110,8 +110,7 @@ if [ -n "$attach_to_usbip" ]; then
-     echo "$busid" > "$SYS_USBIP_HOST/bind" || exit 1
- 
-     # optionally reset the device to clear any state from previous driver
--    reset_on_attach=$(udevadm info --query=property \
--        --value --property=QUBES_USB_RESET --path="$devpath")
-+    reset_on_attach=$(udevadm info --query=property --path="$devpath" |  awk -F "=" '{if($1=="QUBES_USB_RESET"){print $2}}' )
-     if [ -f /run/qubes-service/usb-reset-on-attach ]; then
-         reset_on_attach=1
-     fi

qubes-vm-core/APKBUILD

@@ -6,10 +6,9 @@ subpackages="
 	qubes-vm-passwordless-root:root:noarch
 	$pkgname-openrc
 	$pkgname-doc
-	$pkgname-pyc
 	"
-pkgver=4.3.11
-pkgrel=0
+pkgver=4.1.48
+pkgrel=1
 _gittag="v$pkgver"
 pkgdesc="The Qubes core files for installation inside a Qubes VM."
 arch="x86_64"
@@ -19,7 +18,6 @@ options="!check" # No testsuite
 depends="
 	blkid
 	coreutils
-	dbus-x11
 	dconf
 	desktop-file-utils
 	device-mapper
@@ -28,7 +26,6 @@ depends="
 	e2fsprogs-extra
 	ethtool
 	fakeroot
-	findutils
 	gawk
 	grep
 	haveged
@@ -44,7 +41,6 @@ depends="
 	qubes-db-vm
 	qubes-libvchan-xen
 	qubes-vm-utils
-	rsvg-convert
 	sed
 	socat
 	xdg-utils
@@ -77,8 +73,6 @@ source="
 	qubes-updates-proxy.openrc
 	apk-proxy.sh
 	qvm-sync-clock.sh
-	setupip-do-not-use-systemctl.patch
-	silence-stringop-overread-error.patch
 	"
 builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v}
 
@@ -107,9 +101,9 @@ build() {
 # * core systemd services and drop-ins
 # * basic network functionality (setting IP address, DNS, default gateway)
 package() {
-	make DESTDIR="$pkgdir" SYSTEM_DROPIN_DIR=/usr/lib/systemd SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install-corevm
-	make -C app-menu DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install
-	make -C misc DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib install
+	make install-corevm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
+	make -C app-menu install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib
+	make -C misc install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/lib
 	make -C qubes-rpc DESTDIR="$pkgdir" install
 	make -C qubes-rpc/kde DESTDIR="$pkgdir" install
 	make -C qubes-rpc/nautilus DESTDIR="$pkgdir" install
@@ -156,28 +150,26 @@ networking() {
 		tinyproxy
 		"
 	cd "$builddir"
-	install -dm 755 "$subpkgdir"/usr/bin "$subpkgdir"/usr/lib/systemd/system
+	install -dm 755 "$subpkgdir"/usr/bin
 	mv "$pkgdir"/usr/bin/qubes-firewall "$subpkgdir"/usr/bin/.
-	make install-netvm DESTDIR="$subpkgdir" SYSTEM_DROPIN_DIR=/usr/lib/systemd SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
+	make install-netvm DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
 }
 
 root() {
 	cd "$builddir"
 	pkgdesc="Qubes OS Passwordless root access from normal user"
-	make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
+	make -C passwordless-root install DESTDIR="$subpkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
 }
 sha512sums="
-b35253b0118eea35d20f38bed57d28ef1e094885ab6e5c17bb89bb54c1b356deb3f1147289f9edc9e0ec0dfec20dcfeb5728910dc678975a11c79de6fad76de4  qubes-vm-core-v4.3.11.tar.gz
+c7db62f9d35984080c1665847c90d2ffba01c44ce3df2e1d76379a972beb5ed921a7c1e2de541933b9623979087d079c6da6ba2272cd7a2ee94c39a94d4af27a  qubes-vm-core-v4.1.48.tar.gz
 95c080a593ca1cd457ffafc0cdd6ee28999c72f67191a3955b6081a4a7d287cae4cd0c626139562e5e1eb55516c25402a174e3599daf7d4cb259d6b4bbdff155  qubes-core-early.openrc
 61529413a16b7fa0df691c24adc41b90477c01ea70d572921ecec89df23932e5a2e60c4e73b9a84181dc30424e2e6af4ad1c7dcf6c42689c3cc346a9923d6e07  qubes-core-netvm.openrc
 da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac52c2c3a0b0cfd39df73eb33394dedd7c043fe0f2344b90ca  qubes-core.openrc
-164159a80d00c160e74a0ebf4695c047ca7720821e4a9c395405cd96f680b6765e9c4cf426aea94fcb26e08274ec2b42adf45ecc12d26cf683ab3bd0c01afed9  qubes-firewall.openrc
+8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0  qubes-firewall.openrc
 437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f  qubes-iptables.openrc
 e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30  qubes-sysinit.openrc
 99ec0afc167866727072606aa183f0c7a539e68e0d8b9a57f6b9c129d3722c9135e1487eef438807d7138af0e669fb14608cbc1f1d5620ee9e995f294a8929f8  qubes-updates-proxy-forwarder.openrc
 29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c  qubes-updates-proxy.openrc
 517d59e4699c24f23ccd59f5d4be3a519a426eee99d742c637fe1a9e69caa073621f4e9362c30182ba5a1a3eb0a769070c96e2c6b24cd8366a1f8f450a0b1c01  apk-proxy.sh
 cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d  qvm-sync-clock.sh
-eb59321c800e65ce873085a1105b1b697d2a8ecaefcdaa8280a81d0082c0022653ecd746c7ec37e2c544265892afb77531effa17b0fa6c45a6a86925b513bdea  setupip-do-not-use-systemctl.patch
-6b96edf070706da596e7abcb9fe6419fbf17eecb46cbd65aeceea83d078458efaedfadec33021253c2bd1b356a85fa721316fa18d5a535491004046ba2c812d3  silence-stringop-overread-error.patch
 "

qubes-vm-core/qubes-firewall.openrc

@@ -16,7 +16,7 @@ depend() {
 }
 
 start_pre() {
-        /usr/sbin/ethtool -K "$(get_qubes_managed_iface)" sg off
+        /sbin/ethtool -K "$(get_qubes_managed_iface)" sg off
         checkpath --directory --owner $command_user:qubes --mode 0775 \
                 /run/$RC_SVCNAME /var/log/qubes
 }

qubes-vm-core/setupip-do-not-use-systemctl.patch

@@ -1,20 +0,0 @@
-diff --git a/network/setup-ip.orig b/network/setup-ip
-index 9126f90..c1f401c 100755
---- a/network/setup-ip.orig
-+++ b/network/setup-ip
-@@ -244,15 +244,6 @@ if [ "$ACTION" == "add" ]; then
- 
-         primary_dns=$(/usr/bin/qubesdb-read /qubes-primary-dns 2>/dev/null) || primary_dns=
-         secondary_dns=$(/usr/bin/qubesdb-read /qubes-secondary-dns 2>/dev/null) || secondary_dns=
--        /lib/systemd/systemd-sysctl \
--            "--prefix=/net/ipv4/conf/all" \
--            "--prefix=/net/ipv4/neigh/all" \
--            "--prefix=/net/ipv6/conf/all" \
--            "--prefix=/net/ipv6/neigh/all" \
--            "--prefix=/net/ipv4/conf/$INTERFACE" \
--            "--prefix=/net/ipv4/neigh/$INTERFACE" \
--            "--prefix=/net/ipv6/conf/$INTERFACE" \
--            "--prefix=/net/ipv6/neigh/$INTERFACE"
- 
-         if [ -n "$ip4" ]; then
-             # If NetworkManager is enabled, let it configure the network

qubes-vm-core/silence-stringop-overread-error.patch

@@ -1,13 +0,0 @@
-diff --git a/qubes-rpc/Makefile.orig b/qubes-rpc/Makefile
-index 63bd924..e5973e6 100644
---- a/qubes-rpc/Makefile.orig
-+++ b/qubes-rpc/Makefile
-@@ -11,7 +11,7 @@ ifneq ($(DEBUG),0)
- DEBUG_FLAGS := -g
- endif
- CPPFLAGS := -I.
--CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie $(CFLAGS)
-+CFLAGS := $(DEBUG_FLAGS) -O2 -Wall -Wextra -Werror -fPIC -pie -Wno-stringop-overread $(CFLAGS)
- LDFLAGS := $(DEBUG_FLAGS) -pie $(LDFLAGS)
- LDLIBS := -lqubes-rpc-filecopy
- 

qubes-vm-gui-dev/APKBUILD

@@ -1,9 +1,9 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-vm-gui-dev
-pkgver=4.3.0
+pkgver=4.1.1
 _gittag="v$pkgver"
-pkgrel=0
+pkgrel=4
 pkgdesc="Common files for Qubes GUI - protocol headers."
 arch="noarch"
 url="https://github.com/QubesOS/qubes-gui-common"
@@ -18,5 +18,5 @@ package() {
 	cp include/*.h $pkgdir/usr/include/
 }
 sha512sums="
-c1046fda6395c6c7907fa3d9c963089169e860d4e0f79c2cf7bafe8a673c93ac0aec3ca312f97510541127510dc7d2ad585949599ed1fffbb0758ff1098ea518  qubes-vm-gui-dev-v4.3.0.tar.gz
+2d962822413b1e4da6ef9303bce9b25e179829080a4ab96aeb7b274682c32b4620201d1de9c177346ab8d80913ae5e5384792b301d350850408fa790cb77d641  qubes-vm-gui-dev-v4.1.1.tar.gz
 "

qubes-vm-gui/0001-initd-fix.patch

@@ -1,13 +1,22 @@
-diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
-index 76e0227..268cb00 100755
---- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh.orig
+From 7f7914fc2d0957012f1c4b130b0e442d43110c7d Mon Sep 17 00:00:00 2001
+From: "build@apk-groulx" <build@apk-groulx.praxis>
+Date: Sat, 5 Mar 2022 00:59:30 +0000
+Subject: [PATCH 1/1] initd fix
+
+---
+ appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
+index dc0a578..4c9623a 100755
+--- a/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
 +++ b/appvm-scripts/usr/lib/qubes/qubes-gui-agent-pre.sh
-@@ -25,7 +25,7 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
+@@ -23,4 +23,4 @@ if [ -n "$debug_mode" ] && [ "$debug_mode" -gt 0 ]; then
      gui_opts="$gui_opts -vv"
  fi
  
 -echo "GUI_OPTS=$gui_opts" >> /var/run/qubes-service-environment
 +echo "GUI_OPTS=\"$gui_opts\"" >> /var/run/qubes-service-environment
- 
- # 2**30
- echo 1073741824 > /sys/module/xen_gntalloc/parameters/limit
+-- 
+2.34.1
+

qubes-vm-gui/APKBUILD

@@ -1,12 +1,9 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-vm-gui
-subpackages="
-	qubes-vm-pulseaudio
-	qubes-vm-pipewire
-	$pkgname-openrc"
-pkgver=4.3.0
-pkgrel=0
+subpackages="qubes-vm-pulseaudio $pkgname-openrc"
+pkgver=4.1.33
+pkgrel=2
 _gittag="v$pkgver"
 pkgdesc="The Qubes GUI Agent for AppVMs"
 arch="x86_64"
@@ -28,12 +25,10 @@ makedepends="
 	libxcomposite-dev
 	libxt
 	linux-pam-dev
-	lsb-release-minimal
 	make
 	patch
 	pixman
 	pkgconf
-	pipewire-dev
 	pulseaudio-dev
 	qubes-db-vm
 	qubes-db-vm-dev
@@ -51,7 +46,6 @@ source="
 	qubes-gui-agent.openrc
 	qubes-sessions.sh
 	qubes-gui-agent.pam
-	qubes-sessions_do-not-use-systemd.patch
 	"
 builddir="$srcdir"/qubes-gui-agent-linux-${_gittag/v}
 _qubes_backend_vmm=xen
@@ -79,7 +73,7 @@ build() {
 }
 
 package() {
-	make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/usr/lib
+	make install-rh-agent DESTDIR="$pkgdir" LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
 	install -Dm 755 "$srcdir"/qubes-gui-agent.openrc "$pkgdir"/etc/init.d/qubes-gui-agent
 
 	# Starts qubes-session after X11 start
@@ -100,27 +94,13 @@ pulseaudio() {
 	local pa_ver=$(pkg-config --modversion libpulse 2>/dev/null | cut -f 1 -d "-")
 
 	cd "$builddir"
-	make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/usr/lib
+	make install-pulseaudio DESTDIR=$subpkgdir PA_VER=$pa_ver LIBDIR=/usr/lib USRLIBDIR=/usr/lib SYSLIBDIR=/lib
 }
-
-pipewire() {
-	pkgdesc="PipeWire support for Qubes VM."
-	depends="pipewire"
-
-	cd "$builddir"
-	make install-pipewire \
-		"DESTDIR=$subpkgdir" \
-		LIBDIR=/usr/lib \
-		USRLIBDIR=/usr/lib \
-		SYSLIBDIR=/usr/lib
-}
-
 sha512sums="
-725df11ee64ae100b149b2f70253ab4cf0b73b05b5faa503df755925fa8b568f891ea8cd653999618d238a445103014e08ab741bf0ddbed7446f5df62e6076cd  qubes-vm-gui-v4.3.0.tar.gz
+1ace8f7510db02c7df3eebdf633e4c0dae0e29f43e51ef7605f5ae96c838b32c0a3776c7157108181b310ae17d777e78c6a793e3100a8b28688649494e4a0bc9  qubes-vm-gui-v4.1.33.tar.gz
 f0bbb936e14689d0cbced2f564b8911f9287c0217616f02f3bd0c3060e516d080ad538219f089f5841c2b9d18bb4ad8efb63516ddfd46c18b038218378996a7d  0001-musl-build.patch
-01beace4c130200dc8d42248349ea858d2bec746aca2bdfa5948b6e7240bb3b832bbb8b324293fba6fd6aafb0a3d7a2e3928c7fd39d318ef4d5a18cfeb48cde6  0001-initd-fix.patch
+262b93b4ea172926dc18b7af372168ff3f645a02db1529cb73af3d5aa6252a75500bfbd95344a835bbf646e753018d0e27885e41a03f06247226a485edb5e028  0001-initd-fix.patch
 68d01e594296e18d54d8eaa17863451c3ac121e4fcacf98b64db14166bdcf38aa66f1c3659c5014c0a9cc25b5368df66f8c642b8e7af59da8d2a5ad97da9a194  qubes-gui-agent.openrc
 bd707f7956f58c2bb24ccb9adad1381c069e70820fcb1b01b09dc88570d9df00e0dc92a9ac3b242f828314568d5487257566a6fc61e75e62e010b7e4871f9ea0  qubes-sessions.sh
 b512d691f2a6b11fc329bf91dd05ca9c589bbd444308b27d3c87c75262dedf6afc68a9739229249a4bd3d0c43cb1f871eecbb93c4fe559e0f38bdabbffd06ad7  qubes-gui-agent.pam
-5d44bed65772e0300cfdb5960327ccff923159f1c0c6b980a3b37758a7330f5d8befa3c053990f6e5e7d2e71bf0eca047040439446a8b91bb1c2672e9e1497a0  qubes-sessions_do-not-use-systemd.patch
 "

qubes-vm-gui/qubes-sessions_do-not-use-systemd.patch

@@ -1,21 +0,0 @@
-diff --git a/appvm-scripts/usrbin/qubes-session.orig b/appvm-scripts/usrbin/qubes-session
-index cacac4b..e5bedc2 100755
---- a/appvm-scripts/usrbin/qubes-session.orig
-+++ b/appvm-scripts/usrbin/qubes-session
-@@ -27,16 +27,6 @@
- 
- loginctl activate "$XDG_SESSION_ID"
- 
--# Now import the environment from the systemd user session.
--# This is necessary to enable users to configure their
--# Qubes environment using the standard environment.d
--# facility.  Documentation for the facility is at:
--# https://www.freedesktop.org/software/systemd/man/environment.d.html
--set -a # export all variables
--env=$(systemctl --user show-environment) && eval "$env" || exit
--set +a
--
--
- if qsvc guivm-gui-agent; then
-     if [ -e "$HOME/.xinitrc" ]; then
-         . "$HOME/.xinitrc"

qubes-vm-qrexec/APKBUILD

@@ -1,10 +1,10 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=qubes-vm-qrexec
-subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc"
-pkgver=4.3.0
+subpackages="$pkgname-openrc $pkgname-doc"
+pkgver=4.1.24
 _gittag="v$pkgver"
-pkgrel=1
+pkgrel=2
 pkgdesc="The Qubes qrexec files (qube side)"
 arch="x86_64"
 url="https://github.com/QubesOS/qubes-core-qrexec"
@@ -32,7 +32,7 @@ prepare() {
 	default_prepare
 	# remove all -Werror
 	msg "Eradicating -Werror..."
-	find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror*. //g' {} +
+	find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror//g' {} +
 }
 
 build() {
@@ -47,13 +47,13 @@ build() {
 }
 
 package() {
-	make install-base DESTDIR="$pkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
-	make install-vm DESTDIR="$pkgdir" SBINDIR=/usr/sbin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
+	make install-base DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
+	make install-vm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib
 	install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent
 }
 sha512sums="
-e872f64702fd2e990d1d71836207c8ccfec98ae45b3af9537036248ba43c435f1bf77c369f8c7e613f74f17cca49a3a0b6c27db2c5cf6ead6f9a8337bda17e79  qubes-vm-qrexec-v4.3.0.tar.gz
+c263c2ebc878de41c9f8bd495855955096c5c69c2e48006170a3117793a64cfd1c65eee9c8b85dfca15b45f9e49db2cf8acf7bea51433708fffa49dcde8083a0  qubes-vm-qrexec-v4.1.24.tar.gz
 e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f  qubes-qrexec-agent.openrc
-c3009ddb97656be7d0a78910217c852f0f9b20cd37b4537d99724e629bc87f1c675ada084eba3c641c4ae54dab8aacd87514d73de72f42d6ccc976e6255212bc  makefile-remove-cc-cflags.patch
+e48a06778a880915827fb2ef3e38379eb2bc6cf63f7fed79472be4732f7110b0c642c7a62a43236f53404ce69afddd40a5bc92a984403aae74caae1580c31200  makefile-remove-cc-cflags.patch
 69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13  agent-qrexec-fork-server-undef-fortify-source.patch
 "

qubes-vm-qrexec/makefile-remove-cc-cflags.patch

@@ -2,14 +2,6 @@ diff --git a/Makefile.orig b/Makefile
 index ade10bf..7de05a4 100644
 --- a/Makefile.orig
 +++ b/Makefile
-@@ -1,6 +1,5 @@
- MAKEFLAGS=-r
--CC ?= gcc
--CFLAGS += -Werror=strict-prototypes -Werror=old-style-definition -Werror=missing-declarations -Werror=missing-prototypes
-+CFLAGS += -Wno-incompatible-pointer-types -Wno-int-conversion -Wno-implicit-function-declaration
- PYTHON ?= python3
- export PYTHON CC MAKEFLAGS CFLAGS
- 
 @@ -26,7 +24,7 @@ all-base:
  	$(PYTHON) setup.py build
  .PHONY: all-base

qubes-vm-utils/APKBUILD

@@ -4,10 +4,9 @@ pkgname=qubes-vm-utils
 subpackages="
 	qubes-vm-kernel-support:support:noarch
 	$pkgname-openrc
-	$pkgname-pyc
 	"
-pkgver=4.3.5
-pkgrel=0
+pkgver=4.1.20
+pkgrel=1
 _gittag="v$pkgver"
 pkgdesc="Common Linux files for Qubes VM."
 arch="x86_64"
@@ -23,7 +22,6 @@ makedepends="
 	make
 	pkgconfig
 	py3-setuptools
-	icu-dev
 	qubes-libvchan-xen-dev
 	xen-dev
 	"
@@ -40,7 +38,7 @@ build() {
 }
 
 package() {
-	make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SBINDIR=/usr/sbin
+	make install DESTDIR="$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/lib SBINDIR=/sbin
 	install -Dm 755 "$srcdir"/qubes-meminfo-writer.openrc "$pkgdir"/etc/init.d/qubes-meminfo-writer
 }
 
@@ -59,6 +57,6 @@ support() {
 	install -m 755 "$builddir"/dracut/full-dmroot/qubes_cow_setup.sh "$subpkgdir"/usr/lib/qubes/qubes_cow_setup.sh
 }
 sha512sums="
-98cbcee3d459635257703cbc44b710b301d644f5d9a5af3348f523707d7acc7ffd8d74bde2917b916e5b3ae2e9332ece695c71521b4041c209451a86643e26f3  qubes-vm-utils-v4.3.5.tar.gz
-c29bac0c6b9a0c81ee42e88541d9216549276448a02c3005ea20d85c7eda483cee28bbc159098bd42badc7ed80058734311931ee4ef13e170e49f83cf3f5a9ae  qubes-meminfo-writer.openrc
+fda4dde19b4a413da269442cd214682518dc0f83c69b02a1383dc448a974b59ac9bd85a49c3125938acbf03708df6f364c24f0bc7c8f8d98ef7b318486aa9c02  qubes-vm-utils-v4.1.20.tar.gz
+aebc606faa95948be77766f164fc40e4be66e4398e7f56ad52ba9de4c8f7de4ec0c4b48b23a3a6dd083d6f19ae1a591f3ae0caf2c696fd061cd8fea4bdf7d4f3  qubes-meminfo-writer.openrc
 "

qubes-vm-utils/qubes-meminfo-writer.openrc

@@ -3,7 +3,7 @@
 name=$RC_SVCNAME
 cfgfile="/etc/qubes/$RC_SVCNAME.conf"
 pidfile="/var/run/meminfo-writer.pid"
-command="/usr/sbin/meminfo-writer"
+command="/sbin/meminfo-writer"
 command_args="30000 100000 $pidfile"
 command_user="root"
 start_stop_daemon_args=""