From d9bacc252c1f9fe22b0c20102355725fa42f69ff Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 27 Aug 2023 12:55:19 -0400 Subject: [PATCH 01/26] README: update --- README.md | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 3b4146e..810a5fb 100644 --- a/README.md +++ b/README.md @@ -11,15 +11,8 @@ and packaged in an RPM that is installable by QubesOS. Alpine Linux as a QubesOS template is still a work and progress. It is highly encouraged to make bug reports. -#### The yet-to-be-implemented list -Thus the following use cases are still not supported / tested: - * QubesOS r4.2 - * Service VMs (sys-net, sys-usb, sys-firewall) - * Firewall (not tested) - * `qubes-builder` hooks (thus no `dom0` template RPM yet, see [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine) for progress) - * `apk` proxying from within template (thus you must allow internet access to template to install packages) - * `qubes-vm-kernel-support` Not adapted for use on Alpine yet, due to it providing a Dracut module. In most cases, it is not necessary as Qubes provides the kernel. - This package is only neccessary when VM uses its own kernel, thus a hook is added to Dracut to generate the initrd for use within qubes. +### Known issues +Known issues are tracked on the upstream GitLab instance. #### Issues, recommendations and proposals **To report an issue or share a recommendation** From 7a5d71d1c0c41a2f951a3e8684aff057c22d4f19 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Dec 2023 19:15:12 -0500 Subject: [PATCH 02/26] Use Alpine v3.19 --- .gitlab-ci.yml | 8 ++++---- builder.conf | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3776a47..f544914 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -33,10 +33,10 @@ variables: tags: - qubes-template -verify-alpine318: +verify-alpine319: extends: .verify variables: - CI_ALPINE_TARGET_RELEASE: alpine318 + CI_ALPINE_TARGET_RELEASE: alpine319 .build: stage: build @@ -75,10 +75,10 @@ verify-alpine318: tags: - qubes-template -build-alpine318: +build-alpine319: extends: .build variables: - CI_ALPINE_TARGET_RELEASE: alpine318 + CI_ALPINE_TARGET_RELEASE: alpine319 release: stage: release diff --git a/builder.conf b/builder.conf index e6f821c..0d5a3a0 100644 --- a/builder.conf +++ b/builder.conf @@ -23,7 +23,7 @@ GIT_PREFIX := QubesOS/qubes- # DISTS_VM - Choose the templates to build. Multiple templates can be defined # to build. Uncomment tempalte dist to build. -DISTS_VM := alpine318 +DISTS_VM := alpine319 COMPONENTS += builder-alpine BUILDER_PLUGINS += builder-alpine From a03babbaec0a986c6801576d0dbf3a567309f69c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Dec 2023 19:30:25 -0500 Subject: [PATCH 03/26] Build for Alpine v3.19 --- .gitlab-ci.yml | 8 ++++---- builder.conf | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3776a47..f544914 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -33,10 +33,10 @@ variables: tags: - qubes-template -verify-alpine318: +verify-alpine319: extends: .verify variables: - CI_ALPINE_TARGET_RELEASE: alpine318 + CI_ALPINE_TARGET_RELEASE: alpine319 .build: stage: build @@ -75,10 +75,10 @@ verify-alpine318: tags: - qubes-template -build-alpine318: +build-alpine319: extends: .build variables: - CI_ALPINE_TARGET_RELEASE: alpine318 + CI_ALPINE_TARGET_RELEASE: alpine319 release: stage: release diff --git a/builder.conf b/builder.conf index e6f821c..0d5a3a0 100644 --- a/builder.conf +++ b/builder.conf @@ -23,7 +23,7 @@ GIT_PREFIX := QubesOS/qubes- # DISTS_VM - Choose the templates to build. Multiple templates can be defined # to build. Uncomment tempalte dist to build. -DISTS_VM := alpine318 +DISTS_VM := alpine319 COMPONENTS += builder-alpine BUILDER_PLUGINS += builder-alpine From 71d97c1e9853384c14f1c7d2de7ea0b486c162f5 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Dec 2023 20:16:14 -0500 Subject: [PATCH 04/26] scripts/04_install_qubes.sh: setup lo device --- scripts/04_install_qubes.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/scripts/04_install_qubes.sh b/scripts/04_install_qubes.sh index 1e69f66..bbeffbe 100755 --- a/scripts/04_install_qubes.sh +++ b/scripts/04_install_qubes.sh @@ -79,6 +79,13 @@ echo "hvc0::respawn:/sbin/getty -L hvc0 115200 vt220" >> "$INSTALLDIR"/etc/initt # create /lib/modules for qubes-kernel module mount "${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" mkdir /lib/modules +# lo device +cat > "${INSTALLDIR}/etc/network/interfaces" < Date: Thu, 7 Dec 2023 20:16:14 -0500 Subject: [PATCH 05/26] scripts/04_install_qubes.sh: setup lo device --- scripts/04_install_qubes.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/scripts/04_install_qubes.sh b/scripts/04_install_qubes.sh index 1e69f66..bbeffbe 100755 --- a/scripts/04_install_qubes.sh +++ b/scripts/04_install_qubes.sh @@ -79,6 +79,13 @@ echo "hvc0::respawn:/sbin/getty -L hvc0 115200 vt220" >> "$INSTALLDIR"/etc/initt # create /lib/modules for qubes-kernel module mount "${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" mkdir /lib/modules +# lo device +cat > "${INSTALLDIR}/etc/network/interfaces" < Date: Thu, 8 Feb 2024 10:57:52 -0500 Subject: [PATCH 06/26] scripts/04_install_qubes.sh: autostart qubes-updates-proxy-forwarder for apk proxy --- scripts/04_install_qubes.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/04_install_qubes.sh b/scripts/04_install_qubes.sh index bbeffbe..b7294a5 100755 --- a/scripts/04_install_qubes.sh +++ b/scripts/04_install_qubes.sh @@ -87,7 +87,7 @@ EOF # enable services -for i in udev udev-trigger xendriverdomain qubes-qrexec-agent qubes-db qubes-meminfo-writer qubes-sysinit qubes-core-early qubes-core qubes-gui-agent crond acpid; do +for i in udev udev-trigger xendriverdomain qubes-qrexec-agent qubes-db qubes-meminfo-writer qubes-sysinit qubes-core-early qubes-core qubes-gui-agent qubes-updates-proxy-forwarder crond acpid; do "${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" rc-update add $i default done for i in bootmisc hostname hwclock loadkmap modules networking seedrng swap sysctl syslog; do From 210cf9f56ba983e37c9d73f081bbfcba660bde38 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 8 Feb 2024 11:09:50 -0500 Subject: [PATCH 07/26] scripts/04_install_qubes.sh: use r4.2 by default --- scripts/04_install_qubes.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/04_install_qubes.sh b/scripts/04_install_qubes.sh index b7294a5..f0e6bac 100755 --- a/scripts/04_install_qubes.sh +++ b/scripts/04_install_qubes.sh @@ -19,7 +19,7 @@ APKTOOLS_CACHE_DIR="${CACHEDIR}/apk_cache" ALPINELINUX_VERSION=${DIST_VER:-latest-stable} QUBESALPINE_MIRROR="${QUBESALPINE_MIRROR:-https://lab.ilot.io/ayakael/repo-apk/-/raw}" QUBESALPINE_KEYFILE="${QUBESALPINE_KEYFILE:-antoine.martin@protonmail.com-5b3109ad.rsa.pub}" -QUBES_REL="${QUBES_REL:-r4.1}" +QUBES_REL="${QUBES_REL:-r4.2}" export APK_CACHE_DIR set -e From c5fe0efda921d773a6bead4991a71fd9ae1042fe Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 8 Feb 2024 10:57:52 -0500 Subject: [PATCH 08/26] scripts/04_install_qubes.sh: autostart qubes-updates-proxy-forwarder for apk proxy --- scripts/04_install_qubes.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/04_install_qubes.sh b/scripts/04_install_qubes.sh index bbeffbe..b7294a5 100755 --- a/scripts/04_install_qubes.sh +++ b/scripts/04_install_qubes.sh @@ -87,7 +87,7 @@ EOF # enable services -for i in udev udev-trigger xendriverdomain qubes-qrexec-agent qubes-db qubes-meminfo-writer qubes-sysinit qubes-core-early qubes-core qubes-gui-agent crond acpid; do +for i in udev udev-trigger xendriverdomain qubes-qrexec-agent qubes-db qubes-meminfo-writer qubes-sysinit qubes-core-early qubes-core qubes-gui-agent qubes-updates-proxy-forwarder crond acpid; do "${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" rc-update add $i default done for i in bootmisc hostname hwclock loadkmap modules networking seedrng swap sysctl syslog; do From 54287bc3cd4c03600376f976a8fe44d283a6a755 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 11 Jul 2024 08:56:42 -0400 Subject: [PATCH 09/26] Build for Alpine v3.20 --- .gitlab-ci.yml | 8 ++++---- builder.conf | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f544914..9f7b5fc 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -33,10 +33,10 @@ variables: tags: - qubes-template -verify-alpine319: +verify-alpine320: extends: .verify variables: - CI_ALPINE_TARGET_RELEASE: alpine319 + CI_ALPINE_TARGET_RELEASE: alpine320 .build: stage: build @@ -75,10 +75,10 @@ verify-alpine319: tags: - qubes-template -build-alpine319: +build-alpine320: extends: .build variables: - CI_ALPINE_TARGET_RELEASE: alpine319 + CI_ALPINE_TARGET_RELEASE: alpine320 release: stage: release diff --git a/builder.conf b/builder.conf index 0d5a3a0..ea173c5 100644 --- a/builder.conf +++ b/builder.conf @@ -23,7 +23,7 @@ GIT_PREFIX := QubesOS/qubes- # DISTS_VM - Choose the templates to build. Multiple templates can be defined # to build. Uncomment tempalte dist to build. -DISTS_VM := alpine319 +DISTS_VM := alpine320 COMPONENTS += builder-alpine BUILDER_PLUGINS += builder-alpine From e358235d30bc83070cc6ed2440c0af8a95e59175 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 21 Aug 2024 10:04:55 -0400 Subject: [PATCH 10/26] README: update for new upstream --- README.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 3b4146e..9aef87e 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # qubes-builder-alpine -Upstream: https://lab.ilot.io/ayakael/qubes-builder-alpine +Upstream: https://ayakael.net/forge/qubes-builder-alpine ## Description @@ -13,11 +13,8 @@ encouraged to make bug reports. #### The yet-to-be-implemented list Thus the following use cases are still not supported / tested: - * QubesOS r4.2 - * Service VMs (sys-net, sys-usb, sys-firewall) - * Firewall (not tested) - * `qubes-builder` hooks (thus no `dom0` template RPM yet, see [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine) for progress) - * `apk` proxying from within template (thus you must allow internet access to template to install packages) + * sys-net service VM + * sys-firewall service VM * `qubes-vm-kernel-support` Not adapted for use on Alpine yet, due to it providing a Dracut module. In most cases, it is not necessary as Qubes provides the kernel. This package is only neccessary when VM uses its own kernel, thus a hook is added to Dracut to generate the initrd for use within qubes. From 4b365531b59e427c0f660b05e395d913b6c5bba0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 21 Aug 2024 15:02:08 -0400 Subject: [PATCH 11/26] forgejo-ci: move to forgejo actions --- .../linux-template-builder_use-fuse.patch | 184 ++++++++++++++++++ .forgejo/workflows/test-build.yaml | 36 ++++ scripts/04_install_qubes.sh | 10 +- scripts/alpine-chroot | 2 +- 4 files changed, 227 insertions(+), 5 deletions(-) create mode 100644 .forgejo/patches/linux-template-builder_use-fuse.patch create mode 100644 .forgejo/workflows/test-build.yaml diff --git a/.forgejo/patches/linux-template-builder_use-fuse.patch b/.forgejo/patches/linux-template-builder_use-fuse.patch new file mode 100644 index 0000000..4fa02af --- /dev/null +++ b/.forgejo/patches/linux-template-builder_use-fuse.patch @@ -0,0 +1,184 @@ +diff --git a/cleanup_image b/cleanup_image +index 224c04a..911b238 100755 +--- a/cleanup_image ++++ b/cleanup_image +@@ -1,6 +1,7 @@ + #!/bin/sh + + export INSTALLDIR=$1 ++export TEMPLATE_USE_FUSE=1 + + . ./builder_setup + +@@ -20,5 +21,8 @@ fi + echo "--> Cleaning up image file..." + $SCRIPTSDIR/09_cleanup.sh + +-echo "--> Compacting image file..." +-/sbin/fstrim -v "$INSTALLDIR" ++# fstrim not supported in userspace ++if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then ++ echo "--> Compacting image file..." ++ /sbin/fstrim -v "$INSTALLDIR" ++fi +diff --git a/prepare_image b/prepare_image +index 6334879..de1a2af 100755 +--- a/prepare_image ++++ b/prepare_image +@@ -19,6 +19,8 @@ RETCODE=0 + . ./builder_setup >/dev/null + . ./umount_kill.sh >/dev/null + ++export TEMPLATE_USE_FUSE=1 ++ + if ! [ $# -eq 1 ]; then + echo "usage ${0} " + exit +@@ -55,11 +57,20 @@ echo "-> Preparing instalation of ${DIST} template..." + if [ -f "${IMG}" ]; then + echo "-> Image file already exists, assuming *update*..." + if [ "0$TEMPLATE_ROOT_WITH_PARTITIONS" -eq 1 ]; then +- IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG") +- IMG_DEV=${IMG_LOOP}p3 ++ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then ++ echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true" ++ exit ++ else ++ IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG") ++ IMG_DEV=${IMG_LOOP}p3 ++ fi + else +- IMG_LOOP=$(/sbin/losetup -f --show "$IMG") +- IMG_DEV=${IMG_LOOP} ++ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then ++ IMG_DEV=$IMG ++ else ++ IMG_LOOP=$(/sbin/losetup -f --show "$IMG") ++ IMG_DEV=${IMG_LOOP} ++ fi + fi + udevadm settle --exit-if-exists="$IMG_DEV" + else +@@ -78,11 +89,20 @@ size=2MiB, type=21686148-6449-6E6F-744E-656564454649, uuid=1e6c9db4-1e91-46c4-84 + type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=693244e6-3e07-47bf-ad79-acade4293fe7, name="Root filesystem" + EOF + +- IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG") +- IMG_DEV=${IMG_LOOP}p3 ++ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then ++ echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true" ++ exit ++ else ++ IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG") ++ IMG_DEV=${IMG_LOOP}p3 ++ fi + else +- IMG_LOOP=$(/sbin/losetup -f --show "$IMG") +- IMG_DEV=${IMG_LOOP} ++ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then ++ IMG_DEV=$IMG ++ else ++ IMG_LOOP=$(/sbin/losetup -f --show "$IMG") ++ IMG_DEV=${IMG_LOOP} ++ fi + fi + udevadm settle --exit-if-exists="$IMG_DEV" + +@@ -90,7 +110,9 @@ EOF + /sbin/mkfs.ext4 -q -F "${IMG_DEV}" || exit 1 + fi + +-mount "${IMG_DEV}" "${INSTALLDIR}" || exit 1 ++if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then ++ fuse2fs "${IMG_DEV}" "${INSTALLDIR}" || exit 1 ++fi + trap "umount_kill $(readlink -m ${INSTALLDIR})" EXIT + "${SCRIPTSDIR}/01_install_core.sh" + +@@ -107,6 +129,8 @@ trap - EXIT + + echo "-> Unmounting prepared_image..." + umount_kill "$(readlink -m ${INSTALLDIR})" || true +-/sbin/losetup -d ${IMG_LOOP} ++if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then ++ /sbin/losetup -d ${IMG_LOOP} ++fi + + exit ${RETCODE} +diff --git a/qubeize_image b/qubeize_image +index 19c37cb..9e5179d 100755 +--- a/qubeize_image ++++ b/qubeize_image +@@ -13,6 +13,8 @@ export CLEANIMG="$1" + export NAME="$2" + export LC_ALL=POSIX + ++export TEMPLATE_USE_FUSE=1 ++ + . ./builder_setup >/dev/null + . ./umount_kill.sh >/dev/null + +@@ -50,7 +52,9 @@ function cleanup() { + trap - ERR + trap + umount_kill "$PWD/mnt" || true +- /sbin/losetup -d ${IMG_LOOP} ++ if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then ++ /sbin/losetup -d ${IMG_LOOP} ++ fi + exit $errval + } + trap cleanup ERR +@@ -72,14 +76,27 @@ fi + echo "--> Mounting $IMG" + mkdir -p mnt + if [ "0$TEMPLATE_ROOT_WITH_PARTITIONS" -eq 1 ]; then +- IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG") +- IMG_DEV=${IMG_LOOP}p3 ++ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then ++ echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true" ++ exit ++ else ++ IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG") ++ IMG_DEV=${IMG_LOOP}p3 ++ fi + else +- IMG_LOOP=$(/sbin/losetup -f --show "$IMG") +- IMG_DEV=${IMG_LOOP} ++ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then ++ IMG_DEV=$IMG ++ else ++ IMG_LOOP=$(/sbin/losetup -f --show "$IMG") ++ IMG_DEV=${IMG_LOOP} ++ fi + fi + udevadm settle --exit-if-exists="$IMG_DEV" +-mount "$IMG_DEV" mnt || exit 1 ++if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then ++ fuse2fs "$IMG_DEV" mnt ++else ++ mount "$IMG_DEV" mnt || exit 1 ++fi + export INSTALLDIR=mnt + + # prepare for template.conf, so the qubeize script may generate it dynamically +@@ -159,7 +176,9 @@ ls -als $IMG + # ------------------------------------------------------------------------------ + echo "--> Unmounting $IMG" + umount_kill "$PWD/mnt" || true +-/sbin/losetup -d ${IMG_LOOP} ++if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then ++ /sbin/losetup -d ${IMG_LOOP} ++fi + + echo "Qubeized image stored at: $IMG" + +diff --git a/templates.spec b/templates.spec +index e1a82e9..210ef57 100644 +--- a/templates.spec ++++ b/templates.spec +@@ -193,3 +193,4 @@ rm -rf $RPM_BUILD_ROOT + %attr (664,root,qubes) %{dest_dir}/vm-whitelisted-appmenus.list + %attr (664,root,qubes) %{dest_dir}/netvm-whitelisted-appmenus.list + %attr (664,root,qubes) %{dest_dir}/template.conf ++%define _arch x86_64 diff --git a/.forgejo/workflows/test-build.yaml b/.forgejo/workflows/test-build.yaml new file mode 100644 index 0000000..b33aefb --- /dev/null +++ b/.forgejo/workflows/test-build.yaml @@ -0,0 +1,36 @@ +on: + pull_request: + types: [ assigned, opened, synchronize, reopened ] + +jobs: + build-test: + runs-on: x86_64 + container: + image: alpine:3.20 + steps: + - name: Environment setup + run: | + apk add rpm wget coreutils eudev e2fsprogs xen doas sudo curl nodejs git alpine-sdk fuse2fs patch findutils grep + cd /etc/apk/keys + curl -JO https://ayakael.net/api/packages/forge/alpine/key + - name: Repo pull + uses: actions/checkout@v4 + with: + fetch-depth: 500 + - name: RPM build + run: | + git clone https://github.com/QubesOS/qubes-builder + mkdir qubes-builder/qubes-src + ln -s $GITHUB_WORKSPACE qubes-builder/qubes-src/builder-alpine + cp builder.conf qubes-builder/. + git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder + patch -d qubes-builder/qubes-src/linux-template-builder -p1 -i $GITHUB_WORKSPACE/.forgejo/patches/linux-template-builder_use-fuse.patch + echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec + cd qubes-builder + make linux-template-builder + cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/. + - name: Package upload + uses: forgejo/upload-artifact@v3 + with: + name: package + path: qubes-template-*.rpm diff --git a/scripts/04_install_qubes.sh b/scripts/04_install_qubes.sh index f0e6bac..cf3438d 100755 --- a/scripts/04_install_qubes.sh +++ b/scripts/04_install_qubes.sh @@ -17,8 +17,8 @@ fi APKTOOLS_CACHE_DIR="${CACHEDIR}/apk_cache" ALPINELINUX_VERSION=${DIST_VER:-latest-stable} -QUBESALPINE_MIRROR="${QUBESALPINE_MIRROR:-https://lab.ilot.io/ayakael/repo-apk/-/raw}" -QUBESALPINE_KEYFILE="${QUBESALPINE_KEYFILE:-antoine.martin@protonmail.com-5b3109ad.rsa.pub}" +QUBESALPINE_MIRROR="${QUBESALPINE_MIRROR:-https://ayakael.net/api/packages/forge/alpine}" +QUBESALPINE_KEYFILE="${QUBESALPINE_KEYFILE:-https://ayakael.net/api/packages/forge/alpine/key}" QUBES_REL="${QUBES_REL:-r4.2}" export APK_CACHE_DIR @@ -28,8 +28,10 @@ if [ "$VERBOSE" -ge 2 ] || [ "$DEBUG" -gt 0 ]; then fi echo " --> Adding Qubes custom repository..." -su -c "echo '$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/qubes/$QUBES_REL' >> $INSTALLDIR/etc/apk/repositories" -wget "$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/$QUBESALPINE_KEYFILE" -P "$INSTALLDIR"/etc/apk/keys +su -c "echo '$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/qubes-$QUBES_REL' >> $INSTALLDIR/etc/apk/repositories" +pushd "$INSTALLDIR"/etc/apk/keys +curl -JO "$QUBESALPINE_KEYFILE" +popd echo " --> Synchronize resolv.conf..." cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf" diff --git a/scripts/alpine-chroot b/scripts/alpine-chroot index 0728f32..ca2cc2f 100755 --- a/scripts/alpine-chroot +++ b/scripts/alpine-chroot @@ -31,7 +31,7 @@ chroot_setup() { chroot_add_mount sys "$1/sys" -t sysfs -o nosuid,noexec,nodev,ro && # alpine-chroot will never have occasion to use efivars, so don't bother # mounting efivarfs here - chroot_add_mount udev "$1/dev" -t devtmpfs -o mode=0755,nosuid && + chroot_add_mount /dev "$1/dev" -o bind && chroot_add_mount devpts "$1/dev/pts" -t devpts -o mode=0620,gid=5,nosuid,noexec && chroot_add_mount shm "$1/dev/shm" -t tmpfs -o mode=1777,nosuid,nodev && chroot_add_mount run "$1/run" -t tmpfs -o nosuid,nodev,mode=0755 && From 7554d1246d994dee07f4f2e320343ff293b27584 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Wed, 21 Aug 2024 15:02:32 -0400 Subject: [PATCH 12/26] gitlab-ci: drop --- .gitlab-ci.yml | 107 ------------------------------------------------- 1 file changed, 107 deletions(-) delete mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 9f7b5fc..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,107 +0,0 @@ -stages: - - build - - release - -variables: - GIT_STRATEGY: clone - GIT_DEPTH: "500" - -.verify: - stage: build - rules: - - if: $CI_MERGE_REQUEST_ID - interruptible: true - script: - - | - sudo apk add rpm wget losetup coreutils eudev e2fsprogs xen - doas addgroup $USER abuild - export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin" - git clone https://github.com/QubesOS/qubes-builder - mkdir qubes-builder/qubes-src - ln -s $CI_PROJECT_DIR qubes-builder/qubes-src/builder-alpine - cp builder.conf qubes-builder/. - git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder - echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec - cd qubes-builder - make linux-template-builder - cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $CI_PROJECT_DIR/. - artifacts: - paths: - - qubes-template-*.rpm - expire_in: 7 days - when: always - tags: - - qubes-template - -verify-alpine320: - extends: .verify - variables: - CI_ALPINE_TARGET_RELEASE: alpine320 - -.build: - stage: build - rules: - - if: $CI_COMMIT_TAG - interruptible: true - script: - - | - sudo apk add rpm wget losetup coreutils eudev e2fsprogs xen - doas addgroup $USER abuild - export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin" - git clone https://github.com/QubesOS/qubes-builder - mkdir qubes-builder/qubes-src - ln -s $CI_PROJECT_DIR qubes-builder/qubes-src/builder-alpine - cp builder.conf qubes-builder/. - git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder - echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec - cd qubes-builder - make linux-template-builder - cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $CI_PROJECT_DIR/. - cd $CI_PROJECT_DIR - CI_ALPINE_RPM_NAME="$(find qubes-template*.rpm)" - echo "ALPINE_RPM_NAME=$CI_ALPINE_RPM_NAME" > job.env - echo "Generating sha512sum" - sha512sum $CI_ALPINE_RPM_NAME > $CI_ALPINE_RPM_NAME.sha512sum - after_script: - - echo "JOB_ID=$CI_JOB_ID" >> job.env - artifacts: - paths: - - qubes-template*.rpm - - qubes-template*.sha512sum - expire_in: never - when: always - reports: - dotenv: job.env - tags: - - qubes-template - -build-alpine320: - extends: .build - variables: - CI_ALPINE_TARGET_RELEASE: alpine320 - -release: - stage: release - allow_failure: false - tags: - - qubes-template - rules: - - if: $CI_COMMIT_TAG - when: on_success - script: - - echo "Create Release $GI_COMMIT_TAG" - - echo $JOB_ID - - echo $ALPINE_RPM_NAME - release: - name: 'Release $CI_COMMIT_TAG' - description: 'Release $CI_COMMIT_TAG' - tag_name: '$CI_COMMIT_TAG' - ref: '$CI_COMMIT_SHA' - assets: - links: - - name: "$ALPINE_RPM_NAME" - filepath: "/template/qubes-template-$CI_COMMIT_TAG.rpm" - url: "https://lab.ilot.io/ayakael/qubes-builder-alpine/-/jobs/$JOB_ID/artifacts/raw/$ALPINE_RPM_NAME" - - name: "$ALPINE_RPM_NAME.sha512sum" - filepath: "/template/qubes-template-$CI_COMMIT_TAG.rpm.sha512sum" - url: "https://lab.ilot.io/ayakael/qubes-builder-alpine/-/jobs/$JOB_ID/artifacts/raw/$ALPINE_RPM_NAME.sha512sum" From ac8b32880b6f85d847dbcecedaacd6bfcdf6fb23 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 22 Aug 2024 13:30:43 -0400 Subject: [PATCH 13/26] README: update with install / build instructions --- README.md | 148 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 144 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9aef87e..13bc7fe 100644 --- a/README.md +++ b/README.md @@ -18,14 +18,154 @@ Thus the following use cases are still not supported / tested: * `qubes-vm-kernel-support` Not adapted for use on Alpine yet, due to it providing a Dracut module. In most cases, it is not necessary as Qubes provides the kernel. This package is only neccessary when VM uses its own kernel, thus a hook is added to Dracut to generate the initrd for use within qubes. -#### Issues, recommendations and proposals +## How to install + +First, we need to transfer to dom0 the template key. + +**Within VM, download template key:** + +``` +curl -JO https://ayakael.net/api/packages/forge/rpm/repository.key +``` + +**On dom0, transfer and copy key to key store:** + +``` +qvm-run -p 'cat repository.key +sudo mv repository.key /etc/qubes/repo-templates/keys/RPM-GPG-KEY-ayakael-forge +``` + +For installation, you have two options. + +### Using qvm-template + +**1) Create repository definition** + +On dom0, create and edit `/etc/qubes/repo-templates/ayakael-forge-r42.repo` to match the following + +``` +[ayakael-forge-qubes-r42] +name=forge - Ayakael - qubes - r42 +baseurl=https://ayakael.net/api/packages/forge/rpm/qubes/r42 +enabled=1 +gpgcheck=1 +gpgkey = file:////etc/qubes/repo-templates/keys/RPM-GPG-KEY-ayakael-forge +``` + +**2) Install template** + +``` +qvm-template install alpine320 +``` + +### Manually + +**1) Download and transfer template RPM** + + +On VM, download desired template RPM available in `Packages` section +``` +curl -JO https: +``` + +On dom0, transfer RPM + +``` +qvm-run -p 'cat qubes-template-alpine.rpm +``` + +**2) Install template** + +``` +qvm-template --keyring /etc/qubes/repo-templates/keys/RPM-GPG-KEY-forge-ayakael install $(pwd)/qubes-template-alpine.rpm +``` + +## How to build + +Since this template builder uses pre-built Alpine Linux packages for QubesOS template support, it by defaults does not build everything locally. If you want to build them locally, you can follow these steps. If not, you can skip to the next section. + +### Build packages + +**1) Set-up build environment on Alpine Linux** +``` +apk add alpine-sdk lua-aports +addgroup abuild +mkdir -p /var/cache/distfiles +chmod a+w /var/cache/distfiles +abuild-keygen -a -i +cp /home/user/.abuild/*.pub /etc/apk/keys +``` +(see [Creating an Alpine package](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package) on Alpine Linux Wiki for more details) + +**2) Create work directory and clone `qports` with appropriate branch** + +``` +mkdir work +cd work +git clone https://ayakael.net/forge/qports -b +``` + +**3) Build all packages using `buildrepo`** + +`buildrepo -a -d /packages qports` + +**4) Make these packages available on an HTTP server and export the following variables that will be picked up by template build** + +``` +export QUBESALPINE_MIRROR= +export QUBESALPINE_KEYFILE= +``` + +### Build template + +**1) Create work directory and clone `qubes-builder-alpine` with appropriate branch** + +``` +mkdir work +cd work +git clone https://ayakael.net/forge/qubes-builder-alpine -b +``` + +**2) Set-up build environment for QubesOS template build** + +``` +git clone https://github.com/QubesOS/qubes-builder +mkdir qubes-builder/qubes-src +ln -s $(pwd) qubes-builder/qubes-src/builder-alpine +cp builder.conf qubes-builder/. +git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder +``` + +**3) Setup build information** + +``` +echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec +echo "4.2.0" > qubes-builder/qubes-src/linux-template-builder/version +``` +If you want to build a different Alpine version than default, you can modify `qubes-builder/builder.conf` on line `DIST_VM` to alpine (i.e alpine320). + +**4) Build template** + +``` +cd qubes-builder +make linux-template-builder +``` + +**5) Install produced RPM on dom0** + +``` +qvm-run --pass-io 'cat /qubes-builder/qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm' > qubes-template-alpine.rpm +qvm-template install --nogpgcheck $(pwd)/qubes-template-alpine.rpm +``` + +## Issues, recommendations and proposals **To report an issue or share a recommendation** -Go [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine/-/issues) +This repo is also mirrored on Codeberg. This facilitates receiving pull requests, and managing issues. You can open an issue [here](https://codeberg.org/ayakael/qubes-builder-alpine/issues) **To make a merge request** - * Fork the repo from Alpine's GitLab [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine) + * Fork the repo from Codeberg's mirror [here](https://codeberg.org/ayakael/qubes-builder-alpine) * Clone your fork locally. (`git clone $repo`) * Make a branch with a descriptive name (`git checkout -b $descriptivename`) * Make the changes you want to see in the world, commit, and push to the GitLab's remote repo - * Request a merge [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine/-/merge_requests) + * Request a merge [here](https://codeberg.org/ayakael/qubes-builder-alpine/pulls) From a8b3f4c64d322e3610e4a8709ef54b75cd96df17 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 22 Aug 2024 13:31:32 -0400 Subject: [PATCH 14/26] forgejo-ci: add deploy flows --- .forgejo/bin/deploy.sh | 15 +++++ .forgejo/workflows/release-build.yaml | 79 +++++++++++++++++++++++++++ 2 files changed, 94 insertions(+) create mode 100755 .forgejo/bin/deploy.sh create mode 100644 .forgejo/workflows/release-build.yaml diff --git a/.forgejo/bin/deploy.sh b/.forgejo/bin/deploy.sh new file mode 100755 index 0000000..b9dee56 --- /dev/null +++ b/.forgejo/bin/deploy.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +# shellcheck disable=SC3040 +set -eu -o pipefail + +readonly REPOS="backports user" +readonly QUBES_REL=$( echo $GITHUB_REF_NAME | awk -F '-' '{print $2}') +readonly TARGET_REPO=$CI_RPM_REPO + +readonly group="qubes/$QUBES_REL" +readonly rpm=$(find . -name 'qubes-template-*.rpm') + +echo "Sending $rpm to $TARGET_REPO/$group/upload" +curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $rpm $TARGET_REPO/$group/upload + diff --git a/.forgejo/workflows/release-build.yaml b/.forgejo/workflows/release-build.yaml new file mode 100644 index 0000000..c968780 --- /dev/null +++ b/.forgejo/workflows/release-build.yaml @@ -0,0 +1,79 @@ +on: + push: + tags: + - 'alpine*' + +jobs: + release-build: + runs-on: x86_64 + container: + image: alpine:latest + env: + QUBES_REL: r4.2 + DIST: alpine320 + steps: + - name: Environment setup + run: | + apk add rpm wget coreutils eudev e2fsprogs xen doas sudo curl nodejs git alpine-sdk fuse2fs patch findutils grep + cd /etc/apk/keys + curl -JO https://ayakael.net/api/packages/forge/alpine/key + - name: Repo pull + uses: actions/checkout@v4 + with: + fetch-depth: 500 + - name: RPM build + run: | + git clone https://github.com/QubesOS/qubes-builder + mkdir qubes-builder/qubes-src + ln -s $GITHUB_WORKSPACE qubes-builder/qubes-src/builder-alpine + cp builder.conf qubes-builder/. + git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder + patch -d qubes-builder/qubes-src/linux-template-builder -p1 -i $GITHUB_WORKSPACE/.forgejo/patches/linux-template-builder_use-fuse.patch + echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec + echo "4.2.0" > qubes-builder/qubes-src/linux-template-builder/version + sed "s|DISTS_VM :.*|DISTS_VM := $DIST|" -i ./qubes-builder/builder.conf + cd qubes-builder + make linux-template-builder + cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/. + - name: Package upload + uses: forgejo/upload-artifact@v3 + with: + name: package + path: qubes-template-*.rpm + release-deploy: + needs: [release-build] + runs-on: x86_64 + container: + image: alpine:latest + env: + CI_RPM_REPO: 'https://ayakael.net/api/packages/forge/rpm' + FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }} + FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }} + steps: + - name: Setting up environment + run: apk add nodejs curl findutils git gawk + - name: Repo pull + uses: actions/checkout@v4 + - name: Package download + uses: forgejo/download-artifact@v3 + - name: Package deployment + run: ${{ github.workspace }}/.forgejo/bin/deploy.sh + release-create: + needs: [release-build] + runs-on: x86_64 + container: + image: node:latest + steps: + - name: Package download + uses: forgejo/download-artifact@v3 + - name: Release creation + uses: actions/forgejo-release@v2.3.1 + with: + direction: upload + url: "https://ayakael.net" + repo: "forge/qubes-builder-alpine" + verbose: true + token: "${{ secrets.FORGE_REPO_TOKEN }}" + release-dir: ./package + release-notes: "For download of template through DNF, please go to https://ayakael.net/forge/-/packages/rpm/qubes-template-alpine320" + From 57cc5b49b31e1dbfc163a658f5ec57cdea5c8715 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 22 Aug 2024 13:32:26 -0400 Subject: [PATCH 15/26] forgejo-ci: add logics to be able to build for different qubes/alpine releases from workflow --- .forgejo/workflows/test-build.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.forgejo/workflows/test-build.yaml b/.forgejo/workflows/test-build.yaml index b33aefb..78cc47f 100644 --- a/.forgejo/workflows/test-build.yaml +++ b/.forgejo/workflows/test-build.yaml @@ -7,6 +7,9 @@ jobs: runs-on: x86_64 container: image: alpine:3.20 + env: + QUBES_REL: r4.2 + DIST: alpine320 steps: - name: Environment setup run: | @@ -26,6 +29,8 @@ jobs: git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder patch -d qubes-builder/qubes-src/linux-template-builder -p1 -i $GITHUB_WORKSPACE/.forgejo/patches/linux-template-builder_use-fuse.patch echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec + echo "4.2.0" > qubes-builder/qubes-src/linux-template-builder/version + sed "s|DISTS_VM :.*|DISTS_VM := $DIST|" -i ./qubes-builder/builder.conf cd qubes-builder make linux-template-builder cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/. From c850a814989d94a65271c38cd4e95b0269d9519c Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 22 Aug 2024 16:13:07 -0400 Subject: [PATCH 16/26] forgejo: sign RPM before deploying --- .forgejo/bin/deploy.sh | 16 +++++++++++++++- .forgejo/workflows/release-build.yaml | 3 ++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/.forgejo/bin/deploy.sh b/.forgejo/bin/deploy.sh index b9dee56..cdf97cb 100755 --- a/.forgejo/bin/deploy.sh +++ b/.forgejo/bin/deploy.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # shellcheck disable=SC3040 set -eu -o pipefail @@ -10,6 +10,20 @@ readonly TARGET_REPO=$CI_RPM_REPO readonly group="qubes/$QUBES_REL" readonly rpm=$(find . -name 'qubes-template-*.rpm') +echo "Signing $rpm" +gpg --import <<< $FORGE_REPO_PRIVKEY +gpg --export -a > forge-repo.pub +rpm --import forge-repo.pub + +cat << EOF > $HOME/.rpmmacros +%_signature gpg +%_gpg_path $HOME/.gnupg +%_gpg_name RPM Registry +%_gpgbin /usr/bin/gpg +EOF + +rpm --addsign $rpm + echo "Sending $rpm to $TARGET_REPO/$group/upload" curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $rpm $TARGET_REPO/$group/upload diff --git a/.forgejo/workflows/release-build.yaml b/.forgejo/workflows/release-build.yaml index c968780..3648793 100644 --- a/.forgejo/workflows/release-build.yaml +++ b/.forgejo/workflows/release-build.yaml @@ -48,10 +48,11 @@ jobs: env: CI_RPM_REPO: 'https://ayakael.net/api/packages/forge/rpm' FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }} + FORGE_REPO_PRIVKEY: ${{ secrets.FORGE_REPO_PRIVKEY }} FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }} steps: - name: Setting up environment - run: apk add nodejs curl findutils git gawk + run: apk add nodejs curl findutils git gawk bash rpm gpg gpg-agent - name: Repo pull uses: actions/checkout@v4 - name: Package download From 0370c1b6419f439dae8a82a687375cc43fbe22bf Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 22 Aug 2024 16:15:59 -0400 Subject: [PATCH 17/26] README: update repo specs --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 13bc7fe..e3c0ad6 100644 --- a/README.md +++ b/README.md @@ -41,12 +41,12 @@ For installation, you have two options. **1) Create repository definition** -On dom0, create and edit `/etc/qubes/repo-templates/ayakael-forge-r42.repo` to match the following +On dom0, create and edit `/etc/qubes/repo-templates/ayakael-templates.repo` to match the following ``` -[ayakael-forge-qubes-r42] -name=forge - Ayakael - qubes - r42 -baseurl=https://ayakael.net/api/packages/forge/rpm/qubes/r42 +[ayakael-templates] +name=Ayakael templates +baseurl=https://ayakael.net/api/packages/forge/rpm/qubes/r$releasever enabled=1 gpgcheck=1 gpgkey = file:////etc/qubes/repo-templates/keys/RPM-GPG-KEY-ayakael-forge From a789b333820c1d578a292994c5c6684f094970e0 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 22 Aug 2024 16:18:04 -0400 Subject: [PATCH 18/26] forgejo-ci: add 319 tests --- .forgejo/workflows/test-build-319.yaml | 41 +++++++++++++++++++ .../{test-build.yaml => test-build-320.yaml} | 0 2 files changed, 41 insertions(+) create mode 100644 .forgejo/workflows/test-build-319.yaml rename .forgejo/workflows/{test-build.yaml => test-build-320.yaml} (100%) diff --git a/.forgejo/workflows/test-build-319.yaml b/.forgejo/workflows/test-build-319.yaml new file mode 100644 index 0000000..f9f0819 --- /dev/null +++ b/.forgejo/workflows/test-build-319.yaml @@ -0,0 +1,41 @@ +on: + pull_request: + types: [ assigned, opened, synchronize, reopened ] + +jobs: + build-test: + runs-on: x86_64 + container: + image: alpine:3.20 + env: + QUBES_REL: r4.2 + DIST: alpine319 + steps: + - name: Environment setup + run: | + apk add rpm wget coreutils eudev e2fsprogs xen doas sudo curl nodejs git alpine-sdk fuse2fs patch findutils grep + cd /etc/apk/keys + curl -JO https://ayakael.net/api/packages/forge/alpine/key + - name: Repo pull + uses: actions/checkout@v4 + with: + fetch-depth: 500 + - name: RPM build + run: | + git clone https://github.com/QubesOS/qubes-builder + mkdir qubes-builder/qubes-src + ln -s $GITHUB_WORKSPACE qubes-builder/qubes-src/builder-alpine + cp builder.conf qubes-builder/. + git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder + patch -d qubes-builder/qubes-src/linux-template-builder -p1 -i $GITHUB_WORKSPACE/.forgejo/patches/linux-template-builder_use-fuse.patch + echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec + echo "4.2.0" > qubes-builder/qubes-src/linux-template-builder/version + sed "s|DISTS_VM :.*|DISTS_VM := $DIST|" -i ./qubes-builder/builder.conf + cd qubes-builder + make linux-template-builder + cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/. + - name: Package upload + uses: forgejo/upload-artifact@v3 + with: + name: package + path: qubes-template-*.rpm diff --git a/.forgejo/workflows/test-build.yaml b/.forgejo/workflows/test-build-320.yaml similarity index 100% rename from .forgejo/workflows/test-build.yaml rename to .forgejo/workflows/test-build-320.yaml From 49ef1d1ecf61dda00275460bc94f40603cfe189d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 15 Dec 2024 19:00:13 -0500 Subject: [PATCH 19/26] Build for Alpine v3.21 --- .forgejo/workflows/release-build.yaml | 2 +- builder.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/release-build.yaml b/.forgejo/workflows/release-build.yaml index 3648793..1823fc4 100644 --- a/.forgejo/workflows/release-build.yaml +++ b/.forgejo/workflows/release-build.yaml @@ -10,7 +10,7 @@ jobs: image: alpine:latest env: QUBES_REL: r4.2 - DIST: alpine320 + DIST: alpine321 steps: - name: Environment setup run: | diff --git a/builder.conf b/builder.conf index ea173c5..90e30ff 100644 --- a/builder.conf +++ b/builder.conf @@ -23,7 +23,7 @@ GIT_PREFIX := QubesOS/qubes- # DISTS_VM - Choose the templates to build. Multiple templates can be defined # to build. Uncomment tempalte dist to build. -DISTS_VM := alpine320 +DISTS_VM := alpine321 COMPONENTS += builder-alpine BUILDER_PLUGINS += builder-alpine From 01ea39382a9b71c8b4822580d39a005a2c501993 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 15 Dec 2024 19:20:01 -0500 Subject: [PATCH 20/26] Install icu-data-full in packages --- scripts/packages.list | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/packages.list b/scripts/packages.list index 3eb32a6..7067898 100644 --- a/scripts/packages.list +++ b/scripts/packages.list @@ -39,4 +39,5 @@ faenza-icon-theme-libreoffice pavucontrol # Major "productivity" applications +icu-data-full firefox From a3100daa0f194e037acbdce6b5b52828f46e6069 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 16 Dec 2024 10:54:25 -0500 Subject: [PATCH 21/26] Update README --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e3c0ad6..5df3404 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Linux for usage by qubes-builder. Packages are pulled from a community repo and packaged in an RPM that is installable by QubesOS. ### Current state -Alpine Linux as a QubesOS template is still a work and progress. It is highly +Alpine Linux as a QubesOS template is still a work in progress. It is highly encouraged to make bug reports. #### The yet-to-be-implemented list @@ -163,6 +163,8 @@ qvm-template install --nogpgcheck $(pwd)/qubes-template-alpine.rpm This repo is also mirrored on Codeberg. This facilitates receiving pull requests, and managing issues. You can open an issue [here](https://codeberg.org/ayakael/qubes-builder-alpine/issues) +You can also post on the [Qubes OS forums](https://forum.qubes-os.org/t/alpine-linux-template-non-official-available-for-testing/20595/33). + **To make a merge request** * Fork the repo from Codeberg's mirror [here](https://codeberg.org/ayakael/qubes-builder-alpine) * Clone your fork locally. (`git clone $repo`) From 821cc31b01f4b543436fc9a008d8e0469183c92d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 31 May 2025 12:09:07 -0400 Subject: [PATCH 22/26] Build for Alpine v3.22 --- .forgejo/workflows/release-build.yaml | 2 +- builder.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/release-build.yaml b/.forgejo/workflows/release-build.yaml index 1823fc4..e8f9e4b 100644 --- a/.forgejo/workflows/release-build.yaml +++ b/.forgejo/workflows/release-build.yaml @@ -10,7 +10,7 @@ jobs: image: alpine:latest env: QUBES_REL: r4.2 - DIST: alpine321 + DIST: alpine322 steps: - name: Environment setup run: | diff --git a/builder.conf b/builder.conf index 90e30ff..7f5481a 100644 --- a/builder.conf +++ b/builder.conf @@ -23,7 +23,7 @@ GIT_PREFIX := QubesOS/qubes- # DISTS_VM - Choose the templates to build. Multiple templates can be defined # to build. Uncomment tempalte dist to build. -DISTS_VM := alpine321 +DISTS_VM := alpine322 COMPONENTS += builder-alpine BUILDER_PLUGINS += builder-alpine From d85da1f81fd6cffbcd55b3a23a10b0f5c5cdc352 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 31 May 2025 12:13:16 -0400 Subject: [PATCH 23/26] Fix audio not working on images * Adds `sof-firmware` package * Adds user to audio group Fixes #21 --- scripts/04_install_qubes.sh | 1 + scripts/packages.list | 1 + 2 files changed, 2 insertions(+) diff --git a/scripts/04_install_qubes.sh b/scripts/04_install_qubes.sh index cf3438d..90806cd 100755 --- a/scripts/04_install_qubes.sh +++ b/scripts/04_install_qubes.sh @@ -77,6 +77,7 @@ echo "hvc0::respawn:/sbin/getty -L hvc0 115200 vt220" >> "$INSTALLDIR"/etc/initt "${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" addgroup user "${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" adduser -D user -G user -s /bin/bash "${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" addgroup user qubes +"${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" addgroup user audio # create /lib/modules for qubes-kernel module mount "${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" mkdir /lib/modules diff --git a/scripts/packages.list b/scripts/packages.list index 7067898..c57ab13 100644 --- a/scripts/packages.list +++ b/scripts/packages.list @@ -37,6 +37,7 @@ xfce4-settings evince faenza-icon-theme-libreoffice pavucontrol +sof-firmware # Major "productivity" applications icu-data-full From 4cbe964244b36147111d39992f2d5696b5363609 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Mon, 25 Aug 2025 00:48:41 -0400 Subject: [PATCH 24/26] Upgrade to r4.3 --- .forgejo/workflows/release-build.yaml | 2 +- README.md | 8 ++++---- scripts/04_install_qubes.sh | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.forgejo/workflows/release-build.yaml b/.forgejo/workflows/release-build.yaml index e8f9e4b..3804917 100644 --- a/.forgejo/workflows/release-build.yaml +++ b/.forgejo/workflows/release-build.yaml @@ -30,7 +30,7 @@ jobs: git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder patch -d qubes-builder/qubes-src/linux-template-builder -p1 -i $GITHUB_WORKSPACE/.forgejo/patches/linux-template-builder_use-fuse.patch echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec - echo "4.2.0" > qubes-builder/qubes-src/linux-template-builder/version + echo "4.3.0" > qubes-builder/qubes-src/linux-template-builder/version sed "s|DISTS_VM :.*|DISTS_VM := $DIST|" -i ./qubes-builder/builder.conf cd qubes-builder make linux-template-builder diff --git a/README.md b/README.md index 5df3404..df1818b 100644 --- a/README.md +++ b/README.md @@ -102,7 +102,7 @@ cp /home/user/.abuild/*.pub /etc/apk/keys ``` mkdir work cd work -git clone https://ayakael.net/forge/qports -b +git clone https://ayakael.net/forge/qports -b ``` **3) Build all packages using `buildrepo`** @@ -123,7 +123,7 @@ export QUBESALPINE_KEYFILE= ``` mkdir work cd work -git clone https://ayakael.net/forge/qubes-builder-alpine -b +git clone https://ayakael.net/forge/qubes-builder-alpine -b ``` **2) Set-up build environment for QubesOS template build** @@ -140,9 +140,9 @@ git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/ ``` echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec -echo "4.2.0" > qubes-builder/qubes-src/linux-template-builder/version +echo "4.3.0" > qubes-builder/qubes-src/linux-template-builder/version ``` -If you want to build a different Alpine version than default, you can modify `qubes-builder/builder.conf` on line `DIST_VM` to alpine (i.e alpine320). +If you want to build a different Alpine version than default, you can modify `qubes-builder/builder.conf` on line `DIST_VM` to alpine (i.e alpine322). **4) Build template** diff --git a/scripts/04_install_qubes.sh b/scripts/04_install_qubes.sh index 90806cd..b9a12be 100755 --- a/scripts/04_install_qubes.sh +++ b/scripts/04_install_qubes.sh @@ -19,7 +19,7 @@ APKTOOLS_CACHE_DIR="${CACHEDIR}/apk_cache" ALPINELINUX_VERSION=${DIST_VER:-latest-stable} QUBESALPINE_MIRROR="${QUBESALPINE_MIRROR:-https://ayakael.net/api/packages/forge/alpine}" QUBESALPINE_KEYFILE="${QUBESALPINE_KEYFILE:-https://ayakael.net/api/packages/forge/alpine/key}" -QUBES_REL="${QUBES_REL:-r4.2}" +QUBES_REL="${QUBES_REL:-r4.3}" export APK_CACHE_DIR set -e From 8ab072b8e6c0fdc8fcf8475c159920f0b420bcd4 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Dec 2025 17:32:32 -0500 Subject: [PATCH 25/26] Build for Alpine v3.23 --- .forgejo/workflows/release-build.yaml | 4 ++-- builder.conf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.forgejo/workflows/release-build.yaml b/.forgejo/workflows/release-build.yaml index 3804917..d18a069 100644 --- a/.forgejo/workflows/release-build.yaml +++ b/.forgejo/workflows/release-build.yaml @@ -10,7 +10,7 @@ jobs: image: alpine:latest env: QUBES_REL: r4.2 - DIST: alpine322 + DIST: alpine323 steps: - name: Environment setup run: | @@ -76,5 +76,5 @@ jobs: verbose: true token: "${{ secrets.FORGE_REPO_TOKEN }}" release-dir: ./package - release-notes: "For download of template through DNF, please go to https://ayakael.net/forge/-/packages/rpm/qubes-template-alpine320" + release-notes: "For download of template through DNF, please go to https://ayakael.net/forge/-/packages/rpm/qubes-template-alpine323" diff --git a/builder.conf b/builder.conf index 7f5481a..1d40823 100644 --- a/builder.conf +++ b/builder.conf @@ -23,7 +23,7 @@ GIT_PREFIX := QubesOS/qubes- # DISTS_VM - Choose the templates to build. Multiple templates can be defined # to build. Uncomment tempalte dist to build. -DISTS_VM := alpine322 +DISTS_VM := alpine323 COMPONENTS += builder-alpine BUILDER_PLUGINS += builder-alpine From 59a019371139c8ef01b0268dc68db0ad87a0581e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 16 Dec 2025 17:36:39 -0500 Subject: [PATCH 26/26] ci: use up-to-date URL for actions --- .forgejo/workflows/release-build.yaml | 6 +++--- .forgejo/workflows/test-build-319.yaml | 2 +- .forgejo/workflows/test-build-320.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.forgejo/workflows/release-build.yaml b/.forgejo/workflows/release-build.yaml index d18a069..cca8144 100644 --- a/.forgejo/workflows/release-build.yaml +++ b/.forgejo/workflows/release-build.yaml @@ -36,7 +36,7 @@ jobs: make linux-template-builder cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/. - name: Package upload - uses: forgejo/upload-artifact@v3 + uses: actions/upload-artifact@v3 with: name: package path: qubes-template-*.rpm @@ -56,7 +56,7 @@ jobs: - name: Repo pull uses: actions/checkout@v4 - name: Package download - uses: forgejo/download-artifact@v3 + uses: actions/download-artifact@v3 - name: Package deployment run: ${{ github.workspace }}/.forgejo/bin/deploy.sh release-create: @@ -66,7 +66,7 @@ jobs: image: node:latest steps: - name: Package download - uses: forgejo/download-artifact@v3 + uses: actions/download-artifact@v3 - name: Release creation uses: actions/forgejo-release@v2.3.1 with: diff --git a/.forgejo/workflows/test-build-319.yaml b/.forgejo/workflows/test-build-319.yaml index f9f0819..35a77b2 100644 --- a/.forgejo/workflows/test-build-319.yaml +++ b/.forgejo/workflows/test-build-319.yaml @@ -35,7 +35,7 @@ jobs: make linux-template-builder cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/. - name: Package upload - uses: forgejo/upload-artifact@v3 + uses: actions/upload-artifact@v3 with: name: package path: qubes-template-*.rpm diff --git a/.forgejo/workflows/test-build-320.yaml b/.forgejo/workflows/test-build-320.yaml index 78cc47f..c9d0ad6 100644 --- a/.forgejo/workflows/test-build-320.yaml +++ b/.forgejo/workflows/test-build-320.yaml @@ -35,7 +35,7 @@ jobs: make linux-template-builder cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/. - name: Package upload - uses: forgejo/upload-artifact@v3 + uses: actions/upload-artifact@v3 with: name: package path: qubes-template-*.rpm