README: update repo specs

.forgejo/bin/deploy.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# shellcheck disable=SC3040
+set -eu -o pipefail
+
+readonly REPOS="backports user"
+readonly QUBES_REL=$( echo $GITHUB_REF_NAME | awk -F '-' '{print $2}')
+readonly TARGET_REPO=$CI_RPM_REPO
+
+readonly group="qubes/$QUBES_REL"
+readonly rpm=$(find . -name 'qubes-template-*.rpm')
+
+echo "Signing $rpm"
+gpg --import <<< $FORGE_REPO_PRIVKEY
+gpg --export -a > forge-repo.pub
+rpm --import forge-repo.pub
+
+cat << EOF > $HOME/.rpmmacros
+%_signature gpg
+%_gpg_path $HOME/.gnupg
+%_gpg_name RPM Registry
+%_gpgbin /usr/bin/gpg
+EOF
+
+rpm --addsign $rpm
+
+echo "Sending $rpm to $TARGET_REPO/$group/upload"
+curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $rpm $TARGET_REPO/$group/upload
+

.forgejo/patches/linux-template-builder_use-fuse.patch

@@ -0,0 +1,184 @@
+diff --git a/cleanup_image b/cleanup_image
+index 224c04a..911b238 100755
+--- a/cleanup_image
++++ b/cleanup_image
+@@ -1,6 +1,7 @@
+ #!/bin/sh
+ 
+ export INSTALLDIR=$1
++export TEMPLATE_USE_FUSE=1
+ 
+ . ./builder_setup
+ 
+@@ -20,5 +21,8 @@ fi
+ echo "--> Cleaning up image file..."
+ $SCRIPTSDIR/09_cleanup.sh
+ 
+-echo "--> Compacting image file..."
+-/sbin/fstrim -v "$INSTALLDIR"
++# fstrim not supported in userspace
++if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
++	echo "--> Compacting image file..."
++	/sbin/fstrim -v "$INSTALLDIR"
++fi
+diff --git a/prepare_image b/prepare_image
+index 6334879..de1a2af 100755
+--- a/prepare_image
++++ b/prepare_image
+@@ -19,6 +19,8 @@ RETCODE=0
+ . ./builder_setup >/dev/null
+ . ./umount_kill.sh >/dev/null
+ 
++export TEMPLATE_USE_FUSE=1
++
+ if ! [ $# -eq 1 ]; then
+     echo "usage ${0} <img_file_name>"
+     exit
+@@ -55,11 +57,20 @@ echo "-> Preparing instalation of ${DIST} template..."
+ if [ -f "${IMG}" ]; then
+     echo "-> Image file already exists, assuming *update*..."
+     if [ "0$TEMPLATE_ROOT_WITH_PARTITIONS" -eq 1 ]; then
+-        IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
+-        IMG_DEV=${IMG_LOOP}p3
++		if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
++			echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true"
++			exit
++		else
++    	    IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
++        	IMG_DEV=${IMG_LOOP}p3
++		fi
+     else
+-        IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
+-        IMG_DEV=${IMG_LOOP}
++		if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
++			IMG_DEV=$IMG
++		else
++	        IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
++    	    IMG_DEV=${IMG_LOOP}
++		fi
+     fi
+     udevadm settle --exit-if-exists="$IMG_DEV"
+ else
+@@ -78,11 +89,20 @@ size=2MiB, type=21686148-6449-6E6F-744E-656564454649, uuid=1e6c9db4-1e91-46c4-84
+ type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=693244e6-3e07-47bf-ad79-acade4293fe7, name="Root filesystem"
+ EOF
+ 
+-        IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
+-        IMG_DEV=${IMG_LOOP}p3
++		if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
++			echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true"
++			exit
++		else
++        	IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
++        	IMG_DEV=${IMG_LOOP}p3
++		fi
+     else
+-        IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
+-        IMG_DEV=${IMG_LOOP}
++		if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
++			IMG_DEV=$IMG
++		else
++        	IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
++        	IMG_DEV=${IMG_LOOP}
++		fi
+     fi
+     udevadm settle --exit-if-exists="$IMG_DEV"
+ 
+@@ -90,7 +110,9 @@ EOF
+     /sbin/mkfs.ext4 -q -F "${IMG_DEV}" || exit 1
+ fi
+ 
+-mount "${IMG_DEV}" "${INSTALLDIR}" || exit 1
++if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
++	fuse2fs "${IMG_DEV}" "${INSTALLDIR}" || exit 1
++fi
+ trap "umount_kill $(readlink -m ${INSTALLDIR})" EXIT
+ "${SCRIPTSDIR}/01_install_core.sh"
+ 
+@@ -107,6 +129,8 @@ trap - EXIT
+ 
+ echo "-> Unmounting prepared_image..."
+ umount_kill "$(readlink -m ${INSTALLDIR})" || true
+-/sbin/losetup -d ${IMG_LOOP}
++if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
++	/sbin/losetup -d ${IMG_LOOP}
++fi
+ 
+ exit ${RETCODE}
+diff --git a/qubeize_image b/qubeize_image
+index 19c37cb..9e5179d 100755
+--- a/qubeize_image
++++ b/qubeize_image
+@@ -13,6 +13,8 @@ export CLEANIMG="$1"
+ export NAME="$2"
+ export LC_ALL=POSIX
+ 
++export TEMPLATE_USE_FUSE=1
++
+ . ./builder_setup >/dev/null
+ . ./umount_kill.sh >/dev/null
+ 
+@@ -50,7 +52,9 @@ function cleanup() {
+     trap - ERR
+     trap
+     umount_kill "$PWD/mnt" || true
+-    /sbin/losetup -d ${IMG_LOOP}
++	if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
++	    /sbin/losetup -d ${IMG_LOOP}
++	fi
+     exit $errval
+ }
+ trap cleanup ERR
+@@ -72,14 +76,27 @@ fi
+ echo "--> Mounting $IMG"
+ mkdir -p mnt
+ if [ "0$TEMPLATE_ROOT_WITH_PARTITIONS" -eq 1 ]; then
+-    IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
+-    IMG_DEV=${IMG_LOOP}p3
++	if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
++		echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true"
++		exit
++	else
++ 		IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
++    	IMG_DEV=${IMG_LOOP}p3
++	fi
+ else
+-    IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
+-    IMG_DEV=${IMG_LOOP}
++	if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
++		IMG_DEV=$IMG
++	else
++    	IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
++    	IMG_DEV=${IMG_LOOP}
++	fi
+ fi
+ udevadm settle --exit-if-exists="$IMG_DEV"
+-mount "$IMG_DEV" mnt || exit 1
++if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
++	fuse2fs "$IMG_DEV" mnt
++else
++	mount "$IMG_DEV" mnt || exit 1
++fi
+ export INSTALLDIR=mnt
+ 
+ # prepare for template.conf, so the qubeize script may generate it dynamically
+@@ -159,7 +176,9 @@ ls -als $IMG
+ # ------------------------------------------------------------------------------
+ echo "--> Unmounting $IMG"
+ umount_kill "$PWD/mnt" || true
+-/sbin/losetup -d ${IMG_LOOP}
++if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
++	/sbin/losetup -d ${IMG_LOOP}
++fi
+ 
+ echo "Qubeized image stored at: $IMG"
+ 
+diff --git a/templates.spec b/templates.spec
+index e1a82e9..210ef57 100644
+--- a/templates.spec
++++ b/templates.spec
+@@ -193,3 +193,4 @@ rm -rf $RPM_BUILD_ROOT
+ %attr (664,root,qubes) %{dest_dir}/vm-whitelisted-appmenus.list
+ %attr (664,root,qubes) %{dest_dir}/netvm-whitelisted-appmenus.list
+ %attr (664,root,qubes) %{dest_dir}/template.conf
++%define _arch x86_64

.forgejo/workflows/release-build.yaml

@@ -0,0 +1,80 @@
+on:
+  push:
+    tags:
+      - 'alpine*'
+
+jobs:
+  release-build:
+    runs-on: x86_64
+    container:
+      image: alpine:latest
+    env:
+      QUBES_REL: r4.2
+      DIST: alpine320
+    steps:
+      - name: Environment setup
+        run: |
+          apk add rpm wget coreutils eudev e2fsprogs xen doas sudo curl nodejs git alpine-sdk fuse2fs patch findutils grep
+          cd /etc/apk/keys
+          curl -JO https://ayakael.net/api/packages/forge/alpine/key
+      - name: Repo pull
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 500
+      - name: RPM build
+        run: |
+          git clone https://github.com/QubesOS/qubes-builder
+          mkdir qubes-builder/qubes-src
+          ln -s $GITHUB_WORKSPACE qubes-builder/qubes-src/builder-alpine
+          cp builder.conf qubes-builder/.
+          git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
+          patch -d qubes-builder/qubes-src/linux-template-builder -p1 -i $GITHUB_WORKSPACE/.forgejo/patches/linux-template-builder_use-fuse.patch
+          echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
+          echo "4.2.0" > qubes-builder/qubes-src/linux-template-builder/version
+          sed "s|DISTS_VM :.*|DISTS_VM := $DIST|" -i ./qubes-builder/builder.conf
+          cd qubes-builder
+          make linux-template-builder
+          cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/.
+      - name: Package upload
+        uses: forgejo/upload-artifact@v3
+        with:
+          name: package
+          path: qubes-template-*.rpm
+  release-deploy:
+    needs: [release-build]
+    runs-on: x86_64
+    container:
+      image: alpine:latest
+    env:
+      CI_RPM_REPO: 'https://ayakael.net/api/packages/forge/rpm'
+      FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
+      FORGE_REPO_PRIVKEY: ${{ secrets.FORGE_REPO_PRIVKEY }}
+      FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
+    steps:
+      - name: Setting up environment
+        run: apk add nodejs curl findutils git gawk bash rpm gpg gpg-agent
+      - name: Repo pull
+        uses: actions/checkout@v4
+      - name: Package download
+        uses: forgejo/download-artifact@v3
+      - name: Package deployment
+        run: ${{ github.workspace }}/.forgejo/bin/deploy.sh
+  release-create:
+    needs: [release-build]
+    runs-on: x86_64
+    container:
+      image: node:latest
+    steps:
+      - name: Package download
+        uses: forgejo/download-artifact@v3
+      - name: Release creation
+        uses: actions/forgejo-release@v2.3.1
+        with:
+          direction: upload
+          url: "https://ayakael.net"
+          repo: "forge/qubes-builder-alpine"
+          verbose: true
+          token: "${{ secrets.FORGE_REPO_TOKEN }}"
+          release-dir: ./package
+          release-notes: "For download of template through DNF, please go to https://ayakael.net/forge/-/packages/rpm/qubes-template-alpine320"
+

.forgejo/workflows/test-build.yaml

@@ -0,0 +1,41 @@
+on: 
+  pull_request:
+    types: [ assigned, opened, synchronize, reopened ]
+
+jobs:
+  build-test:
+    runs-on: x86_64
+    container:
+      image: alpine:3.20
+    env:
+      QUBES_REL: r4.2
+      DIST: alpine320
+    steps:
+      - name: Environment setup
+        run: |
+          apk add rpm wget coreutils eudev e2fsprogs xen doas sudo curl nodejs git alpine-sdk fuse2fs patch findutils grep
+          cd /etc/apk/keys
+          curl -JO https://ayakael.net/api/packages/forge/alpine/key
+      - name: Repo pull
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 500
+      - name: RPM build
+        run: |
+          git clone https://github.com/QubesOS/qubes-builder
+          mkdir qubes-builder/qubes-src
+          ln -s $GITHUB_WORKSPACE qubes-builder/qubes-src/builder-alpine
+          cp builder.conf qubes-builder/.
+          git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
+          patch -d qubes-builder/qubes-src/linux-template-builder -p1 -i $GITHUB_WORKSPACE/.forgejo/patches/linux-template-builder_use-fuse.patch
+          echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
+          echo "4.2.0" > qubes-builder/qubes-src/linux-template-builder/version
+          sed "s|DISTS_VM :.*|DISTS_VM := $DIST|" -i ./qubes-builder/builder.conf
+          cd qubes-builder
+          make linux-template-builder
+          cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/.
+      - name: Package upload
+        uses: forgejo/upload-artifact@v3
+        with:
+          name: package
+          path: qubes-template-*.rpm

.gitlab-ci.yml

@@ -1,107 +0,0 @@
-stages:
-  - build
-  - release
-
-variables:
-  GIT_STRATEGY: clone
-  GIT_DEPTH: "500"
-
-.verify:
-  stage: build
-  rules:
-    - if: $CI_MERGE_REQUEST_ID
-  interruptible: true
-  script:
-    - |
-      sudo apk add rpm wget losetup coreutils eudev e2fsprogs xen
-      doas addgroup $USER abuild
-      export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
-      git clone https://github.com/QubesOS/qubes-builder
-      mkdir qubes-builder/qubes-src
-      ln -s $CI_PROJECT_DIR qubes-builder/qubes-src/builder-alpine
-      cp builder.conf qubes-builder/.
-      git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
-      echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
-      cd qubes-builder
-      make linux-template-builder
-      cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $CI_PROJECT_DIR/.
-  artifacts:
-    paths:
-      - qubes-template-*.rpm
-    expire_in: 7 days
-    when: always
-  tags:
-    - qubes-template
-
-verify-alpine318:
-  extends: .verify
-  variables: 
-    CI_ALPINE_TARGET_RELEASE: alpine318
-
-.build:
-  stage: build
-  rules:
-    - if: $CI_COMMIT_TAG
-  interruptible: true
-  script:
-    - |
-      sudo apk add rpm wget losetup coreutils eudev e2fsprogs xen
-      doas addgroup $USER abuild
-      export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
-      git clone https://github.com/QubesOS/qubes-builder
-      mkdir qubes-builder/qubes-src
-      ln -s $CI_PROJECT_DIR qubes-builder/qubes-src/builder-alpine
-      cp builder.conf qubes-builder/.
-      git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
-      echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
-      cd qubes-builder
-      make linux-template-builder
-      cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $CI_PROJECT_DIR/.
-      cd $CI_PROJECT_DIR
-      CI_ALPINE_RPM_NAME="$(find qubes-template*.rpm)"
-      echo "ALPINE_RPM_NAME=$CI_ALPINE_RPM_NAME" > job.env
-      echo "Generating sha512sum"
-      sha512sum $CI_ALPINE_RPM_NAME > $CI_ALPINE_RPM_NAME.sha512sum
-  after_script:
-    - echo "JOB_ID=$CI_JOB_ID" >> job.env
-  artifacts:
-    paths:
-      - qubes-template*.rpm
-      - qubes-template*.sha512sum
-    expire_in: never
-    when: always
-    reports:
-      dotenv: job.env
-  tags:
-    - qubes-template
-
-build-alpine318:
-  extends: .build
-  variables: 
-    CI_ALPINE_TARGET_RELEASE: alpine318
-
-release:
-  stage: release
-  allow_failure: false
-  tags:
-    - qubes-template
-  rules:
-    - if: $CI_COMMIT_TAG
-  when: on_success
-  script:
-    - echo "Create Release $GI_COMMIT_TAG"
-    - echo $JOB_ID
-    - echo $ALPINE_RPM_NAME
-  release:
-    name: 'Release $CI_COMMIT_TAG'
-    description: 'Release $CI_COMMIT_TAG'
-    tag_name: '$CI_COMMIT_TAG'
-    ref: '$CI_COMMIT_SHA'
-    assets:
-      links:
-        - name: "$ALPINE_RPM_NAME"
-          filepath: "/template/qubes-template-$CI_COMMIT_TAG.rpm"
-          url: "https://lab.ilot.io/ayakael/qubes-builder-alpine/-/jobs/$JOB_ID/artifacts/raw/$ALPINE_RPM_NAME"
-        - name: "$ALPINE_RPM_NAME.sha512sum"
-          filepath: "/template/qubes-template-$CI_COMMIT_TAG.rpm.sha512sum"
-          url: "https://lab.ilot.io/ayakael/qubes-builder-alpine/-/jobs/$JOB_ID/artifacts/raw/$ALPINE_RPM_NAME.sha512sum"

README.md

@@ -1,5 +1,5 @@
 # qubes-builder-alpine
-Upstream: https://lab.ilot.io/ayakael/qubes-builder-alpine
+Upstream: https://ayakael.net/forge/qubes-builder-alpine
 
 ## Description
 
@@ -13,22 +13,159 @@ encouraged to make bug reports.
 
 #### The yet-to-be-implemented list 
 Thus the following use cases are still not supported / tested:
- * QubesOS r4.2
+ * sys-net service VM
- * Service VMs (sys-net, sys-usb, sys-firewall)
+ * sys-firewall service VM
- * Firewall (not tested)
- * `qubes-builder` hooks (thus no `dom0` template RPM yet, see [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine) for progress)
- * `apk` proxying from within template (thus you must allow internet access to template to install packages)
  * `qubes-vm-kernel-support` Not adapted for use on Alpine yet, due to it providing a Dracut module. In most cases, it is not necessary as Qubes provides the kernel. 
    This package is only neccessary when VM uses its own kernel, thus a hook is added to Dracut to generate the initrd for use within qubes.
 
-#### Issues, recommendations and proposals
+## How to install
+
+First, we need to transfer to dom0 the template key.
+
+**Within VM, download template key:**
+
+```
+curl -JO https://ayakael.net/api/packages/forge/rpm/repository.key
+```
+
+**On dom0, transfer and copy key to key store:**
+
+```
+qvm-run -p <curl-vm> 'cat </path/to/downloaded/key ' > repository.key
+sudo mv repository.key /etc/qubes/repo-templates/keys/RPM-GPG-KEY-ayakael-forge
+```
+
+For installation, you have two options.
+
+### Using qvm-template
+
+**1) Create repository definition**
+
+On dom0, create and edit `/etc/qubes/repo-templates/ayakael-templates.repo` to match the following
+
+```
+[ayakael-templates]
+name=Ayakael templates
+baseurl=https://ayakael.net/api/packages/forge/rpm/qubes/r$releasever
+enabled=1
+gpgcheck=1
+gpgkey = file:////etc/qubes/repo-templates/keys/RPM-GPG-KEY-ayakael-forge
+```
+
+**2) Install template**
+
+```
+qvm-template install alpine320
+```
+
+### Manually
+
+**1) Download and transfer template RPM**
+
+
+On VM, download desired template RPM available in `Packages` section
+```
+curl -JO https:<url/rpm>
+```
+
+On dom0, transfer RPM
+
+```
+qvm-run -p <curl-vm> 'cat </path/to/downloaded/rpm ' > qubes-template-alpine.rpm
+```
+
+**2) Install template**
+
+```
+qvm-template --keyring /etc/qubes/repo-templates/keys/RPM-GPG-KEY-forge-ayakael install $(pwd)/qubes-template-alpine.rpm
+```
+
+## How to build
+
+Since this template builder uses pre-built Alpine Linux packages for QubesOS template support, it by defaults does not build everything locally. If you want to build them locally, you can follow these steps. If not, you can skip to the next section.
+
+### Build packages
+
+**1) Set-up build environment on Alpine Linux**
+```
+apk add alpine-sdk lua-aports
+addgroup <yourusername> abuild
+mkdir -p /var/cache/distfiles
+chmod a+w /var/cache/distfiles
+abuild-keygen -a -i
+cp /home/user/.abuild/*.pub /etc/apk/keys
+```
+(see [Creating an Alpine package](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package) on Alpine Linux Wiki for more details)
+
+**2) Create work directory and clone `qports` with appropriate branch**
+
+```
+mkdir work
+cd work
+git clone https://ayakael.net/forge/qports -b <desired Qubes Rel, i.e r4.2>
+```
+
+**3) Build all packages using `buildrepo`**
+
+`buildrepo -a <path/to/qports> -d <path/to/work/dir>/packages qports` 
+
+**4) Make these packages available on an HTTP server and export the following variables that will be picked up by template build**
+
+```
+export QUBESALPINE_MIRROR=<https://url-to-custom-repo>
+export QUBESALPINE_KEYFILE=<https://url-to-custom-repo-key>
+```
+
+### Build template
+
+**1) Create work directory and clone `qubes-builder-alpine` with appropriate branch**
+
+```
+mkdir work
+cd work
+git clone https://ayakael.net/forge/qubes-builder-alpine -b <desired Qubes Rel, i.e r4.2>
+```
+
+**2) Set-up build environment for QubesOS template build**
+
+```
+git clone https://github.com/QubesOS/qubes-builder
+mkdir qubes-builder/qubes-src
+ln -s $(pwd) qubes-builder/qubes-src/builder-alpine
+cp builder.conf qubes-builder/.
+git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
+```
+
+**3) Setup build information**
+
+```
+echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
+echo "4.2.0" > qubes-builder/qubes-src/linux-template-builder/version
+```
+If you want to build a different Alpine version than default, you can modify `qubes-builder/builder.conf` on line `DIST_VM` to alpine<desired-version-without-dot> (i.e alpine320).
+
+**4) Build template**
+
+```
+cd qubes-builder
+make linux-template-builder
+```
+
+**5) Install produced RPM on dom0**
+
+```
+qvm-run --pass-io <build-vm> 'cat <path/to/work/dir>/qubes-builder/qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm' > qubes-template-alpine.rpm
+qvm-template install --nogpgcheck $(pwd)/qubes-template-alpine.rpm
+```
+
+## Issues, recommendations and proposals
 **To report an issue or share a recommendation**
 
-Go [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine/-/issues)
+This repo is also mirrored on Codeberg. This facilitates receiving pull requests, and managing issues. You can open an issue [here](https://codeberg.org/ayakael/qubes-builder-alpine/issues)
 
 **To make a merge request**
- * Fork the repo from Alpine's GitLab [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine)
+ * Fork the repo from Codeberg's mirror [here](https://codeberg.org/ayakael/qubes-builder-alpine)
  * Clone your fork locally. (`git clone $repo`)
  * Make a branch with a descriptive name (`git checkout -b $descriptivename`)
  * Make the changes you want to see in the world, commit, and push to the GitLab's remote repo
- * Request a merge [here](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine/-/merge_requests)
+ * Request a merge [here](https://codeberg.org/ayakael/qubes-builder-alpine/pulls)

builder.conf

@@ -23,7 +23,7 @@ GIT_PREFIX := QubesOS/qubes-
 
 # DISTS_VM - Choose the templates to build.  Multiple templates can be defined 
 # to build.  Uncomment tempalte dist to build.
-DISTS_VM := alpine318
+DISTS_VM := alpine320
 COMPONENTS += builder-alpine
 BUILDER_PLUGINS += builder-alpine
 

scripts/04_install_qubes.sh

@@ -17,9 +17,9 @@ fi
 
 APKTOOLS_CACHE_DIR="${CACHEDIR}/apk_cache"
 ALPINELINUX_VERSION=${DIST_VER:-latest-stable}
-QUBESALPINE_MIRROR="${QUBESALPINE_MIRROR:-https://lab.ilot.io/ayakael/repo-apk/-/raw}"
+QUBESALPINE_MIRROR="${QUBESALPINE_MIRROR:-https://ayakael.net/api/packages/forge/alpine}"
-QUBESALPINE_KEYFILE="${QUBESALPINE_KEYFILE:-antoine.martin@protonmail.com-5b3109ad.rsa.pub}"
+QUBESALPINE_KEYFILE="${QUBESALPINE_KEYFILE:-https://ayakael.net/api/packages/forge/alpine/key}"
-QUBES_REL="${QUBES_REL:-r4.1}"
+QUBES_REL="${QUBES_REL:-r4.2}"
 export APK_CACHE_DIR
 
 set -e
@@ -28,8 +28,10 @@ if [ "$VERBOSE" -ge 2 ] || [ "$DEBUG" -gt 0 ]; then
 fi
 
 echo "  --> Adding Qubes custom repository..."
-su -c "echo '$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/qubes/$QUBES_REL' >> $INSTALLDIR/etc/apk/repositories"
+su -c "echo '$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/qubes-$QUBES_REL' >> $INSTALLDIR/etc/apk/repositories"
-wget "$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/$QUBESALPINE_KEYFILE" -P "$INSTALLDIR"/etc/apk/keys
+pushd "$INSTALLDIR"/etc/apk/keys
+curl -JO "$QUBESALPINE_KEYFILE"
+popd
 
 echo "  --> Synchronize resolv.conf..."
 cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf"
@@ -79,8 +81,15 @@ echo "hvc0::respawn:/sbin/getty -L hvc0 115200 vt220" >> "$INSTALLDIR"/etc/initt
 # create /lib/modules for qubes-kernel module mount
 "${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" mkdir /lib/modules
 
+# lo device
+cat > "${INSTALLDIR}/etc/network/interfaces" <<EOF
+auto lo
+iface lo inet loopback
+EOF
+
+
 # enable services
-for i in udev udev-trigger xendriverdomain qubes-qrexec-agent qubes-db qubes-meminfo-writer qubes-sysinit qubes-core-early qubes-core qubes-gui-agent crond acpid; do
+for i in udev udev-trigger xendriverdomain qubes-qrexec-agent qubes-db qubes-meminfo-writer qubes-sysinit qubes-core-early qubes-core qubes-gui-agent qubes-updates-proxy-forwarder crond acpid; do
     "${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" rc-update add $i default
 done
 for i in bootmisc hostname hwclock loadkmap modules networking seedrng swap sysctl syslog; do

scripts/alpine-chroot

@@ -31,7 +31,7 @@ chroot_setup() {
     chroot_add_mount sys "$1/sys" -t sysfs -o nosuid,noexec,nodev,ro &&
     # alpine-chroot will never have occasion to use efivars, so don't bother
     # mounting efivarfs here
-    chroot_add_mount udev "$1/dev" -t devtmpfs -o mode=0755,nosuid &&
+    chroot_add_mount /dev "$1/dev" -o bind &&
     chroot_add_mount devpts "$1/dev/pts" -t devpts -o mode=0620,gid=5,nosuid,noexec &&
     chroot_add_mount shm "$1/dev/shm" -t tmpfs -o mode=1777,nosuid,nodev &&
     chroot_add_mount run "$1/run" -t tmpfs -o nosuid,nodev,mode=0755 &&