├── .dockerignore ├── .gitignore ├── .gitlab-ci.yml ├── .gitmodules ├── README.md ├── ci ├── codecov-keys.asc └── codecov-wrapper ├── dependencies-debian.txt ├── dependencies-fedora-qubes-executor.txt ├── dependencies-fedora.txt ├── dockerfiles ├── debian.Dockerfile ├── fedora-mock.Dockerfile ├── fedora.Dockerfile └── ubuntu.Dockerfile ├── example-configs ├── archlinux.yml ├── gentoo.yml ├── kali.yml ├── kicksecure.yml ├── qubes-os-main.yml ├── qubes-os-r4.2.yml ├── qubes-os-r4.3.yml ├── ubuntu.yml └── windows-tools.yml ├── keys └── qubes-developers-keys.asc ├── mypy.ini ├── qb ├── qubesbuilder-cli ├── qubesbuilder ├── __init__.py ├── cli │ ├── __init__.py │ ├── cli_base.py │ ├── cli_cleanup.py │ ├── cli_config.py │ ├── cli_exc.py │ ├── cli_installer.py │ ├── cli_main.py │ ├── cli_package.py │ ├── cli_repository.py │ └── cli_template.py ├── common.py ├── component.py ├── config.py ├── distribution.py ├── exc.py ├── executors │ ├── __init__.py │ ├── container.py │ ├── local.py │ ├── qrexec.py │ ├── qubes.py │ └── windows.py ├── log.py ├── pluginmanager.py ├── plugins │ ├── __init__.py │ ├── build │ │ └── __init__.py │ ├── build_archlinux │ │ ├── __init__.py │ │ └── scripts │ │ │ └── update-local-repo.sh │ ├── build_deb │ │ ├── __init__.py │ │ └── scripts │ │ │ ├── create-local-repo │ │ │ └── patch-changes │ ├── build_rpm │ │ ├── __init__.py │ │ └── scripts │ │ │ ├── filter-packages-by-dist-arch │ │ │ └── rpmbuildinfo │ ├── build_windows │ │ ├── __init__.py │ │ └── scripts │ │ │ ├── build-sln.ps1 │ │ │ ├── common.ps1 │ │ │ └── local │ │ │ ├── build-qwt.ps1 │ │ │ ├── build.ps1 │ │ │ ├── create-cert.ps1 │ │ │ ├── delete-cert.ps1 │ │ │ └── sign.ps1 │ ├── chroot │ │ └── __init__.py │ ├── chroot_archlinux │ │ ├── __init__.py │ │ ├── conf │ │ │ ├── makepkg-x86_64.conf │ │ │ └── pacman.conf.j2 │ │ ├── keys │ │ │ ├── qubes-repo-archlinux-key-r4.2.asc │ │ │ └── qubes-repo-archlinux-key-r4.3.asc │ │ └── scripts │ │ │ ├── add-qubes-repository-key │ │ │ ├── generate-mirrorlist │ │ │ └── generate-pacman │ ├── chroot_deb │ │ ├── __init__.py │ │ ├── keys │ │ │ ├── bionic-ubuntu-archive-keyring.gpg │ │ │ ├── bookworm-debian-archive-keyring.gpg │ │ │ ├── bullseye-debian-archive-keyring.gpg │ │ │ ├── buster-debian-archive-keyring.gpg │ │ │ ├── focal-ubuntu-archive-keyring.gpg │ │ │ ├── jammy-ubuntu-archive-keyring.gpg │ │ │ ├── noble-ubuntu-archive-keyring.gpg │ │ │ ├── qubes-debian-r4.0.asc │ │ │ ├── qubes-debian-r4.1.asc │ │ │ ├── qubes-debian-r4.2.asc │ │ │ ├── qubes-debian-r4.3.asc │ │ │ ├── qubes-debian-r4.asc │ │ │ ├── qubes-ubuntu-r4.2.asc │ │ │ ├── qubes-ubuntu-r4.3.asc │ │ │ ├── trixie-debian-archive-keyring.gpg │ │ │ └── whonix-developer-patrick.asc │ │ ├── pbuilder │ │ │ ├── hooks │ │ │ │ ├── D30update │ │ │ │ └── E30origin │ │ │ └── pbuilderrc │ │ └── scripts │ │ │ └── apt-download-packages │ ├── chroot_rpm │ │ ├── __init__.py │ │ ├── keys │ │ │ ├── RPM-GPG-KEY-CentOS-8 │ │ │ ├── RPM-GPG-KEY-CentOS-SIG-Virtualization │ │ │ ├── RPM-GPG-KEY-EPEL-8 │ │ │ ├── RPM-GPG-KEY-copr-epel-8 │ │ │ ├── RPM-GPG-KEY-copr-epel-8-python38 │ │ │ ├── RPM-GPG-KEY-fedora-34-primary │ │ │ ├── RPM-GPG-KEY-fedora-35-primary │ │ │ ├── RPM-GPG-KEY-fedora-36-primary │ │ │ ├── RPM-GPG-KEY-fedora-37-primary │ │ │ ├── RPM-GPG-KEY-fedora-38-primary │ │ │ ├── RPM-GPG-KEY-fedora-39-primary │ │ │ ├── RPM-GPG-KEY-fedora-40-primary │ │ │ ├── RPM-GPG-KEY-fedora-41-primary │ │ │ ├── RPM-GPG-KEY-fedora-42-primary │ │ │ ├── RPM-GPG-KEY-qubes-4-centos │ │ │ ├── RPM-GPG-KEY-qubes-4-primary │ │ │ ├── RPM-GPG-KEY-qubes-4.0-centos │ │ │ ├── RPM-GPG-KEY-qubes-4.0-primary │ │ │ ├── RPM-GPG-KEY-qubes-4.1-centos │ │ │ ├── RPM-GPG-KEY-qubes-4.1-primary │ │ │ ├── RPM-GPG-KEY-qubes-4.2-centos │ │ │ ├── RPM-GPG-KEY-qubes-4.2-primary │ │ │ ├── RPM-GPG-KEY-qubes-4.3-primary │ │ │ ├── qubes-release-4-signing-key.asc │ │ │ ├── qubes-release-4.0-signing-key.asc │ │ │ ├── qubes-release-4.1-signing-key.asc │ │ │ ├── qubes-release-4.2-signing-key.asc │ │ │ └── qubes-release-4.3-signing-key.asc │ │ └── mock │ │ │ ├── centos-stream-8-x86_64.cfg │ │ │ ├── centos-stream.cfg │ │ │ ├── fedora-32-x86_64.cfg │ │ │ ├── fedora-36-x86_64.cfg │ │ │ ├── fedora-37-x86_64.cfg │ │ │ ├── fedora-38-x86_64.cfg │ │ │ ├── fedora-39-x86_64.cfg │ │ │ ├── fedora-40-x86_64.cfg │ │ │ ├── fedora-41-x86_64.cfg │ │ │ ├── fedora-42-x86_64.cfg │ │ │ └── fedora.cfg │ ├── fetch │ │ ├── __init__.py │ │ ├── keys │ │ │ ├── 0064428F455451B3EBE78A7F063938BA42CFA724.asc │ │ │ ├── 274E12AB03F2FE293765FC06DA0434BC706E1FCF.asc │ │ │ ├── 427F11FD0FAA4B080123F01CDDFA1A3E36879494.asc │ │ │ ├── 77EEEF6D0386962AEA8CF84A9B8273F80AC219E6.asc │ │ │ ├── 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA.asc │ │ │ ├── 9FA64B92F95E706BF28E2CA6484010B5CDC576E2.asc │ │ │ ├── CE8060B48282B234AE0A7815D32BF219E67BA830.asc │ │ │ └── qubes-developers-keys.asc │ │ └── scripts │ │ │ ├── create-archive │ │ │ ├── download-file │ │ │ ├── get-and-verify-source │ │ │ ├── get-and-verify-source.py │ │ │ ├── sequoia-crypto-policy.toml │ │ │ └── verify-file │ ├── installer │ │ ├── .gitignore │ │ ├── Makefile │ │ ├── __init__.py │ │ ├── mock │ │ │ ├── fedora-32-x86_64.cfg │ │ │ ├── fedora-37-x86_64.cfg │ │ │ ├── fedora-41-x86_64.cfg │ │ │ └── fedora-x86_64.cfg │ │ ├── scripts │ │ │ ├── create-torrent │ │ │ ├── ksparser │ │ │ ├── release-iso │ │ │ ├── tmplparser │ │ │ └── update-templates-cache │ │ └── yum │ │ │ ├── dnf.conf │ │ │ └── lorax.repo │ ├── publish │ │ └── __init__.py │ ├── publish_archlinux │ │ └── __init__.py │ ├── publish_deb │ │ ├── __init__.py │ │ └── scripts │ │ │ └── create-skeleton │ ├── publish_rpm │ │ ├── __init__.py │ │ ├── mirrors.list │ │ └── scripts │ │ │ └── create-skeleton │ ├── sign │ │ └── __init__.py │ ├── sign_archlinux │ │ └── __init__.py │ ├── sign_deb │ │ └── __init__.py │ ├── sign_rpm │ │ ├── __init__.py │ │ └── scripts │ │ │ ├── sign-rpm │ │ │ └── update-rpmbuildinfo │ ├── source │ │ ├── __init__.py │ │ ├── salt │ │ │ ├── FORMULA-DEFAULTS │ │ │ ├── Makefile.install │ │ │ └── yaml-dumper │ │ └── scripts │ │ │ └── common │ ├── source_archlinux │ │ ├── __init__.py │ │ └── scripts │ │ │ ├── generate-pkgbuild │ │ │ └── get-source-info │ ├── source_deb │ │ ├── __init__.py │ │ └── scripts │ │ │ ├── clamp-changelog-entry-date │ │ │ ├── debian-changelog │ │ │ ├── debian-get-packages-list │ │ │ ├── debian-parser │ │ │ ├── debian-quilt │ │ │ ├── get-source-info │ │ │ └── modify-changelog-for-build │ ├── source_rpm │ │ ├── __init__.py │ │ └── scripts │ │ │ ├── generate-changelog │ │ │ ├── generate-spec │ │ │ ├── get-source-info │ │ │ ├── query-builtrpms │ │ │ └── query-spec │ ├── source_windows │ │ └── __init__.py │ ├── template │ │ ├── Makefile │ │ ├── __init__.py │ │ ├── appmenus_generic │ │ │ ├── netvm-whitelisted-appmenus.list │ │ │ ├── vm-whitelisted-appmenus.list │ │ │ └── whitelisted-appmenus.list │ │ ├── scripts │ │ │ ├── build-template-rpm │ │ │ ├── builder-fix-filenames │ │ │ ├── builder-setup │ │ │ ├── functions.sh │ │ │ ├── prepare-image │ │ │ ├── qubeize-image │ │ │ └── umount-kill │ │ ├── template.spec │ │ └── template_generic.conf │ └── upload │ │ └── __init__.py └── template.py ├── rpc ├── policy │ ├── 50-qubesbuilder.policy │ └── 51-qubesbuilder-windows.policy ├── qubesbuilder-file-copy-in.ps1 ├── qubesbuilder-file-copy-out.ps1 ├── qubesbuilder.FileCopyIn ├── qubesbuilder.FileCopyOut ├── qubesbuilder.WinFileCopyIn ├── qubesbuilder.WinFileCopyOut ├── qubesbuilder.WinSign.CreateKey ├── qubesbuilder.WinSign.DeleteKey ├── qubesbuilder.WinSign.GetCert ├── qubesbuilder.WinSign.QueryKey ├── qubesbuilder.WinSign.Sign ├── qubesbuilder.WinSign.Timestamp └── qubesbuilder.WinSign.common ├── tests ├── builder-ci.yml ├── gnupg │ ├── openpgp-revocs.d │ │ ├── 466110A602D13C7A5CD9DDF690A99E7695483BFE.rev │ │ ├── 632F8C69E01B25C9E0C3ADF2F360C0D259FB650C.rev │ │ ├── 8B080B3E649B153AA44FE43E722F2B7B164FDEF7.rev │ │ └── C1261D4BA94026D4EEBDCB485811E93DE307C3CE.rev │ ├── private-keys-v1.d │ │ ├── 13BA2F41C3335F9D3A719B88F999FC738E2C2118.key │ │ ├── 4F1238E32595370BA08D8978364CF9F846C707F7.key │ │ ├── 74D9755A5B3601A0D8069301E7D8D8EABEB451DC.key │ │ ├── 80256D086B87167A8499EBEE74E57DE1DA80E267.key │ │ └── 8B94F52F514A6F106C37F31E6CD988B44506BEE0.key │ ├── pubring.kbx │ └── trustdb.gpg ├── keys │ └── C4A2E4615A16BD191110DEE17320B2D2134763F3.asc ├── scripts │ └── check-chroot-content.sh ├── test_cli.py ├── test_cli_cleanup.py ├── test_cli_repository.py ├── test_executors.py ├── test_functions.py ├── test_log.py ├── test_objects.py └── test_scripts.py └── tools ├── generate-container-image.sh └── windows ├── .gitignore ├── deps.txt ├── dom0 └── create-vm.sh ├── edit-iso-dispvm.sh ├── edit-iso.sh ├── generate-iso.sh ├── get-files.sh └── iso-files ├── autounattend.xml └── sources └── $OEM$ └── $1 └── qubes ├── .gitignore ├── ssh.ps1 └── sshd_config /.dockerignore: -------------------------------------------------------------------------------- 1 | artifacts 2 | tests/gnupg/S.* 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | **__pycache__ 3 | .coverage 4 | artifacts 5 | mypy.xml 6 | pylint.xml 7 | builder.yml 8 | builder.yml.bak 9 | test.py 10 | builder.lock 11 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "qubesbuilder/plugins/publish/mirrors"] 2 | path = qubesbuilder/plugins/publish/mirrors 3 | url = ../qubes-infrastructure-mirrors 4 | -------------------------------------------------------------------------------- /ci/codecov-keys.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGCsMn0BEACiCKZOhkbhUjb+obvhH49p3ShjJzU5b/GqAXSDhRhdXUq7ZoGq 4 | KEKCd7sQHrCf16Pi5UVacGIyE9hS93HwY15kMlLwM+lNeAeCglEscOjpCly1qUIr 5 | sN1wjkd2cwDXS6zHBJTqJ7wSOiXbZfTAeKhd6DuLEpmA+Rz4Yc+4qZP+fVxVG3Pv 6 | 2v06m+E5CP/JQVQPO8HYi+S36hJImTh+zaDspu+VujSai5KzJ6YKmgwslVNIp5X5 7 | GnEr2uAh5w6UTnt9UQUjFFliAvQ3lPLWzm7DWs6AP9hslYxSWzwbzVF5qbOIjUJL 8 | KfoUpvCYDs2ObgRn8WUQO0ndkRCBIxhlF3HGGYWKQaCEsiom7lyi8VbAszmUCDjw 9 | HdbQHFmm5yHLpTXJbg+iaxQzKnhWVXzye5/x92IJmJswW81Ky346VxYdC1XFL/+Y 10 | zBaj9oMmV7WfRpdch09Gf4TgosMzWf3NjJbtKE5xkaghJckIgxwzcrRmF/RmCJue 11 | IMqZ8A5qUUlK7NBzj51xmAQ4BtkUa2bcCBRV/vP+rk9wcBWz2LiaW+7Mwlfr/C/Q 12 | Swvv/JW2LsQ4iWc1BY7m7ksn9dcdypEq/1JbIzVLCRDG7pbMj9yLgYmhe5TtjOM3 13 | ygk25584EhXSgUA3MZw+DIqhbHQBYgrKndTr2N/wuBQY62zZg1YGQByD4QARAQAB 14 | tEpDb2RlY292IFVwbG9hZGVyIChDb2RlY292IFVwbG9hZGVyIFZlcmlmaWNhdGlv 15 | biBLZXkpIDxzZWN1cml0eUBjb2RlY292LmlvPokCTgQTAQoAOBYhBCcDTn/bhQ4L 16 | vCxi/4Brsortd5hpBQJgrDJ9AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ 17 | EIBrsortd5hpxLMP/3Fbgx5EG7zUUOqPZ+Ya9z8JlZFIkh3FxYMfMFE8jH9Es26F 18 | V2ZTJLO259MxM+5N0XzObi3h4XqIzBn42pDRfwtojY5wl2STJ9Bzu+ykPog7OB1u 19 | yfWXDRKcqPTUIxI1/WdU+c0/WNE6wjyzK+lRc1YUlp4pdNU7l+j2vKN+jGi2b6nV 20 | PTPRsMcwy3B90fKf5h2wNMNqO+KX/rjgpG9Uhej+xyFWkGM1tZDQQYFj+ugQUj61 21 | BMsQrUmxOnaVVnix21cHnACDCaxqgQZH3iZyEOKPNMsRFRP+0fLEnUMP+DVnQE6J 22 | Brk1Z+XhtjGI9PISQVx5KKDKscreS/D5ae2Cw/FUlQMf57kir6mkbZVhz2khtccz 23 | atD0r59WomNywIDyk1QfAKV0+O0WeJg8A69/Jk6yegsrUb5qEfkih/I38vvI0OVL 24 | BYve/mQIHuQo5ziBptNytCrN5TXHXzguX9GOW1V1+3DR+w/vXcnz67sjlYDysf1f 25 | JUZv9edZ2RGKW7agbrgOw2hB+zuWZ10tjoEcsaSGOLtKRGFDfmu/dBxzl8yopUpa 26 | Tn79QKOieleRm5+uCcKCPTeKV0GbhDntCZJ+Yiw6ZPmrpcjDowAoMQ9kiMVa10+Q 27 | WwwoaRWuqhf+dL6Q2OLFOxlyCDKVSyW0YF4Vrf3fKGyxKJmszAL+NS1mVcdxuQIN 28 | BGCsMn0BEADLrIesbpfdAfWRvUFDN+PoRfa0ROwa/JOMhEgVsowQuk9No8yRva/X 29 | VyiA6oCq6na7IvZXMxT7di4FWDjDtw5xHjbtFg336IJTGBcnzm7WIsjvyyw8kKfB 30 | 8cvG7D2OkzAUF8SVXLarJ1zdBP/Dr1Nz6F/gJsx5+BM8wGHEz4DsdMRV7ZMTVh6b 31 | PaGuPZysPjSEw62R8MFJ1fSyDGCKJYwMQ/sKFzseNaY/kZVR5lq0dmhiYjNVQeG9 32 | HJ6ZCGSGT5PKNOwx/UEkT6jhvzWgfr2eFVGJTcdwSLEgIrJIDzP7myHGxuOiuCmJ 33 | ENgL1f7mzGkJ/hYXq1RWqsn1Fh2I9KZMHggqu4a+s3RiscmNcbIlIhJLXoE1bxZ/ 34 | TfYZ9Aod6Bd5TsSMTZNwV2am9zelhDiFF60FWww/5nEbhm/X4suC9W86qWBxs3Kh 35 | vk1dxhElRjtgwUEHA5OFOO48ERHfR7COH719D/YmqLU3EybBgJbGoC/yjlGJxv0R 36 | kOMAiG2FneNKEZZihReh8A5Jt6jYrSoHFRwL6oJIZfLezB7Rdajx1uH7uYcUyIaE 37 | SiDWlkDw/IFM315NYFA8c1TCSIfnabUYaAxSLNFRmXnt+GQpm44qAK1x8EGhY633 38 | e5B4FWorIXx0tTmsVM4rkQ6IgAodeywKG+c2Ikd+5dQLFmb7dW/6CwARAQABiQI2 39 | BBgBCgAgFiEEJwNOf9uFDgu8LGL/gGuyiu13mGkFAmCsMn0CGwwACgkQgGuyiu13 40 | mGkYWxAAkzF64SVpYvY9nY/QSYikL8UHlyyqirs6eFZ3Mj9lMRpHM2Spn9a3c701 41 | 0Ge4wDbRP2oftCyPP+p9pdUA77ifMTlRcoMYX8oXAuyE5RT2emBDiWvSR6hQQ8bZ 42 | WFNXal+bUPpaRiruCCUPD2b8Od1ftzLqbYOosxr/m5Du0uahgOuGw6zlGBJCVOo7 43 | UB2Y++oZ8P7oDGF722opepWQ+bl2a6TRMLNWWlj4UANknyjlhyZZ7PKhWLjoC6MU 44 | dAKcwQUdp+XYLc/3b00bvgju0e99QgHZMX2fN3d3ktdN5Q2fqiAi5R6BmCCO4ISF 45 | o5j10gGU/sdqGHvNhv5C21ibun7HEzMtxBhnhGmytfBJzrsj7GOReePsfTLoCoUq 46 | dFMOAVUDciVfRtL2m8cv42ZJOXtPfDjsFOf8AKJk40/tc8mMMqZP7RVBr9RWOoq5 47 | y9D37NfI6UB8rPZ6qs0a1Vfm8lIh2/k1AFECduXgftMDTsmmXOgXXS37HukGW7AL 48 | QKWiWJQF/XopkXwkyAYpyuyRMZ77oF7nuqLFnl5VVEiRo0Fwu45erebc6ccSwYZU 49 | 8pmeSx7s0aJtxCZPSZEKZ3mn0BXOR32Cgs48CjzFWf6PKucTwOy/YO0/4Gt/upNJ 50 | 3DyeINcYcKyD08DEIF9f5tLyoiD4xz+N23ltTBoMPyv4f3X/wCQ= 51 | =ch7z 52 | -----END PGP PUBLIC KEY BLOCK----- 53 | -------------------------------------------------------------------------------- /ci/codecov-wrapper: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -xe 4 | 5 | curl -Os https://uploader.codecov.io/latest/linux/codecov 6 | curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM 7 | curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM.sig 8 | 9 | sqv --keyring ci/codecov-keys.asc codecov.SHA256SUM.sig codecov.SHA256SUM 10 | shasum -a 256 -c codecov.SHA256SUM 11 | 12 | chmod +x codecov 13 | 14 | python3 -m coverage xml || : 15 | 16 | if [[ "$CI_COMMIT_BRANCH" =~ ^pr- ]]; then 17 | PR=${CI_COMMIT_BRANCH#pr-} 18 | parents=$(git show -s --format='%P %ae') 19 | if [ "$(wc -w <<<"$parents")" -eq 3 ] && [ "${parents##* }" = "fepitre-bot@qubes-os.org" ]; then 20 | commit_sha=$(cut -f 2 -d ' ' <<<"${parents}") 21 | else 22 | commit_sha=$(git show -s --format='%H') 23 | fi 24 | exec ./codecov --pr "$PR" --sha "$commit_sha" "$@" 25 | fi 26 | exec ./codecov "$@" 27 | -------------------------------------------------------------------------------- /dependencies-debian.txt: -------------------------------------------------------------------------------- 1 | createrepo-c 2 | devscripts 3 | docker.io 4 | gpg 5 | mktorrent 6 | openssl 7 | python3-click 8 | python3-dateutil 9 | python3-docker 10 | python3-lxml 11 | python3-packaging 12 | python3-pathspec 13 | python3-setuptools 14 | python3-yaml 15 | reprepro 16 | rpm 17 | sq 18 | sqv 19 | tree 20 | -------------------------------------------------------------------------------- /dependencies-fedora-qubes-executor.txt: -------------------------------------------------------------------------------- 1 | createrepo_c 2 | debootstrap 3 | devscripts 4 | dnf-plugins-core 5 | dpkg-dev 6 | git 7 | mock 8 | pbuilder 9 | perl-Digest-MD5 10 | perl-Digest-SHA 11 | pykickstart 12 | python3-debian 13 | python3-pyyaml 14 | python3-sh 15 | reprepro 16 | rpm-build 17 | rpmdevtools 18 | systemd-udev 19 | wget 20 | which 21 | -------------------------------------------------------------------------------- /dependencies-fedora.txt: -------------------------------------------------------------------------------- 1 | asciidoc 2 | createrepo_c 3 | devscripts 4 | docker 5 | gpg 6 | m4 7 | mock 8 | openssl 9 | pacman 10 | podman 11 | python3-click 12 | python3-docker 13 | python3-jinja2-cli 14 | python3-lxml 15 | python3-packaging 16 | python3-pathspec 17 | python3-podman 18 | python3-pyyaml 19 | rb_libtorrent-examples 20 | reprepro 21 | rpm 22 | rpm-sign 23 | rsync 24 | sequoia-chameleon-gnupg 25 | sequoia-sq 26 | sequoia-sqv 27 | tree 28 | -------------------------------------------------------------------------------- /dockerfiles/debian.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian@sha256:e83913597ca9deb9d699316a9a9d806c2a87ed61195ac66ae0a8ac55089a84b9 2 | MAINTAINER Frédéric Pierret 3 | 4 | ARG DEBIAN_FRONTEND=noninteractive 5 | 6 | # Install dependencies for Qubes Builder 7 | RUN apt-get update && \ 8 | apt-get install -y \ 9 | curl \ 10 | debootstrap \ 11 | devscripts \ 12 | dpkg-dev \ 13 | e2fsprogs \ 14 | fdisk \ 15 | git \ 16 | pbuilder \ 17 | psutils \ 18 | python3-debian \ 19 | python3-yaml \ 20 | reprepro \ 21 | rpm \ 22 | sudo \ 23 | tree \ 24 | udev \ 25 | wget \ 26 | && apt-get clean all 27 | 28 | # Create build user 29 | RUN useradd -m user -u 1000 30 | RUN usermod -aG sudo user && echo '%sudo ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/sudo 31 | 32 | # Create needed folders 33 | RUN mkdir /builder /builder/plugins /builder/build /builder/distfiles /builder/cache /builder/repository /builder/sources 34 | RUN chown -R user /builder 35 | 36 | USER user 37 | -------------------------------------------------------------------------------- /dockerfiles/fedora-mock.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | MAINTAINER Frédéric Pierret 3 | 4 | # Use Mock chroot 5 | ADD cache.tar.gz / 6 | 7 | # Install dependencies for Qubes Builder 8 | RUN dnf -y update && \ 9 | dnf install -y \ 10 | arch-install-scripts \ 11 | archlinux-keyring \ 12 | asciidoc \ 13 | createrepo_c \ 14 | debian-keyring \ 15 | debootstrap \ 16 | devscripts \ 17 | dnf-plugins-core \ 18 | dpkg-dev \ 19 | e2fsprogs \ 20 | git \ 21 | m4 \ 22 | mock \ 23 | pacman \ 24 | pbuilder \ 25 | perl-Digest-MD5 \ 26 | perl-Digest-SHA \ 27 | psmisc \ 28 | python3-debian \ 29 | python3-jinja2-cli \ 30 | python3-pyyaml \ 31 | python3-sh \ 32 | pykickstart \ 33 | reprepro \ 34 | rpm-build \ 35 | rpmdevtools \ 36 | rsync \ 37 | systemd-udev \ 38 | tree \ 39 | wget \ 40 | which \ 41 | zstd \ 42 | && dnf clean all 43 | 44 | # Install devtools for Archlinux 45 | RUN git clone -n https://gitlab.archlinux.org/fepitre/devtools && \ 46 | cd devtools && \ 47 | git checkout f91a1ac64d96a7cb38dc581eb4bd2ba0118d234c && \ 48 | make install DESTDIR=/ PREFIX=/usr/local && \ 49 | ln -s /usr/local/bin/archbuild /usr/local/bin/qubes-x86_64-build 50 | 51 | # Create build user 52 | RUN useradd -m user 53 | RUN usermod -aG wheel user && echo '%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/wheel 54 | 55 | # Create needed folders 56 | RUN mkdir /builder /builder/plugins /builder/build /builder/distfiles /builder/cache /builder/repository /builder/sources 57 | RUN chown -R user /builder 58 | 59 | USER user 60 | -------------------------------------------------------------------------------- /dockerfiles/fedora.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM fedora@sha256:3ec60eb34fa1a095c0c34dd37cead9fd38afb62612d43892fcf1d3425c32bc1e 2 | MAINTAINER Frédéric Pierret 3 | 4 | # Install dependencies for Qubes Builder 5 | RUN dnf -y update && \ 6 | dnf install -y \ 7 | arch-install-scripts \ 8 | archlinux-keyring \ 9 | asciidoc \ 10 | createrepo_c \ 11 | debian-keyring \ 12 | debootstrap \ 13 | devscripts \ 14 | dnf-plugins-core \ 15 | dpkg-dev \ 16 | e2fsprogs \ 17 | git \ 18 | m4 \ 19 | mock \ 20 | pacman \ 21 | pbuilder \ 22 | perl-Digest-MD5 \ 23 | perl-Digest-SHA \ 24 | psmisc \ 25 | python3-debian \ 26 | python3-jinja2-cli \ 27 | python3-pyyaml \ 28 | python3-sh \ 29 | pykickstart \ 30 | reprepro \ 31 | rpm-build \ 32 | rpmdevtools \ 33 | rsync \ 34 | systemd-udev \ 35 | tree \ 36 | wget \ 37 | which \ 38 | zstd \ 39 | && dnf clean all 40 | 41 | # Install devtools for Archlinux 42 | RUN git clone -n https://gitlab.archlinux.org/fepitre/devtools && \ 43 | cd devtools && \ 44 | git checkout f91a1ac64d96a7cb38dc581eb4bd2ba0118d234c && \ 45 | make install DESTDIR=/ PREFIX=/usr/local && \ 46 | ln -s /usr/local/bin/archbuild /usr/local/bin/qubes-x86_64-build 47 | 48 | # Create build user 49 | RUN useradd -m user 50 | RUN usermod -aG wheel user && echo '%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/wheel 51 | 52 | # Create needed folders 53 | RUN mkdir /builder /builder/plugins /builder/build /builder/distfiles /builder/cache /builder/repository /builder/sources 54 | RUN mkdir -p /builder/cache/mock 55 | RUN chown -R user /builder 56 | 57 | USER user 58 | -------------------------------------------------------------------------------- /dockerfiles/ubuntu.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu@sha256:6e75a10070b0fcb0bead763c5118a369bc7cc30dfc1b0749c491bbb21f15c3c7 2 | MAINTAINER Frédéric Pierret 3 | 4 | ARG DEBIAN_FRONTEND=noninteractive 5 | 6 | # Install dependencies for Qubes Builder 7 | RUN apt-get update && \ 8 | apt-get install -y \ 9 | curl \ 10 | debootstrap \ 11 | devscripts \ 12 | dpkg-dev \ 13 | e2fsprogs \ 14 | fdisk \ 15 | git \ 16 | pbuilder \ 17 | psutils \ 18 | python3-debian \ 19 | python3-yaml \ 20 | reprepro \ 21 | rpm \ 22 | sudo \ 23 | tree \ 24 | udev \ 25 | wget \ 26 | && apt-get clean all 27 | 28 | # Create build user 29 | RUN useradd -m user -u 1010 30 | RUN usermod -aG sudo user && echo '%sudo ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/sudo 31 | 32 | # Create needed folders 33 | RUN mkdir /builder /builder/plugins /builder/build /builder/distfiles /builder/cache /builder/repository /builder/sources 34 | RUN chown -R user /builder 35 | 36 | USER user 37 | -------------------------------------------------------------------------------- /example-configs/archlinux.yml: -------------------------------------------------------------------------------- 1 | git: 2 | baseurl: https://github.com 3 | prefix: qubesos/qubes- 4 | branch: main 5 | 6 | backend-vmm: xen 7 | debug: true 8 | verbose: true 9 | qubes-release: r4.2 10 | 11 | cache: 12 | vm-archlinux: 13 | packages: 14 | - bin86 15 | - bridge-utils 16 | - conntrack-tools 17 | - dconf 18 | - desktop-file-utils 19 | - dev86 20 | - fakeroot 21 | - gawk 22 | - gcc 23 | - git 24 | - gnome-packagekit 25 | - graphicsmagick 26 | - haveged 27 | - iasl 28 | - iproute2 29 | - iptables 30 | - librsvg 31 | - libsystemd 32 | - libutil-linux 33 | - libx11 34 | - lsb-release 35 | - lzo 36 | - make 37 | - make 38 | - networkmanager 39 | - nftables 40 | - notification-daemon 41 | - ntp 42 | - openssl 43 | - pacman-contrib 44 | - pandoc 45 | - parted 46 | - patch 47 | - pixman 48 | - pkg-config 49 | - procps-ng 50 | - python 51 | - python-dbus 52 | - python-gobject 53 | - python-lxml 54 | - python-setuptools 55 | - python-xdg 56 | - sed 57 | - shared-mime-info 58 | - socat 59 | - tinyproxy 60 | - wget 61 | - xdg-utils 62 | - yajl 63 | - zenity 64 | - blas 65 | - cblas 66 | - lapack 67 | - libimagequant 68 | - libraqm 69 | - openjpeg2 70 | - python-cairo 71 | - python-numpy 72 | - python-pillow 73 | 74 | distributions: 75 | - vm-archlinux 76 | 77 | templates: 78 | - archlinux: 79 | dist: archlinux 80 | 81 | components: 82 | - builder-archlinux: 83 | packages: False 84 | - vmm-xen 85 | - core-vchan-xen 86 | - core-qubesdb 87 | - core-qrexec 88 | - linux-utils 89 | - core-agent-linux 90 | - gui-common 91 | - gui-agent-linux 92 | - app-linux-split-gpg 93 | - app-linux-input-proxy 94 | - app-linux-usb-proxy 95 | - meta-packages 96 | 97 | executor: 98 | type: docker 99 | options: 100 | image: "qubes-builder-fedora:latest" 101 | 102 | stages: 103 | - fetch 104 | - prep 105 | - build 106 | -------------------------------------------------------------------------------- /example-configs/gentoo.yml: -------------------------------------------------------------------------------- 1 | git: 2 | baseurl: https://github.com 3 | prefix: qubesos/qubes- 4 | branch: main 5 | 6 | backend-vmm: xen 7 | debug: true 8 | verbose: true 9 | qubes-release: r4.2 10 | 11 | template-root-size: "30G" 12 | 13 | templates: 14 | - gentoo: 15 | dist: gentoo 16 | timeout: 86400 17 | - gentoo-minimal: 18 | dist: gentoo 19 | flavor: minimal 20 | timeout: 86400 21 | - gentoo-xfce: 22 | dist: gentoo 23 | flavor: xfce 24 | timeout: 86400 25 | 26 | components: 27 | - builder-gentoo: 28 | packages: False 29 | url: https://github.com/QubesOS/qubes-builder-gentoo 30 | maintainers: 31 | # fepitre's @qubes-os.org 32 | - 9FA64B92F95E706BF28E2CA6484010B5CDC576E2 33 | # fepitre's @invisiblethingslab.com 34 | - 77EEEF6D0386962AEA8CF84A9B8273F80AC219E6 35 | 36 | executor: 37 | type: docker 38 | options: 39 | image: "qubes-builder-fedora:latest" 40 | 41 | stages: 42 | - fetch 43 | - prep 44 | - build 45 | 46 | -------------------------------------------------------------------------------- /example-configs/kali.yml: -------------------------------------------------------------------------------- 1 | git: 2 | baseurl: https://github.com 3 | prefix: qubesos/qubes- 4 | branch: main 5 | 6 | backend-vmm: xen 7 | debug: true 8 | verbose: true 9 | qubes-release: r4.2 10 | use-qubes-repo: 11 | version: 4.2 12 | testing: true 13 | template-root-size: "30G" 14 | 15 | templates: 16 | - kali: 17 | dist: bookworm 18 | flavor: kali 19 | - kali-core: 20 | dist: bookworm 21 | flavor: kali-core 22 | - kali-large: 23 | dist: bookworm 24 | flavor: kali-large 25 | 26 | components: 27 | - builder-debian: 28 | packages: False 29 | - template-kali: 30 | packages: False 31 | url: https://github.com/fepitre/qubes-template-kali 32 | maintainers: 33 | # fepitre's @qubes-os.org 34 | - 9FA64B92F95E706BF28E2CA6484010B5CDC576E2 35 | # fepitre's @invisiblethingslab.com 36 | - 77EEEF6D0386962AEA8CF84A9B8273F80AC219E6 37 | 38 | executor: 39 | type: docker 40 | options: 41 | image: "qubes-builder-fedora:latest" 42 | 43 | stages: 44 | - fetch 45 | - prep 46 | - build 47 | 48 | -------------------------------------------------------------------------------- /example-configs/kicksecure.yml: -------------------------------------------------------------------------------- 1 | git: 2 | baseurl: https://github.com 3 | prefix: qubesos/qubes- 4 | branch: main 5 | maintainers: 6 | # marmarek 7 | - '0064428F455451B3EBE78A7F063938BA42CFA724' 8 | # simon 9 | - '274E12AB03F2FE293765FC06DA0434BC706E1FCF' 10 | 11 | backend-vmm: xen 12 | debug: true 13 | verbose: true 14 | qubes-release: r4.3 15 | 16 | distributions: 17 | - vm-bookworm 18 | 19 | templates: 20 | - kicksecure-17: 21 | dist: bookworm 22 | flavor: kicksecure 23 | options: 24 | - minimal 25 | - no-recommends 26 | 27 | components: 28 | - builder-debian: 29 | packages: False 30 | - template-kicksecure: 31 | packages: False 32 | branch: master 33 | url: https://github.com/Kicksecure/qubes-template-kicksecure.git 34 | maintainers: 35 | # Patrick (adrelanos) 36 | - 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA 37 | 38 | #executor: 39 | # type: docker 40 | # options: 41 | # image: "qubes-builder-fedora:latest" 42 | executor: 43 | type: qubes 44 | options: 45 | dispvm: "@dispvm" 46 | 47 | stages: 48 | - fetch 49 | - prep 50 | - build 51 | 52 | -------------------------------------------------------------------------------- /example-configs/ubuntu.yml: -------------------------------------------------------------------------------- 1 | git: 2 | baseurl: https://github.com 3 | prefix: qubesos/qubes- 4 | branch: main 5 | maintainers: 6 | # marmarek 7 | - '0064428F455451B3EBE78A7F063938BA42CFA724' 8 | # simon 9 | - '274E12AB03F2FE293765FC06DA0434BC706E1FCF' 10 | 11 | backend-vmm: xen 12 | debug: true 13 | verbose: true 14 | qubes-release: r4.2 15 | 16 | distributions: 17 | - vm-jammy 18 | - vm-noble 19 | 20 | templates: 21 | # Using packages_jammy.list + gnome directory 22 | - jammy: 23 | dist: jammy 24 | flavor: gnome 25 | # Using packages_jammy.list only (no gnome apps) 26 | - jammy-standard: 27 | dist: jammy 28 | # Using packages_jammy_minimal.list 29 | - jammy-minimal: 30 | dist: jammy 31 | flavor: minimal 32 | # Using packages_noble.list + gnome directory 33 | - noble: 34 | dist: noble 35 | flavor: gnome 36 | # Using packages_noble.list only (no gnome apps) 37 | - noble-standard: 38 | dist: noble 39 | # Using packages_noble_minimal.list 40 | - noble-minimal: 41 | dist: noble 42 | flavor: minimal 43 | 44 | components: 45 | - builder-debian: 46 | packages: False 47 | - vmm-xen-guest 48 | - core-vchan-xen 49 | - core-qubesdb 50 | - core-qrexec 51 | - linux-utils 52 | - core-agent-linux 53 | - gui-common 54 | - gui-agent-linux 55 | - app-linux-split-gpg 56 | - app-linux-input-proxy 57 | - app-linux-usb-proxy 58 | - app-linux-pdf-converter 59 | - app-linux-img-converter 60 | - mgmt-salt 61 | - fwupd 62 | - repo-templates 63 | - meta-packages 64 | - salt 65 | 66 | executor: 67 | type: docker 68 | options: 69 | image: "qubes-builder-ubuntu:latest" 70 | 71 | stages: 72 | - fetch 73 | - prep 74 | - build 75 | 76 | -------------------------------------------------------------------------------- /example-configs/windows-tools.yml: -------------------------------------------------------------------------------- 1 | git: 2 | prefix: omeg/qubes- 3 | branch: omeg/builder-v2 4 | maintainers: 5 | # omeg 6 | - 'CE8060B48282B234AE0A7815D32BF219E67BA830' 7 | 8 | #increment-devel-versions: true 9 | 10 | debug: true 11 | verbose: true 12 | 13 | skip-git-fetch: false 14 | 15 | # this is for anything other than building, so source fetching etc 16 | executor: 17 | type: qubes 18 | options: 19 | dispvm: qubes-builder-dvm 20 | 21 | # dev only 22 | less-secure-signed-commits-sufficient: 23 | - vmm-xen-windows-pvdrivers 24 | - core-vchan-xen 25 | - windows-utils 26 | - core-qubesdb 27 | - core-agent-windows 28 | - gui-common 29 | - gui-agent-windows 30 | - installer-windows-tools 31 | 32 | distributions: 33 | - vm-win10: 34 | stages: 35 | - build: 36 | configuration: release 37 | sign-qube: vault-sign 38 | sign-key-name: "Qubes Windows Tools" 39 | test-sign: true 40 | executor: 41 | #type: windows-ssh 42 | type: windows 43 | options: 44 | dispvm: win-build 45 | user: user 46 | ewdk: tools/windows/ewdk.iso 47 | threads: 1 48 | #ssh-ip: 10.137.0.20 49 | #ssh-key-path: /home/user/.ssh/win-build.key 50 | 51 | components: 52 | - vmm-xen-windows-pvdrivers 53 | - core-vchan-xen 54 | - windows-utils 55 | - core-qubesdb 56 | - core-agent-windows 57 | - gui-common 58 | - gui-agent-windows 59 | - installer-windows-tools 60 | -------------------------------------------------------------------------------- /mypy.ini: -------------------------------------------------------------------------------- 1 | [mypy] 2 | exclude = /(test_\w+|setup)\.py$ 3 | files = qubesbuilder 4 | 5 | ignore_missing_imports = True 6 | check_untyped_defs = True 7 | warn_unused_configs = True 8 | no_implicit_optional = False 9 | -------------------------------------------------------------------------------- /qb: -------------------------------------------------------------------------------- 1 | qubesbuilder-cli -------------------------------------------------------------------------------- /qubesbuilder-cli: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import os 4 | import pathlib 5 | import sys 6 | 7 | sys.path.insert(0, os.fspath(pathlib.Path(__file__).parent)) 8 | 9 | from qubesbuilder.cli.cli_main import main 10 | 11 | main() 12 | -------------------------------------------------------------------------------- /qubesbuilder/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/qubesbuilder/__init__.py -------------------------------------------------------------------------------- /qubesbuilder/cli/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/qubesbuilder/cli/__init__.py -------------------------------------------------------------------------------- /qubesbuilder/cli/cli_exc.py: -------------------------------------------------------------------------------- 1 | # The Qubes OS Project, http://www.qubes-os.org 2 | # 3 | # Copyright (C) 2022 Frédéric Pierret (fepitre) 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License along 16 | # with this program. If not, see . 17 | # 18 | # SPDX-License-Identifier: GPL-3.0-or-later 19 | 20 | """ 21 | QubesBuilder command-line interface - exceptions module. 22 | """ 23 | 24 | from typing import Optional, IO 25 | 26 | import click 27 | 28 | from qubesbuilder.exc import QubesBuilderError 29 | from qubesbuilder.log import QubesBuilderLogger 30 | 31 | 32 | class CliError(QubesBuilderError, click.ClickException): 33 | """ 34 | An exception that Click can handle and show to the user. 35 | """ 36 | 37 | def show(self, file: Optional[IO] = None) -> None: 38 | QubesBuilderLogger.critical(self.format_message()) 39 | -------------------------------------------------------------------------------- /qubesbuilder/exc.py: -------------------------------------------------------------------------------- 1 | # The Qubes OS Project, http://www.qubes-os.org 2 | # 3 | # Copyright (C) 2021 Frédéric Pierret (fepitre) 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License along 16 | # with this program. If not, see . 17 | # 18 | # SPDX-License-Identifier: GPL-3.0-or-later 19 | 20 | 21 | class QubesBuilderError(Exception): 22 | def __init__(self, *args, **kwargs): 23 | super().__init__(*args) 24 | self.kwargs = kwargs 25 | 26 | 27 | class ComponentError(QubesBuilderError): 28 | pass 29 | 30 | 31 | class NoQubesBuilderFileError(ComponentError): 32 | """Component does not have .qubesbuilder file""" 33 | 34 | pass 35 | 36 | 37 | class DistributionError(QubesBuilderError): 38 | pass 39 | 40 | 41 | class TemplateError(QubesBuilderError): 42 | pass 43 | 44 | 45 | class ConfigError(QubesBuilderError): 46 | pass 47 | 48 | 49 | class EntityError(QubesBuilderError): 50 | pass 51 | 52 | 53 | class PluginManagerError(QubesBuilderError): 54 | pass 55 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/build/__init__.py: -------------------------------------------------------------------------------- 1 | # The Qubes OS Project, http://www.qubes-os.org 2 | # 3 | # Copyright (C) 2021 Frédéric Pierret (fepitre) 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License along 16 | # with this program. If not, see . 17 | # 18 | # SPDX-License-Identifier: GPL-3.0-or-later 19 | 20 | from qubesbuilder.component import QubesComponent 21 | from qubesbuilder.config import Config 22 | from qubesbuilder.distribution import QubesDistribution 23 | from qubesbuilder.plugins import ( 24 | DistributionComponentPlugin, 25 | PluginError, 26 | JobDependency, 27 | JobReference, 28 | ) 29 | 30 | 31 | class BuildError(PluginError): 32 | pass 33 | 34 | 35 | class BuildPlugin(DistributionComponentPlugin): 36 | """ 37 | BuildPlugin manages generic distribution build. 38 | 39 | Stages: 40 | - build - Ensure all build targets artifacts exist from previous required stage. 41 | 42 | Entry points: 43 | - build 44 | """ 45 | 46 | name = "build" 47 | 48 | def __init__( 49 | self, 50 | component: QubesComponent, 51 | dist: QubesDistribution, 52 | config: Config, 53 | stage: str, 54 | ): 55 | super().__init__( 56 | component=component, 57 | dist=dist, 58 | config=config, 59 | stage=stage, 60 | ) 61 | 62 | if self.has_component_packages(stage="build"): 63 | for build in self.get_parameters(stage="build").get("build", []): 64 | self.dependencies.append( 65 | JobDependency( 66 | JobReference( 67 | component=self.component, 68 | dist=self.dist, 69 | stage="prep", 70 | build=build.mangle(), 71 | template=None, 72 | ) 73 | ) 74 | ) 75 | 76 | @classmethod 77 | def from_args(cls, **kwargs): 78 | component = kwargs.get("component") 79 | if component and not component.has_packages: 80 | return None 81 | return super().from_args(**kwargs) 82 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/build_archlinux/scripts/update-local-repo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # update-local-repo.sh: Add all available packages to the custom repository, 4 | # initialising it if necessary 5 | echo "-> Archlinux update-local-repo.sh" 6 | 7 | CHROOT_DIR="$1" 8 | BUILDER_REPO_DIR="$2" 9 | 10 | PKGS_DIR="${BUILDER_REPO_DIR}/pkgs" 11 | 12 | if [ "${VERBOSE:-0}" -ge 2 ] || [ "${DEBUG:-0}" -eq 1 ]; then 13 | set -x 14 | fi 15 | 16 | chroot_cmd() { 17 | systemd-nspawn --directory="$CHROOT_DIR" \ 18 | --keep-unit \ 19 | --register=no \ 20 | --as-pid2 \ 21 | --bind="${BUILDER_REPO_DIR}":"/builder/repository" \ 22 | --chdir=/builder/repository \ 23 | "$@" 24 | } 25 | 26 | mkdir -p "$PKGS_DIR" 27 | if [ ! -f "${PKGS_DIR}/qubes.db" ]; then 28 | echo " -> Repo '${PKGS_DIR}' appears empty; initialising..." 29 | # repo-add cannot create empty db anymore, do it manually 30 | bsdtar -cf - -T /dev/null | gzip > "${PKGS_DIR}/qubes.db.tar.gz" 31 | ln -s qubes.db.tar.gz "${PKGS_DIR}/qubes.db" 32 | bsdtar -cf - -T /dev/null | gzip > "${PKGS_DIR}/qubes.files.tar.gz" 33 | ln -s qubes.files.tar.gz "${PKGS_DIR}/qubes.files" 34 | fi 35 | 36 | set -e 37 | 38 | # Move packages that are in a tree of components (artifacts/repository) 39 | # into a single directory as expected by ArchLinux. 40 | chroot_cmd /bin/sh -c "find . -name '*.pkg.tar.*' -print0 | xargs -0 -I {} mv {} pkgs/" 41 | 42 | # Generate custom repository metadata based on packages that are available 43 | # Repo Add need packages to be added in the right version number order as it only keeps the last entered package version 44 | # shellcheck disable=SC2016 45 | chroot_cmd /bin/sh -c 'for pkg in `ls -v pkgs/*.pkg.tar.*`; do repo-add pkgs/qubes.db.tar.gz "$pkg"; done;' 46 | 47 | # Ensure pacman doesn't check for disk free space -- it doesn't work in chroots 48 | chroot_cmd sed "s/^ *CheckSpace/#CheckSpace/g" -i /etc/pacman.conf 49 | 50 | # Update archlinux keyring first so that Archlinux can be updated even after a long time 51 | chroot_cmd /bin/sh -c \ 52 | "no_proxy='${NO_PROXY:-127.0.0.1}' http_proxy='${REPO_PROXY}' pacman -Sy --noconfirm --noprogressbar archlinux-keyring" 53 | 54 | # Now update system 55 | chroot_cmd /bin/sh -c \ 56 | "no_proxy='${NO_PROXY:-127.0.0.1}' http_proxy='${REPO_PROXY}' pacman -Syu --noconfirm --noprogressbar" 57 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/build_deb/scripts/create-local-repo: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2022 Frédéric Pierret (fepitre) 6 | # 7 | # This program is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 2 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License along 18 | # with this program. If not, see . 19 | # 20 | # SPDX-License-Identifier: GPL-3.0-or-later 21 | 22 | # Based on QubesOS/qubes-builder-debian/update-local-repo.sh 23 | 24 | set -e 25 | if [ "${DEBUG:-0}" -eq 1 ]; then 26 | set -x 27 | fi 28 | 29 | if [ $# -lt 2 ]; then 30 | echo "Usage: $0 " 31 | exit 1 32 | fi 33 | 34 | REPO_DIR=$1 35 | DISTRIBUTION="$2" 36 | SUITE=$3 37 | 38 | mkdir -p "$REPO_DIR/conf" 39 | 40 | calc_sha1() { 41 | f="dists/$SUITE/$1" 42 | echo -n " " 43 | echo -n "$(sha256sum "$f" | cut -d' ' -f 1)" "" 44 | echo -n "$(stat -c %s "$f")" "" 45 | echo "$1" 46 | } 47 | 48 | mkdir -p "$REPO_DIR/conf" 49 | cd "$REPO_DIR" 50 | 51 | reprepro_version="$(LC_ALL=C reprepro --version 2>&1)" 52 | reprepro_version="${reprepro_version#reprepro: This is reprepro version }" 53 | append_components="" 54 | if [ "$(printf '%s\n' "$reprepro_version" "5.4.0" | sort -V | head -n1)" = "5.4.0" ]; then 55 | append_components=$'\nDDebComponents: main' 56 | fi 57 | 58 | cat << EOF > "${REPO_DIR}/conf/distributions" 59 | Origin: Qubes OS $DISTRIBUTION 60 | Label: Qubes OS $DISTRIBUTION 61 | Codename: $SUITE 62 | Architectures: amd64 source 63 | Components: main${append_components} 64 | Description: APT repository with Qubes OS domU support tools for $DISTRIBUTION $SUITE 65 | Tracking: all includebuildinfos 66 | EOF 67 | 68 | # Initialize empty repository 69 | 70 | mkdir -p "dists/$SUITE/main/binary-amd64" 71 | dpkg-scanpackages --multiversion . > "dists/$SUITE/main/binary-amd64/Packages" 72 | gzip -9c "dists/$SUITE/main/binary-amd64/Packages" > "dists/$SUITE/main/binary-amd64/Packages.gz" 73 | 74 | DATE=$(LC_ALL=C date -u +"%a, %d %b %Y %H:%M:%S %Z") 75 | 76 | cat > "dists/$SUITE/Release" <> "dists/$SUITE/Release" 87 | calc_sha1 main/binary-amd64/Packages.gz >> "dists/$SUITE/Release" 88 | 89 | # Provision the local repository based on *.changes files 90 | mapfile -d $'\0' changes_files < <(find "${REPO_DIR}" -name '*.changes' -not -path "${REPO_DIR}/dists" -not -path "${REPO_DIR}/pool" -print0) 91 | for changes in "${changes_files[@]}" 92 | do 93 | reprepro -b "${REPO_DIR}" --ignore=surprisingbinary --ignore=surprisingarch include "$SUITE" "$changes" 94 | done 95 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/build_rpm/scripts/filter-packages-by-dist-arch: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2022 Frédéric Pierret (fepitre) 6 | # 7 | # This program is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 2 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License along 18 | # with this program. If not, see . 19 | # 20 | # SPDX-License-Identifier: GPL-3.0-or-later 21 | 22 | # This script is responsible to move RPMs from a directory to another by 23 | # filtering DIST and ARCH. A packages.list file is generated. 24 | 25 | set -e 26 | set -o pipefail 27 | 28 | if [ "${DEBUG}" == 1 ]; then 29 | set -x 30 | fi 31 | 32 | SOURCE_DIR="$1" 33 | TARGET_DIR="$2" 34 | DIST_TAG="$3" 35 | ARCH="$4" 36 | 37 | if ! [ -d "$SOURCE_DIR" ]; then 38 | echo "ERROR: Cannot find SOURCE_DIR." 39 | exit 1 40 | fi 41 | 42 | mkdir -p "$TARGET_DIR" 43 | echo -n > "$SOURCE_DIR"/packages.list 44 | 45 | readarray -t RPMS <<<$(find "${SOURCE_DIR}" -name "*.${DIST_TAG}.${ARCH}.rpm" -o -name "*.${DIST_TAG}.noarch.rpm") 46 | 47 | for rpm in "${RPMS[@]}" 48 | do 49 | echo "Found $rpm" 50 | mv "$rpm" "${TARGET_DIR}/" 51 | basename "$rpm" >> "$SOURCE_DIR"/packages.list 52 | done 53 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/build_windows/scripts/common.ps1: -------------------------------------------------------------------------------- 1 | # Get EWDK root from the environment or find it if not set 2 | function Find-EWDK { 3 | if (Test-Path -Path env:EWDK_PATH) { 4 | return $env:EWDK_PATH 5 | } else { 6 | foreach ($drive in Get-PSDrive) { 7 | if ($drive.Provider.Name -eq "FileSystem") { 8 | $root = $drive.Root 9 | $path = "$root\LaunchBuildEnv.cmd" 10 | if (Test-Path -Path $path) { 11 | return $root 12 | } 13 | } 14 | } 15 | } 16 | return $null 17 | } 18 | 19 | # Launch EWDK's environment setup script and grab variables that were set 20 | function Launch-EWDK { 21 | $ewdk_env_cmd = "$env:EWDK_PATH\BuildEnv\SetupBuildEnv.cmd" 22 | $ewdk_vars_txt = cmd /c "$ewdk_env_cmd x86_amd64 > nul & set" 23 | 24 | foreach ($line in $ewdk_vars_txt) { 25 | $kv = $line.split("=") 26 | $var_name = $kv[0] 27 | $var_value = $kv[1] 28 | if (! (Test-Path -Path "env:$var_name")) { 29 | Set-Item -Path "env:$var_name" -Value $var_value 30 | } 31 | } 32 | } 33 | 34 | function LogStart { 35 | $logDir = "c:\builder\log" 36 | New-Item -Path $logDir -ItemType Directory -Force 37 | $baseName = (Get-Item $MyInvocation.PSCommandPath).BaseName 38 | $logname = "$baseName-$(Get-Date -Format "yyyyMMdd-HHmmss")-$PID.log" 39 | $global:qwtLogPath = "$logDir\$logName" 40 | $global:qwtLogLevel = 4 41 | } 42 | 43 | function Log { 44 | param ( 45 | [ValidateRange(1,5)][int]$level, 46 | [string]$msg 47 | ) 48 | 49 | if ($level -le $qwtLogLevel) { 50 | $ts = Get-Date -Format "yyyyMMdd.HHmmss.fff" 51 | Add-Content $qwtLogPath -value "[$ts-$("EWIDV"[$level-1])] $msg" 52 | } 53 | } 54 | 55 | function LogError { 56 | param([string]$msg) 57 | Log 1 $msg 58 | Write-Error $msg 59 | } 60 | 61 | function LogWarning { 62 | param([string]$msg) 63 | Log 2 $msg 64 | Write-Warning $msg 65 | } 66 | 67 | function LogInfo { 68 | param([string]$msg) 69 | Log 3 $msg 70 | Write-Host $msg 71 | } 72 | 73 | function LogDebug { 74 | param([string]$msg) 75 | Log 4 $msg 76 | Write-Host $msg 77 | } 78 | 79 | function LogVerbose { 80 | param([string]$msg) 81 | Log 5 $msg 82 | } 83 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/build_windows/scripts/local/build-qwt.ps1: -------------------------------------------------------------------------------- 1 | # Build Qubes Windows Tools locally, with test signing. 2 | # All build artifacts are copied to "repository" dir in current directory. 3 | # The final installer is in repository/installer-windows-tools/bin. 4 | 5 | param( 6 | [Parameter(Mandatory, HelpMessage="Directory containing all components' sources")] [string]$src, 7 | [Parameter(HelpMessage="Build configuration (Release/Debug)")] [string]$cfg = "Release" 8 | ) 9 | 10 | $ErrorActionPreference = "Stop" 11 | 12 | # list of required components, in order of dependencies 13 | # source directories can also have "qubes-" prepended to the name 14 | $components = @( 15 | "vmm-xen-windows-pvdrivers", 16 | "core-vchan-xen", 17 | "windows-utils", 18 | "core-qubesdb", 19 | "core-agent-windows", 20 | "gui-common", 21 | "gui-agent-windows", 22 | "installer-windows-tools" 23 | ) 24 | 25 | if (! (Test-Path $src -PathType Container)) { 26 | Write-Error "Invalid source directory: $src" 27 | } 28 | 29 | $repo = ".\repository" 30 | 31 | if (Test-Path $repo) { 32 | Remove-Item -Path $repo -Recurse -Force 33 | } 34 | New-Item -Path "$repo" -ItemType Directory -Force 35 | $repo = Resolve-Path $repo 36 | 37 | foreach ($component in $components) { 38 | if (! (Test-Path "$src\$component" -PathType Container)) { 39 | $component = "qubes-" + $component 40 | if (! (Test-Path "$src\$component" -PathType Container)) { 41 | Write-Error "Component '$component' not found in directory '$src'" 42 | } 43 | } 44 | & "$PSScriptRoot\build.ps1" "$src\$component" "$repo" $cfg 45 | } 46 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/build_windows/scripts/local/create-cert.ps1: -------------------------------------------------------------------------------- 1 | # create test-sign certificate 2 | # the private part is saved in the certificate store 3 | # usage: $0 4 | 5 | $cert_path = $args[0] 6 | 7 | $cn = "Qubes Tools" 8 | $end_date = (Get-Date).AddYears(5) 9 | 10 | $cert = New-SelfSignedCertificate -KeyUsage DigitalSignature -KeySpec Signature -Type CodeSigningCert -HashAlgorithm sha256 -CertStoreLocation "Cert:\CurrentUser\My" -Subject $cn -NotAfter $end_date 11 | 12 | Export-Certificate -Cert $cert -FilePath $cert_path 13 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/build_windows/scripts/local/delete-cert.ps1: -------------------------------------------------------------------------------- 1 | # Deletes a public certificate file and its private key from the certificate store. 2 | # Usage: $0 [public cert] 3 | 4 | $ErrorActionPreference = 'Stop' 5 | 6 | $cert_path = "qwt.cer" 7 | if ($args[0] -ne $null) { 8 | $cert_path = $args[0] 9 | } 10 | 11 | if (! (Test-Path $cert_path)) { 12 | Write-Host "$cert_path not found, doing nothing" 13 | exit 0 14 | } 15 | 16 | $tp = (Get-PfxCertificate -FilePath $cert_path).Thumbprint 17 | 18 | Remove-Item $cert_path 19 | 20 | # remove from personal cert store 21 | Remove-Item "cert:\CurrentUser\My\$tp" 22 | 23 | # signtool adds it to the user's CA store so remove from there as well 24 | Remove-Item "cert:\CurrentUser\CA\$tp" 25 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/build_windows/scripts/local/sign.ps1: -------------------------------------------------------------------------------- 1 | # Sign the target. 2 | # Usage: $0 3 | # The corresponding private key must reside in the OS certificate store. 4 | # THIS SCRIPT IS MEANT TO BE USED ONLY FOR LOCAL TEST BUILDS. 5 | 6 | $ErrorActionPreference = 'Stop' 7 | 8 | $ts_url = "http://timestamp.digicert.com" 9 | 10 | if ($env:EWDK_PATH -eq $null) { 11 | Write-Error "EWDK_PATH variable not set" 12 | } 13 | 14 | if ($env:Version_Number -eq $null) { 15 | Write-Error "EWDK environment not initialized" 16 | } 17 | 18 | $signtool = "$env:EWDK_PATH\Program Files\Windows Kits\10\bin\$env:Version_Number\x64\signtool.exe" 19 | if (! (Test-Path $signtool)) { 20 | Write-Error "$signtool not found" 21 | break 22 | } 23 | 24 | $cert_path = $args[0] 25 | if (! (Test-Path $cert_path)) { 26 | Write-Error "$cert_path not found" 27 | exit 1 28 | } 29 | $sha1 = (Get-FileHash $cert_path -Algorithm SHA1).Hash 30 | 31 | $target = $args[1] 32 | 33 | Start-Process -FilePath $signtool -Wait -NoNewWindow -ArgumentList "sign /sha1 $sha1 /fd sha256 /td sha256 /tr $ts_url $target" 34 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot/__init__.py: -------------------------------------------------------------------------------- 1 | # The Qubes OS Project, http://www.qubes-os.org 2 | # 3 | # Copyright (C) 2022 Frédéric Pierret (fepitre) 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License along 16 | # with this program. If not, see . 17 | # 18 | # SPDX-License-Identifier: GPL-3.0-or-later 19 | 20 | from qubesbuilder.config import Config 21 | from qubesbuilder.distribution import QubesDistribution 22 | from qubesbuilder.plugins import ( 23 | DistributionPlugin, 24 | PluginError, 25 | ) 26 | 27 | 28 | class ChrootError(PluginError): 29 | pass 30 | 31 | 32 | class ChrootPlugin(DistributionPlugin): 33 | """ 34 | ChrootPlugin manages generic chroot creation 35 | """ 36 | 37 | name = "chroot" 38 | 39 | def __init__( 40 | self, dist: QubesDistribution, config: Config, stage: str, **kwargs 41 | ): 42 | super().__init__(dist=dist, config=config, stage=stage, **kwargs) 43 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_archlinux/conf/pacman.conf.j2: -------------------------------------------------------------------------------- 1 | # 2 | # /etc/pacman.conf 3 | # 4 | # See the pacman.conf(5) manpage for option and repository directives 5 | 6 | # 7 | # GENERAL OPTIONS 8 | # 9 | [options] 10 | # The following paths are commented out with their default values listed. 11 | # If you wish to use different paths, uncomment and update the paths. 12 | #RootDir = / 13 | #DBPath = /var/lib/pacman/ 14 | #CacheDir = /var/cache/pacman/pkg/ 15 | #LogFile = /var/log/pacman.log 16 | #GPGDir = /etc/pacman.d/gnupg/ 17 | #HookDir = /etc/pacman.d/hooks/ 18 | HoldPkg = pacman glibc 19 | #XferCommand = /usr/bin/curl -L -C - -f -o %o %u 20 | #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u 21 | #CleanMethod = KeepInstalled 22 | Architecture = auto 23 | 24 | # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup 25 | #IgnorePkg = 26 | #IgnoreGroup = 27 | 28 | #NoUpgrade = 29 | #NoExtract = 30 | 31 | # Misc options 32 | #UseSyslog 33 | #Color 34 | #NoProgressBar 35 | #CheckSpace 36 | #VerbosePkgLists 37 | ParallelDownloads = 1 38 | 39 | [core] 40 | SigLevel = Required DatabaseOptional 41 | {%- for server in servers %} 42 | Server = {{ server }}/$repo/os/$arch 43 | {%- endfor %} 44 | 45 | [extra] 46 | SigLevel = Required DatabaseOptional 47 | {%- for server in servers %} 48 | Server = {{ server }}/$repo/os/$arch 49 | {%- endfor %} 50 | 51 | [multilib] 52 | SigLevel = PackageRequired 53 | {%- for server in servers %} 54 | Server = {{ server }}/$repo/os/$arch 55 | {%- endfor %} 56 | {% if enable_builder_local %} 57 | [qubes] 58 | SigLevel = Optional TrustAll 59 | Server = file:///builder/repository/pkgs 60 | {%- endif %} 61 | {% if use_qubes_repo_testing %} 62 | [qubes-r{{use_qubes_repo_version}}-current-testing] 63 | Server = https://archlinux.qubes-os.org/r{{use_qubes_repo_version}}/current-testing/vm/archlinux/pkgs 64 | {%- endif %} 65 | {% if use_qubes_repo_version %} 66 | [qubes-r{{use_qubes_repo_version}}-current] 67 | Server = https://archlinux.qubes-os.org/r{{use_qubes_repo_version}}/current/vm/archlinux/pkgs 68 | {%- endif %} 69 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_archlinux/keys/qubes-repo-archlinux-key-r4.2.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mDMEZEfYRxYJKwYBBAHaRw8BAQdAFntzAP5EuGLtPQd9xc7CrEijCbCc+EBSXKy/ 4 | Mg9tnpe0K1F1YmVzIE9TIDQuMiBBcmNobGludXggUGFja2FnZXMgU2lnbmluZyBL 5 | ZXmIkwQTFgoAOxYhBOUAHB1JvpEp3uwGKExicBRsRj2QBQJkR9hHAhsDBQsJCAcC 6 | AiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEExicBRsRj2QGWYBAL8w9P1l2KJ2Ez4h 7 | KKXOEtXREVzcTZrFjJLLTt8fmt8jAQC6OP5BXJmFSHsURZdlH1URyoEPHOs0hRgm 8 | FDxJL2CVDQ== 9 | =O71O 10 | -----END PGP PUBLIC KEY BLOCK----- 11 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_archlinux/keys/qubes-repo-archlinux-key-r4.3.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mDMEZh8haxYJKwYBBAHaRw8BAQdAzDlTNsneY90VJcYqvYykwsfB48JJZ3PmnX1H 4 | 68Wy0YW0K1F1YmVzIE9TIDQuMyBBcmNobGludXggUGFja2FnZXMgU2lnbmluZyBL 5 | ZXmIkwQTFgoAOxYhBPPfvXBVij9F8Bp7o6sYfJ+FvfzABQJmHyFrAhsDBQsJCAcC 6 | AiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEKsYfJ+FvfzAChUA/05VXoSsF8IQRQ8l 7 | 1ADHykR38V5/FhGOxunzkYEscAeeAP9+Gw45/epHfg4+chVv1byfFsqqxUGuakZP 8 | JuS0tIKmDg== 9 | =MQM8 10 | -----END PGP PUBLIC KEY BLOCK----- 11 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_archlinux/scripts/add-qubes-repository-key: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | qubes_release="$1" 4 | key_fpr=$(gpg --with-colons --show-key "@BUILDER_DIR@/qubes-repo-archlinux-key-r${qubes_release}.asc"| grep ^fpr: | cut -d : -f 10) 5 | pacman-key --add - < "@BUILDER_DIR@/qubes-repo-archlinux-key-r${qubes_release}.asc" 6 | pacman-key --lsign "$key_fpr" 7 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_archlinux/scripts/generate-mirrorlist: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DESTDIR="$1" 4 | 5 | DEFAULT_ARCHLINUX_MIRRORS="https://mirror.rackspace.com/archlinux https://arch.mirror.constant.com https://mirror.f4st.host/archlinux https://mirrors.edge.kernel.org/archlinux" 6 | ARCHLINUX_MIRRORS="${ARCHLINUX_MIRRORS:-$DEFAULT_ARCHLINUX_MIRRORS}" 7 | 8 | read -r -a ARCHLINUX_MIRRORS <<< "$ARCHLINUX_MIRRORS" 9 | 10 | for MIRROR_ENTRY in "${ARCHLINUX_MIRRORS[@]}"; do 11 | echo "Server = ${MIRROR_ENTRY%/}/\$repo/os/\$arch" 12 | done > "$DESTDIR/mirrorlist" 13 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_archlinux/scripts/generate-pacman: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | import argparse 4 | import pathlib 5 | 6 | from jinja2 import Environment, BaseLoader 7 | 8 | DEFAULT_SERVERS = [ 9 | "https://mirror.rackspace.com/archlinux", 10 | "https://arch.mirror.constant.com", 11 | "https://mirror.f4st.host/archlinux", 12 | "https://mirrors.edge.kernel.org/archlinux", 13 | ] 14 | 15 | 16 | def main(): 17 | parser = argparse.ArgumentParser() 18 | parser.add_argument("input_file") 19 | parser.add_argument("output_file") 20 | parser.add_argument("--enable-builder-local", action="store_true", default=False) 21 | parser.add_argument("--use-qubes-repo-testing", action="store_true", default=False) 22 | parser.add_argument("--use-qubes-repo-version", default=None) 23 | parser.add_argument("--server", action="append") 24 | 25 | args = parser.parse_args() 26 | 27 | servers = args.server or DEFAULT_SERVERS 28 | 29 | template = pathlib.Path(args.input_file).read_text() 30 | env = Environment(loader=BaseLoader).from_string(template) 31 | 32 | data = { 33 | "enable_builder_local": args.enable_builder_local, 34 | "use_qubes_repo_version": args.use_qubes_repo_version, 35 | "use_qubes_repo_testing": args.use_qubes_repo_testing, 36 | "servers": servers, 37 | } 38 | 39 | rendered_content = env.render(**data) 40 | with open(args.output_file, "w") as f: 41 | f.write(rendered_content) 42 | 43 | 44 | if __name__ == "__main__": 45 | main() 46 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/bionic-ubuntu-archive-keyring.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/qubesbuilder/plugins/chroot_deb/keys/bionic-ubuntu-archive-keyring.gpg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/bookworm-debian-archive-keyring.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/qubesbuilder/plugins/chroot_deb/keys/bookworm-debian-archive-keyring.gpg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/bullseye-debian-archive-keyring.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/qubesbuilder/plugins/chroot_deb/keys/bullseye-debian-archive-keyring.gpg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/buster-debian-archive-keyring.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/qubesbuilder/plugins/chroot_deb/keys/buster-debian-archive-keyring.gpg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/focal-ubuntu-archive-keyring.gpg: -------------------------------------------------------------------------------- 1 | bionic-ubuntu-archive-keyring.gpg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/jammy-ubuntu-archive-keyring.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/qubesbuilder/plugins/chroot_deb/keys/jammy-ubuntu-archive-keyring.gpg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/noble-ubuntu-archive-keyring.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/qubesbuilder/plugins/chroot_deb/keys/noble-ubuntu-archive-keyring.gpg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/qubes-debian-r4.0.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2 3 | 4 | mQINBFi+GacBEACVlrl2Y2pUY8sZsn6beK4FROsxT5Q4Q0WLqa1LXr4WbVCFYM4j 5 | RiYk+AMnDoDWRK0SAOTVW7N7G8UcSk86Xee2Jrm8okuKNZ9VO48UEevi65zmF+vo 6 | uaUKmzSLYpFrvsuMTt8lLdhsLhLaZuXsO42m2WbZ4xzIIovSEpbaEEcqLF8PFOmp 7 | o850pPpUrRBGEWGprc9jfr/lmWRlc7as9Q8Qba9sSlW9AJNBdhrSM8iyV6IgO0zy 8 | JwqzvQYWtBZiOFWHaiIS9PvHaAcMkLYG9OY+puH9c3E/szgHV8zuESBO5Azd4Xog 9 | eN5EDLXsaOdIJl/UZq6rbJx8guMFsJz60HOpGF91Iut+i5Ig1Hk+7psfElQxYaX0 10 | SnaBtPqsT/agtyYubCFMTDLmoxEjEQiB1sXE1dYVGTLMPB7usfl1CnLMI/fDiwGt 11 | 51wd8UPOGrq04Uq/xZZ7ypO5xXx/DDO4rtspaWwAl45+/LyH5i6aqFCjWEfXk0/I 12 | WmGcm1Xdxo2B2gNHRe474bzdnyhjOBeiv/kW/xl7UizqOUV2znE2H0TgRZ3/JVed 13 | wStuyirc7sGl9Myp1EBvL4PlIDnThhEbImFiNavwsMrOGVyaZyHmid2NPC5bWwVG 14 | xBYEhHGrUgHMW3RMZogWC3lhZBN8N9tzkzdE6HCArKQD5BcmWHmqCVcdoQARAQAB 15 | tCZRdWJlcyBPUyA0IERlYmlhbiBQYWNrYWdlcyBTaWduaW5nIEtleYkCNwQTAQgA 16 | IQUCWL4ZpwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBDt2Dxl8ob9cp4 17 | D/wIQA2bMNjr/WeBcOWotrnAgT7VyL2XoGFj0IeazA3RBeS2jYgYHIdw6dM4yW2f 18 | g6j2LG6kc+whCFT1kOEgsyAWX9xlNyotjsO/eLCkUZbVeO2lvuHDgjEcVfvUQUax 19 | ZMDqqD3YVPbW9Dm8QAdTo/FApHjwcMjSrYSS7JgXwG7oLEcsZg2TiAACIe8sWLUQ 20 | Mutm1LOq51roN33JLN6hJyUNsM2nP2tEn6PM/ulsiZSh2PHH+ofSF1hr+Gajq7ew 21 | UM4RolMCcBrOKgPZvLA8MDEuPggHRDKHE0zT+s8jA5XmgRdeI1KzHjkxsFMZVfHe 22 | f164akeGfKeQjudIC1FuS2J8Ld7IYLICSxttJYsZ+ASXUgdfrc5fJr84JnW8wPgV 23 | 4dkUzXuiejjNCFJ5js6zIuCn4jPzgqSyv4s2s2cJxezc623R5PRxNStNnKbFk0wG 24 | AGFiyNVOiLqtzCON2nhMKQKlnSF7fWDUzXY3zAa/B1gFv11wf10pC8mTC/+M6xv7 25 | obJju4X3CCOiQe6y1UszJhUFF4KYjyrsoIdfOkqA37LIFO5A6dKEmBHHNpqYKzKO 26 | 6yOVWeH9OqRTrt26VQGVYg5/dXGteugvZJQh6niRXu91iaa6oxZNmeTzygtgDzwP 27 | Qu0PdNJscRF/FPFkmL+qNI6mbf9d8+n+NhDr748BSH+9vA== 28 | =OEs9 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/qubes-debian-r4.1.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2 3 | 4 | mQINBFi+GacBEACVlrl2Y2pUY8sZsn6beK4FROsxT5Q4Q0WLqa1LXr4WbVCFYM4j 5 | RiYk+AMnDoDWRK0SAOTVW7N7G8UcSk86Xee2Jrm8okuKNZ9VO48UEevi65zmF+vo 6 | uaUKmzSLYpFrvsuMTt8lLdhsLhLaZuXsO42m2WbZ4xzIIovSEpbaEEcqLF8PFOmp 7 | o850pPpUrRBGEWGprc9jfr/lmWRlc7as9Q8Qba9sSlW9AJNBdhrSM8iyV6IgO0zy 8 | JwqzvQYWtBZiOFWHaiIS9PvHaAcMkLYG9OY+puH9c3E/szgHV8zuESBO5Azd4Xog 9 | eN5EDLXsaOdIJl/UZq6rbJx8guMFsJz60HOpGF91Iut+i5Ig1Hk+7psfElQxYaX0 10 | SnaBtPqsT/agtyYubCFMTDLmoxEjEQiB1sXE1dYVGTLMPB7usfl1CnLMI/fDiwGt 11 | 51wd8UPOGrq04Uq/xZZ7ypO5xXx/DDO4rtspaWwAl45+/LyH5i6aqFCjWEfXk0/I 12 | WmGcm1Xdxo2B2gNHRe474bzdnyhjOBeiv/kW/xl7UizqOUV2znE2H0TgRZ3/JVed 13 | wStuyirc7sGl9Myp1EBvL4PlIDnThhEbImFiNavwsMrOGVyaZyHmid2NPC5bWwVG 14 | xBYEhHGrUgHMW3RMZogWC3lhZBN8N9tzkzdE6HCArKQD5BcmWHmqCVcdoQARAQAB 15 | tCZRdWJlcyBPUyA0IERlYmlhbiBQYWNrYWdlcyBTaWduaW5nIEtleYkCNwQTAQgA 16 | IQUCWL4ZpwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBDt2Dxl8ob9cp4 17 | D/wIQA2bMNjr/WeBcOWotrnAgT7VyL2XoGFj0IeazA3RBeS2jYgYHIdw6dM4yW2f 18 | g6j2LG6kc+whCFT1kOEgsyAWX9xlNyotjsO/eLCkUZbVeO2lvuHDgjEcVfvUQUax 19 | ZMDqqD3YVPbW9Dm8QAdTo/FApHjwcMjSrYSS7JgXwG7oLEcsZg2TiAACIe8sWLUQ 20 | Mutm1LOq51roN33JLN6hJyUNsM2nP2tEn6PM/ulsiZSh2PHH+ofSF1hr+Gajq7ew 21 | UM4RolMCcBrOKgPZvLA8MDEuPggHRDKHE0zT+s8jA5XmgRdeI1KzHjkxsFMZVfHe 22 | f164akeGfKeQjudIC1FuS2J8Ld7IYLICSxttJYsZ+ASXUgdfrc5fJr84JnW8wPgV 23 | 4dkUzXuiejjNCFJ5js6zIuCn4jPzgqSyv4s2s2cJxezc623R5PRxNStNnKbFk0wG 24 | AGFiyNVOiLqtzCON2nhMKQKlnSF7fWDUzXY3zAa/B1gFv11wf10pC8mTC/+M6xv7 25 | obJju4X3CCOiQe6y1UszJhUFF4KYjyrsoIdfOkqA37LIFO5A6dKEmBHHNpqYKzKO 26 | 6yOVWeH9OqRTrt26VQGVYg5/dXGteugvZJQh6niRXu91iaa6oxZNmeTzygtgDzwP 27 | Qu0PdNJscRF/FPFkmL+qNI6mbf9d8+n+NhDr748BSH+9vA== 28 | =OEs9 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/qubes-debian-r4.2.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGM8SV0BEADHFSAx/PjO3c2yOuzphGvgifv/+5i+dOSgLo2dj/HVrOfunCSf 4 | S0Gc/t6IMi0G6Qsbsvl52wRzSy/sEwVd0Rt3vuo7ZFJZEtXV9skT+79JIYND4xMO 5 | 20JS6gRRgO9QGnnqp6E5gL4nXKj+J9mXw6utte5Kg3kcGK7rLe/pj/Rh1eimDqlT 6 | PiwaKUmMofYYFZRejaPEkn5i7zQeJqRnq/R+pfBSXhQ3koGOkcd5+lvCQMuZGCzO 7 | dfVyowP/c0SwfUgMGRmoUh3yzHxu5BWoyKDamL5wLkAz3ZJ7p6d+WNKxKcaSKe6e 8 | E64LA7zGtlCyEVVKvJv5boQTYEGPyC2ZUgDaEmDfTsB9TtsdyfXTv8efJb6ER+xh 9 | H+qr0k7R9IAI1hQGNvOB7EL2PMTv4Z5eqnGF/6GbS8QGLxIWAbEtPvdTuh+7O7z8 10 | ASvLiq76YjNX7IWJ4kdxy6TZ9dzU2Yqsw3mwPpcMoFZp2x3Z79MGxWEQRapBF0n7 11 | w1SFLoH4cNWzCs7lOnYyBTKK7PeNvEUPrUXQos/1AgJO2eLAMPC8fKOtbmUM/rS4 12 | 4df+aYkArYCQlpGVnAJKpw93K6wFoZFjFqhQIvmYMjshLK/MqVLvyfxjtKlxD7p2 13 | iQyudOl7H3yWSBQOms8pQ9KG0SkY+kv+3H8qmF3bHRppWZirjm3ayjqwCQARAQAB 14 | tChRdWJlcyBPUyA0LjIgRGViaWFuIFBhY2thZ2VzIFNpZ25pbmcgS2V5iQJRBBMB 15 | CAA7FiEEDr5UY0k8wwQh2orEW7ccRBvLEP4FAmM8SV0CGwMFCwkIBwICIgIGFQoJ 16 | CAsCBBYCAwECHgcCF4AACgkQW7ccRBvLEP6Rsw/+IhtMBVXgA+tLuYObHjXByeFZ 17 | iMZSo167nCRZnK3mo/t0vqGAF2tYhZD+i0lLENok8qgXXJ/+zu4RDCptCZyPdd9Y 18 | WL/tAqhzF7MOx7VvMuVMKg98wSxQVuen850unVcEbJ1Tx5rIG028aczd8fTRwA5H 19 | Jw979hyi2PzN58QEb0acMx/zrzrzW38q4ELrgvKPVLHMUglsTFuVJAJf9kqILGmk 20 | Bhxc14V/jV9Ka4siRD1MsfqVtAiZubvzMxXQ08dJzN5K4dzZ+lVMKgKCt9f+FSqs 21 | 6ngnq0aJxjcOYwO1jEowszV3ADQjiSGotzbk/AQsu81UNA4tt4B2PLnuyzq8W7MM 22 | ulrD+Z1WuuWTPvlT+DklJjobW03URixiixYa5wHqPGJayVr97cr/V0hprlxBLvc8 23 | Roh1Ae2Lzn3VZNKJl5XyF0K4x9C6oHp3psneEJgy2XrJq53BzA++IUjOV2m+6KTa 24 | j7hfHYDm/FTTmQX7LE2hi6FHChM4jzu7csKZ0fpjqYvt8SD7hk4xshl46AYuwqmT 25 | 07n0zAiuwjY48e5yEzENb6ha52zlpPL0jL200b4KzCekqxsAOPtKHP4x5fc51iXj 26 | rZB7EnT8FDUVfKpMD1VjSVMcBOAkWFjA4pKWTtkrjaQq0FgT4ikpeF6IzZva0ZwA 27 | SLOLRKqWZlEbJSeYPJA= 28 | =nHDL 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/qubes-debian-r4.3.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGYW+FYBEACkYR1KVTA58iLspN2E6HI60vztbCNb/LAiQRsYSjChRGaGiag7 4 | t0oELtK4uANWMMgw2yOwmAHvmHi4hlm3vRJIs7bg4tt9sP5cEU8DxBpW7gs0BF9t 5 | s918N3magfyr0wN8kSL78rgN0ZH5iB4JzMP5nvfwMzwL8nabFzxXf2D4At0lOqe4 6 | CuKZg7mF0DFeiFmSAjqJnPHdRexLpzUAHm65+7amOt7xw1fB4VKaQXd8QZV1eqFG 7 | rfjogfaH+bN6L1FuaH43jnGLhF2TCnOIuHHnKa7VKpdy86CUR8lOEUXULVlqm/rE 8 | 5wHG3z28OZc9Rpa7kgpLOECLtatAtjEL5mHY2jfQXFYYJTE8sM5ay+vru2hPuAba 9 | S2iSSOwpDshbvg2suJUnjMuyK1ekiy1N/QHP/HSKci3VG2uDjd/XI3NRE+1o6SO5 10 | syiWvN7DIKCVVt4QSZWjE1eE/OTJaf5qyrFD1jKfbnveVj6aIj0MyojDSuTxQ9OQ 11 | cInSZPyQAOatxxF1LPf7p93xeQUy2O2ga/drLrQBdWJW8I8gKvx3poqs845MyZ9G 12 | mGrb0g/3JKfvxmgF8MY/KSTiVxyL9nocKwrxTSScuiDLiaWk0lNbzeqUN+KI0N3D 13 | whxAkQvjbfSyx9LW4102EyCWhT44uzdgzV2qFa3eQz72iKMCJ1SB8lft9QARAQAB 14 | tChRdWJlcyBPUyA0LjMgRGViaWFuIFBhY2thZ2VzIFNpZ25pbmcgS2V5iQJRBBMB 15 | CAA7FiEEG0lgZsCW/pPUzwpucgQVkAq4yAQFAmYW+FYCGwMFCwkIBwICIgIGFQoJ 16 | CAsCBBYCAwECHgcCF4AACgkQcgQVkAq4yAScYRAAkx/fufCssADytdzW420cELLV 17 | KyhU6eO/d1yJoefo/CLfO6yVCK58tB5Ln8v85ZG+bAVkqA7RqKSf8hoiqxhnTPy/ 18 | T69k4c7nOdpIXa5NA6CQg5zvjlRrN3/8mh2evf10muGO0rhYolHrPM0kGxD3okR9 19 | sgr4mzgtpWLAtbGyPzsHUamxBUQwANGqNWlrZ20XR5Ch/6jaCznYAk/eR/vgsCoF 20 | N6bVI5yNFb9Whw3nRyeQ7RFfVp6Cn935y7JfEIh945xFi8sT9adBGyIBEA521kuR 21 | eYgBCiizlsn2ethsB3OeD6t2k/SqtVInHOazjAt9eQfxxc1/MtPCyZvwVA+2MMLw 22 | p/7zcaVJ3pMqAVSe4ARAIptdNNAtN7RDs7swxQywx3/EmeGcIQtMymuT0w6eCcSY 23 | ztBFGVuNUOSDhxeJy3gEuBOydFHLfH4jn5lg9uXD6EHxop6KS6/QOBXS0Gs0WFHC 24 | xE1z5ZD9O3NtD82R+ySPI7pwAXs5ll67OK1DYPcRXlbH7yvlUNRt7Lx9HO/VdcuE 25 | IrksCzE5iOly6ZUbpxbutcFhgY7vd2xUueXDt4IYHMGPIeEBwdl0i5wqx3HXmbal 26 | dcSQNLA2FY0n2c5Azn3nZBrAjQl6vfqa24FAWrFOr7WbsVikN3pZE+/B/aLuW8h5 27 | RjiCuAP6369iPai0uI4= 28 | =nH1O 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/qubes-debian-r4.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2 3 | 4 | mQINBFi+GacBEACVlrl2Y2pUY8sZsn6beK4FROsxT5Q4Q0WLqa1LXr4WbVCFYM4j 5 | RiYk+AMnDoDWRK0SAOTVW7N7G8UcSk86Xee2Jrm8okuKNZ9VO48UEevi65zmF+vo 6 | uaUKmzSLYpFrvsuMTt8lLdhsLhLaZuXsO42m2WbZ4xzIIovSEpbaEEcqLF8PFOmp 7 | o850pPpUrRBGEWGprc9jfr/lmWRlc7as9Q8Qba9sSlW9AJNBdhrSM8iyV6IgO0zy 8 | JwqzvQYWtBZiOFWHaiIS9PvHaAcMkLYG9OY+puH9c3E/szgHV8zuESBO5Azd4Xog 9 | eN5EDLXsaOdIJl/UZq6rbJx8guMFsJz60HOpGF91Iut+i5Ig1Hk+7psfElQxYaX0 10 | SnaBtPqsT/agtyYubCFMTDLmoxEjEQiB1sXE1dYVGTLMPB7usfl1CnLMI/fDiwGt 11 | 51wd8UPOGrq04Uq/xZZ7ypO5xXx/DDO4rtspaWwAl45+/LyH5i6aqFCjWEfXk0/I 12 | WmGcm1Xdxo2B2gNHRe474bzdnyhjOBeiv/kW/xl7UizqOUV2znE2H0TgRZ3/JVed 13 | wStuyirc7sGl9Myp1EBvL4PlIDnThhEbImFiNavwsMrOGVyaZyHmid2NPC5bWwVG 14 | xBYEhHGrUgHMW3RMZogWC3lhZBN8N9tzkzdE6HCArKQD5BcmWHmqCVcdoQARAQAB 15 | tCZRdWJlcyBPUyA0IERlYmlhbiBQYWNrYWdlcyBTaWduaW5nIEtleYkCNwQTAQgA 16 | IQUCWL4ZpwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBDt2Dxl8ob9cp4 17 | D/wIQA2bMNjr/WeBcOWotrnAgT7VyL2XoGFj0IeazA3RBeS2jYgYHIdw6dM4yW2f 18 | g6j2LG6kc+whCFT1kOEgsyAWX9xlNyotjsO/eLCkUZbVeO2lvuHDgjEcVfvUQUax 19 | ZMDqqD3YVPbW9Dm8QAdTo/FApHjwcMjSrYSS7JgXwG7oLEcsZg2TiAACIe8sWLUQ 20 | Mutm1LOq51roN33JLN6hJyUNsM2nP2tEn6PM/ulsiZSh2PHH+ofSF1hr+Gajq7ew 21 | UM4RolMCcBrOKgPZvLA8MDEuPggHRDKHE0zT+s8jA5XmgRdeI1KzHjkxsFMZVfHe 22 | f164akeGfKeQjudIC1FuS2J8Ld7IYLICSxttJYsZ+ASXUgdfrc5fJr84JnW8wPgV 23 | 4dkUzXuiejjNCFJ5js6zIuCn4jPzgqSyv4s2s2cJxezc623R5PRxNStNnKbFk0wG 24 | AGFiyNVOiLqtzCON2nhMKQKlnSF7fWDUzXY3zAa/B1gFv11wf10pC8mTC/+M6xv7 25 | obJju4X3CCOiQe6y1UszJhUFF4KYjyrsoIdfOkqA37LIFO5A6dKEmBHHNpqYKzKO 26 | 6yOVWeH9OqRTrt26VQGVYg5/dXGteugvZJQh6niRXu91iaa6oxZNmeTzygtgDzwP 27 | Qu0PdNJscRF/FPFkmL+qNI6mbf9d8+n+NhDr748BSH+9vA== 28 | =OEs9 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/qubes-ubuntu-r4.2.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mDMEZFgMvxYJKwYBBAHaRw8BAQdAbzS+ebyYeg+HomR6+h8ogrfMek6HSrHiPPE+ 4 | 2oRfyqu0KFF1YmVzIE9TIDQuMiBVYnVudHUgUGFja2FnZXMgU2lnbmluZyBLZXmI 5 | kwQTFgoAOxYhBGScyBKqgdJ5GnyL1RFYv3T9HRPiBQJkWAy/AhsDBQsJCAcCAiIC 6 | BhUKCQgLAgQWAgMBAh4HAheAAAoJEBFYv3T9HRPiEMEBAIox9VU9bZfTQ9ldXx7E 7 | +DN+lVbzyAWOexE8rVXgAXjIAQDQF+7e7wGaN7WIAL8NhjqwbRLy3V07DCxJYYIt 8 | 9GroAA== 9 | =l1dF 10 | -----END PGP PUBLIC KEY BLOCK----- 11 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/qubes-ubuntu-r4.3.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mDMEZh8h6BYJKwYBBAHaRw8BAQdAlWOJf38cL5yLtn/gCtIWoZyt8+jLTgJ+RgvX 4 | d/bMfQy0KFF1YmVzIE9TIDQuMyBVYnVudHUgUGFja2FnZXMgU2lnbmluZyBLZXmI 5 | kwQTFgoAOxYhBHWei3G/IXlDFiRwyaLz3EM27GyeBQJmHyHoAhsDBQsJCAcCAiIC 6 | BhUKCQgLAgQWAgMBAh4HAheAAAoJEKLz3EM27Gye3+kA/RwqNR8BYWT4UJrKdPrb 7 | iNwYg+/rn5o3i3K79wRDwK8+AP4wMt2wBclaTc2D2y5l7Gc+Cg2tKdF8usg2jW8W 8 | 8awpCw== 9 | =DNr7 10 | -----END PGP PUBLIC KEY BLOCK----- 11 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/keys/trixie-debian-archive-keyring.gpg: -------------------------------------------------------------------------------- 1 | bookworm-debian-archive-keyring.gpg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/pbuilder/hooks/D30update: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | apt-get update 4 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/pbuilder/hooks/E30origin: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cat >/etc/dpkg/origins/qubes </etc/perl/Dpkg/Vendor/Qubes.pm <SUPER::run_hook(\$hook, @params); 20 | } 21 | 22 | 1; 23 | EOF 24 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_deb/scripts/apt-download-packages: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -ex 4 | cd /tmp/aptcache 5 | apt-get -y install --download-only "$@" 6 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-CentOS-8: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2.0.22 (GNU/Linux) 3 | 4 | mQINBFzMWxkBEADHrskpBgN9OphmhRkc7P/YrsAGSvvl7kfu+e9KAaU6f5MeAVyn 5 | rIoM43syyGkgFyWgjZM8/rur7EMPY2yt+2q/1ZfLVCRn9856JqTIq0XRpDUe4nKQ 6 | 8BlA7wDVZoSDxUZkSuTIyExbDf0cpw89Tcf62Mxmi8jh74vRlPy1PgjWL5494b3X 7 | 5fxDidH4bqPZyxTBqPrUFuo+EfUVEqiGF94Ppq6ZUvrBGOVo1V1+Ifm9CGEK597c 8 | aevcGc1RFlgxIgN84UpuDjPR9/zSndwJ7XsXYvZ6HXcKGagRKsfYDWGPkA5cOL/e 9 | f+yObOnC43yPUvpggQ4KaNJ6+SMTZOKikM8yciyBwLqwrjo8FlJgkv8Vfag/2UR7 10 | JINbyqHHoLUhQ2m6HXSwK4YjtwidF9EUkaBZWrrskYR3IRZLXlWqeOi/+ezYOW0m 11 | vufrkcvsh+TKlVVnuwmEPjJ8mwUSpsLdfPJo1DHsd8FS03SCKPaXFdD7ePfEjiYk 12 | nHpQaKE01aWVSLUiygn7F7rYemGqV9Vt7tBw5pz0vqSC72a5E3zFzIIuHx6aANry 13 | Gat3aqU3qtBXOrA/dPkX9cWE+UR5wo/A2UdKJZLlGhM2WRJ3ltmGT48V9CeS6N9Y 14 | m4CKdzvg7EWjlTlFrd/8WJ2KoqOE9leDPeXRPncubJfJ6LLIHyG09h9kKQARAQAB 15 | tDpDZW50T1MgKENlbnRPUyBPZmZpY2lhbCBTaWduaW5nIEtleSkgPHNlY3VyaXR5 16 | QGNlbnRvcy5vcmc+iQI3BBMBAgAhBQJczFsZAhsDBgsJCAcDAgYVCAIJCgsDFgIB 17 | Ah4BAheAAAoJEAW1VbOEg8ZdjOsP/2ygSxH9jqffOU9SKyJDlraL2gIutqZ3B8pl 18 | Gy/Qnb9QD1EJVb4ZxOEhcY2W9VJfIpnf3yBuAto7zvKe/G1nxH4Bt6WTJQCkUjcs 19 | N3qPWsx1VslsAEz7bXGiHym6Ay4xF28bQ9XYIokIQXd0T2rD3/lNGxNtORZ2bKjD 20 | vOzYzvh2idUIY1DgGWJ11gtHFIA9CvHcW+SMPEhkcKZJAO51ayFBqTSSpiorVwTq 21 | a0cB+cgmCQOI4/MY+kIvzoexfG7xhkUqe0wxmph9RQQxlTbNQDCdaxSgwbF2T+gw 22 | byaDvkS4xtR6Soj7BKjKAmcnf5fn4C5Or0KLUqMzBtDMbfQQihn62iZJN6ZZ/4dg 23 | q4HTqyVpyuzMXsFpJ9L/FqH2DJ4exGGpBv00ba/Zauy7GsqOc5PnNBsYaHCply0X 24 | 407DRx51t9YwYI/ttValuehq9+gRJpOTTKp6AjZn/a5Yt3h6jDgpNfM/EyLFIY9z 25 | V6CXqQQ/8JRvaik/JsGCf+eeLZOw4koIjZGEAg04iuyNTjhx0e/QHEVcYAqNLhXG 26 | rCTTbCn3NSUO9qxEXC+K/1m1kaXoCGA0UWlVGZ1JSifbbMx0yxq/brpEZPUYm+32 27 | o8XfbocBWljFUJ+6aljTvZ3LQLKTSPW7TFO+GXycAOmCGhlXh2tlc6iTc41PACqy 28 | yy+mHmSv 29 | =kkH7 30 | -----END PGP PUBLIC KEY BLOCK----- 31 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2.0.22 (GNU/Linux) 3 | 4 | mQENBFWB31YBCAC4dFmTzBDOcq4R1RbvQXLkyYfF+yXcsMA5kwZy7kjxnFqBoNPv 5 | aAjFm3e5huTw2BMZW0viLGJrHZGnsXsE5iNmzom2UgCtrvcG2f65OFGlC1HZ3ajA 6 | 8ZIfdgNQkPpor61xqBCLzIsp55A7YuPNDvatk/+MqGdNv8Ug7iVmhQvI0p1bbaZR 7 | 0GuavmC5EZ/+mDlZ2kHIQOUoInHqLJaX7iw46iLRUnvJ1vATOzTnKidoFapjhzIt 8 | i4ZSIRaalyJ4sT+oX4CoRzerNnUtIe2k9Hw6cEu4YKGCO7nnuXjMKz7Nz5GgP2Ou 9 | zIA/fcOmQkSGcn7FoXybWJ8DqBExvkJuDljPABEBAAG0bENlbnRPUyBWaXJ0dWFs 10 | aXphdGlvbiBTSUcgKGh0dHA6Ly93aWtpLmNlbnRvcy5vcmcvU3BlY2lhbEludGVy 11 | ZXN0R3JvdXAvVmlydHVhbGl6YXRpb24pIDxzZWN1cml0eUBjZW50b3Mub3JnPokB 12 | OQQTAQIAIwUCVYHfVgIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEHrr 13 | voJh6IBsRd0H/A62i5CqfftuySOCE95xMxZRw8+voWO84QS9zYvDEnzcEQpNnHyo 14 | FNZTpKOghIDtETWxzpY2ThLixcZOTubT+6hUL1n+cuLDVMu4OVXBPoUkRy56defc 15 | qkWR+UVwQitmlq1ngzwmqVZaB8Hf/mFZiB3B3Jr4dvVgWXRv58jcXFOPb8DdUoAc 16 | S3u/FLvri92lCaXu08p8YSpFOfT5T55kFICeneqETNYS2E3iKLipHFOLh7EWGM5b 17 | Wsr7o0r+KltI4Ehy/TjvNX16fa/t9p5pUs8rKyG8SZndxJCsk0MW55G9HFvQ0FmP 18 | A6vX9WQmbP+ml7jsUxtEJ6MOGJ39jmaUvPc= 19 | =ZzP+ 20 | -----END PGP PUBLIC KEY BLOCK----- 21 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-EPEL-8: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBFz3zvsBEADJOIIWllGudxnpvJnkxQz2CtoWI7godVnoclrdl83kVjqSQp+2 4 | dgxuG5mUiADUfYHaRQzxKw8efuQnwxzU9kZ70ngCxtmbQWGmUmfSThiapOz00018 5 | +eo5MFabd2vdiGo1y+51m2sRDpN8qdCaqXko65cyMuLXrojJHIuvRA/x7iqOrRfy 6 | a8x3OxC4PEgl5pgDnP8pVK0lLYncDEQCN76D9ubhZQWhISF/zJI+e806V71hzfyL 7 | /Mt3mQm/li+lRKU25Usk9dWaf4NH/wZHMIPAkVJ4uD4H/uS49wqWnyiTYGT7hUbi 8 | ecF7crhLCmlRzvJR8mkRP6/4T/F3tNDPWZeDNEDVFUkTFHNU6/h2+O398MNY/fOh 9 | yKaNK3nnE0g6QJ1dOH31lXHARlpFOtWt3VmZU0JnWLeYdvap4Eff9qTWZJhI7Cq0 10 | Wm8DgLUpXgNlkmquvE7P2W5EAr2E5AqKQoDbfw/GiWdRvHWKeNGMRLnGI3QuoX3U 11 | pAlXD7v13VdZxNydvpeypbf/AfRyrHRKhkUj3cU1pYkM3DNZE77C5JUe6/0nxbt4 12 | ETUZBTgLgYJGP8c7PbkVnO6I/KgL1jw+7MW6Az8Ox+RXZLyGMVmbW/TMc8haJfKL 13 | MoUo3TVk8nPiUhoOC0/kI7j9ilFrBxBU5dUtF4ITAWc8xnG6jJs/IsvRpQARAQAB 14 | tChGZWRvcmEgRVBFTCAoOCkgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB 15 | AgAiBQJc9877AhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAh6kWrL4bW 16 | oWagD/4xnLWws34GByVDQkjprk0fX7Iyhpm/U7BsIHKspHLL+Y46vAAGY/9vMvdE 17 | 0fcr9Ek2Zp7zE1RWmSCzzzUgTG6BFoTG1H4Fho/7Z8BXK/jybowXSZfqXnTOfhSF 18 | alwDdwlSJvfYNV9MbyvbxN8qZRU1z7PEWZrIzFDDToFRk0R71zHpnPTNIJ5/YXTw 19 | NqU9OxII8hMQj4ufF11040AJQZ7br3rzerlyBOB+Jd1zSPVrAPpeMyJppWFHSDAI 20 | WK6x+am13VIInXtqB/Cz4GBHLFK5d2/IYspVw47Solj8jiFEtnAq6+1Aq5WH3iB4 21 | bE2e6z00DSF93frwOyWN7WmPIoc2QsNRJhgfJC+isGQAwwq8xAbHEBeuyMG8GZjz 22 | xohg0H4bOSEujVLTjH1xbAG4DnhWO/1VXLX+LXELycO8ZQTcjj/4AQKuo4wvMPrv 23 | 9A169oETG+VwQlNd74VBPGCvhnzwGXNbTK/KH1+WRH0YSb+41flB3NKhMSU6dGI0 24 | SGtIxDSHhVVNmx2/6XiT9U/znrZsG5Kw8nIbbFz+9MGUUWgJMsd1Zl9R8gz7V9fp 25 | n7L7y5LhJ8HOCMsY/Z7/7HUs+t/A1MI4g7Q5g5UuSZdgi0zxukiWuCkLeAiAP4y7 26 | zKK4OjJ644NDcWCHa36znwVmkz3ixL8Q0auR15Oqq2BjR/fyog== 27 | =84m8 28 | -----END PGP PUBLIC KEY BLOCK----- 29 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-copr-epel-8: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQENBF6IVvMBCACyjkCxLmKy08WHyrcFw9uud7wtRYnRPhcnTGuSwvdZUGh5TAFu 4 | KJxWuXzIYwt7LauG8QFZc6242V42LZ/AlcOSo4UdISJqis87Cl/3NB3mHBcrz5qY 5 | Bqn+WjJf6j+bPFB9nrPvQEYNaEpn0AVHt6adTypgzU0WZikPzO/hvLs//6eIxmg4 6 | U8HuUNJSfpBhQo75nENRUhlwUVeXceNAahI+pAYRzR3nVWS5EQFs/oC/TP8CDGBs 7 | EypKV+2yHmRL6O0rHcK9OMmBrjMb23li3vcM0YPsFs85yc2bHYTmUWAr/yNM3p0r 8 | hcvFuU7VoQGZOsTjWcG5j4OYv92fkaTLv8jfABEBAAG0SGZlcGl0cmVfZXBlbC04 9 | LXF1YmVzIChOb25lKSA8ZmVwaXRyZSNlcGVsLTgtcXViZXNAY29wci5mZWRvcmFo 10 | b3N0ZWQub3JnPokBVAQTAQgAPhYhBHMNGVF1tlCuboR1Uom2SSl+AeqSBQJeiFbz 11 | AhsvBQkJZgGABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEIm2SSl+AeqSmxcH 12 | /jdB9NtMv1aUGkdqsNG4Bp9U8+g/pfGobsMHQETGXDlSHPCn+tQKfXzvQ6dI8qDD 13 | EFD+XQpib7yuX5AxNYDVZCgnyEBQjgQdUJMviIYlw2KREgVbN1yIFWrUD8xCEGxS 14 | w8xhLWJpI4oAU8J89/n80Z310hvIsbgk4GmqW/mkmLlUgQF9IwTbsDO2mUkVqbXW 15 | /47RbZxoEo2eTEfVJYAjObyNugI1Un1dVojj4NBiyT8AdfFvy3OpAFZhSzG/o7RZ 16 | oYopwIJkZp6VYovZj9ZhG2VYyONYx3JLdv2XXyM5fvejwuvXSH8GdJT7nJ380qgA 17 | mi1q+nYYcfkSv0sUv4pRHEE= 18 | =Yf5h 19 | -----END PGP PUBLIC KEY BLOCK----- 20 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-copr-epel-8-python38: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQENBF8ujOgBCADy3A7oeW0W4HCCF1J2gjUHkiImFV+IBY48+3UUJ/j8yPIPG3/r 4 | TwG5wEE0Rp0q898RPNu6ButQfyGudj2pYCw1VSVFn9Im58BSZ+j0iH3FdrhIF77s 5 | lIxxE9k/Cy79VW3wmAhWrY6xRwoY4ISk2g6x5ap3RYB62/FAqeHYflWwqe518/e3 6 | QhKy/RBUjlcJVr4G0vS2QEwrEUO79bkqj1KYF91ZY80nj/jRR8Xdhv4+LTXHbAF8 7 | FAAuH2/B3Bin+c+DkM5NptieBqCz/xb2CAjyns0JNMR/5M8wbUCbOk9ewXaZtPb8 8 | k9qgrSvK2ynSirS3NkC9ZIuU34KIhrCoyjvTABEBAAG0TmZlcGl0cmVfZXBlbC04 9 | LXB5dGhvbjM4IChOb25lKSA8ZmVwaXRyZSNlcGVsLTgtcHl0aG9uMzhAY29wci5m 10 | ZWRvcmFob3N0ZWQub3JnPokBVAQTAQgAPhYhBOZFT7TYnaSWe2DOQ5K605jaYRjH 11 | BQJfLozoAhsvBQkJZgGABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJK605ja 12 | YRjHrzMIAN8e+NxVTvWhTxk70Jtqc6Yy4bY0ISkpy9673Vs9F1mb9PP2i5TrCAcl 13 | mnsaKcMUXzpU1rInMXeNJUyyoR8IEsh6iIK/6VRy5sTJzbNuWI2lIjj3LPt6YnJw 14 | +SLir/MBKSRuwB6nu81fpfYj7NIT2x/eoi5LfE9WJPZbovZNqpZUgYCBzrsmT5Dk 15 | PINhU8gta4sgEIKLFA2lHqMxZRJXbLsd3oQdlyPMIh+DLF9t9K3AfiSoFrTvLjSv 16 | DN8LRrsJ7daph52aeaR9/A9GbbhwG1Qx137DEpNtkboQIBIiFjlm8Jmpq3tUF8Nq 17 | HqqlFFkOgaGrjWtqOw/vYk1GGK/42Ao= 18 | =J+4l 19 | -----END PGP PUBLIC KEY BLOCK----- 20 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-fedora-34-primary: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBF8sAZIBEADKYvLg/5FdLXcVryAFd7Q8qrJq23R7ebxUT1u48Dc8xrsfYJZq 4 | aMcna/xw47wZNyek4Z6YpzqfmnjR7H8yRH/1hAPi/ixYnA6DVL7O3eGE5lYGJzN3 5 | E2ILTzBOI9o/pavvtOqW9N5WIus8cqSdA921v8YPzr3/BTKgGqC9biOrMA+3sNoe 6 | U4T+dztLg20SyBTr/rBH0eui2p/ipvIRuJvHLTKTubR+yG804yupI69M6qFBDebT 7 | rm+CBmwVyj/DY/92LgvCgYqV/TL5FU4qvtyB6jd8JkEeaz/G7UmDRB5JqzKEu6TB 8 | N3SY7nwLiRpIaXet1TWVW/8UKSB2JvYt1LbZyEO82/QOIXxqvV6h3kuBI21RvURz 9 | VxEjRlvPRGHMZ80OoAQqNPkLnVTcX1eLj2ClbwoXCmXFSm72cCCt1SzcAmlaWh8E 10 | rXSUZfs7XqkBrbphXHZ1e6Vxjt/RyKC5doklfOhbuF8gJ31CPo/kuOjFrHGzOwgi 11 | Llec+GHGMfI/cUOu59qo3W85GHsntvEMk83QLkKjBInEYjZSAajp/lS4QF+SD4pl 12 | Qj6Vc1mMCmci61cXX5CcIl1YxNJZzUfZEZNbUjDajqGzkYJoG9n2yJB0w4OiqsAe 13 | ZCirmUIeDUNeI082epc4RFuV33hByGYY9kRWSyM+aCF6PYVISj4l1o9KcQARAQAB 14 | tDFGZWRvcmEgKDM0KSA8ZmVkb3JhLTM0LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 15 | cmc+iQJOBBMBCAA4FiEEjFummQvbJuGfKhqAEWGuaUVxmjkFAl8sAZICGw8FCwkI 16 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQEWGuaUVxmjlVuA//QnMA02tydqwpM7r4 17 | WZ4OvlVqFWHhn3oDaBSwBvn6R1oC0MWbr79nnFDn3tpSkZDUdb7wyArmaF8kG8tI 18 | wit5xD/JAzqRBVa9z2hY3n1SFafU/hp3DwbGIL4vLUv3fRayCgWsGhGp0tZvDC9q 19 | PSvQZ675XpRG4pt/TGJB5gGXw7Jxoae/ffaJeblLLRDlSV/bKJt9sYpdu5InDG2i 20 | yIUHfamtYQtnENKL/bN6w7tU/IEgCHqxPmPRiJ0gTUAi5Yabp1+JHqskE85Hm2QF 21 | xMonX595Ry1yZzCjPGhCPAknJ4BhisXV+E/iV3Jyh8vxbJCo1//ygd1Xz8SkCuu/ 22 | I0xPtFcVSIP2ikYpJwR2nwwQlLbQYIGCw/S1LV725oEYm/Z1xQ5zha2hBB+fxSwz 23 | 7MHsD2XIHrP8NNwt3ywG3NV/BSSkvSSStGUNcQyGRi3O/x/BEIRtWRxgoNO9o3jE 24 | xtWFq3G5+gKY+wfYz/cTGlsWPDG7Fzx4lNisIGATKtLNqdedl7LASPK93z0XDdnS 25 | kfKF0HrT9rdzIKRu4xWatUVIq/65Gv7nsavdsRAQL/Y0jl6sjjQac/Te5J0fByHY 26 | 6tGG1W0UWTd0rzFWitEZI/64/Bs83rGhjJNLqWXItZ5VqLe0TWzuxvRFLfM7oX8r 27 | n5Si4l7NpIJubWPqjPoCoP5lsS8= 28 | =V2FG 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-fedora-35-primary: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGAcScoBEADLf8YHkezJ6adlMYw7aGGIlJalt8Jj2x/B2K+hIfIuxGtpVj7e 4 | LRgDU76jaT5pVD5mFMJ3pkeneR/cTmqqQkNyQshX2oQXwEzUSb1CNMCfCGgkX8Q2 5 | zZkrIcCrF0Q2wrKblaudhU+iVanADsm18YEqsb5AU37dtUrM3QYdWg9R+XiPfV8R 6 | KBjT03vVBOdMSsY39LaCn6Ip1Ovp8IEo/IeEVY1qmCOPAaK0bJH3ufg4Cueks+TS 7 | wQWTeCLxuZL6OMXoOPKwvMQfxbg1XD8vuZ0Ktj/cNH2xau0xmsAu9HJpekvOPRxl 8 | yqtjyZfroVieFypwZgvQwtnnM8/gSEu/JVTrY052mEUT7Ccb74kcHFTFfMklnkG/ 9 | 0fU4ARa504H3xj0ktbe3vKcPXoPOuKBVsHSv00UGYAyPeuy+87cU/YEhM7k3SVKj 10 | 6eIZgyiMO0wl1YGDRKculwks9A+ulkg1oTb4s3zmZvP07GoTxW42jaK5WS+NhZee 11 | 860XoVhbc1KpS+jfZojsrEtZ8PbUZ+YvF8RprdWArjHbJk2JpRKAxThxsQAsBhG1 12 | 0Lux2WaMB0g2I5PcMdJ/cqjo08ccrjBXuixWri5iu9MXp8qT/fSzNmsdIgn8/qZK 13 | i8Qulfu77uqhW/wt2btnitgRsqjhxMujYU4Zb4hktF8hKU/XX742qhL5KwARAQAB 14 | tDFGZWRvcmEgKDM1KSA8ZmVkb3JhLTM1LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 15 | cmc+iQJOBBMBCAA4FiEEeH6mrhFH7uVsQLMM20Y5cZhnxY8FAmAcScoCGw8FCwkI 16 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQ20Y5cZhnxY+NYA/7BYpglySAZYHhjyKh 17 | /+f6zPfVvbH20Eq3kI7OFBN0nLX+BU1muvS+qTuS3WLrB3m3GultpKREJKLtm5ED 18 | 1rGzXAoT1yp9YI8LADdMCCOyjAjsoWU87YUuC+/bnjrTeR2LROCfyPC76W985iOV 19 | m5S+bsQDw7C2LrldAM4MDuoyZ1SitGaZ4KQLVt+TEa14isYSGCjzo7PY8V3JOk50 20 | gqWg82N/bm2EzS7T83WEDb1lvj4IlvxgIqKeg11zXYxmrYSZJJCfvzf+lNS6uxgH 21 | jx/J0ylZ2LibGr6GAAyO9UWrAZSwSM0EcjT8wECnxkSDuyqmWwVvNBXuEIV8Oe3Y 22 | MiU1fJN8sd7DpsFx5M+XdnMnQS+HrjTPKD3mWrlAdnEThdYV8jZkpWhDys3/99eO 23 | hk0rLny0jNwkauf/iU8Oc6XvMkjLRMJg5U9VKyJuWWtzwXnjMN5WRFBqK4sZomMM 24 | ftbTH1+5ybRW/A3vBbaxRW2t7UzNjczekSZEiaLN9L/HcJCIR1QF8682DdAlEF9d 25 | k2gQiYSQAaaJ0JJAzHvRkRJLLgK2YQYiHNVy2t3JyFfsram5wSCWOfhPeIyLBTZJ 26 | vrpNlPbefsT957Tf2BNIugzZrC5VxDSKkZgRh1VGvSIQnCyzkQy6EU2qPpiW59G/ 27 | hPIXZrKocK3KLS9/izJQTRltjMA= 28 | =PfT7 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-fedora-36-primary: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGAkKwgBEAC+IQKqp/BI1VIvRRqcnRoAxkzsY3pxIS1L+C4gaWjIMf1eBBTq 4 | v9eKd4xHsW80VL/tl81WZWO/7JXKmgHODiXrv4HmDIOo6Z1hxehjVRF3Ih4+sKHR 5 | XCJgwcdJnMfqTKnHiycQggeDuheWbfjV2Fgmvxy0jh0M5PCB5taNz41LmPOaUQmn 6 | PXcI05CjP5msKjRBObw5Cd2oad60pTNhnBWRf288S8W4wH4jNISOZLZTOf6HU5gJ 7 | w9wU9RZoaz8kZPNArlJjZsN83S0XLCxpa6UUgYdzPDHOWGtcWGs3bvNAlTYuacun 8 | oICOvTH/ZJU7mgaZbbdSPVLDJdLBKRVgHbdTAK0J913FEiU93GJR5bf/W5FMN7DV 9 | 6hsJVMiY/knJmkTFE9whDSjEc0TAYhQuC1HnzvMPGJvkeEz9nRqna5QUuo7V6LI4 10 | fZNTSlqFyIi/Oa3ZoliOyOshxJmU3y1HaNcHerO1nFbTtZ7s/TKBhY9oFq4T4gJV 11 | yFWy33p/JDxOtlVjpHEkzwXGdPe6R4xK8xHObEVraOMZMaweII+tMOGwVbxZu2kC 12 | A1aflM+oeyU1Fx9qqM0+dYyHO+kp3M5UtfM006RcNcdfoGrA4l6z9sUnHKsYzOLP 13 | RvKkzxiX3T91vHtRGCXjPOgOsJJzjkFtE1a5oFZg39fC99HZdbX0rUqAtQARAQAB 14 | tDFGZWRvcmEgKDM2KSA8ZmVkb3JhLTM2LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 15 | cmc+iQJOBBMBCAA4FiEEU97Sy5Iti42eY/0YmZ98vzircfQFAmAkKwgCGw8FCwkI 16 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQmZ98vzircfSGaxAAlDBWuY1Ch3YsssGE 17 | uaeOuaHmDj08p08WUAFUPBN0ID+0pmRQjywFzrufw8Z2g/lHwic+tpXXr/RtMmcl 18 | +WzLh1E34TRqEngjDJ27QBq1Jyid3h1manKLhZhJ8b1usKHP7Dqh7n+eMTv2Qgrt 19 | 6MrCNe4otWZ9WJ5vp/Bay5yAtU6lNoWBmJ+6BS1/2mg2jhoXrfg/Vey+/i6nYZIk 20 | M4IcYCyGCi9rjc8NMgkCyzPkPJtsy2taB+VdUcZyjFpc1acmC8sR/2/SEl4+pOtM 21 | UzW+OUOQFrerX/8MC5LqvmtsiPMyRDCOw3reJTXyoUIehoHoK9QtAdIRRP2nAkPy 22 | GKycVzsLbtheJXUZharXL1DwOkpMNlm3hp9BxX89m7dLblMSjtrQPs8CkpAExAQW 23 | FBltsD73ZhGnfE/XdWp7343m1w5W2m85/rczP+2et+c+HPmYTgaJTu8fAF0FoTDd 24 | uD1r9DxRa2oN3YBiPP/nXnhJaH//GgF/RRw7Fbc66fCh8DTrMsPgmyi/O3/pdSGe 25 | k0UqEfSdzNPbl7gVFlCbr4Ur5n1ph+sEZqOhMuyszLZZvYvUrHsDuanML5X25coP 26 | h+rqyjHJJeYlS2tMAQB1fmHB0LWhRhKYaOROAXFmUutFUxVVoigNCl8mV561DCz6 27 | 6/zy81ZGeyUGOEIZ1NFuoY0EhC8= 28 | =KaIq 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-fedora-37-primary: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGESvNwBEAC7HsCDTlugVeDSMFX6aW3zAPFMfvBssNj+89fdmbxcI9t7UY6f 4 | HvkkGziUET8e+9jB8R2/wXQCGOw1J+sfmwO4aN0LdVQjhKvVNj+F5jWt3m5FAIBa 5 | OTWS6Kvqw2ECTpH7fD86541eK3BuCni6d5U3PCd73t976FcUmpQ/1AthqMksM0Jz 6 | cJapvNmLTCR0NZ2XyyLmn/K1hgNXe8G5j0cSrJiY+Zpz5aQkT96j96Jm6W2A+tBI 7 | icU4n6V4vlj2TxmCumtXJGXGBGJnof/dCgh45aqi+sk5c429ns+5sooYcaEJojj6 8 | FYSITv10l+az6ZMJz/j61VYSkhMY8hQ4Wd+yL2JVzLE9N9V0L95sX1yEZ5ILmzwx 9 | oRKe4WHSBE6yMxNWobv7hmC+3ZC5mLPaEDS/g/0xuQj9Sy9eT2mhhFPxOv29YQ+P 10 | sC3zXHJMMT0tlGd72PVHQQ0JYONfMhcC+7AHGFGz8p4/wor2jIFG1ouqE6Lfzm8o 11 | XWZMYm3AydlrP/xkYaoWNE3jL/+dskSBr/Yz7ZzlkAqH9lb1HKnXQLTrw6gz6pmI 12 | KufSDXjEFNxnFI/9gMlshJtk5+QSDzezmxFm+NMviSvDUNAVIzrU1D84dauBYph4 13 | OrJVeECQHEotny/I53AdlVwLYB4TWkObzTs6vtV7Pz1TK2CmHpe3UW72xwARAQAB 14 | tDFGZWRvcmEgKDM3KSA8ZmVkb3JhLTM3LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 15 | cmc+iQJOBBMBCAA4FiEErLXuToMcdLt8Fo0n9VrT+1MjVSoFAmESvNwCGw8FCwkI 16 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQ9VrT+1MjVSoPMhAAist7kK/YtcyBL/dt 17 | P55hPrkJT6Ay+e2Dvt4Pixe4iT32Y3jG12aoX2LY//mxVOOpV+EhXYTTb5aLt2Jj 18 | a8/qCKJFk7zuCOxa1hgdRcjoR7ZbU0lNjD9mMCax/YT9QafcaMEib/FlknP3g1SN 19 | GRSKLObTJd6BbtZXCE80JRIX+Dy6+/Oz7LXRXeKpiimhlXT1wuTaqAJEtuHdQvg7 20 | dkL4DzAJ2FiURVd5gvgo266WaCMafJjFRrSGHJm0c+V+0Z9NsuH80JbPm+rCUh5U 21 | E9PMyztqlqtldtqc1+aZ1iUbVuXY059BUmlAhmf5sAlBktY+hEabH/4kmfGccbBL 22 | TyBIn03Y9q9173okZSUe6q16m/hbbWI8dwkSpIADZbGGJbRi8PJpCg9y6KI355qD 23 | atE2irleoy6eXqpKa+uPTRBk7i/r6jDoA+u+tZyFfcEnwvSWP8cN1j5mNklvITZl 24 | YF1n5b3fejkZVdOmRZQNkyzMxYEd4UZFQZNYrx0nltAagRS8b5ikqNk2UTl+dyBG 25 | k9gLOSZhAa2JdmAqwe9rT69jaa4kZMLlxPPC3246s83t0s7lp7vF+zLPfPSvxpsU 26 | tg+fuT+OFKWYdBFF7VkEA+wezHAznIP6TPyQXbBpkzE889/hOXy4BYs0wy8Bpda/ 27 | Ve2Ba329f99dSCZKImi5DPCxJY4= 28 | =ZmVd 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-fedora-38-primary: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGIC2cYBEADJye1aE0AR17qwj6wsHWlCQlcihmqkL8s4gbOk1IevBbH4iXJx 4 | lu6bN+NhTcCCX6eHmaL5Pwb/bpkMmLR+/r1D2cLDK24YzvN6kJnwRQUTf2dbqYmg 5 | mNBgIMm+kAabBZPwUHUzyQ9CT/WJpYr1OYu8JIkdxF35nrPewnnOUUqxqbi8fXRQ 6 | gskSLF8UveiOjFIqmWwlPwT1UtnevAaF80UGQlkwFvqjjh4b9vKY2gHMAQwt+wg5 7 | HFFCSwSrnd88ZoDb3pKvDMeurYUiPzF5f2r+ziVkMuaSNckvp58uge7HvyqQPAdJ 8 | ZRswCCxhUAo9VqkNfB4Ud25ASyalk9jOE3HB8E35gFfPXvuX1n15THXNcwMEiybk 9 | Omne2YwXL8ShGNr5otjqywThMrrqcl2g/pJVTcpDHTR5Hn9YRp+GHlYLjyEr+/x7 10 | xM19y9ca9GUiJqDbEREHcKKIhYiGmcIjjcJvei/3C/aM4pqeGFJBbVSnw3qeMxH/ 11 | 6ArAMA1sAdShCkv2YjlcF0r4uoCjXdS3xrKLz9PSCquot7RySnOE9TZ7flfJll7Z 12 | q+lNaSeJg7FK8VWSUb9Lit6VEYVbzWKzespDDbujrHbFpydyq8gXurk7bSR2w0te 13 | gsmytQqT/w1z2bydgGF6SfY9Px0wuA8GQKr48l5Bhdc6+vHHFqPKzz0PVQARAQAB 14 | tDFGZWRvcmEgKDM4KSA8ZmVkb3JhLTM4LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 15 | cmc+iQJOBBMBCAA4FiEEalG7q7o9VGe2FxIhgJqNfOsQtGQFAmIC2cYCGw8FCwkI 16 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQgJqNfOsQtGScyw/7BLmD4Fwi4QZY94zl 17 | vlJdNufZRavOemSIVVDHoCr8pQBAdrvoMypxJd5zM4ODIqFsjdYpFti+Tkeq4/4U 18 | 25UoLPEOtU8UDt2uq7LqfdCxspaj7VyXAJIkpf7wEvLS4Jzo+YaMIlsd0dCrMXTM 19 | vhu4gKpBFW6C+gGlmuDyTJbyrf7ilytgVzVtIfRrT7XffylviIlZHwKm43UDjvzX 20 | YEl3EAFR1RjATwXMy2aJh7GCNsz+fKs+7YRKQUhpMF5un/2pyNJO+LbVGGwGZvga 21 | K9Kfsg/4r1ync4nDDD1dadKIHhobDeiJ9uZLoBvvVDz7Ywu7q/vv4zIPxstYBNq4 22 | 6fLKDtYXuJCK0EV9Qy4ox67t0UGlaRGH8y5YUqOI10xH7iQej0xWlSc8w2dKhPz8 23 | z9XLv2OMK+PvqvflhFHhWkqEoQRqTu0TVD0fLLe4lqieJlqZcJqW0F9G/vNSSWmf 24 | POLa/Nim71gL2fPjCJOIRV4K/cJSyBmu5NchG7dHD5sUtJxZ4TFSuepaBZ8cPK1x 25 | e26TaCBqoUWgUXWmw+P89aOpYOJYEFfT/VAm2Ywn+c1EFUmD+30wQ7aP/RUFl94z 26 | n0BjqsWDnCKVFHydZ0TZSpeADmXMg2VYZPcp/cQR1KjoBoDxAscis7b1XPQUg7CB 27 | zquq5jBVAnsNIhs7g47GWKyDUJM= 28 | =aCLl 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-fedora-39-primary: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGLykg8BEADURjKtgQpQNoluifXia+U3FuqGCTQ1w7iTqx1UvNhLX6tb9Qjy 4 | l/vjl1iXxucrd2JBnrT/21BdtaABhu2hPy7bpcGEkG8MDinAMZBzcyzHcS/JiGHZ 5 | d/YmMWQUgbDlApbxFSGWiXMgT0Js5QdcywHI5oiCmV0lkZ+khZ4PkVWmk6uZgYWf 6 | JOG5wp5TDPnoYXlA4CLb6hu2691aDm9b99XYqEjhbeIzS9bFQrdrQzRMKyzLr8NW 7 | s8Pq2tgyzu8txlWdBXJyAMKldTPstqtygLL9UUdo7CIQQzWqeDbAnv+WdOmiI/hR 8 | etbbwNV+thkLJz0WD90C2L3JEeUJX5Qa4oPvfNLDeCKmJFEFUTCEdm0AYoQDjLJQ 9 | 3d3q9M09thXO/jYM0cSnJDclssLNsNWfjJAerLadLwNnYRuralw7f74QSLYdJAJU 10 | SFShBlctWKnlhQ7ehockqtgXtWckkqPZZjGiMXwHde9b9Yyi+VqtUQWxSWny+9g9 11 | 6tcoa3AdnmpqSTHQxYajD0EGXJ0z0NXfqxkI0lo8UxzypEBy4sARZ4XhTU73Zwk0 12 | LGhEUHlfyxXgRs6RRvM2UIoo+gou2M9rn/RWkhuHJNSfgrM0BmIBCjhjwGiS33Qh 13 | ysLDWJMdch8lsu1fTmLEFQrOB93oieOJQ0Ysi5gQY8TOT+oZvVi9pSMJuwARAQAB 14 | tDFGZWRvcmEgKDM5KSA8ZmVkb3JhLTM5LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 15 | cmc+iQJOBBMBCAA4FiEE6PI5lvIyGGQMtEy+dc9axBi450wFAmLykg8CGw8FCwkI 16 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQdc9axBi450yd4w//ZtghbZX5KFstOdBS 17 | rcbBfCK9zmRvzeejzGl6lPKfqwx7OOHYxFlRa9MYLl8QG7Aq6yRRWzzEHiSb0wJw 18 | WXz5tbkAmV/fpS4wnb3FDArD44u317UAnaU+UlhgK1g62lwI2dGpvTSvohMBMeBY 19 | B5aBd+sLi3UtiSRM2XhxvxaWwr/oFLjKDukgrPQzeV3F/XdxGhSz/GZUVFVprcrB 20 | h/dIo4k0Za7YVRhlVM0coOIcKbcjxAK9CCZ8+jtdIh3/BN5zJ0RFMgqSsrWYWeft 21 | BI3KWLbyMfRwEtp7xSi17WXbRfsSoqwIVgP+RCSaAdVuiYs/GCRsT3ydYcDvutuJ 22 | YZoE53yczemM/1HZZFI04zI7KBsKm9NFH0o4K2nBWuowBm59iFvWHFpX6em54cq4 23 | 45NwY01FkSQUqntfqCWFSowwFHAZM4gblOikq2B5zHoIntCiJlPGuaJiVSw9ZpEc 24 | +IEQfmXJjKGSkMbU9tmNfLR9skVQJizMTtoUQ12DWC+14anxnnR2hxnhUDAabV6y 25 | J5dGeb/ArmxQj3IMrajdNwjuk9GMeMSSS2EMY8ryOuYwRbFhBOLhGAnmM5OOSUxv 26 | A4ipWraXDW0bK/wXI7yHMkc6WYrdV3SIXEqJBTp7npimv3JC+exWEbTLcgvV70FP 27 | X55M9nDtzUSayJuEcfFP2c9KQCE= 28 | =J4qZ 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-fedora-40-primary: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGPQTCwBEADFUL0EQLzwpKHtlPkacVI156F2LnWp6K69g/6yzllidHI3b7EV 4 | QgQ9/Kdou6wNuOahNKa6WcEi6grEXexD7pAcu4xdRUp79XxQy5pC7Aq2/Dwf0vRL 5 | 2y0kqof+C7iSzhHsfLoaqKKeh2njAo1KLZXYTHAWAMbXEyO/FJevaHLXe2+yYd7j 6 | luD58gyXgGDXXJ2lymLqs2jobjWdmGPNZGFl36RP3Dnk0FpbdH78kyIIsc2foYuF 7 | 00rnuumwCtK3V58VOZo6IkaYk2irdyeetmJjVHwLHwJB3EaAwGy9Z2oAH3LxxFfk 8 | rQb0DH0Nzb3fpEziopOOqSi+6guV4RHUKAkCUMu+Mo5XwFVPUAIfNRTVqoIaEasC 9 | WO26lhkB87wwIvyb/TPGSeh6laHPRf0QOUOLkugdkSHoaJFWoTCcu9Y4aeDpf+ZQ 10 | fMVmkJNRS1tXONgz+pDk1rro/tNrkusYG18xjvSZTB0P0C4b4+jgK5l7me0NU6G3 11 | Ww/hIng5lxWfXgE9bpxlN834v1xy5Z3v17guJu1ec/jzKzQQ4356wyegXURjYoWe 12 | awcnK1S+9gxivnkOk1bGLNxrEh5vB6PDcI1VQ1ECH50EHyvE1IXJDaaStdAkacv2 13 | qHcd15CnlBW1LYFj0CHs/sGu9FD0iSF95OVRX4gjg9Wa4f8KvtEO/f+FeQARAQAB 14 | tDFGZWRvcmEgKDQwKSA8ZmVkb3JhLTQwLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 15 | cmc+iQJOBBMBCAA4FiEEEV35rvhXhT7oRF0KBydwfqFbecwFAmPQTCwCGw8FCwkI 16 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQBydwfqFbecxJOw//XaoJG3zN01bVM63H 17 | nFmMW/EnLzKrZqH8ZNq8CP9ycoc4q8SYcMprHKG9jufzj5/FhtpYecp3kBMpSYHt 18 | Vu46LS9NajJDwdfvUMezVbieNIQ8icTR5s5IUYFlc47eG6PRe3k0n5fOPcIb6q82 19 | byrK3dQnanOcVdoGU7QO9LAAHO9hg0zgZa0MxQAlDQov3dZcr7u7qGcQmU5JzcRS 20 | JgfDxHxDuMjmq6Kd0/UwD00kd2ptZgRls0ntXdm9CZGtQ/Q0baJ3eRzccpd/8bxy 21 | RWF9MnOdmV6ojcFKYECjEzcuheUlcKQH9rLkeBSfgrIlK3L7LG8bg5ouZLdx17rQ 22 | XABNQGmJTaGAiEnS/48G3roMS8R7fhUljcKr6t63QQQJ2qWdPvI6EMC2xKZsLHK4 23 | XiUvrmJpUprvEQSKBUOf/2zuXDBshtAnoKh7h5aG+TvozL4yNG5DKpSH3MRj1E43 24 | KoMsP/GN/X5h+vJnvhiCWxNMPP81Op0czBAgukBm627FTnsvieJOOrzyxb1s75+W 25 | 56gJombmhzUfzr88AYY9mFy7diTw/oldDZcfwa8rvOAGJVDlyr2hqkLoGl+5jPex 26 | slt3NF4caE/wP9wPMgFRkmMOr8eiRhjlWLrO6mQdBp7Qsj3kEXioP+CZ1cv/sbaK 27 | 4DM7VidB4PLrMFQMaf0LpjpC2DM= 28 | =wOl2 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-fedora-41-primary: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGTSYSwBEACTHP7OFONk+1B1awJeYToUFMVbYZIjNvj9M7zwf5vzH52FlpXX 4 | dsbs1AWh6NUe0zV1J5JjCGiI24Vjacysg7L2zsbgT48vVv3mXrXorjYOzT/cxsAh 5 | 7PNhEx+OevKzAx3oy0Ok27c11Dz0W4ynwVy80gB6XHI2rd04v74TiC0xQYlxj1Sh 6 | j6irdLmHMD/NtTCWmCM7MRf91UcC4rk6JOap715UKey2fk1h/wylv0guMP3o+CpG 7 | jxDHENkfl/GsWCSYBaHec7o5/qg5RoAkN5NImVI00CqiEO1WHPBaCJalgwbuQCiW 8 | 006jwVDHJHRoufS85PEKaY9yqd5Fr76kdqCLsf3Ys9yxGVfOTvCaKOa+ElWBo+i6 9 | yOtEO6Qp1Qd5spomBJ+FVPjU89lR9aDnvxIVX7X6zu638qV0K3Lb2HKmqiVG6ccJ 10 | IdxNVXJAekvu7ypwvRzEc0mGgfkZ47flaj7X8SxiebbXhYWdqRBF0rMYc7ppkbCp 11 | 5NsD+KJilkfeOGb7VK6Rx5vXmySiNCb9GqN51KRl4Z1qllrc/Q1k5CCMt3AUq0hv 12 | 1fwK3eFGtd4/YgF9LoZ0tW8WFZ6h/zWnRvJ/SDBPhtovoSpxptCd18MWiakwvwW0 13 | sxueKFlctdDjW1a/gri3V4RdTOZbr0AqDjGGcYndt/oxMeLxaK9qvs2xIQARAQAB 14 | tDFGZWRvcmEgKDQxKSA8ZmVkb3JhLTQxLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 15 | cmc+iQJOBBMBCAA4FiEERmzy2LYLwwV6qUU+0GIkYumdatEFAmTSYSwCGw8FCwkI 16 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQ0GIkYumdatFHIQ//bTSVGDvJGmUxgHJw 17 | MnGM2G6Rc9PNAKuXbh6t4qsrRKp22pWNnMmqqcGaoiBxKP989a2cJgIVP49SsC4C 18 | ewaafEYhsitUtKagx6z3F7UObnvQpOz5U5iFcJCvRDtC4FXq+VkMdhT09zMZY4Ey 19 | ia29bV1B1R7pe7yXh6l3WyVj9AAXUSEBR/OsakaYEMzScLnROBEU1YbWR9iHsc7M 20 | rEsqju8tVUh1XAqIqJgLW3VrKs0g0nDVR0rBc8aDhrtVfylwWVl61gHsPFJfAkjj 21 | OPgvQgThrhlCWo23EZSk/Hj8YRrnhUbEDnk+Z3Xv5Uyl1kxGRk5dGBnv+7u3CKvV 22 | G6sU3tPtna/8rFblfKSMZIPhzTADdsUZ88Fn9pZkfqgPi8LZ4sS8vHtaykZmbfj6 23 | t9a2mBYJQ+/pxiH8olzyhKMdNyesLPeQmESgwM/qlJ+b2Hbogwuuzp8o2JMezxIe 24 | CAwLoPh+hxMPGnBRklh6Vj5R5z29wIZd6pKCavVRfJ+ON94wuOSEofhBfQNZIIFV 25 | jagEbk60iksysxsObfVEHFhtGnZCEgCRC87BfX6tzIIDv23Zs4Bv9gcaaRXTAml2 26 | kZXktduHkV9q3hhcoha5FgGSe244C4GsMUkWCsZtuN6tevUPo+n2ZZAA7ikQ768r 27 | Iz9rPOI8/Ra7qnwSlNIVnkTb9bc= 28 | =e2ew 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-fedora-42-primary: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGXKg9EBEACvsAjRcllcH6mVReU/0hi5YnwqulP7gNgUM4jYPiqucF51g0oW 4 | MbFk0VjDn3QXjrwLNLtj4oxsU+E6OW0jl1732qvjUJ9geEZBuidyFZgq0CCn9K8d 5 | 661dPDjN/DzWWogFhnDySFHRLdh6dYCuu75/HKSIVfCud2IFCvT7Bhk4AOpxv4c7 6 | mmX874LFgi49jkAYC0M6UbJ9o3KSCndipf/k0ra2g9dGacqlPfn3PMiTszPDr99d 7 | o4qZ5dVZYC6Sna8GjNhN7b/2xLGQuzdd9LHgPHC/PX7XsvBLu42rqi3q0umJBtjZ 8 | CyFxF5Dp0VMwmVfrKFZOHvVsGjPLrxomLU16/EDzIrw6cHikdQKLf4sl0rX0m8j0 9 | PNAGOSDmE9YgByiPo12CGMOuAvsDUI0JID4p4WqpBShTBuiIrITn8XVTCOQ+tKq9 10 | dE/qI+mm2hnZjJajM2UWfKE0mVH4SDOiSilgKR/h5HuLZqwtYXFExDZsAcxaLfRB 11 | KCrIOyJdpV7YIj8PaP89XeycHM2MaIfwdHSx3Pz39zZNzi6vJkLj9SWdQT7lOvZx 12 | xTQ3dK0Rcpjx+rGHgihMT4yBd+JO9mZS3ghNGbypYnNn/mohPOAxguXuPuPRj00o 13 | C7C3lIEEL/hZXZbN1SuiopZjxbU/x/5lO8n0Un1GCzynObPDvpDLTjsdKQARAQAB 14 | tDFGZWRvcmEgKDQyKSA8ZmVkb3JhLTQyLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v 15 | cmc+iQJOBBMBCAA4FiEEsPSVBFj2nhFQxsXtyKxJFhBe+UQFAmXKg9ECGw8FCwkI 16 | BwIGFQoJCAsCBBYCAwECHgECF4AACgkQyKxJFhBe+US4mQ//e4gIGhA6TJuEqrVP 17 | gKtSnDawIj30TGbkXIywECtKCu9N8anTlkU2/XSKGyE3ZDdKDO77O11382Ci1xJg 18 | CpdbqKg4G02ecEKT1Dtng37gt55SkhffQ0EeDb3Zl+Pu5qohHQUiMzio4B4q8n0H 19 | D+L9klQ3I1rLmymguBRd34jQH/z025GE2SBbCpDnQCChZT7Fq1D/onOQgC6skN6Q 20 | E2dvYqOnSlHkkfuVlRRYoLNmynxHKlL6VZkiM7m1zKi7cMEK63mKJQ3jH3Mc9grh 21 | +OwBDxOjx5UoYMeYqq7oXyTPKvvf6ssuHtjWM3tNkyi5R1nB+4SHMttrbt2pLMSH 22 | Jg6pNXoLAP8ahlvxdgVRjgN/6OMC/DwXnLxippelBXXDyBnwVd8/WohbJDcq7e5t 23 | dymZpRsNxzhWSuwbHzeJY1DKtePhbjblShLjxTzLnS4GBPJV5TXpHkZWgQmz2aA0 24 | CHV47j37P6kAOEtsJkJUWWz+/Rx1N5Mm5lxvghaAzlTBtwQhRgl9Y8kCTznG40QQ 25 | 64N2FOrcExUJmujLRISDjM2Ps9MtBlbYs7H4JDziX4jpNyvhVAbEdjbzVfL5oi35 26 | l+K/QRtQJnt78qhLpNNB7SdQkNmD8eMeXF7mA/MH6eFM88hF4l6NeKklyMIa5thg 27 | LFx0UyEgoLXDBg+thUzby61gnA8= 28 | =OCXB 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-qubes-4-centos: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2 3 | 4 | mQINBFnOuKQBEACc4uru1ruuHsZAIFFJhkmYVL0I07MlIjA9FC0vwNQA0sq0roJ6 5 | LElswKLyu9ST8h0qwlqW9RalFxxkhvm0ySvNcWPEayHW2L0izGfD+IH1SUk3QALn 6 | IudHFd0VYw7REunDgEMfQXvYp1nAQqJ6/e4PrYtIqYfenSYd226/7qBgEJHixeWJ 7 | XXPoGLSqrsPFzB2KHJRRAJNKB/SFeGd4EHD/LKuxxArAjID+hEo3S53E1xf/G330 8 | dyEAt5PLsqA0USnWCsREyW7OhW8Bbs02wyYHbOeIt2VM5/GOGJFvGRQC8YsUspBV 9 | OY3PPMxxmf/8GtORQsTD5BgrtbbZg5mTn3vPi/0LiPIVoyUqLcNY1xLIUtoikhi4 10 | X5o+37DcRsP720jinXoqqyZPvQlynPAzgJ0i+IIk/8QUp3qQEUm0WXvNamTpluY2 11 | HPC2dNEW45FnTatMg5mDGf091UdMk6JKXyETRYRWdQfGq+n2BQMO5p6VFMgbzDP9 12 | I2IYvYnjEi59X7dORGHxYs7LqNGoKL1em8r5NiTS6PhRmw7yQYdrpykFjwZxQvM9 13 | F+HGIKLd0map8g08Sew0VTZ96OpRWkoMMpveLq0W7Ke4Cgu0t1245rE000r+/sRZ 14 | l/fg1eSPwVxHHFu8Wj6l4VJiZzi4hSHxOZipNIkfz/SvGvkcgeXGRW7QKQARAQAB 15 | tCZRdWJlcyBPUyA0IENlbnRPUyBQYWNrYWdlcyBTaWduaW5nIEtleYkCNwQTAQgA 16 | IQUCWc6/DQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAZIFoR/ePQqjMe 17 | D/9/L0TK532j4k4ZYgOULnqq6JTN0qvmG8JWiRBjRoc90ksDHcH0JwnceYugN2/K 18 | eV1Nfrm2SLzbaNFJKLGhktskXKEU6dRe5IHlOfXLCnzTsUlnrV7JQ7RhRd27B5YJ 19 | 2OZ9xukwJMihfvBEGD8u98i1OceyeqB6n4T/vwxeAq0UWd3rbFzrzXNDEVy1+7LV 20 | 4s8NtsnAUOece+njTMtxEZep6SZ3MM9XkhD+WwsKan1kUxq8WdFj5o8N0VojdDBv 21 | 9ZCJLn65F2WLTvyILp8K25KI2uLolk+J6monS6keFsdQ+cjEiqadHcfZruIIC5m5 22 | XpJ8+VdBj+s22q5b1KXRwkK7j69IgMnDbsEJOvH0gW3Nwvofzim32K5TrPXSGlYe 23 | 5qTNYlzRjEhheBLBsK9iJ17CgEhDSzaU6TZOZIM1MVg/7OY//99WL/h6/+bAMkoq 24 | aDCOhxDFkoX8lHGjlAMV1JiESNy8Xxnt+J8+j86ugz/TSKToRawKBRCXno0Cycq5 25 | w/auNLHsXyeyftIOva2H9sLVW7DwvipqiYBGunRE+gqznsX1r0oli1mZrW/JiEfj 26 | 6F5+l8L9+GQi/f2WvBMXKgjqHgyl7MWVWiZ3B3Jy98NzNKgDVxRkrhaXLzjgdQKz 27 | J3xJNOrHCRPqyH7qq4CbS62nLeaOgEPdmsygcn7VfNYajQ== 28 | =F3Wg 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-qubes-4-primary: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBFi9Xv4BEADTkOlBTDmO6DsFJi754ilTFqsluGWleeProuz8Q+bHFlx0Mqtk 4 | uOUcxIjEWwxhn1qN98dIPYds+mD9Bohamdh+bJYxB/YYj9B2xvURhCpxVlWzzkzt 5 | i1lPYhj/MR637N9JqIdILmJSBFDxmnuWfQxfsbIsi4lUx5oq6HzIAYXzUzA+0/0a 6 | c/j0zAm9oBq+pXPad/xkH8ebkNAL0+HbHArBNFzrhVKmi1VskpxurPIYZEcQ0dUu 7 | n447TM/37y+dzmNYxvSuK2zBPFa9upXsKZEoVaJqksXDdX2YuMsZFiesdieL85w7 8 | sD1iI6Eqmp5EIZXa8t0/MHTaDrm1tDKJdSu/5zrh0RFh+J73qxJH8lDJqcTVggCe 9 | Xoasoi1LNg0CIgzVM+zLEDbpNd6mILdXQNHzsU4CP2UFpMxOUUDMEPYSE3WBExWX 10 | 0dBO8QgvTOzqvRWq7TL2jKaprsB/ZXiZief5hOK2QFL6HFEOuFuWLf3tb2+tpJoZ 11 | LXbXYW+6M+WNRHr9mDg3o6SuZmSwUCOa1FV/i51gqiUHmXEfIGH3iE5WWq2bvUG1 12 | dhjkzDGPL9fXbCWS6+QARakXRbxslsc4RgMrQR6nLEAuOL7GDaG3c7ldqgfotkal 13 | 5KDB5/1AxYW1TC0JfoKWalYrfXlUJlbHcvDFqHdyljOnoeJ8WVqLNE9hUQARAQAB 14 | tB5RdWJlcyBPUyBSZWxlYXNlIDQgU2lnbmluZyBLZXmJAjcEEwEIACEFAli9Xv4C 15 | GwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQGEh5L54nlem9QRAAkaDEfYey 16 | FoldssIDE/gliYYb7RSYBjs+QrYJQjBxFGXXPgHS5kGMZfMkqVVBc8EtHh41q7gU 17 | mUIHVbjnKIcYaKLaVl/qb9Jkx+6/NxEYWjNVEMMwPk820QgI1alWrweH7ZuxxGlz 18 | CzOQsyKZLH3TESEf46CUjv9FHW2nKPAp5qVMzLRlgtquQAdfh7SWau7Kd+WPQOiB 19 | 9cj+j3/yswsrpLmvqJP8trS/aKAhsn2jGrxwSAbdGCzQorJjUy5HLZ6xVIk9yD0T 20 | +o9cbK4SQSuOHUiA9Z5gA7vuxwOuloDhIm74k2PBWMaUEvx19nIh4XmgGEKNzI6V 21 | SbR+s+d9ciQ/aC/bXdeeZOpCDaty54D8sKzMi2y15Urycxwpz508LwE6I3Zm0Won 22 | xMEf5gGR30szgQdh6sJKIqZ2nVDLBg4H1mc4CULhsgViN/vM3Rrj2t4kOwUM30AU 23 | M49o4JPzY4wvhsAmhIQGl38C8wDkSqPwntRsszpbLgzI3Lsxb00xiPcLR6Y/pviH 24 | AfHxh/1uYymjD1Fq9u9ylgR6+15qqEYY/uEHr2EQyVvXQ08R1iKkT+v8fufMFUWa 25 | rJxyB+5v/RPRKvRRi9Xb1HkoiFo3E/bEPYKlGA2colp5iqFYpTUBJYJXyMosgjI+ 26 | mqH0I+V+LuMtlE521YHKg0tsB9GVlfWBS12JAhwEEAECAAYFAljAUaEACgkQ3foa 27 | PjaHlJR8xw/5AYj/vJNbpnFNYV1jK7AwaEScpGpuDwh+izdGB6eCajynoZMmHSs5 28 | S3ToygNDo6Tlnh4/Tk7g6nG+eRWdAGghrrz2TXZd0sQX2KJ+m2omT5TZMrwPzM0v 29 | HcUSAZhW1+nK8miMdvxeOAtY91OaDXwjddii/f420m+9tXwCVKbD+EC83wPpr76r 30 | sokeOrp5H53CZQ++SbbG7qRmj4uc+VuyXNbAYNDa999Dpm5CW95LgMJ8/YpZbQ9S 31 | Gk8xlo2DTdBig84yO8Dp9L40KxhIbtpOfLZSWR7OwfMchb2wdt/rRcFsAUPjW7of 32 | /ZO7lQIPfkdl6cvssoZEjEGZnaxjRzR1b6GtPmlrq8MwUHOZqVizlo9vskuAczYl 33 | VECk2+D5ZH52GsSbX+C/2DpLUI+o8hLmNDkyBHkz7eOV69lMOzKKsXVyOyrsaLY1 34 | xNY6JPhMwJVuX8zNW2upETvWs8kr+ZOSvalinvmD6BAQp602PQRnUYDgRxG7GXw+ 35 | z9D/6ea14TjGpQWW+wvRUUpqgs7WKCzjAAPDiqTpLvz5xtSTToW/qQJJn4LO7w3H 36 | Qo9G00Mruapdmy4nV5lHqsjm817M1vChTq1Q5+4ZPLMBoAndNM6vZAVJzfhhR+zG 37 | ZFp6oNCNJuSPFd+xN4tczA+aNZgUDDYhcvelFevUubLSjAR3ulfwxns= 38 | =d8U3 39 | -----END PGP PUBLIC KEY BLOCK----- 40 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-qubes-4.0-centos: -------------------------------------------------------------------------------- 1 | RPM-GPG-KEY-qubes-4-centos -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-qubes-4.0-primary: -------------------------------------------------------------------------------- 1 | RPM-GPG-KEY-qubes-4-primary -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-qubes-4.1-centos: -------------------------------------------------------------------------------- 1 | RPM-GPG-KEY-qubes-4-centos -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-qubes-4.1-primary: -------------------------------------------------------------------------------- 1 | RPM-GPG-KEY-qubes-4-primary -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-qubes-4.2-centos: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGNacSkBEADWA8Q01gST/t7Qy0FgIWivPkFrPv+Wtvdj/Pp4/9kpeqbFjSYm 4 | MKA8ol+uQicowOwwWz1KU53cTsfuK4/D8WOW87tK/PYkeqAWXR9VsWwe9jqAWy5r 5 | yTQw6P04Y0MG5bpwZ6B+4ylD2N7S3I1Y+fwEB7opHwaaTLBzM0+fFvyVHiPVsINZ 6 | KlSouIu9aeVD3ofAgtWsiyERLM/p4xFx90YsIjFFJfaU67n6Xn/+hIaONy8POv8/ 7 | sosj8bnRY+bWHUhV1Oc3Zrd1ieRFgXcIf657mrS83BDlf/ClA4HwLhyoqm7eP1y0 8 | dsifPM5C91+BMMoa7c+lFaWlW+el8StPcVrZbFRckRZBZdwBtNKBcDmGXjAaZ6PQ 9 | q3e1YM/zuQdE3tB4ZP7C+O8aMIxOgCBwNLr4KadVJCaXBpB8ETzwKGDfZc9T1BQP 10 | ZWTaUYebKhwaZE5OyszDq2IxE5a2MHxOqrZMtgbk6avWl2UkZG7jQd/F0yAabNDG 11 | tKiIvQlVt4vo+gMkOZbIRmsKXRpXBcmgkna1mt10CKswKpnFkmmM7VMbqBhCRpw1 12 | qVso6ZrNb3w9KL4H2aTocipztax4QGM0vtNJtEZzsbHgA2zBf5CXveJHxQQ2rM9d 13 | wxFR6Q/SKLRBLGVbSNM2j+aOjMyIKW3NQfz+g8dbb2RSb1GWi5haPO/ZoQARAQAB 14 | tChRdWJlcyBPUyA0LjIgQ2VudE9TIFBhY2thZ2VzIFNpZ25pbmcgS2V5iQJRBBMB 15 | CAA7FiEEc7yP8iZO27IM8cJzmtii9kRgarkFAmNacSkCGwMFCwkIBwICIgIGFQoJ 16 | CAsCBBYCAwECHgcCF4AACgkQmtii9kRgarltDw/9H2Izi1/LqSq2u2kFYVdh5Pby 17 | kIttyQxGNv4yQhMowVly8nXdNkDEj53Sb2kSrV1KlkGQD4/S3M6n7y6j+0P1UgC1 18 | roRET+Y17EBc9spo6nzk//KRR71WeKNICuXBVfz6e0EF4OUzvM6dYLsa7tJklxw7 19 | vWT5DlzsJGjJql/G1+ejJJxMJw472tuR25pXpEHKtrQEB/6B6bfGbfoQfWUMVUZe 20 | YnsVuUhfihRdJb3q3PR5ihs4ueL5ks8t35yS62X2/yzjCOSn+FwzuNb4LAP+XVS2 21 | ZzFhdru8M7VvRg37M/tQre3gdxSnsRP8GL63QS1xDyOkQ6SMMgDS3jSTo3Ovr0EO 22 | QgkpqO5LRhCYpDHasW9NLMDJ0vHiD4YcDnDBdwp/B/2fbHkmsWOHWlxsCVG72vdx 23 | +dHrBCCDUaVjlbtM3Xzx145nZgGrCcH7lEPgY8XLwjSUhEva++8fmCmonZ4M1xOj 24 | n0dYupcd3EoilviJsAyh26QWfN+Bs/rG7J7CPgI4Uk4oFYCXKbcqnn7s73jnwYMa 25 | YGqBwtFYSzwi/P3BadD7Vcd/88rJqFZbScN8mAki2MpAQ+UkQy4fXRWMjW9CUVR4 26 | rSMobJfwC5RvDwLVO2Fn7myxS8VtjiCuTaaWuzrTSK6CjJYfdW8u4HDZsyfKKkEg 27 | 376xmHwsWCqxIZ0mdWs= 28 | =V41y 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-qubes-4.2-primary: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGM8PrkBEADVWKMPcCF/azZEX8TpvAsxVnqC6gocLedVkqyVHp17u/hcKveG 4 | DrmkTZiCBw8WDKqrJug0jVA4w2VmS2aSRZJhFAkHDHeaH2pAAWKWgvP/m8ta0Zc7 5 | 2TPRncx1+5MhINY76nb4dj1JTU5tHT/pT9wc8c15xvlAgYP+qYPwNjgWwfm5e7JN 6 | +cbFEwhl56ddMFJorA2cvmpxc7aR9znw56LFIHStzYVXYq9saNp7aTR1OF+T2Eqj 7 | T/ANOryA0uPgOCrADbys2/nTtAimgGjE+JbtvX0KGvuHkm7ZMUYVmLXVZlxVOHbI 8 | FTp3msKg+Aes/RbF/seUFp7YjyoPsvRPI/c4oWTl9I9YIjVEatsJJ1mGI6ypl/yN 9 | H9DxbOtmSfAdGOTJul2r/5ktyQyW4Ptf3s1a5ZkdFlqWX78W7aUWv/9SA91gGdEC 10 | KKbUxyVlOtosGJ0ZmRvj3f1locPVRj/wZiKFXkpm/irhQ1i0Rcm+u+EuEr6kE8gK 11 | Ffrs5Mm1EN894LA0U3bHxfiOEFHD5L9w89itiskfM3yhKhp3b/BzyUjNNFQMPZw7 12 | EnLBeYfPUKvABov2l2vHNERf0kAWrJ7Q2xnHCqIIaYuyU9wOr+Tjocj6qz8MMmOd 13 | /1dy33YpqPOFewzIEpUfAY7Van1F1wZMdE7jheRkgyygyhu/M4aeXObPIwARAQAB 14 | tCBRdWJlcyBPUyBSZWxlYXNlIDQuMiBTaWduaW5nIEtleYkCUQQTAQgAOxYhBJyI 15 | TfP4EGSlaaSp+uAi5Y+ONNifBQJjPD65AhsDBQsJCAcCAiICBhUKCQgLAgQWAgMB 16 | Ah4HAheAAAoJEOAi5Y+ONNifIdMQAImcs0f39sr3ZPcKEI33mBLqZYj62TiYz96B 17 | 0Q/QBlU5kcv4WnBb6KqNJV8e+0JZ4sC2LeGCkDs7z4M2+PC8MKTWEWaydGLn2ofQ 18 | jG3s5PYk7bwkg/G6m7hksRxrdNq38wX36Fm2AGjk6777wbJ/EFgD7/E9q9MhuXHh 19 | wrMuUhakEklpwir79EfSCv9vLW/54nT44CQzg58Z1j9i1FsunC0BIyVb29oVKfYU 20 | RY/KpfOyQ8pDI095Zcle0JpqIMOqER4gj9IC+KH7Em0YhmRpzC2OhX3YlAGSrrLL 21 | aToBF8gvNGz9vb1Al6fJ0SSv9HP8/o7XOfHRLud9ZynzCXaWkwENDNU7qI1NabsJ 22 | Leigz21VAvheAxJsCXEQKRnkWGti9sCf11VUNMIrKr92ptrnishIuBtOY1HcxQlo 23 | 8oEA5qLLpt3RHb8cJgGcuYTlG1IsCo7OAoLpJOXdVPTwPGIHqRM6Mo4TVZhWlywX 24 | 5ApK8/IePtyqBERAUXNSpg9IPMx1400FVerAuDo2X9AsyuLti5fLHYrQwq1XQ5IQ 25 | c3dEh4+I3aOMK8jOl0JnTXbv4YyC8P07QDHhfmjL+/+vStgZqeE0o6Qg9pXyzzII 26 | wFCUxrMg3v5/nh+gT5CYWVWHu2iOolD8eGQlek1ZFFKt+TycwWFcJ71lcZl71LK7 27 | RUA3lc/5 28 | =3ZMQ 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | 31 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/RPM-GPG-KEY-qubes-4.3-primary: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGYW9ycBEAC6Kh7zwRFYA2Mm6QAtHDvF0ZtOQwb++jQrfWi99cvgWPbItxjX 4 | XV0dfc5tJJE0Bi81fdp3MZy8poYDHqTQtqtYA2wKqdvGu2F19qgtCKKOtd0npSa5 5 | lBSGm8HguRz5jaBNZqrem9waA8++0odeOUshYU6mCmgKNcmgroTd9lTOhgAOnThp 6 | vwiYH6CNIEw2Iw3s/dpQ3pmHF3QNbWnvR3eh2wEPtjmsZSPSeNKm98YIPAyavuQl 7 | W2nsB+XoP2SrnV19IeSmBtS4FqHH/xxayCbRzbdWSwpz51kNXm2vqDGxG4iXdQ0E 8 | gt7ExD6lwlTyd71PQWXVTdFjWIaGpEXNytCzU374rg0Cp2B/A1yjJoKOk2n/Pi4M 9 | y1zyq3LXSndIgACuyDZKlfRTW+zJ9TdiZ7obl6ZesX5muAw8yUvV1aLeD5uw2+FM 10 | /E741o2tmMsCrpcviNqo/GteyaZDwg2Fd6lPZimqgZhkt+WK/A79o3gAAQpXa6sw 11 | 70Ty4SCDEwLp8msZ7aEN13i3eqGy3KdwgcmNNcsM4HFSW2M7fTZ7XLqWZp98TT34 12 | 2EvZbfaf+1wJ6k5glxOVUAXUsY5Yqwkc25B1a3YF0PYeLp5f52XGLiX6NpjAb4vt 13 | OukW1443iGWbPD9Vg7d9wp3+Gq4uGoqoIzqHuz1N6D3el0rVYU6J+eJXDQARAQAB 14 | tCBRdWJlcyBPUyBSZWxlYXNlIDQuMyBTaWduaW5nIEtleYkCUQQTAQgAOxYhBPP6 15 | P5nWKB97Oj5ehxw9m2J/P62kBQJmFvcnAhsDBQsJCAcCAiICBhUKCQgLAgQWAgMB 16 | Ah4HAheAAAoJEBw9m2J/P62k1+oP/RbefZTQFhnVZyW4mdyFx5QCF0PrR1ao0pJQ 17 | +FBBK1pgn2+GWo21szmK4AgRW6trUSEx2BGfX1CnmPGYeheqf6q7cqhyDSj7lMXk 18 | gbj6fpWCJ2zc9w7EoxDhakCmuyhfeIioY9Ye4F2Y0j/1Zkni3xZJ1xyyCWbh8KK7 19 | lcv4GxLZDxgbAEoXeu21BCCpqIRT6v+2lsYr3GhX8uP8yXM8QcK8bS8WAS76j80M 20 | LnJLI4buJTClIOkV0Pa8c0BWqVw5gsZLSaAxYv2uh7/9hC2IlqcUZ438cRtXKA/M 21 | TG4SNMkal1wJWNhRA6dATOjapJejsipDClPGfgzsVEQoDL8TQ/FPII6YjfD3jtcH 22 | bzmru0bcXCKFyqoVJdfWbUWihlZeXeZ8Imql21Ct+c5bOVVhdtNgy71ceirN8nO8 23 | C9o8joKQbcWgNDdPkv5gm1x+lUuJz57jepXk/y88J/bi8km9aP1lu7PVIgWXBehk 24 | 8yCKQgBdoKdpzzUvVh3eHr2neevE5BCFbb3Ic9Yl6Rom1NzPJIWGU4WWIpmakxg9 25 | faPsgB71lr2UBlax28dgBmNLSVDE2kB/k1f2vpMe69rNY8G/QiO5ZlEMDjQRGnNy 26 | chFSAncuj9s+UIiTdbsEkBDCE8jqDBHmYL2mPBQDzZX7N/bqEVyqv9avB5XKMrQt 27 | vcFghFO4iQIzBBABCAAdFiEEQn8R/Q+qSwgBI/Ac3foaPjaHlJQFAmYenOIACgkQ 28 | 3foaPjaHlJRv1Q//SLh6IulPcm4iOZQuX+zX3MGFScqUTAD24BuUFur3d/S8lFHE 29 | HZS1ZRNS0m9Xw/RkuJOVbnJAtrTmg/A2TYLkvHIYYEnnKs+TLTpndYhYOSEbD40n 30 | ojx28CrE3/oVYQcDs2SRzKFWW+EhKhEWpvPnRUaaxQixXJPUqUEMw9BmWkfNlyn8 31 | k9nO3EE2HNqW7PJ9zWkoR5J20lVAKO81dNk4gLwlwBGeNWDbAGxpDK01mcHqwQd+ 32 | PPThU4AJ4mumM79psb+5v23PLDw5VRzA/pcl+7JyXVdqhbBUFpPER3jVrUaM4ubh 33 | l9GVPobALMJrs0sB4Nj3ziIudc/DtYqKmUJcyzw+VmMbEZ2LIH39yMgavKmkANjM 34 | 5QGEt9Fd5tvD9y5bMEe0VBmHshsyj89J6HNFSArF3FBHNkGT9eEeQwcNlQskgolp 35 | pWBvPU6+CTUXHcT8OBK58jDstm7DFB0UzAvUmT7Q3B80Db40wEt8IXEehcHybPw8 36 | h31EzVwew9Uz1PLMWyUoY7/vCN1Ey7FgF9HL5N/glBfPBFZva9s41yOm5RDI1r5U 37 | Tp5Ij7pxdtqNcqUOf6P/3fEpod1tQtahWsqqmOWegE8X/3C4vZXHV60Q+CFTIywI 38 | /c4pBHByj/CvlxJ19B3GnYQiHTShF2RyjUH5jGXJddYUFUejhxsaAmJPWHc= 39 | =ZQg0 40 | -----END PGP PUBLIC KEY BLOCK----- 41 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/qubes-release-4-signing-key.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBFi9Xv4BEADTkOlBTDmO6DsFJi754ilTFqsluGWleeProuz8Q+bHFlx0Mqtk 4 | uOUcxIjEWwxhn1qN98dIPYds+mD9Bohamdh+bJYxB/YYj9B2xvURhCpxVlWzzkzt 5 | i1lPYhj/MR637N9JqIdILmJSBFDxmnuWfQxfsbIsi4lUx5oq6HzIAYXzUzA+0/0a 6 | c/j0zAm9oBq+pXPad/xkH8ebkNAL0+HbHArBNFzrhVKmi1VskpxurPIYZEcQ0dUu 7 | n447TM/37y+dzmNYxvSuK2zBPFa9upXsKZEoVaJqksXDdX2YuMsZFiesdieL85w7 8 | sD1iI6Eqmp5EIZXa8t0/MHTaDrm1tDKJdSu/5zrh0RFh+J73qxJH8lDJqcTVggCe 9 | Xoasoi1LNg0CIgzVM+zLEDbpNd6mILdXQNHzsU4CP2UFpMxOUUDMEPYSE3WBExWX 10 | 0dBO8QgvTOzqvRWq7TL2jKaprsB/ZXiZief5hOK2QFL6HFEOuFuWLf3tb2+tpJoZ 11 | LXbXYW+6M+WNRHr9mDg3o6SuZmSwUCOa1FV/i51gqiUHmXEfIGH3iE5WWq2bvUG1 12 | dhjkzDGPL9fXbCWS6+QARakXRbxslsc4RgMrQR6nLEAuOL7GDaG3c7ldqgfotkal 13 | 5KDB5/1AxYW1TC0JfoKWalYrfXlUJlbHcvDFqHdyljOnoeJ8WVqLNE9hUQARAQAB 14 | tB5RdWJlcyBPUyBSZWxlYXNlIDQgU2lnbmluZyBLZXmJAjcEEwEIACEFAli9Xv4C 15 | GwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQGEh5L54nlem9QRAAkaDEfYey 16 | FoldssIDE/gliYYb7RSYBjs+QrYJQjBxFGXXPgHS5kGMZfMkqVVBc8EtHh41q7gU 17 | mUIHVbjnKIcYaKLaVl/qb9Jkx+6/NxEYWjNVEMMwPk820QgI1alWrweH7ZuxxGlz 18 | CzOQsyKZLH3TESEf46CUjv9FHW2nKPAp5qVMzLRlgtquQAdfh7SWau7Kd+WPQOiB 19 | 9cj+j3/yswsrpLmvqJP8trS/aKAhsn2jGrxwSAbdGCzQorJjUy5HLZ6xVIk9yD0T 20 | +o9cbK4SQSuOHUiA9Z5gA7vuxwOuloDhIm74k2PBWMaUEvx19nIh4XmgGEKNzI6V 21 | SbR+s+d9ciQ/aC/bXdeeZOpCDaty54D8sKzMi2y15Urycxwpz508LwE6I3Zm0Won 22 | xMEf5gGR30szgQdh6sJKIqZ2nVDLBg4H1mc4CULhsgViN/vM3Rrj2t4kOwUM30AU 23 | M49o4JPzY4wvhsAmhIQGl38C8wDkSqPwntRsszpbLgzI3Lsxb00xiPcLR6Y/pviH 24 | AfHxh/1uYymjD1Fq9u9ylgR6+15qqEYY/uEHr2EQyVvXQ08R1iKkT+v8fufMFUWa 25 | rJxyB+5v/RPRKvRRi9Xb1HkoiFo3E/bEPYKlGA2colp5iqFYpTUBJYJXyMosgjI+ 26 | mqH0I+V+LuMtlE521YHKg0tsB9GVlfWBS12JAhwEEAECAAYFAljAUaEACgkQ3foa 27 | PjaHlJR8xw/5AYj/vJNbpnFNYV1jK7AwaEScpGpuDwh+izdGB6eCajynoZMmHSs5 28 | S3ToygNDo6Tlnh4/Tk7g6nG+eRWdAGghrrz2TXZd0sQX2KJ+m2omT5TZMrwPzM0v 29 | HcUSAZhW1+nK8miMdvxeOAtY91OaDXwjddii/f420m+9tXwCVKbD+EC83wPpr76r 30 | sokeOrp5H53CZQ++SbbG7qRmj4uc+VuyXNbAYNDa999Dpm5CW95LgMJ8/YpZbQ9S 31 | Gk8xlo2DTdBig84yO8Dp9L40KxhIbtpOfLZSWR7OwfMchb2wdt/rRcFsAUPjW7of 32 | /ZO7lQIPfkdl6cvssoZEjEGZnaxjRzR1b6GtPmlrq8MwUHOZqVizlo9vskuAczYl 33 | VECk2+D5ZH52GsSbX+C/2DpLUI+o8hLmNDkyBHkz7eOV69lMOzKKsXVyOyrsaLY1 34 | xNY6JPhMwJVuX8zNW2upETvWs8kr+ZOSvalinvmD6BAQp602PQRnUYDgRxG7GXw+ 35 | z9D/6ea14TjGpQWW+wvRUUpqgs7WKCzjAAPDiqTpLvz5xtSTToW/qQJJn4LO7w3H 36 | Qo9G00Mruapdmy4nV5lHqsjm817M1vChTq1Q5+4ZPLMBoAndNM6vZAVJzfhhR+zG 37 | ZFp6oNCNJuSPFd+xN4tczA+aNZgUDDYhcvelFevUubLSjAR3ulfwxns= 38 | =d8U3 39 | -----END PGP PUBLIC KEY BLOCK----- 40 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/qubes-release-4.0-signing-key.asc: -------------------------------------------------------------------------------- 1 | qubes-release-4-signing-key.asc -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/qubes-release-4.1-signing-key.asc: -------------------------------------------------------------------------------- 1 | qubes-release-4-signing-key.asc -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/qubes-release-4.2-signing-key.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGM8PrkBEADVWKMPcCF/azZEX8TpvAsxVnqC6gocLedVkqyVHp17u/hcKveG 4 | DrmkTZiCBw8WDKqrJug0jVA4w2VmS2aSRZJhFAkHDHeaH2pAAWKWgvP/m8ta0Zc7 5 | 2TPRncx1+5MhINY76nb4dj1JTU5tHT/pT9wc8c15xvlAgYP+qYPwNjgWwfm5e7JN 6 | +cbFEwhl56ddMFJorA2cvmpxc7aR9znw56LFIHStzYVXYq9saNp7aTR1OF+T2Eqj 7 | T/ANOryA0uPgOCrADbys2/nTtAimgGjE+JbtvX0KGvuHkm7ZMUYVmLXVZlxVOHbI 8 | FTp3msKg+Aes/RbF/seUFp7YjyoPsvRPI/c4oWTl9I9YIjVEatsJJ1mGI6ypl/yN 9 | H9DxbOtmSfAdGOTJul2r/5ktyQyW4Ptf3s1a5ZkdFlqWX78W7aUWv/9SA91gGdEC 10 | KKbUxyVlOtosGJ0ZmRvj3f1locPVRj/wZiKFXkpm/irhQ1i0Rcm+u+EuEr6kE8gK 11 | Ffrs5Mm1EN894LA0U3bHxfiOEFHD5L9w89itiskfM3yhKhp3b/BzyUjNNFQMPZw7 12 | EnLBeYfPUKvABov2l2vHNERf0kAWrJ7Q2xnHCqIIaYuyU9wOr+Tjocj6qz8MMmOd 13 | /1dy33YpqPOFewzIEpUfAY7Van1F1wZMdE7jheRkgyygyhu/M4aeXObPIwARAQAB 14 | tCBRdWJlcyBPUyBSZWxlYXNlIDQuMiBTaWduaW5nIEtleYkCUQQTAQgAOxYhBJyI 15 | TfP4EGSlaaSp+uAi5Y+ONNifBQJjPD65AhsDBQsJCAcCAiICBhUKCQgLAgQWAgMB 16 | Ah4HAheAAAoJEOAi5Y+ONNifIdMQAImcs0f39sr3ZPcKEI33mBLqZYj62TiYz96B 17 | 0Q/QBlU5kcv4WnBb6KqNJV8e+0JZ4sC2LeGCkDs7z4M2+PC8MKTWEWaydGLn2ofQ 18 | jG3s5PYk7bwkg/G6m7hksRxrdNq38wX36Fm2AGjk6777wbJ/EFgD7/E9q9MhuXHh 19 | wrMuUhakEklpwir79EfSCv9vLW/54nT44CQzg58Z1j9i1FsunC0BIyVb29oVKfYU 20 | RY/KpfOyQ8pDI095Zcle0JpqIMOqER4gj9IC+KH7Em0YhmRpzC2OhX3YlAGSrrLL 21 | aToBF8gvNGz9vb1Al6fJ0SSv9HP8/o7XOfHRLud9ZynzCXaWkwENDNU7qI1NabsJ 22 | Leigz21VAvheAxJsCXEQKRnkWGti9sCf11VUNMIrKr92ptrnishIuBtOY1HcxQlo 23 | 8oEA5qLLpt3RHb8cJgGcuYTlG1IsCo7OAoLpJOXdVPTwPGIHqRM6Mo4TVZhWlywX 24 | 5ApK8/IePtyqBERAUXNSpg9IPMx1400FVerAuDo2X9AsyuLti5fLHYrQwq1XQ5IQ 25 | c3dEh4+I3aOMK8jOl0JnTXbv4YyC8P07QDHhfmjL+/+vStgZqeE0o6Qg9pXyzzII 26 | wFCUxrMg3v5/nh+gT5CYWVWHu2iOolD8eGQlek1ZFFKt+TycwWFcJ71lcZl71LK7 27 | RUA3lc/5 28 | =3ZMQ 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | 31 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/keys/qubes-release-4.3-signing-key.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGYW9ycBEAC6Kh7zwRFYA2Mm6QAtHDvF0ZtOQwb++jQrfWi99cvgWPbItxjX 4 | XV0dfc5tJJE0Bi81fdp3MZy8poYDHqTQtqtYA2wKqdvGu2F19qgtCKKOtd0npSa5 5 | lBSGm8HguRz5jaBNZqrem9waA8++0odeOUshYU6mCmgKNcmgroTd9lTOhgAOnThp 6 | vwiYH6CNIEw2Iw3s/dpQ3pmHF3QNbWnvR3eh2wEPtjmsZSPSeNKm98YIPAyavuQl 7 | W2nsB+XoP2SrnV19IeSmBtS4FqHH/xxayCbRzbdWSwpz51kNXm2vqDGxG4iXdQ0E 8 | gt7ExD6lwlTyd71PQWXVTdFjWIaGpEXNytCzU374rg0Cp2B/A1yjJoKOk2n/Pi4M 9 | y1zyq3LXSndIgACuyDZKlfRTW+zJ9TdiZ7obl6ZesX5muAw8yUvV1aLeD5uw2+FM 10 | /E741o2tmMsCrpcviNqo/GteyaZDwg2Fd6lPZimqgZhkt+WK/A79o3gAAQpXa6sw 11 | 70Ty4SCDEwLp8msZ7aEN13i3eqGy3KdwgcmNNcsM4HFSW2M7fTZ7XLqWZp98TT34 12 | 2EvZbfaf+1wJ6k5glxOVUAXUsY5Yqwkc25B1a3YF0PYeLp5f52XGLiX6NpjAb4vt 13 | OukW1443iGWbPD9Vg7d9wp3+Gq4uGoqoIzqHuz1N6D3el0rVYU6J+eJXDQARAQAB 14 | tCBRdWJlcyBPUyBSZWxlYXNlIDQuMyBTaWduaW5nIEtleYkCUQQTAQgAOxYhBPP6 15 | P5nWKB97Oj5ehxw9m2J/P62kBQJmFvcnAhsDBQsJCAcCAiICBhUKCQgLAgQWAgMB 16 | Ah4HAheAAAoJEBw9m2J/P62k1+oP/RbefZTQFhnVZyW4mdyFx5QCF0PrR1ao0pJQ 17 | +FBBK1pgn2+GWo21szmK4AgRW6trUSEx2BGfX1CnmPGYeheqf6q7cqhyDSj7lMXk 18 | gbj6fpWCJ2zc9w7EoxDhakCmuyhfeIioY9Ye4F2Y0j/1Zkni3xZJ1xyyCWbh8KK7 19 | lcv4GxLZDxgbAEoXeu21BCCpqIRT6v+2lsYr3GhX8uP8yXM8QcK8bS8WAS76j80M 20 | LnJLI4buJTClIOkV0Pa8c0BWqVw5gsZLSaAxYv2uh7/9hC2IlqcUZ438cRtXKA/M 21 | TG4SNMkal1wJWNhRA6dATOjapJejsipDClPGfgzsVEQoDL8TQ/FPII6YjfD3jtcH 22 | bzmru0bcXCKFyqoVJdfWbUWihlZeXeZ8Imql21Ct+c5bOVVhdtNgy71ceirN8nO8 23 | C9o8joKQbcWgNDdPkv5gm1x+lUuJz57jepXk/y88J/bi8km9aP1lu7PVIgWXBehk 24 | 8yCKQgBdoKdpzzUvVh3eHr2neevE5BCFbb3Ic9Yl6Rom1NzPJIWGU4WWIpmakxg9 25 | faPsgB71lr2UBlax28dgBmNLSVDE2kB/k1f2vpMe69rNY8G/QiO5ZlEMDjQRGnNy 26 | chFSAncuj9s+UIiTdbsEkBDCE8jqDBHmYL2mPBQDzZX7N/bqEVyqv9avB5XKMrQt 27 | vcFghFO4iQIzBBABCAAdFiEEQn8R/Q+qSwgBI/Ac3foaPjaHlJQFAmYenOIACgkQ 28 | 3foaPjaHlJRv1Q//SLh6IulPcm4iOZQuX+zX3MGFScqUTAD24BuUFur3d/S8lFHE 29 | HZS1ZRNS0m9Xw/RkuJOVbnJAtrTmg/A2TYLkvHIYYEnnKs+TLTpndYhYOSEbD40n 30 | ojx28CrE3/oVYQcDs2SRzKFWW+EhKhEWpvPnRUaaxQixXJPUqUEMw9BmWkfNlyn8 31 | k9nO3EE2HNqW7PJ9zWkoR5J20lVAKO81dNk4gLwlwBGeNWDbAGxpDK01mcHqwQd+ 32 | PPThU4AJ4mumM79psb+5v23PLDw5VRzA/pcl+7JyXVdqhbBUFpPER3jVrUaM4ubh 33 | l9GVPobALMJrs0sB4Nj3ziIudc/DtYqKmUJcyzw+VmMbEZ2LIH39yMgavKmkANjM 34 | 5QGEt9Fd5tvD9y5bMEe0VBmHshsyj89J6HNFSArF3FBHNkGT9eEeQwcNlQskgolp 35 | pWBvPU6+CTUXHcT8OBK58jDstm7DFB0UzAvUmT7Q3B80Db40wEt8IXEehcHybPw8 36 | h31EzVwew9Uz1PLMWyUoY7/vCN1Ey7FgF9HL5N/glBfPBFZva9s41yOm5RDI1r5U 37 | Tp5Ij7pxdtqNcqUOf6P/3fEpod1tQtahWsqqmOWegE8X/3C4vZXHV60Q+CFTIywI 38 | /c4pBHByj/CvlxJ19B3GnYQiHTShF2RyjUH5jGXJddYUFUejhxsaAmJPWHc= 39 | =ZQg0 40 | -----END PGP PUBLIC KEY BLOCK----- 41 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/mock/centos-stream-8-x86_64.cfg: -------------------------------------------------------------------------------- 1 | centos-stream.cfg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/mock/fedora-32-x86_64.cfg: -------------------------------------------------------------------------------- 1 | fedora.cfg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/mock/fedora-36-x86_64.cfg: -------------------------------------------------------------------------------- 1 | fedora.cfg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/mock/fedora-37-x86_64.cfg: -------------------------------------------------------------------------------- 1 | fedora.cfg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/mock/fedora-38-x86_64.cfg: -------------------------------------------------------------------------------- 1 | fedora.cfg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/mock/fedora-39-x86_64.cfg: -------------------------------------------------------------------------------- 1 | fedora.cfg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/mock/fedora-40-x86_64.cfg: -------------------------------------------------------------------------------- 1 | fedora.cfg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/mock/fedora-41-x86_64.cfg: -------------------------------------------------------------------------------- 1 | fedora.cfg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/mock/fedora-42-x86_64.cfg: -------------------------------------------------------------------------------- 1 | fedora.cfg -------------------------------------------------------------------------------- /qubesbuilder/plugins/chroot_rpm/mock/fedora.cfg: -------------------------------------------------------------------------------- 1 | config_opts['basedir'] = '@BUILDER_DIR@/build' 2 | config_opts['cache_topdir'] = '@BUILDER_DIR@/cache/mock' 3 | config_opts['chroot_setup_cmd'] = 'install @buildsys-build' 4 | config_opts['dist'] = os.environ['DIST'] 5 | config_opts['extra_chroot_dirs'] = ['/run/lock',] 6 | config_opts['legal_host_arches'] = ('x86_64',) 7 | config_opts['macros']['_buildhost'] = 'reproducible' 8 | config_opts['macros']['clamp_mtime_to_source_date_epoch'] = '1' 9 | config_opts['macros']['source_date_epoch_from_changelog'] = '1' 10 | config_opts['macros']['use_source_date_epoch_as_buildtime'] = '1' 11 | config_opts['package_manager'] = 'dnf' 12 | config_opts['releasever'] = config_opts['dist'].replace('fc', '') 13 | config_opts['root'] = 'fedora-{}-x86_64'.format(config_opts['releasever']) 14 | config_opts['target_arch'] = 'x86_64' 15 | config_opts['use_bootstrap'] = False 16 | 17 | config_opts['plugin_conf']['bind_mount_enable'] = os.environ.get("BIND_MOUNT_ENABLE", False) 18 | config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('@BUILDER_DIR@/plugins', '/plugins' )) 19 | 20 | config_opts['dnf.conf'] = """ 21 | [main] 22 | keepcache=1 23 | debuglevel=2 24 | reposdir=/dev/null 25 | logfile=/var/log/yum.log 26 | retries=20 27 | obsoletes=1 28 | gpgcheck=0 29 | assumeyes=1 30 | syslog_ident=mock 31 | syslog_device= 32 | install_weak_deps=0 33 | metadata_expire=0 34 | mdpolicy=group:primary 35 | best=1 36 | 37 | # repos 38 | 39 | [fedora] 40 | name=fedora 41 | metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch 42 | failovermethod=priority 43 | gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-$releasever-primary 44 | gpgcheck=1 45 | skip_if_unavailable=0 46 | 47 | [updates] 48 | name=updates 49 | metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch 50 | failovermethod=priority 51 | gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-$releasever-primary 52 | gpgcheck=1 53 | skip_if_unavailable=0 54 | 55 | [builder-local] 56 | name=builder-local 57 | baseurl=file://@BUILDER_DIR@/repository 58 | gpgcheck=0 59 | exclude=qubes-release 60 | skip_if_unavailable=0 61 | 62 | [qubes-current] 63 | name=qubes-{package_set}-current 64 | baseurl=https://yum.qubes-os.org/r{qubes_version}/current/{package_set}/fc$releasever 65 | failovermethod=priority 66 | gpgkey=file://{keys_dir}/RPM-GPG-KEY-qubes-{qubes_version}-primary 67 | gpgcheck=1 68 | repo_gpgcheck = 1 69 | exclude=qubes-release 70 | enabled=0 71 | skip_if_unavailable=0 72 | 73 | [qubes-current-testing] 74 | name=qubes-{package_set}-testing 75 | baseurl=https://yum.qubes-os.org/r{qubes_version}/current-testing/{package_set}/fc$releasever 76 | failovermethod=priority 77 | gpgkey=file://{keys_dir}/RPM-GPG-KEY-qubes-{qubes_version}-primary 78 | gpgcheck=1 79 | repo_gpgcheck = 1 80 | exclude=qubes-release 81 | enabled=0 82 | skip_if_unavailable=0 83 | """.format( 84 | package_set=os.environ['PACKAGE_SET'], 85 | qubes_version=os.environ.get('USE_QUBES_REPO_VERSION'), 86 | keys_dir=('@BUILDER_DIR@/plugins/chroot_rpm/keys'), 87 | ) 88 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/fetch/keys/0064428F455451B3EBE78A7F063938BA42CFA724.asc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/qubesbuilder/plugins/fetch/keys/0064428F455451B3EBE78A7F063938BA42CFA724.asc -------------------------------------------------------------------------------- /qubesbuilder/plugins/fetch/keys/274E12AB03F2FE293765FC06DA0434BC706E1FCF.asc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/qubesbuilder/plugins/fetch/keys/274E12AB03F2FE293765FC06DA0434BC706E1FCF.asc -------------------------------------------------------------------------------- /qubesbuilder/plugins/fetch/keys/427F11FD0FAA4B080123F01CDDFA1A3E36879494.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBEu0kPkBEADHOaL53AVx8ECt+vsTFpNv/oyDXXs8dNmMsQhaCQ7BxTu95QKD 4 | j5S0TiFoXegBwE8YhRg/8sBHOUbmdD1iQHxJSlJc8NYJkctq4KjiyeshquT1mIYx 5 | wTGSuagX2PbM+Sv6Cuyo/DyhmzIH5dssFH25qnQ/RwednxWMG9qBW2JujDdwlMjB 6 | 1p6u5lzkwECO0Kk8w7rvSMJwPo2FPTpSTcdN7+Yc1i7WEv1fOpNYBfEn76Eck3LP 7 | dndceRxnErvkEH7K95R1wEOqXxOEjE3BoUqh7q40GDW6bBMV5EauLBgMX4DQRIDE 8 | uU0NW5Kk29/8RZaZrRXmpVmof1dMYVBWu4wM+Khm3IZ30pUR188jZz+eUhPDieJL 9 | lN3iRKikSv7Rm9SETmwvvVOpP+RfkfaS6XGu3XfSv1diLy00p6Eh9J6LsfiCRuCI 10 | svADNHsyFxJkIwEGVkUgvPFCRDY73LQuV5Bt5gutPFVnVS5nM9pwQEBFAha8wB5N 11 | L+0fq47a1NJFbmKQ5PzOom3qQjee/3ic4wPcf9YtmLOdxukIEXvrGtcMt2kQHC9a 12 | YypW/AYQB/TxpLP/aXSHiO9bR4hA4au26d6ytsgCZpPVQ5WchYetTVXfcjv6mbCS 13 | g/QFYx1Ss/lZ2Uao/w7eYdAlvvJ1JBYotuMLuiONReRHGY5I94H8RRju8wARAQAB 14 | tBhRdWJlcyBNYXN0ZXIgU2lnbmluZyBLZXmJAjgEEwECACIFAku0kPkCGwMGCwkI 15 | BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEN36Gj42h5SU17kP/2sF0pzYETEJykY8 16 | MTfHpey+eAjP6Ejt2mkasiFMEIZ0mjFt9A/7I4gYgiI1pNRat2icbjK0HmUDSHzo 17 | LRjCcuP39D5LRdoFMzMzXusHx7pCKkx9rvitOq/p4LN+O6orCJYhHN7Si3LXWYv6 18 | 5HG9iGbeE262myPb43KTBbNF5recwkHZTufNMISGQiSkwFOPRbBX7q2c3/qHjmiw 19 | RZ16DRSY1xHaV1HVplaDSCIXYcDhWsywB+5iuUFDsZGmfCncR7SZ00eSWpKVB5mp 20 | P9vlk0Tri28dQWqfd63rDU9ZwxFpZfL+hlhA0W07np6L3yyai+jzaWFY7VsqdOnp 21 | zBJe8sveMr8SP0QhrGEL0aj/R9XPKgfYm5wlf1qJ/Z/10jJm8D0MTMUxPUI07Hja 22 | u5lIW7GZKFdI5DWt/JTvy3FJp0yDajaUOc84l5wJKl7cNCmeZH1/oNYkAb+JqqGX 23 | /VPWEot7fOaqUrHswsE/YKK+9fv/aMY6qjF7qVGAfbd04kAZuPha7/s3USbdiRA7 24 | aJapZ/mtaUY+P9k1j/dI8sOPpxgl4c6esIBhwe5Sv3HUZc5SZhW3h1ISScvoeYTV 25 | KLRIi9ELMmsqfESjDhnDbVsqIjL8+kKxegaRXwNxeZoe7EfiL8PKSJMSbaIhXLFC 26 | QUkIyUJmS9aV8bQN8vheR4JNciA0 27 | =5mf9 28 | -----END PGP PUBLIC KEY BLOCK----- 29 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/fetch/keys/77EEEF6D0386962AEA8CF84A9B8273F80AC219E6.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGB5jAIBEADWXC4rhL9XsHamRdTginyGprLlUuJ/iK1+nRFodEos4NbUO5/j 4 | r8jSzuLBsmUaPGfBCgI8XQTf37xU+aAkyyBHsWUsx2SDk2ZkZ+GomFHbjwlac6uK 5 | Q2XJyoaeObiV6ungFIX4fFjzmz85NyFeFygYEMWQv7S0XzaOPLaGsiFLqGJMWYR6 6 | cyGuJcKIatQw2Xvb+hFl5IOrsJz+Lux1qsffH8bkbR8EOHiQ5MM+C72RuKO3DtZX 7 | s72PrPR4mcWrzW0lhq6k5n9pOr687btoal6eHJ6F49gveisdfitv1smN23OpBWo8 8 | nNneYGZAu5ucrlEaF0MR1qH7tSKltM8iaws2xdtUh52WUDqoc8ZkxNtZg4FSZi6t 9 | mv/aBCjj/K7ZXAWzBVqWAbvvo9KLIiQlq89eSMAnUdNrDawsQX3JPTbJNJMK2En/ 10 | OMakBj1WC09MtrLItCj1Mby5FtyHAGPGQtalawME/SVev/fdUr2tcu/fnIdBed50 11 | prygeVIvjsS0C9y2yzjw3ty8O0Wrxw0P7aYOhck1CMUvWFVd4ZSrBAmwg9a9TQze 12 | UMXdBtFNUB/9H+8ooaD+hjqY9QwF7uVIPLXMx0f8FBRHTBqnZX5rg54EI5fLChng 13 | N/dhFx4d77C7txB1jttjSH2hc4GSK4GGZLrS/ZDx2D0m+2VOi2GUWZn7cQARAQAB 14 | tD5GcsOpZMOpcmljIFBpZXJyZXQgKGZlcGl0cmUpIDxmcmVkZXJpY0BpbnZpc2li 15 | bGV0aGluZ3NsYWIuY29tPokCTgQTAQgAOBYhBHfu720DhpYq6oz4SpuCc/gKwhnm 16 | BQJgeYwCAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJuCc/gKwhnmiwUP 17 | /RVbiv4DFLLqD+g5IL4MHuSmddoDqa11zzA092tIpqx/9GBWlsVyQtSEoR9SSuAc 18 | d3HsMEQcq1JDDJ1SzSuMB5wMThGVrprnE/Amne4fxKi1o9LURzS0uD4Arbr1qP3O 19 | BGx4LxjcdmLKiU0we2ppvJFimvH7KjNG89ITbyCJfHRM0JuMzrafqghtt51FhfXY 20 | Zw/PHhVE+1LTqqeyzRwaaUvsUtD3MZprhXQ1Zcd7reRPwAh5QwhpCUBCxmDDGgQ1 21 | YZVT0HiP4c7CgvxVKuqZaEuoZMmv2NAnjFHM2TIV5+4PFXw1aI4SIZgsz59Oo71S 22 | Av2vkqTP5zb4QPAilXyJKyPDebsaboTJXN5NLKOs3XHn53/KtXmUKv0YDCOcdNVi 23 | QRmdmLlXGuVTB0aDNFzKJYYvrGIGUIQF8Kg1/cpWgH0LLO7t+K0OVgbtryODSwM2 24 | +YfCcz6l76J7JpdYgNYuhj/bYGEzQP3Zoz8vJRcr82tROJF3gvsZLzS5RWyPIYcZ 25 | 8W6R6eSrJys50BKnZld65LtojiGyqdsHgEFcQfZw/T367NgJ1QxHBuIjMe4Pdx59 26 | x0twlAlWhQD3027b1Lp5AOnyWXSehHMtuJkrFkXK1hFyKhyFmBx9LqnV9EuvQj6L 27 | gLfUrxDRvIqchg7F7aGrkUt3g0KtWkd0SGeQ3c0+/kuouQINBGB5jAIBEAC9TJnw 28 | cEi/Mo/Gr7Nu0IKGiTyU19uCBZl7FgwkMlUdWXft18JHZxEShAdl6ALlCafY1ZGc 29 | IWm5yd/EKaRIGdt4Zv6U0EHySI01CD8VTO2V9HzOn1lorLvQYvNJwR5u/Xd1mEko 30 | UkdML7T0YkS4oA8plPbSPQwLARbmJJLiQvFtvoiIfZJ7izeP5ik1Pvixh+OYwGhO 31 | dTBGylU9GrJGwaRvfNVyN5rGB4lgiYC6itIt355D4+wRdwcjpsOudX88YrA0dX1D 32 | /QakPDy9FLXuAbWRraaCvrqEnsUCigBqeTkOpNqMAtOt5ICcjWgzMEq9UQ/canBB 33 | MrkIkHZRTVoqAuv9Ap/X7S2HUQDS5Wjqgx13Nn8PECQForIqaPeKtMPUw9giNLtj 34 | 0WDfJD5dGuAtaOuogslQ2IX2WtPm7D/IPD4PQeKWHZTPJ29JRCzFiCMAR+eDxu+0 35 | TfUtuub++OCOh9YZ6AYMiO/VwEg31WmzP6Juu1+Ws4bw5YxAcD5upzMk6ijFwVkb 36 | NmCoAzKylrCiud8EqoBQr/GvlF53JHwNk6U69ha920qF/+qgR9Xo6LgPTXUpjuFp 37 | LfMez42+d/LTS/OjgE57DWId244m30rcUQRIpslqPVZ14mcrHUcdhtFb0e4pypoZ 38 | mkFtcnwh72smkiHjGS0x4tJVmO47PJjvFdLQMQARAQABiQI2BBgBCAAgFiEEd+7v 39 | bQOGlirqjPhKm4Jz+ArCGeYFAmB5jAICGwwACgkQm4Jz+ArCGeba8g//e1vnZOPL 40 | d7WotfLsMdVGAwsO+ImdoYsdgWH5ZmAg2uYQBU/Hl4yh4f7lV1r7vgPxw7J8LdX1 41 | 8jbhxKxQY/HL21m7qYL+eziCCp7bBk1A+7airCBbmKrUVm2e0kLe3j7t7uKj9lnG 42 | I03Anzghkrc+kY/PcqBHZ21pzHo8kF1dsU4etD2Zv6hVygIt28nwG84mKRkMIrBz 43 | yFKvmQ9GJjIs2yRpr7AzKjlKH6d6t0E8uxa0HWMiPmmJBVXQT9X8/4eIcPNas+3k 44 | va+lTat9wBDiWRQJ2P8PHMv0kT7l2G8mlncORtOjFYhckO21FQ4ufnoBoMhXvNGk 45 | 2DwaUO7sMh3+xsRwyaMiEkX40ihdHeQFbrCFDO3jlu8Z/uTtNB83ZvcC9c6AX5eC 46 | WLI+KiMVCyLrftYxwMcHsJG+7XExM9AqhZMC5O2OzQjnMxFHtNzmuP8wwMjkcswE 47 | M11aja5A7ZmUdVbVm9kygwlWkGtsPHr1gB0WOb8b0nxIUQgsKRkgag/9iLaTLMj5 48 | 55rdbaZ+iA6evvSjJSl/kkOt8A47q7vopSTBlxkwBE49Arr+AUciWDX23icKkXgt 49 | HSiyoIbHWKNjoPvmgLxOQitJiAGz+FbAwOMmfdPiIsQwLJ7cnbHh5B2XydoQKmV3 50 | ISXGSQX34G8zhXeZ3IjR1UzCYJyk60DsAzM= 51 | =FUQy 52 | -----END PGP PUBLIC KEY BLOCK----- 53 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/fetch/keys/CE8060B48282B234AE0A7815D32BF219E67BA830.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mDMEZHcGuBYJKwYBBAHaRw8BAQdAE+N8vibVcolxL3d+Fmx8o+09fHHdQFQZHHt4 4 | LpAT0ju0RFJhZmHFgiBXb2pkecWCYSAoUXViZXMgT1Mgc2lnbmluZyBrZXkpIDxv 5 | bWVnQGludmlzaWJsZXRoaW5nc2xhYi5jb20+iJkEExYKAEEWIQTOgGC0goKyNK4K 6 | eBXTK/IZ5nuoMAUCZHcGuAIbAwUJA8JnAAULCQgHAgIiAgYVCgkICwIEFgIDAQIe 7 | BwIXgAAKCRDTK/IZ5nuoMGrmAQDEwJ0QSUjPN96QufCs9yWVfAtRXqFpBnpzx0qq 8 | pASL+QEAguzTuE+SGwkOr48J1Tvb52OhZPvpEOq0im8TsmQeewc= 9 | =FeHg 10 | -----END PGP PUBLIC KEY BLOCK----- 11 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/fetch/scripts/sequoia-crypto-policy.toml: -------------------------------------------------------------------------------- 1 | [hash_algorithms] 2 | sha1.second_preimage_resistance = "always" 3 | sha1.collision_resistance = "never" 4 | 5 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/installer/.gitignore: -------------------------------------------------------------------------------- 1 | po/*.mo 2 | src/*.pyc 3 | src/modules/*.pyc 4 | pkgs/ 5 | installer 6 | *~ 7 | build/ 8 | anaconda/widgets/src/gettext.h 9 | **repodata 10 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/installer/mock/fedora-32-x86_64.cfg: -------------------------------------------------------------------------------- 1 | fedora-x86_64.cfg -------------------------------------------------------------------------------- /qubesbuilder/plugins/installer/mock/fedora-37-x86_64.cfg: -------------------------------------------------------------------------------- 1 | fedora-x86_64.cfg -------------------------------------------------------------------------------- /qubesbuilder/plugins/installer/mock/fedora-41-x86_64.cfg: -------------------------------------------------------------------------------- 1 | fedora-x86_64.cfg -------------------------------------------------------------------------------- /qubesbuilder/plugins/installer/mock/fedora-x86_64.cfg: -------------------------------------------------------------------------------- 1 | config_opts['basedir'] = '@BUILDER_DIR@/build' 2 | config_opts['cache_topdir'] = '@BUILDER_DIR@/cache/mock' 3 | config_opts['chroot_setup_cmd'] = 'install @buildsys-build dnf make anaconda pykickstart lorax-templates-qubes livecd-tools dracut-live python3-jinja2 createrepo_c' 4 | config_opts['dist'] = os.environ['DIST'] 5 | config_opts['extra_chroot_dirs'] = ['/run/lock',] 6 | config_opts['legal_host_arches'] = ('x86_64',) 7 | config_opts['macros']['_buildhost'] = 'reproducible' 8 | config_opts['macros']['clamp_mtime_to_source_date_epoch'] = '1' 9 | config_opts['macros']['source_date_epoch_from_changelog'] = '1' 10 | config_opts['macros']['use_source_date_epoch_as_buildtime'] = '1' 11 | config_opts['package_manager'] = 'dnf' 12 | config_opts['releasever'] = config_opts['dist'].replace('fc', '') 13 | config_opts['root'] = 'fedora-{}-x86_64'.format(config_opts['releasever']) 14 | config_opts['target_arch'] = 'x86_64' 15 | config_opts['use_bootstrap'] = False 16 | 17 | config_opts['plugin_conf']['bind_mount_enable'] = os.environ.get("BIND_MOUNT_ENABLE", True) 18 | config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('@BUILDER_DIR@', '/builder' )) 19 | 20 | config_opts['dnf.conf'] = """ 21 | [main] 22 | keepcache=1 23 | debuglevel=2 24 | reposdir=/dev/null 25 | logfile=/var/log/yum.log 26 | retries=20 27 | obsoletes=1 28 | gpgcheck=0 29 | assumeyes=1 30 | syslog_ident=mock 31 | syslog_device= 32 | install_weak_deps=0 33 | metadata_expire=0 34 | mdpolicy=group:primary 35 | best=1 36 | 37 | # repos 38 | 39 | [fedora] 40 | name=fedora 41 | metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-{releasever}&arch=$basearch 42 | failovermethod=priority 43 | gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-{releasever}-primary 44 | gpgcheck=1 45 | skip_if_unavailable=0 46 | 47 | [updates] 48 | name=updates 49 | metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f{releasever}&arch=$basearch 50 | failovermethod=priority 51 | gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-{releasever}-primary 52 | gpgcheck=1 53 | skip_if_unavailable=0 54 | 55 | [builder-local] 56 | name=builder-local 57 | baseurl=file://@BUILDER_DIR@/repository 58 | gpgcheck=0 59 | exclude=qubes-release 60 | skip_if_unavailable=0 61 | 62 | [qubes-current] 63 | name=qubes-host-current 64 | baseurl=https://yum.qubes-os.org/r{qubes_version}/current/host/fc{releasever} 65 | failovermethod=priority 66 | gpgkey=file://{keys_dir}/RPM-GPG-KEY-qubes-{qubes_version}-primary 67 | gpgcheck=1 68 | repo_gpgcheck = 1 69 | exclude=qubes-release 70 | enabled=0 71 | skip_if_unavailable=0 72 | 73 | [qubes-current-testing] 74 | name=qubes-host-testing 75 | baseurl=https://yum.qubes-os.org/r{qubes_version}/current-testing/host/fc{releasever} 76 | failovermethod=priority 77 | gpgkey=file://{keys_dir}/RPM-GPG-KEY-qubes-{qubes_version}-primary 78 | gpgcheck=1 79 | repo_gpgcheck = 1 80 | exclude=qubes-release 81 | enabled=0 82 | skip_if_unavailable=0 83 | """.format( 84 | releasever=config_opts['releasever'], 85 | qubes_version=os.environ.get('USE_QUBES_REPO_VERSION'), 86 | keys_dir=('@BUILDER_DIR@/plugins/chroot_rpm/keys'), 87 | ) 88 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/installer/scripts/create-torrent: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | [ "$DEBUG" = "1" ] && set -x 5 | 6 | if [ -z "$1" ]; then 7 | echo "Usage: $0 ISO_NAME" 8 | echo " ISO_NAME is iso filename" 9 | exit 1 10 | fi 11 | 12 | ISO="$(readlink -f "$1")" 13 | ISO_DIR="$(dirname "$ISO")" 14 | ISO_NAME="$(basename "$ISO")" 15 | ISO_BASE="${ISO_NAME%%.iso}" 16 | 17 | # rely on set -e 18 | ls "$ISO" >/dev/null 19 | ls "$ISO.asc" >/dev/null 20 | ls "$ISO.DIGESTS" >/dev/null 21 | 22 | mkdir "$ISO_BASE" 23 | ln "$ISO" "$ISO_BASE" 24 | ln "$ISO.asc" "$ISO_BASE" 25 | ln "$ISO.DIGESTS" "$ISO_BASE" 26 | 27 | # check the system is Fedora or not by checking make_torrent availability. 28 | if [ -f "/usr/bin/make_torrent" ]; then 29 | # for Fedora system, use make_torrent to create v2 hybrid torrent. 30 | make_torrent "$ISO_BASE" \ 31 | -t udp://tracker.torrent.eu.org:451 \ 32 | -t udp://tracker.opentrackr.org:1337/announce \ 33 | -t https://tracker.gbitt.info:443/announce \ 34 | -t http://tracker.gbitt.info:80/announce \ 35 | -s 1048576 \ 36 | -w https://mirrors.kernel.org/qubes/iso/ \ 37 | -w https://ftp.qubes-os.org/iso/ \ 38 | -o "$ISO_DIR/$ISO_BASE.torrent" 39 | else 40 | # for Debian system, use mktorrent because make_torrent isn't available. 41 | mktorrent -a udp://tracker.torrent.eu.org:451 \ 42 | -a udp://tracker.opentrackr.org:1337/announce \ 43 | -a https://tracker.gbitt.info:443/announce \ 44 | -a http://tracker.gbitt.info:80/announce \ 45 | -d -l 20 -v "$ISO_BASE" \ 46 | -w https://mirrors.kernel.org/qubes/iso/ \ 47 | -w https://ftp.qubes-os.org/iso/ \ 48 | -o "$ISO_DIR/$ISO_BASE.torrent" 49 | fi 50 | 51 | rm -r "$ISO_BASE" 52 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/installer/scripts/release-iso: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is used to postprocess Qubes OS release ISO. This include: 4 | # - renaming file 5 | # - creating all required signatures and hashes 6 | # - creating torrent file 7 | 8 | set -e 9 | [ "$DEBUG" = "1" ] && set -x 10 | 11 | if [ -z "$1" ]; then 12 | echo "Usage: $0 ISO_NAME" 13 | echo " ISO_NAME is iso filename" 14 | echo " Script will take care of renaming the file from old naming convention (with DVD)" 15 | exit 1 16 | fi 17 | 18 | LOCALDIR="$(readlink -f "$(dirname "$0")")" 19 | ISO="$(readlink -f "$1")" 20 | ISO_DIR="$(dirname "$ISO")" 21 | ISO_NAME="$(basename "$ISO")" 22 | ISO_BASE="${ISO_NAME%%.iso}" 23 | 24 | GPG_CLIENT="$2" 25 | if [ -z "${GPG_CLIENT}" ]; then 26 | echo "ERROR: Please provide GPG client to use." 27 | exit 1 28 | fi 29 | 30 | GPG_SIGN_KEY="$3" 31 | if [ -z "${GPG_SIGN_KEY}" ]; then 32 | echo "ERROR: Please provide GPG key fingerprint to use." 33 | exit 1 34 | fi 35 | 36 | # make sure we're in qubes-builder iso root directory 37 | cd "$ISO_DIR" 38 | 39 | printf "Checking for iso presence... " 40 | if [ ! -r "${ISO_BASE}.iso" ]; then 41 | # maybe name not yet normalized? 42 | OLD_BASE="Qubes-DVD-x86_64-${ISO_BASE#Qubes-}" 43 | OLD_BASE="${OLD_BASE%-x86_64}" 44 | if [ -r "${OLD_BASE}.iso" ]; then 45 | printf "renaming from %s.iso " "${OLD_BASE}" 46 | mv "${OLD_BASE}.iso" "${ISO_BASE}.iso" 47 | else 48 | printf "ERROR: no ISO file found: %s.iso, %s.iso\n" "$ISO_BASE" "$OLD_BASE" 49 | exit 1 50 | fi 51 | fi 52 | printf "ok\n" 53 | 54 | printf "Signing ISO... " 55 | 56 | if [ "${ISO_BASE}.iso" -nt "${ISO_BASE}.iso.asc" ]; then 57 | rm -f "${ISO_BASE}.iso.asc" 58 | fi 59 | 60 | if [ ! -e "${ISO_BASE}.iso.asc" ]; then 61 | $GPG_CLIENT --local-user "$GPG_SIGN_KEY" -asb --output "${ISO_BASE}.iso.asc" "${ISO_BASE}.iso" 62 | fi 63 | printf "ok\n" 64 | 65 | printf "Generating digests... " 66 | ALGOS="md5 sha1 sha256 sha512" 67 | 68 | if [ "${ISO_BASE}.iso" -nt "${ISO_BASE}.iso.DIGESTS" ]; then 69 | rm -f "${ISO_BASE}.iso.DIGESTS" 70 | fi 71 | 72 | if [ ! -e "${ISO_BASE}.iso.DIGESTS" ]; then 73 | echo > "${ISO_BASE}.iso.DIGESTS" 74 | for algo in $ALGOS; 75 | do 76 | dgst="$(openssl dgst -"$algo" -r "${ISO_BASE}.iso")" 77 | printf "%s " "$algo" 78 | echo "$dgst" >> "${ISO_BASE}.iso.DIGESTS" 79 | done 80 | fi 81 | printf "ok\n" 82 | 83 | printf "Signing digests... " 84 | 85 | $GPG_CLIENT --local-user "$GPG_SIGN_KEY" -a --clearsign --output "${ISO_BASE}.iso.DIGESTS.signed" "${ISO_BASE}.iso.DIGESTS" 86 | mv "${ISO_BASE}.iso.DIGESTS.signed" "${ISO_BASE}.iso.DIGESTS" 87 | 88 | printf "ok\n" 89 | 90 | printf "Creating torrent file...\n" 91 | if [ "${ISO_BASE}.iso" -nt "${ISO_BASE}.torrent" ]; then 92 | rm -f "${ISO_BASE}.torrent" 93 | fi 94 | 95 | if [ ! -e "${ISO_BASE}.torrent" ]; then 96 | "$LOCALDIR/create-torrent" "$ISO" 97 | fi 98 | 99 | printf "ok\n" 100 | 101 | printf "Done:\n" 102 | ls -l "${ISO_BASE}.iso" \ 103 | "${ISO_BASE}.iso.asc" \ 104 | "${ISO_BASE}.iso.DIGESTS" \ 105 | "${ISO_BASE}.torrent" 106 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/installer/scripts/update-templates-cache: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2024 Frédéric Pierret (fepitre) 6 | # 7 | # This program is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 2 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License along 18 | # with this program. If not, see . 19 | # 20 | # SPDX-License-Identifier: GPL-3.0-or-later 21 | 22 | set -e -o pipefail -u 23 | 24 | if [ "$#" -ne 2 ]; then 25 | echo "Usage: $0 " 26 | exit 1 27 | fi 28 | 29 | orig_dir="$1" 30 | dest_dir="$2" 31 | 32 | if [ ! -d "$orig_dir" ]; then 33 | echo "ERROR: Directory $orig_dir does not exist." 34 | exit 1 35 | fi 36 | 37 | if [ ! -d "$dest_dir" ]; then 38 | echo "ERROR: Directory $dest_dir does not exist." 39 | exit 1 40 | fi 41 | 42 | read -r -a TEMPLATE_PACKAGES <<< "$TEMPLATE_PACKAGES" 43 | 44 | for template_name in "${TEMPLATE_PACKAGES[@]}"; do 45 | for rpm_file in "$orig_dir"/"$template_name"-*.rpm; do 46 | # Check if there are any files with the same base name in dest_dir 47 | template_filename=$(basename "$rpm_file") 48 | if [ ! -e "$dest_dir/$template_filename" ]; then 49 | echo "INFO: Copying template $rpm_file into $dest_dir" 50 | mv "$rpm_file" "$dest_dir/" 51 | else 52 | echo "INFO: Ignoring existing template $rpm_file into $dest_dir" 53 | fi 54 | done 55 | done 56 | 57 | find "$dest_dir" -name "$template_name-*.rpm" | \ 58 | sort -r | \ 59 | tail -n +2 | \ 60 | xargs -I '{}' rm -f '{}' 61 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/installer/yum/dnf.conf: -------------------------------------------------------------------------------- 1 | [main] 2 | gpgcheck=True 3 | installonly_limit=3 4 | clean_requirements_on_remove=True 5 | best=False 6 | skip_if_unavailable=True 7 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/installer/yum/lorax.repo: -------------------------------------------------------------------------------- 1 | [installer] 2 | name=installer 3 | enabled=1 4 | baseurl=file:///tmp/qubes-installer/yum/installer/ 5 | gpgcheck=0 6 | [qubes-host] 7 | name=qubes-host 8 | enabled=1 9 | baseurl=file:///tmp/qubes-installer/yum/qubes-host/ 10 | gpgcheck=0 11 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/publish_rpm/mirrors.list: -------------------------------------------------------------------------------- 1 | https://mirrors.edge.kernel.org/qubes/repo/yum 2 | https://yum.qubes-os.org/ 3 | https://ftp.acc.umu.se/mirror/qubes-os.org/repo/yum 4 | https://ftp.halifax.rwth-aachen.de/qubes/repo/yum 5 | https://mirrors.dotsrc.org/qubes/repo/yum 6 | https://mirror.hackingand.coffee/qubes/repo/yum 7 | https://mirrors.ukfast.co.uk/sites/qubes-os.org/repo/yum 8 | https://mirrors.gigenet.com/qubes/repo/yum 9 | https://mirror.linux.pizza/qubes-os.org/repo/yum 10 | https://quantum-mirror.hu/mirrors/pub/qubes/repo/yum 11 | https://ftp.cc.uoc.gr/mirrors/linux/qubes/repo/yum 12 | https://ftp.icm.edu.pl/pub/os/qubes/repo/yum 13 | https://mirrors.dgplug.org/qubes/repo/yum 14 | https://mirrors.phx.ms/qubes/repo/yum 15 | https://qubesos-mirror.applied-privacy.net/repo/yum 16 | 17 | # disabling .onion by default 18 | #http://ftp.qubesos4rrrrz6n4.onion/repo/yum 19 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/publish_rpm/scripts/create-skeleton: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2019 Frédéric Pierret (fepitre) 6 | # Copyright (C) 2020 Marek Marczykowski-Górecki 7 | # 8 | # This program is free software; you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation; either version 2 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License along 19 | # with this program. If not, see . 20 | # 21 | # SPDX-License-Identifier: GPL-3.0-or-later 22 | 23 | set -e 24 | set -o pipefail 25 | 26 | if [ "${DEBUG}" == 1 ]; then 27 | set -x 28 | fi 29 | 30 | print_usage() { 31 | cat >&2 < 6 | # 7 | # This program is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 2 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License along 18 | # with this program. If not, see . 19 | # 20 | # SPDX-License-Identifier: GPL-3.0-or-later 21 | 22 | set -e 23 | set -o pipefail 24 | 25 | if [ "${DEBUG}" == 1 ]; then 26 | set -x 27 | fi 28 | 29 | usage() { 30 | echo "Usage: $(basename "$0") [OPTIONS]... 31 | This script signs RPM with provided signing key and path. It assumes ~/.rpmmacros 32 | is configured according to the GPG client provided by RPM macro __gpg. 33 | 34 | Options: 35 | --db-path RPM database with keys to verify signature 36 | --sign-key Sign key to be used 37 | --rpm RPM file path to sign 38 | --check-only Check if signature is needed. If signature is needed it will exit with code 2. 39 | " 40 | } 41 | 42 | unset OPTS GETOPT_COMPATIBLE 43 | 44 | if ! OPTS=$(getopt -o hd:s:r:c --long help,db-path:,sign-key:,rpm:,check-only -n "$0" -- "$@"); then 45 | echo "ERROR: Failed while parsing options." 46 | exit 1 47 | fi 48 | 49 | eval set -- "$OPTS" 50 | 51 | while [[ $# -gt 0 ]]; do 52 | case "$1" in 53 | -h | --help) usage ;; 54 | -d | --db-path) DB_PATH="$2"; shift ;; 55 | -s | --sign-key ) SIGN_KEY="$2"; shift ;; 56 | -r | --rpm ) RPM="$2"; shift ;; 57 | -c | --check-only ) CHECK_ONLY=1; shift ;; 58 | esac 59 | shift 60 | done 61 | 62 | if ! [ -e "$RPM" ]; then 63 | echo "ERROR: Cannot find '$RPM'." 64 | exit 1 65 | fi 66 | 67 | RPMSIGN_OPTS="--digest-algo=sha256 --rpmv3 --key-id=${SIGN_KEY}" 68 | 69 | if [ "$(rpmkeys --dbpath="$DB_PATH" --checksig -- "$RPM")" != "$RPM: digests signatures OK" ]; then 70 | if [ "$CHECK_ONLY" == "1" ]; then 71 | echo "WARNING: Check only requested. $RPM is not signed!" 72 | exit 2 73 | fi 74 | # shellcheck disable=SC2086 75 | setsid -w rpmsign ${RPMSIGN_OPTS} --addsign -- "$RPM" &2 17 | exit 1 18 | fi 19 | 20 | if [ -z "${buildinfo}" ]; then 21 | echo "ERROR: Please provide buildinfo file." 22 | exit 1 23 | fi 24 | 25 | if [ -z "${gpg_client}" ]; then 26 | echo "ERROR: Please provide GPG client to use." 27 | exit 1 28 | fi 29 | 30 | if [ -z "${gpg_sign_key}" ]; then 31 | echo "ERROR: Please provide GPG key fingerprint to use." 32 | exit 1 33 | fi 34 | 35 | 36 | dir="$(dirname "$buildinfo")" 37 | 38 | # Print everything until old Signed-Checksums-Sha256: header, skipping signature 39 | # header if any 40 | ( 41 | sed -n '/^Format:/,/^Signed-Checksums-Sha256:/{/^Signed-Checksums-Sha256/d; p}' < "$buildinfo" 42 | 43 | echo "Signed-Checksums-Sha256:" 44 | 45 | # Then, for each file listed in Checksums-Sha256, add it to Signed-Checksums-Sha256 46 | sed -n '/^Checksums-Sha256:/,/^[^ ]/{ /^ /p}' < "$buildinfo" |\ 47 | while read -r _ size name; do 48 | checksum=$(sha256sum -b "$dir/$name" | cut -c 1-64) 49 | size=$(stat -c '%s' "$dir/$name") 50 | printf ' %s %s %s\n' "$checksum" "$size" "$name" 51 | done 52 | ) | "$gpg_client" --clearsign --local-user "$gpg_sign_key" > "$buildinfo.signed" 53 | 54 | mv "$buildinfo.signed" "$buildinfo" 55 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source/__init__.py: -------------------------------------------------------------------------------- 1 | # The Qubes OS Project, http://www.qubes-os.org 2 | # 3 | # Copyright (C) 2021 Frédéric Pierret (fepitre) 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License along 16 | # with this program. If not, see . 17 | # 18 | # SPDX-License-Identifier: GPL-3.0-or-later 19 | 20 | from qubesbuilder.component import QubesComponent 21 | from qubesbuilder.config import Config 22 | from qubesbuilder.distribution import QubesDistribution 23 | from qubesbuilder.plugins import ( 24 | DistributionComponentPlugin, 25 | PluginError, 26 | PluginDependency, 27 | JobDependency, 28 | JobReference, 29 | ) 30 | 31 | 32 | class SourceError(PluginError): 33 | pass 34 | 35 | 36 | class SourcePlugin(DistributionComponentPlugin): 37 | """ 38 | SourcePlugin manage generic distribution source 39 | 40 | Stages: 41 | - prep: Check if 'fetch' artifacts info have been created. 42 | 43 | Entry points: 44 | - source 45 | """ 46 | 47 | name = "source" 48 | 49 | def __init__( 50 | self, 51 | component: QubesComponent, 52 | dist: QubesDistribution, 53 | config: Config, 54 | stage: str, 55 | ): 56 | super().__init__( 57 | component=component, 58 | dist=dist, 59 | config=config, 60 | stage=stage, 61 | ) 62 | self.dependencies += [ 63 | PluginDependency("fetch"), 64 | JobDependency( 65 | JobReference( 66 | component=self.component, 67 | stage="fetch", 68 | build="source", 69 | dist=None, 70 | template=None, 71 | ) 72 | ), 73 | ] 74 | 75 | @classmethod 76 | def from_args(cls, **kwargs): 77 | component = kwargs.get("component") 78 | if component and not component.has_packages: 79 | return None 80 | return super().from_args(**kwargs) 81 | 82 | def update_parameters(self, stage: str): 83 | super().update_parameters(stage) 84 | 85 | # Set and update parameters based on top-level "source", 86 | # per package set and per distribution. 87 | parameters = self.component.get_parameters(self.get_placeholders(stage)) 88 | 89 | self._parameters[stage].update(parameters.get("source", {})) 90 | self._parameters[stage].update( 91 | parameters.get(self.dist.package_set, {}).get("source", {}) 92 | ) 93 | self._parameters[stage].update( 94 | parameters.get(self.dist.distribution, {}).get("source", {}) 95 | ) 96 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source/salt/FORMULA-DEFAULTS: -------------------------------------------------------------------------------- 1 | # vim: set syntax=yaml ts=2 sw=2 sts=2 et : 2 | 3 | default-saltenv: base 4 | default-testenv: test 5 | 6 | default-test-dirname: tests 7 | default-state-dir: /srv/salt 8 | default-pillar-dir: /srv/pillar 9 | default-formula-dir: /srv/formulas 10 | default-test-state-dir: /srv/formulas 11 | default-test-pillar-dir: /srv/pillar 12 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source/scripts/common: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | elementIn () { 4 | # $1: element to check for 5 | # $2: array to check for element in 6 | local element 7 | for element in "${@:2}"; do [[ "$element" == "$1" ]] && return 0; done 8 | return 1 9 | } 10 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source_archlinux/scripts/generate-pkgbuild: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2023 Frédéric Pierret (fepitre) 6 | # 7 | # This program is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 2 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License along 18 | # with this program. If not, see . 19 | # 20 | # SPDX-License-Identifier: GPL-3.0-or-later 21 | 22 | set -u -o pipefail 23 | if [ "${VERBOSE:-0}" -ge 2 ] || [ "${DEBUG:-0}" -eq 1 ]; then 24 | set -x 25 | fi 26 | 27 | if [ $# -ne 4 ]; then 28 | echo "Usage: $0 input output version release" >&2 29 | exit 1 30 | fi 31 | 32 | input="$1" 33 | output="$2" 34 | version="$3" 35 | release="$4" 36 | 37 | # Handle the case where PKGBUILD.in (input) does not exist 38 | # and PKGBUILD does (output). 39 | if [ ! -e "${input}" ] && [ -e "${output}" ]; then 40 | echo "PKGBUILD file '${output}' already exists. Skipping." 41 | exit 42 | fi 43 | 44 | cp "$input" "$input.tmp" 45 | 46 | # Handle vers ion 47 | sed -i "s|@VERSION@|$version|g" "$input.tmp" 48 | # Handle release 49 | sed -i "s|@REL@|$release|g" "$input.tmp" 50 | # Handle default backend_vmm 51 | sed -i -e "s:@BACKEND_VMM@:${BACKEND_VMM:-xen}:g" "$input.tmp" 52 | 53 | cat "$input.tmp" > "$output" 54 | rm -rf "$input.tmp" 55 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source_archlinux/scripts/get-source-info: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2022 Frédéric Pierret (fepitre) 6 | # 7 | # This program is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 2 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License along 18 | # with this program. If not, see . 19 | # 20 | # SPDX-License-Identifier: GPL-3.0-or-later 21 | 22 | # This script parses and creates a file containing package info 23 | # necessary for the build process. 24 | 25 | set -e 26 | set -o pipefail 27 | 28 | # Default redirection or errors 29 | ERR_OUTPUT="/dev/null" 30 | 31 | if [ "${DEBUG}" == 1 ]; then 32 | set -x 33 | ERR_OUTPUT="/dev/stderr" 34 | fi 35 | 36 | if test $# -ne 2; then 37 | echo "Usage: source_dir directory" 38 | exit 1 39 | fi 40 | 41 | SOURCE_DIR="$1" 42 | ARCHLINUX_DIRECTORY="$2" 43 | DIRECTORY_MANGLE_PATH="${ARCHLINUX_DIRECTORY/$SOURCE_DIR\//}" 44 | DIRECTORY_MANGLE_PATH="${DIRECTORY_MANGLE_PATH//\//_}" 45 | PKGBUILD="${ARCHLINUX_DIRECTORY}/PKGBUILD.in" 46 | # For legacy support 47 | if [ ! -e "$PKGBUILD" ] && [ -e "${PKGBUILD//.in}" ]; then 48 | PKGBUILD="${ARCHLINUX_DIRECTORY}/PKGBUILD" 49 | fi 50 | 51 | # shellcheck disable=SC1090 52 | # shellcheck disable=SC2154 53 | (source "${PKGBUILD}" && printf '%s\n' "${pkgname[@]}" > "${SOURCE_DIR}/${DIRECTORY_MANGLE_PATH}_packages.list" 2>$ERR_OUTPUT) 54 | 55 | # shellcheck disable=SC1090 56 | # shellcheck disable=SC2154 57 | (source "${PKGBUILD}" && printf '%s\n' "${arch[0]}" > "${SOURCE_DIR}/${DIRECTORY_MANGLE_PATH}_package_arch" 2>$ERR_OUTPUT) 58 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source_deb/scripts/clamp-changelog-entry-date: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2018 Marek Marczykowski-Górecki 6 | # Copyright (C) 2022 Frédéric Pierret (fepitre) 7 | # 8 | # This program is free software; you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation; either version 2 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License along 19 | # with this program. If not, see . 20 | # 21 | # SPDX-License-Identifier: GPL-3.0-or-later 22 | 23 | # Clamp the topmost changelog entry date ("Build for ...") to the previous one 24 | # (actual meaningful entry) 25 | 26 | CHANGELOG_PATH="$1" 27 | 28 | if [ ! -r "$CHANGELOG_PATH" ]; then 29 | echo "Changelog file '$CHANGELOG_PATH' inaccessible!" >&2 30 | exit 1 31 | fi 32 | 33 | # get previous date 34 | PREVIOUS_DATE=$(grep '^ --' "$CHANGELOG_PATH" | head -n 2 | tail -n 1 | grep -o ' .*') 35 | 36 | # replace topmost date 37 | sed -e "0,/^ --/s/^\( --.*\)\( .*\)/\1$PREVIOUS_DATE/" -i "$CHANGELOG_PATH" 38 | touch --date="$PREVIOUS_DATE" "$CHANGELOG_PATH" 39 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source_deb/scripts/debian-get-packages-list: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2021 Frédéric Pierret (fepitre) 6 | # 7 | # This program is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 2 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License along 18 | # with this program. If not, see . 19 | # 20 | # SPDX-License-Identifier: GPL-3.0-or-later 21 | 22 | import os 23 | import sys 24 | 25 | from debian.deb822 import Dsc 26 | 27 | 28 | def main(dsc): 29 | if not os.path.exists(dsc): 30 | print(f"Cannot find '{dsc}'.", file=sys.stderr) 31 | return 1 32 | 33 | with open(dsc) as f: 34 | parsed_dsc = Dsc(f) 35 | 36 | version = parsed_dsc["Version"] 37 | packages = parsed_dsc["Package-list"].strip("\n").splitlines() 38 | for pkg in packages: 39 | # See https://man7.org/linux/man-pages/man5/dsc.5.html 40 | package, package_type, section, priority, key_value_list = pkg.split(maxsplit=5) 41 | optional_keys = {} 42 | for val in key_value_list.strip().split(): 43 | if val.startswith("arch="): 44 | optional_keys["arch"] = val.split("=")[1] 45 | if val.startswith("profile="): 46 | optional_keys["profile"] = val.split("=")[1] 47 | if val.startswith("essential="): 48 | optional_keys["essential"] = val.split("=")[1] 49 | architectures = optional_keys.get("arch", None) 50 | if not architectures: 51 | print(f"Cannot find arch.", file=sys.stderr) 52 | return 53 | # Take the first architecture found 54 | architectures = architectures.replace("any", "amd64").split(",") 55 | if "amd64" in architectures: 56 | arch = "amd64" 57 | elif "all" in architectures: 58 | arch = "all" 59 | else: 60 | continue 61 | print(f"{package}_{version}_{arch}.{package_type}") 62 | print(f"{package}-dbgsym_{version}_{arch}.{package_type}") 63 | if package_type == "deb": 64 | # See https://wiki.debian.org/AutomaticDebugPackages 65 | print(f"{package}-dbgsym_{version}_{arch}.d{package_type}") 66 | 67 | 68 | if __name__ == '__main__': 69 | if len(sys.argv) < 1: 70 | print(f"usage: {sys.argv[0]} dsc", file=sys.stderr) 71 | sys.exit(1) 72 | sys.exit(main(sys.argv[1])) 73 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source_deb/scripts/debian-quilt: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2015 Jason Mehring 6 | # Copyright (C) 2021 Frédéric Pierret (fepitre) 7 | # 8 | # This program is free software; you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation; either version 2 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License along 19 | # with this program. If not, see . 20 | # 21 | # SPDX-License-Identifier: GPL-3.0-or-later 22 | 23 | 24 | # Originally from https://github.com/QubesOS/qubes-core-agent-linux 25 | # 26 | # Given a series.conf file and debian patches directory, patches 27 | # are copied to debian patch directory 28 | 29 | USAGE="${0} " 30 | 31 | set -e 32 | set -o pipefail 33 | 34 | SERIES_CONF="${1}" 35 | PATCH_DIR="${2}" 36 | 37 | if test $# -lt 2 || [ ! -e "${SERIES_CONF}" ]; then 38 | echo "${USAGE}" >&2 39 | exit 1 40 | fi 41 | 42 | # Ensure output patch directory exists 43 | mkdir -p "${PATCH_DIR}" 44 | 45 | # We use series.conf directory to be the reference for patches 46 | # given in series.conf. 47 | ORIG_SRC="$(dirname "${SERIES_CONF}")" 48 | 49 | # Clear patch series.conf file 50 | rm -f "${PATCH_DIR}/series" 51 | touch "${PATCH_DIR}/series" 52 | 53 | while read -r patch_file 54 | do 55 | if [ -f "${ORIG_SRC}/${patch_file}" ]; then 56 | echo -e "${patch_file##*/}" >> "${PATCH_DIR}/series" 57 | cp --preserve=timestamps "${ORIG_SRC}/${patch_file}" "${PATCH_DIR}" 58 | fi 59 | done < "${SERIES_CONF}" 60 | touch --reference="${SERIES_CONF}" "${PATCH_DIR}/series" 61 | touch --reference="${SERIES_CONF}" "${PATCH_DIR}" 62 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source_deb/scripts/get-source-info: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2022 Frédéric Pierret (fepitre) 6 | # 7 | # This program is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 2 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License along 18 | # with this program. If not, see . 19 | # 20 | # SPDX-License-Identifier: GPL-3.0-or-later 21 | 22 | # This script parses and creates a file containing package info 23 | # necessary for the build process. 24 | 25 | set -e 26 | set -o pipefail 27 | 28 | if [ "${DEBUG}" == 1 ]; then 29 | set -x 30 | fi 31 | 32 | if test $# -ne 2; then 33 | echo "Usage: source_dir debian_directory" 34 | exit 1 35 | fi 36 | 37 | SOURCE_DIR="$1" 38 | DEBIAN_DIRECTORY="$2" 39 | 40 | DIRECTORY_BN="$(basename "$DEBIAN_DIRECTORY")" 41 | 42 | DIRECTORY_MANGLE_PATH="${DEBIAN_DIRECTORY/$SOURCE_DIR\//}" 43 | DIRECTORY_MANGLE_PATH="${DIRECTORY_MANGLE_PATH//\//_}" 44 | 45 | SCRIPTS_DIR="$(dirname "$0")" 46 | 47 | "${SCRIPTS_DIR}"/debian-parser changelog --package-release-name \ 48 | "${SOURCE_DIR}/${DIRECTORY_BN}/changelog" \ 49 | > "${SOURCE_DIR}/${DIRECTORY_MANGLE_PATH}_package_release_name" 50 | 51 | "${SCRIPTS_DIR}"/debian-parser changelog --package-release-name-full \ 52 | "${SOURCE_DIR}/${DIRECTORY_BN}/changelog" \ 53 | >> "${SOURCE_DIR}/${DIRECTORY_MANGLE_PATH}_package_release_name" 54 | 55 | grep -Po "(?<=^3.0 \()\w+" < "${SOURCE_DIR}/${DIRECTORY_BN}/source/format" \ 56 | >> "${SOURCE_DIR}/${DIRECTORY_MANGLE_PATH}_package_release_name" 57 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source_deb/scripts/modify-changelog-for-build: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2022 Frédéric Pierret (fepitre) 6 | # 7 | # This program is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 2 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License along 18 | # with this program. If not, see . 19 | # 20 | # SPDX-License-Identifier: GPL-3.0-or-later 21 | 22 | # This script updates Debian changelog in order to build 23 | # the component according to Qubes OS packaging. 24 | 25 | set -e 26 | set -o pipefail 27 | 28 | if [ "${DEBUG}" == 1 ]; then 29 | set -x 30 | fi 31 | 32 | if test $# -lt 4; then 33 | echo "Usage: source_dir debian_directory dist_name dist_tag " 34 | exit 1 35 | fi 36 | 37 | SOURCE_DIR="$1" 38 | DEBIAN_DIRECTORY="$2" 39 | DIST_NAME="$3" 40 | DIST_TAG="$4" 41 | DEVEL_VERSION="$5" 42 | 43 | SCRIPTS_DIR="$(dirname "$0")" 44 | 45 | cd "$SOURCE_DIR" 46 | 47 | if [ "0${DEVEL_VERSION}" -gt 0 ]; then 48 | export DIST_TAG 49 | export DEVEL_VERSION 50 | export INCREMENT_DEVEL_VERSIONS=1 51 | "${SCRIPTS_DIR}"/debian-changelog 52 | else 53 | "${SCRIPTS_DIR}"/debian-changelog --verify 54 | debchange -t -l+"$DIST_TAG" "Build for $DIST_NAME" 55 | debchange -t --force-distribution -r -D "$DIST_NAME" "$DIST_NAME" 56 | "${SCRIPTS_DIR}"/clamp-changelog-entry-date "${SOURCE_DIR}/${DEBIAN_DIRECTORY}/changelog" 57 | fi 58 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source_rpm/scripts/generate-changelog: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2018 Marek Marczykowski-Górecki 6 | # Copyright (C) 2020 Rusty Bird 7 | # Copyright (C) 2021 Frédéric Pierret (fepitre) 8 | # 9 | # This program is free software; you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation; either version 2 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License along 20 | # with this program. If not, see . 21 | # 22 | # SPDX-License-Identifier: GPL-3.0-or-later 23 | 24 | # Based on PLD Linux: 25 | # https://git.pld-linux.org/?p=packages/rpm-build-tools.git;a=blob;f=builder.sh;h=3c9a33648d2cb1b1410939c16637c7d9cac3b09d;hb=HEAD#l468 26 | 27 | # create tempfile. as secure as possible 28 | my_tempfile() { 29 | prefix=builder.$PACKAGE_NAME 30 | mktemp --tmpdir -t "$prefix.XXXXXX" 31 | } 32 | 33 | ORIG_SRC="$1" 34 | SPECFILE="$2" 35 | gitlog=$(my_tempfile) speclog=$(my_tempfile) 36 | 37 | log_entries=50 38 | 39 | # rpm5.org/rpm.org do not parse any other date format than 'Wed Jan 1 1997' 40 | # otherwise i'd use --date=iso here 41 | # http://rpm5.org/cvs/fileview?f=rpm/build/parseChangelog.c&v=2.44.2.1 42 | # http://rpm.org/gitweb?p=rpm.git;a=blob;f=build/parseChangelog.c;h=56ba69daa41d65ec9fd18c9f371b8ff14118cdca;hb=a113baa510a004476edc44b5ebaaf559238a18b6#l33 43 | # NOTE: changelog date is always in UTC for rpmbuild 44 | # * 1265749244 +0000 Random Hacker 9370900 45 | git -C "$ORIG_SRC" rev-list --no-merges --date-order -${log_entries:-20} HEAD 2>/dev/null | while read -r sha1; do 46 | git -C "$ORIG_SRC" log -n 1 "$sha1" --format=format:"* %cd %an <%ae> - %h%n- %s%n%n" --date=raw | sed -re 's/^- +- */- /'| sed '/^$/q' 47 | done > "$gitlog" 48 | 49 | # clamp timestamps to be in chronological order (rpmbuild requires it) 50 | tac "$gitlog" | awk '/^\* /{ if ($2 < prev_time) {gsub($2, prev_time)} else {prev_time=$2} } {print}' |tac > "$gitlog"- 51 | mv -f "$gitlog"- "$gitlog" 52 | 53 | # add link to full git logs 54 | giturl="$(git -C "$ORIG_SRC" remote get-url origin)" 55 | gitauthor="Qubes OS Team " 56 | gitdate=$(git -C "$ORIG_SRC" log -n 1 --date=raw --format=format:"%cd") 57 | LC_ALL=C gawk -vgiturl="$giturl" -vgitauthor="$gitauthor" -vgitdate="$gitdate" 'BEGIN{ 58 | printf("* %s %s\n- For complete changelog see: %s\n", strftime("%a %b %d %Y", gitdate), gitauthor, giturl); 59 | print; 60 | exit 61 | }' > "$speclog" 62 | 63 | LC_ALL=C gawk '/^\* /{printf("* %s %s\n", strftime("%a %b %d %Y", $2), substr($0, length($1)+length($2)+length($3)+4)); next}{print}' "$gitlog" >> "$speclog" 64 | sed -i -e "/@CHANGELOG@/{r ${speclog}" -e "d}" "$SPECFILE" 65 | rm -f "$gitlog" "$speclog" 66 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source_rpm/scripts/generate-spec: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2017 Marek Marczykowski-Górecki 6 | # Copyright (C) 2018 Frédéric Pierret (fepitre) 7 | # 8 | # This program is free software; you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation; either version 2 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License along 19 | # with this program. If not, see . 20 | # 21 | # SPDX-License-Identifier: GPL-3.0-or-later 22 | 23 | set -e 24 | if [ "${VERBOSE:-0}" -ge 2 ] || [ "${DEBUG:-0}" -eq 1 ]; then 25 | set -x 26 | fi 27 | 28 | if [ $# -lt 3 ]; then 29 | echo "Usage: $0 source_dir input output" >&2 30 | exit 1 31 | fi 32 | 33 | source_dir="$1" 34 | input="$2" 35 | output="$3" 36 | 37 | # Handle the case where .spec.in (input) does not exist 38 | # and .spec does (output). 39 | if [ ! -e "${input}" ] && [ -e "${output}" ]; then 40 | echo "Spec file '${output}' already exists. Skipping." 41 | exit 42 | fi 43 | 44 | cp "$input" "$input.tmp" 45 | 46 | # Handle sources with multiples package/version/release: 47 | # 'version' must contains list of version number corresponding to @VERSION@ @VERSION1@ ... 48 | # 'rel', must contains list of release number corresponding to @REL@ @REL1@ ... 49 | while read -r ver 50 | do 51 | if [ -z "$vnum" ]; then 52 | sed -i "s|@VERSION@|$ver|g" "$input.tmp" 53 | else 54 | sed -i "s|@VERSION$vnum@|$ver|g" "$input.tmp" 55 | fi 56 | vnum=$(( vnum + 1 )) 57 | done < "${source_dir}/version" 58 | 59 | if [ -e "${source_dir}/rel" ]; then 60 | while read -r rel 61 | do 62 | if [ -z "$rnum" ]; then 63 | sed -i "s|@REL@|$rel|g" "$input.tmp" 64 | else 65 | sed -i "s|@REL$rnum@|$rel|g" "$input.tmp" 66 | fi 67 | rnum=$(( rnum + 1 )) 68 | done < "${source_dir}/rel" 69 | else 70 | if grep -q "@REL@" "$input.tmp"; then 71 | echo "@REL@ found in spec, but no $source_dir/rel file" >&2 72 | exit 1 73 | fi 74 | fi 75 | 76 | # Handle default rel and backend_vmm 77 | sed -i \ 78 | -e "s:@BACKEND_VMM@:${BACKEND_VMM}:g" "$input.tmp" 79 | 80 | # Handle changelog 81 | if grep -q "@CHANGELOG@" "$input.tmp"; then 82 | "$(dirname "$0")"/generate-changelog "${source_dir}" "$input.tmp" 83 | fi 84 | 85 | cat "$input.tmp" > "$output" 86 | rm -rf "$input.tmp" 87 | 88 | # TODO: improve handlers 89 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source_rpm/scripts/get-source-info: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2022 Frédéric Pierret (fepitre) 6 | # 7 | # This program is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 2 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License along 18 | # with this program. If not, see . 19 | # 20 | # SPDX-License-Identifier: GPL-3.0-or-later 21 | 22 | # This script parses and creates a file containing package info 23 | # necessary for the build process. 24 | 25 | set -e 26 | set -o pipefail 27 | 28 | if [ "${DEBUG}" == 1 ]; then 29 | set -x 30 | fi 31 | 32 | if test $# -ne 3; then 33 | echo "Usage: source_dir spec_file dist_tag" 34 | exit 1 35 | fi 36 | 37 | SOURCE_DIR="$1" 38 | SPEC_FILE="$2" 39 | DIST_TAG="$3" 40 | 41 | SCRIPTS_DIR="$(dirname "$0")" 42 | SPEC_MANGLE_PATH="${SPEC_FILE/$SOURCE_DIR\//}" 43 | SPEC_MANGLE_PATH="${SPEC_MANGLE_PATH//\//_}" 44 | 45 | "${SCRIPTS_DIR}"/query-spec \ 46 | "$SOURCE_DIR" "$SPEC_FILE" '%{name}-%{version}-%{release}\n' "${DIST_TAG}" | { head -1 && cat >/dev/null; } > "${SOURCE_DIR}/${SPEC_MANGLE_PATH}_package_release_name" 47 | 48 | "${SCRIPTS_DIR}"/query-spec \ 49 | "$SOURCE_DIR" "$SPEC_FILE" '%{SOURCE0}' "${DIST_TAG}" | awk '{print $2}' >> "${SOURCE_DIR}/${SPEC_MANGLE_PATH}_package_release_name" 50 | 51 | "${SCRIPTS_DIR}"/query-spec \ 52 | "$SOURCE_DIR" "$SPEC_FILE" PACKAGES_LIST "${DIST_TAG}" > "${SOURCE_DIR}/${SPEC_MANGLE_PATH}_packages.list" 53 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source_rpm/scripts/query-builtrpms: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2021 Frédéric Pierret (fepitre) 6 | # 7 | # This program is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 2 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License along 18 | # with this program. If not, see . 19 | # 20 | # SPDX-License-Identifier: GPL-3.0-or-later 21 | 22 | set -e 23 | set -o pipefail 24 | 25 | if [ "${DEBUG}" == 1 ]; then 26 | set -x 27 | fi 28 | 29 | if test $# -ne 2; then 30 | echo "Please provide spec file and dist tag to query." 31 | exit 1 32 | fi 33 | 34 | SPEC_FILE="$1" 35 | DIST_TAG="$2" 36 | 37 | rpm_defines=(--define "dist .${DIST_TAG}") 38 | 39 | if [ "$(type -t set_rpm_defines)" = "function" ]; then 40 | set_rpm_defines "$DIST_TAG" 41 | fi 42 | 43 | RPM_OPS=("${rpm_defines[@]}") 44 | 45 | # Manually add debuginfo packages in addition to standard query, and then 46 | # filter duplicates. This way both static (defined expliticly in spec) and 47 | # dynamic ones are handled. 48 | # see https://github.com/rpm-software-management/rpm/issues/1878 49 | { 50 | rpmspec --builtrpms "${RPM_OPS[@]}" -q --qf '%{name}-%{version}-%{release}.%{arch}.rpm\n' "${SPEC_FILE}" 51 | rpmspec --builtrpms "${RPM_OPS[@]}" -q --qf '%{name}-debuginfo-%{version}-%{release}.%{arch}.rpm\n' "${SPEC_FILE}" | grep -v -- '-devel\|-debuginfo-debuginfo\|-debugsource-debuginfo' 2>/dev/null || true 52 | rpmspec --builtrpms "${RPM_OPS[@]}" -q --qf '%{name}-debugsource-%{version}-%{release}.%{arch}.rpm\n' "${SPEC_FILE}" | grep -v -- '-devel\|-debuginfo-debugsource\|-debugsource-debugsource' 2>/dev/null || true 53 | } | sort | uniq 54 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/source_rpm/scripts/query-spec: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # The Qubes OS Project, http://www.qubes-os.org 4 | # 5 | # Copyright (C) 2017 Marek Marczykowski-Górecki 6 | # Copyright (C) 2018 Frédéric Pierret (fepitre) 7 | # 8 | # This program is free software; you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation; either version 2 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License along 19 | # with this program. If not, see . 20 | # 21 | # SPDX-License-Identifier: GPL-3.0-or-later 22 | 23 | set -e 24 | if [ "${VERBOSE:-0}" -ge 2 ] || [ "${DEBUG:-0}" -eq 1 ]; then 25 | set -x 26 | fi 27 | 28 | source_dir="$1" 29 | spec_file="$2" 30 | query_field="$3" 31 | dist="$4" 32 | 33 | if [ $# -lt 4 ]; then 34 | echo "Usage: $0 source_dir file.spec field dist" >&2 35 | exit 1 36 | fi 37 | 38 | rpm_defines=() 39 | 40 | # make it a function and export, as bash doesn't support exporting an array 41 | set_rpm_defines() { 42 | local dist="$1" 43 | # strip possible devel number 44 | raw_dist="${dist#*.}" 45 | if [[ "$raw_dist" = "fc"* ]]; then 46 | dist_ver="${raw_dist#fc}" 47 | rpm_defines+=(--define "fedora $dist_ver") 48 | elif [[ "$raw_dist" = "el"* ]]; then 49 | dist_ver="${raw_dist#el}" 50 | rpm_defines+=(--define "centos $dist_ver") 51 | rpm_defines+=(--define "rhel $dist_ver") 52 | fi 53 | } 54 | 55 | export -f set_rpm_defines 56 | 57 | spec_file_bn="$(basename "${spec_file}")" 58 | 59 | [[ "${spec_file_bn}.in" == ".in" ]] && exit 0 60 | 61 | if [ -r "${spec_file}.in" ]; then 62 | #rpm -q $RPM_QUERY_DEFINES --qf "$2" --specfile <(`dirname $0`/generate-spec "${spec_file}.in" /dev/stdout) 2>/dev/null 63 | # need to create a file due to a bug in process substitution (e.g. artwork package) 64 | tmp_spec=$(mktemp --tmpdir tmp.XXXXXX.spec) 65 | "$(dirname "$0")/generate-spec" "$source_dir" "${spec_file}.in" "${tmp_spec}" 66 | if [ "${query_field}" = "%{SOURCE0}" ]; then 67 | spectool --list-files --source 0 "${tmp_spec}" 68 | elif [ "${query_field}" = "PACKAGES_LIST" ]; then 69 | "$(dirname "$0")"/query-builtrpms "${tmp_spec}" "$dist" 70 | else 71 | rpm -q --define "dist .$dist" --qf "${query_field}" --specfile "${tmp_spec}" 72 | fi 73 | rm -f "${tmp_spec}" 74 | else 75 | if [ "${query_field}" = "%{SOURCE0}" ]; then 76 | spectool --list-files --source 0 "${spec_file}" 77 | elif [ "${query_field}" = "PACKAGES_LIST" ]; then 78 | "$(dirname "$0")"/query-builtrpms "${spec_file}" "$dist" 79 | else 80 | rpm -q --define "dist .$dist" --qf "${query_field}" --specfile "${spec_file}" 81 | fi 82 | fi 83 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/template/appmenus_generic/netvm-whitelisted-appmenus.list: -------------------------------------------------------------------------------- 1 | xterm.desktop 2 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/template/appmenus_generic/vm-whitelisted-appmenus.list: -------------------------------------------------------------------------------- 1 | xterm.desktop 2 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/template/appmenus_generic/whitelisted-appmenus.list: -------------------------------------------------------------------------------- 1 | xterm.desktop 2 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/template/scripts/build-template-rpm: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ARTIFACTS_DIR="$1" 4 | TEMPLATE_NAME="$2" 5 | TEMPLATE_VERSION="$3" 6 | TEMPLATE_TIMESTAMP="$4" 7 | 8 | set -e 9 | if [ "${DEBUG}" == "1" ]; then 10 | set -x 11 | fi 12 | 13 | if [ $# -ne 4 ]; then 14 | echo "Usage: $0 " 15 | exit 16 | fi 17 | 18 | for var in ARTIFACTS_DIR TEMPLATE_NAME TEMPLATE_VERSION TEMPLATE_TIMESTAMP; do 19 | if [ -z "${!var}" ] ; then 20 | echo "$var is empty!" 21 | exit 1 22 | fi 23 | done 24 | 25 | BUILDER_SCRIPTS_DIR="$(dirname "$0")" 26 | 27 | # Create RPM 28 | rpmbuild --target noarch \ 29 | --define "template_name ${TEMPLATE_NAME}" \ 30 | --define "template_version ${TEMPLATE_VERSION}" \ 31 | --define "template_timestamp ${TEMPLATE_TIMESTAMP}" \ 32 | --define "_sourcedir ${ARTIFACTS_DIR}" \ 33 | --define "_topdir ${ARTIFACTS_DIR}/rpmbuild" \ 34 | --define "_tmppath ${ARTIFACTS_DIR}/rpmbuild/tmp" \ 35 | -bb "${BUILDER_SCRIPTS_DIR}"/../template.spec 36 | 37 | rm -rf "${ARTIFACTS_DIR}/qubeized_images/${TEMPLATE_NAME}" 38 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/template/scripts/builder-fix-filenames: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Check template name length and fix if not under 32 characters 4 | # Return the result 5 | 6 | BUILDER_SCRIPTS_DIR="$(dirname "$0")" 7 | 8 | # shellcheck source=qubesbuilder/plugins/template/scripts/functions.sh 9 | . "${BUILDER_SCRIPTS_DIR}"/functions.sh >/dev/null 10 | 11 | # Check for custom template name 12 | #shellcheck disable=SC2153 13 | templateNameDist "${TEMPLATE_NAME}" 14 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/template/scripts/builder-setup: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Setup env variables 4 | 5 | REQUIRED_ENV=( 6 | DIST_CODENAME 7 | DIST_NAME 8 | DIST_VER 9 | PLUGINS_DIR 10 | ARTIFACTS_DIR 11 | CACHE_DIR 12 | TEMPLATE_CONTENT_DIR 13 | TEMPLATE_NAME 14 | TEMPLATE_SCRIPTS_DIR 15 | KEYS_DIR 16 | ) 17 | 18 | for var in "${REQUIRED_ENV[@]}"; do 19 | if [ -z "${!var}" ]; then 20 | echo "Please provide environment variable: ${var}" 21 | exit 1 22 | fi 23 | done 24 | 25 | if [[ $(id -ur) != 0 ]] ; then 26 | echo "This script should be run as root user." 27 | exit 1 28 | fi 29 | -------------------------------------------------------------------------------- /qubesbuilder/plugins/template/template_generic.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/qubesbuilder/plugins/template/template_generic.conf -------------------------------------------------------------------------------- /qubesbuilder/template.py: -------------------------------------------------------------------------------- 1 | # The Qubes OS Project, http://www.qubes-os.org 2 | # 3 | # Copyright (C) 2022 Frédéric Pierret (fepitre) 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License along 16 | # with this program. If not, see . 17 | # 18 | # SPDX-License-Identifier: GPL-3.0-or-later 19 | from typing import Optional 20 | 21 | from qubesbuilder.distribution import QubesDistribution, DistributionError 22 | from qubesbuilder.exc import TemplateError 23 | 24 | 25 | class QubesTemplate: 26 | def __init__(self, template: dict): 27 | self.name = next(iter(template.keys())) 28 | if not self.name: 29 | raise TemplateError("Empty template.") 30 | 31 | template_desc = template[self.name] 32 | if not template_desc: 33 | raise TemplateError("Invalid value for template.") 34 | 35 | try: 36 | dist = template_desc.get("dist", None) 37 | if not dist or dist.startswith("host-"): 38 | raise TemplateError( 39 | f"Invalid provided distribution for template '{self.name}'." 40 | ) 41 | if not dist.startswith("vm-"): 42 | dist = f"vm-{dist}" 43 | self.distribution = QubesDistribution(dist) 44 | except DistributionError as e: 45 | raise TemplateError(str(e)) from e 46 | 47 | self.flavor = template_desc.get("flavor", "") 48 | self.options = template_desc.get("options", []) 49 | self.timestamp: Optional[str] = None 50 | self.timeout: int = template_desc.get("timeout", 3600) 51 | 52 | def to_str(self) -> str: 53 | return f"{self.name}" 54 | 55 | def __repr__(self): 56 | repr_str = self.to_str() 57 | if self.options: 58 | repr_str = f"{repr_str} (options: {','.join(self.options)})" 59 | return f"" 60 | 61 | def __str__(self): 62 | return self.to_str() 63 | -------------------------------------------------------------------------------- /rpc/policy/50-qubesbuilder.policy: -------------------------------------------------------------------------------- 1 | admin.vm.CreateDisposable * work-qubesos dom0 allow target=dom0 2 | admin.vm.CreateDisposable * work-qubesos qubes-builder-dvm allow target=dom0 3 | 4 | admin.vm.CurrentState * work-qubesos @tag:disp-created-by-work-qubesos allow target=dom0 5 | admin.vm.List * work-qubesos @tag:disp-created-by-work-qubesos allow target=dom0 6 | admin.vm.Start * work-qubesos @tag:disp-created-by-work-qubesos allow target=dom0 7 | admin.vm.Kill * work-qubesos @tag:disp-created-by-work-qubesos allow target=dom0 8 | admin.vm.Remove * work-qubesos @tag:disp-created-by-work-qubesos allow target=dom0 9 | 10 | qubesbuilder.FileCopyIn * work-qubesos @tag:disp-created-by-work-qubesos allow 11 | qubesbuilder.FileCopyOut * work-qubesos @tag:disp-created-by-work-qubesos allow 12 | 13 | qubes.Filecopy * work-qubesos @tag:disp-created-by-work-qubesos allow 14 | qubes.WaitForSession * work-qubesos @tag:disp-created-by-work-qubesos allow 15 | qubes.VMShell * work-qubesos @tag:disp-created-by-work-qubesos allow 16 | -------------------------------------------------------------------------------- /rpc/policy/51-qubesbuilder-windows.policy: -------------------------------------------------------------------------------- 1 | admin.vm.device.block.Attach * work-qubesos @tag:disp-created-by-work-qubesos allow target=dom0 2 | qubesbuilder.WinSign.Timestamp * work-qubesos @tag:disp-created-by-work-qubesos allow 3 | qubesbuilder.WinFileCopyIn * work-qubesos @tag:disp-created-by-work-qubesos allow 4 | qubesbuilder.WinFileCopyOut * work-qubesos @tag:disp-created-by-work-qubesos allow 5 | 6 | admin.vm.device.block.Available * work-qubesos work-qubesos allow target=dom0 7 | 8 | admin.vm.Start * work-qubesos win-build allow target=dom0 9 | admin.vm.device.block.Attach * work-qubesos win-build allow target=dom0 10 | 11 | qubesbuilder.WinSign.QueryKey +Qubes__Windows__Tools work-qubesos vault-sign allow 12 | qubesbuilder.WinSign.CreateKey +Qubes__Windows__Tools work-qubesos vault-sign allow 13 | qubesbuilder.WinSign.DeleteKey +Qubes__Windows__Tools work-qubesos vault-sign allow 14 | qubesbuilder.WinSign.GetCert +Qubes__Windows__Tools work-qubesos vault-sign allow 15 | qubesbuilder.WinSign.Sign +Qubes__Windows__Tools work-qubesos vault-sign allow 16 | -------------------------------------------------------------------------------- /rpc/qubesbuilder-file-copy-in.ps1: -------------------------------------------------------------------------------- 1 | . $env:QUBES_TOOLS\qubes-rpc-services\VMExec-Decode.ps1 2 | . $env:QUBES_TOOLS\qubes-rpc-services\log.ps1 3 | 4 | LogStart 5 | 6 | try { 7 | $decoded = VMExec-Decode $args[0] 8 | LogDebug "decoded: $decoded" 9 | 10 | $fileReceiver = Join-Path $env:QUBES_TOOLS "qubes-rpc-services\file-receiver.exe" 11 | 12 | # Create destination directory 13 | New-Item -ItemType Directory -Path $decoded -Force | Out-Null 14 | 15 | $parent = Split-Path -Parent $decoded 16 | LogDebug "parent: $parent" 17 | # All Windows RPC executables use | as argument separator and powershell adds an extra space to the command line 18 | # see https://github.com/PowerShell/PowerShell/issues/13094 19 | Start-Process -FilePath $fileReceiver -ArgumentList "$parent|" -LoadUserProfile -NoNewWindow -Wait 20 | } catch [DecodeError] { 21 | Write-Error $_.Exception.Message 22 | } 23 | -------------------------------------------------------------------------------- /rpc/qubesbuilder-file-copy-out.ps1: -------------------------------------------------------------------------------- 1 | . $env:QUBES_TOOLS\qubes-rpc-services\VMExec-Decode.ps1 2 | . $env:QUBES_TOOLS\qubes-rpc-services\log.ps1 3 | 4 | LogStart 5 | 6 | try { 7 | $decoded = VMExec-Decode $args[0] 8 | LogDebug "decoded: $decoded" 9 | 10 | $fileSender = Join-Path $env:QUBES_TOOLS "qubes-rpc-services\file-sender.exe" 11 | Start-Process -FilePath $fileSender -ArgumentList "$decoded" -LoadUserProfile -NoNewWindow -Wait 12 | } catch [DecodeError] { 13 | Write-Error $_.Exception.Message 14 | } 15 | -------------------------------------------------------------------------------- /rpc/qubesbuilder.FileCopyIn: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | import os 4 | import re 5 | import shutil 6 | import subprocess 7 | import sys 8 | from pathlib import Path 9 | 10 | 11 | class DecodeError(ValueError): 12 | pass 13 | 14 | 15 | ESCAPE_RE = re.compile(rb"--|-([A-F0-9]{2})") 16 | 17 | 18 | def decode_part(part): 19 | if not re.match(r"^[a-zA-Z0-9._-]*$", part): 20 | raise DecodeError("illegal characters found") 21 | 22 | part = part.encode("ascii") 23 | 24 | # Check if no '-' remains outside of legal escape sequences. 25 | if b"-" in ESCAPE_RE.sub(b"", part): 26 | raise DecodeError("'-' can be used only in '-HH' or '--'") 27 | 28 | def convert(m): 29 | if m.group(0) == b"--": 30 | return b"-" 31 | num = int(m.group(1), 16) 32 | return bytes([num]) 33 | 34 | return ESCAPE_RE.sub(convert, part) 35 | 36 | 37 | def main(): 38 | if len(sys.argv) != 2: 39 | print("Please provide destination.", file=sys.stderr) 40 | sys.exit(1) 41 | 42 | decoded_arg = decode_part(sys.argv[1]).decode("utf-8") 43 | dst = Path(decoded_arg).resolve() 44 | 45 | # Get destination path and extract components 46 | bn = dst.name 47 | dn = dst.parent 48 | 49 | # Get user and group ID 50 | uid = os.getuid() 51 | gid = os.getgid() 52 | 53 | # Add Qubes path to the environment if qfile-unpacker is available 54 | env = os.environ.copy() 55 | if os.path.exists("/usr/lib/qubes/qfile-unpacker"): 56 | env["PATH"] = os.pathsep.join([env.get("PATH", ""), "/usr/lib/qubes"]) 57 | 58 | # Clean and prepare directories 59 | shutil.rmtree("/builder/incoming", ignore_errors=True) 60 | os.makedirs("/builder/incoming") 61 | os.chown("/builder", uid, gid) 62 | 63 | # Run qfile-unpacker 64 | subprocess.run( 65 | ["qfile-unpacker", "--allow-all-names", "--allow-unsafe-symlinks", 66 | str(uid), "/builder/incoming"], check=True, env=env 67 | ) 68 | 69 | # Move the file to the destination directory 70 | dn.mkdir(parents=True, exist_ok=True) 71 | shutil.move(f"/builder/incoming/{bn}", dn) 72 | 73 | 74 | if __name__ == "__main__": 75 | main() 76 | -------------------------------------------------------------------------------- /rpc/qubesbuilder.FileCopyOut: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | import re 4 | import subprocess 5 | import sys 6 | from pathlib import Path 7 | 8 | 9 | class DecodeError(ValueError): 10 | pass 11 | 12 | 13 | ESCAPE_RE = re.compile(rb"--|-([A-F0-9]{2})") 14 | 15 | 16 | def decode_part(part): 17 | if not re.match(r"^[a-zA-Z0-9._-]*$", part): 18 | raise DecodeError("illegal characters found") 19 | 20 | part = part.encode("ascii") 21 | 22 | # Check if no '-' remains outside of legal escape sequences. 23 | if b"-" in ESCAPE_RE.sub(b"", part): 24 | raise DecodeError("'-' can be used only in '-HH' or '--'") 25 | 26 | def convert(m): 27 | if m.group(0) == b"--": 28 | return b"-" 29 | num = int(m.group(1), 16) 30 | return bytes([num]) 31 | 32 | return ESCAPE_RE.sub(convert, part) 33 | 34 | 35 | def main(): 36 | if len(sys.argv) != 2: 37 | print("Please provide source.", file=sys.stderr) 38 | sys.exit(1) 39 | 40 | decoded_arg = decode_part(sys.argv[1]).decode("utf-8") 41 | src = Path(decoded_arg).resolve() 42 | 43 | # Run qfile-agent 44 | subprocess.run(["/usr/lib/qubes/qfile-agent", str(src)], check=True) 45 | 46 | 47 | if __name__ == "__main__": 48 | main() 49 | -------------------------------------------------------------------------------- /rpc/qubesbuilder.WinFileCopyIn: -------------------------------------------------------------------------------- 1 | c:\windows\system32\cmd.exe /c powershell.exe -executionpolicy bypass -noninteractive -file "%QUBES_TOOLS%\qubes-rpc-services\qubesbuilder-file-copy-in.ps1" "%1" -------------------------------------------------------------------------------- /rpc/qubesbuilder.WinFileCopyOut: -------------------------------------------------------------------------------- 1 | c:\windows\system32\cmd.exe /c powershell.exe -executionpolicy bypass -noninteractive -file "%QUBES_TOOLS%\qubes-rpc-services\qubesbuilder-file-copy-out.ps1" "%1" -------------------------------------------------------------------------------- /rpc/qubesbuilder.WinSign.CreateKey: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -efo pipefail 4 | 5 | # shellcheck source=SCRIPTDIR/qubesbuilder.WinSign.common 6 | . "$(dirname "$0")/qubesbuilder.WinSign.common" 7 | 8 | usage() { 9 | >&2 echo "Usage: $(basename "$0")+ 10 | 11 | Create a new self-signed key and certificate. 12 | " 13 | exit 1 14 | } 15 | 16 | if [ $# -ne 1 ]; then 17 | usage 18 | fi 19 | 20 | ensure_db 21 | 22 | KEY_NAME="${1//__/ }" 23 | 24 | set +e 25 | 26 | if check_key_exists "${KEY_NAME}"; then 27 | >&2 echo "Key '$1' exists" 28 | exit 1 29 | fi 30 | set -e 31 | 32 | # Generate self-signed certificate and key 33 | openssl req \ 34 | -nodes \ 35 | -new \ 36 | -x509 \ 37 | -newkey rsa:4096 \ 38 | -sha256 \ 39 | -keyout "${KEYS_DIR}/${KEY_NAME}.key" \ 40 | -out "${KEYS_DIR}/${KEY_NAME}.crt" \ 41 | -days "${DAYS}" \ 42 | -subj "/CN=${KEY_NAME}/" \ 43 | -addext "basicConstraints=CA:FALSE" \ 44 | > /dev/null 2>&1 45 | 46 | # Verify that the key got added 47 | check_key_exists "${KEY_NAME}" 48 | -------------------------------------------------------------------------------- /rpc/qubesbuilder.WinSign.DeleteKey: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -efo pipefail 4 | 5 | # shellcheck source=SCRIPTDIR/qubesbuilder.WinSign.common 6 | . "$(dirname "$0")/qubesbuilder.WinSign.common" 7 | 8 | usage() { 9 | >&2 echo "Usage: $(basename "$0")+ 10 | 11 | Delete a signing key and certificate. 12 | " 13 | exit 1 14 | } 15 | 16 | if [ $# -ne 1 ]; then 17 | usage 18 | fi 19 | 20 | ensure_db 21 | 22 | KEY_NAME="${1//__/ }" 23 | 24 | set +e 25 | if ! check_key_exists "${KEY_NAME}"; then 26 | >&2 echo "Key '$1' does not exist" 27 | exit 1 28 | fi 29 | set -e 30 | 31 | sudo rm -f \ 32 | "${KEYS_DIR}/${KEY_NAME}.key" \ 33 | "${KEYS_DIR}/${KEY_NAME}.crt" 34 | -------------------------------------------------------------------------------- /rpc/qubesbuilder.WinSign.GetCert: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -efo pipefail 4 | 5 | # shellcheck source=SCRIPTDIR/qubesbuilder.WinSign.common 6 | . "$(dirname "$0")/qubesbuilder.WinSign.common" 7 | 8 | usage() { 9 | >&2 echo "Usage: $(basename "$0")+ 10 | 11 | Get public certificate for a given signing key. 12 | " 13 | exit 1 14 | } 15 | 16 | if [ $# -ne 1 ]; then 17 | usage 18 | fi 19 | 20 | ensure_db 21 | 22 | KEY_NAME="${1//__/ }" 23 | 24 | set +e 25 | if ! check_key_exists "${KEY_NAME}"; then 26 | >&2 echo "Key '$1' does not exist" 27 | exit 1 28 | fi 29 | set -e 30 | 31 | cat "${KEYS_DIR}/${KEY_NAME}.crt" 32 | -------------------------------------------------------------------------------- /rpc/qubesbuilder.WinSign.QueryKey: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -efo pipefail 4 | 5 | # shellcheck source=SCRIPTDIR/qubesbuilder.WinSign.common 6 | . "$(dirname "$0")/qubesbuilder.WinSign.common" 7 | 8 | usage() { 9 | >&2 echo "Usage: $(basename "$0")+ 10 | 11 | Query whether the given signing key exists. 12 | " 13 | exit 1 14 | } 15 | 16 | if [ $# -ne 1 ]; then 17 | usage 18 | fi 19 | 20 | ensure_db 21 | 22 | set +e 23 | if check_key_exists "${1//__/ }"; then 24 | echo "Key '$1' exists" 25 | else 26 | echo "Key '$1' does not exist" 27 | fi 28 | -------------------------------------------------------------------------------- /rpc/qubesbuilder.WinSign.Sign: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -efo pipefail 4 | 5 | # shellcheck source=SCRIPTDIR/qubesbuilder.WinSign.common 6 | . "$(dirname "$0")/qubesbuilder.WinSign.common" 7 | 8 | usage() { 9 | >&2 echo "Usage: $(basename "$0")+ 10 | 11 | Sign a binary with the given key. Input = stdin, output = stdout. 12 | " 13 | exit 1 14 | } 15 | 16 | if [ $# -ne 1 ]; then 17 | usage 18 | fi 19 | 20 | ensure_db 21 | 22 | KEY_NAME="${1//__/ }" 23 | 24 | set +e 25 | if ! check_key_exists "${1//__/ }"; then 26 | >&2 echo "Key '$1' does not exist" 27 | exit 1 28 | fi 29 | set -e 30 | 31 | PAYLOAD_DIR="$(mktemp -d)" 32 | 33 | cleanup() { 34 | local payload_dir="$1" 35 | if [ -n "${payload_dir}" ]; then 36 | rm -rf "${payload_dir}" 37 | fi 38 | } 39 | 40 | # expanding PAYLOAD_DIR early is the expected behavior 41 | # shellcheck disable=SC2064 42 | trap "cleanup ${PAYLOAD_DIR}" EXIT 43 | 44 | payload="${PAYLOAD_DIR}/payload" 45 | 46 | # Limit stdin size 47 | head --bytes=100MB > "$payload" 48 | 49 | if [ "$(stat --format=%s "$payload")" -ge $((100 * 1024 * 1024)) ]; then 50 | >&2 echo "Input size must be less than 100MiB." 51 | exit 1 52 | fi 53 | 54 | osslsigncode sign \ 55 | -certs "${KEYS_DIR}/${KEY_NAME}.crt" \ 56 | -key "${KEYS_DIR}/${KEY_NAME}.key" \ 57 | -h sha256 \ 58 | -in "$payload" \ 59 | -out "$payload".signed \ 60 | > /dev/null 2>&1 61 | 62 | cat "$payload".signed 63 | -------------------------------------------------------------------------------- /rpc/qubesbuilder.WinSign.Timestamp: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -efo pipefail 4 | 5 | TS_URL="http://timestamp.digicert.com" 6 | PAYLOAD_DIR="$(mktemp -d)" 7 | 8 | cleanup() { 9 | local payload_dir="$1" 10 | if [ -n "${payload_dir}" ]; then 11 | rm -rf "${payload_dir}" 12 | fi 13 | } 14 | 15 | # expanding PAYLOAD_DIR early is the expected behavior 16 | # shellcheck disable=SC2064 17 | trap "cleanup ${PAYLOAD_DIR}" EXIT 18 | 19 | payload="${PAYLOAD_DIR}/payload" 20 | 21 | # Limit stdin size 22 | head --bytes=100MB > "$payload" 23 | 24 | if [ "$(stat --format=%s "$payload")" -ge $((100 * 1024 * 1024)) ]; then 25 | >&2 echo "Input size must be less than 100MiB." 26 | exit 1 27 | fi 28 | 29 | osslsigncode add \ 30 | -ts "${TS_URL}" \ 31 | -in "$payload" \ 32 | -out "$payload".signed \ 33 | > /dev/null 2>&1 34 | 35 | cat "$payload".signed 36 | -------------------------------------------------------------------------------- /rpc/qubesbuilder.WinSign.common: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -efo pipefail 4 | 5 | KEYS_DIR=/home/user/win-sign/keys 6 | 7 | # Validity period for generated self-signed certificates 8 | export DAYS=3650 9 | 10 | ensure_db() { 11 | mkdir -p "${KEYS_DIR}" 12 | } 13 | 14 | check_key_exists() { 15 | [ -f "${KEYS_DIR}/$1".key ] 16 | } 17 | -------------------------------------------------------------------------------- /tests/gnupg/openpgp-revocs.d/466110A602D13C7A5CD9DDF690A99E7695483BFE.rev: -------------------------------------------------------------------------------- 1 | This is a revocation certificate for the OpenPGP key: 2 | 3 | pub rsa2048 2023-06-29 [C] 4 | 466110A602D13C7A5CD9DDF690A99E7695483BFE 5 | uid Key2 6 | 7 | A revocation certificate is a kind of "kill switch" to publicly 8 | declare that a key shall not anymore be used. It is not possible 9 | to retract such a revocation certificate once it has been published. 10 | 11 | Use it to revoke this key in case of a compromise or loss of 12 | the secret key. However, if the secret key is still accessible, 13 | it is better to generate a new revocation certificate and give 14 | a reason for the revocation. For details see the description of 15 | of the gpg command "--generate-revocation" in the GnuPG manual. 16 | 17 | To avoid an accidental use of this file, a colon has been inserted 18 | before the 5 dashes below. Remove this colon with a text editor 19 | before importing and publishing this revocation certificate. 20 | 21 | :-----BEGIN PGP PUBLIC KEY BLOCK----- 22 | Comment: This is a revocation certificate 23 | 24 | iQE2BCABCAAgFiEERmEQpgLRPHpc2d32kKmedpVIO/4FAmSdftsCHQAACgkQkKme 25 | dpVIO/7tiwf9H9l1lJT7dFB/xluS1z/oGZDlzCetOjRwB4D1wM0VFwEPhd8KSRrN 26 | dJvQwrRwuM38BmJ0+aPf5i+DdJKnEvUThLPJ9ZSgMRVBbG/Gu9MEy42Eo2Qdoetc 27 | P5X5M5CQ6BNc+PYw+rwkul1FdSfDDlbD/X3mFuiIiRv3scN2g+jq9j3cEpvtz4KY 28 | +HHtmzLnORr/80DVqJin/uYraeZVKuoiH6oZAg07ZpthkuB9lRVEGSBozLX1QtJw 29 | qTHzl3CgRAUqIG4gL+oF82A5ch5l8eSCGN0hDamw0UP204LoDA+R5fgHNOV5abhp 30 | KZGY7w9Sg17C3ShqhqK3+RJpZBovHsoePQ== 31 | =GTY+ 32 | -----END PGP PUBLIC KEY BLOCK----- 33 | -------------------------------------------------------------------------------- /tests/gnupg/openpgp-revocs.d/632F8C69E01B25C9E0C3ADF2F360C0D259FB650C.rev: -------------------------------------------------------------------------------- 1 | This is a revocation certificate for the OpenPGP key: 2 | 3 | pub rsa3072 2021-02-21 [SC] [expires: 2023-02-21] 4 | 632F8C69E01B25C9E0C3ADF2F360C0D259FB650C 5 | uid testuser 6 | 7 | A revocation certificate is a kind of "kill switch" to publicly 8 | declare that a key shall not anymore be used. It is not possible 9 | to retract such a revocation certificate once it has been published. 10 | 11 | Use it to revoke this key in case of a compromise or loss of 12 | the secret key. However, if the secret key is still accessible, 13 | it is better to generate a new revocation certificate and give 14 | a reason for the revocation. For details see the description of 15 | of the gpg command "--generate-revocation" in the GnuPG manual. 16 | 17 | To avoid an accidental use of this file, a colon has been inserted 18 | before the 5 dashes below. Remove this colon with a text editor 19 | before importing and publishing this revocation certificate. 20 | 21 | :-----BEGIN PGP PUBLIC KEY BLOCK----- 22 | Comment: This is a revocation certificate 23 | 24 | iQG2BCABCgAgFiEEYy+MaeAbJcngw63y82DA0ln7ZQwFAmAyr6MCHQAACgkQ82DA 25 | 0ln7ZQw8bwwAhN+wz8GjB3mD18x1rGBUct7e2ushY/KR1o9ZBKzge9WWBpfAGhIQ 26 | 8qhB0c/1cnG8z8PAm1X5B16OGvLm/ntrzjfYNJOVrfUk1K9H+3TePVyiEPgwDcSk 27 | TUvrx3wtuiTYAUfC3IkmgTY97CItGkqnWyqsqNeRDCyjHiO5UrACP5OyGckaEK6t 28 | HbB+wNhye4D6+yroBMvfS6+h3wRIsvyNfMIQzKLW8MSYgb3wwGes486516kFGy98 29 | 6wEmKxuEBNcXYtqPBGLh6j858z2pnwlTet+HQ0a4k6zvB+l3gIKjCv/60ZgtH7Sn 30 | ILChFc5zmr6YFoFK4ViC1LD8RzlLqmBHIpM6jm/VOylslpn/uI6Yr62JB7DlK9WC 31 | 11TiQMDVEyPWwDLaeaJxq134gA6bbCN8IeyyTDaxRK3UgH5538h4r6OHfiC16DBb 32 | mG4C9eigRbohnJNsofOxJYwVV4TSPvihLVinj44kl5FmpV3f3tPg7O0gcTTESDGL 33 | ZnGpoZcWLaLD 34 | =ygDk 35 | -----END PGP PUBLIC KEY BLOCK----- 36 | -------------------------------------------------------------------------------- /tests/gnupg/openpgp-revocs.d/8B080B3E649B153AA44FE43E722F2B7B164FDEF7.rev: -------------------------------------------------------------------------------- 1 | This is a revocation certificate for the OpenPGP key: 2 | 3 | pub rsa2048 2023-06-29 [C] 4 | 8B080B3E649B153AA44FE43E722F2B7B164FDEF7 5 | uid Key1 6 | 7 | A revocation certificate is a kind of "kill switch" to publicly 8 | declare that a key shall not anymore be used. It is not possible 9 | to retract such a revocation certificate once it has been published. 10 | 11 | Use it to revoke this key in case of a compromise or loss of 12 | the secret key. However, if the secret key is still accessible, 13 | it is better to generate a new revocation certificate and give 14 | a reason for the revocation. For details see the description of 15 | of the gpg command "--generate-revocation" in the GnuPG manual. 16 | 17 | To avoid an accidental use of this file, a colon has been inserted 18 | before the 5 dashes below. Remove this colon with a text editor 19 | before importing and publishing this revocation certificate. 20 | 21 | :-----BEGIN PGP PUBLIC KEY BLOCK----- 22 | Comment: This is a revocation certificate 23 | 24 | iQE2BCABCAAgFiEEiwgLPmSbFTqkT+Q+ci8rexZP3vcFAmSdftQCHQAACgkQci8r 25 | exZP3vd5SwgAowe1C2D6GCj2xRtq3ZwcFreREg1pNiAO9LXjjepd61DMZ4qbAT9f 26 | kq1tebpdu+PHKpWjBnlvqMdivtf7kt+5zx97XW/BshMwmZvzHEJ/0beHpEt5us6X 27 | +qKLbYd4SWFUPB5HJ8Vy3kQ4DIbWnuAiosJ0A/HbgkQMCCUTlHXDadh8Ks2ArNel 28 | 5KtFiXYOxqWQk6tThDY1D0Rzs57Z7rgvElBw8E4psPTM8tnTl2IggGUwTl7Vnon0 29 | BJuNKQg9hwC+5aGCgfeOOfOZpK1S/z/DEgMCoXy9pAJYXY6PW042Tr/wVqvPyxAT 30 | XL8Qzc17zRpRITcKeiGNlUrQpwq2BkClXw== 31 | =5+h3 32 | -----END PGP PUBLIC KEY BLOCK----- 33 | -------------------------------------------------------------------------------- /tests/gnupg/openpgp-revocs.d/C1261D4BA94026D4EEBDCB485811E93DE307C3CE.rev: -------------------------------------------------------------------------------- 1 | This is a revocation certificate for the OpenPGP key: 2 | 3 | pub rsa2048 2023-06-29 [C] 4 | C1261D4BA94026D4EEBDCB485811E93DE307C3CE 5 | uid Key3 6 | 7 | A revocation certificate is a kind of "kill switch" to publicly 8 | declare that a key shall not anymore be used. It is not possible 9 | to retract such a revocation certificate once it has been published. 10 | 11 | Use it to revoke this key in case of a compromise or loss of 12 | the secret key. However, if the secret key is still accessible, 13 | it is better to generate a new revocation certificate and give 14 | a reason for the revocation. For details see the description of 15 | of the gpg command "--generate-revocation" in the GnuPG manual. 16 | 17 | To avoid an accidental use of this file, a colon has been inserted 18 | before the 5 dashes below. Remove this colon with a text editor 19 | before importing and publishing this revocation certificate. 20 | 21 | :-----BEGIN PGP PUBLIC KEY BLOCK----- 22 | Comment: This is a revocation certificate 23 | 24 | iQE2BCABCAAgFiEEwSYdS6lAJtTuvctIWBHpPeMHw84FAmSdfuQCHQAACgkQWBHp 25 | PeMHw87AOggAujGHjyleluG/+PBz6EWofCxrV4DGdk+ls9Kfuvjzxp5tapmVVr1B 26 | Do9353ZdljnBeC7QDySMHwOhOHSRZhYLG/8qr6WQukgUYH+veJ/aSdJzFua2PRXH 27 | mlom5NmjLYHTuvLri1s4U8tXpefEKVi0tOehQVWJWseW1U2XIehsEezLgSeIT0TX 28 | RPF+p3NqlM+bjcwfg9QCX0xeAM6XG1JCR4y5e5mNUfLiErOvSOYhoMKjecewpZed 29 | flj6lHrKK0IYPk78AlR1re3esqS5rj67TVC7tRyynFq48qJHI3ddqEXlUISFHJBW 30 | PSOlcdokxknA3yGDN6Z86KBWcyELZGCyAw== 31 | =n5nn 32 | -----END PGP PUBLIC KEY BLOCK----- 33 | -------------------------------------------------------------------------------- /tests/gnupg/private-keys-v1.d/13BA2F41C3335F9D3A719B88F999FC738E2C2118.key: -------------------------------------------------------------------------------- 1 | Created: 20230629T125337 2 | Key: (private-key (rsa (n #00DCB36EE3973EC1E547E1263EB3B949056665436A1F 3 | 4610980D394560186C54A6A08D8B2C7A09C2511C2675DC5E0B7AEFECEBD54C24CDF1CD 4 | A9EA0071640EBAA461621589E0D07A499AF73636D3FA2F3BD7C486BE4AE496B0B5EA27 5 | E17C3B38FE44D8BC4CD9DB81D820174A69DDA9FFC761850AACC1D3BE0961F61744B159 6 | EB60E1F7A3A9C2CEA7C57BA6F4C3F53D4C5F0387D11EB5F39C5229512317A7465F94C2 7 | C3247E5CAD0AE7A53C7BBE8246748E367465E7532833F120C43222EC47A66F503A3C37 8 | B6DF1A34E55D4EF61573316EE739DF90A6FD73341D4B7761D9DC91D7440F098DC5EE99 9 | 706598369292A585037BED77D4297825DD37DDF833607E91C1#)(e #010001#)(d 10 | #0C78D725154BAC8E4C05662974537DE3F84B340FE5E62A2B469188492FBE24FB40DE 11 | D8D8E5C96205DE85F1A2873DC5B7F3EB08A3EFBF43E939FF3D60CB0D4E48BA705E1C5B 12 | 641AAA08CFEC3C5556B9C73B6879AF1CA93DF70CE3B776DD93F4F2C11220B384DAFBD3 13 | AA6E188462AC8005ECDDD56A697E715A8342C2823D35C2386DB0DFDD87627669C4506C 14 | A552B890487AA40D54A224F50A30F3D3D8DFECBDFA5BCC0D1A98798D9EEB1742E2E469 15 | B2A946A914816F99F4E40CF573B5064AAE40EE76F126DBEEEDB60B907C435BE4BFDF94 16 | 7B86525D69AD2ED002446B1699FA0733CBCC9883DEEC4A6613D51E3E9A6F685B760F92 17 | 8D547F83E6FEBC572A72A531#)(p #00E57A6AFF69158978AAA732207E839B71EFE260 18 | 12E207431DD573A9FEC7FEE582ED8271138A18D41DFBC92C3D64C64706F1DC310C4F3C 19 | B9A8A504D35AF5D3A8F78F9648AA64D173575EAB80D268933C3F448734735C7ABBA977 20 | 53C09756FBD5ADEF0BA1F081ECA76BF179DC5C10092F4418D453D5E81EF1A01E83F21C 21 | 65835E11#)(q #00F635523F5B76F92C8AC1DAE8CD906DCF330D3C4AF5CA9861810C66 22 | 49408FAD8645CED2E6B0707ACA029B310B93D2E2F7EDB68916C81E7059BF9F18850245 23 | 96A1A7EDDFD297C1AF4867BF41D6FD7C65FD1CCF0C5364BF994793D4942EFE1A0CE147 24 | 919F972F6799C4CCFE89C394196843E5477119AE9D6ACCF37F5A4D081A08B1#)(u 25 | #00C037401BE1718128D1C5CF2DC5B0AB9FC3F3A1B9B42FB2ABDFF98BAB067BCB3403 26 | EEADD4D0BE7D88E1A2966972E31BFD5216CF6551965ECA238FF6EC219CE3F41E22FC07 27 | 1696EE2B83F1A92D05899AB33E1E6A5F3BA042A56619393FBFB8E43303A8C778EA63D8 28 | 2B77F6B411E823E391EEAB8576DE91633AFCFBEFA4266C127D#))) 29 | -------------------------------------------------------------------------------- /tests/gnupg/private-keys-v1.d/4F1238E32595370BA08D8978364CF9F846C707F7.key: -------------------------------------------------------------------------------- 1 | Created: 20230629T125353 2 | Key: (private-key (rsa (n #00C6CF5C73DDB5DED317454B00C5E92D304E98D12CB0 3 | D8B990386A8E01C69AC15F0E99D03207C59793BD8E2B52D8D7948BC4E72330BEF9E59D 4 | 8B5E94923D1CCBF2DCD69AA7CADBFDF64B2FEA31CE8F1AF8686F5D4219DD0E152210E7 5 | F2A2FD6DA52A840856FD4DCA353449D7D98C9236E2A7E4D368C772F65BC9C90773FB42 6 | 097992848370DD5905A61674A9B9D377535236B7B92C72C9DA9B9CCF3F24D4075DF059 7 | 8DCD9B8E7183498D98BF151B34C1612C14C89CA9894B4F22223A598710246D6CDD28A4 8 | 375448047077608C64EBAB0600AE80D14F9AB58F6CF581062ED927D11BE9332D2E9ACF 9 | 9B1205510166EB9267DCC192A4C67F04474CBAB4B7B3C4018F#)(e #010001#)(d 10 | #19726C46865FE394085BFDB42D20E2005767170B0DDDC7AEAE91F0F8483801BD4D8C 11 | A189EDD5BC47945130B96B78F8920553827D184CBB37B5A19709BAD9C73F204635C879 12 | 5E3C3CFCB5B6D7C6352A0216B7FE6B5A0D21E2D197F1606CBD5C7DF219B14995259256 13 | CA0913A04C6E60A9154D6443FA977BF216BB6D014AED5271EBA20094342F13A7C6E721 14 | 69A94EE0444EF7F5B6BABDEC69180F8B4013A7DA44C24B2039EA05D3C0C7DC25DC3DA8 15 | 921878E9AE113691A464CBDF182D3C5D749E3EC5A39EAAD281A1C37677D61415FB0668 16 | 5B9E9ED984D1A8D0BB5DA3E019E46517220FC17AD447DA4FBF42F0A854355771E9A016 17 | F3F3492578A77DE002E7CEE1#)(p #00CBBCC4B1B39FB18DB45B22057F06EEF4940622 18 | 4DDCA29D20B4DEBEA96C7DD365E8050297838036180EFB2A89418FE5B67B4A75B6A7D1 19 | 21B302646963D91FA163B52A9C84D183EED6CFDBEC8F88506078921B42AD46231309E8 20 | EBD20BCA7B24EF6B6F7DEABB36AECA357D106E02969FD140B0D9E6DF24FACC2EE2EE36 21 | 8D7C7321#)(q #00F9CF0465D0484F627AA39571A046698C560A259C8C082B0FDD77B3 22 | C7715DC00CF78AD266611A4B44754393775F3DFD4FBF2CC680F90A9BA462E263FC3582 23 | 7EBE7A96B7E045E6EAF44FCDC8894ECD94DA14D613E7A33E02F060B52EE305EFBC1497 24 | ACC883E0F1544BFF985C2A9D92871586AF720F4F26BBBE6A2F48E85E358EAF#)(u 25 | #1203C742E01D7385D94B5E0B09DE139FB7C6186F3EDE876C8309CE69349B45D60469 26 | DB4D18A735AD40623A55AFC687106925899665277CB6761E70B9896E8593A48448738B 27 | 3FD3C575A1A1A4C690C7F4E6587626F1EDA7241A13573ED912CFE4013295883CE1E70F 28 | 09809265A382BBFC7C77E6616E2B10BF0D957FDB0FF5C254#))) 29 | -------------------------------------------------------------------------------- /tests/gnupg/private-keys-v1.d/74D9755A5B3601A0D8069301E7D8D8EABEB451DC.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/tests/gnupg/private-keys-v1.d/74D9755A5B3601A0D8069301E7D8D8EABEB451DC.key -------------------------------------------------------------------------------- /tests/gnupg/private-keys-v1.d/80256D086B87167A8499EBEE74E57DE1DA80E267.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/tests/gnupg/private-keys-v1.d/80256D086B87167A8499EBEE74E57DE1DA80E267.key -------------------------------------------------------------------------------- /tests/gnupg/private-keys-v1.d/8B94F52F514A6F106C37F31E6CD988B44506BEE0.key: -------------------------------------------------------------------------------- 1 | Created: 20230629T125345 2 | Key: (private-key (rsa (n #00B7FC36CCB8B1D6DC25B94B1FE91B27BDC61EDA513D 3 | D1D40E4F2D964139A1524B009D0577F6F300F839BD682A5F75EE0AC1956FDF4BFB841C 4 | 6038372008EF2954BB0E597BDA8AE9CFF70800FEC7C7F9F19DE6F914FF1763E753018F 5 | 4CEE39C7926FD1AE7F725ABFBC0DA8B0655E93F00C2CEAEDFFF4BB080A33332AF2F401 6 | 54B30CDFB84070E376F3B0EFA4D1F2DFAF4B2B10A89AD79F8738B096A77AEB366A817F 7 | E714ADCFC9D88627A875D90FE044D2E714821C5B3BC84B254DE2293F321613D37EE76F 8 | 1D5D7DC5B1EE6CA867FC9CED6924FACC67FC8E2CB991586EA146F6AD4CEC58103E62F1 9 | B5D1F1B0B6932D8D855CB69C35D4DF59D6139F1475A73CD8A3#)(e #010001#)(d 10 | #03F72325396BD7D229DBFB03068EA7C61ED1866A0ED78966FF8CDF7AAB67CF32BFA2 11 | 22BE89AB861F537B4215FBB5BA7A2FDEED28D665E6DC87B45E77C9C981CE0A340E78AD 12 | 66A6106DE615C36801E6E0AEC30E264633365B837DFA9D315B3C726B078D67C0CAB4EC 13 | 342D29141E3C3905C22814161AABB74A24FD5AD51EAE32A999E236E03D01BD5550390E 14 | 9E7C9D605C070FFEB46D955E14150FE1413BD773C1926B4205E808F93AC102A4464B09 15 | 24B56262829EFD4272CCD610874BB5D36F48E78B1868EB9CBF25356EBEF5C2A5C35AAF 16 | 04EE401845E7F7D982D1F1814CE93B2353E64AC5B67AFC34F90DC3F40C10F9FA4BB71E 17 | B82903C3B7D5ECA2C06A4FE9#)(p #00CA6F265D09E0DE4FE83011FC4977E047E8059C 18 | 067591F0B26F5196FC7CA69751249085E789871868468543ACAB619CB42CE902A92E9A 19 | 23DA2B1EB8E35294829B133BAD97AF7FFCD4525A92C0CD191D8CCFCFA3B1612987C896 20 | 52B99D5B24C65DA265D1F435BBFE35A81FA765F3F4D95166375428A598079C52383BCC 21 | 23BFEDCB#)(q #00E8AB55B9BD1A46E434564D6982A529A64CEAA648C10F30962DB3EC 22 | DC1D6C7734ACBEC7D5C28594659B49EDF2E23209FBE9953FECFD114653A41EC8CF8D9E 23 | BBEAC80E500A5A7141E13A9CEEBEFCEF471CBF76A3ACA5DC7F0CC8C68ECF3C73D4C6D1 24 | F02A197EDD60A9C3EABB78B5B10AD3C42B1C79B22E6A1B613A89E1C770E589#)(u 25 | #7831AFDD386CBAC5F6E2A8925E19C143C07A7BA2925C7089CC95AEFA8310CFD93DAE 26 | E2E95B713F5BC436E11AAF3874B94E944CE69DF41F65F3EC30455607067FA751B397C4 27 | 53CCF0F575752BC54BBFE573E8408DE8D971150B042A00E63687EBE6656C99EF555673 28 | 72BCAD8BBA8E3FBEC805E78BD7BB0D08495564E761EC698C#))) 29 | -------------------------------------------------------------------------------- /tests/gnupg/pubring.kbx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/tests/gnupg/pubring.kbx -------------------------------------------------------------------------------- /tests/gnupg/trustdb.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QubesOS/qubes-builderv2/107e979184e1ffd8f29e9e7bf0eb736f276f8fe1/tests/gnupg/trustdb.gpg -------------------------------------------------------------------------------- /tests/keys/C4A2E4615A16BD191110DEE17320B2D2134763F3.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGQWy00BEACxRHMRFpTOBfnxWSljcaAFPjbE8vaOmk6qZX7DacatwYFQGj6I 4 | /ff+N3yk3FWXDHVMbWmm1cugQp4rBSZDllcMaFw2YrSOD/+0Ra+uJmbrNxfuTtXq 5 | amOFUj0eE5ZIKb51zUca/U1Cx6afnfF/ZChxg106WEI1KjkJTqekSNnItQZFYdBr 6 | KK+Z98i7z3f83czt5ABrc/wpmAjYpE6VfMGFO/EauftOBmVoyY26TSvui3AH3KR8 7 | 8AuCSDLl3gm3dJMgrWpUALfIpQpCCJGfS1cIAzd2JhZH2Iytlf2Lf8/+YV5vOA9Q 8 | QHTEMuY4ZbzZnaw2t2yDX4BxvJPYb3qEs1TPDBWONtCzZkJZbYPHObxqB0sQTMqL 9 | 8DEyK33ItyPV7w6T3TlpaIgGwmaj979xNkVJJG1W+1BJ4tzm/MT96Gupi1+nXyyD 10 | sbYT+P1q0w0RglWHGsBnlnCxBr50b0DQnTy0+jLg6xlLIUmSxH+o3c9qAahUa60h 11 | TMRprCpbYnVbSPVtkJWRKH/E8lFN/CZC3b/8njyChp+LoVjta1vtOFp7cH3xD9sC 12 | 1S8siy5oBjzwihQD55itKyrs/auDfaSeOJ+tkAye8lp6qIWpdEwLNActF2HJuVD+ 13 | 3gvFaibGAotTXt3hCJljWhW2CSVb+TjgOufO5GcfA0lm+UWnEI6DmeoZvwARAQAB 14 | tFBGcsOpZMOpcmljIFBpZXJyZXQgKEJ1aWxkIENvbW1hbmQgU2lnbmluZyBLZXkp 15 | IDxmcmVkZXJpY0BpbnZpc2libGV0aGluZ3NsYWIuY29tPokCUQQTAQgAOxYhBMSi 16 | 5GFaFr0ZERDe4XMgstITR2PzBQJkFstNAhsDBQsJCAcCAiICBhUKCQgLAgQWAgMB 17 | Ah4HAheAAAoJEHMgstITR2PzOkMP/i9djHt28W5tl46f+g/1j1a74QaEIP6hMZQj 18 | vEZydJ5+E+uJf4nbDfytpLkvHex/wagk0FZUAXD8aIOo9PkSYjpQHs9KC2jptIyB 19 | zYifkDkuyr2WqHvXmYxOhE/mDXhEDf4aJUof63YVHyXcEZTK2XeoSpBw7VYirK13 20 | 0fZCG/vVBQfx/abouKiFUozfY25fyo+h2r7Pg9xGrv+s025+/hAUjNx9udnrDm9Y 21 | QoWVeP2iThkM9rB4YUZbEzAX/LzCMV+CANYZeFblDlt93yEpXtCSAlI7TaWDm1bf 22 | aq63G9HJJzh6xI/p9LJ8wMjSbrYnfElfAqb3rS6s9WWC5mvM9NlqUV6FDIX5LjQP 23 | uIPLxzKsJS8CUi/CjawxohTElvPkQ6Lulz6Ookd23q9JeU9ZuxxbqgwM+p14Sleg 24 | hfLQR+IGJIaN0so0MaQF1Os3LzqcwJY4iPgV7r3aOY90CALllVaL6qmQ7EUv/Xs8 25 | CWeB8jnSh7UPsWl2ZZtjmfi2TA3gPnHTETzvGrVvcPbQFhWPIcGe5j2n5ixDUo4V 26 | /whSWmpWIhqROzWbeOOFmIJ8e0FcX3NpWFBT/rlYgnhyw1HqqP6B2XjMnw9K6gOQ 27 | ULj5f517O3gKTKZZ1+AxiLr4iUtHu8QYZuaUEDD7PbTslBUBJz14iDxrxIVAKcnZ 28 | 3+CXREUa 29 | =q+0m 30 | -----END PGP PUBLIC KEY BLOCK----- 31 | -------------------------------------------------------------------------------- /tests/scripts/check-chroot-content.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -ex -o pipefail 4 | 5 | # Check if chroot archive does not contain input files 6 | 7 | elementIn () { 8 | local element 9 | for element in "${@:2}"; do [[ "$element" == "$1" ]] && return 0; done 10 | return 1 11 | } 12 | 13 | ARTIFACTS_DIR="$(readlink -f "$1")" 14 | DIST="$2" 15 | shift 2 16 | read -r -a FILES <<< "$@" 17 | 18 | # Remove prefix for vm- and host- 19 | DIST="${DIST#vm-}" 20 | DIST="${DIST#host-}" 21 | 22 | if elementIn "${DIST}" bullseye bookworm trixie; then 23 | CHROOT_ARCHIVE="${ARTIFACTS_DIR}/cache/chroot/${DIST}/pbuilder/base.tgz" 24 | elif [[ "${DIST}" =~ fc[1-9]+ ]]; then 25 | # FIXME: fragile method to determine mock directory name 26 | CHROOT_ARCHIVE="${ARTIFACTS_DIR}/cache/chroot/${DIST}/mock/fedora-${DIST#fc-}-x86_64/root_cache/cache.tar.gz" 27 | else 28 | echo "ERROR: unsupported distribution '${DIST}'." 29 | exit 1 30 | fi 31 | 32 | for f in "${FILES[@]}"; do 33 | if tar tf "${CHROOT_ARCHIVE}" ".$f" 2>/dev/null; then 34 | echo "ERROR: found '$f'." 35 | exit 1 36 | fi 37 | done 38 | -------------------------------------------------------------------------------- /tools/generate-container-image.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -ex 4 | 5 | if [ $# -lt 1 ]; then 6 | echo "Usage: $0 CONTAINER_ENGINE " >&2 7 | echo "If MOCK_CONFIGURATION_FILE is provided, it will use Mock chroot as container rootfs." >&2 8 | exit 1 9 | fi 10 | 11 | CONTAINER_ENGINE="$1" 12 | MOCK_CONF="$2" 13 | 14 | [ -n "$CONTAINER_ENGINE" ] || { 15 | echo "Please provide container engine: 'docker' or 'podman'." 16 | exit 1 17 | } 18 | 19 | if [ "$CONTAINER_ENGINE" != "docker" ] && [ "$CONTAINER_ENGINE" != "podman" ]; then 20 | echo "Only 'docker' and 'podman' are supported." 21 | exit 1 22 | fi 23 | 24 | if [ "$CONTAINER_ENGINE" == "docker" ]; then 25 | CONTAINER_CMD="sudo docker" 26 | else 27 | CONTAINER_CMD="podman" 28 | fi 29 | 30 | TOOLS_DIR="$(dirname "$0")" 31 | TOOLS_DIR="$(readlink -f "$TOOLS_DIR")" 32 | 33 | if [ -n "$MOCK_CONF" ]; then 34 | MOCK_CONF_BN="$(basename "$MOCK_CONF")" 35 | 36 | # Remove chroot and cache 37 | sudo mock \ 38 | -r "$MOCK_CONF" \ 39 | --scrub=all 40 | 41 | # Create Mock chroot cache 42 | sudo mock \ 43 | -r "$MOCK_CONF" \ 44 | --init \ 45 | --no-bootstrap-chroot \ 46 | --config-opts chroot_setup_cmd='install dnf @buildsys-build' 47 | 48 | # Create Docker image 49 | # FIXME: The trim of .cfg extension does not work if rawhide is provided implicitly 50 | # like at the time of writing 'fedora-37-x86_64'. We need to find a more reliable way 51 | # to obtain mock chroot name. 52 | $CONTAINER_CMD build \ 53 | -f "${TOOLS_DIR}/../dockerfiles/fedora-mock.Dockerfile" \ 54 | -t qubes-builder-fedora \ 55 | "/var/cache/mock/${MOCK_CONF_BN%.cfg}/root_cache/" 56 | else 57 | $CONTAINER_CMD build \ 58 | -f "${TOOLS_DIR}/../dockerfiles/fedora.Dockerfile" \ 59 | -t qubes-builder-fedora . 60 | fi 61 | -------------------------------------------------------------------------------- /tools/windows/.gitignore: -------------------------------------------------------------------------------- 1 | /ewdk.iso 2 | /win-build.iso 3 | /win-opensshd.msi 4 | -------------------------------------------------------------------------------- /tools/windows/deps.txt: -------------------------------------------------------------------------------- 1 | 6333f5b38313360a2c960ea7afa3086002f479bad663f20f92a4889063fe925c win-opensshd.msi https://github.com/PowerShell/Win32-OpenSSH/releases/download/v9.5.0.0p1-Beta/OpenSSH-Win64-v9.5.0.0.msi 2 | 9a23f3399bf6b80b119bcaf9def8679ed296f4b7d742e0251cf0b76a3fb97f77 ewdk.iso https://go.microsoft.com/fwlink/?linkid=2271957 3 | -------------------------------------------------------------------------------- /tools/windows/edit-iso-dispvm.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is run in a dispvm 4 | 5 | set -efo pipefail 6 | 7 | ISO_DEV="/dev/xvdi" 8 | ISO_FILES="/home/user/iso" 9 | OUTPUT="/home/user/win-build.iso" 10 | 11 | INPUT_DIR="$(mktemp -d -p ~)" 12 | OUTPUT_DIR="$(mktemp -d -p ~)" 13 | 14 | sudo mount -r "${ISO_DEV}" "${INPUT_DIR}" 15 | 16 | echo "[*] Extracting unmodified iso..." 17 | cp -rp "${INPUT_DIR}/." "${OUTPUT_DIR}" 18 | sudo umount "${ISO_DEV}" 19 | rmdir "${INPUT_DIR}" 20 | 21 | echo "[*] Adding files..." 22 | sudo cp -r "${ISO_FILES}/." "${OUTPUT_DIR}" 23 | 24 | # Generate random password for the Windows user 25 | set +e # `head` below causes SEGPIPE... 26 | WIN_PASS=$(tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-.:;<=>?@[\]^_`{|}~' &2 echo "qrexec call '$2' to '$1' failed: ${result[0]} ${result[1]}" 45 | exit 1 46 | fi 47 | echo "${result[1]}" 48 | } 49 | 50 | # $1=target, $2=input 51 | shell_call() { 52 | echo "$2" | qrexec-client-vm "$1" qubes.VMShell 53 | } 54 | 55 | SCRIPT_DIR=$(dirname "$0") 56 | SCRIPT_DIR=$(readlink -f "${SCRIPT_DIR}") 57 | 58 | echo "[*] Setting up a loop device for the ISO..." 59 | LODEV=$(sudo losetup -f) 60 | sudo losetup "${LODEV}" "${INPUT}" 61 | LOOP_ID="${LODEV#'/dev/'}" 62 | 63 | echo "[*] Preparing a DispVM..." 64 | SELF=$(qubesdb-read /name) 65 | DISPVM=$(qrexec_call "dom0" admin.vm.CreateDisposable) 66 | 67 | qrexec_call "${DISPVM}" "admin.vm.Start" 68 | qrexec_call "${DISPVM}" "admin.vm.device.block.Attach+${SELF}+${LOOP_ID}" "read-only=true" 69 | qvm-copy-to-vm --without-progress "${DISPVM}" "${SCRIPT_DIR}/edit-iso-dispvm.sh" 70 | qvm-copy-to-vm --without-progress "${DISPVM}" "${FILES}" 71 | shell_call "${DISPVM}" "mv ~/QubesIncoming/${SELF}/edit-iso-dispvm.sh ~" 72 | shell_call "${DISPVM}" "mv ~/QubesIncoming/${SELF}/$(basename "$(realpath "${FILES}")") ~/iso" 73 | shell_call "${DISPVM}" "chmod +x ~/edit-iso-dispvm.sh" 74 | # shellcheck disable=SC2088 # (~ expansion) 75 | shell_call "${DISPVM}" "~/edit-iso-dispvm.sh" 76 | 77 | sudo losetup -d "${LODEV}" 78 | 79 | echo "[*] Copying the final iso from '${DISPVM}' to '${OUTPUT}'..." 80 | 81 | shell_call "${DISPVM}" "cat ~/win-build.iso" > "${OUTPUT}" 82 | qrexec_call "${DISPVM}" "admin.vm.Kill" 83 | 84 | echo "[*] Done!" 85 | -------------------------------------------------------------------------------- /tools/windows/generate-iso.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -efo pipefail 4 | 5 | EDITED_ISO="win-build.iso" 6 | SCRIPT_DIR=$(dirname "$0") 7 | SCRIPT_DIR=$(readlink -f "$SCRIPT_DIR") 8 | SSH_KEY="/home/user/.ssh/win-build.key" 9 | 10 | usage() { 11 | echo "Usage: $(basename "$0") [OPTIONS] 12 | 13 | This script prepares an .iso image for the Windows builder executor qube. 14 | 15 | Options: 16 | --iso Path to unmodified Windows installation .iso file 17 | --output Path to output (edited) ISO file (default: ${EDITED_ISO}) 18 | " 19 | } 20 | 21 | if ! OPTS=$(getopt -o hi:o: --long help,iso:,output: -n "$0" -- "$@"); then 22 | exit 1 23 | fi 24 | 25 | eval set -- "$OPTS" 26 | 27 | while [[ $# -gt 0 ]]; do 28 | case "$1" in 29 | -h | --help) usage; exit 0 ;; 30 | -i | --iso) ISO="$2"; shift ;; 31 | -o | --output) EDITED_ISO="$2"; shift ;; 32 | esac 33 | shift 34 | done 35 | 36 | if [ -z "${ISO}" ] || [ -z "${EDITED_ISO}" ]; then 37 | usage 38 | exit 1 39 | fi 40 | 41 | # download/verify prerequisites 42 | "$SCRIPT_DIR/get-files.sh" -o "$SCRIPT_DIR" "$SCRIPT_DIR/deps.txt" 43 | 44 | # sshd installer 45 | cp -f "${SCRIPT_DIR}/win-opensshd.msi" "${SCRIPT_DIR}/iso-files/sources/\$OEM\$/\$1/qubes" 46 | 47 | # ssh key 48 | if [ -f "${SSH_KEY}" ]; then 49 | echo "[*] Using existing ssh key: ${SSH_KEY}" 50 | else 51 | echo "[*] Creating ssh key: ${SSH_KEY}" 52 | ssh-keygen -q -t ed25519 -N '' -f "${SSH_KEY}" 53 | fi 54 | 55 | cp -f "${SSH_KEY}.pub" "${SCRIPT_DIR}/iso-files/sources/\$OEM\$/\$1/qubes" 56 | 57 | # prepare edited iso 58 | "${SCRIPT_DIR}/edit-iso.sh" --input "$ISO" --output "$EDITED_ISO" --files "${SCRIPT_DIR}/iso-files" 59 | -------------------------------------------------------------------------------- /tools/windows/get-files.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -efo pipefail 4 | 5 | unset OUTDIR OPTS GETOPT_COMPATIBLE FILE_LIST SHA256 FILE_NAME FILE_URL FETCH_CMD UNTRUSTED_FILE_NAME LINES ROW 6 | 7 | OUTDIR=$(pwd) 8 | 9 | usage() { 10 | echo "Usage: $(basename "$0") [OPTIONS] file_list 11 | 12 | This script downloads and verifies files specified in file_list. 13 | file_list should contain lines in the following format: 14 | 15 | 16 | Options: 17 | --output-dir Output directory 18 | " 19 | } 20 | 21 | # $1 = expected sha256, $2 = file path 22 | verify() {( 23 | set +e 24 | if [[ $# -ne 2 ]]; then 25 | echo "[!] Bad arguments to verify()" 26 | return 1 27 | fi 28 | 29 | echo -n "[*] Verifying $2 ... " 30 | 31 | if echo "$1 $2" | sha256sum --check --status; then 32 | echo "OK" 33 | else 34 | echo "Failed!" 35 | rm -f "$2" 36 | return 1 37 | fi 38 | )} 39 | 40 | 41 | if ! OPTS=$(getopt -o ho: --long help,output-dir: -n "$0" -- "$@"); then 42 | exit 1 43 | fi 44 | 45 | eval set -- "$OPTS" 46 | 47 | while [[ $# -gt 0 ]]; do 48 | case "$1" in 49 | -h | --help) usage; exit 0 ;; 50 | -o | --optput-dir) OUTDIR="$2"; shift ;; 51 | *) FILE_LIST="$1" ;; 52 | esac 53 | shift 54 | done 55 | 56 | if [ -z "${FILE_LIST}" ]; then 57 | usage 58 | exit 1 59 | fi 60 | 61 | FETCH_CMD='curl --proto =https --proto-redir =https --tlsv1.2 --http1.1 -sSfL -o' 62 | 63 | # we don't use "while read... < $FILE_LIST" because qvm-run messes with stdin 64 | readarray -t LINES < "${FILE_LIST}" 65 | 66 | for ROW in "${LINES[@]}"; do 67 | read -r SHA256 FILE_NAME FILE_URL <<< "${ROW}" 68 | [[ "${SHA256}" = "#"* ]] && continue 69 | if [ -f "${OUTDIR}/${FILE_NAME}" ]; then 70 | echo "[*] File ${FILE_NAME} already exists" 71 | verify "${SHA256}" "${OUTDIR}/${FILE_NAME}" || exit 1 72 | else 73 | echo "[*] Downloading ${FILE_NAME}..." 74 | UNTRUSTED_FILE_NAME="untrusted_${FILE_NAME}" 75 | # don't save the file in /tmp because it may be too large 76 | qvm-run-vm --dispvm "${FETCH_CMD} /home/user/${FILE_NAME} ${FILE_URL} && cat /home/user/${FILE_NAME}" > "${OUTDIR}/${UNTRUSTED_FILE_NAME}" 77 | ( verify "${SHA256}" "${OUTDIR}/${UNTRUSTED_FILE_NAME}" && mv "${OUTDIR}/${UNTRUSTED_FILE_NAME}" "${OUTDIR}/${FILE_NAME}" ) || exit 1 78 | fi 79 | done 80 | -------------------------------------------------------------------------------- /tools/windows/iso-files/sources/$OEM$/$1/qubes/.gitignore: -------------------------------------------------------------------------------- 1 | /win-build.key.pub 2 | /win-opensshd.msi 3 | -------------------------------------------------------------------------------- /tools/windows/iso-files/sources/$OEM$/$1/qubes/ssh.ps1: -------------------------------------------------------------------------------- 1 | 2 | $src = "c:\qubes" 3 | 4 | Start-Process -Wait -FilePath "msiexec.exe" -ArgumentList "/i","$src\win-opensshd.msi","/passive" 5 | 6 | New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 -Program 'c:\Program Files\OpenSSH\sshd.exe' 7 | 8 | $akeys = "c:\ProgramData\ssh\administrators_authorized_keys" 9 | cp "$src\win-build.key.pub" "$akeys" 10 | 11 | # set permissions to only allow administrators 12 | $acl = Get-Acl $akeys 13 | $acl.SetAccessRuleProtection($true, $false) # disable ACL inheritance and remove all ACEs 14 | $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators", "FullControl", "None", "None", "Allow") 15 | $acl.SetAccessRule($rule) 16 | $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT Authority\SYSTEM", "FullControl", "None", "None", "Allow") 17 | $acl.SetAccessRule($rule) 18 | Set-Acl $akeys $acl 19 | 20 | $config = "c:\ProgramData\ssh\sshd_config" 21 | cp -Force "$src\sshd_config" "$config" 22 | # allow reading by authenticated users 23 | $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT Authority\Authenticated Users", "ReadAndExecute", "None", "None", "Allow") 24 | $acl.SetAccessRule($rule) 25 | Set-Acl $config $acl 26 | 27 | Restart-Service -Name sshd 28 | -------------------------------------------------------------------------------- /tools/windows/iso-files/sources/$OEM$/$1/qubes/sshd_config: -------------------------------------------------------------------------------- 1 | PasswordAuthentication no 2 | Subsystem sftp sftp-server.exe 3 | Match Group administrators 4 | AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys 5 | --------------------------------------------------------------------------------