From d58c870a5a3cc5d04a3c5b1eebce3c5557a1bad0 Mon Sep 17 00:00:00 2001
From: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Date: Thu, 16 Jan 2025 21:05:52 +0200
Subject: [PATCH 1/5] workflows/qubes-dom0-packagev2.yml: target Qubes OS 4.2

Instead of development version.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
---
 .github/workflows/qubes-dom0-packagev2.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/qubes-dom0-packagev2.yml b/.github/workflows/qubes-dom0-packagev2.yml
index 972d933..575a946 100644
--- a/.github/workflows/qubes-dom0-packagev2.yml
+++ b/.github/workflows/qubes-dom0-packagev2.yml
@@ -70,7 +70,7 @@ jobs:
           branch: ${{ github.head_ref }}
           tag: ${{ github.ref_name }}
         run: |
-          cp example-configs/qubes-os-main.yml builder.yml
+          cp example-configs/qubes-os-r4.2.yml builder.yml
           # Switch from Qubes to Docker executor
           sed -i "/^executor:$/,+4d; /^#executor:$/,+3s/#//" builder.yml
 

From 2fd2d3a131fc9044c8770956cc8b342136e1fada Mon Sep 17 00:00:00 2001
From: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Date: Mon, 30 Dec 2024 20:36:25 +0200
Subject: [PATCH 2/5] workflows/qubes-dom0-packagev2.yml: fix qubes-builderv2
 at 80dd898cc04

This avoids the following error from GitHub Actions:

    sudo: a password is required

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
---
 .github/workflows/qubes-dom0-packagev2.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/qubes-dom0-packagev2.yml b/.github/workflows/qubes-dom0-packagev2.yml
index 575a946..d7fdc3c 100644
--- a/.github/workflows/qubes-dom0-packagev2.yml
+++ b/.github/workflows/qubes-dom0-packagev2.yml
@@ -33,6 +33,8 @@ jobs:
       - uses: actions/checkout@v4
         with:
           repository: QubesOS/qubes-builderv2
+          ref: 80dd898cc0472dd99f161f1d1c7c44da64de93f2
+          fetch-depth: 0
 
       - name: Cache Docker image and dom0 stuff
         uses: actions/cache@v4

From aef474d988a441eaf8c9adfe45c9f3e0ccee8c8c Mon Sep 17 00:00:00 2001
From: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Date: Fri, 17 Jan 2025 00:11:23 +0200
Subject: [PATCH 3/5] workflows/qubes-dom0-packagev2.yml: allow forcing version
 number

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
---
 .github/workflows/qubes-dom0-packagev2.yml | 12 ++++++++++--
 README.md                                  |  1 +
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/qubes-dom0-packagev2.yml b/.github/workflows/qubes-dom0-packagev2.yml
index d7fdc3c..6174b22 100644
--- a/.github/workflows/qubes-dom0-packagev2.yml
+++ b/.github/workflows/qubes-dom0-packagev2.yml
@@ -13,6 +13,11 @@ on:
           Relative path to directory containing Qubes OS package.
         required: false
         type: string
+      qubes-pkg-version:
+        description: >
+          Forced version of a package.
+        required: false
+        type: string
 
 jobs:
   build-and-package:
@@ -67,6 +72,7 @@ jobs:
           URL: ${{ github.repositoryUrl }}
           COMPONENT: ${{ inputs.qubes-component }}
           PKG_DIR: ${{ inputs.qubes-pkg-src-dir }}
+          PKG_VER: ${{ inputs.qubes-pkg-version }}
           # Following 2 variables are used in double expansion '${${{ github.ref_type }}}',
           # do not change these names even though they don't follow the convention.
           branch: ${{ github.head_ref }}
@@ -110,8 +116,10 @@ jobs:
               mv "$clone_dir/$COMPONENT.spec.in.tmp" "$clone_dir/$COMPONENT.spec.in"
 
               echo 1 > "$clone_dir/rel"
-              echo "0+$(git -C "$clone_dir" show-ref -s "$branch_name" | head -1)" \
-                  > "$clone_dir/version"
+              if [ -z "$PKG_VER" ]; then
+                  PKG_VER="0+$(git -C "$clone_dir" show-ref -s "$branch_name" | head -1)"
+              fi
+              echo "$PKG_VER" > "$clone_dir/version"
               cat > "$clone_dir/.qubesbuilder" <<EOF
               host:
                 rpm:
diff --git a/README.md b/README.md
index decd713..4f7bff4 100644
--- a/README.md
+++ b/README.md
@@ -72,6 +72,7 @@ builder's repository contains its own Docker image.
 | ---------           | ----   | ---- | ---- | -----------
 | `qubes-component`   | string | Yes  | -    | Name of QubesOS component as recognized by its build system.
 | `qubes-pkg-src-dir` | string | No   | -    | Relative path to directory containing Qubes OS package.
+| `qubes-pkg-version` | string | No   | auto | Version for RPM packages
 
 Used by [TrenchBoot/qubes-antievilmaid][aem] and
 [TrenchBoot/secure-kernel-loader][skl].  The latter makes use of

From 043ea3e565803f80cb50d29e8b94b665b4b29d14 Mon Sep 17 00:00:00 2001
From: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Date: Fri, 17 Jan 2025 17:03:18 +0200
Subject: [PATCH 4/5] workflows/qubes-dom0-packagev2.yml: allow forcing
 revision number

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
---
 .github/workflows/qubes-dom0-packagev2.yml | 13 ++++++++++++-
 README.md                                  | 11 ++++++-----
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/qubes-dom0-packagev2.yml b/.github/workflows/qubes-dom0-packagev2.yml
index 6174b22..630ef41 100644
--- a/.github/workflows/qubes-dom0-packagev2.yml
+++ b/.github/workflows/qubes-dom0-packagev2.yml
@@ -13,6 +13,11 @@ on:
           Relative path to directory containing Qubes OS package.
         required: false
         type: string
+      qubes-pkg-revision:
+        description: >
+          Forced revision of a package.
+        required: false
+        type: string
       qubes-pkg-version:
         description: >
           Forced version of a package.
@@ -72,6 +77,7 @@ jobs:
           URL: ${{ github.repositoryUrl }}
           COMPONENT: ${{ inputs.qubes-component }}
           PKG_DIR: ${{ inputs.qubes-pkg-src-dir }}
+          PKG_REV: ${{ inputs.qubes-pkg-revision }}
           PKG_VER: ${{ inputs.qubes-pkg-version }}
           # Following 2 variables are used in double expansion '${${{ github.ref_type }}}',
           # do not change these names even though they don't follow the convention.
@@ -115,11 +121,16 @@ jobs:
               # Temporary file handles case when qubes-pkg-src-dir is set to '.'
               mv "$clone_dir/$COMPONENT.spec.in.tmp" "$clone_dir/$COMPONENT.spec.in"
 
-              echo 1 > "$clone_dir/rel"
+              if [ -z "$PKG_REV" ]; then
+                  PKG_REV=1
+              fi
+              echo "$PKG_REV" > "$clone_dir/rel"
+
               if [ -z "$PKG_VER" ]; then
                   PKG_VER="0+$(git -C "$clone_dir" show-ref -s "$branch_name" | head -1)"
               fi
               echo "$PKG_VER" > "$clone_dir/version"
+
               cat > "$clone_dir/.qubesbuilder" <<EOF
               host:
                 rpm:
diff --git a/README.md b/README.md
index 4f7bff4..5a49378 100644
--- a/README.md
+++ b/README.md
@@ -68,11 +68,12 @@ package, hence significantly reduced set of parameters.
 There is also no need to use `qubes-builder-docker/` in this case because
 builder's repository contains its own Docker image.
 
-| Parameter           | Type   | Req. | Def. | Description
-| ---------           | ----   | ---- | ---- | -----------
-| `qubes-component`   | string | Yes  | -    | Name of QubesOS component as recognized by its build system.
-| `qubes-pkg-src-dir` | string | No   | -    | Relative path to directory containing Qubes OS package.
-| `qubes-pkg-version` | string | No   | auto | Version for RPM packages
+| Parameter            | Type   | Req. | Def. | Description
+| ---------            | ----   | ---- | ---- | -----------
+| `qubes-component`    | string | Yes  | -    | Name of QubesOS component as recognized by its build system.
+| `qubes-pkg-src-dir`  | string | No   | -    | Relative path to directory containing Qubes OS package.
+| `qubes-pkg-version`  | string | No   | auto | Version for RPM packages
+| `qubes-pkg-revision` | string | No   | `1`  | Revision for RPM packages
 
 Used by [TrenchBoot/qubes-antievilmaid][aem] and
 [TrenchBoot/secure-kernel-loader][skl].  The latter makes use of

From 917c561f985dd614be08a9f6e450480b3b322da9 Mon Sep 17 00:00:00 2001
From: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Date: Sun, 19 Jan 2025 19:48:49 +0200
Subject: [PATCH 5/5] workflows/qubes-dom0-packagev2.yml: don't use unset
 $clone_dir

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
---
 .github/workflows/qubes-dom0-packagev2.yml | 24 +++++++++++-----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/qubes-dom0-packagev2.yml b/.github/workflows/qubes-dom0-packagev2.yml
index 630ef41..d29e113 100644
--- a/.github/workflows/qubes-dom0-packagev2.yml
+++ b/.github/workflows/qubes-dom0-packagev2.yml
@@ -160,6 +160,18 @@ jobs:
               sed -i "/^  - $COMPONENT:/a\      verification-mode: insecure-skip-checking" builder.yml
               sed -i "/^  - $COMPONENT:/a\      branch: $branch_name" builder.yml
               sed -i "/^  - $COMPONENT:/a\      url: /builder/$rel_clone_dir" builder.yml
+
+              echo "::group::version"
+              cat $clone_dir/version
+              echo "::endgroup::"
+
+              echo "::group::$COMPONENT.spec.in"
+              cat $clone_dir/$COMPONENT.spec.in
+              echo "::endgroup::"
+
+              echo "::group::.qubesbuilder"
+              cat $clone_dir/.qubesbuilder
+              echo "::endgroup::"
           else
               # It's an existing component that needs some overrides
               sed -i "1,/^  - $COMPONENT/s#^  - $COMPONENT#&:#" builder.yml
@@ -172,18 +184,6 @@ jobs:
           cat builder.yml
           echo "::endgroup::"
 
-          echo "::group::version"
-          cat $clone_dir/version
-          echo "::endgroup::"
-
-          echo "::group::$COMPONENT.spec.in"
-          cat $clone_dir/$COMPONENT.spec.in
-          echo "::endgroup::"
-
-          echo "::group::.qubesbuilder"
-          cat $clone_dir/.qubesbuilder
-          echo "::endgroup::"
-
       - name: Build and package
         env:
           DEBUG: ${{ runner.debug == 1 && '--debug --verbose' || '' }}