From 65854af684717c988d9a07b4b9d3b16c560f1bae Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Wed, 12 Mar 2025 19:07:21 -0400
Subject: [PATCH 01/26] ilot/nextcloud31: new aport

---
 ilot/nextcloud31/APKBUILD                     | 327 ++++++++++++++++++
 ilot/nextcloud31/README.alpine                |   5 +
 .../disable-integrity-check-as-default.patch  |  23 ++
 ilot/nextcloud31/dont-update-htaccess.patch   |  42 +++
 ilot/nextcloud31/fpm-pool.conf                | 200 +++++++++++
 ilot/nextcloud31/nextcloud-config.php         |  37 ++
 ilot/nextcloud31/nextcloud-dont-chmod.patch   |  58 ++++
 ilot/nextcloud31/nextcloud-mysql.cnf          |   3 +
 ilot/nextcloud31/nextcloud.confd              |   8 +
 ilot/nextcloud31/nextcloud.cron               |   6 +
 ilot/nextcloud31/nextcloud.logrotate          |   6 +
 .../nextcloud31-initscript.post-install       |  28 ++
 ilot/nextcloud31/nextcloud31.post-install     |  11 +
 ilot/nextcloud31/nextcloud31.post-upgrade     |  47 +++
 ilot/nextcloud31/nextcloud31.pre-install      |   6 +
 ilot/nextcloud31/nextcloud31.pre-upgrade      |  10 +
 ilot/nextcloud31/occ                          |  10 +
 ...use-external-docs-if-local-not-avail.patch |  36 ++
 18 files changed, 863 insertions(+)
 create mode 100644 ilot/nextcloud31/APKBUILD
 create mode 100644 ilot/nextcloud31/README.alpine
 create mode 100644 ilot/nextcloud31/disable-integrity-check-as-default.patch
 create mode 100644 ilot/nextcloud31/dont-update-htaccess.patch
 create mode 100644 ilot/nextcloud31/fpm-pool.conf
 create mode 100644 ilot/nextcloud31/nextcloud-config.php
 create mode 100644 ilot/nextcloud31/nextcloud-dont-chmod.patch
 create mode 100644 ilot/nextcloud31/nextcloud-mysql.cnf
 create mode 100644 ilot/nextcloud31/nextcloud.confd
 create mode 100644 ilot/nextcloud31/nextcloud.cron
 create mode 100644 ilot/nextcloud31/nextcloud.logrotate
 create mode 100644 ilot/nextcloud31/nextcloud31-initscript.post-install
 create mode 100644 ilot/nextcloud31/nextcloud31.post-install
 create mode 100644 ilot/nextcloud31/nextcloud31.post-upgrade
 create mode 100644 ilot/nextcloud31/nextcloud31.pre-install
 create mode 100644 ilot/nextcloud31/nextcloud31.pre-upgrade
 create mode 100644 ilot/nextcloud31/occ
 create mode 100644 ilot/nextcloud31/use-external-docs-if-local-not-avail.patch

diff --git a/ilot/nextcloud31/APKBUILD b/ilot/nextcloud31/APKBUILD
new file mode 100644
index 0000000..3a4dc30
--- /dev/null
+++ b/ilot/nextcloud31/APKBUILD
@@ -0,0 +1,327 @@
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Contributor: jahway603 <jahway603@protonmail.com>
+# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
+_pkgname=nextcloud
+pkgver=31.0.0
+pkgrel=0
+is_latest=true
+_pkgvermaj=${pkgver%%.*}
+pkgname=nextcloud$_pkgvermaj
+_replaced_ver=$(( _pkgvermaj - 1 ))
+pkgdesc="A safe home for all your data"
+url="https://nextcloud.com/"
+arch="noarch"
+license="AGPL-3.0-only"
+_php=php83
+_php_mods="-bcmath -ctype -curl -dom -gd -fileinfo -gmp -iconv -intl
+	-mbstring -opcache -openssl -pcntl -posix -session
+	-simplexml -xml -xmlreader -xmlwriter -zip"
+depends="ca-certificates $_php ${_php_mods//-/$_php-}"
+makedepends="xmlstarlet"
+$is_latest && provides="$_pkgname=$pkgver-r$pkgrel
+	$_pkgname-accessibility=$pkgver-r$pkgrel
+	$pkgname-accessibility=$pkgver-r$pkgrel
+	$_pkgname-bruteforcesettings=$pkgver-r$pkgrel
+	$pkgname-bruteforcesettings=$pkgver-r$pkgrel
+	$_pkgname-contactsinteraction=$pkgver-r$pkgrel
+	$pkgname-contactsinteraction=$pkgver-r$pkgrel
+	$_pkgname-cloud_federation_api=$pkgver-r$pkgrel
+	$pkgname-cloud_federation_api=$pkgver-r$pkgrel
+	$_pkgname-dav=$pkgver-r$pkgrel
+	$pkgname-dav=$pkgver-r$pkgrel
+	$_pkgname-files=$pkgver-r$pkgrel
+	$pkgname-files=$pkgver-r$pkgrel
+	$_pkgname-files_videoplayer=$pkgver-r$pkgrel
+	$pkgname-files_videoplayer=$pkgver-r$pkgrel
+	$_pkgname-federatedfilesharing=$pkgver-r$pkgrel
+	$pkgname-federatedfilesharing=$pkgver-r$pkgrel
+	$_pkgname-lookup_server_connector=$pkgver-r$pkgrel
+	$pkgname-lookup_server_connector=$pkgver-r$pkgrel
+	$_pkgname-oauth2=$pkgver-r$pkgrel
+	$pkgname-oauth2=$pkgver-r$pkgrel
+	$_pkgname-provisioning_api=$pkgver-r$pkgrel
+	$pkgname-provisioning_api=$pkgver-r$pkgrel
+	$_pkgname-related_resources=$pkgver-r$pkgrel
+	$pkgname-related_resources=$pkgver-r$pkgrel
+	$_pkgname-settings=$pkgver-r$pkgrel
+	$pkgname-settings=$pkgver-r$pkgrel
+	$_pkgname-theming=$pkgver-r$pkgrel
+	$pkgname-theming=$pkgver-r$pkgrel
+	$_pkgname-twofactor_backupcodes=$pkgver-r$pkgrel
+	$pkgname-twofactor_backupcodes=$pkgver-r$pkgrel
+	$_pkgname-twofactor_nextcloud_notification=$pkgver-r$pkgrel
+	$pkgname-twofactor_nextcloud_notification=$pkgver-r$pkgrel
+	$_pkgname-twofactor_totp=$pkgver-r$pkgrel
+	$pkgname-twofactor_totp=$pkgver-r$pkgrel
+	$_pkgname-viewer=$pkgver-r$pkgrel
+	$pkgname-viewer=$pkgver-r$pkgrel
+	$_pkgname-workflowengine=$pkgver-r$pkgrel
+	$pkgname-workflowengine=$pkgver-r$pkgrel
+	" || provides="$pkgname-accessibility=$pkgver-r$pkgrel
+	$pkgname-bruteforcesettings=$pkgver-r$pkgrel
+	$pkgname-contactsinteraction=$pkgver-r$pkgrel
+	$pkgname-cloud_federation_api=$pkgver-r$pkgrel
+	$pkgname-dav=$pkgver-r$pkgrel
+	$pkgname-files=$pkgver-r$pkgrel
+	$pkgname-files_videoplayer=$pkgver-r$pkgrel
+	$pkgname-federatedfilesharing=$pkgver-r$pkgrel
+	$pkgname-lookup_server_connector=$pkgver-r$pkgrel
+	$pkgname-oauth2=$pkgver-r$pkgrel
+	$pkgname-provisioning_api=$pkgver-r$pkgrel
+	$pkgname-related_resources=$pkgver-r$pkgrel
+	$pkgname-settings=$pkgver-r$pkgrel
+	$pkgname-theming=$pkgver-r$pkgrel
+	$pkgname-twofactor_backupcodes=$pkgver-r$pkgrel
+	$pkgname-twofactor_nextcloud_notification=$pkgver-r$pkgrel
+	$pkgname-twofactor_totp=$pkgver-r$pkgrel
+	$pkgname-viewer=$pkgver-r$pkgrel
+	$pkgname-workflowengine=$pkgver-r$pkgrel
+	"
+replaces="nextcloud$_replaced_ver"
+install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade $pkgname.post-install
+	$pkgname-initscript.post-install"
+subpackages="$pkgname-doc $pkgname-initscript $pkgname-mysql $pkgname-pgsql $pkgname-sqlite
+	$pkgname-default-apps:_default_apps $pkgname-occ"
+source="https://download.nextcloud.com/server/releases/nextcloud-$pkgver.tar.bz2
+	nextcloud-dont-chmod.patch
+	dont-update-htaccess.patch
+	disable-integrity-check-as-default.patch
+	use-external-docs-if-local-not-avail.patch
+
+	$_pkgname-config.php
+	$_pkgname.logrotate
+	$_pkgname.confd
+	$_pkgname.cron
+	$_pkgname-mysql.cnf
+	fpm-pool.conf
+	occ
+	"
+options="!check"
+pkgusers="nextcloud"
+pkggroups="www-data"
+builddir="$srcdir"/$_pkgname
+
+# List of bundled apps to separate into subpackages. Keep it in sync!
+# Note: Don't add "bruteforcesettings", "contactsinteraction",
+# "cloud_federation_api", "dav", "files",
+# "federatedfilesharing", "lookup_server_connector", "provisioning_api",
+# "oauth2", "settings", "twofactor_backupcodes", "twofactor_totp",
+# "twofactor_nextcloud_notification", "theming", "viewer",
+# "workflowengine", "related_resources"
+# here, these should be always installed.
+_apps="activity
+	admin_audit
+	app_api
+	circles
+	comments
+	dashboard
+	encryption
+	federation
+	files_downloadlimit
+	files_external
+	files_pdfviewer
+	files_reminders
+	files_sharing
+	files_trashbin
+	files_versions
+	firstrunwizard
+	logreader
+	nextcloud_announcements
+	notifications
+	password_policy
+	photos
+	privacy
+	recommendations
+	serverinfo
+	support
+	sharebymail
+	survey_client
+	suspicious_login
+	systemtags
+	text
+	user_ldap
+	user_status
+	weather_status
+	webhook_listeners
+	"
+for _i in $_apps; do
+	subpackages="$subpackages $pkgname-$_i:_package_app"
+done
+
+# Directory for apps shipped with Nextcloud.
+_appsdir="usr/share/webapps/$_pkgname/apps"
+
+package() {
+	local basedir="var/lib/$_pkgname"
+	local datadir="$basedir/data"
+	local wwwdir="usr/share/webapps/$_pkgname"
+	local confdir="etc/$_pkgname"
+
+	mkdir -p "$pkgdir"
+	cd "$pkgdir"
+
+	mkdir -p ./${wwwdir%/*}
+	cp -a "$builddir" ./$wwwdir
+
+	chmod +x ./$wwwdir/occ
+	chmod 664 ./$wwwdir/.htaccess \
+		./$wwwdir/.user.ini
+
+	# Let's not ship upstream's 'updatenotification' app and updater, which
+	# has zero chance of working and a big chance of blowing things up.
+	rm -r ./$wwwdir/apps/updatenotification \
+		./$wwwdir/lib/private/Updater/VersionCheck.php
+
+	# Replace bundled CA bundle with ours.
+	ln -sf /etc/ssl/certs/ca-certificates.crt ./$wwwdir/resources/config/ca-bundle.crt
+
+	install -d -m 770 -o nextcloud -g www-data \
+		./$confdir ./$datadir ./$basedir/apps
+	install -d -m 775 -o nextcloud -g www-data \
+		./var/log/$_pkgname
+
+	# Create symlink from web root to site-apps, so web server can find
+	# assets w/o explicit configuration for this layout.
+	ln -s /$basedir/apps ./$wwwdir/apps-appstore
+
+	mv ./$wwwdir/config/* ./$confdir/
+	rm -r ./$wwwdir/config
+	ln -s /$confdir ./$wwwdir/config
+
+	mkdir -p ./usr/share/doc/$pkgname
+	mv ./$wwwdir/core/doc ./usr/share/doc/$pkgname/core
+
+	install -m 660 -o nextcloud -g www-data \
+		"$srcdir"/$_pkgname-config.php ./$confdir/config.php
+
+	install -m 644 -D "$srcdir"/$_pkgname.logrotate ./etc/logrotate.d/$_pkgname
+
+	install -m 755 -D "$srcdir"/occ ./usr/bin/occ
+
+	# Clean some unnecessary files.
+	find . -name .gitignore -delete \
+		-o -name .bower.json -delete \
+		-o -name 'README*' -delete \
+		-o -name 'CHANGELOG*' -delete \
+		-o -name 'CONTRIBUTING*' -delete
+	find . -name .github -type d -prune -exec rm -r {} \;
+}
+
+doc() {
+	replaces="nextcloud$_replaced_ver-doc"
+	$is_latest && provides="$_pkgname-doc=$pkgver-r$pkgrel"
+	default_doc
+
+	local target="$subpkgdir"/usr/share/webapps/$_pkgname/core/doc
+	mkdir -p "${target%/*}"
+	ln -s ../../../doc/$pkgname/core "$target"
+	install -m644 README.alpine "$subpkgdir"/usr/share/webapps/$_pkgname/README.alpine
+}
+
+initscript() {
+	pkgdesc="Init script that runs Nextcloud with php-fpm"
+	depends="$pkgname $_php-fpm"
+	replaces="nextcloud$_replaced_ver-initscript"
+	$is_latest && provides="$_pkgname-initscript=$pkgver-r$pkgrel"
+
+	local confdir="$subpkgdir/etc/$_php/php-fpm.d"
+	local fpm_name="php-fpm${_php#php}"
+
+	install -m 644 -D "$srcdir"/fpm-pool.conf "$confdir"/$_pkgname.conf
+	install -m 644 -D "$srcdir"/$_pkgname.confd "$subpkgdir"/etc/conf.d/$_pkgname
+	install -m 755 -D "$srcdir"/$_pkgname.cron "$subpkgdir"/etc/periodic/15min/$_pkgname
+
+	mkdir -p "$subpkgdir"/etc/init.d
+	ln -s $fpm_name "$subpkgdir"/etc/init.d/$_pkgname
+}
+
+pgsql() {
+	pkgdesc="Nextcloud PostgreSQL support"
+	depends="$pkgname $_php-pgsql $_php-pdo_pgsql"
+	replaces="nextcloud$_replaced_ver-pgsql"
+	$is_latest && provides="$_pkgname-pgsql=$pkgver-r$pkgrel"
+	mkdir -p "$subpkgdir"
+}
+
+sqlite() {
+	pkgdesc="Nextcloud SQLite support"
+	depends="$pkgname $_php-sqlite3 $_php-pdo_sqlite"
+	replaces="nextcloud$_replaced_ver-sqlite"
+	$is_latest && provides="$_pkgname-sqlite=$pkgver-r$pkgrel"
+	mkdir -p "$subpkgdir"
+}
+
+mysql() {
+	pkgdesc="Nextcloud MySQL support"
+	depends="$pkgname $_php-pdo_mysql"
+	replaces="nextcloud$_replaced_ver-mysql"
+	$is_latest && provides="$_pkgname-mysql=$pkgver-r$pkgrel"
+
+	mkdir -p "$subpkgdir"
+	install -m 644 -D "$srcdir"/$_pkgname-mysql.cnf "$subpkgdir"/etc/my.cnf.d/$_pkgname.cnf
+}
+
+occ() {
+       pkgdesc="Nextcloud OCC cmd"
+       replaces="nextcloud$_replaced_ver-occ"
+       $is_latest && provides="$_pkgname-occ=$pkgver-r$pkgrel"
+       mkdir -p "$subpkgdir/usr/share/webapps/$_pkgname"
+       amove "usr/share/webapps/$_pkgname/occ"
+       amove "usr/bin/occ"
+}
+
+_default_apps() {
+	pkgdesc="Nextcloud default apps"
+	depends="$pkgname"
+	replaces="nextcloud$_replaced_ver-default-apps"
+	$is_latest && provides="$_pkgname-default-apps=$pkgver-r$pkgrel"
+
+	local path; for path in "$pkgdir"/"$_appsdir"/*; do
+		if grep -q '<default_enable\s*/>' "$path"/appinfo/info.xml; then
+			depends="$depends $pkgname-${path##*/}"
+		fi
+	done
+
+	mkdir -p "$subpkgdir"
+}
+
+_package_app() {
+	local appname="${subpkgname#"$pkgname"-}"
+	local appinfo="$pkgdir/$_appsdir/$appname/appinfo/info.xml"
+
+	local name=$(xmlstarlet sel -t -v 'info/name/text()' "$appinfo")
+	pkgdesc="Nextcloud ${name:-$appname} app"
+	replaces="nextcloud$_replaced_ver-$appname"
+	$is_latest && provides="$_pkgname-$appname=$pkgver-r$pkgrel"
+
+	local php_deps=$(xmlstarlet sel -t -v 'info/dependencies/lib/text()' "$appinfo" \
+		| xargs -r -n1 printf "$_php-%s\n")
+	local app_deps=""
+
+	case "$appname" in
+		files_sharing)	app_deps="-federatedfilesharing"
+		;;
+		serverinfo) app_deps="-files_sharing"
+	esac
+
+	depends="$pkgname $php_deps ${app_deps//-/$pkgname-}"
+
+	mkdir -p "$subpkgdir"/$_appsdir
+	mv "$pkgdir"/$_appsdir/$appname "$subpkgdir"/$_appsdir/
+}
+
+sha512sums="
+e9311423ba42c9f3d30b455fe47105f216262cc75dd7ea227fb939bfd10c3614b84e9aef1da6b3737fc0c0fe136d4ebe19107f8b97da5fd3910a47f7b2811eb1  nextcloud-31.0.0.tar.bz2
+aea0adb2c3a48ec6af2958c6ccfe13adff86316a56084e763b7e6df9e21aa3435b13305b7c15cc2b795e83c9388b05006862f6465c29e3dc2c1fbd8eb8befcb9  nextcloud-dont-chmod.patch
+12f4a39aef0f81a0115c81bf2b345cc194537a7e8300748b800b0e35bc07928091296074b23c2019c17aced69854a11d1ed7225f67eefd27cf00c3969a75c5b0  dont-update-htaccess.patch
+cb04252d01407c7030e87dd54616c621ea0f85ef0212674b1161288182538cae0fb31c67e7cc07c66f9607075774c64e386009cc66365b1f1b155f6ad4f83ac0  disable-integrity-check-as-default.patch
+c0a9b7c31c8beaca711f8e97d98441007b3dca7fb3d316d2eacd28a73b5233def6f846c02d98202f75efb9cb248b8787a80e20b07c32d1c7534a0e54bb20feab  use-external-docs-if-local-not-avail.patch
+5925787e34c39ad217103b9ebe82654c612a97e70d4b2208c77f84847afb1bcccd929366a807fa76ff929a7ee7e8008eaa58fd950915ffcce8ef2ddf97ef9d1d  50813_check-if-storage-id-is-set-on-cache.patch
+5f73cd9399fa484ef15bd47e803c93381deffbc7699eceadbb5c27e43b20156806d74e5021a64d28f0165ef87b519e962780651711a37bceb9f0b04455dfdce1  nextcloud-config.php
+7388458a9e8b7afd3d3269718306410ffa59c3c23da4bef367a4d7f6d2570136fae9dd421b19c1441e7ffb15a5405e18bb5da67b1a15f9f45e8b98d3fda532ba  nextcloud.logrotate
+dcc57735d7d4af4a7ebbdd1186d301e51d2ae4675022aea6bf1111222dfa188a3a490ebd6e7c8a7ac30046cb7d93f81cec72a51acbc60d0c10b7fb64630c637a  nextcloud.confd
+06a62deae219d09df7acbf38ccb1dcac691dd882459ef70243b5583d7ed21d1ea81dbf0751b4e7199c0de9878755a3882e139d9ccc280bf2e90cbe33fb565487  nextcloud.cron
+b9ad5434c384c96608f00d65c45f782e279c6756da8fb706f62ecaf7b7aa420077cb6989da5e85becc47418884ec0672e7db874174454ca679fdca84a50f537f  nextcloud-mysql.cnf
+78ef204ee7c12b228c0b7b04333514e561c1c8e19153f5507224fa4fdd112aaaa6331747014f3b72181298f52ecd4223bcff4bd963b49b49153265254b07e79b  fpm-pool.conf
+be54ad9308c8250ff3aef3514b10b228487fc2fbdefa1d28dbbb18a4770f7d9fda90e80c722de8e3c25ce752d124ff79314f16f783b1e5ad67df4e1fe6e880f9  occ
+"
diff --git a/ilot/nextcloud31/README.alpine b/ilot/nextcloud31/README.alpine
new file mode 100644
index 0000000..229ab60
--- /dev/null
+++ b/ilot/nextcloud31/README.alpine
@@ -0,0 +1,5 @@
+## nextcloud-serverinfo package
+
+If you are using the provided nextcloud php-fpm configuration,
+nextcloud-serverinfo package requires to enable 'shell_exec' function
+in php configuration file 'nextcloud.conf'.
diff --git a/ilot/nextcloud31/disable-integrity-check-as-default.patch b/ilot/nextcloud31/disable-integrity-check-as-default.patch
new file mode 100644
index 0000000..f6a3a11
--- /dev/null
+++ b/ilot/nextcloud31/disable-integrity-check-as-default.patch
@@ -0,0 +1,23 @@
+We patch some files and Nextcloud's integrity check doesn't like it...
+APK ensures integrity of all installed files, so this Nextcloud's integrity
+check doesn't add any value.
+---
+ lib/private/IntegrityCheck/Checker.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php
+index e8fd087e..cfbaeb7d 100644
+--- a/lib/private/IntegrityCheck/Checker.php
++++ b/lib/private/IntegrityCheck/Checker.php
+@@ -91,7 +91,7 @@ class Checker {
+ 		 * applicable for very specific scenarios and we should not advertise it
+ 		 * too prominent. So please do not add it to config.sample.php.
+ 		 */
+-		return !($this->config?->getSystemValueBool('integrity.check.disabled', false) ?? false);
++		return !($this->config?->getSystemValueBool('integrity.check.disabled', true) ?? true);
+ 	}
+ 
+ 	/**
+-- 
+2.44.0
+
diff --git a/ilot/nextcloud31/dont-update-htaccess.patch b/ilot/nextcloud31/dont-update-htaccess.patch
new file mode 100644
index 0000000..87ec6a1
--- /dev/null
+++ b/ilot/nextcloud31/dont-update-htaccess.patch
@@ -0,0 +1,42 @@
+Don't mess with .htaccess files.
+
+Patch ported from https://src.fedoraproject.org/cgit/rpms/nextcloud.git/tree/nextcloud-9.1.0-dont_update_htacess.patch
+---
+ core/register_command.php | 1 -
+ lib/private/Updater.php   | 8 --------
+ 2 files changed, 9 deletions(-)
+
+diff --git a/core/register_command.php b/core/register_command.php
+index 4a84e551..a5158dc4 100644
+--- a/core/register_command.php
++++ b/core/register_command.php
+@@ -136,7 +136,6 @@ if ($config->getSystemValueBool('installed', false)) {
+ 	$application->add(Server::get(Command\Maintenance\Mimetype\UpdateDB::class));
+ 	$application->add(Server::get(Command\Maintenance\Mimetype\UpdateJS::class));
+ 	$application->add(Server::get(Command\Maintenance\Mode::class));
+-	$application->add(Server::get(Command\Maintenance\UpdateHtaccess::class));
+ 	$application->add(Server::get(Command\Maintenance\UpdateTheme::class));
+ 
+ 	$application->add(Server::get(Command\Upgrade::class));
+diff --git a/lib/private/Updater.php b/lib/private/Updater.php
+index 09866273..59144308 100644
+--- a/lib/private/Updater.php
++++ b/lib/private/Updater.php
+@@ -230,14 +230,6 @@ class Updater extends BasicEmitter {
+ 			throw new \Exception('Updates between multiple major versions and downgrades are unsupported.');
+ 		}
+ 
+-		// Update .htaccess files
+-		try {
+-			Setup::updateHtaccess();
+-			Setup::protectDataDirectory();
+-		} catch (\Exception $e) {
+-			throw new \Exception($e->getMessage());
+-		}
+-
+ 		// create empty file in data dir, so we can later find
+ 		// out that this is indeed an ownCloud data directory
+ 		// (in case it didn't exist before)
+-- 
+2.44.0
+
diff --git a/ilot/nextcloud31/fpm-pool.conf b/ilot/nextcloud31/fpm-pool.conf
new file mode 100644
index 0000000..cae9acc
--- /dev/null
+++ b/ilot/nextcloud31/fpm-pool.conf
@@ -0,0 +1,200 @@
+[global]
+; Error log file
+; Default Value: log/php-fpm.log
+error_log = /var/log/nextcloud/php-fpm.log
+
+; Log level
+; Possible Values: alert, error, warning, notice, debug
+; Default Value: notice
+log_level = warning
+
+; If this number of child processes exit with SIGSEGV or SIGBUS within the time
+; interval set by emergency_restart_interval then FPM will restart. A value
+; of '0' means 'Off'.
+; Default Value: 0
+emergency_restart_threshold = 10
+
+; Interval of time used by emergency_restart_interval to determine when
+; a graceful restart will be initiated.  This can be useful to work around
+; accidental corruptions in an accelerator's shared memory.
+; Available Units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+emergency_restart_interval = 1m
+
+; Time limit for child processes to wait for a reaction on signals from master.
+; Available units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+process_control_timeout = 10s
+
+
+[nextcloud]
+user = nextcloud
+group = www-data
+
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses on a
+;                            specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket (the path is *not*
+;                            relative to chroot!)
+; Note: This value is mandatory.
+listen = /run/nextcloud/fastcgi.sock
+
+; Set permissions for unix socket, if one is used. In Linux, read/write
+; permissions must be set in order to allow connections from a web server. Many
+; BSD-derived systems allow connections regardless of permissions.
+; Default Values: user and group are set as the running user
+;                 mode is set to 0666
+listen.mode  = 0660
+
+; Choose how the process manager will control the number of child processes.
+; Possible Values:
+;   static   ... a fixed number of child processes.
+;   dynamic  ... the number of child processes are set dynamically.
+;   ondemand ... no children are created at startup; children will be forked
+;                when new requests will connect.
+; Note: This value is mandatory.
+pm = ondemand
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
+pm.max_children = 10
+
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+pm.process_idle_timeout = 120s
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+pm.max_requests = 500
+
+; The URI to view the FPM status page. If this value is not set, no URI will be
+; recognized as a status page.
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+pm.status_path =
+
+; The ping URI to call the monitoring page of FPM. If this value is not set, no
+; URI will be recognized as a ping page. This could be used to test from outside
+; that FPM is alive and responding, or to
+; - create a graph of FPM availability (rrd or such);
+; - remove a server from a group if it is not responding (load balancing);
+; - trigger alerts for the operating team (24/7).
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+ping.path = /ping
+
+; The timeout for serving a single request after which the worker process will
+; be killed. This option should be used when the 'max_execution_time' ini option
+; does not stop script execution for some reason. A value of '0' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_terminate_timeout = 0
+
+; The timeout for serving a single request after which a PHP backtrace will be
+; dumped to the 'slowlog' file. A value of '0s' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_slowlog_timeout = 0
+
+; The log file for slow requests
+; Default Value: not set
+; Note: slowlog is mandatory if request_slowlog_timeout is set
+; Note: the path is *not* relative to chroot.
+;slowlog = /var/log/nextcloud/php-fpm.slow.log
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+;catch_workers_output = yes
+
+; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
+; the current environment.
+; Default Value: clean env
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp
+
+; Additional php.ini defines, specific to this pool of workers. These settings
+; overwrite the values previously defined in the php.ini. The directives are the
+; same as the PHP SAPI:
+;   php_value/php_flag             - you can set classic ini defines which can
+;                                    be overwritten from PHP call 'ini_set'.
+;   php_admin_value/php_admin_flag - these directives won't be overwritten by
+;                                     PHP call 'ini_set'
+; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
+;
+; Defining 'extension' will load the corresponding shared extension from
+; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
+; overwrite previously defined php.ini values, but will append the new value
+; instead.
+;
+; Note: path INI options can be relative and will be expanded with the prefix
+; (pool, global or /usr/lib/php7.x)
+
+; Allow HTTP file uploads.
+php_admin_flag[file_uploads] = true
+
+; Maximal size of a file that can be uploaded via web interface.
+php_admin_value[memory_limit] = 512M
+php_admin_value[post_max_size] = 513M
+php_admin_value[upload_max_filesize] = 513M
+
+; Where to store temporary files.
+php_admin_value[session.save_path] = /var/tmp/nextcloud
+php_admin_value[sys_temp_dir] = /var/tmp/nextcloud
+php_admin_value[upload_tmp_dir] = /var/tmp/nextcloud
+
+; Log errors to specified file.
+php_admin_flag[log_errors] = on
+php_admin_value[error_log] = /var/log/nextcloud/php.error.log
+
+; OPcache error_log file name. Empty string assumes "stderr"
+php_admin_value[opcache.error_log] = /var/log/nextcloud/php.error.log
+
+; Output buffering is a mechanism for controlling how much output data
+; (excluding headers and cookies) PHP should keep internally before pushing that
+; data to the client. If your application's output exceeds this setting, PHP
+; will send that data in chunks of roughly the size you specify.
+; This must be disabled for ownCloud.
+php_admin_flag[output_buffering] = false
+
+; Overload(replace) single byte functions by mbstring functions.
+; This must be disabled for ownCloud.
+php_admin_flag[mbstring.func_overload] = false
+
+; Never populate the $HTTP_RAW_POST_DATA variable.
+; http://php.net/always-populate-raw-post-data
+php_admin_value[always_populate_raw_post_data] = -1
+
+; Disable certain functions for security reasons.
+; http://php.net/disable-functions
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,curl_multi_exec,show_source
+
+; Set recommended settings for OpCache.
+; https://docs.nextcloud.com/server/13/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
+php_admin_flag[opcache.enable] = true
+php_admin_flag[opcache.enable_cli] = true
+php_admin_flag[opcache.save_comments] = true
+php_admin_value[opcache.interned_strings_buffer] = 8
+php_admin_value[opcache.max_accelerated_files] = 10000
+php_admin_value[opcache.memory_consumption] = 128
+php_admin_value[opcache.revalidate_freq] = 1
diff --git a/ilot/nextcloud31/nextcloud-config.php b/ilot/nextcloud31/nextcloud-config.php
new file mode 100644
index 0000000..035fb79
--- /dev/null
+++ b/ilot/nextcloud31/nextcloud-config.php
@@ -0,0 +1,37 @@
+<?php
+$CONFIG = array (
+  'datadirectory' => '/var/lib/nextcloud/data',
+  'logfile' => '/var/log/nextcloud/nextcloud.log',
+  'apps_paths' => array (
+    // Read-only location for apps shipped with Nextcloud and installed by apk.
+    0 => array (
+      'path' => '/usr/share/webapps/nextcloud/apps',
+      'url' => '/apps',
+      'writable' => false,
+    ),
+    // Writable location for apps installed from AppStore.
+    1 => array (
+      'path' => '/var/lib/nextcloud/apps',
+      'url' => '/apps-appstore',
+      'writable' => true,
+    ),
+  ),
+  'updatechecker' => false,
+  'check_for_working_htaccess' => false,
+
+  // Uncomment to enable Zend OPcache.
+  //'memcache.local' => '\OC\Memcache\APCu',
+
+  // Uncomment this and add user nextcloud to the redis group to enable Redis
+  // cache for file locking. This is highly recommended, see
+  // https://github.com/nextcloud/server/issues/9305.
+  //'memcache.locking' => '\OC\Memcache\Redis',
+  //'redis' => array(
+  //  'host' => '/run/redis/redis.sock',
+  //  'port' => 0,
+  //  'dbindex' => 0,
+  //  'timeout' => 1.5,
+  //),
+
+  'installed' => false,
+);
diff --git a/ilot/nextcloud31/nextcloud-dont-chmod.patch b/ilot/nextcloud31/nextcloud-dont-chmod.patch
new file mode 100644
index 0000000..2145508
--- /dev/null
+++ b/ilot/nextcloud31/nextcloud-dont-chmod.patch
@@ -0,0 +1,58 @@
+commit d8f09abd65e5fd620b8b0d720daee293c355660c
+Author: Leonardo Arena <rnalrd@alpinelinux.org>
+Date:   Mon Aug 31 06:59:15 2020 +0000
+
+    Don't chmod. The package takes care of setting the right permissions for directories and files
+
+diff --git a/lib/private/Config.php b/lib/private/Config.php
+index cbdbc5b2..1118981b 100644
+--- a/lib/private/Config.php
++++ b/lib/private/Config.php
+@@ -242,9 +242,6 @@ class Config {
+ 		touch($this->configFilePath);
+ 		$filePointer = fopen($this->configFilePath, 'r+');
+ 
+-		// Prevent others not to read the config
+-		chmod($this->configFilePath, 0640);
+-
+ 		// File does not exist, this can happen when doing a fresh install
+ 		if (!is_resource($filePointer)) {
+ 			throw new HintException(
+diff --git a/lib/private/Log/File.php b/lib/private/Log/File.php
+index 9e9abb11..7db25286 100644
+--- a/lib/private/Log/File.php
++++ b/lib/private/Log/File.php
+@@ -82,9 +82,6 @@ class File extends LogDetails implements IWriter, IFileBased {
+ 	public function write(string $app, $message, int $level) {
+ 		$entry = $this->logDetailsAsJSON($app, $message, $level);
+ 		$handle = @fopen($this->logFile, 'a');
+-		if ($this->logFileMode > 0 && is_file($this->logFile) && (fileperms($this->logFile) & 0777) != $this->logFileMode) {
+-			@chmod($this->logFile, $this->logFileMode);
+-		}
+ 		if ($handle) {
+ 			fwrite($handle, $entry."\n");
+ 			fclose($handle);
+diff --git a/lib/private/TempManager.php b/lib/private/TempManager.php
+index 49d4ee94..b0943843 100644
+--- a/lib/private/TempManager.php
++++ b/lib/private/TempManager.php
+@@ -96,7 +96,6 @@ class TempManager implements ITempManager {
+ 			if ($postFix !== '') {
+ 				$fileNameWithPostfix = $this->buildFileNameWithSuffix($file, $postFix);
+ 				touch($fileNameWithPostfix);
+-				chmod($fileNameWithPostfix, 0600);
+ 				$this->current[] = $fileNameWithPostfix;
+ 				return $fileNameWithPostfix;
+ 			}
+diff --git a/lib/private/legacy/OC_Util.php b/lib/private/legacy/OC_Util.php
+index 71f6edba..216abdf8 100644
+--- a/lib/private/legacy/OC_Util.php
++++ b/lib/private/legacy/OC_Util.php
+@@ -1004,7 +1004,6 @@ class OC_Util {
+ 			. ' cannot be listed by other users.');
+ 		$perms = substr(decoct(@fileperms($dataDirectory)), -3);
+ 		if (substr($perms, -1) !== '0') {
+-			chmod($dataDirectory, 0770);
+ 			clearstatcache();
+ 			$perms = substr(decoct(@fileperms($dataDirectory)), -3);
+ 			if ($perms[2] !== '0') {
diff --git a/ilot/nextcloud31/nextcloud-mysql.cnf b/ilot/nextcloud31/nextcloud-mysql.cnf
new file mode 100644
index 0000000..ff90630
--- /dev/null
+++ b/ilot/nextcloud31/nextcloud-mysql.cnf
@@ -0,0 +1,3 @@
+[server]
+# See https://github.com/nextcloud/server/issues/25436
+innodb_read_only_compressed=off
diff --git a/ilot/nextcloud31/nextcloud.confd b/ilot/nextcloud31/nextcloud.confd
new file mode 100644
index 0000000..b24f26d
--- /dev/null
+++ b/ilot/nextcloud31/nextcloud.confd
@@ -0,0 +1,8 @@
+# Config file for /etc/init.d/nextcloud
+
+name="Nextcloud"
+user="nextcloud"
+group="www-data"
+
+# Uncomment if you use Nextcloud with Redis for caching.
+#rc_need="redis"
diff --git a/ilot/nextcloud31/nextcloud.cron b/ilot/nextcloud31/nextcloud.cron
new file mode 100644
index 0000000..398cb11
--- /dev/null
+++ b/ilot/nextcloud31/nextcloud.cron
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+# Run only when nextcloud service is started.
+if rc-service nextcloud -q status >/dev/null 2>&1; then
+	su nextcloud -s /bin/sh -c 'php83 -f /usr/share/webapps/nextcloud/cron.php'
+fi
diff --git a/ilot/nextcloud31/nextcloud.logrotate b/ilot/nextcloud31/nextcloud.logrotate
new file mode 100644
index 0000000..19e17fd
--- /dev/null
+++ b/ilot/nextcloud31/nextcloud.logrotate
@@ -0,0 +1,6 @@
+/var/log/nextcloud/*.log {
+	daily
+	compress
+	copytruncate
+	su nextcloud www-data
+}
diff --git a/ilot/nextcloud31/nextcloud31-initscript.post-install b/ilot/nextcloud31/nextcloud31-initscript.post-install
new file mode 100644
index 0000000..48f1351
--- /dev/null
+++ b/ilot/nextcloud31/nextcloud31-initscript.post-install
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# It's not needed to be writable for www-data group when running with php-fpm.
+for dir in /etc/nextcloud \
+	/etc/nextcloud/config.php \
+	/var/lib/nextcloud/data \
+	/var/lib/nextcloud/apps
+do
+	chmod g-w $dir
+done
+chgrp root /etc/nextcloud/config.php
+
+# This must be writable (only) by nextcloud user.
+chmod 750 /var/log/nextcloud
+
+mkdir /var/tmp/nextcloud # If /var/tmp doesn't exist there's a big problem
+chown nextcloud /var/tmp/nextcloud
+chmod 700 /var/tmp/nextcloud
+
+cat <<EOF
+*
+* Point your web server to /run/nextcloud/fastcgi.sock and start Nextcloud with
+* /etc/init.d/nextcloud start. You can modify php-fpm settings in
+* /etc/php83/fpm.d/nextcloud.conf.
+*
+EOF
+
+exit 0
diff --git a/ilot/nextcloud31/nextcloud31.post-install b/ilot/nextcloud31/nextcloud31.post-install
new file mode 100644
index 0000000..5a58956
--- /dev/null
+++ b/ilot/nextcloud31/nextcloud31.post-install
@@ -0,0 +1,11 @@
+#!/bin/sh
+# this package could be installed as consequence of an upgrade
+echo
+echo '  * If you are upgrading to a versioned package (starts at v29.0.4-r1),' >&2
+echo '    please do the following:' >&2
+echo
+echo '  * Run "apk upgrade -a" a second time to complete the upgrade of all' >&2
+echo '    nextcloud packages' >&2
+echo '  * Run "occ upgrade" to finish upgrading your Nextcloud instance' >&2
+echo '  * NOTE: since v29.0.4-r1 "occ" command is now in package "nextcloudNN-occ"' >&2
+echo
diff --git a/ilot/nextcloud31/nextcloud31.post-upgrade b/ilot/nextcloud31/nextcloud31.post-upgrade
new file mode 100644
index 0000000..be7e267
--- /dev/null
+++ b/ilot/nextcloud31/nextcloud31.post-upgrade
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+ver_new="$1"
+ver_old="$2"
+
+if [ $(apk version -t "$ver_old" '12.0.0-r2') = '<' ]; then
+	cat >&2 <<-EOF
+	*
+	* All Nextcloud's bundled apps (except "files" and "dav") have been moved to
+	* separate subpackages (e.g. nextcloud-activity). If you want to install
+	* all apps that are enabled by default at once, run:
+	*
+	*     apk add nextcloud-default-apps
+	*
+	EOF
+
+	if [ "$(ls -A /var/lib/nextcloud/apps)" ]; then
+		cat >&2 <<-EOF
+		*
+		* Nextcloud's bundled apps have been moved from /var/lib/nextcloud/apps
+		* to /usr/share/webapps/nextcloud/apps. Only apps installed from App Store
+		* should be stored in /var/lib/nextcloud/apps.
+		*
+		* It seems that you have installed some apps from App Store, so you have to
+		* add /var/lib/nextcloud/apps to your apps_paths. Copy "apps_paths" key
+		* from /etc/nextcloud/config.php.apk-new to your config.php.
+		* 
+		EOF
+	fi
+fi
+
+if [ $(apk version -t "$ver_old" '15.0.2-r0') = '<' ]; then
+	cat >&2 <<-EOF
+	*
+	* App "user_external" is no longer available via release channel.
+	* You need to uninstall the package and install it via appstore:
+	*
+	*     apk del nextcloud-user_external
+	*
+	EOF
+
+fi
+
+if [ "${ver_new%-r*}" != "${ver_old%-r*}" ]; then
+	echo '  * Run "occ upgrade" to finish upgrading your NextCloud instance!' >&2
+	echo '  * NOTE: since v29.0.4-r1 "occ" command is now in package "nextcloudNN-occ"' >&2
+fi
diff --git a/ilot/nextcloud31/nextcloud31.pre-install b/ilot/nextcloud31/nextcloud31.pre-install
new file mode 100644
index 0000000..e9cf539
--- /dev/null
+++ b/ilot/nextcloud31/nextcloud31.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S -g 82 www-data 2>/dev/null
+adduser -S -D -H -h /var/lib/nextcloud -s /sbin/nologin -G www-data -g Nextcloud nextcloud 2>/dev/null
+
+exit 0
diff --git a/ilot/nextcloud31/nextcloud31.pre-upgrade b/ilot/nextcloud31/nextcloud31.pre-upgrade
new file mode 100644
index 0000000..f444e78
--- /dev/null
+++ b/ilot/nextcloud31/nextcloud31.pre-upgrade
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+ver_old="$2"
+apps_link='/usr/share/webapps/nextcloud/apps'
+
+# Remove apps symlink before replacing files to avoid losing installed apps.
+# This is a workaround for some issue in apk.
+if [ $(apk version -t "$ver_old" '12.0.0-r2') = '<' ] && [ -L "$apps_link" ]; then
+	rm "$apps_link"
+fi
diff --git a/ilot/nextcloud31/occ b/ilot/nextcloud31/occ
new file mode 100644
index 0000000..57b8ef3
--- /dev/null
+++ b/ilot/nextcloud31/occ
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+NEXTCLOUD_DIR='/usr/share/webapps/nextcloud'
+: ${NEXTCLOUD_USER:="nextcloud"}
+
+if [ "$(id -un)" != "$NEXTCLOUD_USER" ]; then
+	exec su -s /bin/sh "$NEXTCLOUD_USER" -c '$0 "$@"' -- php83 $NEXTCLOUD_DIR/occ "$@"
+else
+	exec php83 $NEXTCLOUD_DIR/occ "$@"
+fi
diff --git a/ilot/nextcloud31/use-external-docs-if-local-not-avail.patch b/ilot/nextcloud31/use-external-docs-if-local-not-avail.patch
new file mode 100644
index 0000000..42af94b
--- /dev/null
+++ b/ilot/nextcloud31/use-external-docs-if-local-not-avail.patch
@@ -0,0 +1,36 @@
+From f17c14956c51206ad82acc5d9b66fd752f0e3c03 Mon Sep 17 00:00:00 2001
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Tue, 19 Dec 2023 07:53:40 +0000
+Subject: [PATCH] use external docs if local not available
+
+---
+ apps/settings/templates/help.php | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/apps/settings/templates/help.php b/apps/settings/templates/help.php
+index 649178c1..29b5ac4c 100644
+--- a/apps/settings/templates/help.php
++++ b/apps/settings/templates/help.php
+@@ -48,8 +48,19 @@
+ 	</div>
+ 
+ 	<div id="app-content" class="help-includes">
++	<?php if ($_['localDocs']) { ?>
+ 		<iframe src="<?php print_unescaped($_['url']); ?>" class="help-iframe" tabindex="0">
+ 		</iframe>
++	<?php } else { ?>
++	<div class="section">
++		<h2>Local documentation is not installed</h2>
++		<p>Please use
++			<a href="<?php print_unescaped($_['url']); ?>" target="_blank" rel="noreferrer">
++				<?php p($l->t('online documentation')); ?> ↗
++			</a>
++		</p>
++	</div>
++        <?php } ?>
+ 	</div>
+ <?php else: ?>
+ 	<div id="app-content">
+-- 
+2.42.0
+

From 322956f740044b1000d42a82e6b9777584290b6b Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Sat, 22 Mar 2025 13:34:37 -0400
Subject: [PATCH 02/26] ilot/mastodon: upgrade to 4.2.19

---
 ilot/mastodon/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ilot/mastodon/APKBUILD b/ilot/mastodon/APKBUILD
index 35d6e3c..5ce4fc0 100644
--- a/ilot/mastodon/APKBUILD
+++ b/ilot/mastodon/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=mastodon
 _pkgname=$pkgname
-pkgver=4.2.15
+pkgver=4.2.19
 _gittag=v$pkgver
 pkgrel=0
 pkgdesc="Self-hosted social media and network server based on ActivityPub and OStatus"
@@ -192,7 +192,7 @@ assets() {
 }
 
 sha512sums="
-3fbd6b865c4321c74251b8cfb78185d2c0454c4fe1d3c85cc01b2eaa37cf478e5ad78ab4df3c207e6d2257b223494c516878e180b6cae7f0ef9a1430b937f553  mastodon-v4.2.15.tar.gz
+cb57227876fbf8ca358104970de6d0c3c9b5913246df4a0d0cfa35b79fa3961d98c309d77222bf596941842062d099065d4502fc1f3dd4531394350e10a9860c  mastodon-v4.2.19.tar.gz
 d49fea9451c97ccefe5e35b68e4274aeb427f9d1e910b89c1f6c810489c3bec1ccff72952fdaef95abf944b8aff0da84a52347540d36ff1fba5ccc19e1d935c6  mastodon.initd
 eefe12a31268245f802222c0001dac884e03adb0d301e53a1512a3cd204836ca03ad083908cd14d146cf0dce99e3a4366570efd0e40a9a490ccd381d4c63c32f  mastodon.web.initd
 8fc9249c01693bb02b8d1a6177288d5d3549addde8c03eb35cc7a32dde669171872ebc2b5deb8019dc7a12970098f1af707171fa41129be31b04e1dc1651a777  mastodon.sidekiq.initd

From 2d900374a515f67f8228eb64d68da861c04e2bd5 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Sat, 22 Mar 2025 13:39:01 -0400
Subject: [PATCH 03/26] ilot/freescout: upgrade to 1.8.173

---
 ilot/freescout/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ilot/freescout/APKBUILD b/ilot/freescout/APKBUILD
index 12e0117..addb28b 100644
--- a/ilot/freescout/APKBUILD
+++ b/ilot/freescout/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=freescout
-pkgver=1.8.171
+pkgver=1.8.173
 pkgrel=0
 pkgdesc="Free self-hosted help desk & shared mailbox"
 arch="noarch"
@@ -76,7 +76,7 @@ package() {
 	install -m755 -D "$srcdir"/freescout-manage.sh "$pkgdir"/usr/bin/freescout-manage
 }
 sha512sums="
-ae99edd7ab1f944cfc8606ae26b67a4898c2490c099a06cde0fa6f8dd35e737fdc3bfd9f96a13694f18a29704ad80c11f9bcd77e149e8d03dbb70defbfbf9c19  freescout-1.8.171.tar.gz
+1d349d2a84985e2ce9e767cdbf40943ffd1926db5e8b56cb9c3c4436f5a3c56f3c63265c4382acaadccf32965c0896e84eed3e2ef970ba2398a57440bf8dbeea  freescout-1.8.173.tar.gz
 e4af6c85dc12f694bef2a02e4664e31ed50b2c109914d7ffad5001c2bbd764ef25b17ecaa59ff55ef41bccf17169bf910d1a08888364bdedd0ecc54d310e661f  freescout.nginx
 7ce9b3ee3a979db44f5e6d7daa69431e04a5281f364ae7be23e5a0a0547f96abc858d2a8010346be2fb99bd2355fb529e7030ed20d54f310249e61ed5db4d0ba  freescout-manage.sh
 0cba00b7d945ce84f72a2812d40028a073a5278856f610e46dbfe0ac78deff6bf5eba7643635fa4bc64d070c4d49eb47d24ea0a05ba1e6ea76690bfd77906366  rename-client-to-membre-fr-en.patch

From 1a2203ba3c756a4d5b0c574a999e09dd1026ad75 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Tue, 18 Feb 2025 13:13:08 -0500
Subject: [PATCH 04/26] ilot/codeberg-pages-server: upgrade to 6.2.1

---
 ilot/codeberg-pages-server/APKBUILD           | 14 +++++---
 .../codeberg-pages-server.openrc              | 33 ++++++++-----------
 ilot/codeberg-pages-server/downgrade-go.patch | 12 +++++++
 3 files changed, 35 insertions(+), 24 deletions(-)
 create mode 100644 ilot/codeberg-pages-server/downgrade-go.patch

diff --git a/ilot/codeberg-pages-server/APKBUILD b/ilot/codeberg-pages-server/APKBUILD
index 75ecfbb..964852f 100644
--- a/ilot/codeberg-pages-server/APKBUILD
+++ b/ilot/codeberg-pages-server/APKBUILD
@@ -1,7 +1,7 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=codeberg-pages-server
-pkgver=6.2
+pkgver=6.2.1
 pkgrel=0
 pkgdesc="The Codeberg Pages Server – with custom domain support, per-repo pages using the pages branch, caching and more."
 url="https://codeberg.org/Codeberg/pages-server"
@@ -14,6 +14,7 @@ options="!check"
 source="
 	$pkgname-$pkgver.tar.gz::https://codeberg.org/Codeberg/pages-server/archive/v$pkgver.tar.gz
 	codeberg-pages-server.openrc
+	downgrade-go.patch
 	"
 builddir="$srcdir/"pages-server
 subpackages="$pkgname-openrc"
@@ -30,13 +31,18 @@ build() {
 
 package() {
 	msg "Packaging $pkgname"
-	install -Dm755 "$builddir"/build/codeberg-pages-server "$pkgdir"/usr/bin/codeberg-pages-server
+	install -Dm755 	"$builddir"/build/codeberg-pages-server \
+		"$pkgdir"/usr/bin/codeberg-pages-server
 
 	install -Dm755 "$srcdir"/$pkgname.openrc \
 		"$pkgdir"/etc/init.d/$pkgname
+
+	install -Dm600 "$builddir"/example_config.toml \
+		"$pkgdir"/etc/codeberg-pages-server/pages.conf
 }
 
 sha512sums="
-d48e10262e94eb2e36696646e3431da066d2f820e037ab713f4446dd72c2e3895c9bf153fcbf702e05b21ec5750aa15ed9b71e2fb383f9357aeeef61073a721a  codeberg-pages-server-6.2.tar.gz
-4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1  codeberg-pages-server.openrc
+87992a244a580ef109fa891fd4e4ab5bf8320076f396c63e23b83e2c49e3c34fed2d6562283fc57dd89ebc13596dd7b8cbdfa7202eee43cbbd86b6a7f3b52c26  codeberg-pages-server-6.2.1.tar.gz
+4808057de5d539fd9ad3db67b650d45ed60c53e07eff840115af09729ac198791b465b61da547eac1dffd0633e5855c348aa7663d6f6cb5984f7fc999be08589  codeberg-pages-server.openrc
+1f02e3e9a6f0aab9b516fa7ffaaeb92da3ab839fbcf07f672398063d784c8c0ca373edc0f9a26132d40a60345c4894a5f757c13bf7500f5753f5ffcdf10c52db  downgrade-go.patch
 "
diff --git a/ilot/codeberg-pages-server/codeberg-pages-server.openrc b/ilot/codeberg-pages-server/codeberg-pages-server.openrc
index a036393..fe2ce85 100644
--- a/ilot/codeberg-pages-server/codeberg-pages-server.openrc
+++ b/ilot/codeberg-pages-server/codeberg-pages-server.openrc
@@ -1,30 +1,23 @@
 #!/sbin/openrc-run
-  
+
+: ${config:=/etc/codeberg-pages-server/pages.conf}
+
 name="$RC_SVCNAME"
 cfgfile="/etc/conf.d/$RC_SVCNAME.conf"
 pidfile="/run/$RC_SVCNAME.pid"
-working_directory="/usr/share/webapps/authentik"
-command="/usr/share/webapps/authentik/server"
-command_user="authentik"
-command_group="authentik"
+working_directory="/var/lib/codeberg-pages-server"
+command="/usr/bin/codeberg-pages-server"
+command_args="--config-file $config"
+command_user="nginx"
+command_group="nginx"
 start_stop_daemon_args=""
 command_background="yes"
-output_log="/var/log/authentik/$RC_SVCNAME.log"
-error_log="/var/log/authentik/$RC_SVCNAME.err"
-
-depend() {
-        need redis
-        need postgresql
-}
+output_log="/var/log/codeberg-pages-server/$RC_SVCNAME.log"
+error_log="/var/log/codeberg-pages-server/$RC_SVCNAME.err"
 
 start_pre() {
-	cd "$working_directory"
         checkpath --directory --owner $command_user:$command_group --mode 0775 \
-                /var/log/authentik \
-                /var/lib/authentik/certs
-}
-
-stop_pre() {
-	ebegin "Killing child processes"
-	kill $(ps -o pid= --ppid $(cat $pidfile)) || true
+                /var/log/codeberg-pages-server \
+                /var/lib/codeberg-pages-server
+	cd "$working_directory"
 }
diff --git a/ilot/codeberg-pages-server/downgrade-go.patch b/ilot/codeberg-pages-server/downgrade-go.patch
new file mode 100644
index 0000000..80988d5
--- /dev/null
+++ b/ilot/codeberg-pages-server/downgrade-go.patch
@@ -0,0 +1,12 @@
+diff --git a/go.mod.orig b/go.mod
+index bff6b77..2b9f2e4 100644
+--- a/go.mod.orig
++++ b/go.mod
+@@ -1,6 +1,6 @@
+ module codeberg.org/codeberg/pages
+ 
+-go 1.24.0
++go 1.23.6
+ 
+ require (
+ 	code.gitea.io/sdk/gitea v0.20.0

From 2263b1374c93b62a8b843b4cc050fe9ab8d8df0f Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Sat, 22 Mar 2025 13:57:43 -0400
Subject: [PATCH 05/26] ilot/codeberg-pages-server: add post-install script
 giving right to binary to host on 443,80

---
 ilot/codeberg-pages-server/APKBUILD                    |  5 +++--
 .../codeberg-pages-server.post-install                 | 10 ++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)
 create mode 100755 ilot/codeberg-pages-server/codeberg-pages-server.post-install

diff --git a/ilot/codeberg-pages-server/APKBUILD b/ilot/codeberg-pages-server/APKBUILD
index 964852f..359c118 100644
--- a/ilot/codeberg-pages-server/APKBUILD
+++ b/ilot/codeberg-pages-server/APKBUILD
@@ -2,13 +2,14 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=codeberg-pages-server
 pkgver=6.2.1
-pkgrel=0
+pkgrel=1
 pkgdesc="The Codeberg Pages Server – with custom domain support, per-repo pages using the pages branch, caching and more."
 url="https://codeberg.org/Codeberg/pages-server"
 arch="all"
 license="EUPL-1.2"
-depends="nginx"
+depends="libcap-setcap nginx"
 makedepends="go just"
+install="$pkgname.post-install"
 # tests disabled for now
 options="!check"
 source="
diff --git a/ilot/codeberg-pages-server/codeberg-pages-server.post-install b/ilot/codeberg-pages-server/codeberg-pages-server.post-install
new file mode 100755
index 0000000..d55e213
--- /dev/null
+++ b/ilot/codeberg-pages-server/codeberg-pages-server.post-install
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -eu
+
+setcap 'cap_net_bind_service=+ep' /usr/bin/codeberg-pages-server
+
+cat >&2 <<-EOF
+*
+* 1. Adjust settings in /etc/codeberg-pages-server/pages.conf
+*
+EOF

From 84f28b7e5cd8437d5fe3d08a4944a188f1979d96 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Sat, 22 Mar 2025 13:38:08 -0400
Subject: [PATCH 06/26] ilot/forgejo-aneksajo: upgrade to 10.0.1_git1

---
 ilot/forgejo-aneksajo/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ilot/forgejo-aneksajo/APKBUILD b/ilot/forgejo-aneksajo/APKBUILD
index 4cf97ae..06a9899 100644
--- a/ilot/forgejo-aneksajo/APKBUILD
+++ b/ilot/forgejo-aneksajo/APKBUILD
@@ -4,7 +4,7 @@
 # Contributor: Patrycja Rosa <alpine@ptrcnull.me>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=forgejo-aneksajo
-pkgver=10.0.1_git0
+pkgver=10.0.1_git1
 _gittag=v${pkgver/_git/-git-annex}
 pkgrel=0
 pkgdesc="Self-hosted Git service written in Go with git-annex support"
@@ -106,7 +106,7 @@ package() {
 }
 
 sha512sums="
-1dcc4655bd19e6e29dbe854a43693c60518d69db80f53c7f3fd759717e68782d1c1b181aee1286a0e19a253e197da512b3d051097ffc501b6717f2dfee8c67de  forgejo-aneksajo-v10.0.1-git-annex0.tar.gz
+eb7f22d12a0012d001a53f9a13aa6ea696a95bcf6a431272c2adbeede33be98cb16a24f6c7fc6a2910bf67d887830ce8936cb6a127fd682f3737476917325b00  forgejo-aneksajo-v10.0.1-git-annex1.tar.gz
 497d8575f2eb5ac43baf82452e76007ef85e22cca2cc769f1cf55ffd03d7ce4d50ac4dc2b013e23086b7a5577fc6de5a4c7e5ec7c287f0e3528e908aaa2982aa  forgejo-aneksajo.initd
 b537b41b6b3a945274a6028800f39787b48c318425a37cf5d40ace0d1b305444fd07f17b4acafcd31a629bedd7d008b0bb3e30f82ffeb3d7e7e947bdbe0ff4f3  forgejo-aneksajo.ini
 "

From 567715dc3ae68f92bd15f4f43615b79ad441fa8b Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Sat, 22 Mar 2025 13:36:08 -0400
Subject: [PATCH 07/26] ilot/nextcloud30: upgrade to 30.0.8

---
 ..._check-if-storage-id-is-set-on-cache.patch | 62 -------------------
 ilot/nextcloud30/APKBUILD                     | 10 ++-
 ilot/nextcloud30/nextcloud-dont-chmod.patch   | 12 ----
 3 files changed, 4 insertions(+), 80 deletions(-)
 delete mode 100644 ilot/nextcloud30/50813_check-if-storage-id-is-set-on-cache.patch

diff --git a/ilot/nextcloud30/50813_check-if-storage-id-is-set-on-cache.patch b/ilot/nextcloud30/50813_check-if-storage-id-is-set-on-cache.patch
deleted file mode 100644
index 1f704c7..0000000
--- a/ilot/nextcloud30/50813_check-if-storage-id-is-set-on-cache.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 59a0bc99824402fc126e58dfcc8da68fc6e41349 Mon Sep 17 00:00:00 2001
-From: Git'Fellow <12234510+solracsf@users.noreply.github.com>
-Date: Wed, 12 Feb 2025 11:30:14 +0100
-Subject: [PATCH] fix(SharedStorage): Check if storage ID is set on cache
-
-Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
----
- apps/files_sharing/lib/SharedStorage.php | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/apps/files_sharing/lib/SharedStorage.php b/apps/files_sharing/lib/SharedStorage.php
-index 2ac157f7970b6..a70632d6faa54 100644
---- a/apps/files_sharing/lib/SharedStorage.php
-+++ b/apps/files_sharing/lib/SharedStorage.php
-@@ -29,6 +29,7 @@ use OCP\Files\Storage\IDisableEncryptionStorage;
- use OCP\Files\Storage\ISharedStorage;
- use OCP\Files\Storage\IStorage;
- use OCP\Lock\ILockingProvider;
-+use OCP\Server;
- use OCP\Share\IShare;
- use Psr\Log\LoggerInterface;
- 
-@@ -82,7 +83,7 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements LegacyISha
- 
- 	public function __construct($arguments) {
- 		$this->ownerView = $arguments['ownerView'];
--		$this->logger = \OC::$server->get(LoggerInterface::class);
-+		$this->logger = Server::get(LoggerInterface::class);
- 
- 		$this->superShare = $arguments['superShare'];
- 		$this->groupedShares = $arguments['groupedShares'];
-@@ -142,7 +143,7 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements LegacyISha
- 			}
- 
- 			/** @var IRootFolder $rootFolder */
--			$rootFolder = \OC::$server->get(IRootFolder::class);
-+			$rootFolder = Server::get(IRootFolder::class);
- 			$this->ownerUserFolder = $rootFolder->getUserFolder($this->superShare->getShareOwner());
- 			$sourceId = $this->superShare->getNodeId();
- 			$ownerNodes = $this->ownerUserFolder->getById($sourceId);
-@@ -431,7 +432,7 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements LegacyISha
- 		$this->cache = new \OCA\Files_Sharing\Cache(
- 			$storage,
- 			$sourceRoot,
--			\OC::$server->get(CacheDependencies::class),
-+			Server::get(CacheDependencies::class),
- 			$this->getShare()
- 		);
- 		return $this->cache;
-@@ -456,10 +457,10 @@ class SharedStorage extends \OC\Files\Storage\Wrapper\Jail implements LegacyISha
- 		// Get node information
- 		$node = $this->getShare()->getNodeCacheEntry();
- 		if ($node instanceof CacheEntry) {
--			$storageId = $node->getData()['storage_string_id'];
-+			$storageId = $node->getData()['storage_string_id'] ?? null;
- 			// for shares from the home storage we can rely on the home storage to keep itself up to date
- 			// for other storages we need use the proper watcher
--			if (!(str_starts_with($storageId, 'home::') || str_starts_with($storageId, 'object::user'))) {
-+			if ($storageId !== null && !(str_starts_with($storageId, 'home::') || str_starts_with($storageId, 'object::user'))) {
- 				$this->watcher = parent::getWatcher($path, $storage);
- 				return $this->watcher;
- 			}
diff --git a/ilot/nextcloud30/APKBUILD b/ilot/nextcloud30/APKBUILD
index 0380785..66aca75 100644
--- a/ilot/nextcloud30/APKBUILD
+++ b/ilot/nextcloud30/APKBUILD
@@ -2,8 +2,8 @@
 # Contributor: jahway603 <jahway603@protonmail.com>
 # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
 _pkgname=nextcloud
-pkgver=30.0.6
-pkgrel=1
+pkgver=30.0.8
+pkgrel=0
 is_latest=true
 _pkgvermaj=${pkgver%%.*}
 pkgname=nextcloud$_pkgvermaj
@@ -87,7 +87,6 @@ source="https://download.nextcloud.com/server/releases/nextcloud-$pkgver.tar.bz2
 	dont-update-htaccess.patch
 	disable-integrity-check-as-default.patch
 	use-external-docs-if-local-not-avail.patch
-	50813_check-if-storage-id-is-set-on-cache.patch
 
 	$_pkgname-config.php
 	$_pkgname.logrotate
@@ -311,12 +310,11 @@ _package_app() {
 }
 
 sha512sums="
-5eb98bf8badcf9a1e0b0482c230dae573a7e577281502dd7ac46804bec2a1bb5aa82dd5e5dc800380a9852e8d076432a819032fdabbf39c09bc902c257aeffa3  nextcloud-30.0.6.tar.bz2
-aea0adb2c3a48ec6af2958c6ccfe13adff86316a56084e763b7e6df9e21aa3435b13305b7c15cc2b795e83c9388b05006862f6465c29e3dc2c1fbd8eb8befcb9  nextcloud-dont-chmod.patch
+0bca2f42ccfb7db4befdd2aeeb1df72d2f9acad88907706f8524ced55bd0213b30b687a5e4c623615e59f22246562e195fd74bbb409c4f60b713482e1237d755  nextcloud-30.0.8.tar.bz2
+daeabeaa315bb908cc1e49612cce4b2debd71d17acb84b5d14e15fe124c907884b72d54e9aa669ec209eee1b1934d0bc242d72a28d8db7339cfb08383f66fd5c  nextcloud-dont-chmod.patch
 12f4a39aef0f81a0115c81bf2b345cc194537a7e8300748b800b0e35bc07928091296074b23c2019c17aced69854a11d1ed7225f67eefd27cf00c3969a75c5b0  dont-update-htaccess.patch
 cb04252d01407c7030e87dd54616c621ea0f85ef0212674b1161288182538cae0fb31c67e7cc07c66f9607075774c64e386009cc66365b1f1b155f6ad4f83ac0  disable-integrity-check-as-default.patch
 c0a9b7c31c8beaca711f8e97d98441007b3dca7fb3d316d2eacd28a73b5233def6f846c02d98202f75efb9cb248b8787a80e20b07c32d1c7534a0e54bb20feab  use-external-docs-if-local-not-avail.patch
-5925787e34c39ad217103b9ebe82654c612a97e70d4b2208c77f84847afb1bcccd929366a807fa76ff929a7ee7e8008eaa58fd950915ffcce8ef2ddf97ef9d1d  50813_check-if-storage-id-is-set-on-cache.patch
 5f73cd9399fa484ef15bd47e803c93381deffbc7699eceadbb5c27e43b20156806d74e5021a64d28f0165ef87b519e962780651711a37bceb9f0b04455dfdce1  nextcloud-config.php
 7388458a9e8b7afd3d3269718306410ffa59c3c23da4bef367a4d7f6d2570136fae9dd421b19c1441e7ffb15a5405e18bb5da67b1a15f9f45e8b98d3fda532ba  nextcloud.logrotate
 dcc57735d7d4af4a7ebbdd1186d301e51d2ae4675022aea6bf1111222dfa188a3a490ebd6e7c8a7ac30046cb7d93f81cec72a51acbc60d0c10b7fb64630c637a  nextcloud.confd
diff --git a/ilot/nextcloud30/nextcloud-dont-chmod.patch b/ilot/nextcloud30/nextcloud-dont-chmod.patch
index 2145508..1929185 100644
--- a/ilot/nextcloud30/nextcloud-dont-chmod.patch
+++ b/ilot/nextcloud30/nextcloud-dont-chmod.patch
@@ -32,18 +32,6 @@ index 9e9abb11..7db25286 100644
  		if ($handle) {
  			fwrite($handle, $entry."\n");
  			fclose($handle);
-diff --git a/lib/private/TempManager.php b/lib/private/TempManager.php
-index 49d4ee94..b0943843 100644
---- a/lib/private/TempManager.php
-+++ b/lib/private/TempManager.php
-@@ -96,7 +96,6 @@ class TempManager implements ITempManager {
- 			if ($postFix !== '') {
- 				$fileNameWithPostfix = $this->buildFileNameWithSuffix($file, $postFix);
- 				touch($fileNameWithPostfix);
--				chmod($fileNameWithPostfix, 0600);
- 				$this->current[] = $fileNameWithPostfix;
- 				return $fileNameWithPostfix;
- 			}
 diff --git a/lib/private/legacy/OC_Util.php b/lib/private/legacy/OC_Util.php
 index 71f6edba..216abdf8 100644
 --- a/lib/private/legacy/OC_Util.php

From 23e8d38f525f0d51699e394568c1ad46fec47824 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Mon, 31 Mar 2025 15:38:38 -0400
Subject: [PATCH 08/26] ilot/wikijs: upgrade to 2.5.307

---
 ilot/wikijs/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ilot/wikijs/APKBUILD b/ilot/wikijs/APKBUILD
index a95329d..bdf9fc2 100644
--- a/ilot/wikijs/APKBUILD
+++ b/ilot/wikijs/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=wikijs
-pkgver=2.5.306
+pkgver=2.5.307
 pkgrel=0
 pkgdesc="Wiki.js | A modern, lightweight and powerful wiki app built on Node.js"
 license="AGPL-3.0"
@@ -56,7 +56,7 @@ package() {
 	chown 5494:5494 "$pkgdir"/var/lib/wikijs
 }
 sha512sums="
-f4ffa4d83dfeb118d410ec1363bdb593ba2ecf5736abffe8cf4bf9507f2452c59a090e69d9a69d4f240f1d22f5627d6c578537ea7d990d7bcd6eceece42a327c  wikijs-2.5.306.tar.gz
+8bf22ae87a9e3b8dd6f7114d0cf59913ad2cb05a2ed0e9bb7ac302b546d71f34a14de64cbe6e0f8b887d5df65e9d2b065ca18fe4493d3939895b8fa7076dd567  wikijs-2.5.307.tar.gz
 355131ee5617348b82681cb8543c784eea59689990a268ecd3b77d44fe9abcca9c86fb8b047f0a8faeba079c650faa7790c5dd65418d313cd7561f38bb590c03  wikijs.initd
 07b536c20e370d2a926038165f0e953283259c213a80a8648419565f5359ab05f528ac310e81606914013da212270df6feddb22e514cbcb2464c8274c956e4af  config.sample.yml.patch
 "

From 2f581245cb200d90ef1523e77faf48d241f9ccfe Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Mon, 31 Mar 2025 15:37:40 -0400
Subject: [PATCH 09/26] ilot/forgejo-aneksajo: upgrade to 10.0.3-git0

---
 ilot/forgejo-aneksajo/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ilot/forgejo-aneksajo/APKBUILD b/ilot/forgejo-aneksajo/APKBUILD
index 06a9899..d9e09b9 100644
--- a/ilot/forgejo-aneksajo/APKBUILD
+++ b/ilot/forgejo-aneksajo/APKBUILD
@@ -4,7 +4,7 @@
 # Contributor: Patrycja Rosa <alpine@ptrcnull.me>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=forgejo-aneksajo
-pkgver=10.0.1_git1
+pkgver=10.0.3_git0
 _gittag=v${pkgver/_git/-git-annex}
 pkgrel=0
 pkgdesc="Self-hosted Git service written in Go with git-annex support"
@@ -106,7 +106,7 @@ package() {
 }
 
 sha512sums="
-eb7f22d12a0012d001a53f9a13aa6ea696a95bcf6a431272c2adbeede33be98cb16a24f6c7fc6a2910bf67d887830ce8936cb6a127fd682f3737476917325b00  forgejo-aneksajo-v10.0.1-git-annex1.tar.gz
+e32c919228df167374e8f3099e2e59bfab610aac6c87465318efe1cac446d014535e270f57b0bf8b2a7eb3843c5dcb189eac4dad2e230b57acd9096ead647eca  forgejo-aneksajo-v10.0.3-git-annex0.tar.gz
 497d8575f2eb5ac43baf82452e76007ef85e22cca2cc769f1cf55ffd03d7ce4d50ac4dc2b013e23086b7a5577fc6de5a4c7e5ec7c287f0e3528e908aaa2982aa  forgejo-aneksajo.initd
 b537b41b6b3a945274a6028800f39787b48c318425a37cf5d40ace0d1b305444fd07f17b4acafcd31a629bedd7d008b0bb3e30f82ffeb3d7e7e947bdbe0ff4f3  forgejo-aneksajo.ini
 "

From cb5f704a4918f3d0a913ea9790f37e57197607b1 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Mon, 31 Mar 2025 16:44:49 -0400
Subject: [PATCH 10/26] ilot/py3-kadmin-rs: new aport

---
 ilot/py3-kadmin-rs/APKBUILD | 56 +++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 ilot/py3-kadmin-rs/APKBUILD

diff --git a/ilot/py3-kadmin-rs/APKBUILD b/ilot/py3-kadmin-rs/APKBUILD
new file mode 100644
index 0000000..fae9ad1
--- /dev/null
+++ b/ilot/py3-kadmin-rs/APKBUILD
@@ -0,0 +1,56 @@
+# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
+# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
+pkgname=py3-kadmin-rs
+pkgver=0.5.3
+pkgrel=0
+pkgdesc="Rust and Python interfaces to the Kerberos administration interface (kadm5)"
+url="https://github.com/authentik-community/kadmin-rs"
+arch="all"
+license="MIT"
+checkdepends="py3-pytest py3-k5test"
+makedepends="
+	cargo
+	cargo-auditable
+	clang-libclang
+	py3-setuptools
+	py3-setuptools-rust
+	py3-gpep517
+	py3-wheel
+	poetry
+	python3-dev
+	sccache
+	"
+source="$pkgname-$pkgver.tar.gz::https://github.com/authentik-community/kadmin-rs/archive/refs/tags/kadmin/version/$pkgver.tar.gz"
+builddir="$srcdir"/kadmin-rs-kadmin-version-$pkgver
+subpackages="$pkgname-pyc"
+
+prepare() {
+	default_prepare
+
+	cargo fetch --target="$CTARGET" --locked
+}
+
+
+build() {
+	cargo auditable build --release --locked
+	gpep517 build-wheel \
+		--wheel-dir .dist \
+		--output-fd 3 3>&1 >&2
+}
+
+check() {
+	cargo test --locked
+
+	python3 -m venv --clear --without-pip --system-site-packages .testenv
+	.testenv/bin/python3 -m installer .dist/*.whl
+	.testenv/bin/python3 -m unittest python/tests/test_*.py
+}
+
+package() {
+	python3 -m installer -d "$pkgdir" \
+		.dist/*.whl
+}
+
+sha512sums="
+61d3ddfe619827cef83af944b2281f2cf6966d95c3d4a5883b82169bf1f34e6b7173cfa086198e3e0f9a227590a497dcb1c9b209cd4d0c6d361fdfce9b98eec0  py3-kadmin-rs-0.5.3.tar.gz
+"

From bedb27d6609a2058b48e510990c43f5de120e9ae Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Mon, 31 Mar 2025 16:45:01 -0400
Subject: [PATCH 11/26] ilot/authentik: upgrade to 2024.12.4

---
 ilot/authentik/APKBUILD          | 8 ++++----
 ilot/authentik/fix-ak-bash.patch | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/ilot/authentik/APKBUILD b/ilot/authentik/APKBUILD
index 42b271d..11bfae8 100644
--- a/ilot/authentik/APKBUILD
+++ b/ilot/authentik/APKBUILD
@@ -1,7 +1,7 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=authentik
-pkgver=2024.10.5
+pkgver=2024.12.4
 pkgrel=0
 pkgdesc="An open-source Identity Provider focused on flexibility and versatility"
 url="https://github.com/goauthentik/authentik"
@@ -59,7 +59,7 @@ depends="
 	py3-jsonpatch
 	py3-jwt
 	py3-jwcrypto
-	py3-kadmin
+	py3-kadmin-rs
 	py3-kubernetes
 	py3-ldap3
 	py3-lxml
@@ -283,13 +283,13 @@ pyc() {
 }
 
 sha512sums="
-f6e04ac1d1ac3a46e6d0f89548c0c2748f2214c551157e65f9071721dfdccac53c98b1664ecd1bc70650b4fceec47c5a5ab805da34e82ccc86d6a64087441702  authentik-2024.10.5.tar.gz
+a99ad8d908a0014b87def6c5a6a59226d39e1f76ddff0fbd1ab18dec5c73780180d1bafb6374907cf163e1fe0336ac6c5f86989cee90e60d02df2c1eed9d7e63  authentik-2024.12.4.tar.gz
 4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1  authentik.openrc
 6cb03b9b69df39bb4539fe05c966536314d766b2e9307a92d87070ba5f5b7e7ab70f1b5ee1ab3c0c50c23454f9c5a4caec29e63fdf411bbb7a124ad687569b89  authentik-worker.openrc
 351e6920d987861f8bf0d7ab2f942db716a8dbdad1f690ac662a6ef29ac0fd46cf817cf557de08f1c024703503d36bc8b46f0d9eb1ecaeb399dce4c3bb527d17  authentik-ldap.openrc
 89ee5f0ffdade1c153f3a56ff75b25a7104aa81d8c7a97802a8f4b0eab34850cee39f874dabe0f3c6da3f71d6a0f938f5e8904169e8cdd34d407c8984adee6b0  authentik-ldap.conf
 f1a3cb215b6210fa7d857a452a9f2bc4dc0520e49b9fa7027547cff093d740a7e2548f1bf1f8831f7d5ccb80c8e523ee0c8bafcc4dc42d2788725f2137d21bee  authentik-manage.sh
-3e47db684a3f353dcecdb7bab8836b9d5198766735d77f676a51d952141a0cf9903fcb92e6306c48d2522d7a1f3028b37247fdc1dc74d4d6e043da7eb4f36d49  fix-ak-bash.patch
+3d38076606d18a438a2d76cdd2067774d5471bb832e641050630726b4d7bd8b8c2218d25d7e987a1fb46ee6a4a81d13e899145f015b3c94204cece039c7fb182  fix-ak-bash.patch
 5c60e54b6a7829d611af66f5cb8184a002b5ae927efbd024c054a7c176fcb9efcfbe5685279ffcf0390b0f0abb3bb03e02782c6867c2b38d1ad2d508aae83fa0  root-settings-csrf_trusted_origins.patch
 badff70b19aad79cf16046bd46cb62db25c2a8b85b2673ce7c44c42eb60d42f6fcb1b9a7a7236c00f24803b25d3c66a4d64423f7ce14a59763b8415db292a5b9  go-downgrade-1.22.patch
 "
diff --git a/ilot/authentik/fix-ak-bash.patch b/ilot/authentik/fix-ak-bash.patch
index c6afafb..080b29f 100644
--- a/ilot/authentik/fix-ak-bash.patch
+++ b/ilot/authentik/fix-ak-bash.patch
@@ -1,10 +1,10 @@
 diff --git a/lifecycle/ak.orig b/lifecycle/ak
-index 615bfe9..1646274 100755
+index 44dc480..49a0cef 100755
 --- a/lifecycle/ak.orig
 +++ b/lifecycle/ak
 @@ -1,4 +1,4 @@
--#!/usr/bin/env -S bash -e
+-#!/usr/bin/env -S bash
 +#!/usr/bin/env bash
+ set -e -o pipefail
  MODE_FILE="${TMPDIR}/authentik-mode"
  
- function log {

From 8db2d8e28048d7df26a4d727f757e08e77525c49 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Mon, 31 Mar 2025 16:45:20 -0400
Subject: [PATCH 12/26] ilot/py3-kadmin: remove in favor of py3-kadmin-rs

---
 ilot/py3-kadmin/APKBUILD                      | 40 -------------------
 .../py3-kadmin/fix-int-conversion-error.patch | 13 ------
 2 files changed, 53 deletions(-)
 delete mode 100644 ilot/py3-kadmin/APKBUILD
 delete mode 100644 ilot/py3-kadmin/fix-int-conversion-error.patch

diff --git a/ilot/py3-kadmin/APKBUILD b/ilot/py3-kadmin/APKBUILD
deleted file mode 100644
index 894a945..0000000
--- a/ilot/py3-kadmin/APKBUILD
+++ /dev/null
@@ -1,40 +0,0 @@
-# Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
-# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
-pkgname=py3-kadmin
-#_pkgreal is used by apkbuild-pypi to find modules at PyPI
-_pkgreal=kadmin
-pkgver=0.2.0
-pkgrel=0
-pkgdesc="Python module for kerberos admin (kadm5)"
-url="https://github.com/authentik-community/python-kadmin"
-arch="all"
-license="MIT"
-checkdepends="py3-pytest py3-k5test"
-makedepends="py3-setuptools py3-gpep517 py3-wheel poetry python3-dev"
-source="
-	$pkgname-$pkgver.tar.gz::https://github.com/authentik-community/python-kadmin/archive/refs/tags/v$pkgver.tar.gz
-	fix-int-conversion-error.patch"
-builddir="$srcdir"/python-kadmin-$pkgver
-subpackages="$pkgname-pyc"
-
-build() {
-	gpep517 build-wheel \
-		--wheel-dir .dist \
-		--output-fd 3 3>&1 >&2
-}
-
-check() {
-	python3 -m venv --clear --without-pip --system-site-packages .testenv
-	.testenv/bin/python3 -m installer .dist/*.whl
-	.testenv/bin/python3 test/tests.py
-}
-
-package() {
-	python3 -m installer -d "$pkgdir" \
-		.dist/*.whl
-}
-
-sha512sums="
-b405e914cb296f2bfe4f78d2791329804a0db02816182517b59ed1452a21d51dafe303609fddafbbeea57128bba4bcdfcd9b363f193ae0402cc52cf1b3b9020e  py3-kadmin-0.2.0.tar.gz
-e17223f8597d51ea099f5d4483dd72545b7d64ad76895553a6b7112416536aae93a59a2fd7aea044420495ab8146db7290abd826b268b2d6e518442c3c85c506  fix-int-conversion-error.patch
-"
diff --git a/ilot/py3-kadmin/fix-int-conversion-error.patch b/ilot/py3-kadmin/fix-int-conversion-error.patch
deleted file mode 100644
index 445b76b..0000000
--- a/ilot/py3-kadmin/fix-int-conversion-error.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/src/PyKAdminPolicyObject.c.orig b/src/PyKAdminPolicyObject.c
-index 0bf3ee8..68387c4 100644
---- a/src/PyKAdminPolicyObject.c.orig
-+++ b/src/PyKAdminPolicyObject.c
-@@ -120,7 +120,7 @@ PyTypeObject PyKAdminPolicyObject_Type = {
-     sizeof(PyKAdminPolicyObject),             /*tp_basicsize*/
-     0,                         /*tp_itemsize*/
-     (destructor)PyKAdminPolicyObject_dealloc, /*tp_dealloc*/
--    KAdminPolicyObject_print,                         /*tp_print*/
-+    0,                         /*tp_print*/
-     0,                         /*tp_getattr*/
-     0,                         /*tp_setattr*/
-     0,                         /*tp_compare*/

From 46ebb5bf61a0de3b009b7613cd45858879769190 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Mon, 31 Mar 2025 19:56:01 -0400
Subject: [PATCH 13/26] ilot/authentik: upgrade to 2025.2.3

---
 ilot/authentik/APKBUILD | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ilot/authentik/APKBUILD b/ilot/authentik/APKBUILD
index 11bfae8..9018ff2 100644
--- a/ilot/authentik/APKBUILD
+++ b/ilot/authentik/APKBUILD
@@ -1,7 +1,7 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=authentik
-pkgver=2024.12.4
+pkgver=2025.2.3
 pkgrel=0
 pkgdesc="An open-source Identity Provider focused on flexibility and versatility"
 url="https://github.com/goauthentik/authentik"
@@ -53,6 +53,7 @@ depends="
 	py3-fido2
 	py3-flower
 	py3-geoip2
+	py3-geopy
 	py3-google-api-python-client
 	py3-gunicorn
 	py3-httptools
@@ -283,7 +284,7 @@ pyc() {
 }
 
 sha512sums="
-a99ad8d908a0014b87def6c5a6a59226d39e1f76ddff0fbd1ab18dec5c73780180d1bafb6374907cf163e1fe0336ac6c5f86989cee90e60d02df2c1eed9d7e63  authentik-2024.12.4.tar.gz
+20dc45060ebccab996c19cef96291baefdf0f9af609e7e3e58fbda55b3dfb75c46bcb25b51a1e3c48d768fcf5dd9a05612e7cdb06fdf5d904d90d546ef4607d6  authentik-2025.2.3.tar.gz
 4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1  authentik.openrc
 6cb03b9b69df39bb4539fe05c966536314d766b2e9307a92d87070ba5f5b7e7ab70f1b5ee1ab3c0c50c23454f9c5a4caec29e63fdf411bbb7a124ad687569b89  authentik-worker.openrc
 351e6920d987861f8bf0d7ab2f942db716a8dbdad1f690ac662a6ef29ac0fd46cf817cf557de08f1c024703503d36bc8b46f0d9eb1ecaeb399dce4c3bb527d17  authentik-ldap.openrc

From 9080e7c6bad073c00d30bca066734b7bd6c706a1 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Wed, 2 Apr 2025 15:28:38 -0400
Subject: [PATCH 14/26] ilot/mastodon: upgrade to 4.2.20

---
 ilot/mastodon/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ilot/mastodon/APKBUILD b/ilot/mastodon/APKBUILD
index 5ce4fc0..dcf1bd5 100644
--- a/ilot/mastodon/APKBUILD
+++ b/ilot/mastodon/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=mastodon
 _pkgname=$pkgname
-pkgver=4.2.19
+pkgver=4.2.20
 _gittag=v$pkgver
 pkgrel=0
 pkgdesc="Self-hosted social media and network server based on ActivityPub and OStatus"
@@ -192,7 +192,7 @@ assets() {
 }
 
 sha512sums="
-cb57227876fbf8ca358104970de6d0c3c9b5913246df4a0d0cfa35b79fa3961d98c309d77222bf596941842062d099065d4502fc1f3dd4531394350e10a9860c  mastodon-v4.2.19.tar.gz
+132df11b54bf0f900e2ee6e149ddb730706a67fc6130ead63b327028fa590944f21a19bcba07d859885717208b6abc005d0aee7675fd8e0fb09ad8d6f8f631b7  mastodon-v4.2.20.tar.gz
 d49fea9451c97ccefe5e35b68e4274aeb427f9d1e910b89c1f6c810489c3bec1ccff72952fdaef95abf944b8aff0da84a52347540d36ff1fba5ccc19e1d935c6  mastodon.initd
 eefe12a31268245f802222c0001dac884e03adb0d301e53a1512a3cd204836ca03ad083908cd14d146cf0dce99e3a4366570efd0e40a9a490ccd381d4c63c32f  mastodon.web.initd
 8fc9249c01693bb02b8d1a6177288d5d3549addde8c03eb35cc7a32dde669171872ebc2b5deb8019dc7a12970098f1af707171fa41129be31b04e1dc1651a777  mastodon.sidekiq.initd

From 5cf12d075471c63c38957ecde55a88c76cee6b43 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Tue, 8 Apr 2025 20:28:55 -0400
Subject: [PATCH 15/26] ilot/freescout: upgrade to 1.8.174

---
 ilot/freescout/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ilot/freescout/APKBUILD b/ilot/freescout/APKBUILD
index addb28b..1dbbedd 100644
--- a/ilot/freescout/APKBUILD
+++ b/ilot/freescout/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=freescout
-pkgver=1.8.173
+pkgver=1.8.174
 pkgrel=0
 pkgdesc="Free self-hosted help desk & shared mailbox"
 arch="noarch"
@@ -76,7 +76,7 @@ package() {
 	install -m755 -D "$srcdir"/freescout-manage.sh "$pkgdir"/usr/bin/freescout-manage
 }
 sha512sums="
-1d349d2a84985e2ce9e767cdbf40943ffd1926db5e8b56cb9c3c4436f5a3c56f3c63265c4382acaadccf32965c0896e84eed3e2ef970ba2398a57440bf8dbeea  freescout-1.8.173.tar.gz
+c5ec40b3dd7f6f593a950d96632e69d8e0a43e17f566f3d83b52aa44e2aac8ef98c536e9408faa834051d7fb3f07e003642f5e6e2a25a69ea51cf7b96290fb1d  freescout-1.8.174.tar.gz
 e4af6c85dc12f694bef2a02e4664e31ed50b2c109914d7ffad5001c2bbd764ef25b17ecaa59ff55ef41bccf17169bf910d1a08888364bdedd0ecc54d310e661f  freescout.nginx
 7ce9b3ee3a979db44f5e6d7daa69431e04a5281f364ae7be23e5a0a0547f96abc858d2a8010346be2fb99bd2355fb529e7030ed20d54f310249e61ed5db4d0ba  freescout-manage.sh
 0cba00b7d945ce84f72a2812d40028a073a5278856f610e46dbfe0ac78deff6bf5eba7643635fa4bc64d070c4d49eb47d24ea0a05ba1e6ea76690bfd77906366  rename-client-to-membre-fr-en.patch

From 4299ab3906f895343828b6b077b10783fa8d9d97 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Tue, 8 Apr 2025 20:15:09 -0400
Subject: [PATCH 16/26] ilot/authentik: upgrade to 2025.2.4

---
 ilot/authentik/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ilot/authentik/APKBUILD b/ilot/authentik/APKBUILD
index 9018ff2..79b5870 100644
--- a/ilot/authentik/APKBUILD
+++ b/ilot/authentik/APKBUILD
@@ -1,7 +1,7 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=authentik
-pkgver=2025.2.3
+pkgver=2025.2.4
 pkgrel=0
 pkgdesc="An open-source Identity Provider focused on flexibility and versatility"
 url="https://github.com/goauthentik/authentik"
@@ -284,7 +284,7 @@ pyc() {
 }
 
 sha512sums="
-20dc45060ebccab996c19cef96291baefdf0f9af609e7e3e58fbda55b3dfb75c46bcb25b51a1e3c48d768fcf5dd9a05612e7cdb06fdf5d904d90d546ef4607d6  authentik-2025.2.3.tar.gz
+75928b3ab9ae126f3cbe88ff1256de8adba7add099b0d93615abb8c91a2b7f275e83664a232e8c5393c5031bd9757af2f20fdb9d0153dacdf9a482b6b4bb8b00  authentik-2025.2.4.tar.gz
 4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1  authentik.openrc
 6cb03b9b69df39bb4539fe05c966536314d766b2e9307a92d87070ba5f5b7e7ab70f1b5ee1ab3c0c50c23454f9c5a4caec29e63fdf411bbb7a124ad687569b89  authentik-worker.openrc
 351e6920d987861f8bf0d7ab2f942db716a8dbdad1f690ac662a6ef29ac0fd46cf817cf557de08f1c024703503d36bc8b46f0d9eb1ecaeb399dce4c3bb527d17  authentik-ldap.openrc

From a6839d4f3f894cd4b09298d38b9553312047a2a9 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Tue, 6 May 2025 14:02:48 -0400
Subject: [PATCH 17/26] ci: use nodejs-current

---
 .forgejo/workflows/build-aarch64.yaml | 4 ++--
 .forgejo/workflows/build-x86_64.yaml  | 4 ++--
 .forgejo/workflows/check-ilot.yml     | 2 +-
 .forgejo/workflows/lint.yaml          | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.forgejo/workflows/build-aarch64.yaml b/.forgejo/workflows/build-aarch64.yaml
index 0364014..145407b 100644
--- a/.forgejo/workflows/build-aarch64.yaml
+++ b/.forgejo/workflows/build-aarch64.yaml
@@ -19,7 +19,7 @@ jobs:
     steps:
       - name: Environment setup
         run: |
-          doas apk add nodejs git patch curl net-tools
+          doas apk add nodejs-current git patch curl net-tools
           doas hostname host.docker.internal
           cd /etc/apk/keys
           doas curl -JO https://forge.ilot.io/api/packages/ilot/alpine/key
@@ -47,7 +47,7 @@ jobs:
       GITHUB_EVENT_NUMBER: ${{ github.event.number }}
     steps:
       - name: Setting up environment
-        run: apk add nodejs curl findutils git gawk jq
+        run: apk add nodejs-current curl findutils git gawk jq
       - name: Repo pull
         uses: actions/checkout@v4
       - name: Package download
diff --git a/.forgejo/workflows/build-x86_64.yaml b/.forgejo/workflows/build-x86_64.yaml
index c805199..ec280c1 100644
--- a/.forgejo/workflows/build-x86_64.yaml
+++ b/.forgejo/workflows/build-x86_64.yaml
@@ -19,7 +19,7 @@ jobs:
     steps:
       - name: Environment setup
         run: |
-          doas apk add nodejs git patch curl net-tools
+          doas apk add nodejs-current git patch curl net-tools
           doas hostname host.docker.internal
           cd /etc/apk/keys
           doas curl -JO https://forge.ilot.io/api/packages/ilot/alpine/key
@@ -47,7 +47,7 @@ jobs:
       GITHUB_EVENT_NUMBER: ${{ github.event.number }}
     steps:
       - name: Setting up environment
-        run: apk add nodejs curl findutils git gawk jq
+        run: apk add nodejs-current curl findutils git gawk jq
       - name: Repo pull
         uses: actions/checkout@v4
       - name: Package download
diff --git a/.forgejo/workflows/check-ilot.yml b/.forgejo/workflows/check-ilot.yml
index 4361dba..b57e80d 100644
--- a/.forgejo/workflows/check-ilot.yml
+++ b/.forgejo/workflows/check-ilot.yml
@@ -16,7 +16,7 @@ jobs:
       LABEL_NUMBER: 8
     steps:
       - name: Environment setup
-        run: apk add grep coreutils gawk curl wget bash nodejs git jq sed
+        run: apk add grep coreutils gawk curl wget bash nodejs-current git jq sed
       - name: Get scripts
         uses: actions/checkout@v4
         with:
diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml
index 3614deb..12e99b7 100644
--- a/.forgejo/workflows/lint.yaml
+++ b/.forgejo/workflows/lint.yaml
@@ -14,7 +14,7 @@ jobs:
       CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
       CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
     steps:
-      - run: doas apk add nodejs git
+      - run: doas apk add nodejs-current git
       - uses: actions/checkout@v4
         with:
           fetch-depth: 500

From 7040314840e43780c73840dce4cf56e63a45a0c1 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Fri, 9 May 2025 10:36:31 -0400
Subject: [PATCH 18/26] ci: upgrade image before pulling packages

---
 .forgejo/workflows/build-aarch64.yaml | 3 ++-
 .forgejo/workflows/build-x86_64.yaml  | 3 ++-
 .forgejo/workflows/lint.yaml          | 4 +++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.forgejo/workflows/build-aarch64.yaml b/.forgejo/workflows/build-aarch64.yaml
index 145407b..2a4dfc0 100644
--- a/.forgejo/workflows/build-aarch64.yaml
+++ b/.forgejo/workflows/build-aarch64.yaml
@@ -19,7 +19,8 @@ jobs:
     steps:
       - name: Environment setup
         run: |
-          doas apk add nodejs-current git patch curl net-tools
+          doas apk upgrade -a
+          doas apk add nodejs git patch curl net-tools
           doas hostname host.docker.internal
           cd /etc/apk/keys
           doas curl -JO https://forge.ilot.io/api/packages/ilot/alpine/key
diff --git a/.forgejo/workflows/build-x86_64.yaml b/.forgejo/workflows/build-x86_64.yaml
index ec280c1..aaffb72 100644
--- a/.forgejo/workflows/build-x86_64.yaml
+++ b/.forgejo/workflows/build-x86_64.yaml
@@ -19,7 +19,8 @@ jobs:
     steps:
       - name: Environment setup
         run: |
-          doas apk add nodejs-current git patch curl net-tools
+          doas apk upgrade -a
+          doas apk add nodejs git patch curl net-tools
           doas hostname host.docker.internal
           cd /etc/apk/keys
           doas curl -JO https://forge.ilot.io/api/packages/ilot/alpine/key
diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml
index 12e99b7..743cefc 100644
--- a/.forgejo/workflows/lint.yaml
+++ b/.forgejo/workflows/lint.yaml
@@ -14,7 +14,9 @@ jobs:
       CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
       CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
     steps:
-      - run: doas apk add nodejs-current git
+      - run: |
+          doas apk upgrade -a
+          doas apk add nodejs git
       - uses: actions/checkout@v4
         with:
           fetch-depth: 500

From 23161d31ee83f81cee59587bf970e110970d23ae Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Tue, 6 May 2025 13:28:31 -0400
Subject: [PATCH 19/26] ilot/freescout: upgrade to 1.8.175

---
 ilot/freescout/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ilot/freescout/APKBUILD b/ilot/freescout/APKBUILD
index 1dbbedd..5f4eb2d 100644
--- a/ilot/freescout/APKBUILD
+++ b/ilot/freescout/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=freescout
-pkgver=1.8.174
+pkgver=1.8.175
 pkgrel=0
 pkgdesc="Free self-hosted help desk & shared mailbox"
 arch="noarch"
@@ -76,7 +76,7 @@ package() {
 	install -m755 -D "$srcdir"/freescout-manage.sh "$pkgdir"/usr/bin/freescout-manage
 }
 sha512sums="
-c5ec40b3dd7f6f593a950d96632e69d8e0a43e17f566f3d83b52aa44e2aac8ef98c536e9408faa834051d7fb3f07e003642f5e6e2a25a69ea51cf7b96290fb1d  freescout-1.8.174.tar.gz
+aa5f762eddaac34977a42bb59a0c2ec2113b0ad4f04b767465e9c23c4bb5d0dd722432735fb10975c23b0a5ca4a11abcfc52d893a3c6678d4908ceb29cefa736  freescout-1.8.175.tar.gz
 e4af6c85dc12f694bef2a02e4664e31ed50b2c109914d7ffad5001c2bbd764ef25b17ecaa59ff55ef41bccf17169bf910d1a08888364bdedd0ecc54d310e661f  freescout.nginx
 7ce9b3ee3a979db44f5e6d7daa69431e04a5281f364ae7be23e5a0a0547f96abc858d2a8010346be2fb99bd2355fb529e7030ed20d54f310249e61ed5db4d0ba  freescout-manage.sh
 0cba00b7d945ce84f72a2812d40028a073a5278856f610e46dbfe0ac78deff6bf5eba7643635fa4bc64d070c4d49eb47d24ea0a05ba1e6ea76690bfd77906366  rename-client-to-membre-fr-en.patch

From 5944fd27d4f14d5b562ffb58d96a862e1e6ce737 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Tue, 6 May 2025 13:19:44 -0400
Subject: [PATCH 20/26] ilot/nextcloud30: upgrade to 30.0.10

---
 ilot/nextcloud30/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ilot/nextcloud30/APKBUILD b/ilot/nextcloud30/APKBUILD
index 66aca75..161f723 100644
--- a/ilot/nextcloud30/APKBUILD
+++ b/ilot/nextcloud30/APKBUILD
@@ -2,7 +2,7 @@
 # Contributor: jahway603 <jahway603@protonmail.com>
 # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
 _pkgname=nextcloud
-pkgver=30.0.8
+pkgver=30.0.10
 pkgrel=0
 is_latest=true
 _pkgvermaj=${pkgver%%.*}
@@ -310,7 +310,7 @@ _package_app() {
 }
 
 sha512sums="
-0bca2f42ccfb7db4befdd2aeeb1df72d2f9acad88907706f8524ced55bd0213b30b687a5e4c623615e59f22246562e195fd74bbb409c4f60b713482e1237d755  nextcloud-30.0.8.tar.bz2
+c8c9800fff46c5634576b9e0696afd4083e34d24000762ebf3a66192d1dea3f664d1c1d42e6ae262535757991d0a60ee7ee1e1d24757677be56bb8ea7d4d3fd5  nextcloud-30.0.10.tar.bz2
 daeabeaa315bb908cc1e49612cce4b2debd71d17acb84b5d14e15fe124c907884b72d54e9aa669ec209eee1b1934d0bc242d72a28d8db7339cfb08383f66fd5c  nextcloud-dont-chmod.patch
 12f4a39aef0f81a0115c81bf2b345cc194537a7e8300748b800b0e35bc07928091296074b23c2019c17aced69854a11d1ed7225f67eefd27cf00c3969a75c5b0  dont-update-htaccess.patch
 cb04252d01407c7030e87dd54616c621ea0f85ef0212674b1161288182538cae0fb31c67e7cc07c66f9607075774c64e386009cc66365b1f1b155f6ad4f83ac0  disable-integrity-check-as-default.patch

From d095638cf066fd06c46ef54aecebf9cc150ac580 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Fri, 9 May 2025 13:51:15 -0400
Subject: [PATCH 21/26] ilot/go: new aport

---
 ...musl-s-over-glibc-s-ld.so-during-dyn.patch |  45 +++
 ...tch-Go-toolchain-version-as-directed.patch |  29 ++
 ...M-vgetrandom-state-before-dropping-P.patch | 245 ++++++++++++++
 ilot/go/APKBUILD                              | 318 ++++++++++++++++++
 ilot/go/tests-fchmodat-not-supported.patch    |  19 ++
 5 files changed, 656 insertions(+)
 create mode 100644 ilot/go/0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch
 create mode 100644 ilot/go/0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch
 create mode 100644 ilot/go/0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch
 create mode 100644 ilot/go/APKBUILD
 create mode 100644 ilot/go/tests-fchmodat-not-supported.patch

diff --git a/ilot/go/0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch b/ilot/go/0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch
new file mode 100644
index 0000000..2cbbcd9
--- /dev/null
+++ b/ilot/go/0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch
@@ -0,0 +1,45 @@
+From fa8e52baedd21265f69b5f425157e11c8c4ec24a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Sat, 25 Mar 2023 09:08:04 +0100
+Subject: [PATCH] cmd/link: prefer musl's over glibc's ld.so during dynamic
+ linking
+
+Without this commit glibc's is preferred over musl by default. This
+causes issues on Alpine when a dynamically linked Go binary is created
+while gcompat is installed, causing the binary to be linked against
+the ld.so provided by the gcompat package.
+
+This commit changes the logic to check for musl's ld.so first, if it
+does not exist we fallback to glibc. This default can be overwritten
+using the `-I` option of cmd/link.
+
+See https://gitlab.alpinelinux.org/alpine/aports/-/issues/14737
+---
+ src/cmd/link/internal/ld/elf.go | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/cmd/link/internal/ld/elf.go b/src/cmd/link/internal/ld/elf.go
+index 713f7739a5..8cf9377858 100644
+--- a/src/cmd/link/internal/ld/elf.go
++++ b/src/cmd/link/internal/ld/elf.go
+@@ -1886,14 +1886,14 @@ func asmbElf(ctxt *Link) {
+ 						Exitf("ELF interpreter not set")
+ 					}
+ 				} else {
+-					interpreter = thearch.ELF.Linuxdynld
+-					// If interpreter does not exist, try musl instead.
++					interpreter = thearch.ELF.LinuxdynldMusl
++					// If interpreter does not exist, try glibc instead.
+ 					// This lets the same cmd/link binary work on
+-					// both glibc-based and musl-based systems.
++					// both musl-based and glibc-based systems.
+ 					if _, err := os.Stat(interpreter); err != nil {
+-						if musl := thearch.ELF.LinuxdynldMusl; musl != "" {
+-							if _, err := os.Stat(musl); err == nil {
+-								interpreter = musl
++						if glibc := thearch.ELF.Linuxdynld; glibc != "" {
++							if _, err := os.Stat(glibc); err == nil {
++								interpreter = glibc
+ 							}
+ 						}
+ 					}
diff --git a/ilot/go/0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch b/ilot/go/0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch
new file mode 100644
index 0000000..db82330
--- /dev/null
+++ b/ilot/go/0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch
@@ -0,0 +1,29 @@
+From 82ac7268f746c31d771e584c1c83f93890b33404 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Tue, 11 Jul 2023 05:18:00 +0200
+Subject: [PATCH] go.env: Don't switch Go toolchain version as directed in
+ go.mod
+
+We want users and packages to use the version of Go that is provided
+in our package repository. We don't want to download pre-built
+toolchains from golang.org.
+
+Also note that prior to Go 1.21, pre-built Go binaries are linked
+against glibc and hence do not work on Alpine.
+---
+ go.env | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/go.env b/go.env
+index 6ff2b921d4..a106fb4638 100644
+--- a/go.env
++++ b/go.env
+@@ -7,6 +7,5 @@
+ GOPROXY=https://proxy.golang.org,direct
+ GOSUMDB=sum.golang.org
+ 
+-# Automatically download newer toolchains as directed by go.mod files.
+-# See https://go.dev/doc/toolchain for details.
+-GOTOOLCHAIN=auto
++# Don't attempt to switch to a newer toolchains by default.
++GOTOOLCHAIN=local
diff --git a/ilot/go/0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch b/ilot/go/0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch
new file mode 100644
index 0000000..2e02033
--- /dev/null
+++ b/ilot/go/0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch
@@ -0,0 +1,245 @@
+From 5c5b24702f5542fba019d6b98eec6121bc21df31 Mon Sep 17 00:00:00 2001
+From: Michael Pratt <mpratt@google.com>
+Date: Thu, 3 Apr 2025 11:15:13 +0000
+Subject: [PATCH] runtime: cleanup M vgetrandom state before dropping P
+
+When an M is destroyed, we put its vgetrandom state back on the shared
+list for another M to reuse. This list is simply a slice, so appending
+to the slice may allocate. Currently this operation is performed in
+mdestroy, after the P is released, meaning allocation is not allowed.
+
+More the cleanup earlier in mdestroy when allocation is still OK.
+
+Also add //go:nowritebarrierrec to mdestroy since it runs without a P,
+which would have caught this bug.
+
+Fixes #73141.
+
+Change-Id: I6a6a636c3fbf5c6eec09d07a260e39dbb4d2db12
+Reviewed-on: https://go-review.googlesource.com/c/go/+/662455
+Reviewed-by: Jason Donenfeld <Jason@zx2c4.com>
+LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
+Reviewed-by: Keith Randall <khr@golang.org>
+Reviewed-by: Keith Randall <khr@google.com>
+---
+ src/runtime/os3_solaris.go            |  5 ++++-
+ src/runtime/os_aix.go                 |  5 ++++-
+ src/runtime/os_darwin.go              |  5 ++++-
+ src/runtime/os_dragonfly.go           |  5 ++++-
+ src/runtime/os_linux.go               |  9 ++++-----
+ src/runtime/os_netbsd.go              |  5 ++++-
+ src/runtime/os_openbsd.go             |  5 ++++-
+ src/runtime/os_plan9.go               |  5 ++++-
+ src/runtime/os_windows.go             |  4 +++-
+ src/runtime/proc.go                   |  3 +++
+ src/runtime/vgetrandom_linux.go       | 11 +++++++++--
+ src/runtime/vgetrandom_unsupported.go |  2 +-
+ 12 files changed, 48 insertions(+), 16 deletions(-)
+
+diff --git a/src/runtime/os3_solaris.go b/src/runtime/os3_solaris.go
+index cf163a6bf4..ded821b2e6 100644
+--- a/src/runtime/os3_solaris.go
++++ b/src/runtime/os3_solaris.go
+@@ -234,8 +234,11 @@ func unminit() {
+ 	getg().m.procid = 0
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
++// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
++//
++// This always runs without a P, so //go:nowritebarrierrec is required.
++//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+ }
+ 
+diff --git a/src/runtime/os_aix.go b/src/runtime/os_aix.go
+index 93464cb997..1b483c2a7e 100644
+--- a/src/runtime/os_aix.go
++++ b/src/runtime/os_aix.go
+@@ -186,8 +186,11 @@ func unminit() {
+ 	getg().m.procid = 0
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
++// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
++//
++// This always runs without a P, so //go:nowritebarrierrec is required.
++//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+ }
+ 
+diff --git a/src/runtime/os_darwin.go b/src/runtime/os_darwin.go
+index 0ecbea7ae4..6eab3b5c3d 100644
+--- a/src/runtime/os_darwin.go
++++ b/src/runtime/os_darwin.go
+@@ -344,8 +344,11 @@ func unminit() {
+ 	getg().m.procid = 0
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
++// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
++//
++// This always runs without a P, so //go:nowritebarrierrec is required.
++//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+ }
+ 
+diff --git a/src/runtime/os_dragonfly.go b/src/runtime/os_dragonfly.go
+index a02696eb4f..9b3235084d 100644
+--- a/src/runtime/os_dragonfly.go
++++ b/src/runtime/os_dragonfly.go
+@@ -216,8 +216,11 @@ func unminit() {
+ 	getg().m.procid = 0
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
++// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
++//
++// This always runs without a P, so //go:nowritebarrierrec is required.
++//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+ }
+ 
+diff --git a/src/runtime/os_linux.go b/src/runtime/os_linux.go
+index 8b3c4d0ecc..fb46b81682 100644
+--- a/src/runtime/os_linux.go
++++ b/src/runtime/os_linux.go
+@@ -412,13 +412,12 @@ func unminit() {
+ 	getg().m.procid = 0
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
++// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
++//
++// This always runs without a P, so //go:nowritebarrierrec is required.
++//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+-	if mp.vgetrandomState != 0 {
+-		vgetrandomPutState(mp.vgetrandomState)
+-		mp.vgetrandomState = 0
+-	}
+ }
+ 
+ // #ifdef GOARCH_386
+diff --git a/src/runtime/os_netbsd.go b/src/runtime/os_netbsd.go
+index 735ace25ad..a06e5febbd 100644
+--- a/src/runtime/os_netbsd.go
++++ b/src/runtime/os_netbsd.go
+@@ -320,8 +320,11 @@ func unminit() {
+ 	// must continue working after unminit.
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
++// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
++//
++// This always runs without a P, so //go:nowritebarrierrec is required.
++//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+ }
+ 
+diff --git a/src/runtime/os_openbsd.go b/src/runtime/os_openbsd.go
+index 574bfa8b17..4ce4c3c58d 100644
+--- a/src/runtime/os_openbsd.go
++++ b/src/runtime/os_openbsd.go
+@@ -182,8 +182,11 @@ func unminit() {
+ 	getg().m.procid = 0
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
++// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
++//
++// This always runs without a P, so //go:nowritebarrierrec is required.
++//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+ }
+ 
+diff --git a/src/runtime/os_plan9.go b/src/runtime/os_plan9.go
+index 2dbb42ad03..3b5965ab99 100644
+--- a/src/runtime/os_plan9.go
++++ b/src/runtime/os_plan9.go
+@@ -217,8 +217,11 @@ func minit() {
+ func unminit() {
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
++// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
++//
++// This always runs without a P, so //go:nowritebarrierrec is required.
++//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+ }
+ 
+diff --git a/src/runtime/os_windows.go b/src/runtime/os_windows.go
+index 7183e79f7d..54407a320c 100644
+--- a/src/runtime/os_windows.go
++++ b/src/runtime/os_windows.go
+@@ -906,9 +906,11 @@ func unminit() {
+ 	mp.procid = 0
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
++// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
+ //
++// This always runs without a P, so //go:nowritebarrierrec is required.
++//go:nowritebarrierrec
+ //go:nosplit
+ func mdestroy(mp *m) {
+ 	if mp.highResTimer != 0 {
+diff --git a/src/runtime/proc.go b/src/runtime/proc.go
+index e9873e54cd..21bee4df71 100644
+--- a/src/runtime/proc.go
++++ b/src/runtime/proc.go
+@@ -1935,6 +1935,9 @@ func mexit(osStack bool) {
+ 		mp.gsignal = nil
+ 	}
+ 
++	// Free vgetrandom state.
++	vgetrandomDestroy(mp)
++
+ 	// Remove m from allm.
+ 	lock(&sched.lock)
+ 	for pprev := &allm; *pprev != nil; pprev = &(*pprev).alllink {
+diff --git a/src/runtime/vgetrandom_linux.go b/src/runtime/vgetrandom_linux.go
+index a6ec4b701c..40be022f24 100644
+--- a/src/runtime/vgetrandom_linux.go
++++ b/src/runtime/vgetrandom_linux.go
+@@ -73,9 +73,16 @@ func vgetrandomGetState() uintptr {
+ 	return state
+ }
+ 
+-func vgetrandomPutState(state uintptr) {
++// Free vgetrandom state from the M (if any) prior to destroying the M.
++//
++// This may allocate, so it must have a P.
++func vgetrandomDestroy(mp *m) {
++	if mp.vgetrandomState == 0 {
++		return
++	}
++
+ 	lock(&vgetrandomAlloc.statesLock)
+-	vgetrandomAlloc.states = append(vgetrandomAlloc.states, state)
++	vgetrandomAlloc.states = append(vgetrandomAlloc.states, mp.vgetrandomState)
+ 	unlock(&vgetrandomAlloc.statesLock)
+ }
+ 
+diff --git a/src/runtime/vgetrandom_unsupported.go b/src/runtime/vgetrandom_unsupported.go
+index 070392cfaa..43c53e1198 100644
+--- a/src/runtime/vgetrandom_unsupported.go
++++ b/src/runtime/vgetrandom_unsupported.go
+@@ -13,6 +13,6 @@ func vgetrandom(p []byte, flags uint32) (ret int, supported bool) {
+ 	return -1, false
+ }
+ 
+-func vgetrandomPutState(state uintptr) {}
++func vgetrandomDestroy(mp *m) {}
+ 
+ func vgetrandomInit() {}
diff --git a/ilot/go/APKBUILD b/ilot/go/APKBUILD
new file mode 100644
index 0000000..82a98ba
--- /dev/null
+++ b/ilot/go/APKBUILD
@@ -0,0 +1,318 @@
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Contributor: Eivind Uggedal <eu@eju.no>
+# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
+pkgname=go
+# go binaries are statically linked, security updates require rebuilds
+pkgver=1.24.2
+pkgrel=1
+pkgdesc="Go programming language compiler"
+url="https://go.dev/"
+arch="all"
+license="BSD-3-Clause"
+depends="binutils gcc musl-dev"
+makedepends="bash"
+options="!check"
+checkdepends="binutils-gold git git-daemon"
+subpackages="$pkgname-doc"
+source="https://go.dev/dl/go$pkgver.src.tar.gz
+	0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch
+	0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch
+	0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch
+	tests-fchmodat-not-supported.patch
+	"
+case "$CARCH" in
+	arm*|aarch64) depends="$depends binutils-gold";;
+	riscv64|loongarch64)
+		# binutils-gold is not supported on riscv64 and loongarch64.
+		checkdepends="${checkdepends/binutils-gold/}"
+		;;
+esac
+
+# secfixes:
+#   0:
+#     - CVE-2022-41716
+#     - CVE-2022-41720
+#     - CVE-2022-41722
+#     - CVE-2024-24787
+#   1.24.2-r0:
+#     - CVE-2025-22871
+#   1.24.1-r0:
+#     - CVE-2025-22870
+#   1.23.6-r0:
+#     - CVE-2025-22866
+#   1.23.5-r0:
+#     - CVE-2024-45336
+#     - CVE-2024-45341
+#   1.23.1-r0:
+#     - CVE-2024-34155
+#     - CVE-2024-34156
+#     - CVE-2024-34158
+#   1.22.5-r0:
+#     - CVE-2024-24791
+#   1.22.4-r0:
+#     - CVE-2024-24789
+#     - CVE-2024-24790
+#   1.22.3-r0:
+#     - CVE-2024-24788
+#   1.22.2-r0:
+#     - CVE-2023-45288
+#   1.22.1-r0:
+#     - CVE-2024-24783
+#     - CVE-2023-45290
+#     - CVE-2023-45289
+#     - CVE-2024-24785
+#     - CVE-2024-24784
+#   1.21.5-r0:
+#     - CVE-2023-39324
+#     - CVE-2023-39326
+#   1.21.3-r0:
+#     - CVE-2023-39325
+#     - CVE-2023-44487
+#   1.21.2-r0:
+#     - CVE-2023-39323
+#   1.21.1-r0:
+#     - CVE-2023-39318
+#     - CVE-2023-39319
+#     - CVE-2023-39320
+#     - CVE-2023-39321
+#     - CVE-2023-39322
+#   1.20.7-r0:
+#     - CVE-2023-29409
+#   1.20.6-r0:
+#     - CVE-2023-29406
+#   1.20.5-r0:
+#     - CVE-2023-29402
+#     - CVE-2023-29403
+#     - CVE-2023-29404
+#     - CVE-2023-29405
+#   1.20.4-r0:
+#     - CVE-2023-24539
+#     - CVE-2023-24540
+#     - CVE-2023-29400
+#   1.20.3-r0:
+#     - CVE-2023-24537
+#     - CVE-2023-24538
+#     - CVE-2023-24534
+#     - CVE-2023-24536
+#   1.20.2-r0:
+#     - CVE-2023-24532
+#   1.20.1-r0:
+#     - CVE-2022-41725
+#     - CVE-2022-41724
+#     - CVE-2022-41723
+#   1.19.4-r0:
+#     - CVE-2022-41717
+#   1.19.2-r0:
+#     - CVE-2022-2879
+#     - CVE-2022-2880
+#     - CVE-2022-41715
+#   1.19.1-r0:
+#     - CVE-2022-27664
+#     - CVE-2022-32190
+#   1.18.5-r0:
+#     - CVE-2022-32189
+#   1.18.4-r0:
+#     - CVE-2022-1705
+#     - CVE-2022-1962
+#     - CVE-2022-28131
+#     - CVE-2022-30630
+#     - CVE-2022-30631
+#     - CVE-2022-30632
+#     - CVE-2022-30633
+#     - CVE-2022-30635
+#     - CVE-2022-32148
+#   1.18.1-r0:
+#     - CVE-2022-28327
+#     - CVE-2022-27536
+#     - CVE-2022-24675
+#   1.17.8-r0:
+#     - CVE-2022-24921
+#   1.17.7-r0:
+#     - CVE-2022-23772
+#     - CVE-2022-23773
+#     - CVE-2022-23806
+#   1.17.6-r0:
+#     - CVE-2021-44716
+#     - CVE-2021-44717
+#   1.17.3-r0:
+#     - CVE-2021-41772
+#     - CVE-2021-41771
+#   1.17.2-r0:
+#     - CVE-2021-38297
+#   1.17.1-r0:
+#     - CVE-2021-39293
+#   1.17-r0:
+#     - CVE-2020-29509
+#     - CVE-2020-29511
+#     - CVE-2021-29923
+#   1.16.7-r0:
+#     - CVE-2021-36221
+#   1.16.6-r0:
+#     - CVE-2021-34558
+#   1.16.5-r0:
+#     - CVE-2021-33195
+#     - CVE-2021-33196
+#     - CVE-2021-33197
+#     - CVE-2021-33198
+#   1.16.4-r0:
+#     - CVE-2021-31525
+#   1.16.2-r0:
+#     - CVE-2021-27918
+#     - CVE-2021-27919
+#   1.15.7-r0:
+#     - CVE-2021-3114
+#     - CVE-2021-3115
+#   1.15.5-r0:
+#     - CVE-2020-28362
+#     - CVE-2020-28366
+#     - CVE-2020-28367
+#   1.15.2-r0:
+#     - CVE-2020-24553
+#   1.15-r0:
+#     - CVE-2020-16845
+#   1.14.5-r0:
+#     - CVE-2020-15586
+#   1.13.7-r0:
+#     - CVE-2020-7919
+#   1.13.2-r0:
+#     - CVE-2019-17596
+#   1.13.1-r0:
+#     - CVE-2019-16276
+#   1.12.8-r0:
+#     - CVE-2019-9512
+#     - CVE-2019-9514
+#     - CVE-2019-14809
+#   1.11.5-r0:
+#     - CVE-2019-6486
+#   1.9.4-r0:
+#     - CVE-2018-6574
+
+if [ "$CBUILD" = "$CTARGET" ]; then
+	makedepends="go-bootstrap $makedepends"
+	provides="go-bootstrap=$pkgver-r$pkgrel"
+else
+	pkgname="go-bootstrap"
+	makedepends="go $makedepends"
+	# Go expect host linker instead of the cross-compiler
+	export CC_FOR_TARGET="$CC"
+	export CC="${HOSTLD:-gcc}"
+	export CXX="${HOSTLD:-g++}"
+	export LD="${HOSTLD:-ld}"
+fi
+
+case "$CTARGET_ARCH" in
+aarch64) export GOARCH="arm64" ;;
+armel)   export GOARCH="arm" GOARM=5 ;;
+armhf)   export GOARCH="arm" GOARM=6 ;;
+armv7)   export GOARCH="arm" GOARM=7 ;;
+s390x)   export GOARCH="s390x" ;;
+x86)     export GOARCH="386" ;;
+x86_64)  export GOARCH="amd64" ;;
+ppc64)   export GOARCH="ppc64" ;;
+ppc64le) export GOARCH="ppc64le" ;;
+riscv64) export GOARCH="riscv64" ;;
+loongarch64) export GOARCH="loong64" ;;
+*)       export GOARCH="unsupported";;
+esac
+
+# compile go itself as a PIE on supported arches.
+case "$CARCH" in
+x86_64|s390x|aarch64) export GO_LDFLAGS=-buildmode=pie ;;
+esac
+
+prepare() {
+	default_prepare
+
+	# The GitLab CI builds aports in a container. On ppc64le, ASLR
+	# needs to be disabled in order to have the following test case
+	# pass. However, the container doesn't have permissions to
+	# disable ASLR, hence we just disable this test for now.
+	#
+	# See https://github.com/golang/go/issues/49066#issuecomment-1252948861
+	if [ "$CTARGET_ARCH" = "ppc64le" ]; then
+		rm test/fixedbugs/bug513.go
+	fi
+}
+
+builddir="$srcdir"/go
+build() {
+	cd "$builddir/src"
+
+	export GOOS="linux"
+	export GOPATH="$srcdir"
+	export GOROOT="$builddir"
+	export GOBIN="$GOROOT"/bin
+	export GOROOT_FINAL=/usr/lib/go
+
+	local p; for p in /usr/lib/go-bootstrap /usr/lib/go-linux-$GOARCH-bootstrap /usr/lib/go; do
+		if [ -d "$p" ]; then
+			export GOROOT_BOOTSTRAP="$p"
+			break
+		fi
+	done
+
+	./make.bash -v
+
+	# copied from bootstrap.bash to fixup cross-built bootstrap go
+	if [ "$CBUILD" != "$CTARGET" ]; then
+		local gohostos="$(../bin/go env GOHOSTOS)"
+		local gohostarch="$(../bin/go env GOHOSTARCH)"
+		mv ../bin/*_*/* ../bin
+		rmdir ../bin/*_*
+		rm -rf "../pkg/${gohostos}_$gohostarch"* "../pkg/tool/${gohostos}_$gohostarch"*
+		rm -rf ../pkg/bootstrap ../pkg/obj
+	fi
+}
+
+check() {
+	cd "$builddir/src"
+	if [ "$CTARGET_ARCH" = "armhf" ]; then
+		export GO_TEST_TIMEOUT_SCALE=2
+	fi
+
+	# Test suite does not pass with ccache, thus remove it form $PATH.
+	export PATH="$(echo "$PATH" | sed 's|/usr/lib/ccache/bin:||g')"
+
+	PATH="$builddir/bin:$PATH" ./run.bash -no-rebuild
+}
+
+package() {
+	mkdir -p "$pkgdir"/usr/bin "$pkgdir"/usr/lib/go/bin "$pkgdir"/usr/share/doc/go
+
+	for binary in go gofmt; do
+		install -Dm755 bin/"$binary" "$pkgdir"/usr/lib/go/bin/"$binary"
+		ln -s /usr/lib/go/bin/"$binary" "$pkgdir"/usr/bin/
+	done
+
+	cp -a misc pkg src lib "$pkgdir"/usr/lib/go
+	cp -r doc "$pkgdir"/usr/share/doc/go
+	rm -rf "$pkgdir"/usr/lib/go/pkg/obj
+	rm -rf "$pkgdir"/usr/lib/go/pkg/bootstrap
+	rm -f  "$pkgdir"/usr/lib/go/pkg/tool/*/api
+
+	# Install go.env, see https://go.dev/doc/toolchain#GOTOOLCHAIN.
+	install -Dm644 "$builddir"/go.env "$pkgdir"/usr/lib/go/go.env
+	install -Dm644 VERSION "$pkgdir/usr/lib/go/VERSION"
+
+	# Remove tests from /usr/lib/go/src to reduce package size,
+	# these should not be needed at run-time by any program.
+	find "$pkgdir"/usr/lib/go/src \( -type f -a -name "*_test.go" \) \
+		-exec rm -rf \{\} \+
+	find "$pkgdir"/usr/lib/go/src \( -type d -a -name "testdata" \) \
+		-exec rm -rf \{\} \+
+
+	# Remove rc (plan 9) and bat scripts (windows) to reduce package
+	# size further. The bash scripts are actually needed at run-time.
+	#
+	# See: https://gitlab.alpinelinux.org/alpine/aports/issues/11091
+	find "$pkgdir"/usr/lib/go/src -type f -a \( -name "*.rc" -o -name "*.bat" \) \
+		-exec rm -rf \{\} \+
+}
+
+sha512sums="
+6366a32f6678e7908b138f62dafeed96f7144b3b93505e75fba374b33727da8b1d087c1f979f493382b319758ebfcbeb30e9d7dadcb2923b628c8abe7db41c6f  go1.24.2.src.tar.gz
+34dbe032c5f08dd8a7aad36fc4d54e746a876fdadc25466888a2f04f5a9d53103190ebd68d3cf978d3a041976185e30ffb25611fb577d031c159810d2d4c7c41  0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch
+8061e4ef9d7dd31804bd8d98c95afa5dd82567940b3436f45f874e0419e324b49713d8a814df04617e575ec3c6155199c4661352ea8aef63ead81ca3020f3dc4  0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch
+d56b796ac81f8901cf426711e381b386ec6e039090fd914ebb2246e5b2ccaa6c1dcb40810a886c5e1b0a748c9bcd4cfe9749d85da91e7ce4c11aaf470295e549  0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch
+33ecefca77fa0af52a3b2b66a76977af27a88c8dddb89f03e0a5ae6794b9aac53a62d7be33020b49022e9a89d4cdfa383038ee10e160eb94548b2430bf3cfb5e  tests-fchmodat-not-supported.patch
+"
diff --git a/ilot/go/tests-fchmodat-not-supported.patch b/ilot/go/tests-fchmodat-not-supported.patch
new file mode 100644
index 0000000..168ca71
--- /dev/null
+++ b/ilot/go/tests-fchmodat-not-supported.patch
@@ -0,0 +1,19 @@
+Without this patch, the TestFchmodat fails on our arm CI with:
+
+	syscall_linux_test.go:139: Fchmodat: unexpected error: operation not permitted, expected EOPNOTSUPP
+
+The "operation not permitted" means that EPERM was returned which
+is likely due to the security policy of our CI container.
+
+diff -upr go.orig/src/syscall/syscall_linux_test.go go/src/syscall/syscall_linux_test.go
+--- go.orig/src/syscall/syscall_linux_test.go	2024-02-07 22:54:39.316022227 +0100
++++ go/src/syscall/syscall_linux_test.go	2024-02-07 22:56:05.104871102 +0100
+@@ -135,7 +135,7 @@ func TestFchmodat(t *testing.T) {
+ 	}
+ 
+ 	err = syscall.Fchmodat(_AT_FDCWD, "symlink1", 0444, _AT_SYMLINK_NOFOLLOW)
+-	if err != syscall.EOPNOTSUPP {
++	if !testenv.SyscallIsNotSupported(err) && err != syscall.EOPNOTSUPP {
+ 		t.Fatalf("Fchmodat: unexpected error: %v, expected EOPNOTSUPP", err)
+ 	}
+ }

From 7d89efbe5be910512b023188b838e1475483b829 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Tue, 6 May 2025 13:25:32 -0400
Subject: [PATCH 22/26] ilot/forgejo-aneksajo: upgrade to 11.0.0_git0

---
 ilot/forgejo-aneksajo/APKBUILD | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ilot/forgejo-aneksajo/APKBUILD b/ilot/forgejo-aneksajo/APKBUILD
index d9e09b9..d3a4462 100644
--- a/ilot/forgejo-aneksajo/APKBUILD
+++ b/ilot/forgejo-aneksajo/APKBUILD
@@ -4,7 +4,7 @@
 # Contributor: Patrycja Rosa <alpine@ptrcnull.me>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=forgejo-aneksajo
-pkgver=10.0.3_git0
+pkgver=11.0.0_git0
 _gittag=v${pkgver/_git/-git-annex}
 pkgrel=0
 pkgdesc="Self-hosted Git service written in Go with git-annex support"
@@ -60,7 +60,7 @@ build() {
 	export CGO_LDFLAGS="$LDFLAGS"
 	unset LDFLAGS
 	## make FHS compliant
-	local setting="code.gitea.io/gitea/modules/setting"
+	local setting="forgejo.org/modules/setting"
 	export LDFLAGS="$LDFLAGS -X $setting.CustomConf=/etc/forgejo/app.ini"
 	export LDFLAGS="$LDFLAGS -X $setting.AppWorkPath=/var/lib/forgejo/"
 
@@ -106,7 +106,7 @@ package() {
 }
 
 sha512sums="
-e32c919228df167374e8f3099e2e59bfab610aac6c87465318efe1cac446d014535e270f57b0bf8b2a7eb3843c5dcb189eac4dad2e230b57acd9096ead647eca  forgejo-aneksajo-v10.0.3-git-annex0.tar.gz
+07f72fcd3bb02a6bbfbcf73f8526c51f1f3fe39d2a504395dfb0997743a190bd210389d58114aaf546fb6d0fabaa80a54240632e11eeba35250b9e6b9b63f438  forgejo-aneksajo-v11.0.0-git-annex0.tar.gz
 497d8575f2eb5ac43baf82452e76007ef85e22cca2cc769f1cf55ffd03d7ce4d50ac4dc2b013e23086b7a5577fc6de5a4c7e5ec7c287f0e3528e908aaa2982aa  forgejo-aneksajo.initd
 b537b41b6b3a945274a6028800f39787b48c318425a37cf5d40ace0d1b305444fd07f17b4acafcd31a629bedd7d008b0bb3e30f82ffeb3d7e7e947bdbe0ff4f3  forgejo-aneksajo.ini
 "

From eab8fee00d3f4007f9a8d6cab2ec252005d329ae Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Tue, 6 May 2025 13:26:49 -0400
Subject: [PATCH 23/26] ilot/listmonk: upgrade to 5.0.0

---
 ilot/listmonk/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ilot/listmonk/APKBUILD b/ilot/listmonk/APKBUILD
index 1bf9721..704084b 100644
--- a/ilot/listmonk/APKBUILD
+++ b/ilot/listmonk/APKBUILD
@@ -1,7 +1,7 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=listmonk
-pkgver=4.1.0
+pkgver=5.0.0
 pkgrel=0
 pkgdesc='Self-hosted newsletter and mailing list manager with a modern dashboard'
 arch="all"
@@ -67,7 +67,7 @@ package() {
 	ln -s /etc/listmonk/config.toml "$pkgdir"/usr/share/webapps/listmonk/config.toml
 }
 sha512sums="
-936b33d6de1d69ee4e7f768810116ac997c516754aace0371089bc8106bebee944197864afc11b7bc5725afa9a4f195d6629957bfcdd37c847e3780aa34558ec  listmonk-4.1.0.tar.gz
+b0875124106ac737550eb340c209f079698c0b9e1f1e55c70eca113720dbc9dcfaac63aa65722299a1448a582cedf0f9ee20b24ea0625d4e780d83e0d6bab198  listmonk-5.0.0.tar.gz
 939450af4b23708e3d23a5a88fad4c24b957090bdd21351a6dd520959e52e45e5fcac117a3eafa280d9506616dae39ad3943589571f008cac5abe1ffd8062424  listmonk.sh
 8e9c0b1f335c295fb741418246eb17c7566e5e4200a284c6483433e8ddbf5250aa692435211cf062ad1dfcdce3fae9148def28f03f2492d33fe5e66cbeebd4bd  listmonk.openrc
 "

From e2f0f1f00521b1a04902e16d62261df89e44c7bf Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Sun, 11 May 2025 11:39:57 -0400
Subject: [PATCH 24/26] ci: update create_issue to support forgejo 11

---
 .forgejo/bin/create_issue.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.forgejo/bin/create_issue.sh b/.forgejo/bin/create_issue.sh
index 6369371..995e519 100755
--- a/.forgejo/bin/create_issue.sh
+++ b/.forgejo/bin/create_issue.sh
@@ -15,10 +15,10 @@ does_it_exist() {
 	repo=$4
 
 	query="$repo/$name: upgrade to $upstream_version"
-	query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )"
+	query="%22$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )%22"
 
 	result="$(curl --silent -X 'GET' \
-		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
+		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \
 		-H 'accept: application/json' \
 		-H "Authorization: token $ISSUE_TOKEN"
 	)"
@@ -35,10 +35,10 @@ is_it_old() {
 	repo=$4
 
 	query="$repo/$name: upgrade to"
-	query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )"
+	query="%22$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )%22"
 
 	result="$(curl --silent -X 'GET' \
-		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
+		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \
 		-H 'accept: application/json' \
 		-H "authorization: token $ISSUE_TOKEN"
 	)"
@@ -126,10 +126,10 @@ fi
 
 if [ -f not_in_anitya ]; then
 	query="Add missing $repo packages to anitya"
-	query="$(echo $query | sed 's| |%20|g')"
+	query="%22$(echo $query | sed 's| |%20|g')%22"
 
 	result="$(curl --silent -X 'GET' \
-		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \
+		"$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \
 		-H 'accept: application/json' \
 		-H "authorization: token $ISSUE_TOKEN"
 	)"

From f49fa2189472f976b1feeea7ad03f0034a10f72d Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Thu, 15 May 2025 14:46:27 -0400
Subject: [PATCH 25/26] ci: track authentik old stable versions

---
 .forgejo/bin/check_ver.sh | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/.forgejo/bin/check_ver.sh b/.forgejo/bin/check_ver.sh
index 66c7fd0..e2a57b8 100755
--- a/.forgejo/bin/check_ver.sh
+++ b/.forgejo/bin/check_ver.sh
@@ -19,7 +19,20 @@ for pkg in $owned_by_you; do
 	downstream_version=${downstream_version/-*}
 
 	# special case for forgejo-aneksajo:
-	upstream_version=${upstream_version/-git-annex/_git}
+		# special cases
+	case $pkg in
+		forgejo-aneksajo)upstream_version=${upstream_version/-git-annex/_git};;
+		authentik)
+			upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/projects/?name=authentik&distribution=Alpine" | jq -r '.items.[].stable_versions' | jq -r ".[] | match(\"${downstream_version%.*}.*\").string" | head -n 1)
+			latest_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=authentik&distribution=Alpine" | jq -r '.items.[].stable_version' )
+			# append version number to signal that this is not latest major version
+			if [ "${upstream_version%.*}" != "${latest_version%.*}" ]; then
+				echo "$pkg${latest_version%.*} major version available"
+				echo "$pkg${latest_version%.*} $downstream_version $latest_version $repo" >> out_of_date
+				pkg=authentik${upstream_version%.*}
+			fi
+		;;
+	esac
 
 	if [ -z "$upstream_version" ]; then
 		echo "$pkg not in anitya"

From 0caef84127c9d6ac94fccdc9cedf6fe4906907d5 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Thu, 15 May 2025 14:52:11 -0400
Subject: [PATCH 26/26] ci: add special case for mastodon to track current
 major version

---
 .forgejo/bin/check_ver.sh | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/.forgejo/bin/check_ver.sh b/.forgejo/bin/check_ver.sh
index e2a57b8..05c2b54 100755
--- a/.forgejo/bin/check_ver.sh
+++ b/.forgejo/bin/check_ver.sh
@@ -18,18 +18,27 @@ for pkg in $owned_by_you; do
 	downstream_version=$(sed -n "/^P:$pkg$/,/^$/p" APKINDEX | awk -F ':' '{if($1=="V"){print $2}}' | sort -V | tail -n 1)
 	downstream_version=${downstream_version/-*}
 
-	# special case for forgejo-aneksajo:
-		# special cases
+	# special cases
 	case $pkg in
 		forgejo-aneksajo)upstream_version=${upstream_version/-git-annex/_git};;
 		authentik)
-			upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/projects/?name=authentik&distribution=Alpine" | jq -r '.items.[].stable_versions' | jq -r ".[] | match(\"${downstream_version%.*}.*\").string" | head -n 1)
-			latest_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=authentik&distribution=Alpine" | jq -r '.items.[].stable_version' )
+			upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/projects/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_versions' | jq -r ".[] | match(\"${downstream_version%.*}.*\").string" | head -n 1)
+			latest_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_version' )
 			# append version number to signal that this is not latest major version
 			if [ "${upstream_version%.*}" != "${latest_version%.*}" ]; then
 				echo "$pkg${latest_version%.*} major version available"
 				echo "$pkg${latest_version%.*} $downstream_version $latest_version $repo" >> out_of_date
-				pkg=authentik${upstream_version%.*}
+				pkg=$pkg${upstream_version%.*}
+			fi
+		;;
+		mastodon)
+			upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/projects/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_versions' | jq -r ".[] | match(\"${downstream_version%.*}.*\").string" | head -n 1)
+			latest_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_version' )
+			# append version number to signal that this is not latest major version
+			if [ "${upstream_version%.*}" != "${latest_version%.*}" ]; then
+				echo "$pkg${latest_version%.*} major version available"
+				echo "$pkg${latest_version%.*} $downstream_version $latest_version $repo" >> out_of_date
+				pkg=$pkg${upstream_version%.*}
 			fi
 		;;
 	esac