From 36d6504fa83bebccf5a6a1f145874e84264bdc9d Mon Sep 17 00:00:00 2001
From: Andreas Glashauser <ag@andreasglashauser.com>
Date: Tue, 1 Apr 2025 09:53:40 +0200
Subject: [PATCH] CHANGED: Mitigate Fedora issue by replacing file.managed
 source: in common.onionize-repositories

---
 .../files/derivative.list                     | 19 +++++++++
 ...onize-repositories--fedora-qubes-repos.sls | 40 ++++++++++++++++++-
 ...onionize-repositories--whonix-derivate.sls | 10 +++--
 3 files changed, 65 insertions(+), 4 deletions(-)
 create mode 100644 user_salt/common/onionize-repositories/files/derivative.list

diff --git a/user_salt/common/onionize-repositories/files/derivative.list b/user_salt/common/onionize-repositories/files/derivative.list
new file mode 100644
index 0000000..8bbe4bc
--- /dev/null
+++ b/user_salt/common/onionize-repositories/files/derivative.list
@@ -0,0 +1,19 @@
+## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
+## See the file COPYING for copying conditions.
+
+## /etc/apt/sources.list.d/derivative.list
+
+## This file has been automatically created by repository-dist.
+## If you make manual changes to it, your changes get lost next time you run
+## the repository-dist tool.
+## You can conveniently manage this file, using the repository-dist tool.
+## For any modifications (delete this file, use stable version, use testers
+## version or use developers version), please use the repository-dist tool.
+## Run:
+##    sudo repository-dist
+## Leaving source line disabled by default to save some time, it's not useful
+## anyway, since it's better to get the source code from the git repository.
+
+deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm main contrib non-free
+#deb-src [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm main contrib non-free
+
diff --git a/user_salt/common/onionize-repositories/onionize-repositories--fedora-qubes-repos.sls b/user_salt/common/onionize-repositories/onionize-repositories--fedora-qubes-repos.sls
index 8b41292..da64afd 100644
--- a/user_salt/common/onionize-repositories/onionize-repositories--fedora-qubes-repos.sls
+++ b/user_salt/common/onionize-repositories/onionize-repositories--fedora-qubes-repos.sls
@@ -3,7 +3,45 @@
 onionize-repositories--fedora-qubes-repos:
   file.managed: 
     - name: /etc/yum.repos.d/qubes-r4.repo
-    - source: salt://common/onionize-repositories/files/fedora-qubes-r4.repo
+    - contents: |
+        [qubes-vm-r4.2-current]
+        name = Qubes OS Repository for VM (updates)
+        #baseurl = https://yum.qubes-os.org/r4.2/current/vm/fc$releasever
+        baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/current/vm/fc$releasever
+        gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4.2-primary
+        skip_if_unavailable=False
+        gpgcheck = 1
+        repo_gpgcheck = 1
+        enabled=1
+        
+        [qubes-vm-r4.2-current-testing]
+        name = Qubes OS Repository for VM (updates-testing)
+        #baseurl = https://yum.qubes-os.org/r4.2/current-testing/vm/fc$releasever
+        baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/current-testing/vm/fc$releasever
+        gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4.2-primary
+        skip_if_unavailable=False
+        gpgcheck = 1
+        repo_gpgcheck = 1
+        enabled=0
+        
+        [qubes-vm-r4.2-security-testing]
+        name = Qubes OS Repository for VM (security-testing)
+        #baseurl = https://yum.qubes-os.org/r4.2/security-testing/vm/fc$releasever
+        baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/security-testing/vm/fc$releasever
+        gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4.2-primary
+        skip_if_unavailable=False
+        gpgcheck = 1
+        repo_gpgcheck = 1
+        enabled=0
+        
+        [qubes-vm-r4.2-unstable]
+        name = Qubes OS Repository for VM (unstable)
+        #baseurl = https://yum.qubes-os.org/r4.2/unstable/vm/fc$releasever
+        baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/unstable/vm/fc$releasever
+        gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4.2-unstable
+        gpgcheck = 1
+        repo_gpgcheck = 1
+        enabled=0
     - user: root
     - group: root
     - mode: 600
diff --git a/user_salt/common/onionize-repositories/onionize-repositories--whonix-derivate.sls b/user_salt/common/onionize-repositories/onionize-repositories--whonix-derivate.sls
index 57ff039..a35c3e4 100644
--- a/user_salt/common/onionize-repositories/onionize-repositories--whonix-derivate.sls
+++ b/user_salt/common/onionize-repositories/onionize-repositories--whonix-derivate.sls
@@ -1,7 +1,11 @@
-{% if 'whonix' in grains['id'] %}
+{% if 'whonix' in grains['id'] and not 'dvm' in grains['id'] %}
 
 onionize-repositories--whonix-derivative:
-  cmd.run:
-    - name: repository-dist --enable --transport onion 
+  file.managed:
+    - name: /etc/apt/sources.list.d/derivative.list
+    - source: salt://common/onionize-repositories/files/derivative.list
+    - user: root
+    - group: root
+    - mode: 644
 
 {% endif %}
-- 
2.39.5