Using `rm -rf` is almost guaranteed to cause data loss, and loses all
protection against rollbac...

For now, build fails all the time because of missing tb version.
See for example: https://gitlab...

Also fix issues caught by shellcheck.

* origin/pr/29:
Use correct function for substitution
Use subprocess.DEVNULL instead of an e...

We disable them for now, there is several fixes needed.

Avoid an AttributeError. Found by mypy.

This avoids leaks and is more idiomatic.

Avoids leaking zombie processes and a mypy error.

We don't skip updating source now when fetch is called again and
sources are present locally.

We don't use admin.vm.Shutdown anymore.

We only upload what's locally built by the builder, not the entire
repository tree.

It is dist independant and should not be duplicated. Keep for
now message saying there is nothin...

For now, only components build is supported using
qubesbuilder.TriggerBuild

We add support to merge fetched sources into existing local
sources previously cloned.

This turns out to reduce its attack surface.

FIXME: should C.UTF-8 be used instead?

In addition to validating that the command is known and does not have
disallowed characters, val...

It specifically checks commands from GitHub comments.

It takes a release_name argument that was not mentioned.

Most people, including myself, have not memorized the ASCII chart.

If the command does not end with a newline, the subsequent split would
return an iterable of len...

Even post-quantum signatures fit in that.

The main function was getting long and unwieldy.

The base64 module is just a wrapper for the built-in functions in the
binascii module.

The latter better reflects what it is.

It turns out to be both simpler and more correct to do it this way, and
Python's bytes.replace()...

Use a custom exception class to avoid spewing a useless traceback.

This ensures that the rest of the code does not need to deal with
non-ASCII characters.

It turns out that there are other users of this code that are not part
of this repository, and r...

It should be ignored, but the armor parser rejects it. Strip it out in
the webhook.

- Use 'set -eu'
- Check that there is exactly one argument
- Check that the component name is no...

The new parser rejects this. This also ensures that a trailing newline
in the comment is not re...

Commands must be ASCII; enforce this.

TypeError and KeyError should only be thrown when accessing the parsed
JSON.

The only configuration is a list of modules, and there is only one
valid configuration. Hard-co...

'lenlen' is not the correct variable name.

-----BEGIN PGP SIGNATURE----- should be followed by a blank line, but
the absence of such a line...

Now that a reconstructed version of the signature is sent to GnuPG,
there is no point in being s...

Those could be an option injection attempt.

This avoids an untrusted binary file appearing in the filesystem. The
armored file is safe to v...

The assertion could fail on crafted inputs.

This will be helpful if this test ever fails.

This is implied by the requirement that the armored signature have at
least 64 bytes of base64 d...

Also remove some code duplication.

Check that the signature is v4, that the hash algorithm in the signature
matches the one in the ...

Subscripting a list, int, float, bool, or None with a string will throw
a TypeError. Catch that.

The new qrexec service has a very strict parser. Ensure that all
carriage returns and leading a...

This adds a hardened command parser in Python, replacing the old awk
script. The new parser per...

Importing from https://github.com/QubesOS/qubes-builder-github/commits/7ede45ef3dc49de7bf42af614...

We ensure that for source, build, sign and publish we have the
required previous stage artifacts...

When special keys "distributions", "components", "templates" or
"stages" are prefixed with "+" t...

We step back on not allowing 'name' in files section in .qubesbuilder.
When a URL has not the go...