From 39de082b7097090c4f70c7a821acf3899f28b67a Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Tue, 12 Jul 2022 11:15:51 +0000
Subject: [PATCH] feat: Part 1 of KubeZero 1.23 cycle

---
 Makefile                                      |   4 +-
 scripts/bootstrap.sh                          | 155 ++++++++++++++++++
 scripts/mkimg.standard.sh                     |  90 ++++++++++
 v3.16/aws-iam-authenticator/APKBUILD          |  24 +++
 v3.16/aws-neuron-driver/APKBUILD              |  46 ++++++
 v3.16/cri-o/APKBUILD                          |  99 +++++++++++
 v3.16/cri-o/cni-plugins-path.patch            |  23 +++
 v3.16/cri-o/crio.conf                         |   5 +
 v3.16/cri-o/crio.initd                        |  35 ++++
 v3.16/cri-o/crio.logrotated                   |   7 +
 v3.16/cri-o/fix-test.patch                    |  44 +++++
 v3.16/cri-o/makefile-fix-install.patch        | 138 ++++++++++++++++
 v3.16/cri-o/remove-systemd-files.patch        |  13 ++
 v3.16/cri-tools/APKBUILD                      |  25 +++
 v3.16/ecr-credential-provider/APKBUILD        |  28 ++++
 v3.16/etcdhelper/APKBUILD                     |  26 +++
 v3.16/fluent-bit/APKBUILD                     |  88 ++++++++++
 v3.16/fluent-bit/chunkio-static-lib-fts.patch |  10 ++
 v3.16/fluent-bit/fluent-bit.confd             |   1 +
 v3.16/fluent-bit/fluent-bit.initd             |  11 ++
 v3.16/openvpn_exporter/APKBUILD               |  24 +++
 21 files changed, 894 insertions(+), 2 deletions(-)
 create mode 100755 scripts/bootstrap.sh
 create mode 100755 scripts/mkimg.standard.sh
 create mode 100644 v3.16/aws-iam-authenticator/APKBUILD
 create mode 100644 v3.16/aws-neuron-driver/APKBUILD
 create mode 100644 v3.16/cri-o/APKBUILD
 create mode 100644 v3.16/cri-o/cni-plugins-path.patch
 create mode 100644 v3.16/cri-o/crio.conf
 create mode 100755 v3.16/cri-o/crio.initd
 create mode 100644 v3.16/cri-o/crio.logrotated
 create mode 100644 v3.16/cri-o/fix-test.patch
 create mode 100644 v3.16/cri-o/makefile-fix-install.patch
 create mode 100644 v3.16/cri-o/remove-systemd-files.patch
 create mode 100644 v3.16/cri-tools/APKBUILD
 create mode 100644 v3.16/ecr-credential-provider/APKBUILD
 create mode 100644 v3.16/etcdhelper/APKBUILD
 create mode 100644 v3.16/fluent-bit/APKBUILD
 create mode 100644 v3.16/fluent-bit/chunkio-static-lib-fts.patch
 create mode 100644 v3.16/fluent-bit/fluent-bit.confd
 create mode 100644 v3.16/fluent-bit/fluent-bit.initd
 create mode 100644 v3.16/openvpn_exporter/APKBUILD

diff --git a/Makefile b/Makefile
index df16ad0..a729373 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
-BUILDER ?= v3.15.2-1
-RELEASE := v3.15
+BUILDER ?= v3.16.0
+RELEASE := v3.16
 PKG := '*'
 
 .PHONY: builder aports_update download upload
diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh
new file mode 100755
index 0000000..8f4cb43
--- /dev/null
+++ b/scripts/bootstrap.sh
@@ -0,0 +1,155 @@
+#!/bin/sh
+
+set -e
+
+TARGET_ARCH="$1"
+SUDO_APK=abuild-apk
+
+# optional cross build packages
+: ${KERNEL_PKG=linux-firmware linux-lts}
+
+# get abuild configurables
+[ -e /usr/share/abuild/functions.sh ] || (echo "abuild not found" ; exit 1)
+CBUILDROOT="$(CTARGET=$TARGET_ARCH . /usr/share/abuild/functions.sh ; echo $CBUILDROOT)"
+. /usr/share/abuild/functions.sh
+[ -z "$CBUILD_ARCH" ] && die "abuild is too old (use 2.29.0 or later)"
+[ -z "$CBUILDROOT" ] && die "CBUILDROOT not set for $TARGET_ARCH"
+export CBUILD
+
+# deduce aports directory
+[ -z "$APORTS" ] && APORTS=$(realpath $(dirname $0)/../)
+[ -e "$APORTS/main/build-base" ] || die "Unable to deduce aports base checkout"
+
+apkbuildname() {
+	local repo="${1%%/*}"
+	local pkg="${1##*/}"
+	[ "$repo" = "$1" ] && repo="main"
+	echo $APORTS/$repo/$pkg/APKBUILD
+}
+
+msg() {
+	[ -n "$quiet" ] && return 0
+	local prompt="$GREEN>>>${NORMAL}"
+	local name="${BLUE}bootstrap-${TARGET_ARCH}${NORMAL}"
+        printf "${prompt} ${name}: %s\n" "$1" >&2
+}
+
+if [ -z "$TARGET_ARCH" ]; then
+	program=$(basename $0)
+	cat <<EOF
+usage: $program TARGET_ARCH
+
+This script creates a local cross-compiler, and uses it to
+cross-compile an Alpine Linux base system for new architecture.
+
+Steps for introducing new architecture include:
+- adding the compiler triplet and arch type to abuild
+- adding the arch type detection to apk-tools
+- adjusting build rules for packages that are arch aware:
+  gcc, openssl, linux-headers
+- create new kernel config for linux-lts
+
+After these steps the initial cross-build can be completed
+by running this with the target arch as parameter, e.g.:
+	./$program aarch64
+
+The cross-compiler generated by this script is not intended
+nor supported for any use other than building the base system
+and other packages in the bootstrap path.
+
+EOF
+	return 1
+fi
+
+if [ ! -d "$CBUILDROOT" ]; then
+	msg "Creating sysroot in $CBUILDROOT"
+	mkdir -p "$CBUILDROOT/etc/apk/keys"
+	# /etc/apk/keys and ~/.abuild/ can contain files with the same names.
+	# if that is the case, cp will abort copying and fail. Then on the next
+	# run of the bootstrap script, 1) the keys are not in the sysroot and 
+	# 2) the apk database is not initialized the sysroot
+	# Thus it's unusable at that point and needs to be deleted manually.
+	cp -a /etc/apk/keys/* "$CBUILDROOT/etc/apk/keys"
+	cp -a ~/.abuild/*.pub "$CBUILDROOT/etc/apk/keys"
+	${SUDO_APK} add --quiet --initdb --arch $TARGET_ARCH --root $CBUILDROOT
+fi
+
+msg "Building cross-compiler"
+
+# Build and install cross binutils (--with-sysroot)
+CTARGET=$TARGET_ARCH BOOTSTRAP=nobase APKBUILD=$(apkbuildname binutils) abuild -r
+
+if ! CHOST=$TARGET_ARCH BOOTSTRAP=nolibc APKBUILD=$(apkbuildname musl) abuild up2date 2>/dev/null; then
+	# C-library headers for target
+	CHOST=$TARGET_ARCH BOOTSTRAP=nocc APKBUILD=$(apkbuildname musl) abuild -r
+
+	# Minimal cross GCC
+	EXTRADEPENDS_HOST="musl-dev" \
+	CTARGET=$TARGET_ARCH BOOTSTRAP=nolibc APKBUILD=$(apkbuildname gcc) abuild -r
+
+	# Cross build bootstrap C-library for the target
+	EXTRADEPENDS_BUILD="gcc-pass2-$TARGET_ARCH" \
+	CHOST=$TARGET_ARCH BOOTSTRAP=nolibc APKBUILD=$(apkbuildname musl) abuild -r
+fi
+
+# Full cross GCC
+EXTRADEPENDS_TARGET="musl musl-dev" \
+CTARGET=$TARGET_ARCH BOOTSTRAP=nobase APKBUILD=$(apkbuildname gcc) abuild -r
+
+# Cross build-base
+CTARGET=$TARGET_ARCH BOOTSTRAP=nobase APKBUILD=$(apkbuildname build-base) abuild -r
+
+msg "Cross building base system"
+
+# Implicit dependencies for early targets
+EXTRADEPENDS_TARGET="libgcc libstdc++ musl-dev"
+
+# On a few architectures like riscv64 we need to account for
+# gcc requiring -ltomic to be set explicitly if a C[++]11 program
+# uses atomics (e.g. #include <atomic>):
+# https://github.com/riscv/riscv-gnu-toolchain/issues/183#issuecomment-253721765
+# The reason gcc itself is needed is because .so is in that package,
+# not in libatomic.
+if [ "$TARGET_ARCH" = "riscv64" ]; then
+	NEEDS_LIBATOMIC="yes"
+fi
+
+# ordered cross-build
+for PKG in fortify-headers linux-headers musl libc-dev pkgconf zlib \
+	   openssl ca-certificates libmd \
+	   gmp mpfr4 mpc1 isl22 cloog libucontext binutils gcc \
+	   libbsd libretls busybox busybox-initscripts make \
+	   apk-tools file \
+	   libcap openrc alpine-conf alpine-baselayout alpine-keys alpine-base patch build-base \
+	   attr acl fakeroot tar \
+	   lzip abuild ncurses libedit openssh \
+	   libcap-ng util-linux libaio lvm2 popt xz \
+	   json-c argon2 cryptsetup zstd kmod lddtree mkinitfs \
+	   community/go libffi community/ghc \
+	   brotli libev c-ares cunit nghttp2 curl \
+	   pcre libssh2 community/http-parser community/libgit2 \
+	   libxml2 pax-utils llvm13 community/rust \
+	   $KERNEL_PKG ; do
+
+	if [ "$NEEDS_LIBATOMIC" = "yes" ]; then
+		EXTRADEPENDS_BUILD="libatomic gcc-$TARGET_ARCH g++-$TARGET_ARCH"
+	fi
+	EXTRADEPENDS_TARGET="$EXTRADEPENDS_TARGET"  EXTRADEPENDS_BUILD="$EXTRADEPENDS_BUILD" \
+	CHOST=$TARGET_ARCH BOOTSTRAP=bootimage APKBUILD=$(apkbuildname $PKG) abuild -r
+
+	case "$PKG" in
+	fortify-headers | libc-dev)
+		# Additional implicit dependencies once built
+		EXTRADEPENDS_TARGET="$EXTRADEPENDS_TARGET $PKG"
+		;;
+	gcc)
+		if [ "$NEEDS_LIBATOMIC" = "yes" ]; then
+			EXTRADEPENDS_TARGET="libatomic gcc $EXTRADEPENDS_TARGET"
+		fi
+		;;
+	build-base)
+		# After build-base, that alone is sufficient dependency in the target
+		EXTRADEPENDS_TARGET="busybox $PKG"
+		;;
+	esac
+done
diff --git a/scripts/mkimg.standard.sh b/scripts/mkimg.standard.sh
new file mode 100755
index 0000000..66064c2
--- /dev/null
+++ b/scripts/mkimg.standard.sh
@@ -0,0 +1,90 @@
+profile_standard() {
+	title="Standard"
+	desc="Alpine as it was intended.
+		Just enough to get you started.
+		Network connection is required."
+	profile_base
+	profile_abbrev="std"
+	image_ext="iso"
+	arch="aarch64 armv7 x86 x86_64 ppc64le riscv64 s390x"
+	output_format="iso"
+	kernel_addons="xtables-addons"
+	case "$ARCH" in
+	s390x)
+		apks="$apks s390-tools"
+		initfs_features="$initfs_features dasd_mod qeth zfcp"
+		initfs_cmdline="modules=loop,squashfs,dasd_mod,qeth,zfcp quiet"
+		;;
+	ppc64le)
+		initfs_cmdline="modules=loop,squashfs,sd-mod,usb-storage,ibmvscsi quiet"
+		;;
+	riscv64)
+		kernel_flavors="edge"
+		kernel_cmdline="console=tty0 console=ttyS0,115200 console=ttySIF0,115200"
+		kernel_addons=
+		;;
+	esac
+}
+
+profile_extended() {
+	profile_standard
+	profile_abbrev="ext"
+	title="Extended"
+	desc="Most common used packages included.
+		Suitable for routers and servers.
+		Runs from RAM.
+		Includes AMD and Intel microcode updates."
+	arch="x86 x86_64"
+	kernel_addons="xtables-addons zfs"
+	boot_addons="amd-ucode intel-ucode"
+	initrd_ucode="/boot/amd-ucode.img /boot/intel-ucode.img"
+	apks="$apks
+		coreutils ethtool hwids doas
+		logrotate lsof lm_sensors lxc lxc-templates nano
+		pciutils strace tmux
+		usbutils v86d vim xtables-addons curl
+
+		acct arpon arpwatch awall bridge-utils bwm-ng
+		ca-certificates conntrack-tools cutter cyrus-sasl dhcp
+		dhcpcd dhcrelay dnsmasq fping fprobe htop
+		igmpproxy ip6tables iproute2 iproute2-qos
+		iptables iputils irssi ldns-tools links
+		ncurses-terminfo net-snmp net-snmp-tools nrpe nsd
+		opennhrp openvpn pingu ppp quagga
+		quagga-nhrp rng-tools sntpc socat ssmtp strongswan
+		sysklogd tcpdump tinyproxy unbound
+		wireguard-tools wireless-tools wpa_supplicant zonenotify
+
+		btrfs-progs cksfv dosfstools cryptsetup
+		e2fsprogs e2fsprogs-extra efibootmgr f2fs-tools
+		grub-bios grub-efi lvm2 mdadm mkinitfs mtools nfs-utils
+		parted rsync sfdisk syslinux util-linux xfsprogs zfs
+		"
+
+	local _k _a
+	for _k in $kernel_flavors; do
+		apks="$apks linux-$_k"
+		for _a in $kernel_addons; do
+			apks="$apks $_a-$_k"
+		done
+	done
+	apks="$apks linux-firmware linux-firmware-none"
+}
+
+profile_virt() {
+	profile_standard
+	profile_abbrev="virt"
+	title="Virtual"
+	desc="Similar to standard.
+		Slimmed down kernel.
+		Optimized for virtual systems."
+	arch="aarch64 armv7 x86 x86_64"
+	kernel_addons=
+	kernel_flavors="virt"
+	local serial_console="ttyS0,115200"
+	case "$ARCH" in
+		arm*|aarch64) serial_console="ttyAMA0";;
+	esac
+	kernel_cmdline="console=tty0 console=$serial_console"
+	syslinux_serial="0 115200"
+}
diff --git a/v3.16/aws-iam-authenticator/APKBUILD b/v3.16/aws-iam-authenticator/APKBUILD
new file mode 100644
index 0000000..bdc5ca5
--- /dev/null
+++ b/v3.16/aws-iam-authenticator/APKBUILD
@@ -0,0 +1,24 @@
+# Contributor: Stefan Reimer <stefan@zero-downtime.net>
+# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
+pkgname=aws-iam-authenticator
+pkgver=0.5.9
+pkgrel=0
+pkgdesc="AWS aws-iam-authenticator"
+url="https://github.com/kubernetes-sigs/aws-iam-authenticator"
+arch="x86_64 aarch64 armv7 x86"
+license="Apache-2.0"
+makedepends="go bash"
+options="!check chmod-clean"
+source="$pkgname-$pkgver.tar.gz::https://github.com/kubernetes-sigs/$pkgname/archive/refs/tags/v$pkgver.tar.gz"
+
+build() {
+  make bin
+}
+
+package() {
+	install -Dm755 "$builddir/_output/bin/aws-iam-authenticator" "$pkgdir"/usr/bin/aws-iam-authenticator
+}
+
+sha512sums="
+1e1750f2734faea5cae612debb8777891247f59c51ad98e4c466bc20925950b1b04dc407458cfb0db9c3d961d1d9d07639523619399c5037211e8e6f64794fca  aws-iam-authenticator-0.5.9.tar.gz
+"
diff --git a/v3.16/aws-neuron-driver/APKBUILD b/v3.16/aws-neuron-driver/APKBUILD
new file mode 100644
index 0000000..a775a13
--- /dev/null
+++ b/v3.16/aws-neuron-driver/APKBUILD
@@ -0,0 +1,46 @@
+# Contributor: Stefan Reimer <stefan@zero-downtime.net>
+# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
+pkgname=aws-neuron-driver
+pkgver=2.3.11.0
+pkgrel=0
+pkgdesc="Linux Kernel module for AWS Neuron INF instances"
+url="https://awsdocs-neuron.readthedocs-hosted.com/en/latest/release-notes/index.html#"
+arch="x86_64"
+license="GPL-2.0"
+makedepends="bash xz linux-headers linux-virt-dev"
+options="!check"
+
+#  apt-get download --print-uris aws-neuron-dkms | cut -d' ' -f1
+source="$pkgname-$pkgver.deb::https://apt.repos.neuron.amazonaws.com/pool/main/a/aws-neuron-dkms/aws-neuron-dkms_"$pkgver"_amd64.deb"
+
+unpack() {
+  ar -x /var/cache/distfiles/$pkgname-$pkgver.deb
+  tar xfJ data.tar.xz
+  mv usr/src/aws-neuron-$pkgver $srcdir/$pkgname-$pkgver
+
+  # What is wrong with AWS ?
+  find $srcdir/$pkgname-$pkgver -type d -exec chmod 755 {} \;
+}
+
+
+build() {
+  # Hack running the build inside a container other uname -r returns host kernel
+  KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-virt))
+
+  make KERNEL_SRC_DIR=/lib/modules/$KERNEL_VERSION/build
+}
+
+package() {
+  KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-virt))
+
+  mkdir -p "$pkgdir"/lib/modules/$KERNEL_VERSION "$pkgdir"/lib/udev/rules.d
+  cp neuron.ko "$pkgdir"/lib/modules/$KERNEL_VERSION
+
+  echo 'KERNEL=="neuron*", MODE="0666"' > "$pkgdir"/lib/udev/rules.d/90-neuron-udev.rules
+
+  depends="linux-virt=$(apk info linux-virt -d  | grep description: | awk '{print $1}' | sed -e 's/linux-virt-//')"
+}
+
+sha512sums='
+b0a67a72eb210e37aff77fa6ec62e2affbdc6792071ae1bf4a9c772f0bc5d8c8df64b527ca015fbefe0480c15c8e310d6ea066c5a7ced24e484d1dad5e86499f  aws-neuron-driver-2.3.11.0.deb
+'
diff --git a/v3.16/cri-o/APKBUILD b/v3.16/cri-o/APKBUILD
new file mode 100644
index 0000000..8bc7281
--- /dev/null
+++ b/v3.16/cri-o/APKBUILD
@@ -0,0 +1,99 @@
+# Contributor: ungleich <foss@ungleich.ch>
+# Contributor: Francesco Colista <fcolista@alpinelinux.org>
+# Contributor: TBK <alpine@jjtc.eu>
+# Maintainer: ungleich <foss@ungleich.ch>
+pkgname=cri-o
+pkgver=1.23.3
+pkgrel=0
+pkgdesc="OCI-based implementation of Kubernetes Container Runtime Interface"
+url="https://github.com/cri-o/cri-o/"
+arch="all"
+license="Apache-2.0"
+ # Most tests will fail if not ran as root
+ # since it tries to create network interfaces
+options="net chmod-clean !check"
+depends="
+	cni-plugins
+	conmon
+	conntrack-tools
+	containers-common
+	iproute2
+	iptables
+	runc
+	"
+makedepends="
+	bash
+	btrfs-progs-dev
+	eudev-dev
+	glib-dev
+	go
+	go-md2man
+	gpgme-dev
+	libseccomp-dev
+	libselinux-dev
+	lvm2-dev
+	ostree-dev
+	tzdata
+	"
+checkdepends="bats cri-tools jq parallel sudo"
+subpackages="
+	$pkgname-doc
+	$pkgname-bash-completion
+	$pkgname-zsh-completion
+	$pkgname-fish-completion
+	$pkgname-contrib-cni:contrib_cni:noarch
+	$pkgname-openrc
+	"
+source="https://github.com/cri-o/cri-o/archive/v$pkgver/cri-o-$pkgver.tar.gz
+	crio.conf
+	crio.initd
+	crio.logrotated
+	cni-plugins-path.patch
+	makefile-fix-install.patch
+	fix-test.patch
+	remove-systemd-files.patch
+	"
+
+# secfixes:
+#   1.23.2-r0:
+#     - CVE-2022-0811
+
+build() {
+	export GOPATH="$srcdir"
+	export GOBIN="$GOPATH/bin"
+	# https://github.com/cri-o/cri-o/blob/master/install.md#build-tags
+	make BUILDTAGS="seccomp selinux containers_image_openpgp containers_image_ostree_stub"
+}
+
+check() {
+	make localintegration
+}
+
+package() {
+	make DESTDIR="$pkgdir" PREFIX=/usr CRICTL_CONFIG_DIR="/etc/crio" OCIUMOUNTINSTALLDIR="/etc/crio" install
+
+	# We want it in etc so apk does not overwrite it
+	mkdir -p  "$pkgdir"/usr/share/oci-umount/oci-umount.d/
+	ln -sf /etc/crio/crio-umount.conf "$pkgdir"/usr/share/oci-umount/oci-umount.d/crio-umount.conf
+
+	install -Dm755 "$srcdir"/crio.initd "$pkgdir"/etc/init.d/crio
+	install -Dm644 "$srcdir"/crio.conf "$pkgdir"/etc/crio/crio.conf
+	install -Dm644 "$srcdir"/crio.logrotated "$pkgdir"/etc/logrotate.d/crio
+}
+
+contrib_cni() {
+	pkgdesc="$pkgname contrib cni config files"
+	mkdir -p "$subpkgdir"/etc/cni/net.d
+	cp "$builddir"/contrib/cni/*.conf "$subpkgdir"/etc/cni/net.d
+}
+
+sha512sums="
+7613c3d6de00c3366f69d5195a1ef7537422ac53de62615a25c292dedd4b2a10722da3055dea5a08d1f3a502b2fc187c9c5b827d5382c96b48c522b4434c2f67  cri-o-1.23.3.tar.gz
+e026f056ed92489413e16ed7955a9dcd7d1f4df1cc28e3ea785771b44d43811fea4f5b953cc46bc0c4aeac8ad07115bfff304d7516ebd24f2e58fe782ff812c8  crio.conf
+29561e95398975748236217bbd9df64997f6e3de6c0555d007306bd0535895a648368385a13079eb7d52c06249a91980523a73b6563e86d0575d9cd9c3fa4ee9  crio.initd
+1115228546a696eeebeb6d4b3e5c3152af0c99a2559097fc5829d8b416d979c457b4b1789e0120054babf57f585d3f63cbe49949d40417ae7aab613184bf4516  crio.logrotated
+0a567dfa431ab1e53f2a351689be8d588a60cc5fcdbda403ec4f8b6ab9b1c18ad425f6c47f9a5ab1491e3a61a269dc4efa6a59e91e7521fa2b6bb165074aa8e0  cni-plugins-path.patch
+f9577aa7b1c90c6809010e9e406e65092251b6e82f6a0adbc3633290aa35f2a21895e1a8b6ba4b6375dcad3e02629b49a34ab16387e1c36eeb32c8f4dac74706  makefile-fix-install.patch
+26ed10b478feb19cb11f5916b24301943f9e316fdd62d53ec310bb05ffcf4213ceece1340d2486461557abb04074e85002b11b6347fddaaa45ad7439e907a5a7  fix-test.patch
+78c150f87027de489289596371dce0465159ced0758776b445deb58990e099de9c654406183c9da3cc909878b24d28db62121b7056cd180a6f2820e79e165cc6  remove-systemd-files.patch
+"
diff --git a/v3.16/cri-o/cni-plugins-path.patch b/v3.16/cri-o/cni-plugins-path.patch
new file mode 100644
index 0000000..5a76edb
--- /dev/null
+++ b/v3.16/cri-o/cni-plugins-path.patch
@@ -0,0 +1,23 @@
+Alpine's cni-plugins are installs at /usr/libexec/cni/
+
+--- a/docs/crio.conf.5.md
++++ b/docs/crio.conf.5.md
+@@ -301,7 +301,7 @@
+ **network_dir**="/etc/cni/net.d/"
+   Path to the directory where CNI configuration files are located.
+ 
+-**plugin_dirs**=["/opt/cni/bin/",]
++**plugin_dirs**=["/usr/libexec/cni/",]
+   List of paths to directories where CNI plugin binaries are located.
+ 
+ ## CRIO.METRICS TABLE
+--- a/pkg/config/config_unix.go
++++ b/pkg/config/config_unix.go
+@@ -5,7 +5,7 @@
+ // Defaults for linux/unix if none are specified
+ const (
+ 	cniConfigDir             = "/etc/cni/net.d/"
+-	cniBinDir                = "/opt/cni/bin/"
++	cniBinDir                = "/usr/libexec/cni/"
+ 	containerExitsDir        = "/var/run/crio/exits"
+ 	ContainerAttachSocketDir = "/var/run/crio"
diff --git a/v3.16/cri-o/crio.conf b/v3.16/cri-o/crio.conf
new file mode 100644
index 0000000..70dc756
--- /dev/null
+++ b/v3.16/cri-o/crio.conf
@@ -0,0 +1,5 @@
+[crio.runtime]
+
+# Overide defaults to not use systemd cgroups.
+conmon_cgroup = "pod"
+cgroup_manager = "cgroupfs"
diff --git a/v3.16/cri-o/crio.initd b/v3.16/cri-o/crio.initd
new file mode 100755
index 0000000..9e6383a
--- /dev/null
+++ b/v3.16/cri-o/crio.initd
@@ -0,0 +1,35 @@
+#!/sbin/openrc-run
+# Copyright 2015-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+description="OCI Kubernetes Container Runtime daemon"
+pidfile=${pidfile:-"/run/${RC_SVCNAME}.pid"}
+extra_started_commands="reload"
+command="/usr/bin/${RC_SVCNAME}"
+command_args="${command_args}"
+command_background="true"
+start_stop_daemon_args=" \
+	--stdout /var/log/${RC_SVCNAME}/${RC_SVCNAME}.log \
+	--stderr /var/log/${RC_SVCNAME}/${RC_SVCNAME}.log"
+
+depend() {
+	need net
+}
+
+checkconfig() {
+	checkpath --directory --owner root:root --mode 0775 \
+		/var/log/${RC_SVCNAME}
+	checkpath --file --owner root:root --mode 0644 \
+		/var/log/${RC_SVCNAME}/${RC_SVCNAME}.log
+}
+
+start() {
+	checkconfig
+	default_start
+}
+
+reload() {
+	ebegin "Reloading ${RC_SVCNAME}"
+	start-stop-daemon --signal HUP --pidfile "${pidfile}"
+	eend $?
+}
diff --git a/v3.16/cri-o/crio.logrotated b/v3.16/cri-o/crio.logrotated
new file mode 100644
index 0000000..fb0b8b1
--- /dev/null
+++ b/v3.16/cri-o/crio.logrotated
@@ -0,0 +1,7 @@
+/var/log/crio/crio.log {
+	missingok
+	size 5M
+	rotate 3
+	compress
+	copytruncate
+}
diff --git a/v3.16/cri-o/fix-test.patch b/v3.16/cri-o/fix-test.patch
new file mode 100644
index 0000000..a5b47b0
--- /dev/null
+++ b/v3.16/cri-o/fix-test.patch
@@ -0,0 +1,44 @@
+--- a/test/helpers.bash
++++ b/test/helpers.bash
+@@ -68,7 +68,7 @@
+ # The default log directory where all logs will go unless directly specified by the kubelet
+ DEFAULT_LOG_PATH=${DEFAULT_LOG_PATH:-/var/log/crio/pods}
+ # Cgroup manager to be used
+-CONTAINER_CGROUP_MANAGER=${CONTAINER_CGROUP_MANAGER:-systemd}
++CONTAINER_CGROUP_MANAGER=${CONTAINER_CGROUP_MANAGER:-cgroupfs}
+ # Image volumes handling
+ CONTAINER_IMAGE_VOLUMES=${CONTAINER_IMAGE_VOLUMES:-mkdir}
+ # Container pids limit
+@@ -166,7 +166,7 @@
+     # Copy all the CNI dependencies around to ensure encapsulated tests
+     CRIO_CNI_PLUGIN="$TESTDIR/cni-bin"
+     mkdir "$CRIO_CNI_PLUGIN"
+-    cp /opt/cni/bin/* "$CRIO_CNI_PLUGIN"
++    cp /usr/libexec/cni/* "$CRIO_CNI_PLUGIN"
+     cp "$INTEGRATION_ROOT"/cni_plugin_helper.bash "$CRIO_CNI_PLUGIN"
+     sed -i "s;%TEST_DIR%;$TESTDIR;" "$CRIO_CNI_PLUGIN"/cni_plugin_helper.bash
+ 
+--- a/test/cni_plugin_helper.bash
++++ b/test/cni_plugin_helper.bash
+@@ -43,7 +43,7 @@
+ . "$TEST_DIR"/cni_plugin_helper_input.env
+ rm -f "$TEST_DIR"/cni_plugin_helper_input.env
+ 
+-result=$(/opt/cni/bin/bridge "$@") || exit $?
++result=$(/usr/libexec/cni/bridge "$@") || exit $?
+ 
+ if [[ "${DEBUG_ARGS}" == "malformed-result" ]]; then
+     cat <<-EOF
+--- a/test/cgroups.bats
++++ b/test/cgroups.bats
+@@ -26,6 +26,10 @@
+ }
+ 
+ @test "conmon custom cgroup" {
++	if [[ "$CONTAINER_CGROUP_MANAGER" != "systemd" ]]; then
++		skip "need systemd cgroup manager"
++	fi
++
+ 	CONTAINER_CGROUP_MANAGER="systemd" CONTAINER_DROP_INFRA_CTR=false CONTAINER_MANAGE_NS_LIFECYCLE=false CONTAINER_CONMON_CGROUP="customcrioconmon.slice" start_crio
+ 
+ 	jq '	  .linux.cgroup_parent = "Burstablecriotest123.slice"' \
diff --git a/v3.16/cri-o/makefile-fix-install.patch b/v3.16/cri-o/makefile-fix-install.patch
new file mode 100644
index 0000000..8b44339
--- /dev/null
+++ b/v3.16/cri-o/makefile-fix-install.patch
@@ -0,0 +1,138 @@
+--- a/Makefile
++++ b/Makefile
+@@ -9,11 +9,11 @@
+ 
+ PROJECT := github.com/cri-o/cri-o
+ CRIO_INSTANCE := crio_dev
+-PREFIX ?= ${DESTDIR}/usr/local
++PREFIX ?= /usr/local
+ BINDIR ?= ${PREFIX}/bin
+ LIBEXECDIR ?= ${PREFIX}/libexec
+ MANDIR ?= ${PREFIX}/share/man
+-ETCDIR ?= ${DESTDIR}/etc
++ETCDIR ?= /etc
+ ETCDIR_CRIO ?= ${ETCDIR}/crio
+ DATAROOTDIR ?= ${PREFIX}/share/containers
+ BUILDTAGS ?= containers_image_ostree_stub \
+@@ -26,7 +26,7 @@
+ 			 $(shell hack/seccomp_tag.sh) \
+ 			 $(shell hack/selinux_tag.sh) \
+ 			 $(shell hack/libsubid_tag.sh)
+-CRICTL_CONFIG_DIR=${DESTDIR}/etc
++CRICTL_CONFIG_DIR = /etc
+ CONTAINER_RUNTIME ?= podman
+ BUILD_PATH := $(shell pwd)/build
+ BUILD_BIN_PATH := ${BUILD_PATH}/bin
+@@ -420,68 +420,70 @@
+ install: .gopathok install.bin install.man install.completions install.systemd install.config
+ 
+ install.bin-nobuild:
+-	install ${SELINUXOPT} -D -m 755 bin/crio $(BINDIR)/crio
+-	install ${SELINUXOPT} -D -m 755 bin/crio-status $(BINDIR)/crio-status
+-	install ${SELINUXOPT} -D -m 755 bin/pinns $(BINDIR)/pinns
++	install ${SELINUXOPT} -D -m 755 bin/crio ${DESTDIR}$(BINDIR)/crio
++	install ${SELINUXOPT} -D -m 755 bin/crio-status ${DESTDIR}$(BINDIR)/crio-status
++	install ${SELINUXOPT} -D -m 755 bin/pinns ${DESTDIR}$(BINDIR)/pinns
+ 
+ install.bin: binaries install.bin-nobuild
+ 
+ install.man-nobuild:
+-	install ${SELINUXOPT} -d -m 755 $(MANDIR)/man5
+-	install ${SELINUXOPT} -d -m 755 $(MANDIR)/man8
+-	install ${SELINUXOPT} -m 644 $(filter %.5,$(MANPAGES)) -t $(MANDIR)/man5
+-	install ${SELINUXOPT} -m 644 $(filter %.8,$(MANPAGES)) -t $(MANDIR)/man8
++	install ${SELINUXOPT} -d -m 755 ${DESTDIR}$(MANDIR)/man5
++	install ${SELINUXOPT} -d -m 755 ${DESTDIR}$(MANDIR)/man8
++	install ${SELINUXOPT} -m 644 $(filter %.5,$(MANPAGES)) -t ${DESTDIR}$(MANDIR)/man5
++	install ${SELINUXOPT} -m 644 $(filter %.8,$(MANPAGES)) -t ${DESTDIR}$(MANDIR)/man8
+ 
+ install.man: $(MANPAGES) install.man-nobuild
+ 
+ install.config-nobuild:
+-	install ${SELINUXOPT} -d $(DATAROOTDIR)/oci/hooks.d
+-	install ${SELINUXOPT} -d $(ETCDIR_CRIO)/crio.conf.d
+-	install ${SELINUXOPT} -D -m 644 crio.conf $(ETCDIR_CRIO)/crio.conf
+-	install ${SELINUXOPT} -D -m 644 crio-umount.conf $(OCIUMOUNTINSTALLDIR)/crio-umount.conf
+-	install ${SELINUXOPT} -D -m 644 crictl.yaml $(CRICTL_CONFIG_DIR)
++	install ${SELINUXOPT} -d ${DESTDIR}$(ETCDIR_CRIO)/crio.conf.d
++	install ${SELINUXOPT} -d ${DESTDIR}$(ETCDIR)/containers/oci/hooks.d
++	install ${SELINUXOPT} -d ${DESTDIR}$(DATAROOTDIR)/oci/hooks.d
++	install ${SELINUXOPT} -D -m 644 crio.conf ${DESTDIR}$(ETCDIR_CRIO)/crio.conf
++	install ${SELINUXOPT} -D -m 644 crio-umount.conf ${DESTDIR}$(OCIUMOUNTINSTALLDIR)/crio-umount.conf
++	install ${SELINUXOPT} -D -m 644 crictl.yaml ${DESTDIR}$(CRICTL_CONFIG_DIR)
+ 
+ install.config: crio.conf install.config-nobuild
+ 
+ install.completions:
+-	install ${SELINUXOPT} -d -m 755 ${BASHINSTALLDIR}
+-	install ${SELINUXOPT} -d -m 755 ${FISHINSTALLDIR}
+-	install ${SELINUXOPT} -d -m 755 ${ZSHINSTALLDIR}
+-	install ${SELINUXOPT} -D -m 644 -t ${BASHINSTALLDIR} completions/bash/crio
+-	install ${SELINUXOPT} -D -m 644 -t ${FISHINSTALLDIR} completions/fish/crio.fish
+-	install ${SELINUXOPT} -D -m 644 -t ${ZSHINSTALLDIR}  completions/zsh/_crio
+-	install ${SELINUXOPT} -D -m 644 -t ${BASHINSTALLDIR} completions/bash/crio-status
+-	install ${SELINUXOPT} -D -m 644 -t ${FISHINSTALLDIR} completions/fish/crio-status.fish
+-	install ${SELINUXOPT} -D -m 644 -t ${ZSHINSTALLDIR}  completions/zsh/_crio-status
++	install ${SELINUXOPT} -d -m 755 ${DESTDIR}${BASHINSTALLDIR}
++	install ${SELINUXOPT} -d -m 755 ${DESTDIR}${FISHINSTALLDIR}
++	install ${SELINUXOPT} -d -m 755 ${DESTDIR}${ZSHINSTALLDIR}
++	install ${SELINUXOPT} -D -m 644 -t ${DESTDIR}${BASHINSTALLDIR} completions/bash/crio
++	install ${SELINUXOPT} -D -m 644 -t ${DESTDIR}${FISHINSTALLDIR} completions/fish/crio.fish
++	install ${SELINUXOPT} -D -m 644 -t ${DESTDIR}${ZSHINSTALLDIR}  completions/zsh/_crio
++	install ${SELINUXOPT} -D -m 644 -t ${DESTDIR}${BASHINSTALLDIR} completions/bash/crio-status
++	install ${SELINUXOPT} -D -m 644 -t ${DESTDIR}${FISHINSTALLDIR} completions/fish/crio-status.fish
++	install ${SELINUXOPT} -D -m 644 -t ${DESTDIR}${ZSHINSTALLDIR}  completions/zsh/_crio-status
+ 
+ install.systemd:
+-	install ${SELINUXOPT} -D -m 644 contrib/systemd/crio.service $(PREFIX)/lib/systemd/system/crio.service
+-	install ${SELINUXOPT} -D -m 644 contrib/systemd/crio-wipe.service $(PREFIX)/lib/systemd/system/crio-wipe.service
++	install ${SELINUXOPT} -D -m 644 contrib/systemd/crio.service ${DESTDIR}$(PREFIX)/lib/systemd/system/crio.service
++	install ${SELINUXOPT} -D -m 644 contrib/systemd/crio-wipe.service ${DESTDIR}$(PREFIX)/lib/systemd/system/crio-wipe.service
+ 
+ uninstall:
+-	rm -f $(BINDIR)/crio
+-	rm -f $(BINDIR)/crio-status
+-	rm -f $(BINDIR)/pinns
++	rm -f $(DESTDIR)$(BINDIR)/crio
++	rm -f $(DESTDIR)$(BINDIR)/crio-status
++	rm -f $(DESTDIR)$(BINDIR)/pinns
+ 	for i in $(filter %.5,$(MANPAGES)); do \
+-		rm -f $(MANDIR)/man5/$$(basename $${i}); \
++		rm -f $(DESTDIR)$(MANDIR)/man5/$$(basename $${i}); \
+ 	done
+ 	for i in $(filter %.8,$(MANPAGES)); do \
+-		rm -f $(MANDIR)/man8/$$(basename $${i}); \
++		rm -f $(DESTDIR)$(MANDIR)/man8/$$(basename $${i}); \
+ 	done
+-	rm -f ${BASHINSTALLDIR}/crio
+-	rm -f ${FISHINSTALLDIR}/crio.fish
+-	rm -f ${ZSHINSTALLDIR}/_crio
+-	rm -f ${BASHINSTALLDIR}/crio-status
+-	rm -f ${FISHINSTALLDIR}/crio-status.fish
+-	rm -f ${ZSHINSTALLDIR}/_crio-status
+-	rm -f $(PREFIX)/lib/systemd/system/crio-wipe.service
+-	rm -f $(PREFIX)/lib/systemd/system/crio.service
+-	rm -f $(PREFIX)/lib/systemd/system/cri-o.service
+-	rm -rf $(DATAROOTDIR)/oci/hooks.d
+-	rm -f $(ETCDIR_CRIO)/crio.conf
+-	rm -rf $(ETCDIR_CRIO)/crio.conf.d
+-	rm -f $(OCIUMOUNTINSTALLDIR)/crio-umount.conf
+-	rm -f $(CRICTL_CONFIG_DIR)/crictl.yaml
++	rm -f $(DESTDIR)${BASHINSTALLDIR}/crio
++	rm -f $(DESTDIR)${FISHINSTALLDIR}/crio.fish
++	rm -f $(DESTDIR)${ZSHINSTALLDIR}/_crio
++	rm -f $(DESTDIR)${BASHINSTALLDIR}/crio-status
++	rm -f $(DESTDIR)${FISHINSTALLDIR}/crio-status.fish
++	rm -f $(DESTDIR)${ZSHINSTALLDIR}/_crio-status
++	rm -f $(DESTDIR)$(PREFIX)/lib/systemd/system/crio-wipe.service
++	rm -f $(DESTDIR)$(PREFIX)/lib/systemd/system/crio.service
++	rm -f $(DESTDIR)$(PREFIX)/lib/systemd/system/cri-o.service
++	rm -f $(DESTDIR)$(ETCDIR_CRIO)/crio.conf
++	rm -rf $(DESTDIR)$(ETCDIR_CRIO)/crio.conf.d
++	rm -rf $(DESTDIR)$(ETCDIR)/containers/oci/hooks.d
++	rm -rf $(DESTDIR)$(DATAROOTDIR)/oci/hooks.d
++	rm -f $(DESTDIR)$(OCIUMOUNTINSTALLDIR)/crio-umount.conf
++	rm -f $(DESTDIR)$(CRICTL_CONFIG_DIR)/crictl.yaml
+ 
+ docs-validation:
+ 	$(GO_RUN) -tags "$(BUILDTAGS)" ./test/docs-validation
diff --git a/v3.16/cri-o/remove-systemd-files.patch b/v3.16/cri-o/remove-systemd-files.patch
new file mode 100644
index 0000000..9f8e545
--- /dev/null
+++ b/v3.16/cri-o/remove-systemd-files.patch
@@ -0,0 +1,13 @@
+diff --git a/Makefile b/Makefile
+index 19f8052..135385c 100644
+--- a/Makefile
++++ b/Makefile
+@@ -403,7 +403,7 @@ get-script:
+ 	sed -i '/# INCLUDE/q' scripts/get
+ 	cat contrib/bundle/install-paths contrib/bundle/install >> scripts/get
+ 
+-install: .gopathok install.bin install.man install.completions install.systemd install.config
++install: .gopathok install.bin install.man install.completions install.config
+ 
+ install.bin-nobuild:
+ 	install ${SELINUXOPT} -D -m 755 bin/crio $(BINDIR)/crio
diff --git a/v3.16/cri-tools/APKBUILD b/v3.16/cri-tools/APKBUILD
new file mode 100644
index 0000000..8d0d95a
--- /dev/null
+++ b/v3.16/cri-tools/APKBUILD
@@ -0,0 +1,25 @@
+# Contributor: Francesco Colista <fcolista@alpinelinux.org>
+# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
+pkgname=cri-tools
+pkgver=1.24.2
+pkgrel=0
+pkgdesc="CLI tool for Kubelet Container Runtime Interface (CRI)"
+url="https://github.com/kubernetes-sigs/cri-tools"
+arch="x86_64 aarch64 ppc64le s390x armv7 x86"
+license="Apache-2.0"
+makedepends="go"
+options="!check" # no check available
+source="$pkgname-$pkgver.tar.gz::https://github.com/kubernetes-sigs/cri-tools/archive/v$pkgver.tar.gz"
+
+build() {
+	make all
+}
+
+package() {
+	install -Dm755 build/bin/crictl "$pkgdir/usr/bin/crictl"
+	install -Dm755 build/bin/critest "$pkgdir/usr/bin/critest"
+}
+
+sha512sums='
+9b5907b37bb5f00295eff4fa4207ae55d930feae7e0f48fa130c7ecc936bcd259a11d59ed240684a3e12c8bcee40f2c67d7f4af52c2a76df3d7bf82e5e388a75  cri-tools-1.24.2.tar.gz
+'
diff --git a/v3.16/ecr-credential-provider/APKBUILD b/v3.16/ecr-credential-provider/APKBUILD
new file mode 100644
index 0000000..14d7e66
--- /dev/null
+++ b/v3.16/ecr-credential-provider/APKBUILD
@@ -0,0 +1,28 @@
+# Contributor: Stefan Reimer <stefan@zero-downtime.net>
+# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
+pkgname=ecr-credential-provider
+pkgver=1.23.2
+pkgrel=0
+pkgdesc="AWS Kubernetes ecr-credential-provider"
+url="https://github.com/kubernetes/cloud-provider-aws"
+arch="x86_64 aarch64 armv7 x86"
+license="Apache-2.0"
+makedepends="go bash"
+options="!check chmod-clean"
+source="$pkgname-$pkgver.tar.gz::https://github.com/kubernetes/cloud-provider-aws/archive/refs/tags/v$pkgver.tar.gz"
+
+builddir="$srcdir/cloud-provider-aws-$pkgver"
+
+build() {
+  unset LDFLAGS # the default abuild LDFLAGS break the go linker
+  make GOFLAGS="-buildmode=pie -v" GOLDFLAGS="-extldflags=-static -w -s" ecr-credential-provider
+}
+
+package() {
+  mkdir -p "$pkgdir"/usr/libexec/kubernetes/kubelet-plugins
+	install -Dm755 "$builddir/ecr-credential-provider" "$pkgdir"/usr/libexec/kubernetes/kubelet-plugins
+}
+
+sha512sums='
+fe35267640981bb297086817ac9fb4a6279149ee538db09ef2b7785ecc7f8428ec34dd5ebac41989a2533b1f96225c7dd39cb76002f7e6e3b3a870a01d42a3c3  ecr-credential-provider-1.23.2.tar.gz
+'
diff --git a/v3.16/etcdhelper/APKBUILD b/v3.16/etcdhelper/APKBUILD
new file mode 100644
index 0000000..f0bdf46
--- /dev/null
+++ b/v3.16/etcdhelper/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Stefan Reimer <stefan@zero-downtime.net>
+# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
+pkgname=etcdhelper
+pkgver=0.1.0
+pkgrel=0
+pkgdesc="etcdhelper tool to edit and inspect etcd data"
+url="https://git.zero-downtime.net/ZeroDownTime/etcdhelper"
+arch="x86_64 aarch64"
+license="AGPL-3.0"
+makedepends="go bash"
+options="!check chmod-clean"
+source="$pkgname-$pkgver.tar.gz::https://git.zero-downtime.net/ZeroDownTime/etcdhelper/archive/"$pkgver".tar.gz"
+
+builddir="$srcdir/etcdhelper"
+
+build() {
+  make
+}
+
+package() {
+	install -Dm755 build/etcdhelper "$pkgdir"/usr/bin/etcdhelper
+}
+
+sha512sums="
+97abd4e5a0078112a048037512b041bcefb9e660131403e9c87bf5fc8b632eb17ab66d20a477a2ef4808f54ae29941d74bd61390143e5781058d7bbd4333dd78  etcdhelper-0.1.0.tar.gz
+"
diff --git a/v3.16/fluent-bit/APKBUILD b/v3.16/fluent-bit/APKBUILD
new file mode 100644
index 0000000..5fa9ce0
--- /dev/null
+++ b/v3.16/fluent-bit/APKBUILD
@@ -0,0 +1,88 @@
+# Contributor: Stefan Reimer <stefan@zero-downtime.net>
+# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
+pkgname=fluent-bit
+pkgver=1.9.5
+pkgrel=0
+pkgdesc="Fast and Lightweight Log processor and forwarder"
+url="https://fluentbit.io/"
+# riscv64: does not support bundled luajit
+arch="all !ppc64le !s390x !riscv64"
+license="Apache-2.0"
+makedepends="
+    bison
+    cmake
+    flex
+    fts-dev
+    gtest-dev
+    zlib-dev
+    yaml-cpp-dev
+    "
+subpackages="
+    $pkgname-dev
+    $pkgname-openrc
+    "
+source="$pkgname-$pkgver.tar.gz::https://github.com/fluent/fluent-bit/archive/v$pkgver.tar.gz
+    fluent-bit.confd
+    fluent-bit.initd
+    chunkio-static-lib-fts.patch
+    "
+# enable check when this solved - https://github.com/fluent/fluent-bit/issues/2464#issuecomment-673280055
+# Disable all things AWS to make tests pass
+options="!check"
+
+build() {
+    if [ "$CBUILD" != "$CHOST" ]; then
+        CMAKE_CROSSOPTS="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_HOST_SYSTEM_NAME=Linux"
+    fi
+    # default CORE_STACK_SIZE=((3 * PTHREAD_STACK_MIN) / 2)=3072 is invalid
+    # set default to 24576
+  # Disable stream processor due to issue see: https://github.com/fluent/fluent-bit/issues/2464
+    cmake -B build \
+      -DCMAKE_INSTALL_PREFIX=/usr \
+      -DCMAKE_BUILD_TYPE=None \
+      -DCMAKE_FIND_LIBRARY_SUFFIXES=".a" \
+      -DBUILD_SHARED_LIBS=OFF \
+      -DCMAKE_EXE_LINKER_FLAGS="-static" \
+      -DFLB_CORO_STACK_SIZE=24576 \
+      -DFLB_RELEASE=Yes \
+      -DFLB_DEBUG=No \
+      -DFLB_SHARED_LIB=No \
+      -DFLB_JEMALLOC=Yes \
+      -DFLB_IN_SYSTEMD=No \
+      -DFLB_PROXY_GO=No \
+      -DFLB_HTTP_SERVER=Yes \
+      -DFLB_STREAM_PROCESSOR=No \
+        $CMAKE_CROSSOPTS .
+    make -C build
+        #-DFLB_TESTS_INTERNAL=Yes \
+        #-DFLB_AWS=No \
+        #-DFLB_SIGNV4=No \
+        #-DFLB_OUT_S3=No \
+        #-DFLB_OUT_CLOUDWATCH_LOGS=No \
+        #-DFLB_OUT_KINESIS_FIREHOSE=No \
+        #-DFLB_OUT_KINESIS_STREAMS=No \
+        #-DFLB_OUT_BIGQUERY=No \
+        #-DFLB_FILTER_AWS=No \
+}
+
+check() {
+    CTEST_OUTPUT_ON_FAILURE=1 make -C build test
+}
+
+package() {
+    make -C build DESTDIR="$pkgdir" install
+
+    install -Dm755 "$srcdir"/$pkgname.initd \
+        "$pkgdir"/etc/init.d/$pkgname
+    install -Dm644 "$srcdir"/$pkgname.confd \
+        "$pkgdir"/etc/conf.d/$pkgname
+
+    mv "$pkgdir"/usr/etc/* "$pkgdir"/etc
+}
+
+sha512sums='
+2e821a703a38275548efced15b15d3a356afe05e9cd382de12c32549de6fcdb0b8d40e0b6c8d43575d75b0c878822e0e1302634f8e78b39385b5ac8c4cabe2de  fluent-bit-1.9.5.tar.gz
+f6431397c80a036980b5377b51e38aec25dfceeb8dbe4cd54dce1f6e77d669d9f8daf983fcc96d25332385888f1809ced5e8ab0e8ccfcd93d19494036e3dc949  fluent-bit.confd
+8ba6c8e84dee90176f9b4375fb2c6444fa5d32fa601d9bcf3ea7960fec87f1ef664f175caf08bd0b052843e971efdbf08e2a5cd180ad9a8f23ff2c5cb233814f  fluent-bit.initd
+6bd7d8b4da93a17f29b6ea1e0286ea226d0e376024284741110936779b3229bd8d6cd03ffbdc5d3b4842294e7f32a888de0dd16b0851b65d91b062ca58530ea0  chunkio-static-lib-fts.patch
+'
diff --git a/v3.16/fluent-bit/chunkio-static-lib-fts.patch b/v3.16/fluent-bit/chunkio-static-lib-fts.patch
new file mode 100644
index 0000000..c3700a4
--- /dev/null
+++ b/v3.16/fluent-bit/chunkio-static-lib-fts.patch
@@ -0,0 +1,10 @@
+--- a/lib/chunkio/src/CMakeLists.txt
++++ b/lib/chunkio/src/CMakeLists.txt
+@@ -12,6 +12,7 @@
+   )
+ 
+ set(libs cio-crc32)
++set(libs ${libs} fts)
+ 
+ if(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
+   set(src
diff --git a/v3.16/fluent-bit/fluent-bit.confd b/v3.16/fluent-bit/fluent-bit.confd
new file mode 100644
index 0000000..01ce179
--- /dev/null
+++ b/v3.16/fluent-bit/fluent-bit.confd
@@ -0,0 +1 @@
+fluentbit_opts="-c /etc/fluent-bit/fluent-bit.conf"
diff --git a/v3.16/fluent-bit/fluent-bit.initd b/v3.16/fluent-bit/fluent-bit.initd
new file mode 100644
index 0000000..e1059d8
--- /dev/null
+++ b/v3.16/fluent-bit/fluent-bit.initd
@@ -0,0 +1,11 @@
+#!/sbin/openrc-run
+supervisor=supervise-daemon
+
+name=fluent-bit
+command="/usr/bin/fluent-bit"
+command_args="$fluentbit_opts"
+
+depend() {
+	need net
+	after firewall
+}
diff --git a/v3.16/openvpn_exporter/APKBUILD b/v3.16/openvpn_exporter/APKBUILD
new file mode 100644
index 0000000..5e2e20b
--- /dev/null
+++ b/v3.16/openvpn_exporter/APKBUILD
@@ -0,0 +1,24 @@
+# Contributor: Stefan Reimer <stefan@zero-downtime.net>
+# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
+pkgname=openvpn_exporter
+pkgver=0.3.1
+pkgrel=0
+pkgdesc="OpenVPN Prometheus Exporter"
+url="https://github.com/StuartApp/openvpn_exporter.git"
+arch="x86_64 aarch64"
+license="AGPL-3.0"
+makedepends="go bash"
+options="!check chmod-clean"
+source="$pkgname-$pkgver.tar.gz::https://github.com/StuartApp/openvpn_exporter/archive/refs/tags/v"$pkgver".tar.gz"
+
+build() {
+  go build -ldflags "-s -w" -o build/openvpn_exporter
+}
+
+package() {
+	install -Dm755 build/openvpn_exporter "$pkgdir"/usr/bin/openvpn_exporter
+}
+
+sha512sums="
+4133003120b3a76a46cc146c26e7418bf7e2db3c16ce3f621b28a3fa06516373388fd469d48f499526baa3f6b36cb8887a835f2833e6f315cdf18502949d2bb1  openvpn_exporter-0.3.1.tar.gz
+"