Avoid checking out v4l2loopback before having verified the release tag

[DemiMarie]

Most of the vulnerabilities in git require having checked out the repository, which git clone does implicitly. Fortunately, Qubes Builder uses a script that doesn’t have this issue. I can make a PR for a standalone version.

[ElliotKillick]

Yes, this would be highly appreciated Demi!

[ElliotKillick]

Wouldn't it be best to just integrate the v4l2loopback driver in the Qubes Linux kernel? Of course, this would taint the kernel but I'm pretty sure it's already tainted through the side-loading of another non-mainline kernel module anyway.

What you're suggesting though could still be useful for direct integration into the Qubes Builder when it has to fetch the v4l2loopback driver for building the VM kernel.

Also, note that the v4l2loopack kernel module would of course not be enabled at boot to reduce attack surface.