Update mirage-firewall.md

This commit is contained in:
[799] 2019-04-19 00:15:31 +02:00 committed by GitHub
parent 096853f92f
commit 45d7f04098
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -22,31 +22,33 @@ https://groups.google.com/forum/#!topic/qubes-users/xfnVdd1Plvk
Build process on Qubes 4 Build process on Qubes 4
======================== ========================
``` ```
MirageFW-BuildVM=my-mirage-buildvm MirageFWBuildVM=my-mirage-buildvm
TemplateVM=fedora-29 TemplateVM=fedora-29
MirageFWAppVM=sys-mirage-fw MirageFWAppVM=sys-mirage-fw2
# create a new VM
qvm-create $MirageFWBuildVM --class=AppVM --label=red --template=$TemplateVM
# create a new VM to build mirage via docker
qvm-create $MirageFW-BuildVM --class=AppVM --label=red --template=$TemplateVM
# Resize private disk to 10 GB # Resize private disk to 10 GB
qvm-volume resize $MirageFW-BuildVM:private 10GB qvm-volume resize $MirageFWBuildVM:private 10GB
# Create a symbolic link to safe docker into the home directory # Create a symbolic link to safe docker into the home directory
qvm-run --auto --pass-io --no-gui $MirageFW-BuildVM \ qvm-run --auto --pass-io --no-gui $MirageFWBuildVM \
'sudo mkdir /home/user/var_lib_docker && \ 'sudo mkdir /home/user/var_lib_docker && \
sudo ln -s /var/lib/docker /home/user/var_lib_docker' sudo ln -s /var/lib/docker /home/user/var_lib_docker'
# Install docker and git # Install docker and git ~2min
qvm-run --pass-io --no-gui $MirageFW-BuildVM \ qvm-run --pass-io --no-gui $MirageFWBuildVM \
'sudo dnf -y install docker git' 'sudo qvm-sync-clock && \
sudo dnf -y install docker git'
# Launch docker # Launch docker
qvm-run --pass-io --no-gui $MirageFW-BuildVM \ qvm-run --pass-io --no-gui $MirageFWBuildVM \
'sudo systemctl start docker' 'sudo systemctl start docker'
# Download and build mirage for qubes # Download and build mirage for qubes ~11min
qvm-run --pass-io --no-gui $MirageFW-BuildVM \ qvm-run --pass-io --no-gui $MirageFWBuildVM \
'git clone https://github.com/mirage/qubes-mirage-firewall.git && \ 'git clone https://github.com/mirage/qubes-mirage-firewall.git && \
cd qubes-mirage-firewall && \ cd qubes-mirage-firewall && \
git pull origin pull/52/head && \ git pull origin pull/52/head && \
@ -54,9 +56,9 @@ qvm-run --pass-io --no-gui $MirageFW-BuildVM \
# Copy the new kernel to dom0 # Copy the new kernel to dom0
cd /var/lib/qubes/vm-kernels cd /var/lib/qubes/vm-kernels
qvm-run --pass-io $MirageFW-BuildVM 'cat qubes-mirage-firewall/mirage-firewall.tar.bz2' | tar xjf - qvm-run --pass-io $MirageFWBuildVM 'cat qubes-mirage-firewall/mirage-firewall.tar.bz2' | tar xjf -
# create the new mirage firewall # create a new mirage fw appvm
qvm-create \ qvm-create \
--property kernel=mirage-firewall \ --property kernel=mirage-firewall \
--property kernelopts=None \ --property kernelopts=None \
@ -69,39 +71,8 @@ qvm-create \
--label=green \ --label=green \
--class StandaloneVM \ --class StandaloneVM \
$MirageFWAppVM $MirageFWAppVM
```
For rebuilds / Updates # Change default NetVM to Mirage FW
======================
```
# delete old build
qvm-run --pass-io --no-gui $MirageTemplateVM \
'rm -Rf /home/user/'
# Download and build mirage for qubes
qvm-run --pass-io --no-gui $MirageTemplateVM \
'git fetch https://github.com/mirage/qubes-mirage-firewall.git && \
cd qubes-mirage-firewall && \
# git pull origin pull/52/head && \
sudo ./build-with-docker.sh'
# Copy the new kernel to dom0
cd /var/lib/qubes/vm-kernels
qvm-run --pass-io $MirageFW-BuildVM 'cat qubes-mirage-firewall/mirage-firewall.tar.bz2' | tar xjf -
# Shutdown Mirage-FW
qvm-shutdown --wait $MirageFWAppVM
# Start Mirage-FW
qvm-start $MirageFWAppVM qvm-start $MirageFWAppVM
``` qubes-prefs --set default_netvm $MirageFWAppVM
Deleting the Build-AppVM
========================
```
# The build VM could be deleted if you don't want to keep it
# but if you want to upgrade Mirage Firewall for Qubes OS,
# you need to rebuild this VM.
qvm-shutdown --wait $MirageFW-BuildVM
qvm-remove --force $MirageFW-BuildVM
``` ```