qusal/rpm_spec/qusal-sys-ssh-agent.spec

170 lines
5.2 KiB
RPMSpec
Raw Normal View History

# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
%define project sys-ssh-agent
%define license_csv AGPL-3.0-or-later
## Reproducibility.
%define source_date_epoch_from_changelog 1
%define use_source_date_epoch_as_buildtime 1
%define clamp_mtime_to_source_date_epoch 1
## Changelog is trimmed according to current date, not last date from changelog.
%define _changelog_trimtime 0
%define _changelog_trimage 0
%global _buildhost %{name}
## Python bytecode interferes when updates occur and restart is not done.
%undefine __brp_python_bytecompile
Name: qusal-sys-ssh-agent
Version: 0.0.1
Release: 1%{?dist}
Summary: SSH Agent through Qrexec in Qubes OS
Group: qusal
Packager: %{?_packager}%{!?_packager:Ben Grande <ben.grande.b@gmail.com>}
Vendor: Ben Grande
License: AGPL-3.0-or-later
URL: https://github.com/ben-grande/qusal
BugURL: https://github.com/ben-grande/qusal/issues
Source0: %{name}-%{version}.tar.gz
BuildArch: noarch
Requires: qubes-mgmt-salt
Requires: qubes-mgmt-salt-dom0
Requires: qusal-dev
Requires: qusal-dotfiles
Requires: qusal-utils
%description
The key pairs are stored on the offline ssh-agent server named
"sys-ssh-agent", and requests are passed from clients to the server via
Qrexec. Clients may access the same ssh-agent of a qube, or access different
agents. In other words, this is an implementation of split-ssh-agent.
The client does not know the identity of the ssh-agent server, nor are keys
kept in memory in the client. This method is ideal for cases where you have a
number of key pairs, which are used by different qubes.
A centralized SSH server is very useful not only for keeping your private keys
safe, but also for keeping your workflow organized. You can delete qubes that
2024-07-08 05:42:13 -04:00
are SSH clients without losing access to your remote server, because the
authentication keys are on the sys-ssh-agent server, your client qube should
only hold the SSH configuration, which can be reconstructed.
%prep
%setup -q
%build
%check
%pre
%install
rm -rf %{buildroot}
install -m 755 -d \
%{buildroot}/srv/salt/qusal \
%{buildroot}%{_docdir}/%{name} \
%{buildroot}%{_defaultlicensedir}/%{name}
for license in $(echo "%{license_csv}" | tr "," " "); do
license_dir="LICENSES"
if test -d "salt/%{project}/LICENSES"; then
license_dir="salt/%{project}/LICENSES"
fi
install -m 644 "${license_dir}/${license}.txt" %{buildroot}%{_defaultlicensedir}/%{name}/
done
install -m 644 salt/%{project}/README.md %{buildroot}%{_docdir}/%{name}/
rm -rf \
salt/%{project}/LICENSES \
salt/%{project}/README.md \
salt/%{project}/.*
cp -rv salt/%{project} %{buildroot}/srv/salt/qusal/%{name}
%post
if test "$1" = "1"; then
## Install
qubesctl state.apply sys-ssh-agent.create
qubesctl --skip-dom0 --targets=tpl-sys-ssh-agent state.apply sys-ssh-agent.install
qubesctl --skip-dom0 --targets=sys-ssh-agent state.apply sys-ssh-agent.configure
elif test "$1" = "2"; then
## Upgrade
true
fi
%preun
if test "$1" = "0"; then
## Uninstall
true
elif test "$1" = "1"; then
## Upgrade
true
fi
%postun
if test "$1" = "0"; then
## Uninstall
true
elif test "$1" = "1"; then
## Upgrade
true
fi
%files
%defattr(-,root,root,-)
%license %{_defaultlicensedir}/%{name}/*
%doc %{_docdir}/%{name}/README.md
%dir /srv/salt/qusal/%{name}
/srv/salt/qusal/%{name}/*
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
%changelog
2024-07-10 09:04:09 -04:00
* Wed Jul 10 2024 Ben Grande <ben.grande.b@gmail.com> - 224312e
- feat: enable all optional shellcheck validations
* Tue Jul 09 2024 Ben Grande <ben.grande.b@gmail.com> - 011a71a
- style: limit line length per file extension
* Mon Jul 08 2024 Ben Grande <ben.grande.b@gmail.com> - f60077f
- doc: spell check
2024-07-08 05:42:13 -04:00
* Thu Jul 04 2024 Ben Grande <ben.grande.b@gmail.com> - 383c840
- doc: lint markdown files
* Tue Jun 25 2024 Ben Grande <ben.grande.b@gmail.com> - 9c28068
- refactor: prefer systemd sockets over socat
* Fri Jun 21 2024 Ben Grande <ben.grande.b@gmail.com> - c84dfea
- fix: generate RPM Specs for Qubes Builder V2
* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - a564b3a
- feat: add TCP proxy for remote hosts
* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
- feat: add manual page reader
* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
- fix: remove extraneous package repository updates
* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
- doc: prefix qubesctl with sudo
* Tue Feb 20 2024 Ben Grande <ben.grande.b@gmail.com> - 2b46500
- doc: remove outdated ssh agent server instructions
* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
- chore: copyright update
* Sun Jan 21 2024 Ben Grande <ben.grande.b@gmail.com> - 3e6ba8f
- fix: client install the ssh-agent client packages
* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
- feat: remove audiovm setting when unnecessary
* Tue Nov 21 2023 Ben Grande <ben.grande.b@gmail.com> - 10b3bcd
- fix: unstrusted input marking and sanitization
* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
- refactor: initial commit