Merge branch 'fedora-41'

* fedora-41:
  feat: bump Fedora version

docs/BOOTSTRAP.md

@@ -23,9 +23,6 @@ matter in some circumstances, in those cases, it is noted in this page.
 ## Essential
 
 *   Base (order matters):
-    *   [dom0](../salt/dom0/README.md)
-    *   [debian-minimal](../salt/debian-minimal/README.md)
-    *   [fedora-minimal](../salt/fedora-minimal/README.md)
     *   [mgmt](../salt/mgmt/README.md)
     *   [sys-cacher](../salt/sys-cacher/README.md)
 

salt/debian-minimal/template.jinja

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}

salt/debian/template.jinja

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -11,5 +11,5 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 {% if flavor -%}
   {% set flavor = '-' ~ flavor -%}
 {% endif -%}
-{% set template = base  ~ '-' ~ version ~ flavor -%}
+{% set template = base ~ '-' ~ version ~ flavor -%}
 {% set template_clean = base ~ flavor -%}

salt/fedora-minimal/README.md

@@ -19,7 +19,7 @@ it.
 
 ```sh
 sudo qubesctl top.enable fedora-minimal
-sudo qubesctl --targets=fedora-40-minimal state.apply
+sudo qubesctl --targets=fedora-41-minimal state.apply
 sudo qubesctl top.disable fedora-minimal
 sudo qubesctl state.apply fedora-minimal.prefs
 ```
@@ -30,7 +30,7 @@ sudo qubesctl state.apply fedora-minimal.prefs
 
 ```sh
 sudo qubesctl state.apply fedora-minimal.create
-sudo qubesctl --skip-dom0 --targets=fedora-40-minimal state.apply fedora-minimal.install
+sudo qubesctl --skip-dom0 --targets=fedora-41-minimal state.apply fedora-minimal.install
 sudo qubesctl state.apply fedora-minimal.prefs
 ```
 

salt/fedora-minimal/create.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -9,7 +9,8 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 {%- import slsdotpath ~ "/template.jinja" as template -%}
 
 include:
-  - fedora.create
+  - fedora-xfce.create
+  - fedora-xfce.prefs
   - {{ slsdotpath }}.clone
 
 "dvm-{{ template.template }}-absent":
@@ -23,6 +24,7 @@ name: {{ template.template }}
 force: True
 require:
 - sls: {{ template.template_clean }}.clone
+- sls: fedora-xfce.create
 present:
 - label: black
 prefs:
@@ -32,6 +34,7 @@ prefs:
 - memory: 300
 - maxmem: 600
 - include_in_backups: False
+- management_dispvm: dvm-fedora-xfce
 features:
 - set:
   - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
@@ -63,22 +66,3 @@ features:
   - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
 {%- endload %}
 {{ load(defaults) }}
-
-"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora":
-  qvm.vm:
-    - require:
-      - qvm: dvm-fedora
-    - name: {{ template.template }}
-    - prefs:
-      - management_dispvm: dvm-fedora
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-install-salt-deps":
-  cmd.script:
-    - require:
-      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora"
-    - name: salt-patch.sh
-    - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh
-    - args: {{ template.template }}

salt/fedora-minimal/files/admin/bin/salt-patch.sh

@@ -1,18 +0,0 @@
-#!/bin/sh
-
-## SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-##
-## SPDX-License-Identifier: AGPL-3.0-or-later
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-
-set -eu
-
-qube="${1}"
-dnf_min_install="dnf -q install --refresh -y --setopt=install_weak_deps=False"
-
-qvm-run --no-gui --user=root --pass-io --filter-escape-chars \
-  --no-color-output --no-color-stderr -- "${qube}" \
-  "${dnf_min_install} python3-urllib3"

salt/fedora-minimal/init.top

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}

salt/fedora-minimal/prefs.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -9,21 +9,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
   - {{ slsdotpath }}.create
 
-"{{ slsdotpath }}-set-management_dispvm-to-default":
+"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default":
   qvm.vm:
     - require:
-      - cmd: "{{ slsdotpath }}-install-salt-deps"
+      - sls: {{ slsdotpath }}.create
     - name: {{ template.template }}
     - prefs:
       - management_dispvm: "*default*"
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-shutdown-template":
-  qvm.shutdown:
-    - require:
-      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-default"
-    - name: {{ template.template }}
-    - flags:
-      - force

salt/fedora-minimal/template.jinja

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}

salt/fedora-xfce/README.md

@@ -18,8 +18,9 @@ Creates the Fedora Xfce template as well as a Disposable Template based on it.
 
 ```sh
 sudo qubesctl top.enable fedora-xfce
-sudo qubesctl --targets=fedora-40-xfce state.apply
+sudo qubesctl --targets=fedora-41-xfce state.apply
 sudo qubesctl top.disable fedora-xfce
+sudo qubesctl state.apply fedora-xfce.prefs
 ```
 
 *   State:
@@ -28,7 +29,8 @@ sudo qubesctl top.disable fedora-xfce
 
 ```sh
 sudo qubesctl state.apply fedora-xfce.create
-sudo qubesctl --skip-dom0 --targets=fedora-40-xfce state.apply fedora-xfce.install
+sudo qubesctl --skip-dom0 --targets=fedora-41-xfce state.apply fedora-xfce.install
+sudo qubesctl state.apply fedora-xfce.prefs
 ```
 
 <!-- pkg:end:post-install -->

salt/fedora-xfce/create.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -62,3 +62,11 @@ features:
   - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
 {%- endload %}
 {{ load(defaults) }}
+
+"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-dvm-{{ template.template_clean }}":
+  qvm.vm:
+    - require:
+      - qvm: dvm-{{ template.template_clean }}
+    - name: {{ template.template }}
+    - prefs:
+      - management_dispvm: "dvm-{{ template.template_clean }}"

salt/fedora-xfce/prefs.sls

@@ -0,0 +1,18 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default":
+  qvm.vm:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: {{ template.template }}
+    - prefs:
+      - management_dispvm: "*default*"

salt/fedora-xfce/prefs.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - fedora-xfce.prefs

salt/fedora/README.md

@@ -18,8 +18,9 @@ Creates the Fedora template as well as a Disposable Template based on it.
 
 ```sh
 sudo qubesctl top.enable fedora
-sudo qubesctl --targets=fedora-40 state.apply
+sudo qubesctl --targets=fedora-41 state.apply
 sudo qubesctl top.disable fedora
+sudo qubesctl state.apply fedora.prefs
 ```
 
 *   State:
@@ -28,7 +29,8 @@ sudo qubesctl top.disable fedora
 
 ```sh
 sudo qubesctl state.apply fedora.create
-sudo qubesctl --skip-dom0 --targets=fedora-40 state.apply fedora.install
+sudo qubesctl --skip-dom0 --targets=fedora-41 state.apply fedora.install
+sudo qubesctl state.apply fedora.prefs
 ```
 
 <!-- pkg:end:post-install -->

salt/fedora/create.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -62,3 +62,11 @@ features:
   - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
 {%- endload %}
 {{ load(defaults) }}
+
+"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-dvm-{{ template.template_clean }}":
+  qvm.vm:
+    - require:
+      - qvm: dvm-{{ template.template_clean }}
+    - name: {{ template.template }}
+    - prefs:
+      - management_dispvm: "dvm-{{ template.template_clean }}"

salt/fedora/prefs.sls

@@ -0,0 +1,18 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default":
+  qvm.vm:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: {{ template.template }}
+    - prefs:
+      - management_dispvm: "*default*"

salt/fedora/prefs.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - fedora.prefs

salt/fedora/template.jinja

@@ -1,15 +1,15 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
 {% set base = 'fedora' -%}
-{% set version = salt['pillar.get']('qvm:fedora:version', '40') -%}
+{% set version = salt['pillar.get']('qvm:fedora:version', '41') -%}
 {% set flavor = '' -%}
 {% set repo = salt['pillar.get']('qvm:fedora:repo', 'qubes-templates-itl') -%}
 {% if flavor -%}
   {% set flavor = '-' ~ flavor -%}
 {% endif -%}
-{% set template = base  ~ '-' ~ version ~ flavor -%}
+{% set template = base ~ '-' ~ version ~ flavor -%}
 {% set template_clean = base ~ flavor -%}

salt/mgmt/create.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -7,7 +7,6 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 {%- from "qvm/template.jinja" import load -%}
 
 include:
-  - fedora.create
   - {{ slsdotpath }}.clone
   - fedora-minimal.prefs
 
@@ -19,6 +18,7 @@ require:
 - sls: fedora-minimal.prefs
 prefs:
 - audiovm: ""
+- management_dispvm: dvm-fedora-xfce
 {%- endload %}
 {{ load(defaults) }}
 
@@ -48,22 +48,3 @@ features:
   - internal
 {%- endload %}
 {{ load(defaults) }}
-
-"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora":
-  qvm.vm:
-    - require:
-      - qvm: dvm-fedora
-    - name: tpl-{{ slsdotpath }}
-    - prefs:
-      - management_dispvm: dvm-fedora
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-install-salt-deps":
-  cmd.script:
-    - require:
-      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora"
-    - name: salt-patch.sh
-    - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh
-    - args: tpl-{{ slsdotpath }}

salt/mgmt/prefs.sls

@@ -10,13 +10,13 @@ include:
 "{{ slsdotpath }}-set-qubes-prefs-management_dispvm-to-dvm-{{ slsdotpath }}":
   cmd.run:
     - require:
-      - cmd: "{{ slsdotpath }}-install-salt-deps"
+      - sls: {{ slsdotpath }}.create
     - name: qubes-prefs -- management_dispvm dvm-{{ slsdotpath }}
 
 "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default":
   qvm.vm:
     - require:
-      - cmd: "{{ slsdotpath }}-install-salt-deps"
+      - sls: {{ slsdotpath }}.create
     - name: tpl-{{ slsdotpath }}
     - prefs:
       - management_dispvm: "*default*"
@@ -27,14 +27,3 @@ include:
       - cmd: "{{ slsdotpath }}-set-qubes-prefs-management_dispvm-to-dvm-{{ slsdotpath }}"
       - qvm: "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default"
     - name: default-mgmt-dvm
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-shutdown-template":
-  qvm.shutdown:
-    - require:
-      - qvm: "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default"
-    - name: tpl-{{ slsdotpath }}
-    - flags:
-      - force

salt/qubes-builder/README.md

@@ -35,9 +35,11 @@ template.
 *   Top:
 
 ```sh
-sudo qubesctl top.enable qubes-builder
+sudo qubesctl top.enable mgmt qubes-builder
+sudo qubesctl --targets=tpl-mgmt state.apply
+sudo qubesctl state.apply qubes-builder.prefs-mgmt
 sudo qubesctl --targets=tpl-qubes-builder,dvm-qubes-builder,qubes-builder state.apply
-sudo qubesctl top.disable qubes-builder
+sudo qubesctl top.disable mgmt qubes-builder
 sudo qubesctl state.apply qubes-builder.prefs
 ```
 
@@ -47,8 +49,9 @@ sudo qubesctl state.apply qubes-builder.prefs
 
 ```sh
 sudo qubesctl state.apply qubes-builder.create
+sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install
+sudo qubesctl state.apply qubes-builder.prefs-mgmt
 sudo qubesctl --skip-dom0 --targets=tpl-qubes-builder state.apply qubes-builder.install
-sudo qubesctl state.apply qubes-builder.prefs
 sudo qubesctl --skip-dom0 --targets=dvm-qubes-builder state.apply qubes-builder.configure-qubes-executor
 sudo qubesctl --skip-dom0 --targets=qubes-builder state.apply qubes-builder.configure
 ```

salt/qubes-builder/create.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -8,14 +8,14 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 
 include:
   - {{ slsdotpath }}.clone
-  - fedora-minimal.prefs
+  - mgmt.create
 
 {% load_yaml as defaults -%}
 name: tpl-{{ slsdotpath }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
-- sls: fedora-minimal.prefs
+- sls: mgmt.create
 prefs:
 - audiovm: ""
 {%- endload %}
@@ -89,33 +89,3 @@ features:
 
 {% from 'utils/macros/policy.sls' import policy_set with context -%}
 {{ policy_set(sls_path, '70') }}
-
-"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora":
-  qvm.vm:
-    - require:
-      - qvm: dvm-fedora
-    - name: tpl-{{ slsdotpath }}
-    - prefs:
-      - management_dispvm: dvm-fedora
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-install-salt-deps":
-  cmd.script:
-    - require:
-      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora"
-    - name: salt-patch.sh
-    - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh
-    - args: tpl-{{ slsdotpath }}
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-shutdown-template":
-  qvm.shutdown:
-    - require:
-      - cmd: "{{ slsdotpath }}-install-salt-deps"
-    - name: tpl-{{ slsdotpath }}
-    - flags:
-      - force

salt/qubes-builder/init.sls

@@ -1,16 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-include:
-{% if grains['id'] == 'dom0' -%}
-  - {{ slsdotpath }}.create
-{% elif grains['id'] == 'tpl-' ~ slsdotpath -%}
-  - {{ slsdotpath }}.install
-{% elif grains['id'] == 'dvm-' ~ slsdotpath -%}
-  - {{ slsdotpath }}.configure-qubes-executor
-{% elif grains['id'] == slsdotpath -%}
-  - {{ slsdotpath }}.configure
-{% endif -%}

salt/qubes-builder/init.top

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}

salt/qubes-builder/prefs-mgmt.sls

@@ -0,0 +1,17 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+include:
+  - .create
+  - mgmt.prefs
+
+"{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default":
+  qvm.vm:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: tpl-{{ slsdotpath }}
+    - prefs:
+      - management_dispvm: "*default*"

salt/qubes-builder/prefs-mgmt.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - qubes-builder.prefs-mgmt

salt/qubes-builder/prefs.sls

@@ -1,20 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-
-include:
-  - {{ slsdotpath }}.create
-
-"{{ slsdotpath }}-set-management_dispvm-to-default":
-  qvm.vm:
-    - require:
-      - cmd: "{{ slsdotpath }}-install-salt-deps"
-    - name: tpl-{{ slsdotpath }}
-    - prefs:
-      - management_dispvm: "*default*"

salt/qubes-builder/prefs.top

@@ -1,10 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-base:
-  'dom0':
-    - match: nodegroup
-    - qubes-builder.prefs

salt/sys-gui-gpu/README.md

@@ -23,9 +23,11 @@ WARNING: [unfinished formula](../../docs/TROUBLESHOOT.md#no-support-for-unfinish
 
 ```sh
 sudo qubesctl top.enable qvm.sys-gui-gpu pillar=True
-sudo qubesctl top.enable sys-gui-gpu
+sudo qubesctl top.enable mgmt sys-gui-gpu
+sudo qubesctl --targets=tpl-mgmt state.apply
+sudo qubesctl state.apply sys-gui.prefs-mgmt
 sudo qubesctl --targets=tpl-sys-gui,sys-gui-gpu state.apply
-sudo qubesctl top.disable sys-gui-gpu
+sudo qubesctl top.disable mgmt sys-gui-gpu
 sudo qubesctl state.apply sys-gui-gpu.prefs
 ```
 
@@ -36,6 +38,8 @@ sudo qubesctl state.apply sys-gui-gpu.prefs
 ```sh
 sudo qubesctl top.enable qvm.sys-gui-gpu pillar=True
 sudo qubesctl state.apply sys-gui-gpu.create
+sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install
+sudo qubesctl state.apply sys-gui.prefs-mgmt
 sudo qubesctl --skip-dom0 --targets=tpl-sys-gui state.apply sys-gui-gpu.install
 sudo qubesctl --skip-dom0 --targets=sys-gui-gpu state.apply sys-gui-gpu.configure
 sudo qubesctl state.apply sys-gui-gpu.prefs

salt/sys-gui-gpu/create.sls

@@ -12,6 +12,7 @@ SPDX-License-Identifier: GPL-2.0-only
 
 include:
   - {{ slsdotpath }}.clone
+  - sys-gui.create
 
 "{{ slsdotpath }}-installed":
   pkg.installed:

salt/sys-gui-vnc/README.md

@@ -23,7 +23,9 @@ WARNING: [unfinished formula](../../docs/TROUBLESHOOT.md#no-support-for-unfinish
 
 ```sh
 sudo qubesctl top.enable qvm.sys-gui-vnc pillar=True
-sudo qubesctl top.enable sys-gui-vnc
+sudo qubesctl top.enable mgmt sys-gui-vnc
+sudo qubesctl --targets=tpl-mgmt state.apply
+sudo qubesctl state.apply sys-gui.prefs-mgmt
 sudo qubesctl --targets=tpl-sys-gui,sys-gui-vnc state.apply
 sudo qubesctl top.disable sys-gui-vnc
 sudo qubesctl state.apply sys-gui-vnc.prefs
@@ -36,6 +38,8 @@ sudo qubesctl state.apply sys-gui-vnc.prefs
 ```sh
 sudo qubesctl top.enable qvm.sys-gui-vnc pillar=True
 sudo qubesctl state.apply sys-gui-vnc.create
+sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install
+sudo qubesctl state.apply sys-gui.prefs-mgmt
 sudo qubesctl --skip-dom0 --targets=tpl-sys-gui state.apply sys-gui-vnc.install
 sudo qubesctl --skip-dom0 --targets=sys-gui-vnc state.apply sys-gui-vnc.configure
 sudo qubesctl state.apply sys-gui-vnc.prefs

salt/sys-gui-vnc/create.sls

@@ -11,6 +11,7 @@ SPDX-License-Identifier: GPL-2.0-only
 
 include:
   - {{ slsdotpath }}.clone
+  - sys-gui.create
 
 {% if 'psu' in salt['pillar.get']('qvm:sys-gui-vnc:dummy-modules', []) or 'backlight' in salt['pillar.get']('qvm:sys-gui-vnc:dummy-modules', []) %}
 "{{ slsdotpath }}-installed":

salt/sys-gui/README.md

@@ -23,9 +23,11 @@ WARNING: [unfinished formula](../../docs/TROUBLESHOOT.md#no-support-for-unfinish
 
 ```sh
 sudo qubesctl top.enable qvm.sys-gui pillar=True
-sudo qubesctl top.enable sys-gui
+sudo qubesctl top.enable mgmt sys-gui
+sudo qubesctl --targets=tpl-mgmt state.apply
+sudo qubesctl state.apply sys-gui.prefs-mgmt
 sudo qubesctl --targets=tpl-sys-gui,sys-gui state.apply
-sudo qubesctl top.disable sys-gui
+sudo qubesctl top.disable mgmt sys-gui
 sudo qubesctl state.apply sys-gui.prefs
 ```
 
@@ -36,6 +38,8 @@ sudo qubesctl state.apply sys-gui.prefs
 ```sh
 sudo qubesctl top.enable qvm.sys-gui pillar=True
 sudo qubesctl state.apply sys-gui.create
+sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install
+sudo qubesctl state.apply sys-gui.prefs-mgmt
 sudo qubesctl --skip-dom0 --targets=tpl-sys-gui state.apply sys-gui.install
 sudo qubesctl --skip-dom0 --targets=sys-gui state.apply sys-gui.configure
 sudo qubesctl state.apply sys-gui.prefs

salt/sys-gui/create.sls

@@ -1,7 +1,7 @@
 {#
 SPDX-FileCopyrightText: 2019 - 2020 Frederic Pierret <frederic.pierret@qubes-os.org>
 SPDX-FileCopyrightText: 2020 - 2024 Marmarek Marczykowski-Gorecki <marmarek@invisiblethingslab.com>
-SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: GPL-2.0-only
 #}
@@ -11,6 +11,7 @@ SPDX-License-Identifier: GPL-2.0-only
 
 include:
   - {{ slsdotpath }}.clone
+  - mgmt.create
 
 {% if 'psu' in salt['pillar.get']('qvm:sys-gui:dummy-modules', []) or 'backlight' in salt['pillar.get']('qvm:sys-gui:dummy-modules', []) %}
 "{{ slsdotpath }}-installed":
@@ -32,6 +33,7 @@ name: tpl-{{ slsdotpath }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
+- sls: mgmt.create
 prefs:
 - audiovm: ""
 {%- endload %}

salt/sys-gui/prefs-mgmt.sls

@@ -0,0 +1,16 @@
+{#
+SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+include:
+  - mgmt.prefs
+
+"{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default":
+  qvm.vm:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: tpl-{{ slsdotpath }}
+    - prefs:
+      - management_dispvm: "*default*"

salt/sys-gui/prefs-mgmt.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - sys-gui.prefs-mgmt

salt/sys-gui/prefs.sls

@@ -14,3 +14,11 @@ SPDX-License-Identifier: AGPL-3.0-or-later
     - require:
       - qvm: "{{ slsdotpath }}-autostart"
     - name: qubes-prefs -- default_guivm {{ slsdotpath }}
+
+"{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default":
+  qvm.vm:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: tpl-{{ slsdotpath }}
+    - prefs:
+      - management_dispvm: "*default*"

salt/sys-pgp/README.md

@@ -28,9 +28,11 @@ and access to them is made from the client through Qrexec.
 *   Top:
 
 ```sh
-sudo qubesctl top.enable sys-pgp
+sudo qubesctl top.enable mgmt sys-pgp
+sudo qubesctl --targets=tpl-mgmt state.apply
+sudo qubesctl state.apply sys-pgp.prefs-mgmt
 sudo qubesctl --targets=tpl-sys-pgp,sys-pgp state.apply
-sudo qubesctl top.disable sys-pgp
+sudo qubesctl top.disable mgmt sys-pgp
 sudo qubesctl state.apply sys-pgp.prefs
 ```
 
@@ -40,9 +42,10 @@ sudo qubesctl state.apply sys-pgp.prefs
 
 ```sh
 sudo qubesctl state.apply sys-pgp.create
+sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install
+sudo qubesctl state.apply sys-pgp.prefs-mgmt
 sudo qubesctl --skip-dom0 --targets=tpl-sys-pgp state.apply sys-pgp.install
 sudo qubesctl --skip-dom0 --targets=sys-pgp state.apply sys-pgp.configure
-sudo qubesctl state.apply sys-pgp.prefs
 ```
 
 <!-- pkg:end:post-install -->

salt/sys-pgp/create.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -8,14 +8,14 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 
 include:
   - {{ slsdotpath }}.clone
-  - fedora-minimal.prefs
+  - mgmt.create
 
 {% load_yaml as defaults -%}
 name: tpl-{{ slsdotpath }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
-- sls: fedora-minimal.prefs
+- sls: mgmt.create
 prefs:
 - audiovm: ""
 {%- endload %}
@@ -47,22 +47,3 @@ features:
 
 {% from 'utils/macros/policy.sls' import policy_set with context -%}
 {{ policy_set(sls_path, '80') }}
-
-"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora":
-  qvm.vm:
-    - require:
-      - qvm: dvm-fedora
-    - name: tpl-{{ slsdotpath }}
-    - prefs:
-      - management_dispvm: dvm-fedora
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-install-salt-deps":
-  cmd.script:
-    - require:
-      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora"
-    - name: salt-patch.sh
-    - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh
-    - args: tpl-{{ slsdotpath }}

salt/sys-pgp/install.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -22,13 +22,14 @@ include:
       - gnupg2
       - man-db
 
+{# TODO: sequoia-wot can't be installed on fedora-41 #}
 {% set pkg = {
   'Debian': {
     'pkg': ['sq', 'sq-keyring-linter', 'sq-wot', 'sqop', 'sqv'],
   },
   'RedHat': {
-    'pkg': ['sequoia-sq', 'sequoia-keyring-linter', 'sequoia-wot',
+    'pkg': ['sequoia-sq', 'sequoia-keyring-linter', 'sequoia-sop',
-            'sequoia-sop', 'sequoia-sqv', 'sequoia-policy-config',
+            'sequoia-sqv', 'sequoia-policy-config',
             'sequoia-chameleon-gnupg'],
   },
 }.get(grains.os_family) -%}

salt/sys-pgp/prefs-mgmt.sls

@@ -0,0 +1,17 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+include:
+  - .create
+  - mgmt.prefs
+
+"{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default":
+  qvm.vm:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: tpl-{{ slsdotpath }}
+    - prefs:
+      - management_dispvm: "*default*"

salt/sys-pgp/prefs-mgmt.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - sys-pgp.prefs-mgmt

salt/sys-pgp/prefs.sls

@@ -1,27 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-include:
-  - {{ slsdotpath }}.create
-
-"{{ slsdotpath }}-set-management_dispvm-to-default":
-  qvm.vm:
-    - require:
-      - cmd: "{{ slsdotpath }}-install-salt-deps"
-    - name: tpl-{{ slsdotpath }}
-    - prefs:
-      - management_dispvm: "*default*"
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-shutdown-template":
-  qvm.shutdown:
-    - require:
-      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-default"
-    - name: tpl-{{ slsdotpath }}
-    - flags:
-      - force

salt/sys-pgp/prefs.top

@@ -1,10 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-base:
-  'dom0':
-    - match: nodegroup
-    - sys-pgp.prefs

salt/utils/macros/clone-template.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -35,6 +35,9 @@ include:
 
 {% endif %}
 
+{% from 'utils/macros/update-admin.sls' import update_admin -%}
+{{ update_admin(source, prefix + name) }}
+
 "{{ prefix }}{{ name }}-clone":
   qvm.clone:
     - require:

salt/utils/macros/update-admin.sls

@@ -0,0 +1,48 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{#
+Usage:
+1: Import this template:
+{% from 'utils/macros/update-admin.sls' import update_admin -%}
+
+2: Set template base to update and the reason for it:
+{{ update_admin('fedora-minimal', 'tpl-sys-pgp') }}
+
+The 'reason' is only used for creating a globally unique ID.
+#}
+
+{% macro update_admin(source, reason, shutdown=True, include_create=False) -%}
+{% import source ~ "/template.jinja" as template -%}
+{% import "dom0/gui-user.jinja" as gui_user -%}
+
+{% if include_create -%}
+include:
+  - {{ source }}.create
+{% endif -%}
+
+"{{ reason }}-{{ source }}-update-admin":
+  cmd.run:
+    - require:
+      - sls: {{ source }}.create
+    - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }}
+    - runas: {{ gui_user.gui_user }}
+
+{% if shutdown -%}
+{#
+Shutdown is necessary for cloned templates to have the newer state.
+Even if 'qubes-vm-update' tries to shutdown a qube that was not previously
+running, it does not wait for the shutdown to complete:
+  https://github.com/qubesos/qubes-issues/issues/9814
+#}
+"{{ reason }}-{{ source }}-update-admin-shutdown":
+  qvm.shutdown:
+    - name: {{ template.template }}
+    - flags:
+      - wait
+{% endif -%}
+
+{% endmacro -%}