From 23a569d4e189ebc00c102b9ef09c981a3fecc4b7 Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Fri, 12 Jan 2024 19:47:52 +0100 Subject: [PATCH] fix: install less browser packages in reader The state browse.install installs extraneous packages that we won't need for an untrusted environment, such as USB and audio support. --- salt/reader/README.md | 3 +++ salt/reader/install.sls | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/salt/reader/README.md b/salt/reader/README.md index 44f0599..d248ac5 100644 --- a/salt/reader/README.md +++ b/salt/reader/README.md @@ -43,6 +43,9 @@ originator/client did no trust to open in its environment. When you run `default_dispvm`, it will open the file to be read in a disposable based on `dvm-reader`. +By default, there is no `netvm`, thus allowing you to set the networking chain +you want before the disposable makes a connection. + ## Credits - [Unman](https://github.com/unman/shaker/tree/main/reader) diff --git a/salt/reader/install.sls b/salt/reader/install.sls index 07a57cf..649f66c 100644 --- a/salt/reader/install.sls +++ b/salt/reader/install.sls @@ -7,9 +7,6 @@ SPDX-License-Identifier: AGPL-3.0-or-later {% if grains['nodename'] != 'dom0' -%} -include: - - browser.install - "{{ slsdotpath }}-updated": pkg.uptodate: - refresh: True @@ -20,6 +17,9 @@ include: - install_recommends: False - skip_suggestions: True - pkgs: + - qubes-core-agent-networking + - ca-certificates + - firefox-esr - libreoffice - antiword - evince