fix: rpc service copy to dvm

Upstream-commit: 7c37bb7bd65ad3a183790ad07344729504bc0930
This commit is contained in:
Ben Grande 2024-01-07 20:20:54 +01:00
parent 762f8be485
commit 42a93093dd
5 changed files with 7 additions and 39 deletions

View File

@ -69,9 +69,13 @@ Setting the Disposable VM to Dom0 works because it will use the
`default_dispvm` preference of `qubes-builder`, which is `dvm-qubes-builder`.
If you need to pull new commits, a set of trusted keys is present in
`/home/user/.gnupg/qubes-builder` to be used to verify commits or tags:
`/home/user/.gnupg/qubes-builder`. By default, the provided gitconfig verifies
merges, so pulling new commits will do signature verification of `FETCH_HEAD`:
```sh
GNUPGHOME="$HOME/.gnupg/qubes-builder" git verify-commit "HEAD^{commit}"
GNUPGHOME="$HOME/.gnupg/qubes-builder" git pull
Commit 7c37bb7 has a good GPG signature by Frédéric Pierret (fepitre)
<frederic.pierret@qubes-os.org>
...
```
There are no further modifications needed to comply with this package. Consult

View File

@ -11,16 +11,6 @@ include:
- dotfiles.copy-sh
- dotfiles.copy-x11
"{{ slsdotpath }}-executor-rpc":
file.recurse:
- name: /usr/local/etc/qubes-rpc/
- source: salt://{{ slsdotpath }}/files/server/rpc/
- user: root
- group: root
- dir_mode: '0755'
- file_mode: '0755'
- makedirs: True
"{{ slsdotpath }}-executor-makedir-binded-builder":
file.directory:
- name: /rw/bind-dirs/builder

View File

@ -22,6 +22,7 @@ admin.vm.Kill * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow target=
qubesbuilder.FileCopyIn * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow
qubesbuilder.FileCopyOut * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow
qubes.Filecopy * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow
qubes.WaitForSession * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow
qubes.VMShell * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow
## vim:ft=qrexecpolicy

View File

@ -1,18 +0,0 @@
#!/usr/bin/sh
# SPDX-FileCopyrightText: 2022 - 2023 The Qubes OS Project <https://www.qubes-os.org>
#
# SPDX-License-Identifier: GPL-2.0-only
set -e
sudo bash -c "mkdir -p /builder/incoming && chown -R user:user /builder"
id=$(id -u user)
if test -x /usr/lib/qubes/qfile-unpacker; then
# shellcheck disable=SC2123
PATH="${PATH+"$PATH:"}/usr/lib/qubes"
fi
exec qfile-unpacker "$id" "/builder/incoming"

View File

@ -1,9 +0,0 @@
#!/usr/bin/bash
# SPDX-FileCopyrightText: 2022 - 2023 The Qubes OS Project <https://www.qubes-os.org>
#
# SPDX-License-Identifier: GPL-2.0-only
path="${1//__/\//}"
exec /usr/lib/qubes/qfile-agent "$path"