diff --git a/docs/DESIGN.md b/docs/DESIGN.md index fff9d63..364dd72 100644 --- a/docs/DESIGN.md +++ b/docs/DESIGN.md @@ -5,13 +5,15 @@ Qusal design document. ## Table of Contents * [Goal](#goal) +* [Documentation](#documentation) * [Format](#format) + * [Readme](#readme) * [File naming](#file-naming) * [State ID](#state-id) - * [Readme](#readme) * [Qube preferences](#qube-preferences) * [Qube naming](#qube-naming) * [Qube label](#qube-label) + * [Qube menu](#qube-menu) * [Qube connections](#qube-connections) * [Qrexec call and policy](#qrexec-call-and-policy) @@ -151,6 +153,20 @@ related to trustworthiness of the data it is dealing with. programs, disposables for opening untrusted files or web pages). - **Examples**: sys-net, sys-usb, dvm-browser. +#### Qube menu + +The Qubes App Menu is used by GUI users, always add the `.desktop` files to +the qube feature `menu-items`, if it is a template, also add to the feature +`default-menu-items`. Remember to sync the App Menus after the installation of +software in the desired qube. + +Explicitly setting menu item avoids the user clicking on a software not +intended to be run in the selected qube or trying to run software that is not +installed. The user opening Tor Browser in a Whonix qube that is intended for +building software is risky, the user trying to open a file manager on a qube +that doesn't have one is less risky but for the user the behavior is +unexpected. + ### Qube connections There are several ways a qube can connect to another, either directly with diff --git a/salt/sys-bitcoin/appmenus.sls b/salt/sys-bitcoin/appmenus.sls index d9b7912..1fa6627 100644 --- a/salt/sys-bitcoin/appmenus.sls +++ b/salt/sys-bitcoin/appmenus.sls @@ -5,4 +5,4 @@ SPDX-License-Identifier: AGPL-3.0-or-later #} {% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%} -{{ sync_appmenus('bitcoin') }} +{{ sync_appmenus('tpl-sys-bitcoin') }} diff --git a/salt/sys-electrs/README.md b/salt/sys-electrs/README.md index 62bfa1c..a906bbc 100644 --- a/salt/sys-electrs/README.md +++ b/salt/sys-electrs/README.md @@ -31,6 +31,7 @@ This formula depends on [sys-bitcoin](../sys-bitcoin/README.md). sudo qubesctl top.enable sys-electrs sudo qubesctl --targets=tpl-electrs-builder,tpl-sys-electrs,disp-electrs-builder,sys-electrs state.apply sudo qubesctl top.disable sys-electrs +sudo qubesctl state.apply sys-electrs.appmenus ``` - State: @@ -41,6 +42,7 @@ sudo qubesctl --skip-dom0 --targets=tpl-electrs-builder state.apply sys-electrs. sudo qubesctl --skip-dom0 --targets=tpl-sys-electrs state.apply sys-electrs.install sudo qubesctl --skip-dom0 --targets=disp-electrs-builder state.apply sys-electrs.configure-builder sudo qubesctl --skip-dom0 --targets=sys-electrs state.apply sys-electrs.configure +sudo qubesctl state.apply sys-electrs.appmenus ``` diff --git a/salt/sys-electrs/appmenus.sls b/salt/sys-electrs/appmenus.sls new file mode 100644 index 0000000..a1b75f4 --- /dev/null +++ b/salt/sys-electrs/appmenus.sls @@ -0,0 +1,11 @@ +{# +SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%} +{{ sync_appmenus('tpl-sys-electrs') }} + +{% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%} +{{ sync_appmenus('tpl-electrs-builder') }} diff --git a/salt/sys-electrs/appmenus.top b/salt/sys-electrs/appmenus.top new file mode 100644 index 0000000..a3f4834 --- /dev/null +++ b/salt/sys-electrs/appmenus.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - sys-electrs.appmenus diff --git a/salt/sys-electrs/create.sls b/salt/sys-electrs/create.sls index 3cafbc8..2de9275 100644 --- a/salt/sys-electrs/create.sls +++ b/salt/sys-electrs/create.sls @@ -67,6 +67,7 @@ prefs: - default_dispvm: "" features: - set: + - default-menu-items: "qubes-run-terminal.desktop qubes-start.desktop" - menu-items: "qubes-run-terminal.desktop qubes-start.desktop" ## See comment in clone.sls. {% if salt['cmd.shell']('qvm-features tpl-electrs-builder') == "whonix-ws" %} diff --git a/salt/sys-electrumx/README.md b/salt/sys-electrumx/README.md index de3da5a..b2c58f1 100644 --- a/salt/sys-electrumx/README.md +++ b/salt/sys-electrumx/README.md @@ -31,6 +31,7 @@ This formula depends on [sys-bitcoin](../sys-bitcoin/README.md). sudo qubesctl top.enable sys-electrumx sudo qubesctl --targets=tpl-electrumx-builder,tpl-sys-electrumx,disp-electrumx-builder,sys-electrumx state.apply sudo qubesctl top.disable sys-electrumx +sudo qubesctl state.apply sys-electrumx.appmenus ``` - State @@ -41,6 +42,7 @@ sudo qubesctl --skip-dom0 --targets=tpl-electrumx-builder state.apply sys-electr sudo qubesctl --skip-dom0 --targets=tpl-sys-electrumx state.apply sys-electrumx.install sudo qubesctl --skip-dom0 --targets=disp-electrumx-builder state.apply sys-electrumx.configure-builder sudo qubesctl --skip-dom0 --targets=sys-electrumx state.apply sys-electrumx.configure +sudo qubesctl state.apply sys-electrumx.appmenus ``` diff --git a/salt/sys-electrumx/appmenus.sls b/salt/sys-electrumx/appmenus.sls new file mode 100644 index 0000000..26c7713 --- /dev/null +++ b/salt/sys-electrumx/appmenus.sls @@ -0,0 +1,11 @@ +{# +SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%} +{{ sync_appmenus('tpl-sys-electrumx') }} + +{% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%} +{{ sync_appmenus('tpl-electrumx-builder') }} diff --git a/salt/sys-electrumx/appmenus.top b/salt/sys-electrumx/appmenus.top new file mode 100644 index 0000000..567adb6 --- /dev/null +++ b/salt/sys-electrumx/appmenus.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - sys-electrumx.appmenus