Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2024-09-20 09:15:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: strict split-gpg2 service

Browse Source 
Split-gpg V1 allowed for querying public keys, but as split-gpg2 is
running as an agent, public keys are not queried. Allowing connection to
the server to query only public parts of the key exposes the server more
than needed to the client.

All clients now have to hold the public key they need locally in order
to do GPG operations.
This commit is contained in:
Ben Grande 2023-12-28 11:47:41 +01:00
parent 76079d2c7e
commit b52e4b1b63
8 changed files with 5 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
salt/mirage-builder/create.sls
View File

@ -26,8 +26,6 @@ prefs:
- autostart: False
- include_in_backups: True
features:
- enable:
- service.split-gpg2-client
- disable:
- service.cups
- service.cups-browsed

1
salt/mutt/create.sls
View File

@ -38,6 +38,7 @@ prefs:
- autostart: False
features:
- enable:
- service.split-gpg2-client
- service.shutdown-idle
- disable:
- service.cups

4
salt/qubes-builder/README.md
View File

@ -54,8 +54,8 @@ qubesctl --skip-dom0 --targets=qubes-builder state.apply qubes-builder.configure
## Access Control
The policy is based on `qubes-builderv2/rpc/50-qubesbuilder.policy`.
Extra services added are `qubes.Gpg`, `qubes.Gpg2`, `qusal.GitInit`,
`qusal.GitFetch`, `qusal.GitPush`, `qusal.SshAgent`.
Extra services added are `qubes.Gpg2`, `qusal.GitInit`, `qusal.GitFetch`,
`qusal.GitPush`, `qusal.SshAgent`.
Out of these services, if an argument `+qubes-builder` can be specified to
limit the scope, the action is `allowed`, else the action is to `ask`.

4
salt/qubes-builder/create.sls
View File

@ -51,8 +51,8 @@ prefs:
- vcpus: 4
- default_dispvm: dvm-{{ slsdotpath }}
features:
# - enable:
# - service.split-gpg2-client
- enable:
- service.split-gpg2-client
- disable:
- service.cups
- service.cups-browsed

1
salt/qubes-builder/files/admin/policy/default.policy
View File

@ -5,7 +5,6 @@
## Do not modify this file, create a new policy with with a lower number in the
## file name instead. For example `30-user.policy`.
qubes.Gpg2 * {{ sls_path }} @default ask target=sys-pgp
qubes.Gpg * {{ sls_path }} @default ask target=sys-pgp
qusal.GitInit +qubes-builder {{ sls_path }} @default allow target=sys-git
qusal.GitFetch +qubes-builder {{ sls_path }} @default allow target=sys-git

3
salt/sys-git/create.sls
View File

@ -30,9 +30,6 @@ features:
- disable:
- service.cups
- service.cups-browsed
# tags:
# - add:
# - split-gpg2-client
{%- endload %}
{{ load(defaults) }}

4
salt/sys-pgp/README.md
View File

@ -53,10 +53,6 @@ Allow the `work` qubes to access `sys-pgp`, but not other qubes:
qubes.Gpg2 * work sys-pgp ask default_target=sys-pgp
qubes.Gpg2 * work @default ask target=sys-pgp default_target=sys-pgp
qubes.Gpg2 * @anyvm @anyvm deny
qubes.Gpg * work sys-pgp ask default_target=sys-pgp
qubes.Gpg * work @default ask target=sys-pgp default_target=sys-pgp
qubes.Gpg * @anyvm @anyvm deny
```
## Usage

2
salt/sys-pgp/files/admin/policy/default.policy
View File

@ -6,6 +6,4 @@
## file name instead. For example `30-user.policy`.
qubes.Gpg2 * @anyvm @default ask target={{ sls_path }} default_target={{ sls_path }}
qubes.Gpg2 * @anyvm @anyvm deny
qubes.Gpg * @anyvm @default ask target={{ sls_path }} default_target={{ sls_path }}
qubes.Gpg * @anyvm @anyvm deny
## vim:ft=qrexecpolicy