From c84dfea48edc14b6164df5230055305c59725303 Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Fri, 21 Jun 2024 17:00:06 +0200 Subject: [PATCH] fix: generate RPM Specs for Qubes Builder V2 It doesn't checkout the current directory when querying the spec, so we provide the already modified version of the spec. --- .gitignore | 2 - .pre-commit-config.yaml | 9 + .reuse/dep5 | 2 +- rpm_spec/qusal-ansible.spec | 129 ++++++++++++ rpm_spec/qusal-browser.spec | 161 ++++++++++++++ rpm_spec/qusal-debian-minimal.spec | 120 +++++++++++ rpm_spec/qusal-debian-xfce.spec | 111 ++++++++++ rpm_spec/qusal-debian.spec | 120 +++++++++++ rpm_spec/qusal-dev.spec | 141 +++++++++++++ rpm_spec/qusal-docker.spec | 118 +++++++++++ rpm_spec/qusal-dom0.spec | 195 +++++++++++++++++ rpm_spec/qusal-dotfiles.spec | 191 +++++++++++++++++ rpm_spec/qusal-electrum.spec | 142 +++++++++++++ rpm_spec/qusal-element.spec | 102 +++++++++ rpm_spec/qusal-fedora-minimal.spec | 130 ++++++++++++ rpm_spec/qusal-fedora-xfce.spec | 117 +++++++++++ rpm_spec/qusal-fedora.spec | 126 +++++++++++ rpm_spec/qusal-fetcher.spec | 128 ++++++++++++ rpm_spec/qusal-kicksecure-minimal.spec | 133 ++++++++++++ rpm_spec/qusal-mail.spec | 138 ++++++++++++ rpm_spec/qusal-media.spec | 130 ++++++++++++ rpm_spec/qusal-mgmt.spec | 128 ++++++++++++ rpm_spec/qusal-mirage-builder.spec | 129 ++++++++++++ rpm_spec/qusal-opentofu.spec | 110 ++++++++++ rpm_spec/qusal-qubes-builder.spec | 181 ++++++++++++++++ rpm_spec/qusal-reader.spec | 138 ++++++++++++ rpm_spec/qusal-remmina.spec | 111 ++++++++++ rpm_spec/qusal-signal.spec | 136 ++++++++++++ rpm_spec/qusal-ssh.spec | 128 ++++++++++++ rpm_spec/qusal-sys-audio.spec | 159 ++++++++++++++ rpm_spec/qusal-sys-bitcoin.spec | 162 +++++++++++++++ rpm_spec/qusal-sys-cacher.spec | 266 ++++++++++++++++++++++++ rpm_spec/qusal-sys-electrs.spec | 145 +++++++++++++ rpm_spec/qusal-sys-electrumx.spec | 130 ++++++++++++ rpm_spec/qusal-sys-firewall.spec | 133 ++++++++++++ rpm_spec/qusal-sys-git.spec | 148 +++++++++++++ rpm_spec/qusal-sys-mirage-firewall.spec | 135 ++++++++++++ rpm_spec/qusal-sys-net.spec | 145 +++++++++++++ rpm_spec/qusal-sys-pgp.spec | 139 +++++++++++++ rpm_spec/qusal-sys-pihole.spec | 183 ++++++++++++++++ rpm_spec/qusal-sys-print.spec | 121 +++++++++++ rpm_spec/qusal-sys-rsync.spec | 136 ++++++++++++ rpm_spec/qusal-sys-ssh-agent.spec | 139 +++++++++++++ rpm_spec/qusal-sys-ssh.spec | 138 ++++++++++++ rpm_spec/qusal-sys-syncthing.spec | 182 ++++++++++++++++ rpm_spec/qusal-sys-usb.spec | 145 +++++++++++++ rpm_spec/qusal-sys-wireguard.spec | 136 ++++++++++++ rpm_spec/qusal-terraform.spec | 118 +++++++++++ rpm_spec/qusal-usb.spec | 108 ++++++++++ rpm_spec/qusal-utils.spec | 134 ++++++++++++ rpm_spec/qusal-vault.spec | 118 +++++++++++ rpm_spec/qusal-video-companion.spec | 100 +++++++++ rpm_spec/qusal-whonix-gateway.spec | 104 +++++++++ rpm_spec/qusal-whonix-workstation.spec | 108 ++++++++++ rpm_spec/template/template.spec | 57 ++--- version => salt/ansible/version | 0 salt/browser/version | 1 + salt/debian-minimal/version | 1 + salt/debian-xfce/version | 1 + salt/debian/version | 1 + salt/dev/version | 1 + salt/docker/version | 1 + salt/dom0/version | 1 + salt/electrum/version | 1 + salt/element/version | 1 + salt/fedora-minimal/version | 1 + salt/fedora-xfce/version | 1 + salt/fedora/version | 1 + salt/fetcher/version | 1 + salt/kicksecure-minimal/version | 1 + salt/mail/version | 1 + salt/media/version | 1 + salt/mgmt/version | 1 + salt/mirage-builder/version | 1 + salt/opentofu/version | 1 + salt/qubes-builder/version | 1 + salt/reader/version | 1 + salt/remmina/version | 1 + salt/signal/version | 1 + salt/ssh/version | 1 + salt/sys-audio/version | 1 + salt/sys-bitcoin/version | 1 + salt/sys-cacher/version | 1 + salt/sys-electrs/version | 1 + salt/sys-electrumx/version | 1 + salt/sys-firewall/version | 1 + salt/sys-git/version | 1 + salt/sys-mirage-firewall/version | 1 + salt/sys-net/version | 1 + salt/sys-pgp/version | 1 + salt/sys-pihole/version | 1 + salt/sys-print/version | 1 + salt/sys-rsync/version | 1 + salt/sys-ssh-agent/version | 1 + salt/sys-ssh/version | 1 + salt/sys-syncthing/version | 1 + salt/sys-usb/version | 1 + salt/sys-wireguard/version | 1 + salt/terraform/version | 1 + salt/usb/version | 1 + salt/utils/version | 1 + salt/vault/version | 1 + salt/video-companion/version | 1 + salt/whonix-gateway/version | 1 + salt/whonix-workstation/version | 1 + scripts/qubesbuilder-gen.sh | 6 +- scripts/spec-gen.sh | 74 ++++++- scripts/spec-get.sh | 15 +- 108 files changed, 7181 insertions(+), 58 deletions(-) create mode 100644 rpm_spec/qusal-ansible.spec create mode 100644 rpm_spec/qusal-browser.spec create mode 100644 rpm_spec/qusal-debian-minimal.spec create mode 100644 rpm_spec/qusal-debian-xfce.spec create mode 100644 rpm_spec/qusal-debian.spec create mode 100644 rpm_spec/qusal-dev.spec create mode 100644 rpm_spec/qusal-docker.spec create mode 100644 rpm_spec/qusal-dom0.spec create mode 100644 rpm_spec/qusal-dotfiles.spec create mode 100644 rpm_spec/qusal-electrum.spec create mode 100644 rpm_spec/qusal-element.spec create mode 100644 rpm_spec/qusal-fedora-minimal.spec create mode 100644 rpm_spec/qusal-fedora-xfce.spec create mode 100644 rpm_spec/qusal-fedora.spec create mode 100644 rpm_spec/qusal-fetcher.spec create mode 100644 rpm_spec/qusal-kicksecure-minimal.spec create mode 100644 rpm_spec/qusal-mail.spec create mode 100644 rpm_spec/qusal-media.spec create mode 100644 rpm_spec/qusal-mgmt.spec create mode 100644 rpm_spec/qusal-mirage-builder.spec create mode 100644 rpm_spec/qusal-opentofu.spec create mode 100644 rpm_spec/qusal-qubes-builder.spec create mode 100644 rpm_spec/qusal-reader.spec create mode 100644 rpm_spec/qusal-remmina.spec create mode 100644 rpm_spec/qusal-signal.spec create mode 100644 rpm_spec/qusal-ssh.spec create mode 100644 rpm_spec/qusal-sys-audio.spec create mode 100644 rpm_spec/qusal-sys-bitcoin.spec create mode 100644 rpm_spec/qusal-sys-cacher.spec create mode 100644 rpm_spec/qusal-sys-electrs.spec create mode 100644 rpm_spec/qusal-sys-electrumx.spec create mode 100644 rpm_spec/qusal-sys-firewall.spec create mode 100644 rpm_spec/qusal-sys-git.spec create mode 100644 rpm_spec/qusal-sys-mirage-firewall.spec create mode 100644 rpm_spec/qusal-sys-net.spec create mode 100644 rpm_spec/qusal-sys-pgp.spec create mode 100644 rpm_spec/qusal-sys-pihole.spec create mode 100644 rpm_spec/qusal-sys-print.spec create mode 100644 rpm_spec/qusal-sys-rsync.spec create mode 100644 rpm_spec/qusal-sys-ssh-agent.spec create mode 100644 rpm_spec/qusal-sys-ssh.spec create mode 100644 rpm_spec/qusal-sys-syncthing.spec create mode 100644 rpm_spec/qusal-sys-usb.spec create mode 100644 rpm_spec/qusal-sys-wireguard.spec create mode 100644 rpm_spec/qusal-terraform.spec create mode 100644 rpm_spec/qusal-usb.spec create mode 100644 rpm_spec/qusal-utils.spec create mode 100644 rpm_spec/qusal-vault.spec create mode 100644 rpm_spec/qusal-video-companion.spec create mode 100644 rpm_spec/qusal-whonix-gateway.spec create mode 100644 rpm_spec/qusal-whonix-workstation.spec rename version => salt/ansible/version (100%) create mode 100644 salt/browser/version create mode 100644 salt/debian-minimal/version create mode 100644 salt/debian-xfce/version create mode 100644 salt/debian/version create mode 100644 salt/dev/version create mode 100644 salt/docker/version create mode 100644 salt/dom0/version create mode 100644 salt/electrum/version create mode 100644 salt/element/version create mode 100644 salt/fedora-minimal/version create mode 100644 salt/fedora-xfce/version create mode 100644 salt/fedora/version create mode 100644 salt/fetcher/version create mode 100644 salt/kicksecure-minimal/version create mode 100644 salt/mail/version create mode 100644 salt/media/version create mode 100644 salt/mgmt/version create mode 100644 salt/mirage-builder/version create mode 100644 salt/opentofu/version create mode 100644 salt/qubes-builder/version create mode 100644 salt/reader/version create mode 100644 salt/remmina/version create mode 100644 salt/signal/version create mode 100644 salt/ssh/version create mode 100644 salt/sys-audio/version create mode 100644 salt/sys-bitcoin/version create mode 100644 salt/sys-cacher/version create mode 100644 salt/sys-electrs/version create mode 100644 salt/sys-electrumx/version create mode 100644 salt/sys-firewall/version create mode 100644 salt/sys-git/version create mode 100644 salt/sys-mirage-firewall/version create mode 100644 salt/sys-net/version create mode 100644 salt/sys-pgp/version create mode 100644 salt/sys-pihole/version create mode 100644 salt/sys-print/version create mode 100644 salt/sys-rsync/version create mode 100644 salt/sys-ssh-agent/version create mode 100644 salt/sys-ssh/version create mode 100644 salt/sys-syncthing/version create mode 100644 salt/sys-usb/version create mode 100644 salt/sys-wireguard/version create mode 100644 salt/terraform/version create mode 100644 salt/usb/version create mode 100644 salt/utils/version create mode 100644 salt/vault/version create mode 100644 salt/video-companion/version create mode 100644 salt/whonix-gateway/version create mode 100644 salt/whonix-workstation/version diff --git a/.gitignore b/.gitignore index 28e7413..3734389 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,3 @@ # SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. # # SPDX-License-Identifier: MIT - -rpm_spec/*.spec diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d44d954..eeca6c7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -50,3 +50,12 @@ repos: entry: scripts/qubesbuilder-gen.sh test language: script description: Check if .qubesbuilder is up to date + +# TODO: generate temporary spec and compare against staged one. +# - id: spec-gen +# name: spec-gen +# language: script +# entry: scripts/spec-gen.sh test +# args: [test] +# # pass_filenames: true +# description: Check if RPM SPEC files are up to date diff --git a/.reuse/dep5 b/.reuse/dep5 index 104b1be..e1c4096 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -7,7 +7,7 @@ Files: README.md */README.md docs/* .github/ISSUE_TEMPLATE/* Copyright: 2023 - 2024 Benjamin Grande M. S. License: CC-BY-SA-4.0 -Files: version +Files: salt/*/version Copyright: 2023 - 2024 Benjamin Grande M. S. License: CC0-1.0 diff --git a/rpm_spec/qusal-ansible.spec b/rpm_spec/qusal-ansible.spec new file mode 100644 index 0000000..4316f47 --- /dev/null +++ b/rpm_spec/qusal-ansible.spec @@ -0,0 +1,129 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-ansible +Version: 0.0.1 +Release: 1%{?dist} +Summary: Ansible environment in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-ssh +Requires: qusal-utils + + +%description +Install Ansible and use it on the "ansible" app qube. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply ansible.create + qubesctl --skip-dom0 --targets=tpl-ansible state.apply ansible.install + qubesctl --skip-dom0 --targets=ansible state.apply ansible.configure,zsh.touch-zshrc + qubesctl --skip-dom0 --targets=ansible-minion state.apply ansible.configure-minion,zsh.touch-zshrc +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Thu Jun 13 2024 Ben Grande - a564b3a +- feat: add TCP proxy for remote hosts + +* Wed May 29 2024 Ben Grande - df698b4 +- fix: bump Ansible repository codename + +* Wed May 29 2024 Ben Grande - 8accc47 +- fix: remove old deb repository list format + +* Thu May 16 2024 Ben Grande - b2c9479 +- fix: enforce https on repository installation + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Tue Dec 19 2023 Ben Grande - b4d142b +- refactor: move appended states to drop-in rc.local + +* Mon Nov 20 2023 Ben Grande - 5e3c790 +- fix: mode ansible linter to correct project + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-browser.spec b/rpm_spec/qusal-browser.spec new file mode 100644 index 0000000..4b7bc85 --- /dev/null +++ b/rpm_spec/qusal-browser.spec @@ -0,0 +1,161 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-browser +Version: 0.0.1 +Release: 1%{?dist} +Summary: Browser environment in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dotfiles +Requires: qusal-sys-audio +Requires: qusal-sys-usb +Requires: qusal-utils + + +%description +Create environment for browsing. By default it creates a disposable template +called "dvm-browser", so when clicking the icon/launcher, it opens a +disposable qube. If you want to save your session, you can also clone the +template and create app qubes. + +Default browser to install is Chromium, but you can choose to install Chrome, +Firefox-ESR, W3M or Lynx. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply browser.create + qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install + qubesctl --skip-dom0 --targets=dvm-browser state.apply browser.configure + qubesctl state.apply browser.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Sun Jun 16 2024 Ben Grande - faa00fb +- doc: update table of contents + +* Sun Jun 09 2024 Ben Grande - 899f7e4 +- fix: add Fedora 40 Firefox desktop file to appmenu + +* Wed May 29 2024 Ben Grande - 8accc47 +- fix: remove old deb repository list format + +* Fri May 24 2024 Ben Grande - cbf61e6 +- feat: add Firefox browser from Mozilla repository + +* Thu May 16 2024 Ben Grande - b2c9479 +- fix: enforce https on repository installation + +* Thu May 16 2024 Ben Grande - d4c3fb1 +- feat: add terraform and chrome fedora repositories + +* Wed May 15 2024 Ben Grande - 3adc241 +- fix: renew keys and delete expired ones + +* Tue May 14 2024 Ben Grande - d148599 +- doc: nested list indentation + +* Mon Mar 25 2024 Ben Grande - fb7db5d +- fix: browser requires a state and not a package + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Wed Jan 31 2024 Ben Grande - b5d7371 +- fix: thunar requires xfce helpers to find terminal + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Tue Jan 09 2024 Ben Grande - a3829e4 +- feat: policy support for multiple sys-usb qubes + +* Sun Dec 31 2023 Ben Grande - 81f8c56 +- fix: install missing packages to audio client + +* Wed Dec 27 2023 Ben Grande - a617c3d +- fix: modify package names to match Qubes 4.2 + +* Tue Dec 26 2023 Ben Grande - 06393fc +- fix: browser cli install tool switches to fetcher + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-debian-minimal.spec b/rpm_spec/qusal-debian-minimal.spec new file mode 100644 index 0000000..d02f6f9 --- /dev/null +++ b/rpm_spec/qusal-debian-minimal.spec @@ -0,0 +1,120 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-debian-minimal +Version: 0.0.1 +Release: 1%{?dist} +Summary: Debian Minimal Template in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-dotfiles +Requires: qusal-utils + + +%description +Creates the Debian Minimal template as well as a Disposable Template based on +it. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply debian-minimal.create + qubesctl --skip-dom0 --targets=debian-12-minimal state.apply debian-minimal.install +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Wed Jan 10 2024 Ben Grande - 040594a +- fix: do not remove created dvm + +* Thu Jan 04 2024 Ben Grande - 8a8252d +- fix: changes default template flavor to Xfce + +* Tue Dec 19 2023 Ben Grande - b0626bd +- fix: template name must specify version + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-debian-xfce.spec b/rpm_spec/qusal-debian-xfce.spec new file mode 100644 index 0000000..28759ba --- /dev/null +++ b/rpm_spec/qusal-debian-xfce.spec @@ -0,0 +1,111 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-debian-xfce +Version: 0.0.1 +Release: 1%{?dist} +Summary: Debian Xfce Template in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-utils + + +%description +Creates the Debian Xfce Template as well as a Disposable Template based on it. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply debian-xfce.create + qubesctl --skip-dom0 --targets=debian-12-xfce state.apply debian-xfce.install +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed Jun 12 2024 Ben Grande - fc22726 +- feat: build and sign RPM packages + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Fri Jan 12 2024 Ben Grande - 5502103 +- fix: separate template formula per flavor diff --git a/rpm_spec/qusal-debian.spec b/rpm_spec/qusal-debian.spec new file mode 100644 index 0000000..f564b84 --- /dev/null +++ b/rpm_spec/qusal-debian.spec @@ -0,0 +1,120 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-debian +Version: 0.0.1 +Release: 1%{?dist} +Summary: Debian Template in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-utils + + +%description +Creates the Debian template as well as a Disposable Template based on it. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply debian.create + qubesctl --skip-dom0 --targets=debian-12 state.apply debian.install +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Fri Jan 12 2024 Ben Grande - 5502103 +- fix: separate template formula per flavor + +* Wed Jan 10 2024 Ben Grande - 040594a +- fix: do not remove created dvm + +* Thu Jan 04 2024 Ben Grande - 8a8252d +- fix: changes default template flavor to Xfce + +* Tue Dec 19 2023 Ben Grande - b0626bd +- fix: template name must specify version + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-dev.spec b/rpm_spec/qusal-dev.spec new file mode 100644 index 0000000..a942544 --- /dev/null +++ b/rpm_spec/qusal-dev.spec @@ -0,0 +1,141 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-dev +Version: 0.0.1 +Release: 1%{?dist} +Summary: Development environment in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dotfiles +Requires: qusal-sys-git +Requires: qusal-sys-pgp +Requires: qusal-sys-ssh-agent +Requires: qusal-utils + + +%description +Setup a development qube named "dev". Defines the user interactive shell, +installing goodies, applying dotfiles, being client of sys-pgp, sys-git and +sys-ssh-agent. The qube has netvm but can reach remote servers if the policy +allows. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply dev.create + qubesctl --skip-dom0 --targets=tpl-dev state.apply dev.install + qubesctl --skip-dom0 --targets=dvm-dev state.apply dev.configure-dvm + qubesctl --skip-dom0 --targets=dev state.apply dev.configure +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Mon Jun 17 2024 Ben Grande - 534db96 +- doc: qusal proxy service requires configuration + +* Fri Jun 14 2024 Ben Grande - afcb730 +- doc: document usage of qusal TCP proxy + +* Thu Jun 13 2024 Ben Grande - a564b3a +- feat: add TCP proxy for remote hosts + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Sat Feb 17 2024 Ben Grande - dbed18d +- feat: Bitcoin Core and Electrum servers and wallet + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Fri Jan 26 2024 Ben Grande - a04960c +- feat: initial split-mail setup + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Wed Dec 20 2023 Ben Grande - dbaa386 +- chore: inline dev install documentation + +* Mon Dec 18 2023 Ben Grande - 9fc2c03 +- doc: top method must not skip dom0 + +* Mon Nov 20 2023 Ben Grande - 5e3c790 +- fix: mode ansible linter to correct project + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-docker.spec b/rpm_spec/qusal-docker.spec new file mode 100644 index 0000000..d8df2d2 --- /dev/null +++ b/rpm_spec/qusal-docker.spec @@ -0,0 +1,118 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-docker +Version: 0.0.1 +Release: 1%{?dist} +Summary: Docker installation in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-docker +Requires: qusal-utils + + +%description +Setup docker in Qubes OS with the Docker repository. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl --skip-dom0 --targets=tpl-qubes-builder state.apply docker.install + qubesctl --skip-dom0 --targets=qubes-builder state.apply docker.configure +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed May 29 2024 Ben Grande - 8accc47 +- fix: remove old deb repository list format + +* Thu May 16 2024 Ben Grande - b2c9479 +- fix: enforce https on repository installation + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Fri Jan 05 2024 Ben Grande - c109404 +- fix: add user to mock group + +* Tue Dec 19 2023 Ben Grande - b4d142b +- refactor: move appended states to drop-in rc.local + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-dom0.spec b/rpm_spec/qusal-dom0.spec new file mode 100644 index 0000000..1df16b1 --- /dev/null +++ b/rpm_spec/qusal-dom0.spec @@ -0,0 +1,195 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-dom0 +Version: 0.0.1 +Release: 1%{?dist} +Summary: Dom0 environment in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later AND GPL-2.0-only AND GPL-3.0-or-later AND MIT +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dotfiles +Requires: qusal-sys-git +Requires: qusal-utils + + +%description +Configure Dom0 window manager, install packages, backup scripts and profile +etc. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply dom0 + qubesctl --skip-dom0 --templates --standalones state.apply update.qubes-vm +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Tue Jun 18 2024 Ben Grande - 8d5c1c9 +- chore: typo in date command + +* Sun Jun 09 2024 Ben Grande - fcf7fe9 +- fix: guarantee a fully updated system on bootstrap + +* Sat Jun 08 2024 Ben Grande - 1003d62 +- fix: KDE with outdated require id + +* Fri Jun 07 2024 Ben Grande - efc3984 +- feat: allow terminal and file manager choice + +* Tue Jun 04 2024 Ben Grande - 34d5d36 +- feat: add state for desktop i3 and AwesomeWM + +* Fri May 24 2024 Ben Grande - efcf8c7 +- fix: unify screenshot tool existence logic + +* Fri May 24 2024 Ben Grande - 444672e +- fix: prefer maim for screenshot + +* Tue May 14 2024 Ben Grande - d148599 +- doc: nested list indentation + +* Wed May 01 2024 Ben Grande - 18204da +- fix: import jinja template to dom0 kde state + +* Tue Apr 30 2024 Ben Grande - 5722a25 +- fix: discover non-root username at runtime + +* Fri Mar 22 2024 Ben Grande - 81bf77c +- fix: missing load import + +* Wed Mar 20 2024 Ben Grande - 004cb73 +- fix: restrict supported screenshot tools + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Mon Mar 18 2024 Ben Grande - fc2af9b +- fix: remove colors from output of backup file + +* Fri Mar 15 2024 Ben Grande - 425748a +- fix: install screenshot dependencies + +* Wed Mar 13 2024 Ben Grande - 134a26a +- feat: add screenshot helper + +* Mon Feb 26 2024 Ben Grande - e7a7649 +- fix: remove dom0 port forwarding default install + +* Sat Feb 24 2024 Ben Grande - f3953eb +- fix: convert backup profile to example type + +* Fri Feb 23 2024 Ben Grande - 766a430 +- fix: typo in file name + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Fri Feb 23 2024 Ben Grande - f513f64 +- feat: better dom0 terminal usability + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Mon Jan 29 2024 Ben Grande - b01f2d2 +- chore: move port forward to dom0 formula + +* Thu Jan 18 2024 Ben Grande - 0887c24 +- fix: remove unicode from used files + +* Thu Jan 18 2024 Ben Grande - 23bcceb +- fix: dom0 as sys-git client + +* Tue Jan 02 2024 Ben Grande - b86486a +- feat: qubes-vm-update global settings + +* Sun Dec 31 2023 Ben Grande - ec9142b +- fix: pci regain with invalid syntax + +* Wed Dec 27 2023 Ben Grande - 250c877 +- fix: regain pci script not managed + +* Wed Dec 20 2023 Ben Grande - c2f2584 +- feat: provide development environment for dom0 + +* Tue Dec 19 2023 Ben Grande - b4b7f27 +- fix: qubes-update superseded by qubes-vm-update + +* Tue Dec 19 2023 Ben Grande - bcc8165 +- fix: salt syntax with missing characters + +* Mon Nov 13 2023 Ben Grande - 963e72c +- chore: Fix unman copyright contact + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-dotfiles.spec b/rpm_spec/qusal-dotfiles.spec new file mode 100644 index 0000000..d5aa4e9 --- /dev/null +++ b/rpm_spec/qusal-dotfiles.spec @@ -0,0 +1,191 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-dotfiles +Version: 0.0.1 +Release: 1%{?dist} +Summary: Ben Grande's Dotfiles + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later AND BSD-2-Clause AND CC-BY-SA-3.0 AND CC-BY-SA-4.0 AND GFDL-1.3-or-later AND GPL-2.0-only AND GPL-3.0-only AND GPL-3.0-or-later AND MIT AND Vim +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 + + +%description +Configuration and scripts targeting: + +- Usability: + - Vi keybindings for application movement + - Emacs keybindings for command-line editing + - XDG Specification to not clutter $HOME +- Portability: + - POSIX compliant code + - Drop-in configuration files + - Tested in Qubes OS Dom0, Debian, Fedora, OpenBSD +- Tasks: + - GUI: x11, gtk + - SCM: git, tig, git-shell + - Keys: gpg, ssh + - Networking: curl, urlview, wget, w3m + - Productivity: tmux, vim + - Shell: sh, bash, zsh, less, dircolors + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + true +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Thu Jun 20 2024 Ben Grande - 0e2bb5b +- fix: update dotfiles module + +* Mon Jun 17 2024 Ben Grande - b5ae221 +- fix: update dotfiles module + +* Mon Jun 17 2024 Ben Grande - 1a72665 +- feat: add split-gpg2 configuration + +* Fri Jun 14 2024 Ben Grande - fcad8cb +- feat: update dotfiles module + +* Tue Jun 04 2024 Ben Grande - a4848e1 +- fix: update dotfiles module + +* Tue May 14 2024 Ben Grande - d148599 +- doc: nested list indentation + +* Tue Apr 30 2024 Ben Grande - 5722a25 +- fix: discover non-root username at runtime + +* Tue Apr 23 2024 Ben Grande - 69745df +- fix: update dotfiles module + +* Tue Mar 19 2024 Ben Grande - 4097af2 +- fix: update dotfiles module + +* Thu Mar 14 2024 Ben Grande - 8a0c004 +- fix: update dotfiles module + +* Mon Mar 11 2024 Ben Grande - 49fb733 +- fix: update dotfiles module + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Fri Feb 23 2024 Ben Grande - f513f64 +- feat: better dom0 terminal usability + +* Sun Feb 18 2024 Ben Grande - f735474 +- fix: update dotfiles module + +* Sun Feb 18 2024 Ben Grande - a91f488 +- fix: update dotfiles module + +* Sun Feb 04 2024 Ben Grande - f27db69 +- fix: update dotfiles module + +* Wed Jan 31 2024 Ben Grande - b5d7371 +- fix: thunar requires xfce helpers to find terminal + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Fri Jan 26 2024 Ben Grande - a04960c +- feat: initial split-mail setup + +* Sun Jan 21 2024 Ben Grande - d75a59f +- fix: update dotfiles module + +* Thu Jan 18 2024 Ben Grande - 0dd627b +- fix: update dotfiles module + +* Fri Jan 12 2024 Ben Grande - 6828e83 +- fix: update dotfiles module + +* Thu Dec 28 2023 Ben Grande - bd54499 +- fix: update dotfiles module + +* Wed Dec 27 2023 Ben Grande - 652b4f0 +- fix: update dotfiles module + +* Thu Dec 21 2023 Ben Grande - a27493c +- fix: update dotfiles module + +* Tue Nov 21 2023 Ben Grande - 20115a2 +- fix: udpate dotfiles module + +* Mon Nov 20 2023 Ben Grande - 83c17c4 +- fix: update dotfiles module + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-electrum.spec b/rpm_spec/qusal-electrum.spec new file mode 100644 index 0000000..9e8daac --- /dev/null +++ b/rpm_spec/qusal-electrum.spec @@ -0,0 +1,142 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-electrum +Version: 0.0.1 +Release: 1%{?dist} +Summary: Electrum Bitcoin Wallet in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-dotfiles +Requires: qusal-sys-bitcoin +Requires: qusal-sys-pgp +Requires: qusal-utils +Requires: qusal-whonix-workstation + + +%description +Setup multiple lightweights Electrum Bitcoin Wallets, one offline qube named +"electrum" and one online qube based on Whonix-Workstation named +"electrum-hot". + +You can use either wallet or both together depending on your setup. Use the +"electrum" to sign transactions and the "electrum-hot" to broadcast them. + +By default, the installation verify and fetch the tarball from upstream +sources, avoiding using outdated distribution package versions that lack +important security fixes. The fetching will occur over Tor and on a disposable +qube "disp-electrum-builder", which will then upload the files to the template +"tpl-electrum". The installation on a disposable helps separate the wallet +usage from ever connecting to the internet. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply electrum.create + qubesctl --skip-dom0 --targets=tpl-electrum-builder state.apply electrum.install-builder + qubesctl --skip-dom0 --targets=tpl-electrum state.apply electrum.install + qubesctl --skip-dom0 --targets=disp-electrum-builder state.apply electrum.configure-builder + qubesctl --skip-dom0 --targets=electrum state.apply electrum.configure + qubesctl --skip-dom0 --targets=electrum-hot state.apply electrum.configure-hot + qubesctl state.apply electrum.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Tue Jun 04 2024 Ben Grande - 6e85416 +- feat: add disposable qubes to bitcoin clients + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Sun Feb 18 2024 Ben Grande - 7d6e2bf +- fix: less menu items for bitcoin qubes + +* Sun Feb 18 2024 Ben Grande - 2409d8a +- fix: better electrum GUI resolution and tabs + +* Sun Feb 18 2024 Ben Grande - 3ef02df +- fix: electrum install zbar and protobuf + +* Sat Feb 17 2024 Ben Grande - 275178f +- fix: add missing dependency for qvm-connect-tcp + +* Sat Feb 17 2024 Ben Grande - dbed18d +- feat: Bitcoin Core and Electrum servers and wallet + +* Wed Jan 31 2024 Ben Grande - 174af08 +- feat: electrum bitcoin wallet diff --git a/rpm_spec/qusal-element.spec b/rpm_spec/qusal-element.spec new file mode 100644 index 0000000..6a432ac --- /dev/null +++ b/rpm_spec/qusal-element.spec @@ -0,0 +1,102 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-element +Version: 0.0.1 +Release: 1%{?dist} +Summary: Element Matrix client installation in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-sys-audio +Requires: qusal-utils + + +%description +Install Element and use it on the "element" app qube to connect to your +Matrix account. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply element.create + qubesctl --skip-dom0 --targets=tpl-element state.apply element.install + qubesctl state.apply element.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed May 29 2024 Ben Grande - 8accc47 +- fix: remove old deb repository list format + +* Tue May 28 2024 Ben Grande - 26a35b8 +- feat: add Element formula diff --git a/rpm_spec/qusal-fedora-minimal.spec b/rpm_spec/qusal-fedora-minimal.spec new file mode 100644 index 0000000..5ff994c --- /dev/null +++ b/rpm_spec/qusal-fedora-minimal.spec @@ -0,0 +1,130 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-fedora-minimal +Version: 0.0.1 +Release: 1%{?dist} +Summary: Fedora Minimal Template in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dotfiles +Requires: qusal-fedora +Requires: qusal-utils + + +%description +Creates the Fedora Minimal template as well as a Disposable Template based on +it. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply fedora-minimal.create + qubesctl --skip-dom0 --targets=fedora-40-minimal state.apply fedora-minimal.install + qubesctl state.apply fedora-minimal.prefs +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed Jun 12 2024 Ben Grande - 6e7774a +- feat: bump Fedora version + +* Sat Mar 23 2024 Ben Grande - cf88ad1 +- fix: install salt depends in fedora-39-minimal + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Fri Feb 16 2024 Ben Grande - e6fb72c +- feat: update template to fedora-39 + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Wed Jan 10 2024 Ben Grande - 040594a +- fix: do not remove created dvm + +* Thu Jan 04 2024 Ben Grande - 8a8252d +- fix: changes default template flavor to Xfce + +* Tue Dec 19 2023 Ben Grande - b0626bd +- fix: template name must specify version + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-fedora-xfce.spec b/rpm_spec/qusal-fedora-xfce.spec new file mode 100644 index 0000000..5cd39d4 --- /dev/null +++ b/rpm_spec/qusal-fedora-xfce.spec @@ -0,0 +1,117 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-fedora-xfce +Version: 0.0.1 +Release: 1%{?dist} +Summary: Fedora Xfce Template in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-utils + + +%description +Creates the Fedora Xfce template as well as a Disposable Template based on it. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply fedora-xfce.create + qubesctl --skip-dom0 --targets=fedora-40-xfce state.apply fedora-xfce.install +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed Jun 12 2024 Ben Grande - 6e7774a +- feat: bump Fedora version + +* Wed Jun 12 2024 Ben Grande - fc22726 +- feat: build and sign RPM packages + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Fri Feb 16 2024 Ben Grande - e6fb72c +- feat: update template to fedora-39 + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Fri Jan 12 2024 Ben Grande - 5502103 +- fix: separate template formula per flavor diff --git a/rpm_spec/qusal-fedora.spec b/rpm_spec/qusal-fedora.spec new file mode 100644 index 0000000..388a520 --- /dev/null +++ b/rpm_spec/qusal-fedora.spec @@ -0,0 +1,126 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-fedora +Version: 0.0.1 +Release: 1%{?dist} +Summary: Fedora Template in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-utils + + +%description +Creates the Fedora template as well as a Disposable Template based on it. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply fedora.create + qubesctl --skip-dom0 --targets=fedora-40 state.apply fedora.install +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed Jun 12 2024 Ben Grande - 6e7774a +- feat: bump Fedora version + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Fri Feb 16 2024 Ben Grande - e6fb72c +- feat: update template to fedora-39 + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Fri Jan 12 2024 Ben Grande - 5502103 +- fix: separate template formula per flavor + +* Wed Jan 10 2024 Ben Grande - 040594a +- fix: do not remove created dvm + +* Thu Jan 04 2024 Ben Grande - 8a8252d +- fix: changes default template flavor to Xfce + +* Tue Dec 19 2023 Ben Grande - b0626bd +- fix: template name must specify version + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-fetcher.spec b/rpm_spec/qusal-fetcher.spec new file mode 100644 index 0000000..33a8a35 --- /dev/null +++ b/rpm_spec/qusal-fetcher.spec @@ -0,0 +1,128 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-fetcher +Version: 0.0.1 +Release: 1%{?dist} +Summary: Fetch publicly accessible files over the internet in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-dotfiles +Requires: qusal-sys-pgp +Requires: qusal-utils + + +%description +A Template for DispVMs will be created and named "dvm-fetcher", from this qube +you will create others that can connect to the internet to download files. You +will be able to download from many protocol as long as the installed tools +accepts them. + +Supported protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, + IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, + SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS, WSS, RSYNC, BitTorrent. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply fetcher.create + qubesctl --skip-dom0 --targets=tpl-fetcher state.apply fetcher.install + qubesctl --skip-dom0 --targets=dvm-fetcher state.apply fetcher.configure-dvm +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Thu Jun 13 2024 Ben Grande - 7a70535 +- fix: Fedora 40 only has wget2 + +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Tue Jan 30 2024 Ben Grande - c08b39d +- feat: add torrent client to fetcher + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Mon Dec 18 2023 Ben Grande - f16bfdd +- feat: fetcher diff --git a/rpm_spec/qusal-kicksecure-minimal.spec b/rpm_spec/qusal-kicksecure-minimal.spec new file mode 100644 index 0000000..2c05089 --- /dev/null +++ b/rpm_spec/qusal-kicksecure-minimal.spec @@ -0,0 +1,133 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-kicksecure-minimal +Version: 0.0.1 +Release: 1%{?dist} +Summary: Kicksecure Minimal Template in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-kicksecure-minimal +Requires: qusal-sys-cacher +Requires: qusal-utils + + +%description +Creates the Kicksecure Minimal template as well as a Disposable Template based +on it. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply kicksecure-minimal.create + qubesctl --skip-dom0 --targets=kicksecure-17-minimal state.apply kicksecure-minimal.install + qubesctl state.apply kicksecure-minimal.prefs +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Sun Jun 16 2024 Ben Grande - faa00fb +- doc: update table of contents + +* Thu May 16 2024 Ben Grande - b2c9479 +- fix: enforce https on repository installation + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Sat Feb 03 2024 Ben Grande - 56ecc25 +- fix: vm kernel only applies to developers + +* Fri Feb 02 2024 Ben Grande - 76c9cd0 +- fix: move custom kicksecure settings to dev state + +* Thu Feb 01 2024 Ben Grande - 4596198 +- fix: less intrusive kicksecure default install + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Fri Jan 26 2024 Ben Grande - a04960c +- feat: initial split-mail setup + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Sun Jan 14 2024 Ben Grande - ff4773b +- doc: kicksecure missing minimal flavor + +* Fri Jan 12 2024 Ben Grande - a97e3c0 +- feat: kicksecure minimal template diff --git a/rpm_spec/qusal-mail.spec b/rpm_spec/qusal-mail.spec new file mode 100644 index 0000000..8489c10 --- /dev/null +++ b/rpm_spec/qusal-mail.spec @@ -0,0 +1,138 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-mail +Version: 0.0.1 +Release: 1%{?dist} +Summary: Mail operations in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dotfiles +Requires: qusal-sys-pgp +Requires: qusal-utils + + +%description +Create a mail fetcher qube named "mail-fetcher", a mail reader qube names +"mail-reader" and a mail sender qube named "mail-sender". + +The online "mail-fetcher" qube will fetch messages with POP3. After being +fetched, you can copy them to the offline "mail-reader" qube, where you will +be reading emails. After composing a message, the "mail-reader" qube will +save the messages to a queue, which can be forwarded to the online +"mail-sender" qube. You can review messages to be sent from the "mail-sender" +qube and them send them via SMTP. + +By default, the protocols used required SSL, POP3 on port 995, IMAP on port +995 and SMTP on port 587. You can always override any configuration via +included files. + +This formula is based on Unman's SplitMutt guide, using POP3 and/or IMAP to +get mail, not considering SSH access to the mail server. We are using +qfile-agent and not Rsync to synchronize mails between qubes to avoid a higher +attack surface, but Rsync may be considered in the future in case qfile-agent +causes problems. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply mail.create + qubesctl --skip-dom0 --targets=tpl-reader state.apply reader.install + qubesctl --skip-dom0 --targets=tpl-mail-fetcher state.apply mail.install-fetcher + qubesctl --skip-dom0 --targets=tpl-mail-reader state.apply mail.install-reader + qubesctl --skip-dom0 --targets=tpl-mail-sender state.apply mail.install-sender + qubesctl --skip-dom0 --targets=dvm-mail-fetcher state.apply mail.configure-fetcher + qubesctl --skip-dom0 --targets=mail-reader state.apply mail.configure-reader + qubesctl --skip-dom0 --targets=dvm-mail-sender state.apply mail.configure-sender + qubesctl state.apply mail.appmenus,reader.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Tue May 14 2024 Ben Grande - d148599 +- doc: nested list indentation + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 27 2024 Ben Grande - dab2979 +- fix: mail qrexec policy missing disp in name + +* Fri Jan 26 2024 Ben Grande - a04960c +- feat: initial split-mail setup diff --git a/rpm_spec/qusal-media.spec b/rpm_spec/qusal-media.spec new file mode 100644 index 0000000..d928b7a --- /dev/null +++ b/rpm_spec/qusal-media.spec @@ -0,0 +1,130 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-media +Version: 0.0.1 +Release: 1%{?dist} +Summary: Media opener through disposables in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later AND CC0-1.0 +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-browser +Requires: qusal-sys-audio +Requires: qusal-utils + + +%description +Creates the offline "media" qube for storing multimedia files and open the +files in a named disposable "disp-media" via MIME configuration. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply media.create + qubesctl --skip-dom0 --targets=tpl-media state.apply media.install + qubesctl --skip-dom0 --targets=media state.apply media.configure +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - d984da5 +- feat: enhance mpv performance + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Thu Feb 22 2024 Ben Grande - 858aba8 +- doc: inform how to get a better mpv performance + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Fri Jan 26 2024 Ben Grande - aec644b +- feat: add qubes img and pdf converter media qubes + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Sun Dec 31 2023 Ben Grande - 81f8c56 +- fix: install missing packages to audio client + +* Wed Dec 27 2023 Ben Grande - a617c3d +- fix: modify package names to match Qubes 4.2 + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-mgmt.spec b/rpm_spec/qusal-mgmt.spec new file mode 100644 index 0000000..9e38aae --- /dev/null +++ b/rpm_spec/qusal-mgmt.spec @@ -0,0 +1,128 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-mgmt +Version: 0.0.1 +Release: 1%{?dist} +Summary: Management environment in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-fedora +Requires: qusal-fedora-minimal +Requires: qusal-utils + + +%description +A Template for DispVMs will be created and named "dvm-mgmt" and become the +global "management_dispvm". It will be used when opening a disposable console +of a qube or for Salt Management on DomUs. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply mgmt.create + qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install + qubesctl state.apply mgmt.prefs +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Mon Jun 10 2024 Ben Grande - ffe03ba +- fix: set global prefs for management_dispvm + +* Sat Mar 23 2024 Ben Grande - cf88ad1 +- fix: install salt depends in fedora-39-minimal + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Sun Mar 10 2024 Ben Grande - 3dca623 +- fix: change mgmt template to fedora + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Fri Jan 05 2024 Ben Grande - 417843b +- feat: remove extraneous passwordless root + +* Mon Dec 18 2023 Ben Grande - 9fc2c03 +- doc: top method must not skip dom0 + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-mirage-builder.spec b/rpm_spec/qusal-mirage-builder.spec new file mode 100644 index 0000000..18a723d --- /dev/null +++ b/rpm_spec/qusal-mirage-builder.spec @@ -0,0 +1,129 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-mirage-builder +Version: 0.0.1 +Release: 1%{?dist} +Summary: Mirage Builder environment in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-docker +Requires: qusal-dotfiles +Requires: qusal-sys-git +Requires: qusal-sys-pgp +Requires: qusal-sys-ssh-agent +Requires: qusal-utils + + +%description +Setup a builder qube for Mirage Unikernel named "mirage-builder". The tool +necessary to build Mirage with docker or directly with Opam will also be +installed. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply mirage-builder.create + qubesctl --skip-dom0 --targets=tpl-mirage-builder state.apply mirage-builder.install + qubesctl --skip-dom0 --targets=mirage-builder state.apply mirage-builder.configure +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Tue May 14 2024 Ben Grande - d148599 +- doc: nested list indentation + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Fri Jan 05 2024 Ben Grande - 417843b +- feat: remove extraneous passwordless root + +* Wed Jan 03 2024 Ben Grande - 6bb426a +- refactor: import armored gpg keys instead of db + +* Thu Dec 28 2023 Ben Grande - b52e4b1 +- fix: strict split-gpg2 service + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-opentofu.spec b/rpm_spec/qusal-opentofu.spec new file mode 100644 index 0000000..d7ce966 --- /dev/null +++ b/rpm_spec/qusal-opentofu.spec @@ -0,0 +1,110 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-opentofu +Version: 0.0.1 +Release: 1%{?dist} +Summary: OpenTofu installation in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-sys-ssh-agent +Requires: qusal-utils + + +%description +Installs OpenTofu and use it on the "opentofu" app qube. An open-source fork +of Terraform. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply opentofu.create + qubesctl --skip-dom0 --targets=tpl-opentofu state.apply opentofu.install +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed May 29 2024 Ben Grande - 8accc47 +- fix: remove old deb repository list format + +* Thu May 16 2024 Ben Grande - b2c9479 +- fix: enforce https on repository installation + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Feb 19 2024 Ben Grande - 89bd760 +- feat: add OpenTofu diff --git a/rpm_spec/qusal-qubes-builder.spec b/rpm_spec/qusal-qubes-builder.spec new file mode 100644 index 0000000..b95a8ac --- /dev/null +++ b/rpm_spec/qusal-qubes-builder.spec @@ -0,0 +1,181 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-qubes-builder +Version: 0.0.1 +Release: 1%{?dist} +Summary: Setup Qubes OS Builder V2 in Qubes OS itself + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later AND GPL-2.0-only +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-docker +Requires: qusal-dotfiles +Requires: qusal-fedora-minimal +Requires: qusal-sys-git +Requires: qusal-sys-pgp +Requires: qusal-sys-ssh-agent +Requires: qusal-utils + + +%description +Setup a Builder qube named "qubes-builder" and a disposable template for Qubes +Executor named "dvm-qubes-builder". It is possible to use any of the available +executors: docker, podman, qubes-executor. + +During installation, after cloning the qubes-builderv2 repository, signatures +will be verified and the installation will fail if the signatures couldn't be +verified. Packages necessary for split operations such as split-gpg2, spit-git +and split-ssh-agent will also be installed. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply qubes-builder.create + qubesctl --skip-dom0 --targets=tpl-qubes-builder state.apply qubes-builder.install + qubesctl state.apply qubes-builder.prefs + qubesctl --skip-dom0 --targets=dvm-qubes-builder state.apply qubes-builder.configure-qubes-executor + qubesctl --skip-dom0 --targets=qubes-builder state.apply qubes-builder.configure +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed Jun 19 2024 Ben Grande - 99fb138 +- fix: correct git repository name in policy + +* Mon Jun 17 2024 Ben Grande - 1a72665 +- feat: add split-gpg2 configuration + +* Fri Jun 14 2024 Ben Grande - ba5b481 +- fix: signature check breaks qubes-builder update + +* Thu Jun 13 2024 Ben Grande - 7a70535 +- fix: Fedora 40 only has wget2 + +* Wed Jun 12 2024 Ben Grande - 10200f6 +- fix: rpmmacros is unnecessary with split-gpg2 + +* Sat Mar 23 2024 Ben Grande - cf88ad1 +- fix: install salt depends in fedora-39-minimal + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Sun Feb 04 2024 Ben Grande - c35ec15 +- fix: create directories when necessary + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 97c644a +- fix: invert builder memory and vcpus + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Thu Jan 18 2024 Ben Grande - 0887c24 +- fix: remove unicode from used files + +* Mon Jan 08 2024 Ben Grande - f5894dc +- doc: cleaner usage sections for qubes-builder + +* Sun Jan 07 2024 Ben Grande - 42a9309 +- fix: rpc service copy to dvm + +* Fri Jan 05 2024 Ben Grande - a17f9f5 +- feat: unattended qubes-builder build + +* Fri Jan 05 2024 Ben Grande - c109404 +- fix: add user to mock group + +* Wed Jan 03 2024 Ben Grande - 6bb426a +- refactor: import armored gpg keys instead of db + +* Wed Jan 03 2024 Ben Grande - 0eecbcf +- fix: unconfined qfile-unpacker + +* Wed Jan 03 2024 Ben Grande - 0832859 +- fix: remove old split-gpg from qubes-builder + +* Thu Dec 28 2023 Ben Grande - f8953c6 +- doc: better usage of split-gpg2 in qubes-builder + +* Thu Dec 28 2023 Ben Grande - b52e4b1 +- fix: strict split-gpg2 service + +* Tue Dec 19 2023 Ben Grande - b4d142b +- refactor: move appended states to drop-in rc.local + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-reader.spec b/rpm_spec/qusal-reader.spec new file mode 100644 index 0000000..3a3fbcf --- /dev/null +++ b/rpm_spec/qusal-reader.spec @@ -0,0 +1,138 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-reader +Version: 0.0.1 +Release: 1%{?dist} +Summary: Reader environment as the default_dispvm in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dotfiles +Requires: qusal-utils + + +%description +Create a disposable template for reading documents and viewing images called +"dvm-reader". It is designated to be the "default_dispvm", because of this, +there is no "netvm", but if you assign one, you will get networking as the +necessary packages will be installed in the template. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply reader.create + qubesctl --skip-dom0 --targets=tpl-reader state.apply reader.install + qubesctl --skip-dom0 --targets=dvm-reader state.apply reader.configure + qubesctl state.apply reader.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Sun Jun 09 2024 Ben Grande - 899f7e4 +- fix: add Fedora 40 Firefox desktop file to appmenu + +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Wed Jan 31 2024 Ben Grande - b5d7371 +- fix: thunar requires xfce helpers to find terminal + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Fri Jan 26 2024 Ben Grande - aec644b +- feat: add qubes img and pdf converter media qubes + +* Tue Jan 23 2024 Ben Grande - 7ec20f1 +- fix: add file browser to reader + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Fri Jan 12 2024 Ben Grande - 23a569d +- fix: install less browser packages in reader + +* Wed Dec 20 2023 Ben Grande - 80aeb36 +- fix: sync reader appmenus + +* Mon Nov 13 2023 Ben Grande - 963e72c +- chore: Fix unman copyright contact + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-remmina.spec b/rpm_spec/qusal-remmina.spec new file mode 100644 index 0000000..7597db5 --- /dev/null +++ b/rpm_spec/qusal-remmina.spec @@ -0,0 +1,111 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-remmina +Version: 0.0.1 +Release: 1%{?dist} +Summary: Remmina Remote Desktop Client in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-utils + + +%description +Creates a disposable template named "dvm-remmina". From it, you can create +disposables for Remmina usage for SSH, VNC, SPICE, HTTP(S), X2Go and more. If +you prefer to use an app qube, a qube named "remmina" will also be created. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply remmina.create + qubesctl --skip-dom0 --targets=tpl-remmina state.apply remmina.install + qubesctl state.apply remmina.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-signal.spec b/rpm_spec/qusal-signal.spec new file mode 100644 index 0000000..e8c0293 --- /dev/null +++ b/rpm_spec/qusal-signal.spec @@ -0,0 +1,136 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-signal +Version: 0.0.1 +Release: 1%{?dist} +Summary: Signal messaging app in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dotfiles +Requires: qusal-sys-audio +Requires: qusal-utils + + +%description +Install Signal Desktop and creates an app qube named "signal". + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply signal.create + qubesctl --skip-dom0 --targets=tpl-signal state.apply signal.install + qubesctl --skip-dom0 --targets=signal state.apply signal.configure + qubesctl state.apply signal.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed Jun 19 2024 Ben Grande - bf0a4bc +- fix: terminate option parsing for qvm commands + +* Wed May 29 2024 Ben Grande - 8accc47 +- fix: remove old deb repository list format + +* Thu May 16 2024 Ben Grande - b2c9479 +- fix: enforce https on repository installation + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Wed Jan 31 2024 Ben Grande - b5d7371 +- fix: thunar requires xfce helpers to find terminal + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Tue Jan 02 2024 Ben Grande - d939d4a +- fix: signal state uses idempotent state + +* Sun Dec 31 2023 Ben Grande - 81f8c56 +- fix: install missing packages to audio client + +* Wed Dec 27 2023 Ben Grande - a617c3d +- fix: modify package names to match Qubes 4.2 + +* Thu Dec 21 2023 Ben Grande - ff34a8a +- fix: add missing appmenus sync + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-ssh.spec b/rpm_spec/qusal-ssh.spec new file mode 100644 index 0000000..9b5b573 --- /dev/null +++ b/rpm_spec/qusal-ssh.spec @@ -0,0 +1,128 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-ssh +Version: 0.0.1 +Release: 1%{?dist} +Summary: SSH remote login client in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-dotfiles +Requires: qusal-sys-ssh-agent +Requires: qusal-utils + + +%description +Setup SSH client AppVM ssh and a DispVM Template "dvm-ssh". +It's use is plain simple, SSH to servers, no extra configuration is required. +When saving the SSH configuration is necessary, use the ssh qube. If login +in as a one time connection or to an untrusted host use a DispVM based on +"dvm-ssh" for disposability. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply ssh.create + qubesctl --skip-dom0 --targets=tpl-ssh state.apply ssh.install + qubesctl --skip-dom0 --targets=dvm-ssh,ssh state.apply ssh.configure +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Thu Jun 13 2024 Ben Grande - a564b3a +- feat: add TCP proxy for remote hosts + +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sun Jan 21 2024 Ben Grande - 3e6ba8f +- fix: client install the ssh-agent client packages + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Wed Dec 20 2023 Ben Grande - 015019a +- fix: ssh top files missing list type matcher + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-sys-audio.spec b/rpm_spec/qusal-sys-audio.spec new file mode 100644 index 0000000..039726e --- /dev/null +++ b/rpm_spec/qusal-sys-audio.spec @@ -0,0 +1,159 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-audio +Version: 0.0.1 +Release: 1%{?dist} +Summary: Audio operations in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-sys-usb +Requires: qusal-utils + + +%description +Creates the named disposable "disp-sys-audio" qube for providing audio +operations such as microphone and speakers to and from qubes. By default, you +can use the builtin stereo, JACK and USB , but if you want, you can install +the necessary packages for bluetooth with the provided state. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-audio.create + qubesctl --skip-dom0 --targets=tpl-sys-audio state.apply sys-audio.install + qubesctl --skip-dom0 --targets=dvm-sys-audio state.apply sys-audio.configure-dvm +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Fri Jun 07 2024 Ben Grande - c7c85fb +- fix: more restrictive Qrexec audio policy + +* Tue Jun 04 2024 Ben Grande - 29601d8 +- doc: refer to video-companion for sys-usb webcam + +* Sat Mar 23 2024 Ben Grande - fcc155f +- feat: optional state to autostart AudioVM + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Wed Feb 28 2024 Ben Grande - ead4073 +- feat: allow disp-sys-usb to be an AudioVM + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Mon Jan 22 2024 Ben Grande - bd255af +- fix: cleanup audio home directory + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Fri Jan 19 2024 Ben Grande - 71dd9a5 +- doc: bluetooth system tray + +* Fri Jan 19 2024 Ben Grande - 4ef0d05 +- feat: seamless audio integration with bluetooth + +* Fri Jan 19 2024 Ben Grande - b95cc6d +- feat: pavucontrol in sys-audio + +* Wed Jan 17 2024 Ben Grande - 3faa523 +- feat: usb devices in sys-audio + +* Sun Jan 14 2024 Ben Grande - c3937e8 +- fix: disposable sys-audio name with disp prefix + +* Thu Jan 04 2024 Ben Grande - e167879 +- doc: sys-audio usage + +* Thu Jan 04 2024 Ben Grande - 767fc42 +- fix: allow to attach mic with sys-audio + +* Wed Jan 03 2024 Ben Grande - 2283b33 +- fix: sys-audio policy and autostart pacat daemon + +* Tue Jan 02 2024 Ben Grande - f32a14c +- fix: autostart volumeicon + +* Sun Dec 31 2023 Ben Grande - 81f8c56 +- fix: install missing packages to audio client + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-sys-bitcoin.spec b/rpm_spec/qusal-sys-bitcoin.spec new file mode 100644 index 0000000..5754230 --- /dev/null +++ b/rpm_spec/qusal-sys-bitcoin.spec @@ -0,0 +1,162 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-bitcoin +Version: 0.0.1 +Release: 1%{?dist} +Summary: Bitcoin Core in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-dotfiles +Requires: qusal-sys-git +Requires: qusal-utils +Requires: qusal-whonix-workstation + + +%description +Setup a Bitcoin Daemon full-node qube named "sys-bitcoin", where you will +index the Bitcoin blockchain. A second non-networked qube named "bitcoin" can +manage a wallet and sign transactions. + +By default, installation from upstream binaries will be used, but you can +choose to build from source if you prefer. Compiling from source will not have +the default configuration flags, but will be optimized to our use case. + +The download of the Bitcoin source code or binaries as well as the connections +to the Bitcoin P2P network will happen over the Tor network. + +If you already have a node on your network that has indexed the blockchain +already and has RPC enabled for remote clients, you can also connect to it, +preferably if it has transport encryption when connecting to the Bitcoin node +with an encrypted tunnel. + +A disposable qube "disp-bitcoin-builder" will be created, based on +Whonix-Workstation, it will server to install and verify Bitcoin Core. After +the verification succeeds, files are copied to the template "tpl-sys-bitcoin". +This method was chosen so the client can be always offline and the build +artifacts are built on a machine that is not running the daemon and thus can +be copied to the template with a higher degree of trust. + +At least `1TB` of disk space is required. At block `829054` (2024-02-05), +`642G` are used. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-bitcoin.create + qubesctl --skip-dom0 --targets=sys-bitcoin-gateway state.apply sys-bitcoin.configure-gateway + qubesctl --skip-dom0 --targets=tpl-sys-bitcoin state.apply sys-bitcoin.install + qubesctl --skip-dom0 --targets=disp-bitcoin-builder state.apply sys-bitcoin.configure-builder + qubesctl --skip-dom0 --targets=sys-bitcoin state.apply sys-bitcoin.configure + qubesctl --skip-dom0 --targets=bitcoin state.apply sys-bitcoin.configure-client + qubesctl state.apply sys-bitcoin.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Mon Jun 17 2024 Ben Grande - 43e1e32 +- feat: bump Bitcoin version + +* Mon Jun 17 2024 Ben Grande - 59e8fc3 +- fix: GUI Global Config precedes packaged policies + +* Tue Jun 04 2024 Ben Grande - 7873dd8 +- fix: remove undesired appmenus from builder qubes + +* Tue Jun 04 2024 Ben Grande - 6e85416 +- feat: add disposable qubes to bitcoin clients + +* Wed May 15 2024 Ben Grande - 3adc241 +- fix: renew keys and delete expired ones + +* Wed Apr 17 2024 Ben Grande - ec7f62f +- feat: bump Bitcoin version + +* Fri Apr 12 2024 Ben Grande - a8e9188 +- feat: bump Pi-Hole and Bitcoin version + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Thu Feb 22 2024 Ben Grande - 9a4790f +- doc: inform how to reduce bitcoind memory usage + +* Sun Feb 18 2024 Ben Grande - 7d6e2bf +- fix: less menu items for bitcoin qubes + +* Sat Feb 17 2024 Ben Grande - dbed18d +- feat: Bitcoin Core and Electrum servers and wallet diff --git a/rpm_spec/qusal-sys-cacher.spec b/rpm_spec/qusal-sys-cacher.spec new file mode 100644 index 0000000..7e26703 --- /dev/null +++ b/rpm_spec/qusal-sys-cacher.spec @@ -0,0 +1,266 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-cacher +Version: 0.0.1 +Release: 1%{?dist} +Summary: Caching proxy server for software repositories in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later AND GPL-2.0-only +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-browser +Requires: qusal-dotfiles +Requires: qusal-utils + + +%description +The caching proxy is "sys-cacher" based on apt-cacher-ng, it stores downloaded +packages, so that you need only download a package once and fetch locally the +next time you want to upgrade your system packages. + +When you install this package, qubes will be tagged with "updatevm-sys-cacher" +and they will be altered to use the proxy by default. When there is "https://" +in your repository definitions, the entries will be changed in the templates +from to "http://HTTPS///". This is so that the request to the proxy is plain +text, and the proxy will then make the request via https. + +This change will be done automatically for every template that exists and is +not Whonix based. No changes are made to Whonix templates, and updates to +those templates will not be cached. + +The caching proxy supports: + +- Debian and derivatives (but not Whonix) +- Fedora and derivatives +- Arch Linux and derivatives + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-cacher.create + qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install + qubesctl --skip-dom0 --targets=tpl-sys-cacher state.apply sys-cacher.install + qubesctl --skip-dom0 --targets=sys-cacher state.apply sys-cacher.configure + qubesctl --skip-dom0 --targets=sys-cacher-browser state.apply sys-cacher.configure-browser + qubesctl state.apply sys-cacher.appmenus,sys-cacher.tag + qubesctl --skip-dom0 --targets="$(qvm-ls --no-spinner --raw-list --tags updatevm-sys-cacher | tr " + " ",")" state.apply sys-cacher.install-client +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Mon Jun 17 2024 Ben Grande - 59e8fc3 +- fix: GUI Global Config precedes packaged policies + +* Thu Jun 13 2024 Ben Grande - 75d992b +- fix: use Admin API for fast queries + +* Thu Jun 13 2024 Ben Grande - 13c5793 +- fix: uninstall cacher client with tag in pillar + +* Mon Jun 10 2024 Ben Grande - c456af2 +- fix: remove duplicated Fedora mirrors + +* Mon Jun 10 2024 Ben Grande - 8ae815d +- fix: run repo rewriter after upstream proxy update + +* Mon Jun 10 2024 Ben Grande - b4de619 +- fix: update Debian and Fedora mirrors + +* Mon Jun 10 2024 Ben Grande - 2b181f8 +- fix: merge Qubes OS repositories + +* Sun Jun 09 2024 Ben Grande - d2771d5 +- fix: guarantee states order dependent on browser + +* Fri Jun 07 2024 Ben Grande - bb38440 +- feat: revive caching of Fedora qubes + +* Wed May 29 2024 Ben Grande - bb4dcbb +- fix: cacher: restrict install to supported clients + +* Wed May 29 2024 Ben Grande - 9cb7d72 +- fix: cacher: use systemd service drop-in directory + +* Wed May 29 2024 Ben Grande - a2e1972 +- fix: cache Mozilla and Element repository + +* Thu May 16 2024 Ben Grande - b2c9479 +- fix: enforce https on repository installation + +* Tue Apr 30 2024 Ben Grande - e84959b +- fix: update fedora mirror list with upstream + +* Tue Apr 30 2024 Ben Grande - 760fdd9 +- doc: cacher documentation duplicates sections + +* Mon Apr 29 2024 Ben Grande - bfd7b22 +- fix: incorrect path to repo rewriter service + +* Fri Apr 26 2024 Ben Grande - 234afc3 +- doc: update cacher table of contents + +* Fri Apr 26 2024 Ben Grande - 1ede2e1 +- fix: allow update check to work on cacher clients + +* Thu Apr 25 2024 Ben Grande - a6f7d23 +- doc: wrong cacher header position + +* Thu Apr 25 2024 Ben Grande - 648bdad +- fix: remove updatevm tag after DomU uninstallation + +* Sat Apr 13 2024 Ben Grande - 63e93be +- fix: GUI policy precedes sys-cacher policy + +* Mon Mar 25 2024 Ben Grande - 084d08f +- doc: uninstall cacher client based on tag + +* Thu Mar 21 2024 Ben Grande - 4ac0ec9 +- fix: cacher jinja fails to split words + +* Thu Mar 21 2024 Ben Grande - 7faf944 +- feat: apply URI changes in qube + +* Thu Mar 21 2024 Ben Grande - 9e96d80 +- fix: add missing archlinux mirror + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Thu Feb 22 2024 Ben Grande - 0cd3e66 +- fix: remove hardcoded fedora versions from cacher + +* Thu Feb 22 2024 Ben Grande - 908a077 +- fix: allow apt-cacher-ng cronjob to run + +* Thu Feb 22 2024 Ben Grande - 23dbc72 +- fix: update apt-cacher-ng mirror list + +* Mon Feb 19 2024 Ben Grande - 89bd760 +- feat: add OpenTofu + +* Wed Jan 31 2024 Ben Grande - b5d7371 +- fix: thunar requires xfce helpers to find terminal + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Thu Jan 18 2024 Ben Grande - 0887c24 +- fix: remove unicode from used files + +* Fri Jan 12 2024 Ben Grande - 8d7c0a2 +- fix: sys-cacher policy with the new tag name + +* Fri Jan 12 2024 Ben Grande - 233ac76 +- fix: sys-cacher tag compliance with default tags + +* Fri Jan 12 2024 Ben Grande - a97e3c0 +- feat: kicksecure minimal template + +* Wed Jan 10 2024 Ben Grande - 2b6daac +- fix: shellcheck + +* Wed Dec 20 2023 Ben Grande - 38d98ec +- fix: nft shebang and table names + +* Wed Dec 20 2023 Ben Grande - d3ae662 +- fix: cacher client installation indentation + +* Wed Dec 20 2023 Ben Grande - a78b90e +- fix: better output for cacher tag assignment + +* Tue Dec 19 2023 Ben Grande - 71d22c5 +- refactor: reorder states to avoid race condition + +* Tue Dec 19 2023 Ben Grande - b4d142b +- refactor: move appended states to drop-in rc.local + +* Tue Dec 19 2023 Ben Grande - e670d02 +- fix: skip client setup on cacher initialization + +* Tue Nov 21 2023 Ben Grande - ec2dab3 +- fix: stop modifying distribution package files + +* Tue Nov 14 2023 Ben Grande - 41c5418 +- fix: cacher shuting down on long running updates + +* Mon Nov 13 2023 Ben Grande - 963e72c +- chore: Fix unman copyright contact + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-sys-electrs.spec b/rpm_spec/qusal-sys-electrs.spec new file mode 100644 index 0000000..db620de --- /dev/null +++ b/rpm_spec/qusal-sys-electrs.spec @@ -0,0 +1,145 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-electrs +Version: 0.0.1 +Release: 1%{?dist} +Summary: Electrs in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-dotfiles +Requires: qusal-sys-bitcoin +Requires: qusal-sys-git +Requires: qusal-sys-pgp +Requires: qusal-utils +Requires: qusal-whonix-workstation + + +%description +Setup an offline Electrs (Electrum Server) qube named "sys-electrs", +connected to your own full node running on "sys-bitcoin" to index the +blockchain to allow for efficient query of the history of arbitrary addresses. + +A disposable qube "disp-electrs-builder" will be created, it will serve to +install and verify Electrs. After the verification succeeds, files are copied +to the template "tpl-sys-electrs". This method was chosen so the server can be +always offline. + +At least `200GB` of disk space is required. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-electrs.create + qubesctl --skip-dom0 --targets=tpl-electrs-builder state.apply sys-electrs.install-builder + qubesctl --skip-dom0 --targets=tpl-sys-electrs state.apply sys-electrs.install + qubesctl --skip-dom0 --targets=disp-electrs-builder state.apply sys-electrs.configure-builder + qubesctl --skip-dom0 --targets=sys-electrs state.apply sys-electrs.configure + qubesctl state.apply sys-electrs.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed Jun 19 2024 Ben Grande - 97b2496 +- fix: start service after Qubes Service setup + +* Thu Jun 13 2024 Ben Grande - e65b0bf +- fix: feature check statement missing key + +* Tue Jun 04 2024 Ben Grande - 7873dd8 +- fix: remove undesired appmenus from builder qubes + +* Thu May 23 2024 Ben Grande - c8b9bb3 +- feat: bump Electrs version + +* Tue May 14 2024 Ben Grande - d148599 +- doc: nested list indentation + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Mar 15 2024 Ben Grande - db86c2d +- feat: bump electrs version + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Sun Feb 18 2024 Ben Grande - 7d6e2bf +- fix: less menu items for bitcoin qubes + +* Sat Feb 17 2024 Ben Grande - 275178f +- fix: add missing dependency for qvm-connect-tcp + +* Sat Feb 17 2024 Ben Grande - dbed18d +- feat: Bitcoin Core and Electrum servers and wallet diff --git a/rpm_spec/qusal-sys-electrumx.spec b/rpm_spec/qusal-sys-electrumx.spec new file mode 100644 index 0000000..d97ca2c --- /dev/null +++ b/rpm_spec/qusal-sys-electrumx.spec @@ -0,0 +1,130 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-electrumx +Version: 0.0.1 +Release: 1%{?dist} +Summary: ElectrumX in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-dotfiles +Requires: qusal-sys-bitcoin +Requires: qusal-sys-git +Requires: qusal-sys-pgp +Requires: qusal-utils +Requires: qusal-whonix-workstation + + +%description +Setup an offline Electrumx (Electrum Server) qube named "sys-electrumx", +connected to your own full node running on "sys-bitcoin" to index the +blockchain to allow for efficient query of the history of arbitrary addresses. + +A disposable qube "disp-electrumx-builder" will be created, based on +Whonix-Workstation, it will server to install and verify ElectrumX. After the +verification succeeds, files are copied to the template "tpl-sys-electrumx". +This method was chosen so the server can be always offline. + +At least `200GB` of disk space is required. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-electrumx.create + qubesctl --skip-dom0 --targets=tpl-electrumx-builder state.apply sys-electrumx.install-builder + qubesctl --skip-dom0 --targets=tpl-sys-electrumx state.apply sys-electrumx.install + qubesctl --skip-dom0 --targets=disp-electrumx-builder state.apply sys-electrumx.configure-builder + qubesctl --skip-dom0 --targets=sys-electrumx state.apply sys-electrumx.configure + qubesctl state.apply sys-electrumx.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Tue Jun 04 2024 Ben Grande - 7873dd8 +- fix: remove undesired appmenus from builder qubes + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Sun Feb 18 2024 Ben Grande - 7d6e2bf +- fix: less menu items for bitcoin qubes + +* Sat Feb 17 2024 Ben Grande - 275178f +- fix: add missing dependency for qvm-connect-tcp + +* Sat Feb 17 2024 Ben Grande - dbed18d +- feat: Bitcoin Core and Electrum servers and wallet diff --git a/rpm_spec/qusal-sys-firewall.spec b/rpm_spec/qusal-sys-firewall.spec new file mode 100644 index 0000000..3b6e5b9 --- /dev/null +++ b/rpm_spec/qusal-sys-firewall.spec @@ -0,0 +1,133 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-firewall +Version: 0.0.1 +Release: 1%{?dist} +Summary: Firewall in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-sys-net +Requires: qusal-utils + + +%description +Creates firewall qube, an App qube "sys-firewall" and a Disposable qube +"disp-sys-firewall". By default, "disp-sys-firewall" will be the "updatevm", +the "clockvm" and the "default_netvm". + +If you want an easy to configure firewall with ad blocking, checkout +sys-pihole instead. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-firewall.create + qubesctl --skip-dom0 --targets=tpl-sys-firewall state.apply sys-firewall.install + qubesctl state.apply sys-firewall.prefs-disp +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Thu Jun 13 2024 Ben Grande - a564b3a +- feat: add TCP proxy for remote hosts + +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Sat May 11 2024 Ben Grande - 72f61bb +- fix: install fwupd qubes plugin to updatevm + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Thu Jan 04 2024 Ben Grande - 0216297 +- feat: default to disposable netvm + +* Thu Jan 04 2024 Ben Grande - e0b11b3 +- fix: do not install net debug tools by default + +* Thu Dec 21 2023 Ben Grande - ad6f5e2 +- feat: move clockvm out of sys-net to sys-firewall + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-sys-git.spec b/rpm_spec/qusal-sys-git.spec new file mode 100644 index 0000000..870124a --- /dev/null +++ b/rpm_spec/qusal-sys-git.spec @@ -0,0 +1,148 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-git +Version: 0.0.1 +Release: 1%{?dist} +Summary: Git operations through Qrexec in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-dotfiles +Requires: qusal-sys-pgp +Requires: qusal-utils + + +%description +Setup a Git server called "sys-git", an offline Git Server that can be +accessed from client qubes via Qrexec. Access control via Qrexec policy can +restrict access to certain repositories, set of git actions for Fetch, Push +and Init. This is an implementation of split-git. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-git.create + qubesctl --skip-dom0 --targets=tpl-sys-git state.apply sys-git.install + qubesctl --skip-dom0 --targets=sys-git state.apply sys-git.configure +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed Jun 19 2024 Ben Grande - bf0a4bc +- fix: terminate option parsing for qvm commands + +* Tue Jun 04 2024 Ben Grande - 8d9ad74 +- fix: correct man-db typo + +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Mon Mar 11 2024 Ben Grande - beb5c04 +- fix: start qube before running qrexec-client + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Thu Jan 18 2024 Ben Grande - 04a016e +- doc: attacker can display a large byte set + +* Thu Jan 18 2024 Ben Grande - f8ea066 +- doc: how to update the repository + +* Thu Jan 18 2024 Ben Grande - 23bcceb +- fix: dom0 as sys-git client + +* Thu Dec 28 2023 Ben Grande - b52e4b1 +- fix: strict split-gpg2 service + +* Thu Dec 21 2023 Ben Grande - f21f676 +- fix: dom0 qrexec call target qube + +* Thu Dec 21 2023 Ben Grande - a820751 +- refactor: git Qrexec helper with drop-in commands + +* Tue Nov 21 2023 Ben Grande - 10b3bcd +- fix: unstrusted input marking and sanitization + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-sys-mirage-firewall.spec b/rpm_spec/qusal-sys-mirage-firewall.spec new file mode 100644 index 0000000..6632a3e --- /dev/null +++ b/rpm_spec/qusal-sys-mirage-firewall.spec @@ -0,0 +1,135 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-mirage-firewall +Version: 0.0.1 +Release: 1%{?dist} +Summary: Mirage Firewall in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later AND MIT +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 + + +%description +Creates a Mirage Firewall qube named "disp-sys-mirage-firewall". It is an +OCaml program compiled to run as an operating system kernel, in this case, a +MirageOS unikernel replacement for the default firewall (sys-firewall). It +pulls in just the code it needs as libraries. + +Contrary to a standard Linux Firewall, Mirage Firewall doesn't need a full +system to run an excessive resources. + +You can't use Mirage Firewall to be the updatevm, use another qube instead. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-mirage-firewall.create +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Tue May 14 2024 Ben Grande - d148599 +- doc: nested list indentation + +* Sat May 11 2024 Ben Grande - bfb3026 +- fix: update mirage firewall version + +* Wed Apr 24 2024 Ben Grande - 7ec71cc +- feat: bump Mirage Firewall version + +* Tue Mar 19 2024 Ben Grande - cb59a9a +- feat: fetch mirage tarball + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Wed Jan 31 2024 Ben Grande - c98b8b3 +- fix: do not include mirage firewall in backup + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sun Jan 28 2024 Ben Grande - cb4ff00 +- doc: typo in mirage firewall usage + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Fri Jan 12 2024 Ben Grande - 7eb1f34 +- feat: disposable mirage firewall + +* Mon Nov 13 2023 Ben Grande - 963e72c +- chore: Fix unman copyright contact + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-sys-net.spec b/rpm_spec/qusal-sys-net.spec new file mode 100644 index 0000000..bb5d011 --- /dev/null +++ b/rpm_spec/qusal-sys-net.spec @@ -0,0 +1,145 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-net +Version: 0.0.1 +Release: 1%{?dist} +Summary: PCI handler of network devices in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later AND MIT +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dotfiles +Requires: qusal-sys-net +Requires: qusal-utils + + +%description +Creates and configure qubes for handling the network devices. Qubes OS +provides the state "qvm.sys-net", but it will create only "sys-net", which can +be a disposable or not. This package takes a different approach, it will +create an AppVM "sys-net" and a DispVM "disp-sys-net". + +By default, the chosen one is "disp-sys-net", but you can choose which qube +type becomes the upstream net qube "default_netvm" and the fallback target for +the "qubes.UpdatesProxy" service in case no rule matched before. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-net.create + qubesctl --skip-dom0 --targets=tpl-sys-net state.apply sys-net.install + qubesctl state.apply sys-net.prefs-disp +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Mon Jun 17 2024 Ben Grande - 534db96 +- doc: qusal proxy service requires configuration + +* Sun Jun 16 2024 Ben Grande - faa00fb +- doc: update table of contents + +* Fri Jun 14 2024 Ben Grande - afcb730 +- doc: document usage of qusal TCP proxy + +* Thu Jun 13 2024 Ben Grande - a564b3a +- feat: add TCP proxy for remote hosts + +* Thu May 02 2024 Ben Grande - 972ac77 +- fix: install libpci by default on sys-net + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Thu Jan 04 2024 Ben Grande - 0216297 +- feat: default to disposable netvm + +* Thu Jan 04 2024 Ben Grande - e0b11b3 +- fix: do not install net debug tools by default + +* Thu Dec 21 2023 Ben Grande - ad6f5e2 +- feat: move clockvm out of sys-net to sys-firewall + +* Mon Nov 20 2023 Ben Grande - 2702768 +- fix: add required package to sync clockvm time + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-sys-pgp.spec b/rpm_spec/qusal-sys-pgp.spec new file mode 100644 index 0000000..e51197e --- /dev/null +++ b/rpm_spec/qusal-sys-pgp.spec @@ -0,0 +1,139 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-pgp +Version: 0.0.1 +Release: 1%{?dist} +Summary: PGP operations through Qrexec in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-dotfiles +Requires: qusal-fedora-minimal +Requires: qusal-utils + + +%description +Creates a PGP key holder named "sys-pgp", it will be the default target for +split-gpg and split-gpg2 calls for all qubes. Keys are stored in "sys-pgp", +and access to them is made from the client through Qrexec. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-pgp.create + qubesctl --skip-dom0 --targets=tpl-sys-pgp state.apply sys-pgp.install + qubesctl --skip-dom0 --targets=sys-pgp state.apply sys-pgp.configure + qubesctl state.apply sys-pgp.prefs +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Thu Jun 20 2024 Ben Grande - 7ab3b93 +- fix: correct upstream repository owner + +* Mon Jun 17 2024 Ben Grande - 1a72665 +- feat: add split-gpg2 configuration + +* Fri Jun 14 2024 Ben Grande - e1a15d8 +- fix: pgp template is fedora based without salt fix + +* Tue May 28 2024 Ben Grande - bc8213b +- fix: split-gpg2 fedora clashes with debian agent + +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Wed Jan 31 2024 Ben Grande - 8ff1998 +- feat: install available sequoia-pgp tools + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Thu Dec 28 2023 Ben Grande - b52e4b1 +- fix: strict split-gpg2 service + +* Wed Dec 27 2023 Ben Grande - a617c3d +- fix: modify package names to match Qubes 4.2 + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-sys-pihole.spec b/rpm_spec/qusal-sys-pihole.spec new file mode 100644 index 0000000..e8be38a --- /dev/null +++ b/rpm_spec/qusal-sys-pihole.spec @@ -0,0 +1,183 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-pihole +Version: 0.0.1 +Release: 1%{?dist} +Summary: Pi-hole DNS Sinkhole in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-browser +Requires: qusal-debian-minimal +Requires: qusal-dotfiles +Requires: qusal-sys-cacher +Requires: qusal-sys-net +Requires: qusal-utils + + +%description +The package will create a standalone qube "sys-pihole". It blocks +advertisements and internet trackers by providing a DNS sinkhole. It is a drop +in replacement for sys-firewall. + +The qube will be attached to the "netvm" of the "default_netvm", in other +words, if you are using Qubes OS default setup, it will use "sys-net" as the +"netvm", else it will try to figure out what is your upstream link and attach +to it. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-pihole.create + qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install + qubesctl --skip-dom0 --targets=sys-pihole state.apply sys-pihole.install + qubesctl --skip-dom0 --targets=sys-pihole-browser state.apply sys-pihole.configure-browser + qubesctl state.apply sys-pihole.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Thu Jun 13 2024 Ben Grande - a564b3a +- feat: add TCP proxy for remote hosts + +* Sun Jun 09 2024 Ben Grande - d2771d5 +- fix: guarantee states order dependent on browser + +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Tue May 14 2024 Ben Grande - d148599 +- doc: nested list indentation + +* Sat May 11 2024 Ben Grande - 72f61bb +- fix: install fwupd qubes plugin to updatevm + +* Fri Apr 12 2024 Ben Grande - a8e9188 +- feat: bump Pi-Hole and Bitcoin version + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Thu Mar 14 2024 Ben Grande - 7c3d6ac +- fix: remove cacher proxy from updatevm + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Tue Jan 09 2024 Ben Grande - 567e36d +- fix: prefer qvm-features for uniformity + +* Fri Jan 05 2024 Ben Grande - 762f8be +- fix: make sys-pihole fully replace sys-firewall + +* Fri Jan 05 2024 Ben Grande - 705808d +- feat: allow sys-pihole to use pi-hole for queries + +* Fri Jan 05 2024 Ben Grande - 692659e +- feat: passwordless pihole admin interface + +* Wed Jan 03 2024 Ben Grande - 6bb426a +- refactor: import armored gpg keys instead of db + +* Tue Dec 26 2023 Ben Grande - 6a551eb +- refactor: pihole nft rules for Qubes 4.2 + +* Sun Dec 24 2023 Ben Grande - 224d2d5 +- fix: pihole lighttpd link + +* Sat Dec 23 2023 Ben Grande - 6fc173d +- feat: clockvm also present in sys-pihole + +* Wed Dec 20 2023 Ben Grande - 38d98ec +- fix: nft shebang and table names + +* Tue Dec 19 2023 Ben Grande - 71d22c5 +- refactor: reorder states to avoid race condition + +* Tue Dec 19 2023 Ben Grande - b4d142b +- refactor: move appended states to drop-in rc.local + +* Tue Dec 19 2023 Ben Grande - 0751aff +- refactor: organize pihole directory structure + +* Mon Nov 13 2023 Ben Grande - 963e72c +- chore: Fix unman copyright contact + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-sys-print.spec b/rpm_spec/qusal-sys-print.spec new file mode 100644 index 0000000..3baf4f1 --- /dev/null +++ b/rpm_spec/qusal-sys-print.spec @@ -0,0 +1,121 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-print +Version: 0.0.1 +Release: 1%{?dist} +Summary: Printer environment in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-dotfiles +Requires: qusal-sys-print +Requires: qusal-sys-usb +Requires: qusal-utils + + +%description +Creates a print server named "sys-print" and a named disposable +"disp-sys-print" qube for sending files to your configured printer, which can +be done over the network or with IPP-over-USB. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-print.create + qubesctl --skip-dom0 --targets=tpl-sys-print state.apply sys-print.install + qubesctl state.apply sys-print.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Thu Jun 20 2024 Ben Grande - ab56b5f +- feat: allow print calls from qubes with tag + +* Wed Jun 19 2024 Ben Grande - 97b2496 +- fix: start service after Qubes Service setup + +* Wed Jun 19 2024 Ben Grande - f30bd20 +- fix: Print server without RPC service + +* Wed Jun 19 2024 Ben Grande - f86e30a +- fix: add simple-scan to printer appmenus + +* Wed Jun 19 2024 Ben Grande - 49a295d +- fix: printer formula with conflicting IDs + +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Fri May 24 2024 Ben Grande - b09ecdc +- feat: add Print formula diff --git a/rpm_spec/qusal-sys-rsync.spec b/rpm_spec/qusal-sys-rsync.spec new file mode 100644 index 0000000..97a1c3f --- /dev/null +++ b/rpm_spec/qusal-sys-rsync.spec @@ -0,0 +1,136 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-rsync +Version: 0.0.1 +Release: 1%{?dist} +Summary: Rsync over Qrexec in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-utils + + +%description +Creates a Rsync server qube named "sys-rsync" to be a central document +store to which other qubes have access. This is a simple tool that allows +individual qubes read/write access to the store using Rsync, rather than using +`qvm-copy` or `qvm-move`. + +The greatest problem with SSH is that with large file system, it can freeze +or be very slow to navigate the directories (not so much with Qrexec as the +connection does not go over the network) and chroots need to be configured by +the user. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-rsync.create + qubesctl --skip-dom0 --targets=tpl-sys-rsync state.apply sys-rsync.install + qubesctl --skip-dom0 --targets=sys-rsync state.apply sys-rsync.configure +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed Jun 19 2024 Ben Grande - 97b2496 +- fix: start service after Qubes Service setup + +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Thu Mar 21 2024 Ben Grande - af27eb1 +- fix: wrong port in rsync client forwarder + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Sun Dec 31 2023 Ben Grande - e2c24ec +- style: client state ID must conform to order + +* Tue Dec 19 2023 Ben Grande - b4d142b +- refactor: move appended states to drop-in rc.local + +* Mon Nov 13 2023 Ben Grande - 963e72c +- chore: Fix unman copyright contact + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-sys-ssh-agent.spec b/rpm_spec/qusal-sys-ssh-agent.spec new file mode 100644 index 0000000..fd9c3bc --- /dev/null +++ b/rpm_spec/qusal-sys-ssh-agent.spec @@ -0,0 +1,139 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-ssh-agent +Version: 0.0.1 +Release: 1%{?dist} +Summary: SSH Agent through Qrexec in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-dotfiles +Requires: qusal-utils + + +%description +The key pairs are stored on the offline ssh-agent server named +"sys-ssh-agent", and requests are passed from clients to the server via +Qrexec. Clients may access the same ssh-agent of a qube, or access different +agents. In other words, this is an implementation of split-ssh-agent. + +The client does not know the identity of the ssh-agent server, nor are keys +kept in memory in the client. This method is ideal for cases where you have a +number of key pairs, which are used by different qubes. + +A centralized SSH server is very useful not only for keeping your private keys +safe, but also for keeping your workflow organized. You can delete qubes that +are SSH clients without loosing access to your remote server, because the +authentication keys are on the sys-ssh-agent server, your client qube should +only hold the SSH configuration, which can be reconstructed. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-ssh-agent.create + qubesctl --skip-dom0 --targets=tpl-sys-ssh-agent state.apply sys-ssh-agent.install + qubesctl --skip-dom0 --targets=sys-ssh-agent state.apply sys-ssh-agent.configure +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Thu Jun 13 2024 Ben Grande - a564b3a +- feat: add TCP proxy for remote hosts + +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Tue Feb 20 2024 Ben Grande - 2b46500 +- doc: remove outdated ssh agent server instructions + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sun Jan 21 2024 Ben Grande - 3e6ba8f +- fix: client install the ssh-agent client packages + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Tue Nov 21 2023 Ben Grande - 10b3bcd +- fix: unstrusted input marking and sanitization + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-sys-ssh.spec b/rpm_spec/qusal-sys-ssh.spec new file mode 100644 index 0000000..ce83d8d --- /dev/null +++ b/rpm_spec/qusal-sys-ssh.spec @@ -0,0 +1,138 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-ssh +Version: 0.0.1 +Release: 1%{?dist} +Summary: SSH over Qrexec in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-sys-ssh-agent +Requires: qusal-utils + + +%description +Creates a SSH server qube named "sys-ssh" to be a central document +store to which other qubes have access with SSH File Transfer Protocol, using +the tool sshfs. This is a simple tool that allows individual qubes to mount a +another qube's filesystem rather than using `qvm-copy` or `qvm-move`. + +The greatest problem with the Rsync solution is that it makes copies of the +files or directories. This may be fine with a small amount of data, but with +large files, or large numbers of files, there's a significant overhead. SSH +File Transfer Protocol provides a way for clients to access files on the +server qube directly. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-ssh.create + qubesctl --skip-dom0 --targets=tpl-sys-ssh state.apply sys-ssh.install + qubesctl --skip-dom0 --targets=sys-ssh state.apply sys-ssh.configure +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed Jun 19 2024 Ben Grande - 97b2496 +- fix: start service after Qubes Service setup + +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Sun Dec 31 2023 Ben Grande - e2c24ec +- style: client state ID must conform to order + +* Wed Dec 27 2023 Ben Grande - 76079d2 +- fix: wrong source paths + +* Tue Dec 19 2023 Ben Grande - b4d142b +- refactor: move appended states to drop-in rc.local + +* Mon Nov 13 2023 Ben Grande - 963e72c +- chore: Fix unman copyright contact + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-sys-syncthing.spec b/rpm_spec/qusal-sys-syncthing.spec new file mode 100644 index 0000000..d504977 --- /dev/null +++ b/rpm_spec/qusal-sys-syncthing.spec @@ -0,0 +1,182 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-syncthing +Version: 0.0.1 +Release: 1%{?dist} +Summary: Syncthing through Qrexec in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-browser +Requires: qusal-dom0 +Requires: qusal-dotfiles +Requires: qusal-utils + + +%description +Creates a Syncthing qube named "sys-syncthing", it will be attached to the +"default_netvm". It makes no sense to run this with "sys-syncthing" attached +to a VPN or Tor proxy. + +This package opens up the qubes-firewall, so that the "sys-syncthing" qube is +accessible externally. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-syncthing.create + qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install + qubesctl --skip-dom0 --targets=tpl-sys-syncthing state.apply sys-syncthing.install + qubesctl --skip-dom0 --targets=sys-syncthing state.apply sys-syncthing.configure + qubesctl --skip-dom0 --targets=sys-syncthing-browser state.apply sys-syncthing.configure-browser + qubesctl state.apply sys-syncthing.appmenus + qvm-port-forward -a add -q sys-syncthing -n tcp -p 22000 + qvm-port-forward -a add -q sys-syncthing -n udp -p 22000 +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + qvm-port-forward -a del -q sys-syncthing -n tcp -p 22000 + qvm-port-forward -a del -q sys-syncthing -n udp -p 22000 + qubesctl --skip-dom0 --targets=sys-syncthing state.apply sys-syncthing.cancel + qubesctl state.apply sys-syncthing.clean +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed Jun 19 2024 Ben Grande - 97b2496 +- fix: start service after Qubes Service setup + +* Sun Jun 09 2024 Ben Grande - d2771d5 +- fix: guarantee states order dependent on browser + +* Wed May 29 2024 Ben Grande - 8accc47 +- fix: remove old deb repository list format + +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Thu May 16 2024 Ben Grande - b2c9479 +- fix: enforce https on repository installation + +* Thu May 16 2024 Ben Grande - d4c3fb1 +- feat: add terraform and chrome fedora repositories + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Wed Jan 31 2024 Ben Grande - b5d7371 +- fix: thunar requires xfce helpers to find terminal + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Mon Jan 29 2024 Ben Grande - b01f2d2 +- chore: move port forward to dom0 formula + +* Mon Jan 29 2024 Ben Grande - 30f2ebe +- fix: port forward validate values from DomUs + +* Sun Jan 28 2024 Ben Grande - 9183828 +- fix: fail early when qubes.VMShell is unsupported + +* Sat Jan 27 2024 Ben Grande - 03cb70c +- fix: port forwarder missing short options usage + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Tue Jan 16 2024 Ben Grande - 6bf9b97 +- fix: help option for port forwarder + +* Tue Jan 16 2024 Ben Grande - 80638d6 +- feat: port forwarder + +* Wed Dec 27 2023 Ben Grande - 76079d2 +- fix: wrong source paths + +* Tue Dec 26 2023 Ben Grande - e650dea +- fix: port forwarder script with custom rc + +* Tue Dec 19 2023 Ben Grande - 71d22c5 +- refactor: reorder states to avoid race condition + +* Tue Dec 19 2023 Ben Grande - b4d142b +- refactor: move appended states to drop-in rc.local + +* Tue Nov 21 2023 Ben Grande - 10b3bcd +- fix: unstrusted input marking and sanitization + +* Mon Nov 13 2023 Ben Grande - 963e72c +- chore: Fix unman copyright contact + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-sys-usb.spec b/rpm_spec/qusal-sys-usb.spec new file mode 100644 index 0000000..5136157 --- /dev/null +++ b/rpm_spec/qusal-sys-usb.spec @@ -0,0 +1,145 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-usb +Version: 0.0.1 +Release: 1%{?dist} +Summary: PCI handler of USB devices in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later AND GPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-utils + + +%description +Setup named disposables for USB qubes. During creation, it tries to separate +the USB controllers to different qubes is possible. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-usb.create + qubesctl --skip-dom0 --targets=tpl-sys-usb state.apply sys-usb.install +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Tue Jun 04 2024 Ben Grande - 29601d8 +- doc: refer to video-companion for sys-usb webcam + +* Tue Jun 04 2024 Ben Grande - 8d9ad74 +- fix: correct man-db typo + +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Wed Feb 28 2024 Ben Grande - ead4073 +- feat: allow disp-sys-usb to be an AudioVM + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Fri Jan 12 2024 Ben Grande - ac25ef6 +- fix: sys-usb hide-usb-from-dom0 in keyboard state + +* Fri Jan 12 2024 Ben Grande - 6eefced +- fix: sys-usb disposables must have name prefix + +* Wed Jan 10 2024 Ben Grande - 040594a +- fix: do not remove created dvm + +* Wed Jan 10 2024 Ben Grande - 5b9b0bb +- doc: missing access control for sys-usb + +* Wed Jan 10 2024 Ben Grande - 76e9234 +- fix: organize sys-usb policy per service + +* Tue Jan 09 2024 Ben Grande - a3829e4 +- feat: policy support for multiple sys-usb qubes + +* Wed Dec 27 2023 Ben Grande - a617c3d +- fix: modify package names to match Qubes 4.2 + +* Mon Nov 13 2023 Ben Grande - 963e72c +- chore: Fix unman copyright contact + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-sys-wireguard.spec b/rpm_spec/qusal-sys-wireguard.spec new file mode 100644 index 0000000..021904b --- /dev/null +++ b/rpm_spec/qusal-sys-wireguard.spec @@ -0,0 +1,136 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-sys-wireguard +Version: 0.0.1 +Release: 1%{?dist} +Summary: Wireguard VPN in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later AND GPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-sys-net +Requires: qusal-utils + + +%description +Setup a Wireguard VPN qube named "sys-wireguard" to provide network access to +other qubes through the VPN with fail closed mechanism. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply sys-wireguard.create + qubesctl --skip-dom0 --targets=tpl-sys-wireguard state.apply sys-wireguard.install + qubesctl --skip-dom0 --targets=sys-wireguard state.apply sys-wireguard.configure +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed Jun 19 2024 Ben Grande - 6ec0768 +- fix: clean Wireguard rules + +* Thu Jun 13 2024 Ben Grande - a564b3a +- feat: add TCP proxy for remote hosts + +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Mon Jan 08 2024 Ben Grande - c306047 +- fix: sys-wireguard compatible with Qubes 4.2 + +* Fri Jan 05 2024 Ben Grande - 417843b +- feat: remove extraneous passwordless root + +* Wed Dec 20 2023 Ben Grande - 38d98ec +- fix: nft shebang and table names + +* Tue Dec 19 2023 Ben Grande - b4d142b +- refactor: move appended states to drop-in rc.local + +* Mon Nov 13 2023 Ben Grande - 963e72c +- chore: Fix unman copyright contact + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-terraform.spec b/rpm_spec/qusal-terraform.spec new file mode 100644 index 0000000..51a651f --- /dev/null +++ b/rpm_spec/qusal-terraform.spec @@ -0,0 +1,118 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-terraform +Version: 0.0.1 +Release: 1%{?dist} +Summary: Terraform installation in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-sys-ssh-agent +Requires: qusal-utils + + +%description +Install Terraform and use it on the "terraform" app qube. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply terraform.create + qubesctl --skip-dom0 --targets=tpl-terraform state.apply terraform.install +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Wed May 29 2024 Ben Grande - 8accc47 +- fix: remove old deb repository list format + +* Thu May 16 2024 Ben Grande - b2c9479 +- fix: enforce https on repository installation + +* Thu May 16 2024 Ben Grande - d4c3fb1 +- feat: add terraform and chrome fedora repositories + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-usb.spec b/rpm_spec/qusal-usb.spec new file mode 100644 index 0000000..fda9066 --- /dev/null +++ b/rpm_spec/qusal-usb.spec @@ -0,0 +1,108 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-usb +Version: 0.0.1 +Release: 1%{?dist} +Summary: USB client in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-sys-usb +Requires: qusal-utils + + +%description +A Template for DispVMs will be created and named "dvm-usb", from this qube, +you can base disposable qubes, geared towards USB client usage. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply usb.create + qubesctl --skip-dom0 --targets=tpl-usb state.apply usb.install +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Mon Dec 18 2023 Ben Grande - bcb65a2 +- feat: usb client diff --git a/rpm_spec/qusal-utils.spec b/rpm_spec/qusal-utils.spec new file mode 100644 index 0000000..c7742d4 --- /dev/null +++ b/rpm_spec/qusal-utils.spec @@ -0,0 +1,134 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-utils +Version: 0.0.1 +Release: 1%{?dist} +Summary: Utilities library for Qusal + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 + + +%description +Utils is a SaltStack Qubes library for certain operations shared by multiple +projects such as macros and common tools to be installed. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + true +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Fri May 24 2024 Ben Grande - cbf61e6 +- feat: add Firefox browser from Mozilla repository + +* Thu May 16 2024 Ben Grande - b2c9479 +- fix: enforce https on repository installation + +* Tue May 14 2024 Ben Grande - d148599 +- doc: nested list indentation + +* Tue Apr 30 2024 Ben Grande - 5722a25 +- fix: discover non-root username at runtime + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Sat Feb 17 2024 Ben Grande - dbed18d +- feat: Bitcoin Core and Electrum servers and wallet + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Fri Jan 26 2024 Ben Grande - a04960c +- feat: initial split-mail setup + +* Fri Jan 12 2024 Ben Grande - 2576d14 +- fix: policy file mode not allowing group to write + +* Fri Jan 12 2024 Ben Grande - 2063a43 +- fix: clone macro support for optional argument + +* Fri Jan 12 2024 Ben Grande - 5e5ae2f +- fix: zsh state import with relative path + +* Fri Jan 12 2024 Ben Grande - a97e3c0 +- feat: kicksecure minimal template + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-vault.spec b/rpm_spec/qusal-vault.spec new file mode 100644 index 0000000..8be39a5 --- /dev/null +++ b/rpm_spec/qusal-vault.spec @@ -0,0 +1,118 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-vault +Version: 0.0.1 +Release: 1%{?dist} +Summary: Vault environment in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-dev +Requires: qusal-utils + + +%description +An offline qube will be created and named "vault", it will have a password +manager for high entropy passwords, PGP and SSH client for creating private +keys. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply vault.create + qubesctl --skip-dom0 --targets=tpl-vault state.apply vault.install + qubesctl state.apply vault.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Tue May 28 2024 Ben Grande - 44ea4c5 +- feat: add manual page reader + +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Mon Jan 29 2024 Ben Grande - 6efcc1d +- chore: copyright update + +* Sat Jan 20 2024 Ben Grande - 422b01e +- feat: remove audiovm setting when unnecessary + +* Thu Dec 21 2023 Ben Grande - ff34a8a +- fix: add missing appmenus sync + +* Mon Nov 13 2023 Ben Grande - 5eebd78 +- refactor: initial commit diff --git a/rpm_spec/qusal-video-companion.spec b/rpm_spec/qusal-video-companion.spec new file mode 100644 index 0000000..7a61e20 --- /dev/null +++ b/rpm_spec/qusal-video-companion.spec @@ -0,0 +1,100 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-video-companion +Version: 0.0.1 +Release: 1%{?dist} +Summary: Stream webcams and share screens in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-utils + + +%description +Installation procedures to stream webcams and share screens across qubes. The +sender/server owns the screen or webcam and the receiver/client wants to +access them without compromising the domains. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply video-companion.create +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Fri Jun 14 2024 Ben Grande - 3ece491 +- fix: wrong video-companion package name for dom0 + +* Thu May 30 2024 Ben Grande - 0c9b173 +- feat: add Qubes Video Companion formula diff --git a/rpm_spec/qusal-whonix-gateway.spec b/rpm_spec/qusal-whonix-gateway.spec new file mode 100644 index 0000000..3ca51cd --- /dev/null +++ b/rpm_spec/qusal-whonix-gateway.spec @@ -0,0 +1,104 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-whonix-gateway +Version: 0.0.1 +Release: 1%{?dist} +Summary: Whonix Gateway Template in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-utils + + +%description +Creates the Whonix Gateway templates as well as a Disposable Template based on +it. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply whonix-gateway.create + qubesctl --skip-dom0 --targets=whonix-gateway-17 state.apply whonix-gateway.install + qubesctl state.apply whonix-gateway.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Thu Feb 08 2024 Ben Grande - 7331b19 +- refactor: distinct whonix formulas diff --git a/rpm_spec/qusal-whonix-workstation.spec b/rpm_spec/qusal-whonix-workstation.spec new file mode 100644 index 0000000..aae91fa --- /dev/null +++ b/rpm_spec/qusal-whonix-workstation.spec @@ -0,0 +1,108 @@ +# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Reproducibility. +%define source_date_epoch_from_changelog 1 +%define use_source_date_epoch_as_buildtime 1 +%define clamp_mtime_to_source_date_epoch 1 +# Changelog is trimmed according to current date, not last date from changelog. +%define _changelog_trimtime 0 +%define _changelog_trimage 0 +%global _buildhost %{name} +# Python bytecode interferes when updates occur and restart is not done. +%undefine __brp_python_bytecompile + +Name: qusal-whonix-workstation +Version: 0.0.1 +Release: 1%{?dist} +Summary: Whonix Workstation Template in Qubes OS + +Group: qusal +Packager: Ben Grande +Vendor: Ben Grande +License: AGPL-3.0-or-later +URL: https://github.com/ben-grande/qusal +BugURL: https://github.com/ben-grande/qusal/issues +Source0: %{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: qubes-mgmt-salt +Requires: qubes-mgmt-salt-dom0 +Requires: qusal-utils +Requires: qusal-whonix-gateway + + +%description +Creates the Whonix Workstation templates as well as a Disposable Template +based on it. + +%prep +%setup -q + +%build + +%install +rm -rf %{buildroot} +install -m 755 -d \ + %{buildroot}/srv/salt/qusal \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name} + +%check + +%dnl %pre + +%post +if test "$1" = "1"; then + ## Install + qubesctl state.apply whonix-workstation.create + qubesctl --skip-dom0 --targets=whonix-workstation-17 state.apply whonix-workstation.install + qubesctl state.apply whonix-workstation.appmenus +elif test "$1" = "2"; then + ## Upgrade + true +fi + +%preun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%postun +if test "$1" = "0"; then + ## Uninstall + true +elif test "$1" = "1"; then + ## Upgrade + true +fi + +%files +%defattr(-,root,root,-) +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir /srv/salt/qusal/%{name} +/srv/salt/qusal/%{name}/* +%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. + +%changelog +* Mon Mar 18 2024 Ben Grande - f9ead06 +- fix: remove extraneous package repository updates + +* Fri Feb 23 2024 Ben Grande - 5605ec7 +- doc: prefix qubesctl with sudo + +* Sat Feb 17 2024 Ben Grande - dbed18d +- feat: Bitcoin Core and Electrum servers and wallet + +* Thu Feb 08 2024 Ben Grande - 7331b19 +- refactor: distinct whonix formulas diff --git a/rpm_spec/template/template.spec b/rpm_spec/template/template.spec index 3591489..91dfb23 100644 --- a/rpm_spec/template/template.spec +++ b/rpm_spec/template/template.spec @@ -2,20 +2,6 @@ # # SPDX-License-Identifier: AGPL-3.0-or-later -%define file_roots %(./scripts/spec-get.sh @PROJECT@ file_roots) -%define my_name %(./scripts/spec-get.sh @PROJECT@ name) -%define branch %(./scripts/spec-get.sh @PROJECT@ branch) -%define project %(./scripts/spec-get.sh @PROJECT@ project) -%define summary %(./scripts/spec-get.sh @PROJECT@ summary) -%define group %(./scripts/spec-get.sh @PROJECT@ group) -%define packager %(./scripts/spec-get.sh @PROJECT@ packager) -%define vendor %(./scripts/spec-get.sh @PROJECT@ vendor) -%define license_csv %(./scripts/spec-get.sh @PROJECT@ license_csv) -%define license %(./scripts/spec-get.sh @PROJECT@ license) -%define url %(./scripts/spec-get.sh @PROJECT@ url) -%define bug_url %(./scripts/spec-get.sh @PROJECT@ bug_url) -%define my_description %(./scripts/spec-get.sh @PROJECT@ description) - ## Reproducibility. %define source_date_epoch_from_changelog 1 %define use_source_date_epoch_as_buildtime 1 @@ -27,18 +13,18 @@ # Python bytecode interferes when updates occur and restart is not done. %undefine __brp_python_bytecompile -Name: %{project} +Name: @PROJECT@ Version: @VERSION@ Release: 1%{?dist} -Summary: %{summary} +Summary: @SUMMARY@ -Group: %{group} -Packager: %{packager} -Vendor: %{vendor} -License: %{license} -URL: %{url} -BugURL: %{bug_url} -Source0: %{project} +Group: @GROUP@ +Packager: @PACKAGER@ +Vendor: @VENDOR@ +License: @LICENSE@ +URL: @URL@ +BugURL: @BUG_URL@ +Source0: %{name}-%{version}.tar.gz BuildArch: noarch Requires: qubes-mgmt-salt @@ -46,22 +32,23 @@ Requires: qubes-mgmt-salt-dom0 @REQUIRES@ %description -%{my_description} +@DESCRIPTION@ %prep +%setup -q %build %install rm -rf %{buildroot} install -m 755 -d \ - %{buildroot}%{file_roots} \ - %{buildroot}%{_docdir}/%{project} \ - %{buildroot}%{_defaultlicensedir}/%{project} -install -m 644 %{project}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{project}/ -install -m 644 %{project}/README.md %{buildroot}%{_docdir}/%{project}/ -rm -rv %{project}/LICENSES %{project}/README.md -cp -rv %{project} %{buildroot}%{file_roots}/%{my_name} + %{buildroot}@FILE_ROOTS@ \ + %{buildroot}%{_docdir}/%{name} \ + %{buildroot}%{_defaultlicensedir}/%{name} +install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/ +install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/ +rm -rv %{name}/LICENSES %{name}/README.md +cp -rv %{name} %{buildroot}@FILE_ROOTS@/%{name} %check @@ -96,10 +83,10 @@ fi %files %defattr(-,root,root,-) -%license %{_defaultlicensedir}/%{project}/* -%doc %{_docdir}/%{project}/README.md -%dir %{file_roots}/%{my_name} -%{file_roots}/%{my_name}/* +%license %{_defaultlicensedir}/%{name}/* +%doc %{_docdir}/%{name}/README.md +%dir @FILE_ROOTS@/%{name} +@FILE_ROOTS@/%{name}/* %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %changelog diff --git a/version b/salt/ansible/version similarity index 100% rename from version rename to salt/ansible/version diff --git a/salt/browser/version b/salt/browser/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/browser/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/debian-minimal/version b/salt/debian-minimal/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/debian-minimal/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/debian-xfce/version b/salt/debian-xfce/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/debian-xfce/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/debian/version b/salt/debian/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/debian/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/dev/version b/salt/dev/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/dev/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/docker/version b/salt/docker/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/docker/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/dom0/version b/salt/dom0/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/dom0/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/electrum/version b/salt/electrum/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/electrum/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/element/version b/salt/element/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/element/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/fedora-minimal/version b/salt/fedora-minimal/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/fedora-minimal/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/fedora-xfce/version b/salt/fedora-xfce/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/fedora-xfce/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/fedora/version b/salt/fedora/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/fedora/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/fetcher/version b/salt/fetcher/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/fetcher/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/kicksecure-minimal/version b/salt/kicksecure-minimal/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/kicksecure-minimal/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/mail/version b/salt/mail/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/mail/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/media/version b/salt/media/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/media/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/mgmt/version b/salt/mgmt/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/mgmt/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/mirage-builder/version b/salt/mirage-builder/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/mirage-builder/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/opentofu/version b/salt/opentofu/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/opentofu/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/qubes-builder/version b/salt/qubes-builder/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/qubes-builder/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/reader/version b/salt/reader/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/reader/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/remmina/version b/salt/remmina/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/remmina/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/signal/version b/salt/signal/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/signal/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/ssh/version b/salt/ssh/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/ssh/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-audio/version b/salt/sys-audio/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-audio/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-bitcoin/version b/salt/sys-bitcoin/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-bitcoin/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-cacher/version b/salt/sys-cacher/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-cacher/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-electrs/version b/salt/sys-electrs/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-electrs/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-electrumx/version b/salt/sys-electrumx/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-electrumx/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-firewall/version b/salt/sys-firewall/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-firewall/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-git/version b/salt/sys-git/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-git/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-mirage-firewall/version b/salt/sys-mirage-firewall/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-mirage-firewall/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-net/version b/salt/sys-net/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-net/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-pgp/version b/salt/sys-pgp/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-pgp/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-pihole/version b/salt/sys-pihole/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-pihole/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-print/version b/salt/sys-print/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-print/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-rsync/version b/salt/sys-rsync/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-rsync/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-ssh-agent/version b/salt/sys-ssh-agent/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-ssh-agent/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-ssh/version b/salt/sys-ssh/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-ssh/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-syncthing/version b/salt/sys-syncthing/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-syncthing/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-usb/version b/salt/sys-usb/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-usb/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/sys-wireguard/version b/salt/sys-wireguard/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/sys-wireguard/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/terraform/version b/salt/terraform/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/terraform/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/usb/version b/salt/usb/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/usb/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/utils/version b/salt/utils/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/utils/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/vault/version b/salt/vault/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/vault/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/video-companion/version b/salt/video-companion/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/video-companion/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/whonix-gateway/version b/salt/whonix-gateway/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/whonix-gateway/version @@ -0,0 +1 @@ +0.0.1 diff --git a/salt/whonix-workstation/version b/salt/whonix-workstation/version new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/salt/whonix-workstation/version @@ -0,0 +1 @@ +0.0.1 diff --git a/scripts/qubesbuilder-gen.sh b/scripts/qubesbuilder-gen.sh index 09b242c..fd4b60e 100755 --- a/scripts/qubesbuilder-gen.sh +++ b/scripts/qubesbuilder-gen.sh @@ -17,8 +17,8 @@ if test "${1-}" = "test"; then target="${tmpdir}/.qubesbuilder" trap 'rm -rf -- "${tmpdir}"' EXIT INT HUP QUIT ABRT fi -ignored="$(git ls-files --exclude-standard --others --ignored)" -untracked="$(git ls-files --exclude-standard --others)" +ignored="$(git ls-files --exclude-standard --others --ignored salt/)" +untracked="$(git ls-files --exclude-standard --others salt/)" unwanted="$(printf %s"${ignored}\n${untracked}\n" | grep "^salt/\S\+/README.md" \ | cut -d "/" -f2 | sort -u)" group="$(./scripts/spec-get.sh dom0 group)" @@ -38,7 +38,7 @@ echo "${projects}" | tee -a "${target}" >/dev/null if test "${1-}" = "test"; then if ! cmp -s "${target}" "${intended_target}"; then echo "${0##*/}: error: File ${intended_target} is not up to date" >&2 - echo "${0##*/}: error: Please run '${0##/*}' to update the file" >&2 + echo "${0##*/}: error: Update the builder file with: ${0##/*}" >&2 exit 1 fi fi diff --git a/scripts/spec-gen.sh b/scripts/spec-gen.sh index 42da851..7817c68 100755 --- a/scripts/spec-gen.sh +++ b/scripts/spec-gen.sh @@ -11,11 +11,18 @@ usage(){ } ## Escape multiline strings for sed. -escaped_key(){ - echo "${1}" | sed ':a;N;$!ba;s/\n/\\n /g' | sed 's/\$/\\$/' +escape_key(){ + key_type="${1}" + key_indent=" " + if test "${key_type}" = "scriptlet"; then + echo "${2}" | sed ':a;N;$!ba;s/\n/\\n /g' | sed 's/\$/\\$/' + elif test "${key_type}" = "text"; then + echo "${2}" | sed ':a;N;$!ba;s/\n/\\n/g' | sed 's/\$/\\$/' + else + return 1 + fi } - # get_scriptlet scriptlet-action # [pre|post]-[install|upgrade], [pre|post]un-[uninstall|upgrade] ## Get scriptlet command, else fail safe. @@ -28,7 +35,7 @@ get_scriptlet(){ echo true return 0 fi - escaped_key "${scriptlet}" + escape_key scriptlet "${scriptlet}" } get_spec(){ @@ -37,6 +44,15 @@ get_spec(){ gen_spec(){ project="${1}" + ignored="$(git ls-files --exclude-standard --others --ignored)" + untracked="$(git ls-files --exclude-standard --others)" + unwanted="$(printf %s"${ignored}\n${untracked}\n" \ + | grep "^salt/\S\+/README.md" | cut -d "/" -f2 | sort -u)" + + if echo "${unwanted}" | grep -q "^${project}$"; then + echo "warn: skipping spec generation of untracked formula: ${project}" >&2 + return 0 + fi ## Test if a standard option works without error. get_spec name >/dev/null @@ -44,9 +60,28 @@ gen_spec(){ group="$(get_spec group)" template="rpm_spec/template/template.spec" target="rpm_spec/${group}-${project}.spec" + intended_target="${target}" + if test "${2-}" = "test"; then + tmpdir="$(mktemp -d)" + target="${tmpdir}/${group}-${project}.spec" + trap 'rm -rf -- "${tmpdir}"' EXIT INT HUP QUIT ABRT + fi readme="$(get_spec readme)" + project_name="$(get_spec project)" + version="$(get_spec version)" + license="$(get_spec license)" + vendor="$(get_spec vendor)" + packager="$(get_spec packager)" + url="$(get_spec url)" + bug_url="$(get_spec bug_url)" + requires="$(get_spec requires)" + summary="$(get_spec summary)" + description="$(escape_key text "$(get_spec description)")" + file_roots="$(get_spec file_roots)" + changelog="$(get_spec changelog)" + pre_install="$(get_scriptlet pre-install)" pre_upgrade="$(get_scriptlet pre-upgrade)" post_install="$(get_scriptlet post-install)" @@ -56,10 +91,6 @@ gen_spec(){ postun_uninstall="$(get_scriptlet postun-uninstall)" postun_upgrade="$(get_scriptlet postun-upgrade)" - version="$(get_spec version)" - changelog="$(get_spec changelog)" - requires="$(get_spec requires)" - sed \ -e "s/@PRE_INSTALL@/${pre_install}/" \ -e "s/@PRE_UPGRADE@/${pre_upgrade}/" \ @@ -69,17 +100,34 @@ gen_spec(){ -e "s/@PREUN_UPGRADE@/${preun_upgrade}/" \ -e "s/@POSTUN_UNINSTALL@/${postun_uninstall}/" \ -e "s/@POSTUN_UPGRADE@/${postun_upgrade}/" \ + -e "s|@FILE_ROOTS@|${file_roots}|" \ + -e "s/@PROJECT@/${project_name}/" \ -e "s/@VERSION@/${version}/" \ - -e "s/@PROJECT@/${project}/" \ + -e "s/@SUMMARY@/${summary}/" \ + -e "s/@GROUP@/${group}/" \ + -e "s/@PACKAGER@/${packager}/" \ + -e "s/@VENDOR@/${vendor}/" \ + -e "s/@LICENSE@/${license}/" \ + -e "s|@BUG_URL@|${bug_url}|" \ + -e "s|@URL@|${url}|" \ + -e "s|@DESCRIPTION@|${description}|" \ -e "/@CHANGELOG@/d" \ "${template}" | tee "${target}" >/dev/null requires_key="" for r in $(printf %s"${requires}" | tr " " "\n" | sort -u); do - requires_key="${requires_key}\nRequires: ${group}-${r}" + requires_key="${requires_key:-}Requires: ${group}-${r}\n" done sed -i "s/@REQUIRES@/${requires_key}/" "${target}" >/dev/null echo "${changelog}" | tee -a "${target}" >/dev/null + + if test "${2-}" = "test"; then + if ! cmp -s "${target}" "${intended_target}"; then + echo "${0##*/}: error: File ${intended_target} is not up to date" >&2 + echo "${0##*/}: error: Update the spec with: ${0##/*} ${project}" >&2 + exit 1 + fi + fi } case "${1-}" in @@ -88,9 +136,15 @@ esac command -v git >/dev/null || { echo "Missing program: git" >&2; exit 1; } cd "$(git rev-parse --show-toplevel)" +./scripts/requires-program.sh vim spec_get="./scripts/spec-get.sh" +if test "${2-}" = "test"; then + gen_spec "${1}" test + exit +fi + if test -z "${1-}"; then # shellcheck disable=SC2046 set -- $(find salt/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' \ diff --git a/scripts/spec-get.sh b/scripts/spec-get.sh index 31a1785..7d02cac 100755 --- a/scripts/spec-get.sh +++ b/scripts/spec-get.sh @@ -53,15 +53,14 @@ if test "${key}" = "branch"; then branch="$(git branch --show-current)" fi -group="qusal" +toplevel="$(git rev-parse --show-toplevel)" +group="${toplevel##*/}" block_max_chars group "${group}" 70 file_roots="/srv/salt/${group}" -vendor="${QUSAL_VENDOR:-"Benjamin Grande"}" -packager="${QUSAL_PACKAGER:-"Benjamin Grande"}" -url="${QUSAL_URL:-"https://github.com/ben-grande/qusal"}" -bug_url="${QUSAL_BUGURL:-"https://github.com/ben-grande/qusal/issues"}" -# shellcheck disable=SC2094 -read -r version &2