From f513f64065937a7fbefbdfe2b47bd11e61d49432 Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Fri, 23 Feb 2024 16:47:27 +0100 Subject: [PATCH] feat: better dom0 terminal usability These helpers were in the dotfiles submodule, but they are very useful and makes sense to port them to this project, especially when in need to update Qusal. Fixes: https://github.com/ben-grande/qusal/issues/18 Fixes: https://github.com/ben-grande/qusal/issues/21 --- README.md | 41 +++++++++++++++++++---- salt/dom0/files/bin/qvm-copy-to-dom0 | 29 ++++++++++++++++ salt/dom0/files/bin/qvm-file-manager | 1 + salt/dom0/files/bin/qvm-terminal | 49 ++++++++++++++++++++++++++++ salt/dom0/helpers.sls | 38 +++++++++++++++++++++ salt/dom0/helpers.top | 10 ++++++ salt/dom0/init.sls | 10 +++--- salt/dom0/install.sls | 12 ------- salt/dom0/update-settings.sls | 21 ++++++++++++ salt/dom0/update-settings.top | 10 ++++++ salt/dotfiles | 2 +- 11 files changed, 200 insertions(+), 23 deletions(-) create mode 100755 salt/dom0/files/bin/qvm-copy-to-dom0 create mode 120000 salt/dom0/files/bin/qvm-file-manager create mode 100755 salt/dom0/files/bin/qvm-terminal create mode 100644 salt/dom0/helpers.sls create mode 100644 salt/dom0/helpers.top create mode 100644 salt/dom0/update-settings.sls create mode 100644 salt/dom0/update-settings.top diff --git a/README.md b/README.md index 82cf279..f51e920 100644 --- a/README.md +++ b/README.md @@ -10,13 +10,14 @@ and will be introduced in the meantime. You've been warned. ## Table of Contents * [Description](#description) -* [Prerequisites](#prerequisites) * [Installation](#installation) + * [Prerequisites](#prerequisites) * [DomU Installation](#domu-installation) * [Dom0 Installation](#dom0-installation) * [Update](#update) * [DomU Update](#domu-update) - * [Dom0 Update](#dom0-update) + * [Dom0 Update without extra packages](#dom0-update-without-extra-packages) + * [Dom0 Update with Git](#dom0-update-with-git) * [Usage](#usage) * [Contribute](#contribute) * [Donate](#donate) @@ -78,7 +79,7 @@ You current setup needs to fulfill the following requisites: Before copying anything to Dom0, read [Qubes OS warning about consequences of this procedure](https://www.qubes-os.org/doc/how-to-copy-from-dom0/#copying-to-dom0). -1. Copy this repository `$file` from the DomU `$qube` to Dom0: +1. Copy the repository `$file` from the DomU `$qube` to Dom0: ```sh qube="CHANGEME" # qube name where you downloaded the repository file="CHANGEME" # path to the repository in the qube @@ -103,8 +104,8 @@ this procedure](https://www.qubes-os.org/doc/how-to-copy-from-dom0/#copying-to-d ## Update To update, you can copy the repository again to dom0 as instructed in the -[installation](#installation) instructions above or you can fetch it with Git, -as will be demonstrated below. +[installation](#installation) section above or you can use easier methods +demonstrated below. ### DomU Update @@ -113,7 +114,35 @@ Update the repository state in your trusted DomU: git -C ~/src/qusal fetch --recurse-submodules ``` -### Dom0 Update +### Dom0 Update without extra packages + +This method is similar to the installation method, but shorter. + +1. Install the helpers scripts on Dom0 (only has to be run once): + ```sh + sudo qubesctl state.apply dom0.install-helpers + ``` + +2. Copy the repository `$file` from the DomU `$qube` to Dom0: + ```sh + qube="CHANGEME" # qube name where you downloaded the repository + file="CHANGEME" # path to the repository in the qube + rm -rfi ~/QubesIncoming/"${qube}"/qusal + UPDATES_MAX_FILES=10000 qvm-copy-to-dom0 "${qube}" "${file}" + ``` + +3. Verify the commit or tag signature and expect a good signature, be + surprised otherwise: + ```sh + git verify-commit HEAD + ``` + +4. Copy the project to the Salt directories: + ```sh + ~/QubesIncoming/"${qube}"/qusal/scripts/setup.sh + ``` + +### Dom0 Update with Git 1. Install git on Dom0, allow the Qrexec protocol to work in submodules and clone the repository to `~/src/qusal` (only has to be run once): diff --git a/salt/dom0/files/bin/qvm-copy-to-dom0 b/salt/dom0/files/bin/qvm-copy-to-dom0 new file mode 100755 index 0000000..e8dc433 --- /dev/null +++ b/salt/dom0/files/bin/qvm-copy-to-dom0 @@ -0,0 +1,29 @@ +#!/bin/sh + +# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +## Copy a file from an DomU to Dom0. Script has to be run in Dom0 +set -eu + +usage(){ + echo "usage: ${0##*/} +note: disk quota is capped and can be controlled via environment variables: +note: UPDATES_MAX_BYTES (default: 4GiB) +note: UPDATES_MAX_FILES (default: 2048)" >&2 + exit 1 +} + +test -n "${2-}" || usage +qube="${1}" +shift + +dir="${HOME}/QubesIncoming/${qube}" +user="$(qvm-prefs --get -- "${qube}" default_user)" +max_bytes="${UPDATES_MAX_BYTES:-4GiB}" +max_files="${UPDATES_MAX_FILES:-2048}" +qvm-run --pass-io --localcmd=" + UPDATES_MAX_BYTES=\"${max_bytes}\" UPDATES_MAX_FILES=\"${max_files}\" + /usr/libexec/qubes/qfile-dom0-unpacker \"${user}\" \"${dir}\"" \ + "${qube}" /usr/lib/qubes/qfile-agent "${@}" diff --git a/salt/dom0/files/bin/qvm-file-manager b/salt/dom0/files/bin/qvm-file-manager new file mode 120000 index 0000000..180ec8c --- /dev/null +++ b/salt/dom0/files/bin/qvm-file-manager @@ -0,0 +1 @@ +qvm-terminal \ No newline at end of file diff --git a/salt/dom0/files/bin/qvm-terminal b/salt/dom0/files/bin/qvm-terminal new file mode 100755 index 0000000..7c49352 --- /dev/null +++ b/salt/dom0/files/bin/qvm-terminal @@ -0,0 +1,49 @@ +#!/bin/sh + +# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +set -eu + +me="${0##*/}" + +usage(){ + printf '%s\n' "Usage: ${me} [QVM-RUN_OPTIONS] QUBE +Examples: + ${me} --dispvm=DVM_TEMPLATE + ${me} -u root QUBE + ${me} QUBE" >&2 + exit "${1-"1"}" +} + +case "${me}" in + *-terminal) service=qubes-run-terminal ;; + *-file-manager) service=qubes-open-file-manager ;; + *) printf '%s\n' "Invalid script name: ${me}" exit 1 ;; +esac + + +case "${1-}" in + -h|--help) + usage 1 + ;; + "") + ## Try to run on focused window, if Dom0 is focused, it will prompt you to + ## select a qube window. + id="$(xdotool getwindowfocus)" + qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F '"' '{print $2}')" + if test -n "${qube}"; then + exec qvm-run --service -- "${qube}" "qubes.StartApp+${service}" + fi + echo "Select a qube window ..." + id="$(xdotool selectwindow)" + qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F '"' '{print $2}')" + if test -n "${qube}"; then + qvm-run --service -- "${qube}" "qubes.StartApp+${service}" + fi + ;; + *) + qvm-run --service "${@}" -- "qubes.StartApp+${service}" + ;; +esac diff --git a/salt/dom0/helpers.sls b/salt/dom0/helpers.sls new file mode 100644 index 0000000..4eccc83 --- /dev/null +++ b/salt/dom0/helpers.sls @@ -0,0 +1,38 @@ +{# +SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% if grains['nodename'] == 'dom0' -%} + +"{{ slsdotpath }}-terminal-helper": + file.managed: + - name: /usr/local/bin/qvm-termnal + - source: salt://{{ slsdotpath }}/files/bin/qvm-terminal + - mode: "0755" + - user: root + - group: root + - makedirs: True + +"{{ slsdotpath }}-file-manager-helper": + file.symlink: + - require: + - file: "{{ slsdotpath }}-terminal-helper" + - name: /usr/local/bin/qvm-file-manager + - target: /usr/local/bin/qvm-terminal + - user: root + - group: root + - force: True + - makedirs: True + +"{{ slsdotpath }}-copy-to-dom0-helper": + file.managed: + - name: /usr/local/bin/qvm-copy-to-dom0 + - source: salt://{{ slsdotpath }}/files/bin/qvm-copy-to-dom0 + - mode: "0755" + - user: root + - group: root + - makedirs: True + +{% endif -%} diff --git a/salt/dom0/helpers.top b/salt/dom0/helpers.top new file mode 100644 index 0000000..6328b05 --- /dev/null +++ b/salt/dom0/helpers.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - dom0.helpers diff --git a/salt/dom0/init.sls b/salt/dom0/init.sls index cf738ba..cd6af52 100644 --- a/salt/dom0/init.sls +++ b/salt/dom0/init.sls @@ -7,11 +7,13 @@ SPDX-License-Identifier: AGPL-3.0-or-later {% if grains['nodename'] == 'dom0' -%} include: - - .install - - .port-forward - .backup - - .xorg - - .kde - .dotfiles + - .helpers + - .install + - .kde + - .port-forward + - .update-settings + - .xorg {% endif -%} diff --git a/salt/dom0/install.sls b/salt/dom0/install.sls index 17f948a..76ded3a 100644 --- a/salt/dom0/install.sls +++ b/salt/dom0/install.sls @@ -8,18 +8,6 @@ SPDX-License-Identifier: AGPL-3.0-or-later {% if grains['nodename'] == 'dom0' -%} -{% load_yaml as defaults -%} -name: {{ slsdotpath }} -force: True -features: -- set: - - qubes-vm-update-if-stale: 4 - - qubes-vm-update-max-concurrency: 4 - - qubes-vm-update-restart-system: 1 - - qubes-vm-update-restart-other: 0 -{%- endload %} -{{ load(defaults) }} - "{{ slsdotpath }}-updated": pkg.uptodate: - refresh: True diff --git a/salt/dom0/update-settings.sls b/salt/dom0/update-settings.sls new file mode 100644 index 0000000..913ac65 --- /dev/null +++ b/salt/dom0/update-settings.sls @@ -0,0 +1,21 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% if grains['nodename'] == 'dom0' -%} + +{% load_yaml as defaults -%} +name: {{ slsdotpath }} +force: True +features: +- set: + - qubes-vm-update-if-stale: 4 + - qubes-vm-update-max-concurrency: 4 + - qubes-vm-update-restart-system: 1 + - qubes-vm-update-restart-other: 0 +{%- endload %} +{{ load(defaults) }} + +{% endif -%} diff --git a/salt/dom0/update-settings.top b/salt/dom0/update-settings.top new file mode 100644 index 0000000..98fc75d --- /dev/null +++ b/salt/dom0/update-settings.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - dom0.update-settings diff --git a/salt/dotfiles b/salt/dotfiles index 0a373e2..cc2e902 160000 --- a/salt/dotfiles +++ b/salt/dotfiles @@ -1 +1 @@ -Subproject commit 0a373e25707a1ce66b49c115e0dca051ec7f0d66 +Subproject commit cc2e902ac130bb8d3884b79ad93fcdaf4dbba12b