Commit Graph

14 Commits

Author SHA1 Message Date
Ben Grande
0b1d0ccece doc: verify submodule signatures
Updating git submodules are not merges by default, they are a checkout,
therefore no signature verification is done, merge.VerifySignatures=true
is ignored. Unless git-submodule--helper implements a method to verify
signatures before checking out commits, it can't be relied on.
2024-03-11 17:52:38 +01:00
Ben Grande
ecbc40ff95 doc: explain the dom0 update methods 2024-02-28 22:58:23 +01:00
Ben Grande
621c985cf3 fix: remove interactive mode from rm command 2024-02-26 15:26:08 +01:00
Ben Grande
f513f64065 feat: better dom0 terminal usability
These helpers were in the dotfiles submodule, but they are very useful
and makes sense to port them to this project, especially when in need to
update Qusal.

Fixes: https://github.com/ben-grande/qusal/issues/18
Fixes: https://github.com/ben-grande/qusal/issues/21
2024-02-23 16:47:27 +01:00
Ben Grande
e1fe461eb8 doc: project signature verification in dom0 2024-01-22 18:49:17 +01:00
Ben Grande
d23a6da9fc doc: separate documents per use case
The main README is very large, by placing the documents in a separate
directory, we allow the user to choose explicitly what they read, giving
a better reading experience and allows a deeper understanding of the
project.
2024-01-22 18:38:04 +01:00
Ben Grande
f8ea066b2b doc: how to update the repository
As it is not easy to get files to dom0 and we don't want to reimplement
a package manager, crude Git is the solution as of know.

With Git we have the following advantages: native fetch format for
source controlled files, cleaner command-line, automatic signature
verification during merge, the disadvantage is that it is not included
by default in Dom0 and filtering it's stdout chars are not possible.
Note that the remote can report messages to the client via stderr, which
is filtered already, and if it tries to send an escape sequence to
stdout, the operation will fail with 'bad line length character: CHAR'
printed to stderr on the client, unfiltered by qrexec, but filtered to
some extent by the git client. If it is an escape character, the char is
transformed to "?", but UTF-8 multibyte characters are not filtered. Up
to 4 bytes can be displayed.

Tar on the other hand is already installed, but it is much ancient and
it's file parsing caused CVEs in the past relatively more drastic than
Git, it also doesn't only include committed files, it can include any
file that is present in the directory, which by far, increases a lot of
the attack surface unless you reset the state to HEAD, clean .git
directory manually and there are possibly other avenues of attack.
2024-01-18 15:22:35 +01:00
Ben Grande
80638d64b5 feat: port forwarder
If persistent rules are chosen, it can deal with disposable sys-net, but
not with disposable sys-firewall, as the qube ip will change, the rule
won't work. Applying the rule to the disposable template is a "try it
all", but it's usage is discouraged.
2024-01-16 00:15:29 +01:00
Ben Grande
c3937e881e fix: disposable sys-audio name with disp prefix 2024-01-14 14:05:17 +01:00
Ben Grande
c306047f1e fix: sys-wireguard compatible with Qubes 4.2 2024-01-08 20:07:20 +01:00
Ben Grande
41b71eed46 doc: update README.md 2024-01-04 22:05:35 +01:00
Ben Grande
ca95f435c8 doc: sys-audio compatible with Qubes 4.2 2024-01-03 12:34:48 +01:00
Ben Grande
cb01810cef fix: update minimum Qubes version to 4.2 2023-12-27 20:13:33 +01:00
Ben Grande
5eebd789ed refactor: initial commit 2023-11-13 14:33:28 +00:00