Hebasto and Stepanov did not add their signatures to SHASUMS.asc
acquired from the Bitcoin website but did sign the releases in
guix.sigs.
Keys who did not sign the current release were removed as they haven't
been signing for some time.
New keys added for 0xb10c (Core), Emzy (Electrum) and Guggero (LND) were
added and they have been signing every release since 22.0 (oldest
possible release that has detached signatures in guix.sigs).
There are 9 keys present now, 6 entities that are adding their
signatures to the detached signature file and 4 that are required for
the verification to succeed.
Other keys that signed the current release and are considered to be
added if any of the current signers quit: kvaciral (since 23.0),
TheCharlatan (since 24.1), willcl-ark (since 25.0), m3dwards (since
26.0), pinhead (since 26.0)
- Use tags to help on the Qrexec policy notation;
- Create AppVMs also to fetch and send emails, useful for OfflineIMAP
that requires sync;
- OfflineIMAP is smart enough depending on the server, such as Gmail;
- Quote options managed by the user such as password fields as they
could contain spaces; and
- Default fetching method to always keep files on the remote to avoid
users being surprised about the fetcher behavior or losing data.
GPGME can be relevant for client applications such as Thunderbird.
Pinentry can be relevant for the server side, but it is way less tested
in split-gpg2 and discouraged to be used.
For: https://github.com/ben-grande/qusal/issues/83
In case the target qube is the last qube in the chain, such as sys-net,
add the appropriate rules to it and modify the destination address to be
the public IP, not the local qube IP.
- Add to qvm-run:
- no-gui when command doesn't require a GUI
- filter-escape-chars when pass-io is set and output is not a file,
such as a pipe that could later be used to print information.
- Change remaining echo to printf
- Add end-of-options separator when possible
Many people reported problems with the installation command, most of
them had typos, understandable due to the long command. Tar is available
even on minimal templates. Using tar is not more dangerous than using
qfile-unpacker in this case because the project has no signed archives
and passing a directory to dom0 is insecure, considering a git repo, an
attacker could find information in the .git directory or modify files
and add them to git exclude, which won't be noticed when verifying the
commit signature.
In the future, if a signed tarball were to be provided, qvm-run and pipe
would be used instead, making the command even simpler.
Check commit signature and if it fails, check if any signed tags
associated with commit exist from a keyring that can be found only
locally.
For: https://github.com/ben-grande/qusal/issues/105
Skipping the Git system configuration on Whonix weakens the state as it
starts depending on the dotfiles, but it is the only way to not break
system updates due to Whonix security-misc package owning the same file.
Fix: https://github.com/ben-grande/qusal/issues/101
If the commit of the spec file is not done separate from formula files
or at last, the check fails. I was skipping it locally but best to
comment out as it is not being used.
Echo can interpret operand as an option and checking every variable to
be echoed is troublesome while with printf, if the format specifier is
present before the operand, printing as string can be enforced.
The feature is more reliable than the whonix-updatevm tag as the tag can
be deleted for other Whonix tags to take effect to target different
gateways, which is the case for the Bitcoin formula.
