- Use tags to help on the Qrexec policy notation;
- Create AppVMs also to fetch and send emails, useful for OfflineIMAP
that requires sync;
- OfflineIMAP is smart enough depending on the server, such as Gmail;
- Quote options managed by the user such as password fields as they
could contain spaces; and
- Default fetching method to always keep files on the remote to avoid
users being surprised about the fetcher behavior or losing data.
GPGME can be relevant for client applications such as Thunderbird.
Pinentry can be relevant for the server side, but it is way less tested
in split-gpg2 and discouraged to be used.
For: https://github.com/ben-grande/qusal/issues/83
- Add to qvm-run:
- no-gui when command doesn't require a GUI
- filter-escape-chars when pass-io is set and output is not a file,
such as a pipe that could later be used to print information.
- Change remaining echo to printf
- Add end-of-options separator when possible
Passing files to Dom0 is always dangerous:
- Passing a git repository is dangerous as it can have ignored modified
files and signature verification will pass.
- Passing an archive is troublesome for updates.
- Passing an RPM package depends on the RPM verification to be correct,
some times it is not.
- Passing a RPM repository definition is less troublesome for the user,
as it is a small file to verify the contents and update mechanism is
via the package manager. Trust in RPM verification is still required.
Many improvements were made to the build scripts:
- requires-program: Single function to check if program is installed;
- spec-get: Sort project names for the usage message;
- spec-get: Only running commands that are necessary;
- spec-get: Fix empty summary when readme has copyright header;
- spec-gen: Fix grep warning of escaped symbol;
- spec-build: Sign RPM and verify signature;
- spec-build: Only lint the first SPEC for faster runtime;
- yumrepo-gen: Generate a local yum repository with signed metadata;
- qubesbuilder-gen: Generate a .qubesbuilder based on tracked projects;
- release: Build, sign and push all RPMs to repository.
Goal is to be able to build with qubes-builderv2 Qubes Executor.
For: https://github.com/ben-grande/qusal/issues/37
