Commit Graph

23 Commits

Author SHA1 Message Date
Ben Grande
bdd4c789c1
fix: avoid echo usage
Echo can interpret operand as an option and checking every variable to
be echoed is troublesome while with printf, if the format specifier is
present before the operand, printing as string can be enforced.
2024-08-06 18:15:24 +02:00
Ben Grande
1b2f1ba941
fix: avoid operand evaluation as argument
Explicit end option parsing as the shell can be quite dangerous without
it.
2024-08-06 17:13:25 +02:00
Ben Grande
224312ed42
feat: enable all optional shellcheck validations
Make shell a little bit safer with:

- add-default-case
- check-extra-masked-returns
- check-set-e-suppressed
- quote-safe-variables
- check-unassigned-uppercase

Although there are some stylistic decisions for uniformity:

- avoid-nullary-conditions
- deprecated-which
- require-variable-braces
2024-07-10 14:36:05 +02:00
Ben Grande
011a71a36d
style: limit line length per file extension
Editorconfig can only act based on file extension and path, not
attributes, it remains a mean only for multiple collaborators to use the
same configuration on their editor. When it is too restrictive, such as
not considering the file syntax, use a lint tool for the specific file
type instead of trusting editorconfig. Changes were made to increase
readability.
2024-07-09 17:42:07 +02:00
Ben Grande
383c840f2f
doc: lint markdown files
Only way to have a unified markdown syntax is to enforce the wanted
syntax by linting the files. Don't rely on the many markdown syntaxes,
be consistent.
2024-07-04 17:27:31 +02:00
Ben Grande
9c280689d8
refactor: prefer systemd sockets over socat
- Document preferred method for socket use depending on use case;
- Fix Github web-flow key;
- Standardize naming of services;
- Use sys-ssh in ansible formula;
- Start services conditionally with Qubes Service and evaluated by
  systemd ConditionPathExists= instead of installing on a per qube basis
  with rc.local scripts;
- Change Qusal services to "qusal-" prefix instead of "qubes-" prefix.

Fixes: https://github.com/ben-grande/qusal/issues/80
Fixes: https://github.com/ben-grande/qusal/issues/79
2024-06-25 22:16:26 +02:00
Ben Grande
c84dfea48e
fix: generate RPM Specs for Qubes Builder V2
It doesn't checkout the current directory when querying the spec, so we
provide the already modified version of the spec.
2024-06-21 17:00:06 +02:00
Ben Grande
bf0a4bc914
fix: terminate option parsing for qvm commands 2024-06-19 15:12:22 +02:00
Ben Grande
8d9ad740a8
fix: correct man-db typo
Fixes: https://github.com/ben-grande/qusal/issues/56
2024-06-04 19:58:36 +02:00
Ben Grande
44ea4c5db2
feat: add manual page reader
Ability to read the program's manual from the terminal is much better
than to ask the user to search the manual page on the internet, we
already trust the installed program and documentation, but we should not
trust every manual page on the internet.
2024-05-28 11:00:04 +02:00
Ben Grande
f9ead06408 fix: remove extraneous package repository updates
Updates happens multiple times, normally 2 to 3, even if we consider a
state without includes. On states with multiple includes, it could
easily get approximately 10 updates being ran. This behavior leads to
unnecessary network bandwidth being spent and more time to run the
installation state. When the connection is slow and not using the
cacher, such as torified connections on Whonix, the installation can
occurs much faster.

Adding external repositories has to be done prior to update to ensure it
is also fetched.

Fixes: https://github.com/ben-grande/qusal/issues/29
2024-03-18 17:51:36 +01:00
Ben Grande
beb5c048ee fix: start qube before running qrexec-client 2024-03-11 17:51:43 +01:00
Ben Grande
5605ec7885 doc: prefix qubesctl with sudo
Fixes: https://github.com/ben-grande/qusal/issues/20
2024-02-23 16:55:11 +01:00
Ben Grande
6efcc1da77 chore: copyright update 2024-01-29 16:49:54 +01:00
Ben Grande
422b01e0f6 feat: remove audiovm setting when unnecessary
Decrease audio attack surface to qubes that will never need to use it.
2024-01-20 19:34:39 +01:00
Ben Grande
04a016e876 doc: attacker can display a large byte set 2024-01-18 19:49:15 +01:00
Ben Grande
f8ea066b2b doc: how to update the repository
As it is not easy to get files to dom0 and we don't want to reimplement
a package manager, crude Git is the solution as of know.

With Git we have the following advantages: native fetch format for
source controlled files, cleaner command-line, automatic signature
verification during merge, the disadvantage is that it is not included
by default in Dom0 and filtering it's stdout chars are not possible.
Note that the remote can report messages to the client via stderr, which
is filtered already, and if it tries to send an escape sequence to
stdout, the operation will fail with 'bad line length character: CHAR'
printed to stderr on the client, unfiltered by qrexec, but filtered to
some extent by the git client. If it is an escape character, the char is
transformed to "?", but UTF-8 multibyte characters are not filtered. Up
to 4 bytes can be displayed.

Tar on the other hand is already installed, but it is much ancient and
it's file parsing caused CVEs in the past relatively more drastic than
Git, it also doesn't only include committed files, it can include any
file that is present in the directory, which by far, increases a lot of
the attack surface unless you reset the state to HEAD, clean .git
directory manually and there are possibly other avenues of attack.
2024-01-18 15:22:35 +01:00
Ben Grande
23bccebaab fix: dom0 as sys-git client
The salt module git.config_get does not work in Dom0 and does not have
a key to set the system gitconfig.
2024-01-18 09:21:21 +01:00
Ben Grande
b52e4b1b63 fix: strict split-gpg2 service
Split-gpg V1 allowed for querying public keys, but as split-gpg2 is
running as an agent, public keys are not queried. Allowing connection to
the server to query only public parts of the key exposes the server more
than needed to the client.

All clients now have to hold the public key they need locally in order
to do GPG operations.
2023-12-28 11:47:41 +01:00
Ben Grande
f21f676adf fix: dom0 qrexec call target qube 2023-12-21 22:38:32 +01:00
Ben Grande
a820751ba3 refactor: git Qrexec helper with drop-in commands
Drop-in scripts can complement the remote-helper ability.
Basic trace of the communication of git with the helper.
2023-12-21 15:38:16 +01:00
Ben Grande
10b3bcdf41 fix: unstrusted input marking and sanitization 2023-11-21 14:57:47 +00:00
Ben Grande
5eebd789ed refactor: initial commit 2023-11-13 14:33:28 +00:00