Commit Graph

230 Commits

Author SHA1 Message Date
Ben Grande
fc22726ee8
feat: build and sign RPM packages
Passing files to Dom0 is always dangerous:

- Passing a git repository is dangerous as it can have ignored modified
  files and signature verification will pass.
- Passing an archive is troublesome for updates.
- Passing an RPM package depends on the RPM verification to be correct,
  some times it is not.
- Passing a RPM repository definition is less troublesome for the user,
  as it is a small file to verify the contents and update mechanism is
  via the package manager. Trust in RPM verification is still required.

Many improvements were made to the build scripts:

- requires-program: Single function to check if program is installed;
- spec-get: Sort project names for the usage message;
- spec-get: Only running commands that are necessary;
- spec-get: Fix empty summary when readme has copyright header;
- spec-gen: Fix grep warning of escaped symbol;
- spec-build: Sign RPM and verify signature;
- spec-build: Only lint the first SPEC for faster runtime;
- yumrepo-gen: Generate a local yum repository with signed metadata;
- qubesbuilder-gen: Generate a .qubesbuilder based on tracked projects;
- release: Build, sign and push all RPMs to repository.

Goal is to be able to build with qubes-builderv2 Qubes Executor.

For: https://github.com/ben-grande/qusal/issues/37
2024-06-12 14:44:04 +02:00
Ben Grande
10200f609e
fix: rpmmacros is unnecessary with split-gpg2 2024-06-12 11:32:43 +02:00
Ben Grande
ffe03ba02a
fix: set global prefs for management_dispvm 2024-06-10 19:39:08 +02:00
Ben Grande
c456af2718
fix: remove duplicated Fedora mirrors 2024-06-10 19:15:14 +02:00
Ben Grande
8ae815de71
fix: run repo rewriter after upstream proxy update
Rewriter depends on the check of qubes-services and must be run after
/usr/lib/qubes/init/misc-post.sh.
2024-06-10 19:02:07 +02:00
Ben Grande
b4de619197
fix: update Debian and Fedora mirrors 2024-06-10 13:57:18 +02:00
Ben Grande
2b181f854a
fix: merge Qubes OS repositories
Only deb and rpm where cached and only if used from the Qubes website
and made to individual directories. Now every package from every package
manager Qubes supports will be cached.

Update according to upstream.
2024-06-10 13:56:59 +02:00
Ben Grande
fcf7fe9623
fix: guarantee a fully updated system on bootstrap
If user just installed Qubes, the full templates can have updates
available. If user restored backups of templates and standalones, they
could also have updates available. Available updates can contain fixes
that if not applied, can make the states fail, such as a buggy salt
package and Qrexec service that can make a state fail in case the
full outdated templates and standalones are responsible for the
functionality specially of management_dispvm, updatevm, default_netvm
and qubes.UpdatesProxy service.
2024-06-09 12:55:48 +02:00
Ben Grande
d2771d5dd6
fix: guarantee states order dependent on browser 2024-06-09 12:50:53 +02:00
Ben Grande
899f7e49b1
fix: add Fedora 40 Firefox desktop file to appmenu
Fixes: https://github.com/ben-grande/qusal/issues/52
2024-06-09 12:36:39 +02:00
Ben Grande
1003d62995
fix: KDE with outdated require id 2024-06-08 06:17:09 +02:00
Ben Grande
c7c85fbcb4
fix: more restrictive Qrexec audio policy 2024-06-07 16:51:43 +02:00
Ben Grande
efc3984df3
feat: allow terminal and file manager choice
The gnome-terminal can't start as root, related to dbus.
2024-06-07 15:27:44 +02:00
Ben Grande
bb384403ad
feat: revive caching of Fedora qubes
- Update with cacher upstream changes;
- Fix README command typos;
- Restore Fedora functionality;
- Update mirror list;
- Move repository definitions to separate files for readability; and
- Add Tailscale and Blackarch repository.
2024-06-07 15:01:16 +02:00
Ben Grande
29601d8df8
doc: refer to video-companion for sys-usb webcam 2024-06-04 19:59:45 +02:00
Ben Grande
8d9ad740a8
fix: correct man-db typo
Fixes: https://github.com/ben-grande/qusal/issues/56
2024-06-04 19:58:36 +02:00
Ben Grande
7873dd8673
fix: remove undesired appmenus from builder qubes 2024-06-04 13:54:48 +02:00
Ben Grande
6e8541672f
feat: add disposable qubes to bitcoin clients 2024-06-04 11:00:06 +02:00
Ben Grande
a4848e1932
fix: update dotfiles module 2024-06-04 10:59:32 +02:00
Ben Grande
34d5d36518
feat: add state for desktop i3 and AwesomeWM 2024-06-04 10:43:16 +02:00
Ben Grande
0c9b173e2c
feat: add Qubes Video Companion formula
Fixes: https://github.com/ben-grande/qusal/issues/49
2024-05-30 16:07:53 +02:00
Ben Grande
bb4dcbbe8f
fix: cacher: restrict install to supported clients
- Enforce uninstall in Fedora, it has been too problematic due to zchunk
  checksum mismatch errors;
- Skip tagging and installing on unsupported qubes, before it tagged
  every template that did not have the tag 'whonix-updatevm', this is
  error prone as it would fail the installation on unsupported clients
  such as Gentoo, Mirage.

Fixes: https://github.com/ben-grande/qusal/issues/54
2024-05-29 18:29:27 +02:00
Ben Grande
9cb7d72044
fix: cacher: use systemd service drop-in directory 2024-05-29 13:56:46 +02:00
Ben Grande
df698b499f
fix: bump Ansible repository codename 2024-05-29 11:35:37 +02:00
Ben Grande
8accc47d99
fix: remove old deb repository list format 2024-05-29 11:34:17 +02:00
Ben Grande
a2e1972389
fix: cache Mozilla and Element repository 2024-05-29 09:55:38 +02:00
Ben Grande
bc8213b8ce
fix: split-gpg2 fedora clashes with debian agent
Fixes: https://github.com/ben-grande/qusal/issues/53
2024-05-28 15:04:20 +02:00
Ben Grande
44ea4c5db2
feat: add manual page reader
Ability to read the program's manual from the terminal is much better
than to ask the user to search the manual page on the internet, we
already trust the installed program and documentation, but we should not
trust every manual page on the internet.
2024-05-28 11:00:04 +02:00
Ben Grande
26a35b838f
feat: add Element formula 2024-05-28 09:57:55 +02:00
Ben Grande
efcf8c7723
fix: unify screenshot tool existence logic
Fixes: https://github.com/ben-grande/qusal/issues/51
2024-05-24 23:30:43 +02:00
Ben Grande
444672e999
fix: prefer maim for screenshot
- Maim causes no errors and has region and window capabilities;
- Scrot region capture puts some weird borders when dragging the mouse;
- Spectacle allows editing but is too feature rich (complicated); and
- Xfce4-screenshooter does not allow selecting both region and window.

Fixes: https://github.com/ben-grande/qusal/issues/51
2024-05-24 22:56:32 +02:00
Ben Grande
b09ecdceb9
feat: add Print formula 2024-05-24 15:39:22 +02:00
Ben Grande
cbf61e674e
feat: add Firefox browser from Mozilla repository 2024-05-24 13:53:17 +02:00
Ben Grande
c8b9bb3198
feat: bump Electrs version 2024-05-23 12:05:12 +02:00
Ben Grande
b2c9479e50
fix: enforce https on repository installation
Previously was just http to allow for caching and non-caching of
packages. Currently, a client tool exists to rewrite repository
definitions.
2024-05-16 18:57:59 +02:00
Ben Grande
d4c3fb11d3
feat: add terraform and chrome fedora repositories 2024-05-16 18:24:03 +02:00
Ben Grande
3adc241500
fix: renew keys and delete expired ones
For: https://github.com/ben-grande/qusal/issues/46
2024-05-15 17:06:26 +02:00
Ben Grande
d1485990e4
doc: nested list indentation 2024-05-14 18:43:07 +02:00
Ben Grande
72f61bbbd9
fix: install fwupd qubes plugin to updatevm 2024-05-11 03:31:49 +02:00
Ben Grande
bfb3026dc1
fix: update mirage firewall version 2024-05-11 02:54:52 +02:00
Ben Grande
972ac77bc2
fix: install libpci by default on sys-net
It is not possible to troubleshoot network module loading without
pciutils. Although it is a troubleshooting tools, it is not
troubleshooting the network, but to make the system itself be able to
load kernel modules and reach the network, therefore necessary.
2024-05-02 19:33:32 +02:00
Ben Grande
18204da1a2
fix: import jinja template to dom0 kde state
Fixes: https://github.com/ben-grande/qusal/issues/50
2024-05-01 03:23:19 +02:00
Ben Grande
5722a25779
fix: discover non-root username at runtime
Useful when Dom0 has the non-default username, less useful for DomUs.

Fixes: https://github.com/ben-grande/qusal/issues/43
2024-04-30 16:04:40 +02:00
Ben Grande
e84959bebb
fix: update fedora mirror list with upstream
Experiment with setting zchunk to false in DNF for Fedora.

Fixes: https://github.com/ben-grande/qusal/issues/47
2024-04-30 14:53:21 +02:00
Ben Grande
760fdd9625
doc: cacher documentation duplicates sections
Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-30 14:07:03 +02:00
Ben Grande
bfd7b228c5
fix: incorrect path to repo rewriter service
Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-29 23:10:08 +02:00
Ben Grande
234afc3df8
doc: update cacher table of contents 2024-04-26 19:27:52 +02:00
Ben Grande
1ede2e1a1e
fix: allow update check to work on cacher clients
Qubes that have the updates-proxy-service enabled will have the
repository definitions set to work with the proxy, being it a TemplateVM
or another type of qube. Qubes that have that same service disabled and
are based on templates that are being cached, will have the repository
definitions corrected for it to work like normal systems via the
networking instead of caching proxy.

Optimizations were done for a faster runtime, previously it would call
sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora
repositories (one extra for rpmfusion) and some more for PackageKit and
dnf.conf markers. Inexpensive runtime is a must for a script that may
run multiple times, such as when being called by a tool monitoring the
filesystem such as inotify.

Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use
case of the cacher, thus the license had to be changed.

For: https://github.com/ben-grande/qusal/issues/44
Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 19:23:14 +02:00
Ben Grande
a6f7d23819
doc: wrong cacher header position 2024-04-25 11:53:47 +02:00
Ben Grande
648bdad04b
fix: remove updatevm tag after DomU uninstallation
For: https://github.com/ben-grande/qusal/issues/41
2024-04-25 11:25:42 +02:00