# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. # # SPDX-License-Identifier: AGPL-3.0-or-later %define project sys-ssh-agent %define license_csv AGPL-3.0-or-later ## Reproducibility. %define source_date_epoch_from_changelog 1 %define use_source_date_epoch_as_buildtime 1 %define clamp_mtime_to_source_date_epoch 1 ## Changelog is trimmed according to current date, not last date from changelog. %define _changelog_trimtime 0 %define _changelog_trimage 0 %global _buildhost %{name} ## Python bytecode interferes when updates occur and restart is not done. %undefine __brp_python_bytecompile Name: qusal-sys-ssh-agent Version: 0.0.1 Release: 1%{?dist} Summary: SSH Agent through Qrexec in Qubes OS Group: qusal Packager: %{?_packager}%{!?_packager:Ben Grande } Vendor: Ben Grande License: AGPL-3.0-or-later URL: https://github.com/ben-grande/qusal BugURL: https://github.com/ben-grande/qusal/issues Source0: %{name}-%{version}.tar.gz BuildArch: noarch Requires: qubes-mgmt-salt Requires: qubes-mgmt-salt-dom0 Requires: qusal-dev Requires: qusal-dotfiles Requires: qusal-utils %description The key pairs are stored on the offline ssh-agent server named "sys-ssh-agent", and requests are passed from clients to the server via Qrexec. Clients may access the same ssh-agent of a qube, or access different agents. In other words, this is an implementation of split-ssh-agent. The client does not know the identity of the ssh-agent server, nor are keys kept in memory in the client. This method is ideal for cases where you have a number of key pairs, which are used by different qubes. A centralized SSH server is very useful not only for keeping your private keys safe, but also for keeping your workflow organized. You can delete qubes that are SSH clients without losing access to your remote server, because the authentication keys are on the sys-ssh-agent server, your client qube should only hold the SSH configuration, which can be reconstructed. %prep %setup -q %build %check %pre %install rm -rf %{buildroot} install -m 755 -d \ %{buildroot}/srv/salt/qusal \ %{buildroot}%{_docdir}/%{name} \ %{buildroot}%{_defaultlicensedir}/%{name} for license in $(echo "%{license_csv}" | tr "," " "); do license_dir="LICENSES" if test -d "salt/%{project}/LICENSES"; then license_dir="salt/%{project}/LICENSES" fi install -m 644 "${license_dir}/${license}.txt" %{buildroot}%{_defaultlicensedir}/%{name}/ done install -m 644 salt/%{project}/README.md %{buildroot}%{_docdir}/%{name}/ rm -rf \ salt/%{project}/LICENSES \ salt/%{project}/README.md \ salt/%{project}/.* cp -rv salt/%{project} %{buildroot}/srv/salt/qusal/%{name} %post if test "$1" = "1"; then ## Install qubesctl state.apply sys-ssh-agent.create qubesctl --skip-dom0 --targets=tpl-sys-ssh-agent state.apply sys-ssh-agent.install qubesctl --skip-dom0 --targets=sys-ssh-agent state.apply sys-ssh-agent.configure elif test "$1" = "2"; then ## Upgrade true fi %preun if test "$1" = "0"; then ## Uninstall true elif test "$1" = "1"; then ## Upgrade true fi %postun if test "$1" = "0"; then ## Uninstall true elif test "$1" = "1"; then ## Upgrade true fi %files %defattr(-,root,root,-) %license %{_defaultlicensedir}/%{name}/* %doc %{_docdir}/%{name}/README.md %dir /srv/salt/qusal/%{name} /srv/salt/qusal/%{name}/* %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies. %changelog * Thu Jul 04 2024 Ben Grande - 383c840 - doc: lint markdown files * Tue Jun 25 2024 Ben Grande - 9c28068 - refactor: prefer systemd sockets over socat * Fri Jun 21 2024 Ben Grande - c84dfea - fix: generate RPM Specs for Qubes Builder V2 * Thu Jun 13 2024 Ben Grande - a564b3a - feat: add TCP proxy for remote hosts * Tue May 28 2024 Ben Grande - 44ea4c5 - feat: add manual page reader * Mon Mar 18 2024 Ben Grande - f9ead06 - fix: remove extraneous package repository updates * Fri Feb 23 2024 Ben Grande - 5605ec7 - doc: prefix qubesctl with sudo * Tue Feb 20 2024 Ben Grande - 2b46500 - doc: remove outdated ssh agent server instructions * Mon Jan 29 2024 Ben Grande - 6efcc1d - chore: copyright update * Sun Jan 21 2024 Ben Grande - 3e6ba8f - fix: client install the ssh-agent client packages * Sat Jan 20 2024 Ben Grande - 422b01e - feat: remove audiovm setting when unnecessary * Tue Nov 21 2023 Ben Grande - 10b3bcd - fix: unstrusted input marking and sanitization * Mon Nov 13 2023 Ben Grande - 5eebd78 - refactor: initial commit