qusal/salt/mirage-builder
Ben Grande b52e4b1b63 fix: strict split-gpg2 service
Split-gpg V1 allowed for querying public keys, but as split-gpg2 is
running as an agent, public keys are not queried. Allowing connection to
the server to query only public parts of the key exposes the server more
than needed to the client.

All clients now have to hold the public key they need locally in order
to do GPG operations.
2023-12-28 11:47:41 +01:00
..
files/client refactor: initial commit 2023-11-13 14:33:28 +00:00
clone.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
clone.top refactor: initial commit 2023-11-13 14:33:28 +00:00
configure.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
configure.top refactor: initial commit 2023-11-13 14:33:28 +00:00
create.sls fix: strict split-gpg2 service 2023-12-28 11:47:41 +01:00
create.top refactor: initial commit 2023-11-13 14:33:28 +00:00
init.top refactor: initial commit 2023-11-13 14:33:28 +00:00
install.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
install.top refactor: initial commit 2023-11-13 14:33:28 +00:00
README.md refactor: initial commit 2023-11-13 14:33:28 +00:00

mirage-builder

Mirage Builder environment in Qubes OS.

Table of Contents

Description

Setup a builder qube for Mirage Unikernel named "mirage-builder". The tool necessary to build Mirage with docker or directly with Opam will also be installed.

Installation

Mirage Firewall commits and tags are not signed by individuals, but as they are done through the web interface, they have GitHub Web-Flow signature. This is the best verification we can get for Mirage Firewall. If you don't trust the hosting provider however, don't install this package.

  • Top
qubesctl top.enable mirage-builder
qubesctl --targets=tpl-mirage-builder,mirage-builder state.apply
qubesctl top.disable mirage-builder
  • State
qubesctl state.apply mirage-builder.create
qubesctl --skip-dom0 --targets=tpl-mirage-builder state.apply mirage-builder.install
qubesctl --skip-dom0 --targets=mirage-builder state.apply mirage-builder.configure

Usage

The qube mirage-builder is intended to build Mirage Unikernel. Consult upstream documentation on how to build qubes-mirage-firewall from source.

If you plan to build without docker, the hooks and completion scripts are already being sourced by your shell profile. Because of this, when calling opam-init, use it together with the option --no-setup:

opam init --no-setup