mirror of
https://github.com/ben-grande/qusal.git
synced 2024-12-30 09:56:13 -05:00
f9ead06408
Updates happens multiple times, normally 2 to 3, even if we consider a state without includes. On states with multiple includes, it could easily get approximately 10 updates being ran. This behavior leads to unnecessary network bandwidth being spent and more time to run the installation state. When the connection is slow and not using the cacher, such as torified connections on Whonix, the installation can occurs much faster. Adding external repositories has to be done prior to update to ensure it is also fetched. Fixes: https://github.com/ben-grande/qusal/issues/29 |
||
---|---|---|
.. | ||
files/admin/policy | ||
clone.sls | ||
clone.top | ||
configure.sls | ||
configure.top | ||
create.sls | ||
create.top | ||
init.top | ||
install-client.sls | ||
install-client.top | ||
install.sls | ||
install.top | ||
README.md |
sys-pgp
PGP operations through Qrexec in Qubes OS.
Table of Contents
Description
Creates a PGP key holder named "sys-pgp", it will be the default target for split-gpg and split-gpg2 calls for all qubes. Keys are stored in "sys-pgp", and access to them is made from the client through Qrexec.
Installation
- Top:
sudo qubesctl top.enable sys-pgp
sudo qubesctl --targets=tpl-sys-pgp,sys-pgp state.apply
sudo qubesctl top.disable sys-pgp
- State:
sudo qubesctl state.apply sys-pgp.create
sudo qubesctl --skip-dom0 --targets=tpl-sys-pgp state.apply sys-pgp.install
sudo qubesctl --skip-dom0 --targets=sys-pgp state.apply sys-pgp.configure
Install on the client template:
sudo qubesctl --skip-dom0 --targets=tpl-qubes-builder,tpl-dev state.apply sys-pgp.install-client
The client qube requires the split GPG client service to be enabled:
qvm-features QUBE service.split-gpg2-client
Access Control
Default policy: any qube
can ask
via the @default
target if you allow
it to use split-gpg in sys-pgp
.
Allow the work
qubes to access sys-pgp
, but not other qubes:
qubes.Gpg2 * work sys-pgp ask default_target=sys-pgp
qubes.Gpg2 * work @default ask target=sys-pgp default_target=sys-pgp
qubes.Gpg2 * @anyvm @anyvm deny
Usage
Consult upstream documentation on how to use split-gpg.