mirror of
https://github.com/ben-grande/qusal.git
synced 2024-10-01 02:35:49 -04:00
c84dfea48e
It doesn't checkout the current directory when querying the spec, so we provide the already modified version of the spec.
140 lines
4.2 KiB
RPMSpec
140 lines
4.2 KiB
RPMSpec
# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
## Reproducibility.
|
|
%define source_date_epoch_from_changelog 1
|
|
%define use_source_date_epoch_as_buildtime 1
|
|
%define clamp_mtime_to_source_date_epoch 1
|
|
# Changelog is trimmed according to current date, not last date from changelog.
|
|
%define _changelog_trimtime 0
|
|
%define _changelog_trimage 0
|
|
%global _buildhost %{name}
|
|
# Python bytecode interferes when updates occur and restart is not done.
|
|
%undefine __brp_python_bytecompile
|
|
|
|
Name: qusal-sys-ssh-agent
|
|
Version: 0.0.1
|
|
Release: 1%{?dist}
|
|
Summary: SSH Agent through Qrexec in Qubes OS
|
|
|
|
Group: qusal
|
|
Packager: Ben Grande
|
|
Vendor: Ben Grande
|
|
License: AGPL-3.0-or-later
|
|
URL: https://github.com/ben-grande/qusal
|
|
BugURL: https://github.com/ben-grande/qusal/issues
|
|
Source0: %{name}-%{version}.tar.gz
|
|
BuildArch: noarch
|
|
|
|
Requires: qubes-mgmt-salt
|
|
Requires: qubes-mgmt-salt-dom0
|
|
Requires: qusal-dev
|
|
Requires: qusal-dotfiles
|
|
Requires: qusal-utils
|
|
|
|
|
|
%description
|
|
The key pairs are stored on the offline ssh-agent server named
|
|
"sys-ssh-agent", and requests are passed from clients to the server via
|
|
Qrexec. Clients may access the same ssh-agent of a qube, or access different
|
|
agents. In other words, this is an implementation of split-ssh-agent.
|
|
|
|
The client does not know the identity of the ssh-agent server, nor are keys
|
|
kept in memory in the client. This method is ideal for cases where you have a
|
|
number of key pairs, which are used by different qubes.
|
|
|
|
A centralized SSH server is very useful not only for keeping your private keys
|
|
safe, but also for keeping your workflow organized. You can delete qubes that
|
|
are SSH clients without loosing access to your remote server, because the
|
|
authentication keys are on the sys-ssh-agent server, your client qube should
|
|
only hold the SSH configuration, which can be reconstructed.
|
|
|
|
%prep
|
|
%setup -q
|
|
|
|
%build
|
|
|
|
%install
|
|
rm -rf %{buildroot}
|
|
install -m 755 -d \
|
|
%{buildroot}/srv/salt/qusal \
|
|
%{buildroot}%{_docdir}/%{name} \
|
|
%{buildroot}%{_defaultlicensedir}/%{name}
|
|
install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
|
|
install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
|
|
rm -rv %{name}/LICENSES %{name}/README.md
|
|
cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
|
|
|
|
%check
|
|
|
|
%dnl %pre
|
|
|
|
%post
|
|
if test "$1" = "1"; then
|
|
## Install
|
|
qubesctl state.apply sys-ssh-agent.create
|
|
qubesctl --skip-dom0 --targets=tpl-sys-ssh-agent state.apply sys-ssh-agent.install
|
|
qubesctl --skip-dom0 --targets=sys-ssh-agent state.apply sys-ssh-agent.configure
|
|
elif test "$1" = "2"; then
|
|
## Upgrade
|
|
true
|
|
fi
|
|
|
|
%preun
|
|
if test "$1" = "0"; then
|
|
## Uninstall
|
|
true
|
|
elif test "$1" = "1"; then
|
|
## Upgrade
|
|
true
|
|
fi
|
|
|
|
%postun
|
|
if test "$1" = "0"; then
|
|
## Uninstall
|
|
true
|
|
elif test "$1" = "1"; then
|
|
## Upgrade
|
|
true
|
|
fi
|
|
|
|
%files
|
|
%defattr(-,root,root,-)
|
|
%license %{_defaultlicensedir}/%{name}/*
|
|
%doc %{_docdir}/%{name}/README.md
|
|
%dir /srv/salt/qusal/%{name}
|
|
/srv/salt/qusal/%{name}/*
|
|
%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
|
|
|
|
%changelog
|
|
* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - a564b3a
|
|
- feat: add TCP proxy for remote hosts
|
|
|
|
* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
|
|
- feat: add manual page reader
|
|
|
|
* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
|
|
- fix: remove extraneous package repository updates
|
|
|
|
* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
|
|
- doc: prefix qubesctl with sudo
|
|
|
|
* Tue Feb 20 2024 Ben Grande <ben.grande.b@gmail.com> - 2b46500
|
|
- doc: remove outdated ssh agent server instructions
|
|
|
|
* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
|
|
- chore: copyright update
|
|
|
|
* Sun Jan 21 2024 Ben Grande <ben.grande.b@gmail.com> - 3e6ba8f
|
|
- fix: client install the ssh-agent client packages
|
|
|
|
* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
|
|
- feat: remove audiovm setting when unnecessary
|
|
|
|
* Tue Nov 21 2023 Ben Grande <ben.grande.b@gmail.com> - 10b3bcd
|
|
- fix: unstrusted input marking and sanitization
|
|
|
|
* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
|
|
- refactor: initial commit
|