mirror of
https://github.com/unman/shaker.git
synced 2024-10-01 01:25:41 -04:00
More detailed descriptions
This commit is contained in:
unman
parent
20ae3c1dfd
commit
02317020d3
10
cacher.spec
10
cacher.spec
@ -9,9 +9,9 @@ SOURCE0: cacher
|
||||
%description
|
||||
This package provides a caching proxy, named cacher.
|
||||
A caching proxy stores downloaded packages, so that you need only download
|
||||
a package once for it to be used when updating many templates.
|
||||
a package once for it to be used when updating many templates.
|
||||
The proxy is preconfigured to work out of the box for Debian, Ubuntu,
|
||||
Arch, and Fedora templates.
|
||||
Arch, and Fedora templates.
|
||||
|
||||
When you install this package your Qubes system will be altered to use
|
||||
the proxy by default.
|
||||
@ -23,9 +23,9 @@ So that you can use https:// in your repository definitions, the entries
|
||||
will be changed in the templates.
|
||||
https:// becomes http://HTTPS///
|
||||
This is so that the request to the proxy is plain text, and the proxy
|
||||
will then make the request via https
|
||||
will then make the request via https
|
||||
This change will be done automatically for every template that exists
|
||||
when you install this package.
|
||||
when you install this package.
|
||||
|
||||
If you install a new template, you must make this configuration change.
|
||||
In dom0 run:
|
||||
@ -33,7 +33,7 @@ when you install this package.
|
||||
replacing TEMPLATE with the name of the new template.
|
||||
|
||||
If you want to use the standard proxy, you have to revert this change,
|
||||
as well as editing the policy file.
|
||||
as well as editing the policy file.
|
||||
In dom0 run:
|
||||
qubesctl --skip-dom0 --targets=TEMPLATE state.apply cacher.restore_templates
|
||||
replacing TEMPLATE with the name of the new template.
|
||||
|
||||
19
gpg.spec
19
gpg.spec
@ -1,13 +1,24 @@
|
||||
Name: 3isec-qubes-split-gpg
|
||||
Version: 2.0
|
||||
Version: 2.0
|
||||
Release: 1%{?dist}
|
||||
Summary: Salt split-gpg template in Qubes
|
||||
Summary: split-gpg in Qubes
|
||||
|
||||
License: GPLv3+
|
||||
SOURCE0: gpg
|
||||
SOURCE0: gpg
|
||||
|
||||
%description
|
||||
Salt state to implement split-gpg in Qubes
|
||||
This package set up split-gpg in Qubes.
|
||||
split-gpg allows you to store your pgp keys in one qube, and access them from another.
|
||||
Full details are at https://www.qubes-os.org/doc/split-gpg/
|
||||
|
||||
When you install this package a template will be created, and a qube
|
||||
named sys-gpg to hold the keys.
|
||||
You can create more than one qube to hold keys if you want.
|
||||
The system will be configured to use the sys-gpg qube by default.
|
||||
This is done with an entry in /etc/qubes/policy.d/30-user.policy
|
||||
If you want to change the setting for some/all qubes, edit
|
||||
that file.
|
||||
|
||||
|
||||
%install
|
||||
rm -rf %{buildroot}
|
||||
|
||||
@ -1,13 +1,33 @@
|
||||
Name: 3isec-qubes-sys-multimedia
|
||||
Version: 2.1
|
||||
Version: 2.1
|
||||
Release: 1%{?dist}
|
||||
Summary: Salt multimedia template and qubes
|
||||
Summary: creates multimedia template and qubes
|
||||
|
||||
License: GPLv3+
|
||||
SOURCE0: multimedia
|
||||
SOURCE0: multimedia
|
||||
|
||||
%description
|
||||
Salt state for multimedia template and qubes
|
||||
|
||||
This package sets up qubes to work mith multimedia files in Qubes.
|
||||
By default a qube named "media" is created, and configured so that any
|
||||
multimedia files are opened in a named disposable called "multimedia".
|
||||
This provides some measure of protection when working with untrusted files.
|
||||
|
||||
The media qube is offline by default.
|
||||
The multimedia disposable is offline by default.
|
||||
You can change this if you wish, but be aware that this may result in
|
||||
data leakage.
|
||||
|
||||
The idea is that you organise and store media files in the media qube.
|
||||
Opening a file in that qube will open the multimedia disposable and play
|
||||
the file there.
|
||||
You can also use the multimedia disposable from any other qube, or use the
|
||||
disposable template to create more disposables with different settings -
|
||||
perhaps online, or restricted to certain IP addresses.
|
||||
Access to the multimedia file is controlled from the policy file in
|
||||
/etc/qubes/policy.d/30-user.policy
|
||||
|
||||
|
||||
|
||||
%install
|
||||
rm -rf %{buildroot}
|
||||
|
||||
28
print.spec
28
print.spec
@ -7,7 +7,33 @@ License: GPLv3+
|
||||
SOURCE0: print
|
||||
|
||||
%description
|
||||
Salt state to implement a printer qube
|
||||
This package sets up a qube called sys-print, to be used for system-wide
|
||||
printing in Qubes.
|
||||
|
||||
You configure sys-print to access your printer, and then print from any
|
||||
other qube by accessing sys-print.
|
||||
If you have a USB printer you will need to configure sys-print with
|
||||
(at least) one of your USB controllers.
|
||||
If you have a network printer, you should be able to set up from
|
||||
sys-print, and then print from offline qubes.
|
||||
You should restrict access from sys-print to the IP of the printer using
|
||||
qubes firewall.
|
||||
|
||||
You can create more than one qube to act as a printer qube if you want.
|
||||
The system will be configured to use the sys-printer qube by default.
|
||||
This is done with an entry in /etc/qubes/policy.d/30-user.policy
|
||||
If you want to change the setting for some/all qubes, edit
|
||||
that file.
|
||||
|
||||
A specific service called qubes.Print is created.
|
||||
You have to configure your qubes to use that service, and a helper script
|
||||
is provided.
|
||||
In dom0, run:
|
||||
sudo qubesctl --skip-dom0 --targets=NAMES state.apply print.print_client
|
||||
|
||||
Removing this package will NOT delete the qubes, but will remove the
|
||||
entry in /etc/qubes/policy.d/30-user.policy.
|
||||
|
||||
|
||||
%install
|
||||
rm -rf %{buildroot}
|
||||
|
||||
@ -1,13 +1,39 @@
|
||||
Name: 3isec-qubes-sys-ssh-agent
|
||||
Version: 1.1
|
||||
Release: 1%{?dist}
|
||||
Summary: Salt a service qube to hold ssh-agents
|
||||
Summary: Create a service qube to hold ssh-agents
|
||||
|
||||
License: GPLv3+
|
||||
SOURCE0: qubes-ssh-agent
|
||||
SOURCE0: qubes-ssh-agent
|
||||
|
||||
%description
|
||||
Salt state to implement a service qube to hold ssh-agents
|
||||
This package sets up a qube called sys-ssh-agent, to hold ssh keys.
|
||||
It is ideal for use cases where you have a number of key pairs, which
|
||||
are used by different qubes.
|
||||
|
||||
The keypairs are stored in the offline sys-ssh-agent server, and requests
|
||||
are passed from clients to the server via qrexec.
|
||||
Clients may access the same ssh-agent, or access different agents.
|
||||
Access is controlled via dom0 policy file, /etc/qubes/policy.d/30-user.policy
|
||||
|
||||
The client does not know the identity of the ssh-agent server, nor are
|
||||
keys kept in memory in the client.
|
||||
All configuration of keys, and unlocking of keys, where they are password
|
||||
protected, is done in the ssh-agent server, using standard ssh-agent
|
||||
controls.
|
||||
Keys can be selectively allocated to different ssh-agents.
|
||||
You can create multiple ssh-agents holding different combination of ssh keys.
|
||||
This allow you to access different key sets from different qubes.
|
||||
By default an ssh-agent called "work" is provided in sys-ssh-agent.
|
||||
Helper scripts are provided to create new ssh-agents.
|
||||
|
||||
You can create other qubes to hold other ssh-agents if you want, for
|
||||
maximum compartmentalisation.
|
||||
Simply clone sys-ssh-agent and edit the ssh-agents.
|
||||
|
||||
Removing this package will NOT delete the qubes, but will remove the
|
||||
entry in /etc/qubes/policy.d/30-user.policy.
|
||||
|
||||
|
||||
%install
|
||||
rm -rf %{buildroot}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user