More detailed descriptions

gpg.spec

@@ -1,13 +1,24 @@
 Name:           3isec-qubes-split-gpg
 Version:  	    2.0
 Release:        1%{?dist}
-Summary:        Salt split-gpg template in Qubes
+Summary:        split-gpg in Qubes
 
 License:        GPLv3+
 SOURCE0:	      gpg
 
 %description
-Salt state to implement split-gpg in Qubes
+ This package set up split-gpg in Qubes.
+ split-gpg allows you to store your pgp keys in one qube, and access them from another.
+ Full details are at https://www.qubes-os.org/doc/split-gpg/
+
+When you install this package a template will be created, and a qube
+named sys-gpg to hold the keys.
+You can create more than one qube to hold keys if you want.
+The system will be configured to use the sys-gpg qube by default.
+This is done with an entry in /etc/qubes/policy.d/30-user.policy
+If you want to change the setting for some/all qubes, edit
+that file.
+
 
 %install
 rm -rf %{buildroot}

multimedia.spec

@@ -1,13 +1,33 @@
 Name:           3isec-qubes-sys-multimedia
 Version:       	2.1
 Release:        1%{?dist}
-Summary:        Salt multimedia template and qubes
+Summary:        creates multimedia template and qubes
 
 License:        GPLv3+
 SOURCE0:       	multimedia
 
 %description
-Salt state for multimedia template and qubes
+
+ This package sets up qubes to work mith multimedia files in Qubes.
+ By default a qube named "media" is created, and configured so that any
+ multimedia files are opened in a named disposable called "multimedia".
+ This provides some measure of protection when working with untrusted files.
+
+The media qube is offline by default.
+The multimedia disposable is offline by default.
+You can change this if you wish, but be aware that this may result in
+data leakage.
+
+The idea is that you organise and store media files in the media qube. 
+Opening a file in that qube will open the multimedia disposable and play
+the file there.
+You can also use the multimedia disposable from any other qube, or use the
+disposable template to create more disposables with different settings -
+perhaps online, or restricted to certain IP addresses.
+Access to the multimedia file is controlled from the policy file in
+/etc/qubes/policy.d/30-user.policy
+
+
 
 %install
 rm -rf %{buildroot}

print.spec

@@ -7,7 +7,33 @@ License:        GPLv3+
 SOURCE0:	print
 
 %description
-Salt state to implement a printer qube
+This package sets up a qube called sys-print, to be used for system-wide
+printing in Qubes.
+ 
+You configure sys-print to access your printer, and then print from any
+other qube by accessing sys-print.
+If you have a USB printer you will need to configure sys-print with
+(at least) one of your USB controllers.
+If you have a network printer, you should be able to set up from
+sys-print, and then print from offline qubes.
+You should restrict access from sys-print to the IP of the printer using
+qubes firewall.
+
+You can create more than one qube to act as a printer qube if you want.
+The system will be configured to use the sys-printer qube by default.
+This is done with an entry in /etc/qubes/policy.d/30-user.policy
+If you want to change the setting for some/all qubes, edit
+that file.
+
+A specific service called qubes.Print is created.
+You have to configure your qubes to use that service, and a helper script
+is provided.
+In dom0, run:
+ sudo qubesctl --skip-dom0 --targets=NAMES state.apply print.print_client
+
+Removing this package will NOT delete the qubes, but will remove the
+entry in /etc/qubes/policy.d/30-user.policy.
+
 
 %install
 rm -rf %{buildroot}

qubes-ssh-agent.spec

@@ -1,13 +1,39 @@
 Name:           3isec-qubes-sys-ssh-agent
 Version:       	1.1
 Release:        1%{?dist}
-Summary:        Salt a service qube to hold ssh-agents
+Summary:        Create a service qube to hold ssh-agents
 
 License:        GPLv3+
 SOURCE0:	      qubes-ssh-agent
 
 %description
-Salt state to implement a service qube to hold ssh-agents
+This package sets up a qube called sys-ssh-agent, to hold ssh keys.
+It is ideal for use cases where you have a number of key pairs, which
+are used by different qubes.
+
+The keypairs are stored in the offline sys-ssh-agent server, and requests
+are passed from clients to the server via qrexec.
+Clients may access the same ssh-agent, or access different agents.  
+Access is controlled via dom0 policy file, /etc/qubes/policy.d/30-user.policy
+
+The client does not know the identity of the ssh-agent server, nor are
+keys kept in memory in the client.
+All configuration of keys, and unlocking of keys, where they are password
+protected, is done in the ssh-agent server, using standard ssh-agent
+controls.
+Keys can be selectively allocated to different ssh-agents.
+You can create multiple ssh-agents holding different combination of ssh keys.
+This allow you to access different key sets from different qubes.
+By default an ssh-agent called "work" is provided in sys-ssh-agent.
+Helper scripts are provided to create new ssh-agents.
+
+You can create other qubes to hold other ssh-agents if you  want, for
+maximum compartmentalisation.
+Simply clone sys-ssh-agent and edit the ssh-agents.
+
+Removing this package will NOT delete the qubes, but will remove the 
+entry in /etc/qubes/policy.d/30-user.policy.
+
 
 %install
 rm -rf %{buildroot}