From 147c07e73598b0833c242cdb79f38e3c64fcd200 Mon Sep 17 00:00:00 2001
From: NAME <EMAIL>
Date: Wed, 17 Aug 2022 23:15:52 +0000
Subject: [PATCH] Builder - standardise install. Use default netvm. Use sys-gpg
 for split gpg. Set up rpmmacros for split-gpg

---
 builder/builder-split-gpg-config |  2 +-
 builder/clone.top                |  2 +-
 builder/config.sls               |  6 +++---
 builder/config.top               |  2 +-
 builder/create.sls               |  8 ++++----
 builder/create.top               |  2 +-
 builder/install.sls              | 27 +++++++++++++--------------
 builder/install.top              |  2 +-
 builder/rpmmacros                |  9 +++++++++
 9 files changed, 34 insertions(+), 26 deletions(-)
 create mode 100644 builder/rpmmacros

diff --git a/builder/builder-split-gpg-config b/builder/builder-split-gpg-config
index 37ca8be..accc01d 100644
--- a/builder/builder-split-gpg-config
+++ b/builder/builder-split-gpg-config
@@ -1 +1 @@
-gpg
+sys-gpg
diff --git a/builder/clone.top b/builder/clone.top
index 477238a..6d2eec2 100644
--- a/builder/clone.top
+++ b/builder/clone.top
@@ -1,4 +1,4 @@
 base:
   dom0:
     - match: nodegroup
-    - build.clone
+    - builder.clone
diff --git a/builder/config.sls b/builder/config.sls
index e509116..5f05f74 100644
--- a/builder/config.sls
+++ b/builder/config.sls
@@ -1,21 +1,21 @@
 /home/user/.gitconfig:
   file.managed:
     - source:
-      - salt://build/builder-gitconfig
+      - salt://builder/builder-gitconfig
     - user: user
     - group: user
 
 /rw/config/gpg-split-domain:
   file.managed:
     - source:
-      - salt://build/builder-split-gpg-config
+      - salt://builder/builder-split-gpg-config
     - user: root
     - group: root
 
 /home/user/.rpmmacros:
   file.managed:
     - source:
-      - salt://build/builder-rpmmacros
+      - salt://builder/rpmmacros
     - user: user
     - group: user
 
diff --git a/builder/config.top b/builder/config.top
index 4afd10d..cca9b14 100644
--- a/builder/config.top
+++ b/builder/config.top
@@ -1,3 +1,3 @@
 base:
   builder:
-    - build.config
+    - builder.config
diff --git a/builder/create.sls b/builder/create.sls
index ce2b603..2b9d646 100644
--- a/builder/create.sls
+++ b/builder/create.sls
@@ -1,5 +1,5 @@
 include:
-  - build.clone
+  - builder.clone
 
 qvm-present-id:
   qvm.present:
@@ -10,7 +10,6 @@ qvm-present-id:
 qvm-prefs-id:
   qvm.prefs:
     - name: builder
-    - netvm: tor
     - memory: 800
     - maxmem: 8000
     - vcpus: 4
@@ -26,5 +25,6 @@ qvm-features-id:
 
 update_file:
   file.prepend:
-    - name: /etc/qubes-rpc/policy/qubes.Gpg
-    - text: builder gpg allow
+    - name: /etc/qubes/policy.d/30-user.policy
+    - text: qubes.Gpg * builder sys-gpg allow
+    - makedirs: True
diff --git a/builder/create.top b/builder/create.top
index 32bf4e0..f21d94f 100644
--- a/builder/create.top
+++ b/builder/create.top
@@ -1,4 +1,4 @@
 base:
   dom0:
     - match: nodegroup
-    - build.create
+    - builder.create
diff --git a/builder/install.sls b/builder/install.sls
index fcaffa4..d8363e6 100644
--- a/builder/install.sls
+++ b/builder/install.sls
@@ -2,23 +2,21 @@
 
 {% if salt['qvm.exists']('cacher') %}
 
-/etc/yum.repos.d/:
-  file.replace:
-    - names:
-      - /etc/yum.repos.d/fedora.repo
-      - /etc/yum.repos.d/fedora-updates.repo
-      - /etc/yum.repos.d/fedora-updates-testing.repo
-      - /etc/yum.repos.d/fedora-cisco-openh264.repo
-    - pattern: 'metalink=https://(.*)basearch'
-    - repl: 'metalink=http://HTTPS///\1basearch&protocol=http'
-    - flags: [ 'IGNORECASE', 'MULTILINE' ]
-
-/etc/yum.repos.d/qubes-r4.repo:
+{% for repo in salt['file.find']('/etc/yum.repos.d/', name='*repo*') %}
+{{ repo }}_baseurl:
     file.replace:
-      - pattern: 'https://'
-      - repl: 'http://HTTPS///'
+      - name: {{ repo }}
+      - pattern: 'baseurl=https://'
+      - repl: 'baseurl=http://HTTPS///'
+      - flags: [ 'IGNORECASE', 'MULTILINE' ]
+{{ repo }}_metalink:
+    file.replace:
+      - name: {{ repo }}
+      - pattern: 'metalink=https://(.*)basearch'
+      - repl: 'metalink=http://HTTPS///\1basearch&protocol=http'
       - flags: [ 'IGNORECASE', 'MULTILINE' ]
 
+{% endfor %}
 {% endif %}
 
 install:
@@ -56,4 +54,5 @@ install:
       - systemd-container
       - texinfo
       - wget
+      - vi
       - zlib-devel
diff --git a/builder/install.top b/builder/install.top
index 42d5a0e..1117c53 100644
--- a/builder/install.top
+++ b/builder/install.top
@@ -2,4 +2,4 @@
 
 base:
   template-builder:
-  - build.install
+  - builder.install
diff --git a/builder/rpmmacros b/builder/rpmmacros
new file mode 100644
index 0000000..741013d
--- /dev/null
+++ b/builder/rpmmacros
@@ -0,0 +1,9 @@
+%__gpg /usr/bin/qubes-gpg-client-wrapper
+
+%__gpg_check_password_cmd   %{__gpg} \
+        gpg --batch --no-verbose -u "%{_gpg_name}" -s
+
+%__gpg_sign_cmd                 /bin/sh sh -c '/usr/bin/qubes-gpg-client-wrapper \\\
+        --batch --no-verbose \\\
+        %{?_gpg_digest_algo:--digest-algo %{_gpg_digest_algo}} \\\
+        -u "%{_gpg_name}" -sb %{__plaintext_filename} >%{__signature_filename}'