Git-Mirrors/shaker
1
0
Fork 0
mirror of https://github.com/unman/shaker.git synced 2024-10-01 01:25:41 -04:00
Code Issues Packages Projects Releases Wiki Activity

Builder - standardise install.

Browse Source 
Use default netvm. Use sys-gpg for split gpg.
Set up rpmmacros for split-gpg
This commit is contained in:
NAME 2022-08-17 23:15:52 +00:00
parent 5497693e26
commit 147c07e735
No known key found for this signature in database
GPG Key ID: FDD1B8244731B36C
9 changed files with 34 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
builder/builder-split-gpg-config
View File

@ -1 +1 @@
gpg sys-gpg

2
builder/clone.top
View File

@ -1,4 +1,4 @@
base: base:
dom0: dom0:
- match: nodegroup - match: nodegroup
- build.clone - builder.clone

6
builder/config.sls
View File

@ -1,21 +1,21 @@
/home/user/.gitconfig: /home/user/.gitconfig:
file.managed: file.managed:
- source: - source:
- salt://build/builder-gitconfig - salt://builder/builder-gitconfig
- user: user - user: user
- group: user - group: user
/rw/config/gpg-split-domain: /rw/config/gpg-split-domain:
file.managed: file.managed:
- source: - source:
- salt://build/builder-split-gpg-config - salt://builder/builder-split-gpg-config
- user: root - user: root
- group: root - group: root
/home/user/.rpmmacros: /home/user/.rpmmacros:
file.managed: file.managed:
- source: - source:
- salt://build/builder-rpmmacros - salt://builder/rpmmacros
- user: user - user: user
- group: user - group: user

2
builder/config.top
View File

@ -1,3 +1,3 @@
base: base:
builder: builder:
- build.config - builder.config

8
builder/create.sls
View File

@ -1,5 +1,5 @@
include: include:
- build.clone - builder.clone
qvm-present-id: qvm-present-id:
qvm.present: qvm.present:
@ -10,7 +10,6 @@ qvm-present-id:
qvm-prefs-id: qvm-prefs-id:
qvm.prefs: qvm.prefs:
- name: builder - name: builder
- netvm: tor
- memory: 800 - memory: 800
- maxmem: 8000 - maxmem: 8000
- vcpus: 4 - vcpus: 4
@ -26,5 +25,6 @@ qvm-features-id:
update_file: update_file:
file.prepend: file.prepend:
- name: /etc/qubes-rpc/policy/qubes.Gpg - name: /etc/qubes/policy.d/30-user.policy
- text: builder gpg allow - text: qubes.Gpg * builder sys-gpg allow
- makedirs: True

2
builder/create.top
View File

@ -1,4 +1,4 @@
base: base:
dom0: dom0:
- match: nodegroup - match: nodegroup
- build.create - builder.create

23
builder/install.sls
View File

@ -2,23 +2,21 @@
{% if salt['qvm.exists']('cacher') %} {% if salt['qvm.exists']('cacher') %}
/etc/yum.repos.d/: {% for repo in salt['file.find']('/etc/yum.repos.d/', name='*repo*') %}
{{ repo }}_baseurl:
file.replace: file.replace:
- names: - name: {{ repo }}
- /etc/yum.repos.d/fedora.repo - pattern: 'baseurl=https://'
- /etc/yum.repos.d/fedora-updates.repo - repl: 'baseurl=http://HTTPS///'
- /etc/yum.repos.d/fedora-updates-testing.repo - flags: [ 'IGNORECASE', 'MULTILINE' ]
- /etc/yum.repos.d/fedora-cisco-openh264.repo {{ repo }}_metalink:
file.replace:
- name: {{ repo }}
- pattern: 'metalink=https://(.*)basearch' - pattern: 'metalink=https://(.*)basearch'
- repl: 'metalink=http://HTTPS///\1basearch&protocol=http' - repl: 'metalink=http://HTTPS///\1basearch&protocol=http'
- flags: [ 'IGNORECASE', 'MULTILINE' ] - flags: [ 'IGNORECASE', 'MULTILINE' ]
/etc/yum.repos.d/qubes-r4.repo: {% endfor %}
file.replace:
- pattern: 'https://'
- repl: 'http://HTTPS///'
- flags: [ 'IGNORECASE', 'MULTILINE' ]
{% endif %} {% endif %}
install: install:
@ -56,4 +54,5 @@ install:
- systemd-container - systemd-container
- texinfo - texinfo
- wget - wget
- vi
- zlib-devel - zlib-devel

2
builder/install.top
View File

@ -2,4 +2,4 @@
base: base:
template-builder: template-builder:
- build.install - builder.install

9
builder/rpmmacros Normal file
View File

@ -0,0 +1,9 @@
%__gpg /usr/bin/qubes-gpg-client-wrapper
%__gpg_check_password_cmd %{__gpg} \
gpg --batch --no-verbose -u "%{_gpg_name}" -s
%__gpg_sign_cmd /bin/sh sh -c '/usr/bin/qubes-gpg-client-wrapper \\\
--batch --no-verbose \\\
%{?_gpg_digest_algo:--digest-algo %{_gpg_digest_algo}} \\\
-u "%{_gpg_name}" -sb %{__plaintext_filename} >%{__signature_filename}'