Builder - standardise install.

Use default netvm. Use sys-gpg for split gpg.
Set up rpmmacros for split-gpg
This commit is contained in:
NAME 2022-08-17 23:15:52 +00:00
parent 5497693e26
commit 147c07e735
No known key found for this signature in database
GPG Key ID: FDD1B8244731B36C
9 changed files with 34 additions and 26 deletions

View File

@ -1 +1 @@
gpg
sys-gpg

View File

@ -1,4 +1,4 @@
base:
dom0:
- match: nodegroup
- build.clone
- builder.clone

View File

@ -1,21 +1,21 @@
/home/user/.gitconfig:
file.managed:
- source:
- salt://build/builder-gitconfig
- salt://builder/builder-gitconfig
- user: user
- group: user
/rw/config/gpg-split-domain:
file.managed:
- source:
- salt://build/builder-split-gpg-config
- salt://builder/builder-split-gpg-config
- user: root
- group: root
/home/user/.rpmmacros:
file.managed:
- source:
- salt://build/builder-rpmmacros
- salt://builder/rpmmacros
- user: user
- group: user

View File

@ -1,3 +1,3 @@
base:
builder:
- build.config
- builder.config

View File

@ -1,5 +1,5 @@
include:
- build.clone
- builder.clone
qvm-present-id:
qvm.present:
@ -10,7 +10,6 @@ qvm-present-id:
qvm-prefs-id:
qvm.prefs:
- name: builder
- netvm: tor
- memory: 800
- maxmem: 8000
- vcpus: 4
@ -26,5 +25,6 @@ qvm-features-id:
update_file:
file.prepend:
- name: /etc/qubes-rpc/policy/qubes.Gpg
- text: builder gpg allow
- name: /etc/qubes/policy.d/30-user.policy
- text: qubes.Gpg * builder sys-gpg allow
- makedirs: True

View File

@ -1,4 +1,4 @@
base:
dom0:
- match: nodegroup
- build.create
- builder.create

View File

@ -2,23 +2,21 @@
{% if salt['qvm.exists']('cacher') %}
/etc/yum.repos.d/:
{% for repo in salt['file.find']('/etc/yum.repos.d/', name='*repo*') %}
{{ repo }}_baseurl:
file.replace:
- names:
- /etc/yum.repos.d/fedora.repo
- /etc/yum.repos.d/fedora-updates.repo
- /etc/yum.repos.d/fedora-updates-testing.repo
- /etc/yum.repos.d/fedora-cisco-openh264.repo
- name: {{ repo }}
- pattern: 'baseurl=https://'
- repl: 'baseurl=http://HTTPS///'
- flags: [ 'IGNORECASE', 'MULTILINE' ]
{{ repo }}_metalink:
file.replace:
- name: {{ repo }}
- pattern: 'metalink=https://(.*)basearch'
- repl: 'metalink=http://HTTPS///\1basearch&protocol=http'
- flags: [ 'IGNORECASE', 'MULTILINE' ]
/etc/yum.repos.d/qubes-r4.repo:
file.replace:
- pattern: 'https://'
- repl: 'http://HTTPS///'
- flags: [ 'IGNORECASE', 'MULTILINE' ]
{% endfor %}
{% endif %}
install:
@ -56,4 +54,5 @@ install:
- systemd-container
- texinfo
- wget
- vi
- zlib-devel

View File

@ -2,4 +2,4 @@
base:
template-builder:
- build.install
- builder.install

9
builder/rpmmacros Normal file
View File

@ -0,0 +1,9 @@
%__gpg /usr/bin/qubes-gpg-client-wrapper
%__gpg_check_password_cmd %{__gpg} \
gpg --batch --no-verbose -u "%{_gpg_name}" -s
%__gpg_sign_cmd /bin/sh sh -c '/usr/bin/qubes-gpg-client-wrapper \\\
--batch --no-verbose \\\
%{?_gpg_digest_algo:--digest-algo %{_gpg_digest_algo}} \\\
-u "%{_gpg_name}" -sb %{__plaintext_filename} >%{__signature_filename}'