Mirage-firewall - update to release 0.9.2

2025-03-12 18:36:47 -04:00 · 2025-02-08 00:46:20 +00:00 · 2025-02-08 00:46:20 +00:00 · 748be20a5c
commit 748be20a5c
parent 93d5888cc0
6 changed files with 31 additions and 32 deletions
--- a/mirage.spec
+++ b/mirage.spec
@ -1,6 +1,6 @@
 Name:           3isec-qubes-mirage-firewall
-Version:       	0.9.1
-Release:        2%{?dist}
+Version:       	0.9.2
+Release:        1%{?dist}
 Summary:        Create an Mirage firewall in Qubes

 License:        GPLv3+
@ -33,7 +33,15 @@ cp -rv %{SOURCE0}/  %{buildroot}/srv/salt
 if [ $1 -eq 1 ]; then
  qubesctl state.apply mirage.install
 elif [ $1 -eq 2 ]; then
-  qubesctl state.apply mirage.extract
+  if [ `qvm-ls --running --raw-list mirage-firewall` == `mirage-firewall` ];then
+  qvm-kill mirage-firewall
+  qubesctl state.apply mirage.absent
+  qubesctl state.apply mirage.install
+  qvm-start mirage-firewall
+  else
+  qubesctl state.apply mirage.absent
+  qubesctl state.apply mirage.install
+  fi
 fi

 %postun
@ -43,6 +51,8 @@ if [ $1 -eq 0 ]; then
 fi

 %changelog
+* Fri Feb 07 2025 unman <unman@thirdeyesecurity.org> - 0.9.2
+- Packages qubes-mirage-firewall 0.9.2
 * Mon May 20 2024 unman <unman@thirdeyesecurity.org> - 0.9.1
 - Packages qubes-mirage-firewall 0.9.1
 * Thu May 09 2024 unman <unman@thirdeyesecurity.org> - 0.9.0
--- a/mirage/absent.sls
+++ b/mirage/absent.sls
@ -0,0 +1,14 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+#
+#
+#
+
+{% if grains['nodename'] == 'dom0' %}
+
+mirage-firewall-remove-old:
+  file.absent:
+    - names:
+      - /var/lib/qubes/vm-kernels/mirage-firewall/modules.img
+      - /var/lib/qubes/vm-kernels/mirage-firewall/initramfs
+
+{% endif %}
--- a/mirage/extract.sls
+++ b/mirage/extract.sls
@ -1,21 +0,0 @@
-# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
-#
-#
-#
-
-{% if grains['nodename'] == 'dom0' %}
-
-/var/lib/qubes/vm-kernels/mirage-firewall:
-  file.directory:
-    - mode: 755
-    - makedirs: True
-
-mirage_extracted:
-  archive.extracted:
-    - name: /var/lib/qubes/vm-kernels/
-    - source: salt://mirage/mirage-firewall.tar.bz2
-    - source_hash: ea876bc7525811a16b0dfebe7ee1e91661eeecf67d240298d4ffd31b6ee41843
-    - archive_format: tar
-    - options: -j
-
-{% endif %}
--- a/mirage/install.sls
+++ b/mirage/install.sls
@ -10,14 +10,6 @@
    - mode: 755
    - makedirs: True

-mirage_extracted:
-  archive.extracted:
-    - name: /var/lib/qubes/vm-kernels/
-    - source: salt://mirage/mirage-firewall.tar.bz2
-    - source_hash: ea876bc7525811a16b0dfebe7ee1e91661eeecf67d240298d4ffd31b6ee41843
-    - archive_format: tar
-    - options: -j
-
 mirage-firewall:
  qvm.present:
    - name: mirage-firewall
@ -46,5 +38,9 @@ mirage-firewall-features:
      - qubes-firewall
      - no-default-kernelopts

+mirage-firewall-kernel:
+  file.managed:
+    - name: /var/lib/qubes/vm-kernels/mirage-firewall/vmlinuz
+    - source: salt://mirage/qubes-firewall.xen

 {% endif %}
--- a/mirage/mirage-firewall.tar.bz2
+++ b/mirage/mirage-firewall.tar.bz2
--- a/mirage/qubes-firewall.xen
+++ b/mirage/qubes-firewall.xen