Git-Mirrors/shaker
1
0
Fork 0
mirror of https://github.com/unman/shaker.git synced 2025-04-11 18:39:07 -04:00
Code Issues Packages Projects Releases Wiki Activity

Mirage-firewall - update packaging. Add README

Browse Source
This commit is contained in:
unman 2024-04-26 12:44:42 +00:00
parent bcb1921db9
commit cf5b31703e
No known key found for this signature in database
GPG Key ID: FDD1B8244731B36C
2 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mirage.spec
View File

@ -1,5 +1,5 @@
Name: 3isec-qubes-mirage-firewall
Version: 0.8.6
Version: 0.9.0
Release: 1%{?dist}
Summary: Create an Mirage firewall in Qubes
@ -14,12 +14,10 @@ https://github.com/mirage/qubes-mirage-firewall
The package creates a qube called mirage-firewall.
If you want to use this as a firewall, simply change net qube from sys-firewall to mirage-firewall.
There's a batch file in /srv/salt/mirage to make this change in bulk.
Removing this package will remove the mirage-firewall.
Qubes that use it will have their net qube unset.
You will have to change netqube to get those qubes back online.
There's a batch file in /srv/salt/mirage to help make this change in bulk.
%install
@ -35,7 +33,7 @@ cp -rv %{SOURCE0}/ %{buildroot}/srv/salt
if [ $1 -eq 1 ]; then
qubesctl state.apply mirage.install
elif [ $1 -eq 2 ]; then
qubesctl state.apply mirage.extract
qubesctl state.apply mirage.install
fi
%postun
@ -45,6 +43,8 @@ if [ $1 -eq 0 ]; then
fi
%changelog
* Thu Apr 25 2024 unman <unman@thirdeyesecurity.org> - 0.9.0
- Packages qubes-mirage-firewall 0.9.0
* Sat Feb 03 2024 unman <unman@thirdeyesecurity.org> - 0.8.6
- Packages qubes-mirage-firewall 0.8.6
* Mon Apr 17 2023 unman <unman@thirdeyesecurity.org> - 0.8.4

22
mirage/README Normal file
View File

@ -0,0 +1,22 @@
# mirage-firewall
These states create a unikernel firewall for use in Qubes, using mirage.
The Unikernel qube is intended to replace sys-firewall, boots quickly, and uses minimal system resources.
For full details, look [here](https://github.com/mirage/qubes-mirage-firewall).
The package creates a qube called mirage-firewall.
## Installation
`qubesctl state.apply mirage.install`
## Upgrading
`qubesctl state.apply mirage.extract`
## Use
To use mirage-firewall as a firewall, simply change the netvm of a qube from sys-firewall to mirage-firewall.
To make this change for **all** qubes that use sys-firewall, shutdown all running qubes, and then run in dom0:
```
qvm-ls -O NAME,NETVM|awk '$2~/sys-firewall/ {print "qvm-prefs " $1 " netvm mirage-firewall" }' |sh
```