From cf5b31703e2bfdf9e5be2504ecf1d020266cd55d Mon Sep 17 00:00:00 2001
From: unman <unman@thirdeyesecurity.org>
Date: Fri, 26 Apr 2024 12:44:42 +0000
Subject: [PATCH] Mirage-firewall - update packaging. Add README

---
 mirage.spec   |  8 ++++----
 mirage/README | 22 ++++++++++++++++++++++
 2 files changed, 26 insertions(+), 4 deletions(-)
 create mode 100644 mirage/README

diff --git a/mirage.spec b/mirage.spec
index 34d9c95..2212654 100644
--- a/mirage.spec
+++ b/mirage.spec
@@ -1,5 +1,5 @@
 Name:           3isec-qubes-mirage-firewall
-Version:       	0.8.6
+Version:       	0.9.0
 Release:        1%{?dist}
 Summary:        Create an Mirage firewall in Qubes
 
@@ -14,12 +14,10 @@ https://github.com/mirage/qubes-mirage-firewall
 
 The package creates a qube called mirage-firewall.
 If you want to use this as a firewall, simply change net qube from sys-firewall to mirage-firewall.
-There's a batch file in /srv/salt/mirage to make this change in bulk.
 
 Removing this package will remove the mirage-firewall.
 Qubes that use it will have their net qube unset.
 You will have to change netqube to get those qubes back online.
-There's a batch file in /srv/salt/mirage to help make this change in bulk.
 
 
 %install
@@ -35,7 +33,7 @@ cp -rv %{SOURCE0}/  %{buildroot}/srv/salt
 if [ $1 -eq 1 ]; then
   qubesctl state.apply mirage.install
 elif [ $1 -eq 2 ]; then
-  qubesctl state.apply mirage.extract
+  qubesctl state.apply mirage.install
 fi
 
 %postun
@@ -45,6 +43,8 @@ if [ $1 -eq 0 ]; then
 fi
 
 %changelog
+* Thu Apr 25 2024 unman <unman@thirdeyesecurity.org> - 0.9.0
+- Packages qubes-mirage-firewall 0.9.0
 * Sat Feb 03 2024 unman <unman@thirdeyesecurity.org> - 0.8.6
 - Packages qubes-mirage-firewall 0.8.6
 * Mon Apr 17 2023 unman <unman@thirdeyesecurity.org> - 0.8.4
diff --git a/mirage/README b/mirage/README
new file mode 100644
index 0000000..4f7e910
--- /dev/null
+++ b/mirage/README
@@ -0,0 +1,22 @@
+# mirage-firewall
+
+These states create a unikernel firewall for use in Qubes, using mirage.
+The Unikernel qube is intended to replace sys-firewall, boots quickly, and uses minimal system resources.
+For full details, look [here](https://github.com/mirage/qubes-mirage-firewall).
+
+The package creates a qube called mirage-firewall.
+
+## Installation
+`qubesctl state.apply mirage.install`
+
+## Upgrading
+`qubesctl state.apply mirage.extract`
+
+## Use
+To use mirage-firewall as a firewall, simply change the netvm of a qube from sys-firewall to mirage-firewall.
+
+To make this change for **all** qubes that use sys-firewall, shutdown all running qubes, and then run in dom0:
+```
+qvm-ls -O NAME,NETVM|awk '$2~/sys-firewall/ {print "qvm-prefs " $1 " netvm mirage-firewall" }' |sh
+```
+