Move to Qubes OS 4.1 default policy mechanism.

2025-03-01 14:22:31 +01:00 · 2023-02-25 18:44:24 +00:00 · 2023-02-25 18:44:24 +00:00 · 6b78d1eaf7
commit 6b78d1eaf7
parent 687f4e5e5c
5 changed files with 10 additions and 22 deletions
--- a/6
+++ b/6
@ -29,7 +29,5 @@ install-service:
 	install -Dm 755 etc/qubes-rpc/ruddo.PassManage -t $(DESTDIR)/$(SYSCONFDIR)/qubes-rpc/

 install-dom0:
-	install -Dm 664 etc/qubes-rpc/policy/ruddo.PassRead -t $(DESTDIR)/$(SYSCONFDIR)/qubes-rpc/policy/
-	getent group qubes && chgrp qubes $(DESTDIR)/$(SYSCONFDIR)/qubes-rpc/policy/ || true
-	install -Dm 664 etc/qubes-rpc/policy/ruddo.PassManage -t $(DESTDIR)/$(SYSCONFDIR)/qubes-rpc/policy/
-	getent group qubes && chgrp qubes $(DESTDIR)/$(SYSCONFDIR)/qubes-rpc/policy/ || true
+	install -Dm 664 etc/qubes/policy.d/90-qubes-pass.policy -t $(DESTDIR)/$(SYSCONFDIR)/qubes/policy.d/
+	getent group qubes && chgrp qubes $(DESTDIR)/$(SYSCONFDIR)/qubes/policy.d/90-qubes-pass.policy || true
--- a/etc/qubes-rpc/policy/ruddo.PassManage
+++ b/etc/qubes-rpc/policy/ruddo.PassManage
@ -1,6 +0,0 @@
-## Note that policy parsing stops at the first match,
-## so anything below the last line will have no effect.
-
-## Please use a single # to start your custom comments.
-
-$anyvm $anyvm ask
--- a/etc/qubes-rpc/policy/ruddo.PassRead
+++ b/etc/qubes-rpc/policy/ruddo.PassRead
@ -1,6 +0,0 @@
-## Note that policy parsing stops at the first match,
-## so anything below the last line will have no effect.
-
-## Please use a single # to start your custom comments.
-
-$anyvm $anyvm ask
--- a/etc/qubes/policy.d/90-qubes-pass.policy
+++ b/etc/qubes/policy.d/90-qubes-pass.policy
@ -0,0 +1,4 @@
+## Default qubes-pass policies.
+
+ruddo.PassRead     *   @anyvm   @anyvm   ask
+ruddo.PassManage   *   @anyvm   @anyvm   ask
--- a/qubes-pass.spec
+++ b/qubes-pass.spec
@ -3,7 +3,7 @@
 %define mybuildnumber %{?build_number}%{?!build_number:1}

 Name:           qubes-pass
-Version:        0.0.36
+Version:        0.1.0
 Release:        %{mybuildnumber}%{?dist}
 Summary:        Inter-VM pass password management for Qubes OS AppVMs and StandaloneVMs
 BuildArch:      noarch
@ -26,8 +26,7 @@ Requires:       util-linux

 %package dom0
 Summary:        Policy package for Qubes OS dom0s that arbitrates %{name}
-
-Requires:       qubes-core-dom0-linux
+Requires:       qubes-core-dom0 >= 4.1

 %description
 This package lets you setup a safe password management VM and then
@ -60,7 +59,7 @@ for target in install-client install-service install-dom0; do
 done

 %check
-if grep -r '@.*@' $RPM_BUILD_ROOT ; then
+if grep -r '@.*@' --exclude='*.policy' $RPM_BUILD_ROOT ; then
    echo "Check failed: files with AT identifiers appeared" >&2
    exit 1
 fi
@ -75,8 +74,7 @@ fi
 %attr(0755, root, root) %{_sysconfdir}/qubes-rpc/ruddo.PassManage

 %files dom0
-%config(noreplace) %attr(0664, root, qubes) %{_sysconfdir}/qubes-rpc/policy/ruddo.PassRead
-%config(noreplace) %attr(0664, root, qubes) %{_sysconfdir}/qubes-rpc/policy/ruddo.PassManage
+%config(noreplace) %attr(0664, root, qubes) %{_sysconfdir}/qubes/policy.d/90-qubes-pass.policy

 %changelog
 * Mon Jan 31 2022 Manuel Amador (Rudd-O) <rudd-o@rudd-o.com>