I’ve set up packaging for the qvm-features-in-pillar
formula! And I forgot adding a direct link in the README
next time.
The packages are not reproducible, so I don’t really recommend anyone to get the package that I’ve published for my own use, because there is little way to confirm it’s been built from the source you see in GitHub (unless maybe if you’re very familiar with the internal structure of an RPM package and can make sense of a diffoscope report, at this point I can’t.)
However, with the setup done, creating the packages yourself can be as straightforward as (eighteen steps follow ):
- clone the repo
- there are a few dependencies to make sure are there (see pre-requisites in README)
- add a signed tag so that the packaging tooling can verify the integrity of the sources (you’ll see mine
gb_8e1f8f82
there, so it’s all about creating a similar one locally that’s signed with a key you control, see below for how to do that) - set a few (simple) environment variables (same README)
- run
make packages
If you want to test the package in a dispVM:
- make sure RPM knows about the signing (public) key for the purpose of verifying signatures:
sudo rpm --import <mykey.gpg>
- install the package you’ve just built:
sudo dnf install ./qubes-mgmt-salt-user-qvm-features-in-pillar-1.0.0-1.noarch.rpm
- confirm that
/srv
was populated as expected
Once in dom0, don’t forget that:
- user directories are assumed to be enabled (see below if needed)
- the package installation will overwrite
/srv/user_salt/qvm-features-in-pillar
- top files need to be enabled, this one is no exception:
sudo qubesctl top.enable qvm-features-in-pillar
Useful references:
- Creating signed tags with
git stag
(Qubes OS official docs) - Enabling the Salt user directories (my docs)