Skip to content

Commit

Permalink
fix: strict split-gpg2 service
Browse files Browse the repository at this point in the history 
Split-gpg V1 allowed for querying public keys, but as split-gpg2 is
running as an agent, public keys are not queried. Allowing connection to
the server to query only public parts of the key exposes the server more
than needed to the client.

All clients now have to hold the public key they need locally in order
to do GPG operations.
  • Loading branch information
@ben-grande
ben-grande committed Dec 28, 2023
1 parent 47f927f commit 9772b21
Show file tree
Hide file tree
Showing 8 changed files with 5 additions and 16 deletions.
2 changes: 0 additions & 2 deletions salt/mirage-builder/create.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,6 @@ prefs:
- autostart: False
- include_in_backups: True
features:
- enable:
- service.split-gpg2-client
- disable:
- service.cups
- service.cups-browsed
Expand Down
1 change: 1 addition & 0 deletions salt/mutt/create.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ prefs:
- autostart: False
features:
- enable:
- service.split-gpg2-client
- service.shutdown-idle
- disable:
- service.cups
Expand Down
4 changes: 2 additions & 2 deletions salt/qubes-builder/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,8 @@ qubesctl --skip-dom0 --targets=qubes-builder state.apply qubes-builder.configure
## Access Control

The policy is based on `qubes-builderv2/rpc/50-qubesbuilder.policy`.
Extra services added are `qubes.Gpg`, `qubes.Gpg2`, `qusal.GitInit`,
`qusal.GitFetch`, `qusal.GitPush`, `qusal.SshAgent`.
Extra services added are `qubes.Gpg2`, `qusal.GitInit`, `qusal.GitFetch`,
`qusal.GitPush`, `qusal.SshAgent`.

Out of these services, if an argument `+qubes-builder` can be specified to
limit the scope, the action is `allowed`, else the action is to `ask`.
Expand Down
4 changes: 2 additions & 2 deletions salt/qubes-builder/create.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,8 @@ prefs:
- vcpus: 4
- default_dispvm: dvm-{{ slsdotpath }}
features:
# - enable:
# - service.split-gpg2-client
- enable:
- service.split-gpg2-client
- disable:
- service.cups
- service.cups-browsed
Expand Down
1 change: 0 additions & 1 deletion salt/qubes-builder/files/admin/policy/default.policy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
## Do not modify this file, create a new policy with with a lower number in the
## file name instead. For example `30-user.policy`.
qubes.Gpg2 * {{ sls_path }} @default ask target=sys-pgp
qubes.Gpg * {{ sls_path }} @default ask target=sys-pgp

qusal.GitInit +qubes-builder {{ sls_path }} @default allow target=sys-git
qusal.GitFetch +qubes-builder {{ sls_path }} @default allow target=sys-git
Expand Down
3 changes: 0 additions & 3 deletions salt/sys-git/create.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,6 @@ features:
- disable:
- service.cups
- service.cups-browsed
# tags:
# - add:
# - split-gpg2-client
{%- endload %}
{{ load(defaults) }}
Expand Down
4 changes: 0 additions & 4 deletions salt/sys-pgp/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,10 +53,6 @@ Allow the `work` qubes to access `sys-pgp`, but not other qubes:
qubes.Gpg2 * work sys-pgp ask default_target=sys-pgp
qubes.Gpg2 * work @default ask target=sys-pgp default_target=sys-pgp
qubes.Gpg2 * @anyvm @anyvm deny
qubes.Gpg * work sys-pgp ask default_target=sys-pgp
qubes.Gpg * work @default ask target=sys-pgp default_target=sys-pgp
qubes.Gpg * @anyvm @anyvm deny
```

## Usage
Expand Down
2 changes: 0 additions & 2 deletions salt/sys-pgp/files/admin/policy/default.policy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,4 @@
## file name instead. For example `30-user.policy`.
qubes.Gpg2 * @anyvm @default ask target={{ sls_path }} default_target={{ sls_path }}
qubes.Gpg2 * @anyvm @anyvm deny
qubes.Gpg * @anyvm @default ask target={{ sls_path }} default_target={{ sls_path }}
qubes.Gpg * @anyvm @anyvm deny
## vim:ft=qrexecpolicy

0 comments on commit 9772b21

Please sign in to comment.