diff options
Diffstat (limited to 'posts/installing-software-salt-qubes.html')
| -rw-r--r-- | posts/installing-software-salt-qubes.html | 297 |
1 files changed, 297 insertions, 0 deletions
diff --git a/posts/installing-software-salt-qubes.html b/posts/installing-software-salt-qubes.html new file mode 100644 index 0000000..04d4a19 --- /dev/null +++ b/posts/installing-software-salt-qubes.html @@ -0,0 +1,297 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" +"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> +<head> +<!-- 2025-04-02 Wed 23:33 --> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<meta name="viewport" content="width=device-width, initial-scale=1" /> +<title>Methods of installing software in QubesOS with Saltstack</title> +<meta name="generator" content="Org Mode" /> +<style type="text/css"> + #content { max-width: 60em; margin: auto; } + .title { text-align: center; + margin-bottom: .2em; } + .subtitle { text-align: center; + font-size: medium; + font-weight: bold; + margin-top:0; } + .todo { font-family: monospace; color: red; } + .done { font-family: monospace; color: green; } + .priority { font-family: monospace; color: orange; } + .tag { background-color: #eee; font-family: monospace; + padding: 2px; font-size: 80%; font-weight: normal; } + .timestamp { color: #bebebe; } + .timestamp-kwd { color: #5f9ea0; } + .org-right { margin-left: auto; margin-right: 0px; text-align: right; } + .org-left { margin-left: 0px; margin-right: auto; text-align: left; } + .org-center { margin-left: auto; margin-right: auto; text-align: center; } + .underline { text-decoration: underline; } + #postamble p, #preamble p { font-size: 90%; margin: .2em; } + p.verse { margin-left: 3%; } + pre { + border: 1px solid #e6e6e6; + border-radius: 3px; + background-color: #f2f2f2; + padding: 8pt; + font-family: monospace; + overflow: auto; + margin: 1.2em; + } + pre.src { + position: relative; + overflow: auto; + } + pre.src:before { + display: none; + position: absolute; + top: -8px; + right: 12px; + padding: 3px; + color: #555; + background-color: #f2f2f299; + } + pre.src:hover:before { display: inline; margin-top: 14px;} + /* Languages per Org manual */ + pre.src-asymptote:before { content: 'Asymptote'; } + pre.src-awk:before { content: 'Awk'; } + pre.src-authinfo::before { content: 'Authinfo'; } + pre.src-C:before { content: 'C'; } + /* pre.src-C++ doesn't work in CSS */ + pre.src-clojure:before { content: 'Clojure'; } + pre.src-css:before { content: 'CSS'; } + pre.src-D:before { content: 'D'; } + pre.src-ditaa:before { content: 'ditaa'; } + pre.src-dot:before { content: 'Graphviz'; } + pre.src-calc:before { content: 'Emacs Calc'; } + pre.src-emacs-lisp:before { content: 'Emacs Lisp'; } + pre.src-fortran:before { content: 'Fortran'; } + pre.src-gnuplot:before { content: 'gnuplot'; } + pre.src-haskell:before { content: 'Haskell'; } + pre.src-hledger:before { content: 'hledger'; } + pre.src-java:before { content: 'Java'; } + pre.src-js:before { content: 'Javascript'; } + pre.src-latex:before { content: 'LaTeX'; } + pre.src-ledger:before { content: 'Ledger'; } + pre.src-lisp:before { content: 'Lisp'; } + pre.src-lilypond:before { content: 'Lilypond'; } + pre.src-lua:before { content: 'Lua'; } + pre.src-matlab:before { content: 'MATLAB'; } + pre.src-mscgen:before { content: 'Mscgen'; } + pre.src-ocaml:before { content: 'Objective Caml'; } + pre.src-octave:before { content: 'Octave'; } + pre.src-org:before { content: 'Org mode'; } + pre.src-oz:before { content: 'OZ'; } + pre.src-plantuml:before { content: 'Plantuml'; } + pre.src-processing:before { content: 'Processing.js'; } + pre.src-python:before { content: 'Python'; } + pre.src-R:before { content: 'R'; } + pre.src-ruby:before { content: 'Ruby'; } + pre.src-sass:before { content: 'Sass'; } + pre.src-scheme:before { content: 'Scheme'; } + pre.src-screen:before { content: 'Gnu Screen'; } + pre.src-sed:before { content: 'Sed'; } + pre.src-sh:before { content: 'shell'; } + pre.src-sql:before { content: 'SQL'; } + pre.src-sqlite:before { content: 'SQLite'; } + /* additional languages in org.el's org-babel-load-languages alist */ + pre.src-forth:before { content: 'Forth'; } + pre.src-io:before { content: 'IO'; } + pre.src-J:before { content: 'J'; } + pre.src-makefile:before { content: 'Makefile'; } + pre.src-maxima:before { content: 'Maxima'; } + pre.src-perl:before { content: 'Perl'; } + pre.src-picolisp:before { content: 'Pico Lisp'; } + pre.src-scala:before { content: 'Scala'; } + pre.src-shell:before { content: 'Shell Script'; } + pre.src-ebnf2ps:before { content: 'ebfn2ps'; } + /* additional language identifiers per "defun org-babel-execute" + in ob-*.el */ + pre.src-cpp:before { content: 'C++'; } + pre.src-abc:before { content: 'ABC'; } + pre.src-coq:before { content: 'Coq'; } + pre.src-groovy:before { content: 'Groovy'; } + /* additional language identifiers from org-babel-shell-names in + ob-shell.el: ob-shell is the only babel language using a lambda to put + the execution function name together. */ + pre.src-bash:before { content: 'bash'; } + pre.src-csh:before { content: 'csh'; } + pre.src-ash:before { content: 'ash'; } + pre.src-dash:before { content: 'dash'; } + pre.src-ksh:before { content: 'ksh'; } + pre.src-mksh:before { content: 'mksh'; } + pre.src-posh:before { content: 'posh'; } + /* Additional Emacs modes also supported by the LaTeX listings package */ + pre.src-ada:before { content: 'Ada'; } + pre.src-asm:before { content: 'Assembler'; } + pre.src-caml:before { content: 'Caml'; } + pre.src-delphi:before { content: 'Delphi'; } + pre.src-html:before { content: 'HTML'; } + pre.src-idl:before { content: 'IDL'; } + pre.src-mercury:before { content: 'Mercury'; } + pre.src-metapost:before { content: 'MetaPost'; } + pre.src-modula-2:before { content: 'Modula-2'; } + pre.src-pascal:before { content: 'Pascal'; } + pre.src-ps:before { content: 'PostScript'; } + pre.src-prolog:before { content: 'Prolog'; } + pre.src-simula:before { content: 'Simula'; } + pre.src-tcl:before { content: 'tcl'; } + pre.src-tex:before { content: 'TeX'; } + pre.src-plain-tex:before { content: 'Plain TeX'; } + pre.src-verilog:before { content: 'Verilog'; } + pre.src-vhdl:before { content: 'VHDL'; } + pre.src-xml:before { content: 'XML'; } + pre.src-nxml:before { content: 'XML'; } + /* add a generic configuration mode; LaTeX export needs an additional + (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */ + pre.src-conf:before { content: 'Configuration File'; } + + table { border-collapse:collapse; } + caption.t-above { caption-side: top; } + caption.t-bottom { caption-side: bottom; } + td, th { vertical-align:top; } + th.org-right { text-align: center; } + th.org-left { text-align: center; } + th.org-center { text-align: center; } + td.org-right { text-align: right; } + td.org-left { text-align: left; } + td.org-center { text-align: center; } + dt { font-weight: bold; } + .footpara { display: inline; } + .footdef { margin-bottom: 1em; } + .figure { padding: 1em; } + .figure p { text-align: center; } + .equation-container { + display: table; + text-align: center; + width: 100%; + } + .equation { + vertical-align: middle; + } + .equation-label { + display: table-cell; + text-align: right; + vertical-align: middle; + } + .inlinetask { + padding: 10px; + border: 2px solid gray; + margin: 10px; + background: #ffffcc; + } + #org-div-home-and-up + { text-align: right; font-size: 70%; white-space: nowrap; } + textarea { overflow-x: auto; } + .linenr { font-size: smaller } + .code-highlighted { background-color: #ffff00; } + .org-info-js_info-navigation { border-style: none; } + #org-info-js_console-label + { font-size: 10px; font-weight: bold; white-space: nowrap; } + .org-info-js_search-highlight + { background-color: #ffff00; color: #000000; font-weight: bold; } + .org-svg { } +</style> +<style>*{font-family: sans-serif !important}</style> +</head> +<body> +<div id="content" class="content"> +<h1 class="title">Methods of installing software in QubesOS with Saltstack</h1> +<div id="outline-container-orge043794" class="outline-2"> +<h2 id="orge043794">Intro</h2> +<div class="outline-text-2" id="text-orge043794"> +<p> +Here are some various methods of installing software that I’ve used in my personal salt configuration +</p> +</div> +</div> +<div id="outline-container-org7b32e62" class="outline-2"> +<h2 id="org7b32e62">pkg.installed</h2> +<div class="outline-text-2" id="text-org7b32e62"> +<p> +Here’s <code>/srv/user_salt/pkgs/accounting.sls</code> as an example. It uses the simplest way of installing programs, which is just listing them under <code>pkg.installed</code> which pulls them from your distros main repositories. This is the most preferable way to install software if it’s available. +</p> + +<div class="org-src-container"> +<pre class="src src-salt"><span style="color: #928374;"># </span><span style="color: #928374;">Install accounting tools</span> +<span style="color: #d3869b;">accounting--install-apps</span>: + <span style="color: #b8bb26;">pkg.installed</span>: + - <span style="color: #83a598;">pkgs</span>: + - hledger <span style="color: #928374;"># </span><span style="color: #928374;">Command-line plain text accounting</span> + - gnucash <span style="color: #928374;"># </span><span style="color: #928374;">Graphical GNU accounting suite</span> +</pre> +</div> +</div> +</div> +<div id="outline-container-orgecb0904" class="outline-2"> +<h2 id="orgecb0904">move a binary file into /usr/bin</h2> +<div class="outline-text-2" id="text-orgecb0904"> +<p> +Here’s <code>/srv/user_salt/pkgs/st.sls</code> as an example. It takes a binary file that’s part of this salt repository, and moves it into the ~/usr/bin/ directory in a qube. +</p> + +<div class="org-src-container"> +<pre class="src src-salt"><span style="color: #928374;"># </span><span style="color: #928374;">Installs my build of st terminal</span> +<span style="color: #d3869b;">/usr/bin/st</span>: + <span style="color: #b8bb26;">file.managed</span>: + - <span style="color: #83a598;">source</span>: <span style="color: #fe8019;">salt://</span>pkgs/bin/st.bin + - <span style="color: #83a598;">user</span>: root + - <span style="color: #83a598;">group</span>: root + - <span style="color: #83a598;">mode</span>: 777 +</pre> +</div> +</div> +</div> +<div id="outline-container-orgbb11ba1" class="outline-2"> +<h2 id="orgbb11ba1">Install from third-party repo with a script</h2> +<div class="outline-text-2" id="text-orgbb11ba1"> +<p> +Here’s <code>/srv/user_salt/pkgs/signal.sls</code> as an example. It starts by installing some dependencies using the most common <code>pkg.installed</code> method, then moves an install script <code>/srv/user_salt/pkgs/install-scripts/signal-repo.sh</code> into a qube and executes it to install the Signal messenger. +</p> + +<div class="org-src-container"> +<pre class="src src-salt"><span style="color: #928374;">...</span> + +<span style="color: #d3869b;">signal--repo-script</span>: + <span style="color: #b8bb26;">file.managed</span>: <span style="color: #928374;"># </span><span style="color: #928374;">file.managed lets you place files from your salt repo into qubes</span> + - <span style="color: #fe8019;">name</span>: /usr/bin/install-repo <span style="color: #928374;"># </span><span style="color: #928374;">this is where the installation script is placed</span> + - <span style="color: #83a598;">source</span>: <span style="color: #fe8019;">salt://</span>pkgs/install-scripts/signal-repo.sh <span style="color: #928374;"># </span><span style="color: #928374;">This is where the installation script was sourced</span> + - <span style="color: #83a598;">user</span>: root <span style="color: #928374;"># </span><span style="color: #928374;">sets the owner of the file, you can usually default to root</span> + - <span style="color: #83a598;">group</span>: root <span style="color: #928374;"># </span><span style="color: #928374;">sets the group of the file, you can usually default to root</span> + - <span style="color: #83a598;">mode</span>: 777 <span style="color: #928374;"># </span><span style="color: #928374;">sets the permissions of the file, you can usually default to 777 (any user on the qube has permissions)</span> + +<span style="color: #928374;"># </span><span style="color: #928374;">This simply executes the install-repo script in a qube</span> +<span style="color: #b8bb26;">'install-repo'</span>: + <span style="color: #b8bb26;">cmd.run</span> +</pre> +</div> + +<p> +Here’s the installation script that’s ran: +</p> +</div> +<div id="outline-container-org1b7a6da" class="outline-3"> +<h3 id="org1b7a6da"><code>/srv/user_salt/pkgs/install-scripts/signal-repo.sh</code></h3> +<div class="outline-text-3" id="text-org1b7a6da"> +<div class="org-src-container"> +<pre class="src src-bash"><span style="color: #928374;"># </span><span style="color: #928374;">Retrieves Signal's key for verifying the package</span> +<span style="color: #928374;"># </span><span style="color: #928374;">The request is proxied through 127.0.0.1:8082 to allow the template qube to access the internet</span> +<span style="color: #fabd2f;">sudo</span> <span style="color: #fabd2f;">curl</span> --proxy 127.0.0.1:8082 -s https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor | <span style="color: #fabd2f;">sudo</span> tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null + +<span style="color: #928374;"># </span><span style="color: #928374;">Defines Signal's repo in /etc/apt/sources.list.d/</span> +<span style="color: #fabd2f;">echo</span> <span style="color: #b8bb26;">'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main'</span> | tee /etc/apt/sources.list.d/signal-xenial.list + +<span style="color: #928374;"># </span><span style="color: #928374;">Updates packages and installs signal-desktop through the newly configured repository</span> +<span style="color: #fabd2f;">sudo</span> apt update +<span style="color: #fabd2f;">sudo</span> apt install signal-desktop -y +</pre> +</div> +</div> +</div> +</div> +</div> +<div id="postamble" class="status"> +<p class="date">Created: 2025-04-02 Wed 23:33</p> +</div> +</body> +</html> |