-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sat, Jan 28, 2017 at 05:55:14PM -0500, Jean-Philippe Ouellet wrote:
> From https://github.com/QubesOS/qubes-issues/issues/910#issuecomment-275872140
> (here to not pollute that issue)
>
> @marmarek wrote:
> > BTW I'm curious how many people have custom qrexec services ;) On one of my
> > machines I have 15 of them.
>
>
> I have at least the following (not all are finished or enabled):
So, if we're listing them, here are few of mine:
1. write USB - _unidirectional_ service to write an fs image into USB
stick (service into USB VM)
2. update local apt/yum repository[1] - get packages just uploaded via
qubes.Filecopy and expose them to LAN as yum/apt repo
3. inter-VM git connection[1]
4. send SMS - use built-in modem to send a SMS (using ModemManager d-bus
API) - currently both destination number and text are inside of pipe,
but I consider putting the number into service argument (to allow some
VM to send SMSes only to selected numbers)
5. all those defined in qubes-builder[2], recently published details in [3]
6. (WIP) trigger build in response to github notification (notification
received in one VM, then send a simple signal "something have changed"
to build VM(s) - those VMs will fetch appropriate git repositories (with
signed tags verification), and check if any new package needs to be
built.
7. activate screenlocker - this service is launched when I unplug
yubikey from USB VM (USB VM->dom0, without any data inside the pipe)
8. Send wake-on-lan signal to other machine (service into netvm)
In context of the #910 ticket, here are those where I have multiple
target domains with "allow" rule:
- qubes.Filecopy - I have various scripts to automate my workflow, for
example:
- build rpm package
- qubes.Filecopy it to a VM running repository exposed to my LAN
- run another service to update metadata on that repository (see
service 2)
or this:
- get a build log(s)
- qubes.Filecopy it to another VM with gist tool installed[4], and
limited github API key configured
- launch another service to upload those file to gist
or this:
- build a kernel + initrd
- qubes.Filecopy it to a VM with tftpserver - there
~/QubesIncoming is exposed into LAN using tftp (and my DHCP server
points there to look for PXE files)
In all the above cases, a source VM have multiple "allow" rules to
different destination VMs. In fact on this system the final line of
qubes.Filecopy policy is "$anyvm $anyvm deny", not "ask" ;)
- inter-vm git access - this allows me to push code into different
build/test environment - for example I have different VM to build
some preliminary PoC code, different VM to build test templates (not
using DispVM there, to not rebuild everything each time), etc
- service in point 6 will need to notify _multiple_ build VMs when some
notify arrive - for example to build all Fedora and Debian packages
(those are different build environments)
[1] https://www.qubes-os.org/doc/development-workflow/
[2] https://github.com/QubesOS/qubes-builder/tree/master/rpc-services
[3] https://github.com/QubesOS/qubes-infrastructure
[4] https://github.com/defunkt/gist
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYjU2mAAoJENuP0xzK19csR4wH/0xHbXH6K6QksHe7e8Gxj4ky
a79M1I/Yhq8av4PZvAWSP2WnUomKU2VH9/KSle2GekXIVahpjH3ieVvvsgEFyWJc
5CW0/a0Aq3fLM4rXcsU7R/0YQtfjnu1OgmVQa3CbFTaLFArcyATxD8ODMSfdvtHH
5fFPFiBCplLM3pFIm57hp0+CpqE4fYOonsPsXeBdD9EorhwqyFh9Vbnyx9JbhKFA
1hZ9yBCgM6Hd4AhvUH2zj6bcxfRINHDJ4EYikiBjvAzYIgQq3cxqGhZNKK6k+h9D
ERatifySW6HeKwGXPTHqerxApP131MlucZxIm6sKVsum6nUQs0b72lY12cJjncs=
=nFoR
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20170129020422.GU1285%40mail-itl.
For more options, visit https://groups.google.com/d/optout.
