On Thu, Sep 12, 2019 at 10:41:35PM -0400, Brian C. Duggan wrote: > Thanks for these great resources, unman. Wish I had known about them when I > got started. > > Where do you edit the salt files and how do you keep them under version > control? Earlier, Marek said he synchronized his configuration using > signed tarballs, manually: > > https://groups.google.com/d/msg/qubes-users/PtzhBZ8pT4w/8hyG1KWiCAAJ > > But it's unclear to me whether he edits, signs, and tars in dom0 and > transfers those *out* of dom0, or does those things in a VM and transfers > them *in* to dom0. > > I ask because it's obviously much more convenient to edit, sign, and version > control those files in a VM with the latest editors, gnupg, and > git. But copying data in to dom0 is generally undesirable and slows salt > config iteration. > > Brian >
I don't know what Marek does. I edit files in dom0, manually copy them to offline dispVM , gpg sign, copy them to online dispVM and store in git. This sounds long winded: it's not. It's automated in script. On a new machine, just reverse the process. Pull down the files you want - check sig - copy to offline - check - transfer to dom0. Because salt files are so straightforward it's possible to audit before use. You could also store checksums from dom0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190918014935.GA24270%40thirdeyesecurity.org.
