feat: better dom0 terminal usability

These helpers were in the dotfiles submodule, but they are very useful
and makes sense to port them to this project, especially when in need to
update Qusal.

Fixes: #18
Fixes: #21

README.md

@@ -10,13 +10,14 @@ and will be introduced in the meantime. You've been warned.
 ## Table of Contents
 
 * [Description](#description)
-* [Prerequisites](#prerequisites)
 * [Installation](#installation)
+  * [Prerequisites](#prerequisites)
   * [DomU Installation](#domu-installation)
   * [Dom0 Installation](#dom0-installation)
 * [Update](#update)
   * [DomU Update](#domu-update)
-  * [Dom0 Update](#dom0-update)
+  * [Dom0 Update without extra packages](#dom0-update-without-extra-packages)
+  * [Dom0 Update with Git](#dom0-update-with-git)
 * [Usage](#usage)
 * [Contribute](#contribute)
 * [Donate](#donate)
@@ -78,7 +79,7 @@ You current setup needs to fulfill the following requisites:
 Before copying anything to Dom0, read [Qubes OS warning about consequences of
 this procedure](https://www.qubes-os.org/doc/how-to-copy-from-dom0/#copying-to-dom0).
 
-1. Copy this repository `$file` from the DomU `$qube` to Dom0:
+1. Copy the repository `$file` from the DomU `$qube` to Dom0:
   ```sh
   qube="CHANGEME" # qube name where you downloaded the repository
   file="CHANGEME" # path to the repository in the qube
@@ -103,8 +104,8 @@ this procedure](https://www.qubes-os.org/doc/how-to-copy-from-dom0/#copying-to-d
 ## Update
 
 To update, you can copy the repository again to dom0 as instructed in the
-[installation](#installation) instructions above or you can fetch it with Git,
-as will be demonstrated below.
+[installation](#installation) section above or you can use easier methods
+demonstrated below.
 
 ### DomU Update
 
@@ -113,7 +114,35 @@ Update the repository state in your trusted DomU:
 git -C ~/src/qusal fetch --recurse-submodules
 ```
 
-### Dom0 Update
+### Dom0 Update without extra packages
+
+This method is similar to the installation method, but shorter.
+
+1. Install the helpers scripts on Dom0 (only has to be run once):
+  ```sh
+  sudo qubesctl state.apply dom0.install-helpers
+  ```
+
+2. Copy the repository `$file` from the DomU `$qube` to Dom0:
+  ```sh
+  qube="CHANGEME" # qube name where you downloaded the repository
+  file="CHANGEME" # path to the repository in the qube
+  rm -rfi ~/QubesIncoming/"${qube}"/qusal
+  UPDATES_MAX_FILES=10000 qvm-copy-to-dom0 "${qube}" "${file}"
+  ```
+
+3. Verify the commit or tag signature and expect a good signature, be
+  surprised otherwise:
+  ```sh
+  git verify-commit HEAD
+  ```
+
+4. Copy the project to the Salt directories:
+  ```sh
+  ~/QubesIncoming/"${qube}"/qusal/scripts/setup.sh
+  ```
+
+### Dom0 Update with Git
 
 1. Install git on Dom0, allow the Qrexec protocol to work in submodules and
    clone the repository to `~/src/qusal` (only has to be run once):

salt/dom0/files/bin/qvm-copy-to-dom0

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <[email protected]>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Copy a file from an DomU to Dom0. Script has to be run in Dom0
+set -eu
+
+usage(){
+  echo "usage: ${0##*/} <QUBE> <FILE> <FILE2...>
+note: disk quota is capped and can be controlled via environment variables:
+note:   UPDATES_MAX_BYTES (default: 4GiB)
+note:   UPDATES_MAX_FILES (default: 2048)" >&2
+  exit 1
+}
+
+test -n "${2-}" || usage
+qube="${1}"
+shift
+
+dir="${HOME}/QubesIncoming/${qube}"
+user="$(qvm-prefs --get -- "${qube}" default_user)"
+max_bytes="${UPDATES_MAX_BYTES:-4GiB}"
+max_files="${UPDATES_MAX_FILES:-2048}"
+qvm-run --pass-io --localcmd="
+  UPDATES_MAX_BYTES=\"${max_bytes}\" UPDATES_MAX_FILES=\"${max_files}\"
+  /usr/libexec/qubes/qfile-dom0-unpacker \"${user}\" \"${dir}\"" \
+  "${qube}" /usr/lib/qubes/qfile-agent "${@}"

salt/dom0/files/bin/qvm-file-manager

@@ -0,0 +1 @@
+qvm-terminal

salt/dom0/files/bin/qvm-terminal

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <[email protected]>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+set -eu
+
+me="${0##*/}"
+
+usage(){
+  printf '%s\n' "Usage: ${me} [QVM-RUN_OPTIONS] QUBE
+Examples:
+  ${me} --dispvm=DVM_TEMPLATE
+  ${me} -u root QUBE
+  ${me} QUBE" >&2
+  exit "${1-"1"}"
+}
+
+case "${me}" in
+  *-terminal) service=qubes-run-terminal ;;
+  *-file-manager) service=qubes-open-file-manager ;;
+  *) printf '%s\n' "Invalid script name: ${me}" exit 1 ;;
+esac
+
+
+case "${1-}" in
+  -h|--help)
+    usage 1
+    ;;
+  "")
+    ## Try to run on focused window, if Dom0 is focused, it will prompt you to
+    ## select a qube window.
+    id="$(xdotool getwindowfocus)"
+    qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F '"' '{print $2}')"
+    if test -n "${qube}"; then
+      exec qvm-run --service -- "${qube}" "qubes.StartApp+${service}"
+    fi
+    echo "Select a qube window ..."
+    id="$(xdotool selectwindow)"
+    qube="$(xprop -id "${id}" -notype _QUBES_VMNAME | awk -F '"' '{print $2}')"
+    if test -n "${qube}"; then
+      qvm-run --service -- "${qube}" "qubes.StartApp+${service}"
+    fi
+    ;;
+  *)
+    qvm-run --service "${@}" -- "qubes.StartApp+${service}"
+    ;;
+esac

salt/dom0/helpers.sls

@@ -0,0 +1,38 @@
+{#
+SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <[email protected]>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] == 'dom0' -%}
+
+"{{ slsdotpath }}-terminal-helper":
+  file.managed:
+    - name: /usr/local/bin/qvm-termnal
+    - source: salt://{{ slsdotpath }}/files/bin/qvm-terminal
+    - mode: "0755"
+    - user: root
+    - group: root
+    - makedirs: True
+
+"{{ slsdotpath }}-file-manager-helper":
+  file.symlink:
+    - require:
+      - file: "{{ slsdotpath }}-terminal-helper"
+    - name: /usr/local/bin/qvm-file-manager
+    - target: /usr/local/bin/qvm-terminal
+    - user: root
+    - group: root
+    - force: True
+    - makedirs: True
+
+"{{ slsdotpath }}-copy-to-dom0-helper":
+  file.managed:
+    - name: /usr/local/bin/qvm-copy-to-dom0
+    - source: salt://{{ slsdotpath }}/files/bin/qvm-copy-to-dom0
+    - mode: "0755"
+    - user: root
+    - group: root
+    - makedirs: True
+
+{% endif -%}

salt/dom0/helpers.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <[email protected]>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - dom0.helpers

salt/dom0/init.sls

@@ -7,11 +7,13 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 {% if grains['nodename'] == 'dom0' -%}
 
 include:
+  - .backup
+  - .dotfiles
+  - .helpers
   - .install
+  - .kde
   - .port-forward
-  - .backup
+  - .update-settings
   - .xorg
-  - .kde
-  - .dotfiles
 
 {% endif -%}

salt/dom0/install.sls

@@ -8,18 +8,6 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 
 {% if grains['nodename'] == 'dom0' -%}
 
-{% load_yaml as defaults -%}
-name: {{ slsdotpath }}
-force: True
-features:
-- set:
-  - qubes-vm-update-if-stale: 4
-  - qubes-vm-update-max-concurrency: 4
-  - qubes-vm-update-restart-system: 1
-  - qubes-vm-update-restart-other: 0
-{%- endload %}
-{{ load(defaults) }}
-
 "{{ slsdotpath }}-updated":
   pkg.uptodate:
     - refresh: True

salt/dom0/update-settings.sls

@@ -0,0 +1,21 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <[email protected]>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] == 'dom0' -%}
+
+{% load_yaml as defaults -%}
+name: {{ slsdotpath }}
+force: True
+features:
+- set:
+  - qubes-vm-update-if-stale: 4
+  - qubes-vm-update-max-concurrency: 4
+  - qubes-vm-update-restart-system: 1
+  - qubes-vm-update-restart-other: 0
+{%- endload %}
+{{ load(defaults) }}
+
+{% endif -%}

salt/dom0/update-settings.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <[email protected]>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - dom0.update-settings