On August 14, 2020 11:12:13 AM UTC, 54th Parallel <[email protected]> wrote: >How does this look? > >*Outline of qubes-dom0-update-guard* > >*Usage: Use in conjunction with manual dom0 update* >* sudo qubes-dom0-update -y && qubes-dom0-update-guard* > ><START SCRIPT> >Prompt 1: "Please enter the name of a clean VM with access to Tor (e.g. > >anon-whonix): " > Check if entered name is a VM > If false, alert and prompt again > If true, proceed > Check if VM has Tor access > If Tor inaccessible, alert and prompt again > If Tor accessible, enter input into variable 'VM1' and proceed > >Prompt 2: "Please enter the name of a clean, Debian-based disposable VM > >template with no assigned NetVM: " > Check if enter name is a VM > If false, alert and prompt again > If true, proceed > Check if VM is a disposable VM template (via qvm-prefs) > If false, alert and prompt again > If true, proceed > Check if VM is based on Debian (via qvm-prefs) > If false, alert and prompt again > If true, proceed > Check if VM has no NetVM assigned (via qvm-prefs) > If false, alert and prompt again > If true, enter input into variable 'VM1' and proceed > >Start VM1 > Retreive repodata from Onion and HTTPS mirrors > Alert if less than 3 mirrors accessible > Maybe halt process or give choice to continue? > Maybe instead alert if low proportion (predefined) of mirrors >available > Since that might indicate trouble > Move repodata files to VM2 (starts VM2) > >In VM2 > Cross-check Onion and HTTPS repodata > If any are different, alert, list differences, <EXIT SCRIPT> > If all match, proceed > >Write output of dom0 'rpm -qa' or 'yum list installed' to a file, >overwriting old version > Copy into VM2 (same folder as repodata) > >In VM2, parse and re-write cross-checked Onion repodata into same >format as >'rpm -qa' or 'yum list installed' output > Include newest version of each package only > Cross-check output against dom0 output using same method for repodata > If one or more differences, alert (loudly) and list differences, >then <END SCRIPT> > If both match, notify and <END SCRIPT> > > >I think the part that will pose the biggest challenge to my almost >non-existence programming skills is the last part, where I have to >write a >program that will parse and repackage Onion repodata into a list of >most >recent packages. The rest seems workable, especially since I'm using >Chris' >qubes4-multi-update as reference for the script, which will be in >Python. >On Monday, 10 August 2020 at 21:13:46 UTC+8 [email protected] >wrote: > >> On Monday, 10 August 2020 18:39:53 UTC+8, Andrew David Wong wrote: >>> >>> The QSB formats are actually pretty standardized already, though our > >>> expectation has been that they'd be read by humans rather than >>> programmatically. We use a template [1] for the overall structure, >and >>> in particular, the "Patching" section always follows this format: >>> >> >> Chris, Andrew, >> >> I'm grateful for your pointers. As a newcomer to programming, I don't > >> think I'm ready to integrate bulletin parsing and PGP verification >into my >> script. As of right now I'm trying to figure out whether I should use >bash, >> sh, or Python to write the script and using Chris' qubes-scripts and >> qubes-vm-hardening as reference on how I should proceed. Maybe I'll >get >> around to integrating PGP verification into the process, but for now >I want >> to focus on the basics. >> >> Besides, don't the bulletins cover only a tiny (though critical) >portion >> of the updates dom0 receives? The PGP verification will provide a >strong >> additional layer of assurances, but I think cross-checking 'rpm -qa' >> against the onion repodata, which itself has been cross-checked with >at >> least three other HTTPS repodata, should suffice for now, given my >> abilities. >> >> Oh, and if someone more proficient at programming than I am (probably >> >> 90% of the people here) would like to write the script, then by all >> means--I'll take my time and will likely come up with something >substandard >> and in need of multiple major revisions. I can still practice even >though >> someone else has written it, so please don't think of this little >project >> as 'mine' or anything--I'd hate to get in the way of others improving > >> Qubes' security. >> > >-- >You received this message because you are subscribed to the Google >Groups "qubes-users" group. >To unsubscribe from this group and stop receiving emails from it, send >an email to [email protected]. >To view this discussion on the web visit >https://groups.google.com/d/msgid/qubes-users/2b0d3b92-7c9b-4595-860f-18bf4561f57dn%40googlegroups.com.
I am so confused. Please explain what you want to do, but no like in a pseudo-script method. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3F032ABE-F7C0-43E9-9F5E-580836461E2D%40pretty.Easy.privacy.
pEpkey.asc
Description: application/pgp-keys
