CHANGED: Mitigate Fedora issue by replacing file.managed source: in common.onionize...

diff --git a/user_salt/common/onionize-repositories/files/derivative.list b/user_salt/common/onionize-repositories/files/derivative.list
new file mode 100644 (file)
index 0000000..8bbe4bc
--- /dev/null
+++ b/user_salt/common/onionize-repositories/files/derivative.list
@@ -0,0 +1,19 @@
+## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
+## See the file COPYING for copying conditions.
+
+## /etc/apt/sources.list.d/derivative.list
+
+## This file has been automatically created by repository-dist.
+## If you make manual changes to it, your changes get lost next time you run
+## the repository-dist tool.
+## You can conveniently manage this file, using the repository-dist tool.
+## For any modifications (delete this file, use stable version, use testers
+## version or use developers version), please use the repository-dist tool.
+## Run:
+##    sudo repository-dist
+## Leaving source line disabled by default to save some time, it's not useful
+## anyway, since it's better to get the source code from the git repository.
+
+deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm main contrib non-free
+#deb-src [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm main contrib non-free
+

diff --git a/user_salt/common/onionize-repositories/onionize-repositories--fedora-qubes-repos.sls b/user_salt/common/onionize-repositories/onionize-repositories--fedora-qubes-repos.sls
index 8b4129284d5bf51dcb0db16360fe1ae9ec6076bd..da64afd2df1726b9feaaca47fd48f9c1ba9a5ed3 100644 (file)
--- a/user_salt/common/onionize-repositories/onionize-repositories--fedora-qubes-repos.sls
+++ b/user_salt/common/onionize-repositories/onionize-repositories--fedora-qubes-repos.sls
@@ -3,7 +3,45 @@
 onionize-repositories--fedora-qubes-repos:
   file.managed: 
     - name: /etc/yum.repos.d/qubes-r4.repo
-    - source: salt://common/onionize-repositories/files/fedora-qubes-r4.repo
+    - contents: |
+        [qubes-vm-r4.2-current]
+        name = Qubes OS Repository for VM (updates)
+        #baseurl = https://yum.qubes-os.org/r4.2/current/vm/fc$releasever
+        baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/current/vm/fc$releasever
+        gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4.2-primary
+        skip_if_unavailable=False
+        gpgcheck = 1
+        repo_gpgcheck = 1
+        enabled=1
+        
+        [qubes-vm-r4.2-current-testing]
+        name = Qubes OS Repository for VM (updates-testing)
+        #baseurl = https://yum.qubes-os.org/r4.2/current-testing/vm/fc$releasever
+        baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/current-testing/vm/fc$releasever
+        gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4.2-primary
+        skip_if_unavailable=False
+        gpgcheck = 1
+        repo_gpgcheck = 1
+        enabled=0
+        
+        [qubes-vm-r4.2-security-testing]
+        name = Qubes OS Repository for VM (security-testing)
+        #baseurl = https://yum.qubes-os.org/r4.2/security-testing/vm/fc$releasever
+        baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/security-testing/vm/fc$releasever
+        gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4.2-primary
+        skip_if_unavailable=False
+        gpgcheck = 1
+        repo_gpgcheck = 1
+        enabled=0
+        
+        [qubes-vm-r4.2-unstable]
+        name = Qubes OS Repository for VM (unstable)
+        #baseurl = https://yum.qubes-os.org/r4.2/unstable/vm/fc$releasever
+        baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/unstable/vm/fc$releasever
+        gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4.2-unstable
+        gpgcheck = 1
+        repo_gpgcheck = 1
+        enabled=0
     - user: root
     - group: root
     - mode: 600

diff --git a/user_salt/common/onionize-repositories/onionize-repositories--whonix-derivate.sls b/user_salt/common/onionize-repositories/onionize-repositories--whonix-derivate.sls
index 57ff0398319bc345e30c748480d173cf373a70d8..a35c3e48ddc9d2d8f9325dc68184458e63b6e7dd 100644 (file)
--- a/user_salt/common/onionize-repositories/onionize-repositories--whonix-derivate.sls
+++ b/user_salt/common/onionize-repositories/onionize-repositories--whonix-derivate.sls
@@ -1,7 +1,11 @@
-{% if 'whonix' in grains['id'] %}
+{% if 'whonix' in grains['id'] and not 'dvm' in grains['id'] %}
 
 onionize-repositories--whonix-derivative:
-  cmd.run:
-    - name: repository-dist --enable --transport onion 
+  file.managed:
+    - name: /etc/apt/sources.list.d/derivative.list
+    - source: salt://common/onionize-repositories/files/derivative.list
+    - user: root
+    - group: root
+    - mode: 644
 
 {% endif %}