Kunal Mehta
Kunal Mehta
Re: `immune to qube rename side-effects (if they ever happen)` - one consideration could be to set a `sd-app` Qubes service on the sd-app VM, `sd-log` service on sd-log VM,...
To clarify, that was just my suggestion if we wanted to work around the "qube rename side-effects" problem; I still prefer ConditionHost. > Because in reality this a bit of...
> But other ideas may come up in the meeting we're having later. Marek's point about wanting to set it in multiple VMs was pretty convincing to me. In theory...
> Make disposable + provision via systemd + qubes services: > * sd-proxy Once https://github.com/freedomofpress/securedrop-workstation/pull/1035 lands, proxy is fully ready to be disposable! (I'm not sure why it has the...
I think there's a circular problem, because e.g. even if we had auditing like #951/#939, presumably those would also be (un)installed into dom0 by the RPM. And there's no (foolproof)...
I think `config.json:.environment` + `/etc/apt/sources.list.d/securedrop_workstation.list` will probably merit a different mechanism (or at least it might not make sense to consider here) because 1) it goes into the templateVM, not...
> `vm_config.*` should be expanded into environment variables automatically; or I'm not really sure how to do this, but if it's possible and straightforward, it would be my preference just...
@cfm and I discussed this more just now, starting with focusing on the proxy's needs and then looking at everything else. We started looking at point 2 of the straw...
> In Python, it turns out that we can do this trivially via [`QubesDB.read()`](https://github.com/marmarek/qubes-core-qubesdb/blob/19742f00d0e7b1d437e94672b64ed8578a245385/python/qubesdb.c#L87) in the Python QubesDB bindings. The caveat is how we import them from within our virtualenv,...
Here's an alternative way to install the Python QubesDB library that doesn't rely on `--system-site-packages`: ```patch diff --git a/client/pyproject.toml b/client/pyproject.toml index bc317cf3..740f45bf 100644 --- a/client/pyproject.toml +++ b/client/pyproject.toml @@ -42,6 +42,7...