fix: install salt depends in fedora-39-minimal

Fixes: #38

salt/fedora-minimal/README.md

@@ -21,13 +21,15 @@ it.
 sudo qubesctl top.enable fedora-minimal
 sudo qubesctl --targets=fedora-39-minimal state.apply
 sudo qubesctl top.disable fedora-minimal
+sudo qubesctl state.apply fedora-minimal.prefs
 ```
 
 - State:
 <!-- pkg:begin:post-install -->
 ```sh
 sudo qubesctl state.apply fedora-minimal.create
 sudo qubesctl --skip-dom0 --targets=fedora-39-minimal state.apply fedora-minimal.install
+sudo qubesctl state.apply fedora-minimal.prefs
 ```
 <!-- pkg:end:post-install -->
 

salt/fedora-minimal/create.sls

@@ -9,6 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 {%- import slsdotpath ~ "/template.jinja" as template -%}
 
 include:
+  - fedora.create
   - .clone
 
 "dvm-{{ template.template }}-absent":
@@ -62,3 +63,22 @@ features:
   - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
 {%- endload %}
 {{ load(defaults) }}
+
+"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora":
+  qvm.vm:
+    - require:
+      - qvm: dvm-fedora
+    - name: {{ template.template }}
+    - prefs:
+      - management_dispvm: dvm-fedora
+
+## TODO: Remove when template with patch reaches upstream or updates enforce
+## salt-deps to be installed.
+## https://github.com/QubesOS/qubes-issues/issues/8806
+"{{ slsdotpath }}-install-salt-deps":
+  cmd.script:
+    - require:
+      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora"
+    - name: salt-patch.sh
+    - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh
+    - args: {{ template.template }}

salt/fedora-minimal/files/admin/bin/salt-patch.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+## SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <[email protected]>
+##
+## SPDX-License-Identifier: AGPL-3.0-or-later
+
+## TODO: Remove when template with patch reaches upstream or updates enforce
+## salt-deps to be installed.
+## https://github.com/QubesOS/qubes-issues/issues/8806
+
+set -eu
+
+qube="${1}"
+qvm-run --user=root --pass-io --filter-escape-chars --no-color-output \
+  --no-color-stderr "${qube}" -- \
+  "dnf --quiet install --refresh --assumeyes --setopt=install_weak_deps=False python3-urllib3"

salt/fedora-minimal/prefs.sls

@@ -0,0 +1,29 @@
+{#
+SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <[email protected]>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-set-management_dispvm-to-default":
+  qvm.vm:
+    - require:
+      - cmd: "{{ slsdotpath }}-install-salt-deps"
+    - name: {{ template.template }}
+    - prefs:
+      - management_dispvm: "*default*"
+
+## TODO: Remove when template with patch reaches upstream or updates enforce
+## salt-deps to be installed.
+## https://github.com/QubesOS/qubes-issues/issues/8806
+"{{ slsdotpath }}-shutdown-template":
+  qvm.shutdown:
+    - require:
+      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-default"
+    - name: {{ template.template }}
+    - flags:
+      - force

salt/fedora-minimal/prefs.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <[email protected]>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - fedora-minimal.prefs

salt/mgmt/create.sls

@@ -9,12 +9,14 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
   - fedora.create
   - .clone
+  - fedora-minimal.prefs
 
 {% load_yaml as defaults -%}
 name: tpl-{{ slsdotpath }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
+- sls: fedora-minimal.prefs
 prefs:
 - audiovm: ""
 {%- endload %}
@@ -48,15 +50,20 @@ features:
 {{ load(defaults) }}
 
 "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora":
-  cmd.run:
+  qvm.vm:
     - require:
       - qvm: dvm-fedora
-    - name: qubes-prefs management_dispvm dvm-fedora
+    - name: tpl-{{ slsdotpath }}
+    - prefs:
+      - management_dispvm: dvm-fedora
 
-## TODO: Remove when template with patch reaches upstream.
+## TODO: Remove when template with patch reaches upstream or updates enforce
+## salt-deps to be installed.
 ## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-install-":
-  cmd.run:
+"{{ slsdotpath }}-install-salt-deps":
+  cmd.script:
     - require:
-      - qvm: tpl-{{ slsdotpath }}
-    - name: qvm-run -u root tpl-{{ slsdotpath }} -- dnf install --refresh --assumeyes --setopt=install_weak_deps=False python3-urllib3
+      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora"
+    - name: salt-patch.sh
+    - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh
+    - args: tpl-{{ slsdotpath }}

salt/mgmt/install.top

@@ -1,10 +1,9 @@
 {#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <[email protected]>
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <[email protected]>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
 base:
   'tpl-mgmt':
-    - match: glob
     - mgmt.install

salt/mgmt/prefs.sls

@@ -1,21 +1,33 @@
 {#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <[email protected]>
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <[email protected]>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
-"{{ slsdotpath }}-set-management_dispvm":
-  cmd.run:
-    - name: qubes-prefs management_dispvm dvm-{{ slsdotpath }}
+include:
+  - .create
+
+"{{ slsdotpath }}-set-management_dispvm-to-default":
+  qvm.vm:
+    - require:
+      - cmd: "{{ slsdotpath }}-install-salt-deps"
+    - name: tpl-{{ slsdotpath }}
+    - prefs:
+      - management_dispvm: "*default*"
 
 "{{ slsdotpath }}-remove-default-mgmt-dvm":
   qvm.absent:
-    - name: default-mgmt-dvm
     - require:
-      - cmd: {{ slsdotpath }}-set-management_dispvm
+      - qvm: {{ slsdotpath }}-set-management_dispvm-to-default
+    - name: default-mgmt-dvm
 
-## TODO: Remove when template with patch reaches upstream.
+## TODO: Remove when template with patch reaches upstream or updates enforce
+## salt-deps to be installed.
 ## https://github.com/QubesOS/qubes-issues/issues/8806
 "{{ slsdotpath }}-shutdown-template":
   qvm.shutdown:
+    - require:
+      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-default"
     - name: tpl-{{ slsdotpath }}
+    - flags:
+      - force

salt/qubes-builder/README.md

@@ -35,13 +35,15 @@ template.
 sudo qubesctl top.enable qubes-builder
 sudo qubesctl --targets=tpl-qubes-builder,dvm-qubes-builder,qubes-builder state.apply
 sudo qubesctl top.disable qubes-builder
+sudo qubesctl state.apply qubes-builder.prefs
 ```
 
 - State
 <!-- pkg:begin:post-install -->
 ```sh
 sudo qubesctl state.apply qubes-builder.create
 sudo qubesctl --skip-dom0 --targets=tpl-qubes-builder state.apply qubes-builder.install
+sudo qubesctl state.apply qubes-builder.prefs
 sudo qubesctl --skip-dom0 --targets=dvm-qubes-builder state.apply qubes-builder.configure-qubes-executor
 sudo qubesctl --skip-dom0 --targets=qubes-builder state.apply qubes-builder.configure
 ```

salt/qubes-builder/create.sls

@@ -8,12 +8,14 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 
 include:
   - .clone
+  - fedora-minimal.prefs
 
 {% load_yaml as defaults -%}
 name: tpl-{{ slsdotpath }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
+- sls: fedora-minimal.prefs
 prefs:
 - audiovm: ""
 {%- endload %}
@@ -85,3 +87,22 @@ features:
 
 {% from 'utils/macros/policy.sls' import policy_set with context -%}
 {{ policy_set(sls_path, '70') }}
+
+"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora":
+  qvm.vm:
+    - require:
+      - qvm: dvm-fedora
+    - name: tpl-{{ slsdotpath }}
+    - prefs:
+      - management_dispvm: dvm-fedora
+
+## TODO: Remove when template with patch reaches upstream or updates enforce
+## salt-deps to be installed.
+## https://github.com/QubesOS/qubes-issues/issues/8806
+"{{ slsdotpath }}-install-salt-deps":
+  cmd.script:
+    - require:
+      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora"
+    - name: salt-patch.sh
+    - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh
+    - args: tpl-{{ slsdotpath }}

salt/qubes-builder/prefs.sls

@@ -0,0 +1,27 @@
+{#
+SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <[email protected]>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-set-management_dispvm-to-default":
+  qvm.vm:
+    - require:
+      - cmd: "{{ slsdotpath }}-install-salt-deps"
+    - name: tpl-{{ slsdotpath }}
+    - prefs:
+      - management_dispvm: "*default*"
+
+## TODO: Remove when template with patch reaches upstream or updates enforce
+## salt-deps to be installed.
+## https://github.com/QubesOS/qubes-issues/issues/8806
+"{{ slsdotpath }}-shutdown-template":
+  qvm.shutdown:
+    - require:
+      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-default"
+    - name: tpl-{{ slsdotpath }}
+    - flags:
+      - force

salt/qubes-builder/prefs.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <[email protected]>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - qubes-builder.prefs