Use new policy format and location

README.md

@@ -33,14 +33,15 @@ Just run `dpkg-buildpackage -us -uc` at the top level.
 
 Install the deb or the rpm on your TemplateVM(s).
 
-Create/Edit `/etc/qubes-rpc/policy/qubes.Gpg2` in dom0, it should contain something like:
+
+## Configuration
+
+Create/Edit `/etc/qubes/policy.d/30-user-gpg2.policy` in dom0, and add a line like this:
 
 ```
-gpg-client-vm gpg-server-vm allow
+qubes.Gpg2 + gpg-client-vm @default allow target=gpg-server-vm
 ```
 
-## Configuration
-
 Import/Generate your secret keys in the server domain.
 For example:
 ```
@@ -52,10 +53,6 @@ or
 gpg-server-vm$ gpg --gen-key
 ```
 
-Now configure which domain the client VM should use as server. Either:
- - Set the target for `@default` in qubes.Gpg2. or
- - Write `SPLIT_GPG2_SERVER_DOMAIN=<gpg-server>` into `~/.config/.split-gpg2-rc`.
-
 In dom0 enable the `split-gpg2-client` service in the client domain, for example via the command-line:
 ```shell
 dom0$ qvm-service <SPLIT_GPG2_CLIENT_DOMAIN_NAME> split-gpg2-client on

qubes.Gpg2.policy

@@ -1,6 +1,8 @@
-# Add a line like
+# Policy for qubes.Gpg2 service.
 #
-#gpg-client-vm gpg-server-vm allow
+# Add line like this:
+#
+# qubes.Gpg2 + gpg-client-vm @default allow target=gpg-server-vm
 #
 # to allow the VM named 'gpg-client-vm' use (but not export) the private keys
 # in 'gpg-server-vm'.

rpm_spec/split-gpg2-dom0.spec.in

@@ -24,15 +24,15 @@ This package contains the Qubes RPC policy for split-gpg2.
 %build
 
 %install
-install -D -m0644 qubes.Gpg2.policy $RPM_BUILD_ROOT/etc/qubes-rpc/policy/qubes.Gpg2
+install -D -m0644 qubes.Gpg2.policy $RPM_BUILD_ROOT/etc/qubes/policy.d/30-user-gpg2.policy
 make install-python-dom0 DESTDIR="$RPM_BUILD_ROOT" PYTHON=%{__python3}
 
 %post
 
 %preun
 
 %files
-%config(noreplace) %attr(0664,root,qubes) /etc/qubes-rpc/policy/qubes.Gpg2
+%config(noreplace) %attr(0664,root,qubes) /etc/qubes/policy.d/30-user-gpg2.policy
 %{python3_sitelib}/splitgpg2tests
 %{python3_sitelib}/splitgpg2tests-*.egg-info