diff --git a/Makefile b/Makefile index 233d6c5e..4c76c423 100644 --- a/Makefile +++ b/Makefile @@ -2,13 +2,11 @@ RPMS_DIR=rpm/ VERSION_DOM0 := $(shell cat version_dom0) VERSION_VAIO_FIXES := $(shell cat version_vaio_fixes) -VERSION_VM := $(shell cat version_vm) DIST_DOM0 ?= fc18 help: @echo "make rpms -- generate binary rpm packages" - @echo "make rpms-vm -- generate binary rpm packages for VM" @echo "make rpms-dom0 -- generate binary rpm packages for Dom0" @echo "make update-repo-current -- copy newly generated rpms to qubes yum repo" @echo "make update-repo-current-testing -- same, but to -current-testing repo" @@ -16,20 +14,12 @@ help: @echo "make update-repo-installer -- copy dom0 rpms to installer repo" @echo "make clean -- cleanup" -rpms: rpms-vm rpms-dom0 +rpms: rpms-dom0 -rpms-libs: - rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-libs.spec - rpm --addsign $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*.rpm +rpms-vm: + @true -rpms-vm: rpms-libs - rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm.spec - rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm-kernel-placeholder.spec - rpm --addsign \ - $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*.rpm \ - $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*.rpm - -rpms-dom0: rpms-libs rpms-vaio-fixes +rpms-dom0: rpms-vaio-fixes rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec rpm --addsign \ $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*.rpm @@ -41,52 +31,17 @@ rpms-vaio-fixes: update-repo-current: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*$(DIST_DOM0)*.rpm ../yum/current-release/current/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*$(DIST_DOM0)*.rpm ../yum/current-release/current/dom0/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$(DIST_DOM0)*.rpm ../yum/current-release/current/dom0/rpm/ - for vmrepo in ../yum/current-release/current/vm/* ; do \ - dist=$$(basename $$vmrepo) ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*$$dist*.rpm $$vmrepo/rpm/ ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$$dist*.rpm $$vmrepo/rpm/;\ - done update-repo-current-testing: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*$(DIST_DOM0)*.rpm ../yum/current-release/current-testing/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*$(DIST_DOM0)*.rpm ../yum/current-release/current-testing/dom0/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$(DIST_DOM0)*.rpm ../yum/current-release/current-testing/dom0/rpm/ - for vmrepo in ../yum/current-release/current-testing/vm/* ; do \ - dist=$$(basename $$vmrepo) ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*$$dist*.rpm $$vmrepo/rpm/ ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$$dist*.rpm $$vmrepo/rpm/;\ - done update-repo-unstable: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*$(DIST_DOM0)*.rpm ../yum/current-release/unstable/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*$(DIST_DOM0)*.rpm ../yum/current-release/unstable/dom0/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$(DIST_DOM0)*.rpm ../yum/current-release/current-testing/dom0/rpm/ - for vmrepo in ../yum/current-release/unstable/vm/* ; do \ - dist=$$(basename $$vmrepo) ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*$$dist*.rpm $$vmrepo/rpm/ ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$$dist*.rpm $$vmrepo/rpm/;\ - done update-repo-installer: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*$(DIST_DOM0)*.rpm ../installer/yum/qubes-dom0/rpm/ - ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*fc18*.rpm ../installer/yum/qubes-dom0/rpm/ - -update-repo-template: - for vmrepo in ../template-builder/yum_repo_qubes/* ; do \ - dist=$$(basename $$vmrepo) ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-kernel-placeholder-*$$dist*.rpm $$vmrepo/rpm/ ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-libs-$(VERSION_LIBS)*$$dist*.rpm $$vmrepo/rpm/;\ - done clean: - make -C dom0/qmemman clean - make -C dom0/restore clean make -C misc clean - make -C qrexec clean - make -C u2mfn clean - make -C vchan -f Makefile.linux clean diff --git a/misc/.gitignore b/misc/.gitignore deleted file mode 100644 index b87d6e19..00000000 --- a/misc/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -meminfo-writer -xenstore-watch diff --git a/misc/Makefile b/misc/Makefile deleted file mode 100644 index e6f653a0..00000000 --- a/misc/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -CC=gcc -CFLAGS=-Wall -g -O3 -all: meminfo-writer xenstore-watch python -meminfo-writer: meminfo-writer.o - $(CC) -g -o meminfo-writer meminfo-writer.o -lxenstore -xenstore-watch: xenstore-watch.o - $(CC) -o xenstore-watch xenstore-watch.o -lxenstore -python: - python -m compileall . - python -O -m compileall . -clean: - rm -f meminfo-writer xenstore-watch *.o *~ *.pyc *.pyo diff --git a/misc/RPM-GPG-KEY-qubes-2-primary b/misc/RPM-GPG-KEY-qubes-2-primary deleted file mode 100644 index 8b3a7647..00000000 --- a/misc/RPM-GPG-KEY-qubes-2-primary +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFClJWMBEADyAZgyocTmLQA0VpEXJKNvziKwaRWWrfzHw992okqRH/7wHfLn -uXZCSeLnFH/u2r7fOearUBajI879YeG8EpQ71wfAybQYGF5ZJWoW4fOEAZKVP8bC -1z65kKZguPcLfBiOWMAhLd8qxB3Zx5vVBM+8pGZ5ToRYxK6ivNTGOJfkz0GMxWCT -q7kMhVpd9xO62pNbDYC884lXk/24CMDy9QDAhTiAPIB+6rN74zw0XYHo5BId9SuL -ougyO3SZObkLOnfaWWEfZGbyFwvZWXigdZ/OPR2EvynBRF/ruJNlmS0EkxGEOMO8 -ASeeik4HblNhdVDgnUG1zsQ6AqS7tKsy/il55gE9teCAnAL7nPLW7YJmnbzdl6nF -HKiHp7rZ+AtbDjkFpGmcbemvD+9gneUhuCzO8YQygqApdTXlcC5bY14SRyFtVDMp -wD9XX0cVHyapMAbWedVTXqhcdQ88kWGZ85jHCaFXkl8JyGNsVYMchJF9D8iemgW+ -IhwveVEN+5FA9Mrd9NrlgxxO9+BuOgGUPKuw3425cOI47Z3hwGrKm35poZfKqA3U -o1Dwz/JbKM7yNXaZeKrj7Sa0zkzMKXff6PRQTZKqnu/ooyOeNziXgulxLMl2qgYg -ZGijQ/VPwhoaoQtThfyUKc/ttozguAWj5K3Se/BUJJyn0as87RA+8mQD8wARAQAB -tB5RdWJlcyBPUyBSZWxlYXNlIDIgU2lnbmluZyBLZXmJAjgEEwECACIFAlClJWMC -GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAxzudQKQORYvqUQAPAMwdFu -vyR98Q18jzgW6k+5OXNOW53xET+zSZyO/Na7oHC7l8uSOrA8Cu054zeVPzaKMfmr -9bnmb6pfk73Yd/P5AMWXd7h7xZ27Jwi0lhLmxsjMB1fJEJ/bA65m//PxqgIC9PNT -alg0yVE66GdHCVsXJA2XFBTuRyJbLphU8dY1kNesHVdW+Msm+prGOrv+FFzTZDxT -jp87L+xKqTYKgmpphPeM5OzaEj3bOHg3SK1VTVrzRgVVRRKNJKuLIprx5SOpGZxf -5xoPqqdotR4PbM0HQ2gvWy/JlIntN+btVAvwS7e+gcr15oBVsU6uvVJQERZsBDFV -dDffkgOgGVimv21zcxj5RKaUYEpBTqkKZaV23iZ6SQPFBhrjNmljDganTe5tioVQ -mo52s875hYV9VSOLVFOn+pkS0kV5/kFVxoPwHZ+SRKsVcSrRnd9t/et4+VcOCdaC -jX9rYPVQOP019V94dNQWLHYZDBcUZE6zX3xujH2BY+iw5EtjkNl5flaLw+yEUp1o -fbPjOgu0oA6qfoeK/3JtV12RnA08yi35fPKEQ45Qx/Rfs3fMNxiTxD9qZIM3rzXD -nLiNb3cXzqO29iLjhohC17IZrNfSgL81c9NeZ17eKVbUmKicM70BzJyJUvum3bHB -CvO5f7WECZP8UKiqmT4ys6yIyRz1ZrnaY5O7iQIcBBABAgAGBQJQpScRAAoJEN36 -Gj42h5SUMHYP/2orT2b87YIXkOa1fwnaJtvLbMOisdscCn5kOU+30oQF0HLcCvdT -3iHokH9qFAr2slFAHDumkXu/iMordpR1lGItwLF1v6+9yHor03p/LP1JcVl/0PDf -nH4q6P9gQwHjq3RYVOdgYHJsDz2VSbvcsIfODKSxr95TsR1LgYasab4gre64gW3Y -kS4ao9W3QUeglbcYUbeYR+mbZvzq1yMg2qIrv89cYcXGdJFrIrlc6biD7v1V5pRH -CbAX9oWNoaUzPeg99w13Adt2e9PBJoq4hhouk87xnBg1QrMnL2ubUHvgTaH28J7U -V2hAwiCcSUwlY5zLs0QVUr13cfvvbGwHSU4avP15Xzgn1VKv+PRlfXPriU3HgG4R -td/Fdz7C+sBMwf7lb+fQSqJdJyB9SojHYMdpz3HmYuGJCySgC59iV5LX1i3AWAMo -7CvFSfqdiKSsHUH4Nl2jnduEcq2Q0uODCXIVcsIlNK/KWEE8CoadKLl55Efdc9JJ -miiW+iHwyHsPM6pqVV4F2R9IL4Wl8Rveaplbj/+TGGblVVO293VhswUGeOSLbXx2 -xzFkTUWU/OrmVOLj6aqId6EinWB5oGJaiuKgZt66sLTs1niUnIzOmqi7R/dZ2mUf -QX62MfVWCv8NfkyMhrOft6ggS0Axo4F8fAcIInVXalvs2YScLSWdq54k -=4+bD ------END PGP PUBLIC KEY BLOCK----- diff --git a/misc/RPM-GPG-KEY-qubes-2-unstable b/misc/RPM-GPG-KEY-qubes-2-unstable deleted file mode 100644 index 3d06e366..00000000 --- a/misc/RPM-GPG-KEY-qubes-2-unstable +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.12 (GNU/Linux) - -mQINBFClIUgBEACp0upqK7inupk52+8PHmIZFbm4lkV7IL2S9b285x579s1qysq7 -az0JMekouPzNCu9MGFzSktIWT2ti6JHsGgXmY2PoCMDnBCubx5/nPA2fial7yoKg -ZxzpXGb6ZMtx5GOjXgpryUrNukYwORVR/jZS0noDb8rNnbeKi8R0SgaxRTYyJPvB -ChMl1kVX6R15nHsd43ndkgcgSOGT22f/mxqOka9t2cB3HevfDvEJvz8PMkxRgb3n -GOHFJRLYNIGmSegMllkMjUhZpu1e7T940WC3TWzJfpTNIo1Dsj0GIhGGniebGn/L -BvUrmANxQ5rGMjTFOkSb/vKa/w9ss0OECeIL/K4+A6NQTKXLAoKJYA/bx75Dh2dU -E3H8e4KoYuP3Q1lmLfcU3sX7s/MeszTpYHoUWTKyQXZYJged4ihP/RKz5iHRuAu2 -0fjPdb6RGJYYi/3TDEoVHkkYyL88wETygXeJW2XtBz33ITLyiB3qfxh8eO4tVre2 -QCus0nTpW+dblbfpG1Eb77OJTGlOF3rYx1oEEokochROEstN4bn3fMGMl6zHwBID -tVNPvnQTjrBj7wksvc4xoJNe6Om0kNB7w58l6tCpa/oknW/N9XbwTgm1CI7lMWKD -paieqfJbSYifCHEt0uVzsitoV992xZ8PRoooghGhBGWqTOSC3UDvJuajwwARAQAB -tCdRdWJlcyBPUyBSZWxlYXNlIDIgVW5zdGFibGUgU2lnbmluZyBLZXmJAjgEEwEC -ACIFAlClIUgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECMUDzj1Me+n -h7wP/At7TBmp5R9fDVKulLfHM9xDMwNCjmdDcKNwF7xy7c18uzhOpA7ENzgZWTR1 -lkLrr+OlqXVlThzN1YRgvSx0KghSAIf0wuu8eeNKX+r1QFxEtxNrCobzK4ToNTiT -xuPrycJgJBThj0gfq2jaSYGuhi79HYkgFYiRDOfaTms3hL8+oSq0HmDsu3/JSfse -LAHiXbNyNvn1vpt09JH40me4RNTN0N3pUm9c5+7G0jwcE8OQZkjS7h04rpjbrDQE -DHxadqgkwzP4aJm3l3u/OZF7npI16jpCYpV/mWyDbEj047EN/sJjV3KfuN+AdeAT -9C7HJlGKcobeQztjzJuvzIILuzPewn77d7gua5kezM89nM6TK7T48upizNrCHxbw -l2Z2DdzHfSHMWYT0LS4JAjvUyuu2iTWkMGmh8r3SrAmUecFk2/bP0A2MTb10z17K -mzMzRU/u1n5DEsWlHzkXLmHJCKgid0UHuRbPabPWEK3E0yNid9MBkJWMZTFaALx7 -QMdF7QUc/2mEj2ILuNO4V0KHIBVHDwT+SYGXJ+wPY6nHSo5pIeiSWdNpozvKB24y -8OWc1ST/rA6RaEDajSRMUxEkTtH7rGeueTVMhG8JCWWhmgNeMusg5Jq6OTrSooys -c6EDJsD44QaHrJUn6fXwOuyAgmzjX9p04fga67npSFoNUm7vuQINBFClIUgBEADQ -gWsxXqwIpuLVvcaiIo9pvO3wkt2nzXpLr93vzy+0+DTO11ejRDj9fuIA/9h55Yz5 -8snI9+aIKryDedhY+3/iv1izN9tsWyLms1V0xHdKC0RgmBxtJoHyPVdwgDu/86bd -61zbhZAsaVmtP2vOdRD4dgR8wtTDbKnr9j4S8mRLkPJnjp+9e+H+akVVYbTx+Qki -l5XU7ogZejZnTaAonK/jMsbIUF2d1iFdvkMr1I9xFqqHTLwO0tmH/ZDP/9jcMnf4 -dmVWDA4ykegn9RY+24YZ0mLaZrkDpvtfUrzxcZnvHuLVfROnQzOcIoP27Ut1v9s6 -A1uLq8zxy8+pyHBi/DPz2ae1/fMDNJnZcdo8qQFY2NzRnzL6SRZ1YBzWR8t8B0m4 -AginEa+/61UNNyXjkHzqqkVPv1EZ01c44MhB1P8/HZXF7YX80c6N2TUuGhH9dVRa -5S7JWaee8Ib6MT7Nafn/rmLoXPtU5lLzo1SbcEBHbkZXw365BCzp9X+LfesXF9xj -h4ISrCTcjaE20QoE1cNOsvuiuVK9fRqKsfMxuju0SpvZl5cAGM603WPZBMehbJ8e -i2J4CXHOr7mF/ecAlTAr08nYuQTEEpAx7ad/BtrmHFa8IqEhsEqBNC7xuzwAuPI7 -xiiO7/KgDyS0mJ8Xm+9DMP/1q/QxT7Z4Ni4x2U+/swARAQABiQIfBBgBAgAJBQJQ -pSFIAhsMAAoJECMUDzj1Me+nD80P/0HLsF0BfxPgm/raoYS9Cqve6/aP9pHtAODD -SVGrb//PKAddVqJnsCu0TPbULx0cAYztQHw8n7rAO6iNbrxhOa6kin2vvdO0mVQY -kl3a/bDyo8rP/xyMS8K4EE2DfCL1HSDAS2r37mzi8RZED2Yj9F0aBgTO7rGhSXWt -WsDzsPzP46b8mr8BLQ8NfxKlJFpyIq8DwPEasrS5sKXEVXvnY4ZQMa5C2qzg1+LC -c6lbQHPIOaUnENy9ApBepZT8a09Ol3/2Z75UOe2AM5vynT5iST8fdFJlpI1+Z/hs -b+ZQ2uoMVW+O1VVtq+20o1WQVu9pORIKIq7wbBsIq6mejCC+KIZ5RDUPehs97+sL -il546IMqllX0LP40hBM/JP7vZEknYhkGl/HuJyrhaNi8NI4ryrIO8VL2rSx/1eUP -5Yn7jC5T+7twk6yKnzLZYfAG3F3HMTVrp5QwygBc+xmInwqbgHf4fJgT1WOVelKq -1wfoF7DYRT7+J5gAJboYOvS4cIqXAgeeslW76jRKbaK0X/Fa06fiRw3vGSEWdr+A -r4Kv/RAEB5z4da5MT88CB3OtgiJofnsPb+A+TmjTPcmaV2LHH30U/1aD/3RERBHb -cpKz+AV6MQ/7XpQiusXK14ospdTScEVwruXlCyt0hbqTsijiReNV4lV9nXtfmrEL -L0XnT71B -=o46N ------END PGP PUBLIC KEY BLOCK----- diff --git a/misc/dispvm-dotfiles.tbz b/misc/dispvm-dotfiles.tbz deleted file mode 100644 index 42f0e270..00000000 Binary files a/misc/dispvm-dotfiles.tbz and /dev/null differ diff --git a/misc/dispvm-prerun.sh b/misc/dispvm-prerun.sh deleted file mode 100755 index fc071e74..00000000 --- a/misc/dispvm-prerun.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -apps="evince /usr/libexec/evinced soffice firefox" - -#If user have customized DispVM settings, use its home instead of default dotfiles -if [ -e /rw/home/user/.qubes-dispvm-customized ]; then - cp -af /rw/home/user /home/ -else - cat /etc/dispvm-dotfiles.tbz | tar -xjf- --overwrite -C /home/user --owner user 2>&1 >/tmp/dispvm-dotfiles-errors.log -fi - -for app in $apps ; do - echo "Launching: $app..." - $app >>/tmp/dispvm_prerun_errors.log 2>&1 & -done - -echo "Sleeping..." -PREV_IO=0 -while true; do - IO=`vmstat -D | awk '/read|write/ {IOs+=$1} END {print IOs}'` - if [ $IO -lt $[ $PREV_IO + 50 ] ]; then - break; - fi - PREV_IO=$IO - sleep 1 -done - -ps ax > /tmp/dispvm-prerun-proclist.log - -if [ -e /rw/home/user/.qubes-dispvm-customized ]; then - cp -af /rw/home/user /home/ -else - cat /etc/dispvm-dotfiles.tbz | tar -xjf- --overwrite -C /home/user --owner user 2>&1 >>/tmp/dispvm-dotfiles-errors.log -fi - -echo done. diff --git a/misc/fstab b/misc/fstab deleted file mode 100644 index 9c5101f8..00000000 --- a/misc/fstab +++ /dev/null @@ -1,13 +0,0 @@ -# Accessible filesystems, by reference, are maintained under '/dev/disk' -# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info -# -/dev/mapper/dmroot / ext4 defaults,noatime 1 1 -/dev/xvdb /rw ext4 noauto,defaults,discard 1 2 -/rw/home /home none noauto,bind,defaults 0 0 -/dev/xvdc1 swap swap defaults 0 0 -tmpfs /dev/shm tmpfs defaults 0 0 -devpts /dev/pts devpts gid=5,mode=620 0 0 -sysfs /sys sysfs defaults 0 0 -proc /proc proc defaults 0 0 -xen /proc/xen xenfs defaults 0 0 -/dev/xvdi /mnt/removable auto noauto,user,rw 0 0 diff --git a/misc/nautilus-actions.conf b/misc/nautilus-actions.conf deleted file mode 100644 index 46f5021c..00000000 --- a/misc/nautilus-actions.conf +++ /dev/null @@ -1,7 +0,0 @@ -[runtime] -items-create-root-menu=false -items-add-about-item=false - -[io-provider na-desktop] -readable=true -writable=true diff --git a/misc/org.gnome.settings-daemon.plugins.updates.gschema.override b/misc/org.gnome.settings-daemon.plugins.updates.gschema.override deleted file mode 100644 index c6c7b45a..00000000 --- a/misc/org.gnome.settings-daemon.plugins.updates.gschema.override +++ /dev/null @@ -1,4 +0,0 @@ -[org.gnome.settings-daemon.plugins.updates] -auto-update-type='none' -active=false -frequency-get-updates=0 diff --git a/misc/polkit-1-qubes-allow-all.pkla b/misc/polkit-1-qubes-allow-all.pkla deleted file mode 100644 index 1ff7ded0..00000000 --- a/misc/polkit-1-qubes-allow-all.pkla +++ /dev/null @@ -1,6 +0,0 @@ -[Qubes allow all] -Identity=* -Action=* -ResultAny=yes -ResultInactive=yes -ResultActive=yes diff --git a/misc/qubes.repo b/misc/qubes.repo deleted file mode 100644 index 75dd6003..00000000 --- a/misc/qubes.repo +++ /dev/null @@ -1,20 +0,0 @@ -[qubes-vm-current] -name = Qubes OS Repository for VM (updates) -baseurl = http://yum.qubes-os.org/r2/current/vm/fc$releasever -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-2-primary -gpgcheck = 1 - -[qubes-vm-current-testing] -name = Qubes OS Repository for VM (updates-testing) -baseurl = http://yum.qubes-os.org/r2/current-testing/vm/fc$releasever -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-2-primary -gpgcheck = 1 -enabled=0 - -[qubes-vm-unstable] -name = Qubes OS Repository for VM (unstable) -baseurl = http://yum.qubes-os.org/r2/unstable/vm/fc$releasever -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-2-unstable -gpgcheck = 1 -enabled=0 - diff --git a/misc/qubes.sudoers b/misc/qubes.sudoers deleted file mode 100644 index 8087a90a..00000000 --- a/misc/qubes.sudoers +++ /dev/null @@ -1,46 +0,0 @@ -user ALL=(ALL) NOPASSWD: ALL - -# WTF?! Have you lost your mind?! -# -# In Qubes VMs there is no point in isolating the root account from -# the user account. This is because all the user data are already -# accessible from the user account, so there is no direct benefit for -# the attacker if she could escalate to root (there is even no benefit -# in trying to install some persistent rootkits, as the VM's root -# filesystem modifications are lost upon each start of a VM). -# -# One might argue that some hypothetical attacks against the -# hypervisor or the few daemons/backends in Dom0 (so VM escape -# attacks) most likely would require root access in the VM to trigger -# the attack. -# -# That's true, but mere existence of such a bug in the hypervisor or -# Dom0 that could be exploited by a malicious VM, no matter whether -# requiring user, root, or even kernel access in the VM, would be -# FATAL. In such situation (if there was such a bug in Xen) there -# really is no comforting that: "oh, but the mitigating factor was -# that the attacker needed root in VM!" We're not M$, and we're not -# gonna BS our users that there are mitigating factors in that case, -# and for sure, root/user isolation is not a mitigating factor. -# -# Because, really, if somebody could find and exploit a bug in the Xen -# hypervisor -- so far there have been only one (!) publicly disclosed -# exploitable bug in the Xen hypervisor from a VM, found in 2008, -# incidentally by one of the Qubes developers (RW) -- then it would be -# highly unlikely if that person couldn't also found a user-to-root -# escalation in VM (which as we know from history of UNIX/Linux -# happens all the time). -# -# At the same time allowing for easy user-to-root escalation in a VM -# is simply convenient for users, especially for update installation. -# -# Currently this still doesn't work as expected, because some idotic -# piece of software called PolKit uses own set of policies. We're -# planning to address this in Beta 2. (Why PolKit is an idiocy? Do a -# simple experiment: start 'xinput test' in one xterm, running as -# user, then open some app that uses PolKit and asks for root -# password, e.g. gpk-update-viewer -- observe how all the keystrokes -# with root password you enter into the "secure" PolKit dialog box can -# be seen by the xinput program...) -# -# joanna. diff --git a/misc/qubes_core.modules b/misc/qubes_core.modules deleted file mode 100755 index 42ce0fb3..00000000 --- a/misc/qubes_core.modules +++ /dev/null @@ -1,3 +0,0 @@ -modprobe evtchn 2>/dev/null || modprobe xen-evtchn -modprobe xen-blkback 2> /dev/null || modprobe blkbk -modprobe xen-usbfront 2> /dev/null diff --git a/misc/qubes_download_dom0_updates.sh b/misc/qubes_download_dom0_updates.sh deleted file mode 100755 index de869c55..00000000 --- a/misc/qubes_download_dom0_updates.sh +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/bash - -DOM0_UPDATES_DIR=/var/lib/qubes/dom0-updates - -DOIT=0 -GUI=1 -CLEAN=0 -CHECK_ONLY=0 -OPTS="--installroot $DOM0_UPDATES_DIR --config=$DOM0_UPDATES_DIR/etc/yum.conf" -PKGLIST= -while [ -n "$1" ]; do - case "$1" in - --doit) - DOIT=1 - ;; - --nogui) - GUI=0 - ;; - --gui) - GUI=1 - ;; - --clean) - CLEAN=1 - ;; - --check-only) - CHECK_ONLY=1 - ;; - -*) - OPTS="$OPTS $1" - ;; - *) - PKGLIST="$PKGLIST $1" - ;; - esac - shift -done - -if ! [ -d "$DOM0_UPDATES_DIR" ]; then - echo "Dom0 updates dir does not exists: $DOM0_UPDATES_DIR" >&2 - exit 1 -fi - -mkdir -p $DOM0_UPDATES_DIR/etc -sed -i '/^reposdir\s*=/d' $DOM0_UPDATES_DIR/etc/yum.conf - -# Rebuild rpm database in case of different rpm version -rm -f $DOM0_UPDATES_DIR/var/lib/rpm/__* -rpm --root=$DOM0_UPDATES_DIR --rebuilddb - -if [ "$CLEAN" = "1" ]; then - yum $OPTS clean all - rm -f $DOM0_UPDATES_DIR/packages/* -fi - -if [ "x$PKGLIST" = "x" ]; then - echo "Checking for dom0 updates..." >&2 - PKGLIST=`yum $OPTS check-update -q | cut -f 1 -d ' '` -else - PKGS_FROM_CMDLINE=1 -fi - -if [ -z "$PKGLIST" ]; then - # No new updates - if [ "$GUI" = 1 ]; then - zenity --info --text="No new updates available" - fi - exit 0 -fi - -if [ "$CHECK_ONLY" = "1" ]; then - echo "Available updates: $PKGLIST" - exit 100 -fi - -if [ "$DOIT" != "1" -a "$PKGS_FROM_CMDLINE" != "1" ]; then - zenity --question --title="Qubes Dom0 updates" \ - --text="There are updates for dom0 available, do you want to download them now?" || exit 0 -fi - -if [ "$PKGS_FROM_CMDLINE" == 1 ]; then - GUI=0 -fi - -mkdir -p "$DOM0_UPDATES_DIR/packages" - -set -e - -if [ "$GUI" = 1 ]; then - ( echo "1" - yumdownloader --resolve --destdir "$DOM0_UPDATES_DIR/packages" $OPTS $PKGLIST - echo 100 ) | zenity --progress --pulsate --auto-close --auto-kill \ - --text="Downloading updates for Dom0, please wait..." --title="Qubes Dom0 updates" -else - yumdownloader --resolve --destdir "$DOM0_UPDATES_DIR/packages" $OPTS $PKGLIST -fi - -if ls $DOM0_UPDATES_DIR/packages/*.rpm > /dev/null 2>&1; then - /usr/lib/qubes/qrexec_client_vm dom0 qubes.ReceiveUpdates /usr/lib/qubes/qfile-agent $DOM0_UPDATES_DIR/packages/*.rpm -else - echo "No packages downloaded" -fi diff --git a/misc/qubes_misc.modules b/misc/qubes_misc.modules deleted file mode 100755 index 4af1be34..00000000 --- a/misc/qubes_misc.modules +++ /dev/null @@ -1 +0,0 @@ -modprobe dummy-hcd 2>/dev/null || true diff --git a/misc/qubes_misc.rules b/misc/qubes_misc.rules deleted file mode 100644 index cf69b73b..00000000 --- a/misc/qubes_misc.rules +++ /dev/null @@ -1,2 +0,0 @@ -SUBSYSTEM=="memory", ACTION=="add", ATTR{state}=="offline", ATTR{state}="online" -KERNEL=="xen/evtchn", MODE="0666" diff --git a/misc/qubes_serial_login b/misc/qubes_serial_login deleted file mode 100755 index 09f68021..00000000 --- a/misc/qubes_serial_login +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -if /bin/ls -l /proc/self/fd/0 | grep -q /dev/hvc0 ; then - exec su - $2 - exit -else - exec /bin/login "$@" -fi diff --git a/misc/qubes_trigger_sync_appmenus.action b/misc/qubes_trigger_sync_appmenus.action deleted file mode 100644 index ad56a8f2..00000000 --- a/misc/qubes_trigger_sync_appmenus.action +++ /dev/null @@ -1 +0,0 @@ -*:any:/usr/lib/qubes/qubes_trigger_sync_appmenus.sh diff --git a/misc/qubes_trigger_sync_appmenus.sh b/misc/qubes_trigger_sync_appmenus.sh deleted file mode 100755 index e848ea34..00000000 --- a/misc/qubes_trigger_sync_appmenus.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -UPDATEABLE=`/usr/bin/xenstore-read qubes_vm_updateable` - -if [ "$UPDATEABLE" = "True" ]; then - /usr/lib/qubes/qrexec_client_vm dom0 qubes.SyncAppMenus /bin/sh /etc/qubes_rpc/qubes.GetAppmenus -fi diff --git a/misc/serial.conf b/misc/serial.conf deleted file mode 100644 index 48930a43..00000000 --- a/misc/serial.conf +++ /dev/null @@ -1,21 +0,0 @@ -# Automatically start a configured serial console -# -# How this works: -# -# On boot, a udev helper examines /dev/console. If a serial console is the -# primary console (last console on the commandline in grub), the event -# 'fedora.serial-console-available ' is emitted, which -# triggers this script. It waits for the runlevel to finish, ensures -# the proper port is in /etc/securetty, and starts the getty. -# -# If your serial console is not the primary console, or you want a getty -# on serial even if it's not the console, create your own event by copying -# /etc/init/tty.conf, and changing the getty line in that file. - -start on fedora.serial-console-available DEV=* and stopped rc RUNLEVEL=[2345] -stop on runlevel [016] - -instance $DEV -respawn -pre-start exec /sbin/securetty $DEV -exec /sbin/agetty -l /sbin/qubes_serial_login /dev/$DEV $SPEED vt100-nav diff --git a/misc/xenstore-watch.c b/misc/xenstore-watch.c deleted file mode 100644 index 497ed294..00000000 --- a/misc/xenstore-watch.c +++ /dev/null @@ -1,28 +0,0 @@ -#include -#include -#include -#include -main(int argc, char **argv) -{ - struct xs_handle *xs; - unsigned int count; - char **vec; - char dummy; - if (argc != 2) { - fprintf(stderr, "usage: %s xenstore_path\n", argv[0]); - exit(1); - } - xs = xs_domain_open(); - if (!xs) { - perror("xs_domain_open"); - exit(1); - } - if (!xs_watch(xs, argv[1], &dummy)) { - perror("xs_watch"); - exit(1); - } - vec = xs_read_watch(xs, &count); - free(vec); - vec = xs_read_watch(xs, &count); - free(vec); -} diff --git a/misc/xorg-preload-apps.conf b/misc/xorg-preload-apps.conf deleted file mode 100644 index afa479bc..00000000 --- a/misc/xorg-preload-apps.conf +++ /dev/null @@ -1,30 +0,0 @@ -Section "ServerLayout" - Identifier "Default Layout" - Screen 0 "Screen0" 0 0 -EndSection - -Section "Device" - Identifier "Videocard0" - Driver "dummy" - VideoRam 4001 -EndSection - -Section "Monitor" - Identifier "Monitor0" - HorizSync 49-50 - VertRefresh 62-63 - Modeline "QB1280x800" 64 1280 1281 1282 1283 800 801 802 803 -EndSection - -Section "Screen" - Identifier "Screen0" - Device "Videocard0" - Monitor "Monitor0" - DefaultDepth 24 - SubSection "Display" - Viewport 0 0 - Depth 24 - Modes "QB1280x800" - EndSubSection -EndSection - diff --git a/misc/yum-qubes-hooks.conf b/misc/yum-qubes-hooks.conf deleted file mode 100644 index 8e4d76c7..00000000 --- a/misc/yum-qubes-hooks.conf +++ /dev/null @@ -1,2 +0,0 @@ -[main] -enabled=1 diff --git a/misc/yum-qubes-hooks.py b/misc/yum-qubes-hooks.py deleted file mode 100644 index 9d851bf9..00000000 --- a/misc/yum-qubes-hooks.py +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/python -# -# The Qubes OS Project, http://www.qubes-os.org -# -# Copyright (C) 2012 Marek Marczykowski -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# - - -from yum.plugins import TYPE_CORE -from yum.constants import * -import subprocess - -requires_api_version = '2.4' -plugin_type = (TYPE_CORE,) - -def posttrans_hook(conduit): - # Get all updates available _before_ this transaction - pkg_list = conduit._base.doPackageLists(pkgnarrow='updates') - - # Get packages installed in this transaction... - ts = conduit.getTsInfo() - all = ts.getMembers() - # ...and filter them out of available updates - filtered_updates = filter(lambda x: x not in all, pkg_list.updates) - - # Notify dom0 about left updates count - subprocess.call(['/usr/lib/qubes/qrexec_client_vm', 'dom0', 'qubes.NotifyUpdates', '/bin/echo', str(len(filtered_updates))]) diff --git a/network/30-qubes_external_ip b/network/30-qubes_external_ip deleted file mode 100755 index 66ae5269..00000000 --- a/network/30-qubes_external_ip +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -if [ x$2 == xup ]; then - INET=$(/sbin/ip addr show dev $1 | /bin/grep inet) - /usr/bin/xenstore-write qubes_netvm_external_ip "$INET" -fi -if [ x$2 == xdown ]; then - /usr/bin/xenstore-write qubes_netvm_external_ip "" -fi diff --git a/network/filter-qubes-yum b/network/filter-qubes-yum deleted file mode 100644 index 828010ea..00000000 --- a/network/filter-qubes-yum +++ /dev/null @@ -1,6 +0,0 @@ -/repodata/[A-Za-z0-9-]*\(primary\|filelists\|comps\(-[a-z0-9]*\)\?\|other\|prestodelta\|updateinfo\|pkgtags\)\.\(sqlite\|xml\)\(\.bz2\|\.gz\)\?$ -/repodata/repomd\.xml$ -\.rpm$ -\.drpm$ -^mirrors\.fedoraproject\.org:443$ -^http://mirrors\..*/mirrorlist\? diff --git a/network/network-manager-prepare-conf-dir b/network/network-manager-prepare-conf-dir deleted file mode 100755 index bfb6dee2..00000000 --- a/network/network-manager-prepare-conf-dir +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -NM_CONFIG_DIR=/etc/NetworkManager/system-connections -if [ -d $NM_CONFIG_DIR -a ! -h $NM_CONFIG_DIR ]; then - mkdir -p /rw/config/NM-system-connections - mv $NM_CONFIG_DIR/* /rw/config/NM-system-connections/ 2> /dev/null || true - rmdir $NM_CONFIG_DIR - ln -s /rw/config/NM-system-connections $NM_CONFIG_DIR -fi - -exit 0 diff --git a/network/qubes.repo b/network/qubes.repo deleted file mode 100644 index 5f86a878..00000000 --- a/network/qubes.repo +++ /dev/null @@ -1,12 +0,0 @@ -[qubes-netvm] -name = Qubes OS Repository for NetVM -baseurl = http://qubes-os.org/yum/r1/netvm/rpm -gpgkey = http://qubes-os.org/keys/qubes-release-1-signing-key.asc -gpgcheck = 1 - -[qubes-netvm-testing] -name = Qubes OS Repository for NetVM -baseurl = http://qubes-os.org/yum/r1-testing/netvm/rpm -gpgkey = http://qubes-os.org/keys/qubes-release-1-signing-key.asc -gpgcheck = 1 -enabled=0 diff --git a/network/qubes_firewall b/network/qubes_firewall deleted file mode 100755 index 30670b82..00000000 --- a/network/qubes_firewall +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -set -e - -PIDFILE=/var/run/qubes/qubes_firewall.pid -XENSTORE_IPTABLES=qubes_iptables -XENSTORE_IPTABLES_HEADER=qubes_iptables_header -XENSTORE_ERROR=qubes_iptables_error -OLD_RULES="" -# PIDfile handling -[[ -e $PIDFILE ]] && kill -s 0 $(<$PIDFILE) 2>/dev/null && exit 0 -echo $$ >$PIDFILE - -trap 'exit 0' SIGTERM - -FIRST_TIME=yes - -while true; do - - echo "1" > /proc/sys/net/ipv4/ip_forward - - if [ "$FIRST_TIME" ]; then - FIRST_TIME= - TRIGGER=reload - else - # Wait for changes in xenstore file - /usr/bin/xenstore-watch-qubes $XENSTORE_IPTABLES - TRIGGER=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES) - fi - - if ! [ "$TRIGGER" = "reload" ]; then continue ; fi - - # Disable forarding to prevent potential "leaks" that might - # be bypassing the firewall or some proxy service (e.g. tor) - # during the time when the rules are being (re)applied - echo "0" > /proc/sys/net/ipv4/ip_forward - - RULES=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES_HEADER) - IPTABLES_SAVE=$(/sbin/iptables-save | sed '/^\*filter/,/^COMMIT/d') - OUT=`echo -e "$RULES\n$IPTABLES_SAVE" | /sbin/iptables-restore 2>&1 || true` - - for i in $(xenstore-list qubes_iptables_domainrules) ; do - RULES=$(/usr/bin/xenstore-read qubes_iptables_domainrules/"$i") - ERRS=`echo -e "$RULES" | /sbin/iptables-restore -n 2>&1 || true` - OUT="$OUT$ERRS" - done - /usr/bin/xenstore-write $XENSTORE_ERROR "$OUT" - if [ "$OUT" ]; then - DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || : - fi - - # Check if user didn't define some custom rules to be applied as well... - [ -x /rw/config/qubes_firewall_user_script ] && /rw/config/qubes_firewall_user_script -done diff --git a/network/qubes_fix_nm_conf.sh b/network/qubes_fix_nm_conf.sh deleted file mode 100755 index 9f1eca7b..00000000 --- a/network/qubes_fix_nm_conf.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -FILE=/etc/NetworkManager/NetworkManager.conf -VIFMAC=mac:fe:ff:ff:ff:ff:ff -if ! grep -q ^plugins.*keyfile $FILE ; then - sed -i 's/^plugins.*$/&,keyfile/' $FILE -fi -if grep -q ^plugins.*ifcfg-rh $FILE ; then - sed -i 's/^plugins=\(.*\)ifcfg-rh,\(.*\)$/plugins=\1\2/' $FILE -fi -if ! grep -q '^\[keyfile\]$' $FILE ; then - echo '[keyfile]' >> $FILE -fi -if ! grep -q ^unmanaged-devices $FILE ; then - sed -i 's/^\[keyfile\]$/\[keyfile\]\x0aunmanaged-devices='$VIFMAC/ $FILE -fi -if ! grep -q ^unmanaged-devices.*$VIFMAC $FILE ; then - sed -i 's/^unmanaged-devices.*$/&,'$VIFMAC/ $FILE -fi -exit 0 diff --git a/network/qubes_netwatcher b/network/qubes_netwatcher deleted file mode 100755 index 63a2dae5..00000000 --- a/network/qubes_netwatcher +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -set -e - -PIDFILE=/var/run/qubes/qubes_netwatcher.pid -CURR_NETCFG="" - -# PIDfile handling -[[ -e $PIDFILE ]] && kill -s 0 $(<$PIDFILE) 2>/dev/null && exit 0 -echo $$ >$PIDFILE - -trap 'exit 0' SIGTERM - -while true; do - NET_DOMID=$(/usr/bin/xenstore-read qubes_netvm_domid || :) - if [[ -n "$NET_DOMID" ]] && [[ $NET_DOMID -gt 0 ]]; then - UNTRUSTED_NETCFG=$(/usr/bin/xenstore-read /local/domain/$NET_DOMID/qubes_netvm_external_ip || :) - # UNTRUSTED_NETCFG is not parsed in any way - # thus, no sanitization ready - # but be careful when passing it to other shell scripts - if [[ "$UNTRUSTED_NETCFG" != "$CURR_NETCFG" ]]; then - /sbin/service qubes-firewall stop - /sbin/service qubes-firewall start - CURR_NETCFG="$UNTRUSTED_NETCFG" - /usr/bin/xenstore-write qubes_netvm_external_ip "$CURR_NETCFG" - fi - - /usr/bin/xenstore-watch -n 3 /local/domain/$NET_DOMID/qubes_netvm_external_ip qubes_netvm_domid - else - /usr/bin/xenstore-watch -n 2 qubes_netvm_domid - fi -done diff --git a/network/qubes_network.rules b/network/qubes_network.rules deleted file mode 100644 index 077c8411..00000000 --- a/network/qubes_network.rules +++ /dev/null @@ -1,2 +0,0 @@ - -SUBSYSTEMS=="xen", KERNEL=="eth*", ACTION=="add", RUN+="/usr/lib/qubes/setup_ip" diff --git a/network/qubes_nmhook b/network/qubes_nmhook deleted file mode 100755 index b9028de8..00000000 --- a/network/qubes_nmhook +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -/usr/lib/qubes/qubes_setup_dnat_to_ns diff --git a/network/qubes_setup_dnat_to_ns b/network/qubes_setup_dnat_to_ns deleted file mode 100755 index ef6a6dd1..00000000 --- a/network/qubes_setup_dnat_to_ns +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -addrule() -{ - if [ $FIRSTONE = yes ] ; then - FIRSTONE=no - RULE1="-A PR-QBS -d $NS1 -p udp --dport 53 -j DNAT --to $1" - else - RULE2="-A PR-QBS -d $NS2 -p udp --dport 53 -j DNAT --to $1" - NS=$NS2 - fi -} -export PATH=$PATH:/sbin:/bin -source /var/run/qubes/qubes_ns -if [ "X"$NS1 = "X" ] ; then exit ; fi -iptables -t nat -F PR-QBS -FIRSTONE=yes -grep ^nameserver /etc/resolv.conf | grep -v ":.*:" | head -2 | - ( - while read x y z ; do - addrule "$y" - done - (echo "*nat"; echo $RULE1; echo $RULE2; echo COMMIT) | iptables-restore -n - ) - diff --git a/network/setup_ip b/network/setup_ip deleted file mode 100755 index 1627f3e0..00000000 --- a/network/setup_ip +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh - -ip=`/usr/bin/xenstore-read qubes_ip 2> /dev/null` -if [ x$ip != x ]; then - netmask=`/usr/bin/xenstore-read qubes_netmask` - gateway=`/usr/bin/xenstore-read qubes_gateway` - secondary_dns=`/usr/bin/xenstore-read qubes_secondary_dns` - /sbin/ifconfig $INTERFACE $ip netmask 255.255.255.255 - /sbin/ifconfig $INTERFACE up - /sbin/route add -host $gateway dev $INTERFACE - /sbin/route add default gw $gateway - /sbin/ethtool -K $INTERFACE sg off - /sbin/ethtool -K $INTERFACE tx off - echo "nameserver $gateway" > /etc/resolv.conf - echo "nameserver $secondary_dns" >> /etc/resolv.conf - network=$(/usr/bin/xenstore-read qubes_netvm_network 2>/dev/null) - if [ "x$network" != "x" ]; then - gateway=$(/usr/bin/xenstore-read qubes_netvm_gateway) - netmask=$(/usr/bin/xenstore-read qubes_netvm_netmask) - secondary_dns=$(/usr/bin/xenstore-read qubes_netvm_secondary_dns) - echo "NS1=$gateway" > /var/run/qubes/qubes_ns - echo "NS2=$secondary_dns" >> /var/run/qubes/qubes_ns - /usr/lib/qubes/qubes_setup_dnat_to_ns - [ -x /rw/config/qubes_ip_change_hook ] && /rw/config/qubes_ip_change_hook - fi - -fi diff --git a/network/tinyproxy-qubes-yum.conf b/network/tinyproxy-qubes-yum.conf deleted file mode 100644 index 43b5082f..00000000 --- a/network/tinyproxy-qubes-yum.conf +++ /dev/null @@ -1,30 +0,0 @@ -User tinyproxy -Group tinyproxy -Port 8082 -Timeout 60 -DefaultErrorFile "/usr/share/tinyproxy/default.html" - -#StatHost "tinyproxy.stats" -StatFile "/usr/share/tinyproxy/stats.html" -Syslog On -LogLevel Notice -PidFile "/var/run/tinyproxy/tinyproxy-qubes-yum.pid" - -MaxClients 50 -MinSpareServers 2 -MaxSpareServers 10 -StartServers 2 -MaxRequestsPerChild 0 -ViaProxyName "tinyproxy" - -Allow 127.0.0.1 -Allow 10.137.0.0/16 - - -Filter "/etc/tinyproxy/filter-qubes-yum" -FilterURLs On -#FilterExtended On -#FilterCaseSensitive On -FilterDefaultDeny Yes -ConnectPort 443 - diff --git a/qubes_rpc/.gitignore b/qubes_rpc/.gitignore deleted file mode 100644 index 283f264d..00000000 --- a/qubes_rpc/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -qubes_add_pendrive_script -qubes_penctl -qvm-open-in-dvm -dvm_file_editor -qfile-agent -qfile-agent-dvm -qfile-unpacker -qopen-in-vm -vm-file-editor diff --git a/qubes_rpc/Makefile b/qubes_rpc/Makefile deleted file mode 100644 index a592d1c4..00000000 --- a/qubes_rpc/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -CC=gcc -CFLAGS=-g -Wall -I. -fPIC -pie -all: vm-file-editor qopen-in-vm qfile-agent qfile-unpacker -vm-file-editor: vm-file-editor.o ioall.o - $(CC) -pie -g -o $@ $^ -qopen-in-vm: qopen-in-vm.o ioall.o gui-fatal.o - $(CC) -pie -g -o $@ $^ -qfile-agent: qfile-agent.o ioall.o gui-fatal.o copy_file.o crc32.o - $(CC) -pie -g -o $@ $^ -qfile-unpacker: qfile-unpacker.o ioall.o gui-fatal.o copy_file.o unpack.o crc32.o - $(CC) -pie -g -o $@ $^ - -clean: - rm -f qopen-in-vm qfile-agent qfile-unpacker vm-file-editor *.o *~ diff --git a/qubes_rpc/dvm2.h b/qubes_rpc/dvm2.h deleted file mode 100644 index 0e5922cd..00000000 --- a/qubes_rpc/dvm2.h +++ /dev/null @@ -1,2 +0,0 @@ -#define DVM_FILENAME_SIZE 256 -#define DVM_SPOOL "/home/user/.dvmspool" diff --git a/qubes_rpc/gui-fatal.c b/qubes_rpc/gui-fatal.c deleted file mode 100644 index 40634acc..00000000 --- a/qubes_rpc/gui-fatal.c +++ /dev/null @@ -1,55 +0,0 @@ -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include - -static void fix_display() -{ - setenv("DISPLAY", ":0", 1); -} - -static void produce_message(char * type, const char *fmt, va_list args) -{ - char *dialog_msg; - char buf[1024]; - (void) vsnprintf(buf, sizeof(buf), fmt, args); - asprintf(&dialog_msg, "%s: %s: %s (error type: %s)", - program_invocation_short_name, type, buf, strerror(errno)); - fprintf(stderr, "%s", dialog_msg); - switch (fork()) { - case -1: - exit(1); //what else - case 0: - fix_display(); -#ifdef USE_KDIALOG - execlp("kdialog", "kdialog", "--sorry", dialog_msg, NULL); -#else - - execlp("zenity", "zenity", "--error", "--text", dialog_msg, NULL); -#endif - exit(1); - default:; - } -} - -void gui_fatal(const char *fmt, ...) -{ - va_list args; - va_start(args, fmt); - produce_message("Fatal error", fmt, args); - va_end(args); - exit(1); -} - -void gui_nonfatal(const char *fmt, ...) -{ - va_list args; - va_start(args, fmt); - produce_message("Information", fmt, args); - va_end(args); -} diff --git a/qubes_rpc/gui-fatal.h b/qubes_rpc/gui-fatal.h deleted file mode 100644 index de9799f9..00000000 --- a/qubes_rpc/gui-fatal.h +++ /dev/null @@ -1,2 +0,0 @@ -void gui_fatal(const char *fmt, ...); -void gui_nonfatal(const char *fmt, ...); diff --git a/qubes_rpc/prepare-suspend b/qubes_rpc/prepare-suspend deleted file mode 100755 index 4df1122e..00000000 --- a/qubes_rpc/prepare-suspend +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -action=$1 -[ -z "$action" ] && action=suspend - -if [ x"$action" == x"suspend" ]; then - nmcli nm sleep true || service NetworkManager stop - # Force interfaces down, just in case when NM didn't done it - for if in `ls /sys/class/net|grep -v "lo\|vif"`; do - ip l s $if down - done - modprobe -r uhci_hcd ehci_hcd -else - modprobe ehci_hcd; modprobe uhci_hcd; - nmcli nm sleep false || { [ -x /bin/systemctl ] && systemctl start NetworkManager.service; } || service qubes_core_netvm start -fi diff --git a/qubes_rpc/qfile-agent.c b/qubes_rpc/qfile-agent.c deleted file mode 100644 index 1d6bcddc..00000000 --- a/qubes_rpc/qfile-agent.c +++ /dev/null @@ -1,251 +0,0 @@ -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "filecopy.h" -#include "crc32.h" - -enum { - PROGRESS_FLAG_NORMAL, - PROGRESS_FLAG_INIT, - PROGRESS_FLAG_DONE -}; - -unsigned long crc32_sum; -int write_all_with_crc(int fd, void *buf, int size) -{ - crc32_sum = Crc32_ComputeBuf(crc32_sum, buf, size); - return write_all(fd, buf, size); -} - -void do_notify_progress(long long total, int flag) -{ - char *du_size_env = getenv("FILECOPY_TOTAL_SIZE"); - char *progress_type_env = getenv("PROGRESS_TYPE"); - char *saved_stdout_env = getenv("SAVED_FD_1"); - if (!progress_type_env) - return; - if (!strcmp(progress_type_env, "console") && du_size_env) { - char msg[256]; - snprintf(msg, sizeof(msg), "sent %lld/%lld KB\r", - total / 1024, strtoull(du_size_env, NULL, 0)); - write(2, msg, strlen(msg)); - if (flag == PROGRESS_FLAG_DONE) - write(2, "\n", 1); - } - if (!strcmp(progress_type_env, "gui") && saved_stdout_env) { - char msg[256]; - snprintf(msg, sizeof(msg), "%lld\n", total); - write(strtoul(saved_stdout_env, NULL, 0), msg, - strlen(msg)); - } -} - -void wait_for_result() -{ - struct result_header hdr; - - if (!read_all(0, &hdr, sizeof(hdr))) { - if (errno == EAGAIN) { - // no result sent and stdin still open - return; - } else { - // other read error or EOF - exit(1); // hopefully remote has produced error message - } - } - if (hdr.error_code != 0) { - switch (hdr.error_code) { - case EEXIST: - gui_fatal("File copy: not overwriting existing file. Clean QubesIncoming dir, and retry copy"); - break; - case EINVAL: - gui_fatal("File copy: Corrupted data from packer"); - break; - default: - gui_fatal("File copy: %s", - strerror(hdr.error_code)); - } - } - if (hdr.crc32 != crc32_sum) { - gui_fatal("File transfer failed: checksum mismatch"); - } -} - -void notify_progress(int size, int flag) -{ - static long long total = 0; - static long long prev_total = 0; - total += size; - if (total > prev_total + PROGRESS_NOTIFY_DELTA - || (flag != PROGRESS_FLAG_NORMAL)) { - // check for possible error from qfile-unpacker; if error occured, - // exit() will be called, so don't bother with current state - // (notify_progress can be called as callback from copy_file()) - if (flag == PROGRESS_FLAG_NORMAL) - wait_for_result(); - do_notify_progress(total, flag); - prev_total = total; - } -} - -void write_headers(struct file_header *hdr, char *filename) -{ - if (!write_all_with_crc(1, hdr, sizeof(*hdr)) - || !write_all_with_crc(1, filename, hdr->namelen)) { - set_block(0); - wait_for_result(); - exit(1); - } -} - -int single_file_processor(char *filename, struct stat *st) -{ - struct file_header hdr; - int fd; - mode_t mode = st->st_mode; - - hdr.namelen = strlen(filename) + 1; - hdr.mode = mode; - hdr.atime = st->st_atim.tv_sec; - hdr.atime_nsec = st->st_atim.tv_nsec; - hdr.mtime = st->st_mtim.tv_sec; - hdr.mtime_nsec = st->st_mtim.tv_nsec; - - if (S_ISREG(mode)) { - int ret; - fd = open(filename, O_RDONLY); - if (fd < 0) - gui_fatal("open %s", filename); - hdr.filelen = st->st_size; - write_headers(&hdr, filename); - ret = copy_file(1, fd, hdr.filelen, &crc32_sum); - if (ret != COPY_FILE_OK) { - if (ret != COPY_FILE_WRITE_ERROR) - gui_fatal("Copying file %s: %s", filename, - copy_file_status_to_str(ret)); - else { - set_block(0); - wait_for_result(); - exit(1); - } - } - close(fd); - } - if (S_ISDIR(mode)) { - hdr.filelen = 0; - write_headers(&hdr, filename); - } - if (S_ISLNK(mode)) { - char name[st->st_size + 1]; - if (readlink(filename, name, sizeof(name)) != st->st_size) - gui_fatal("readlink %s", filename); - hdr.filelen = st->st_size + 1; - write_headers(&hdr, filename); - if (!write_all_with_crc(1, name, st->st_size + 1)) { - set_block(0); - wait_for_result(); - exit(1); - } - } - // check for possible error from qfile-unpacker - wait_for_result(); - return 0; -} - -int do_fs_walk(char *file) -{ - char *newfile; - struct stat st; - struct dirent *ent; - DIR *dir; - - if (lstat(file, &st)) - gui_fatal("stat %s", file); - single_file_processor(file, &st); - if (!S_ISDIR(st.st_mode)) - return 0; - dir = opendir(file); - if (!dir) - gui_fatal("opendir %s", file); - while ((ent = readdir(dir))) { - char *fname = ent->d_name; - if (!strcmp(fname, ".") || !strcmp(fname, "..")) - continue; - asprintf(&newfile, "%s/%s", file, fname); - do_fs_walk(newfile); - free(newfile); - } - closedir(dir); - // directory metadata is resent; this makes the code simple, - // and the atime/mtime is set correctly at the second time - single_file_processor(file, &st); - return 0; -} - -void notify_end_and_wait_for_result() -{ - struct file_header end_hdr; - - /* nofity end of transfer */ - memset(&end_hdr, 0, sizeof(end_hdr)); - end_hdr.namelen = 0; - end_hdr.filelen = 0; - write_all_with_crc(1, &end_hdr, sizeof(end_hdr)); - - set_block(0); - wait_for_result(); -} - -char *get_abs_path(char *cwd, char *pathname) -{ - char *ret; - if (pathname[0] == '/') - return strdup(pathname); - asprintf(&ret, "%s/%s", cwd, pathname); - return ret; -} - -int main(int argc, char **argv) -{ - int i; - char *entry; - char *cwd; - char *sep; - - signal(SIGPIPE, SIG_IGN); - // this will allow checking for possible feedback packet in the middle of transfer - set_nonblock(0); - notify_progress(0, PROGRESS_FLAG_INIT); - crc32_sum = 0; - cwd = getcwd(NULL, 0); - for (i = 1; i < argc; i++) { - entry = get_abs_path(cwd, argv[i]); - - do { - sep = rindex(entry, '/'); - if (!sep) - gui_fatal - ("Internal error: nonabsolute filenames not allowed"); - *sep = 0; - } while (sep[1] == 0); - if (entry[0] == 0) - chdir("/"); - else if (chdir(entry)) - gui_fatal("chdir to %s", entry); - do_fs_walk(sep + 1); - free(entry); - } - notify_end_and_wait_for_result(); - notify_progress(0, PROGRESS_FLAG_DONE); - return 0; -} diff --git a/qubes_rpc/qfile-unpacker.c b/qubes_rpc/qfile-unpacker.c deleted file mode 100644 index abdc9f2b..00000000 --- a/qubes_rpc/qfile-unpacker.c +++ /dev/null @@ -1,56 +0,0 @@ -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "filecopy.h" -#define INCOMING_DIR_ROOT "/home/user/QubesIncoming" -int prepare_creds_return_uid(char *username) -{ - struct passwd *pwd; - pwd = getpwnam(username); - if (!pwd) { - perror("getpwnam"); - exit(1); - } - setenv("HOME", pwd->pw_dir, 1); - setenv("USER", username, 1); - setgid(pwd->pw_gid); - initgroups(username, pwd->pw_gid); - setfsuid(pwd->pw_uid); - return pwd->pw_uid; -} - -extern int do_unpack(void); - -int main(int argc, char ** argv) -{ - char *incoming_dir; - int uid; - char *remote_domain; - - uid = prepare_creds_return_uid("user"); - - remote_domain = getenv("QREXEC_REMOTE_DOMAIN"); - if (!remote_domain) { - gui_fatal("Cannot get remote domain name"); - exit(1); - } - mkdir(INCOMING_DIR_ROOT, 0700); - asprintf(&incoming_dir, "%s/%s", INCOMING_DIR_ROOT, remote_domain); - mkdir(incoming_dir, 0700); - if (chdir(incoming_dir)) - gui_fatal("Error chdir to %s", incoming_dir); - if (chroot(incoming_dir)) //impossible - gui_fatal("Error chroot to %s", incoming_dir); - setuid(uid); - return do_unpack(); -} diff --git a/qubes_rpc/qopen-in-vm.c b/qubes_rpc/qopen-in-vm.c deleted file mode 100644 index 80f99c31..00000000 --- a/qubes_rpc/qopen-in-vm.c +++ /dev/null @@ -1,103 +0,0 @@ -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "dvm2.h" - -void send_file(char *fname) -{ - char *base; - int fd = open(fname, O_RDONLY); - if (fd < 0) - gui_fatal("open %s", fname); - base = rindex(fname, '/'); - if (!base) - base = fname; - else - base++; - if (strlen(base) >= DVM_FILENAME_SIZE) - base += strlen(base) - DVM_FILENAME_SIZE + 1; - if (!write_all(1, base, DVM_FILENAME_SIZE)) - gui_fatal("send filename to dispVM"); - if (!copy_fd_all(1, fd)) - gui_fatal("send file to dispVM"); - close(1); -} - -int copy_and_return_nonemptiness(int tmpfd) -{ - struct stat st; - if (!copy_fd_all(tmpfd, 0)) - gui_fatal("receiving file from dispVM"); - if (fstat(tmpfd, &st)) - gui_fatal("fstat"); - close(tmpfd); - - return st.st_size; -} - -void recv_file_nowrite(char *fname) -{ - char *tempfile; - char *errmsg; - int tmpfd; - - asprintf(&tempfile, "/tmp/file_edited_in_dvm.XXXXXX"); - tmpfd = mkstemp(tempfile); - if (tmpfd < 0) - gui_fatal("unable to create any temporary file, aborting"); - if (!copy_and_return_nonemptiness(tmpfd)) { - unlink(tempfile); - return; - } - asprintf(&errmsg, - "The file %s has been edited in Disposable VM and the modified content has been received, " - "but this file is in nonwritable directory and thus cannot be modified safely. The edited file has been " - "saved to %s", fname, tempfile); - gui_nonfatal(errmsg); -} - -void actually_recv_file(char *fname, char *tempfile, int tmpfd) -{ - if (!copy_and_return_nonemptiness(tmpfd)) { - unlink(tempfile); - return; - } - if (rename(tempfile, fname)) - gui_fatal("rename"); -} - -void recv_file(char *fname) -{ - int tmpfd; - char *tempfile; - asprintf(&tempfile, "%s.XXXXXX", fname); - tmpfd = mkstemp(tempfile); - if (tmpfd < 0) - recv_file_nowrite(fname); - else - actually_recv_file(fname, tempfile, tmpfd); -} - -void talk_to_daemon(char *fname) -{ - send_file(fname); - recv_file(fname); -} - -int main(int argc, char ** argv) -{ - signal(SIGPIPE, SIG_IGN); - if (argc!=2) - gui_fatal("OpenInVM - no file given?"); - talk_to_daemon(argv[1]); - return 0; -} diff --git a/qubes_rpc/qrun-in-vm b/qubes_rpc/qrun-in-vm deleted file mode 100755 index 6b2e1bb1..00000000 --- a/qubes_rpc/qrun-in-vm +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -# pass aguments to the remote stdin, shovel back the remote output -echo "$@" -exec /bin/cat >&$SAVED_FD_1 diff --git a/qubes_rpc/qubes.Filecopy b/qubes_rpc/qubes.Filecopy deleted file mode 100644 index d82fa220..00000000 --- a/qubes_rpc/qubes.Filecopy +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/qubes/qfile-unpacker diff --git a/qubes_rpc/qubes.GetAppmenus b/qubes_rpc/qubes.GetAppmenus deleted file mode 100644 index 71e7b337..00000000 --- a/qubes_rpc/qubes.GetAppmenus +++ /dev/null @@ -1 +0,0 @@ -find /usr/share/applications/ /usr/local/share/applications/ -name '*.desktop' | xargs awk '/^\[/ { if (tolower($0) != "\[desktop entry\]") nextfile } /=/ {print FILENAME ":" $0 }' 2> /dev/null diff --git a/qubes_rpc/qubes.OpenInVM b/qubes_rpc/qubes.OpenInVM deleted file mode 100644 index 48db9065..00000000 --- a/qubes_rpc/qubes.OpenInVM +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/qubes/vm-file-editor diff --git a/qubes_rpc/qubes.SuspendPost b/qubes_rpc/qubes.SuspendPost deleted file mode 100644 index 73bf2ead..00000000 --- a/qubes_rpc/qubes.SuspendPost +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/qubes/prepare-suspend resume diff --git a/qubes_rpc/qubes.SuspendPre b/qubes_rpc/qubes.SuspendPre deleted file mode 100644 index ad49fa65..00000000 --- a/qubes_rpc/qubes.SuspendPre +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/qubes/prepare-suspend suspend diff --git a/qubes_rpc/qubes.SyncNtpClock b/qubes_rpc/qubes.SyncNtpClock deleted file mode 100644 index 087a421f..00000000 --- a/qubes_rpc/qubes.SyncNtpClock +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/qubes/sync-ntp-clock diff --git a/qubes_rpc/qubes.VMShell b/qubes_rpc/qubes.VMShell deleted file mode 100644 index 01dca2d7..00000000 --- a/qubes_rpc/qubes.VMShell +++ /dev/null @@ -1 +0,0 @@ -/bin/bash diff --git a/qubes_rpc/qubes.WaitForSession b/qubes_rpc/qubes.WaitForSession deleted file mode 100644 index 39042f70..00000000 --- a/qubes_rpc/qubes.WaitForSession +++ /dev/null @@ -1,2 +0,0 @@ -read USERNAME -su -c 'echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && exec sleep 365d' - "$USERNAME" diff --git a/qubes_rpc/qvm-copy-gnome.desktop b/qubes_rpc/qvm-copy-gnome.desktop deleted file mode 100644 index bb281252..00000000 --- a/qubes_rpc/qvm-copy-gnome.desktop +++ /dev/null @@ -1,9 +0,0 @@ -[Desktop Entry] -Type=Action -ToolbarLabel[C]=Copy to other AppVM -Name[C]=Copy to other AppVM -Profiles=profile-zero; - -[X-Action-Profile profile-zero] -Exec=/usr/lib/qubes/qvm-copy-to-vm.gnome %F -Name[C]=Default profile diff --git a/qubes_rpc/qvm-copy-to-vm b/qubes_rpc/qvm-copy-to-vm deleted file mode 100755 index 26ee8769..00000000 --- a/qubes_rpc/qvm-copy-to-vm +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh -# -# The Qubes OS Project, http://www.qubes-os.org -# -# Copyright (C) 2010 Rafal Wojtczuk -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# - -if [ $# -lt 2 ] ; then - echo usage: $0 '[--without-progress] dest_vmname file [file]+' - exit 1 -fi - -if [ x"$1" = "x--without-progress" ] ; then - export PROGRESS_TYPE=none - shift -else - export PROGRESS_TYPE=console -fi - - -VM="$1" -shift - -if [ $PROGRESS_TYPE = console ] ; then - export FILECOPY_TOTAL_SIZE=$(du --apparent-size -c "$@" | tail -1 | cut -f 1) -fi - -exec /usr/lib/qubes/qrexec_client_vm $VM qubes.Filecopy /usr/lib/qubes/qfile-agent "$@" diff --git a/qubes_rpc/qvm-copy-to-vm.gnome b/qubes_rpc/qvm-copy-to-vm.gnome deleted file mode 100755 index e6c6c70d..00000000 --- a/qubes_rpc/qvm-copy-to-vm.gnome +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# -# The Qubes OS Project, http://www.qubes-os.org -# -# Copyright (C) 2010 Rafal Wojtczuk -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# - -VM=$(qvm-mru-entry --title="File Copy" --text="Enter the destination domain name:" --mrufile "qvm-mru-filecopy") -if [ X$VM = X ] ; then exit 0 ; fi - -SIZE=$(du --apparent-size -c "$@" | tail -1 | cut -f 1) - -export PROGRESS_TYPE=gui - -/usr/lib/qubes/qrexec_client_vm $VM qubes.Filecopy /usr/lib/qubes/qfile-agent "$@" | -(while read sentsize ; do - CURRSIZE=$(($sentsize/1024)) - echo $((100*$CURRSIZE/$SIZE)) -done) | zenity --progress --text="Copying files to domain: $VM..." --auto-close diff --git a/qubes_rpc/qvm-copy-to-vm.kde b/qubes_rpc/qvm-copy-to-vm.kde deleted file mode 100755 index 5c56df08..00000000 --- a/qubes_rpc/qvm-copy-to-vm.kde +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh -# -# The Qubes OS Project, http://www.qubes-os.org -# -# Copyright (C) 2010 Rafal Wojtczuk -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# - -VM=$(kdialog -inputbox "Enter the VM name to send files to:") -if [ X$VM = X ] ; then exit 0 ; fi - -SIZE=$(du --apparent-size -c "$@" | tail -1 | cut -f 1) -REF=$(kdialog --progressbar "Copy progress") -qdbus $REF org.freedesktop.DBus.Properties.Set "" maximum $SIZE - -export PROGRESS_TYPE=gui - -/usr/lib/qubes/qrexec_client_vm $VM qubes.Filecopy \ - /usr/lib/qubes/qfile-agent "$@" | -(while read sentsize ; do - CURRSIZE=$(($sentsize/1024)) - qdbus $REF org.freedesktop.DBus.Properties.Set "" value $CURRSIZE -done) - -qdbus $REF close -# we do not want a dozen error messages, do we -# if ! [ "x"$agentstatus = xDONE ] ; then -# kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details' -# fi diff --git a/qubes_rpc/qvm-copy.desktop b/qubes_rpc/qvm-copy.desktop deleted file mode 100644 index 5795eb61..00000000 --- a/qubes_rpc/qvm-copy.desktop +++ /dev/null @@ -1,10 +0,0 @@ -[Desktop Entry] -Actions=QvmCopy; -Type=Service -X-KDE-ServiceTypes=KonqPopupMenu/Plugin,inode/directory,all/allfiles - -[Desktop Action QvmCopy] -Exec=/usr/lib/qubes/qvm-copy-to-vm.kde %U -Icon=kget -Name=Send To VM - diff --git a/qubes_rpc/qvm-dvm-gnome.desktop b/qubes_rpc/qvm-dvm-gnome.desktop deleted file mode 100644 index 28664a49..00000000 --- a/qubes_rpc/qvm-dvm-gnome.desktop +++ /dev/null @@ -1,9 +0,0 @@ -[Desktop Entry] -Type=Action -ToolbarLabel[C]=Open in DisposableVM -Name[C]=Open in DisposableVM -Profiles=profile-zero; - -[X-Action-Profile profile-zero] -Exec=/usr/bin/qvm-open-in-dvm %f -Name[C]=Default profile diff --git a/qubes_rpc/qvm-dvm.desktop b/qubes_rpc/qvm-dvm.desktop deleted file mode 100644 index ba34250c..00000000 --- a/qubes_rpc/qvm-dvm.desktop +++ /dev/null @@ -1,10 +0,0 @@ -[Desktop Entry] -Actions=QvmDvm; -Type=Service -X-KDE-ServiceTypes=KonqPopupMenu/Plugin,all/allfiles - -[Desktop Action QvmDvm] -Exec=/usr/bin/qvm-open-in-dvm %U -Icon=kget -Name=Open In DisposableVM - diff --git a/qubes_rpc/qvm-mru-entry b/qubes_rpc/qvm-mru-entry deleted file mode 100755 index b516753c..00000000 --- a/qubes_rpc/qvm-mru-entry +++ /dev/null @@ -1,165 +0,0 @@ -#!/usr/bin/python -# -# The Qubes OS Project, http://www.qubes-os.org -# -# Copyright (C) 2012 Bruce Downs -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# -import os -from optparse import OptionParser -import gtk - -class QubesMruDialog(gtk.Dialog): - entry = None - mrufile = None - - def __init__(self, title, text, mrufile): - self.mrufile = mrufile - - gtk.Dialog.__init__( - self, - title, - None, - 0, - (gtk.STOCK_CANCEL, gtk.RESPONSE_CANCEL, - gtk.STOCK_OK, gtk.RESPONSE_OK)) - - # setting the default response to 'ok' - # does not work as advertised - # using key-press-event instead - #self.set_default_response(gtk.RESPONSE_OK) - - self.connect("destroy", lambda *w: gtk.main_quit()) - self.connect("response", self.response_callback) - self.connect("key-press-event", self.key_press_callback) - - self.set_position(gtk.WIN_POS_CENTER) - self.set_resizable(True) - - vbox = gtk.VBox(True, 5) - self.vbox.pack_start(vbox, True, True, 0) - vbox.set_border_width(5) - - label = gtk.Label() - label.set_markup(text) - vbox.pack_start(label, False, False, 0) - - # Create our entry - self.entry = gtk.Entry() - vbox.pack_start(self.entry, False, False, 0) - - # Create the completion object - completion = gtk.EntryCompletion() - - # Assign the completion to the entry - self.entry.set_completion(completion) - - # Create a tree model and use it as the completion model - completion_model, firstline = self.create_completion_model() - completion.set_model(completion_model) - - # Use model column 0 as the text column - completion.set_text_column(0) - - if firstline: - self.entry.set_text(firstline) - - self.show_all() - - def create_completion_model(self): - store = gtk.ListStore(str) - firstline = None - - if self.mrufile and os.access(self.mrufile, os.R_OK): - # read lines from mru file - lines = [line.strip() for line in open(self.mrufile)] - for line in lines: - if not firstline: - firstline = line - - iter = store.append() - store.set(iter, 0, line) - - return store, firstline - - def handle_ok(self): - my_entry = self.entry.get_text() - - if len(my_entry) > 0: - linesorg = [] - linesorg.insert(0, my_entry) - - # calc mru lines - if os.access(self.mrufile, os.R_OK): - # read lines from existing mru file - fMru = open(self.mrufile, "r") - linesorg += [line.strip() for line in fMru] - fMru.close() - - #uniqify - linesuniq = [] - for lineuniq in linesorg: - if (len(lineuniq) > 0 and lineuniq not in linesuniq): - linesuniq.append(lineuniq) - - # write to mru - # up to 50 unique - fMru = file(self.mrufile, "w") - fMru.writelines( "%s\n" % line for line in linesuniq[:50] ) - fMru.close() - - # print entry to stdout - print my_entry - - def response_callback(self, button, response_id): - if response_id == gtk.RESPONSE_OK: - self.handle_ok() - self.destroy() - - def key_press_callback(self, button, event): - if event.keyval == gtk.keysyms.Return: - self.handle_ok() - self.destroy() - -def main(): - usage = "usage: %prog [--title 'Qubes Title'] [--text 'Qubes Text'] [--mrufile 'mru file name']" - parser = OptionParser (usage) - parser.add_option ("-l", "--title", - action="store", - dest="title", - default="Qubes MRU Dialog Entry", - help="Set the dialog title [%default]") - parser.add_option ("-x", "--text", - action="store", - dest="text", - default="Enter Qubes text:", - help="Set the dialog text [%default]") - parser.add_option ("-f", "--mrufile", - action="store", - dest="mrufile", - default='qvm-mru', - help="MRU file name [%default]") - (options, args) = parser.parse_args () - - mrudir = os.path.expanduser('~') + os.sep + '.config' - if not os.path.exists(mrudir): - os.makedirs(mrudir) - QubesMruDialog(options.title, options.text, mrudir + os.sep + options.mrufile) - gtk.main() - -main() - diff --git a/qubes_rpc/qvm-open-in-dvm b/qubes_rpc/qvm-open-in-dvm deleted file mode 100755 index 2e04aaf3..00000000 --- a/qubes_rpc/qvm-open-in-dvm +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -# -# The Qubes OS Project, http://www.qubes-os.org -# -# Copyright (C) 2010 Rafal Wojtczuk -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# - -if ! [ $# = 1 ] ; then - echo "Usage: $0 filename" - exit 1 -fi - -. /usr/lib/qubes/wrap_in_html_if_url.sh -wrap_in_html_if_url "$1" - -exec /usr/lib/qubes/qrexec_client_vm '$dispvm' qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$FILE_ARGUMENT" diff --git a/qubes_rpc/qvm-open-in-vm b/qubes_rpc/qvm-open-in-vm deleted file mode 100755 index 57512706..00000000 --- a/qubes_rpc/qvm-open-in-vm +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# -# The Qubes OS Project, http://www.qubes-os.org -# -# Copyright (C) 2010 Rafal Wojtczuk -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# - -if ! [ $# = 2 ] ; then - echo "Usage: $0 vmname filename" - exit 1 -fi -. /usr/lib/qubes/wrap_in_html_if_url.sh -wrap_in_html_if_url "$2" -exec /usr/lib/qubes/qrexec_client_vm "$1" qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$FILE_ARGUMENT" diff --git a/qubes_rpc/qvm-run b/qubes_rpc/qvm-run deleted file mode 100755 index 54e296f8..00000000 --- a/qubes_rpc/qvm-run +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# -# The Qubes OS Project, http://www.qubes-os.org -# -# Copyright (C) 2010 Rafal Wojtczuk -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# - -if [ $# -lt 2 ] ; then - echo "Usage: $0 vmname command arguments" - exit 1 -fi -VMNAME=$1 -shift -if [ $VMNAME = "--dispvm" ] ; then - VMNAME='$dispvm' -fi -exec /usr/lib/qubes/qrexec_client_vm $VMNAME qubes.VMShell "/usr/lib/qubes/qrun-in-vm" "$@" diff --git a/qubes_rpc/sync-ntp-clock b/qubes_rpc/sync-ntp-clock deleted file mode 100755 index f5dfa1bb..00000000 --- a/qubes_rpc/sync-ntp-clock +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -if [ -x /usr/libexec/ntpdate-wrapper ]; then - /usr/libexec/ntpdate-wrapper -elif [ -x /etc/init.d/ntpdate ]; then - /etc/init.d/ntpdate restart -elif [ -x /usr/sbin/ntpdate ]; then - /usr/sbin/ntpdate pool.ntp.org -else - echo "No ntpdate installed, giving up." - exit 1 -fi diff --git a/qubes_rpc/vm-file-editor.c b/qubes_rpc/vm-file-editor.c deleted file mode 100644 index a4e53df7..00000000 --- a/qubes_rpc/vm-file-editor.c +++ /dev/null @@ -1,161 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include "dvm2.h" - -char *gettime() -{ - static char retbuf[60]; - struct timeval tv; - gettimeofday(&tv, NULL); - snprintf(retbuf, sizeof(retbuf), "%lld.%lld", - (long long) tv.tv_sec, (long long) tv.tv_usec); - return retbuf; -} - -char *get_filename() -{ - char buf[DVM_FILENAME_SIZE]; - static char retname[sizeof(buf) + sizeof("/tmp/")]; - int i; - if (!read_all(0, buf, sizeof(buf))) - exit(1); - if (index(buf, '/')) { - fprintf(stderr, "filename contains /"); - exit(1); - } - for (i=0; i < DVM_FILENAME_SIZE && buf[i]!=0; i++) { - // replace some characters with _ (eg mimeopen have problems with some of them) - if (index(" !?\"#$%^&*()[]<>;`~", buf[i])) - buf[i]='_'; - } - snprintf(retname, sizeof(retname), "/tmp/%s", buf); - return retname; -} - -void copy_file(char *filename) -{ - int fd = open(filename, O_WRONLY | O_CREAT, 0600); - if (fd < 0) { - perror("open file"); - exit(1); - } - if (!copy_fd_all(fd, 0)) - exit(1); - close(fd); -} - -void send_file_back(char * filename) -{ - int fd = open(filename, O_RDONLY); - if (fd < 0) { - perror("open file"); - exit(1); - } - if (!copy_fd_all(1, fd)) - exit(1); - close(fd); -} - -int -main() -{ - struct stat stat_pre, stat_post, session_stat; - char *filename = get_filename(); - int child, status, log_fd, null_fd; - char var[1024], val[4096]; - FILE *env_file; - FILE *waiter_pidfile; - - copy_file(filename); - if (stat(filename, &stat_pre)) { - perror("stat pre"); - exit(1); - } - fprintf(stderr, "time=%s, waiting for qubes-session\n", gettime()); - // wait for X server to starts (especially in DispVM) - if (stat("/tmp/qubes-session-env", &session_stat)) { - switch (child = fork()) { - case -1: - perror("fork"); - exit(1); - case 0: - waiter_pidfile = fopen("/tmp/qubes-session-waiter", "a"); - if (waiter_pidfile == NULL) { - perror("fopen waiter_pidfile"); - exit(1); - } - fprintf(waiter_pidfile, "%d\n", getpid()); - fclose(waiter_pidfile); - // check the second time, to prevent race - if (stat("/tmp/qubes-session-env", &session_stat)) { - // wait for qubes-session notify - pause(); - } - exit(0); - default: - waitpid(child, &status, 0); - if (WIFEXITED(status) && WEXITSTATUS(status) != 0) { - //propagate exit code from child - exit(WEXITSTATUS(status)); - } - } - } - fprintf(stderr, "time=%s, starting editor\n", gettime()); - switch (child = fork()) { - case -1: - perror("fork"); - exit(1); - case 0: - null_fd = open("/dev/null", O_RDONLY); - dup2(null_fd, 0); - close(null_fd); - - env_file = fopen("/tmp/qubes-session-env", "r"); - while(fscanf(env_file, "%1024[^=]=%4096[^\n]\n", var, val) == 2) { - setenv(var, val, 1); - } - fclose(env_file); - - log_fd = open("/tmp/mimeopen.log", O_CREAT | O_APPEND, 0666); - if (log_fd == -1) { - perror("open /tmp/mimeopen.log"); - exit(1); - } - dup2(log_fd, 1); - close(log_fd); - - setenv("HOME", "/home/user", 1); - setenv("DISPLAY", ":0", 1); - execl("/usr/bin/mimeopen", "mimeopen", "-n", filename, (char*)NULL); - perror("execl"); - exit(1); - default: - waitpid(child, &status, 0); - if (status != 0) { - char cmd[512]; -#ifdef USE_KDIALOG - snprintf(cmd, sizeof(cmd), - "HOME=/home/user DISPLAY=:0 /usr/bin/kdialog --sorry 'Unable to handle mimetype of the requested file (exit status: %d)!' > /tmp/kdialog.log 2>&1 /tmp/kdialog.log 2>&1 /tmp/kdialog.log 2>&1 > $FILE_ARGUMENT - echo '">' >> $FILE_ARGUMENT - ;; - *) - FILE_ARGUMENT="$1" - ;; - esac -} - - \ No newline at end of file diff --git a/rpm_spec/core-vm-kernel-placeholder.spec b/rpm_spec/core-vm-kernel-placeholder.spec deleted file mode 100644 index 691a50e5..00000000 --- a/rpm_spec/core-vm-kernel-placeholder.spec +++ /dev/null @@ -1,26 +0,0 @@ -# We don't install kernel pkg in VM, but some other pkgs depends on it. -# Done as separate subpackage because yum allows multiple versions of kernel -# pkg installed simultaneusly - and of course we don't want multiple versions -# of qubes-core-vm -Name: qubes-core-vm-kernel-placeholder -Summary: Placeholder for kernel package as it is managed by Dom0 -Version: 1.0 -Release: 2%{dist} -Vendor: Invisible Things Lab -License: GPL -Group: Qubes -URL: http://www.qubes-os.org -# template released with 1.0-rc1 have kernel-debug installed by mistake. This -# line is required to smooth upgrade. -Obsoletes: kernel-debug -# this driver require exact kernel-drm-nouveau version; as isn't needed in VM, -# just remove it -Obsoletes: xorg-x11-drv-nouveau -Provides: xorg-x11-drv-nouveau -# choose the oldest Qubes-supported VM kernel -Provides: kernel = 3.7.4 - -%description -Placeholder for kernel package as it is managed by Dom0. - -%files diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec deleted file mode 100644 index 29b58c8c..00000000 --- a/rpm_spec/core-vm.spec +++ /dev/null @@ -1,655 +0,0 @@ -# -# The Qubes OS Project, http://www.qubes-os.org -# -# Copyright (C) 2010 Joanna Rutkowska -# Copyright (C) 2010 Rafal Wojtczuk -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# - -%{!?version: %define version %(cat version_vm)} - -Name: qubes-core-vm -Version: %{version} -Release: 1%{dist} -Summary: The Qubes core files for VM - -Group: Qubes -Vendor: Invisible Things Lab -License: GPL -URL: http://www.qubes-os.org -Requires: /usr/bin/xenstore-read -Requires: fedora-release -Requires: yum-plugin-post-transaction-actions -Requires: NetworkManager >= 0.8.1-1 -%if %{fedora} >= 18 -# Fedora >= 18 defaults to firewalld, which isn't supported nor needed by Qubes -Requires: iptables-services -Conflicts: firewalld -%endif -Requires: /usr/bin/mimeopen -Requires: ethtool -Requires: tinyproxy -Requires: ntpdate -Requires: net-tools -Requires: nautilus-actions -Requires: qubes-core-vm-kernel-placeholder -Requires: qubes-core-libs -Provides: qubes-core-vm -Obsoletes: qubes-core-commonvm -Obsoletes: qubes-core-appvm -Obsoletes: qubes-core-netvm -Obsoletes: qubes-core-proxyvm -Obsoletes: qubes-upgrade-vm < 2.0 -BuildRequires: xen-devel - -%define _builddir %(pwd) - -%define kde_service_dir /usr/share/kde4/services/ServiceMenus - -%description -The Qubes core files for installation inside a Qubes VM. - -%prep -# we operate on the current directory, so no need to unpack anything -# symlink is to generate useful debuginfo packages -rm -f %{name}-%{version} -ln -sf . %{name}-%{version} -%setup -T -D - -%build -(cd vchan; make -f Makefile.linux) -(cd qrexec; make) -for dir in qubes_rpc misc; do - (cd $dir; make) -done - -%pre - -if [ "$1" != 1 ] ; then -# do this whole %pre thing only when updating for the first time... -exit 0 -fi - -mkdir -p /var/lib/qubes -if [ -e /etc/fstab ] ; then -mv /etc/fstab /var/lib/qubes/fstab.orig -fi - -adduser --create-home user - -%install - -install -m 0644 -D misc/fstab $RPM_BUILD_ROOT/etc/fstab -install -d $RPM_BUILD_ROOT/etc/init.d -install vm-init.d/* $RPM_BUILD_ROOT/etc/init.d/ - -install -d $RPM_BUILD_ROOT/lib/systemd/system $RPM_BUILD_ROOT/usr/lib/qubes/init -install -m 0755 vm-systemd/*.sh $RPM_BUILD_ROOT/usr/lib/qubes/init/ -install -m 0644 vm-systemd/qubes-*.service $RPM_BUILD_ROOT/lib/systemd/system/ -install -m 0644 vm-systemd/qubes-*.timer $RPM_BUILD_ROOT/lib/systemd/system/ -install -m 0644 vm-systemd/NetworkManager.service $RPM_BUILD_ROOT/usr/lib/qubes/init/ -install -m 0644 vm-systemd/NetworkManager-wait-online.service $RPM_BUILD_ROOT/usr/lib/qubes/init/ -install -m 0644 vm-systemd/cups.service $RPM_BUILD_ROOT/usr/lib/qubes/init/ -install -m 0644 vm-systemd/ntpd.service $RPM_BUILD_ROOT/usr/lib/qubes/init/ - -install -D -m 0440 misc/qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes -install -D -m 0644 misc/qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d/qubes.repo -install -D -m 0644 misc/serial.conf $RPM_BUILD_ROOT/usr/lib/qubes/serial.conf -install -D misc/qubes_serial_login $RPM_BUILD_ROOT/sbin/qubes_serial_login -install -d $RPM_BUILD_ROOT/usr/share/glib-2.0/schemas/ -install -m 0644 misc/org.gnome.settings-daemon.plugins.updates.gschema.override $RPM_BUILD_ROOT/usr/share/glib-2.0/schemas/ -install -d $RPM_BUILD_ROOT/usr/lib/yum-plugins/ -install -m 0644 misc/yum-qubes-hooks.py* $RPM_BUILD_ROOT/usr/lib/yum-plugins/ -install -D -m 0644 misc/yum-qubes-hooks.conf $RPM_BUILD_ROOT/etc/yum/pluginconf.d/yum-qubes-hooks.conf - -install -d $RPM_BUILD_ROOT/var/lib/qubes - -install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-gpg -install -m 644 misc/RPM-GPG-KEY-qubes* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/ -install -D misc/xenstore-watch $RPM_BUILD_ROOT/usr/bin/xenstore-watch-qubes -install -d $RPM_BUILD_ROOT/etc/udev/rules.d -install -m 0644 misc/qubes_misc.rules $RPM_BUILD_ROOT/etc/udev/rules.d/50-qubes_misc.rules -install -m 0644 misc/qubes_block.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_block.rules -install -m 0644 misc/qubes_usb.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_usb.rules -install -d $RPM_BUILD_ROOT/usr/lib/qubes/ -install misc/qubes_download_dom0_updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/ -install misc/{block_add_change,block_remove,block_cleanup} $RPM_BUILD_ROOT/usr/lib/qubes/ -install misc/{usb_add_change,usb_remove} $RPM_BUILD_ROOT/usr/lib/qubes/ -install misc/vusb-ctl.py $RPM_BUILD_ROOT/usr/lib/qubes/ -install misc/qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/ -install -D -m 0644 misc/qubes_trigger_sync_appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/qubes_trigger_sync_appmenus.action -install -D misc/polkit-1-qubes-allow-all.pkla $RPM_BUILD_ROOT/etc/polkit-1/localauthority/50-local.d/qubes-allow-all.pkla -install -D misc/polkit-1-qubes-allow-all.rules $RPM_BUILD_ROOT/etc/polkit-1/rules.d/00-qubes-allow-all.rules -mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes - -if [ -r misc/dispvm-dotfiles.%{dist}.tbz ]; then - install misc/dispvm-dotfiles.%{dist}.tbz $RPM_BUILD_ROOT/etc/dispvm-dotfiles.tbz -else - install misc/dispvm-dotfiles.tbz $RPM_BUILD_ROOT/etc/dispvm-dotfiles.tbz -fi -install misc/dispvm-prerun.sh $RPM_BUILD_ROOT/usr/lib/qubes/dispvm-prerun.sh - -install -D misc/qubes_core.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes_core.modules -install -D misc/qubes_misc.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes_misc.modules - -install -m 0644 network/qubes_network.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_network.rules -install network/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/usr/lib/qubes -install network/qubes_fix_nm_conf.sh $RPM_BUILD_ROOT/usr/lib/qubes -install network/setup_ip $RPM_BUILD_ROOT/usr/lib/qubes/ -install network/network-manager-prepare-conf-dir $RPM_BUILD_ROOT/usr/lib/qubes/ -install -d $RPM_BUILD_ROOT/etc/dhclient.d -ln -s /usr/lib/qubes/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/etc/dhclient.d/qubes_setup_dnat_to_ns.sh -install -d $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ -install network/{qubes_nmhook,30-qubes_external_ip} $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ -install -D network/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts/vif-route-qubes -install -m 0400 -D network/iptables $RPM_BUILD_ROOT/etc/sysconfig/iptables -install -m 0400 -D network/ip6tables $RPM_BUILD_ROOT/etc/sysconfig/ip6tables -install -m 0644 -D network/tinyproxy-qubes-yum.conf $RPM_BUILD_ROOT/etc/tinyproxy/tinyproxy-qubes-yum.conf -install -m 0644 -D network/filter-qubes-yum $RPM_BUILD_ROOT/etc/tinyproxy/filter-qubes-yum - -install -d $RPM_BUILD_ROOT/etc/yum.conf.d -touch $RPM_BUILD_ROOT/etc/yum.conf.d/qubes-proxy.conf - -install -d $RPM_BUILD_ROOT/usr/sbin -install network/qubes_firewall $RPM_BUILD_ROOT/usr/sbin/ -install network/qubes_netwatcher $RPM_BUILD_ROOT/usr/sbin/ - -install -d $RPM_BUILD_ROOT/usr/bin - -install qubes_rpc/{qvm-open-in-dvm,qvm-open-in-vm,qvm-copy-to-vm,qvm-run,qvm-mru-entry} $RPM_BUILD_ROOT/usr/bin -install qubes_rpc/wrap_in_html_if_url.sh $RPM_BUILD_ROOT/usr/lib/qubes -install qubes_rpc/qvm-copy-to-vm.kde $RPM_BUILD_ROOT/usr/lib/qubes -install qubes_rpc/qvm-copy-to-vm.gnome $RPM_BUILD_ROOT/usr/lib/qubes -install qubes_rpc/{vm-file-editor,qfile-agent,qopen-in-vm,qfile-unpacker} $RPM_BUILD_ROOT/usr/lib/qubes -install qubes_rpc/qrun-in-vm $RPM_BUILD_ROOT/usr/lib/qubes -install qubes_rpc/sync-ntp-clock $RPM_BUILD_ROOT/usr/lib/qubes -install qubes_rpc/prepare-suspend $RPM_BUILD_ROOT/usr/lib/qubes -install -d $RPM_BUILD_ROOT/%{kde_service_dir} -install -m 0644 qubes_rpc/{qvm-copy.desktop,qvm-dvm.desktop} $RPM_BUILD_ROOT/%{kde_service_dir} -install -d $RPM_BUILD_ROOT/etc/qubes_rpc -install -m 0644 qubes_rpc/{qubes.Filecopy,qubes.OpenInVM,qubes.VMShell,qubes.SyncNtpClock} $RPM_BUILD_ROOT/etc/qubes_rpc -install -m 0644 qubes_rpc/{qubes.SuspendPre,qubes.SuspendPost,qubes.GetAppmenus} $RPM_BUILD_ROOT/etc/qubes_rpc -install -m 0644 qubes_rpc/qubes.WaitForSession $RPM_BUILD_ROOT/etc/qubes_rpc - -install -d $RPM_BUILD_ROOT/usr/share/file-manager/actions -install -m 0644 qubes_rpc/*-gnome.desktop $RPM_BUILD_ROOT/usr/share/file-manager/actions - -install -D misc/nautilus-actions.conf $RPM_BUILD_ROOT/etc/xdg/nautilus-actions/nautilus-actions.conf - -install qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes -install qrexec/qrexec_client_vm $RPM_BUILD_ROOT/usr/lib/qubes -install qrexec/qubes_rpc_multiplexer $RPM_BUILD_ROOT/usr/lib/qubes - -install misc/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes -install -d $RPM_BUILD_ROOT/mnt/removable -install -d $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates - -install -D -m 0644 misc/xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11/xorg-preload-apps.conf - -install -d $RPM_BUILD_ROOT/var/run/qubes -install -d $RPM_BUILD_ROOT/home_volatile/user - -%triggerin -- initscripts -cp /usr/lib/qubes/serial.conf /etc/init/serial.conf - -%post - -# disable some Upstart services -for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do - if [ -e /etc/init/$F.conf ]; then - mv -f /etc/init/$F.conf /etc/init/$F.conf.disabled - fi -done - -remove_ShowIn () { - if [ -e /etc/xdg/autostart/$1.desktop ]; then - sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop - fi -} - -# don't want it at all -for F in abrt-applet deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto gnome-power-manager gnome-sound-applet gnome-screensaver orca-autostart; do - if [ -e /etc/xdg/autostart/$F.desktop ]; then - remove_ShowIn $F - echo 'NotShowIn=QUBES;' >> /etc/xdg/autostart/$F.desktop - fi -done - -# don't want it in DisposableVM -for F in gcm-apply ; do - if [ -e /etc/xdg/autostart/$F.desktop ]; then - remove_ShowIn $F - echo 'NotShowIn=DisposableVM;' >> /etc/xdg/autostart/$F.desktop - fi -done - -# want it in AppVM only -for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do - if [ -e /etc/xdg/autostart/$F.desktop ]; then - remove_ShowIn $F - echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop - fi -done - -# remove existing rule to add own later -for F in gpk-update-icon nm-applet ; do - remove_ShowIn $F -done - -echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || : -echo 'OnlyShowIn=GNOME;NetVM;' >> /etc/xdg/autostart/nm-applet.desktop || : - -usermod -p '' root -usermod -L user - -# Create NetworkManager configuration if we do not have it -if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then -echo '[main]' > /etc/NetworkManager/NetworkManager.conf -echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf -echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf -fi -/usr/lib/qubes/qubes_fix_nm_conf.sh - - -# Remove ip_forward setting from sysctl, so NM will not reset it -sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf - -# Install firmware link only on system which haven't it yet -if ! [ -e /lib/firmware/updates ]; then - ln -s /lib/modules/firmware /lib/firmware/updates -fi - -if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf' /etc/yum.conf; then - echo >> /etc/yum.conf - echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf - echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf -fi - -# Revert 'Prevent unnecessary updates in VMs': -sed -i -e '/^exclude = kernel/d' /etc/yum.conf - -# qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content -if ! grep -q localhost /etc/hosts; then - cat < /etc/hosts -127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 `hostname` -::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 -EOF -fi - -if [ "$1" != 1 ] ; then -# do the rest of %post thing only when updating for the first time... -exit 0 -fi - -if [ -e /etc/init/serial.conf ] && ! [ -f /var/lib/qubes/serial.orig ] ; then - cp /etc/init/serial.conf /var/lib/qubes/serial.orig -fi - -#echo "--> Disabling SELinux..." -sed -e s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config.processed -mv /etc/selinux/config.processed /etc/selinux/config -setenforce 0 2>/dev/null - -# Remove most of the udev scripts to speed up the VM boot time -# Just leave the xen* scripts, that are needed if this VM was -# ever used as a net backend (e.g. as a VPN domain in the future) -#echo "--> Removing unnecessary udev scripts..." -mkdir -p /var/lib/qubes/removed-udev-scripts -for f in /etc/udev/rules.d/* -do - if [ $(basename $f) == "xen-backend.rules" ] ; then - continue - fi - - if [ $(basename $f) == "xend.rules" ] ; then - continue - fi - - if [ $(basename $f) == "50-qubes_misc.rules" ] ; then - continue - fi - - if [ $(basename $f) == "99-qubes_network.rules" ] ; then - continue - fi - - if [ $(basename $f) == "99-qubes_block.rules" ] ; then - continue - fi - - if [ $(basename $f) == "99-qubes_usb.rules" ] ; then - continue - fi - - if [ $(basename $f) == "90-hal.rules" ] ; then - continue - fi - - - mv $f /var/lib/qubes/removed-udev-scripts/ -done -mkdir -p /rw -#rm -f /etc/mtab -#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0" -#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig -#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0 - -%preun -if [ "$1" = 0 ] ; then - # no more packages left - if [ -e /var/lib/qubes/fstab.orig ] ; then - mv /var/lib/qubes/fstab.orig /etc/fstab - fi - mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/ - if [ -e /var/lib/qubes/serial.orig ] ; then - mv /var/lib/qubes/serial.orig /etc/init/serial.conf - fi -fi - -%postun -if [ $1 -eq 0 ] ; then - /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : - - if [ -l /lib/firmware/updates ]; then - rm /lib/firmware/updates - fi -fi - -%posttrans - /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : - -%clean -rm -rf $RPM_BUILD_ROOT -rm -f %{name}-%{version} - -%files -%defattr(-,root,root,-) -%dir /var/lib/qubes -%dir /var/run/qubes -%dir %attr(0775,user,user) /var/lib/qubes/dom0-updates -%{kde_service_dir}/qvm-copy.desktop -%{kde_service_dir}/qvm-dvm.desktop -/etc/NetworkManager/dispatcher.d/30-qubes_external_ip -/etc/NetworkManager/dispatcher.d/qubes_nmhook -/etc/X11/xorg-preload-apps.conf -/etc/dispvm-dotfiles.tbz -/etc/dhclient.d/qubes_setup_dnat_to_ns.sh -/etc/fstab -/etc/pki/rpm-gpg/RPM-GPG-KEY-qubes* -/etc/polkit-1/localauthority/50-local.d/qubes-allow-all.pkla -/etc/polkit-1/rules.d/00-qubes-allow-all.rules -%dir /etc/qubes_rpc -/etc/qubes_rpc/qubes.Filecopy -/etc/qubes_rpc/qubes.OpenInVM -/etc/qubes_rpc/qubes.GetAppmenus -/etc/qubes_rpc/qubes.VMShell -/etc/qubes_rpc/qubes.SyncNtpClock -/etc/qubes_rpc/qubes.SuspendPre -/etc/qubes_rpc/qubes.SuspendPost -/etc/qubes_rpc/qubes.WaitForSession -/etc/sudoers.d/qubes -%config(noreplace) /etc/sysconfig/iptables -%config(noreplace) /etc/sysconfig/ip6tables -/etc/sysconfig/modules/qubes_core.modules -/etc/sysconfig/modules/qubes_misc.modules -%config(noreplace) /etc/tinyproxy/filter-qubes-yum -%config(noreplace) /etc/tinyproxy/tinyproxy-qubes-yum.conf -/etc/udev/rules.d/50-qubes_misc.rules -/etc/udev/rules.d/99-qubes_block.rules -/etc/udev/rules.d/99-qubes_network.rules -/etc/udev/rules.d/99-qubes_usb.rules -/etc/xdg/nautilus-actions/nautilus-actions.conf -/etc/xen/scripts/vif-route-qubes -%config(noreplace) /etc/yum.conf.d/qubes-proxy.conf -%config(noreplace) /etc/yum.repos.d/qubes.repo -/etc/yum/pluginconf.d/yum-qubes-hooks.conf -/etc/yum/post-actions/qubes_trigger_sync_appmenus.action -/sbin/qubes_serial_login -/usr/bin/qvm-copy-to-vm -/usr/bin/qvm-open-in-dvm -/usr/bin/qvm-open-in-vm -/usr/bin/qvm-run -/usr/bin/qvm-mru-entry -/usr/bin/xenstore-watch-qubes -%dir /usr/lib/qubes -/usr/lib/qubes/block_add_change -/usr/lib/qubes/block_cleanup -/usr/lib/qubes/block_remove -/usr/lib/qubes/usb_add_change -/usr/lib/qubes/usb_remove -/usr/lib/qubes/vusb-ctl.py* -/usr/lib/qubes/dispvm-prerun.sh -/usr/lib/qubes/sync-ntp-clock -/usr/lib/qubes/prepare-suspend -/usr/lib/qubes/meminfo-writer -/usr/lib/qubes/network-manager-prepare-conf-dir -/usr/lib/qubes/qfile-agent -%attr(4755,root,root) /usr/lib/qubes/qfile-unpacker -/usr/lib/qubes/qopen-in-vm -/usr/lib/qubes/qrexec_agent -/usr/lib/qubes/qrexec_client_vm -/usr/lib/qubes/qrun-in-vm -/usr/lib/qubes/qubes_download_dom0_updates.sh -/usr/lib/qubes/qubes_fix_nm_conf.sh -/usr/lib/qubes/qubes_rpc_multiplexer -/usr/lib/qubes/qubes_setup_dnat_to_ns -/usr/lib/qubes/qubes_trigger_sync_appmenus.sh -/usr/lib/qubes/qvm-copy-to-vm.gnome -/usr/lib/qubes/qvm-copy-to-vm.kde -/usr/lib/qubes/serial.conf -/usr/lib/qubes/setup_ip -/usr/lib/qubes/vm-file-editor -/usr/lib/qubes/wrap_in_html_if_url.sh -/usr/lib/yum-plugins/yum-qubes-hooks.py* -/usr/sbin/qubes_firewall -/usr/sbin/qubes_netwatcher -/usr/share/glib-2.0/schemas/org.gnome.settings-daemon.plugins.updates.gschema.override -/usr/share/file-manager/actions/qvm-copy-gnome.desktop -/usr/share/file-manager/actions/qvm-dvm-gnome.desktop -%dir /home_volatile -%attr(700,user,user) /home_volatile/user -%dir /mnt/removable - -%package sysvinit -Summary: Qubes unit files for SysV init style or upstart -License: GPL v2 only -Group: Qubes -Requires: upstart -Requires: qubes-core-vm -Provides: qubes-core-vm-init-scripts -Conflicts: qubes-core-vm-systemd - -%description sysvinit -The Qubes core startup configuration for SysV init (or upstart). - -%files sysvinit -/etc/init.d/qubes_core -/etc/init.d/qubes_core_appvm -/etc/init.d/qubes_core_netvm -/etc/init.d/qubes-firewall -/etc/init.d/qubes-netwatcher -/etc/init.d/qubes-yum-proxy - -%post sysvinit - -#echo "--> Turning off unnecessary services..." -# FIXME: perhaps there is more elegant way to do this? -for f in /etc/init.d/* -do - srv=`basename $f` - [ $srv = 'functions' ] && continue - [ $srv = 'killall' ] && continue - [ $srv = 'halt' ] && continue - [ $srv = 'single' ] && continue - [ $srv = 'reboot' ] && continue - [ $srv = 'qubes_gui' ] && continue - chkconfig $srv off -done - -#echo "--> Enabling essential services..." -chkconfig rsyslog on -chkconfig haldaemon on -chkconfig messagebus on -chkconfig iptables on -chkconfig ip6tables on -chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!" -chkconfig qubes_core on || echo "WARNING: Cannot enable service qubes_core!" -chkconfig --add qubes_core_netvm || echo "WARNING: Cannot add service qubes_core_netvm!" -chkconfig qubes_core_netvm on || echo "WARNING: Cannot enable service qubes_core_netvm!" -chkconfig --add qubes_core_appvm || echo "WARNING: Cannot add service qubes_core_appvm!" -chkconfig qubes_core_appvm on || echo "WARNING: Cannot enable service qubes_core_appvm!" -chkconfig --add qubes-firewall || echo "WARNING: Cannot add service qubes-firewall!" -chkconfig qubes-firewall on || echo "WARNING: Cannot enable service qubes-firewall!" -chkconfig --add qubes-netwatcher || echo "WARNING: Cannot add service qubes-netwatcher!" -chkconfig qubes-netwatcher on || echo "WARNING: Cannot enable service qubes-netwatcher!" -chkconfig --add qubes-yum-proxy || echo "WARNING: Cannot add service qubes-yum-proxy!" -chkconfig qubes-yum-proxy on || echo "WARNING: Cannot enable service qubes-yum-proxy!" - -# TODO: make this not display the silly message about security context... -sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab - -%preun sysvinit -if [ "$1" = 0 ] ; then - # no more packages left - chkconfig qubes_core off - chkconfig qubes_core_netvm off - chkconfig qubes_core_appvm off - chkconfig qubes-firewall off - chkconfig qubes-netwatcher off - chkconfig qubes-yum-proxy off -fi - -%package systemd -Summary: Qubes unit files for SystemD init style -License: GPL v2 only -Group: Qubes -Requires: systemd -Requires(post): systemd-units -Requires(preun): systemd-units -Requires(postun): systemd-units -Requires: qubes-core-vm -Provides: qubes-core-vm-init-scripts -Conflicts: qubes-core-vm-sysvinit - -%description systemd -The Qubes core startup configuration for SystemD init. - -%files systemd -%defattr(-,root,root,-) -/lib/systemd/system/qubes-dvm.service -/lib/systemd/system/qubes-meminfo-writer.service -/lib/systemd/system/qubes-qrexec-agent.service -/lib/systemd/system/qubes-misc-post.service -/lib/systemd/system/qubes-firewall.service -/lib/systemd/system/qubes-netwatcher.service -/lib/systemd/system/qubes-network.service -/lib/systemd/system/qubes-sysinit.service -/lib/systemd/system/qubes-update-check.service -/lib/systemd/system/qubes-update-check.timer -/lib/systemd/system/qubes-yum-proxy.service -%dir /usr/lib/qubes/init -/usr/lib/qubes/init/prepare-dvm.sh -/usr/lib/qubes/init/network-proxy-setup.sh -/usr/lib/qubes/init/misc-post.sh -/usr/lib/qubes/init/misc-post-stop.sh -/usr/lib/qubes/init/qubes-sysinit.sh -/usr/lib/qubes/init/NetworkManager.service -/usr/lib/qubes/init/NetworkManager-wait-online.service -/usr/lib/qubes/init/cups.service -/usr/lib/qubes/init/ntpd.service -%ghost %attr(0644,root,root) /etc/systemd/system/NetworkManager.service -%ghost %attr(0644,root,root) /etc/systemd/system/NetworkManager-wait-online.service -%ghost %attr(0644,root,root) /etc/systemd/system/cups.service - -%post systemd - -for srv in qubes-dvm qubes-meminfo-writer qubes-qrexec-agent qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-yum-proxy; do - /bin/systemctl enable $srv.service 2> /dev/null -done - -/bin/systemctl enable qubes-update-check.timer 2> /dev/null - -# Install overriden services only when original exists -for srv in cups NetworkManager NetworkManager-wait-online ntpd; do - if [ -f /lib/systemd/system/$srv.service ]; then - cp /usr/lib/qubes/init/$srv.service /etc/systemd/system/$srv.service - fi -done - -# Set default "runlevel" -rm -f /etc/systemd/system/default.target -ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target - -# Services to disable -#echo "--> Turning off unnecessary services..." -# FIXME: perhaps there is more elegant way to do this? -for f in /etc/init.d/* -do - srv=`basename $f` - [ $srv = 'functions' ] && continue - [ $srv = 'killall' ] && continue - [ $srv = 'halt' ] && continue - [ $srv = 'single' ] && continue - [ $srv = 'reboot' ] && continue - [ $srv = 'qubes_gui' ] && continue - chkconfig $srv off 2> /dev/null -done - -DISABLE_SERVICES="alsa-store alsa-restore auditd avahi avahi-daemon backuppc cpuspeed crond" -DISABLE_SERVICES="$DISABLE_SERVICES fedora-autorelabel fedora-autorelabel-mark ipmi hwclock-load hwclock-save" -DISABLE_SERVICES="$DISABLE_SERVICES mdmonitor multipathd openct rpcbind mcelog fedora-storage-init fedora-storage-init-late" -DISABLE_SERVICES="$DISABLE_SERVICES plymouth-start plymouth-read-write plymouth-quit plymouth-quit-wait" -DISABLE_SERVICES="$DISABLE_SERVICES sshd tcsd sm-client sendmail mdmonitor-takeover" -for srv in $DISABLE_SERVICES; do - if [ -f /lib/systemd/system/$srv.service ]; then - if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then - /bin/systemctl disable $srv.service 2> /dev/null - else - # forcibly disable - ln -sf /dev/null /etc/systemd/system/$srv.service - fi - fi -done - -rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service - -# Enable some services -/bin/systemctl enable iptables.service 2> /dev/null -/bin/systemctl enable ip6tables.service 2> /dev/null -/bin/systemctl enable rsyslog.service 2> /dev/null -/bin/systemctl enable ntpd.service 2> /dev/null -# Disable original service to enable overriden one -/bin/systemctl disable NetworkManager.service 2> /dev/null -# Disable D-BUS activation of NetworkManager - in AppVm it causes problems (eg PackageKit timeouts) -/bin/systemctl mask dbus-org.freedesktop.NetworkManager.service 2> /dev/null -/bin/systemctl enable NetworkManager.service 2> /dev/null - -# Enable cups only when it is real SystemD service -[ -e /lib/systemd/system/cups.service ] && /bin/systemctl enable cups.service 2> /dev/null - -exit 0 - -%postun systemd - -#Do not run this part on upgrades -if [ "$1" != 0 ] ; then - exit 0 -fi - -for srv in qubes-dvm qubes-meminfo-writer qubes-qrexec-agent qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network; do - /bin/systemctl disable $srv.service -do diff --git a/version_vm b/version_vm deleted file mode 100644 index ea4bd0fb..00000000 --- a/version_vm +++ /dev/null @@ -1 +0,0 @@ -2.1.13 diff --git a/vm-init.d/qubes-firewall b/vm-init.d/qubes-firewall deleted file mode 100755 index 4c76e530..00000000 --- a/vm-init.d/qubes-firewall +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -# -# chkconfig: 345 91 91 -# description: Starts Qubes Firewall monitor -# -# Source function library. -. /etc/rc.d/init.d/functions - -PIDFILE=/var/run/qubes/qubes_firewall.pid - -start() -{ - type=$(/usr/bin/xenstore-read qubes_vm_type) - start_firewall=$(/usr/bin/xenstore-read qubes-service/qubes-firewall 2> /dev/null) - if [ -z "$start_firewall" ] && [ "$type" == "ProxyVM" ] || [ "$start_firewall" == "1" ]; then - echo -n $"Starting Qubes Firewall monitor:" - /sbin/ethtool -K eth0 sg off - /usr/sbin/qubes_firewall & - success - echo "" - fi - return 0 -} - -stop() -{ - if [ -r $PIDFILE ]; then - echo -n "Stopping Qubes Firewall monitor:" - kill -9 $(cat $PIDFILE) 2>/dev/null && success || failure - echo "" - fi - return 0 -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - *) - echo $"Usage: $0 {start|stop}" - exit 3 - ;; -esac - -exit $RETVAL diff --git a/vm-init.d/qubes-netwatcher b/vm-init.d/qubes-netwatcher deleted file mode 100755 index c60f8a25..00000000 --- a/vm-init.d/qubes-netwatcher +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -# -# chkconfig: 345 92 92 -# description: Starts Qubes Network monitor -# -# Source function library. -. /etc/rc.d/init.d/functions - -PIDFILE=/var/run/qubes/qubes_netwatcher.pid - -start() -{ - type=$(/usr/bin/xenstore-read qubes_vm_type) - start_netwatcher=$(/usr/bin/xenstore-read qubes-service/qubes-netwatcher 2>/dev/null) - if [ -z "$start_netwatcher" ] && [ "$type" == "ProxyVM" ] || [ "$start_netwatcher" == "1" ]; then - echo -n $"Starting Qubes Network monitor:" - /sbin/ethtool -K eth0 sg off - /usr/sbin/qubes_netwatcher & - success - echo "" - fi - return 0 -} - -stop() -{ - if [ -r "$PIDFILE" ]; then - echo -n "Stopping Qubes Network monitor:" - kill -9 $(cat $PIDFILE) 2>/dev/null && success || failure - echo "" - fi - return 0 -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - *) - echo $"Usage: $0 {start|stop}" - exit 3 - ;; -esac - -exit $RETVAL diff --git a/vm-init.d/qubes-yum-proxy b/vm-init.d/qubes-yum-proxy deleted file mode 100755 index 52f329ba..00000000 --- a/vm-init.d/qubes-yum-proxy +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/sh -# -# tinyproxy Startup script for the tinyproxy server as Qubes yum proxy -# -# chkconfig: - 85 15 -# description: small, efficient HTTP/SSL proxy daemon -# -# processname: tinyproxy -# config: /etc/tinyproxy/tinyproxy-qubes-yum.conf -# config: /etc/sysconfig/tinyproxy-qubes-yum -# pidfile: /var/run/tinyproxy/tinyproxy-qubes-yum.pid -# -# Note: pidfile is created by tinyproxy in its config -# see PidFile in the configuration file. - -# Source function library. -. /etc/rc.d/init.d/functions - -# Source networking configuration. -. /etc/sysconfig/network - -# Check that networking is up. -[ "$NETWORKING" = "no" ] && exit 0 - -exec="/usr/sbin/tinyproxy" -prog=$(basename $exec) -config="/etc/tinyproxy/tinyproxy-qubes-yum.conf" -pidfile="/var/run/tinyproxy/tinyproxy-qubes-yum.pid" - -[ -e /etc/sysconfig/tinyproxy-qubes-yum ] && . /etc/sysconfig/tinyproxy-qubes-yum - -lockfile=/var/lock/subsys/tinyproxy-qubes-yum - -start() { - type=`/usr/bin/xenstore-read qubes_vm_type` - start_yum_proxy=`/usr/bin/xenstore-read qubes-service/qubes-yum-proxy 2>/dev/null` - if [ -z "$start_yum_proxy" ] && [ "$type" != "NetVM" ] || [ "$start_yum_proxy" != "1" ]; then - # Yum proxy disabled - exit 0 - fi - - [ -x $exec ] || exit 5 - [ -f $config ] || exit 6 - # setup network redirection - /sbin/iptables -I INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT - /sbin/iptables -t nat -A PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT - - echo -n $"Starting $prog (as Qubes yum proxy): " - daemon $exec -c $config - retval=$? - echo - [ $retval -eq 0 ] && touch $lockfile - return $retval -} - -stop() { - echo -n $"Stopping $prog: " - killproc -p $pidfile $prog - retval=$? - echo - /sbin/iptables -t nat -D PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT - /sbin/iptables -D INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT - [ $retval -eq 0 ] && rm -f $lockfile - return $retval -} - -restart() { - stop - start -} - -reload() { - echo -n $"Reloading $prog: " - killproc -p $pidfile $prog -HUP - echo -} - -force_reload() { - restart -} - -rh_status() { - status $prog -} - -rh_status_q() { - rh_status >/dev/null 2>&1 -} - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - reload) - rh_status_q || exit 7 - $1 - ;; - force-reload) - force_reload - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" - exit 2 -esac -exit $? - diff --git a/vm-init.d/qubes_core b/vm-init.d/qubes_core deleted file mode 100755 index d5760fc0..00000000 --- a/vm-init.d/qubes_core +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/sh -# -# chkconfig: 345 90 90 -# description: Executes Qubes core scripts at VM boot -# -# Source function library. -. /etc/rc.d/init.d/functions - -start() -{ - echo -n $"Executing Qubes Core scripts:" - - if ! [ -x /usr/bin/xenstore-read ] ; then - echo "ERROR: /usr/bin/xenstore-read not found!" - exit 1 - fi - - # Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read - chmod 666 /proc/xen/xenbus - # Set permissions to files needed to listen at vchan - chmod 666 /proc/u2mfn - - mkdir -p /var/run/xen-hotplug - - name=$(/usr/bin/xenstore-read name) - if ! [ -f /etc/this_is_dvm ] ; then - # we don't want to set hostname for DispVM - # because it makes some of the pre-created dotfiles invalid (e.g. .kde/cache-) - # (let's be frank: nobody's gonna use xterm on DispVM) - hostname $name - sed -i "s/^\(127\.0\.0\.1 .*\) \($name \)\?\(.*\)/\1\2 $name/" /etc/hosts - fi - - timezone=`/usr/bin/xenstore-read qubes-timezone 2> /dev/null` - if [ -n "$timezone" ]; then - ln -f /usr/share/zoneinfo/$timezone /etc/localtime - echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock - echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock - fi - - yum_proxy_setup=$(/usr/bin/xenstore-read qubes-service/yum-proxy-setup 2> /dev/null) - type=$(/usr/bin/xenstore-read qubes_vm_type) - if [ "$yum_proxy_setup" != "0" ] || [ -z "$yum_proxy_setup" -a "$type" == "TemplateVM" ]; then - echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf - else - echo > /etc/yum.conf.d/qubes-proxy.conf - fi - - # Set IP address again (besides action in udev rules); this is needed by - # DispVM (to override DispVM-template IP) and in case when qubes_ip was - # called by udev before loading evtchn kernel module - in which case - # xenstore-read fails - INTERFACE=eth0 /usr/lib/qubes/setup_ip - - mkdir -p /var/run/qubes - - if [ -e /dev/xvdb ] ; then - mount /rw - - if ! [ -d /rw/home ] ; then - echo - echo "--> Virgin boot of the VM: Linking /home to /rw/home" - - mkdir -p /rw/config - touch /rw/config/rc.local - - mkdir -p /rw/home - cp -a /home.orig/user /rw/home - - mkdir -p /rw/usrlocal - cp -a /usr/local.orig/* /rw/usrlocal - - touch /var/lib/qubes/first_boot_completed - fi - fi - if [ -L /home ]; then - rm /home - mkdir /home - fi - mount /home - - /usr/lib/qubes/qrexec_agent 2>/var/log/qubes/qrexec_agent.log & - - [ -x /rw/config/rc.local ] && /rw/config/rc.local - - success - echo "" - - start_ntpd=$(/usr/bin/xenstore-read qubes-service/ntpd 2> /dev/null) - if [ "$start_ntpd" == "1" ]; then - /sbin/service ntpd start - fi - return 0 -} - -stop() -{ - su -c 'mkdir -p /home_volatile/user/.local/share/applications' user - su -c 'cp -a /usr/share/applications/defaults.list /home_volatile/user/.local/share/applications/' user - if [ -r '/home/user/.local/share/applications/defaults.list' ]; then - su -c 'cat /home/user/.local/share/applications/defaults.list >> /home_volatile/user/.local/share/applications/defaults.list' user - fi - return 0 -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - *) - echo $"Usage: $0 {start|stop}" - exit 3 - ;; -esac - -exit $RETVAL diff --git a/vm-init.d/qubes_core_appvm b/vm-init.d/qubes_core_appvm deleted file mode 100755 index 6e851d17..00000000 --- a/vm-init.d/qubes_core_appvm +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/sh -# -# chkconfig: 345 85 85 -# description: Executes Qubes core scripts at AppVM boot -# -# Source function library. -. /etc/rc.d/init.d/functions - -possibly_run_save_script() -{ - ENCODED_SCRIPT=$(xenstore-read qubes_save_script) - if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi - echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64()' >/tmp/qubes_save_script - chmod 755 /tmp/qubes_save_script - Xorg -config /etc/X11/xorg-preload-apps.conf :0 & - while ! [ -S /tmp/.X11-unix/X0 ]; do sleep 0.5; done - DISPLAY=:0 su - user -c /tmp/qubes_save_script - killall Xorg -} - -start() -{ - if ! [ -x /usr/bin/xenstore-read ] ; then - echo "ERROR: /usr/bin/xenstore-read not found!" - exit 1 - fi - - type=$(/usr/bin/xenstore-read qubes_vm_type) - if [ "$type" != "AppVM" -a "$type" != "DisposableVM" -a "$type" != "TemplateVM" ]; then - # This script runs only on AppVMs - return 0 - fi - - # Start AppVM specific services - start_cups=$(/usr/bin/xenstore-read qubes-service/cups 2> /dev/null) - if [ "$start_cups" != "0" ]; then - /sbin/service cups start - # Allow also notification icon - sed -i -e '/^NotShowIn=.*QUBES/s/;QUBES//' /etc/xdg/autostart/print-applet.desktop - else - # Disable notification icon - sed -i -e '/QUBES/!s/^NotShowIn=.*/\1QUBES;/' /etc/xdg/autostart/print-applet.desktop - fi - - echo -n $"Executing Qubes Core scripts for AppVM:" - - if xenstore-read qubes_save_request 2>/dev/null ; then - if [ -L /home ]; then - rm /home - mkdir /home - fi - mount --bind /home_volatile /home - touch /etc/this_is_dvm - mount /rw - possibly_run_save_script - umount /rw - dmesg -c >/dev/null - free | grep Mem: | - (read a b c d ; xenstore-write device/qubes_used_mem $c) - # we're still running in DispVM template - echo "Waiting for save/restore..." - # ... wait until qubes_restore.c (in Dom0) recreates VM-specific keys - while ! xenstore-read qubes_restore_complete 2>/dev/null ; do - usleep 10 - done - echo Back to life. - fi - - start_meminfo_writer=$(/usr/bin/xenstore-read qubes-service/meminfo-writer 2>/dev/null) - if [ "$start_meminfo_writer" != "0" ]; then - MEM_CHANGE_THRESHOLD_KB=30000 - MEMINFO_DELAY_USEC=100000 - /usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC /var/run/meminfo-writer.pid - fi - - success - echo "" - return 0 -} - -stop() -{ - return 0 -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - *) - echo $"Usage: $0 {start|stop}" - exit 3 - ;; -esac - -exit $RETVAL diff --git a/vm-init.d/qubes_core_netvm b/vm-init.d/qubes_core_netvm deleted file mode 100755 index fa67dc42..00000000 --- a/vm-init.d/qubes_core_netvm +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/sh -# -# chkconfig: 345 90 90 -# description: Executes Qubes core scripts at NetVM boot -# -# Source function library. -. /etc/rc.d/init.d/functions - -start() -{ - if ! [ -x /usr/bin/xenstore-read ] ; then - echo "ERROR: /usr/bin/xenstore-read not found!" - exit 1 - fi - - type=$(/usr/bin/xenstore-read qubes_vm_type) - if [ "$type" == "NetVM" ]; then - /usr/lib/qubes/network-manager-prepare-conf-dir - /sbin/service NetworkManager start - fi - - echo -n $"Executing Qubes Core scripts NetVM:" - - # Setup gateway for all the VMs this netVM is serviceing... - network=$(/usr/bin/xenstore-read qubes_netvm_network 2>/dev/null) - if [ "x$network" != "x" ]; then - gateway=$(/usr/bin/xenstore-read qubes_netvm_gateway) - netmask=$(/usr/bin/xenstore-read qubes_netvm_netmask) - secondary_dns=$(/usr/bin/xenstore-read qubes_netvm_secondary_dns) - modprobe netbk 2> /dev/null || modprobe xen-netback - echo "NS1=$gateway" > /var/run/qubes/qubes_ns - echo "NS2=$secondary_dns" >> /var/run/qubes/qubes_ns - /usr/lib/qubes/qubes_setup_dnat_to_ns - echo "1" > /proc/sys/net/ipv4/ip_forward - fi - - success - echo "" - return 0 -} - -stop() -{ - return 0 -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - *) - echo $"Usage: $0 {start|stop}" - exit 3 - ;; -esac - -exit $RETVAL diff --git a/vm-systemd/NetworkManager-wait-online.service b/vm-systemd/NetworkManager-wait-online.service deleted file mode 100644 index 00f3eb5b..00000000 --- a/vm-systemd/NetworkManager-wait-online.service +++ /dev/null @@ -1,5 +0,0 @@ -.include /lib/systemd/system/NetworkManager-wait-online.service -[Unit] -ConditionPathExists=/var/run/qubes-service/network-manager -# For /rw -After=qubes-misc-post.service diff --git a/vm-systemd/NetworkManager.service b/vm-systemd/NetworkManager.service deleted file mode 100644 index 1349161c..00000000 --- a/vm-systemd/NetworkManager.service +++ /dev/null @@ -1,8 +0,0 @@ -.include /lib/systemd/system/NetworkManager.service -[Unit] -ConditionPathExists=/var/run/qubes-service/network-manager -# For /rw -After=qubes-misc-post.service - -[Service] -ExecStartPre=/usr/lib/qubes/network-manager-prepare-conf-dir diff --git a/vm-systemd/cups.service b/vm-systemd/cups.service deleted file mode 100644 index 73e2796e..00000000 --- a/vm-systemd/cups.service +++ /dev/null @@ -1,3 +0,0 @@ -.include /lib/systemd/system/cups.service -[Unit] -ConditionPathExists=/var/run/qubes-service/cups diff --git a/vm-systemd/misc-post-stop.sh b/vm-systemd/misc-post-stop.sh deleted file mode 100755 index 399a41f9..00000000 --- a/vm-systemd/misc-post-stop.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -# Save default applications for DispVM - -su -c 'mkdir -p /home_volatile/user/.local/share/applications' user -su -c 'cp -a /usr/share/applications/defaults.list /home_volatile/user/.local/share/applications/' user -if [ -r '/home/user/.local/share/applications/defaults.list' ]; then - su -c 'cat /home/user/.local/share/applications/defaults.list >> /home_volatile/user/.local/share/applications/defaults.list' user -fi - -exit 0 diff --git a/vm-systemd/misc-post.sh b/vm-systemd/misc-post.sh deleted file mode 100755 index f1a8f9ee..00000000 --- a/vm-systemd/misc-post.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/sh - -if [ -f /var/run/qubes-service/yum-proxy-setup ]; then - echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf -else - echo > /etc/yum.conf.d/qubes-proxy.conf -fi - -# Set IP address again (besides action in udev rules); this is needed by -# DispVM (to override DispVM-template IP) and in case when qubes_ip was -# called by udev before loading evtchn kernel module - in which case -# xenstore-read fails -INTERFACE=eth0 /usr/lib/qubes/setup_ip - -if [ -e /dev/xvdb -a ! -e /etc/this_is_dvm ] ; then - mount /rw - - if ! [ -d /rw/home ] ; then - echo - echo "--> Virgin boot of the VM: Linking /home to /rw/home" - - mkdir -p /rw/config - touch /rw/config/rc.local - touch /rw/config/rc.local-early - - mkdir -p /rw/home - cp -a /home.orig/user /rw/home - - mkdir -p /rw/usrlocal - cp -a /usr/local.orig/* /rw/usrlocal - - touch /var/lib/qubes/first_boot_completed - fi - # Chown home if user UID have changed - can be the case on template switch - HOME_USER_UID=`ls -dn /rw/home/user | awk '{print $3}'` - if [ "`id -u user`" -ne "$HOME_USER_UID" ]; then - find /rw/home/user -uid "$HOME_USER_UID" -print0 | xargs -0 chown user:user - fi - if [ -L /home ]; then - rm /home - mkdir /home - fi - mount /home -fi - -[ -x /rw/config/rc.local ] && /rw/config/rc.local - -# Start services which haven't own proper systemd unit: - -# Start AppVM specific services -if [ ! -f /etc/systemd/system/cups.service ]; then - if [ -f /var/run/qubes-service/cups ]; then - /sbin/service cups start - # Allow also notification icon - sed -i -e '/^NotShowIn=.*QUBES/s/;QUBES//' /etc/xdg/autostart/print-applet.desktop - else - # Disable notification icon - sed -i -e '/QUBES/!s/^NotShowIn=.*/\1QUBES;/' /etc/xdg/autostart/print-applet.desktop - fi -fi - -exit 0 diff --git a/vm-systemd/network-proxy-setup.sh b/vm-systemd/network-proxy-setup.sh deleted file mode 100755 index 387e6492..00000000 --- a/vm-systemd/network-proxy-setup.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -# Setup gateway for all the VMs this netVM is serviceing... -network=$(/usr/bin/xenstore-read qubes_netvm_network 2>/dev/null) -if [ "x$network" != "x" ]; then - gateway=$(/usr/bin/xenstore-read qubes_netvm_gateway) - netmask=$(/usr/bin/xenstore-read qubes_netvm_netmask) - secondary_dns=$(/usr/bin/xenstore-read qubes_netvm_secondary_dns) - modprobe netbk 2> /dev/null || modprobe xen-netback - echo "NS1=$gateway" > /var/run/qubes/qubes_ns - echo "NS2=$secondary_dns" >> /var/run/qubes/qubes_ns - /usr/lib/qubes/qubes_setup_dnat_to_ns - echo "1" > /proc/sys/net/ipv4/ip_forward - /sbin/ethtool -K eth0 sg off -fi diff --git a/vm-systemd/ntpd.service b/vm-systemd/ntpd.service deleted file mode 100644 index 21e93db3..00000000 --- a/vm-systemd/ntpd.service +++ /dev/null @@ -1,3 +0,0 @@ -.include /lib/systemd/system/ntpd.service -[Unit] -ConditionPathExists=/var/run/qubes-service/ntpd diff --git a/vm-systemd/prepare-dvm.sh b/vm-systemd/prepare-dvm.sh deleted file mode 100755 index ae578296..00000000 --- a/vm-systemd/prepare-dvm.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -possibly_run_save_script() -{ - ENCODED_SCRIPT=$(xenstore-read qubes_save_script) - if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi - echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64()' >/tmp/qubes_save_script - chmod 755 /tmp/qubes_save_script - Xorg -config /etc/X11/xorg-preload-apps.conf :0 & - while ! [ -S /tmp/.X11-unix/X0 ]; do sleep 0.5; done - DISPLAY=:0 su - user -c /tmp/qubes_save_script - killall Xorg -} - -if xenstore-read qubes_save_request 2>/dev/null ; then - if [ -L /home ]; then - rm /home - mkdir /home - fi - mount --bind /home_volatile /home - touch /etc/this_is_dvm - mount /rw - possibly_run_save_script - umount /rw - dmesg -c >/dev/null - free | grep Mem: | - (read a b c d ; xenstore-write device/qubes_used_mem $c) - # we're still running in DispVM template - echo "Waiting for save/restore..." - # ... wait until qubes_restore.c (in Dom0) recreates VM-specific keys - while ! xenstore-read qubes_restore_complete 2>/dev/null ; do - usleep 10 - done - echo Back to life. -fi - diff --git a/vm-systemd/qubes-dvm.service b/vm-systemd/qubes-dvm.service deleted file mode 100644 index 84a6bdd6..00000000 --- a/vm-systemd/qubes-dvm.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Prepare Qubes DispVM Template -ConditionPathExists=/var/run/qubes-service/qubes-dvm -After=systemd-readahead-replay.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/lib/qubes/init/prepare-dvm.sh -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target diff --git a/vm-systemd/qubes-firewall.service b/vm-systemd/qubes-firewall.service deleted file mode 100644 index e668271c..00000000 --- a/vm-systemd/qubes-firewall.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Qubes firewall updater -ConditionPathExists=/var/run/qubes-service/qubes-firewall -After=qubes-network.service - -[Service] -ExecStart=/usr/sbin/qubes_firewall -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target diff --git a/vm-systemd/qubes-meminfo-writer.service b/vm-systemd/qubes-meminfo-writer.service deleted file mode 100644 index fdb504d5..00000000 --- a/vm-systemd/qubes-meminfo-writer.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Qubes memory information reporter -ConditionPathExists=/var/run/qubes-service/meminfo-writer - -[Service] -Type=forking -ExecStart=/usr/lib/qubes/meminfo-writer 30000 100000 /var/run/meminfo-writer.pid -PIDFile=/var/run/meminfo-writer.pid -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target diff --git a/vm-systemd/qubes-misc-post.service b/vm-systemd/qubes-misc-post.service deleted file mode 100644 index 8aec2082..00000000 --- a/vm-systemd/qubes-misc-post.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Qubes misc post-boot actions -After=qubes-dvm.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/lib/qubes/init/misc-post.sh -ExecStop=/usr/lib/qubes/init/misc-post-stop.sh - -[Install] -WantedBy=multi-user.target diff --git a/vm-systemd/qubes-netwatcher.service b/vm-systemd/qubes-netwatcher.service deleted file mode 100644 index d784ba70..00000000 --- a/vm-systemd/qubes-netwatcher.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Qubes network monitor -ConditionPathExists=/var/run/qubes-service/qubes-netwatcher -After=qubes-firewall.service - -[Service] -ExecStart=/usr/sbin/qubes_netwatcher -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target diff --git a/vm-systemd/qubes-network.service b/vm-systemd/qubes-network.service deleted file mode 100644 index b82cfa26..00000000 --- a/vm-systemd/qubes-network.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Qubes network forwarding setup -ConditionPathExists=/var/run/qubes-service/qubes-network -Before=network.target -After=iptables.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/lib/qubes/init/network-proxy-setup.sh -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target -Alias=qubes_firewall.service diff --git a/vm-systemd/qubes-qrexec-agent.service b/vm-systemd/qubes-qrexec-agent.service deleted file mode 100644 index 759e4b45..00000000 --- a/vm-systemd/qubes-qrexec-agent.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Qubes remote exec agent -After=qubes-dvm.service - -[Service] -ExecStart=/usr/lib/qubes/qrexec_agent -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target diff --git a/vm-systemd/qubes-sysinit.service b/vm-systemd/qubes-sysinit.service deleted file mode 100644 index 29bb1e4f..00000000 --- a/vm-systemd/qubes-sysinit.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Init Qubes Services settings -DefaultDependencies=no -Before=sysinit.target -After=local-fs.target - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/lib/qubes/init/qubes-sysinit.sh -StandardOutput=syslog - -[Install] -WantedBy=sysinit.target diff --git a/vm-systemd/qubes-sysinit.sh b/vm-systemd/qubes-sysinit.sh deleted file mode 100755 index 0c2aaeac..00000000 --- a/vm-systemd/qubes-sysinit.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/sh - -# List of services enabled by default (in case of absence of xenstore entry) -DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-yum-proxy" -DEFAULT_ENABLED_PROXYVM="meminfo-writer qubes-network qubes-firewall qubes-netwatcher qubes-update-check" -DEFAULT_ENABLED_APPVM="meminfo-writer cups qubes-update-check" -DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM yum-proxy-setup" -DEFAULT_ENABLED="meminfo-writer" - -XS_READ=/usr/bin/xenstore-read -XS_LS=/usr/bin/xenstore-ls - -read_service() { - $XS_READ qubes-service/$1 2> /dev/null -} - -# Wait for evtchn initialization -while [ ! -e /proc/xen/xenbus ]; do - sleep 0.1 -done - -mkdir -p /var/run/qubes -mkdir -p /var/run/qubes-service -mkdir -p /var/run/xen-hotplug - -# Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read -chmod 666 /proc/xen/xenbus -# Set permissions to files needed to listen at vchan -chmod 666 /proc/u2mfn - -# Set default services depending on VM type -TYPE=`$XS_READ qubes_vm_type 2> /dev/null` -[ "$TYPE" == "AppVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM -[ "$TYPE" == "NetVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_NETVM -[ "$TYPE" == "ProxyVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_PROXYVM -[ "$TYPE" == "TemplateVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_TEMPLATEVM - -# Enable default services -for srv in $DEFAULT_ENABLED; do - touch /var/run/qubes-service/$srv -done - -# Enable services -for srv in `$XS_LS qubes-service 2>/dev/null |grep ' = "1"'|cut -f 1 -d ' '`; do - touch /var/run/qubes-service/$srv -done - -# Disable services -for srv in `$XS_LS qubes-service 2>/dev/null |grep ' = "0"'|cut -f 1 -d ' '`; do - rm -f /var/run/qubes-service/$srv -done - -# Set the hostname -name=`$XS_READ name` -if [ -n "$name" ]; then - hostname $name - sed -i "s/^\(127\.0\.0\.1 .*\) \($name \)\?\(.*\)/\1\2 $name/" /etc/hosts -fi - -timezone=`$XS_READ qubes-timezone 2> /dev/null` -if [ -n "$timezone" ]; then - ln -f /usr/share/zoneinfo/$timezone /etc/localtime - echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock - echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock -fi - -# Prepare environment for other services -echo > /var/run/qubes-service-environment - -debug_mode=`$XS_READ qubes-debug-mode 2> /dev/null` -if [ -n "$debug_mode" -a "$debug_mode" -gt 0 ]; then - echo "GUI_OPTS=-vv" >> /var/run/qubes-service-environment -fi - -[ -x /rw/config/rc.local-early ] && /rw/config/rc.local-early - -exit 0 diff --git a/vm-systemd/qubes-update-check.service b/vm-systemd/qubes-update-check.service deleted file mode 100644 index 6ac37e3d..00000000 --- a/vm-systemd/qubes-update-check.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=Qubes check for VM updates and notify dom0 -ConditionPathExists=/var/run/qubes-service/qubes-update-check - -[Service] -Type=oneshot -ExecStart=/usr/lib/qubes/qrexec_client_vm dom0 qubes.NotifyUpdates /bin/sh -c 'yum -q check-update >/dev/null; [ $? -eq 100 ] && echo 1 || echo 0' diff --git a/vm-systemd/qubes-update-check.timer b/vm-systemd/qubes-update-check.timer deleted file mode 100644 index d63cf45f..00000000 --- a/vm-systemd/qubes-update-check.timer +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Periodically check for updates -ConditionPathExists=/var/run/qubes-service/qubes-update-check - -[Timer] -OnBootSec=5min -OnUnitActiveSec=2d - -[Install] -WantedBy=multi-user.target - diff --git a/vm-systemd/qubes-yum-proxy.service b/vm-systemd/qubes-yum-proxy.service deleted file mode 100644 index b03c34de..00000000 --- a/vm-systemd/qubes-yum-proxy.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Qubes yum proxy (tinyproxy) -ConditionPathExists=/var/run/qubes-service/qubes-yum-proxy -After=iptables.service - -[Service] -ExecStartPre=/usr/bin/install -d --owner tinyproxy --group tinyproxy /var/run/tinyproxy -ExecStartPre=/sbin/iptables -I INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT -ExecStartPre=/sbin/iptables -t nat -A PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT -ExecStart=/usr/sbin/tinyproxy -d -c /etc/tinyproxy/tinyproxy-qubes-yum.conf -ExecStopPost=/sbin/iptables -t nat -D PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT -ExecStopPost=/sbin/iptables -D INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT - -[Install] -WantedBy=multi-user.target