From 83c877189de31d5ba1694c12be078d0d2c277b52 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Thu, 7 Apr 2011 12:39:10 +0200 Subject: [PATCH 1/3] Revert password removal for root and user It will require some additional work with ConsoleKit... --- rpm_spec/core-appvm.spec | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/rpm_spec/core-appvm.spec b/rpm_spec/core-appvm.spec index 9b97616c..1a97cb56 100644 --- a/rpm_spec/core-appvm.spec +++ b/rpm_spec/core-appvm.spec @@ -48,17 +48,12 @@ The Qubes core files for installation inside a Qubes AppVM. %pre -# Remove password for root, so PolicyKit will not ask for it -usermod -p '' root - if [ "$1" != 1 ] ; then -# remove user password if this is upgrade -usermod -p '' user # do this whole %pre thing only when updating for the first time... exit 0 fi -adduser -p '' --create-home user +adduser --create-home user su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts' su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm2.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"' su user -c 'ln -s /usr/bin/qvm-open-in-dvm2 /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"' From 4d3b9b06540e428ecfeb828bb1262dac5129e24e Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Thu, 7 Apr 2011 12:40:19 +0200 Subject: [PATCH 2/3] Disable gpk-update-icon autostart --- rpm_spec/core-commonvm.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rpm_spec/core-commonvm.spec b/rpm_spec/core-commonvm.spec index 97b1c8eb..0da0f39c 100644 --- a/rpm_spec/core-commonvm.spec +++ b/rpm_spec/core-commonvm.spec @@ -80,6 +80,9 @@ cp /var/lib/qubes/serial.conf /etc/init/serial.conf %post +# Disable gpk-update-icon +sed 's/^NotShowIn=KDE;$/\0QUBES;/' -i /etc/xdg/autostart/gpk-update-icon.desktop + if [ "$1" != 1 ] ; then # do this whole %post thing only when updating for the first time... exit 0 From 2f5b6e6582e71630193d0098d4cc60db019e1e9b Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Thu, 7 Apr 2011 12:40:35 +0200 Subject: [PATCH 3/3] Run nm-applet as normal user Configuration for D-Bus policy and PolicyKit to allow this. --- netvm/dbus-nm-applet.conf | 42 +++++++++++++++++++++++++++++++++++++++ rpm_spec/core-netvm.spec | 9 +++++++++ 2 files changed, 51 insertions(+) create mode 100644 netvm/dbus-nm-applet.conf diff --git a/netvm/dbus-nm-applet.conf b/netvm/dbus-nm-applet.conf new file mode 100644 index 00000000..0d0f0822 --- /dev/null +++ b/netvm/dbus-nm-applet.conf @@ -0,0 +1,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + 512 + + diff --git a/rpm_spec/core-netvm.spec b/rpm_spec/core-netvm.spec index a4c966b9..07200b44 100644 --- a/rpm_spec/core-netvm.spec +++ b/rpm_spec/core-netvm.spec @@ -66,6 +66,9 @@ mkdir -p $RPM_BUILD_ROOT/var/run/qubes mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts +mkdir -p $RPM_BUILD_ROOT/etc/dbus-1/system.d +cp ../netvm/dbus-nm-applet.conf $RPM_BUILD_ROOT/etc/dbus-1/system.d/qubes-nm-applet.conf + %post # Create NetworkManager configuration if we do not have it @@ -88,6 +91,11 @@ if [ "$1" = 0 ] ; then chkconfig qubes_core_netvm off fi +%triggerin -- NetworkManager +# Fix PolicyKit settings to allow run as normal user not visible to ConsoleKit +sed 's#$#\0yes#' -i /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy + + %clean rm -rf $RPM_BUILD_ROOT @@ -100,3 +108,4 @@ rm -rf $RPM_BUILD_ROOT /etc/NetworkManager/dispatcher.d/qubes_nmhook /etc/NetworkManager/dispatcher.d/30-qubes_external_ip /etc/xen/scripts/vif-route-qubes +/etc/dbus-1/system.d/qubes-nm-applet.conf