Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core

Browse Source
This commit is contained in:
Joanna Rutkowska 2011-03-14 13:15:48 +01:00
commit b8d98403ff
34 changed files with 1706 additions and 758 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,2 +1,5 @@
rpm/ rpm/
*.pyc *.pyc
*.pyo
*~
*.o

6
Makefile
View File

@ -5,20 +5,26 @@ help:
@echo "make update-repo-testing -- same, but to -testing repo" @echo "make update-repo-testing -- same, but to -testing repo"
rpms: rpms:
rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-commonvm.spec
rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-appvm.spec rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-appvm.spec
rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-netvm.spec rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-netvm.spec
rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-proxyvm.spec
rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec
rpm --addsign $(RPMS_DIR)/x86_64/*.rpm rpm --addsign $(RPMS_DIR)/x86_64/*.rpm
update-repo: update-repo:
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*.rpm ../yum/r1/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*.rpm ../yum/r1/dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-appvm-*.rpm ../yum/r1/appvm/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-appvm-*.rpm ../yum/r1/appvm/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-commonvm-*.rpm ../yum/r1/netvm/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-netvm-*.rpm ../yum/r1/netvm/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-netvm-*.rpm ../yum/r1/netvm/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-proxyvm-*.rpm ../yum/r1/netvm/rpm/
update-repo-testing: update-repo-testing:
ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*.rpm ../yum/r1-testing/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*.rpm ../yum/r1-testing/dom0/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-appvm-*.rpm ../yum/r1-testing/appvm/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-appvm-*.rpm ../yum/r1-testing/appvm/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-commonvm-*.rpm ../yum/r1-testing/netvm/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-netvm-*.rpm ../yum/r1-testing/netvm/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-netvm-*.rpm ../yum/r1-testing/netvm/rpm/
ln -f $(RPMS_DIR)/x86_64/qubes-core-proxyvm-*.rpm ../yum/r1-testing/netvm/rpm/

4
appvm/.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
qubes_add_pendrive_script
qubes_penctl
qvm-open-in-dvm
xenstore-watch

7
appvm/Makefile
View File

@ -1,11 +1,14 @@
CC=gcc CC=gcc
CFLAGS=-Wall CFLAGS=-Wall
all: qubes_penctl qubes_add_pendrive_script qvm-open-in-dvm all: qubes_penctl qubes_add_pendrive_script qvm-open-in-dvm xenstore-watch
qubes_penctl: qubes_penctl.o qubes_penctl: qubes_penctl.o
$(CC) -o qubes_penctl qubes_penctl.o -lxenstore $(CC) -o qubes_penctl qubes_penctl.o -lxenstore
qubes_add_pendrive_script: qubes_add_pendrive_script.o qubes_add_pendrive_script: qubes_add_pendrive_script.o
$(CC) -o qubes_add_pendrive_script qubes_add_pendrive_script.o -lxenstore $(CC) -o qubes_add_pendrive_script qubes_add_pendrive_script.o -lxenstore
qvm-open-in-dvm: qvm-open-in-dvm.o qvm-open-in-dvm: qvm-open-in-dvm.o
$(CC) -o qvm-open-in-dvm qvm-open-in-dvm.o -lxenstore $(CC) -o qvm-open-in-dvm qvm-open-in-dvm.o -lxenstore
xenstore-watch: xenstore-watch.o
$(CC) -o xenstore-watch xenstore-watch.o -lxenstore
clean: clean:
rm -f qubes_penctl qubes_add_pendrive_script qvm-open-in-dvm *.o *~ rm -f qubes_penctl qubes_add_pendrive_script qvm-open-in-dvm xenstore-watch *.o *~

82
appvm/qubes_core_appvm Executable file
View File

@ -0,0 +1,82 @@
#!/bin/sh
#
# chkconfig: 345 85 85
# description: Executes Qubes core scripts at AppVM boot
#
# Source function library.
. /etc/rc.d/init.d/functions
possibly_run_save_script()
{
ENCODED_SCRIPT=$(xenstore-read qubes_save_script)
if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi
echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64(<STDIN>)' >/tmp/qubes_save_script
chmod 755 /tmp/qubes_save_script
Xorg -config /etc/X11/xorg-preload-apps.conf :0 &
sleep 2
DISPLAY=:0 su - user -c /tmp/qubes_save_script
killall Xorg
}
start()
{
if ! [ -x /usr/bin/xenstore-read ] ; then
echo "ERROR: /usr/bin/xenstore-read not found!"
exit 1
fi
type=$(/usr/bin/xenstore-read qubes_vm_type)
if [ "$type" != "AppVM" -a "$type" != "DisposableVM" ]; then
# This script runs only on AppVMs
return 0
fi
# Start AppVM specific services
/sbin/service cups start
echo -n $"Executing Qubes Core scripts for AppVM:"
if xenstore-read qubes_save_request 2>/dev/null ; then
ln -sf /home_volatile /home
possibly_run_save_script
touch /etc/this_is_dvm
dmesg -c >/dev/null
free | grep Mem: |
(read a b c d ; xenstore-write device/qubes_used_mem $c)
# we're still running in DispVM template
echo "Waiting for save/restore..."
# ... wait until qubes_restore.c (in Dom0) recreates VM-specific keys
while ! xenstore-read qubes_restore_complete 2>/dev/null ; do
usleep 10
done
echo Back to life.
fi
MEM_CHANGE_THRESHOLD_KB=30000
MEMINFO_DELAY_USEC=100000
/usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC &
success
echo ""
return 0
}
stop()
{
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
*)
echo $"Usage: $0 {start|stop}"
exit 3
;;
esac
exit $RETVAL

28
appvm/xenstore-watch.c Normal file
View File

@ -0,0 +1,28 @@
#include <sys/types.h>
#include <xs.h>
#include <stdio.h>
#include <stdlib.h>
main(int argc, char **argv)
{
struct xs_handle *xs;
unsigned int count;
char **vec;
char dummy;
if (argc != 2) {
fprintf(stderr, "usage: %s xenstore_path\n", argv[0]);
exit(1);
}
xs = xs_domain_open();
if (!xs) {
perror("xs_domain_open");
exit(1);
}
if (!xs_watch(xs, argv[1], &dummy)) {
perror("xs_watch");
exit(1);
}
vec = xs_read_watch(xs, &count);
free(vec);
vec = xs_read_watch(xs, &count);
free(vec);
}

1
common/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
meminfo-writer

200
common/block-snapshot Executable file
View File

@ -0,0 +1,200 @@
#!/bin/bash
# Usage: block-snapshot add|remove img-file cow-file
#
# This creates dm-snapshot device on given arguments
dir=$(dirname "$0")
. "$dir/block-common.sh"
get_dev() {
dev=$1
if [ -L "$dev" ]; then
dev=$(readlink -f "$dev") || fatal "$dev link does not exist."
fi
if [ -f "$dev" ]; then
file=$dev
inode=$(stat -c '%i' "$file")
devnum=$(stat -c '%D' "$file")
if [ -z "$inode" ] || [ -z "$devnum" ]
then
release_lock "block"
fatal "Unable to lookup $file: dev: $devnum inode: $inode"
fi
dev_list=$(losetup -a | grep ' \[0*'${devnum}'\]:'${inode} | cut -d : -f 1)
for loopdev in $dev_list; do
# found existing loop to this file
echo $loopdev
return
done
# assign new loop device
loopdev=$(losetup -f 2>/dev/null || find_free_loopback_dev)
if [ "$loopdev" = '' ]
then
release_lock "block"
fatal 'Failed to find an unused loop device'
fi
do_or_die losetup "$loopdev" "$file"
echo $loopdev
else
test -e "$dev" || fatal "$dev does not exist."
test -b "$dev" || fatal "$dev is not a block device nor file."
fi
}
get_dm_snapshot_name() {
base=$1
cow=$2
echo snapshot-$(stat -c '%D:%i' "$base")-$(stat -c '%D:%i' "$cow")
}
create_dm_snapshot() {
local base_dev cow_dev base_sz
dm_devname=$1
base=$2
cow=$3
if [ ! -e /dev/mapper/$dm_devname ]; then
# prepare new snapshot device
base_dev=$(get_dev $base)
cow_dev=$(get_dev $cow)
base_sz=$(blockdev --getsz $base_dev)
do_or_die dmsetup create $dm_devname --table "0 $base_sz snapshot $base_dev $cow_dev P 256"
fi
}
create_dm_snapshot_origin() {
local base_dev base_sz
dm_devname=$1
base=$2
if [ ! -e /dev/mapper/$dm_devname ]; then
# prepare new snapshot-origin device
base_dev=$(get_dev $base)
base_sz=$(blockdev --getsz $base_dev)
do_or_die dmsetup create $dm_devname --table "0 $base_sz snapshot-origin $base_dev"
fi
}
t=$(xenstore_read_default "$XENBUS_PATH/type" 'MISSING')
case "$command" in
add)
case $t in
snapshot|origin)
p=$(xenstore_read "$XENBUS_PATH/params")
base=${p/:*/}
cow=${p/*:/}
if [ -L "$base" ]; then
base=$(readlink -f "$base") || fatal "$base link does not exist."
fi
if [ -L "$cow" ]; then
cow=$(readlink -f "$cow") || fatal "$cow link does not exist."
fi
# first ensure that snapshot device exists (to write somewhere changes from snapshot-origin)
dm_devname=$(get_dm_snapshot_name "$base" "$cow")
claim_lock "block"
# prepare snapshot device
create_dm_snapshot $dm_devname "$base" "$cow"
if [ "$t" == "snapshot" ]; then
#that's all for snapshot, store name of prepared device
xenstore_write "$XENBUS_PATH/node" "/dev/mapper/$dm_devname"
write_dev /dev/mapper/$dm_devname
elif [ "$t" == "origin" ]; then
# for origin - prepare snapshot-origin device and store its name
dm_devname=origin-$(stat -c '%D:%i' "$base")
create_dm_snapshot_origin $dm_devname "$base"
xenstore_write "$XENBUS_PATH/node" "/dev/mapper/$dm_devname"
write_dev /dev/mapper/$dm_devname
fi
release_lock "block"
exit 0
;;
esac
;;
remove)
case $t in
snapshot|origin)
node=$(xenstore_read "$XENBUS_PATH/node")
if [ -z "$node" ]; then
fatal "No device node to remove"
fi
if [ ! -e "$node" ]; then
fatal "Device $node does not exists"
fi
claim_lock "block"
use_count=$(dmsetup info $node|grep Open|awk '{print $3}')
# do not remove snapshot if snapshot origin is still present
if [ "${node/snapshot/}" != "$node" -a -e "/dev/mapper/origin-$(echo $node|cut -d- -f2)" ]; then
use_count=1
fi
if [ "$use_count" -gt 0 ]; then
log info "Device $node still in use - not removing"
release_lock "block"
exit 0
fi
# get list of used (loop) devices
deps="$(dmsetup deps $node | cut -d: -f2 | sed -e 's#(7, \([0-9]\+\))#/dev/loop\1#g')"
# if this is origin
if [ "${node/origin/}" != "$node" ]; then
# remove unused snapshots
for snap in /dev/mapper/snapshot-$(echo $node|cut -d- -f2)-*; do
use_count=$(dmsetup info $snap|grep Open|awk '{print $3}')
if [ "$use_count" -eq 0 ]; then
# unused snapshot - remove it
deps="$deps $(dmsetup deps $snap | cut -d: -f2 | sed -e 's#(7, \([0-9]\+\))#/dev/loop\1#g')"
log debug "Removing $snap"
dmsetup remove $snap
fi
done
fi
if [ -e $node ]; then
log debug "Removing $node"
dmsetup remove $node
fi
# try to free loop devices
for dev in $deps; do
if [ -b "$dev" ]; then
log debug "Removing $dev"
losetup -d $dev || true 2> /dev/null
fi
done
release_lock "block"
exit 0
;;
esac
;;
esac
# vim:sw=2:et:

0
appvm/fstab → common/fstab
View File

31
appvm/qubes_core → common/qubes_core
View File

@ -6,18 +6,6 @@
# Source function library. # Source function library.
. /etc/rc.d/init.d/functions . /etc/rc.d/init.d/functions
possibly_run_save_script()
{
ENCODED_SCRIPT=$(xenstore-read qubes_save_script)
if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi
echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64(<STDIN>)' >/tmp/qubes_save_script
chmod 755 /tmp/qubes_save_script
Xorg -config /etc/X11/xorg-preload-apps.conf :0 &
sleep 2
DISPLAY=:0 su - user -c /tmp/qubes_save_script
killall Xorg
}
start() start()
{ {
echo -n $"Executing Qubes Core scripts:" echo -n $"Executing Qubes Core scripts:"
@ -26,21 +14,6 @@ start()
echo "ERROR: /usr/bin/xenstore-read not found!" echo "ERROR: /usr/bin/xenstore-read not found!"
exit 1 exit 1
fi fi
if xenstore-read qubes_save_request 2>/dev/null ; then
ln -sf /home_volatile /home
possibly_run_save_script
touch /etc/this_is_dvm
dmesg -c >/dev/null
free | grep Mem: |
(read a b c d ; xenstore-write device/qubes_used_mem $c)
# we're still running in DispVM template
echo "Waiting for save/restore..."
# ... wait until qubes_restore.c (in Dom0) recreates VM-specific keys
while ! xenstore-read qubes_restore_complete 2>/dev/null ; do
usleep 10
done
echo Back to life.
fi
name=$(/usr/bin/xenstore-read name) name=$(/usr/bin/xenstore-read name)
if ! [ -f /etc/this_is_dvm ] ; then if ! [ -f /etc/this_is_dvm ] ; then
@ -81,10 +54,6 @@ start()
fi fi
fi fi
MEM_CHANGE_THRESHOLD_KB=30000
MEMINFO_DELAY_USEC=100000
/usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC &
[ -x /rw/config/rc.local ] && /rw/config/rc.local [ -x /rw/config/rc.local ] && /rw/config/rc.local
success success
echo "" echo ""

2
dom0/aux-tools/reset_vm_configs.py
View File

@ -14,7 +14,7 @@ def main():
if tvm is None: if tvm is None:
print 'Template', templ, 'does not exist' print 'Template', templ, 'does not exist'
sys.exit(1) sys.exit(1)
if not tvm.is_templete(): if not tvm.is_template():
print templ, 'is not a template' print templ, 'is not a template'
sys.exit(1) sys.exit(1)
for vm in qvm_collection.values(): for vm in qvm_collection.values():

911
dom0/qvm-core/qubes.py
View File

File diff suppressed because it is too large Load Diff

119
dom0/qvm-tools/qvm-add-netvm
View File

@ -1,119 +0,0 @@
#!/usr/bin/python2.6
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2010 Joanna Rutkowska <joanna@invisiblethingslab.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
#
from optparse import OptionParser
import subprocess
import shutil
import re
from qubes.qubes import QubesVmCollection
from qubes.qubes import QubesException
def find_net_devices():
p = subprocess.Popen (["lspci", "-mm", "-n"], stdout=subprocess.PIPE)
result = p.communicate()
retcode = p.returncode
if (retcode != 0):
print "ERROR when executing lspci!"
raise IOError
net_devices = set()
rx_netdev = re.compile (r"^([0-9][0-9]:[0-9][0-9].[0-9]) \"02")
for dev in str(result[0]).splitlines():
match = rx_netdev.match (dev)
if match is not None:
dev_bdf = match.group(1)
assert dev_bdf is not None
net_devices.add (dev_bdf)
return net_devices
def main():
usage = "usage: %prog [options] <netvm-name>"
parser = OptionParser (usage)
parser.add_option ("-p", "--path", dest="dir_path",
help="Specify path to the template directory")
parser.add_option ("-c", "--conf", dest="conf_file",
help="Specify the Xen VM .conf file to use\
(relative to the template dir path)")
(options, args) = parser.parse_args ()
if (len (args) != 1):
parser.error ("You must specify a NetVM name!")
netvmname = args[0]
qvm_collection = QubesVmCollection()
qvm_collection.lock_db_for_writing()
qvm_collection.load()
if qvm_collection.get_vm_by_name(netvmname) is not None:
print "ERROR: A VM with the name '{0}' already exists in the system.".format(netvmname)
exit(1)
vm = qvm_collection.add_new_netvm(netvmname,
conf_file=options.conf_file,
dir_path=options.dir_path)
try:
vm.verify_files()
except QubesException as err:
print "ERROR: {0}".format(err)
qvm_collection.pop(vm.qid)
exit (1)
net_devices = find_net_devices()
print "Found the following net devices in your system:"
dev_str = ''
for dev in net_devices:
print "--> {0}".format(dev)
dev_str += '"{0}", '.format(dev)
print "Assigning them to the netvm '{0}'".format(netvmname)
rx_pcidevs = re.compile (r"%NETVMPCIDEVS%")
conf_template = open (vm.conf_file, "r")
conf_vm = open(vm.conf_file + ".processed", "w")
for line in conf_template:
line = rx_pcidevs.sub(dev_str, line)
conf_vm.write(line)
conf_template.close()
conf_vm.close()
shutil.move (vm.conf_file + ".processed", vm.conf_file)
try:
pass
vm.add_to_xen_storage()
except (IOError, OSError) as err:
print "ERROR: {0}".format(err)
qvm_collection.pop(vm.qid)
exit (1)
qvm_collection.save()
qvm_collection.unlock_db()
main()

2
dom0/qvm-tools/qvm-backup
View File

@ -144,7 +144,7 @@ def main():
print s print s
template_vms_worth_backingup = [ vm for vm in vms_list if (vm.is_templete() and not vm.installed_by_rpm)] template_vms_worth_backingup = [ vm for vm in vms_list if (vm.is_template() and not vm.installed_by_rpm)]
if len (template_vms_worth_backingup): if len (template_vms_worth_backingup):
for vm in template_vms_worth_backingup: for vm in template_vms_worth_backingup:
vm_sz = vm.get_disk_utilization() vm_sz = vm.get_disk_utilization()

16
dom0/qvm-tools/qvm-backup-restore
View File

@ -47,18 +47,18 @@ fields = {
"name": {"func": "('=>' if backup_collection.get_default_template_vm() is not None\ "name": {"func": "('=>' if backup_collection.get_default_template_vm() is not None\
and vm.qid == backup_collection.get_default_template_vm().qid else '')\ and vm.qid == backup_collection.get_default_template_vm().qid else '')\
+ ('[' if vm.is_templete() else '')\ + ('[' if vm.is_template() else '')\
+ ('{' if vm.is_netvm() else '')\ + ('{' if vm.is_netvm() else '')\
+ vm.name \ + vm.name \
+ (']' if vm.is_templete() else '')\ + (']' if vm.is_template() else '')\
+ ('}' if vm.is_netvm() else '')"}, + ('}' if vm.is_netvm() else '')"},
"type": {"func": "'Tpl' if vm.is_templete() else \ "type": {"func": "'Tpl' if vm.is_template() else \
(' Net' if vm.is_netvm() else 'App')"}, (' Net' if vm.is_netvm() else 'App')"},
"updbl" : {"func": "'Yes' if vm.is_updateable() else ''"}, "updbl" : {"func": "'Yes' if vm.is_updateable() else ''"},
"template": {"func": "'n/a' if vm.is_templete() or vm.is_netvm() else\ "template": {"func": "'n/a' if vm.is_template() or vm.is_netvm() else\
backup_collection[vm.template_vm.qid].name"}, backup_collection[vm.template_vm.qid].name"},
"netvm": {"func": "'n/a' if vm.is_netvm() else\ "netvm": {"func": "'n/a' if vm.is_netvm() else\
@ -196,11 +196,11 @@ def main():
template_vm_on_host = host_collection.get_vm_by_name (templatevm_name) template_vm_on_host = host_collection.get_vm_by_name (templatevm_name)
# No template on the host? # No template on the host?
if not ((template_vm_on_host is not None) and template_vm_on_host.is_templete): if not ((template_vm_on_host is not None) and template_vm_on_host.is_template):
# Maybe the (custom) template is in the backup? # Maybe the (custom) template is in the backup?
template_vm_on_backup = backup_collection.get_vm_by_name (templatevm_name) template_vm_on_backup = backup_collection.get_vm_by_name (templatevm_name)
if not ((template_vm_on_backup is not None) and template_vm_on_backup.is_templete): if not ((template_vm_on_backup is not None) and template_vm_on_backup.is_template):
s += " <-- No matching template on the host or in the backup found!" s += " <-- No matching template on the host or in the backup found!"
there_are_missing_templates = True there_are_missing_templates = True
good_to_go = False if not (options.ignore_missing) else True good_to_go = False if not (options.ignore_missing) else True
@ -287,13 +287,13 @@ def main():
if vm.is_updateable(): if vm.is_updateable():
restore_vm_file (backup_dir, vm.rootcow_img) restore_vm_file (backup_dir, vm.rootcow_img)
elif vm.is_templete(): elif vm.is_template():
restore_vm_dir (backup_dir, vm.dir_path, qubes_templates_dir); restore_vm_dir (backup_dir, vm.dir_path, qubes_templates_dir);
else: else:
print "ERROR: VM '{0}', type='{1}': unsupported VM type!".format(vm.name, vm.type) print "ERROR: VM '{0}', type='{1}': unsupported VM type!".format(vm.name, vm.type)
# Add templates... # Add templates...
for vm in [ vm for vm in vms_to_restore if vm.is_templete()]: for vm in [ vm for vm in vms_to_restore if vm.is_template()]:
print "-> Adding Template VM {0}...".format(vm.name) print "-> Adding Template VM {0}...".format(vm.name)
updateable = vm.updateable updateable = vm.updateable
vm = host_collection.add_new_templatevm(vm.name, vm = host_collection.add_new_templatevm(vm.name,

49
dom0/qvm-tools/qvm-create
View File

@ -24,6 +24,26 @@ from qubes.qubes import QubesVmCollection
from qubes.qubes import QubesVmLabels from qubes.qubes import QubesVmLabels
from optparse import OptionParser; from optparse import OptionParser;
import subprocess import subprocess
import re
def find_net_devices():
p = subprocess.Popen (["lspci", "-mm", "-n"], stdout=subprocess.PIPE)
result = p.communicate()
retcode = p.returncode
if (retcode != 0):
print "ERROR when executing lspci!"
raise IOError
net_devices = set()
rx_netdev = re.compile (r"^([0-9][0-9]:[0-9][0-9].[0-9]) \"02")
for dev in str(result[0]).splitlines():
match = rx_netdev.match (dev)
if match is not None:
dev_bdf = match.group(1)
assert dev_bdf is not None
net_devices.add (dev_bdf)
return net_devices
def main(): def main():
@ -33,6 +53,10 @@ def main():
help="Specify the TemplateVM to use") help="Specify the TemplateVM to use")
parser.add_option ("-l", "--label", dest="label", parser.add_option ("-l", "--label", dest="label",
help="Specify the label to use for the new VM (e.g. red, yellow, green, ...)") help="Specify the label to use for the new VM (e.g. red, yellow, green, ...)")
parser.add_option ("-p", "--proxy", action="store_true", dest="proxyvm", default=False,
help="Create ProxyVM")
parser.add_option ("-n", "--net", action="store_true", dest="netvm", default=False,
help="Create NetVM")
parser.add_option ("-q", "--quiet", action="store_false", dest="verbose", default=True) parser.add_option ("-q", "--quiet", action="store_false", dest="verbose", default=True)
(options, args) = parser.parse_args () (options, args) = parser.parse_args ()
@ -40,6 +64,11 @@ def main():
parser.error ("You must specify VM name!") parser.error ("You must specify VM name!")
vmname = args[0] vmname = args[0]
if options.netvm and options.proxyvm:
parser.error ("You must specify at most one of --proxy and --net")
label = None
if not options.proxyvm and not options.netvm:
if options.label is None: if options.label is None:
print "You must choose a label for the new VM by passing the --label option." print "You must choose a label for the new VM by passing the --label option."
print "Possible values are:" print "Possible values are:"
@ -54,7 +83,6 @@ def main():
exit (1) exit (1)
label = QubesVmLabels[options.label] label = QubesVmLabels[options.label]
qvm_collection = QubesVmCollection() qvm_collection = QubesVmCollection()
qvm_collection.lock_db_for_writing() qvm_collection.lock_db_for_writing()
qvm_collection.load() qvm_collection.load()
@ -68,7 +96,7 @@ def main():
if template_vm is None: if template_vm is None:
print "There is no (Templete)VM with the name '{0}'".format(options.template) print "There is no (Templete)VM with the name '{0}'".format(options.template)
exit (1) exit (1)
if not template_vm.is_templete(): if not template_vm.is_template():
print "VM '{0}' is not a TemplateVM".format(options.template) print "VM '{0}' is not a TemplateVM".format(options.template)
exit (1) exit (1)
if (options.verbose): if (options.verbose):
@ -83,6 +111,23 @@ def main():
if (options.verbose): if (options.verbose):
print "--> Using default TemplateVM: {0}".format(template_vm.name) print "--> Using default TemplateVM: {0}".format(template_vm.name)
vm = None
if options.netvm:
vm = qvm_collection.add_new_netvm(vmname, template_vm)
net_devices = find_net_devices()
print "Found the following net devices in your system:"
dev_str = ''
for dev in net_devices:
print "--> {0}".format(dev)
dev_str += '"{0}", '.format(dev)
print "Assigning them to the netvm '{0}'".format(vmname)
vm.pcidevs = dev_str
elif options.proxyvm:
vm = qvm_collection.add_new_proxyvm(vmname, template_vm)
else:
vm = qvm_collection.add_new_appvm(vmname, template_vm, label = label) vm = qvm_collection.add_new_appvm(vmname, template_vm, label = label)
try: try:
vm.create_on_disk(verbose=options.verbose) vm.create_on_disk(verbose=options.verbose)

18
dom0/qvm-tools/qvm-ls
View File

@ -30,23 +30,25 @@ fields = {
"name": {"func": "('=>' if qvm_collection.get_default_template_vm() is not None\ "name": {"func": "('=>' if qvm_collection.get_default_template_vm() is not None\
and vm.qid == qvm_collection.get_default_template_vm().qid else '')\ and vm.qid == qvm_collection.get_default_template_vm().qid else '')\
+ ('[' if vm.is_templete() else '')\ + ('[' if vm.is_template() else '')\
+ ('<' if vm.is_disposablevm() else '')\ + ('<' if vm.is_disposablevm() else '')\
+ ('{' if vm.is_netvm() else '')\ + ('{' if vm.is_netvm() else '')\
+ vm.name \ + vm.name \
+ (']' if vm.is_templete() else '')\ + (']' if vm.is_template() else '')\
+ ('>' if vm.is_disposablevm() else '')\ + ('>' if vm.is_disposablevm() else '')\
+ ('}' if vm.is_netvm() else '')"}, + ('}' if vm.is_netvm() else '')"},
"type": {"func": "'Tpl' if vm.is_templete() else \ "type": {"func": "'Tpl' if vm.is_template() else \
(' Net' if vm.is_netvm() else '')"}, ('Proxy' if vm.is_proxyvm() else \
(' Net' if vm.is_netvm() else ''))"},
"updbl" : {"func": "'Yes' if vm.is_updateable() else ''"}, "updbl" : {"func": "'Yes' if vm.is_updateable() else ''"},
"template": {"func": "'n/a' if vm.is_templete() or vm.is_netvm() else\ "template": {"func": "'n/a' if vm.is_template() else\
qvm_collection[vm.template_vm.qid].name"}, ('None' if vm.template_vm is None else\
qvm_collection[vm.template_vm.qid].name)"},
"netvm": {"func": "'n/a' if vm.is_netvm() else\ "netvm": {"func": "'n/a' if vm.is_netvm() and not vm.is_proxyvm() else\
('*' if vm.uses_default_netvm else '') +\ ('*' if vm.uses_default_netvm else '') +\
qvm_collection[vm.netvm_vm.qid].name\ qvm_collection[vm.netvm_vm.qid].name\
if vm.netvm_vm is not None else '-'"}, if vm.netvm_vm is not None else '-'"},
@ -141,7 +143,7 @@ def main():
# Now, the template, and all its AppVMs... # Now, the template, and all its AppVMs...
for tvm in vms_list: for tvm in vms_list:
if tvm.is_templete(): if tvm.is_template():
vms_to_display.append (tvm) vms_to_display.append (tvm)
for vm in vms_list: for vm in vms_list:
if (vm.is_appvm() or vm.is_disposablevm()) and vm.template_vm.qid == tvm.qid: if (vm.is_appvm() or vm.is_disposablevm()) and vm.template_vm.qid == tvm.qid:

4
dom0/qvm-tools/qvm-prefs
View File

@ -42,6 +42,8 @@ def do_list(vm):
print fmt.format ("config", vm.conf_file) print fmt.format ("config", vm.conf_file)
if not vm.is_appvm(): if not vm.is_appvm():
print fmt.format ("root img", vm.root_img) print fmt.format ("root img", vm.root_img)
if vm.is_template():
print fmt.format ("root COW img", vm.rootcow_img)
if vm.is_appvm(): if vm.is_appvm():
print fmt.format ("root img", vm.template_vm.root_img) print fmt.format ("root img", vm.template_vm.root_img)
print fmt.format ("root COW img", vm.rootcow_img) print fmt.format ("root COW img", vm.rootcow_img)
@ -113,7 +115,7 @@ def set_updateable(vms, vm, args):
print "If you want to make this AppVM updateable, you must first make the Template VM nonupdateable." print "If you want to make this AppVM updateable, you must first make the Template VM nonupdateable."
return False return False
if vm.is_templete(): if vm.is_template():
# Make sure that all the AppVMs are non-updateable... # Make sure that all the AppVMs are non-updateable...
for appvm in vm.appvms.values(): for appvm in vm.appvms.values():
if appvm.is_updateable(): if appvm.is_updateable():

2
dom0/qvm-tools/qvm-remove
View File

@ -42,7 +42,7 @@ def main():
print "A VM with the name '{0}' does not exist in the system.".format(vmname) print "A VM with the name '{0}' does not exist in the system.".format(vmname)
exit(1) exit(1)
if vm.is_templete(): if vm.is_template():
dependent_vms = qvm_collection.get_vms_based_on(vm.qid) dependent_vms = qvm_collection.get_vms_based_on(vm.qid)
if len(dependent_vms) > 0: if len(dependent_vms) > 0:
print "The following AppVMs use '{0}' as a template:".format(vmname) print "The following AppVMs use '{0}' as a template:".format(vmname)

2
dom0/qvm-tools/qvm-set-default-template
View File

@ -39,7 +39,7 @@ def main():
print "A VM with the name '{0}' does not exist in the system.".format(vmname) print "A VM with the name '{0}' does not exist in the system.".format(vmname)
exit(1) exit(1)
if not vm.is_templete(): if not vm.is_template():
print "VM '{0}' is not a TemplateVM".format(vmname) print "VM '{0}' is not a TemplateVM".format(vmname)
exit (1) exit (1)

67
dom0/qvm-tools/qvm-template-commit Executable file
View File

@ -0,0 +1,67 @@
#!/usr/bin/python2.6
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2011 Marek Marczykowski <marmarek@mimuw.edu.pl>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
#
from qubes.qubes import QubesVmCollection
from qubes.qubes import QubesException
from optparse import OptionParser
import subprocess
qubes_guid_path = "/usr/bin/qubes_guid"
def main():
usage = "usage: %prog [options] <vm-name>"
parser = OptionParser (usage)
(options, args) = parser.parse_args ()
if (len (args) != 1):
parser.error ("You must specify VM name!")
vmname = args[0]
qvm_collection = QubesVmCollection()
qvm_collection.lock_db_for_reading()
qvm_collection.load()
qvm_collection.unlock_db()
vm = qvm_collection.get_vm_by_name(vmname)
if vm is None:
print "A VM with the name '{0}' does not exist in the system.".format(vmname)
exit(1)
if not vm.is_template():
print "A VM '{0}' is not template.".format(vmname)
exit(1)
if vm.is_running():
print "You must stop VM first."
exit(1)
try:
vm.verify_files()
vm.commit_changes()
except (IOError, OSError, QubesException) as err:
print "ERROR: {0}".format(err)
exit (1)
exit (0)
main()

3
dom0/restore/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
qubes_restore
xenfreepages
xenstore-watch

8
netvm/30-qubes_external_ip Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
if [ x$2 == xup ]; then
INET=$(/sbin/ip addr show dev $1 | /bin/grep inet)
/usr/bin/xenstore-write qubes_netvm_external_ip "$INET"
fi
if [ x$2 == xdown ]; then
/usr/bin/xenstore-write qubes_netvm_external_ip ""
fi

54
netvm/qubes_core
View File

@ -1,54 +0,0 @@
#!/bin/sh
#
# chkconfig: 345 90 90
# description: Executes Qubes core scripts at VM boot
#
# Source function library.
. /etc/rc.d/init.d/functions
start()
{
echo -n $"Executing Qubes Core scripts NetVM:"
if ! [ -x /usr/bin/xenstore-read ] ; then
echo "ERROR: /usr/bin/xenstore-read not found!"
exit 1
fi
name=$(/usr/bin/xenstore-read name)
hostname $name
# Setup gateway for all the VMs this netVM is serviceing...
modprobe netbk
gateway=$(/usr/bin/xenstore-read qubes_netvm_gateway)
netmask=$(/usr/bin/xenstore-read qubes_netvm_netmask)
network=$(/usr/bin/xenstore-read qubes_netvm_network)
secondary_dns=$(/usr/bin/xenstore-read qubes_netvm_secondary_dns)
echo "NS1=$gateway" > /var/run/qubes/qubes_ns
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes_ns
/usr/lib/qubes/qubes_setup_dnat_to_ns
echo "1" > /proc/sys/net/ipv4/ip_forward
success
echo ""
return 0
}
stop()
{
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
*)
echo $"Usage: $0 {start|stop}"
exit 3
;;
esac
exit $RETVAL

58
netvm/qubes_core_netvm Executable file
View File

@ -0,0 +1,58 @@
#!/bin/sh
#
# chkconfig: 345 90 90
# description: Executes Qubes core scripts at NetVM boot
#
# Source function library.
. /etc/rc.d/init.d/functions
start()
{
if ! [ -x /usr/bin/xenstore-read ] ; then
echo "ERROR: /usr/bin/xenstore-read not found!"
exit 1
fi
type=$(/usr/bin/xenstore-read qubes_vm_type)
if [ "$type" == "NetVM" ]; then
/sbin/service NetworkManager start
fi
echo -n $"Executing Qubes Core scripts NetVM:"
# Setup gateway for all the VMs this netVM is serviceing...
network=$(/usr/bin/xenstore-read qubes_netvm_network 2>/dev/null)
if [ "x$network" != "x" ]; then
gateway=$(/usr/bin/xenstore-read qubes_netvm_gateway)
netmask=$(/usr/bin/xenstore-read qubes_netvm_netmask)
secondary_dns=$(/usr/bin/xenstore-read qubes_netvm_secondary_dns)
modprobe netbk
echo "NS1=$gateway" > /var/run/qubes/qubes_ns
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes_ns
/usr/lib/qubes/qubes_setup_dnat_to_ns
echo "1" > /proc/sys/net/ipv4/ip_forward
fi
success
echo ""
return 0
}
stop()
{
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
*)
echo $"Usage: $0 {start|stop}"
exit 3
;;
esac
exit $RETVAL

33
proxyvm/bin/qubes_firewall Executable file
View File

@ -0,0 +1,33 @@
#!/bin/bash
set -e
PIDFILE=/var/run/qubes/qubes_firewall.pid
XENSTORE_IPTABLES=qubes_iptables
XENSTORE_ERROR=qubes_iptables_error
OLD_RULES=""
# PIDfile handling
[[ -e $PIDFILE ]] && kill -s 0 $(<$PIDFILE) 2>/dev/null && exit 0
echo $$ >$PIDFILE
trap 'exit 0' SIGTERM
while true; do
RULES=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES)
if [[ "$RULES" != "$OLD_RULES" ]]; then
IPTABLES_SAVE=$(/sbin/iptables-save | sed '/^\*filter/,/^COMMIT/d')
OUT=`echo -e "$RULES\n$IPTABLES_SAVE" | /sbin/iptables-restore 2>&1 || :`
/usr/bin/xenstore-write $XENSTORE_ERROR "$OUT"
if [[ -z "$OUT" ]]; then
# If OK save it for later
/sbin/service iptables save >/dev/null
fi
OLD_RULES="$RULES"
fi
# Wait for changes in xenstore file
/usr/bin/xenstore-watch $XENSTORE_IPTABLES
done

27
proxyvm/bin/qubes_netwatcher Executable file
View File

@ -0,0 +1,27 @@
#!/bin/bash
set -e
PIDFILE=/var/run/qubes/qubes_netwatcher.pid
CURR_NETCFG=""
# PIDfile handling
[[ -e $PIDFILE ]] && kill -s 0 $(<$PIDFILE) 2>/dev/null && exit 0
echo $$ >$PIDFILE
trap 'exit 0' SIGTERM
while true; do
NET_DOMID=$(/usr/bin/xenstore-read qubes_netvm_domid)
if [[ -n "$NET_DOMID" ]] && [[ $NET_DOMID -gt 0 ]]; then
NETCFG=$(/usr/bin/xenstore-read /local/domain/$NET_DOMID/qubes_netvm_external_ip)
if [[ "$NETCFG" != "$CURR_NETCFG" ]]; then
/sbin/service qubes_firewall stop
/sbin/service qubes_firewall start
CURR_NETCFG="$NETCFG"
fi
/usr/bin/xenstore-watch /local/domain/$NET_DOMID/qubes_netvm_external_ip
else
/usr/bin/xenstore-watch qubes_netvm_domid
fi
done

48
proxyvm/init.d/qubes_firewall Executable file
View File

@ -0,0 +1,48 @@
#!/bin/sh
#
# chkconfig: 345 91 91
# description: Starts Qubes Firewall monitor
#
# Source function library.
. /etc/rc.d/init.d/functions
PIDFILE=/var/run/qubes/qubes_firewall.pid
start()
{
type=$(/usr/bin/xenstore-read qubes_vm_type)
if [ "$type" == "ProxyVM" ]; then
echo -n $"Starting Qubes Firewall monitor:"
/sbin/ethtool -K eth0 sg off
/usr/sbin/qubes_firewall &
success
echo ""
fi
return 0
}
stop()
{
type=$(/usr/bin/xenstore-read qubes_vm_type)
if [ "$type" == "ProxyVM" ]; then
echo -n "Stopping Qubes Firewall monitor:"
kill -9 $(cat $PIDFILE) 2>/dev/null && success || failure
echo ""
fi
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
*)
echo $"Usage: $0 {start|stop}"
exit 3
;;
esac
exit $RETVAL

48
proxyvm/init.d/qubes_netwatcher Executable file
View File

@ -0,0 +1,48 @@
#!/bin/sh
#
# chkconfig: 345 92 92
# description: Starts Qubes Network monitor
#
# Source function library.
. /etc/rc.d/init.d/functions
PIDFILE=/var/run/qubes/qubes_netwatcher.pid
start()
{
type=$(/usr/bin/xenstore-read qubes_vm_type)
if [ "$type" == "ProxyVM" ]; then
echo -n $"Starting Qubes Network monitor:"
/sbin/ethtool -K eth0 sg off
/usr/sbin/qubes_netwatcher &
success
echo ""
fi
return 0
}
stop()
{
type=$(/usr/bin/xenstore-read qubes_vm_type)
if [ "$type" == "ProxyVM" ]; then
echo -n "Stopping Qubes Network monitor:"
kill -9 $(cat $PIDFILE) 2>/dev/null && success || failure
echo ""
fi
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
*)
echo $"Usage: $0 {start|stop}"
exit 3
;;
esac
exit $RETVAL

102
rpm_spec/core-appvm.spec
View File

@ -34,6 +34,9 @@ URL: http://www.qubes-os.org
Requires: /usr/bin/xenstore-read Requires: /usr/bin/xenstore-read
Requires: fedora-release = 13 Requires: fedora-release = 13
Requires: /usr/bin/mimeopen Requires: /usr/bin/mimeopen
Requires: qubes-core-commonvm
BuildRequires: gcc
BuildRequires: xen-devel
Provides: qubes-core-vm Provides: qubes-core-vm
%define _builddir %(pwd)/appvm %define _builddir %(pwd)/appvm
@ -53,9 +56,6 @@ fi
adduser --create-home user adduser --create-home user
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
if [ -e $RPM_BUILD_ROOT/etc/fstab ] ; then
mv $RPM_BUILD_ROOT/etc/fstab $RPM_BUILD_ROOT/var/lib/qubes/fstab.orig
fi
%build %build
make clean all make clean all
@ -63,10 +63,8 @@ make -C ../common
%install %install
mkdir -p $RPM_BUILD_ROOT/etc
cp fstab $RPM_BUILD_ROOT/etc/fstab
mkdir -p $RPM_BUILD_ROOT/etc/init.d mkdir -p $RPM_BUILD_ROOT/etc/init.d
cp qubes_core $RPM_BUILD_ROOT/etc/init.d/ cp qubes_core_appvm $RPM_BUILD_ROOT/etc/init.d/
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
mkdir -p $RPM_BUILD_ROOT/usr/bin mkdir -p $RPM_BUILD_ROOT/usr/bin
cp qubes_timestamp qvm-copy-to-vm qvm-open-in-dvm $RPM_BUILD_ROOT/usr/bin cp qubes_timestamp qvm-copy-to-vm qvm-open-in-dvm $RPM_BUILD_ROOT/usr/bin
@ -78,17 +76,9 @@ mkdir -p $RPM_BUILD_ROOT/%{kde_service_dir}
cp qvm-copy.desktop qvm-dvm.desktop $RPM_BUILD_ROOT/%{kde_service_dir} cp qvm-copy.desktop qvm-dvm.desktop $RPM_BUILD_ROOT/%{kde_service_dir}
mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d
cp qubes.rules $RPM_BUILD_ROOT/etc/udev/rules.d cp qubes.rules $RPM_BUILD_ROOT/etc/udev/rules.d
mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
cp iptables $RPM_BUILD_ROOT/etc/sysconfig/
mkdir -p $RPM_BUILD_ROOT/mnt/incoming mkdir -p $RPM_BUILD_ROOT/mnt/incoming
mkdir -p $RPM_BUILD_ROOT/mnt/outgoing mkdir -p $RPM_BUILD_ROOT/mnt/outgoing
mkdir -p $RPM_BUILD_ROOT/mnt/removable mkdir -p $RPM_BUILD_ROOT/mnt/removable
mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d
cp ../appvm/qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d
mkdir -p $RPM_BUILD_ROOT/sbin
cp ../common/qubes_serial_login $RPM_BUILD_ROOT/sbin
mkdir -p $RPM_BUILD_ROOT/etc
cp ../common/serial.conf $RPM_BUILD_ROOT/var/lib/qubes/
mkdir -p $RPM_BUILD_ROOT/etc/X11 mkdir -p $RPM_BUILD_ROOT/etc/X11
cp xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11 cp xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11
@ -96,91 +86,22 @@ cp xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11
mkdir -p $RPM_BUILD_ROOT/home_volatile/user mkdir -p $RPM_BUILD_ROOT/home_volatile/user
chown 500:500 $RPM_BUILD_ROOT/home_volatile/user chown 500:500 $RPM_BUILD_ROOT/home_volatile/user
%triggerin -- initscripts
cp /var/lib/qubes/serial.conf /etc/init/serial.conf
%post %post
chkconfig --add qubes_core_appvm || echo "WARNING: Cannot add service qubes_core!"
chkconfig qubes_core_appvm on || echo "WARNING: Cannot enable service qubes_core!"
if [ "$1" != 1 ] ; then if [ "$1" != 1 ] ; then
# do this whole %post thing only when updating for the first time... # do this whole %post thing only when updating for the first time...
exit 0 exit 0
fi fi
usermod -L root
usermod -L user usermod -L user
if ! [ -f /var/lib/qubes/serial.orig ] ; then
cp /etc/init/serial.conf /var/lib/qubes/serial.orig
fi
#echo "--> Disabling SELinux..."
sed -e s/^SELINUX=.*$/SELINUX=disabled/ </etc/selinux/config >/etc/selinux/config.processed
mv /etc/selinux/config.processed /etc/selinux/config
setenforce 0 2>/dev/null
#echo "--> Turning off unnecessary services..."
# FIXME: perhaps there is more elegant way to do this?
for f in /etc/init.d/*
do
srv=`basename $f`
[ $srv = 'functions' ] && continue
[ $srv = 'killall' ] && continue
[ $srv = 'halt' ] && continue
[ $srv = 'single' ] && continue
chkconfig $srv off
done
#echo "--> Enabling essential services..."
chkconfig rsyslog on
chkconfig haldaemon on
chkconfig messagebus on
chkconfig cups on
chkconfig iptables on
chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!"
chkconfig qubes_core on || echo "WARNING: Cannot enable service qubes_core!"
# TODO: make this not display the silly message about security context...
sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab
# Remove most of the udev scripts to speed up the VM boot time
# Just leave the xen* scripts, that are needed if this VM was
# ever used as a net backend (e.g. as a VPN domain in the future)
#echo "--> Removing unnecessary udev scripts..."
mkdir -p /var/lib/qubes/removed-udev-scripts
for f in /etc/udev/rules.d/*
do
if [ $(basename $f) == "xen-backend.rules" ] ; then
continue
fi
if [ $(basename $f) == "xend.rules" ] ; then
continue
fi
if [ $(basename $f) == "qubes.rules" ] ; then
continue
fi
if [ $(basename $f) == "90-hal.rules" ] ; then
continue
fi
mv $f /var/lib/qubes/removed-udev-scripts/
done
mkdir -p /rw
#rm -f /etc/mtab
#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0"
#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig
#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0
%preun %preun
if [ "$1" = 0 ] ; then if [ "$1" = 0 ] ; then
# no more packages left # no more packages left
chkconfig qubes_core off chkconfig qubes_core_appvm off
mv /var/lib/qubes/fstab.orig /etc/fstab
mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
mv /var/lib/qubes/serial.orig /etc/init/serial.conf
fi fi
%clean %clean
@ -188,8 +109,7 @@ rm -rf $RPM_BUILD_ROOT
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
/etc/fstab /etc/init.d/qubes_core_appvm
/etc/init.d/qubes_core
/usr/bin/qvm-copy-to-vm /usr/bin/qvm-copy-to-vm
/usr/lib/qubes/qvm-copy-to-vm.kde /usr/lib/qubes/qvm-copy-to-vm.kde
%attr(4755,root,root) /usr/bin/qvm-open-in-dvm %attr(4755,root,root) /usr/bin/qvm-open-in-dvm
@ -200,13 +120,9 @@ rm -rf $RPM_BUILD_ROOT
%attr(4755,root,root) /usr/lib/qubes/qubes_penctl %attr(4755,root,root) /usr/lib/qubes/qubes_penctl
/usr/lib/qubes/qubes_add_pendrive_script /usr/lib/qubes/qubes_add_pendrive_script
/etc/udev/rules.d/qubes.rules /etc/udev/rules.d/qubes.rules
/etc/sysconfig/iptables
/var/lib/qubes
%dir /mnt/incoming %dir /mnt/incoming
%dir /mnt/outgoing %dir /mnt/outgoing
%dir /mnt/removable %dir /mnt/removable
/etc/yum.repos.d/qubes.repo
/sbin/qubes_serial_login
/usr/bin/qubes_timestamp /usr/bin/qubes_timestamp
%dir /home_volatile %dir /home_volatile
%attr(700,user,user) /home_volatile/user %attr(700,user,user) /home_volatile/user

166
rpm_spec/core-commonvm.spec Normal file
View File

@ -0,0 +1,166 @@
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2010 Joanna Rutkowska <joanna@invisiblethingslab.com>
# Copyright (C) 2010 Rafal Wojtczuk <rafal@invisiblethingslab.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
#
%{!?version: %define version %(cat version_vm)}
Name: qubes-core-commonvm
Version: %{version}
Release: 1
Summary: The Qubes core files for any VM
Group: Qubes
Vendor: Invisible Things Lab
License: GPL
URL: http://www.qubes-os.org
Requires: /usr/bin/xenstore-read
Requires: fedora-release = 13
%define _builddir %(pwd)/common
%description
The Qubes core files for installation inside a Qubes VM.
%pre
if [ "$1" != 1 ] ; then
# do this whole %pre thing only when updating for the first time...
exit 0
fi
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
if [ -e $RPM_BUILD_ROOT/etc/fstab ] ; then
mv $RPM_BUILD_ROOT/etc/fstab $RPM_BUILD_ROOT/var/lib/qubes/fstab.orig
fi
%install
mkdir -p $RPM_BUILD_ROOT/etc
cp fstab $RPM_BUILD_ROOT/etc/fstab
mkdir -p $RPM_BUILD_ROOT/etc/init.d
cp qubes_core $RPM_BUILD_ROOT/etc/init.d/
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
cp iptables $RPM_BUILD_ROOT/etc/sysconfig/
mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d
cp ../appvm/qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d
mkdir -p $RPM_BUILD_ROOT/sbin
cp ../common/qubes_serial_login $RPM_BUILD_ROOT/sbin
mkdir -p $RPM_BUILD_ROOT/etc
cp ../common/serial.conf $RPM_BUILD_ROOT/var/lib/qubes/
%triggerin -- initscripts
cp /var/lib/qubes/serial.conf /etc/init/serial.conf
%post
if [ "$1" != 1 ] ; then
# do this whole %post thing only when updating for the first time...
exit 0
fi
usermod -L root
if ! [ -f /var/lib/qubes/serial.orig ] ; then
cp /etc/init/serial.conf /var/lib/qubes/serial.orig
fi
#echo "--> Disabling SELinux..."
sed -e s/^SELINUX=.*$/SELINUX=disabled/ </etc/selinux/config >/etc/selinux/config.processed
mv /etc/selinux/config.processed /etc/selinux/config
setenforce 0 2>/dev/null
#echo "--> Turning off unnecessary services..."
# FIXME: perhaps there is more elegant way to do this?
for f in /etc/init.d/*
do
srv=`basename $f`
[ $srv = 'functions' ] && continue
[ $srv = 'killall' ] && continue
[ $srv = 'halt' ] && continue
[ $srv = 'single' ] && continue
[ $srv = 'qubes_gui' ] && continue
chkconfig $srv off
done
#echo "--> Enabling essential services..."
chkconfig rsyslog on
chkconfig haldaemon on
chkconfig messagebus on
chkconfig iptables on
chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!"
chkconfig qubes_core on || echo "WARNING: Cannot enable service qubes_core!"
# TODO: make this not display the silly message about security context...
sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab
# Remove most of the udev scripts to speed up the VM boot time
# Just leave the xen* scripts, that are needed if this VM was
# ever used as a net backend (e.g. as a VPN domain in the future)
#echo "--> Removing unnecessary udev scripts..."
mkdir -p /var/lib/qubes/removed-udev-scripts
for f in /etc/udev/rules.d/*
do
if [ $(basename $f) == "xen-backend.rules" ] ; then
continue
fi
if [ $(basename $f) == "xend.rules" ] ; then
continue
fi
if [ $(basename $f) == "qubes.rules" ] ; then
continue
fi
if [ $(basename $f) == "90-hal.rules" ] ; then
continue
fi
mv $f /var/lib/qubes/removed-udev-scripts/
done
mkdir -p /rw
#rm -f /etc/mtab
#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0"
#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig
#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0
%preun
if [ "$1" = 0 ] ; then
# no more packages left
chkconfig qubes_core off
mv /var/lib/qubes/fstab.orig /etc/fstab
mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
mv /var/lib/qubes/serial.orig /etc/init/serial.conf
fi
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
/etc/fstab
/etc/init.d/qubes_core
/etc/sysconfig/iptables
/var/lib/qubes
/etc/yum.repos.d/qubes.repo
/sbin/qubes_serial_login

56
rpm_spec/core-dom0.spec
View File

@ -36,6 +36,7 @@ Group: Qubes
Vendor: Invisible Things Lab Vendor: Invisible Things Lab
License: GPL License: GPL
URL: http://www.qubes-os.org URL: http://www.qubes-os.org
BuildRequires: xen-devel
Requires: python, xen-runtime, pciutils, python-inotify, python-daemon, kernel-qubes-dom0 Requires: python, xen-runtime, pciutils, python-inotify, python-daemon, kernel-qubes-dom0
Conflicts: qubes-gui-dom0 < 1.1.13 Conflicts: qubes-gui-dom0 < 1.1.13
Requires: NetworkManager >= 0.8.1-1 Requires: NetworkManager >= 0.8.1-1
@ -65,6 +66,8 @@ cp pendrive_swapper/qfilexchgd $RPM_BUILD_ROOT/usr/bin
mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts
cp restore/block.qubes $RPM_BUILD_ROOT/etc/xen/scripts cp restore/block.qubes $RPM_BUILD_ROOT/etc/xen/scripts
cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts
cp ../common/block-snapshot $RPM_BUILD_ROOT/etc/xen/scripts
ln -s block-snapshot $RPM_BUILD_ROOT/etc/xen/scripts/block-origin
mkdir -p $RPM_BUILD_ROOT%{python_sitearch}/qubes mkdir -p $RPM_BUILD_ROOT%{python_sitearch}/qubes
cp qvm-core/qubes.py $RPM_BUILD_ROOT%{python_sitearch}/qubes cp qvm-core/qubes.py $RPM_BUILD_ROOT%{python_sitearch}/qubes
@ -94,6 +97,7 @@ cp restore/qubes_prepare_saved_domain.sh $RPM_BUILD_ROOT/usr/lib/qubes
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/vm-templates mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/vm-templates
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/appvms mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/appvms
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/servicevms
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/backup mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/backup
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dvmdata mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dvmdata
@ -124,10 +128,16 @@ mkdir -p $RPM_BUILD_ROOT/var/run/qubes
%post %post
# Create NetworkManager configuration if we do not have it
if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
echo '[main]' > /etc/NetworkManager/NetworkManager.conf
echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
fi
/usr/lib/qubes/qubes_fix_nm_conf.sh /usr/lib/qubes/qubes_fix_nm_conf.sh
if [ -e /etc/yum.repos.d/qubes-r1-dom0.repo ]; then if [ -e /etc/yum.repos.d/qubes-r1-dom0.repo ]; then
# we want the user to use the repo that comes with qubes-code-dom0 packages instead # we want the user to use the repo that comes with qubes-core-dom0 packages instead
rm -f /etc/yum.repos.d/qubes-r1-dom0.repo rm -f /etc/yum.repos.d/qubes-r1-dom0.repo
fi fi
@ -136,15 +146,16 @@ fi
#exit 0 #exit 0
#fi #fi
# TODO: This is only temporary, until we will have our own installer ## TODO: This is only temporary, until we will have our own installer
for f in /etc/init.d/* #for f in /etc/init.d/*
do #do
srv=`basename $f` # srv=`basename $f`
[ $srv = 'functions' ] && continue # [ $srv = 'functions' ] && continue
[ $srv = 'killall' ] && continue # [ $srv = 'killall' ] && continue
[ $srv = 'halt' ] && continue # [ $srv = 'halt' ] && continue
chkconfig $srv off # [ $srv = 'single' ] && continue
done # chkconfig $srv off
#done
chkconfig iptables on chkconfig iptables on
chkconfig NetworkManager on chkconfig NetworkManager on
@ -165,6 +176,20 @@ chkconfig qubes_core on || echo "WARNING: Cannot enable service qubes_core!"
chkconfig qubes_netvm on || echo "WARNING: Cannot enable service qubes_netvm!" chkconfig qubes_netvm on || echo "WARNING: Cannot enable service qubes_netvm!"
chkconfig qubes_setupdvm on || echo "WARNING: Cannot enable service qubes_setupdvm!" chkconfig qubes_setupdvm on || echo "WARNING: Cannot enable service qubes_setupdvm!"
HAD_SYSCONFIG_NETWORK=yes
if ! [ -e /etc/sysconfig/network ]; then
HAD_SYSCONFIG_NETWORK=no
# supplant empty one so NetworkManager init script does not complain
touch /etc/sysconfig/network
fi
# Load evtchn module - xenstored needs it
modprobe evtchn
# Now launch xend - we will need it for subsequent steps
service xenstored start
service xend start
if ! [ -e /var/lib/qubes/qubes.xml ]; then if ! [ -e /var/lib/qubes/qubes.xml ]; then
# echo "Initializing Qubes DB..." # echo "Initializing Qubes DB..."
umask 007; sg qubes -c qvm-init-storage umask 007; sg qubes -c qvm-init-storage
@ -173,13 +198,16 @@ for i in /usr/share/qubes/icons/*.png ; do
xdg-icon-resource install --novendor --size 48 $i xdg-icon-resource install --novendor --size 48 $i
done done
/etc/init.d/qubes_core start service qubes_core start
NETVM=$(qvm-get-default-netvm) NETVM=$(qvm-get-default-netvm)
if [ "X"$NETVM = "X""dom0" ] ; then if [ "X"$NETVM = "X""dom0" ] ; then
/etc/init.d/qubes_netvm start service qubes_netvm start
fi fi
if [ "x"$HAD_SYSCONFIG_NETWORK = "xno" ]; then
rm -f /etc/sysconfig/network
fi
%clean %clean
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@ -258,6 +286,7 @@ fi
%attr(770,root,qubes) %dir /var/lib/qubes %attr(770,root,qubes) %dir /var/lib/qubes
%attr(770,root,qubes) %dir /var/lib/qubes/vm-templates %attr(770,root,qubes) %dir /var/lib/qubes/vm-templates
%attr(770,root,qubes) %dir /var/lib/qubes/appvms %attr(770,root,qubes) %dir /var/lib/qubes/appvms
%attr(770,root,qubes) %dir /var/lib/qubes/servicevms
%attr(770,root,qubes) %dir /var/lib/qubes/backup %attr(770,root,qubes) %dir /var/lib/qubes/backup
%attr(770,root,qubes) %dir /var/lib/qubes/dvmdata %attr(770,root,qubes) %dir /var/lib/qubes/dvmdata
%dir /usr/share/qubes/icons/*.png %dir /usr/share/qubes/icons/*.png
@ -271,10 +300,11 @@ fi
/usr/lib64/pm-utils/sleep.d/01qubes-swap-pci-devs /usr/lib64/pm-utils/sleep.d/01qubes-swap-pci-devs
/usr/lib64/pm-utils/sleep.d/02qubes-pause-vms /usr/lib64/pm-utils/sleep.d/02qubes-pause-vms
/usr/bin/xenstore-watch /usr/bin/xenstore-watch
/usr/bin/qvm-create-default-dvm
/usr/lib/qubes/qubes_restore /usr/lib/qubes/qubes_restore
/usr/lib/qubes/qubes_prepare_saved_domain.sh /usr/lib/qubes/qubes_prepare_saved_domain.sh
/etc/xen/scripts/block.qubes /etc/xen/scripts/block.qubes
/etc/xen/scripts/block-snapshot
/etc/xen/scripts/block-origin
/etc/xen/scripts/vif-route-qubes /etc/xen/scripts/vif-route-qubes
%attr(4750,root,qubes) /usr/lib/qubes/xenfreepages %attr(4750,root,qubes) /usr/lib/qubes/xenfreepages
%attr(2770,root,qubes) %dir /var/log/qubes %attr(2770,root,qubes) %dir /var/log/qubes

109
rpm_spec/core-netvm.spec
View File

@ -34,6 +34,7 @@ URL: http://www.qubes-os.org
Requires: /usr/bin/xenstore-read Requires: /usr/bin/xenstore-read
Requires: fedora-release = 13 Requires: fedora-release = 13
Requires: NetworkManager >= 0.8.1-1 Requires: NetworkManager >= 0.8.1-1
Requires: qubes-core-commonvm
Provides: qubes-core-vm Provides: qubes-core-vm
%define _builddir %(pwd)/netvm %define _builddir %(pwd)/netvm
@ -43,22 +44,13 @@ The Qubes core files for installation inside a Qubes NetVM.
%pre %pre
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
if [ -e $RPM_BUILD_ROOT/etc/fstab ] ; then
mv $RPM_BUILD_ROOT/etc/fstab $RPM_BUILD_ROOT/var/lib/qubes/fstab.orig
fi
%build %build
%install %install
mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
cp ../common/iptables $RPM_BUILD_ROOT/etc/sysconfig
mkdir -p $RPM_BUILD_ROOT/etc mkdir -p $RPM_BUILD_ROOT/etc
cp fstab $RPM_BUILD_ROOT/etc/fstab
mkdir -p $RPM_BUILD_ROOT/etc/init.d mkdir -p $RPM_BUILD_ROOT/etc/init.d
cp qubes_core $RPM_BUILD_ROOT/etc/init.d/ cp qubes_core_netvm $RPM_BUILD_ROOT/etc/init.d/
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
cp ../common/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/usr/lib/qubes cp ../common/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/usr/lib/qubes
@ -67,103 +59,22 @@ mkdir -p $RPM_BUILD_ROOT/etc/dhclient.d
ln -s /usr/lib/qubes/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/etc/dhclient.d/qubes_setup_dnat_to_ns.sh ln -s /usr/lib/qubes/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/etc/dhclient.d/qubes_setup_dnat_to_ns.sh
mkdir -p $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ mkdir -p $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
cp ../common/qubes_nmhook $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ cp ../common/qubes_nmhook $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d cp ../netvm/30-qubes_external_ip $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
cp ../netvm/qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d
mkdir -p $RPM_BUILD_ROOT/sbin
cp ../common/qubes_serial_login $RPM_BUILD_ROOT/sbin
mkdir -p $RPM_BUILD_ROOT/etc
cp ../common/serial.conf $RPM_BUILD_ROOT/var/lib/qubes/
mkdir -p $RPM_BUILD_ROOT/var/run/qubes mkdir -p $RPM_BUILD_ROOT/var/run/qubes
mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts
cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts
%triggerin -- initscripts
cp /var/lib/qubes/serial.conf /etc/init/serial.conf
%post %post
/usr/lib/qubes/qubes_fix_nm_conf.sh /usr/lib/qubes/qubes_fix_nm_conf.sh
if [ "$1" != 1 ] ; then chkconfig --add qubes_core_netvm || echo "WARNING: Cannot add service qubes_core!"
# do this whole %post thing only when updating for the first time... chkconfig qubes_core_netvm on || echo "WARNING: Cannot enable service qubes_core!"
exit 0
fi
sed 's/^net.ipv4.ip_forward.*/net.ipv4.ip_forward = 1/' -i /etc/sysctl.conf
usermod -L root
if ! [ -f /var/lib/qubes/serial.orig ] ; then
cp /etc/init/serial.conf /var/lib/qubes/serial.orig
fi
#echo "--> Disabling SELinux..."
sed -e s/^SELINUX=.*$/SELINUX=disabled/ </etc/selinux/config >/etc/selinux/config.processed
mv /etc/selinux/config.processed /etc/selinux/config
setenforce 0 2>/dev/null
#echo "--> Turning off unnecessary services..."
# FIXME: perhaps there is more elegant way to do this?
for f in /etc/init.d/*
do
srv=`basename $f`
[ $srv = 'functions' ] && continue
[ $srv = 'killall' ] && continue
[ $srv = 'halt' ] && continue
[ $srv = 'single' ] && continue
chkconfig $srv off
done
#echo "--> Enabling essential services..."
chkconfig iptables on
chkconfig rsyslog on
chkconfig haldaemon on
chkconfig messagebus on
chkconfig NetworkManager on
chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!"
chkconfig qubes_core on || echo "WARNING: Cannot enable service qubes_core!"
# TODO: make this not display the silly message about security context...
sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab
# Remove most of the udev scripts to speed up the VM boot time
# Just leave the xen* scripts, that are needed if this VM was
# ever used as a net backend (e.g. as a VPN domain in the future)
#echo "--> Removing unnecessary udev scripts..."
mkdir -p /var/lib/qubes/removed-udev-scripts
for f in /etc/udev/rules.d/*
do
if [ $(basename $f) == "xen-backend.rules" ] ; then
continue
fi
if [ $(basename $f) == "xend.rules" ] ; then
continue
fi
if [ $(basename $f) == "qubes.rules" ] ; then
continue
fi
if [ $(basename $f) == "90-hal.rules" ] ; then
continue
fi
mv $f /var/lib/qubes/removed-udev-scripts/
done
#rm -f /etc/mtab
#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0"
#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig
#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0
%preun %preun
if [ "$1" = 0 ] ; then if [ "$1" = 0 ] ; then
# no more packages left # no more packages left
chkconfig qubes_core off chkconfig qubes_core_netvm off
mv /var/lib/qubes/fstab.orig /etc/fstab
mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
mv /var/lib/qubes/serial.orig /etc/init/serial.conf
fi fi
%clean %clean
@ -171,15 +82,11 @@ rm -rf $RPM_BUILD_ROOT
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
/etc/fstab /etc/init.d/qubes_core_netvm
/etc/sysconfig/iptables
/etc/init.d/qubes_core
/var/lib/qubes
/usr/lib/qubes/qubes_setup_dnat_to_ns /usr/lib/qubes/qubes_setup_dnat_to_ns
/usr/lib/qubes/qubes_fix_nm_conf.sh /usr/lib/qubes/qubes_fix_nm_conf.sh
/etc/dhclient.d/qubes_setup_dnat_to_ns.sh /etc/dhclient.d/qubes_setup_dnat_to_ns.sh
/etc/NetworkManager/dispatcher.d/qubes_nmhook /etc/NetworkManager/dispatcher.d/qubes_nmhook
/etc/yum.repos.d/qubes.repo /etc/NetworkManager/dispatcher.d/30-qubes_external_ip
/sbin/qubes_serial_login
/etc/xen/scripts/vif-route-qubes /etc/xen/scripts/vif-route-qubes
%dir /var/run/qubes %dir /var/run/qubes

80
rpm_spec/core-proxyvm.spec Normal file
View File

@ -0,0 +1,80 @@
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2010 Joanna Rutkowska <joanna@invisiblethingslab.com>
# Copyright (C) 2010 Rafal Wojtczuk <rafal@invisiblethingslab.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
#
%{!?version: %define version %(cat version_vm)}
Name: qubes-core-proxyvm
Version: %{version}
Release: 1
Summary: The Qubes core files for NetVM
Group: Qubes
Vendor: Invisible Things Lab
License: GPL
URL: http://www.qubes-os.org
Requires: /usr/bin/xenstore-read
Requires: /sbin/ethtool
Requires: fedora-release = 13
Requires: qubes-core-netvm
%define _builddir %(pwd)/proxyvm
%description
The Qubes core files for installation inside a Qubes ProxyVM in addition to NetVM scripts.
%pre
%build
%install
mkdir -p $RPM_BUILD_ROOT/etc/init.d
cp init.d/qubes_firewall $RPM_BUILD_ROOT/etc/init.d/
cp init.d/qubes_netwatcher $RPM_BUILD_ROOT/etc/init.d/
mkdir -p $RPM_BUILD_ROOT/usr/sbin
cp bin/qubes_firewall $RPM_BUILD_ROOT/usr/sbin/
cp bin/qubes_netwatcher $RPM_BUILD_ROOT/usr/sbin/
%post
chkconfig --add qubes_firewall || echo "WARNING: Cannot add service qubes_core!"
chkconfig qubes_firewall on || echo "WARNING: Cannot enable service qubes_core!"
chkconfig --add qubes_netwatcher || echo "WARNING: Cannot add service qubes_core!"
chkconfig qubes_netwatcher on || echo "WARNING: Cannot enable service qubes_core!"
%preun
if [ "$1" = 0 ] ; then
# no more packages left
chkconfig qubes_firewall off
chkconfig qubes_netwatcher off
fi
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
/etc/init.d/qubes_firewall
/etc/init.d/qubes_netwatcher
/usr/sbin/qubes_firewall
/usr/sbin/qubes_netwatcher