diff --git a/Makefile b/Makefile index 01085b28..b38c5f5c 100644 --- a/Makefile +++ b/Makefile @@ -5,20 +5,26 @@ help: @echo "make update-repo-testing -- same, but to -testing repo" rpms: + rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-commonvm.spec rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-appvm.spec rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-netvm.spec + rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-proxyvm.spec rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec rpm --addsign $(RPMS_DIR)/x86_64/*.rpm update-repo: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*.rpm ../yum/r1/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-appvm-*.rpm ../yum/r1/appvm/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-commonvm-*.rpm ../yum/r1/netvm/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-netvm-*.rpm ../yum/r1/netvm/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-proxyvm-*.rpm ../yum/r1/netvm/rpm/ update-repo-testing: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*.rpm ../yum/r1-testing/dom0/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-appvm-*.rpm ../yum/r1-testing/appvm/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-commonvm-*.rpm ../yum/r1-testing/netvm/rpm/ ln -f $(RPMS_DIR)/x86_64/qubes-core-netvm-*.rpm ../yum/r1-testing/netvm/rpm/ + ln -f $(RPMS_DIR)/x86_64/qubes-core-proxyvm-*.rpm ../yum/r1-testing/netvm/rpm/ diff --git a/appvm/fstab b/common/fstab similarity index 100% rename from appvm/fstab rename to common/fstab diff --git a/appvm/qubes_core b/common/qubes_core similarity index 61% rename from appvm/qubes_core rename to common/qubes_core index 714727a2..26fe514d 100755 --- a/appvm/qubes_core +++ b/common/qubes_core @@ -6,18 +6,6 @@ # Source function library. . /etc/rc.d/init.d/functions -possibly_run_save_script() -{ - ENCODED_SCRIPT=$(xenstore-read qubes_save_script) - if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi - echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64()' >/tmp/qubes_save_script - chmod 755 /tmp/qubes_save_script - Xorg -config /etc/X11/xorg-preload-apps.conf :0 & - sleep 2 - DISPLAY=:0 su - user -c /tmp/qubes_save_script - killall Xorg -} - start() { echo -n $"Executing Qubes Core scripts:" @@ -26,21 +14,6 @@ start() echo "ERROR: /usr/bin/xenstore-read not found!" exit 1 fi - if xenstore-read qubes_save_request 2>/dev/null ; then - ln -sf /home_volatile /home - possibly_run_save_script - touch /etc/this_is_dvm - dmesg -c >/dev/null - free | grep Mem: | - (read a b c d ; xenstore-write device/qubes_used_mem $c) - # we're still running in DispVM template - echo "Waiting for save/restore..." - # ... wait until qubes_restore.c (in Dom0) recreates VM-specific keys - while ! xenstore-read qubes_restore_complete 2>/dev/null ; do - usleep 10 - done - echo Back to life. - fi name=$(/usr/bin/xenstore-read name) if ! [ -f /etc/this_is_dvm ] ; then @@ -81,10 +54,6 @@ start() fi fi - MEM_CHANGE_THRESHOLD_KB=30000 - MEMINFO_DELAY_USEC=100000 - /usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC & - [ -x /rw/config/rc.local ] && /rw/config/rc.local success echo "" diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 45a44308..270d0049 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -195,7 +195,7 @@ class QubesVm(object): self.uses_default_netvm = uses_default_netvm self.netvm_vm = netvm_vm - # We use it in remove from disk to avoid removing rpm files (for templates and netvms) + # We use it in remove from disk to avoid removing rpm files (for templates) self.installed_by_rpm = installed_by_rpm self.updateable = updateable diff --git a/fwvm/init.d/qubes_core b/fwvm/init.d/qubes_core deleted file mode 100755 index d6bcac28..00000000 --- a/fwvm/init.d/qubes_core +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# -# chkconfig: 345 90 90 -# description: Executes Qubes core scripts at VM boot -# -# Source function library. -. /etc/rc.d/init.d/functions - -start() -{ - echo -n $"Executing Qubes Core scripts FirewallVM:" - - if ! [ -x /usr/bin/xenstore-read ] ; then - echo "ERROR: /usr/bin/xenstore-read not found!" - exit 1 - fi - - name=$(/usr/bin/xenstore-read name) - hostname $name - - # Setup gateway for all the VMs this netVM is serviceing... - modprobe netbk - gateway=$(/usr/bin/xenstore-read qubes_netvm_gateway) - netmask=$(/usr/bin/xenstore-read qubes_netvm_netmask) - network=$(/usr/bin/xenstore-read qubes_netvm_network) - secondary_dns=$(/usr/bin/xenstore-read qubes_netvm_secondary_dns) - echo "NS1=$gateway" > /var/run/qubes/qubes_ns - echo "NS2=$secondary_dns" >> /var/run/qubes/qubes_ns - /usr/lib/qubes/qubes_setup_dnat_to_ns - echo "1" > /proc/sys/net/ipv4/ip_forward - - # Now setup "AppVM" part of FirewallVM - ip=$(/usr/bin/xenstore-read qubes_ip) - netmask=$(/usr/bin/xenstore-read qubes_netmask) - gateway=$(/usr/bin/xenstore-read qubes_gateway) - secondary_dns=$(/usr/bin/xenstore-read qubes_secondary_dns) - if [ x$ip != x ]; then - /sbin/ifconfig eth0 $ip netmask 255.255.255.255 up - /sbin/route add default dev eth0 - echo "nameserver $gateway" > /etc/resolv.conf - echo "nameserver $secondary_dns" >> /etc/resolv.conf - fi - - success - echo "" - return 0 -} - -stop() -{ - return 0 -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - *) - echo $"Usage: $0 {start|stop}" - exit 3 - ;; -esac - -exit $RETVAL diff --git a/fwvm/init.d/qubes_firewall b/fwvm/init.d/qubes_firewall deleted file mode 100755 index f970734f..00000000 --- a/fwvm/init.d/qubes_firewall +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh -# -# chkconfig: 345 91 91 -# description: Starts Qubes Firewall monitor -# -# Source function library. -. /etc/rc.d/init.d/functions - -PIDFILE=/var/run/qubes/qubes_firewall.pid - -start() -{ - echo -n $"Starting Qubes Firewall monitor:" - /sbin/ethtool -K eth0 sg off - /usr/bin/qubes_firewall & - success - echo "" - return 0 -} - -stop() -{ - echo -n "Stopping Qubes Firewall monitor:" - kill $(cat $PIDFILE) 2>/dev/null && success || failure - echo "" - return 0 -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - *) - echo $"Usage: $0 {start|stop}" - exit 3 - ;; -esac - -exit $RETVAL diff --git a/netvm/qubes_core b/netvm/qubes_core deleted file mode 100755 index dbfaad7a..00000000 --- a/netvm/qubes_core +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -# -# chkconfig: 345 90 90 -# description: Executes Qubes core scripts at VM boot -# -# Source function library. -. /etc/rc.d/init.d/functions - -start() -{ - echo -n $"Executing Qubes Core scripts NetVM:" - - if ! [ -x /usr/bin/xenstore-read ] ; then - echo "ERROR: /usr/bin/xenstore-read not found!" - exit 1 - fi - - name=$(/usr/bin/xenstore-read name) - hostname $name - - # Setup gateway for all the VMs this netVM is serviceing... - modprobe netbk - gateway=$(/usr/bin/xenstore-read qubes_netvm_gateway) - netmask=$(/usr/bin/xenstore-read qubes_netvm_netmask) - network=$(/usr/bin/xenstore-read qubes_netvm_network) - secondary_dns=$(/usr/bin/xenstore-read qubes_netvm_secondary_dns) - echo "NS1=$gateway" > /var/run/qubes/qubes_ns - echo "NS2=$secondary_dns" >> /var/run/qubes/qubes_ns - /usr/lib/qubes/qubes_setup_dnat_to_ns - echo "1" > /proc/sys/net/ipv4/ip_forward - success - echo "" - return 0 -} - -stop() -{ - return 0 -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - *) - echo $"Usage: $0 {start|stop}" - exit 3 - ;; -esac - -exit $RETVAL diff --git a/netvm/qubes_core_netvm b/netvm/qubes_core_netvm new file mode 100755 index 00000000..dd713fce --- /dev/null +++ b/netvm/qubes_core_netvm @@ -0,0 +1,58 @@ +#!/bin/sh +# +# chkconfig: 345 90 90 +# description: Executes Qubes core scripts at NetVM boot +# +# Source function library. +. /etc/rc.d/init.d/functions + +start() +{ + if ! [ -x /usr/bin/xenstore-read ] ; then + echo "ERROR: /usr/bin/xenstore-read not found!" + exit 1 + fi + + type=$(/usr/bin/xenstore-read qubes_vm_type) + if [ "$type" == "NetVM" ]; then + /sbin/service NetworkManager start + fi + + echo -n $"Executing Qubes Core scripts NetVM:" + + # Setup gateway for all the VMs this netVM is serviceing... + network=$(/usr/bin/xenstore-read qubes_netvm_network 2>/dev/null) + if [ "x$network" != "x" ]; then + gateway=$(/usr/bin/xenstore-read qubes_netvm_gateway) + netmask=$(/usr/bin/xenstore-read qubes_netvm_netmask) + secondary_dns=$(/usr/bin/xenstore-read qubes_netvm_secondary_dns) + modprobe netbk + echo "NS1=$gateway" > /var/run/qubes/qubes_ns + echo "NS2=$secondary_dns" >> /var/run/qubes/qubes_ns + /usr/lib/qubes/qubes_setup_dnat_to_ns + echo "1" > /proc/sys/net/ipv4/ip_forward + fi + success + echo "" + return 0 +} + +stop() +{ + return 0 +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + *) + echo $"Usage: $0 {start|stop}" + exit 3 + ;; +esac + +exit $RETVAL diff --git a/fwvm/bin/qubes_firewall b/proxyvm/bin/qubes_firewall similarity index 100% rename from fwvm/bin/qubes_firewall rename to proxyvm/bin/qubes_firewall diff --git a/proxyvm/init.d/qubes_firewall b/proxyvm/init.d/qubes_firewall new file mode 100755 index 00000000..1d3c0266 --- /dev/null +++ b/proxyvm/init.d/qubes_firewall @@ -0,0 +1,48 @@ +#!/bin/sh +# +# chkconfig: 345 91 91 +# description: Starts Qubes Firewall monitor +# +# Source function library. +. /etc/rc.d/init.d/functions + +PIDFILE=/var/run/qubes/qubes_firewall.pid + +start() +{ + type=$(/usr/bin/xenstore-read qubes_vm_type) + if [ "$type" == "ProxyVM" ]; then + echo -n $"Starting Qubes Firewall monitor:" + /sbin/ethtool -K eth0 sg off + /usr/sbin/qubes_firewall & + success + echo "" + fi + return 0 +} + +stop() +{ + type=$(/usr/bin/xenstore-read qubes_vm_type) + if [ "$type" == "ProxyVM" ]; then + echo -n "Stopping Qubes Firewall monitor:" + kill $(cat $PIDFILE) 2>/dev/null && success || failure + echo "" + fi + return 0 +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + *) + echo $"Usage: $0 {start|stop}" + exit 3 + ;; +esac + +exit $RETVAL diff --git a/rpm_spec/core-appvm.spec b/rpm_spec/core-appvm.spec index e901a12c..a6eea0d8 100644 --- a/rpm_spec/core-appvm.spec +++ b/rpm_spec/core-appvm.spec @@ -34,6 +34,7 @@ URL: http://www.qubes-os.org Requires: /usr/bin/xenstore-read Requires: fedora-release = 13 Requires: /usr/bin/mimeopen +Requires: qubes-core-commonvm BuildRequires: gcc BuildRequires: xen-devel Provides: qubes-core-vm @@ -55,9 +56,6 @@ fi adduser --create-home user mkdir -p $RPM_BUILD_ROOT/var/lib/qubes -if [ -e $RPM_BUILD_ROOT/etc/fstab ] ; then -mv $RPM_BUILD_ROOT/etc/fstab $RPM_BUILD_ROOT/var/lib/qubes/fstab.orig -fi %build make clean all @@ -65,10 +63,8 @@ make -C ../common %install -mkdir -p $RPM_BUILD_ROOT/etc -cp fstab $RPM_BUILD_ROOT/etc/fstab mkdir -p $RPM_BUILD_ROOT/etc/init.d -cp qubes_core $RPM_BUILD_ROOT/etc/init.d/ +cp qubes_core_appvm $RPM_BUILD_ROOT/etc/init.d/ mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/usr/bin cp qubes_timestamp qvm-copy-to-vm qvm-open-in-dvm $RPM_BUILD_ROOT/usr/bin @@ -80,17 +76,9 @@ mkdir -p $RPM_BUILD_ROOT/%{kde_service_dir} cp qvm-copy.desktop qvm-dvm.desktop $RPM_BUILD_ROOT/%{kde_service_dir} mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d cp qubes.rules $RPM_BUILD_ROOT/etc/udev/rules.d -mkdir -p $RPM_BUILD_ROOT/etc/sysconfig -cp iptables $RPM_BUILD_ROOT/etc/sysconfig/ mkdir -p $RPM_BUILD_ROOT/mnt/incoming mkdir -p $RPM_BUILD_ROOT/mnt/outgoing mkdir -p $RPM_BUILD_ROOT/mnt/removable -mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d -cp ../appvm/qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d -mkdir -p $RPM_BUILD_ROOT/sbin -cp ../common/qubes_serial_login $RPM_BUILD_ROOT/sbin -mkdir -p $RPM_BUILD_ROOT/etc -cp ../common/serial.conf $RPM_BUILD_ROOT/var/lib/qubes/ mkdir -p $RPM_BUILD_ROOT/etc/X11 cp xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11 @@ -98,9 +86,6 @@ cp xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11 mkdir -p $RPM_BUILD_ROOT/home_volatile/user chown 500:500 $RPM_BUILD_ROOT/home_volatile/user -%triggerin -- initscripts -cp /var/lib/qubes/serial.conf /etc/init/serial.conf - %post if [ "$1" != 1 ] ; then @@ -108,81 +93,15 @@ if [ "$1" != 1 ] ; then exit 0 fi -usermod -L root usermod -L user -if ! [ -f /var/lib/qubes/serial.orig ] ; then - cp /etc/init/serial.conf /var/lib/qubes/serial.orig -fi -#echo "--> Disabling SELinux..." -sed -e s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config.processed -mv /etc/selinux/config.processed /etc/selinux/config -setenforce 0 2>/dev/null - -#echo "--> Turning off unnecessary services..." -# FIXME: perhaps there is more elegant way to do this? -for f in /etc/init.d/* -do - srv=`basename $f` - [ $srv = 'functions' ] && continue - [ $srv = 'killall' ] && continue - [ $srv = 'halt' ] && continue - [ $srv = 'single' ] && continue - chkconfig $srv off -done - -#echo "--> Enabling essential services..." -chkconfig rsyslog on -chkconfig haldaemon on -chkconfig messagebus on -chkconfig cups on -chkconfig iptables on -chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!" -chkconfig qubes_core on || echo "WARNING: Cannot enable service qubes_core!" - - -# TODO: make this not display the silly message about security context... -sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab - -# Remove most of the udev scripts to speed up the VM boot time -# Just leave the xen* scripts, that are needed if this VM was -# ever used as a net backend (e.g. as a VPN domain in the future) -#echo "--> Removing unnecessary udev scripts..." -mkdir -p /var/lib/qubes/removed-udev-scripts -for f in /etc/udev/rules.d/* -do - if [ $(basename $f) == "xen-backend.rules" ] ; then - continue - fi - - if [ $(basename $f) == "xend.rules" ] ; then - continue - fi - - if [ $(basename $f) == "qubes.rules" ] ; then - continue - fi - - if [ $(basename $f) == "90-hal.rules" ] ; then - continue - fi - - - mv $f /var/lib/qubes/removed-udev-scripts/ -done -mkdir -p /rw -#rm -f /etc/mtab -#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0" -#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig -#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0 +chkconfig --add qubes_core_appvm || echo "WARNING: Cannot add service qubes_core!" +chkconfig qubes_core_appvm on || echo "WARNING: Cannot enable service qubes_core!" %preun if [ "$1" = 0 ] ; then # no more packages left - chkconfig qubes_core off - mv /var/lib/qubes/fstab.orig /etc/fstab - mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/ - mv /var/lib/qubes/serial.orig /etc/init/serial.conf + chkconfig qubes_core_appvm off fi %clean @@ -190,8 +109,7 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) -/etc/fstab -/etc/init.d/qubes_core +/etc/init.d/qubes_core_appvm /usr/bin/qvm-copy-to-vm /usr/lib/qubes/qvm-copy-to-vm.kde %attr(4755,root,root) /usr/bin/qvm-open-in-dvm @@ -202,13 +120,9 @@ rm -rf $RPM_BUILD_ROOT %attr(4755,root,root) /usr/lib/qubes/qubes_penctl /usr/lib/qubes/qubes_add_pendrive_script /etc/udev/rules.d/qubes.rules -/etc/sysconfig/iptables -/var/lib/qubes %dir /mnt/incoming %dir /mnt/outgoing %dir /mnt/removable -/etc/yum.repos.d/qubes.repo -/sbin/qubes_serial_login /usr/bin/qubes_timestamp %dir /home_volatile %attr(700,user,user) /home_volatile/user diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index 6bd6a808..389cfb61 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -97,6 +97,7 @@ cp restore/qubes_prepare_saved_domain.sh $RPM_BUILD_ROOT/usr/lib/qubes mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/vm-templates mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/appvms +mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/servicevms mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/backup mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dvmdata @@ -285,6 +286,7 @@ fi %attr(770,root,qubes) %dir /var/lib/qubes %attr(770,root,qubes) %dir /var/lib/qubes/vm-templates %attr(770,root,qubes) %dir /var/lib/qubes/appvms +%attr(770,root,qubes) %dir /var/lib/qubes/servicevms %attr(770,root,qubes) %dir /var/lib/qubes/backup %attr(770,root,qubes) %dir /var/lib/qubes/dvmdata %dir /usr/share/qubes/icons/*.png diff --git a/rpm_spec/core-netvm.spec b/rpm_spec/core-netvm.spec index d03591a1..f813e373 100644 --- a/rpm_spec/core-netvm.spec +++ b/rpm_spec/core-netvm.spec @@ -34,6 +34,7 @@ URL: http://www.qubes-os.org Requires: /usr/bin/xenstore-read Requires: fedora-release = 13 Requires: NetworkManager >= 0.8.1-1 +Requires: qubes-core-commonvm Provides: qubes-core-vm %define _builddir %(pwd)/netvm @@ -43,22 +44,13 @@ The Qubes core files for installation inside a Qubes NetVM. %pre -mkdir -p $RPM_BUILD_ROOT/var/lib/qubes -if [ -e $RPM_BUILD_ROOT/etc/fstab ] ; then -mv $RPM_BUILD_ROOT/etc/fstab $RPM_BUILD_ROOT/var/lib/qubes/fstab.orig -fi - - %build %install -mkdir -p $RPM_BUILD_ROOT/etc/sysconfig -cp ../common/iptables $RPM_BUILD_ROOT/etc/sysconfig mkdir -p $RPM_BUILD_ROOT/etc -cp fstab $RPM_BUILD_ROOT/etc/fstab mkdir -p $RPM_BUILD_ROOT/etc/init.d -cp qubes_core $RPM_BUILD_ROOT/etc/init.d/ +cp qubes_core_netvm $RPM_BUILD_ROOT/etc/init.d/ mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes cp ../common/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/usr/lib/qubes @@ -68,19 +60,10 @@ ln -s /usr/lib/qubes/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/etc/dhclient.d/qubes mkdir -p $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ cp ../common/qubes_nmhook $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ cp ../netvm/30-qubes_external_ip $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ -mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d -cp ../netvm/qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d -mkdir -p $RPM_BUILD_ROOT/sbin -cp ../common/qubes_serial_login $RPM_BUILD_ROOT/sbin -mkdir -p $RPM_BUILD_ROOT/etc -cp ../common/serial.conf $RPM_BUILD_ROOT/var/lib/qubes/ mkdir -p $RPM_BUILD_ROOT/var/run/qubes mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts -%triggerin -- initscripts -cp /var/lib/qubes/serial.conf /etc/init/serial.conf - %post /usr/lib/qubes/qubes_fix_nm_conf.sh @@ -90,81 +73,14 @@ if [ "$1" != 1 ] ; then exit 0 fi -sed 's/^net.ipv4.ip_forward.*/net.ipv4.ip_forward = 1/' -i /etc/sysctl.conf -usermod -L root -if ! [ -f /var/lib/qubes/serial.orig ] ; then - cp /etc/init/serial.conf /var/lib/qubes/serial.orig -fi +chkconfig --add qubes_core_netvm || echo "WARNING: Cannot add service qubes_core!" +chkconfig qubes_core_netvm on || echo "WARNING: Cannot enable service qubes_core!" -#echo "--> Disabling SELinux..." -sed -e s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config.processed -mv /etc/selinux/config.processed /etc/selinux/config -setenforce 0 2>/dev/null - -#echo "--> Turning off unnecessary services..." -# FIXME: perhaps there is more elegant way to do this? -for f in /etc/init.d/* -do - srv=`basename $f` - [ $srv = 'functions' ] && continue - [ $srv = 'killall' ] && continue - [ $srv = 'halt' ] && continue - [ $srv = 'single' ] && continue - chkconfig $srv off -done - -#echo "--> Enabling essential services..." -chkconfig iptables on -chkconfig rsyslog on -chkconfig haldaemon on -chkconfig messagebus on -chkconfig NetworkManager on -chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!" -chkconfig qubes_core on || echo "WARNING: Cannot enable service qubes_core!" - - -# TODO: make this not display the silly message about security context... -sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab - -# Remove most of the udev scripts to speed up the VM boot time -# Just leave the xen* scripts, that are needed if this VM was -# ever used as a net backend (e.g. as a VPN domain in the future) -#echo "--> Removing unnecessary udev scripts..." -mkdir -p /var/lib/qubes/removed-udev-scripts -for f in /etc/udev/rules.d/* -do - if [ $(basename $f) == "xen-backend.rules" ] ; then - continue - fi - - if [ $(basename $f) == "xend.rules" ] ; then - continue - fi - - if [ $(basename $f) == "qubes.rules" ] ; then - continue - fi - - if [ $(basename $f) == "90-hal.rules" ] ; then - continue - fi - - - mv $f /var/lib/qubes/removed-udev-scripts/ -done - -#rm -f /etc/mtab -#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0" -#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig -#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0 %preun if [ "$1" = 0 ] ; then # no more packages left - chkconfig qubes_core off - mv /var/lib/qubes/fstab.orig /etc/fstab - mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/ - mv /var/lib/qubes/serial.orig /etc/init/serial.conf + chkconfig qubes_core_netvm off fi %clean @@ -172,16 +88,11 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) -/etc/fstab -/etc/sysconfig/iptables -/etc/init.d/qubes_core -/var/lib/qubes +/etc/init.d/qubes_core_netvm /usr/lib/qubes/qubes_setup_dnat_to_ns /usr/lib/qubes/qubes_fix_nm_conf.sh /etc/dhclient.d/qubes_setup_dnat_to_ns.sh /etc/NetworkManager/dispatcher.d/qubes_nmhook /etc/NetworkManager/dispatcher.d/30-qubes_external_ip -/etc/yum.repos.d/qubes.repo -/sbin/qubes_serial_login /etc/xen/scripts/vif-route-qubes %dir /var/run/qubes