Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge

common/qubes_fix_nm_conf.sh

@@ -3,6 +3,8 @@ FILE=/etc/NetworkManager/NetworkManager.conf
 VIFMAC=mac:fe:ff:ff:ff:ff:ff
 if ! grep -q ^plugins.*keyfile $FILE ; then
 	sed -i 's/^plugins.*$/&,keyfile/' $FILE
+fi
+if ! grep -q '^\[keyfile\]$' $FILE ; then
 	echo '[keyfile]' >> $FILE
 fi
 if ! grep -q ^unmanaged-devices $FILE ; then

dom0/init.d/qubes_setupdvm

@@ -30,20 +30,33 @@ start()
     if ! [ -f $ROOT ] ; then create_neeed=1 ; fi
     if [ $ROOT -nt $DEFAULT ] ; then create_neeed=1 ; fi
     if [ $create_neeed = 1 ] ; then
-        echo Creating the default DVM. This may take up to 2 minutes...
-        qvm-create-default-dvm --default-template --default-script 
+        MSG="Creating default DVM. This may take up to 2 minutes..."
+        echo " $MSG"
+        if [ -x /usr/bin/plymouth ]; then
+            /usr/bin/plymouth message --text="$MSG"
+            /usr/bin/plymouth pause-progress
+        fi
+        qvm-create-default-dvm --default-template --default-script
+        DVMDIR="/var/lib/qubes/appvms/`qvm-get-default-template`-dvm"
+        /bin/chown -R root.qubes "$DVMDIR"
+        /bin/chmod -R ug=rwX,o=rX "$DVMDIR"
+        if [ -x /usr/bin/plymouth ]; then
+            /usr/bin/plymouth message --text=""
+            /usr/bin/plymouth unpause-progress
+        fi
+        success
         return
-    fi   	
+    fi
     if [ -f /var/lib/qubes/dvmdata/dont_use_shm ] ; then
         ln -s $DEFAULT /var/run/qubes/current_savefile
     else
-    	mkdir -m 770 /dev/shm/qubes
-    	chown root.qubes /dev/shm/qubes
-    	cp $DEFAULT /dev/shm/qubes/current_savefile
-    	chown root.qubes /dev/shm/qubes/current_savefile
-    	chmod 660 /dev/shm/qubes/current_savefile
-    	ln -s /dev/shm/qubes/current_savefile /var/run/qubes/current_savefile
-    fi 
+        mkdir -m 770 /dev/shm/qubes
+        chown root.qubes /dev/shm/qubes
+        cp $DEFAULT /dev/shm/qubes/current_savefile
+        chown root.qubes /dev/shm/qubes/current_savefile
+        chmod 660 /dev/shm/qubes/current_savefile
+        ln -s /dev/shm/qubes/current_savefile /var/run/qubes/current_savefile
+    fi
 
     touch /var/lock/subsys/qubes_setupdvm
     success
@@ -60,15 +73,15 @@ stop()
 
 case "$1" in
   start)
-	start
-	;;
+    start
+    ;;
   stop)
-	stop
-	;;
+    stop
+    ;;
   *)
-	echo $"Usage: $0 {start|stop}"
-	exit 3
-	;;
+    echo $"Usage: $0 {start|stop}"
+    exit 3
+    ;;
 esac
 
 exit $RETVAL

dom0/qvm-core/qubes.py

@@ -1340,7 +1340,7 @@ class QubesProxyVm(QubesNetVm):
             iptables += "-A FORWARD -i vif{0}.0 -j {1}\n".format(xid, default_action)
 
         iptables += "#End of VM rules\n"
-        iptables += "-A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT\n"
+        iptables += "-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT\n"
         iptables += "-A FORWARD -j DROP\n"
 
         iptables += "COMMIT"

proxyvm/bin/qubes_netwatcher

@@ -18,6 +18,7 @@ while true; do
 			/sbin/service qubes_firewall stop
 			/sbin/service qubes_firewall start
 			CURR_NETCFG="$NETCFG"
+			/usr/bin/xenstore-write qubes_netvm_external_ip "$CURR_NETCFG"
 		fi
 
 		/usr/bin/xenstore-watch /local/domain/$NET_DOMID/qubes_netvm_external_ip

rpm_spec/core-netvm.spec

@@ -68,6 +68,12 @@ cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts
 
 %post
 
+# Create NetworkManager configuration if we do not have it
+if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
+echo '[main]' > /etc/NetworkManager/NetworkManager.conf
+echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
+echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
+fi
 /usr/lib/qubes/qubes_fix_nm_conf.sh
 
 chkconfig --add qubes_core_netvm || echo "WARNING: Cannot add service qubes_core!"