vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy (#568)
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it is reasonable to bypass the proxy. Some examples: - usage of non-standard repos with some exotic file layout, which will be blocked by the proxy - usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM) This commit introduces 'yum-proxy-setup' pseudo-service, which can be controlled via standard qvm-service or qubes-manager. When enabled - yum will be configured at VM startup to use qubes proxy, otherwise - to connect directly (proxy setting will be cleared).
This commit is contained in:
parent
332e9008f0
commit
edc3518ec9
@ -131,6 +131,9 @@ install -m 0644 -D network/iptables $RPM_BUILD_ROOT/etc/sysconfig/iptables
|
||||
install -m 0644 -D network/tinyproxy-qubes-yum.conf $RPM_BUILD_ROOT/etc/tinyproxy/tinyproxy-qubes-yum.conf
|
||||
install -m 0644 -D network/filter-qubes-yum $RPM_BUILD_ROOT/etc/tinyproxy/filter-qubes-yum
|
||||
|
||||
install -d $RPM_BUILD_ROOT/etc/yum.conf.d
|
||||
touch $RPM_BUILD_ROOT/etc/yum.conf.d/qubes-proxy.conf
|
||||
|
||||
install -d $RPM_BUILD_ROOT/usr/sbin
|
||||
install network/qubes_firewall $RPM_BUILD_ROOT/usr/sbin/
|
||||
install network/qubes_netwatcher $RPM_BUILD_ROOT/usr/sbin/
|
||||
@ -236,6 +239,12 @@ fi
|
||||
# Remove ip_forward setting from sysctl, so NM will not reset it
|
||||
sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf
|
||||
|
||||
if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf'; then
|
||||
echo >> /etc/yum.conf
|
||||
echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf
|
||||
echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf
|
||||
fi
|
||||
|
||||
# Prevent unnecessary updates in VMs:
|
||||
sed -i -e '/^exclude = kernel/d' /etc/yum.conf
|
||||
echo 'exclude = kernel, xorg-x11-drv-*, xorg-x11-drivers, xorg-x11-server-*' >> /etc/yum.conf
|
||||
@ -343,6 +352,7 @@ rm -rf $RPM_BUILD_ROOT
|
||||
/etc/udev/rules.d/99-qubes_block.rules
|
||||
/etc/udev/rules.d/99-qubes_network.rules
|
||||
/etc/xen/scripts/vif-route-qubes
|
||||
/etc/yum.conf.d/qubes-proxy.conf
|
||||
/etc/yum.repos.d/qubes.repo
|
||||
/etc/yum/post-actions/qubes_trigger_sync_appmenus.action
|
||||
/lib/firmware/updates
|
||||
|
@ -36,6 +36,13 @@ start()
|
||||
echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
|
||||
fi
|
||||
|
||||
yum_proxy_setup=$(/usr/bin/xenstore-read qubes-service/yum-proxy-setup 2> /dev/null)
|
||||
if [ "$yum_proxy_setup" != "0" ]; then
|
||||
echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
|
||||
else
|
||||
echo > /etc/yum.conf.d/qubes-proxy.conf
|
||||
fi
|
||||
|
||||
# Set IP address again (besides action in udev rules); this is needed by
|
||||
# DispVM (to override DispVM-template IP) and in case when qubes_ip was
|
||||
# called by udev before loading evtchn kernel module - in which case
|
||||
|
@ -1,5 +1,11 @@
|
||||
#!/bin/sh
|
||||
|
||||
if [ -f /var/run/qubes-service/yum-proxy-setup ]; then
|
||||
echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
|
||||
else
|
||||
echo > /etc/yum.conf.d/qubes-proxy.conf
|
||||
fi
|
||||
|
||||
# Set IP address again (besides action in udev rules); this is needed by
|
||||
# DispVM (to override DispVM-template IP) and in case when qubes_ip was
|
||||
# called by udev before loading evtchn kernel module - in which case
|
||||
|
Loading…
Reference in New Issue
Block a user