core-agent-linux/init/setup-rw.sh

106 lines
3.8 KiB
Bash
Raw Normal View History

#!/bin/sh
if mountpoint -q /rw ; then
# This means /rw is mounted now.
echo "Checking /rw" >&2
if ! [ -d /rw/config ] ; then
echo "Virgin boot of the VM: populating /rw/config" >&2
mkdir -p /rw/config
touch /rw/config/rc.local
cat > /rw/config/rc.local <<EOF
#!/bin/sh
# This script will be executed at every VM startup, you can place your own
# custom commands here. This include overriding some configuration in /etc,
# starting services etc.
#
# You need to make this script executable to have it enabled.
# Example for overriding the whole CUPS configuration:
# rm -rf /etc/cups
# ln -s /rw/config/cups /etc/cups
# systemctl --no-block restart cups
EOF
touch /rw/config/qubes-firewall-user-script
cat > /rw/config/qubes-firewall-user-script <<EOF
#!/bin/sh
# This script is called in ProxyVM after firewall every update (configuration
# change, starting some VM etc). This is good place to write own custom
# firewall rules, in addition to autogenerated one. Remember that in most cases
# you'll need to insert the rules at the beginning (iptables -I) to have it
# efective.
#
# You need to make this script executable to have it enabled.
EOF
touch /rw/config/suspend-module-blacklist
cat > /rw/config/suspend-module-blacklist <<EOF
# You can list here modules you want to be unloaded before going to sleep. This
# file is used only if the VM has any PCI device assigned. Modules will be
# automatically loaded after resume.
EOF
fi
if ! [ -d /rw/usrlocal ] ; then
if [ -d /usr/local.orig ] ; then
echo "Virgin boot of the VM: populating /rw/usrlocal from /usr/local.orig" >&2
cp -af /usr/local.orig /rw/usrlocal
else
echo "Virgin boot of the VM: creating /rw/usrlocal" >&2
mkdir -p /rw/usrlocal
fi
fi
if ! [ -d /rw/home ] ; then
echo "Virgin boot of the VM: populating /rw/home" >&2
mkdir -p /rw/home
fi
# Chown home if users' UIDs have changed - can be the case on template switch.
for pair in $(getent passwd | awk -F : '/\/home/ { print $1":"$3":"$4":"$6 } ') ; do
user=$(echo "$pair" | awk -F : ' { print $1 } ')
uid=$(echo "$pair" | awk -F : ' { print $2 } ')
gid=$(echo "$pair" | awk -F : ' { print $3 } ')
homedir=$(echo "$pair" | awk -F : ' { print $4 } ')
if ! test -d /rw"$homedir" ; then
if [ "$homedir" == "/home/user" -a -d /home.orig/"$user" ] ; then
echo "Virgin boot of the VM: populating /rw$homedir from /home.orig/$user" >&2
cp -af /home.orig/"$user" /rw"$homedir"
else
echo "Virgin boot of the VM: populating /rw$homedir from /etc/skel" >&2
cp -af /etc/skel /rw"$homedir"
fi
chown -R "$uid" /rw"$homedir" &
chgrp -R "$gid" /rw"$homedir" &
chmod 700 /rw"$homedir" &
wait
fi
homedir_uid=$(ls -dn /rw"$homedir" | awk '{print $3}')
homedir_gid=$(ls -dn /rw"$homedir" | awk '{print $4}')
if [ "$uid" -ne "$homedir_uid" ]; then
echo "Virgin boot of the VM: adjusting ownership on /rw$homedir to $uid" >&2
find /rw/"$homedir" -uid "$homedir_uid" -print0 | xargs -0 echo chown "$uid"
fi
if [ "$gid" -ne "$homedir_gid" ]; then
echo "Virgin boot of the VM: adjusting groupship on /rw$homedir to $gid" >&2
find /rw/"$homedir" -gid "$homedir_gid" -print0 | xargs -0 echo chgrp "$gid"
fi
done
echo "Finished checking /rw" >&2
fi
# Old Qubes versions had symlink /home -> /rw/home; now we use mount --bind
if [ -L /home ]; then
rm /home
mkdir /home
fi
if [ ! -e /var/lib/qubes/first-boot-completed ]; then
touch /var/lib/qubes/first-boot-completed
fi