|
|
@@ -212,12 +212,59 @@ APPENDLINE=$3
|
|
|
grep -q "$APPENDLINE" "$FILE" || sed "/$APPENDAFTERLINE/a$APPENDLINE" -i "$FILE"
|
|
|
}
|
|
|
|
|
|
+config_cleanupmark() {
|
|
|
+FILE="$1"
|
|
|
+BEGINMARK="$2"
|
|
|
+ENDMARK="$3"
|
|
|
+if grep -q "$BEGINMARK" "$FILE"; then
|
|
|
+ if grep -q "$ENDMARK" "$FILE"; then
|
|
|
+ cp "$FILE" "$FILE.qubes-update-orig"
|
|
|
+ sed -i -e "/^$BEGINMARK\$/,/^$ENDMARK\$/{
|
|
|
+ /^$ENDMARK\$/b
|
|
|
+ /^$BEGINMARK$/!d
|
|
|
+ }" "$FILE"
|
|
|
+ rm -f "$FILE.qubes-update-orig"
|
|
|
+ else
|
|
|
+ echo "ERROR: found $BEGINMARK marker but not $ENDMARK in $FILE. Please cleanup this file manually."
|
|
|
+ fi
|
|
|
+elif grep -q "$ENDMARK" "$FILE"; then
|
|
|
+ echo "ERROR: found $ENDMARK marker but not $BEGINMARK in $FILE. Please cleanup this file manually."
|
|
|
+fi
|
|
|
+}
|
|
|
+
|
|
|
update_finalize() {
|
|
|
|
|
|
# Archlinux specific: Prepare pacman.conf to add qubes specific config
|
|
|
QUBES_MARKER="### QUBES CONFIG MARKER ###"
|
|
|
config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "$QUBES_MARKER"
|
|
|
|
|
|
+ # Ensure pam.d will not be modified by archlinux package updates
|
|
|
+ config_appendtomark '/etc/pacman.conf' "$QUBES_MARKER" 'NoUpgrade = etc/pam.d/su'
|
|
|
+ config_appendtomark '/etc/pacman.conf' "$QUBES_MARKER" 'NoUpgrade = etc/pam.d/su-l'
|
|
|
+
|
|
|
+ # Add Qubes setup script markers at the right place (this won't work at the end of pacman.conf)"
|
|
|
+ config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "### QUBES END ###"
|
|
|
+ config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "### QUBES BEGIN ###"
|
|
|
+
|
|
|
+
|
|
|
+ ## Archlinux specific: Cleanup pre pacman.d qubes marker
|
|
|
+ ## Commented out until pacman.d snipped are supported
|
|
|
+ #QUBES_MARKER="### QUBES CONFIG MARKER ###"
|
|
|
+ #if grep -q "$QUBES_MARKER" /etc/pacman.conf; then
|
|
|
+ # if ! grep -q "### QUBES CONFIG END MARKER ###" /etc/pacman.conf; then
|
|
|
+ # # Perform cleanup before continuing
|
|
|
+ # config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "### QUBES CONFIG END MARKER ###"
|
|
|
+ # config_cleanupmark "/etc/pacman.conf" "$QUBES_MARKER" "### QUBES CONFIG END MARKER ###"
|
|
|
+ # fi
|
|
|
+ #fi
|
|
|
+ #config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "$QUBES_MARKER"
|
|
|
+ #config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "### QUBES CONFIG END MARKER ###"
|
|
|
+ #
|
|
|
+ ## Add qubes includes
|
|
|
+ #config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "Include /etc/pacman.d/qubes-noupdate.conf"
|
|
|
+ #config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "Include /etc/pacman.d/qubes-updateproxy.conf"
|
|
|
+ #config_prependtomark "/etc/pacman.conf" "### QUBES CONFIG END MARKER ###" "Include /etc/pacman.d/qubes-repositories.conf"
|
|
|
+
|
|
|
# Archlinux specific: Update pam.d configuration for su to enable systemd-login wrapper
|
|
|
# Also remove pam_unix.so from su configuration
|
|
|
# as system-login (which include system-auth) already gives pam_unix.so
|
|
|
@@ -237,20 +284,12 @@ account include system-login
|
|
|
session include system-login
|
|
|
EOF
|
|
|
cp /etc/pam.d/su /etc/pam.d/su-l
|
|
|
-
|
|
|
- echo "Ensure pam.d will not be modified by archlinux package updates"
|
|
|
- config_appendtomark '/etc/pacman.conf' "$QUBES_MARKER" 'NoUpgrade = etc/pam.d/su'
|
|
|
- config_appendtomark '/etc/pacman.conf' "$QUBES_MARKER" 'NoUpgrade = etc/pam.d/su-l'
|
|
|
fi
|
|
|
|
|
|
# Archlinux specific: ensure tty1 is enabled
|
|
|
rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
|
|
|
systemctl enable getty\@tty1.service
|
|
|
-
|
|
|
- # Add Qubes setup script markers at the right place (this won't work at the end of pacman.conf)"
|
|
|
- config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "### QUBES END ###"
|
|
|
- config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "### QUBES BEGIN ###"
|
|
|
-
|
|
|
+
|
|
|
systemctl daemon-reload
|
|
|
}
|
|
|
|
Olivier MEDOC