From 0fd8da62b6499945531707f59392cdb5d8ef0b8e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?=
 <frederic.pierret@qubes-os.org>
Date: Tue, 16 Apr 2019 11:39:44 +0200
Subject: [PATCH 1/3] Handle tinyproxy path changed in upstream

Related commit https://github.com/tinyproxy/tinyproxy/commit/8d0ea71486688323fff65bc3730bae209a70db7b
Fixes QubesOS/qubes-issues#4973 and QubesOS/qubes-issues#4929
---
 Makefile                               |  3 ++-
 debian/qubes-core-agent.install        |  1 +
 misc/tinyproxy-wrapper                 | 12 ++++++++++++
 rpm_spec/core-agent.spec.in            |  1 +
 vm-init.d/qubes-updates-proxy          |  2 +-
 vm-systemd/qubes-updates-proxy.service |  3 +--
 6 files changed, 18 insertions(+), 4 deletions(-)
 create mode 100644 misc/tinyproxy-wrapper

diff --git a/Makefile b/Makefile
index 4ee4c43..4dbca0d 100644
--- a/Makefile
+++ b/Makefile
@@ -314,7 +314,8 @@ install-common: install-doc
 
 	install -D -m 0644 misc/marker-vm $(DESTDIR)/usr/share/qubes/marker-vm
 	cut -f 1,2 -d . version >> $(DESTDIR)/usr/share/qubes/marker-vm
-
+	
+	install -m 0755 misc/tinyproxy-wrapper $(DESTDIR)/usr/lib/qubes/tinyproxy-wrapper
 
 	install -d $(DESTDIR)/var/run/qubes
 	install -d $(DESTDIR)/rw
diff --git a/debian/qubes-core-agent.install b/debian/qubes-core-agent.install
index 27f697c..4a09cab 100644
--- a/debian/qubes-core-agent.install
+++ b/debian/qubes-core-agent.install
@@ -136,6 +136,7 @@ usr/lib/qubes/upgrades-installed-check
 usr/lib/qubes/upgrades-status-notify
 usr/lib/qubes/vm-file-editor
 usr/lib/qubes/xdg-icon
+usr/lib/qubes/tinyproxy-wrapper
 usr/lib/systemd/user/pulseaudio.service.d/30_qubes.conf
 usr/lib/systemd/user/pulseaudio.socket.d/30_qubes.conf
 usr/share/glib-2.0/schemas/*
diff --git a/misc/tinyproxy-wrapper b/misc/tinyproxy-wrapper
new file mode 100644
index 0000000..e4b056e
--- /dev/null
+++ b/misc/tinyproxy-wrapper
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [ -e /usr/sbin/tinyproxy ]; then
+    echo "Found tinyproxy at /usr/sbin/tinyproxy"
+    /usr/sbin/tinyproxy "$@"
+elif [ -e /usr/bin/tinyproxy ]; then
+    echo "Found tinyproxy at /usr/bin/tinyproxy"
+    /usr/bin/tinyproxy "$@"
+else
+    echo "tinyproxy not found"
+    exit 1
+fi
diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in
index ac23eb6..0d3e3a1 100644
--- a/rpm_spec/core-agent.spec.in
+++ b/rpm_spec/core-agent.spec.in
@@ -645,6 +645,7 @@ rm -f %{name}-%{version}
 /usr/lib/qubes/upgrades-status-notify
 /usr/lib/qubes/qubes-sync-clock
 /usr/lib/qubes/resize-rootfs
+/usr/lib/qubes/tinyproxy-wrapper
 /usr/lib/yum-plugins/yum-qubes-hooks.py*
 /usr/lib/dracut/dracut.conf.d/30-qubes.conf
 %dir /usr/lib/qubes/init
diff --git a/vm-init.d/qubes-updates-proxy b/vm-init.d/qubes-updates-proxy
index 0dd18d0..d55421d 100755
--- a/vm-init.d/qubes-updates-proxy
+++ b/vm-init.d/qubes-updates-proxy
@@ -28,7 +28,7 @@
 # Check that networking is up.
 [ "$NETWORKING" = "no" ] && exit 0
 
-exec="/usr/sbin/tinyproxy"
+exec="$(command -v tinyproxy)"
 prog=$(basename $exec)
 config="/etc/tinyproxy/tinyproxy-updates.conf"
 pidfile="/var/run/tinyproxy-updates/tinyproxy.pid"
diff --git a/vm-systemd/qubes-updates-proxy.service b/vm-systemd/qubes-updates-proxy.service
index 5f811a5..eca25bb 100644
--- a/vm-systemd/qubes-updates-proxy.service
+++ b/vm-systemd/qubes-updates-proxy.service
@@ -1,12 +1,11 @@
 [Unit]
 Description=Qubes updates proxy (tinyproxy)
-ConditionPathExists=|/var/run/qubes-service/qubes-yum-proxy
 ConditionPathExists=|/var/run/qubes-service/qubes-updates-proxy
 After=qubes-iptables.service
 
 [Service]
 ExecStartPre=/usr/lib/qubes/iptables-updates-proxy start
-ExecStart=/usr/sbin/tinyproxy -d -c /etc/tinyproxy/tinyproxy-updates.conf
+ExecStart=/bin/bash -c '/usr/lib/qubes/tinyproxy-wrapper -d -c /etc/tinyproxy/tinyproxy-updates.conf'
 ExecStopPost=/usr/lib/qubes/iptables-updates-proxy stop
 Restart=on-failure
 RestartSec=5s

From 94dad3640cb6cfe3540a971fa05712fa78ee6bbb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?=
 <frederic.pierret@qubes-os.org>
Date: Wed, 17 Apr 2019 11:37:03 +0200
Subject: [PATCH 2/3] Use exec to ease systemd handling the tinyproxy process

From Marek's comments
---
 misc/tinyproxy-wrapper                 | 4 ++--
 vm-systemd/qubes-updates-proxy.service | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/misc/tinyproxy-wrapper b/misc/tinyproxy-wrapper
index e4b056e..672c45b 100644
--- a/misc/tinyproxy-wrapper
+++ b/misc/tinyproxy-wrapper
@@ -2,10 +2,10 @@
 
 if [ -e /usr/sbin/tinyproxy ]; then
     echo "Found tinyproxy at /usr/sbin/tinyproxy"
-    /usr/sbin/tinyproxy "$@"
+    exec /usr/sbin/tinyproxy "$@"
 elif [ -e /usr/bin/tinyproxy ]; then
     echo "Found tinyproxy at /usr/bin/tinyproxy"
-    /usr/bin/tinyproxy "$@"
+    exec /usr/bin/tinyproxy "$@"
 else
     echo "tinyproxy not found"
     exit 1
diff --git a/vm-systemd/qubes-updates-proxy.service b/vm-systemd/qubes-updates-proxy.service
index eca25bb..0aec98d 100644
--- a/vm-systemd/qubes-updates-proxy.service
+++ b/vm-systemd/qubes-updates-proxy.service
@@ -5,7 +5,7 @@ After=qubes-iptables.service
 
 [Service]
 ExecStartPre=/usr/lib/qubes/iptables-updates-proxy start
-ExecStart=/bin/bash -c '/usr/lib/qubes/tinyproxy-wrapper -d -c /etc/tinyproxy/tinyproxy-updates.conf'
+ExecStart=/usr/lib/qubes/tinyproxy-wrapper -d -c /etc/tinyproxy/tinyproxy-updates.conf
 ExecStopPost=/usr/lib/qubes/iptables-updates-proxy stop
 Restart=on-failure
 RestartSec=5s

From 46c2b9789d29faddd02971b7fee298c93e14800b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?=
 <frederic.pierret@qubes-os.org>
Date: Wed, 17 Apr 2019 13:33:04 +0200
Subject: [PATCH 3/3] qubes-updates-proxy: make ShellCheck happy

---
 vm-init.d/qubes-updates-proxy | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/vm-init.d/qubes-updates-proxy b/vm-init.d/qubes-updates-proxy
index d55421d..d4353f8 100755
--- a/vm-init.d/qubes-updates-proxy
+++ b/vm-init.d/qubes-updates-proxy
@@ -29,7 +29,7 @@
 [ "$NETWORKING" = "no" ] && exit 0
 
 exec="$(command -v tinyproxy)"
-prog=$(basename $exec)
+prog=$(basename "$exec")
 config="/etc/tinyproxy/tinyproxy-updates.conf"
 pidfile="/var/run/tinyproxy-updates/tinyproxy.pid"
 
@@ -46,14 +46,14 @@ start() {
         exit 0
     fi
 
-    [ -x $exec ] || exit 5
+    [ -x "$exec" ] || exit 5
     [ -f $config ] || exit 6
     # setup network redirection
     /sbin/iptables -I INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
     /sbin/iptables -t nat -A PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
 
     echo -n $"Starting $prog (as Qubes updates proxy): "
-    daemon $exec -c $config
+    daemon "$exec" -c $config
     retval=$?
     echo
     [ $retval -eq 0 ] && touch $lockfile