diff --git a/Makefile.builder b/Makefile.builder index 896eee4..44be931 100644 --- a/Makefile.builder +++ b/Makefile.builder @@ -1,3 +1,4 @@ ifeq ($(PACKAGE_SET),vm) RPM_SPEC_FILES := rpm_spec/core-vm-doc.spec rpm_spec/core-vm-kernel-placeholder.spec rpm_spec/core-vm.spec +ARCH_BUILD_DIRS := archlinux endif diff --git a/archlinux/PKGBUILD b/archlinux/PKGBUILD new file mode 100644 index 0000000..6cdd0d3 --- /dev/null +++ b/archlinux/PKGBUILD @@ -0,0 +1,88 @@ +# This is an example PKGBUILD file. Use this as a start to creating your own, +# and remove these comments. For more information, see 'man PKGBUILD'. +# NOTE: Please fill out the license field for your package! If it is unknown, +# then please put 'unknown'. + +# Maintainer: Olivier Medoc +pkgname=qubes-vm-core +pkgver=`cat version` +pkgrel=3 +epoch= +pkgdesc="The Qubes core files for installation inside a Qubes VM." +arch=("x86_64") +url="http://qubes-os.org/" +license=('GPL') +groups=() +depends=(qubes-libvchan qubes-vm-utils) +makedepends=(qubes-vm-utils) +checkdepends=() +optdepends=() +provides=() +conflicts=() +replaces=() +backup=() +options=() +install=PKGBUILD.install +changelog= + +source=() + +noextract=() +md5sums=() #generate with 'makepkg -g' + + +build() { + +for source in qubes-rpc qrexec misc Makefile.core vm-init.d vm-systemd network ; do + (ln -s $srcdir/../$source $srcdir/$source) +done + +# Fix for building with python2 +export PYTHON=python2 +sed 's:python:python2:g' -i misc/Makefile + +# Fix for network tools paths +sed 's:/sbin/ifconfig:ifconfig:g' -i network/* +sed 's:/sbin/route:route:g' -i network/* +sed 's:/sbin/ethtool:ethtool:g' -i network/* +sed 's:/sbin/ip:ip:g' -i network/* +sed 's:/bin/grep:grep:g' -i network/* + +for dir in qubes-rpc qrexec misc; do + (cd $dir; make) +done + +} + +package() { + + (cd qrexec; make install DESTDIR=$pkgdir) + + make -f ./Makefile.core install-vm DESTDIR=$pkgdir DIST=archlinux + + # Convert module loading to ARCHLINUX + mkdir -p $pkgdir/etc/modules-load.d/ + + #misc/qubes-core.modules + echo xen-evtchn > $pkgdir/etc/modules-load.d/qubes_core.conf + echo xen-blkback >> $pkgdir/etc/modules-load.d/qubes_core.conf + # Note : need to compile pvusb drivers for this last one? + echo xen-usbfront >> $pkgdir/etc/modules-load.d/qubes_core.conf + + #misc/qubes-misc.modules + #install -D misc/qubes_misc.modules $pkgdir/etc/sysconfig/modules/qubes_misc.modules + echo dummy-hcd > $pkgdir/etc/modules-load.d/qubes_misc.conf + + # Note: appears in the gui package but required for qrexec agent to work + echo u2mfn > $pkgdir/etc/modules-load.d/qubes_u2mfn.conf + + # Remove things non wanted in archlinux + rm -r $pkgdir/etc/yum* + rm -r $pkgdir/etc/init.d + # Remove fedora specific scripts + rm $pkgdir/etc/fstab + +} + +# vim:set ts=2 sw=2 et: + diff --git a/archlinux/PKGBUILD.install b/archlinux/PKGBUILD.install new file mode 100644 index 0000000..4089248 --- /dev/null +++ b/archlinux/PKGBUILD.install @@ -0,0 +1,209 @@ + +remove_ShowIn () { + if [ -e /etc/xdg/autostart/$1.desktop ]; then + sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop + fi +} + +update_xdgstart () { + +# don't want it at all +for F in abrt-applet deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto gnome-power-manager gnome-sound-applet gnome-screensaver orca-autostart; do + if [ -e /etc/xdg/autostart/$F.desktop ]; then + remove_ShowIn $F + echo 'NotShowIn=QUBES;' >> /etc/xdg/autostart/$F.desktop + fi +done + +# don't want it in DisposableVM +for F in gcm-apply ; do + if [ -e /etc/xdg/autostart/$F.desktop ]; then + remove_ShowIn $F + echo 'NotShowIn=DisposableVM;' >> /etc/xdg/autostart/$F.desktop + fi +done + +# want it in AppVM only +for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do + if [ -e /etc/xdg/autostart/$F.desktop ]; then + remove_ShowIn $F + echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop + fi +done + +# remove existing rule to add own later +for F in gpk-update-icon nm-applet ; do + remove_ShowIn $F +done + +echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || : +echo 'OnlyShowIn=GNOME;NetVM;' >> /etc/xdg/autostart/nm-applet.desktop || : + +} + +update_qubesconfig () { + +# Create NetworkManager configuration if we do not have it +if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then +echo '[main]' > /etc/NetworkManager/NetworkManager.conf +echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf +echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf +fi +/usr/lib/qubes/qubes-fix-nm-conf.sh + +# Remove ip_forward setting from sysctl, so NM will not reset it +sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf + +# Install firmware link only on system which haven't it yet +if ! [ -e /lib/firmware/updates ]; then + ln -s /lib/modules/firmware /lib/firmware/updates +fi + +# qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content +if ! grep -q localhost /etc/hosts; then + cat < /etc/hosts +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 `hostname` +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +EOF +fi + +# Remove most of the udev scripts to speed up the VM boot time +# Just leave the xen* scripts, that are needed if this VM was +# ever used as a net backend (e.g. as a VPN domain in the future) +#echo "--> Removing unnecessary udev scripts..." +mkdir -p /var/lib/qubes/removed-udev-scripts +for f in /etc/udev/rules.d/* +do + if [ $(basename $f) == "xen-backend.rules" ] ; then + continue + fi + + if [ $(basename $f) == "50-qubes-misc.rules" ] ; then + continue + fi + + if echo $f | grep -q qubes; then + continue + fi + + mv $f /var/lib/qubes/removed-udev-scripts/ +done + +} + +update_systemd() { + +for srv in qubes-dvm qubes-meminfo-writer qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-yum-proxy qubes-qrexec-agent; do + systemctl enable $srv.service 2> /dev/null +done + +systemctl enable qubes-update-check.timer 2> /dev/null + +# Install overriden services only when original exists +for srv in cups NetworkManager NetworkManager-wait-online ntpd; do + if [ -f /lib/systemd/system/$srv.service ]; then + cp /usr/lib/qubes/init/$srv.service /etc/systemd/system/$srv.service + fi +done + +# Set default "runlevel" +rm -f /etc/systemd/system/default.target +ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target + +DISABLE_SERVICES="alsa-store alsa-restore auditd avahi avahi-daemon backuppc cpuspeed crond" +DISABLE_SERVICES="$DISABLE_SERVICES fedora-autorelabel fedora-autorelabel-mark ipmi hwclock-load hwclock-save" +DISABLE_SERVICES="$DISABLE_SERVICES mdmonitor multipathd openct rpcbind mcelog fedora-storage-init fedora-storage-init-late" +DISABLE_SERVICES="$DISABLE_SERVICES plymouth-start plymouth-read-write plymouth-quit plymouth-quit-wait" +DISABLE_SERVICES="$DISABLE_SERVICES sshd tcsd sm-client sendmail mdmonitor-takeover" +for srv in $DISABLE_SERVICES; do + if [ -f /lib/systemd/system/$srv.service ]; then + if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then + systemctl disable $srv.service 2> /dev/null + else + # forcibly disable + ln -sf /dev/null /etc/systemd/system/$srv.service + fi + fi +done + +rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service + +# Enable some services +systemctl enable iptables.service 2> /dev/null +systemctl enable ip6tables.service 2> /dev/null +systemctl enable rsyslog.service 2> /dev/null +systemctl enable ntpd.service 2> /dev/null +# Disable original service to enable overriden one +systemctl disable NetworkManager.service 2> /dev/null +# Disable D-BUS activation of NetworkManager - in AppVm it causes problems (eg PackageKit timeouts) +systemctl mask dbus-org.freedesktop.NetworkManager.service 2> /dev/null +systemctl enable NetworkManager.service 2> /dev/null + +# Enable cups only when it is real SystemD service +[ -e /lib/systemd/system/cups.service ] && systemctl enable cups.service 2> /dev/null + +} + + +## arg 1: the new package version +#pre_install() { + # do something here +#} + +## arg 1: the new package version +post_install() { + +update_xdgstart +update_qubesconfig +update_systemd + +# do the rest of %post thing only when updating for the first time... +if [ -e /etc/init/serial.conf ] && ! [ -f /var/lib/qubes/serial.orig ] ; then + cp /etc/init/serial.conf /var/lib/qubes/serial.orig +fi + +#echo "--> Disabling SELinux..." +sed -e s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config.processed +mv /etc/selinux/config.processed /etc/selinux/config +setenforce 0 2>/dev/null + +mkdir -p /rw + +} + + +## arg 1: the new package version +## arg 2: the old package version +post_upgrade() { + +update_xdgstart +update_qubesconfig +update_systemd + +} + +## arg 1: the new package version +## arg 2: the old package version +#pre_upgrade() { + # do something here +#} + +## arg 1: the new package version +## arg 2: the old package version +#post_upgrade() { + # do something here +#} + +## arg 1: the old package version +pre_remove() { + +systemctl disable qubes-qrexec-agent.service + +} + +## arg 1: the old package version +#post_remove() { + # do something here +#} + + diff --git a/pkgs/.gitignore b/pkgs/.gitignore new file mode 100644 index 0000000..72e8ffc --- /dev/null +++ b/pkgs/.gitignore @@ -0,0 +1 @@ +*