From b6a6d4e4e0dd24ba0d8f89f0374a29b35d590800 Mon Sep 17 00:00:00 2001
From: Olivier MEDOC <o_medoc@yahoo.fr>
Date: Mon, 11 Jul 2016 17:21:55 +0200
Subject: [PATCH 1/4] archlinux: switch to usage of pacman.d drop-ins

---
 archlinux/PKGBUILD                      | 14 +++++--
 archlinux/PKGBUILD-qubes-noupgrade.conf |  2 +
 archlinux/PKGBUILD.install              | 49 +++++++------------------
 3 files changed, 27 insertions(+), 38 deletions(-)
 create mode 100644 archlinux/PKGBUILD-qubes-noupgrade.conf

diff --git a/archlinux/PKGBUILD b/archlinux/PKGBUILD
index 36eff5d..bbfa3c1 100644
--- a/archlinux/PKGBUILD
+++ b/archlinux/PKGBUILD
@@ -6,7 +6,7 @@
 # Maintainer: Olivier Medoc <o_medoc@yahoo.fr>
 pkgname=qubes-vm-core
 pkgver=`cat version`
-pkgrel=7
+pkgrel=8
 epoch=
 pkgdesc="The Qubes core files for installation inside a Qubes VM."
 arch=("x86_64")
@@ -25,10 +25,14 @@ options=()
 install=PKGBUILD.install
 changelog=
 
-source=(PKGBUILD.qubes-ensure-lib-modules.service PKGBUILD.qubes-update-desktop-icons.hook)
+source=(	PKGBUILD.qubes-ensure-lib-modules.service PKGBUILD.qubes-update-desktop-icons.hook
+		PKGBUILD-qubes-noupgrade.conf
+		)
 
 noextract=()
-md5sums=('88f4b3d5b156888a9d38f5bc28702ab8' 'bbfb946d6d2787e5abf8e2236502a3d4')
+md5sums=( '88f4b3d5b156888a9d38f5bc28702ab8' 'bbfb946d6d2787e5abf8e2236502a3d4'
+          'c1c1b86eed48cc0f943f21b9a1df8b8e'
+          )
 
 
 build() {
@@ -82,6 +86,10 @@ package() {
   mkdir -p ${pkgdir}/usr/share/libalpm/hooks/
   install -m 644 $srcdir/PKGBUILD.qubes-update-desktop-icons.hook ${pkgdir}/usr/share/libalpm/hooks/qubes-update-desktop-icons.hook
 
+  # Install pacman.d drop-ins (at least 1 drop-in must be installed or pacman will fail)
+  mkdir -p ${pkgdir}/etc/pacman.d
+  install -m 644 $srcdir/PKGBUILD-qubes-noupgrade.conf ${pkgdir}/etc/pacman.d/qubes-noupgrade.conf
+
   # Archlinux specific: enable autologin on tty1
   mkdir -p $pkgdir/etc/systemd/system/getty@tty1.service.d/
   cat <<EOF > $pkgdir/etc/systemd/system/getty@tty1.service.d/autologin.conf
diff --git a/archlinux/PKGBUILD-qubes-noupgrade.conf b/archlinux/PKGBUILD-qubes-noupgrade.conf
new file mode 100644
index 0000000..0b4ff7d
--- /dev/null
+++ b/archlinux/PKGBUILD-qubes-noupgrade.conf
@@ -0,0 +1,2 @@
+NoUpgrade = etc/pam.d/su
+NoUpgrade = etc/pam.d/su-l
\ No newline at end of file
diff --git a/archlinux/PKGBUILD.install b/archlinux/PKGBUILD.install
index a8177c3..4af2b3f 100644
--- a/archlinux/PKGBUILD.install
+++ b/archlinux/PKGBUILD.install
@@ -202,68 +202,47 @@ config_prependtomark() {
 FILE=$1
 APPENDBEFORELINE=$2
 APPENDLINE=$3
-grep -q "$APPENDLINE" "$FILE" || sed "/$APPENDBEFORELINE/i$APPENDLINE" -i "$FILE"
+grep -F -q "$APPENDLINE" "$FILE" || sed "/$APPENDBEFORELINE/i$APPENDLINE" -i "$FILE"
 }
 
 config_appendtomark() {
 FILE=$1
 APPENDAFTERLINE=$2
 APPENDLINE=$3
-grep -q "$APPENDLINE" "$FILE" || sed "/$APPENDAFTERLINE/a$APPENDLINE" -i "$FILE"
+grep -F -q "$APPENDLINE" "$FILE" || sed "/$APPENDAFTERLINE/a$APPENDLINE" -i "$FILE"
 }
 
 config_cleanupmark() {
 FILE="$1"
 BEGINMARK="$2"
 ENDMARK="$3"
-if grep -q "$BEGINMARK" "$FILE"; then
-	if grep -q "$ENDMARK" "$FILE"; then
+if grep -F -q "$BEGINMARK" "$FILE"; then
+	if grep -F -q "$ENDMARK" "$FILE"; then
 		cp "$FILE" "$FILE.qubes-update-orig"
-		sed -i -e "/^$BEGINMARK\$/,/^$ENDMARK\$/{
-			/^$ENDMARK\$/b
+		sed -i -e "/^$BEGINMARK$/,/^$ENDMARK$/{
+			/^$ENDMARK$/b
 			/^$BEGINMARK$/!d
 			}" "$FILE"
 		rm -f "$FILE.qubes-update-orig"
 	else
 		echo "ERROR: found $BEGINMARK marker but not $ENDMARK in $FILE. Please cleanup this file manually."
 	fi
-elif grep -q "$ENDMARK" "$FILE"; then
+elif grep -F -q "$ENDMARK" "$FILE"; then
 	echo "ERROR: found $ENDMARK marker but not $BEGINMARK in $FILE. Please cleanup this file manually."
 fi
 }
 
 update_finalize() {
 
-	# Archlinux specific: Prepare pacman.conf to add qubes specific config
+	# Archlinux specific: Cleanup pre pacman.d qubes marker
 	QUBES_MARKER="### QUBES CONFIG MARKER ###"
-	config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "$QUBES_MARKER"
+	if grep -F -q "$QUBES_MARKER" /etc/pacman.conf; then
+		config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "### QUBES CONFIG END MARKER ###"
+		config_cleanupmark "/etc/pacman.conf" "$QUBES_MARKER" "### QUBES CONFIG END MARKER ###"
+	fi
 
-	# Ensure pam.d will not be modified by archlinux package updates
-	config_appendtomark '/etc/pacman.conf' "$QUBES_MARKER" 'NoUpgrade = etc/pam.d/su'
-	config_appendtomark '/etc/pacman.conf' "$QUBES_MARKER" 'NoUpgrade = etc/pam.d/su-l'
-
-	# Add Qubes setup script markers at the right place (this won't work at the end of pacman.conf)"
-	config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "### QUBES END ###"
-	config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "### QUBES BEGIN ###"
-
-
-	## Archlinux specific: Cleanup pre pacman.d qubes marker
-	## Commented out until pacman.d snipped are supported
-	#QUBES_MARKER="### QUBES CONFIG MARKER ###"
-	#if grep -q "$QUBES_MARKER" /etc/pacman.conf; then
-	#	if ! grep -q "### QUBES CONFIG END MARKER ###" /etc/pacman.conf; then
-	#		# Perform cleanup before continuing
-	#		config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "### QUBES CONFIG END MARKER ###"
-	#		config_cleanupmark "/etc/pacman.conf" "$QUBES_MARKER" "### QUBES CONFIG END MARKER ###"
-	#	fi
-	#fi
-	#config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "$QUBES_MARKER"
-	#config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "### QUBES CONFIG END MARKER ###"
-	#
-	## Add qubes includes
-	#config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "Include /etc/pacman.d/qubes-noupdate.conf"
-	#config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "Include /etc/pacman.d/qubes-updateproxy.conf"
-	#config_prependtomark "/etc/pacman.conf" "### QUBES CONFIG END MARKER ###" "Include /etc/pacman.d/qubes-repositories.conf"
+	# Include /etc/pacman.d drop-in directory
+	config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "Include = /etc/pacman.d/*.conf"
 
 	# Archlinux specific: Update pam.d configuration for su to enable systemd-login wrapper
 	# Also remove pam_unix.so from su configuration

From d449d751622f4c020a79fff78dcec8e311acc222 Mon Sep 17 00:00:00 2001
From: Olivier MEDOC <o_medoc@yahoo.fr>
Date: Tue, 12 Jul 2016 11:20:12 +0200
Subject: [PATCH 2/4] archlinux: Setup default package repository

---
 archlinux/PKGBUILD                     | 12 ++++++++++--
 archlinux/PKGBUILD-qubes-repo-3.1.conf |  2 ++
 archlinux/PKGBUILD-qubes-repo-3.2.conf |  2 ++
 3 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100644 archlinux/PKGBUILD-qubes-repo-3.1.conf
 create mode 100644 archlinux/PKGBUILD-qubes-repo-3.2.conf

diff --git a/archlinux/PKGBUILD b/archlinux/PKGBUILD
index bbfa3c1..2109df8 100644
--- a/archlinux/PKGBUILD
+++ b/archlinux/PKGBUILD
@@ -6,7 +6,7 @@
 # Maintainer: Olivier Medoc <o_medoc@yahoo.fr>
 pkgname=qubes-vm-core
 pkgver=`cat version`
-pkgrel=8
+pkgrel=9
 epoch=
 pkgdesc="The Qubes core files for installation inside a Qubes VM."
 arch=("x86_64")
@@ -27,14 +27,17 @@ changelog=
 
 source=(	PKGBUILD.qubes-ensure-lib-modules.service PKGBUILD.qubes-update-desktop-icons.hook
 		PKGBUILD-qubes-noupgrade.conf
+		PKGBUILD-qubes-repo-3.1.conf
+		PKGBUILD-qubes-repo-3.2.conf
 		)
 
 noextract=()
 md5sums=( '88f4b3d5b156888a9d38f5bc28702ab8' 'bbfb946d6d2787e5abf8e2236502a3d4'
           'c1c1b86eed48cc0f943f21b9a1df8b8e'
+	  '36bf82df048e81250e7ba80b3224bddc'
+	  'd5898def7bad7fd92ea60f0bf48174e3'
           )
 
-
 build() {
 
 for source in autostart-dropins qubes-rpc qrexec misc Makefile vm-init.d vm-systemd network ; do
@@ -90,6 +93,11 @@ package() {
   mkdir -p ${pkgdir}/etc/pacman.d
   install -m 644 $srcdir/PKGBUILD-qubes-noupgrade.conf ${pkgdir}/etc/pacman.d/qubes-noupgrade.conf
 
+  # Install pacman repository
+  release=`echo $pkgver | cut -d '.' -f 1,2`
+  echo "Installing repository for release ${release}"
+  install -m 644 $srcdir/PKGBUILD-qubes-repo-${release}.conf ${pkgdir}/etc/pacman.d/99-qubes-repository-${release}.conf
+
   # Archlinux specific: enable autologin on tty1
   mkdir -p $pkgdir/etc/systemd/system/getty@tty1.service.d/
   cat <<EOF > $pkgdir/etc/systemd/system/getty@tty1.service.d/autologin.conf
diff --git a/archlinux/PKGBUILD-qubes-repo-3.1.conf b/archlinux/PKGBUILD-qubes-repo-3.1.conf
new file mode 100644
index 0000000..df5834c
--- /dev/null
+++ b/archlinux/PKGBUILD-qubes-repo-3.1.conf
@@ -0,0 +1,2 @@
+[qubes-r3.1]
+Server = http://olivier.medoc.free.fr/archlinux/$repo
diff --git a/archlinux/PKGBUILD-qubes-repo-3.2.conf b/archlinux/PKGBUILD-qubes-repo-3.2.conf
new file mode 100644
index 0000000..6f7c53d
--- /dev/null
+++ b/archlinux/PKGBUILD-qubes-repo-3.2.conf
@@ -0,0 +1,2 @@
+[qubes-r3.2]
+Server = http://olivier.medoc.free.fr/archlinux/$repo
\ No newline at end of file

From a346de7e461c0e1a247ddec00f86953eee2cd0ce Mon Sep 17 00:00:00 2001
From: Olivier MEDOC <o_medoc@yahoo.fr>
Date: Tue, 12 Jul 2016 11:25:03 +0200
Subject: [PATCH 3/4] archlinux: ensure repositories are the last pacman.d
 files included

---
 archlinux/PKGBUILD | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/archlinux/PKGBUILD b/archlinux/PKGBUILD
index 2109df8..d315827 100644
--- a/archlinux/PKGBUILD
+++ b/archlinux/PKGBUILD
@@ -91,7 +91,7 @@ package() {
 
   # Install pacman.d drop-ins (at least 1 drop-in must be installed or pacman will fail)
   mkdir -p ${pkgdir}/etc/pacman.d
-  install -m 644 $srcdir/PKGBUILD-qubes-noupgrade.conf ${pkgdir}/etc/pacman.d/qubes-noupgrade.conf
+  install -m 644 $srcdir/PKGBUILD-qubes-noupgrade.conf ${pkgdir}/etc/pacman.d/10-qubes-noupgrade.conf
 
   # Install pacman repository
   release=`echo $pkgver | cut -d '.' -f 1,2`

From 7cea09711ae4bfbb622d716edfa70c2429563b54 Mon Sep 17 00:00:00 2001
From: Olivier MEDOC <o_medoc@yahoo.fr>
Date: Tue, 12 Jul 2016 11:38:14 +0200
Subject: [PATCH 4/4] archlinux: fix update-proxy-configs to use pacman.d
 drop-ins

---
 network/update-proxy-configs | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/network/update-proxy-configs b/network/update-proxy-configs
index 3264f6d..b850a5f 100755
--- a/network/update-proxy-configs
+++ b/network/update-proxy-configs
@@ -108,6 +108,22 @@ $PROXY_CONF_ENTRY
 EOF
 fi
 
+# Pacman (archlinux) also
+if [ -d /etc/pacman.d ]; then
+    if [ -n "$PROXY_ADDR" ]; then
+        cat > /etc/pacman.d/01-qubes-proxy.conf <<EOF
+### This file is automatically generated by Qubes ($0 script).
+### All modifications here will be lost.
+### If you want to override some of this settings, create another file under 
+### /etc/pacman.d
+
+XferCommand = http_proxy=$PROXY_ADDR /usr/bin/curl -C - -f %u > %o
+EOF
+    else
+        rm -r /etc/pacman.d/01-qubes-proxy.conf
+    fi
+fi
+
 # DNF configuration doesn't support including other files
 if [ -e /etc/dnf/dnf.conf ]; then
     update_conf /etc/dnf/dnf.conf "$PROXY_CONF_ENTRY"
@@ -117,8 +133,3 @@ fi
 if [ -e /etc/PackageKit/PackageKit.conf ]; then
     update_conf /etc/PackageKit/PackageKit.conf "ProxyHTTP=$PROXY_ADDR"
 fi
-
-# Pacman (archlinux) also
-if [ -e /etc/pacman.conf ]; then
-    update_conf /etc/pacman.conf "XferCommand = http_proxy=$PROXY_ADDR /usr/bin/curl -C - -f %u > %o"
-fi