vm(+dom0): major rearrage VM files in repo; merge core-*vm packages

Makefile

@@ -13,14 +13,11 @@ help:
 	@echo "make clean                 -- cleanup"
 
 rpms:	
-	rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-commonvm.spec
-	rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-appvm.spec
-	rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-netvm.spec
-	rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-proxyvm.spec
+	rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm.spec
 	rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec
 	rpm --addsign \
 		$(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*.rpm \
-		$(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*.rpm
+		$(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*.rpm
 
 rpms-vaio-fixes:
 	rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0-vaio-fixes.spec
@@ -31,7 +28,7 @@ update-repo-current:
 	ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current/dom0/rpm/
 	for vmrepo in ../yum/current-release/current/vm/* ; do \
 		dist=$$(basename $$vmrepo) ;\
-		ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
+		ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
 	done
 
 update-repo-current-testing:
@@ -39,7 +36,7 @@ update-repo-current-testing:
 	ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/
 	for vmrepo in ../yum/current-release/current-testing/vm/* ; do \
 		dist=$$(basename $$vmrepo) ;\
-		ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
+		ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
 	done
 
 update-repo-unstable:
@@ -47,17 +44,17 @@ update-repo-unstable:
 	ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/
 	for vmrepo in ../yum/current-release/unstable/vm/* ; do \
 		dist=$$(basename $$vmrepo) ;\
-		ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
+		ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
 	done
 
 update-repo-installer:
 	ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*fc13*.rpm ../installer/yum/qubes-dom0/rpm/
 
 clean:
-	(cd appvm && make clean)
-	(cd dom0/restore && make clean)
-	(cd dom0/qmemman && make clean)
-	(cd common && make clean)
-	(cd u2mfn && make clean)
+	make -C dom0/qmemman clean
+	make -C dom0/restore clean
+	make -C misc clean
+	make -C network clean
 	make -C qrexec clean
+	make -C u2mfn clean
 	make -C vchan clean

appvm/Makefile

@@ -1,14 +0,0 @@
-CC=gcc
-CFLAGS=-g -Wall -I../common -fPIC -pie
-all:	vm-file-editor qopen-in-vm qfile-agent qfile-unpacker
-vm-file-editor: vm-file-editor.o ../common/ioall.o
-	$(CC) -pie -g -o $@ $^
-qopen-in-vm: qopen-in-vm.o ../common/ioall.o ../common/gui-fatal.o
-	$(CC) -pie -g -o $@ $^
-qfile-agent: qfile-agent.o ../common/ioall.o ../common/gui-fatal.o ../common/copy_file.o ../common/crc32.o
-	$(CC) -pie -g -o $@ $^
-qfile-unpacker: qfile-unpacker.o ../common/ioall.o ../common/gui-fatal.o ../common/copy_file.o ../common/unpack.o ../common/crc32.o
-	$(CC) -pie -g -o $@ $^
-
-clean:
-	rm -f qopen-in-vm qfile-agent qfile-unpacker vm-file-editor *.o *~

appvm/iptables

@@ -1,12 +0,0 @@
-# Firewall configuration written by system-config-firewall
-# Manual customization of this file is not recommended.
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
--A INPUT -p icmp -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -j REJECT --reject-with icmp-host-prohibited
--A FORWARD -j REJECT --reject-with icmp-host-prohibited
-COMMIT

appvm/qubes_timestamp

@@ -1,2 +0,0 @@
-#!/bin/sh
-exec xenstore-write device/qubes_timestamp $(date +%s.%N)

netvm/fstab

@@ -1,14 +0,0 @@
-
-#
-# /etc/fstab
-# Created by anaconda on Thu Dec  3 11:26:49 2009
-#
-# Accessible filesystems, by reference, are maintained under '/dev/disk'
-# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
-#
-/dev/mapper/dmroot /                       ext4 defaults,noatime        1 1
-/dev/mapper/dmswap swap                    swap    defaults        0 0
-tmpfs                   /dev/shm                tmpfs   defaults        0 0
-devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
-sysfs                   /sys                    sysfs   defaults        0 0
-proc                    /proc                   proc    defaults        0 0

qubes_rpc/Makefile

@@ -0,0 +1,14 @@
+CC=gcc
+CFLAGS=-g -Wall -I. -fPIC -pie
+all:	vm-file-editor qopen-in-vm qfile-agent qfile-unpacker
+vm-file-editor: vm-file-editor.o ioall.o
+	$(CC) -pie -g -o $@ $^
+qopen-in-vm: qopen-in-vm.o ioall.o gui-fatal.o
+	$(CC) -pie -g -o $@ $^
+qfile-agent: qfile-agent.o ioall.o gui-fatal.o copy_file.o crc32.o
+	$(CC) -pie -g -o $@ $^
+qfile-unpacker: qfile-unpacker.o ioall.o gui-fatal.o copy_file.o unpack.o crc32.o
+	$(CC) -pie -g -o $@ $^
+
+clean:
+	rm -f qopen-in-vm qfile-agent qfile-unpacker vm-file-editor *.o *~

rpm_spec/core-appvm.spec

@@ -1,201 +0,0 @@
-#
-# The Qubes OS Project, http://www.qubes-os.org
-#
-# Copyright (C) 2010  Joanna Rutkowska <joanna@invisiblethingslab.com>
-# Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#
-#
-
-%{!?version: %define version %(cat version_vm)}
-
-Name:		qubes-core-appvm
-Version:	%{version}
-Release:	1%{dist}
-Summary:	The Qubes core files for AppVM
-
-Group:		Qubes
-Vendor:		Invisible Things Lab
-License:	GPL
-URL:		http://www.qubes-os.org
-Requires:	/usr/bin/xenstore-read
-Requires:   fedora-release
-Requires:	/usr/bin/mimeopen
-Requires:	qubes-core-commonvm
-BuildRequires:  gcc
-BuildRequires:  xen-devel
-Provides:   qubes-core-vm
-
-%define _builddir %(pwd)/appvm
-
-%define kde_service_dir /usr/share/kde4/services/ServiceMenus 
-
-%description
-The Qubes core files for installation inside a Qubes AppVM.
-
-%pre
-
-if [ "$1" !=  1 ] ; then
-# do this whole %pre thing only when updating for the first time...
-exit 0
-fi
-
-adduser --create-home user
-su user -c 'mkdir -p /home/user/.local/share'
-su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts'
-su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"'
-su user -c 'ln -s /usr/bin/qvm-open-in-dvm /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"'
-su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created'
-su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created2'
-
-
-mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
-
-%build
-make clean all
-make -C ../common
-make -C ../u2mfn
-make -C ../vchan
-make -C ../qrexec
-
-%install
-
-mkdir -p $RPM_BUILD_ROOT/etc/init.d
-cp qubes_core_appvm $RPM_BUILD_ROOT/etc/init.d/
-mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
-mkdir -p $RPM_BUILD_ROOT/usr/bin
-cp qubes_timestamp qvm-open-in-dvm $RPM_BUILD_ROOT/usr/bin
-cp qvm-open-in-vm $RPM_BUILD_ROOT/usr/bin
-cp qvm-copy-to-vm $RPM_BUILD_ROOT/usr/bin
-cp qvm-run $RPM_BUILD_ROOT/usr/bin
-mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
-cp wrap_in_html_if_url.sh $RPM_BUILD_ROOT/usr/lib/qubes
-cp qvm-copy-to-vm.kde $RPM_BUILD_ROOT/usr/lib/qubes
-cp qvm-copy-to-vm.gnome $RPM_BUILD_ROOT/usr/lib/qubes
-cp ../qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes
-cp ../qrexec/qrexec_client_vm $RPM_BUILD_ROOT/usr/lib/qubes
-cp ../qrexec/qubes_rpc_multiplexer $RPM_BUILD_ROOT/usr/lib/qubes
-cp vm-file-editor qfile-agent qopen-in-vm qfile-unpacker $RPM_BUILD_ROOT/usr/lib/qubes
-cp vm-shell qrun-in-vm $RPM_BUILD_ROOT/usr/lib/qubes
-cp ../common/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes
-mkdir -p $RPM_BUILD_ROOT/%{kde_service_dir}
-cp qvm-copy.desktop qvm-dvm.desktop $RPM_BUILD_ROOT/%{kde_service_dir}
-mkdir -p $RPM_BUILD_ROOT/mnt/removable
-mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc
-cp qubes.Filecopy $RPM_BUILD_ROOT/etc/qubes_rpc
-cp qubes.OpenInVM $RPM_BUILD_ROOT/etc/qubes_rpc
-cp qubes.VMShell $RPM_BUILD_ROOT/etc/qubes_rpc
-mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates
-
-mkdir -p $RPM_BUILD_ROOT/etc/X11
-cp xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11
-
-mkdir -p $RPM_BUILD_ROOT/home_volatile/user
-
-install -D ../vchan/libvchan.h $RPM_BUILD_ROOT/usr/include/libvchan.h
-install -D ../u2mfn/u2mfnlib.h $RPM_BUILD_ROOT/usr/include/u2mfnlib.h
-install -D ../u2mfn/u2mfn-kernel.h $RPM_BUILD_ROOT/usr/include/u2mfn-kernel.h
-
-install -D ../vchan/libvchan.so $RPM_BUILD_ROOT/%{_libdir}/libvchan.so
-install -D ../u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so
-
-install -d $RPM_BUILD_ROOT/etc/sudoers.d
-install -m 0440 qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes
-
-mkdir -p $RPM_BUILD_ROOT/var/run/qubes
-
-%triggerin -- initscripts
-cp /var/lib/qubes/serial.conf /etc/init/serial.conf
-
-%post
-
-chkconfig --add qubes_core_appvm || echo "WARNING: Cannot add service qubes_core!"
-chkconfig qubes_core_appvm on || echo "WARNING: Cannot enable service qubes_core!"
-
-if [ "$1" !=  1 ] ; then
-# do this whole %post thing only when updating for the first time...
-exit 0
-fi
-
-usermod -L user
-
-%preun
-if [ "$1" = 0 ] ; then
-    # no more packages left
-    chkconfig qubes_core_appvm off
-fi
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(-,root,root,-)
-/etc/init.d/qubes_core_appvm
-/usr/bin/qvm-copy-to-vm
-/usr/lib/qubes/qvm-copy-to-vm.kde
-/usr/lib/qubes/qvm-copy-to-vm.gnome
-/usr/bin/qvm-open-in-dvm
-/usr/bin/qvm-open-in-vm
-/usr/bin/qvm-run
-/usr/lib/qubes/meminfo-writer
-/usr/lib/qubes/vm-file-editor
-%{kde_service_dir}/qvm-copy.desktop
-%{kde_service_dir}/qvm-dvm.desktop
-/usr/lib/qubes/qrexec_agent
-/usr/lib/qubes/qrexec_client_vm
-/usr/lib/qubes/qubes_rpc_multiplexer
-/usr/lib/qubes/qfile-agent
-/usr/lib/qubes/qopen-in-vm
-/usr/lib/qubes/qfile-unpacker
-/usr/lib/qubes/vm-shell
-/usr/lib/qubes/qrun-in-vm
-/usr/lib/qubes/wrap_in_html_if_url.sh
-%dir /mnt/removable
-%dir /etc/qubes_rpc
-/etc/qubes_rpc/qubes.Filecopy
-/etc/qubes_rpc/qubes.OpenInVM
-/etc/qubes_rpc/qubes.VMShell
-/usr/bin/qubes_timestamp
-%dir /home_volatile
-%attr(700,user,user) /home_volatile/user
-/etc/X11/xorg-preload-apps.conf
-%dir /var/run/qubes
-%dir %attr(0775,user,user) /var/lib/qubes/dom0-updates
-/etc/sudoers.d/qubes
-
-%package devel
-Summary:        Include files for qubes core libraries
-License:        GPL v2 only
-Group:          Development/Sources 
-
-%description devel
-
-%files devel
-/usr/include/libvchan.h
-/usr/include/u2mfnlib.h
-/usr/include/u2mfn-kernel.h
-
-%package libs
-Summary:        Qubes core libraries
-License:        GPL v2 only
-Group:          Development/Sources 
-
-%description libs
-
-%files libs
-%{_libdir}/libvchan.so
-%{_libdir}/libu2mfn.so
-

rpm_spec/core-commonvm.spec

@@ -1,266 +0,0 @@
-#
-# The Qubes OS Project, http://www.qubes-os.org
-#
-# Copyright (C) 2010  Joanna Rutkowska <joanna@invisiblethingslab.com>
-# Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#
-#
-
-%{!?version: %define version %(cat version_vm)}
-
-Name:		qubes-core-commonvm
-Version:	%{version}
-Release:	1%{dist}
-Summary:	The Qubes core files for any VM
-
-Group:		Qubes
-Vendor:		Invisible Things Lab
-License:	GPL
-URL:		http://www.qubes-os.org
-Requires:	/usr/bin/xenstore-read
-Requires:   fedora-release
-Requires:   yum-plugin-post-transaction-actions
-BuildRequires: xen-devel
-
-%define _builddir %(pwd)/common
-
-%description
-The Qubes core files for installation inside a Qubes VM.
-
-%build
-make
-
-%pre
-
-if [ "$1" !=  1 ] ; then
-# do this whole %pre thing only when updating for the first time...
-exit 0
-fi
-
-mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
-if [ -e $RPM_BUILD_ROOT/etc/fstab ] ; then 
-mv $RPM_BUILD_ROOT/etc/fstab $RPM_BUILD_ROOT/var/lib/qubes/fstab.orig
-fi
-
-%install
-
-mkdir -p $RPM_BUILD_ROOT/etc
-cp fstab $RPM_BUILD_ROOT/etc/fstab
-mkdir -p $RPM_BUILD_ROOT/etc/init.d
-cp qubes_core $RPM_BUILD_ROOT/etc/init.d/
-mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
-mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
-cp iptables $RPM_BUILD_ROOT/etc/sysconfig/
-mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d
-cp qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d
-install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-gpg
-install -m 644 RPM-GPG-KEY-qubes* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/
-mkdir -p $RPM_BUILD_ROOT/sbin
-cp qubes_serial_login $RPM_BUILD_ROOT/sbin
-mkdir -p $RPM_BUILD_ROOT/usr/bin
-cp xenstore-watch $RPM_BUILD_ROOT/usr/bin/xenstore-watch-qubes
-mkdir -p $RPM_BUILD_ROOT/etc
-cp serial.conf $RPM_BUILD_ROOT/var/lib/qubes/
-mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d
-cp qubes_network.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_network.rules
-cp qubes_memory.rules $RPM_BUILD_ROOT/etc/udev/rules.d/50-qubes_memory.rules
-cp qubes_block.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_block.rules
-mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes/
-cp setup_ip $RPM_BUILD_ROOT/usr/lib/qubes/
-cp qubes_download_dom0_updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/
-cp block_add_change $RPM_BUILD_ROOT/usr/lib/qubes/
-cp block_remove $RPM_BUILD_ROOT/usr/lib/qubes/
-cp block_cleanup $RPM_BUILD_ROOT/usr/lib/qubes/
-mkdir -p $RPM_BUILD_ROOT/etc/yum/post-actions
-cp qubes_trigger_sync_appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/
-mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
-cp qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/
-
-install -D qubes_core.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes_core.modules
-
-mkdir -p $RPM_BUILD_ROOT/lib/firmware
-ln -s /lib/modules/firmware $RPM_BUILD_ROOT/lib/firmware/updates
-
-%triggerin -- initscripts
-cp /var/lib/qubes/serial.conf /etc/init/serial.conf
-
-%post
-
-# disable some Upstart services
-for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do
-	if [ -e /etc/init/$F.conf ]; then
-		mv -f /etc/init/$F.conf /etc/init/$F.conf.disabled
-	fi
-done
-
-remove_ShowIn () {
-	if [ -e /etc/xdg/autostart/$1.desktop ]; then
-		sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop
-	fi
-}
-
-# don't want it at all
-for F in abrt-applet deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto ; do
-	if [ -e /etc/xdg/autostart/$F.desktop ]; then
-		remove_ShowIn $F
-		echo 'NotShowIn=QUBES' >> /etc/xdg/autostart/$F.desktop
-	fi
-done
-
-# don't want it in DisposableVM
-for F in gcm-apply ; do
-	if [ -e /etc/xdg/autostart/$F.desktop ]; then
-		remove_ShowIn $F
-		echo 'NotShowIn=DisposableVM' >> /etc/xdg/autostart/$F.desktop
-	fi
-done
-
-# want it in AppVM only
-for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do
-	if [ -e /etc/xdg/autostart/$F.desktop ]; then
-		remove_ShowIn $F
-		echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop
-	fi
-done
-
-# remove existing rule to add own later
-for F in gpk-update-icon nm-applet ; do
-	remove_ShowIn $F
-done
-
-echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || :
-echo 'OnlyShowIn=GNOME;NetVM;' >> /etc/xdg/autostart/nm-applet.desktop || :
-
-usermod -p '' root
-
-# Prevent unnecessary updates in VMs:
-sed -i -e '/^exclude = kernel/d' /etc/yum.conf
-echo 'exclude = kernel, xorg-x11-drv-*, xorg-x11-drivers, xorg-x11-server-*' >> /etc/yum.conf
-
-if [ "$1" !=  1 ] ; then
-# do this whole %post thing only when updating for the first time...
-exit 0
-fi
-
-if ! [ -f /var/lib/qubes/serial.orig ] ; then
-	cp /etc/init/serial.conf /var/lib/qubes/serial.orig
-fi
-
-#echo "--> Disabling SELinux..."
-sed -e s/^SELINUX=.*$/SELINUX=disabled/ </etc/selinux/config >/etc/selinux/config.processed
-mv /etc/selinux/config.processed /etc/selinux/config
-setenforce 0 2>/dev/null
-
-#echo "--> Turning off unnecessary services..."
-# FIXME: perhaps there is more elegant way to do this? 
-for f in /etc/init.d/*
-do
-        srv=`basename $f`
-        [ $srv = 'functions' ] && continue
-        [ $srv = 'killall' ] && continue
-        [ $srv = 'halt' ] && continue
-        [ $srv = 'single' ] && continue
-        [ $srv = 'reboot' ] && continue
-        [ $srv = 'qubes_gui' ] && continue
-        chkconfig $srv off
-done
-
-[ -x /bin/systemctl ] && /bin/systemctl disable NetworkManager.service
-[ -x /bin/systemctl ] && /bin/systemctl disable crond.service
-
-#echo "--> Enabling essential services..."
-chkconfig rsyslog on
-chkconfig haldaemon on
-chkconfig messagebus on
-chkconfig iptables on
-chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!"
-chkconfig qubes_core on || echo "WARNING: Cannot enable service qubes_core!"
-
-
-# TODO: make this not display the silly message about security context...
-sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab
-
-# Remove most of the udev scripts to speed up the VM boot time
-# Just leave the xen* scripts, that are needed if this VM was
-# ever used as a net backend (e.g. as a VPN domain in the future)
-#echo "--> Removing unnecessary udev scripts..."
-mkdir -p /var/lib/qubes/removed-udev-scripts
-for f in /etc/udev/rules.d/*
-do
-    if [ $(basename $f) == "xen-backend.rules" ] ; then
-        continue
-    fi
-
-    if [ $(basename $f) == "xend.rules" ] ; then
-        continue
-    fi
-
-    if [ $(basename $f) == "99-qubes_network.rules" ] ; then
-        continue
-    fi
-
-    if [ $(basename $f) == "99-qubes_block.rules" ] ; then
-        continue
-    fi
-
-    if [ $(basename $f) == "90-hal.rules" ] ; then
-        continue
-    fi
-
-
-    mv $f /var/lib/qubes/removed-udev-scripts/
-done
-mkdir -p /rw
-#rm -f /etc/mtab
-#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0"
-#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig
-#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0
-
-%preun
-if [ "$1" = 0 ] ; then
-    # no more packages left
-    chkconfig qubes_core off
-    mv /var/lib/qubes/fstab.orig /etc/fstab
-    mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
-    mv /var/lib/qubes/serial.orig /etc/init/serial.conf
-fi
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(-,root,root,-)
-/etc/fstab
-/etc/init.d/qubes_core
-/etc/sysconfig/iptables
-/var/lib/qubes
-/etc/yum.repos.d/qubes.repo
-/etc/pki/rpm-gpg/RPM-GPG-KEY-qubes*
-/sbin/qubes_serial_login
-/usr/bin/xenstore-watch-qubes
-/etc/udev/rules.d/99-qubes_network.rules
-/etc/udev/rules.d/50-qubes_memory.rules
-/etc/udev/rules.d/99-qubes_block.rules
-/etc/sysconfig/modules/qubes_core.modules
-/usr/lib/qubes/setup_ip
-/etc/yum/post-actions/qubes_trigger_sync_appmenus.action
-/usr/lib/qubes/qubes_trigger_sync_appmenus.sh
-/usr/lib/qubes/qubes_download_dom0_updates.sh
-/usr/lib/qubes/block_add_change
-/usr/lib/qubes/block_remove
-/usr/lib/qubes/block_cleanup
-/lib/firmware/updates

rpm_spec/core-netvm.spec

@@ -1,102 +0,0 @@
-#
-# The Qubes OS Project, http://www.qubes-os.org
-#
-# Copyright (C) 2010  Joanna Rutkowska <joanna@invisiblethingslab.com>
-# Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#
-#
-
-%{!?version: %define version %(cat version_vm)}
-
-Name:		qubes-core-netvm
-Version:	%{version}
-Release:	1%{dist}
-Summary:	The Qubes core files for NetVM
-
-Group:		Qubes
-Vendor:		Invisible Things Lab
-License:	GPL
-URL:		http://www.qubes-os.org
-Requires:	/usr/bin/xenstore-read
-Requires:   fedora-release
-Requires:       NetworkManager >= 0.8.1-1
-Requires:   qubes-core-commonvm
-Provides:   qubes-core-vm
-
-%define _builddir %(pwd)/netvm
-
-%description
-The Qubes core files for installation inside a Qubes NetVM.
-
-%pre
-
-%build
-make -C ../vchan
-make -C ../u2mfn
-
-%install
-
-mkdir -p $RPM_BUILD_ROOT/etc
-mkdir -p $RPM_BUILD_ROOT/etc/init.d
-cp qubes_core_netvm $RPM_BUILD_ROOT/etc/init.d/
-mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
-mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
-cp ../common/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/usr/lib/qubes
-cp ../common/qubes_fix_nm_conf.sh $RPM_BUILD_ROOT/usr/lib/qubes
-mkdir -p $RPM_BUILD_ROOT/etc/dhclient.d
-ln -s /usr/lib/qubes/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/etc/dhclient.d/qubes_setup_dnat_to_ns.sh 
-mkdir -p $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
-cp ../common/qubes_nmhook $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
-cp ../netvm/30-qubes_external_ip $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
-mkdir -p $RPM_BUILD_ROOT/var/run/qubes
-mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts
-cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts
-
-%post
-
-# Create NetworkManager configuration if we do not have it
-if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
-echo '[main]' > /etc/NetworkManager/NetworkManager.conf
-echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
-echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
-fi
-/usr/lib/qubes/qubes_fix_nm_conf.sh
-
-chkconfig --add qubes_core_netvm || echo "WARNING: Cannot add service qubes_core!"
-chkconfig qubes_core_netvm on || echo "WARNING: Cannot enable service qubes_core!"
-
-# Remove ip_forward setting from sysctl, so NM will not reset it
-sed 's/^net.ipv4.ip_forward.*/#\0/'  -i /etc/sysctl.conf
-
-%preun
-if [ "$1" = 0 ] ; then
-    # no more packages left
-    chkconfig qubes_core_netvm off
-fi
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(-,root,root,-)
-/etc/init.d/qubes_core_netvm
-/usr/lib/qubes/qubes_setup_dnat_to_ns
-/usr/lib/qubes/qubes_fix_nm_conf.sh
-/etc/dhclient.d/qubes_setup_dnat_to_ns.sh
-/etc/NetworkManager/dispatcher.d/qubes_nmhook
-/etc/NetworkManager/dispatcher.d/30-qubes_external_ip
-/etc/xen/scripts/vif-route-qubes

rpm_spec/core-proxyvm.spec

@@ -1,80 +0,0 @@
-#
-# The Qubes OS Project, http://www.qubes-os.org
-#
-# Copyright (C) 2010  Joanna Rutkowska <joanna@invisiblethingslab.com>
-# Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#
-#
-
-%{!?version: %define version %(cat version_vm)}
-
-Name:		qubes-core-proxyvm
-Version:	%{version}
-Release:	1%{dist}
-Summary:	The Qubes core files for NetVM
-
-Group:		Qubes
-Vendor:		Invisible Things Lab
-License:	GPL
-URL:		http://www.qubes-os.org
-Requires:	/usr/bin/xenstore-read
-Requires:   /sbin/ethtool
-Requires:   fedora-release
-Requires:   qubes-core-netvm
-
-%define _builddir %(pwd)/proxyvm
-
-%description
-The Qubes core files for installation inside a Qubes ProxyVM in addition to NetVM scripts.
-
-%pre
-
-%build
-
-%install
-
-mkdir -p $RPM_BUILD_ROOT/etc/init.d
-cp init.d/qubes_firewall $RPM_BUILD_ROOT/etc/init.d/
-cp init.d/qubes_netwatcher $RPM_BUILD_ROOT/etc/init.d/
-mkdir -p $RPM_BUILD_ROOT/usr/sbin
-cp bin/qubes_firewall $RPM_BUILD_ROOT/usr/sbin/
-cp bin/qubes_netwatcher $RPM_BUILD_ROOT/usr/sbin/
-
-%post
-
-chkconfig --add qubes_firewall || echo "WARNING: Cannot add service qubes_core!"
-chkconfig qubes_firewall on || echo "WARNING: Cannot enable service qubes_core!"
-
-chkconfig --add qubes_netwatcher || echo "WARNING: Cannot add service qubes_core!"
-chkconfig qubes_netwatcher on || echo "WARNING: Cannot enable service qubes_core!"
-
-%preun
-if [ "$1" = 0 ] ; then
-    # no more packages left
-    chkconfig qubes_firewall off
-    chkconfig qubes_netwatcher off
-fi
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(-,root,root,-)
-/etc/init.d/qubes_firewall
-/etc/init.d/qubes_netwatcher
-/usr/sbin/qubes_firewall
-/usr/sbin/qubes_netwatcher

rpm_spec/core-vm.spec

@@ -0,0 +1,417 @@
+#
+# The Qubes OS Project, http://www.qubes-os.org
+#
+# Copyright (C) 2010  Joanna Rutkowska <joanna@invisiblethingslab.com>
+# Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+#
+
+%{!?version: %define version %(cat version_vm)}
+
+Name:		qubes-core-vm
+Version:	%{version}
+Release:	1%{dist}
+Summary:	The Qubes core files for VM
+
+Group:		Qubes
+Vendor:		Invisible Things Lab
+License:	GPL
+URL:		http://www.qubes-os.org
+Requires:	/usr/bin/xenstore-read
+Requires:   fedora-release
+Requires:   yum-plugin-post-transaction-actions
+Requires:   NetworkManager >= 0.8.1-1
+Requires:	/usr/bin/mimeopen
+Requires:   /sbin/ethtool
+Provides:   qubes-core-vm
+BuildRequires: xen-devel
+
+%define _builddir %(pwd)
+
+%define kde_service_dir /usr/share/kde4/services/ServiceMenus
+
+%description
+The Qubes core files for installation inside a Qubes VM.
+
+%build
+make -C misc
+make -C qubes_rpc
+make -C qrexec
+make -C vchan
+make -C u2mfn
+
+%pre
+
+if [ "$1" !=  1 ] ; then
+# do this whole %pre thing only when updating for the first time...
+exit 0
+fi
+
+mkdir -p /var/lib/qubes
+if [ -e /etc/fstab ] ; then 
+mv /etc/fstab /var/lib/qubes/fstab.orig
+fi
+
+adduser --create-home user
+su user -c 'mkdir -p /home/user/.local/share'
+su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts'
+su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"'
+su user -c 'ln -s /usr/bin/qvm-open-in-dvm /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"'
+su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created'
+su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created2'
+
+%install
+
+install -D misc/fstab $RPM_BUILD_ROOT/etc/fstab
+install -d $RPM_BUILD_ROOT/etc/init.d
+install vm-init.d/* $RPM_BUILD_ROOT/etc/init.d/
+
+install -D -m 0440 misc/qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes
+install -D misc/qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d/qubes.repo
+install -D misc/serial.conf $RPM_BUILD_ROOT/usr/lib/qubes/serial.conf
+install -D misc/qubes_serial_login $RPM_BUILD_ROOT/sbin/qubes_serial_login
+
+install -d $RPM_BUILD_ROOT/var/lib/qubes
+
+install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-gpg
+install -m 644 misc/RPM-GPG-KEY-qubes* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/
+install -D misc/xenstore-watch $RPM_BUILD_ROOT/usr/bin/xenstore-watch-qubes
+install -d $RPM_BUILD_ROOT/etc/udev/rules.d
+install  misc/qubes_memory.rules $RPM_BUILD_ROOT/etc/udev/rules.d/50-qubes_memory.rules
+install  misc/qubes_block.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_block.rules
+install -d $RPM_BUILD_ROOT/usr/lib/qubes/
+install misc/qubes_download_dom0_updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/
+install misc/{block_add_change,block_remove,block_cleanup} $RPM_BUILD_ROOT/usr/lib/qubes/
+install misc/qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/
+install -D misc/qubes_trigger_sync_appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/qubes_trigger_sync_appmenus.action
+mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
+
+install -D misc/qubes_core.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes_core.modules
+
+install network/qubes_network.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_network.rules
+install network/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/usr/lib/qubes
+install network/qubes_fix_nm_conf.sh $RPM_BUILD_ROOT/usr/lib/qubes
+install network/setup_ip $RPM_BUILD_ROOT/usr/lib/qubes/
+install -d $RPM_BUILD_ROOT/etc/dhclient.d
+ln -s /usr/lib/qubes/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/etc/dhclient.d/qubes_setup_dnat_to_ns.sh 
+install -d $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
+install network/{qubes_nmhook,30-qubes_external_ip} $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
+install -D network/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts/vif-route-qubes
+install -D network/iptables $RPM_BUILD_ROOT/etc/sysconfig/iptables
+
+install -d $RPM_BUILD_ROOT/usr/sbin
+install network/qubes_firewall $RPM_BUILD_ROOT/usr/sbin/
+install network/qubes_netwatcher $RPM_BUILD_ROOT/usr/sbin/
+
+install -d $RPM_BUILD_ROOT/lib/firmware
+ln -s /lib/modules/firmware $RPM_BUILD_ROOT/lib/firmware/updates
+
+install -d $RPM_BUILD_ROOT/usr/bin
+
+install qubes_rpc/{qvm-open-in-dvm,qvm-open-in-vm,qvm-copy-to-vm,qvm-run} $RPM_BUILD_ROOT/usr/bin
+install qubes_rpc/wrap_in_html_if_url.sh $RPM_BUILD_ROOT/usr/lib/qubes
+install qubes_rpc/qvm-copy-to-vm.kde $RPM_BUILD_ROOT/usr/lib/qubes
+install qubes_rpc/qvm-copy-to-vm.gnome $RPM_BUILD_ROOT/usr/lib/qubes
+install qubes_rpc/{vm-file-editor,qfile-agent,qopen-in-vm,qfile-unpacker} $RPM_BUILD_ROOT/usr/lib/qubes
+install qubes_rpc/{vm-shell,qrun-in-vm} $RPM_BUILD_ROOT/usr/lib/qubes
+install -d $RPM_BUILD_ROOT/%{kde_service_dir}
+install qubes_rpc/{qvm-copy.desktop,qvm-dvm.desktop} $RPM_BUILD_ROOT/%{kde_service_dir}
+install -d $RPM_BUILD_ROOT/etc/qubes_rpc
+install qubes_rpc/{qubes.Filecopy,qubes.OpenInVM,qubes.VMShell} $RPM_BUILD_ROOT/etc/qubes_rpc
+
+install qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes
+install qrexec/qrexec_client_vm $RPM_BUILD_ROOT/usr/lib/qubes
+install qrexec/qubes_rpc_multiplexer $RPM_BUILD_ROOT/usr/lib/qubes
+
+install misc/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes
+install -d $RPM_BUILD_ROOT/mnt/removable
+install -d $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates
+
+install -D misc/xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11/xorg-preload-apps.conf
+
+install -d $RPM_BUILD_ROOT/var/run/qubes
+install -d $RPM_BUILD_ROOT/home_volatile/user
+
+install -D vchan/libvchan.h $RPM_BUILD_ROOT/usr/include/libvchan.h
+install -D u2mfn/u2mfnlib.h $RPM_BUILD_ROOT/usr/include/u2mfnlib.h
+install -D u2mfn/u2mfn-kernel.h $RPM_BUILD_ROOT/usr/include/u2mfn-kernel.h
+
+install -D vchan/libvchan.so $RPM_BUILD_ROOT/%{_libdir}/libvchan.so
+install -D u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so
+
+%triggerin -- initscripts
+cp /usr/lib/qubes/serial.conf /etc/init/serial.conf
+
+%post
+
+# disable some Upstart services
+for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do
+	if [ -e /etc/init/$F.conf ]; then
+		mv -f /etc/init/$F.conf /etc/init/$F.conf.disabled
+	fi
+done
+
+remove_ShowIn () {
+	if [ -e /etc/xdg/autostart/$1.desktop ]; then
+		sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop
+	fi
+}
+
+# don't want it at all
+for F in abrt-applet deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto ; do
+	if [ -e /etc/xdg/autostart/$F.desktop ]; then
+		remove_ShowIn $F
+		echo 'NotShowIn=QUBES' >> /etc/xdg/autostart/$F.desktop
+	fi
+done
+
+# don't want it in DisposableVM
+for F in gcm-apply ; do
+	if [ -e /etc/xdg/autostart/$F.desktop ]; then
+		remove_ShowIn $F
+		echo 'NotShowIn=DisposableVM' >> /etc/xdg/autostart/$F.desktop
+	fi
+done
+
+# want it in AppVM only
+for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do
+	if [ -e /etc/xdg/autostart/$F.desktop ]; then
+		remove_ShowIn $F
+		echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop
+	fi
+done
+
+# remove existing rule to add own later
+for F in gpk-update-icon nm-applet ; do
+	remove_ShowIn $F
+done
+
+echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || :
+echo 'OnlyShowIn=GNOME;NetVM;' >> /etc/xdg/autostart/nm-applet.desktop || :
+
+usermod -p '' root
+usermod -L user
+
+# Create NetworkManager configuration if we do not have it
+if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
+echo '[main]' > /etc/NetworkManager/NetworkManager.conf
+echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
+echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
+fi
+/usr/lib/qubes/qubes_fix_nm_conf.sh
+
+
+# Remove ip_forward setting from sysctl, so NM will not reset it
+sed 's/^net.ipv4.ip_forward.*/#\0/'  -i /etc/sysctl.conf
+
+# Prevent unnecessary updates in VMs:
+sed -i -e '/^exclude = kernel/d' /etc/yum.conf
+echo 'exclude = kernel, xorg-x11-drv-*, xorg-x11-drivers, xorg-x11-server-*' >> /etc/yum.conf
+
+if [ "$1" !=  1 ] ; then
+# do the rest of %post thing only when updating for the first time...
+exit 0
+fi
+
+if ! [ -f /var/lib/qubes/serial.orig ] ; then
+	cp /etc/init/serial.conf /var/lib/qubes/serial.orig
+fi
+
+#echo "--> Disabling SELinux..."
+sed -e s/^SELINUX=.*$/SELINUX=disabled/ </etc/selinux/config >/etc/selinux/config.processed
+mv /etc/selinux/config.processed /etc/selinux/config
+setenforce 0 2>/dev/null
+
+#echo "--> Turning off unnecessary services..."
+# FIXME: perhaps there is more elegant way to do this? 
+for f in /etc/init.d/*
+do
+        srv=`basename $f`
+        [ $srv = 'functions' ] && continue
+        [ $srv = 'killall' ] && continue
+        [ $srv = 'halt' ] && continue
+        [ $srv = 'single' ] && continue
+        [ $srv = 'reboot' ] && continue
+        [ $srv = 'qubes_gui' ] && continue
+        chkconfig $srv off
+done
+
+[ -x /bin/systemctl ] && /bin/systemctl disable NetworkManager.service
+[ -x /bin/systemctl ] && /bin/systemctl disable crond.service
+
+#echo "--> Enabling essential services..."
+chkconfig rsyslog on
+chkconfig haldaemon on
+chkconfig messagebus on
+chkconfig iptables on
+chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!"
+chkconfig qubes_core on || echo "WARNING: Cannot enable service qubes_core!"
+chkconfig --add qubes_core_netvm || echo "WARNING: Cannot add service qubes_core!"
+chkconfig qubes_core_netvm on || echo "WARNING: Cannot enable service qubes_core!"
+chkconfig --add qubes_core_appvm || echo "WARNING: Cannot add service qubes_core!"
+chkconfig qubes_core_appvm on || echo "WARNING: Cannot enable service qubes_core!"
+chkconfig --add qubes_firewall || echo "WARNING: Cannot add service qubes_core!"
+chkconfig qubes_firewall on || echo "WARNING: Cannot enable service qubes_core!"
+chkconfig --add qubes_netwatcher || echo "WARNING: Cannot add service qubes_core!"
+chkconfig qubes_netwatcher on || echo "WARNING: Cannot enable service qubes_core!"
+
+
+# TODO: make this not display the silly message about security context...
+sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab
+
+# Remove most of the udev scripts to speed up the VM boot time
+# Just leave the xen* scripts, that are needed if this VM was
+# ever used as a net backend (e.g. as a VPN domain in the future)
+#echo "--> Removing unnecessary udev scripts..."
+mkdir -p /var/lib/qubes/removed-udev-scripts
+for f in /etc/udev/rules.d/*
+do
+    if [ $(basename $f) == "xen-backend.rules" ] ; then
+        continue
+    fi
+
+    if [ $(basename $f) == "xend.rules" ] ; then
+        continue
+    fi
+
+    if [ $(basename $f) == "99-qubes_network.rules" ] ; then
+        continue
+    fi
+
+    if [ $(basename $f) == "99-qubes_block.rules" ] ; then
+        continue
+    fi
+
+    if [ $(basename $f) == "90-hal.rules" ] ; then
+        continue
+    fi
+
+
+    mv $f /var/lib/qubes/removed-udev-scripts/
+done
+mkdir -p /rw
+#rm -f /etc/mtab
+#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0"
+#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig
+#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0
+
+%preun
+if [ "$1" = 0 ] ; then
+    # no more packages left
+    chkconfig qubes_core off
+    chkconfig qubes_core_netvm off
+    chkconfig qubes_core_appvm off
+    chkconfig qubes_firewall off
+    chkconfig qubes_netwatcher off
+    mv /var/lib/qubes/fstab.orig /etc/fstab
+    mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
+    mv /var/lib/qubes/serial.orig /etc/init/serial.conf
+fi
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(-,root,root,-)
+%dir /var/lib/qubes
+%dir /var/run/qubes
+%dir %attr(0775,user,user) /var/lib/qubes/dom0-updates
+%{kde_service_dir}/qvm-copy.desktop
+%{kde_service_dir}/qvm-dvm.desktop
+/etc/NetworkManager/dispatcher.d/30-qubes_external_ip
+/etc/NetworkManager/dispatcher.d/qubes_nmhook
+/etc/X11/xorg-preload-apps.conf
+/etc/dhclient.d/qubes_setup_dnat_to_ns.sh
+/etc/fstab
+/etc/init.d/qubes_core
+/etc/init.d/qubes_core_appvm
+/etc/init.d/qubes_core_netvm
+/etc/init.d/qubes_firewall
+/etc/init.d/qubes_netwatcher
+/etc/pki/rpm-gpg/RPM-GPG-KEY-qubes*
+%dir /etc/qubes_rpc
+/etc/qubes_rpc/qubes.Filecopy
+/etc/qubes_rpc/qubes.OpenInVM
+/etc/qubes_rpc/qubes.VMShell
+/etc/sudoers.d/qubes
+/etc/sysconfig/iptables
+/etc/sysconfig/modules/qubes_core.modules
+/etc/udev/rules.d/50-qubes_memory.rules
+/etc/udev/rules.d/99-qubes_block.rules
+/etc/udev/rules.d/99-qubes_network.rules
+/etc/xen/scripts/vif-route-qubes
+/etc/yum.repos.d/qubes.repo
+/etc/yum/post-actions/qubes_trigger_sync_appmenus.action
+/lib/firmware/updates
+/sbin/qubes_serial_login
+/usr/bin/qvm-copy-to-vm
+/usr/bin/qvm-open-in-dvm
+/usr/bin/qvm-open-in-vm
+/usr/bin/qvm-run
+/usr/bin/xenstore-watch-qubes
+%dir /usr/lib/qubes
+/usr/lib/qubes/block_add_change
+/usr/lib/qubes/block_cleanup
+/usr/lib/qubes/block_remove
+/usr/lib/qubes/meminfo-writer
+/usr/lib/qubes/qfile-agent
+/usr/lib/qubes/qfile-unpacker
+/usr/lib/qubes/qopen-in-vm
+/usr/lib/qubes/qrexec_agent
+/usr/lib/qubes/qrexec_client_vm
+/usr/lib/qubes/qrun-in-vm
+/usr/lib/qubes/qubes_download_dom0_updates.sh
+/usr/lib/qubes/qubes_fix_nm_conf.sh
+/usr/lib/qubes/qubes_rpc_multiplexer
+/usr/lib/qubes/qubes_setup_dnat_to_ns
+/usr/lib/qubes/qubes_trigger_sync_appmenus.sh
+/usr/lib/qubes/qvm-copy-to-vm.gnome
+/usr/lib/qubes/qvm-copy-to-vm.kde
+/usr/lib/qubes/serial.conf
+/usr/lib/qubes/setup_ip
+/usr/lib/qubes/vm-file-editor
+/usr/lib/qubes/vm-shell
+/usr/lib/qubes/wrap_in_html_if_url.sh
+/usr/sbin/qubes_firewall
+/usr/sbin/qubes_netwatcher
+%dir /home_volatile
+%attr(700,user,user) /home_volatile/user
+%dir /mnt/removable
+
+
+%package devel
+Summary:        Include files for qubes core libraries
+License:        GPL v2 only
+Group:          Development/Sources 
+
+%description devel
+
+%files devel
+/usr/include/libvchan.h
+/usr/include/u2mfnlib.h
+/usr/include/u2mfn-kernel.h
+
+%package libs
+Summary:        Qubes core libraries
+License:        GPL v2 only
+Group:          Development/Sources 
+
+%description libs
+
+%files libs
+%{_libdir}/libvchan.so
+%{_libdir}/libu2mfn.so