Merge remote-tracking branch 'qubesos/pr/63'
* qubesos/pr/63: archlinux: restore setup of pam.d/su-l archlinux: remove python3 dependency archlinux: ensure [options] section is present in all pacman drop-ins archlinux: enforce usage of python2 in all scripts Makefile: avoid using python interpreter as a static name archlinux: create user 'user' using bash by default instead of zsh archlinux: ship pam.d/qrexec as a replacement of using su archlinux: do not mess with locales in post-install script archlinux: remove pam configuration for su and su-l archlinux: remove deprecated setup of pam since v4.0.3 Add the 4.0 repo to the PKGBUILD sources list Restore the binary pacman repo and update it for QubesOS 4.0 Fix the makefile for archlinux - SBINDIR is already /usr/bin Update the arch PKGBUILD script for QubesOS 4.0
This commit is contained in:
commit
28be709238
8
Makefile
8
Makefile
@ -9,7 +9,7 @@ BINDIR ?= /usr/bin
|
|||||||
LIBDIR ?= /usr/lib
|
LIBDIR ?= /usr/lib
|
||||||
SYSLIBDIR ?= /lib
|
SYSLIBDIR ?= /lib
|
||||||
|
|
||||||
PYTHON = /usr/bin/python2
|
PYTHON ?= /usr/bin/python2
|
||||||
PYTHON_SITEARCH = `python2 -c 'import distutils.sysconfig; print distutils.sysconfig.get_python_lib(1)'`
|
PYTHON_SITEARCH = `python2 -c 'import distutils.sysconfig; print distutils.sysconfig.get_python_lib(1)'`
|
||||||
PYTHON2_SITELIB = `python2 -c 'import distutils.sysconfig; print distutils.sysconfig.get_python_lib()'`
|
PYTHON2_SITELIB = `python2 -c 'import distutils.sysconfig; print distutils.sysconfig.get_python_lib()'`
|
||||||
PYTHON3_SITELIB = `python3 -c 'import distutils.sysconfig; print(distutils.sysconfig.get_python_lib())'`
|
PYTHON3_SITELIB = `python3 -c 'import distutils.sysconfig; print(distutils.sysconfig.get_python_lib())'`
|
||||||
@ -171,9 +171,13 @@ install-common: install-doc
|
|||||||
install -m 0644 -D misc/fstab $(DESTDIR)/etc/fstab
|
install -m 0644 -D misc/fstab $(DESTDIR)/etc/fstab
|
||||||
|
|
||||||
# force /usr/bin before /bin to have /usr/bin/python instead of /bin/python
|
# force /usr/bin before /bin to have /usr/bin/python instead of /bin/python
|
||||||
PATH="/usr/bin:$(PATH)" python setup.py install $(PYTHON_PREFIX_ARG) -O1 --root $(DESTDIR)
|
PATH="/usr/bin:$(PATH)" $(PYTHON) setup.py install $(PYTHON_PREFIX_ARG) -O1 --root $(DESTDIR)
|
||||||
mkdir -p $(DESTDIR)$(SBINDIR)
|
mkdir -p $(DESTDIR)$(SBINDIR)
|
||||||
|
|
||||||
|
ifneq ($(SBINDIR),/usr/bin)
|
||||||
mv $(DESTDIR)/usr/bin/qubes-firewall $(DESTDIR)$(SBINDIR)/qubes-firewall
|
mv $(DESTDIR)/usr/bin/qubes-firewall $(DESTDIR)$(SBINDIR)/qubes-firewall
|
||||||
|
endif
|
||||||
|
|
||||||
|
|
||||||
install -d -m 0750 $(DESTDIR)/etc/sudoers.d/
|
install -d -m 0750 $(DESTDIR)/etc/sudoers.d/
|
||||||
install -D -m 0440 misc/qubes.sudoers $(DESTDIR)/etc/sudoers.d/qubes
|
install -D -m 0440 misc/qubes.sudoers $(DESTDIR)/etc/sudoers.d/qubes
|
||||||
|
@ -3,15 +3,15 @@
|
|||||||
# shellcheck disable=SC2034
|
# shellcheck disable=SC2034
|
||||||
pkgname=qubes-vm-core
|
pkgname=qubes-vm-core
|
||||||
pkgver=$(cat version)
|
pkgver=$(cat version)
|
||||||
pkgrel=11
|
pkgrel=13
|
||||||
epoch=
|
epoch=
|
||||||
pkgdesc="The Qubes core files for installation inside a Qubes VM."
|
pkgdesc="The Qubes core files for installation inside a Qubes VM."
|
||||||
arch=("x86_64")
|
arch=("x86_64")
|
||||||
url="http://qubes-os.org/"
|
url="http://qubes-os.org/"
|
||||||
license=('GPL')
|
license=('GPL')
|
||||||
groups=()
|
groups=()
|
||||||
depends=("qubes-vm-utils>=3.1.3" python2 python3 python2-xdg ethtool ntp net-tools gnome-packagekit imagemagick fakeroot notification-daemon dconf zenity qubes-libvchan "qubes-db-vm>=3.2.1" haveged python2-gobject python2-dbus xdg-utils notification-daemon gawk sed procps-ng librsvg)
|
depends=("qubes-vm-utils>=3.1.3" python2 python2-xdg ethtool ntp net-tools gnome-packagekit imagemagick fakeroot notification-daemon dconf zenity qubes-libvchan "qubes-db-vm>=3.2.1" haveged python2-gobject python2-dbus xdg-utils notification-daemon gawk sed procps-ng librsvg)
|
||||||
makedepends=(gcc make pkg-config "qubes-vm-utils>=3.1.3" qubes-libvchan qubes-db-vm qubes-vm-xen libx11 python2 python3 lsb-release)
|
makedepends=(gcc make pkg-config "qubes-vm-utils>=3.1.3" qubes-libvchan qubes-db-vm qubes-vm-xen libx11 python2 python3 lsb-release pandoc)
|
||||||
checkdepends=()
|
checkdepends=()
|
||||||
optdepends=(gnome-keyring gnome-settings-daemon networkmanager iptables tinyproxy python2-nautilus gpk-update-viewer)
|
optdepends=(gnome-keyring gnome-settings-daemon networkmanager iptables tinyproxy python2-nautilus gpk-update-viewer)
|
||||||
provides=()
|
provides=()
|
||||||
@ -24,16 +24,16 @@ changelog=
|
|||||||
|
|
||||||
source=(
|
source=(
|
||||||
PKGBUILD.qubes-ensure-lib-modules.service PKGBUILD.qubes-update-desktop-icons.hook
|
PKGBUILD.qubes-ensure-lib-modules.service PKGBUILD.qubes-update-desktop-icons.hook
|
||||||
PKGBUILD-qubes-noupgrade.conf
|
PKGBUILD-qubes-pacman-options.conf
|
||||||
PKGBUILD-qubes-repo-3.1.conf
|
|
||||||
PKGBUILD-qubes-repo-3.2.conf
|
PKGBUILD-qubes-repo-3.2.conf
|
||||||
|
PKGBUILD-qubes-repo-4.0.conf
|
||||||
)
|
)
|
||||||
|
|
||||||
noextract=()
|
noextract=()
|
||||||
md5sums=(SKIP)
|
md5sums=(SKIP)
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
for source in autostart-dropins qubes-rpc qrexec misc Makefile vm-init.d vm-systemd network init version; do
|
for source in autostart-dropins qubes-rpc qrexec misc Makefile vm-init.d vm-systemd network init version doc setup.py qubesagent post-install.d; do
|
||||||
# shellcheck disable=SC2154
|
# shellcheck disable=SC2154
|
||||||
(ln -s "$srcdir/../$source" "$srcdir/$source")
|
(ln -s "$srcdir/../$source" "$srcdir/$source")
|
||||||
done
|
done
|
||||||
@ -46,10 +46,10 @@ build() {
|
|||||||
sed 's:/bin/grep:grep:g' -i network/*
|
sed 's:/bin/grep:grep:g' -i network/*
|
||||||
|
|
||||||
# Force running all scripts with python2
|
# Force running all scripts with python2
|
||||||
sed 's:#!/usr/bin/python:#!/usr/bin/python2:' -i misc/*
|
sed 's:^#!/usr/bin/python.*:#!/usr/bin/python2:' -i misc/*
|
||||||
sed 's:#!/usr/bin/env python:#!/usr/bin/env python2:' -i misc/*
|
sed 's:^#!/usr/bin/env python.*:#!/usr/bin/env python2:' -i misc/*
|
||||||
sed 's:#!/usr/bin/python:#!/usr/bin/python2:' -i qubes-rpc/*
|
sed 's:^#!/usr/bin/python.*:#!/usr/bin/python2:' -i qubes-rpc/*
|
||||||
sed 's:#!/usr/bin/env python:#!/usr/bin/env python2:' -i qubes-rpc/*
|
sed 's:^#!/usr/bin/env python.*:#!/usr/bin/env python2:' -i qubes-rpc/*
|
||||||
|
|
||||||
# Fix for archlinux sbindir
|
# Fix for archlinux sbindir
|
||||||
sed 's:/usr/sbin/ntpdate:/usr/bin/ntpdate:g' -i qubes-rpc/sync-ntp-clock
|
sed 's:/usr/sbin/ntpdate:/usr/bin/ntpdate:g' -i qubes-rpc/sync-ntp-clock
|
||||||
@ -65,7 +65,7 @@ package() {
|
|||||||
# shellcheck disable=SC2154
|
# shellcheck disable=SC2154
|
||||||
make -C qrexec install DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
|
make -C qrexec install DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
|
||||||
|
|
||||||
make install-vm DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux
|
PYTHON=python2 make install-vm DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux
|
||||||
|
|
||||||
# Remove things non wanted in archlinux
|
# Remove things non wanted in archlinux
|
||||||
rm -r "$pkgdir/etc/yum"*
|
rm -r "$pkgdir/etc/yum"*
|
||||||
@ -82,7 +82,7 @@ package() {
|
|||||||
|
|
||||||
# Install pacman.d drop-ins (at least 1 drop-in must be installed or pacman will fail)
|
# Install pacman.d drop-ins (at least 1 drop-in must be installed or pacman will fail)
|
||||||
mkdir -p "${pkgdir}/etc/pacman.d"
|
mkdir -p "${pkgdir}/etc/pacman.d"
|
||||||
install -m 644 "$srcdir/PKGBUILD-qubes-noupgrade.conf" "${pkgdir}/etc/pacman.d/10-qubes-noupgrade.conf"
|
install -m 644 "$srcdir/PKGBUILD-qubes-pacman-options.conf" "${pkgdir}/etc/pacman.d/10-qubes-options.conf"
|
||||||
|
|
||||||
# Install pacman repository
|
# Install pacman repository
|
||||||
release=$(echo "$pkgver" | cut -d '.' -f 1,2)
|
release=$(echo "$pkgver" | cut -d '.' -f 1,2)
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
[options]
|
|
||||||
NoUpgrade = etc/pam.d/su
|
|
||||||
NoUpgrade = etc/pam.d/su-l
|
|
2
archlinux/PKGBUILD-qubes-pacman-options.conf
Normal file
2
archlinux/PKGBUILD-qubes-pacman-options.conf
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
[options]
|
||||||
|
NoUpgrade = etc/pam.d/su-l
|
@ -1,2 +1,2 @@
|
|||||||
[qubes-r3.1]
|
[qubes-r4.0]
|
||||||
Server = http://olivier.medoc.free.fr/archlinux/current
|
Server = http://olivier.medoc.free.fr/archlinux/current
|
@ -12,7 +12,7 @@ update_default_user() {
|
|||||||
# Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this.
|
# Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this.
|
||||||
# See https://bugs.archlinux.org/task/31831
|
# See https://bugs.archlinux.org/task/31831
|
||||||
id -u 'user' >/dev/null 2>&1 || {
|
id -u 'user' >/dev/null 2>&1 || {
|
||||||
useradd --user-group --create-home --shell /bin/zsh user
|
useradd --user-group --create-home --shell /bin/bash user
|
||||||
}
|
}
|
||||||
usermod -a --groups qubes user
|
usermod -a --groups qubes user
|
||||||
}
|
}
|
||||||
@ -130,21 +130,6 @@ EOF
|
|||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Make sure there is a default locale set so gnome-terminal will start
|
|
||||||
if [ ! -e /etc/locale.conf ] || ! grep -q LANG /etc/locale.conf; then
|
|
||||||
touch /etc/locale.conf
|
|
||||||
echo "LANG=en_US.UTF-8" >> /etc/locale.conf
|
|
||||||
fi
|
|
||||||
# ... and make sure it is really generated
|
|
||||||
# This line is buggy as LANG can be set to LANG="en_US.UTF-8". The Quotes must be stripped
|
|
||||||
current_locale=$(grep LANG /etc/locale.conf|cut -f 2 -d = | tr -d '"')
|
|
||||||
if [ -n "$current_locale" ] && ! locale -a | grep -q "$current_locale"; then
|
|
||||||
base=$(echo "$current_locale" | cut -f 1 -d .)
|
|
||||||
charmap=$(echo "$current_locale.UTF-8" | cut -f 2 -d .)
|
|
||||||
[ -n "$charmap" ] && charmap="-f $charmap"
|
|
||||||
# shellcheck disable=SC2086
|
|
||||||
localedef -i "$base" $charmap "$current_locale"
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
############################
|
############################
|
||||||
@ -331,24 +316,14 @@ update_finalize() {
|
|||||||
/usr/lib/qubes/update-proxy-configs
|
/usr/lib/qubes/update-proxy-configs
|
||||||
|
|
||||||
# Archlinux specific: Update pam.d configuration for su to enable systemd-login wrapper
|
# Archlinux specific: Update pam.d configuration for su to enable systemd-login wrapper
|
||||||
# Also remove pam_unix.so from su configuration
|
# This is required as qubes-gui agent calls xinit with su -l user without initializing properly
|
||||||
|
# the user session.
|
||||||
|
# pam_unix.so can also be removed from su configuration
|
||||||
# as system-login (which include system-auth) already gives pam_unix.so
|
# as system-login (which include system-auth) already gives pam_unix.so
|
||||||
# with more appropriate parameters (fix the missing nullok parameter)
|
# with more appropriate parameters (fix the missing nullok parameter)
|
||||||
|
|
||||||
if grep -q pam_unix.so /etc/pam.d/su; then
|
if grep -q pam_unix.so /etc/pam.d/su; then
|
||||||
echo "Fixing pam.d"
|
echo "Fixing pam.d"
|
||||||
cat <<EOF > /etc/pam.d/su
|
cp /etc/pam.d/qrexec /etc/pam.d/su-l
|
||||||
#%PAM-1.0
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
# Uncomment the following line to implicitly trust users in the "wheel" group.
|
|
||||||
#auth sufficient pam_wheel.so trust use_uid
|
|
||||||
# Uncomment the following line to require a user to be in the "wheel" group.
|
|
||||||
#auth required pam_wheel.so use_uid
|
|
||||||
auth include system-login
|
|
||||||
account include system-login
|
|
||||||
session include system-login
|
|
||||||
EOF
|
|
||||||
cp /etc/pam.d/su /etc/pam.d/su-l
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Archlinux specific: ensure tty1 is enabled
|
# Archlinux specific: ensure tty1 is enabled
|
||||||
|
@ -121,7 +121,7 @@ if [ -d /etc/pacman.d ]; then
|
|||||||
### All modifications here will be lost.
|
### All modifications here will be lost.
|
||||||
### If you want to override some of this settings, create another file under
|
### If you want to override some of this settings, create another file under
|
||||||
### /etc/pacman.d
|
### /etc/pacman.d
|
||||||
|
[options]
|
||||||
XferCommand = http_proxy=$PROXY_ADDR /usr/bin/curl -C - -f %u > %o
|
XferCommand = http_proxy=$PROXY_ADDR /usr/bin/curl -C - -f %u > %o
|
||||||
EOF
|
EOF
|
||||||
else
|
else
|
||||||
|
@ -21,6 +21,8 @@ install:
|
|||||||
install qubes-rpc-multiplexer $(DESTDIR)/usr/lib/qubes
|
install qubes-rpc-multiplexer $(DESTDIR)/usr/lib/qubes
|
||||||
ifeq ($(shell lsb_release -is), Debian)
|
ifeq ($(shell lsb_release -is), Debian)
|
||||||
install -D -m 0644 qrexec.pam.debian $(DESTDIR)/etc/pam.d/qrexec
|
install -D -m 0644 qrexec.pam.debian $(DESTDIR)/etc/pam.d/qrexec
|
||||||
|
else ifeq ($(shell lsb_release -is), Arch)
|
||||||
|
install -D -m 0644 qrexec.pam.archlinux $(DESTDIR)/etc/pam.d/qrexec
|
||||||
else
|
else
|
||||||
install -D -m 0644 qrexec.pam $(DESTDIR)/etc/pam.d/qrexec
|
install -D -m 0644 qrexec.pam $(DESTDIR)/etc/pam.d/qrexec
|
||||||
endif
|
endif
|
||||||
|
9
qrexec/qrexec.pam.archlinux
Normal file
9
qrexec/qrexec.pam.archlinux
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
#%PAM-1.0
|
||||||
|
auth sufficient pam_rootok.so
|
||||||
|
# Uncomment the following line to implicitly trust users in the "wheel" group.
|
||||||
|
#auth sufficient pam_wheel.so trust use_uid
|
||||||
|
# Uncomment the following line to require a user to be in the "wheel" group.
|
||||||
|
#auth required pam_wheel.so use_uid
|
||||||
|
auth include system-login
|
||||||
|
account include system-login
|
||||||
|
session include system-login
|
Loading…
Reference in New Issue
Block a user