From 2a117548b6513eea908bcadaa564c82831b0647e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 13 Jun 2017 01:36:12 +0200 Subject: [PATCH] Ship grub configuration Qubes VM require few config options in grub. Ship appropriate configuration. Debian have grub.d support, so it can be done cleanly. On Fedora, /etc/default/grub needs to be modified. Still keep the options in separate file, but include it manually from /etc/default/grub. QubesOS/qubes-issues#2577 --- Makefile | 2 ++ debian/qubes-core-agent.install | 1 + misc/grub.qubes | 12 ++++++++++++ rpm_spec/core-agent.spec | 9 +++++++++ 4 files changed, 24 insertions(+) create mode 100644 misc/grub.qubes diff --git a/Makefile b/Makefile index 525d1a5..26fc053 100644 --- a/Makefile +++ b/Makefile @@ -155,6 +155,7 @@ install-rh: install-systemd install-systemd-dropins install-sysvinit install -D -m 0644 misc/qubes-trigger-sync-appmenus.action $(DESTDIR)/etc/yum/post-actions/qubes-trigger-sync-appmenus.action + install -D -m 0644 misc/grub.qubes $(DESTDIR)/etc/default/grub.qubes install -D -m 0644 misc/serial.conf $(DESTDIR)/usr/share/qubes/serial.conf install -D misc/qubes-serial-login $(DESTDIR)/$(SBINDIR)/qubes-serial-login install -D -m 0644 misc/dracut-qubes.conf \ @@ -316,6 +317,7 @@ install-deb: install-common install-systemd install-systemd-dropins install -m 0644 misc/pam.d_su.qubes $(DESTDIR)/etc/pam.d/su.qubes install -d $(DESTDIR)/etc/needrestart/conf.d install -D -m 0644 misc/50_qubes.conf $(DESTDIR)/etc/needrestart/conf.d/50_qubes.conf + install -D -m 0644 misc/grub.qubes $(DESTDIR)/etc/default/grub.d/30-qubes.cfg mkdir -p $(DESTDIR)/etc/systemd/system/ install -m 0644 vm-systemd/haveged.service $(DESTDIR)/etc/systemd/system/ diff --git a/debian/qubes-core-agent.install b/debian/qubes-core-agent.install index 74b0420..d5abfb6 100644 --- a/debian/qubes-core-agent.install +++ b/debian/qubes-core-agent.install @@ -2,6 +2,7 @@ etc/X11/xorg-preload-apps.conf etc/apt/apt.conf.d/00notify-hook etc/apt/sources.list.d/qubes-r3.list etc/apt/trusted.gpg.d/qubes-archive-keyring.gpg +etc/default/grub.d/30-qubes.cfg etc/fstab etc/needrestart/conf.d/50_qubes.conf etc/profile.d/qt_x11_no_mitshm.sh diff --git a/misc/grub.qubes b/misc/grub.qubes new file mode 100644 index 0000000..5621b44 --- /dev/null +++ b/misc/grub.qubes @@ -0,0 +1,12 @@ +# make sure to use /dev/mapper/dmroot, not /dev/xvda directly - both have the +# same fs, including UUID +GRUB_DISABLE_LINUX_UUID=true +GRUB_DISABLE_OS_PROBER=true +# don't append twice +if [ -z "$QUBES_APPENDED" ]; then + GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX root=/dev/mapper/dmroot console=hvc0" + # make SWIOTLB smaller - it isn't really needed unless PCI passthrough is used, + # and even then, 16MB is enough + GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX swiotlb=8192" + QUBES_APPENDED=1 +fi diff --git a/rpm_spec/core-agent.spec b/rpm_spec/core-agent.spec index d52e8b8..bc83a72 100644 --- a/rpm_spec/core-agent.spec +++ b/rpm_spec/core-agent.spec @@ -309,6 +309,14 @@ if [ -e /etc/init/serial.conf ]; then cp /usr/share/qubes/serial.conf /etc/init/serial.conf fi +%triggerin -- grub2-tools + +if ! grep -q /etc/default/grub.qubes /etc/default/grub 2>/dev/null; then + # do not keep Qubes-related settings directly in user-controlled config, + # include another file + echo '. /etc/default/grub.qubes' >> /etc/default/grub +fi + %post # disable some Upstart services @@ -511,6 +519,7 @@ rm -f %{name}-%{version} %config(noreplace) /etc/qubes-rpc/qubes.StartApp %config(noreplace) /etc/qubes-rpc/qubes.PostInstall %dir /etc/qubes/autostart +%config(noreplace) /etc/default/grub.qubes /etc/qubes/autostart/README.txt %config /etc/qubes/autostart/*.desktop.d/30_qubes.conf %dir /etc/qubes/suspend-pre.d