network: remove qubes-netwatcher

This tool/service is obsolete for a long time (it does nothing on R3.0
and later).

Makefile

@@ -105,7 +105,6 @@ install-sysvinit:
 	install vm-init.d/qubes-core-appvm $(DESTDIR)/etc/init.d/
 	install vm-init.d/qubes-core-netvm $(DESTDIR)/etc/init.d/
 	install vm-init.d/qubes-firewall $(DESTDIR)/etc/init.d/
-	install vm-init.d/qubes-netwatcher $(DESTDIR)/etc/init.d/
 	install vm-init.d/qubes-qrexec-agent $(DESTDIR)/etc/init.d/
 	install vm-init.d/qubes-updates-proxy $(DESTDIR)/etc/init.d/
 	install -D vm-init.d/qubes-core.modules $(DESTDIR)/etc/sysconfig/modules/qubes-core.modules
@@ -203,10 +202,6 @@ install-common:
 	install -m 0400 -D network/ip6tables $(DESTDIR)/etc/qubes/ip6tables.rules
 	install -m 0755 network/update-proxy-configs $(DESTDIR)$(LIBDIR)/qubes/
 
-
-	install -d $(DESTDIR)/$(SBINDIR)
-	install network/qubes-netwatcher $(DESTDIR)/$(SBINDIR)/
-
 	install -d $(DESTDIR)$(BINDIR)
 	install -m 0755 misc/qubes-session-autostart $(DESTDIR)$(BINDIR)/qubes-session-autostart
 	install -m 0755 misc/qvm-features-request $(DESTDIR)$(BINDIR)/qvm-features-request

archlinux/PKGBUILD

@@ -60,7 +60,6 @@ sed 's:#!/usr/bin/env python:#!/usr/bin/env python2:' -i qubes-rpc/*
 
 # Fix for archlinux sbindir
 sed 's:/usr/sbin/ntpdate:/usr/bin/ntpdate:g' -i qubes-rpc/sync-ntp-clock
-sed 's:/usr/sbin/qubes-netwatcher:/usr/bin/qubes-netwatcher:g' -i vm-systemd/qubes-netwatcher.service
 sed 's:/usr/sbin/qubes-firewall:/usr/bin/qubes-firewall:g' -i vm-systemd/qubes-firewall.service
 
 for dir in qubes-rpc qrexec misc; do

archlinux/PKGBUILD.install

@@ -158,7 +158,7 @@ if [ $1 -eq 1 ]; then
     systemctl --no-reload preset-all 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1
 else
     services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs"
-    services="$services qubes-netwatcher qubes-network qubes-sysinit"
+    services="$services qubes-network qubes-sysinit"
     services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent"
     services="$services qubes-random-seed"
     for srv in $services; do
@@ -357,7 +357,7 @@ post_remove() {
 
     rm -rf /var/lib/qubes/xdg
 
-    for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do
+    for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-network qubes-qrexec-agent; do
         systemctl disable $srv.service
     done
     

debian/qubes-core-agent.postrm

@@ -43,7 +43,7 @@ if [ "${1}" = "remove" ] ; then
         rm /lib/firmware/updates
     fi
 
-    for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-qrexec-agent; do
+    for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-network qubes-qrexec-agent; do
         systemctl disable ${srv}.service
     done
 fi

network/qubes-netwatcher

@@ -1,31 +0,0 @@
-#!/bin/sh
-set -e
-
-PIDFILE=/var/run/qubes/qubes-netwatcher.pid
-CURR_NETCFG=""
-
-# PIDfile handling
-[ -e "$PIDFILE" ] && kill -s 0 $(cat "$PIDFILE") 2>/dev/null && exit 0
-echo $$ >$PIDFILE
-
-trap 'exit 0' TERM
-
-while true; do
-	NET_DOMID=$(xenstore-read qubes-netvm-domid || :)
-	if [ -n "$NET_DOMID" ] && [ $NET_DOMID -gt 0 ]; then
-		UNTRUSTED_NETCFG=$(xenstore-read /local/domain/$NET_DOMID/qubes-netvm-external-ip || :)
-		# UNTRUSTED_NETCFG is not parsed in any way
-		# thus, no sanitization ready
-		# but be careful when passing it to other shell scripts
-		if [ "$UNTRUSTED_NETCFG" != "$CURR_NETCFG" ]; then
-			/sbin/service qubes-firewall stop
-			/sbin/service qubes-firewall start
-			CURR_NETCFG="$UNTRUSTED_NETCFG"
-			xenstore-write qubes-netvm-external-ip "$CURR_NETCFG"
-		fi
-
-		xenstore-watch -n 3 /local/domain/$NET_DOMID/qubes-netvm-external-ip qubes-netvm-domid
-	else
-		xenstore-watch -n 2 qubes-netvm-domid
-	fi
-done

rpm_spec/core-vm.spec

@@ -430,7 +430,6 @@ rm -f %{name}-%{version}
 /usr/lib/dracut/dracut.conf.d/30-qubes.conf
 /usr/lib/python2.7/site-packages/qubesxdg.py*
 /usr/sbin/qubes-firewall
-/usr/sbin/qubes-netwatcher
 /usr/share/qubes/serial.conf
 /usr/share/glib-2.0/schemas/org.gnome.settings-daemon.plugins.updates.gschema.override
 /usr/share/glib-2.0/schemas/org.gnome.nautilus.gschema.override
@@ -476,7 +475,6 @@ The Qubes core startup configuration for SysV init (or upstart).
 /etc/init.d/qubes-core-appvm
 /etc/init.d/qubes-core-netvm
 /etc/init.d/qubes-firewall
-/etc/init.d/qubes-netwatcher
 /etc/init.d/qubes-iptables
 /etc/init.d/qubes-updates-proxy
 /etc/init.d/qubes-qrexec-agent
@@ -511,8 +509,6 @@ chkconfig --add qubes-core-appvm || echo "WARNING: Cannot add service qubes-core
 chkconfig qubes-core-appvm on || echo "WARNING: Cannot enable service qubes-core-appvm!"
 chkconfig --add qubes-firewall || echo "WARNING: Cannot add service qubes-firewall!"
 chkconfig qubes-firewall on || echo "WARNING: Cannot enable service qubes-firewall!"
-chkconfig --add qubes-netwatcher || echo "WARNING: Cannot add service qubes-netwatcher!"
-chkconfig qubes-netwatcher on || echo "WARNING: Cannot enable service qubes-netwatcher!"
 chkconfig --add qubes-iptables || echo "WARNING: Cannot add service qubes-iptables!"
 chkconfig qubes-iptables on || echo "WARNING: Cannot enable service qubes-iptables!"
 chkconfig --add qubes-updates-proxy || echo "WARNING: Cannot add service qubes-updates-proxy!"
@@ -520,6 +516,9 @@ chkconfig qubes-updates-proxy on || echo "WARNING: Cannot enable service qubes-u
 chkconfig --add qubes-qrexec-agent || echo "WARNING: Cannot add service qubes-qrexec-agent!"
 chkconfig qubes-qrexec-agent on || echo "WARNING: Cannot enable service qubes-qrexec-agent!"
 
+# dropped services
+chkconfig qubes-netwatcher off || :
+
 # TODO: make this not display the silly message about security context...
 sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab
 
@@ -530,7 +529,6 @@ if [ "$1" = 0 ] ; then
     chkconfig qubes-core-netvm off
     chkconfig qubes-core-appvm off
     chkconfig qubes-firewall off
-    chkconfig qubes-netwatcher off
     chkconfig qubes-updates-proxy off
     chkconfig qubes-qrexec-agent off
 fi
@@ -556,7 +554,6 @@ The Qubes core startup configuration for SystemD init.
 /lib/systemd/system/qubes-misc-post.service
 /lib/systemd/system/qubes-firewall.service
 /lib/systemd/system/qubes-mount-dirs.service
-/lib/systemd/system/qubes-netwatcher.service
 /lib/systemd/system/qubes-network.service
 /lib/systemd/system/qubes-iptables.service
 /lib/systemd/system/qubes-sysinit.service
@@ -606,7 +603,7 @@ if [ $1 -eq 1 ]; then
     /bin/systemctl --no-reload preset-all > /dev/null 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1
 else
     services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs"
-    services="$services qubes-netwatcher qubes-network qubes-sysinit"
+    services="$services qubes-network qubes-sysinit"
     services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent"
     for srv in $services; do
         /bin/systemctl --no-reload preset $srv.service
@@ -621,6 +618,9 @@ else
     fi
 fi
 
+# dropped services
+/bin/systemctl disable qubes-netwatcher.service >/dev/null 2>&1 || :
+
 # Set default "runlevel"
 rm -f /etc/systemd/system/default.target
 ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
@@ -663,6 +663,6 @@ if [ "$1" != 0 ] ; then
     exit 0
 fi
 
-for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do
+for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-network qubes-qrexec-agent; do
     /bin/systemctl disable $srv.service
 do

vm-init.d/qubes-netwatcher

@@ -1,48 +0,0 @@
-#!/bin/bash
-#
-# chkconfig: 345 92 92
-# description: Starts Qubes Network monitor
-#
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-PIDFILE=/var/run/qubes/qubes-netwatcher.pid
-
-start()
-{
-    type=$(/usr/bin/qubesdb-read /qubes-vm-type)
-    start_netwatcher=$(/usr/bin/qubesdb-read /qubes-service/qubes-netwatcher 2>/dev/null)
-    if [ -z "$start_netwatcher" ] && [ "$type" == "ProxyVM" ] || [ "$start_netwatcher" == "1" ]; then
-        echo -n $"Starting Qubes Network monitor:"
-        /sbin/ethtool -K eth0 sg off
-        /usr/sbin/qubes-netwatcher &
-        success
-        echo ""
-    fi
-	return 0
-}
-
-stop()
-{
-    if [ -r "$PIDFILE" ]; then
-        echo -n "Stopping Qubes Network monitor:"
-        kill -9 $(cat $PIDFILE) 2>/dev/null  && success || failure
-        echo ""
-    fi
-	return 0
-}
-
-case "$1" in
-  start)
-	start
-	;;
-  stop)
-	stop
-	;;
-  *)
-	echo $"Usage: $0 {start|stop}"
-	exit 3
-	;;
-esac
-
-exit $RETVAL

vm-systemd/75-qubes-vm.preset

@@ -68,7 +68,6 @@ enable qubes-network.service
 enable qubes-qrexec-agent.service
 enable qubes-mount-dirs.service
 enable qubes-firewall.service
-enable qubes-netwatcher.service
 enable qubes-meminfo-writer.service
 enable qubes-iptables.service
 enable haveged.service

vm-systemd/qubes-netwatcher.service

@@ -1,11 +0,0 @@
-[Unit]
-Description=Qubes network monitor
-ConditionPathExists=/var/run/qubes-service/qubes-netwatcher
-After=network-pre.target qubes-firewall.service
-
-[Service]
-ExecStart=/usr/sbin/qubes-netwatcher
-StandardOutput=syslog
-
-[Install]
-WantedBy=multi-user.target

vm-systemd/qubes-sysinit.sh

@@ -2,7 +2,7 @@
 
 # List of services enabled by default (in case of absence of qubesdb entry)
 DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy"
-DEFAULT_ENABLED_PROXYVM="qubes-network qubes-firewall qubes-netwatcher qubes-update-check"
+DEFAULT_ENABLED_PROXYVM="qubes-network qubes-firewall qubes-update-check"
 DEFAULT_ENABLED_APPVM="cups qubes-update-check"
 DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup"
 DEFAULT_ENABLED=""