network: remove qubes-netwatcher

This tool/service is obsolete for a long time (it does nothing on R3.0 and later).
2016-09-12 05:31:02 +02:00 · 2016-09-12 05:31:02 +02:00 · 2c8fe644f3
commit 2c8fe644f3
parent ee0a292b21
10 changed files with 12 additions and 109 deletions
--- a/5
+++ b/5
@ -105,7 +105,6 @@ install-sysvinit:
 	install vm-init.d/qubes-core-appvm $(DESTDIR)/etc/init.d/
 	install vm-init.d/qubes-core-netvm $(DESTDIR)/etc/init.d/
 	install vm-init.d/qubes-firewall $(DESTDIR)/etc/init.d/
-	install vm-init.d/qubes-netwatcher $(DESTDIR)/etc/init.d/
 	install vm-init.d/qubes-qrexec-agent $(DESTDIR)/etc/init.d/
 	install vm-init.d/qubes-updates-proxy $(DESTDIR)/etc/init.d/
 	install -D vm-init.d/qubes-core.modules $(DESTDIR)/etc/sysconfig/modules/qubes-core.modules
@ -203,10 +202,6 @@ install-common:
 	install -m 0400 -D network/ip6tables $(DESTDIR)/etc/qubes/ip6tables.rules
 	install -m 0755 network/update-proxy-configs $(DESTDIR)$(LIBDIR)/qubes/

-
-	install -d $(DESTDIR)/$(SBINDIR)
-	install network/qubes-netwatcher $(DESTDIR)/$(SBINDIR)/
-
 	install -d $(DESTDIR)$(BINDIR)
 	install -m 0755 misc/qubes-session-autostart $(DESTDIR)$(BINDIR)/qubes-session-autostart
 	install -m 0755 misc/qvm-features-request $(DESTDIR)$(BINDIR)/qvm-features-request
--- a/archlinux/PKGBUILD
+++ b/archlinux/PKGBUILD
@ -60,7 +60,6 @@ sed 's:#!/usr/bin/env python:#!/usr/bin/env python2:' -i qubes-rpc/*

 # Fix for archlinux sbindir
 sed 's:/usr/sbin/ntpdate:/usr/bin/ntpdate:g' -i qubes-rpc/sync-ntp-clock
-sed 's:/usr/sbin/qubes-netwatcher:/usr/bin/qubes-netwatcher:g' -i vm-systemd/qubes-netwatcher.service
 sed 's:/usr/sbin/qubes-firewall:/usr/bin/qubes-firewall:g' -i vm-systemd/qubes-firewall.service

 for dir in qubes-rpc qrexec misc; do
--- a/archlinux/PKGBUILD.install
+++ b/archlinux/PKGBUILD.install
@ -158,7 +158,7 @@ if [ $1 -eq 1 ]; then
    systemctl --no-reload preset-all 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1
 else
    services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs"
-    services="$services qubes-netwatcher qubes-network qubes-sysinit"
+    services="$services qubes-network qubes-sysinit"
    services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent"
    services="$services qubes-random-seed"
    for srv in $services; do
@ -357,7 +357,7 @@ post_remove() {

    rm -rf /var/lib/qubes/xdg

-    for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do
+    for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-network qubes-qrexec-agent; do
        systemctl disable $srv.service
    done
    
--- a/debian/qubes-core-agent.postrm
+++ b/debian/qubes-core-agent.postrm
@ -43,7 +43,7 @@ if [ "${1}" = "remove" ] ; then
        rm /lib/firmware/updates
    fi

-    for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-qrexec-agent; do
+    for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-network qubes-qrexec-agent; do
        systemctl disable ${srv}.service
    done
 fi
--- a/network/qubes-netwatcher
+++ b/network/qubes-netwatcher
@ -1,31 +0,0 @@
-#!/bin/sh
-set -e
-
-PIDFILE=/var/run/qubes/qubes-netwatcher.pid
-CURR_NETCFG=""
-
-# PIDfile handling
-[ -e "$PIDFILE" ] && kill -s 0 $(cat "$PIDFILE") 2>/dev/null && exit 0
-echo $$ >$PIDFILE
-
-trap 'exit 0' TERM
-
-while true; do
-	NET_DOMID=$(xenstore-read qubes-netvm-domid || :)
-	if [ -n "$NET_DOMID" ] && [ $NET_DOMID -gt 0 ]; then
-		UNTRUSTED_NETCFG=$(xenstore-read /local/domain/$NET_DOMID/qubes-netvm-external-ip || :)
-		# UNTRUSTED_NETCFG is not parsed in any way
-		# thus, no sanitization ready
-		# but be careful when passing it to other shell scripts
-		if [ "$UNTRUSTED_NETCFG" != "$CURR_NETCFG" ]; then
-			/sbin/service qubes-firewall stop
-			/sbin/service qubes-firewall start
-			CURR_NETCFG="$UNTRUSTED_NETCFG"
-			xenstore-write qubes-netvm-external-ip "$CURR_NETCFG"
-		fi
-
-		xenstore-watch -n 3 /local/domain/$NET_DOMID/qubes-netvm-external-ip qubes-netvm-domid
-	else
-		xenstore-watch -n 2 qubes-netvm-domid
-	fi
-done
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@ -430,7 +430,6 @@ rm -f %{name}-%{version}
 /usr/lib/dracut/dracut.conf.d/30-qubes.conf
 /usr/lib/python2.7/site-packages/qubesxdg.py*
 /usr/sbin/qubes-firewall
-/usr/sbin/qubes-netwatcher
 /usr/share/qubes/serial.conf
 /usr/share/glib-2.0/schemas/org.gnome.settings-daemon.plugins.updates.gschema.override
 /usr/share/glib-2.0/schemas/org.gnome.nautilus.gschema.override
@ -476,7 +475,6 @@ The Qubes core startup configuration for SysV init (or upstart).
 /etc/init.d/qubes-core-appvm
 /etc/init.d/qubes-core-netvm
 /etc/init.d/qubes-firewall
-/etc/init.d/qubes-netwatcher
 /etc/init.d/qubes-iptables
 /etc/init.d/qubes-updates-proxy
 /etc/init.d/qubes-qrexec-agent
@ -511,8 +509,6 @@ chkconfig --add qubes-core-appvm || echo "WARNING: Cannot add service qubes-core
 chkconfig qubes-core-appvm on || echo "WARNING: Cannot enable service qubes-core-appvm!"
 chkconfig --add qubes-firewall || echo "WARNING: Cannot add service qubes-firewall!"
 chkconfig qubes-firewall on || echo "WARNING: Cannot enable service qubes-firewall!"
-chkconfig --add qubes-netwatcher || echo "WARNING: Cannot add service qubes-netwatcher!"
-chkconfig qubes-netwatcher on || echo "WARNING: Cannot enable service qubes-netwatcher!"
 chkconfig --add qubes-iptables || echo "WARNING: Cannot add service qubes-iptables!"
 chkconfig qubes-iptables on || echo "WARNING: Cannot enable service qubes-iptables!"
 chkconfig --add qubes-updates-proxy || echo "WARNING: Cannot add service qubes-updates-proxy!"
@ -520,6 +516,9 @@ chkconfig qubes-updates-proxy on || echo "WARNING: Cannot enable service qubes-u
 chkconfig --add qubes-qrexec-agent || echo "WARNING: Cannot add service qubes-qrexec-agent!"
 chkconfig qubes-qrexec-agent on || echo "WARNING: Cannot enable service qubes-qrexec-agent!"

+# dropped services
+chkconfig qubes-netwatcher off || :
+
 # TODO: make this not display the silly message about security context...
 sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab

@ -530,7 +529,6 @@ if [ "$1" = 0 ] ; then
    chkconfig qubes-core-netvm off
    chkconfig qubes-core-appvm off
    chkconfig qubes-firewall off
-    chkconfig qubes-netwatcher off
    chkconfig qubes-updates-proxy off
    chkconfig qubes-qrexec-agent off
 fi
@ -556,7 +554,6 @@ The Qubes core startup configuration for SystemD init.
 /lib/systemd/system/qubes-misc-post.service
 /lib/systemd/system/qubes-firewall.service
 /lib/systemd/system/qubes-mount-dirs.service
-/lib/systemd/system/qubes-netwatcher.service
 /lib/systemd/system/qubes-network.service
 /lib/systemd/system/qubes-iptables.service
 /lib/systemd/system/qubes-sysinit.service
@ -606,7 +603,7 @@ if [ $1 -eq 1 ]; then
    /bin/systemctl --no-reload preset-all > /dev/null 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1
 else
    services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs"
-    services="$services qubes-netwatcher qubes-network qubes-sysinit"
+    services="$services qubes-network qubes-sysinit"
    services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent"
    for srv in $services; do
        /bin/systemctl --no-reload preset $srv.service
@ -621,6 +618,9 @@ else
    fi
 fi

+# dropped services
+/bin/systemctl disable qubes-netwatcher.service >/dev/null 2>&1 || :
+
 # Set default "runlevel"
 rm -f /etc/systemd/system/default.target
 ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
@ -663,6 +663,6 @@ if [ "$1" != 0 ] ; then
    exit 0
 fi

-for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do
+for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-network qubes-qrexec-agent; do
    /bin/systemctl disable $srv.service
 do
--- a/vm-init.d/qubes-netwatcher
+++ b/vm-init.d/qubes-netwatcher
@ -1,48 +0,0 @@
-#!/bin/bash
-#
-# chkconfig: 345 92 92
-# description: Starts Qubes Network monitor
-#
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-PIDFILE=/var/run/qubes/qubes-netwatcher.pid
-
-start()
-{
-    type=$(/usr/bin/qubesdb-read /qubes-vm-type)
-    start_netwatcher=$(/usr/bin/qubesdb-read /qubes-service/qubes-netwatcher 2>/dev/null)
-    if [ -z "$start_netwatcher" ] && [ "$type" == "ProxyVM" ] || [ "$start_netwatcher" == "1" ]; then
-        echo -n $"Starting Qubes Network monitor:"
-        /sbin/ethtool -K eth0 sg off
-        /usr/sbin/qubes-netwatcher &
-        success
-        echo ""
-    fi
-	return 0
-}
-
-stop()
-{
-    if [ -r "$PIDFILE" ]; then
-        echo -n "Stopping Qubes Network monitor:"
-        kill -9 $(cat $PIDFILE) 2>/dev/null  && success || failure
-        echo ""
-    fi
-	return 0
-}
-
-case "$1" in
-  start)
-	start
-	;;
-  stop)
-	stop
-	;;
-  *)
-	echo $"Usage: $0 {start|stop}"
-	exit 3
-	;;
-esac
-
-exit $RETVAL
--- a/vm-systemd/75-qubes-vm.preset
+++ b/vm-systemd/75-qubes-vm.preset
@ -68,7 +68,6 @@ enable qubes-network.service
 enable qubes-qrexec-agent.service
 enable qubes-mount-dirs.service
 enable qubes-firewall.service
-enable qubes-netwatcher.service
 enable qubes-meminfo-writer.service
 enable qubes-iptables.service
 enable haveged.service
--- a/vm-systemd/qubes-netwatcher.service
+++ b/vm-systemd/qubes-netwatcher.service
@ -1,11 +0,0 @@
-[Unit]
-Description=Qubes network monitor
-ConditionPathExists=/var/run/qubes-service/qubes-netwatcher
-After=network-pre.target qubes-firewall.service
-
-[Service]
-ExecStart=/usr/sbin/qubes-netwatcher
-StandardOutput=syslog
-
-[Install]
-WantedBy=multi-user.target
--- a/vm-systemd/qubes-sysinit.sh
+++ b/vm-systemd/qubes-sysinit.sh
@ -2,7 +2,7 @@

 # List of services enabled by default (in case of absence of qubesdb entry)
 DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy"
-DEFAULT_ENABLED_PROXYVM="qubes-network qubes-firewall qubes-netwatcher qubes-update-check"
+DEFAULT_ENABLED_PROXYVM="qubes-network qubes-firewall qubes-update-check"
 DEFAULT_ENABLED_APPVM="cups qubes-update-check"
 DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup"
 DEFAULT_ENABLED=""