From 2c8fe644f3f95a2901e6687854f419ebe517c81c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 12 Sep 2016 05:31:02 +0200 Subject: [PATCH] network: remove qubes-netwatcher This tool/service is obsolete for a long time (it does nothing on R3.0 and later). --- Makefile | 5 --- archlinux/PKGBUILD | 1 - archlinux/PKGBUILD.install | 4 +-- debian/qubes-core-agent.postrm | 2 +- network/qubes-netwatcher | 31 ------------------- rpm_spec/core-vm.spec | 16 +++++----- vm-init.d/qubes-netwatcher | 48 ----------------------------- vm-systemd/75-qubes-vm.preset | 1 - vm-systemd/qubes-netwatcher.service | 11 ------- vm-systemd/qubes-sysinit.sh | 2 +- 10 files changed, 12 insertions(+), 109 deletions(-) delete mode 100755 network/qubes-netwatcher delete mode 100755 vm-init.d/qubes-netwatcher delete mode 100644 vm-systemd/qubes-netwatcher.service diff --git a/Makefile b/Makefile index f31b28b..77f02e9 100644 --- a/Makefile +++ b/Makefile @@ -105,7 +105,6 @@ install-sysvinit: install vm-init.d/qubes-core-appvm $(DESTDIR)/etc/init.d/ install vm-init.d/qubes-core-netvm $(DESTDIR)/etc/init.d/ install vm-init.d/qubes-firewall $(DESTDIR)/etc/init.d/ - install vm-init.d/qubes-netwatcher $(DESTDIR)/etc/init.d/ install vm-init.d/qubes-qrexec-agent $(DESTDIR)/etc/init.d/ install vm-init.d/qubes-updates-proxy $(DESTDIR)/etc/init.d/ install -D vm-init.d/qubes-core.modules $(DESTDIR)/etc/sysconfig/modules/qubes-core.modules @@ -203,10 +202,6 @@ install-common: install -m 0400 -D network/ip6tables $(DESTDIR)/etc/qubes/ip6tables.rules install -m 0755 network/update-proxy-configs $(DESTDIR)$(LIBDIR)/qubes/ - - install -d $(DESTDIR)/$(SBINDIR) - install network/qubes-netwatcher $(DESTDIR)/$(SBINDIR)/ - install -d $(DESTDIR)$(BINDIR) install -m 0755 misc/qubes-session-autostart $(DESTDIR)$(BINDIR)/qubes-session-autostart install -m 0755 misc/qvm-features-request $(DESTDIR)$(BINDIR)/qvm-features-request diff --git a/archlinux/PKGBUILD b/archlinux/PKGBUILD index d315827..b51d604 100644 --- a/archlinux/PKGBUILD +++ b/archlinux/PKGBUILD @@ -60,7 +60,6 @@ sed 's:#!/usr/bin/env python:#!/usr/bin/env python2:' -i qubes-rpc/* # Fix for archlinux sbindir sed 's:/usr/sbin/ntpdate:/usr/bin/ntpdate:g' -i qubes-rpc/sync-ntp-clock -sed 's:/usr/sbin/qubes-netwatcher:/usr/bin/qubes-netwatcher:g' -i vm-systemd/qubes-netwatcher.service sed 's:/usr/sbin/qubes-firewall:/usr/bin/qubes-firewall:g' -i vm-systemd/qubes-firewall.service for dir in qubes-rpc qrexec misc; do diff --git a/archlinux/PKGBUILD.install b/archlinux/PKGBUILD.install index 4af2b3f..dff2c4d 100644 --- a/archlinux/PKGBUILD.install +++ b/archlinux/PKGBUILD.install @@ -158,7 +158,7 @@ if [ $1 -eq 1 ]; then systemctl --no-reload preset-all 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1 else services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs" - services="$services qubes-netwatcher qubes-network qubes-sysinit" + services="$services qubes-network qubes-sysinit" services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent" services="$services qubes-random-seed" for srv in $services; do @@ -357,7 +357,7 @@ post_remove() { rm -rf /var/lib/qubes/xdg - for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do + for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-network qubes-qrexec-agent; do systemctl disable $srv.service done diff --git a/debian/qubes-core-agent.postrm b/debian/qubes-core-agent.postrm index 91dcc21..c18702d 100755 --- a/debian/qubes-core-agent.postrm +++ b/debian/qubes-core-agent.postrm @@ -43,7 +43,7 @@ if [ "${1}" = "remove" ] ; then rm /lib/firmware/updates fi - for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-qrexec-agent; do + for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-network qubes-qrexec-agent; do systemctl disable ${srv}.service done fi diff --git a/network/qubes-netwatcher b/network/qubes-netwatcher deleted file mode 100755 index 3cd46be..0000000 --- a/network/qubes-netwatcher +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -set -e - -PIDFILE=/var/run/qubes/qubes-netwatcher.pid -CURR_NETCFG="" - -# PIDfile handling -[ -e "$PIDFILE" ] && kill -s 0 $(cat "$PIDFILE") 2>/dev/null && exit 0 -echo $$ >$PIDFILE - -trap 'exit 0' TERM - -while true; do - NET_DOMID=$(xenstore-read qubes-netvm-domid || :) - if [ -n "$NET_DOMID" ] && [ $NET_DOMID -gt 0 ]; then - UNTRUSTED_NETCFG=$(xenstore-read /local/domain/$NET_DOMID/qubes-netvm-external-ip || :) - # UNTRUSTED_NETCFG is not parsed in any way - # thus, no sanitization ready - # but be careful when passing it to other shell scripts - if [ "$UNTRUSTED_NETCFG" != "$CURR_NETCFG" ]; then - /sbin/service qubes-firewall stop - /sbin/service qubes-firewall start - CURR_NETCFG="$UNTRUSTED_NETCFG" - xenstore-write qubes-netvm-external-ip "$CURR_NETCFG" - fi - - xenstore-watch -n 3 /local/domain/$NET_DOMID/qubes-netvm-external-ip qubes-netvm-domid - else - xenstore-watch -n 2 qubes-netvm-domid - fi -done diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index e888fd6..c38bca9 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -430,7 +430,6 @@ rm -f %{name}-%{version} /usr/lib/dracut/dracut.conf.d/30-qubes.conf /usr/lib/python2.7/site-packages/qubesxdg.py* /usr/sbin/qubes-firewall -/usr/sbin/qubes-netwatcher /usr/share/qubes/serial.conf /usr/share/glib-2.0/schemas/org.gnome.settings-daemon.plugins.updates.gschema.override /usr/share/glib-2.0/schemas/org.gnome.nautilus.gschema.override @@ -476,7 +475,6 @@ The Qubes core startup configuration for SysV init (or upstart). /etc/init.d/qubes-core-appvm /etc/init.d/qubes-core-netvm /etc/init.d/qubes-firewall -/etc/init.d/qubes-netwatcher /etc/init.d/qubes-iptables /etc/init.d/qubes-updates-proxy /etc/init.d/qubes-qrexec-agent @@ -511,8 +509,6 @@ chkconfig --add qubes-core-appvm || echo "WARNING: Cannot add service qubes-core chkconfig qubes-core-appvm on || echo "WARNING: Cannot enable service qubes-core-appvm!" chkconfig --add qubes-firewall || echo "WARNING: Cannot add service qubes-firewall!" chkconfig qubes-firewall on || echo "WARNING: Cannot enable service qubes-firewall!" -chkconfig --add qubes-netwatcher || echo "WARNING: Cannot add service qubes-netwatcher!" -chkconfig qubes-netwatcher on || echo "WARNING: Cannot enable service qubes-netwatcher!" chkconfig --add qubes-iptables || echo "WARNING: Cannot add service qubes-iptables!" chkconfig qubes-iptables on || echo "WARNING: Cannot enable service qubes-iptables!" chkconfig --add qubes-updates-proxy || echo "WARNING: Cannot add service qubes-updates-proxy!" @@ -520,6 +516,9 @@ chkconfig qubes-updates-proxy on || echo "WARNING: Cannot enable service qubes-u chkconfig --add qubes-qrexec-agent || echo "WARNING: Cannot add service qubes-qrexec-agent!" chkconfig qubes-qrexec-agent on || echo "WARNING: Cannot enable service qubes-qrexec-agent!" +# dropped services +chkconfig qubes-netwatcher off || : + # TODO: make this not display the silly message about security context... sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab @@ -530,7 +529,6 @@ if [ "$1" = 0 ] ; then chkconfig qubes-core-netvm off chkconfig qubes-core-appvm off chkconfig qubes-firewall off - chkconfig qubes-netwatcher off chkconfig qubes-updates-proxy off chkconfig qubes-qrexec-agent off fi @@ -556,7 +554,6 @@ The Qubes core startup configuration for SystemD init. /lib/systemd/system/qubes-misc-post.service /lib/systemd/system/qubes-firewall.service /lib/systemd/system/qubes-mount-dirs.service -/lib/systemd/system/qubes-netwatcher.service /lib/systemd/system/qubes-network.service /lib/systemd/system/qubes-iptables.service /lib/systemd/system/qubes-sysinit.service @@ -606,7 +603,7 @@ if [ $1 -eq 1 ]; then /bin/systemctl --no-reload preset-all > /dev/null 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1 else services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs" - services="$services qubes-netwatcher qubes-network qubes-sysinit" + services="$services qubes-network qubes-sysinit" services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent" for srv in $services; do /bin/systemctl --no-reload preset $srv.service @@ -621,6 +618,9 @@ else fi fi +# dropped services +/bin/systemctl disable qubes-netwatcher.service >/dev/null 2>&1 || : + # Set default "runlevel" rm -f /etc/systemd/system/default.target ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target @@ -663,6 +663,6 @@ if [ "$1" != 0 ] ; then exit 0 fi -for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do +for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-network qubes-qrexec-agent; do /bin/systemctl disable $srv.service do diff --git a/vm-init.d/qubes-netwatcher b/vm-init.d/qubes-netwatcher deleted file mode 100755 index 316c271..0000000 --- a/vm-init.d/qubes-netwatcher +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# -# chkconfig: 345 92 92 -# description: Starts Qubes Network monitor -# -# Source function library. -. /etc/rc.d/init.d/functions - -PIDFILE=/var/run/qubes/qubes-netwatcher.pid - -start() -{ - type=$(/usr/bin/qubesdb-read /qubes-vm-type) - start_netwatcher=$(/usr/bin/qubesdb-read /qubes-service/qubes-netwatcher 2>/dev/null) - if [ -z "$start_netwatcher" ] && [ "$type" == "ProxyVM" ] || [ "$start_netwatcher" == "1" ]; then - echo -n $"Starting Qubes Network monitor:" - /sbin/ethtool -K eth0 sg off - /usr/sbin/qubes-netwatcher & - success - echo "" - fi - return 0 -} - -stop() -{ - if [ -r "$PIDFILE" ]; then - echo -n "Stopping Qubes Network monitor:" - kill -9 $(cat $PIDFILE) 2>/dev/null && success || failure - echo "" - fi - return 0 -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - *) - echo $"Usage: $0 {start|stop}" - exit 3 - ;; -esac - -exit $RETVAL diff --git a/vm-systemd/75-qubes-vm.preset b/vm-systemd/75-qubes-vm.preset index 54dbcfa..aed47f3 100644 --- a/vm-systemd/75-qubes-vm.preset +++ b/vm-systemd/75-qubes-vm.preset @@ -68,7 +68,6 @@ enable qubes-network.service enable qubes-qrexec-agent.service enable qubes-mount-dirs.service enable qubes-firewall.service -enable qubes-netwatcher.service enable qubes-meminfo-writer.service enable qubes-iptables.service enable haveged.service diff --git a/vm-systemd/qubes-netwatcher.service b/vm-systemd/qubes-netwatcher.service deleted file mode 100644 index e25359d..0000000 --- a/vm-systemd/qubes-netwatcher.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Qubes network monitor -ConditionPathExists=/var/run/qubes-service/qubes-netwatcher -After=network-pre.target qubes-firewall.service - -[Service] -ExecStart=/usr/sbin/qubes-netwatcher -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target diff --git a/vm-systemd/qubes-sysinit.sh b/vm-systemd/qubes-sysinit.sh index 503dfa9..b135b35 100755 --- a/vm-systemd/qubes-sysinit.sh +++ b/vm-systemd/qubes-sysinit.sh @@ -2,7 +2,7 @@ # List of services enabled by default (in case of absence of qubesdb entry) DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy" -DEFAULT_ENABLED_PROXYVM="qubes-network qubes-firewall qubes-netwatcher qubes-update-check" +DEFAULT_ENABLED_PROXYVM="qubes-network qubes-firewall qubes-update-check" DEFAULT_ENABLED_APPVM="cups qubes-update-check" DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup" DEFAULT_ENABLED=""