Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

network: remove qubes-netwatcher

Browse Source 
This tool/service is obsolete for a long time (it does nothing on R3.0
and later).
This commit is contained in:
Marek Marczykowski-Górecki 2016-09-12 05:31:02 +02:00
parent ee0a292b21
commit 2c8fe644f3
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
10 changed files with 12 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Makefile
View File

@ -105,7 +105,6 @@ install-sysvinit:
install vm-init.d/qubes-core-appvm $(DESTDIR)/etc/init.d/ install vm-init.d/qubes-core-appvm $(DESTDIR)/etc/init.d/
install vm-init.d/qubes-core-netvm $(DESTDIR)/etc/init.d/ install vm-init.d/qubes-core-netvm $(DESTDIR)/etc/init.d/
install vm-init.d/qubes-firewall $(DESTDIR)/etc/init.d/ install vm-init.d/qubes-firewall $(DESTDIR)/etc/init.d/
install vm-init.d/qubes-netwatcher $(DESTDIR)/etc/init.d/
install vm-init.d/qubes-qrexec-agent $(DESTDIR)/etc/init.d/ install vm-init.d/qubes-qrexec-agent $(DESTDIR)/etc/init.d/
install vm-init.d/qubes-updates-proxy $(DESTDIR)/etc/init.d/ install vm-init.d/qubes-updates-proxy $(DESTDIR)/etc/init.d/
install -D vm-init.d/qubes-core.modules $(DESTDIR)/etc/sysconfig/modules/qubes-core.modules install -D vm-init.d/qubes-core.modules $(DESTDIR)/etc/sysconfig/modules/qubes-core.modules
@ -203,10 +202,6 @@ install-common:
install -m 0400 -D network/ip6tables $(DESTDIR)/etc/qubes/ip6tables.rules install -m 0400 -D network/ip6tables $(DESTDIR)/etc/qubes/ip6tables.rules
install -m 0755 network/update-proxy-configs $(DESTDIR)$(LIBDIR)/qubes/ install -m 0755 network/update-proxy-configs $(DESTDIR)$(LIBDIR)/qubes/
install -d $(DESTDIR)/$(SBINDIR)
install network/qubes-netwatcher $(DESTDIR)/$(SBINDIR)/
install -d $(DESTDIR)$(BINDIR) install -d $(DESTDIR)$(BINDIR)
install -m 0755 misc/qubes-session-autostart $(DESTDIR)$(BINDIR)/qubes-session-autostart install -m 0755 misc/qubes-session-autostart $(DESTDIR)$(BINDIR)/qubes-session-autostart
install -m 0755 misc/qvm-features-request $(DESTDIR)$(BINDIR)/qvm-features-request install -m 0755 misc/qvm-features-request $(DESTDIR)$(BINDIR)/qvm-features-request

1
archlinux/PKGBUILD
View File

@ -60,7 +60,6 @@ sed 's:#!/usr/bin/env python:#!/usr/bin/env python2:' -i qubes-rpc/*
# Fix for archlinux sbindir # Fix for archlinux sbindir
sed 's:/usr/sbin/ntpdate:/usr/bin/ntpdate:g' -i qubes-rpc/sync-ntp-clock sed 's:/usr/sbin/ntpdate:/usr/bin/ntpdate:g' -i qubes-rpc/sync-ntp-clock
sed 's:/usr/sbin/qubes-netwatcher:/usr/bin/qubes-netwatcher:g' -i vm-systemd/qubes-netwatcher.service
sed 's:/usr/sbin/qubes-firewall:/usr/bin/qubes-firewall:g' -i vm-systemd/qubes-firewall.service sed 's:/usr/sbin/qubes-firewall:/usr/bin/qubes-firewall:g' -i vm-systemd/qubes-firewall.service
for dir in qubes-rpc qrexec misc; do for dir in qubes-rpc qrexec misc; do

4
archlinux/PKGBUILD.install
View File

@ -158,7 +158,7 @@ if [ $1 -eq 1 ]; then
systemctl --no-reload preset-all 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1 systemctl --no-reload preset-all 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1
else else
services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs" services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs"
services="$services qubes-netwatcher qubes-network qubes-sysinit" services="$services qubes-network qubes-sysinit"
services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent" services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent"
services="$services qubes-random-seed" services="$services qubes-random-seed"
for srv in $services; do for srv in $services; do
@ -357,7 +357,7 @@ post_remove() {
rm -rf /var/lib/qubes/xdg rm -rf /var/lib/qubes/xdg
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-network qubes-qrexec-agent; do
systemctl disable $srv.service systemctl disable $srv.service
done done

2
debian/qubes-core-agent.postrm vendored
View File

@ -43,7 +43,7 @@ if [ "${1}" = "remove" ] ; then
rm /lib/firmware/updates rm /lib/firmware/updates
fi fi
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-qrexec-agent; do for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-network qubes-qrexec-agent; do
systemctl disable ${srv}.service systemctl disable ${srv}.service
done done
fi fi

31
network/qubes-netwatcher
View File

@ -1,31 +0,0 @@
#!/bin/sh
set -e
PIDFILE=/var/run/qubes/qubes-netwatcher.pid
CURR_NETCFG=""
# PIDfile handling
[ -e "$PIDFILE" ] && kill -s 0 $(cat "$PIDFILE") 2>/dev/null && exit 0
echo $$ >$PIDFILE
trap 'exit 0' TERM
while true; do
NET_DOMID=$(xenstore-read qubes-netvm-domid || :)
if [ -n "$NET_DOMID" ] && [ $NET_DOMID -gt 0 ]; then
UNTRUSTED_NETCFG=$(xenstore-read /local/domain/$NET_DOMID/qubes-netvm-external-ip || :)
# UNTRUSTED_NETCFG is not parsed in any way
# thus, no sanitization ready
# but be careful when passing it to other shell scripts
if [ "$UNTRUSTED_NETCFG" != "$CURR_NETCFG" ]; then
/sbin/service qubes-firewall stop
/sbin/service qubes-firewall start
CURR_NETCFG="$UNTRUSTED_NETCFG"
xenstore-write qubes-netvm-external-ip "$CURR_NETCFG"
fi
xenstore-watch -n 3 /local/domain/$NET_DOMID/qubes-netvm-external-ip qubes-netvm-domid
else
xenstore-watch -n 2 qubes-netvm-domid
fi
done

16
rpm_spec/core-vm.spec
View File

@ -430,7 +430,6 @@ rm -f %{name}-%{version}
/usr/lib/dracut/dracut.conf.d/30-qubes.conf /usr/lib/dracut/dracut.conf.d/30-qubes.conf
/usr/lib/python2.7/site-packages/qubesxdg.py* /usr/lib/python2.7/site-packages/qubesxdg.py*
/usr/sbin/qubes-firewall /usr/sbin/qubes-firewall
/usr/sbin/qubes-netwatcher
/usr/share/qubes/serial.conf /usr/share/qubes/serial.conf
/usr/share/glib-2.0/schemas/org.gnome.settings-daemon.plugins.updates.gschema.override /usr/share/glib-2.0/schemas/org.gnome.settings-daemon.plugins.updates.gschema.override
/usr/share/glib-2.0/schemas/org.gnome.nautilus.gschema.override /usr/share/glib-2.0/schemas/org.gnome.nautilus.gschema.override
@ -476,7 +475,6 @@ The Qubes core startup configuration for SysV init (or upstart).
/etc/init.d/qubes-core-appvm /etc/init.d/qubes-core-appvm
/etc/init.d/qubes-core-netvm /etc/init.d/qubes-core-netvm
/etc/init.d/qubes-firewall /etc/init.d/qubes-firewall
/etc/init.d/qubes-netwatcher
/etc/init.d/qubes-iptables /etc/init.d/qubes-iptables
/etc/init.d/qubes-updates-proxy /etc/init.d/qubes-updates-proxy
/etc/init.d/qubes-qrexec-agent /etc/init.d/qubes-qrexec-agent
@ -511,8 +509,6 @@ chkconfig --add qubes-core-appvm || echo "WARNING: Cannot add service qubes-core
chkconfig qubes-core-appvm on || echo "WARNING: Cannot enable service qubes-core-appvm!" chkconfig qubes-core-appvm on || echo "WARNING: Cannot enable service qubes-core-appvm!"
chkconfig --add qubes-firewall || echo "WARNING: Cannot add service qubes-firewall!" chkconfig --add qubes-firewall || echo "WARNING: Cannot add service qubes-firewall!"
chkconfig qubes-firewall on || echo "WARNING: Cannot enable service qubes-firewall!" chkconfig qubes-firewall on || echo "WARNING: Cannot enable service qubes-firewall!"
chkconfig --add qubes-netwatcher || echo "WARNING: Cannot add service qubes-netwatcher!"
chkconfig qubes-netwatcher on || echo "WARNING: Cannot enable service qubes-netwatcher!"
chkconfig --add qubes-iptables || echo "WARNING: Cannot add service qubes-iptables!" chkconfig --add qubes-iptables || echo "WARNING: Cannot add service qubes-iptables!"
chkconfig qubes-iptables on || echo "WARNING: Cannot enable service qubes-iptables!" chkconfig qubes-iptables on || echo "WARNING: Cannot enable service qubes-iptables!"
chkconfig --add qubes-updates-proxy || echo "WARNING: Cannot add service qubes-updates-proxy!" chkconfig --add qubes-updates-proxy || echo "WARNING: Cannot add service qubes-updates-proxy!"
@ -520,6 +516,9 @@ chkconfig qubes-updates-proxy on || echo "WARNING: Cannot enable service qubes-u
chkconfig --add qubes-qrexec-agent || echo "WARNING: Cannot add service qubes-qrexec-agent!" chkconfig --add qubes-qrexec-agent || echo "WARNING: Cannot add service qubes-qrexec-agent!"
chkconfig qubes-qrexec-agent on || echo "WARNING: Cannot enable service qubes-qrexec-agent!" chkconfig qubes-qrexec-agent on || echo "WARNING: Cannot enable service qubes-qrexec-agent!"
# dropped services
chkconfig qubes-netwatcher off || :
# TODO: make this not display the silly message about security context... # TODO: make this not display the silly message about security context...
sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab
@ -530,7 +529,6 @@ if [ "$1" = 0 ] ; then
chkconfig qubes-core-netvm off chkconfig qubes-core-netvm off
chkconfig qubes-core-appvm off chkconfig qubes-core-appvm off
chkconfig qubes-firewall off chkconfig qubes-firewall off
chkconfig qubes-netwatcher off
chkconfig qubes-updates-proxy off chkconfig qubes-updates-proxy off
chkconfig qubes-qrexec-agent off chkconfig qubes-qrexec-agent off
fi fi
@ -556,7 +554,6 @@ The Qubes core startup configuration for SystemD init.
/lib/systemd/system/qubes-misc-post.service /lib/systemd/system/qubes-misc-post.service
/lib/systemd/system/qubes-firewall.service /lib/systemd/system/qubes-firewall.service
/lib/systemd/system/qubes-mount-dirs.service /lib/systemd/system/qubes-mount-dirs.service
/lib/systemd/system/qubes-netwatcher.service
/lib/systemd/system/qubes-network.service /lib/systemd/system/qubes-network.service
/lib/systemd/system/qubes-iptables.service /lib/systemd/system/qubes-iptables.service
/lib/systemd/system/qubes-sysinit.service /lib/systemd/system/qubes-sysinit.service
@ -606,7 +603,7 @@ if [ $1 -eq 1 ]; then
/bin/systemctl --no-reload preset-all > /dev/null 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1 /bin/systemctl --no-reload preset-all > /dev/null 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1
else else
services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs" services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs"
services="$services qubes-netwatcher qubes-network qubes-sysinit" services="$services qubes-network qubes-sysinit"
services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent" services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent"
for srv in $services; do for srv in $services; do
/bin/systemctl --no-reload preset $srv.service /bin/systemctl --no-reload preset $srv.service
@ -621,6 +618,9 @@ else
fi fi
fi fi
# dropped services
/bin/systemctl disable qubes-netwatcher.service >/dev/null 2>&1 || :
# Set default "runlevel" # Set default "runlevel"
rm -f /etc/systemd/system/default.target rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
@ -663,6 +663,6 @@ if [ "$1" != 0 ] ; then
exit 0 exit 0
fi fi
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-network qubes-qrexec-agent; do
/bin/systemctl disable $srv.service /bin/systemctl disable $srv.service
do do

48
vm-init.d/qubes-netwatcher
View File

@ -1,48 +0,0 @@
#!/bin/bash
#
# chkconfig: 345 92 92
# description: Starts Qubes Network monitor
#
# Source function library.
. /etc/rc.d/init.d/functions
PIDFILE=/var/run/qubes/qubes-netwatcher.pid
start()
{
type=$(/usr/bin/qubesdb-read /qubes-vm-type)
start_netwatcher=$(/usr/bin/qubesdb-read /qubes-service/qubes-netwatcher 2>/dev/null)
if [ -z "$start_netwatcher" ] && [ "$type" == "ProxyVM" ] || [ "$start_netwatcher" == "1" ]; then
echo -n $"Starting Qubes Network monitor:"
/sbin/ethtool -K eth0 sg off
/usr/sbin/qubes-netwatcher &
success
echo ""
fi
return 0
}
stop()
{
if [ -r "$PIDFILE" ]; then
echo -n "Stopping Qubes Network monitor:"
kill -9 $(cat $PIDFILE) 2>/dev/null && success || failure
echo ""
fi
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
*)
echo $"Usage: $0 {start|stop}"
exit 3
;;
esac
exit $RETVAL

1
vm-systemd/75-qubes-vm.preset
View File

@ -68,7 +68,6 @@ enable qubes-network.service
enable qubes-qrexec-agent.service enable qubes-qrexec-agent.service
enable qubes-mount-dirs.service enable qubes-mount-dirs.service
enable qubes-firewall.service enable qubes-firewall.service
enable qubes-netwatcher.service
enable qubes-meminfo-writer.service enable qubes-meminfo-writer.service
enable qubes-iptables.service enable qubes-iptables.service
enable haveged.service enable haveged.service

11
vm-systemd/qubes-netwatcher.service
View File

@ -1,11 +0,0 @@
[Unit]
Description=Qubes network monitor
ConditionPathExists=/var/run/qubes-service/qubes-netwatcher
After=network-pre.target qubes-firewall.service
[Service]
ExecStart=/usr/sbin/qubes-netwatcher
StandardOutput=syslog
[Install]
WantedBy=multi-user.target

2
vm-systemd/qubes-sysinit.sh
View File

@ -2,7 +2,7 @@
# List of services enabled by default (in case of absence of qubesdb entry) # List of services enabled by default (in case of absence of qubesdb entry)
DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy" DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy"
DEFAULT_ENABLED_PROXYVM="qubes-network qubes-firewall qubes-netwatcher qubes-update-check" DEFAULT_ENABLED_PROXYVM="qubes-network qubes-firewall qubes-update-check"
DEFAULT_ENABLED_APPVM="cups qubes-update-check" DEFAULT_ENABLED_APPVM="cups qubes-update-check"
DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup" DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup"
DEFAULT_ENABLED="" DEFAULT_ENABLED=""