Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

debian: make haveged.service patch less intrusive...

Browse Source 
...but installed on all Debian versions. This is mostly required by
vebose file list in debian/qubes-core-agent.install. But also make it
use new options when upstream will set them.

QubesOS/qubes-issues#2161
This commit is contained in:
Marek Marczykowski-Górecki 2017-05-22 17:30:06 +02:00
parent 8e505c5b0e
commit 34fa6e7ced
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
3 changed files with 5 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Makefile
View File

@ -287,11 +287,6 @@ else
install -m 0644 misc/py2/qubesxdg.py* $(DESTDIR)/$(PYTHON2_SITELIB)/
endif
ifneq (,$(filter xenial stretch, $(shell lsb_release -cs)))
mkdir -p $(DESTDIR)/etc/systemd/system/
install -m 0644 vm-systemd/haveged.service $(DESTDIR)/etc/systemd/system/
endif
install -d $(DESTDIR)/mnt/removable
install -D -m 0644 misc/xorg-preload-apps.conf $(DESTDIR)/etc/X11/xorg-preload-apps.conf
@ -318,5 +313,7 @@ install-deb: install-common install-systemd install-systemd-dropins
install -d $(DESTDIR)/etc/needrestart/conf.d
install -D -m 0644 misc/50_qubes.conf $(DESTDIR)/etc/needrestart/conf.d/50_qubes.conf
mkdir -p $(DESTDIR)/etc/systemd/system/
install -m 0644 vm-systemd/haveged.service $(DESTDIR)/etc/systemd/system/
install-vm: install-rh install-common

1
debian/qubes-core-agent.install vendored
View File

@ -43,6 +43,7 @@ etc/sudoers.d/qubes
etc/sudoers.d/umask
etc/sysctl.d/20_tcp_timestamps.conf
etc/sysctl.d/80-qubes.conf
etc/systemd/system/haveged.service
etc/tinyproxy/tinyproxy-updates.conf
etc/tinyproxy/updates-blacklist
etc/udev/rules.d/50-qubes-misc.rules

21
vm-systemd/haveged.service
View File

@ -1,22 +1,5 @@
[Unit]
Description=Entropy daemon using the HAVEGE algorithm
Documentation=man:haveged(8) http://www.issihosts.com/haveged/
DefaultDependencies=no
ConditionVirtualization=!container
After=apparmor.service systemd-random-seed.service systemd-tmpfiles-setup.service
[Service]
EnvironmentFile=/etc/default/haveged
ExecStart=/usr/sbin/haveged --Foreground --verbose=1 $DAEMON_ARGS
SuccessExitStatus=143
SecureBits=noroot-locked
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_SYS_ADMIN
PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
ProtectSystem=full
ProtectHome=yes
.include /lib/systemd/system/haveged.service
[Install]
WantedBy=
WantedBy=multi-user.target