From 377e0b4cd4f5e2a3830339371630ead861ad0602 Mon Sep 17 00:00:00 2001
From: Matt McCutchen <matt@mattmccutchen.net>
Date: Sat, 7 Feb 2015 18:08:26 -0500
Subject: [PATCH] Switch to preset file for systemd units to disable.

---
 Makefile                      |  3 ++-
 rpm_spec/core-vm.spec         | 27 +++++++++----------
 vm-systemd/75-qubes-vm.preset | 51 +++++++++++++++++++++++++++++++++++
 3 files changed, 66 insertions(+), 15 deletions(-)
 create mode 100644 vm-systemd/75-qubes-vm.preset

diff --git a/Makefile b/Makefile
index 1b53112..4068121 100644
--- a/Makefile
+++ b/Makefile
@@ -46,10 +46,11 @@ all:
 	make -C qubes-rpc
 
 install-systemd:
-	install -d $(DESTDIR)$(SYSLIBDIR)/systemd/system $(DESTDIR)$(LIBDIR)/qubes/init $(DESTDIR)$(SYSLIBDIR)/modules-load.d
+	install -d $(DESTDIR)$(SYSLIBDIR)/systemd/system{,-preset} $(DESTDIR)$(LIBDIR)/qubes/init $(DESTDIR)$(SYSLIBDIR)/modules-load.d
 	install -m 0755 vm-systemd/*.sh $(DESTDIR)$(LIBDIR)/qubes/init/
 	install -m 0644 vm-systemd/qubes-*.service $(DESTDIR)$(SYSLIBDIR)/systemd/system/
 	install -m 0644 vm-systemd/qubes-*.timer $(DESTDIR)$(SYSLIBDIR)/systemd/system/
+	install -m 0644 vm-systemd/75-qubes-vm.preset $(DESTDIR)$(SYSLIBDIR)/systemd/system-preset/
 	install -m 0644 vm-systemd/ModemManager.service $(DESTDIR)$(LIBDIR)/qubes/init/
 	install -m 0644 vm-systemd/NetworkManager.service $(DESTDIR)$(LIBDIR)/qubes/init/
 	install -m 0644 vm-systemd/NetworkManager-wait-online.service $(DESTDIR)$(LIBDIR)/qubes/init/
diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec
index 03d92f8..3584c25 100644
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@@ -547,6 +547,7 @@ The Qubes core startup configuration for SystemD init.
 /lib/systemd/system/qubes-update-check.timer
 /lib/systemd/system/qubes-updates-proxy.service
 /lib/systemd/system/qubes-qrexec-agent.service
+/lib/systemd/system-preset/75-qubes-vm.preset
 /lib/modules-load.d/qubes-core.conf
 /lib/modules-load.d/qubes-misc.conf
 %dir /usr/lib/qubes/init
@@ -583,21 +584,19 @@ done
 rm -f /etc/systemd/system/default.target
 ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
 
-DISABLE_SERVICES="alsa-store alsa-restore auditd avahi avahi-daemon backuppc cpuspeed"
-DISABLE_SERVICES="$DISABLE_SERVICES fedora-autorelabel fedora-autorelabel-mark ipmi hwclock-load hwclock-save"
-DISABLE_SERVICES="$DISABLE_SERVICES mdmonitor multipathd openct rpcbind mcelog fedora-storage-init fedora-storage-init-late"
-DISABLE_SERVICES="$DISABLE_SERVICES plymouth-start plymouth-read-write plymouth-quit plymouth-quit-wait"
-DISABLE_SERVICES="$DISABLE_SERVICES sshd tcsd sm-client sendmail mdmonitor-takeover"
-DISABLE_SERVICES="$DISABLE_SERVICES rngd smartd upower irqbalance colord"
-for srv in $DISABLE_SERVICES; do
-    if [ -f /lib/systemd/system/$srv.service ]; then
-        if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then
-            /bin/systemctl --no-reload disable $srv.service 2> /dev/null
-        else
-            # forcibly disable
-            ln -sf /dev/null /etc/systemd/system/$srv.service
+grep '^[[:space:]]*[^#;]' /lib/systemd/system-preset/75-qubes-vm.preset | while read action unit_name; do
+    case "$action" in
+    (disable)
+        if [ -f /lib/systemd/system/$unit_name.service ]; then
+            if fgrep -q '[Install]' /lib/systemd/system/$unit_name; then
+                /bin/systemctl --no-reload preset $unit_name 2> /dev/null
+            else
+                # forcibly disable
+                ln -sf /dev/null /etc/systemd/system/$unit_name
+            fi
         fi
-    fi
+        ;;
+    esac
 done
 
 rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
diff --git a/vm-systemd/75-qubes-vm.preset b/vm-systemd/75-qubes-vm.preset
new file mode 100644
index 0000000..7887d05
--- /dev/null
+++ b/vm-systemd/75-qubes-vm.preset
@@ -0,0 +1,51 @@
+# Units that should not run by default in Qubes VMs.
+#
+# This file is part of the qubes-core-vm-systemd package.  To ensure that the
+# default configuration is applied to all units in the list regardless of
+# package installation order, including units added to the list by
+# qubes-core-vm-systemd upgrades, all units in the list are preset by a
+# scriptlet every time qubes-core-vm-systemd is installed or upgraded.  That
+# means that to permanently enable a unit with an [Install] section, you must
+# create your own higher-priority preset file.  (It might be possible to be
+# smarter and keep a list of units previously preset, but this is not
+# implemented.)
+#
+# For units below with no [Install] section, the scriptlet masks them instead.
+# Qubes currently does not provide a way to permanently prevent such units from
+# being masked.
+#
+# https://groups.google.com/d/topic/qubes-users/dpM_GHfmEOk/discussion
+
+disable alsa-store.service
+disable alsa-restore.service
+disable auditd.service
+disable avahi.service
+disable avahi-daemon.service
+disable backuppc.service
+disable cpuspeed.service
+disable fedora-autorelabel.service
+disable fedora-autorelabel-mark.service
+disable ipmi.service
+disable hwclock-load.service
+disable hwclock-save.service
+disable mdmonitor.service
+disable multipathd.service
+disable openct.service
+disable rpcbind.service
+disable mcelog.service
+disable fedora-storage-init.service
+disable fedora-storage-init-late.service
+disable plymouth-start.service
+disable plymouth-read-write.service
+disable plymouth-quit.service
+disable plymouth-quit-wait.service
+disable sshd.service
+disable tcsd.service
+disable sm-client.service
+disable sendmail.service
+disable mdmonitor-takeover.service
+disable rngd.service
+disable smartd.service
+disable upower.service
+disable irqbalance.service
+disable colord.service