diff --git a/Makefile b/Makefile index 63a77aa..44e4a09 100644 --- a/Makefile +++ b/Makefile @@ -120,9 +120,9 @@ install-common: install -D network/vif-route-qubes $(DESTDIR)/etc/xen/scripts/vif-route-qubes install -m 0400 -D network/iptables $(DESTDIR)/etc/sysconfig/iptables install -m 0400 -D network/ip6tables $(DESTDIR)/etc/sysconfig/ip6tables - install -m 0644 -D network/tinyproxy-qubes-yum.conf $(DESTDIR)/etc/tinyproxy/tinyproxy-qubes-yum.conf - install -m 0644 -D network/filter-qubes-yum $(DESTDIR)/etc/tinyproxy/filter-qubes-yum - install -m 0755 -D network/iptables-yum-proxy $(DESTDIR)/usr/lib/qubes/iptables-yum-proxy + install -m 0644 -D network/tinyproxy-updates.conf $(DESTDIR)/etc/tinyproxy/tinyproxy-updates.conf + install -m 0644 -D network/filter-updates $(DESTDIR)/etc/tinyproxy/filter-updates + install -m 0755 -D network/iptables-updates-proxy $(DESTDIR)/usr/lib/qubes/iptables-updates-proxy install -d $(DESTDIR)/etc/xdg/autostart install -m 0755 network/show-hide-nm-applet.sh $(DESTDIR)/usr/lib/qubes/show-hide-nm-applet.sh install -m 0644 network/show-hide-nm-applet.desktop $(DESTDIR)/etc/xdg/autostart/00-qubes-show-hide-nm-applet.desktop diff --git a/network/filter-qubes-yum b/network/filter-updates similarity index 100% rename from network/filter-qubes-yum rename to network/filter-updates diff --git a/network/iptables-yum-proxy b/network/iptables-updates-proxy similarity index 100% rename from network/iptables-yum-proxy rename to network/iptables-updates-proxy diff --git a/network/tinyproxy-qubes-yum.conf b/network/tinyproxy-updates.conf similarity index 82% rename from network/tinyproxy-qubes-yum.conf rename to network/tinyproxy-updates.conf index 43b5082..110b96e 100644 --- a/network/tinyproxy-qubes-yum.conf +++ b/network/tinyproxy-updates.conf @@ -8,7 +8,7 @@ DefaultErrorFile "/usr/share/tinyproxy/default.html" StatFile "/usr/share/tinyproxy/stats.html" Syslog On LogLevel Notice -PidFile "/var/run/tinyproxy/tinyproxy-qubes-yum.pid" +PidFile "/var/run/tinyproxy/tinyproxy-updates.pid" MaxClients 50 MinSpareServers 2 @@ -21,7 +21,7 @@ Allow 127.0.0.1 Allow 10.137.0.0/16 -Filter "/etc/tinyproxy/filter-qubes-yum" +Filter "/etc/tinyproxy/filter-updates" FilterURLs On #FilterExtended On #FilterCaseSensitive On diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index 323e93a..0bf9ee7 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -325,8 +325,8 @@ rm -f %{name}-%{version} %config(noreplace) /etc/sysconfig/ip6tables /etc/sysconfig/modules/qubes-core.modules /etc/sysconfig/modules/qubes-misc.modules -%config(noreplace) /etc/tinyproxy/filter-qubes-yum -%config(noreplace) /etc/tinyproxy/tinyproxy-qubes-yum.conf +%config(noreplace) /etc/tinyproxy/filter-updates +%config(noreplace) /etc/tinyproxy/tinyproxy-updates.conf %config(noreplace) /etc/udev/rules.d/50-qubes-misc.rules %config(noreplace) /etc/udev/rules.d/99-qubes-network.rules /etc/xdg/autostart/00-qubes-show-hide-nm-applet.desktop @@ -372,7 +372,7 @@ rm -f %{name}-%{version} /usr/lib/qubes/tar2qfile /usr/lib/qubes/vm-file-editor /usr/lib/qubes/wrap-in-html-if-url.sh -/usr/lib/qubes/iptables-yum-proxy +/usr/lib/qubes/iptables-updates-proxy /usr/lib/qubes/close-window /usr/lib/yum-plugins/yum-qubes-hooks.py* /usr/sbin/qubes-firewall @@ -407,7 +407,7 @@ The Qubes core startup configuration for SysV init (or upstart). /etc/init.d/qubes-core-netvm /etc/init.d/qubes-firewall /etc/init.d/qubes-netwatcher -/etc/init.d/qubes-yum-proxy +/etc/init.d/qubes-updates-proxy /etc/init.d/qubes-qrexec-agent %post sysvinit @@ -442,8 +442,8 @@ chkconfig --add qubes-firewall || echo "WARNING: Cannot add service qubes-firewa chkconfig qubes-firewall on || echo "WARNING: Cannot enable service qubes-firewall!" chkconfig --add qubes-netwatcher || echo "WARNING: Cannot add service qubes-netwatcher!" chkconfig qubes-netwatcher on || echo "WARNING: Cannot enable service qubes-netwatcher!" -chkconfig --add qubes-yum-proxy || echo "WARNING: Cannot add service qubes-yum-proxy!" -chkconfig qubes-yum-proxy on || echo "WARNING: Cannot enable service qubes-yum-proxy!" +chkconfig --add qubes-updates-proxy || echo "WARNING: Cannot add service qubes-updates-proxy!" +chkconfig qubes-updates-proxy on || echo "WARNING: Cannot enable service qubes-updates-proxy!" chkconfig --add qubes-qrexec-agent || echo "WARNING: Cannot add service qubes-qrexec-agent!" chkconfig qubes-qrexec-agent on || echo "WARNING: Cannot enable service qubes-qrexec-agent!" @@ -458,7 +458,7 @@ if [ "$1" = 0 ] ; then chkconfig qubes-core-appvm off chkconfig qubes-firewall off chkconfig qubes-netwatcher off - chkconfig qubes-yum-proxy off + chkconfig qubes-updates-proxy off chkconfig qubes-qrexec-agent off fi @@ -487,7 +487,7 @@ The Qubes core startup configuration for SystemD init. /lib/systemd/system/qubes-sysinit.service /lib/systemd/system/qubes-update-check.service /lib/systemd/system/qubes-update-check.timer -/lib/systemd/system/qubes-yum-proxy.service +/lib/systemd/system/qubes-updates-proxy.service /lib/systemd/system/qubes-qrexec-agent.service %dir /usr/lib/qubes/init /usr/lib/qubes/init/prepare-dvm.sh @@ -512,7 +512,7 @@ The Qubes core startup configuration for SystemD init. %post systemd -for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-yum-proxy qubes-qrexec-agent; do +for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-updates-proxy qubes-qrexec-agent; do /bin/systemctl enable $srv.service 2> /dev/null done diff --git a/vm-init.d/qubes-yum-proxy b/vm-init.d/qubes-updates-proxy similarity index 76% rename from vm-init.d/qubes-yum-proxy rename to vm-init.d/qubes-updates-proxy index 00a3634..577a386 100755 --- a/vm-init.d/qubes-yum-proxy +++ b/vm-init.d/qubes-updates-proxy @@ -1,14 +1,14 @@ #!/bin/sh # -# tinyproxy Startup script for the tinyproxy server as Qubes yum proxy +# tinyproxy Startup script for the tinyproxy server as Qubes updates proxy # # chkconfig: - 85 15 # description: small, efficient HTTP/SSL proxy daemon # # processname: tinyproxy -# config: /etc/tinyproxy/tinyproxy-qubes-yum.conf -# config: /etc/sysconfig/tinyproxy-qubes-yum -# pidfile: /var/run/tinyproxy/tinyproxy-qubes-yum.pid +# config: /etc/tinyproxy/tinyproxy-updates.conf +# config: /etc/sysconfig/tinyproxy-updates +# pidfile: /var/run/tinyproxy/tinyproxy-updates.pid # # Note: pidfile is created by tinyproxy in its config # see PidFile in the configuration file. @@ -24,17 +24,17 @@ exec="/usr/sbin/tinyproxy" prog=$(basename $exec) -config="/etc/tinyproxy/tinyproxy-qubes-yum.conf" -pidfile="/var/run/tinyproxy/tinyproxy-qubes-yum.pid" +config="/etc/tinyproxy/tinyproxy-updates.conf" +pidfile="/var/run/tinyproxy/tinyproxy-updates.pid" -[ -e /etc/sysconfig/tinyproxy-qubes-yum ] && . /etc/sysconfig/tinyproxy-qubes-yum +[ -e /etc/sysconfig/tinyproxy-updates ] && . /etc/sysconfig/tinyproxy-updates -lockfile=/var/lock/subsys/tinyproxy-qubes-yum +lockfile=/var/lock/subsys/tinyproxy-updates start() { type=`/usr/bin/xenstore-read qubes-vm-type` - start_yum_proxy=`/usr/bin/xenstore-read qubes-service/qubes-yum-proxy 2>/dev/null` - if [ -z "$start_yum_proxy" ] && [ "$type" != "NetVM" ] || [ "$start_yum_proxy" != "1" ]; then + start_updates_proxy=`/usr/bin/xenstore-read qubes-service/qubes-updates-proxy 2>/dev/null` + if [ -z "$start_updates_proxy" ] && [ "$type" != "NetVM" ] || [ "$start_updates_proxy" != "1" ]; then # Yum proxy disabled exit 0 fi @@ -45,7 +45,7 @@ start() { /sbin/iptables -I INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT /sbin/iptables -t nat -A PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT - echo -n $"Starting $prog (as Qubes yum proxy): " + echo -n $"Starting $prog (as Qubes updates proxy): " daemon $exec -c $config retval=$? echo diff --git a/vm-systemd/qubes-sysinit.sh b/vm-systemd/qubes-sysinit.sh index 17d9fde..6833682 100755 --- a/vm-systemd/qubes-sysinit.sh +++ b/vm-systemd/qubes-sysinit.sh @@ -1,7 +1,7 @@ #!/bin/sh # List of services enabled by default (in case of absence of xenstore entry) -DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-yum-proxy" +DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy" DEFAULT_ENABLED_PROXYVM="meminfo-writer qubes-network qubes-firewall qubes-netwatcher qubes-update-check" DEFAULT_ENABLED_APPVM="meminfo-writer cups qubes-update-check" DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM yum-proxy-setup" diff --git a/vm-systemd/qubes-updates-proxy.service b/vm-systemd/qubes-updates-proxy.service new file mode 100644 index 0000000..cb88922 --- /dev/null +++ b/vm-systemd/qubes-updates-proxy.service @@ -0,0 +1,16 @@ +[Unit] +Description=Qubes updates proxy (tinyproxy) +ConditionPathExists=|/var/run/qubes-service/qubes-yum-proxy +ConditionPathExists=|/var/run/qubes-service/qubes-updates-proxy +After=iptables.service + +[Service] +ExecStartPre=/usr/bin/install -d --owner tinyproxy --group tinyproxy /var/run/tinyproxy +ExecStartPre=/usr/lib/qubes/iptables-updates-proxy start +ExecStart=/usr/sbin/tinyproxy -d -c /etc/tinyproxy/tinyproxy-updates.conf +ExecStopPost=/usr/lib/qubes/iptables-updates-proxy stop +Restart=on-failure +RestartSec=5s + +[Install] +WantedBy=multi-user.target diff --git a/vm-systemd/qubes-yum-proxy.service b/vm-systemd/qubes-yum-proxy.service deleted file mode 100644 index 379d3df..0000000 --- a/vm-systemd/qubes-yum-proxy.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Qubes yum proxy (tinyproxy) -ConditionPathExists=/var/run/qubes-service/qubes-yum-proxy -After=iptables.service - -[Service] -ExecStartPre=/usr/bin/install -d --owner tinyproxy --group tinyproxy /var/run/tinyproxy -ExecStartPre=/usr/lib/qubes/iptables-yum-proxy start -ExecStart=/usr/sbin/tinyproxy -d -c /etc/tinyproxy/tinyproxy-qubes-yum.conf -ExecStopPost=/usr/lib/qubes/iptables-yum-proxy stop -Restart=on-failure -RestartSec=5s - -[Install] -WantedBy=multi-user.target