From 4365b7b2709b42f00fc42882d4732e756a12c058 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Thu, 31 May 2012 02:37:53 +0200 Subject: [PATCH] vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy (#568) The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it is reasonable to bypass the proxy. Some examples: - usage of non-standard repos with some exotic file layout, which will be blocked by the proxy - usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM) This commit introduces 'yum-proxy-setup' pseudo-service, which can be controlled via standard qvm-service or qubes-manager. When enabled - yum will be configured at VM startup to use qubes proxy, otherwise - to connect directly (proxy setting will be cleared). --- rpm_spec/core-vm.spec | 10 ++++++++++ vm-init.d/qubes_core | 7 +++++++ vm-systemd/misc-post.sh | 6 ++++++ 3 files changed, 23 insertions(+) diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index 10da4d2..06004ea 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -131,6 +131,9 @@ install -m 0644 -D network/iptables $RPM_BUILD_ROOT/etc/sysconfig/iptables install -m 0644 -D network/tinyproxy-qubes-yum.conf $RPM_BUILD_ROOT/etc/tinyproxy/tinyproxy-qubes-yum.conf install -m 0644 -D network/filter-qubes-yum $RPM_BUILD_ROOT/etc/tinyproxy/filter-qubes-yum +install -d $RPM_BUILD_ROOT/etc/yum.conf.d +touch $RPM_BUILD_ROOT/etc/yum.conf.d/qubes-proxy.conf + install -d $RPM_BUILD_ROOT/usr/sbin install network/qubes_firewall $RPM_BUILD_ROOT/usr/sbin/ install network/qubes_netwatcher $RPM_BUILD_ROOT/usr/sbin/ @@ -236,6 +239,12 @@ fi # Remove ip_forward setting from sysctl, so NM will not reset it sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf +if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf'; then + echo >> /etc/yum.conf + echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf + echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf +fi + # Prevent unnecessary updates in VMs: sed -i -e '/^exclude = kernel/d' /etc/yum.conf echo 'exclude = kernel, xorg-x11-drv-*, xorg-x11-drivers, xorg-x11-server-*' >> /etc/yum.conf @@ -343,6 +352,7 @@ rm -rf $RPM_BUILD_ROOT /etc/udev/rules.d/99-qubes_block.rules /etc/udev/rules.d/99-qubes_network.rules /etc/xen/scripts/vif-route-qubes +/etc/yum.conf.d/qubes-proxy.conf /etc/yum.repos.d/qubes.repo /etc/yum/post-actions/qubes_trigger_sync_appmenus.action /lib/firmware/updates diff --git a/vm-init.d/qubes_core b/vm-init.d/qubes_core index 7193d38..de194f8 100755 --- a/vm-init.d/qubes_core +++ b/vm-init.d/qubes_core @@ -36,6 +36,13 @@ start() echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock fi + yum_proxy_setup=$(/usr/bin/xenstore-read qubes-service/yum-proxy-setup 2> /dev/null) + if [ "$yum_proxy_setup" != "0" ]; then + echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf + else + echo > /etc/yum.conf.d/qubes-proxy.conf + fi + # Set IP address again (besides action in udev rules); this is needed by # DispVM (to override DispVM-template IP) and in case when qubes_ip was # called by udev before loading evtchn kernel module - in which case diff --git a/vm-systemd/misc-post.sh b/vm-systemd/misc-post.sh index 9ebdf2e..dbefd43 100755 --- a/vm-systemd/misc-post.sh +++ b/vm-systemd/misc-post.sh @@ -1,5 +1,11 @@ #!/bin/sh +if [ -f /var/run/qubes-service/yum-proxy-setup ]; then + echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf +else + echo > /etc/yum.conf.d/qubes-proxy.conf +fi + # Set IP address again (besides action in udev rules); this is needed by # DispVM (to override DispVM-template IP) and in case when qubes_ip was # called by udev before loading evtchn kernel module - in which case