various patches for debian

this should enable debian based templates to be used as proxy/netvm

network/qubes-firewall

@@ -23,8 +23,8 @@ while true; do
 		TRIGGER=reload
 	else
 		# Wait for changes in xenstore file
-		/usr/bin/xenstore-watch-qubes $XENSTORE_IPTABLES
-		TRIGGER=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES)
+		xenstore-watch-qubes $XENSTORE_IPTABLES
+		TRIGGER=$(xenstore-read $XENSTORE_IPTABLES)
 	fi
 
 	if ! [ "$TRIGGER" = "reload" ]; then continue ; fi
@@ -34,19 +34,19 @@ while true; do
 	# during the time when the rules are being (re)applied
 	echo "0" > /proc/sys/net/ipv4/ip_forward
 
-	RULES=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES_HEADER)
-	IPTABLES_SAVE=$(/sbin/iptables-save | sed '/^\*filter/,/^COMMIT/d')
-	OUT=`echo -e "$RULES\n$IPTABLES_SAVE" | /sbin/iptables-restore 2>&1 || true`
+	RULES=$(xenstore-read $XENSTORE_IPTABLES_HEADER)
+	IPTABLES_SAVE=$(iptables-save | sed '/^\*filter/,/^COMMIT/d')
+	OUT=`echo -e "$RULES\n$IPTABLES_SAVE" | iptables-restore 2>&1 || true`
 
 	for i in $(xenstore-list qubes-iptables-domainrules) ; do
-		RULES=$(/usr/bin/xenstore-read qubes-iptables-domainrules/"$i")
-		ERRS=`echo -e "$RULES" | /sbin/iptables-restore -n 2>&1 || true`
+		RULES=$(xenstore-read qubes-iptables-domainrules/"$i")
+		ERRS=`echo -e "$RULES" | iptables-restore -n 2>&1 || true`
 		echo "Failed applying rules for $i: $ERRS" >&2
 		OUT="$OUT$ERRS"
 	done		
-	/usr/bin/xenstore-write $XENSTORE_ERROR "$OUT"
+	xenstore-write $XENSTORE_ERROR "$OUT"
 	if [ "$OUT" ]; then
-		DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || :
+		DISPLAY=:0 notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || :
 	fi
 
 	# Check if user didn't define some custom rules to be applied as well...

network/qubes-netwatcher

@@ -11,9 +11,9 @@ echo $$ >$PIDFILE
 trap 'exit 0' SIGTERM
 
 while true; do
-	NET_DOMID=$(/usr/bin/xenstore-read qubes-netvm-domid || :)
+	NET_DOMID=$(xenstore-read qubes-netvm-domid || :)
 	if [[ -n "$NET_DOMID" ]] && [[ $NET_DOMID -gt 0 ]]; then
-		UNTRUSTED_NETCFG=$(/usr/bin/xenstore-read /local/domain/$NET_DOMID/qubes-netvm-external-ip || :)
+		UNTRUSTED_NETCFG=$(xenstore-read /local/domain/$NET_DOMID/qubes-netvm-external-ip || :)
 		# UNTRUSTED_NETCFG is not parsed in any way
 		# thus, no sanitization ready
 		# but be careful when passing it to other shell scripts
@@ -21,11 +21,11 @@ while true; do
 			/sbin/service qubes-firewall stop
 			/sbin/service qubes-firewall start
 			CURR_NETCFG="$UNTRUSTED_NETCFG"
-			/usr/bin/xenstore-write qubes-netvm-external-ip "$CURR_NETCFG"
+			xenstore-write qubes-netvm-external-ip "$CURR_NETCFG"
 		fi
 
-		/usr/bin/xenstore-watch -n 3 /local/domain/$NET_DOMID/qubes-netvm-external-ip qubes-netvm-domid
+		xenstore-watch -n 3 /local/domain/$NET_DOMID/qubes-netvm-external-ip qubes-netvm-domid
 	else
-		/usr/bin/xenstore-watch -n 2 qubes-netvm-domid
+		xenstore-watch -n 2 qubes-netvm-domid
 	fi
 done

network/qubes-setup-dnat-to-ns

@@ -10,7 +10,7 @@ addrule()
         fi
 }
 export PATH=$PATH:/sbin:/bin
-source /var/run/qubes/qubes-ns
+. /var/run/qubes/qubes-ns
 if [ "X"$NS1 = "X" ] ; then exit ; fi
 iptables -t nat -F PR-QBS
 FIRSTONE=yes

vm-systemd/misc-post.sh

@@ -1,9 +1,17 @@
 #!/bin/sh
 
-if [ -f /var/run/qubes-service/yum-proxy-setup ]; then
-    echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
+if [ -e /etc/debian_version ]; then
+    if [ -f /var/run/qubes-service/yum-proxy-setup ]; then
+        echo 'Acquire::http::proxy "http://10.137.255.254:8082/";' > /etc/apt/apt.conf.d/80qubes-proxy
+    else
+        echo > /etc/apt/apt.conf.d/80qubes-proxy
+    fi
 else
-    echo > /etc/yum.conf.d/qubes-proxy.conf
+    if [ -f /var/run/qubes-service/yum-proxy-setup ]; then
+        echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
+    else
+        echo > /etc/yum.conf.d/qubes-proxy.conf
+    fi
 fi
 
 # Set IP address again (besides action in udev rules); this is needed by
@@ -51,7 +59,7 @@ fi
 # Start AppVM specific services
 if [ ! -f /etc/systemd/system/cups.service ]; then
     if [ -f /var/run/qubes-service/cups ]; then
-        /sbin/service cups start
+        service cups start
         # Allow also notification icon
         sed -i -e '/^NotShowIn=.*QUBES/s/;QUBES//' /etc/xdg/autostart/print-applet.desktop
     else

vm-systemd/qubes-qrexec-agent.service

@@ -3,6 +3,7 @@ Description=Qubes remote exec agent
 After=qubes-dvm.service
 
 [Service]
+ExecStartPre=/bin/sh -c '[ -e /dev/xen/evtchn ] || modprobe xen_evtchn'
 ExecStart=/usr/lib/qubes/qrexec-agent
 StandardOutput=syslog
 

vm-systemd/qubes-sysinit.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # List of services enabled by default (in case of absence of xenstore entry)
 DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-yum-proxy"
@@ -7,8 +7,8 @@ DEFAULT_ENABLED_APPVM="meminfo-writer cups qubes-update-check"
 DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM yum-proxy-setup"
 DEFAULT_ENABLED="meminfo-writer"
 
-XS_READ=/usr/bin/xenstore-read
-XS_LS=/usr/bin/xenstore-ls
+XS_READ=xenstore-read
+XS_LS=xenstore-ls
 
 read_service() {
     $XS_READ qubes-service/$1 2> /dev/null
@@ -31,6 +31,8 @@ mkdir -p /var/run/xen-hotplug
 
 # Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read
 chmod 666 /proc/xen/xenbus
+
+[ -e /proc/u2mfn ] || modprobe u2mfn
 # Set permissions to files needed to listen at vchan
 chmod 666 /proc/u2mfn
 
@@ -65,9 +67,13 @@ fi
 
 timezone=`$XS_READ qubes-timezone 2> /dev/null`
 if [ -n "$timezone" ]; then
-    ln -f /usr/share/zoneinfo/$timezone /etc/localtime
-    echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock
-    echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
+    cp -p /usr/share/zoneinfo/$timezone /etc/localtime
+    if [ -e /etc/debian_version ]; then
+        echo "$timezone" > /etc/timezone
+    else
+        echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock
+        echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
+    fi
 fi
 
 # Prepare environment for other services