diff --git a/network/qubes-firewall b/network/qubes-firewall index 0b8da66..dd5ed23 100755 --- a/network/qubes-firewall +++ b/network/qubes-firewall @@ -23,8 +23,8 @@ while true; do TRIGGER=reload else # Wait for changes in xenstore file - /usr/bin/xenstore-watch-qubes $XENSTORE_IPTABLES - TRIGGER=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES) + xenstore-watch-qubes $XENSTORE_IPTABLES + TRIGGER=$(xenstore-read $XENSTORE_IPTABLES) fi if ! [ "$TRIGGER" = "reload" ]; then continue ; fi @@ -34,19 +34,19 @@ while true; do # during the time when the rules are being (re)applied echo "0" > /proc/sys/net/ipv4/ip_forward - RULES=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES_HEADER) - IPTABLES_SAVE=$(/sbin/iptables-save | sed '/^\*filter/,/^COMMIT/d') - OUT=`echo -e "$RULES\n$IPTABLES_SAVE" | /sbin/iptables-restore 2>&1 || true` + RULES=$(xenstore-read $XENSTORE_IPTABLES_HEADER) + IPTABLES_SAVE=$(iptables-save | sed '/^\*filter/,/^COMMIT/d') + OUT=`echo -e "$RULES\n$IPTABLES_SAVE" | iptables-restore 2>&1 || true` for i in $(xenstore-list qubes-iptables-domainrules) ; do - RULES=$(/usr/bin/xenstore-read qubes-iptables-domainrules/"$i") - ERRS=`echo -e "$RULES" | /sbin/iptables-restore -n 2>&1 || true` + RULES=$(xenstore-read qubes-iptables-domainrules/"$i") + ERRS=`echo -e "$RULES" | iptables-restore -n 2>&1 || true` echo "Failed applying rules for $i: $ERRS" >&2 OUT="$OUT$ERRS" done - /usr/bin/xenstore-write $XENSTORE_ERROR "$OUT" + xenstore-write $XENSTORE_ERROR "$OUT" if [ "$OUT" ]; then - DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || : + DISPLAY=:0 notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || : fi # Check if user didn't define some custom rules to be applied as well... diff --git a/network/qubes-netwatcher b/network/qubes-netwatcher index 0acab7f..81edffe 100755 --- a/network/qubes-netwatcher +++ b/network/qubes-netwatcher @@ -11,9 +11,9 @@ echo $$ >$PIDFILE trap 'exit 0' SIGTERM while true; do - NET_DOMID=$(/usr/bin/xenstore-read qubes-netvm-domid || :) + NET_DOMID=$(xenstore-read qubes-netvm-domid || :) if [[ -n "$NET_DOMID" ]] && [[ $NET_DOMID -gt 0 ]]; then - UNTRUSTED_NETCFG=$(/usr/bin/xenstore-read /local/domain/$NET_DOMID/qubes-netvm-external-ip || :) + UNTRUSTED_NETCFG=$(xenstore-read /local/domain/$NET_DOMID/qubes-netvm-external-ip || :) # UNTRUSTED_NETCFG is not parsed in any way # thus, no sanitization ready # but be careful when passing it to other shell scripts @@ -21,11 +21,11 @@ while true; do /sbin/service qubes-firewall stop /sbin/service qubes-firewall start CURR_NETCFG="$UNTRUSTED_NETCFG" - /usr/bin/xenstore-write qubes-netvm-external-ip "$CURR_NETCFG" + xenstore-write qubes-netvm-external-ip "$CURR_NETCFG" fi - /usr/bin/xenstore-watch -n 3 /local/domain/$NET_DOMID/qubes-netvm-external-ip qubes-netvm-domid + xenstore-watch -n 3 /local/domain/$NET_DOMID/qubes-netvm-external-ip qubes-netvm-domid else - /usr/bin/xenstore-watch -n 2 qubes-netvm-domid + xenstore-watch -n 2 qubes-netvm-domid fi done diff --git a/network/qubes-setup-dnat-to-ns b/network/qubes-setup-dnat-to-ns index 6a30126..a1f9bc1 100755 --- a/network/qubes-setup-dnat-to-ns +++ b/network/qubes-setup-dnat-to-ns @@ -10,7 +10,7 @@ addrule() fi } export PATH=$PATH:/sbin:/bin -source /var/run/qubes/qubes-ns +. /var/run/qubes/qubes-ns if [ "X"$NS1 = "X" ] ; then exit ; fi iptables -t nat -F PR-QBS FIRSTONE=yes diff --git a/vm-systemd/misc-post.sh b/vm-systemd/misc-post.sh index e718d02..43e944c 100755 --- a/vm-systemd/misc-post.sh +++ b/vm-systemd/misc-post.sh @@ -1,9 +1,17 @@ #!/bin/sh -if [ -f /var/run/qubes-service/yum-proxy-setup ]; then - echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf +if [ -e /etc/debian_version ]; then + if [ -f /var/run/qubes-service/yum-proxy-setup ]; then + echo 'Acquire::http::proxy "http://10.137.255.254:8082/";' > /etc/apt/apt.conf.d/80qubes-proxy + else + echo > /etc/apt/apt.conf.d/80qubes-proxy + fi else - echo > /etc/yum.conf.d/qubes-proxy.conf + if [ -f /var/run/qubes-service/yum-proxy-setup ]; then + echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf + else + echo > /etc/yum.conf.d/qubes-proxy.conf + fi fi # Set IP address again (besides action in udev rules); this is needed by @@ -51,7 +59,7 @@ fi # Start AppVM specific services if [ ! -f /etc/systemd/system/cups.service ]; then if [ -f /var/run/qubes-service/cups ]; then - /sbin/service cups start + service cups start # Allow also notification icon sed -i -e '/^NotShowIn=.*QUBES/s/;QUBES//' /etc/xdg/autostart/print-applet.desktop else diff --git a/vm-systemd/qubes-qrexec-agent.service b/vm-systemd/qubes-qrexec-agent.service index 483e694..72bbe84 100644 --- a/vm-systemd/qubes-qrexec-agent.service +++ b/vm-systemd/qubes-qrexec-agent.service @@ -3,6 +3,7 @@ Description=Qubes remote exec agent After=qubes-dvm.service [Service] +ExecStartPre=/bin/sh -c '[ -e /dev/xen/evtchn ] || modprobe xen_evtchn' ExecStart=/usr/lib/qubes/qrexec-agent StandardOutput=syslog diff --git a/vm-systemd/qubes-sysinit.sh b/vm-systemd/qubes-sysinit.sh index 17d9fde..08b610e 100755 --- a/vm-systemd/qubes-sysinit.sh +++ b/vm-systemd/qubes-sysinit.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # List of services enabled by default (in case of absence of xenstore entry) DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-yum-proxy" @@ -7,8 +7,8 @@ DEFAULT_ENABLED_APPVM="meminfo-writer cups qubes-update-check" DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM yum-proxy-setup" DEFAULT_ENABLED="meminfo-writer" -XS_READ=/usr/bin/xenstore-read -XS_LS=/usr/bin/xenstore-ls +XS_READ=xenstore-read +XS_LS=xenstore-ls read_service() { $XS_READ qubes-service/$1 2> /dev/null @@ -31,6 +31,8 @@ mkdir -p /var/run/xen-hotplug # Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read chmod 666 /proc/xen/xenbus + +[ -e /proc/u2mfn ] || modprobe u2mfn # Set permissions to files needed to listen at vchan chmod 666 /proc/u2mfn @@ -65,9 +67,13 @@ fi timezone=`$XS_READ qubes-timezone 2> /dev/null` if [ -n "$timezone" ]; then - ln -f /usr/share/zoneinfo/$timezone /etc/localtime - echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock - echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock + cp -p /usr/share/zoneinfo/$timezone /etc/localtime + if [ -e /etc/debian_version ]; then + echo "$timezone" > /etc/timezone + else + echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock + echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock + fi fi # Prepare environment for other services