From 58a12f951cdb5e03d516216391e737690b5f5021 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Sat, 14 Jul 2012 22:54:23 +0200
Subject: [PATCH 1/4] dom0+vm/qrexec-services: pass remote domain via env
 variable not argument

Most qrexec services doesn't use remote domain name, as policy is enforced
earlier. So pass it in way that will allow use of generic command as qrexec
service.
---
 qubes_rpc/qfile-unpacker.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/qubes_rpc/qfile-unpacker.c b/qubes_rpc/qfile-unpacker.c
index eaa5c06..dd0a510 100644
--- a/qubes_rpc/qfile-unpacker.c
+++ b/qubes_rpc/qfile-unpacker.c
@@ -51,13 +51,19 @@ int main(int argc, char ** argv)
 	char *incoming_dir;
 	int pipefds[2];
 	int uid;
+	char *remote_domain;
 
 	pipe(pipefds);
 
 	uid = prepare_creds_return_uid("user");
 
+	remote_domain = getenv("QREXEC_REMOTE_DOMAIN");
+	if (!remote_domain) {
+		gui_fatal("Cannot get remote domain name");
+		exit(1);
+	}
 	mkdir(INCOMING_DIR_ROOT, 0700);
-	asprintf(&incoming_dir, "%s/from-%s", INCOMING_DIR_ROOT, argv[1]);
+	asprintf(&incoming_dir, "%s/from-%s", INCOMING_DIR_ROOT, remote_domain);
 	mkdir(incoming_dir, 0700);
 	if (chdir(incoming_dir))
 		gui_fatal("Error chdir to %s", incoming_dir); 

From 55130c0dee0e163e5f845310b6722b6e06f235ee Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Sat, 14 Jul 2012 22:58:15 +0200
Subject: [PATCH 2/4] vm: simplify qubes.VMShell service

Now additional wrapper not required to skip cmdline argument
---
 qubes_rpc/qubes.VMShell | 2 +-
 qubes_rpc/vm-shell      | 3 ---
 rpm_spec/core-vm.spec   | 3 +--
 3 files changed, 2 insertions(+), 6 deletions(-)
 delete mode 100755 qubes_rpc/vm-shell

diff --git a/qubes_rpc/qubes.VMShell b/qubes_rpc/qubes.VMShell
index 7ca3b5e..01dca2d 100644
--- a/qubes_rpc/qubes.VMShell
+++ b/qubes_rpc/qubes.VMShell
@@ -1 +1 @@
-/usr/lib/qubes/vm-shell
\ No newline at end of file
+/bin/bash
diff --git a/qubes_rpc/vm-shell b/qubes_rpc/vm-shell
deleted file mode 100755
index d06e398..0000000
--- a/qubes_rpc/vm-shell
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-# just ignore the cmdline argument (the remote vm name)
-exec /bin/bash
diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec
index f24c679..e73cdb8 100644
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@@ -156,7 +156,7 @@ install qubes_rpc/wrap_in_html_if_url.sh $RPM_BUILD_ROOT/usr/lib/qubes
 install qubes_rpc/qvm-copy-to-vm.kde $RPM_BUILD_ROOT/usr/lib/qubes
 install qubes_rpc/qvm-copy-to-vm.gnome $RPM_BUILD_ROOT/usr/lib/qubes
 install qubes_rpc/{vm-file-editor,qfile-agent,qopen-in-vm,qfile-unpacker} $RPM_BUILD_ROOT/usr/lib/qubes
-install qubes_rpc/{vm-shell,qrun-in-vm} $RPM_BUILD_ROOT/usr/lib/qubes
+install qubes_rpc/qrun-in-vm $RPM_BUILD_ROOT/usr/lib/qubes
 install qubes_rpc/sync-ntp-clock $RPM_BUILD_ROOT/usr/lib/qubes
 install qubes_rpc/prepare-suspend $RPM_BUILD_ROOT/usr/lib/qubes
 install -d $RPM_BUILD_ROOT/%{kde_service_dir}
@@ -419,7 +419,6 @@ rm -rf $RPM_BUILD_ROOT
 /usr/lib/qubes/serial.conf
 /usr/lib/qubes/setup_ip
 /usr/lib/qubes/vm-file-editor
-/usr/lib/qubes/vm-shell
 /usr/lib/qubes/wrap_in_html_if_url.sh
 /usr/lib/yum-plugins/yum-qubes-hooks.py*
 /usr/sbin/qubes_firewall

From 8129032c9e472dc80ef3aec5c1d98d071e48686b Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Sat, 14 Jul 2012 23:07:01 +0200
Subject: [PATCH 3/4] vm: implement qubes.GetAppmenus to reduce code
 duplication

As one-liner services are now real one-line, just do it.
---
 misc/qubes_trigger_sync_appmenus.sh | 2 +-
 qubes_rpc/qubes.GetAppmenus         | 2 ++
 rpm_spec/core-vm.spec               | 3 ++-
 3 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 qubes_rpc/qubes.GetAppmenus

diff --git a/misc/qubes_trigger_sync_appmenus.sh b/misc/qubes_trigger_sync_appmenus.sh
index 5390c2d..e848ea3 100755
--- a/misc/qubes_trigger_sync_appmenus.sh
+++ b/misc/qubes_trigger_sync_appmenus.sh
@@ -3,5 +3,5 @@
 UPDATEABLE=`/usr/bin/xenstore-read qubes_vm_updateable`
 
 if [ "$UPDATEABLE" = "True" ]; then
-    /usr/lib/qubes/qrexec_client_vm dom0 qubes.SyncAppMenus /bin/grep -H = /usr/share/applications/*.desktop
+    /usr/lib/qubes/qrexec_client_vm dom0 qubes.SyncAppMenus /bin/sh /etc/qubes_rpc/qubes.GetAppmenus
 fi
diff --git a/qubes_rpc/qubes.GetAppmenus b/qubes_rpc/qubes.GetAppmenus
new file mode 100644
index 0000000..cada68c
--- /dev/null
+++ b/qubes_rpc/qubes.GetAppmenus
@@ -0,0 +1,2 @@
+shopt -s nullglob
+/bin/grep -H = /usr/share/applications/*.desktop /usr/local/share/applications/*.desktop 2> /dev/null
diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec
index e73cdb8..9509403 100644
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@@ -163,7 +163,7 @@ install -d $RPM_BUILD_ROOT/%{kde_service_dir}
 install -m 0644 qubes_rpc/{qvm-copy.desktop,qvm-dvm.desktop} $RPM_BUILD_ROOT/%{kde_service_dir}
 install -d $RPM_BUILD_ROOT/etc/qubes_rpc
 install -m 0644 qubes_rpc/{qubes.Filecopy,qubes.OpenInVM,qubes.VMShell,qubes.SyncNtpClock} $RPM_BUILD_ROOT/etc/qubes_rpc
-install -m 0644 qubes_rpc/{qubes.SuspendPre,qubes.SuspendPost} $RPM_BUILD_ROOT/etc/qubes_rpc
+install -m 0644 qubes_rpc/{qubes.SuspendPre,qubes.SuspendPost,qubes.GetAppmenus} $RPM_BUILD_ROOT/etc/qubes_rpc
 
 install qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes
 install qrexec/qrexec_client_vm $RPM_BUILD_ROOT/usr/lib/qubes
@@ -371,6 +371,7 @@ rm -rf $RPM_BUILD_ROOT
 %dir /etc/qubes_rpc
 /etc/qubes_rpc/qubes.Filecopy
 /etc/qubes_rpc/qubes.OpenInVM
+/etc/qubes_rpc/qubes.GetAppmenus
 /etc/qubes_rpc/qubes.VMShell
 /etc/qubes_rpc/qubes.SyncNtpClock
 /etc/qubes_rpc/qubes.SuspendPre

From c8f3f737f59ea6fffdafb51e3aea686f48b94867 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Mon, 16 Jul 2012 12:49:41 +0200
Subject: [PATCH 4/4] Revert "vm/spec: disable pam_systemd globally (#607)"
 (#626)

This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626).

Conflicts:

	rpm_spec/core-vm.spec
---
 rpm_spec/core-vm.spec | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec
index 9509403..7e2b034 100644
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@@ -188,13 +188,6 @@ install -D u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so
 %triggerin -- initscripts
 cp /usr/lib/qubes/serial.conf /etc/init/serial.conf
 
-%triggerin -- systemd
-# Disable pam_systemd - we (hopefully) don't need it, but it cause some minor
-# problems (http://wiki.qubes-os.org/trac/ticket/607)
-# /etc/pam.d/common-* are automatically (re)generated by authconfig, so its
-# modification will not be persistent -> must be done this way
-mv -f /%{_lib}/security/pam_systemd.so /%{_lib}/security/pam_systemd.so.disabled 2> /dev/null || :
-
 %post
 
 # disable some Upstart services
@@ -336,7 +329,6 @@ if [ "$1" = 0 ] ; then
     mv /var/lib/qubes/fstab.orig /etc/fstab
     mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
     mv /var/lib/qubes/serial.orig /etc/init/serial.conf
-    mv /%{_lib}/security/pam_systemd.so.disabled /%{_lib}/security/pam_systemd.so
 fi
 
 %postun