Merge tag 'mm_5d68e2cc' into debian-systemd

Tag for commit 5d68e2cc7009a1d368c224e9b0a2fc7286e3a210

Conflicts:
	Makefile
	debian/rules
	network/qubes-firewall
	vm-systemd/misc-post.sh
	vm-systemd/qubes-sysinit.sh

Makefile

@@ -43,23 +43,35 @@ all:
 	make -C qrexec
 	make -C qubes-rpc
 
-install-rh:
-	install -m 0644 -D misc/fstab $(DESTDIR)/etc/fstab
-	install -d $(DESTDIR)/etc/init.d
-	install vm-init.d/* $(DESTDIR)/etc/init.d/
-
-	install -D -m 0644 misc/serial.conf $(DESTDIR)/usr/share/qubes/serial.conf
-	install -D misc/qubes-serial-login $(DESTDIR)/$(SBINDIR)/qubes-serial-login
-
+install-systemd:
+	install -d $(DESTDIR)/lib/systemd/system $(DESTDIR)/usr/lib/qubes/init $(DESTDIR)/lib/modules-load.d
+	install -m 0755 vm-systemd/*.sh $(DESTDIR)/usr/lib/qubes/init/
+	install -m 0644 vm-systemd/qubes-*.service $(DESTDIR)/lib/systemd/system/
+	install -m 0644 vm-systemd/qubes-*.timer $(DESTDIR)/lib/systemd/system/
 	install -m 0644 vm-systemd/ModemManager.service $(DESTDIR)/usr/lib/qubes/init/
 	install -m 0644 vm-systemd/NetworkManager.service $(DESTDIR)/usr/lib/qubes/init/
 	install -m 0644 vm-systemd/NetworkManager-wait-online.service $(DESTDIR)/usr/lib/qubes/init/
+	install -m 0644 vm-systemd/qubes-core.conf $(DESTDIR)/lib/modules-load.d/
+	install -m 0644 vm-systemd/qubes-misc.conf $(DESTDIR)/lib/modules-load.d/
 	install -m 0644 vm-systemd/cups.* $(DESTDIR)/usr/lib/qubes/init/
 	install -m 0644 vm-systemd/ntpd.service $(DESTDIR)/usr/lib/qubes/init/
 	install -m 0644 vm-systemd/chronyd.service $(DESTDIR)/usr/lib/qubes/init/
-	install -m 0644 vm-systemd/qubes-update-check.service $(DESTDIR)/lib/systemd/system/
-	install -m 0644 vm-systemd/qubes-update-check.timer $(DESTDIR)/lib/systemd/system/
-	install -m 0644 vm-systemd/qubes-yum-proxy.service $(DESTDIR)/lib/systemd/system/
+
+install-sysvinit:
+	install -d $(DESTDIR)/etc/init.d
+	install vm-init.d/qubes-core $(DESTDIR)/etc/init.d/
+	install vm-init.d/qubes-core-appvm $(DESTDIR)/etc/init.d/
+	install vm-init.d/qubes-core-netvm $(DESTDIR)/etc/init.d/
+	install vm-init.d/qubes-firewall $(DESTDIR)/etc/init.d/
+	install vm-init.d/qubes-netwatcher $(DESTDIR)/etc/init.d/
+	install vm-init.d/qubes-qrexec-agent $(DESTDIR)/etc/init.d/
+	install vm-init.d/qubes-updates-proxy $(DESTDIR)/etc/init.d/
+	install -D vm-init.d/qubes-core.modules $(DESTDIR)/etc/sysconfig/modules/qubes-core.modules
+	install -D vm-init.d/qubes-misc.modules $(DESTDIR)/etc/sysconfig/modules/qubes-misc.modules
+
+
+install-rh: install-systemd install-sysvinit
+	install -m 0644 -D misc/fstab $(DESTDIR)/etc/fstab
 
 	install -D -m 0644 misc/qubes-r2.repo $(DESTDIR)/etc/yum.repos.d/qubes-r2.repo
 	install -d $(DESTDIR)/usr/share/glib-2.0/schemas/
@@ -70,9 +82,7 @@ install-rh:
 	install -D -m 0644 misc/yum-qubes-hooks.conf $(DESTDIR)/etc/yum/pluginconf.d/yum-qubes-hooks.conf
 	install -d -m 755 $(DESTDIR)/etc/pki/rpm-gpg
 	install -m 644 misc/RPM-GPG-KEY-qubes* $(DESTDIR)/etc/pki/rpm-gpg/
-
-	install -D misc/qubes-core.modules $(DESTDIR)/etc/sysconfig/modules/qubes-core.modules
-	install -D misc/qubes-misc.modules $(DESTDIR)/etc/sysconfig/modules/qubes-misc.modules
+	install -D -m 644 misc/session-stop-timeout.conf $(DESTDIR)/usr/lib/systemd/system/user@.service.d/90-session-stop-timeout.conf
 
 
 	install -d $(DESTDIR)/etc/yum.conf.d
@@ -82,6 +92,12 @@ install-rh:
 	install -d $(DESTDIR)/var/lib/qubes/dom0-updates
 	install -D -m 0644 misc/qubes-trigger-sync-appmenus.action $(DESTDIR)/etc/yum/post-actions/qubes-trigger-sync-appmenus.action
 
+	install -D -m 0644 misc/serial.conf $(DESTDIR)/usr/share/qubes/serial.conf
+	install -D misc/qubes-serial-login $(DESTDIR)/$(SBINDIR)/qubes-serial-login
+
+	install -m 0400 -D network/iptables $(DESTDIR)/etc/sysconfig/iptables
+	install -m 0400 -D network/ip6tables $(DESTDIR)/etc/sysconfig/ip6tables
+
 install-common:
 	install -D -m 0440 misc/qubes.sudoers $(DESTDIR)/etc/sudoers.d/qubes
 
@@ -119,9 +135,9 @@ install-common:
 	install -d $(DESTDIR)/etc/NetworkManager/dispatcher.d/
 	install network/{qubes-nmhook,30-qubes-external-ip} $(DESTDIR)/etc/NetworkManager/dispatcher.d/
 	install -D network/vif-route-qubes $(DESTDIR)/etc/xen/scripts/vif-route-qubes
-	install -m 0644 -D network/tinyproxy-qubes-yum.conf $(DESTDIR)/etc/tinyproxy/tinyproxy-qubes-yum.conf
-	install -m 0644 -D network/filter-qubes-yum $(DESTDIR)/etc/tinyproxy/filter-qubes-yum
-	install -m 0755 -D network/iptables-yum-proxy $(DESTDIR)/usr/lib/qubes/iptables-yum-proxy
+	install -m 0644 -D network/tinyproxy-updates.conf $(DESTDIR)/etc/tinyproxy/tinyproxy-updates.conf
+	install -m 0644 -D network/filter-updates $(DESTDIR)/etc/tinyproxy/filter-updates
+	install -m 0755 -D network/iptables-updates-proxy $(DESTDIR)/usr/lib/qubes/iptables-updates-proxy
 	install -d $(DESTDIR)/etc/xdg/autostart
 	install -m 0755 network/show-hide-nm-applet.sh $(DESTDIR)/usr/lib/qubes/show-hide-nm-applet.sh
 	install -m 0644 network/show-hide-nm-applet.desktop $(DESTDIR)/etc/xdg/autostart/00-qubes-show-hide-nm-applet.desktop
@@ -155,10 +171,12 @@ install-common:
 	install -m 0644 qubes-rpc/qubes.{Backup,Restore} $(DESTDIR)/etc/qubes-rpc
 	install -m 0644 qubes-rpc/qubes.Select{File,Directory} $(DESTDIR)/etc/qubes-rpc
 	install -m 0644 qubes-rpc/qubes.GetImageRGBA $(DESTDIR)/etc/qubes-rpc
+	install -m 0644 qubes-rpc/qubes.SetDateTime $(DESTDIR)/etc/qubes-rpc
 
 	install -d $(DESTDIR)/usr/share/file-manager/actions
 	install -m 0644 qubes-rpc/*-gnome.desktop $(DESTDIR)/usr/share/file-manager/actions
 
+	install -D -m 0755 misc/qubes-desktop-run $(DESTDIR)/usr/bin/qubes-desktop-run
 	install -D misc/nautilus-actions.conf $(DESTDIR)/etc/xdg/nautilus-actions/nautilus-actions.conf
 
 	install -d $(DESTDIR)/mnt/removable
@@ -167,16 +185,7 @@ install-common:
 
 	install -d $(DESTDIR)/var/run/qubes
 	install -d $(DESTDIR)/home_volatile/user
-
-	install -d $(DESTDIR)/lib/systemd/system $(DESTDIR)/usr/lib/qubes/init
-	install -m 0755 vm-systemd/*.sh $(DESTDIR)/usr/lib/qubes/init/
-	install -m 0644 vm-systemd/qubes-dvm.service $(DESTDIR)/lib/systemd/system/
-	install -m 0644 vm-systemd/qubes-firewall.service $(DESTDIR)/lib/systemd/system/
-	install -m 0644 vm-systemd/qubes-misc-post.service $(DESTDIR)/lib/systemd/system/
-	install -m 0644 vm-systemd/qubes-netwatcher.service $(DESTDIR)/lib/systemd/system/
-	install -m 0644 vm-systemd/qubes-network.service $(DESTDIR)/lib/systemd/system/
-	install -m 0644 vm-systemd/qubes-qrexec-agent.service $(DESTDIR)/lib/systemd/system/
-	install -m 0644 vm-systemd/qubes-sysinit.service $(DESTDIR)/lib/systemd/system/
+	install -d $(DESTDIR)/rw
 
 install-deb:
 	mkdir -p $(DESTDIR)/etc/apt/sources.list.d

archlinux/PKGBUILD

@@ -66,27 +66,11 @@ package() {
 
   make install-vm DESTDIR=$pkgdir SBINDIR=/usr/bin DIST=archlinux
 
-  # Convert module loading to ARCHLINUX
-  mkdir -p $pkgdir/etc/modules-load.d/
-
-  #misc/qubes-core.modules
-  echo xen-evtchn > $pkgdir/etc/modules-load.d/qubes_core.conf
-  echo xen-blkback >> $pkgdir/etc/modules-load.d/qubes_core.conf
-  # Note : need to compile pvusb drivers for this last one?
-  echo xen-usbfront >> $pkgdir/etc/modules-load.d/qubes_core.conf
-
-  #misc/qubes-misc.modules
-  #install -D misc/qubes_misc.modules $pkgdir/etc/sysconfig/modules/qubes_misc.modules
-  echo dummy-hcd > $pkgdir/etc/modules-load.d/qubes_misc.conf
-
   # Change the place for iptable rules to match archlinux standard
   mkdir -p $pkgdir/etc/iptables
   mv $pkgdir/etc/sysconfig/iptables $pkgdir/etc/iptables/iptables.rules
   mv $pkgdir/etc/sysconfig/ip6tables $pkgdir/etc/iptables/ip6tables.rules
 
-  # Note: appears in the gui package but required for qrexec agent to work
-  echo u2mfn > $pkgdir/etc/modules-load.d/qubes_u2mfn.conf
-
   # Remove things non wanted in archlinux
   rm -r $pkgdir/etc/yum*
   rm -r $pkgdir/etc/init.d

debian/changelog

@@ -1,3 +1,25 @@
+qubes-core-agent (2.1.42) jessie; urgency=medium
+
+  * firewall: show error message only on actual error
+  * Avoid 100MB reserved space in private ext4 partition
+  * gui-fatal: do not run as root
+  * fedora: workaround slow system shutdown (#852)
+  * Rename qubes-yum-proxy service to qubes-updates-proxy
+  * Rename yum-proxy-setup service to updates-proxy-setup
+  * updates-proxy: add rules for debian repositories (#887)
+  * qrexec: check for setuid() error when calling zenity/kdialog
+  * Use systemd mechanism for loading kernel modules (when available)
+  * Add missing u2mfn module load
+  * archlinux: modules-load.d handled now in generic files
+  * debian: migrate to native systemd services
+  * updates-proxy-setup: support setting proxy for apt (#887)
+  * Introduce qubes.SetDateTime service for time synchronization
+  * systemd: fix 'service' path
+  * Include /rw in the package
+  * debian: custom dh_auto_clean no longer needed
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 25 Oct 2014 01:49:58 +0200
+
 qubes-core-agent (2.1.41) jessie; urgency=medium
 
   [ Marek Marczykowski-Górecki ]

debian/control

@@ -2,7 +2,7 @@ Source: qubes-core-agent
 Section: admin
 Priority: extra
 Maintainer: Davíð Steinn Geirsson <david@dsg.is>
-Build-Depends: qubes-utils, libvchan-xen-dev, python, debhelper, quilt, libxen-dev
+Build-Depends: qubes-utils, libvchan-xen-dev, python, debhelper, quilt, libxen-dev, dh-systemd (>= 1.5)
 Standards-Version: 3.9.3
 Homepage: http://www.qubes-os.org
 Vcs-Git: git://git.qubes-os.org/marmarek/core-agent-linux.git

debian/rules

@@ -7,13 +7,13 @@
 export DESTDIR=$(shell pwd)/debian/qubes-core-agent
 
 %:
-	dh $@ --with=systemd
+	dh $@ --with systemd
 
 override_dh_auto_build:
 	make all
 
 override_dh_auto_install:
-	make install-common install-deb
+	make install-common install-deb install-systemd
 	make -C qrexec install
 
 override_dh_fixperms:

misc/qubes-desktop-run

@@ -0,0 +1,11 @@
+#!/usr/bin/python
+
+from gi.repository import Gio
+import sys
+
+def main(myname, desktop, *files):
+    launcher = Gio.DesktopAppInfo.new_from_filename(desktop)
+    launcher.launch(files, None)
+
+if __name__ == "__main__":
+    main(*sys.argv)

misc/session-stop-timeout.conf

@@ -0,0 +1,2 @@
+[Service]
+TimeoutStopSec=500000us

network/filter-qubes-yum

@@ -1,6 +0,0 @@
-/repodata/[A-Za-z0-9-]*\(primary\|filelists\|comps\(-[a-z0-9]*\)\?\|other\|prestodelta\|updateinfo\|pkgtags\)\.\(sqlite\|xml\)\(\.bz2\|\.gz\)\?$
-/repodata/repomd\.xml$
-\.rpm$
-\.drpm$
-^mirrors\.fedoraproject\.org:443$
-^http://mirrors\..*/mirrorlist\?

network/filter-updates

@@ -0,0 +1,11 @@
+/repodata/[A-Za-z0-9-]*\(primary\|filelists\|comps\(-[a-z0-9]*\)\?\|other\|prestodelta\|updateinfo\|pkgtags\)\.\(sqlite\|xml\)\(\.bz2\|\.gz\)\?$
+/repodata/repomd\.xml$
+\.rpm$
+\.drpm$
+^mirrors\.fedoraproject\.org:443$
+^http://mirrors\..*/mirrorlist\?
+\.deb$
+/dists/[a-z]*/\(InRelease\|Release\|Release.gpg\)$
+/dists/[a-z]*/.*/\(Packages\|Sources\|Release\)\(\|\.gz\|\.bz2\|\.xz\|\.lzma\)$
+/dists/[a-z]*/.*/\(Contents\|Translation\)-.*\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)$
+/dists/[a-z]*/.*/\(Contents-.*\|Translation-.*\|Packages\)\.diff/\(Index\|[0-9.-]*\)\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)$

network/qubes-firewall

@@ -40,13 +40,15 @@ while true; do
 
 	for i in $(xenstore-list qubes-iptables-domainrules) ; do
 		RULES=$(xenstore-read qubes-iptables-domainrules/"$i")
-		ERRS=`echo -e "$RULES" | iptables-restore -n 2>&1 || true`
-		echo "Failed applying rules for $i: $ERRS" >&2
-		OUT="$OUT$ERRS"
+		ERRS=`echo -e "$RULES" | /sbin/iptables-restore -n 2>&1 || true`
+		if [ -n "$ERRS" ]; then
+			echo "Failed applying rules for $i: $ERRS" >&2
+			OUT="$OUT$ERRS"
+		fi
 	done		
 	xenstore-write $XENSTORE_ERROR "$OUT"
-	if [ "$OUT" ]; then
-		DISPLAY=:0 notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || :
+	if [ -n "$OUT" ]; then
+		DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || :
 	fi
 
 	# Check if user didn't define some custom rules to be applied as well...

network/tinyproxy-qubes-yum.conf → network/tinyproxy-updates.conf

@@ -8,7 +8,7 @@ DefaultErrorFile "/usr/share/tinyproxy/default.html"
 StatFile "/usr/share/tinyproxy/stats.html"
 Syslog On
 LogLevel Notice
-PidFile "/var/run/tinyproxy/tinyproxy-qubes-yum.pid"
+PidFile "/var/run/tinyproxy/tinyproxy-updates.pid"
 
 MaxClients 50
 MinSpareServers 2
@@ -21,7 +21,7 @@ Allow 127.0.0.1
 Allow 10.137.0.0/16
 
 
-Filter "/etc/tinyproxy/filter-qubes-yum"
+Filter "/etc/tinyproxy/filter-updates"
 FilterURLs On
 #FilterExtended On
 #FilterCaseSensitive On

qubes-rpc/gui-fatal.c

@@ -28,6 +28,9 @@ static void produce_message(const char * type, const char *fmt, va_list args)
 	case -1:
 		exit(1);	//what else
 	case 0:
+		if (geteuid() == 0)
+			if (setuid(getuid()) != 0)
+				perror("setuid failed, calling kdialog/zenity as root");
 		fix_display();
 #ifdef USE_KDIALOG
 		execlp("/usr/bin/kdialog", "kdialog", "--sorry", dialog_msg, NULL);

qubes-rpc/prepare-suspend

@@ -19,6 +19,9 @@ if [ x"$action" == x"suspend" ]; then
         service NetworkManager stop
     # Force interfaces down, just in case when NM didn't done it
     for if in `ls /sys/class/net|grep -v "lo\|vif"`; do 
+        if [ "`cat /sys/class/net/$if/device/devtype 2>/dev/null`" == "vif" ]; then
+            continue
+        fi
         ip l s $if down
     done
     LOADED_MODULES=""

qubes-rpc/qubes.GetAppmenus

@@ -1 +1,2 @@
-find /usr/share/applications/ /usr/local/share/applications/ -name '*.desktop' | xargs awk '/^\[/ { if (tolower($0) != "\[desktop entry\]") nextfile } /=/ {print FILENAME ":" $0 }' 2> /dev/null
+find /usr/share/applications/ /usr/local/share/applications/ -name '*.desktop' | \
+         xargs awk '/^\[/ { if (tolower($0) != "\[desktop entry\]") nextfile } /^Exec=/ { print FILENAME ":Exec=qubes-desktop-run " FILENAME; next } /=/ {print FILENAME ":" $0 }' 2> /dev/null

qubes-rpc/qubes.SetDateTime

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# it is in format of `date -u -Iseconds`, example: 2014-09-29T22:59:21+0000
+# it comes from dom0, so is trusted
+read timestamp
+timediff=$(( `date -u +'+%Y%m%d%H%M%S'` - `date -u -d "$timestamp" +'+%Y%m%d%H%M%S'` ))
+if [ $timediff -le 2 -a $timediff -ge -2 ]; then
+    # don't bother
+    exit 0
+fi
+date -u -s "$timestamp"

rpm_spec/core-vm.spec

@@ -331,13 +331,12 @@ rm -f %{name}-%{version}
 /etc/qubes-rpc/qubes.SelectFile
 /etc/qubes-rpc/qubes.SelectDirectory
 /etc/qubes-rpc/qubes.GetImageRGBA
+/etc/qubes-rpc/qubes.SetDateTime
 %config(noreplace) /etc/sudoers.d/qubes
 %config(noreplace) /etc/sysconfig/iptables
 %config(noreplace) /etc/sysconfig/ip6tables
-/etc/sysconfig/modules/qubes-core.modules
-/etc/sysconfig/modules/qubes-misc.modules
-%config(noreplace) /etc/tinyproxy/filter-qubes-yum
-%config(noreplace) /etc/tinyproxy/tinyproxy-qubes-yum.conf
+%config(noreplace) /etc/tinyproxy/filter-updates
+%config(noreplace) /etc/tinyproxy/tinyproxy-updates.conf
 %config(noreplace) /etc/udev/rules.d/50-qubes-misc.rules
 %config(noreplace) /etc/udev/rules.d/99-qubes-network.rules
 /etc/xdg/autostart/00-qubes-show-hide-nm-applet.desktop
@@ -347,6 +346,7 @@ rm -f %{name}-%{version}
 %config(noreplace) /etc/yum.repos.d/qubes-r2.repo
 /etc/yum/pluginconf.d/yum-qubes-hooks.conf
 /etc/yum/post-actions/qubes-trigger-sync-appmenus.action
+/usr/lib/systemd/system/user@.service.d/90-session-stop-timeout.conf
 /usr/sbin/qubes-serial-login
 /usr/bin/qvm-copy-to-vm
 /usr/bin/qvm-move-to-vm
@@ -355,6 +355,7 @@ rm -f %{name}-%{version}
 /usr/bin/qvm-run
 /usr/bin/qvm-mru-entry
 /usr/bin/xenstore-watch-qubes
+/usr/bin/qubes-desktop-run
 %dir /usr/lib/qubes
 /usr/lib/qubes/vusb-ctl.py*
 /usr/lib/qubes/dispvm-prerun.sh
@@ -382,7 +383,7 @@ rm -f %{name}-%{version}
 /usr/lib/qubes/tar2qfile
 /usr/lib/qubes/vm-file-editor
 /usr/lib/qubes/wrap-in-html-if-url.sh
-/usr/lib/qubes/iptables-yum-proxy
+/usr/lib/qubes/iptables-updates-proxy
 /usr/lib/qubes/close-window
 /usr/lib/yum-plugins/yum-qubes-hooks.py*
 /usr/sbin/qubes-firewall
@@ -398,6 +399,7 @@ rm -f %{name}-%{version}
 %dir /home_volatile
 %attr(700,user,user) /home_volatile/user
 %dir /mnt/removable
+%dir /rw
 
 %package sysvinit
 Summary:        Qubes unit files for SysV init style or upstart
@@ -417,8 +419,10 @@ The Qubes core startup configuration for SysV init (or upstart).
 /etc/init.d/qubes-core-netvm
 /etc/init.d/qubes-firewall
 /etc/init.d/qubes-netwatcher
-/etc/init.d/qubes-yum-proxy
+/etc/init.d/qubes-updates-proxy
 /etc/init.d/qubes-qrexec-agent
+/etc/sysconfig/modules/qubes-core.modules
+/etc/sysconfig/modules/qubes-misc.modules
 
 %post sysvinit
 
@@ -452,8 +456,8 @@ chkconfig --add qubes-firewall || echo "WARNING: Cannot add service qubes-firewa
 chkconfig qubes-firewall on || echo "WARNING: Cannot enable service qubes-firewall!"
 chkconfig --add qubes-netwatcher || echo "WARNING: Cannot add service qubes-netwatcher!"
 chkconfig qubes-netwatcher on || echo "WARNING: Cannot enable service qubes-netwatcher!"
-chkconfig --add qubes-yum-proxy || echo "WARNING: Cannot add service qubes-yum-proxy!"
-chkconfig qubes-yum-proxy on || echo "WARNING: Cannot enable service qubes-yum-proxy!"
+chkconfig --add qubes-updates-proxy || echo "WARNING: Cannot add service qubes-updates-proxy!"
+chkconfig qubes-updates-proxy on || echo "WARNING: Cannot enable service qubes-updates-proxy!"
 chkconfig --add qubes-qrexec-agent || echo "WARNING: Cannot add service qubes-qrexec-agent!"
 chkconfig qubes-qrexec-agent on || echo "WARNING: Cannot enable service qubes-qrexec-agent!"
 
@@ -468,7 +472,7 @@ if [ "$1" = 0 ] ; then
     chkconfig qubes-core-appvm off
     chkconfig qubes-firewall off
     chkconfig qubes-netwatcher off
-    chkconfig qubes-yum-proxy off
+    chkconfig qubes-updates-proxy off
     chkconfig qubes-qrexec-agent off
 fi
 
@@ -497,8 +501,10 @@ The Qubes core startup configuration for SystemD init.
 /lib/systemd/system/qubes-sysinit.service
 /lib/systemd/system/qubes-update-check.service
 /lib/systemd/system/qubes-update-check.timer
-/lib/systemd/system/qubes-yum-proxy.service
+/lib/systemd/system/qubes-updates-proxy.service
 /lib/systemd/system/qubes-qrexec-agent.service
+/lib/modules-load.d/qubes-core.conf
+/lib/modules-load.d/qubes-misc.conf
 %dir /usr/lib/qubes/init
 /usr/lib/qubes/init/prepare-dvm.sh
 /usr/lib/qubes/init/network-proxy-setup.sh
@@ -522,7 +528,7 @@ The Qubes core startup configuration for SystemD init.
 
 %post systemd
 
-for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-yum-proxy qubes-qrexec-agent; do
+for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-updates-proxy qubes-qrexec-agent; do
     /bin/systemctl enable $srv.service 2> /dev/null
 done
 

version

@@ -1 +1 @@
-2.1.41
+2.1.42

vm-init.d/qubes-core

@@ -28,7 +28,7 @@ start()
 		# because it makes some of the pre-created dotfiles invalid (e.g. .kde/cache-<hostname>)
 		# (let's be frank: nobody's gonna use xterm on DispVM)
 		hostname $name
-		sed -i "s/^\(127\.0\.0\.1 .*\) \($name \)\?\(.*\)/\1\2 $name/" /etc/hosts
+		sed -i "s/^\(127\.0\.0\.1[\t ].*\) \($name \)\?\(.*\)/\1\2 $name/" /etc/hosts
 	fi
 
 	timezone=`/usr/bin/xenstore-read qubes-timezone 2> /dev/null`
@@ -38,7 +38,7 @@ start()
 		echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
 	fi
 
-	yum_proxy_setup=$(/usr/bin/xenstore-read qubes-service/yum-proxy-setup 2> /dev/null)
+	yum_proxy_setup=$(/usr/bin/xenstore-read qubes-service/yum-proxy-setup 2> /dev/null || /usr/bin/xenstore-read qubes-service/updates-proxy-setup 2>/dev/null )
     type=$(/usr/bin/xenstore-read qubes-vm-type)
 	if [ "$yum_proxy_setup" != "0" ] || [ -z "$yum_proxy_setup" -a "$type" == "TemplateVM" ]; then
 		echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf

misc/qubes-core.modules → vm-init.d/qubes-core.modules

@@ -1,3 +1,4 @@
 modprobe evtchn 2>/dev/null || modprobe xen-evtchn
 modprobe xen-blkback 2> /dev/null || modprobe blkbk
 modprobe xen-usbfront 2> /dev/null
+modprobe u2mfn 2>/dev/null

vm-init.d/qubes-yum-proxy → vm-init.d/qubes-updates-proxy

@@ -1,14 +1,14 @@
 #!/bin/sh
 #
-# tinyproxy     Startup script for the tinyproxy server as Qubes yum proxy
+# tinyproxy     Startup script for the tinyproxy server as Qubes updates proxy
 #
 # chkconfig:   - 85 15
 # description: small, efficient HTTP/SSL proxy daemon
 #
 # processname: tinyproxy
-# config:      /etc/tinyproxy/tinyproxy-qubes-yum.conf
-# config:      /etc/sysconfig/tinyproxy-qubes-yum
-# pidfile:     /var/run/tinyproxy/tinyproxy-qubes-yum.pid
+# config:      /etc/tinyproxy/tinyproxy-updates.conf
+# config:      /etc/sysconfig/tinyproxy-updates
+# pidfile:     /var/run/tinyproxy/tinyproxy-updates.pid
 #
 # Note: pidfile is created by tinyproxy in its config
 # see PidFile in the configuration file.
@@ -24,17 +24,17 @@
 
 exec="/usr/sbin/tinyproxy"
 prog=$(basename $exec)
-config="/etc/tinyproxy/tinyproxy-qubes-yum.conf"
-pidfile="/var/run/tinyproxy/tinyproxy-qubes-yum.pid"
+config="/etc/tinyproxy/tinyproxy-updates.conf"
+pidfile="/var/run/tinyproxy/tinyproxy-updates.pid"
 
-[ -e /etc/sysconfig/tinyproxy-qubes-yum ] && . /etc/sysconfig/tinyproxy-qubes-yum
+[ -e /etc/sysconfig/tinyproxy-updates ] && . /etc/sysconfig/tinyproxy-updates
 
-lockfile=/var/lock/subsys/tinyproxy-qubes-yum
+lockfile=/var/lock/subsys/tinyproxy-updates
 
 start() {
     type=`/usr/bin/xenstore-read qubes-vm-type`
-    start_yum_proxy=`/usr/bin/xenstore-read qubes-service/qubes-yum-proxy 2>/dev/null`
-    if [ -z "$start_yum_proxy" ] && [ "$type" != "NetVM" ] || [ "$start_yum_proxy" != "1" ]; then
+    start_updates_proxy=`/usr/bin/xenstore-read qubes-service/qubes-updates-proxy 2>/dev/null`
+    if [ -z "$start_updates_proxy" ] && [ "$type" != "NetVM" ] || [ "$start_updates_proxy" != "1" ]; then
         # Yum proxy disabled
         exit 0
     fi
@@ -45,7 +45,7 @@ start() {
     /sbin/iptables -I INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
     /sbin/iptables -t nat -A PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
 
-    echo -n $"Starting $prog (as Qubes yum proxy): "
+    echo -n $"Starting $prog (as Qubes updates proxy): "
     daemon $exec -c $config
     retval=$?
     echo

vm-systemd/misc-post.sh

@@ -1,15 +1,17 @@
 #!/bin/sh
 
-if [ -e /etc/debian_version ]; then
-    if [ -f /var/run/qubes-service/yum-proxy-setup ]; then
-        echo 'Acquire::http::proxy "http://10.137.255.254:8082/";' > /etc/apt/apt.conf.d/80qubes-proxy
-    else
-        echo > /etc/apt/apt.conf.d/80qubes-proxy
+if [ -f /var/run/qubes-service/yum-proxy-setup -o -f /var/run/qubes-service/updates-proxy-setup ]; then
+    if [ -d /etc/apt/apt.conf.d ]; then
+        echo 'Acquire::http::Proxy "http://10.137.255.254:8082/";' >> /etc/apt/apt.conf.d/01qubes-proxy
     fi
-else
-    if [ -f /var/run/qubes-service/yum-proxy-setup ]; then
+    if [ -d /etc/yum.conf.d ]; then
         echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
-    else
+    fi
+else
+    if [ -d /etc/apt/apt.conf.d ]; then
+        rm -f /etc/apt/apt.conf.d/01qubes-proxy
+    fi
+    if [ -d /etc/yum.conf.d ]; then
         echo > /etc/yum.conf.d/qubes-proxy.conf
     fi
 fi
@@ -22,6 +24,7 @@ INTERFACE=eth0 /usr/lib/qubes/setup-ip
 
 if [ -e /dev/xvdb -a ! -e /etc/this-is-dvm ] ; then
     resize2fs /dev/xvdb 2> /dev/null || echo "'resize2fs /dev/xvdb' failed"
+    tune2fs -m 0 /dev/xvdb
     mount /rw
 
     if ! [ -d /rw/home ] ; then
@@ -59,7 +62,7 @@ fi
 # Start AppVM specific services
 if [ ! -f /etc/systemd/system/cups.service ]; then
     if [ -f /var/run/qubes-service/cups ]; then
-        service cups start
+        /usr/sbin/service cups start
         # Allow also notification icon
         sed -i -e '/^NotShowIn=.*QUBES/s/;QUBES//' /etc/xdg/autostart/print-applet.desktop
     else

vm-systemd/qubes-core.conf

@@ -0,0 +1,4 @@
+xen-evtchn
+xen-blkback
+xen-usbfront
+u2mfn

vm-systemd/qubes-misc.conf

@@ -0,0 +1 @@
+dummy-hcd

vm-systemd/qubes-qrexec-agent.service

@@ -9,3 +9,4 @@ StandardOutput=syslog
 
 [Install]
 WantedBy=multi-user.target
+Alias=qubes-core-agent.service

vm-systemd/qubes-sysinit.sh

@@ -1,14 +1,16 @@
 #!/bin/bash
 
 # List of services enabled by default (in case of absence of xenstore entry)
-DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-yum-proxy"
+DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy"
 DEFAULT_ENABLED_PROXYVM="meminfo-writer qubes-network qubes-firewall qubes-netwatcher qubes-update-check"
 DEFAULT_ENABLED_APPVM="meminfo-writer cups qubes-update-check"
-DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM yum-proxy-setup"
+DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup"
 DEFAULT_ENABLED="meminfo-writer"
 
-XS_READ=xenstore-read
-XS_LS=xenstore-ls
+XS_READ=/usr/bin/xenstore-read
+[ -x /usr/sbin/xenstore-read ] && XS_READ=/usr/sbin/xenstore-read
+XS_LS=/usr/bin/xenstore-ls
+[ -x /usr/sbin/xenstore-read ] && XS_LS=/usr/sbin/xenstore-ls
 
 read_service() {
     $XS_READ qubes-service/$1 2> /dev/null
@@ -38,10 +40,10 @@ chmod 666 /proc/u2mfn
 
 # Set default services depending on VM type
 TYPE=`$XS_READ qubes-vm-type 2> /dev/null`
-[ "$TYPE" == "AppVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM
-[ "$TYPE" == "NetVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_NETVM
-[ "$TYPE" == "ProxyVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_PROXYVM
-[ "$TYPE" == "TemplateVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_TEMPLATEVM
+[ "$TYPE" = "AppVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM
+[ "$TYPE" = "NetVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_NETVM
+[ "$TYPE" = "ProxyVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_PROXYVM
+[ "$TYPE" = "TemplateVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_TEMPLATEVM
 
 # Enable default services
 for srv in $DEFAULT_ENABLED; do

vm-systemd/qubes-updates-proxy.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Qubes updates proxy (tinyproxy)
+ConditionPathExists=|/var/run/qubes-service/qubes-yum-proxy
+ConditionPathExists=|/var/run/qubes-service/qubes-updates-proxy
+After=iptables.service
+
+[Service]
+ExecStartPre=/usr/bin/install -d --owner tinyproxy --group tinyproxy /var/run/tinyproxy
+ExecStartPre=/usr/lib/qubes/iptables-updates-proxy start
+ExecStart=/usr/sbin/tinyproxy -d -c /etc/tinyproxy/tinyproxy-updates.conf
+ExecStopPost=/usr/lib/qubes/iptables-updates-proxy stop
+Restart=on-failure
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target

vm-systemd/qubes-yum-proxy.service

@@ -1,15 +0,0 @@
-[Unit]
-Description=Qubes yum proxy (tinyproxy)
-ConditionPathExists=/var/run/qubes-service/qubes-yum-proxy
-After=iptables.service
-
-[Service]
-ExecStartPre=/usr/bin/install -d --owner tinyproxy --group tinyproxy /var/run/tinyproxy
-ExecStartPre=/usr/lib/qubes/iptables-yum-proxy start
-ExecStart=/usr/sbin/tinyproxy -d -c /etc/tinyproxy/tinyproxy-qubes-yum.conf
-ExecStopPost=/usr/lib/qubes/iptables-yum-proxy stop
-Restart=on-failure
-RestartSec=5s
-
-[Install]
-WantedBy=multi-user.target