Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Tag for commit 5d68e2cc70

Browse Source 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUTruhAAoJEAY5OLpCz6ck7IcP/i4JXNEMO8vDSgphM50NIIz6
 +hLb+kXBGeL9SsQKRlz000BUOcIsg+d2ibwnTsi1kNuq2OgJOAHAp5hHgHGc5ddG
 0PLFf/Ddexl7/2cG/hKekXiIpXGcuhqgsIfatqcKB228mVLG8y/kqwViIDbMgg10
 X8Aiq1ba0EeHI7xskkPb1hzkszOfLFoEXCRjt+BQsmr+Bll+sAzCS3G9vSbhczFl
 wmTtgOiu2fWsPgOB2O6HYeO0PUUX+jGF/jncZYf85pEwMccNqRIWjSJC6ti533zv
 5x1bWKWFymBAUcTS+xi00FPeatmQ7b5ywMxTwbqIQkE1Mrt436Dz/B1r0E58q0AH
 gu4qG/KPBNdRBD4vPrvLKiyood/XIpvz0+6QqS9rFMKt71OSzmMR1WeLgclCn768
 cR510iZyJjmqe9lLQQTCJr+oqvwiVot7sfsgj1XP5PozalTkdIawioIZjeX5Zz4O
 +zo+P+jIV+P6QbN+0nD+vrW8kSZlM8vt+OVBPhon/bMFxGKZervs7kFUCNPn6fUK
 WNw8lSrKQqJe/a805Ktku8moatVElmexj7XTkII1nnAnEu6/bokJqjCHQ933794l
 ERRwitFN+BWm3OBXq/BsdSnCotT+gnlMEDtuHiD0JHQBGwxAZGQtliQhWLF25Ekh
 BJkmYBjqgnjCsQFUBMnn
 =shGW
 -----END PGP SIGNATURE-----

Merge tag 'mm_5d68e2cc' into debian-systemd

Tag for commit 5d68e2cc70

Conflicts:
	Makefile
	debian/rules
	network/qubes-firewall
	vm-systemd/misc-post.sh
	vm-systemd/qubes-sysinit.sh
This commit is contained in:
HW42 2014-11-03 04:28:00 +01:00
commit 63e915f6d4
29 changed files with 189 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
Makefile
View File

@ -43,23 +43,35 @@ all:
make -C qrexec
make -C qubes-rpc
install-rh:
install -m 0644 -D misc/fstab $(DESTDIR)/etc/fstab
install -d $(DESTDIR)/etc/init.d
install vm-init.d/* $(DESTDIR)/etc/init.d/
install -D -m 0644 misc/serial.conf $(DESTDIR)/usr/share/qubes/serial.conf
install -D misc/qubes-serial-login $(DESTDIR)/$(SBINDIR)/qubes-serial-login
install-systemd:
install -d $(DESTDIR)/lib/systemd/system $(DESTDIR)/usr/lib/qubes/init $(DESTDIR)/lib/modules-load.d
install -m 0755 vm-systemd/*.sh $(DESTDIR)/usr/lib/qubes/init/
install -m 0644 vm-systemd/qubes-*.service $(DESTDIR)/lib/systemd/system/
install -m 0644 vm-systemd/qubes-*.timer $(DESTDIR)/lib/systemd/system/
install -m 0644 vm-systemd/ModemManager.service $(DESTDIR)/usr/lib/qubes/init/
install -m 0644 vm-systemd/NetworkManager.service $(DESTDIR)/usr/lib/qubes/init/
install -m 0644 vm-systemd/NetworkManager-wait-online.service $(DESTDIR)/usr/lib/qubes/init/
install -m 0644 vm-systemd/qubes-core.conf $(DESTDIR)/lib/modules-load.d/
install -m 0644 vm-systemd/qubes-misc.conf $(DESTDIR)/lib/modules-load.d/
install -m 0644 vm-systemd/cups.* $(DESTDIR)/usr/lib/qubes/init/
install -m 0644 vm-systemd/ntpd.service $(DESTDIR)/usr/lib/qubes/init/
install -m 0644 vm-systemd/chronyd.service $(DESTDIR)/usr/lib/qubes/init/
install -m 0644 vm-systemd/qubes-update-check.service $(DESTDIR)/lib/systemd/system/
install -m 0644 vm-systemd/qubes-update-check.timer $(DESTDIR)/lib/systemd/system/
install -m 0644 vm-systemd/qubes-yum-proxy.service $(DESTDIR)/lib/systemd/system/
install-sysvinit:
install -d $(DESTDIR)/etc/init.d
install vm-init.d/qubes-core $(DESTDIR)/etc/init.d/
install vm-init.d/qubes-core-appvm $(DESTDIR)/etc/init.d/
install vm-init.d/qubes-core-netvm $(DESTDIR)/etc/init.d/
install vm-init.d/qubes-firewall $(DESTDIR)/etc/init.d/
install vm-init.d/qubes-netwatcher $(DESTDIR)/etc/init.d/
install vm-init.d/qubes-qrexec-agent $(DESTDIR)/etc/init.d/
install vm-init.d/qubes-updates-proxy $(DESTDIR)/etc/init.d/
install -D vm-init.d/qubes-core.modules $(DESTDIR)/etc/sysconfig/modules/qubes-core.modules
install -D vm-init.d/qubes-misc.modules $(DESTDIR)/etc/sysconfig/modules/qubes-misc.modules
install-rh: install-systemd install-sysvinit
install -m 0644 -D misc/fstab $(DESTDIR)/etc/fstab
install -D -m 0644 misc/qubes-r2.repo $(DESTDIR)/etc/yum.repos.d/qubes-r2.repo
install -d $(DESTDIR)/usr/share/glib-2.0/schemas/
@ -70,9 +82,7 @@ install-rh:
install -D -m 0644 misc/yum-qubes-hooks.conf $(DESTDIR)/etc/yum/pluginconf.d/yum-qubes-hooks.conf
install -d -m 755 $(DESTDIR)/etc/pki/rpm-gpg
install -m 644 misc/RPM-GPG-KEY-qubes* $(DESTDIR)/etc/pki/rpm-gpg/
install -D misc/qubes-core.modules $(DESTDIR)/etc/sysconfig/modules/qubes-core.modules
install -D misc/qubes-misc.modules $(DESTDIR)/etc/sysconfig/modules/qubes-misc.modules
install -D -m 644 misc/session-stop-timeout.conf $(DESTDIR)/usr/lib/systemd/system/user@.service.d/90-session-stop-timeout.conf
install -d $(DESTDIR)/etc/yum.conf.d
@ -82,6 +92,12 @@ install-rh:
install -d $(DESTDIR)/var/lib/qubes/dom0-updates
install -D -m 0644 misc/qubes-trigger-sync-appmenus.action $(DESTDIR)/etc/yum/post-actions/qubes-trigger-sync-appmenus.action
install -D -m 0644 misc/serial.conf $(DESTDIR)/usr/share/qubes/serial.conf
install -D misc/qubes-serial-login $(DESTDIR)/$(SBINDIR)/qubes-serial-login
install -m 0400 -D network/iptables $(DESTDIR)/etc/sysconfig/iptables
install -m 0400 -D network/ip6tables $(DESTDIR)/etc/sysconfig/ip6tables
install-common:
install -D -m 0440 misc/qubes.sudoers $(DESTDIR)/etc/sudoers.d/qubes
@ -119,9 +135,9 @@ install-common:
install -d $(DESTDIR)/etc/NetworkManager/dispatcher.d/
install network/{qubes-nmhook,30-qubes-external-ip} $(DESTDIR)/etc/NetworkManager/dispatcher.d/
install -D network/vif-route-qubes $(DESTDIR)/etc/xen/scripts/vif-route-qubes
install -m 0644 -D network/tinyproxy-qubes-yum.conf $(DESTDIR)/etc/tinyproxy/tinyproxy-qubes-yum.conf
install -m 0644 -D network/filter-qubes-yum $(DESTDIR)/etc/tinyproxy/filter-qubes-yum
install -m 0755 -D network/iptables-yum-proxy $(DESTDIR)/usr/lib/qubes/iptables-yum-proxy
install -m 0644 -D network/tinyproxy-updates.conf $(DESTDIR)/etc/tinyproxy/tinyproxy-updates.conf
install -m 0644 -D network/filter-updates $(DESTDIR)/etc/tinyproxy/filter-updates
install -m 0755 -D network/iptables-updates-proxy $(DESTDIR)/usr/lib/qubes/iptables-updates-proxy
install -d $(DESTDIR)/etc/xdg/autostart
install -m 0755 network/show-hide-nm-applet.sh $(DESTDIR)/usr/lib/qubes/show-hide-nm-applet.sh
install -m 0644 network/show-hide-nm-applet.desktop $(DESTDIR)/etc/xdg/autostart/00-qubes-show-hide-nm-applet.desktop
@ -155,10 +171,12 @@ install-common:
install -m 0644 qubes-rpc/qubes.{Backup,Restore} $(DESTDIR)/etc/qubes-rpc
install -m 0644 qubes-rpc/qubes.Select{File,Directory} $(DESTDIR)/etc/qubes-rpc
install -m 0644 qubes-rpc/qubes.GetImageRGBA $(DESTDIR)/etc/qubes-rpc
install -m 0644 qubes-rpc/qubes.SetDateTime $(DESTDIR)/etc/qubes-rpc
install -d $(DESTDIR)/usr/share/file-manager/actions
install -m 0644 qubes-rpc/*-gnome.desktop $(DESTDIR)/usr/share/file-manager/actions
install -D -m 0755 misc/qubes-desktop-run $(DESTDIR)/usr/bin/qubes-desktop-run
install -D misc/nautilus-actions.conf $(DESTDIR)/etc/xdg/nautilus-actions/nautilus-actions.conf
install -d $(DESTDIR)/mnt/removable
@ -167,16 +185,7 @@ install-common:
install -d $(DESTDIR)/var/run/qubes
install -d $(DESTDIR)/home_volatile/user
install -d $(DESTDIR)/lib/systemd/system $(DESTDIR)/usr/lib/qubes/init
install -m 0755 vm-systemd/*.sh $(DESTDIR)/usr/lib/qubes/init/
install -m 0644 vm-systemd/qubes-dvm.service $(DESTDIR)/lib/systemd/system/
install -m 0644 vm-systemd/qubes-firewall.service $(DESTDIR)/lib/systemd/system/
install -m 0644 vm-systemd/qubes-misc-post.service $(DESTDIR)/lib/systemd/system/
install -m 0644 vm-systemd/qubes-netwatcher.service $(DESTDIR)/lib/systemd/system/
install -m 0644 vm-systemd/qubes-network.service $(DESTDIR)/lib/systemd/system/
install -m 0644 vm-systemd/qubes-qrexec-agent.service $(DESTDIR)/lib/systemd/system/
install -m 0644 vm-systemd/qubes-sysinit.service $(DESTDIR)/lib/systemd/system/
install -d $(DESTDIR)/rw
install-deb:
mkdir -p $(DESTDIR)/etc/apt/sources.list.d

16
archlinux/PKGBUILD
View File

@ -66,27 +66,11 @@ package() {
make install-vm DESTDIR=$pkgdir SBINDIR=/usr/bin DIST=archlinux
# Convert module loading to ARCHLINUX
mkdir -p $pkgdir/etc/modules-load.d/
#misc/qubes-core.modules
echo xen-evtchn > $pkgdir/etc/modules-load.d/qubes_core.conf
echo xen-blkback >> $pkgdir/etc/modules-load.d/qubes_core.conf
# Note : need to compile pvusb drivers for this last one?
echo xen-usbfront >> $pkgdir/etc/modules-load.d/qubes_core.conf
#misc/qubes-misc.modules
#install -D misc/qubes_misc.modules $pkgdir/etc/sysconfig/modules/qubes_misc.modules
echo dummy-hcd > $pkgdir/etc/modules-load.d/qubes_misc.conf
# Change the place for iptable rules to match archlinux standard
mkdir -p $pkgdir/etc/iptables
mv $pkgdir/etc/sysconfig/iptables $pkgdir/etc/iptables/iptables.rules
mv $pkgdir/etc/sysconfig/ip6tables $pkgdir/etc/iptables/ip6tables.rules
# Note: appears in the gui package but required for qrexec agent to work
echo u2mfn > $pkgdir/etc/modules-load.d/qubes_u2mfn.conf
# Remove things non wanted in archlinux
rm -r $pkgdir/etc/yum*
rm -r $pkgdir/etc/init.d

22
debian/changelog vendored
View File

@ -1,3 +1,25 @@
qubes-core-agent (2.1.42) jessie; urgency=medium
* firewall: show error message only on actual error
* Avoid 100MB reserved space in private ext4 partition
* gui-fatal: do not run as root
* fedora: workaround slow system shutdown (#852)
* Rename qubes-yum-proxy service to qubes-updates-proxy
* Rename yum-proxy-setup service to updates-proxy-setup
* updates-proxy: add rules for debian repositories (#887)
* qrexec: check for setuid() error when calling zenity/kdialog
* Use systemd mechanism for loading kernel modules (when available)
* Add missing u2mfn module load
* archlinux: modules-load.d handled now in generic files
* debian: migrate to native systemd services
* updates-proxy-setup: support setting proxy for apt (#887)
* Introduce qubes.SetDateTime service for time synchronization
* systemd: fix 'service' path
* Include /rw in the package
* debian: custom dh_auto_clean no longer needed
-- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Sat, 25 Oct 2014 01:49:58 +0200
qubes-core-agent (2.1.41) jessie; urgency=medium
[ Marek Marczykowski-Górecki ]

2
debian/control vendored
View File

@ -2,7 +2,7 @@ Source: qubes-core-agent
Section: admin
Priority: extra
Maintainer: Davíð Steinn Geirsson <david@dsg.is>
Build-Depends: qubes-utils, libvchan-xen-dev, python, debhelper, quilt, libxen-dev
Build-Depends: qubes-utils, libvchan-xen-dev, python, debhelper, quilt, libxen-dev, dh-systemd (>= 1.5)
Standards-Version: 3.9.3
Homepage: http://www.qubes-os.org
Vcs-Git: git://git.qubes-os.org/marmarek/core-agent-linux.git

4
debian/rules vendored
View File

@ -7,13 +7,13 @@
export DESTDIR=$(shell pwd)/debian/qubes-core-agent
%:
dh $@ --with=systemd
dh $@ --with systemd
override_dh_auto_build:
make all
override_dh_auto_install:
make install-common install-deb
make install-common install-deb install-systemd
make -C qrexec install
override_dh_fixperms:

11
misc/qubes-desktop-run Executable file
View File

@ -0,0 +1,11 @@
#!/usr/bin/python
from gi.repository import Gio
import sys
def main(myname, desktop, *files):
launcher = Gio.DesktopAppInfo.new_from_filename(desktop)
launcher.launch(files, None)
if __name__ == "__main__":
main(*sys.argv)

2
misc/session-stop-timeout.conf Normal file
View File

@ -0,0 +1,2 @@
[Service]
TimeoutStopSec=500000us

6
network/filter-qubes-yum
View File

@ -1,6 +0,0 @@
/repodata/[A-Za-z0-9-]*\(primary\|filelists\|comps\(-[a-z0-9]*\)\?\|other\|prestodelta\|updateinfo\|pkgtags\)\.\(sqlite\|xml\)\(\.bz2\|\.gz\)\?$
/repodata/repomd\.xml$
\.rpm$
\.drpm$
^mirrors\.fedoraproject\.org:443$
^http://mirrors\..*/mirrorlist\?

11
network/filter-updates Normal file
View File

@ -0,0 +1,11 @@
/repodata/[A-Za-z0-9-]*\(primary\|filelists\|comps\(-[a-z0-9]*\)\?\|other\|prestodelta\|updateinfo\|pkgtags\)\.\(sqlite\|xml\)\(\.bz2\|\.gz\)\?$
/repodata/repomd\.xml$
\.rpm$
\.drpm$
^mirrors\.fedoraproject\.org:443$
^http://mirrors\..*/mirrorlist\?
\.deb$
/dists/[a-z]*/\(InRelease\|Release\|Release.gpg\)$
/dists/[a-z]*/.*/\(Packages\|Sources\|Release\)\(\|\.gz\|\.bz2\|\.xz\|\.lzma\)$
/dists/[a-z]*/.*/\(Contents\|Translation\)-.*\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)$
/dists/[a-z]*/.*/\(Contents-.*\|Translation-.*\|Packages\)\.diff/\(Index\|[0-9.-]*\)\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)$

0
network/iptables-yum-proxy → network/iptables-updates-proxy
View File

8
network/qubes-firewall
View File

@ -40,13 +40,15 @@ while true; do
for i in $(xenstore-list qubes-iptables-domainrules) ; do
RULES=$(xenstore-read qubes-iptables-domainrules/"$i")
ERRS=`echo -e "$RULES" | iptables-restore -n 2>&1 || true`
ERRS=`echo -e "$RULES" | /sbin/iptables-restore -n 2>&1 || true`
if [ -n "$ERRS" ]; then
echo "Failed applying rules for $i: $ERRS" >&2
OUT="$OUT$ERRS"
fi
done
xenstore-write $XENSTORE_ERROR "$OUT"
if [ "$OUT" ]; then
DISPLAY=:0 notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || :
if [ -n "$OUT" ]; then
DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || :
fi
# Check if user didn't define some custom rules to be applied as well...

4
network/tinyproxy-qubes-yum.conf → network/tinyproxy-updates.conf
View File

@ -8,7 +8,7 @@ DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatFile "/usr/share/tinyproxy/stats.html"
Syslog On
LogLevel Notice
PidFile "/var/run/tinyproxy/tinyproxy-qubes-yum.pid"
PidFile "/var/run/tinyproxy/tinyproxy-updates.pid"
MaxClients 50
MinSpareServers 2
@ -21,7 +21,7 @@ Allow 127.0.0.1
Allow 10.137.0.0/16
Filter "/etc/tinyproxy/filter-qubes-yum"
Filter "/etc/tinyproxy/filter-updates"
FilterURLs On
#FilterExtended On
#FilterCaseSensitive On

3
qubes-rpc/gui-fatal.c
View File

@ -28,6 +28,9 @@ static void produce_message(const char * type, const char *fmt, va_list args)
case -1:
exit(1); //what else
case 0:
if (geteuid() == 0)
if (setuid(getuid()) != 0)
perror("setuid failed, calling kdialog/zenity as root");
fix_display();
#ifdef USE_KDIALOG
execlp("/usr/bin/kdialog", "kdialog", "--sorry", dialog_msg, NULL);

3
qubes-rpc/prepare-suspend
View File

@ -19,6 +19,9 @@ if [ x"$action" == x"suspend" ]; then
service NetworkManager stop
# Force interfaces down, just in case when NM didn't done it
for if in `ls /sys/class/net|grep -v "lo\|vif"`; do
if [ "`cat /sys/class/net/$if/device/devtype 2>/dev/null`" == "vif" ]; then
continue
fi
ip l s $if down
done
LOADED_MODULES=""

3
qubes-rpc/qubes.GetAppmenus
View File

@ -1 +1,2 @@
find /usr/share/applications/ /usr/local/share/applications/ -name '*.desktop' | xargs awk '/^\[/ { if (tolower($0) != "\[desktop entry\]") nextfile } /=/ {print FILENAME ":" $0 }' 2> /dev/null
find /usr/share/applications/ /usr/local/share/applications/ -name '*.desktop' | \
xargs awk '/^\[/ { if (tolower($0) != "\[desktop entry\]") nextfile } /^Exec=/ { print FILENAME ":Exec=qubes-desktop-run " FILENAME; next } /=/ {print FILENAME ":" $0 }' 2> /dev/null

11
qubes-rpc/qubes.SetDateTime Normal file
View File

@ -0,0 +1,11 @@
#!/bin/sh
# it is in format of `date -u -Iseconds`, example: 2014-09-29T22:59:21+0000
# it comes from dom0, so is trusted
read timestamp
timediff=$(( `date -u +'+%Y%m%d%H%M%S'` - `date -u -d "$timestamp" +'+%Y%m%d%H%M%S'` ))
if [ $timediff -le 2 -a $timediff -ge -2 ]; then
# don't bother
exit 0
fi
date -u -s "$timestamp"

28
rpm_spec/core-vm.spec
View File

@ -331,13 +331,12 @@ rm -f %{name}-%{version}
/etc/qubes-rpc/qubes.SelectFile
/etc/qubes-rpc/qubes.SelectDirectory
/etc/qubes-rpc/qubes.GetImageRGBA
/etc/qubes-rpc/qubes.SetDateTime
%config(noreplace) /etc/sudoers.d/qubes
%config(noreplace) /etc/sysconfig/iptables
%config(noreplace) /etc/sysconfig/ip6tables
/etc/sysconfig/modules/qubes-core.modules
/etc/sysconfig/modules/qubes-misc.modules
%config(noreplace) /etc/tinyproxy/filter-qubes-yum
%config(noreplace) /etc/tinyproxy/tinyproxy-qubes-yum.conf
%config(noreplace) /etc/tinyproxy/filter-updates
%config(noreplace) /etc/tinyproxy/tinyproxy-updates.conf
%config(noreplace) /etc/udev/rules.d/50-qubes-misc.rules
%config(noreplace) /etc/udev/rules.d/99-qubes-network.rules
/etc/xdg/autostart/00-qubes-show-hide-nm-applet.desktop
@ -347,6 +346,7 @@ rm -f %{name}-%{version}
%config(noreplace) /etc/yum.repos.d/qubes-r2.repo
/etc/yum/pluginconf.d/yum-qubes-hooks.conf
/etc/yum/post-actions/qubes-trigger-sync-appmenus.action
/usr/lib/systemd/system/user@.service.d/90-session-stop-timeout.conf
/usr/sbin/qubes-serial-login
/usr/bin/qvm-copy-to-vm
/usr/bin/qvm-move-to-vm
@ -355,6 +355,7 @@ rm -f %{name}-%{version}
/usr/bin/qvm-run
/usr/bin/qvm-mru-entry
/usr/bin/xenstore-watch-qubes
/usr/bin/qubes-desktop-run
%dir /usr/lib/qubes
/usr/lib/qubes/vusb-ctl.py*
/usr/lib/qubes/dispvm-prerun.sh
@ -382,7 +383,7 @@ rm -f %{name}-%{version}
/usr/lib/qubes/tar2qfile
/usr/lib/qubes/vm-file-editor
/usr/lib/qubes/wrap-in-html-if-url.sh
/usr/lib/qubes/iptables-yum-proxy
/usr/lib/qubes/iptables-updates-proxy
/usr/lib/qubes/close-window
/usr/lib/yum-plugins/yum-qubes-hooks.py*
/usr/sbin/qubes-firewall
@ -398,6 +399,7 @@ rm -f %{name}-%{version}
%dir /home_volatile
%attr(700,user,user) /home_volatile/user
%dir /mnt/removable
%dir /rw
%package sysvinit
Summary: Qubes unit files for SysV init style or upstart
@ -417,8 +419,10 @@ The Qubes core startup configuration for SysV init (or upstart).
/etc/init.d/qubes-core-netvm
/etc/init.d/qubes-firewall
/etc/init.d/qubes-netwatcher
/etc/init.d/qubes-yum-proxy
/etc/init.d/qubes-updates-proxy
/etc/init.d/qubes-qrexec-agent
/etc/sysconfig/modules/qubes-core.modules
/etc/sysconfig/modules/qubes-misc.modules
%post sysvinit
@ -452,8 +456,8 @@ chkconfig --add qubes-firewall || echo "WARNING: Cannot add service qubes-firewa
chkconfig qubes-firewall on || echo "WARNING: Cannot enable service qubes-firewall!"
chkconfig --add qubes-netwatcher || echo "WARNING: Cannot add service qubes-netwatcher!"
chkconfig qubes-netwatcher on || echo "WARNING: Cannot enable service qubes-netwatcher!"
chkconfig --add qubes-yum-proxy || echo "WARNING: Cannot add service qubes-yum-proxy!"
chkconfig qubes-yum-proxy on || echo "WARNING: Cannot enable service qubes-yum-proxy!"
chkconfig --add qubes-updates-proxy || echo "WARNING: Cannot add service qubes-updates-proxy!"
chkconfig qubes-updates-proxy on || echo "WARNING: Cannot enable service qubes-updates-proxy!"
chkconfig --add qubes-qrexec-agent || echo "WARNING: Cannot add service qubes-qrexec-agent!"
chkconfig qubes-qrexec-agent on || echo "WARNING: Cannot enable service qubes-qrexec-agent!"
@ -468,7 +472,7 @@ if [ "$1" = 0 ] ; then
chkconfig qubes-core-appvm off
chkconfig qubes-firewall off
chkconfig qubes-netwatcher off
chkconfig qubes-yum-proxy off
chkconfig qubes-updates-proxy off
chkconfig qubes-qrexec-agent off
fi
@ -497,8 +501,10 @@ The Qubes core startup configuration for SystemD init.
/lib/systemd/system/qubes-sysinit.service
/lib/systemd/system/qubes-update-check.service
/lib/systemd/system/qubes-update-check.timer
/lib/systemd/system/qubes-yum-proxy.service
/lib/systemd/system/qubes-updates-proxy.service
/lib/systemd/system/qubes-qrexec-agent.service
/lib/modules-load.d/qubes-core.conf
/lib/modules-load.d/qubes-misc.conf
%dir /usr/lib/qubes/init
/usr/lib/qubes/init/prepare-dvm.sh
/usr/lib/qubes/init/network-proxy-setup.sh
@ -522,7 +528,7 @@ The Qubes core startup configuration for SystemD init.
%post systemd
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-yum-proxy qubes-qrexec-agent; do
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-updates-proxy qubes-qrexec-agent; do
/bin/systemctl enable $srv.service 2> /dev/null
done

2
version
View File

@ -1 +1 @@
2.1.41
2.1.42

4
vm-init.d/qubes-core
View File

@ -28,7 +28,7 @@ start()
# because it makes some of the pre-created dotfiles invalid (e.g. .kde/cache-<hostname>)
# (let's be frank: nobody's gonna use xterm on DispVM)
hostname $name
sed -i "s/^\(127\.0\.0\.1 .*\) \($name \)\?\(.*\)/\1\2 $name/" /etc/hosts
sed -i "s/^\(127\.0\.0\.1[\t ].*\) \($name \)\?\(.*\)/\1\2 $name/" /etc/hosts
fi
timezone=`/usr/bin/xenstore-read qubes-timezone 2> /dev/null`
@ -38,7 +38,7 @@ start()
echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
fi
yum_proxy_setup=$(/usr/bin/xenstore-read qubes-service/yum-proxy-setup 2> /dev/null)
yum_proxy_setup=$(/usr/bin/xenstore-read qubes-service/yum-proxy-setup 2> /dev/null || /usr/bin/xenstore-read qubes-service/updates-proxy-setup 2>/dev/null )
type=$(/usr/bin/xenstore-read qubes-vm-type)
if [ "$yum_proxy_setup" != "0" ] || [ -z "$yum_proxy_setup" -a "$type" == "TemplateVM" ]; then
echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf

1
misc/qubes-core.modules → vm-init.d/qubes-core.modules
View File

@ -1,3 +1,4 @@
modprobe evtchn 2>/dev/null || modprobe xen-evtchn
modprobe xen-blkback 2> /dev/null || modprobe blkbk
modprobe xen-usbfront 2> /dev/null
modprobe u2mfn 2>/dev/null

0
misc/qubes-misc.modules → vm-init.d/qubes-misc.modules
View File

22
vm-init.d/qubes-yum-proxy → vm-init.d/qubes-updates-proxy
View File

@ -1,14 +1,14 @@
#!/bin/sh
#
# tinyproxy Startup script for the tinyproxy server as Qubes yum proxy
# tinyproxy Startup script for the tinyproxy server as Qubes updates proxy
#
# chkconfig: - 85 15
# description: small, efficient HTTP/SSL proxy daemon
#
# processname: tinyproxy
# config: /etc/tinyproxy/tinyproxy-qubes-yum.conf
# config: /etc/sysconfig/tinyproxy-qubes-yum
# pidfile: /var/run/tinyproxy/tinyproxy-qubes-yum.pid
# config: /etc/tinyproxy/tinyproxy-updates.conf
# config: /etc/sysconfig/tinyproxy-updates
# pidfile: /var/run/tinyproxy/tinyproxy-updates.pid
#
# Note: pidfile is created by tinyproxy in its config
# see PidFile in the configuration file.
@ -24,17 +24,17 @@
exec="/usr/sbin/tinyproxy"
prog=$(basename $exec)
config="/etc/tinyproxy/tinyproxy-qubes-yum.conf"
pidfile="/var/run/tinyproxy/tinyproxy-qubes-yum.pid"
config="/etc/tinyproxy/tinyproxy-updates.conf"
pidfile="/var/run/tinyproxy/tinyproxy-updates.pid"
[ -e /etc/sysconfig/tinyproxy-qubes-yum ] && . /etc/sysconfig/tinyproxy-qubes-yum
[ -e /etc/sysconfig/tinyproxy-updates ] && . /etc/sysconfig/tinyproxy-updates
lockfile=/var/lock/subsys/tinyproxy-qubes-yum
lockfile=/var/lock/subsys/tinyproxy-updates
start() {
type=`/usr/bin/xenstore-read qubes-vm-type`
start_yum_proxy=`/usr/bin/xenstore-read qubes-service/qubes-yum-proxy 2>/dev/null`
if [ -z "$start_yum_proxy" ] && [ "$type" != "NetVM" ] || [ "$start_yum_proxy" != "1" ]; then
start_updates_proxy=`/usr/bin/xenstore-read qubes-service/qubes-updates-proxy 2>/dev/null`
if [ -z "$start_updates_proxy" ] && [ "$type" != "NetVM" ] || [ "$start_updates_proxy" != "1" ]; then
# Yum proxy disabled
exit 0
fi
@ -45,7 +45,7 @@ start() {
/sbin/iptables -I INPUT -i vif+ -p tcp --dport 8082 -j ACCEPT
/sbin/iptables -t nat -A PR-QBS-SERVICES -i vif+ -d 10.137.255.254 -p tcp --dport 8082 -j REDIRECT
echo -n $"Starting $prog (as Qubes yum proxy): "
echo -n $"Starting $prog (as Qubes updates proxy): "
daemon $exec -c $config
retval=$?
echo

21
vm-systemd/misc-post.sh
View File

@ -1,15 +1,17 @@
#!/bin/sh
if [ -e /etc/debian_version ]; then
if [ -f /var/run/qubes-service/yum-proxy-setup ]; then
echo 'Acquire::http::proxy "http://10.137.255.254:8082/";' > /etc/apt/apt.conf.d/80qubes-proxy
else
echo > /etc/apt/apt.conf.d/80qubes-proxy
if [ -f /var/run/qubes-service/yum-proxy-setup -o -f /var/run/qubes-service/updates-proxy-setup ]; then
if [ -d /etc/apt/apt.conf.d ]; then
echo 'Acquire::http::Proxy "http://10.137.255.254:8082/";' >> /etc/apt/apt.conf.d/01qubes-proxy
fi
if [ -d /etc/yum.conf.d ]; then
echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
fi
else
if [ -f /var/run/qubes-service/yum-proxy-setup ]; then
echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
else
if [ -d /etc/apt/apt.conf.d ]; then
rm -f /etc/apt/apt.conf.d/01qubes-proxy
fi
if [ -d /etc/yum.conf.d ]; then
echo > /etc/yum.conf.d/qubes-proxy.conf
fi
fi
@ -22,6 +24,7 @@ INTERFACE=eth0 /usr/lib/qubes/setup-ip
if [ -e /dev/xvdb -a ! -e /etc/this-is-dvm ] ; then
resize2fs /dev/xvdb 2> /dev/null || echo "'resize2fs /dev/xvdb' failed"
tune2fs -m 0 /dev/xvdb
mount /rw
if ! [ -d /rw/home ] ; then
@ -59,7 +62,7 @@ fi
# Start AppVM specific services
if [ ! -f /etc/systemd/system/cups.service ]; then
if [ -f /var/run/qubes-service/cups ]; then
service cups start
/usr/sbin/service cups start
# Allow also notification icon
sed -i -e '/^NotShowIn=.*QUBES/s/;QUBES//' /etc/xdg/autostart/print-applet.desktop
else

4
vm-systemd/qubes-core.conf Normal file
View File

@ -0,0 +1,4 @@
xen-evtchn
xen-blkback
xen-usbfront
u2mfn

1
vm-systemd/qubes-misc.conf Normal file
View File

@ -0,0 +1 @@
dummy-hcd

1
vm-systemd/qubes-qrexec-agent.service
View File

@ -9,3 +9,4 @@ StandardOutput=syslog
[Install]
WantedBy=multi-user.target
Alias=qubes-core-agent.service

18
vm-systemd/qubes-sysinit.sh
View File

@ -1,14 +1,16 @@
#!/bin/bash
# List of services enabled by default (in case of absence of xenstore entry)
DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-yum-proxy"
DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy"
DEFAULT_ENABLED_PROXYVM="meminfo-writer qubes-network qubes-firewall qubes-netwatcher qubes-update-check"
DEFAULT_ENABLED_APPVM="meminfo-writer cups qubes-update-check"
DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM yum-proxy-setup"
DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup"
DEFAULT_ENABLED="meminfo-writer"
XS_READ=xenstore-read
XS_LS=xenstore-ls
XS_READ=/usr/bin/xenstore-read
[ -x /usr/sbin/xenstore-read ] && XS_READ=/usr/sbin/xenstore-read
XS_LS=/usr/bin/xenstore-ls
[ -x /usr/sbin/xenstore-read ] && XS_LS=/usr/sbin/xenstore-ls
read_service() {
$XS_READ qubes-service/$1 2> /dev/null
@ -38,10 +40,10 @@ chmod 666 /proc/u2mfn
# Set default services depending on VM type
TYPE=`$XS_READ qubes-vm-type 2> /dev/null`
[ "$TYPE" == "AppVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM
[ "$TYPE" == "NetVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_NETVM
[ "$TYPE" == "ProxyVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_PROXYVM
[ "$TYPE" == "TemplateVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_TEMPLATEVM
[ "$TYPE" = "AppVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM
[ "$TYPE" = "NetVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_NETVM
[ "$TYPE" = "ProxyVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_PROXYVM
[ "$TYPE" = "TemplateVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_TEMPLATEVM
# Enable default services
for srv in $DEFAULT_ENABLED; do

16
vm-systemd/qubes-updates-proxy.service Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=Qubes updates proxy (tinyproxy)
ConditionPathExists=|/var/run/qubes-service/qubes-yum-proxy
ConditionPathExists=|/var/run/qubes-service/qubes-updates-proxy
After=iptables.service
[Service]
ExecStartPre=/usr/bin/install -d --owner tinyproxy --group tinyproxy /var/run/tinyproxy
ExecStartPre=/usr/lib/qubes/iptables-updates-proxy start
ExecStart=/usr/sbin/tinyproxy -d -c /etc/tinyproxy/tinyproxy-updates.conf
ExecStopPost=/usr/lib/qubes/iptables-updates-proxy stop
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target

15
vm-systemd/qubes-yum-proxy.service
View File

@ -1,15 +0,0 @@
[Unit]
Description=Qubes yum proxy (tinyproxy)
ConditionPathExists=/var/run/qubes-service/qubes-yum-proxy
After=iptables.service
[Service]
ExecStartPre=/usr/bin/install -d --owner tinyproxy --group tinyproxy /var/run/tinyproxy
ExecStartPre=/usr/lib/qubes/iptables-yum-proxy start
ExecStart=/usr/sbin/tinyproxy -d -c /etc/tinyproxy/tinyproxy-qubes-yum.conf
ExecStopPost=/usr/lib/qubes/iptables-yum-proxy stop
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target