diff --git a/Makefile b/Makefile index 1ad0b26..6d94dde 100644 --- a/Makefile +++ b/Makefile @@ -13,14 +13,11 @@ help: @echo "make clean -- cleanup" rpms: - rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-commonvm.spec - rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-appvm.spec - rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-netvm.spec - rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-proxyvm.spec + rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm.spec rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec rpm --addsign \ $(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*.rpm \ - $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*.rpm + $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*.rpm rpms-vaio-fixes: rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0-vaio-fixes.spec @@ -31,7 +28,7 @@ update-repo-current: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current/dom0/rpm/ for vmrepo in ../yum/current-release/current/vm/* ; do \ dist=$$(basename $$vmrepo) ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ + ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ done update-repo-current-testing: @@ -39,7 +36,7 @@ update-repo-current-testing: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/ for vmrepo in ../yum/current-release/current-testing/vm/* ; do \ dist=$$(basename $$vmrepo) ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ + ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ done update-repo-unstable: @@ -47,17 +44,17 @@ update-repo-unstable: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/ for vmrepo in ../yum/current-release/unstable/vm/* ; do \ dist=$$(basename $$vmrepo) ;\ - ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ + ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\ done update-repo-installer: ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*fc13*.rpm ../installer/yum/qubes-dom0/rpm/ clean: - (cd appvm && make clean) - (cd dom0/restore && make clean) - (cd dom0/qmemman && make clean) - (cd common && make clean) - (cd u2mfn && make clean) + make -C dom0/qmemman clean + make -C dom0/restore clean + make -C misc clean + make -C network clean make -C qrexec clean + make -C u2mfn clean make -C vchan clean diff --git a/appvm/Makefile b/appvm/Makefile deleted file mode 100644 index 42bb636..0000000 --- a/appvm/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -CC=gcc -CFLAGS=-g -Wall -I../common -fPIC -pie -all: vm-file-editor qopen-in-vm qfile-agent qfile-unpacker -vm-file-editor: vm-file-editor.o ../common/ioall.o - $(CC) -pie -g -o $@ $^ -qopen-in-vm: qopen-in-vm.o ../common/ioall.o ../common/gui-fatal.o - $(CC) -pie -g -o $@ $^ -qfile-agent: qfile-agent.o ../common/ioall.o ../common/gui-fatal.o ../common/copy_file.o ../common/crc32.o - $(CC) -pie -g -o $@ $^ -qfile-unpacker: qfile-unpacker.o ../common/ioall.o ../common/gui-fatal.o ../common/copy_file.o ../common/unpack.o ../common/crc32.o - $(CC) -pie -g -o $@ $^ - -clean: - rm -f qopen-in-vm qfile-agent qfile-unpacker vm-file-editor *.o *~ diff --git a/appvm/iptables b/appvm/iptables deleted file mode 100644 index 77ad30c..0000000 --- a/appvm/iptables +++ /dev/null @@ -1,12 +0,0 @@ -# Firewall configuration written by system-config-firewall -# Manual customization of this file is not recommended. -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT --A INPUT -p icmp -j ACCEPT --A INPUT -i lo -j ACCEPT --A INPUT -j REJECT --reject-with icmp-host-prohibited --A FORWARD -j REJECT --reject-with icmp-host-prohibited -COMMIT diff --git a/appvm/qubes_timestamp b/appvm/qubes_timestamp deleted file mode 100755 index fc3d8d7..0000000 --- a/appvm/qubes_timestamp +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -exec xenstore-write device/qubes_timestamp $(date +%s.%N) diff --git a/common/.gitignore b/misc/.gitignore similarity index 100% rename from common/.gitignore rename to misc/.gitignore diff --git a/common/Makefile b/misc/Makefile similarity index 100% rename from common/Makefile rename to misc/Makefile diff --git a/common/RPM-GPG-KEY-qubes-1-primary b/misc/RPM-GPG-KEY-qubes-1-primary similarity index 100% rename from common/RPM-GPG-KEY-qubes-1-primary rename to misc/RPM-GPG-KEY-qubes-1-primary diff --git a/common/block-snapshot b/misc/block-snapshot similarity index 100% rename from common/block-snapshot rename to misc/block-snapshot diff --git a/common/block_add_change b/misc/block_add_change similarity index 100% rename from common/block_add_change rename to misc/block_add_change diff --git a/common/block_cleanup b/misc/block_cleanup similarity index 100% rename from common/block_cleanup rename to misc/block_cleanup diff --git a/common/block_remove b/misc/block_remove similarity index 100% rename from common/block_remove rename to misc/block_remove diff --git a/common/fstab b/misc/fstab similarity index 100% rename from common/fstab rename to misc/fstab diff --git a/common/meminfo-writer.c b/misc/meminfo-writer.c similarity index 100% rename from common/meminfo-writer.c rename to misc/meminfo-writer.c diff --git a/misc/org.gnome.settings-daemon.plugins.updates.gschema.override b/misc/org.gnome.settings-daemon.plugins.updates.gschema.override new file mode 100644 index 0000000..da283e1 --- /dev/null +++ b/misc/org.gnome.settings-daemon.plugins.updates.gschema.override @@ -0,0 +1,2 @@ +[org.gnome.settings-daemon.plugins.updates] +auto-update-type='none' diff --git a/common/qubes.repo b/misc/qubes.repo similarity index 100% rename from common/qubes.repo rename to misc/qubes.repo diff --git a/appvm/qubes.sudoers b/misc/qubes.sudoers similarity index 100% rename from appvm/qubes.sudoers rename to misc/qubes.sudoers diff --git a/common/qubes_block.rules b/misc/qubes_block.rules similarity index 100% rename from common/qubes_block.rules rename to misc/qubes_block.rules diff --git a/common/qubes_core.modules b/misc/qubes_core.modules similarity index 100% rename from common/qubes_core.modules rename to misc/qubes_core.modules diff --git a/common/qubes_download_dom0_updates.sh b/misc/qubes_download_dom0_updates.sh similarity index 100% rename from common/qubes_download_dom0_updates.sh rename to misc/qubes_download_dom0_updates.sh diff --git a/common/qubes_memory.rules b/misc/qubes_memory.rules similarity index 100% rename from common/qubes_memory.rules rename to misc/qubes_memory.rules diff --git a/common/qubes_serial_login b/misc/qubes_serial_login similarity index 100% rename from common/qubes_serial_login rename to misc/qubes_serial_login diff --git a/common/qubes_trigger_sync_appmenus.action b/misc/qubes_trigger_sync_appmenus.action similarity index 100% rename from common/qubes_trigger_sync_appmenus.action rename to misc/qubes_trigger_sync_appmenus.action diff --git a/common/qubes_trigger_sync_appmenus.sh b/misc/qubes_trigger_sync_appmenus.sh similarity index 100% rename from common/qubes_trigger_sync_appmenus.sh rename to misc/qubes_trigger_sync_appmenus.sh diff --git a/common/serial.conf b/misc/serial.conf similarity index 100% rename from common/serial.conf rename to misc/serial.conf diff --git a/common/xenstore-watch.c b/misc/xenstore-watch.c similarity index 100% rename from common/xenstore-watch.c rename to misc/xenstore-watch.c diff --git a/appvm/xorg-preload-apps.conf b/misc/xorg-preload-apps.conf similarity index 100% rename from appvm/xorg-preload-apps.conf rename to misc/xorg-preload-apps.conf diff --git a/netvm/fstab b/netvm/fstab deleted file mode 100644 index 403b0d5..0000000 --- a/netvm/fstab +++ /dev/null @@ -1,14 +0,0 @@ - -# -# /etc/fstab -# Created by anaconda on Thu Dec 3 11:26:49 2009 -# -# Accessible filesystems, by reference, are maintained under '/dev/disk' -# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info -# -/dev/mapper/dmroot / ext4 defaults,noatime 1 1 -/dev/mapper/dmswap swap swap defaults 0 0 -tmpfs /dev/shm tmpfs defaults 0 0 -devpts /dev/pts devpts gid=5,mode=620 0 0 -sysfs /sys sysfs defaults 0 0 -proc /proc proc defaults 0 0 diff --git a/netvm/30-qubes_external_ip b/network/30-qubes_external_ip similarity index 100% rename from netvm/30-qubes_external_ip rename to network/30-qubes_external_ip diff --git a/common/iptables b/network/iptables similarity index 96% rename from common/iptables rename to network/iptables index b80c19a..6e6e6d8 100644 --- a/common/iptables +++ b/network/iptables @@ -6,6 +6,7 @@ :PR-QBS - [0:0] -A PREROUTING -j PR-QBS -A POSTROUTING -o vif+ -j ACCEPT +-A POSTROUTING -o lo -j ACCEPT -A POSTROUTING -j MASQUERADE COMMIT # Completed on Mon Sep 6 08:57:46 2010 diff --git a/netvm/qubes.repo b/network/qubes.repo similarity index 100% rename from netvm/qubes.repo rename to network/qubes.repo diff --git a/proxyvm/bin/qubes_firewall b/network/qubes_firewall similarity index 100% rename from proxyvm/bin/qubes_firewall rename to network/qubes_firewall diff --git a/common/qubes_fix_nm_conf.sh b/network/qubes_fix_nm_conf.sh similarity index 100% rename from common/qubes_fix_nm_conf.sh rename to network/qubes_fix_nm_conf.sh diff --git a/proxyvm/bin/qubes_netwatcher b/network/qubes_netwatcher similarity index 100% rename from proxyvm/bin/qubes_netwatcher rename to network/qubes_netwatcher diff --git a/common/qubes_network.rules b/network/qubes_network.rules similarity index 100% rename from common/qubes_network.rules rename to network/qubes_network.rules diff --git a/common/qubes_nmhook b/network/qubes_nmhook similarity index 100% rename from common/qubes_nmhook rename to network/qubes_nmhook diff --git a/common/qubes_setup_dnat_to_ns b/network/qubes_setup_dnat_to_ns similarity index 100% rename from common/qubes_setup_dnat_to_ns rename to network/qubes_setup_dnat_to_ns diff --git a/common/setup_ip b/network/setup_ip similarity index 100% rename from common/setup_ip rename to network/setup_ip diff --git a/common/vif-route-qubes b/network/vif-route-qubes similarity index 100% rename from common/vif-route-qubes rename to network/vif-route-qubes diff --git a/appvm/.gitignore b/qubes_rpc/.gitignore similarity index 100% rename from appvm/.gitignore rename to qubes_rpc/.gitignore diff --git a/qubes_rpc/Makefile b/qubes_rpc/Makefile new file mode 100644 index 0000000..a592d1c --- /dev/null +++ b/qubes_rpc/Makefile @@ -0,0 +1,14 @@ +CC=gcc +CFLAGS=-g -Wall -I. -fPIC -pie +all: vm-file-editor qopen-in-vm qfile-agent qfile-unpacker +vm-file-editor: vm-file-editor.o ioall.o + $(CC) -pie -g -o $@ $^ +qopen-in-vm: qopen-in-vm.o ioall.o gui-fatal.o + $(CC) -pie -g -o $@ $^ +qfile-agent: qfile-agent.o ioall.o gui-fatal.o copy_file.o crc32.o + $(CC) -pie -g -o $@ $^ +qfile-unpacker: qfile-unpacker.o ioall.o gui-fatal.o copy_file.o unpack.o crc32.o + $(CC) -pie -g -o $@ $^ + +clean: + rm -f qopen-in-vm qfile-agent qfile-unpacker vm-file-editor *.o *~ diff --git a/common/copy_file.c b/qubes_rpc/copy_file.c similarity index 100% rename from common/copy_file.c rename to qubes_rpc/copy_file.c diff --git a/common/crc32.c b/qubes_rpc/crc32.c similarity index 100% rename from common/crc32.c rename to qubes_rpc/crc32.c diff --git a/common/crc32.h b/qubes_rpc/crc32.h similarity index 100% rename from common/crc32.h rename to qubes_rpc/crc32.h diff --git a/appvm/dvm2.h b/qubes_rpc/dvm2.h similarity index 100% rename from appvm/dvm2.h rename to qubes_rpc/dvm2.h diff --git a/common/filecopy.h b/qubes_rpc/filecopy.h similarity index 100% rename from common/filecopy.h rename to qubes_rpc/filecopy.h diff --git a/common/gui-fatal.c b/qubes_rpc/gui-fatal.c similarity index 100% rename from common/gui-fatal.c rename to qubes_rpc/gui-fatal.c diff --git a/common/gui-fatal.h b/qubes_rpc/gui-fatal.h similarity index 100% rename from common/gui-fatal.h rename to qubes_rpc/gui-fatal.h diff --git a/common/ioall.c b/qubes_rpc/ioall.c similarity index 100% rename from common/ioall.c rename to qubes_rpc/ioall.c diff --git a/common/ioall.h b/qubes_rpc/ioall.h similarity index 100% rename from common/ioall.h rename to qubes_rpc/ioall.h diff --git a/appvm/qfile-agent.c b/qubes_rpc/qfile-agent.c similarity index 100% rename from appvm/qfile-agent.c rename to qubes_rpc/qfile-agent.c diff --git a/appvm/qfile-unpacker.c b/qubes_rpc/qfile-unpacker.c similarity index 100% rename from appvm/qfile-unpacker.c rename to qubes_rpc/qfile-unpacker.c diff --git a/appvm/qopen-in-vm.c b/qubes_rpc/qopen-in-vm.c similarity index 100% rename from appvm/qopen-in-vm.c rename to qubes_rpc/qopen-in-vm.c diff --git a/appvm/qrun-in-vm b/qubes_rpc/qrun-in-vm similarity index 100% rename from appvm/qrun-in-vm rename to qubes_rpc/qrun-in-vm diff --git a/appvm/qubes.Filecopy b/qubes_rpc/qubes.Filecopy similarity index 100% rename from appvm/qubes.Filecopy rename to qubes_rpc/qubes.Filecopy diff --git a/appvm/qubes.Filecopy.policy b/qubes_rpc/qubes.Filecopy.policy similarity index 100% rename from appvm/qubes.Filecopy.policy rename to qubes_rpc/qubes.Filecopy.policy diff --git a/appvm/qubes.OpenInVM b/qubes_rpc/qubes.OpenInVM similarity index 100% rename from appvm/qubes.OpenInVM rename to qubes_rpc/qubes.OpenInVM diff --git a/appvm/qubes.OpenInVM.policy b/qubes_rpc/qubes.OpenInVM.policy similarity index 100% rename from appvm/qubes.OpenInVM.policy rename to qubes_rpc/qubes.OpenInVM.policy diff --git a/appvm/qubes.VMShell b/qubes_rpc/qubes.VMShell similarity index 100% rename from appvm/qubes.VMShell rename to qubes_rpc/qubes.VMShell diff --git a/appvm/qubes.VMShell.policy b/qubes_rpc/qubes.VMShell.policy similarity index 100% rename from appvm/qubes.VMShell.policy rename to qubes_rpc/qubes.VMShell.policy diff --git a/appvm/qvm-copy-to-vm b/qubes_rpc/qvm-copy-to-vm similarity index 100% rename from appvm/qvm-copy-to-vm rename to qubes_rpc/qvm-copy-to-vm diff --git a/appvm/qvm-copy-to-vm.gnome b/qubes_rpc/qvm-copy-to-vm.gnome similarity index 100% rename from appvm/qvm-copy-to-vm.gnome rename to qubes_rpc/qvm-copy-to-vm.gnome diff --git a/appvm/qvm-copy-to-vm.kde b/qubes_rpc/qvm-copy-to-vm.kde similarity index 100% rename from appvm/qvm-copy-to-vm.kde rename to qubes_rpc/qvm-copy-to-vm.kde diff --git a/appvm/qvm-copy.desktop b/qubes_rpc/qvm-copy.desktop similarity index 100% rename from appvm/qvm-copy.desktop rename to qubes_rpc/qvm-copy.desktop diff --git a/appvm/qvm-dvm.desktop b/qubes_rpc/qvm-dvm.desktop similarity index 100% rename from appvm/qvm-dvm.desktop rename to qubes_rpc/qvm-dvm.desktop diff --git a/appvm/qvm-open-in-dvm b/qubes_rpc/qvm-open-in-dvm similarity index 100% rename from appvm/qvm-open-in-dvm rename to qubes_rpc/qvm-open-in-dvm diff --git a/appvm/qvm-open-in-vm b/qubes_rpc/qvm-open-in-vm similarity index 100% rename from appvm/qvm-open-in-vm rename to qubes_rpc/qvm-open-in-vm diff --git a/appvm/qvm-run b/qubes_rpc/qvm-run similarity index 100% rename from appvm/qvm-run rename to qubes_rpc/qvm-run diff --git a/common/unpack.c b/qubes_rpc/unpack.c similarity index 100% rename from common/unpack.c rename to qubes_rpc/unpack.c diff --git a/appvm/vm-file-editor.c b/qubes_rpc/vm-file-editor.c similarity index 93% rename from appvm/vm-file-editor.c rename to qubes_rpc/vm-file-editor.c index 533c363..6cea77c 100644 --- a/appvm/vm-file-editor.c +++ b/qubes_rpc/vm-file-editor.c @@ -12,12 +12,18 @@ char *get_filename() { char buf[DVM_FILENAME_SIZE]; static char retname[sizeof(buf) + sizeof("/tmp/")]; + int i; if (!read_all(0, buf, sizeof(buf))) exit(1); if (index(buf, '/')) { fprintf(stderr, "filename contains /"); exit(1); } + for (i=0; i < DVM_FILENAME_SIZE && buf[i]!=0; i++) { + // replace some characters with _ (eg mimeopen have problems with some of them) + if (index(" !?\"#$%^&*()[]<>;`~", buf[i])) + buf[i]='_'; + } snprintf(retname, sizeof(retname), "/tmp/%s", buf); return retname; } diff --git a/appvm/vm-shell b/qubes_rpc/vm-shell similarity index 100% rename from appvm/vm-shell rename to qubes_rpc/vm-shell diff --git a/appvm/wrap_in_html_if_url.sh b/qubes_rpc/wrap_in_html_if_url.sh similarity index 100% rename from appvm/wrap_in_html_if_url.sh rename to qubes_rpc/wrap_in_html_if_url.sh diff --git a/rpm_spec/core-appvm.spec b/rpm_spec/core-appvm.spec deleted file mode 100644 index 4fbfbed..0000000 --- a/rpm_spec/core-appvm.spec +++ /dev/null @@ -1,201 +0,0 @@ -# -# The Qubes OS Project, http://www.qubes-os.org -# -# Copyright (C) 2010 Joanna Rutkowska -# Copyright (C) 2010 Rafal Wojtczuk -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# - -%{!?version: %define version %(cat version_vm)} - -Name: qubes-core-appvm -Version: %{version} -Release: 1%{dist} -Summary: The Qubes core files for AppVM - -Group: Qubes -Vendor: Invisible Things Lab -License: GPL -URL: http://www.qubes-os.org -Requires: /usr/bin/xenstore-read -Requires: fedora-release -Requires: /usr/bin/mimeopen -Requires: qubes-core-commonvm -BuildRequires: gcc -BuildRequires: xen-devel -Provides: qubes-core-vm - -%define _builddir %(pwd)/appvm - -%define kde_service_dir /usr/share/kde4/services/ServiceMenus - -%description -The Qubes core files for installation inside a Qubes AppVM. - -%pre - -if [ "$1" != 1 ] ; then -# do this whole %pre thing only when updating for the first time... -exit 0 -fi - -adduser --create-home user -su user -c 'mkdir -p /home/user/.local/share' -su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts' -su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"' -su user -c 'ln -s /usr/bin/qvm-open-in-dvm /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"' -su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created' -su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created2' - - -mkdir -p $RPM_BUILD_ROOT/var/lib/qubes - -%build -make clean all -make -C ../common -make -C ../u2mfn -make -C ../vchan -make -C ../qrexec - -%install - -mkdir -p $RPM_BUILD_ROOT/etc/init.d -cp qubes_core_appvm $RPM_BUILD_ROOT/etc/init.d/ -mkdir -p $RPM_BUILD_ROOT/var/lib/qubes -mkdir -p $RPM_BUILD_ROOT/usr/bin -cp qubes_timestamp qvm-open-in-dvm $RPM_BUILD_ROOT/usr/bin -cp qvm-open-in-vm $RPM_BUILD_ROOT/usr/bin -cp qvm-copy-to-vm $RPM_BUILD_ROOT/usr/bin -cp qvm-run $RPM_BUILD_ROOT/usr/bin -mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes -cp wrap_in_html_if_url.sh $RPM_BUILD_ROOT/usr/lib/qubes -cp qvm-copy-to-vm.kde $RPM_BUILD_ROOT/usr/lib/qubes -cp qvm-copy-to-vm.gnome $RPM_BUILD_ROOT/usr/lib/qubes -cp ../qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes -cp ../qrexec/qrexec_client_vm $RPM_BUILD_ROOT/usr/lib/qubes -cp ../qrexec/qubes_rpc_multiplexer $RPM_BUILD_ROOT/usr/lib/qubes -cp vm-file-editor qfile-agent qopen-in-vm qfile-unpacker $RPM_BUILD_ROOT/usr/lib/qubes -cp vm-shell qrun-in-vm $RPM_BUILD_ROOT/usr/lib/qubes -cp ../common/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes -mkdir -p $RPM_BUILD_ROOT/%{kde_service_dir} -cp qvm-copy.desktop qvm-dvm.desktop $RPM_BUILD_ROOT/%{kde_service_dir} -mkdir -p $RPM_BUILD_ROOT/mnt/removable -mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc -cp qubes.Filecopy $RPM_BUILD_ROOT/etc/qubes_rpc -cp qubes.OpenInVM $RPM_BUILD_ROOT/etc/qubes_rpc -cp qubes.VMShell $RPM_BUILD_ROOT/etc/qubes_rpc -mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates - -mkdir -p $RPM_BUILD_ROOT/etc/X11 -cp xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11 - -mkdir -p $RPM_BUILD_ROOT/home_volatile/user - -install -D ../vchan/libvchan.h $RPM_BUILD_ROOT/usr/include/libvchan.h -install -D ../u2mfn/u2mfnlib.h $RPM_BUILD_ROOT/usr/include/u2mfnlib.h -install -D ../u2mfn/u2mfn-kernel.h $RPM_BUILD_ROOT/usr/include/u2mfn-kernel.h - -install -D ../vchan/libvchan.so $RPM_BUILD_ROOT/%{_libdir}/libvchan.so -install -D ../u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so - -install -d $RPM_BUILD_ROOT/etc/sudoers.d -install -m 0440 qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes - -mkdir -p $RPM_BUILD_ROOT/var/run/qubes - -%triggerin -- initscripts -cp /var/lib/qubes/serial.conf /etc/init/serial.conf - -%post - -chkconfig --add qubes_core_appvm || echo "WARNING: Cannot add service qubes_core!" -chkconfig qubes_core_appvm on || echo "WARNING: Cannot enable service qubes_core!" - -if [ "$1" != 1 ] ; then -# do this whole %post thing only when updating for the first time... -exit 0 -fi - -usermod -L user - -%preun -if [ "$1" = 0 ] ; then - # no more packages left - chkconfig qubes_core_appvm off -fi - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(-,root,root,-) -/etc/init.d/qubes_core_appvm -/usr/bin/qvm-copy-to-vm -/usr/lib/qubes/qvm-copy-to-vm.kde -/usr/lib/qubes/qvm-copy-to-vm.gnome -/usr/bin/qvm-open-in-dvm -/usr/bin/qvm-open-in-vm -/usr/bin/qvm-run -/usr/lib/qubes/meminfo-writer -/usr/lib/qubes/vm-file-editor -%{kde_service_dir}/qvm-copy.desktop -%{kde_service_dir}/qvm-dvm.desktop -/usr/lib/qubes/qrexec_agent -/usr/lib/qubes/qrexec_client_vm -/usr/lib/qubes/qubes_rpc_multiplexer -/usr/lib/qubes/qfile-agent -/usr/lib/qubes/qopen-in-vm -/usr/lib/qubes/qfile-unpacker -/usr/lib/qubes/vm-shell -/usr/lib/qubes/qrun-in-vm -/usr/lib/qubes/wrap_in_html_if_url.sh -%dir /mnt/removable -%dir /etc/qubes_rpc -/etc/qubes_rpc/qubes.Filecopy -/etc/qubes_rpc/qubes.OpenInVM -/etc/qubes_rpc/qubes.VMShell -/usr/bin/qubes_timestamp -%dir /home_volatile -%attr(700,user,user) /home_volatile/user -/etc/X11/xorg-preload-apps.conf -%dir /var/run/qubes -%dir %attr(0775,user,user) /var/lib/qubes/dom0-updates -/etc/sudoers.d/qubes - -%package devel -Summary: Include files for qubes core libraries -License: GPL v2 only -Group: Development/Sources - -%description devel - -%files devel -/usr/include/libvchan.h -/usr/include/u2mfnlib.h -/usr/include/u2mfn-kernel.h - -%package libs -Summary: Qubes core libraries -License: GPL v2 only -Group: Development/Sources - -%description libs - -%files libs -%{_libdir}/libvchan.so -%{_libdir}/libu2mfn.so - diff --git a/rpm_spec/core-commonvm.spec b/rpm_spec/core-commonvm.spec deleted file mode 100644 index b6d51ac..0000000 --- a/rpm_spec/core-commonvm.spec +++ /dev/null @@ -1,266 +0,0 @@ -# -# The Qubes OS Project, http://www.qubes-os.org -# -# Copyright (C) 2010 Joanna Rutkowska -# Copyright (C) 2010 Rafal Wojtczuk -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# - -%{!?version: %define version %(cat version_vm)} - -Name: qubes-core-commonvm -Version: %{version} -Release: 1%{dist} -Summary: The Qubes core files for any VM - -Group: Qubes -Vendor: Invisible Things Lab -License: GPL -URL: http://www.qubes-os.org -Requires: /usr/bin/xenstore-read -Requires: fedora-release -Requires: yum-plugin-post-transaction-actions -BuildRequires: xen-devel - -%define _builddir %(pwd)/common - -%description -The Qubes core files for installation inside a Qubes VM. - -%build -make - -%pre - -if [ "$1" != 1 ] ; then -# do this whole %pre thing only when updating for the first time... -exit 0 -fi - -mkdir -p $RPM_BUILD_ROOT/var/lib/qubes -if [ -e $RPM_BUILD_ROOT/etc/fstab ] ; then -mv $RPM_BUILD_ROOT/etc/fstab $RPM_BUILD_ROOT/var/lib/qubes/fstab.orig -fi - -%install - -mkdir -p $RPM_BUILD_ROOT/etc -cp fstab $RPM_BUILD_ROOT/etc/fstab -mkdir -p $RPM_BUILD_ROOT/etc/init.d -cp qubes_core $RPM_BUILD_ROOT/etc/init.d/ -mkdir -p $RPM_BUILD_ROOT/var/lib/qubes -mkdir -p $RPM_BUILD_ROOT/etc/sysconfig -cp iptables $RPM_BUILD_ROOT/etc/sysconfig/ -mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d -cp qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d -install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-gpg -install -m 644 RPM-GPG-KEY-qubes* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/ -mkdir -p $RPM_BUILD_ROOT/sbin -cp qubes_serial_login $RPM_BUILD_ROOT/sbin -mkdir -p $RPM_BUILD_ROOT/usr/bin -cp xenstore-watch $RPM_BUILD_ROOT/usr/bin/xenstore-watch-qubes -mkdir -p $RPM_BUILD_ROOT/etc -cp serial.conf $RPM_BUILD_ROOT/var/lib/qubes/ -mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d -cp qubes_network.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_network.rules -cp qubes_memory.rules $RPM_BUILD_ROOT/etc/udev/rules.d/50-qubes_memory.rules -cp qubes_block.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_block.rules -mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes/ -cp setup_ip $RPM_BUILD_ROOT/usr/lib/qubes/ -cp qubes_download_dom0_updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/ -cp block_add_change $RPM_BUILD_ROOT/usr/lib/qubes/ -cp block_remove $RPM_BUILD_ROOT/usr/lib/qubes/ -cp block_cleanup $RPM_BUILD_ROOT/usr/lib/qubes/ -mkdir -p $RPM_BUILD_ROOT/etc/yum/post-actions -cp qubes_trigger_sync_appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/ -mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes -cp qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/ - -install -D qubes_core.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes_core.modules - -mkdir -p $RPM_BUILD_ROOT/lib/firmware -ln -s /lib/modules/firmware $RPM_BUILD_ROOT/lib/firmware/updates - -%triggerin -- initscripts -cp /var/lib/qubes/serial.conf /etc/init/serial.conf - -%post - -# disable some Upstart services -for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do - if [ -e /etc/init/$F.conf ]; then - mv -f /etc/init/$F.conf /etc/init/$F.conf.disabled - fi -done - -remove_ShowIn () { - if [ -e /etc/xdg/autostart/$1.desktop ]; then - sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop - fi -} - -# don't want it at all -for F in abrt-applet deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto ; do - if [ -e /etc/xdg/autostart/$F.desktop ]; then - remove_ShowIn $F - echo 'NotShowIn=QUBES' >> /etc/xdg/autostart/$F.desktop - fi -done - -# don't want it in DisposableVM -for F in gcm-apply ; do - if [ -e /etc/xdg/autostart/$F.desktop ]; then - remove_ShowIn $F - echo 'NotShowIn=DisposableVM' >> /etc/xdg/autostart/$F.desktop - fi -done - -# want it in AppVM only -for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do - if [ -e /etc/xdg/autostart/$F.desktop ]; then - remove_ShowIn $F - echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop - fi -done - -# remove existing rule to add own later -for F in gpk-update-icon nm-applet ; do - remove_ShowIn $F -done - -echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || : -echo 'OnlyShowIn=GNOME;NetVM;' >> /etc/xdg/autostart/nm-applet.desktop || : - -usermod -p '' root - -# Prevent unnecessary updates in VMs: -sed -i -e '/^exclude = kernel/d' /etc/yum.conf -echo 'exclude = kernel, xorg-x11-drv-*, xorg-x11-drivers, xorg-x11-server-*' >> /etc/yum.conf - -if [ "$1" != 1 ] ; then -# do this whole %post thing only when updating for the first time... -exit 0 -fi - -if ! [ -f /var/lib/qubes/serial.orig ] ; then - cp /etc/init/serial.conf /var/lib/qubes/serial.orig -fi - -#echo "--> Disabling SELinux..." -sed -e s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config.processed -mv /etc/selinux/config.processed /etc/selinux/config -setenforce 0 2>/dev/null - -#echo "--> Turning off unnecessary services..." -# FIXME: perhaps there is more elegant way to do this? -for f in /etc/init.d/* -do - srv=`basename $f` - [ $srv = 'functions' ] && continue - [ $srv = 'killall' ] && continue - [ $srv = 'halt' ] && continue - [ $srv = 'single' ] && continue - [ $srv = 'reboot' ] && continue - [ $srv = 'qubes_gui' ] && continue - chkconfig $srv off -done - -[ -x /bin/systemctl ] && /bin/systemctl disable NetworkManager.service -[ -x /bin/systemctl ] && /bin/systemctl disable crond.service - -#echo "--> Enabling essential services..." -chkconfig rsyslog on -chkconfig haldaemon on -chkconfig messagebus on -chkconfig iptables on -chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!" -chkconfig qubes_core on || echo "WARNING: Cannot enable service qubes_core!" - - -# TODO: make this not display the silly message about security context... -sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab - -# Remove most of the udev scripts to speed up the VM boot time -# Just leave the xen* scripts, that are needed if this VM was -# ever used as a net backend (e.g. as a VPN domain in the future) -#echo "--> Removing unnecessary udev scripts..." -mkdir -p /var/lib/qubes/removed-udev-scripts -for f in /etc/udev/rules.d/* -do - if [ $(basename $f) == "xen-backend.rules" ] ; then - continue - fi - - if [ $(basename $f) == "xend.rules" ] ; then - continue - fi - - if [ $(basename $f) == "99-qubes_network.rules" ] ; then - continue - fi - - if [ $(basename $f) == "99-qubes_block.rules" ] ; then - continue - fi - - if [ $(basename $f) == "90-hal.rules" ] ; then - continue - fi - - - mv $f /var/lib/qubes/removed-udev-scripts/ -done -mkdir -p /rw -#rm -f /etc/mtab -#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0" -#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig -#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0 - -%preun -if [ "$1" = 0 ] ; then - # no more packages left - chkconfig qubes_core off - mv /var/lib/qubes/fstab.orig /etc/fstab - mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/ - mv /var/lib/qubes/serial.orig /etc/init/serial.conf -fi - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(-,root,root,-) -/etc/fstab -/etc/init.d/qubes_core -/etc/sysconfig/iptables -/var/lib/qubes -/etc/yum.repos.d/qubes.repo -/etc/pki/rpm-gpg/RPM-GPG-KEY-qubes* -/sbin/qubes_serial_login -/usr/bin/xenstore-watch-qubes -/etc/udev/rules.d/99-qubes_network.rules -/etc/udev/rules.d/50-qubes_memory.rules -/etc/udev/rules.d/99-qubes_block.rules -/etc/sysconfig/modules/qubes_core.modules -/usr/lib/qubes/setup_ip -/etc/yum/post-actions/qubes_trigger_sync_appmenus.action -/usr/lib/qubes/qubes_trigger_sync_appmenus.sh -/usr/lib/qubes/qubes_download_dom0_updates.sh -/usr/lib/qubes/block_add_change -/usr/lib/qubes/block_remove -/usr/lib/qubes/block_cleanup -/lib/firmware/updates diff --git a/rpm_spec/core-netvm.spec b/rpm_spec/core-netvm.spec deleted file mode 100644 index a4c966b..0000000 --- a/rpm_spec/core-netvm.spec +++ /dev/null @@ -1,102 +0,0 @@ -# -# The Qubes OS Project, http://www.qubes-os.org -# -# Copyright (C) 2010 Joanna Rutkowska -# Copyright (C) 2010 Rafal Wojtczuk -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# - -%{!?version: %define version %(cat version_vm)} - -Name: qubes-core-netvm -Version: %{version} -Release: 1%{dist} -Summary: The Qubes core files for NetVM - -Group: Qubes -Vendor: Invisible Things Lab -License: GPL -URL: http://www.qubes-os.org -Requires: /usr/bin/xenstore-read -Requires: fedora-release -Requires: NetworkManager >= 0.8.1-1 -Requires: qubes-core-commonvm -Provides: qubes-core-vm - -%define _builddir %(pwd)/netvm - -%description -The Qubes core files for installation inside a Qubes NetVM. - -%pre - -%build -make -C ../vchan -make -C ../u2mfn - -%install - -mkdir -p $RPM_BUILD_ROOT/etc -mkdir -p $RPM_BUILD_ROOT/etc/init.d -cp qubes_core_netvm $RPM_BUILD_ROOT/etc/init.d/ -mkdir -p $RPM_BUILD_ROOT/var/lib/qubes -mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes -cp ../common/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/usr/lib/qubes -cp ../common/qubes_fix_nm_conf.sh $RPM_BUILD_ROOT/usr/lib/qubes -mkdir -p $RPM_BUILD_ROOT/etc/dhclient.d -ln -s /usr/lib/qubes/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/etc/dhclient.d/qubes_setup_dnat_to_ns.sh -mkdir -p $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ -cp ../common/qubes_nmhook $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ -cp ../netvm/30-qubes_external_ip $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ -mkdir -p $RPM_BUILD_ROOT/var/run/qubes -mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts -cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts - -%post - -# Create NetworkManager configuration if we do not have it -if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then -echo '[main]' > /etc/NetworkManager/NetworkManager.conf -echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf -echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf -fi -/usr/lib/qubes/qubes_fix_nm_conf.sh - -chkconfig --add qubes_core_netvm || echo "WARNING: Cannot add service qubes_core!" -chkconfig qubes_core_netvm on || echo "WARNING: Cannot enable service qubes_core!" - -# Remove ip_forward setting from sysctl, so NM will not reset it -sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf - -%preun -if [ "$1" = 0 ] ; then - # no more packages left - chkconfig qubes_core_netvm off -fi - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(-,root,root,-) -/etc/init.d/qubes_core_netvm -/usr/lib/qubes/qubes_setup_dnat_to_ns -/usr/lib/qubes/qubes_fix_nm_conf.sh -/etc/dhclient.d/qubes_setup_dnat_to_ns.sh -/etc/NetworkManager/dispatcher.d/qubes_nmhook -/etc/NetworkManager/dispatcher.d/30-qubes_external_ip -/etc/xen/scripts/vif-route-qubes diff --git a/rpm_spec/core-proxyvm.spec b/rpm_spec/core-proxyvm.spec deleted file mode 100644 index c83bd6a..0000000 --- a/rpm_spec/core-proxyvm.spec +++ /dev/null @@ -1,80 +0,0 @@ -# -# The Qubes OS Project, http://www.qubes-os.org -# -# Copyright (C) 2010 Joanna Rutkowska -# Copyright (C) 2010 Rafal Wojtczuk -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# - -%{!?version: %define version %(cat version_vm)} - -Name: qubes-core-proxyvm -Version: %{version} -Release: 1%{dist} -Summary: The Qubes core files for NetVM - -Group: Qubes -Vendor: Invisible Things Lab -License: GPL -URL: http://www.qubes-os.org -Requires: /usr/bin/xenstore-read -Requires: /sbin/ethtool -Requires: fedora-release -Requires: qubes-core-netvm - -%define _builddir %(pwd)/proxyvm - -%description -The Qubes core files for installation inside a Qubes ProxyVM in addition to NetVM scripts. - -%pre - -%build - -%install - -mkdir -p $RPM_BUILD_ROOT/etc/init.d -cp init.d/qubes_firewall $RPM_BUILD_ROOT/etc/init.d/ -cp init.d/qubes_netwatcher $RPM_BUILD_ROOT/etc/init.d/ -mkdir -p $RPM_BUILD_ROOT/usr/sbin -cp bin/qubes_firewall $RPM_BUILD_ROOT/usr/sbin/ -cp bin/qubes_netwatcher $RPM_BUILD_ROOT/usr/sbin/ - -%post - -chkconfig --add qubes_firewall || echo "WARNING: Cannot add service qubes_core!" -chkconfig qubes_firewall on || echo "WARNING: Cannot enable service qubes_core!" - -chkconfig --add qubes_netwatcher || echo "WARNING: Cannot add service qubes_core!" -chkconfig qubes_netwatcher on || echo "WARNING: Cannot enable service qubes_core!" - -%preun -if [ "$1" = 0 ] ; then - # no more packages left - chkconfig qubes_firewall off - chkconfig qubes_netwatcher off -fi - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(-,root,root,-) -/etc/init.d/qubes_firewall -/etc/init.d/qubes_netwatcher -/usr/sbin/qubes_firewall -/usr/sbin/qubes_netwatcher diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec new file mode 100644 index 0000000..c51567b --- /dev/null +++ b/rpm_spec/core-vm.spec @@ -0,0 +1,564 @@ +# +# The Qubes OS Project, http://www.qubes-os.org +# +# Copyright (C) 2010 Joanna Rutkowska +# Copyright (C) 2010 Rafal Wojtczuk +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# + +%{!?version: %define version %(cat version_vm)} + +Name: qubes-core-vm +Version: %{version} +Release: 1%{dist} +Summary: The Qubes core files for VM + +Group: Qubes +Vendor: Invisible Things Lab +License: GPL +URL: http://www.qubes-os.org +Requires: /usr/bin/xenstore-read +Requires: fedora-release +Requires: yum-plugin-post-transaction-actions +Requires: NetworkManager >= 0.8.1-1 +Requires: /usr/bin/mimeopen +Requires: /sbin/ethtool +Provides: qubes-core-vm +Obsoletes: qubes-core-commonvm +Obsoletes: qubes-core-appvm +Obsoletes: qubes-core-netvm +Obsoletes: qubes-core-proxyvm +BuildRequires: xen-devel + +%define _builddir %(pwd) + +%define kde_service_dir /usr/share/kde4/services/ServiceMenus + +%description +The Qubes core files for installation inside a Qubes VM. + +%build +make -C misc +make -C qubes_rpc +make -C qrexec +make -C vchan +make -C u2mfn + +%pre + +if [ "$1" != 1 ] ; then +# do this whole %pre thing only when updating for the first time... +exit 0 +fi + +mkdir -p /var/lib/qubes +if [ -e /etc/fstab ] ; then +mv /etc/fstab /var/lib/qubes/fstab.orig +fi + +adduser --create-home user +su user -c 'mkdir -p /home/user/.local/share' +su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts' +su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"' +su user -c 'ln -s /usr/bin/qvm-open-in-dvm /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"' +su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created' +su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created2' + +%install + +install -D misc/fstab $RPM_BUILD_ROOT/etc/fstab +install -d $RPM_BUILD_ROOT/etc/init.d +install vm-init.d/* $RPM_BUILD_ROOT/etc/init.d/ + +install -d $RPM_BUILD_ROOT/lib/systemd/system $RPM_BUILD_ROOT/usr/lib/qubes/init +install -m 0755 vm-systemd/*.sh $RPM_BUILD_ROOT/usr/lib/qubes/init/ +install -m 0644 vm-systemd/qubes-*.service $RPM_BUILD_ROOT/lib/systemd/system/ +install -m 0644 vm-systemd/NetworkManager.service $RPM_BUILD_ROOT/usr/lib/qubes/init/ +install -m 0644 vm-systemd/cups.service $RPM_BUILD_ROOT/usr/lib/qubes/init/ +install -m 0644 vm-systemd/ntpd.service $RPM_BUILD_ROOT/usr/lib/qubes/init/ + +install -D -m 0440 misc/qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes +install -D misc/qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d/qubes.repo +install -D misc/serial.conf $RPM_BUILD_ROOT/usr/lib/qubes/serial.conf +install -D misc/qubes_serial_login $RPM_BUILD_ROOT/sbin/qubes_serial_login +install -d $RPM_BUILD_ROOT/usr/share/glib-2.0/schemas/ +install misc/org.gnome.settings-daemon.plugins.updates.gschema.override $RPM_BUILD_ROOT/usr/share/glib-2.0/schemas/ + +install -d $RPM_BUILD_ROOT/var/lib/qubes + +install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-gpg +install -m 644 misc/RPM-GPG-KEY-qubes* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/ +install -D misc/xenstore-watch $RPM_BUILD_ROOT/usr/bin/xenstore-watch-qubes +install -d $RPM_BUILD_ROOT/etc/udev/rules.d +install misc/qubes_memory.rules $RPM_BUILD_ROOT/etc/udev/rules.d/50-qubes_memory.rules +install misc/qubes_block.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_block.rules +install -d $RPM_BUILD_ROOT/usr/lib/qubes/ +install misc/qubes_download_dom0_updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/ +install misc/{block_add_change,block_remove,block_cleanup} $RPM_BUILD_ROOT/usr/lib/qubes/ +install misc/qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/ +install -D misc/qubes_trigger_sync_appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/qubes_trigger_sync_appmenus.action +mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes + +install -D misc/qubes_core.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes_core.modules + +install network/qubes_network.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_network.rules +install network/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/usr/lib/qubes +install network/qubes_fix_nm_conf.sh $RPM_BUILD_ROOT/usr/lib/qubes +install network/setup_ip $RPM_BUILD_ROOT/usr/lib/qubes/ +install -d $RPM_BUILD_ROOT/etc/dhclient.d +ln -s /usr/lib/qubes/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/etc/dhclient.d/qubes_setup_dnat_to_ns.sh +install -d $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ +install network/{qubes_nmhook,30-qubes_external_ip} $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ +install -D network/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts/vif-route-qubes +install -D network/iptables $RPM_BUILD_ROOT/etc/sysconfig/iptables + +install -d $RPM_BUILD_ROOT/usr/sbin +install network/qubes_firewall $RPM_BUILD_ROOT/usr/sbin/ +install network/qubes_netwatcher $RPM_BUILD_ROOT/usr/sbin/ + +install -d $RPM_BUILD_ROOT/lib/firmware +ln -s /lib/modules/firmware $RPM_BUILD_ROOT/lib/firmware/updates + +install -d $RPM_BUILD_ROOT/usr/bin + +install qubes_rpc/{qvm-open-in-dvm,qvm-open-in-vm,qvm-copy-to-vm,qvm-run} $RPM_BUILD_ROOT/usr/bin +install qubes_rpc/wrap_in_html_if_url.sh $RPM_BUILD_ROOT/usr/lib/qubes +install qubes_rpc/qvm-copy-to-vm.kde $RPM_BUILD_ROOT/usr/lib/qubes +install qubes_rpc/qvm-copy-to-vm.gnome $RPM_BUILD_ROOT/usr/lib/qubes +install qubes_rpc/{vm-file-editor,qfile-agent,qopen-in-vm,qfile-unpacker} $RPM_BUILD_ROOT/usr/lib/qubes +install qubes_rpc/{vm-shell,qrun-in-vm} $RPM_BUILD_ROOT/usr/lib/qubes +install -d $RPM_BUILD_ROOT/%{kde_service_dir} +install qubes_rpc/{qvm-copy.desktop,qvm-dvm.desktop} $RPM_BUILD_ROOT/%{kde_service_dir} +install -d $RPM_BUILD_ROOT/etc/qubes_rpc +install qubes_rpc/{qubes.Filecopy,qubes.OpenInVM,qubes.VMShell} $RPM_BUILD_ROOT/etc/qubes_rpc + +install qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes +install qrexec/qrexec_client_vm $RPM_BUILD_ROOT/usr/lib/qubes +install qrexec/qubes_rpc_multiplexer $RPM_BUILD_ROOT/usr/lib/qubes + +install misc/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes +install -d $RPM_BUILD_ROOT/mnt/removable +install -d $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates + +install -D misc/xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11/xorg-preload-apps.conf + +install -d $RPM_BUILD_ROOT/var/run/qubes +install -d $RPM_BUILD_ROOT/home_volatile/user + +install -D vchan/libvchan.h $RPM_BUILD_ROOT/usr/include/libvchan.h +install -D u2mfn/u2mfnlib.h $RPM_BUILD_ROOT/usr/include/u2mfnlib.h +install -D u2mfn/u2mfn-kernel.h $RPM_BUILD_ROOT/usr/include/u2mfn-kernel.h + +install -D vchan/libvchan.so $RPM_BUILD_ROOT/%{_libdir}/libvchan.so +install -D u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so + +%triggerin -- initscripts +cp /usr/lib/qubes/serial.conf /etc/init/serial.conf + +%post + +# disable some Upstart services +for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do + if [ -e /etc/init/$F.conf ]; then + mv -f /etc/init/$F.conf /etc/init/$F.conf.disabled + fi +done + +remove_ShowIn () { + if [ -e /etc/xdg/autostart/$1.desktop ]; then + sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop + fi +} + +# don't want it at all +for F in abrt-applet deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto gnome-power-manager gnome-sound-applet gnome-screensaver orca-autostart; do + if [ -e /etc/xdg/autostart/$F.desktop ]; then + remove_ShowIn $F + echo 'NotShowIn=QUBES' >> /etc/xdg/autostart/$F.desktop + fi +done + +# don't want it in DisposableVM +for F in gcm-apply ; do + if [ -e /etc/xdg/autostart/$F.desktop ]; then + remove_ShowIn $F + echo 'NotShowIn=DisposableVM' >> /etc/xdg/autostart/$F.desktop + fi +done + +# want it in AppVM only +for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do + if [ -e /etc/xdg/autostart/$F.desktop ]; then + remove_ShowIn $F + echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop + fi +done + +# remove existing rule to add own later +for F in gpk-update-icon nm-applet ; do + remove_ShowIn $F +done + +echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || : +echo 'OnlyShowIn=GNOME;NetVM;' >> /etc/xdg/autostart/nm-applet.desktop || : + +usermod -p '' root +usermod -L user + +# Create NetworkManager configuration if we do not have it +if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then +echo '[main]' > /etc/NetworkManager/NetworkManager.conf +echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf +echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf +fi +/usr/lib/qubes/qubes_fix_nm_conf.sh + + +# Remove ip_forward setting from sysctl, so NM will not reset it +sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf + +# Prevent unnecessary updates in VMs: +sed -i -e '/^exclude = kernel/d' /etc/yum.conf +echo 'exclude = kernel, xorg-x11-drv-*, xorg-x11-drivers, xorg-x11-server-*' >> /etc/yum.conf + +if [ "$1" != 1 ] ; then +# do the rest of %post thing only when updating for the first time... +exit 0 +fi + +if ! [ -f /var/lib/qubes/serial.orig ] ; then + cp /etc/init/serial.conf /var/lib/qubes/serial.orig +fi + +#echo "--> Disabling SELinux..." +sed -e s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config.processed +mv /etc/selinux/config.processed /etc/selinux/config +setenforce 0 2>/dev/null + +# Remove most of the udev scripts to speed up the VM boot time +# Just leave the xen* scripts, that are needed if this VM was +# ever used as a net backend (e.g. as a VPN domain in the future) +#echo "--> Removing unnecessary udev scripts..." +mkdir -p /var/lib/qubes/removed-udev-scripts +for f in /etc/udev/rules.d/* +do + if [ $(basename $f) == "xen-backend.rules" ] ; then + continue + fi + + if [ $(basename $f) == "xend.rules" ] ; then + continue + fi + + if [ $(basename $f) == "99-qubes_network.rules" ] ; then + continue + fi + + if [ $(basename $f) == "99-qubes_block.rules" ] ; then + continue + fi + + if [ $(basename $f) == "90-hal.rules" ] ; then + continue + fi + + + mv $f /var/lib/qubes/removed-udev-scripts/ +done +mkdir -p /rw +#rm -f /etc/mtab +#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0" +#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig +#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0 + +%preun +if [ "$1" = 0 ] ; then + # no more packages left + mv /var/lib/qubes/fstab.orig /etc/fstab + mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/ + mv /var/lib/qubes/serial.orig /etc/init/serial.conf +fi + +%postun +if [ $1 -eq 0 ] ; then + /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : +fi + +%posttrans + /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root,-) +%dir /var/lib/qubes +%dir /var/run/qubes +%dir %attr(0775,user,user) /var/lib/qubes/dom0-updates +%{kde_service_dir}/qvm-copy.desktop +%{kde_service_dir}/qvm-dvm.desktop +/etc/NetworkManager/dispatcher.d/30-qubes_external_ip +/etc/NetworkManager/dispatcher.d/qubes_nmhook +/etc/X11/xorg-preload-apps.conf +/etc/dhclient.d/qubes_setup_dnat_to_ns.sh +/etc/fstab +/etc/pki/rpm-gpg/RPM-GPG-KEY-qubes* +%dir /etc/qubes_rpc +/etc/qubes_rpc/qubes.Filecopy +/etc/qubes_rpc/qubes.OpenInVM +/etc/qubes_rpc/qubes.VMShell +/etc/sudoers.d/qubes +/etc/sysconfig/iptables +/etc/sysconfig/modules/qubes_core.modules +/etc/udev/rules.d/50-qubes_memory.rules +/etc/udev/rules.d/99-qubes_block.rules +/etc/udev/rules.d/99-qubes_network.rules +/etc/xen/scripts/vif-route-qubes +/etc/yum.repos.d/qubes.repo +/etc/yum/post-actions/qubes_trigger_sync_appmenus.action +/lib/firmware/updates +/sbin/qubes_serial_login +/usr/bin/qvm-copy-to-vm +/usr/bin/qvm-open-in-dvm +/usr/bin/qvm-open-in-vm +/usr/bin/qvm-run +/usr/bin/xenstore-watch-qubes +%dir /usr/lib/qubes +/usr/lib/qubes/block_add_change +/usr/lib/qubes/block_cleanup +/usr/lib/qubes/block_remove +/usr/lib/qubes/meminfo-writer +/usr/lib/qubes/qfile-agent +/usr/lib/qubes/qfile-unpacker +/usr/lib/qubes/qopen-in-vm +/usr/lib/qubes/qrexec_agent +/usr/lib/qubes/qrexec_client_vm +/usr/lib/qubes/qrun-in-vm +/usr/lib/qubes/qubes_download_dom0_updates.sh +/usr/lib/qubes/qubes_fix_nm_conf.sh +/usr/lib/qubes/qubes_rpc_multiplexer +/usr/lib/qubes/qubes_setup_dnat_to_ns +/usr/lib/qubes/qubes_trigger_sync_appmenus.sh +/usr/lib/qubes/qvm-copy-to-vm.gnome +/usr/lib/qubes/qvm-copy-to-vm.kde +/usr/lib/qubes/serial.conf +/usr/lib/qubes/setup_ip +/usr/lib/qubes/vm-file-editor +/usr/lib/qubes/vm-shell +/usr/lib/qubes/wrap_in_html_if_url.sh +/usr/sbin/qubes_firewall +/usr/sbin/qubes_netwatcher +/usr/share/glib-2.0/schemas/org.gnome.settings-daemon.plugins.updates.gschema.override +%dir /home_volatile +%attr(700,user,user) /home_volatile/user +%dir /mnt/removable + + +%package devel +Summary: Include files for qubes core libraries +License: GPL v2 only +Group: Development/Sources +Obsoletes: qubes-core-appvm-devel + +%description devel + +%files devel +/usr/include/libvchan.h +/usr/include/u2mfnlib.h +/usr/include/u2mfn-kernel.h + +%package libs +Summary: Qubes core libraries +License: GPL v2 only +Group: Development/Sources +Obsoletes: qubes-core-appvm-libs + +%description libs + +%files libs +%{_libdir}/libvchan.so +%{_libdir}/libu2mfn.so + +%package sysvinit +Summary: Qubes unit files for SysV init style or upstart +License: GPL v2 only +Group: Qubes +Requires: upstart +Requires: qubes-core-vm +Provides: qubes-core-vm-init-scripts +Conflicts: qubes-core-vm-systemd + +%description sysvinit +The Qubes core startup configuration for SysV init (or upstart). + +%files sysvinit +/etc/init.d/qubes_core +/etc/init.d/qubes_core_appvm +/etc/init.d/qubes_core_netvm +/etc/init.d/qubes_firewall +/etc/init.d/qubes_netwatcher + +%post sysvinit + +#echo "--> Turning off unnecessary services..." +# FIXME: perhaps there is more elegant way to do this? +for f in /etc/init.d/* +do + srv=`basename $f` + [ $srv = 'functions' ] && continue + [ $srv = 'killall' ] && continue + [ $srv = 'halt' ] && continue + [ $srv = 'single' ] && continue + [ $srv = 'reboot' ] && continue + [ $srv = 'qubes_gui' ] && continue + chkconfig $srv off +done + +#echo "--> Enabling essential services..." +chkconfig rsyslog on +chkconfig haldaemon on +chkconfig messagebus on +chkconfig iptables on +chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!" +chkconfig qubes_core on || echo "WARNING: Cannot enable service qubes_core!" +chkconfig --add qubes_core_netvm || echo "WARNING: Cannot add service qubes_core!" +chkconfig qubes_core_netvm on || echo "WARNING: Cannot enable service qubes_core!" +chkconfig --add qubes_core_appvm || echo "WARNING: Cannot add service qubes_core!" +chkconfig qubes_core_appvm on || echo "WARNING: Cannot enable service qubes_core!" +chkconfig --add qubes_firewall || echo "WARNING: Cannot add service qubes_core!" +chkconfig qubes_firewall on || echo "WARNING: Cannot enable service qubes_core!" +chkconfig --add qubes_netwatcher || echo "WARNING: Cannot add service qubes_core!" +chkconfig qubes_netwatcher on || echo "WARNING: Cannot enable service qubes_core!" + +# TODO: make this not display the silly message about security context... +sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab + +%preun sysvinit +if [ "$1" = 0 ] ; then + # no more packages left + chkconfig qubes_core off + chkconfig qubes_core_netvm off + chkconfig qubes_core_appvm off + chkconfig qubes_firewall off + chkconfig qubes_netwatcher off +fi + +%package systemd +Summary: Qubes unit files for SystemD init style +License: GPL v2 only +Group: Qubes +Requires: systemd +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +Requires: qubes-core-vm +Provides: qubes-core-vm-init-scripts +Conflicts: qubes-core-vm-sysvinit + +%description systemd +The Qubes core startup configuration for SystemD init. + +%files systemd +%defattr(-,root,root,-) +/lib/systemd/system/qubes-dvm.service +/lib/systemd/system/qubes-meminfo-writer.service +/lib/systemd/system/qubes-qrexec-agent.service +/lib/systemd/system/qubes-misc-post.service +/lib/systemd/system/qubes-firewall.service +/lib/systemd/system/qubes-netwatcher.service +/lib/systemd/system/qubes-network.service +/lib/systemd/system/qubes-sysinit.service +%dir /usr/lib/qubes/init +/usr/lib/qubes/init/prepare-dvm.sh +/usr/lib/qubes/init/network-proxy-setup.sh +/usr/lib/qubes/init/misc-post.sh +/usr/lib/qubes/init/qubes-sysinit.sh +/usr/lib/qubes/init/NetworkManager.service +/usr/lib/qubes/init/cups.service +/usr/lib/qubes/init/ntpd.service +%ghost %attr(0644,root,root) /etc/systemd/system/NetworkManager.service +%ghost %attr(0644,root,root) /etc/systemd/system/cups.service + +%post systemd + +for srv in qubes-dvm qubes-meminfo-writer qubes-qrexec-agent qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network; do + /bin/systemctl enable $srv.service +done + +# Install overriden services only when original exists +for srv in cups NetworkManager ntpd; do + if [ -f /lib/systemd/system/$srv.service ]; then + cp /usr/lib/qubes/init/$srv.service /etc/systemd/system/$srv.service + fi +done + +# Set default "runlevel" +rm -f /etc/systemd/system/default.target +ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target + +# Services to disable +#echo "--> Turning off unnecessary services..." +# FIXME: perhaps there is more elegant way to do this? +for f in /etc/init.d/* +do + srv=`basename $f` + [ $srv = 'functions' ] && continue + [ $srv = 'killall' ] && continue + [ $srv = 'halt' ] && continue + [ $srv = 'single' ] && continue + [ $srv = 'reboot' ] && continue + [ $srv = 'qubes_gui' ] && continue + chkconfig $srv off +done + +DISABLE_SERVICES="alsa-store alsa-restore auditd backuppc cpuspeed crond dbus-org.freedesktop.Avahi" +DISABLE_SERVICES="$DISABLE_SERVICES fedora-autorelabel fedora-autorelabel-mark ipmi hwclock-load hwclock-save" +DISABLE_SERVICES="$DISABLE_SERVICES mdmonitor multipathd openct rpcbind mcelog fedora-storage-init fedora-storage-init-late" +DISABLE_SERVICES="$DISABLE_SERVICES plymouth-start plymouth-read-write plymouth-quit plymouth-quit-wait" +for srv in $DISABLE_SERVICES; do + if [ -f /lib/systemd/system/$srv.service ]; then + if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then + /bin/systemctl disable $srv.service + else + # forcibly disable + ln -sf /dev/null /etc/systemd/system/$srv.service + fi + fi +done + +rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service + +# Enable some services +/bin/systemctl enable iptables.service +/bin/systemctl enable rsyslog.service +/bin/systemctl enable ntpd.service +/bin/systemctl enable NetworkManager.service +# Enable cups only when it is real SystemD service +[ -e /lib/systemd/system/cups.service ] && /bin/systemctl enable cups.service + +exit 0 + +%postun systemd + +#Do not run this part on upgrades +if [ "$1" != 0 ] ; then + exit 0 +fi + +for srv in qubes-dvm qubes-meminfo-writer qubes-qrexec-agent qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network; do + /bin/systemctl disable $srv.service +do diff --git a/common/qubes_core b/vm-init.d/qubes_core similarity index 100% rename from common/qubes_core rename to vm-init.d/qubes_core diff --git a/appvm/qubes_core_appvm b/vm-init.d/qubes_core_appvm similarity index 100% rename from appvm/qubes_core_appvm rename to vm-init.d/qubes_core_appvm diff --git a/netvm/qubes_core_netvm b/vm-init.d/qubes_core_netvm similarity index 100% rename from netvm/qubes_core_netvm rename to vm-init.d/qubes_core_netvm diff --git a/proxyvm/init.d/qubes_firewall b/vm-init.d/qubes_firewall similarity index 100% rename from proxyvm/init.d/qubes_firewall rename to vm-init.d/qubes_firewall diff --git a/proxyvm/init.d/qubes_netwatcher b/vm-init.d/qubes_netwatcher similarity index 100% rename from proxyvm/init.d/qubes_netwatcher rename to vm-init.d/qubes_netwatcher diff --git a/vm-systemd/NetworkManager.service b/vm-systemd/NetworkManager.service new file mode 100644 index 0000000..bf1e486 --- /dev/null +++ b/vm-systemd/NetworkManager.service @@ -0,0 +1,3 @@ +.include /lib/systemd/system/NetworkManager.service +[Unit] +ConditionPathExists=/var/run/qubes-service/network-manager diff --git a/vm-systemd/cups.service b/vm-systemd/cups.service new file mode 100644 index 0000000..73e2796 --- /dev/null +++ b/vm-systemd/cups.service @@ -0,0 +1,3 @@ +.include /lib/systemd/system/cups.service +[Unit] +ConditionPathExists=/var/run/qubes-service/cups diff --git a/vm-systemd/misc-post.sh b/vm-systemd/misc-post.sh new file mode 100755 index 0000000..9ebdf2e --- /dev/null +++ b/vm-systemd/misc-post.sh @@ -0,0 +1,60 @@ +#!/bin/sh + +# Set IP address again (besides action in udev rules); this is needed by +# DispVM (to override DispVM-template IP) and in case when qubes_ip was +# called by udev before loading evtchn kernel module - in which case +# xenstore-read fails +INTERFACE=eth0 /usr/lib/qubes/setup_ip + +if [ -e /dev/xvdb ] ; then + mount /rw + + if ! [ -d /rw/home ] ; then + echo + echo "--> Virgin boot of the VM: Linking /home to /rw/home" + + mkdir -p /rw/config + touch /rw/config/rc.local + + mkdir -p /rw/home + cp -a /home.orig/user /home + + mkdir -p /rw/usrlocal + cp -a /usr/local.orig/* /usr/local + + touch /var/lib/qubes/first_boot_completed + fi +fi + +[ -x /rw/config/rc.local ] && /rw/config/rc.local + +if ! [ -f /home/user/.gnome2/nautilus-scripts/.scripts_created ] ; then + echo "Creating symlinks for nautilus actions..." + su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts' + su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"' + su user -c 'ln -s /usr/bin/qvm-open-in-dvm /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"' + su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created' +fi + +if ! [ -f /home/user/.gnome2/nautilus-scripts/.scripts_created2 ] ; then + # as we have recently renamed tools, the symlinks would need to be fixed for older templates + su user -c 'ln -sf /usr/lib/qubes/qvm-copy-to-vm.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"' + su user -c 'ln -sf /usr/bin/qvm-open-in-dvm /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"' + su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created2' +fi + +# Start services which haven't own proper systemd unit: + +# Start AppVM specific services +if [ ! -f /etc/systemd/system/cups.service ]; then + if [ -f /var/run/qubes-service/cups ]; then + /sbin/service cups start + # Allow also notification icon + sed -i -e '/^NotShowIn=.*QUBES/s/;QUBES//' /etc/xdg/autostart/print-applet.desktop + else + # Disable notification icon + sed -i -e '/QUBES/!s/^NotShowIn=.*/\1QUBES;/' /etc/xdg/autostart/print-applet.desktop + fi +fi + +exit 0 diff --git a/vm-systemd/network-proxy-setup.sh b/vm-systemd/network-proxy-setup.sh new file mode 100755 index 0000000..c12e1d3 --- /dev/null +++ b/vm-systemd/network-proxy-setup.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +# Setup gateway for all the VMs this netVM is serviceing... +network=$(/usr/bin/xenstore-read qubes_netvm_network 2>/dev/null) +if [ "x$network" != "x" ]; then + gateway=$(/usr/bin/xenstore-read qubes_netvm_gateway) + netmask=$(/usr/bin/xenstore-read qubes_netvm_netmask) + secondary_dns=$(/usr/bin/xenstore-read qubes_netvm_secondary_dns) + modprobe netbk 2> /dev/null || modprobe xen-netback + echo "NS1=$gateway" > /var/run/qubes/qubes_ns + echo "NS2=$secondary_dns" >> /var/run/qubes/qubes_ns + /usr/lib/qubes/qubes_setup_dnat_to_ns + echo "1" > /proc/sys/net/ipv4/ip_forward +fi diff --git a/vm-systemd/ntpd.service b/vm-systemd/ntpd.service new file mode 100644 index 0000000..21e93db --- /dev/null +++ b/vm-systemd/ntpd.service @@ -0,0 +1,3 @@ +.include /lib/systemd/system/ntpd.service +[Unit] +ConditionPathExists=/var/run/qubes-service/ntpd diff --git a/vm-systemd/prepare-dvm.sh b/vm-systemd/prepare-dvm.sh new file mode 100755 index 0000000..86b6a74 --- /dev/null +++ b/vm-systemd/prepare-dvm.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +possibly_run_save_script() +{ + ENCODED_SCRIPT=$(xenstore-read qubes_save_script) + if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi + echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64()' >/tmp/qubes_save_script + chmod 755 /tmp/qubes_save_script + Xorg -config /etc/X11/xorg-preload-apps.conf :0 & + sleep 2 + DISPLAY=:0 su - user -c /tmp/qubes_save_script + killall Xorg +} + +if xenstore-read qubes_save_request 2>/dev/null ; then + ln -sf /home_volatile /home + possibly_run_save_script + touch /etc/this_is_dvm + dmesg -c >/dev/null + free | grep Mem: | + (read a b c d ; xenstore-write device/qubes_used_mem $c) + # we're still running in DispVM template + echo "Waiting for save/restore..." + # ... wait until qubes_restore.c (in Dom0) recreates VM-specific keys + while ! xenstore-read qubes_restore_complete 2>/dev/null ; do + usleep 10 + done + echo Back to life. +fi + diff --git a/vm-systemd/qubes-dvm.service b/vm-systemd/qubes-dvm.service new file mode 100644 index 0000000..b26834e --- /dev/null +++ b/vm-systemd/qubes-dvm.service @@ -0,0 +1,12 @@ +[Unit] +Description=Prepare Qubes DispVM Template +ConditionPathExists=/var/run/qubes-service/qubes-dvm + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/lib/qubes/init/prepare-dvm.sh +StandardOutput=syslog + +[Install] +WantedBy=multi-user.target diff --git a/vm-systemd/qubes-firewall.service b/vm-systemd/qubes-firewall.service new file mode 100644 index 0000000..df765dc --- /dev/null +++ b/vm-systemd/qubes-firewall.service @@ -0,0 +1,10 @@ +[Unit] +Description=Qubes firewall updater +ConditionPathExists=/var/run/qubes-service/qubes-firewall + +[Service] +ExecStart=/usr/sbin/qubes_firewall +StandardOutput=syslog + +[Install] +WantedBy=multi-user.target diff --git a/vm-systemd/qubes-meminfo-writer.service b/vm-systemd/qubes-meminfo-writer.service new file mode 100644 index 0000000..fdb504d --- /dev/null +++ b/vm-systemd/qubes-meminfo-writer.service @@ -0,0 +1,12 @@ +[Unit] +Description=Qubes memory information reporter +ConditionPathExists=/var/run/qubes-service/meminfo-writer + +[Service] +Type=forking +ExecStart=/usr/lib/qubes/meminfo-writer 30000 100000 /var/run/meminfo-writer.pid +PIDFile=/var/run/meminfo-writer.pid +StandardOutput=syslog + +[Install] +WantedBy=multi-user.target diff --git a/vm-systemd/qubes-misc-post.service b/vm-systemd/qubes-misc-post.service new file mode 100644 index 0000000..2dc9051 --- /dev/null +++ b/vm-systemd/qubes-misc-post.service @@ -0,0 +1,11 @@ +[Unit] +Description=Qubes misc post-boot actions +After=qubes-dvm.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/lib/qubes/init/misc-post.sh + +[Install] +WantedBy=multi-user.target diff --git a/vm-systemd/qubes-netwatcher.service b/vm-systemd/qubes-netwatcher.service new file mode 100644 index 0000000..d784ba7 --- /dev/null +++ b/vm-systemd/qubes-netwatcher.service @@ -0,0 +1,11 @@ +[Unit] +Description=Qubes network monitor +ConditionPathExists=/var/run/qubes-service/qubes-netwatcher +After=qubes-firewall.service + +[Service] +ExecStart=/usr/sbin/qubes_netwatcher +StandardOutput=syslog + +[Install] +WantedBy=multi-user.target diff --git a/vm-systemd/qubes-network.service b/vm-systemd/qubes-network.service new file mode 100644 index 0000000..86c02fe --- /dev/null +++ b/vm-systemd/qubes-network.service @@ -0,0 +1,15 @@ +[Unit] +Names=qubes_firewall.service +Description=Qubes network forwarding setup +ConditionPathExists=/var/run/qubes-service/qubes-network +Before=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStartPre=/sbin/ethtool -K eth0 sg off +ExecStart=/usr/lib/qubes/init/network-proxy-setup.sh +StandardOutput=syslog + +[Install] +WantedBy=multi-user.target diff --git a/vm-systemd/qubes-qrexec-agent.service b/vm-systemd/qubes-qrexec-agent.service new file mode 100644 index 0000000..759e4b4 --- /dev/null +++ b/vm-systemd/qubes-qrexec-agent.service @@ -0,0 +1,10 @@ +[Unit] +Description=Qubes remote exec agent +After=qubes-dvm.service + +[Service] +ExecStart=/usr/lib/qubes/qrexec_agent +StandardOutput=syslog + +[Install] +WantedBy=multi-user.target diff --git a/vm-systemd/qubes-sysinit.service b/vm-systemd/qubes-sysinit.service new file mode 100644 index 0000000..c6ca7a0 --- /dev/null +++ b/vm-systemd/qubes-sysinit.service @@ -0,0 +1,14 @@ +[Unit] +Description=Init Qubes Services settings +DefaultDependencies=no +Before=sysinit.target +After=local-fs.target proc-xen.mount + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/lib/qubes/init/qubes-sysinit.sh +StandardOutput=syslog + +[Install] +WantedBy=sysinit.target diff --git a/vm-systemd/qubes-sysinit.sh b/vm-systemd/qubes-sysinit.sh new file mode 100755 index 0000000..57cc2a3 --- /dev/null +++ b/vm-systemd/qubes-sysinit.sh @@ -0,0 +1,50 @@ +#!/bin/sh + +# List of services enabled by default (in case of absence of xenstore entry) +DEFAULT_ENABLED_NETVM="network-manager qubes-network" +DEFAULT_ENABLED_PROXYVM="meminfo-writer qubes-network qubes-firewall qubes-netwatcher" +DEFAULT_ENABLED_APPVM="meminfo-writer" +DEFAULT_ENABLED="meminfo-writer" + +XS_READ=/usr/bin/xenstore-read +XS_LS=/usr/bin/xenstore-ls + +read_service() { + $XS_READ qubes-service/$1 2> /dev/null +} + +mkdir -p /var/run/qubes +mkdir -p /var/run/qubes-service +mkdir -p /var/run/xen-hotplug + +# Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read +chmod 666 /proc/xen/xenbus + +# Set default services depending on VM type +TYPE=`$XS_READ qubes_vm_type 2> /dev/null` +[ "$TYPE" == "AppVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM +[ "$TYPE" == "NetVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_NETVM +[ "$TYPE" == "ProxyVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_PROXYVM + +# Enable default services +for srv in $DEFAULT_ENABLED; do + touch /var/run/qubes-service/$srv +done + +# Enable services +for srv in `$XS_LS qubes-service 2>/dev/null |grep ' = "1"'|cut -f 1 -d ' '`; do + touch /var/run/qubes-service/$srv +done + +# Disable services +for srv in `$XS_LS qubes-service 2>/dev/null |grep ' = "0"'|cut -f 1 -d ' '`; do + rm -f /var/run/qubes-service/$srv +done + +# Set the hostname +name=`$XS_READ name` +if [ -n "$name" ]; then + hostname $name + (grep -v "\<$name\>" /etc/hosts; echo "127.0.0.1 $name") > /etc/hosts +fi +