Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core

Makefile

@@ -13,14 +13,11 @@ help:
 	@echo "make clean                 -- cleanup"
 
 rpms:	
-	rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-commonvm.spec
-	rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-appvm.spec
-	rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-netvm.spec
-	rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-proxyvm.spec
+	rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm.spec
 	rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0.spec
 	rpm --addsign \
 		$(RPMS_DIR)/x86_64/qubes-core-dom0-$(VERSION_DOM0)*.rpm \
-		$(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*.rpm
+		$(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*.rpm
 
 rpms-vaio-fixes:
 	rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-dom0-vaio-fixes.spec
@@ -31,7 +28,7 @@ update-repo-current:
 	ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current/dom0/rpm/
 	for vmrepo in ../yum/current-release/current/vm/* ; do \
 		dist=$$(basename $$vmrepo) ;\
-		ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
+		ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
 	done
 
 update-repo-current-testing:
@@ -39,7 +36,7 @@ update-repo-current-testing:
 	ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/current-testing/dom0/rpm/
 	for vmrepo in ../yum/current-release/current-testing/vm/* ; do \
 		dist=$$(basename $$vmrepo) ;\
-		ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
+		ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
 	done
 
 update-repo-unstable:
@@ -47,17 +44,17 @@ update-repo-unstable:
 	ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-vaio-fixes-$(VERSION_VAIO_FIXES)*fc13*.rpm ../yum/current-release/unstable/dom0/rpm/
 	for vmrepo in ../yum/current-release/unstable/vm/* ; do \
 		dist=$$(basename $$vmrepo) ;\
-		ln -f $(RPMS_DIR)/x86_64/qubes-core-*vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
+		ln -f $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION_VM)*$$dist*.rpm $$vmrepo/rpm/ ;\
 	done
 
 update-repo-installer:
 	ln -f $(RPMS_DIR)/x86_64/qubes-core-dom0-*$(VERSION_DOM0)*fc13*.rpm ../installer/yum/qubes-dom0/rpm/
 
 clean:
-	(cd appvm && make clean)
-	(cd dom0/restore && make clean)
-	(cd dom0/qmemman && make clean)
-	(cd common && make clean)
-	(cd u2mfn && make clean)
+	make -C dom0/qmemman clean
+	make -C dom0/restore clean
+	make -C misc clean
+	make -C network clean
 	make -C qrexec clean
+	make -C u2mfn clean
 	make -C vchan clean

appvm/Makefile

@@ -1,14 +0,0 @@
-CC=gcc
-CFLAGS=-g -Wall -I../common -fPIC -pie
-all:	vm-file-editor qopen-in-vm qfile-agent qfile-unpacker
-vm-file-editor: vm-file-editor.o ../common/ioall.o
-	$(CC) -pie -g -o $@ $^
-qopen-in-vm: qopen-in-vm.o ../common/ioall.o ../common/gui-fatal.o
-	$(CC) -pie -g -o $@ $^
-qfile-agent: qfile-agent.o ../common/ioall.o ../common/gui-fatal.o ../common/copy_file.o ../common/crc32.o
-	$(CC) -pie -g -o $@ $^
-qfile-unpacker: qfile-unpacker.o ../common/ioall.o ../common/gui-fatal.o ../common/copy_file.o ../common/unpack.o ../common/crc32.o
-	$(CC) -pie -g -o $@ $^
-
-clean:
-	rm -f qopen-in-vm qfile-agent qfile-unpacker vm-file-editor *.o *~

appvm/iptables

@@ -1,12 +0,0 @@
-# Firewall configuration written by system-config-firewall
-# Manual customization of this file is not recommended.
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
--A INPUT -p icmp -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -j REJECT --reject-with icmp-host-prohibited
--A FORWARD -j REJECT --reject-with icmp-host-prohibited
-COMMIT

appvm/qubes_timestamp

@@ -1,2 +0,0 @@
-#!/bin/sh
-exec xenstore-write device/qubes_timestamp $(date +%s.%N)

misc/org.gnome.settings-daemon.plugins.updates.gschema.override

@@ -0,0 +1,2 @@
+[org.gnome.settings-daemon.plugins.updates]
+auto-update-type='none'

netvm/fstab

@@ -1,14 +0,0 @@
-
-#
-# /etc/fstab
-# Created by anaconda on Thu Dec  3 11:26:49 2009
-#
-# Accessible filesystems, by reference, are maintained under '/dev/disk'
-# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
-#
-/dev/mapper/dmroot /                       ext4 defaults,noatime        1 1
-/dev/mapper/dmswap swap                    swap    defaults        0 0
-tmpfs                   /dev/shm                tmpfs   defaults        0 0
-devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
-sysfs                   /sys                    sysfs   defaults        0 0
-proc                    /proc                   proc    defaults        0 0

network/iptables

@@ -6,6 +6,7 @@
 :PR-QBS - [0:0]
 -A PREROUTING -j PR-QBS
 -A POSTROUTING -o vif+ -j ACCEPT
+-A POSTROUTING -o lo -j ACCEPT
 -A POSTROUTING -j MASQUERADE
 COMMIT
 # Completed on Mon Sep  6 08:57:46 2010

qubes_rpc/Makefile

@@ -0,0 +1,14 @@
+CC=gcc
+CFLAGS=-g -Wall -I. -fPIC -pie
+all:	vm-file-editor qopen-in-vm qfile-agent qfile-unpacker
+vm-file-editor: vm-file-editor.o ioall.o
+	$(CC) -pie -g -o $@ $^
+qopen-in-vm: qopen-in-vm.o ioall.o gui-fatal.o
+	$(CC) -pie -g -o $@ $^
+qfile-agent: qfile-agent.o ioall.o gui-fatal.o copy_file.o crc32.o
+	$(CC) -pie -g -o $@ $^
+qfile-unpacker: qfile-unpacker.o ioall.o gui-fatal.o copy_file.o unpack.o crc32.o
+	$(CC) -pie -g -o $@ $^
+
+clean:
+	rm -f qopen-in-vm qfile-agent qfile-unpacker vm-file-editor *.o *~

qubes_rpc/vm-file-editor.c

@@ -12,12 +12,18 @@ char *get_filename()
 {
 	char buf[DVM_FILENAME_SIZE];
 	static char retname[sizeof(buf) + sizeof("/tmp/")];
+	int i;
 	if (!read_all(0, buf, sizeof(buf)))
 		exit(1);
 	if (index(buf, '/')) {
 		fprintf(stderr, "filename contains /");
 		exit(1);
 	}
+	for (i=0; i < DVM_FILENAME_SIZE && buf[i]!=0; i++) {
+		// replace some characters with _ (eg mimeopen have problems with some of them)
+		if (index(" !?\"#$%^&*()[]<>;`~", buf[i]))
+			buf[i]='_';
+	}
 	snprintf(retname, sizeof(retname), "/tmp/%s", buf);
 	return retname;
 }

rpm_spec/core-appvm.spec

@@ -1,201 +0,0 @@
-#
-# The Qubes OS Project, http://www.qubes-os.org
-#
-# Copyright (C) 2010  Joanna Rutkowska <joanna@invisiblethingslab.com>
-# Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#
-#
-
-%{!?version: %define version %(cat version_vm)}
-
-Name:		qubes-core-appvm
-Version:	%{version}
-Release:	1%{dist}
-Summary:	The Qubes core files for AppVM
-
-Group:		Qubes
-Vendor:		Invisible Things Lab
-License:	GPL
-URL:		http://www.qubes-os.org
-Requires:	/usr/bin/xenstore-read
-Requires:   fedora-release
-Requires:	/usr/bin/mimeopen
-Requires:	qubes-core-commonvm
-BuildRequires:  gcc
-BuildRequires:  xen-devel
-Provides:   qubes-core-vm
-
-%define _builddir %(pwd)/appvm
-
-%define kde_service_dir /usr/share/kde4/services/ServiceMenus 
-
-%description
-The Qubes core files for installation inside a Qubes AppVM.
-
-%pre
-
-if [ "$1" !=  1 ] ; then
-# do this whole %pre thing only when updating for the first time...
-exit 0
-fi
-
-adduser --create-home user
-su user -c 'mkdir -p /home/user/.local/share'
-su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts'
-su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"'
-su user -c 'ln -s /usr/bin/qvm-open-in-dvm /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"'
-su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created'
-su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created2'
-
-
-mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
-
-%build
-make clean all
-make -C ../common
-make -C ../u2mfn
-make -C ../vchan
-make -C ../qrexec
-
-%install
-
-mkdir -p $RPM_BUILD_ROOT/etc/init.d
-cp qubes_core_appvm $RPM_BUILD_ROOT/etc/init.d/
-mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
-mkdir -p $RPM_BUILD_ROOT/usr/bin
-cp qubes_timestamp qvm-open-in-dvm $RPM_BUILD_ROOT/usr/bin
-cp qvm-open-in-vm $RPM_BUILD_ROOT/usr/bin
-cp qvm-copy-to-vm $RPM_BUILD_ROOT/usr/bin
-cp qvm-run $RPM_BUILD_ROOT/usr/bin
-mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
-cp wrap_in_html_if_url.sh $RPM_BUILD_ROOT/usr/lib/qubes
-cp qvm-copy-to-vm.kde $RPM_BUILD_ROOT/usr/lib/qubes
-cp qvm-copy-to-vm.gnome $RPM_BUILD_ROOT/usr/lib/qubes
-cp ../qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes
-cp ../qrexec/qrexec_client_vm $RPM_BUILD_ROOT/usr/lib/qubes
-cp ../qrexec/qubes_rpc_multiplexer $RPM_BUILD_ROOT/usr/lib/qubes
-cp vm-file-editor qfile-agent qopen-in-vm qfile-unpacker $RPM_BUILD_ROOT/usr/lib/qubes
-cp vm-shell qrun-in-vm $RPM_BUILD_ROOT/usr/lib/qubes
-cp ../common/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes
-mkdir -p $RPM_BUILD_ROOT/%{kde_service_dir}
-cp qvm-copy.desktop qvm-dvm.desktop $RPM_BUILD_ROOT/%{kde_service_dir}
-mkdir -p $RPM_BUILD_ROOT/mnt/removable
-mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc
-cp qubes.Filecopy $RPM_BUILD_ROOT/etc/qubes_rpc
-cp qubes.OpenInVM $RPM_BUILD_ROOT/etc/qubes_rpc
-cp qubes.VMShell $RPM_BUILD_ROOT/etc/qubes_rpc
-mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates
-
-mkdir -p $RPM_BUILD_ROOT/etc/X11
-cp xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11
-
-mkdir -p $RPM_BUILD_ROOT/home_volatile/user
-
-install -D ../vchan/libvchan.h $RPM_BUILD_ROOT/usr/include/libvchan.h
-install -D ../u2mfn/u2mfnlib.h $RPM_BUILD_ROOT/usr/include/u2mfnlib.h
-install -D ../u2mfn/u2mfn-kernel.h $RPM_BUILD_ROOT/usr/include/u2mfn-kernel.h
-
-install -D ../vchan/libvchan.so $RPM_BUILD_ROOT/%{_libdir}/libvchan.so
-install -D ../u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so
-
-install -d $RPM_BUILD_ROOT/etc/sudoers.d
-install -m 0440 qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes
-
-mkdir -p $RPM_BUILD_ROOT/var/run/qubes
-
-%triggerin -- initscripts
-cp /var/lib/qubes/serial.conf /etc/init/serial.conf
-
-%post
-
-chkconfig --add qubes_core_appvm || echo "WARNING: Cannot add service qubes_core!"
-chkconfig qubes_core_appvm on || echo "WARNING: Cannot enable service qubes_core!"
-
-if [ "$1" !=  1 ] ; then
-# do this whole %post thing only when updating for the first time...
-exit 0
-fi
-
-usermod -L user
-
-%preun
-if [ "$1" = 0 ] ; then
-    # no more packages left
-    chkconfig qubes_core_appvm off
-fi
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(-,root,root,-)
-/etc/init.d/qubes_core_appvm
-/usr/bin/qvm-copy-to-vm
-/usr/lib/qubes/qvm-copy-to-vm.kde
-/usr/lib/qubes/qvm-copy-to-vm.gnome
-/usr/bin/qvm-open-in-dvm
-/usr/bin/qvm-open-in-vm
-/usr/bin/qvm-run
-/usr/lib/qubes/meminfo-writer
-/usr/lib/qubes/vm-file-editor
-%{kde_service_dir}/qvm-copy.desktop
-%{kde_service_dir}/qvm-dvm.desktop
-/usr/lib/qubes/qrexec_agent
-/usr/lib/qubes/qrexec_client_vm
-/usr/lib/qubes/qubes_rpc_multiplexer
-/usr/lib/qubes/qfile-agent
-/usr/lib/qubes/qopen-in-vm
-/usr/lib/qubes/qfile-unpacker
-/usr/lib/qubes/vm-shell
-/usr/lib/qubes/qrun-in-vm
-/usr/lib/qubes/wrap_in_html_if_url.sh
-%dir /mnt/removable
-%dir /etc/qubes_rpc
-/etc/qubes_rpc/qubes.Filecopy
-/etc/qubes_rpc/qubes.OpenInVM
-/etc/qubes_rpc/qubes.VMShell
-/usr/bin/qubes_timestamp
-%dir /home_volatile
-%attr(700,user,user) /home_volatile/user
-/etc/X11/xorg-preload-apps.conf
-%dir /var/run/qubes
-%dir %attr(0775,user,user) /var/lib/qubes/dom0-updates
-/etc/sudoers.d/qubes
-
-%package devel
-Summary:        Include files for qubes core libraries
-License:        GPL v2 only
-Group:          Development/Sources 
-
-%description devel
-
-%files devel
-/usr/include/libvchan.h
-/usr/include/u2mfnlib.h
-/usr/include/u2mfn-kernel.h
-
-%package libs
-Summary:        Qubes core libraries
-License:        GPL v2 only
-Group:          Development/Sources 
-
-%description libs
-
-%files libs
-%{_libdir}/libvchan.so
-%{_libdir}/libu2mfn.so
-

rpm_spec/core-commonvm.spec

@@ -1,266 +0,0 @@
-#
-# The Qubes OS Project, http://www.qubes-os.org
-#
-# Copyright (C) 2010  Joanna Rutkowska <joanna@invisiblethingslab.com>
-# Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#
-#
-
-%{!?version: %define version %(cat version_vm)}
-
-Name:		qubes-core-commonvm
-Version:	%{version}
-Release:	1%{dist}
-Summary:	The Qubes core files for any VM
-
-Group:		Qubes
-Vendor:		Invisible Things Lab
-License:	GPL
-URL:		http://www.qubes-os.org
-Requires:	/usr/bin/xenstore-read
-Requires:   fedora-release
-Requires:   yum-plugin-post-transaction-actions
-BuildRequires: xen-devel
-
-%define _builddir %(pwd)/common
-
-%description
-The Qubes core files for installation inside a Qubes VM.
-
-%build
-make
-
-%pre
-
-if [ "$1" !=  1 ] ; then
-# do this whole %pre thing only when updating for the first time...
-exit 0
-fi
-
-mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
-if [ -e $RPM_BUILD_ROOT/etc/fstab ] ; then 
-mv $RPM_BUILD_ROOT/etc/fstab $RPM_BUILD_ROOT/var/lib/qubes/fstab.orig
-fi
-
-%install
-
-mkdir -p $RPM_BUILD_ROOT/etc
-cp fstab $RPM_BUILD_ROOT/etc/fstab
-mkdir -p $RPM_BUILD_ROOT/etc/init.d
-cp qubes_core $RPM_BUILD_ROOT/etc/init.d/
-mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
-mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
-cp iptables $RPM_BUILD_ROOT/etc/sysconfig/
-mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d
-cp qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d
-install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-gpg
-install -m 644 RPM-GPG-KEY-qubes* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/
-mkdir -p $RPM_BUILD_ROOT/sbin
-cp qubes_serial_login $RPM_BUILD_ROOT/sbin
-mkdir -p $RPM_BUILD_ROOT/usr/bin
-cp xenstore-watch $RPM_BUILD_ROOT/usr/bin/xenstore-watch-qubes
-mkdir -p $RPM_BUILD_ROOT/etc
-cp serial.conf $RPM_BUILD_ROOT/var/lib/qubes/
-mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d
-cp qubes_network.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_network.rules
-cp qubes_memory.rules $RPM_BUILD_ROOT/etc/udev/rules.d/50-qubes_memory.rules
-cp qubes_block.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_block.rules
-mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes/
-cp setup_ip $RPM_BUILD_ROOT/usr/lib/qubes/
-cp qubes_download_dom0_updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/
-cp block_add_change $RPM_BUILD_ROOT/usr/lib/qubes/
-cp block_remove $RPM_BUILD_ROOT/usr/lib/qubes/
-cp block_cleanup $RPM_BUILD_ROOT/usr/lib/qubes/
-mkdir -p $RPM_BUILD_ROOT/etc/yum/post-actions
-cp qubes_trigger_sync_appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/
-mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
-cp qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/
-
-install -D qubes_core.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes_core.modules
-
-mkdir -p $RPM_BUILD_ROOT/lib/firmware
-ln -s /lib/modules/firmware $RPM_BUILD_ROOT/lib/firmware/updates
-
-%triggerin -- initscripts
-cp /var/lib/qubes/serial.conf /etc/init/serial.conf
-
-%post
-
-# disable some Upstart services
-for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do
-	if [ -e /etc/init/$F.conf ]; then
-		mv -f /etc/init/$F.conf /etc/init/$F.conf.disabled
-	fi
-done
-
-remove_ShowIn () {
-	if [ -e /etc/xdg/autostart/$1.desktop ]; then
-		sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop
-	fi
-}
-
-# don't want it at all
-for F in abrt-applet deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto ; do
-	if [ -e /etc/xdg/autostart/$F.desktop ]; then
-		remove_ShowIn $F
-		echo 'NotShowIn=QUBES' >> /etc/xdg/autostart/$F.desktop
-	fi
-done
-
-# don't want it in DisposableVM
-for F in gcm-apply ; do
-	if [ -e /etc/xdg/autostart/$F.desktop ]; then
-		remove_ShowIn $F
-		echo 'NotShowIn=DisposableVM' >> /etc/xdg/autostart/$F.desktop
-	fi
-done
-
-# want it in AppVM only
-for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do
-	if [ -e /etc/xdg/autostart/$F.desktop ]; then
-		remove_ShowIn $F
-		echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop
-	fi
-done
-
-# remove existing rule to add own later
-for F in gpk-update-icon nm-applet ; do
-	remove_ShowIn $F
-done
-
-echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || :
-echo 'OnlyShowIn=GNOME;NetVM;' >> /etc/xdg/autostart/nm-applet.desktop || :
-
-usermod -p '' root
-
-# Prevent unnecessary updates in VMs:
-sed -i -e '/^exclude = kernel/d' /etc/yum.conf
-echo 'exclude = kernel, xorg-x11-drv-*, xorg-x11-drivers, xorg-x11-server-*' >> /etc/yum.conf
-
-if [ "$1" !=  1 ] ; then
-# do this whole %post thing only when updating for the first time...
-exit 0
-fi
-
-if ! [ -f /var/lib/qubes/serial.orig ] ; then
-	cp /etc/init/serial.conf /var/lib/qubes/serial.orig
-fi
-
-#echo "--> Disabling SELinux..."
-sed -e s/^SELINUX=.*$/SELINUX=disabled/ </etc/selinux/config >/etc/selinux/config.processed
-mv /etc/selinux/config.processed /etc/selinux/config
-setenforce 0 2>/dev/null
-
-#echo "--> Turning off unnecessary services..."
-# FIXME: perhaps there is more elegant way to do this? 
-for f in /etc/init.d/*
-do
-        srv=`basename $f`
-        [ $srv = 'functions' ] && continue
-        [ $srv = 'killall' ] && continue
-        [ $srv = 'halt' ] && continue
-        [ $srv = 'single' ] && continue
-        [ $srv = 'reboot' ] && continue
-        [ $srv = 'qubes_gui' ] && continue
-        chkconfig $srv off
-done
-
-[ -x /bin/systemctl ] && /bin/systemctl disable NetworkManager.service
-[ -x /bin/systemctl ] && /bin/systemctl disable crond.service
-
-#echo "--> Enabling essential services..."
-chkconfig rsyslog on
-chkconfig haldaemon on
-chkconfig messagebus on
-chkconfig iptables on
-chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!"
-chkconfig qubes_core on || echo "WARNING: Cannot enable service qubes_core!"
-
-
-# TODO: make this not display the silly message about security context...
-sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab
-
-# Remove most of the udev scripts to speed up the VM boot time
-# Just leave the xen* scripts, that are needed if this VM was
-# ever used as a net backend (e.g. as a VPN domain in the future)
-#echo "--> Removing unnecessary udev scripts..."
-mkdir -p /var/lib/qubes/removed-udev-scripts
-for f in /etc/udev/rules.d/*
-do
-    if [ $(basename $f) == "xen-backend.rules" ] ; then
-        continue
-    fi
-
-    if [ $(basename $f) == "xend.rules" ] ; then
-        continue
-    fi
-
-    if [ $(basename $f) == "99-qubes_network.rules" ] ; then
-        continue
-    fi
-
-    if [ $(basename $f) == "99-qubes_block.rules" ] ; then
-        continue
-    fi
-
-    if [ $(basename $f) == "90-hal.rules" ] ; then
-        continue
-    fi
-
-
-    mv $f /var/lib/qubes/removed-udev-scripts/
-done
-mkdir -p /rw
-#rm -f /etc/mtab
-#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0"
-#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig
-#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0
-
-%preun
-if [ "$1" = 0 ] ; then
-    # no more packages left
-    chkconfig qubes_core off
-    mv /var/lib/qubes/fstab.orig /etc/fstab
-    mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
-    mv /var/lib/qubes/serial.orig /etc/init/serial.conf
-fi
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(-,root,root,-)
-/etc/fstab
-/etc/init.d/qubes_core
-/etc/sysconfig/iptables
-/var/lib/qubes
-/etc/yum.repos.d/qubes.repo
-/etc/pki/rpm-gpg/RPM-GPG-KEY-qubes*
-/sbin/qubes_serial_login
-/usr/bin/xenstore-watch-qubes
-/etc/udev/rules.d/99-qubes_network.rules
-/etc/udev/rules.d/50-qubes_memory.rules
-/etc/udev/rules.d/99-qubes_block.rules
-/etc/sysconfig/modules/qubes_core.modules
-/usr/lib/qubes/setup_ip
-/etc/yum/post-actions/qubes_trigger_sync_appmenus.action
-/usr/lib/qubes/qubes_trigger_sync_appmenus.sh
-/usr/lib/qubes/qubes_download_dom0_updates.sh
-/usr/lib/qubes/block_add_change
-/usr/lib/qubes/block_remove
-/usr/lib/qubes/block_cleanup
-/lib/firmware/updates

rpm_spec/core-netvm.spec

@@ -1,102 +0,0 @@
-#
-# The Qubes OS Project, http://www.qubes-os.org
-#
-# Copyright (C) 2010  Joanna Rutkowska <joanna@invisiblethingslab.com>
-# Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#
-#
-
-%{!?version: %define version %(cat version_vm)}
-
-Name:		qubes-core-netvm
-Version:	%{version}
-Release:	1%{dist}
-Summary:	The Qubes core files for NetVM
-
-Group:		Qubes
-Vendor:		Invisible Things Lab
-License:	GPL
-URL:		http://www.qubes-os.org
-Requires:	/usr/bin/xenstore-read
-Requires:   fedora-release
-Requires:       NetworkManager >= 0.8.1-1
-Requires:   qubes-core-commonvm
-Provides:   qubes-core-vm
-
-%define _builddir %(pwd)/netvm
-
-%description
-The Qubes core files for installation inside a Qubes NetVM.
-
-%pre
-
-%build
-make -C ../vchan
-make -C ../u2mfn
-
-%install
-
-mkdir -p $RPM_BUILD_ROOT/etc
-mkdir -p $RPM_BUILD_ROOT/etc/init.d
-cp qubes_core_netvm $RPM_BUILD_ROOT/etc/init.d/
-mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
-mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
-cp ../common/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/usr/lib/qubes
-cp ../common/qubes_fix_nm_conf.sh $RPM_BUILD_ROOT/usr/lib/qubes
-mkdir -p $RPM_BUILD_ROOT/etc/dhclient.d
-ln -s /usr/lib/qubes/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/etc/dhclient.d/qubes_setup_dnat_to_ns.sh 
-mkdir -p $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
-cp ../common/qubes_nmhook $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
-cp ../netvm/30-qubes_external_ip $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
-mkdir -p $RPM_BUILD_ROOT/var/run/qubes
-mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts
-cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts
-
-%post
-
-# Create NetworkManager configuration if we do not have it
-if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
-echo '[main]' > /etc/NetworkManager/NetworkManager.conf
-echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
-echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
-fi
-/usr/lib/qubes/qubes_fix_nm_conf.sh
-
-chkconfig --add qubes_core_netvm || echo "WARNING: Cannot add service qubes_core!"
-chkconfig qubes_core_netvm on || echo "WARNING: Cannot enable service qubes_core!"
-
-# Remove ip_forward setting from sysctl, so NM will not reset it
-sed 's/^net.ipv4.ip_forward.*/#\0/'  -i /etc/sysctl.conf
-
-%preun
-if [ "$1" = 0 ] ; then
-    # no more packages left
-    chkconfig qubes_core_netvm off
-fi
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(-,root,root,-)
-/etc/init.d/qubes_core_netvm
-/usr/lib/qubes/qubes_setup_dnat_to_ns
-/usr/lib/qubes/qubes_fix_nm_conf.sh
-/etc/dhclient.d/qubes_setup_dnat_to_ns.sh
-/etc/NetworkManager/dispatcher.d/qubes_nmhook
-/etc/NetworkManager/dispatcher.d/30-qubes_external_ip
-/etc/xen/scripts/vif-route-qubes

rpm_spec/core-proxyvm.spec

@@ -1,80 +0,0 @@
-#
-# The Qubes OS Project, http://www.qubes-os.org
-#
-# Copyright (C) 2010  Joanna Rutkowska <joanna@invisiblethingslab.com>
-# Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#
-#
-
-%{!?version: %define version %(cat version_vm)}
-
-Name:		qubes-core-proxyvm
-Version:	%{version}
-Release:	1%{dist}
-Summary:	The Qubes core files for NetVM
-
-Group:		Qubes
-Vendor:		Invisible Things Lab
-License:	GPL
-URL:		http://www.qubes-os.org
-Requires:	/usr/bin/xenstore-read
-Requires:   /sbin/ethtool
-Requires:   fedora-release
-Requires:   qubes-core-netvm
-
-%define _builddir %(pwd)/proxyvm
-
-%description
-The Qubes core files for installation inside a Qubes ProxyVM in addition to NetVM scripts.
-
-%pre
-
-%build
-
-%install
-
-mkdir -p $RPM_BUILD_ROOT/etc/init.d
-cp init.d/qubes_firewall $RPM_BUILD_ROOT/etc/init.d/
-cp init.d/qubes_netwatcher $RPM_BUILD_ROOT/etc/init.d/
-mkdir -p $RPM_BUILD_ROOT/usr/sbin
-cp bin/qubes_firewall $RPM_BUILD_ROOT/usr/sbin/
-cp bin/qubes_netwatcher $RPM_BUILD_ROOT/usr/sbin/
-
-%post
-
-chkconfig --add qubes_firewall || echo "WARNING: Cannot add service qubes_core!"
-chkconfig qubes_firewall on || echo "WARNING: Cannot enable service qubes_core!"
-
-chkconfig --add qubes_netwatcher || echo "WARNING: Cannot add service qubes_core!"
-chkconfig qubes_netwatcher on || echo "WARNING: Cannot enable service qubes_core!"
-
-%preun
-if [ "$1" = 0 ] ; then
-    # no more packages left
-    chkconfig qubes_firewall off
-    chkconfig qubes_netwatcher off
-fi
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(-,root,root,-)
-/etc/init.d/qubes_firewall
-/etc/init.d/qubes_netwatcher
-/usr/sbin/qubes_firewall
-/usr/sbin/qubes_netwatcher

rpm_spec/core-vm.spec

@@ -0,0 +1,564 @@
+#
+# The Qubes OS Project, http://www.qubes-os.org
+#
+# Copyright (C) 2010  Joanna Rutkowska <joanna@invisiblethingslab.com>
+# Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+#
+
+%{!?version: %define version %(cat version_vm)}
+
+Name:		qubes-core-vm
+Version:	%{version}
+Release:	1%{dist}
+Summary:	The Qubes core files for VM
+
+Group:		Qubes
+Vendor:		Invisible Things Lab
+License:	GPL
+URL:		http://www.qubes-os.org
+Requires:	/usr/bin/xenstore-read
+Requires:   fedora-release
+Requires:   yum-plugin-post-transaction-actions
+Requires:   NetworkManager >= 0.8.1-1
+Requires:	/usr/bin/mimeopen
+Requires:   /sbin/ethtool
+Provides:   qubes-core-vm
+Obsoletes:  qubes-core-commonvm
+Obsoletes:  qubes-core-appvm
+Obsoletes:  qubes-core-netvm
+Obsoletes:  qubes-core-proxyvm
+BuildRequires: xen-devel
+
+%define _builddir %(pwd)
+
+%define kde_service_dir /usr/share/kde4/services/ServiceMenus
+
+%description
+The Qubes core files for installation inside a Qubes VM.
+
+%build
+make -C misc
+make -C qubes_rpc
+make -C qrexec
+make -C vchan
+make -C u2mfn
+
+%pre
+
+if [ "$1" !=  1 ] ; then
+# do this whole %pre thing only when updating for the first time...
+exit 0
+fi
+
+mkdir -p /var/lib/qubes
+if [ -e /etc/fstab ] ; then 
+mv /etc/fstab /var/lib/qubes/fstab.orig
+fi
+
+adduser --create-home user
+su user -c 'mkdir -p /home/user/.local/share'
+su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts'
+su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"'
+su user -c 'ln -s /usr/bin/qvm-open-in-dvm /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"'
+su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created'
+su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created2'
+
+%install
+
+install -D misc/fstab $RPM_BUILD_ROOT/etc/fstab
+install -d $RPM_BUILD_ROOT/etc/init.d
+install vm-init.d/* $RPM_BUILD_ROOT/etc/init.d/
+
+install -d $RPM_BUILD_ROOT/lib/systemd/system $RPM_BUILD_ROOT/usr/lib/qubes/init
+install -m 0755 vm-systemd/*.sh $RPM_BUILD_ROOT/usr/lib/qubes/init/
+install -m 0644 vm-systemd/qubes-*.service $RPM_BUILD_ROOT/lib/systemd/system/
+install -m 0644 vm-systemd/NetworkManager.service $RPM_BUILD_ROOT/usr/lib/qubes/init/
+install -m 0644 vm-systemd/cups.service $RPM_BUILD_ROOT/usr/lib/qubes/init/
+install -m 0644 vm-systemd/ntpd.service $RPM_BUILD_ROOT/usr/lib/qubes/init/
+
+install -D -m 0440 misc/qubes.sudoers $RPM_BUILD_ROOT/etc/sudoers.d/qubes
+install -D misc/qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d/qubes.repo
+install -D misc/serial.conf $RPM_BUILD_ROOT/usr/lib/qubes/serial.conf
+install -D misc/qubes_serial_login $RPM_BUILD_ROOT/sbin/qubes_serial_login
+install -d $RPM_BUILD_ROOT/usr/share/glib-2.0/schemas/
+install misc/org.gnome.settings-daemon.plugins.updates.gschema.override $RPM_BUILD_ROOT/usr/share/glib-2.0/schemas/
+
+install -d $RPM_BUILD_ROOT/var/lib/qubes
+
+install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-gpg
+install -m 644 misc/RPM-GPG-KEY-qubes* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/
+install -D misc/xenstore-watch $RPM_BUILD_ROOT/usr/bin/xenstore-watch-qubes
+install -d $RPM_BUILD_ROOT/etc/udev/rules.d
+install  misc/qubes_memory.rules $RPM_BUILD_ROOT/etc/udev/rules.d/50-qubes_memory.rules
+install  misc/qubes_block.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_block.rules
+install -d $RPM_BUILD_ROOT/usr/lib/qubes/
+install misc/qubes_download_dom0_updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/
+install misc/{block_add_change,block_remove,block_cleanup} $RPM_BUILD_ROOT/usr/lib/qubes/
+install misc/qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/
+install -D misc/qubes_trigger_sync_appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/qubes_trigger_sync_appmenus.action
+mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
+
+install -D misc/qubes_core.modules $RPM_BUILD_ROOT/etc/sysconfig/modules/qubes_core.modules
+
+install network/qubes_network.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_network.rules
+install network/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/usr/lib/qubes
+install network/qubes_fix_nm_conf.sh $RPM_BUILD_ROOT/usr/lib/qubes
+install network/setup_ip $RPM_BUILD_ROOT/usr/lib/qubes/
+install -d $RPM_BUILD_ROOT/etc/dhclient.d
+ln -s /usr/lib/qubes/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/etc/dhclient.d/qubes_setup_dnat_to_ns.sh 
+install -d $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
+install network/{qubes_nmhook,30-qubes_external_ip} $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
+install -D network/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts/vif-route-qubes
+install -D network/iptables $RPM_BUILD_ROOT/etc/sysconfig/iptables
+
+install -d $RPM_BUILD_ROOT/usr/sbin
+install network/qubes_firewall $RPM_BUILD_ROOT/usr/sbin/
+install network/qubes_netwatcher $RPM_BUILD_ROOT/usr/sbin/
+
+install -d $RPM_BUILD_ROOT/lib/firmware
+ln -s /lib/modules/firmware $RPM_BUILD_ROOT/lib/firmware/updates
+
+install -d $RPM_BUILD_ROOT/usr/bin
+
+install qubes_rpc/{qvm-open-in-dvm,qvm-open-in-vm,qvm-copy-to-vm,qvm-run} $RPM_BUILD_ROOT/usr/bin
+install qubes_rpc/wrap_in_html_if_url.sh $RPM_BUILD_ROOT/usr/lib/qubes
+install qubes_rpc/qvm-copy-to-vm.kde $RPM_BUILD_ROOT/usr/lib/qubes
+install qubes_rpc/qvm-copy-to-vm.gnome $RPM_BUILD_ROOT/usr/lib/qubes
+install qubes_rpc/{vm-file-editor,qfile-agent,qopen-in-vm,qfile-unpacker} $RPM_BUILD_ROOT/usr/lib/qubes
+install qubes_rpc/{vm-shell,qrun-in-vm} $RPM_BUILD_ROOT/usr/lib/qubes
+install -d $RPM_BUILD_ROOT/%{kde_service_dir}
+install qubes_rpc/{qvm-copy.desktop,qvm-dvm.desktop} $RPM_BUILD_ROOT/%{kde_service_dir}
+install -d $RPM_BUILD_ROOT/etc/qubes_rpc
+install qubes_rpc/{qubes.Filecopy,qubes.OpenInVM,qubes.VMShell} $RPM_BUILD_ROOT/etc/qubes_rpc
+
+install qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes
+install qrexec/qrexec_client_vm $RPM_BUILD_ROOT/usr/lib/qubes
+install qrexec/qubes_rpc_multiplexer $RPM_BUILD_ROOT/usr/lib/qubes
+
+install misc/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes
+install -d $RPM_BUILD_ROOT/mnt/removable
+install -d $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates
+
+install -D misc/xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11/xorg-preload-apps.conf
+
+install -d $RPM_BUILD_ROOT/var/run/qubes
+install -d $RPM_BUILD_ROOT/home_volatile/user
+
+install -D vchan/libvchan.h $RPM_BUILD_ROOT/usr/include/libvchan.h
+install -D u2mfn/u2mfnlib.h $RPM_BUILD_ROOT/usr/include/u2mfnlib.h
+install -D u2mfn/u2mfn-kernel.h $RPM_BUILD_ROOT/usr/include/u2mfn-kernel.h
+
+install -D vchan/libvchan.so $RPM_BUILD_ROOT/%{_libdir}/libvchan.so
+install -D u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so
+
+%triggerin -- initscripts
+cp /usr/lib/qubes/serial.conf /etc/init/serial.conf
+
+%post
+
+# disable some Upstart services
+for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do
+	if [ -e /etc/init/$F.conf ]; then
+		mv -f /etc/init/$F.conf /etc/init/$F.conf.disabled
+	fi
+done
+
+remove_ShowIn () {
+	if [ -e /etc/xdg/autostart/$1.desktop ]; then
+		sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop
+	fi
+}
+
+# don't want it at all
+for F in abrt-applet deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto gnome-power-manager gnome-sound-applet gnome-screensaver orca-autostart; do
+	if [ -e /etc/xdg/autostart/$F.desktop ]; then
+		remove_ShowIn $F
+		echo 'NotShowIn=QUBES' >> /etc/xdg/autostart/$F.desktop
+	fi
+done
+
+# don't want it in DisposableVM
+for F in gcm-apply ; do
+	if [ -e /etc/xdg/autostart/$F.desktop ]; then
+		remove_ShowIn $F
+		echo 'NotShowIn=DisposableVM' >> /etc/xdg/autostart/$F.desktop
+	fi
+done
+
+# want it in AppVM only
+for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do
+	if [ -e /etc/xdg/autostart/$F.desktop ]; then
+		remove_ShowIn $F
+		echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop
+	fi
+done
+
+# remove existing rule to add own later
+for F in gpk-update-icon nm-applet ; do
+	remove_ShowIn $F
+done
+
+echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || :
+echo 'OnlyShowIn=GNOME;NetVM;' >> /etc/xdg/autostart/nm-applet.desktop || :
+
+usermod -p '' root
+usermod -L user
+
+# Create NetworkManager configuration if we do not have it
+if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
+echo '[main]' > /etc/NetworkManager/NetworkManager.conf
+echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
+echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
+fi
+/usr/lib/qubes/qubes_fix_nm_conf.sh
+
+
+# Remove ip_forward setting from sysctl, so NM will not reset it
+sed 's/^net.ipv4.ip_forward.*/#\0/'  -i /etc/sysctl.conf
+
+# Prevent unnecessary updates in VMs:
+sed -i -e '/^exclude = kernel/d' /etc/yum.conf
+echo 'exclude = kernel, xorg-x11-drv-*, xorg-x11-drivers, xorg-x11-server-*' >> /etc/yum.conf
+
+if [ "$1" !=  1 ] ; then
+# do the rest of %post thing only when updating for the first time...
+exit 0
+fi
+
+if ! [ -f /var/lib/qubes/serial.orig ] ; then
+	cp /etc/init/serial.conf /var/lib/qubes/serial.orig
+fi
+
+#echo "--> Disabling SELinux..."
+sed -e s/^SELINUX=.*$/SELINUX=disabled/ </etc/selinux/config >/etc/selinux/config.processed
+mv /etc/selinux/config.processed /etc/selinux/config
+setenforce 0 2>/dev/null
+
+# Remove most of the udev scripts to speed up the VM boot time
+# Just leave the xen* scripts, that are needed if this VM was
+# ever used as a net backend (e.g. as a VPN domain in the future)
+#echo "--> Removing unnecessary udev scripts..."
+mkdir -p /var/lib/qubes/removed-udev-scripts
+for f in /etc/udev/rules.d/*
+do
+    if [ $(basename $f) == "xen-backend.rules" ] ; then
+        continue
+    fi
+
+    if [ $(basename $f) == "xend.rules" ] ; then
+        continue
+    fi
+
+    if [ $(basename $f) == "99-qubes_network.rules" ] ; then
+        continue
+    fi
+
+    if [ $(basename $f) == "99-qubes_block.rules" ] ; then
+        continue
+    fi
+
+    if [ $(basename $f) == "90-hal.rules" ] ; then
+        continue
+    fi
+
+
+    mv $f /var/lib/qubes/removed-udev-scripts/
+done
+mkdir -p /rw
+#rm -f /etc/mtab
+#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0"
+#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig
+#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0
+
+%preun
+if [ "$1" = 0 ] ; then
+    # no more packages left
+    mv /var/lib/qubes/fstab.orig /etc/fstab
+    mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
+    mv /var/lib/qubes/serial.orig /etc/init/serial.conf
+fi
+
+%postun
+if [ $1 -eq 0 ] ; then
+    /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
+fi
+
+%posttrans
+    /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(-,root,root,-)
+%dir /var/lib/qubes
+%dir /var/run/qubes
+%dir %attr(0775,user,user) /var/lib/qubes/dom0-updates
+%{kde_service_dir}/qvm-copy.desktop
+%{kde_service_dir}/qvm-dvm.desktop
+/etc/NetworkManager/dispatcher.d/30-qubes_external_ip
+/etc/NetworkManager/dispatcher.d/qubes_nmhook
+/etc/X11/xorg-preload-apps.conf
+/etc/dhclient.d/qubes_setup_dnat_to_ns.sh
+/etc/fstab
+/etc/pki/rpm-gpg/RPM-GPG-KEY-qubes*
+%dir /etc/qubes_rpc
+/etc/qubes_rpc/qubes.Filecopy
+/etc/qubes_rpc/qubes.OpenInVM
+/etc/qubes_rpc/qubes.VMShell
+/etc/sudoers.d/qubes
+/etc/sysconfig/iptables
+/etc/sysconfig/modules/qubes_core.modules
+/etc/udev/rules.d/50-qubes_memory.rules
+/etc/udev/rules.d/99-qubes_block.rules
+/etc/udev/rules.d/99-qubes_network.rules
+/etc/xen/scripts/vif-route-qubes
+/etc/yum.repos.d/qubes.repo
+/etc/yum/post-actions/qubes_trigger_sync_appmenus.action
+/lib/firmware/updates
+/sbin/qubes_serial_login
+/usr/bin/qvm-copy-to-vm
+/usr/bin/qvm-open-in-dvm
+/usr/bin/qvm-open-in-vm
+/usr/bin/qvm-run
+/usr/bin/xenstore-watch-qubes
+%dir /usr/lib/qubes
+/usr/lib/qubes/block_add_change
+/usr/lib/qubes/block_cleanup
+/usr/lib/qubes/block_remove
+/usr/lib/qubes/meminfo-writer
+/usr/lib/qubes/qfile-agent
+/usr/lib/qubes/qfile-unpacker
+/usr/lib/qubes/qopen-in-vm
+/usr/lib/qubes/qrexec_agent
+/usr/lib/qubes/qrexec_client_vm
+/usr/lib/qubes/qrun-in-vm
+/usr/lib/qubes/qubes_download_dom0_updates.sh
+/usr/lib/qubes/qubes_fix_nm_conf.sh
+/usr/lib/qubes/qubes_rpc_multiplexer
+/usr/lib/qubes/qubes_setup_dnat_to_ns
+/usr/lib/qubes/qubes_trigger_sync_appmenus.sh
+/usr/lib/qubes/qvm-copy-to-vm.gnome
+/usr/lib/qubes/qvm-copy-to-vm.kde
+/usr/lib/qubes/serial.conf
+/usr/lib/qubes/setup_ip
+/usr/lib/qubes/vm-file-editor
+/usr/lib/qubes/vm-shell
+/usr/lib/qubes/wrap_in_html_if_url.sh
+/usr/sbin/qubes_firewall
+/usr/sbin/qubes_netwatcher
+/usr/share/glib-2.0/schemas/org.gnome.settings-daemon.plugins.updates.gschema.override
+%dir /home_volatile
+%attr(700,user,user) /home_volatile/user
+%dir /mnt/removable
+
+
+%package devel
+Summary:        Include files for qubes core libraries
+License:        GPL v2 only
+Group:          Development/Sources 
+Obsoletes:      qubes-core-appvm-devel
+
+%description devel
+
+%files devel
+/usr/include/libvchan.h
+/usr/include/u2mfnlib.h
+/usr/include/u2mfn-kernel.h
+
+%package libs
+Summary:        Qubes core libraries
+License:        GPL v2 only
+Group:          Development/Sources 
+Obsoletes:      qubes-core-appvm-libs
+
+%description libs
+
+%files libs
+%{_libdir}/libvchan.so
+%{_libdir}/libu2mfn.so
+
+%package sysvinit
+Summary:        Qubes unit files for SysV init style or upstart
+License:        GPL v2 only
+Group:          Qubes
+Requires:       upstart
+Requires:       qubes-core-vm
+Provides:       qubes-core-vm-init-scripts
+Conflicts:      qubes-core-vm-systemd
+
+%description sysvinit
+The Qubes core startup configuration for SysV init (or upstart).
+
+%files sysvinit
+/etc/init.d/qubes_core
+/etc/init.d/qubes_core_appvm
+/etc/init.d/qubes_core_netvm
+/etc/init.d/qubes_firewall
+/etc/init.d/qubes_netwatcher
+
+%post sysvinit
+
+#echo "--> Turning off unnecessary services..."
+# FIXME: perhaps there is more elegant way to do this?
+for f in /etc/init.d/*
+do
+        srv=`basename $f`
+        [ $srv = 'functions' ] && continue
+        [ $srv = 'killall' ] && continue
+        [ $srv = 'halt' ] && continue
+        [ $srv = 'single' ] && continue
+        [ $srv = 'reboot' ] && continue
+        [ $srv = 'qubes_gui' ] && continue
+        chkconfig $srv off
+done
+
+#echo "--> Enabling essential services..."
+chkconfig rsyslog on
+chkconfig haldaemon on
+chkconfig messagebus on
+chkconfig iptables on
+chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!"
+chkconfig qubes_core on || echo "WARNING: Cannot enable service qubes_core!"
+chkconfig --add qubes_core_netvm || echo "WARNING: Cannot add service qubes_core!"
+chkconfig qubes_core_netvm on || echo "WARNING: Cannot enable service qubes_core!"
+chkconfig --add qubes_core_appvm || echo "WARNING: Cannot add service qubes_core!"
+chkconfig qubes_core_appvm on || echo "WARNING: Cannot enable service qubes_core!"
+chkconfig --add qubes_firewall || echo "WARNING: Cannot add service qubes_core!"
+chkconfig qubes_firewall on || echo "WARNING: Cannot enable service qubes_core!"
+chkconfig --add qubes_netwatcher || echo "WARNING: Cannot add service qubes_core!"
+chkconfig qubes_netwatcher on || echo "WARNING: Cannot enable service qubes_core!"
+
+# TODO: make this not display the silly message about security context...
+sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab
+
+%preun sysvinit
+if [ "$1" = 0 ] ; then
+    # no more packages left
+    chkconfig qubes_core off
+    chkconfig qubes_core_netvm off
+    chkconfig qubes_core_appvm off
+    chkconfig qubes_firewall off
+    chkconfig qubes_netwatcher off
+fi
+
+%package systemd
+Summary:        Qubes unit files for SystemD init style
+License:        GPL v2 only
+Group:          Qubes
+Requires:       systemd
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+Requires:       qubes-core-vm
+Provides:       qubes-core-vm-init-scripts
+Conflicts:      qubes-core-vm-sysvinit
+
+%description systemd
+The Qubes core startup configuration for SystemD init.
+
+%files systemd
+%defattr(-,root,root,-)
+/lib/systemd/system/qubes-dvm.service
+/lib/systemd/system/qubes-meminfo-writer.service
+/lib/systemd/system/qubes-qrexec-agent.service
+/lib/systemd/system/qubes-misc-post.service
+/lib/systemd/system/qubes-firewall.service
+/lib/systemd/system/qubes-netwatcher.service
+/lib/systemd/system/qubes-network.service
+/lib/systemd/system/qubes-sysinit.service
+%dir /usr/lib/qubes/init
+/usr/lib/qubes/init/prepare-dvm.sh
+/usr/lib/qubes/init/network-proxy-setup.sh
+/usr/lib/qubes/init/misc-post.sh
+/usr/lib/qubes/init/qubes-sysinit.sh
+/usr/lib/qubes/init/NetworkManager.service
+/usr/lib/qubes/init/cups.service
+/usr/lib/qubes/init/ntpd.service
+%ghost %attr(0644,root,root) /etc/systemd/system/NetworkManager.service
+%ghost %attr(0644,root,root) /etc/systemd/system/cups.service
+
+%post systemd
+
+for srv in qubes-dvm qubes-meminfo-writer qubes-qrexec-agent qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network; do
+    /bin/systemctl enable $srv.service
+done
+
+# Install overriden services only when original exists
+for srv in cups NetworkManager ntpd; do
+    if [ -f /lib/systemd/system/$srv.service ]; then
+        cp /usr/lib/qubes/init/$srv.service /etc/systemd/system/$srv.service
+    fi
+done
+
+# Set default "runlevel"
+rm -f /etc/systemd/system/default.target
+ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+
+# Services to disable
+#echo "--> Turning off unnecessary services..."
+# FIXME: perhaps there is more elegant way to do this?
+for f in /etc/init.d/*
+do
+        srv=`basename $f`
+        [ $srv = 'functions' ] && continue
+        [ $srv = 'killall' ] && continue
+        [ $srv = 'halt' ] && continue
+        [ $srv = 'single' ] && continue
+        [ $srv = 'reboot' ] && continue
+        [ $srv = 'qubes_gui' ] && continue
+        chkconfig $srv off
+done
+
+DISABLE_SERVICES="alsa-store alsa-restore auditd backuppc cpuspeed crond dbus-org.freedesktop.Avahi"
+DISABLE_SERVICES="$DISABLE_SERVICES fedora-autorelabel fedora-autorelabel-mark ipmi hwclock-load hwclock-save"
+DISABLE_SERVICES="$DISABLE_SERVICES mdmonitor multipathd openct rpcbind mcelog fedora-storage-init fedora-storage-init-late"
+DISABLE_SERVICES="$DISABLE_SERVICES plymouth-start plymouth-read-write plymouth-quit plymouth-quit-wait"
+for srv in $DISABLE_SERVICES; do
+    if [ -f /lib/systemd/system/$srv.service ]; then
+        if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then
+            /bin/systemctl disable $srv.service
+        else
+            # forcibly disable
+            ln -sf /dev/null /etc/systemd/system/$srv.service
+        fi
+    fi
+done
+
+rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
+
+# Enable some services
+/bin/systemctl enable iptables.service
+/bin/systemctl enable rsyslog.service
+/bin/systemctl enable ntpd.service
+/bin/systemctl enable NetworkManager.service
+# Enable cups only when it is real SystemD service
+[ -e /lib/systemd/system/cups.service ] && /bin/systemctl enable cups.service
+
+exit 0
+
+%postun systemd
+
+#Do not run this part on upgrades
+if [ "$1" != 0 ] ; then
+    exit 0
+fi
+
+for srv in qubes-dvm qubes-meminfo-writer qubes-qrexec-agent qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network; do
+    /bin/systemctl disable $srv.service
+do

vm-systemd/NetworkManager.service

@@ -0,0 +1,3 @@
+.include /lib/systemd/system/NetworkManager.service
+[Unit]
+ConditionPathExists=/var/run/qubes-service/network-manager

vm-systemd/cups.service

@@ -0,0 +1,3 @@
+.include /lib/systemd/system/cups.service
+[Unit]
+ConditionPathExists=/var/run/qubes-service/cups

vm-systemd/misc-post.sh

@@ -0,0 +1,60 @@
+#!/bin/sh
+
+# Set IP address again (besides action in udev rules); this is needed by
+# DispVM (to override DispVM-template IP) and in case when qubes_ip was
+# called by udev before loading evtchn kernel module - in which case
+# xenstore-read fails
+INTERFACE=eth0 /usr/lib/qubes/setup_ip
+
+if [ -e /dev/xvdb ] ; then
+    mount /rw
+
+    if ! [ -d /rw/home ] ; then
+        echo
+        echo "--> Virgin boot of the VM: Linking /home to /rw/home"
+
+        mkdir -p /rw/config
+        touch /rw/config/rc.local
+
+        mkdir -p /rw/home
+        cp -a /home.orig/user /home
+
+        mkdir -p /rw/usrlocal
+        cp -a /usr/local.orig/* /usr/local
+
+        touch /var/lib/qubes/first_boot_completed
+    fi
+fi
+
+[ -x /rw/config/rc.local ] && /rw/config/rc.local
+
+if ! [ -f /home/user/.gnome2/nautilus-scripts/.scripts_created ] ; then
+    echo "Creating symlinks for nautilus actions..."
+    su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts'
+    su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"'
+    su user -c 'ln -s /usr/bin/qvm-open-in-dvm /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"'
+    su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created'
+fi
+
+if ! [ -f /home/user/.gnome2/nautilus-scripts/.scripts_created2 ] ; then
+    # as we have recently renamed tools, the symlinks would need to be fixed for older templates
+    su user -c 'ln -sf /usr/lib/qubes/qvm-copy-to-vm.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"'
+    su user -c 'ln -sf /usr/bin/qvm-open-in-dvm /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"'
+    su user -c 'touch /home/user/.gnome2/nautilus-scripts/.scripts_created2'
+fi
+
+# Start services which haven't own proper systemd unit:
+
+# Start AppVM specific services
+if [ ! -f /etc/systemd/system/cups.service ]; then
+    if [ -f /var/run/qubes-service/cups ]; then
+        /sbin/service cups start
+        # Allow also notification icon
+        sed -i -e '/^NotShowIn=.*QUBES/s/;QUBES//' /etc/xdg/autostart/print-applet.desktop
+    else
+        # Disable notification icon
+        sed -i -e '/QUBES/!s/^NotShowIn=.*/\1QUBES;/' /etc/xdg/autostart/print-applet.desktop
+    fi
+fi
+
+exit 0

vm-systemd/network-proxy-setup.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# Setup gateway for all the VMs this netVM is serviceing...
+network=$(/usr/bin/xenstore-read qubes_netvm_network 2>/dev/null)
+if [ "x$network" != "x" ]; then
+    gateway=$(/usr/bin/xenstore-read qubes_netvm_gateway)
+    netmask=$(/usr/bin/xenstore-read qubes_netvm_netmask)
+    secondary_dns=$(/usr/bin/xenstore-read qubes_netvm_secondary_dns)
+    modprobe netbk 2> /dev/null || modprobe xen-netback
+    echo "NS1=$gateway" > /var/run/qubes/qubes_ns
+    echo "NS2=$secondary_dns" >> /var/run/qubes/qubes_ns
+    /usr/lib/qubes/qubes_setup_dnat_to_ns
+    echo "1" > /proc/sys/net/ipv4/ip_forward
+fi

vm-systemd/ntpd.service

@@ -0,0 +1,3 @@
+.include /lib/systemd/system/ntpd.service
+[Unit]
+ConditionPathExists=/var/run/qubes-service/ntpd

vm-systemd/prepare-dvm.sh

@@ -0,0 +1,30 @@
+#!/bin/sh
+
+possibly_run_save_script()
+{
+	ENCODED_SCRIPT=$(xenstore-read qubes_save_script)
+	if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi
+	echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64(<STDIN>)' >/tmp/qubes_save_script
+	chmod 755 /tmp/qubes_save_script
+	Xorg -config /etc/X11/xorg-preload-apps.conf :0 &
+	sleep 2
+	DISPLAY=:0 su - user -c /tmp/qubes_save_script
+	killall Xorg
+}
+
+if xenstore-read qubes_save_request 2>/dev/null ; then
+    ln -sf /home_volatile /home
+    possibly_run_save_script 
+    touch /etc/this_is_dvm
+    dmesg -c >/dev/null
+    free | grep Mem: | 
+        (read a b c d ; xenstore-write device/qubes_used_mem $c)
+    # we're still running in DispVM template
+    echo "Waiting for save/restore..."
+    # ... wait until qubes_restore.c (in Dom0) recreates VM-specific keys
+    while ! xenstore-read qubes_restore_complete 2>/dev/null ; do 
+        usleep 10
+    done
+    echo Back to life.
+fi
+

vm-systemd/qubes-dvm.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Prepare Qubes DispVM Template
+ConditionPathExists=/var/run/qubes-service/qubes-dvm
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/lib/qubes/init/prepare-dvm.sh
+StandardOutput=syslog
+
+[Install]
+WantedBy=multi-user.target

vm-systemd/qubes-firewall.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Qubes firewall updater
+ConditionPathExists=/var/run/qubes-service/qubes-firewall
+
+[Service]
+ExecStart=/usr/sbin/qubes_firewall
+StandardOutput=syslog
+
+[Install]
+WantedBy=multi-user.target

vm-systemd/qubes-meminfo-writer.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Qubes memory information reporter
+ConditionPathExists=/var/run/qubes-service/meminfo-writer
+
+[Service]
+Type=forking
+ExecStart=/usr/lib/qubes/meminfo-writer 30000 100000 /var/run/meminfo-writer.pid
+PIDFile=/var/run/meminfo-writer.pid
+StandardOutput=syslog
+
+[Install]
+WantedBy=multi-user.target

vm-systemd/qubes-misc-post.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Qubes misc post-boot actions
+After=qubes-dvm.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/lib/qubes/init/misc-post.sh
+
+[Install]
+WantedBy=multi-user.target

vm-systemd/qubes-netwatcher.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Qubes network monitor
+ConditionPathExists=/var/run/qubes-service/qubes-netwatcher
+After=qubes-firewall.service
+
+[Service]
+ExecStart=/usr/sbin/qubes_netwatcher
+StandardOutput=syslog
+
+[Install]
+WantedBy=multi-user.target

vm-systemd/qubes-network.service

@@ -0,0 +1,15 @@
+[Unit]
+Names=qubes_firewall.service
+Description=Qubes network forwarding setup
+ConditionPathExists=/var/run/qubes-service/qubes-network
+Before=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStartPre=/sbin/ethtool -K eth0 sg off
+ExecStart=/usr/lib/qubes/init/network-proxy-setup.sh
+StandardOutput=syslog
+
+[Install]
+WantedBy=multi-user.target

vm-systemd/qubes-qrexec-agent.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Qubes remote exec agent
+After=qubes-dvm.service
+
+[Service]
+ExecStart=/usr/lib/qubes/qrexec_agent
+StandardOutput=syslog
+
+[Install]
+WantedBy=multi-user.target

vm-systemd/qubes-sysinit.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Init Qubes Services settings
+DefaultDependencies=no
+Before=sysinit.target
+After=local-fs.target proc-xen.mount
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/lib/qubes/init/qubes-sysinit.sh
+StandardOutput=syslog
+
+[Install]
+WantedBy=sysinit.target

vm-systemd/qubes-sysinit.sh

@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# List of services enabled by default (in case of absence of xenstore entry)
+DEFAULT_ENABLED_NETVM="network-manager qubes-network"
+DEFAULT_ENABLED_PROXYVM="meminfo-writer qubes-network qubes-firewall qubes-netwatcher"
+DEFAULT_ENABLED_APPVM="meminfo-writer"
+DEFAULT_ENABLED="meminfo-writer"
+
+XS_READ=/usr/bin/xenstore-read
+XS_LS=/usr/bin/xenstore-ls
+
+read_service() {
+    $XS_READ qubes-service/$1 2> /dev/null
+}
+
+mkdir -p /var/run/qubes
+mkdir -p /var/run/qubes-service
+mkdir -p /var/run/xen-hotplug
+
+# Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read
+chmod 666 /proc/xen/xenbus
+
+# Set default services depending on VM type
+TYPE=`$XS_READ qubes_vm_type 2> /dev/null`
+[ "$TYPE" == "AppVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM
+[ "$TYPE" == "NetVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_NETVM
+[ "$TYPE" == "ProxyVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_PROXYVM
+
+# Enable default services
+for srv in $DEFAULT_ENABLED; do
+    touch /var/run/qubes-service/$srv
+done
+
+# Enable services
+for srv in `$XS_LS qubes-service 2>/dev/null |grep ' = "1"'|cut -f 1 -d ' '`; do
+    touch /var/run/qubes-service/$srv
+done
+
+# Disable services
+for srv in `$XS_LS qubes-service 2>/dev/null |grep ' = "0"'|cut -f 1 -d ' '`; do
+    rm -f /var/run/qubes-service/$srv
+done
+
+# Set the hostname
+name=`$XS_READ name`
+if [ -n "$name" ]; then
+    hostname $name
+    (grep -v "\<$name\>" /etc/hosts; echo "127.0.0.1 $name") > /etc/hosts
+fi
+