Implement qubes.PostInstall service

This is meant to notify dom0 about features supported by just-installed template. This service is called by dom0 just after template installation. Fixes QubesOS/qubes-issues#1637 Documentation pending: QubesOS/qubes-issues#2829
2017-05-26 05:19:21 +02:00 · 2017-05-26 05:19:21 +02:00 · 8694931665
commit 8694931665
parent b49ae50ad5
9 changed files with 63 additions and 0 deletions
--- a/4
+++ b/4
@ -271,11 +271,15 @@ install-common:
 	install -m 0755 qubes-rpc/qubes.ResizeDisk $(DESTDIR)/etc/qubes-rpc
 	install -m 0755 qubes-rpc/qubes.StartApp $(DESTDIR)/etc/qubes-rpc
 	install -m 0755 qubes-rpc/qubes.UpdatesProxy $(DESTDIR)/etc/qubes-rpc
+	install -m 0755 qubes-rpc/qubes.PostInstall $(DESTDIR)/etc/qubes-rpc

 	install -d $(DESTDIR)/etc/qubes/suspend-pre.d
 	install -m 0644 qubes-rpc/suspend-pre.README $(DESTDIR)/etc/qubes/suspend-pre.d/README
 	install -d $(DESTDIR)/etc/qubes/suspend-post.d
 	install -m 0644 qubes-rpc/suspend-post.README $(DESTDIR)/etc/qubes/suspend-post.d/README
+	install -d $(DESTDIR)/etc/qubes/post-install.d
+	install -m 0644 post-install.d/README $(DESTDIR)/etc/qubes/post-install.d/
+	install -m 0755 post-install.d/*.sh $(DESTDIR)/etc/qubes/post-install.d/

 	install -d $(DESTDIR)/usr/share/nautilus-python/extensions
 	install -m 0644 qubes-rpc/*_nautilus.py $(DESTDIR)/usr/share/nautilus-python/extensions
--- a/debian/control
+++ b/debian/control
@ -42,6 +42,7 @@ Depends:
    util-linux,
    python2.7,
    python-daemon,
+    python-qubesdb,
    python-gi,
    python-xdg,
    python-dbus,
--- a/debian/qubes-core-agent.install
+++ b/debian/qubes-core-agent.install
@ -19,6 +19,7 @@ etc/qubes-rpc/qubes.GetImageRGBA
 etc/qubes-rpc/qubes.InstallUpdatesGUI
 etc/qubes-rpc/qubes.OpenInVM
 etc/qubes-rpc/qubes.OpenURL
+etc/qubes-rpc/qubes.PostInstall
 etc/qubes-rpc/qubes.ResizeDisk
 etc/qubes-rpc/qubes.Restore
 etc/qubes-rpc/qubes.SelectDirectory
@ -37,6 +38,8 @@ etc/qubes-suspend-module-blacklist
 etc/qubes/autostart/*
 etc/qubes/ip6tables.rules
 etc/qubes/iptables.rules
+etc/qubes/post-install.d/README
+etc/qubes/post-install.d/*.sh
 etc/qubes/suspend-post.d/README
 etc/qubes/suspend-pre.d/README
 etc/sudoers.d/qt_x11_no_mitshm
--- a/post-install.d/10-qubes-core-agent-appmenus.sh
+++ b/post-install.d/10-qubes-core-agent-appmenus.sh
@ -0,0 +1,3 @@
+#!/bin/sh
+
+/usr/lib/qubes/qubes-trigger-sync-appmenus.sh
--- a/post-install.d/10-qubes-core-agent-features.sh
+++ b/post-install.d/10-qubes-core-agent-features.sh
@ -0,0 +1,9 @@
+#!/bin/sh
+
+# announce features supported by this template
+
+qvm-features-request qrexec=1
+
+if [ -x /usr/bin/qubes-gui ]; then
+    qvm-features-request gui=1
+fi
--- a/post-install.d/90-qubes-core-agent.sh
+++ b/post-install.d/90-qubes-core-agent.sh
@ -0,0 +1,6 @@
+#!/bin/sh
+
+# Actually send requested features to dom0. Then dom0 will evaluate them and
+# adjust appropriate settings (or ignore).
+
+qvm-features-request --commit
--- a/post-install.d/README
+++ b/post-install.d/README
@ -0,0 +1,3 @@
+All executable files with `.sh` suffix in this directory will be executed as
+root just after template installation. Template VM may not have access to the
+network at this time yet.
--- a/qubes-rpc/qubes.PostInstall
+++ b/qubes-rpc/qubes.PostInstall
@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# The Qubes OS Project, http://www.qubes-os.org
+#
+# Copyright (C) 2017  Marek Marczykowski-Górecki
+#                                     <marmarek@invisiblethingslab.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+#
+
+for script in /etc/qubes/post-install.d/*.sh; do
+    if [ -x "$script" ]; then
+        "$script"
+    fi
+done
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@ -140,6 +140,8 @@ Requires:   dbus-python
 # for qubes-session-autostart, xdg-icon
 Requires:   pyxdg
 Requires:   python-daemon
+# for qvm-feature-request
+Requires:   python2-qubesdb
 Requires:   nftables
 Requires:   ImageMagick
 Requires:   librsvg2-tools
@ -442,6 +444,7 @@ rm -f %{name}-%{version}
 %config(noreplace) /etc/qubes-rpc/qubes.ResizeDisk
 %config(noreplace) /etc/qubes-rpc/qubes.StartApp
 %config(noreplace) /etc/qubes-rpc/qubes.UpdatesProxy
+%config(noreplace) /etc/qubes-rpc/qubes.PostInstall
 %dir /etc/qubes/autostart
 /etc/qubes/autostart/README.txt
 %config /etc/qubes/autostart/*.desktop.d/30_qubes.conf
@ -449,6 +452,9 @@ rm -f %{name}-%{version}
 /etc/qubes/suspend-pre.d/README
 %dir /etc/qubes/suspend-post.d
 /etc/qubes/suspend-post.d/README
+%dir /etc/qubes/post-install.d
+/etc/qubes/post-install.d/README
+/etc/qubes/post-install.d/*.sh
 %config(noreplace) /etc/sudoers.d/qubes
 %config(noreplace) /etc/sudoers.d/qt_x11_no_mitshm
 %config(noreplace) /etc/sysctl.d/20_tcp_timestamps.conf