Implement qubes.PostInstall service

This is meant to notify dom0 about features supported by just-installed
template. This service is called by dom0 just after template
installation.

Fixes QubesOS/qubes-issues#1637
Documentation pending: QubesOS/qubes-issues#2829

Makefile

@@ -271,11 +271,15 @@ install-common:
 	install -m 0755 qubes-rpc/qubes.ResizeDisk $(DESTDIR)/etc/qubes-rpc
 	install -m 0755 qubes-rpc/qubes.StartApp $(DESTDIR)/etc/qubes-rpc
 	install -m 0755 qubes-rpc/qubes.UpdatesProxy $(DESTDIR)/etc/qubes-rpc
+	install -m 0755 qubes-rpc/qubes.PostInstall $(DESTDIR)/etc/qubes-rpc
 
 	install -d $(DESTDIR)/etc/qubes/suspend-pre.d
 	install -m 0644 qubes-rpc/suspend-pre.README $(DESTDIR)/etc/qubes/suspend-pre.d/README
 	install -d $(DESTDIR)/etc/qubes/suspend-post.d
 	install -m 0644 qubes-rpc/suspend-post.README $(DESTDIR)/etc/qubes/suspend-post.d/README
+	install -d $(DESTDIR)/etc/qubes/post-install.d
+	install -m 0644 post-install.d/README $(DESTDIR)/etc/qubes/post-install.d/
+	install -m 0755 post-install.d/*.sh $(DESTDIR)/etc/qubes/post-install.d/
 
 	install -d $(DESTDIR)/usr/share/nautilus-python/extensions
 	install -m 0644 qubes-rpc/*_nautilus.py $(DESTDIR)/usr/share/nautilus-python/extensions

debian/control

@@ -42,6 +42,7 @@ Depends:
     util-linux,
     python2.7,
     python-daemon,
+    python-qubesdb,
     python-gi,
     python-xdg,
     python-dbus,

debian/qubes-core-agent.install

@@ -19,6 +19,7 @@ etc/qubes-rpc/qubes.GetImageRGBA
 etc/qubes-rpc/qubes.InstallUpdatesGUI
 etc/qubes-rpc/qubes.OpenInVM
 etc/qubes-rpc/qubes.OpenURL
+etc/qubes-rpc/qubes.PostInstall
 etc/qubes-rpc/qubes.ResizeDisk
 etc/qubes-rpc/qubes.Restore
 etc/qubes-rpc/qubes.SelectDirectory
@@ -37,6 +38,8 @@ etc/qubes-suspend-module-blacklist
 etc/qubes/autostart/*
 etc/qubes/ip6tables.rules
 etc/qubes/iptables.rules
+etc/qubes/post-install.d/README
+etc/qubes/post-install.d/*.sh
 etc/qubes/suspend-post.d/README
 etc/qubes/suspend-pre.d/README
 etc/sudoers.d/qt_x11_no_mitshm

post-install.d/10-qubes-core-agent-appmenus.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+/usr/lib/qubes/qubes-trigger-sync-appmenus.sh

post-install.d/10-qubes-core-agent-features.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# announce features supported by this template
+
+qvm-features-request qrexec=1
+
+if [ -x /usr/bin/qubes-gui ]; then
+    qvm-features-request gui=1
+fi

post-install.d/90-qubes-core-agent.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+# Actually send requested features to dom0. Then dom0 will evaluate them and
+# adjust appropriate settings (or ignore).
+
+qvm-features-request --commit

post-install.d/README

@@ -0,0 +1,3 @@
+All executable files with `.sh` suffix in this directory will be executed as
+root just after template installation. Template VM may not have access to the
+network at this time yet.

qubes-rpc/qubes.PostInstall

@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# The Qubes OS Project, http://www.qubes-os.org
+#
+# Copyright (C) 2017  Marek Marczykowski-Górecki
+#                                     <marmarek@invisiblethingslab.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+#
+
+for script in /etc/qubes/post-install.d/*.sh; do
+    if [ -x "$script" ]; then
+        "$script"
+    fi
+done

rpm_spec/core-vm.spec

@@ -140,6 +140,8 @@ Requires:   dbus-python
 # for qubes-session-autostart, xdg-icon
 Requires:   pyxdg
 Requires:   python-daemon
+# for qvm-feature-request
+Requires:   python2-qubesdb
 Requires:   nftables
 Requires:   ImageMagick
 Requires:   librsvg2-tools
@@ -442,6 +444,7 @@ rm -f %{name}-%{version}
 %config(noreplace) /etc/qubes-rpc/qubes.ResizeDisk
 %config(noreplace) /etc/qubes-rpc/qubes.StartApp
 %config(noreplace) /etc/qubes-rpc/qubes.UpdatesProxy
+%config(noreplace) /etc/qubes-rpc/qubes.PostInstall
 %dir /etc/qubes/autostart
 /etc/qubes/autostart/README.txt
 %config /etc/qubes/autostart/*.desktop.d/30_qubes.conf
@@ -449,6 +452,9 @@ rm -f %{name}-%{version}
 /etc/qubes/suspend-pre.d/README
 %dir /etc/qubes/suspend-post.d
 /etc/qubes/suspend-post.d/README
+%dir /etc/qubes/post-install.d
+/etc/qubes/post-install.d/README
+/etc/qubes/post-install.d/*.sh
 %config(noreplace) /etc/sudoers.d/qubes
 %config(noreplace) /etc/sudoers.d/qt_x11_no_mitshm
 %config(noreplace) /etc/sysctl.d/20_tcp_timestamps.conf