From 8694931665519d08d17594b6592e84323587594a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 26 May 2017 05:19:21 +0200 Subject: [PATCH] Implement qubes.PostInstall service This is meant to notify dom0 about features supported by just-installed template. This service is called by dom0 just after template installation. Fixes QubesOS/qubes-issues#1637 Documentation pending: QubesOS/qubes-issues#2829 --- Makefile | 4 +++ debian/control | 1 + debian/qubes-core-agent.install | 3 ++ .../10-qubes-core-agent-appmenus.sh | 3 ++ .../10-qubes-core-agent-features.sh | 9 ++++++ post-install.d/90-qubes-core-agent.sh | 6 ++++ post-install.d/README | 3 ++ qubes-rpc/qubes.PostInstall | 28 +++++++++++++++++++ rpm_spec/core-vm.spec | 6 ++++ 9 files changed, 63 insertions(+) create mode 100755 post-install.d/10-qubes-core-agent-appmenus.sh create mode 100755 post-install.d/10-qubes-core-agent-features.sh create mode 100755 post-install.d/90-qubes-core-agent.sh create mode 100644 post-install.d/README create mode 100755 qubes-rpc/qubes.PostInstall diff --git a/Makefile b/Makefile index 5a4476f..1707af6 100644 --- a/Makefile +++ b/Makefile @@ -271,11 +271,15 @@ install-common: install -m 0755 qubes-rpc/qubes.ResizeDisk $(DESTDIR)/etc/qubes-rpc install -m 0755 qubes-rpc/qubes.StartApp $(DESTDIR)/etc/qubes-rpc install -m 0755 qubes-rpc/qubes.UpdatesProxy $(DESTDIR)/etc/qubes-rpc + install -m 0755 qubes-rpc/qubes.PostInstall $(DESTDIR)/etc/qubes-rpc install -d $(DESTDIR)/etc/qubes/suspend-pre.d install -m 0644 qubes-rpc/suspend-pre.README $(DESTDIR)/etc/qubes/suspend-pre.d/README install -d $(DESTDIR)/etc/qubes/suspend-post.d install -m 0644 qubes-rpc/suspend-post.README $(DESTDIR)/etc/qubes/suspend-post.d/README + install -d $(DESTDIR)/etc/qubes/post-install.d + install -m 0644 post-install.d/README $(DESTDIR)/etc/qubes/post-install.d/ + install -m 0755 post-install.d/*.sh $(DESTDIR)/etc/qubes/post-install.d/ install -d $(DESTDIR)/usr/share/nautilus-python/extensions install -m 0644 qubes-rpc/*_nautilus.py $(DESTDIR)/usr/share/nautilus-python/extensions diff --git a/debian/control b/debian/control index 2434d0c..42c7b22 100644 --- a/debian/control +++ b/debian/control @@ -42,6 +42,7 @@ Depends: util-linux, python2.7, python-daemon, + python-qubesdb, python-gi, python-xdg, python-dbus, diff --git a/debian/qubes-core-agent.install b/debian/qubes-core-agent.install index 7622fc6..1ca224c 100644 --- a/debian/qubes-core-agent.install +++ b/debian/qubes-core-agent.install @@ -19,6 +19,7 @@ etc/qubes-rpc/qubes.GetImageRGBA etc/qubes-rpc/qubes.InstallUpdatesGUI etc/qubes-rpc/qubes.OpenInVM etc/qubes-rpc/qubes.OpenURL +etc/qubes-rpc/qubes.PostInstall etc/qubes-rpc/qubes.ResizeDisk etc/qubes-rpc/qubes.Restore etc/qubes-rpc/qubes.SelectDirectory @@ -37,6 +38,8 @@ etc/qubes-suspend-module-blacklist etc/qubes/autostart/* etc/qubes/ip6tables.rules etc/qubes/iptables.rules +etc/qubes/post-install.d/README +etc/qubes/post-install.d/*.sh etc/qubes/suspend-post.d/README etc/qubes/suspend-pre.d/README etc/sudoers.d/qt_x11_no_mitshm diff --git a/post-install.d/10-qubes-core-agent-appmenus.sh b/post-install.d/10-qubes-core-agent-appmenus.sh new file mode 100755 index 0000000..2f5e5f5 --- /dev/null +++ b/post-install.d/10-qubes-core-agent-appmenus.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +/usr/lib/qubes/qubes-trigger-sync-appmenus.sh diff --git a/post-install.d/10-qubes-core-agent-features.sh b/post-install.d/10-qubes-core-agent-features.sh new file mode 100755 index 0000000..491c334 --- /dev/null +++ b/post-install.d/10-qubes-core-agent-features.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +# announce features supported by this template + +qvm-features-request qrexec=1 + +if [ -x /usr/bin/qubes-gui ]; then + qvm-features-request gui=1 +fi diff --git a/post-install.d/90-qubes-core-agent.sh b/post-install.d/90-qubes-core-agent.sh new file mode 100755 index 0000000..6f3f9e1 --- /dev/null +++ b/post-install.d/90-qubes-core-agent.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +# Actually send requested features to dom0. Then dom0 will evaluate them and +# adjust appropriate settings (or ignore). + +qvm-features-request --commit diff --git a/post-install.d/README b/post-install.d/README new file mode 100644 index 0000000..4ceadc3 --- /dev/null +++ b/post-install.d/README @@ -0,0 +1,3 @@ +All executable files with `.sh` suffix in this directory will be executed as +root just after template installation. Template VM may not have access to the +network at this time yet. diff --git a/qubes-rpc/qubes.PostInstall b/qubes-rpc/qubes.PostInstall new file mode 100755 index 0000000..9980719 --- /dev/null +++ b/qubes-rpc/qubes.PostInstall @@ -0,0 +1,28 @@ +#!/bin/sh +# +# The Qubes OS Project, http://www.qubes-os.org +# +# Copyright (C) 2017 Marek Marczykowski-Górecki +# +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# + +for script in /etc/qubes/post-install.d/*.sh; do + if [ -x "$script" ]; then + "$script" + fi +done diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index 6f97811..e71a3ab 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -140,6 +140,8 @@ Requires: dbus-python # for qubes-session-autostart, xdg-icon Requires: pyxdg Requires: python-daemon +# for qvm-feature-request +Requires: python2-qubesdb Requires: nftables Requires: ImageMagick Requires: librsvg2-tools @@ -442,6 +444,7 @@ rm -f %{name}-%{version} %config(noreplace) /etc/qubes-rpc/qubes.ResizeDisk %config(noreplace) /etc/qubes-rpc/qubes.StartApp %config(noreplace) /etc/qubes-rpc/qubes.UpdatesProxy +%config(noreplace) /etc/qubes-rpc/qubes.PostInstall %dir /etc/qubes/autostart /etc/qubes/autostart/README.txt %config /etc/qubes/autostart/*.desktop.d/30_qubes.conf @@ -449,6 +452,9 @@ rm -f %{name}-%{version} /etc/qubes/suspend-pre.d/README %dir /etc/qubes/suspend-post.d /etc/qubes/suspend-post.d/README +%dir /etc/qubes/post-install.d +/etc/qubes/post-install.d/README +/etc/qubes/post-install.d/*.sh %config(noreplace) /etc/sudoers.d/qubes %config(noreplace) /etc/sudoers.d/qt_x11_no_mitshm %config(noreplace) /etc/sysctl.d/20_tcp_timestamps.conf