vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy (#568)

The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
 - usage of non-standard repos with some exotic file layout, which will be
   blocked by the proxy
 - usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)

This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).

rpm_spec/core-vm.spec

@@ -131,6 +131,9 @@ install -m 0644 -D network/iptables $RPM_BUILD_ROOT/etc/sysconfig/iptables
 install -m 0644 -D network/tinyproxy-qubes-yum.conf $RPM_BUILD_ROOT/etc/tinyproxy/tinyproxy-qubes-yum.conf
 install -m 0644 -D network/filter-qubes-yum $RPM_BUILD_ROOT/etc/tinyproxy/filter-qubes-yum
 
+install -d $RPM_BUILD_ROOT/etc/yum.conf.d
+touch $RPM_BUILD_ROOT/etc/yum.conf.d/qubes-proxy.conf
+
 install -d $RPM_BUILD_ROOT/usr/sbin
 install network/qubes_firewall $RPM_BUILD_ROOT/usr/sbin/
 install network/qubes_netwatcher $RPM_BUILD_ROOT/usr/sbin/
@@ -236,6 +239,12 @@ fi
 # Remove ip_forward setting from sysctl, so NM will not reset it
 sed 's/^net.ipv4.ip_forward.*/#\0/'  -i /etc/sysctl.conf
 
+if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf'; then
+  echo >> /etc/yum.conf
+  echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf
+  echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf
+fi
+
 # Prevent unnecessary updates in VMs:
 sed -i -e '/^exclude = kernel/d' /etc/yum.conf
 echo 'exclude = kernel, xorg-x11-drv-*, xorg-x11-drivers, xorg-x11-server-*' >> /etc/yum.conf
@@ -343,6 +352,7 @@ rm -rf $RPM_BUILD_ROOT
 /etc/udev/rules.d/99-qubes_block.rules
 /etc/udev/rules.d/99-qubes_network.rules
 /etc/xen/scripts/vif-route-qubes
+/etc/yum.conf.d/qubes-proxy.conf
 /etc/yum.repos.d/qubes.repo
 /etc/yum/post-actions/qubes_trigger_sync_appmenus.action
 /lib/firmware/updates

vm-init.d/qubes_core

@@ -36,6 +36,13 @@ start()
 		echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
 	fi
 
+	yum_proxy_setup=$(/usr/bin/xenstore-read qubes-service/yum-proxy-setup 2> /dev/null)
+	if [ "$yum_proxy_setup" != "0" ]; then
+		echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
+	else
+		echo > /etc/yum.conf.d/qubes-proxy.conf
+	fi
+
 	# Set IP address again (besides action in udev rules); this is needed by
 	# DispVM (to override DispVM-template IP) and in case when qubes_ip was
 	# called by udev before loading evtchn kernel module - in which case

vm-systemd/misc-post.sh

@@ -1,5 +1,11 @@
 #!/bin/sh
 
+if [ -f /var/run/qubes-service/yum-proxy-setup ]; then
+    echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
+else
+    echo > /etc/yum.conf.d/qubes-proxy.conf
+fi
+
 # Set IP address again (besides action in udev rules); this is needed by
 # DispVM (to override DispVM-template IP) and in case when qubes_ip was
 # called by udev before loading evtchn kernel module - in which case