vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy (#568)
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it is reasonable to bypass the proxy. Some examples: - usage of non-standard repos with some exotic file layout, which will be blocked by the proxy - usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM) This commit introduces 'yum-proxy-setup' pseudo-service, which can be controlled via standard qvm-service or qubes-manager. When enabled - yum will be configured at VM startup to use qubes proxy, otherwise - to connect directly (proxy setting will be cleared).
This commit is contained in:
parent
c37e4b2344
commit
9930a89fb1
@ -131,6 +131,9 @@ install -m 0644 -D network/iptables $RPM_BUILD_ROOT/etc/sysconfig/iptables
|
|||||||
install -m 0644 -D network/tinyproxy-qubes-yum.conf $RPM_BUILD_ROOT/etc/tinyproxy/tinyproxy-qubes-yum.conf
|
install -m 0644 -D network/tinyproxy-qubes-yum.conf $RPM_BUILD_ROOT/etc/tinyproxy/tinyproxy-qubes-yum.conf
|
||||||
install -m 0644 -D network/filter-qubes-yum $RPM_BUILD_ROOT/etc/tinyproxy/filter-qubes-yum
|
install -m 0644 -D network/filter-qubes-yum $RPM_BUILD_ROOT/etc/tinyproxy/filter-qubes-yum
|
||||||
|
|
||||||
|
install -d $RPM_BUILD_ROOT/etc/yum.conf.d
|
||||||
|
touch $RPM_BUILD_ROOT/etc/yum.conf.d/qubes-proxy.conf
|
||||||
|
|
||||||
install -d $RPM_BUILD_ROOT/usr/sbin
|
install -d $RPM_BUILD_ROOT/usr/sbin
|
||||||
install network/qubes_firewall $RPM_BUILD_ROOT/usr/sbin/
|
install network/qubes_firewall $RPM_BUILD_ROOT/usr/sbin/
|
||||||
install network/qubes_netwatcher $RPM_BUILD_ROOT/usr/sbin/
|
install network/qubes_netwatcher $RPM_BUILD_ROOT/usr/sbin/
|
||||||
@ -236,6 +239,12 @@ fi
|
|||||||
# Remove ip_forward setting from sysctl, so NM will not reset it
|
# Remove ip_forward setting from sysctl, so NM will not reset it
|
||||||
sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf
|
sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf
|
||||||
|
|
||||||
|
if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf'; then
|
||||||
|
echo >> /etc/yum.conf
|
||||||
|
echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf
|
||||||
|
echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf
|
||||||
|
fi
|
||||||
|
|
||||||
# Prevent unnecessary updates in VMs:
|
# Prevent unnecessary updates in VMs:
|
||||||
sed -i -e '/^exclude = kernel/d' /etc/yum.conf
|
sed -i -e '/^exclude = kernel/d' /etc/yum.conf
|
||||||
echo 'exclude = kernel, xorg-x11-drv-*, xorg-x11-drivers, xorg-x11-server-*' >> /etc/yum.conf
|
echo 'exclude = kernel, xorg-x11-drv-*, xorg-x11-drivers, xorg-x11-server-*' >> /etc/yum.conf
|
||||||
@ -343,6 +352,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
/etc/udev/rules.d/99-qubes_block.rules
|
/etc/udev/rules.d/99-qubes_block.rules
|
||||||
/etc/udev/rules.d/99-qubes_network.rules
|
/etc/udev/rules.d/99-qubes_network.rules
|
||||||
/etc/xen/scripts/vif-route-qubes
|
/etc/xen/scripts/vif-route-qubes
|
||||||
|
/etc/yum.conf.d/qubes-proxy.conf
|
||||||
/etc/yum.repos.d/qubes.repo
|
/etc/yum.repos.d/qubes.repo
|
||||||
/etc/yum/post-actions/qubes_trigger_sync_appmenus.action
|
/etc/yum/post-actions/qubes_trigger_sync_appmenus.action
|
||||||
/lib/firmware/updates
|
/lib/firmware/updates
|
||||||
|
@ -36,6 +36,13 @@ start()
|
|||||||
echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
|
echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
yum_proxy_setup=$(/usr/bin/xenstore-read qubes-service/yum-proxy-setup 2> /dev/null)
|
||||||
|
if [ "$yum_proxy_setup" != "0" ]; then
|
||||||
|
echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
|
||||||
|
else
|
||||||
|
echo > /etc/yum.conf.d/qubes-proxy.conf
|
||||||
|
fi
|
||||||
|
|
||||||
# Set IP address again (besides action in udev rules); this is needed by
|
# Set IP address again (besides action in udev rules); this is needed by
|
||||||
# DispVM (to override DispVM-template IP) and in case when qubes_ip was
|
# DispVM (to override DispVM-template IP) and in case when qubes_ip was
|
||||||
# called by udev before loading evtchn kernel module - in which case
|
# called by udev before loading evtchn kernel module - in which case
|
||||||
|
@ -1,5 +1,11 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
if [ -f /var/run/qubes-service/yum-proxy-setup ]; then
|
||||||
|
echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
|
||||||
|
else
|
||||||
|
echo > /etc/yum.conf.d/qubes-proxy.conf
|
||||||
|
fi
|
||||||
|
|
||||||
# Set IP address again (besides action in udev rules); this is needed by
|
# Set IP address again (besides action in udev rules); this is needed by
|
||||||
# DispVM (to override DispVM-template IP) and in case when qubes_ip was
|
# DispVM (to override DispVM-template IP) and in case when qubes_ip was
|
||||||
# called by udev before loading evtchn kernel module - in which case
|
# called by udev before loading evtchn kernel module - in which case
|
||||||
|
Loading…
Reference in New Issue
Block a user