Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

debian: Added all other outstanding triggers contained in rpm_spec as well as triggers if other packages get installed at a later date the configurations will run on them

Browse Source
This commit is contained in:
Jason Mehring 2014-11-07 18:28:04 -05:00
parent 79db86a94a
commit 9e065d6d9c
2 changed files with 342 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

394
debian/qubes-core-agent.postinst vendored
View File

@ -4,7 +4,6 @@
# see: dh_installdeb(1) # see: dh_installdeb(1)
set -e set -e
set -x
# The postint script may be called in the following ways: # The postint script may be called in the following ways:
# * <postinst> 'configure' <most-recently-configured-version> # * <postinst> 'configure' <most-recently-configured-version>
@ -20,21 +19,112 @@ set -x
# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or # https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or
# the debian-policy package # the debian-policy package
case "$1" in # Install overriden services only when original exists
configure) installOverridenServices() {
# disable some Upstart services unit_dir="${1}"
for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do override_dir="${2}"
if [ -e /etc/init/$F.conf ]; then service="${3}"
mv -f /etc/init/$F.conf /etc/init/$F.conf.disabled retval=1
for unit in ${service}; do
if [ -f ${unit_dir}/${unit}.service ]; then
cp ${override_dir}/${unit}.service /etc/systemd/system/
retval=0
fi
if [ -f ${unit_dir}/${unit}.socket -a -f ${override_dir}/${unit}.socket ]; then
cp ${override_dir}/${unit}.socket /etc/systemd/system/
retval=0
fi
if [ -f ${unit_dir}/${unit}.path -a -f ${override_dir}/${unit}.path ]; then
cp ${override_dir}/${unit}.path /etc/systemd/system/
retval=0
fi fi
done done
return ${retval}
}
reenableNetworkManager() {
# Disable original service to enable overriden one
/bin/systemctl disable ModemManager.service 2> /dev/null
/bin/systemctl disable NetworkManager.service 2> /dev/null
# Disable D-BUS activation of NetworkManager - in AppVm it causes problems (eg PackageKit timeouts)
/bin/systemctl mask dbus-org.freedesktop.NetworkManager.service 2> /dev/null
/bin/systemctl enable ModemManager.service 2> /dev/null
/bin/systemctl enable NetworkManager.service 2> /dev/null
# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=974811
/bin/systemctl enable NetworkManager-dispatcher.service 2> /dev/null
}
remove_ShowIn () { remove_ShowIn () {
if [ -e /etc/xdg/autostart/$1.desktop ]; then if [ -e "${1}" ]; then
sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop sed -i '/^\(Not\|Only\)ShowIn/d' "${1}"
fi fi
} }
# Disable systemd units
disableSystemdUnits() {
for unit in $*; do
systemctl is-enabled ${unit} > /dev/null 2>&1 && {
echo "Disabling ${unit}..."
systemctl is-active ${unit} > /dev/null 2>&1 && {
systemctl stop ${unit} > /dev/null 2>&1 || echo "Unable to stop ${unit}"
}
if [ -f /lib/systemd/system/${unit} ]; then
if fgrep -q '[Install]' /lib/systemd/system/${unit}; then
systemctl disable ${unit} > /dev/null 2>&1 || echo "Could not disable ${unit}"
else
# Forcibly disable
echo "Forcibly disabling: ${unit}"
ln -sf /dev/null /etc/systemd/system/${unit}
fi
else
systemctl disable ${unit} > /dev/null 2>&1 || echo "Could not disable ${unit}"
fi
} || {
echo "It appears ${unit} is already disabled!"
}
done
}
# Enable systemd units
enableSystemdUnits() {
for unit in $*; do
systemctl is-enabled ${unit} > /dev/null 2>&1 && {
echo "It appears ${unit} is already enabled!"
} || {
echo "Enabling: ${unit}..."
systemctl enable ${unit} > /dev/null 2>&1 || echo "Could not enable: ${unit}"
}
done
}
# Manually trigger all triggers to automaticatly configure
triggerTriggers() {
path="$(readlink -m ${0})"
triggers="${path/postinst/triggers}"
awk '{sub(/[ \t]*#.*/,"")} NF' ${triggers} | while read line
do
/bin/bash -c "${0} triggered ${line##* }" || true
done
}
case "${1}" in
configure)
# disable some Upstart services
for init in plymouth-shutdown \
prefdm \
splash-manager \
start-ttys \
tty ; do
if [ -e /etc/init/${init}.conf ]; then
mv -f /etc/init/${init}.conf /etc/init/${init}.conf.disabled
fi
done
# Stops Qt form using the MIT-SHM X11 Shared Memory Extension # Stops Qt form using the MIT-SHM X11 Shared Memory Extension
echo 'export QT_X11_NO_MITSHM=1' > /etc/profile.d/qt_x11_no_mitshm echo 'export QT_X11_NO_MITSHM=1' > /etc/profile.d/qt_x11_no_mitshm
@ -45,41 +135,6 @@ case "$1" in
echo 'Defaults env_keep += "QT_X11_NO_MITSHM"' > /etc/sudoers.d/qt_x11_no_mitshm.sh echo 'Defaults env_keep += "QT_X11_NO_MITSHM"' > /etc/sudoers.d/qt_x11_no_mitshm.sh
chmod 0755 /etc/sudoers.d/qt_x11_no_mitshm.sh chmod 0755 /etc/sudoers.d/qt_x11_no_mitshm.sh
# reenable abrt-aplet if disabled by some earlier version of package
remove_ShowIn abrt-applet.desktop
# don't want it at all
for F in deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto gnome-power-manager gnome-sound-applet gnome-screensaver orca-autostart; do
if [ -e /etc/xdg/autostart/$F.desktop ]; then
remove_ShowIn $F
echo 'NotShowIn=QUBES;' >> /etc/xdg/autostart/$F.desktop
fi
done
# don't want it in DisposableVM
for F in gcm-apply ; do
if [ -e /etc/xdg/autostart/$F.desktop ]; then
remove_ShowIn $F
echo 'NotShowIn=DisposableVM;' >> /etc/xdg/autostart/$F.desktop
fi
done
# want it in AppVM only
for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do
if [ -e /etc/xdg/autostart/$F.desktop ]; then
remove_ShowIn $F
echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop
fi
done
# remove existing rule to add own later
for F in gpk-update-icon nm-applet ; do
remove_ShowIn $F
done
echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || :
echo 'OnlyShowIn=GNOME;QUBES;' >> /etc/xdg/autostart/nm-applet.desktop || :
# Create NetworkManager configuration if we do not have it # Create NetworkManager configuration if we do not have it
if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
echo '[main]' > /etc/NetworkManager/NetworkManager.conf echo '[main]' > /etc/NetworkManager/NetworkManager.conf
@ -122,7 +177,7 @@ case "$1" in
chown user:user /home_volatile/user chown user:user /home_volatile/user
#if [ "$1" != 1 ] ; then #if [ "${1}" != 1 ] ; then
# # do the rest of %post thing only when updating for the first time... # # do the rest of %post thing only when updating for the first time...
# exit 0 # exit 0
#fi #fi
@ -138,84 +193,94 @@ case "$1" in
mkdir -p /var/lib/qubes/removed-udev-scripts mkdir -p /var/lib/qubes/removed-udev-scripts
for f in /etc/udev/rules.d/* for f in /etc/udev/rules.d/*
do do
if [ $(basename $f) == "xen-backend.rules" ] ; then if [ $(basename ${f}) == "xen-backend.rules" ] ; then
continue continue
fi fi
if [ $(basename $f) == "50-qubes-misc.rules" ] ; then if [ $(basename ${f}) == "50-qubes-misc.rules" ] ; then
continue continue
fi fi
if echo $f | grep -q qubes; then if echo ${f} | grep -q qubes; then
continue continue
fi fi
mv $f /var/lib/qubes/removed-udev-scripts/ mv ${f} /var/lib/qubes/removed-udev-scripts/
done done
# Create /rw directory
mkdir -p /rw mkdir -p /rw
# XXX: TODO: Needs to be implemented still
#rm -f /etc/mtab #rm -f /etc/mtab
#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0" #echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0"
#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig #mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig
#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0 #grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0
####################################################################### # Enable Qubes systemd units
# systemd post-init enableSystemdUnits \
####################################################################### qubes-sysinit.service \
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-updates-proxy qubes-qrexec-agent; do qubes-misc-post.service \
/bin/systemctl enable $srv.service 2> /dev/null qubes-netwatcher.service \
done qubes-network.service \
qubes-firewall.service \
/bin/systemctl enable qubes-update-check.timer 2> /dev/null qubes-updates-proxy.service \
qubes-updates-proxy.timer \
UNITDIR=/lib/systemd/system qubes-qrexec-agent.service
OVERRIDEDIR=/usr/lib/qubes/init
# Install overriden services only when original exists
for srv in cups ModemManager NetworkManager NetworkManager-wait-online ntpd chronyd; do
if [ -f $UNITDIR/$srv.service ]; then
cp $OVERRIDEDIR/$srv.service /etc/systemd/system/
fi
if [ -f $UNITDIR/$srv.socket -a -f $OVERRIDEDIR/$srv.socket ]; then
cp $OVERRIDEDIR/$srv.socket /etc/systemd/system/
fi
if [ -f $UNITDIR/$srv.path -a -f $OVERRIDEDIR/$srv.path ]; then
cp $OVERRIDEDIR/$srv.path /etc/systemd/system/
fi
done
# Set default "runlevel" # Set default "runlevel"
rm -f /etc/systemd/system/default.target rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
#DISABLE_SERVICES="alsa-store alsa-restore auditd avahi avahi-daemon backuppc cpuspeed crond" # Process all triggers which will set defaults to wanted values
#DISABLE_SERVICES="$DISABLE_SERVICES fedora-autorelabel fedora-autorelabel-mark ipmi hwclock-load hwclock-save" triggerTriggers
#DISABLE_SERVICES="$DISABLE_SERVICES mdmonitor multipathd openct rpcbind mcelog fedora-storage-init fedora-storage-init-late"
#DISABLE_SERVICES="$DISABLE_SERVICES plymouth-start plymouth-read-write plymouth-quit plymouth-quit-wait" disableSystemdUnits \
#DISABLE_SERVICES="$DISABLE_SERVICES sshd tcsd sm-client sendmail mdmonitor-takeover" alsa-store \
#DISABLE_SERVICES="$DISABLE_SERVICES rngd smartd upower irqbalance colord" alsa-restore \
#for srv in $DISABLE_SERVICES; do auditd \
# if [ -f /lib/systemd/system/$srv.service ]; then avahi \
# if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then avahi-daemon \
# /bin/systemctl disable $srv.service 2> /dev/null backuppc \
# else cpuspeed \
# # forcibly disable crond \
# ln -sf /dev/null /etc/systemd/system/$srv.service fedora-autorelabel \
# fi fedora-autorelabel-mark \
# fi ipmi \
#done hwclock-load \
hwclock-save \
mdmonitor \
multipathd \
openct \
rpcbind \
mcelog \
fedora-storage-init \
fedora-storage-init-late \
plymouth-start \
plymouth-read-write \
plymouth-quit \
plymouth-quit-wait \
sshd \
tcsd \
sm-client \
sendmail \
mdmonitor-takeover \
rngd smartd \
upower \
irqbalance \
colord
rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
# Enable some services # Enable other systemd units
/bin/systemctl enable rsyslog.service 2> /dev/null enableSystemdUnits \
rsyslog.service
# XXX: TODO: Needs to be implemented still
# These do not exist on debian; maybe a different package name # These do not exist on debian; maybe a different package name
#/bin/systemctl enable iptables.service 2> /dev/null # iptables.service \
#/bin/systemctl enable ntpd.service 2> /dev/null # ntpd.service \
#/bin/systemctl enable ip6tables.service 2> /dev/null # ip6tables.service \
# Enable cups only when it is real SystemD service
[ -e /lib/systemd/system/cups.service ] && /bin/systemctl enable cups.service 2> /dev/null
;; ;;
abort-upgrade|abort-remove|abort-deconfigure) abort-upgrade|abort-remove|abort-deconfigure)
@ -223,14 +288,137 @@ case "$1" in
;; ;;
triggered) triggered)
for trigger in $2; do for trigger in ${2}; do
case "$trigger" in case "${trigger}" in
# Update Qubes App Menus
/usr/share/applications) /usr/share/applications)
echo "Updating Qubes AppMenu." echo "Updating Qubes App Menus..."
/usr/lib/qubes/qubes-trigger-sync-appmenus.sh /usr/lib/qubes/qubes-trigger-sync-appmenus.sh || true
;; ;;
# Install overriden services only when original exists
/lib/systemd/system/NetworkManager.service | \
/lib/systemd/system/NetworkManager-wait-online.service | \
/lib/systemd/system/ModemManager.service)
echo "Installing over-riden services for $(basename -s .service ${trigger})..."
UNITDIR=/lib/systemd/system
OVERRIDEDIR=/usr/lib/qubes/init
installOverridenServices "${UNITDIR}" "${OVERRIDEDIR}" "$(basename -s .service "${trigger}")"
if [ $? -eq 0 ]; then
reenableNetworkManager
fi
;;
# Enable cups only when it is real Systemd service
/lib/systemd/system/cups.service)
echo "Enabling cups"
[ -e /lib/systemd/system/cups.service ] && enableSystemdUnits cups.service
;;
# "Enable haveged service"
/lib/systemd/system/haveged.service)
echo "Enabling haveged service"
enableSystemdUnits haveged.service
;;
# Install overridden serial.conf init script
/etc/init/serial.conf)
echo "Installing over-ridden serial.conf init script..."
if [ -e /etc/init/serial.conf ]; then
cp /usr/share/qubes/serial.conf /etc/init/serial.conf
fi
;;
# Enable autostart of notification-daemon when installed
/etc/xdg/autostart/notification-daemon.desktop)
if [ ! -e /etc/xdg/autostart/notification-daemon.desktop ]; then
echo "Enabling autostart of notification-daemon when installed..."
ln -s /usr/share/applications/notification-daemon.desktop /etc/xdg/autostart/
fi
;;
# Disable SELinux"
/etc/selinux/config)
echo "Disabling SELinux..."
if [ -e /etc/selinux/config ]; then
sed -e s/^SELINUX=.*$/SELINUX=disabled/ </etc/selinux/config >/etc/selinux/config.processed
mv /etc/selinux/config.processed /etc/selinux/config
setenforce 0 2>/dev/null
fi
;;
# Desktop Entry Modification - Remove existing rules
/etc/xdg/autostart/gpk-update-icon.desktop | \
/etc/xdg/autostart/nm-applet.desktop | \
/etc/xdg/autostart/abrt-applet.desktop)
if [ -e "${trigger}" ]; then
echo "Desktop Entry Modification - Removing ShowIn from: ${trigger}..."
remove_ShowIn "${trigger}"
fi
;;
# Desktop Entry Modification - Not shown in Qubes
/etc/xdg/autostart/pulseaudio.desktop | \
/etc/xdg/autostart/deja-dup-monitor.desktop | \
/etc/xdg/autostart/imsettings-start.desktop | \
/etc/xdg/autostart/krb5-auth-dialog.desktop | \
/etc/xdg/autostart/pulseaudio.desktop | \
/etc/xdg/autostart/restorecond.desktop | \
/etc/xdg/autostart/sealertauto.desktop | \
/etc/xdg/autostart/gnome-power-manager.desktop | \
/etc/xdg/autostart/gnome-sound-applet.desktop | \
/etc/xdg/autostart/gnome-screensaver.desktop | \
/etc/xdg/autostart/orca-autostart.desktop)
if [ -e "${trigger}" ]; then
echo "Desktop Entry Modification - Not Shown in Qubes: ${trigger}..."
remove_ShowIn "${trigger}"
echo 'NotShowIn=QUBES;' >> "${trigger}" || true
fi
;;
# Desktop Entry Modification - Not shown in in DisposableVM
/etc/xdg/autostart/gcm-apply.desktop)
if [ -e "${trigger}" ]; then
echo "Desktop Entry Modification - Not Shown in DisposableVM: ${trigger}..."
remove_ShowIn "${trigger}"
echo 'NotShowIn=DisposableVM;' >> "${trigger}" || true
fi
;;
# Desktop Entry Modification - Only shown in AppVM
/etc/xdg/autostart/gnome-keyring-gpg.desktop | \
/etc/xdg/autostart/gnome-keyring-pkcs11.desktop | \
/etc/xdg/autostart/gnome-keyring-secrets.desktop | \
/etc/xdg/autostart/gnome-keyring-ssh.desktop | \
/etc/xdg/autostart/gnome-settings-daemon.desktop | \
/etc/xdg/autostart/user-dirs-update-gtk.desktop | \
/etc/xdg/autostart/gsettings-data-convert.desktop)
if [ -e "${trigger}" ]; then
echo "Desktop Entry Modification - Only Shown in Gnome & AppVM: ${trigger}..."
remove_ShowIn "${trigger}"
echo 'OnlyShowIn=GNOME;AppVM;' >> "${trigger}" || true
fi
;;
# Desktop Entry Modification - Only shown in Gnome & UpdateableVM
/etc/xdg/autostart/gpk-update-icon.desktop)
if [ -e "${trigger}" ]; then
echo "Desktop Entry Modification - Only Shown in Gnome & UpdateableVM: ${trigger}..."
echo 'OnlyShowIn=GNOME;UpdateableVM;' >> "${trigger}" || true
fi
;;
# Desktop Entry Modification - Only shown in Gnome & Qubes
/etc/xdg/autostart/nm-applet.desktop)
if [ -e "${trigger}" ]; then
echo "Desktop Entry Modification - Only Shown in Gnome & Qubes: ${trigger}..."
echo 'OnlyShowIn=GNOME;QUBES;' >> "${trigger}" || true
fi
;;
*) *)
echo "postinst called with unknown trigger \`$2'" >&2 echo "postinst called with unknown trigger \`${2}'" >&2
exit 1 exit 1
;; ;;
esac esac
@ -239,7 +427,7 @@ case "$1" in
;; ;;
*) *)
echo "postinst called with unknown argument \`$1'" >&2 echo "postinst called with unknown argument \`${1}'" >&2
exit 1 exit 1
;; ;;
esac esac

44
debian/qubes-core-agent.triggers vendored
View File

@ -1 +1,45 @@
interest-noawait /usr/share/applications interest-noawait /usr/share/applications
interest-noawait /lib/systemd/system/NetworkManager.service
interest-noawait /lib/systemd/system/NetworkManager-wait-online.service
interest-noawait /lib/systemd/system/ModemManager.service
interest-noawait /etc/init/serial.conf
interest-noawait /etc/xdg/autostart/notification-daemon.desktop
interest-noawait /etc/selinux/config
interest-noawait /lib/systemd/system/cups.service
interest-noawait /lib/systemd/system/haveged.service
# Desktop Entry Modification - Remove existing rules
interest-noawait /etc/xdg/autostart/gpk-update-icon.desktop
interest-noawait /etc/xdg/autostart/nm-applet.desktop
interest-noawait /etc/xdg/autostart/abrt-applet.desktop
# Desktop Entry Modification - Not shown in Qubes
interest-noawait /etc/xdg/autostart/pulseaudio.desktop
interest-noawait /etc/xdg/autostart/deja-dup-monitor.desktop
interest-noawait /etc/xdg/autostart/imsettings-start.desktop
interest-noawait /etc/xdg/autostart/krb5-auth-dialog.desktop
interest-noawait /etc/xdg/autostart/pulseaudio.desktop
interest-noawait /etc/xdg/autostart/restorecond.desktop
interest-noawait /etc/xdg/autostart/sealertauto.desktop
interest-noawait /etc/xdg/autostart/gnome-power-manager.desktop
interest-noawait /etc/xdg/autostart/gnome-sound-applet.desktop
interest-noawait /etc/xdg/autostart/gnome-screensaver.desktop
interest-noawait /etc/xdg/autostart/orca-autostart.desktop
# Desktop Entry Modification - Not shown in in DisposableVM
interest-noawait /etc/xdg/autostart/gcm-apply.desktop
# Desktop Entry Modification - Only shown in AppVM
interest-noawait /etc/xdg/autostart/gnome-keyring-gpg.desktop
interest-noawait /etc/xdg/autostart/gnome-keyring-pkcs11.desktop
interest-noawait /etc/xdg/autostart/gnome-keyring-secrets.desktop
interest-noawait /etc/xdg/autostart/gnome-keyring-ssh.desktop
interest-noawait /etc/xdg/autostart/gnome-settings-daemon.desktop
interest-noawait /etc/xdg/autostart/user-dirs-update-gtk.desktop
interest-noawait /etc/xdg/autostart/gsettings-data-convert.desktop
# Desktop Entry Modification - Only shown in Gnome & UpdateableVM
interest-noawait /etc/xdg/autostart/gpk-update-icon.desktop
# Desktop Entry Modification - Only shown in Gnome & Qubes
interest-noawait /etc/xdg/autostart/nm-applet.desktop