From 51ad63e26f813855866bee11b1625e6f0e3064e2 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Sat, 14 Jul 2012 22:54:23 +0200
Subject: [PATCH 1/4] dom0+vm/qrexec-services: pass remote domain via env
 variable not argument

Most qrexec services doesn't use remote domain name, as policy is enforced
earlier. So pass it in way that will allow use of generic command as qrexec
service.
---
 qubes_rpc/qfile-unpacker.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/qubes_rpc/qfile-unpacker.c b/qubes_rpc/qfile-unpacker.c
index eaa5c06..dd0a510 100644
--- a/qubes_rpc/qfile-unpacker.c
+++ b/qubes_rpc/qfile-unpacker.c
@@ -51,13 +51,19 @@ int main(int argc, char ** argv)
 	char *incoming_dir;
 	int pipefds[2];
 	int uid;
+	char *remote_domain;
 
 	pipe(pipefds);
 
 	uid = prepare_creds_return_uid("user");
 
+	remote_domain = getenv("QREXEC_REMOTE_DOMAIN");
+	if (!remote_domain) {
+		gui_fatal("Cannot get remote domain name");
+		exit(1);
+	}
 	mkdir(INCOMING_DIR_ROOT, 0700);
-	asprintf(&incoming_dir, "%s/from-%s", INCOMING_DIR_ROOT, argv[1]);
+	asprintf(&incoming_dir, "%s/from-%s", INCOMING_DIR_ROOT, remote_domain);
 	mkdir(incoming_dir, 0700);
 	if (chdir(incoming_dir))
 		gui_fatal("Error chdir to %s", incoming_dir); 

From 38bc4c6c7cea5b0f0b090dc6cb833591c733558a Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Sat, 14 Jul 2012 22:58:15 +0200
Subject: [PATCH 2/4] vm: simplify qubes.VMShell service

Now additional wrapper not required to skip cmdline argument
---
 qubes_rpc/qubes.VMShell | 2 +-
 qubes_rpc/vm-shell      | 3 ---
 rpm_spec/core-vm.spec   | 3 +--
 3 files changed, 2 insertions(+), 6 deletions(-)
 delete mode 100755 qubes_rpc/vm-shell

diff --git a/qubes_rpc/qubes.VMShell b/qubes_rpc/qubes.VMShell
index 7ca3b5e..01dca2d 100644
--- a/qubes_rpc/qubes.VMShell
+++ b/qubes_rpc/qubes.VMShell
@@ -1 +1 @@
-/usr/lib/qubes/vm-shell
\ No newline at end of file
+/bin/bash
diff --git a/qubes_rpc/vm-shell b/qubes_rpc/vm-shell
deleted file mode 100755
index d06e398..0000000
--- a/qubes_rpc/vm-shell
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-# just ignore the cmdline argument (the remote vm name)
-exec /bin/bash
diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec
index f24c679..e73cdb8 100644
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@@ -156,7 +156,7 @@ install qubes_rpc/wrap_in_html_if_url.sh $RPM_BUILD_ROOT/usr/lib/qubes
 install qubes_rpc/qvm-copy-to-vm.kde $RPM_BUILD_ROOT/usr/lib/qubes
 install qubes_rpc/qvm-copy-to-vm.gnome $RPM_BUILD_ROOT/usr/lib/qubes
 install qubes_rpc/{vm-file-editor,qfile-agent,qopen-in-vm,qfile-unpacker} $RPM_BUILD_ROOT/usr/lib/qubes
-install qubes_rpc/{vm-shell,qrun-in-vm} $RPM_BUILD_ROOT/usr/lib/qubes
+install qubes_rpc/qrun-in-vm $RPM_BUILD_ROOT/usr/lib/qubes
 install qubes_rpc/sync-ntp-clock $RPM_BUILD_ROOT/usr/lib/qubes
 install qubes_rpc/prepare-suspend $RPM_BUILD_ROOT/usr/lib/qubes
 install -d $RPM_BUILD_ROOT/%{kde_service_dir}
@@ -419,7 +419,6 @@ rm -rf $RPM_BUILD_ROOT
 /usr/lib/qubes/serial.conf
 /usr/lib/qubes/setup_ip
 /usr/lib/qubes/vm-file-editor
-/usr/lib/qubes/vm-shell
 /usr/lib/qubes/wrap_in_html_if_url.sh
 /usr/lib/yum-plugins/yum-qubes-hooks.py*
 /usr/sbin/qubes_firewall

From 294e3c63699efdb455363447a739e6c5e07d4b3d Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Sat, 14 Jul 2012 23:07:01 +0200
Subject: [PATCH 3/4] vm: implement qubes.GetAppmenus to reduce code
 duplication

As one-liner services are now real one-line, just do it.
---
 misc/qubes_trigger_sync_appmenus.sh | 2 +-
 qubes_rpc/qubes.GetAppmenus         | 2 ++
 rpm_spec/core-vm.spec               | 3 ++-
 3 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 qubes_rpc/qubes.GetAppmenus

diff --git a/misc/qubes_trigger_sync_appmenus.sh b/misc/qubes_trigger_sync_appmenus.sh
index 5390c2d..e848ea3 100755
--- a/misc/qubes_trigger_sync_appmenus.sh
+++ b/misc/qubes_trigger_sync_appmenus.sh
@@ -3,5 +3,5 @@
 UPDATEABLE=`/usr/bin/xenstore-read qubes_vm_updateable`
 
 if [ "$UPDATEABLE" = "True" ]; then
-    /usr/lib/qubes/qrexec_client_vm dom0 qubes.SyncAppMenus /bin/grep -H = /usr/share/applications/*.desktop
+    /usr/lib/qubes/qrexec_client_vm dom0 qubes.SyncAppMenus /bin/sh /etc/qubes_rpc/qubes.GetAppmenus
 fi
diff --git a/qubes_rpc/qubes.GetAppmenus b/qubes_rpc/qubes.GetAppmenus
new file mode 100644
index 0000000..cada68c
--- /dev/null
+++ b/qubes_rpc/qubes.GetAppmenus
@@ -0,0 +1,2 @@
+shopt -s nullglob
+/bin/grep -H = /usr/share/applications/*.desktop /usr/local/share/applications/*.desktop 2> /dev/null
diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec
index e73cdb8..9509403 100644
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@@ -163,7 +163,7 @@ install -d $RPM_BUILD_ROOT/%{kde_service_dir}
 install -m 0644 qubes_rpc/{qvm-copy.desktop,qvm-dvm.desktop} $RPM_BUILD_ROOT/%{kde_service_dir}
 install -d $RPM_BUILD_ROOT/etc/qubes_rpc
 install -m 0644 qubes_rpc/{qubes.Filecopy,qubes.OpenInVM,qubes.VMShell,qubes.SyncNtpClock} $RPM_BUILD_ROOT/etc/qubes_rpc
-install -m 0644 qubes_rpc/{qubes.SuspendPre,qubes.SuspendPost} $RPM_BUILD_ROOT/etc/qubes_rpc
+install -m 0644 qubes_rpc/{qubes.SuspendPre,qubes.SuspendPost,qubes.GetAppmenus} $RPM_BUILD_ROOT/etc/qubes_rpc
 
 install qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes
 install qrexec/qrexec_client_vm $RPM_BUILD_ROOT/usr/lib/qubes
@@ -371,6 +371,7 @@ rm -rf $RPM_BUILD_ROOT
 %dir /etc/qubes_rpc
 /etc/qubes_rpc/qubes.Filecopy
 /etc/qubes_rpc/qubes.OpenInVM
+/etc/qubes_rpc/qubes.GetAppmenus
 /etc/qubes_rpc/qubes.VMShell
 /etc/qubes_rpc/qubes.SyncNtpClock
 /etc/qubes_rpc/qubes.SuspendPre

From f9c1c7e986baaf218746be790cd53c3d18a7620b Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Mon, 16 Jul 2012 12:49:41 +0200
Subject: [PATCH 4/4] Revert "vm/spec: disable pam_systemd globally (#607)"
 (#626)

This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626).

Conflicts:

	rpm_spec/core-vm.spec
---
 rpm_spec/core-vm.spec | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec
index 9509403..7e2b034 100644
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@@ -188,13 +188,6 @@ install -D u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so
 %triggerin -- initscripts
 cp /usr/lib/qubes/serial.conf /etc/init/serial.conf
 
-%triggerin -- systemd
-# Disable pam_systemd - we (hopefully) don't need it, but it cause some minor
-# problems (http://wiki.qubes-os.org/trac/ticket/607)
-# /etc/pam.d/common-* are automatically (re)generated by authconfig, so its
-# modification will not be persistent -> must be done this way
-mv -f /%{_lib}/security/pam_systemd.so /%{_lib}/security/pam_systemd.so.disabled 2> /dev/null || :
-
 %post
 
 # disable some Upstart services
@@ -336,7 +329,6 @@ if [ "$1" = 0 ] ; then
     mv /var/lib/qubes/fstab.orig /etc/fstab
     mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
     mv /var/lib/qubes/serial.orig /etc/init/serial.conf
-    mv /%{_lib}/security/pam_systemd.so.disabled /%{_lib}/security/pam_systemd.so
 fi
 
 %postun