From 281a27cd39e71bc8c5d1d94ce324f1f7b5c5d6d0 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Thu, 5 Jul 2012 01:30:47 +0200 Subject: [PATCH 1/3] vm/qubes-update-proxy: update URL whitelist --- network/filter-qubes-yum | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network/filter-qubes-yum b/network/filter-qubes-yum index b244f3c..ee5c777 100644 --- a/network/filter-qubes-yum +++ b/network/filter-qubes-yum @@ -1,4 +1,4 @@ -.*/repodata/[A-Za-z0-9-]*\(primary\|filelist\|comps\(-[a-z0-9]*\)\?\|other\|prestodelta\)\.\(sqlite\|xml\)\(\.bz2\|\.gz\)\?$ +.*/repodata/[A-Za-z0-9-]*\(primary\|filelist\|comps\(-[a-z0-9]*\)\?\|other\|prestodelta\|updateinfo\)\.\(sqlite\|xml\)\(\.bz2\|\.gz\)\?$ .*/repodata/repomd\.xml$ .*\.rpm$ .*\.drpm$ From 9a5370dc8535fc8c6be4c76b76ace592e5403827 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Thu, 5 Jul 2012 01:31:32 +0200 Subject: [PATCH 2/3] vm/spec: disable pam_systemd globally (#607) Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to be much more realiable. --- rpm_spec/core-vm.spec | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index 3cb6a6b..71316f7 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -179,6 +179,9 @@ install -D u2mfn/libu2mfn.so $RPM_BUILD_ROOT/%{_libdir}/libu2mfn.so %triggerin -- initscripts cp /usr/lib/qubes/serial.conf /etc/init/serial.conf +%triggerin -- systemd +mv -f /%{_lib}/security/pam_systemd.so /%{_lib}/security/pam_systemd.so.disabled + %post # disable some Upstart services @@ -246,6 +249,12 @@ if ! [ -e /lib/firmware/updates ]; then ln -s /lib/modules/firmware /lib/firmware/updates fi +# Disable pam_systemd - we (hopefully) don't need it, but it cause some minor +# problems (http://wiki.qubes-os.org/trac/ticket/607) +# /etc/pam.d/common-* are automatically (re)generated by authconfig, so its +# modification will not be persistent -> must be done this way +mv -f /%{_lib}/security/pam_systemd.so /%{_lib}/security/pam_systemd.so.disabled + if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf'; then echo >> /etc/yum.conf echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf @@ -320,6 +329,7 @@ if [ "$1" = 0 ] ; then mv /var/lib/qubes/fstab.orig /etc/fstab mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/ mv /var/lib/qubes/serial.orig /etc/init/serial.conf + mv /%{_lib}/security/pam_systemd.so.disabled /%{_lib}/security/pam_systemd.so fi %postun From f7a66452377b42e695c9a35edac81e2349bb7110 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Thu, 5 Jul 2012 01:33:22 +0200 Subject: [PATCH 3/3] vm: disable D-Bus activation of NetworkManager (#610) --- rpm_spec/core-vm.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index 71316f7..de05838 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -559,6 +559,10 @@ done /bin/systemctl enable qubes-update-check.timer 2> /dev/null +# Disable D-BUS activation of NetworkManager - in AppVm it causes problems (eg PackageKit timeouts) +/bin/systemctl disable NetworkManager.service 2> /dev/null +/bin/systemctl mask dbus-org.freedesktop.NetworkManager.service 2> /dev/null + # Install overriden services only when original exists for srv in cups NetworkManager ntpd; do if [ -f /lib/systemd/system/$srv.service ]; then