From c2596a04359a7c0c7859680544cc4b18342dce7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Fri, 30 Oct 2015 15:13:56 +0100
Subject: [PATCH] Setup updates proxy in dnf and PackageKit

DNF doesn't support even including another config file, so all the
settings needs to go into `/etc/dnf/dnf.conf`. The same about
PackageKit, which is needed because it doesn't use `dnf.conf`:
http://lists.freedesktop.org/archives/packagekit/2015-September/026389.html

Because that proxy settings goes to so many places now, create a
separate script for that.

QubesOS/qubes-issues#1282
QubesOS/qubes-issues#1197
---
 Makefile                     |   1 +
 network/update-proxy-configs | 117 +++++++++++++++++++++++++++++++++++
 rpm_spec/core-vm.spec        |   4 ++
 vm-init.d/qubes-core         |   8 +--
 vm-systemd/misc-post.sh      |  16 +----
 5 files changed, 124 insertions(+), 22 deletions(-)
 create mode 100755 network/update-proxy-configs

diff --git a/Makefile b/Makefile
index f5a6776..888cf95 100644
--- a/Makefile
+++ b/Makefile
@@ -169,6 +169,7 @@ install-common:
 	install -m 0644 network/show-hide-nm-applet.desktop $(DESTDIR)/etc/xdg/autostart/00-qubes-show-hide-nm-applet.desktop
 	install -m 0400 -D network/iptables $(DESTDIR)/etc/qubes/iptables.rules
 	install -m 0400 -D network/ip6tables $(DESTDIR)/etc/qubes/ip6tables.rules
+	install -m 0755 network/update-proxy-configs $(DESTDIR)$(LIBDIR)/qubes/
 
 
 	install -d $(DESTDIR)/$(SBINDIR)
diff --git a/network/update-proxy-configs b/network/update-proxy-configs
new file mode 100755
index 0000000..7a0afd7
--- /dev/null
+++ b/network/update-proxy-configs
@@ -0,0 +1,117 @@
+#!/bin/sh
+#
+# The Qubes OS Project, http://www.qubes-os.org
+#
+# Copyright (C) 2015  Marek Marczykowski-Górecki 
+#                           <marmarek@invisiblethingslab.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+#
+
+BEGIN_MARKER="### QUBES BEGIN ###"
+END_MARKER="### QUBES END ###"
+
+set -e
+
+### helper functions begin ###
+
+# set proxy in given config file
+update_conf() {
+    local CONF_PATH="$1"
+    local CONF_OPTIONS="$2"
+
+    # Ensure that Qubes conf markers are present in the file
+    if ! grep -q "$BEGIN_MARKER" $CONF_PATH; then
+        if grep -q "$END_MARKER" $CONF_PATH; then
+            echo "ERROR: found QUBES END marker but not QUBES BEGIN in ${CONF_PATH}" >&2
+            echo "Fix the file by either removing both of them, or adding missing back and retry" >&2
+            exit 1
+        fi
+        cp $CONF_PATH ${CONF_PATH}.qubes-orig
+        echo "$BEGIN_MARKER" >> $CONF_PATH
+        echo "$END_MARKER" >> $CONF_PATH
+    elif ! grep -q "$END_MARKER" $CONF_PATH; then
+        echo "ERROR: found QUBES BEGIN marker but not QUBES END in ${CONF_PATH}" >&2
+        echo "Fix the file by either removing both of them, or adding missing back and retry" >&2
+        exit 1
+    fi
+
+    # Prepare config block
+    cat > ${CONF_PATH}.qubes <<EOF
+# This part of configuration, until QUBES END, is automatically generated by
+# $0. All changes here will be overriden.
+# If you want to override any option set here, set it again to desired value,
+# below this section
+$CONF_OPTIONS
+EOF
+
+    # And insert it between the markers
+    sed -i -e "/^$BEGIN_MARKER$/,/^$END_MARKER$/{
+        /^$END_MARKER$/b
+        /^$BEGIN_MARKER$/!d
+        r ${CONF_PATH}.qubes
+        }" ${CONF_PATH}
+}
+
+### helper functions end
+
+# Determine whether the proxy should be used
+if [ -f /var/run/qubes-service/yum-proxy-setup -o -f /var/run/qubes-service/updates-proxy-setup ]; then
+    PROXY_ADDR="http://10.137.255.254:8082/"
+    PROXY_CONF_ENTRY="proxy=$PROXY_ADDR"
+else
+    PROXY_ADDR=""
+    # do not proxy at all (for example dnf.conf doesn't tolerate empty entry)
+    PROXY_CONF_ENTRY=""
+fi
+
+# For programs supporting .d style configs, it's simple
+if [ -d /etc/apt/apt.conf.d ]; then
+    if [ -n "$PROXY_ADDR" ]; then
+        cat > /etc/apt/apt.conf.d/01qubes-proxy <<EOF
+### This file is automatically generated by Qubes ($0 script).
+### All modifications here will be lost.
+### If you want to override some of this settings, create another file under 
+### /etc/apt/apt.conf.d.
+
+Acquire::http::Proxy "$PROXY_ADDR";
+EOF
+    else
+        rm -f /etc/apt/apt.conf.d/01qubes-proxy
+    fi
+fi
+
+# Yum at least supports including an individual config files
+if [ -d /etc/yum.conf.d ]; then
+    cat > /etc/yum.conf.d/qubes-proxy.conf <<EOF
+### This file is automatically generated by Qubes ($0 script).
+### All modifications here will be lost.
+### If you want to override some of this settings, add them in /etc/yum.conf
+### below a "include=/etc/yum.conf.d/qubes-proxy.conf" line.
+
+$PROXY_CONF_ENTRY
+EOF
+fi
+
+# DNF configuration doesn't support including other files
+if [ -e /etc/dnf/dnf.conf ]; then
+    update_conf /etc/dnf/dnf.conf "$PROXY_CONF_ENTRY"
+fi
+
+# The same goes for PackageKit...
+if [ -e /etc/PackageKit/PackageKit.conf ]; then
+    update_conf /etc/PackageKit/PackageKit.conf "ProxyHTTP=$PROXY_ADDR"
+fi
diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec
index e1f0023..2835b82 100644
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@@ -151,6 +151,9 @@ if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf' /etc/yum.conf; then
   echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf
 fi
 
+# And actually setup the proxy usage in package managers
+/usr/lib/qubes/update-proxy-configs
+
 # Revert 'Prevent unnecessary updates in VMs':
 sed -i -e '/^exclude = kernel/d' /etc/yum.conf
 
@@ -372,6 +375,7 @@ rm -f %{name}-%{version}
 /usr/lib/qubes/iptables-updates-proxy
 /usr/lib/qubes/close-window
 /usr/lib/qubes/xdg-icon
+/usr/lib/qubes/update-proxy-configs
 /usr/lib/yum-plugins/yum-qubes-hooks.py*
 /usr/lib64/python2.7/site-packages/qubes/xdg.py*
 /usr/sbin/qubes-firewall
diff --git a/vm-init.d/qubes-core b/vm-init.d/qubes-core
index 08cf189..69625f5 100755
--- a/vm-init.d/qubes-core
+++ b/vm-init.d/qubes-core
@@ -49,13 +49,7 @@ start()
 		fi
 	fi
 
-	yum_proxy_setup=$(/usr/bin/qubesdb-read /qubes-service/yum-proxy-setup 2> /dev/null || /usr/bin/qubesdb-read /qubes-service/updates-proxy-setup 2> /dev/null)
-	type=$(/usr/bin/qubesdb-read /qubes-vm-type)
-	if [ "$yum_proxy_setup" != "0" ] || [ -z "$yum_proxy_setup" -a "$type" == "TemplateVM" ]; then
-		echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
-	else
-		echo > /etc/yum.conf.d/qubes-proxy.conf
-	fi
+	/usr/lib/qubes/update-proxy-configs
 
 	# Set IP address again (besides action in udev rules); this is needed by
 	# DispVM (to override DispVM-template IP) and in case when qubes-ip was
diff --git a/vm-systemd/misc-post.sh b/vm-systemd/misc-post.sh
index 4f5925f..d02ff5d 100755
--- a/vm-systemd/misc-post.sh
+++ b/vm-systemd/misc-post.sh
@@ -1,20 +1,6 @@
 #!/bin/sh
 
-if [ -f /var/run/qubes-service/yum-proxy-setup -o -f /var/run/qubes-service/updates-proxy-setup ]; then
-    if [ -d /etc/apt/apt.conf.d ]; then
-        echo 'Acquire::http::Proxy "http://10.137.255.254:8082/";' > /etc/apt/apt.conf.d/01qubes-proxy
-    fi
-    if [ -d /etc/yum.conf.d ]; then
-        echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
-    fi
-else
-    if [ -d /etc/apt/apt.conf.d ]; then
-        rm -f /etc/apt/apt.conf.d/01qubes-proxy
-    fi
-    if [ -d /etc/yum.conf.d ]; then
-        echo > /etc/yum.conf.d/qubes-proxy.conf
-    fi
-fi
+/usr/lib/qubes/update-proxy-configs
 
 if [ -n "`ls -A /usr/local/lib 2>/dev/null`" -o \
      -n "`ls -A /usr/local/lib64 2>/dev/null`" ]; then