Fix VM settings running while / is readonly.

rpm_spec/core-vm.spec

@@ -549,6 +549,7 @@ The Qubes core startup configuration for SystemD init.
 /lib/systemd/system/qubes-network.service
 /lib/systemd/system/qubes-iptables.service
 /lib/systemd/system/qubes-sysinit.service
+/lib/systemd/system/qubes-early-vm-config.service
 /lib/systemd/system/qubes-update-check.service
 /lib/systemd/system/qubes-update-check.timer
 /lib/systemd/system/qubes-updates-proxy.service

vm-systemd/75-qubes-vm.preset

@@ -57,6 +57,7 @@ disable sshd.service
 disable tcsd.service
 
 enable qubes-sysinit.service
+enable qubes-early-vm-config.service
 enable qubes-db.service
 enable qubes-gui-agent.service
 enable qubes-update-check.timer

vm-systemd/qubes-early-vm-config.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Early Qubes VM settings
+DefaultDependencies=no
+Before=sysinit.target
+After=local-fs.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/lib/qubes/init/qubes-early-vm-config.sh
+
+[Install]
+WantedBy=sysinit.target

vm-systemd/qubes-early-vm-config.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+# This is invoked by qubes-early-vm-config.service.
+# It happens after local-fs.target is reached
+# but before sysinit.target is reached.
+
+# Source Qubes library.
+. /usr/lib/qubes/init/functions
+
+# Set the hostname
+if ! is_protected_file /etc/hostname ; then
+    name=`qubesdb-read /name`
+    if [ -n "$name" ]; then
+        hostname $name
+        if [ -e /etc/debian_version ]; then
+            ipv4_localhost_re="127\.0\.1\.1"
+        else
+            ipv4_localhost_re="127\.0\.0\.1"
+        fi
+        sed -i "s/^\($ipv4_localhost_re\(\s.*\)*\s\).*$/\1${name}/" /etc/hosts
+        sed -i "s/^\(::1\(\s.*\)*\s\).*$/\1${name}/" /etc/hosts
+    fi
+fi
+
+# Set the timezone
+if ! is_protected_file /etc/timezone ; then
+    timezone=`qubesdb-read /qubes-timezone 2> /dev/null`
+    if [ -n "$timezone" ]; then
+        ln -sf ../usr/share/zoneinfo/"$timezone" /etc/localtime
+        if [ -e /etc/debian_version ]; then
+            echo "$timezone" > /etc/timezone
+        elif test -d /etc/sysconfig ; then
+            echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock
+            echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
+        fi
+    fi
+fi

vm-systemd/qubes-sysinit.sh

@@ -60,35 +60,6 @@ for srv in `qubesdb-multiread /qubes-service/ 2>/dev/null |grep ' = 0'|cut -f 1
     rm -f /var/run/qubes-service/$srv
 done
 
-# Set the hostname
-if ! is_protected_file /etc/hostname ; then
-    name=`qubesdb-read /name`
-    if [ -n "$name" ]; then
-        hostname $name
-        if [ -e /etc/debian_version ]; then
-            ipv4_localhost_re="127\.0\.1\.1"
-        else
-            ipv4_localhost_re="127\.0\.0\.1"
-        fi
-        sed -i "s/^\($ipv4_localhost_re\(\s.*\)*\s\).*$/\1${name}/" /etc/hosts
-        sed -i "s/^\(::1\(\s.*\)*\s\).*$/\1${name}/" /etc/hosts
-    fi
-fi
-
-# Set the timezone
-if ! is_protected_file /etc/timezone ; then
-    timezone=`qubesdb-read /qubes-timezone 2> /dev/null`
-    if [ -n "$timezone" ]; then
-        ln -sf ../usr/share/zoneinfo/"$timezone" /etc/localtime
-        if [ -e /etc/debian_version ]; then
-            echo "$timezone" > /etc/timezone
-        elif test -d /etc/sysconfig ; then
-            echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock
-            echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
-        fi
-    fi
-fi
-
 # Prepare environment for other services
 echo > /var/run/qubes-service-environment