Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

archlinux: reorganize install script to make it more easily compareable with the .spec file

Browse Source
This commit is contained in:
Olivier MEDOC 2015-07-08 15:01:21 +02:00
parent 0373f1cdfb
commit d84c07295b
1 changed files with 350 additions and 220 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

442
archlinux/PKGBUILD.install
View File

@ -1,4 +1,160 @@
###################
## Install Hooks ##
###################
installOverridenServices() {
UNITDIR=/lib/systemd/system
OVERRIDEDIR=/usr/lib/qubes/init
# Install overriden services only when original exists
for srv in %*; do
if [ -f $UNITDIR/$srv.service ]; then
cp $OVERRIDEDIR/$srv.service /etc/systemd/system/
systemctl is-enabled $srv.service >/dev/null && systemctl --no-reload reenable $srv.service 2>/dev/null
fi
if [ -f $UNITDIR/$srv.socket -a -f $OVERRIDEDIR/$srv.socket ]; then
cp $OVERRIDEDIR/$srv.socket /etc/systemd/system/
systemctl is-enabled $srv.socket >/dev/null && systemctl --no-reload reenable $srv.socket 2>/dev/null
fi
if [ -f $UNITDIR/$srv.path -a -f $OVERRIDEDIR/$srv.path ]; then
cp $OVERRIDEDIR/$srv.path /etc/systemd/system/
systemctl is-enabled $srv.path >/dev/null && systemctl --no-reload reenable $srv.path 2>/dev/null
fi
done
systemctl daemon-reload
}
configure_initscripts() {
if [ -e /etc/init/serial.conf ]; then
cp /usr/share/qubes/serial.conf /etc/init/serial.conf
fi
}
configure_pulseaudio() {
sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/pulseaudio.desktop
echo 'NotShowIn=QUBES;' >> /etc/xdg/autostart/pulseaudio.desktop
}
configure_iptables() {
if ! grep -q IPTABLES_DATA /etc/sysconfig/iptables-config; then
cat <<EOF >>/etc/sysconfig/iptables-config
### Automatically added by Qubes:
# Override default rules location on Qubes
IPTABLES_DATA=/etc/sysconfig/iptables.qubes
EOF
fi
if ! grep -q IP6TABLES_DATA /etc/sysconfig/ip6tables-config; then
cat <<EOF >>/etc/sysconfig/ip6tables-config
### Automatically added by Qubes:
# Override default rules location on Qubes
IP6TABLES_DATA=/etc/sysconfig/ip6tables.qubes
EOF
fi
}
configure_notification-daemon() {
# Enable autostart of notification-daemon when installed
ln -s /usr/share/applications/notification-daemon.desktop /etc/xdg/autostart/
}
configure_selinux() {
# SELinux is not enabled on archlinux
#echo "--> Disabling SELinux..."
sed -e s/^SELINUX=.*$/SELINUX=disabled/ </etc/selinux/config >/etc/selinux/config.processed
mv /etc/selinux/config.processed /etc/selinux/config
setenforce 0 2>/dev/null
}
configure_networkmanager() {
installOverridenServices ModemManager NetworkManager NetworkManager-wait-online
# Disable D-BUS activation of NetworkManager - in AppVm it causes problems (eg PackageKit timeouts)
systemctl mask dbus-org.freedesktop.NetworkManager.service 2> /dev/null
# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=974811
systemctl enable NetworkManager-dispatcher.service 2> /dev/null
}
configure_cups() {
installOverridenServices cups
}
configure_cronie() {
installOverridenServices crond
}
configure_crony() {
installOverridenServices chronyd
}
###########################
## Pre-Install functions ##
###########################
update_default_user() {
# Make sure there is a qubes group
groupadd --force --system --gid 98 qubes
# Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this.
# See https://bugs.archlinux.org/task/31831
id -u 'user' >/dev/null 2>&1 || {
useradd --user-group --create-home --shell /bin/zsh user
}
usermod -a --groups qubes user
}
## arg 1: the new package version
pre_install() {
echo "Pre install..."
update_default_user
# do this whole %pre thing only when updating for the first time...
mkdir -p /var/lib/qubes
# Backup fstab / But use archlinux defaults (cp instead of mv)
if [ -e /etc/fstab ] ; then
cp /etc/fstab /var/lib/qubes/fstab.orig
fi
# Add qubes core related fstab entries
echo "xen /proc/xen xenfs defaults 0 0" >> /etc/fstab
usermod -p '' root
usermod -L user
}
## arg 1: the new package version
## arg 2: the old package version
pre_upgrade() {
# do something here
echo "Pre upgrade..."
update_default_user
}
############################
## Post-Install functions ##
############################
remove_ShowIn () { remove_ShowIn () {
if [ -e /etc/xdg/autostart/$1.desktop ]; then if [ -e /etc/xdg/autostart/$1.desktop ]; then
sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop
@ -42,9 +198,6 @@ done
echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || : echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || :
echo 'OnlyShowIn=GNOME;QUBES;' >> /etc/xdg/autostart/nm-applet.desktop || : echo 'OnlyShowIn=GNOME;QUBES;' >> /etc/xdg/autostart/nm-applet.desktop || :
# Enable autostart of notification-daemon when installed
ln -s /usr/share/applications/notification-daemon.desktop /etc/xdg/autostart/
} }
update_qubesconfig() { update_qubesconfig() {
@ -66,13 +219,117 @@ if [ -L /lib/firmware/updates ]; then
rm -f /lib/firmware/updates rm -f /lib/firmware/updates
fi fi
# Yum proxy configuration is fedora specific
#if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf' /etc/yum.conf; then
# echo >> /etc/yum.conf
# echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf
# echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf
#fi
# Revert 'Prevent unnecessary updates in VMs':
#sed -i -e '/^exclude = kernel/d' /etc/yum.conf
# Location of files which contains list of protected files
mkdir -p /etc/qubes/protected-files.d
PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
# qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content # qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content
if ! grep -rq "^/etc/hosts$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
if ! grep -q localhost /etc/hosts; then if ! grep -q localhost /etc/hosts; then
cat <<EOF > /etc/hosts cat <<EOF > /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 `hostname` 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 `hostname`
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF EOF
fi fi
fi
# Make sure that /etc/sysconfig/ip(|6)tables exists. Otherwise iptales.service
# would not start (even when configured to use another configuration file.
if [ ! -e '/etc/sysconfig/iptables' ]; then
ln -s iptables.qubes /etc/sysconfig/iptables
fi
if [ ! -e '/etc/sysconfig/ip6tables' ]; then
ln -s ip6tables.qubes /etc/sysconfig/ip6tables
fi
# ensure that hostname resolves to 127.0.0.1 resp. ::1 and that /etc/hosts is
# in the form expected by qubes-sysinit.sh
if ! grep -rq "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
for ip in '127\.0\.0\.1' '::1'; do
if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then
sed -i "/^${ip}\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts
sed -i "s/^${ip}\(\s\|$\).*$/\0 `hostname`/" /etc/hosts
else
echo "${ip} `hostname`" >> /etc/hosts
fi
done
fi
# Make sure there is a default locale set so gnome-terminal will start
if [ ! -e /etc/locale.conf ] || ! grep -q LANG /etc/locale.conf; then
touch /etc/locale.conf
echo "LANG=en_US.UTF-8" >> /etc/locale.conf
fi
# ... and make sure it is really generated
current_locale=`grep LANG /etc/locale.conf|cut -f 2 -d =`
if [ -n "$current_locale" ] && ! locale -a | grep -q "$current_locale"; then
base=`echo "$current_locale" | cut -f 1 -d .`
charmap=`echo "$current_locale.UTF-8" | cut -f 2 -d .`
[ -n "$charmap" ] && charmap="-f $charmap"
localedef -i $base $charmap $current_locale
fi
}
update_systemd_finalize() {
# Archlinux specific: Update pam.d configuration for su to enable systemd-login wrapper
if [ -z "`cat /etc/pam.d/su | grep system-login`" ] ; then
echo "Fixing pam.d"
sed '/auth\t\trequired\tpam_unix.so/aauth\t\tinclude\t\tsystem-login' -i /etc/pam.d/su
sed '/account\t\trequired\tpam_unix.so/aaccount\t\tinclude\t\tsystem-login' -i /etc/pam.d/su
sed '/session\t\trequired\tpam_unix.so/asession\t\tinclude\t\tsystem-login' -i /etc/pam.d/su
cp /etc/pam.d/su /etc/pam.d/su-l
fi
# Set default "runlevel"
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
grep '^[[:space:]]*[^#;]' /lib/systemd/system-preset/75-qubes-vm.preset | while read action unit_name; do
case "$action" in
(disable)
if [ -f /lib/systemd/system/$unit_name.service ]; then
if ! fgrep -q '[Install]' /lib/systemd/system/$unit_name; then
# forcibly disable
ln -sf /dev/null /etc/systemd/system/$unit_name
fi
fi
;;
esac
done
# Archlinux specific: ensure tty1 is enabled
rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
systemctl enable getty\@tty1.service
systemctl daemon-reload
}
## arg 1: the new package version
post_install() {
update_xdgstart
update_qubesconfig
# do the rest of %post thing only when updating for the first time...
if [ -e /etc/init/serial.conf ] && ! [ -f /var/lib/qubes/serial.orig ] ; then
cp /etc/init/serial.conf /var/lib/qubes/serial.orig
fi
# Remove most of the udev scripts to speed up the VM boot time # Remove most of the udev scripts to speed up the VM boot time
# Just leave the xen* scripts, that are needed if this VM was # Just leave the xen* scripts, that are needed if this VM was
@ -96,168 +353,43 @@ do
mv $f /var/lib/qubes/removed-udev-scripts/ mv $f /var/lib/qubes/removed-udev-scripts/
done done
}
update_systemd() {
echo "Updating systemd configuration for Qubes..."
echo "Enabling tty1"
# Archlinux specific: ensure tty1 is enabled
rm -f /etc/systemd/system/getty.target.wants/getty\@tty*.service
systemctl enable getty\@tty1.service
# Archlinux specific: Update pam.d configuration for su to enable systemd-login wrapper
if [ -z "`cat /etc/pam.d/su | grep system-login`" ] ; then
echo "Fixing pam.d"
sed '/auth\t\trequired\tpam_unix.so/aauth\t\tinclude\t\tsystem-login' -i /etc/pam.d/su
sed '/account\t\trequired\tpam_unix.so/aaccount\t\tinclude\t\tsystem-login' -i /etc/pam.d/su
sed '/session\t\trequired\tpam_unix.so/asession\t\tinclude\t\tsystem-login' -i /etc/pam.d/su
cp /etc/pam.d/su /etc/pam.d/su-l
fi
echo "Enabling qubes specific services"
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-yum-proxy qubes-qrexec-agent qubes-ensure-lib-modules; do
if [ -f /lib/systemd/system/$srv.service ]; then
if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then
systemctl enable "$srv"
# 2> /dev/null
else
echo "WARNING: Cannot enable qubes service $srv: unit cannot be installed"
fi
else
echo "WARNING: Cannot enable qubes service $srv: unit does not exists"
fi
done
systemctl enable qubes-update-check.timer 2> /dev/null
UNITDIR=/lib/systemd/system
OVERRIDEDIR=/usr/lib/qubes/init
# Install overriden services only when original exists
for srv in cups NetworkManager NetworkManager-wait-online ntpd chronyd; do
if [ -f $UNITDIR/$srv.service ]; then
cp $OVERRIDEDIR/$srv.service /etc/systemd/system/
fi
if [ -f $UNITDIR/$srv.socket -a -f $OVERRIDEDIR/$srv.socket ]; then
cp $OVERRIDEDIR/$srv.socket /etc/systemd/system/
fi
if [ -f $UNITDIR/$srv.path -a -f $OVERRIDEDIR/$srv.path ]; then
cp $OVERRIDEDIR/$srv.service /etc/systemd/system/
fi
done
# Set default "runlevel"
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
DISABLE_SERVICES="alsa-store alsa-restore auditd avahi avahi-daemon backuppc cpuspeed crond"
DISABLE_SERVICES="$DISABLE_SERVICES fedora-autorelabel fedora-autorelabel-mark ipmi hwclock-load hwclock-save"
DISABLE_SERVICES="$DISABLE_SERVICES mdmonitor multipathd openct rpcbind mcelog fedora-storage-init fedora-storage-init-late"
DISABLE_SERVICES="$DISABLE_SERVICES plymouth-start plymouth-read-write plymouth-quit plymouth-quit-wait"
DISABLE_SERVICES="$DISABLE_SERVICES sshd tcsd sm-client sendmail mdmonitor-takeover"
DISABLE_SERVICES="$DISABLE_SERVICES rngd smartd upower irqbalance colord"
for srv in $DISABLE_SERVICES; do
if [ -f /lib/systemd/system/$srv.service ]; then
if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then
systemctl disable $srv.service 2> /dev/null
else
# forcibly disable
ln -sf /dev/null /etc/systemd/system/$srv.service
fi
fi
done
# Disable original service to enable overriden one
systemctl disable NetworkManager.service 2> /dev/null
# Disable D-BUS activation of NetworkManager - in AppVm it causes problems (eg PackageKit timeouts)
systemctl mask dbus-org.freedesktop.NetworkManager.service 2> /dev/null
# Enable some services
ENABLE_SERVICES="iptables ip6tables ip6tables rsyslog ntpd haveged"
ENABLE_SERVICES="$ENABLE_SERVICES NetworkManager"
# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=974811
ENABLE_SERVICES="$ENABLE_SERVICES NetworkManager-dispatcher"
# Enable cups only when it is real SystemD service
ENABLE_SERVICES="$ENABLE_SERVICES cups"
for srv in $ENABLE_SERVICES; do
if [ -f /lib/systemd/system/$srv.service ]; then
if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then
echo "Enabling service $srv"
systemctl enable "$srv"
# 2> /dev/null
fi
fi
done
}
## arg 1: the new package version
pre_install() {
echo "Pre install..."
# do this whole %pre thing only when updating for the first time...
mkdir -p /var/lib/qubes
# Backup fstab / But use archlinux defaults (cp instead of mv)
if [ -e /etc/fstab ] ; then
cp /etc/fstab /var/lib/qubes/fstab.orig
fi
# Add qubes core related fstab entries
echo "xen /proc/xen xenfs defaults 0 0" >> /etc/fstab
# Add a qubes group
groupadd --force --system --gid 98 qubes
# Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this.
# See https://bugs.archlinux.org/task/31831
useradd --shell /bin/zsh --create-home user
usermod -a --groups qubes user
}
## arg 1: the new package version
post_install() {
update_xdgstart
update_qubesconfig
update_systemd
# do the rest of %post thing only when updating for the first time...
# Note: serial console wont work this way on archlinux. Maybe better using systemd ?
#if [ -e /etc/init/serial.conf ] && ! [ -f /var/lib/qubes/serial.orig ] ; then
# cp /etc/init/serial.conf /var/lib/qubes/serial.orig
#fi
# SELinux is not enabled on archlinux
# echo "--> Disabling SELinux..."
# sed -e s/^SELINUX=.*$/SELINUX=disabled/ </etc/selinux/config >/etc/selinux/config.processed
# mv /etc/selinux/config.processed /etc/selinux/config
# setenforce 0 2>/dev/null
mkdir -p /rw mkdir -p /rw
systemctl --no-reload preset-all
update_systemd_finalize
glib-compile-schemas /usr/share/glib-2.0/schemas &> /dev/null || :
} }
## arg 1: the new package version ## arg 1: the new package version
## arg 2: the old package version ## arg 2: the old package version
post_upgrade() { post_upgrade() {
update_xdgstart update_xdgstart
update_systemd
update_qubesconfig
services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-home"
services="$services qubes-netwatcher qubes-network qubes-sysinit"
services="$services qubes-updates-proxy qubes-qrexec-agent"
for srv in $services; do
systemctl --no-reload preset $srv.service
done
systemctl --no-reload preset qubes-update-check.timer
update_systemd_finalize
/usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas &> /dev/null || :
} }
## arg 1: the new package version ######################
## arg 2: the old package version ## Remove functions ##
pre_upgrade() { ######################
# do something here
echo "Pre upgrade..."
}
## arg 1: the old package version ## arg 1: the old package version
pre_remove() { pre_remove() {
@ -282,11 +414,9 @@ post_remove() {
rm /lib/firmware/updates rm /lib/firmware/updates
fi fi
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-qrexec-agent qubes-yum-proxy qubes-ensure-lib-modules; do for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-home qubes-netwatcher qubes-network qubes-qrexec-agent; do
systemctl disable $srv.service systemctl disable $srv.service
done do
systemctl disable qubes-update-check.timer
} }