Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use Qubes DB instead of Xenstore

Browse Source
This commit is contained in:
Marek Marczykowski 2013-06-07 05:20:55 +02:00 committed by Marek Marczykowski-Górecki
parent a3aab7dab2
commit db35abadc8
19 changed files with 76 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
misc/qubes-trigger-sync-appmenus.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
UPDATEABLE=`/usr/bin/xenstore-read qubes-vm-updateable` UPDATEABLE=`/usr/bin/qubesdb-read /qubes-vm-updateable`
if [ "$UPDATEABLE" = "True" ]; then if [ "$UPDATEABLE" = "True" ]; then
/usr/lib/qubes/qrexec-client-vm dom0 qubes.SyncAppMenus /bin/sh /etc/qubes-rpc/qubes.GetAppmenus /usr/lib/qubes/qrexec-client-vm dom0 qubes.SyncAppMenus /bin/sh /etc/qubes-rpc/qubes.GetAppmenus

4
network/30-qubes-external-ip
View File

@ -1,8 +1,8 @@
#!/bin/sh #!/bin/sh
if [ x$2 == xup ]; then if [ x$2 == xup ]; then
INET=$(/sbin/ip addr show dev $1 | /bin/grep inet) INET=$(/sbin/ip addr show dev $1 | /bin/grep inet)
/usr/bin/xenstore-write qubes-netvm-external-ip "$INET" /usr/bin/qubesdb-write /qubes-netvm-external-ip "$INET"
fi fi
if [ x$2 == xdown ]; then if [ x$2 == xdown ]; then
/usr/bin/xenstore-write qubes-netvm-external-ip "" /usr/bin/qubesdb-write /qubes-netvm-external-ip ""
fi fi

20
network/qubes-firewall
View File

@ -2,9 +2,9 @@
set -e set -e
PIDFILE=/var/run/qubes/qubes-firewall.pid PIDFILE=/var/run/qubes/qubes-firewall.pid
XENSTORE_IPTABLES=qubes-iptables XENSTORE_IPTABLES=/qubes-iptables
XENSTORE_IPTABLES_HEADER=qubes-iptables-header XENSTORE_IPTABLES_HEADER=/qubes-iptables-header
XENSTORE_ERROR=qubes-iptables-error XENSTORE_ERROR=/qubes-iptables-error
OLD_RULES="" OLD_RULES=""
# PIDfile handling # PIDfile handling
[[ -e $PIDFILE ]] && kill -s 0 $(<$PIDFILE) 2>/dev/null && exit 0 [[ -e $PIDFILE ]] && kill -s 0 $(<$PIDFILE) 2>/dev/null && exit 0
@ -22,9 +22,9 @@ while true; do
FIRST_TIME= FIRST_TIME=
TRIGGER=reload TRIGGER=reload
else else
# Wait for changes in xenstore file # Wait for changes in qubesdb file
/usr/bin/xenstore-watch-qubes $XENSTORE_IPTABLES /usr/bin/qubesdb-watch $XENSTORE_IPTABLES
TRIGGER=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES) TRIGGER=$(/usr/bin/qubesdb-read $XENSTORE_IPTABLES)
fi fi
if ! [ "$TRIGGER" = "reload" ]; then continue ; fi if ! [ "$TRIGGER" = "reload" ]; then continue ; fi
@ -34,19 +34,19 @@ while true; do
# during the time when the rules are being (re)applied # during the time when the rules are being (re)applied
echo "0" > /proc/sys/net/ipv4/ip_forward echo "0" > /proc/sys/net/ipv4/ip_forward
RULES=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES_HEADER) RULES=$(/usr/bin/qubesdb-read $XENSTORE_IPTABLES_HEADER)
IPTABLES_SAVE=$(/sbin/iptables-save | sed '/^\*filter/,/^COMMIT/d') IPTABLES_SAVE=$(/sbin/iptables-save | sed '/^\*filter/,/^COMMIT/d')
OUT=`echo -e "$RULES\n$IPTABLES_SAVE" | /sbin/iptables-restore 2>&1 || true` OUT=`echo -e "$RULES\n$IPTABLES_SAVE" | /sbin/iptables-restore 2>&1 || true`
for i in $(xenstore-list qubes-iptables-domainrules) ; do for i in $(qubesdb-list -f /qubes-iptables-domainrules) ; do
RULES=$(/usr/bin/xenstore-read qubes-iptables-domainrules/"$i") RULES=$(/usr/bin/qubesdb-read "$i")
ERRS=`echo -e "$RULES" | /sbin/iptables-restore -n 2>&1 || true` ERRS=`echo -e "$RULES" | /sbin/iptables-restore -n 2>&1 || true`
if [ -n "$ERRS" ]; then if [ -n "$ERRS" ]; then
echo "Failed applying rules for $i: $ERRS" >&2 echo "Failed applying rules for $i: $ERRS" >&2
OUT="$OUT$ERRS" OUT="$OUT$ERRS"
fi fi
done done
/usr/bin/xenstore-write $XENSTORE_ERROR "$OUT" /usr/bin/qubesdb-write $XENSTORE_ERROR "$OUT"
if [ -n "$OUT" ]; then if [ -n "$OUT" ]; then
DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || : DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || :
fi fi

22
network/setup-ip
View File

@ -1,16 +1,10 @@
#!/bin/sh #!/bin/sh
if [ -x /usr/sbin/xenstore-read ]; then ip=`/usr/bin/qubesdb-read /qubes-ip 2> /dev/null`
XENSTORE_READ="/usr/sbin/xenstore-read"
else
XENSTORE_READ="/usr/bin/xenstore-read"
fi
ip=`$XENSTORE_READ qubes-ip 2> /dev/null`
if [ x$ip != x ]; then if [ x$ip != x ]; then
netmask=`$XENSTORE_READ qubes-netmask` netmask=`/usr/bin/qubesdb-read /qubes-netmask`
gateway=`$XENSTORE_READ qubes-gateway` gateway=`/usr/bin/qubesdb-read /qubes-gateway`
secondary_dns=`$XENSTORE_READ qubes-secondary-dns` secondary_dns=`/usr/bin/qubesdb-read /qubes-secondary-dns`
/sbin/ifconfig $INTERFACE $ip netmask 255.255.255.255 /sbin/ifconfig $INTERFACE $ip netmask 255.255.255.255
/sbin/ifconfig $INTERFACE up /sbin/ifconfig $INTERFACE up
/sbin/route add -host $gateway dev $INTERFACE /sbin/route add -host $gateway dev $INTERFACE
@ -19,11 +13,11 @@ if [ x$ip != x ]; then
/sbin/ethtool -K $INTERFACE tx off /sbin/ethtool -K $INTERFACE tx off
echo "nameserver $gateway" > /etc/resolv.conf echo "nameserver $gateway" > /etc/resolv.conf
echo "nameserver $secondary_dns" >> /etc/resolv.conf echo "nameserver $secondary_dns" >> /etc/resolv.conf
network=$($XENSTORE_READ qubes-netvm-network 2>/dev/null) network=$(/usr/bin/qubesdb-read /qubes-netvm-network 2>/dev/null)
if [ "x$network" != "x" ]; then if [ "x$network" != "x" ]; then
gateway=$($XENSTORE_READ qubes-netvm-gateway) gateway=$(/usr/bin/qubesdb-read /qubes-netvm-gateway)
netmask=$($XENSTORE_READ qubes-netvm-netmask) netmask=$(/usr/bin/qubesdb-read /qubes-netvm-netmask)
secondary_dns=$($XENSTORE_READ qubes-netvm-secondary-dns) secondary_dns=$(/usr/bin/qubesdb-read /qubes-netvm-secondary-dns)
echo "NS1=$gateway" > /var/run/qubes/qubes-ns echo "NS1=$gateway" > /var/run/qubes/qubes-ns
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
/usr/lib/qubes/qubes-setup-dnat-to-ns /usr/lib/qubes/qubes-setup-dnat-to-ns

2
network/vif-route-qubes
View File

@ -54,7 +54,7 @@ if [ "${ip}" ] ; then
${cmdprefix} ip route ${ipcmd} ${addr} dev ${vif} metric $metric ${cmdprefix} ip route ${ipcmd} ${addr} dev ${vif} metric $metric
done done
${cmdprefix} iptables -t raw $iptables_cmd -i ${vif} \! -s ${ip} -j DROP ${cmdprefix} iptables -t raw $iptables_cmd -i ${vif} \! -s ${ip} -j DROP
back_ip=`xenstore-read qubes-netvm-gateway` back_ip=`qubesdb-read /qubes-netvm-gateway`
${cmdprefix} ip addr ${ipcmd} ${back_ip}/32 dev ${vif} ${cmdprefix} ip addr ${ipcmd} ${back_ip}/32 dev ${vif}
fi fi

2
rpm_spec/core-vm.spec
View File

@ -32,7 +32,6 @@ Group: Qubes
Vendor: Invisible Things Lab Vendor: Invisible Things Lab
License: GPL License: GPL
URL: http://www.qubes-os.org URL: http://www.qubes-os.org
Requires: /usr/bin/xenstore-read
Requires: fedora-release Requires: fedora-release
Requires: yum-plugin-post-transaction-actions Requires: yum-plugin-post-transaction-actions
Requires: NetworkManager >= 0.8.1-1 Requires: NetworkManager >= 0.8.1-1
@ -58,6 +57,7 @@ Requires: ImageMagick
Requires: fakeroot Requires: fakeroot
Requires: desktop-notification-daemon Requires: desktop-notification-daemon
Requires: qubes-libvchan Requires: qubes-libvchan
Requires: qubes-db-vm
Provides: qubes-core-vm Provides: qubes-core-vm
Obsoletes: qubes-core-commonvm Obsoletes: qubes-core-commonvm
Obsoletes: qubes-core-appvm Obsoletes: qubes-core-appvm

19
vm-init.d/qubes-core
View File

@ -10,19 +10,14 @@ start()
{ {
echo -n $"Executing Qubes Core scripts:" echo -n $"Executing Qubes Core scripts:"
if ! [ -x /usr/bin/xenstore-read ] ; then # Set permissions to /proc/xen/xenbus, so normal user can use qubesdb-read
echo "ERROR: /usr/bin/xenstore-read not found!"
exit 1
fi
# Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read
chmod 666 /proc/xen/xenbus chmod 666 /proc/xen/xenbus
# Set permissions to files needed to listen at vchan # Set permissions to files needed to listen at vchan
chmod 666 /proc/u2mfn chmod 666 /proc/u2mfn
mkdir -p /var/run/xen-hotplug mkdir -p /var/run/xen-hotplug
name=$(/usr/bin/xenstore-read name) name=$(/usr/bin/qubesdb-read /name)
if ! [ -f /etc/this-is-dvm ] ; then if ! [ -f /etc/this-is-dvm ] ; then
# we don't want to set hostname for DispVM # we don't want to set hostname for DispVM
# because it makes some of the pre-created dotfiles invalid (e.g. .kde/cache-<hostname>) # because it makes some of the pre-created dotfiles invalid (e.g. .kde/cache-<hostname>)
@ -31,15 +26,15 @@ start()
sed -i "s/^\(127\.0\.0\.1[\t ].*\) \($name \)\?\(.*\)/\1\2 $name/" /etc/hosts sed -i "s/^\(127\.0\.0\.1[\t ].*\) \($name \)\?\(.*\)/\1\2 $name/" /etc/hosts
fi fi
timezone=`/usr/bin/xenstore-read qubes-timezone 2> /dev/null` timezone=`/usr/bin/qubesdb-read /qubes-timezone 2> /dev/null`
if [ -n "$timezone" ]; then if [ -n "$timezone" ]; then
ln -f /usr/share/zoneinfo/$timezone /etc/localtime ln -f /usr/share/zoneinfo/$timezone /etc/localtime
echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock
echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
fi fi
yum_proxy_setup=$(/usr/bin/xenstore-read qubes-service/yum-proxy-setup 2> /dev/null || /usr/bin/xenstore-read qubes-service/updates-proxy-setup 2>/dev/null ) yum_proxy_setup=$(/usr/bin/qubesdb-read /qubes-service/yum-proxy-setup 2> /dev/null || /usr/bin/qubesdb-read /qubes-service/updates-proxy-setup 2> /dev/null)
type=$(/usr/bin/xenstore-read qubes-vm-type) type=$(/usr/bin/qubesdb-read /qubes-vm-type)
if [ "$yum_proxy_setup" != "0" ] || [ -z "$yum_proxy_setup" -a "$type" == "TemplateVM" ]; then if [ "$yum_proxy_setup" != "0" ] || [ -z "$yum_proxy_setup" -a "$type" == "TemplateVM" ]; then
echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
else else
@ -49,7 +44,7 @@ start()
# Set IP address again (besides action in udev rules); this is needed by # Set IP address again (besides action in udev rules); this is needed by
# DispVM (to override DispVM-template IP) and in case when qubes-ip was # DispVM (to override DispVM-template IP) and in case when qubes-ip was
# called by udev before loading evtchn kernel module - in which case # called by udev before loading evtchn kernel module - in which case
# xenstore-read fails # qubesdb-read fails
INTERFACE=eth0 /usr/lib/qubes/setup-ip INTERFACE=eth0 /usr/lib/qubes/setup-ip
mkdir -p /var/run/qubes mkdir -p /var/run/qubes
@ -85,7 +80,7 @@ start()
success success
echo "" echo ""
start_ntpd=$(/usr/bin/xenstore-read qubes-service/ntpd 2> /dev/null) start_ntpd=$(/usr/bin/qubesdb-read /qubes-service/ntpd 2> /dev/null)
if [ "$start_ntpd" == "1" ]; then if [ "$start_ntpd" == "1" ]; then
/sbin/service ntpd start /sbin/service ntpd start
fi fi

20
vm-init.d/qubes-core-appvm
View File

@ -8,7 +8,7 @@
possibly_run_save_script() possibly_run_save_script()
{ {
ENCODED_SCRIPT=$(xenstore-read qubes-save-script) ENCODED_SCRIPT=$(qubesdb-read /qubes-save-script)
if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi
echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64(<STDIN>)' >/tmp/qubes-save-script echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64(<STDIN>)' >/tmp/qubes-save-script
chmod 755 /tmp/qubes-save-script chmod 755 /tmp/qubes-save-script
@ -20,19 +20,14 @@ possibly_run_save_script()
start() start()
{ {
if ! [ -x /usr/bin/xenstore-read ] ; then type=$(/usr/bin/qubesdb-read /qubes-vm-type)
echo "ERROR: /usr/bin/xenstore-read not found!"
exit 1
fi
type=$(/usr/bin/xenstore-read qubes-vm-type)
if [ "$type" != "AppVM" -a "$type" != "DisposableVM" -a "$type" != "TemplateVM" ]; then if [ "$type" != "AppVM" -a "$type" != "DisposableVM" -a "$type" != "TemplateVM" ]; then
# This script runs only on AppVMs # This script runs only on AppVMs
return 0 return 0
fi fi
# Start AppVM specific services # Start AppVM specific services
start_cups=$(/usr/bin/xenstore-read qubes-service/cups 2> /dev/null) start_cups=$(/usr/bin/qubesdb-read /qubes-service/cups 2> /dev/null)
if [ "$start_cups" != "0" ]; then if [ "$start_cups" != "0" ]; then
/sbin/service cups start /sbin/service cups start
# Allow also notification icon # Allow also notification icon
@ -44,7 +39,7 @@ start()
echo -n $"Executing Qubes Core scripts for AppVM:" echo -n $"Executing Qubes Core scripts for AppVM:"
if xenstore-read qubes-save-request 2>/dev/null ; then if qubesdb-read /qubes-save-request 2>/dev/null ; then
if [ -L /home ]; then if [ -L /home ]; then
rm /home rm /home
mkdir /home mkdir /home
@ -56,17 +51,18 @@ start()
umount /rw umount /rw
dmesg -c >/dev/null dmesg -c >/dev/null
free | grep Mem: | free | grep Mem: |
(read a b c d ; xenstore-write device/qubes-used-mem $c) (read a b c d ; qubesdb-write /qubes-used-mem $c)
# we're still running in DispVM template # we're still running in DispVM template
echo "Waiting for save/restore..." echo "Waiting for save/restore..."
# ... wait until qubes-restore.c (in Dom0) recreates VM-specific keys # ... wait until qubes-restore.c (in Dom0) recreates VM-specific keys
while ! xenstore-read qubes-restore-complete 2>/dev/null ; do # TODO: restart qubesdb service before this
while ! qubesdb-read /qubes-restore-complete 2>/dev/null ; do
usleep 10 usleep 10
done done
echo Back to life. echo Back to life.
fi fi
start_meminfo_writer=$(/usr/bin/xenstore-read qubes-service/meminfo-writer 2>/dev/null) start_meminfo_writer=$(/usr/bin/qubesdb-read /qubes-service/meminfo-writer 2>/dev/null)
if [ "$start_meminfo_writer" != "0" ]; then if [ "$start_meminfo_writer" != "0" ]; then
MEM_CHANGE_THRESHOLD_KB=30000 MEM_CHANGE_THRESHOLD_KB=30000
MEMINFO_DELAY_USEC=100000 MEMINFO_DELAY_USEC=100000

14
vm-init.d/qubes-core-netvm
View File

@ -8,12 +8,12 @@
start() start()
{ {
if ! [ -x /usr/bin/xenstore-read ] ; then if ! [ -x /usr/bin/qubesdb-read ] ; then
echo "ERROR: /usr/bin/xenstore-read not found!" echo "ERROR: /usr/bin/qubesdb-read not found!"
exit 1 exit 1
fi fi
type=$(/usr/bin/xenstore-read qubes-vm-type) type=$(/usr/bin/qubesdb-read /qubes-vm-type)
if [ "$type" == "NetVM" ]; then if [ "$type" == "NetVM" ]; then
/usr/lib/qubes/network-manager-prepare-conf-dir /usr/lib/qubes/network-manager-prepare-conf-dir
/sbin/service NetworkManager start /sbin/service NetworkManager start
@ -22,11 +22,11 @@ start()
echo -n $"Executing Qubes Core scripts NetVM:" echo -n $"Executing Qubes Core scripts NetVM:"
# Setup gateway for all the VMs this netVM is serviceing... # Setup gateway for all the VMs this netVM is serviceing...
network=$(/usr/bin/xenstore-read qubes-netvm-network 2>/dev/null) network=$(/usr/bin/qubesdb-read /qubes-netvm-network 2>/dev/null)
if [ "x$network" != "x" ]; then if [ "x$network" != "x" ]; then
gateway=$(/usr/bin/xenstore-read qubes-netvm-gateway) gateway=$(/usr/bin/qubesdb-read /qubes-netvm-gateway)
netmask=$(/usr/bin/xenstore-read qubes-netvm-netmask) netmask=$(/usr/bin/qubesdb-read /qubes-netvm-netmask)
secondary_dns=$(/usr/bin/xenstore-read qubes-netvm-secondary-dns) secondary_dns=$(/usr/bin/qubesdb-read /qubes-netvm-secondary-dns)
modprobe netbk 2> /dev/null || modprobe xen-netback modprobe netbk 2> /dev/null || modprobe xen-netback
echo "NS1=$gateway" > /var/run/qubes/qubes-ns echo "NS1=$gateway" > /var/run/qubes/qubes-ns
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns

1
vm-init.d/qubes-core.modules
View File

@ -3,3 +3,4 @@ modprobe xen-blkback 2> /dev/null || modprobe blkbk
modprobe xen-usbfront 2> /dev/null modprobe xen-usbfront 2> /dev/null
modprobe u2mfn 2>/dev/null modprobe u2mfn 2>/dev/null
modprobe xen-gntalloc 2> /dev/null modprobe xen-gntalloc 2> /dev/null
modprobe xen-gntdev 2> /dev/null

4
vm-init.d/qubes-firewall
View File

@ -10,8 +10,8 @@ PIDFILE=/var/run/qubes/qubes-firewall.pid
start() start()
{ {
type=$(/usr/bin/xenstore-read qubes-vm-type) type=$(/usr/bin/qubesdb-read /qubes-vm-type)
start_firewall=$(/usr/bin/xenstore-read qubes-service/qubes-firewall 2> /dev/null) start_firewall=$(/usr/bin/qubesdb-read /qubes-service/qubes-firewall 2> /dev/null)
if [ -z "$start_firewall" ] && [ "$type" == "ProxyVM" ] || [ "$start_firewall" == "1" ]; then if [ -z "$start_firewall" ] && [ "$type" == "ProxyVM" ] || [ "$start_firewall" == "1" ]; then
echo -n $"Starting Qubes Firewall monitor:" echo -n $"Starting Qubes Firewall monitor:"
/sbin/ethtool -K eth0 sg off /sbin/ethtool -K eth0 sg off

4
vm-init.d/qubes-netwatcher
View File

@ -10,8 +10,8 @@ PIDFILE=/var/run/qubes/qubes-netwatcher.pid
start() start()
{ {
type=$(/usr/bin/xenstore-read qubes-vm-type) type=$(/usr/bin/qubesdb-read /qubes-vm-type)
start_netwatcher=$(/usr/bin/xenstore-read qubes-service/qubes-netwatcher 2>/dev/null) start_netwatcher=$(/usr/bin/qubesdb-read /qubes-service/qubes-netwatcher 2>/dev/null)
if [ -z "$start_netwatcher" ] && [ "$type" == "ProxyVM" ] || [ "$start_netwatcher" == "1" ]; then if [ -z "$start_netwatcher" ] && [ "$type" == "ProxyVM" ] || [ "$start_netwatcher" == "1" ]; then
echo -n $"Starting Qubes Network monitor:" echo -n $"Starting Qubes Network monitor:"
/sbin/ethtool -K eth0 sg off /sbin/ethtool -K eth0 sg off

4
vm-init.d/qubes-updates-proxy
View File

@ -32,8 +32,8 @@ pidfile="/var/run/tinyproxy/tinyproxy-updates.pid"
lockfile=/var/lock/subsys/tinyproxy-updates lockfile=/var/lock/subsys/tinyproxy-updates
start() { start() {
type=`/usr/bin/xenstore-read qubes-vm-type` type=`/usr/bin/qubesdb-read /qubes-vm-type`
start_updates_proxy=`/usr/bin/xenstore-read qubes-service/qubes-updates-proxy 2>/dev/null` start_updates_proxy=`/usr/bin/qubesdb-read /qubes-service/qubes-updates-proxy 2>/dev/null`
if [ -z "$start_updates_proxy" ] && [ "$type" != "NetVM" ] || [ "$start_updates_proxy" != "1" ]; then if [ -z "$start_updates_proxy" ] && [ "$type" != "NetVM" ] || [ "$start_updates_proxy" != "1" ]; then
# Yum proxy disabled # Yum proxy disabled
exit 0 exit 0

2
vm-systemd/misc-post.sh
View File

@ -19,7 +19,7 @@ fi
# Set IP address again (besides action in udev rules); this is needed by # Set IP address again (besides action in udev rules); this is needed by
# DispVM (to override DispVM-template IP) and in case when qubes-ip was # DispVM (to override DispVM-template IP) and in case when qubes-ip was
# called by udev before loading evtchn kernel module - in which case # called by udev before loading evtchn kernel module - in which case
# xenstore-read fails # qubesdb-read fails
INTERFACE=eth0 /usr/lib/qubes/setup-ip INTERFACE=eth0 /usr/lib/qubes/setup-ip
if [ -e /dev/xvdb -a ! -e /etc/this-is-dvm ] ; then if [ -e /dev/xvdb -a ! -e /etc/this-is-dvm ] ; then

8
vm-systemd/network-proxy-setup.sh
View File

@ -1,11 +1,11 @@
#!/bin/sh #!/bin/sh
# Setup gateway for all the VMs this netVM is serviceing... # Setup gateway for all the VMs this netVM is serviceing...
network=$(/usr/bin/xenstore-read qubes-netvm-network 2>/dev/null) network=$(/usr/bin/qubesdb-read /qubes-netvm-network 2>/dev/null)
if [ "x$network" != "x" ]; then if [ "x$network" != "x" ]; then
gateway=$(/usr/bin/xenstore-read qubes-netvm-gateway) gateway=$(/usr/bin/qubesdb-read /qubes-netvm-gateway)
netmask=$(/usr/bin/xenstore-read qubes-netvm-netmask) netmask=$(/usr/bin/qubesdb-read /qubes-netvm-netmask)
secondary_dns=$(/usr/bin/xenstore-read qubes-netvm-secondary-dns) secondary_dns=$(/usr/bin/qubesdb-read /qubes-netvm-secondary-dns)
modprobe netbk 2> /dev/null || modprobe xen-netback modprobe netbk 2> /dev/null || modprobe xen-netback
echo "NS1=$gateway" > /var/run/qubes/qubes-ns echo "NS1=$gateway" > /var/run/qubes/qubes-ns
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns

11
vm-systemd/prepare-dvm.sh
View File

@ -2,7 +2,7 @@
possibly_run_save_script() possibly_run_save_script()
{ {
ENCODED_SCRIPT=$(xenstore-read qubes-save-script) ENCODED_SCRIPT=$(qubesdb-read /qubes-save-script)
if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi
echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64(<STDIN>)' >/tmp/qubes-save-script echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64(<STDIN>)' >/tmp/qubes-save-script
chmod 755 /tmp/qubes-save-script chmod 755 /tmp/qubes-save-script
@ -12,7 +12,7 @@ possibly_run_save_script()
killall Xorg killall Xorg
} }
if xenstore-read qubes-save-request 2>/dev/null ; then if qubesdb-read /qubes-save-request 2>/dev/null ; then
if [ -L /home ]; then if [ -L /home ]; then
rm /home rm /home
mkdir /home mkdir /home
@ -24,12 +24,13 @@ if xenstore-read qubes-save-request 2>/dev/null ; then
umount /rw umount /rw
dmesg -c >/dev/null dmesg -c >/dev/null
free | grep Mem: | free | grep Mem: |
(read a b c d ; xenstore-write device/qubes-used-mem $c) (read a b c d ; qubesdb-write /qubes-used-mem $c)
# we're still running in DispVM template # we're still running in DispVM template
echo "Waiting for save/restore..." echo "Waiting for save/restore..."
# ... wait until qubes-restore.c (in Dom0) recreates VM-specific keys # ... wait until qubes-restore.c (in Dom0) recreates VM-specific keys
while ! xenstore-read qubes-restore-complete 2>/dev/null ; do # TODO: restart qubesdb-daemon before this
usleep 10000 while ! qubesdb-read /qubes-restore-complete 2>/dev/null ; do
usleep 10
done done
echo Back to life. echo Back to life.
fi fi

1
vm-systemd/qubes-core.conf
View File

@ -3,3 +3,4 @@ xen-blkback
xen-usbfront xen-usbfront
u2mfn u2mfn
xen-gntalloc xen-gntalloc
xen-gntdev

2
vm-systemd/qubes-sysinit.service
View File

@ -2,7 +2,7 @@
Description=Init Qubes Services settings Description=Init Qubes Services settings
DefaultDependencies=no DefaultDependencies=no
Before=sysinit.target Before=sysinit.target
After=proc-xen.mount systemd-modules-load.service After=proc-xen.mount systemd-modules-load.service qubes-db.service
[Service] [Service]
Type=oneshot Type=oneshot

24
vm-systemd/qubes-sysinit.sh
View File

@ -1,19 +1,17 @@
#!/bin/sh #!/bin/sh
# List of services enabled by default (in case of absence of xenstore entry) # List of services enabled by default (in case of absence of qubesdb entry)
DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy" DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy"
DEFAULT_ENABLED_PROXYVM="meminfo-writer qubes-network qubes-firewall qubes-netwatcher qubes-update-check" DEFAULT_ENABLED_PROXYVM="meminfo-writer qubes-network qubes-firewall qubes-netwatcher qubes-update-check"
DEFAULT_ENABLED_APPVM="meminfo-writer cups qubes-update-check" DEFAULT_ENABLED_APPVM="meminfo-writer cups qubes-update-check"
DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup" DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup"
DEFAULT_ENABLED="meminfo-writer" DEFAULT_ENABLED="meminfo-writer"
XS_READ=/usr/bin/xenstore-read QDB_READ=/usr/bin/qubesdb-read
[ -x /usr/sbin/xenstore-read ] && XS_READ=/usr/sbin/xenstore-read QDB_LS=/usr/bin/qubesdb-list
XS_LS=/usr/bin/xenstore-ls
[ -x /usr/sbin/xenstore-read ] && XS_LS=/usr/sbin/xenstore-ls
read_service() { read_service() {
$XS_READ qubes-service/$1 2> /dev/null $QDB_READ /qubes-service/$1 2> /dev/null
} }
systemd_pkg_version=`systemctl --version|head -n 1` systemd_pkg_version=`systemctl --version|head -n 1`
@ -31,13 +29,13 @@ mkdir -p /var/run/qubes
mkdir -p /var/run/qubes-service mkdir -p /var/run/qubes-service
mkdir -p /var/run/xen-hotplug mkdir -p /var/run/xen-hotplug
# Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read # Set permissions to /proc/xen/xenbus, so normal user can use qubesdb-read
chmod 666 /proc/xen/xenbus chmod 666 /proc/xen/xenbus
# Set permissions to files needed to listen at vchan # Set permissions to files needed to listen at vchan
chmod 666 /proc/u2mfn chmod 666 /proc/u2mfn
# Set default services depending on VM type # Set default services depending on VM type
TYPE=`$XS_READ qubes-vm-type 2> /dev/null` TYPE=`$QDB_READ /qubes-vm-type 2> /dev/null`
[ "$TYPE" = "AppVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM [ "$TYPE" = "AppVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM
[ "$TYPE" = "NetVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_NETVM [ "$TYPE" = "NetVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_NETVM
[ "$TYPE" = "ProxyVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_PROXYVM [ "$TYPE" = "ProxyVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_PROXYVM
@ -49,23 +47,23 @@ for srv in $DEFAULT_ENABLED; do
done done
# Enable services # Enable services
for srv in `$XS_LS qubes-service 2>/dev/null |grep ' = "1"'|cut -f 1 -d ' '`; do for srv in `$QDB_LS /qubes-service 2>/dev/null |grep ' = "1"'|cut -f 1 -d ' '`; do
touch /var/run/qubes-service/$srv touch /var/run/qubes-service/$srv
done done
# Disable services # Disable services
for srv in `$XS_LS qubes-service 2>/dev/null |grep ' = "0"'|cut -f 1 -d ' '`; do for srv in `$QDB_LS /qubes-service 2>/dev/null |grep ' = "0"'|cut -f 1 -d ' '`; do
rm -f /var/run/qubes-service/$srv rm -f /var/run/qubes-service/$srv
done done
# Set the hostname # Set the hostname
name=`$XS_READ name` name=`$QDB_READ /name`
if [ -n "$name" ]; then if [ -n "$name" ]; then
hostname $name hostname $name
sed -i "s/^\(127\.0\.0\.1[\t ].*\) \($name \)\?\(.*\)/\1\2 $name/" /etc/hosts sed -i "s/^\(127\.0\.0\.1[\t ].*\) \($name \)\?\(.*\)/\1\2 $name/" /etc/hosts
fi fi
timezone=`$XS_READ qubes-timezone 2> /dev/null` timezone=`$QDB_READ /qubes-timezone 2> /dev/null`
if [ -n "$timezone" ]; then if [ -n "$timezone" ]; then
ln -f /usr/share/zoneinfo/$timezone /etc/localtime ln -f /usr/share/zoneinfo/$timezone /etc/localtime
echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock
@ -75,7 +73,7 @@ fi
# Prepare environment for other services # Prepare environment for other services
echo > /var/run/qubes-service-environment echo > /var/run/qubes-service-environment
debug_mode=`$XS_READ qubes-debug-mode 2> /dev/null` debug_mode=`$QDB_READ /qubes-debug-mode 2> /dev/null`
if [ -n "$debug_mode" -a "$debug_mode" -gt 0 ]; then if [ -n "$debug_mode" -a "$debug_mode" -gt 0 ]; then
echo "GUI_OPTS=-vv" >> /var/run/qubes-service-environment echo "GUI_OPTS=-vv" >> /var/run/qubes-service-environment
fi fi