Use Qubes DB instead of Xenstore
This commit is contained in:
parent
a3aab7dab2
commit
db35abadc8
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
UPDATEABLE=`/usr/bin/xenstore-read qubes-vm-updateable`
|
UPDATEABLE=`/usr/bin/qubesdb-read /qubes-vm-updateable`
|
||||||
|
|
||||||
if [ "$UPDATEABLE" = "True" ]; then
|
if [ "$UPDATEABLE" = "True" ]; then
|
||||||
/usr/lib/qubes/qrexec-client-vm dom0 qubes.SyncAppMenus /bin/sh /etc/qubes-rpc/qubes.GetAppmenus
|
/usr/lib/qubes/qrexec-client-vm dom0 qubes.SyncAppMenus /bin/sh /etc/qubes-rpc/qubes.GetAppmenus
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
if [ x$2 == xup ]; then
|
if [ x$2 == xup ]; then
|
||||||
INET=$(/sbin/ip addr show dev $1 | /bin/grep inet)
|
INET=$(/sbin/ip addr show dev $1 | /bin/grep inet)
|
||||||
/usr/bin/xenstore-write qubes-netvm-external-ip "$INET"
|
/usr/bin/qubesdb-write /qubes-netvm-external-ip "$INET"
|
||||||
fi
|
fi
|
||||||
if [ x$2 == xdown ]; then
|
if [ x$2 == xdown ]; then
|
||||||
/usr/bin/xenstore-write qubes-netvm-external-ip ""
|
/usr/bin/qubesdb-write /qubes-netvm-external-ip ""
|
||||||
fi
|
fi
|
||||||
|
@ -2,9 +2,9 @@
|
|||||||
set -e
|
set -e
|
||||||
|
|
||||||
PIDFILE=/var/run/qubes/qubes-firewall.pid
|
PIDFILE=/var/run/qubes/qubes-firewall.pid
|
||||||
XENSTORE_IPTABLES=qubes-iptables
|
XENSTORE_IPTABLES=/qubes-iptables
|
||||||
XENSTORE_IPTABLES_HEADER=qubes-iptables-header
|
XENSTORE_IPTABLES_HEADER=/qubes-iptables-header
|
||||||
XENSTORE_ERROR=qubes-iptables-error
|
XENSTORE_ERROR=/qubes-iptables-error
|
||||||
OLD_RULES=""
|
OLD_RULES=""
|
||||||
# PIDfile handling
|
# PIDfile handling
|
||||||
[[ -e $PIDFILE ]] && kill -s 0 $(<$PIDFILE) 2>/dev/null && exit 0
|
[[ -e $PIDFILE ]] && kill -s 0 $(<$PIDFILE) 2>/dev/null && exit 0
|
||||||
@ -22,9 +22,9 @@ while true; do
|
|||||||
FIRST_TIME=
|
FIRST_TIME=
|
||||||
TRIGGER=reload
|
TRIGGER=reload
|
||||||
else
|
else
|
||||||
# Wait for changes in xenstore file
|
# Wait for changes in qubesdb file
|
||||||
/usr/bin/xenstore-watch-qubes $XENSTORE_IPTABLES
|
/usr/bin/qubesdb-watch $XENSTORE_IPTABLES
|
||||||
TRIGGER=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES)
|
TRIGGER=$(/usr/bin/qubesdb-read $XENSTORE_IPTABLES)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! [ "$TRIGGER" = "reload" ]; then continue ; fi
|
if ! [ "$TRIGGER" = "reload" ]; then continue ; fi
|
||||||
@ -34,19 +34,19 @@ while true; do
|
|||||||
# during the time when the rules are being (re)applied
|
# during the time when the rules are being (re)applied
|
||||||
echo "0" > /proc/sys/net/ipv4/ip_forward
|
echo "0" > /proc/sys/net/ipv4/ip_forward
|
||||||
|
|
||||||
RULES=$(/usr/bin/xenstore-read $XENSTORE_IPTABLES_HEADER)
|
RULES=$(/usr/bin/qubesdb-read $XENSTORE_IPTABLES_HEADER)
|
||||||
IPTABLES_SAVE=$(/sbin/iptables-save | sed '/^\*filter/,/^COMMIT/d')
|
IPTABLES_SAVE=$(/sbin/iptables-save | sed '/^\*filter/,/^COMMIT/d')
|
||||||
OUT=`echo -e "$RULES\n$IPTABLES_SAVE" | /sbin/iptables-restore 2>&1 || true`
|
OUT=`echo -e "$RULES\n$IPTABLES_SAVE" | /sbin/iptables-restore 2>&1 || true`
|
||||||
|
|
||||||
for i in $(xenstore-list qubes-iptables-domainrules) ; do
|
for i in $(qubesdb-list -f /qubes-iptables-domainrules) ; do
|
||||||
RULES=$(/usr/bin/xenstore-read qubes-iptables-domainrules/"$i")
|
RULES=$(/usr/bin/qubesdb-read "$i")
|
||||||
ERRS=`echo -e "$RULES" | /sbin/iptables-restore -n 2>&1 || true`
|
ERRS=`echo -e "$RULES" | /sbin/iptables-restore -n 2>&1 || true`
|
||||||
if [ -n "$ERRS" ]; then
|
if [ -n "$ERRS" ]; then
|
||||||
echo "Failed applying rules for $i: $ERRS" >&2
|
echo "Failed applying rules for $i: $ERRS" >&2
|
||||||
OUT="$OUT$ERRS"
|
OUT="$OUT$ERRS"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
/usr/bin/xenstore-write $XENSTORE_ERROR "$OUT"
|
/usr/bin/qubesdb-write $XENSTORE_ERROR "$OUT"
|
||||||
if [ -n "$OUT" ]; then
|
if [ -n "$OUT" ]; then
|
||||||
DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || :
|
DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($HOSTNAME)" "$OUT" || :
|
||||||
fi
|
fi
|
||||||
|
@ -1,16 +1,10 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
if [ -x /usr/sbin/xenstore-read ]; then
|
ip=`/usr/bin/qubesdb-read /qubes-ip 2> /dev/null`
|
||||||
XENSTORE_READ="/usr/sbin/xenstore-read"
|
|
||||||
else
|
|
||||||
XENSTORE_READ="/usr/bin/xenstore-read"
|
|
||||||
fi
|
|
||||||
|
|
||||||
ip=`$XENSTORE_READ qubes-ip 2> /dev/null`
|
|
||||||
if [ x$ip != x ]; then
|
if [ x$ip != x ]; then
|
||||||
netmask=`$XENSTORE_READ qubes-netmask`
|
netmask=`/usr/bin/qubesdb-read /qubes-netmask`
|
||||||
gateway=`$XENSTORE_READ qubes-gateway`
|
gateway=`/usr/bin/qubesdb-read /qubes-gateway`
|
||||||
secondary_dns=`$XENSTORE_READ qubes-secondary-dns`
|
secondary_dns=`/usr/bin/qubesdb-read /qubes-secondary-dns`
|
||||||
/sbin/ifconfig $INTERFACE $ip netmask 255.255.255.255
|
/sbin/ifconfig $INTERFACE $ip netmask 255.255.255.255
|
||||||
/sbin/ifconfig $INTERFACE up
|
/sbin/ifconfig $INTERFACE up
|
||||||
/sbin/route add -host $gateway dev $INTERFACE
|
/sbin/route add -host $gateway dev $INTERFACE
|
||||||
@ -19,11 +13,11 @@ if [ x$ip != x ]; then
|
|||||||
/sbin/ethtool -K $INTERFACE tx off
|
/sbin/ethtool -K $INTERFACE tx off
|
||||||
echo "nameserver $gateway" > /etc/resolv.conf
|
echo "nameserver $gateway" > /etc/resolv.conf
|
||||||
echo "nameserver $secondary_dns" >> /etc/resolv.conf
|
echo "nameserver $secondary_dns" >> /etc/resolv.conf
|
||||||
network=$($XENSTORE_READ qubes-netvm-network 2>/dev/null)
|
network=$(/usr/bin/qubesdb-read /qubes-netvm-network 2>/dev/null)
|
||||||
if [ "x$network" != "x" ]; then
|
if [ "x$network" != "x" ]; then
|
||||||
gateway=$($XENSTORE_READ qubes-netvm-gateway)
|
gateway=$(/usr/bin/qubesdb-read /qubes-netvm-gateway)
|
||||||
netmask=$($XENSTORE_READ qubes-netvm-netmask)
|
netmask=$(/usr/bin/qubesdb-read /qubes-netvm-netmask)
|
||||||
secondary_dns=$($XENSTORE_READ qubes-netvm-secondary-dns)
|
secondary_dns=$(/usr/bin/qubesdb-read /qubes-netvm-secondary-dns)
|
||||||
echo "NS1=$gateway" > /var/run/qubes/qubes-ns
|
echo "NS1=$gateway" > /var/run/qubes/qubes-ns
|
||||||
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
|
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
|
||||||
/usr/lib/qubes/qubes-setup-dnat-to-ns
|
/usr/lib/qubes/qubes-setup-dnat-to-ns
|
||||||
|
@ -54,7 +54,7 @@ if [ "${ip}" ] ; then
|
|||||||
${cmdprefix} ip route ${ipcmd} ${addr} dev ${vif} metric $metric
|
${cmdprefix} ip route ${ipcmd} ${addr} dev ${vif} metric $metric
|
||||||
done
|
done
|
||||||
${cmdprefix} iptables -t raw $iptables_cmd -i ${vif} \! -s ${ip} -j DROP
|
${cmdprefix} iptables -t raw $iptables_cmd -i ${vif} \! -s ${ip} -j DROP
|
||||||
back_ip=`xenstore-read qubes-netvm-gateway`
|
back_ip=`qubesdb-read /qubes-netvm-gateway`
|
||||||
${cmdprefix} ip addr ${ipcmd} ${back_ip}/32 dev ${vif}
|
${cmdprefix} ip addr ${ipcmd} ${back_ip}/32 dev ${vif}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -32,7 +32,6 @@ Group: Qubes
|
|||||||
Vendor: Invisible Things Lab
|
Vendor: Invisible Things Lab
|
||||||
License: GPL
|
License: GPL
|
||||||
URL: http://www.qubes-os.org
|
URL: http://www.qubes-os.org
|
||||||
Requires: /usr/bin/xenstore-read
|
|
||||||
Requires: fedora-release
|
Requires: fedora-release
|
||||||
Requires: yum-plugin-post-transaction-actions
|
Requires: yum-plugin-post-transaction-actions
|
||||||
Requires: NetworkManager >= 0.8.1-1
|
Requires: NetworkManager >= 0.8.1-1
|
||||||
@ -58,6 +57,7 @@ Requires: ImageMagick
|
|||||||
Requires: fakeroot
|
Requires: fakeroot
|
||||||
Requires: desktop-notification-daemon
|
Requires: desktop-notification-daemon
|
||||||
Requires: qubes-libvchan
|
Requires: qubes-libvchan
|
||||||
|
Requires: qubes-db-vm
|
||||||
Provides: qubes-core-vm
|
Provides: qubes-core-vm
|
||||||
Obsoletes: qubes-core-commonvm
|
Obsoletes: qubes-core-commonvm
|
||||||
Obsoletes: qubes-core-appvm
|
Obsoletes: qubes-core-appvm
|
||||||
|
@ -10,19 +10,14 @@ start()
|
|||||||
{
|
{
|
||||||
echo -n $"Executing Qubes Core scripts:"
|
echo -n $"Executing Qubes Core scripts:"
|
||||||
|
|
||||||
if ! [ -x /usr/bin/xenstore-read ] ; then
|
# Set permissions to /proc/xen/xenbus, so normal user can use qubesdb-read
|
||||||
echo "ERROR: /usr/bin/xenstore-read not found!"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read
|
|
||||||
chmod 666 /proc/xen/xenbus
|
chmod 666 /proc/xen/xenbus
|
||||||
# Set permissions to files needed to listen at vchan
|
# Set permissions to files needed to listen at vchan
|
||||||
chmod 666 /proc/u2mfn
|
chmod 666 /proc/u2mfn
|
||||||
|
|
||||||
mkdir -p /var/run/xen-hotplug
|
mkdir -p /var/run/xen-hotplug
|
||||||
|
|
||||||
name=$(/usr/bin/xenstore-read name)
|
name=$(/usr/bin/qubesdb-read /name)
|
||||||
if ! [ -f /etc/this-is-dvm ] ; then
|
if ! [ -f /etc/this-is-dvm ] ; then
|
||||||
# we don't want to set hostname for DispVM
|
# we don't want to set hostname for DispVM
|
||||||
# because it makes some of the pre-created dotfiles invalid (e.g. .kde/cache-<hostname>)
|
# because it makes some of the pre-created dotfiles invalid (e.g. .kde/cache-<hostname>)
|
||||||
@ -31,15 +26,15 @@ start()
|
|||||||
sed -i "s/^\(127\.0\.0\.1[\t ].*\) \($name \)\?\(.*\)/\1\2 $name/" /etc/hosts
|
sed -i "s/^\(127\.0\.0\.1[\t ].*\) \($name \)\?\(.*\)/\1\2 $name/" /etc/hosts
|
||||||
fi
|
fi
|
||||||
|
|
||||||
timezone=`/usr/bin/xenstore-read qubes-timezone 2> /dev/null`
|
timezone=`/usr/bin/qubesdb-read /qubes-timezone 2> /dev/null`
|
||||||
if [ -n "$timezone" ]; then
|
if [ -n "$timezone" ]; then
|
||||||
ln -f /usr/share/zoneinfo/$timezone /etc/localtime
|
ln -f /usr/share/zoneinfo/$timezone /etc/localtime
|
||||||
echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock
|
echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock
|
||||||
echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
|
echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
|
||||||
fi
|
fi
|
||||||
|
|
||||||
yum_proxy_setup=$(/usr/bin/xenstore-read qubes-service/yum-proxy-setup 2> /dev/null || /usr/bin/xenstore-read qubes-service/updates-proxy-setup 2>/dev/null )
|
yum_proxy_setup=$(/usr/bin/qubesdb-read /qubes-service/yum-proxy-setup 2> /dev/null || /usr/bin/qubesdb-read /qubes-service/updates-proxy-setup 2> /dev/null)
|
||||||
type=$(/usr/bin/xenstore-read qubes-vm-type)
|
type=$(/usr/bin/qubesdb-read /qubes-vm-type)
|
||||||
if [ "$yum_proxy_setup" != "0" ] || [ -z "$yum_proxy_setup" -a "$type" == "TemplateVM" ]; then
|
if [ "$yum_proxy_setup" != "0" ] || [ -z "$yum_proxy_setup" -a "$type" == "TemplateVM" ]; then
|
||||||
echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
|
echo proxy=http://10.137.255.254:8082/ > /etc/yum.conf.d/qubes-proxy.conf
|
||||||
else
|
else
|
||||||
@ -49,7 +44,7 @@ start()
|
|||||||
# Set IP address again (besides action in udev rules); this is needed by
|
# Set IP address again (besides action in udev rules); this is needed by
|
||||||
# DispVM (to override DispVM-template IP) and in case when qubes-ip was
|
# DispVM (to override DispVM-template IP) and in case when qubes-ip was
|
||||||
# called by udev before loading evtchn kernel module - in which case
|
# called by udev before loading evtchn kernel module - in which case
|
||||||
# xenstore-read fails
|
# qubesdb-read fails
|
||||||
INTERFACE=eth0 /usr/lib/qubes/setup-ip
|
INTERFACE=eth0 /usr/lib/qubes/setup-ip
|
||||||
|
|
||||||
mkdir -p /var/run/qubes
|
mkdir -p /var/run/qubes
|
||||||
@ -85,7 +80,7 @@ start()
|
|||||||
success
|
success
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
start_ntpd=$(/usr/bin/xenstore-read qubes-service/ntpd 2> /dev/null)
|
start_ntpd=$(/usr/bin/qubesdb-read /qubes-service/ntpd 2> /dev/null)
|
||||||
if [ "$start_ntpd" == "1" ]; then
|
if [ "$start_ntpd" == "1" ]; then
|
||||||
/sbin/service ntpd start
|
/sbin/service ntpd start
|
||||||
fi
|
fi
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
|
|
||||||
possibly_run_save_script()
|
possibly_run_save_script()
|
||||||
{
|
{
|
||||||
ENCODED_SCRIPT=$(xenstore-read qubes-save-script)
|
ENCODED_SCRIPT=$(qubesdb-read /qubes-save-script)
|
||||||
if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi
|
if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi
|
||||||
echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64(<STDIN>)' >/tmp/qubes-save-script
|
echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64(<STDIN>)' >/tmp/qubes-save-script
|
||||||
chmod 755 /tmp/qubes-save-script
|
chmod 755 /tmp/qubes-save-script
|
||||||
@ -20,19 +20,14 @@ possibly_run_save_script()
|
|||||||
|
|
||||||
start()
|
start()
|
||||||
{
|
{
|
||||||
if ! [ -x /usr/bin/xenstore-read ] ; then
|
type=$(/usr/bin/qubesdb-read /qubes-vm-type)
|
||||||
echo "ERROR: /usr/bin/xenstore-read not found!"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
type=$(/usr/bin/xenstore-read qubes-vm-type)
|
|
||||||
if [ "$type" != "AppVM" -a "$type" != "DisposableVM" -a "$type" != "TemplateVM" ]; then
|
if [ "$type" != "AppVM" -a "$type" != "DisposableVM" -a "$type" != "TemplateVM" ]; then
|
||||||
# This script runs only on AppVMs
|
# This script runs only on AppVMs
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Start AppVM specific services
|
# Start AppVM specific services
|
||||||
start_cups=$(/usr/bin/xenstore-read qubes-service/cups 2> /dev/null)
|
start_cups=$(/usr/bin/qubesdb-read /qubes-service/cups 2> /dev/null)
|
||||||
if [ "$start_cups" != "0" ]; then
|
if [ "$start_cups" != "0" ]; then
|
||||||
/sbin/service cups start
|
/sbin/service cups start
|
||||||
# Allow also notification icon
|
# Allow also notification icon
|
||||||
@ -44,7 +39,7 @@ start()
|
|||||||
|
|
||||||
echo -n $"Executing Qubes Core scripts for AppVM:"
|
echo -n $"Executing Qubes Core scripts for AppVM:"
|
||||||
|
|
||||||
if xenstore-read qubes-save-request 2>/dev/null ; then
|
if qubesdb-read /qubes-save-request 2>/dev/null ; then
|
||||||
if [ -L /home ]; then
|
if [ -L /home ]; then
|
||||||
rm /home
|
rm /home
|
||||||
mkdir /home
|
mkdir /home
|
||||||
@ -56,17 +51,18 @@ start()
|
|||||||
umount /rw
|
umount /rw
|
||||||
dmesg -c >/dev/null
|
dmesg -c >/dev/null
|
||||||
free | grep Mem: |
|
free | grep Mem: |
|
||||||
(read a b c d ; xenstore-write device/qubes-used-mem $c)
|
(read a b c d ; qubesdb-write /qubes-used-mem $c)
|
||||||
# we're still running in DispVM template
|
# we're still running in DispVM template
|
||||||
echo "Waiting for save/restore..."
|
echo "Waiting for save/restore..."
|
||||||
# ... wait until qubes-restore.c (in Dom0) recreates VM-specific keys
|
# ... wait until qubes-restore.c (in Dom0) recreates VM-specific keys
|
||||||
while ! xenstore-read qubes-restore-complete 2>/dev/null ; do
|
# TODO: restart qubesdb service before this
|
||||||
|
while ! qubesdb-read /qubes-restore-complete 2>/dev/null ; do
|
||||||
usleep 10
|
usleep 10
|
||||||
done
|
done
|
||||||
echo Back to life.
|
echo Back to life.
|
||||||
fi
|
fi
|
||||||
|
|
||||||
start_meminfo_writer=$(/usr/bin/xenstore-read qubes-service/meminfo-writer 2>/dev/null)
|
start_meminfo_writer=$(/usr/bin/qubesdb-read /qubes-service/meminfo-writer 2>/dev/null)
|
||||||
if [ "$start_meminfo_writer" != "0" ]; then
|
if [ "$start_meminfo_writer" != "0" ]; then
|
||||||
MEM_CHANGE_THRESHOLD_KB=30000
|
MEM_CHANGE_THRESHOLD_KB=30000
|
||||||
MEMINFO_DELAY_USEC=100000
|
MEMINFO_DELAY_USEC=100000
|
||||||
|
@ -8,12 +8,12 @@
|
|||||||
|
|
||||||
start()
|
start()
|
||||||
{
|
{
|
||||||
if ! [ -x /usr/bin/xenstore-read ] ; then
|
if ! [ -x /usr/bin/qubesdb-read ] ; then
|
||||||
echo "ERROR: /usr/bin/xenstore-read not found!"
|
echo "ERROR: /usr/bin/qubesdb-read not found!"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
type=$(/usr/bin/xenstore-read qubes-vm-type)
|
type=$(/usr/bin/qubesdb-read /qubes-vm-type)
|
||||||
if [ "$type" == "NetVM" ]; then
|
if [ "$type" == "NetVM" ]; then
|
||||||
/usr/lib/qubes/network-manager-prepare-conf-dir
|
/usr/lib/qubes/network-manager-prepare-conf-dir
|
||||||
/sbin/service NetworkManager start
|
/sbin/service NetworkManager start
|
||||||
@ -22,11 +22,11 @@ start()
|
|||||||
echo -n $"Executing Qubes Core scripts NetVM:"
|
echo -n $"Executing Qubes Core scripts NetVM:"
|
||||||
|
|
||||||
# Setup gateway for all the VMs this netVM is serviceing...
|
# Setup gateway for all the VMs this netVM is serviceing...
|
||||||
network=$(/usr/bin/xenstore-read qubes-netvm-network 2>/dev/null)
|
network=$(/usr/bin/qubesdb-read /qubes-netvm-network 2>/dev/null)
|
||||||
if [ "x$network" != "x" ]; then
|
if [ "x$network" != "x" ]; then
|
||||||
gateway=$(/usr/bin/xenstore-read qubes-netvm-gateway)
|
gateway=$(/usr/bin/qubesdb-read /qubes-netvm-gateway)
|
||||||
netmask=$(/usr/bin/xenstore-read qubes-netvm-netmask)
|
netmask=$(/usr/bin/qubesdb-read /qubes-netvm-netmask)
|
||||||
secondary_dns=$(/usr/bin/xenstore-read qubes-netvm-secondary-dns)
|
secondary_dns=$(/usr/bin/qubesdb-read /qubes-netvm-secondary-dns)
|
||||||
modprobe netbk 2> /dev/null || modprobe xen-netback
|
modprobe netbk 2> /dev/null || modprobe xen-netback
|
||||||
echo "NS1=$gateway" > /var/run/qubes/qubes-ns
|
echo "NS1=$gateway" > /var/run/qubes/qubes-ns
|
||||||
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
|
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
|
||||||
|
@ -3,3 +3,4 @@ modprobe xen-blkback 2> /dev/null || modprobe blkbk
|
|||||||
modprobe xen-usbfront 2> /dev/null
|
modprobe xen-usbfront 2> /dev/null
|
||||||
modprobe u2mfn 2>/dev/null
|
modprobe u2mfn 2>/dev/null
|
||||||
modprobe xen-gntalloc 2> /dev/null
|
modprobe xen-gntalloc 2> /dev/null
|
||||||
|
modprobe xen-gntdev 2> /dev/null
|
||||||
|
@ -10,8 +10,8 @@ PIDFILE=/var/run/qubes/qubes-firewall.pid
|
|||||||
|
|
||||||
start()
|
start()
|
||||||
{
|
{
|
||||||
type=$(/usr/bin/xenstore-read qubes-vm-type)
|
type=$(/usr/bin/qubesdb-read /qubes-vm-type)
|
||||||
start_firewall=$(/usr/bin/xenstore-read qubes-service/qubes-firewall 2> /dev/null)
|
start_firewall=$(/usr/bin/qubesdb-read /qubes-service/qubes-firewall 2> /dev/null)
|
||||||
if [ -z "$start_firewall" ] && [ "$type" == "ProxyVM" ] || [ "$start_firewall" == "1" ]; then
|
if [ -z "$start_firewall" ] && [ "$type" == "ProxyVM" ] || [ "$start_firewall" == "1" ]; then
|
||||||
echo -n $"Starting Qubes Firewall monitor:"
|
echo -n $"Starting Qubes Firewall monitor:"
|
||||||
/sbin/ethtool -K eth0 sg off
|
/sbin/ethtool -K eth0 sg off
|
||||||
|
@ -10,8 +10,8 @@ PIDFILE=/var/run/qubes/qubes-netwatcher.pid
|
|||||||
|
|
||||||
start()
|
start()
|
||||||
{
|
{
|
||||||
type=$(/usr/bin/xenstore-read qubes-vm-type)
|
type=$(/usr/bin/qubesdb-read /qubes-vm-type)
|
||||||
start_netwatcher=$(/usr/bin/xenstore-read qubes-service/qubes-netwatcher 2>/dev/null)
|
start_netwatcher=$(/usr/bin/qubesdb-read /qubes-service/qubes-netwatcher 2>/dev/null)
|
||||||
if [ -z "$start_netwatcher" ] && [ "$type" == "ProxyVM" ] || [ "$start_netwatcher" == "1" ]; then
|
if [ -z "$start_netwatcher" ] && [ "$type" == "ProxyVM" ] || [ "$start_netwatcher" == "1" ]; then
|
||||||
echo -n $"Starting Qubes Network monitor:"
|
echo -n $"Starting Qubes Network monitor:"
|
||||||
/sbin/ethtool -K eth0 sg off
|
/sbin/ethtool -K eth0 sg off
|
||||||
|
@ -32,8 +32,8 @@ pidfile="/var/run/tinyproxy/tinyproxy-updates.pid"
|
|||||||
lockfile=/var/lock/subsys/tinyproxy-updates
|
lockfile=/var/lock/subsys/tinyproxy-updates
|
||||||
|
|
||||||
start() {
|
start() {
|
||||||
type=`/usr/bin/xenstore-read qubes-vm-type`
|
type=`/usr/bin/qubesdb-read /qubes-vm-type`
|
||||||
start_updates_proxy=`/usr/bin/xenstore-read qubes-service/qubes-updates-proxy 2>/dev/null`
|
start_updates_proxy=`/usr/bin/qubesdb-read /qubes-service/qubes-updates-proxy 2>/dev/null`
|
||||||
if [ -z "$start_updates_proxy" ] && [ "$type" != "NetVM" ] || [ "$start_updates_proxy" != "1" ]; then
|
if [ -z "$start_updates_proxy" ] && [ "$type" != "NetVM" ] || [ "$start_updates_proxy" != "1" ]; then
|
||||||
# Yum proxy disabled
|
# Yum proxy disabled
|
||||||
exit 0
|
exit 0
|
||||||
|
@ -19,7 +19,7 @@ fi
|
|||||||
# Set IP address again (besides action in udev rules); this is needed by
|
# Set IP address again (besides action in udev rules); this is needed by
|
||||||
# DispVM (to override DispVM-template IP) and in case when qubes-ip was
|
# DispVM (to override DispVM-template IP) and in case when qubes-ip was
|
||||||
# called by udev before loading evtchn kernel module - in which case
|
# called by udev before loading evtchn kernel module - in which case
|
||||||
# xenstore-read fails
|
# qubesdb-read fails
|
||||||
INTERFACE=eth0 /usr/lib/qubes/setup-ip
|
INTERFACE=eth0 /usr/lib/qubes/setup-ip
|
||||||
|
|
||||||
if [ -e /dev/xvdb -a ! -e /etc/this-is-dvm ] ; then
|
if [ -e /dev/xvdb -a ! -e /etc/this-is-dvm ] ; then
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Setup gateway for all the VMs this netVM is serviceing...
|
# Setup gateway for all the VMs this netVM is serviceing...
|
||||||
network=$(/usr/bin/xenstore-read qubes-netvm-network 2>/dev/null)
|
network=$(/usr/bin/qubesdb-read /qubes-netvm-network 2>/dev/null)
|
||||||
if [ "x$network" != "x" ]; then
|
if [ "x$network" != "x" ]; then
|
||||||
gateway=$(/usr/bin/xenstore-read qubes-netvm-gateway)
|
gateway=$(/usr/bin/qubesdb-read /qubes-netvm-gateway)
|
||||||
netmask=$(/usr/bin/xenstore-read qubes-netvm-netmask)
|
netmask=$(/usr/bin/qubesdb-read /qubes-netvm-netmask)
|
||||||
secondary_dns=$(/usr/bin/xenstore-read qubes-netvm-secondary-dns)
|
secondary_dns=$(/usr/bin/qubesdb-read /qubes-netvm-secondary-dns)
|
||||||
modprobe netbk 2> /dev/null || modprobe xen-netback
|
modprobe netbk 2> /dev/null || modprobe xen-netback
|
||||||
echo "NS1=$gateway" > /var/run/qubes/qubes-ns
|
echo "NS1=$gateway" > /var/run/qubes/qubes-ns
|
||||||
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
|
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
possibly_run_save_script()
|
possibly_run_save_script()
|
||||||
{
|
{
|
||||||
ENCODED_SCRIPT=$(xenstore-read qubes-save-script)
|
ENCODED_SCRIPT=$(qubesdb-read /qubes-save-script)
|
||||||
if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi
|
if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi
|
||||||
echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64(<STDIN>)' >/tmp/qubes-save-script
|
echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64(<STDIN>)' >/tmp/qubes-save-script
|
||||||
chmod 755 /tmp/qubes-save-script
|
chmod 755 /tmp/qubes-save-script
|
||||||
@ -12,7 +12,7 @@ possibly_run_save_script()
|
|||||||
killall Xorg
|
killall Xorg
|
||||||
}
|
}
|
||||||
|
|
||||||
if xenstore-read qubes-save-request 2>/dev/null ; then
|
if qubesdb-read /qubes-save-request 2>/dev/null ; then
|
||||||
if [ -L /home ]; then
|
if [ -L /home ]; then
|
||||||
rm /home
|
rm /home
|
||||||
mkdir /home
|
mkdir /home
|
||||||
@ -24,12 +24,13 @@ if xenstore-read qubes-save-request 2>/dev/null ; then
|
|||||||
umount /rw
|
umount /rw
|
||||||
dmesg -c >/dev/null
|
dmesg -c >/dev/null
|
||||||
free | grep Mem: |
|
free | grep Mem: |
|
||||||
(read a b c d ; xenstore-write device/qubes-used-mem $c)
|
(read a b c d ; qubesdb-write /qubes-used-mem $c)
|
||||||
# we're still running in DispVM template
|
# we're still running in DispVM template
|
||||||
echo "Waiting for save/restore..."
|
echo "Waiting for save/restore..."
|
||||||
# ... wait until qubes-restore.c (in Dom0) recreates VM-specific keys
|
# ... wait until qubes-restore.c (in Dom0) recreates VM-specific keys
|
||||||
while ! xenstore-read qubes-restore-complete 2>/dev/null ; do
|
# TODO: restart qubesdb-daemon before this
|
||||||
usleep 10000
|
while ! qubesdb-read /qubes-restore-complete 2>/dev/null ; do
|
||||||
|
usleep 10
|
||||||
done
|
done
|
||||||
echo Back to life.
|
echo Back to life.
|
||||||
fi
|
fi
|
||||||
|
@ -3,3 +3,4 @@ xen-blkback
|
|||||||
xen-usbfront
|
xen-usbfront
|
||||||
u2mfn
|
u2mfn
|
||||||
xen-gntalloc
|
xen-gntalloc
|
||||||
|
xen-gntdev
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
Description=Init Qubes Services settings
|
Description=Init Qubes Services settings
|
||||||
DefaultDependencies=no
|
DefaultDependencies=no
|
||||||
Before=sysinit.target
|
Before=sysinit.target
|
||||||
After=proc-xen.mount systemd-modules-load.service
|
After=proc-xen.mount systemd-modules-load.service qubes-db.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
@ -1,19 +1,17 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# List of services enabled by default (in case of absence of xenstore entry)
|
# List of services enabled by default (in case of absence of qubesdb entry)
|
||||||
DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy"
|
DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy"
|
||||||
DEFAULT_ENABLED_PROXYVM="meminfo-writer qubes-network qubes-firewall qubes-netwatcher qubes-update-check"
|
DEFAULT_ENABLED_PROXYVM="meminfo-writer qubes-network qubes-firewall qubes-netwatcher qubes-update-check"
|
||||||
DEFAULT_ENABLED_APPVM="meminfo-writer cups qubes-update-check"
|
DEFAULT_ENABLED_APPVM="meminfo-writer cups qubes-update-check"
|
||||||
DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup"
|
DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup"
|
||||||
DEFAULT_ENABLED="meminfo-writer"
|
DEFAULT_ENABLED="meminfo-writer"
|
||||||
|
|
||||||
XS_READ=/usr/bin/xenstore-read
|
QDB_READ=/usr/bin/qubesdb-read
|
||||||
[ -x /usr/sbin/xenstore-read ] && XS_READ=/usr/sbin/xenstore-read
|
QDB_LS=/usr/bin/qubesdb-list
|
||||||
XS_LS=/usr/bin/xenstore-ls
|
|
||||||
[ -x /usr/sbin/xenstore-read ] && XS_LS=/usr/sbin/xenstore-ls
|
|
||||||
|
|
||||||
read_service() {
|
read_service() {
|
||||||
$XS_READ qubes-service/$1 2> /dev/null
|
$QDB_READ /qubes-service/$1 2> /dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
systemd_pkg_version=`systemctl --version|head -n 1`
|
systemd_pkg_version=`systemctl --version|head -n 1`
|
||||||
@ -31,13 +29,13 @@ mkdir -p /var/run/qubes
|
|||||||
mkdir -p /var/run/qubes-service
|
mkdir -p /var/run/qubes-service
|
||||||
mkdir -p /var/run/xen-hotplug
|
mkdir -p /var/run/xen-hotplug
|
||||||
|
|
||||||
# Set permissions to /proc/xen/xenbus, so normal user can use xenstore-read
|
# Set permissions to /proc/xen/xenbus, so normal user can use qubesdb-read
|
||||||
chmod 666 /proc/xen/xenbus
|
chmod 666 /proc/xen/xenbus
|
||||||
# Set permissions to files needed to listen at vchan
|
# Set permissions to files needed to listen at vchan
|
||||||
chmod 666 /proc/u2mfn
|
chmod 666 /proc/u2mfn
|
||||||
|
|
||||||
# Set default services depending on VM type
|
# Set default services depending on VM type
|
||||||
TYPE=`$XS_READ qubes-vm-type 2> /dev/null`
|
TYPE=`$QDB_READ /qubes-vm-type 2> /dev/null`
|
||||||
[ "$TYPE" = "AppVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM
|
[ "$TYPE" = "AppVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM
|
||||||
[ "$TYPE" = "NetVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_NETVM
|
[ "$TYPE" = "NetVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_NETVM
|
||||||
[ "$TYPE" = "ProxyVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_PROXYVM
|
[ "$TYPE" = "ProxyVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_PROXYVM
|
||||||
@ -49,23 +47,23 @@ for srv in $DEFAULT_ENABLED; do
|
|||||||
done
|
done
|
||||||
|
|
||||||
# Enable services
|
# Enable services
|
||||||
for srv in `$XS_LS qubes-service 2>/dev/null |grep ' = "1"'|cut -f 1 -d ' '`; do
|
for srv in `$QDB_LS /qubes-service 2>/dev/null |grep ' = "1"'|cut -f 1 -d ' '`; do
|
||||||
touch /var/run/qubes-service/$srv
|
touch /var/run/qubes-service/$srv
|
||||||
done
|
done
|
||||||
|
|
||||||
# Disable services
|
# Disable services
|
||||||
for srv in `$XS_LS qubes-service 2>/dev/null |grep ' = "0"'|cut -f 1 -d ' '`; do
|
for srv in `$QDB_LS /qubes-service 2>/dev/null |grep ' = "0"'|cut -f 1 -d ' '`; do
|
||||||
rm -f /var/run/qubes-service/$srv
|
rm -f /var/run/qubes-service/$srv
|
||||||
done
|
done
|
||||||
|
|
||||||
# Set the hostname
|
# Set the hostname
|
||||||
name=`$XS_READ name`
|
name=`$QDB_READ /name`
|
||||||
if [ -n "$name" ]; then
|
if [ -n "$name" ]; then
|
||||||
hostname $name
|
hostname $name
|
||||||
sed -i "s/^\(127\.0\.0\.1[\t ].*\) \($name \)\?\(.*\)/\1\2 $name/" /etc/hosts
|
sed -i "s/^\(127\.0\.0\.1[\t ].*\) \($name \)\?\(.*\)/\1\2 $name/" /etc/hosts
|
||||||
fi
|
fi
|
||||||
|
|
||||||
timezone=`$XS_READ qubes-timezone 2> /dev/null`
|
timezone=`$QDB_READ /qubes-timezone 2> /dev/null`
|
||||||
if [ -n "$timezone" ]; then
|
if [ -n "$timezone" ]; then
|
||||||
ln -f /usr/share/zoneinfo/$timezone /etc/localtime
|
ln -f /usr/share/zoneinfo/$timezone /etc/localtime
|
||||||
echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock
|
echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock
|
||||||
@ -75,7 +73,7 @@ fi
|
|||||||
# Prepare environment for other services
|
# Prepare environment for other services
|
||||||
echo > /var/run/qubes-service-environment
|
echo > /var/run/qubes-service-environment
|
||||||
|
|
||||||
debug_mode=`$XS_READ qubes-debug-mode 2> /dev/null`
|
debug_mode=`$QDB_READ /qubes-debug-mode 2> /dev/null`
|
||||||
if [ -n "$debug_mode" -a "$debug_mode" -gt 0 ]; then
|
if [ -n "$debug_mode" -a "$debug_mode" -gt 0 ]; then
|
||||||
echo "GUI_OPTS=-vv" >> /var/run/qubes-service-environment
|
echo "GUI_OPTS=-vv" >> /var/run/qubes-service-environment
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user