Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'nrgaway/debian' into debian

Browse Source
This commit is contained in:
Marek Marczykowski-Górecki 2014-11-05 04:24:41 +01:00
commit e4e7176a16
7 changed files with 468 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/control vendored
View File

@ -9,7 +9,7 @@ Vcs-Git: git://git.qubes-os.org/marmarek/core-agent-linux.git
Package: qubes-core-agent
Architecture: any
Depends: qubes-utils, libvchan-xen, xenstore-utils, ethtool, python2.7, ${shlibs:Depends}, ${misc:Depends}
Depends: qubes-utils, libvchan-xen, xenstore-utils, xen-utils-common, tinyproxy, ethtool, python2.7, init-system-helpers, ${shlibs:Depends}, ${misc:Depends}
Conflicts: qubes-core-agent-linux
Description: Qubes core agent
This package includes various daemons necessary for qubes domU support,

242
debian/postinst vendored Executable file
View File

@ -0,0 +1,242 @@
#!/bin/bash
# postinst script for core-agent-linux
#
# see: dh_installdeb(1)
set -x
# The postint script may be called in the following ways:
# * <postinst> 'configure' <most-recently-configured-version>
# * <old-postinst> 'abort-upgrade' <new version>
# * <conflictor's-postinst> 'abort-remove' 'in-favour' <package>
# <new-version>
# * <postinst> 'abort-remove'
# * <deconfigured's-postinst> 'abort-deconfigure' 'in-favour'
# <failed-install-package> <version> 'removing'
# <conflicting-package> <version>
#
# For details, see http://www.debian.org/doc/debian-policy/ or
# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or
# the debian-policy package
case "$1" in
configure)
# disable some Upstart services
for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do
if [ -e /etc/init/$F.conf ]; then
mv -f /etc/init/$F.conf /etc/init/$F.conf.disabled
fi
done
remove_ShowIn () {
if [ -e /etc/xdg/autostart/$1.desktop ]; then
sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop
fi
}
# Stops Qt form using the MIT-SHM X11 Shared Memory Extension
echo 'export QT_X11_NO_MITSHM=1' >> /etc/profile
# Sudo's defualt umask is 077 so set sane default of 022
# Also don't allow QT to used shared memory to prevent errors
echo 'Defaults umask = 0002' >> /etc/sudoers
echo 'Defaults umask_override' >> /etc/sudoers
echo 'Defaults env_keep += "QT_X11_NO_MITSHM"' >> /etc/sudoers
# reenable abrt-aplet if disable by some earlier version of package
remove_ShowIn abrt-applet.desktop
# don't want it at all
for F in deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto gnome-power-manager gnome-sound-applet gnome-screensaver orca-autostart; do
if [ -e /etc/xdg/autostart/$F.desktop ]; then
remove_ShowIn $F
echo 'NotShowIn=QUBES;' >> /etc/xdg/autostart/$F.desktop
fi
done
# don't want it in DisposableVM
for F in gcm-apply ; do
if [ -e /etc/xdg/autostart/$F.desktop ]; then
remove_ShowIn $F
echo 'NotShowIn=DisposableVM;' >> /etc/xdg/autostart/$F.desktop
fi
done
# want it in AppVM only
for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do
if [ -e /etc/xdg/autostart/$F.desktop ]; then
remove_ShowIn $F
echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop
fi
done
# remove existing rule to add own later
for F in gpk-update-icon nm-applet ; do
remove_ShowIn $F
done
echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || :
echo 'OnlyShowIn=GNOME;QUBES;' >> /etc/xdg/autostart/nm-applet.desktop || :
# Create NetworkManager configuration if we do not have it
if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
echo '[main]' > /etc/NetworkManager/NetworkManager.conf
echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
fi
/usr/lib/qubes/qubes-fix-nm-conf.sh
# Remove ip_forward setting from sysctl, so NM will not reset it
sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf
# Remove old firmware updates link
if [ -L /lib/firmware/updates ]; then
rm -f /lib/firmware/updates
fi
#if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf' /etc/yum.conf; then
# echo >> /etc/yum.conf
# echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf
# echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf
#fi
# Revert 'Prevent unnecessary updates in VMs':
#sed -i -e '/^exclude = kernel/d' /etc/yum.conf
# qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content
#if ! grep -q localhost /etc/hosts; then
cat <<EOF > /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 `hostname`
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
#fi
#if [ "$1" != 1 ] ; then
# # do the rest of %post thing only when updating for the first time...
# exit 0
#fi
if [ -e /etc/init/serial.conf ] && ! [ -f /var/lib/qubes/serial.orig ] ; then
cp /etc/init/serial.conf /var/lib/qubes/serial.orig
fi
# Remove most of the udev scripts to speed up the VM boot time
# Just leave the xen* scripts, that are needed if this VM was
# ever used as a net backend (e.g. as a VPN domain in the future)
#echo "--> Removing unnecessary udev scripts..."
mkdir -p /var/lib/qubes/removed-udev-scripts
for f in /etc/udev/rules.d/*
do
if [ $(basename $f) == "xen-backend.rules" ] ; then
continue
fi
if [ $(basename $f) == "50-qubes-misc.rules" ] ; then
continue
fi
if echo $f | grep -q qubes; then
continue
fi
mv $f /var/lib/qubes/removed-udev-scripts/
done
mkdir -p /rw
#rm -f /etc/mtab
#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0"
#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig
#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0
#######################################################################
# systemd post-init
#######################################################################
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-updates-proxy qubes-qrexec-agent; do
/bin/systemctl enable $srv.service 2> /dev/null
done
/bin/systemctl enable qubes-update-check.timer 2> /dev/null
UNITDIR=/lib/systemd/system
OVERRIDEDIR=/usr/lib/qubes/init
# XXX: Debian specific
if [ -f "$OVERRIDEDIR/NetworkManager.service" ]; then
mv -f $OVERRIDEDIR/NetworkManager.service $OVERRIDEDIR/network-manager.service
sed 's/NetworkManager/network-manager/' -i $OVERRIDEDIR/network-manager.service
fi
if [ -f "$OVERRIDEDIR/NetworkManager-wait-online.service" ]; then
mv -f $OVERRIDEDIR/NetworkManager-wait-online.service $OVERRIDEDIR/network-manager-wait-online.service
sed 's/NetworkManager/network-manager/' -i $OVERRIDEDIR/network-manager-wait-online.service
fi
if [ -f "$OVERRIDEDIR/ModemManager" ]; then
mv -f $OVERRIDEDIR/ModemManager $OVERRIDEDIR/modemmanager.service
sed 's/ModemManager/modemmanager/' -i $OVERRIDEDIR/modemmanager.service
fi
# Install overriden services only when original exists
#for srv in cups modemmanager network-manager network-manager-wait-online ntpd chronyd; do
for srv in cups modemmanager network-manager network-manager-wait-online; do
if [ -f $UNITDIR/$srv.service ]; then
cp $OVERRIDEDIR/$srv.service /etc/systemd/system/
fi
if [ -f $UNITDIR/$srv.socket -a -f $OVERRIDEDIR/$srv.socket ]; then
cp $OVERRIDEDIR/$srv.socket /etc/systemd/system/
fi
if [ -f $UNITDIR/$srv.path -a -f $OVERRIDEDIR/$srv.path ]; then
cp $OVERRIDEDIR/$srv.path /etc/systemd/system/
fi
done
# Set default "runlevel"
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
#DISABLE_SERVICES="alsa-store alsa-restore auditd avahi avahi-daemon backuppc cpuspeed crond"
#DISABLE_SERVICES="$DISABLE_SERVICES fedora-autorelabel fedora-autorelabel-mark ipmi hwclock-load hwclock-save"
#DISABLE_SERVICES="$DISABLE_SERVICES mdmonitor multipathd openct rpcbind mcelog fedora-storage-init fedora-storage-init-late"
#DISABLE_SERVICES="$DISABLE_SERVICES plymouth-start plymouth-read-write plymouth-quit plymouth-quit-wait"
#DISABLE_SERVICES="$DISABLE_SERVICES sshd tcsd sm-client sendmail mdmonitor-takeover"
#DISABLE_SERVICES="$DISABLE_SERVICES rngd smartd upower irqbalance colord"
#for srv in $DISABLE_SERVICES; do
# if [ -f /lib/systemd/system/$srv.service ]; then
# if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then
# /bin/systemctl disable $srv.service 2> /dev/null
# else
# # forcibly disable
# ln -sf /dev/null /etc/systemd/system/$srv.service
# fi
# fi
#done
rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
# Enable some services
/bin/systemctl enable iptables.service 2> /dev/null
/bin/systemctl enable ip6tables.service 2> /dev/null
/bin/systemctl enable rsyslog.service 2> /dev/null
/bin/systemctl enable ntpd.service 2> /dev/null
# Enable cups only when it is real SystemD service
[ -e /lib/systemd/system/cups.service ] && /bin/systemctl enable cups.service 2> /dev/null
;;
abort-upgrade|abort-remove|abort-deconfigure)
exit 0
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
# vim: set ts=4 sw=4 sts=4 et :

54
debian/postrm vendored Executable file
View File

@ -0,0 +1,54 @@
#!/bin/bash
# postrm script for core-agent-linux
#
# see: dh_installdeb(1)
set -x
# The prerm script may be called in the following ways:
# * <postrm> 'remove'
# * <postrm> 'purge'
# * <old-postrm> 'upgrade' <new-version>
# * <disappearer's-postrm> 'disappear' <overwriter> <overwriter-version>
#
# The postrm script is called after the package's files have been removed
# or replaced. The package whose postrm is being called may have previously been
# deconfigured and only be "Unpacked", at which point subsequent package changes
# do not consider its dependencies. Therefore, all postrm actions may only rely
# on essential packages and must gracefully skip any actions that require the
# package's dependencies if those dependencies are unavailable.[48]
#
# * <new-postrm> 'failed-upgrade' <old-version>
#
# Called when the old postrm upgrade action fails. The new package will be
# unpacked, but only essential packages and pre-dependencies can be relied on.
# Pre-dependencies will either be configured or will be "Unpacked" or
# "Half-Configured" but previously had been configured and was never removed.
#
# * <new-postrm> 'abort-install'
# * <new-postrm> 'abort-install' <old-version>
# * <new-postrm> 'abort-upgrade' <old-version>
#
# Called before unpacking the new package as part of the error handling of
# preinst failures. May assume the same state as preinst can assume.
#
# For details, see http://www.debian.org/doc/debian-policy/ or
# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or
# the debian-policy package
if [ "$1" = "remove" ] ; then
/usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas &> /dev/null || :
if [ -L /lib/firmware/updates ]; then
rm /lib/firmware/updates
fi
fi
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
# vim: set ts=4 sw=4 sts=4 et :

112
debian/preinst vendored Executable file
View File

@ -0,0 +1,112 @@
#!/bin/bash
# preinst script for core-agent-linux
#
# see: dh_installdeb(1)
set -x
# The preinst script may be called in the following ways:
# * <new-preinst> 'install'
# * <new-preinst> 'install' <old-version>
# * <new-preinst> 'upgrade' <old-version>
#
# The package will not yet be unpacked, so the preinst script cannot rely
# on any files included in its package. Only essential packages and
# pre-dependencies (Pre-Depends) may be assumed to be available.
# Pre-dependencies will have been configured at least once, but at the time the
# preinst is called they may only be in an "Unpacked" or "Half-Configured" state
# if a previous version of the pre-dependency was completely configured and has
# not been removed since then.
#
#
# * <old-preinst> 'abort-upgrade' <new-version>
#
# Called during error handling of an upgrade that failed after unpacking the
# new package because the postrm upgrade action failed. The unpacked files may
# be partly from the new version or partly missing, so the script cannot rely
# on files included in the package. Package dependencies may not be available.
# Pre-dependencies will be at least "Unpacked" following the same rules as
# above, except they may be only "Half-Installed" if an upgrade of the
# pre-dependency failed.[46]
#
# For details, see http://www.debian.org/doc/debian-policy/ or
# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or
# the debian-policy package
if [ "$1" = "install" ] ; then
# --------------------------------------------------------------------------
# Create required directories
# --------------------------------------------------------------------------
mkdir -p /var/lib/qubes
mkdir -p /lib/modules
#mkdir -p -m 0700 /var/log/xen # xen-utils-common should do this
if [ -e /etc/fstab ] ; then
mv /etc/fstab /var/lib/qubes/fstab.orig
fi
# --------------------------------------------------------------------------
# Many Qubes scripts reference /bin/sh expecting the shell to be bash but
# in Debian it is dash so some scripts will fail so force an alternate for
# /bin/sh to be /bin/bash
# --------------------------------------------------------------------------
update-alternatives --force --install /bin/sh sh /bin/bash 999
# --------------------------------------------------------------------------
# Modules setup
# --------------------------------------------------------------------------
echo "xen_netfront" >> /etc/modules
# --------------------------------------------------------------------------
# Remove `mesg` from root/.profile?
# --------------------------------------------------------------------------
sed -i -e '/^mesg n/d' /root/.profile
# --------------------------------------------------------------------------
# Update /etc/fstab
# --------------------------------------------------------------------------
cat > /etc/fstab <<EOF
/dev/mapper/dmroot / ext4 defaults,noatime 1 1
/dev/xvdc1 swap swap defaults 0 0
/dev/xvdb /rw ext4 noauto,defaults,discard 1 2
/rw/home /home none noauto,bind,defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
xen /proc/xen xenfs defaults 0 0
/dev/xvdi /mnt/removable auto noauto,user,rw 0 0
/dev/xvdd /lib/modules ext3 defaults 0 0
EOF
# --------------------------------------------------------------------------
# User add / modifications
# --------------------------------------------------------------------------
id -u 'user' || {
groupadd -f user
useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
}
id -u 'tinyproxy' || {
groupadd -f tinyproxy
useradd -g tinyproxy -M --home /run/tinyproxy --shell /bin/false tinyproxy
}
usermod -p '' root
usermod -L user
exit 0
fi
if [ "$1" = "upgrade" ] ; then
exit 0
fi
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
# vim: set ts=4 sw=4 sts=4 et :

54
debian/prerm vendored Executable file
View File

@ -0,0 +1,54 @@
#!/bin/bash
# prerm script for core-agent-linux
#
# see: dh_installdeb(1)
set -x
# The prerm script may be called in the following ways:
# * <prerm> 'remove'
# * <old-prerm> 'upgrade' <new-version>
# * <conflictor's-prerm> 'remove' 'in-favour' <package> <new-version>
# * <deconfigured's-prerm> 'deconfigure' 'in-favour' <package-being-installed>
# <version> [removing conflicting-package version]
#
# The package whose prerm is being called will be at least "Half-Installed".
# All package dependencies will at least be "Half-Installed" and will have
# previously been configured and not removed. If there was no error, all
# dependencies will at least be "Unpacked", but these actions may be called in
# various error states where dependencies are only "Half-Installed" due to a
# partial upgrade.
#
# * <new-prerm> 'failed-upgrade' <old-version>
#
# Called during error handling when prerm upgrade fails. The new package
# will not yet be unpacked, and all the same constraints as for preinst
# upgrade apply.
#
# For details, see http://www.debian.org/doc/debian-policy/ or
# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or
# the debian-policy package
if [ "$1" = "remove" ] ; then
# no more packages left
if [ -e /var/lib/qubes/fstab.orig ] ; then
mv /var/lib/qubes/fstab.orig /etc/fstab
fi
if [ -d /var/lib/qubes/removed-udev-scripts ] ; then
mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
fi
if [ -e /var/lib/qubes/serial.orig ] ; then
mv /var/lib/qubes/serial.orig /etc/init/serial.conf
fi
fi
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
# vim: set ts=4 sw=4 sts=4 et :

8
network/filter-updates
View File

@ -5,7 +5,7 @@
^mirrors\.fedoraproject\.org:443$
^http://mirrors\..*/mirrorlist\?
\.deb$
/dists/[a-z]*/\(InRelease\|Release\|Release.gpg\)$
/dists/[a-z]*/.*/\(Packages\|Sources\|Release\)\(\|\.gz\|\.bz2\|\.xz\|\.lzma\)$
/dists/[a-z]*/.*/\(Contents\|Translation\)-.*\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)$
/dists/[a-z]*/.*/\(Contents-.*\|Translation-.*\|Packages\)\.diff/\(Index\|[0-9.-]*\)\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)$
/dists/[a-z-]*/\(InRelease\|Release\|Release.gpg\)$
/dists/[a-z-]*/.*/\(Packages\|Sources\|Release\)\(\|\.gz\|\.bz2\|\.xz\|\.lzma\|.*\)$
/dists/[a-z-]*/.*/\(Contents\|Translation\)-.*\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)$
/dists/[a-z-]*/.*/\(Contents-.*\|Translation-.*\|Packages\)\.diff/\(Index\|[0-9.-]*\)\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)$

2
rpm_spec/core-vm.spec
View File

@ -276,7 +276,7 @@ fi
if [ $1 -eq 0 ] ; then
/usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
if [ -l /lib/firmware/updates ]; then
if [ -L /lib/firmware/updates ]; then
rm /lib/firmware/updates
fi
fi