From b04594ed60744107644381b6a63e24e2a3925ebc Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Thu, 30 Oct 2014 16:35:12 -0400 Subject: [PATCH 1/8] Allow hyphenated distro names in tinyproxy filter --- network/filter-updates | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/network/filter-updates b/network/filter-updates index c1afa54..55fa0d8 100644 --- a/network/filter-updates +++ b/network/filter-updates @@ -5,7 +5,7 @@ ^mirrors\.fedoraproject\.org:443$ ^http://mirrors\..*/mirrorlist\? \.deb$ -/dists/[a-z]*/\(InRelease\|Release\|Release.gpg\)$ -/dists/[a-z]*/.*/\(Packages\|Sources\|Release\)\(\|\.gz\|\.bz2\|\.xz\|\.lzma\)$ -/dists/[a-z]*/.*/\(Contents\|Translation\)-.*\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)$ -/dists/[a-z]*/.*/\(Contents-.*\|Translation-.*\|Packages\)\.diff/\(Index\|[0-9.-]*\)\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)$ +/dists/[a-z-]*/\(InRelease\|Release\|Release.gpg\)$ +/dists/[a-z-]*/.*/\(Packages\|Sources\|Release\)\(\|\.gz\|\.bz2\|\.xz\|\.lzma\)$ +/dists/[a-z-]*/.*/\(Contents\|Translation\)-.*\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)$ +/dists/[a-z-]*/.*/\(Contents-.*\|Translation-.*\|Packages\)\.diff/\(Index\|[0-9.-]*\)\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)$ From 3366af3f55453ddd817761081c7c434d98398cd7 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Fri, 31 Oct 2014 01:56:19 -0400 Subject: [PATCH 2/8] Change condition test to compare to a link "-L" --- rpm_spec/core-vm.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index 43743bf..6101b86 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -276,7 +276,7 @@ fi if [ $1 -eq 0 ] ; then /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : - if [ -l /lib/firmware/updates ]; then + if [ -L /lib/firmware/updates ]; then rm /lib/firmware/updates fi fi From 5c351bf4ae916b3894825d61ab5eb2657843d1e8 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Fri, 31 Oct 2014 01:57:41 -0400 Subject: [PATCH 3/8] debian: add xen-utils-common as a dependancy to allow Debian proxies --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 2523068..b4f1774 100644 --- a/debian/control +++ b/debian/control @@ -9,7 +9,7 @@ Vcs-Git: git://git.qubes-os.org/marmarek/core-agent-linux.git Package: qubes-core-agent Architecture: any -Depends: qubes-utils, libvchan-xen, xenstore-utils, ethtool, python2.7, ${shlibs:Depends}, ${misc:Depends} +Depends: qubes-utils, libvchan-xen, xenstore-utils, xen-utils-common, ethtool, python2.7, init-system-helpers, ${shlibs:Depends}, ${misc:Depends} Conflicts: qubes-core-agent-linux Description: Qubes core agent This package includes various daemons necessary for qubes domU support, From 0937a3b3c63404cac78d47791128aff6d98b927c Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Fri, 31 Oct 2014 01:59:20 -0400 Subject: [PATCH 4/8] debian: Added maintainers scripts (pre / postinit + rm) - Currently in debug mode --- debian/postinst | 232 ++++++++++++++++++++++++++++++++++++++++++++++++ debian/postrm | 54 +++++++++++ debian/preinst | 98 ++++++++++++++++++++ debian/prerm | 54 +++++++++++ 4 files changed, 438 insertions(+) create mode 100755 debian/postinst create mode 100755 debian/postrm create mode 100755 debian/preinst create mode 100755 debian/prerm diff --git a/debian/postinst b/debian/postinst new file mode 100755 index 0000000..634579a --- /dev/null +++ b/debian/postinst @@ -0,0 +1,232 @@ +#!/bin/bash +# postinst script for core-agent-linux +# +# see: dh_installdeb(1) + +set -x + +# The postint script may be called in the following ways: +# * 'configure' +# * 'abort-upgrade' +# * 'abort-remove' 'in-favour' +# +# * 'abort-remove' +# * 'abort-deconfigure' 'in-favour' +# 'removing' +# +# +# For details, see http://www.debian.org/doc/debian-policy/ or +# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or +# the debian-policy package + +case "$1" in + configure) + # disable some Upstart services + for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do + if [ -e /etc/init/$F.conf ]; then + mv -f /etc/init/$F.conf /etc/init/$F.conf.disabled + fi + done + + remove_ShowIn () { + if [ -e /etc/xdg/autostart/$1.desktop ]; then + sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop + fi + } + + # reenable abrt-aplet if disable by some earlier version of package + remove_ShowIn abrt-applet.desktop + + # don't want it at all + for F in deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto gnome-power-manager gnome-sound-applet gnome-screensaver orca-autostart; do + if [ -e /etc/xdg/autostart/$F.desktop ]; then + remove_ShowIn $F + echo 'NotShowIn=QUBES;' >> /etc/xdg/autostart/$F.desktop + fi + done + + # don't want it in DisposableVM + for F in gcm-apply ; do + if [ -e /etc/xdg/autostart/$F.desktop ]; then + remove_ShowIn $F + echo 'NotShowIn=DisposableVM;' >> /etc/xdg/autostart/$F.desktop + fi + done + + # want it in AppVM only + for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do + if [ -e /etc/xdg/autostart/$F.desktop ]; then + remove_ShowIn $F + echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop + fi + done + + # remove existing rule to add own later + for F in gpk-update-icon nm-applet ; do + remove_ShowIn $F + done + + echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || : + echo 'OnlyShowIn=GNOME;QUBES;' >> /etc/xdg/autostart/nm-applet.desktop || : + + # Create NetworkManager configuration if we do not have it + if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then + echo '[main]' > /etc/NetworkManager/NetworkManager.conf + echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf + echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf + fi + /usr/lib/qubes/qubes-fix-nm-conf.sh + + + # Remove ip_forward setting from sysctl, so NM will not reset it + sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf + + # Remove old firmware updates link + if [ -L /lib/firmware/updates ]; then + rm -f /lib/firmware/updates + fi + + #if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf' /etc/yum.conf; then + # echo >> /etc/yum.conf + # echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf + # echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf + #fi + + # Revert 'Prevent unnecessary updates in VMs': + #sed -i -e '/^exclude = kernel/d' /etc/yum.conf + + # qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content + #if ! grep -q localhost /etc/hosts; then + cat < /etc/hosts +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 `hostname` +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +EOF + #fi + + #if [ "$1" != 1 ] ; then + # # do the rest of %post thing only when updating for the first time... + # exit 0 + #fi + + if [ -e /etc/init/serial.conf ] && ! [ -f /var/lib/qubes/serial.orig ] ; then + cp /etc/init/serial.conf /var/lib/qubes/serial.orig + fi + + # Remove most of the udev scripts to speed up the VM boot time + # Just leave the xen* scripts, that are needed if this VM was + # ever used as a net backend (e.g. as a VPN domain in the future) + #echo "--> Removing unnecessary udev scripts..." + mkdir -p /var/lib/qubes/removed-udev-scripts + for f in /etc/udev/rules.d/* + do + if [ $(basename $f) == "xen-backend.rules" ] ; then + continue + fi + + if [ $(basename $f) == "50-qubes-misc.rules" ] ; then + continue + fi + + if echo $f | grep -q qubes; then + continue + fi + + mv $f /var/lib/qubes/removed-udev-scripts/ + done + mkdir -p /rw + #rm -f /etc/mtab + #echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0" + #mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig + #grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0 + + ####################################################################### + # systemd post-init + ####################################################################### + for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-updates-proxy qubes-qrexec-agent; do + /bin/systemctl enable $srv.service 2> /dev/null + done + + /bin/systemctl enable qubes-update-check.timer 2> /dev/null + + UNITDIR=/lib/systemd/system + OVERRIDEDIR=/usr/lib/qubes/init + + # XXX: Debian specific + if [ -f "$OVERRIDEDIR/NetworkManager.service" ]; then + mv -f $OVERRIDEDIR/NetworkManager.service $OVERRIDEDIR/network-manager.service + sed 's/NetworkManager/network-manager/' -i $OVERRIDEDIR/network-manager.service + fi + if [ -f "$OVERRIDEDIR/NetworkManager-wait-online.service" ]; then + mv -f $OVERRIDEDIR/NetworkManager-wait-online.service $OVERRIDEDIR/network-manager-wait-online.service + sed 's/NetworkManager/network-manager/' -i $OVERRIDEDIR/network-manager-wait-online.service + fi + if [ -f "$OVERRIDEDIR/ModemManager" ]; then + mv -f $OVERRIDEDIR/ModemManager $OVERRIDEDIR/modemmanager.service + sed 's/ModemManager/modemmanager/' -i $OVERRIDEDIR/modemmanager.service + fi + + # Install overriden services only when original exists + #for srv in cups modemmanager network-manager network-manager-wait-online ntpd chronyd; do + for srv in cups modemmanager network-manager network-manager-wait-online; do + if [ -f $UNITDIR/$srv.service ]; then + cp $OVERRIDEDIR/$srv.service /etc/systemd/system/ + fi + if [ -f $UNITDIR/$srv.socket -a -f $OVERRIDEDIR/$srv.socket ]; then + cp $OVERRIDEDIR/$srv.socket /etc/systemd/system/ + fi + if [ -f $UNITDIR/$srv.path -a -f $OVERRIDEDIR/$srv.path ]; then + cp $OVERRIDEDIR/$srv.path /etc/systemd/system/ + fi + done + + # Set default "runlevel" + rm -f /etc/systemd/system/default.target + ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target + + #DISABLE_SERVICES="alsa-store alsa-restore auditd avahi avahi-daemon backuppc cpuspeed crond" + #DISABLE_SERVICES="$DISABLE_SERVICES fedora-autorelabel fedora-autorelabel-mark ipmi hwclock-load hwclock-save" + #DISABLE_SERVICES="$DISABLE_SERVICES mdmonitor multipathd openct rpcbind mcelog fedora-storage-init fedora-storage-init-late" + #DISABLE_SERVICES="$DISABLE_SERVICES plymouth-start plymouth-read-write plymouth-quit plymouth-quit-wait" + #DISABLE_SERVICES="$DISABLE_SERVICES sshd tcsd sm-client sendmail mdmonitor-takeover" + #DISABLE_SERVICES="$DISABLE_SERVICES rngd smartd upower irqbalance colord" + #for srv in $DISABLE_SERVICES; do + # if [ -f /lib/systemd/system/$srv.service ]; then + # if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then + # /bin/systemctl disable $srv.service 2> /dev/null + # else + # # forcibly disable + # ln -sf /dev/null /etc/systemd/system/$srv.service + # fi + # fi + #done + + rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service + + # Enable some services + /bin/systemctl enable iptables.service 2> /dev/null + /bin/systemctl enable ip6tables.service 2> /dev/null + /bin/systemctl enable rsyslog.service 2> /dev/null + /bin/systemctl enable ntpd.service 2> /dev/null + + # Enable cups only when it is real SystemD service + [ -e /lib/systemd/system/cups.service ] && /bin/systemctl enable cups.service 2> /dev/null + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + exit 0 + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + +# vim: set ts=4 sw=4 sts=4 et : diff --git a/debian/postrm b/debian/postrm new file mode 100755 index 0000000..ae7eb72 --- /dev/null +++ b/debian/postrm @@ -0,0 +1,54 @@ +#!/bin/bash +# postrm script for core-agent-linux +# +# see: dh_installdeb(1) + +set -x + +# The prerm script may be called in the following ways: +# * 'remove' +# * 'purge' +# * 'upgrade' +# * 'disappear' +# +# The postrm script is called after the package's files have been removed +# or replaced. The package whose postrm is being called may have previously been +# deconfigured and only be "Unpacked", at which point subsequent package changes +# do not consider its dependencies. Therefore, all postrm actions may only rely +# on essential packages and must gracefully skip any actions that require the +# package's dependencies if those dependencies are unavailable.[48] +# +# * 'failed-upgrade' +# +# Called when the old postrm upgrade action fails. The new package will be +# unpacked, but only essential packages and pre-dependencies can be relied on. +# Pre-dependencies will either be configured or will be "Unpacked" or +# "Half-Configured" but previously had been configured and was never removed. +# +# * 'abort-install' +# * 'abort-install' +# * 'abort-upgrade' +# +# Called before unpacking the new package as part of the error handling of +# preinst failures. May assume the same state as preinst can assume. +# +# For details, see http://www.debian.org/doc/debian-policy/ or +# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or +# the debian-policy package + +if [ "$1" = "remove" ] ; then + /usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas &> /dev/null || : + + if [ -L /lib/firmware/updates ]; then + rm /lib/firmware/updates + fi +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + +# vim: set ts=4 sw=4 sts=4 et : diff --git a/debian/preinst b/debian/preinst new file mode 100755 index 0000000..453c72e --- /dev/null +++ b/debian/preinst @@ -0,0 +1,98 @@ +#!/bin/bash +# preinst script for core-agent-linux +# +# see: dh_installdeb(1) + +set -x + +# The preinst script may be called in the following ways: +# * 'install' +# * 'install' +# * 'upgrade' +# +# The package will not yet be unpacked, so the preinst script cannot rely +# on any files included in its package. Only essential packages and +# pre-dependencies (Pre-Depends) may be assumed to be available. +# Pre-dependencies will have been configured at least once, but at the time the +# preinst is called they may only be in an "Unpacked" or "Half-Configured" state +# if a previous version of the pre-dependency was completely configured and has +# not been removed since then. +# +# +# * 'abort-upgrade' +# +# Called during error handling of an upgrade that failed after unpacking the +# new package because the postrm upgrade action failed. The unpacked files may +# be partly from the new version or partly missing, so the script cannot rely +# on files included in the package. Package dependencies may not be available. +# Pre-dependencies will be at least "Unpacked" following the same rules as +# above, except they may be only "Half-Installed" if an upgrade of the +# pre-dependency failed.[46] +# +# For details, see http://www.debian.org/doc/debian-policy/ or +# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or +# the debian-policy package + +if [ "$1" = "install" ] ; then + # -------------------------------------------------------------------------- + # Create required directories + # -------------------------------------------------------------------------- + mkdir -p /var/lib/qubes + mkdir -p /lib/modules + #mkdir -p -m 0700 /var/log/xen # xen-utils-common should do this + + if [ -e /etc/fstab ] ; then + mv /etc/fstab /var/lib/qubes/fstab.orig + fi + + # -------------------------------------------------------------------------- + # Modules setup + # -------------------------------------------------------------------------- + echo "xen_netfront" >> /etc/modules + + # -------------------------------------------------------------------------- + # Remove `mesg` from root/.profile? + # -------------------------------------------------------------------------- + sed -i -e '/^mesg n/d' /root/.profile + + # -------------------------------------------------------------------------- + # Update /etc/fstab + # -------------------------------------------------------------------------- + cat > /etc/fstab < 'remove' +# * 'upgrade' +# * 'remove' 'in-favour' +# * 'deconfigure' 'in-favour' +# [removing conflicting-package version] +# +# The package whose prerm is being called will be at least "Half-Installed". +# All package dependencies will at least be "Half-Installed" and will have +# previously been configured and not removed. If there was no error, all +# dependencies will at least be "Unpacked", but these actions may be called in +# various error states where dependencies are only "Half-Installed" due to a +# partial upgrade. +# +# * 'failed-upgrade' +# +# Called during error handling when prerm upgrade fails. The new package +# will not yet be unpacked, and all the same constraints as for preinst +# upgrade apply. +# +# For details, see http://www.debian.org/doc/debian-policy/ or +# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or +# the debian-policy package + +if [ "$1" = "remove" ] ; then + # no more packages left + if [ -e /var/lib/qubes/fstab.orig ] ; then + mv /var/lib/qubes/fstab.orig /etc/fstab + fi + + if [ -d /var/lib/qubes/removed-udev-scripts ] ; then + mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/ + fi + + if [ -e /var/lib/qubes/serial.orig ] ; then + mv /var/lib/qubes/serial.orig /etc/init/serial.conf + fi +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + +# vim: set ts=4 sw=4 sts=4 et : From d34268a085ce03b8e2d5dda32ba21f27cf224859 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Fri, 31 Oct 2014 03:04:42 -0400 Subject: [PATCH 5/8] debian: preinst needs a group and force no password entry on adduser --- debian/preinst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/debian/preinst b/debian/preinst index 453c72e..41e9e3e 100755 --- a/debian/preinst +++ b/debian/preinst @@ -78,7 +78,10 @@ EOF # -------------------------------------------------------------------------- # User add / modifications # -------------------------------------------------------------------------- - id -u 'user' || adduser user + id -u 'user' || { + groupadd -f user + useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user + } usermod -p '' root usermod -L user exit 0 From f02780421d1bafa1367a08ce98ad2d9d96421ed4 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sun, 2 Nov 2014 16:22:42 -0500 Subject: [PATCH 6/8] debian: Added less restrictive filter option for debian packages Sites like sourceforge append ?downloadxxx to end --- network/filter-updates | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network/filter-updates b/network/filter-updates index 55fa0d8..5fec48b 100644 --- a/network/filter-updates +++ b/network/filter-updates @@ -6,6 +6,6 @@ ^http://mirrors\..*/mirrorlist\? \.deb$ /dists/[a-z-]*/\(InRelease\|Release\|Release.gpg\)$ -/dists/[a-z-]*/.*/\(Packages\|Sources\|Release\)\(\|\.gz\|\.bz2\|\.xz\|\.lzma\)$ +/dists/[a-z-]*/.*/\(Packages\|Sources\|Release\)\(\|\.gz\|\.bz2\|\.xz\|\.lzma\|.*\)$ /dists/[a-z-]*/.*/\(Contents\|Translation\)-.*\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)$ /dists/[a-z-]*/.*/\(Contents-.*\|Translation-.*\|Packages\)\.diff/\(Index\|[0-9.-]*\)\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)$ From ef787ce40ba71ca0c78c21712f2272a993d82c43 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sun, 2 Nov 2014 16:24:41 -0500 Subject: [PATCH 7/8] debian: added new depends --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index b4f1774..a4e6164 100644 --- a/debian/control +++ b/debian/control @@ -9,7 +9,7 @@ Vcs-Git: git://git.qubes-os.org/marmarek/core-agent-linux.git Package: qubes-core-agent Architecture: any -Depends: qubes-utils, libvchan-xen, xenstore-utils, xen-utils-common, ethtool, python2.7, init-system-helpers, ${shlibs:Depends}, ${misc:Depends} +Depends: qubes-utils, libvchan-xen, xenstore-utils, xen-utils-common, tinyproxy, ethtool, python2.7, init-system-helpers, ${shlibs:Depends}, ${misc:Depends} Conflicts: qubes-core-agent-linux Description: Qubes core agent This package includes various daemons necessary for qubes domU support, From be37c6cc5b9aef6e220ef973b26c33d0bcdebd72 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sun, 2 Nov 2014 16:28:50 -0500 Subject: [PATCH 8/8] debian: force shell to be bash since its default is dash and many qubes scripts rely on bash and will break in dash and added tinyproxy user --- debian/postinst | 10 ++++++++++ debian/preinst | 11 +++++++++++ 2 files changed, 21 insertions(+) diff --git a/debian/postinst b/debian/postinst index 634579a..39a707b 100755 --- a/debian/postinst +++ b/debian/postinst @@ -34,6 +34,16 @@ case "$1" in fi } + + # Stops Qt form using the MIT-SHM X11 Shared Memory Extension + echo 'export QT_X11_NO_MITSHM=1' >> /etc/profile + + # Sudo's defualt umask is 077 so set sane default of 022 + # Also don't allow QT to used shared memory to prevent errors + echo 'Defaults umask = 0002' >> /etc/sudoers + echo 'Defaults umask_override' >> /etc/sudoers + echo 'Defaults env_keep += "QT_X11_NO_MITSHM"' >> /etc/sudoers + # reenable abrt-aplet if disable by some earlier version of package remove_ShowIn abrt-applet.desktop diff --git a/debian/preinst b/debian/preinst index 41e9e3e..4a6876e 100755 --- a/debian/preinst +++ b/debian/preinst @@ -45,6 +45,13 @@ if [ "$1" = "install" ] ; then mv /etc/fstab /var/lib/qubes/fstab.orig fi + # -------------------------------------------------------------------------- + # Many Qubes scripts reference /bin/sh expecting the shell to be bash but + # in Debian it is dash so some scripts will fail so force an alternate for + # /bin/sh to be /bin/bash + # -------------------------------------------------------------------------- + update-alternatives --force --install /bin/sh sh /bin/bash 999 + # -------------------------------------------------------------------------- # Modules setup # -------------------------------------------------------------------------- @@ -82,6 +89,10 @@ EOF groupadd -f user useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user } + id -u 'tinyproxy' || { + groupadd -f tinyproxy + useradd -g tinyproxy -M --home /run/tinyproxy --shell /bin/false tinyproxy + } usermod -p '' root usermod -L user exit 0