From 328430d3bf3022463c99fd27befbb1fe4afc905a Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sat, 7 Feb 2015 04:51:45 -0500 Subject: [PATCH 01/16] debian: Remove 'exit 0' in maintainer section scripts to all other debhelpers (if any) to also execute --- debian/qubes-core-agent.postinst | 1 - debian/qubes-core-agent.preinst | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/debian/qubes-core-agent.postinst b/debian/qubes-core-agent.postinst index beeb3f2..faccf83 100755 --- a/debian/qubes-core-agent.postinst +++ b/debian/qubes-core-agent.postinst @@ -412,7 +412,6 @@ case "${1}" in ;; esac done - exit 0 ;; *) diff --git a/debian/qubes-core-agent.preinst b/debian/qubes-core-agent.preinst index 2779846..30ee1db 100755 --- a/debian/qubes-core-agent.preinst +++ b/debian/qubes-core-agent.preinst @@ -57,11 +57,10 @@ if [ "$1" = "install" ] ; then } usermod -p '' root usermod -L user - exit 0 fi if [ "$1" = "upgrade" ] ; then - exit 0 + true fi # dh_installdeb will replace this with shell code automatically From ccff1f3149e6a07cb7d2a28c57cb2aac02dbd465 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sat, 7 Feb 2015 06:07:35 -0500 Subject: [PATCH 02/16] Add a qubes group and then add the user 'user' to the group This is to allow permissions to be set on some devices where the user needs less restrictive permissions. /etc/udev/rules.d/99-qubes-misc.rules changes a few xen devices to allow the users in the qubes group access --- archlinux/PKGBUILD.install | 4 ++++ debian/qubes-core-agent.preinst | 30 ++++++++++++++++++------------ rpm_spec/core-vm.spec | 7 ++++++- 3 files changed, 28 insertions(+), 13 deletions(-) diff --git a/archlinux/PKGBUILD.install b/archlinux/PKGBUILD.install index 40be6fa..3b1e8a4 100644 --- a/archlinux/PKGBUILD.install +++ b/archlinux/PKGBUILD.install @@ -209,9 +209,13 @@ pre_install() { # Add qubes core related fstab entries echo "xen /proc/xen xenfs defaults 0 0" >> /etc/fstab + # Add a qubes group + groupadd --force --system --gid 98 qubes + # Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this. # See https://bugs.archlinux.org/task/31831 useradd --shell /bin/zsh --create-home user + usermod --groups qubes user } ## arg 1: the new package version diff --git a/debian/qubes-core-agent.preinst b/debian/qubes-core-agent.preinst index 30ee1db..e99f74a 100755 --- a/debian/qubes-core-agent.preinst +++ b/debian/qubes-core-agent.preinst @@ -34,6 +34,24 @@ set -e # the debian-policy package if [ "$1" = "install" ] ; then + # -------------------------------------------------------------------------- + # Required groups + # -------------------------------------------------------------------------- + groupadd --force --system --gid 98 qubes + groupadd --force --system sudo + + # -------------------------------------------------------------------------- + # User add / modifications + # -------------------------------------------------------------------------- + id -u 'user' >/dev/null 2>&1 || { + useradd --user-group --create-home --shell /bin/bash user + } + id -u 'tinyproxy' >/dev/null 2>&1 || { + useradd --user-group --system -M --home /run/tinyproxy --shell /bin/false tinyproxy + } + usermod -p '' root + usermod -L --groups qubes,sudo user + # -------------------------------------------------------------------------- # Create required directories # -------------------------------------------------------------------------- @@ -45,18 +63,6 @@ if [ "$1" = "install" ] ; then # Remove `mesg` from root/.profile? # -------------------------------------------------------------------------- sed -i -e '/^mesg n/d' /root/.profile - - # -------------------------------------------------------------------------- - # User add / modifications - # -------------------------------------------------------------------------- - id -u 'user' >/dev/null 2>&1 || { - useradd -U -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user - } - id -u 'tinyproxy' >/dev/null 2>&1 || { - useradd -U -r -M --home /run/tinyproxy --shell /bin/false tinyproxy - } - usermod -p '' root - usermod -L user fi if [ "$1" = "upgrade" ] ; then diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index fd02ce4..d55e07e 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -111,6 +111,12 @@ for dir in qubes-rpc qrexec misc; do done %pre +# Make sure there is a qubes group +groupadd --force --system --gid 98 qubes +id -u 'user' >/dev/null 2>&1 || { + useradd --user-group --create-home --shell /bin/bash user +} +usermod --groups qubes user if [ "$1" != 1 ] ; then # do this whole %pre thing only when updating for the first time... @@ -122,7 +128,6 @@ if [ -e /etc/fstab ] ; then mv /etc/fstab /var/lib/qubes/fstab.orig fi -adduser --create-home user usermod -p '' root usermod -L user From 4366dd9ba7063b33c11c8b75b45b3399ab2e0ff6 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sat, 7 Feb 2015 06:18:13 -0500 Subject: [PATCH 03/16] Remove 'xen.evtchn' udev rule This rule already gets set in linux-utils linux-utils/udev/udev-qubes-misc.rules:KERNEL=="xen/evtchn", MODE="0660", GROUP="qubes" --- misc/udev-qubes-misc.rules | 1 - 1 file changed, 1 deletion(-) diff --git a/misc/udev-qubes-misc.rules b/misc/udev-qubes-misc.rules index cf69b73..9a0c95a 100644 --- a/misc/udev-qubes-misc.rules +++ b/misc/udev-qubes-misc.rules @@ -1,2 +1 @@ SUBSYSTEM=="memory", ACTION=="add", ATTR{state}=="offline", ATTR{state}="online" -KERNEL=="xen/evtchn", MODE="0666" From 87bf833368a22d5117815158fe2a3c4e830c4a4b Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sat, 7 Feb 2015 06:26:51 -0500 Subject: [PATCH 04/16] Set permissions to /proc/xen/privcmd, so a user in qubes group can access --- vm-systemd/qubes-sysinit.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vm-systemd/qubes-sysinit.sh b/vm-systemd/qubes-sysinit.sh index 877447e..ede3b9b 100755 --- a/vm-systemd/qubes-sysinit.sh +++ b/vm-systemd/qubes-sysinit.sh @@ -32,6 +32,10 @@ mkdir -p /var/run/xen-hotplug # Set permissions to /proc/xen/xenbus, so normal user can use qubesdb-read chmod 666 /proc/xen/xenbus +# Set permissions to /proc/xen/privcmd, so a user in qubes group can access +chmod 660 /proc/xen/privcmd +chgrp qubes /proc/xen/privcmd + [ -e /proc/u2mfn ] || modprobe u2mfn # Set permissions to files needed to listen at vchan chmod 666 /proc/u2mfn From 0df84c7796ad400c6f6c576880c791360825784f Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 10:40:51 -0500 Subject: [PATCH 05/16] debian: Converted debian package to a quilt package to allow patches Applied patch to qrexec Makefile to prevent compile failure on warnings qrexec: Disable all warnings being treated as errors gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2 -c -o qrexec-agent-data.o qrexec-agent-data.c qrexec-agent-data.c: In function 'handle_remote_data': qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing] status = *(unsigned int *)buf; ^ cc1: all warnings being treated as errors : recipe for target 'qrexec-agent-data.o' failed --- Makefile | 4 + debian/README.configuration | 77 +++++++++++++++++++ debian/changelog | 2 +- debian/control | 4 +- ...rexec_disable_all_warnings_as_errors.patch | 19 +++++ debian/patches/series | 1 + debian/rules | 5 +- debian/source/format | 2 +- 8 files changed, 109 insertions(+), 5 deletions(-) create mode 100644 debian/README.configuration create mode 100644 debian/patches/qrexec_disable_all_warnings_as_errors.patch create mode 100644 debian/patches/series diff --git a/Makefile b/Makefile index 1b53112..537c6f8 100644 --- a/Makefile +++ b/Makefile @@ -190,6 +190,10 @@ install-common: install -d $(DESTDIR)/home_volatile/user install -d $(DESTDIR)/rw +# Create a quilt orig package so we can build xen in Debian +dist: + tar cvfz "../qubes-core-agent_$(VERSION).orig.tar.gz" --exclude-vcs --exclude=debian . + install-deb: mkdir -p $(DESTDIR)/etc/apt/sources.list.d sed -e "s/@DIST@/`lsb_release -cs`/" misc/qubes-r3.list.in > $(DESTDIR)/etc/apt/sources.list.d/qubes-r3.list diff --git a/debian/README.configuration b/debian/README.configuration new file mode 100644 index 0000000..e36e514 --- /dev/null +++ b/debian/README.configuration @@ -0,0 +1,77 @@ +Debian Packaging Guide +---------------------- +https://www.debian.org/doc/manuals/maint-guide/first.en.html + + +=============================================================================== + Bash.rc +=============================================================================== +# Assume usename 'user' running this, otherwise +# /home/user/.bashrc +cat >>~/.bashrc <<'EOF' +DEBMAIL="user@chroot.local" +DEBFULLNAME="Qubes Builder" +export DEBMAIL DEBFULLNAME + +alias dquilt="quilt --quiltrc=${HOME}/.quiltrc-dpkg" +complete -F _quilt_completion $_quilt_complete_opt dquilt +EOF + + +=============================================================================== + Quilt RC +=============================================================================== +cat >>~/.quiltrc-dpkg <<'EOF' +d=. ; while [ ! -d $d/debian -a `readlink -e $d` != / ]; do d=$d/..; done +if [ -d $d/debian ] && [ -z $QUILT_PATCHES ]; then + # if in Debian packaging tree with unset $QUILT_PATCHES + QUILT_PATCHES="debian/patches" + QUILT_PATCH_OPTS="--reject-format=unified" + QUILT_DIFF_ARGS="-p ab --no-timestamps --no-index --color=auto" + QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index" + QUILT_COLORS="diff_hdr=1;32:diff_add=1;34:diff_rem=1;31:diff_hunk=1;33:diff_ctx=35:diff_cctx=33" + if ! [ -d $d/debian/patches ]; then mkdir $d/debian/patches; fi +fi +EOF + +=============================================================================== + Create a fresh Debian configuration +=============================================================================== +apt-get dh-make + +# Example +$ cd ~/gentoo +$ wget http://example.org/gentoo-0.9.12.tar.gz +$ tar -xvzf gentoo-0.9.12.tar.gz +$ cd gentoo-0.9.12 +$ dh_make -f ../gentoo-0.9.12.tar.gz + + +=============================================================================== + Adding Patches +=============================================================================== +https://www.debian.org/doc/manuals/maint-guide/modify.en.html + +# When anyone (including yourself) provides a patch foo.patch to the source +# later, modifying a 3.0 (quilt) source package is quite simple: +$ dpkg-source -x gentoo_0.9.12.dsc +$ cd gentoo-0.9.12 +$ dquilt import ../foo.patch +$ dquilt push +$ dquilt refresh +$ dquilt header -e +... describe patch + + + +=============================================================================== + Other +=============================================================================== +# To list all dh_ modules... +man -k dh_ + +# To indicate what build-depends are required! +dpkg-depcheck -d ./configure + +# Test build (unsigned) +dpkg-buildpackage -us -uc diff --git a/debian/changelog b/debian/changelog index 5a211fc..90cf085 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -qubes-core-agent (3.0.0) jessie; urgency=medium +qubes-core-agent (3.0.0-1) jessie; urgency=medium [ Marek Marczykowski-Górecki ] * Improve handling of .desktop files diff --git a/debian/control b/debian/control index 6793733..019cf62 100644 --- a/debian/control +++ b/debian/control @@ -2,8 +2,8 @@ Source: qubes-core-agent Section: admin Priority: extra Maintainer: Davíð Steinn Geirsson -Build-Depends: qubes-utils (>= 2.0.17), libvchan-xen-dev, python, debhelper, quilt, libxen-dev, dh-systemd (>= 1.5) -Standards-Version: 3.9.3 +Build-Depends: qubes-utils (>= 2.0.17), libvchan-xen-dev, python, debhelper, quilt, libxen-qubes-vm-dev, dh-systemd (>= 1.5) +Standards-Version: 3.9.5 Homepage: http://www.qubes-os.org Vcs-Git: git://git.qubes-os.org/marmarek/core-agent-linux.git diff --git a/debian/patches/qrexec_disable_all_warnings_as_errors.patch b/debian/patches/qrexec_disable_all_warnings_as_errors.patch new file mode 100644 index 0000000..f339717 --- /dev/null +++ b/debian/patches/qrexec_disable_all_warnings_as_errors.patch @@ -0,0 +1,19 @@ +qrexec: Disable all warnings being treated as errors + +gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2 -c -o qrexec-agent-data.o qrexec-agent-data.c +qrexec-agent-data.c: In function 'handle_remote_data': +qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing] + status = *(unsigned int *)buf; + ^ +cc1: all warnings being treated as errors +: recipe for target 'qrexec-agent-data.o' failed + +--- a/qrexec/Makefile ++++ b/qrexec/Makefile +@@ -1,5 +1,5 @@ + CC=gcc +-CFLAGS+=-I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)` ++CFLAGS+=-I. -g -Wall -Wextra -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)` + LIBS=`pkg-config --libs vchan-$(BACKEND_VMM)` -lqrexec-utils + + all: qrexec-agent qrexec-client-vm diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..05ecef2 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +qrexec_disable_all_warnings_as_errors.patch diff --git a/debian/rules b/debian/rules index ff4db5c..f9b13cf 100755 --- a/debian/rules +++ b/debian/rules @@ -4,10 +4,13 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/default.mk + export DESTDIR=$(shell pwd)/debian/qubes-core-agent %: - dh $@ --with systemd + dh $@ --with systemd --with autotools-dev override_dh_auto_build: make all diff --git a/debian/source/format b/debian/source/format index 89ae9db..163aaf8 100644 --- a/debian/source/format +++ b/debian/source/format @@ -1 +1 @@ -3.0 (native) +3.0 (quilt) From bb850ab95dedc364cd44b379e9a0a14b27973f33 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sat, 7 Feb 2015 04:51:45 -0500 Subject: [PATCH 06/16] debian: Remove 'exit 0' in maintainer section scripts to all other debhelpers (if any) to also execute --- debian/qubes-core-agent.postinst | 1 - debian/qubes-core-agent.preinst | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/debian/qubes-core-agent.postinst b/debian/qubes-core-agent.postinst index e82be24..a891ae9 100755 --- a/debian/qubes-core-agent.postinst +++ b/debian/qubes-core-agent.postinst @@ -413,7 +413,6 @@ case "${1}" in ;; esac done - exit 0 ;; *) diff --git a/debian/qubes-core-agent.preinst b/debian/qubes-core-agent.preinst index 2779846..30ee1db 100755 --- a/debian/qubes-core-agent.preinst +++ b/debian/qubes-core-agent.preinst @@ -57,11 +57,10 @@ if [ "$1" = "install" ] ; then } usermod -p '' root usermod -L user - exit 0 fi if [ "$1" = "upgrade" ] ; then - exit 0 + true fi # dh_installdeb will replace this with shell code automatically From fc42561586aca1384b004ad5f3ef1a198617f531 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sat, 7 Feb 2015 06:07:35 -0500 Subject: [PATCH 07/16] Add a qubes group and then add the user 'user' to the group This is to allow permissions to be set on some devices where the user needs less restrictive permissions. /etc/udev/rules.d/99-qubes-misc.rules changes a few xen devices to allow the users in the qubes group access --- archlinux/PKGBUILD.install | 4 ++++ debian/qubes-core-agent.preinst | 30 ++++++++++++++++++------------ rpm_spec/core-vm.spec | 7 ++++++- 3 files changed, 28 insertions(+), 13 deletions(-) diff --git a/archlinux/PKGBUILD.install b/archlinux/PKGBUILD.install index 40be6fa..3b1e8a4 100644 --- a/archlinux/PKGBUILD.install +++ b/archlinux/PKGBUILD.install @@ -209,9 +209,13 @@ pre_install() { # Add qubes core related fstab entries echo "xen /proc/xen xenfs defaults 0 0" >> /etc/fstab + # Add a qubes group + groupadd --force --system --gid 98 qubes + # Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this. # See https://bugs.archlinux.org/task/31831 useradd --shell /bin/zsh --create-home user + usermod --groups qubes user } ## arg 1: the new package version diff --git a/debian/qubes-core-agent.preinst b/debian/qubes-core-agent.preinst index 30ee1db..e99f74a 100755 --- a/debian/qubes-core-agent.preinst +++ b/debian/qubes-core-agent.preinst @@ -34,6 +34,24 @@ set -e # the debian-policy package if [ "$1" = "install" ] ; then + # -------------------------------------------------------------------------- + # Required groups + # -------------------------------------------------------------------------- + groupadd --force --system --gid 98 qubes + groupadd --force --system sudo + + # -------------------------------------------------------------------------- + # User add / modifications + # -------------------------------------------------------------------------- + id -u 'user' >/dev/null 2>&1 || { + useradd --user-group --create-home --shell /bin/bash user + } + id -u 'tinyproxy' >/dev/null 2>&1 || { + useradd --user-group --system -M --home /run/tinyproxy --shell /bin/false tinyproxy + } + usermod -p '' root + usermod -L --groups qubes,sudo user + # -------------------------------------------------------------------------- # Create required directories # -------------------------------------------------------------------------- @@ -45,18 +63,6 @@ if [ "$1" = "install" ] ; then # Remove `mesg` from root/.profile? # -------------------------------------------------------------------------- sed -i -e '/^mesg n/d' /root/.profile - - # -------------------------------------------------------------------------- - # User add / modifications - # -------------------------------------------------------------------------- - id -u 'user' >/dev/null 2>&1 || { - useradd -U -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user - } - id -u 'tinyproxy' >/dev/null 2>&1 || { - useradd -U -r -M --home /run/tinyproxy --shell /bin/false tinyproxy - } - usermod -p '' root - usermod -L user fi if [ "$1" = "upgrade" ] ; then diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index 3584c25..c2cf750 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -111,6 +111,12 @@ for dir in qubes-rpc qrexec misc; do done %pre +# Make sure there is a qubes group +groupadd --force --system --gid 98 qubes +id -u 'user' >/dev/null 2>&1 || { + useradd --user-group --create-home --shell /bin/bash user +} +usermod --groups qubes user if [ "$1" != 1 ] ; then # do this whole %pre thing only when updating for the first time... @@ -122,7 +128,6 @@ if [ -e /etc/fstab ] ; then mv /etc/fstab /var/lib/qubes/fstab.orig fi -adduser --create-home user usermod -p '' root usermod -L user From fe7ba5e9d6db914c887a9bf668bc15ef3b0cac27 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sat, 7 Feb 2015 06:18:13 -0500 Subject: [PATCH 08/16] Remove 'xen.evtchn' udev rule This rule already gets set in linux-utils linux-utils/udev/udev-qubes-misc.rules:KERNEL=="xen/evtchn", MODE="0660", GROUP="qubes" --- misc/udev-qubes-misc.rules | 1 - 1 file changed, 1 deletion(-) diff --git a/misc/udev-qubes-misc.rules b/misc/udev-qubes-misc.rules index cf69b73..9a0c95a 100644 --- a/misc/udev-qubes-misc.rules +++ b/misc/udev-qubes-misc.rules @@ -1,2 +1 @@ SUBSYSTEM=="memory", ACTION=="add", ATTR{state}=="offline", ATTR{state}="online" -KERNEL=="xen/evtchn", MODE="0666" From f1390c1436af1fe15247f351f6d46bd4004bc4a1 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sat, 7 Feb 2015 06:26:51 -0500 Subject: [PATCH 09/16] Set permissions to /proc/xen/privcmd, so a user in qubes group can access --- vm-systemd/qubes-sysinit.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vm-systemd/qubes-sysinit.sh b/vm-systemd/qubes-sysinit.sh index 877447e..ede3b9b 100755 --- a/vm-systemd/qubes-sysinit.sh +++ b/vm-systemd/qubes-sysinit.sh @@ -32,6 +32,10 @@ mkdir -p /var/run/xen-hotplug # Set permissions to /proc/xen/xenbus, so normal user can use qubesdb-read chmod 666 /proc/xen/xenbus +# Set permissions to /proc/xen/privcmd, so a user in qubes group can access +chmod 660 /proc/xen/privcmd +chgrp qubes /proc/xen/privcmd + [ -e /proc/u2mfn ] || modprobe u2mfn # Set permissions to files needed to listen at vchan chmod 666 /proc/u2mfn From 79650f0c4c4455b3a5b89496fe638d773801d7ba Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 10:40:51 -0500 Subject: [PATCH 10/16] debian: Converted debian package to a quilt package to allow patches Applied patch to qrexec Makefile to prevent compile failure on warnings qrexec: Disable all warnings being treated as errors gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2 -c -o qrexec-agent-data.o qrexec-agent-data.c qrexec-agent-data.c: In function 'handle_remote_data': qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing] status = *(unsigned int *)buf; ^ cc1: all warnings being treated as errors : recipe for target 'qrexec-agent-data.o' failed --- Makefile | 4 + debian/README.configuration | 77 +++++++++++++++++++ debian/changelog | 2 +- debian/control | 4 +- ...rexec_disable_all_warnings_as_errors.patch | 19 +++++ debian/patches/series | 1 + debian/rules | 5 +- debian/source/format | 2 +- 8 files changed, 109 insertions(+), 5 deletions(-) create mode 100644 debian/README.configuration create mode 100644 debian/patches/qrexec_disable_all_warnings_as_errors.patch create mode 100644 debian/patches/series diff --git a/Makefile b/Makefile index 4068121..3f68d04 100644 --- a/Makefile +++ b/Makefile @@ -191,6 +191,10 @@ install-common: install -d $(DESTDIR)/home_volatile/user install -d $(DESTDIR)/rw +# Create a quilt orig package so we can build xen in Debian +dist: + tar cvfz "../qubes-core-agent_$(VERSION).orig.tar.gz" --exclude-vcs --exclude=debian . + install-deb: mkdir -p $(DESTDIR)/etc/apt/sources.list.d sed -e "s/@DIST@/`lsb_release -cs`/" misc/qubes-r3.list.in > $(DESTDIR)/etc/apt/sources.list.d/qubes-r3.list diff --git a/debian/README.configuration b/debian/README.configuration new file mode 100644 index 0000000..e36e514 --- /dev/null +++ b/debian/README.configuration @@ -0,0 +1,77 @@ +Debian Packaging Guide +---------------------- +https://www.debian.org/doc/manuals/maint-guide/first.en.html + + +=============================================================================== + Bash.rc +=============================================================================== +# Assume usename 'user' running this, otherwise +# /home/user/.bashrc +cat >>~/.bashrc <<'EOF' +DEBMAIL="user@chroot.local" +DEBFULLNAME="Qubes Builder" +export DEBMAIL DEBFULLNAME + +alias dquilt="quilt --quiltrc=${HOME}/.quiltrc-dpkg" +complete -F _quilt_completion $_quilt_complete_opt dquilt +EOF + + +=============================================================================== + Quilt RC +=============================================================================== +cat >>~/.quiltrc-dpkg <<'EOF' +d=. ; while [ ! -d $d/debian -a `readlink -e $d` != / ]; do d=$d/..; done +if [ -d $d/debian ] && [ -z $QUILT_PATCHES ]; then + # if in Debian packaging tree with unset $QUILT_PATCHES + QUILT_PATCHES="debian/patches" + QUILT_PATCH_OPTS="--reject-format=unified" + QUILT_DIFF_ARGS="-p ab --no-timestamps --no-index --color=auto" + QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index" + QUILT_COLORS="diff_hdr=1;32:diff_add=1;34:diff_rem=1;31:diff_hunk=1;33:diff_ctx=35:diff_cctx=33" + if ! [ -d $d/debian/patches ]; then mkdir $d/debian/patches; fi +fi +EOF + +=============================================================================== + Create a fresh Debian configuration +=============================================================================== +apt-get dh-make + +# Example +$ cd ~/gentoo +$ wget http://example.org/gentoo-0.9.12.tar.gz +$ tar -xvzf gentoo-0.9.12.tar.gz +$ cd gentoo-0.9.12 +$ dh_make -f ../gentoo-0.9.12.tar.gz + + +=============================================================================== + Adding Patches +=============================================================================== +https://www.debian.org/doc/manuals/maint-guide/modify.en.html + +# When anyone (including yourself) provides a patch foo.patch to the source +# later, modifying a 3.0 (quilt) source package is quite simple: +$ dpkg-source -x gentoo_0.9.12.dsc +$ cd gentoo-0.9.12 +$ dquilt import ../foo.patch +$ dquilt push +$ dquilt refresh +$ dquilt header -e +... describe patch + + + +=============================================================================== + Other +=============================================================================== +# To list all dh_ modules... +man -k dh_ + +# To indicate what build-depends are required! +dpkg-depcheck -d ./configure + +# Test build (unsigned) +dpkg-buildpackage -us -uc diff --git a/debian/changelog b/debian/changelog index 5a211fc..90cf085 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -qubes-core-agent (3.0.0) jessie; urgency=medium +qubes-core-agent (3.0.0-1) jessie; urgency=medium [ Marek Marczykowski-Górecki ] * Improve handling of .desktop files diff --git a/debian/control b/debian/control index 6793733..019cf62 100644 --- a/debian/control +++ b/debian/control @@ -2,8 +2,8 @@ Source: qubes-core-agent Section: admin Priority: extra Maintainer: Davíð Steinn Geirsson -Build-Depends: qubes-utils (>= 2.0.17), libvchan-xen-dev, python, debhelper, quilt, libxen-dev, dh-systemd (>= 1.5) -Standards-Version: 3.9.3 +Build-Depends: qubes-utils (>= 2.0.17), libvchan-xen-dev, python, debhelper, quilt, libxen-qubes-vm-dev, dh-systemd (>= 1.5) +Standards-Version: 3.9.5 Homepage: http://www.qubes-os.org Vcs-Git: git://git.qubes-os.org/marmarek/core-agent-linux.git diff --git a/debian/patches/qrexec_disable_all_warnings_as_errors.patch b/debian/patches/qrexec_disable_all_warnings_as_errors.patch new file mode 100644 index 0000000..f339717 --- /dev/null +++ b/debian/patches/qrexec_disable_all_warnings_as_errors.patch @@ -0,0 +1,19 @@ +qrexec: Disable all warnings being treated as errors + +gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2 -c -o qrexec-agent-data.o qrexec-agent-data.c +qrexec-agent-data.c: In function 'handle_remote_data': +qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing] + status = *(unsigned int *)buf; + ^ +cc1: all warnings being treated as errors +: recipe for target 'qrexec-agent-data.o' failed + +--- a/qrexec/Makefile ++++ b/qrexec/Makefile +@@ -1,5 +1,5 @@ + CC=gcc +-CFLAGS+=-I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)` ++CFLAGS+=-I. -g -Wall -Wextra -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)` + LIBS=`pkg-config --libs vchan-$(BACKEND_VMM)` -lqrexec-utils + + all: qrexec-agent qrexec-client-vm diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..05ecef2 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +qrexec_disable_all_warnings_as_errors.patch diff --git a/debian/rules b/debian/rules index ff4db5c..f9b13cf 100755 --- a/debian/rules +++ b/debian/rules @@ -4,10 +4,13 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/default.mk + export DESTDIR=$(shell pwd)/debian/qubes-core-agent %: - dh $@ --with systemd + dh $@ --with systemd --with autotools-dev override_dh_auto_build: make all diff --git a/debian/source/format b/debian/source/format index 89ae9db..163aaf8 100644 --- a/debian/source/format +++ b/debian/source/format @@ -1 +1 @@ -3.0 (native) +3.0 (quilt) From 2274e65a32d5193a688433e5304c65daa7d56b66 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Wed, 11 Feb 2015 08:00:25 -0500 Subject: [PATCH 11/16] debian: Refactor Debian quilt packaging for xen - Use copy-in for debian-quilt package in Makefile.builder instead of hook (to be removed) in Makefile.debian - Remove patches from debian/patches; they are now applied dynamicly from series-debian-vm.conf --- Makefile | 4 --- Makefile.builder | 23 +++++++++++--- debian-quilt | 31 +++++++++++++++++++ debian/patches/.gitignore | 0 debian/patches/series | 1 - debian/rules | 4 +-- ...rexec_disable_all_warnings_as_errors.patch | 19 ++++++++++++ series-debian-vm.conf | 1 + 8 files changed, 70 insertions(+), 13 deletions(-) create mode 100755 debian-quilt create mode 100644 debian/patches/.gitignore delete mode 100644 debian/patches/series create mode 100644 patches.debian/qrexec_disable_all_warnings_as_errors.patch create mode 100644 series-debian-vm.conf diff --git a/Makefile b/Makefile index 3f68d04..4068121 100644 --- a/Makefile +++ b/Makefile @@ -191,10 +191,6 @@ install-common: install -d $(DESTDIR)/home_volatile/user install -d $(DESTDIR)/rw -# Create a quilt orig package so we can build xen in Debian -dist: - tar cvfz "../qubes-core-agent_$(VERSION).orig.tar.gz" --exclude-vcs --exclude=debian . - install-deb: mkdir -p $(DESTDIR)/etc/apt/sources.list.d sed -e "s/@DIST@/`lsb_release -cs`/" misc/qubes-r3.list.in > $(DESTDIR)/etc/apt/sources.list.d/qubes-r3.list diff --git a/Makefile.builder b/Makefile.builder index e21f02c..fea5262 100644 --- a/Makefile.builder +++ b/Makefile.builder @@ -1,7 +1,20 @@ ifeq ($(PACKAGE_SET),vm) -RPM_SPEC_FILES := rpm_spec/core-vm.spec \ - rpm_spec/core-vm-doc.spec \ - rpm_spec/core-vm-kernel-placeholder.spec -ARCH_BUILD_DIRS := archlinux -DEBIAN_BUILD_DIRS := debian + RPM_SPEC_FILES := rpm_spec/core-vm.spec \ + rpm_spec/core-vm-doc.spec \ + rpm_spec/core-vm-kernel-placeholder.spec + + ifneq ($(filter $(DISTRIBUTION), debian qubuntu),) + DEBIAN_BUILD_DIRS := debian + SOURCE_COPY_IN := source-debian-quilt-copy-in + endif + + ARCH_BUILD_DIRS := archlinux endif + +source-debian-quilt-copy-in: VERSION = $(shell cat $(ORIG_SRC)/version) +source-debian-quilt-copy-in: ORIG_FILE = "$(CHROOT_DIR)/$(DIST_SRC)/../qubes-core-agent_$(VERSION).orig.tar.gz" +source-debian-quilt-copy-in: + -$(shell $(ORIG_SRC)/debian-quilt $(ORIG_SRC)/series-debian-vm.conf $(CHROOT_DIR)/$(DIST_SRC)/debian/patches) + tar cvfz $(ORIG_FILE) --exclude-vcs --exclude=debian -C $(CHROOT_DIR)/$(DIST_SRC) . + +# vim: filetype=make diff --git a/debian-quilt b/debian-quilt new file mode 100755 index 0000000..140ffd9 --- /dev/null +++ b/debian-quilt @@ -0,0 +1,31 @@ +#!/bin/bash +# vim: set ts=4 sw=4 sts=4 et : +# +# Given a series.conf file and debian patches directory, patches +# are copied to debian patch directory + +USAGE="${0} " + +set -e +set -o pipefail + +DIR="${0%/*}" +SERIES_CONF="${1}" +PATCH_DIR="${2}" + +if test $# -lt 2 || [ ! -e "${SERIES_CONF}" ] || [ ! -d "${PATCH_DIR}" ] ; then + echo "${USAGE}" >&2 + exit 1 +fi + +# Clear patch series.conf file +rm -f "${PATCH_DIR}/series" +touch "${PATCH_DIR}/series" + +while read patch_file +do + if [ -e "${DIR}/${patch_file}" ]; then + echo -e "${patch_file##*/}" >> "${PATCH_DIR}/series" + cp "${DIR}/${patch_file}" "${PATCH_DIR}" + fi +done < "${SERIES_CONF}" diff --git a/debian/patches/.gitignore b/debian/patches/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/debian/patches/series b/debian/patches/series deleted file mode 100644 index 05ecef2..0000000 --- a/debian/patches/series +++ /dev/null @@ -1 +0,0 @@ -qrexec_disable_all_warnings_as_errors.patch diff --git a/debian/rules b/debian/rules index f9b13cf..7ed1434 100755 --- a/debian/rules +++ b/debian/rules @@ -4,13 +4,11 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 -DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/default.mk - export DESTDIR=$(shell pwd)/debian/qubes-core-agent %: - dh $@ --with systemd --with autotools-dev + dh $@ --with systemd override_dh_auto_build: make all diff --git a/patches.debian/qrexec_disable_all_warnings_as_errors.patch b/patches.debian/qrexec_disable_all_warnings_as_errors.patch new file mode 100644 index 0000000..f339717 --- /dev/null +++ b/patches.debian/qrexec_disable_all_warnings_as_errors.patch @@ -0,0 +1,19 @@ +qrexec: Disable all warnings being treated as errors + +gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2 -c -o qrexec-agent-data.o qrexec-agent-data.c +qrexec-agent-data.c: In function 'handle_remote_data': +qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing] + status = *(unsigned int *)buf; + ^ +cc1: all warnings being treated as errors +: recipe for target 'qrexec-agent-data.o' failed + +--- a/qrexec/Makefile ++++ b/qrexec/Makefile +@@ -1,5 +1,5 @@ + CC=gcc +-CFLAGS+=-I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)` ++CFLAGS+=-I. -g -Wall -Wextra -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)` + LIBS=`pkg-config --libs vchan-$(BACKEND_VMM)` -lqrexec-utils + + all: qrexec-agent qrexec-client-vm diff --git a/series-debian-vm.conf b/series-debian-vm.conf new file mode 100644 index 0000000..66bb7a9 --- /dev/null +++ b/series-debian-vm.conf @@ -0,0 +1 @@ +patches.debian/qrexec_disable_all_warnings_as_errors.patch From 45cbeda244fe4b9af5f40163a5322c509b123cf6 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Thu, 12 Feb 2015 11:27:35 -0500 Subject: [PATCH 12/16] debian: Revert depends back to use libxen-dev --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 019cf62..81b477d 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: qubes-core-agent Section: admin Priority: extra Maintainer: Davíð Steinn Geirsson -Build-Depends: qubes-utils (>= 2.0.17), libvchan-xen-dev, python, debhelper, quilt, libxen-qubes-vm-dev, dh-systemd (>= 1.5) +Build-Depends: qubes-utils (>= 2.0.17), libvchan-xen-dev, python, debhelper, quilt, libxen-dev, dh-systemd (>= 1.5) Standards-Version: 3.9.5 Homepage: http://www.qubes-os.org Vcs-Git: git://git.qubes-os.org/marmarek/core-agent-linux.git From 51c94ccc2bd8ee231035b5d9a357a07ea325b994 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Thu, 12 Feb 2015 11:29:00 -0500 Subject: [PATCH 13/16] debian: Move creation of directories into debian.dirs configuration file --- debian/qubes-core-agent.dirs | 2 ++ debian/qubes-core-agent.preinst | 7 ------- 2 files changed, 2 insertions(+), 7 deletions(-) create mode 100644 debian/qubes-core-agent.dirs diff --git a/debian/qubes-core-agent.dirs b/debian/qubes-core-agent.dirs new file mode 100644 index 0000000..fa73b65 --- /dev/null +++ b/debian/qubes-core-agent.dirs @@ -0,0 +1,2 @@ +var/lib/qubes +lib/modules diff --git a/debian/qubes-core-agent.preinst b/debian/qubes-core-agent.preinst index e99f74a..93e33d1 100755 --- a/debian/qubes-core-agent.preinst +++ b/debian/qubes-core-agent.preinst @@ -52,13 +52,6 @@ if [ "$1" = "install" ] ; then usermod -p '' root usermod -L --groups qubes,sudo user - # -------------------------------------------------------------------------- - # Create required directories - # -------------------------------------------------------------------------- - mkdir -p /var/lib/qubes - mkdir -p /lib/modules - #mkdir -p -m 0700 /var/log/xen # xen-utils-common should do this - # -------------------------------------------------------------------------- # Remove `mesg` from root/.profile? # -------------------------------------------------------------------------- From 9b35bbdcb4291b818c4f1cc95d0e59e8caa7e352 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Thu, 12 Feb 2015 11:29:54 -0500 Subject: [PATCH 14/16] debian: Remove dist target from Makefile as copy-in is now being used --- Makefile | 6 ------ 1 file changed, 6 deletions(-) diff --git a/Makefile b/Makefile index 3f68d04..daa8a1b 100644 --- a/Makefile +++ b/Makefile @@ -73,7 +73,6 @@ install-sysvinit: install -D vm-init.d/qubes-core.modules $(DESTDIR)/etc/sysconfig/modules/qubes-core.modules install -D vm-init.d/qubes-misc.modules $(DESTDIR)/etc/sysconfig/modules/qubes-misc.modules - install-rh: install-systemd install-sysvinit install -D -m 0644 misc/qubes-r3.repo $(DESTDIR)/etc/yum.repos.d/qubes-r3.repo install -d $(DESTDIR)/usr/share/glib-2.0/schemas/ @@ -86,7 +85,6 @@ install-rh: install-systemd install-sysvinit install -m 644 misc/RPM-GPG-KEY-qubes* $(DESTDIR)/etc/pki/rpm-gpg/ install -D -m 644 misc/session-stop-timeout.conf $(DESTDIR)$(LIBDIR)/systemd/system/user@.service.d/90-session-stop-timeout.conf - install -d $(DESTDIR)/etc/yum.conf.d touch $(DESTDIR)/etc/yum.conf.d/qubes-proxy.conf @@ -191,10 +189,6 @@ install-common: install -d $(DESTDIR)/home_volatile/user install -d $(DESTDIR)/rw -# Create a quilt orig package so we can build xen in Debian -dist: - tar cvfz "../qubes-core-agent_$(VERSION).orig.tar.gz" --exclude-vcs --exclude=debian . - install-deb: mkdir -p $(DESTDIR)/etc/apt/sources.list.d sed -e "s/@DIST@/`lsb_release -cs`/" misc/qubes-r3.list.in > $(DESTDIR)/etc/apt/sources.list.d/qubes-r3.list From 197fa604ed0e1edcc079b15fad2fbd276d929566 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Thu, 12 Feb 2015 11:34:13 -0500 Subject: [PATCH 15/16] debian: Remove unneeded patch file and README --- debian/README.configuration | 77 ------------------- ...rexec_disable_all_warnings_as_errors.patch | 19 ----- debian/patches/series | 1 - 3 files changed, 97 deletions(-) delete mode 100644 debian/README.configuration delete mode 100644 debian/patches/qrexec_disable_all_warnings_as_errors.patch delete mode 100644 debian/patches/series diff --git a/debian/README.configuration b/debian/README.configuration deleted file mode 100644 index e36e514..0000000 --- a/debian/README.configuration +++ /dev/null @@ -1,77 +0,0 @@ -Debian Packaging Guide ----------------------- -https://www.debian.org/doc/manuals/maint-guide/first.en.html - - -=============================================================================== - Bash.rc -=============================================================================== -# Assume usename 'user' running this, otherwise -# /home/user/.bashrc -cat >>~/.bashrc <<'EOF' -DEBMAIL="user@chroot.local" -DEBFULLNAME="Qubes Builder" -export DEBMAIL DEBFULLNAME - -alias dquilt="quilt --quiltrc=${HOME}/.quiltrc-dpkg" -complete -F _quilt_completion $_quilt_complete_opt dquilt -EOF - - -=============================================================================== - Quilt RC -=============================================================================== -cat >>~/.quiltrc-dpkg <<'EOF' -d=. ; while [ ! -d $d/debian -a `readlink -e $d` != / ]; do d=$d/..; done -if [ -d $d/debian ] && [ -z $QUILT_PATCHES ]; then - # if in Debian packaging tree with unset $QUILT_PATCHES - QUILT_PATCHES="debian/patches" - QUILT_PATCH_OPTS="--reject-format=unified" - QUILT_DIFF_ARGS="-p ab --no-timestamps --no-index --color=auto" - QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index" - QUILT_COLORS="diff_hdr=1;32:diff_add=1;34:diff_rem=1;31:diff_hunk=1;33:diff_ctx=35:diff_cctx=33" - if ! [ -d $d/debian/patches ]; then mkdir $d/debian/patches; fi -fi -EOF - -=============================================================================== - Create a fresh Debian configuration -=============================================================================== -apt-get dh-make - -# Example -$ cd ~/gentoo -$ wget http://example.org/gentoo-0.9.12.tar.gz -$ tar -xvzf gentoo-0.9.12.tar.gz -$ cd gentoo-0.9.12 -$ dh_make -f ../gentoo-0.9.12.tar.gz - - -=============================================================================== - Adding Patches -=============================================================================== -https://www.debian.org/doc/manuals/maint-guide/modify.en.html - -# When anyone (including yourself) provides a patch foo.patch to the source -# later, modifying a 3.0 (quilt) source package is quite simple: -$ dpkg-source -x gentoo_0.9.12.dsc -$ cd gentoo-0.9.12 -$ dquilt import ../foo.patch -$ dquilt push -$ dquilt refresh -$ dquilt header -e -... describe patch - - - -=============================================================================== - Other -=============================================================================== -# To list all dh_ modules... -man -k dh_ - -# To indicate what build-depends are required! -dpkg-depcheck -d ./configure - -# Test build (unsigned) -dpkg-buildpackage -us -uc diff --git a/debian/patches/qrexec_disable_all_warnings_as_errors.patch b/debian/patches/qrexec_disable_all_warnings_as_errors.patch deleted file mode 100644 index f339717..0000000 --- a/debian/patches/qrexec_disable_all_warnings_as_errors.patch +++ /dev/null @@ -1,19 +0,0 @@ -qrexec: Disable all warnings being treated as errors - -gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2 -c -o qrexec-agent-data.o qrexec-agent-data.c -qrexec-agent-data.c: In function 'handle_remote_data': -qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing] - status = *(unsigned int *)buf; - ^ -cc1: all warnings being treated as errors -: recipe for target 'qrexec-agent-data.o' failed - ---- a/qrexec/Makefile -+++ b/qrexec/Makefile -@@ -1,5 +1,5 @@ - CC=gcc --CFLAGS+=-I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)` -+CFLAGS+=-I. -g -Wall -Wextra -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)` - LIBS=`pkg-config --libs vchan-$(BACKEND_VMM)` -lqrexec-utils - - all: qrexec-agent qrexec-client-vm diff --git a/debian/patches/series b/debian/patches/series deleted file mode 100644 index 05ecef2..0000000 --- a/debian/patches/series +++ /dev/null @@ -1 +0,0 @@ -qrexec_disable_all_warnings_as_errors.patch From 567a045bcdb44e1069c4005bc575ebb0627b466a Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Fri, 13 Feb 2015 15:00:54 -0500 Subject: [PATCH 16/16] Make sure when user is added to qubes group that the group is appended added -a option to usermod. This will prevent other groups from being un-subscribed when qubes group is added --- archlinux/PKGBUILD.install | 2 +- debian/qubes-core-agent.preinst | 2 +- rpm_spec/core-vm.spec | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/archlinux/PKGBUILD.install b/archlinux/PKGBUILD.install index 3b1e8a4..dc95332 100644 --- a/archlinux/PKGBUILD.install +++ b/archlinux/PKGBUILD.install @@ -215,7 +215,7 @@ pre_install() { # Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this. # See https://bugs.archlinux.org/task/31831 useradd --shell /bin/zsh --create-home user - usermod --groups qubes user + usermod -a --groups qubes user } ## arg 1: the new package version diff --git a/debian/qubes-core-agent.preinst b/debian/qubes-core-agent.preinst index 93e33d1..edcea6f 100755 --- a/debian/qubes-core-agent.preinst +++ b/debian/qubes-core-agent.preinst @@ -50,7 +50,7 @@ if [ "$1" = "install" ] ; then useradd --user-group --system -M --home /run/tinyproxy --shell /bin/false tinyproxy } usermod -p '' root - usermod -L --groups qubes,sudo user + usermod -L -a --groups qubes,sudo user # -------------------------------------------------------------------------- # Remove `mesg` from root/.profile? diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index c2cf750..967029c 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -116,7 +116,7 @@ groupadd --force --system --gid 98 qubes id -u 'user' >/dev/null 2>&1 || { useradd --user-group --create-home --shell /bin/bash user } -usermod --groups qubes user +usermod -a --groups qubes user if [ "$1" != 1 ] ; then # do this whole %pre thing only when updating for the first time...