Merge remote-tracking branch 'nrgaway/r3-templates'

2015-02-17 04:58:04 +01:00 · 2015-02-17 04:58:04 +01:00 · f8db065a75
commit f8db065a75
parent e47197569a 923416914d
17 changed files with 101 additions and 27 deletions
--- a/2
+++ b/2
@ -73,7 +73,6 @@ install-sysvinit:
 	install -D vm-init.d/qubes-core.modules $(DESTDIR)/etc/sysconfig/modules/qubes-core.modules
 	install -D vm-init.d/qubes-misc.modules $(DESTDIR)/etc/sysconfig/modules/qubes-misc.modules
 install-rh: install-systemd install-sysvinit
 	install -D -m 0644 misc/qubes-r3.repo $(DESTDIR)/etc/yum.repos.d/qubes-r3.repo
 	install -d $(DESTDIR)/usr/share/glib-2.0/schemas/
@ -86,7 +85,6 @@ install-rh: install-systemd install-sysvinit
 	install -m 644 misc/RPM-GPG-KEY-qubes* $(DESTDIR)/etc/pki/rpm-gpg/
 	install -D -m 644 misc/session-stop-timeout.conf $(DESTDIR)$(LIBDIR)/systemd/system/user@.service.d/90-session-stop-timeout.conf
 	install -d $(DESTDIR)/etc/yum.conf.d
 	touch $(DESTDIR)/etc/yum.conf.d/qubes-proxy.conf
--- a/Makefile.builder
+++ b/Makefile.builder
@ -1,7 +1,20 @@
 ifeq ($(PACKAGE_SET),vm)
-RPM_SPEC_FILES := rpm_spec/core-vm.spec \
+  RPM_SPEC_FILES := rpm_spec/core-vm.spec \
-    rpm_spec/core-vm-doc.spec \
+  rpm_spec/core-vm-doc.spec \
-    rpm_spec/core-vm-kernel-placeholder.spec
+  rpm_spec/core-vm-kernel-placeholder.spec
-ARCH_BUILD_DIRS := archlinux
+
-DEBIAN_BUILD_DIRS := debian
+  ifneq ($(filter $(DISTRIBUTION), debian qubuntu),)
    DEBIAN_BUILD_DIRS := debian
    SOURCE_COPY_IN := source-debian-quilt-copy-in
  endif
  ARCH_BUILD_DIRS := archlinux
 endif
 source-debian-quilt-copy-in: VERSION = $(shell cat $(ORIG_SRC)/version)
 source-debian-quilt-copy-in: ORIG_FILE = "$(CHROOT_DIR)/$(DIST_SRC)/../qubes-core-agent_$(VERSION).orig.tar.gz"
 source-debian-quilt-copy-in:
 	-$(shell $(ORIG_SRC)/debian-quilt $(ORIG_SRC)/series-debian-vm.conf $(CHROOT_DIR)/$(DIST_SRC)/debian/patches)
 	tar cvfz $(ORIG_FILE) --exclude-vcs --exclude=debian -C $(CHROOT_DIR)/$(DIST_SRC) .
 # vim: filetype=make
--- a/archlinux/PKGBUILD.install
+++ b/archlinux/PKGBUILD.install
@ -209,9 +209,13 @@ pre_install() {
  # Add qubes core related fstab entries
  echo "xen	/proc/xen	xenfs	defaults	0 0" >> /etc/fstab
  # Add a qubes group
  groupadd --force --system --gid 98 qubes
  # Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this.
  # See https://bugs.archlinux.org/task/31831
  useradd --shell /bin/zsh --create-home user
  usermod -a --groups qubes user
 }
 ## arg 1:  the new package version
--- a/31
+++ b/31
@ -0,0 +1,31 @@
 #!/bin/bash
 # vim: set ts=4 sw=4 sts=4 et :
 #
 # Given a series.conf file and debian patches directory, patches
 # are copied to debian patch directory
 USAGE="${0} <series.conf> <patchdir>"
 set -e
 set -o pipefail
 DIR="${0%/*}"
 SERIES_CONF="${1}"
 PATCH_DIR="${2}"
 if test $# -lt 2 || [ ! -e "${SERIES_CONF}" ] || [ ! -d "${PATCH_DIR}" ] ; then
 	echo "${USAGE}" >&2
 	exit 1
 fi
 # Clear patch series.conf file
 rm -f "${PATCH_DIR}/series"
 touch "${PATCH_DIR}/series"
 while read patch_file
 do
    if [ -e "${DIR}/${patch_file}" ]; then
        echo -e "${patch_file##*/}" >> "${PATCH_DIR}/series"
        cp "${DIR}/${patch_file}" "${PATCH_DIR}"
    fi
 done < "${SERIES_CONF}"
--- a/debian/changelog
+++ b/debian/changelog
@ -1,4 +1,4 @@
-qubes-core-agent (3.0.0) jessie; urgency=medium
+qubes-core-agent (3.0.0-1) jessie; urgency=medium
  [ Marek Marczykowski-Górecki ]
  * Improve handling of .desktop files
--- a/debian/control
+++ b/debian/control
@ -3,7 +3,7 @@ Section: admin
 Priority: extra
 Maintainer: Davíð Steinn Geirsson <david@dsg.is>
 Build-Depends: qubes-utils (>= 2.0.17), libvchan-xen-dev, python, debhelper, quilt, libxen-dev, dh-systemd (>= 1.5)
-Standards-Version: 3.9.3
+Standards-Version: 3.9.5
 Homepage: http://www.qubes-os.org
 Vcs-Git: git://git.qubes-os.org/marmarek/core-agent-linux.git
--- a/debian/patches/.gitignore
+++ b/debian/patches/.gitignore
--- a/debian/qubes-core-agent.dirs
+++ b/debian/qubes-core-agent.dirs
@ -0,0 +1,2 @@
 var/lib/qubes
 lib/modules
--- a/debian/qubes-core-agent.postinst
+++ b/debian/qubes-core-agent.postinst
@ -413,7 +413,6 @@ case "${1}" in
                    ;;
            esac
        done
        exit 0
        ;;
    *)
--- a/debian/qubes-core-agent.preinst
+++ b/debian/qubes-core-agent.preinst
@ -35,33 +35,31 @@ set -e
 if [ "$1" = "install" ] ; then
    # --------------------------------------------------------------------------
-    # Create required directories
+    # Required groups
    # --------------------------------------------------------------------------
-    mkdir -p /var/lib/qubes
+    groupadd --force --system --gid 98 qubes
-    mkdir -p /lib/modules
+    groupadd --force --system sudo
    #mkdir -p -m 0700 /var/log/xen  # xen-utils-common should do this
    # --------------------------------------------------------------------------
    # Remove `mesg` from root/.profile?
    # --------------------------------------------------------------------------
    sed -i -e '/^mesg n/d' /root/.profile
    # --------------------------------------------------------------------------
    # User add / modifications
    # --------------------------------------------------------------------------
    id -u 'user' >/dev/null 2>&1 || {
-        useradd -U -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
+        useradd --user-group --create-home --shell /bin/bash user
    }
    id -u 'tinyproxy' >/dev/null 2>&1 || {
-        useradd -U -r -M --home /run/tinyproxy --shell /bin/false tinyproxy
+        useradd --user-group --system -M --home /run/tinyproxy --shell /bin/false tinyproxy
    }
    usermod -p '' root
-    usermod -L user
+    usermod -L -a --groups qubes,sudo user
-    exit 0
+
    # --------------------------------------------------------------------------
    # Remove `mesg` from root/.profile?
    # --------------------------------------------------------------------------
    sed -i -e '/^mesg n/d' /root/.profile
 fi
 if [ "$1" = "upgrade" ] ; then
-    exit 0
+    true 
 fi
 # dh_installdeb will replace this with shell code automatically
--- a/debian/rules
+++ b/debian/rules
@ -4,6 +4,7 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 include /usr/share/dpkg/default.mk
 export DESTDIR=$(shell pwd)/debian/qubes-core-agent
 %:
--- a/debian/source/format
+++ b/debian/source/format
@ -1 +1 @@
-3.0 (native)
+3.0 (quilt)
--- a/misc/udev-qubes-misc.rules
+++ b/misc/udev-qubes-misc.rules
@ -1,2 +1 @@
 SUBSYSTEM=="memory", ACTION=="add", ATTR{state}=="offline", ATTR{state}="online"
 KERNEL=="xen/evtchn", MODE="0666"
--- a/patches.debian/qrexec_disable_all_warnings_as_errors.patch
+++ b/patches.debian/qrexec_disable_all_warnings_as_errors.patch
@ -0,0 +1,19 @@
 qrexec: Disable all warnings being treated as errors
 gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2  -c -o qrexec-agent-data.o qrexec-agent-data.c
 qrexec-agent-data.c: In function 'handle_remote_data':
 qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
                 status = *(unsigned int *)buf;
                 ^
 cc1: all warnings being treated as errors
 <builtin>: recipe for target 'qrexec-agent-data.o' failed
 --- a/qrexec/Makefile
 +++ b/qrexec/Makefile
@@ -1,5 +1,5 @@
 CC=gcc
 -CFLAGS+=-I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)`
 +CFLAGS+=-I. -g -Wall -Wextra -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)`
 LIBS=`pkg-config --libs vchan-$(BACKEND_VMM)` -lqrexec-utils
 all: qrexec-agent qrexec-client-vm
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@ -111,6 +111,12 @@ for dir in qubes-rpc qrexec misc; do
 done
 %pre
 # Make sure there is a qubes group
 groupadd --force --system --gid 98 qubes
 id -u 'user' >/dev/null 2>&1 || {
  useradd --user-group --create-home --shell /bin/bash user
 }
 usermod -a --groups qubes user
 if [ "$1" !=  1 ] ; then
 # do this whole %pre thing only when updating for the first time...
@ -122,7 +128,6 @@ if [ -e /etc/fstab ] ; then
 mv /etc/fstab /var/lib/qubes/fstab.orig
 fi
 adduser --create-home user
 usermod -p '' root
 usermod -L user
--- a/series-debian-vm.conf
+++ b/series-debian-vm.conf
@ -0,0 +1 @@
 patches.debian/qrexec_disable_all_warnings_as_errors.patch
--- a/vm-systemd/qubes-sysinit.sh
+++ b/vm-systemd/qubes-sysinit.sh
@ -34,6 +34,10 @@ mkdir -p /var/run/xen-hotplug
 # Set permissions to /proc/xen/xenbus, so normal user can use qubesdb-read
 chmod 666 /proc/xen/xenbus
 # Set permissions to /proc/xen/privcmd, so a user in qubes group can access
 chmod 660 /proc/xen/privcmd
 chgrp qubes /proc/xen/privcmd
 [ -e /proc/u2mfn ] || modprobe u2mfn
 # Set permissions to files needed to listen at vchan
 chmod 666 /proc/u2mfn
`@ -1,2 +1 @@`
	`SUBSYSTEM=="memory", ACTION=="add", ATTR{state}=="offline", ATTR{state}="online"`	`SUBSYSTEM=="memory", ACTION=="add", ATTR{state}=="offline", ATTR{state}="online"`
	`KERNEL=="xen/evtchn", MODE="0666"`
		`@ -0,0 +1 @@`
							`patches.debian/qrexec_disable_all_warnings_as_errors.patch`