Merge remote-tracking branch 'nrgaway/r3-templates'
This commit is contained in:
Marek Marczykowski-Górecki
commit
f8db065a75
2
Makefile
2
Makefile
@ -73,7 +73,6 @@ install-sysvinit:
|
||||
install -D vm-init.d/qubes-core.modules $(DESTDIR)/etc/sysconfig/modules/qubes-core.modules
|
||||
install -D vm-init.d/qubes-misc.modules $(DESTDIR)/etc/sysconfig/modules/qubes-misc.modules
|
||||
|
||||
|
||||
install-rh: install-systemd install-sysvinit
|
||||
install -D -m 0644 misc/qubes-r3.repo $(DESTDIR)/etc/yum.repos.d/qubes-r3.repo
|
||||
install -d $(DESTDIR)/usr/share/glib-2.0/schemas/
|
||||
@ -86,7 +85,6 @@ install-rh: install-systemd install-sysvinit
|
||||
install -m 644 misc/RPM-GPG-KEY-qubes* $(DESTDIR)/etc/pki/rpm-gpg/
|
||||
install -D -m 644 misc/session-stop-timeout.conf $(DESTDIR)$(LIBDIR)/systemd/system/user@.service.d/90-session-stop-timeout.conf
|
||||
|
||||
|
||||
install -d $(DESTDIR)/etc/yum.conf.d
|
||||
touch $(DESTDIR)/etc/yum.conf.d/qubes-proxy.conf
|
||||
|
||||
|
||||
@ -1,7 +1,20 @@
|
||||
ifeq ($(PACKAGE_SET),vm)
|
||||
RPM_SPEC_FILES := rpm_spec/core-vm.spec \
|
||||
RPM_SPEC_FILES := rpm_spec/core-vm.spec \
|
||||
rpm_spec/core-vm-doc.spec \
|
||||
rpm_spec/core-vm-kernel-placeholder.spec
|
||||
ARCH_BUILD_DIRS := archlinux
|
||||
DEBIAN_BUILD_DIRS := debian
|
||||
|
||||
ifneq ($(filter $(DISTRIBUTION), debian qubuntu),)
|
||||
DEBIAN_BUILD_DIRS := debian
|
||||
SOURCE_COPY_IN := source-debian-quilt-copy-in
|
||||
endif
|
||||
|
||||
ARCH_BUILD_DIRS := archlinux
|
||||
endif
|
||||
|
||||
source-debian-quilt-copy-in: VERSION = $(shell cat $(ORIG_SRC)/version)
|
||||
source-debian-quilt-copy-in: ORIG_FILE = "$(CHROOT_DIR)/$(DIST_SRC)/../qubes-core-agent_$(VERSION).orig.tar.gz"
|
||||
source-debian-quilt-copy-in:
|
||||
-$(shell $(ORIG_SRC)/debian-quilt $(ORIG_SRC)/series-debian-vm.conf $(CHROOT_DIR)/$(DIST_SRC)/debian/patches)
|
||||
tar cvfz $(ORIG_FILE) --exclude-vcs --exclude=debian -C $(CHROOT_DIR)/$(DIST_SRC) .
|
||||
|
||||
# vim: filetype=make
|
||||
|
||||
@ -209,9 +209,13 @@ pre_install() {
|
||||
# Add qubes core related fstab entries
|
||||
echo "xen /proc/xen xenfs defaults 0 0" >> /etc/fstab
|
||||
|
||||
# Add a qubes group
|
||||
groupadd --force --system --gid 98 qubes
|
||||
|
||||
# Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this.
|
||||
# See https://bugs.archlinux.org/task/31831
|
||||
useradd --shell /bin/zsh --create-home user
|
||||
usermod -a --groups qubes user
|
||||
}
|
||||
|
||||
## arg 1: the new package version
|
||||
|
||||
31
debian-quilt
Executable file
31
debian-quilt
Executable file
@ -0,0 +1,31 @@
|
||||
#!/bin/bash
|
||||
# vim: set ts=4 sw=4 sts=4 et :
|
||||
#
|
||||
# Given a series.conf file and debian patches directory, patches
|
||||
# are copied to debian patch directory
|
||||
|
||||
USAGE="${0} <series.conf> <patchdir>"
|
||||
|
||||
set -e
|
||||
set -o pipefail
|
||||
|
||||
DIR="${0%/*}"
|
||||
SERIES_CONF="${1}"
|
||||
PATCH_DIR="${2}"
|
||||
|
||||
if test $# -lt 2 || [ ! -e "${SERIES_CONF}" ] || [ ! -d "${PATCH_DIR}" ] ; then
|
||||
echo "${USAGE}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Clear patch series.conf file
|
||||
rm -f "${PATCH_DIR}/series"
|
||||
touch "${PATCH_DIR}/series"
|
||||
|
||||
while read patch_file
|
||||
do
|
||||
if [ -e "${DIR}/${patch_file}" ]; then
|
||||
echo -e "${patch_file##*/}" >> "${PATCH_DIR}/series"
|
||||
cp "${DIR}/${patch_file}" "${PATCH_DIR}"
|
||||
fi
|
||||
done < "${SERIES_CONF}"
|
||||
2
debian/changelog
vendored
2
debian/changelog
vendored
@ -1,4 +1,4 @@
|
||||
qubes-core-agent (3.0.0) jessie; urgency=medium
|
||||
qubes-core-agent (3.0.0-1) jessie; urgency=medium
|
||||
|
||||
[ Marek Marczykowski-Górecki ]
|
||||
* Improve handling of .desktop files
|
||||
|
||||
2
debian/control
vendored
2
debian/control
vendored
@ -3,7 +3,7 @@ Section: admin
|
||||
Priority: extra
|
||||
Maintainer: Davíð Steinn Geirsson <david@dsg.is>
|
||||
Build-Depends: qubes-utils (>= 2.0.17), libvchan-xen-dev, python, debhelper, quilt, libxen-dev, dh-systemd (>= 1.5)
|
||||
Standards-Version: 3.9.3
|
||||
Standards-Version: 3.9.5
|
||||
Homepage: http://www.qubes-os.org
|
||||
Vcs-Git: git://git.qubes-os.org/marmarek/core-agent-linux.git
|
||||
|
||||
|
||||
0
debian/patches/.gitignore
vendored
Normal file
0
debian/patches/.gitignore
vendored
Normal file
2
debian/qubes-core-agent.dirs
vendored
Normal file
2
debian/qubes-core-agent.dirs
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
var/lib/qubes
|
||||
lib/modules
|
||||
1
debian/qubes-core-agent.postinst
vendored
1
debian/qubes-core-agent.postinst
vendored
@ -413,7 +413,6 @@ case "${1}" in
|
||||
;;
|
||||
esac
|
||||
done
|
||||
exit 0
|
||||
;;
|
||||
|
||||
*)
|
||||
|
||||
26
debian/qubes-core-agent.preinst
vendored
26
debian/qubes-core-agent.preinst
vendored
@ -35,33 +35,31 @@ set -e
|
||||
|
||||
if [ "$1" = "install" ] ; then
|
||||
# --------------------------------------------------------------------------
|
||||
# Create required directories
|
||||
# Required groups
|
||||
# --------------------------------------------------------------------------
|
||||
mkdir -p /var/lib/qubes
|
||||
mkdir -p /lib/modules
|
||||
#mkdir -p -m 0700 /var/log/xen # xen-utils-common should do this
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Remove `mesg` from root/.profile?
|
||||
# --------------------------------------------------------------------------
|
||||
sed -i -e '/^mesg n/d' /root/.profile
|
||||
groupadd --force --system --gid 98 qubes
|
||||
groupadd --force --system sudo
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# User add / modifications
|
||||
# --------------------------------------------------------------------------
|
||||
id -u 'user' >/dev/null 2>&1 || {
|
||||
useradd -U -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
|
||||
useradd --user-group --create-home --shell /bin/bash user
|
||||
}
|
||||
id -u 'tinyproxy' >/dev/null 2>&1 || {
|
||||
useradd -U -r -M --home /run/tinyproxy --shell /bin/false tinyproxy
|
||||
useradd --user-group --system -M --home /run/tinyproxy --shell /bin/false tinyproxy
|
||||
}
|
||||
usermod -p '' root
|
||||
usermod -L user
|
||||
exit 0
|
||||
usermod -L -a --groups qubes,sudo user
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Remove `mesg` from root/.profile?
|
||||
# --------------------------------------------------------------------------
|
||||
sed -i -e '/^mesg n/d' /root/.profile
|
||||
fi
|
||||
|
||||
if [ "$1" = "upgrade" ] ; then
|
||||
exit 0
|
||||
true
|
||||
fi
|
||||
|
||||
# dh_installdeb will replace this with shell code automatically
|
||||
|
||||
1
debian/rules
vendored
1
debian/rules
vendored
@ -4,6 +4,7 @@
|
||||
# Uncomment this to turn on verbose mode.
|
||||
#export DH_VERBOSE=1
|
||||
|
||||
include /usr/share/dpkg/default.mk
|
||||
export DESTDIR=$(shell pwd)/debian/qubes-core-agent
|
||||
|
||||
%:
|
||||
|
||||
2
debian/source/format
vendored
2
debian/source/format
vendored
@ -1 +1 @@
|
||||
3.0 (native)
|
||||
3.0 (quilt)
|
||||
|
||||
@ -1,2 +1 @@
|
||||
SUBSYSTEM=="memory", ACTION=="add", ATTR{state}=="offline", ATTR{state}="online"
|
||||
KERNEL=="xen/evtchn", MODE="0666"
|
||||
|
||||
19
patches.debian/qrexec_disable_all_warnings_as_errors.patch
Normal file
19
patches.debian/qrexec_disable_all_warnings_as_errors.patch
Normal file
@ -0,0 +1,19 @@
|
||||
qrexec: Disable all warnings being treated as errors
|
||||
|
||||
gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2 -c -o qrexec-agent-data.o qrexec-agent-data.c
|
||||
qrexec-agent-data.c: In function 'handle_remote_data':
|
||||
qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
|
||||
status = *(unsigned int *)buf;
|
||||
^
|
||||
cc1: all warnings being treated as errors
|
||||
<builtin>: recipe for target 'qrexec-agent-data.o' failed
|
||||
|
||||
--- a/qrexec/Makefile
|
||||
+++ b/qrexec/Makefile
|
||||
@@ -1,5 +1,5 @@
|
||||
CC=gcc
|
||||
-CFLAGS+=-I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)`
|
||||
+CFLAGS+=-I. -g -Wall -Wextra -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)`
|
||||
LIBS=`pkg-config --libs vchan-$(BACKEND_VMM)` -lqrexec-utils
|
||||
|
||||
all: qrexec-agent qrexec-client-vm
|
||||
@ -111,6 +111,12 @@ for dir in qubes-rpc qrexec misc; do
|
||||
done
|
||||
|
||||
%pre
|
||||
# Make sure there is a qubes group
|
||||
groupadd --force --system --gid 98 qubes
|
||||
id -u 'user' >/dev/null 2>&1 || {
|
||||
useradd --user-group --create-home --shell /bin/bash user
|
||||
}
|
||||
usermod -a --groups qubes user
|
||||
|
||||
if [ "$1" != 1 ] ; then
|
||||
# do this whole %pre thing only when updating for the first time...
|
||||
@ -122,7 +128,6 @@ if [ -e /etc/fstab ] ; then
|
||||
mv /etc/fstab /var/lib/qubes/fstab.orig
|
||||
fi
|
||||
|
||||
adduser --create-home user
|
||||
usermod -p '' root
|
||||
usermod -L user
|
||||
|
||||
|
||||
1
series-debian-vm.conf
Normal file
1
series-debian-vm.conf
Normal file
@ -0,0 +1 @@
|
||||
patches.debian/qrexec_disable_all_warnings_as_errors.patch
|
||||
@ -34,6 +34,10 @@ mkdir -p /var/run/xen-hotplug
|
||||
# Set permissions to /proc/xen/xenbus, so normal user can use qubesdb-read
|
||||
chmod 666 /proc/xen/xenbus
|
||||
|
||||
# Set permissions to /proc/xen/privcmd, so a user in qubes group can access
|
||||
chmod 660 /proc/xen/privcmd
|
||||
chgrp qubes /proc/xen/privcmd
|
||||
|
||||
[ -e /proc/u2mfn ] || modprobe u2mfn
|
||||
# Set permissions to files needed to listen at vchan
|
||||
chmod 666 /proc/u2mfn
|
||||
|
||||
Loading…
Reference in New Issue
Block a user