Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of https://github.com/marmarek/qubes-core-agent-linux

Browse Source 
Conflicts:
	archlinux/PKGBUILD.install
This commit is contained in:
Olivier MEDOC 2015-10-18 10:56:18 +02:00
commit fcee020cf5
36 changed files with 89 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
archlinux/PKGBUILD
View File

@ -68,7 +68,7 @@ done
package() { package() {
# Note: Archlinux removed use of directory such as /sbin /bin /usr/sbin (https://mailman.archlinux.org/pipermail/arch-dev-public/2012-March/022625.html) # Note: Archlinux removed use of directory such as /sbin /bin /usr/sbin (https://mailman.archlinux.org/pipermail/arch-dev-public/2012-March/022625.html)
(cd qrexec; make install DESTDIR=$pkgdir SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib) (cd qrexec; make install DESTDIR=$pkgdir SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib)
make install-vm DESTDIR=$pkgdir SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib DROPIN_DIR=usr/lib/systemd/system DIST=archlinux make install-vm DESTDIR=$pkgdir SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib DROPIN_DIR=usr/lib/systemd/system DIST=archlinux

31
archlinux/PKGBUILD.install
View File

@ -1,5 +1,4 @@
########################### ###########################
## Pre-Install functions ## ## Pre-Install functions ##
########################### ###########################
@ -29,7 +28,7 @@ pre_install() {
mkdir -p /var/lib/qubes mkdir -p /var/lib/qubes
# Backup fstab / But use archlinux defaults (cp instead of mv) # Backup fstab / But use archlinux defaults (cp instead of mv)
if [ -e /etc/fstab ] ; then if [ -e /etc/fstab ] ; then
cp /etc/fstab /var/lib/qubes/fstab.orig cp /etc/fstab /var/lib/qubes/fstab.orig
fi fi
@ -71,7 +70,6 @@ configure_selinux() {
# sed -e s/^SELINUX=.*$/SELINUX=disabled/ -i /etc/selinux/config # sed -e s/^SELINUX=.*$/SELINUX=disabled/ -i /etc/selinux/config
# setenforce 0 2>/dev/null # setenforce 0 2>/dev/null
} }
############################ ############################
@ -83,7 +81,7 @@ update_qubesconfig() {
# Remove ip_forward setting from sysctl, so NM will not reset it # Remove ip_forward setting from sysctl, so NM will not reset it
# Archlinux now use sysctl.d/ instead of sysctl.conf # Archlinux now use sysctl.d/ instead of sysctl.conf
#sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf #sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf
# Remove old firmware updates link # Remove old firmware updates link
if [ -L /lib/firmware/updates ]; then if [ -L /lib/firmware/updates ]; then
rm -f /lib/firmware/updates rm -f /lib/firmware/updates
@ -102,7 +100,7 @@ update_qubesconfig() {
# Location of files which contains list of protected files # Location of files which contains list of protected files
mkdir -p /etc/qubes/protected-files.d mkdir -p /etc/qubes/protected-files.d
PROTECTED_FILE_LIST='/etc/qubes/protected-files.d' PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
# qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content # qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content
if ! grep -rq "^/etc/hosts$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then if ! grep -rq "^/etc/hosts$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
if ! grep -q localhost /etc/hosts; then if ! grep -q localhost /etc/hosts; then
@ -112,7 +110,7 @@ update_qubesconfig() {
EOF EOF
fi fi
fi fi
# ensure that hostname resolves to 127.0.0.1 resp. ::1 and that /etc/hosts is # ensure that hostname resolves to 127.0.0.1 resp. ::1 and that /etc/hosts is
# in the form expected by qubes-sysinit.sh # in the form expected by qubes-sysinit.sh
if ! grep -rq "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then if ! grep -rq "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
@ -149,7 +147,7 @@ PRESET_FAILED=0
if [ $1 -eq 1 ]; then if [ $1 -eq 1 ]; then
systemctl --no-reload preset-all > /dev/null 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1 systemctl --no-reload preset-all > /dev/null 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1
else else
services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-home" services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs"
services="$services qubes-netwatcher qubes-network qubes-sysinit" services="$services qubes-netwatcher qubes-network qubes-sysinit"
services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent" services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent"
services="$services qubes-random-seed" services="$services qubes-random-seed"
@ -199,7 +197,7 @@ update_finalize() {
sed '/session\t\trequired\tpam_unix.so/asession\t\tinclude\t\tsystem-login' -i /etc/pam.d/su sed '/session\t\trequired\tpam_unix.so/asession\t\tinclude\t\tsystem-login' -i /etc/pam.d/su
cp /etc/pam.d/su /etc/pam.d/su-l cp /etc/pam.d/su /etc/pam.d/su-l
fi fi
# Archlinux specific: ensure tty1 is enabled # Archlinux specific: ensure tty1 is enabled
rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
systemctl enable getty\@tty1.service systemctl enable getty\@tty1.service
@ -227,15 +225,15 @@ post_install() {
if [ $(basename $f) == "xen-backend.rules" ] ; then if [ $(basename $f) == "xen-backend.rules" ] ; then
continue continue
fi fi
if [ $(basename $f) == "50-qubes-misc.rules" ] ; then if [ $(basename $f) == "50-qubes-misc.rules" ] ; then
continue continue
fi fi
if echo $f | grep -q qubes; then if echo $f | grep -q qubes; then
continue continue
fi fi
mv $f /var/lib/qubes/removed-udev-scripts/ mv $f /var/lib/qubes/removed-udev-scripts/
done done
@ -252,8 +250,6 @@ post_install() {
} }
## arg 1: the new package version ## arg 1: the new package version
## arg 2: the old package version ## arg 2: the old package version
post_upgrade() { post_upgrade() {
@ -263,13 +259,10 @@ post_upgrade() {
configure_notification-daemon configure_notification-daemon
configure_selinux configure_selinux
configure_systemd 1
update_finalize update_finalize
/usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas &> /dev/null || : /usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas &> /dev/null || :
} }
###################### ######################
@ -299,12 +292,8 @@ post_remove() {
rm /lib/firmware/updates rm /lib/firmware/updates
fi fi
rm -rf /var/lib/qubes/xdg for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-home qubes-netwatcher qubes-network qubes-qrexec-agent; do
systemctl disable $srv.service systemctl disable $srv.service
done done
} }

4
debian/qubes-core-agent.postinst vendored
View File

@ -100,7 +100,7 @@ case "${1}" in
# Systemd preload-all # Systemd preload-all
systemdPreload systemdPreload
# Maybe install overridden serial.conf init script # Maybe install overridden serial.conf init script
installSerialConf installSerialConf
fi fi
@ -150,7 +150,7 @@ case "${1}" in
/usr/lib/qubes/qubes-trigger-sync-appmenus.sh || true /usr/lib/qubes/qubes-trigger-sync-appmenus.sh || true
;; ;;
# Install overridden serial.conf init script # Install overridden serial.conf init script
/etc/init/serial.conf) /etc/init/serial.conf)
installSerialConf installSerialConf
;; ;;

2
debian/qubes-core-agent.postrm vendored
View File

@ -22,7 +22,7 @@ set -e
# #
# Called when the old postrm upgrade action fails. The new package will be # Called when the old postrm upgrade action fails. The new package will be
# unpacked, but only essential packages and pre-dependencies can be relied on. # unpacked, but only essential packages and pre-dependencies can be relied on.
# Pre-dependencies will either be configured or will be "Unpacked" or # Pre-dependencies will either be configured or will be "Unpacked" or
# "Half-Configured" but previously had been configured and was never removed. # "Half-Configured" but previously had been configured and was never removed.
# #
# * <new-postrm> 'abort-install' # * <new-postrm> 'abort-install'

10
debian/qubes-core-agent.preinst vendored
View File

@ -10,10 +10,10 @@ set -e
# * <new-preinst> 'install' <old-version> # * <new-preinst> 'install' <old-version>
# * <new-preinst> 'upgrade' <old-version> # * <new-preinst> 'upgrade' <old-version>
# #
# The package will not yet be unpacked, so the preinst script cannot rely # The package will not yet be unpacked, so the preinst script cannot rely
# on any files included in its package. Only essential packages and # on any files included in its package. Only essential packages and
# pre-dependencies (Pre-Depends) may be assumed to be available. # pre-dependencies (Pre-Depends) may be assumed to be available.
# Pre-dependencies will have been configured at least once, but at the time the # Pre-dependencies will have been configured at least once, but at the time the
# preinst is called they may only be in an "Unpacked" or "Half-Configured" state # preinst is called they may only be in an "Unpacked" or "Half-Configured" state
# if a previous version of the pre-dependency was completely configured and has # if a previous version of the pre-dependency was completely configured and has
# not been removed since then. # not been removed since then.
@ -26,7 +26,7 @@ set -e
# be partly from the new version or partly missing, so the script cannot rely # be partly from the new version or partly missing, so the script cannot rely
# on files included in the package. Package dependencies may not be available. # on files included in the package. Package dependencies may not be available.
# Pre-dependencies will be at least "Unpacked" following the same rules as # Pre-dependencies will be at least "Unpacked" following the same rules as
# above, except they may be only "Half-Installed" if an upgrade of the # above, except they may be only "Half-Installed" if an upgrade of the
# pre-dependency failed.[46] # pre-dependency failed.[46]
# #
# For details, see http://www.debian.org/doc/debian-policy/ or # For details, see http://www.debian.org/doc/debian-policy/ or

10
debian/qubes-core-agent.prerm vendored
View File

@ -9,14 +9,14 @@ set -e
# * <prerm> 'remove' # * <prerm> 'remove'
# * <old-prerm> 'upgrade' <new-version> # * <old-prerm> 'upgrade' <new-version>
# * <conflictor's-prerm> 'remove' 'in-favour' <package> <new-version> # * <conflictor's-prerm> 'remove' 'in-favour' <package> <new-version>
# * <deconfigured's-prerm> 'deconfigure' 'in-favour' <package-being-installed> # * <deconfigured's-prerm> 'deconfigure' 'in-favour' <package-being-installed>
# <version> [removing conflicting-package version] # <version> [removing conflicting-package version]
# #
# The package whose prerm is being called will be at least "Half-Installed". # The package whose prerm is being called will be at least "Half-Installed".
# All package dependencies will at least be "Half-Installed" and will have # All package dependencies will at least be "Half-Installed" and will have
# previously been configured and not removed. If there was no error, all # previously been configured and not removed. If there was no error, all
# dependencies will at least be "Unpacked", but these actions may be called in # dependencies will at least be "Unpacked", but these actions may be called in
# various error states where dependencies are only "Half-Installed" due to a # various error states where dependencies are only "Half-Installed" due to a
# partial upgrade. # partial upgrade.
# #
# * <new-prerm> 'failed-upgrade' <old-version> # * <new-prerm> 'failed-upgrade' <old-version>

2
doc/Makefile
View File

@ -21,7 +21,7 @@ install: manpages
gzip -f $< gzip -f $<
manpages: $(QVM_DOCS) $(QUBES_DOCS) $(VM_DOCS) manpages: $(QVM_DOCS) $(QUBES_DOCS) $(VM_DOCS)
preview: $(rst) preview: $(rst)
pandoc -s -f rst -t man $(rst) | groff -mandoc -Tlatin1 | less -R pandoc -s -f rst -t man $(rst) | groff -mandoc -Tlatin1 | less -R

2
misc/block-snapshot
View File

@ -264,7 +264,7 @@ case "$command" in
rm $HOTPLUG_STORE-* rm $HOTPLUG_STORE-*
fi fi
release_lock "block" release_lock "block"
exit 0 exit 0
;; ;;
esac esac

12
misc/xorg-preload-apps.conf
View File

@ -1,11 +1,11 @@
Section "ServerLayout" Section "ServerLayout"
Identifier "Default Layout" Identifier "Default Layout"
Screen 0 "Screen0" 0 0 Screen 0 "Screen0" 0 0
EndSection EndSection
Section "Device" Section "Device"
Identifier "Videocard0" Identifier "Videocard0"
Driver "dummy" Driver "dummy"
VideoRam 4001 VideoRam 4001
EndSection EndSection
@ -13,7 +13,7 @@ Section "Monitor"
Identifier "Monitor0" Identifier "Monitor0"
HorizSync 49-50 HorizSync 49-50
VertRefresh 62-63 VertRefresh 62-63
Modeline "QB1280x800" 64 1280 1281 1282 1283 800 801 802 803 Modeline "QB1280x800" 64 1280 1281 1282 1283 800 801 802 803
EndSection EndSection
Section "Screen" Section "Screen"
@ -23,8 +23,8 @@ Section "Screen"
DefaultDepth 24 DefaultDepth 24
SubSection "Display" SubSection "Display"
Viewport 0 0 Viewport 0 0
Depth 24 Depth 24
Modes "QB1280x800" Modes "QB1280x800"
EndSubSection EndSubSection
EndSection EndSection

2
misc/yum-qubes-hooks.py
View File

@ -27,7 +27,7 @@ import subprocess
requires_api_version = '2.4' requires_api_version = '2.4'
plugin_type = (TYPE_CORE,) plugin_type = (TYPE_CORE,)
def posttrans_hook(conduit): def posttrans_hook(conduit):
# Get all updates available _before_ this transaction # Get all updates available _before_ this transaction
pkg_list = conduit._base.doPackageLists(pkgnarrow='updates') pkg_list = conduit._base.doPackageLists(pkgnarrow='updates')

2
network/filter-updates
View File

@ -8,7 +8,7 @@
^http://mirrors\..*/mirrorlist\? ^http://mirrors\..*/mirrorlist\?
# Debian filters # Debian filters
# #
# Whonix uses sourceforge to host its repos and url can end in: # Whonix uses sourceforge to host its repos and url can end in:
# '/' or '/download' or '?.*' # '/' or '/download' or '?.*'
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------

2
network/qubes-firewall
View File

@ -45,7 +45,7 @@ while true; do
echo "Failed applying rules for $i: $ERRS" >&2 echo "Failed applying rules for $i: $ERRS" >&2
OUT="$OUT$ERRS" OUT="$OUT$ERRS"
fi fi
done done
qubesdb-write $XENSTORE_ERROR "$OUT" qubesdb-write $XENSTORE_ERROR "$OUT"
if [ -n "$OUT" ]; then if [ -n "$OUT" ]; then
DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($(hostname))" "$OUT" || : DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($(hostname))" "$OUT" || :

2
network/qubes-iptables
View File

@ -41,7 +41,7 @@ start() {
else else
echo FAIL; return 1 echo FAIL; return 1
fi fi
return $ret return $ret
} }

2
network/setup-ip
View File

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# setup-ip is potentially invoked before qubes-sysinit.sh is done, therefore # setup-ip is potentially invoked before qubes-sysinit.sh is done, therefore
# we perform our qubesdb reads here instead of relying on qvm-service # we perform our qubesdb reads here instead of relying on qvm-service
# files under /var/run/qubes-service/ # files under /var/run/qubes-service/
disablegw=`qubesdb-read /qubes-service/disable-default-route 2> /dev/null` disablegw=`qubesdb-read /qubes-service/disable-default-route 2> /dev/null`
disabledns=`qubesdb-read /qubes-service/disable-dns-server 2> /dev/null` disabledns=`qubesdb-read /qubes-service/disable-dns-server 2> /dev/null`

38
network/vif-route-qubes
View File

@ -1,24 +1,24 @@
#!/bin/bash #!/bin/bash
#============================================================================ #============================================================================
# /etc/xen/vif-route-qubes # /etc/xen/vif-route-qubes
# #
# Script for configuring a vif in routed mode. # Script for configuring a vif in routed mode.
# The hotplugging system will call this script if it is specified either in # The hotplugging system will call this script if it is specified either in
# the device configuration given to Xend, or the default Xend configuration # the device configuration given to Xend, or the default Xend configuration
# in /etc/xen/xend-config.sxp. If the script is specified in neither of those # in /etc/xen/xend-config.sxp. If the script is specified in neither of those
# places, then vif-bridge is the default. # places, then vif-bridge is the default.
# #
# Usage: # Usage:
# vif-route (add|remove|online|offline) # vif-route (add|remove|online|offline)
# #
# Environment vars: # Environment vars:
# vif vif interface name (required). # vif vif interface name (required).
# XENBUS_PATH path to this device's details in the XenStore (required). # XENBUS_PATH path to this device's details in the XenStore (required).
# #
# Read from the store: # Read from the store:
# ip list of IP networks for the vif, space-separated (default given in # ip list of IP networks for the vif, space-separated (default given in
# this script). # this script).
#============================================================================ #============================================================================
dir=$(dirname "$0") dir=$(dirname "$0")
. "$dir/vif-common.sh" . "$dir/vif-common.sh"

4
qubes-rpc/prepare-suspend
View File

@ -13,12 +13,12 @@ fi
if [ x"$action" = x"suspend" ]; then if [ x"$action" = x"suspend" ]; then
dbus-send --system --print-reply \ dbus-send --system --print-reply \
--dest=org.freedesktop.NetworkManager \ --dest=org.freedesktop.NetworkManager \
/org/freedesktop/NetworkManager \ /org/freedesktop/NetworkManager \
org.freedesktop.NetworkManager.Sleep boolean:true || \ org.freedesktop.NetworkManager.Sleep boolean:true || \
service NetworkManager stop service NetworkManager stop
# Force interfaces down, just in case when NM didn't done it # Force interfaces down, just in case when NM didn't done it
for if in `ls /sys/class/net|grep -v "lo\|vif"`; do for if in `ls /sys/class/net|grep -v "lo\|vif"`; do
if [ "`cat /sys/class/net/$if/device/devtype 2>/dev/null`" = "vif" ]; then if [ "`cat /sys/class/net/$if/device/devtype 2>/dev/null`" = "vif" ]; then
continue continue
fi fi

4
qubes-rpc/qfile-unpacker.c
View File

@ -52,10 +52,10 @@ int main(int argc __attribute((__unused__)), char ** argv __attribute__((__unuse
} }
mkdir(INCOMING_DIR_ROOT, 0700); mkdir(INCOMING_DIR_ROOT, 0700);
if (asprintf(&incoming_dir, "%s/%s", INCOMING_DIR_ROOT, remote_domain) < 0) if (asprintf(&incoming_dir, "%s/%s", INCOMING_DIR_ROOT, remote_domain) < 0)
gui_fatal("Error allocating memory"); gui_fatal("Error allocating memory");
mkdir(incoming_dir, 0700); mkdir(incoming_dir, 0700);
if (chdir(incoming_dir)) if (chdir(incoming_dir))
gui_fatal("Error chdir to %s", incoming_dir); gui_fatal("Error chdir to %s", incoming_dir);
if (mount(".", ".", NULL, MS_BIND | MS_NODEV | MS_NOEXEC | MS_NOSUID, NULL) < 0) if (mount(".", ".", NULL, MS_BIND | MS_NODEV | MS_NOEXEC | MS_NOSUID, NULL) < 0)
gui_fatal("Failed to mount a directory %s", incoming_dir); gui_fatal("Failed to mount a directory %s", incoming_dir);

4
qubes-rpc/qopen-in-vm.c
View File

@ -100,8 +100,8 @@ void talk_to_daemon(const char *fname)
int main(int argc, char ** argv) int main(int argc, char ** argv)
{ {
signal(SIGPIPE, SIG_IGN); signal(SIGPIPE, SIG_IGN);
if (argc!=2) if (argc!=2)
gui_fatal("OpenInVM - no file given?"); gui_fatal("OpenInVM - no file given?");
talk_to_daemon(argv[1]); talk_to_daemon(argv[1]);
return 0; return 0;
} }

2
qubes-rpc/qubes.Backup
View File

@ -1,6 +1,6 @@
echo Starting Backupcopy echo Starting Backupcopy
read args read args
echo Arguments: $args echo Arguments: $args
if [ -d "$args" ] ; then if [ -d "$args" ] ; then
echo "Performing backup to directory $args" echo "Performing backup to directory $args"
TARGET="$args/qubes-backup-`date +'%Y-%m-%dT%H%M%S'`" TARGET="$args/qubes-backup-`date +'%Y-%m-%dT%H%M%S'`"

4
qubes-rpc/qvm-copy-to-vm.kde
View File

@ -30,7 +30,7 @@ qdbus $REF org.freedesktop.DBus.Properties.Set "" maximum $SIZE
export PROGRESS_TYPE=gui export PROGRESS_TYPE=gui
/usr/lib/qubes/qrexec-client-vm $VM qubes.Filecopy \ /usr/lib/qubes/qrexec-client-vm $VM qubes.Filecopy \
/usr/lib/qubes/qfile-agent "$@" | /usr/lib/qubes/qfile-agent "$@" |
(while read sentsize ; do (while read sentsize ; do
CURRSIZE=$(($sentsize/1024)) CURRSIZE=$(($sentsize/1024))
qdbus $REF org.freedesktop.DBus.Properties.Set "" value $CURRSIZE qdbus $REF org.freedesktop.DBus.Properties.Set "" value $CURRSIZE
@ -38,6 +38,6 @@ done)
qdbus $REF close qdbus $REF close
# we do not want a dozen error messages, do we # we do not want a dozen error messages, do we
# if ! [ "x"$agentstatus = xDONE ] ; then # if ! [ "x"$agentstatus = xDONE ] ; then
# kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details' # kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details'
# fi # fi

4
qubes-rpc/qvm-move-to-vm.kde
View File

@ -31,7 +31,7 @@ export PROGRESS_TYPE=gui
set -o pipefail set -o pipefail
/usr/lib/qubes/qrexec-client-vm $VM qubes.Filecopy \ /usr/lib/qubes/qrexec-client-vm $VM qubes.Filecopy \
/usr/lib/qubes/qfile-agent "$@" | /usr/lib/qubes/qfile-agent "$@" |
(while read sentsize ; do (while read sentsize ; do
CURRSIZE=$(($sentsize/1024)) CURRSIZE=$(($sentsize/1024))
qdbus $REF org.freedesktop.DBus.Properties.Set "" value $CURRSIZE qdbus $REF org.freedesktop.DBus.Properties.Set "" value $CURRSIZE
@ -42,6 +42,6 @@ fi
qdbus $REF close qdbus $REF close
# we do not want a dozen error messages, do we # we do not want a dozen error messages, do we
# if ! [ "x"$agentstatus = xDONE ] ; then # if ! [ "x"$agentstatus = xDONE ] ; then
# kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details' # kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details'
# fi # fi

2
qubes-rpc/qvm-mru-entry
View File

@ -42,7 +42,7 @@ class QubesMruDialog(gtk.Dialog):
# does not work as advertised # does not work as advertised
# using key-press-event instead # using key-press-event instead
#self.set_default_response(gtk.RESPONSE_OK) #self.set_default_response(gtk.RESPONSE_OK)
self.connect("destroy", lambda *w: gtk.main_quit()) self.connect("destroy", lambda *w: gtk.main_quit())
self.connect("response", self.response_callback) self.connect("response", self.response_callback)
self.connect("key-press-event", self.key_press_callback) self.connect("key-press-event", self.key_press_callback)

2
qubes-rpc/qvm-open-in-dvm
View File

@ -20,7 +20,7 @@
# #
# #
if ! [ $# = 1 ] ; then if ! [ $# = 1 ] ; then
echo "Usage: $0 filename" echo "Usage: $0 filename"
exit 1 exit 1
fi fi

2
qubes-rpc/qvm-open-in-vm
View File

@ -20,7 +20,7 @@
# #
# #
if ! [ $# = 2 ] ; then if ! [ $# = 2 ] ; then
echo "Usage: $0 vmname filename" echo "Usage: $0 vmname filename"
exit 1 exit 1
fi fi

2
qubes-rpc/qvm-run
View File

@ -20,7 +20,7 @@
# #
# #
if [ $# -lt 2 ] ; then if [ $# -lt 2 ] ; then
cat <<USAGE cat <<USAGE
Usage: $0 vmname command arguments Usage: $0 vmname command arguments
Executes a command in another VM using the qubes.VMShell RPC service. The Executes a command in another VM using the qubes.VMShell RPC service. The

8
qubes-rpc/tar2qfile.c
View File

@ -709,7 +709,7 @@ ustar_rd (int fd, struct file_header * untrusted_hdr, char *buf, struct stat * s
char * last_token = strtok(dirbuf,"/"); char * last_token = strtok(dirbuf,"/");
char * token = strtok(NULL, "/"); char * token = strtok(NULL, "/");
while (token != NULL) { while (token != NULL) {
#ifdef DEBUG #ifdef DEBUG
fprintf(stderr,"Found directory %s (last:%s)\n",token,last_token); fprintf(stderr,"Found directory %s (last:%s)\n",token,last_token);
#endif #endif
@ -727,7 +727,7 @@ ustar_rd (int fd, struct file_header * untrusted_hdr, char *buf, struct stat * s
if (path == NULL) if (path == NULL)
return MEMORY_ALLOC_FAILED; return MEMORY_ALLOC_FAILED;
path[pathsize] = '/'; path[pathsize] = '/';
strncpy(path+pathsize+1, last_token, strlen(last_token)); strncpy(path+pathsize+1, last_token, strlen(last_token));
path[pathsize+strlen(last_token)+1] = '\0'; path[pathsize+strlen(last_token)+1] = '\0';
} }
@ -773,7 +773,7 @@ ustar_rd (int fd, struct file_header * untrusted_hdr, char *buf, struct stat * s
dir_header.mode = untrusted_hdr->mode | S_IFDIR; dir_header.mode = untrusted_hdr->mode | S_IFDIR;
dir_header.filelen = 0; dir_header.filelen = 0;
#ifdef DEBUG #ifdef DEBUG
fprintf(stderr,"Sending directory headers for %s\n",path); fprintf(stderr,"Sending directory headers for %s\n",path);
#endif #endif
@ -785,7 +785,7 @@ ustar_rd (int fd, struct file_header * untrusted_hdr, char *buf, struct stat * s
} }
free(path); free(path);
free(dirbuf); free(dirbuf);
#ifdef DEBUG #ifdef DEBUG
fprintf(stderr,"End of directory checks\n"); fprintf(stderr,"End of directory checks\n");
#endif #endif

2
qubes-rpc/vm-file-editor.c
View File

@ -194,7 +194,7 @@ main()
case 0: case 0:
null_fd = open("/dev/null", O_RDONLY); null_fd = open("/dev/null", O_RDONLY);
dup2(null_fd, 0); dup2(null_fd, 0);
close(null_fd); close(null_fd);
env_file = fopen("/tmp/qubes-session-env", "r"); env_file = fopen("/tmp/qubes-session-env", "r");
while(fscanf(env_file, "%1024[^=]=%4096[^\n]\n", var, val) == 2) { while(fscanf(env_file, "%1024[^=]=%4096[^\n]\n", var, val) == 2) {

5
qubes-rpc/wrap-in-html-if-url.sh
View File

@ -3,7 +3,7 @@ wrap_in_html_if_url()
case "$1" in case "$1" in
*://*) *://*)
FILE_ARGUMENT=$(mktemp) FILE_ARGUMENT=$(mktemp)
echo -n '<html><meta HTTP-EQUIV="REFRESH" content="0; url=' > $FILE_ARGUMENT echo -n '<html><meta HTTP-EQUIV="REFRESH" content="0; url=' > $FILE_ARGUMENT
echo -n "$1" >> $FILE_ARGUMENT echo -n "$1" >> $FILE_ARGUMENT
echo '"></html>' >> $FILE_ARGUMENT echo '"></html>' >> $FILE_ARGUMENT
@ -13,5 +13,4 @@ wrap_in_html_if_url()
;; ;;
esac esac
} }

10
rpm_spec/core-vm.spec
View File

@ -111,7 +111,7 @@ exit 0
fi fi
mkdir -p /var/lib/qubes mkdir -p /var/lib/qubes
if [ -e /etc/fstab ] ; then if [ -e /etc/fstab ] ; then
mv /etc/fstab /var/lib/qubes/fstab.orig mv /etc/fstab /var/lib/qubes/fstab.orig
fi fi
@ -486,7 +486,7 @@ The Qubes core startup configuration for SystemD init.
/lib/systemd/system/qubes-dvm.service /lib/systemd/system/qubes-dvm.service
/lib/systemd/system/qubes-misc-post.service /lib/systemd/system/qubes-misc-post.service
/lib/systemd/system/qubes-firewall.service /lib/systemd/system/qubes-firewall.service
/lib/systemd/system/qubes-mount-home.service /lib/systemd/system/qubes-mount-dirs.service
/lib/systemd/system/qubes-netwatcher.service /lib/systemd/system/qubes-netwatcher.service
/lib/systemd/system/qubes-network.service /lib/systemd/system/qubes-network.service
/lib/systemd/system/qubes-iptables.service /lib/systemd/system/qubes-iptables.service
@ -505,7 +505,7 @@ The Qubes core startup configuration for SystemD init.
/usr/lib/qubes/init/qubes-iptables /usr/lib/qubes/init/qubes-iptables
/usr/lib/qubes/init/misc-post.sh /usr/lib/qubes/init/misc-post.sh
/usr/lib/qubes/init/misc-post-stop.sh /usr/lib/qubes/init/misc-post-stop.sh
/usr/lib/qubes/init/mount-home.sh /usr/lib/qubes/init/mount-dirs.sh
/usr/lib/qubes/init/qubes-random-seed.sh /usr/lib/qubes/init/qubes-random-seed.sh
/usr/lib/qubes/init/qubes-sysinit.sh /usr/lib/qubes/init/qubes-sysinit.sh
/lib/systemd/system/chronyd.service.d/30_qubes.conf /lib/systemd/system/chronyd.service.d/30_qubes.conf
@ -526,7 +526,7 @@ PRESET_FAILED=0
if [ $1 -eq 1 ]; then if [ $1 -eq 1 ]; then
/bin/systemctl --no-reload preset-all > /dev/null 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1 /bin/systemctl --no-reload preset-all > /dev/null 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1
else else
services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-home" services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs"
services="$services qubes-netwatcher qubes-network qubes-sysinit" services="$services qubes-netwatcher qubes-network qubes-sysinit"
services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent" services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent"
services="$services qubes-random-seed" services="$services qubes-random-seed"
@ -573,6 +573,6 @@ if [ "$1" != 0 ] ; then
exit 0 exit 0
fi fi
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-home qubes-netwatcher qubes-network qubes-qrexec-agent; do for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do
/bin/systemctl disable $srv.service /bin/systemctl disable $srv.service
do do

2
vm-init.d/qubes-core-appvm
View File

@ -51,7 +51,7 @@ start()
possibly_run_save_script possibly_run_save_script
umount /rw umount /rw
dmesg -c >/dev/null dmesg -c >/dev/null
free | grep Mem: | free | grep Mem: |
(read a b c d ; qubesdb-write /qubes-used-mem $c) (read a b c d ; qubesdb-write /qubes-used-mem $c)
# give dom0 time to read some entries, when done it will shutdown qubesdb, # give dom0 time to read some entries, when done it will shutdown qubesdb,
# so wait for it # so wait for it

2
vm-init.d/qubes-core-netvm
View File

@ -33,7 +33,7 @@ start()
/usr/lib/qubes/qubes-setup-dnat-to-ns /usr/lib/qubes/qubes-setup-dnat-to-ns
echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_forward
fi fi
success success
echo "" echo ""
return 0 return 0

2
vm-systemd/75-qubes-vm.preset
View File

@ -66,7 +66,7 @@ enable qubes-updates-proxy.service
enable qubes-dvm.service enable qubes-dvm.service
enable qubes-network.service enable qubes-network.service
enable qubes-qrexec-agent.service enable qubes-qrexec-agent.service
enable qubes-mount-home.service enable qubes-mount-dirs.service
enable qubes-firewall.service enable qubes-firewall.service
enable qubes-netwatcher.service enable qubes-netwatcher.service
enable qubes-meminfo-writer.service enable qubes-meminfo-writer.service

0
vm-systemd/mount-home.sh → vm-systemd/mount-dirs.sh
View File

2
vm-systemd/prepare-dvm.sh
View File

@ -16,7 +16,7 @@ if true; then
dmesg -c >/dev/null dmesg -c >/dev/null
qubesdb-watch /qubes-restore-complete & qubesdb-watch /qubes-restore-complete &
watch_pid=$! watch_pid=$!
free | grep Mem: | free | grep Mem: |
(read label total used free shared buffers cached; qubesdb-write /qubes-used-mem $(( $used + $cached )) ) (read label total used free shared buffers cached; qubesdb-write /qubes-used-mem $(( $used + $cached )) )
# we're still running in DispVM template # we're still running in DispVM template
echo "Waiting for save/restore..." echo "Waiting for save/restore..."

2
vm-systemd/qubes-misc-post.service
View File

@ -1,6 +1,6 @@
[Unit] [Unit]
Description=Qubes misc post-boot actions Description=Qubes misc post-boot actions
After=qubes-dvm.service qubes-mount-home.service After=qubes-dvm.service qubes-mount-dirs.service
[Service] [Service]
Type=oneshot Type=oneshot

2
vm-systemd/qubes-mount-home.service → vm-systemd/qubes-mount-dirs.service
View File

@ -5,7 +5,7 @@ Before=qubes-gui-agent.service
[Service] [Service]
Type=oneshot Type=oneshot
RemainAfterExit=yes RemainAfterExit=yes
ExecStart=/usr/lib/qubes/init/mount-home.sh ExecStart=/usr/lib/qubes/init/mount-dirs.sh
# Fedora and Debian have different paths for fuser # Fedora and Debian have different paths for fuser
ExecStop=/bin/sh -c 'fuser -kMm /home' ; /bin/umount /home ExecStop=/bin/sh -c 'fuser -kMm /home' ; /bin/umount /home
ExecStopPost=-/bin/umount /rw ExecStopPost=-/bin/umount /rw