#!/bin/bash
# postinst script for core-agent-linux
#
# see: dh_installdeb(1)
set -e
# The postint script may be called in the following ways:
# * <postinst> 'configure' <most-recently-configured-version>
# * <old-postinst> 'abort-upgrade' <new version>
# * <conflictor's-postinst> 'abort-remove' 'in-favour' <package>
# <new-version>
# * <postinst> 'abort-remove'
# * <deconfigured's-postinst> 'abort-deconfigure' 'in-favour'
# <failed-install-package> <version> 'removing'
# <conflicting-package> <version>
#
# For details, see http://www.debian.org/doc/debian-policy/ or
# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or
# the debian-policy package
# Install overriden services only when original exists
installOverridenServices() {
override_dir="${1}"
service="${2}"
retval=1
for unit in ${service}; do
unit="${unit%%.*}"
unit_name="$(basename ${unit})"
if [ -f ${unit}.service ]; then
echo "Installing override for ${unit}.service..."
cp ${override_dir}/${unit_name}.service /etc/systemd/system/
retval=0
fi
if [ -f ${unit}.socket -a -f ${override_dir}/${unit}.socket ]; then
echo "Installing override for ${unit}.socket..."
cp ${override_dir}/${unit_name}.socket /etc/systemd/system/
retval=0
fi
if [ -f ${unit}.path -a -f ${override_dir}/${unit}.path ]; then
echo "Installing override for ${unit}.path..."
cp ${override_dir}/${unit_name}.path /etc/systemd/system/
retval=0
fi
done
return ${retval}
}
reenableNetworkManager() {
# Disable original service to enable overriden one
echo "Disabling original service to enable overriden one..."
disableSystemdUnits ModemManager.service
disableSystemdUnits NetworkManager.service
# Disable D-BUS activation of NetworkManager - in AppVm it causes problems (eg PackageKit timeouts)
echo "Disable D-BUS activation of NetworkManager - in AppVm it causes problems (eg PackageKit timeouts)"
systemctl mask dbus-org.freedesktop.NetworkManager.service 2> /dev/null || echo "Could not disable D-BUS activation of NetworkManager"
echo "Re-enabling original service to enable overriden one..."
enableSystemdUnits ModemManager.service
enableSystemdUnits NetworkManager.service
# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=974811
echo "Fix for https://bugzilla.redhat.com/show_bug.cgi?id=974811"
enableSystemdUnits NetworkManager-dispatcher.service
}
remove_ShowIn () {
if [ -e "${1}" ]; then
sed -i '/^\(Not\|Only\)ShowIn/d' "${1}"
fi
}
setArrayAsGlobal() {
local array="$1"
local export_as="$2"
local code=$(declare -p "$array")
local replaced="${code/$array/$export_as}"
eval ${replaced/declare -/declare -g}
}
systemdInfo() {
unit=${1}
return_global_var=${2}
declare -A -g INFO
while read line; do
INFO[${line%%=*}]="${line##*=}"
done < <(systemctl show ${unit} 2> /dev/null)
setArrayAsGlobal INFO $return_global_var
}
displayFailedStatus() {
action=${1}
unit=${2}
systemdInfo ${unit} info
echo
echo "==================================================="
echo "FAILED: systemd ${action} ${unit}"
echo "==================================================="
echo " LoadState = ${info[LoadState]}"
echo " LoadError = ${info[LoadError]}"
echo " ActiveState = ${info[ActiveState]}"
echo " SubState = ${info[SubState]}"
echo "UnitFileState = ${info[UnitFileState]}"
echo
}
# Disable systemd units
disableSystemdUnits() {
for unit in $*; do
systemctl is-enabled ${unit} > /dev/null 2>&1 && {
echo "Disabling ${unit}..."
systemctl is-active ${unit} > /dev/null 2>&1 && {
systemctl stop ${unit} > /dev/null 2>&1 || displayFailedStatus stop ${unit}
}
if [ -f /lib/systemd/system/${unit} ]; then
if fgrep -q '[Install]' /lib/systemd/system/${unit}; then
systemctl disable ${unit} > /dev/null 2>&1 || displayFailedStatus disable ${unit}
else
# Forcibly disable
echo "Forcibly disabling: ${unit}"
ln -sf /dev/null /etc/systemd/system/${unit}
fi
else
systemctl disable ${unit} > /dev/null 2>&1 || displayFailedStatus disable ${unit}
fi
} || {
echo "It appears ${unit} is already disabled!"
#displayFailedStatus is-disabled ${unit}
}
done
}
# Enable systemd units
enableSystemdUnits() {
for unit in $*; do
systemctl is-enabled ${unit} > /dev/null 2>&1 && {
echo "It appears ${unit} is already enabled!"
#displayFailedStatus is-enabled ${unit}
} || {
echo "Enabling: ${unit}..."
systemctl enable ${unit} > /dev/null 2>&1 && {
systemctl start ${unit} > /dev/null 2>&1 || displayFailedStatus start ${unit}
} || {
echo "Could not enable: ${unit}"
displayFailedStatus enable ${unit}
}
}
done
}
# Manually trigger all triggers to automaticatly configure
triggerTriggers() {
path="$(readlink -m ${0})"
triggers="${path/postinst/triggers}"
awk '{sub(/[ \t]*#.*/,"")} NF' ${triggers} | while read line
do
/bin/bash -c "${0} triggered ${line##* }" || true
done
}
case "${1}" in
configure)
# disable some Upstart services
for init in plymouth-shutdown \
prefdm \
splash-manager \
start-ttys \
tty ; do
if [ -e /etc/init/${init}.conf ]; then
mv -f /etc/init/${init}.conf /etc/init/${init}.conf.disabled
fi
done
# Stops Qt form using the MIT-SHM X11 Shared Memory Extension
echo 'export QT_X11_NO_MITSHM=1' > /etc/profile.d/qt_x11_no_mitshm
# Sudo's defualt umask is 077 so set sane default of 022
# Also don't allow QT to used shared memory to prevent errors
echo 'Defaults umask = 0002' > /etc/sudoers.d/umask
echo 'Defaults umask_override' >> /etc/sudoers.d/umask
echo 'Defaults env_keep += "QT_X11_NO_MITSHM"' > /etc/sudoers.d/qt_x11_no_mitshm.sh
chmod 0755 /etc/sudoers.d/qt_x11_no_mitshm.sh
# Create NetworkManager configuration if we do not have it
if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
echo '[main]' > /etc/NetworkManager/NetworkManager.conf
echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
fi
/usr/lib/qubes/qubes-fix-nm-conf.sh
# Remove ip_forward setting from sysctl, so NM will not reset it
sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf
# Remove old firmware updates link
if [ -L /lib/firmware/updates ]; then
rm -f /lib/firmware/updates
fi
#if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf' /etc/yum.conf; then
# echo >> /etc/yum.conf
# echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf
# echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf
#fi
# Revert 'Prevent unnecessary updates in VMs':
#sed -i -e '/^exclude = kernel/d' /etc/yum.conf
# ensure that hostname resolves to 127.0.1.1 resp. ::1 and that /etc/hosts is
# in the form expected by qubes-sysinit.sh
for ip in '127\.0\.1\.1' '::1'; do
if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then
sed -i "/^${ip}\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts
sed -i "s/^${ip}\(\s\|$\).*$/\0 `hostname`/" /etc/hosts
else
echo "${ip//\\/} `hostname`" >> /etc/hosts
fi
done
# remove hostname from 127.0.0.1 line (in debian the hostname is by default
# resolved to 127.0.1.1)
sed -i "/^127\.0\.0\.1\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts
chown user:user /home_volatile/user
#if [ "${1}" != 1 ] ; then
# # do the rest of %post thing only when updating for the first time...
# exit 0
#fi
if [ -e /etc/init/serial.conf ] && ! [ -f /var/lib/qubes/serial.orig ] ; then
cp /etc/init/serial.conf /var/lib/qubes/serial.orig
fi
# Remove most of the udev scripts to speed up the VM boot time
# Just leave the xen* scripts, that are needed if this VM was
# ever used as a net backend (e.g. as a VPN domain in the future)
#echo "--> Removing unnecessary udev scripts..."
mkdir -p /var/lib/qubes/removed-udev-scripts
for f in /etc/udev/rules.d/*
do
if [ $(basename ${f}) == "xen-backend.rules" ] ; then
continue
fi
if [ $(basename ${f}) == "50-qubes-misc.rules" ] ; then
continue
fi
if echo ${f} | grep -q qubes; then
continue
fi
mv ${f} /var/lib/qubes/removed-udev-scripts/
done
# Create /rw directory
mkdir -p /rw
# XXX: TODO: Needs to be implemented still
#rm -f /etc/mtab
#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0"
#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig
#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0
# Enable Qubes systemd units
enableSystemdUnits \
qubes-sysinit.service \
qubes-misc-post.service \
qubes-netwatcher.service \
qubes-network.service \
qubes-firewall.service \
qubes-updates-proxy.service \
qubes-updates-proxy.timer \
qubes-qrexec-agent.service
# Set default "runlevel"
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# Process all triggers which will set defaults to wanted values
triggerTriggers
disableSystemdUnits \
alsa-store.service \
alsa-restore.service \
auditd.service \
avahi.service \
avahi-daemon.service \
backuppc.service \
cpuspeed.service \
crond.service \
fedora-autorelabel.service \
fedora-autorelabel-mark.service \
ipmi.service \
hwclock-load.service \
hwclock-save.service \
mdmonitor.service \
multipathd.service \
openct.service \
rpcbind.service \
mcelog.service \
fedora-storage-init.service \
fedora-storage-init-late.service \
plymouth-start.service \
plymouth-read-write.service \
plymouth-quit.service \
plymouth-quit-wait.service \
sshd.service \
tcsd.service \
sm-client.service \
sendmail.service \
mdmonitor-takeover.service \
rngd smartd.service \
upower.service \
irqbalance.service \
colord.service
rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
# Enable other systemd units
enableSystemdUnits \
rsyslog.service
# XXX: TODO: Needs to be implemented still
# These do not exist on debian; maybe a different package name
# iptables.service \
# ntpd.service \
# ip6tables.service \
;;
abort-upgrade|abort-remove|abort-deconfigure)
exit 0
;;
triggered)
for trigger in ${2}; do
case "${trigger}" in
# Update Qubes App Menus
/usr/share/applications)
echo "Updating Qubes App Menus..."
/usr/lib/qubes/qubes-trigger-sync-appmenus.sh || true
;;
# Install overriden services only when original exists
/lib/systemd/system/NetworkManager.service | \
/lib/systemd/system/NetworkManager-wait-online.service | \
/lib/systemd/system/ModemManager.service)
UNITDIR=/lib/systemd/system
OVERRIDEDIR=/usr/lib/qubes/init
installOverridenServices "${OVERRIDEDIR}" "${trigger}"
if [ $? -eq 0 ]; then
reenableNetworkManager
fi
;;
# Enable cups only when it is real Systemd service
/lib/systemd/system/cups.service)
echo "Enabling cups"
[ -e /lib/systemd/system/cups.service ] && enableSystemdUnits cups.service
;;
# "Enable haveged service"
/lib/systemd/system/haveged.service)
echo "Enabling haveged service"
enableSystemdUnits haveged.service
;;
# Install overridden serial.conf init script
/etc/init/serial.conf)
echo "Installing over-ridden serial.conf init script..."
if [ -e /etc/init/serial.conf ]; then
cp /usr/share/qubes/serial.conf /etc/init/serial.conf
fi
;;
# Enable autostart of notification-daemon when installed
/etc/xdg/autostart/notification-daemon.desktop)
if [ ! -e /etc/xdg/autostart/notification-daemon.desktop ]; then
echo "Enabling autostart of notification-daemon when installed..."
ln -s /usr/share/applications/notification-daemon.desktop /etc/xdg/autostart/
fi
;;
# Disable SELinux"
/etc/selinux/config)
echo "Disabling SELinux..."
if [ -e /etc/selinux/config ]; then
sed -e s/^SELINUX=.*$/SELINUX=disabled/ </etc/selinux/config >/etc/selinux/config.processed
mv /etc/selinux/config.processed /etc/selinux/config
setenforce 0 2>/dev/null
fi
;;
# Desktop Entry Modification - Remove existing rules
/etc/xdg/autostart/gpk-update-icon.desktop | \
/etc/xdg/autostart/nm-applet.desktop | \
/etc/xdg/autostart/abrt-applet.desktop)
if [ -e "${trigger}" ]; then
echo "Desktop Entry Modification - Removing ShowIn from: ${trigger}..."
remove_ShowIn "${trigger}"
fi
;;
# Desktop Entry Modification - Not shown in Qubes
/etc/xdg/autostart/pulseaudio.desktop | \
/etc/xdg/autostart/deja-dup-monitor.desktop | \
/etc/xdg/autostart/imsettings-start.desktop | \
/etc/xdg/autostart/krb5-auth-dialog.desktop | \
/etc/xdg/autostart/pulseaudio.desktop | \
/etc/xdg/autostart/restorecond.desktop | \
/etc/xdg/autostart/sealertauto.desktop | \
/etc/xdg/autostart/gnome-power-manager.desktop | \
/etc/xdg/autostart/gnome-sound-applet.desktop | \
/etc/xdg/autostart/gnome-screensaver.desktop | \
/etc/xdg/autostart/orca-autostart.desktop)
if [ -e "${trigger}" ]; then
echo "Desktop Entry Modification - Not Shown in Qubes: ${trigger}..."
remove_ShowIn "${trigger}"
echo 'NotShowIn=QUBES;' >> "${trigger}" || true
fi
;;
# Desktop Entry Modification - Not shown in in DisposableVM
/etc/xdg/autostart/gcm-apply.desktop)
if [ -e "${trigger}" ]; then
echo "Desktop Entry Modification - Not Shown in DisposableVM: ${trigger}..."
remove_ShowIn "${trigger}"
echo 'NotShowIn=DisposableVM;' >> "${trigger}" || true
fi
;;
# Desktop Entry Modification - Only shown in AppVM
/etc/xdg/autostart/gnome-keyring-gpg.desktop | \
/etc/xdg/autostart/gnome-keyring-pkcs11.desktop | \
/etc/xdg/autostart/gnome-keyring-secrets.desktop | \
/etc/xdg/autostart/gnome-keyring-ssh.desktop | \
/etc/xdg/autostart/gnome-settings-daemon.desktop | \
/etc/xdg/autostart/user-dirs-update-gtk.desktop | \
/etc/xdg/autostart/gsettings-data-convert.desktop)
if [ -e "${trigger}" ]; then
echo "Desktop Entry Modification - Only Shown in Gnome & AppVM: ${trigger}..."
remove_ShowIn "${trigger}"
echo 'OnlyShowIn=GNOME;AppVM;' >> "${trigger}" || true
fi
;;
# Desktop Entry Modification - Only shown in Gnome & UpdateableVM
/etc/xdg/autostart/gpk-update-icon.desktop)
if [ -e "${trigger}" ]; then
echo "Desktop Entry Modification - Only Shown in Gnome & UpdateableVM: ${trigger}..."
echo 'OnlyShowIn=GNOME;UpdateableVM;' >> "${trigger}" || true
fi
;;
# Desktop Entry Modification - Only shown in Gnome & Qubes
/etc/xdg/autostart/nm-applet.desktop)
if [ -e "${trigger}" ]; then
echo "Desktop Entry Modification - Only Shown in Gnome & Qubes: ${trigger}..."
echo 'OnlyShowIn=GNOME;QUBES;' >> "${trigger}" || true
fi
;;
*)
echo "postinst called with unknown trigger \`${2}'" >&2
exit 1
;;
esac
done
exit 0
;;
*)
echo "postinst called with unknown argument \`${1}'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
# vim: set ts=4 sw=4 sts=4 et :