#!/bin/bash # postinst script for core-agent-linux # # see: dh_installdeb(1) set -x # The postint script may be called in the following ways: # * 'configure' # * 'abort-upgrade' # * 'abort-remove' 'in-favour' # # * 'abort-remove' # * 'abort-deconfigure' 'in-favour' # 'removing' # # # For details, see http://www.debian.org/doc/debian-policy/ or # https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or # the debian-policy package case "$1" in configure) # disable some Upstart services for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do if [ -e /etc/init/$F.conf ]; then mv -f /etc/init/$F.conf /etc/init/$F.conf.disabled fi done remove_ShowIn () { if [ -e /etc/xdg/autostart/$1.desktop ]; then sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop fi } # Stops Qt form using the MIT-SHM X11 Shared Memory Extension echo 'export QT_X11_NO_MITSHM=1' >> /etc/profile # Sudo's defualt umask is 077 so set sane default of 022 # Also don't allow QT to used shared memory to prevent errors echo 'Defaults umask = 0002' >> /etc/sudoers echo 'Defaults umask_override' >> /etc/sudoers echo 'Defaults env_keep += "QT_X11_NO_MITSHM"' >> /etc/sudoers # reenable abrt-aplet if disable by some earlier version of package remove_ShowIn abrt-applet.desktop # don't want it at all for F in deja-dup-monitor imsettings-start krb5-auth-dialog pulseaudio restorecond sealertauto gnome-power-manager gnome-sound-applet gnome-screensaver orca-autostart; do if [ -e /etc/xdg/autostart/$F.desktop ]; then remove_ShowIn $F echo 'NotShowIn=QUBES;' >> /etc/xdg/autostart/$F.desktop fi done # don't want it in DisposableVM for F in gcm-apply ; do if [ -e /etc/xdg/autostart/$F.desktop ]; then remove_ShowIn $F echo 'NotShowIn=DisposableVM;' >> /etc/xdg/autostart/$F.desktop fi done # want it in AppVM only for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do if [ -e /etc/xdg/autostart/$F.desktop ]; then remove_ShowIn $F echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop fi done # remove existing rule to add own later for F in gpk-update-icon nm-applet ; do remove_ShowIn $F done echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || : echo 'OnlyShowIn=GNOME;QUBES;' >> /etc/xdg/autostart/nm-applet.desktop || : # Create NetworkManager configuration if we do not have it if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then echo '[main]' > /etc/NetworkManager/NetworkManager.conf echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf fi /usr/lib/qubes/qubes-fix-nm-conf.sh # Remove ip_forward setting from sysctl, so NM will not reset it sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf # Remove old firmware updates link if [ -L /lib/firmware/updates ]; then rm -f /lib/firmware/updates fi #if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf' /etc/yum.conf; then # echo >> /etc/yum.conf # echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf # echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf #fi # Revert 'Prevent unnecessary updates in VMs': #sed -i -e '/^exclude = kernel/d' /etc/yum.conf # ensure that hostname resolves to 127.0.1.1 resp. ::1 and that /etc/hosts is # in the form expected by qubes-sysinit.sh for ip in '127\.0\.1\.1' '::1'; do if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then sed -i "/^${ip}\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts sed -i "s/^${ip}\(\s\|$\).*$/\0 `hostname`/" /etc/hosts else echo "${ip} `hostname`" >> /etc/hosts fi done # remove hostname from 127.0.0.1 line (in debian the hostname is by default # resolved to 127.0.1.1) sed -i "/^127\.0\.0\.1\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts chown user:user /home_volatile/user #if [ "$1" != 1 ] ; then # # do the rest of %post thing only when updating for the first time... # exit 0 #fi if [ -e /etc/init/serial.conf ] && ! [ -f /var/lib/qubes/serial.orig ] ; then cp /etc/init/serial.conf /var/lib/qubes/serial.orig fi # Remove most of the udev scripts to speed up the VM boot time # Just leave the xen* scripts, that are needed if this VM was # ever used as a net backend (e.g. as a VPN domain in the future) #echo "--> Removing unnecessary udev scripts..." mkdir -p /var/lib/qubes/removed-udev-scripts for f in /etc/udev/rules.d/* do if [ $(basename $f) == "xen-backend.rules" ] ; then continue fi if [ $(basename $f) == "50-qubes-misc.rules" ] ; then continue fi if echo $f | grep -q qubes; then continue fi mv $f /var/lib/qubes/removed-udev-scripts/ done mkdir -p /rw #rm -f /etc/mtab #echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0" #mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig #grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0 ####################################################################### # systemd post-init ####################################################################### for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-updates-proxy qubes-qrexec-agent; do /bin/systemctl enable $srv.service 2> /dev/null done /bin/systemctl enable qubes-update-check.timer 2> /dev/null UNITDIR=/lib/systemd/system OVERRIDEDIR=/usr/lib/qubes/init # XXX: Debian specific if [ -f "$OVERRIDEDIR/NetworkManager.service" ]; then mv -f $OVERRIDEDIR/NetworkManager.service $OVERRIDEDIR/network-manager.service sed 's/NetworkManager/network-manager/' -i $OVERRIDEDIR/network-manager.service fi if [ -f "$OVERRIDEDIR/NetworkManager-wait-online.service" ]; then mv -f $OVERRIDEDIR/NetworkManager-wait-online.service $OVERRIDEDIR/network-manager-wait-online.service sed 's/NetworkManager/network-manager/' -i $OVERRIDEDIR/network-manager-wait-online.service fi if [ -f "$OVERRIDEDIR/ModemManager" ]; then mv -f $OVERRIDEDIR/ModemManager $OVERRIDEDIR/modemmanager.service sed 's/ModemManager/modemmanager/' -i $OVERRIDEDIR/modemmanager.service fi # Install overriden services only when original exists #for srv in cups modemmanager network-manager network-manager-wait-online ntpd chronyd; do for srv in cups modemmanager network-manager network-manager-wait-online; do if [ -f $UNITDIR/$srv.service ]; then cp $OVERRIDEDIR/$srv.service /etc/systemd/system/ fi if [ -f $UNITDIR/$srv.socket -a -f $OVERRIDEDIR/$srv.socket ]; then cp $OVERRIDEDIR/$srv.socket /etc/systemd/system/ fi if [ -f $UNITDIR/$srv.path -a -f $OVERRIDEDIR/$srv.path ]; then cp $OVERRIDEDIR/$srv.path /etc/systemd/system/ fi done # Set default "runlevel" rm -f /etc/systemd/system/default.target ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target #DISABLE_SERVICES="alsa-store alsa-restore auditd avahi avahi-daemon backuppc cpuspeed crond" #DISABLE_SERVICES="$DISABLE_SERVICES fedora-autorelabel fedora-autorelabel-mark ipmi hwclock-load hwclock-save" #DISABLE_SERVICES="$DISABLE_SERVICES mdmonitor multipathd openct rpcbind mcelog fedora-storage-init fedora-storage-init-late" #DISABLE_SERVICES="$DISABLE_SERVICES plymouth-start plymouth-read-write plymouth-quit plymouth-quit-wait" #DISABLE_SERVICES="$DISABLE_SERVICES sshd tcsd sm-client sendmail mdmonitor-takeover" #DISABLE_SERVICES="$DISABLE_SERVICES rngd smartd upower irqbalance colord" #for srv in $DISABLE_SERVICES; do # if [ -f /lib/systemd/system/$srv.service ]; then # if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then # /bin/systemctl disable $srv.service 2> /dev/null # else # # forcibly disable # ln -sf /dev/null /etc/systemd/system/$srv.service # fi # fi #done rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service # Enable some services /bin/systemctl enable iptables.service 2> /dev/null /bin/systemctl enable ip6tables.service 2> /dev/null /bin/systemctl enable rsyslog.service 2> /dev/null /bin/systemctl enable ntpd.service 2> /dev/null # Enable cups only when it is real SystemD service [ -e /lib/systemd/system/cups.service ] && /bin/systemctl enable cups.service 2> /dev/null ;; abort-upgrade|abort-remove|abort-deconfigure) exit 0 ;; triggered) echo "Updating Qubes AppMenu." /usr/lib/qubes/qubes-trigger-sync-appmenus.sh ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 # vim: set ts=4 sw=4 sts=4 et :