PKGBUILD.install 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364
  1. ###########################
  2. ## Pre-Install functions ##
  3. ###########################
  4. update_default_user() {
  5. # Make sure there is a qubes group
  6. groupadd --force --system --gid 98 qubes
  7. # Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this.
  8. # See https://bugs.archlinux.org/task/31831
  9. id -u 'user' >/dev/null 2>&1 || {
  10. useradd --user-group --create-home --shell /bin/zsh user
  11. }
  12. usermod -a --groups qubes user
  13. }
  14. ## arg 1: the new package version
  15. pre_install() {
  16. echo "Pre install..."
  17. update_default_user
  18. # do this whole %pre thing only when updating for the first time...
  19. mkdir -p /var/lib/qubes
  20. # Backup fstab / But use archlinux defaults (cp instead of mv)
  21. if [ -e /etc/fstab ] ; then
  22. cp /etc/fstab /var/lib/qubes/fstab.orig
  23. fi
  24. # Add qubes core related fstab entries
  25. echo "xen /proc/xen xenfs defaults 0 0" >> /etc/fstab
  26. usermod -p '' root
  27. usermod -L user
  28. }
  29. ## arg 1: the new package version
  30. ## arg 2: the old package version
  31. pre_upgrade() {
  32. # do something here
  33. echo "Pre upgrade..."
  34. update_default_user
  35. }
  36. ###################
  37. ## Install Hooks ##
  38. ###################
  39. configure_notification-daemon() {
  40. # Enable autostart of notification-daemon when installed
  41. if [ ! -e /etc/xdg/autostart/notification-daemon.desktop ]; then
  42. ln -s /usr/share/applications/notification-daemon.desktop /etc/xdg/autostart/
  43. fi
  44. }
  45. configure_selinux() {
  46. # SELinux is not enabled on archlinux
  47. #echo "--> Disabling SELinux..."
  48. echo "SELINUX not enabled on archlinux. skipped."
  49. # sed -e s/^SELINUX=.*$/SELINUX=disabled/ -i /etc/selinux/config
  50. # setenforce 0 2>/dev/null
  51. }
  52. ############################
  53. ## Post-Install functions ##
  54. ############################
  55. update_qubesconfig() {
  56. # Create NetworkManager configuration if we do not have it
  57. if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
  58. echo '[main]' > /etc/NetworkManager/NetworkManager.conf
  59. echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
  60. echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
  61. fi
  62. /usr/lib/qubes/qubes-fix-nm-conf.sh
  63. # Remove ip_forward setting from sysctl, so NM will not reset it
  64. # Archlinux now use sysctl.d/ instead of sysctl.conf
  65. #sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf
  66. # Remove old firmware updates link
  67. if [ -L /lib/firmware/updates ]; then
  68. rm -f /lib/firmware/updates
  69. fi
  70. # Yum proxy configuration is fedora specific
  71. #if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf' /etc/yum.conf; then
  72. # echo >> /etc/yum.conf
  73. # echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf
  74. # echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf
  75. #fi
  76. # Location of files which contains list of protected files
  77. mkdir -p /etc/qubes/protected-files.d
  78. PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
  79. # qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content
  80. if ! grep -rq "^/etc/hosts$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
  81. if ! grep -q localhost /etc/hosts; then
  82. cat <<EOF > /etc/hosts
  83. 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 `hostname`
  84. ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
  85. EOF
  86. fi
  87. fi
  88. # ensure that hostname resolves to 127.0.0.1 resp. ::1 and that /etc/hosts is
  89. # in the form expected by qubes-sysinit.sh
  90. if ! grep -rq "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
  91. for ip in '127\.0\.0\.1' '::1'; do
  92. if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then
  93. sed -i "/^${ip}\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts
  94. sed -i "s/^${ip}\(\s\|$\).*$/\0 `hostname`/" /etc/hosts
  95. else
  96. echo "${ip} `hostname`" >> /etc/hosts
  97. fi
  98. done
  99. fi
  100. # Make sure there is a default locale set so gnome-terminal will start
  101. if [ ! -e /etc/locale.conf ] || ! grep -q LANG /etc/locale.conf; then
  102. touch /etc/locale.conf
  103. echo "LANG=en_US.UTF-8" >> /etc/locale.conf
  104. fi
  105. # ... and make sure it is really generated
  106. # This line is buggy as LANG can be set to LANG="en_US.UTF-8". The Quotes must be stripped
  107. current_locale=`grep LANG /etc/locale.conf|cut -f 2 -d = | tr -d '"'`
  108. if [ -n "$current_locale" ] && ! locale -a | grep -q "$current_locale"; then
  109. base=`echo "$current_locale" | cut -f 1 -d .`
  110. charmap=`echo "$current_locale.UTF-8" | cut -f 2 -d .`
  111. [ -n "$charmap" ] && charmap="-f $charmap"
  112. localedef -i $base $charmap $current_locale
  113. fi
  114. }
  115. configure_systemd() {
  116. PRESET_FAILED=0
  117. if [ $1 -eq 1 ]; then
  118. # Needs to be started two times to deal with services name changes (systemctl bug?)
  119. echo "Resetting systemd services to defaults presets (PASS 1)"
  120. systemctl --no-reload preset-all 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1
  121. echo "Resetting systemd services to defaults presets (PASS 2)"
  122. systemctl --no-reload preset-all 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1
  123. else
  124. services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs"
  125. services="$services qubes-netwatcher qubes-network qubes-sysinit"
  126. services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent"
  127. services="$services qubes-random-seed"
  128. for srv in $services; do
  129. echo "Enable service defaults for $service"
  130. systemctl --no-reload preset $srv.service
  131. done
  132. systemctl --no-reload preset qubes-update-check.timer
  133. # Upgrade path - now qubes-iptables is used instead
  134. systemctl --no-reload preset iptables.service
  135. systemctl --no-reload preset ip6tables.service
  136. fi
  137. # Set default "runlevel"
  138. rm -f /etc/systemd/system/default.target
  139. ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
  140. grep '^[[:space:]]*[^#;]' /lib/systemd/system-preset/75-qubes-vm.preset | while read action unit_name; do
  141. case "$action" in
  142. (disable)
  143. if [ -f /lib/systemd/system/$unit_name ]; then
  144. if ! fgrep -q '[Install]' /lib/systemd/system/$unit_name; then
  145. # forcibly disable
  146. ln -sf /dev/null /etc/systemd/system/$unit_name
  147. fi
  148. fi
  149. ;;
  150. *)
  151. # preset-all is not available in fc20; so preset each unit file listed in 75-qubes-vm.preset
  152. if [ $1 -eq 1 -a "${PRESET_FAILED}" -eq 1 ]; then
  153. systemctl --no-reload preset "${unit_name}" > /dev/null 2>&1 || true
  154. fi
  155. ;;
  156. esac
  157. done
  158. systemctl daemon-reload
  159. }
  160. config_prependtomark() {
  161. FILE=$1
  162. APPENDBEFORELINE=$2
  163. APPENDLINE=$3
  164. grep -F -q "$APPENDLINE" "$FILE" || sed "/$APPENDBEFORELINE/i$APPENDLINE" -i "$FILE"
  165. }
  166. config_appendtomark() {
  167. FILE=$1
  168. APPENDAFTERLINE=$2
  169. APPENDLINE=$3
  170. grep -F -q "$APPENDLINE" "$FILE" || sed "/$APPENDAFTERLINE/a$APPENDLINE" -i "$FILE"
  171. }
  172. config_cleanupmark() {
  173. FILE="$1"
  174. BEGINMARK="$2"
  175. ENDMARK="$3"
  176. if grep -F -q "$BEGINMARK" "$FILE"; then
  177. if grep -F -q "$ENDMARK" "$FILE"; then
  178. cp "$FILE" "$FILE.qubes-update-orig"
  179. sed -i -e "/^$BEGINMARK$/,/^$ENDMARK$/{
  180. /^$ENDMARK$/b
  181. /^$BEGINMARK$/!d
  182. }" "$FILE"
  183. rm -f "$FILE.qubes-update-orig"
  184. else
  185. echo "ERROR: found $BEGINMARK marker but not $ENDMARK in $FILE. Please cleanup this file manually."
  186. fi
  187. elif grep -F -q "$ENDMARK" "$FILE"; then
  188. echo "ERROR: found $ENDMARK marker but not $BEGINMARK in $FILE. Please cleanup this file manually."
  189. fi
  190. }
  191. update_finalize() {
  192. # Archlinux specific: Cleanup pre pacman.d qubes marker
  193. QUBES_MARKER="### QUBES CONFIG MARKER ###"
  194. if grep -F -q "$QUBES_MARKER" /etc/pacman.conf; then
  195. config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "### QUBES CONFIG END MARKER ###"
  196. config_cleanupmark "/etc/pacman.conf" "$QUBES_MARKER" "### QUBES CONFIG END MARKER ###"
  197. fi
  198. # Include /etc/pacman.d drop-in directory
  199. config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "Include = /etc/pacman.d/*.conf"
  200. # Archlinux specific: Update pam.d configuration for su to enable systemd-login wrapper
  201. # Also remove pam_unix.so from su configuration
  202. # as system-login (which include system-auth) already gives pam_unix.so
  203. # with more appropriate parameters (fix the missing nullok parameter)
  204. if [ -n "`cat /etc/pam.d/su | grep pam_unix.so`" ] ; then
  205. echo "Fixing pam.d"
  206. cat <<EOF > /etc/pam.d/su
  207. #%PAM-1.0
  208. auth sufficient pam_rootok.so
  209. # Uncomment the following line to implicitly trust users in the "wheel" group.
  210. #auth sufficient pam_wheel.so trust use_uid
  211. # Uncomment the following line to require a user to be in the "wheel" group.
  212. #auth required pam_wheel.so use_uid
  213. auth include system-login
  214. account include system-login
  215. session include system-login
  216. EOF
  217. cp /etc/pam.d/su /etc/pam.d/su-l
  218. fi
  219. # Archlinux specific: ensure tty1 is enabled
  220. rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
  221. systemctl enable getty\@tty1.service
  222. systemctl daemon-reload
  223. }
  224. ## arg 1: the new package version
  225. post_install() {
  226. update_qubesconfig
  227. # do the rest of %post thing only when updating for the first time...
  228. if [ -e /etc/init/serial.conf ] && ! [ -f /var/lib/qubes/serial.orig ] ; then
  229. cp /etc/init/serial.conf /var/lib/qubes/serial.orig
  230. fi
  231. # Remove most of the udev scripts to speed up the VM boot time
  232. # Just leave the xen* scripts, that are needed if this VM was
  233. # ever used as a net backend (e.g. as a VPN domain in the future)
  234. #echo "--> Removing unnecessary udev scripts..."
  235. mkdir -p /var/lib/qubes/removed-udev-scripts
  236. for f in /etc/udev/rules.d/*
  237. do
  238. if [ $(basename $f) == "xen-backend.rules" ] ; then
  239. continue
  240. fi
  241. if [ $(basename $f) == "50-qubes-misc.rules" ] ; then
  242. continue
  243. fi
  244. if echo $f | grep -q qubes; then
  245. continue
  246. fi
  247. mv $f /var/lib/qubes/removed-udev-scripts/
  248. done
  249. mkdir -p /rw
  250. configure_notification-daemon
  251. configure_selinux
  252. configure_systemd 0
  253. update_finalize
  254. }
  255. ## arg 1: the new package version
  256. ## arg 2: the old package version
  257. post_upgrade() {
  258. update_qubesconfig
  259. configure_notification-daemon
  260. configure_selinux
  261. configure_systemd 1
  262. update_finalize
  263. }
  264. ######################
  265. ## Remove functions ##
  266. ######################
  267. ## arg 1: the old package version
  268. pre_remove() {
  269. # no more packages left
  270. if [ -e /var/lib/qubes/fstab.orig ] ; then
  271. mv /var/lib/qubes/fstab.orig /etc/fstab
  272. fi
  273. mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
  274. if [ -e /var/lib/qubes/serial.orig ] ; then
  275. mv /var/lib/qubes/serial.orig /etc/init/serial.conf
  276. fi
  277. }
  278. ## arg 1: the old package version
  279. post_remove() {
  280. if [ -L /lib/firmware/updates ] ; then
  281. rm /lib/firmware/updates
  282. fi
  283. rm -rf /var/lib/qubes/xdg
  284. for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do
  285. systemctl disable $srv.service
  286. done
  287. }