Qubes
/
core-agent-linux


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293
							#!/bin/sh

# check if private.img (xvdb) is empty - all zeros
private_size_512=`blockdev --getsz /dev/xvdb`
if dd if=/dev/zero bs=512 count=$private_size_512 2>/dev/null | diff /dev/xvdb - >/dev/null; then
    # the device is empty, create filesystem
    echo "--> Virgin boot of the VM: creating filesystem on private.img"
    mkfs.ext4 -m 0 -q /dev/xvdb || exit 1
fi

tune2fs -m 0 /dev/xvdb
mount /rw
resize2fs /dev/xvdb 2> /dev/null || echo "'resize2fs /dev/xvdb' failed"

if ! [ -d /rw/home ] ; then
    echo
    echo "--> Virgin boot of the VM: Populating /rw/home"

    mkdir -p /rw/config
    touch /rw/config/rc.local
    cat > /rw/config/rc.local <<EOF
#!/bin/sh

# This script will be executed at every VM startup, you can place your own
# custom commands here. This include overriding some configuration in /etc,
# starting services etc.
#
# You need to make this script executable to have it enabled.

# Example for overriding the whole CUPS configuration:
#  rm -rf /etc/cups
#  ln -s /rw/config/cups /etc/cups
#  systemctl --no-block restart cups
EOF

    touch /rw/config/qubes-firewall-user-script
    cat > /rw/config/qubes-firewall-user-script <<EOF
#!/bin/sh

# This script is called in ProxyVM after firewall every update (configuration
# change, starting some VM etc). This is good place to write own custom
# firewall rules, in addition to autogenerated one. Remember that in most cases
# you'll need to insert the rules at the beginning (iptables -I) to have it
# efective.
#
# You need to make this script executable to have it enabled.
EOF

    touch /rw/config/suspend-module-blacklist
    cat > /rw/config/suspend-module-blacklist <<EOF
# You can list here modules you want to be unloaded before going to sleep. This
# file is used only if the VM has any PCI device assigned. Modules will be
# automatically loaded after resume.
EOF

    mkdir -p /rw/home
    cp -a /home.orig/user /rw/home

    mkdir -p /rw/usrlocal
    cp -a /usr/local.orig/* /rw/usrlocal

    touch /var/lib/qubes/first-boot-completed
fi

# Chown home if user UID have changed - can be the case on template switch
HOME_USER_UID=`ls -dn /rw/home/user | awk '{print $3}'`
if [ "`id -u user`" -ne "$HOME_USER_UID" ]; then
    find /rw/home/user -uid "$HOME_USER_UID" -print0 | xargs -0 chown user:user
fi

# Old Qubes versions had symlink /home -> /rw/home; now we use mount --bind
if [ -L /home ]; then
    rm /home
    mkdir /home
fi

if [ -e /var/run/qubes-service/qubes-dvm ]; then
    mount --bind /home_volatile /home
    touch /etc/this-is-dvm

    #If user have customized DispVM settings, use its home instead of default dotfiles
    if [ ! -e /home/user/.qubes-dispvm-customized ]; then
        if [ -e /rw/home/user/.qubes-dispvm-customized ]; then
            cp -af /rw/home/user /home/
        else
            cat /etc/dispvm-dotfiles.tbz | tar -xjf- --overwrite -C /home/user --owner user 2>&1 >/tmp/dispvm-dotfiles-errors.log
        fi
    fi
else
    mount /home
fi

/usr/lib/qubes/init/bind-dirs.sh