core-agent-linux/archlinux/PKGBUILD.install

remove_ShowIn () {
	if [ -e /etc/xdg/autostart/$1.desktop ]; then
		sed -i '/^\(Not\|Only\)ShowIn/d' /etc/xdg/autostart/$1.desktop
	fi
}

update_xdgstart () {

# reenable if disabled by some earlier version of package
remove_ShowIn abrt-applet.desktop imsettings-start.desktop

# don't want it at all
for F in deja-dup-monitor krb5-auth-dialog pulseaudio restorecond sealertauto gnome-power-manager gnome-sound-applet gnome-screensaver orca-autostart; do
	if [ -e /etc/xdg/autostart/$F.desktop ]; then
		remove_ShowIn $F
		echo 'NotShowIn=QUBES;' >> /etc/xdg/autostart/$F.desktop
	fi
done

# don't want it in DisposableVM
for F in gcm-apply ; do
	if [ -e /etc/xdg/autostart/$F.desktop ]; then
		remove_ShowIn $F
		echo 'NotShowIn=DisposableVM;' >> /etc/xdg/autostart/$F.desktop
	fi
done

# want it in AppVM only
for F in gnome-keyring-gpg gnome-keyring-pkcs11 gnome-keyring-secrets gnome-keyring-ssh gnome-settings-daemon user-dirs-update-gtk gsettings-data-convert ; do
	if [ -e /etc/xdg/autostart/$F.desktop ]; then
		remove_ShowIn $F
		echo 'OnlyShowIn=GNOME;AppVM;' >> /etc/xdg/autostart/$F.desktop
	fi
done

# remove existing rule to add own later
for F in gpk-update-icon nm-applet ; do
	remove_ShowIn $F
done

echo 'OnlyShowIn=GNOME;UpdateableVM;' >> /etc/xdg/autostart/gpk-update-icon.desktop || :
echo 'OnlyShowIn=GNOME;QUBES;' >> /etc/xdg/autostart/nm-applet.desktop || :

# Enable autostart of notification-daemon when installed
ln -s /usr/share/applications/notification-daemon.desktop /etc/xdg/autostart/

}

update_qubesconfig () {

# Create NetworkManager configuration if we do not have it
if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
echo '[main]' > /etc/NetworkManager/NetworkManager.conf
echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
fi
/usr/lib/qubes/qubes-fix-nm-conf.sh

# Remove ip_forward setting from sysctl, so NM will not reset it
# Archlinux now use sysctl.d/ instead of sysctl.conf
# sed 's/^net.ipv4.ip_forward.*/#\0/'  -i /etc/sysctl.conf

# Remove old firmware updates link
if [ -L /lib/firmware/updates ]; then
  rm -f /lib/firmware/updates
fi

# qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content
if ! grep -q localhost /etc/hosts; then
  cat <<EOF > /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 `hostname`
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
fi

# Remove most of the udev scripts to speed up the VM boot time
# Just leave the xen* scripts, that are needed if this VM was
# ever used as a net backend (e.g. as a VPN domain in the future)
#echo "--> Removing unnecessary udev scripts..."
mkdir -p /var/lib/qubes/removed-udev-scripts
for f in /etc/udev/rules.d/*
do
    if [ $(basename $f) == "xen-backend.rules" ] ; then
        continue
    fi

    if [ $(basename $f) == "50-qubes-misc.rules" ] ; then
        continue
    fi

    if echo $f | grep -q qubes; then
        continue
    fi

    mv $f /var/lib/qubes/removed-udev-scripts/
done

}

update_systemd() {

echo "Updating systemd configuration for Qubes..."
echo "Enabling tty1"
# Archlinux specific: ensure tty1 is enabled
rm -f /etc/systemd/system/getty.target.wants/getty\@tty*.service
systemctl enable getty\@tty1.service

# Archlinux specific: Update pam.d configuration for su to enable systemd-login wrapper
if [ -z "`cat /etc/pam.d/su | grep system-login`" ] ; then
	echo "Fixing pam.d"
	sed '/auth\t\trequired\tpam_unix.so/aauth\t\tinclude\t\tsystem-login' -i /etc/pam.d/su
	sed '/account\t\trequired\tpam_unix.so/aaccount\t\tinclude\t\tsystem-login' -i /etc/pam.d/su
	sed '/session\t\trequired\tpam_unix.so/asession\t\tinclude\t\tsystem-login' -i /etc/pam.d/su
	cp /etc/pam.d/su /etc/pam.d/su-l
fi

echo "Enabling qubes specific services"
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-yum-proxy qubes-qrexec-agent qubes-ensure-lib-modules; do
  if [ -f /lib/systemd/system/$srv.service ]; then
    if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then
      systemctl enable "$srv"
      # 2> /dev/null
    else
      echo "WARNING: Cannot enable qubes service $srv: unit cannot be installed"
    fi
  else
    echo "WARNING: Cannot enable qubes service $srv: unit does not exists"
  fi
done

systemctl enable qubes-update-check.timer 2> /dev/null

UNITDIR=/lib/systemd/system
OVERRIDEDIR=/usr/lib/qubes/init

# Install overriden services only when original exists
for srv in cups NetworkManager NetworkManager-wait-online ntpd chronyd; do
    if [ -f $UNITDIR/$srv.service ]; then
        cp $OVERRIDEDIR/$srv.service /etc/systemd/system/
    fi
    if [ -f $UNITDIR/$srv.socket -a -f $OVERRIDEDIR/$srv.socket ]; then
        cp $OVERRIDEDIR/$srv.socket /etc/systemd/system/
    fi
    if [ -f $UNITDIR/$srv.path -a -f $OVERRIDEDIR/$srv.path ]; then
        cp $OVERRIDEDIR/$srv.service /etc/systemd/system/
    fi
done

# Set default "runlevel"
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target

DISABLE_SERVICES="alsa-store alsa-restore auditd avahi avahi-daemon backuppc cpuspeed crond"
DISABLE_SERVICES="$DISABLE_SERVICES fedora-autorelabel fedora-autorelabel-mark ipmi hwclock-load hwclock-save"
DISABLE_SERVICES="$DISABLE_SERVICES mdmonitor multipathd openct rpcbind mcelog fedora-storage-init fedora-storage-init-late"
DISABLE_SERVICES="$DISABLE_SERVICES plymouth-start plymouth-read-write plymouth-quit plymouth-quit-wait"
DISABLE_SERVICES="$DISABLE_SERVICES sshd tcsd sm-client sendmail mdmonitor-takeover"
DISABLE_SERVICES="$DISABLE_SERVICES rngd smartd upower irqbalance colord"
for srv in $DISABLE_SERVICES; do
    if [ -f /lib/systemd/system/$srv.service ]; then
        if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then
            systemctl disable $srv.service 2> /dev/null
        else
            # forcibly disable
            ln -sf /dev/null /etc/systemd/system/$srv.service
        fi
    fi
done

# Disable original service to enable overriden one
systemctl disable NetworkManager.service 2> /dev/null
# Disable D-BUS activation of NetworkManager - in AppVm it causes problems (eg PackageKit timeouts)
systemctl mask dbus-org.freedesktop.NetworkManager.service 2> /dev/null

# Enable some services
ENABLE_SERVICES="iptables ip6tables ip6tables rsyslog ntpd haveged"
ENABLE_SERVICES="$ENABLE_SERVICES NetworkManager"
# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=974811
ENABLE_SERVICES="$ENABLE_SERVICES NetworkManager-dispatcher"
# Enable cups only when it is real SystemD service
ENABLE_SERVICES="$ENABLE_SERVICES cups"
for srv in $ENABLE_SERVICES; do
  if [ -f /lib/systemd/system/$srv.service ]; then
    if fgrep -q '[Install]' /lib/systemd/system/$srv.service; then
      echo "Enabling service $srv"
      systemctl enable "$srv"
      # 2> /dev/null
    fi
  fi
done

}


## arg 1:  the new package version
pre_install() {
  echo "Pre install..."

  # do this whole %pre thing only when updating for the first time...

  mkdir -p /var/lib/qubes

  # Backup fstab / But use archlinux defaults (cp instead of mv)
  if [ -e /etc/fstab ] ; then 
    cp /etc/fstab /var/lib/qubes/fstab.orig
  fi

  # Add qubes core related fstab entries
  echo "xen	/proc/xen	xenfs	defaults	0 0" >> /etc/fstab

  # Add a qubes group
  groupadd --force --system --gid 98 qubes

  # Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this.
  # See https://bugs.archlinux.org/task/31831
  useradd --shell /bin/zsh --create-home user
  usermod -a --groups qubes user
}

## arg 1:  the new package version
post_install() {

update_xdgstart
update_qubesconfig
update_systemd

# do the rest of %post thing only when updating for the first time...
# Note: serial console wont work this way on archlinux. Maybe better using systemd ?
#if [ -e /etc/init/serial.conf ] && ! [ -f /var/lib/qubes/serial.orig ] ; then
#	cp /etc/init/serial.conf /var/lib/qubes/serial.orig
#fi

# SELinux is not enabled on archlinux
# echo "--> Disabling SELinux..."
# sed -e s/^SELINUX=.*$/SELINUX=disabled/ </etc/selinux/config >/etc/selinux/config.processed
# mv /etc/selinux/config.processed /etc/selinux/config
# setenforce 0 2>/dev/null

mkdir -p /rw

}


## arg 1:  the new package version
## arg 2:  the old package version
post_upgrade() {

update_xdgstart
update_systemd

}

## arg 1:  the new package version
## arg 2:  the old package version
pre_upgrade() {
  # do something here
  echo "Pre upgrade..."
}


## arg 1:  the old package version
pre_remove() {

    # no more packages left
    if [ -e /var/lib/qubes/fstab.orig ] ; then
    mv /var/lib/qubes/fstab.orig /etc/fstab
    fi
    mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
    if [ -e /var/lib/qubes/serial.orig ] ; then
    mv /var/lib/qubes/serial.orig /etc/init/serial.conf
    fi

}

## arg 1:  the old package version
post_remove() {

    /usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas &> /dev/null || :

    if [ -L /lib/firmware/updates ] ; then
      rm /lib/firmware/updates
    fi

  for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-qrexec-agent qubes-yum-proxy qubes-ensure-lib-modules; do
    systemctl disable $srv.service
  done
  systemctl disable qubes-update-check.timer

}