Home Explore Help
Sign In
Qubes
/
core-agent-linux
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 59aec8e5eb
Branches Tags
core-agent-linu...
/
init
/
setup-rw.sh

setup-rw.sh 3.8 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105 
  1. #!/bin/sh
    2. 

  2. 

  3. if mountpoint -q /rw ; then
    4. 

  4.     # This means /rw is mounted now.
    5. 

  5.     echo "Checking /rw" >&2
    6. 

  6. 

  7.     if ! [ -d /rw/config ] ; then
    8. 

  8.         echo "Virgin boot of the VM: populating /rw/config" >&2
    9. 

  9. 

  10.         mkdir -p /rw/config
    11. 

  11.         touch /rw/config/rc.local
    12. 

  12.         cat > /rw/config/rc.local <<EOF
    13. 

  13. #!/bin/sh
    14. 

  14. 

  15. # This script will be executed at every VM startup, you can place your own
    16. 

  16. # custom commands here. This include overriding some configuration in /etc,
    17. 

  17. # starting services etc.
    18. 

  18. #
    19. 

  19. # You need to make this script executable to have it enabled.
    20. 

  20. 

  21. # Example for overriding the whole CUPS configuration:
    22. 

  22. #  rm -rf /etc/cups
    23. 

  23. #  ln -s /rw/config/cups /etc/cups
    24. 

  24. #  systemctl --no-block restart cups
    25. 

  25. EOF
    26. 

  26. 

  27.         touch /rw/config/qubes-firewall-user-script
    28. 

  28.         cat > /rw/config/qubes-firewall-user-script <<EOF
    29. 

  29. #!/bin/sh
    30. 

  30. 

  31. # This script is called in ProxyVM after firewall every update (configuration
    32. 

  32. # change, starting some VM etc). This is good place to write own custom
    33. 

  33. # firewall rules, in addition to autogenerated one. Remember that in most cases
    34. 

  34. # you'll need to insert the rules at the beginning (iptables -I) to have it
    35. 

  35. # efective.
    36. 

  36. #
    37. 

  37. # You need to make this script executable to have it enabled.
    38. 

  38. EOF
    39. 

  39. 

  40.         touch /rw/config/suspend-module-blacklist
    41. 

  41.         cat > /rw/config/suspend-module-blacklist <<EOF
    42. 

  42. # You can list here modules you want to be unloaded before going to sleep. This
    43. 

  43. # file is used only if the VM has any PCI device assigned. Modules will be
    44. 

  44. # automatically loaded after resume.
    45. 

  45. EOF
    46. 

  46.     fi
    47. 

  47. 

  48.     if ! [ -d /rw/usrlocal ] ; then
    49. 

  49.         if [ -d /usr/local.orig ] ; then
    50. 

  50.             echo "Virgin boot of the VM: populating /rw/usrlocal from /usr/local.orig" >&2
    51. 

  51.             cp -af /usr/local.orig /rw/usrlocal
    52. 

  52.         else
    53. 

  53.             echo "Virgin boot of the VM: creating /rw/usrlocal" >&2
    54. 

  54.             mkdir -p /rw/usrlocal
    55. 

  55.         fi
    56. 

  56.     fi
    57. 

  57. 

  58.     if ! [ -d /rw/home ] ; then
    59. 

  59.         echo "Virgin boot of the VM: populating /rw/home" >&2
    60. 

  60.         mkdir -p /rw/home
    61. 

  61.     fi
    62. 

  62. 

  63.     # Chown home if users' UIDs have changed - can be the case on template switch.
    64. 

  64.     for pair in $(getent passwd | awk -F : '/\/home/ { print $1":"$3":"$4":"$6 } ') ; do
    65. 

  65.         user=$(echo "$pair" | awk -F : ' { print $1 } ')
    66. 

  66.         uid=$(echo "$pair" | awk -F : ' { print $2 } ')
    67. 

  67.         gid=$(echo "$pair" | awk -F : ' { print $3 } ')
    68. 

  68.         homedir=$(echo "$pair" | awk -F : ' { print $4 } ')
    69. 

  69.         if ! test -d /rw"$homedir" ; then
    70. 

  70.             if [ "$homedir" == "/home/user" -a -d /home.orig/"$user" ] ; then
    71. 

  71.                 echo "Virgin boot of the VM: populating /rw$homedir from /home.orig/$user" >&2
    72. 

  72.                 cp -af /home.orig/"$user" /rw"$homedir"
    73. 

  73.             else
    74. 

  74.                 echo "Virgin boot of the VM: populating /rw$homedir from /etc/skel" >&2
    75. 

  75.                 cp -af /etc/skel /rw"$homedir"
    76. 

  76.             fi
    77. 

  77.             chown -R "$uid"  /rw"$homedir" &
    78. 

  78.             chgrp -R "$gid"  /rw"$homedir" &
    79. 

  79.             chmod 700 /rw"$homedir" &
    80. 

  80.             wait
    81. 

  81.         fi
    82. 

  82.         homedir_uid=$(ls -dn /rw"$homedir" | awk '{print $3}')
    83. 

  83.         homedir_gid=$(ls -dn /rw"$homedir" | awk '{print $4}')
    84. 

  84.         if [ "$uid" -ne "$homedir_uid" ]; then
    85. 

  85.             echo "Virgin boot of the VM: adjusting ownership on /rw$homedir to $uid" >&2
    86. 

  86.             find /rw/"$homedir" -uid "$homedir_uid" -print0 | xargs -0 echo chown "$uid"
    87. 

  87.         fi
    88. 

  88.         if [ "$gid" -ne "$homedir_gid" ]; then
    89. 

  89.             echo "Virgin boot of the VM: adjusting groupship on /rw$homedir to $gid" >&2
    90. 

  90.             find /rw/"$homedir" -gid "$homedir_gid" -print0 | xargs -0 echo chgrp "$gid"
    91. 

  91.         fi
    92. 

  92.     done
    93. 

  93. 

  94.     echo "Finished checking /rw" >&2
    95. 

  95. fi
    96. 

  96. 

  97. # Old Qubes versions had symlink /home -> /rw/home; now we use mount --bind
    98. 

  98. if [ -L /home ]; then
    99. 

  99.     rm /home
    100. 

  100.     mkdir /home
    101. 

  101. fi
    102. 

  102. 

  103. if [ ! -e /var/lib/qubes/first-boot-completed ]; then
    104. 

  104.     touch /var/lib/qubes/first-boot-completed
    105. 

  105. fi
    106.