Makefile 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344
  1. RPMS_DIR=rpm/
  2. VERSION := $(shell cat version)
  3. DIST ?= fc18
  4. APPLICATIONSDIR ?= /usr/share/applications
  5. SBINDIR ?= /usr/sbin
  6. BINDIR ?= /usr/bin
  7. LIBDIR ?= /usr/lib
  8. SYSLIBDIR ?= /lib
  9. PYTHON ?= /usr/bin/python3
  10. PYTHON_SITEARCH = $(shell python2 -c 'import distutils.sysconfig; print distutils.sysconfig.get_python_lib(1)')
  11. PYTHON2_SITELIB = $(shell python2 -c 'import distutils.sysconfig; print distutils.sysconfig.get_python_lib()')
  12. PYTHON3_SITELIB = $(shell python3 -c 'import distutils.sysconfig; print(distutils.sysconfig.get_python_lib())')
  13. # This makefile uses some bash-isms, make uses /bin/sh by default.
  14. SHELL = /bin/bash
  15. help:
  16. @echo "make rpms -- generate binary rpm packages"
  17. @echo "make rpms-vm -- generate binary rpm packages for VM"
  18. @echo "make clean -- cleanup"
  19. @echo "make install-vm -- install VM related files"
  20. @echo ""
  21. @echo "You must have lsb_release, rpm-sign and pandoc installed."
  22. rpms: rpms-vm
  23. rpms-vm:
  24. [ "$$BACKEND_VMM" != "" ] || { echo "error: you must define variable BACKEND_VMM" >&2 ; exit 1 ; }
  25. lsb_release >/dev/null 2>&1 || { echo "error: you need lsb_release (package lsb) installed" >&2 ; exit 1 ; }
  26. type pandoc >/dev/null 2>&1 || { echo "error: you need pandoc installed" >&2 ; exit 1 ; }
  27. type rpmsign >/dev/null 2>&1 || { echo "error: you need rpm-sign installed" >&2 ; exit 1 ; }
  28. rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm.spec
  29. rpmbuild --define "_rpmdir $(RPMS_DIR)" -bb rpm_spec/core-vm-doc.spec
  30. [ "$$SKIP_SIGNING" != "" ] || rpm --addsign \
  31. $(RPMS_DIR)/x86_64/qubes-core-vm-*$(VERSION)*.rpm \
  32. $(RPMS_DIR)/x86_64/qubes-core-vm-doc-*$(VERSION)*.rpm
  33. rpms-dom0:
  34. @true
  35. clean:
  36. make -C misc clean
  37. make -C qubes-rpc clean
  38. make -C doc clean
  39. rm -rf qubesagent/*.pyc qubesagent/__pycache__
  40. rm -rf test-packages/__pycache__
  41. rm -rf test-packages/qubesagent.egg-info
  42. rm -rf __pycache__
  43. rm -f .coverage
  44. all:
  45. make -C misc
  46. make -C qubes-rpc
  47. # Dropin Directory
  48. SYSTEM_DROPIN_DIR ?= "lib/systemd/system"
  49. USER_DROPIN_DIR ?= "usr/lib/systemd/user"
  50. SYSTEM_DROPINS := boot.automount chronyd.service crond.service
  51. SYSTEM_DROPINS += cups.service cups-browsed.service cups.path cups.socket ModemManager.service
  52. SYSTEM_DROPINS += getty@tty.service
  53. SYSTEM_DROPINS += tmp.mount
  54. SYSTEM_DROPINS += org.cups.cupsd.service org.cups.cupsd.path org.cups.cupsd.socket
  55. SYSTEM_DROPINS += systemd-random-seed.service
  56. SYSTEM_DROPINS += tor.service tor@default.service
  57. SYSTEM_DROPINS += systemd-timesyncd.service
  58. SYSTEM_DROPINS_NETWORKING := NetworkManager.service NetworkManager-wait-online.service
  59. SYSTEM_DROPINS_NETWORKING += tinyproxy.service
  60. USER_DROPINS := pulseaudio.service pulseaudio.socket
  61. # Ubuntu Dropins
  62. ifeq ($(shell lsb_release -is), Ubuntu)
  63. # 'crond.service' is named 'cron.service in Debian
  64. SYSTEM_DROPINS := $(strip $(patsubst crond.service, cron.service, $(SYSTEM_DROPINS)))
  65. SYSTEM_DROPINS += anacron.service
  66. SYSTEM_DROPINS += anacron-resume.service
  67. SYSTEM_DROPINS += netfilter-persistent.service
  68. SYSTEM_DROPINS += exim4.service
  69. SYSTEM_DROPINS += avahi-daemon.service
  70. endif
  71. # Debian Dropins
  72. ifeq ($(shell lsb_release -is), Debian)
  73. # 'crond.service' is named 'cron.service in Debian
  74. SYSTEM_DROPINS := $(strip $(patsubst crond.service, cron.service, $(SYSTEM_DROPINS)))
  75. # Wheezy System Dropins
  76. # Disable sysinit 'network-manager.service' since systemd 'NetworkManager.service' is already installed
  77. SYSTEM_DROPINS += $(strip $(if $(filter wheezy, $(shell lsb_release -cs)), network-manager.service,))
  78. # handled by qubes-iptables service now
  79. SYSTEM_DROPINS += netfilter-persistent.service
  80. SYSTEM_DROPINS += anacron.service
  81. SYSTEM_DROPINS += anacron-resume.service
  82. SYSTEM_DROPINS += exim4.service
  83. SYSTEM_DROPINS += avahi-daemon.service
  84. endif
  85. install-systemd-dropins:
  86. # Install system dropins
  87. @for dropin in $(SYSTEM_DROPINS); do \
  88. install -d $(DESTDIR)/$(SYSTEM_DROPIN_DIR)/$${dropin}.d ;\
  89. install -m 0644 vm-systemd/$${dropin}.d/*.conf $(DESTDIR)/$(SYSTEM_DROPIN_DIR)/$${dropin}.d/ ;\
  90. done
  91. # Install user dropins
  92. @for dropin in $(USER_DROPINS); do \
  93. install -d $(DESTDIR)/$(USER_DROPIN_DIR)/$${dropin}.d ;\
  94. install -m 0644 vm-systemd/user/$${dropin}.d/*.conf $(DESTDIR)/$(USER_DROPIN_DIR)/$${dropin}.d/ ;\
  95. done
  96. install-systemd-networking-dropins:
  97. # Install system dropins
  98. @for dropin in $(SYSTEM_DROPINS_NETWORKING); do \
  99. install -d $(DESTDIR)/$(SYSTEM_DROPIN_DIR)/$${dropin}.d ;\
  100. install -m 0644 vm-systemd/$${dropin}.d/*.conf $(DESTDIR)/$(SYSTEM_DROPIN_DIR)/$${dropin}.d/ ;\
  101. done
  102. install-init:
  103. install -d $(DESTDIR)$(LIBDIR)/qubes/init
  104. # FIXME: do a source code move vm-systemd/*.sh to init/
  105. # since those scripts are shared between sysvinit and systemd.
  106. install -m 0755 init/*.sh vm-systemd/*.sh $(DESTDIR)$(LIBDIR)/qubes/init/
  107. install -m 0644 init/functions $(DESTDIR)$(LIBDIR)/qubes/init/
  108. # Systemd service files
  109. SYSTEMD_ALL_SERVICES := $(wildcard vm-systemd/qubes-*.service)
  110. SYSTEMD_NETWORK_SERVICES := vm-systemd/qubes-firewall.service vm-systemd/qubes-iptables.service vm-systemd/qubes-updates-proxy.service
  111. SYSTEMD_CORE_SERVICES := $(filter-out $(SYSTEMD_NETWORK_SERVICES), $(SYSTEMD_ALL_SERVICES))
  112. install-systemd: install-init
  113. install -d $(DESTDIR)$(SYSLIBDIR)/systemd/system{,-preset} $(DESTDIR)$(LIBDIR)/qubes/init $(DESTDIR)$(SYSLIBDIR)/modules-load.d
  114. install -m 0644 $(SYSTEMD_CORE_SERVICES) $(DESTDIR)$(SYSLIBDIR)/systemd/system/
  115. install -m 0644 vm-systemd/qubes-*.timer $(DESTDIR)$(SYSLIBDIR)/systemd/system/
  116. install -m 0644 vm-systemd/75-qubes-vm.preset $(DESTDIR)$(SYSLIBDIR)/systemd/system-preset/
  117. install -m 0644 vm-systemd/qubes-core.conf $(DESTDIR)$(SYSLIBDIR)/modules-load.d/
  118. install-sysvinit: install-init
  119. install -d $(DESTDIR)/etc/init.d
  120. install vm-init.d/qubes-sysinit $(DESTDIR)/etc/init.d/
  121. install vm-init.d/qubes-core-early $(DESTDIR)/etc/init.d/
  122. install vm-init.d/qubes-core $(DESTDIR)/etc/init.d/
  123. install vm-init.d/qubes-core-netvm $(DESTDIR)/etc/init.d/
  124. install vm-init.d/qubes-firewall $(DESTDIR)/etc/init.d/
  125. install vm-init.d/qubes-updates-proxy $(DESTDIR)/etc/init.d/
  126. install vm-init.d/qubes-updates-proxy-forwarder $(DESTDIR)/etc/init.d/
  127. install -D vm-init.d/qubes-core.modules $(DESTDIR)/etc/sysconfig/modules/qubes-core.modules
  128. install network/qubes-iptables $(DESTDIR)/etc/init.d/
  129. install-rh: install-systemd install-systemd-dropins install-sysvinit
  130. install -D -m 0644 misc/qubes-r4.repo.in $(DESTDIR)/etc/yum.repos.d/qubes-r4.repo
  131. DIST='$(DIST)'; sed -i "s/@DIST@/$${DIST%%[0-9]*}/g" $(DESTDIR)/etc/yum.repos.d/qubes-r4.repo
  132. install -d $(DESTDIR)$(LIBDIR)/yum-plugins/
  133. install -d -m 755 $(DESTDIR)/etc/pki/rpm-gpg
  134. install -m 644 misc/RPM-GPG-KEY-qubes* $(DESTDIR)/etc/pki/rpm-gpg/
  135. install -D -m 644 misc/session-stop-timeout.conf $(DESTDIR)$(LIBDIR)/systemd/system/user@.service.d/90-session-stop-timeout.conf
  136. install -d $(DESTDIR)/etc/yum.conf.d
  137. touch $(DESTDIR)/etc/yum.conf.d/qubes-proxy.conf
  138. install -D -m 0644 misc/grub.qubes $(DESTDIR)/etc/default/grub.qubes
  139. install -D -m 0644 misc/serial.conf $(DESTDIR)/usr/share/qubes/serial.conf
  140. install -D misc/qubes-serial-login $(DESTDIR)/$(SBINDIR)/qubes-serial-login
  141. install -D -m 0644 misc/dracut-qubes.conf \
  142. $(DESTDIR)/usr/lib/dracut/dracut.conf.d/30-qubes.conf
  143. ifeq ($(shell rpm --eval %{centos_ver}),7)
  144. install -D -m 0644 misc/yum-qubes-hooks.py $(DESTDIR)$(LIBDIR)/yum-plugins/
  145. install -D -m 0644 misc/yum-qubes-hooks.conf $(DESTDIR)/etc/yum/pluginconf.d/yum-qubes-hooks.conf
  146. endif
  147. install -D -m 0644 misc/dnf-qubes-hooks.py \
  148. $(DESTDIR)$(PYTHON2_SITELIB)/dnf-plugins/qubes-hooks.py
  149. install -D -m 0644 misc/dnf-qubes-hooks.py \
  150. $(DESTDIR)$(PYTHON3_SITELIB)/dnf-plugins/qubes-hooks.py
  151. install -D -m 0644 misc/dnf-qubes-hooks.conf $(DESTDIR)/etc/dnf/plugins/qubes-hooks.conf
  152. install-doc:
  153. $(MAKE) -C doc install
  154. install-common: install-doc
  155. $(MAKE) -C autostart-dropins install
  156. install -m 0644 -D misc/fstab $(DESTDIR)/etc/fstab
  157. # force /usr/bin before /bin to have /usr/bin/python instead of /bin/python
  158. PATH="/usr/bin:$(PATH)" $(PYTHON) setup.py install $(PYTHON_PREFIX_ARG) -O1 --root $(DESTDIR)
  159. mkdir -p $(DESTDIR)$(SBINDIR)
  160. install -d -m 0750 $(DESTDIR)/etc/sudoers.d/
  161. install -D -m 0440 misc/qubes.sudoers $(DESTDIR)/etc/sudoers.d/qubes
  162. install -D -m 0440 misc/sudoers.d_qt_x11_no_mitshm $(DESTDIR)/etc/sudoers.d/qt_x11_no_mitshm
  163. install -D -m 0644 misc/20_tcp_timestamps.conf $(DESTDIR)/etc/sysctl.d/20_tcp_timestamps.conf
  164. install -d $(DESTDIR)/var/lib/qubes
  165. install -D misc/xenstore-watch $(DESTDIR)$(BINDIR)/xenstore-watch-qubes
  166. install -d $(DESTDIR)/etc/udev/rules.d
  167. install -m 0644 misc/udev-qubes-misc.rules $(DESTDIR)/etc/udev/rules.d/50-qubes-misc.rules
  168. install -d $(DESTDIR)$(LIBDIR)/qubes/
  169. install misc/qubes-trigger-sync-appmenus.sh $(DESTDIR)$(LIBDIR)/qubes/
  170. install -d -m 0750 $(DESTDIR)/etc/polkit-1/rules.d
  171. install -D -m 0644 misc/polkit-1-qubes-allow-all.pkla $(DESTDIR)/etc/polkit-1/localauthority/50-local.d/qubes-allow-all.pkla
  172. install -D -m 0644 misc/polkit-1-qubes-allow-all.rules $(DESTDIR)/etc/polkit-1/rules.d/00-qubes-allow-all.rules
  173. install -D -m 0644 misc/mime-globs $(DESTDIR)/usr/share/qubes/mime-override/globs
  174. install misc/qubes-download-dom0-updates.sh $(DESTDIR)$(LIBDIR)/qubes/
  175. install -d $(DESTDIR)/usr/share/glib-2.0/schemas/
  176. install -m 0644 \
  177. misc/20_org.gnome.settings-daemon.plugins.updates.qubes.gschema.override \
  178. misc/20_org.gnome.nautilus.qubes.gschema.override \
  179. misc/20_org.mate.NotificationDaemon.qubes.gschema.override \
  180. misc/20_org.gnome.desktop.wm.preferences.qubes.gschema.override \
  181. $(DESTDIR)/usr/share/glib-2.0/schemas/
  182. install -m 2775 -d $(DESTDIR)/var/lib/qubes/dom0-updates
  183. install -D -m 0644 misc/qubes-master-key.asc $(DESTDIR)/usr/share/qubes/qubes-master-key.asc
  184. install misc/resize-rootfs $(DESTDIR)$(LIBDIR)/qubes/
  185. install misc/close-window $(DESTDIR)$(LIBDIR)/qubes/close-window
  186. install misc/upgrades-installed-check $(DESTDIR)$(LIBDIR)/qubes/upgrades-installed-check
  187. install misc/upgrades-status-notify $(DESTDIR)$(LIBDIR)/qubes/upgrades-status-notify
  188. install -m 0644 network/udev-qubes-network.rules $(DESTDIR)/etc/udev/rules.d/99-qubes-network.rules
  189. install -m 0755 network/update-proxy-configs $(DESTDIR)$(LIBDIR)/qubes/
  190. install -d $(DESTDIR)$(BINDIR)
  191. install -m 0755 misc/qubes-session-autostart $(DESTDIR)$(BINDIR)/qubes-session-autostart
  192. install -m 0755 misc/qvm-features-request $(DESTDIR)$(BINDIR)/qvm-features-request
  193. install -m 0755 misc/qubes-run-terminal $(DESTDIR)/$(BINDIR)
  194. install -D -m 0644 misc/qubes-run-terminal.desktop $(DESTDIR)/$(APPLICATIONSDIR)/qubes-run-terminal.desktop
  195. install -D -m 0644 misc/dconf-db-local-dpi $(DESTDIR)/etc/dconf/db/local.d/dpi
  196. install -D -m 0755 misc/qubes-desktop-run $(DESTDIR)$(BINDIR)/qubes-desktop-run
  197. install -d $(DESTDIR)/mnt/removable
  198. install -d $(DESTDIR)/usr/lib/qubes-bind-dirs.d
  199. install -D -m 0644 misc/30_cron.conf $(DESTDIR)/usr/lib/qubes-bind-dirs.d/30_cron.conf
  200. install -D -m 0644 misc/marker-vm $(DESTDIR)/usr/share/qubes/marker-vm
  201. cut -f 1,2 -d . version >> $(DESTDIR)/usr/share/qubes/marker-vm
  202. install -m 0755 misc/tinyproxy-wrapper $(DESTDIR)/usr/lib/qubes/tinyproxy-wrapper
  203. install -m 0755 misc/qvm-console $(DESTDIR)$(BINDIR)/qvm-console
  204. install -m 0755 misc/qvm-connect-tcp $(DESTDIR)$(BINDIR)/qvm-connect-tcp
  205. install -d $(DESTDIR)/var/run/qubes
  206. install -d $(DESTDIR)/rw
  207. # Networking install target includes:
  208. # * basic network functionality (setting IP address, DNS, default gateway)
  209. # * package update proxy client
  210. install-networking:
  211. install -d $(DESTDIR)$(SYSLIBDIR)/systemd/system
  212. install -m 0644 vm-systemd/qubes-*.socket $(DESTDIR)$(SYSLIBDIR)/systemd/system/
  213. install -d $(DESTDIR)$(LIBDIR)/qubes/
  214. install network/setup-ip $(DESTDIR)$(LIBDIR)/qubes/
  215. # Netvm install target includes:
  216. # * qubes-firewall service (FirewallVM)
  217. # * DNS redirection setup
  218. # * proxy service used by TemplateVMs to download updates
  219. install-netvm:
  220. install -D -m 0644 $(SYSTEMD_NETWORK_SERVICES) $(DESTDIR)$(SYSLIBDIR)/systemd/system/
  221. install -D -m 0755 network/qubes-iptables $(DESTDIR)$(LIBDIR)/qubes/init/qubes-iptables
  222. install -D -m 0644 vm-systemd/qubes-core-agent-linux.tmpfiles \
  223. $(DESTDIR)/usr/lib/tmpfiles.d/qubes-core-agent-linux.conf
  224. mkdir -p $(DESTDIR)$(SBINDIR)
  225. ifneq ($(SBINDIR),/usr/bin)
  226. mv $(DESTDIR)/usr/bin/qubes-firewall $(DESTDIR)$(SBINDIR)/qubes-firewall
  227. endif
  228. install -D network/qubes-setup-dnat-to-ns $(DESTDIR)$(LIBDIR)/qubes/qubes-setup-dnat-to-ns
  229. install -d $(DESTDIR)/etc/dhclient.d
  230. ln -s /usr/lib/qubes/qubes-setup-dnat-to-ns $(DESTDIR)/etc/dhclient.d/qubes-setup-dnat-to-ns.sh
  231. install -D network/vif-route-qubes $(DESTDIR)/etc/xen/scripts/vif-route-qubes
  232. install -D network/vif-qubes-nat.sh $(DESTDIR)/etc/xen/scripts/vif-qubes-nat.sh
  233. install -m 0644 -D network/tinyproxy-updates.conf $(DESTDIR)/etc/tinyproxy/tinyproxy-updates.conf
  234. install -m 0644 -D network/updates-blacklist $(DESTDIR)/etc/tinyproxy/updates-blacklist
  235. install -m 0755 -D network/iptables-updates-proxy $(DESTDIR)$(LIBDIR)/qubes/iptables-updates-proxy
  236. install -m 0400 -D network/iptables $(DESTDIR)/etc/qubes/iptables.rules
  237. install -m 0400 -D network/ip6tables $(DESTDIR)/etc/qubes/ip6tables.rules
  238. install -m 0400 -D network/ip6tables-enabled $(DESTDIR)/etc/qubes/ip6tables-enabled.rules
  239. install -m 0755 -D qubes-rpc/qubes.UpdatesProxy $(DESTDIR)/etc/qubes-rpc/qubes.UpdatesProxy
  240. # networkmanager install target allow integration of NetworkManager for Qubes VM:
  241. # * make connections config persistent
  242. # * adjust DNS redirections when needed
  243. # * show/hide NetworkManager applet icon
  244. install-networkmanager:
  245. install -d $(DESTDIR)$(LIBDIR)/qubes/
  246. install network/qubes-fix-nm-conf.sh $(DESTDIR)$(LIBDIR)/qubes/
  247. install network/network-manager-prepare-conf-dir $(DESTDIR)$(LIBDIR)/qubes/
  248. install -d $(DESTDIR)/etc/NetworkManager/dispatcher.d/
  249. install network/{qubes-nmhook,30-qubes-external-ip} $(DESTDIR)/etc/NetworkManager/dispatcher.d/
  250. install -d $(DESTDIR)/usr/lib/NetworkManager/conf.d
  251. install -m 0644 network/nm-30-qubes.conf $(DESTDIR)/usr/lib/NetworkManager/conf.d/30-qubes.conf
  252. install -d $(DESTDIR)/etc/xdg/autostart
  253. install -m 0755 network/show-hide-nm-applet.sh $(DESTDIR)$(LIBDIR)/qubes/
  254. install -m 0644 network/show-hide-nm-applet.desktop $(DESTDIR)/etc/xdg/autostart/00-qubes-show-hide-nm-applet.desktop
  255. install-deb: install-common install-systemd install-systemd-dropins install-systemd-networking-dropins install-networking install-networkmanager install-netvm
  256. mkdir -p $(DESTDIR)/etc/apt/sources.list.d
  257. sed -e "s/@DIST@/`lsb_release -cs`/" misc/qubes-r4.list.in > $(DESTDIR)/etc/apt/sources.list.d/qubes-r4.list
  258. install -D -m 644 misc/qubes-archive-keyring.gpg $(DESTDIR)/etc/apt/trusted.gpg.d/qubes-archive-keyring.gpg
  259. install -D -m 644 network/00notify-hook $(DESTDIR)/etc/apt/apt.conf.d/00notify-hook
  260. install -d $(DESTDIR)/etc/sysctl.d
  261. install -m 644 network/80-qubes.conf $(DESTDIR)/etc/sysctl.d/
  262. install -D -m 644 misc/profile.d_qt_x11_no_mitshm.sh $(DESTDIR)/etc/profile.d/qt_x11_no_mitshm.sh
  263. install -D -m 440 misc/sudoers.d_umask $(DESTDIR)/etc/sudoers.d/umask
  264. install -d $(DESTDIR)/etc/pam.d
  265. install -m 0644 misc/pam.d_su.qubes $(DESTDIR)/etc/pam.d/su.qubes
  266. install -d $(DESTDIR)/etc/needrestart/conf.d
  267. install -D -m 0644 misc/50_qubes.conf $(DESTDIR)/etc/needrestart/conf.d/50_qubes.conf
  268. install -D -m 0644 misc/grub.qubes $(DESTDIR)/etc/default/grub.d/30-qubes.cfg
  269. install -D -m 0644 misc/apt-conf-70no-unattended $(DESTDIR)/etc/apt/apt.conf.d/70no-unattended
  270. mkdir -p $(DESTDIR)/etc/systemd/system/
  271. install -m 0644 vm-systemd/haveged.service $(DESTDIR)/etc/systemd/system/
  272. install-corevm: install-rh install-common install-systemd install-sysvinit install-systemd-dropins install-networking
  273. install-netvm: install-systemd-networking-dropins install-networkmanager
  274. install-vm: install-corevm install-netvm