debian: make haveged.service patch less intrusive...

...but installed on all Debian versions. This is mostly required by vebose file list in debian/qubes-core-agent.install. But also make it use new options when upstream will set them. QubesOS/qubes-issues#2161 (cherry picked from commit 34fa6e7ced)
2017-05-22 17:30:06 +02:00 · 2017-05-22 17:30:06 +02:00 · 9b6abb9786
commit 9b6abb9786
parent 0ba36c7349
3 changed files with 5 additions and 24 deletions
--- a/7
+++ b/7
@ -295,11 +295,6 @@ else
 	install -m 0644 misc/py2/xdg.py* $(DESTDIR)/$(PYTHON_SITEARCH)/qubes/
 endif

-ifneq (,$(filter xenial zesty stretch, $(shell lsb_release -cs)))
-	mkdir -p $(DESTDIR)/etc/systemd/system/
-	install -m 0644 vm-systemd/haveged.service  $(DESTDIR)/etc/systemd/system/
-endif
-
 	install -d $(DESTDIR)/mnt/removable

 	install -D -m 0644 misc/xorg-preload-apps.conf $(DESTDIR)/etc/X11/xorg-preload-apps.conf
@ -328,5 +323,7 @@ install-deb: install-common install-systemd install-systemd-dropins
 	install -d $(DESTDIR)/usr/share/glib-2.0/schemas/
 	install -m 0644 misc/org.gnome.nautilus.gschema.override $(DESTDIR)/usr/share/glib-2.0/schemas/

+	mkdir -p $(DESTDIR)/etc/systemd/system/
+	install -m 0644 vm-systemd/haveged.service  $(DESTDIR)/etc/systemd/system/

 install-vm: install-rh install-common
--- a/debian/qubes-core-agent.install
+++ b/debian/qubes-core-agent.install
@ -71,6 +71,7 @@ etc/apt/apt.conf.d/00notify-hook
 etc/apt/sources.list.d/qubes-r3.list
 etc/needrestart/conf.d/50_qubes.conf
 etc/sysctl.d/20_tcp_timestamps.conf
+etc/systemd/system/haveged.service
 usr/sbin/qubes-firewall
 usr/sbin/qubes-netwatcher
 usr/bin/qvm-run
--- a/vm-systemd/haveged.service
+++ b/vm-systemd/haveged.service
@ -1,22 +1,5 @@
-[Unit]
-Description=Entropy daemon using the HAVEGE algorithm
-Documentation=man:haveged(8) http://www.issihosts.com/haveged/
-DefaultDependencies=no
-ConditionVirtualization=!container
-After=apparmor.service systemd-random-seed.service systemd-tmpfiles-setup.service
-
-[Service]
-EnvironmentFile=/etc/default/haveged
-ExecStart=/usr/sbin/haveged --Foreground --verbose=1 $DAEMON_ARGS
-SuccessExitStatus=143
-SecureBits=noroot-locked
-NoNewPrivileges=yes
-CapabilityBoundingSet=CAP_SYS_ADMIN
-PrivateTmp=yes
-PrivateDevices=yes
-PrivateNetwork=yes
-ProtectSystem=full
-ProtectHome=yes
+.include /lib/systemd/system/haveged.service

 [Install]
+WantedBy=
 WantedBy=multi-user.target