From 9b6abb9786652ca97defb3ed33103bd714678e44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Mon, 22 May 2017 17:30:06 +0200
Subject: [PATCH] debian: make haveged.service patch less intrusive...

...but installed on all Debian versions. This is mostly required by
vebose file list in debian/qubes-core-agent.install. But also make it
use new options when upstream will set them.

QubesOS/qubes-issues#2161

(cherry picked from commit 34fa6e7cedb3e0b24908bc0b95c91fcfc6a06802)
---
 Makefile                        |  7 ++-----
 debian/qubes-core-agent.install |  1 +
 vm-systemd/haveged.service      | 21 ++-------------------
 3 files changed, 5 insertions(+), 24 deletions(-)

diff --git a/Makefile b/Makefile
index 4f79ecc..0e6e9a9 100644
--- a/Makefile
+++ b/Makefile
@@ -295,11 +295,6 @@ else
 	install -m 0644 misc/py2/xdg.py* $(DESTDIR)/$(PYTHON_SITEARCH)/qubes/
 endif
 
-ifneq (,$(filter xenial zesty stretch, $(shell lsb_release -cs)))
-	mkdir -p $(DESTDIR)/etc/systemd/system/
-	install -m 0644 vm-systemd/haveged.service  $(DESTDIR)/etc/systemd/system/
-endif
-
 	install -d $(DESTDIR)/mnt/removable
 
 	install -D -m 0644 misc/xorg-preload-apps.conf $(DESTDIR)/etc/X11/xorg-preload-apps.conf
@@ -328,5 +323,7 @@ install-deb: install-common install-systemd install-systemd-dropins
 	install -d $(DESTDIR)/usr/share/glib-2.0/schemas/
 	install -m 0644 misc/org.gnome.nautilus.gschema.override $(DESTDIR)/usr/share/glib-2.0/schemas/
 
+	mkdir -p $(DESTDIR)/etc/systemd/system/
+	install -m 0644 vm-systemd/haveged.service  $(DESTDIR)/etc/systemd/system/
 
 install-vm: install-rh install-common
diff --git a/debian/qubes-core-agent.install b/debian/qubes-core-agent.install
index ef07329..7697d65 100644
--- a/debian/qubes-core-agent.install
+++ b/debian/qubes-core-agent.install
@@ -71,6 +71,7 @@ etc/apt/apt.conf.d/00notify-hook
 etc/apt/sources.list.d/qubes-r3.list
 etc/needrestart/conf.d/50_qubes.conf
 etc/sysctl.d/20_tcp_timestamps.conf
+etc/systemd/system/haveged.service
 usr/sbin/qubes-firewall
 usr/sbin/qubes-netwatcher
 usr/bin/qvm-run
diff --git a/vm-systemd/haveged.service b/vm-systemd/haveged.service
index e0b8fc6..6dea9b4 100644
--- a/vm-systemd/haveged.service
+++ b/vm-systemd/haveged.service
@@ -1,22 +1,5 @@
-[Unit]
-Description=Entropy daemon using the HAVEGE algorithm
-Documentation=man:haveged(8) http://www.issihosts.com/haveged/
-DefaultDependencies=no
-ConditionVirtualization=!container
-After=apparmor.service systemd-random-seed.service systemd-tmpfiles-setup.service
-
-[Service]
-EnvironmentFile=/etc/default/haveged
-ExecStart=/usr/sbin/haveged --Foreground --verbose=1 $DAEMON_ARGS
-SuccessExitStatus=143
-SecureBits=noroot-locked
-NoNewPrivileges=yes
-CapabilityBoundingSet=CAP_SYS_ADMIN
-PrivateTmp=yes
-PrivateDevices=yes
-PrivateNetwork=yes
-ProtectSystem=full
-ProtectHome=yes
+.include /lib/systemd/system/haveged.service
 
 [Install]
+WantedBy=
 WantedBy=multi-user.target