From ab529ddc4760eb26e95a8917b4c5d4921560884c Mon Sep 17 00:00:00 2001 From: Olivier MEDOC Date: Tue, 31 Oct 2017 22:57:01 +0100 Subject: [PATCH] archlinux: pick Qubes4.0 mergeable changes --- archlinux/PKGBUILD | 57 +++++++++++++++----- archlinux/PKGBUILD-keyring-keys | 30 +++++++++++ archlinux/PKGBUILD-keyring-revoked | 0 archlinux/PKGBUILD-keyring-trusted | 1 + archlinux/PKGBUILD-keyring.install | 18 +++++++ archlinux/PKGBUILD-networking.install | 41 ++++++++++++++ archlinux/PKGBUILD-qubes-noupgrade.conf | 2 - archlinux/PKGBUILD-qubes-pacman-options.conf | 3 ++ archlinux/PKGBUILD.install | 36 +------------ 9 files changed, 138 insertions(+), 50 deletions(-) create mode 100644 archlinux/PKGBUILD-keyring-keys create mode 100644 archlinux/PKGBUILD-keyring-revoked create mode 100644 archlinux/PKGBUILD-keyring-trusted create mode 100644 archlinux/PKGBUILD-keyring.install create mode 100644 archlinux/PKGBUILD-networking.install delete mode 100644 archlinux/PKGBUILD-qubes-noupgrade.conf create mode 100644 archlinux/PKGBUILD-qubes-pacman-options.conf diff --git a/archlinux/PKGBUILD b/archlinux/PKGBUILD index ee01236..d9b9af0 100644 --- a/archlinux/PKGBUILD +++ b/archlinux/PKGBUILD @@ -1,19 +1,17 @@ #!/bin/bash # Maintainer: Olivier Medoc # shellcheck disable=SC2034 -pkgname=qubes-vm-core +pkgname=(qubes-vm-core qubes-vm-networking qubes-vm-keyring) pkgver=$(cat version) -pkgrel=11 +pkgrel=12 epoch= pkgdesc="The Qubes core files for installation inside a Qubes VM." arch=("x86_64") url="http://qubes-os.org/" license=('GPL') groups=() -depends=("qubes-vm-utils>=3.1.3" python2 python3 python2-xdg ethtool ntp net-tools gnome-packagekit imagemagick fakeroot notification-daemon dconf pygtk zenity qubes-libvchan "qubes-db-vm>=3.2.1" haveged python2-gobject python2-dbus xdg-utils notification-daemon gawk sed procps-ng librsvg) -makedepends=(gcc make pkg-config "qubes-vm-utils>=3.1.3" qubes-libvchan qubes-db-vm qubes-vm-xen libx11 python2 python3 lsb-release) +makedepends=(gcc make pkg-config "qubes-vm-utils>=3.1.3" qubes-libvchan qubes-db-vm qubes-vm-xen libx11 python2 python3 lsb-release pandoc) checkdepends=() -optdepends=(gnome-keyring gnome-settings-daemon networkmanager iptables tinyproxy python2-nautilus gpk-update-viewer) provides=() conflicts=() replaces=() @@ -24,9 +22,12 @@ changelog= source=( PKGBUILD.qubes-ensure-lib-modules.service PKGBUILD.qubes-update-desktop-icons.hook - PKGBUILD-qubes-noupgrade.conf + PKGBUILD-qubes-pacman-options.conf PKGBUILD-qubes-repo-3.1.conf PKGBUILD-qubes-repo-3.2.conf + PKGBUILD-keyring-keys + PKGBUILD-keyring-trusted + PKGBUILD-keyring-revoked ) noextract=() @@ -46,10 +47,10 @@ build() { sed 's:/bin/grep:grep:g' -i network/* # Force running all scripts with python2 - sed 's:#!/usr/bin/python:#!/usr/bin/python2:' -i misc/* - sed 's:#!/usr/bin/env python:#!/usr/bin/env python2:' -i misc/* - sed 's:#!/usr/bin/python:#!/usr/bin/python2:' -i qubes-rpc/* - sed 's:#!/usr/bin/env python:#!/usr/bin/env python2:' -i qubes-rpc/* + sed 's:^#!/usr/bin/python.*:#!/usr/bin/python2:' -i misc/* + sed 's:^#!/usr/bin/env python.*:#!/usr/bin/env python2:' -i misc/* + sed 's:^#!/usr/bin/python.*:#!/usr/bin/python2:' -i qubes-rpc/* + sed 's:^#!/usr/bin/env python.*:#!/usr/bin/env python2:' -i qubes-rpc/* # Fix for archlinux sbindir sed 's:/usr/sbin/ntpdate:/usr/bin/ntpdate:g' -i qubes-rpc/sync-ntp-clock @@ -61,15 +62,25 @@ build() { done } -package() { +package_qubes-vm-core() { + depends=("qubes-vm-utils>=3.1.3" python2 python2-xdg ethtool ntp net-tools + gnome-packagekit imagemagick fakeroot notification-daemon dconf + zenity qubes-libvchan "qubes-db-vm>=3.2.1" haveged python2-gobject + python2-dbus xdg-utils notification-daemon gawk sed procps-ng librsvg + socat pygtk + ) + optdepends=(gnome-keyring gnome-settings-daemon python2-nautilus gpk-update-viewer) + install=PKGBUILD.install + # Note: Archlinux removed use of directory such as /sbin /bin /usr/sbin (https://mailman.archlinux.org/pipermail/arch-dev-public/2012-March/022625.html) # shellcheck disable=SC2154 make -C qrexec install DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib - make install-vm DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux + PYTHON=python2 make install-vm DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux # Remove things non wanted in archlinux rm -r "$pkgdir/etc/yum"* + rm -r "$pkgdir/etc/dnf"* rm -r "$pkgdir/etc/init.d" # Remove fedora specific scripts rm "$pkgdir/etc/fstab" @@ -83,7 +94,7 @@ package() { # Install pacman.d drop-ins (at least 1 drop-in must be installed or pacman will fail) mkdir -p "${pkgdir}/etc/pacman.d" - install -m 644 "$srcdir/PKGBUILD-qubes-noupgrade.conf" "${pkgdir}/etc/pacman.d/10-qubes-noupgrade.conf" + install -m 644 "$srcdir/PKGBUILD-qubes-pacman-options.conf" "${pkgdir}/etc/pacman.d/10-qubes-options.conf" # Install pacman repository release=$(echo "$pkgver" | cut -d '.' -f 1,2) @@ -102,4 +113,24 @@ EOF rm -r "$pkgdir/var/run" } +#This is a stub package providing required dependencies for a netvm +package_qubes-vm-networking() { + depends=(qubes-vm-core "qubes-vm-utils>=3.1.3" python2 ethtool net-tools + "qubes-db-vm>=3.2.1" networkmanager iptables tinyproxy nftables + ) + install=PKGBUILD-networking.install +} + +package_qubes-vm-keyring() { + pkgdesc="Qubes OS Binary Repository Activation package and Keyring" + install=PKGBUILD-keyring.install + + # Install keyring (will be activated through the .install file) + install -dm755 "${pkgdir}/usr/share/pacman/keyrings/" + install -m0644 PKGBUILD-keyring-keys "${pkgdir}/usr/share/pacman/keyrings/qubesos-vm.gpg" + install -m0644 PKGBUILD-keyring-trusted "${pkgdir}/usr/share/pacman/keyrings/qubesos-vm-trusted" + install -m0644 PKGBUILD-keyring-revoked "${pkgdir}/usr/share/pacman/keyrings/qubesos-vm-revoked" + +} + # vim:set ts=2 sw=2 et: diff --git a/archlinux/PKGBUILD-keyring-keys b/archlinux/PKGBUILD-keyring-keys new file mode 100644 index 0000000..33b9077 --- /dev/null +++ b/archlinux/PKGBUILD-keyring-keys @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBFM0TnYBCADNyamUtA9e0/oUu4AeAgt1JYDtq3zCQSX7pHpY1zkGtulppSOe +gkCgW2db+FlKeUNHQ+JX0uv8Ny0SjQBZO0yNxDLfPuqJzM/VjUIdLTJS0FEpxzT1 +Oiz0WRdcbeHtQ8SmEfmRStaB9PTNZ97FogFFONvQ6r/ICNldqfe+Qq72D/p6FqNM +mW16dZokQEOgJpOb/L7dHNrta1ye8CurrEbXIt7B+4NnUpvzFmnQ+OxsC3AUbvI5 +PbaQyu8ivhoofnpgj66PojlFYMaL8mUaScL2VM5Ljx72zVA5+MUmk8O02O2X8Rdc ++5boRi2h7oyCASBYK3x+WayaDTNWx3o8+sSdABEBAAG0N09saXZpZXIgTUVET0Mg +KFF1YmVzLU9TIHNpZ25pbmcga2V5KSA8b19tZWRvY0B5YWhvby5mcj6JAT4EEwEC +ACgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJW+jhsBQkHiFDrAAoJECBD +56zBgzucHCwH/RLCCM1PJ50jEMJg7ZBrwkv5cvKePD1iGhPFOZ1gBtMTYfl7zJO7 +gOuOgQ+TKjfIFM/ijQBFMRmByrQ0ZkGNIqY7JB3shZ5EsCeb7cgyw7hEyj4S3O6e +K+CVVy4CBAyXILVr/En8xU41K1qQpEiHkvqk0E05sEkYcN4Ggvw5JUNWpZO7fl6I +tLvTBf5aPqiLqWN08fjdmVJ/5l+LCdMyJxUdsQV0pkzcv9l8ouB/0ig8HikoC+dW +HuWbk9uj1CU0c4C8tTbOszjKAbEZ5msZ2NUxPM1vqKaac8IbWkSJBqlYFcb3PSMk +LmFtXN/0hAcf8KbziODQgKcyuEBi3b5d6wy5AQ0EUzROdgEIAOG22xrDqJkCrEx8 +QFnZYSwxV2lI9fDyCT/kaHPa/5YOV/Xa01RLM27UPbV/UKkKN+M6+mFj26e+E25p +2R/e1Wk9HDrbu7NDXozGcKDlTIAmQ4yjNVb/G1850/SO1vuPDfNzMD81F18XzYCa +eyUV88HjXTbJSeJAbjWNvTkoMK4wY6PlHfyT0G0i4svfL/mZCGM8KagNouGHuG8s +5JKwlC1BZnmfDuB4exP7cSNEDWwnBn98rx13DMLkGJu1xGnLqdGJw6WpP4a1IG7A +9NDE2VetAS/ElMbMqfyuqiAxhtnuGdxstDaU7gW4VMTjAOMtO9LLY20EipsSBUrg +7U1ync0AEQEAAYkBJQQYAQIADwIbDAUCVvo4nQUJB4hRJAAKCRAgQ+eswYM7nLWy +CAC6enhJbXKGchqgfh+CeKsvWg97JG8yjW4W/9RL9Vto8ppgNzIKbA7AKgqOiy5l +TToLaxK+Z1JE72lsWUnALmz1Oa7M7M9J1ptfD8TMj1/D3cj2Lnrg7qTaEEL5Nw+t +FRNXeUjsuWt+iW7eYiGtI+eSWBokH945Ig32vf88n0t3F8whDRzv5fy1yF35aMRS +HS5gDJv5t2BnPtehMhr5EOHbUH3UFevA79Hf4bUlOOo7eTTmSPMDcWFUA9MMKoE5 +pkHwoimXiNJy3e8TZ4uSTBH8XcXA/5mYSXbWKBX4Y5JznOBTtkjGsbL7dua3zDbF +BGNH5RhiY1/bJ+m4zxU8bDWq +=ofdo +-----END PGP PUBLIC KEY BLOCK----- diff --git a/archlinux/PKGBUILD-keyring-revoked b/archlinux/PKGBUILD-keyring-revoked new file mode 100644 index 0000000..e69de29 diff --git a/archlinux/PKGBUILD-keyring-trusted b/archlinux/PKGBUILD-keyring-trusted new file mode 100644 index 0000000..a608c62 --- /dev/null +++ b/archlinux/PKGBUILD-keyring-trusted @@ -0,0 +1 @@ +D85EE12F967851CCF433515A2043E7ACC1833B9C:4: diff --git a/archlinux/PKGBUILD-keyring.install b/archlinux/PKGBUILD-keyring.install new file mode 100644 index 0000000..c02da49 --- /dev/null +++ b/archlinux/PKGBUILD-keyring.install @@ -0,0 +1,18 @@ +post_upgrade() { + if usr/bin/pacman-key -l >/dev/null 2>&1; then + usr/bin/pacman-key --populate archlinux + fi + release=$(echo "$1" | cut -d '.' -f 1,2) + + if ! [ -h /etc/pacman.d/99-qubes-repository-${release}.conf ] ; then + ln -s /etc/pacman.d/99-qubes-repository-${release}.conf.disabled /etc/pacman.d/99-qubes-repository-${release}.conf + fi + +} + +post_install() { + if [ -x usr/bin/pacman-key ]; then + post_upgrade "$1" + fi +} + diff --git a/archlinux/PKGBUILD-networking.install b/archlinux/PKGBUILD-networking.install new file mode 100644 index 0000000..8007fca --- /dev/null +++ b/archlinux/PKGBUILD-networking.install @@ -0,0 +1,41 @@ +#!/bin/bash + +## arg 1: the new package version +post_install() { + # Create NetworkManager configuration if we do not have it + if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then + echo '[main]' > /etc/NetworkManager/NetworkManager.conf + echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf + echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf + fi + + # Remove ip_forward setting from sysctl, so NM will not reset it + # Archlinux now use sysctl.d/ instead of sysctl.conf + #sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf + + /usr/lib/qubes/qubes-fix-nm-conf.sh + + # Yum proxy configuration is fedora specific + #if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf' /etc/yum.conf; then + # echo >> /etc/yum.conf + # echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf + # echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf + #fi + + for srv in qubes-firewall.service qubes-iptables.service qubes-network.service qubes-updates-proxy.service ; do + systemctl enable $srv.service + done +} + +## arg 1: the new package version +## arg 2: the old package version +post_upgrade() { + post_install +} + +## arg 1: the old package version +post_remove() { + for srv in qubes-firewall.service qubes-iptables.service qubes-network.service qubes-updates-proxy.service ; do + systemctl disable $srv.service + done +} diff --git a/archlinux/PKGBUILD-qubes-noupgrade.conf b/archlinux/PKGBUILD-qubes-noupgrade.conf deleted file mode 100644 index 0b4ff7d..0000000 --- a/archlinux/PKGBUILD-qubes-noupgrade.conf +++ /dev/null @@ -1,2 +0,0 @@ -NoUpgrade = etc/pam.d/su -NoUpgrade = etc/pam.d/su-l \ No newline at end of file diff --git a/archlinux/PKGBUILD-qubes-pacman-options.conf b/archlinux/PKGBUILD-qubes-pacman-options.conf new file mode 100644 index 0000000..8daabda --- /dev/null +++ b/archlinux/PKGBUILD-qubes-pacman-options.conf @@ -0,0 +1,3 @@ +[options] +NoUpgrade = etc/pam.d/su +NoUpgrade = etc/pam.d/su-l \ No newline at end of file diff --git a/archlinux/PKGBUILD.install b/archlinux/PKGBUILD.install index 6cd941a..a8b9363 100644 --- a/archlinux/PKGBUILD.install +++ b/archlinux/PKGBUILD.install @@ -74,29 +74,11 @@ configure_selinux() { ############################ update_qubesconfig() { - # Create NetworkManager configuration if we do not have it - if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then - echo '[main]' > /etc/NetworkManager/NetworkManager.conf - echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf - echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf - fi - /usr/lib/qubes/qubes-fix-nm-conf.sh - - # Remove ip_forward setting from sysctl, so NM will not reset it - # Archlinux now use sysctl.d/ instead of sysctl.conf - #sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf - # Remove old firmware updates link if [ -L /lib/firmware/updates ]; then rm -f /lib/firmware/updates fi - # Yum proxy configuration is fedora specific - #if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf' /etc/yum.conf; then - # echo >> /etc/yum.conf - # echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf - # echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf - #fi #/usr/lib/qubes/update-proxy-configs # Archlinux pacman configuration is handled in update_finalize @@ -130,21 +112,6 @@ EOF done fi - # Make sure there is a default locale set so gnome-terminal will start - if [ ! -e /etc/locale.conf ] || ! grep -q LANG /etc/locale.conf; then - touch /etc/locale.conf - echo "LANG=en_US.UTF-8" >> /etc/locale.conf - fi - # ... and make sure it is really generated - # This line is buggy as LANG can be set to LANG="en_US.UTF-8". The Quotes must be stripped - current_locale=$(grep LANG /etc/locale.conf|cut -f 2 -d = | tr -d '"') - if [ -n "$current_locale" ] && ! locale -a | grep -q "$current_locale"; then - base=$(echo "$current_locale" | cut -f 1 -d .) - charmap=$(echo "$current_locale.UTF-8" | cut -f 2 -d .) - [ -n "$charmap" ] && charmap="-f $charmap" - # shellcheck disable=SC2086 - localedef -i "$base" $charmap "$current_locale" - fi } ############################ @@ -334,7 +301,6 @@ update_finalize() { # Also remove pam_unix.so from su configuration # as system-login (which include system-auth) already gives pam_unix.so # with more appropriate parameters (fix the missing nullok parameter) - if grep -q pam_unix.so /etc/pam.d/su; then echo "Fixing pam.d" cat < /etc/pam.d/su @@ -463,7 +429,7 @@ post_remove() { rm -rf /var/lib/qubes/xdg - for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do + for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-qrexec-agent; do systemctl disable $srv.service done }