archlinux: pick Qubes4.0 mergeable changes

archlinux/PKGBUILD

@@ -1,19 +1,17 @@
 #!/bin/bash
 # Maintainer: Olivier Medoc <o_medoc@yahoo.fr>
 # shellcheck disable=SC2034
-pkgname=qubes-vm-core
+pkgname=(qubes-vm-core qubes-vm-networking qubes-vm-keyring)
 pkgver=$(cat version)
-pkgrel=11
+pkgrel=12
 epoch=
 pkgdesc="The Qubes core files for installation inside a Qubes VM."
 arch=("x86_64")
 url="http://qubes-os.org/"
 license=('GPL')
 groups=()
-depends=("qubes-vm-utils>=3.1.3" python2 python3 python2-xdg ethtool ntp net-tools gnome-packagekit imagemagick fakeroot notification-daemon dconf pygtk zenity qubes-libvchan "qubes-db-vm>=3.2.1" haveged python2-gobject python2-dbus xdg-utils notification-daemon gawk sed procps-ng librsvg)
+makedepends=(gcc make pkg-config "qubes-vm-utils>=3.1.3" qubes-libvchan qubes-db-vm qubes-vm-xen libx11 python2 python3 lsb-release pandoc)
-makedepends=(gcc make pkg-config "qubes-vm-utils>=3.1.3" qubes-libvchan qubes-db-vm qubes-vm-xen libx11 python2 python3 lsb-release)
 checkdepends=()
-optdepends=(gnome-keyring gnome-settings-daemon networkmanager iptables tinyproxy python2-nautilus gpk-update-viewer)
 provides=()
 conflicts=()
 replaces=()
@@ -24,9 +22,12 @@ changelog=
 
 source=(
     PKGBUILD.qubes-ensure-lib-modules.service PKGBUILD.qubes-update-desktop-icons.hook
-    PKGBUILD-qubes-noupgrade.conf
+    PKGBUILD-qubes-pacman-options.conf
     PKGBUILD-qubes-repo-3.1.conf
     PKGBUILD-qubes-repo-3.2.conf
+    PKGBUILD-keyring-keys
+    PKGBUILD-keyring-trusted
+    PKGBUILD-keyring-revoked
 )
 
 noextract=()
@@ -46,10 +47,10 @@ build() {
     sed 's:/bin/grep:grep:g' -i network/*
 
     # Force running all scripts with python2
-    sed 's:#!/usr/bin/python:#!/usr/bin/python2:' -i misc/*
+    sed 's:^#!/usr/bin/python.*:#!/usr/bin/python2:' -i misc/*
-    sed 's:#!/usr/bin/env python:#!/usr/bin/env python2:' -i misc/*
+    sed 's:^#!/usr/bin/env python.*:#!/usr/bin/env python2:' -i misc/*
-    sed 's:#!/usr/bin/python:#!/usr/bin/python2:' -i qubes-rpc/*
+    sed 's:^#!/usr/bin/python.*:#!/usr/bin/python2:' -i qubes-rpc/*
-    sed 's:#!/usr/bin/env python:#!/usr/bin/env python2:' -i qubes-rpc/*
+    sed 's:^#!/usr/bin/env python.*:#!/usr/bin/env python2:' -i qubes-rpc/*
 
     # Fix for archlinux sbindir
     sed 's:/usr/sbin/ntpdate:/usr/bin/ntpdate:g' -i qubes-rpc/sync-ntp-clock
@@ -61,15 +62,25 @@ build() {
     done
 }
 
-package() {
+package_qubes-vm-core() {
+    depends=("qubes-vm-utils>=3.1.3" python2 python2-xdg ethtool ntp net-tools
+             gnome-packagekit imagemagick fakeroot notification-daemon dconf
+             zenity qubes-libvchan "qubes-db-vm>=3.2.1" haveged python2-gobject
+             python2-dbus xdg-utils notification-daemon gawk sed procps-ng librsvg
+             socat pygtk
+             )
+    optdepends=(gnome-keyring gnome-settings-daemon python2-nautilus gpk-update-viewer)
+    install=PKGBUILD.install
+
     # Note: Archlinux removed use of directory such as /sbin /bin /usr/sbin (https://mailman.archlinux.org/pipermail/arch-dev-public/2012-March/022625.html)
     # shellcheck disable=SC2154
     make -C qrexec install DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
 
-    make install-vm DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux
+    PYTHON=python2 make install-vm DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux
 
     # Remove things non wanted in archlinux
     rm -r "$pkgdir/etc/yum"*
+    rm -r "$pkgdir/etc/dnf"*
     rm -r "$pkgdir/etc/init.d"
     # Remove fedora specific scripts
     rm "$pkgdir/etc/fstab"
@@ -83,7 +94,7 @@ package() {
 
     # Install pacman.d drop-ins (at least 1 drop-in must be installed or pacman will fail)
     mkdir -p "${pkgdir}/etc/pacman.d"
-    install -m 644 "$srcdir/PKGBUILD-qubes-noupgrade.conf" "${pkgdir}/etc/pacman.d/10-qubes-noupgrade.conf"
+    install -m 644 "$srcdir/PKGBUILD-qubes-pacman-options.conf" "${pkgdir}/etc/pacman.d/10-qubes-options.conf"
 
     # Install pacman repository
     release=$(echo "$pkgver" | cut -d '.' -f 1,2)
@@ -102,4 +113,24 @@ EOF
     rm -r "$pkgdir/var/run"
 }
 
+#This is a stub package providing required dependencies for a netvm
+package_qubes-vm-networking() {
+    depends=(qubes-vm-core "qubes-vm-utils>=3.1.3" python2 ethtool net-tools
+             "qubes-db-vm>=3.2.1" networkmanager iptables tinyproxy nftables
+             )
+    install=PKGBUILD-networking.install
+}
+
+package_qubes-vm-keyring() {
+    pkgdesc="Qubes OS Binary Repository Activation package and Keyring"
+    install=PKGBUILD-keyring.install
+
+    # Install keyring (will be activated through the .install file)
+    install -dm755 "${pkgdir}/usr/share/pacman/keyrings/"
+    install -m0644 PKGBUILD-keyring-keys "${pkgdir}/usr/share/pacman/keyrings/qubesos-vm.gpg"
+    install -m0644 PKGBUILD-keyring-trusted "${pkgdir}/usr/share/pacman/keyrings/qubesos-vm-trusted"
+    install -m0644 PKGBUILD-keyring-revoked "${pkgdir}/usr/share/pacman/keyrings/qubesos-vm-revoked"
+
+}
+
 # vim:set ts=2 sw=2 et:

archlinux/PKGBUILD-keyring-keys

@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFM0TnYBCADNyamUtA9e0/oUu4AeAgt1JYDtq3zCQSX7pHpY1zkGtulppSOe
+gkCgW2db+FlKeUNHQ+JX0uv8Ny0SjQBZO0yNxDLfPuqJzM/VjUIdLTJS0FEpxzT1
+Oiz0WRdcbeHtQ8SmEfmRStaB9PTNZ97FogFFONvQ6r/ICNldqfe+Qq72D/p6FqNM
+mW16dZokQEOgJpOb/L7dHNrta1ye8CurrEbXIt7B+4NnUpvzFmnQ+OxsC3AUbvI5
+PbaQyu8ivhoofnpgj66PojlFYMaL8mUaScL2VM5Ljx72zVA5+MUmk8O02O2X8Rdc
++5boRi2h7oyCASBYK3x+WayaDTNWx3o8+sSdABEBAAG0N09saXZpZXIgTUVET0Mg
+KFF1YmVzLU9TIHNpZ25pbmcga2V5KSA8b19tZWRvY0B5YWhvby5mcj6JAT4EEwEC
+ACgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJW+jhsBQkHiFDrAAoJECBD
+56zBgzucHCwH/RLCCM1PJ50jEMJg7ZBrwkv5cvKePD1iGhPFOZ1gBtMTYfl7zJO7
+gOuOgQ+TKjfIFM/ijQBFMRmByrQ0ZkGNIqY7JB3shZ5EsCeb7cgyw7hEyj4S3O6e
+K+CVVy4CBAyXILVr/En8xU41K1qQpEiHkvqk0E05sEkYcN4Ggvw5JUNWpZO7fl6I
+tLvTBf5aPqiLqWN08fjdmVJ/5l+LCdMyJxUdsQV0pkzcv9l8ouB/0ig8HikoC+dW
+HuWbk9uj1CU0c4C8tTbOszjKAbEZ5msZ2NUxPM1vqKaac8IbWkSJBqlYFcb3PSMk
+LmFtXN/0hAcf8KbziODQgKcyuEBi3b5d6wy5AQ0EUzROdgEIAOG22xrDqJkCrEx8
+QFnZYSwxV2lI9fDyCT/kaHPa/5YOV/Xa01RLM27UPbV/UKkKN+M6+mFj26e+E25p
+2R/e1Wk9HDrbu7NDXozGcKDlTIAmQ4yjNVb/G1850/SO1vuPDfNzMD81F18XzYCa
+eyUV88HjXTbJSeJAbjWNvTkoMK4wY6PlHfyT0G0i4svfL/mZCGM8KagNouGHuG8s
+5JKwlC1BZnmfDuB4exP7cSNEDWwnBn98rx13DMLkGJu1xGnLqdGJw6WpP4a1IG7A
+9NDE2VetAS/ElMbMqfyuqiAxhtnuGdxstDaU7gW4VMTjAOMtO9LLY20EipsSBUrg
+7U1ync0AEQEAAYkBJQQYAQIADwIbDAUCVvo4nQUJB4hRJAAKCRAgQ+eswYM7nLWy
+CAC6enhJbXKGchqgfh+CeKsvWg97JG8yjW4W/9RL9Vto8ppgNzIKbA7AKgqOiy5l
+TToLaxK+Z1JE72lsWUnALmz1Oa7M7M9J1ptfD8TMj1/D3cj2Lnrg7qTaEEL5Nw+t
+FRNXeUjsuWt+iW7eYiGtI+eSWBokH945Ig32vf88n0t3F8whDRzv5fy1yF35aMRS
+HS5gDJv5t2BnPtehMhr5EOHbUH3UFevA79Hf4bUlOOo7eTTmSPMDcWFUA9MMKoE5
+pkHwoimXiNJy3e8TZ4uSTBH8XcXA/5mYSXbWKBX4Y5JznOBTtkjGsbL7dua3zDbF
+BGNH5RhiY1/bJ+m4zxU8bDWq
+=ofdo
+-----END PGP PUBLIC KEY BLOCK-----

archlinux/PKGBUILD-keyring-trusted

@@ -0,0 +1 @@
+D85EE12F967851CCF433515A2043E7ACC1833B9C:4:

archlinux/PKGBUILD-keyring.install

@@ -0,0 +1,18 @@
+post_upgrade() {
+	if usr/bin/pacman-key -l >/dev/null 2>&1; then
+		usr/bin/pacman-key --populate archlinux
+	fi
+	release=$(echo "$1" | cut -d '.' -f 1,2)
+
+	if ! [ -h /etc/pacman.d/99-qubes-repository-${release}.conf ] ; then
+            ln -s /etc/pacman.d/99-qubes-repository-${release}.conf.disabled /etc/pacman.d/99-qubes-repository-${release}.conf 
+        fi
+
+}
+
+post_install() {
+	if [ -x usr/bin/pacman-key ]; then
+		post_upgrade "$1"
+	fi
+}
+

archlinux/PKGBUILD-networking.install

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+## arg 1:  the new package version
+post_install() {
+    # Create NetworkManager configuration if we do not have it
+    if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
+    echo '[main]' > /etc/NetworkManager/NetworkManager.conf
+    echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
+    echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
+    fi
+
+    # Remove ip_forward setting from sysctl, so NM will not reset it
+    # Archlinux now use sysctl.d/ instead of sysctl.conf
+    #sed 's/^net.ipv4.ip_forward.*/#\0/'  -i /etc/sysctl.conf
+
+    /usr/lib/qubes/qubes-fix-nm-conf.sh
+
+    # Yum proxy configuration is fedora specific
+    #if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf' /etc/yum.conf; then
+    #  echo >> /etc/yum.conf
+    #  echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf
+    #  echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf
+    #fi
+
+    for srv in qubes-firewall.service qubes-iptables.service qubes-network.service qubes-updates-proxy.service ; do
+        systemctl enable $srv.service
+    done
+}
+
+## arg 1:  the new package version
+## arg 2:  the old package version
+post_upgrade() {
+    post_install
+}
+
+## arg 1:  the old package version
+post_remove() {
+    for srv in qubes-firewall.service qubes-iptables.service qubes-network.service qubes-updates-proxy.service ; do
+        systemctl disable $srv.service
+    done
+}

archlinux/PKGBUILD-qubes-noupgrade.conf

@@ -1,2 +0,0 @@
-NoUpgrade = etc/pam.d/su
-NoUpgrade = etc/pam.d/su-l

archlinux/PKGBUILD-qubes-pacman-options.conf

@@ -0,0 +1,3 @@
+[options]
+NoUpgrade = etc/pam.d/su
+NoUpgrade = etc/pam.d/su-l

archlinux/PKGBUILD.install

@@ -74,29 +74,11 @@ configure_selinux() {
 ############################
 
 update_qubesconfig() {
-    # Create NetworkManager configuration if we do not have it
-    if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
-    echo '[main]' > /etc/NetworkManager/NetworkManager.conf
-    echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
-    echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
-    fi
-    /usr/lib/qubes/qubes-fix-nm-conf.sh
-
-    # Remove ip_forward setting from sysctl, so NM will not reset it
-    # Archlinux now use sysctl.d/ instead of sysctl.conf
-    #sed 's/^net.ipv4.ip_forward.*/#\0/'  -i /etc/sysctl.conf
-
     # Remove old firmware updates link
     if [ -L /lib/firmware/updates ]; then
       rm -f /lib/firmware/updates
     fi
 
-    # Yum proxy configuration is fedora specific
-    #if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf' /etc/yum.conf; then
-    #  echo >> /etc/yum.conf
-    #  echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf
-    #  echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf
-    #fi
     #/usr/lib/qubes/update-proxy-configs
     # Archlinux pacman configuration is handled in update_finalize
 
@@ -130,21 +112,6 @@ EOF
         done
     fi
 
-    # Make sure there is a default locale set so gnome-terminal will start
-    if [ ! -e /etc/locale.conf ] || ! grep -q LANG /etc/locale.conf; then
-        touch /etc/locale.conf
-        echo "LANG=en_US.UTF-8" >> /etc/locale.conf
-    fi
-    # ... and make sure it is really generated
-    # This line is buggy as LANG can be set to LANG="en_US.UTF-8". The Quotes must be stripped
-    current_locale=$(grep LANG /etc/locale.conf|cut -f 2 -d = | tr -d '"')
-    if [ -n "$current_locale" ] && ! locale -a | grep -q "$current_locale"; then
-        base=$(echo "$current_locale" | cut -f 1 -d .)
-        charmap=$(echo "$current_locale.UTF-8" | cut -f 2 -d .)
-        [ -n "$charmap" ] && charmap="-f $charmap"
-        # shellcheck disable=SC2086
-        localedef -i "$base" $charmap "$current_locale"
-    fi
 }
 
 ############################
@@ -334,7 +301,6 @@ update_finalize() {
     # Also remove pam_unix.so from su configuration
     # as system-login (which include system-auth) already gives pam_unix.so
     # with more appropriate parameters (fix the missing nullok parameter)
-
     if grep -q pam_unix.so /etc/pam.d/su; then
         echo "Fixing pam.d"
         cat <<EOF > /etc/pam.d/su
@@ -463,7 +429,7 @@ post_remove() {
 
     rm -rf /var/lib/qubes/xdg
 
-    for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do
+    for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-qrexec-agent; do
         systemctl disable $srv.service
     done
 }