suzanne.soy/qubes-core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tag for commit 977da9ccef

Browse Source 
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJU0jm2AAoJEIwFIWzgnAk8zVMP/A8iXCWtHL5dVsXhVfFWHTDB
 OMuPzpkTWHcmwHtGWEsNXuKUhpBARqoBEX4y+xmnTYfUXimxrxZLaEkgWw9+js3O
 HCH7u0FYcUphs6g/v0xhfKkB9YDYQpJuajSsc0qvytkJ+Y7jauPw327rwyDEVPQ6
 fSc0okX/cNOd9iOdnb3ZyHZr/LX/OkXI1/jT4Xn5fPG3hP8GlBNOsCF/ebwm0KT0
 xunc7N9Q5xsYoZHAeaPUP9yXyB63yzKwMFBZTp/JHDKE4C/sXdkAIgXiLpY58Mzo
 FzXadVvVltRvpXNWhMVmP8ETtGd4s5A7ou3JObqkoBlnKwvoUBNOOstL3EWhE7zO
 CRhWJZJm+tC9L1m8GoKCdgAb9wo2lcrq++BXSOuF80HLJEJiqe6dqlnrNLmmdqkI
 WrReexfyTNal/57fyl+sfwQ0z0l38sFciCQ0g8mShI3/Y1+btfQNjkxbhCO/SP1A
 yk1SYUOEH4H/lHMW0cDI+GrzqzeXbZjHmL34UoWr3IhByUd8Sf3YgubZyCwdIAIZ
 YVe6nIpGEmFzVHaGvMJsMNsDXgXI7UB4kChB9lLahKQwpDYL07hlvXTQmxbJUGXc
 q3+OJnpLn7GQaO9MUTZB7QfgCFG2J35WXSddFnP+owizm1otGuIFhzFIrA6U6wsR
 8ASxygaDOnVudY97TZlz
 =eitW
 -----END PGP SIGNATURE-----

Merge tag 'hw42_977da9cc' into release2

tag for commit 977da9ccef

# gpg: Signature made Wed Feb  4 16:24:38 2015 CET using RSA key ID E09C093C
# gpg: Good signature from "HW42 (Qubes Signing Key) <hw42-qubes@ipsumj.de>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FC1A C023 76D0 4C68 341F  406F 8C05 216C E09C 093C
This commit is contained in:
Marek Marczykowski-Górecki 2015-02-05 01:20:13 +01:00
commit e1f6a469ff
8 changed files with 33 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Makefile
View File

@ -74,8 +74,6 @@ install-sysvinit:
install-rh: install-systemd install-sysvinit
install -m 0644 -D misc/fstab $(DESTDIR)/etc/fstab
install -D -m 0644 misc/qubes-r2.repo $(DESTDIR)/etc/yum.repos.d/qubes-r2.repo
install -d $(DESTDIR)/usr/share/glib-2.0/schemas/
install -m 0644 misc/org.gnome.settings-daemon.plugins.updates.gschema.override $(DESTDIR)/usr/share/glib-2.0/schemas/
@ -102,6 +100,8 @@ install-rh: install-systemd install-sysvinit
install -m 0400 -D network/ip6tables $(DESTDIR)/usr/lib/qubes/init/ip6tables
install-common:
install -m 0644 -D misc/fstab $(DESTDIR)/etc/fstab
install -D -m 0440 misc/qubes.sudoers $(DESTDIR)/etc/sudoers.d/qubes
install -d $(DESTDIR)/var/lib/qubes
@ -198,5 +198,8 @@ install-deb:
install -D -m 644 network/ip6tables $(DESTDIR)/etc/iptables/rules.v6
install -d $(DESTDIR)/etc/sysctl.d
install -m 644 network/80-qubes.conf $(DESTDIR)/etc/sysctl.d/
install -D -m 644 misc/profile.d_qt_x11_no_mitshm.sh $(DESTDIR)/etc/profile.d/qt_x11_no_mitshm.sh
install -D -m 440 misc/sudoers.d_umask $(DESTDIR)/etc/sudoers.d/umask
install -D -m 440 misc/sudoers.d_qt_x11_no_mitshm $(DESTDIR)/etc/sudoers.d/qt_x11_no_mitshm
install-vm: install-rh install-common

4
debian/control vendored
View File

@ -2,14 +2,14 @@ Source: qubes-core-agent
Section: admin
Priority: extra
Maintainer: Davíð Steinn Geirsson <david@dsg.is>
Build-Depends: qubes-utils, libvchan-xen-dev, python, debhelper, quilt, libxen-dev, dh-systemd (>= 1.5)
Build-Depends: qubes-utils (>= 2.0.17), libvchan-xen-dev, python, debhelper, quilt, libxen-dev, dh-systemd (>= 1.5)
Standards-Version: 3.9.3
Homepage: http://www.qubes-os.org
Vcs-Git: git://git.qubes-os.org/marmarek/core-agent-linux.git
Package: qubes-core-agent
Architecture: any
Depends: qubes-utils, libvchan-xen, xenstore-utils, iptables-persistent, xserver-xorg-video-dummy, xen-utils-common, ethtool, python2.7, python-gi, init-system-helpers, xdg-user-dirs, iptables, net-tools, initscripts, imagemagick, fakeroot, systemd, locales, sudo, dmsetup, psmisc, ncurses-term, xserver-xorg-core, x11-xserver-utils, xinit, ${shlibs:Depends}, ${misc:Depends}
Depends: qubes-utils (>= 2.0.17), libvchan-xen, xenstore-utils, iptables-persistent, xserver-xorg-video-dummy, xen-utils-common, ethtool, python2.7, python-gi, init-system-helpers, xdg-user-dirs, iptables, net-tools, initscripts, imagemagick, fakeroot, systemd, locales, sudo, dmsetup, psmisc, ncurses-term, xserver-xorg-core, x11-xserver-utils, xinit, ${shlibs:Depends}, ${misc:Depends}
Recommends: tinyproxy, gnome-themes-standard, chrony, ntpdate, haveged, network-manager (>= 0.8.1-1), network-manager-gnome, xsettingsd, nautilus-actions, libnotify-bin, notify-osd, gnome-packagekit, gnome-terminal
Conflicts: qubes-core-agent-linux, firewalld, qubes-core-vm-sysvinit
Description: Qubes core agent

97
debian/qubes-core-agent.postinst vendored
View File

@ -158,9 +158,8 @@ disableSystemdUnits() {
if fgrep -q '[Install]' /lib/systemd/system/${unit}; then
systemctl disable ${unit} > /dev/null 2>&1 || displayFailedStatus disable ${unit}
else
# Forcibly disable
echo "Forcibly disabling: ${unit}"
ln -sf /dev/null /etc/systemd/system/${unit}
echo "Masking service: ${unit}"
systemctl mask ${unit}
fi
else
systemctl disable ${unit} > /dev/null 2>&1 || displayFailedStatus disable ${unit}
@ -180,9 +179,7 @@ enableSystemdUnits() {
#displayFailedStatus is-enabled ${unit}
} || {
echo "Enabling: ${unit}..."
systemctl enable ${unit} > /dev/null 2>&1 && {
systemctl start ${unit} > /dev/null 2>&1 || displayFailedStatus start ${unit}
} || {
systemctl enable ${unit} > /dev/null 2>&1 || {
echo "Could not enable: ${unit}"
displayFailedStatus enable ${unit}
}
@ -209,23 +206,9 @@ case "${1}" in
splash-manager \
start-ttys \
tty ; do
if [ -e /etc/init/${init}.conf ]; then
mv -f /etc/init/${init}.conf /etc/init/${init}.conf.disabled
fi
dpkg-divert --divert /etc/init/${init}.conf.qubes-disabled --package qubes-core-agent --rename --add /etc/init/${init}.conf
done
# Stops Qt form using the MIT-SHM X11 Shared Memory Extension
echo 'export QT_X11_NO_MITSHM=1' > /etc/profile.d/qt_x11_no_mitshm.sh
chmod 0755 /etc/profile.d/qt_x11_no_mitshm.sh
# Sudo's defualt umask is 077 so set sane default of 022
# Also don't allow QT to used shared memory to prevent errors
echo 'Defaults umask = 0002' > /etc/sudoers.d/umask
echo 'Defaults umask_override' >> /etc/sudoers.d/umask
chmod 0440 /etc/sudoers.d/umask
echo 'Defaults env_keep += "QT_X11_NO_MITSHM"' > /etc/sudoers.d/qt_x11_no_mitshm
chmod 0440 /etc/sudoers.d/qt_x11_no_mitshm
# Create NetworkManager configuration if we do not have it
if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
echo '[main]' > /etc/NetworkManager/NetworkManager.conf
@ -238,15 +221,6 @@ case "${1}" in
rm -f /lib/firmware/updates
fi
#if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf' /etc/yum.conf; then
# echo >> /etc/yum.conf
# echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf
# echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf
#fi
# Revert 'Prevent unnecessary updates in VMs':
#sed -i -e '/^exclude = kernel/d' /etc/yum.conf
# ensure that hostname resolves to 127.0.1.1 resp. ::1 and that /etc/hosts is
# in the form expected by qubes-sysinit.sh
for ip in '127\.0\.1\.1' '::1'; do
@ -263,45 +237,7 @@ case "${1}" in
chown user:user /home_volatile/user
#if [ "${1}" != 1 ] ; then
# # do the rest of %post thing only when updating for the first time...
# exit 0
#fi
if [ -e /etc/init/serial.conf ] && ! [ -f /var/lib/qubes/serial.orig ] ; then
cp /etc/init/serial.conf /var/lib/qubes/serial.orig
fi
# Remove most of the udev scripts to speed up the VM boot time
# Just leave the xen* scripts, that are needed if this VM was
# ever used as a net backend (e.g. as a VPN domain in the future)
#echo "--> Removing unnecessary udev scripts..."
mkdir -p /var/lib/qubes/removed-udev-scripts
for f in /etc/udev/rules.d/*
do
if [ $(basename ${f}) == "xen-backend.rules" ] ; then
continue
fi
if [ $(basename ${f}) == "50-qubes-misc.rules" ] ; then
continue
fi
if echo ${f} | grep -q qubes; then
continue
fi
mv ${f} /var/lib/qubes/removed-udev-scripts/
done
# Create /rw directory
mkdir -p /rw
# XXX: TODO: Needs to be implemented still
#rm -f /etc/mtab
#echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0"
#mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig
#grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0
dpkg-divert --divert /etc/init/serial.conf.qubes-orig --package qubes-core-agent --rename --add /etc/init/serial.conf
# Enable Qubes systemd units
enableSystemdUnits \
@ -315,19 +251,7 @@ case "${1}" in
qubes-qrexec-agent.service
# Set default "runlevel"
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# Copy ip(|6)tables into place if they do not already exist in filesystem.
# This prevents conflict with iptables-service with fc21 and also put config
# in proper place for debian
mkdir -p '/etc/iptables'
if [ ! -f '/etc/iptables/rules.v4' ]; then
cp -p /usr/lib/qubes/init/iptables /etc/iptables/rules.v4
fi
if [ ! -f '/etc/iptables/rules.v6' ]; then
cp -p /usr/lib/qubes/init/ip6tables /etc/iptables/rules.v6
fi
systemctl set-default multi-user.target
# Process all triggers which will set defaults to wanted values
triggerTriggers
@ -371,13 +295,12 @@ case "${1}" in
# Enable other systemd units
enableSystemdUnits \
rsyslog.service
rsyslog.service \
netfilter-persistent.service
# XXX: TODO: Needs to be implemented still
# These do not exist on debian; maybe a different package name
# iptables.service \
# ntpd.service \
# ip6tables.service \
;;
abort-upgrade|abort-remove|abort-deconfigure)
@ -408,14 +331,12 @@ case "${1}" in
# Enable cups only when it is real Systemd service
/lib/systemd/system/cups.service)
echo "Enabling cups"
[ -e /lib/systemd/system/cups.service ] && enableSystemdUnits cups.service
;;
# "Enable haveged service"
/lib/systemd/system/haveged.service)
echo "Enabling haveged service"
enableSystemdUnits haveged.service
[ -e /lib/systemd/system/haveged.service ] && enableSystemdUnits haveged.service
;;
# Install overridden serial.conf init script

29
debian/qubes-core-agent.preinst vendored
View File

@ -41,10 +41,6 @@ if [ "$1" = "install" ] ; then
mkdir -p /lib/modules
#mkdir -p -m 0700 /var/log/xen # xen-utils-common should do this
if [ -e /etc/fstab ] ; then
mv /etc/fstab /var/lib/qubes/fstab.orig
fi
# --------------------------------------------------------------------------
# Many Qubes scripts reference /bin/sh expecting the shell to be bash but
# in Debian it is dash so some scripts will fail so force an alternate for
@ -52,36 +48,11 @@ if [ "$1" = "install" ] ; then
# --------------------------------------------------------------------------
update-alternatives --force --install /bin/sh sh /bin/bash 999
# --------------------------------------------------------------------------
# Modules setup
# --------------------------------------------------------------------------
echo "xen_netfront" >> /etc/modules
# --------------------------------------------------------------------------
# Remove `mesg` from root/.profile?
# --------------------------------------------------------------------------
sed -i -e '/^mesg n/d' /root/.profile
# --------------------------------------------------------------------------
# Update /etc/fstab
# --------------------------------------------------------------------------
cat > /etc/fstab <<EOF
/dev/mapper/dmroot / ext4 defaults,noatime 1 1
/dev/xvdc1 swap swap defaults 0 0
/dev/xvdb /rw ext4 noauto,defaults,discard 1 2
/rw/home /home none noauto,bind,defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
xen /proc/xen xenfs defaults 0 0
/dev/xvdi /mnt/removable auto noauto,user,rw 0 0
/dev/xvdd /lib/modules ext3 defaults 0 0
EOF
# --------------------------------------------------------------------------
# User add / modifications
# --------------------------------------------------------------------------

10
debian/qubes-core-agent.prerm vendored
View File

@ -42,6 +42,16 @@ if [ "$1" = "remove" ] ; then
if [ -e /var/lib/qubes/serial.orig ] ; then
mv /var/lib/qubes/serial.orig /etc/init/serial.conf
fi
for init in plymouth-shutdown \
prefdm \
splash-manager \
start-ttys \
tty ; do
dpkg-divert --divert /etc/init/${init}.conf.qubes-disabled --package qubes-core-agent --remove /etc/init/${init}.conf
done
dpkg-divert --divert /etc/init/serial.conf.qubes-orig --package qubes-core-agent --remove /etc/init/serial.conf
fi
# dh_installdeb will replace this with shell code automatically

2
misc/profile.d_qt_x11_no_mitshm.sh Normal file
View File

@ -0,0 +1,2 @@
# Stops Qt form using the MIT-SHM X11 Shared Memory Extension
export QT_X11_NO_MITSHM=1

2
misc/sudoers.d_qt_x11_no_mitshm Normal file
View File

@ -0,0 +1,2 @@
# Don't allow QT to used shared memory to prevent errors
Defaults env_keep += "QT_X11_NO_MITSHM"

3
misc/sudoers.d_umask Normal file
View File

@ -0,0 +1,3 @@
# Sudo's defualt umask is 077 so set sane default of 022
Defaults umask = 0002
Defaults umask_override