diff options
| author | Otto Sabart | 2022-07-10 09:00:00 +0200 |
|---|---|---|
| committer | Otto Sabart | 2022-07-10 22:47:00 +0200 |
| commit | 34e6cf631b074e432d21c03b174d5a474f4b13c1 (patch) | |
| tree | a615c703ea19751906991bb8b0107a82e7712fd1 | |
| parent | 6012f471e5d7e6287624ccfb4414bd41b131d1d5 (diff) | |
| download | aur-34e6cf631b074e432d21c03b174d5a474f4b13c1.tar.gz | |
Qubes - bump to v4.1
| -rw-r--r-- | .SRCINFO | 16 | ||||
| -rw-r--r-- | PKGBUILD | 65 | ||||
| -rw-r--r-- | PKGBUILD-qubes-repo-4.0.conf | 2 | ||||
| -rw-r--r-- | PKGBUILD-qubes-repo-4.1.conf | 3 | ||||
| -rw-r--r-- | PKGBUILD.install | 37 |
5 files changed, 58 insertions, 65 deletions
@@ -1,6 +1,6 @@ pkgbase = qubes-core-agent-linux pkgdesc = The Qubes core files for installation inside a Qubes VM. - pkgver = 4.0.65 + pkgver = 4.1.36 pkgrel = 1 url = https://github.com/QubesOS/qubes-core-agent-linux arch = x86_64 @@ -17,11 +17,13 @@ pkgbase = qubes-core-agent-linux makedepends = python-setuptools makedepends = lsb-release makedepends = pandoc + makedepends = shared-mime-info + makedepends = desktop-file-utils source = qubes-vm-core::git+https://github.com/QubesOS/qubes-core-agent-linux.git?signed#tag=v4.0.65 source = PKGBUILD.qubes-ensure-lib-modules.service source = PKGBUILD.qubes-update-desktop-icons.hook source = PKGBUILD-qubes-pacman-options.conf - source = PKGBUILD-qubes-repo-4.0.conf + source = PKGBUILD-qubes-repo-4.1.conf source = PKGBUILD-keyring-keys source = PKGBUILD-keyring-trusted source = PKGBUILD-keyring-revoked @@ -32,7 +34,7 @@ pkgbase = qubes-core-agent-linux sha512sums = a120135245847c387e940024dff5b6a744b80d8863373ecfe646cb8eeedf1316e223f3b7bb75f153185cb3d9e5fed9bcc14a3cd81448dd1c2d35531c5f8c7195 sha512sums = 1299ac686fa791436359ad33bb2de79f05a3c6059987b30e883a0c18bb7abaacf25ecc7ceeb762f2c1d5bcb9857aa88c106d36ca0977a2c1157bca6e3daee832 sha512sums = 1b45b221f5482dd3fca65169664fc008b976904e14da883cd2d690fe0568086f3cc0a3ee1bc48bccb644c3a8627969be5a4b86bdfa0526e5415fcef6ca4742ed - sha512sums = 3c7322fc5507e5ef8d3c8bbf55de2e23790142622be00aaf27ea8037dbd744895440dce814b7b4e86e9bc82be25a783fc858e86ff44b115e8330dc5580a608ad + sha512sums = 211aee2fa2929bdae8f8cd1f1033f5d47f25e8f0e6793afdbf39d0264ada8334057bf1046d008716d74912c8f91bf3af86201eb1c4fcfc6ba2b78c87ab9d000b sha512sums = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e sha512sums = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e sha512sums = 9bb8027d893ea92cf85788a1389a52da0b7d49cbd355e437a278cc2de0c1f229d7cee871767ffd0eda57dca6ca8d5cc1cd453316983e4cad13d3fc373be11675 @@ -41,9 +43,8 @@ pkgname = qubes-vm-core install = PKGBUILD.install depends = qubes-vm-utils depends = python-xdg - depends = ethtool depends = ntp - depends = net-tools + depends = iproute2 depends = gnome-packagekit depends = imagemagick depends = fakeroot @@ -63,7 +64,7 @@ pkgname = qubes-vm-core depends = librsvg depends = socat depends = pacman-contrib - depends = icu + depends = parted depends = python<3.11 optdepends = gnome-keyring optdepends = gnome-settings-daemon @@ -78,8 +79,7 @@ pkgname = qubes-vm-networking depends = qubes-vm-core depends = qubes-vm-utils depends = python - depends = ethtool - depends = net-tools + depends = iproute2 depends = qubes-db-vm depends = networkmanager depends = iptables @@ -5,14 +5,14 @@ pkgbase=qubes-core-agent-linux pkgname=(qubes-vm-core qubes-vm-networking qubes-vm-keyring) _gitname=${pkgname%-git*} -pkgver=4.0.65 +pkgver=4.1.36 pkgrel=1 pkgdesc="The Qubes core files for installation inside a Qubes VM." arch=("x86_64") url="https://github.com/QubesOS/qubes-core-agent-linux" license=('GPL') groups=() -makedepends=(gcc make pkg-config qubes-vm-utils qubes-libvchan qubes-db-vm qubes-vm-xen libx11 python python-setuptools lsb-release pandoc) +makedepends=(gcc make pkg-config qubes-vm-utils qubes-libvchan qubes-db-vm qubes-vm-xen libx11 python python-setuptools lsb-release pandoc shared-mime-info desktop-file-utils) validpgpkeys=('0AF64C3B1F1214B38C8C57861FA2DBE674387CC3' # Otto Sabart '0064428F455451B3EBE78A7F063938BA42CFA724' # Marek Marczykowski-Górecki '427F11FD0FAA4B080123F01CDDFA1A3E36879494' # Qubes Master Signing Key @@ -22,7 +22,7 @@ source=( "$_gitname::git+https://github.com/QubesOS/qubes-core-agent-linux.git?signed#tag=v${pkgver}" PKGBUILD.qubes-ensure-lib-modules.service PKGBUILD.qubes-update-desktop-icons.hook PKGBUILD-qubes-pacman-options.conf - PKGBUILD-qubes-repo-4.0.conf + PKGBUILD-qubes-repo-4.1.conf PKGBUILD-keyring-keys PKGBUILD-keyring-trusted PKGBUILD-keyring-revoked @@ -32,7 +32,7 @@ sha512sums=( 'a120135245847c387e940024dff5b6a744b80d8863373ecfe646cb8eeedf1316e223f3b7bb75f153185cb3d9e5fed9bcc14a3cd81448dd1c2d35531c5f8c7195' '1299ac686fa791436359ad33bb2de79f05a3c6059987b30e883a0c18bb7abaacf25ecc7ceeb762f2c1d5bcb9857aa88c106d36ca0977a2c1157bca6e3daee832' '1b45b221f5482dd3fca65169664fc008b976904e14da883cd2d690fe0568086f3cc0a3ee1bc48bccb644c3a8627969be5a4b86bdfa0526e5415fcef6ca4742ed' - '3c7322fc5507e5ef8d3c8bbf55de2e23790142622be00aaf27ea8037dbd744895440dce814b7b4e86e9bc82be25a783fc858e86ff44b115e8330dc5580a608ad' + '211aee2fa2929bdae8f8cd1f1033f5d47f25e8f0e6793afdbf39d0264ada8334057bf1046d008716d74912c8f91bf3af86201eb1c4fcfc6ba2b78c87ab9d000b' 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e' 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e' '9bb8027d893ea92cf85788a1389a52da0b7d49cbd355e437a278cc2de0c1f229d7cee871767ffd0eda57dca6ca8d5cc1cd453316983e4cad13d3fc373be11675' @@ -45,37 +45,34 @@ build() { cd "${srcdir}/${_gitname}/" # Fix for network tools paths - sed 's:/sbin/ifconfig:ifconfig:g' -i network/* - sed 's:/sbin/route:route:g' -i network/* - sed 's:/sbin/ethtool:ethtool:g' -i network/* sed 's:/sbin/ip:ip:g' -i network/* sed 's:/bin/grep:grep:g' -i network/* # Fix for archlinux sbindir sed 's:/usr/sbin/ntpdate:/usr/bin/ntpdate:g' -i qubes-rpc/sync-ntp-clock - sed 's:/usr/sbin/qubes-firewall:/usr/bin/qubes-firewall:g' -i vm-systemd/qubes-firewall.service - # Remove SELinux specific options from sudoers file - sed 's:ROLE=unconfined_r TYPE=unconfined_t::g' -i misc/qubes.sudoers - - for dir in qubes-rpc qrexec misc; do + for dir in qubes-rpc misc; do make BACKEND_VMM="${qubes_backend_vmm}" -C "$dir" done } - #This package provides: -# * qrexec agent # * qubes rpc scripts # * core linux tools and scripts # * core systemd services and drop-ins # * basic network functionality (setting IP address, DNS, default gateway) package_qubes-vm-core() { - depends=(qubes-vm-utils python-xdg ethtool ntp net-tools + local release + [[ "$pkgver" =~ ^([0-9]+)\.([0-9]+)($|\.) ]] || { + echo 'invalid $pkgver'>&2 + exit 1 + } + release=${BASH_REMATCH[1]}.${BASH_REMATCH[2]} + depends=(qubes-vm-utils python-xdg ntp iproute2 gnome-packagekit imagemagick fakeroot notification-daemon dconf zenity qubes-libvchan qubes-db-vm haveged python-gobject python-dbus xdg-utils notification-daemon gawk sed procps-ng librsvg - socat pacman-contrib icu + socat pacman-contrib parted # Block updating if there is a major python update as the python API will be in the wrong PYTHONPATH #'python<3.10' 'python<3.11' @@ -85,18 +82,15 @@ package_qubes-vm-core() { cd "${srcdir}/${_gitname}/" - # Note: Archlinux removed use of directory such as /sbin /bin /usr/sbin (https://mailman.archlinux.org/pipermail/arch-dev-public/2012-March/022625.html) + install -D -m 0644 -- boot/grub.qubes "$pkgdir/etc/default/grub.qubes" # shellcheck disable=SC2154 - make -C qrexec install DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib - make install-corevm DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux - - # Remove things non wanted in archlinux - rm -r "$pkgdir/etc/yum"* - rm -r "$pkgdir/etc/dnf"* - rm -r "$pkgdir/etc/init.d" - # Remove fedora specific scripts - rm "$pkgdir/etc/fstab" + make -C app-menu install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/usr/lib + make -C misc install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/usr/lib + make -C qubes-rpc DESTDIR="$pkgdir" install + make -C qubes-rpc/kde DESTDIR="$pkgdir" install + make -C qubes-rpc/nautilus DESTDIR="$pkgdir" install + make -C qubes-rpc/thunar DESTDIR="$pkgdir" install # Install systemd script allowing to automount /lib/modules install -m 644 "$srcdir/PKGBUILD.qubes-ensure-lib-modules.service" "${pkgdir}/usr/lib/systemd/system/qubes-ensure-lib-modules.service" @@ -106,11 +100,8 @@ package_qubes-vm-core() { install -m 644 "$srcdir/PKGBUILD.qubes-update-desktop-icons.hook" "${pkgdir}/usr/share/libalpm/hooks/qubes-update-desktop-icons.hook" # Install pacman.d drop-ins (at least 1 drop-in must be installed or pacman will fail) - mkdir -p "${pkgdir}/etc/pacman.d" + mkdir -p -m 0755 "${pkgdir}/etc/pacman.d" install -m 644 "$srcdir/PKGBUILD-qubes-pacman-options.conf" "${pkgdir}/etc/pacman.d/10-qubes-options.conf" - - # Install pacman repository - release=$(echo "$pkgver" | cut -d '.' -f 1,2) echo "Installing repository for release ${release}" install -m 644 "$srcdir/PKGBUILD-qubes-repo-${release}.conf" "${pkgdir}/etc/pacman.d/99-qubes-repository-${release}.conf.disabled" @@ -119,14 +110,13 @@ package_qubes-vm-core() { cat <<EOF > "$pkgdir/etc/systemd/system/getty@tty1.service.d/autologin.conf" [Service] ExecStart= -ExecStart=-/usr/bin/agetty --autologin user --noclear %I 38400 linux +ExecStart=-/sbin/agetty -o '-f -p -- \\u' --keep-baud 115200,38400,9600 %I linux EOF # Archlinux packaging guidelines: /var/run is a symlink to a tmpfs. Don't create it - rm -r "$pkgdir/var/run" + rm -rf "$pkgdir/var/run" } - #This package provides: # * proxy service used by TemplateVMs to download updates # * qubes-firewall service (FirewallVM) @@ -138,7 +128,7 @@ EOF # package_qubes-vm-networking() { pkgdesc="Qubes OS tools allowing to use a Qubes VM as a NetVM/ProxyVM" - depends=(qubes-vm-core qubes-vm-utils python ethtool net-tools + depends=(qubes-vm-core qubes-vm-utils python iproute2 qubes-db-vm networkmanager iptables tinyproxy nftables conntrack-tools ) @@ -147,10 +137,10 @@ package_qubes-vm-networking() { cd "${srcdir}/${_gitname}/" # shellcheck disable=SC2154 + make -C network install DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux make install-netvm DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux } - package_qubes-vm-keyring() { pkgdesc="Qubes OS Binary Repository Activation package and Keyring" install=PKGBUILD-keyring.install @@ -161,3 +151,8 @@ package_qubes-vm-keyring() { install -m0644 PKGBUILD-keyring-trusted "${pkgdir}/usr/share/pacman/keyrings/qubesos-vm-trusted" install -m0644 PKGBUILD-keyring-revoked "${pkgdir}/usr/share/pacman/keyrings/qubesos-vm-revoked" } + +package_qubes-vm-passwordless-root() { + pkgdesc="Qubes OS Passwordless root access from normal user" + make -C passwordless-root install DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux +} diff --git a/PKGBUILD-qubes-repo-4.0.conf b/PKGBUILD-qubes-repo-4.0.conf deleted file mode 100644 index b7c23958e8ab..000000000000 --- a/PKGBUILD-qubes-repo-4.0.conf +++ /dev/null @@ -1,2 +0,0 @@ -[qubes-r4.0] -#Server = https://YOUR_OWN_SERVER diff --git a/PKGBUILD-qubes-repo-4.1.conf b/PKGBUILD-qubes-repo-4.1.conf new file mode 100644 index 000000000000..59cf05400256 --- /dev/null +++ b/PKGBUILD-qubes-repo-4.1.conf @@ -0,0 +1,3 @@ +[qubes-r4.1] +#Replace the server below with your own +#Server = https://YOUR_OWN_SERVER diff --git a/PKGBUILD.install b/PKGBUILD.install index bb6baf5ad75f..230794eda2aa 100644 --- a/PKGBUILD.install +++ b/PKGBUILD.install @@ -35,7 +35,7 @@ pre_install() { # Add qubes core related fstab entries echo "xen /proc/xen xenfs defaults 0 0" >> /etc/fstab - usermod -p '' root + usermod -L root usermod -L user } @@ -135,6 +135,7 @@ EOF ############################ ## Service Management Functions ## ############################ +# FIXME: add user units support to is_static()/is_masked()/mask()/unmask() functions is_static() { [ -f "/usr/lib/systemd/system/$1" ] && ! grep -q '^[[].nstall]' "/usr/lib/systemd/system/$1" } @@ -166,6 +167,8 @@ unmask() { preset_units() { local represet= + # shellcheck disable=SC2206 + local extra_opts=( $3 ) while read -r action unit_name do if [ "$action" = "#" ] && [ "$unit_name" = "Units below this line will be re-preset on package upgrade" ] @@ -191,15 +194,17 @@ preset_units() { # We masked this static unit before, now we unmask it. unmask "$unit_name" fi - systemctl --no-reload preset "$unit_name" >/dev/null 2>&1 || : + systemctl --no-reload "${extra_opts[@]}" preset "$unit_name" >/dev/null 2>&1 || : else - systemctl --no-reload preset "$unit_name" >/dev/null 2>&1 || : + systemctl --no-reload "${extra_opts[@]}" preset "$unit_name" >/dev/null 2>&1 || : fi fi done < "$1" } restore_units() { + # shellcheck disable=SC2206 + local extra_opts=( $2 ) grep '^[[:space:]]*[^#;]' "$1" | while read -r action unit_name do if is_static "$unit_name" && is_masked "$unit_name" @@ -208,7 +213,7 @@ restore_units() { # Otherwise systemctl preset will fail badly. unmask "$unit_name" fi - systemctl --no-reload preset "$unit_name" >/dev/null 2>&1 || : + systemctl --no-reload "${extra_opts[@]}" preset "$unit_name" >/dev/null 2>&1 || : done } @@ -216,9 +221,11 @@ configure_systemd() { if [ "$1" -eq 1 ] then preset_units /usr/lib/systemd/system-preset/$qubes_preset_file initial + preset_units /usr/lib/systemd/user-preset/$qubes_preset_file initial --global changed=true else preset_units /usr/lib/systemd/system-preset/$qubes_preset_file upgrade + preset_units /usr/lib/systemd/user-preset/$qubes_preset_file upgrade --global changed=true # Upgrade path - now qubes-iptables is used instead for svc in iptables ip6tables @@ -255,6 +262,9 @@ configure_systemd() { changed=true fi + # fix / ro mounted + ln -sf /usr/lib/systemd/system/systemd-remount-fs.service /etc/systemd/system/sysinit.target.wants/ + if [ "x$changed" != "x" ] then systemctl daemon-reload @@ -315,17 +325,6 @@ update_finalize() { /usr/lib/qubes/update-proxy-configs - # Archlinux specific: Update pam.d configuration for su to enable systemd-login wrapper - # This is required as qubes-gui agent calls xinit with su -l user without initializing properly - # the user session. - # pam_unix.so can also be removed from su configuration - # as system-login (which include system-auth) already gives pam_unix.so - # with more appropriate parameters (fix the missing nullok parameter) - if grep -q pam_unix.so /etc/pam.d/su; then - echo "Fixing pam.d" - cp /etc/pam.d/qrexec /etc/pam.d/su-l - fi - # Archlinux specific: ensure tty1 is enabled rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service systemctl enable getty\@tty1.service @@ -355,10 +354,6 @@ post_install() { continue fi - if [ "$(basename "$f")" == "50-qubes-misc.rules" ] ; then - continue - fi - if echo "$f" | grep -q qubes; then continue fi @@ -411,7 +406,8 @@ pre_remove() { # once the Qubes OS preset file is removed. mkdir -p /run/qubes-uninstall cp -f /usr/lib/systemd/system-preset/$qubes_preset_file /run/qubes-uninstall/ - cp -f /usr/lib/systemd/system-preset/$qubes_preset_file /run/qubes-uninstall/ + cp -f /usr/lib/systemd/user-preset/$qubes_preset_file \ + /run/qubes-uninstall/user-$qubes_preset_file fi } @@ -424,6 +420,7 @@ post_remove() { # We have a saved preset file (or more). # Re-preset the units mentioned there. restore_units /run/qubes-uninstall/$qubes_preset_file + restore_units /run/qubes-uninstall/user-$qubes_preset_file --global rm -rf /run/qubes-uninstall changed=true fi |