diff options
| author | Otto Sabart | 2021-04-14 00:29:33 +0200 |
|---|---|---|
| committer | Otto Sabart | 2021-04-14 00:29:33 +0200 |
| commit | 752b1fd61af6dc2a7b100228ec2b3f24b15d38d9 (patch) | |
| tree | 8b01dbe9c9c9b4c27ab7a48bb0c416479aa010ba | |
| download | aur-752b1fd61af6dc2a7b100228ec2b3f24b15d38d9.tar.gz | |
initial commit
| -rw-r--r-- | .SRCINFO | 76 | ||||
| -rw-r--r-- | PKGBUILD | 124 | ||||
| -rw-r--r-- | PKGBUILD-keyring-keys | 0 | ||||
| -rw-r--r-- | PKGBUILD-keyring-revoked | 1 | ||||
| -rw-r--r-- | PKGBUILD-keyring-trusted | 0 | ||||
| -rw-r--r-- | PKGBUILD-keyring.install | 18 | ||||
| -rw-r--r-- | PKGBUILD-networking.install | 41 | ||||
| -rw-r--r-- | PKGBUILD-qubes-pacman-options.conf | 2 | ||||
| -rw-r--r-- | PKGBUILD-qubes-repo-3.2.conf | 2 | ||||
| -rw-r--r-- | PKGBUILD-qubes-repo-4.0.conf | 2 | ||||
| -rw-r--r-- | PKGBUILD.install | 446 | ||||
| -rw-r--r-- | PKGBUILD.qubes-ensure-lib-modules.service | 18 | ||||
| -rw-r--r-- | PKGBUILD.qubes-update-desktop-icons.hook | 11 |
13 files changed, 741 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..0d201a5b55ba --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,76 @@ +pkgbase = qubes-vm-core + pkgdesc = The Qubes core files for installation inside a Qubes VM. + pkgver = 4.0.61 + pkgrel = 1 + url = https://github.com/QubesOS/qubes-core-agent-linux + arch = x86_64 + license = GPL + makedepends = gcc + makedepends = make + makedepends = pkg-config + makedepends = qubes-vm-utils + makedepends = qubes-libvchan + makedepends = qubes-db-vm + makedepends = qubes-vm-xen + makedepends = libx11 + makedepends = python + makedepends = python-setuptools + makedepends = lsb-release + makedepends = pandoc + depends = sh + depends = qubes-vm-core + depends = usbutils + source = qubes-vm-core::git+https://github.com/QubesOS/qubes-core-agent-linux.git?signed#tag=v4.0.61 + source = PKGBUILD.qubes-ensure-lib-modules.service + source = PKGBUILD.qubes-update-desktop-icons.hook + source = PKGBUILD-qubes-pacman-options.conf + source = PKGBUILD-qubes-repo-4.0.conf + source = PKGBUILD-keyring-keys + source = PKGBUILD-keyring-trusted + source = PKGBUILD-keyring-revoked + validpgpkeys = 0AF64C3B1F1214B38C8C57861FA2DBE674387CC3 + validpgpkeys = 0064428F455451B3EBE78A7F063938BA42CFA724 + validpgpkeys = 427F11FD0FAA4B080123F01CDDFA1A3E36879494 + sha512sums = SKIP + sha512sums = a120135245847c387e940024dff5b6a744b80d8863373ecfe646cb8eeedf1316e223f3b7bb75f153185cb3d9e5fed9bcc14a3cd81448dd1c2d35531c5f8c7195 + sha512sums = 1299ac686fa791436359ad33bb2de79f05a3c6059987b30e883a0c18bb7abaacf25ecc7ceeb762f2c1d5bcb9857aa88c106d36ca0977a2c1157bca6e3daee832 + sha512sums = 1b45b221f5482dd3fca65169664fc008b976904e14da883cd2d690fe0568086f3cc0a3ee1bc48bccb644c3a8627969be5a4b86bdfa0526e5415fcef6ca4742ed + sha512sums = 3c7322fc5507e5ef8d3c8bbf55de2e23790142622be00aaf27ea8037dbd744895440dce814b7b4e86e9bc82be25a783fc858e86ff44b115e8330dc5580a608ad + sha512sums = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e + sha512sums = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e + sha512sums = 9bb8027d893ea92cf85788a1389a52da0b7d49cbd355e437a278cc2de0c1f229d7cee871767ffd0eda57dca6ca8d5cc1cd453316983e4cad13d3fc373be11675 + +pkgname = qubes-vm-core + install = PKGBUILD.install + depends = qubes-vm-utils + depends = python-xdg + depends = ethtool + depends = ntp + depends = net-tools + depends = gnome-packagekit + depends = imagemagick + depends = fakeroot + depends = notification-daemon + depends = dconf + depends = zenity + depends = qubes-libvchan + depends = qubes-db-vm + depends = haveged + depends = python-gobject + depends = python-dbus + depends = xdg-utils + depends = notification-daemon + depends = gawk + depends = sed + depends = procps-ng + depends = librsvg + depends = socat + depends = pacman-contrib + depends = python<3.10 + optdepends = gnome-keyring + optdepends = gnome-settings-daemon + optdepends = python-nautilus + optdepends = gpk-update-viewer + optdepends = qubes-vm-networking + optdepends = qubes-vm-keyring + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..41398e981e48 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,124 @@ +# Maintainer: Otto Sabart <aur@seberm.com> + +# Ref.: https://github.com/QubesOS/qubes-core-agent-linux/tree/master/archlinux + +#pkgname=(qubes-vm-core qubes-vm-networking qubes-vm-keyring) +pkgname=(qubes-vm-core) +_gitname=${pkgname%-git*} +pkgver=4.0.61 +pkgrel=1 +pkgdesc="The Qubes core files for installation inside a Qubes VM." +arch=("x86_64") +url="https://github.com/QubesOS/qubes-core-agent-linux" +license=('GPL') +depends=('sh' 'qubes-vm-core' 'usbutils') +groups=() +makedepends=(gcc make pkg-config qubes-vm-utils qubes-libvchan qubes-db-vm qubes-vm-xen libx11 python python-setuptools lsb-release pandoc) +validpgpkeys=('0AF64C3B1F1214B38C8C57861FA2DBE674387CC3' # Otto Sabart + '0064428F455451B3EBE78A7F063938BA42CFA724' # Marek Marczykowski-Górecki + '427F11FD0FAA4B080123F01CDDFA1A3E36879494' # Qubes Master Signing Key +) + +source=( + "$_gitname::git+https://github.com/QubesOS/qubes-core-agent-linux.git?signed#tag=v${pkgver}" + PKGBUILD.qubes-ensure-lib-modules.service PKGBUILD.qubes-update-desktop-icons.hook + PKGBUILD-qubes-pacman-options.conf + PKGBUILD-qubes-repo-4.0.conf + PKGBUILD-keyring-keys + PKGBUILD-keyring-trusted + PKGBUILD-keyring-revoked +) +sha512sums=( + 'SKIP' + 'a120135245847c387e940024dff5b6a744b80d8863373ecfe646cb8eeedf1316e223f3b7bb75f153185cb3d9e5fed9bcc14a3cd81448dd1c2d35531c5f8c7195' + '1299ac686fa791436359ad33bb2de79f05a3c6059987b30e883a0c18bb7abaacf25ecc7ceeb762f2c1d5bcb9857aa88c106d36ca0977a2c1157bca6e3daee832' + '1b45b221f5482dd3fca65169664fc008b976904e14da883cd2d690fe0568086f3cc0a3ee1bc48bccb644c3a8627969be5a4b86bdfa0526e5415fcef6ca4742ed' + '3c7322fc5507e5ef8d3c8bbf55de2e23790142622be00aaf27ea8037dbd744895440dce814b7b4e86e9bc82be25a783fc858e86ff44b115e8330dc5580a608ad' + 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e' + 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e' + '9bb8027d893ea92cf85788a1389a52da0b7d49cbd355e437a278cc2de0c1f229d7cee871767ffd0eda57dca6ca8d5cc1cd453316983e4cad13d3fc373be11675' +) + +# Ref.: https://github.com/QubesOS/qubes-builder/blob/master/example-configs/qubes-os-master.conf#L9 +qubes_backend_vmm=xen + +build() { + cd "${srcdir}/${_gitname}/" + + # Fix for network tools paths + sed 's:/sbin/ifconfig:ifconfig:g' -i network/* + sed 's:/sbin/route:route:g' -i network/* + sed 's:/sbin/ethtool:ethtool:g' -i network/* + sed 's:/sbin/ip:ip:g' -i network/* + sed 's:/bin/grep:grep:g' -i network/* + + # Fix for archlinux sbindir + sed 's:/usr/sbin/ntpdate:/usr/bin/ntpdate:g' -i qubes-rpc/sync-ntp-clock + sed 's:/usr/sbin/qubes-firewall:/usr/bin/qubes-firewall:g' -i vm-systemd/qubes-firewall.service + + for dir in qubes-rpc qrexec misc; do + make BACKEND_VMM="${qubes_backend_vmm}" -C "$dir" + done +} + + +#This package provides: +# * qrexec agent +# * qubes rpc scripts +# * core linux tools and scripts +# * core systemd services and drop-ins +# * basic network functionality (setting IP address, DNS, default gateway) +package_qubes-vm-core() { + depends=(qubes-vm-utils python-xdg ethtool ntp net-tools + gnome-packagekit imagemagick fakeroot notification-daemon dconf + zenity qubes-libvchan qubes-db-vm haveged python-gobject + python-dbus xdg-utils notification-daemon gawk sed procps-ng librsvg + socat pacman-contrib + # Block updating if there is a major python update as the python API will be in the wrong PYTHONPATH + 'python<3.10' + ) + optdepends=(gnome-keyring gnome-settings-daemon python-nautilus gpk-update-viewer qubes-vm-networking qubes-vm-keyring) + install=PKGBUILD.install + + cd "${srcdir}/${_gitname}/" + + # Note: Archlinux removed use of directory such as /sbin /bin /usr/sbin (https://mailman.archlinux.org/pipermail/arch-dev-public/2012-March/022625.html) + # shellcheck disable=SC2154 + make -C qrexec install DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib + + make install-corevm DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux + + # Remove things non wanted in archlinux + rm -r "$pkgdir/etc/yum"* + rm -r "$pkgdir/etc/dnf"* + rm -r "$pkgdir/etc/init.d" + # Remove fedora specific scripts + rm "$pkgdir/etc/fstab" + + # Install systemd script allowing to automount /lib/modules + install -m 644 "$srcdir/PKGBUILD.qubes-ensure-lib-modules.service" "${pkgdir}/usr/lib/systemd/system/qubes-ensure-lib-modules.service" + + # Install pacman hook to update desktop icons + mkdir -p "${pkgdir}/usr/share/libalpm/hooks/" + install -m 644 "$srcdir/PKGBUILD.qubes-update-desktop-icons.hook" "${pkgdir}/usr/share/libalpm/hooks/qubes-update-desktop-icons.hook" + + # Install pacman.d drop-ins (at least 1 drop-in must be installed or pacman will fail) + mkdir -p "${pkgdir}/etc/pacman.d" + install -m 644 "$srcdir/PKGBUILD-qubes-pacman-options.conf" "${pkgdir}/etc/pacman.d/10-qubes-options.conf" + + # Install pacman repository + release=$(echo "$pkgver" | cut -d '.' -f 1,2) + echo "Installing repository for release ${release}" + install -m 644 "$srcdir/PKGBUILD-qubes-repo-${release}.conf" "${pkgdir}/etc/pacman.d/99-qubes-repository-${release}.conf.disabled" + + # Archlinux specific: enable autologin on tty1 + mkdir -p "$pkgdir/etc/systemd/system/getty@tty1.service.d/" + cat <<EOF > "$pkgdir/etc/systemd/system/getty@tty1.service.d/autologin.conf" +[Service] +ExecStart= +ExecStart=-/usr/bin/agetty --autologin user --noclear %I 38400 linux +EOF + + # Archlinux packaging guidelines: /var/run is a symlink to a tmpfs. Don't create it + rm -r "$pkgdir/var/run" +} diff --git a/PKGBUILD-keyring-keys b/PKGBUILD-keyring-keys new file mode 100644 index 000000000000..e69de29bb2d1 --- /dev/null +++ b/PKGBUILD-keyring-keys diff --git a/PKGBUILD-keyring-revoked b/PKGBUILD-keyring-revoked new file mode 100644 index 000000000000..186c253879d0 --- /dev/null +++ b/PKGBUILD-keyring-revoked @@ -0,0 +1 @@ +D85EE12F967851CCF433515A2043E7ACC1833B9C diff --git a/PKGBUILD-keyring-trusted b/PKGBUILD-keyring-trusted new file mode 100644 index 000000000000..e69de29bb2d1 --- /dev/null +++ b/PKGBUILD-keyring-trusted diff --git a/PKGBUILD-keyring.install b/PKGBUILD-keyring.install new file mode 100644 index 000000000000..c915659a4943 --- /dev/null +++ b/PKGBUILD-keyring.install @@ -0,0 +1,18 @@ +post_upgrade() { + if usr/bin/pacman-key -l >/dev/null 2>&1; then + usr/bin/pacman-key --populate qubesos-vm + fi + release=$(echo "$1" | cut -d '.' -f 1,2) + + if ! [ -h /etc/pacman.d/99-qubes-repository-${release}.conf ] ; then + ln -s /etc/pacman.d/99-qubes-repository-${release}.conf.disabled /etc/pacman.d/99-qubes-repository-${release}.conf + fi + +} + +post_install() { + if [ -x usr/bin/pacman-key ]; then + post_upgrade "$1" + fi +} + diff --git a/PKGBUILD-networking.install b/PKGBUILD-networking.install new file mode 100644 index 000000000000..965778a5186d --- /dev/null +++ b/PKGBUILD-networking.install @@ -0,0 +1,41 @@ +#!/bin/bash + +## arg 1: the new package version +post_install() { + # Create NetworkManager configuration if we do not have it + if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then + echo '[main]' > /etc/NetworkManager/NetworkManager.conf + echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf + echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf + fi + + # Remove ip_forward setting from sysctl, so NM will not reset it + # Archlinux now use sysctl.d/ instead of sysctl.conf + #sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf + + /usr/lib/qubes/qubes-fix-nm-conf.sh + + # Yum proxy configuration is fedora specific + #if ! grep -q '/etc/yum\.conf\.d/qubes-proxy\.conf' /etc/yum.conf; then + # echo >> /etc/yum.conf + # echo '# Yum does not support inclusion of config dir...' >> /etc/yum.conf + # echo 'include=file:///etc/yum.conf.d/qubes-proxy.conf' >> /etc/yum.conf + #fi + + for srv in qubes-firewall.service qubes-iptables.service qubes-network.service qubes-updates-proxy.service ; do + systemctl enable $srv + done +} + +## arg 1: the new package version +## arg 2: the old package version +post_upgrade() { + post_install +} + +## arg 1: the old package version +post_remove() { + for srv in qubes-firewall.service qubes-iptables.service qubes-network.service qubes-updates-proxy.service ; do + systemctl disable $srv + done +} diff --git a/PKGBUILD-qubes-pacman-options.conf b/PKGBUILD-qubes-pacman-options.conf new file mode 100644 index 000000000000..703c47208bc4 --- /dev/null +++ b/PKGBUILD-qubes-pacman-options.conf @@ -0,0 +1,2 @@ +[options] +NoUpgrade = etc/pam.d/su-l
\ No newline at end of file diff --git a/PKGBUILD-qubes-repo-3.2.conf b/PKGBUILD-qubes-repo-3.2.conf new file mode 100644 index 000000000000..ed8a9696dba3 --- /dev/null +++ b/PKGBUILD-qubes-repo-3.2.conf @@ -0,0 +1,2 @@ +[qubes-r3.2] +Server = http://olivier.medoc.free.fr/archlinux/current/ diff --git a/PKGBUILD-qubes-repo-4.0.conf b/PKGBUILD-qubes-repo-4.0.conf new file mode 100644 index 000000000000..b7c23958e8ab --- /dev/null +++ b/PKGBUILD-qubes-repo-4.0.conf @@ -0,0 +1,2 @@ +[qubes-r4.0] +#Server = https://YOUR_OWN_SERVER diff --git a/PKGBUILD.install b/PKGBUILD.install new file mode 100644 index 000000000000..bb6baf5ad75f --- /dev/null +++ b/PKGBUILD.install @@ -0,0 +1,446 @@ +#!/bin/bash +qubes_preset_file="75-qubes-vm.preset" + +########################### +## Pre-Install functions ## +########################### + +update_default_user() { + # Make sure there is a qubes group + groupadd --force --system --gid 98 qubes + + # Archlinux bash version has a 'bug' when running su -c, /etc/profile is not loaded because bash consider there is no interactive pty when running 'su - user -c' or something like this. + # See https://bugs.archlinux.org/task/31831 + id -u 'user' >/dev/null 2>&1 || { + useradd --user-group --create-home --shell /bin/bash user + } + usermod -a --groups qubes user +} + +## arg 1: the new package version +pre_install() { + echo "Pre install..." + + update_default_user + + # do this whole %pre thing only when updating for the first time... + + mkdir -p /var/lib/qubes + + # Backup fstab / But use archlinux defaults (cp instead of mv) + if [ -e /etc/fstab ] ; then + cp /etc/fstab /var/lib/qubes/fstab.orig + fi + + # Add qubes core related fstab entries + echo "xen /proc/xen xenfs defaults 0 0" >> /etc/fstab + + usermod -p '' root + usermod -L user +} + + +## arg 1: the new package version +## arg 2: the old package version +pre_upgrade() { + # do something here + echo "Pre upgrade..." + + update_default_user +} + +################### +## Install Hooks ## +################### + + +configure_notification-daemon() { + # Enable autostart of notification-daemon when installed + if [ ! -L /etc/xdg/autostart/notification-daemon.desktop ]; then + ln -s /usr/share/applications/notification-daemon.desktop /etc/xdg/autostart/ + fi +} + +configure_selinux() { + # SELinux is not enabled on archlinux + #echo "--> Disabling SELinux..." + echo "SELINUX not enabled on archlinux. skipped." + # sed -e s/^SELINUX=.*$/SELINUX=disabled/ -i /etc/selinux/config + # setenforce 0 2>/dev/null +} + +############################ +## Post-Install functions ## +############################ + +update_qubesconfig() { + # Remove old firmware updates link + if [ -L /lib/firmware/updates ]; then + rm -f /lib/firmware/updates + fi + + # convert /usr/local symlink to a mount point + if [ -L /usr/local ]; then + rm -f /usr/local + mkdir /usr/local + mount /usr/local || : + fi + + # Fix fstab update to core-agent-linux 4.0.33 + grep -F -q "/rw/usrlocal" /etc/fstab || sed "/\/rw\/home/a\/rw\/usrlocal \/usr\/local none noauto,bind,defaults 0 0" -i /etc/fstab + + #/usr/lib/qubes/update-proxy-configs + # Archlinux pacman configuration is handled in update_finalize + + if ! [ -r /etc/dconf/profile/user ]; then + mkdir -p /etc/dconf/profile + echo "user-db:user" >> /etc/dconf/profile/user + echo "system-db:local" >> /etc/dconf/profile/user + fi + + dconf update &> /dev/null || : + + # Location of files which contains list of protected files + mkdir -p /etc/qubes/protected-files.d + # shellcheck source=init/functions + . /usr/lib/qubes/init/functions + + # qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content + if ! is_protected_file /etc/hosts ; then + if ! grep -q localhost /etc/hosts; then + + cat <<EOF > /etc/hosts +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 $(hostname) +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +EOF + + fi + fi + + # ensure that hostname resolves to 127.0.0.1 resp. ::1 and that /etc/hosts is + # in the form expected by qubes-sysinit.sh + if ! is_protected_file /etc/hostname ; then + for ip in '127\.0\.0\.1' '::1'; do + if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then + sed -i "/^${ip}\s/,+0s/\(\s$(hostname)\)\+\(\s\|$\)/\2/g" /etc/hosts + sed -i "s/^${ip}\(\s\|$\).*$/\0 $(hostname)/" /etc/hosts + else + echo "${ip} $(hostname)" >> /etc/hosts + fi + done + fi + +} + +############################ +## Service Management Functions ## +############################ +is_static() { + [ -f "/usr/lib/systemd/system/$1" ] && ! grep -q '^[[].nstall]' "/usr/lib/systemd/system/$1" +} + +is_masked() { + if [ ! -L /etc/systemd/system/"$1" ] + then + return 1 + fi + target=$(readlink /etc/systemd/system/"$1" 2>/dev/null) || : + if [ "$target" = "/dev/null" ] + then + return 0 + fi + return 1 +} + +mask() { + ln -sf /dev/null /etc/systemd/system/"$1" +} + +unmask() { + if ! is_masked "$1" + then + return 0 + fi + rm -f /etc/systemd/system/"$1" +} + +preset_units() { + local represet= + while read -r action unit_name + do + if [ "$action" = "#" ] && [ "$unit_name" = "Units below this line will be re-preset on package upgrade" ] + then + represet=1 + continue + fi + echo "$action $unit_name" | grep -q '^[[:space:]]*[^#;]' || continue + [[ -n "$action" && -n "$unit_name" ]] || continue + if [ "$2" = "initial" ] || [ "$represet" = "1" ] + then + if [ "$action" = "disable" ] && is_static "$unit_name" + then + if ! is_masked "$unit_name" + then + # We must effectively mask these units, even if they are static. + mask "$unit_name" + fi + elif [ "$action" = "enable" ] && is_static "$unit_name" + then + if is_masked "$unit_name" + then + # We masked this static unit before, now we unmask it. + unmask "$unit_name" + fi + systemctl --no-reload preset "$unit_name" >/dev/null 2>&1 || : + else + systemctl --no-reload preset "$unit_name" >/dev/null 2>&1 || : + fi + fi + done < "$1" +} + +restore_units() { + grep '^[[:space:]]*[^#;]' "$1" | while read -r action unit_name + do + if is_static "$unit_name" && is_masked "$unit_name" + then + # If the unit had been masked by us, we must unmask it here. + # Otherwise systemctl preset will fail badly. + unmask "$unit_name" + fi + systemctl --no-reload preset "$unit_name" >/dev/null 2>&1 || : + done +} + +configure_systemd() { + if [ "$1" -eq 1 ] + then + preset_units /usr/lib/systemd/system-preset/$qubes_preset_file initial + changed=true + else + preset_units /usr/lib/systemd/system-preset/$qubes_preset_file upgrade + changed=true + # Upgrade path - now qubes-iptables is used instead + for svc in iptables ip6tables + do + if [ -f "$svc".service ] + then + systemctl --no-reload preset "$svc".service + changed=true + fi + done + fi + + if [ "$1" -eq 1 ] + then + # First install. + # Set default "runlevel". + # FIXME: this ought to be done via kernel command line. + # The fewer deviations of the template from the seed + # image, the better. + rm -f /etc/systemd/system/default.target + ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target + changed=true + fi + + # remove old symlinks + if [ -L /etc/systemd/system/sysinit.target.wants/qubes-random-seed.service ] + then + rm -f /etc/systemd/system/sysinit.target.wants/qubes-random-seed.service + changed=true + fi + if [ -L /etc/systemd/system/multi-user.target.wants/qubes-mount-home.service ] + then + rm -f /etc/systemd/system/multi-user.target.wants/qubes-mount-home.service + changed=true + fi + + if [ "x$changed" != "x" ] + then + systemctl daemon-reload + fi +} + +###################### +## Archlinux Specific Functions ## +###################### +config_prependtomark() { + FILE=$1 + APPENDBEFORELINE=$2 + APPENDLINE=$3 + grep -F -q "$APPENDLINE" "$FILE" || sed "/$APPENDBEFORELINE/i$APPENDLINE" -i "$FILE" +} + +config_appendtomark() { + FILE=$1 + APPENDAFTERLINE=$2 + APPENDLINE=$3 + grep -F -q "$APPENDLINE" "$FILE" || sed "/$APPENDAFTERLINE/a$APPENDLINE" -i "$FILE" +} + +config_cleanupmark() { + FILE="$1" + BEGINMARK="$2" + ENDMARK="$3" + if grep -F -q "$BEGINMARK" "$FILE"; then + if grep -F -q "$ENDMARK" "$FILE"; then + cp "$FILE" "$FILE.qubes-update-orig" + sed -i -e "/^$BEGINMARK$/,/^$ENDMARK$/{ + /^$ENDMARK$/b + /^$BEGINMARK$/!d + }" "$FILE" + rm -f "$FILE.qubes-update-orig" + else + echo "ERROR: found $BEGINMARK marker but not $ENDMARK in $FILE. Please cleanup this file manually." + fi + elif grep -F -q "$ENDMARK" "$FILE"; then + echo "ERROR: found $ENDMARK marker but not $BEGINMARK in $FILE. Please cleanup this file manually." + fi +} + +update_finalize() { + # Archlinux specific: If marker exists, cleanup text between begin and end marker + QUBES_MARKER="### QUBES CONFIG MARKER ###" + if grep -F -q "$QUBES_MARKER" /etc/pacman.conf; then + config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "### QUBES CONFIG END MARKER ###" + config_cleanupmark "/etc/pacman.conf" "$QUBES_MARKER" "### QUBES CONFIG END MARKER ###" + # Else, add qubes config block marker + else + config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "$QUBES_MARKER" + config_prependtomark "/etc/pacman.conf" "# REPOSITORIES" "### QUBES CONFIG END MARKER ###" + fi + + # Include /etc/pacman.d drop-in directory + config_appendtomark "/etc/pacman.conf" "$QUBES_MARKER" "Include = /etc/pacman.d/*.conf" + + /usr/lib/qubes/update-proxy-configs + + # Archlinux specific: Update pam.d configuration for su to enable systemd-login wrapper + # This is required as qubes-gui agent calls xinit with su -l user without initializing properly + # the user session. + # pam_unix.so can also be removed from su configuration + # as system-login (which include system-auth) already gives pam_unix.so + # with more appropriate parameters (fix the missing nullok parameter) + if grep -q pam_unix.so /etc/pam.d/su; then + echo "Fixing pam.d" + cp /etc/pam.d/qrexec /etc/pam.d/su-l + fi + + # Archlinux specific: ensure tty1 is enabled + rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service + systemctl enable getty\@tty1.service + + systemctl daemon-reload +} + +## arg 1: the new package version +post_install() { + update_qubesconfig + + # do the rest of %post thing only when updating for the first time... + if [ -e /etc/init/serial.conf ] && ! [ -f /var/lib/qubes/serial.orig ] ; then + cp /etc/init/serial.conf /var/lib/qubes/serial.orig + fi + + chgrp user /var/lib/qubes/dom0-updates + + # Remove most of the udev scripts to speed up the VM boot time + # Just leave the xen* scripts, that are needed if this VM was + # ever used as a net backend (e.g. as a VPN domain in the future) + #echo "--> Removing unnecessary udev scripts..." + mkdir -p /var/lib/qubes/removed-udev-scripts + for f in /etc/udev/rules.d/* + do + if [ "$(basename "$f")" == "xen-backend.rules" ] ; then + continue + fi + + if [ "$(basename "$f")" == "50-qubes-misc.rules" ] ; then + continue + fi + + if echo "$f" | grep -q qubes; then + continue + fi + + mv "$f" /var/lib/qubes/removed-udev-scripts/ + done + + mkdir -p /rw + + configure_notification-daemon + configure_selinux + + configure_systemd 0 + + update_finalize +} + +## arg 1: the new package version +## arg 2: the old package version +post_upgrade() { + update_qubesconfig + + configure_notification-daemon + configure_selinux + + configure_systemd 1 + + + update_finalize +} + +###################### +## Remove functions ## +###################### + +## arg 1: the old package version +pre_remove() { + # no more packages left + if [ -e /var/lib/qubes/fstab.orig ] ; then + mv /var/lib/qubes/fstab.orig /etc/fstab + fi + mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/ + if [ -e /var/lib/qubes/serial.orig ] ; then + mv /var/lib/qubes/serial.orig /etc/init/serial.conf + fi + + if [ "$1" -eq 0 ] ; then + # Run this only during uninstall. + # Save the preset file to later use it to re-preset services there + # once the Qubes OS preset file is removed. + mkdir -p /run/qubes-uninstall + cp -f /usr/lib/systemd/system-preset/$qubes_preset_file /run/qubes-uninstall/ + cp -f /usr/lib/systemd/system-preset/$qubes_preset_file /run/qubes-uninstall/ + fi +} + +## arg 1: the old package version +post_remove() { + changed= + + if [ -d /run/qubes-uninstall ] + then + # We have a saved preset file (or more). + # Re-preset the units mentioned there. + restore_units /run/qubes-uninstall/$qubes_preset_file + rm -rf /run/qubes-uninstall + changed=true + fi + + if [ "x$changed" != "x" ] + then + systemctl daemon-reload + fi + + + if [ -L /lib/firmware/updates ] ; then + rm /lib/firmware/updates + fi + + rm -rf /var/lib/qubes/xdg + + for srv in qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-qrexec-agent; do + systemctl disable $srv.service + done +} diff --git a/PKGBUILD.qubes-ensure-lib-modules.service b/PKGBUILD.qubes-ensure-lib-modules.service new file mode 100644 index 000000000000..e4f6ff0b152a --- /dev/null +++ b/PKGBUILD.qubes-ensure-lib-modules.service @@ -0,0 +1,18 @@ +[Unit] +Description=Qubes verification of /usr/lib/modules +DefaultDependencies=no +Documentation= +ConditionPathExists=/dev/xvdd +Before=systemd-modules-load.service +Before=systemd-udevd.service +Before=local-fs-pre.target +After=systemd-remount-fs.service +ConditionPathExists=!/usr/lib/modules/lost+found + +[Service] +Type=oneshot +ExecStart=/bin/mount /dev/xvdd /usr/lib/modules +StandardOutput=syslog + +[Install] +WantedBy=sysinit.target diff --git a/PKGBUILD.qubes-update-desktop-icons.hook b/PKGBUILD.qubes-update-desktop-icons.hook new file mode 100644 index 000000000000..c5fc945a5077 --- /dev/null +++ b/PKGBUILD.qubes-update-desktop-icons.hook @@ -0,0 +1,11 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Operation = Remove +Target = usr/share/applications/*.desktop + +[Action] +Description = Updating the Qubes desktop file App Icons and features... +When = PostTransaction +Exec = /etc/qubes-rpc/qubes.PostInstall |