blob: 77007a7dc666030b3e86e0c8bfe5a46b2ae53809 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
# Maintainer: Otto Sabart <aur@seberm.com>
# Ref.: https://github.com/QubesOS/qubes-core-agent-linux/tree/master/archlinux
pkgbase=qubes-core-agent-linux
pkgname=(qubes-vm-core qubes-vm-networking qubes-vm-keyring qubes-vm-passwordless-root)
_gitname=${pkgname%-git*}
pkgver=4.1.37
pkgrel=1
pkgdesc="The Qubes core files for installation inside a Qubes VM."
arch=("x86_64")
url="https://github.com/QubesOS/qubes-core-agent-linux"
license=('GPL')
groups=()
makedepends=(gcc make pkg-config qubes-vm-utils qubes-libvchan qubes-db-vm qubes-vm-xen libx11 python python-setuptools lsb-release pandoc shared-mime-info desktop-file-utils)
validpgpkeys=('0AF64C3B1F1214B38C8C57861FA2DBE674387CC3' # Otto Sabart
'0064428F455451B3EBE78A7F063938BA42CFA724' # Marek Marczykowski-Górecki
'427F11FD0FAA4B080123F01CDDFA1A3E36879494' # Qubes Master Signing Key
)
source=(
"$_gitname::git+https://github.com/QubesOS/qubes-core-agent-linux.git?signed#tag=v${pkgver}"
PKGBUILD.qubes-ensure-lib-modules.service PKGBUILD.qubes-update-desktop-icons.hook
PKGBUILD-qubes-pacman-options.conf
PKGBUILD-qubes-repo-4.1.conf
PKGBUILD-keyring-keys
PKGBUILD-keyring-trusted
PKGBUILD-keyring-revoked
)
sha512sums=(
'SKIP'
'a120135245847c387e940024dff5b6a744b80d8863373ecfe646cb8eeedf1316e223f3b7bb75f153185cb3d9e5fed9bcc14a3cd81448dd1c2d35531c5f8c7195'
'1299ac686fa791436359ad33bb2de79f05a3c6059987b30e883a0c18bb7abaacf25ecc7ceeb762f2c1d5bcb9857aa88c106d36ca0977a2c1157bca6e3daee832'
'1b45b221f5482dd3fca65169664fc008b976904e14da883cd2d690fe0568086f3cc0a3ee1bc48bccb644c3a8627969be5a4b86bdfa0526e5415fcef6ca4742ed'
'211aee2fa2929bdae8f8cd1f1033f5d47f25e8f0e6793afdbf39d0264ada8334057bf1046d008716d74912c8f91bf3af86201eb1c4fcfc6ba2b78c87ab9d000b'
'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e'
'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e'
'9bb8027d893ea92cf85788a1389a52da0b7d49cbd355e437a278cc2de0c1f229d7cee871767ffd0eda57dca6ca8d5cc1cd453316983e4cad13d3fc373be11675'
)
# Ref.: https://github.com/QubesOS/qubes-builder/blob/master/example-configs/qubes-os-master.conf#L9
qubes_backend_vmm=xen
build() {
cd "${srcdir}/${_gitname}/"
# Fix for network tools paths
sed 's:/sbin/ip:ip:g' -i network/*
sed 's:/bin/grep:grep:g' -i network/*
# Fix for archlinux sbindir
sed 's:/usr/sbin/ntpdate:/usr/bin/ntpdate:g' -i qubes-rpc/sync-ntp-clock
for dir in qubes-rpc misc; do
make BACKEND_VMM="${qubes_backend_vmm}" -C "$dir"
done
}
#This package provides:
# * qubes rpc scripts
# * core linux tools and scripts
# * core systemd services and drop-ins
# * basic network functionality (setting IP address, DNS, default gateway)
package_qubes-vm-core() {
local release
[[ "$pkgver" =~ ^([0-9]+)\.([0-9]+)($|\.) ]] || {
echo 'invalid $pkgver'>&2
exit 1
}
release=${BASH_REMATCH[1]}.${BASH_REMATCH[2]}
depends=(qubes-vm-utils python-xdg ntp iproute2
gnome-packagekit imagemagick fakeroot notification-daemon dconf
zenity qubes-libvchan qubes-db-vm haveged python-gobject
python-dbus xdg-utils notification-daemon gawk sed procps-ng librsvg
socat pacman-contrib parted
# Block updating if there is a major python update as the python API will be in the wrong PYTHONPATH
#'python<3.10'
'python<3.11'
)
optdepends=(gnome-keyring gnome-settings-daemon python-nautilus gpk-update-viewer qubes-vm-networking qubes-vm-keyring)
install=PKGBUILD.install
cd "${srcdir}/${_gitname}/"
install -D -m 0644 -- boot/grub.qubes "$pkgdir/etc/default/grub.qubes"
# shellcheck disable=SC2154
make install-corevm DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux
make -C app-menu install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
make -C misc install DESTDIR="$pkgdir" install LIBDIR=/usr/lib SYSLIBDIR=/usr/lib
make -C qubes-rpc DESTDIR="$pkgdir" install
make -C qubes-rpc/kde DESTDIR="$pkgdir" install
make -C qubes-rpc/nautilus DESTDIR="$pkgdir" install
make -C qubes-rpc/thunar DESTDIR="$pkgdir" install
# Install systemd script allowing to automount /lib/modules
install -m 644 "$srcdir/PKGBUILD.qubes-ensure-lib-modules.service" "${pkgdir}/usr/lib/systemd/system/qubes-ensure-lib-modules.service"
# Install pacman hook to update desktop icons
mkdir -p "${pkgdir}/usr/share/libalpm/hooks/"
install -m 644 "$srcdir/PKGBUILD.qubes-update-desktop-icons.hook" "${pkgdir}/usr/share/libalpm/hooks/qubes-update-desktop-icons.hook"
# Install pacman.d drop-ins (at least 1 drop-in must be installed or pacman will fail)
mkdir -p -m 0755 "${pkgdir}/etc/pacman.d"
install -m 644 "$srcdir/PKGBUILD-qubes-pacman-options.conf" "${pkgdir}/etc/pacman.d/10-qubes-options.conf"
echo "Installing repository for release ${release}"
install -m 644 "$srcdir/PKGBUILD-qubes-repo-${release}.conf" "${pkgdir}/etc/pacman.d/99-qubes-repository-${release}.conf.disabled"
# Archlinux specific: enable autologin on tty1
mkdir -p "$pkgdir/etc/systemd/system/getty@tty1.service.d/"
cat <<EOF > "$pkgdir/etc/systemd/system/getty@tty1.service.d/autologin.conf"
[Service]
ExecStart=
ExecStart=-/sbin/agetty -o '-f -p -- \\u' --keep-baud 115200,38400,9600 %I linux
EOF
# Archlinux packaging guidelines: /var/run is a symlink to a tmpfs. Don't create it
rm -rf "$pkgdir/var/run"
}
#This package provides:
# * proxy service used by TemplateVMs to download updates
# * qubes-firewall service (FirewallVM)
#
#Integration of NetworkManager for Qubes VM:
# * make connections config persistent
# * adjust DNS redirections when needed
# * show/hide NetworkManager applet icon
#
package_qubes-vm-networking() {
pkgdesc="Qubes OS tools allowing to use a Qubes VM as a NetVM/ProxyVM"
depends=(qubes-vm-core qubes-vm-utils python iproute2
qubes-db-vm networkmanager iptables tinyproxy nftables
conntrack-tools
)
install=PKGBUILD-networking.install
cd "${srcdir}/${_gitname}/"
# shellcheck disable=SC2154
make -C network install DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux
make install-netvm DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux
}
package_qubes-vm-keyring() {
pkgdesc="Qubes OS Binary Repository Activation package and Keyring"
install=PKGBUILD-keyring.install
# Install keyring (will be activated through the .install file)
install -dm755 "${pkgdir}/usr/share/pacman/keyrings/"
install -m0644 PKGBUILD-keyring-keys "${pkgdir}/usr/share/pacman/keyrings/qubesos-vm.gpg"
install -m0644 PKGBUILD-keyring-trusted "${pkgdir}/usr/share/pacman/keyrings/qubesos-vm-trusted"
install -m0644 PKGBUILD-keyring-revoked "${pkgdir}/usr/share/pacman/keyrings/qubesos-vm-revoked"
}
package_qubes-vm-passwordless-root() {
pkgdesc="Qubes OS Passwordless root access from normal user"
cd "${srcdir}/${_gitname}/"
make -C passwordless-root install DESTDIR="$pkgdir" SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SYSTEM_DROPIN_DIR=/usr/lib/systemd/system USER_DROPIN_DIR=/usr/lib/systemd/user DIST=archlinux
}
|