From 9e67a17f6b54c14a96f96b5b47a89c8ef0131289 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 13 Aug 2023 23:34:19 -0400 Subject: [PATCH] qubes-vm-qrexec: initial import from user-aports --- qubes-vm-qrexec/APKBUILD | 59 +++++++++++++++++++ ...xec-fork-server-undef-fortify-source.patch | 12 ++++ qubes-vm-qrexec/qubes-qrexec-agent.openrc | 22 +++++++ 3 files changed, 93 insertions(+) create mode 100644 qubes-vm-qrexec/APKBUILD create mode 100644 qubes-vm-qrexec/agent-qrexec-fork-server-undef-fortify-source.patch create mode 100644 qubes-vm-qrexec/qubes-qrexec-agent.openrc diff --git a/qubes-vm-qrexec/APKBUILD b/qubes-vm-qrexec/APKBUILD new file mode 100644 index 0000000..812146d --- /dev/null +++ b/qubes-vm-qrexec/APKBUILD @@ -0,0 +1,59 @@ +# Maintainer: Antoine Martin (ayakael) +# Contributor: Antoine Martin (ayakael) + +pkgname=qubes-vm-qrexec +subpackages="$pkgname-openrc $pkgname-doc" +pkgver=4.1.20 +_gittag="v$pkgver" +pkgrel=0 +pkgdesc="The Qubes qrexec files (qube side)" +arch="x86_64" +url="https://github.com/QubesOS/qubes-core-qrexec" +license='GPL' +depends="qubes-libvchan-xen" +options="!check" # No testsuite +makedepends=" + gcc + make + pandoc + pkgconf + py3-setuptools + lld + qubes-libvchan-xen-dev + " +source=" + $pkgname-$_gittag.tar.gz::https://github.com/QubesOS/qubes-core-qrexec/archive/refs/tags/$_gittag.tar.gz + qubes-qrexec-agent.openrc + agent-qrexec-fork-server-undef-fortify-source.patch + " +builddir="$srcdir/qubes-core-qrexec-${_gittag/v}" + +prepare() { + default_prepare + # remove all -Werror + msg "Eradicating -Werror..." + find . \( -name '*.mk' -o -name 'Make*' \) -exec sed -i -e 's/-Werror//g' {} + +} + +build() { + make all-base + make all-vm + + # change all shebangs to bash as expected + # shellcheck disable=SC2013 + for i in $(grep '/bin/sh' -RlI .); do + sed -i 's|/bin/sh|/bin/bash|' "$i" + done +} + +package() { + export LDFLAGS="$LDFLAGS -fuse-ld=lld" + make install-base DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib + make install-vm DESTDIR="$pkgdir" SBINDIR=/sbin LIBDIR=/usr/lib SYSLIBDIR=/lib + install -Dm 755 "$srcdir"/qubes-qrexec-agent.openrc "$pkgdir"/etc/init.d/qubes-qrexec-agent +} +sha512sums=" +650d6ae2a48dddc8207b0b1466024fc2bc48b6d10f11ba35411fa1e44049ddc5d1fe9ca77d968598444db34bac8fb781b6fa4c837846af52161dbf246f3a99fb qubes-vm-qrexec-v4.1.20.tar.gz +e2dd5cace82e881c40d5d37c69f7327fbabde81c9d23283de23de9f1197b7b018ef07a8d90e95c61bd249426d9d8297e7cb372333245941ffa0682c90ea3461f qubes-qrexec-agent.openrc +69b88c8d344f0d575eac398937040ba39a0d8fb8ea0a2b160c48d84775e1da4e226a76f3c5d3be7b045f577b634bb35cd5c5536248e18117c4121a38f9f3bf13 agent-qrexec-fork-server-undef-fortify-source.patch +" diff --git a/qubes-vm-qrexec/agent-qrexec-fork-server-undef-fortify-source.patch b/qubes-vm-qrexec/agent-qrexec-fork-server-undef-fortify-source.patch new file mode 100644 index 0000000..f0b62f1 --- /dev/null +++ b/qubes-vm-qrexec/agent-qrexec-fork-server-undef-fortify-source.patch @@ -0,0 +1,12 @@ +diff --git a/agent/qrexec-fork-server.c b/agent/qrexec-fork-server.c +index e9bcab7..655d138 100644 +--- a/agent/qrexec-fork-server.c ++++ b/agent/qrexec-fork-server.c +@@ -32,6 +32,7 @@ + #include + #include "libqrexec-utils.h" + #include "qrexec-agent.h" ++#undef _FORTIFY_SOURCE + + extern char **environ; + const bool qrexec_is_fork_server = true; diff --git a/qubes-vm-qrexec/qubes-qrexec-agent.openrc b/qubes-vm-qrexec/qubes-qrexec-agent.openrc new file mode 100644 index 0000000..81d5281 --- /dev/null +++ b/qubes-vm-qrexec/qubes-qrexec-agent.openrc @@ -0,0 +1,22 @@ +#!/sbin/openrc-run + +name=$RC_SVCNAME +cfgfile="/etc/qubes/$RC_SVCNAME.conf" +command="/usr/lib/qubes/qrexec-agent" +command_args="" +command_user="root" +pidfile="/run/qubes/$RC_SVCNAME.pid" +start_stop_daemon_args="" +command_background="yes" +output_log="/var/log/qubes/$RC_SVCNAME.log" +error_log="/var/log/qubes/$RC_SVCNAME.err" + +depend() { + need xendriverdomain +} + +start_pre() { + /bin/sh -c '[ -e /dev/xen/evtchn ] || modprobe xen_evtchn' + checkpath --directory --owner $command_user:qubes --mode 0775 \ + /run/qubes /var/log/qubes +}