qubes-vm-core: fix apk proxy
This commit is contained in:
parent
aa1765e457
commit
e9fb57aa39
GPG key ID:
D62A472A4AA7D541
4 changed files with 42 additions and 115 deletions
|
|
@ -9,7 +9,7 @@ subpackages="
|
|||
$pkgname-doc
|
||||
"
|
||||
pkgver=4.1.44
|
||||
pkgrel=6
|
||||
pkgrel=7
|
||||
_gittag="v$pkgver"
|
||||
pkgdesc="The Qubes core files for installation inside a Qubes VM."
|
||||
arch="x86_64"
|
||||
|
|
@ -17,8 +17,8 @@ url="https://github.com/QubesOS/qubes-core-agent-linux"
|
|||
license="GPL"
|
||||
options="!check" # No testsuite
|
||||
depends="
|
||||
coreutils
|
||||
blkid
|
||||
coreutils
|
||||
dconf
|
||||
desktop-file-utils
|
||||
device-mapper
|
||||
|
|
@ -39,7 +39,6 @@ depends="
|
|||
py3-dbus
|
||||
py3-gobject3
|
||||
py3-xdg
|
||||
python3
|
||||
qubes-db-vm
|
||||
qubes-libvchan-xen
|
||||
qubes-vm-utils
|
||||
|
|
@ -73,6 +72,7 @@ source="
|
|||
qubes-sysinit.openrc
|
||||
qubes-updates-proxy-forwarder.openrc
|
||||
qubes-updates-proxy.openrc
|
||||
apk-proxy.sh
|
||||
qvm-sync-clock.sh
|
||||
"
|
||||
builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v}
|
||||
|
|
@ -112,6 +112,9 @@ package() {
|
|||
make -C network DESTDIR="$pkgdir" install
|
||||
install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/.
|
||||
install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/.
|
||||
install -Dm644 "$srcdir"/apk-proxy.sh "$pkgdir"/etc/profile.d/apk-proxy.sh
|
||||
install -dm755 "$pkgdir"/etc/bash
|
||||
ln -s /etc/profile.d/apk-proxy.sh "$pkgdir"/etc/bash/apk-proxy.sh
|
||||
|
||||
for i in $source; do
|
||||
case $i in
|
||||
|
|
@ -121,7 +124,6 @@ package() {
|
|||
"$pkgdir"/etc/conf.d/${i%.*};;
|
||||
esac
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -143,7 +145,6 @@ networking() {
|
|||
net-tools
|
||||
networkmanager
|
||||
nftables
|
||||
python3
|
||||
qubes-db-vm
|
||||
qubes-vm-core
|
||||
qubes-vm-utils
|
||||
|
|
@ -168,7 +169,8 @@ da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac
|
|||
8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0 qubes-firewall.openrc
|
||||
437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f qubes-iptables.openrc
|
||||
e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30 qubes-sysinit.openrc
|
||||
b1e8af2335955e52cf1817c56296f94f8c472e68d7a17a28f516fe4f5fa8a8053d4f9333efbb007a82a06f9442a4a6cfe5f9c751de07f337e47ee04cb18b9395 qubes-updates-proxy-forwarder.openrc
|
||||
99ec0afc167866727072606aa183f0c7a539e68e0d8b9a57f6b9c129d3722c9135e1487eef438807d7138af0e669fb14608cbc1f1d5620ee9e995f294a8929f8 qubes-updates-proxy-forwarder.openrc
|
||||
29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c qubes-updates-proxy.openrc
|
||||
517d59e4699c24f23ccd59f5d4be3a519a426eee99d742c637fe1a9e69caa073621f4e9362c30182ba5a1a3eb0a769070c96e2c6b24cd8366a1f8f450a0b1c01 apk-proxy.sh
|
||||
cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh
|
||||
"
|
||||
|
|
|
|||
5
qubes-vm-core/apk-proxy.sh
Normal file
5
qubes-vm-core/apk-proxy.sh
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
# Use the update proxy over the QubesOS RPC for apk
|
||||
# /etc/init.d/qubes-updates-proxy-forwarder creates the socket to the proxy
|
||||
alias apk='https_proxy="http://127.0.0.1:8082/" http_proxy="http://127.0.0.1:8082/" apk'
|
||||
# allow aliases with sudo
|
||||
alias sudo='sudo '
|
||||
|
|
@ -1,116 +1,34 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
#!/sbin/openrc-run
|
||||
# Updates proxy forwarder Startup script for the updates proxy forwarder
|
||||
#
|
||||
# chkconfig: 345 85 15
|
||||
# description: forwards connection to updates proxy over Qubes RPC
|
||||
#
|
||||
# processname: ncat
|
||||
# pidfile: /var/run/qubes-updates-proxy-forwarder.pid
|
||||
#
|
||||
# The clients should use the below shell variable exports:
|
||||
# http_proxy="http://127.0.0.1:8082/"
|
||||
# https_proxy="http://127.0.0.1:8082/"
|
||||
# For apk, see the /etc/profile.d/apk-proxy.sh alias
|
||||
|
||||
# Source function library.
|
||||
# shellcheck disable=SC1091
|
||||
. /etc/init.d/functions.sh
|
||||
name=$RC_SVCNAME
|
||||
cfgfile="/etc/qubes/$RC_SVCNAME.conf"
|
||||
command="/bin/busybox"
|
||||
command_args="nc -lk -s 127.0.0.1 -p 8082 -e /usr/bin/qrexec-client-vm @default qubes.UpdatesProxy"
|
||||
command_user="root"
|
||||
pidfile="/run/qubes/$RC_SVCNAME.pid"
|
||||
command_background="yes"
|
||||
output_log="/var/log/qubes/$RC_SVCNAME.log"
|
||||
error_log="/var/log/qubes/$RC_SVCNAME.err"
|
||||
|
||||
# Source Qubes library.
|
||||
# shellcheck source=init/functions
|
||||
. /usr/lib/qubes/init/functions
|
||||
|
||||
# Check that networking is up.
|
||||
[ "$NETWORKING" = "no" ] && exit 0
|
||||
|
||||
exec="/usr/bin/ncat"
|
||||
prog=$(basename $exec)
|
||||
pidfile="/var/run/qubes-updates-proxy-forwarder.pid"
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
[ -e /etc/sysconfig/qubes-updates-proxy-forwarder ] && . /etc/sysconfig/qubes-updates-proxy-forwarder
|
||||
|
||||
lockfile=/var/lock/subsys/qubes-updates-proxy-forwarder
|
||||
|
||||
start() {
|
||||
have_qubesdb || return
|
||||
|
||||
if ! qsvc updates-proxy-setup ; then
|
||||
# updates proxy configuration disabled
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if qsvc qubes-updates-proxy ; then
|
||||
# updates proxy running here too, avoid looping traffic back to itself
|
||||
exit 0
|
||||
fi
|
||||
|
||||
[ -x $exec ] || exit 5
|
||||
|
||||
echo -n $"Starting $prog (as Qubes updates proxy forwarder): "
|
||||
# shellcheck disable=SC2016
|
||||
start-stop-daemon \
|
||||
--exec $exec \
|
||||
--pidfile "$pidfile" \
|
||||
--make-pidfile \
|
||||
--background \
|
||||
--start \
|
||||
-- \
|
||||
-k -l -e 'qrexec-client-vm $default qubes.UpdatesProxy'
|
||||
retval=$?
|
||||
echo
|
||||
[ $retval -eq 0 ] && touch $lockfile
|
||||
return $retval
|
||||
depend() {
|
||||
need qubes-qrexec-agent
|
||||
need net
|
||||
}
|
||||
|
||||
stop() {
|
||||
echo -n $"Stopping $prog: "
|
||||
killproc -p $pidfile "$prog"
|
||||
retval=$?
|
||||
echo
|
||||
[ $retval -eq 0 ] && rm -f $lockfile
|
||||
return $retval
|
||||
start_pre() {
|
||||
checkpath --directory --owner $command_user:qubes --mode 0775 \
|
||||
/run/qubes \
|
||||
/var/log/qubes \
|
||||
/var/run/qubes
|
||||
# TODO should fail if qubes-update-proxy is running
|
||||
# if qsvc qubes-updates-proxy ; then
|
||||
# # updates proxy running here too, avoid looping traffic back to itself
|
||||
# exit 0
|
||||
# fi
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
||||
force_reload() {
|
||||
restart
|
||||
}
|
||||
|
||||
rh_status() {
|
||||
status "$prog"
|
||||
}
|
||||
|
||||
rh_status_q() {
|
||||
rh_status >/dev/null 2>&1
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
rh_status_q && exit 0
|
||||
$1
|
||||
;;
|
||||
stop)
|
||||
rh_status_q || exit 0
|
||||
$1
|
||||
;;
|
||||
restart)
|
||||
$1
|
||||
;;
|
||||
force-reload)
|
||||
force_reload
|
||||
;;
|
||||
status)
|
||||
rh_status
|
||||
;;
|
||||
condrestart|try-restart)
|
||||
rh_status_q || exit 0
|
||||
restart
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|force-reload}"
|
||||
exit 2
|
||||
esac
|
||||
exit $?
|
||||
|
||||
|
|
|
|||
2
qubes-vm-core/sudo-aliases.sh
Normal file
2
qubes-vm-core/sudo-aliases.sh
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
# allow aliases with sudo
|
||||
alias sudo='sudo '
|
||||
Loading…
Reference in a new issue