[4.2] qubes-vm-core: fix apk proxy #36
4 changed files with 42 additions and 115 deletions
|
@ -10,7 +10,7 @@ subpackages="
|
||||||
$pkgname-pyc
|
$pkgname-pyc
|
||||||
"
|
"
|
||||||
pkgver=4.2.28
|
pkgver=4.2.28
|
||||||
pkgrel=0
|
pkgrel=3
|
||||||
_gittag="v$pkgver"
|
_gittag="v$pkgver"
|
||||||
pkgdesc="The Qubes core files for installation inside a Qubes VM."
|
pkgdesc="The Qubes core files for installation inside a Qubes VM."
|
||||||
arch="x86_64"
|
arch="x86_64"
|
||||||
|
@ -18,8 +18,8 @@ url="https://github.com/QubesOS/qubes-core-agent-linux"
|
||||||
license="GPL"
|
license="GPL"
|
||||||
options="!check" # No testsuite
|
options="!check" # No testsuite
|
||||||
depends="
|
depends="
|
||||||
coreutils
|
|
||||||
blkid
|
blkid
|
||||||
|
coreutils
|
||||||
dconf
|
dconf
|
||||||
desktop-file-utils
|
desktop-file-utils
|
||||||
device-mapper
|
device-mapper
|
||||||
|
@ -40,7 +40,6 @@ depends="
|
||||||
py3-dbus
|
py3-dbus
|
||||||
py3-gobject3
|
py3-gobject3
|
||||||
py3-xdg
|
py3-xdg
|
||||||
python3
|
|
||||||
qubes-db-vm
|
qubes-db-vm
|
||||||
qubes-libvchan-xen
|
qubes-libvchan-xen
|
||||||
qubes-vm-utils
|
qubes-vm-utils
|
||||||
|
@ -74,6 +73,7 @@ source="
|
||||||
qubes-sysinit.openrc
|
qubes-sysinit.openrc
|
||||||
qubes-updates-proxy-forwarder.openrc
|
qubes-updates-proxy-forwarder.openrc
|
||||||
qubes-updates-proxy.openrc
|
qubes-updates-proxy.openrc
|
||||||
|
apk-proxy.sh
|
||||||
qvm-sync-clock.sh
|
qvm-sync-clock.sh
|
||||||
setupip-do-not-use-systemctl.patch
|
setupip-do-not-use-systemctl.patch
|
||||||
"
|
"
|
||||||
|
@ -114,6 +114,9 @@ package() {
|
||||||
make -C network DESTDIR="$pkgdir" install
|
make -C network DESTDIR="$pkgdir" install
|
||||||
install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/.
|
install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/.
|
||||||
install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/.
|
install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/.
|
||||||
|
install -Dm644 "$srcdir"/apk-proxy.sh "$pkgdir"/etc/profile.d/apk-proxy.sh
|
||||||
|
install -dm755 "$pkgdir"/etc/bash
|
||||||
|
ln -s /etc/profile.d/apk-proxy.sh "$pkgdir"/etc/bash/apk-proxy.sh
|
||||||
|
|
||||||
for i in $source; do
|
for i in $source; do
|
||||||
case $i in
|
case $i in
|
||||||
|
@ -123,7 +126,6 @@ package() {
|
||||||
"$pkgdir"/etc/conf.d/${i%.*};;
|
"$pkgdir"/etc/conf.d/${i%.*};;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -145,7 +147,6 @@ networking() {
|
||||||
net-tools
|
net-tools
|
||||||
networkmanager
|
networkmanager
|
||||||
nftables
|
nftables
|
||||||
python3
|
|
||||||
qubes-db-vm
|
qubes-db-vm
|
||||||
qubes-vm-core
|
qubes-vm-core
|
||||||
qubes-vm-utils
|
qubes-vm-utils
|
||||||
|
@ -170,8 +171,9 @@ da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac
|
||||||
8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0 qubes-firewall.openrc
|
8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0 qubes-firewall.openrc
|
||||||
437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f qubes-iptables.openrc
|
437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f qubes-iptables.openrc
|
||||||
e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30 qubes-sysinit.openrc
|
e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30 qubes-sysinit.openrc
|
||||||
b1e8af2335955e52cf1817c56296f94f8c472e68d7a17a28f516fe4f5fa8a8053d4f9333efbb007a82a06f9442a4a6cfe5f9c751de07f337e47ee04cb18b9395 qubes-updates-proxy-forwarder.openrc
|
99ec0afc167866727072606aa183f0c7a539e68e0d8b9a57f6b9c129d3722c9135e1487eef438807d7138af0e669fb14608cbc1f1d5620ee9e995f294a8929f8 qubes-updates-proxy-forwarder.openrc
|
||||||
29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c qubes-updates-proxy.openrc
|
29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c qubes-updates-proxy.openrc
|
||||||
|
517d59e4699c24f23ccd59f5d4be3a519a426eee99d742c637fe1a9e69caa073621f4e9362c30182ba5a1a3eb0a769070c96e2c6b24cd8366a1f8f450a0b1c01 apk-proxy.sh
|
||||||
cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh
|
cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh
|
||||||
eb59321c800e65ce873085a1105b1b697d2a8ecaefcdaa8280a81d0082c0022653ecd746c7ec37e2c544265892afb77531effa17b0fa6c45a6a86925b513bdea setupip-do-not-use-systemctl.patch
|
eb59321c800e65ce873085a1105b1b697d2a8ecaefcdaa8280a81d0082c0022653ecd746c7ec37e2c544265892afb77531effa17b0fa6c45a6a86925b513bdea setupip-do-not-use-systemctl.patch
|
||||||
"
|
"
|
||||||
|
|
5
qubes-vm-core/apk-proxy.sh
Normal file
5
qubes-vm-core/apk-proxy.sh
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# Use the update proxy over the QubesOS RPC for apk
|
||||||
|
# /etc/init.d/qubes-updates-proxy-forwarder creates the socket to the proxy
|
||||||
|
alias apk='https_proxy="http://127.0.0.1:8082/" http_proxy="http://127.0.0.1:8082/" apk'
|
||||||
|
# allow aliases with sudo
|
||||||
|
alias sudo='sudo '
|
|
@ -1,116 +1,34 @@
|
||||||
#!/bin/bash
|
#!/sbin/openrc-run
|
||||||
#
|
|
||||||
# Updates proxy forwarder Startup script for the updates proxy forwarder
|
# Updates proxy forwarder Startup script for the updates proxy forwarder
|
||||||
#
|
|
||||||
# chkconfig: 345 85 15
|
|
||||||
# description: forwards connection to updates proxy over Qubes RPC
|
# description: forwards connection to updates proxy over Qubes RPC
|
||||||
#
|
# The clients should use the below shell variable exports:
|
||||||
# processname: ncat
|
# http_proxy="http://127.0.0.1:8082/"
|
||||||
# pidfile: /var/run/qubes-updates-proxy-forwarder.pid
|
# https_proxy="http://127.0.0.1:8082/"
|
||||||
#
|
# For apk, see the /etc/profile.d/apk-proxy.sh alias
|
||||||
|
|
||||||
# Source function library.
|
name=$RC_SVCNAME
|
||||||
# shellcheck disable=SC1091
|
cfgfile="/etc/qubes/$RC_SVCNAME.conf"
|
||||||
. /etc/init.d/functions.sh
|
command="/bin/busybox"
|
||||||
|
command_args="nc -lk -s 127.0.0.1 -p 8082 -e /usr/bin/qrexec-client-vm @default qubes.UpdatesProxy"
|
||||||
|
command_user="root"
|
||||||
|
pidfile="/run/qubes/$RC_SVCNAME.pid"
|
||||||
|
command_background="yes"
|
||||||
|
output_log="/var/log/qubes/$RC_SVCNAME.log"
|
||||||
|
error_log="/var/log/qubes/$RC_SVCNAME.err"
|
||||||
|
|
||||||
# Source Qubes library.
|
depend() {
|
||||||
# shellcheck source=init/functions
|
need qubes-qrexec-agent
|
||||||
. /usr/lib/qubes/init/functions
|
need net
|
||||||
|
|
||||||
# Check that networking is up.
|
|
||||||
[ "$NETWORKING" = "no" ] && exit 0
|
|
||||||
|
|
||||||
exec="/usr/bin/ncat"
|
|
||||||
prog=$(basename $exec)
|
|
||||||
pidfile="/var/run/qubes-updates-proxy-forwarder.pid"
|
|
||||||
|
|
||||||
# shellcheck disable=SC1091
|
|
||||||
[ -e /etc/sysconfig/qubes-updates-proxy-forwarder ] && . /etc/sysconfig/qubes-updates-proxy-forwarder
|
|
||||||
|
|
||||||
lockfile=/var/lock/subsys/qubes-updates-proxy-forwarder
|
|
||||||
|
|
||||||
start() {
|
|
||||||
have_qubesdb || return
|
|
||||||
|
|
||||||
if ! qsvc updates-proxy-setup ; then
|
|
||||||
# updates proxy configuration disabled
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if qsvc qubes-updates-proxy ; then
|
|
||||||
# updates proxy running here too, avoid looping traffic back to itself
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
[ -x $exec ] || exit 5
|
|
||||||
|
|
||||||
echo -n $"Starting $prog (as Qubes updates proxy forwarder): "
|
|
||||||
# shellcheck disable=SC2016
|
|
||||||
start-stop-daemon \
|
|
||||||
--exec $exec \
|
|
||||||
--pidfile "$pidfile" \
|
|
||||||
--make-pidfile \
|
|
||||||
--background \
|
|
||||||
--start \
|
|
||||||
-- \
|
|
||||||
-k -l -e 'qrexec-client-vm $default qubes.UpdatesProxy'
|
|
||||||
retval=$?
|
|
||||||
echo
|
|
||||||
[ $retval -eq 0 ] && touch $lockfile
|
|
||||||
return $retval
|
|
||||||
}
|
}
|
||||||
|
|
||||||
stop() {
|
start_pre() {
|
||||||
echo -n $"Stopping $prog: "
|
checkpath --directory --owner $command_user:qubes --mode 0775 \
|
||||||
killproc -p $pidfile "$prog"
|
/run/qubes \
|
||||||
retval=$?
|
/var/log/qubes \
|
||||||
echo
|
/var/run/qubes
|
||||||
[ $retval -eq 0 ] && rm -f $lockfile
|
# TODO should fail if qubes-update-proxy is running
|
||||||
return $retval
|
# if qsvc qubes-updates-proxy ; then
|
||||||
|
# # updates proxy running here too, avoid looping traffic back to itself
|
||||||
|
# exit 0
|
||||||
|
# fi
|
||||||
}
|
}
|
||||||
|
|
||||||
restart() {
|
|
||||||
stop
|
|
||||||
start
|
|
||||||
}
|
|
||||||
|
|
||||||
force_reload() {
|
|
||||||
restart
|
|
||||||
}
|
|
||||||
|
|
||||||
rh_status() {
|
|
||||||
status "$prog"
|
|
||||||
}
|
|
||||||
|
|
||||||
rh_status_q() {
|
|
||||||
rh_status >/dev/null 2>&1
|
|
||||||
}
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
start)
|
|
||||||
rh_status_q && exit 0
|
|
||||||
$1
|
|
||||||
;;
|
|
||||||
stop)
|
|
||||||
rh_status_q || exit 0
|
|
||||||
$1
|
|
||||||
;;
|
|
||||||
restart)
|
|
||||||
$1
|
|
||||||
;;
|
|
||||||
force-reload)
|
|
||||||
force_reload
|
|
||||||
;;
|
|
||||||
status)
|
|
||||||
rh_status
|
|
||||||
;;
|
|
||||||
condrestart|try-restart)
|
|
||||||
rh_status_q || exit 0
|
|
||||||
restart
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|force-reload}"
|
|
||||||
exit 2
|
|
||||||
esac
|
|
||||||
exit $?
|
|
||||||
|
|
||||||
|
|
2
qubes-vm-core/sudo-aliases.sh
Normal file
2
qubes-vm-core/sudo-aliases.sh
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
# allow aliases with sudo
|
||||||
|
alias sudo='sudo '
|
Loading…
Reference in a new issue