[4.1] qubes-vm-core: fix apk proxy #37

Merged
ayakael merged 1 commit from qubes-vm-core/fix-apk-proxy-41 into r4.1 2024-02-08 18:01:57 +00:00
4 changed files with 42 additions and 115 deletions

View file

@ -9,7 +9,7 @@ subpackages="
$pkgname-doc $pkgname-doc
" "
pkgver=4.1.44 pkgver=4.1.44
pkgrel=6 pkgrel=7
_gittag="v$pkgver" _gittag="v$pkgver"
pkgdesc="The Qubes core files for installation inside a Qubes VM." pkgdesc="The Qubes core files for installation inside a Qubes VM."
arch="x86_64" arch="x86_64"
@ -17,8 +17,8 @@ url="https://github.com/QubesOS/qubes-core-agent-linux"
license="GPL" license="GPL"
options="!check" # No testsuite options="!check" # No testsuite
depends=" depends="
coreutils
blkid blkid
coreutils
dconf dconf
desktop-file-utils desktop-file-utils
device-mapper device-mapper
@ -39,7 +39,6 @@ depends="
py3-dbus py3-dbus
py3-gobject3 py3-gobject3
py3-xdg py3-xdg
python3
qubes-db-vm qubes-db-vm
qubes-libvchan-xen qubes-libvchan-xen
qubes-vm-utils qubes-vm-utils
@ -73,6 +72,7 @@ source="
qubes-sysinit.openrc qubes-sysinit.openrc
qubes-updates-proxy-forwarder.openrc qubes-updates-proxy-forwarder.openrc
qubes-updates-proxy.openrc qubes-updates-proxy.openrc
apk-proxy.sh
qvm-sync-clock.sh qvm-sync-clock.sh
" "
builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v} builddir="$srcdir"/qubes-core-agent-linux-${_gittag/v}
@ -112,6 +112,9 @@ package() {
make -C network DESTDIR="$pkgdir" install make -C network DESTDIR="$pkgdir" install
install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/. install -Dm755 "$builddir"/network/update-proxy-configs "$pkgdir"/usr/lib/qubes/.
install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/. install -Dm755 "$srcdir"/qvm-sync-clock.sh "$pkgdir"/etc/qubes/suspend-post.d/.
install -Dm644 "$srcdir"/apk-proxy.sh "$pkgdir"/etc/profile.d/apk-proxy.sh
install -dm755 "$pkgdir"/etc/bash
ln -s /etc/profile.d/apk-proxy.sh "$pkgdir"/etc/bash/apk-proxy.sh
for i in $source; do for i in $source; do
case $i in case $i in
@ -121,7 +124,6 @@ package() {
"$pkgdir"/etc/conf.d/${i%.*};; "$pkgdir"/etc/conf.d/${i%.*};;
esac esac
done done
} }
@ -143,7 +145,6 @@ networking() {
net-tools net-tools
networkmanager networkmanager
nftables nftables
python3
qubes-db-vm qubes-db-vm
qubes-vm-core qubes-vm-core
qubes-vm-utils qubes-vm-utils
@ -168,7 +169,8 @@ da8e293520f5fce29ce76d7586e8ce1a4164798a1214079fb554c690264da1d774fdad3f45825aac
8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0 qubes-firewall.openrc 8f1ea1b6bfb4d3089a51cc3e325861ee7b644f743b2652bf61789933adedefdbc743a61567ad980d2a6077647eb61570b68a056125abaab2a67166d249a961b0 qubes-firewall.openrc
437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f qubes-iptables.openrc 437a3dc443c5b0311c5dc8f792739eef89e38b2e854b9a5bb248211dd0eb0f26c1d79588ca2b4b63236b8bed0d735be6b2265d8328885730a8aa5f854301d61f qubes-iptables.openrc
e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30 qubes-sysinit.openrc e9096560e4ee4cad836b686e18eb6dbac729227683eda2f0c8b3541c909f64de3489dbb66e3752014deab69cbfae7885bc15b9bb7e3942c02e40328337b9ef30 qubes-sysinit.openrc
b1e8af2335955e52cf1817c56296f94f8c472e68d7a17a28f516fe4f5fa8a8053d4f9333efbb007a82a06f9442a4a6cfe5f9c751de07f337e47ee04cb18b9395 qubes-updates-proxy-forwarder.openrc 99ec0afc167866727072606aa183f0c7a539e68e0d8b9a57f6b9c129d3722c9135e1487eef438807d7138af0e669fb14608cbc1f1d5620ee9e995f294a8929f8 qubes-updates-proxy-forwarder.openrc
29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c qubes-updates-proxy.openrc 29d316b9f48cad15f6e22aaa67b228a5e4893ded86463dbe25b3cc68301b961473e79c01f003b1665e217ad4af2e618625442250d5607c1c16462e3f5eed069c qubes-updates-proxy.openrc
517d59e4699c24f23ccd59f5d4be3a519a426eee99d742c637fe1a9e69caa073621f4e9362c30182ba5a1a3eb0a769070c96e2c6b24cd8366a1f8f450a0b1c01 apk-proxy.sh
cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh cca9f49422fa25cd5f3942dce8edd3ecff080bf5c407a7a790b438bedea054f39a4a3d8c179b44c4c08fc490b597e14d00dad9b0240861e83957e0af7aa6475d qvm-sync-clock.sh
" "

View file

@ -0,0 +1,5 @@
# Use the update proxy over the QubesOS RPC for apk
# /etc/init.d/qubes-updates-proxy-forwarder creates the socket to the proxy
alias apk='https_proxy="http://127.0.0.1:8082/" http_proxy="http://127.0.0.1:8082/" apk'
# allow aliases with sudo
alias sudo='sudo '

View file

@ -1,116 +1,34 @@
#!/bin/bash #!/sbin/openrc-run
#
# Updates proxy forwarder Startup script for the updates proxy forwarder # Updates proxy forwarder Startup script for the updates proxy forwarder
#
# chkconfig: 345 85 15
# description: forwards connection to updates proxy over Qubes RPC # description: forwards connection to updates proxy over Qubes RPC
# # The clients should use the below shell variable exports:
# processname: ncat # http_proxy="http://127.0.0.1:8082/"
# pidfile: /var/run/qubes-updates-proxy-forwarder.pid # https_proxy="http://127.0.0.1:8082/"
# # For apk, see the /etc/profile.d/apk-proxy.sh alias
# Source function library. name=$RC_SVCNAME
# shellcheck disable=SC1091 cfgfile="/etc/qubes/$RC_SVCNAME.conf"
. /etc/init.d/functions.sh command="/bin/busybox"
command_args="nc -lk -s 127.0.0.1 -p 8082 -e /usr/bin/qrexec-client-vm @default qubes.UpdatesProxy"
command_user="root"
pidfile="/run/qubes/$RC_SVCNAME.pid"
command_background="yes"
output_log="/var/log/qubes/$RC_SVCNAME.log"
error_log="/var/log/qubes/$RC_SVCNAME.err"
# Source Qubes library. depend() {
# shellcheck source=init/functions need qubes-qrexec-agent
. /usr/lib/qubes/init/functions need net
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
exec="/usr/bin/ncat"
prog=$(basename $exec)
pidfile="/var/run/qubes-updates-proxy-forwarder.pid"
# shellcheck disable=SC1091
[ -e /etc/sysconfig/qubes-updates-proxy-forwarder ] && . /etc/sysconfig/qubes-updates-proxy-forwarder
lockfile=/var/lock/subsys/qubes-updates-proxy-forwarder
start() {
have_qubesdb || return
if ! qsvc updates-proxy-setup ; then
# updates proxy configuration disabled
exit 0
fi
if qsvc qubes-updates-proxy ; then
# updates proxy running here too, avoid looping traffic back to itself
exit 0
fi
[ -x $exec ] || exit 5
echo -n $"Starting $prog (as Qubes updates proxy forwarder): "
# shellcheck disable=SC2016
start-stop-daemon \
--exec $exec \
--pidfile "$pidfile" \
--make-pidfile \
--background \
--start \
-- \
-k -l -e 'qrexec-client-vm $default qubes.UpdatesProxy'
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
} }
stop() { start_pre() {
echo -n $"Stopping $prog: " checkpath --directory --owner $command_user:qubes --mode 0775 \
killproc -p $pidfile "$prog" /run/qubes \
retval=$? /var/log/qubes \
echo /var/run/qubes
[ $retval -eq 0 ] && rm -f $lockfile # TODO should fail if qubes-update-proxy is running
return $retval # if qsvc qubes-updates-proxy ; then
# # updates proxy running here too, avoid looping traffic back to itself
# exit 0
# fi
} }
restart() {
stop
start
}
force_reload() {
restart
}
rh_status() {
status "$prog"
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|force-reload}"
exit 2
esac
exit $?

View file

@ -0,0 +1,2 @@
# allow aliases with sudo
alias sudo='sudo '