Merge remote-tracking branch 'origin/pr/48'
* origin/pr/48: Add some comments to qubes.repos.List Don't write a trailing newline in qubes.repos.List Add qubes.repos.* services to the RPMs Print `ok` for repo enable/disable success Use qrexec service arguments Properly set the umask for repo files Enable/disable repos atomically Use Python whitespace conventions Rename admin.repos.* to qubes.repos.* Add admin.repos.* qrexec services
This commit is contained in:
Marek Marczykowski-Górecki
commit
8800a08150
7
qubes-rpc-policy/qubes.repos.Disable
Normal file
7
qubes-rpc-policy/qubes.repos.Disable
Normal file
@ -0,0 +1,7 @@
|
||||
## Note that policy parsing stops at the first match,
|
||||
## so adding anything below "$anyvm $anyvm action" line will have no effect
|
||||
|
||||
## Please use a single # to start your custom comments
|
||||
|
||||
dom0 dom0 allow
|
||||
$anyvm $anyvm deny
|
||||
7
qubes-rpc-policy/qubes.repos.Enable
Normal file
7
qubes-rpc-policy/qubes.repos.Enable
Normal file
@ -0,0 +1,7 @@
|
||||
## Note that policy parsing stops at the first match,
|
||||
## so adding anything below "$anyvm $anyvm action" line will have no effect
|
||||
|
||||
## Please use a single # to start your custom comments
|
||||
|
||||
dom0 dom0 allow
|
||||
$anyvm $anyvm deny
|
||||
7
qubes-rpc-policy/qubes.repos.List
Normal file
7
qubes-rpc-policy/qubes.repos.List
Normal file
@ -0,0 +1,7 @@
|
||||
## Note that policy parsing stops at the first match,
|
||||
## so adding anything below "$anyvm $anyvm action" line will have no effect
|
||||
|
||||
## Please use a single # to start your custom comments
|
||||
|
||||
dom0 dom0 allow
|
||||
$anyvm $anyvm deny
|
||||
32
qubes-rpc/qubes.repos.Disable
Executable file
32
qubes-rpc/qubes.repos.Disable
Executable file
@ -0,0 +1,32 @@
|
||||
#!/usr/bin/python3
|
||||
|
||||
# `ok` on stdout indicates success; any stderr output indicates an error
|
||||
# (probably an exception)
|
||||
|
||||
import dnf
|
||||
import iniparse
|
||||
import os
|
||||
import sys
|
||||
|
||||
os.umask(0o022)
|
||||
|
||||
base = dnf.Base()
|
||||
|
||||
base.read_all_repos()
|
||||
|
||||
reponame = sys.argv[1]
|
||||
repo = base.repos[reponame]
|
||||
|
||||
# Loosely based on write_raw_configfile() from DNF source code, because
|
||||
# that method was introduced in DNF 2.0 but Qubes dom0 has DNF 1.x.
|
||||
with open(repo.repofile) as fp:
|
||||
ini = iniparse.INIConfig(fp)
|
||||
|
||||
ini[reponame]['enabled'] = 0
|
||||
|
||||
with open(repo.repofile + '.new', 'w') as fp:
|
||||
fp.write(str(ini))
|
||||
|
||||
os.rename(repo.repofile + '.new', repo.repofile)
|
||||
|
||||
print('ok')
|
||||
32
qubes-rpc/qubes.repos.Enable
Executable file
32
qubes-rpc/qubes.repos.Enable
Executable file
@ -0,0 +1,32 @@
|
||||
#!/usr/bin/python3
|
||||
|
||||
# `ok` on stdout indicates success; any stderr output indicates an error
|
||||
# (probably an exception)
|
||||
|
||||
import dnf
|
||||
import iniparse
|
||||
import os
|
||||
import sys
|
||||
|
||||
os.umask(0o022)
|
||||
|
||||
base = dnf.Base()
|
||||
|
||||
base.read_all_repos()
|
||||
|
||||
reponame = sys.argv[1]
|
||||
repo = base.repos[reponame]
|
||||
|
||||
# Loosely based on write_raw_configfile() from DNF source code, because
|
||||
# that method was introduced in DNF 2.0 but Qubes dom0 has DNF 1.x.
|
||||
with open(repo.repofile) as fp:
|
||||
ini = iniparse.INIConfig(fp)
|
||||
|
||||
ini[reponame]['enabled'] = 1
|
||||
|
||||
with open(repo.repofile + '.new', 'w') as fp:
|
||||
fp.write(str(ini))
|
||||
|
||||
os.rename(repo.repofile + '.new', repo.repofile)
|
||||
|
||||
print('ok')
|
||||
17
qubes-rpc/qubes.repos.List
Executable file
17
qubes-rpc/qubes.repos.List
Executable file
@ -0,0 +1,17 @@
|
||||
#!/usr/bin/python3
|
||||
|
||||
# Records in the output are separated by newlines; fields are separated by \0
|
||||
# Each record is unique_id:pretty_name:enabled
|
||||
|
||||
import dnf
|
||||
|
||||
base = dnf.Base()
|
||||
|
||||
base.read_all_repos()
|
||||
|
||||
first = True
|
||||
for repo in base.repos.all():
|
||||
l = [repo.id, repo.name, 'enabled' if repo.enabled else 'disabled']
|
||||
if not first: print()
|
||||
first = False
|
||||
print('\0'.join(l), end='')
|
||||
@ -96,6 +96,12 @@ install -m 0664 -D dom0-updates/qubes.ReceiveUpdates.policy $RPM_BUILD_ROOT/etc/
|
||||
|
||||
install -d $RPM_BUILD_ROOT/var/lib/qubes/updates
|
||||
|
||||
# Qrexec services
|
||||
mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes/qubes-rpc $RPM_BUILD_ROOT/etc/qubes-rpc/policy
|
||||
cp qubes-rpc/* $RPM_BUILD_ROOT/usr/lib/qubes/qubes-rpc/
|
||||
for i in qubes-rpc/*; do ln -s ../../usr/lib/qubes/$i $RPM_BUILD_ROOT/etc/qubes-rpc/$(basename $i); done
|
||||
cp qubes-rpc-policy/* $RPM_BUILD_ROOT/etc/qubes-rpc/policy/
|
||||
|
||||
### pm-utils
|
||||
mkdir -p $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d
|
||||
cp pm-utils/52qubes-pause-vms $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/
|
||||
@ -197,6 +203,12 @@ chmod -x /etc/grub.d/10_linux
|
||||
/etc/qubes-rpc/qubes.ReceiveUpdates
|
||||
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.ReceiveUpdates
|
||||
%attr(0770,root,qubes) %dir /var/lib/qubes/updates
|
||||
# Qrexec services
|
||||
/etc/qubes-rpc/qubes.repos.*
|
||||
/usr/lib/qubes/qubes-rpc/qubes.repos.*
|
||||
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.repos.List
|
||||
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.repos.Enable
|
||||
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.repos.Disable
|
||||
# Dracut module
|
||||
/etc/dracut.conf.d/*
|
||||
%dir %{_dracutmoddir}/90qubes-pciback
|
||||
|
||||
Loading…
Reference in New Issue
Block a user