Merge remote-tracking branch 'origin/pr/48'
* origin/pr/48: Add some comments to qubes.repos.List Don't write a trailing newline in qubes.repos.List Add qubes.repos.* services to the RPMs Print `ok` for repo enable/disable success Use qrexec service arguments Properly set the umask for repo files Enable/disable repos atomically Use Python whitespace conventions Rename admin.repos.* to qubes.repos.* Add admin.repos.* qrexec services
This commit is contained in:
commit
8800a08150
7
qubes-rpc-policy/qubes.repos.Disable
Normal file
7
qubes-rpc-policy/qubes.repos.Disable
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
## Note that policy parsing stops at the first match,
|
||||||
|
## so adding anything below "$anyvm $anyvm action" line will have no effect
|
||||||
|
|
||||||
|
## Please use a single # to start your custom comments
|
||||||
|
|
||||||
|
dom0 dom0 allow
|
||||||
|
$anyvm $anyvm deny
|
7
qubes-rpc-policy/qubes.repos.Enable
Normal file
7
qubes-rpc-policy/qubes.repos.Enable
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
## Note that policy parsing stops at the first match,
|
||||||
|
## so adding anything below "$anyvm $anyvm action" line will have no effect
|
||||||
|
|
||||||
|
## Please use a single # to start your custom comments
|
||||||
|
|
||||||
|
dom0 dom0 allow
|
||||||
|
$anyvm $anyvm deny
|
7
qubes-rpc-policy/qubes.repos.List
Normal file
7
qubes-rpc-policy/qubes.repos.List
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
## Note that policy parsing stops at the first match,
|
||||||
|
## so adding anything below "$anyvm $anyvm action" line will have no effect
|
||||||
|
|
||||||
|
## Please use a single # to start your custom comments
|
||||||
|
|
||||||
|
dom0 dom0 allow
|
||||||
|
$anyvm $anyvm deny
|
32
qubes-rpc/qubes.repos.Disable
Executable file
32
qubes-rpc/qubes.repos.Disable
Executable file
@ -0,0 +1,32 @@
|
|||||||
|
#!/usr/bin/python3
|
||||||
|
|
||||||
|
# `ok` on stdout indicates success; any stderr output indicates an error
|
||||||
|
# (probably an exception)
|
||||||
|
|
||||||
|
import dnf
|
||||||
|
import iniparse
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
|
||||||
|
os.umask(0o022)
|
||||||
|
|
||||||
|
base = dnf.Base()
|
||||||
|
|
||||||
|
base.read_all_repos()
|
||||||
|
|
||||||
|
reponame = sys.argv[1]
|
||||||
|
repo = base.repos[reponame]
|
||||||
|
|
||||||
|
# Loosely based on write_raw_configfile() from DNF source code, because
|
||||||
|
# that method was introduced in DNF 2.0 but Qubes dom0 has DNF 1.x.
|
||||||
|
with open(repo.repofile) as fp:
|
||||||
|
ini = iniparse.INIConfig(fp)
|
||||||
|
|
||||||
|
ini[reponame]['enabled'] = 0
|
||||||
|
|
||||||
|
with open(repo.repofile + '.new', 'w') as fp:
|
||||||
|
fp.write(str(ini))
|
||||||
|
|
||||||
|
os.rename(repo.repofile + '.new', repo.repofile)
|
||||||
|
|
||||||
|
print('ok')
|
32
qubes-rpc/qubes.repos.Enable
Executable file
32
qubes-rpc/qubes.repos.Enable
Executable file
@ -0,0 +1,32 @@
|
|||||||
|
#!/usr/bin/python3
|
||||||
|
|
||||||
|
# `ok` on stdout indicates success; any stderr output indicates an error
|
||||||
|
# (probably an exception)
|
||||||
|
|
||||||
|
import dnf
|
||||||
|
import iniparse
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
|
||||||
|
os.umask(0o022)
|
||||||
|
|
||||||
|
base = dnf.Base()
|
||||||
|
|
||||||
|
base.read_all_repos()
|
||||||
|
|
||||||
|
reponame = sys.argv[1]
|
||||||
|
repo = base.repos[reponame]
|
||||||
|
|
||||||
|
# Loosely based on write_raw_configfile() from DNF source code, because
|
||||||
|
# that method was introduced in DNF 2.0 but Qubes dom0 has DNF 1.x.
|
||||||
|
with open(repo.repofile) as fp:
|
||||||
|
ini = iniparse.INIConfig(fp)
|
||||||
|
|
||||||
|
ini[reponame]['enabled'] = 1
|
||||||
|
|
||||||
|
with open(repo.repofile + '.new', 'w') as fp:
|
||||||
|
fp.write(str(ini))
|
||||||
|
|
||||||
|
os.rename(repo.repofile + '.new', repo.repofile)
|
||||||
|
|
||||||
|
print('ok')
|
17
qubes-rpc/qubes.repos.List
Executable file
17
qubes-rpc/qubes.repos.List
Executable file
@ -0,0 +1,17 @@
|
|||||||
|
#!/usr/bin/python3
|
||||||
|
|
||||||
|
# Records in the output are separated by newlines; fields are separated by \0
|
||||||
|
# Each record is unique_id:pretty_name:enabled
|
||||||
|
|
||||||
|
import dnf
|
||||||
|
|
||||||
|
base = dnf.Base()
|
||||||
|
|
||||||
|
base.read_all_repos()
|
||||||
|
|
||||||
|
first = True
|
||||||
|
for repo in base.repos.all():
|
||||||
|
l = [repo.id, repo.name, 'enabled' if repo.enabled else 'disabled']
|
||||||
|
if not first: print()
|
||||||
|
first = False
|
||||||
|
print('\0'.join(l), end='')
|
@ -96,6 +96,12 @@ install -m 0664 -D dom0-updates/qubes.ReceiveUpdates.policy $RPM_BUILD_ROOT/etc/
|
|||||||
|
|
||||||
install -d $RPM_BUILD_ROOT/var/lib/qubes/updates
|
install -d $RPM_BUILD_ROOT/var/lib/qubes/updates
|
||||||
|
|
||||||
|
# Qrexec services
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes/qubes-rpc $RPM_BUILD_ROOT/etc/qubes-rpc/policy
|
||||||
|
cp qubes-rpc/* $RPM_BUILD_ROOT/usr/lib/qubes/qubes-rpc/
|
||||||
|
for i in qubes-rpc/*; do ln -s ../../usr/lib/qubes/$i $RPM_BUILD_ROOT/etc/qubes-rpc/$(basename $i); done
|
||||||
|
cp qubes-rpc-policy/* $RPM_BUILD_ROOT/etc/qubes-rpc/policy/
|
||||||
|
|
||||||
### pm-utils
|
### pm-utils
|
||||||
mkdir -p $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d
|
mkdir -p $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d
|
||||||
cp pm-utils/52qubes-pause-vms $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/
|
cp pm-utils/52qubes-pause-vms $RPM_BUILD_ROOT/usr/lib64/pm-utils/sleep.d/
|
||||||
@ -197,6 +203,12 @@ chmod -x /etc/grub.d/10_linux
|
|||||||
/etc/qubes-rpc/qubes.ReceiveUpdates
|
/etc/qubes-rpc/qubes.ReceiveUpdates
|
||||||
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.ReceiveUpdates
|
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.ReceiveUpdates
|
||||||
%attr(0770,root,qubes) %dir /var/lib/qubes/updates
|
%attr(0770,root,qubes) %dir /var/lib/qubes/updates
|
||||||
|
# Qrexec services
|
||||||
|
/etc/qubes-rpc/qubes.repos.*
|
||||||
|
/usr/lib/qubes/qubes-rpc/qubes.repos.*
|
||||||
|
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.repos.List
|
||||||
|
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.repos.Enable
|
||||||
|
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.repos.Disable
|
||||||
# Dracut module
|
# Dracut module
|
||||||
/etc/dracut.conf.d/*
|
/etc/dracut.conf.d/*
|
||||||
%dir %{_dracutmoddir}/90qubes-pciback
|
%dir %{_dracutmoddir}/90qubes-pciback
|
||||||
|
Loading…
Reference in New Issue
Block a user