From ecd43c43c4aae64fa14f6892102555acfce3ce70 Mon Sep 17 00:00:00 2001 From: Wojtek Porczyk Date: Tue, 28 Jul 2015 15:35:15 +0200 Subject: [PATCH 01/31] liveusb: new ks stolen from fedora spins --- conf/liveusb.ks | 309 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 309 insertions(+) create mode 100644 conf/liveusb.ks diff --git a/conf/liveusb.ks b/conf/liveusb.ks new file mode 100644 index 0000000..be6317b --- /dev/null +++ b/conf/liveusb.ks @@ -0,0 +1,309 @@ +# fedora-live-base.ks +# +# Defines the basics for all kickstarts in the fedora-live branch +# Does not include package selection (other then mandatory) +# Does not include localization packages or configuration +# +# Does includes "default" language configuration (kickstarts including +# this template can override these settings) + +lang en_US.UTF-8 +keyboard us +timezone US/Eastern +auth --useshadow --passalgo=sha512 +selinux --enforcing +firewall --enabled --service=mdns +xconfig --startxonboot +part / --size 16386 --fstype ext4 +services --enabled=NetworkManager --disabled=network,sshd + +%include qubes-kickstart.cfg + +%packages +# This was added a while ago, I think it falls into the category of +# "Diagnosis/recovery tool useful from a Live OS image". Leaving this untouched +# for now. +memtest86+ + +# The point of a live image is to install +anaconda + +# Without this, initramfs generation during live image creation fails: #1242586 +#dracut-live + +%end + +%post +# FIXME: it'd be better to get this installed from a package +cat > /etc/rc.d/init.d/livesys << EOF +#!/bin/bash +# +# live: Init script for live image +# +# chkconfig: 345 00 99 +# description: Init script for live image. +### BEGIN INIT INFO +# X-Start-Before: display-manager +### END INIT INFO + +. /etc/init.d/functions + +if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then + exit 0 +fi + +if [ -e /.liveimg-configured ] ; then + configdone=1 +fi + +exists() { + which \$1 >/dev/null 2>&1 || return + \$* +} + +livedir="LiveOS" +for arg in \`cat /proc/cmdline\` ; do + if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then + livedir=\${arg##rd.live.dir=} + return + fi + if [ "\${arg##live_dir=}" != "\${arg}" ]; then + livedir=\${arg##live_dir=} + return + fi +done + +# enable swaps unless requested otherwise +swaps=\`blkid -t TYPE=swap -o device\` +if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then + for s in \$swaps ; do + action "Enabling swap partition \$s" swapon \$s + done +fi +if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then + action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img +fi + +mountPersistentHome() { + # support label/uuid + if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then + homedev=\`/sbin/blkid -o device -t "\$homedev"\` + fi + + # if we're given a file rather than a blockdev, loopback it + if [ "\${homedev##mtd}" != "\${homedev}" ]; then + # mtd devs don't have a block device but get magic-mounted with -t jffs2 + mountopts="-t jffs2" + elif [ ! -b "\$homedev" ]; then + loopdev=\`losetup -f\` + if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then + action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live + fi + losetup \$loopdev \$homedev + homedev=\$loopdev + fi + + # if it's encrypted, we need to unlock it + if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then + echo + echo "Setting up encrypted /home device" + plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome" + homedev=/dev/mapper/EncHome + fi + + # and finally do the mount + mount \$mountopts \$homedev /home + # if we have /home under what's passed for persistent home, then + # we should make that the real /home. useful for mtd device on olpc + if [ -d /home/home ]; then mount --bind /home/home /home ; fi + [ -x /sbin/restorecon ] && /sbin/restorecon /home + if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi +} + +findPersistentHome() { + for arg in \`cat /proc/cmdline\` ; do + if [ "\${arg##persistenthome=}" != "\${arg}" ]; then + homedev=\${arg##persistenthome=} + return + fi + done +} + +if strstr "\`cat /proc/cmdline\`" persistenthome= ; then + findPersistentHome +elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then + homedev=/run/initramfs/live/\${livedir}/home.img +fi + +# if we have a persistent /home, then we want to go ahead and mount it +if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then + action "Mounting persistent /home" mountPersistentHome +fi + +if [ -n "\$configdone" ]; then + exit 0 +fi + +# add fedora user with no passwd +action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser +passwd -d liveuser > /dev/null +usermod -aG wheel liveuser > /dev/null +usermod -aG qubes liveuser > /dev/null + +# Remove root password lock +passwd -d root > /dev/null + +# turn off firstboot for livecd boots +systemctl --no-reload disable firstboot-text.service 2> /dev/null || : +systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || : +systemctl stop firstboot-text.service 2> /dev/null || : +systemctl stop firstboot-graphical.service 2> /dev/null || : + +# don't use prelink on a running live image +sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || : + +# turn off mdmonitor by default +systemctl --no-reload disable mdmonitor.service 2> /dev/null || : +systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || : +systemctl stop mdmonitor.service 2> /dev/null || : +systemctl stop mdmonitor-takeover.service 2> /dev/null || : + +# don't enable the gnome-settings-daemon packagekit plugin +gsettings set org.gnome.software download-updates 'false' || : + +# don't start cron/at as they tend to spawn things which are +# disk intensive that are painful on a live image +systemctl --no-reload disable crond.service 2> /dev/null || : +systemctl --no-reload disable atd.service 2> /dev/null || : +systemctl stop crond.service 2> /dev/null || : +systemctl stop atd.service 2> /dev/null || : + +# Don't sync the system clock when running live (RHBZ #1018162) +sed -i 's/rtcsync//' /etc/chrony.conf + +# Mark things as configured +touch /.liveimg-configured + +# add static hostname to work around xauth bug +# https://bugzilla.redhat.com/show_bug.cgi?id=679486 +echo "localhost" > /etc/hostname + +EOF + +# bah, hal starts way too late +cat > /etc/rc.d/init.d/livesys-late << EOF +#!/bin/bash +# +# live: Late init script for live image +# +# chkconfig: 345 99 01 +# description: Late init script for live image. + +. /etc/init.d/functions + +if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then + exit 0 +fi + +exists() { + which \$1 >/dev/null 2>&1 || return + \$* +} + +touch /.liveimg-late-configured + +# read some variables out of /proc/cmdline +for o in \`cat /proc/cmdline\` ; do + case \$o in + ks=*) + ks="--kickstart=\${o#ks=}" + ;; + xdriver=*) + xdriver="\${o#xdriver=}" + ;; + esac +done + +# if liveinst or textinst is given, start anaconda +if strstr "\`cat /proc/cmdline\`" liveinst ; then + plymouth --quit + /usr/sbin/liveinst \$ks +fi +if strstr "\`cat /proc/cmdline\`" textinst ; then + plymouth --quit + /usr/sbin/liveinst --text \$ks +fi + +# configure X, allowing user to override xdriver +if [ -n "\$xdriver" ]; then + cat > /etc/X11/xorg.conf.d/00-xdriver.conf <> /etc/fstab << EOF +vartmp /var/tmp tmpfs defaults 0 0 +varcacheyum /var/cache/yum tmpfs mode=0755,context=system_u:object_r:rpm_var_cache_t:s0 0 0 +EOF + +# work around for poor key import UI in PackageKit +rm -f /var/lib/rpm/__db* +releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release) +basearch=$(uname -i) +rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch +echo "Packages within this LiveCD" +rpm -qa +# Note that running rpm recreates the rpm db files which aren't needed or wanted +rm -f /var/lib/rpm/__db* + +# go ahead and pre-make the man -k cache (#455968) +/usr/bin/mandb + +# save a little bit of space at least... +rm -f /boot/initramfs* +# make sure there aren't core files lying around +rm -f /core* + +# convince readahead not to collect +# FIXME: for systemd + +# forcibly regenerate fontconfig cache (so long as this live image has +# fontconfig) - see #1169979 +if [ -x /usr/bin/fc-cache ] ; then + fc-cache -f +fi + +echo 'File created by kickstart. See systemd-update-done.service(8).' \ + | tee /etc/.updated >/var/.updated + +%end + + +%post --nochroot +cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/ + +# only works on x86, x86_64 +if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then + if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi + cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS +fi +%end From fa151f32611d256e035071ccfb085ff1c96d5416 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 30 Jul 2015 12:10:51 +0200 Subject: [PATCH 02/31] Preliminary qubes-live package --- Makefile.builder | 3 ++- conf/liveusb.ks | 2 ++ live/qubes-live.spec | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 live/qubes-live.spec diff --git a/Makefile.builder b/Makefile.builder index 3fb5df0..04e3363 100644 --- a/Makefile.builder +++ b/Makefile.builder @@ -6,5 +6,6 @@ RPM_SPEC_FILES := \ lorax-templates-qubes/lorax-templates-qubes.spec \ pungi/pungi.spec \ pykickstart/pykickstart.spec \ - qubes-release/qubes-dom0-dist-upgrade.spec + qubes-release/qubes-dom0-dist-upgrade.spec \ + live/qubes-live.spec endif diff --git a/conf/liveusb.ks b/conf/liveusb.ks index be6317b..d280e59 100644 --- a/conf/liveusb.ks +++ b/conf/liveusb.ks @@ -31,6 +31,8 @@ anaconda # Without this, initramfs generation during live image creation fails: #1242586 #dracut-live +qubes-live + %end %post diff --git a/live/qubes-live.spec b/live/qubes-live.spec new file mode 100644 index 0000000..81b2065 --- /dev/null +++ b/live/qubes-live.spec @@ -0,0 +1,36 @@ +Name: qubes-live +Version: 1.0 +Release: 1%{?dist} +Summary: Various fixes for Qubes Live edition + +Group: System +License: GPL +URL: https://qubes-os.org + +%description +Various fixes for Qubes Live edition + +%prep + +%build + +%install + +%post + +# livecd-tools expects strange xen.gz name +xen=$(ls -1 /boot/xen-*gz | tail -n 1) +for kernel in /boot/vmlinuz-*; do + # see __copy_kernel_and_initramfs function in imgcreate/live.py + version=$(echo ${kernel} | cut -f 2- -d -) + short_version=$(echo -n ${version} | head -c -3) + ln -s $(basename ${xen}) /boot/xen.gz-${short_version} +done + + +%files + + +%changelog + + From 65ca4d222cadfb4dc749796e3fa3c057814a7e8b Mon Sep 17 00:00:00 2001 From: Wojtek Porczyk Date: Thu, 30 Jul 2015 13:19:50 +0200 Subject: [PATCH 03/31] Move /etc/rc.d files from kickstart to package --- build-deps-iso.list | 1 + conf/liveusb.ks | 219 ------------------------------------------- live/livesys | 152 ++++++++++++++++++++++++++++++ live/livesys-late | 54 +++++++++++ live/qubes-live.spec | 12 +++ 5 files changed, 219 insertions(+), 219 deletions(-) create mode 100755 live/livesys create mode 100755 live/livesys-late diff --git a/build-deps-iso.list b/build-deps-iso.list index ec74d26..c420347 100644 --- a/build-deps-iso.list +++ b/build-deps-iso.list @@ -2,3 +2,4 @@ anaconda pungi pykickstart lorax-templates-qubes +livecd-creator diff --git a/conf/liveusb.ks b/conf/liveusb.ks index d280e59..cb1a954 100644 --- a/conf/liveusb.ks +++ b/conf/liveusb.ks @@ -36,225 +36,6 @@ qubes-live %end %post -# FIXME: it'd be better to get this installed from a package -cat > /etc/rc.d/init.d/livesys << EOF -#!/bin/bash -# -# live: Init script for live image -# -# chkconfig: 345 00 99 -# description: Init script for live image. -### BEGIN INIT INFO -# X-Start-Before: display-manager -### END INIT INFO - -. /etc/init.d/functions - -if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then - exit 0 -fi - -if [ -e /.liveimg-configured ] ; then - configdone=1 -fi - -exists() { - which \$1 >/dev/null 2>&1 || return - \$* -} - -livedir="LiveOS" -for arg in \`cat /proc/cmdline\` ; do - if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then - livedir=\${arg##rd.live.dir=} - return - fi - if [ "\${arg##live_dir=}" != "\${arg}" ]; then - livedir=\${arg##live_dir=} - return - fi -done - -# enable swaps unless requested otherwise -swaps=\`blkid -t TYPE=swap -o device\` -if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then - for s in \$swaps ; do - action "Enabling swap partition \$s" swapon \$s - done -fi -if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then - action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img -fi - -mountPersistentHome() { - # support label/uuid - if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then - homedev=\`/sbin/blkid -o device -t "\$homedev"\` - fi - - # if we're given a file rather than a blockdev, loopback it - if [ "\${homedev##mtd}" != "\${homedev}" ]; then - # mtd devs don't have a block device but get magic-mounted with -t jffs2 - mountopts="-t jffs2" - elif [ ! -b "\$homedev" ]; then - loopdev=\`losetup -f\` - if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then - action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live - fi - losetup \$loopdev \$homedev - homedev=\$loopdev - fi - - # if it's encrypted, we need to unlock it - if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then - echo - echo "Setting up encrypted /home device" - plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome" - homedev=/dev/mapper/EncHome - fi - - # and finally do the mount - mount \$mountopts \$homedev /home - # if we have /home under what's passed for persistent home, then - # we should make that the real /home. useful for mtd device on olpc - if [ -d /home/home ]; then mount --bind /home/home /home ; fi - [ -x /sbin/restorecon ] && /sbin/restorecon /home - if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi -} - -findPersistentHome() { - for arg in \`cat /proc/cmdline\` ; do - if [ "\${arg##persistenthome=}" != "\${arg}" ]; then - homedev=\${arg##persistenthome=} - return - fi - done -} - -if strstr "\`cat /proc/cmdline\`" persistenthome= ; then - findPersistentHome -elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then - homedev=/run/initramfs/live/\${livedir}/home.img -fi - -# if we have a persistent /home, then we want to go ahead and mount it -if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then - action "Mounting persistent /home" mountPersistentHome -fi - -if [ -n "\$configdone" ]; then - exit 0 -fi - -# add fedora user with no passwd -action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser -passwd -d liveuser > /dev/null -usermod -aG wheel liveuser > /dev/null -usermod -aG qubes liveuser > /dev/null - -# Remove root password lock -passwd -d root > /dev/null - -# turn off firstboot for livecd boots -systemctl --no-reload disable firstboot-text.service 2> /dev/null || : -systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || : -systemctl stop firstboot-text.service 2> /dev/null || : -systemctl stop firstboot-graphical.service 2> /dev/null || : - -# don't use prelink on a running live image -sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || : - -# turn off mdmonitor by default -systemctl --no-reload disable mdmonitor.service 2> /dev/null || : -systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || : -systemctl stop mdmonitor.service 2> /dev/null || : -systemctl stop mdmonitor-takeover.service 2> /dev/null || : - -# don't enable the gnome-settings-daemon packagekit plugin -gsettings set org.gnome.software download-updates 'false' || : - -# don't start cron/at as they tend to spawn things which are -# disk intensive that are painful on a live image -systemctl --no-reload disable crond.service 2> /dev/null || : -systemctl --no-reload disable atd.service 2> /dev/null || : -systemctl stop crond.service 2> /dev/null || : -systemctl stop atd.service 2> /dev/null || : - -# Don't sync the system clock when running live (RHBZ #1018162) -sed -i 's/rtcsync//' /etc/chrony.conf - -# Mark things as configured -touch /.liveimg-configured - -# add static hostname to work around xauth bug -# https://bugzilla.redhat.com/show_bug.cgi?id=679486 -echo "localhost" > /etc/hostname - -EOF - -# bah, hal starts way too late -cat > /etc/rc.d/init.d/livesys-late << EOF -#!/bin/bash -# -# live: Late init script for live image -# -# chkconfig: 345 99 01 -# description: Late init script for live image. - -. /etc/init.d/functions - -if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then - exit 0 -fi - -exists() { - which \$1 >/dev/null 2>&1 || return - \$* -} - -touch /.liveimg-late-configured - -# read some variables out of /proc/cmdline -for o in \`cat /proc/cmdline\` ; do - case \$o in - ks=*) - ks="--kickstart=\${o#ks=}" - ;; - xdriver=*) - xdriver="\${o#xdriver=}" - ;; - esac -done - -# if liveinst or textinst is given, start anaconda -if strstr "\`cat /proc/cmdline\`" liveinst ; then - plymouth --quit - /usr/sbin/liveinst \$ks -fi -if strstr "\`cat /proc/cmdline\`" textinst ; then - plymouth --quit - /usr/sbin/liveinst --text \$ks -fi - -# configure X, allowing user to override xdriver -if [ -n "\$xdriver" ]; then - cat > /etc/X11/xorg.conf.d/00-xdriver.conf </dev/null 2>&1 || return + $* +} + +livedir="LiveOS" +for arg in `cat /proc/cmdline` ; do + if [ "${arg##rd.live.dir=}" != "${arg}" ]; then + livedir=${arg##rd.live.dir=} + return + fi + if [ "${arg##live_dir=}" != "${arg}" ]; then + livedir=${arg##live_dir=} + return + fi +done + +# enable swaps unless requested otherwise +swaps=`blkid -t TYPE=swap -o device` +if ! strstr "`cat /proc/cmdline`" noswap && [ -n "$swaps" ] ; then + for s in $swaps ; do + action "Enabling swap partition $s" swapon $s + done +fi +if ! strstr "`cat /proc/cmdline`" noswap && [ -f /run/initramfs/live/${livedir}/swap.img ] ; then + action "Enabling swap file" swapon /run/initramfs/live/${livedir}/swap.img +fi + +mountPersistentHome() { + # support label/uuid + if [ "${homedev##LABEL=}" != "${homedev}" -o "${homedev##UUID=}" != "${homedev}" ]; then + homedev=`/sbin/blkid -o device -t "$homedev"` + fi + + # if we're given a file rather than a blockdev, loopback it + if [ "${homedev##mtd}" != "${homedev}" ]; then + # mtd devs don't have a block device but get magic-mounted with -t jffs2 + mountopts="-t jffs2" + elif [ ! -b "$homedev" ]; then + loopdev=`losetup -f` + if [ "${homedev##/run/initramfs/live}" != "${homedev}" ]; then + action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live + fi + losetup $loopdev $homedev + homedev=$loopdev + fi + + # if it's encrypted, we need to unlock it + if [ "$(/sbin/blkid -s TYPE -o value $homedev 2>/dev/null)" = "crypto_LUKS" ]; then + echo + echo "Setting up encrypted /home device" + plymouth ask-for-password --command="cryptsetup luksOpen $homedev EncHome" + homedev=/dev/mapper/EncHome + fi + + # and finally do the mount + mount $mountopts $homedev /home + # if we have /home under what's passed for persistent home, then + # we should make that the real /home. useful for mtd device on olpc + if [ -d /home/home ]; then mount --bind /home/home /home ; fi + [ -x /sbin/restorecon ] && /sbin/restorecon /home + if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi +} + +findPersistentHome() { + for arg in `cat /proc/cmdline` ; do + if [ "${arg##persistenthome=}" != "${arg}" ]; then + homedev=${arg##persistenthome=} + return + fi + done +} + +if strstr "`cat /proc/cmdline`" persistenthome= ; then + findPersistentHome +elif [ -e /run/initramfs/live/${livedir}/home.img ]; then + homedev=/run/initramfs/live/${livedir}/home.img +fi + +# if we have a persistent /home, then we want to go ahead and mount it +if ! strstr "`cat /proc/cmdline`" nopersistenthome && [ -n "$homedev" ] ; then + action "Mounting persistent /home" mountPersistentHome +fi + +if [ -n "$configdone" ]; then + exit 0 +fi + +# add fedora user with no passwd +action "Adding live user" useradd $USERADDARGS -c "Live System User" liveuser +passwd -d liveuser > /dev/null +usermod -aG wheel liveuser > /dev/null +usermod -aG qubes liveuser > /dev/null + +# Remove root password lock +passwd -d root > /dev/null + +# turn off firstboot for livecd boots +systemctl --no-reload disable firstboot-text.service 2> /dev/null || : +systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || : +systemctl stop firstboot-text.service 2> /dev/null || : +systemctl stop firstboot-graphical.service 2> /dev/null || : + +# don't use prelink on a running live image +sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || : + +# turn off mdmonitor by default +systemctl --no-reload disable mdmonitor.service 2> /dev/null || : +systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || : +systemctl stop mdmonitor.service 2> /dev/null || : +systemctl stop mdmonitor-takeover.service 2> /dev/null || : + +# don't enable the gnome-settings-daemon packagekit plugin +gsettings set org.gnome.software download-updates 'false' || : + +# don't start cron/at as they tend to spawn things which are +# disk intensive that are painful on a live image +systemctl --no-reload disable crond.service 2> /dev/null || : +systemctl --no-reload disable atd.service 2> /dev/null || : +systemctl stop crond.service 2> /dev/null || : +systemctl stop atd.service 2> /dev/null || : + +# Don't sync the system clock when running live (RHBZ #1018162) +sed -i 's/rtcsync//' /etc/chrony.conf + +# Mark things as configured +touch /.liveimg-configured + +# add static hostname to work around xauth bug +# https://bugzilla.redhat.com/show_bug.cgi?id=679486 +echo "localhost" > /etc/hostname + diff --git a/live/livesys-late b/live/livesys-late new file mode 100755 index 0000000..f0785eb --- /dev/null +++ b/live/livesys-late @@ -0,0 +1,54 @@ +#!/bin/bash +# +# live: Late init script for live image +# +# chkconfig: 345 99 01 +# description: Late init script for live image. + +# bah, hal starts way too late + +. /etc/init.d/functions + +if ! strstr "`cat /proc/cmdline`" rd.live.image || [ "$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then + exit 0 +fi + +exists() { + which $1 >/dev/null 2>&1 || return + $* +} + +touch /.liveimg-late-configured + +# read some variables out of /proc/cmdline +for o in `cat /proc/cmdline` ; do + case $o in + ks=*) + ks="--kickstart=${o#ks=}" + ;; + xdriver=*) + xdriver="${o#xdriver=}" + ;; + esac +done + +# if liveinst or textinst is given, start anaconda +if strstr "`cat /proc/cmdline`" liveinst ; then + plymouth --quit + /usr/sbin/liveinst $ks +fi +if strstr "`cat /proc/cmdline`" textinst ; then + plymouth --quit + /usr/sbin/liveinst --text $ks +fi + +# configure X, allowing user to override xdriver +if [ -n "$xdriver" ]; then + cat > /etc/X11/xorg.conf.d/00-xdriver.conf < Date: Thu, 30 Jul 2015 13:27:29 +0200 Subject: [PATCH 04/31] livecd-creator imported from rhinstaller/livecd-tools --- livecd-creator-qubes | 228 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 228 insertions(+) create mode 100755 livecd-creator-qubes diff --git a/livecd-creator-qubes b/livecd-creator-qubes new file mode 100755 index 0000000..34533c1 --- /dev/null +++ b/livecd-creator-qubes @@ -0,0 +1,228 @@ +#!/usr/bin/python -tt +# +# livecd-creator : Creates Live CD based for Fedora. +# +# Copyright 2007, Red Hat Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Library General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +import os +import os.path +import sys +import time +import optparse +import logging + +import imgcreate + +class Usage(Exception): + def __init__(self, msg = None, no_error = False): + Exception.__init__(self, msg, no_error) + +def parse_options(args): + parser = optparse.OptionParser() + + imgopt = optparse.OptionGroup(parser, "Image options", + "These options define the created image.") + imgopt.add_option("-c", "--config", type="string", dest="kscfg", + help="Path or url to kickstart config file") + imgopt.add_option("-b", "--base-on", type="string", dest="base_on", + help="Add packages to an existing live CD iso9660 image.") + imgopt.add_option("-f", "--fslabel", type="string", dest="fslabel", + help="File system label (default based on config name)") + imgopt.add_option("", "--title", type="string", dest="title", + help="Title used by syslinux.cfg file"), + imgopt.add_option("", "--product", type="string", dest="product", + help="Product name used in syslinux.cfg boot stanzas and countdown"), + # Provided for img-create compatibility + imgopt.add_option("-n", "--name", type="string", dest="fslabel", + help=optparse.SUPPRESS_HELP) + imgopt.add_option("-p", "--plugins", action="store_true", dest="plugins", + help="Use yum plugins during image creation", + default=False) + imgopt.add_option("", "--image-type", type="string", dest="image_type", + help=optparse.SUPPRESS_HELP) + imgopt.add_option("", "--compression-type", type="string", dest="compress_type", + help="Compression type recognized by mksquashfs " + "(default xz needs a 2.6.38+ kernel, gzip works " + "with all kernels, lzo needs a 2.6.36+ kernel, lzma " + "needs custom kernel.) Set to 'None' to force read " + "from base_on.", + default="xz") + imgopt.add_option("", "--releasever", type="string", dest="releasever", + default=None, + help="Value to substitute for $releasever in kickstart repo urls") + parser.add_option_group(imgopt) + + # options related to the config of your system + sysopt = optparse.OptionGroup(parser, "System directory options", + "These options define directories used on your system for creating the live image") + sysopt.add_option("-t", "--tmpdir", type="string", + dest="tmpdir", default="/var/tmp", + help="Temporary directory to use (default: /var/tmp)") + sysopt.add_option("", "--cache", type="string", + dest="cachedir", default=None, + help="Cache directory to use (default: private cache") + sysopt.add_option("", "--cacheonly", action="store_true", + dest="cacheonly", default=False, + help="Work offline from cache, use together with --cache (default: False)") + sysopt.add_option("", "--nocleanup", action="store_true", + dest="nocleanup", default=False, + help="Skip cleanup of temporary files") + + parser.add_option_group(sysopt) + + imgcreate.setup_logging(parser) + + # debug options not recommended for "production" images + # Start a shell in the chroot for post-configuration. + parser.add_option("-l", "--shell", action="store_true", dest="give_shell", + help=optparse.SUPPRESS_HELP) + # Don't compress the image. + parser.add_option("-s", "--skip-compression", action="store_true", dest="skip_compression", + help=optparse.SUPPRESS_HELP) + parser.add_option("", "--skip-minimize", action="store_true", dest="skip_minimize", + help=optparse.SUPPRESS_HELP) + + (options, args) = parser.parse_args() + + # Pretend to be a image-creator if called with that name + if not options.image_type: + if sys.argv[0].endswith('image-creator'): + options.image_type = 'image' + else: + options.image_type = 'livecd' + if options.image_type not in ('livecd', 'image'): + raise Usage("'%s' is not a recognized image type" % options.image_type) + + # image-create compatibility: Last argument is kickstart file + if len(args) == 1: + options.kscfg = args.pop() + if len(args): + raise Usage("Extra arguments given") + + if not options.kscfg or not os.path.exists(options.kscfg): + raise Usage("Kickstart file must be provided") + if options.base_on and not os.path.isfile(options.base_on): + raise Usage("Image file '%s' does not exist" %(options.base_on,)) + if options.image_type == 'livecd': + if options.fslabel and len(options.fslabel) > imgcreate.FSLABEL_MAXLEN: + raise Usage("CD labels are limited to 32 characters") + if options.fslabel and options.fslabel.find(" ") != -1: + raise Usage("CD labels cannot contain spaces.") + + return options + +def main(): + try: + options = parse_options(sys.argv[1:]) + except Usage, (msg, no_error): + if no_error: + out = sys.stdout + ret = 0 + else: + out = sys.stderr + ret = 2 + if msg: + print >> out, msg + return ret + + if os.geteuid () != 0: + print >> sys.stderr, "You must run %s as root" % sys.argv[0] + return 1 + + if options.fslabel: + fslabel = options.fslabel + name = fslabel + else: + name = imgcreate.build_name(options.kscfg, options.image_type + "-") + + fslabel = imgcreate.build_name(options.kscfg, + options.image_type + "-", + maxlen = imgcreate.FSLABEL_MAXLEN, + suffix = "%s-%s" %(os.uname()[4], time.strftime("%Y%m%d%H%M"))) + + logging.info("Using label '%s' and name '%s'" % (fslabel, name)) + + if options.title: + title = options.title + else: + try: + title = " ".join(name.split("-")[:2]) + title = title.title() + except: + title = "Linux" + if options.product: + product = options.product + else: + try: + product = " ".join(name.split("-")[:2]) + product = product.title() + except: + product = "Linux" + logging.info("Using title '%s' and product '%s'" % (title, product)) + + ks = imgcreate.read_kickstart(options.kscfg) + if not ks.handler.repo.seen: + print >> sys.stderr, "Kickstart (%s) must have at least one repository." % (options.kscfg) + return 1 + + try: + if options.image_type == 'livecd': + creator = imgcreate.LiveImageCreator(ks, name, + fslabel=fslabel, + releasever=options.releasever, + tmpdir=os.path.abspath(options.tmpdir), + useplugins=options.plugins, + title=title, product=product, + cacheonly=options.cacheonly, + docleanup=not options.nocleanup) + elif options.image_type == 'image': + creator = imgcreate.LoopImageCreator(ks, name, + fslabel=fslabel, + releasever=options.releasever, + useplugins=options.plugins, + tmpdir=os.path.abspath(options.tmpdir), + cacheonly=options.cacheonly, + docleanup=not options.nocleanup) + except imgcreate.CreatorError as e: + logging.error(u"%s creation failed: %s", options.image_type, e) + return 1 + + creator.compress_type = options.compress_type + creator.skip_compression = options.skip_compression + creator.skip_minimize = options.skip_minimize + if options.cachedir: + options.cachedir = os.path.abspath(options.cachedir) + + try: + creator.mount(options.base_on, options.cachedir) + creator.install() + creator.configure() + if options.give_shell: + print "Launching shell. Exit to continue." + print "----------------------------------" + creator.launch_shell() + creator.unmount() + creator.package() + except imgcreate.CreatorError, e: + logging.error(u"Error creating Live CD : %s" % e) + return 1 + finally: + creator.cleanup() + + return 0 + +if __name__ == "__main__": + sys.exit(main()) From ac5128e9b3717987fa93e5392b4ba5ab1377dbc1 Mon Sep 17 00:00:00 2001 From: Wojtek Porczyk Date: Thu, 30 Jul 2015 13:43:11 +0200 Subject: [PATCH 05/31] livecd-creator: fix /dev in chroot --- live/qubes-live.spec | 8 +++++++- livecd-creator-qubes | 9 +++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/live/qubes-live.spec b/live/qubes-live.spec index e26a4f1..caaac89 100644 --- a/live/qubes-live.spec +++ b/live/qubes-live.spec @@ -1,3 +1,7 @@ +%if 0%{?qubes_builder} +%define _builddir %(pwd)/live +%endif + Name: qubes-live Version: 1.0 Release: 1%{?dist} @@ -16,7 +20,9 @@ Various fixes for Qubes Live edition %install -install -D -m 0755 -t /etc/rc.d/init.d/ \ + +install -d -m 0755 $RPM_BUILD_ROOT/etc/rc.d/init.d/ +install -m 0755 -t $RPM_BUILD_ROOT/etc/rc.d/init.d/ \ livesys \ livesys-late diff --git a/livecd-creator-qubes b/livecd-creator-qubes index 34533c1..ee858ef 100755 --- a/livecd-creator-qubes +++ b/livecd-creator-qubes @@ -19,6 +19,7 @@ import os import os.path +import stat import sys import time import optparse @@ -208,6 +209,14 @@ def main(): try: creator.mount(options.base_on, options.cachedir) + + # fix /dev + os.mknod(os.path.join( + creator._instroot, 'dev/loop-control'), 0666 | stat.S_IFBLK, os.makedev(10, 237)) + for i in range(8): + os.mknod(os.path.join(creator._instroot, 'dev/loop{}'.format(i)), + 0666 | stat.S_IFBLK, os.makedev(7, i)) + creator.install() creator.configure() if options.give_shell: From 68a8e1777c12c32439e58b5b4eb7da01382fa3c6 Mon Sep 17 00:00:00 2001 From: Wojtek Porczyk Date: Thu, 30 Jul 2015 14:19:21 +0200 Subject: [PATCH 06/31] liveusb: add qubes-specific configuration --- conf/liveusb.ks | 24 ++++++++++++++++++++++++ live/livesys | 4 ++++ 2 files changed, 28 insertions(+) diff --git a/conf/liveusb.ks b/conf/liveusb.ks index cb1a954..9f7843c 100644 --- a/conf/liveusb.ks +++ b/conf/liveusb.ks @@ -78,6 +78,30 @@ fi echo 'File created by kickstart. See systemd-update-done.service(8).' \ | tee /etc/.updated >/var/.updated + +# +# setup Qubes +# + +# TODO: appmenus + +# we won't do `useradd qubes`, since his creation depends of persistent home +# feature; see /etc/rc.d/init.d/livesys + +qvm-create --offline-mode --force-root --net --label red sys-net +qvm-create --offline-mode --force-root --proxy --label green sys-firewall + +qvm-prefs --offline-mode --force-root --set sys-firewall netvm sys-net +qubes-prefs --set default-netvm sys-firewall + +qvm-create --offline-mode --force-root work --label green +qvm-create --offline-mode --force-root banking --label green +qvm-create --offline-mode --force-root personal --label yellow +qvm-create --offline-mode --force-root untrusted --label red + +chgrp -R qubes /var/lib/qubes +chmod -R g+w /var/lib/qubes + %end diff --git a/live/livesys b/live/livesys index dc8da08..0ffd5d8 100755 --- a/live/livesys +++ b/live/livesys @@ -102,6 +102,10 @@ if ! strstr "`cat /proc/cmdline`" nopersistenthome && [ -n "$homedev" ] ; then action "Mounting persistent /home" mountPersistentHome fi +for dev in $(/sbin/lspci -mm -n | sed -ne 's/^\([0-9][0-9]:[0-9][0-9].[0-9]\) "02.*/\1/p'); do + /usr/bin/qvm-pci -a sys-net $dev +done + if [ -n "$configdone" ]; then exit 0 fi From 8eb5dba9bcb68ab7002915500f739c480709c0c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 31 Jul 2015 02:15:10 +0200 Subject: [PATCH 07/31] liveusb: fix rpm key import; tmp.mount is already enabled --- conf/liveusb.ks | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/conf/liveusb.ks b/conf/liveusb.ks index 9f7843c..5b43ac0 100644 --- a/conf/liveusb.ks +++ b/conf/liveusb.ks @@ -37,9 +37,6 @@ qubes-live %post -# enable tmpfs for /tmp -systemctl enable tmp.mount - # make it so that we don't do writing to the overlay for things which # are just tmpdirs/caches # note https://bugzilla.redhat.com/show_bug.cgi?id=1135475 @@ -51,8 +48,8 @@ EOF # work around for poor key import UI in PackageKit rm -f /var/lib/rpm/__db* releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release) -basearch=$(uname -i) -rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch +rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary +rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-20-primary echo "Packages within this LiveCD" rpm -qa # Note that running rpm recreates the rpm db files which aren't needed or wanted From 9db56031f5c326878b1faad0d071a519367a0445 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 31 Jul 2015 02:17:09 +0200 Subject: [PATCH 08/31] qubes-release: include R3.0 rpm keys symlinks $releasever used in yum configuration points at "3.0", so make such keys available. --- qubes-release/RPM-GPG-KEY-qubes-3.0-primary | 1 + qubes-release/RPM-GPG-KEY-qubes-3.0-templates-community | 1 + qubes-release/RPM-GPG-KEY-qubes-3.0-unstable | 1 + 3 files changed, 3 insertions(+) create mode 120000 qubes-release/RPM-GPG-KEY-qubes-3.0-primary create mode 120000 qubes-release/RPM-GPG-KEY-qubes-3.0-templates-community create mode 120000 qubes-release/RPM-GPG-KEY-qubes-3.0-unstable diff --git a/qubes-release/RPM-GPG-KEY-qubes-3.0-primary b/qubes-release/RPM-GPG-KEY-qubes-3.0-primary new file mode 120000 index 0000000..4569d09 --- /dev/null +++ b/qubes-release/RPM-GPG-KEY-qubes-3.0-primary @@ -0,0 +1 @@ +RPM-GPG-KEY-qubes-3-primary \ No newline at end of file diff --git a/qubes-release/RPM-GPG-KEY-qubes-3.0-templates-community b/qubes-release/RPM-GPG-KEY-qubes-3.0-templates-community new file mode 120000 index 0000000..30517a7 --- /dev/null +++ b/qubes-release/RPM-GPG-KEY-qubes-3.0-templates-community @@ -0,0 +1 @@ +RPM-GPG-KEY-qubes-3-templates-community \ No newline at end of file diff --git a/qubes-release/RPM-GPG-KEY-qubes-3.0-unstable b/qubes-release/RPM-GPG-KEY-qubes-3.0-unstable new file mode 120000 index 0000000..ae353e9 --- /dev/null +++ b/qubes-release/RPM-GPG-KEY-qubes-3.0-unstable @@ -0,0 +1 @@ +RPM-GPG-KEY-qubes-3-unstable \ No newline at end of file From d57620c96d50c71f0ce536ec06fb4daea3df155c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 1 Aug 2015 23:18:48 +0200 Subject: [PATCH 09/31] Add 'liveusb' make target --- Makefile | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Makefile b/Makefile index 514a7b0..bde4103 100644 --- a/Makefile +++ b/Makefile @@ -139,6 +139,17 @@ iso: chown --reference=Makefile -R build yum rm -rf work +liveusb: conf/liveusb.ks + ln -sf `pwd` /tmp/qubes-installer + createrepo -q -g ../../conf/comps-qubes.xml --update yum/qubes-dom0 + mkdir -p work + pushd work && ../livecd-creator-qubes --verbose --debug --product='Qubes OS' --title="Qubes OS $(ISO_VERSION)" --config ../$< && popd + # Move result files to known-named directories + mkdir -p build/ISO/qubes-x86_64/iso build/work + mv work/*.iso build/ISO/qubes-x86_64/iso/ + chown --reference=Makefile -R build yum + rm -rf work + clean-repos: @echo "--> Removing old rpms from the installer repos..." @(cd yum && ./clean_repos.sh) From 6783a317c7da9513736fd1d31c25dc01c64c1f4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 1 Aug 2015 23:32:25 +0200 Subject: [PATCH 10/31] liveusb: add lightdm autologin --- live/lightdm-qubes-live.conf | 4 ++++ live/qubes-live.spec | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 live/lightdm-qubes-live.conf diff --git a/live/lightdm-qubes-live.conf b/live/lightdm-qubes-live.conf new file mode 100644 index 0000000..ed681f7 --- /dev/null +++ b/live/lightdm-qubes-live.conf @@ -0,0 +1,4 @@ +[SeatDefaults] +autologin-user=liveuser +autologin-user-timeout=0 +user-session=kde-plasma diff --git a/live/qubes-live.spec b/live/qubes-live.spec index caaac89..e1577ae 100644 --- a/live/qubes-live.spec +++ b/live/qubes-live.spec @@ -26,6 +26,9 @@ install -m 0755 -t $RPM_BUILD_ROOT/etc/rc.d/init.d/ \ livesys \ livesys-late +install -D -m 0644 lightdm-qubes-live.conf \ + $RPM_BUILD_ROOT/etc/lightdm/lightdm.conf.d/50-qubes-live.conf + %post /sbin/restorecon /etc/rc.d/init.d/livesys @@ -47,7 +50,7 @@ done %files /etc/rc.d/init.d/livesys /etc/rc.d/init.d/livesys-late - +/etc/lightdm/lightdm.conf.d/50-qubes-live.conf %changelog From 4bf5169ad9a902f6974e64af37b73df25ed8cfc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sun, 2 Aug 2015 12:44:51 +0200 Subject: [PATCH 11/31] Make liveusb build compatible with qubes-builder - use 'iso' target This commit introduces two new settings (for builder.conf): ISO_INSTALLER - build installer ISO; enabled by default ISO_LIVEUSB - build Live ISO; disabled by default --- Makefile | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index bde4103..947c7e9 100644 --- a/Makefile +++ b/Makefile @@ -38,6 +38,9 @@ LORAXQBS_VERSION := $(call spec_version,lorax-templates-qubes/lorax-templates-qu PUNGI_VERSION := $(call spec_version,pungi/pungi.spec) PYKICKSTART_VERSION := $(call spec_version,pykickstart/pykickstart.spec) +ISO_INSTALLER ?= 1 +ISO_LIVEUSB ?= 0 + PUNGI_OPTS := --nosource --nodebuginfo --nogreedy --all-stages ifdef QUBES_RELEASE ISO_VERSION := $(QUBES_RELEASE) @@ -125,9 +128,18 @@ update-repo-current-testing: update-repo-unstable: ln -f $(RPMS) ../yum/current-release/unstable/dom0/rpm/ -iso: - ln -sf `pwd` /tmp/qubes-installer +ifeq ($(ISO_INSTALLER),1) +iso: iso-installer +endif +ifeq ($(ISO_LIVEUSB),1) +iso: iso-liveusb +endif + +iso-prepare: + ln -nsf `pwd` /tmp/qubes-installer createrepo -q -g ../../conf/comps-qubes.xml --update yum/qubes-dom0 + +iso-installer: iso-prepare mkdir -p work pushd work && pungi --name=Qubes $(PUNGI_OPTS) -c $(PWD)/conf/qubes-kickstart.cfg && popd ./rpm_verify work/$(ISO_VERSION)/x86_64/os/Packages/*/*.rpm @@ -139,9 +151,7 @@ iso: chown --reference=Makefile -R build yum rm -rf work -liveusb: conf/liveusb.ks - ln -sf `pwd` /tmp/qubes-installer - createrepo -q -g ../../conf/comps-qubes.xml --update yum/qubes-dom0 +iso-liveusb: conf/liveusb.ks iso-prepare mkdir -p work pushd work && ../livecd-creator-qubes --verbose --debug --product='Qubes OS' --title="Qubes OS $(ISO_VERSION)" --config ../$< && popd # Move result files to known-named directories From 1c1d8ba478369842974ab6890cde0872836e6ab0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 3 Aug 2015 00:26:19 +0200 Subject: [PATCH 12/31] conf/liveusb: create default dispvm template --- conf/liveusb.ks | 3 +++ 1 file changed, 3 insertions(+) diff --git a/conf/liveusb.ks b/conf/liveusb.ks index 5b43ac0..9daa740 100644 --- a/conf/liveusb.ks +++ b/conf/liveusb.ks @@ -96,6 +96,9 @@ qvm-create --offline-mode --force-root banking --label green qvm-create --offline-mode --force-root personal --label yellow qvm-create --offline-mode --force-root untrusted --label red +qvm-create --offline-mode --force-root `qubes-prefs default-template`-dvm \ + --label gray --internal + chgrp -R qubes /var/lib/qubes chmod -R g+w /var/lib/qubes From 0b3058b1b793bc94867c9ec7563d5e9cb2d4fdf0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 3 Aug 2015 04:49:47 +0200 Subject: [PATCH 13/31] liveusb: use qvm-pci --offline-mode It is called before libvirtd start. --- live/livesys | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/live/livesys b/live/livesys index 0ffd5d8..cbae18f 100755 --- a/live/livesys +++ b/live/livesys @@ -103,7 +103,7 @@ if ! strstr "`cat /proc/cmdline`" nopersistenthome && [ -n "$homedev" ] ; then fi for dev in $(/sbin/lspci -mm -n | sed -ne 's/^\([0-9][0-9]:[0-9][0-9].[0-9]\) "02.*/\1/p'); do - /usr/bin/qvm-pci -a sys-net $dev + /usr/bin/qvm-pci --offline-mode -a sys-net $dev done if [ -n "$configdone" ]; then From f69016ec5ca492264dc6b71b3cee6e39fb577f71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 3 Aug 2015 12:54:20 +0200 Subject: [PATCH 14/31] conf/liveusb: disable updates check - senseless on non-persistent system --- conf/liveusb.ks | 2 ++ 1 file changed, 2 insertions(+) diff --git a/conf/liveusb.ks b/conf/liveusb.ks index 9daa740..e84166e 100644 --- a/conf/liveusb.ks +++ b/conf/liveusb.ks @@ -99,6 +99,8 @@ qvm-create --offline-mode --force-root untrusted --label red qvm-create --offline-mode --force-root `qubes-prefs default-template`-dvm \ --label gray --internal +qubes-set-updates disable + chgrp -R qubes /var/lib/qubes chmod -R g+w /var/lib/qubes From d8e4080015b921b5e1096556226eea72ded332c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 3 Aug 2015 17:48:58 +0200 Subject: [PATCH 15/31] liveusb: reset list of PCI devices assigned to sys-net before assigning new ones Just in case of installation with persistent configuration. --- live/livesys | 1 + 1 file changed, 1 insertion(+) diff --git a/live/livesys b/live/livesys index cbae18f..9f00b41 100755 --- a/live/livesys +++ b/live/livesys @@ -102,6 +102,7 @@ if ! strstr "`cat /proc/cmdline`" nopersistenthome && [ -n "$homedev" ] ; then action "Mounting persistent /home" mountPersistentHome fi +/usr/bin/qvm-prefs --offline-mode -s sys-net pcidevs '[]' for dev in $(/sbin/lspci -mm -n | sed -ne 's/^\([0-9][0-9]:[0-9][0-9].[0-9]\) "02.*/\1/p'); do /usr/bin/qvm-pci --offline-mode -a sys-net $dev done From ae670d0290960e3d42ae49a5b601c80bafc15db1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 3 Aug 2015 17:49:53 +0200 Subject: [PATCH 16/31] liveusb: mount /var/lib/qubes using overlayfs on tmpfs, instead of dm-snapshot When dm-snapshot fills up, it is not recoverable situation. Also much less flexible (for example deleting files does not free the space). --- conf/liveusb.ks | 3 +++ live/livesys | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/conf/liveusb.ks b/conf/liveusb.ks index e84166e..35d6385 100644 --- a/conf/liveusb.ks +++ b/conf/liveusb.ks @@ -104,6 +104,9 @@ qubes-set-updates disable chgrp -R qubes /var/lib/qubes chmod -R g+w /var/lib/qubes +mv /var/lib/qubes /var/lib/qubes-base +mkdir -p /var/lib/qubes + %end diff --git a/live/livesys b/live/livesys index 9f00b41..3e69cdf 100755 --- a/live/livesys +++ b/live/livesys @@ -100,8 +100,21 @@ fi # if we have a persistent /home, then we want to go ahead and mount it if ! strstr "`cat /proc/cmdline`" nopersistenthome && [ -n "$homedev" ] ; then action "Mounting persistent /home" mountPersistentHome + mkdir -p /home/qubes +else + mkdir -p /home/qubes + mount -t tmpfs none /home/qubes fi +mkdir -p /home/qubes/qubes +mkdir -p /home/qubes/workdir +ln -nsf /var/lib/qubes-base/vm-templates /home/qubes/qubes/vm-templates +mount -t overlay overlay \ + -o lowerdir=/var/lib/qubes-base \ + -o upperdir=/home/qubes/qubes \ + -o workdir=/home/qubes/workdir \ + /var/lib/qubes + /usr/bin/qvm-prefs --offline-mode -s sys-net pcidevs '[]' for dev in $(/sbin/lspci -mm -n | sed -ne 's/^\([0-9][0-9]:[0-9][0-9].[0-9]\) "02.*/\1/p'); do /usr/bin/qvm-pci --offline-mode -a sys-net $dev From 823fecf98839ccfd04f85dc9b1b2ff592b2967be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 3 Aug 2015 23:39:45 +0200 Subject: [PATCH 17/31] liveusb: use offline-mode of qubes-set-updates --- conf/liveusb.ks | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/liveusb.ks b/conf/liveusb.ks index 35d6385..14354eb 100644 --- a/conf/liveusb.ks +++ b/conf/liveusb.ks @@ -99,7 +99,7 @@ qvm-create --offline-mode --force-root untrusted --label red qvm-create --offline-mode --force-root `qubes-prefs default-template`-dvm \ --label gray --internal -qubes-set-updates disable +qubes-set-updates --offline-mode disable chgrp -R qubes /var/lib/qubes chmod -R g+w /var/lib/qubes From 2718c73c31eb95cbd70aa2342b13e3d62967ac9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 4 Aug 2015 00:10:30 +0200 Subject: [PATCH 18/31] liveusb: include default appmenus based on default fedora-21 template --- conf/liveusb.ks | 4 +- live/default-appmenus | 483 ++++++++++++++++++++++++++++++++++++++++++ live/qubes-live.spec | 4 + 3 files changed, 490 insertions(+), 1 deletion(-) create mode 100644 live/default-appmenus diff --git a/conf/liveusb.ks b/conf/liveusb.ks index 14354eb..645d7ca 100644 --- a/conf/liveusb.ks +++ b/conf/liveusb.ks @@ -80,7 +80,9 @@ echo 'File created by kickstart. See systemd-update-done.service(8).' \ # setup Qubes # -# TODO: appmenus +# TODO: icons? +cat /usr/share/qubes/live-default-appmenus | /usr/bin/qvm-sync-appmenus \ + --force-root --offline-mode `qubes-prefs default-template` # we won't do `useradd qubes`, since his creation depends of persistent home # feature; see /etc/rc.d/init.d/livesys diff --git a/live/default-appmenus b/live/default-appmenus new file mode 100644 index 0000000..def9d4f --- /dev/null +++ b/live/default-appmenus @@ -0,0 +1,483 @@ +/usr/share/applications/abrt-applet.desktop:Comment=ABRT notification applet +/usr/share/applications/abrt-applet.desktop:Exec=qubes-desktop-run /usr/share/applications/abrt-applet.desktop +/usr/share/applications/abrt-applet.desktop:Name=Automatic Bug Reporting Tool +/usr/share/applications/bijiben.desktop:Categories=GNOME;GTK;Utility; +/usr/share/applications/bijiben.desktop:Comment=Post notes, tag files! +/usr/share/applications/bijiben.desktop:Exec=qubes-desktop-run /usr/share/applications/bijiben.desktop +/usr/share/applications/bijiben.desktop:GenericName=Note-taker +/usr/share/applications/bijiben.desktop:Name=Notes +/usr/share/applications/bluetooth-sendto.desktop:Categories=GTK;GNOME;Utility;FileTools; +/usr/share/applications/bluetooth-sendto.desktop:Comment=Send files via Bluetooth +/usr/share/applications/bluetooth-sendto.desktop:Exec=qubes-desktop-run /usr/share/applications/bluetooth-sendto.desktop +/usr/share/applications/bluetooth-sendto.desktop:Name=Bluetooth Transfer +/usr/share/applications/devassistant.desktop:Categories=Development; +/usr/share/applications/devassistant.desktop:Exec=qubes-desktop-run /usr/share/applications/devassistant.desktop +/usr/share/applications/devassistant.desktop:GenericName=DevAssistant - making life easier for developers +/usr/share/applications/devassistant.desktop:Name=DevAssistant +/usr/share/applications/emacs.desktop:Categories=Application;Utility;TextEditor;X-Red-Hat-Base; +/usr/share/applications/emacs.desktop:Comment=Edit text +/usr/share/applications/emacs.desktop:Exec=qubes-desktop-run /usr/share/applications/emacs.desktop +/usr/share/applications/emacs.desktop:GenericName=Text Editor +/usr/share/applications/emacs.desktop:Name=Emacs +/usr/share/applications/emacsclient.desktop:Categories=Application;Utility;TextEditor;X-Red-Hat-Base; +/usr/share/applications/emacsclient.desktop:Comment=Edit text +/usr/share/applications/emacsclient.desktop:Exec=qubes-desktop-run /usr/share/applications/emacsclient.desktop +/usr/share/applications/emacsclient.desktop:GenericName=Text Editor +/usr/share/applications/emacsclient.desktop:Name=Emacs Client +/usr/share/applications/empathy.desktop:Categories=GNOME;GTK;Network;InstantMessaging; +/usr/share/applications/empathy.desktop:Comment=Chat on Google Talk, Facebook, MSN and many other chat services +/usr/share/applications/empathy.desktop:Exec=qubes-desktop-run /usr/share/applications/empathy.desktop +/usr/share/applications/empathy.desktop:GenericName=IM Client +/usr/share/applications/empathy.desktop:Name=Empathy +/usr/share/applications/eog.desktop:Categories=GNOME;GTK;Graphics;2DGraphics;RasterGraphics;Viewer; +/usr/share/applications/eog.desktop:Comment=Browse and rotate images +/usr/share/applications/eog.desktop:Exec=qubes-desktop-run /usr/share/applications/eog.desktop +/usr/share/applications/eog.desktop:Name=Image Viewer +/usr/share/applications/evince-previewer.desktop:Categories=GNOME;GTK;Office;Viewer;Graphics;2DGraphics;VectorGraphics; +/usr/share/applications/evince-previewer.desktop:Comment=Preview before printing +/usr/share/applications/evince-previewer.desktop:Exec=qubes-desktop-run /usr/share/applications/evince-previewer.desktop +/usr/share/applications/evince-previewer.desktop:Name=Print Preview +/usr/share/applications/evince.desktop:Categories=GNOME;GTK;Office;Viewer;Graphics;2DGraphics;VectorGraphics; +/usr/share/applications/evince.desktop:Comment=View multi-page documents +/usr/share/applications/evince.desktop:Exec=qubes-desktop-run /usr/share/applications/evince.desktop +/usr/share/applications/evince.desktop:Name=Document Viewer +/usr/share/applications/evolution-calendar.desktop:Exec=qubes-desktop-run /usr/share/applications/evolution-calendar.desktop +/usr/share/applications/evolution-calendar.desktop:Name=Evolution Calendar +/usr/share/applications/evolution.desktop:Categories=GNOME;GTK;Office;Email;Calendar;ContactManagement;X-Red-Hat-Base; +/usr/share/applications/evolution.desktop:Comment=Manage your email, contacts and schedule +/usr/share/applications/evolution.desktop:Exec=qubes-desktop-run /usr/share/applications/evolution.desktop +/usr/share/applications/evolution.desktop:GenericName=Groupware Suite +/usr/share/applications/evolution.desktop:Name=Evolution +/usr/share/applications/exo-file-manager.desktop:Categories=Utility;X-XFCE;X-Xfce-Toplevel; +/usr/share/applications/exo-file-manager.desktop:Comment=Browse the file system +/usr/share/applications/exo-file-manager.desktop:Exec=qubes-desktop-run /usr/share/applications/exo-file-manager.desktop +/usr/share/applications/exo-file-manager.desktop:Name=File Manager +/usr/share/applications/exo-mail-reader.desktop:Categories=Network;X-XFCE;X-Xfce-Toplevel; +/usr/share/applications/exo-mail-reader.desktop:Comment=Read your email +/usr/share/applications/exo-mail-reader.desktop:Exec=qubes-desktop-run /usr/share/applications/exo-mail-reader.desktop +/usr/share/applications/exo-mail-reader.desktop:Name=Mail Reader +/usr/share/applications/exo-preferred-applications.desktop:Categories=X-XFCE;GTK;Settings;DesktopSettings;X-XFCE-SettingsDialog;X-XFCE-PersonalSettings; +/usr/share/applications/exo-preferred-applications.desktop:Comment=Preferred Applications (Web Browser, Mail Reader and Terminal Emulator) +/usr/share/applications/exo-preferred-applications.desktop:Exec=qubes-desktop-run /usr/share/applications/exo-preferred-applications.desktop +/usr/share/applications/exo-preferred-applications.desktop:Name=Preferred Applications +/usr/share/applications/exo-terminal-emulator.desktop:Categories=Utility;X-XFCE;X-Xfce-Toplevel; +/usr/share/applications/exo-terminal-emulator.desktop:Comment=Use the command line +/usr/share/applications/exo-terminal-emulator.desktop:Exec=qubes-desktop-run /usr/share/applications/exo-terminal-emulator.desktop +/usr/share/applications/exo-terminal-emulator.desktop:Name=Terminal Emulator +/usr/share/applications/exo-web-browser.desktop:Categories=Network;X-XFCE;X-Xfce-Toplevel; +/usr/share/applications/exo-web-browser.desktop:Comment=Browse the web +/usr/share/applications/exo-web-browser.desktop:Exec=qubes-desktop-run /usr/share/applications/exo-web-browser.desktop +/usr/share/applications/exo-web-browser.desktop:Name=Web Browser +/usr/share/applications/firefox.desktop:Categories=Network;WebBrowser; +/usr/share/applications/firefox.desktop:Comment=Browse the Web +/usr/share/applications/firefox.desktop:Exec=qubes-desktop-run /usr/share/applications/firefox.desktop +/usr/share/applications/firefox.desktop:GenericName=Web Browser +/usr/share/applications/firefox.desktop:Name=Firefox +/usr/share/applications/gcm-calibrate.desktop:Categories=Settings; +/usr/share/applications/gcm-calibrate.desktop:Comment=Color Calibration +/usr/share/applications/gcm-calibrate.desktop:Exec=qubes-desktop-run /usr/share/applications/gcm-calibrate.desktop +/usr/share/applications/gcm-calibrate.desktop:Name=Color +/usr/share/applications/gcm-import.desktop:Categories=System; +/usr/share/applications/gcm-import.desktop:Comment=Install ICC profiles +/usr/share/applications/gcm-import.desktop:Exec=qubes-desktop-run /usr/share/applications/gcm-import.desktop +/usr/share/applications/gcm-import.desktop:Name=ICC Profile Installer +/usr/share/applications/gcm-picker.desktop:Categories=GNOME;GTK;System; +/usr/share/applications/gcm-picker.desktop:Comment=Use the color sensor to sample spot colors +/usr/share/applications/gcm-picker.desktop:Exec=qubes-desktop-run /usr/share/applications/gcm-picker.desktop +/usr/share/applications/gcm-picker.desktop:Name=Color Picker +/usr/share/applications/gcm-viewer.desktop:Categories=GNOME;GTK;System; +/usr/share/applications/gcm-viewer.desktop:Comment=Inspect and compare installed color profiles +/usr/share/applications/gcm-viewer.desktop:Exec=qubes-desktop-run /usr/share/applications/gcm-viewer.desktop +/usr/share/applications/gcm-viewer.desktop:Name=Color Profile Viewer +/usr/share/applications/gcr-prompter.desktop:Comment=Unlock access to passwords and other secrets +/usr/share/applications/gcr-prompter.desktop:Exec=qubes-desktop-run /usr/share/applications/gcr-prompter.desktop +/usr/share/applications/gcr-prompter.desktop:Name=Access Prompt +/usr/share/applications/gcr-viewer.desktop:Exec=qubes-desktop-run /usr/share/applications/gcr-viewer.desktop +/usr/share/applications/gcr-viewer.desktop:Name=View file +/usr/share/applications/gkbd-keyboard-display.desktop:Categories=GNOME;GTK;Core;System; +/usr/share/applications/gkbd-keyboard-display.desktop:Comment=Preview keyboard layouts +/usr/share/applications/gkbd-keyboard-display.desktop:Exec=qubes-desktop-run /usr/share/applications/gkbd-keyboard-display.desktop +/usr/share/applications/gkbd-keyboard-display.desktop:Name=Keyboard Layout +/usr/share/applications/gnome-abrt.desktop:Categories=System; +/usr/share/applications/gnome-abrt.desktop:Comment=View and report application crashes +/usr/share/applications/gnome-abrt.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-abrt.desktop +/usr/share/applications/gnome-abrt.desktop:Name=Problem Reporting +/usr/share/applications/gnome-background-panel.desktop:Categories=GNOME;GTK;Settings;DesktopSettings;X-GNOME-Settings-Panel;X-GNOME-PersonalSettings; +/usr/share/applications/gnome-background-panel.desktop:Comment=Change your background image to a wallpaper or photo +/usr/share/applications/gnome-background-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-background-panel.desktop +/usr/share/applications/gnome-background-panel.desktop:Name=Background +/usr/share/applications/gnome-bluetooth-panel.desktop:Categories=GTK;GNOME;Settings;X-GNOME-NetworkSettings;HardwareSettings;X-GNOME-Settings-Panel; +/usr/share/applications/gnome-bluetooth-panel.desktop:Comment=Turn Bluetooth on and off and connect your devices +/usr/share/applications/gnome-bluetooth-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-bluetooth-panel.desktop +/usr/share/applications/gnome-bluetooth-panel.desktop:Name=Bluetooth +/usr/share/applications/gnome-calculator.desktop:Categories=GNOME;GTK;Utility;Calculator; +/usr/share/applications/gnome-calculator.desktop:Comment=Perform arithmetic, scientific or financial calculations +/usr/share/applications/gnome-calculator.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-calculator.desktop +/usr/share/applications/gnome-calculator.desktop:Name=Calculator +/usr/share/applications/gnome-color-panel.desktop:Categories=GNOME;GTK;Settings;X-GNOME-Settings-Panel;HardwareSettings; +/usr/share/applications/gnome-color-panel.desktop:Comment=Calibrate the color of your devices, such as displays, cameras or printers +/usr/share/applications/gnome-color-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-color-panel.desktop +/usr/share/applications/gnome-color-panel.desktop:Name=Color +/usr/share/applications/gnome-control-center.desktop:Categories=GNOME;GTK;System; +/usr/share/applications/gnome-control-center.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-control-center.desktop +/usr/share/applications/gnome-control-center.desktop:Name=Settings +/usr/share/applications/gnome-datetime-panel.desktop:Categories=GNOME;GTK;Settings;X-GNOME-SystemSettings;X-GNOME-Settings-Panel; +/usr/share/applications/gnome-datetime-panel.desktop:Comment=Change the date and time, including time zone +/usr/share/applications/gnome-datetime-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-datetime-panel.desktop +/usr/share/applications/gnome-datetime-panel.desktop:Name=Date & Time +/usr/share/applications/gnome-disk-image-mounter.desktop:Comment=Mount Disk Images +/usr/share/applications/gnome-disk-image-mounter.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-disk-image-mounter.desktop +/usr/share/applications/gnome-disk-image-mounter.desktop:Name=Disk Image Mounter +/usr/share/applications/gnome-disk-image-writer.desktop:Comment=Write Disk Images to Devices +/usr/share/applications/gnome-disk-image-writer.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-disk-image-writer.desktop +/usr/share/applications/gnome-disk-image-writer.desktop:Name=Disk Image Writer +/usr/share/applications/gnome-disks.desktop:Categories=GNOME;GTK;Utility;HardwareSettings; +/usr/share/applications/gnome-disks.desktop:Comment=Manage Drives and Media +/usr/share/applications/gnome-disks.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-disks.desktop +/usr/share/applications/gnome-disks.desktop:Name=Disks +/usr/share/applications/gnome-display-panel.desktop:Categories=GNOME;GTK;Settings;HardwareSettings;X-GNOME-Settings-Panel; +/usr/share/applications/gnome-display-panel.desktop:Comment=Choose how to use connected monitors and projectors +/usr/share/applications/gnome-display-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-display-panel.desktop +/usr/share/applications/gnome-display-panel.desktop:Name=Displays +/usr/share/applications/gnome-info-panel.desktop:Categories=GNOME;GTK;Settings;X-GNOME-SystemSettings;X-GNOME-Settings-Panel; +/usr/share/applications/gnome-info-panel.desktop:Comment=View information about your system +/usr/share/applications/gnome-info-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-info-panel.desktop +/usr/share/applications/gnome-info-panel.desktop:Name=Details +/usr/share/applications/gnome-keyboard-panel.desktop:Categories=GNOME;GTK;Settings;HardwareSettings;X-GNOME-Settings-Panel; +/usr/share/applications/gnome-keyboard-panel.desktop:Comment=View and change keyboard shortcuts and set your typing preferences +/usr/share/applications/gnome-keyboard-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-keyboard-panel.desktop +/usr/share/applications/gnome-keyboard-panel.desktop:Name=Keyboard +/usr/share/applications/gnome-mouse-panel.desktop:Categories=GNOME;GTK;Settings;HardwareSettings;X-GNOME-Settings-Panel; +/usr/share/applications/gnome-mouse-panel.desktop:Comment=Change your mouse or touchpad sensitivity and select right or left-handed +/usr/share/applications/gnome-mouse-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-mouse-panel.desktop +/usr/share/applications/gnome-mouse-panel.desktop:Name=Mouse & Touchpad +/usr/share/applications/gnome-network-panel.desktop:Categories=GNOME;GTK;Settings;HardwareSettings;X-GNOME-Settings-Panel; +/usr/share/applications/gnome-network-panel.desktop:Comment=Control how you connect to the Internet +/usr/share/applications/gnome-network-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-network-panel.desktop +/usr/share/applications/gnome-network-panel.desktop:Name=Network +/usr/share/applications/gnome-notifications-panel.desktop:Categories=GNOME;GTK;Settings;DesktopSettings;X-GNOME-Settings-Panel;X-GNOME-PersonalSettings; +/usr/share/applications/gnome-notifications-panel.desktop:Comment=Control which notifications are displayed and what they show +/usr/share/applications/gnome-notifications-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-notifications-panel.desktop +/usr/share/applications/gnome-notifications-panel.desktop:Name=Notifications +/usr/share/applications/gnome-online-accounts-panel.desktop:Categories=GNOME;GTK;Settings;DesktopSettings;X-GNOME-Settings-Panel;X-GNOME-PersonalSettings; +/usr/share/applications/gnome-online-accounts-panel.desktop:Comment=Connect to your online accounts and decide what to use them for +/usr/share/applications/gnome-online-accounts-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-online-accounts-panel.desktop +/usr/share/applications/gnome-online-accounts-panel.desktop:Name=Online Accounts +/usr/share/applications/gnome-power-panel.desktop:Categories=GNOME;GTK;Settings;DesktopSettings;X-GNOME-Settings-Panel;HardwareSettings; +/usr/share/applications/gnome-power-panel.desktop:Comment=View your battery status and change power saving settings +/usr/share/applications/gnome-power-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-power-panel.desktop +/usr/share/applications/gnome-power-panel.desktop:Name=Power +/usr/share/applications/gnome-printers-panel.desktop:Categories=GNOME;GTK;Settings;HardwareSettings;X-GNOME-Settings-Panel; +/usr/share/applications/gnome-printers-panel.desktop:Comment=Add printers, view printer jobs and decide how you want to print +/usr/share/applications/gnome-printers-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-printers-panel.desktop +/usr/share/applications/gnome-printers-panel.desktop:Name=Printers +/usr/share/applications/gnome-privacy-panel.desktop:Categories=GNOME;GTK;Settings;DesktopSettings;X-GNOME-Settings-Panel;X-GNOME-PersonalSettings; +/usr/share/applications/gnome-privacy-panel.desktop:Comment=Protect your personal information and control what others might see +/usr/share/applications/gnome-privacy-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-privacy-panel.desktop +/usr/share/applications/gnome-privacy-panel.desktop:Name=Privacy +/usr/share/applications/gnome-region-panel.desktop:Categories=GNOME;GTK;Settings;DesktopSettings;X-GNOME-Settings-Panel;X-GNOME-PersonalSettings; +/usr/share/applications/gnome-region-panel.desktop:Comment=Select your display language, formats, keyboard layouts and input sources +/usr/share/applications/gnome-region-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-region-panel.desktop +/usr/share/applications/gnome-region-panel.desktop:Name=Region & Language +/usr/share/applications/gnome-search-panel.desktop:Categories=GNOME;GTK;Settings;DesktopSettings;X-GNOME-Settings-Panel;X-GNOME-PersonalSettings; +/usr/share/applications/gnome-search-panel.desktop:Comment=Control which applications show search results in the Activities Overview +/usr/share/applications/gnome-search-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-search-panel.desktop +/usr/share/applications/gnome-search-panel.desktop:Name=Search +/usr/share/applications/gnome-sharing-panel.desktop:Categories=GNOME;GTK;Settings;DesktopSettings;X-GNOME-Settings-Panel;X-GNOME-SystemSettings; +/usr/share/applications/gnome-sharing-panel.desktop:Comment=Control what you want to share with others +/usr/share/applications/gnome-sharing-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-sharing-panel.desktop +/usr/share/applications/gnome-sharing-panel.desktop:Name=Sharing +/usr/share/applications/gnome-shell-classic.desktop:Categories=GNOME;GTK;Core; +/usr/share/applications/gnome-shell-classic.desktop:Comment=Window management and application launching +/usr/share/applications/gnome-shell-classic.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-shell-classic.desktop +/usr/share/applications/gnome-shell-classic.desktop:Name=GNOME Shell Classic +/usr/share/applications/gnome-shell-extension-prefs.desktop:Categories=GNOME;GTK; +/usr/share/applications/gnome-shell-extension-prefs.desktop:Comment=Configure GNOME Shell Extensions +/usr/share/applications/gnome-shell-extension-prefs.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-shell-extension-prefs.desktop +/usr/share/applications/gnome-shell-extension-prefs.desktop:Name=GNOME Shell Extension Preferences +/usr/share/applications/gnome-shell.desktop:Categories=GNOME;GTK;Core; +/usr/share/applications/gnome-shell.desktop:Comment=Window management and application launching +/usr/share/applications/gnome-shell.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-shell.desktop +/usr/share/applications/gnome-shell.desktop:Name=GNOME Shell +/usr/share/applications/gnome-software-local-file.desktop:Categories=System; +/usr/share/applications/gnome-software-local-file.desktop:Comment=Install selected software on the system +/usr/share/applications/gnome-software-local-file.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-software-local-file.desktop +/usr/share/applications/gnome-software-local-file.desktop:Name=Software Install +/usr/share/applications/gnome-sound-panel.desktop:Categories=GNOME;GTK;Settings;HardwareSettings;X-GNOME-Settings-Panel; +/usr/share/applications/gnome-sound-panel.desktop:Comment=Change sound levels, inputs, outputs, and alert sounds +/usr/share/applications/gnome-sound-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-sound-panel.desktop +/usr/share/applications/gnome-sound-panel.desktop:Name=Sound +/usr/share/applications/gnome-system-monitor-kde.desktop:Categories=GNOME;GTK;System;Monitor; +/usr/share/applications/gnome-system-monitor-kde.desktop:Comment=View current processes and monitor system state +/usr/share/applications/gnome-system-monitor-kde.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-system-monitor-kde.desktop +/usr/share/applications/gnome-system-monitor-kde.desktop:Name=GNOME System Monitor +/usr/share/applications/gnome-system-monitor.desktop:Categories=GNOME;GTK;System;Monitor; +/usr/share/applications/gnome-system-monitor.desktop:Comment=View current processes and monitor system state +/usr/share/applications/gnome-system-monitor.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-system-monitor.desktop +/usr/share/applications/gnome-system-monitor.desktop:Name=System Monitor +/usr/share/applications/gnome-terminal.desktop:Categories=GNOME;GTK;System;TerminalEmulator; +/usr/share/applications/gnome-terminal.desktop:Comment=Use the command line +/usr/share/applications/gnome-terminal.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-terminal.desktop +/usr/share/applications/gnome-terminal.desktop:Name=Terminal +/usr/share/applications/gnome-universal-access-panel.desktop:Categories=GNOME;GTK;Settings;X-GNOME-SystemSettings;X-GNOME-Settings-Panel; +/usr/share/applications/gnome-universal-access-panel.desktop:Comment=Make it easier to see, hear, type, point and click +/usr/share/applications/gnome-universal-access-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-universal-access-panel.desktop +/usr/share/applications/gnome-universal-access-panel.desktop:Name=Universal Access +/usr/share/applications/gnome-user-accounts-panel.desktop:Categories=System;Settings;X-GNOME-Settings-Panel;X-GNOME-SystemSettings; +/usr/share/applications/gnome-user-accounts-panel.desktop:Comment=Add or remove users and change your password +/usr/share/applications/gnome-user-accounts-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-user-accounts-panel.desktop +/usr/share/applications/gnome-user-accounts-panel.desktop:Name=Users +/usr/share/applications/gnome-user-share-webdav.desktop:Categories= +/usr/share/applications/gnome-user-share-webdav.desktop:Comment=Launch Personal File Sharing if enabled +/usr/share/applications/gnome-user-share-webdav.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-user-share-webdav.desktop +/usr/share/applications/gnome-user-share-webdav.desktop:Name=Personal File Sharing +/usr/share/applications/gnome-wacom-panel.desktop:Categories=GNOME;GTK;Settings;HardwareSettings;X-GNOME-Settings-Panel; +/usr/share/applications/gnome-wacom-panel.desktop:Comment=Set button mappings and adjust stylus sensitivity for graphics tablets +/usr/share/applications/gnome-wacom-panel.desktop:Exec=qubes-desktop-run /usr/share/applications/gnome-wacom-panel.desktop +/usr/share/applications/gnome-wacom-panel.desktop:Name=Wacom Tablet +/usr/share/applications/gpk-dbus-service.desktop:Categories=System; +/usr/share/applications/gpk-dbus-service.desktop:Comment=Install selected software on the system +/usr/share/applications/gpk-dbus-service.desktop:Exec=qubes-desktop-run /usr/share/applications/gpk-dbus-service.desktop +/usr/share/applications/gpk-dbus-service.desktop:Name=Software Install +/usr/share/applications/gpk-log.desktop:Categories=GNOME;GTK;System; +/usr/share/applications/gpk-log.desktop:Comment=View past package management tasks +/usr/share/applications/gpk-log.desktop:Exec=qubes-desktop-run /usr/share/applications/gpk-log.desktop +/usr/share/applications/gpk-log.desktop:Name=Package Log +/usr/share/applications/gpk-prefs.desktop:Categories=Settings;X-GNOME-SystemSettings; +/usr/share/applications/gpk-prefs.desktop:Comment=Enable or disable package repositories +/usr/share/applications/gpk-prefs.desktop:Exec=qubes-desktop-run /usr/share/applications/gpk-prefs.desktop +/usr/share/applications/gpk-prefs.desktop:Name=Package Sources +/usr/share/applications/gpk-update-viewer.desktop:Categories=GNOME;GTK;System; +/usr/share/applications/gpk-update-viewer.desktop:Comment=Update software installed on the system +/usr/share/applications/gpk-update-viewer.desktop:Exec=qubes-desktop-run /usr/share/applications/gpk-update-viewer.desktop +/usr/share/applications/gpk-update-viewer.desktop:Name=Package Updater +/usr/share/applications/gucharmap.desktop:Categories=GNOME;GTK;Utility; +/usr/share/applications/gucharmap.desktop:Comment=Insert special characters into documents +/usr/share/applications/gucharmap.desktop:Exec=qubes-desktop-run /usr/share/applications/gucharmap.desktop +/usr/share/applications/gucharmap.desktop:Name=Character Map +/usr/share/applications/ibus-setup-chewing.desktop:Categories=Settings; +/usr/share/applications/ibus-setup-chewing.desktop:Comment=Set IBus Chewing Preferences +/usr/share/applications/ibus-setup-chewing.desktop:Exec=qubes-desktop-run /usr/share/applications/ibus-setup-chewing.desktop +/usr/share/applications/ibus-setup-chewing.desktop:Name=IBus Chewing Preferences +/usr/share/applications/ibus-setup-hangul.desktop:Categories=Settings; +/usr/share/applications/ibus-setup-hangul.desktop:Comment=Set IBus Hangul Preferences +/usr/share/applications/ibus-setup-hangul.desktop:Exec=qubes-desktop-run /usr/share/applications/ibus-setup-hangul.desktop +/usr/share/applications/ibus-setup-hangul.desktop:Name=IBus Hangul Preferences +/usr/share/applications/ibus-setup-kkc.desktop:Comment=Customize Kana Kanji Conversion input-method +/usr/share/applications/ibus-setup-kkc.desktop:Exec=qubes-desktop-run /usr/share/applications/ibus-setup-kkc.desktop +/usr/share/applications/ibus-setup-kkc.desktop:Name=Kana Kanji Conversion Preferences +/usr/share/applications/ibus-setup-libbopomofo.desktop:Comment=Set ibus-libbopomofo Preferences +/usr/share/applications/ibus-setup-libbopomofo.desktop:Exec=qubes-desktop-run /usr/share/applications/ibus-setup-libbopomofo.desktop +/usr/share/applications/ibus-setup-libbopomofo.desktop:Name=IBus LibBopomofo Preferences +/usr/share/applications/ibus-setup-libpinyin.desktop:Comment=Set ibus-libpinyin Preferences +/usr/share/applications/ibus-setup-libpinyin.desktop:Exec=qubes-desktop-run /usr/share/applications/ibus-setup-libpinyin.desktop +/usr/share/applications/ibus-setup-libpinyin.desktop:Name=IBus LibPinyin Setup +/usr/share/applications/ibus-setup-m17n.desktop:Comment=Set up IBus M17N engine +/usr/share/applications/ibus-setup-m17n.desktop:Exec=qubes-desktop-run /usr/share/applications/ibus-setup-m17n.desktop +/usr/share/applications/ibus-setup-m17n.desktop:Name=IBus M17N Setup +/usr/share/applications/ibus-setup-typing-booster.desktop:Comment=Set ibus-typing-booster Preferences +/usr/share/applications/ibus-setup-typing-booster.desktop:Exec=qubes-desktop-run /usr/share/applications/ibus-setup-typing-booster.desktop +/usr/share/applications/ibus-setup-typing-booster.desktop:Name=IBus Typing Booster Setup +/usr/share/applications/ibus-setup.desktop:Categories=Settings; +/usr/share/applications/ibus-setup.desktop:Comment=Set IBus Preferences +/usr/share/applications/ibus-setup.desktop:Exec=qubes-desktop-run /usr/share/applications/ibus-setup.desktop +/usr/share/applications/ibus-setup.desktop:Name=IBus Preferences +/usr/share/applications/keepassx.desktop:Categories=Qt;Utility;Security; +/usr/share/applications/keepassx.desktop:Comment=Cross Platform Password Manager +/usr/share/applications/keepassx.desktop:Exec=qubes-desktop-run /usr/share/applications/keepassx.desktop +/usr/share/applications/keepassx.desktop:GenericName=Cross Platform Password Manager +/usr/share/applications/keepassx.desktop:Name=KeePassX +/usr/share/applications/libreoffice-calc.desktop:Categories=Office;Spreadsheet;X-Red-Hat-Base;X-MandrivaLinux-Office-Spreadsheets; +/usr/share/applications/libreoffice-calc.desktop:Comment=Perform calculations, analyze information and manage lists in spreadsheets by using Calc. +/usr/share/applications/libreoffice-calc.desktop:Exec=qubes-desktop-run /usr/share/applications/libreoffice-calc.desktop +/usr/share/applications/libreoffice-calc.desktop:GenericName=Spreadsheet +/usr/share/applications/libreoffice-calc.desktop:Name=LibreOffice Calc +/usr/share/applications/libreoffice-draw.desktop:Categories=Office;FlowChart;Graphics;2DGraphics;VectorGraphics;X-Red-Hat-Base;X-MandrivaLinux-Office-Drawing; +/usr/share/applications/libreoffice-draw.desktop:Comment=Create and edit drawings, flow charts and logos by using Draw. +/usr/share/applications/libreoffice-draw.desktop:Exec=qubes-desktop-run /usr/share/applications/libreoffice-draw.desktop +/usr/share/applications/libreoffice-draw.desktop:GenericName=Drawing Program +/usr/share/applications/libreoffice-draw.desktop:Name=LibreOffice Draw +/usr/share/applications/libreoffice-impress.desktop:Categories=Office;Presentation;X-Red-Hat-Base;X-MandrivaLinux-Office-Presentations; +/usr/share/applications/libreoffice-impress.desktop:Comment=Create and edit presentations for slideshows, meeting and Web pages by using Impress. +/usr/share/applications/libreoffice-impress.desktop:Exec=qubes-desktop-run /usr/share/applications/libreoffice-impress.desktop +/usr/share/applications/libreoffice-impress.desktop:GenericName=Presentation +/usr/share/applications/libreoffice-impress.desktop:Name=LibreOffice Impress +/usr/share/applications/libreoffice-math.desktop:Categories=Office;Spreadsheet;Education;Science;Math;X-Red-Hat-Base;X-MandrivaLinux-Office-Other; +/usr/share/applications/libreoffice-math.desktop:Comment=Create and edit scientific formulas and equations by using Math. +/usr/share/applications/libreoffice-math.desktop:Exec=qubes-desktop-run /usr/share/applications/libreoffice-math.desktop +/usr/share/applications/libreoffice-math.desktop:GenericName=Formula Editor +/usr/share/applications/libreoffice-math.desktop:Name=LibreOffice Math +/usr/share/applications/libreoffice-startcenter.desktop:Categories=Office;X-Red-Hat-Base;X-SuSE-Core-Office;X-MandrivaLinux-Office-Other; +/usr/share/applications/libreoffice-startcenter.desktop:Comment=The office productivity suite compatible to the open and standardized ODF document format. Supported by The Document Foundation. +/usr/share/applications/libreoffice-startcenter.desktop:Exec=qubes-desktop-run /usr/share/applications/libreoffice-startcenter.desktop +/usr/share/applications/libreoffice-startcenter.desktop:GenericName=Office +/usr/share/applications/libreoffice-startcenter.desktop:Name=LibreOffice +/usr/share/applications/libreoffice-writer.desktop:Categories=Office;WordProcessor;X-Red-Hat-Base;X-MandrivaLinux-Office-Wordprocessors; +/usr/share/applications/libreoffice-writer.desktop:Comment=Create and edit text and graphics in letters, reports, documents and Web pages by using Writer. +/usr/share/applications/libreoffice-writer.desktop:Exec=qubes-desktop-run /usr/share/applications/libreoffice-writer.desktop +/usr/share/applications/libreoffice-writer.desktop:GenericName=Word Processor +/usr/share/applications/libreoffice-writer.desktop:Name=LibreOffice Writer +/usr/share/applications/libreoffice-xsltfilter.desktop:Exec=qubes-desktop-run /usr/share/applications/libreoffice-xsltfilter.desktop +/usr/share/applications/libreoffice-xsltfilter.desktop:GenericName=XSLT based filters +/usr/share/applications/libreoffice-xsltfilter.desktop:Name=LibreOffice XSLT based filters +/usr/share/applications/mate-notification-properties.desktop:Categories=GTK;Settings;DesktopSettings; +/usr/share/applications/mate-notification-properties.desktop:Comment=Set your popup notification preferences +/usr/share/applications/mate-notification-properties.desktop:Exec=qubes-desktop-run /usr/share/applications/mate-notification-properties.desktop +/usr/share/applications/mate-notification-properties.desktop:Name=Popup Notifications +/usr/share/applications/mount-archive.desktop:Exec=qubes-desktop-run /usr/share/applications/mount-archive.desktop +/usr/share/applications/mount-archive.desktop:Name=Archive Mounter +/usr/share/applications/mozilla-thunderbird.desktop:Categories=Network;Email; +/usr/share/applications/mozilla-thunderbird.desktop:Comment=Send and Receive Email +/usr/share/applications/mozilla-thunderbird.desktop:Exec=qubes-desktop-run /usr/share/applications/mozilla-thunderbird.desktop +/usr/share/applications/mozilla-thunderbird.desktop:GenericName=Email +/usr/share/applications/mozilla-thunderbird.desktop:Name=Thunderbird +/usr/share/applications/nautilus-autorun-software.desktop:Exec=qubes-desktop-run /usr/share/applications/nautilus-autorun-software.desktop +/usr/share/applications/nautilus-autorun-software.desktop:Name=Run Software +/usr/share/applications/nautilus-classic.desktop:Comment=Classic session desktop file for desktop icons +/usr/share/applications/nautilus-classic.desktop:Exec=qubes-desktop-run /usr/share/applications/nautilus-classic.desktop +/usr/share/applications/nautilus-classic.desktop:Name=Desktop Icons +/usr/share/applications/nautilus-connect-server.desktop:Exec=qubes-desktop-run /usr/share/applications/nautilus-connect-server.desktop +/usr/share/applications/nautilus-connect-server.desktop:Name=Connect to Server +/usr/share/applications/nm-applet.desktop:Comment=Manage your network connections +/usr/share/applications/nm-applet.desktop:Exec=qubes-desktop-run /usr/share/applications/nm-applet.desktop +/usr/share/applications/nm-applet.desktop:Name=Network +/usr/share/applications/nm-connection-editor.desktop:Categories=GNOME;GTK;Settings;X-GNOME-NetworkSettings; +/usr/share/applications/nm-connection-editor.desktop:Comment=Manage and change your network connection settings +/usr/share/applications/nm-connection-editor.desktop:Exec=qubes-desktop-run /usr/share/applications/nm-connection-editor.desktop +/usr/share/applications/nm-connection-editor.desktop:Name=Network Connections +/usr/share/applications/nm-vpnc-auth-dialog.desktop:Comment=Request VPN authentication +/usr/share/applications/nm-vpnc-auth-dialog.desktop:Exec=qubes-desktop-run /usr/share/applications/nm-vpnc-auth-dialog.desktop +/usr/share/applications/nm-vpnc-auth-dialog.desktop:Name=Network +/usr/share/applications/openoffice.org-diafilter.desktop:Exec=qubes-desktop-run /usr/share/applications/openoffice.org-diafilter.desktop +/usr/share/applications/openoffice.org-diafilter.desktop:GenericName=DIA Format Importer +/usr/share/applications/openoffice.org-diafilter.desktop:Name=%PRODUCTNAME DIA Format Importer +/usr/share/applications/orca.desktop:Categories=GTK;GNOME;Utility;Accessibility; +/usr/share/applications/orca.desktop:Comment=Provide access to graphical desktop environments via synthesized speech and/or refreshable braille +/usr/share/applications/orca.desktop:Exec=qubes-desktop-run /usr/share/applications/orca.desktop +/usr/share/applications/orca.desktop:GenericName=Screen Reader +/usr/share/applications/orca.desktop:Name=Screen Reader +/usr/share/applications/org.gnome.Cheese.desktop:Categories=GNOME;AudioVideo;Video;Recorder; +/usr/share/applications/org.gnome.Cheese.desktop:Comment=Take photos and videos with your webcam, with fun graphical effects +/usr/share/applications/org.gnome.Cheese.desktop:Exec=qubes-desktop-run /usr/share/applications/org.gnome.Cheese.desktop +/usr/share/applications/org.gnome.Cheese.desktop:Name=Cheese +/usr/share/applications/org.gnome.Contacts.desktop:Categories=GNOME;GTK;Utility; +/usr/share/applications/org.gnome.Contacts.desktop:Comment=A contacts manager for GNOME +/usr/share/applications/org.gnome.Contacts.desktop:Exec=qubes-desktop-run /usr/share/applications/org.gnome.Contacts.desktop +/usr/share/applications/org.gnome.Contacts.desktop:Name=Contacts +/usr/share/applications/org.gnome.Documents.desktop:Categories=GNOME;GTK;Utility;Core; +/usr/share/applications/org.gnome.Documents.desktop:Comment=Access, manage and share documents +/usr/share/applications/org.gnome.Documents.desktop:Exec=qubes-desktop-run /usr/share/applications/org.gnome.Documents.desktop +/usr/share/applications/org.gnome.Documents.desktop:Name=Documents +/usr/share/applications/org.gnome.FileRoller.desktop:Categories=GTK;GNOME;Utility;Archiving;Compression;X-GNOME-Utilities; +/usr/share/applications/org.gnome.FileRoller.desktop:Comment=Create and modify an archive +/usr/share/applications/org.gnome.FileRoller.desktop:Exec=qubes-desktop-run /usr/share/applications/org.gnome.FileRoller.desktop +/usr/share/applications/org.gnome.FileRoller.desktop:Name=Archive Manager +/usr/share/applications/org.gnome.Nautilus.desktop:Categories=GNOME;GTK;Utility;Core;FileManager; +/usr/share/applications/org.gnome.Nautilus.desktop:Comment=Access and organize files +/usr/share/applications/org.gnome.Nautilus.desktop:Exec=qubes-desktop-run /usr/share/applications/org.gnome.Nautilus.desktop +/usr/share/applications/org.gnome.Nautilus.desktop:Name=Files +/usr/share/applications/org.gnome.Screenshot.desktop:Categories=GTK;GNOME;Utility;X-GNOME-Utilities; +/usr/share/applications/org.gnome.Screenshot.desktop:Comment=Save images of your screen or individual windows +/usr/share/applications/org.gnome.Screenshot.desktop:Exec=qubes-desktop-run /usr/share/applications/org.gnome.Screenshot.desktop +/usr/share/applications/org.gnome.Screenshot.desktop:Name=Screenshot +/usr/share/applications/org.gnome.Shell.PortalHelper.desktop:Exec=qubes-desktop-run /usr/share/applications/org.gnome.Shell.PortalHelper.desktop +/usr/share/applications/org.gnome.Shell.PortalHelper.desktop:Name=Captive Portal +/usr/share/applications/org.gnome.Software.desktop:Categories=GNOME;GTK;System;PackageManager; +/usr/share/applications/org.gnome.Software.desktop:Comment=Add, remove or update software on this computer +/usr/share/applications/org.gnome.Software.desktop:Exec=qubes-desktop-run /usr/share/applications/org.gnome.Software.desktop +/usr/share/applications/org.gnome.Software.desktop:Name=Software +/usr/share/applications/org.gnome.Totem.desktop:Categories=GTK;GNOME;AudioVideo;Player;Video; +/usr/share/applications/org.gnome.Totem.desktop:Comment=Play movies +/usr/share/applications/org.gnome.Totem.desktop:Exec=qubes-desktop-run /usr/share/applications/org.gnome.Totem.desktop +/usr/share/applications/org.gnome.Totem.desktop:Name=Videos +/usr/share/applications/org.gnome.Weather.Application.desktop:Categories=GNOME;GTK;Utility;Core; +/usr/share/applications/org.gnome.Weather.Application.desktop:Comment=Show weather conditions and forecast +/usr/share/applications/org.gnome.Weather.Application.desktop:Exec=qubes-desktop-run /usr/share/applications/org.gnome.Weather.Application.desktop +/usr/share/applications/org.gnome.Weather.Application.desktop:Name=Weather +/usr/share/applications/org.gnome.baobab.desktop:Categories=GTK;GNOME;System;Filesystem;X-GNOME-Utilities; +/usr/share/applications/org.gnome.baobab.desktop:Comment=Check folder sizes and available disk space +/usr/share/applications/org.gnome.baobab.desktop:Exec=qubes-desktop-run /usr/share/applications/org.gnome.baobab.desktop +/usr/share/applications/org.gnome.baobab.desktop:Name=Disk Usage Analyzer +/usr/share/applications/org.gnome.clocks.desktop:Categories=GNOME;GTK;Utility;Clock; +/usr/share/applications/org.gnome.clocks.desktop:Comment=Clocks for world times, plus alarms, stopwatch and a timer +/usr/share/applications/org.gnome.clocks.desktop:Exec=qubes-desktop-run /usr/share/applications/org.gnome.clocks.desktop +/usr/share/applications/org.gnome.clocks.desktop:GenericName=Clocks +/usr/share/applications/org.gnome.clocks.desktop:Name=Clocks +/usr/share/applications/org.gnome.font-viewer.desktop:Categories=GTK;GNOME;Utility;X-GNOME-Utilities; +/usr/share/applications/org.gnome.font-viewer.desktop:Comment=View fonts on your system +/usr/share/applications/org.gnome.font-viewer.desktop:Exec=qubes-desktop-run /usr/share/applications/org.gnome.font-viewer.desktop +/usr/share/applications/org.gnome.font-viewer.desktop:Name=Font Viewer +/usr/share/applications/org.gnome.gedit.desktop:Categories=GNOME;GTK;Utility;TextEditor; +/usr/share/applications/org.gnome.gedit.desktop:Comment=Edit text files +/usr/share/applications/org.gnome.gedit.desktop:Exec=qubes-desktop-run /usr/share/applications/org.gnome.gedit.desktop +/usr/share/applications/org.gnome.gedit.desktop:GenericName=Text Editor +/usr/share/applications/org.gnome.gedit.desktop:Name=gedit +/usr/share/applications/qt4-designer.desktop:Categories=Qt;Development; +/usr/share/applications/qt4-designer.desktop:Comment=Design GUIs for Qt4 applications +/usr/share/applications/qt4-designer.desktop:Exec=qubes-desktop-run /usr/share/applications/qt4-designer.desktop +/usr/share/applications/qt4-designer.desktop:GenericName=Interface Designer +/usr/share/applications/qt4-designer.desktop:Name=Qt4 Designer +/usr/share/applications/qt4-linguist.desktop:Categories=Qt;Development; +/usr/share/applications/qt4-linguist.desktop:Comment=Add translations to Qt4 applications +/usr/share/applications/qt4-linguist.desktop:Exec=qubes-desktop-run /usr/share/applications/qt4-linguist.desktop +/usr/share/applications/qt4-linguist.desktop:GenericName=Translation tool +/usr/share/applications/qt4-linguist.desktop:Name=Qt4 Linguist +/usr/share/applications/rhythmbox-device.desktop:Categories=GNOME;GTK;AudioVideo; +/usr/share/applications/rhythmbox-device.desktop:Comment=Play and organize your music collection +/usr/share/applications/rhythmbox-device.desktop:Exec=qubes-desktop-run /usr/share/applications/rhythmbox-device.desktop +/usr/share/applications/rhythmbox-device.desktop:GenericName=Music Player +/usr/share/applications/rhythmbox-device.desktop:Name=Rhythmbox +/usr/share/applications/rhythmbox.desktop:Categories=GNOME;GTK;AudioVideo;Audio;Player; +/usr/share/applications/rhythmbox.desktop:Comment=Play and organize your music collection +/usr/share/applications/rhythmbox.desktop:Exec=qubes-desktop-run /usr/share/applications/rhythmbox.desktop +/usr/share/applications/rhythmbox.desktop:GenericName=Music Player +/usr/share/applications/rhythmbox.desktop:Name=Rhythmbox +/usr/share/applications/rygel-preferences.desktop:Categories=Settings;X-GNOME-PersonalSettings; +/usr/share/applications/rygel-preferences.desktop:Exec=qubes-desktop-run /usr/share/applications/rygel-preferences.desktop +/usr/share/applications/rygel-preferences.desktop:GenericName=UPnP/DLNA Preferences +/usr/share/applications/rygel-preferences.desktop:Name=Rygel Preferences +/usr/share/applications/rygel.desktop:Categories= +/usr/share/applications/rygel.desktop:Comment=UPnP/DLNA Services +/usr/share/applications/rygel.desktop:Exec=qubes-desktop-run /usr/share/applications/rygel.desktop +/usr/share/applications/rygel.desktop:GenericName=UPnP/DLNA Services +/usr/share/applications/rygel.desktop:Name=Rygel +/usr/share/applications/seahorse.desktop:Categories=GNOME;GTK;Security;Utility;DesktopSettings;X-XFCE-SettingsDialog;X-Fedora; +/usr/share/applications/seahorse.desktop:Comment=Manage your passwords and encryption keys +/usr/share/applications/seahorse.desktop:Exec=qubes-desktop-run /usr/share/applications/seahorse.desktop +/usr/share/applications/seahorse.desktop:Name=Passwords and Keys +/usr/share/applications/setroubleshoot.desktop:Categories=System; +/usr/share/applications/setroubleshoot.desktop:Comment=Troubleshoot SELinux access denials +/usr/share/applications/setroubleshoot.desktop:Exec=qubes-desktop-run /usr/share/applications/setroubleshoot.desktop +/usr/share/applications/setroubleshoot.desktop:GenericName=SELinux Troubleshooter +/usr/share/applications/setroubleshoot.desktop:Name=SELinux Troubleshooter +/usr/share/applications/shotwell-viewer.desktop:Categories=Graphics;Viewer;Photography;GNOME;GTK; +/usr/share/applications/shotwell-viewer.desktop:Exec=qubes-desktop-run /usr/share/applications/shotwell-viewer.desktop +/usr/share/applications/shotwell-viewer.desktop:GenericName=Photo Viewer +/usr/share/applications/shotwell-viewer.desktop:Name=Shotwell Viewer +/usr/share/applications/shotwell.desktop:Categories=Graphics;Photography;GNOME;GTK; +/usr/share/applications/shotwell.desktop:Comment=Organize your photos +/usr/share/applications/shotwell.desktop:Exec=qubes-desktop-run /usr/share/applications/shotwell.desktop +/usr/share/applications/shotwell.desktop:GenericName=Photo Manager +/usr/share/applications/shotwell.desktop:Name=Shotwell +/usr/share/applications/transmission-gtk.desktop:Categories=Network;FileTransfer;P2P;GTK; +/usr/share/applications/transmission-gtk.desktop:Comment=Download and share files over BitTorrent +/usr/share/applications/transmission-gtk.desktop:Exec=qubes-desktop-run /usr/share/applications/transmission-gtk.desktop +/usr/share/applications/transmission-gtk.desktop:GenericName=BitTorrent Client +/usr/share/applications/transmission-gtk.desktop:Name=Transmission +/usr/share/applications/vino-server.desktop:Comment=GNOME Desktop Sharing Server +/usr/share/applications/vino-server.desktop:Exec=qubes-desktop-run /usr/share/applications/vino-server.desktop +/usr/share/applications/vino-server.desktop:Name=Desktop Sharing +/usr/share/applications/xfce4-terminal.desktop:Categories=GTK;System;TerminalEmulator; +/usr/share/applications/xfce4-terminal.desktop:Comment=Terminal Emulator +/usr/share/applications/xfce4-terminal.desktop:Exec=qubes-desktop-run /usr/share/applications/xfce4-terminal.desktop +/usr/share/applications/xfce4-terminal.desktop:GenericName=Terminal Emulator +/usr/share/applications/xfce4-terminal.desktop:Name=Xfce Terminal +/usr/share/applications/xterm.desktop:Categories=System;TerminalEmulator; +/usr/share/applications/xterm.desktop:Comment=standard terminal emulator for the X window system +/usr/share/applications/xterm.desktop:Exec=qubes-desktop-run /usr/share/applications/xterm.desktop +/usr/share/applications/xterm.desktop:GenericName=Terminal +/usr/share/applications/xterm.desktop:Name=XTerm +/usr/share/applications/yelp.desktop:Categories=GNOME;GTK;Core;Documentation;Utility; +/usr/share/applications/yelp.desktop:Comment=Get help with GNOME +/usr/share/applications/yelp.desktop:Exec=qubes-desktop-run /usr/share/applications/yelp.desktop +/usr/share/applications/yelp.desktop:Name=Help diff --git a/live/qubes-live.spec b/live/qubes-live.spec index e1577ae..5375efc 100644 --- a/live/qubes-live.spec +++ b/live/qubes-live.spec @@ -29,6 +29,9 @@ install -m 0755 -t $RPM_BUILD_ROOT/etc/rc.d/init.d/ \ install -D -m 0644 lightdm-qubes-live.conf \ $RPM_BUILD_ROOT/etc/lightdm/lightdm.conf.d/50-qubes-live.conf + +install -D -m 0644 default-appmenus $RPM_BUILD_ROOT/usr/share/qubes/live-default-appmenus + %post /sbin/restorecon /etc/rc.d/init.d/livesys @@ -51,6 +54,7 @@ done /etc/rc.d/init.d/livesys /etc/rc.d/init.d/livesys-late /etc/lightdm/lightdm.conf.d/50-qubes-live.conf +/usr/share/qubes/live-default-appmenus %changelog From 28fcfcc23840a6b97d1c3d6c419118dea3db2d86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 4 Aug 2015 05:31:40 +0200 Subject: [PATCH 19/31] liveusb: overlayfs doesn't support sparse files, use tmpfs directly This comes with some overhead, at least at the beginning, because all private images are copied there at system startup (instead of first use). This uses about 450MB of RAM. Still better than non-sparse private.img (2GB...). --- live/livesys | 38 ++++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/live/livesys b/live/livesys index 3e69cdf..be1463f 100755 --- a/live/livesys +++ b/live/livesys @@ -104,16 +104,38 @@ if ! strstr "`cat /proc/cmdline`" nopersistenthome && [ -n "$homedev" ] ; then else mkdir -p /home/qubes mount -t tmpfs none /home/qubes + chown root:qubes /home/qubes + chmod 2775 /home/qubes fi -mkdir -p /home/qubes/qubes -mkdir -p /home/qubes/workdir -ln -nsf /var/lib/qubes-base/vm-templates /home/qubes/qubes/vm-templates -mount -t overlay overlay \ - -o lowerdir=/var/lib/qubes-base \ - -o upperdir=/home/qubes/qubes \ - -o workdir=/home/qubes/workdir \ - /var/lib/qubes +# overlay fs doesn't handle sparse files: +# fs/overlayfs/copy_up.c:94 /* FIXME: copy up sparse files efficiently */ +# So for now it is useless here. But some day... +# +#mkdir -p /home/qubes/qubes +#mkdir -p /home/qubes/workdir +#ln -nsf /var/lib/qubes-base/vm-templates /home/qubes/qubes/vm-templates +#mount -t overlay overlay \ +# -o lowerdir=/var/lib/qubes-base \ +# -o upperdir=/home/qubes/qubes \ +# -o workdir=/home/qubes/workdir \ +# /var/lib/qubes + +ln -nsf /var/lib/qubes-base/vm-templates /home/qubes/vm-templates +ln -nsf /var/lib/qubes-base/vm-kernels /home/qubes/vm-kernels +for dir in /var/lib/qubes-base/*; do + dir=`basename $dir` + case $dir in + vm-templates) ;; + vm-kernels) ;; + *) + if [ ! -e /home/qubes/$dir ]; then + cp -a /var/lib/qubes-base/$dir /home/qubes/ + fi + ;; + esac +done +mount --bind /home/qubes /var/lib/qubes /usr/bin/qvm-prefs --offline-mode -s sys-net pcidevs '[]' for dev in $(/sbin/lspci -mm -n | sed -ne 's/^\([0-9][0-9]:[0-9][0-9].[0-9]\) "02.*/\1/p'); do From ea884ac81d6b03c443009e851d069d0fb41306bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 4 Aug 2015 05:55:06 +0200 Subject: [PATCH 20/31] liveusb: use more friendly output image name --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 947c7e9..5a77525 100644 --- a/Makefile +++ b/Makefile @@ -153,7 +153,7 @@ iso-installer: iso-prepare iso-liveusb: conf/liveusb.ks iso-prepare mkdir -p work - pushd work && ../livecd-creator-qubes --verbose --debug --product='Qubes OS' --title="Qubes OS $(ISO_VERSION)" --config ../$< && popd + pushd work && ../livecd-creator-qubes --verbose --debug --product='Qubes OS' --title="Qubes OS $(ISO_VERSION)" --fslabel="Qubes-$(ISO_VERSION)-x86_64-LIVE" --config ../$< && popd # Move result files to known-named directories mkdir -p build/ISO/qubes-x86_64/iso build/work mv work/*.iso build/ISO/qubes-x86_64/iso/ From f5673dbb49800501a25c39a7e42f3060c59b8453 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 7 Aug 2015 02:27:42 +0200 Subject: [PATCH 21/31] liveusb: fix package name in build-deps --- build-deps-iso.list | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-deps-iso.list b/build-deps-iso.list index c420347..0c13c3c 100644 --- a/build-deps-iso.list +++ b/build-deps-iso.list @@ -2,4 +2,4 @@ anaconda pungi pykickstart lorax-templates-qubes -livecd-creator +livecd-tools From 1408be322e09efa9f113cb5d553887ab0c243909 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sun, 9 Aug 2015 14:05:15 +0200 Subject: [PATCH 22/31] live: disable (currently broken) EFI --- conf/liveusb.ks | 3 +++ 1 file changed, 3 insertions(+) diff --git a/conf/liveusb.ks b/conf/liveusb.ks index 645d7ca..8f81c33 100644 --- a/conf/liveusb.ks +++ b/conf/liveusb.ks @@ -33,6 +33,9 @@ anaconda qubes-live +# FIXME: xen.efi not supported by livecd-tools, disable it for now +-shim + %end %post From 012cad5b47b12f7bdac924165663f55291947e12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sun, 9 Aug 2015 20:42:24 +0200 Subject: [PATCH 23/31] live: remove redundant livecd-creator --verbose flag --debug already implies this. Actually only the last one is used. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 5a77525..fdf6f13 100644 --- a/Makefile +++ b/Makefile @@ -153,7 +153,7 @@ iso-installer: iso-prepare iso-liveusb: conf/liveusb.ks iso-prepare mkdir -p work - pushd work && ../livecd-creator-qubes --verbose --debug --product='Qubes OS' --title="Qubes OS $(ISO_VERSION)" --fslabel="Qubes-$(ISO_VERSION)-x86_64-LIVE" --config ../$< && popd + pushd work && ../livecd-creator-qubes --debug --product='Qubes OS' --title="Qubes OS $(ISO_VERSION)" --fslabel="Qubes-$(ISO_VERSION)-x86_64-LIVE" --config ../$< && popd # Move result files to known-named directories mkdir -p build/ISO/qubes-x86_64/iso build/work mv work/*.iso build/ISO/qubes-x86_64/iso/ From d57c5e814af12f473caf85aae469a19a40c232f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sun, 9 Aug 2015 20:43:06 +0200 Subject: [PATCH 24/31] live: place private.img of default VMs back on dm-snapshot device Apparently those 350MB are critical on 4GB systems without a swap. --- live/livesys | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/live/livesys b/live/livesys index be1463f..8e54155 100755 --- a/live/livesys +++ b/live/livesys @@ -135,6 +135,12 @@ for dir in /var/lib/qubes-base/*; do ;; esac done +for privateimg in /var/lib/qubes-base/*vms/*/private.img; do + tmpfs_path=${privateimg/\/var\/lib\/qubes-base/\/home\/qubes} + if rm $tmpfs_path; then + ln -s $privateimg $tmpfs_path + fi +done mount --bind /home/qubes /var/lib/qubes /usr/bin/qvm-prefs --offline-mode -s sys-net pcidevs '[]' From 9a80875a5d633cf0b8c99f0fdd3919799c0c1748 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 25 Sep 2015 15:31:12 +0200 Subject: [PATCH 25/31] live: remove automatic swap discovery We don't want to leave unencrypted memory dumps on some "random" disk found in the system. --- live/livesys | 7 ------- 1 file changed, 7 deletions(-) diff --git a/live/livesys b/live/livesys index 8e54155..8ad5710 100755 --- a/live/livesys +++ b/live/livesys @@ -35,13 +35,6 @@ for arg in `cat /proc/cmdline` ; do fi done -# enable swaps unless requested otherwise -swaps=`blkid -t TYPE=swap -o device` -if ! strstr "`cat /proc/cmdline`" noswap && [ -n "$swaps" ] ; then - for s in $swaps ; do - action "Enabling swap partition $s" swapon $s - done -fi if ! strstr "`cat /proc/cmdline`" noswap && [ -f /run/initramfs/live/${livedir}/swap.img ] ; then action "Enabling swap file" swapon /run/initramfs/live/${livedir}/swap.img fi From 0493bb717c64edb0c89d52ab1e1b5cd26ba2d358 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 26 Sep 2015 22:32:51 +0200 Subject: [PATCH 26/31] liveusb: EFI support Since livecd-tools doesn't support starting Xen in EFI mode, most of its EFI support is rewritten here (overriden in LiveEFIImageCreator, based on imgcreate.LiveImageCreator). This all is still temporary solution, until Xen will have mutiboot2+EFI support - then almost standard configuration could be used (almost the same grub config as for legacy boot). So keep the changes here, and when the proper solution would be implemented, pursue to having it upstream. QubesOS/qubes-issues#794 --- conf/liveusb.ks | 3 +- live/qubes-live.spec | 20 ++++ livecd-creator-qubes | 211 ++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 231 insertions(+), 3 deletions(-) diff --git a/conf/liveusb.ks b/conf/liveusb.ks index 8f81c33..af00d24 100644 --- a/conf/liveusb.ks +++ b/conf/liveusb.ks @@ -33,8 +33,7 @@ anaconda qubes-live -# FIXME: xen.efi not supported by livecd-tools, disable it for now --shim +shim %end diff --git a/live/qubes-live.spec b/live/qubes-live.spec index 5375efc..9fbc853 100644 --- a/live/qubes-live.spec +++ b/live/qubes-live.spec @@ -11,6 +11,10 @@ Group: System License: GPL URL: https://qubes-os.org +# ensure that the whole %%post is run when xen and kernel are already installed +Requires(post): xen-hypervisor +Requires(post): kernel + %description Various fixes for Qubes Live edition @@ -49,6 +53,22 @@ for kernel in /boot/vmlinuz-*; do ln -s $(basename ${xen}) /boot/xen.gz-${short_version} done +# EFI: prepare small version of initrd to fit in 32MB ISO9660 limit +xen=$(ls -1 /boot/efi/EFI/qubes/xen-*.efi | tail -n 1) +if [ -n "$xen" ]; then + kernel=$(ls -1 /boot/vmlinuz-*|sort -n|tail -n 1) + cp "${kernel}" /boot/efi/EFI/qubes/vmlinuz + version=$(echo ${kernel} | cut -f 2- -d -) + # copy from lorax-templates-qubes/templates/efi.tmpl: + scsi_modules="3w-9xxx 3w-sas 3w-xxxx BusLogic a100u2w aacraid advansys aic79xx aic7xxx am53c974 arcmsr atp870u bfa bnx2fc csiostor dc395x dmx3191d esas2r esp_scsi fcoe fnic gdth hpsa hptiop hv_storvsc initio ipr ips isci iscsi_boot_sysfs libfc libfcoe libiscsi libosd libsas lpfc megaraid megaraid_mbox megaraid_mm megaraid_sas mpt2sas mpt3sas mvsas mvumi osd pm80xx pmcraid qla1280 qla2xxx qla4xxx raid_class scsi_debug scsi_dh_emc scsi_dh_rdac scsi_transport_fc scsi_transport_iscsi scsi_transport_sas scsi_transport_spi scsi_transport_srp stex sym53c8xx ufshcd virtio_scsi vmw_pvscsi wd719x" + extra_modules="affs befs coda cuse dlm gfs2 mptfc ncpfs nilfs2 ocfs2 ocfs2_dlm ocfs2_dlmfs ocfs2_nodemanager ocfs2_stack_o2cb ocfs2_stack_user ocfs2_stackglue sctp sysv ubifs ufs" + dracut --nomdadmconf --nolvmconf --xz \ + --omit "network multipath modsign systemd crypt shutdown plymouth" \ + --omit "fcoe fcoe-uefi nfs iscsi ifcfg" \ + --omit-drivers="${scsi_modules}" \ + --omit-drivers="${extra_modules}" \ + /boot/efi/EFI/qubes/initrd-small.img ${version} +fi %files /etc/rc.d/init.d/livesys diff --git a/livecd-creator-qubes b/livecd-creator-qubes index ee858ef..b374c2a 100755 --- a/livecd-creator-qubes +++ b/livecd-creator-qubes @@ -19,18 +19,227 @@ import os import os.path +import glob +import shutil import stat +import subprocess import sys import time import optparse import logging import imgcreate +from imgcreate.fs import makedirs class Usage(Exception): def __init__(self, msg = None, no_error = False): Exception.__init__(self, msg, no_error) +class LiveEFIImageCreator(imgcreate.LiveImageCreator): + + def _get_mkisofs_options(self, isodir): + options = [ "-b", "isolinux/isolinux.bin", + "-c", "isolinux/boot.cat", + "-no-emul-boot", "-boot-info-table", + "-boot-load-size", "4" ] + if os.path.exists(isodir + "/isolinux/efiboot.img"): + options.extend([ "-eltorito-alt-boot", + "-e", "isolinux/efiboot.img", + "-no-emul-boot"]) + if os.path.exists(isodir + "/isolinux/macboot.img"): + options.extend([ "-eltorito-alt-boot", + "-e", "isolinux/macboot.img", + "-no-emul-boot"]) + return options + + def __copy_efi_files(self, isodir): + """ Copy the efi files into /EFI/BOOT/ + If any of them are missing, return False. + requires: + xen.efi + gcdx64.efi + vmlinuz + initrd + """ + fail = False + missing = [] + # XXX: when adding multiple kernel support, vmlinuz and initrd needs to + # be suffixed with index + files = [("/boot/efi/EFI/*/shim.efi", "/EFI/BOOT/BOOT%s.efi" % (self.efiarch,)), + ("/boot/efi/EFI/*/gcd*.efi", "/EFI/BOOT/grubx64.efi"), + ("/boot/efi/EFI/*/xen-*.efi", "/EFI/BOOT/xen.efi"), + ("/boot/efi/EFI/*/vmlinuz", "/EFI/BOOT/vmlinuz"), + ("/boot/efi/EFI/*/initrd-small.img", "/EFI/BOOT/initrd"), + ("/boot/efi/EFI/*/fonts/unicode.pf2", "/EFI/BOOT/fonts/"), + ] + makedirs(isodir+"/EFI/BOOT/fonts/") + for src, dest in files: + src_glob = glob.glob(self._instroot+src) + if not src_glob: + missing.append("Missing EFI file (%s)" % (src,)) + fail = True + else: + shutil.copy(src_glob[0], isodir+dest) + map(logging.error, missing) + return fail + + + def __get_xen_efi_image_stanza(self, **args): + if self._isDracut: + args["rootlabel"] = "live:LABEL=%(fslabel)s" % args + else: + args["rootlabel"] = "CDLABEL=%(fslabel)s" % args + return """[%(name)s%(index)s] +kernel=vmlinuz%(index)s root=%(rootlabel)s %(liveargs)s %(extra)s +ramdisk=initrd%(index)s + +""" %args + + + def __get_efi_image_stanza(self, **args): + return """menuentry '%(long)s' --class qubes --class gnu-linux --class gnu --class os { + chainloader /efi/boot/xen.efi placeholder %(name)s%(index)s +} +""" %args + + def __get_efi_image_stanzas(self, isodir, name): + # FIXME: this only supports one kernel right now... + + kernel_options = self._get_kernel_options() + checkisomd5 = self._has_checkisomd5() + + cfg = "" + + for index in range(0, 9): + # only one supported anyway, so simply drop the suffix + index = "" + cfg += self.__get_efi_image_stanza(long = "Start " + self.product, + index = index, name = "normal") + if checkisomd5: + cfg += self.__get_efi_image_stanza( + long = "Test this media & start " + self.product, + index = index, name = "check") + cfg += """ +submenu 'Troubleshooting -->' { +""" + cfg += self.__get_efi_image_stanza(long = "Start " + self.product + " in basic graphics mode", + index = index, name = "basicvideo") + + cfg+= """} +""" + break + + return cfg + + def __get_xen_efi_image_stanzas(self, isodir, name): + # FIXME: this only supports one kernel right now... + + kernel_options = self._get_kernel_options() + checkisomd5 = self._has_checkisomd5() + + cfg = "" + + for index in range(0, 9): + # only one supported anyway, so simply drop the suffix + index = "" + cfg += self.__get_xen_efi_image_stanza(fslabel = self.fslabel, + liveargs = kernel_options, + long = "Start " + self.product, + extra = "", index = index, + name = "normal") + if checkisomd5: + cfg += self.__get_xen_efi_image_stanza(fslabel = self.fslabel, + liveargs = kernel_options, + long = "Test this media & start " + self.product, + extra = "rd.live.check", + index = index, name = "check") + cfg += self.__get_xen_efi_image_stanza(fslabel = self.fslabel, + liveargs = kernel_options, + long = "Start " + self.product + " in basic graphics mode", + extra = "nomodeset", index = index, + name = "basicvideo") + + break + + return cfg + + def __get_basic_xen_efi_config(self): + return """ +[global] +default=normal +""" + + def __get_basic_efi_config(self, **args): + return """ +set default="0" + +function load_video { + insmod efi_gop + insmod efi_uga + insmod video_bochs + insmod video_cirrus + insmod all_video +} + +load_video +set gfxpayload=keep +insmod gzio +insmod part_gpt +insmod ext2 + +set timeout=%(timeout)d +### END /etc/grub.d/00_header ### + +# do not use 'search' - root should be already set based on grub.efi location + +### BEGIN /etc/grub.d/10_linux ### +""" %args + + def _configure_efi_bootloader(self, isodir): + """Set up the configuration for an EFI bootloader""" + if self.__copy_efi_files(isodir): + shutil.rmtree(isodir + "/EFI") + logging.warn("Failed to copy EFI files, no EFI Support will be included.") + return + + cfg = self.__get_basic_efi_config(isolabel = self.fslabel, + timeout = self._timeout) + cfg += self.__get_efi_image_stanzas(isodir, self.name) + + xen_cfg = self.__get_basic_xen_efi_config() + xen_cfg += self.__get_xen_efi_image_stanzas(isodir, self.name) + + cfgf = open(isodir + "/EFI/BOOT/grub.cfg", "w") + cfgf.write(cfg) + cfgf.close() + + xen_cfgf = open(isodir + "/EFI/BOOT/xen.cfg", "w") + xen_cfgf.write(xen_cfg) + xen_cfgf.close() + + def _generate_efiboot(self, isodir): + """Generate EFI boot images.""" + if not glob.glob(self._instroot+"/boot/efi/EFI/*/xen-*.efi"): + logging.error("Missing xen-*.efi, skipping efiboot.img creation.") + return + + subprocess.call(["mkefiboot", "--label", "QUBESEFI", isodir + "/EFI/BOOT", + isodir + "/isolinux/efiboot.img"]) + # FIXME: replace icon + # FIXME: this is broken for many reasons: + # - mkefiboot generates unnecessary big image (about 4 times bigger + # than required) - the bug is in mkmacboot function: + # size = estimate_size(bootdir, graft=graft) * 2 + # ^^^^^^^^^^^^^^^^^^^^ already counted twice + # - mkefiboot -a assumes that the loader is grub.efi + # - it isn't clear whether xen.efi would even work on Apple + subprocess.call(["mkefiboot", "-a", isodir + "/EFI/BOOT", + isodir + "/isolinux/macboot.img", "-l", self.product, + "-n", "/usr/share/pixmaps/bootloader/fedora-media.vol", + "-i", "/usr/share/pixmaps/bootloader/fedora.icns", + "-p", self.product]) + + def parse_options(args): parser = optparse.OptionParser() @@ -181,7 +390,7 @@ def main(): try: if options.image_type == 'livecd': - creator = imgcreate.LiveImageCreator(ks, name, + creator = LiveEFIImageCreator(ks, name, fslabel=fslabel, releasever=options.releasever, tmpdir=os.path.abspath(options.tmpdir), From dbb8ebcbe5bb00d466fe0b5a94dff9a18b89dd2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 29 Sep 2015 03:22:19 +0200 Subject: [PATCH 27/31] makefile: remove legacy targets --- Makefile | 95 ++------------------------------------------------------ 1 file changed, 2 insertions(+), 93 deletions(-) diff --git a/Makefile b/Makefile index fdf6f13..1fbb984 100644 --- a/Makefile +++ b/Makefile @@ -19,25 +19,6 @@ # # -TOP := $(shell pwd) -RPMBUILD_DEFINES := --define "_rpmdir rpm/" --define "_sourcedir $(TOP)/rpm/SOURCES" - -spec_version = $(shell rpm -q --qf "%{VERSION}\n" --specfile $(1)| head -1) -package = $(shell \ - mkdir -p rpm/SOURCES; \ - cd rpm/SOURCES; \ - rm -f $(1)-$(2)*; \ - ln -s ../../$(1) $(1)-$(2); \ - tar jcf $(1)-$(2).tar.bz2 --dereference --exclude-vcs $(1)-$(2); \ - rm $(1)-$(2) ) - -ANACONDA_VERSION := $(call spec_version,anaconda/anaconda.spec) -FIRSTBOOT_VERSION := $(call spec_version,firstboot/firstboot.spec) -QBSRELEASE_VERSION := $(call spec_version,qubes-release/qubes-release.spec) -LORAXQBS_VERSION := $(call spec_version,lorax-templates-qubes/lorax-templates-qubes.spec) -PUNGI_VERSION := $(call spec_version,pungi/pungi.spec) -PYKICKSTART_VERSION := $(call spec_version,pykickstart/pykickstart.spec) - ISO_INSTALLER ?= 1 ISO_LIVEUSB ?= 0 @@ -51,82 +32,13 @@ endif PUNGI_OPTS += --ver="$(ISO_VERSION)" help: - @echo "make rpms <--- make all rpms and sign them";\ - echo "make rpms_anaconda <--- create binary rpms for Anaconda"; \ - echo "make rpms_firstboot <--- create binary rpms for Firstboot"; \ - echo "make rpms_release <--- create binary rpms for Qubes Release package"; \ - echo; \ - echo "make update-repo <-- copy newly generated rpms to installer yum repo";\ - echo "make iso <== \o/";\ + @echo "make iso <== \o/";\ echo; \ echo "make clean";\ echo; \ exit 0; -.PHONY: rpms rpms_anaconda rpms_firstboot rpms_release rpms_lorax \ - rpms_pungi rpms_pykickstart \ - update-repo update-repo-testing clean iso - -rpms: rpms_anaconda rpms_firstboot rpms_release rpms_lorax rpms_pungi rpms_pykickstart - rpm --addsign `ls -d rpm/x86_64/*.rpm rpm/i686/*.rpm rpm/noarch/*.rpm 2>/dev/null` - -rpms-dom0: rpms - -rpms-vm: - -rpm/SOURCES/anaconda-$(ANACONDA_VERSION).tar.bz2: anaconda anaconda/anaconda.spec - $(call package,anaconda,$(ANACONDA_VERSION)) - -rpm/SOURCES/lorax-templates-qubes-$(LORAXQBS_VERSION).tar.bz2: lorax-templates-qubes lorax-templates-qubes/lorax-templates-qubes.spec - $(call package,lorax-templates-qubes,$(LORAXQBS_VERSION)) - -rpm/SOURCES/firstboot-$(FIRSTBOOT_VERSION).tar.bz2: firstboot firstboot/firstboot.spec - $(call package,firstboot,$(FIRSTBOOT_VERSION)) - -rpm/SOURCES/qubes-release-$(QBSRELEASE_VERSION).tar.bz2: qubes-release qubes-release/qubes-release.spec conf/comps-qubes.xml - $(call package,qubes-release,$(QBSRELEASE_VERSION)) - cp conf/comps-qubes.xml rpm/SOURCES/Qubes-comps.xml - -rpms_anaconda: rpm/SOURCES/anaconda-$(ANACONDA_VERSION).tar.bz2 - rpmbuild $(RPMBUILD_DEFINES) -bb anaconda/anaconda.spec - -rpms_lorax: rpm/SOURCES/lorax-templates-qubes-$(LORAXQBS_VERSION).tar.bz2 - rpmbuild $(RPMBUILD_DEFINES) -bb lorax-templates-qubes/lorax-templates-qubes.spec - -rpms_pungi: pungi/pungi-$(PUNGI_VERSION).tar.bz2 pungi/pungi.spec - rpmbuild --define "_rpmdir rpm/" --define "_sourcedir $(TOP)/pungi" -bb pungi/pungi.spec - -rpms_pykickstart: pykickstart/pykickstart-$(PYKICKSTART_VERSION).tar.gz pykickstart/pykickstart.spec - rpmbuild --define "_rpmdir rpm/" --define "_sourcedir $(TOP)/pykickstart" -bb pykickstart/pykickstart.spec - -rpms_firstboot: rpm/SOURCES/firstboot-$(FIRSTBOOT_VERSION).tar.bz2 - rpmbuild $(RPMBUILD_DEFINES) -bb firstboot/firstboot.spec - -rpms_release: rpm/SOURCES/qubes-release-$(QBSRELEASE_VERSION).tar.bz2 - rpmbuild $(RPMBUILD_DEFINES) -bb qubes-release/qubes-release.spec - -RPMS = \ - rpm/noarch/qubes-release-$(QBSRELEASE_VERSION)-*.rpm \ - rpm/noarch/qubes-release-notes-$(QBSRELEASE_VERSION)-*.rpm \ - rpm/noarch/lorax-templates-qubes-$(LORAXQBS_VERSION)-*.rpm \ - rpm/noarch/pungi-$(PUNGI_VERSION)-*.rpm \ - rpm/noarch/pykickstart-$(PYKICKSTART_VERSION)-*.rpm \ - rpm/x86_64/anaconda*-$(ANACONDA_VERSION)-*.rpm \ - rpm/x86_64/firstboot-$(FIRSTBOOT_VERSION)-*.rpm - -update-repo: - @ln -f $(RPMS) yum/installer/rpm/ - @echo "--> Updating Installer repos..." - @(cd yum && ./update_repo.sh) - -update-repo-current: - ln -f $(RPMS) ../yum/current-release/current/dom0/rpm/ - -update-repo-current-testing: - ln -f $(RPMS) ../yum/current-release/current-testing/dom0/rpm/ - -update-repo-unstable: - ln -f $(RPMS) ../yum/current-release/unstable/dom0/rpm/ +.PHONY: clean clean-repos iso iso-prepare iso-installer iso-liveusb ifeq ($(ISO_INSTALLER),1) iso: iso-installer @@ -166,6 +78,3 @@ clean-repos: clean: sudo rm -fr build/* - rm -fr rpm/SOURCES/*.bz2 - rm -fr rpm/noarch/*.rpm - rm -fr rpm/x86_64/*.rpm From 75bc4dbee86c1326eef9785bd7271c5876d4a2e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 29 Sep 2015 03:24:01 +0200 Subject: [PATCH 28/31] livecd-tools: import unmodified package from Fedora 20 --- Makefile | 6 + livecd-tools/Makefile | 23 + livecd-tools/livecd-tools.spec | 799 +++++++++++++++++++++++++++++++++ livecd-tools/sources | 1 + 4 files changed, 829 insertions(+) create mode 100644 livecd-tools/Makefile create mode 100644 livecd-tools/livecd-tools.spec create mode 100644 livecd-tools/sources diff --git a/Makefile b/Makefile index 1fbb984..0074763 100644 --- a/Makefile +++ b/Makefile @@ -78,3 +78,9 @@ clean-repos: clean: sudo rm -fr build/* + +get-sources: + $(MAKE) -C livecd-tools get-sources + +verify-sources: + $(MAKE) -C livecd-tools verify-sources diff --git a/livecd-tools/Makefile b/livecd-tools/Makefile new file mode 100644 index 0000000..a04aa06 --- /dev/null +++ b/livecd-tools/Makefile @@ -0,0 +1,23 @@ + +SPECFILE := livecd-tools.spec +URL := $(shell spectool --list-files --source 0 $(SPECFILE) 2> /dev/null| cut -d ' ' -f 2- ) +ifndef SRC_FILE +ifdef URL + SRC_FILE := $(notdir $(URL)) +endif +endif + +get-sources: $(SRC_FILE) + +$(SRC_FILE): +ifneq ($(SRC_FILE), None) + @wget -q $(URL) +endif + +.PHONY: verify-sources + +verify-sources: +ifneq ($(SRC_FILE), None) + @sha256sum --quiet -c sources +endif + diff --git a/livecd-tools/livecd-tools.spec b/livecd-tools/livecd-tools.spec new file mode 100644 index 0000000..0aae21f --- /dev/null +++ b/livecd-tools/livecd-tools.spec @@ -0,0 +1,799 @@ +%{!?python_sitelib: %define python_sitelib %(%{__python} -c "import distutils.sysconfig as d; print d.get_python_lib()")} + +%define debug_package %{nil} + +Summary: Tools for building live CDs +Name: livecd-tools +Version: 20.6 +Release: 1%{?dist} +Epoch: 1 +License: GPLv2 +Group: System Environment/Base +URL: http://git.fedorahosted.org/git/livecd +# To make source tar ball: +# git clone git://git.fedorahosted.org/livecd +# cd livecd +# make dist +# scp livecd*.tar.bz2 fedorahosted.org:livecd +Source0: http://fedorahosted.org/releases/l/i/livecd/%{name}-%{version}.tar.bz2 +# Drop the requirements for grub2-efi and shim: breaks 32-bit compose +# and not needed as we have them in comps +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root +Requires: python-imgcreate = %{epoch}:%{version}-%{release} +Requires: mkisofs +Requires: isomd5sum +Requires: parted +Requires: pyparted +Requires: util-linux +Requires: dosfstools +Requires: e2fsprogs +Requires: lorax >= 18.3 +Requires: rsync +%ifarch %{ix86} x86_64 ppc ppc64 +Requires: hfsplus-tools +%endif +%ifarch %{ix86} x86_64 +Requires: syslinux +Requires: /sbin/extlinux +%endif +%ifarch ppc +Requires: yaboot +%endif +Requires: dumpet +BuildRequires: python +BuildRequires: /usr/bin/pod2man + + +%description +Tools for generating live CDs on Fedora based systems including +derived distributions such as RHEL, CentOS and others. See +http://fedoraproject.org/wiki/FedoraLiveCD for more details. + +%package -n python-imgcreate +Summary: Python modules for building system images +Group: System Environment/Base +Requires: util-linux +Requires: coreutils +Requires: e2fsprogs +Requires: yum >= 3.2.18 +Requires: squashfs-tools +Requires: pykickstart >= 0.96 +Requires: dosfstools >= 2.11-8 +Requires: system-config-keyboard >= 1.3.0 +Requires: python-urlgrabber +Requires: libselinux-python +Requires: dbus-python +Requires: policycoreutils + +%description -n python-imgcreate +Python modules that can be used for building images for things +like live image or appliances. + + +%prep +%setup -q + +%build +make + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root,-) +%doc AUTHORS COPYING README HACKING +%doc config/livecd-fedora-minimal.ks +%{_mandir}/man*/* +%{_bindir}/livecd-creator +%{_bindir}/livecd-iso-to-disk +%{_bindir}/livecd-iso-to-pxeboot +%{_bindir}/image-creator +%{_bindir}/liveimage-mount +%{_bindir}/edit-livecd +%{_bindir}/mkbiarch + +%files -n python-imgcreate +%defattr(-,root,root,-) +%doc API COPYING +%dir %{python_sitelib}/imgcreate +%{python_sitelib}/imgcreate/*.py +%{python_sitelib}/imgcreate/*.pyo +%{python_sitelib}/imgcreate/*.pyc + +%changelog +* Mon Oct 27 2014 Brian C. Lane 20.6-1 +- Version 20.6 (bcl) +- Ignore case when looking for UEFI boot*efi file (#1156380) (bcl) + +* Wed Mar 26 2014 Brian C. Lane 20.5-1 +- Version 20.5 (bcl) +- Cleanup paths in README (bcl) +- livecd-creator: Make sure kickstart file exists (#1074295) (bcl) + +* Fri Jan 31 2014 Brian C. Lane 20.4-1 +- Version 20.4 (bcl) +- Fix extlinux check (#1059278) (bcl) +- Check kickstart for repo line (#1005580) (bcl) +- Catch CreatorError during class init (#1005580) (bcl) +- Add docleanup to edit-livecd (#1000744) (bcl) +- utf8 decode unicode error strings (#1035248) (bcl) +- Remove switch to Permissive (#1051523) (bcl) + +* Tue Jan 07 2014 Brian C. Lane 20.3-1 +- Version 20.3 (bcl) +- Add missing quote (#1044675) (bcl) + +* Tue Jan 07 2014 Brian C. Lane 20.2-1 +- Version 20.2 (bcl) +- Use LC_ALL=C for parted calls (#1045854) (bcl) +- Fix to work with the changed yum.config._getsysver (bruno) +- Add check for extlinux tools (#881317) (bcl) +- Cleanup arg parsing a bit (#725047) (bcl) + +* Mon Nov 18 2013 Brian C. Lane 20.1-1 +- add 'troubleshooting' submenu with 'basic graphics mode' to UEFI boot menu (awilliam) +- make UEFI boot menu resemble the BIOS and non-live boot menus more (awilliam) +- drop 'xdriver=vesa' from basic graphics mode parameters (per ajax) (awilliam) +- Ensure filesystem modules end up in the live image initramfs. (notting) +- Don't use mkfs.extN options for any filesystem types. (notting) +- litd: Add --label option to override LIVE label (helio) +- liveimage-mount: add missing import (bcl) +- Change vfat limit from 2047 to 4095 (#995552) (bcl) + +* Wed Aug 07 2013 Brian C. Lane 20.0-1 +- Version 20.0 (bcl) +- Install docs in unversioned doc directory (#992144) (bochecha) + +* Sat Aug 03 2013 Fedora Release Engineering - 1:19.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jul 15 2013 Brian C. Lane 19.6-1 +- Version 19.6 (bcl) +- litd: Add kickstart option (bcl) +- ts.check output is a list of tuples (#979759) (bcl) +- Add repo --noverifyssl support (#907707) (bcl) + +* Mon Jun 17 2013 Brian C. Lane 19.5-1 +- Version 19.5 (bcl) +- Write vconsole.conf directly (bcl) +- litd: Add --updates option (bcl) + +* Fri May 31 2013 Brian C. Lane 19.4-1 +- Version 19.4 (bcl) +- Replace bash string parsing with awk (#962039,#969521) (bcl) +- Fix default.target symlink (#968272) (bcl) + +* Wed May 29 2013 Brian C. Lane 19.3-2 +- Add requirement on rsync (#967948) + +* Thu May 23 2013 Brian C. Lane 19.3-1 +- Version 19.3 (bcl) +- Avoid setting empty root password (#964299) (thoger) + CVE-2013-2069 +- Handle urlgrabber callback changes (#963645) (bcl) + +* Wed May 08 2013 Dennis Gilmore 19.2-2 +- only require hfsplus-tools on ppc and x86 arches + +* Wed Apr 03 2013 Brian C. Lane 19.2-1 +- Version 19.2 (bcl) +- Use parted to check for GPT disklabel (#947653) (bcl) +- Output details of dep check failure (bcl) +- Properly generate kernel stanzas (#928093) (bcl) + +* Sat Mar 16 2013 Brian C. Lane 19.1-1 +- Version 19.1 (bcl) +- iso9660 module is named isofs (bcl) +- disable dracut hostonly and rescue image (#921422) (bcl) + +* Fri Mar 08 2013 Brian C. Lane 19.0-1 +- Version 19.0 (bcl) +- iso9660 is now a module, include it (bcl) +- correctly check for selinux state (#896610) (bcl) +- Simplify kickstart example (#903378) (bcl) +- default to symlink for /etc/localtime (#885246) (bcl) + +* Sat Feb 23 2013 Bruno Wolff III 18.14-2 +- Get an up to date build in rawhide, since the mass +- rebuild used a master branch that was behind the f18 +- branch and builds from f18 are no longer inherited. + +- Version 18.14 (bcl) +- add --verifyudev to dmsetup (#885385) (bcl) + +- Version 18.13 (bcl) +- silence the selinux umount error (bcl) +- use systemd instead of inittab for startx (bcl) +- set selinux permissive mode when building (bcl) +- fix kickstart logging entry (bcl) +- write hostname to /etc/hostname (#870805) (bcl) +- add nocontexts for selinux (#858373) (bcl) +- remove lokkit usage (bcl) +- use locale.conf not sysconfig/i18n (#870805) (bcl) +- don't write clock (#870805) (bcl) +- add remainder of virtio modules to initrd (#864012) (bcl) + +- Require hfsplus-tools so that images will boot on Mac + +- Version 18.12 (bcl) +- Remove grub 0.97 splash (bcl) + +- Version 18.11 (bcl) +- not copying UEFI files shouldn't be fatal (#856893) (bcl) +- don't require shim and grub2-efi (#856893) (bcl) + +- efi_requires.patch: don't force grub2-efi and shim into the package + list, it breaks 32-bit compose and isn't needed, we have it in comps + +- Version 18.10 (bcl) +- use cp -r instead of -a (bcl) + +- Version 18.9 (bcl) +- fix extra-kernel-args (#853570) (bcl) +- New location for GRUB2 config on UEFI (#851220) (bcl) +- Add nocleanup option to retain temp files (bcl) +- Update imgcreate for UEFI Secure Boot (bcl) + +* Thu Feb 14 2013 Fedora Release Engineering - 1:18.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Aug 06 2012 Brian C. Lane 18.8-1 +- Version 18.8 (bcl) +- dracut needs to load vfat and msdos filesystems (bcl) + +* Thu Aug 02 2012 Brian C. Lane 18.7-1 +- Version 18.7 (bcl) +- Recognize rd.live.image as well as liveimg in sed scripts of livecd-iso-to- + disk & edit-livecd (fgrose) +- fix /etc/localtime file vs. symlink (#829032) (bcl) + +* Tue Jul 31 2012 Brian C. Lane 18.6-1 +- Version 18.6 (bcl) +- switch to using rd.live.image instead of liveimg (bcl) +- dracut doesn't need explicit filesystems (bcl) +- livecd-creator: Add --cacheonly for offline use (martin) +- Implement cacheonly (offline) support in ImageCreator and LoopCreator (martin) +- if mounting squashfs add ro mount option (jboggs) +- imgcreate: Use copy2 for TimezoneConfig (#829032) (bcl) + +* Thu Jul 19 2012 Fedora Release Engineering - 1:18.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu May 03 2012 Brian C. Lane 18.5-1 +- Version 18.5 (bcl) +- Include Mac volume name graphic (mjg) +- copy repo data to USB for F17 (#806166) (bcl) +- Version 18.4 (bcl) +- allow for use of yum plugins during livecd creation (notting) +- Capitalise EFI names (mjg) +- Add tighter Mac boot image integration (mjg) +- fix quoting with basename and SRC (#814174) (bcl) +- check for LIVE-REPO partition when writing DVD (#813905) (bcl) + +* Mon Apr 16 2012 Brian C. Lane 18.3-1 +- Version 18.3 (bcl) +- add support for cost in kickstart repo line (#735079) (mads) +- skip copying DVD image file with skipcopy option (786037) (bcl) +- remove kernel and initrd from EFI/BOOT (#811438) (bcl) +- fix syntax problem in detectsrctype (bcl) + +* Thu Mar 01 2012 Brian C. Lane - 18.2-1 +- Version 18.2 (bcl) +- livecd-iso-to-disk: Add 2MB slop to calculation (bcl) +- Change EFI/boot to EFI/BOOT (mjg) +- Add support for generating EFI-bootable hybrid images (mjg) + +* Thu Feb 23 2012 Brian C. Lane - 18.1-1 +- Version 18.1 (bcl) +- livecd-iso-to-disk: create partition for iso (bcl) + +* Wed Feb 15 2012 Brian C. Lane - 18.0-1 +- Version 18.0 (bcl) +- check for valid script path before editing livecd image and update usage + options confusion (jboggs) +- imgcreate: fix typo in ResizeError (bcl) +- add missing selinux_mountpoint class object to edit-livecd (jboggs) + +* Wed Jan 18 2012 Brian C. Lane - 17.4-1 +- Version 17.4 (bcl) +- selinux may be off on the host, skip mount (#737064) (bcl) +- Set base_persistdir (#741614) (bcl) +- Fix the fix for dracut modules (#766955) (bcl) +- Use dracut.conf.d instead fo dracut.conf (bcl) +- dracut needs dmsquash-live explicitly included (bcl) +- edit-livecd: -k --kickstart option (apevec) + +* Fri Jan 13 2012 Fedora Release Engineering - 1:17.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Dec 21 2011 Brian C. Lane 17.3-1 +- Version 17.3 (bcl) +- python-imgcreate: remove -f from second lokkit call (#769457) (bcl) +- Install edit-livecd to /usr/bin (bcl) + +* Thu Nov 03 2011 Brian C. Lane 17.2-1 +- Version 17.2 (bcl) +- Fix indent and typo in liveimage-mount (#749643) (bcl) +- Make sure the target is labeled LIVE (#751213) (bcl) +- Only check first match for boot flag (#739411) (bcl) +- Stop creating backup image before resizing (#737243) (bcl) + +* Thu Sep 01 2011 Brian C. Lane 17.1-1 +- Version 17.1 (bcl) +- Add title and product args (#669120) (bcl) +- Skip bind mounts when source isn't there (bcl) +- Add new syslinux.cfg template (#734173) (bcl) +- Use copyFile on the iso (bcl) +- Use rsync to copy if available (bcl) + +* Thu Aug 11 2011 Brian C. Lane 17.0-1 +- Version 17.0 +- Quote $SRC so iso's with spaces will work (#694915) (bruno) +- Handle move to /sys/fs/selinux (#728576) (dwalsh) +- master is now v17.X (bcl) +- Turn on the legacy_boot flag for EFI (#680563) (bcl) +- Don't ask about replacing MBR when formatting (bcl) +- Make MBR replacement message more clear (bcl) +- Ensure previous filesystems are wiped when formatting (#712553) (bcl) +- Modify pxeboot script to work with F16 (bcl) +- Add initial support for ARM architectures (martin.langhoff) +- Copy updates and product image files (bcl) + +* Thu Mar 31 2011 Brian C. Lane 16.3-1 +- Version 16.3 (bcl) +- Copy old initrd/xen files to isolinux when using base-on (#690940) (bcl) +- Don't fail on missing splash image (bcl) +- Images go into $SYSLINUXPATH (bcl) +- fix typo (bcl) +- Check for spaces in fs label when using overlay (#597599) (bcl) +- Fix logic for syslinux check (bcl) +- Fix image-creator symlink so that it is relative (bcl) +- symlink /etc/mtab to /proc/self/mounts (#688277) (bcl) +- liveimage-mount installed LiveOS with overlay (fgrose) +- Fix overzealous boot->BOOT change (bcl) +- Fix return code failure (#689360) (fgrose) +- Fix pipefailure in checkSyslinuxVersion (#689329) (fgrose) +- Symlink image-creator instead of hardlink (#689167) (bcl) +- Add extracting BOOTX64.efi from iso (#688258) (bcl) +- Add repo to DVD EFI install config file (#688258) (bcl) +- Add EFI support to netboot (#688258) (bcl) +- Support /EFI/BOOT or /EFI/boot (#688258) (bcl) + +* Mon Mar 14 2011 Brian C. Lane 16.2-1 +- Version 16.2 (bcl) +- livecd-iso-to-disk: Catch all failures (lkundrak) +- Mailing list address changed (lkundrak) +- Fall back to to msdos format if no extlinux (bcl) +- Create an ext4 filesystem by default for home.img (fgrose) +- Add error checks to home.img creation (bcl) +- livecd-iso-to-disk Detect more disk space issues (fgrose) +- gptmbr can be written directly to the mbr (bcl) +- Fixup livedir support (#679023) (jan.kratochvil) + +* Fri Feb 18 2011 Brian C. Lane 16.1-1 +- Version 16.1 (bcl) +- Print reason for sudden exit (bcl) +- Fix skipcopy usage with DVD iso (#644194) (bmj001) +- Move selinux relabel to after %post (#648591) (bcl) +- Add support for virtio disks to livecd (#672936) (bcl) +- Support attached LiveOS devices as well as image files for LiveOS editing. + (fgrose) +- Check return value on udevadm (#637258) (bcl) + +* Tue Feb 15 2011 Brian C. Lane 16.0-1 +- Version 16.0 (bcl) +- Add tmpdir to LiveImageCreator (bcl) +- Source may be a file or a block device, mount accordingly (bcl) +- Enable reading of SquashFS compression type. (fgrose) +- Enable cloning of a running LiveOS image into a fresh iso. (fgrose) +- Update usage documentation & add it to the script (fgrose) +- Support the propagation of an installed Live image (fgrose) +- Rename image source- and target-related variables (fgrose) +- Align start of partition at 1MiB (#668967) (bcl) +- Pass tmpdir to ImageCreator class initializer (#476676) (bcl) +- Add tmpdir to ImageCreator class initializer (#476676) (bcl) +- Enable an optional tmpdir for e2image in fs.resize2fs() (fgrose) +- Bad karma commit reverted; The option to boot from a local drive *MUST* exist + as 99.9% of our consumers have default desktop hardware configurations. + (jeroen.van.meeuwen) +- Really switch the default compression type, not just the default cli option + value (jeroen.van.meeuwen) + +* Tue Feb 08 2011 Fedora Release Engineering - 1:15.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Jan 27 2011 Brian C. Lane - 15.3-1 +- Version 15.3 (bcl) +- Remove boot from local drive option (bcl) +- Check for one big initrd.img (#671900) (bcl) +- Make xz the default compression type for live images. (bruno) +- Update documentation for xz availability. (bruno) +- Change releasever to a command line option (#667474) (bcl) + +* Tue Jan 04 2011 Dennis Gilmore - 15.2-2 +- patch to drop support of releasever in urls it destroys image creation in koji + +* Wed Dec 22 2010 Brian C. Lane - 15.2-1 +- Version 5.2 (bcl) +- Assign a device-mapper UUID w/ subsystem prefix to the dm snapshot. (dlehman) +- Fix git URLs to match reality. (dlehman) +- Trap copyFile errors (#663849) (fgrose) +- Fix incomplete rename of freespace variable (#656154) (fgrose) + +* Tue Nov 30 2010 Brian C. Lane - 15.1-1 +- Bump version to 15.1 (bcl) +- Wrap subprocess.call() so we can capture all command output for debugging. + (jlaska) +- Work with the logging settings when emitting progress. (jlaska) +- Add a quiet option to surpress stdout. Adjust handle_logfile to not surpress + stdout. (jlaska) +- Fix partition number selection for MMC bus devices (#587411) (fgrose) +- Fix disk space estimation errors (#656154) (fgrose) +- Tolerate empty transactions (lkundrak) +- Merge livecd-creator and image-creator (lkundrak) +- Cleanup if/then blocks (#652522) (fgrose) + +* Mon Nov 15 2010 Brian C. Lane - 15.0-1 +- Each branch needs a different version number. + +* Mon Nov 15 2010 Brian C. Lane - 0.3.6-1 +- Bump version to 0.3.6 (bcl) +- Misc. fixups (#652522) (fgrose) +- Set indentation to 4 spaces (#652522) (fgrose) +- Add a release target (bcl) +- Pass dracut args during check (#589778) (bcl) +- Update dracut args (#652484) (bcl) +- Cleanup tabs (#652522) (fgrose) +- Cleanup EOL spaces (#652522) (fgrose) +- Typo. Need space before ]. (bruno) +- Add support for timeout and totaltimeout to livecd-iso-to-disk (#531566) + (bcl) +- Add proxy support to livecd-creator (#649546) (bcl) + +* Mon Nov 01 2010 Brian C. Lane - 0.3.5-1 +- Converting version number to NVR +- Removed patches (now included in v0.3.5) + +* Sun Sep 26 2010 Bruno Wolff III - 034-11 +- Fix live image relabel when compose host has selinux disabled. + +* Tue Sep 21 2010 Bruno Wolff III - 034-10 +- Document the lzo compressor. + +* Thu Sep 16 2010 Bruno Wolff III - 034-9 +- Change requires to /sbin/extlinux since that will work with old and new + versions of syslinux. + +* Thu Sep 16 2010 Bruno Wolff III - 034-8 +- extlinux is now in a subpackage that is required by livecd-iso-to-disk + +* Tue Sep 14 2010 Tom "spot" Callaway - 034-7 +- fix background image copying to use new-new logo path + +* Tue Sep 14 2010 Bruno Wolff III - 034-6 +- One /dev/loop* change had been missed. Backport patch. + +* Mon Sep 13 2010 Bruno Wolff III - 034-5 +- Backport basic video menu label fix + +* Mon Sep 13 2010 Bruno Wolff III - 034-4 +- Backport missing parts of the regex fix patch + +* Mon Sep 13 2010 Bruno Wolff III - 034-3 +- Backported fix for vesa boot menu item + +* Sun Sep 12 2010 Bruno Wolff III - 034-2 +- mkbiarch needs pyparted + +* Sat Sep 11 2010 Bruno Wolff III - 034-1 +- A new experimental script for creating live images. +- Handle partition devices that have a separator character in them. +- Initial checkin of a new expermiental tool for live backup images. +- Allow use of stage2 for repos to help with netinst ISOs. +- Fix issue with using netinst ISOs. +- Add support for ext4 now that syslinux supports it. +- Fix for enumerating loop devices using bash 4.1.7. +- Change --skipcopy to not overwrite other large areas. +- Add basic video driver option to syslinux/isolinux. +- Don't create sparse files one byte too large. +- Display progress information when copying image to USB devices. +- Set default boot language for USB images to the current locale. +- Use grep instead of depreceated egrep. +- Set up locale or there can be problems handling nonascii strings. +- Try normal umount before falling back to lazy umount. +- Allow creation of SELinux enabled LiveCD from an SELinux disabled system. + +* Tue Jul 30 2010 Bruno Wolff III - 033-3 +- The previous update got replaced by the python update; another bump is needed. + +* Tue Jul 27 2010 Bruno Wolff III - 033-2 +- Replace 'zlib' with 'gzip' to fix thinko about the compressor name. + +* Tue Jul 27 2010 Bruno Wolff III - 033-1 +- Fix for vesa splash file change for bz 617115. +- Use lazy umounts as a work around for bz 617844. +- Better handling of Environment exceptions for bz 551932. + +* Wed Jul 21 2010 David Malcolm - 032-5 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Sat Jun 19 2010 Bruno Wolff III - 032-4 +- liveimage-mount is new to 023 + +* Sat Jun 19 2010 Bruno Wolff III - 032-3 +- Change the version in the Makefile + +* Sat Jun 19 2010 Bruno Wolff III - 032-2 +- Fix tar prefix and document how to make it + +* Sat Jun 19 2010 Bruno Wolff III - 032-1 +- Added support for specifying compressors +- Add Requires for parted - Bug 605639 +- Add rd_NO_DM dracut cmdline options - Bug 589783 +- See http://git.fedorahosted.org/git/?p=livecd;a=shortlog for a list of + upstream commits since 031 was tagged. + +* Tue Nov 03 2009 Warren Togami - 031-1 +- livecd-iso-to-disk capable of installing installer DVD to USB + +* Mon Oct 19 2009 Warren Togami - 030-1 +- Tell dracut not to ask for LUKS passwords or activate mdraid sets +- Silence the /etc/modprobe.conf deprecation warning + +* Wed Sep 16 2009 Warren Togami - 028-1 +- Fix LiveUSB with live images +- Fix display of free space during livecd-iso-to-disk error (farrell) + +* Tue Sep 15 2009 Warren Togami - 027-2 +- test patch to make LiveUSB work again, need to be sure it doesn't + break LiveCD before committing in the next version + +* Thu Sep 10 2009 Warren Togami - 027-1 +- Support new dracut output filename /boot/initramfs-* +- Fix cleanup of fake /selinux directory during teardown Bug #522224 + +* Mon Aug 24 2009 Jeremy Katz - 026-1 +- More resize2fs -M usage +- Work with dracut-based initramfs +- Some error handling updates + +* Thu Jul 30 2009 Jeremy Katz - 025-1 +- Bind mount /dev/shm also (#502921) +- Update man pages (Michel Duquaine, #505742) +- Use blkid instead of vol_id (mclasen, #506360) +- A few livecd-iso-to-disk tweaks (Martin Dengler, Jason Farrell) +- Another fix for SELinux being disabled (#508402) +- Use resize2fs -M and handle resize errors better +- Use isohybrid on the live image +- Use system-config-keyboard instead of rhpl + +* Sat Jul 25 2009 Fedora Release Engineering - 024-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed May 6 2009 Jeremy Katz - 024-1 +- Fix ppc image creation (#497193, help from jwboyer) +- Fixes for using ext[23] usb stick (wtogami) +- Check filesystem after resizing and raise an error if there are + problems (#497377) + +* Tue Apr 14 2009 Jeremy Katz - 023-1 +- Don't prompt about overwriting when making usb stick (#491234) +- Fix up livecd-iso-to-pxeboot for new syslinux paths +- Fix --xo variable expansion (Alexander Boström) +- Name of EFI partitions doesn't matter for mactel mode (Jim Radford) +- Fix unterminated sed command (#492376) +- Handle kernel/squashfs mismatch when making usb stick in + --xo mode (Alexander Boström) +- Support all of the options for the 'firewall' kickstart directive +- Deal with syslinux com32 api incompat when making usb sticks (#492370) +- Add options to force fetching of repomd.xml every run (jkeating) +- Quiet restorecon (Marc Herbert) +- Fix traceback with syslinux disabled (#495269) +- Split python-imgcreate module into a subpackage + +* Mon Mar 9 2009 Jeremy Katz - 022-1 +- Fixes for hybird GPT/MBR usb sticks (Stewart Adam) +- Support setting SELinux booleans (Dan Walsh) +- Fix unicode error messages (Felix Schwarz) +- Update man pages (Chris Curran, #484627) +- Support syslinux under /usr/share +- Remove some legacy support from livecd-iso-to-disk +- Basic support for multi-image usb sticks + +* Wed Feb 25 2009 Fedora Release Engineering - 021-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Jan 19 2009 Jeremy Katz - 021-1 +- Start of support for hybrid GPT/MBR usb sticks (Stewart Adam) +- Fix for udev deprecated syntax (#480109) +- Keep cache with --cache (Jan Kratochvil, #479716) +- Use absolute path to cachedir (#479716) +- Support UDF for large ISO spins (Bruno Wolf, #476696) +- Improvements for encrypted /home setup (mdomsch, #475399) +- Don't allow spaces in labels (#475834) +- Fix --tmpdir relative path (dhuff) +- Support ext4 rootfs +- Fix device command version check (apevec) +- Allow URLs for specifying the kickstart config (bkearney) +- Fix macro name for excludedocs (bkearney) +- Fix up --base-on (#471656) + +* Wed Nov 12 2008 Jeremy Katz - 020-1 +- Support setting up a swap file +- Verify integer args in livecd-iso-to-disk (#467257) +- Set up persistent /home on internal mtd0 for XO +- Default to resetting the overlay on XO +- Support copying the raw ext3fs to the usb stick instead of the squash +- Mactel fixes +- Align initrd properly on XO (#467093) +- Make initrd load addr work on newer XO firmwares +- Fix up Xen paths for Xen live images (Michael Ansel) +- Support --defaultdesktop (Orion Poplawski) + +* Fri Oct 10 2008 Jeremy Katz - 019-1 +- livecd-iso-to-disk: Various other XO fixes +- Cleanup rpmdb locks after package installation +- Fix traceback due to lazy rhpl.keyboard import +- Fix using groups with options (jkeating) +- Support persistent /home on XO's internal flash +- Fix ramdisk load addr in boot/olpc.fth for XO +- Fix up boot from SD +- Fix extracting boot parameters for pxe (apevec) +- Make rpm macro information persist into the image (bkearney) +- Support %%packages --instLangs (bkearney) + +* Thu Aug 28 2008 Jeremy Katz - 018-1 +- Use logging API for debugging messages (dhuff) +- Some initial support for booting live images on an XO +- Refactoring of mount code for appliance-creator (danpb, dhuff) +- Make --base-on actually work again +- Drop the image configs; these are now in the spin-kickstarts repo +- plymouth support +- Listen to bootloader --append in config +- Add man pages (Pedro Silva) +- Support booting from Intel based Macs via EFI on USB (#450193) +- Fixes for SELinux enforcing (eparis) +- Eject the CD on shutdown (#239928) +- Allow adding extra kernel args with livecd-iso-to-disk +- Support for persistent /home (#445218) +- Copy timezone to /etc/localtime (#445624) +- Ensure that commands run by livecd-creator exist +- Mount a tmpfs for some dirs (#447127) + +* Tue May 6 2008 Bill Nottingham - 017-1 +- fix F9 final configs + +* Thu May 1 2008 Jeremy Katz - 016-1 +- Config changes all around, including F9 final configs +- Fix up the minimal image creation +- Fix odd traceback error on __del__ (#442443) +- Add late initscript and split things in half +- livecd-iso-to-disk: Check the available space on the stick (#443046) +- Fix partition size overriding (kanarip) + +* Thu Mar 6 2008 Jeremy Katz - 015-1 +- Support for using live isos with pxe booting (Richard W.M. Jones and + Chris Lalancette) +- Fixes for SELinux being disabled (Warren Togami) +- Stop using mayflower for building the initrd; mkinitrd can do it now +- Create a minimal /dev rather than using the host /dev (Warren Togami) +- Support for persistent overlays when using a USB stick (based on support + by Douglas McClendon) + +* Tue Feb 12 2008 Jeremy Katz - 014-1 +- Rework to provide a python API for use by other tools (thanks to + markmc for a lot of the legwork here) +- Fix creation of images with ext2 filesystems and no SELinux +- Don't require a yum-cache directory inside of the cachedir (#430066) +- Many config updates for rawhide +- Allow running live images from MMC/SD (#430444) +- Don't let a non-standard TMPDIR break things (Jim Meyering) + +* Mon Oct 29 2007 Jeremy Katz - 013-1 +- Lots of config updates +- Support 'device foo' to say what modules go in the initramfs +- Support multiple kernels being installed +- Allow blacklisting kernel modules on boot with blacklist=foo +- Improve bootloader configs +- Split configs off for f8 + +* Tue Sep 25 2007 Jeremy Katz - 012-1 +- Allow %%post --nochroot to work for putting files in the root of the iso +- Set environment variables for when %%post is run +- Add progress for downloads (Colin Walters) +- Add cachedir option (Colin Walters) +- Fixes for ppc/ppc64 to work again +- Clean up bootloader config a little +- Enable swaps in the default desktop config +- Ensure all configs are installed (#281911) +- Convert method line to a repo for easier config reuse (jkeating) +- Kill the modprobe FATAL warnings (#240585) +- Verify isos with iso-to-disk script +- Allow passing xdriver for setting the xdriver (#291281) +- Add turboliveinst patch (Douglas McClendon) +- Make iso-to-disk support --resetmbr (#294041) +- Clean up filesystem layout (Douglas McClendon) +- Manifest tweaks for most configs + +* Tue Aug 28 2007 Jeremy Katz - 011-1 +- Many config updates for Fedora 8 +- Support $basearch in repo line of configs; use it +- Support setting up Xen kernels and memtest86+ in the bootloader config +- Handle rhgb setup +- Improved default fs label (Colin Walters) +- Support localboot from the bootloader (#252192) +- Use hidden menu support in syslinux +- Have a base desktop config included by the other configs (Colin Walters) +- Use optparse for optino parsing +- Remove a lot of command line options; things should be specified via the + kickstart config instead +- Beginnings of PPC support (David Woodhouse) +- Clean up kernel module inclusion to take advantage of files in Fedora + kernels listing storage drivers + +* Wed Jul 25 2007 Jeremy Katz - 010-1 +- Separate out configs used for Fedora 7 +- Add patch from Douglas McClendon to make images smaller +- Add patch from Matt Domsch to work with older syslinux without vesamenu +- Add support for using mirrorlists; use them +- Let livecd-iso-to-disk work with uncompressed images (#248081) +- Raise error if SELinux requested without being enabled (#248080) +- Set service defaults on level 2 also (#246350) +- Catch some failure cases +- Allow specifying tmpdir +- Add patch from nameserver specification from Elias Hunt + +* Wed May 30 2007 Jeremy Katz - 009-1 +- miscellaneous live config changes +- fix isomd5 checking syntax error + +* Fri May 4 2007 Jeremy Katz - 008-1 +- disable screensaver with default config +- add aic7xxx and sym53c8xx drivers to default initramfs +- fixes from johnp for FC6 support in the creator +- fix iso-to-stick to work on FC6 + +* Tue Apr 24 2007 Jeremy Katz - 007-1 +- Disable prelinking by default +- Disable some things that slow down the live boot substantially +- Lots of tweaks to the default package manifests +- Allow setting the root password (Jeroen van Meeuwen) +- Allow more specific network line setting (Mark McLoughlin) +- Don't pollute the host yum cache (Mark McLoughlin) +- Add support for mediachecking + +* Wed Apr 4 2007 Jeremy Katz - 006-1 +- Many fixes to error handling from Mark McLoughlin +- Add the KDE config +- Add support for prelinking +- Fixes for installing when running from RAM or usb stick +- Add sanity checking to better ensure that USB stick is bootable + +* Thu Mar 29 2007 Jeremy Katz - 005-3 +- have to use excludearch, not exclusivearch + +* Thu Mar 29 2007 Jeremy Katz - 005-2 +- exclusivearch since it only works on x86 and x86_64 for now + +* Wed Mar 28 2007 Jeremy Katz - 005-1 +- some shell quoting fixes +- allow using UUID or LABEL for the fs label of a usb stick +- work with ext2 formated usb stick + +* Mon Mar 26 2007 Jeremy Katz - 004-1 +- add livecd-iso-to-disk for setting up the live CD iso image onto a usb + stick or similar + +* Fri Mar 23 2007 Jeremy Katz - 003-1 +- fix remaining reference to run-init + +* Thu Mar 22 2007 Jeremy Katz - 002-1 +- update for new version + +* Fri Dec 22 2006 David Zeuthen - 001-1%{?dist} +- Initial build. + diff --git a/livecd-tools/sources b/livecd-tools/sources new file mode 100644 index 0000000..8d1d543 --- /dev/null +++ b/livecd-tools/sources @@ -0,0 +1 @@ +ae75be395f23865000450b9b0e687298bd053113d0b5ff3814805d2f89461f0b livecd-tools-20.6.tar.bz2 From ea9d8433689e0ebe97508f4649024b486cd72177 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 29 Sep 2015 03:29:36 +0200 Subject: [PATCH 29/31] livecd-tools: plug it into qubes-builder scripts --- Makefile.builder | 1 + livecd-tools/livecd-tools.spec | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/Makefile.builder b/Makefile.builder index 04e3363..77f73f3 100644 --- a/Makefile.builder +++ b/Makefile.builder @@ -7,5 +7,6 @@ RPM_SPEC_FILES := \ pungi/pungi.spec \ pykickstart/pykickstart.spec \ qubes-release/qubes-dom0-dist-upgrade.spec \ + livecd-tools/livecd-tools.spec \ live/qubes-live.spec endif diff --git a/livecd-tools/livecd-tools.spec b/livecd-tools/livecd-tools.spec index 0aae21f..06b84ac 100644 --- a/livecd-tools/livecd-tools.spec +++ b/livecd-tools/livecd-tools.spec @@ -2,6 +2,11 @@ %define debug_package %{nil} +%if 0%{?qubes_builder} +%define _sourcedir %(pwd)/livecd-tools +%endif + + Summary: Tools for building live CDs Name: livecd-tools Version: 20.6 From 8ec82b09f7eae0fbaffaff9c58d50d3dc3522a0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 29 Sep 2015 03:30:28 +0200 Subject: [PATCH 30/31] livecd-tools: apply patches for verifying downloaded packages Livecd-creator is one more example of program which happily installs whatever downloads from the network, without any verification (repository metadata consistency doesn't count)... Patches sent upstream here: https://github.com/rhinstaller/livecd-tools/pull/14 --- ...po.gpgkey-when-provided-in-kickstart.patch | 57 +++++++++++++ ...o.gpgkey-verify-signatures-before-in.patch | 80 +++++++++++++++++++ livecd-tools/livecd-tools.spec | 5 ++ 3 files changed, 142 insertions(+) create mode 100644 livecd-tools/0001-Set-repo.gpgkey-when-provided-in-kickstart.patch create mode 100644 livecd-tools/0002-Actually-use-repo.gpgkey-verify-signatures-before-in.patch diff --git a/livecd-tools/0001-Set-repo.gpgkey-when-provided-in-kickstart.patch b/livecd-tools/0001-Set-repo.gpgkey-when-provided-in-kickstart.patch new file mode 100644 index 0000000..45d6ca9 --- /dev/null +++ b/livecd-tools/0001-Set-repo.gpgkey-when-provided-in-kickstart.patch @@ -0,0 +1,57 @@ +From 2055ba32ac4751a52da1ad600cb820eea76cd8b3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Fri, 7 Aug 2015 03:26:30 +0200 +Subject: [PATCH 1/2] Set repo.gpgkey when provided in kickstart +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Organization: Invisible Things Lab +Cc: Marek Marczykowski-Górecki + +Signed-off-by: Marek Marczykowski-Górecki +--- + imgcreate/creator.py | 6 +++++- + imgcreate/kickstart.py | 2 +- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/imgcreate/creator.py b/imgcreate/creator.py +index 42faf6f..c3ed346 100644 +--- a/imgcreate/creator.py ++++ b/imgcreate/creator.py +@@ -627,7 +627,7 @@ class ImageCreator(object): + ayum.setup(yum_conf, self._instroot, cacheonly=self.cacheonly) + + for repo in kickstart.get_repos(self.ks, repo_urls): +- (name, baseurl, mirrorlist, proxy, inc, exc, cost, sslverify) = repo ++ (name, baseurl, mirrorlist, proxy, inc, exc, cost, sslverify, gpgkey) = repo + + yr = ayum.addRepository(name, baseurl, mirrorlist) + if inc: +@@ -639,6 +639,10 @@ class ImageCreator(object): + if cost is not None: + yr.cost = cost + yr.sslverify = sslverify ++ if gpgkey: ++ yr.gpgcheck = True ++ yr.gpgkey = yum.parser.varReplace(gpgkey, ayum.conf.yumvar) ++ + ayum.setup(yum_conf, self._instroot) + + if kickstart.exclude_docs(self.ks): +diff --git a/imgcreate/kickstart.py b/imgcreate/kickstart.py +index 1059801..b8b3c82 100644 +--- a/imgcreate/kickstart.py ++++ b/imgcreate/kickstart.py +@@ -551,7 +551,7 @@ def get_repos(ks, repo_urls = {}): + + if repos.has_key(repo.name): + logging.warn("Overriding already specified repo %s" %(repo.name,)) +- repos[repo.name] = (repo.name, baseurl, mirrorlist, proxy, inc, exc, repo.cost, sslverify) ++ repos[repo.name] = (repo.name, baseurl, mirrorlist, proxy, inc, exc, repo.cost, sslverify, repo.gpgkey) + + return repos.values() + +-- +2.1.0 + diff --git a/livecd-tools/0002-Actually-use-repo.gpgkey-verify-signatures-before-in.patch b/livecd-tools/0002-Actually-use-repo.gpgkey-verify-signatures-before-in.patch new file mode 100644 index 0000000..d18fea1 --- /dev/null +++ b/livecd-tools/0002-Actually-use-repo.gpgkey-verify-signatures-before-in.patch @@ -0,0 +1,80 @@ +From ad81fa7d70111c2d29cb44a17c3511c49538d66d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Sat, 26 Sep 2015 06:14:05 +0200 +Subject: [PATCH 2/2] Actually use repo.gpgkey - verify signatures before + installing the packages +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Organization: Invisible Things Lab +Cc: Marek Marczykowski-Górecki + +Signed-off-by: Marek Marczykowski-Górecki +--- + imgcreate/yuminst.py | 35 +++++++++++++++++++++++++++++++++-- + 1 file changed, 33 insertions(+), 2 deletions(-) + +diff --git a/imgcreate/yuminst.py b/imgcreate/yuminst.py +index 22e840c..17f4774 100644 +--- a/imgcreate/yuminst.py ++++ b/imgcreate/yuminst.py +@@ -178,7 +178,7 @@ class LiveCDYum(yum.YumBase): + repo.metadata_expire = 0 + repo.mirrorlist_expire = 0 + repo.timestamp_check = 0 +- # disable gpg check??? ++ # disable gpg by default, enable it later when gpgkey specified + repo.gpgcheck = 0 + repo.enable() + repo.setup(self.conf.cache) +@@ -195,6 +195,33 @@ class LiveCDYum(yum.YumBase): + return True + return False + ++ def gpgsigcheck(self, pkgs): ++ """Perform GPG signature verification on the given packages, ++ installing keys if possible. ++ ++ :param pkgs: a list of package objects to verify the GPG ++ signatures of ++ :return: non-zero if execution should stop due to an error ++ :raises: Will raise :class:`CreatorError` if there's a problem ++ """ ++ for po in pkgs: ++ result, errmsg = self.sigCheckPkg(po) ++ ++ if result == 0: ++ # Verified ok, or verify not req'd ++ continue ++ ++ elif result == 1: ++ # keys are provided through kickstart, so treat this as consent ++ # for importing them ++ self.getKeyForPackage(po, lambda x, y, z: True) ++ ++ else: ++ # Fatal error ++ raise CreatorError(errmsg) ++ ++ return 0 ++ + + def runInstall(self): + os.environ["HOME"] = "/" +@@ -211,7 +238,11 @@ class LiveCDYum(yum.YumBase): + + dlpkgs = map(lambda x: x.po, filter(lambda txmbr: txmbr.ts_state in ("i", "u"), self.tsInfo.getMembers())) + self.downloadPkgs(dlpkgs) +- # FIXME: sigcheck? ++ ++ # Check GPG signatures ++ if self.gpgsigcheck(dlpkgs) != 0: ++ raise CreatorError("GPG signature verification failed") ++ + + self.initActionTs() + self.populateTs(keepold=0) +-- +2.1.0 + diff --git a/livecd-tools/livecd-tools.spec b/livecd-tools/livecd-tools.spec index 06b84ac..2b8ed4b 100644 --- a/livecd-tools/livecd-tools.spec +++ b/livecd-tools/livecd-tools.spec @@ -23,6 +23,8 @@ URL: http://git.fedorahosted.org/git/livecd Source0: http://fedorahosted.org/releases/l/i/livecd/%{name}-%{version}.tar.bz2 # Drop the requirements for grub2-efi and shim: breaks 32-bit compose # and not needed as we have them in comps +Patch0: 0001-Set-repo.gpgkey-when-provided-in-kickstart.patch +Patch1: 0002-Actually-use-repo.gpgkey-verify-signatures-before-in.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root Requires: python-imgcreate = %{epoch}:%{version}-%{release} Requires: mkisofs @@ -78,6 +80,9 @@ like live image or appliances. %prep %setup -q +%patch0 -p1 +%patch1 -p1 + %build make From 7ac6902f1e6d8cb8ed054d7bd9b0b3dff765d0cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 29 Sep 2015 03:33:31 +0200 Subject: [PATCH 31/31] livecd-tools: gitignore --- livecd-tools/.gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 livecd-tools/.gitignore diff --git a/livecd-tools/.gitignore b/livecd-tools/.gitignore new file mode 100644 index 0000000..713386d --- /dev/null +++ b/livecd-tools/.gitignore @@ -0,0 +1 @@ +livecd-tools-*.tar.bz2