lorax-templates-qubes: update based on new upstream version

QubesOS/qubes-issues#2574

lorax-templates-qubes/templates/config_files/common/92-anaconda-loglevel-debug.conf

@@ -0,0 +1,2 @@
+[logging]
+level=DEBUG

lorax-templates-qubes/templates/config_files/common/i18n

@@ -1 +1 @@
-SYSFONT="latarcyrheb-sun16"
+SYSFONT="eurlatgr"

lorax-templates-qubes/templates/config_files/common/org.gtk.Settings.Debug.gschema.override

@@ -0,0 +1,2 @@
+[org.gtk.Settings.Debug]
+	enable-inspector-keybinding=true

lorax-templates-qubes/templates/config_files/common/rsyslog.conf

@@ -1,7 +1,24 @@
+# rsyslog configuration file
+
+# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
+# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
+
 #### MODULES ####
-$ModLoad imuxsock.so          # provides support for local system logging
+
+# The imjournal module bellow is now used as a message source instead of imuxsock.
+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
 $SystemLogRateLimitInterval 0 # disables message dropping, we need all of them
-$ModLoad imklog.so            # provides kernel logging support
+$ModLoad imjournal # provides access to the systemd journal
+$ModLoad imklog # reads kernel messages (the same are read from journald)
+#$ModLoad immark  # provides --MARK-- message capability
+
+# Provides UDP syslog reception
+#$ModLoad imudp
+#$UDPServerRun 514
+
+# Provides TCP syslog reception
+#$ModLoad imtcp
+#$InputTCPServerRun 514
 
 $ModLoad imfile
 $InputFileName /tmp/X.log
@@ -15,10 +32,29 @@ $InputFileStateFile anaconda-tb-statefile
 $InputFileFacility local1
 $InputRunFileMonitor
 
+
 #### GLOBAL DIRECTIVES ####
+
+# Where to place auxiliary files
+#$WorkDirectory /var/lib/rsyslog
+
 # Use default timestamp format
 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
 
+# File syncing capability is disabled by default. This feature is usually not required,
+# not useful and an extreme performance hit
+#$ActionFileEnableSync on
+
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+# Turn off message reception via local log socket;
+# local messages are retrieved through imjournal now.
+$OmitLocalLogging on
+
+# File to store the position in the journal
+$IMJournalStateFile imjournal.state
+
 #### TEMPLATES ####
 
 $template anaconda_tty4, "%syslogseverity-text:::uppercase% %programname%:%msg%\n"
@@ -26,24 +62,32 @@ $template anaconda_syslog, "%timestamp:8:$:date-rfc3164%,%timestamp:1:3:date-sub
 $template virtio_ForwardFormat, "<%PRI%>%TIMESTAMP:::date-rfc3339% localhost %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%\n"
 
 #### RULES ####
+
 # log everything except anaconda-specific records from local1 (those are stored
 # directly into files via python logging)
+
+# discard messages from dracut regenerating initrd
+:programname,isequal,"dracut" ~
+
 *.*;\
 authpriv.none;\
 local1.none             /tmp/syslog;anaconda_syslog
                         & /dev/tty4;anaconda_tty4
 
+
 # ### begin forwarding rule ###
 # The statement between the begin ... end define a SINGLE forwarding
 # rule. They belong together, do NOT split them. If you create multiple
 # forwarding rules, duplicate the whole block!
+# Remote Logging (we use TCP for reliable delivery)
 #
 # An on-disk queue is created for this action. If the remote host is
 # down, messages are spooled to disk and sent when it is up again.
+#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
 $ActionQueueMaxDiskSpace 1m     # space limit (use as much as possible)
 $ActionQueueSaveOnShutdown off  # do not save messages to disk on shutdown
-$ActionQueueType LinkedList     # run asynchronously
-$ActionResumeRetryCount -1      # infinite retries if host is down
+#$ActionQueueType LinkedList   # run asynchronously
+#$ActionResumeRetryCount -1    # infinite retries if host is down
 # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
+#*.* @@remote-host:514
 # ### end of the forwarding rule ###
-

lorax-templates-qubes/templates/config_files/common/vconsole.conf

@@ -1,2 +1,2 @@
 KEYMAP=us
-SYSFONT="latarcyrheb-sun16"
+FONT=eurlatgr

lorax-templates-qubes/templates/runtime-cleanup.tmpl

@@ -11,11 +11,7 @@ remove usr/share/i18n
     removepkg perl*
 %endif
 ## no sound support, thanks
-## ...except alsa-libs, which are needed by spice-vdagent
-removepkg alsa-*firmware* flac gstreamer-tools libsndfile pulseaudio* sound-theme-freedesktop
-removepkg midisport-firmware
-## no fancy video, either
-removepkg libcrystalhd crystalhd-firmware ivtv-firmware cx18-firmware
+removepkg flac gstreamer-tools libsndfile pulseaudio* sound-theme-freedesktop
 ## we don't create new initramfs/bootloader conf inside anaconda
 ## (that happens inside the target system after we install dracut/grubby)
 removepkg dracut-network grubby anaconda-dracut
@@ -69,7 +65,7 @@ removepkg avahi-autoipd coreutils-libs dash db4-utils diffutils file
 removepkg genisoimage info iptables
 removepkg jasper-libs libXxf86misc
 removepkg libasyncns libhbaapi libhbalinux
-removepkg libmcpp libpcap libtiff libutempter linux-atm-libs
+removepkg libmcpp libpcap libtiff linux-atm-libs
 removepkg lvm2-libs m4 mailx makebootfat mcpp
 removepkg mingetty mobile-broadband-provider-info pkgconfig ppp pth
 removepkg rmt rpcbind squashfs-tools system-config-firewall-base
@@ -86,7 +82,9 @@ remove /usr/share/mime/multipart /usr/share/mime/packages /usr/share/mime/text
 remove /usr/share/mime/video /usr/share/mime/x-content /usr/share/mime/x-epoc
 remove /var/db /var/games /var/tmp /var/yp /var/nis /var/opt /var/local
 remove /var/mail /var/spool /var/preserve /var/report
-remove /var/lib/rpm/* /var/lib/yum
+remove /var/lib/rpm/* /var/lib/yum /var/lib/dnf
+## clean up the files created by various '> /dev/null's
+remove /dev/*
 
 ## icons cache
 remove /usr/share/icons/*/icon-theme.cache
@@ -95,7 +93,7 @@ remove /usr/share/icons/*/icon-theme.cache
 removekmod sound drivers/media drivers/hwmon \
            net/atm net/bluetooth net/sched net/sctp \
            net/rds net/l2tp net/decnet net/netfilter net/ipv4 net/ipv6 \
-           drivers/watchdog drivers/target drivers/rtc drivers/input/joystick \
+           drivers/watchdog drivers/rtc drivers/input/joystick \
            drivers/bluetooth drivers/edac drivers/staging \
            drivers/usb/serial drivers/usb/host drivers/usb/misc \
            fs/ocfs2 fs/ceph fs/nfsd fs/ubifs fs/nilfs2 \
@@ -106,24 +104,8 @@ removekmod sound drivers/media drivers/hwmon \
 removekmod drivers/char --allbut virtio_console hw_random \
                                   virtio-rng ipmi
 removekmod drivers/hid --allbut hid-logitech-dj hid-logitech-hidpp
-removekmod drivers/video --allbut hyperv_fb
+removekmod drivers/video --allbut hyperv_fb syscopyarea sysfillrect sysimgblt fb_sys_fops
 remove lib/modules/*/{build,source,*.map}
-## Need to keep virtio_console.ko and ipmi stuff in drivers/char
-## Also keep virtio-rng so that the installer can get sufficient randomness for
-## LUKS setup.
-runcmd chroot ${root} find /lib/modules \
-                        -regex ".*/kernel/drivers/char/.*" \
-                        \! -name virtio_console.ko\* \
-                        \! -name hw_random \
-                        \! -name virtio-rng.ko\* \
-                        \! -name ipmi\* \
-                        -delete
-# Remove all of drivers/hid except for logitech modules.
-runcmd chroot ${root} find /lib/modules \
-                        -regex ".*/kernel/drivers/hid/.*" \
-                        \! -name hid-logitech-hidpp.ko\* \
-                        \! -name hid-logitech-dj.ko\* \
-                        -delete
 ## NOTE: depmod gets re-run after cleanup finishes
 
 ## remove unused themes, theme engines, icons, etc.
@@ -171,7 +153,7 @@ removefrom coreutils /usr/bin/expand /usr/bin/factor
 removefrom coreutils /usr/bin/fold /usr/bin/groups /usr/bin/hostid
 removefrom coreutils /usr/bin/install /usr/bin/join /usr/bin/logname
 removefrom coreutils /usr/bin/mkfifo /usr/bin/nl /usr/bin/nohup /usr/bin/nproc
-removefrom coreutils /usr/bin/paste /usr/bin/pathchk
+removefrom coreutils /usr/bin/pathchk
 removefrom coreutils /usr/bin/pinky /usr/bin/pr /usr/bin/printenv
 removefrom coreutils /usr/bin/printf /usr/bin/ptx /usr/bin/runcon
 removefrom coreutils /usr/bin/sha224sum /usr/bin/sha384sum
@@ -213,7 +195,7 @@ removefrom glibc /${libdir}/libSegFault* /${libdir}/libanl*
 removefrom glibc /${libdir}/libcidn* /${libdir}/libnss_compat*
 removefrom glibc /${libdir}/libnss_hesiod* /${libdir}/libnss_nis*
 # python-pyudev uses ctypes.util.find_library, which uses /sbin/ldconfig
-removefrom glibc /${libdir}/libthread* /${libdir}/rtkaio* /sbin/sln
+removefrom glibc /${libdir}/rtkaio* /sbin/sln
 removefrom glibc /usr/libexec/* /usr/sbin/*
 removefrom glibc-common /etc/* /usr/bin/catchsegv /usr/bin/gencat
 removefrom glibc-common /usr/bin/getent
@@ -263,7 +245,7 @@ removefrom libvorbis /usr/${libdir}/libvorbisenc.*
 removefrom libxml2 /usr/bin/*
 removefrom libxml2-python /usr/${libdir}/python?.?/site-packages/libxml2mod.a
 removefrom libxml2-python /usr/${libdir}/python?.?/site-packages/libxml2mod.la
-removefrom lldpad /etc/* /usr/sbin/lldptool
+removefrom lldpad /etc/*
 removefrom lua /usr/bin/*
 removefrom madan-fonts /usr/share/fonts/madan/*
 removefrom mdadm /etc/*
@@ -294,13 +276,12 @@ removefrom nfs-utils /var/lib/nfs/rmtab /var/lib/nfs/state /var/lib/nfs/xtab
 removefrom nhn-nanum-gothic-fonts /usr/share/fonts/nhn-nanum/NanumGothic*Bold.ttf
 removefrom nss-softokn /usr/${libdir}/nss/*
 removefrom openldap /etc/openldap/* /usr/${libdir}/libldap_r-*
-removefrom openssh /etc/ssh/* /usr/libexec/*
-removefrom openssh-clients /etc/ssh/* /usr/bin/slogin /usr/bin/ssh-*
+removefrom openssh /usr/libexec/*
+removefrom openssh-clients /etc/ssh/* /usr/bin/ssh-*
 removefrom openssh-clients /usr/libexec/*
-removefrom openssh-server /etc/ssh/* /usr/libexec/*
+removefrom openssh-server /etc/ssh/* /usr/libexec/openssh/sftp-server
 removefrom openssl /etc/pki/* /usr/bin/* /usr/${libdir}/openssl/*
 removefrom pam /usr/sbin/* /usr/share/locale/*
-removefrom pciutils /usr/sbin/*
 removefrom policycoreutils /etc/* /usr/bin/* /usr/share/locale/*
 removefrom polkit /usr/bin/*
 removefrom polkit-desktop-policy /var/lib/*
@@ -327,11 +308,11 @@ removefrom sysvinit-tools /usr/bin/*
 removefrom tar /usr/share/locale/*
 removefrom usbutils /usr/bin/*
 removefrom util-linux --allbut \
-    /usr/bin/{dmesg,getopt,kill,login,lsblk,more,mount,umount,mountpoint} \
+    /usr/bin/{dmesg,getopt,kill,login,lsblk,more,mount,umount,mountpoint,findmnt} \
     /etc/mtab /etc/pam.d/login /etc/pam.d/remote \
     /usr/sbin/{agetty,blkid,blockdev,clock,fdisk,fsck,fstrim,hwclock,losetup} \
-    /usr/sbin/{mkswap,nologin,sfdisk,swapoff,swapon,wipefs,partx} \
-    /usr/bin/{logger,hexdump}
+    /usr/sbin/{mkswap,nologin,sfdisk,swapoff,swapon,wipefs,partx,fsfreeze} \
+    /usr/bin/{logger,hexdump,flock}
 removefrom volume_key-libs /usr/share/locale/*
 removefrom wget /etc/* /usr/share/locale/*
 removefrom xorg-x11-drv-intel /usr/${libdir}/libI*
@@ -339,11 +320,11 @@ removefrom xorg-x11-drv-openchrome /usr/${libdir}/libchrome*
 removefrom xorg-x11-drv-synaptics /usr/bin/*
 removefrom xorg-x11-drv-wacom /usr/bin/*
 removefrom xorg-x11-fonts-misc --allbut /usr/share/X11/fonts/misc/{6x13,encodings,fonts,*cursor}*
-removefrom xorg-x11-server-utils --allbut /usr/bin/xrandr /usr/share/X11/rgb.txt
+removefrom xorg-x11-server-utils --allbut /usr/bin/xrandr /usr/share/X11/rgb.txt /usr/bin/xrdb
 removefrom yum /etc/* /usr/share/locale/* /usr/share/yum-cli/*
 removefrom ${product.name}-logos /etc/*
 removefrom ${product.name}-logos /usr/share/icons/{Bluecurve,oxygen}/*
-removefrom ${product.name}-logos /usr/share/{gnome-screensaver,kde4,pixmaps}/*
+removefrom ${product.name}-logos /usr/share/{firstboot,gnome-screensaver,kde4,pixmaps}/*
 
 ## cleanup_python_files()
 runcmd find ${root} -name "*.pyo" -type f -delete
@@ -355,3 +336,21 @@ runcmd find ${root} -name "*.pyc" -type f -exec ln -sf /dev/null {} \;
 ## NOTE: Excluding /etc/mtab which links to /proc/self/mounts for systemd
 runcmd chroot ${root} find -L /etc /usr -xdev -type l -and \! -name "mtab" \
                 -printf "removing broken symbolic link %p -> %l\n" -delete
+
+## Clean up some of the mess pulled in by webkitgtk via yelp
+## libwebkit2gtk links to a handful of libraries in gstreamer and
+## gstreamer-plugins-base. Remove the rest of them.
+removefrom gstreamer1 --allbut /usr/${libdir}/libgstbase-1.0.* \
+                               /usr/${libdir}/libgstreamer-1.0.*
+removefrom gstreamer1-plugins-base --allbut \
+        /usr/${libdir}/libgst{app,audio,fft,pbutils,tag,video}-1.0.*
+
+## We have enough geoip libraries, thanks
+removepkg geoclue2
+
+## And remove the packages that those extra libraries pulled in
+removepkg cdparanoia-libs opus libtheora libvisual flac-libs gsm avahi-glib avahi-libs \
+          ModemManager-glib
+
+## metacity requires libvorbis and libvorbisfile, but enc/dec are no longer needed
+removefrom libvorbis --allbut /usr/${libdir}/libvorbisfile.* /usr/${libdir}/libvorbis.*

lorax-templates-qubes/templates/runtime-install.tmpl

@@ -22,10 +22,12 @@ installpkg grubby
     installpkg linux-firmware
 %endif
 installpkg xen-hypervisor
+## install all of the glibc langpacks since otherwise we get no locales
+installpkg glibc-all-langpacks
 
 ## arch-specific packages (bootloaders etc.)
 %if basearch == "aarch64":
-    installpkg efibootmgr grub2-efi grubby shim shim-unsigned
+    installpkg efibootmgr grub2-efi grub2-efi-modules grub2-tools shim shim-unsigned
 %endif
 %if basearch in ("arm", "armhfp"):
     installpkg kernel-lpae
@@ -35,7 +37,7 @@ installpkg xen-hypervisor
     installpkg kernel-PAE gpart
 %endif
 %if basearch == "x86_64":
-    installpkg efibootmgr grub2-efi shim shim-unsigned
+    installpkg efibootmgr grub2-efi grub2-efi-modules shim shim-unsigned
 %endif
 %if basearch in ("i386", "x86_64"):
     installpkg grub2 grub2-tools memtest86+ syslinux syslinux-nonlinux
@@ -107,9 +109,7 @@ installpkg mt-st smartmontools
 installpkg hdparm pcmciautils
 %endif
 installpkg libmlx4 rdma
-
-## translations & language packs
-installpkg python3-dnf-langpacks
+installpkg rng-tools
 
 ## fonts & themes
 installpkg bitmap-fangsongti-fonts
@@ -141,7 +141,6 @@ installpkg qubes-artwork
 
 ## debugging/bug reporting tools
 installpkg gdb-gdbserver
-installpkg python-epdb
 installpkg libreport-plugin-bugzilla libreport-plugin-reportuploader
 installpkg fpaste
 

lorax-templates-qubes/templates/runtime-postinstall.tmpl

@@ -29,6 +29,10 @@ symlink /lib/systemd/system/anaconda.target etc/systemd/system/default.target
 mkdir etc/systemd/system/local-fs.target.wants/
 symlink /lib/systemd/system/tmp.mount etc/systemd/system/local-fs.target.wants/tmp.mount
 
+## Start rngd
+mkdir etc/systemd/system/basic.target.wants/
+symlink /lib/systemd/system/rngd.service etc/systemd/system/basic.target.wants/rngd.service
+
 ## Disable unwanted systemd services
 systemctl disable systemd-readahead-collect.service \
                   systemd-readahead-replay.service \
@@ -45,9 +49,11 @@ systemctl mask fedora-configure.service fedora-loadmodules.service \
                systemd-tmpfiles-clean.service systemd-tmpfiles-clean.timer \
                ldconfig.service
 
-## Make logind activate anaconda-shell@.service on switch to empty VT
-symlink anaconda-shell@.service lib/systemd/system/autovt@.service
-replace "#ReserveVT=6" "ReserveVT=2" etc/systemd/logind.conf
+## Remove the more terrible parts of systemd-tmpfiles.
+## etc.conf is written with the assumption that /etc/ is empty, which is
+## ridiculous, and it also creates a broken /etc/resolv.conf, which breaks
+## networking.
+remove usr/lib/tmpfiles.d/etc.conf
 
 ## Make logind activate anaconda-shell@.service on switch to empty VT
 symlink anaconda-shell@.service lib/systemd/system/autovt@.service
@@ -69,6 +75,7 @@ install ${configdir}/spice-vdagentd etc/sysconfig
 mkdir etc/NetworkManager/conf.d
 install ${configdir}/91-anaconda-autoconnect-slaves.conf etc/NetworkManager/conf.d
 install ${configdir}/vconsole.conf etc
+install ${configdir}/92-anaconda-loglevel-debug.conf etc/NetworkManager/conf.d
 
 ## disable NetworkManager
 install ${configdir}/NetworkManager.state var/lib/NetworkManager/NetworkManager.state
@@ -85,19 +92,13 @@ append etc/shadow "install::14438:0:99999:7:::"
 ## remove root password
 replace "root:\*:" "root::" etc/shadow
 
-## s390-specific setup
-%if basearch in ("s390", "s390x"):
-    ## generate ssh keys
-    runcmd ssh-keygen -q -C "" -N "" -t rsa1 -f ${root}/etc/ssh/ssh_host_key
-    runcmd ssh-keygen -q -C "" -N "" -t rsa  -f ${root}/etc/ssh/ssh_host_rsa_key
-    runcmd ssh-keygen -q -C "" -N "" -t dsa  -f ${root}/etc/ssh/ssh_host_dsa_key
-    chmod etc/ssh/ssh_host*_key 600
-    chmod etc/ssh/ssh_host*_key.pub 644
-%endif
-
 ## gconf settings
 gconfset /desktop/gnome/interface/accessibility bool true
 
+## gsettings settings
+install ${configdir}/org.gtk.Settings.Debug.gschema.override usr/share/glib-2.0/schemas
+runcmd chroot ${root} glib-compile-schemas /usr/share/glib-2.0/schemas
+
 move usr/libexec/anaconda/auditd sbin
 
 ## for compatibility with Ancient Anaconda Traditions
@@ -108,6 +109,9 @@ symlink ../run/install mnt/install
 ## create_depmod_conf()
 append etc/depmod.d/dd.conf "search updates built-in"
 
+## create multipath.conf so multipath gets auto-started
+append etc/multipath.conf "defaults {\n\tfind_multipaths yes\n\tuser_friendly_names yes\n}\n"
+
 ## include additional modules in initramfs
 append etc/dracut.conf.d/extra-install-modules.conf "add_drivers+=' ehci-pci xhci-hcd xhci-pci '"