qubes-linux-template-builder/templates.spec

#
# This SPEC is for bulding RPM packages that contain complete Qubes Template files
# This includes the VM's root image, patched with all qubes rpms, etc
#

%{!?version: %define version %(cat version)}
%{!?rel: %define rel %(cat build_timestamp_%{template_name})}

Name:		qubes-template-%{template_name}
Version:	%{version}
Release:	%{rel}
Summary:	Qubes template for %{template_name}

License:	GPL
URL:		http://www.qubes-os.org
Source:		.

Requires:	xdg-utils
Requires(post):	tar
Provides:	qubes-template
Obsoletes:  %{name} > %{version}-%{release}

%define _builddir %(pwd)
%define _rpmdir %(pwd)/rpm
%define dest_dir /var/lib/qubes/vm-templates/%{template_name}

%define _binaries_in_noarch_packages_terminate_build 0
%description
Qubes template for %{template_name}

%build
cd qubeized_images/%{template_name}
rm -f root.img.part.*
tar --sparse --dereference -cf - root.img | split -d -b 1G - root.img.part.

if [ "0$DISCARD_PREPARED_IMAGE" -eq 1 ]; then
    rm -f root.img
fi

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/%{dest_dir}
for i in qubeized_images/%{template_name}/root.img.part.* ; do mv $i $RPM_BUILD_ROOT/%{dest_dir}/ ; done
touch $RPM_BUILD_ROOT/%{dest_dir}/root.img # we will create the real file in %post
touch $RPM_BUILD_ROOT/%{dest_dir}/private.img # we will create the real file in %post
touch $RPM_BUILD_ROOT/%{dest_dir}/volatile.img # we will create the real file in %post
touch $RPM_BUILD_ROOT/%{dest_dir}/clean-volatile.img.tar # we will create the real file in %post

mkdir -p $RPM_BUILD_ROOT/%{dest_dir}/apps.templates
mkdir -p $RPM_BUILD_ROOT/%{dest_dir}/apps.tempicons
mkdir -p $RPM_BUILD_ROOT/%{dest_dir}/apps
cp appmenus/whitelisted-appmenus.list appmenus/vm-whitelisted-appmenus.list $RPM_BUILD_ROOT/%{dest_dir}/
cp appmenus/netvm-whitelisted-appmenus.list $RPM_BUILD_ROOT/%{dest_dir}/
touch $RPM_BUILD_ROOT/%{dest_dir}/icon.png

%pre

export XDG_DATA_DIRS=/usr/share/
if [ "$1" -gt 1 ] ; then
    # upgrading already installed template...
    echo "--> Removing previous menu shortcuts..."
    xdg-desktop-menu uninstall --mode system %{dest_dir}/apps/*.directory %{dest_dir}/apps/*.desktop
fi


%post

if command -v qvm-template-postprocess >/dev/null 2>&1; then
    qvm-template-postprocess --really post-install %{template_name} %{dest_dir}
    exit $?
fi

echo "--> Processing the root.img... (this might take a while)"
cat %{dest_dir}/root.img.part.* | tar --sparse -xf - -C %{dest_dir}
rm -f %{dest_dir}/root.img.part.*
chown root.qubes %{dest_dir}/root.img
chmod 0660 %{dest_dir}/root.img

echo "--> Processing the volatile.img..."
/usr/lib/qubes/prepare-volatile-img.sh %{dest_dir}/volatile.img $[ `stat -c '%s' %{dest_dir}/root.img` / 1024 / 1024 ] || exit 1
chown root.qubes %{dest_dir}/volatile.img
chmod 0660 %{dest_dir}/volatile.img
tar --sparse -cf %{dest_dir}/clean-volatile.img.tar -C %{dest_dir} volatile.img
chown root.qubes %{dest_dir}/clean-volatile.img.tar
chmod 0660 %{dest_dir}/clean-volatile.img.tar

if [ "$1" = 1 ] ; then
    # installing for the first time
    echo "--> Creating private.img..."
    truncate -s 2G %{dest_dir}/private.img
    mkfs.ext4 -m 0 -q -F %{dest_dir}/private.img
    chown root.qubes %{dest_dir}/private.img
    chmod 0660 %{dest_dir}/private.img
fi


export XDG_DATA_DIRS=/usr/share/

echo "--> Instaling menu shortcuts..."
ln -sf /usr/share/qubes/icons/template.png %{dest_dir}/icon.png

local_user=`getent group qubes | cut -d : -f 4 | cut -d , -f 1`
if [ -n "$local_user" ]; then
    call_as_user() {
        su -c "$*" - $local_user
    }
else
    # This will be the case during installation - user will be created in
    # firstboot. There is also a code to fix file permissions, so not a big problem
    call_as_user() {
        $*
    }
fi

if [ "$1" = 1 ] ; then
    # installing for the first time
    call_as_user qvm-add-template --rpm %{template_name}
fi

# If running inside of chroot (means - from anaconda), force offline mode
if [ "`stat -c %d:%i /`" != "`stat -c %d:%i /proc/1/root/.`" ]; then
    qvm-template-commit --offline-mode %{template_name}
    call_as_user /usr/libexec/qubes-appmenus/create-apps-for-appvm.sh \
        %{dest_dir}/apps.templates %{template_name} vm-templates appvm-black
else
    qvm-template-commit %{template_name}
    qvm-prefs --force-root -s %{template_name} netvm none
    qvm-start --no-guid %{template_name}
    call_as_user qvm-sync-appmenus --force-root %{template_name}
    qvm-shutdown --wait %{template_name}
    qvm-prefs --force-root -s %{template_name} netvm default
    # restore default firewall settings, which was reset by setting netvm=none
    rm -f %{dest_dir}/firewall.xml
    chgrp -R qubes %{dest_dir}
    chmod g+rwX -R %{dest_dir}
fi
exit 0

%preun
if [ "$1" = 0 ] ; then
    # no more packages left

    if command -v qvm-template-postprocess >/dev/null 2>&1; then
        qvm-template-postprocess --really pre-remove %{template_name} %{dest_dir}
        exit $?
    fi

    # First remove DispVM template (even if not exists...)
    qvm-remove --force-root -q %{template_name}-dvm

    if ! qvm-remove --force-root -q --just-db %{template_name}; then
        exit 1
    fi

    rm -f %{dest_dir}/root-cow.img
    rm -f %{dest_dir}/root-cow.img.old
    rm -f %{dest_dir}/firewall.xml
    rm -f %{dest_dir}/%{template_name}.conf
    rm -f %{dest_dir}/updates.stat

    # we need to have it here, because rpm -U <template>
    # apparently executes %preun of the old package *after* %post of the new packages...
    echo "--> Removing menu shortcuts..."
    export XDG_DATA_DIRS=/usr/share/
    xdg-desktop-menu uninstall --mode system %{dest_dir}/apps/*.directory %{dest_dir}/apps/*.desktop

    rm -rf %{dest_dir}/apps %{dest_dir}/apps.templates
    rm -rf %{dest_dir}/apps.icons %{dest_dir}/apps.tempicons
fi

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(660,root,qubes,770)
%attr(2770,root,qubes) %dir %{dest_dir}
%ghost %{dest_dir}/root.img
%{dest_dir}/root.img.part.*
%{dest_dir}/clean-volatile.img.tar
%ghost %{dest_dir}/volatile.img
%ghost %{dest_dir}/private.img
%attr (775,root,qubes) %dir %{dest_dir}/apps
%attr (775,root,qubes) %dir %{dest_dir}/apps.templates
%attr (775,root,qubes) %dir %{dest_dir}/apps.tempicons
%attr (664,root,qubes) %{dest_dir}/whitelisted-appmenus.list
%attr (664,root,qubes) %{dest_dir}/vm-whitelisted-appmenus.list
%attr (664,root,qubes) %{dest_dir}/netvm-whitelisted-appmenus.list
%{dest_dir}/icon.png
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`#`
			`# This SPEC is for bulding RPM packages that contain complete Qubes Template files`
			`# This includes the VM's root image, patched with all qubes rpms, etc`
			`#`

Use a script for filling the rpms_to_install symlinks automatically The actual version of core, gui, and xen packages to use are given in version_{core,gui,xen} files 2011-07-02 12:34:17 +00:00			`%{!?version: %define version %(cat version)}`
Add support for plugins, move all distribution-specific code there While at it, also change name of local repo to pkgs-for-tmplate (was yum_repo_qubes). 2015-03-10 03:19:28 +00:00			`%{!?rel: %define rel %(cat build_timestamp_%{template_name})}`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00
			`Name: qubes-template-%{template_name}`
			`Version: %{version}`
Fix automatic template versioning (#667) 2012-11-06 09:43:45 +00:00			`Release: %{rel}`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`Summary: Qubes template for %{template_name}`

			`License: GPL`
			`URL: http://www.qubes-os.org`
			`Source: .`

Recreate VM conf files in the %post of template.rpm 2010-09-30 15:28:58 +00:00			`Requires: xdg-utils`
spec: ensure right install order Execute %post after installation of tar and qubes-core-dom0 2013-01-23 00:29:54 +00:00			`Requires(post): tar`
spec: provide 'qubes-template' virtual package 2013-02-06 13:14:55 +00:00			`Provides: qubes-template`
rpm: Prevent upgrades of template pkg Templates are meant to upgrade using its own package manager. Upgrade template package itself would destroy all th user customizations. 2014-04-22 17:43:35 +00:00			`Obsoletes: %{name} > %{version}-%{release}`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00
			`%define _builddir %(pwd)`
			`%define _rpmdir %(pwd)/rpm`
			`%define dest_dir /var/lib/qubes/vm-templates/%{template_name}`

Do not complain about arch-specific binaries in noarch.rpm 2010-09-16 17:23:32 +00:00			`%define _binaries_in_noarch_packages_terminate_build 0`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`%description`
			`Qubes template for %{template_name}`

			`%build`
Make template builder working on Debian 1. Use bash explicitly where required 2. Don't use bash-isms where not. QubesOS/qubes-issues#1907 2016-04-20 08:23:36 +00:00			`cd qubeized_images/%{template_name}`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`rm -f root.img.part.*`
Store root image named 'root.img' inside of tar archive Prevent renaming at installation, this will make the process cleaner. 2015-03-09 12:38:09 +00:00			`tar --sparse --dereference -cf - root.img \| split -d -b 1G - root.img.part.`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00
Remove more intermetiate files when DISCARD_PREPARED_IMAGE=1 2017-09-26 16:52:38 +00:00			`if [ "0$DISCARD_PREPARED_IMAGE" -eq 1 ]; then`
			`rm -f root.img`
			`fi`

Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`%install`
			`rm -rf $RPM_BUILD_ROOT`
			`mkdir -p $RPM_BUILD_ROOT/%{dest_dir}`
Store root image named 'root.img' inside of tar archive Prevent renaming at installation, this will make the process cleaner. 2015-03-09 12:38:09 +00:00			`for i in qubeized_images/%{template_name}/root.img.part.* ; do mv $i $RPM_BUILD_ROOT/%{dest_dir}/ ; done`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`touch $RPM_BUILD_ROOT/%{dest_dir}/root.img # we will create the real file in %post`
			`touch $RPM_BUILD_ROOT/%{dest_dir}/private.img # we will create the real file in %post`
Create dummy volatile.img file Some rpm versions doesn't understand %ghost macro 2011-09-26 17:16:31 +00:00			`touch $RPM_BUILD_ROOT/%{dest_dir}/volatile.img # we will create the real file in %post`
Minimize data contained in the template package 1. Remove appmenus - regenerate them at installation time (start the template for that) 2. Remove volatile.img - regenerate it at installation time This way, the only real data carried in template rpm is root.img. 2015-03-07 02:43:33 +00:00			`touch $RPM_BUILD_ROOT/%{dest_dir}/clean-volatile.img.tar # we will create the real file in %post`
Create template with plain root.img without partitions (#118) Additionaly provide clean-volatile.img 2011-03-19 02:30:23 +00:00
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`mkdir -p $RPM_BUILD_ROOT/%{dest_dir}/apps.templates`
Include (empty) apps.tempicons directory (#896) In the future we could create it (and populate) in firstboot, but for now provide at least empty directory. 2014-09-09 20:04:45 +00:00			`mkdir -p $RPM_BUILD_ROOT/%{dest_dir}/apps.tempicons`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`mkdir -p $RPM_BUILD_ROOT/%{dest_dir}/apps`
Include templates for all appmenus in package (#266) Convert it to actual appmenus at rpm installation stage - respecting provided whitelist. 2011-07-10 21:42:54 +00:00			`cp appmenus/whitelisted-appmenus.list appmenus/vm-whitelisted-appmenus.list $RPM_BUILD_ROOT/%{dest_dir}/`
appmenus: include whitelist for NetVM (#538) 2012-05-01 00:09:35 +00:00			`cp appmenus/netvm-whitelisted-appmenus.list $RPM_BUILD_ROOT/%{dest_dir}/`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`touch $RPM_BUILD_ROOT/%{dest_dir}/icon.png`

template: remove previous appmenus in pre script 2010-10-01 13:40:01 +00:00			`%pre`

			`export XDG_DATA_DIRS=/usr/share/`
			`if [ "$1" -gt 1 ] ; then`
			`# upgrading already installed template...`
			`echo "--> Removing previous menu shortcuts..."`
			`xdg-desktop-menu uninstall --mode system %{dest_dir}/apps/.directory %{dest_dir}/apps/.desktop`
			`fi`


Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`%post`
Call qvm-template-postprocess if present instead of internal script Actions required after template installation differs between Qubes releases. Lets keep template builder universal and just call appropriate command provided by version-specific component (probably qubes-core-dom0 package), if present. Otherwise use old script (for Qubes before 4.0). Add --really parameter to prevent misuse. This tool may override template data without further confirmation. QubesOS/qubes-issues#2412 2016-11-02 05:07:00 +00:00
			`if command -v qvm-template-postprocess >/dev/null 2>&1; then`
			`qvm-template-postprocess --really post-install %{template_name} %{dest_dir}`
			`exit $?`
			`fi`

Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`echo "--> Processing the root.img... (this might take a while)"`
			`cat %{dest_dir}/root.img.part.* \| tar --sparse -xf - -C %{dest_dir}`
			`rm -f %{dest_dir}/root.img.part.*`
			`chown root.qubes %{dest_dir}/root.img`
			`chmod 0660 %{dest_dir}/root.img`

Leave tar-ed volatile.img (#118) 2011-03-19 21:12:52 +00:00			`echo "--> Processing the volatile.img..."`
Fix creating volatile.img 2015-03-09 18:54:51 +00:00			/usr/lib/qubes/prepare-volatile-img.sh %{dest_dir}/volatile.img $[ `stat -c '%s' %{dest_dir}/root.img` / 1024 / 1024 ] \|\| exit 1
Leave tar-ed volatile.img (#118) 2011-03-19 21:12:52 +00:00			`chown root.qubes %{dest_dir}/volatile.img`
			`chmod 0660 %{dest_dir}/volatile.img`
Minimize data contained in the template package 1. Remove appmenus - regenerate them at installation time (start the template for that) 2. Remove volatile.img - regenerate it at installation time This way, the only real data carried in template rpm is root.img. 2015-03-07 02:43:33 +00:00			`tar --sparse -cf %{dest_dir}/clean-volatile.img.tar -C %{dest_dir} volatile.img`
			`chown root.qubes %{dest_dir}/clean-volatile.img.tar`
			`chmod 0660 %{dest_dir}/clean-volatile.img.tar`
Create template with plain root.img without partitions (#118) Additionaly provide clean-volatile.img 2011-03-19 02:30:23 +00:00
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`if [ "$1" = 1 ] ; then`
			`# installing for the first time`
			`echo "--> Creating private.img..."`
			`truncate -s 2G %{dest_dir}/private.img`
Avoid 100MB reserved space in private ext4 partition The ext4 reserved space is necessary for root partitions, but in the private.img data partition, it is wasted space (accessible only to root processes), which means losing 100 MB of the default 2GB. From mkfs.ext4 man page: "-m reserved-blocks-percentage Specify the percentage of the filesystem blocks reserved for the super-user." ... "The default percentage is 5%." 2014-09-05 20:06:05 +00:00			`mkfs.ext4 -m 0 -q -F %{dest_dir}/private.img`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`chown root.qubes %{dest_dir}/private.img`
			`chmod 0660 %{dest_dir}/private.img`
			`fi`


			`export XDG_DATA_DIRS=/usr/share/`

			`echo "--> Instaling menu shortcuts..."`
			`ln -sf /usr/share/qubes/icons/template.png %{dest_dir}/icon.png`

rpm: fix post-installation script - call relevant parts as user ... or add --force-root option 2015-05-16 22:01:09 +00:00			local_user=`getent group qubes \| cut -d : -f 4 \| cut -d , -f 1`
			`if [ -n "$local_user" ]; then`
			`call_as_user() {`
			`su -c "$*" - $local_user`
			`}`
			`else`
			`# This will be the case during installation - user will be created in`
			`# firstboot. There is also a code to fix file permissions, so not a big problem`
			`call_as_user() {`
			`$*`
			`}`
			`fi`

Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`if [ "$1" = 1 ] ; then`
			`# installing for the first time`
rpm: fix post-installation script - call relevant parts as user ... or add --force-root option 2015-05-16 22:01:09 +00:00			`call_as_user qvm-add-template --rpm %{template_name}`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`fi`

rpm: force offline mode if installing inside of chroot 2013-05-18 03:56:30 +00:00			`# If running inside of chroot (means - from anaconda), force offline mode`
			if [ "`stat -c %d:%i /`" != "`stat -c %d:%i /proc/1/root/.`" ]; then
			`qvm-template-commit --offline-mode %{template_name}`
rpm: fix post-installation script - call relevant parts as user ... or add --force-root option 2015-05-16 22:01:09 +00:00			`call_as_user /usr/libexec/qubes-appmenus/create-apps-for-appvm.sh \`
rpm: fix menu directory icon setting 2015-07-08 03:10:02 +00:00			`%{dest_dir}/apps.templates %{template_name} vm-templates appvm-black`
rpm: force offline mode if installing inside of chroot 2013-05-18 03:56:30 +00:00			`else`
			`qvm-template-commit %{template_name}`
rpm: fix post-installation script - call relevant parts as user ... or add --force-root option 2015-05-16 22:01:09 +00:00			`qvm-prefs --force-root -s %{template_name} netvm none`
Minimize data contained in the template package 1. Remove appmenus - regenerate them at installation time (start the template for that) 2. Remove volatile.img - regenerate it at installation time This way, the only real data carried in template rpm is root.img. 2015-03-07 02:43:33 +00:00			`qvm-start --no-guid %{template_name}`
rpm: fix post-installation script - call relevant parts as user ... or add --force-root option 2015-05-16 22:01:09 +00:00			`call_as_user qvm-sync-appmenus --force-root %{template_name}`
Minimize data contained in the template package 1. Remove appmenus - regenerate them at installation time (start the template for that) 2. Remove volatile.img - regenerate it at installation time This way, the only real data carried in template rpm is root.img. 2015-03-07 02:43:33 +00:00			`qvm-shutdown --wait %{template_name}`
rpm: fix post-installation script - call relevant parts as user ... or add --force-root option 2015-05-16 22:01:09 +00:00			`qvm-prefs --force-root -s %{template_name} netvm default`
Cut the template of the network for initial appmenus retrieval The user have no way to set anything before starting the template for the first time. Especially firewall settings, netvm etc. So to not expose the template to the outside world, disable networking there. 2015-03-18 19:05:44 +00:00			`# restore default firewall settings, which was reset by setting netvm=none`
			`rm -f %{dest_dir}/firewall.xml`
Minimize data contained in the template package 1. Remove appmenus - regenerate them at installation time (start the template for that) 2. Remove volatile.img - regenerate it at installation time This way, the only real data carried in template rpm is root.img. 2015-03-07 02:43:33 +00:00			`chgrp -R qubes %{dest_dir}`
			`chmod g+rwX -R %{dest_dir}`
rpm: force offline mode if installing inside of chroot 2013-05-18 03:56:30 +00:00			`fi`
Add workaround for bug in qvm-sync-appmenus qvm-sync-appmenus did not regenerated appmenus for the template itself, only dependent VMs. Do it manually here. When used with fixed qvm-sync-appmenus this will regenerate the appmenus twice, which should be harmless. This commit should be reverted when new qvm-sync-appmenus got released and appropriate Require line added here. 2015-03-11 06:26:29 +00:00			`exit 0`
Build universal (appvm,netvm,proxyvm), cow-based template 2011-03-16 08:52:21 +00:00
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`%preun`
			`if [ "$1" = 0 ] ; then`
			`# no more packages left`
Call qvm-template-postprocess if present instead of internal script Actions required after template installation differs between Qubes releases. Lets keep template builder universal and just call appropriate command provided by version-specific component (probably qubes-core-dom0 package), if present. Otherwise use old script (for Qubes before 4.0). Add --really parameter to prevent misuse. This tool may override template data without further confirmation. QubesOS/qubes-issues#2412 2016-11-02 05:07:00 +00:00
			`if command -v qvm-template-postprocess >/dev/null 2>&1; then`
			`qvm-template-postprocess --really pre-remove %{template_name} %{dest_dir}`
			`exit $?`
			`fi`

Fail template package remove if there are VMs based on it (#154) And remove DispVM based on it. 2011-04-05 13:20:10 +00:00			`# First remove DispVM template (even if not exists...)`
spec: fix package removing 2012-01-06 12:25:14 +00:00			`qvm-remove --force-root -q %{template_name}-dvm`
Fail template package remove if there are VMs based on it (#154) And remove DispVM based on it. 2011-04-05 13:20:10 +00:00
spec: fix package removing 2012-01-06 12:25:14 +00:00			`if ! qvm-remove --force-root -q --just-db %{template_name}; then`
Fail template package remove if there are VMs based on it (#154) And remove DispVM based on it. 2011-04-05 13:20:10 +00:00			`exit 1`
			`fi`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00
cleanup on template uninstall Remove files created during template lifetime. 2013-12-13 03:18:25 +00:00			`rm -f %{dest_dir}/root-cow.img`
			`rm -f %{dest_dir}/root-cow.img.old`
			`rm -f %{dest_dir}/firewall.xml`
			`rm -f %{dest_dir}/%{template_name}.conf`
			`rm -f %{dest_dir}/updates.stat`

Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`# we need to have it here, because rpm -U <template>`
			`# apparently executes %preun of the old package after %post of the new packages...`
			`echo "--> Removing menu shortcuts..."`
			`export XDG_DATA_DIRS=/usr/share/`
			`xdg-desktop-menu uninstall --mode system %{dest_dir}/apps/.directory %{dest_dir}/apps/.desktop`

cleanup on template uninstall Remove files created during template lifetime. 2013-12-13 03:18:25 +00:00			`rm -rf %{dest_dir}/apps %{dest_dir}/apps.templates`
rpm: remove icons on package uninstallation 2015-11-26 02:35:34 +00:00			`rm -rf %{dest_dir}/apps.icons %{dest_dir}/apps.tempicons`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`fi`

			`%clean`
			`rm -rf $RPM_BUILD_ROOT`

			`%files`
			`%defattr(660,root,qubes,770)`
rpm: set sgid for template directory Make sure that contents belong to qubes group. 2013-05-19 23:36:45 +00:00			`%attr(2770,root,qubes) %dir %{dest_dir}`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`%ghost %{dest_dir}/root.img`
			`%{dest_dir}/root.img.part.*`
Create template with plain root.img without partitions (#118) Additionaly provide clean-volatile.img 2011-03-19 02:30:23 +00:00			`%{dest_dir}/clean-volatile.img.tar`
Leave tar-ed volatile.img (#118) 2011-03-19 21:12:52 +00:00			`%ghost %{dest_dir}/volatile.img`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`%ghost %{dest_dir}/private.img`
			`%attr (775,root,qubes) %dir %{dest_dir}/apps`
			`%attr (775,root,qubes) %dir %{dest_dir}/apps.templates`
Include (empty) apps.tempicons directory (#896) In the future we could create it (and populate) in firstboot, but for now provide at least empty directory. 2014-09-09 20:04:45 +00:00			`%attr (775,root,qubes) %dir %{dest_dir}/apps.tempicons`
Include templates for all appmenus in package (#266) Convert it to actual appmenus at rpm installation stage - respecting provided whitelist. 2011-07-10 21:42:54 +00:00			`%attr (664,root,qubes) %{dest_dir}/whitelisted-appmenus.list`
			`%attr (664,root,qubes) %{dest_dir}/vm-whitelisted-appmenus.list`
appmenus: include whitelist for NetVM (#538) 2012-05-01 00:09:35 +00:00			`%attr (664,root,qubes) %{dest_dir}/netvm-whitelisted-appmenus.list`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 22:25:37 +00:00			`%{dest_dir}/icon.png`