Do not expose host envionment there. This, among other things, fixes some
packages that create/modify /home/user ($HOME) in post-installation
script...
Actions required after template installation differs between Qubes
releases. Lets keep template builder universal and just call appropriate
command provided by version-specific component (probably
qubes-core-dom0 package), if present. Otherwise use old script (for
Qubes before 4.0).
Add --really parameter to prevent misuse. This tool may override
template data without further confirmation.
QubesOS/qubes-issues#2412
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWe8BwAAoJEBu5sftaTG2tewIP/jT8RemihLiFmDmJpqkuIU6Q
OuGaX8nODr+ay+LD0QCb/PCpVty+hUO3SMladaNpwEpWwAlcC1rt1MGdLJQAD2Aq
tsZ3EeBmm3UnxWHQ8/qe6GzzyqFcIHwwrutvjDputBKd6Qjq5Bc96AvRBfgSJe52
twP/xvdMj9Wjnd3R0+ndrve08TEo5fZI578eCcNHHTD9GT50CRBEcMGeB20rbJ2V
l2viWPO2VXAGkrzkhOTi/L2YiyioG79kK64ZNnpemL7t+E5VQJ81l7W9GC17RVIu
gLElf1nINI6LKbmtfL5xnrN2DwDH+pZVjYj4Isnxh6KyI8EoLDsyZwBax7BNNu/v
AOUFI8b0uf41DzO0EVcY5jQHC9vzsJ7l7yCUlQdL8skJFaZZVZS1XEGlL+Yft8UT
L9l0rdDn0i2Hohu7Nxo4cm3MQqJFn14gzHneWeSb8R6s7vpMmfAn1D9QN5AYdXoB
Wti3zu+UZoeTU0L9ihFj62g/qkA6/FlK+oUULlcJKvEAxOenaMsj06QZhPw1pIUR
l5/nXKYnf//AO2Cy0QciLPJVXrEI7LHI7jzEpJqhqk0O11QW6z/rcHs2MQYShDWN
BZcT1xbZlLViJVI0pW1yOhhG6mKc3rM6SfPXJxWuoqoLFmV4m/ZcsLU4iXcjH3ZR
ra6FVQAi38tS539HR/Z5
=A88k
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJWfYWyAAoJEAY5OLpCz6ckDCAP+wZVPCTCwxCTqMg1KK8rggdH
gS0sD37zbDwV0LhWRCPhnSKV/OON+1mgy6d2EDsaQqKLQ9TqskJ7gQS3g1s3QNzL
zPl96sJOxeQ0dc758lBPT6vzLdcZvVBM5A6AcKDZfD2p3Wv/imczL7goD/+UvL2x
AlzehTDBHWxh05Nd+9iu+lljKf8JCxwbsxJItDCRrYy/OEY/y7THjPU16Y7fqUbE
MQNVTKDbWNvfCpsBpjaje3R65KuM9axT+UzUHWE8bEnsy/ndWJ6uuj58YKbP8v8s
qyL39QEhXbnTU6+NRfKs4tvKBfwfqeEXNz17HkJGoGtMcleojyythp7QBf4cRUqt
9kSD4dAptrGHEWI3nKREQI9wxcEtReoZD4X8zEKNlGgXNOlLjkGKZEqgbkQ4I6+x
tGLEh+RjR3TP/rA8f78jgqtv6VL2lGUjhaYubCdpgPGOBfFmDoenMLxGZGYC591U
qWOv9OvffgOBZElOm09zRyGmzuqpvhrxLnDyihKGkmFCZkpz1xtLfv72mjQ/zg5c
vonYzvjnsR/ZdyCnNQV0lTDFrC400I9bgDfR6aDfF+JzQ4pt3+wPVRqhPH+emjJa
iOtHTI44Ddj9kQnkn+n9PVz0ivqLWukb1PyssaTbjqAdQ9DtLX0iQKaBoPAn0mjG
Ffp7NmFaj1FJlZcn2wZg
=VdWX
-----END PGP SIGNATURE-----
Merge tag 'jm_09af4b94'
Tag for commit 09af4b9433
# gpg: Signature made Thu 24 Dec 2015 10:52:48 AM CET using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007 8F27 1BB9 B1FB 5A4C 6DAD
* tag 'jm_09af4b94':
functions.sh: Allow generic TEMPLATE_FLAVOR_DIR that matches all flavors, or even no flavors
functions.sh: unset "build_step_files" var to prevent loading same files if no files found on another run
function.sh: Allow multiple template directories to be searched
Use an asterisk in place of a '+flavor' to indicate a template directory to be applied
to all flavors, or no flavor at all.
*:/home/user/qubes/qubes-src/some-repo/template-directory
Return all and run matches instead of only one which allows flavors
like salt to have multiple optional modules like mgmt-salt-dev to
run installation scripts in template subdirectories.
- allow to pass environment variable '$YUM_OPTS' (to allow adding for example '--assumeyes')
- only try to uninstall existing template package if already installed to avoid failing and unnecessary output and prompts
- output
- refactoring
- By default, add only newest versions to the list of files to be installed.
- Add older versions commented out by default.
- Do not try to install out commented versions.
- Renamed variable file to file_name ['file' is a unix standard utility].
- Enabled errexit.
- Refactoring, keep write variables part simpler by just writing, not determining variables contents.
- use more quotes
Fixes https://github.com/QubesOS/qubes-issues/issues/1109.
* origin/pr/8:
fixed 'verbosity disabling bug' https://github.com/QubesOS/qubes-issues/issues/1100 Deprecated functions setVerboseMode, getXtrace, setXtrace and variable XTRACE, because those were broken and their only use case was function umount_kill. Re-implemented disabling xtrace in function umount_kill, if variable VERBOSE is lower than or equal 2.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVwDzeAAoJEBu5sftaTG2tL2oQAJd/9roUz5IMyr7maGNgVwUC
sNrExi5SNr5J2aYjuVmXCj6pYQiFnDeFHkcdtO4x8DPjEil7m63wVFX7AG+W/2yv
KtI0+lBW+uy0cUudbrYCdVGCfMg5/1W9Vh6ZiDCh5Rw+bNeD7QyPpwgRvPMrj65d
2o+1XB+XLIGfMS0F+IO/kviI9cqFxgOpcdEQML9PD68mr5UBnDg7TGAQQPrmW9Cr
aJmX6Sw4IGdVJpNpmB8XFm/xoEu+2nCnu+Kfm8KXdEfmhpZWt3U4FAKn0ooZrOMW
J88i0UPYk8wy3nxq26inAfw48NCSe2+ROhkUKaZXdr396IK8/OypeimFomRk63Ef
3R29JyBZ4SMNYq6f8IoW3FmzyA9kuTR+9C85bV2TKk5NYoxZEJgJIy0+frjwAgu5
Im/79gRveYtEIgIcI1RxqLuRtDD2XTqBafds6dHihkeDSZZLYWXiXehoTABqnQso
Ppm+p2AVoqlVnd8UbJi2zpv72xJSZ+dNv9j1s54aYWbOF6U7w0qF6+XJZTu1dV7W
rewxl3hL5B1knKVIJw/mQuWYr/2quVtghmmE77emdSB3N25Dh/99RdIyp8GG4SRp
EE+e6KyXWmMWx0AwaBIT0KxUHJ0R/2+KatXtxdNkkpNnhHDZM7+U493+qykBYiVH
Xu/I+dBd+i6s20FAvtWt
=eY3W
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJVwUfgAAoJEAY5OLpCz6ck3wMP/04y4jgAQ4LycKRHwytXEPYV
Q+cusyYHjQP0toCqZyKS1DewdHQecyOziEv/eFjDylZLCknfrZasgCpc9CuzZbHB
GOtFFVC+yg4jvcbHa1ArQ8VQ90qvoNfFYImdqHGfCM30mTC7Z9IRbmGOu0X7XpZH
rE4V2d9jSe3JXW6//QrxCmkvthnLdGwG6jLgd7bInrqcUp/wbJEFij8IUXklV/iK
anr5IyOsVqEeAd5wDNLTtY4EJY2ihubAneuF8uv0eeC1tWRWS+GHZKikg+tXUOqb
I5SWfFkGDJj+KC96GJpRzFBwYfCeqb4TCjspxvUhxYj0C8gQ2wMEMOL7K6SCCNBV
DVCaifY38XVYwpwt5/2D9XyKGKA+iFa99o+fgXfpCmNJu5rPSOAVItPNDiDaeTB2
31G1Wf9ndOHC4QPb71CEOq4iSP/c1FYRjFFuKLWvsX1XlcVoIbsXdaRKJDDdkjxb
ru58uCvYo+wNKZX9VzR6g6bVzObnGdl2j6ea8v/fSjaSAvry+1Ob1ZC9+Qt+DyZJ
Rcj6VvAA/645qJxjQ3nC/siADboN+hQbDzSL12hVjHbfXDHrFsBQQZH0Em26sqcw
RR85sMwmvPP2nccD3AhLbq800J0zMUhWqh1vcuz1+aOD//vn64KjONSeczuyQObG
tbkGIp1hU6FiYWWmL2K3
=cRXq
-----END PGP SIGNATURE-----
Merge tag 'jm_3640af68'
Tag for commit 3640af684f
# gpg: Signature made Tue 04 Aug 2015 06:17:34 AM CEST using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007 8F27 1BB9 B1FB 5A4C 6DAD
* tag 'jm_3640af68':
functions.sh: fix GLOBAL_CACHE error whay array does not yet exist
https://github.com/QubesOS/qubes-issues/issues/1100
Deprecated functions setVerboseMode, getXtrace, setXtrace and variable XTRACE, because those were broken and their only use case was function umount_kill. Re-implemented disabling xtrace in function umount_kill, if variable VERBOSE is lower than or equal 2.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVb8kNAAoJEBu5sftaTG2t5QkQAKD38PRdttiJm+UbrOHx5vj/
mD9f0aeozjhP9r9bk3zAbKkBP+yaJK2k+0OzfgYuPX+ZAun4Ug3gDSs4mLrhUN1x
sSxJlrDRRi0Vfso42tZOSQbma4/GZlrp5vJp1wYLituMvp+1FdCScxmSHK4wVQc/
T1lWOR6WSBxBAowSc3A+Xiy8IL1ZoS56rtf1Fr2OcOlDkwJVBWYVwnvFUymJrWtq
wdln0dgIezHco9CiSxjwa4TThd+F4WSh8XgVhUqWmdJVGP3AGee0iZuY6UZMm/+L
9/X9vTXWTW6Jg/Y4ilMPzwHOT6aFVZOrRWNXD+TPgc8f0sXxp15aoZ5b3JhKj236
UCiIOWsMbM6LQ3z+bpFyTcx0HtXLRuVTGE5qtqVZBu1wRa5/3hiV+Rn0uCWoz5qR
3mS84bQDXjvi5SfHbF5PXg4lEkig7t3wCtGM3ooFLUcaQJZx/ybKM+oXEOMo5wtw
5HsbjPdlN39tnZEk3HewydeZqbWv9m3HPBqL0GiyWohlWz+zIotdiDznNYTXEMyO
hHxPlZBAY7cPGABasY2+kM9UU4Zu3z8SqoVQlaMTqr54KkR3p/OWgBaoqtfddN2F
pYl9KsDywjssiLWa0jkWBRalFmC0YvnQL5QMJkk2BrnDcrW0G+6ouVVCuJRCTdpU
kPd5Kx6xRu/upXR/rdQA
=epMF
-----END PGP SIGNATURE-----
Merge tag 'jm_cbecd6e4'
Tag for commit cbecd6e481
# gpg: Signature made Thu 04 Jun 2015 05:42:05 AM CEST using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007 8F27 1BB9 B1FB 5A4C 6DAD
* tag 'jm_cbecd6e4':
Fix renaming templates that have a flavor and options such as gnome
jessie+whonix-workstation+gnome+standard was not converting name using
TEMPLATE_LABEL since the options we getting mangled (+gnomestandard)
where thye should have returned (+gnome+standard)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVPuCwAAoJEBu5sftaTG2tUd8P/jLC8sbQJS7qe56NB/ERLOL4
w4ZRg51lukFT+y0TKABt4agsAwN9ee3kz5AGv2Yl9EDPoEAIRt/XLA6WmQUKrubU
+SwFhu0guhAFY8zcZY6MZoDnUUEpnMfwjb/5ExkQg5to1WKWhB7nbAPN4m/i0onN
nzSKQgWGgyXed0v6QvvZXJDhAfjTY0q0XOxAQEYzNAGm3AZmkruccIOQJ3HRAJ5k
W9GG0Wg2q4UOhbbp3JNqvUIjAi8SqX6kQspkMUK2JeTUf2LN+EeDj6ggkSm9nBRI
qGvDCTc6tHY9nuOQ/URElLXEFULDo+OQ6B57AtH69HAW2hCd9ZE00hmYejnPYsH5
iu9R6SE6YEHTeOokK5shmZtuo68lu3LJJRYueGarzkPws4rwwW4CwVhRQEJugb9x
10RR6FAlyBTwjOMdfq6G/YtAWZX+vH+Kx9zF+N2egP1896FGR25FfsRAi9GJ186Q
SWvY4eUTkLB4XaxmnJneGFRLquR+XnoOR/XjF/Xae/CH0M2efNiIB8PpjlehU4v/
zeNwQiyBjrHBjxD89O0VkdkbnntAiPKYXcKEzwD1A+OSTcR6XLPXLlFr0qoy7akg
T1VOs5RfO6SEgqk4oVIc4/wDmMzsskDopRHjWpZyR9jddGI3HZq0KrjFJ0FHrecl
8p0U1Iq3GytHGAvaDCNj
=BGpk
-----END PGP SIGNATURE-----
Merge tag 'jm_fe6b1be0'
Tag for commit fe6b1be0db
# gpg: Signature made Tue 28 Apr 2015 03:21:52 AM CEST using RSA key ID 5A4C6DAD
# gpg: Can't check signature: public key not found
* tag 'jm_fe6b1be0':
Allow appmenus to be located using APPMENUS_DIR ENV variable
SYSTEMD_NSPAWN_ENABLE was missing from chroot if VERBOSE was < 2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVLA+iAAoJEBu5sftaTG2thdgP/0PGSacDpMpQa1h84C9VCGqK
+B1ofJajKk5QEbEkdkU3YDqT/k9FEgRh650a6T1Nt+N3bGB30wGnpaZoGxeR0dfr
3Th4aC9aRaf9klOjxUA3E+qYFVdkhEEX1/gvhlFnop2MiPtXr8K5pEbSwYEl1Rza
Jks64ORdfEIJPfW5GbCH+5q+Vc9LsxzV1+f6KEx0Z2aWvlhALrs4zt5rRz1GWTfe
+lq8p1ZfUb//LJOIvUaMkhCJIy5mfJbfJH+v9BNR2yC+j6sFfhvN/x4jbTCF8b3q
Kmwtc1REQTFlTreZ7+ro27sxrDca4ydNtAGSQkVIKBajcpqdwHaTrwnn+Dcb/qtL
eosN2l1y+HRUdt6Bwak4ep5oUyNSR5elkGAunuSPdURORACIHPuE+cJdwGRH6pEK
pyGHEyGleIsrTCBSVbPEpAsbEVwHWnpGhDKsYOxCjDL87dmnAaXzw+c56Nucp7xI
hndtrj6GprFkcq0wJ3LTl061lUKx53s0k4RCNWKKY/cyuwNqkl3Rh1al224ahooP
UHKlppGYgIJHe9nilpm12+XG2EpfmofLBQD9nLZ3jMti08OLvt4YApCEGVn5f4aF
O86nD+HWBWqSZBErnNLZSEDnm0IKzXITLtFCUkf2LXKs18oINNEz/T6sViEEUL+b
1pqj8zq79YfouB+nJgu2
=ZW2k
-----END PGP SIGNATURE-----
Merge tag 'jm_2fa8a641'
Tag for commit 2fa8a641a0
# gpg: Signature made Mon Apr 13 20:49:06 2015 CEST using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007 8F27 1BB9 B1FB 5A4C 6DAD
* tag 'jm_2fa8a641':
Added comment about GLOBAL_CACHE and how it is later renamed
Reworked the way template flavor files are found to allow flavors
- This better allows flavors to be within their own packages such as Whonix
The previous method of discovering flavor configurations was kind of broke
when using a flavor within a different package and including additional
options such as +standard.
The user have no way to set anything before starting the template for
the first time. Especially firewall settings, netvm etc. So to not
expose the template to the outside world, disable networking there.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVBdfmAAoJEBu5sftaTG2tEu4QAJEn6s9JtTB2GS0ZOT4leLuJ
JHfYeqb7fV0H+kIgw2K6bpnwJJSAldcH/yPQosmZAC3Uc8ttYCvEZXbwaa8tJ70v
STau0iZ2HGSJg9leaflsAdfOvQVLJ2CPA1n1RUxXfvt0e81svTgEh3E3kTLL3oHV
g0vSdsNj3ZrQEBP/a+wD8I02u1oqwiuNPVo50lFJ/fTdT8emhlXMWEIDDvdwtRq9
R0NIeTXuoVsIls3tqay6tQm6X/ziqqT2MVYx2wRcO1PuM+lWNSA04OElZ9TvszE1
QXAAJEtNg3Veu3OSHL8a1FQJppb9CGJ9Nt+cZTodvTp+aJbZ4X3aaz7s7oSpaDs9
/hYZbB2rVl/As3T5XWyh0WEl+00eZYKhsiBk+WQSSzXeutFqFxY1TsrmISqJZ7AL
2lahSU5pHfmYOaPdnXoK1CnMoWBs6uVX5+sNrgH2ZEE85C1ppWgPfpQe6WcH7Qzs
QPLqwSAEilXv3S3LJBk+pWxco+kd4JLBeLqiEdZbbSO5r532owqVaJUiNqn7WocX
zW1ZTycvAR05AHjyult3VEJ+ZijYSoeSwtmMiV3NrqC1XNe4Vxz1axXgk/VjQHYq
qARytTfj4kQw4xp8REyuUhIZ+6ON2HAYxSWx0kE+hEINRxBw3nLMDn1D0u+aNFWg
S3xrj5JeNt9PfVQK2VGE
=wgtX
-----END PGP SIGNATURE-----
Merge tag 'jm_79de4f19'
Tag for commit 79de4f1997
# gpg: Signature made Sun Mar 15 20:05:10 2015 CET using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007 8F27 1BB9 B1FB 5A4C 6DAD
* tag 'jm_79de4f19':
Updated tests to include tests for new features added to functions*.sh
Fixed templateName function where it was throwing an error that template name was too long, even though it should have been reported as okay
Added the ability for template files to be found side by side the original file which allows template flavor suffix to be added to package lists as well as most any other file type now.