From 3cd77e4f70a6e8a92daf13b4851c46d7659d2a34 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Mon, 9 Nov 2015 22:28:15 +0100
Subject: [PATCH] debian: introduce qubes-kernel-vm-support package

This package is responsible for kernel modules and initramfs additions
needed in Qubes VM. When installed, it is possible to switch the VM to
use PV Grub and load the kernel from inside of VM. This greatly ease
installing custom kernel modules.

Changes:
 - make qubes_cow_setup.sh working with both dracut and initramfs-tools
 - add initramfs-tools configuration/scripts (including
         qubes_cow_setup.sh)
 - modify DESTDIR to handle multiple binary packages out of single
   source

QubesOS/qubes-issues#1354
---
 Makefile                                     |  8 ++-
 debian/control                               | 14 ++++-
 debian/qubes-kernel-vm-support.dkms          |  1 +
 debian/qubes-kernel-vm-support.install       |  3 +
 debian/qubes-utils.install                   |  6 ++
 debian/rules                                 |  5 +-
 dracut/full-dmroot/qubes_cow_setup.sh        | 60 ++++++++++++++++----
 initramfs-tools/Makefile                     |  6 ++
 initramfs-tools/local-top/qubes_cow_setup.sh |  1 +
 initramfs-tools/qubes_vm                     | 21 +++++++
 rpm_spec/qubes-kernel-vm-support.spec        |  2 +-
 11 files changed, 110 insertions(+), 17 deletions(-)
 create mode 100644 debian/qubes-kernel-vm-support.dkms
 create mode 100644 debian/qubes-kernel-vm-support.install
 create mode 100644 debian/qubes-utils.install
 create mode 100644 initramfs-tools/Makefile
 create mode 120000 initramfs-tools/local-top/qubes_cow_setup.sh
 create mode 100755 initramfs-tools/qubes_vm

diff --git a/Makefile b/Makefile
index e889d9a..2d13892 100644
--- a/Makefile
+++ b/Makefile
@@ -25,10 +25,16 @@ install:
 	$(MAKE) -C qmemman install
 	$(MAKE) -C core install
 
-install-kernel-support:
+install-fedora-kernel-support:
 	$(MAKE) -C dracut install
 	$(MAKE) -C kernel-modules install
 
+install-debian-kernel-support:
+	$(MAKE) -C initramfs-tools install
+	$(MAKE) -C kernel-modules install
+	# expand module version
+	echo debian/tmp/usr/src/u2mfn-*/dkms.conf > debian/qubes-kernel-vm-support.dkms
+
 clean:
 	$(MAKE) -C qrexec-lib clean
 	$(MAKE) -C qmemman clean
diff --git a/debian/control b/debian/control
index c884bc6..0efa6ae 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: qubes-utils
 Section: admin
 Priority: extra
 Maintainer: Davíð Steinn Geirsson <david@dsg.is>
-Build-Depends: libvchan-xen-dev, libxen-dev, debhelper (>= 8.0.0), quilt (>= 0.60), dh-systemd
+Build-Depends: libvchan-xen-dev, libxen-dev, debhelper (>= 8.0.0), quilt (>= 0.60), dh-systemd, dkms
 Standards-Version: 3.9.3
 Homepage: http://www.qubes-os.org
 Vcs-Git: http://dsg.is/qubes/qubes-linux-utils.git
@@ -15,3 +15,15 @@ Conflicts: qubes-linux-utils
 Recommends: python2.7
 Description: Qubes Linux utilities
  This package includes the basic qubes utilities necessary for domU.
+
+Package: qubes-kernel-vm-support
+Architecture: any
+Depends: dkms, initramfs-tools, ${shlibs:Depends}, ${misc:Depends}
+Description: Qubes VM kernel and initramfs modules
+ This package contains:
+ 1. mkinitramfs module required to setup Qubes VM root filesystem. This package is
+ needed in VM only when the VM uses its own kernel (via pvgrub or so). Otherwise
+ initrd is provided by dom0.
+ .
+ 2. u2mfn kernel module sources (dkms) required by GUI agent and R2 version of
+ libvchan library.
diff --git a/debian/qubes-kernel-vm-support.dkms b/debian/qubes-kernel-vm-support.dkms
new file mode 100644
index 0000000..6880d97
--- /dev/null
+++ b/debian/qubes-kernel-vm-support.dkms
@@ -0,0 +1 @@
+debian/tmp/usr/src/u2mfn-3.1.2/dkms.conf
diff --git a/debian/qubes-kernel-vm-support.install b/debian/qubes-kernel-vm-support.install
new file mode 100644
index 0000000..7e7d402
--- /dev/null
+++ b/debian/qubes-kernel-vm-support.install
@@ -0,0 +1,3 @@
+usr/share/initramfs-tools/scripts/local-top/qubes_cow_setup
+usr/share/initramfs-tools/hooks/qubes_vm
+usr/src/u2mfn-*/*
diff --git a/debian/qubes-utils.install b/debian/qubes-utils.install
new file mode 100644
index 0000000..1a8771d
--- /dev/null
+++ b/debian/qubes-utils.install
@@ -0,0 +1,6 @@
+usr/sbin/meminfo-writer
+lib/systemd/system/qubes-meminfo-writer.service
+usr/libexec/qubes/*
+usr/include/*
+usr/lib/*
+etc/*
diff --git a/debian/rules b/debian/rules
index 614db37..2cec30c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,16 +1,17 @@
 #!/usr/bin/make -f
 # -*- makefile -*-
 
-export DESTDIR=$(shell pwd)/debian/qubes-utils
+export DESTDIR=$(shell pwd)/debian/tmp
 
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
 %:
-	dh $@ --with=systemd
+	dh $@ --with=systemd,dkms
 
 override_dh_auto_build:
 	make all LIBDIR=/usr/lib DEBIANBUILD=1
 
 override_dh_auto_install:
 	make install LIBDIR=/usr/lib DEBIANBUILD=1 
+	make install-debian-kernel-support LIBDIR=/usr/lib DEBIANBUILD=1 
diff --git a/dracut/full-dmroot/qubes_cow_setup.sh b/dracut/full-dmroot/qubes_cow_setup.sh
index 2699b95..5a3f1eb 100644
--- a/dracut/full-dmroot/qubes_cow_setup.sh
+++ b/dracut/full-dmroot/qubes_cow_setup.sh
@@ -1,21 +1,58 @@
 #!/bin/sh
 #
-# This file should be places in pre-mount directory in dracut's initramfs
+# This file should be placed in pre-mount directory in dracut's initramfs, or
+# scripts/local-top in case of initramfs-tools
 #
 
-echo "Qubes initramfs script here:"
+# initramfs-tools (Debian) API
+PREREQS=""
+case "$1" in
+    prereqs)
+        # This runs during initramfs creation
+        echo "$PREREQS"
+        exit 0
+        ;;
+esac
+
+# This runs inside real initramfs
+if [ -r /scripts/functions ]; then
+    # We're running in Debian's initramfs
+    . /scripts/functions
+    alias die=panic
+    alias info=true
+    alias warn=log_warning_msg
+    alias log_begin=log_begin_msg
+    alias log_end=log_end_msg
+elif [ -r /lib/dracut-lib.sh ]; then
+    . /lib/dracut-lib.sh
+    alias log_begin=info
+    alias log_end=true
+else
+    die() {
+        echo "$@"
+        exit 1
+    }
+    alias info=echo
+    alias warn=echo
+    alias log_begin=echo
+    alias log_end=true
+fi
+
+
+info "Qubes initramfs script here:"
 
 if [ -e /dev/mapper/dmroot ] ; then 
     die "Qubes: FATAL error: /dev/mapper/dmroot already exists?!"
 fi
 
-modprobe xenblk || modprobe xen-blkfront || echo "Qubes: Cannot load Xen Block Frontend..."
+modprobe xenblk || modprobe xen-blkfront || warn "Qubes: Cannot load Xen Block Frontend..."
 
-echo "Waiting for /dev/xvda* devices..."
+log_begin "Waiting for /dev/xvda* devices..."
 while ! [ -e /dev/xvda ]; do sleep 0.1; done
+log_end
 
 if [ `cat /sys/block/xvda/ro` = 1 ] ; then
-    echo "Qubes: Doing COW setup for AppVM..."
+    log_begin "Qubes: Doing COW setup for AppVM..."
 
     while ! [ -e /dev/xvdc ]; do sleep 0.1; done
     VOLATILE_SIZE=$(sfdisk -s /dev/xvdc)
@@ -29,20 +66,19 @@ if [ `cat /sys/block/xvda/ro` = 1 ] ; then
 ,$ROOT_SIZE,L
 EOF
     if [ $? -ne 0 ]; then
-        echo "Qubes: failed to setup partitions on volatile device"
-        exit 1
+        die "Qubes: failed to setup partitions on volatile device"
     fi
     while ! [ -e /dev/xvdc1 ]; do sleep 0.1; done
     mkswap /dev/xvdc1
     while ! [ -e /dev/xvdc2 ]; do sleep 0.1; done
 
     echo "0 `cat /sys/block/xvda/size` snapshot /dev/xvda /dev/xvdc2 N 16" | \
-        dmsetup --noudevsync create dmroot || { echo "Qubes: FATAL: cannot create dmroot!"; }
-    echo Qubes: done.
+        dmsetup --noudevsync create dmroot || die "Qubes: FATAL: cannot create dmroot!"
+    log_end
 else
-    echo "Qubes: Doing R/W setup for TemplateVM..."
+    log_begin "Qubes: Doing R/W setup for TemplateVM..."
     echo "0 `cat /sys/block/xvda/size` linear /dev/xvda 0" | \
-        dmsetup --noudevsync create dmroot || { echo "Qubes: FATAL: cannot create dmroot!"; exit 1; }
-    echo Qubes: done.
+        dmsetup --noudevsync create dmroot || die "Qubes: FATAL: cannot create dmroot!"
+    log_end
 fi
 dmsetup mknodes dmroot
diff --git a/initramfs-tools/Makefile b/initramfs-tools/Makefile
new file mode 100644
index 0000000..b9592a3
--- /dev/null
+++ b/initramfs-tools/Makefile
@@ -0,0 +1,6 @@
+install:
+	install -D local-top/qubes_cow_setup.sh \
+		$(DESTDIR)/usr/share/initramfs-tools/scripts/local-top/qubes_cow_setup
+	install -D qubes_vm \
+		$(DESTDIR)/usr/share/initramfs-tools/hooks/qubes_vm
+	
diff --git a/initramfs-tools/local-top/qubes_cow_setup.sh b/initramfs-tools/local-top/qubes_cow_setup.sh
new file mode 120000
index 0000000..ca1d580
--- /dev/null
+++ b/initramfs-tools/local-top/qubes_cow_setup.sh
@@ -0,0 +1 @@
+../../dracut/full-dmroot/qubes_cow_setup.sh
\ No newline at end of file
diff --git a/initramfs-tools/qubes_vm b/initramfs-tools/qubes_vm
new file mode 100755
index 0000000..e12baf6
--- /dev/null
+++ b/initramfs-tools/qubes_vm
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+if grep -q control_d /proc/xen/capabilities; then
+    echo "Not intended for dom0"
+    exit 0
+fi
+
+PREREQS="dmsetup"
+case "$1" in
+prereqs)
+    echo "$PREREQS"
+    exit 0
+    ;;
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+copy_exec /sbin/sfdisk
+copy_exec /sbin/mkswap
+force_load xen-blkfront
+force_load dm-snapshot
diff --git a/rpm_spec/qubes-kernel-vm-support.spec b/rpm_spec/qubes-kernel-vm-support.spec
index 925bbe9..2efdaa8 100644
--- a/rpm_spec/qubes-kernel-vm-support.spec
+++ b/rpm_spec/qubes-kernel-vm-support.spec
@@ -57,7 +57,7 @@ ln -sf . %{name}-%{version}
 %build
 
 %install
-make install-kernel-support DESTDIR=%{buildroot}
+make install-fedora-kernel-support DESTDIR=%{buildroot}
 
 %files
 /usr/lib/dracut/modules.d/90qubes-vm