forked from QubesOS/qubes-linux-template-builder
-
Notifications
You must be signed in to change notification settings - Fork 0
/
templates.spec
195 lines (162 loc) · 6.59 KB
/
templates.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
#
# This SPEC is for bulding RPM packages that contain complete Qubes Template files
# This includes the VM's root image, patched with all qubes rpms, etc
#
%{!?template_name: %global template_name %{getenv:TEMPLATE_NAME}}
%{!?version: %global version %(cat version)}
%{!?rel: %global rel %(cat build_timestamp_%{template_name} || echo unavailable)}
Name: qubes-template-%{template_name}
Version: %{version}
Release: %{rel}
Summary: Qubes template for %{template_name}
License: GPL
URL: http://www.qubes-os.org
Source: .
Requires: xdg-utils
Requires(post): tar
BuildArch: noarch
Provides: qubes-template
Obsoletes: %{name} > %{version}-%{release}
%define _builddir %(pwd)
%define _rpmdir %(pwd)/rpm
%define dest_dir /var/lib/qubes/vm-templates/%{template_name}
%define _binaries_in_noarch_packages_terminate_build 0
%description
Qubes template for %{template_name}
%build
cd qubeized_images/%{template_name}
rm -f root.img.part.*
tar --sparse --dereference -cf - root.img | split -d -b 1G - root.img.part.
if [ "0$DISCARD_PREPARED_IMAGE" -eq 1 ]; then
rm -f root.img
fi
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/%{dest_dir}
for i in qubeized_images/%{template_name}/root.img.part.* ; do mv $i $RPM_BUILD_ROOT/%{dest_dir}/ ; done
touch $RPM_BUILD_ROOT/%{dest_dir}/root.img # we will create the real file in %post
touch $RPM_BUILD_ROOT/%{dest_dir}/private.img # we will create the real file in %post
touch $RPM_BUILD_ROOT/%{dest_dir}/volatile.img # we will create the real file in %post
touch $RPM_BUILD_ROOT/%{dest_dir}/clean-volatile.img.tar # we will create the real file in %post
mkdir -p $RPM_BUILD_ROOT/%{dest_dir}/apps.templates
mkdir -p $RPM_BUILD_ROOT/%{dest_dir}/apps.tempicons
mkdir -p $RPM_BUILD_ROOT/%{dest_dir}/apps
cp appmenus/whitelisted-appmenus.list appmenus/vm-whitelisted-appmenus.list $RPM_BUILD_ROOT/%{dest_dir}/
cp appmenus/netvm-whitelisted-appmenus.list $RPM_BUILD_ROOT/%{dest_dir}/
cp template.conf $RPM_BUILD_ROOT/%{dest_dir}/
%pre
export XDG_DATA_DIRS=/usr/share/
if [ "$1" -gt 1 ] ; then
# upgrading already installed template...
# avoid removing innocent files if *.desktop doesn't mach anything
# https://bugs.freedesktop.org/105635
if ls %{dest_dir}/apps/*.directory %{dest_dir}/apps/*.desktop >/dev/null 2>&1; then
echo "--> Removing previous menu shortcuts..."
xdg-desktop-menu uninstall --mode system \
%{dest_dir}/apps/*.directory %{dest_dir}/apps/*.desktop
fi
fi
%post
if command -v qvm-template-postprocess >/dev/null 2>&1; then
qvm-template-postprocess --really post-install %{template_name} %{dest_dir}
exit $?
fi
echo "--> Processing the root.img... (this might take a while)"
rm -f %{dest_dir}/root.img
cat %{dest_dir}/root.img.part.* | tar --sparse -xf - -C %{dest_dir}
rm -f %{dest_dir}/root.img.part.*
chown root.qubes %{dest_dir}/root.img
chmod 0660 %{dest_dir}/root.img
echo "--> Processing the volatile.img..."
/usr/lib/qubes/prepare-volatile-img.sh %{dest_dir}/volatile.img $[ `stat -c '%s' %{dest_dir}/root.img` / 1024 / 1024 ] || exit 1
chown root.qubes %{dest_dir}/volatile.img
chmod 0660 %{dest_dir}/volatile.img
tar --sparse -cf %{dest_dir}/clean-volatile.img.tar -C %{dest_dir} volatile.img
chown root.qubes %{dest_dir}/clean-volatile.img.tar
chmod 0660 %{dest_dir}/clean-volatile.img.tar
if [ "$1" = 1 ] ; then
# installing for the first time
echo "--> Creating private.img..."
truncate -s 2G %{dest_dir}/private.img
mkfs.ext4 -m 0 -q -F %{dest_dir}/private.img
chown root.qubes %{dest_dir}/private.img
chmod 0660 %{dest_dir}/private.img
fi
export XDG_DATA_DIRS=/usr/share/
echo "--> Instaling menu shortcuts..."
local_user=`getent group qubes | cut -d : -f 4 | cut -d , -f 1`
if [ -n "$local_user" ]; then
call_as_user() {
su -c "$*" - $local_user
}
else
# This will be the case during installation - user will be created in
# firstboot. There is also a code to fix file permissions, so not a big problem
call_as_user() {
$*
}
fi
if [ "$1" = 1 ] ; then
# installing for the first time
call_as_user qvm-add-template --rpm %{template_name}
fi
# If running inside of chroot (means - from anaconda), force offline mode
if [ "`stat -c %d:%i /`" != "`stat -c %d:%i /proc/1/root/.`" ]; then
qvm-template-commit --offline-mode %{template_name}
call_as_user /usr/libexec/qubes-appmenus/create-apps-for-appvm.sh \
%{dest_dir}/apps.templates %{template_name} vm-templates appvm-black
else
qvm-template-commit %{template_name}
qvm-prefs --force-root -s %{template_name} netvm none
qvm-start --no-guid %{template_name}
call_as_user qvm-sync-appmenus --force-root %{template_name}
qvm-shutdown --wait %{template_name}
qvm-prefs --force-root -s %{template_name} netvm default
# restore default firewall settings, which was reset by setting netvm=none
rm -f %{dest_dir}/firewall.xml
chgrp -R qubes %{dest_dir}
chmod g+rwX -R %{dest_dir}
fi
exit 0
%preun
if [ "$1" = 0 ] ; then
# no more packages left
if command -v qvm-template-postprocess >/dev/null 2>&1; then
qvm-template-postprocess --really pre-remove %{template_name} %{dest_dir}
exit $?
fi
# First remove DispVM template (even if not exists...)
qvm-remove --force-root -q %{template_name}-dvm
if ! qvm-remove --force-root -q --just-db %{template_name}; then
exit 1
fi
rm -f %{dest_dir}/root-cow.img
rm -f %{dest_dir}/root-cow.img.old
rm -f %{dest_dir}/firewall.xml
rm -f %{dest_dir}/%{template_name}.conf
rm -f %{dest_dir}/updates.stat
# we need to have it here, because rpm -U <template>
# apparently executes %preun of the old package *after* %post of the new packages...
echo "--> Removing menu shortcuts..."
export XDG_DATA_DIRS=/usr/share/
xdg-desktop-menu uninstall --mode system %{dest_dir}/apps/*.directory %{dest_dir}/apps/*.desktop
rm -rf %{dest_dir}/apps %{dest_dir}/apps.templates
rm -rf %{dest_dir}/apps.icons %{dest_dir}/apps.tempicons
fi
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(660,root,qubes,770)
%attr(2770,root,qubes) %dir %{dest_dir}
%ghost %{dest_dir}/root.img
%{dest_dir}/root.img.part.*
%{dest_dir}/clean-volatile.img.tar
%ghost %{dest_dir}/volatile.img
%ghost %{dest_dir}/private.img
%attr (775,root,qubes) %dir %{dest_dir}/apps
%attr (775,root,qubes) %dir %{dest_dir}/apps.templates
%attr (775,root,qubes) %dir %{dest_dir}/apps.tempicons
%attr (664,root,qubes) %{dest_dir}/whitelisted-appmenus.list
%attr (664,root,qubes) %{dest_dir}/vm-whitelisted-appmenus.list
%attr (664,root,qubes) %{dest_dir}/netvm-whitelisted-appmenus.list
%attr (664,root,qubes) %{dest_dir}/template.conf