Skip to content
Permalink
Browse files

less dependency on /var/run/qubes-service status files

  • Loading branch information...
adrelanos committed Nov 23, 2015
1 parent 201b50c commit 5696071c29eb854dc3161797d7fdcef9377116f5
@@ -28,48 +28,52 @@

set -x

# Don't run if started as a template
if [ -e "/var/run/qubes-service/whonix-gateway" ] || [ -e "/var/run/qubes-service/whonix-workstation" ]; then
# Array of directories to bind
BINDS=(
'/rw/srv/whonix/var/lib/tor:/var/lib/tor'
'/rw/srv/whonix/var/lib/whonix:/var/lib/whonix'
'/rw/srv/whonix/var/lib/whonixcheck:/var/lib/whonixcheck'
'/rw/srv/whonix/var/cache/whonix-setup-wizard:/var/cache/whonix-setup-wizard'
'/rw/srv/qubes-whonix/var/cache/qubes-whonix:/var/cache/qubes-whonix'
'/rw/srv/whonix/etc/tor:/etc/tor'
)
qubes_vm_type="$(qubesdb-read /qubes-vm-type)"

for bind in ${BINDS[@]}; do
rw_dir="${bind%%:*}"
ro_dir="${bind##*:}"
if [ "$qubes_vm_type" = "TemplateVM" ]; then
# Do none of the following in a TemplateVM.
exit 0
fi

# Array of directories to bind
BINDS=(
'/rw/srv/whonix/var/lib/tor:/var/lib/tor'
'/rw/srv/whonix/var/lib/whonix:/var/lib/whonix'
'/rw/srv/whonix/var/lib/whonixcheck:/var/lib/whonixcheck'
'/rw/srv/whonix/var/cache/whonix-setup-wizard:/var/cache/whonix-setup-wizard'
'/rw/srv/qubes-whonix/var/cache/qubes-whonix:/var/cache/qubes-whonix'
'/rw/srv/whonix/etc/tor:/etc/tor'
)

# Make sure ro directory is not mounted
umount "${ro_dir}" 2> /dev/null || true
for bind in ${BINDS[@]}; do
rw_dir="${bind%%:*}"
ro_dir="${bind##*:}"

if [ -n "${1}" ]; then
echo "Umounting ${1} only..."
continue
fi
# Make sure ro directory is not mounted
umount "${ro_dir}" 2> /dev/null || true

# Make sure ro directory exists
# XXX: problematic access rights?
if ! [ -d "${ro_dir}" ]; then
mkdir -p "${ro_dir}"
fi
if [ -n "${1}" ]; then
echo "Umounting ${1} only..."
continue
fi

# Initially copy over data directories to /rw if rw directory does not exist
# XXX: problematic access rights?
if ! [ -d "${rw_dir}" ]; then
mkdir -p "${rw_dir}"
rsync -hax "${ro_dir}/." "${rw_dir}"
fi
# Make sure ro directory exists
# XXX: problematic access rights?
if ! [ -d "${ro_dir}" ]; then
mkdir -p "${ro_dir}"
fi

# Bind the directory
sync
mount --bind "${rw_dir}" "${ro_dir}"
done
# Initially copy over data directories to /rw if rw directory does not exist
# XXX: problematic access rights?
if ! [ -d "${rw_dir}" ]; then
mkdir -p "${rw_dir}"
rsync -hax "${ro_dir}/." "${rw_dir}"
fi

# Bind the directory
sync
fi
mount --bind "${rw_dir}" "${ro_dir}"
done
sync

exit 0
@@ -27,8 +27,10 @@ source /usr/lib/qubes-whonix/utility_functions.sh
[ -n "$iptables_cmd" ] || iptables_cmd="iptables --wait"
[ -n "$ip6tables_cmd" ] || ip6tables_cmd="ip6tables --wait"

qubes_vm_type="$(qubesdb-read /qubes-vm-type)"

# Template
if [ -e /var/run/qubes-service/whonix-template ]; then
if [ "$qubes_vm_type" = "TemplateVM" ]; then

# Check if a secure Tor update server is available
if [ ! -e /var/run/qubes-service/whonix-secure-proxy ]; then
@@ -39,7 +41,7 @@ if [ -e /var/run/qubes-service/whonix-template ]; then
fi

# Gateway or Workstation
elif [ -e /var/run/qubes-service/whonix-gateway ] || [ -e /var/run/qubes-service/whonix-workstation ]; then
elif [ -e /usr/share/anon-gw-base-files/gateway ] || [ -e /usr/share/anon-ws-base-files/workstation ]; then

# Load the Whonix firewall
/usr/bin/whonix_firewall || touch /var/run/qubes-service/whonix-firewall-failed
@@ -26,7 +26,7 @@

source /usr/lib/qubes-whonix/utility_functions.sh

VM_TYPE=$(qubesdb-read /qubes-vm-type 2> /dev/null)
qubes_vm_type="$(qubesdb-read /qubes-vm-type)"

# This script should run after qubes-sysinit and should not need to create the
# qubes-service directory as it should have already been created. This is only
@@ -35,18 +35,18 @@ VM_TYPE=$(qubesdb-read /qubes-vm-type 2> /dev/null)
mkdir -p /var/run/qubes-service

# Template
if [ "${VM_TYPE}" = "TemplateVM" ]; then
if [ "$qubes_vm_type" = "TemplateVM" ]; then
touch /var/run/qubes-service/whonix-template

# Gateway
elif [ -e /usr/share/anon-gw-base-files/gateway ]; then
if [ "${VM_TYPE}" = "NetVM" ] || [ "${VM_TYPE}" = "ProxyVM" ]; then
if [ "$qubes_vm_type" = "NetVM" ] || [ "$qubes_vm_type" = "ProxyVM" ]; then
touch /var/run/qubes-service/whonix-gateway
fi

# Workstation
elif [ -e /usr/share/anon-ws-base-files/workstation ]; then
if [ "${VM_TYPE}" = "AppVM" ]; then
if [ "$qubes_vm_type" = "AppVM" ]; then
touch /var/run/qubes-service/whonix-workstation
fi
fi
@@ -23,9 +23,18 @@

source /usr/lib/qubes-whonix/utility_functions.sh

qubes_vm_type="$(qubesdb-read /qubes-vm-type)"

if [ "$qubes_vm_type" = "TemplateVM" ]; then
# Do none of the following in a TemplateVM.
exit 0
fi

INTERFACE="eth1"

if [ -e /var/run/qubes-service/whonix-gateway ]; then
if [ -e /usr/share/anon-gw-base-files/gateway ]; then

# XXX: Should check for qubes_vm_type being 'ProxyVM' or 'NetVM'?

# Setup Xen / Qubes proxy
network=$(qubesdb-read /qubes-netvm-network 2>/dev/null)
@@ -24,19 +24,21 @@

set -x

# Gateway or Workstation
if [ -e /var/run/qubes-service/whonix-gateway ] || [ -e /var/run/qubes-service/whonix-workstation ]; then
qubes_vm_type="$(qubesdb-read /qubes-vm-type)"

# Bind whonix directories to allow changes to persist
/usr/lib/qubes-whonix/bind-directories
if [ "$qubes_vm_type" = "TemplateVM" ]; then
# Do none of the following in a TemplateVM.
exit 0
fi

# Replace IP addresses in known configuration files / scripts with
# currently discovered IP address
/usr/lib/qubes-whonix/replace-ips
# Bind whonix directories to allow changes to persist
/usr/lib/qubes-whonix/bind-directories

fi
# Replace IP addresses in known configuration files / scripts with
# currently discovered IP address
/usr/lib/qubes-whonix/replace-ips

if [ -e /var/run/qubes-service/whonix-gateway ]; then
if [ -e /usr/share/anon-gw-base-files/gateway ]; then

# Enable/Disable Tor if qubes-service is enabled
if [ -e /var/run/qubes-service/whonix-tor-enable ]; then
@@ -24,7 +24,14 @@

source /usr/lib/qubes-whonix/utility_functions.sh

if [ -e /var/run/qubes-service/whonix-gateway ]; then
qubes_vm_type="$(qubesdb-read /qubes-vm-type)"

if [ "$qubes_vm_type" = "TemplateVM" ]; then
# Do none of the following in a TemplateVM.
exit 0
fi

if [ -e /usr/share/anon-gw-base-files/gateway ]; then
# Allow whonix-gateway to act as an update-proxy.
touch /var/run/qubes-service/qubes-updates-proxy

@@ -31,8 +31,18 @@ if [ -e /var/run/qubes-service/whonix-firewall-failed ]; then
/usr/lib/qubes-whonix/alert firewall-failed /usr/lib/qubes-whonix/messages.yaml
fi

qubes_vm_type="$(qubesdb-read /qubes-vm-type)"

# Template
if [ "$qubes_vm_type" = "TemplateVM" ]; then

# Display warning that TemplateVM is not connected to a Tor update proxy.
if [ ! -e '/var/run/qubes-service/whonix-secure-proxy' ]; then
/usr/lib/qubes-whonix/alert update /usr/lib/qubes-whonix/messages.yaml
fi

# Gateway
if [ -e /var/run/qubes-service/whonix-gateway ]; then
elif [ -e /usr/share/anon-gw-base-files/gateway ]; then

# If Tor is disabled, start whonix-setup-wizard in quick mode.
if grep "^#DisableNetwork 0$" /etc/tor/torrc; then
@@ -60,12 +70,4 @@ if [ -e /var/run/qubes-service/whonix-gateway ]; then
fi
fi

# Template
elif [ -e /var/run/qubes-service/whonix-template ]; then

# Display warning that TemplateVM is not connected to a Tor update proxy.
if [ ! -e '/var/run/qubes-service/whonix-secure-proxy' ]; then
/usr/lib/qubes-whonix/alert update /usr/lib/qubes-whonix/messages.yaml
fi

fi

0 comments on commit 5696071

Please sign in to comment.
You can’t perform that action at this time.