Page MenuHomePhabricator
Create Task
Maniphest T432

get rid of /var/run/qubes-service/whonix-... gateway, workstation, template status files
Open, NormalPublic
Actions

Description

That way we could get rid of [/lib/systemd/system/qubes-whonix-sysinit.service](https://github.com/Whonix/qubes-whonix/blob/master/lib/systemd/system/qubes-whonix-sysinit.service) use of ExecStartPre= [/usr/lib/qubes-whonix/init/enable-services](https://github.com/Whonix/qubes-whonix/blob/master/usr/lib/qubes-whonix/init/enable-services).

tb-updater/usr/bin/update-torbrowser:   if [ -e "/var/run/qubes-service/whonix-template" ]; then
tb-updater/usr/bin/update-torbrowser:      if [ -e "/var/run/qubes-service/whonix-template" ]; then
qubes-whonix/lib/systemd/system/qubes-update-check.service.d/40_qubes.conf:ConditionPathExists=!/var/run/qubes-service/whonix-template
qubes-whonix/lib/systemd/system/qubes-update-check.timer.d/40_qubes.conf:ConditionPathExists=!/var/run/qubes-service/whonix-template
qubes-whonix/lib/systemd/system/qubes-whonix-sysinit.service:## - /var/run/qubes-service/whonix-template
qubes-whonix/lib/systemd/system/qubes-whonix-firewall.service:## When running in a TemplateVM (if /var/run/qubes-service/whonix-template exists),
qubes-whonix/lib/systemd/system/control-port-filter-python.service.d/40_qubes.conf:ConditionPathExists=!/var/run/qubes-service/whonix-template
qubes-whonix/usr/lib/qubes-whonix/init/enable-firewall:if [ -e /var/run/qubes-service/whonix-template ]; then
qubes-whonix/usr/lib/qubes-whonix/init/enable-services:    touch /var/run/qubes-service/whonix-template
qubes-whonix/usr/lib/qubes-whonix/qubes-whonixsetup:elif [ -e /var/run/qubes-service/whonix-template ]; then
qubes-whonix/usr/lib/qubes-whonix/replace-ips:    if os.path.exists('/var/run/qubes-service/whonix-template'):
whonix-gw-firewall/usr/bin/whonix_firewall:if [ -e /var/run/qubes-service/whonix-template ]; then
qubes-whonix/lib/systemd/system/tor.service.d/40_qubes.conf:ConditionPathExists=/var/run/qubes-service/whonix-gateway
qubes-whonix/lib/systemd/system/qubes-whonix-postinit.service:## On Whonix-Gateway or Whonix-Workstation (if /var/run/qubes-service/whonix-gateway or
qubes-whonix/lib/systemd/system/qubes-whonix-postinit.service:## /var/run/qubes-service/whonix-gateway) exits, and if
qubes-whonix/lib/systemd/system/qubes-whonix-postinit.service:ConditionPathExists=|/var/run/qubes-service/whonix-gateway
qubes-whonix/lib/systemd/system/qubes-whonix-sysinit.service:## - /var/run/qubes-service/whonix-gateway
qubes-whonix/lib/systemd/system/qubes-whonix-sysinit.service:## /var/run/qubes-service/whonix-gateway) exits, add 'tor' to tinyproxy's
qubes-whonix/lib/systemd/system/qubes-whonix-firewall.service:## On Whonix-Gateway or Whonix-Workstation (if /var/run/qubes-service/whonix-gateway or
qubes-whonix/usr/lib/qubes-whonix/init/qubes-whonix-postinit:if [ -e /var/run/qubes-service/whonix-gateway ] || [ -e /var/run/qubes-service/whonix-workstation ]; then
qubes-whonix/usr/lib/qubes-whonix/init/qubes-whonix-postinit:if [ -e /var/run/qubes-service/whonix-gateway ]; then
qubes-whonix/usr/lib/qubes-whonix/init/enable-firewall:elif [ -e /var/run/qubes-service/whonix-gateway ] || [ -e /var/run/qubes-service/whonix-workstation ]; then
qubes-whonix/usr/lib/qubes-whonix/init/enable-services:        touch /var/run/qubes-service/whonix-gateway
qubes-whonix/usr/lib/qubes-whonix/init/qubes-whonix-sysinit:if [ -e /var/run/qubes-service/whonix-gateway ]; then
qubes-whonix/usr/lib/qubes-whonix/init/network-proxy-setup:if [ -e /var/run/qubes-service/whonix-gateway ]; then
qubes-whonix/usr/lib/qubes-whonix/bind-directories:if [ -e "/var/run/qubes-service/whonix-gateway" ] || [ -e "/var/run/qubes-service/whonix-workstation" ]; then
qubes-whonix/usr/lib/qubes-whonix/qubes-whonixsetup:if [ -e /var/run/qubes-service/whonix-gateway ]; then
qubes-whonix/usr/lib/qubes-whonix/replace-ips:    elif os.path.exists('/var/run/qubes-service/whonix-gateway'):
whonix-gw-firewall/usr/bin/whonix_firewall:if [ -e /var/run/qubes-service/whonix-gateway ]; then
whonix-gw-firewall/usr/bin/whonix_firewall:if [ -e /var/run/qubes-service/whonix-gateway ]; then
qubes-whonix/lib/systemd/system/qubes-whonix-postinit.service:## /var/run/qubes-service/whonix-workstation exists),
qubes-whonix/lib/systemd/system/qubes-whonix-postinit.service:ConditionPathExists=|/var/run/qubes-service/whonix-workstation
qubes-whonix/lib/systemd/system/qubes-whonix-sysinit.service:## - /var/run/qubes-service/whonix-workstation
qubes-whonix/lib/systemd/system/qubes-whonix-firewall.service:## /var/run/qubes-service/whonix-workstation exists), loads Whonix Firewall.
qubes-whonix/usr/lib/qubes-whonix/init/qubes-whonix-postinit:if [ -e /var/run/qubes-service/whonix-gateway ] || [ -e /var/run/qubes-service/whonix-workstation ]; then
qubes-whonix/usr/lib/qubes-whonix/init/enable-firewall:elif [ -e /var/run/qubes-service/whonix-gateway ] || [ -e /var/run/qubes-service/whonix-workstation ]; then
qubes-whonix/usr/lib/qubes-whonix/init/enable-services:        touch /var/run/qubes-service/whonix-workstation
qubes-whonix/usr/lib/qubes-whonix/bind-directories:if [ -e "/var/run/qubes-service/whonix-gateway" ] || [ -e "/var/run/qubes-service/whonix-workstation" ]; then
qubes-whonix/usr/lib/qubes-whonix/replace-ips:    elif os.path.exists('/var/run/qubes-service/whonix-workstation'):

Details

Impact
Normal

Related Objects

Event Timeline

Patrick created this task.Nov 22 2015, 8:27 PM
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: Whonix 12, Qubes, tb-updater, whonix-gw-firewall, refactoring.
Patrick set Impact to Normal.
Patrick added subscribers: Patrick, marmarek, nrgaway.
Herald added a project: Whonix. · View Herald TranscriptNov 22 2015, 8:27 PM
Herald added subscribers: WhonixQubes, troubadour. · View Herald Transcript
marmarek added a comment.Nov 22 2015, 8:33 PM

What is wrong with ExecStartPre=? If that's the only problem, maybe that code can be simply merged into that ExecStart= script?

Patrick added a comment.Nov 22 2015, 8:36 PM

I want to get rid of the many Whonix specific services by upstreaming (to Qubes or Whonix) everything that makes sense.

Patrick added a comment.Nov 22 2015, 8:50 PM

Is there in Qubes a common / recommended sytemd way using ConditionPathExists [or alike] way for detecting being run inside a TemplateVM?

Patrick mentioned this in T433: remove/upstream qubes-update-check systemd service Whonix specificness.Nov 22 2015, 8:51 PM
Patrick added a comment.Nov 22 2015, 9:22 PM
In T432#7206, @Patrick wrote:

Is there in Qubes a common / recommended sytemd way using ConditionPathExists [or alike] way for detecting being run inside a TemplateVM?

ExecStartPre=/bin/sh -c if [ "$(qubesdb-read /qubes-vm-type)" = "TemplateVM" ]; then exit 1 ; fi would work, but it's not great. The service would be registered as failed rather then skipped because a condition wasn't me.

Patrick added a comment.Nov 22 2015, 9:43 PM
In T432#7206, @Patrick wrote:

Is there in Qubes a common / recommended sytemd way using ConditionPathExists [or alike] way for detecting being run inside a TemplateVM?

Created https://github.com/marmarek/qubes-core-agent-linux/pull/52 for it.

marmarek added a comment.Nov 22 2015, 9:44 PM

Yes, and failed service would break dependencies.
Some flag file would be better. /var/run/qubes-service is meant to be controlled from Dom0 based on qvm-service settings, so not the best place. Maybe simply /var/run/qubes/this-is-template?

Patrick added a comment.Nov 22 2015, 10:00 PM

Right. Closed https://github.com/marmarek/qubes-core-agent-linux/pull/52; and opened https://github.com/marmarek/qubes-core-agent-linux/pull/53 for it.

Patrick added a comment.Nov 22 2015, 10:15 PM
no longer depend on /var/run/qubes-service/whonix-template

https://phabricator.whonix.org/T432

https://github.com/Whonix/tb-updater/commit/ab3d60d58ab1e2ae87b1ecbe68d2b2e9a4147177

Patrick added a comment.Nov 22 2015, 11:05 PM
no longer depend on /var/run/qubes-service status files

https://phabricator.whonix.org/T432

https://github.com/Whonix/whonix-gw-firewall/commit/11e30d99b5f866e3be73253fa5f1c11eb1165925

Patrick added a comment.Nov 23 2015, 12:03 AM
usr/lib/qubes-whonix/replace-ips: no longer depend on /var/run/qubes-service/

https://phabricator.whonix.org/T432

https://github.com/Whonix/qubes-whonix/commit/201b50cba24d19639d69cdf172f1f5483897ed5f

Patrick added a comment.Nov 23 2015, 10:19 AM
less dependency on /var/run/qubes-service status files

https://phabricator.whonix.org/T432

https://github.com/Whonix/qubes-whonix/commit/5696071c29eb854dc3161797d7fdcef9377116f5

Patrick added a comment.Nov 23 2015, 10:31 AM
In T432#7256, @Patrick wrote:
less dependency on /var/run/qubes-service status files

https://phabricator.whonix.org/T432

https://github.com/Whonix/qubes-whonix/commit/5696071c29eb854dc3161797d7fdcef9377116f5

The github diff viewer isn't great. The diff looks much simpler in kdiff3.

Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer