linux-qubasis

linux oasis port as a qubes template

git clone https://9o.is/git/linux-qubasis.git

commit 6583a105d9ec34c5b3cfbc7f69d58db1cb684b30
parent 0f31a22ff146edcba3fa88bf9423629f58654105
Author: Jul <jul@9o.is>
Date:   Sat, 22 Nov 2025 05:14:08 -0500

install qubes files to working running example

Diffstat:

Aqubes/example/files | 23+++++++++++++++++++++++


Aqubes/example/fstab | 9+++++++++


Mqubes/example/gen.sh | 4----


Aqubes/example/group | 2++


Aqubes/example/passwd | 2++


Aqubes/example/perp/.boot/rc.perp | 3+++


Aqubes/example/perp/.default/rc.log | 16++++++++++++++++


Aqubes/example/perp/.getty/rc.main | 10++++++++++


Aqubes/example/rc.init | 14++++++++++++++


Aqubes/example/rc.shutdown | 11+++++++++++


Aqubes/example/shadow | 2++


Mqubes/gen-fspec.awk | 9+++++++--


Mqubes/gen.sh | 2+-


Mqubes/genfn.sh | 41+++++++++++++++++++++++++----------------


Mqubes/rules.sh | 5+++--


15 files changed, 128 insertions(+), 25 deletions(-)

diff --git a/qubes/example/files b/qubes/example/files
@@ -0,0 +1,23 @@
+dir 0755 /rw
+dir 0755 /dev
+dir 0755 /proc
+dir 0755 /run
+dir 0755 /sys
+dir 0755 /tmp
+dir 0700 /root
+dir 0755 /var
+dir 0755 /lib/modules
+sym 0777 /sbin bin
+sym 0777 /usr .
+reg 0644 $etcdir/fstab			$dir/fstab
+reg 0755 $etcdir/rc.init		$dir/rc.init
+reg 0755 $etcdir/rc.shutdown	$dir/rc.shutdown
+reg 0644 $etcdir/passwd			$dir/passwd
+reg 0644 $etcdir/group			$dir/group
+reg 0000 $etcdir/shadow			$dir/shadow
+reg 0755 $etcdir/perp/.boot/rc.perp			$dir/perp/.boot/rc.perp
+reg 0755 $etcdir/perp/.default/rc.log		$dir/perp/.default/rc.log
+sym 0777 $etcdir/perp/.boot/rc.log			../.default/rc.log
+reg 0755 $etcdir/perp/.getty/rc.main		$dir/perp/.getty/rc.main
+dir 1755 $etcdir/perp/getty@hvc0
+sym 0777 $etcdir/perp/getty@hvc0/rc.main	../.getty/rc.main
diff --git a/qubes/example/fstab b/qubes/example/fstab
@@ -0,0 +1,9 @@
+/dev/mapper/dmroot  /           ext4    defaults,discard,noatime 1 1
+/dev/xvdb           /rw         auto    noauto,defaults,discard,nosuid,nodev 1 2
+/dev/xvdc1          swap        swap    defaults 0 0
+none                /dev/pts    devpts  nosuid,noexec,relatime 0 0
+none                /dev/shm    tmpfs   nodev,nosuid,noexec 0 0
+none                /proc       proc    nodev,noexec,nosuid,relatime 0 0
+none                /run        tmpfs   nodev,noexec,nosuid,mode=755 0 0
+none                /sys        sysfs   nodev,noexec,nosuid,relatime 0 0
+none                /tmp        tmpfs   nodev,nosuid,relatime 0 0
diff --git a/qubes/example/gen.sh b/qubes/example/gen.sh
@@ -1,9 +1,5 @@
-var prefix /usr
-
 qvm_create --class TemplateVM --label black
 
-qvm_prefs netvm example-app
-qvm_prefs audiovm example-app
 qvm_prefs memory 200
 qvm_prefs maxmem 2000
 
diff --git a/qubes/example/group b/qubes/example/group
@@ -0,0 +1,2 @@
+root:x:0:root
+log:x:100:
diff --git a/qubes/example/passwd b/qubes/example/passwd
@@ -0,0 +1,2 @@
+root:x:0:0:root:/root:/bin/sh
+log:x:100:100:Logging daemon:/var/empty:/bin/false
diff --git a/qubes/example/perp/.boot/rc.perp b/qubes/example/perp/.boot/rc.perp
@@ -0,0 +1,3 @@
+#!/bin/sh
+mkdir -p /run/perp
+exec perpd $PERP_BASE
diff --git a/qubes/example/perp/.default/rc.log b/qubes/example/perp/.default/rc.log
@@ -0,0 +1,16 @@
+#!/bin/sh -eu
+
+start() {
+	if [ ! -d $1 ]; then
+		mkdir -p $1
+		chown log:log $1
+	fi
+
+	exec runuid log tinylog -k 8 -s 33554432 -t $1
+}
+
+case ${1-perp} in
+perp)	start /var/log/perp;;
+start)	start /var/log/$2;;
+*)		exit;;
+esac
diff --git a/qubes/example/perp/.getty/rc.main b/qubes/example/perp/.getty/rc.main
@@ -0,0 +1,10 @@
+#!/bin/sh -eu
+
+start() {
+	exec getty -a /dev/$(echo $1 | cut -d @ -f 2)
+}
+
+case $1 in
+start)	start $2;;
+*)		exit;;
+esac
diff --git a/qubes/example/rc.init b/qubes/example/rc.init
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+PATH=/bin
+
+umask 022
+
+mount -t proc none /proc
+mount -t devtmpfs devtmpfs /dev
+
+mkdir /dev/pts
+mkdir /dev/shm
+
+mount -a
+exec perpboot /etc/perp
diff --git a/qubes/example/rc.shutdown b/qubes/example/rc.shutdown
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+PATH=/bin
+args=
+
+case $1 in
+poweroff) args=-p;;
+reboot)	args=-r;;
+esac
+
+exec /bin/shutdown $args
diff --git a/qubes/example/shadow b/qubes/example/shadow
@@ -0,0 +1,2 @@
+root::::::::
+log:!:::::::
diff --git a/qubes/gen-fspec.awk b/qubes/gen-fspec.awk
@@ -6,7 +6,7 @@ function eval_path(path) {
 	gsub(/\$bindir/,		bindir,		path);
 	gsub(/\$datadir/,		datadir,	path);
 	gsub(/\$mandir/,		mandir,		path);
-	gsub(/\$sysconfdir/,	sysconfdir,	path);
+	gsub(/\$etcdir/,		etcdir,		path);
 	gsub(/\$libdir/,		libdir,		path);
 	gsub(/\$libexecdir/,	libexecdir,	path);
 	gsub(/\$includedir/,	includedir,	path);
@@ -14,6 +14,11 @@ function eval_path(path) {
 	return path;
 }
 
+function eval_source(source) {
+	gsub(/\$dir/, dir, source);
+	return source;
+}
+
 function exclude(path) {
 	pattern = "^(" pkgexclude ")$"
 	return pkgexclude != "" && path ~ pattern
@@ -29,7 +34,7 @@ $1 == "reg" {
 	print prefix path;
 	print "type=" $1;
 	print "mode=" $2;
-	print "source=" $4;
+	print "source=" eval_source($4);
 	print "";
 	print "";
 }
diff --git a/qubes/gen.sh b/qubes/gen.sh
@@ -4,7 +4,7 @@ var libdir		/lib
 var libexecdir	/libexec
 var datadir		/share
 var mandir		/share/man
-var sysconfdir	/etc
+var etcdir		/etc
 var includedir	/include
 
 var qubesdir $dir
diff --git a/qubes/genfn.sh b/qubes/genfn.sh
@@ -16,9 +16,7 @@ init_qvm() {
 }
 
 fini_qvm() {
-	if [ -e $DIR/files ]; then
-		fspec fspec/root.fspec $dir/files
-	fi
+	pkg_root
 
 	if [ "$FSPECS" ]; then
 		fspec_root root.fspec $FSPECS
@@ -49,7 +47,26 @@ pkg() {
 		return
 	fi
 
-	_deps="$(awk -v pkgexclude="$PKGEXCLUDE" "
+	fspec $_out $_in "| $(get_file_deps $_in)"
+	FSPECS="$FSPECS $_out"
+}
+
+pkg_root() {
+	if [ -e $DIR/files ]; then
+		fspec fspec/root.fspec $dir/files "| $(get_file_deps $DIR/files)"
+		FSPECS="$FSPECS $outdir/fspec/root.fspec"
+	fi
+}
+
+pkgexclude() {
+	for _v in "$@"; do
+		PKGEXCLUDE="$PKGEXCLUDE|$_v"
+	done
+	var pkgexclude \"$PKGEXCLUDE\"
+}
+
+get_file_deps() {
+	awk -v pkgexclude="$PKGEXCLUDE" -v dir="$DIR" "
 		BEGIN {
 			gsub(/\\//, \"\\\\/\", pkgexclude);
 			gsub(/\\$/, \"\\\\$\", pkgexclude);
@@ -58,19 +75,11 @@ pkg() {
 		/^reg / {
 			pattern = \"^(\" pkgexclude \")$\"
 			if (pkgexclude != \"\" && \$3 ~ pattern) { next }
-			print \$4
+			source = \$4
+			gsub(/\\\$dir/, dir, source);
+			print source
 		}
-	" $_in | xargs)"
-
-	fspec $_out $_in '|' $_deps
-	FSPECS="$FSPECS $_out"
-}
-
-pkgexclude() {
-	for _v in "$@"; do
-		PKGEXCLUDE="$PKGEXCLUDE|$_v"
-	done
-	var pkgexclude \"$PKGEXCLUDE\"
+	" $1 | xargs
 }
 
 qubes_policy() {
diff --git a/qubes/rules.sh b/qubes/rules.sh
@@ -1,15 +1,16 @@
 rule touch 'touch $out'
 bind description 'TOUCH $out'
 
-rule fspec 'awk -f $qubesdir/gen-fspec.awk $fspecvars $in | $hostdir/fspec-hash >$out 2>/dev/null'
+rule fspec 'awk -f $qubesdir/gen-fspec.awk $fspecvars $in | $hostdir/fspec-hash >$out'
 bind description 'FSPEC $out'
 bind fspecvars "
 	-v pkgexclude=$pkgexclude
 	-v prefix=$prefix
+	-v dir=$dir
 	-v bindir=$bindir
 	-v datadir=$datadir
 	-v mandir=$mandir
-	-v sysconfdir=$sysconfdir
+	-v etcdir=$etcdir
 	-v libdir=$libdir
 	-v libexecdir=$libexecdir
 	-v includedir=$includedir