From 414ea02c05d5cf8625dd39547de9b18ec207619c Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Sun, 26 May 2024 22:08:55 -0400 Subject: [PATCH] Support installation outside of /usr This makes testing much, *much* easier. The binaries use an rpath to find the libraries they depend on, and qfile-copy uses $0 to find the binaries it uses. /usr/bin/qfile-unpacker needs a different rpath than the binaries under /usr/lib/qubes, so they must now be built separately (from the same object files). --- qubes-rpc/Makefile | 14 +++++++++++--- qubes-rpc/qvm-copy | 18 +++++++++++++----- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/qubes-rpc/Makefile b/qubes-rpc/Makefile index 863271d3..0fce4d55 100644 --- a/qubes-rpc/Makefile +++ b/qubes-rpc/Makefile @@ -17,8 +17,16 @@ LDLIBS := -lqubes-rpc-filecopy .PHONY: all clean install -all: vm-file-editor qopen-in-vm qfile-agent qfile-unpacker tar2qfile qubes-fs-tree-check +all: vm-file-editor qopen-in-vm qfile-agent qfile-unpacker tar2qfile qubes-fs-tree-check bin-qfile-unpacker +# Ensure that these programs can find their shared libraries, +# even when installed in e.g. a TemplateBasedVM to somewhere other +# than /usr. +vm-file-editor qopen-in-vm qfile-agent qfile-unpacker tar2qfile qubes-fs-tree-check: LDFLAGS += '-Wl,-rpath,$$ORIGIN/../../$$LIB' +# This is installed in /usr/bin, not /usr/lib/qubes, so it needs a different rpath. +bin-qfile-unpacker: LDFLAGS += '-Wl,-rpath,$$ORIGIN/../$$LIB' +bin-qfile-unpacker: qfile-unpacker.o gui-fatal.o + $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) qubes-fs-tree-check: LDLIBS += -lqubes-pure qubes-fs-tree-check: qubes-fs-tree-check.o vm-file-editor: vm-file-editor.o @@ -28,7 +36,7 @@ qfile-unpacker: qfile-unpacker.o gui-fatal.o tar2qfile: tar2qfile.o gui-fatal.o clean: - -$(RM) -- qopen-in-vm qfile-agent qfile-unpacker tar2qfile vm-file-editor qubes-fs-tree-check *.o + -$(RM) -- qopen-in-vm qfile-agent qfile-unpacker tar2qfile vm-file-editor qubes-fs-tree-check bin-qfile-unpacker *.o install: install -d $(DESTDIR)$(BINDIR) @@ -55,7 +63,7 @@ install: install -t $(DESTDIR)$(QUBESLIBDIR) -m 4755 qfile-unpacker # This version isn't confined by SELinux, so it supports other # home directories. - install -t $(DESTDIR)$(BINDIR) -m 4755 qfile-unpacker + install -m 4755 bin-qfile-unpacker $(DESTDIR)$(BINDIR)/qfile-unpacker install -d $(DESTDIR)$(QUBESRPCCMDDIR) install -t $(DESTDIR)$(QUBESRPCCMDDIR) \ qubes.Filecopy qubes.UnsafeFileCopy \ diff --git a/qubes-rpc/qvm-copy b/qubes-rpc/qvm-copy index 298ac946..36437fa9 100755 --- a/qubes-rpc/qvm-copy +++ b/qubes-rpc/qvm-copy @@ -17,12 +17,13 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# + set -e -o pipefail -unset PROGRESS_TYPE OPERATION_TYPE TARGET_TYPE MIN_ARGS FILECOPY_TOTAL_SIZE service +unset PROGRESS_TYPE OPERATION_TYPE TARGET_TYPE MIN_ARGS FILECOPY_TOTAL_SIZE service scriptdir +# Determine the operation to be performed case ${0##*/} in (qvm-move) OPERATION_TYPE=move TARGET_TYPE=default MIN_ARGS=1;; (qvm-copy) OPERATION_TYPE=copy TARGET_TYPE=default MIN_ARGS=1;; @@ -31,6 +32,13 @@ case ${0##*/} in (*) printf 'Invoked with unrecognized name %s, cannot determine operation to perform\n' "$0"; exit 1;; esac +# Find the binaries we were shipped with, in case we were installed to +# somewhere other than /usr. +case $0 in + (*/*) scriptdir=${0%/*}/../lib;; + (*) scriptdir=../lib;; +esac + usage () { if [ "$TARGET_TYPE" = "vm" ]; then echo "usage: $0 [--without-progress] destination_qube_name FILE [FILE ...]" @@ -74,7 +82,7 @@ else VM="@default" fi -if FILECOPY_TOTAL_SIZE=$(/usr/lib/qubes/qubes-fs-tree-check \ +if FILECOPY_TOTAL_SIZE=$("$scriptdir/qubes/qubes-fs-tree-check" \ --allow-symlinks --allow-directories --machine -- "$@"); then service=qubes.Filecopy else @@ -84,8 +92,8 @@ else fi if [[ "$PROGRESS_TYPE" = 'console' ]]; then export FILECOPY_TOTAL_SIZE; fi -/usr/lib/qubes/qrexec-client-vm --filter-escape-chars-stderr -- "$VM" \ - "$service" /usr/lib/qubes/qfile-agent "$@" +"$scriptdir/qubes/qrexec-client-vm" --filter-escape-chars-stderr -- "$VM" \ + "$service" "$scriptdir/qubes/qfile-agent" "$@" if [ "$OPERATION_TYPE" = "move" ] ; then rm -rf -- "$@"