def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
self._execute(location, system_context, 'pacman', 'usbguard')
# Do setup:
# enable the daemon (actually set up socket activation)
self._execute(location.next_line(), system_context, 'systemd_enable',
'usbguard-dbus.service')
create_file(
system_context, '/usr/lib/tmpfiles.d/usbguard.conf',
textwrap.dedent('''\
d /var/log/usbguard 0750 root root - -
d /var/lib/usbguard 0750 root root - -
d /var/lib/usbguard/IPCAccessControl.d 0755 root root - -
f /var/lib/usbguard/rules.conf 0600 root root - -
''').encode('utf-8'))
self._execute(
location.next_line(), system_context, 'sed',
'/RuleFile=\/etc/ cRuleFile=/var/lib/usbguard/rules.conf',
'/etc/usbguard/usbguard-daemon.conf')
self._execute(
location.next_line(), system_context, 'sed',
'/IPCAccessControlFiles=\/etc/ cIPCAccessControlFiles=/var/lib/usbguard/IPCAccessControl.d',
'/etc/usbguard/usbguard-daemon.conf')
remove(system_context,
'/etc/usbguard/rules.conf',
'/etc/usbguard/IPCAccessControl.d',
recursive=True)
# Fix for https://github.com/USBGuard/usbguard/issues/287
makedirs(system_context, '/usr/lib/systemd/system/usbguard.service.d')
create_file(
system_context,
'/usr/lib/systemd/system/usbguard.service.d/bugfix.conf',
textwrap.dedent('''\
[Service]
CapabilityBoundingSet=CAP_DAC_OVERRIDE
ReadWritePaths=-/var/lib/usbguard/rules.conf
''').encode('utf-8'))
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
self._execute(
location,
system_context,
"pacman",
"--assume-installed",
"qt5-base",
"--assume-installed",
"qt5-declarative",
"--assume-installed",
"qt5-wayland",
"--assume-installed",
"qt5-x11extras",
"pipewire",
"pipewire-alsa",
"pipewire-pulse",
"pipewire-jack",
"baobab",
"brasero",
"cheese",
"file-roller",
"p7zip",
"unrar",
"unace",
"lrzip",
"gdm",
"gnome-color-manager",
"gnome-control-center",
"gnome-keyring",
"gnome-menus",
"gnome-screenshot",
"gnome-shell",
"gnome-shell-extensions",
"gnome-system-monitor",
"gnome-terminal",
"gnome-tweaks",
"gvfs",
"gvfs-afc",
"gvfs-goa",
"gvfs-google",
"gvfs-gphoto2",
"gvfs-mtp",
"gvfs-smb",
"mousetweaks",
"nautilus",
"networkmanager",
"networkmanager-openvpn",
"networkmanager-vpnc",
"pavucontrol",
"sane",
"sound-juicer",
"tracker-miners",
"usb_modeswitch",
"xdg-user-dirs-gtk",
"xorg-server-xwayland",
"gnome-remote-desktop",
"gnome-user-share",
"rygel",
"system-config-printer",
)
# Remove useless GStreamer plugins:
remove(
system_context,
"/usr/lib/gstreamer-*/libgstjack.so",
"/usr/lib/gstreamer-*/libgstqmlgl.so",
force=True,
)
location.set_description("networkmanager fixup")
self._execute(
location.next_line(),
system_context,
"create",
"/usr/lib/tmpfiles.d/networkmanager.conf",
"""d /var/etc/NetworkManager 0700 root root
d /var/etc/NetworkManager/system-connections 0750 root root
""",
mode=0o644,
)
self._execute(
location.next_line(),
system_context,
"systemd_enable",
"NetworkManager.service",
"NetworkManager-dispatcher.service",
)
# self._execute(location.next_line(), system_context, 'remove',
# '/usr/lib/systemd/system/'
# 'dbus-org.freedesktop.nm-dispatcher.service',
# '/usr/lib/systemd/system/'
# dbus-org.freedesktop.NetworkManager.service')
self._execute(
location.next_line(),
system_context,
"symlink",
"NetworkManager.service",
"dbus-org.freedesktop.NetworkManager.service",
work_directory="/usr/lib/systemd/system",
)
self._execute(
location.next_line(),
system_context,
"symlink",
"NetworkManager-dispatcher.service",
"dbus-org.freedesktop.nm-dispatcher.service",
work_directory="/usr/lib/systemd/system",
)
self._execute(
location.next_line(),
system_context,
"mkdir",
"/var/etc/NetworkManager/system-connections",
)
self._execute(
location.next_line(),
system_context,
"remove",
"/etc/NetworkManager/system-connections",
recursive=True,
force=True,
)
self._execute(
location.next_line(),
system_context,
"symlink",
"../../var/etc/NetworkManager/system-connections",
"system-connections",
work_directory="/etc/NetworkManager",
)
self._add_hook(
location.next_line(),
system_context,
"export",
"remove",
"/usr/share/gtk-doc/html/*",
recursive=True,
force=True,
)
self._execute(location.next_line(), system_context, "systemd_enable",
"gdm.service")
def __call__(self, location: Location, system_context: SystemContext,
*args: str, **kwargs: typing.Any) -> None:
"""Execute command."""
remove(system_context, *args, **kwargs)
def __call__(self, location: Location, system_context: SystemContext,
*args: typing.Any, **kwargs: typing.Any) -> None:
"""Execute command."""
self._execute(location, system_context, "pacman", "usbguard")
# Do setup:
# enable the daemon (actually set up socket activation)
self._execute(
location.next_line(),
system_context,
"systemd_enable",
"usbguard-dbus.service",
)
create_file(
system_context,
"/usr/lib/tmpfiles.d/usbguard.conf",
textwrap.dedent("""\
d /var/log/usbguard 0750 root root - -
d /var/etc/usbguard 0750 root root - -
C /var/etc/usbguard - - - - -
""").encode("utf-8"),
)
self._execute(
location.next_line(),
system_context,
"sed",
"/RuleFile=\\/etc/ cRuleFile=/var/etc/usbguard/rules.conf",
"/etc/usbguard/usbguard-daemon.conf",
)
self._execute(
location.next_line(),
system_context,
"sed",
"/IPCAccessControlFiles=\\/etc/ cIPCAccessControlFiles=/var/etc/usbguard/IPCAccessControl.d",
"/etc/usbguard/usbguard-daemon.conf",
)
self._execute(
location.next_line(),
system_context,
"sed",
"/ImplicitPolicyTarget=/ cImplicitPolicyTarget=allow",
"/etc/usbguard/usbguard-daemon.conf",
)
makedirs(system_context,
"/usr/share/factory/var/etc/usbguard/IPCaccessControl.d")
move(
system_context,
"/etc/usbguard/usbguard-daemon.conf",
"/usr/share/factory/var/etc/usbguard",
)
create_file(
system_context,
"/usr/share/factory/var/etc/usbguard/rules.conf",
b"",
mode=0o600,
)
remove(
system_context,
"/etc/usbguard",
recursive=True,
)
# Fix for https://github.com/USBGuard/usbguard/issues/287
makedirs(system_context, "/usr/lib/systemd/system/usbguard.service.d")
create_file(
system_context,
"/usr/lib/systemd/system/usbguard.service.d/bugfix.conf",
textwrap.dedent("""\
[Service]
CapabilityBoundingSet=CAP_DAC_OVERRIDE
ReadWritePaths=-/var/etc/usbguard/rules.conf
ExecStart=
ExecStart=/usr/bin/usbguard-daemon -k -c /var/etc/usbguard/usbguard-daemon.conf
""").encode("utf-8"),
)