user11
April 17, 2024, 5:50am
1
I would like to execute a script after each time my TemplateVM updates.
I tried /etc/qubes/post-install.d, but I don’t understand how it works.
Here is what I did:
Start a blank TemplateVM: (e.g.: fedora-38-xfce or debian-12-xfce)
In the TemplateVM:
$ cd /etc/qubes/post-install.d
$ sudo touch 05-write.sh
$ sudo chmod +x 05-write.sh
Write this in 05-write.sh:
#!/bin/sh
echo 'aaaa' > /tmp/a.txt
In dom0:
Start the Qubes Update GUI
Select the modified TemplateVM
Press Update
What I expect:
/tmp/a.txt exists and has aaaa in it.
What I happened:
Question:
How can I execute a script after each update?
It works for me./etc/qubes/post-install.d will only be executed if some package was installed during update. If there were no new updates then nothing will be executed.
solene
April 17, 2024, 7:12am
3
In addition to what was said, these scripts will also be executed if you install a program from an AppVM (it’s something I often do, even if it’s not persistent).
You can add this to your script so it exits on non templates, this checks if there is a network interface and exits if so, a template shouldn’t have a network interface.
# abort if not in a template
ip l show eth0 && exit 0
1 Like
quber
April 17, 2024, 7:24am
4
It’s not direct related, but you can parse rc.local.d directory on boot. See here:
QubesOS:main ← ben-grande:rc-local-dir
opened 04:59PM - 21 Nov 23 UTC
Fixes https://github.com/QubesOS/qubes-issues/issues/8690
opened 08:46AM - 07 Nov 23 UTC
closed 02:13AM - 04 Dec 23 UTC
T: enhancement
C: core
P: default
pr submitted
r4.2-vm-centos-stream8-stable
r4.2-vm-bullseye-stable
r4.2-vm-fc37-stable
r4.2-vm-bookworm-stable
r4.2-vm-fc38-stable
r4.2-vm-fc39-stable
[How to file a helpful issue](https://www.qubes-os.org/doc/issue-tracking/)
#… ## The problem you're addressing (if any)
Currently when orchestrating QubesOS deployment, most files I change are intended for packages as they have drop-in configuration directory, `/etc/qubes/policy.d/*.policy`, `/etc/ssh/sshd_config.d/*.conf`, `/etc/apt/sources.list.d/*.(sources|list)`, including `/rw/config/qubes-bind-dirs.d/*.conf`, but `/rw/config/rc.local` does not have an equivalent.
When orchestrating qubes deployment, initialization calls have to be written to `/rw/config/rc.local`, but the file can't be replaced, because there is a possibility of having user modifications in it on multiple packages managing the same file.
Currently I am using Salt module `file.append` for rc.local, the only file that I am currently using this module in all my states is rc.local.
### The solution you'd like
I know I can create my own sourcing mechanism in rc.local
```sh
for f in /rw/config/rc.local.d/*.conf
test -r "$f" || continue
. "$f"
done
```
But it would be much better if this was the upstream default for packagers to not mess with user configuration.
### The value to a user, and who that user might be
The value to a user is not having their configuration overriden by a packages.
The value to a packager is not having to mess with user configuratio, with an easy drop-in configuration to apply at qube boot.
It’s better to add this instead:
if test -f /run/qubes/this-is-templatevm ; then
## Do none of the following in a TemplateVM.
exit 0
fi
Because in offline qubes there is no eth0 interface as well.
3 Likes
solene
April 17, 2024, 7:34am
6
Perfect, I was looking for something more “template-only”
