From 110064b0d75a9f5c2c32f0775991b67cf63ccee4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Fri, 26 Apr 2024 04:08:17 +0200
Subject: [PATCH] Use new built-in TCP support in qrexec for qubes.UpdatesProxy

Enable exit-on-service-eof feature, since that is what socat did.

QubesOS/qubes-issues#9037
---
 Makefile                                   | 2 --
 debian/qubes-core-agent-networking.install | 1 +
 qubes-rpc/Makefile                         | 1 +
 qubes-rpc/qubes.UpdatesProxy               | 2 --
 qubes-rpc/qubes.UpdatesProxy.config        | 2 ++
 rpm_spec/core-agent.spec.in                | 1 +
 6 files changed, 5 insertions(+), 4 deletions(-)
 delete mode 100755 qubes-rpc/qubes.UpdatesProxy
 create mode 100644 qubes-rpc/qubes.UpdatesProxy.config

diff --git a/Makefile b/Makefile
index bc043443..9848a8e8 100644
--- a/Makefile
+++ b/Makefile
@@ -229,8 +229,6 @@ install-netvm: install-systemd-networking-dropins install-networkmanager
 	install -m 0400 -D network/qubes-antispoof.nft $(DESTDIR)/etc/qubes/qubes-antispoof.nft
 	install -m 0400 -D network/qubes-ipv6-disabled.nft $(DESTDIR)/etc/qubes/qubes-ipv6-disabled.nft
 
-	install -m 0755 -D qubes-rpc/qubes.UpdatesProxy $(DESTDIR)/etc/qubes-rpc/qubes.UpdatesProxy
-
 # networkmanager install target allow integration of NetworkManager for Qubes VM:
 # * make connections config persistent
 # * adjust DNS redirections when needed
diff --git a/debian/qubes-core-agent-networking.install b/debian/qubes-core-agent-networking.install
index d9c675d5..c2e53429 100644
--- a/debian/qubes-core-agent-networking.install
+++ b/debian/qubes-core-agent-networking.install
@@ -1,5 +1,6 @@
 etc/dhclient.d/qubes-setup-dnat-to-ns.sh
 etc/qubes-rpc/qubes.UpdatesProxy
+etc/qubes/rpc-config/qubes.UpdatesProxy
 etc/qubes/qubes-ipv6-disabled.nft
 etc/qubes/qubes-ipv6.nft
 etc/qubes/qubes-ipv4.nft
diff --git a/qubes-rpc/Makefile b/qubes-rpc/Makefile
index 28e34cec..71867d85 100644
--- a/qubes-rpc/Makefile
+++ b/qubes-rpc/Makefile
@@ -80,6 +80,7 @@ install:
 		qubes.TemplateDownload
 	$(LN) qubes.VMExec $(DESTDIR)$(QUBESRPCCMDDIR)/qubes.VMExecGUI
 	$(LN) /dev/tcp/127.0.0.1 $(DESTDIR)$(QUBESRPCCMDDIR)/qubes.ConnectTCP
+	$(LN) /dev/tcp/127.0.0.1/8082 $(DESTDIR)$(QUBESRPCCMDDIR)/qubes.UpdatesProxy
 	for config in *.config; do \
 		install -D -m 0644 "$$config" "$(DESTDIR)$(QUBESRPCCONFDIR)/$${config%.config}"; \
 	done
diff --git a/qubes-rpc/qubes.UpdatesProxy b/qubes-rpc/qubes.UpdatesProxy
deleted file mode 100755
index d364842d..00000000
--- a/qubes-rpc/qubes.UpdatesProxy
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-exec socat STDIO TCP4:127.0.0.1:8082
diff --git a/qubes-rpc/qubes.UpdatesProxy.config b/qubes-rpc/qubes.UpdatesProxy.config
new file mode 100644
index 00000000..a4e2df2c
--- /dev/null
+++ b/qubes-rpc/qubes.UpdatesProxy.config
@@ -0,0 +1,2 @@
+skip-service-descriptor=true
+exit-on-service-eof=true
diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in
index f524c7be..8dbb7ea6 100644
--- a/rpm_spec/core-agent.spec.in
+++ b/rpm_spec/core-agent.spec.in
@@ -1100,6 +1100,7 @@ rm -f %{name}-%{version}
 %config(noreplace) /etc/qubes/qubes-ipv4.nft
 %config(noreplace) /etc/qubes/qubes-ipv6.nft
 %config(noreplace) /etc/qubes/qubes-ipv6-disabled.nft
+%config(noreplace) /etc/qubes/rpc-config/qubes.UpdatesProxy
 %config(noreplace) /etc/tinyproxy/tinyproxy-updates.conf
 %config(noreplace) /etc/tinyproxy/updates-blacklist
 %config(noreplace) /etc/udev/rules.d/99-qubes-network.rules