config/chroot_local-hooks/52-update-rc.d

   1 #!/bin/sh
   2
   3 set -e
   4 set -u
   5
   6 ### Tweak systemd unit files
   7
   8 # Workaround for https://bugs.debian.org/934389
   9 systemctl enable memlockd.service
  10
  11 # Enable our own systemd unit files
  12 systemctl enable initramfs-shutdown.service
  13 systemctl enable onion-grater.service
  14 systemctl enable tails-allow-external-TailsData-access.service
  15 systemctl enable tails-autotest-broken-gnome-shell.service
  16 systemctl enable tails-autotest-journal-dumper.service
  17 systemctl enable tails-autotest-remote-shell.service
  18 systemctl enable tails-create-netns.service
  19 systemctl enable tails-detect-disk-ioerrors.service
  20 systemctl enable tails-persistent-storage.service
  21 systemctl enable tails-remove-overlayfs-dirs.service
  22 systemctl enable tails-set-wireless-devices-state.service
  23 systemctl enable tails-shutdown-on-media-removal.service
  24 systemctl enable tails-tor-has-bootstrapped.target
  25 systemctl enable tails-update-random-seed-sector.service
  26 systemctl enable tails-wait-until-tor-has-bootstrapped.service
  27 systemctl enable tails-tor-has-bootstrapped-flag-file.service
  28 systemctl enable tca-portal.socket
  29 systemctl enable run-initramfs.mount
  30 systemctl enable var-tmp.mount
  31
  32 # Enable our own systemd user unit files
  33 systemctl --global enable tails-add-GNOME-bookmarks.service
  34 systemctl --global enable tails-additional-software-install.service
  35 systemctl --global enable tails-configure-keyboard.service
  36 systemctl --global enable tails-report-disk-resize-errors.service
  37 systemctl --global enable tails-report-disk-ioerrors.path
  38 systemctl --global enable tails-report-mac-spoofing-failed.service
  39 systemctl --global enable tails-security-check.service
  40 systemctl --global enable tails-upgrade-frontend.service
  41 systemctl --global enable tails-virt-notify-user.service
  42 systemctl --global enable tails-wait-until-tor-has-bootstrapped.service
  43 systemctl --global enable tails-create-persistent-storage.service
  44 systemctl --global enable tails-htpdate-notify-user.service
  45 systemctl --global enable tails-dump-user-env.service
  46 systemctl --global enable tails-start-system-gnome-session-target.service
  47 systemctl --global enable tails-post-greeter-docs.service
  48 systemctl --global enable tails-post-greeter-whisperback.service
  49
  50 # This causes the proxies to run during the whole session, instead of
  51 # being started and stopped when needed. The only app which needs
  52 # the proxies and doesn't define this requirement in a systemd service
  53 # yet is the Unsafe Browser. Once that is fixed, we can remove these
  54 # lines (and the [Install] sections from the service files).
  55 systemctl --global enable "tails-a11y-bus-proxy.service"
  56 systemctl --global enable "tails-ibus-proxy.service"
  57
  58 # Use socket activation only, to delay the startup of cupsd.
  59 systemctl disable cups.service
  60 systemctl enable  cups.socket
  61
  62 # We're starting NetworkManager and Tor ourselves.
  63 systemctl disable NetworkManager.service
  64 systemctl disable NetworkManager-wait-online.service
  65
  66 # We seed the entropy pool ourselves in initramfs, so we don't need the
  67 # systemd-random-seed.service. We disable it to avoid confusion.
  68 systemctl disable systemd-random-seed.service
  69
  70 # tracker-extract-3.service is a helper service that is controlled by
  71 # tracker-miner-fs-3.service. It should not be started automatically
  72 # by systemd. In Bookworm, it has a WantedBy=default.target dependency,
  73 # which causes it to fail after a 30s timeout because it's started
  74 # before tracker-miner-fs-3.service, see #20243.
  75 # TODO:Trixie: The version of tracker-extract in Trixie does not have
  76 # dependency on default.target anymore, so we can remove this line.
  77 systemctl --global disable tracker-extract-3.service
  78
  79 # systemd-networkd fallbacks to Google's nameservers when no other nameserver
  80 # is provided by the network configuration. As of Debian Buster,
  81 # this service is disabled
  82 # by default, but it feels safer to make this explicit. Besides, it might be
  83 # that systemd-networkd vs. firewall setup ordering is suboptimal in this respect,
  84 # so let's avoid any risk of DNS leaks here.
  85 systemctl mask systemd-networkd.service
  86
  87 # Do not sync the system clock to the hardware clock on shutdown
  88 systemctl mask hwclock-save.service
  89
  90 # Do not run timesyncd: we have our own time synchronization mechanism
  91 systemctl mask systemd-timesyncd.service
  92
  93 # Do not let pppd-dns manage /etc/resolv.conf
  94 systemctl mask pppd-dns.service
  95
  96 # Conflicts with our custom shutdown procedure
  97 systemctl mask live-tools.service
  98
  99 # "Daily man-db regeneration" is not needed in Tails (#16631)
 100 systemctl mask man-db.timer
 101
 102 # Blocked by our firewall so cannot work; would need some security analysis
 103 # before we enable it
 104 systemctl mask avahi-daemon.socket
 105 systemctl mask avahi-daemon.service
 106