archlinux: install qubes version of /etc/fstab

Install it as /etc/fstab, and replace the original in post-install hook,
but only if it wasn't qubes one already. This way, user modifications
are not overridden.

QubesOS/qubes-issues#9975

Author: marmarek

archlinux/PKGBUILD.in

@@ -100,6 +100,14 @@ package_qubes-vm-core() {
     make -C qubes-rpc/kde DESTDIR="$pkgdir" install
     make -C qubes-rpc/nautilus DESTDIR="$pkgdir" install
     make -C qubes-rpc/thunar DESTDIR="$pkgdir" install
+    make -C filesystem DESTDIR="$pkgdir" install
+
+    # Adjust fstab for Arch
+    mv "$pkgdir/etc/fstab" "$pkgdir/etc/fstab.qubes"
+    echo "
+# This MUST be a ramfs, not a tmpfs!  The data here is incredibly sensitive
+# (allows root access) and must not be leaked to disk.
+tmpfs                   /etc/pacman.d/gnupg/private-keys-v1.d       ramfs   defaults,noexec,nosuid,nodev,mode=600    0 0" >> "$pkgdir/etc/fstab.qubes"
 
     # Install systemd script allowing to automount /lib/modules
     install -m 644 "archlinux/PKGBUILD.qubes-ensure-lib-modules.service" "${pkgdir}/usr/lib/systemd/system/qubes-ensure-lib-modules.service"

archlinux/PKGBUILD.install

@@ -85,8 +85,10 @@ update_qubesconfig() {
         mount /usr/local || :
     fi
 
-    # Fix fstab update to core-agent-linux 4.0.33
-    grep -F -q "/rw/usrlocal" /etc/fstab || sed "/\/rw\/home/a\/rw\/usrlocal    \/usr\/local  none    noauto,bind,defaults 0 0" -i /etc/fstab
+    # Install qubes version of fstab
+    if ! grep -q dmroot /etc/fstab; then
+        cp -f /etc/fstab.qubes /etc/fstab
+    fi
 
     #/usr/lib/qubes/update-proxy-configs
     # Archlinux pacman configuration is handled in update_finalize