Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8b75b264ae
core-admin/rpm_spec/core-dom0.spec.in

446 lines
15 KiB
RPMSpec
Raw Normal View History

Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
#
# This is the SPEC file for creating binary RPMs for the Dom0.
#
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2010 Joanna Rutkowska <joanna@invisiblethingslab.com>
# Copyright (C) 2010 Rafal Wojtczuk <rafal@invisiblethingslab.com>
#
Change license to LGPL v2.1+ See this thread for reasoning and acceptance from contributors: https://groups.google.com/d/topic/qubes-devel/G7KzrfU0lWY/discussion "Changing qubes-core-admin license to LGPL v2.1+"
2017-10-12 00:11:50 +02:00
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
#
Change license to LGPL v2.1+ See this thread for reasoning and acceptance from contributors: https://groups.google.com/d/topic/qubes-devel/G7KzrfU0lWY/discussion "Changing qubes-core-admin license to LGPL v2.1+"
2017-10-12 00:11:50 +02:00
# This library is distributed in the hope that it will be useful,
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
# but WITHOUT ANY WARRANTY; without even the implied warranty of
Change license to LGPL v2.1+ See this thread for reasoning and acceptance from contributors: https://groups.google.com/d/topic/qubes-devel/G7KzrfU0lWY/discussion "Changing qubes-core-admin license to LGPL v2.1+"
2017-10-12 00:11:50 +02:00
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
#
Change license to LGPL v2.1+ See this thread for reasoning and acceptance from contributors: https://groups.google.com/d/topic/qubes-devel/G7KzrfU0lWY/discussion "Changing qubes-core-admin license to LGPL v2.1+"
2017-10-12 00:11:50 +02:00
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, see <https://www.gnu.org/licenses/>.
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
#
#
dom0/dracut: support new dracut module interface
2013-01-25 03:09:18 +01:00
%define _dracutmoddir /usr/lib/dracut/modules.d
Define backend_vmm macro
2018-04-02 20:06:53 +02:00
%define backend_vmm @BACKEND_VMM@
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
Name: qubes-core-dom0
Create .spec.in and Source0
2018-01-25 11:55:39 +01:00
Version: @VERSION@
version 2.1.45
2014-04-15 04:09:13 +02:00
Release: 1%{dist}
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
Summary: The Qubes core files (Dom0-side)
Group: Qubes
Vendor: Invisible Things Lab
License: GPL
URL: http://www.qubes-os.org
add core3 to Makefiles and spec
2015-01-13 18:23:04 +01:00
spec: disable AutoReq This fixes compilation under Fedora. Depending on $PATH order, automagic dependencies put /usr/bin/python or /bin/python (because we have anything, becase /bin is just symlink to /usr/bin.
2015-12-22 14:21:28 +01:00
# because we have "#!/usr/bin/env python" shebangs, RPM puts
# "Requires: $(which # python)" dependency, which, depending on $PATH order,
# may point to /usr/bin/python or /bin/python (because Fedora has this stupid
# /bin -> usr/bin symlink). python*.rpm provides only /usr/bin/python.
AutoReq: no
Disable debug packages for core-dom0 Leave the 'proper' fix of making this package noarch commented out for now, to allow this to be merged. Comments as per the parallel submit to qubes-artwork.
2016-03-11 04:36:44 +01:00
# FIXME: Enable this and disable debug_package
#BuildArch: noarch
Merge remote-tracking branch 'origin/master' into core3-devel-mm
2016-04-11 13:03:12 +02:00
dom0: Scale icons to 48x48 We register them as 48px icons, so scale them to that size (originally 600px). Specifically required by gui-daemon which require prescalled icon.
2013-02-19 01:05:22 +01:00
BuildRequires: ImageMagick
dom0/init: implement systemd unit files They cover standard init.d scripts when system have systemd, so can be placed both in one package.
2013-01-27 00:04:40 +01:00
BuildRequires: systemd-units
rpm: cleanup scripts, use %systemd_* macros to handle services
2017-05-17 03:05:34 +02:00
BuildRequires: systemd
add core3 to Makefiles and spec
2015-01-13 18:23:04 +01:00
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
BuildRequires: python3-devel
add core3 to Makefiles and spec
2015-01-13 18:23:04 +01:00
# for building documentation
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
BuildRequires: python3-sphinx
rpm: integrate -doc package into main one It doesn't really make sense to keep man pages in separate package. Previously it was done to avoid some build dependencies (pandoc require a lot of them), but it isn't a problem anymore.
2017-05-11 22:09:59 +02:00
BuildRequires: python3-lxml
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
BuildRequires: libvirt-python3
BuildRequires: python3-dbus
api/admin: plug backup into Admin API Fixes QubesOS/qubes-issues#2931
2017-07-20 03:07:46 +02:00
BuildRequires: python3-PyYAML
add core3 to Makefiles and spec
2015-01-13 18:23:04 +01:00
dom0/init: implement systemd unit files They cover standard init.d scripts when system have systemd, so can be placed both in one package.
2013-01-27 00:04:40 +01:00
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
spec: update and tidy up python dependencies QubesOS/qubes-issues#2622
2017-03-30 23:23:30 +02:00
Requires: python3
#Requires: python3-aiofiles
Requires: python3-docutils
Requires: python3-jinja2
Requires: python3-lxml
qubespolicy: run GUI code inside user session and expose it as dbus object This way it will work independently from where qrexec-policy tool will be called (in most cases - from a system service, as root). This is also very similar architecture to what we'll need when moving to GUI domain - there GUI part will also be separated from policy evaluation logic. QubesOS/qubes-issues#910
2017-04-06 15:39:31 +02:00
Requires: python3-pydbus
spec: update and tidy up python dependencies QubesOS/qubes-issues#2622
2017-03-30 23:23:30 +02:00
Requires: python3-qubesdb
Requires: python3-setuptools
api/admin: plug backup into Admin API Fixes QubesOS/qubes-issues#2931
2017-07-20 03:07:46 +02:00
Requires: python3-PyYAML
spec: update and tidy up python dependencies QubesOS/qubes-issues#2622
2017-03-30 23:23:30 +02:00
Requires: python3-xen
Requires: libvirt-python3
Requires: pciutils
rpm: adjust dependencies
2018-02-20 01:18:15 +01:00
Requires: qubes-core-dom0-linux >= 4.0.11
Use QubesDB instead of Xenstore. Mostly done. Things still using xenstore/not working at all: - DispVM - qubesutils.py (especially qvm-block and qvm-usb code) - external IP change notification for ProxyVM (should be done via RPC service)
2013-06-07 05:16:15 +02:00
Requires: qubes-db-dom0
Split core qubes.py into modules
2013-03-16 02:39:30 +01:00
# TODO: R: qubes-gui-dom0 >= 2.1.11
Start xend and xenstored during package installation
2011-02-09 22:15:00 +01:00
Conflicts: qubes-gui-dom0 < 1.1.13
rpm: Add libvirt to dependencies
2013-05-16 02:01:52 +02:00
%if x%{?backend_vmm} == xxen
rpm: move R: xen-runtime inside vmm-xen deps block Do not depend on xen package unconditionally.
2013-06-07 05:07:40 +02:00
Requires: xen-runtime
dom0/spec: require xen-hvm package for stubdom
2012-03-01 10:57:34 +01:00
Requires: xen-hvm
rpm: depend on linux-stubdom package Install both stubdom implementations: mini-os one (xen-hvm) and linux one (xen-hvm-stubdom-linux). QubesOS/qubes-issues#2185
2017-05-31 14:53:40 +02:00
Requires: xen-hvm-stubdom-linux
rpm: require libvirt new enough for type-pvh
2018-01-27 01:21:05 +01:00
Requires: libvirt-daemon-xen >= 3.3.0-7
rpm: Add libvirt to dependencies
2013-05-16 02:01:52 +02:00
%endif
dom0: watch for updates from dom0 (#198) Additionally synchronize clock every 6h. This is started by xdg-autostart (not qvm-core) to have running Xorg - needed to prompt user for updates download.
2011-07-16 02:04:56 +02:00
Requires: createrepo
dom0: require gnome-packagekit
2011-08-02 13:04:09 +02:00
Requires: gnome-packagekit
dom0/spec: require cron daemon (#429)
2012-01-30 16:27:12 +01:00
Requires: cronie
dispvm: speedup sparse files handling by using bsdtar Apparently it is much faster. Especially during savefile preparation - tar reads the whole file, while bsdtar gets file map and reads only used regions.
2015-03-30 05:29:14 +02:00
Requires: bsdtar
Revert "Revert "backup: use 'scrypt' tool for backup encryption and integrity protection"" This reverts commit 0f1672dc6393e61649d096debc1405d22ed6fc65. Bring it back. Lets not revert the whole feature just because required package exists only in qubes-builder, not in some online repository. Also, this revert didn't go as planned - there was a reference to a 'passphrase' local variable, but it wasn't assigned any value. Cc: @woju
2017-02-23 00:45:58 +01:00
Requires: scrypt
Require dmidecode - for qubes-hcl-report tool
2013-03-09 22:20:47 +01:00
# for qubes-hcl-report
Requires: dmidecode
rpm: add R: PyQt4 for guihelpers module It was pulled by qubes-manager, but since it is optional, we shouldn't rely on its dependencies.
2014-11-21 20:09:57 +01:00
Requires: PyQt4
dom0/spec: improve PackageKit settings 1. Do not try to tell "no network detected" 2. Do not try to tell "Distribution upgrade detected - Fedora 16"
2013-03-01 01:36:05 +01:00
rpm: cleanup scripts, use %systemd_* macros to handle services
2017-05-17 03:05:34 +02:00
%{?systemd_requires}
Add lvm thin pool storage implementation
2016-07-12 18:44:05 +02:00
# for lvm support
Requires: lvm2-python-libs
install python package with setuptools
2015-09-28 17:44:59 +02:00
rpm: integrate -doc package into main one It doesn't really make sense to keep man pages in separate package. Previously it was done to avoid some build dependencies (pandoc require a lot of them), but it isn't a problem anymore.
2017-05-11 22:09:59 +02:00
Obsoletes: qubes-core-dom0-doc <= 4.0
Provides: qubes-core-dom0-doc
dom0/spec: improve PackageKit settings 1. Do not try to tell "no network detected" 2. Do not try to tell "Distribution upgrade detected - Fedora 16"
2013-03-01 01:36:05 +01:00
# Prevent preupgrade from installation (it pretend to provide distribution upgrade)
Obsoletes: preupgrade < 2.0
Provides: preupgrade = 2.0
Create .spec.in and Source0
2018-01-25 11:55:39 +01:00
Source0: %{name}-%{version}.tar.gz
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
%description
The Qubes core files for installation on Dom0.
spec: generate proper debuginfo packages %setup macro must be present in %prep to set variables required by find-debuginfo script. Symlink is to place sources in nice /usr/src/debug/%{name}-%{version} subdir instead of plain /usr/src/debug/core (which can be ambiguous). Additionally all packages need to have _builddir pointing at top src dir (in core-dom0 it was dom0 subdir). And to cheat make about current dir (to have %{name}-%{version} included in path) chdir must be done by shell, not make - so can't use make -C.
2012-12-12 04:12:59 +01:00
%prep
Create .spec.in and Source0
2018-01-25 11:55:39 +01:00
%setup -q
spec: generate proper debuginfo packages %setup macro must be present in %prep to set variables required by find-debuginfo script. Symlink is to place sources in nice /usr/src/debug/%{name}-%{version} subdir instead of plain /usr/src/debug/core (which can be ambiguous). Additionally all packages need to have _builddir pointing at top src dir (in core-dom0 it was dom0 subdir). And to cheat make about current dir (to have %{name}-%{version} included in path) chdir must be done by shell, not make - so can't use make -C.
2012-12-12 04:12:59 +01:00
Precompilation of qubes.py On some systems rpmbuild will not automatically precompile qubes.py, resulting in the core-dom0 rpm bukd failure.
2010-04-10 13:52:19 +02:00
%build
rpm+makefile: move build/install code to Makefile files This makes build "scripts" not tied to Fedora-specific files. Especially ease porting to other platforms.
2013-06-15 23:14:54 +02:00
make all
rpm: integrate -doc package into main one It doesn't really make sense to keep man pages in separate package. Previously it was done to avoid some build dependencies (pandoc require a lot of them), but it isn't a problem anymore.
2017-05-11 22:09:59 +02:00
make -C doc PYTHON=%{__python3} SPHINXBUILD=sphinx-build-%{python3_version} man
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
rpm+makefile: move build/install code to Makefile files This makes build "scripts" not tied to Fedora-specific files. Especially ease porting to other platforms.
2013-06-15 23:14:54 +02:00
%install
Move /var/log/qubes and /var/run/qubes to qubes-core rpm from qubes-gui Because /var/log/qubes is used in qubes-core %post. While at it, do the same with /var/run/qubes.
2010-10-06 11:00:52 +02:00
rpm+makefile: move build/install code to Makefile files This makes build "scripts" not tied to Fedora-specific files. Especially ease porting to other platforms.
2013-06-15 23:14:54 +02:00
make install \
DESTDIR=$RPM_BUILD_ROOT \
UNITDIR=%{_unitdir} \
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
PYTHON_SITEPATH=%{python3_sitelib} \
rpm+makefile: move build/install code to Makefile files This makes build "scripts" not tied to Fedora-specific files. Especially ease porting to other platforms.
2013-06-15 23:14:54 +02:00
SYSCONFDIR=%{_sysconfdir}
Use proper dracut module and conf files... ... instead of the ugly and incompatible /usr/share/qubes/regenerate_initramfs.sh script
2011-09-02 16:55:39 +02:00
rpm: integrate -doc package into main one It doesn't really make sense to keep man pages in separate package. Previously it was done to avoid some build dependencies (pandoc require a lot of them), but it isn't a problem anymore.
2017-05-11 22:09:59 +02:00
make -C doc DESTDIR=$RPM_BUILD_ROOT \
PYTHON=%{__python3} SPHINXBUILD=sphinx-build-%{python3_version} \
install
rpm: include directory for backup profiles QubesOS/qubes-issues#2931
2017-07-21 03:16:57 +02:00
mkdir -p $RPM_BUILD_ROOT/etc/qubes/backup
rpm: integrate -doc package into main one It doesn't really make sense to keep man pages in separate package. Previously it was done to avoid some build dependencies (pandoc require a lot of them), but it isn't a problem anymore.
2017-05-11 22:09:59 +02:00
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
%post
rpm: cleanup scripts, use %systemd_* macros to handle services
2017-05-17 03:05:34 +02:00
%systemd_post qubes-core.service
%systemd_post qubes-qmemman.service
%systemd_post qubesd.service
rpm specs: %post cleanup Moved some stuff from the begging of %post sections after the 'if installing-for-the-first-time' check.
2010-06-14 23:52:21 +02:00
dom0: Edit xl.conf in %post instead of overriding file (rpm file conflict)
2011-06-23 14:39:17 +02:00
sed '/^autoballoon=/d;/^lockfile=/d' -i /etc/xen/xl.conf
echo 'autoballoon=0' >> /etc/xen/xl.conf
echo 'lockfile="/var/run/qubes/xl-lock"' >> /etc/xen/xl.conf
rpm: disable prelink only when present It isn't installed by default. QubesOS/qubes-issues#2412
2016-11-03 22:18:09 +01:00
if [ -e /etc/sysconfig/prelink ]; then
dom0/spec: disable prelink service
2011-10-07 21:28:26 +02:00
sed 's/^PRELINKING\s*=.*/PRELINKING=no/' -i /etc/sysconfig/prelink
rpm: disable prelink only when present It isn't installed by default. QubesOS/qubes-issues#2412
2016-11-03 22:18:09 +01:00
fi
dom0/spec: disable prelink service
2011-10-07 21:28:26 +02:00
dom0/init: implement systemd unit files They cover standard init.d scripts when system have systemd, so can be placed both in one package.
2013-01-27 00:04:40 +01:00
# Conflicts with libxl stack, so disable it
systemctl --no-reload disable xend.service >/dev/null 2>&1
dom0/systemd: disable xendomains.service
2013-02-13 16:54:29 +01:00
systemctl --no-reload disable xendomains.service >/dev/null 2>&1
spec: fix typi in %post
2013-05-04 04:33:07 +02:00
systemctl daemon-reload >/dev/null 2>&1 || :
dom0/init: implement systemd unit files They cover standard init.d scripts when system have systemd, so can be placed both in one package.
2013-01-27 00:04:40 +01:00
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
if ! [ -e /var/lib/qubes/qubes.xml ]; then
# echo "Initializing Qubes DB..."
rpm: adjust post-installation script for new tools QubesOS/qubes-issues#2412
2016-11-02 06:27:15 +01:00
umask 007; sg qubes -c 'qubes-create --offline-mode'
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
fi
%clean
rm -rf $RPM_BUILD_ROOT
spec: generate proper debuginfo packages %setup macro must be present in %prep to set variables required by find-debuginfo script. Symlink is to place sources in nice /usr/src/debug/%{name}-%{version} subdir instead of plain /usr/src/debug/core (which can be ambiguous). Additionally all packages need to have _builddir pointing at top src dir (in core-dom0 it was dom0 subdir). And to cheat make about current dir (to have %{name}-%{version} included in path) chdir must be done by shell, not make - so can't use make -C.
2012-12-12 04:12:59 +01:00
rm -f %{name}-%{version}
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
%pre
if ! grep -q ^qubes: /etc/group ; then
groupadd qubes
fi
Restart qubes_core after Xen update This is needed to re-set qubes permissions on some Xen sockets
2010-10-04 15:25:58 +02:00
%triggerin -- xen-runtime
The Underscores Revolution: filenames
2013-03-14 15:06:19 +01:00
/usr/lib/qubes/fix-dir-perms.sh
Restart qubes_core after Xen update This is needed to re-set qubes permissions on some Xen sockets
2010-10-04 15:25:58 +02:00
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
%preun
rpm: cleanup scripts, use %systemd_* macros to handle services
2017-05-17 03:05:34 +02:00
%systemd_preun qubes-core.service
%systemd_preun qubes-qmemman.service
%systemd_preun qubesd.service
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
if [ "$1" = 0 ] ; then
dom0 rpm: start/stop qubes services for install/update
2010-10-04 14:21:14 +02:00
# no more packages left
dom0/init: implement systemd unit files They cover standard init.d scripts when system have systemd, so can be placed both in one package.
2013-01-27 00:04:40 +01:00
service qubes_netvm stop
service qubes_core stop
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
fi
%postun
rpm: cleanup scripts, use %systemd_* macros to handle services
2017-05-17 03:05:34 +02:00
%systemd_postun qubes-core.service
%systemd_postun_with_restart qubes-qmemman.service
%systemd_postun_with_restart qubesd.service
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
if [ "$1" = 0 ] ; then
# no more packages left
chgrp root /etc/xen
chmod 700 /etc/xen
groupdel qubes
fi
%files
%defattr(-,root,root,-)
dom0/spec: fix spec for qmemman.conf
2012-03-29 16:17:10 +02:00
%config(noreplace) %attr(0664,root,qubes) %{_sysconfdir}/qubes/qmemman.conf
qubespolicy: run GUI code inside user session and expose it as dbus object This way it will work independently from where qrexec-policy tool will be called (in most cases - from a system service, as root). This is also very similar architecture to what we'll need when moving to GUI domain - there GUI part will also be separated from policy evaluation logic. QubesOS/qubes-issues#910
2017-04-06 15:39:31 +02:00
%config(noreplace) /etc/dbus-1/system.d/org.qubesos.PolicyAgent.conf
rpm: include directory for backup profiles QubesOS/qubes-issues#2931
2017-07-21 03:16:57 +02:00
%attr(770,root,qubes) %dir /etc/qubes/backup
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00
/usr/bin/qvm-*
dom0/spec: include qubes-* tools in rpm (#421)
2012-02-07 03:24:52 +01:00
/usr/bin/qubes-*
core3: move qmemman This is part of fixing qvm-start. qmemman was moved with minimal touching, mainly module names. Moved function parsing human-readable sizes from core2. This function is wrong, because it treats k/M/G as 1024-based, but leave it for now.
2015-10-01 22:14:35 +02:00
/usr/bin/qmemmand
qubes/tools/qubesd-query: low-level interrogation tool
2017-02-09 21:11:41 +01:00
/usr/bin/qubesd*
policy: qrexec-policy cli tool This is the tool called by qrexec-daemon.
2017-03-21 02:42:28 +01:00
/usr/bin/qrexec-policy
qubespolicy: run GUI code inside user session and expose it as dbus object This way it will work independently from where qrexec-policy tool will be called (in most cases - from a system service, as root). This is also very similar architecture to what we'll need when moving to GUI domain - there GUI part will also be separated from policy evaluation logic. QubesOS/qubes-issues#910
2017-04-06 15:39:31 +02:00
/usr/bin/qrexec-policy-agent
qubespolicy: add a tool to analyze policy in form of graph Output possible connections between VMs in form of dot file. Fixes QubesOS/qubes-issues#2873
2017-06-27 04:46:35 +02:00
/usr/bin/qrexec-policy-graph
add core3 to Makefiles and spec
2015-01-13 18:23:04 +01:00
qubespolicy: add a tool to analyze policy in form of graph Output possible connections between VMs in form of dot file. Fixes QubesOS/qubes-issues#2873
2017-06-27 04:46:35 +02:00
%{_mandir}/man1/qrexec-policy-graph.1*
rpm: integrate -doc package into main one It doesn't really make sense to keep man pages in separate package. Previously it was done to avoid some build dependencies (pandoc require a lot of them), but it isn't a problem anymore.
2017-05-11 22:09:59 +02:00
%{_mandir}/man1/qubes*.1*
doc: link qvm-device man page for qvm-block, qvm-pci, qvm-usb Those three are special cases of qvm-device tool, so lets use its documentation too.
2018-01-11 03:44:53 +01:00
%{_mandir}/man1/qvm-*.1*
rpm: integrate -doc package into main one It doesn't really make sense to keep man pages in separate package. Previously it was done to avoid some build dependencies (pandoc require a lot of them), but it isn't a problem anymore.
2017-05-11 22:09:59 +02:00
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
%dir %{python3_sitelib}/qubes-*.egg-info
%{python3_sitelib}/qubes-*.egg-info/*
%dir %{python3_sitelib}/qubes
%dir %{python3_sitelib}/qubes/__pycache__
%{python3_sitelib}/qubes/__pycache__/*
%{python3_sitelib}/qubes/__init__.py
%{python3_sitelib}/qubes/app.py
%{python3_sitelib}/qubes/backup.py
%{python3_sitelib}/qubes/config.py
%{python3_sitelib}/qubes/core2migration.py
%{python3_sitelib}/qubes/devices.py
%{python3_sitelib}/qubes/dochelpers.py
%{python3_sitelib}/qubes/events.py
%{python3_sitelib}/qubes/exc.py
qubes/tools/qubesd: initial version
2017-02-02 13:03:08 +01:00
%{python3_sitelib}/qubes/firewall.py
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
%{python3_sitelib}/qubes/log.py
%{python3_sitelib}/qubes/rngdoc.py
%{python3_sitelib}/qubes/tarwriter.py
%{python3_sitelib}/qubes/utils.py
Rename MgmtAPI to AdminAPI - part 1: classes QubesOS/qubes-issues#853
2017-05-12 19:07:41 +02:00
%dir %{python3_sitelib}/qubes/api
%dir %{python3_sitelib}/qubes/api/__pycache__
%{python3_sitelib}/qubes/api/__pycache__/*
%{python3_sitelib}/qubes/api/__init__.py
%{python3_sitelib}/qubes/api/admin.py
Migrate qubes.NotifyTools, qubes.FeaturesRequest, qubes.NotifyUpdates Make them call into qubesd. Create separate socket for "misc" calls - VM accessible, but not part of Admin API.
2017-06-03 04:52:30 +02:00
%{python3_sitelib}/qubes/api/internal.py
%{python3_sitelib}/qubes/api/misc.py
Rename MgmtAPI to AdminAPI - part 1: classes QubesOS/qubes-issues#853
2017-05-12 19:07:41 +02:00
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
%dir %{python3_sitelib}/qubes/vm
%dir %{python3_sitelib}/qubes/vm/__pycache__
%{python3_sitelib}/qubes/vm/__pycache__/*
%{python3_sitelib}/qubes/vm/__init__.py
%{python3_sitelib}/qubes/vm/adminvm.py
%{python3_sitelib}/qubes/vm/appvm.py
%{python3_sitelib}/qubes/vm/dispvm.py
%{python3_sitelib}/qubes/vm/qubesvm.py
%{python3_sitelib}/qubes/vm/standalonevm.py
%{python3_sitelib}/qubes/vm/templatevm.py
%dir %{python3_sitelib}/qubes/vm/mix
%dir %{python3_sitelib}/qubes/vm/mix/__pycache__
%{python3_sitelib}/qubes/vm/mix/__pycache__/*
%{python3_sitelib}/qubes/vm/mix/__init__.py
%{python3_sitelib}/qubes/vm/mix/net.py
%dir %{python3_sitelib}/qubes/storage
%dir %{python3_sitelib}/qubes/storage/__pycache__
%{python3_sitelib}/qubes/storage/__pycache__/*
%{python3_sitelib}/qubes/storage/__init__.py
%{python3_sitelib}/qubes/storage/file.py
file-reflink, a storage driver optimized for CoW filesystems This adds the file-reflink storage driver. It is never selected automatically for pool creation, especially not the creation of 'varlibqubes' (though it can be used if set up manually). The code is quite small: reflink.py lvm.py file.py + block-snapshot sloccount 334 lines 447 (134%) 570 (171%) Background: btrfs and XFS (but not yet ZFS) support instant copies of individual files through the 'FICLONE' ioctl behind 'cp --reflink'. Which file-reflink uses to snapshot VM image files without an extra device-mapper layer. All the snapshots are essentially freestanding; there's no functional origin vs. snapshot distinction. In contrast to 'file'-on-btrfs, file-reflink inherently avoids CoW-on-CoW. Which is a bigger issue now on R4.0, where even AppVMs' private volumes are CoW. (And turning off the lower, filesystem-level CoW for 'file'-on-btrfs images would turn off data checksums too, i.e. protection against bit rot.) Also in contrast to 'file', all storage features are supported, including - any number of revisions_to_keep - volume.revert() - volume.is_outdated - online fstrim/discard Example tree of a file-reflink pool - *-dirty.img are connected to Xen: - /var/lib/testpool/appvms/foo/volatile-dirty.img - /var/lib/testpool/appvms/foo/root-dirty.img - /var/lib/testpool/appvms/foo/root.img - /var/lib/testpool/appvms/foo/private-dirty.img - /var/lib/testpool/appvms/foo/private.img - /var/lib/testpool/appvms/foo/private.img@2018-01-02T03:04:05Z - /var/lib/testpool/appvms/foo/private.img@2018-01-02T04:05:06Z - /var/lib/testpool/appvms/foo/private.img@2018-01-02T05:06:07Z - /var/lib/testpool/appvms/bar/... - /var/lib/testpool/appvms/... - /var/lib/testpool/template-vms/fedora-26/... - /var/lib/testpool/template-vms/... It looks similar to a 'file' pool tree, and in fact file-reflink is drop-in compatible: $ qvm-shutdown --all --wait $ systemctl stop qubesd $ sed 's/ driver="file"/ driver="file-reflink"/g' -i.bak /var/lib/qubes/qubes.xml $ systemctl start qubesd $ sudo rm -f /path/to/pool/*/*/*-cow.img* If the user tries to create a fresh file-reflink pool on a filesystem that doesn't support reflinks, qvm-pool will abort and mention the 'setup_check=no' option. Which can be passed to force a fallback on regular sparse copies, with of course lots of time/space overhead. The same fallback code is also used when initially cloning a VM from a foreign pool, or from another file-reflink pool on a different mountpoint. 'journalctl -fu qubesd' will show all file-reflink copy/rename/remove operations on VM creation/startup/shutdown/etc.
2018-02-12 22:20:05 +01:00
%{python3_sitelib}/qubes/storage/reflink.py
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
%{python3_sitelib}/qubes/storage/kernels.py
%{python3_sitelib}/qubes/storage/lvm.py
%dir %{python3_sitelib}/qubes/tools
%dir %{python3_sitelib}/qubes/tools/__pycache__
%{python3_sitelib}/qubes/tools/__pycache__/*
%{python3_sitelib}/qubes/tools/__init__.py
%{python3_sitelib}/qubes/tools/qmemmand.py
%{python3_sitelib}/qubes/tools/qubes_create.py
qubes/tools/qubesd: initial version
2017-02-02 13:03:08 +01:00
%{python3_sitelib}/qubes/tools/qubesd.py
qubes/tools/qubesd-query: low-level interrogation tool
2017-02-09 21:11:41 +01:00
%{python3_sitelib}/qubes/tools/qubesd_query.py
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
%dir %{python3_sitelib}/qubes/ext
%dir %{python3_sitelib}/qubes/ext/__pycache__
%{python3_sitelib}/qubes/ext/__pycache__/*
%{python3_sitelib}/qubes/ext/__init__.py
rpm_spec: fix
2017-06-23 10:26:04 +02:00
%{python3_sitelib}/qubes/ext/admin.py
ext: BlockDevices extension Handle block devices exposed by VMs
2017-05-29 21:20:06 +02:00
%{python3_sitelib}/qubes/ext/block.py
api/misc: integrate qubes.NotifyTools logic with qubes.FeaturesRequest Make qubes.NotifyTools reuse logic of qubes.FeaturesRequest, then move actual request processing to 'features-request' event handler. At the same time implement handling 'qrexec' and 'gui' features request - allowing to set template features when wasn't already there. Behavior change: template is no longer allowed to change feature value (regardless of being True or False). This means the user will always be able to override what template have set.
2017-06-12 12:22:39 +02:00
%{python3_sitelib}/qubes/ext/core_features.py
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
%{python3_sitelib}/qubes/ext/gui.py
%{python3_sitelib}/qubes/ext/pci.py
%{python3_sitelib}/qubes/ext/qubesmanager.py
%{python3_sitelib}/qubes/ext/r3compatibility.py
ext/services: move exporting 'service.*' features to extensions This means core code will not publish any features by default.
2017-07-28 15:08:33 +02:00
%{python3_sitelib}/qubes/ext/services.py
Update windows-related feature requests Handle 'os' feature - if it's Windows, then set rpc-clipboard feature. Handle 'gui-emulated' feature - request for specifically stubdomain GUI. With 'gui' feature it is only possible to enable gui-agent based on, or disable GUI completely. Handle 'default-user' - verify it for weird characters and set 'default_user' property (if wasn't already set). QubesOS/qubes-issues#3585
2018-07-09 19:42:18 +02:00
%{python3_sitelib}/qubes/ext/windows.py
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
%dir %{python3_sitelib}/qubes/tests
%dir %{python3_sitelib}/qubes/tests/__pycache__
%{python3_sitelib}/qubes/tests/__pycache__/*
%{python3_sitelib}/qubes/tests/__init__.py
%{python3_sitelib}/qubes/tests/run.py
%{python3_sitelib}/qubes/tests/extra.py
tests: adjust TC_00_QubesDaemonProtocol for reorganized api module
2017-06-21 06:25:59 +02:00
%{python3_sitelib}/qubes/tests/api.py
Rename MgmtAPI to AdminAPI - part 1: classes QubesOS/qubes-issues#853
2017-05-12 19:07:41 +02:00
%{python3_sitelib}/qubes/tests/api_admin.py
Migrate qubes.NotifyTools, qubes.FeaturesRequest, qubes.NotifyUpdates Make them call into qubesd. Create separate socket for "misc" calls - VM accessible, but not part of Admin API.
2017-06-03 04:52:30 +02:00
%{python3_sitelib}/qubes/tests/api_misc.py
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
%{python3_sitelib}/qubes/tests/app.py
%{python3_sitelib}/qubes/tests/devices.py
ext: BlockDevices extension Handle block devices exposed by VMs
2017-05-29 21:20:06 +02:00
%{python3_sitelib}/qubes/tests/devices_block.py
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
%{python3_sitelib}/qubes/tests/events.py
api/misc: integrate qubes.NotifyTools logic with qubes.FeaturesRequest Make qubes.NotifyTools reuse logic of qubes.FeaturesRequest, then move actual request processing to 'features-request' event handler. At the same time implement handling 'qrexec' and 'gui' features request - allowing to set template features when wasn't already there. Behavior change: template is no longer allowed to change feature value (regardless of being True or False). This means the user will always be able to override what template have set.
2017-06-12 12:22:39 +02:00
%{python3_sitelib}/qubes/tests/ext.py
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
%{python3_sitelib}/qubes/tests/firewall.py
%{python3_sitelib}/qubes/tests/init.py
%{python3_sitelib}/qubes/tests/storage.py
%{python3_sitelib}/qubes/tests/storage_file.py
tests/storage_reflink: test some file-reflink helpers Tested: - _copy_file() - _create_sparse_file() - _resize_file() - _update_loopdev_sizes() Smoke tested by calls from the functions above: - _replace_file() - _rename_file() - _make_dir() - _fsync_dir()
2018-09-12 01:50:32 +02:00
%{python3_sitelib}/qubes/tests/storage_reflink.py
tests: very basic tests for LinuxKernel pool
2017-05-17 01:40:10 +02:00
%{python3_sitelib}/qubes/tests/storage_kernels.py
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
%{python3_sitelib}/qubes/tests/storage_lvm.py
%{python3_sitelib}/qubes/tests/tarwriter.py
%dir %{python3_sitelib}/qubes/tests/vm
%dir %{python3_sitelib}/qubes/tests/vm/__pycache__
%{python3_sitelib}/qubes/tests/vm/__pycache__/*
%{python3_sitelib}/qubes/tests/vm/__init__.py
%{python3_sitelib}/qubes/tests/vm/init.py
%{python3_sitelib}/qubes/tests/vm/adminvm.py
tests: basic tests for AppVM Specifically, check if root volume is updated after template switch.
2017-06-04 01:13:57 +02:00
%{python3_sitelib}/qubes/tests/vm/appvm.py
vm/dispvm: add auto_cleanup property, unify creating new DispVM Add auto_cleanup property, which remove DispVM after its shutdown - this is to unify DispVM handling - less places needing special handling after DispVM shutdown. New DispVM inherit all settings from respective AppVM. Move this from classmethod `DispVM.from_appvm()`, to DispVM constructor. This unify creating new DispVM with any other VM class. Notable exception are attached devices - because only one running VM can have a device attached, this would prevent second DispVM started from the same AppVM. If one need DispVM with some device attached, one can create DispVM with auto_cleanup=False. Such DispVM will still not have persistent storage (as any other DispVM). Tests included. QubesOS/qubes-issues#2974
2017-08-06 12:27:35 +02:00
%{python3_sitelib}/qubes/tests/vm/dispvm.py
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
%{python3_sitelib}/qubes/tests/vm/qubesvm.py
%dir %{python3_sitelib}/qubes/tests/vm/mix
%dir %{python3_sitelib}/qubes/tests/vm/mix/__pycache__
%{python3_sitelib}/qubes/tests/vm/mix/__pycache__/*
%{python3_sitelib}/qubes/tests/vm/mix/__init__.py
%{python3_sitelib}/qubes/tests/vm/mix/net.py
%dir %{python3_sitelib}/qubes/tests/tools
%dir %{python3_sitelib}/qubes/tests/tools/__pycache__
%{python3_sitelib}/qubes/tests/tools/__pycache__/*
%{python3_sitelib}/qubes/tests/tools/__init__.py
%dir %{python3_sitelib}/qubes/tests/integ
%dir %{python3_sitelib}/qubes/tests/integ/__pycache__
%{python3_sitelib}/qubes/tests/integ/__pycache__/*
%{python3_sitelib}/qubes/tests/integ/__init__.py
%{python3_sitelib}/qubes/tests/integ/backup.py
%{python3_sitelib}/qubes/tests/integ/backupcompatibility.py
%{python3_sitelib}/qubes/tests/integ/basic.py
%{python3_sitelib}/qubes/tests/integ/devices_pci.py
%{python3_sitelib}/qubes/tests/integ/dispvm.py
%{python3_sitelib}/qubes/tests/integ/dom0_update.py
%{python3_sitelib}/qubes/tests/integ/network.py
tests: convert pvgrub tests to core3 API QubesOS/qubes-issues#3563
2018-02-27 02:28:31 +01:00
%{python3_sitelib}/qubes/tests/integ/pvgrub.py
tests: basic salt integration tests Test base functions of dom0 module (creating VM, setting property) and configuring system inside of VM (through DispVM). The later is done for each available template (the process use salt installed in that template, not copied from dom0). QubesOS/qubes-issues#3316
2017-12-21 18:14:39 +01:00
%{python3_sitelib}/qubes/tests/integ/salt.py
fix Makefile, setup.py, spec and travis QubesOS/qubes-issues#2074
2017-01-20 12:40:00 +01:00
%{python3_sitelib}/qubes/tests/integ/storage.py
%{python3_sitelib}/qubes/tests/integ/vm_qrexec_gui.py
%dir %{python3_sitelib}/qubes/tests/integ/tools
%dir %{python3_sitelib}/qubes/tests/integ/tools/__pycache__
%{python3_sitelib}/qubes/tests/integ/tools/__pycache__/*
%{python3_sitelib}/qubes/tests/integ/tools/__init__.py
%{python3_sitelib}/qubes/tests/integ/tools/qubes_create.py
%dir %{python3_sitelib}/qubes/qmemman
%dir %{python3_sitelib}/qubes/qmemman/__pycache__
%{python3_sitelib}/qubes/qmemman/__pycache__/*
%{python3_sitelib}/qubes/qmemman/__init__.py
%{python3_sitelib}/qubes/qmemman/algo.py
%{python3_sitelib}/qubes/qmemman/client.py
add core3 to Makefiles and spec
2015-01-13 18:23:04 +01:00
qubespolicy: initial version for core3 This is rewritten version of core-admin-linux/qrexec/qrexec-policy. It's placed outside of `qubes` module on purpose - to avoid imporing it, which require a lot of time. QubesOS/qubes-issues#865 QubesOS/qubes-issues#910
2017-03-20 22:22:20 +01:00
%dir %{python3_sitelib}/qubespolicy
%dir %{python3_sitelib}/qubespolicy/__pycache__
%{python3_sitelib}/qubespolicy/__pycache__/*
%{python3_sitelib}/qubespolicy/__init__.py
policy: qrexec-policy cli tool This is the tool called by qrexec-daemon.
2017-03-21 02:42:28 +01:00
%{python3_sitelib}/qubespolicy/cli.py
qubespolicy: run GUI code inside user session and expose it as dbus object This way it will work independently from where qrexec-policy tool will be called (in most cases - from a system service, as root). This is also very similar architecture to what we'll need when moving to GUI domain - there GUI part will also be separated from policy evaluation logic. QubesOS/qubes-issues#910
2017-04-06 15:39:31 +02:00
%{python3_sitelib}/qubespolicy/agent.py
rpm: add rpc-window related files to package QubesOS/qubes-issues#910
2017-03-24 16:26:32 +01:00
%{python3_sitelib}/qubespolicy/gtkhelpers.py
qubespolicy: ask to create default policy if none is found Fixes QubesOS/qubes-issues#3005
2017-08-13 02:36:26 +02:00
%{python3_sitelib}/qubespolicy/policycreateconfirmation.py
rpm: add rpc-window related files to package QubesOS/qubes-issues#910
2017-03-24 16:26:32 +01:00
%{python3_sitelib}/qubespolicy/rpcconfirmation.py
%{python3_sitelib}/qubespolicy/utils.py
qubespolicy: add a tool to analyze policy in form of graph Output possible connections between VMs in form of dot file. Fixes QubesOS/qubes-issues#2873
2017-06-27 04:46:35 +02:00
%{python3_sitelib}/qubespolicy/graph.py
rpm: add rpc-window related files to package QubesOS/qubes-issues#910
2017-03-24 16:26:32 +01:00
%dir %{python3_sitelib}/qubespolicy/tests
%dir %{python3_sitelib}/qubespolicy/tests/__pycache__
%{python3_sitelib}/qubespolicy/tests/__pycache__/*
%{python3_sitelib}/qubespolicy/tests/__init__.py
tests: qrexec-policy cli tool tests
2017-08-14 02:15:43 +02:00
%{python3_sitelib}/qubespolicy/tests/cli.py
rpm: add rpc-window related files to package QubesOS/qubes-issues#910
2017-03-24 16:26:32 +01:00
%{python3_sitelib}/qubespolicy/tests/gtkhelpers.py
%{python3_sitelib}/qubespolicy/tests/rpcconfirmation.py
%dir %{python3_sitelib}/qubespolicy/glade
qubespolicy: ask to create default policy if none is found Fixes QubesOS/qubes-issues#3005
2017-08-13 02:36:26 +02:00
%{python3_sitelib}/qubespolicy/glade/PolicyCreateConfirmationWindow.glade
rpm: add rpc-window related files to package QubesOS/qubes-issues#910
2017-03-24 16:26:32 +01:00
%{python3_sitelib}/qubespolicy/glade/RPCConfirmationWindow.glade
qubespolicy: initial version for core3 This is rewritten version of core-admin-linux/qrexec/qrexec-policy. It's placed outside of `qubes` module on purpose - to avoid imporing it, which require a lot of time. QubesOS/qubes-issues#865 QubesOS/qubes-issues#910
2017-03-20 22:22:20 +01:00
The Underscores Revolution: filenames
2013-03-14 15:06:19 +01:00
/usr/lib/qubes/cleanup-dispvms
/usr/lib/qubes/fix-dir-perms.sh
dom0/init: implement systemd unit files They cover standard init.d scripts when system have systemd, so can be placed both in one package.
2013-01-27 00:04:40 +01:00
/usr/lib/qubes/startup-misc.sh
admin-api: create and install actual Admin API RPC endpoints Install files in /etc/qubes-rpc for all methods defined in API documentation, even if not yet implemented (qubesd will handle it raising appropriate exception). Use minimal program written in C (qubesd-query-fast), instead of qubesd-query in python for performance reasons: - a single qubesd-query run: ~300ms - equivalent in shell (echo | nc -U): ~40ms - qubesd-query-fast: ~20ms Many tools makes multiple API calls, so performance here do matter. For example qvm-ls (from VM) currently takes about 60s on a system with 24 VMs. Also make use of `$include:` directive in policy file, to make it easier defining a VM with full Admin API access. QubesOS/qubes-issues#853
2017-05-23 03:24:15 +02:00
/usr/libexec/qubes/qubesd-query-fast
Order qubesd.service after lvm2-pvscan@.service qubesd needs to list LVM volumes, so start it when the list is available. Fixes QubesOS/qubes-issues#2960
2017-08-12 19:50:50 +02:00
%{_unitdir}/lvm2-pvscan@.service.d/30_qubes.conf
dom0/init: implement systemd unit files They cover standard init.d scripts when system have systemd, so can be placed both in one package.
2013-01-27 00:04:40 +01:00
%{_unitdir}/qubes-core.service
%{_unitdir}/qubes-qmemman.service
Support for autostart VMs (#724)
2013-11-20 02:57:17 +01:00
%{_unitdir}/qubes-vm@.service
qubes/tools/qubesd: initial version
2017-02-02 13:03:08 +01:00
%{_unitdir}/qubesd.service
rpm: set sgid for data directories Make sure that contents belong to qubes group, even when created by root user.
2013-05-20 01:34:32 +02:00
%attr(2770,root,qubes) %dir /var/lib/qubes
%attr(2770,root,qubes) %dir /var/lib/qubes/vm-templates
%attr(2770,root,qubes) %dir /var/lib/qubes/appvms
%attr(2770,root,qubes) %dir /var/lib/qubes/servicevms
%attr(2770,root,qubes) %dir /var/lib/qubes/backup
%attr(2770,root,qubes) %dir /var/lib/qubes/dvmdata
%attr(2770,root,qubes) %dir /var/lib/qubes/vm-kernels
HVM part 1
2016-03-02 12:17:29 +01:00
/usr/share/qubes/templates/libvirt/xen.xml
ext: BlockDevices extension Handle block devices exposed by VMs
2017-05-29 21:20:06 +02:00
/usr/share/qubes/templates/libvirt/devices/block.xml
Rewrite PCI attaching/detaching from xl to libvirt The only remaining part is querying vm-side BDF. That can't be done in libvirt.
2016-06-15 19:08:00 +02:00
/usr/share/qubes/templates/libvirt/devices/pci.xml
Move libvirt XML network device to jinja
2016-06-15 19:41:11 +02:00
/usr/share/qubes/templates/libvirt/devices/net.xml
Use tmpfile.d to create /var/run subdirs This way it will be done much earlier, so qubes-db can be started before qubes-core.service - which will solve startup dependency loop problem.
2015-02-02 04:48:42 +01:00
/usr/lib/tmpfiles.d/qubes.conf
Update TemplateVM with running AppVM: part 1 snapshot and origin device type for xen
2011-02-26 03:42:55 +01:00
/etc/xen/scripts/block-snapshot
/etc/xen/scripts/block-origin
Switch to routed VM network (instead of bridging) No headache from layer 2 attacks.
2010-09-06 17:07:42 +02:00
/etc/xen/scripts/vif-route-qubes
qubespolicy: ask to create default policy if none is found Fixes QubesOS/qubes-issues#3005
2017-08-13 02:36:26 +02:00
%attr(2775,root,qubes) %dir /etc/qubes-rpc/policy
admin-api: create and install actual Admin API RPC endpoints Install files in /etc/qubes-rpc for all methods defined in API documentation, even if not yet implemented (qubesd will handle it raising appropriate exception). Use minimal program written in C (qubesd-query-fast), instead of qubesd-query in python for performance reasons: - a single qubesd-query run: ~300ms - equivalent in shell (echo | nc -U): ~40ms - qubesd-query-fast: ~20ms Many tools makes multiple API calls, so performance here do matter. For example qvm-ls (from VM) currently takes about 60s on a system with 24 VMs. Also make use of `$include:` directive in policy file, to make it easier defining a VM with full Admin API access. QubesOS/qubes-issues#853
2017-05-23 03:24:15 +02:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/admin.*
Generate policy for Admin API calls based on annotations on actual methods This ease Admin API administration, and also adds checking if qrexec policy + scripts matches actual Admin API methods implementation. The idea is to classify every Admin API method as either local read-only, local read-write, global read-only or global read-write. Where local/global means affecting a single VM, or the whole system. See QubesOS/qubes-issues#2871 for details. Fixes QubesOS/qubes-issues#2871
2017-06-27 01:55:17 +02:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/include/admin-local-ro
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/include/admin-local-rwx
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/include/admin-global-ro
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/include/admin-global-rwx
qubes/tools/qvm-features: add tool for managing qvm-features QubesOS/qubes-issues#1637
2016-05-17 18:12:24 +02:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.FeaturesRequest
The Underscores Revolution: RPC services
2013-03-14 01:22:43 +01:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.Filecopy
qubes-rpc-policy/qubes.GetImageRGBA.policy needed for qubes-app-linux-img-converter
2014-05-20 17:47:25 +02:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.GetImageRGBA
qubes/tools/qvm-features: add tool for managing qvm-features QubesOS/qubes-issues#1637
2016-05-17 18:12:24 +02:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.GetRandomizedTime
Allow HVM to notify dom0 about tools installation HVM can set some xenstore entries (in qubes-tools/ subtree) to pass informations about installed tools to dom0. qubes.NotifyTools service triggers update of VM properties (like qrexec_installed). This way, after installation of Qubes Windows Tools, the user doesn't need to change any VM settings to use the tools.
2013-10-28 05:09:54 +01:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.NotifyTools
The Underscores Revolution: RPC services
2013-03-14 01:22:43 +01:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.NotifyUpdates
qubes/tools/qvm-features: add tool for managing qvm-features QubesOS/qubes-issues#1637
2016-05-17 18:12:24 +02:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.OpenInVM
Merge branch 'master' into core3-devel Remains to be fixed: 88cb62fc d2640b51 958c2926
2016-06-13 19:03:46 +02:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.OpenURL
Add default policy for qubes.StartApp service Fixes QubesOS/qubes-issues#3044
2018-02-27 14:26:20 +01:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.StartApp
The Underscores Revolution: RPC services
2013-03-14 01:22:43 +01:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.VMShell
Add default policy for qubes.VMRootShell service
2017-08-06 12:50:17 +02:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.VMRootShell
Add default policy for qubes.UpdatesProxy service QubesOS/qubes-issues#1854
2017-05-26 05:27:34 +02:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.UpdatesProxy
clock synchronization rewrite clock synchronization mechanism rewritten to use systemd-timesync instead of NtpDate; at the moment, requires: - modifying /etc/qubes-rpc/policy/qubes.GetDate to redirect GetDate to designated clockvm - enabling clocksync service in clockvm ( qvm-features clockvm-name service/clocksync true ) Works as specified in issue listed below, except for: - each VM synces with clockvm after boot and every 6h - clockvm synces time with the Internet using systemd-timesync - dom0 synces itself with clockvm every 1h (using cron) fixes QubesOS/qubes-issues#1230
2017-07-06 23:37:26 +02:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.GetDate
qubes-rpc: policy.RegisterArgument This qrexec is meant for services, which require some kind of "registering" before use. After registering, the backend should invoke this call with frontend as the intended destination, with the actual service in argument of this call and the argument as the payload. By default this qrexec is disabled by policy. Signed-off-by: Wojtek Porczyk <woju@invisiblethingslab.com>
2017-11-30 00:17:59 +01:00
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/policy.RegisterArgument
admin-api: create and install actual Admin API RPC endpoints Install files in /etc/qubes-rpc for all methods defined in API documentation, even if not yet implemented (qubesd will handle it raising appropriate exception). Use minimal program written in C (qubesd-query-fast), instead of qubesd-query in python for performance reasons: - a single qubesd-query run: ~300ms - equivalent in shell (echo | nc -U): ~40ms - qubesd-query-fast: ~20ms Many tools makes multiple API calls, so performance here do matter. For example qvm-ls (from VM) currently takes about 60s on a system with 24 VMs. Also make use of `$include:` directive in policy file, to make it easier defining a VM with full Admin API access. QubesOS/qubes-issues#853
2017-05-23 03:24:15 +02:00
/etc/qubes-rpc/admin.*
qubes/tools/qvm-features: add tool for managing qvm-features QubesOS/qubes-issues#1637
2016-05-17 18:12:24 +02:00
/etc/qubes-rpc/qubes.FeaturesRequest
Add qubes.GetDate proxy service This enable two things: 1. Follow global clockvm setting, without adjusting qrexec policy. 2. Avoid starting clockvm by arbitrary VM. Fixes QubesOS/qubes-issues#3588
2018-03-02 20:39:28 +01:00
/etc/qubes-rpc/qubes.GetDate
qubes/tools/qvm-features: add tool for managing qvm-features QubesOS/qubes-issues#1637
2016-05-17 18:12:24 +02:00
/etc/qubes-rpc/qubes.GetRandomizedTime
Allow HVM to notify dom0 about tools installation HVM can set some xenstore entries (in qubes-tools/ subtree) to pass informations about installed tools to dom0. qubes.NotifyTools service triggers update of VM properties (like qrexec_installed). This way, after installation of Qubes Windows Tools, the user doesn't need to change any VM settings to use the tools.
2013-10-28 05:09:54 +01:00
/etc/qubes-rpc/qubes.NotifyTools
The Underscores Revolution: RPC services
2013-03-14 01:22:43 +01:00
/etc/qubes-rpc/qubes.NotifyUpdates
qubes-rpc: policy.RegisterArgument This qrexec is meant for services, which require some kind of "registering" before use. After registering, the backend should invoke this call with frontend as the intended destination, with the actual service in argument of this call and the argument as the payload. By default this qrexec is disabled by policy. Signed-off-by: Wojtek Porczyk <woju@invisiblethingslab.com>
2017-11-30 00:17:59 +01:00
/etc/qubes-rpc/policy.RegisterArgument
Move /var/log/qubes and /var/run/qubes to qubes-core rpm from qubes-gui Because /var/log/qubes is used in qubes-core %post. While at it, do the same with /var/run/qubes.
2010-10-06 11:00:52 +02:00
%attr(2770,root,qubes) %dir /var/log/qubes
dom0/spec: fix file permissions in package
2012-10-23 05:46:25 +02:00
%attr(0770,root,qubes) %dir /var/run/qubes
qubespolicy: run GUI code inside user session and expose it as dbus object This way it will work independently from where qrexec-policy tool will be called (in most cases - from a system service, as root). This is also very similar architecture to what we'll need when moving to GUI domain - there GUI part will also be separated from policy evaluation logic. QubesOS/qubes-issues#910
2017-04-06 15:39:31 +02:00
/etc/xdg/autostart/qrexec-policy-agent.desktop
rpm: install RelaxNG specfiles
2015-01-13 23:52:19 +01:00
/usr/share/doc/qubes/relaxng/*.rng
spec.in: add changelog placeholder
2018-04-03 21:30:15 +02:00
%changelog
@CHANGELOG@
Reference in New Issue Copy Permalink