diff --git a/dom0/aux-tools/qubes-dom0.modules b/dom0/aux-tools/qubes-dom0.modules index 60965743..31431c69 100755 --- a/dom0/aux-tools/qubes-dom0.modules +++ b/dom0/aux-tools/qubes-dom0.modules @@ -1 +1 @@ -modprobe pciback +modprobe pciback 2> /dev/null || modprobe xen-pciback diff --git a/dom0/dracut/modules.d/90qubes-pciback/installkernel b/dom0/dracut/modules.d/90qubes-pciback/installkernel index e360576f..427e99d3 100755 --- a/dom0/dracut/modules.d/90qubes-pciback/installkernel +++ b/dom0/dracut/modules.d/90qubes-pciback/installkernel @@ -1,2 +1,3 @@ #!/bin/bash -instmods pciback +modinfo -k $kernel pciback > /dev/null 2>&1 && instmods pciback +modinfo -k $kernel xen-pciback > /dev/null 2>&1 && instmods xen-pciback diff --git a/dom0/dracut/modules.d/90qubes-pciback/qubes-pciback.sh b/dom0/dracut/modules.d/90qubes-pciback/qubes-pciback.sh index cc76ea39..2ba649be 100755 --- a/dom0/dracut/modules.d/90qubes-pciback/qubes-pciback.sh +++ b/dom0/dracut/modules.d/90qubes-pciback/qubes-pciback.sh @@ -4,5 +4,5 @@ HIDE_PCI=`lspci -mm -n | grep '^[^ ]* "02'|awk '{ ORS="";print "(" $1 ")";}'` # ... and hide them so that Dom0 doesn't load drivers for them -modprobe pciback hide=$HIDE_PCI +modprobe pciback hide=$HIDE_PCI 2> /dev/null || modprobe xen-pciback hide=$HIDE_PCI diff --git a/dom0/init.d/qubes_core b/dom0/init.d/qubes_core index 26ca4189..a3974289 100755 --- a/dom0/init.d/qubes_core +++ b/dom0/init.d/qubes_core @@ -20,7 +20,7 @@ start() { echo -n $"Executing Qubes Core scripts:" - modprobe evtchn + modprobe evtchn 2> /dev/null || modprobe xen-evtchn chgrp qubes /etc/xen chmod 710 /etc/xen chgrp qubes /var/run/xenstored/* diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 0e9d573b..3332021c 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -356,6 +356,7 @@ class QubesVm(object): except: pass os.symlink (new_label.icon_path, self.icon_path) + subprocess.call(['sudo', 'xdg-icon-resource', 'forceupdate']) @property def ip(self): @@ -1003,15 +1004,21 @@ class QubesVm(object): ) for rule in conf["rules"]: + # For backward compatibility + if "proto" not in rule: + rule["proto"] = "tcp" element = xml.etree.ElementTree.Element( "rule", address=rule["address"], - port=str(rule["portBegin"]), + proto=str(rule["proto"]), ) if rule["netmask"] is not None and rule["netmask"] != 32: element.set("netmask", str(rule["netmask"])) - if rule["portEnd"] is not None: + if rule["portBegin"] is not None and rule["portBegin"] > 0: + element.set("port", str(rule["portBegin"])) + if rule["portEnd"] is not None and rule["portEnd"] > 0: element.set("toport", str(rule["portEnd"])) + root.append(element) tree = xml.etree.ElementTree.ElementTree(root) @@ -1048,7 +1055,7 @@ class QubesVm(object): for element in root: rule = {} - attr_list = ("address", "netmask", "port", "toport") + attr_list = ("address", "netmask", "proto", "port", "toport") for attribute in attr_list: rule[attribute] = element.get(attribute) @@ -1058,7 +1065,15 @@ class QubesVm(object): else: rule["netmask"] = 32 - rule["portBegin"] = int(rule["port"]) + # For backward compatibility default to tcp + if rule["proto" is None: + rule["proto"] = "tcp" + + if rule["port"] is not None: + rule["portBegin"] = int(rule["port"]) + else: + # backward compatibility + rule["portBegin"] = 0 if rule["toport"] is not None: rule["portEnd"] = int(rule["toport"]) @@ -1821,10 +1836,12 @@ class QubesProxyVm(QubesNetVm): if rule["netmask"] != 32: iptables += "/{0}".format(rule["netmask"]) - if rule["portBegin"] is not None and rule["portBegin"] > 0: - iptables += " -p tcp --dport {0}".format(rule["portBegin"]) - if rule["portEnd"] is not None and rule["portEnd"] > rule["portBegin"]: - iptables += ":{0}".format(rule["portEnd"]) + if rule["proto"] is not None and rule["proto"] != "any": + iptables += " -p {0}".format(rule["proto"]) + if rule["portBegin"] is not None and rule["portBegin"] > 0: + iptables += " --dport {0}".format(rule["portBegin"]) + if rule["portEnd"] is not None and rule["portEnd"] > rule["portBegin"]: + iptables += ":{0}".format(rule["portEnd"]) iptables += " -j {0}\n".format(rules_action) diff --git a/dom0/qvm-tools/qvm-prefs b/dom0/qvm-tools/qvm-prefs index 19ec8727..df3a4636 100755 --- a/dom0/qvm-tools/qvm-prefs +++ b/dom0/qvm-tools/qvm-prefs @@ -82,6 +82,7 @@ def do_list(vm): def set_label(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing label name argument!" + exit (1) label = args[0] if label not in QubesVmLabels: @@ -91,7 +92,6 @@ def set_label(vms, vm, args): exit (1) vm.label = QubesVmLabels[label] - subprocess.check_call (["ln", "-sf", vm.label.icon_path, vm.icon_path]) def set_memory(vms, vm, args): if len (args) != 1: diff --git a/misc/RPM-GPG-KEY-qubes-1-unstable b/misc/RPM-GPG-KEY-qubes-1-unstable new file mode 100644 index 00000000..97d55826 --- /dev/null +++ b/misc/RPM-GPG-KEY-qubes-1-unstable @@ -0,0 +1,31 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.11 (GNU/Linux) + +mQENBE9KHjMBCADgs1Zw+Gag5MXDqAHzVfo/JSJ0q7Oj096l+/TU0/P2qpoF7sTo +uLpDLCfOOSqil7omOKMjn6yl/73RAd4oWIRivJMQKjgD4Tk8qlLI1NrBGhEdwyLm +SZ+7CU79HzahN8w8+l9H978obIN6S0UD36z7su42QnFmKQqT0EnD1NVZpqvq1iKC +0o0TqhZ90QE8YqWxjnbjDkk1mX2K4iHNJJ2mS/r1+4fXqvHzcmSB+vopGGGXxNB7 +fbNM6nI9RTpPecmnfKrqKrXYfHfyaLVUFXf2xZW/V85qq70dmEPi5g3YpRCXadJ+ +wKt1uZvi4xomPCxymHooF9Fplzv9MpKVIDNlABEBAAG0J1F1YmVzIE9TIFJlbGVh +c2UgMSBVbnN0YWJsZSBTaWduaW5nIEtleYkBPgQTAQIAKAUCT0ogagIbAwUJAeEz +gAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ77E0ZaTirKEbpgf8C9zqmkqo +u+dudzcrPPUW12FjK2WAYQd7WNYpBY4wOmvOUkvq68FUJ0mwNyjEkNhvLnrxlMqn +Z9vraqw1m2FwIAJfmbpnvJ6LeldNj/SYbutY9Y320eQDgLDZp5Xk0w6z1+Q1RXVJ +AkU935sXhtmVYVa4Cnk7Su6lG0Une3b5dpE90M5ewehYllqsqmtKIwqbRaBmvM6y +QHVqOJwNNo9XK78r0dKvXigXBObqatwItM2gan2oF0dplwTD//DqjldBzZ4mgrN8 +M/SZtynfTnoV8Yw7+JlsPCHIfcIXXWqJtLhNO3LqFAG6PwJX032eHNSrT+4UWIbP +q8Ccvhbxa7iNabkBDQRPSh4zAQgA7OyPodlWz93OuP8/Bh83dHDd1xV7tXByBDUX +O9am5uGKybcx3V8kBqJXbefds/aem1w2MLtDG+CxDC8Gi5gfNQNeCnIw3mpnZnMU +ZNjtXIn3VfKRyhmaHNvaNZiBzKovfjw152UuMsHfzsSMaWldj5J8oFz+eBthGJTT +uxktijIxHiZ/9RqzJLPMBQ5qRPbpqUn9piWEGxx2c4FbqeEOzzV49rX92adBPmUJ +KBo96vW+L6izE0RcQoTMhicbAqF+K2QUGzy0uTp5+G2V0q5HAfrCMIr1Zx93yuz0 +yQZNNLsGYGnYjrFjYiRpJRBbxerlCdGjlwnfXCk5EKRNuqr5twARAQABiQElBBgB +AgAPBQJPSh4zAhsMBQkB4TOAAAoJEO+xNGWk4qyh33MIAIOS9A0rkmBTPZwAsdJv +sz/J9+8AvfwMisN2sKTfEBTO8kEnSPcBZuau3JxKCGHxaPwXhGmnc9xnz/TY3JCj +6ZUgjgQQ3iT/BJk+h6n4xom9NRw5hn4j4NeIpboC6p6JfcYzZyapUNFmAsrSjakw +RxxpaVLb4moOfYzS7i7JqsEetBwoYAeFZoPYZpo4VH9PUPVAih6psmO/bz6Y8W+/ +tkXzViq15bwPUmDwBzX0nX0T8nQqMl85nCLDM2rVMs/lnVxfJas4QjTfzgeZOHQ6 +0ikGqwlnyWk/oUzUXFV/P7sKAXoOaMSEVHtfSxLjVH0RYsAv6SotjHwPAatrynyp +gYY= +=UROF +-----END PGP PUBLIC KEY BLOCK----- diff --git a/misc/qubes.repo b/misc/qubes.repo index a0417e94..4a763bcb 100644 --- a/misc/qubes.repo +++ b/misc/qubes.repo @@ -14,7 +14,7 @@ enabled=0 [qubes-vm-unstable] name = Qubes OS Repository for VM (unstable) baseurl = http://yum.qubes-os.org/r1/unstable/vm/fc$releasever -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-primary +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-1-unstable gpgcheck = 1 enabled=0 diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index 396db1b6..19bd8ea9 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -232,7 +232,7 @@ if ! [ -e /etc/sysconfig/network ]; then fi # Load evtchn module - xenstored needs it -modprobe evtchn +modprobe evtchn 2> /dev/null || modprobe xen-evtchn service xenstored start if ! [ -e /var/lib/qubes/qubes.xml ]; then