Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,145 Commits 1 Branch 0 Tags 15 MiB
02e7469be3
Commit Graph

57 Commits

Author SHA1 Message Date
Marek Marczykowski
02e7469be3 spec: do not build u2mfn not packaged in core-dom0 and core-vm 
This is packages in core-libs, so build it only there.
 2012-12-12 04:10:41 +01:00
Marek Marczykowski
e75d2fc57a vm/spec: do not remote 50-qubes_misc.rules during installation 2012-11-22 08:22:52 +01:00
Marek Marczykowski
19983edc3c vm: setup /dev/xen/evtchn permissions using udev rule 
This works also when the device is recreated, which is the case in DispVM
(during xl restore).
 2012-11-22 00:51:18 +01:00
Marek Marczykowski
3a3e265d1d vm: load dummy-hcd module to suppress libusb bug 
libusb crashes when no USB controller is present, load dummy-hcd as workaround.
 2012-11-19 17:52:16 +01:00
Marek Marczykowski
0a6e95225a vm: remove qubes-upgrade-vm after upgrade 2012-11-15 21:38:39 +01:00
Marek Marczykowski
629038e76d spec: extract core libs from qubes-core-vm 
This libs are required by both dom0 and VM so it's better to have it
separately. Previously in VM it was separate package, but dom0 have them
embedded in qubes-core-dom0, but qubes-core-vm-libs package was used to build
qubes-gui-dom0. Now we do not build all packages for all distros (especially do
not build core-vm package for dom0 distro, so gui-dom0 build fails), so make it
explicit which package is needed by which system.
 2012-11-14 13:12:51 +01:00
Marek Marczykowski
cb31b333ae vm/spec: fix NotShowIn entries in autostart desktop files 2012-11-03 05:22:03 +01:00
Marek Marczykowski
a432b729fa vm/qvm-usb: include vusb-ctl in VM package 2012-10-23 05:45:47 +02:00
Alexandre Bezroutchko
5d4cf00899 dvp/qvm-usb: converted installer scripts into RPM 2012-10-21 15:10:40 +02:00
Marek Marczykowski
d03bab3db2 Merge branch 'master-for-hvm' into hvm 
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-sync-clock
 2012-10-04 05:45:41 +02:00
Marek Marczykowski
490a5e9e1a vm/spec: fix adding yum-proxy configuration 
Do not add entry if already present.
 2012-10-04 05:44:20 +02:00
Bruce A Downs
d19a3cce99 vm: Added 'most recently used' feature to 'copy to vm' dialog 
* replaced zenity to qvm-mru-entry in qubes_rpc/qvm-copy-to-vm.gnome
* added python script qubes_rpc/qvm-mru-entry
* added /usr/bin/qvm-mru-entry to rpm_spec/core-vm.spec
 2012-10-04 05:44:19 +02:00
Bruce A Downs
dba7d94fba vm/spec: mod to core-vm.spec to add test for files 
core rpm was failing during uninstall attempting to move non-existent files
* /var/lib/qubes/fstab.orig
* /var/lib/qubes/serial.orig
 2012-10-04 05:44:19 +02:00
Marek Marczykowski
9c3f8417d4 vm/iptables: block IPv6 traffic 
This isn't properly handled by Qubes VMs yet, so block it in all the VMs.
Also restrict access to firewall config.
 2012-10-04 05:44:19 +02:00
Marek Marczykowski
6419fea4ce vm/spec: fix adding yum-proxy configuration 
Do not add entry if already present.
 2012-10-04 05:29:10 +02:00
Marek Marczykowski
a98020eca7 dom0+vm/qfile-copy: use setuid instead of policy setting to allow chroot 
This will allow to not hardcode "root" username in policy, which can be useful
for non-Linux systems.
 2012-08-18 21:17:07 +02:00
Marek Marczykowski
b691f57bbf vm: kernel-placeholder package to inhibit real kernel pkg in VM (#645) 
Some packages depends on kernel (ex fuse, pulseaudio), but kernel in VM is
managed by dom0. Any hack like exlude or so on will break some things, so
install empty placeholder package to fulfill dependencies.
 2012-07-23 23:17:50 +02:00
Marek Marczykowski
0f6f445ece Revert "vm/spec: disable pam_systemd globally (#607)" (#626) 
This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626).

Conflicts:

	rpm_spec/core-vm.spec
 2012-07-16 13:36:08 +02:00
Marek Marczykowski
06ba3f6e49 vm: implement qubes.GetAppmenus to reduce code duplication 
As one-liner services are now real one-line, just do it.
 2012-07-15 02:41:23 +02:00
Marek Marczykowski
20f6c6c6dc vm: simplify qubes.VMShell service 
Now additional wrapper not required to skip cmdline argument
 2012-07-15 02:41:23 +02:00
Marek Marczykowski
906332ea40 vm: export SuspendPre and SuspendPost qrexec services (#617) 
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
 2012-07-13 14:44:11 +02:00
Marek Marczykowski
718f5c2bdb vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package (#620) 2012-07-12 14:22:44 +02:00
Marek Marczykowski
954b4e6947 vm/systemd: disable additional useless services (#620) 
Most of them relay on direct network acces, which isn't true on Qubes.
 2012-07-12 03:56:09 +02:00
Marek Marczykowski
ca7ec2aa57 vm/spec: remove dupplicated commnds, suppress error message 2012-07-12 03:56:09 +02:00
Marek Marczykowski
302191edec vm/spec: disable pam_systemd only in trigger 
The %post part is unnecessary.
 2012-07-09 15:54:33 +02:00
Marek Marczykowski
c4888add66 vm: disable D-Bus activation of NetworkManager (#610) 2012-07-05 01:43:32 +02:00
Marek Marczykowski
b834e2c5a7 vm/spec: disable pam_systemd globally (#607) 
Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by
authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to
be much more realiable.
 2012-07-05 01:43:32 +02:00
Marek Marczykowski
0006ebdaff vm/spec: fix enabling NetworkManager SystemD service 2012-06-26 03:43:36 +02:00
Marek Marczykowski
a6c7d0efbe vm/spec: fix error messages 2012-06-26 03:43:36 +02:00
Marek Marczykowski
da63af599c vm/spec: fix enabling of qubes-firewall SysV service 2012-06-26 03:43:36 +02:00
Marek Marczykowski
f53ebfc3cd vm: RPC service for NTP time sync (#603) 2012-06-23 00:37:47 +02:00
Marek Marczykowski
288dcc562e vm: enable yum-qubes-hooks plugin (#592) 2012-06-11 22:35:44 +02:00
Marek Marczykowski
ad6bfe3ca1 vm/spec: create firmware symlink only when needed 
On new systems, like FC16+, firmware is provided by separate package (like
linux-firmware), so no longer need to get it from kernel package.
 2012-06-06 03:00:05 +02:00
Marek Marczykowski
4911ca7eb9 vm/spec: depend on ethtool _package_ 2012-06-06 02:59:07 +02:00
Marek Marczykowski
79f13d6c66 vm: yum plugin to notify dom0 about installed updates (#592) 2012-06-05 21:21:53 +02:00
Marek Marczykowski
ea08560e43 makefile: rename vchan Makefile to not conflict with windows build 2012-06-05 21:21:53 +02:00
Marek Marczykowski
4bac57818e vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy (#568) 
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
 - usage of non-standard repos with some exotic file layout, which will be
   blocked by the proxy
 - usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)

This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).
 2012-05-31 03:11:44 +02:00
Marek Marczykowski
96508abf2c vm: qubes-yum-proxy service (#568) 
Introduce proxy service, which allow only http(s) traffic to yum repos. The
filter rules are based on URL regexp, so it isn't full-featured content
inspection and can be easy bypassed, but should be enough to prevent some
erroneus user actions (like clicking on invalid link).

It is set up to intercept connections to 10.137.255.254:8082, so VM can connect
to this IP regardless of VM in which proxy is running. By default it is
started in every NetVM, but this can be changed using qvm-service or
qubes-manager (as always).
 2012-05-31 03:11:43 +02:00
Marek Marczykowski
341fbe012c vm/spec: remove executable perm where not needed 2012-05-31 03:11:43 +02:00
Marek Marczykowski
0ebd1d0de6 vm/spec: fix /etc/hosts if it was broken by previous version 2012-05-08 23:44:07 +02:00
Marek Marczykowski
950d848ede vm: notify dom0 when updates available in VM (#475) 2012-05-02 00:09:00 +02:00
Marek Marczykowski
0b142fb040 vm/init.d: make firewall and netwatcher service consistent with systemd 2012-03-09 01:50:18 +01:00
Marek Marczykowski
70db6b0fc9 vm/mimeopen: save mimetype defaults for DispVM (#423) 2012-02-06 19:08:08 +01:00
Marek Marczykowski
a4a9632a5a vm/spec: fix file permissions 2012-02-06 12:58:02 +01:00
Marek Marczykowski
31fd953377 vm/spec: do not complain about missing serial.conf 2012-01-30 14:22:35 +01:00
Marek Marczykowski
ad75f3c99e vm/network: symlink NetworkManager system-connection to /rw (#425) 
In FC15, NetworkManager by default uses global connections ("Available to all users"). Save them in /rw instead of /etc, to preserve them across reboots.
 2012-01-30 14:20:02 +01:00
Marek Marczykowski
f8562f8e1c vm/spec: hide diagnostics from systemctl 2012-01-18 17:24:04 +01:00
Marek Marczykowski
83cde6e841 vm: enable qubes-firewall (#424) 2012-01-18 13:37:31 +01:00
Marek Marczykowski
351b413f74 spec: fix build order 2012-01-15 17:36:22 +01:00
Marek Marczykowski
1e2ca857cc vm/systemd: enable ntpd and NetworkManager services 2012-01-14 01:40:54 +01:00