Commit Graph

481 Commits

Author SHA1 Message Date
Marek Marczykowski
71c4ca8804 vm/spec: fix enabling of qubes-firewall SysV service 2012-06-26 03:30:06 +02:00
Marek Marczykowski
0008e71784 dom0: appmenu to start Firefox in new DispVM (#594) 2012-06-24 14:09:43 +02:00
Marek Marczykowski
f53ebfc3cd vm: RPC service for NTP time sync (#603) 2012-06-23 00:37:47 +02:00
Marek Marczykowski
8e61660687 vm: RPC service for NTP time sync (#603) 2012-06-22 22:22:57 +02:00
Marek Marczykowski
288dcc562e vm: enable yum-qubes-hooks plugin (#592) 2012-06-11 22:35:44 +02:00
Marek Marczykowski
5354249102 vm: enable yum-qubes-hooks plugin (#592) 2012-06-08 00:34:11 +02:00
Marek Marczykowski
01ca42b5c4 vm/spec: create firmware symlink only when needed
On new systems, like FC16+, firmware is provided by separate package (like
linux-firmware), so no longer need to get it from kernel package.
2012-06-06 03:02:58 +02:00
Marek Marczykowski
4463701bf3 vm/spec: depend on ethtool _package_ 2012-06-06 03:02:58 +02:00
Marek Marczykowski
ad6bfe3ca1 vm/spec: create firmware symlink only when needed
On new systems, like FC16+, firmware is provided by separate package (like
linux-firmware), so no longer need to get it from kernel package.
2012-06-06 03:00:05 +02:00
Marek Marczykowski
4911ca7eb9 vm/spec: depend on ethtool _package_ 2012-06-06 02:59:07 +02:00
Marek Marczykowski
79f13d6c66 vm: yum plugin to notify dom0 about installed updates (#592) 2012-06-05 21:21:53 +02:00
Marek Marczykowski
ea08560e43 makefile: rename vchan Makefile to not conflict with windows build 2012-06-05 21:21:53 +02:00
Marek Marczykowski
8023c66020 vm: yum plugin to notify dom0 about installed updates (#592) 2012-06-05 19:28:59 +02:00
Marek Marczykowski
dd60d3da95 makefile: rename vchan Makefile to not conflict with windows build 2012-06-02 12:32:49 +02:00
Marek Marczykowski
1f194cbe08 dom0: block_cleaner: removes ejected devices from xenstore
When device is ejected by some VM (state=6, effectively inactive), it should be
removed from xenstore to free slot for some another device. This should be done
by libxl toolstack, but not implemented in xen 4.1 - AFAIR done in xen 4.2.
2012-06-01 20:59:45 +02:00
Marek Marczykowski
4bac57818e vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy (#568)
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
 - usage of non-standard repos with some exotic file layout, which will be
   blocked by the proxy
 - usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)

This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).
2012-05-31 03:11:44 +02:00
Marek Marczykowski
96508abf2c vm: qubes-yum-proxy service (#568)
Introduce proxy service, which allow only http(s) traffic to yum repos. The
filter rules are based on URL regexp, so it isn't full-featured content
inspection and can be easy bypassed, but should be enough to prevent some
erroneus user actions (like clicking on invalid link).

It is set up to intercept connections to 10.137.255.254:8082, so VM can connect
to this IP regardless of VM in which proxy is running. By default it is
started in every NetVM, but this can be changed using qvm-service or
qubes-manager (as always).
2012-05-31 03:11:43 +02:00
Marek Marczykowski
341fbe012c vm/spec: remove executable perm where not needed 2012-05-31 03:11:43 +02:00
Marek Marczykowski
edc3518ec9 vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy (#568)
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
 - usage of non-standard repos with some exotic file layout, which will be
   blocked by the proxy
 - usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)

This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).
2012-05-31 03:05:13 +02:00
Marek Marczykowski
b2cfd73691 vm: qubes-yum-proxy service (#568)
Introduce proxy service, which allow only http(s) traffic to yum repos. The
filter rules are based on URL regexp, so it isn't full-featured content
inspection and can be easy bypassed, but should be enough to prevent some
erroneus user actions (like clicking on invalid link).

It is set up to intercept connections to 10.137.255.254:8082, so VM can connect
to this IP regardless of VM in which proxy is running. By default it is
started in every NetVM, but this can be changed using qvm-service or
qubes-manager (as always).
2012-05-31 03:04:11 +02:00
Marek Marczykowski
a953e56042 vm/spec: remove executable perm where not needed 2012-05-31 02:21:15 +02:00
Marek Marczykowski
b4aa6c6ddc vm/spec: fix /etc/hosts if it was broken by previous version 2012-05-08 23:45:00 +02:00
Marek Marczykowski
0ebd1d0de6 vm/spec: fix /etc/hosts if it was broken by previous version 2012-05-08 23:44:07 +02:00
Marek Marczykowski
950d848ede vm: notify dom0 when updates available in VM (#475) 2012-05-02 00:09:00 +02:00
Marek Marczykowski
370ad33c44 dom0: provide service for VM to notify about updates availability (#475) 2012-05-02 00:09:00 +02:00
Marek Marczykowski
9c7ab91491 dom0: remove unused reset_vm_configs.py 2012-05-02 00:09:00 +02:00
Marek Marczykowski
af1f88755d vm: notify dom0 when updates available in VM (#475) 2012-05-01 01:14:04 +02:00
Marek Marczykowski
fa41bf840c dom0: provide service for VM to notify about updates availability (#475) 2012-05-01 01:12:19 +02:00
Marek Marczykowski
366e405df0 dom0: remove unused reset_vm_configs.py 2012-04-30 13:29:01 +02:00
Marek Marczykowski
f05605eccc dom0/spec: fix spec for qmemman.conf 2012-03-29 16:18:00 +02:00
Marek Marczykowski
7bee34dfb0 dom0/spec: fix spec for qmemman.conf 2012-03-29 16:17:10 +02:00
Marek Marczykowski
71b98f9d95 dom0/qmemman: add support for config file 2012-03-28 00:47:26 +02:00
Marek Marczykowski
2e6e9bfab9 dom0/qmemman: add support for config file 2012-03-28 00:21:01 +02:00
Marek Marczykowski
ba6c682254 dom0/rpm-spec: fix xenconsoled setup
XENCONSOLED_LOG_GUESTS was erroneously replaced by XENCONSOLED_LOG_HYPERVISOR.
So to config fresh systems and broken by prevoius version, remove any
XENCONSOLED_LOG_ entries and add correct one at the config end.
2012-03-11 21:14:52 +01:00
Marek Marczykowski
e77bdf63db dom0/rpm-spec: fix xenconsoled setup
XENCONSOLED_LOG_GUESTS was erroneously replaced by XENCONSOLED_LOG_HYPERVISOR.
So to config fresh systems and broken by prevoius version, remove any
XENCONSOLED_LOG_ entries and add correct one at the config end.
2012-03-11 21:12:49 +01:00
Marek Marczykowski
a58259a171 Merge branch 'master' into hvm
Conflicts:
	version_dom0
	version_vm
2012-03-09 10:19:34 +01:00
Marek Marczykowski
0b142fb040 vm/init.d: make firewall and netwatcher service consistent with systemd 2012-03-09 01:50:18 +01:00
Marek Marczykowski
a717b3755e Merge branch 'master' into hvm
Conflicts:
	dom0/qvm-core/qubes.py
2012-03-06 02:21:52 +01:00
Marek Marczykowski
db043c84bc dom0/sysconfig: load and setup cpufreq-xen if present
Required for suspend on Core i5 with pvops kernel.
2012-03-05 12:44:08 +01:00
Marek Marczykowski
91ec015486 dom0/sysconfig: enable xenconsoled logging 2012-03-05 12:31:15 +01:00
Marek Marczykowski
25b57bab88 dom0/appmenus: Create "Start" appmenu for HVM domains 2012-03-02 01:56:50 +01:00
Marek Marczykowski
63f3537f98 dom0/spec: require xen-hvm package for stubdom 2012-03-01 10:57:34 +01:00
Joanna Rutkowska
0e0fe6a3d9 Merge branch 'master' of git://git.qubes-os.org/marmarek/core into hvm 2012-02-27 13:30:14 +01:00
Marek Marczykowski
067fb100a1 dom0/modules: support for pvops modules in dom0 2012-02-25 14:04:06 +01:00
Marek Marczykowski
3ad50b58e7 dom0/spec: include HVM config template in rpm 2012-02-24 04:53:15 +01:00
Marek Marczykowski
b422bf8b2f dom0/pm-utils: fix scripts order according to pm-utils docs (#443) 2012-02-09 11:31:41 +01:00
Marek Marczykowski
73e63d9998 dom0/spec: include qubes-* tools in rpm (#421) 2012-02-07 12:31:44 +01:00
Marek Marczykowski
70db6b0fc9 vm/mimeopen: save mimetype defaults for DispVM (#423) 2012-02-06 19:08:08 +01:00
Marek Marczykowski
a4a9632a5a vm/spec: fix file permissions 2012-02-06 12:58:02 +01:00
Marek Marczykowski
b87fff44c4 dom0/clock: sync clock using new qubes-sync-clock from cron (#435, #429) 2012-02-01 17:39:20 +01:00
Marek Marczykowski
4c78a9cb7f dom0/spec: require cron daemon (#429) 2012-01-30 16:27:12 +01:00
Marek Marczykowski
31fd953377 vm/spec: do not complain about missing serial.conf 2012-01-30 14:22:35 +01:00
Marek Marczykowski
ad75f3c99e vm/network: symlink NetworkManager system-connection to /rw (#425)
In FC15, NetworkManager by default uses global connections ("Available to all users"). Save them in /rw instead of /etc, to preserve them across reboots.
2012-01-30 14:20:02 +01:00
Marek Marczykowski
f8562f8e1c vm/spec: hide diagnostics from systemctl 2012-01-18 17:24:04 +01:00
Marek Marczykowski
83cde6e841 vm: enable qubes-firewall (#424) 2012-01-18 13:37:31 +01:00
Marek Marczykowski
351b413f74 spec: fix build order 2012-01-15 17:36:22 +01:00
Marek Marczykowski
1e2ca857cc vm/systemd: enable ntpd and NetworkManager services 2012-01-14 01:40:54 +01:00
Marek Marczykowski
b5f691da1c vm/systemd: add some package requirements according to Fedora documentation 2012-01-14 01:40:10 +01:00
Marek Marczykowski
7dbb3fe5b0 vm: disable some autostart applications 2012-01-14 01:39:43 +01:00
Marek Marczykowski
f581fad6fd vm: disable silent automatic update *installation* in FC15 (#415)
Do not silently download and install updates, especially in NonUpdateableVM.
2012-01-14 01:37:22 +01:00
Marek Marczykowski
cf591a4cd5 vm/init: introduce SystemD startup scripts 2012-01-10 12:10:16 +01:00
Marek Marczykowski
11055f7162 vm/spec: split SysV init scripts into separate subpackage 2012-01-10 12:09:09 +01:00
Marek Marczykowski
95edff2ac2 vm/spec: add Obsoletes header for smooth upgrade 2012-01-10 11:23:27 +01:00
Marek Marczykowski
adc0b6eff5 vm(+dom0): major rearrage VM files in repo; merge core-*vm packages 2012-01-06 21:31:12 +01:00
Marek Marczykowski
9c40e23af2 vm: disable cron also using systemctl
This is needed for FC15
2011-12-30 23:53:46 +01:00
Marek Marczykowski
0cab96ad6d vm/qvm-block: do not disable qubes block udev rules (#393) 2011-12-26 21:01:31 +01:00
Marek Marczykowski
0d32a533e7 vm/yum-repo: Use $releasever in repo definition
Instead of multiple files with only release version different.
2011-12-12 03:35:22 +01:00
Marek Marczykowski
a3f2496a27 vm/spec: more precise blacklisting updates of xorg (#381) 2011-12-05 13:50:07 +01:00
Marek Marczykowski
8a09f45bd8 dom0: and do not include xenfreepages in rpm... 2011-11-02 20:13:26 +01:00
Marek Marczykowski
ede96353af dom0/qrexec: Add always allow option in qrexec confirmation dialog (#278) 2011-10-12 00:08:28 +02:00
Marek Marczykowski
9152bf6652 dom0/spec: disable prelink service 2011-10-07 21:28:26 +02:00
Marek Marczykowski
3876cf4070 dom0/dom0-updates: check for dom0 updates from cron (#354) 2011-10-07 21:28:16 +02:00
Marek Marczykowski
8d855aa958 dom0+vm/qvm-block: automatically detach device when physical dev removed (#226)
This will work when device is unmounted. On mounted device backend will be
removed (after 3s timeout), but frontend will left in "closing" state - manual
'xl block-detach' will be needed.
2011-09-30 10:42:56 +02:00
Marek Marczykowski
111d807ae0 dom0: include qubesutils in rpm package (#226) 2011-09-30 10:42:56 +02:00
Marek Marczykowski
6b885bd361 dom0+vm: expose block devices info in xenstore (#226) 2011-09-29 13:56:06 +02:00
Marek Marczykowski
801e113c06 vm: minor fixes for Fedora 15
1. create /var/run/qubes as /var/run is now on tmpfs
2. if system-d is present - use it to disable NetworkManager
2011-09-27 01:37:09 +02:00
Marek Marczykowski
72bc213980 vm/spec: do not use chown in %install - it will not work as unprivileged user 2011-09-25 15:18:48 +02:00
Marek Marczykowski
27ca0f878c rpm spec: do not mark files with %dir 2011-09-22 01:16:32 +02:00
Marek Marczykowski
9f14be6eed dom0: sync dom0 clock more frequent; start it from init.d script 2011-09-15 14:43:02 +02:00
Marek Marczykowski
633b21bb26 dom0: do not sync rpmdb with UpdateVM after each pkg installation
This doesn't make sense sice at every qvm-dom0-update we begin with sync rpmdb.
Also this allow embedding sync_rpmdb_updatevm.sh into qvm-dom0-update.
2011-09-15 13:37:34 +02:00
Marek Marczykowski
e4e661ac51 dom0: reduce watching tool to dom0 clock sync only
Do not watch for updates for now, it will be implemented later.
2011-09-15 13:32:06 +02:00
Marek Marczykowski
855664e6e5 dom0+vm: use qubes_download_dom0_updates.sh instead of qubes_check_for_updates.sh
Remove code duplication. Implemented required --check-only option to
qubes_download_dom0_updates.sh.
2011-09-15 00:18:56 +02:00
Joanna Rutkowska
2de02b7a6c vm: update symlinks in Nautilus Scripts menu
This is important for older templates that got upgraded to new core packages,
which renamed some of the tools by removing the '2' suffix.
2011-09-14 19:32:47 +02:00
Marek Marczykowski
cf7bc53cc7 dom0 spec: cleanup old entries from /etc/yum.conf before adding new one
Fix whitespaces in sed.
2011-09-14 00:47:24 +02:00
Joanna Rutkowska
aa1f6f63cf version 1.6.21-dom0 2011-09-09 14:49:53 +02:00
Marek Marczykowski
dbf7225232 version 1.6.20-2 dom0 2011-09-08 23:00:46 +02:00
Marek Marczykowski
13127749bf dom0: fix do-not-upgrade-kernel yum.conf entry 2011-09-08 14:26:31 +02:00
Marek Marczykowski
a1fc75a58b vm: automatically online added memory
This is needed to increase memory size above initial value on pvops kernel.
Should not harm xenlinux version.
2011-09-06 01:12:21 +02:00
Marek Marczykowski
d9cd2467b0 vm: get rid of "2" from qvm-* names (#340) 2011-09-03 17:12:24 +02:00
Joanna Rutkowska
16a46f9a9c Use proper dracut module and conf files...
... instead of the ugly and incompatible /usr/share/qubes/regenerate_initramfs.sh script
2011-09-02 16:55:39 +02:00
Rafal Wojtczuk
9fa0072215 qvm-open-in-*: recognize when the parameter is an url
and wrap it in html meta refresh tag, so that it will be opened by
the default browser.
2011-08-29 17:27:48 +02:00
Rafal Wojtczuk
a4708ae9b6 qrexec: implement qvm-run command for AppVMs
It is build upon qrexec2, qubes.VMShell command. So, in order to e.g.
start firefox in a fresh dispVM, do
qvm-run '$dispvm' firefox http://www.qubes-os.org
2011-08-29 16:46:44 +02:00
Joanna Rutkowska
9f15bfbeb3 dom0: require gnome-packagekit 2011-08-02 13:08:35 +02:00
Joanna Rutkowska
708263bec4 Revert "Dom0: use kpackagekit for updates GUI"
This reverts commit 94c0f6c9d3.

Kpackagekit is not so nice-behaving as gpk-update-viewer is,
e.g. it complains there are is no network connectivity, and, perhaps
as a result, doesn't display the list of avilable updates.
2011-08-02 13:01:42 +02:00
Joanna Rutkowska
94c0f6c9d3 Dom0: use kpackagekit for updates GUI 2011-08-01 16:07:53 +02:00
Joanna Rutkowska
dfa2777272 dom0: do not require NetworkManager 2011-07-30 12:33:35 +02:00
Joanna Rutkowska
5932699d8f vm: Fix modules blacklisting 2011-07-30 11:30:21 +02:00
Joanna Rutkowska
4dde8f8661 vm: Blacklist unnecessary packge updates 2011-07-30 11:15:47 +02:00
Joanna Rutkowska
71209b5b39 Merge branch 'prebeta2' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-07-30 11:01:23 +02:00
Rafal Wojtczuk
3df2e9783d dispvm: when updating savefile on demand, present zenity progress bar 2011-07-26 16:36:59 +02:00
Joanna Rutkowska
2c2b7111eb sony-vaio-fixes v1.6.1
* display quirks no longer needed for 2.6.38 kernel
* i8042.nopnp no longer needed for 2.6.38 kernel
2011-07-17 14:15:14 +02:00
Marek Marczykowski
182e1ccf2b dom0: watch for updates from dom0 (#198)
Additionally synchronize clock every 6h. This is started by xdg-autostart (not
qvm-core) to have running Xorg - needed to prompt user for updates download.
2011-07-17 01:20:13 +02:00
Marek Marczykowski
1e27219734 vm: move dom0-updates dir to core-appvm package (#198)
At core-commonvm installation stage "user" can no exists.
2011-07-17 01:20:13 +02:00
Marek Marczykowski
f24897ae56 vm: Split updates check and download into separate scripts (#198) 2011-07-17 01:20:13 +02:00
Marek Marczykowski
8121e80db0 dom0: script for initrd regeneration (#7) 2011-07-15 12:52:01 +02:00
Marek Marczykowski
8a933a76ec dom0: Fix appmenu-select desktop file name (#266) 2011-07-12 19:46:00 +02:00
Marek Marczykowski
7f940cefde dom0: load pciback module (#252) 2011-07-09 20:43:27 +02:00
Marek Marczykowski
371fdf5884 Merge branch 'qrexec2' of git://git.qubes-os.org/rafal/core 2011-07-09 16:52:54 +02:00
Marek Marczykowski
cd4e4f5ddd vm: fix udev rules for VM network hotplug 2011-07-09 16:52:51 +02:00
Rafal Wojtczuk
243d488d99 qrexec: package qubes.SyncAppMenus files 2011-07-06 16:27:09 +02:00
Rafal Wojtczuk
6366db0ab6 qrexec: adjust updates fetching to the new qrexec api 2011-07-06 14:44:40 +02:00
Rafal Wojtczuk
d46150b8d3 qrexec: adjust appmenu syncing to the new qrexec api 2011-07-06 14:09:36 +02:00
Rafal Wojtczuk
7d79a15c4b qrexec: support for rpc with dom0 as target 2011-07-06 13:56:57 +02:00
Rafal Wojtczuk
2fdf9761c7 qrexec: adjust DispVM code to the new qrexec API
Note, we have qvm-open-in-vm totally for free.
2011-07-06 12:32:20 +02:00
Rafal Wojtczuk
b7e8c2708c qrexec: adjust intervm file copy code to the new qrexec API 2011-07-06 10:17:58 +02:00
Rafal Wojtczuk
ecf200dca3 qrexec: last two missing pieces of the new rpc infrastructure 2011-07-05 18:35:03 +02:00
Rafal Wojtczuk
9c7eb81a23 qrexec: add qrexec_client_vm.c 2011-07-05 11:03:31 +02:00
Marek Marczykowski
11a96f70de vm: Load evtchn module by script in /etc/sysconfig/modules 2011-07-02 19:11:15 +02:00
Marek Marczykowski
180d7ed68e dom0: Allow multiple versions of kernel-qubes-vm installed 2011-06-30 01:18:39 +02:00
Marek Marczykowski
f447a458f2 dom0+vm: Update VM kernel mechanism (#242)
Get kernel from global kernels dir (/var/lib/qubes/vm-kernels), not per-VM. Can
be configured by qvm-prefs (kernel parameter).
New tool: qvm-set-default-kernel

For backward compatibility kernel=None means kernel in VM dir (kernels subdir).
(possibly empty) modules.img should be created in it.
2011-06-30 01:07:47 +02:00
Marek Marczykowski
42cab54520 dom0: include missing vm-template.conf in rpm package 2011-06-23 23:23:45 +02:00
Marek Marczykowski
21222cc859 dom0: start xenstored service in %post
This is required by qvm-init-storage and in general to qvm-* works properly.
2011-06-23 20:04:27 +02:00
Marek Marczykowski
151b15bb8c dom0: Edit xl.conf in %post instead of overriding file (rpm file conflict) 2011-06-23 14:39:17 +02:00
Marek Marczykowski
d9d7a69c27 dom0+vm: Tools for downloading dom0 update by VM (#198)
Mainly 4 parts:
 - scripts for providing rpmdb and yum repos to VM (choosen by qvm-set-updatevm)
 - VM script for downloading updates (qubes_download_dom0_updates.sh)
 - qfile-dom0-unpacker which receive updates, check signatures and place its in dom0 local yum repo
 - qvm-dom0-upgrade which calls all of above and after all yum gpk-update-viewer

Besides qvm-dom0-upgrade, updates are checked every 6h and user is prompted if
want to download it. At dom0 side gpk-update-icon (disabled yet) should notice
new updates in "local" repo.
2011-06-22 00:44:48 +02:00
Marek Marczykowski
6d9fdf4729 dom0: Add shortcut qubes-appmenu-select ("Add more shortcuts...") for each VM (#45) 2011-06-12 01:47:15 +02:00
Marek Marczykowski
83d211836a dom0+vm: Trigger appmenus sync after yum transaction (#45), NEW QREXEC COMMAND
After yum transaction (install/upgrade/remove),
yum-plugin-post-transaction-actions will execute script which trigger
qvm-sync-appmenus in dom0 (through qrexec).
THIS INTRODUCE NEW PREDEFINED COMMAND IN QREXEC
2011-06-12 01:46:24 +02:00
Marek Marczykowski
a4d1a21b46 dom0: qvm-sync-appmenus - copy *directory.template when needed 2011-06-11 23:09:55 +02:00
Marek Marczykowski
0ffb186681 vm: add -qubes suffix to xenstore-watch to not conflict with xen standard tool 2011-06-07 15:58:55 +02:00
Marek Marczykowski
ae6d2ac70c dom0: include xl.conf in qubes-core-dom0 package
Disable autoballoon (qmemman will handle it) and specify lock file location
writable by user.
2011-06-07 15:58:55 +02:00
Marek Marczykowski
62111845ea dom0: set memlock limit to unlimited for qubes users
Needed to 'xl create' work
2011-06-07 15:58:54 +02:00
Marek Marczykowski
c789121f84 dom0: migrate from xend to libxl stack - qvm-core
This is core part of migration. Things not migrated yet:
 - DispVM (qubes_restore needs to be almost rewritten)
 - VM xen config files should be fixed (use "script:" prefix in block device description, perhaps generate this files on VM start)

Huge, slow xend not needed any more, now it conflicts with libxl
2011-06-01 23:59:53 +02:00
Marek Marczykowski
986f4a888c Merge branch 'r1-beta1-fixes'
Conflicts:
	dom0/qvm-core/qubes.py
	version_dom0
	version_vm
2011-05-24 00:20:39 +02:00
Marek Marczykowski
bb073c3cdb vm: Remove root password to allow easy escalation from UI application (#202)
Ex. gpk-application needs this to work properly while running from user. When
root password is set - polkit-daemon asks for it (according to polkit setting).
2011-05-12 19:15:24 +02:00
Joanna Rutkowska
8c218c38a7 core-dom0-vaio-fixes is now a separate package
Also fixes to postun scripts to properly handle updates
2011-05-10 11:14:41 +02:00
Marek Marczykowski
1891954f71 Revert "Run nm-applet as normal user"
This reverts commit 2f5b6e6582.

Dbus policy hacking not needed any more. ConsoleKit session is correctly started.
2011-04-29 02:32:55 +02:00
Marek Marczykowski
655f13e2ec Configure VM network iface on attach (not only on boot) (#190) 2011-04-23 02:31:54 +02:00
Marek Marczykowski
0b66804a7b Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core 2011-04-21 23:56:41 +02:00
Tomasz Sterna
47fea4258c We do not want to have StandaloneVM and UtilityVM types. 2011-04-20 00:56:58 +02:00
Marek Marczykowski
1e923e3cb5 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-04-19 09:32:45 +02:00
Marek Marczykowski
d3c96d12bf Rename try 2... 2011-04-19 01:42:42 +02:00
Marek Marczykowski
860bab5662 Rename xenstore-watch to xenstore-watch-qubes
Xen 4.1.0 provides own xenstore-watch with diffrent args. We can't use it by
default, because we still support xen 3.4.
2011-04-19 01:38:07 +02:00
Tomasz Sterna
4a0d6b03c6 Disable unnecessary Upstart, Init and XDG Autostart serices. #209
Move unneded /etc/init/*.conf services to /etc/init/*.conf.disabled.
Start CUPS only in AppVM and UtilityVM.
Start XDG Autostart applications only in domains that makes sense for them.
2011-04-19 00:11:45 +02:00
Joanna Rutkowska
95488dc59e Pass --level 5 for chkconfigs in core-dom0 post 2011-04-11 14:47:02 +02:00
Joanna Rutkowska
ce7fa7474f vaio_fixes: pass special option to snd-hda-intel module (required to get sound on Vaio Z) 2011-04-11 11:35:25 +02:00
Marek Marczykowski
ba07c11237 Create ~/.local/share dir, as gnote requires it. 2011-04-10 22:12:04 +02:00
Joanna Rutkowska
35bd7db647 Do not restart qubes core in Xen triggers
This is an attempt to figure out why qubes-core-dom0 update still
causes VM restart...?
2011-04-08 23:33:52 +02:00
Joanna Rutkowska
ddd8dabe12 vaio-fixes: automaitcally add i8042.nopnp kernel arg to grub
This is needed to get Sony Vaio Z touchpad working
2011-04-08 23:18:28 +02:00
Joanna Rutkowska
4062683ef4 Revert "Removed qubes_setupdvm script from package"
This reverts commit 8ddb8593cb.

Actually we need this script...
2011-04-08 22:57:11 +02:00
Joanna Rutkowska
9f1c226e17 vaio-fixes rpm requires alsa-utils 2011-04-08 22:52:49 +02:00
Joanna Rutkowska
f6d4f86edc Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
Conflicts:
	rpm_spec/core-dom0.spec
2011-04-07 19:39:42 +02:00
Marek Marczykowski
a610ec51d0 Automaticaly start qubes_guid for all VMs when user logon
This is needed ex for NetVM, which is started without qubes_guid
2011-04-07 19:23:23 +02:00
Joanna Rutkowska
ae9288dd5c Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-07 14:21:06 +02:00
Marek Marczykowski
2f5b6e6582 Run nm-applet as normal user
Configuration for D-Bus policy and PolicyKit to allow this.
2011-04-07 14:11:00 +02:00
Joanna Rutkowska
2230e67a39 Optional package with suspend fixes for Vaio Z laptops 2011-04-07 13:34:17 +02:00
Marek Marczykowski
4d3b9b0654 Disable gpk-update-icon autostart 2011-04-07 12:40:19 +02:00
Marek Marczykowski
83c877189d Revert password removal for root and user
It will require some additional work with ConsoleKit...
2011-04-07 12:39:10 +02:00
Marek Marczykowski
8047ec780a Remove passwords prompts for user and root (#202) 2011-04-06 23:04:42 +02:00
Joanna Rutkowska
3da9b107d6 Corrected syntax error in core-dom0 spec 2011-04-06 15:15:20 +02:00
Joanna Rutkowska
126fca97c3 Use different repo files depending on %{dist} tag (#197) 2011-04-06 13:59:43 +02:00
Joanna Rutkowska
e01b29dd76 Do not restart VMs during core-dom0 upgrade (#191) 2011-04-06 13:27:01 +02:00
Joanna Rutkowska
c80a1c18ac Add qubes group to suders that can do everything
(The file in /etc/sudoers.d/ cannot have '.' in its name!)
2011-04-05 18:01:03 +02:00
Joanna Rutkowska
6aff6d3e2d Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core 2011-04-05 14:28:35 +02:00
Tomasz Sterna
8ddb8593cb Removed qubes_setupdvm script from package 2011-04-04 22:20:41 +02:00
Joanna Rutkowska
a83e8c2d2d commonvm: Update repo info, use local RPM keys 2011-04-04 11:27:48 +02:00
Joanna Rutkowska
2f278b8647 Do not try to disable 3rd party services in qubes-core-dom0 %post
Leavit to the installer (firstboot).
2011-04-04 00:53:16 +02:00
Joanna Rutkowska
0e61bead87 Do not restart netvms when upgrading qubes-core-dom0 (#175) 2011-04-04 00:52:00 +02:00
Joanna Rutkowska
0104e0eac0 core-dom0 should not add qubes.repo -- this is a task of qubes-release package and installer 2011-04-03 17:05:59 +02:00
Joanna Rutkowska
57d33eea3c Add qvm-copy-to-vm2.gnome to core-appvm rpm 2011-03-31 13:35:36 +02:00
Joanna Rutkowska
d157fe950a Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-03-31 13:30:05 +02:00
Marek Marczykowski
212fd13957 Stop only NM on suspend. (#146)
Also remove ip_forward setting from sysctl, so NM will not reset it on restart
2011-03-31 00:19:41 +02:00
Joanna Rutkowska
4eaa03d80f Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-03-30 17:37:49 +02:00
Rafal Wojtczuk
6104af2b2c Implemented console qvm-copy-to-vm
It waits for the copy to finish, and is capable of killer
progress indicator.
2011-03-30 17:25:57 +02:00
Rafal Wojtczuk
8e2aa6c825 Renamed qvm-copy-to-vm2 to qvm-trigger-copy-to-vm
The new name describes the task of the script better.
2011-03-30 16:48:48 +02:00
Rafal Wojtczuk
9e9fd4c9ba core-appvm.spec: create /home/user/.gnome2/nautilus-scripts
And symlinks in it that will be visible in "scripts" context
menu of nautilus.
2011-03-30 12:37:47 +02:00
Joanna Rutkowska
23f4806c7d Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-03-29 13:25:07 +02:00
Marek Marczykowski
c2e0a84c22 Add 01qubes-suspend-netvm to rpm (#146) 2011-03-29 12:39:01 +02:00
Joanna Rutkowska
b1394a1b6a Add BuildRequires: xen-devel 2011-03-29 11:02:29 +02:00
Rafal Wojtczuk
df9549a7db Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge 2011-03-28 17:28:24 +02:00
Tomasz Sterna
01b7d9aafc Create needed NetworkManager.conf in netvm. #94
Also fixed qubes_fix_nm_conf.sh script.
2011-03-26 11:33:04 +01:00
Marek Marczykowski
d87265851c Merge branch 'spring-merge' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core 2011-03-24 16:43:13 -04:00
Marek Marczykowski
f1a8887d11 Merge branch 'master' of git://git.qubes-os.org/joanna/core 2011-03-24 16:41:49 -04:00
Rafal Wojtczuk
57fd6c49bb Removed obsolete code, dom0 side
Just like the previous commit, it is related to switch to
qrexec-based file copy.
2011-03-24 17:18:10 +01:00
Rafal Wojtczuk
769213e019 Removed obsolete code, in appvm. 2011-03-24 17:13:21 +01:00
Joanna Rutkowska
e2efae5286 Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-03-24 11:51:43 +01:00
Rafal Wojtczuk
2d37b3e508 Create a separate package with libraries. 2011-03-24 11:39:44 +01:00
Joanna Rutkowska
2c7478dab8 Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-03-24 10:17:15 +01:00
Rafal Wojtczuk
fac1b78ec0 One more build order fix. 2011-03-24 10:03:39 +01:00
Marek Marczykowski
5f4fcedf55 Merge branch 'master' of git://git.qubes-os.org/joanna/core 2011-03-23 20:12:13 -04:00
Marek Marczykowski
b95dd0fcaa Enable build on appvm. 2011-03-23 19:55:35 -04:00
Rafal Wojtczuk
01b75b5987 Enable build on non-appvm. 2011-03-23 17:47:35 +01:00
Joanna Rutkowska
30df10cf18 Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-03-23 17:15:15 +01:00
Rafal Wojtczuk
0b208e8664 Move libs and /var/run/qubes out of qubes-netvm
They are already in core-appvm package.
2011-03-23 11:48:06 +01:00
Rafal Wojtczuk
5350e5cc5b move qrexec_agent out of core-netvm.spec
It is already in core-appvm.
2011-03-23 11:46:53 +01:00
Rafal Wojtczuk
488eda21d9 Merge branch 'blockless' into spring-merge
Conflicts:
	appvm/Makefile
	appvm/qubes_core
	netvm/qubes_core
	rpm_spec/core-appvm.spec
	rpm_spec/core-netvm.spec
2011-03-21 13:54:35 +01:00
Joanna Rutkowska
4c5d9f56c7 Tag RPMs with dist info 2011-03-16 19:14:42 +01:00
Rafal Wojtczuk
4087b1d052 Package qvm-copy-to-vm2*, too. 2011-03-16 16:47:32 +01:00
Marek Marczykowski
1892bef66f Require xen 3.4.3-6 with fixed /etc/xen/scripts/block 2011-03-16 11:32:51 -04:00
Marek Marczykowski
1c505589c1 Move xenstore-watch for VM from AppVM to common. Add to core-common.spec 2011-03-16 11:41:18 +01:00
Marek Marczykowski
01a1aeb403 Do not try to disable 'reboot' service 2011-03-16 11:41:18 +01:00
Marek Marczykowski
33ed1ecad8 Drop forced fedora version from requires 2011-03-16 11:41:18 +01:00
Marek Marczykowski
2818f6dfe1 Move xenstore-watch for VM from AppVM to common. Add to core-common.spec 2011-03-15 19:47:26 +01:00
Rafal Wojtczuk
84b1a186ff Added qfile-unpacker and qfile-daemon 2011-03-15 16:43:43 +01:00
Rafal Wojtczuk
f0a7620449 Package qfile-agent-dvm, too. 2011-03-15 16:19:42 +01:00
Rafal Wojtczuk
b8d983cfa9 Added qfile-agent 2011-03-15 16:07:00 +01:00
Rafal Wojtczuk
6b6e6b7520 Added new qvm-open-in-dvm, aka qvm-open-in-dvm2
Small, childless bash script.
2011-03-14 11:25:18 +01:00
Rafal Wojtczuk
5d3c43e4fa created qfile-daemon-dvm
Mostly code from qfilexchgd; it will be removed soon.
2011-03-14 10:43:09 +01:00
Marek Marczykowski
b04b36af2c Register VM services also on update 2011-03-11 23:42:49 +01:00
Marek Marczykowski
3d845e4f61 Add qubes_netwatcher to proxyvm spec 2011-03-11 23:33:15 +01:00
Marek Marczykowski
de5e06e462 Remove duplicated entry in core-dom0.spec 2011-03-11 02:02:13 +01:00
Marek Marczykowski
08b4490b91 NetVM, AppVM, ProxyVM from single template - VM side (missing files...) 2011-03-11 01:42:42 +01:00
Marek Marczykowski
c7a832a279 NetVM, AppVM, ProxyVM from single template - VM side
Modify VM packages to:
- do not conflicts
- starts services if its VM type need it

Added core-proxyvm (firewall) and core-commonvm (common parts) packages.
2011-03-11 01:38:04 +01:00
Rafal Wojtczuk
c2214e854c Added dvm_file_editor.
It works with qrexec - reads/writes data from stdin/stdout.
2011-03-10 16:50:40 +01:00
Marek Marczykowski
7e29c397aa Add 30-qubes_external_ip to netvm.spec 2011-03-10 16:09:37 +01:00
Marek Marczykowski
a21e0d37c6 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core
Conflicts:
	dom0/qvm-core/qubes.py
2011-03-10 16:05:48 +01:00
Rafal Wojtczuk
f1a7df6e95 Implemented mechanism to trigger predefined execution in dom0.
Processes in AppVM can ask qrexec-agent to send a
MSG_AGENT_TO_SERVER_TRIGGER_EXEC message to qrexec-daemon.
The latter will execute predefined program. It is useful for
the purpose of file copy; the predefined program will create
a connected qfile-daemon<->qfile-agent pair.
2011-03-10 15:41:31 +01:00
Tomasz Sterna
a71b846ee2 Added FirewallVM related VM scripts 2011-03-09 20:50:13 +01:00
Rafal Wojtczuk
f263aa6b7c Moved vchan and u2mfn code to core. 2011-03-08 12:24:47 +01:00
Marek Marczykowski
bef584c248 Restore rev 1 in core-dom0.spec 2011-03-06 14:06:24 +01:00
Tomasz Sterna
167c30aa6e Start xend and xenstored during package installation 2011-03-06 14:06:24 +01:00
Marek Marczykowski
d1cfcac49c Add BR to core-appvm.spec 2011-03-06 14:06:24 +01:00
Rafal Wojtczuk
b98dffc965 qrexec* tools, initial version 2011-03-04 16:32:58 +01:00
Marek Marczykowski
e104f82e36 Update TemplateVM with running AppVM: part 1
snapshot and origin device type for xen
2011-02-26 03:42:55 +01:00
Tomasz Sterna
8ca63ba176 Start xend and xenstored during package installation 2011-02-11 00:34:46 +01:00
Rafal Wojtczuk
b3511c678a Use "conflict" instead of "requires gui" in rpm spec. 2010-11-18 14:33:18 +01:00
Joanna Rutkowska
1e7c66337c Require gui-dom0 >= 1.1.13 that knows it doesn't own /var/{log,run}/qubes dirs 2010-10-06 14:16:27 +02:00
Rafal Wojtczuk
28880cae52 Merged triggers. 2010-10-06 13:08:17 +02:00
Rafal Wojtczuk
1f5300da85 Move /var/log/qubes and /var/run/qubes to qubes-core rpm from qubes-gui
Because /var/log/qubes is used in qubes-core %post. While at it, do the same with
/var/run/qubes.
2010-10-06 11:00:52 +02:00
Rafal Wojtczuk
7c1babe8aa Do not error when qvm-get-default-netvm returns empty string.
It happens when installing qubes-core-dom0 for the first time.
2010-10-06 10:55:32 +02:00
Joanna Rutkowska
28e1f962e5 core dom0 rpm: restart qubes_netvm only when using netvm in Dom0
If we use a separate netvm, then core update in Dom0 doesn't really change the networking,
worse, if we restarted netvm it would get another XID, which would break our DispVM savefile.

One day we should fix it!
2010-10-04 17:51:01 +02:00
Joanna Rutkowska
bbe085711d Restart qubes_core after Xen update
This is needed to re-set qubes permissions on some Xen sockets
2010-10-04 15:25:58 +02:00
Joanna Rutkowska
e1c0aa6eef dom0 rpm: start/stop qubes services for install/update 2010-10-04 14:21:14 +02:00
Rafal Wojtczuk
28fbb48845 Attach/detach pci devices from netvm upon resume/suspend 2010-09-30 18:22:26 +02:00
Rafal Wojtczuk
acac39ec41 rpmbuild wants pyo files in %files 2010-09-27 17:41:03 +02:00
Rafal Wojtczuk
90e3f4ffd8 Add reset_vm_configs.py script 2010-09-27 16:58:02 +02:00
Joanna Rutkowska
67537316cb core-dom0.rpm: Always do %post, not only when installing for the 1st time 2010-09-23 12:42:43 +02:00
Rafal Wojtczuk
0217dba40e Completed dvm->setupdvm name transition 2010-09-22 10:24:57 +02:00
Rafal Wojtczuk
e13e5027c3 qubes_dvm init.d script
We want to set up a default dvm if needed at boot time; for this,
the default netvm must have been already started. Therefore, we
need a qubes_dvm script, that executes after qubes_netvm.
2010-09-21 21:46:11 +02:00
Joanna Rutkowska
71baae50cb Merge branch 'ticket4' of git://qubes-os.org/rafal/core 2010-09-17 17:30:36 +02:00
Rafal Wojtczuk
e1de26f79a Require NetworkManager >= 0.8.1-1
Unfortunately, config files layout changes with NM version; therefore
require >= 0.8.1-1.
This should also prevent NM from messing with VIF interfaces on suspend/resume.
2010-09-17 15:16:01 +02:00
Joanna Rutkowska
ec988f9385 core-appvm.spec: create 'user' user in %pre instead of in %post
... otherwsie rpm -i throws an error when trying to set permissions for
/home_volatile/user, as the user 'user' doesn't exist when the %files section
is being processed during rpm install (if this is a first install of the rpm).
2010-09-15 15:33:09 +02:00
Joanna Rutkowska
9b8c018bc2 Merge branch 'qmemman' of git://qubes-os.org/rafal/core 2010-09-13 15:05:13 +02:00
Rafal Wojtczuk
1239643c73 Tell Network Manager to keep hands off vif interfaces
...somehow indirectly, by specifying the mac; unfortunately I do not
see any other way.
2010-09-07 13:18:08 +02:00
Rafal Wojtczuk
31e7e96056 Switch to routed VM network (instead of bridging)
No headache from layer 2 attacks.
2010-09-06 17:07:42 +02:00
Rafal Wojtczuk
64e8013dc2 Unify dom0 and netvm sysconfig/iptables
Plus:
- dedicated chain for DNAT to nameservers
- prevent intervm networking. Can be conveniently overriden in necessary cases
by inserting ACCEPT clauses (per VM, probably) at the top of FORWARD
2010-09-06 15:10:01 +02:00
Rafal Wojtczuk
1c337db989 qmemman: make meminfo-writer a C program 2010-09-03 16:23:09 +02:00
Rafal Wojtczuk
62487c0f1e Memory management across VMs, first release 2010-08-30 11:40:19 +02:00
Rafal Wojtczuk
4cf0a61858 Before restoring DVM, check for available xen memory
As we already do xm mem-set 0 800 in qubes_core, this is a
correct check. Now, there should be no errors from qubes_restore
in normal circumstances.
2010-07-27 16:08:09 +02:00
Rafal Wojtczuk
aa894b5700 qvm-create-default-dvm script 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
d46bf2a270 Pathnames cleanup
Move internal scripts to /usr/lib/qubes plus a couple of similar.
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
11b8a0409f DVM: execute user script before save
qubes_prepare_saved_domain.sh now takes optional second argument, the
filename. The content of the file will be copied (via xenstore) to DVM
and executed just before save. This makes it possible to preload memory
with useful apps.
2010-07-21 12:57:02 +02:00