Commit Graph

438 Commits

Author SHA1 Message Date
Marek Marczykowski
1d8222dbdb Remove Fedora-comps.xml
We have now own Qubes-comps.xml, so use it if present.
2013-03-14 00:55:20 +01:00
Marek Marczykowski
e4264f4917 Remove SysV-init scripts
Now dom0 uses SystemD, so init.d scripts no longer needed.
2013-03-13 06:14:07 +01:00
Marek Marczykowski
d9358a91aa Move manpages here from separate repo 2013-03-12 17:02:26 +01:00
Marek Marczykowski
ad2bdf0634 Rename 'version_dom0' -> 'version'
This repository contains only dom0 files now.
2013-03-12 16:50:14 +01:00
Marek Marczykowski
fce0db13c9 move qvm-create-default-dvm to qvm-tools dir 2013-03-12 16:12:23 +01:00
Marek Marczykowski
fcf51c6a6f Remove qclipd - now part of qubes-manager 2013-03-12 16:00:31 +01:00
Marek Marczykowski
844cb21544 Require dmidecode - for qubes-hcl-report tool 2013-03-09 22:20:47 +01:00
Marek Marczykowski
b3c9c74a50 move dispvm files to more meaningful directory 2013-03-08 17:26:55 +01:00
Marek Marczykowski
0e8037deee remove VM files 2013-03-07 05:07:42 +01:00
Marek Marczykowski
f4c37be03a remove qubes-core-libs files - moved to separate repository 2013-03-07 02:54:55 +01:00
Marek Marczykowski
3c3252b2a3 Remove qrexec - moved to separate package 2013-03-07 02:30:03 +01:00
Marek Marczykowski
325cf4b894 forgotten subdir 2013-03-06 18:41:10 +01:00
Marek Marczykowski
ca2a54b2b1 do install files used by dom0 netvm
We don't support dom0 netvm anymore.
2013-03-06 18:38:08 +01:00
Marek Marczykowski
7d07a6cf50 move dom0 files to dom0 subdirectory
Those files are actually common for dom0 and VM, but as we splitted the repos,
move them accordingly.
2013-03-06 18:37:58 +01:00
Marek Marczykowski
8fc805f34a vm/systemd: disable avahi-daemon
Aparently this service have changed name, so make sure it will be disabled also
under new name.
2013-03-03 17:35:54 +01:00
Marek Marczykowski
35e01c4165 dom0/spec: improve PackageKit settings
1. Do not try to tell "no network detected"
2. Do not try to tell "Distribution upgrade detected - Fedora 16"
2013-03-01 01:36:05 +01:00
Marek Marczykowski
d89bdac58c dom0: create volatile.img if not exists (StandaloneVM case)
StandaloneVM have no template to get clean volatile.img. Normally it is copied
from template during VM creation, but it can happen that image would not extx
(e.g. after backup restore). So create it from scratch.

Stay with original approach (restoring from clean image of template) for other
cases as it is much simpler (and perhaps faster).
2013-02-27 05:29:27 +01:00
Marek Marczykowski
d12e532fc2 vm: Use nautilus-actions to provide "Copy to other AppVM" etc nautilus commands
No more ugly symlink creation at VM startup, nautilus-actions have system-wide
dir (in opposite to nautilus-scripts).

Currently old symlinks are not cleaned up. Maybe it should, but leaving them
have one advantage: will not break existing users behavior.
2013-02-21 16:44:16 +01:00
Marek Marczykowski
8d347cb455 vm/spec: mark some config files with %config(noreplace)
Do mark such critical files, which shouldn't be modified by the user.
2013-02-21 07:25:47 +01:00
Marek Marczykowski
9310f398d5 dom0/spec: own qubes python subdir 2013-02-21 04:32:55 +01:00
Marek Marczykowski
b214fa6f9d dom0: Scale icons to 48x48
We register them as 48px icons, so scale them to that size (originally 600px).
Specifically required by gui-daemon which require prescalled icon.
2013-02-19 01:05:22 +01:00
Marek Marczykowski
cd4c62fc42 dom0/systemd: disable xendomains.service 2013-02-13 16:55:07 +01:00
Marek Marczykowski
0e39e961ea dom0/systemd: Rename qubes-dispvm to qubes-setupdvm
This is more accurate name. Also "qubes-setupdvm" is already used in
some places, so change service name instead of changing that places (at
least qubes-core.service).
2013-02-13 16:52:38 +01:00
Marek Marczykowski
eb5ba60da7 vm/spec: force legacy iptables services 2013-02-12 01:38:30 +01:00
Marek Marczykowski
22a0d391c2 vm: revert /etc/yum.conf exclude config
Upgrade of kernel is suppressed by qubes-vm-kernel-placeholder package.
Excluding xorg packages makes more problems than goods (e.g. unable to
install dummy driver, block fedora bugfixes).
2013-02-12 01:38:30 +01:00
Marek Marczykowski
0936152e12 vm/systemd: disable NetworkManager-wait-online when NM inactive 2013-02-12 01:38:30 +01:00
Marek Marczykowski
268cbfdc84 vm: require net-tools
Needed to setup network in VM
2013-02-12 01:38:30 +01:00
Marek Marczykowski
07d7957caa dom0: install PolicyKit allow-all rules
Same purpose as sudo rule - the user already can do almost all
administrative tasks and access all VMs data, so do disable annoying
password prompt (eg at system shutdown), which do not add any real
security layer.
2013-02-12 01:38:29 +01:00
Marek Marczykowski
1579340802 vm: move polkit configs from qubes-gui-vm package 2013-02-12 01:38:29 +01:00
Marek Marczykowski
d2dc386997 vm/kernel-placeholder: update provided version
Some fc18 packages requires >3.5 kernel, so update kernel-placeholder
appropriate (according to newest available package in unstable
repository).
2013-02-12 01:38:29 +01:00
Marek Marczykowski
b8ccfd6e2e dom0/init: implement systemd unit files
They cover standard init.d scripts when system have systemd, so can be placed
both in one package.
2013-01-27 00:04:40 +01:00
Marek Marczykowski
d99ebe043c dom0/updates: add groups definition from fc18 2013-01-26 23:58:44 +01:00
Marek Marczykowski
75fc222545 dom0/dracut: support new dracut module interface 2013-01-25 03:09:18 +01:00
Marek Marczykowski
c5ae049e3b Revert "dom0/spec: fix HVM settings on upgrade"
This reverts commit 4b44f977db.
This doesn't actually fix the problem, because in %post new qubes.py is already
installed and maxmem=memory is no longer true.
2013-01-11 15:28:55 +01:00
Marek Marczykowski
4b44f977db dom0/spec: fix HVM settings on upgrade
HVM should have meminfo-writer disabled by default (and now have). But existing
VMs have it already enabled so it must be fixed now. Generic HVM isn't capable
of dynamic memory management.

Previously it was forced to always have maxmem=memory but it wasn't fully
correct because someone could install Qubes agents/PV drivers including
meminfo-writer and xen-balloon even in HVM so it should be possible to turn it.
2013-01-11 05:05:44 +01:00
Olivier Medoc
6d6c744f2c vm/qubes_rpc: implement qubes.WaitForSession
RPC call will be used in vm.start function instead of the hardcoded echo > /tmp/qubes-session-waiter
2013-01-11 01:12:23 +01:00
Marek Marczykowski
0b078a5e70 qubes-core-vm-kernel-placeholder 1.0-2 2013-01-04 13:23:48 +01:00
Marek Marczykowski
74054b4dda vm/kernel-placeholder: provide xorg-x11-drv-nouveau to resolve deps problem 2013-01-04 13:23:20 +01:00
Marek Marczykowski
554d119fae spec: generate proper debuginfo packages
%setup macro must be present in %prep to set variables required by
find-debuginfo script. Symlink is to place sources in nice
/usr/src/debug/%{name}-%{version} subdir instead of plain /usr/src/debug/core
(which can be ambiguous).
Additionally all packages need to have _builddir pointing at top src dir (in
core-dom0 it was dom0 subdir). And to cheat make about current dir (to have
%{name}-%{version} included in path) chdir must be done by shell, not make - so
can't use make -C.
2012-12-12 04:12:59 +01:00
Marek Marczykowski
02e7469be3 spec: do not build u2mfn not packaged in core-dom0 and core-vm
This is packages in core-libs, so build it only there.
2012-12-12 04:10:41 +01:00
Marek Marczykowski
e75d2fc57a vm/spec: do not remote 50-qubes_misc.rules during installation 2012-11-22 08:22:52 +01:00
Marek Marczykowski
19983edc3c vm: setup /dev/xen/evtchn permissions using udev rule
This works also when the device is recreated, which is the case in DispVM
(during xl restore).
2012-11-22 00:51:18 +01:00
Marek Marczykowski
3a3e265d1d vm: load dummy-hcd module to suppress libusb bug
libusb crashes when no USB controller is present, load dummy-hcd as workaround.
2012-11-19 17:52:16 +01:00
Marek Marczykowski
0a6e95225a vm: remove qubes-upgrade-vm after upgrade 2012-11-15 21:38:39 +01:00
Marek Marczykowski
629038e76d spec: extract core libs from qubes-core-vm
This libs are required by both dom0 and VM so it's better to have it
separately. Previously in VM it was separate package, but dom0 have them
embedded in qubes-core-dom0, but qubes-core-vm-libs package was used to build
qubes-gui-dom0. Now we do not build all packages for all distros (especially do
not build core-vm package for dom0 distro, so gui-dom0 build fails), so make it
explicit which package is needed by which system.
2012-11-14 13:12:51 +01:00
Marek Marczykowski
504b37e378 dom0/spec: remove obsoleted patch_appvm_initramfs.sh
For a long time dracut module is used instead.
2012-11-13 03:45:12 +01:00
Marek Marczykowski
67e9a785fb spec: fix compilation order 2012-11-08 00:02:13 +01:00
Marek Marczykowski
f45e6c92c5 spec: add missing 'make' call 2012-11-07 18:05:17 +01:00
Marek Marczykowski
cb31b333ae vm/spec: fix NotShowIn entries in autostart desktop files 2012-11-03 05:22:03 +01:00
Marek Marczykowski
7fec0fd6f3 dom0/updates: include pkg groups metadata from Fedora 13
This will allow calls like "qubes-dom0-update @XFCE"
2012-10-23 05:47:09 +02:00
Marek Marczykowski
e9025d3690 dom0/spec: fix file permissions in package 2012-10-23 05:46:25 +02:00
Marek Marczykowski
a432b729fa vm/qvm-usb: include vusb-ctl in VM package 2012-10-23 05:45:47 +02:00
Alexandre Bezroutchko
b2a784d35f adjust rpm spec file to cover compiled python files 2012-10-21 20:59:17 +02:00
Alexandre Bezroutchko
5d4cf00899 dvp/qvm-usb: converted installer scripts into RPM 2012-10-21 15:10:40 +02:00
Marek Marczykowski
e35b413c19 dom0/spec: add R: python-lxml for pretty print 2012-10-19 02:21:41 +02:00
Marek Marczykowski
d03bab3db2 Merge branch 'master-for-hvm' into hvm
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-sync-clock
2012-10-04 05:45:41 +02:00
Marek Marczykowski
490a5e9e1a vm/spec: fix adding yum-proxy configuration
Do not add entry if already present.
2012-10-04 05:44:20 +02:00
Bruce A Downs
d19a3cce99 vm: Added 'most recently used' feature to 'copy to vm' dialog
* replaced zenity to qvm-mru-entry in qubes_rpc/qvm-copy-to-vm.gnome
* added python script qubes_rpc/qvm-mru-entry
* added /usr/bin/qvm-mru-entry to rpm_spec/core-vm.spec
2012-10-04 05:44:19 +02:00
Bruce A Downs
dba7d94fba vm/spec: mod to core-vm.spec to add test for files
core rpm was failing during uninstall attempting to move non-existent files
* /var/lib/qubes/fstab.orig
* /var/lib/qubes/serial.orig
2012-10-04 05:44:19 +02:00
Marek Marczykowski
303d4ab042 dom0/iptables: block IPv6 traffic
Dom0 is network isolated anyway, but apply also firewall in case of use
qubes-dom0-network-via-netvm.
2012-10-04 05:44:19 +02:00
Marek Marczykowski
9c3f8417d4 vm/iptables: block IPv6 traffic
This isn't properly handled by Qubes VMs yet, so block it in all the VMs.
Also restrict access to firewall config.
2012-10-04 05:44:19 +02:00
Marek Marczykowski
9519d843d8 dom0/spec: mark qrexec policy as config files
Prevent override on upgrade, when user makes some own changes (especially
"always allow" feature).
2012-10-04 05:44:18 +02:00
Marek Marczykowski
6419fea4ce vm/spec: fix adding yum-proxy configuration
Do not add entry if already present.
2012-10-04 05:29:10 +02:00
Marek Marczykowski
4e2f47d95c dom0/spec: mark qrexec policy as config files
Prevent override on upgrade, when user makes some own changes (especially
"always allow" feature).
2012-08-27 00:53:58 +02:00
Marek Marczykowski
c0455ac641 Merge branch 'master' into hvm
Conflicts:
	dom0/qvm-tools/qvm-create
	version_dom0
2012-08-23 11:11:59 +02:00
Marek Marczykowski
a98020eca7 dom0+vm/qfile-copy: use setuid instead of policy setting to allow chroot
This will allow to not hardcode "root" username in policy, which can be useful
for non-Linux systems.
2012-08-18 21:17:07 +02:00
Marek Marczykowski
9b3a77bc1d dom0: move RPC services to separate directory (#654)
This makes more clear which code have contact with untrusted data from VM.
2012-08-16 16:56:16 +02:00
Marek Marczykowski
a67bf1f1c0 Merge branch 'master' into hvm 2012-08-06 15:00:02 +02:00
Marek Marczykowski
fa17c541af dom0: cleanup dead DispVMs at system startup (#648) 2012-08-04 00:57:34 +02:00
Marek Marczykowski
e6c8bf81fd Merge branch 'master' into hvm
Conflicts:
	version_dom0
2012-08-01 00:55:05 +02:00
Marek Marczykowski
b7d2667b1d vm/kernel-placeholder: simplify upgrade 2012-07-30 23:16:05 +02:00
Marek Marczykowski
d1b827e1bd Merge branch 'master' into hvm
Conflicts:
	dom0/init.d/qubes_core
	rpm_spec/core-dom0.spec
	version_dom0
2012-07-25 02:52:00 +02:00
Marek Marczykowski
b691f57bbf vm: kernel-placeholder package to inhibit real kernel pkg in VM (#645)
Some packages depends on kernel (ex fuse, pulseaudio), but kernel in VM is
managed by dom0. Any hack like exlude or so on will break some things, so
install empty placeholder package to fulfill dependencies.
2012-07-23 23:17:50 +02:00
Marek Marczykowski
f98bf1d570 dom0: fix dirs permissions after xen upgrade 2012-07-20 13:08:18 +02:00
Marek Marczykowski
38e8b85b06 dom0: fix dirs permissions after xen upgrade 2012-07-18 12:46:36 +02:00
Marek Marczykowski
0f6f445ece Revert "vm/spec: disable pam_systemd globally (#607)" (#626)
This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626).

Conflicts:

	rpm_spec/core-vm.spec
2012-07-16 13:36:08 +02:00
Marek Marczykowski
eeabd3b371 Revert "vm/spec: disable pam_systemd globally (#607)" (#626)
This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626).

Conflicts:

	rpm_spec/core-vm.spec
2012-07-16 12:49:41 +02:00
Marek Marczykowski
d9291ab2b4 dom0/appmenus: Rename dir entry for ServiceVMs (#627) 2012-07-15 02:41:23 +02:00
Marek Marczykowski
06ba3f6e49 vm: implement qubes.GetAppmenus to reduce code duplication
As one-liner services are now real one-line, just do it.
2012-07-15 02:41:23 +02:00
Marek Marczykowski
20f6c6c6dc vm: simplify qubes.VMShell service
Now additional wrapper not required to skip cmdline argument
2012-07-15 02:41:23 +02:00
Marek Marczykowski
b6b50b6fea dom0/appmenus: Rename dir entry for ServiceVMs (#627) 2012-07-15 02:26:17 +02:00
Marek Marczykowski
1c096ec65c vm: implement qubes.GetAppmenus to reduce code duplication
As one-liner services are now real one-line, just do it.
2012-07-15 02:26:09 +02:00
Marek Marczykowski
15d5a1205d vm: simplify qubes.VMShell service
Now additional wrapper not required to skip cmdline argument
2012-07-15 02:04:17 +02:00
Marek Marczykowski
906332ea40 vm: export SuspendPre and SuspendPost qrexec services (#617)
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
2012-07-13 14:44:11 +02:00
Marek Marczykowski
6d6f43fb4e vm: export SuspendPre and SuspendPost qrexec services (#617)
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
2012-07-13 14:40:52 +02:00
Marek Marczykowski
718f5c2bdb vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package (#620) 2012-07-12 14:22:44 +02:00
Marek Marczykowski
b92bb698be vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package (#620) 2012-07-12 14:21:44 +02:00
Marek Marczykowski
954b4e6947 vm/systemd: disable additional useless services (#620)
Most of them relay on direct network acces, which isn't true on Qubes.
2012-07-12 03:56:09 +02:00
Marek Marczykowski
ca7ec2aa57 vm/spec: remove dupplicated commnds, suppress error message 2012-07-12 03:56:09 +02:00
Marek Marczykowski
00778cacea dom0/spec: suppress unnecessary messages during package upgrade 2012-07-12 03:56:09 +02:00
Marek Marczykowski
6aeaa7b036 vm/systemd: disable additional useless services (#620)
Most of them relay on direct network acces, which isn't true on Qubes.
2012-07-12 03:54:41 +02:00
Marek Marczykowski
212d4227c8 vm/spec: remove dupplicated commnds, suppress error message 2012-07-12 03:54:41 +02:00
Marek Marczykowski
f0d55138d3 dom0/spec: suppress unnecessary messages during package upgrade 2012-07-12 03:54:34 +02:00
Marek Marczykowski
302191edec vm/spec: disable pam_systemd only in trigger
The %post part is unnecessary.
2012-07-09 15:54:33 +02:00
Marek Marczykowski
c1f5377b1d vm/spec: disable pam_systemd only in trigger
The %post part is unnecessary.
2012-07-09 15:52:42 +02:00
Marek Marczykowski
8b2be6b693 dom0/spec: remove some udev rules from system (#605) 2012-07-05 01:43:32 +02:00
Marek Marczykowski
c4888add66 vm: disable D-Bus activation of NetworkManager (#610) 2012-07-05 01:43:32 +02:00
Marek Marczykowski
b834e2c5a7 vm/spec: disable pam_systemd globally (#607)
Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by
authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to
be much more realiable.
2012-07-05 01:43:32 +02:00
Marek Marczykowski
3ccc43ede2 dom0/spec: remove some udev rules from system (#605) 2012-07-05 01:40:38 +02:00
Marek Marczykowski
725e724044 vm: disable D-Bus activation of NetworkManager (#610) 2012-07-05 01:33:22 +02:00