Commit Graph

598 Commits

Author SHA1 Message Date
Joanna Rutkowska
e2efae5286 Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-03-24 11:51:43 +01:00
Rafal Wojtczuk
2d37b3e508 Create a separate package with libraries. 2011-03-24 11:39:44 +01:00
Joanna Rutkowska
2c7478dab8 Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-03-24 10:17:15 +01:00
Rafal Wojtczuk
fac1b78ec0 One more build order fix. 2011-03-24 10:03:39 +01:00
Marek Marczykowski
5f4fcedf55 Merge branch 'master' of git://git.qubes-os.org/joanna/core 2011-03-23 20:12:13 -04:00
Marek Marczykowski
b95dd0fcaa Enable build on appvm. 2011-03-23 19:55:35 -04:00
Rafal Wojtczuk
01b75b5987 Enable build on non-appvm. 2011-03-23 17:47:35 +01:00
Joanna Rutkowska
30df10cf18 Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-03-23 17:15:15 +01:00
Rafal Wojtczuk
0b208e8664 Move libs and /var/run/qubes out of qubes-netvm
They are already in core-appvm package.
2011-03-23 11:48:06 +01:00
Rafal Wojtczuk
5350e5cc5b move qrexec_agent out of core-netvm.spec
It is already in core-appvm.
2011-03-23 11:46:53 +01:00
Rafal Wojtczuk
488eda21d9 Merge branch 'blockless' into spring-merge
Conflicts:
	appvm/Makefile
	appvm/qubes_core
	netvm/qubes_core
	rpm_spec/core-appvm.spec
	rpm_spec/core-netvm.spec
2011-03-21 13:54:35 +01:00
Joanna Rutkowska
4c5d9f56c7 Tag RPMs with dist info 2011-03-16 19:14:42 +01:00
Rafal Wojtczuk
4087b1d052 Package qvm-copy-to-vm2*, too. 2011-03-16 16:47:32 +01:00
Marek Marczykowski
1892bef66f Require xen 3.4.3-6 with fixed /etc/xen/scripts/block 2011-03-16 11:32:51 -04:00
Marek Marczykowski
1c505589c1 Move xenstore-watch for VM from AppVM to common. Add to core-common.spec 2011-03-16 11:41:18 +01:00
Marek Marczykowski
01a1aeb403 Do not try to disable 'reboot' service 2011-03-16 11:41:18 +01:00
Marek Marczykowski
33ed1ecad8 Drop forced fedora version from requires 2011-03-16 11:41:18 +01:00
Marek Marczykowski
2818f6dfe1 Move xenstore-watch for VM from AppVM to common. Add to core-common.spec 2011-03-15 19:47:26 +01:00
Rafal Wojtczuk
84b1a186ff Added qfile-unpacker and qfile-daemon 2011-03-15 16:43:43 +01:00
Rafal Wojtczuk
f0a7620449 Package qfile-agent-dvm, too. 2011-03-15 16:19:42 +01:00
Rafal Wojtczuk
b8d983cfa9 Added qfile-agent 2011-03-15 16:07:00 +01:00
Rafal Wojtczuk
6b6e6b7520 Added new qvm-open-in-dvm, aka qvm-open-in-dvm2
Small, childless bash script.
2011-03-14 11:25:18 +01:00
Rafal Wojtczuk
5d3c43e4fa created qfile-daemon-dvm
Mostly code from qfilexchgd; it will be removed soon.
2011-03-14 10:43:09 +01:00
Marek Marczykowski
b04b36af2c Register VM services also on update 2011-03-11 23:42:49 +01:00
Marek Marczykowski
3d845e4f61 Add qubes_netwatcher to proxyvm spec 2011-03-11 23:33:15 +01:00
Marek Marczykowski
de5e06e462 Remove duplicated entry in core-dom0.spec 2011-03-11 02:02:13 +01:00
Marek Marczykowski
08b4490b91 NetVM, AppVM, ProxyVM from single template - VM side (missing files...) 2011-03-11 01:42:42 +01:00
Marek Marczykowski
c7a832a279 NetVM, AppVM, ProxyVM from single template - VM side
Modify VM packages to:
- do not conflicts
- starts services if its VM type need it

Added core-proxyvm (firewall) and core-commonvm (common parts) packages.
2011-03-11 01:38:04 +01:00
Rafal Wojtczuk
c2214e854c Added dvm_file_editor.
It works with qrexec - reads/writes data from stdin/stdout.
2011-03-10 16:50:40 +01:00
Marek Marczykowski
7e29c397aa Add 30-qubes_external_ip to netvm.spec 2011-03-10 16:09:37 +01:00
Marek Marczykowski
a21e0d37c6 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core
Conflicts:
	dom0/qvm-core/qubes.py
2011-03-10 16:05:48 +01:00
Rafal Wojtczuk
f1a7df6e95 Implemented mechanism to trigger predefined execution in dom0.
Processes in AppVM can ask qrexec-agent to send a
MSG_AGENT_TO_SERVER_TRIGGER_EXEC message to qrexec-daemon.
The latter will execute predefined program. It is useful for
the purpose of file copy; the predefined program will create
a connected qfile-daemon<->qfile-agent pair.
2011-03-10 15:41:31 +01:00
Tomasz Sterna
a71b846ee2 Added FirewallVM related VM scripts 2011-03-09 20:50:13 +01:00
Rafal Wojtczuk
f263aa6b7c Moved vchan and u2mfn code to core. 2011-03-08 12:24:47 +01:00
Marek Marczykowski
bef584c248 Restore rev 1 in core-dom0.spec 2011-03-06 14:06:24 +01:00
Tomasz Sterna
167c30aa6e Start xend and xenstored during package installation 2011-03-06 14:06:24 +01:00
Marek Marczykowski
d1cfcac49c Add BR to core-appvm.spec 2011-03-06 14:06:24 +01:00
Rafal Wojtczuk
b98dffc965 qrexec* tools, initial version 2011-03-04 16:32:58 +01:00
Marek Marczykowski
e104f82e36 Update TemplateVM with running AppVM: part 1
snapshot and origin device type for xen
2011-02-26 03:42:55 +01:00
Tomasz Sterna
8ca63ba176 Start xend and xenstored during package installation 2011-02-11 00:34:46 +01:00
Rafal Wojtczuk
b3511c678a Use "conflict" instead of "requires gui" in rpm spec. 2010-11-18 14:33:18 +01:00
Joanna Rutkowska
1e7c66337c Require gui-dom0 >= 1.1.13 that knows it doesn't own /var/{log,run}/qubes dirs 2010-10-06 14:16:27 +02:00
Rafal Wojtczuk
28880cae52 Merged triggers. 2010-10-06 13:08:17 +02:00
Rafal Wojtczuk
1f5300da85 Move /var/log/qubes and /var/run/qubes to qubes-core rpm from qubes-gui
Because /var/log/qubes is used in qubes-core %post. While at it, do the same with
/var/run/qubes.
2010-10-06 11:00:52 +02:00
Rafal Wojtczuk
7c1babe8aa Do not error when qvm-get-default-netvm returns empty string.
It happens when installing qubes-core-dom0 for the first time.
2010-10-06 10:55:32 +02:00
Joanna Rutkowska
28e1f962e5 core dom0 rpm: restart qubes_netvm only when using netvm in Dom0
If we use a separate netvm, then core update in Dom0 doesn't really change the networking,
worse, if we restarted netvm it would get another XID, which would break our DispVM savefile.

One day we should fix it!
2010-10-04 17:51:01 +02:00
Joanna Rutkowska
bbe085711d Restart qubes_core after Xen update
This is needed to re-set qubes permissions on some Xen sockets
2010-10-04 15:25:58 +02:00
Joanna Rutkowska
e1c0aa6eef dom0 rpm: start/stop qubes services for install/update 2010-10-04 14:21:14 +02:00
Rafal Wojtczuk
28fbb48845 Attach/detach pci devices from netvm upon resume/suspend 2010-09-30 18:22:26 +02:00
Rafal Wojtczuk
acac39ec41 rpmbuild wants pyo files in %files 2010-09-27 17:41:03 +02:00
Rafal Wojtczuk
90e3f4ffd8 Add reset_vm_configs.py script 2010-09-27 16:58:02 +02:00
Joanna Rutkowska
67537316cb core-dom0.rpm: Always do %post, not only when installing for the 1st time 2010-09-23 12:42:43 +02:00
Rafal Wojtczuk
0217dba40e Completed dvm->setupdvm name transition 2010-09-22 10:24:57 +02:00
Rafal Wojtczuk
e13e5027c3 qubes_dvm init.d script
We want to set up a default dvm if needed at boot time; for this,
the default netvm must have been already started. Therefore, we
need a qubes_dvm script, that executes after qubes_netvm.
2010-09-21 21:46:11 +02:00
Joanna Rutkowska
71baae50cb Merge branch 'ticket4' of git://qubes-os.org/rafal/core 2010-09-17 17:30:36 +02:00
Rafal Wojtczuk
e1de26f79a Require NetworkManager >= 0.8.1-1
Unfortunately, config files layout changes with NM version; therefore
require >= 0.8.1-1.
This should also prevent NM from messing with VIF interfaces on suspend/resume.
2010-09-17 15:16:01 +02:00
Joanna Rutkowska
ec988f9385 core-appvm.spec: create 'user' user in %pre instead of in %post
... otherwsie rpm -i throws an error when trying to set permissions for
/home_volatile/user, as the user 'user' doesn't exist when the %files section
is being processed during rpm install (if this is a first install of the rpm).
2010-09-15 15:33:09 +02:00
Joanna Rutkowska
9b8c018bc2 Merge branch 'qmemman' of git://qubes-os.org/rafal/core 2010-09-13 15:05:13 +02:00
Rafal Wojtczuk
1239643c73 Tell Network Manager to keep hands off vif interfaces
...somehow indirectly, by specifying the mac; unfortunately I do not
see any other way.
2010-09-07 13:18:08 +02:00
Rafal Wojtczuk
31e7e96056 Switch to routed VM network (instead of bridging)
No headache from layer 2 attacks.
2010-09-06 17:07:42 +02:00
Rafal Wojtczuk
64e8013dc2 Unify dom0 and netvm sysconfig/iptables
Plus:
- dedicated chain for DNAT to nameservers
- prevent intervm networking. Can be conveniently overriden in necessary cases
by inserting ACCEPT clauses (per VM, probably) at the top of FORWARD
2010-09-06 15:10:01 +02:00
Rafal Wojtczuk
1c337db989 qmemman: make meminfo-writer a C program 2010-09-03 16:23:09 +02:00
Rafal Wojtczuk
62487c0f1e Memory management across VMs, first release 2010-08-30 11:40:19 +02:00
Rafal Wojtczuk
4cf0a61858 Before restoring DVM, check for available xen memory
As we already do xm mem-set 0 800 in qubes_core, this is a
correct check. Now, there should be no errors from qubes_restore
in normal circumstances.
2010-07-27 16:08:09 +02:00
Rafal Wojtczuk
aa894b5700 qvm-create-default-dvm script 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
d46bf2a270 Pathnames cleanup
Move internal scripts to /usr/lib/qubes plus a couple of similar.
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
11b8a0409f DVM: execute user script before save
qubes_prepare_saved_domain.sh now takes optional second argument, the
filename. The content of the file will be copied (via xenstore) to DVM
and executed just before save. This makes it possible to preload memory
with useful apps.
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
0c0f34ba9b DVM: manage savefiles
Instead of hardcoded savefile name, use a symlink in
/var/run/qubes. Tools should set this symlink to a correct
savefile. Also, test whether the savefile is older than the
template root.img.
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
a9047d63be add qvm-dvm.desktop to rpm files section 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
0462be5043 qvm-dvm.desktop entry 2010-07-21 12:57:01 +02:00
Rafal Wojtczuk
897a5ab05e core-appvm requires mimeopen now 2010-07-21 12:57:01 +02:00
Rafal Wojtczuk
0dbef3f2ae dvm: appvm side code 2010-07-21 12:56:43 +02:00
Rafal Wojtczuk
793b7b2596 Quick VM restore support 2010-07-21 12:56:21 +02:00
Joanna Rutkowska
c8ef500588 Pause/Unpause all running VMs on system suspend/resume
This is to fix the VM lockup problem on HT processors that
occured after S3 resume (see ticket #52).

The qvm-run command now takes additional two switches:
--pause
--unpause
2010-07-08 12:41:29 +02:00
Joanna Rutkowska
7bb022878c Dom0: rm qubes-r1-dom0.repo created by user during installation
We want the user to use the qubes.repo that is installed by qubes-core-dom0
2010-07-06 16:50:31 +02:00
Joanna Rutkowska
115df6f1af Dom0: sync wallclocks in all vms upon resume from S3 sleep
This is really a workaround, until Xen implements proper suspend/resume
mechanism for notfying DomUs about system-wide S3 sleep.

See this thread for more details:

http://lists.xensource.com/archives/html/xen-devel/2010-07/msg00037.html
2010-07-06 16:32:50 +02:00
Joanna Rutkowska
4cd46be139 netvm spec: do not create user in %post
We don't need user account in netvm, do we?
2010-06-18 01:54:38 +02:00
Joanna Rutkowska
df70691aa0 appvm spec: do not attempt to remove HWADDR from ifcfg-eth0
Again, this is important when installing on an image created using yum --instalroot, in which
case there will be no ifcfg file. Besides, seems like we don't need it anymore, do we?
2010-06-18 01:53:48 +02:00
Joanna Rutkowska
af7bbccf9c appvm: create /home/user in core-appvm %post
This is needed when the template image is created using yum --installroot, rather
than regular installation process.
2010-06-18 01:52:01 +02:00
Joanna Rutkowska
247feaa34d appvm, netvm spec: be quite in %post 2010-06-18 01:50:43 +02:00
Joanna Rutkowska
6ba81ffaa9 Require F13 in VM 2010-06-18 01:48:56 +02:00
Joanna Rutkowska
9cf30ed189 appvm,netvm spec: Fix [ -e fstab ] conditional in %pre 2010-06-18 01:48:18 +02:00
Joanna Rutkowska
4fdcedbb40 Fix serial console on VM to work on F13 (REQUIRES F13) 2010-06-18 01:45:27 +02:00
Joanna Rutkowska
775e01a8e4 Make dom0, appvm, netvm use different qubes.repo 2010-06-18 01:41:10 +02:00
Joanna Rutkowska
50d7994596 Remove dom0-cleanup.spec 2010-06-15 12:21:24 +02:00
Joanna Rutkowska
096b1b9499 core-dom0.spec: disable unnecessary services in %post
This is only until we will have a proper installer
2010-06-15 12:20:53 +02:00
Joanna Rutkowska
ee7756b960 rpm specs: %post cleanup
Moved some stuff from the begging of %post sections after the
'if installing-for-the-first-time' check.
2010-06-15 00:02:48 +02:00
Joanna Rutkowska
c95fd449b7 Do not start NetworkManager from dom0 qubes_netvm script
Mark it for auto-start instead by the system scripts
2010-06-11 18:34:59 +02:00
Rafal Wojtczuk
4e6e4115e2 dom0 as netvm fixes
Use /etc/sysconfig/iptables
Replace dnsmasq with DNAT
2010-05-31 15:23:51 +02:00
Rafal Wojtczuk
2f51c6f673 Install qubes_{setup_dnat_to_ns,nmhook} from common/ 2010-05-31 13:17:04 +02:00
Joanna Rutkowska
34653a06b2 Enable rsyslogd in Dom0 2010-05-31 11:54:33 +02:00
Rafal Wojtczuk
d0d82a5090 Lock out root and user passwords; provide passwordless login on the serial console 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
c75c185179 Add qubes.repo to all qubes-core-* rpms. 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
93e989bb61 Turn on IP forwarding in sysctl.conf 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
8da2dd6957 Get rid of dnsmasq in netvm.
qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is
triggered by dhclient or NetworkManager, and manually (in case there is
a static resolv.conf).

Put IP-dependent rules in qubes-core, after local ip is known. It could be
further improved by introducing custom chains, to enable iptables save.

Restrict FORWARD.
2010-05-30 15:45:35 +02:00
Rafal Wojtczuk
c287a21723 Allow user in VM to mount /dev/xvdi; so that we can do
...block-attach... something vfat-formatted...xvdi
in dom0.
2010-05-13 15:23:31 +02:00
Rafal Wojtczuk
5e02d3ebb0 Precompilation of qubes.py
On some systems rpmbuild will not automatically precompile qubes.py, resulting
in the core-dom0 rpm bukd failure.
2010-04-10 13:52:19 +02:00
Joanna Rutkowska
a17989470a Initial public commit.
(c) 2010 Invisible Things Lab

Authors:
=========
Joanna Rutkowska <joanna@invisiblethingslab.com>
Rafal Wojtczuk  <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00