Marek Marczykowski
0e8037deee
remove VM files
2013-03-07 05:07:42 +01:00
Marek Marczykowski
f4c37be03a
remove qubes-core-libs files - moved to separate repository
2013-03-07 02:54:55 +01:00
Marek Marczykowski
3c3252b2a3
Remove qrexec - moved to separate package
2013-03-07 02:30:03 +01:00
Marek Marczykowski
325cf4b894
forgotten subdir
2013-03-06 18:41:10 +01:00
Marek Marczykowski
ca2a54b2b1
do install files used by dom0 netvm
...
We don't support dom0 netvm anymore.
2013-03-06 18:38:08 +01:00
Marek Marczykowski
7d07a6cf50
move dom0 files to dom0 subdirectory
...
Those files are actually common for dom0 and VM, but as we splitted the repos,
move them accordingly.
2013-03-06 18:37:58 +01:00
Marek Marczykowski
8fc805f34a
vm/systemd: disable avahi-daemon
...
Aparently this service have changed name, so make sure it will be disabled also
under new name.
2013-03-03 17:35:54 +01:00
Marek Marczykowski
35e01c4165
dom0/spec: improve PackageKit settings
...
1. Do not try to tell "no network detected"
2. Do not try to tell "Distribution upgrade detected - Fedora 16"
2013-03-01 01:36:05 +01:00
Marek Marczykowski
d89bdac58c
dom0: create volatile.img if not exists (StandaloneVM case)
...
StandaloneVM have no template to get clean volatile.img. Normally it is copied
from template during VM creation, but it can happen that image would not extx
(e.g. after backup restore). So create it from scratch.
Stay with original approach (restoring from clean image of template) for other
cases as it is much simpler (and perhaps faster).
2013-02-27 05:29:27 +01:00
Marek Marczykowski
d12e532fc2
vm: Use nautilus-actions to provide "Copy to other AppVM" etc nautilus commands
...
No more ugly symlink creation at VM startup, nautilus-actions have system-wide
dir (in opposite to nautilus-scripts).
Currently old symlinks are not cleaned up. Maybe it should, but leaving them
have one advantage: will not break existing users behavior.
2013-02-21 16:44:16 +01:00
Marek Marczykowski
8d347cb455
vm/spec: mark some config files with %config(noreplace)
...
Do mark such critical files, which shouldn't be modified by the user.
2013-02-21 07:25:47 +01:00
Marek Marczykowski
9310f398d5
dom0/spec: own qubes python subdir
2013-02-21 04:32:55 +01:00
Marek Marczykowski
b214fa6f9d
dom0: Scale icons to 48x48
...
We register them as 48px icons, so scale them to that size (originally 600px).
Specifically required by gui-daemon which require prescalled icon.
2013-02-19 01:05:22 +01:00
Marek Marczykowski
cd4c62fc42
dom0/systemd: disable xendomains.service
2013-02-13 16:55:07 +01:00
Marek Marczykowski
0e39e961ea
dom0/systemd: Rename qubes-dispvm to qubes-setupdvm
...
This is more accurate name. Also "qubes-setupdvm" is already used in
some places, so change service name instead of changing that places (at
least qubes-core.service).
2013-02-13 16:52:38 +01:00
Marek Marczykowski
eb5ba60da7
vm/spec: force legacy iptables services
2013-02-12 01:38:30 +01:00
Marek Marczykowski
22a0d391c2
vm: revert /etc/yum.conf exclude config
...
Upgrade of kernel is suppressed by qubes-vm-kernel-placeholder package.
Excluding xorg packages makes more problems than goods (e.g. unable to
install dummy driver, block fedora bugfixes).
2013-02-12 01:38:30 +01:00
Marek Marczykowski
0936152e12
vm/systemd: disable NetworkManager-wait-online when NM inactive
2013-02-12 01:38:30 +01:00
Marek Marczykowski
268cbfdc84
vm: require net-tools
...
Needed to setup network in VM
2013-02-12 01:38:30 +01:00
Marek Marczykowski
07d7957caa
dom0: install PolicyKit allow-all rules
...
Same purpose as sudo rule - the user already can do almost all
administrative tasks and access all VMs data, so do disable annoying
password prompt (eg at system shutdown), which do not add any real
security layer.
2013-02-12 01:38:29 +01:00
Marek Marczykowski
1579340802
vm: move polkit configs from qubes-gui-vm package
2013-02-12 01:38:29 +01:00
Marek Marczykowski
d2dc386997
vm/kernel-placeholder: update provided version
...
Some fc18 packages requires >3.5 kernel, so update kernel-placeholder
appropriate (according to newest available package in unstable
repository).
2013-02-12 01:38:29 +01:00
Marek Marczykowski
b8ccfd6e2e
dom0/init: implement systemd unit files
...
They cover standard init.d scripts when system have systemd, so can be placed
both in one package.
2013-01-27 00:04:40 +01:00
Marek Marczykowski
d99ebe043c
dom0/updates: add groups definition from fc18
2013-01-26 23:58:44 +01:00
Marek Marczykowski
75fc222545
dom0/dracut: support new dracut module interface
2013-01-25 03:09:18 +01:00
Marek Marczykowski
c5ae049e3b
Revert "dom0/spec: fix HVM settings on upgrade"
...
This reverts commit 4b44f977db
.
This doesn't actually fix the problem, because in %post new qubes.py is already
installed and maxmem=memory is no longer true.
2013-01-11 15:28:55 +01:00
Marek Marczykowski
4b44f977db
dom0/spec: fix HVM settings on upgrade
...
HVM should have meminfo-writer disabled by default (and now have). But existing
VMs have it already enabled so it must be fixed now. Generic HVM isn't capable
of dynamic memory management.
Previously it was forced to always have maxmem=memory but it wasn't fully
correct because someone could install Qubes agents/PV drivers including
meminfo-writer and xen-balloon even in HVM so it should be possible to turn it.
2013-01-11 05:05:44 +01:00
Olivier Medoc
6d6c744f2c
vm/qubes_rpc: implement qubes.WaitForSession
...
RPC call will be used in vm.start function instead of the hardcoded echo > /tmp/qubes-session-waiter
2013-01-11 01:12:23 +01:00
Marek Marczykowski
0b078a5e70
qubes-core-vm-kernel-placeholder 1.0-2
2013-01-04 13:23:48 +01:00
Marek Marczykowski
74054b4dda
vm/kernel-placeholder: provide xorg-x11-drv-nouveau to resolve deps problem
2013-01-04 13:23:20 +01:00
Marek Marczykowski
554d119fae
spec: generate proper debuginfo packages
...
%setup macro must be present in %prep to set variables required by
find-debuginfo script. Symlink is to place sources in nice
/usr/src/debug/%{name}-%{version} subdir instead of plain /usr/src/debug/core
(which can be ambiguous).
Additionally all packages need to have _builddir pointing at top src dir (in
core-dom0 it was dom0 subdir). And to cheat make about current dir (to have
%{name}-%{version} included in path) chdir must be done by shell, not make - so
can't use make -C.
2012-12-12 04:12:59 +01:00
Marek Marczykowski
02e7469be3
spec: do not build u2mfn not packaged in core-dom0 and core-vm
...
This is packages in core-libs, so build it only there.
2012-12-12 04:10:41 +01:00
Marek Marczykowski
e75d2fc57a
vm/spec: do not remote 50-qubes_misc.rules during installation
2012-11-22 08:22:52 +01:00
Marek Marczykowski
19983edc3c
vm: setup /dev/xen/evtchn permissions using udev rule
...
This works also when the device is recreated, which is the case in DispVM
(during xl restore).
2012-11-22 00:51:18 +01:00
Marek Marczykowski
3a3e265d1d
vm: load dummy-hcd module to suppress libusb bug
...
libusb crashes when no USB controller is present, load dummy-hcd as workaround.
2012-11-19 17:52:16 +01:00
Marek Marczykowski
0a6e95225a
vm: remove qubes-upgrade-vm after upgrade
2012-11-15 21:38:39 +01:00
Marek Marczykowski
629038e76d
spec: extract core libs from qubes-core-vm
...
This libs are required by both dom0 and VM so it's better to have it
separately. Previously in VM it was separate package, but dom0 have them
embedded in qubes-core-dom0, but qubes-core-vm-libs package was used to build
qubes-gui-dom0. Now we do not build all packages for all distros (especially do
not build core-vm package for dom0 distro, so gui-dom0 build fails), so make it
explicit which package is needed by which system.
2012-11-14 13:12:51 +01:00
Marek Marczykowski
504b37e378
dom0/spec: remove obsoleted patch_appvm_initramfs.sh
...
For a long time dracut module is used instead.
2012-11-13 03:45:12 +01:00
Marek Marczykowski
67e9a785fb
spec: fix compilation order
2012-11-08 00:02:13 +01:00
Marek Marczykowski
f45e6c92c5
spec: add missing 'make' call
2012-11-07 18:05:17 +01:00
Marek Marczykowski
cb31b333ae
vm/spec: fix NotShowIn entries in autostart desktop files
2012-11-03 05:22:03 +01:00
Marek Marczykowski
7fec0fd6f3
dom0/updates: include pkg groups metadata from Fedora 13
...
This will allow calls like "qubes-dom0-update @XFCE"
2012-10-23 05:47:09 +02:00
Marek Marczykowski
e9025d3690
dom0/spec: fix file permissions in package
2012-10-23 05:46:25 +02:00
Marek Marczykowski
a432b729fa
vm/qvm-usb: include vusb-ctl in VM package
2012-10-23 05:45:47 +02:00
Alexandre Bezroutchko
b2a784d35f
adjust rpm spec file to cover compiled python files
2012-10-21 20:59:17 +02:00
Alexandre Bezroutchko
5d4cf00899
dvp/qvm-usb: converted installer scripts into RPM
2012-10-21 15:10:40 +02:00
Marek Marczykowski
e35b413c19
dom0/spec: add R: python-lxml for pretty print
2012-10-19 02:21:41 +02:00
Marek Marczykowski
d03bab3db2
Merge branch 'master-for-hvm' into hvm
...
Conflicts:
dom0/qvm-core/qubes.py
dom0/qvm-tools/qvm-sync-clock
2012-10-04 05:45:41 +02:00
Marek Marczykowski
490a5e9e1a
vm/spec: fix adding yum-proxy configuration
...
Do not add entry if already present.
2012-10-04 05:44:20 +02:00
Bruce A Downs
d19a3cce99
vm: Added 'most recently used' feature to 'copy to vm' dialog
...
* replaced zenity to qvm-mru-entry in qubes_rpc/qvm-copy-to-vm.gnome
* added python script qubes_rpc/qvm-mru-entry
* added /usr/bin/qvm-mru-entry to rpm_spec/core-vm.spec
2012-10-04 05:44:19 +02:00
Bruce A Downs
dba7d94fba
vm/spec: mod to core-vm.spec to add test for files
...
core rpm was failing during uninstall attempting to move non-existent files
* /var/lib/qubes/fstab.orig
* /var/lib/qubes/serial.orig
2012-10-04 05:44:19 +02:00
Marek Marczykowski
303d4ab042
dom0/iptables: block IPv6 traffic
...
Dom0 is network isolated anyway, but apply also firewall in case of use
qubes-dom0-network-via-netvm.
2012-10-04 05:44:19 +02:00
Marek Marczykowski
9c3f8417d4
vm/iptables: block IPv6 traffic
...
This isn't properly handled by Qubes VMs yet, so block it in all the VMs.
Also restrict access to firewall config.
2012-10-04 05:44:19 +02:00
Marek Marczykowski
9519d843d8
dom0/spec: mark qrexec policy as config files
...
Prevent override on upgrade, when user makes some own changes (especially
"always allow" feature).
2012-10-04 05:44:18 +02:00
Marek Marczykowski
6419fea4ce
vm/spec: fix adding yum-proxy configuration
...
Do not add entry if already present.
2012-10-04 05:29:10 +02:00
Marek Marczykowski
4e2f47d95c
dom0/spec: mark qrexec policy as config files
...
Prevent override on upgrade, when user makes some own changes (especially
"always allow" feature).
2012-08-27 00:53:58 +02:00
Marek Marczykowski
c0455ac641
Merge branch 'master' into hvm
...
Conflicts:
dom0/qvm-tools/qvm-create
version_dom0
2012-08-23 11:11:59 +02:00
Marek Marczykowski
a98020eca7
dom0+vm/qfile-copy: use setuid instead of policy setting to allow chroot
...
This will allow to not hardcode "root" username in policy, which can be useful
for non-Linux systems.
2012-08-18 21:17:07 +02:00
Marek Marczykowski
9b3a77bc1d
dom0: move RPC services to separate directory ( #654 )
...
This makes more clear which code have contact with untrusted data from VM.
2012-08-16 16:56:16 +02:00
Marek Marczykowski
a67bf1f1c0
Merge branch 'master' into hvm
2012-08-06 15:00:02 +02:00
Marek Marczykowski
fa17c541af
dom0: cleanup dead DispVMs at system startup ( #648 )
2012-08-04 00:57:34 +02:00
Marek Marczykowski
e6c8bf81fd
Merge branch 'master' into hvm
...
Conflicts:
version_dom0
2012-08-01 00:55:05 +02:00
Marek Marczykowski
b7d2667b1d
vm/kernel-placeholder: simplify upgrade
2012-07-30 23:16:05 +02:00
Marek Marczykowski
d1b827e1bd
Merge branch 'master' into hvm
...
Conflicts:
dom0/init.d/qubes_core
rpm_spec/core-dom0.spec
version_dom0
2012-07-25 02:52:00 +02:00
Marek Marczykowski
b691f57bbf
vm: kernel-placeholder package to inhibit real kernel pkg in VM ( #645 )
...
Some packages depends on kernel (ex fuse, pulseaudio), but kernel in VM is
managed by dom0. Any hack like exlude or so on will break some things, so
install empty placeholder package to fulfill dependencies.
2012-07-23 23:17:50 +02:00
Marek Marczykowski
f98bf1d570
dom0: fix dirs permissions after xen upgrade
2012-07-20 13:08:18 +02:00
Marek Marczykowski
38e8b85b06
dom0: fix dirs permissions after xen upgrade
2012-07-18 12:46:36 +02:00
Marek Marczykowski
0f6f445ece
Revert "vm/spec: disable pam_systemd globally ( #607 )" ( #626 )
...
This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626 ).
Conflicts:
rpm_spec/core-vm.spec
2012-07-16 13:36:08 +02:00
Marek Marczykowski
eeabd3b371
Revert "vm/spec: disable pam_systemd globally ( #607 )" ( #626 )
...
This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626 ).
Conflicts:
rpm_spec/core-vm.spec
2012-07-16 12:49:41 +02:00
Marek Marczykowski
d9291ab2b4
dom0/appmenus: Rename dir entry for ServiceVMs ( #627 )
2012-07-15 02:41:23 +02:00
Marek Marczykowski
06ba3f6e49
vm: implement qubes.GetAppmenus to reduce code duplication
...
As one-liner services are now real one-line, just do it.
2012-07-15 02:41:23 +02:00
Marek Marczykowski
20f6c6c6dc
vm: simplify qubes.VMShell service
...
Now additional wrapper not required to skip cmdline argument
2012-07-15 02:41:23 +02:00
Marek Marczykowski
b6b50b6fea
dom0/appmenus: Rename dir entry for ServiceVMs ( #627 )
2012-07-15 02:26:17 +02:00
Marek Marczykowski
1c096ec65c
vm: implement qubes.GetAppmenus to reduce code duplication
...
As one-liner services are now real one-line, just do it.
2012-07-15 02:26:09 +02:00
Marek Marczykowski
15d5a1205d
vm: simplify qubes.VMShell service
...
Now additional wrapper not required to skip cmdline argument
2012-07-15 02:04:17 +02:00
Marek Marczykowski
906332ea40
vm: export SuspendPre and SuspendPost qrexec services ( #617 )
...
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
2012-07-13 14:44:11 +02:00
Marek Marczykowski
6d6f43fb4e
vm: export SuspendPre and SuspendPost qrexec services ( #617 )
...
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
2012-07-13 14:40:52 +02:00
Marek Marczykowski
718f5c2bdb
vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package ( #620 )
2012-07-12 14:22:44 +02:00
Marek Marczykowski
b92bb698be
vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package ( #620 )
2012-07-12 14:21:44 +02:00
Marek Marczykowski
954b4e6947
vm/systemd: disable additional useless services ( #620 )
...
Most of them relay on direct network acces, which isn't true on Qubes.
2012-07-12 03:56:09 +02:00
Marek Marczykowski
ca7ec2aa57
vm/spec: remove dupplicated commnds, suppress error message
2012-07-12 03:56:09 +02:00
Marek Marczykowski
00778cacea
dom0/spec: suppress unnecessary messages during package upgrade
2012-07-12 03:56:09 +02:00
Marek Marczykowski
6aeaa7b036
vm/systemd: disable additional useless services ( #620 )
...
Most of them relay on direct network acces, which isn't true on Qubes.
2012-07-12 03:54:41 +02:00
Marek Marczykowski
212d4227c8
vm/spec: remove dupplicated commnds, suppress error message
2012-07-12 03:54:41 +02:00
Marek Marczykowski
f0d55138d3
dom0/spec: suppress unnecessary messages during package upgrade
2012-07-12 03:54:34 +02:00
Marek Marczykowski
302191edec
vm/spec: disable pam_systemd only in trigger
...
The %post part is unnecessary.
2012-07-09 15:54:33 +02:00
Marek Marczykowski
c1f5377b1d
vm/spec: disable pam_systemd only in trigger
...
The %post part is unnecessary.
2012-07-09 15:52:42 +02:00
Marek Marczykowski
8b2be6b693
dom0/spec: remove some udev rules from system ( #605 )
2012-07-05 01:43:32 +02:00
Marek Marczykowski
c4888add66
vm: disable D-Bus activation of NetworkManager ( #610 )
2012-07-05 01:43:32 +02:00
Marek Marczykowski
b834e2c5a7
vm/spec: disable pam_systemd globally ( #607 )
...
Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by
authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to
be much more realiable.
2012-07-05 01:43:32 +02:00
Marek Marczykowski
3ccc43ede2
dom0/spec: remove some udev rules from system ( #605 )
2012-07-05 01:40:38 +02:00
Marek Marczykowski
725e724044
vm: disable D-Bus activation of NetworkManager ( #610 )
2012-07-05 01:33:22 +02:00
Marek Marczykowski
f20099f05b
vm/spec: disable pam_systemd globally ( #607 )
...
Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by
authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to
be much more realiable.
2012-07-05 01:31:32 +02:00
Marek Marczykowski
0006ebdaff
vm/spec: fix enabling NetworkManager SystemD service
2012-06-26 03:43:36 +02:00
Marek Marczykowski
a6c7d0efbe
vm/spec: fix error messages
2012-06-26 03:43:36 +02:00
Marek Marczykowski
da63af599c
vm/spec: fix enabling of qubes-firewall SysV service
2012-06-26 03:43:36 +02:00
Marek Marczykowski
2e7d5cc178
dom0: appmenu to start Firefox in new DispVM ( #594 )
2012-06-26 03:43:36 +02:00
Marek Marczykowski
4f7656e36f
vm/spec: fix enabling NetworkManager SystemD service
2012-06-26 03:36:22 +02:00
Marek Marczykowski
4cc7d9300f
vm/spec: fix error messages
2012-06-26 03:31:28 +02:00
Marek Marczykowski
71c4ca8804
vm/spec: fix enabling of qubes-firewall SysV service
2012-06-26 03:30:06 +02:00
Marek Marczykowski
0008e71784
dom0: appmenu to start Firefox in new DispVM ( #594 )
2012-06-24 14:09:43 +02:00
Marek Marczykowski
f53ebfc3cd
vm: RPC service for NTP time sync ( #603 )
2012-06-23 00:37:47 +02:00
Marek Marczykowski
8e61660687
vm: RPC service for NTP time sync ( #603 )
2012-06-22 22:22:57 +02:00
Marek Marczykowski
288dcc562e
vm: enable yum-qubes-hooks plugin ( #592 )
2012-06-11 22:35:44 +02:00
Marek Marczykowski
5354249102
vm: enable yum-qubes-hooks plugin ( #592 )
2012-06-08 00:34:11 +02:00
Marek Marczykowski
01ca42b5c4
vm/spec: create firmware symlink only when needed
...
On new systems, like FC16+, firmware is provided by separate package (like
linux-firmware), so no longer need to get it from kernel package.
2012-06-06 03:02:58 +02:00
Marek Marczykowski
4463701bf3
vm/spec: depend on ethtool _package_
2012-06-06 03:02:58 +02:00
Marek Marczykowski
ad6bfe3ca1
vm/spec: create firmware symlink only when needed
...
On new systems, like FC16+, firmware is provided by separate package (like
linux-firmware), so no longer need to get it from kernel package.
2012-06-06 03:00:05 +02:00
Marek Marczykowski
4911ca7eb9
vm/spec: depend on ethtool _package_
2012-06-06 02:59:07 +02:00
Marek Marczykowski
79f13d6c66
vm: yum plugin to notify dom0 about installed updates ( #592 )
2012-06-05 21:21:53 +02:00
Marek Marczykowski
ea08560e43
makefile: rename vchan Makefile to not conflict with windows build
2012-06-05 21:21:53 +02:00
Marek Marczykowski
8023c66020
vm: yum plugin to notify dom0 about installed updates ( #592 )
2012-06-05 19:28:59 +02:00
Marek Marczykowski
dd60d3da95
makefile: rename vchan Makefile to not conflict with windows build
2012-06-02 12:32:49 +02:00
Marek Marczykowski
1f194cbe08
dom0: block_cleaner: removes ejected devices from xenstore
...
When device is ejected by some VM (state=6, effectively inactive), it should be
removed from xenstore to free slot for some another device. This should be done
by libxl toolstack, but not implemented in xen 4.1 - AFAIR done in xen 4.2.
2012-06-01 20:59:45 +02:00
Marek Marczykowski
4bac57818e
vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy ( #568 )
...
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
- usage of non-standard repos with some exotic file layout, which will be
blocked by the proxy
- usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)
This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).
2012-05-31 03:11:44 +02:00
Marek Marczykowski
96508abf2c
vm: qubes-yum-proxy service ( #568 )
...
Introduce proxy service, which allow only http(s) traffic to yum repos. The
filter rules are based on URL regexp, so it isn't full-featured content
inspection and can be easy bypassed, but should be enough to prevent some
erroneus user actions (like clicking on invalid link).
It is set up to intercept connections to 10.137.255.254:8082, so VM can connect
to this IP regardless of VM in which proxy is running. By default it is
started in every NetVM, but this can be changed using qvm-service or
qubes-manager (as always).
2012-05-31 03:11:43 +02:00
Marek Marczykowski
341fbe012c
vm/spec: remove executable perm where not needed
2012-05-31 03:11:43 +02:00
Marek Marczykowski
edc3518ec9
vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy ( #568 )
...
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
- usage of non-standard repos with some exotic file layout, which will be
blocked by the proxy
- usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)
This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).
2012-05-31 03:05:13 +02:00
Marek Marczykowski
b2cfd73691
vm: qubes-yum-proxy service ( #568 )
...
Introduce proxy service, which allow only http(s) traffic to yum repos. The
filter rules are based on URL regexp, so it isn't full-featured content
inspection and can be easy bypassed, but should be enough to prevent some
erroneus user actions (like clicking on invalid link).
It is set up to intercept connections to 10.137.255.254:8082, so VM can connect
to this IP regardless of VM in which proxy is running. By default it is
started in every NetVM, but this can be changed using qvm-service or
qubes-manager (as always).
2012-05-31 03:04:11 +02:00
Marek Marczykowski
a953e56042
vm/spec: remove executable perm where not needed
2012-05-31 02:21:15 +02:00
Marek Marczykowski
b4aa6c6ddc
vm/spec: fix /etc/hosts if it was broken by previous version
2012-05-08 23:45:00 +02:00
Marek Marczykowski
0ebd1d0de6
vm/spec: fix /etc/hosts if it was broken by previous version
2012-05-08 23:44:07 +02:00
Marek Marczykowski
950d848ede
vm: notify dom0 when updates available in VM ( #475 )
2012-05-02 00:09:00 +02:00
Marek Marczykowski
370ad33c44
dom0: provide service for VM to notify about updates availability ( #475 )
2012-05-02 00:09:00 +02:00
Marek Marczykowski
9c7ab91491
dom0: remove unused reset_vm_configs.py
2012-05-02 00:09:00 +02:00
Marek Marczykowski
af1f88755d
vm: notify dom0 when updates available in VM ( #475 )
2012-05-01 01:14:04 +02:00
Marek Marczykowski
fa41bf840c
dom0: provide service for VM to notify about updates availability ( #475 )
2012-05-01 01:12:19 +02:00
Marek Marczykowski
366e405df0
dom0: remove unused reset_vm_configs.py
2012-04-30 13:29:01 +02:00
Marek Marczykowski
f05605eccc
dom0/spec: fix spec for qmemman.conf
2012-03-29 16:18:00 +02:00
Marek Marczykowski
7bee34dfb0
dom0/spec: fix spec for qmemman.conf
2012-03-29 16:17:10 +02:00
Marek Marczykowski
71b98f9d95
dom0/qmemman: add support for config file
2012-03-28 00:47:26 +02:00
Marek Marczykowski
2e6e9bfab9
dom0/qmemman: add support for config file
2012-03-28 00:21:01 +02:00
Marek Marczykowski
ba6c682254
dom0/rpm-spec: fix xenconsoled setup
...
XENCONSOLED_LOG_GUESTS was erroneously replaced by XENCONSOLED_LOG_HYPERVISOR.
So to config fresh systems and broken by prevoius version, remove any
XENCONSOLED_LOG_ entries and add correct one at the config end.
2012-03-11 21:14:52 +01:00
Marek Marczykowski
e77bdf63db
dom0/rpm-spec: fix xenconsoled setup
...
XENCONSOLED_LOG_GUESTS was erroneously replaced by XENCONSOLED_LOG_HYPERVISOR.
So to config fresh systems and broken by prevoius version, remove any
XENCONSOLED_LOG_ entries and add correct one at the config end.
2012-03-11 21:12:49 +01:00
Marek Marczykowski
a58259a171
Merge branch 'master' into hvm
...
Conflicts:
version_dom0
version_vm
2012-03-09 10:19:34 +01:00
Marek Marczykowski
0b142fb040
vm/init.d: make firewall and netwatcher service consistent with systemd
2012-03-09 01:50:18 +01:00
Marek Marczykowski
a717b3755e
Merge branch 'master' into hvm
...
Conflicts:
dom0/qvm-core/qubes.py
2012-03-06 02:21:52 +01:00
Marek Marczykowski
db043c84bc
dom0/sysconfig: load and setup cpufreq-xen if present
...
Required for suspend on Core i5 with pvops kernel.
2012-03-05 12:44:08 +01:00
Marek Marczykowski
91ec015486
dom0/sysconfig: enable xenconsoled logging
2012-03-05 12:31:15 +01:00
Marek Marczykowski
25b57bab88
dom0/appmenus: Create "Start" appmenu for HVM domains
2012-03-02 01:56:50 +01:00
Marek Marczykowski
63f3537f98
dom0/spec: require xen-hvm package for stubdom
2012-03-01 10:57:34 +01:00
Joanna Rutkowska
0e0fe6a3d9
Merge branch 'master' of git://git.qubes-os.org/marmarek/core into hvm
2012-02-27 13:30:14 +01:00
Marek Marczykowski
067fb100a1
dom0/modules: support for pvops modules in dom0
2012-02-25 14:04:06 +01:00
Marek Marczykowski
3ad50b58e7
dom0/spec: include HVM config template in rpm
2012-02-24 04:53:15 +01:00
Marek Marczykowski
b422bf8b2f
dom0/pm-utils: fix scripts order according to pm-utils docs ( #443 )
2012-02-09 11:31:41 +01:00
Marek Marczykowski
73e63d9998
dom0/spec: include qubes-* tools in rpm ( #421 )
2012-02-07 12:31:44 +01:00
Marek Marczykowski
70db6b0fc9
vm/mimeopen: save mimetype defaults for DispVM ( #423 )
2012-02-06 19:08:08 +01:00
Marek Marczykowski
a4a9632a5a
vm/spec: fix file permissions
2012-02-06 12:58:02 +01:00
Marek Marczykowski
b87fff44c4
dom0/clock: sync clock using new qubes-sync-clock from cron ( #435 , #429 )
2012-02-01 17:39:20 +01:00
Marek Marczykowski
4c78a9cb7f
dom0/spec: require cron daemon ( #429 )
2012-01-30 16:27:12 +01:00
Marek Marczykowski
31fd953377
vm/spec: do not complain about missing serial.conf
2012-01-30 14:22:35 +01:00
Marek Marczykowski
ad75f3c99e
vm/network: symlink NetworkManager system-connection to /rw ( #425 )
...
In FC15, NetworkManager by default uses global connections ("Available to all users"). Save them in /rw instead of /etc, to preserve them across reboots.
2012-01-30 14:20:02 +01:00
Marek Marczykowski
f8562f8e1c
vm/spec: hide diagnostics from systemctl
2012-01-18 17:24:04 +01:00
Marek Marczykowski
83cde6e841
vm: enable qubes-firewall ( #424 )
2012-01-18 13:37:31 +01:00
Marek Marczykowski
351b413f74
spec: fix build order
2012-01-15 17:36:22 +01:00
Marek Marczykowski
1e2ca857cc
vm/systemd: enable ntpd and NetworkManager services
2012-01-14 01:40:54 +01:00
Marek Marczykowski
b5f691da1c
vm/systemd: add some package requirements according to Fedora documentation
2012-01-14 01:40:10 +01:00
Marek Marczykowski
7dbb3fe5b0
vm: disable some autostart applications
2012-01-14 01:39:43 +01:00
Marek Marczykowski
f581fad6fd
vm: disable silent automatic update *installation* in FC15 ( #415 )
...
Do not silently download and install updates, especially in NonUpdateableVM.
2012-01-14 01:37:22 +01:00
Marek Marczykowski
cf591a4cd5
vm/init: introduce SystemD startup scripts
2012-01-10 12:10:16 +01:00
Marek Marczykowski
11055f7162
vm/spec: split SysV init scripts into separate subpackage
2012-01-10 12:09:09 +01:00
Marek Marczykowski
95edff2ac2
vm/spec: add Obsoletes header for smooth upgrade
2012-01-10 11:23:27 +01:00
Marek Marczykowski
adc0b6eff5
vm(+dom0): major rearrage VM files in repo; merge core-*vm packages
2012-01-06 21:31:12 +01:00
Marek Marczykowski
9c40e23af2
vm: disable cron also using systemctl
...
This is needed for FC15
2011-12-30 23:53:46 +01:00
Marek Marczykowski
0cab96ad6d
vm/qvm-block: do not disable qubes block udev rules ( #393 )
2011-12-26 21:01:31 +01:00
Marek Marczykowski
0d32a533e7
vm/yum-repo: Use $releasever in repo definition
...
Instead of multiple files with only release version different.
2011-12-12 03:35:22 +01:00
Marek Marczykowski
a3f2496a27
vm/spec: more precise blacklisting updates of xorg ( #381 )
2011-12-05 13:50:07 +01:00
Marek Marczykowski
8a09f45bd8
dom0: and do not include xenfreepages in rpm...
2011-11-02 20:13:26 +01:00
Marek Marczykowski
ede96353af
dom0/qrexec: Add always allow option in qrexec confirmation dialog ( #278 )
2011-10-12 00:08:28 +02:00
Marek Marczykowski
9152bf6652
dom0/spec: disable prelink service
2011-10-07 21:28:26 +02:00
Marek Marczykowski
3876cf4070
dom0/dom0-updates: check for dom0 updates from cron ( #354 )
2011-10-07 21:28:16 +02:00
Marek Marczykowski
8d855aa958
dom0+vm/qvm-block: automatically detach device when physical dev removed ( #226 )
...
This will work when device is unmounted. On mounted device backend will be
removed (after 3s timeout), but frontend will left in "closing" state - manual
'xl block-detach' will be needed.
2011-09-30 10:42:56 +02:00
Marek Marczykowski
111d807ae0
dom0: include qubesutils in rpm package ( #226 )
2011-09-30 10:42:56 +02:00
Marek Marczykowski
6b885bd361
dom0+vm: expose block devices info in xenstore ( #226 )
2011-09-29 13:56:06 +02:00
Marek Marczykowski
801e113c06
vm: minor fixes for Fedora 15
...
1. create /var/run/qubes as /var/run is now on tmpfs
2. if system-d is present - use it to disable NetworkManager
2011-09-27 01:37:09 +02:00
Marek Marczykowski
72bc213980
vm/spec: do not use chown in %install - it will not work as unprivileged user
2011-09-25 15:18:48 +02:00
Marek Marczykowski
27ca0f878c
rpm spec: do not mark files with %dir
2011-09-22 01:16:32 +02:00
Marek Marczykowski
9f14be6eed
dom0: sync dom0 clock more frequent; start it from init.d script
2011-09-15 14:43:02 +02:00
Marek Marczykowski
633b21bb26
dom0: do not sync rpmdb with UpdateVM after each pkg installation
...
This doesn't make sense sice at every qvm-dom0-update we begin with sync rpmdb.
Also this allow embedding sync_rpmdb_updatevm.sh into qvm-dom0-update.
2011-09-15 13:37:34 +02:00
Marek Marczykowski
e4e661ac51
dom0: reduce watching tool to dom0 clock sync only
...
Do not watch for updates for now, it will be implemented later.
2011-09-15 13:32:06 +02:00
Marek Marczykowski
855664e6e5
dom0+vm: use qubes_download_dom0_updates.sh instead of qubes_check_for_updates.sh
...
Remove code duplication. Implemented required --check-only option to
qubes_download_dom0_updates.sh.
2011-09-15 00:18:56 +02:00
Joanna Rutkowska
2de02b7a6c
vm: update symlinks in Nautilus Scripts menu
...
This is important for older templates that got upgraded to new core packages,
which renamed some of the tools by removing the '2' suffix.
2011-09-14 19:32:47 +02:00
Marek Marczykowski
cf7bc53cc7
dom0 spec: cleanup old entries from /etc/yum.conf before adding new one
...
Fix whitespaces in sed.
2011-09-14 00:47:24 +02:00
Joanna Rutkowska
aa1f6f63cf
version 1.6.21-dom0
2011-09-09 14:49:53 +02:00
Marek Marczykowski
dbf7225232
version 1.6.20-2 dom0
2011-09-08 23:00:46 +02:00
Marek Marczykowski
13127749bf
dom0: fix do-not-upgrade-kernel yum.conf entry
2011-09-08 14:26:31 +02:00
Marek Marczykowski
a1fc75a58b
vm: automatically online added memory
...
This is needed to increase memory size above initial value on pvops kernel.
Should not harm xenlinux version.
2011-09-06 01:12:21 +02:00
Marek Marczykowski
d9cd2467b0
vm: get rid of "2" from qvm-* names ( #340 )
2011-09-03 17:12:24 +02:00
Joanna Rutkowska
16a46f9a9c
Use proper dracut module and conf files...
...
... instead of the ugly and incompatible /usr/share/qubes/regenerate_initramfs.sh script
2011-09-02 16:55:39 +02:00
Rafal Wojtczuk
9fa0072215
qvm-open-in-*: recognize when the parameter is an url
...
and wrap it in html meta refresh tag, so that it will be opened by
the default browser.
2011-08-29 17:27:48 +02:00
Rafal Wojtczuk
a4708ae9b6
qrexec: implement qvm-run command for AppVMs
...
It is build upon qrexec2, qubes.VMShell command. So, in order to e.g.
start firefox in a fresh dispVM, do
qvm-run '$dispvm' firefox http://www.qubes-os.org
2011-08-29 16:46:44 +02:00
Joanna Rutkowska
9f15bfbeb3
dom0: require gnome-packagekit
2011-08-02 13:08:35 +02:00
Joanna Rutkowska
708263bec4
Revert "Dom0: use kpackagekit for updates GUI"
...
This reverts commit 94c0f6c9d3
.
Kpackagekit is not so nice-behaving as gpk-update-viewer is,
e.g. it complains there are is no network connectivity, and, perhaps
as a result, doesn't display the list of avilable updates.
2011-08-02 13:01:42 +02:00
Joanna Rutkowska
94c0f6c9d3
Dom0: use kpackagekit for updates GUI
2011-08-01 16:07:53 +02:00
Joanna Rutkowska
dfa2777272
dom0: do not require NetworkManager
2011-07-30 12:33:35 +02:00
Joanna Rutkowska
5932699d8f
vm: Fix modules blacklisting
2011-07-30 11:30:21 +02:00
Joanna Rutkowska
4dde8f8661
vm: Blacklist unnecessary packge updates
2011-07-30 11:15:47 +02:00
Joanna Rutkowska
71209b5b39
Merge branch 'prebeta2' of git.qubes-os.org:/var/lib/qubes/git/rafal/core
2011-07-30 11:01:23 +02:00
Rafal Wojtczuk
3df2e9783d
dispvm: when updating savefile on demand, present zenity progress bar
2011-07-26 16:36:59 +02:00
Joanna Rutkowska
2c2b7111eb
sony-vaio-fixes v1.6.1
...
* display quirks no longer needed for 2.6.38 kernel
* i8042.nopnp no longer needed for 2.6.38 kernel
2011-07-17 14:15:14 +02:00
Marek Marczykowski
182e1ccf2b
dom0: watch for updates from dom0 ( #198 )
...
Additionally synchronize clock every 6h. This is started by xdg-autostart (not
qvm-core) to have running Xorg - needed to prompt user for updates download.
2011-07-17 01:20:13 +02:00
Marek Marczykowski
1e27219734
vm: move dom0-updates dir to core-appvm package ( #198 )
...
At core-commonvm installation stage "user" can no exists.
2011-07-17 01:20:13 +02:00
Marek Marczykowski
f24897ae56
vm: Split updates check and download into separate scripts ( #198 )
2011-07-17 01:20:13 +02:00
Marek Marczykowski
8121e80db0
dom0: script for initrd regeneration ( #7 )
2011-07-15 12:52:01 +02:00
Marek Marczykowski
8a933a76ec
dom0: Fix appmenu-select desktop file name ( #266 )
2011-07-12 19:46:00 +02:00
Marek Marczykowski
7f940cefde
dom0: load pciback module ( #252 )
2011-07-09 20:43:27 +02:00
Marek Marczykowski
371fdf5884
Merge branch 'qrexec2' of git://git.qubes-os.org/rafal/core
2011-07-09 16:52:54 +02:00
Marek Marczykowski
cd4e4f5ddd
vm: fix udev rules for VM network hotplug
2011-07-09 16:52:51 +02:00
Rafal Wojtczuk
243d488d99
qrexec: package qubes.SyncAppMenus files
2011-07-06 16:27:09 +02:00
Rafal Wojtczuk
6366db0ab6
qrexec: adjust updates fetching to the new qrexec api
2011-07-06 14:44:40 +02:00
Rafal Wojtczuk
d46150b8d3
qrexec: adjust appmenu syncing to the new qrexec api
2011-07-06 14:09:36 +02:00
Rafal Wojtczuk
7d79a15c4b
qrexec: support for rpc with dom0 as target
2011-07-06 13:56:57 +02:00
Rafal Wojtczuk
2fdf9761c7
qrexec: adjust DispVM code to the new qrexec API
...
Note, we have qvm-open-in-vm totally for free.
2011-07-06 12:32:20 +02:00
Rafal Wojtczuk
b7e8c2708c
qrexec: adjust intervm file copy code to the new qrexec API
2011-07-06 10:17:58 +02:00
Rafal Wojtczuk
ecf200dca3
qrexec: last two missing pieces of the new rpc infrastructure
2011-07-05 18:35:03 +02:00
Rafal Wojtczuk
9c7eb81a23
qrexec: add qrexec_client_vm.c
2011-07-05 11:03:31 +02:00
Marek Marczykowski
11a96f70de
vm: Load evtchn module by script in /etc/sysconfig/modules
2011-07-02 19:11:15 +02:00
Marek Marczykowski
180d7ed68e
dom0: Allow multiple versions of kernel-qubes-vm installed
2011-06-30 01:18:39 +02:00
Marek Marczykowski
f447a458f2
dom0+vm: Update VM kernel mechanism ( #242 )
...
Get kernel from global kernels dir (/var/lib/qubes/vm-kernels), not per-VM. Can
be configured by qvm-prefs (kernel parameter).
New tool: qvm-set-default-kernel
For backward compatibility kernel=None means kernel in VM dir (kernels subdir).
(possibly empty) modules.img should be created in it.
2011-06-30 01:07:47 +02:00
Marek Marczykowski
42cab54520
dom0: include missing vm-template.conf in rpm package
2011-06-23 23:23:45 +02:00
Marek Marczykowski
21222cc859
dom0: start xenstored service in %post
...
This is required by qvm-init-storage and in general to qvm-* works properly.
2011-06-23 20:04:27 +02:00
Marek Marczykowski
151b15bb8c
dom0: Edit xl.conf in %post instead of overriding file (rpm file conflict)
2011-06-23 14:39:17 +02:00
Marek Marczykowski
d9d7a69c27
dom0+vm: Tools for downloading dom0 update by VM ( #198 )
...
Mainly 4 parts:
- scripts for providing rpmdb and yum repos to VM (choosen by qvm-set-updatevm)
- VM script for downloading updates (qubes_download_dom0_updates.sh)
- qfile-dom0-unpacker which receive updates, check signatures and place its in dom0 local yum repo
- qvm-dom0-upgrade which calls all of above and after all yum gpk-update-viewer
Besides qvm-dom0-upgrade, updates are checked every 6h and user is prompted if
want to download it. At dom0 side gpk-update-icon (disabled yet) should notice
new updates in "local" repo.
2011-06-22 00:44:48 +02:00
Marek Marczykowski
6d9fdf4729
dom0: Add shortcut qubes-appmenu-select ("Add more shortcuts...") for each VM ( #45 )
2011-06-12 01:47:15 +02:00
Marek Marczykowski
83d211836a
dom0+vm: Trigger appmenus sync after yum transaction ( #45 ), NEW QREXEC COMMAND
...
After yum transaction (install/upgrade/remove),
yum-plugin-post-transaction-actions will execute script which trigger
qvm-sync-appmenus in dom0 (through qrexec).
THIS INTRODUCE NEW PREDEFINED COMMAND IN QREXEC
2011-06-12 01:46:24 +02:00
Marek Marczykowski
a4d1a21b46
dom0: qvm-sync-appmenus - copy *directory.template when needed
2011-06-11 23:09:55 +02:00
Marek Marczykowski
0ffb186681
vm: add -qubes suffix to xenstore-watch to not conflict with xen standard tool
2011-06-07 15:58:55 +02:00
Marek Marczykowski
ae6d2ac70c
dom0: include xl.conf in qubes-core-dom0 package
...
Disable autoballoon (qmemman will handle it) and specify lock file location
writable by user.
2011-06-07 15:58:55 +02:00
Marek Marczykowski
62111845ea
dom0: set memlock limit to unlimited for qubes users
...
Needed to 'xl create' work
2011-06-07 15:58:54 +02:00
Marek Marczykowski
c789121f84
dom0: migrate from xend to libxl stack - qvm-core
...
This is core part of migration. Things not migrated yet:
- DispVM (qubes_restore needs to be almost rewritten)
- VM xen config files should be fixed (use "script:" prefix in block device description, perhaps generate this files on VM start)
Huge, slow xend not needed any more, now it conflicts with libxl
2011-06-01 23:59:53 +02:00
Marek Marczykowski
986f4a888c
Merge branch 'r1-beta1-fixes'
...
Conflicts:
dom0/qvm-core/qubes.py
version_dom0
version_vm
2011-05-24 00:20:39 +02:00
Marek Marczykowski
bb073c3cdb
vm: Remove root password to allow easy escalation from UI application ( #202 )
...
Ex. gpk-application needs this to work properly while running from user. When
root password is set - polkit-daemon asks for it (according to polkit setting).
2011-05-12 19:15:24 +02:00
Joanna Rutkowska
8c218c38a7
core-dom0-vaio-fixes is now a separate package
...
Also fixes to postun scripts to properly handle updates
2011-05-10 11:14:41 +02:00
Marek Marczykowski
1891954f71
Revert "Run nm-applet as normal user"
...
This reverts commit 2f5b6e6582
.
Dbus policy hacking not needed any more. ConsoleKit session is correctly started.
2011-04-29 02:32:55 +02:00
Marek Marczykowski
655f13e2ec
Configure VM network iface on attach (not only on boot) ( #190 )
2011-04-23 02:31:54 +02:00
Marek Marczykowski
0b66804a7b
Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core
2011-04-21 23:56:41 +02:00
Tomasz Sterna
47fea4258c
We do not want to have StandaloneVM and UtilityVM types.
2011-04-20 00:56:58 +02:00
Marek Marczykowski
1e923e3cb5
Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core
2011-04-19 09:32:45 +02:00
Marek Marczykowski
d3c96d12bf
Rename try 2...
2011-04-19 01:42:42 +02:00
Marek Marczykowski
860bab5662
Rename xenstore-watch to xenstore-watch-qubes
...
Xen 4.1.0 provides own xenstore-watch with diffrent args. We can't use it by
default, because we still support xen 3.4.
2011-04-19 01:38:07 +02:00
Tomasz Sterna
4a0d6b03c6
Disable unnecessary Upstart, Init and XDG Autostart serices. #209
...
Move unneded /etc/init/*.conf services to /etc/init/*.conf.disabled.
Start CUPS only in AppVM and UtilityVM.
Start XDG Autostart applications only in domains that makes sense for them.
2011-04-19 00:11:45 +02:00
Joanna Rutkowska
95488dc59e
Pass --level 5 for chkconfigs in core-dom0 post
2011-04-11 14:47:02 +02:00
Joanna Rutkowska
ce7fa7474f
vaio_fixes: pass special option to snd-hda-intel module (required to get sound on Vaio Z)
2011-04-11 11:35:25 +02:00
Marek Marczykowski
ba07c11237
Create ~/.local/share dir, as gnote requires it.
2011-04-10 22:12:04 +02:00
Joanna Rutkowska
35bd7db647
Do not restart qubes core in Xen triggers
...
This is an attempt to figure out why qubes-core-dom0 update still
causes VM restart...?
2011-04-08 23:33:52 +02:00
Joanna Rutkowska
ddd8dabe12
vaio-fixes: automaitcally add i8042.nopnp kernel arg to grub
...
This is needed to get Sony Vaio Z touchpad working
2011-04-08 23:18:28 +02:00
Joanna Rutkowska
4062683ef4
Revert "Removed qubes_setupdvm script from package"
...
This reverts commit 8ddb8593cb
.
Actually we need this script...
2011-04-08 22:57:11 +02:00
Joanna Rutkowska
9f1c226e17
vaio-fixes rpm requires alsa-utils
2011-04-08 22:52:49 +02:00
Joanna Rutkowska
f6d4f86edc
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
...
Conflicts:
rpm_spec/core-dom0.spec
2011-04-07 19:39:42 +02:00
Marek Marczykowski
a610ec51d0
Automaticaly start qubes_guid for all VMs when user logon
...
This is needed ex for NetVM, which is started without qubes_guid
2011-04-07 19:23:23 +02:00