Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,864 Commits 1 Branch 0 Tags 6.4 MiB
0159cd6a77
Commit Graph

1864 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Olivier MEDOC
0159cd6a77 archlinux: fix pacman.d dropin not activated if pacman.conf does not already contains qubes markers 2017-01-29 15:27:14 +01:00
Olivier MEDOC
8ba584dfb0 Makefile: enforce mode 750 for directories /etc/sudoers.d and /etc/polkit-1/rules.d 2017-01-29 15:01:01 +01:00
Olivier MEDOC
98b4f1f265 archlinux: fix bash syntax errors 2017-01-29 14:34:50 +01:00
Olivier MEDOC
8584290295 archlinux: update installer script to use systemd preset file 2017-01-29 13:55:35 +01:00
Olivier MEDOC
9890ed191a archlinux: fix lsb_release missing 2017-01-28 21:20:20 +01:00
Lorenzo
f3a44bdd74
Merge branch 'master' of github.com:lorenzog/qubes-core-agent-linux 2017-01-14 22:21:45 +00:00
Lorenzo
f4af5f320a
Shut down after update only if it's a template. 
As per discussion in
https://github.com/QubesOS/qubes-issues/issues/2555#issuecomment-271415169

Signed-off-by: Lorenzo <lorenzo.grespan@gmail.com>
 2017-01-14 22:20:51 +00:00
Lorenzo
ffefce9e25 Shut down after update only if it's a template. 
As per discussion in
https://github.com/QubesOS/qubes-issues/issues/2555#issuecomment-271415169
 2017-01-14 13:11:27 +00:00
Marek Marczykowski-Górecki
bb71ddd8cd
Merge remote-tracking branch 'origin/pr/86' 
* origin/pr/86:
  archlinux: fix community repositories URL
 2017-01-04 23:13:57 +01:00
Marek Marczykowski-Górecki
12231dab4a
Merge remote-tracking branch 'origin/pr/85' 
* origin/pr/85:
  comment
 2017-01-04 23:13:24 +01:00
Olivier MEDOC
d8599d45ba archlinux: fix community repositories URL 2016-12-28 09:00:38 +01:00
Marek Marczykowski-Górecki
63e02a1340
Merge remote-tracking branch 'qubesos/pr/32' 
* qubesos/pr/32:
  Copied needed sources to build root
 2016-12-25 20:44:17 +01:00
Nicklaus McClendon
d1faba7d03
Copied needed sources to build root 2016-12-25 13:33:39 -05:00
Patrick Schleizer
3cc1a855dc comment 2016-12-21 00:15:12 +01:00
Andrew David Wong
cc7d3fc925
Update Xen bug count in sudoers comment 
Closes QubesOS/qubes-issues#2480
 2016-12-04 16:29:01 -08:00
Marek Marczykowski-Górecki
fb8c356216
version 3.2.15 2016-12-04 22:39:01 +01:00
Marek Marczykowski-Górecki
a9e7f91ca6
Fix detection of dom0 updates 
dnf stdout messages differ from yum. Handle this particular difference
(info about last metadata check time), but in addition properly use its
exit code - 0 means no updates, 100 means some updates.

Fixes QubesOS/qubes-issues#2096
 2016-12-04 22:37:17 +01:00
Marek Marczykowski-Górecki
bb53619d3d
version 3.2.14 2016-12-04 21:57:10 +01:00
Marek Marczykowski-Górecki
7c18322ffa
Merge remote-tracking branch 'qubesos/pr/27' 
* qubesos/pr/27:
  v2: (vm) qvm-move-to-vm: don't "rm -rf" vm name argument
 2016-12-04 21:56:11 +01:00
Marek Marczykowski-Górecki
09870c7d80
travis: drop debootstrap workaround 
Move to qubes-builder
 2016-12-04 21:28:13 +01:00
Rusty Bird
0d243250f2
v2: (vm) qvm-move-to-vm: don't "rm -rf" vm name argument 
Fixes QubesOS/qubes-issues#2472 from commit
3f600d03fa
 2016-12-04 16:50:59 +00:00
Marek Marczykowski-Górecki
41e3d591ef
Merge remote-tracking branch 'qubesos/pr/25' 
* qubesos/pr/25:
  Add systemd override for haveged in xenial and stretch. (#2161) Reenable haveged.service after debian package installation

Fixes QubesOS/qubes-issues#2161
 2016-11-28 15:02:32 +01:00
Marek Marczykowski-Górecki
938d184ef4
version 3.2.13 2016-11-18 01:59:25 +01:00
Marek Marczykowski-Górecki
a69acdabbf
Merge remote-tracking branch 'qubesos/pr/24' 
* qubesos/pr/24:
  Initialize home_volatile for disposable VMs.
 2016-11-17 09:33:02 +01:00
Marek Marczykowski-Górecki
dbcd3e5f0a
Write random seed directly to /dev/urandom 
Don't store it in some variable, as may contain non-ASCII or control
characters (or starts with '-').
 2016-11-17 09:30:49 +01:00
Marek Marczykowski-Górecki
cc2fb303cb
Merge remote-tracking branch 'origin/pr/84' 
* origin/pr/84:
  fix reload_random_seed error handling
 2016-11-17 09:30:14 +01:00
unman
58febd6d20
Add systemd override for haveged in xenial and stretch. (#2161) 
Reenable haveged.service after debian package installation
 2016-11-14 02:33:20 +00:00
Patrick Schleizer
b1f418ca76 fix reload_random_seed error handling 
https://github.com/QubesOS/qubes-core-agent-linux/pull/21#pullrequestreview-8302473
 2016-11-13 23:37:49 +01:00
Manuel Amador (Rudd-O)
6ca10b42eb Initialize home_volatile for disposable VMs. 2016-11-13 21:20:46 +00:00
Marek Marczykowski-Górecki
3050852cbb
Prefer powerpill to update Archlinux VM 
This is the recommended way to connect through update proxy.
 2016-11-12 22:30:37 +01:00
Marek Marczykowski-Górecki
6ba1d2ff78
Ask to shutdown the template after performing update 
Fixes QubesOS/qubes-issues#2431
 2016-11-12 22:27:20 +01:00
Marek Marczykowski-Górecki
7fa4115aba
Refactor qubes.InstallUpdatesGUI to reduce code duplication 
QubesOS/qubes-issues#2431
 2016-11-12 22:21:42 +01:00
Jean-Philippe Ouellet
0fb3e503d3
Keep Makefile DRY 2016-11-10 06:49:01 -05:00
Marek Marczykowski-Górecki
696a0918d5
Revert "network: disable proxy_arp" 
Proxy ARP apparently is still needed for HVMs.
This reverts commit fa8b05a83c.

Fixes QubesOS/qubes-issues#1421
 2016-10-30 20:42:00 +01:00
Marek Marczykowski-Górecki
a6658bc329
Merge remote-tracking branch 'qubesos/pr/22' 
* qubesos/pr/22:
  Invert logic of SKIP_SIGNING.
 2016-10-28 14:10:18 +02:00
Marek Marczykowski-Górecki
f47fe7cd76
Merge remote-tracking branch 'qubesos/pr/21' 
* qubesos/pr/21:
  Clean up specfile unit activation aspect.
  Fix VM settings running while / is readonly.
  Invert logic of systemd_version_changed.
 2016-10-28 14:09:50 +02:00
Manuel Amador (Rudd-O)
251ecbd529 Clean up specfile unit activation aspect. 
Up until today, Qubes OS would insist on either masking or disabling
or activating units that should get their state properly changed
but only on first package install (when the template is built).

This commit adds the possibility of having two types of unit presets:

* Initial presets: these are only changed state during first package
  installs.
* Upgrade presets: these get their state changed during first
  package installs as well as during upgrades.

All the maintainer has to do is abide by the instructions in the
preset file.  Nothing else is necessary.

Namely, this allows users to enable SSHD on their templates or
standalone VMs and still keep it enabled even after the
qubes-core-vm-systemd package is upgraded.

Matt really wanted that, and so did I, so now we can do it!

:-)
 2016-10-28 08:35:36 +00:00
Manuel Amador (Rudd-O)
6189801cff Invert logic of SKIP_SIGNING. 2016-10-28 05:22:39 +00:00
Manuel Amador (Rudd-O)
d15696ebef Fix VM settings running while / is readonly. 2016-10-28 05:21:40 +00:00
Manuel Amador (Rudd-O)
60adadff73 Invert logic of systemd_version_changed. 2016-10-28 05:02:53 +00:00
Marek Marczykowski-Górecki
014a706113
Merge remote-tracking branch 'qubesos/pr/21' 
* qubesos/pr/21:
  Better private.img size management.
  Clean up early initialization and setup of /rw
 2016-10-27 01:32:25 +02:00
Manuel Amador (Rudd-O)
40db82a79f Better private.img size management. 2016-10-26 12:59:50 +00:00
Manuel Amador (Rudd-O)
59aec8e5eb Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
Manuel Amador (Rudd-O)
87ebd2e157 Make signing optional for testing, and add program checks. 2016-10-23 19:48:15 +00:00
Marek Marczykowski-Górecki
3b65f98db8
version 3.2.12 2016-10-18 15:55:40 +02:00
Marek Marczykowski-Górecki
b7c7b4ad52
Merge remote-tracking branch 'qubesos/pr/20' 
* qubesos/pr/20:
  Eliminate race condition with qubes-setup-dnat-to-ns

Fixes QubesOS/qubes-issues#1067
 2016-10-17 21:12:39 +02:00
unman
1b58c7602f
Remove entry in changelog as version not bumped 2016-10-16 22:24:38 +01:00
unman
f04712cf02
Revert version and correct unit files 2016-10-16 13:39:01 +01:00
unman
da82d93780
use bind-dirs to handle crontab persistence 2016-10-16 01:14:02 +01:00
Rudd-O
b7d8d66bb1 Eliminate race condition with qubes-setup-dnat-to-ns 
qubes-setup-dnat-to-ns is called multiple times during boot.  Of particular interest are the two invocations done by:

1. `/usr/lib/qubes/init/network-proxy.setup.sh` (`qubes-network.service`)
2. `/usr/lib/qubes/init/misc-post.sh` (`qubes-misc-post.service`)

These can, and do often, run in parallel.  Often enough that the `PR-QBS` `nat` chain can end up with eight rules instead of four, or (worse) zero rules.

This commit represents the proper boot ordering of these services, where the post startup *must* happen after Qubes has already started its iptables, firewall, network setup and netwatcher.

This eliminates the race.
 2016-10-12 15:19:46 +00:00