Stop IP forwarding when stopping qubes-network service (which initially
enables it). This makes ordering against qubes-firewall safe - firewall
is applied before allowing IP forward and then is removed when IP
forward is already disabled.
FixesQubesOS/qubes-issues#5599
fsck may require significant amount of RAM, enable swap earlier to avoid
out of memory condition. Implement this as a separate service unit, not
a swap unit, because the latter requires udev running (implicit
dependency on dev-xvdc1.device) which is not the case before remounting
root filesystem read-write.
QubesOS/qubes-issues#6174
* origin/pr/236:
qvm-template: Add qubes.Template{Search,Download} files to the package.
qubes.Template*: Add --refresh option and allow DNF cache to be used.
qubes.Template*: Invoke curl with --silent.
qubes.Template*: Change separator from : to | and include additional metadata.
Fix shell quoting.
Remove repofrompath.
New qrexec calls for interacting with template repos.
* origin/pr/184:
Add services for paranoid backup restore mode
qfile-unpacker: add option (-w) to wait for disk space before extracting
tar2qfile: fix argument parser
qfile-unpacker: add option for custom user and target directory
* origin/pr/239:
xendriverdomain: remove placeholder for sbinpath
Fix regex in qubes-fix-nm-conf.sh
Update travis
xendriverdomain: remove Requires and After proc-xen.mount
Drop legacy xen entry in fstab
Add a pair of services:
1. qubes.RegisterBackupLocation - called by dom0, registers what backup
location (including both file and command options) can be accessed.
Registered location gets an ID returned to the caller. The location (and
its ID) is valid as long as the service call remains open.
2. qubes.RestoreById - called by restoring DispVM to retrieve the backup
content. The service expects location ID as an argument, and then list
of files/directories (separated with spaces) on the first line of stdin.
This is very similar to qubes.Restore service, with exception for the
archive location control.
QubesOS/qubes-issues#5310
The whole distutils module is a legacy thing in python3. Specifically,
most of it is not installed in Debian by default (there is only
distutils.version). Depending on python3-distutils is problematic, as
it's availability varies between Debian versions.
Instead of fighting with special cases in dependencies, replace the
whole thing with non-legacy shutil.which() (available since Python 3.3).
This specifically fixes qvm-console-dispvm tool, which uses
qubes.ShowInTerminal to show the actual console. This service uses
xterm, so it needs X session running already.
FixesQubesOS/qubes-issues#5805
In Red Hat based distributions, there is no pam-configs like
mechanism (authselect seems too heavy and is not configured by
default), so instead, we replace the PAM file.
Enable su for users in the qubes group, same as in the Debian
package.
The "qubes-sysinit: set GUI_OPTS in gui-agent-linux" commit breaks
gui-agent-linux lacking its counterpart. Express this in the package
metadata.
QubesOS/qubes-issues#5662
Used by qubes.StartApp so that we can override distribution-provided
.desktop files. The mechanism is introduced to run gnome-terminal
with --wait option, so that it's compatible with DispVMs.
FixesQubesOS/qubes-issues#2581.
A small script will add the QubesIncoming shortcut to Nautilus file pane
on the first use of qvm-copy to a given VM. The shortcut will not be recreated if
deleted.
fixesQubesOS/qubes-issues#2229