Zaoqi
0dfd135d02
fix https://github.com/QubesOS/qubes-issues/issues/5619
2020-02-05 13:18:43 +08:00
Rusty Bird
686673e1fd
misc/qubes-run-gnome-terminal: slightly restrict pattern
2020-01-31 16:34:04 +00:00
Rusty Bird
9d9ef25b05
misc/qubes-run-gnome-terminal: avoid external utility (grep)
...
Shave off a few milliseconds.
2020-01-31 16:34:03 +00:00
Marek Marczykowski-Górecki
076275c154
version 4.1.8
2020-01-28 21:44:36 +01:00
Marek Marczykowski-Górecki
1e12b87086
Merge remote-tracking branch 'origin/pr/210'
...
* origin/pr/210:
Add /etc/qubes/applications override, use it for gnome-terminal
Add qubes-run-gnome-terminal utility that uses --wait
2020-01-28 21:44:23 +01:00
Marek Marczykowski-Górecki
1ae97ac2fc
travis: install also python xdg module
2020-01-28 04:22:12 +01:00
Marek Marczykowski-Górecki
44e041e271
travis: include PyGTK setup
...
Installing PyGTK requires actual GTK system package. The easiest way for
that is using system site-packages - and this means matching Python
version with the Travis environment (Ubuntu bionic).
2020-01-28 04:22:11 +01:00
Pawel Marczewski
3a6e77aa43
Add /etc/qubes/applications override, use it for gnome-terminal
...
Used by qubes.StartApp so that we can override distribution-provided
.desktop files. The mechanism is introduced to run gnome-terminal
with --wait option, so that it's compatible with DispVMs.
Fixes QubesOS/qubes-issues#2581 .
2020-01-27 14:05:55 +01:00
Pawel Marczewski
943f37b481
Add qubes-run-gnome-terminal utility that uses --wait
2020-01-27 12:11:48 +01:00
Marek Marczykowski-Górecki
c7060bb97a
Merge remote-tracking branch 'origin/pr/209'
...
* origin/pr/209:
firewall: drop INVALID state TCP packets
2020-01-27 05:37:28 +01:00
Marek Marczykowski-Górecki
142e220c7d
Merge remote-tracking branch 'origin/pr/208'
...
* origin/pr/208:
Advertise qubes.VMExec support as a feature
Install faster console scripts for Python code
Add qubes.VMExec call, for running a single command
2020-01-27 05:36:02 +01:00
Pawel Marczewski
63d8065e4f
firewall: drop INVALID state TCP packets
...
Packets detected as INVALID are ignored by NAT, so if they are not
dropped, packets with internal source IPs can leak to the outside
network.
See:
https://bugzilla.netfilter.org/show_bug.cgi?id=693
http://www.smythies.com/~doug/network/iptables_notes/
Fixes QubesOS/qubes-issues#5596 .
2020-01-24 19:01:00 +01:00
Pawel Marczewski
9db6e4e2cc
Advertise qubes.VMExec support as a feature
2020-01-24 18:45:17 +01:00
Pawel Marczewski
6fb58fdd9c
Install faster console scripts for Python code
...
Same as in qubes-core-admin.
2020-01-24 18:45:16 +01:00
Pawel Marczewski
738548a8e4
Add qubes.VMExec call, for running a single command
...
With a VMExecGUI variant that waits for a session.
See QubesOS/qubes-issues#4850 .
2020-01-24 18:44:45 +01:00
Marek Marczykowski-Górecki
3c1de3b4f4
Merge remote-tracking branch 'origin/pr/207'
...
* origin/pr/207:
qubes-run-terminal: use gnome-terminal --wait, if supported
2020-01-24 01:53:33 +01:00
Pawel Marczewski
6f4d6dc9bb
qubes-run-terminal: use gnome-terminal --wait, if supported
...
Fixes QubesOS/qubes-issues#4606 .
2020-01-23 11:51:56 +01:00
Marek Marczykowski-Górecki
c997008e2f
version 4.1.7
2020-01-17 05:12:04 +01:00
AJ Jordan
52d1051137
Fix typo
2020-01-16 14:12:01 -05:00
Marek Marczykowski-Górecki
3adec4b952
Merge remote-tracking branch 'origin/pr/205'
...
* origin/pr/205:
qubes-session-autostart: handle error when reading a directory
2020-01-16 04:25:00 +01:00
Marek Marczykowski-Górecki
d2087c5abf
Merge remote-tracking branch 'origin/pr/203'
...
* origin/pr/203:
Added "QubesIncoming" shortcut to Nautilus
2020-01-16 04:24:07 +01:00
Marek Marczykowski-Górecki
f40c4ea9eb
Merge remote-tracking branch 'origin/pr/201'
...
* origin/pr/201:
update_connected_ips: set iptables policy to drop while updating
update_connected_ips: reload nftables using one command
get_connected_ips: handle empty and missing keys, add tests
update_connected_ips: correctly handle byte-string
firewall: fix family / family_name
qubes-firewall: correctly handle empty connected-ips list
Update tests for anti-spoofing, add test for the method itself
Update rule priorities for anti-spoofing
Update firewall tests
qubes-firewall: add anti-spoofing rules for connected machines
2020-01-16 04:22:03 +01:00
Pawel Marczewski
22a309d154
qubes-session-autostart: handle error when reading a directory
...
Fixes QubesOS/qubes-issues#5043 .
2020-01-15 11:20:21 +01:00
Pawel Marczewski
e6eee9f4e0
update_connected_ips: set iptables policy to drop while updating
2020-01-14 11:46:23 +01:00
Pawel Marczewski
a12e72b89c
update_connected_ips: reload nftables using one command
...
Get rid of race condition between flushing the chains
and adding new rules.
2020-01-14 10:46:51 +01:00
Pawel Marczewski
4aace50313
get_connected_ips: handle empty and missing keys, add tests
2020-01-14 10:23:41 +01:00
Pawel Marczewski
e43fd2fc5a
update_connected_ips: correctly handle byte-string
2020-01-14 10:14:00 +01:00
Pawel Marczewski
39885a4329
firewall: fix family / family_name
2020-01-13 16:47:49 +01:00
Marta Marczykowska-Górecka
fd6e551ebe
Added "QubesIncoming" shortcut to Nautilus
...
A small script will add the QubesIncoming shortcut to Nautilus file pane
on the first use of qvm-copy to a given VM. The shortcut will not be recreated if
deleted.
fixes QubesOS/qubes-issues#2229
2020-01-13 16:45:41 +01:00
Pawel Marczewski
00fbb956b4
qubes-firewall: correctly handle empty connected-ips list
2020-01-13 14:43:05 +01:00
Frédéric Pierret (fepitre)
eac2e79483
travis: switch to dom0 Fedora 31
...
QubesOS/qubes-issues#5529
2020-01-11 11:38:27 +01:00
Pawel Marczewski
860a07166b
Update tests for anti-spoofing, add test for the method itself
2020-01-10 09:19:40 +01:00
Pawel Marczewski
cd19073d50
Update rule priorities for anti-spoofing
2020-01-10 09:19:32 +01:00
Pawel Marczewski
c1d8d7bce1
Update firewall tests
2020-01-09 18:42:14 +01:00
Pawel Marczewski
bfe31cfec8
qubes-firewall: add anti-spoofing rules for connected machines
...
qubes-firewall will now blacklist IP addresses from all connected
machines on non-vif* interfaces. This prevents spoofing source or
target address on packets going over an upstream link, even if
a VM in question is powered off at the moment.
Depends on QubesOS/qubes-core-admin#303 which makes admin maintain
the list of IPs in qubesdb.
Fixes QubesOS/qubes-issues#5540 .
2020-01-09 18:25:08 +01:00
Marek Marczykowski-Górecki
cc68f165bc
Merge remote-tracking branch 'origin/pr/199'
...
* origin/pr/199:
qubes.GetAppmenus: handle home directory properly in case of sudo
Silence shellcheck
GetAppmenus: ensure right app directories
2020-01-09 01:38:12 +01:00
Pawel Marczewski
418a5ec6e3
qubes.GetAppmenus: handle home directory properly in case of sudo
2020-01-08 17:05:32 +01:00
Pawel Marczewski
2df17a4790
Silence shellcheck
...
See https://github.com/koalaman/shellcheck/wiki/SC1090
2020-01-08 10:29:36 +01:00
Marek Marczykowski-Górecki
cf2c91bc79
Merge remote-tracking branch 'origin/pr/200'
...
* origin/pr/200:
Make the file copy operation respect default_user
2020-01-08 02:21:59 +01:00
Pawel Marczewski
e78edba725
Make the file copy operation respect default_user
...
Previously, both file path and username were hardcoded.
Fixes QubesOS/qubes-issues#5385 .
2020-01-07 16:54:19 +01:00
Pawel Marczewski
552b6de862
GetAppmenus: ensure right app directories
...
The script depends on XDG_DATA_DIRS environment variable
being set up correctly, which is not the case when it is
running under sudo. As a result, a post-install trigger
for apt could remove application entries from other sources
(Snap, Flatpak).
Fixes QubesOS/qubes-issues#5477 .
2020-01-07 15:45:05 +01:00
Pawel Marczewski
03621e5792
StartApp: remove workaround for .desktop suffix
...
The workaround is no longer necessary, and it breaks when
the app name itself contains .desktop (such as org.telegram.desktop).
Fixes QubesOS/qubes-issues#5408 .
2020-01-07 13:06:57 +01:00
Patrick Schleizer
b20373213d
console=hvc0 must be last
...
https://github.com/QubesOS/qubes-issues/issues/5490#issuecomment-562263712
2019-12-07 16:56:53 +00:00
Marek Marczykowski-Górecki
1b28fcd4f1
Do not load u2mfn module anymore
...
It isn't used in Qubes R4.1 anymore
QubesOS/qubes-issues#4280
2019-12-03 13:55:49 +01:00
Jonas DOREL
281d1a5776
Mention Update Proxy in configuration
...
This makes it easier to understand why this configuration is present.
2019-12-01 13:41:54 +01:00
Marek Marczykowski-Górecki
a279b08e3f
version 4.1.6
2019-11-13 06:06:40 +01:00
Marek Marczykowski-Górecki
01aa61521b
Merge remote-tracking branch 'origin/pr/192'
...
* origin/pr/192:
vm-file-editor: drop old wait-for-session mechanism
qubes.WaitForSession: refactor by waiting for qrexec-fork-server socket
2019-11-13 05:43:55 +01:00
Frédéric Pierret (fepitre)
71ef524dec
vm-file-editor: drop old wait-for-session mechanism
2019-11-11 16:08:28 +01:00
Otto Sabart
b9d3e87438
archlinux: fix proxy setting in XferCommand
...
Starting from pacman v5.2.0 there is a problem with updating/installing
new packages:
$ pacman -Sy
...
debug: running command: ALL_PROXY=http://127.0.0.1:8082/ /usr/bin/curl -C - -f https://gluttony.sin.cvut.cz/arch/core/os/x86_64/core.db > /var/lib/pacman/sync/core.db.part
warning: running XferCommand: fork failed!
...
The problem is caused by change in pacman "run XferCommand via exec" [0].
Refs.:
- [0] https://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558ee
- [1] https://github.com/QubesOS/qubes-issues/issues/5443
2019-11-04 10:18:20 +01:00
Frédéric Pierret (fepitre)
a44e73900e
qubes.WaitForSession: refactor by waiting for qrexec-fork-server socket
2019-11-02 23:11:32 +01:00