Commit Graph

515 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
c227b8672b
rpm: drop useless circular dependency
qubes-core-agent depends on -qrexec, there is no need for the opposite
dependency. In fact one of the reasons for the package split was to
allow installing just -qrexec package.
2018-11-13 03:44:56 +01:00
Marek Marczykowski-Górecki
3fe42d4a27
rpm, deb: add strict version dependency between qubes-core-agent-* pkgs
Base qubes-core-agent package have common files used by various
subpackages. It is important to update them at the same time, otherwise
for example python stubs in /usr/bin/* (like qubes-firewall) will not
match actual python modules.

Fixes QubesOS/qubes-issues#4499
2018-11-13 03:42:24 +01:00
Marek Marczykowski-Górecki
f604d76ed4
Merge remote-tracking branch 'origin/pr/140'
* origin/pr/140:
  spec: require 'hostname' as newer Fedora as moved out the dependency of initscripts into its network subpackage
2018-10-23 23:21:14 +02:00
Frédéric Pierret
bf42fe0aef spec: require 'hostname' as newer Fedora as moved out the dependency of initscripts into its network subpackage 2018-10-22 14:44:55 +02:00
Marek Marczykowski-Górecki
0c5b52f467
rpm: fix building on fc29
- add BR: gcc
 - name python2 macros explicitly

QubesOS/qubes-issues#4223
2018-10-09 06:15:48 +02:00
Marek Marczykowski-Górecki
e816a4600a
rpm: add workaround for Fedora's systemd package bug
https://bugzilla.redhat.com/1559286

Fixes QubesOS/qubes-issues#3983
2018-09-13 03:34:19 +02:00
Marek Marczykowski-Górecki
7667b0dc16
rpm: use build flags provided by the distribution
Among other things, this enable various hardening options.

QubesOS/qubes-issues#2259
2018-08-01 03:08:50 +02:00
Marek Marczykowski-Górecki
f4c10d47da
Convert /usr/local from a symlink to a mount point on upgrade
Fixes QubesOS/qubes-issues#1150
2018-07-11 15:27:34 +02:00
Marek Marczykowski-Górecki
4a7d3515d0
rpm: add R: tar, for qubes-dom0-update
Fixes QubesOS/qubes-issues#4032
2018-07-02 22:25:45 +02:00
Marek Marczykowski-Górecki
886b674620
rpm: add BR: systemd for pre/post install macros
Fixes QubesOS/qubes-issues#3926
2018-05-25 22:54:20 +02:00
Marek Marczykowski-Górecki
4a8b10ea8b
Drop leftovers of qubes-netwatcher service
Fixes QubesOS/qubes-issues#1242
2018-05-24 17:38:12 +02:00
Marek Marczykowski-Górecki
4329eab307
Require dconf utility to (re)build /etc/dconf/db/local
Some applications complains if compiled version of dconf database is
missing ("dconf-WARNING **: unable to open file '/etc/dconf/db/local':
Failed to open file '/etc/dconf/db/local': open() failed: No such file
or directory; expect degraded performance").
There is only one entry in that database, but generate its binary
version anyway to avoid that warning message.

The dconf call is already included in package scripts, now only make
sure the utility is really installed.

QubesOS/qubes-issues#1951
2018-05-02 03:02:07 +02:00
Marek Marczykowski-Górecki
23250f84b2
Create /etc/dconf/profile/user dynamically, if not present
The /etc/dconf/profile/user file in some distributions is part of dconf
package, in some not. There are even cases where it changes between
package versions (Fedora 27 don't have it, but Fedora 28 do).
Also, base Debian Stretch don't have it, but Kali Linux based on it do.

To avoid overly complex dependency handling, create the file dynamically
on package installation if it's missing in that particular case. The
file content is canonical:

    user-db:user
    system-db:local

Fixes QubesOS/qubes-issues#3834
2018-05-02 02:57:37 +02:00
Marek Marczykowski-Górecki
d25ecb4e40
Fix packaging: 'user' group, BACKEND_VMM var
- BACKEND_VMM may not be available as env variable (mock build), provide
it explicitly
- 'user' group may not exists at package build time, set it at package
installation
2018-05-01 17:34:52 +02:00
Marek Marczykowski-Górecki
c29cc4c270
centos: exclude only dconf user profile, keep dpi config 2018-05-01 15:17:39 +02:00
Frédéric Pierret
506848a77c
Use %{python3_pkgversion} instead of duplicating python3 targets 2018-04-21 12:00:34 +02:00
Frédéric Pierret
a34b9abde4
Add missing python-setuptools dependency 2018-04-21 11:45:43 +02:00
Marek Marczykowski-Górecki
7fa3c51fd2
Merge remote-tracking branch 'qubesos/pr/108'
* qubesos/pr/108:
  spec.in: fix %if expressions and remove useless conditions
  spec.in: add changelog placeholder
  Remove _builddir
  Create .spec.in and Source0
2018-04-06 02:07:53 +02:00
Marek Marczykowski-Górecki
a33c7e10ba
Merge remote-tracking branch 'qubesos/pr/105'
* qubesos/pr/105:
  Add misc/qubes-run-terminal to launch any available terminal emulator
2018-04-06 02:06:16 +02:00
Frédéric Pierret
6036f1f65b
spec.in: fix %if expressions and remove useless conditions 2018-04-04 17:27:57 -04:00
Frédéric Pierret
59fa7efcc3
spec.in: add changelog placeholder 2018-04-03 21:38:13 +02:00
Marek Marczykowski-Górecki
4a7c668549
Move 'qubesxdg' into qubesagent python package
Since we have proper python package, use it instead of hacky one-file
package. This will ease installation and packaging, including switching
to python3.
2018-04-02 23:19:01 +02:00
Frédéric Pierret
e5cf780dbd
Remove _builddir 2018-04-01 11:37:23 +02:00
Frédéric Pierret
1c24968318
Create .spec.in and Source0 2018-04-01 11:35:33 +02:00
Davíð Steinn Geirsson
d6d8d25345
Add misc/qubes-run-terminal to launch any available terminal emulator 2018-03-28 13:23:35 +00:00
Marek Marczykowski-Górecki
ddbd24a815
Merge remote-tracking branch 'qubesos/pr/97'
* qubesos/pr/97:
  centos: fix conflict with dconf
2018-02-22 21:32:49 +01:00
Marek Marczykowski-Górecki
eacd069bf4
Merge remote-tracking branch 'qubesos/pr/93'
* qubesos/pr/93:
  Call qubes.PostInstall service to notify dom0 about all apps/features
  Drop Fedora < 22 support
2018-02-22 21:28:32 +01:00
Frédéric Pierret
39cb5888f8
centos: fix conflict with dconf 2018-02-21 19:12:57 +01:00
Marek Marczykowski-Górecki
e02d5f1725
rpm: adjust dependencies 2018-02-20 00:27:33 +01:00
Marek Marczykowski-Górecki
f38e204aa7
Drop Fedora < 22 support
yum actions no longer relevant
2018-02-13 17:04:59 +01:00
Rusty Bird
ce1f0af216
Set 'wait-for-session=1' for 'qubes.VMShell+WaitForSession'
This is intended to be used for DispVMs for which only a single RPC call
can be made before they are destroyed.

Fixes QubesOS/qubes-issues#3012
2018-01-14 19:20:58 +00:00
Marek Marczykowski-Górecki
7ecb74ae3b
Disable automatic scaling in GNOME/GTK applications
GNOME automatically set scaling factor to 2 when HiDPI is detected.
Unfortunately it does it also on not really HiDPI displays, making the
whole UI unusably large. There is no middle ground - scaling factor must
be integer, so 1.5 is not supported. Lets opt on a conservative side and
fallback to scaling factor 1.

Solution by @alyssais, thanks!
Fixes QubesOS/qubes-issues#3108
2018-01-12 06:00:18 +01:00
Marek Marczykowski-Górecki
d4f6eb1f4a
Install KDE actions for KDE5
Fixes QubesOS/qubes-issues#3449
2018-01-09 17:42:21 +01:00
Marek Marczykowski-Górecki
1651866aa2
Merge remote-tracking branch 'qubesos/pr/72'
* qubesos/pr/72:
  Fix UCA mistake and qvm-actions script
  Fix ShellCheck comments
  Add debian package support
  Disable Thunar thumbnails
  Add support for Thunar Qubes VM tools
2017-12-13 19:47:16 +01:00
Marek Marczykowski-Górecki
715693b93d
network: IPv6-enabled firewall
If IPv6 is configured in the VM, and it is providing network to others,
apply IPv6 firewall similar to the IPv4 one (including NAT for outgoing
traffix), instead of blocking everything. Also, enable IP forwarding for
IPv6 in such a case.

Fixes QubesOS/qubes-issues#718
2017-12-07 01:41:55 +01:00
Marek Marczykowski-Górecki
414f944cf9
Disable cups-browsed service together with cups
It tries to connect to cups every second and doesn't do anything else
when cups is disabled. So disable (or enable) both of them at the same
time.
2017-12-05 17:58:35 +01:00
Rusty Bird
c3b2aeb289
Add iptables dep to qubes-core-agent-networking RPM spec
Only the Debian package had declared the dependecy. And apparently,
fedora-26-minimal does not include the iptables package by default
anymore.
2017-11-19 15:48:32 +00:00
Frédéric Pierret
82656bb5df
Disable Thunar thumbnails 2017-11-18 13:19:41 +01:00
Frédéric Pierret
0fd109b8f1
Add support for Thunar Qubes VM tools 2017-11-18 13:19:40 +01:00
Marek Marczykowski-Górecki
1ed6e614ab
Resize root filesystem at VM startup if needed
Check if root device was enlarged while domain was powered off and
resize the filesystem in such a case.

QubesOS/qubes-issues#3173
QubesOS/qubes-issues#3143
2017-10-18 21:02:15 +02:00
Marek Marczykowski-Górecki
d8a2b8c375
Add support for new root volume partition layout to qubes.ResizeDisk
If root filesystem is the last partition (new layout), resize it
in-place. Use 'parted' tool because it can resize just one partition,
without need to specify the whole new partition table. Since the
partition is mounted, parted is unhappy to modify it. Force it by
answering to its interactive prompts, and add (apparently not
documented) ---pretend-input-tty to use those answers even
though stdin is not a tty. Split the operation into multiple parted
calls, for more reliable interactive prompts handling.

Qubes 3.x disk layout (no partition table) is also supported, but the
one that was used in Qubes 4.0 rc1 (root filesystem as the first
partition) is not.

Fixes QubesOS/qubes-issues#3173
QubesOS/qubes-issues#3143
2017-10-18 19:53:48 +02:00
Marek Marczykowski-Górecki
486f17ec2d
Add convenient wrappers for qvm-copy-to-vm and qvm-move-to-vm
Default `ask` policy ignore target domain specified by the caller, so it
doesn't make sense to specify one. Provide convenient wrappers not
needing one. Do not change behaviour of existing tools for compatibility
reasons.

Fixes QubesOS/qubes-issues#3141
2017-10-02 05:14:49 +02:00
Marek Marczykowski-Górecki
d332a43f6a
centos: add package signing key, setup repository 2017-09-30 02:06:53 +02:00
Frederic Pierret (Epitre)
08bfc8bbac
Add CENTOS/RHEL support (drop fedora-release dependancy as template builder will install it anyway and here it only make harder to support non-fedora builds) 2017-09-07 16:38:13 +02:00
Marek Marczykowski-Górecki
c5fae6ac55
qubes-rpc: add 'wait-for-session=1' option for some services
Configure selected services to wait until GUI session is available.

QubesOS/qubes-issues#2974
2017-08-09 00:58:49 +02:00
Marek Marczykowski-Górecki
5ecd51dab7
document /etc/qubes/rpc-config
QubesOS/qubes-issues#2974
2017-08-09 00:58:48 +02:00
Marek Marczykowski-Górecki
3e6881f59f
Merge remote-tracking branch 'qubesos/pr/47'
* qubesos/pr/47:
  minor amends to clock synchronization
  clock synchronization rewrite
2017-07-12 10:38:34 +02:00
Marek Marczykowski-Górecki
22f74641da
rpm: add services enabling/disabling logic
Since some systemd services are moved to other packages, appropriate
%post/%preun should contain the code to enable/disable them.

Fixes QubesOS/qubes-issues#2894
2017-07-11 20:21:56 +02:00
Marta Marczykowska-Górecka
f55412cd1e
clock synchronization rewrite
clock synchronization mechanism rewritten to use systemd-timesync instead of NtpDate; at the moment, requires:
- modifying /etc/qubes-rpc/policy/qubes.GetDate to redirect GetDate to designated clockvm
- enabling clocksync service in clockvm ( qvm-features clockvm-name service/clocksync true )

Works as specified in issue listed below, except for:
- each VM synces with clockvm after boot and every 6h
- clockvm synces time with the Internet using systemd-timesync
- dom0 synces itself with clockvm every 1h (using cron)

fixes QubesOS/qubes-issues#1230
2017-07-06 23:37:26 +02:00
Marek Marczykowski-Górecki
626d20b5c2
rpm: do not mess with locales in post-install script
It should be up to the base Fedora packages to setup locales correctly.
Additionally, locale sources may not be installed at all.
2017-07-05 13:02:36 +02:00
Marek Marczykowski-Górecki
3af55c5cb3
qrexec: use PAM directly instead of calling su to setup the session
Instead of calling 'su' to switch the user, use own implementation of
this. Thanks to PAM it's pretty simple. The main reason is to have
control over process waiting for session termination (to call
pam_close_sesion/pam_end). Especially we don't want it to keep std* fds
open, which would prevent qrexec-agent from receiving EOF when one of
them will be closed.
Also, this will preserve QREXEC_AGENT_PID environment variable.

Fixes QubesOS/qubes-issues#2851
2017-07-05 02:17:43 +02:00
Marek Marczykowski-Górecki
68d98179f0
Do not load 'dummy-hcd' kernel module
It isn't really needed. It was used to workaround libusb bug (causing
crash when the system does not have any USB controller), but since we
use HVM now which do have some USB controllers it isn't needed anymore.

Also, it is not available in stock Fedora kernels.
2017-07-05 00:20:57 +02:00
Marek Marczykowski-Górecki
ff26dcfe53
Add qrexec-client-vm man page
This clarifies and also defines some corner cases like exit code
reporting.

QubesOS/qubes-issues#2861
2017-06-21 11:21:40 +02:00
Marek Marczykowski-Górecki
cfbd50a936
debian: install man pages
Man pages were installed only in RPM package...
2017-06-21 11:21:40 +02:00
Marek Marczykowski-Górecki
f4be704ac0
Ship Qubes 4.0 repository definition and keys 2017-06-14 10:45:43 +02:00
Marek Marczykowski-Górecki
2a117548b6
Ship grub configuration
Qubes VM require few config options in grub. Ship appropriate
configuration. Debian have grub.d support, so it can be done cleanly.
On Fedora, /etc/default/grub needs to be modified. Still keep the
options in separate file, but include it manually from
/etc/default/grub.

QubesOS/qubes-issues#2577
2017-06-14 10:45:43 +02:00
Marek Marczykowski-Górecki
67f8e9e985
rpm,deb: fix dependencies
1. Cannot Recommend: nftables, as Debian jessie doesn't have it.
2. gsettings tool is in glib, not dconf
2017-06-10 23:15:22 +02:00
Marek Marczykowski-Górecki
7da4ed7d64
Switch qubes.UpdatesProxy to socat
- there are many netcat versions (openbsd, nmap, ...), which behave
 differently - especially while handling EOF
 - Debian jessie doesn't have nmap-ncat (which handle EOFs sufficiently
   good)

QubesOS/qubes-issues#1854
2017-06-10 23:11:01 +02:00
Marek Marczykowski-Górecki
422f03e9ac
Add qubes.VMRootShell service
It is the same as qubes.VMShell - the actual difference is in qrexec
policy, which contains 'user=root' option.

QubesOS/qubes-issues#2572
2017-06-09 23:06:09 +02:00
Marek Marczykowski-Górecki
000a93e001
rpm,deb: split qrexec-agent into separate subpackage
While it doesn't make sense to install qubes-core-agent without qrexec,
it may make sense to do the otherway around - install just
qrexec-agent without all the qrexec services and configuration. For
example on some pre-installed system.

QubesOS/qubes-issues#2771
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
58d21f095f
Remove old vusb scripts
This is unused for a long time (since we've moved to USBIP).
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
32915fe126
deb,rpm: split passwordless root access configs into separate package
Make passwordless root access optional - ease integration qrexec
authorization for sudo.

QubesOS/qubes-issues#2695
2017-06-08 22:11:36 +02:00
Marek Marczykowski-Górecki
8af88d5e3a
rpm: drop dependency on desktop-notification-daemon
It should really be in template builder script, or better: meta-package.

QubesOS/qubes-issues#2572
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
db066888e1
Adjust dependencies for clean upgrade
When a file is moved to other package, the new package needs Replaces:
and Breaks: dependecies on old package. Otherwise dpkg will refuse to
change file ownership.

QubesOS/qubes-issues#2771
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
c8e2c69145
rpm: integrate documentation into main package
QubesOS/qubes-issues#2771
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
7e608a8bb4
Remove DisposableVM savefile related files
In Qubes 4.0 we no longer use two-stage DisposableVM startup.
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
3e7a45b4ac
Split network-related files to -networking and -network-manager packages
This will save a lot of dependencies if networking is not needed in VMs
based on given template. Thanks to updates proxy over qrexec, template
itself do not need to have network configured too.

QubesOS/qubes-issues#2771
2017-06-08 22:11:34 +02:00
Marek Marczykowski-Górecki
3940918c61
rpm: make file list more verbose to ease splitting the package
QubesOS/qubes-issues#2771
2017-06-07 10:15:27 +02:00
Marek Marczykowski-Górecki
72b9f389b2
Split dom0-updates handling into subpackage
In Fedora it makes little sense, but in Debian it allows to avoid a lot
of dependencies. So split in both, to keep it simple.

QubesOS/qubes-issues#2771
2017-06-07 10:15:26 +02:00
Marek Marczykowski-Górecki
f9fd7a1673
Rename qubes-nautilus to qubes-core-agent-nautilus
Again, this will make it easier to reason about package origin.

QubesOS/qubes-issues#2771
2017-06-07 10:15:26 +02:00
Marek Marczykowski-Górecki
029d207311
rpm: rename qubes-core-vm to qubes-core-agent
Rename it to match repository name and the same package in Debian.

QubesOS/qubes-issues#2771
2017-06-07 10:15:21 +02:00
Marek Marczykowski-Górecki
8694931665
Implement qubes.PostInstall service
This is meant to notify dom0 about features supported by just-installed
template. This service is called by dom0 just after template
installation.

Fixes QubesOS/qubes-issues#1637
Documentation pending: QubesOS/qubes-issues#2829
2017-05-26 05:25:30 +02:00
Marek Marczykowski-Górecki
b49ae50ad5
Implement qrexec-based connection to updates proxy
Configure package manager to use 127.0.0.1:8082 as proxy instead of
"magic" IP intercepted later. The listen on this port and whenever
new connection arrives, spawn qubes.UpdatesProxy service call (to
default target domain - subject to configuration in dom0) and connect
its stdin/out to the local TCP connection. This part use systemd.socket
unit in case of systemd, and ncat --exec otherwise.

On the other end - in target domain - simply pass stdin/out to updates
proxy (tinyproxy) running locally.

It's important to _not_ configure the same VM to both be updates proxy and
use it. In practice such configuration makes little sense - if VM can
access network (which is required to run updates proxy), package manager
can use it directly. Even if this network access is through some
VPN/Tor. If a single VM would be configured as both proxy provider and
proxy user, connection would loop back to itself. Because of this, proxy
connection redirection (to qrexec service) is disabled when the same VM
also run updates proxy.

Fixes QubesOS/qubes-issues#1854
2017-05-26 05:25:29 +02:00
Marek Marczykowski-Górecki
f9d6ff89bc
Rename qvm-run to qvm-run-vm
Avoid conflict with qvm-run from qubes-core-admin-client package.
2017-05-23 02:55:31 +02:00
Marek Marczykowski-Górecki
42bc93d8fd
Revert "fedora,debian: update python3-daemon dependency"
This reverts commit 7d8218a1d4.
Follow revert "firewall: switch to python 3"
2017-05-21 02:01:59 +02:00
Marek Marczykowski-Górecki
33da315e17
Revert "firewall: switch to python 3"
This reverts commit 5dfcf06ef4.

python3-daemon isn't widespread enough yet - for Debian jessie available
only in packports.

In addition to the revert itself, adjust packaging for this change
(mostly for Debian).
2017-05-21 02:01:47 +02:00
Marek Marczykowski-Górecki
5047fd9288
debian,fedora: split nautilus integration into separate package
This will allow to avoid a lot of dependencies on minimal template.

QubesOS/qubes-issues#2816
QubesOS/qubes-issues#2771
2017-05-21 01:52:23 +02:00
Marek Marczykowski-Górecki
89183e9944
Ask for target VM for file-copy in dom0
This way:
 - VM prompt do know VM list, the list may be filtered based on policy
 - source VM don't learn name of target VM

Fixes QubesOS/qubes-issues#910
2017-05-20 15:53:03 +02:00
Marek Marczykowski-Górecki
2b76373abc
Remove duplicated 'close' button from titlebar of gnome applications
Dom0 enforce decorations which already contain close button.

Thanks @dzklaim for the solution.
Fixes QubesOS/qubes-issues#2813
2017-05-20 14:44:04 +02:00
Marek Marczykowski-Górecki
7d8218a1d4
fedora,debian: update python3-daemon dependency
qubes-firewall script now use python3.
2017-05-20 14:44:04 +02:00
Marek Marczykowski-Górecki
ce70887a57
Merge branch 'core3-devel' 2017-05-20 14:43:53 +02:00
Marek Marczykowski-Górecki
abf9a5aa43
Apply gschema overrides also to debian, rename according to guidelines
glib-compile-schemas recommend naming override files with nn_ prefix,
where nn is a number. Lets use 20, to allow both higher and lower
priority files.

QubesOS/qubes-issues#1108
2017-05-20 13:47:05 +02:00
Marek Marczykowski-Górecki
5dfcf06ef4
firewall: switch to python 3 2017-05-20 13:20:08 +02:00
Marek Marczykowski-Górecki
22e261f909
Add qubes.StartApp service
A simple service to start application described in .desktop file.
This way, dom0 can completely ignore VM-originated Exec= entry.
2017-05-20 03:48:02 +02:00
Marek Marczykowski-Górecki
d6f305106c
rpm: don't "append" to not existing /etc/yum.conf
When /etc/yum.conf is not present (yum-deprecated not installed), don't
try to append to it. It would result in invalid configuration file -
without any section header, and break yum when installed later.
2017-05-15 03:09:45 +02:00
Marek Marczykowski-Górecki
ee0255b385
debian,fedora: drop gnome-packagekit from dependencies
We don't use it currently - xterm with console updater is used by
default.
2017-04-24 00:17:34 +02:00
Marek Marczykowski-Górecki
d8e568fa13
systemd: place user dropins in /usr/lib instead of /lib
On non-Fedora those are not equivalent. On Debian, user units in /lib
are not supported

Reported by @adrelanos
Fixes QubesOS/qubes-issues#2644
2017-02-21 01:37:24 +01:00
Manuel Amador (Rudd-O)
6ca10b42eb Initialize home_volatile for disposable VMs. 2016-11-13 21:20:46 +00:00
Marek Marczykowski-Górecki
1c42a06238
network: integrate vif-route-qubes-nat into vif-route-qubes
Since 'script' xenstore entry no longer allows passing arguments
(actually this always was a side effect, not intended behaviour), we
need to pass additional parameters some other way. Natural choice for
Qubes-specific script is to use QubesDB.
And since those parameters are passed some other way, it is no longer
necessary to keep it as separate script.

Fixes QubesOS/qubes-issues#1143
2016-10-31 00:40:32 +01:00
Marek Marczykowski-Górecki
3131bb6135
Merge remote-tracking branch 'origin/pr/24' into core3-devel
* origin/pr/24:
  network: add vif-route-qubes-nat for IP address anonymization
2016-10-29 14:42:50 +02:00
Manuel Amador (Rudd-O)
251ecbd529 Clean up specfile unit activation aspect.
Up until today, Qubes OS would insist on either masking or disabling
or activating units that should get their state properly changed
but only on first package install (when the template is built).

This commit adds the possibility of having two types of unit presets:

* Initial presets: these are only changed state during first package
  installs.
* Upgrade presets: these get their state changed during first
  package installs as well as during upgrades.

All the maintainer has to do is abide by the instructions in the
preset file.  Nothing else is necessary.

Namely, this allows users to enable SSHD on their templates or
standalone VMs and still keep it enabled even after the
qubes-core-vm-systemd package is upgraded.

Matt really wanted that, and so did I, so now we can do it!

:-)
2016-10-28 08:35:36 +00:00
Manuel Amador (Rudd-O)
d15696ebef Fix VM settings running while / is readonly. 2016-10-28 05:21:40 +00:00
Manuel Amador (Rudd-O)
59aec8e5eb Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
unman
da82d93780
use bind-dirs to handle crontab persistence 2016-10-16 01:14:02 +01:00
Marek Marczykowski-Górecki
e73d662bf1
Configure NetworkManager to keep /etc/resolv.conf as plain file
Do not use a symlink there, as it will be left after NetworkManager
shutdown - as a broken link then

Fixes QubesOS/qubes-issues#2320
Reported by Achim Patzner <noses@noses.com>
2016-09-15 01:26:35 +02:00
Marek Marczykowski-Górecki
2c8fe644f3
network: remove qubes-netwatcher
This tool/service is obsolete for a long time (it does nothing on R3.0
and later).
2016-09-12 05:58:26 +02:00
Marek Marczykowski-Górecki
ee0a292b21
network: rewrite qubes-firewall daemon
This rewrite is mainly to adopt new interface for Qubes 4.x.
Main changes:
 - change language from bash to python, introduce qubesagent python package
 - support both nftables (preferred) and iptables
 - new interface (https://qubes-os.org/doc/vm-interface/)
 - IPv6 support
 - unit tests included
 - nftables version support running along with other firewall loaded

Fixes QubesOS/qubes-issues#1815
QubesOS/qubes-issues#718
2016-09-12 05:22:53 +02:00
Marek Marczykowski-Górecki
b50cba3f2c
Add qubes.ResizeDisk service to adjust filesystem size
Do this using qubes rpc service, instead of calling resize2fs directly
by dom0.
2016-08-17 21:47:22 +02:00
Marek Marczykowski-Górecki
779414d216
Merge remote-tracking branch 'woju/master' into core3-devel
* woju/master:
  misc: add qvm-features-request
2016-08-17 21:28:37 +02:00
Marek Marczykowski-Górecki
76e12cae2d
Rename qubes.xdg python module to qubesxdg
Do not interfere with 'qubes' module.

QubesOS/qubes-issues#1813
2016-08-17 21:27:28 +02:00