Commit Graph

194 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
128af0d191
debian: disable timer-based apt-get
Debian stretch in default configuration calls apt-get update every 24h.
And additionally, have automatic unattended security updates enabled.
Generally it would be good thing on standalone system, but in AppVM
which loose its rootfs changes after restart it is a waste of resources.
Especially when it kicks in on multiple VMs simultaneously, while on
battery (apt-daily.service have ConditionACPower=true, but VM don't have
that information...).

It would make some sense on TemplateVM/StandaloneVM, but then it kicks
in just at VM startup. Which conflicts with starting the update manually
then (by clicking "update VM" button in manager for example, or using
salt).

So, disable this feature completely.

The actual solution is based on pkg-manager-no-autoupdate by @adrelanos.

Fixes QubesOS/qubes-issues#2621
2017-10-19 15:03:06 +02:00
Nedyalko Andreev
fe15f1d96c
Simplify archlinux upgrade check 2017-10-06 15:01:57 +03:00
Nedyalko Andreev
a835b9b67d
Fix an incorrect grep usage in archlinux upgrade check 2017-10-04 18:16:17 +03:00
Tray Torrance
f28244ab47
Add archlinux support to upgrade checker
(cherry picked from commit 9d10ec617878b018274dd20800434b2d3d35add5)
2017-10-04 17:52:57 +03:00
Marek Marczykowski-Górecki
aad6fa6d19
Hint shellcheck where to look for sourced files, if in repository
This will ease running shellcheck from the repository.
2017-09-30 05:05:34 +02:00
Marek Marczykowski-Górecki
b42c1880b0
Few more shellcheck warnings fixes/ignores 2017-09-30 05:05:34 +02:00
Marek Marczykowski-Górecki
2ee73ecfe7
Fix shellcheck warnings in download-dom0-updates.sh 2017-09-30 05:05:33 +02:00
Marek Marczykowski-Górecki
e95b6f8d03
Fix shellcheck warnings in block-snapshot script 2017-09-30 05:05:33 +02:00
Marek Marczykowski-Górecki
d332a43f6a
centos: add package signing key, setup repository 2017-09-30 02:06:53 +02:00
Frédéric Pierret
cb2448f1ab
dnf-qubes-hooks: handle newer DNF >= 2.x 2017-09-24 12:33:30 +02:00
Marek Marczykowski-Górecki
49b70f037c
dom0-updates: do not modify yum.conf
Few reasons for this:
1. new templates use dnf to download packages, so yum.conf is unused
2. dom0 in Qubes 4.0 don't have this file at all (so sed fails here)
3. $OPTS already contains --setopt=reposdir=...

Fixes QubesOS/qubes-issues#2945
2017-09-03 15:35:58 +02:00
Marek Marczykowski-Górecki
24b363db31
grub: add console=tty0 to kernel cmdline
When there is only console=hvc0 (i.e. no output to emulated VGA) and
GRUB_TIMEOUT is set to 0, VM startup hangs. This may be very well some
race condition broken by either of console=tty0 or GRUB_TIMEOUT > 0, but
even in such a case, apply this as a workaround for now.
2017-07-05 12:52:43 +02:00
Marek Marczykowski-Górecki
2b9d49f960
Update grub configuration
This configuration isn't included twice - it's Debian post-installation
script of grub that copy settings to /etc/default/grub, which results in
parameters being duplicated. Leave it as is for now.

Add GRUB_TIMEOUT=0 for faster VM startup.

QubesOS/qubes-issues#2577
2017-06-21 07:04:26 +02:00
Marek Marczykowski-Górecki
f4be704ac0
Ship Qubes 4.0 repository definition and keys 2017-06-14 10:45:43 +02:00
Marek Marczykowski-Górecki
2a117548b6
Ship grub configuration
Qubes VM require few config options in grub. Ship appropriate
configuration. Debian have grub.d support, so it can be done cleanly.
On Fedora, /etc/default/grub needs to be modified. Still keep the
options in separate file, but include it manually from
/etc/default/grub.

QubesOS/qubes-issues#2577
2017-06-14 10:45:43 +02:00
Marek Marczykowski-Górecki
58d21f095f
Remove old vusb scripts
This is unused for a long time (since we've moved to USBIP).
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
7e608a8bb4
Remove DisposableVM savefile related files
In Qubes 4.0 we no longer use two-stage DisposableVM startup.
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
2b76373abc
Remove duplicated 'close' button from titlebar of gnome applications
Dom0 enforce decorations which already contain close button.

Thanks @dzklaim for the solution.
Fixes QubesOS/qubes-issues#2813
2017-05-20 14:44:04 +02:00
Marek Marczykowski-Górecki
ce70887a57
Merge branch 'core3-devel' 2017-05-20 14:43:53 +02:00
Marek Marczykowski-Górecki
abf9a5aa43
Apply gschema overrides also to debian, rename according to guidelines
glib-compile-schemas recommend naming override files with nn_ prefix,
where nn is a number. Lets use 20, to allow both higher and lower
priority files.

QubesOS/qubes-issues#1108
2017-05-20 13:47:05 +02:00
Marek Marczykowski-Górecki
dc8047c3bb
dom0-updates: restructure the script to not update metadata twice
When `qubes-dom0-update --refresh` was called, the script checked
metadata twice - once to check updates availability, then to actually
download them. This two stage approach is needed only on Debian, when
--downloadonly option is not supported. Rearrange code accordingly.

Also, drop --doit option (ignore it), as the same (but more readable)
can be achieved with --check-only.
2017-05-20 03:49:13 +02:00
Andrew David Wong
cc7d3fc925
Update Xen bug count in sudoers comment
Closes QubesOS/qubes-issues#2480
2016-12-04 16:29:01 -08:00
Marek Marczykowski-Górecki
a9e7f91ca6
Fix detection of dom0 updates
dnf stdout messages differ from yum. Handle this particular difference
(info about last metadata check time), but in addition properly use its
exit code - 0 means no updates, 100 means some updates.

Fixes QubesOS/qubes-issues#2096
2016-12-04 22:37:17 +01:00
Manuel Amador (Rudd-O)
59aec8e5eb Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
unman
da82d93780
use bind-dirs to handle crontab persistence 2016-10-16 01:14:02 +01:00
Marek Marczykowski-Górecki
779414d216
Merge remote-tracking branch 'woju/master' into core3-devel
* woju/master:
  misc: add qvm-features-request
2016-08-17 21:28:37 +02:00
Marek Marczykowski-Górecki
76e12cae2d
Rename qubes.xdg python module to qubesxdg
Do not interfere with 'qubes' module.

QubesOS/qubes-issues#1813
2016-08-17 21:27:28 +02:00
Marek Marczykowski-Górecki
f4d53fb7e6
Include Qubes Master Key in the VM template
It is useful to verify other qubes-related keys.

Fixes QubesOS/qubes-issues#1614
2016-07-17 04:26:01 +02:00
Marek Marczykowski-Górecki
40d5f85b36
dom0-updates: fix cleaning downloaded packages 2016-07-15 11:27:35 +02:00
Marek Marczykowski-Górecki
6cf30bff29
Merge remote-tracking branch 'origin/pr/66'
* origin/pr/66:
  fixed qubes-core-agent upgrading double package manager lock

  Fixes QubesOS/qubes-issues#1889
2016-07-13 22:38:25 +02:00
Marek Marczykowski-Górecki
9aeecb91f3
dom0-updates: use dnf --best --allowerasing
Otherwise `dnf install` do not want to upgrade existing packages, or
upgrading other packages to satisfy dependencies.

Fixes QubesOS/qubes-issues#2100
2016-06-21 04:33:46 +02:00
Wojtek Porczyk
5261f936b2 misc: add qvm-features-request
This tool is used to request features from template.

QubesOS/qubes-issues#1637
2016-06-13 14:19:00 +02:00
Marek Marczykowski-Górecki
07c442f534
dom0-updates: use dnf when available
Since yum-deprecated is slowly removed from Fedora (in Fedora 23 is not
installed by default), we're forced to migrate to dnf. The main problem
with dnf here is lack of --downloaddir option
(https://bugzilla.redhat.com/show_bug.cgi?id=1279001). As nobody is
going to implement it, simply extract downloaded packages from cache
directory (thanks to provided config file, it is always /var/cache/yum).

This basically replaces "dom0-updates: use yum-deprecated instead of dnf
in all calls" with a set of workarounds for dnf missing parts.

Related to QubesOS/qubes-issues#1574
2016-06-01 05:10:18 +02:00
Marek Marczykowski-Górecki
7378ec326a
Update repository definitions for R3.2 2016-05-18 23:42:43 +02:00
Patrick Schleizer
cfb75f3cba
fixed qubes-core-agent upgrading double package manager lock
https://github.com/QubesOS/qubes-issues/issues/1889
2016-04-02 15:00:10 +00:00
Marek Marczykowski-Górecki
d4c238c45e
Unload USB controllers drivers in USB VM before going to sleep
Many USB controllers doesn't play nice with suspend when attached to PV
domain, so unload those drivers by default. This is just a configuration
file, so user is free to change this setting if his/shes particular
controller doesn't have such problem.

Fixes QubesOS/qubes-issues#1565
2016-01-11 19:34:10 +01:00
Marek Marczykowski-Górecki
c4ff490844 dom0-updates: add a message explaining yum deprecated warning
Thanks @axon-qubes for the idea.

Fixes QubesOS/qubes-issues#1574
2016-01-04 02:13:21 +01:00
Marek Marczykowski-Górecki
c46c1e4d2c
dom0-updates: fix reporting when no updates are available
Check `yum check-update` exit code, instead of `grep` - when there are
multiple commands on the single line, $? contains exit code of the last
executed.

Fixes QubesOS/qubes-issues#1475
2015-12-26 04:43:23 +01:00
Marek Marczykowski-Górecki
2478cb5c05
Package DNF plugin for both python2 and python3
DNF in Fedora 22 uses python2, but in Fedora 23 - python3. Package both
of them, in separate packages (according to Fedora packaging guidelines)
and depend on the right one depending on target distribution version.

Fixes QubesOS/qubes-issues#1529
2015-12-23 02:04:26 +01:00
Marek Marczykowski-Górecki
8f0a024f6d
dnf: drop shebang, it isn't standalone script
QubesOS/qubes-issues#1529
2015-12-21 13:12:51 +01:00
Marek Marczykowski-Górecki
405c42658f
debian: add security-testing repository
Fixes QubesOS/qubes-issues#1522
2015-12-19 18:08:57 +01:00
Rusty Bird
3238eab85f repo description: updates-testing -> security-testing 2015-12-17 15:54:42 +00:00
Patrick Schleizer
7dc99ee662
Prevent services from being accidentally restarted by needrestart.
Because those services do not yet support being restarted.

Extended variable `$nrconf{override_rc}`, i.e. packages only reported to need
restart, but blacklisted from default/suggested automatic restarted with
`qubes-core-agent` and `qubes-gui-agent`.

See also `$nrconf{override_rc}`:
10bd2db5e2/ex/needrestart.conf (L65)

Thanks to @liske for helping with this.
https://github.com/liske/needrestart/issues/13#issuecomment-136804625
2015-11-20 16:35:06 +01:00
qubesuser
f380c346cf Allow to provide customized DispVM home directly in the template VM
This significantly speeds up DispVM creation for large customized
homes, since no data has to be copied, and instead CoW is used.
2015-11-12 15:33:01 +01:00
Marek Marczykowski-Górecki
914bab048a
Explicitly fail upgrades-installed-check on other distributions
QubesOS/qubes-issues#1066
2015-11-12 00:36:43 +01:00
Patrick Schleizer
52917593c5
misc/upgrades-installed-check: handle apt-get errors 2015-11-11 21:13:17 +00:00
Patrick Schleizer
d5acf83916
fixed inverted logic issue in upgrades-installed-check
928013f819 (commitcomment-13968627)
2015-11-11 16:10:23 +00:00
Patrick Schleizer
aeb6d188cc
Improved upgrade notifications sent to QVMM.
Each time some arbitrary package was installed using dpkg or apt-get, the update notification in Qubes VM Manager was cleared.
No matter if there were still updates pending. (Could happen even after the user running `apt-get dist-upgrade` in case of package manager issues.)
No longer clear upgrade notification in QVMM on arbitrary package installation.
Check if upgrades have been actually installed before clearing the notifications.

https://github.com/QubesOS/qubes-issues/issues/1066#issuecomment-150044906
2015-11-11 15:45:00 +00:00
Marek Marczykowski-Górecki
49c7473848
dom0-updates: do not use 'yum check-update -q'
Depending on yum version, adding '-q' option may hide not only
informational messages, but also updates list. This is especially the
case for yum-deprecated in Fedora 22.
So instead of '-q' option, filter the output manually.

QubesOS/qubes-issues#1282
2015-11-11 05:22:26 +01:00
Marek Marczykowski-Górecki
b6cfcdcc6f
Implement dnf hooks for post-update actions
Similar to previous yum hooks:
 - notify dom0 about installed updates (possibly clear "updates pending"
   marker)
 - trigger appmenus synchronization

QubesOS/qubes-issues#1282
2015-11-11 02:36:57 +01:00