Commit Graph

233 Commits

Author SHA1 Message Date
Marek Marczykowski
979ce2014b vm/systemd: disable NetworkManager-wait-online when NM inactive 2013-02-12 01:38:30 +01:00
Marek Marczykowski
cab4689360 vm: require net-tools
Needed to setup network in VM
2013-02-12 01:38:30 +01:00
Marek Marczykowski
750859bdc8 vm: move polkit configs from qubes-gui-vm package 2013-02-12 01:38:29 +01:00
Marek Marczykowski
d13e1d4bfd vm/kernel-placeholder: update provided version
Some fc18 packages requires >3.5 kernel, so update kernel-placeholder
appropriate (according to newest available package in unstable
repository).
2013-02-12 01:38:29 +01:00
Olivier Medoc
63da3b15a0 vm/qubes_rpc: implement qubes.WaitForSession
RPC call will be used in vm.start function instead of the hardcoded echo > /tmp/qubes-session-waiter
2013-01-11 01:12:23 +01:00
Marek Marczykowski
50809a21c8 qubes-core-vm-kernel-placeholder 1.0-2 2013-01-04 13:23:48 +01:00
Marek Marczykowski
69edb3b029 vm/kernel-placeholder: provide xorg-x11-drv-nouveau to resolve deps problem 2013-01-04 13:23:20 +01:00
Marek Marczykowski
29d2b2e369 spec: generate proper debuginfo packages
%setup macro must be present in %prep to set variables required by
find-debuginfo script. Symlink is to place sources in nice
/usr/src/debug/%{name}-%{version} subdir instead of plain /usr/src/debug/core
(which can be ambiguous).
Additionally all packages need to have _builddir pointing at top src dir (in
core-dom0 it was dom0 subdir). And to cheat make about current dir (to have
%{name}-%{version} included in path) chdir must be done by shell, not make - so
can't use make -C.
2012-12-12 04:12:59 +01:00
Marek Marczykowski
fc89e48038 spec: do not build u2mfn not packaged in core-dom0 and core-vm
This is packages in core-libs, so build it only there.
2012-12-12 04:10:41 +01:00
Marek Marczykowski
63ede041d8 vm/spec: do not remote 50-qubes_misc.rules during installation 2012-11-22 08:22:52 +01:00
Marek Marczykowski
213380a7c3 vm: setup /dev/xen/evtchn permissions using udev rule
This works also when the device is recreated, which is the case in DispVM
(during xl restore).
2012-11-22 00:51:18 +01:00
Marek Marczykowski
d5a2d9d054 vm: load dummy-hcd module to suppress libusb bug
libusb crashes when no USB controller is present, load dummy-hcd as workaround.
2012-11-19 17:52:16 +01:00
Marek Marczykowski
16afb1610e vm: remove qubes-upgrade-vm after upgrade 2012-11-15 21:38:39 +01:00
Marek Marczykowski
fe1f685b50 spec: extract core libs from qubes-core-vm
This libs are required by both dom0 and VM so it's better to have it
separately. Previously in VM it was separate package, but dom0 have them
embedded in qubes-core-dom0, but qubes-core-vm-libs package was used to build
qubes-gui-dom0. Now we do not build all packages for all distros (especially do
not build core-vm package for dom0 distro, so gui-dom0 build fails), so make it
explicit which package is needed by which system.
2012-11-14 13:12:51 +01:00
Marek Marczykowski
e432f0e55c vm/spec: fix NotShowIn entries in autostart desktop files 2012-11-03 05:22:03 +01:00
Marek Marczykowski
65e068f68a vm/qvm-usb: include vusb-ctl in VM package 2012-10-23 05:45:47 +02:00
Alexandre Bezroutchko
7f7e9999f4 dvp/qvm-usb: converted installer scripts into RPM 2012-10-21 15:10:40 +02:00
Marek Marczykowski
4daa5f56ea Merge branch 'master-for-hvm' into hvm
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-sync-clock
2012-10-04 05:45:41 +02:00
Marek Marczykowski
949222f692 vm/spec: fix adding yum-proxy configuration
Do not add entry if already present.
2012-10-04 05:44:20 +02:00
Bruce A Downs
e2caaf0764 vm: Added 'most recently used' feature to 'copy to vm' dialog
* replaced zenity to qvm-mru-entry in qubes_rpc/qvm-copy-to-vm.gnome
* added python script qubes_rpc/qvm-mru-entry
* added /usr/bin/qvm-mru-entry to rpm_spec/core-vm.spec
2012-10-04 05:44:19 +02:00
Bruce A Downs
c2a049ef32 vm/spec: mod to core-vm.spec to add test for files
core rpm was failing during uninstall attempting to move non-existent files
* /var/lib/qubes/fstab.orig
* /var/lib/qubes/serial.orig
2012-10-04 05:44:19 +02:00
Marek Marczykowski
6345c4570a vm/iptables: block IPv6 traffic
This isn't properly handled by Qubes VMs yet, so block it in all the VMs.
Also restrict access to firewall config.
2012-10-04 05:44:19 +02:00
Marek Marczykowski
da79d38e6f vm/spec: fix adding yum-proxy configuration
Do not add entry if already present.
2012-10-04 05:29:10 +02:00
Marek Marczykowski
0ea16ef21b dom0+vm/qfile-copy: use setuid instead of policy setting to allow chroot
This will allow to not hardcode "root" username in policy, which can be useful
for non-Linux systems.
2012-08-18 21:17:07 +02:00
Marek Marczykowski
32405af775 vm/kernel-placeholder: simplify upgrade 2012-07-30 23:16:05 +02:00
Marek Marczykowski
077c74782c vm: kernel-placeholder package to inhibit real kernel pkg in VM (#645)
Some packages depends on kernel (ex fuse, pulseaudio), but kernel in VM is
managed by dom0. Any hack like exlude or so on will break some things, so
install empty placeholder package to fulfill dependencies.
2012-07-23 23:17:50 +02:00
Marek Marczykowski
c8f3f737f5 Revert "vm/spec: disable pam_systemd globally (#607)" (#626)
This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626).

Conflicts:

	rpm_spec/core-vm.spec
2012-07-16 13:36:08 +02:00
Marek Marczykowski
8129032c9e vm: implement qubes.GetAppmenus to reduce code duplication
As one-liner services are now real one-line, just do it.
2012-07-15 02:41:23 +02:00
Marek Marczykowski
55130c0dee vm: simplify qubes.VMShell service
Now additional wrapper not required to skip cmdline argument
2012-07-15 02:41:23 +02:00
Marek Marczykowski
bec4afc919 vm: export SuspendPre and SuspendPost qrexec services (#617)
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
2012-07-13 14:44:11 +02:00
Marek Marczykowski
3af500fc80 vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package (#620) 2012-07-12 14:22:44 +02:00
Marek Marczykowski
c336586fae vm/systemd: disable additional useless services (#620)
Most of them relay on direct network acces, which isn't true on Qubes.
2012-07-12 03:56:09 +02:00
Marek Marczykowski
654fb64a74 vm/spec: remove dupplicated commnds, suppress error message 2012-07-12 03:56:09 +02:00
Marek Marczykowski
5ee694f4d3 vm/spec: disable pam_systemd only in trigger
The %post part is unnecessary.
2012-07-09 15:54:33 +02:00
Marek Marczykowski
f0cdcdae34 vm: disable D-Bus activation of NetworkManager (#610) 2012-07-05 01:43:32 +02:00
Marek Marczykowski
0cd7a783d4 vm/spec: disable pam_systemd globally (#607)
Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by
authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to
be much more realiable.
2012-07-05 01:43:32 +02:00
Marek Marczykowski
9efee9324f vm/spec: fix enabling NetworkManager SystemD service 2012-06-26 03:43:36 +02:00
Marek Marczykowski
77ccf99b88 vm/spec: fix error messages 2012-06-26 03:43:36 +02:00
Marek Marczykowski
47e49d0fd6 vm/spec: fix enabling of qubes-firewall SysV service 2012-06-26 03:43:36 +02:00
Marek Marczykowski
1fdaa847c4 vm: RPC service for NTP time sync (#603) 2012-06-23 00:37:47 +02:00
Marek Marczykowski
64a9c54ba6 vm: enable yum-qubes-hooks plugin (#592) 2012-06-11 22:35:44 +02:00
Marek Marczykowski
3e89b33209 vm/spec: create firmware symlink only when needed
On new systems, like FC16+, firmware is provided by separate package (like
linux-firmware), so no longer need to get it from kernel package.
2012-06-06 03:00:05 +02:00
Marek Marczykowski
baf95fb765 vm/spec: depend on ethtool _package_ 2012-06-06 02:59:07 +02:00
Marek Marczykowski
06c4d57b60 vm: yum plugin to notify dom0 about installed updates (#592) 2012-06-05 21:21:53 +02:00
Marek Marczykowski
55f99e23db makefile: rename vchan Makefile to not conflict with windows build 2012-06-05 21:21:53 +02:00
Marek Marczykowski
9930a89fb1 vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy (#568)
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
 - usage of non-standard repos with some exotic file layout, which will be
   blocked by the proxy
 - usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)

This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).
2012-05-31 03:11:44 +02:00
Marek Marczykowski
0430e5186b vm: qubes-yum-proxy service (#568)
Introduce proxy service, which allow only http(s) traffic to yum repos. The
filter rules are based on URL regexp, so it isn't full-featured content
inspection and can be easy bypassed, but should be enough to prevent some
erroneus user actions (like clicking on invalid link).

It is set up to intercept connections to 10.137.255.254:8082, so VM can connect
to this IP regardless of VM in which proxy is running. By default it is
started in every NetVM, but this can be changed using qvm-service or
qubes-manager (as always).
2012-05-31 03:11:43 +02:00
Marek Marczykowski
542cd42d04 vm/spec: remove executable perm where not needed 2012-05-31 03:11:43 +02:00
Marek Marczykowski
be05968bd1 vm/spec: fix /etc/hosts if it was broken by previous version 2012-05-08 23:44:07 +02:00
Marek Marczykowski
bd8977c824 vm: notify dom0 when updates available in VM (#475) 2012-05-02 00:09:00 +02:00
Marek Marczykowski
4401c3e525 vm/init.d: make firewall and netwatcher service consistent with systemd 2012-03-09 01:50:18 +01:00
Marek Marczykowski
c3ee25ef10 vm/mimeopen: save mimetype defaults for DispVM (#423) 2012-02-06 19:08:08 +01:00
Marek Marczykowski
431e350ffe vm/spec: fix file permissions 2012-02-06 12:58:02 +01:00
Marek Marczykowski
f3e187f672 vm/spec: do not complain about missing serial.conf 2012-01-30 14:22:35 +01:00
Marek Marczykowski
85e6704037 vm/network: symlink NetworkManager system-connection to /rw (#425)
In FC15, NetworkManager by default uses global connections ("Available to all users"). Save them in /rw instead of /etc, to preserve them across reboots.
2012-01-30 14:20:02 +01:00
Marek Marczykowski
5ec2c4c4bb vm/spec: hide diagnostics from systemctl 2012-01-18 17:24:04 +01:00
Marek Marczykowski
1a71d29cd4 vm: enable qubes-firewall (#424) 2012-01-18 13:37:31 +01:00
Marek Marczykowski
0e1278205c spec: fix build order 2012-01-15 17:36:22 +01:00
Marek Marczykowski
33f50950ec vm/systemd: enable ntpd and NetworkManager services 2012-01-14 01:40:54 +01:00
Marek Marczykowski
4a73aa5da6 vm/systemd: add some package requirements according to Fedora documentation 2012-01-14 01:40:10 +01:00
Marek Marczykowski
9129f74603 vm: disable some autostart applications 2012-01-14 01:39:43 +01:00
Marek Marczykowski
d3e1bf36bf vm: disable silent automatic update *installation* in FC15 (#415)
Do not silently download and install updates, especially in NonUpdateableVM.
2012-01-14 01:37:22 +01:00
Marek Marczykowski
5e0cde15de vm/init: introduce SystemD startup scripts 2012-01-10 12:10:16 +01:00
Marek Marczykowski
5573200c9d vm/spec: split SysV init scripts into separate subpackage 2012-01-10 12:09:09 +01:00
Marek Marczykowski
a25d3be356 vm/spec: add Obsoletes header for smooth upgrade 2012-01-10 11:23:27 +01:00
Marek Marczykowski
240d35259f vm(+dom0): major rearrage VM files in repo; merge core-*vm packages 2012-01-06 21:31:12 +01:00
Marek Marczykowski
65b6675ca1 vm: disable cron also using systemctl
This is needed for FC15
2011-12-30 23:53:46 +01:00
Marek Marczykowski
324ad2aa0d vm/qvm-block: do not disable qubes block udev rules (#393) 2011-12-26 21:01:31 +01:00
Marek Marczykowski
fae04af662 vm/yum-repo: Use $releasever in repo definition
Instead of multiple files with only release version different.
2011-12-12 03:35:22 +01:00
Marek Marczykowski
f3a58eb19b vm/spec: more precise blacklisting updates of xorg (#381) 2011-12-05 13:50:07 +01:00
Marek Marczykowski
b6100594f5 dom0+vm/qvm-block: automatically detach device when physical dev removed (#226)
This will work when device is unmounted. On mounted device backend will be
removed (after 3s timeout), but frontend will left in "closing" state - manual
'xl block-detach' will be needed.
2011-09-30 10:42:56 +02:00
Marek Marczykowski
012dc63c53 dom0+vm: expose block devices info in xenstore (#226) 2011-09-29 13:56:06 +02:00
Marek Marczykowski
0b746bbf70 vm: minor fixes for Fedora 15
1. create /var/run/qubes as /var/run is now on tmpfs
2. if system-d is present - use it to disable NetworkManager
2011-09-27 01:37:09 +02:00
Marek Marczykowski
e09290b82b vm/spec: do not use chown in %install - it will not work as unprivileged user 2011-09-25 15:18:48 +02:00
Marek Marczykowski
bdf407b716 dom0+vm: use qubes_download_dom0_updates.sh instead of qubes_check_for_updates.sh
Remove code duplication. Implemented required --check-only option to
qubes_download_dom0_updates.sh.
2011-09-15 00:18:56 +02:00
Joanna Rutkowska
ed19fc87f9 vm: update symlinks in Nautilus Scripts menu
This is important for older templates that got upgraded to new core packages,
which renamed some of the tools by removing the '2' suffix.
2011-09-14 19:32:47 +02:00
Marek Marczykowski
766183da60 vm: automatically online added memory
This is needed to increase memory size above initial value on pvops kernel.
Should not harm xenlinux version.
2011-09-06 01:12:21 +02:00
Marek Marczykowski
1642d97fa5 vm: get rid of "2" from qvm-* names (#340) 2011-09-03 17:12:24 +02:00
Rafal Wojtczuk
890030354d qvm-open-in-*: recognize when the parameter is an url
and wrap it in html meta refresh tag, so that it will be opened by
the default browser.
2011-08-29 17:27:48 +02:00
Rafal Wojtczuk
1a24c19702 qrexec: implement qvm-run command for AppVMs
It is build upon qrexec2, qubes.VMShell command. So, in order to e.g.
start firefox in a fresh dispVM, do
qvm-run '$dispvm' firefox http://www.qubes-os.org
2011-08-29 16:46:44 +02:00
Joanna Rutkowska
310c137f25 vm: Fix modules blacklisting 2011-07-30 11:30:21 +02:00
Joanna Rutkowska
9b515d41d6 vm: Blacklist unnecessary packge updates 2011-07-30 11:15:47 +02:00
Marek Marczykowski
f56a993b84 vm: move dom0-updates dir to core-appvm package (#198)
At core-commonvm installation stage "user" can no exists.
2011-07-17 01:20:13 +02:00
Marek Marczykowski
382dafb6cd vm: Split updates check and download into separate scripts (#198) 2011-07-17 01:20:13 +02:00
Marek Marczykowski
f1321e0904 Merge branch 'qrexec2' of git://git.qubes-os.org/rafal/core 2011-07-09 16:52:54 +02:00
Marek Marczykowski
626bd1568a vm: fix udev rules for VM network hotplug 2011-07-09 16:52:51 +02:00
Rafal Wojtczuk
dc33f0c9a7 qrexec: adjust DispVM code to the new qrexec API
Note, we have qvm-open-in-vm totally for free.
2011-07-06 12:32:20 +02:00
Rafal Wojtczuk
b87da183ce qrexec: adjust intervm file copy code to the new qrexec API 2011-07-06 10:17:58 +02:00
Rafal Wojtczuk
b5d30a9d54 qrexec: last two missing pieces of the new rpc infrastructure 2011-07-05 18:35:03 +02:00
Rafal Wojtczuk
dde44ee6ef qrexec: add qrexec_client_vm.c 2011-07-05 11:03:31 +02:00
Marek Marczykowski
508a39cbb0 vm: Load evtchn module by script in /etc/sysconfig/modules 2011-07-02 19:11:15 +02:00
Marek Marczykowski
b6f036caf2 dom0+vm: Update VM kernel mechanism (#242)
Get kernel from global kernels dir (/var/lib/qubes/vm-kernels), not per-VM. Can
be configured by qvm-prefs (kernel parameter).
New tool: qvm-set-default-kernel

For backward compatibility kernel=None means kernel in VM dir (kernels subdir).
(possibly empty) modules.img should be created in it.
2011-06-30 01:07:47 +02:00
Marek Marczykowski
f564a4d143 dom0+vm: Tools for downloading dom0 update by VM (#198)
Mainly 4 parts:
 - scripts for providing rpmdb and yum repos to VM (choosen by qvm-set-updatevm)
 - VM script for downloading updates (qubes_download_dom0_updates.sh)
 - qfile-dom0-unpacker which receive updates, check signatures and place its in dom0 local yum repo
 - qvm-dom0-upgrade which calls all of above and after all yum gpk-update-viewer

Besides qvm-dom0-upgrade, updates are checked every 6h and user is prompted if
want to download it. At dom0 side gpk-update-icon (disabled yet) should notice
new updates in "local" repo.
2011-06-22 00:44:48 +02:00
Marek Marczykowski
31f0308d45 dom0+vm: Trigger appmenus sync after yum transaction (#45), NEW QREXEC COMMAND
After yum transaction (install/upgrade/remove),
yum-plugin-post-transaction-actions will execute script which trigger
qvm-sync-appmenus in dom0 (through qrexec).
THIS INTRODUCE NEW PREDEFINED COMMAND IN QREXEC
2011-06-12 01:46:24 +02:00
Marek Marczykowski
60b86de2ca vm: add -qubes suffix to xenstore-watch to not conflict with xen standard tool 2011-06-07 15:58:55 +02:00
Marek Marczykowski
868fd1f431 vm: Remove root password to allow easy escalation from UI application (#202)
Ex. gpk-application needs this to work properly while running from user. When
root password is set - polkit-daemon asks for it (according to polkit setting).
2011-05-12 19:15:24 +02:00
Marek Marczykowski
59071d87b9 Revert "Run nm-applet as normal user"
This reverts commit 2f5b6e6582e71630193d0098d4cc60db019e1e9b.

Dbus policy hacking not needed any more. ConsoleKit session is correctly started.
2011-04-29 02:32:55 +02:00
Marek Marczykowski
59da079f22 Configure VM network iface on attach (not only on boot) (#190) 2011-04-23 02:31:54 +02:00
Tomasz Sterna
705a66af63 We do not want to have StandaloneVM and UtilityVM types. 2011-04-20 00:56:58 +02:00
Tomasz Sterna
611914da15 Disable unnecessary Upstart, Init and XDG Autostart serices. #209
Move unneded /etc/init/*.conf services to /etc/init/*.conf.disabled.
Start CUPS only in AppVM and UtilityVM.
Start XDG Autostart applications only in domains that makes sense for them.
2011-04-19 00:11:45 +02:00